From 8867ab59806956faf521e8e61a2197fe383a4176 Mon Sep 17 00:00:00 2001 From: ace Date: Sat, 8 Apr 2023 22:26:41 +0300 Subject: [PATCH] postgres-operator: bump to v1.9.0, helm chart v1.9.0 postgres-operator-ui: bump to v1.9.0, helm chart v1.9.0 astodon: bump to v4.1.2, helm chart v4.0.0 --- mastodon/.gitignore | 1 + mastodon/.helmignore | 14 + mastodon/Chart.yaml | 16 +- mastodon/LICENSE | 661 ++++++++++++++++++ mastodon/README.md | 120 ++++ mastodon/charts/elasticsearch-15.10.3.tgz | Bin 78355 -> 0 bytes mastodon/charts/postgresql-10.9.1.tgz | Bin 52056 -> 0 bytes mastodon/charts/redis-14.8.8.tgz | Bin 77694 -> 0 bytes mastodon/dev-values.yaml | 25 + mastodon/readme.md | 37 - mastodon/templates/_helpers.tpl | 84 +++ mastodon/templates/configmap-env.yaml | 350 +++++----- mastodon/templates/cronjob-media-remove.yaml | 46 +- mastodon/templates/deployment-sidekiq.yaml | 129 ++-- mastodon/templates/deployment-streaming.yaml | 38 +- mastodon/templates/deployment-web.yaml | 83 ++- mastodon/templates/hpa.yaml | 28 - mastodon/templates/ingress.yaml | 27 +- mastodon/templates/job-assets-precompile.yaml | 30 +- mastodon/templates/job-chewy-upgrade.yaml | 32 +- mastodon/templates/job-create-admin.yaml | 22 +- mastodon/templates/job-db-migrate.yaml | 30 +- .../templates/job-set-admin-password.yaml | 18 +- mastodon/templates/pvc-assets.yaml | 6 +- mastodon/templates/pvc-system.yaml | 6 +- mastodon/templates/secret-smtp.yaml | 16 + mastodon/templates/secrets.yaml | 12 +- mastodon/templates/service-streaming.yaml | 1 + mastodon/templates/service-web.yaml | 1 + mastodon/templates/tests/test-connection.yaml | 2 +- mastodon/values.yaml | 343 ++++++--- postgres-operator-ui/Chart.yaml | 4 +- postgres-operator-ui/index.yaml | 127 +--- .../templates/deployment.yaml | 9 + postgres-operator-ui/templates/service.yaml | 4 + postgres-operator-ui/values.yaml | 8 +- postgres-operator/Chart.yaml | 4 +- .../crds/operatorconfigurations.yaml | 65 +- postgres-operator/crds/postgresqls.yaml | 15 +- postgres-operator/index.yaml | 122 +--- postgres-operator/templates/deployment.yaml | 8 + .../templates/operatorconfiguration.yaml | 8 +- postgres-operator/values.yaml | 66 +- 43 files changed, 1872 insertions(+), 746 deletions(-) create mode 100644 mastodon/.gitignore create mode 100644 mastodon/LICENSE create mode 100644 mastodon/README.md delete mode 100644 mastodon/charts/elasticsearch-15.10.3.tgz delete mode 100644 mastodon/charts/postgresql-10.9.1.tgz delete mode 100644 mastodon/charts/redis-14.8.8.tgz create mode 100644 mastodon/dev-values.yaml delete mode 100644 mastodon/readme.md delete mode 100644 mastodon/templates/hpa.yaml create mode 100644 mastodon/templates/secret-smtp.yaml diff --git a/mastodon/.gitignore b/mastodon/.gitignore new file mode 100644 index 0000000..ee3892e --- /dev/null +++ b/mastodon/.gitignore @@ -0,0 +1 @@ +charts/ diff --git a/mastodon/.helmignore b/mastodon/.helmignore index 0e8a0eb..0cbed47 100644 --- a/mastodon/.helmignore +++ b/mastodon/.helmignore @@ -1,3 +1,17 @@ +# A helm chart's templates and default values can be packaged into a .tgz file. +# When doing that, not everything should be bundled into the .tgz file. This +# file describes what to not bundle. +# +# Manually added by us +# -------------------- +# +dev-values.yaml +mastodon-*.tgz + + +# Boilerplate .helmignore from `helm create mastodon` +# --------------------------------------------------- +# # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. diff --git a/mastodon/Chart.yaml b/mastodon/Chart.yaml index c2cc769..4b34ee7 100644 --- a/mastodon/Chart.yaml +++ b/mastodon/Chart.yaml @@ -15,23 +15,23 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.3.0 +version: 4.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 3.5.3 +appVersion: v4.1.2 dependencies: - name: elasticsearch - repository: https://charts.bitnami.com/bitnami - version: 15.10.3 + version: 19.6.0 + repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami condition: elasticsearch.enabled - name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 10.9.1 + version: 12.2.7 + repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami condition: postgresql.enabled - name: redis - repository: https://charts.bitnami.com/bitnami - version: 14.8.8 + version: 17.9.3 + repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami condition: redis.enabled diff --git a/mastodon/LICENSE b/mastodon/LICENSE new file mode 100644 index 0000000..dba13ed --- /dev/null +++ b/mastodon/LICENSE @@ -0,0 +1,661 @@ + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + + A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + + The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + + An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU Affero General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Remote Network Interaction; Use with the GNU General Public License. + + Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +. diff --git a/mastodon/README.md b/mastodon/README.md new file mode 100644 index 0000000..53f9599 --- /dev/null +++ b/mastodon/README.md @@ -0,0 +1,120 @@ +# Introduction + +This is a [Helm](https://helm.sh/) chart for installing Mastodon into a +Kubernetes cluster. The basic usage is: + +1. edit `values.yaml` or create a separate yaml file for custom values +1. `helm dep update` +1. `helm install --namespace mastodon --create-namespace my-mastodon ./ -f path/to/additional/values.yaml` + +This chart is tested with k8s 1.21+ and helm 3.6.0+. + +# Configuration + +The variables that _must_ be configured are: + +- password and keys in the `mastodon.secrets`, `postgresql`, and `redis` groups; if + left blank, some of those values will be autogenerated, but will not persist + across upgrades. + +- SMTP settings for your mailer in the `mastodon.smtp` group. + +If your PersistentVolumeClaim is `ReadWriteOnce` and you're unable to use a S3-compatible service or +run a self-hosted compatible service like [Minio](https://min.io/docs/minio/kubernetes/upstream/index.html) +then you need to set the pod affinity so the web and sidekiq pods are scheduled to the same node. + +Example configuration: +```yaml +podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - rails + topologyKey: kubernetes.io/hostname +``` + +# Administration + +You can run [admin CLI](https://docs.joinmastodon.org/admin/tootctl/) commands in the web deployment. + +```bash +kubectl -n mastodon exec -it deployment/mastodon-web -- bash +tootctl accounts modify admin --reset-password +``` + +or +```bash +kubectl -n mastodon exec -it deployment/mastodon-web -- tootctl accounts modify admin --reset-password +``` + +# Missing features + +Currently this chart does _not_ support: + +- Hidden services +- Swift + +# Upgrading + +Because database migrations are managed as a Job separate from the Rails and +Sidekiq deployments, it’s possible they will occur in the wrong order. After +upgrading Mastodon versions, it may sometimes be necessary to manually delete +the Rails and Sidekiq pods so that they are recreated against the latest +migration. + +# Upgrades in 2.1.0 + +## ingressClassName and tls-acme changes +The annotations previously defaulting to nginx have been removed and support + for ingressClassName has been added. +```yaml +ingress: + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: "true" +``` + +To restore the old functionality simply add the above snippet to your `values.yaml`, +but the recommendation is to replace these with `ingress.ingressClassName` and use +cert-manager's issuer/cluster-issuer instead of tls-acme. +If you're uncertain about your current setup leave `ingressClassName` empty and add +`kubernetes.io/tls-acme` to `ingress.annotations` in your `values.yaml`. + +# Upgrades in 2.0.0 + +## Fixed labels +Because of the changes in [#19706](https://github.com/mastodon/mastodon/pull/19706) the upgrade may fail with the following error: +```Error: UPGRADE FAILED: cannot patch "mastodon-sidekiq"``` + +If you want an easy upgrade and you're comfortable with some downtime then +simply delete the -sidekiq, -web, and -streaming Deployments manually. + +If you require a no-downtime upgrade then: +1. run `helm template` instead of `helm upgrade` +2. Copy the new -web and -streaming services into `services.yml` +3. Copy the new -web and -streaming deployments into `deployments.yml` +4. Append -temp to the name of each deployment in `deployments.yml` +5. `kubectl apply -f deployments.yml` then wait until all pods are ready +6. `kubectl apply -f services.yml` +7. Delete the old -sidekiq, -web, and -streaming deployments manually +8. `helm upgrade` like normal +9. `kubectl delete -f deployments.yml` to clear out the temporary deployments + +## PostgreSQL passwords +If you've previously installed the chart and you're having problems with +postgres not accepting your password then make sure to set `username` to +`postgres` and `password` and `postgresPassword` to the same passwords. +```yaml +postgresql: + auth: + username: postgres + password: + postgresPassword: +``` + +And make sure to set `password` to the same value as `postgres-password` +in your `mastodon-postgresql` secret: +```kubectl edit secret mastodon-postgresql``` \ No newline at end of file diff --git a/mastodon/charts/elasticsearch-15.10.3.tgz b/mastodon/charts/elasticsearch-15.10.3.tgz deleted file mode 100644 index 0c8fc736697a00de5594a2d04f59f8fa35cb50b0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 78355 zcmV)oK%BoHiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvHciXm>I1HbEUwsPvl+H=qiEg%Ysb)IwxQ^R;PLp`qPS10G zowIC+ge24y!9zfH)FjVme->^eK!O)Zlx(MB*J>;h*n49G*w_H}1qF~Y>`??`Z`wPa z!kBdza2EWf!KdHv_g@|!ihuk4e)iwN;r`3N3=RkV{a5{0uU_o`r9U|A4-WnU`b`p1 z^vo%P@n8CD#4t605CWa)O3J)*GXXAYSe@7$L_~g2Y4j(F%z#Q0U5!ddxJ+XgeM^!1;}p! zMU8yB3N;DJ*8-)Fs2Af%qC5gqJedXyKs^|6gn&dS>`*d~Jp{({Am}jkkpVfs01SNq zHDdt^Cpbi{DdF^KQYM&9=OdE@MO}}@2=!)=G88ADtm)gr9;Zn|GFt;FMU3_+gWe6b zYxVGKV!!E#Vx9f{{>S};!)_E#S~qBMM`B;}u8ngBamXMJQ7k{sAP#un>zDs+kdbu8 z4~n_+mkm(zP5>+6i5?g}@orGuu|cFY@9yrp>RZ<%y(lLB++!IIw9-NKqC4n!4_fy< zE4TN!apd^tj|;bH$3YE4jxV#ts`1nvF){-D!;-RU1*4qgpkyd3Tyc3-`G^#?a1a1;i{cpj{5{H5ehzTx1#=&V z6JW}r=Ujal!nWI&01+gJT@BY5nh;K7zB%Sa>?ad zbQZbr5O^l0qE^&Jx5Y?I+N76SCNj~~lnxEhK@0y>n+}d93oC=l3+8-# z^M-I@!QbX16o-f*sy_f#i^mT$FqVK8BN!@HGz1h>!HR^-&a%#SDdv z14|3NB|cK)M$u${>moID3&1~vK>(tdjF6ImBVLBeI$XSPN81%P1w#(#4xj--Q5jAcPbfIz|62tcudPwxaEwFD7WTY2 zF}0HH^iZ3}Od%#b}(Wn0)&vw~9i&EZ9Kz7@W|aF&+ibZX%am7#-4H*V3A9 zK|TFBSChesvkHIz49{kBCWam-7QmQ;;{C^$Pk%25ESd+w840lGCWC(lk@)Vcs#mJQ zx^k_exyn8o%_n-6$nx?PpC)|HiFZS>CD0;W^$;eRje`5ML!1-oGpLS_Mi_>jLBA6Z z9xOkAge6picoF8@$F8JmrFmvZv1h3Mc{;iACz^ z>G&OCXECBEWKSiyWVj7`y_-aEbusDr#G}1AMR8{`$3E%_1hn@gicyENkgpi>ot_|R zpACVDN@991&Yr{yKy?$9f&j=kx0b2JQFr8QP8pXuGZ@YV3@=7}|D&g?5Z)2=P&d;q z>TVc=^oI5lg{>12zmo`o9&d?kTqlb0Eo7*pySpdhqwYk>+h~=QJIXEEqOGEvSUg9( zM;Bxc?#MjwL4a?B5$)i33nTLJ*Ki(hFj^Y5{C7%bDq*S10~SFQ&<{ zmQghd<`W!JDXO0Xip0rgz){CQFdb0Di}L;mFlD?ybtOgs4k_b87BawvCWZn2Ly(@6 zcT1j_Jwf3uj!DR+bmtbvn9o{1r&|hpW}T)XjOdiGa}<#?$fn>&93XJ9pbVuSjVTNw z$flbkGD}WYs}O?|B>D@oJ5LQ=&B&H~F$AB!7%;?WIhKHqBEDBq1IVf_M%^@vAtXXK zveAGKVpoHy=v4%L-q+W%)HR0#eILw7?5KHx5E!9=+yV3v&Y}Pf`CEfR@f!%d>QAZ5 zroRARtjXQgYz8A^h+Ey0IXjiY3x$~_Ge%<+qtHV=Pj1J06fv#^)9#eb0?tsAG6z@X zo`iyx>=#U+-L8*h1Q z@+^_9EMrU#Mn!W3Ksjf6)`u8D|9u!NhC+J@qKNwH|VyE1>3jktE#Ha@jT?>Z;WHUj1j`scW@Li6!X2;EeaOTg}nD* z2%Z|k%t^f1=;dKdruQT0>J|b@}$jvTo zfZ>@sR#LD5MIpt!vw;s8ENyHnM`)%YVqBkux4*)e?`XIVWi&yGcog1(TmC&W?Zj4( z_!K-tZVL8XgU7@uM~|MHZ~t+1^6uBGUysh!KoKWhLyrII7RFcl;HzbUaL5q#DIF#0 zU(GhI`WUMeKtD`A#04 zy>)^hzElyFf+>4lR&znBfAC^0aNSJx^dLwG3kawHqp5Hn$vCKqQ50YgQt$>*93vlu z^VtZ+Ttrv1k9PSOq?pU!IpvLjAt1g9L{^if#W`1uZc)fUn??asZRJ(>V{b{2^`?jqjhHL2K>Ux4g{pD$nu6pj zct*q#KAXZ&>%x1>934P^hC?hwhT2CPrwOxpz;G0xPJ%COgGFE>wVXYHV03~1C=kp1 zE1>v~L@w*%LonEXJ#zt!h<}tCP66|8KAf@=kS|@`@!8pXfrxdY|6DhWz{<_6?09_Hj20DIpFQtM05E6ZMw5+ zHt~_&0J*$p`_R=Gv4S_#iIqg%poNKZF@sBL)1fzOD|KuBH31yIfwQs`IUFTMC zl0lK>m2Rex-+a?1M`v<{S%0WoN4NPwUNKYENli|uJ$Fyw=i+|Z(NW1gGgcif4n;A0 zDtb7%l~r|$G!hQ?0tMn!tYmo6mAPhIk%`$)1v1V!a|~({ipXRnK(W%rvQ%Cg-x}^) zzTz{{k0}8O-3CqRU@YG>CrZRq3Sy+}$z$}dIiku=DZn$#=(3lO9+^dRaSNyHtd*Yj zcLe5CUI-@F$=W7I-!dxgKA}g_!3YQtyj7PO;#9^XA@wksE9$%{!5&KVBTh|MoI;aqQHz}2$6>CAXHLo;!WKiGf$7K`_)o}9uU8P^h!0Szu+^dY8x+9B1@cJfQy_kT5gL;?i$PpF@)~?7tbi^;F($r7^fS2w zWXzDb|BO&PCh<&OO0C))hG&S(nMUw;zF?&Q`Bw_aoUHT+HU; znwW3M#KnRtWXukQS)5CI>L?TWy5M*osM$V+w>X@DF~q@YtmQT5F)F7|6{;jpkztW0 zNJc(N&JRrVnLVhsJ_Eopz=q(vzW8R120s0zW@z={5WEm?v+N%Nsl{cREz2)8)dPHs zLPY63&2^2waM@czFfSY|Hk!(LpF!rD_^V-FMFgydX-Q$Q8j|}E3#(DOeF0(N zFFK`q1Og&P(8u>EArkzRA|gZSvI8cAs8UE|(XAsTGPpM>CNiitBquUh9QZ%!GRT^QO=Y9pxky7}!x3xIsZqSFXj@)uKn=5aXmmIR4awH(X2#rr%O zm-I{U*p-VA@s2xAE&NZE2`y%(-G6#V#Ya=QbdHGsj3!PGHu%DeN$evJCg|1AW+>3G zjbj>lH5F+eDi0|GhMZRwI1V75Eqx-BKxQ3f_n4d;8Ay{ocIF-;A)H~45BFP4F$v|Vj)pf66&2u_^iz>{*TNQCq6+6h@En9BhfW+L z0Zh|F4srhKO$ia4HsGb$QQQUK*(BNrBm_r)zu>Kap$}sp2w!Uj>8HP)Jm;UmU%~qb zg%=EZH+yCeIlR)UM#e`>84f3+x50_}RWyP%JjT~g=yByoG)SDLD|bXx0fTc-^o9Y< zxEQ5VVU9mSU_|DjZ;d~b*5#U~2q2--XMZb2<2?fWzL&>#IQdF;j31P?j@?A;ol;p9nGAwF%SF8qiF=mK5Nw%rd0wDo! zobU;TDRTqkj8E}%Xbn{RsJ^0+MkJcTQDu}d5y6~2MHMcgH@p?PR36un_zK=C`>Pa9 zT1%f)b^u>E|IQivKJ@CyOZ*3N$w_H`lCn;ipS=DFYljx;RGS(hI&BNMa%e7QvR1*; zp}xvnQ^VC#;}Y-P`llt1x)Ro?V zT89+BglpVb&kj{E*)19e+$Ql7j(LDwg*nWc8EVHwyPToGg@g%B4Tiod%=??`tp-~9iM#wm*OwL|C}?Ncy2@}_E5;U{-1BS$(MSV-im8L zjZFPo9bXHWuL|!y4E_&+v@S8YI0OTEBc|QazwnnKpLN2m|%O4>dmcn#? zG{SnU>QUeXvaVl&1+=zzftwu;YxVtNWRKM{+iJukwa>2MK43O88$M!PAA%HI?};X% zn8$Vf2dvrrCKvEx6(<6Fz-j~bW4AC^#)RDhTw%y=^~5q(>{%omv1QMTf-PCI+w*V* zn|3$l^>Ng+ZC@8nT^sijJe#s|&y8Z+;?bIre@a95{4~#*yXTp-vvo&_v)Z=o+3mP% z1y=1=S8d0ny^5|Iv~ZBMmQ{NdN@clTg!NBv*lzJJ86XzBcDC*1Bkm$SYIhE@doyph zC^e1TEkYl#g?nB}*x9)M32fXmyZrSn-3tIdKzsLt*N2<2cQ2nx_hj*I?<7{Ud$;zR z1*T5Lc-FFkUk~+iR&MLzs%_@B9-1v1k5v=2UBkOF<~=f-`Eqe_Usm&0N3U!Z|p>KkM)y2oE7*`S^t0H>{qU1iU{VRF+$ZYJZRQY?dvd?ISE8E(yHsqVNxo?Dq zZHSdsZSWhx_7DWiy}Ad~kt~nHCg0-eCN1+Fh&E=Q@4&T5D}4*y+P3=6Tb=sW`nDp! zmd$<@C3&m;0)t8Sbg4F(%-oXIF`O)znM;^XI+0cyP@bP$T!N#s(|QyrbIJXjxug?$ zJ)_AAy!U7}>1TxKm+)`IVSax>&ceF{PWMb?qw4 zNV$LON?5%5r=_a-WQfwMup23)jJmMhzYhD-2QZ}9dxDmT&Tw?l} zijFdC&;I`5EDxl@%u`I(Wz0J@(2baNW~kYyC8wOfD_C$QL{@{VX{@;f#JYBwHpoqx zVkRTZHp~&@^-pPfnNGQ!$z{rvovG!+3M(viv;y->(QVr?yDXyP1}zLS)-tm!LZR#@ zvsnI=W|et{B|R_rv$Lag52?g{GBb+q&2CaqX4*>%!XB`lq*%0frjdUF(@3?WUf(1# z1Ly&oLhcV0vVZv6Z48;4FZX2sC^hxf>>kt8lKlO59`0Ipj?1B1&Vpb$*tJas zmIHfFHUW7;wrdICV$vhCQ_Rie`!Y=weYvtpV&!mc()w^oWDU>f6>SQagnOSe`aaDD z3#RmAvJ`YEv-e~isC1;2jRGsjY_s-%%c5&|Vy|k|w=CfMoZ9zlxK}W@ABU};VBaQf z^b7mIgV^MVTn6?u`H{W+FMbK@?+EZP}uV>|%=zet#J6%{GwLz!6P^)jqDLCdd zhs;4LH{4tXP^qEj5`dO9%rrq48e|q=S=JD<6xaP4V4j8(L|M5BCYEI!Mws%8ZH6h| zWyhKUBe9dowK4}pOovkwz0;mkmUaPH)uuC3eO;?g1+KPTr;A%fmYoWAV!>vzYnh0J z3QmO)o1$zPGd4}&BQ-u%xFx{K!p`y+-K2*d#VDm$@vhNHK{{#kz z$>wi;6T}>-2WW)2v3QJ*Ide}&h+3^*%?#1p+~@D_U9i_OMO+@;a#jw@!>?`UusrB{ zvUG5fvRz9DH>)0*X`*9>-d}?W6Kf6KCQTGqK)8W*AUGod_R1;Y#Xuy=RRFs{UW^#6 zhDK$hU!dFGH?id;@zOQi-~%#*)aqo%tAQBJNNKZ&;B@?sFmb1n+Wftbq@`o9NRFLh2w)t;1t4Qd>{;5{L>}qZ&*qeI zZEyxdc`~m}46#(5`GBJl^iXX{R&H9s+tU$Lb)p#GLUBzXx!BVfPlQoarAWS!-#NN-IJdtG?R+^SL1-*{3nS;vLP{3*?otp3X7VJt6JW8+EdPS!QPg8TUN!PQHFth043)A z@~k1>UlEOlPN%;-hAAO8h7Hxz~pMC1h0ZzBDSMLU%C>G=?{bZ+!s{ee59$NZ{+u*>`=uBhC2H zT1bcBb4R<=cJyDeOk&jrz##ooe;oo}puJLPjRHQRUW_9Zn*2CGFa+}moLqp>Le}CF zhy=bSxouP?Q3khhb$6v*+w8BrpKv%wS9pAdK5~&NF#nhg*@Q58;eDlBkS`$@vMV%; z*y1X{lnue9mKO3E@O%H-Zb;-qZiEi)c?_y zL?%DL<)8J&wk*qsHF&1GnX0#Y=}4DrjC>8A*%1>E|4WEyVa%(AvUMYslH?ruUVu?( zFhY3Q*?s-#Q|da|wp}c(WG8xYXoD{J@}>Lf6X>3!06~hn@AUa6|3Gg&@$pxoNO#qN z$Qv?)I0Rq5B)H{Wnpv_i&6iQ@37E&hRTQH!{x~$>QglUWkQv@jfQMp+$Jpbmi}_mc z<%)lGyyp7~<1MAZRYDkui_JJLC2;SGZ8=Mttipqkiaf02LUjWi}Cfpa>j8iiTh&wlI_ird*_Q zn``ezrjP;_=y*QL+R8+zE`Iq6B6kLeb~sR~-vf0gI80vvJ(b@QzUm(C_swrKxuCLu zSxAevh(@8eyp0rye`ICF6@AnJa)oQOMR4v6vgr`?GM{1u{r5tktBqJ5eks|f_L0(? zle6=a(C>oN(&Hz$_7C2W@F`0olOS+$VBE+8hJzq`W+co% zy(u3LN}Qa8lvia_$N*-%1iXbfkdaH6UKp%_HB>1!#Zc#cVcq!BgN|`6tXV8Claov0 z84j_JM%LFe;|92GUIDjtF}lj3?&M_?&k6$;H*r?=LRD zx2U&1pS?f7{61-`etUj$_Wt7Z^8NWgz8^vFW*((qFAlEGPkuUm|L*%a?I1{5XJCE& z;luIYPAF5jOY{d975{L9hB z#rHbOSXxAFm9HY`-M|T79p`ZX{`yz&ziF9gKq%%Y{=WYo;BJZo1fC`D{{7#XjBF0-y+e5ns0Bt!Sc&%?fCBx*4U7r_&6kSD-P1BNk*yIbxXo5+Yl$7H#UySQ? zF`_gns0UlVs0v4SJwVlnn;xk=MmOlF8p z(VPPGk#8|joC(sDy;_{kM_pyV;*nV|?zv4?G_)Rr6WVJ%dD5CmdTcu>^)eTWF;7-{ zR8x4Ksey@;yQKL}nsoelcM@rBPhF~VFXoB zzsUY64@X-7l>yp>>66j@%Jyl{-R}-e+oywro$b@+Y@d=D%4N<`Jkbg^j3;xsBebwqnxhAllW-4b8kyk26yl zD(V-t_^}3o()2%8qo3*(%Cs%c+zVw-=M!d_2KPB3hC)9gIAmGKpq{~f7Kv%$mt557 zc#|+(@cDwJG&0S`R7BpHaH|rVX&fUz5hvon#)BdMIHyR=xJPDVu1@08<(*@rUJQj9 z1lP>l&LZ-NwEf*+aM*T^^}NBA?&CkD!IjCDyup>lnw`Pb_6@EQMYX`-N_Wt946aJ3 zxj_q?n6(V9N)RctDhIAVy}^~{S~3nalXgZ&g`+DmI?4~Idow!H^qEFSn!E>PbX2W> z?ZQ8OrT1Zaj5cu}mWQ>w56jFg#i9ohL`HYl%28xy>4Do`4an<7kXaJha=|2)1YSFi z#FB9DDTIWZnC*s;$Z=||h%qm>9x=u>vF|NpOe%<1ju}%qa+{48vn;xXr}wIHVwMGb z&lCJ!gT%OI_!{wHUMw-g2dm9+*U^gOm@jv>$aVR&q)^YK_u!HefZU?^7NfhKI)js^ z!xAm+8K-PL>l`F=_*QxJw*0}{T0#2L-NpL|Npm|DALK0wacVzm=8Q>CdsUf=Ltj-Y zk$89vu6cv6pQ}3@zD1}($uqG#Q0KA~TxTvXuhlG&ur1?MM;OCOYLojUkXn`EP@NGQ z)MBwOF|xHKP70!qBfd!iLUF`)3j=Vf|A0&%NvlDf<`a`6$9JD58y7nsi4mc_bX0YS z;%;vgkWo+Cf%e`IPuwP{6Nm_RXZ{m?D(|}O(!}yvZkfTSAL_PSHsw-E384R#QcE^p z1V$C5WM(%hQSYVQ7O}a;XTH|vfIcoUhgC=!-~6We&jKyAN*k`Papjh|$6|zZWA!Ho zQ=S;_vJ+mmJD(^mtuh3&MJN4fal|~1vFsx*7Sv+_IFx> z6_l*Wf?3@#Sg3$fWVn!prZ4a7fXkRKxNR0(77Oa%4xOSPXlXNrzGTTFpNXjIR73?ZjwW`>(O+_ke^Y#>#))Wboa+VafS?bf>@#)ukd}_

qmj1i{YkE(pfYDlrVQw%*(ed@wbEJ>?i^QF2j(5y;S1k+HD>VhuPlgd!& zrFkhF&DefsHK`I^sz4!GRV7(nDcQVQlG_9}ZR)vGQ2rzeN`Bfmp{A5U-6<=Hvhp`P zf*}NFwubVw89Tvgl%So;|r0;H1T|B8dyq^v?O%SVB0TFaM5zl?|`SD zKJi%_%>89t^JP>86{>o_-*5e8_f$U?dwV(}0`0wfe|d7zWgl4sIQsp5|K;JK__yEh zXZ{@=9KL$>m%-tnzyGTL>eY+=zw`$$UhKd83+Ok1yYiV+2IIf<*T$7?+#`8Ded+)_ z)}n-#N2L(vs%_KyybZp5X|+1dJ}vO~qw{yC?|y2DDg8sD*KtYLE~M;xn=rmIPr2eS zBb0#v-=IJSbwwW|A|zEVKAbkCM<1n`d$8zA63#@x53aB%w_m%SPY@N_4Cd>KSnEYL z{V58W@}O+V^@FP*n9igzzc-H&Co=}hlcEcL6p^r0_$aQnkdQtHcL-1xlW?M1K<5(? z$WD;L+ez;*^QIhXJMmg*0}_MwI~Dl8-EF*=_|V~M+?OvcHHtV3^Z;_5jBkFd*!_}R z-cd3`$-Y>r_3C_HZS#eX&kTA~93sHvo`vscxjKeEMk2hHQ25xCP^34$Fh)t-F$H!W z`X~;>P?gsm`l^mDC_}U7dT}<6DaH^7;x>`+O*Gd)PtMQZpMx1!0w;*7L3l}kH$~nJ z-=r%ao($bH#P>67nz)k)rS`edbfwm%owEQKp@7^CTWZne`mDzS5ReH4olbfiSrqRE zeDh4#nIKlL%Ks{4;%=CNP5@vOeQyQg;S`ck-iCJ5wf%Wa0`$GSSOOgaey1diAe(;w z^ivlzG^4-u|Jj`(27Sn&sQ2aR9{AtZ|IhYR7x@1{=EAQA`Y@6@xw9a5*uNmasi5k|DM`_bgFw-IA>UDnh1Apgq z0tKB8pH4*$k`%m4B(c~QCKH{L3P(8L;#0-QGn$;vx##Mx7gMz|@M$cMAox7t!k&a+ z2E&Dx)2c^kSIk3lE9M`jg15YU+9zVyDVo5gj-leq3v0dq8RH2U<3L!`$izGN5Bum% z_d#wz-QC@3J-zFZp4@t)(B@+=Mq?DC&_g{H4Zep%AARi1h(8Yy?NCNy)SWUFfvy_7 z7m&H%Az|m{HPyGgH?L{u7RPK3gO1!DNr(dEk3=3xro0gm>Qy5tj*)N9y3xW2%Gj1H zYJ*Wgyc_8b6DCqt%HQq+a#Ug=3Mk@B&~EwJ)bjI|#0cO}M%xm$O(QZF0+ib8jrLj` zlX;jNq6Ij-p_xTz-Qmn(1cEs~L=BEWq#gU+xbM55ZsmY7`pNu3*Ise*FIBix&qk zTc&Q-`u1C`zmB*#Vwle(8MQ=+BGD4eJBN=N>GzC$@a?xPt=H*E3T zG66J&91;psKsW?xMG-bsxU5NALMnB1SwkA7`tsZ_)mKuOTKp-v01VF+i5cE)iLFR_C{2+_Gm~yJk~40_Q{Csax?6^$6_JgX z-XQ3Z)Ry?muF7h4g3`3v7Yx-}nbP-3C^O>KjM51p+j=-r*$J`{@~WB48O1)b8j=ol zqgV8Z=Xz!K_$NItsBsb`$pFgu8N7S{=0pYnTVZc#ZtB{fx_n8g9NAT%chFqD@ZWW@FohW6H&1o0juW;mQPl-HM(0)Ea&lC+EMO9y>a;HX*A~0Xm(u)~8SHPoF?6RK90oy9M-U zFq0B?aX8_l0rdC4moJ|_b@~64#A<(Wj*+x^!l;8jC4_>|OXYPMq9u5Y(`=4z*pFZ`z1-E!M6o&|W z8!4_*W}GeF6b-?*Jvroi-?q*Xo5zVaT!dnA{hL}!iK2XR_-Ks7+(Z{8+n^%~<>sC= zKh}lRZb|$)Cxm6EVS5sg5e(AT^7o#;jNsFgBT|&-vYT)@vjG2^!vK#l@>PIx(Tr~E z?+CDX9*T_wWZ>n2P<;6o)Pr-rizhQHjkAbAD1!3KBN<_FfK-e$Ou@5}%yanW-32cz zeDxya?RBd-CaE%nVkf<8(GAa(Nm705qE+QS%eL}X@;~wHVm=<@kD%R2(TO!g|A=B7 zvN34?8}0lXZSz&m?ntSc8-jcY}p1HnRBpZ{jRo2L&Zb30$Y007F0 zI0q-NMrV2PZI03P80HwT8>Fzf zrHM|-sC_u}UAx-rX=6W~;ZoYkv_QQ*nVp#OUB&LqopZCJ5`2C7lnA_MwU^r5uF92j zGba5TWMS99!EqtqWNo|NrcZ^s~SL_S1 zR@CeRN7)s4pVjU5O5v}@>qzMrRn3dc zqGlucPhl8i9~QfNFl#qqzco3e-xavg?yb$jbQDNmY^_(-@Wzp~`H_i1<_Hs#bV}aU29b9t-Q2yMun}W}>hG z%$@^Ez#Rf1l8Zs=fFhO!Jno3aFCY`_8EXMwoE1~jbA zIn!#hZl%_mye#CesW#cl*wTDnm&02eic7Ytlxua)n_rTH7y2mh*-WC|qE>~Ao?e0&QY4nyp z3ECsbylL-t9|qAB4%(KEo=5dx->;8qFhb14v?ePf;%g5*8EV79&wQDhoE>xr{Z*Tb zJ~9-Fr8sSK@ev^>l2hg=yZR;vM$y(cIHzNv&Y&fb#L!9FqlxjsQdjNH+W!>Ue@X8v;r^oVEZ}TKOR#eLul`^#7})k-`~8C#uXgrd+jt6QwsH5D zu3STKJ80eD&>yDP6)o*`J4~{zmPGH!Pj{(S1v*f)!zfdJ>*`F+yiU#$2RIy8JTi+& zh(b2hQ?;e(gd#-C)ffk;yO;%nWSxKyw2%0P4f}b=3f*SfH2_>KW&sc`As}@`_5V*B zJY(b^a26~B<}*;u+TWAyl4Vz;QT|y%UKG@!(EwwT_l+f4z6ML!Kj%{||CO8V8aOKC zfB#iKYybP|V6eZF|J!(!{3o$--y~eq^-qyGSBm?!SA!y@xQRtTW6jQy>+98S zis!#!v>{#jS5^Zm{C{5c4_;*Vf3J4&-?sCZGu-89?V0D0X-<6WJX1_&DI4A-C6?P5 zme~Jpes`F)Ptp-TPbtF$=p;ruq6p@1lR!=+qP>(YJu?nUPos9Bpb_#oXDEvyLz9J> zu(-(UaUS`Qp$k_*^r4Klbl85Y5t|U zhm3M|C%sH>R+jE274U%;^GuhJNc8Ylq#GlYKP!*3*XHHW3S+Iw@m4bCGFNC$ex(_{ zvUhGPMmQ;eUJ&Hubrx+h>hue1QO^Q5bF`(S%E*dlY260iLEpw=pw%-q$A~H;mV!ZE z#{DUw>?pt@T6I#vc)4D%nLgN%r(~5TuF3 zo8n-Cq$c~UOXP$eGbZ9uDUqrQUx*{(r`9f9f)~%XOxE>wB8=L0C{-aM+C^}`c-bwLX9+9zmhCp)ZnFNie2%y+E{G1Dptbc=?aBA}}V! z?Xq4Hm#8PZlf_%9xDLd=`^YL2a{y%?A~K;0+4k;sSXj z^h<67EJTi)*&d2ejETP-SgTGJAd|`ZmxE|m%7UbG5d`>h8Y4O-fnO77wpteK7~)_a zqh-Nnt7XCR;rbI|+36QSHXVZAl}>{)MKEB~|G)5{`98CE19qA>dx&N8KvKBvXvccB$l(G?TYEH!n`ZzbKGKWKEku@e&23K>lDg(HYX_bN5)V#`oZEj*^ z06&76b#76dJ&?4V`wd9Oj;Rv<>LM5%%I~mpBEt!W|eY?c2IDI-`#;cym zA!23*vF+?+?Ox6}I5Tvlnl1}x&(P;1iKQII5<92kCR*gOcwV7Vm0&84MSRF$2DZ_R zc0n6>tzPxn!mq{{aWU3q)NR#S`m`WNN5+`d#R55tt!Q_}9O=nq{hc(mji~64x_++^ z!qTK3zg>dZjyGGM-Yk%%NiI4^C?;E;Ff>5A1JIIJL=^kTgDYJQxeqwp&{w(_l7cpW zMO)huCD#{Ofs&kK*>ZeYuarX07swhki`e1~j+2D*j$SfELauX)r3bCe+`96jo~)>1 z z@7p+i_iX&B<^M5_;5t5_75-oQFAop0{vZ4O{?7kn8&9bf?VJ(n!GQl=5D>s9(!1Rk zfn<~?$j>Cke~^&D;Eec3su+qJbPEY}$njx8?kVd!^In`ta@^(UZ2S84w(SPI@>Hdn z#mh-p&U!v)IlqSHm_<-@ftvSrO)j$r}ml z=oZCrf<7>;gN4^?PmYp|7PefA-ijRMD>h0dIB&FFHa$)s?~Tg;TI)Z(^)|WwAH2-@ zf9~%e?$-ZpJWdbq3u$5gxLr6ii&s;p9xC%BbT4JOl}s;Q<({2Z#!X9YQPK^DzHsiW zu5G7?-2=};!oV|eDp6kB%ujlHwx_IB?6=h|u*>JxasZi>)r5 z>XB}wigi$sxCiIfn)>*fm2xiKl%1 z9~{1V`6`$Hb$_@2-^!EKp3CF^*;_0}&|o7J#Bof*{~@F0g2dc+gh0@ElV-pNJ79>byVmNm{Qdt@{nm8f74~0Q4?1IRfU>w7h00((WKM#pNCGXAW1N7w!-=pxH1qE?iAI4Ji1|C^VqaNHh*i8)!%- z_&`>i+L27W18^nn^T!+8w#|)g+qSW>ZQFLTu{L&cVrOHU8*l7$^Zx#~>fWlSrcOUI zb85~rr+Rw2`};whd`M>~qMUFIj{}J?Y%j32jL576J4|2$r4yCVZlxEK3{qutQ&ua4 z#H~>q?jb56TtzA|hfv?(3*CsZ-FbSoK>ZOJel0uCFd!h&;>3QrSkcohmGV%uSey`7tJ|--!6zmv#VvR5a3%0veG;;4~9x%24?0$jok_!$}2;h%V zt{o{ZjldlgEv9GEUwfETa=`k)NzLBish^66Q>JI5B7PSUS}=ccwBC>NCMm?I0$Cv( zGha!^lvBAsg<^Ekp!}=gp)_wfcSQ|V?LXoIG6|t5(2y*??(Ag{)GEN-H1M<97m`Zi zFQWDQXCX4K{_3@skj9e`^HcMyks;AF@#QtJ?Vq^@$oSsp=BK6Fr;xDk?(l_`)xmp` zydUlVN#cHS_F-4AK~`HGT@WQnjP`cQsBczs8M)$`?dV_C;s4WAQ+DXlQx3e4>~1|< z>-&8TRj}~5o2P)^3=~)kYz@q62W}q&wGtqD$5}#fDS9zjbWzj2mN>b=M265VL-eawAV8R%|6ct7N@l5xs5^ zEmPP)DJRdiI1EucmJ_xTt?D!t*Uis3g$w}0*(6TeN!to9ay6vIoe^godNaj%kTpeL zA)J>q#Fg56GA*cQFP|Dx`HpWc2_(WAXdk6N{vDhjY|pQce20t;vr4l&M*p>s z=*u`Et$MHtPo&0-CB04<_7V2BO}(gxvUJBO;XAA|9jb-zP&_muTKY_qYt#En5^Yt> zu-zrCNT(-5w`qpN@pnXK0A!RqdZ!g6&hQ=@&}cYwt0sa?KPSGs^r)aK-7CaGv$F_p ziEhKz6i3{z(Nm&}G&4n^mM z4X;27;-g8KgbU2*Teh?2beuW^qQ`ndHO!6$-(=6GVH^1>%PN{CTIcf8B!p&Vo$enY z(@7_8o^PSh@?i3krOQfG4ky0A*Q7nMcFZPcU#|k-;x=6->Do_PoVr!f)gd%QA42_A zJsg!GT+JLbw|$}+3|92F(!tO#rr8!zSjAgJ3yKJIR3c#}($t_hm`L}sFjF)BUkZexZY|5K^JQPq^d@snp984o!8#f`a`$!GHart zZT+P8sa+^Qc2Q^KpfOMDvD}gh|RLEAZm@^N&(E5LmPun0yZu+Ij^#9@{Vg z$3A&(*J(LZ(jXO%bABY`=S5T4p7M^1j$_SIYOYDTKmY*mL}A^hI|XE~LX<}lPXW}W zOh~k$B8{V>%A`OeB*UKRw?JY9kFQ-l?B%*;o; z+2O#zNCy?vXb#h^?!(U2prlO}P48z7aX2HMVK3Ajef%7cSSHEFE_!pMlkyMlDO8TN zpqUrfj1ryTH`eD^_XG3>{M?Stj$uBosO2pZ7gA&N`VUL-1fW&I$;?QkyWveIBb3Wx zS;De#E3uZ&(YcRGO>CLO^0KSWW=2;?eP36N?PawmCnjqtlvPaq{^W)F?wH1x_ilIo zcB+5O6OcQPWRh2P&fp%U!w=XGJUAA4`gmTB-G06CDAXOPo2~SU6SRKmE6< zeoa-H*7=8>ii8utYC5=#XMV-n`Zrin z4FtAY5i6?ZdHBOdIOJwHq};ayW6*w`w$=>vzYLDo#PBFe&TbO5E(HVg1jKU&R`MhytcSx^1F{UViV)lFu&FBb!RL8rpuizJm1{Af z1|gl6f1ogF{|pOu3f7}X2!r1fg9k6R-ZK1CWEzGTA*~|KiO)SAT^2ntFMmry-S}7` z6$%=bheG@Sv95?xjFvVthw4dEJe@p!?i{wIos&h0ID+OPrWaVij;l0|cqcNKW

K zC)V}1QdFkB)+s5wMo-2_p&L+3`NGurM+;xOvOSieC6?jAiyZ#%mCEAp@Fpi>Nw?xW zoT?_9*|xy-KcbM)!nMlukOIx{VlD7u588t$_H+7ugJ0drFeI2?yYJA@4NXtG-|U?H z&u7kpUzh!>a40UjR9m<|S06J?C%~uvbsB46rEQqV>bJk36*P7>*KY{^g54=74oqM9 z2^1{?f`7}+iaUCt3&O*KtxUZcsvQO%y7>^8@mW1ucrk@O7sp)|s%P(3!7YGpiLr)kzC zf8cYhdLmgp7M463<%qkLqi%h?0S|th0+)#|SH3AX*^fp#g9AL|OQE1h)Dm4mDrKJC zLZS$^$9q<2heFch#!iwS0@q-TY?+sS`BS=Yxr@7v&Nf2E(S8v@=ycWO5@X zFPEVwqEdfLPS1M`88_cv1o3B=WB>o}Mg)68;+|Tqq*7v*o<{AMj`MNDv6%R*=;`>j zu?iEVuD%W0z?tlpCL-m&FJgk8EurbrKwlo5@5Qj^pP5+hk+=UQ$n2o)RED;P)M&MM zABjaUX(Qm~&^(WA@dTL$8)#m4+Wj4GPq}*D$HySCWau4vOuaIZ2V?3Ij3OH~oat3V zFKj!BFL09(|7iaah7M4_Qgntg!-1foxzn7>ajMCP^8b0fZa=@*?dj-g=Ecb)-aNF# zA3odA7w_ABy2p8VRS;sZzS(OC(u>I5O~1i)ad|D=)F)L5*45JN>)o59&2@ZP00}J0 z+m3fOJdkCQv)^6c&I>=Dy_Qp1%WCc}X((v+bvCK^-u!#a+eYljb@T8nwviXMTUp-@ zHiw){?{hkW4Ls|Lu$}9HzR?ZOo zDbv;zK59P4X~*F+`p9Pvc=KcIdr?rp$n=j5Ta8u?nu_b;=a@ns{4cJ__Knmf2oNB|F^@*wP`h|x+pN26Z*HXlL;Cj^!<3V_iOWg&l@k6=9sf&}0mEM?(UA5+t!P#L#a=D^(cWp;!+&>+*zVQ5AF zTAOsV+CBV9X$0zn0_A$D|Ak0Q)c=J@bt)d|6TT@f8g%T4G;E^m`nXLgYQ)kWyZgO)sNcdMU7>!01R zny-Nl3VuB~159$pn8KDgjZeqPkn#mHPesW}(VjI90D6;7X-za@AV z61@Zni~dVVJQy7x2=(G!-hD@56LjxQo3SB+8j?}c+q1D?;yp653>AhngKhOj(mf@{ z&8TD;dlYB$0ulz&8<`OrIQ&t6prH(MeW7>Lc2RMj7NuWE5Z=q?oc>f_2X}*9< zyhj`ob2qZ@?ba4C5rY=@9H=UatpoIj45UkqcI?NiJ8R$n%;Hy+R|R9rlaWriFLRmf zW&efQM@4(*4nv4c9o8{MerO)MQX0^S8>NA=gcKe$CdCNYKfOfXXR2dxe&7ZN=8%(z z$Mv74c&}Zg>qBW{Y{+%}4Y$E`bv&KK8P$6UzT>QF)?TNh;U6%AFpd+J zj?p#R?y^u6&71v&iRiKp4#R4k)K26?>rAYJkoeM3)3-Lasxz?=fa`nSGYy86dIs40 z!7RVR5v>`&-FRGqKIOw{ub4!?*}_v?XSR3((NUm~i+=Pyc^yohn0&XJ#|0NtUAN(z zv1hlir&he)F;aoAM7~%`o2$gt0YxQUs#)leh5R$dZf3R_;bIg~AhkeyWPwe~8x{^8 zW?kE>h2bL-lXzwgCNrEkb>x~qsOfd7#fP`zctWvKot;hAn`5A0%FW1g#t_GLX%k zg9>@fv7j0oLuCsdD=QDSk4=g~QL>2|`w-n_@w7Wk!OJ;K8c`Qls0_`opf6l-&b1I6 z0?b33+#&UlI>;qO*#2uj{l*1=BY3S}y) zy@9upZeMWEDdf*rahWIPFE!{Y3gL|L88Y-bR;;6##si0a@Xj9t=Ddgmj!Kz|luu&O zEdf)1WLgAn$(Kx4_1!(lHZv=<-lRbR zeBCqJz0(uaxC;zSngPBaXaJWLzZ?&BM83wz&$96$Xh-K{g5a>hGpn*dQuWY@$}XW7 zs6>8tU||w!RFXr!BSzgW#A@!UG(yo`m$WUH5i3WEiXac1pY``o{SMuTF~y zox}D0W_hppw2lZ2ACile!#>f}L9!LsUUxfyX6Ne^F z<^l}~PG$pAJsr z=&)0<@)HB3h}13;-E}Ki)1o|{i2=zNMgGu|<&@dD{(S8Q%aBeygVcm(^Ap zz%@r0DZYJ5GeEvBr-3NtLGmL|6o%-+I+q4LQIRK`7XnH&XV6O6pRZ@1@wk@^j_(KWavUrRkU zy?ZxH3x4_#65{c>e=6g<#~)GQ1wI=Q_H4|}0z*SHza7svo^l{M-Ld5{_wl`O&Mhmx zySuv{kHH}Ep(N|YHBp7{T; z^G!M}2EkB#34^Xc7$70>#9$cDi=~>h0=jDa_13*WhLH3snW+WAjYX&buBkpbgoM*X zilLC;P=sOBz1fC9~8gnb!MyncDi6zv zVgFEBO|ILe3eAX8tRg7{Rg}~?iuDLQ`Cj0FBw*3Jd>X_`rXlFwdmK7mfs7dF=h*~Z z@Oj(beBWCSX9w}ZENDm_1? zRUHo=35>s4Wa{x$dY93F9}-kjkBwSes>M|r5I3Cy#zYXbLrtMthr%%+3#2?P9m^<)WOn9%>wH z4Uj*%>1cHX!#XOFPv6w$q(Ds1UpM$N}h=qs-j zww%FGpWX#Cb0*oUATSuZ&5-7D_4UgyjTBeLTR#|uKjOcICa7Hdjvt*q%M zVxln&Xnx`mg?IUEl=!Pa0*`00tG!7dDv09IzxwObex+}M08WxNgoz2n_`Okly`d1i z+Qo%@?y;L%Zd1-;UGjvcq^$>Dh5|s6YL8V-%>(;p?zx>N;kV+4F zK{-@W*5OPAyjx71TMiC2sf0V(HyeNG{i7|HO(4Tf`O%h!4gl@u(ppf$3w)`>)|JCf zy)?CMp(IPYLBfvS*>{L#@^G|wb^z4RwEf_oXjxpxf}-BTEtolxhmnAyRv$i(Ma@*9 zc}O-YQ{q_8(AoxwJU1SeqDGil{ka+b{Ml`^(3tt_b1)Y4FG#0M%G8DnZ-7)5Od}er zD{RYVO7+sQeXa0y1;1?p6!&tNwcN$cJd+kL*Lb|Il-fa={5;B#tL1>Xl6P&|-nn9b@Nd_(MoXWM(LJ zs1YXa&TxP}468J#JZI}RW6LkQI2~BZcz;svm3`O+@^xQF<#2*2i;N{RdCG2eJqc%V z{glQh-FB6Dkq1<7*ZJ8k)}dR3s(W8pd}Rz(hFYR9g8-IHx(%|EDH*SK`ZzXMqdWsV zg=93u@b*2d(N1sjS;QzM0NYV{87ySi?3R|jOvG|4$0(7aZ^jw6SyJcd+NYTL++rNWX!uo_6{M32YGWyhz~}({TNQgwMy+yI9W?lQqK5l8uOxYMk~AkV zIlbuxJfnnHcdap|LM(y7|G_DTCm8@RQKoLOqEH*`a6iCHaSj?0X)IkWSU{LiWK*#% zYOASSFH4EwuGm@%#utJ`ksl4+g`O;j3!$St{Nx384r6B-QQJe+IN`Y)kO(59W3*T+ z#~}}WFD698aNX=cgrZda^rK7EQj<)&wEK8(PFb7)1(72KMgA)z~SMp#h@h!S$T7=fB8OcO1 zuJ^R58rqO~$gfg2Mh0zYZw-<=k3fz&E2r-=oxl{4`~~}lCMz4)m>@XYE^elVj?OIR zb^J|7`|T0eBd(#$X?05QBW_;QRrJF+8a|rQrQB?ruU*S)MV=P#!Se68Te{4`A@BWk1L)2o*}DXBR(l9;%me|!0W+sMAwzKa;1?eZh$Ey|;n63e zke{-nmv~7y`bs93T30gd_h}ahv-+f~Ixvcc;Rv36tP$z=)g(VUR9}_OLa0R2e zuM+cgjzM9z^%nS9Jdc(Au+y?8bgC83U?>>z; za#&$>3~jDsEPfme#;WqeX14zIbyDhNvMooYJJ4G1C^5q9p7gdbXQbmvowz$+7A#L=yFo$)!E8pbLFuY%f|LH`c z!tAHY*62gB^g7muVY@KSkTaSW)&75N&x@i|t=Vv=b|hZ!@7@2ODQoEMIyrthxF*s) zn}mKUOQ}STl{PaZlGw{h?dH+r!&#Y5LV8FjiB$bDPe8+;fmK z?~I05K5nSKAq>|qNuD5Yi!d>w(dj8H{&7%bhQx5kI(L520TnvR}sc@SQEY?28Z8^qYL2Nz7s;P;4R(ofG-)8e~^_ATVVaj?ArTo5_vpg~o8#FiJtU8&CS_-b1 z6zgwZAAhepk?U&JOh#1l4Z&SB?VKcH=lOjM)*6)Bn=`gq z#F^^0tCCXqZkPx+gA=Fo1U=7V9G;%zDpdic7v)ojGS*l(-1hAfn@xu5Vh9g5V-^qg4(QhjEs)80eMP`thdYH`yDTt;jUji z$ZvCSdtoN89kUjbaC=df^t()pO=?gAr?BydLA4xvj|+e)`!xIs3O;n5>k&V-w+AuRd!O z1#^2o{Vzmg2bdq)!}Krz<_2p3MJoj6KMF`Z{GLduHFq)A zl$UXs5l^TY8Oj*;O0c0ZU%IM{(7*nrx6F*y;suXN-ZFngamSnagsj%%bJJJRZoLwa zAl8hT!f{220j zwAolEE$F_X%sig398o8^rt=#yVUO#T(~kabCdS?g;uo#$&tt&iF*e#^JvjW0qFumGyWZX-hOTevCuHuI@hywK-6+=ZeCh3MqqCBqHX(8fKa9Fq7R$}5nB23=qX;^ zo`=ENg9p7hR}x}SQ9M4U?O`-w_I6J*cV2`Z?DrvT_}dMx9&GZhV3hJT@y#CLR=zml zf!L%b_(1!mqd`RTqn&DVt`3h?h1l+^*&lP2J(W!J)aF3pMQB!lMECNjTCeyXu`I5I z^2rUMyzDgh_qW{p)Y&1X-5AmnagA?T>dJkt&wqBcaD5lo>NuIMt+O+`w>!HFH1jPQ zJaoV7{*~c}?*h}cfb5=cGvU^{lljB{a<#;!^L~`!x|l-m8#dd4^Q#gBe)y~Je!9rjf)^zh9r0WN+YSOj zcSW(^KUYMka3!?brwayl^X0Pi-F?&Xjd7!n)8XSRK;U&XTN8gSU}?5!Oo#Ep$yu0n0H2{v_t=+{3|Th4DZ_7BbLS_7blWA z39Sv*_XUjBBv(4>e@4Rp3@=!>eo}OWehJaQT$GqMn{D5Tw&O)z0u2?RI^Tx+Hfvpb zFvdSVzp+M7-1Uxou)1CdVB;;#xj}~Y@~sPG7%Y4HioZ^ zV_|l)qY1W@e1rOG%6%3MR#&S{Q`8LT)u@`=7Hz9TAs08~X=^nynnoNreCJzebe5gk zuDfkDE^Ii|Gi|e0{IRoa<@R#nL^xCieLYlvR&JE_T4zKO6fc(~Fz^MuFWPcKv_^@F zKI2C%J?M$UZbDEML;jX&%ypNgm=hAsZoL|yrvtR4Dr-~@+>{3ll8AB-t3IprTD zbgIhQ>nkWk_R!6GxL~N~dQ*a&z>K{eB@f^^6sAF)z7to*cwnmb zJi~__uN6?T$e|n|S7t8IDs8_!`{gE!m4CeK-5$`J`SDhx95M52VV6XgT`eNsYGxN= zX(r8t4fgIPj&+M2`-@O50y_JtkE7!`c|QPi@|GlZoeN$Fnbq-=)#&?>1ksjZ_ z{=U~4?hVX0z&HAIHPQ>TgKLWArr>;2mca=6+UM_4>{PaM9*h?fP$!V-4sEBM=jdXf zSLEbnropK>z_XX)ALL}fX7>KYfB^@wALBrKD#Q-=-#mGqS)9N#@0c3zNP0#hW1@p& zv$L>OTXap=P1*&7=0s8}*tbwbhmH-4z=^KqHsf~J-Kt2>)C7JW>3EDa$XvzSD2Tkc z%5l1S54nK|$K=w!*yR zGH;8zXAJsOCV6+vJsQT6(Mld8&Kq ztAp|2!{!Emx_TYhCb-1Y>Hu47KY;giZTzW!U^}qWsI(PBuqQ_Quaj&IS)#LxZ0(8w z6)|P2fchZDtvg@L6tkV{>Y)9`Q3_S5VRvXom;q|B=FTFvv1?nCskUB}dZ%vRMa zINgE)voKe^{5J%?;NvoBnTM}h5D(gs2|8ouYLj&YJsY%(56xp4@eQ1TLeDBKy^iOzq#Qo_QX;#ZiTW{VXqfv1gaD;zVstrxz)Gs8cA&L$NPjqP%2d;t&SVNz%`AVt! zRjEZ$bN;Yj=B|HHHTAEO6sWj$%6A1->W*wv6Djg6+f70Y!$DHa+m?37VE5u&%A@WP zTI6Zf+7*WD{wQg2Dl~vSi8&t{p~?`&@Byn+_$m-gFH9N4Lt{?S zc^B*4h#J#tbLs$wkTOviAnKL{qk3aeuyozaSK>zvvLLRFMsg7)J2@Z?D9%BM>560<@$Ni$rc=vh1&b`Lp-wj*tLkR4J-9_-%fd;bT2Y`R%vg~H=-$46{ z?6w|1_cPL^)!Z_(op25G@Qd&|6EAa~n-2V1`aj9}ADGSvA8;n1=xK5<{Ctg#buFd3zx$kJj%yAL;&LgTh zQs@z}2=>vQ!)~tevZ|%U7=#tzK-mkRa$5eyVE^wl$W;B|UH!HY zjs1Raq|jW&L-a2G%evmL3o4GaKLni~!$GLtH4$6e3wZ9z{X98FL6!ODxy}IwOzSXQU6vyvZ7Ydg{Hucoho_3#=As?fIIEl?*&k~ED4jv$(BulYtG*#@iTJF62n?YXFGHC*8U&8=OR~@Ba6>7b(d7A`Vl&PSu4Zx!Gbw{mF*26b_}CN?>>tS5RW7C_+IWCpVWyoqIrKAbu?c3;{36^d!sKfr+{ z-}XMobYZ1wRc*kl4N!*vSF`G6Xl7l7Uu&mj&z1GNn)71O_Nlg7R!_lw#qR|hA>*P~ zbJ3L%PaYNLn8-u&B@7Ofcd9in>$>M;4z52}rOo|pbNeepWl_gF7JG5Y)C+5Jlv`{c zhnn1U%C{V;>kmc49<~b7>M?=6oE-wdBS3&E55o_nz5v$kZ<?-5vsl`ET92yAE2W!RlO?2gS{ zv{|!xh}B~uqFD&c_Iq@~J&4lgCx%%nT>PmhhC@Ei3H!CaB_<;P9K?vJhgtdaQ`;FDUZ}8tQc3N;lK1q08X_8&jcQCmIxE{C z#V(j_BLtw2@Z!<1+8u_-#iIj*G{&P9UJWA*N;iMbMFe-2GJ8Z=kCr$#Za= zHH;1^Ltq4T=39xFKy4%MA#ihd$7&vJ%<`{K#6gZd`#oWI;?Ykq``w4b zV<;=7EGy>jwRxwR$WQg+j9%)2-y7v$&`i|hFN_rJ6^MCyD=zn|sr92!`jd-~;}O2} z7S+@GJf{)acRA##d+oJj1GOWKYc)YrK(0t(OVg`2 zYMj#o5@Npldn?r%E;uymXg>+mhYPAM9|V0oPoeXI1fPX0NJ?uERJ|sDFD`;R;WUa) zN*$CYQVOlw1~2$kL2Eqj%t@LAHT?jC|Awy>t~zn}s)glcpVoxWc&@ke)3vW6w1bJq2!%GSE!ppVvR_rG~k;wnOgkdq>Epyzo*3y{QPV}TGm5gk%u8v%YF}f+G5~Jn0!^2ld;uA!qSq=!ds;)SWyfn%I zVUgN;60BV259*-i6r>BLed7_=PF)0f0^^?C*f@EQnfTMa4U|P3c|7@;3bb^ig2H|Q zDRiKn9pVFIn7Fq zpfs9Jw|Cvd3Oz7H=nXyZjm{(lZ^bv0IKB!5e(7+Gwt@{W6*ZbjNHY9P&=_y&w|ckT zvcC^YE0)s_uF*pBQWLQ+jvR#$*sqs&h>Cu2l(}c5=Qn8RGb148aeM?>5J%2l;v8}z z|GH2Q0>7($M<1HRK;EKO>2yGSEAFd}dZffpW2i-n7@4wHl3to$^n@AGrN0^pQiV-< zgFL%4T2Sg%CjJnsC1+ErHpZKB4mcOBHD}^+|6=eo_8m(ivCV*;ic+>l9#bpCxpm9b zBGFon5*C|Hdk%q808ghYak$=;+daMWIOq%Bj6`KRR#)Yb;8e#}N(N^mn5(C(SoJDE zS3|T*PE;>i6o1T=;h_fnHhev#Nr^2fF_tlq1)1Yh5H5ur(l;ByIiS&fK;0;SW6c{K zK;E~edR?P2Vpm|(0Q3Llr3S5XdGv0z3ODMVJ-s6~Sdup7(BuvBk$j}U-wsGN=L$aL z6J<6cH0t3K==AdT3%EPHxiKm*%Iot#lnKDCJV5oqd%*aqe(pc&KiejYC^y zxE~VM-~kHukWd^&3h=m~HsynqdYt^p5j78YKJ$i)q%~9Rz4QEdQ47<#&up8J(z9*q z!T12E`>V&&J&=O{lOyc|+TK}&Dw1j7&hkz%@j_6dIiN6+2$dOp%xZ%+x+u*Eb~`6) zMAu0fpPq?S<6V{Ur26DqY}^6iU@`Atrxssk7X={$0m+pFW90?ygtE6XW`q*on!R+@&fI~>|ZaGGmpQiWXfd?l6pv&1)kJEv2aw22( zK0N8Z@*V@5zf2ZBH^oQs?G7*=B2C{ejS45(0enA!|AaxwyvX{>cNG4#+V|L;%pIT6 zB8XVDw$cLRB`G(d5r|UDTfvaucm4!h+Hp9^!)svq?d2abC{TlH^i*u_lw>!_T9!fd z1I-M9NC_=)nc#?zBP_qz_tIhvRs{^Ehk}GHg!nkdlF{TN=JqLIuqr z$9Yy}a@L8nZ@Nl3runy-%b!qX6UACd7gKGc5u4*O2kF#tO!MO{igf%`@kOY(9lyZf z*|Hy!Y%-T=uveAhk?vhEnMnAJ`3lfF>y z)uj6>#OH=bWCX=bb{e}iWx>|q=nSjb*JE}yT81y=OB1^udEnLe=K!dXNv^r^J?{#q zic*#W+JA~A=zr|-*|nw@1}b3f8U=?))T%3EWZMR0Cee)R+GT#gp(t({#tR`H(pZ)z zcipCU9Bj1*wOLF4F7XQlzVGI<2V=puA7j?tUfu)(yTyMdRFrJcBhWkOj8sx6wms;2~o*CBNZ6SH@jP@FC zJ)I9yZ`Jvir&-6Gqt&fJj2NDrhg74h-{3KmFRY6zMU;TDzyvRpBy8FJ4q&ZRMzcTb zBi{Va4TKJB6GD5~VHEbSVq;HY_ejHxA1x}MWMuYk&)2QH2Zr$f0!n(|mi$29=1P2hGaAtfA^`@C$U6qfD zoA*RsJD#qk;oCDDgXg?xFr~;IF((HasZ~;|RU}(l{Q9>2_wF&}*9jqMa2U-ff9OFj zG-ugqq}HSh2d$Z`&~=$%W-Zl~Gya%k6u~pP1&qhb_1ilhGhXt3BOvB2mlfeNHD+qZQ})T3vJ{B+5K?gJ-{7XMe&i8) zgm*8Urm=w3bV^XJN@-M@6+wZTB29s+LKlbp=K3Jp`xAqCxt$#s7wzxGj>nQr>BgX` z+i?myMU}n*LdPp7C2SW6cu%mHX;2uz-@RJ2@GP$AsvWz+33BYt5{xlF4?=DUH{5_1 z^aDyGvZm>!J1}C1K5cXnRUwWpK^!R_mj5O%uAJq>8m^{3iYB*=yA;jDq$e#E*FvrP zT(XYb^F;V+n$J^h;4Iu*99Y$m_me-f0>;ZCnxkSO3Y`?CaJ2K6Fg-BNkVW~QOvD3? zh+@5;d~NckF5@;*{)L|2?t*3tE|-k4=a`D<&pre+#)VJ$$`Pm-CYUa-rk-1jl1=N zVyiPe@Kg>^UHVh9QHttgoTKQ)p81S%Cr(U3{I~V27h0>pq#v8}5UwFW0<{f1>bqG?`Yt`X4Ld-xpWerxVoU2NK(|Az3qY)D$sD6-*L24sbb+&$6 zI(H=%O)*x??lj|gRnz*p|8s(4avw36y@L2VJ2Jw9^U46XY5(S2UOrn1p~n!?-GQ^= z0o7#{y4)#g1;AyLE&~NyBsJ%DZfx6XY}>Z2#%^q`#^#FI*f!VB_itSL>^*$1 zc`~0l#&eIcQu`I%jNPaOA5nl1>QPQsjAVx>a-Lh^Yf7n?9&LY_3Us5D^^lyGCt{`d zf+5^d1Adamn2ZhQOvtevLegmWJ7vx#!o7IKdFD6L9QiMq;SRH zD?6tQZRA@A#fIeK9c>$S^ZPtJlGGXYdOf}6>@72cOp;6pZU5>nTva0fSQ0{Btu?Ns zBq-FPV>r*t!fVNR@TZlD(fI}4NFC-7_o9~CP4vgRQS}UI?#0eW*6rX7r+2r!#+y>I z!~y4DQte_cOHD9Kd*O;!Xw%SIH5iei7OMzV1KD$~r4=C*)zI$e``roRz`tbPj7hK$ zktPlkjLmFA2EOD=p4O zsS)EPv9SdTFwY);q4E-(-&T=)O-3ZbIMY=k8=4287I42yP$3O5;GtbQUk3c(7JJmH z;>b~`%#tZFgPM&QErXn{EkP~ELFvA{=LjCe>|WRpYlxZN%I6|*Q?t>f~hMHwundR+n)-<`(#5wb(YSQ<~wo2?*&DmBt;fKYzik>T9u0)D|x z+`it9vpyn^Z<+jf=K^uzux}CD$riAtvjq2R$9JNfS+jrETPO0WT#IH}_powCMAb@b z)LcuCsc1LYosffRp$)@QQDz+&aWKU?c)i0{v7%4os{Peo*Y z<34l|@4#`1={&iT=ufe87lJ>KlFxp|$yB0W4my3omuKUMn=N5inob}YhTd^zB#33v zs}S@qjV6J+luW@y| zH|6*i0v7Z59cEnjn_UKMuqBa7&A^{zs=T-5trFy)?YB&eU@xa>4hB4JCw4Eqy(Us; zrM=Y_d2vRZ*}vjbVgtiDs6q%I^CxgPxk)&6D3@4+Gu*z3<2v z3H@N?X(H1r3sQe19pa~d0zVK74ht+IS>pfIy)0ZKC4TcLX#MX-<-6xM7FsMz4{K7g z?U_Sbug?f0_*>vn!q4|bW2+-LH}0%@yp!`Hh3F z;zy<9&hV!%ix6<-;CmtF>;uMN_7G%uQyNLU8(9GfL--D824Q8bCAtqxdgP*L9#_6B zpFMa-z`|aGdJO8`K|TIg*M_gKA6r|%EnvCg<7eq|K%+5etG;{Qp8`usBkU9!d_~Y>i0=Xz5|aZftWggTR`buKHDI}$)U_)PF%zO`;(92 z@APTVPRc;J;S5OsJ+~3+R!O$QWbpYNE{{qyz6N}Nel3zex9oAo|C-_0OPQG1FEoCR zo>7(CoSK$1#1rZF!?@;mb8`G5@Uhy`(Q+P-nlL2(P(n$bDVQq6)y%R~ZKmsCTaox# z`9YY3aCB#2Sao&$iW@o`VU+!(gq+q)1^l6=aCU4rJuASRA6@cy9rfXhrQB|+PsSop&MsueZ9s(C=arSi)tKgM01lvrQLQLM zS650rL02=jk1#LSUD2Q*wn6LVwmi2ov@ysQl)oEYCIJ_|fxWeqe)MS*yF!PZe!l0jq&%gtUi17K?ec3)EAwCZf0D0WJoz-2MuotJ0JIWEvX9n_` zkY!L3rjXyazr8dajhS!pjFs^V*f1-H46IFw6K7E$rtnin>Gx1p%O74gS$<^ z)h$J_LAL^-!B`| zw3E5qzcgi76dCjCHkwxCjdXIR9F;*QH|-jA0?neL1;(8AQI9cRUB+2e{OJX$rA>(q zF?jJURJggA-%lmtSrW228yA0$f3x=>S%kaAa3N{gmT3Do%hyls-S@$4#f)>lh0Hm9 znZD8hA%X(CWTm=4L)}~55Yv0{tjFjg z2#S}5e^X^e;q608TdgQ!sbk|3nj01{{V+s?*{wP0^%D1vze~w`oU`<{A81te5eE%H zB+&L)r2q^4g1Fua5qbwdX$7keuAk3-RLz9a!sBW5$x<#L7#E-Z0mtdl)r~W5k12;R zQLX6&>n8%Q9?$q;aFb~rs-P9#Iz};dI9+s+np2btq#!8zrT{F!Ei@J66$!u~@;IO$ z;JNRSv*_(0yVJi%&eiGoT$HC3y^kYv6gt26XxXn|t(WgMEXYazeWH#yowiCp>T;v$ zJ*_qVi!&QUF=po^94q<}{j_qZV6vmpl@H7`^zrb(*8~`SysEZ!usuzR4=ur79*)!; z*4KC~=#VteCoYP%?xNYa{KY1$jLR$QGUiy2BKXIi+vVsI8}3q)af9c<0BT7EiRP}^ zdeYl~rH_IXpI#|HwzmvGV||)0ASQpCQP65;0n#1X*hZ#y3V6fGAM77e$>er|P;&&`nv%-$Uh9CgD%teFRs|-g*=s8XdM?jYizz za5zsZNV}Ro15MkvX=_bY*QbZmsrMOPLXdT86Ri9)5ZM!LCAuD1^WF|qe^Id4jyzSfD7ZR4&q|+bxJ7vh0miv>$n2O}DGbUPX)^mqjo|+>X z@CdAEFlOU^yY@$I_5bJK!0#y1Xfs@A$%;_>JIHYs0q685J=yTGx~|2dy>sp~fbZwn z-Z!1!bU**@Alx6G#APTTb59M&0t2disj3-vie|XlQmK!a*O-h(i?Noj4l5#5vx`4u zWS6ha-qbN@_EdkVbcW>jAb?L}@SelIfv`PCQ1!n>IY@af&c5Q)M=((*x@ViRw<14= zd=!)ynMCt9ogenVOQ^y{AvWiunanXLZSO4>G{~w{Fu>yUpoo-hwjOBXv>TLWwcI16$JxQHGU3>1PcC< z|BWbYrU0cWm5CI-&T)F*5dXr{lH@@RWw$PZ<6j%q1q=i|>%%nFSh1gRRV3 zF)}-0fWfyF?n}8JESB8j(Jd6?b()VABbk{@*G^&4jVvmWZBt>oj_?g6+Ku39;$Kag z$!4EDPRK%=bHlk^xhg5?LoYiArBocgMV}n0z5f}&(*M}w0xLEE79UmI**LrVI^9gH z-{Ig?Nkmn7KpiP-8ng0PkoM%d_)nbp-$o7>0Qrwyrkt>e-TiCQ<$VTNiTq^EDdw;S zc${o#F37MYY4$0|q$QjfW}#*%At*w{sH9P{a>_L+!YHH{OVW&EPsD7Y&acY#7Q38O z6i?8ZY{Bf`(E7DqE_2cvaopQ($KDV=d}*={*8S!#9;PEX%AVWiCD*)lEH%VO6|3N; zLmDmoK58Cq#z2+x3T*=*BEr-?z@xWfzJCj7bIbwyb4EF@qKHiaYlrtybPws>5Y~=- z$nJ0cQLI_Va_mk(Ba3p4vZVGElI)x-0ghz7Z+7K660|_V@8ZAlRMOYlp3a z;UC`zidE=e2GKnAr(AkSRoAK1QDDgS5LEK|@4}h!YvQK?C-nVhTSkaTDNpf zVosU7Jm}+7Ogbjg8nak}n^wU3yS)ST$Z1hrCvr4SfpezZQHPiem}0FJ-m)Ijg8vwk zOoz?BZhpx)+zjc^A5(?Ra$!a?Y|t%&=$S~6KUT$kJXoP<^Tlft&*u4G|J00w3MeaM zBitdiATYosIwABA&IphgLJ}QHWTg#_ZF{9w;C@<4gOeIFe3qa z(?QGbH!VZ({;h65Dv&OsRU{~7+c3?Y344+I zC!ZVJhwh@oL;QSunPkI)7>>kpw$g_NsC4^Fv^}`GH#Ga$&nk{{eQk~&1+&*2{gYKO zKBEM$)xz%L0SNDWI6S+wN`|gV6`=T7GuP8p-Da_ZkPq{4&BjTdk}%uG50g_9l9 zffJR0v!5#bc_>tRU=d~?8;w*`%VXZ}@9>`X=roP-wUbLd%+z%crkp~U9Y56S7-cCW z5itCZcD?Mz6lET_;LvJ~%k?O~6*g?*heGR3Z~;2*fU4_TL`#h2G+G`b&? z!p#@>7I7Bzd^T#`9N($ef3+dCaG$*x9arWJYQd>@>{Fe2eKqI~xz+ghuHcwI9Q33u z_FNG>`v)+-2olw~(Z6o{0}KyA-nXFM+W?PiU18AKwR0I}%5=w?6dC(k=Hcmg4bj_k zB26k7R45$o=Fxo$7%~0psPXd3-pY7bm|=>Arz!$z&24`OH!!k*AI$zvgRL`WudEO1Is6UZgyge2yiEj@W+Uy*7vs{ zD&C=}iU0!P`xM6a&6l=sr|(6Bd$`?p^n-8rjS=SMcxsQS%jh@ zOn*XH_ftLWZ}qH|+*p6{7G}}5NkXqJ$v*5(h1nuzC#Ht-1$po?m~*u;txT^0_4>fi zz9}rBdm>-#a%3RW2Z#1y+|BRG@T8W{7c6#mkqvT1wZgRxYr-mY5msgFE?OBg^6TUM zWyQw!R^6)&wl$;cp8(DxJy;(B0Sx=GBliglY%zUKYj* z6M0$3w^#`<`#I&NvHy!;VeVctnM1snw}LHeJ%CB&I-~P;ZlXV=_Cdfurz(@Qlsuy9 zzH=+d1mcGQMU}J1Z(^Ld<5-IDnoNX#Hw0{-JDwe}DwV`eWi1g1SHh8Vor**))unXW zi~5_mt=5OtyrJzNMSQw%FkpRvInz=5bX=c_Ny9j#YMoWol`mKA9;@U#L+ zTodYjh1XDeVly$Fp0y4I-fM3(w=t;@_xj`(@>`cxgPObJz23ny1K~!ti>e&I1`p2= zbF@9J~~J|^`^ z72lwc^nh&QtjDSx)$b?yVitt@1^jK_a4t|5zRA1TB3o1Uh&yU!kSX_6!jAfO&LegR zih8Kl9}h#lG>w!{TxyaU5_`QUUAD9JSZU-q^^u%?@zw25>))#6$|~buF<2o?VsfxL z0j&%Y$S*Y^3)upP#OG8uGI6Qmb9~(XNm*%zUP9E4PUY7dcKcprK}hLzCc0m_jG4FXeNWJ z_J@!2!YjugqJqL24AvWX|XFE7n-Gv|qew2JP&jTkk8 zU`?&UiH)JfLQ42wK}gw4=>=f4J#WH&vKC%)J-L=-Oq-2&Dxc{ya1 z+k3wCE_VcyNwH3BtH^PG(36*Nxa9GAky`qXoF3Cc&PfTxRxs1q<}kvf)oGD!6Zt|* z@2rzSJ_lgvA&Q-lt{zx~98jghv?p^FN4fDM#>o6^d-33&1A21cwPg`x5xa-hfdvBj zgX(QTUzK@)>h04TfPL&*m0u@LnMr9Nf6LA{${@EWBCOzOzf+)m1&bxr>)8g zR{(eai*_gXOFO{1?vTNP=n{8M9mVI)ht52Rf6yV0zzF{1is*6th2&N75wHa6N!gaU z7mR|#fwL+7KIo^-g%iTi2SMCLrG$w^E^bo`QOaORprl7sB-Tg&`lemmK1yqtK71HQ zpr)50u=Qcem#MutEOH2HB5CH{ypc8cZw+lJ+*vwSnB?5Pth@l!Ma zE?sK(x%&>s(i(DA1lrH<^SvYFXCXND{x#T(znBPiQXW3^xQ8mfWF!R}`+y#gH61yd z#_s~zr@Cfr>$}Ntxx-!#SjO!n70vi$^sPX0F?`ioDYzGuQ6!oU0|C1uM5UcPBjMgU zUxe(xGU1`OxR>g4E4sfi3oC~>RmKOwF4!qKMjxW%df2rrn%*IZojF-F%hviz`Pybv zjgiYv>(Uf7O84}NDJ+VS`KG_YpJv5)1`^q2k=<_hPTVYAfgTH8?)lKyxdp)roC z(`^&(FmKWy^9~R{{2(I^p7K|hV~Ev!e3=Di>>XWkXQ45TD&FqQxs-qwYNE9cIT;;p zy{QHZmKd5<>yLSkm7Ha%Fi~d3BFVhVIfy8&f`XM=|T>BlScX3%E_vXl2w~G?&LEjRvO9J>U7<9#sY2Zil- z$I$7!)#6A~ib<)^R!Z4Rium{U7pb2~c0U8QR>iYdrED)v(q_f+8uxg1#S~H~lA`@3O>A$Hf;G$4;HcA+5aH8^4 z9kr6;PZ~Okoo}Y|LL(6;ZG_w|^O>nxu4hc62;WF-kw=Gpc`nQCST<%(u4Mw!9;8iS zYc$G^jpbtd@LTmX8%KS7<%<-RB}~k_?(jh)%yC%qQ~ZK2!PRJM%$Za^aZ%q)@HLx4_`ONBeeEc}5=ojj>u=xM1VbjQgU^XlmXF{o z(t4}{1)8^a(MJ|G!!(x)TsS4C3JkNF1-j|Tv{iO*vZa6K7I;P-!PT#|TQ&6!Q0~as z3S~|bKp7rPphMhI(HVjkLYt1I z_Yv(r{xh&7&0RJ5XJRvRutu%j+FSxkS&14>`?)j+u2d&u*wI^FySV z1ayX(RfSmHM1Odo?XT-O5~Lh(c`mmF`5+r_x#|M9d4qi?>^T{RbEN;&U)e-o%lB+3 z1#)fvbiCQ5EU(UOfS7TQ>3?G+ZtKUicb?uLuu2PAyxt7QV!M5>t#9JN`4GRf{`Q$n zdUIZPA6 z?;?&zAI-CCqLK>o6V*@TTVSLOt(xe{7Lf`7poJ+l)WL+!{^C$*h=JjlRw-4nQkjw| zjVMF)4r1f~TlDT%Lb9DEauSS-0;-~u?$KQX-mnt@CY^>(Ms~$R@DYdswh~S1Um5_W zZ0O=*i=hncPW<)v#b4RUA6!Z?l_(o*t|`iPf)i;@=uR@KOnuI8ydCpl4+XBy!KRFA z&OD3SWwAg;-S0itSBS|koF>OG9FF*jb)9Xk-Ghg&4u5r#ImtL%1AU0{0xusYmU>S9 zJHfNlEqw2e%1e2Vx4&))bc zv-ZQq@vM&q%q25>F~BP)#|kX3!Cn%i3HVE236{rXj|-y$RIT|o8{N{{Ll4b-rS6P$ zSUKwEB0KDuONDKjaVlBuR*Y~t=T+r@l8ptocsSMXf_&>hGg^Wm?&R(rm7AvnKeb^u zK37fPchF%J-q$$Xn8%N(- z-82UQJrlDm%#}~m^s=eYVT-Y|9lv^4X#TtY%7_qwun11JWyKVcdeMAb+wd+PCeIr> z%2pzKOKTcie8_JE)dHyL`8wA}BF$3ejRzl~EhB(T6X?cpHPbP+Ai}ZKtOYJS5yH?G zxe((`B{}ErrAVZ8%Aw9Tbi#lNOE99kZn(>B5&&a&sfhAZb3$M}K}X{3MT0r}O7nHI@Ou$ki$rh@NUC z6xHlHsqd?`a4Aezv^)!PMxRSV?_-Pt32gAuoCQ3+DS8_|06cE)mXyKrWs#njWA`F$ zx4_j3mqX@0A-Jca4L$wX^6Kz++!uP%hHT3-)$?0`W1O$%*t{KNE@&mQtqW)rc>}qh zDPmXfILN%+A{JjPk(?h;*-I&>WhKj0_=V6e!@4BxaIW(1a7Fu7{Q>gU;$k88vR-<} zzgQ*p0AcCD-%_1qIub#XuVY?Cn`rM=+&QP!;5S67AfhwBy1KaLx?)`agmEr{b1Qo0 z#Ntc6an8bt;+=YX6yTS!c+O&lyFa==TeJCRv^U?#YE7sz;``l3`V_(?S(Y84r&&3_ z$33&5PmdfTp@BzhL=Sqyx z#tHJh?qUYnz!4v}$e_EZRr6o9`-0!H)xWxZFy0GLwudC%+7LrHouMXIx6dy->DdSd zYS7iIuIQ&nU9W~tpxH|R%9D>7sP2Q>$M68u^;|>#X=AL_3eFNBRF&MjyHO}W_=1s+ zV3mAdQx{_X``tj1Z5Fxsfs0RPJANq~&vqAFy)R|0r7}mPf06igk9Zf``XC zwHELpKRvE4`=rClh%9&Kl{9;kOvmy4g|f_g2ug!X1GQA6=D@IT=dZnM@nA`{2_sDr zAoHzJ%RE}1k^f@iXn{LJfk%9Eo?M&e$KmbRv><>uyGwwblC)&rr}DPP4gvZ{?hB8# zDbE0=X^OE6(OaoS`JV>8HZfKI-RxjKtR_3EL(2+YBF!^QSLX)H5mQr_-)eC?P0@H8 zH5xPtA-&@W@)8t$SzmObUg=6Drs$BgDXnDTZv(TEv~e=t?To(BQi6LXoD$JRvBJl> zy0N+_Cyn=EgV7{M=m|2N@%cyh8ENowiQV?Va^2}dy5j4fry+|=Uu&?g6`+crUF-=J9l)siv8jA;Ik zwI4;njgR`E|IbTT_jt1!bhEp0$HdG`X>lP=K`AYkoQOWvGtu=R^#uFWtoQ-}OiCaD#Iiluzr6HLK3s_+^8b zN0r40b>t;ff<>O}%vp?v2A9LZB_qI7m+BZ)JHk#_j7psh4KV;VC_E`Osgjy#(?ik; zMPwvu2J)Ds45Iqlzv_pad8@6@3j+__4S2TV{mv~fzO|m_53ydTL`7ybd5AGaC}Xbf zh7!<73NgvA`~idtyHPU@jS;a3Q}l;sZBHmf4V|i0dFVgzSKg@U@{b-Mvl31yqrLxyURsr1o)Zb#Bgr%Uz)og zaCEd(i9dvk%HCC{J*LYDcNV;pPFx&^;g8XwrXsKTx1rle?w>xV?iPKYLi}e{^QG`I zMjsM!g=Z6oSh_S0AYmJ-j;d{`VKAQkkNi zVet{7*|V`S+=9{t`-}?Y$)nKU2|ECa$Ixh`<=-ibmcBj@M%2`G`Q_)WTHhhBQUK3w z=O1N1-}e1PGF}Hwx>SVw$uuSeFMTP+yo9YCa9W`FY)SM1h^eJz9@H{py@nlas_tH z6*dhAm0Z2j0T>k2uewTN@D7s)`Pf&qzQVH^@rKn@BrsCMB3f5!fPzI3>?pyed_jYW z|5WtNM^nKZLRtUEc@ECKYX2h=1x#&9Rh`{k3wNBzyjotl!77-%x+E*GD|GDzh|`FN zvwdM8!I*uvh^22I7sApQaI4xrBU4Y+jQdqex8UFCzt@5tym*XIM`HAq@l#ZTb?u%+ zod((>AB?@ka9}&D)2Lzt9SxwH8BON z4v9b{eIU041)6FkWd(8??i`+U>ik3YUyMb{$Vi!BK;OS-`II97|yiJm)qA& zO^Sv^h%jj1rw*9VLkm#K51Y1I+X|2^7}gu&o5}W6rB1L5vf)dB+!_jxyN&J;%vzq} z?ft^83KD9jzVWWUg9QAf5O$Ij2NZ*NQStlGVbP+F$zq}T2au%Mk+J_Q%h}z0wD2vq zx9$Af+EVJ|S@wp^HV5gIY6SgKI4Dq@(KV!LI0eUe5ehwli~H-y`l}w2LY$Af^8H(= zK`*~*Ki)ODId$Ig{#{2?%$ZG96_GUaA@?6XTMml7(u<*c`KB@o8BEI&weB^kPRy+B zk-_E9CE{*V4)Z>);z5#>f*%seLz^*^Oj?E$k6ogt&()XsYtTgmHeP-=FTOOW1KG7b zHLnLO4beX2)rBcy0Ir@;y1ohIQR97DwzQF=RoLet=>~*1-E?`$=#iep0x2-47=&FO zEA1`$BmSgiiaki_4fG0LZx^}E`*@(6knS^jtu`w(FF3Ax`z4)0seND(Cq6U1^z!Y` z>ZwH<|E8KHr;`HIM$fVforb(>Gp2VxD19Y=r+Zx31Oz=JA!A>x$JK7_PFL3GHoI_j zdZu6GHFi`%+61M@)#*(RI%zd4t0W6|vm?dZ-ndI}m!suA4|Qp>Uynah=T^K8(?lOk z@VvT2n{;fU^;;nrskO*oz(Ce>NL01{sAT_rNOz{;vlPjY{h{YO=`dRD7sS674Hzmp z3-4aW8SSijc0n_I3B^WfIXE95(cw#E+9DX3Q*Yc@isU(f^YyEzlnnbEA=xu`yUL&SS7Q4JpE0|z z$+zR1l2?`95<|Y5qXnT;vXhKC)CTbh>P{vG;gm8QmndfYtr#g)|MJU1G<_)V+77k1 zVRKuKIH$=I-=c+29??RSH0$^<(ZW?>{3y4qgqJy%H0a?+Siq4~cg(_5my{nO0>$Fv z%5|sA(U|RuFwtXQeDp*xQ6Ch9>`Cn8UjiVEP-ZE|M0qdD?EFDBS8sr{pbN@>3h-*~ z#MFmgXO7E4N4~Cu%cTIei|SZ;l-&5~gBZ|Csn}3p;%oJy=b+hcwgG~(M^^oINdCqR zB{O6l_3R-qivfqaiM=(eFgemOEaBF$U*c6*E}bGald6NR-H0Nav!E#2mUat{Q*SDK zjFiP3$Sr~Zl@`^H)MNu4OG+J}Ae}tqa_6LlD#QfnNadNY>an(jD|23mm5onykPFR>|V z(L;}n^Eo6mYYR0SKFtizVlS=CNj-8vGoYqFa#3NAnl&TEQ#|bK2iqhV z=`{unxe{f#y;)?lAGHgYQ)OV_^nDf#`Ekex-e^%Oz({xXV6#514qY zOQjXFoPZJY={R24w}<63l`+Cj!K?$+s9(wroE(+g3o`*G-p{pE>v@D^{9qdA18F36 z;87~}EX#<{pngRuV6s}Mwt%S$Cx(m2$`4nRrk|uA&n16UR||M_+G+bz&yk+|(I>J?*n4ia4TwvDcWRxGd4TGj+6d&^vUd2=24JoFBYvUnhuq9MJcl zuG_)BE#eGFa_mtfv?G1poctK>JGJSd1GjLJOPS;2Pxb&9FoeR|W}gs3c0!L|!$o$x zp#k(Z%{JE8L~v-~Y2(qturPNr46(#i)DJ7l|n3#ZO$m9w`hv zA148o=+JSL!w1U$Xth{BjY=mGDLen$cKvxQhH&zEQm|wf@d23e^v#B7q`4U7lP*%_ zm^{u*(hni(DvZH!p6B7K0KU39ZO0@OerB?e%BBs-w2-bwc55c8@83qTl-e>4&|V~d zalK?Z#agnO`WE>HsuyAI*e8!qGdjI-gR|gKlg{NKk0!O5&CL(B*N9N1lJ(k-Jvgj< zFz(w5I(zi5i&&rHljS9tBJyaAyqlg(p2;qcmC$QmB$+fJZHOnH9eau3_4XCIxAMe~ZIvYLUNwyQ7CP-oEsSLm>%)wo!Hya0HMs|L zav5K-4lEJze9|Z9AJUL*Z8YI28UV#qTfUrS!O%5h-M$V(um%S!)@Q z4u?7`8z7_YcXg$y-qsq>dtScz`{_{k(48H*imXBEZ7OlguLo4MUfV@~bw%V5&~3*7 zKAr#EX5WB9VIp8D;Oz?cXYzacON!a2EeN54rnjV%SCbg=>~C%Jhz#}KZy(>oGT5@% zOn&m;>TRhqQmT34VQ({NF)e!l4-M^Z32YhM@8c9kPd{r%eRm=?75bN3A@SMDYOwEL z*#6|V9hgIgn=$59?Cu!4XDbP(Rimurv|Sk(K&?uOmy4vsVW;Hm>t8)wa^87=StOSa z>0`?o8oM1%*zPMiz`_zK(P2?97gpmMm`*}IsIOf%=)UDp8kKO9em3P5&OFm^kqxQM zQKPe_wJEfsFl+M~0#~l?vehr$K=9lEHS0CjAv>=?he>6SzPqxF&w6g>a???~uN>Y? zB5>-?p|!3I65X7|*H*+AyfZD<~u)pD+2ZvG6yP z#4AY(Q?%8aQ|uzZlF0pL*s+5->1$g(>c?x?j~DO&&KIa=9}>}z0-SsPtATZ>9%D9E zJkz%8#5dXp?^O; z-!T6ZF9!!u<$kY9VMou?>goQ!m|E72{Zc}h&bO3Vr74{L#OU)e%C#jZsC45Wl91_f zi;_M+diB&-@EfmujY`L#S>gye!1j9@Ey&k29TL31x@i&2{?4gj*=a-rCE0Gjp zm+u_EaTaQ+Bui7SREk!j#1V>6Xc1bd4aJI4{%Nrbhgm$PNK=oLjqePjj`+oyRGK0? z!Fby7T2i4o{~wTcL+R*qz3nGxMt0{SwD8j-?{jUkq>KlusTzAQ!zJ+M{r~W2%(P99 z88_8aAU|7V^>h16`+2*%;zvU-&rLUCx0cAXV1PMC@WGKOKu@IpO6w~t{bEcx}YoI+*z4u`d?pDU|^ zlt-|*M7v*Ue2Szfe91|F9uIb~X%Rgup}{IplA8QOk;LHH$EPR3=MDCM!x^xA^?G)j zJ^3>ecX`e8wcTA&$?#<$lB^$PL2o>vB#II<9hpFrqr z(DVf*rcw5{U1uxS*407EM+7Ijsiyg_GlW{Sy=%{+^nQ3l+TOS2evUA7cdp`2oC40T zt~8GWuCD1n05RKT(ru#o`7i>^MdW0SYc-lnF00n311bcfKIM$KK_#u z?FvB)(1f!nsC<8-$*cO&baf94AKjH}@rST2zTaKSz~^NK`>WB^Z~<4H2mzVzd-^pK z86wrP5#M24r6g5rQ&m*4gag%Vn^fw@gWPyH%I$|NN$c14hA70=YC1i^1dlV*g}q+$ zXG1ReXk3-Mc!wW~c62?ucaN6Rq-;WkNn-2k?P(W@^^N2ma4y-dGnsVn+lJ!XS`I3I zQWWcFrux>mgc-p6>#lE6*QVMOx;;wicsZpms?l{wHJo2cKUw}j_j{fa6+i3IF$oFj zL`VuTo-Wzkf7zyQnrM`JuY!wBX;@2D$D{}mcYNh{4tG}ll5^AXLV{Bd#_T|b#}6-I?_28q}a2Si$UUQF;|kjfxZx-D%>uZJs;_+{<(UoF&@RN znLtHuD8RN*HYbZLp)jV3X~ah;gf8_`Z*r&Wp~2QHvbo|B zG)r=zyspiS%FfMq<{iLm(3)FZ(DuQs1kAfdy66;5@I*U9Jd`V}u#e5=(Bi_b&hldq z|13}Xh!saC-%N;C+CEWO&0u03Yfm^7=2V1#7Ew_BkeMg*gk4VK5na13v1P8u3KTyQ zW9)G%3>C_H56_{^=SUlbXx6Q_L#IP8?9*FyYh+PStCYqDr&GMf0$=tzkSS@x6c;ni zosupQ83;izu3lYDq$HJQo9i)ur!(gcmc;v-!rPAz?G-i|+3aREXKQNagZs!YdfaOD ziUTw_j`v+Ie=5tPeMPt6sQx6Aw7eSIzO@jfPFH7j=)Tp8BR`q?8qLLknU3``BqK@( zxV|0dIh@rc*Cdh{*`slLy-Zt&gz$SqJL~aZhAIMTJJ)_@)H!#V7HUv@@#q5$94nWXg&*f3k9OzYR~n-5CZ7_K?e^u|>T zBPc!y<^%qC zXC+?<^^uw%(asm^Yqv5cnoC*-9hJhm2SWn8UI(Tj&nW^GYkE z3)xDLL#gmA=i(~#O8vfaw9jHHEPPOsDHlKgLxA zC#wh`5hqfK&T<^gc@*3%!JbK4hO}Emb!>?@zY3+1)!~YxUQ2{;&7sSGv1r$Hydu>9 za-pPVYB7d(!JmpVX$PdiZE1_g{q}sb31jl1cO*q`AT3nCzb#H9y4K(F&R)JBn-xvO zb=KQ#$#*GO(agWw3^<2ed5ZDC3m>kB_q#j392IJ%n+jkYCljnN3(vXmECg8AO+^O% z5;Ay5_grg-#M*B3)S#?vX(#XOG0c=wF0fnf!g5}J%*Xv5puMf)X|rA#jjy{^PEOEv zv4)ki{>^x>Ic<1$dK=noF{u_;pIU7>W^uR^e&||#7Ees&L2tDa075e8AgesKe zd-4i#dJ$7$M%tnvXGdCbT2qNo9fLNIj>=9dH$BnaTadI+gQW`z6$KkcE_xjoh;WU6(D;2i+ zqZ9qZ%|IQF1WJ$NK~+ic%%(%$Gw<};)l#K?acKFY>+M+Z9A_f<)_q;1e&!6{P`+2;|(5gA?}S z7o3RT`@OSfuNWwLtBj&!)G>2g^1yN={9-YQE>PoGt~4|}*pcenDeLz47Qxy3`ODsQ z;X7`xL48sUd?1q#LW!P z!Gl`!^66p_eI%Ab;jt<62;b?NpEHvx8i1*e<7B|igme4`V+r&h0jNwv?y5GX;HG$a zsGL)B%%~s>!2FJ{Z8nF$;2`^N=Ue;9DBLD)kvc08YE{%nDERWfXJ-=qWKov_9($Uf zOO1J$^bvSFma!J7@Z89vB4p^$aX*AGNU;YB2pC~SxCj;Y$i5?R!-r|&epZAdET6Y^ zr+5>Kgz2Y@42V{=!%H4VMJRb0C(IV|tCm(;LthpRn6ZHRa+%h>Pi}bY`VF>6<{>q7 z{ucm*KzqN1rW01`cFiMJ>SgsaR_fq>4p|9^J3nQ`@mn9W{aZU_#=y&XNTdLB0WPgV zo4CnGSOk`U7$D^v!80KankY;@Yg<`2)RbU=#*GlM%!kDtLSak5AK_udSJc-OJi}I}Y;b z*!j0(sWjWPSQW35b%i*Q6btlwknts};()vDDx6V44N-S3?aS@(!1P>PPRq7Cu>n%1 zty`Yh0sQm~mHwo|@*2UMs6dzQj4xO91u&D+m@G#v17C!s5vMtpC@-}218O-cvXwGH zjPAs4a8lLJLUf|MeL`$hi8~Iu>Hd$3+>}!Z(&`PA+7rhyyB1*B&X^XQWOMm_onhP< z(q)fY+rNTKg#w|g2r>M-xKO6dWkp}BK+o;kb`~uZr>4`8@a#2IN#bCx#ii3F-}|bJ zlHFD3n?+sQYNV#7s>(v+5OLGu2%S#SnAm_kMXzaC+ie~RgRB?U@!2Ud54Z6&V-sxR zIwO*)q%E$?nK@f|P)+SnV-WOJ7PHIFGxg2)kXZ&Qm_x<~Hq>ci93*x=vhkaOkQy@U*wFKH zWe$-Kd9=ENm<>$)Px-h(3%|hAbe++IiQN~aoN^Bc6-FT?dDLA8YE(SqSuA`Uf-X!Y zTLcSd5itkglGTRHo7K)@VGjShR~JRT%wna*S))_KSrwnHT}oeyvNysrdFH@i4B!rk zt&A3#U}V`+IGm=*BIBc!(lloVRf-w$*&KF5SWic1PuH z1X%0901~hi1X)s`RL&>VE^!u%MdS+Zi65EB1e`E~syK?M&V*^EAgshQ193-RK_GP+ zk`OW;X)fWlJpM7gBJsSqLwLYu#I7|-*mN}BMT4o0Vka}n(1EWMIJc;Lp&-lY;B4wR zBq|RII}1(HjA^<`TZ%{9+?49uvUb0)NRs$~bB|dV%m*~%n5!}*T~n!ByPf1zz-Hi* z3tUfkOuh-ofT~kQ0_l|aJ;q4{NhvQbUO|dquDoLdXYK%;ox7glV>4q7nqyRON`xOF zA!6V3TWJDpxkOh#KdeP21BPC>bnjw?UGgYb&+pA~O%Sp^M`}2ctt=MKioT2U^&GRJ zNye|mt2|>$5$}A{u~{+Mb<=toI-qg}JmN&D@F7rP&ZZo(>!d)n?8Ra4H*MYrhZvW< zVNozULdrHsbDK9Z<*`Ht2|DDeLpIg#UjA_U2A#Y-e|P%*>B;fCm+%xZO-Y?L=NHH5 z?ELio@w=Dkr7bXyW{T`x^Ut`y~G#3Ks&r z%a-lr9P>kBk+@U=g+ifF7cp$I^WreGMJi-+6FLRrD}iN_Z28FS^XT~1i#2nbL{JO(X6_jtZB?xW+3>-MDkU|bk4V? z7T&Vxn6VVjL}q**a&)5G(fHb>rCP~ptxP9qK!gk5VFw{K0_L~fs18(V4sGU?r!SX* zd_y{?>6-VxV>XW$aNDl#o56A77qKSg#lP`YfE6Vqa_wKBjuP4JxC(j{61-G=3ltY) z7V$A<3xI4qW8&c zakAP0a{N?5cbtIn^5bQ2MSZ6>5MPBNo!)e44d2}A>k0W&o^3e-1&pLA(-$x^vTa_hfG{Z?STFXvf z*^|>~>X9WK%VQbmbQ-}0Rm1|VDTCh{8V^T-hoh95H(-8|M{gf>yE*iul$H&F-P8uh z;rPzRp@8Q;q`VbCy=4K(Px|J875~~$6~;?|vxCG?f#;o-idO;bh=;}R^1h%98BjJ| zd-|Lk2MF+33ylya0T>7{3$i7+wxr`(JtS(;8;?&2m)dp5pX?G3|4Zha)PTuyjc_Rg zOAE9tP$odvFi?5$)Ock!`VzKb{>83_QxC8sbeS15>6Znojm1&~Lec_IYnseycJkC% zyI{~;mXiG#WXB{yOnaWXe>`dLb&W0n- z(@RP&`s(y69fy?4!qy1(4JUOqbPiOnpl83LCi$~z4%{#9Lf zhgC1larFdLAQ;Hh8{-6JjUwG><&BeND^S))*#)l|L<`CMwUp(Yr<$q750|$gp5J>M*(qyG+Bl zsZwUD4ku_NP#WzR-!I$-l5IFe8Uh;SNMNLtkh1NbJ=BE>Zvkx)bp4fTQ3{*Mk6Ru}&( z%MoI-O1?BbH{lPMqkcuwHs~C1m_` z@5>j+PIB{)OxSdM{O))kZu0{wwcWAubrBnk!(oi+pEQYq!(;-t-Eg7z&`!Yd5RGvd zBGt`pVADBZ^Ef0ak2tEbTvb?u5>&|P%x zvRwoY_%jv;;y`w`(k9+9NwltrP2}LX)0&Nu-+^>A5O7Ek;?PGwD(gzipcMUl{Ms5# z@tK=^9(=!})Yx>=+iw7AZ2-R2XqD#aV z0YfPv$it{l(s3W?&6-X+(WhgMy4pHAv-5F`w_%3Vc)or2@)gimF5^n86_ZQ2!ecT9 zA{Pt6*mr;F>QfVMo5ZV^gAXR#hEBB2uLL6`z7*ie%qu<)f&{!K#5?ulOBVnT^Q5jD zA1E;PADHo~7<$`gw{G|mg8Wqb=r9G-z!aYogwcdtpgD~esdcO67(O2!>98X@Op$Nr z@zQ2n7ogCVsa^%1f;Cu6`r+DB&6i{3U9_FRhuH+4ygGh=cu+Ej&|*uz+@?=wrXPOR z6Koqf>(wRZn#Nxq7N$7^cHdf)j`M^{=~bM0R|D|r<|s`)8Xzjf8Y=N;r@4n z?*`fe6qupKlm+Y1qbK0-CM>zYNg#%?-*$vV2aSjUFY9zNsi%t3Z?|PQJ-cZ00)gyd zonKxYzdd~WqaCtd?+M{bS$%`G3)nuw?XTK8&QwAi6NLy;pMdP6z(9DB&PbH%4R21y zGaOMq=RSHP79xZ>Td{?@E|)u`TL%>PaDi?lB(?1#h(+&r{vtM;stE2dZz-| z8@;zmmDN`vRlG&)xd8aHbRL$?m>$x+qR<)CAKa6-R<)!IVtedBtT&{By{Vu@jXF!| z*r%dz?dQ<9j_dL7Gdzz|7WJ!}EFz}qTUix3Dd@P${a99TJR{@tW0O$ZE~?sZlKD*7_D};isKmQGfPxhYW&VR$3&#pZkx{lFs*~!5Jz1YqfB2ydw5XVDUXn@6aK+zCl@XX2laU;CA?yQlU=5;~yQ=zp?=uPIA$ zDBTtIpQDgO?W)BIOWBx(q7ukD$qIF03+>APyA|z-v#4$*ftY0v=ni@ynm^S+t@od| z0|K-^0)RNoweUc%oXnkMzu*5e-~Ti3TENQ|w(~o2Q5gcMVy&Uw4pX#^a1ad91B!ai zFp5=ccfA9XVr}D9B+!N&gzVau9wgwpb$q2o?? z*S0{}46hYb6%4czymiSx7r(Pej``rC77<#0XQEWM4Ov#feZb~14GEItS{HEQ`&gyDgzA<4bP?pyi=$B?5SdspCjZU=tE)WAE- z?|N;@(LZ3(B&6eXgALnJHLIJwpy`Y)QtM^6IF6#=?~F#M`)ky-ih9<$)s)qhksBiZdfikRmV>1YL@zUi@oBpP+PyYTgmyVM~XkDt=Z4M3p?lcNo5 zhh@#4X`u%KZ8Y@=_jJT%h#YRv%$&Kw8?zikX!UF%lbUP)PG6y_uINkAE#OrrJ2lQ* z170e|$QpRber?1=8x4qM^L3@=;aby;6~}42F7kXTzc_rG?Kpv~d)dd_R^u)R4N-|X zhdZv=irNhRHdfqgxTb=!gP6(1P~S3sX;rvyJp&MkL{0$(2f>nX;&~&pgE!ZhoWp3$ zl7x&?CpvS6LCaZknSSjYsZx2al@Gn_&XJ*hQA|bU^ki)3l8JHxO&e;5;t0%@%q_{> zx7e4Qq8TZPEG;u*)t?UzW@LP>PQeM0$!(+pQD(bQ{@*IIN~PFTP&`(t0JJdUC#G~> zpHm8_wn&BRRVsb;)xGeGqeEUT_UMYv1XnCFU)sR>Icry=M5(Q0AgtM!?^?ar__Wji z8o~QY$pD-3KR|_EC3#ziYphrrp*prR({vw0|YTyN^ED15&Nb6Jzq5 z(IHwYy?P#|dd|JhgId$TCHiB*QerDGmF~)Fx8POK)O@aj-MX!G;J@gz2?wRZ#|r_20`GU=VetDFRR&{>Wnxmnd@5uNRA zzmhAtwMsdX!&hCyeek4x-HfzV&c*wwY*jCN)v7fEC9F5+7OBm@azVvPfJx(UsRuI( zNMbGq;cd67gRTk%0=Fv}=-*{M=XRcJ(1Fz`LO70f)ED!vI2Oto)2eq(+*O0kXcxC! zMZg6hDsOR1XrTm4JIkIa<0QGe4$5}xSD5P@tj5JVqsz?u`5I7~c3XlNa#8|&|td8Hib7rs3!d80oF2D7%-tvy< z4h+}s$YurFLB42&Wm$tO7yRz$&sk>kMq4Z)8FurH*dF_zKO41ox6ua6PHt8p9t1A^ z;8wDaK6J-3b`f=VP}e&a|JKZV77Ojmm;F}sAsWmnCc3{_U{sQ!c&xZ)1M7pG&FVAC z$*FY-w=Ax>>yF0KNm-b^cSGuVLfCX51dX^<7xW9c%qx~gVXfv?#)bs6T&t}%y3%Fr zycic&S$>d;>!3tAWYK&B$vf(Jo2s3f>vF$!NU!C3$U&2va)d~J|4b3JUux$K0G=- zX&l%>o|Dp!%2a$hnQpP*71yuRYSrr9Z9#a&tvHuSx9qht1j|$K4+)#QR9rI_2XBh= zGuB%5V=~##O^2mMY1dpSy0svcp(VhQp-aA{+h3GyyJvgc+lF!2r|cZ^PE%2Aenmj$vh(evbI zPtd)mGvZZuF7tSMBubMN7*|2X;LH#DvL#P>cdjA)6l{#k{DS;m6$W71uERcV0FPXI zb7Obe4x0vx`&LMp;_b=6Y2XUrx^4>

vToWpihYz482N!<7O&nGF3oM0f5@3gt5jmFnuPT0== zPe;eOiuHG+{r6+>Eg%2m@xA@`tvm(BRfu=Dj%{BtQL1Cur}A`O%c?Jn!CV)N(| zCEP>Sb6=I-CYA)`5BrX2|9D{>7xIZbvUlzLX{6g$@cq%qys*P!TmGBQ4@m z*)}d(6<%w+%i68r*yW>MK@ug_j~k$i3X{i{#G!r|6V^pY>L=38kSca@h~H+mtypKa z%(nT0KGjJSTz9QbkcO2 zs*sTati+wIoc>J>8AeV8J8`JbKJz{<9Bw00J!RcT-K@OyI;ju2S$Jjops$Ol9<(87)1 z^OQ8q5s0G+X+@%TGS|dl@=iS)_1MgmN1JilR5v%eU7ydi^XAsS_0MS3Kf_!G5RnmTpFjTx zI#N+RWmOY}RxUvqn(Ii7MJ~o!PV*+4JQWqR=FQ~4r;$vC>U0C+jre(1A;x5dxFde90Vx%|`cC z6o?*62l=z*DSy}0fB&@P|I6_ebw7V6SHK9VRs!ja`%rUUJt2dH>w%(~kdF+~&006B_vc-rgXu|9?Dua?k&7 zv&(i|G+P~3PMlb)3Y;>XMr}N4Dg6I@{JL>>&o z4nC&y_~V3z zumAbK*FaLG2dh?#)nD<;DUmTl#gt4~Vx=NcvmpRb^OJ=l1ba1kCayIBlw&8M2UI?W zl&1o*!lX=S6x26{JaGMi0%nw# zW6TNaKA3b7jU2V_Bh_>-XR24E(q0B9k%Or1tj?mx!=Au%G!!%+^6$(}(gyXSV zTMAFWO@W^ZuGnjLe}!(XKaKt*&0oV8 zv%+N;x20urIn(OUv$NeD9w{<&-j#wWSyUAnz%4h|68F|Z;K_V?JXtKo$&{o=d5<(bC=e#J1+r3KxDB@Bg~B>_ zX0O*X{pxq6AnK1f+XWTAyb>HMXJJV{(ZcxpHv^58mG)Z^K}*R86oe95BvTpGfy zj!{-dY*2Nb|GCO6oiY_-OYRCUm z!c+OLR!&eBwcZ9A`2XP9UjF>I_w1hk-_BEd{ySnpIY+iF@LXbOX9v3>jtQ|?a{!c? zt#@Z6ocny%pD}jcRaI0h0mJ?B(YCbkTx=g@;kLBWQT^}n88PCdj{0UFpFZ2YU;nrA zY@s8Zii4)S#(~L37c&x}vjq(UFe=02b4cUb*+Qo?%8@p(MnLsw8nQFF5z%P6gAx+r zlr9Nu@z#4B1)VJvk*N&Oza1xJLO+o}CMo*2o{!!|;R>+`Y6_50OcE5*i1;1<<;lmB zlqICIg$`hqp!WwSD4+@N_*0tp;a>@U$3Od5(uaTbi`ld<{?R}AGU{gyo#FBMB9^xn zoku>uh&zw`Gko58cz`9ul#v%%|2?^|8VeZ@c3DN{STf#zF+^h@ocFiTb<4a`NwbDI;*|$#Gm(j zh;oD@#9|U5Y45ay&JuRPNrKKWCjr6{4p)Mb;4G;Uxn);_6PCD1-uzByYYUye{@csr zPG>Y4jakH5NIDOY*mY1sVg{GFYKJws_9cn>>NP;8{?=8s#p-a=Mf*U^nJ8Z{gbp(2V?O~KAELcc+q655C+6SL8 zmhv>gF-I7EIL}SQl%})AnT@KEJ5=NkS)*rXwPulM>L=rlCz}(~YJ2GQ&{%58(1Jq> zuo*!g{z<}l*1M9SdU_u~bLsKtcRJszxsh{%#yCP}1TDB`>d-xoV{Q?ZdZWk+?vFE| z1?kAge2sT1?4m)ywmYehAtZV!`;7hJlVjWKlBG34;{Ui z88C&sOA@`2>6~YaC?H9=65~LlNrHKrEXL^~Asr7L6CC`K(3HHv(aI!k%Yo0wIHb{3 z&9$-07HtCx&YT0}2@x}1p0`qL$QLX*_aSeb7~BPi%$+z)2o6?A+g?`Yz3iYk=7Lyn+ zi@fx*QKX|?$lRcE=u|AHBb?wl5mfuz_Ev0u^bnUP3&_FCWtvO#6{Rzr>J_D1B>@T+ ziKNfWq~7mz{(&AnI;HWWNBihCQ;k)}PiY#y_SL@7s@b2g?p)f^=wV$p`| zhTF94qo271n8h%-BhQN$$&`%5a#C=KK4+AtELowHF~v;G*o&WA=tr=XwWg%gxkL~s zzVx|7FNuueA$o1|T%z|gbv^C%6Jr`a%p-S9uoY3`W^6F1L4Xi);SASfx5!N^nDHFW03k zhqfi7feqJ=3IPtxEJd88y|$xbQJNr_cT18aG$5K3PEz24DHF4qQXGndqbh?+wJ2FQ z8Q>!raoNQ71r0+KCj|0`=QqWk3yN+m1IGqMe7!0d>y3(}XO$hdErZInb$c|v?xWX4 z*{3>ISxU}d<5L5hq%#?ZKe5?$={PA0XlC8F{#>GwJev5F<=}TPj2Wk58!pGOfT1pa zJ4n<%muTdQkr@gWhAEy_O`mGT!7#;Bv`y#pMT*ZtA`>!0hGrtT35fy{v}B0ftL(MISjLG5v}G>6i2bNWx4a`5{(WgZ&?b7oubr6Acvt5Z%SK{ zks?+|oyMC*p4-F_WUI1I0z*5IVKt#%qPL6r8A-&6O6Nlqe}mjEXZMH&H;6{fbBRX7 z3djLNH>V<)29*@QL?;6^zNoh(+BlX!_< zgkVqxx_MLQmT;(lv}9BENnmIt1+3wwm*_kX38WOR?m;=UDTg%%d&jyDDyP})mNtJ87BmbbLRFU3JK@11K}|Vv|=k4DtOfM(W~+? zX~r<$R@FFVeofXKVjCSXlM)j+VJe^<a7(!8B#9Skd{uxbv!3M|*bP)erd>rllWUJt!(L5P@x+MSb#QxF&e zoZ<~0Jz8O?0_!$YX)5m}By#F*#z)8cf<-YRr&SqtzG1(;B@Am|Da8<6DY=i{vSbdb zuk6OH<-pwvhLw3hM{X;x;4SQHnK72S|Cr%uO1PR+WMu+17cV%)D4+@0M6S@bkk`i` z@LkME;_}<`?>HKnbb=$eLKscd4;kML1q^hR7c4mk<=+H{y!60Oj$xVR<`Nycs1@^? z-kA!gNl#Oap{==Tk73kKJ-Jy7OO5qL4H&wboAwx{xSck4qZkecwvJ{vc&3&1br`yu zoAwyqz6$3Ojb4NocvZsD8Zpc?H)~=jl{dF^aBMms)@0mus8n)(WEIQ;6x|LcRnH|F zeg0B+0xm|KD%I1d-NFuY^p!l9Xp|<4QVmQ2!{YsB){2tDU}r1bZR+b!B=0|O_i5Vk zD+7b&cKoA+EolI@EXIaqR2nhthDDen8f##fMFcCJ@n66C{Z z2c43qiPJQuK2;VV@Cu!g2}_8{I;(J_Txpt8atE4yF^9W@>UCI?k=5A`|H&>8o1`QH zTLF?l7!uu$Pg0Vg8D2sdsl|9qNI-&XU*cS%(bM)A z=98G#W2j0uqo@i_7NLu#ME#mLHr=k3=ld=0hb6r9SXaHNrhZ@?V?Ne7n4~HZSogYvtSJr42cbjSb(o%S#(FLf2yWZSc|wOUC3d%ivcf zc}qJ?@(HkG5n>amJ5@OZuLtC{o+f>%lX9`fQX#t`1*NuwUCI>dcfxU+&WD8rj8zsx z@@A$MJE%vc7(D%J;tfVfG}TRwu9J{^=UMF+zQQz6qz35F1O z=8d}Y@rIHn20B%_LGMrudGf(sQL1PXC$Og7Gx+EQt05G`xR zSK7pJNWps73!2*n8zO>ESDWW6Vw!=h@!#?T6SP^vGrGs#)TYAu@lPY5{=4J`;A--vtT&o>rngspchAn=)HD(!i$v6 zaZ1Oq_yUrWF$B6^*X!w;7`9r6Iz?X99KKYh5@0&3_jtW3^-}cF;lwgr!yIx@MoiX9 z79nt3%V~8(7%J;J2-sh=)wig$PHH=y5k;X)?Gw_!dX85pBGN*UlN6;h3e5Il|ItIi zYFQGHM7&sle<|gX!@hX^eF@j%S2-%SrqYHTU#~-(+k72Q(~fVYj;yuwR=dUN>l4>x z(on3)1gSHz;S?3JL>kAr&0^S!mu5*+%Q=mp(vWiSVaGv01$HZ`=4Cgl5VKWkxlT1BdI4%3jA zkmy~{Xj=?9c5OlU;Y6}SplY4wj-fUqhkRfwsN zAY+a^503Q5kvJg1*B4>PE=Zuv&-c-Yvq?HaEJ33gPO20pSHZB`ZNM-}X#^$VF-bC(K!Lv5(v`SfZlC9 zSHMt?_NWp=<<_B*Y?{Pdz_3;>%^<38MUMh7&sZ!<&gnF|WeKeuwt8MF=1|8luhY|H zbI89kB%3fySxAyf{Y=)%X;$v*!?504UF;ThN+{Ke+%3K~Efi|EHY%vZDtkqNsH!~S}t{>u^ z;<%Q#dW{xCo#I_Z)K~E|QE4t0O{FI4B!!reNKmym#tF*Oih%AW*{qs(ji*T?T$2aR zv1C8W5XxU8S}{QMW$-Oy*lG^T^9E&B(1#Osl-@BRAFz$~yI5?OEXm~#LfbgxEDNVw zq#3DMm2F??E^f^^ETjz@saCRlEHpwFGdiBx_)(6MMHICS2e{FviPJQs&@tARhdQSY zP8EWxCgL-;2m>(@GTF^d+)dm7hE8Ulk&xO{k{)RvDscq08x$0i2w~c87deT>6)|*$ zafj2GP}C;XloECB=4s+IP9*3$t$xB{l0awk)pI!ce%LX8{x(85nJ(aLkuntzT1AN(`RE6hAo2;%g>uf@-W*7pRr{Y2$~ZW{90{c&;Wu41ejTSBM5Z;_TA~Lee@3Eqi4a?sgBr9 zf*nNRcf?W@GtMbEoG=wj0(!zR#IO@P=tGXAAE(%J0urSZhkOU|g^+nUfFZBv!~qR+ ze!-G}@1QKyt&dLawz<=~-KgRi*;UGp2}d2RGJodOTt;jkz2`k?%yqWPMZQjmry`Wo zbVtCp;ANwGAmx8_#;baIt)BVAw4JN z;KbDc{S07?7d&Ni_b@5>x}IKr+=SsU$)XmOwN0eB93m-`p^gyN)kax>wUHTUd00T$ z3g`vki}9MUFk}}rn#wcV`2(62fB^sT5pls`m>a>Yi)ppd*B>AfM9A zLh)f0JF0x(Yr^v7g7HcIz!gb}ZI?yFCeX4Nfxup^87P(!quLdMDM|b}{&a*_VAZ`! z3GeQs;o$LiPo6!s%EUC9DoI>?e=->8Bs*JRS!9Pg)9el{aY6;P^G@eb#W)jFa)G5p zlm*x-t%SB0oJvfxEE(&IuUe zY^NNJgEw&5Rd}!cpwu2)!bU4f6AKo2kxs1g?4iR>d<1nsQm5IZ6MkG&>Y ziX1x5YfrrHlw`~K>+WFCaXNnvn->l}Ju3w;@+CZje6|p+6i6yIZOuNR=1>r7nk6lQ zD57F)b#Pmp+9FCy=MM8RVRS8yv$-Kst&3VEsktU+IHXe?1#0v5NHhZ?_COlz>wG-@ zfL%m_yY-ht|A{~7yX8E1`SF>*=kNOeqH!kCij&WyN9YYcCrC(a8Eck+!M?8L`MhFK z3oK%MaYED}s$^AL=n!Jff=4f25@UPW=|~elG{Z}RmXt3{;8~gH%_Ml^uo83>Tb9gm z+LHjXlV$IYfwW^H6s~BX(_viDKC&4RnPdZU&%4~R- z6r-PyUuT@P2odH={NVXc7fA?Iba8Rv&sQF&DFG6a{rgeyJ7Y;hSH@3|FQN<-P?Xg@06ld55!qd zyy%$Rz1au-?#M*K+eb3cTn9;aD|_n|FH}p&u^-(>!`;2da-p8kISp}Q@41;=k-u89 z<@(%ZRW?`|j&7N|#&k=`T7pM|z@F2iSrf{Unx2XTcu`{pJRuZhhuEAv(>fy_GU@tc zqQe}(0;<}qiz+>8nh?^TW1f=iz~<~3y^I@u&>5}drXa0tgXhv@&`k11dfk#29^Tm^ z3PKX-q>#Q8sbHU2Bw)rYPACKhDlZwTd8(XB9ZJ_ZTiMDV6|3CZd6a_AQlH3uxoSfO z_nz8)Sg-XDgWuqe#ofc5&p`CgONVP8QroA+;@KK`Zf6H^3c`{x{fo&f|Lm+D3B3`I zPSjW)vEU&$CTGqPafKow3Q1lmMOx?bZT<_Yc z^h1^<6a{R&Fg{6cCQp+`6ck+jF^k3|PT`O2Y}c1YEndt5FJb}dZ|UAV90i_ZPAI7L zg-n!^ZNV;)s^hh?%yW9O>}XVbJMx#^1!STIclHeHY+qLr)d#cqAdA;k*Qczl@uh_K zwBj>6Oi5=mQf6hkQ)QS5O05!eIBV8*iqtHepA^17xYGAkvdl_FmY5HvwTAN!cm=9E zS9w^|I_*HF0;e2}`uUtmXDh9A@Kt_DAbc6(8e#OI5COA1k*y@a1t*C&UC@B^GljaR z6zct+oL$P1;4xW-P8D66awUc8%mTqmfI2qOr*-C78cqEYRfFoLjV{cb3Z0s0n@~`~ z9lbx`JH`)&C0T9+-V-C1SGSmW-*99si7aju3{q`l(u&T{z&lPVY^zin*hVrh!oUrV z;(TUMeqZp^@v#sGxcmi&90WLX!)9%c*?nCdHl<^9fjOGfX`<0O!+a)0!-UP{6qu`(=mNtXXGybJUfzU&N;{-u5^=#XBXEzl zq-yk9e#=He9Cwun=8sul)}_%@%VnNwO(_o49qxFMBqU1164JM~;-xd<#R>bJjMJXt%yaxZOEL=3>8&}W44SB4aC8n#f(*FI%hD@Z zl&q33sY^Z@jad>i!3E@nkGZ2&+Y48DnrNg@-IGeUEK;7_P0axpN+}EwO*siCC?Qj< zG&s7%au>aN_uB7t9zFWS&g^kPfITZJ&+by4LHIu(J?eBkbd+B^ayTfr@fADq$i3nl zp>2Kq6vJ?~LT4^66cZ9>&O#G-K3^U;TYI;){~ad34@+F@=R(rF?r&%f|fvCzvF>eYt5~A&E=6PGJEqQz!Quf9!WEg85WC# zs9+a@(T4F1pAmECA0dopY|g|MCMMznOAi#S_|#HwHjG@%_<@SBsHDmZxb@IGnxxr` z=gGNNicPIJ)*LlgR`OJwaa9)CneTu|6&cGzq_jee9;Rr5$I|jf?z8Q?w6a_;cNN+2 zF^O2KpW=DnRPrTlW(llq!-!3MWqnybH_kAxJ5&LegKr$x~Sc={`5_!Er+P?P-l z{wH7B_Grw1eE*X=!RffK*vM&8v^h%%J|~H!(ClpW5W#U(Y&%OzE_TFWQt@dqn_ac^ zx+tB2npFibQOirnPSADaK`uZay~0UIN#g8hY8we?AT1cJILm4n!8Bwn1Y&7@JOll@ zm|Wo96Z%Q+SkkK#u6g8L$zg;(JPsy!Jb3m5>K{u}eY*v!TDwTMV2g5a1w1pCi~j79Ms zB`v{GG%A}~X^wVUl(v)s8R6!T98E3RaJOVJtK+D35-2%F3z0`zk#ROB=v+`#=-A)P ziBbf*D_4nnVsOM+;Xt2;cFN0f*}fL9)K;&$Q^O5my5@L1qmj8{5le`CiXn6vX!0Zp zD=SZV+=F0dx=A?jg)1?}N?{aD5nu6?%;jn7)rqYqnqV4&6v>zp9$y_FzdJ^A!a1H2 zt_~ihG7cxsC}{PSJa#B>WR}=760(bZv1fevK?pQ2i8N1OiPJ*mkyNSEp-n|6nl4|34V+4*xWKJRIyk8$5gVWcN>l-NCcn-9MqhO(2|q7Cgntp9a_NE05ea z^0-%`9R!;L7y}^WA=fx+So(HXSrF`_zwQkN_nhL}dTQ5yCg!oIpJ@x$?W1A+4+l@4 z<<|djZ!oxD|F`j2zQkhD3;B7RGt;I(oHHH{mzWd z$v(P{?zuz90&?Ait!B^$o4g;gDdXl^e2$ZIKaQrIbFu=zu>Fpw5bJnoM#7jR9nXYR z?|5jkh`@lU<7r$wb4+cEE;7e7+_xm>f43kp9tld%){(zdm+IiOZ>cOQ2SSxmqNt5* zCtby4A1T#)XX(!JU6bqmv*D*b|F?YP*6gEE{@Z(!=l@Uk?&ZH*dA7Dtjt_2aA?ajj zE}70&=-{w_@KU*r;wV6I!emAzzoXo>-b?Fhb#n)#bI&cl{-^!=*V`EHf6VOJ{4{Rn z1`X@~>C?jb@A2M~$M@_1HlEL)`;X9)&i6sLH=!XB`~UN~7?$yj?4w8hFJC$xQLJ-J z(nS&>j5wR5$hJO|mi*u@fI6Q)n|qC}q#fTP7*UP;qJ=Kn4(K>V-E*?)qV5mx-gQw| z?lN7p4bjiL-@iESihuvB+v_3k%a;y-^ZB!K51{jp#v$$u5qNfhYU7lcj$MlZS0XX!o~cJv3Y zIFU1)1XUB+Y92)cH#?8A2T?`uNA0K4jx~5nlDW}qd_!|tGke#VI5THrwRcfhu9h2_ zK{RtSW$04;2BuI&02GT`X$7@E|ggUhUaxoM&C`!{lz~=R$@w^5@R*s!{BrOBB&4 z5aGLi=sH8Q940g9LK(Exo#@$qd)VmJ@SR_EdHM7GY`(m zY6m@#+4=ULmrP0?q6d<}0kc!}O4(7NV-wfR;hTb=sZsNfrLU`>1w1RXoU)jOY`XeM zuv>RPbWV&l_p!~bMrT*Mo7I?Yd$+e5*WX~h@>RFFHTRuOimeyi^_N@8V!Pr}YrW8N zT^1MFnoF$B0;^e48(U4cBWlQ=HXvzOd*S8;4Qoj^$r-nN{=3roe~e=jLaBuYpy~Yo zq;UW9`02Cz^Z%_pS2+KtGlEi_Oi60H9qD*kRcqCu8NrU!{ZY2b(TUkdrO&jpxbh$E zHtd2mr97(`tY_=D-XQ%08_u7y+P-c@cTm}~y{J_$o9Us|(L@CSOjw*yh^S#M?v!(E zNXIL`-88AfSrg7=aWY?$tPx`zV<#9X*BiEzXR#F z6)luia|z>q)UGmW*I7=--@iD>48&Wms^koh*WfqLu03?J!$mq{i3*jq))3ZJ-`r3h z9KUQkfa4@sWBjg9dN`&T*{?Np6*b$B8b@ieAUd=y#CDbLNtrL^p1=1Ozw-h--@rMZ zjL$1dUtsOzW4s#|QA$HoV9($42htec6$(W&YJ_%_lZP@0;lSg<;@Y>iC!^Y-$?!29cOy+Ug5dY`CkS}Xm$7hr{?qj-tck${(tYu=YQalr?Z4D zrZc&0^G>|dzeH+fO`Lp_eGlB97CeR3e@0|Eztj1d<0;vfYHJ9R4IADo(ZOJV_MaDY zYFQz!E>?ZfaY%e<(&!rD+fSfkjBz^iQ|4=^27@l@%Gf&QkGFVEx~L0&(ojVf^#+4( zwm%gh9NrX!!!;lr8VC!ZsAZ}n9GGb-LSmz3^spr}QXGPwd&MC()MIToraP35L@L5y zzBl9{#Ya7)Yx?N5%6*@e7JHm_m4nSfY}i(4PDy$+MHei3n4)x+unWDzh<y=wd(~xGm-TY9&HO%jfMsRIY90gl*jiaEXenItr$bVM8-nRbf0l=un zbpJW({u&*2xQvBEWjo!NFBnIq)*G)^FZZA3{&a&b!r}K34*n^RoME zG3D4>mZ}gQWJw~GAR{4mtiT<_!oW$RF~=)G01+X9_OB-^{q~&1;GtNI`!o(Qo%4-= z{lg-WvGOfvMdg#o&cJLtKsc>-TVE>xP=6~!-jn3#K}HSF%!?|o0}NjQ#XsjNsoOKB zSdkzvrB~-yb)RwntoK|={*y@}HYNW(eq6Z!*?Tg0axeeg#JV6z%Pu(OJ z#1BO!@Lv~gBPngb&tt~Y%xXf*Kk1Cf(x@wMZ?s5JwHv!V7&$E=Q_9n1C1fVC1Nx>< zUw^U-$BfgIRTS4BvkEDm=1Pe-)_KrY%$8qdsk>C5qPE}gR@Gz09FrZJB#_S z4}qUtx=2VAkmP6)h9@eNrqX%zYREOtisy*d2*#CkJKU-Mw%g07+P$M}L*fopmXK+^ z7eoo*i80O7noWVqF4ZO}dyG6|lTzs6Il^%)=FNHQmlC4;tK)R7k_>r8pyFEsgig@5 zZAWA^(}VfQ56gZIQm13+MF&p@yWSie4j7xGe@1nadz-O7OCZd~dYM~8OMTci3d?oo=mR4;~`sJz8W6RN(dU+UWtOVaF{`jyvD z9$DH*t4*Vb^kH{JY$D_7sf;2zv$|^At}Xg8wfl!r>LYk1SPa@`35pi;Gm`Xl{4Jg8 z9UW##$kXU0FEW28YmIA$h45rR!2;2 z!5H*a?vZMxEBEjwk}X!V2yMH>mf^d#Z5ay23=m1J-fBS(&ecp56lw<{<{Y@qwZ`)> z*V>xnTC84gDzg6Y-pJ_Q^$vWu&z0mq<-M~Z{qJx%EXaS4pYGkuf4A|hq5rjHIY?8E zlR&zE@k$n<2t^l{3$f^uW%jr{GXN(j-{M6&1~ZUmO%?dA>J)7UyLbk`l;b%*Mn zkACaVmH5A;o3`w~iU02o9zV|W|Gm9?`>$Jh*5LoIKE*2kt~}YQ)2vKrSIMSq9^(~U zp`b2s6RmX>CEqPclF)#lOCjw>WAt^BbW!(X_v%PtGjNkd7_QJC z3mno3B>}>549NPOUx;iS%BP|a0XaAJyAU1R+R3w1gN*VW(m73aA{oljwi>FJZ%;&7 z(1gTf-19q!6KxA58!;Bj*4Wcb!2#nAHpl{a1#SJ9i-LuNgr*by(a=iX)1^?L)wtV7 zhzF6n5pGSd7Mx}{WGn90X<&8Ut_@(G3Z2$uzv~d&{R!!R-gBk>UuCA;jQ)SPyIY9= zws-IUeM`?8`@d2D%js7vyhgvI$wcySrN!3@^%G^^Ty~4>mO)*`e+65U?5m5q^OgCt zPQjmR%0sW57ky)U{4SO*HBv_o32Rl}7V8Q?Tan1*msvnmG^I-tX|ZC#NuokV$1fYKOIL^tMTHY7Kr5s+{5RIb>{f6P@?~!Cz=JVb=?c zyruD%J;SILCd9Vl&PGzk5naeMKjBJjix)(u>f>Zd5*+5ol#4yfcEY~t`wW*x3p;;7 zJ(-tG+*=DHq?8Ph)AaNF-mRpBV!bt`MNj#Y<>@{XOyDNHaPyGqR%QLj7E?6Lez}-X zl$k1v+JI&wpwTave)D|ioUB^09f&Y<4Xz_2)SMHrW9#0tmfK-1=VVpx67tqMbBaQm zV?fpB1rD=ms8lqt|6Im+bQW&Ox^V+f6;_U0!!>IuwkUdhgX35midvR80+#29MgjR$ zSL=ZRy4rZAak=Rxnpc}~;(;7WX+p`8$TW)+gu{g3V5QThw_25%%Z${jTG#uI!;>fZ zYi<>yuJTw3-n%iQ@;+3<62Ge5ZVz=s5>3-t7Yzq6hfK^N+#{hb(5vdk`McJDKrQ|P z#Ujrk*@to_9~uXCbTK1|Ox0w@m~zBZCdj>RE#z7*Sqw6Qtvyi41D~qD%f|lUww7m0 z+S5bZ6_&829Yp-;z7WIsAE6oHu8)2Z=lz(D&(VY?Jk63wDWedzJ_Fg91Xa!n^5Bj+ zXG(w8C?n9>60tExbzi&BdU5f32rwMw}w((5H11V39L{`FCa(uR!OhQt+_{xLi z6%ZE#^>#5YfLGIGx!IT_oW?fERvSWHs14mp|DEmPYDH=Z6~t-YMn07#o21e^6A3pg zB4}*A+uEGIy$C7)y`QV;|5KLWDcO+y|8V%UaQ}a=|G%YYeg9wEN9{xs0s@=QQm(2f zWh@G0PG%-N!!|f{D{?e#6{u9r`UU}`W$glKD>tCwH zHf8_$cu-jXdwWms{XcKzS!4Z6XD%AaV55{ppgf<7Q?@?yDxH2c2auGbRE<-Ts&!v~ z*w#Vs)LW?I>6b0}LPf`37TYh;cmCxtLw~32RkVDM6P?C`e2Q6;s=O|;fiGX4KiEEB zoRM)F!r*9ifM+tgw9ezAyztZs8hH%;&RHaw!9Wt$u(suDd7tk zLc}2jjRY5eKx9B6^(wTj8lb{Ez?}S0s0y0ELWG2TANE#J*;*D9p{m3-lFCFM^{Rpz zWO~KQRw{01(`*BtBy6s?OgV#%Ggo_+VJ=MNueDZIq2WxUB(PBzJJt;P-R$;Vtw41N z)3qwYhLgTK`yKKu<&^)Xn3_$~Q{mR$YR4;vx$DN#j5#4oN-m^fMwHS-U5c^^diZDl zQ0Wj6jgZb)B(LHt!{B9sAQuEZN89?QB?HE#5bMKpU9C)2W|XB%F@M=@oU8&Zq8h!a zyqDEuC@?6ynMEv7C6%@kmJnR}hbUr^r%JaWx$0}X-0l52Sq)t}ggg6nDbeXKZ}Xwh z7yW1760#%-CqIdo`_Ga3sYo{nBfpo^zvTkwea4#ILxhtJ1EkMTfo) z`Sbp{+viI1{{>DW8co|C0UGtcgS`It@!-jQ{{LHf){y^yk+Y8Q8C#?(;CI5p5F!KP zX`R?_2u77Z#nYPbkH?Iqb$q_GHCtzjqX2Ci%|url9d?lw(6OgtO68+BUdkKVA7~Vy zu9y7!Yw(u`mwbkIpFG{~%5YP^yf}V)`1Z$rbev(20+Nz(N&>VkL~<)|APRQH*L-a9?uZ%h5Isz07>Udr& zwT>}j0h>xo#1h)8>}Yf}1ZWPgolrQ{FZZ`YIh zbssk)^Op?iS`xpmubRV)barK-Ki5{d$S>FsO$j73Z3B>1Jm1nHomC$la_tCCEGkqS z8;%)ED~=9{^{MOhTGEc-&)UquYGa{ZH`Z@HzSP%0CUHo|Kq6J>6iXCay_+LZeiAB= zMNYx$qmd#3Pt4$kPe%>}E;az9O$S%;IV{jq*$K(Dd$SWLI56~z_RE_-gzAwl4)R8i zp?Py^8+{oc+-5Fai`2U{gHW+%s;RG}dg=R_y4?|=Sun?G3776-#+ebUInD6>FZGeWw=&rfh5q^)B|N5-HiyD zsDj+KDpW!B3LLkI3I$H1Iw^-#wL0l*Qw6=mDL%tIUq4W#l{mQj&t#vb10`g7jW;S|= zsl=d3J!37WE2w8~R25ox-uOn8W_2iBhxy&SD)g?EEnnetZT(-&csfl8|0Aqa0XFFW zhEJY7&FlZ3J-v_rb1TnP^nXWk%1{39*BjUWS=98^r~osVs#Snlnd@l*t-fwX3s^qD zYbgS)Ca&oQQqoeXCeR#iO?mq)+}x^=9Q0eBY3LgIu#6^ZbWG*Fm6}occW69SK6KS; zgktgPBXkMzZ^+4{2!)HC8X{|^)*>@|nlf^5wG<^?_` zP0Ed{$@c*n(}0-J(kg=#K`I)kg0pT@D-zp+6JLigb;9kOlaRXSr4pwGlBpnxIJeAgdZ;V+RVt*ft^Z9(KpO(VHTeHN-F>{5 z)Biqsdhh>xJ5T2-3gBZg=i8@mHgEqasp+dx{Q@}ET3`5lJ%z9A;bwHbg~4p6m6g@n zDP$|nGo41x$%^|il+85+5$AA1|3!lLB;gebJf|_MiocX~x-tlAwF)~G@@KL_+qnd3 zIXt>$1|7Y|TEz5Feyu!|`SjK0rf5Yo&VX`THM!PM83kkWAlXG*503-o z&z!ti$dsb%&8H&aW*8To9IXXrvo0SdY?BK8MK%i8Fv7-hL3x#XQEWJxCZ@~wrBe&m*fSFFhg`ZXVt{~JHoKL6W$VTBf;DgN)%y+Q8$|7`Gd@BaLM8_!ja z|LQy}%D_qgj1&+1Qh0~*u<8$3G#LyauW()-H0eIzRk!M}Z)_cu{NxP=N`|iJZMfOq zhNibR@?e!1C=;HPj!hW~#pEZsX+W_h31}?KwH&82mCz<-T1)|`qp50&Mwa;Eukbu{ z;+$oty$Xd&CUaCORLc9c5_k982Ut`2pPKrY#T0G|m;k4^yo+kHh!#SBwvWkNF}_ic zIj5<0bNLr&*f$ehd1zAEv1*d&*9%~V%5<`++ST5SQzb6le2BWnCFvv>vqfd=&-+Dl zyNf1w4k@&r%Y1K&LIMm6KTDG=FpS}NGO5mE-?(=2O3SOJXv$Vxm5Zm8w>4sxlB(Oa z6;FOQI~nzKL^kV9@iKf_xCXbg6^iAcwlb&4l%xlXBq33zRqPg$q2eeooWsedSLkW2 zw1`&yJQ&#l2c2eT>9H&#Nqhg-=+{UaEB=}P8kHP_D$+Uny$U-pS3Mw`hoo)=wq_Ev z;2=N`Jx_>5;w<+3fhexHfPex=fiI3|8EIs*Z@tq4SQv?~MfM9D*CsckKRS$ z3b6=k3Xo7t5){&i_#OY{$;T71$#u5S0nj6Qe{g~Vn(&T4rD-4jmEd>$vwtOh_*cJ} zP5a^>{gW@Fe%8<#9-l8_IQ#IFX1%A)=HKYsP%<(pUjJXpJr`t|?h@nAQ9{vSNu zyZ8UPm1hfmFY|)w)$p30B|>UB5R>2Oyg(oRNy54N`nPSJSxoE+KA%B`v3|;8I_CXQ z7X7HmXG@gnfpUDButh9biX5q!Eh8HvYy}RY;B>_*MEC?-06%)BOzIL z0uqxbAkml-CB2Kibzijy`@GV#?xTVK$^WE{a#S+5eUlPRbz&z)Q-6!jpvN=JXPpN~ zfR9YaE3}A(oN7t|TsWrhb-&AD=bT2tJ`yK*I(>uV&YYxJNY4Uf32@1g3DQIRlSLRx zQ%She*0tsxe^b1SEpeupc+Cqm>Y7)V9I>4l*AQC5RNdv+W)?=>Kcml7O zBphAL=y-<4I1(Zd+zo&q#FB(8MiIGC^Py7E0W}onzo$0|G{+I1lEm+HzIUe6=>RzX zho2T_1jjMYT02*7U^*np1SAgGYA%FBA*{;g;U}9Qpv(i=K8?^gT=0}6+?U%Fe3ip6 z!yKIn8cPWmXAHQ>iA571G?)UKBqAx{=qO97cf5#FIwvlOal!(hvVIS3fB)0banDCD z0ZJr(nVjg0l+EElbNc!OjY*Qy2_55<@Et+-Q^=$kLD&RAn&PLxcf}S7!m+U;Q|sU; zA)rg(G$p*#@oaF1{&4p%9Z%xB=MVjXtRl|1M2v@^2!bXo4B3TDA9xnZe7^GfL{kD@ zVj99Xb?{RwS&<0Xzl>Q-;9wZg$%KH=&dE4~bPK(hOlU+?D&V{nK#5(P1|$*#KoVp> zm*^$oXXjM55HdlPQQsE}c|CB8Q|fCN~EOET#h- z<1-qzTuz0FxYFus|CFu6=B0MsCA98S)`30IV{43k!Qa(ZK5|i2^Dg*eiW9-&Egq~d zoVVpJIS#4djM^uOPE4{}t9?W{XdXC8d%mC$exn0#?cgEL%lBYN&lSRmh3uap=?fN$dC5^xt#vRD~jMqS^>#sME>q42F;c)@P zHK08H{>1@G2xp6AOx6K*EhxuHPzGdcC=ZTbUSS~Dg)(L#9j}UjwuMsGziBA7mPLql zHk=wtE^Q~M)To184HDoo<1Tyt-d{EaC2U8pl7uB|ZA3S|2W{$ETc&K+>KeP@jc5T2An-;u35PFv zHuTZq1dXzLBuU~Uy*bPK8LE0qX9>GNI6?p*oZsL*7pF;Bh7w|g;Yj3Xa$mlKyd{AC zVA%nfSHm81#YD9l59fH=EEe9@8SBbV(;B(0quG@on{p}4iTrP5hSJ(s#I8al=}Z=3 zh@d2Bg^DwvXa|ZMGnRIZ7^#g|(ixF`p|1A9eK6WVoDlTkP*?kHdke}WjHNwerOMM} z0YTGzRDwXf2t#SX&PSyPykz5Zl1Lgv$7D)*nyip=K6s1ggrn_%#0eSWlmz=?gF z35f!d9AzCL8u66ipqE44ES5^_hdb5Zc6-^_xUnQgWr!D`x;pwg9!KUu#EtrmZyw1q z4k2aJ^-hi(+Olttfo$wq@9erE2J_8q``P0x8+H6S!{c)j1*4KtML#M-6@>NjQG|(9 zEkq)*e596LY|czBwiic-MxHgxg_C4S$3$BNG1fKjju=?~oZ+OaxS(j|gYHf9Bhg&M zQaa8lcI9E-r>uV#vT1*JF#KzO@T@=lu8(8tS+%)GBX8&ppY|<&x{6Z#$>>GLgrl-? z(qjD)PG_g9nAnG;ql88&*Eau3vX50kZIff}UrA6-#3kbUSN_zElbXAO5OXee$x+of z(Oki%@%kpm3Ap-ed`80Cl>2T`LbFLB1U$7DMc|x%ZRMLTfMkVotm;qRsw=Qoki&cB zZNKLD3Spd*8&A{R$=gi1U=46W=oNz*S*C!-1xW~qBQ4;F67QBI zNoW8ozJB)Ht5Z?_AR%(U(JEN+afSX^;82WrfN&fG7)5PUyUqY?MUk>BAQgv;Oc~s2 z&MJvTiJ$e${F<`bHz=d6`P8$nYsy~Vpy;;dV-vo#wsaS@k?iuzTA60n&yAMo3h`r0 zjyZYvcD1ktOFdakzyq#3UztDc!w{T?Upe)E+uqU*ausv6MIQ2IawKfvl%{R zgL_U^?R&k}@R9B{O|!5i zg8!>-oWC<7-a)ed4w7|2fh5bm(6X-7c`{?rUq*c}qkQDtBWN#MaXKSQuyZu71$t=p z@X7i>NNw z4@P1K6(bTAx4j!9^cG6q8zi}nHEq*gi7S@e;lE$dFhC?)(u75G>0y;n zF!2OoUEYskDL$+t%Ndd_bIM$2!!M$dbLuksKDZr9q+KpIR<>F`kxr&-(?Wv~qp?$O zp%YKPbnjd8Xyn`prMQ}AykL^BxzTrw5Ig&wj8iosH03gWF-~V|p>ghbxXWMb2x6sZ z{6tm)iPx0drkET}Xu?wq1pzTwc4OtG87Nd)qROhXAqdVOl7}c_k*7=BXcPtPbFvz` z$bnd0hMwYD?=$DnwQVQSS75vH74Pl0{j6+ZSRjq7d99 z(K&KitLPzqbe&iQBek3DsJkn1#y392?%Dn@LSxK9@3zWJopvmL4r!S*&8}W&>_Tsw z)>i7H6LFY%Z^s__ZF@`m<1c0W!iM>C17VEH=1&)?jvj*!Q~j{GvQZ8?S|^Be46Gj7lVVVn+@=zvdO8++zw_)Cz*630AGDti_)2b)5}&} zO`yC{wsy=_uwFn?eFkTxGa?OX1w5dRqp31P;D|*k1jmXkkJC4Q z?~DJhH;={nlaW~OcIvD+khin;TFl=VbB?1R!Ok46JAVhdl?`#w;`|vn?|2Rk9Je)( zP5Yn9L43{qPiDXVKN2$i+f8nQ64<-m1SJ%=y9vUv{ui7?G@3S_>06xNuXV(3Je0OL z0A9}s$D-;BH7b6>!jMMOQ#=(CfEp}>&)6bWKK!Z#O7Rq!yfG9Xt#3Hq+1f%UF&R@F zA_^nO$1^g=+;UM6O=YnX5@j{D-$5u{#bjSJNTX>7p&*;CeQj!`i(9eKq`^DoC}dz< z-a&|b!t*#J`zU}~K4qPb751T_t7B6V2sty!w_8@>A^OpjMxQ#J6i=I)mF=W>YBw|V zhfn>X7mzcGBX2nHlBau}PP_=iBXBEgY7_>0vO-uke`G3}_|2dkefT20z$^X`(Mbk} z7_*09eV#ttk&&4HH+xsq+cu7b-}Ng7R)IEwrNnko90~-7;;!fgw@rek-8}T6rKM5K zMiy0(cB*#s-xr)ACCW|gY`eR_0?|Vd*wS$3n;DuEhaWW>y8XB~QRb{cjg@)K`nUq5 zULnymqKyEgK_<`JuBqpKD_hWB>57GbDth&O_5YLp{K`S0d>TbL&Q}54bEdie4jQ(_ zZ;PYuih8$FUZMTQMmK&jjR08{s#$U+FcXpJ&`C^yZDadIMU!PwW$1*>@p%+?VHrkT zJYX6b#!GDRzr*`61n!5>6HyFoy3@$!t$SLQ&BlCfzj@M>eIQ!6Hr^f?#Fs?BKz-|B#10g_4$Fyn@ zG~31Ou)3%ZTVll7VP!}j>5Gzljag{yvUSq0uzfA+T2|C;3}m^_JKiCd=|%xp*z(fY zZMCZQOIh8e1nbWWIa|SI3ZPEa7(!)ZfNoT2Z}P`Q{2$v6N{b~KY!zGCp6bGFaU>#8 z&{%0n9Bh<}G{Ov-bY#^noQ*-NC4!Ml)KRF9CF=VAkFpC-Yw>x79rsf2jc?zA zwRt!2{|)BPo??}C2NB=gL<6Jqy6i1Z)6}tJVzqwW9m(x^tj=DXpI@B5`ES$@GS_|) z@p%-EJsCU|sZi<#YlJU2Il zUlfOIy9Db-Mh%mHS2n@mg|17mlhd~^&r|b-`>9M-T9x=Syyl08e=oE7;p7Ln&F@KW zzVon~pJq8H-y9dVM=Dg4*Naih-I&a_b* zShkL=m>6C+Ty-=WjW^Id8jUFCA8*`xPYT)11|IoT|6oOI(8}ITjT?1&hhJ*d7zo51 zJ$iDrnqy{4de~Da!YK_Y|HZYlu zVR|?{96O?pso$9f*FpnLNbF>(kd@R6%=^8Gm(na&b7IA_f$Yc&V{L?4=|mNYSzzKw zN%zKJ7E;4fd{RwF2Eu3PXlu3`&UA0FvW2KFQ8Vux69C%pdwM;WaWq{p%61W|sa03_ z-*dqgD9oy{qVk-1;@H#~kEckA%}O@_rgD+4DQ5vlqp>XP6iYO@8)bBmy*<jiUYi z3#z4aieF=cARP%JI^yz85dOWtA4LhA`5I^Uv1T|tVIbQ}n~{dYlaKJkbsz-8yoI?k z3w~%y=FL3zfgtNyW{f2Bhcc(%%VZKiP*vIPrSSfL*x+`yP0zAvLqOEh8O23Pdo%~m zL}gaLKn8r0HpKp812xCSohn5%B0YZyC5i09h=c3cy>@V;Xio>SaW5Bt1?Bd%M}Y&u z(_^~48IwFN>#QCdC~Ws7surZyE7bRIlE>>Vi(H)Q3@gz{)iIHE8)bzaKAkJnwt3%S z`D_$bYyH@((Obd0CWpBen#MU})z;he9)jV1PZ}(+@!iyWRTPq5K+|p!SmWG%?Ek hJNqXwS3g`2*TeO2JzPI?{T=`S|Now`K6n6v2mnbHILH71 diff --git a/mastodon/charts/postgresql-10.9.1.tgz b/mastodon/charts/postgresql-10.9.1.tgz deleted file mode 100644 index 5fe538e4dfbd1de86d0cc0729042ea7e06da95df..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 52056 zcmV)iK%&1NiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvHd)qjYD2&hF`V=@y=EUw}O0wfP-TH0zw~Fmf`)S+JT26ZR z^!95*BqU)%5o`doqfYXE_V>Y!1b7oAUy{s-&rC-qfvQ5GP$&R}s+cf7rHK6*b`NKe z^3DRz!@u3{)9dwm2mAZ--(Ihm|95x)`QG1l_jh}HFP`te-0S_VxBLA0%e}vW-aXS% z`Xr1)`nTSlapfELojfp#2!|Y#i1k|l_>iM1p^H8^f*g(^LoFEN_lPn~qCU9UYr!~9 z|J>c}?Cy1XtpLR+3Q*)@#QH4{L~xG!z$f!LiCO?q6cdKI1UutAX8ms07sAFmW6UEs z#~q){yZUzvfSVLS=VRw%D?rSrIOg(|lu|Gu6bzN2fzrB@jsByJ&Hov92kN? zHv!CH1gB_@A`aMsaWroMu=V!h==IrX8{A?(6ZO$No2mCM*6u0IOM;zh^Q3(yrAr3_ko0tD#QQQJr0AA}3&B~*IV*ft^#00oGq#Q?` z2~8_FA6n|2MK~h~^_7Ix@LT`u1;qb=sOL1?RJ*;s?PMQ1gigDyOz3)@pE|p(uRSs! z=PBs_koX_&8OIX+-+TW2c|rfbc)8L4kMTU9>VDbTZ3TFW81Dl%gL^Ly`n@37KiEC^ z5xxv|$LPhL|8lao|I<&C7n7FY8qFDJea zC#@-p5QQ8CebC~8524L;@-`(5Y-|OYa|H1R#X8b?K^W+Km4~Bd(-GetF8N(37kit3Qh_cp`C+6jm zoJ|3q!zs#@7={Qkv;!i-5#Te(0iR(8ZgCg_a)T(vfq0J!m3IJ+{4fb{GzGRE+7X7u z1Wyx+0>BAKn5sWjq)0gxhz}D=g-r)_E7xHIjjUwO*=>NNl!m@iDl zU(rH+K8JH83mDLLP4N34E#PoDL+Ccnve2@hW?f>L|Cyn`W#o;4>tdDb?Z#N%F+>IX zZ7hj-SB}M0S&9XH#Ej!;su%(UvjCX@^V;;j7JPT517gUSH0m8HT#zfYbEv`DC}1$h zQHrRdwWi`yTny10?4u!}+-ZmS+Xk)6b;O73B`~cuO4@*n?49hX@&;HnJF(k@7O>VD zLcZ<4jR0C(-x);iw+@nEgDUV_g4~#rG1Bw+Sd?L^j+i6`azV8CZ3^ga z3{aE~D2=8MCNN~EjvxctwqrG(f? zjfw)U5RV+tNCih|juWD)pub z4p3JjVBIG%MV{a%j;5Y^m(HIlseNFhQkdSxYF{>70A`w~4O^k6^M<0fJWYSj6UId+ z%wd#B7(PW(RqFvNCyf~TsFQ0KD{mNw>;vnj3k@$OftL>Zu4svBoEKAk13B_cZ+EqA z{1MLM&}i9s9n&~2SjDovva2{vkm%I~Nx-cXzz}~x;tNAaPiZ)s5IR>T4~alXrm82v z2?so(5d*IWqhEx+?h*>l2WKZrvZrG9)ohb(Gz7`7Mp+9u5$3iow3brh^Nn0g3=y4U z#?-8JID^qtt=7nGgsA9P@kgwdAi4^elO*CX!I5n1MG_5|Fr)et_J)!q7Ne{P+)?F) z&-p10JG85HsV}KxhKe|=ovL}rAqX%8 z;`K!Tp_NBK#IhLN68fRZq*!cKPKmocqRV?uLtNe740@{Xo5N41fhHJ)R%!~m(Tvdq zsWpo<#cfY6O;H#HwGs|971@jAzP9_zCYADO#T<38845#LO3f|Kw6go6CqFHjS?+yq zxzE`}v&o%d6nzHM8nes#^UK4}F!?#AY?f&-&p3=L%r!ZY9U(uVm@mK~i8%Vmmka@> zi|f*zR22gGpOYiGcOfSk2af`KPB`kTb;OL^MrNXr3V1@o08t@p0g3daSAk0b6RKC} zSpi{;LUOwbxeCN@GZcZW378qdmeORl9YGr=oV0iH(~DdK2?fmw@MpI~%8UYRw@54m z6HWp#ht6??0=ZT3zo%l-+W`p^6SH2$us*oP0q~ORzWnzM_ze7n121TUHt;5UdXq#E zBryvL}EEZo)7m zwk0FfoG;ZL?QE`g zGCTfkP6D@tQK~sGTD_*W2IyG}0p`z8kc5cJ-MDuW4S*p>G=dyupLYQ2Ogo^>IH4cf zox(b;QVqyWHOx4oo<38zG{ZazIgUf*rFi5*uH{gb+v*7M1o;a;M86R7fu%#uS}$3~ zj}p7NXo|tA7(Yf6LJ=SozzIhbFb*kK2AGRLZb&?N0)`|g>WMomL(^6A75d2SWo(5s z7(35=27X3NMNMs80`*@@KgA@F>@EsSYO4u*yaj*;A?DcLt~`UN)}9Z_m9*5To;{fm z)G(?NShY&ew7J~ADz9J0L2CdS9x9oVTcBXz`(kZycjjg9_3o+%6=*fG)H{vMU0S%` zit?ri)zH9}n#gkW>(j3&TnL*&4?gU>hQ%b^^)|TV`GHZt4Dlvwh7u6znSxYe6v1F& zA1^o!=!g}k{GfEXoaOXhACq03QeSAhYzdZ*0+LE=8@!S}0qsoI9weN2awRCyAwlV&)9-TUO^tbigiDMAtjunxZ-3=nBSh zxUl}drI;h}cSw8~>Wu+1nOs*86D9LehPkw9`jyO6fSOOU3;FBmqKG(-bFbrk4drNvdiSVC^0m}?r2-N!&xS$$Ae+F=5+!43~Uyh#) zZof=1Cvs{NrLGdSxQNr^JNY)1ZUAiN_rY$-#$}14qSRbJbq=~Ti8!7kPtA1REety| zJ`bO~d3WgjHaPW8kKZ4krp9ny;QOFWCKIiy&);4i_rVDVekwBm?ogL%_)<|7wln}a zDd~gx;>vm_h_JgiwFunaDQYC^;8g!=a%!D06o6Z?s4F|8H*;+I?OH79^b*O33}qig zQ8^7t1jY$qyD-13;)>cGhh%KLfiI2+M`y>KdGJKdr_t1do^fgL7MY}_cN{GGXC9sFNmgXiPD^eaq;M=1T@R|% z91*j%1uP6;Tnc3@b(B;yYJELJkudS)j0H}Q2E&fzva+Z#0~Ou{a?(YesXS82`;MqC zQvL@8uaZnI5{3*je#RjJ%D}ezUU#)bJi+pKgmGaoiN1hLZaksr22&ErYZ5n*VllA^ z%sJq73cAiY>#-DO^`LT`c&f-h!Zc4k2r$(>?Q$I5fPvZQ z7J?WA`gpLcKjldLS=c#dYgr1Nf+PO`z&L^b{PwMS0hA2)L3<2oJ9UN;HC#^^^ZGrc z?C>mGg@QwAqJT3P8#N;Zu9nP}3$3!#P9n^Mv2^3Godx7ujRMkXBH*(J@4k$fCG`FV zLm_F|iHx5xPUb)?8Kk9LvZ2Q*j2KkDB_WwUQezaQmCZSH_7mOh$LvGPI(^c1Yi=hp zJ6l#-D!@KZx5VKbg@@9~7h>4CMw@a-mi`k|aX;$M_E(G;axTe_>?eaN;nH(XXI8_^a69l=aCC`22#zZN7 zdOd6J1Zd6-*hp~V^&;IC`fY|JCo)XcY!yojmyvRN(qW~L)rjyq)cVCQgmGzH$sgGc ziP9t*rM6`q6b)cYPvuLgdFiUKTX~?RTLe}k^lqtzI4a)D0ZtRf)rXnr zZS!81l5g@Q=8Np+?}Ewo-R@6&o!x^UJH1Y?ySESK!3)`2B}6#fcQ~mE3L7T-B}Y@; zq^EXPE{hjps%B8BAPRKpQk}eel_s#o)>R>W*>LWwZ1R@@E9Jj|gC7j`$2m(~h*5UC{1y?|iH5 zv<7^t6gCG#s~lfl*XsQS{ZA8ez!r|=MjFWcBp6^QVpw#e?Yp?0BVBauEukL(42g79 zv}KIY3U;+h2rg}sJjpbon6t3cT`n=DeMEl3QR=|r$Z{)#Rf;6tXsSSzZYVTFl-~~; zBmw5mZu)xWmjHt!v6N`Z-|k7MeANlbR7_QpFQ;T`CY_mnm+lQ)<;u<}Q(%XB58vFB z(C|Vs^@MR1Bbr^C5IhOVRE}p0j|HL@)e&ZXH8zq6fog)!g;R|(p3069ToSlk*aEIv z&&bU)Rn&x<$PQ667=@$MJd#7mp@1rTMgLY9beSSdUB%h`cc3f&oZ;vUF$SlI0sTYL zAEFx+O0Ouf`pT}*B*u@b1wa8pA0SEzE$^aJ9HAja6Z{cenhQt5K9SgPgg~r5ZkbgK zo)k{U9WWJK3(52n&(U8bLLmKN7TE%sSWz(!=dmr&rex*vcO+M#LyE+r;w!3sGhuH`1cq-dcPRSYkXpgKj_z};OIpBoD5LnXd z;&N+MHq)FgWMxnB9P<>5J<2k#8db*}0+$?C?God-oOxC9uC2W^fkcxy^E-{YC}XphzdvowIN$mr5W%;xjmeNZd?$m zz#l4~i>h(JA(s($#E2mY2k8qrut<^voiAT4dDGb#UZ6R-K|kYAZgL!!3?a3V&4ryP zl`WMuz=V>yR=3&8L@M_uPptECbyz5rncjwT*FCK|a&nX_&rYfJ-%#kIA)=TBBjl4P zV8HyVeOlzIUQIl@8Uj;MOJ0mz$%RE&OhR9?2mr8 zE6kAJ`vT4%U9sc~qTllX^@hXA5Wpayh)F9l(wox)rlLlc>f|fO>f$oxAkzLAQNE7e zmJ!+na8dxE<}d34E|ty&#@vwW)9k!Vw9nWGN9WSK#!*mcQZjLYs(rsZ!4%v(ItLfR zde@}{^R;spr2Z_`t`a^jbh3bYbS^3rbz*E#iGKyd$||G|5nyPaC#GnYfKZfOLCz@{ za8B`9+R_BfA@^qhPQ}85=eXjussiFf4sU%>s#>q!=+jln*?_2HSMmM-NHX2Mm;!8n zhUUmz@{(fAt_?)dyivXe4_R7#H!XU3Isz#2=^{4Eby2w7A%%w8BvR69ww$ud=CN%z zDaq1*D3LIK$lkU7xQgA2>{eH}ZxrLqJIMn52M<#n;+$5d-ahW0g#J+Kui4>?7=d3? z6`8tZiucB(6Tkb$f9Ygc3dc8JNph7L!>(2D0I*K-<>y*IYH4I_oBPzF@&P_RH zagH^+PMOX_h8tdlxR{f0G&S$KPXs_ukYhK=kXOkM`zpPC%|7Sfpo^z|qPg4jWspOQ z1t&wv5im9^IT?zzhRqA<{9?21+Pbru=crSW6J;VsPsQFu{eoD>+b8CeqG_V%4Ybg(wYZnu(dye1&BBwFuuwjCq!uSjqJWKO{-u=~ENx zO)y2bFbum-C}NyqpL-h2giy%@!vilT5>K9hs&?uz>w(=~NBytY-PqUB2r}kFAdid)zM;Y8lVFK6P0Nr%iY%XVx>x2EXYvn&Cud(o%w1a=w$S`9G`eUnP zCrR%dsb%aUbxG*T8mzm&d$4W7LP&rX$<;u!LiSG$^7+Aw{cY*kqkZzsC46DAqlhHa znHZh!-krLk9EK>A8;D}9FhlSLhmyUm^wv;r{zxwq<&0D`kNM&Vo4cG+-xz+XGn8D1 zo1-Gp<3ri;nSQt~piy1IX@cZ05^LU$Iv%cv)&8rZV`9=`pDw=co0Q zq(0bvgH!+7>}|WdR$Xj7^xBF-anInWK?=+zw!5 zN4aJzm!+NbI<7n^P@dYN`#Tppjt`-rBZHZy+_U*om;!AM%0W1Ud?sm&q2AuiH9?jV zgh~$;>G3Y-Le*`lqocx-k6^;m5t||__4cZyktO4lLY9oPXa!ojGqs^F*AN9t`{rZ8 zvm4v(is=Z)2n^p#PMiCPu4yY52V+HV4GW!+bV5FKJUUMh%E}14MlmA|C{~l z-_siUmTuc?msM)Fck~33UTHFSUZp)D6c&!ADYPWg6o4%&)WfzADUB#f!f*#fq<~Cb z6b6`?@E;8E9pKLhNw@sX+@4}av;)A_G~N^9JNRw1lg5|^`aA#t@aEU!9q|$TZ*`ZK zLqCfpQ5#0j?iFProsj^kP8rC*fp}5VCBlr(Dw=3V7YGKwQOwcX$gfsLQsLVDe}Vo? z5X;Bz&Y=^v`rt>cSW8<{vl@`6Y?;=qTLL(wqEHSYFfu=~{R2yR7UC!hAxZDdRjV*< z1sE)8fEbD46pm4t1&xu{DEeT&5H_(~LF-EHk#Q0SkfRZ&kfZ5BEq&d0c{a-p*GUqJ zc~lH{%$c-VnEj>bAlYooQOuo`g!1At)8H85-6x7Bk13+Ca_n>o?WfD~3nIflypx|r zL05YYwY6o%(#kw;a?`AO*@;Oon5fWPGBSm`tTymS0H7`fVp*&MPAm(@Kr@A|b##D| zdtr=B__fd$*E2|i>s6O|>b^IQrXIRcP7+*b#O+tA~|DDYs!ar!3P zEy%UMs3R;+MI1NemW}J5kYxo%^nswVFrOQV6j<^i^bqY3|1A(KUgoGZu|aZuTr8;+ zM@cW2wMdTAd+cU2>~+A)M)ZC_i%N1sp-F)#k!tTow5HKkRJ2?9`vY3^LEG&xw1+(S zmnSUGwjEkUm0h6`IyO{&J9Ht_l!kmSYm4pzJ7A1z%5L%1p4~9hcP3m+u4SosnC2BO z9Azql0VT|70LA7b!`TEbj)^5BT3>~&oDg>EHQY^XGEmL zTXa>5tmf(&jKyL}|D`X@=%X{sd;we8YRrJhd`^_zR>h@;d)79W8d zBT_JRh-~sTwtR5g)llZ++?L{{n8-*X>GEo*-{^Iub;nWO*%o$5E#5r9N>fPQ89K2y zycjsv0Ta@yvVX@t#hV!%M>H*FpeurKmlkI^e*PR;H*Z+aDaT6_O{#6b`%o# z2A$p&RCNm-xF8ADao!>m`_t~j?0fFhuq@P_E)WyS?KNYDPJD6kD7ny0QRi&Cd(Zc? z1-B+V<;q(-XG7^xtiAbN&Pn@7R+@rLZ;nCh9_lq`d?r1ZA`0K7FT@gN9P!`Qns`}TiVNe?=6t(LW2b>j*T;@t z`PwVw`Z;8$fy&%T&%tZ@_>K$a0`w-U<~#EFj_YQJQs7h#RlSH_LLfEEoK%Vd#1b^Fk=VTHq@#(N_b$ z@?yO#jN#fV_G&F!;@DM;kCC6M3gJp^w}e!cy3S;E&R`BnX@)UyIDFSVQ!Z`hC7{Y1 zgLS2o8_VvB=Xu6D;5T8jO<)*~q5nZT3hG?3DT-@zEmOPCq&`k*iDC?v0x8mdROGZ) z${pd8d7Q`u3L0702?VNNc2YdQt7LG0NEa&o)=tS*9_2b~ifosHrFum93--a@i-R+) z#3oL}pS^iYyKHNn;dGbtsSvqa2UiyMz`0$}Y7uxVY@L&6DsMG$D(q%oEO^w73mpPD zBDX~^(c%?mmm2Bhef&}TtRIo+83#JBaC(PYuEu1F9P4^1FrIyy+Bpf-m0=ksx1$m* zXlE)(#Exa@rWcBRLMigKz3br1!ry9wwTn_VCAhaIFq0PqQRe4GB29%DKRb3=6~f0C z#HEPcig8hx;J%~4M|{K z95AU=?8ZK08I209awLab?^kFqcZxZp7%J~i5}Er5QV?WvU_t^VAv@A9luBDw-gtYh z9amo`T!rPpbHsMQEz*IKWEmaELdg=AVUvh%g=U>1BxC4~YLARqA*A?LIi#Aj7z$^h zi*DDhu*7CG+9l{_-}=wQes!B&^UAh0xVAxBwtUoP=TqeMo1q%wL?;FLZ77z;tN z@^eX}=abz35%qR-5CpL>K8bd+jS~azk1v^7SV>=D?$9|s<7^ce;u{nRnU-lQoA|Lc z%^zSOdtz3^@|RAN;i(jv-6s|h`No=lbkU)BU&tk3eXFV>);}1AM<|2~b9?wiy#s-G z37CE>xX=V*?A%CJ_jy+aqAztDDCXAps$eD%hY3ZOGm6-ZgaPzVv~3mv3Yr?DnKHwM%dx?0&C8ZfciG zx%08I(rR+v4CYcvZw97;tTzMHP}-XTYbft|U@hlGS%#M80^e&a@CWP3dn$~NBJd3a zJuO@+>F(F+YOBe5Q>aU&y(ypu^4=6wLy2z+uA$5qz_r{rjivs@LkYc!FDRppjI1dr z+vYL1MYI}DM?kAsDR((Q6*#rWc@b=3DruEeD+PSv@UjTGIA~jC6*X)bKJ|1|yz9@y zoR zs0v$5(FD^xd#IfHwb1 zj``{`!3bR59Pt?mmP&NxEEOq?(wJk6oKU;7Z#o~`%MFEIGTz%B?~6% zV#pmI8NCTWUUaqA1DV*Q=V90mV<=uYU6Q`FxTTLU0VuRDJKQ`}VfV5QyGYay>=>CN zrR-o~&5!}ATBDc&m3cLMLJ?uzOkH_KLp)J7u9-L_(KtI1Y1ukXG%oL@Xk@}IRjR{; z3bRJ9TZ7f8u+)96L$)&Z7M#wmY zSf6evQuO(l$C&NSiW#SlfAO)gK4lSL ziqt}h3Bxi#NgW(hs0I>;(;5)s>lU8R6Rwh;z$uf5jueS5lBo=~Yk1u#qF@LBcMqB@-xl*5spG!-}dI{a4$6aC(Brw{UhVmxbE1VpR*K!q>!0yM@j z@^*V3-ThI1jV<4$lgT;Z(kEAXl`0n_Z7qfi8O%f`rZTC;$RzWB(v3?c)il;b0!kwQ zrKzr?G-!|1qM4?-({8S4k9OjUDZYWy1w^s1o4R{vXQ1+Lt8*L;H(y-ns=uOzDsZk= z`stXlt5%I1Wd)q+HPw+cU95S`#241Z>y3?DN)p5(6sDbhWjgzb02xia2;CZ8>D^%H zL6Z$O4PXx(iqb>cczR`$q*y1te2qULT*f^Ix6Gq1zpynA!J1k=b0d6seqM?gYur~5aK zd{k|B*va^`H)d(#KFcArOhd^qIA~>Qw@`Umj=&0^PbUqbd1o9khi|Tq|7-a6;_~?7 z>gZ%Nczt?&b#(mm;N9uv)!Fgo#mV6)Wva<~Xf`S`=T!qd)dEf;_(KwL^s%9@e!YfE zv(ftsX18J;sY+?Y1vdjjm2Xo)lxLN6By#atbov}B7zv^jw1CXnqyEg#3-U)mI z!0VmGr{^pA^Z0LM5dH06?6EQeYoC4@pC5Mq!ANvZIC{Na?_hsl{@d&I^8fB1?Dzh* zyT9Apd+~h#MLX}opjwri~Q-;A}i7H-Xi+nFuc+Q(@Dsz+; zVvveeo?F5ggCI+sz{RW&T!Q3gWa+(@MBvV=q2CYMVJe?Z*V*P_@!n4 zYxtKQtT*9a+Ug5+@gx8jY4x;_wdNH?Ywj17_U_WIN^4hiSB~g9Sn`{?D^z%2F93D@ zy1Z{)X6l<@Ivj7Ypd$#qs?Smy_Imq2RunKIab}4G$OIuR?Z?Si9&Sac6M-tIK&}auCBCcRy731goFr26)H=c@D}1qb(Qg9 z#~y&$WyC59aKzCxuhCKpt|Qd{p{dzpRUQ%NuQ(K@oBnuRPAAV@H zK7H~4o`BAKwQdYBoJNFk?4OY!+ratqrFEGCnn3{xMHwI*fvlpuD=edCsU0e&u6L>$ zDt|*@@(h`f8yQS;gXk^AoTEtIBks3aR$vZEZRCeZkR96dI7~0HOOpX?1=#0C%U3nc zU~cRE^fq|94L*YiM}gqpzGyQ5kWSgXq7?vZakk#*JY;D?R1!#EW0heXM^nj?56Kw$ zJOoq3RSD0_oMb+IN`0a_=|xQNe25)}`m%ki?;oGBs2c8GUkj+}HlL!zRC?|U}E2G@O zg}Gm06540!*fC4RrzMqgm&82H)S}B<8C$w2;&dTruMV3nElrcCBZw3tfajn?8Y}yIyxcoVW?AvbY;#E>t20cgIIQxtv+f>F&s@pWL&Pld|9ala;JLrX6XCv zZYxlPxN5+2>1shkyu{5YJchkkVES#h?kzTo3?yugU>Q`>%l(oya4$mK-&%r zD;ZEllf_TzRaVWOZ;3Ir{18mYvNkJKn0iUjB(Ff-nZPtnlxwVSbW9A-qjTVSoG*Zf z#a~EHL9d>jqZ>q@HJtdA-%};8%HC?<7|>^~F7E zStbBERi2eQGBTnhwYGpYwWsbdc4OiObGcA>57IFz?&ksk_vw?E zh?J?kC05WMff;W0O~Z}}lhxanJ=_uh(LLJ!Vg_Mj313&hGbR}sZ?FLT_GLf4Ho8R5 z8nFP1}%ziwcN z1IUpgOaSrBIy<+kb_;2Qqbci9l}7RsPBY0;#CZ~3}Z*;C$~2bowl^WmfQ!dY-|bo zue}?+c^>;IJ^#6yp)f|2b$A@!1CILhpS^<@MgOmtFZVa+KacTz`qcda+~9d%M(~{A z5Q)k6)m*T}pP@eZp{vw$_lMT;$JiXcMAju1d9>4M$$~T5`0B#7 zIxk2Ut#FRgh(ezMr%B|4gXi)mo{y5r1b+l=F9Rkf5HBV1P+f_JDGs4-7vRqXhIoQe z0AL(T;ybP1kb*ADbAdxNgn=>gVZxA%6lw?dkWHRo6b9;Ep$t@vf^_w|HD0JtqH3pI zhR=zSzg^E6lddG27Sc&dBJ96v&aSkk0cO|UiYbox1hoIoyuXWy)H$wss_t7Eum(T@ z^pf3rQ!IxoBdD$0+iupk!rCapv;nRnB1LhzKs=#pr%(9<6teZpZm;b@z0;-;6ee$- z@?RIyQ?>l-f)JiJP}TbtUJ zuJo4o{t~8aug4WThpKL&bQMm|GwQXj{%I}8N;I6Jqf=7v&rsuM#&bA3RP)xW@94bJ zwOVPFJkF*V?79?2!61xh@I0A=-ClFOX?H>+wy(|Yb-BC(cN=o`QMhRbcxc2~doo^; z%U0FZ*j!eziqB>Am2$eW;Dhnn9BtO}H#`4aQF5(~n3W_qtykIhnoXa(id-X>IL-~L zvB#<^FBGpTZnDx+#^ecHPp=WmmrNy;H*B`v-js=N8a3Iju(Y{m^E7r!uh3KztiznC z)iyhgT(IhZur?G|8W3r{<*M8%T0LBf5G$GWChshvHu>t8cDB1hBPN-!tJv~CmvbqMUG9_)3ep3}bQ+bx?ZdtJ%X0*7;$&_#W88rJZwZz*s z56?=+k6R`MUbbD}h;T){GEvTLWjHnOOQ;RA&_^y~RNaAV2E<_l?%8EmU|xB(2D~#B zABKsAk)yE8VQh^WdA9@w%8$jK_ngS%wVNaYLLGMr1zVk;afn#wO-RO|JrTdVImvEs zmzSDe&BoA_D9%?7;_UnMmoY5=R3Yi>4`_WKAOEHB7?0^yWK@6%#v@g;LN?tp&4sg~ zUIXbAH9g&&`ySX8Ow-fEiX6-9^Jcs#nXOAnHG77ubf~UlccsNxb0KRjp1Q>4qL&yK zt|e;}JIutPs-Xz=z-J?OrL$pX;C8edqr8<6Pp>c&U>ExAeTnxm_zeC`2sa1u?O-fE zysD^ZAyp^x&bY7>Abj}(7z=$wc@-=kvO|I1T({mF81Sd$gb<$%ls#@r3bodVbqGbICm2j0ZJO=6$g&f{(; z)iEdle}K=Qb(NChZqX$w?2yc39LlVKz_?cc9C0FSQ+f3Q%n@U7id61*AIdzTIILG0 zd7qB-+)4wJZWwZZx%3N+W%TCkUFrCBk#xcU#?CBxCetN2dgty~Viw;sL>{tgh{BQ~ z3AbLhi`*0i|3PpB+W!-^t)iZFmm)2jSK?pWnhy|X2~vDFondCV7Xsf32x+tr^{nwRZuIj>{{_S5F?0IQrd z*8ZC$z?b2QZ!Aq00`8rBybBC+96wC zUp_q=3{{mg6<2;j1juE{NOWvzm5@ZzBeRj*SuTd7q2-hgE?y4~EyLct=7g*w0CKQa zbau>Qy@Gaq>ggEz`a_}jvN}7!Dkr&EK`|~g4VxQ_GK%|1dhp&7`k|&XN`kieB=V8E zZWv;J(Tz#qrJ*GCyC!Jo@)nyPbWnw*&rdxASr(UX^jk z**nZ(`hQkNpxc9^Y3IX_QebZkiZvC)<>?4`Dxb6XY2RI8Bn?UZK7abWil&g0aD}F@ ztx-o+6wkZUYdSf_VS(5ImDQvIC~2mg9%VCilKBDz02#PNVW<+(%NzlAt}f~IrLNjb z9CERRr!x*LcZyDP!H*%IrO5^mRbFNFQl1*ov5vz9aZ zS1ViF>ddxtzT4+pCV_TV8!+lNaeyE!}ZY_-zht|meA}T&Sx&e!j@ji{Nl=pGs~1GbKG8IllMMkeN=zs*+}01&O9m6 zEA1G%Qg3OQf$1bGtzkZuXNAUL)fy+4I>a$^`2Rn~W8E$PCJwK1ci791u%vp+)MRsE?>Rv>G|MNvxhJ;Mf*bmx1WdB4pGs!IP;=!KZ^dszT3(f_^O zgBSVr-~Qev{_mqa*+8>2HibtrKCh5h&-2Qz2ri9b>jszjrpLg)@>4qgU6;kXntw~} zzk|IO1^aLB`DXk-#?!$5Q@Mz}EV!|!oJ*xq@QKZK*q@>Je`osF7t1_!JWz91VY#R7 z18?itPQDv!u+$o?vjc0zKy|;g4#zlxba9m0mD-GpA)oDlrz(AKX2*T{BqOt`@8HW9 zN!(L|9&!EQGZ-K2qsX`1LM!a6%rhL}^CHePmit{_G?DD$=T0Lx(bk&mGB zEaVVXtktTfw%f|}=+~CU&GXn#t^Q{>{(Wo!EZzToxtm}Azj(RH|M@6SPCe#zf0cIE zc`WW?j%Uf@@2=!+_1#$Km!o?mMXz0R%2l-qJBqyymFO9+S6h<<2<%ROgy4gAN;iY<4gU5 zLpnu#C|~EwGZZ496S_nw=aBoeQ~A48E&-qVi*6mqU;Zqj4q(N?ztlor@ zxr;W(6Y~^!lRYbDI_ZP9%yrVTA=Hhqk8y~7%+o$(hQh2F;z_$cYd~?O*BErV2erHB zqRE*k>#}Vf(c0a2Ny#QpieS(xrEj_MY71yg$sF++N*G{1g)v$ppQ)wr)i>!L@F|`D zi@GxJ7Wj!6I1*|<@})qTms5aN0IRbFL3!Za&R$v=?KQ6S#T z2;=Z}I$LjA%9EWI*A`U~D zC7d}$&l1LEaYeQ~j!Lz?2j)2HgWXm(r+w^$gBLHJzi0uVvyR^vI5CmEjl#tRA@YJC zTQH91h85q?`A;@eibmgg0k};6@9!7RfA)7b_dg!xS>yaCla31^9Ti)Ja}r@rD2}Eb zpHM`kF6^coh(ia+U8aS?@oNR0k*zfgx;1Cq-Pc^xgfJKcSj-JDRCaMz+d4F^n%W@5{nnmJ z{XfQ0AdI(1IRAhC{AK?9|6p%p|3AvpRR6zL;;@+pzQJjLgy;fI1XHZ}dJX29S)#AP z*O~ZmDuafK*41K(40a;Bzyppm$iVkW67iNfuaLOY^m9w2d4TPFDhmy;W9Lt4>cza7 zNSZyR`d{q|vin*BEYtrl^Y?#u4|=_g|L>zbpK3y2yD20()z>prk&R}*Z_TdUw%*3@ z&jh7zzt(B^7W%U?l?Tm|Oq&nwZ2)pnF+B6rGpTLzCq0E!JWdMpvU?c?=d29bQXGvy zFG)h0$7+>XPCwj`J^w!N z{(tY~US9vde7?WY|Bv$6?w%FqR~oj|xx!asqt#6ij)iDX6nEGAD^E55d=tg`7H{47 z*GD)HJ^r8X_44cgm;1fV{_mqaYn=aS={VEUvEKRL$N^GrIxb%_mJR0$GV723R;qi? z=Y&mLP<~F>OgbG@|%ag^_69z?ryw;l@7RF^B{>}N0BaY~e?O1BwG?ATR?ShkK zGcuIV;w7FVlJKmu^STK^6>!$1iXtiEG7Cp`+?u_-qd+vk>cknzo#x)DY3lVwSpy57 z9;TT^3RY}viQ91MxLZ84DYq@$%P{xpNWR&p`}$A0{l_6klO$w_dlbPyFN)XQ5UjWV zY`tTUB~jC^-L`Gpwryj#ZM%D#)3$9)+qP|c+O{#x)6esL?}_)viO3&o)vl@)v8!rT zR%YJU(!abG++iH~-hBNQm{_zG6i@y|L$)U(I}pOn0`aNYN692MC5e$-WlG7f*CLR` zsUMT%v>uU2p03U?N~&k7)#Xf$d7gxJhPma0y!4<9Flhw^yg4Tse5;bjH{ZE$Be+g`BvsS z{v=d~lyAX))mYOwj>SJTkWB3HFV8DlYR{8)c|!%xRUz}KYg~@LJ3^^tdT;^H(ENfL zTFHQz5#szfm}EL5UG6Do%+|ln3`!>kAhLo~efc5^o(hH1hNX-^CF>$DoAUi-x1v30LCo z_J2#a0o#(K%7&c9HR-HroM3Iy3=JTq=Wwz$Y2Fi zxx~5BqCSoTWtJn>v`e3ma$4ESJlNJ;uc1G$H!}W+7y}Xu-tt0P%H7m@J z@jet}@J*2;V5h3CJOzte>j9^gNI%iX884cGkBZ6nL%~Yw3A+t-fJjg(M0JLpA5&Aw zH5R(bXvHp*XFY0>+jMC85fi3Qy(FPhOQ~z_3u(72 z|6FtR)fAET%dTu7GBy4NC!9eBw$MRhy{rM;pyv@^{w#GdO-h~Qy%}oyrPuSA5Jb)m z;mwSx(^&U6k0PVi#&|P{36ni1nf5VMS&2G={cXeQJ3)BPE|nz+gr^I$xrqR1XJ6J} z+;QtwUNg$82oFStoUYbgQZ%QZlre<|7p|84LT;7PVhEp-{3T&FW7tKEp7|)3xZZ z8}$|H;wcu*6>8KRMfnoMIDgT$f4N_;;_#?kX~B#+KiEOlDsV4xx)NRpNA;6gJzp6!7ROo9C?ZF1|C7u8~!tH+gn%_V56#X zZFB*R%0eIQfnRAyXV+Yc30a(slx}r>WXJ@GW$SBrWD?6HwVn|w!up=ZuiUEVYm zXNvwY(zrf7$t0n>^d4rEe-0g!{TE)C^`Q}lBVMb>F#99S)|4Er-RT}LSCmd7U|94Ja&PHfl7gD!%3wIFxw^l~k1pBUoIlEnI+*v*)$jKAe!ISWJwH7x%x-ZH z(rW958^668K3e|Q*|<8&4oD4Nw_Tl%j=2mG{ir_A^Z5rea(pRH( zy#xuO(mXqPtoq<16!q1xX>2ooxOdh$e{?szY{=EcLzu1ZDicx(6}`AqlcD_k(w4~S z^WNQ6s|ZT7k*i{!PMs%36Dnn*oDjjIeH{SQa=kX;_xGlc=5MR6iyHdrduW(i!L&T4 z<>aazt;Yrb%P~Ih9q(x;Z&}|rUpJ2cVV3}ZPX`}9ed{bnc(X7s$<>0oS0i;(KhJjI z^}VYrdl%Q&zt??hSD(ADpTza8>Fea(@W#*xn*5MT;5N~(@PiD%1_vh=ICt16W*YlI zyQx9#Z-iA(KmMX z(#nJl+rFG0U()IT2@FU%kSSi`j4u(av>1DaDvQl0&w>4HN~S6LlWG1fEW@`xFcdH;NWc=`I> z!*3vLt^)QV*qG`@$+(XclL90=fi>D#^X%!Pf6Q{le7qD<`S=j>zHQ@iaH=Ao-B2Ml+-MxtYw72 zq=Z+psIX@XLIW3#6afiReVt#yos<^D{aBSbFGpF<`NJE;v((En zSLzw-h5B0-Gug_eMnQ2#p#t;Qbp4L%LF~v4R$(RQ)z;~&h@6^-l{WXaxAj^v;di7G zoTyLGn)DupgV`VhVwh$x0U;t}DdkO^q$cG_+9>7?WGO9MCEi028!e#6p2liHIc9nh z?0}zLT>mArC>)c4O|!++mAj2k0QFo=?w7+(HHjU#E8;w9SdEF@A_KS2`?XI>OY&|P zqZwyT%pQ1V67C}_Lc2>WU_Em$%RnEoh9P!#yGIa%;>m1_rwVyST{~$K*mQC1b8YhW zP)cStF0}Hf3FOGDIuj4&XpNzRQ6w6k8e4P8F|sX2jIhy0N-Im|Lsqyrj(X0oBqYsE z!3X%z5e}Qh=_nEi+>9t!-$()(4x`Uov$-13v&gU&5Lo|uTTxgj9_&m&_iDHP4&4l^ z(+8l^*C=qtI4!(|Yyzlo=$To7Y(i|q{ZB@w#{Jut!BMMKjeBhibn|9NeBJ_aY`o=4 z!Amil?p)mK0Qx^wh*1sRWY^*J)H#q?n)=dC!ox?HDocaQ(am^~I!uV6!tz82sF9fg6F=FI;|6?i(~bvKT$vn|uEhus?3&JO&or)vU2>Xj`Ug** zZBPOl&5z>IB94Tx$Y5QZz94l;)mUB+90hK`MQkZvIxk!q-XGqWGQ29cu%!^t5)GIe zBc-FdEjP95!(Z()(u)m6NfNQX$A7HgNk1++Rs7-+JPntG$Ao#10AP{&C7OtwCl}SjIr0 zeY)=Gywz7Z?W9zs81o^MAvT@=tr5v(#-%4>0OZccOk1SQi4U5&==j9MBg`rWx9{ zj`hZRcPGTS>M;SwnQMogS3!#M8=GTbl}x=VY6_|+RDI)Jh%ab)o1R_aN1!756d>W}@ z!@5i9*7!)dBH+wVg-1$D1ELiEB0Wv!BO-F6@S-zbtv`r`WNjPj3?sO+4CByecnuc`w2sWD|pt@8ZsyRO(o8PeE%pFe@E-SX^8;cs=PN!?T+ zgPt*k`J?kC<-HJmPgo!-%q0u5vDy8|?1fM>b=`e6q~!*aFqDYd>nW~_6G7CWds^iY zX!bOJnKbs-+J%RvM9WAVwNXUk$v|eUz6~=hA#a>SX1K<JG=JC`ciI1sX@|vRVbx9|+5UHf`7FiA#s4<`Ai*?0+vX!WZj2}p!B4c5A;AgF!b{xk_e-C`C zN70NH(99F%PlXF{5aK+FMqKZ8N5beMv);--vFLry9!03PsCBN9|>(} z$Ivs_O101*H(SHGG1NBZP$Ad^TDsOY^{I=#p(RAe>UY2Or< zu0*PrmD2_kP`hr{>{MIXDlAvbZHhOas7*U^unjiQUeI% zy6N+FEE!F$X-+Zz)GY}<0?Jp;_Qyn#e8DAeI)@mp%}MM?rir7|>*Vt8eM9|Qz*63iz!diaDMl2W zNe_BbER^0Z@?>lH-f;lsmk2C!6t0V1Qjf|1Ht3kFNBkdS2XLP8a{Mp5e>3~fCx#+s>k()UB7$o(ss-&9>;e#}E!j5ev~js29ckOr%Hm2>HZ>|IcbO zOoy;*J!B$xg|s=z13?cFppo&oJY>TD)5jhd15qi0zj58y3_K&qS?4?};>h$ZTJNQt z?vW-e&Xs>FGsp2u60rWSozoV_RgA$PBYlGw68y;ChrlHNs=mmZmV_(XwhVs34S(}4 z_VxgzN!1Dx6rHBDQZWi2U6ylWjH8E6nAO=hL2@=%mV;~RM-P$8_GM~>N=kJlSBhHx zTrbcPeiugMX}E@cZcxwmyjRH@2(kP$u45T_}lYWa38nJIvUp(pvNuj(=Gr2Y1A zDDQy*$};~qfz0t!_T9^ok-%Ww>?)lN3F`9H7OF6%xa^GIzM`*IZZC+Vi%=us zu%m}Zu)5P6_1}5}i{LxWbpcg5D*vY!ATqdlO@9j^PWA8PP5tu|$R^Jx4+?Goa-q_V ztepdAn_pT(QHZ$LzLVHl3N)MD^EB(Dlyxx8Q*?tGlTQiQTjI z$r*gLMW@$bzvZL)P2y1mb$~C00hwd#;2-RhyDXm$Ng!jhi{l*`NhsxE+6~>w)=xOt8z=irqlGy5V1@g`BoM97O{H!5ZSn@O_n7L zpxnh54VYzW3A|Zkc>3te1XX^!GJPJ z5VwPy91edg&@!-)oog61KE24e2MK{oob1>c#ztZn!p423=j&xO+&7+LIn z-^~^agjVcxfcgP!fntRcQ2?XzA|e!-HrHgH343nR#-%UGTrEq~?$;Q9o8N|73!`B4i49%(8TPq+<8{(}dZe zWGc!h+S@!|_JRofCN>sup7E52dQjjI1*9y{MoZZO9wDm&T z)unXXTG0Q6P^=Hw^U}9*tE4wsN@Ijc@{CA1o}ptaxLvNV5;r#wqHo+nvw%5HXk?FH zcWHP;DYB>MwTIqSkLDJ&j!>%=$&=NGu8SNNws5R$UedBP^ydgCgBiNZmW(Srd+|C=vBLu}vJ5S$X{u+mEI%{KOXp_DbBKOH)kt!unom0hD{Y{3s6${F1B9Hi^ zU3F*8xjM9Um1^buk*|(z;%Sv^T2~!A9o1$Nb~aVkGk_+yK?8^Ko*hg)gvx4f#JqTAvmP)~E$ch$f`13&&|4bKK z!W&SChpFfVyo8Y=8BS>DP#^34GZ6QyWc`YAKk}cBT5qELGWjy)ROSR_3;hZs zgSfZ0zX(IqN?5_9zJM5LPEK#bIW|) z#UR{mjN*J_js_Jq9?bByIp8%P_&fODnB92Uf82Ecq^_|4!{=qTKQH>`vupO7{dzT- z1T=p;|fF0p3t=kpvRJQ`5(x!4!kE8Fk75O zyb**Hn5idF=qT5a4>2d96j(I$Fkjx(0n*@@WRAv#g-AbR5I&OZAPQ4(-_3mkxH$9p zX$u2QdOF1yoXSkce~HIN!KuN#cjk_r%fIfybaTJHV;QuoFD`8I#G-@Cp3uU%RrZ0I zpaN>Lw_}uUdEc62Hq?fZ518QkefF#dvCycIsK~)7kxR*>OwEThWN8c{K%$}dqE)e2 zfrPDUQ=0U@FV1d3v3u;0{!`??u0w`G)c8&aW7@mv7F}i6I17qGK>;lwy8B|F#5GHW zbahp?-jX5IBsHf{`K0|Ie+T=@1Y!b)Vr~u^K`_ERneRL2U>eoZAFPyRNz9ZwlmLy? z6d(#tC>g4~0*rxa5&xT61bH{y34QTCbq+By^nsJ|P2{C6!yh!5EAyhIW(D5!sxw30b! zr;(vc->KY*w-|g_iK#Jk*05%DU#G!Gp_{&|>@Emh~jMZwUGr*F3!F?dwk;OpK!HJ~Gj7x1ZMHa0; zd0+R!WbwXlMG3PbLwYQm?O7H<_q7|u@>N9t=><=|GV%~H=XC(XAZw;|+S=Q8v; z(N`*)vZR!wV>98~HKtCPpcI6&dMVnze%)e&#xw7mj7^761&g|AQB`WQEF{R+<0v7N zDufRK-FaCC3~>tFs`T_sv?@IIbMHyH4kVNrVO1hc;yOX7xTDHWDFU%LMh(<~hHA?o z-x>`RhmT9?K~!HD78h zD)O&cebm08PRSM|npNm>$?BGlc-UECcI_Tp*R-~{F4<-H*)}fift*x)8tNBg!Cv&O zkg5=bzC3uoJBugLl>u1on=ITwYv#@>LOm&i9i0N$J6EVt8&HXb(3ymfJ4hG#$v^HP z7DwZL%V~+kR2)!Z#R&Njs>STUQ2u=-ViQAr>7wfmdXD&q2sO%Vk?y`!Za2 znaWOwoAOfmh};Ph(MovNG>_DPze&Y@260#t3-&jLDz+ovquad>txlvdg|8pHJ}|aC zjr82cQOQ10&nN%v#8p_d@5FUfvNLAKXTjEqBFffJfwq#l6J~j8e*#c^<631P9rK(G z<*?-bdEV7SYMl1qXfWy_9fyW7!Ta?95Igd!mSa7Th23_N&xTO)kdfc)B?lDQ8sJsT z_(|{rITXyHBn2koRALPCY$zff9BI7v_qqvwwI@&RUG}3EpbCQuwVMfwc_g|BRaz8( z)K}G4$&e|OJ62C3ALAq)#C=FIjExec8TzzIhmSXTS=)c%3B`o0>J2trjw9qv)M8f& z;F7`Dt^IZr%SWJiRuYpJ1NogCZcLjK*ZOQKCwZg^Pb*>1XXHGAE@m>pRao&17dIqI zU~w6sY_2f(jH*MXyka^*KbMY@C(8uLPJ*YeL=X=1;x@u6rdn>&?^+U3LAj=-SAO|D ze;zkQXddVb49vn9(zVt_Pz9?{KqXN>q4=A-pMTl@vmCmvVlVigbl;)QQZ0kkjm5Cg z6TZ-|?(~GFFASsYHBvitSg-kKd;C;0#S-)Kj|wCB*Kqig!GKTE@Td?u)FzA7#Xa;K z6Ah%yA>)b@A`et6hlF4H950vu~xWB<)Wnl?WDhr$6_sA!PVl?$j5dFZ<({` zXQM3TqSG<}$#Y5S#4-ep*Him7saFqJ(M8CaYnK6Qi@JbM8N+%b{{+BgPb zU;{orzYjeV`e*>By)LjxE#Pl-zjfcc=CkTfZns&G3**3&s^Fug1Irfo>>rUDNyA#0ZM|pi?*p?gg9iPwvp-j0G0`ElgFoNWq*eR4NI&j zJeq>$Ay8x@>KKoka~*Y6DTyJGzy;yX15$Jq=fdTrqmhrham@Tm zp{@;x4L8kN;it7_lIjIQSnon3NtN_haJhA@YyXEK0qEqYHIYo6L1v*s~D zI@{RMf5N2A@oCHtDO~m#mwkueEUK=zxHCO6-S>|&+Eh+2BY9lL7cY`14wifYR*VMA z(^!8;zBBX+Q%0_tqgs`tpWd`g-~bvIS$OyLOzAA3qL z?%26K;jiQA8|(4U2?<|v1!bn_Teea@84xb}GQpy~_taQC3pJyLMtTkUE z0GD}+O1HgZA9SM;R(Nr&1|wTI-Z{Cnw;Z>dT?l6dU(+iY6KPOdasUT7fRXYLYPVpP zB-B2MVd^5ljXEw}D?h`4@`-X*q>;lFJH4)M;c#|>{;c&Y^*D=>(ueDJRP1FC156>X ztDzlC8nXes=eG>#$lEhaXpE_eNdI1}G@l)L-d#XU#=?NM_1hSJV-G}V?CLK(K!rwm zUCks{1Py=?j&|NukG5L)VzaX*<#bCB-jM!KR}bzI9e8~Oe6$bd*oqWkHHBt{E(Hs? z?3Vz5>p&&gu!F5AG3eD1vW}xvKK9DR*IS)q9`Qgcg2M`c_)kQ*6pZ$+os1Ou^@Z{7 zXBt!AcIKbxv2pf7o567^&@|o2d>%bL3p-9%m+G)*&hOt!33=jAIp38x*${)KK&No9 zG(|71W50oaPH}w2x_`aa$r?X@*3BZMa>)Nd-pTbtp7-S1^u58tpL5!oLyF25>J);r z>|W8@HycZfipKUl>IC*!+PB4uZJDMXB}|ks6D&AXSKk$=c8XY4<4NfaxfIDD`8k+CFb}e`hw- zfB_7FqWjsw#?;brzv|yleSgH2)>+wfW(nZtHy-3vK z^kw31{+^D~m(5y0IW4;n7;`4gU?}RD6w-sLv^(tyum_@b7PQ#SuAhPn)lCpZsQSH~ zX>6)R>3Y>>0lN=jp@6WG;9$4rZI?!$+e>vRpJ$`Xq%o61Ysj~KT^jr zSD7GQS3=VQ2~R8UL*V@z%f{X^Vj@{LVb$0caV4VM@kSs1m2DSU6@WOUE`A)QwY=SP zqXPhCzP20@FlKRCT#70m=2U8|e$oP85v>WG?4$3eNd)jCS>g`j#JoK9)(#twq6f1h zW`)v5Rh!~8I5n({$+2z!yvHEfN`&#p%zKTIK?_2zd-5PWrlDvHk8lZkjAZ7Wj#8k` z2kv;Q%=^sg=42}=)EcIe-u-MP*m`M;%eZ+S-k;bJ*P(}ObcbZKb<$oF;-Q!jvHQ8= zOb4wAUoF{n1~xr4xLs!cC4cG!%g*5G(5M$%d722A(UdHn3dH55xY}6Ypnjr`g9v}F z`Vf^Lf}8e`0HhfIFo=WbMB4^r`AF7>%PYt91sO~bkiVplOFXK?dzI0_C~HFwg+17Qetz^y0+ z=Ui_4BNF9aU}d`{=yvfhrB$ZgfMJ z4LCP--gOCAf@C&tQK~HAzld^|XR^~rkV;hZ3P{RHwlvA;!NMw}2%z$57x(T=g%pXO z_YwKRGwAYoDF)>B(8L$R=~y^N9LPwiOC$(hxv-TSs0QZoWqziIn2hXuq@h$oa{LBV ziuT*tHKkxbaZ~;W;wL>Q><8s!)+;8Km1#q`5;p;PA4p#udQLyZO;(QETErK{1*vMp z11q9lkg5ncoDEr^c)`3L3Q&$?qi|+bqZCOIh5B~H^VaUGs|cmLFn)gQUOU7xW53tE zmVVmk>h+HO6eCo@*aK7%UjvrnU5n!W^v40(^C=?C+MsW>d$st zXwib;>Kj|ATg2bY=98gsb-6x_0iK}p@)66*G;SZ*b7z9>@?~QaJOv5b!N^n) zM2Mx4I_nLm*B0oiQjsC|$4nmVS{|CPBsB=2wtpQrjh|epK0vGNAW0QSJSBW;PDY!@^WN~Y zk#(^F@cL~vCo|8%3o9}>QYaF~BR4w(GMH7=*SA)17mfp|k_&Zyn)Q9w6%N45;ok0> zK?ZkLFgAE}?1W5LS^#hA?33DADA+J(zgb|CtanGzw=;;YUQ~k}o_*2%^LPImDM9%W z?E_Tp35ae0W{sJfz!XZab26tHIN;9&oZmi9xV=nE2|Ff%yMM9hw zGwe$u>u58v6sm^_7r6I+2Xt8fJnM99C0GcFh;Z5sZRb7o6bQ7$H<~vmx>%qP(xtIckgZVB6 z-Cx}!ColRshKB>CB#%R*O~CwW_(;RjKB&>CPKhj-hSY6{g?(&n_#E~X5N_aD+K z<$wWsf|v^+ZNx#w2w$OOzyPCi;vQwK>I-~%EDDoR#qd3SGBS)$Kxz=k&JaZi&b^Un ztz;Xtj8w;oLnBcA&c8A8y#fY6smm>Kn|zu{Hm6>#FTv=*7b5|)wS>I47sO!Arltf` zi=aj${6{#EfR@EfmH4FO2%?T*Ib@TMd=LVVy|zKf0rnw8DwACP0o(7L3{n9ymh>(VY zaU?QosQ*{c5lX(jpwdqT9nWzv@b1HA>^vO)T-mR^$GcV=q)r|r9$#{A!!ibPk=bq0 zw*t}yedsDlM31#8bJ0P^n=rEX0?EON?39RV_BRRm*XPgewXhdY{Uq`F)S`>C;!7pr z+71b7MXFEITJy0JWw!Rwk=r1MQnC*Ta)W->`;oxdG(TB=!SdBR^`1rM>;WU*SQ;Ui z(^*3Y6xrD4_d12j`p}e*K*>h&{pwr?C;RkREd)tH!KJX3!Ph zV`#)A12U~=rI0=f(`Iz!*G_6TjDD5}BL)7CHM-s)beZW)pX}pvUh1LFWeh^e?x!SE z7VB96MWCRBCL+H^G8X@O)!hgdcoDW(1~@MnYuJ~B>`d`gnIc!lXWYOgws zJ=*KU54fiRJ#7#NChrKiy6;2=;5NNK5cs!8-%t~<3IkvSF!M_CR{`VK1?bj!Ni<~w z|FW5#HXQc4t_7+bFE#A9>!@o5zfjRHWD5+rT0f%_Zy)DiB#S&ca9o~J=k&>ZuN>^i zr57~VDTxB?2j5`-MK_EQH{@5wnBdl`4}-K(#T#kXK39AR714HRY@ncuuFp^kHJEet z92{r2?PxOzdPQG(I_|jr+fnna1-v5lTARjjweJQ_wA!10wx;pBIeWPNZ|?8r^tC%+ zpe~rIL|7Bz)zEsF$V&+FKN)%+ob>15G-Hp`e7Oc&9@n zx+@r0EJN`E)cw)rKZ6p0m~*2@>&q~pGdCl>!;6c7H>Lb06C1e7eF5ABnxX0Du)5>< z7o$H%0PqzG4iZf&f9j&`lGs3A59o{SrRoc<-yG}> zDSqHhAPr9aCzWDV1-}qlQz^Q8A~uE9-);#DR>)N^)lSy=4io(ya%XCw7eRAe)g3jH z$qG@1-3~E}^nIDCJoI5tUu+8SGpl%2KR-OZmHa*K#*9$~ zb+x7uJo^ja*TSFqmaOIleL;ppFV<#oP zAK6v%-NPb+uoMb25?v9u(q0GTd!m}L?L z2U=Qdk+U@tA_XGts}jC%WCmQ+-Dq96D6&9ogtT>*gcG=W62U)yh!vYU1K5i<=^Hu% zn;rvk*D*B(au@MuJqLsMZ(Uj)9sYFGrde=7Ut6dHZX*F6eZXab6bPZS8}8BBlcC-@ zFP17c<$MHM&=CTU){Il>iW`JGq+(L`0YjCx-yR#6DR7QvNM#4fC?N2)14@~~IYnaU z9pXFk(c=O&B-JPe1N=zjAG!=5713h-llQDf!17R3B{+sjYb2RpK%ahsAAcEoT`UzM z%J>XrVtE9V4DL(hM*z8$Z4@7tVu`mI_oKpN7%HO~iAfSpj-LmdP0 zkell(v5>d;+pK1w+mC9iXb=%><;d%yd^QVZKN;b~W(yyPmJj|3rHh(aUo7kf_XFa+ z8R)`TL|6K!Gv;b5d*%qdG928Ni697PsA;hJ(~LzB1hf1Z8>A`<+6f=ukEo8JXfVCu zdCF)T^Bj3c%ePFP)p*ShWs6hTK0inpV9*J9NU|A^QuS=v?O}*J_$yO%0Q{{4rHcA( zo3rl6=K@{k()ApX&F&SDO$k6Gv-Jes$_!1RsDDiefg4z3eC})*4zFP?W+q$!V*gVV zyMGY>j|owf!bD(S6sMNn(NGjXIxZoXD~xpsN+3_;>mqe`O`|*&Y_a@AKnsRafohu& zB3csu2Vf$?+=5CoN4WEh_v62_S6$Q4$x)vjCVCXgP)#vI-<2(NB>*k+Xtqi-fP!8i z@)=GpASBW{$HNmkGYNfcLEcpXT`1c2;Qi&R!nFMg*wq7G3HpSf^%h5XCOlu@2vLWK zQ35;+@<}mj%}4iveTju((-lSN6ci7YfL z!Fd-|TDC8m%{oUq7@{@3#qaZ=36aNrYE*=77|pL>n#SSoW1zg~OySEXMqj4_GXu+^ z8Uc12Lb(5I{Y^FiPMU1C;2UZIDJ5;^IKwB7Ya9KbHd3N20csEe%7su(@EB(<>}ae^ zzpmE9hSv9VE!=wgzWqbH7mNFk$rL4O z*TQnM_zH5?;A(X|UYHr(2^d6tY#buZWJdI}Pvr!)<7!?U$!d%C59_3(R?ddeo)?!l zYV~QgMR%Z5Bci|2M>VJH(g&=Q?ji(RnH{>A7|hf9t{0XF7AL7Yl5tlMt~I(fz@!0qmCD zgf!S&{FsrvMqyk&X#gfX`i09Oc!qw%&>C8`*2Q@yISHM9#i zzjnN~VrL<;Lv!?7NxiqyAhKZqMPyKOMBYbk%j(j>6wfa|0f(=<)9P?y7E$U(7x=0& zi`u)T#tbjKSEX^k8>@58e0fjQSBUS5R#!eSO!P$jUNG7c>i}_`-3DmT zlfTFt97l@#Zoye;+P4d81kEG3{$dATui?~I8V`bH7mH&xDmt+zrF)^IFXZQ#=Iv+G zT=?atun~9x%uuc?^VIb}UBw@9oqYg%%dR_ff$YkyGgzdMHl(mejDK0$aaM2!+aT>T zx~7~f{@eb)8~>jT?oMD^!-9_x9g5XHZTawC$H_w+Kqd4YrhSGks0};u*8qKzjbSy# zkU^W7Gkn!@@T+W#oPBfEWsFl!*&o#sai-{jf{b^+(jtHy!`cV>klt%u%GXD=Vi_JK z(fV-UBPCrr3PD9WgzyfjAe8hPB~J`U%d+*;`)2`E3KZZ1cR!VE(Mz%+KzVqqmR_W; zmyRQDI_ew74TK}@OG9Hne#BJ>-J3nf!{-4vljKh}j3VNnWu81H5lG{olI^qP&`gkF z%aIdH{kInFyg6di46+t)ATGheo)gR2Anv_-$rZ7nxEEivh7;^m1*Dck~)txaYJPTMsgG+67#fS_TtRjP6 z7|mn~qRe*LU7A^*DNKE?Q&6-Nj#q}F!J|6AY*&WZ5I2bSg#Ydl7knj$=?*83_>`22 zf<@jU7qCu%PBVK}ulND|#&`W~*dtE$Z}lr{)ethw0~e+R$bx24CPVyEsx`R5g9!P! z{c-$AjMJ!Y%^nlz=x32M?2Mjn?i`5b^mmW@!*TAoT)uVEZxm>_iJ63M%lF-;ht1H3 zQS-{DQ)F((l=pNxILRPJ9}HCjD!oVKe}*XD2`?6hT%`t|^xew0!%AM}ZQDw6t&Lo2 zo2WlpyC-JLRL@>T zCZBVS2QsWWNd}2aLK~HgProB2Hr(u{oy(MC`6-(Eq;AHgjX?Y19T{d0lv{T7$_p2; zC%XA+a$>w5&SNOXquM>7y`Y1wMWjAsn+8it{6(OcZ)(C0d3clsB26%J-Q0@8Mu zVz?R4Au_bn0Twc%BD(nP7lA8>X41pPFcgTvtY_;^~V}}W1lQgAju3(YQ zc88=Yy)P$BAkRr~zS52<#Q3$mU5c%t7&rniv2T!XOS3!WG+L+WnYcelY%w(m@8nQ?W#}b$ZAdj@+azuMR-A$Y#tjN|?x&l3$?As&UU$ zIfZoG{0*L5v^$4=;}_D$7)Jg2`1F28JqF2Kl1Lq8ZCf%^Te|*frfr!b-lx;Z;Xp_o zRUGf8{9OcY)iMvJDUHwcGa7kl|Iq{0#6>M17wi=QJp{ zu&LVWG^|?deSF>P;~Wtqgp{C>{%4IURxQBL{kS+*2$8gWlT&Bao$Lq#0i^DO`ve`? zP;Argu>@OH0(riKXN~R9{YhH!9Il;uSlT+ZuxPz#_aLe?SyMyiEct%axQ(oyxcKwL z1L-WR)!-KnB)t6rS0vnRfeMUfUjrmCPrfgiqvaWS;9-M~@x(!Ir>bxk`2sEYQ$h#K zd59*H&G2W*;E-zd^aEY>l3%u!&?!^j0`s_l<`=1Vt=9MB_h$=vVP}(A@OW>Yq2Yz> zoT=A{56>s=OE|_+c}tCFF1daV)M_kbLx_^>bzs-urp3V-V>+R%^R&UERokCQG*!yx z=-Ru?L(o6;iewH4-Ch@6(&%gL1f`^Zzyy}oLS{YoXT$+=@O}-t zGaUPo#1}6b+q>oaQRio6yQUlM6V!tA^7iwY2Va8N)~6){YlRUyBm8T#B^Er0h*^O* z-REf~A&`J1$k}@xoqX^tA8%c@IE>kLE z|2jFlP|tN@&f|K4lSg2SIL-$L$k`qRj+m_DfY zw7=~4gXA3K1gv29UGKZOOHRLDM=txpM|7p{*W1qn;_sXKCW4#I@6G8qGs&8d0aD}`IGUBfpFl_m&F>fg)<6@>T|_J~_9dwzCI{hyo221!im;5osb9G~ z-Whz;POwuFDT$C!Qb-B4LA(};?$_qM`qH*+X+hm~|5rfeq`zB6a_lX#hV@Lpde*YQ zZ_;S(MZ22v5RyT?%M3nL`9}q6$Vh^fvBQK^)Qv&Kh~J#>^+1AMXN0$wDo1OA!7?7! z-hMjt`#k+7CsyE=r(;WVyM^Hh-t5Q*UTu$k+3X6y#&m*;VPC9M2GdzF8r#u}N>QrY z&(L7`K$8lM;p9mD-4IP#yTLx!;*xT?Z{!3o^VQkdQ!)nrL%MW)it8n1U*xLx`1ekN z=lySN8i`25EL&3}9xBb1_`5zqrJB#4nyEe{oscYo&pDjqgpG{kGCCyp7E!l6SUqz@zNs z_GtVnO+s`XcG81qA!LD;3=-3NX*j&eu?~qf$xbOAizSWoic5R?3k$T74z>(944;%; z$zQV#pu6x;d)^gmX(^QOI{@Ou#8}q)`X1~w>=c){aW?p|q{ulzpoI?(xJ%JL7Fz{t zO7Sq!--`}d#-nGfw8d7vkQ)a-Z^mlLd{`=}0*T^L5Qo0w6C= zF#|SkOW&!zy%RG_uM_^09!B>8UH3!u+X#KCY#O$`q!bzP{?pp{-t=pYqrz))`J1n= z9~6Hs-4c#Bfx2%|OYBS?k;!X>u=B8u2PM&G%=Xg1l4E#h2$Z)P|E(`15uWQ;??tyy zy_JK%>!eI$URl%bddoOkd<*_`6`VNIu0^~rp2X{Zaf6J+U>+3~%E!Jcfzqy!GS@=% z8j*>zK)UFR+XEAW05^7Nq69Ys2%(o#ClAGrd>(rFfoBTCkZ+S9q|>wvZUWA1^biLyeN5mF6+|% zYDx0$sb+9f?~1Fb`l2UpL-?clk=pFtT(&hK;2g35(a4at1h~B~SWQ=7F7xEJ@zr6b z-$^~Gc&t!w1{r47Q}0^%$)%H2d#1wih(>{GhG_DZ>_7dYE2N<=azGeCdr}b%^ep6r zj22G-h8-$ir^q~EO&f!AxH7d>{_%>C(lWvS+sW4zs2f=&dcmE;?=s1&sqw0g6om{<=1^DD+mR1Y+e zn$xU&H(!o9bw(L51R5AE)o>=0aS)u7 z$};~S0Ion$zqM6qUVt-RvP>9?DYI2M+@Sk>G~&Y~h&{3&5}GNe$faFN=hn|voggz% zJUcYj;Ue30#S%>?e^Kf3T!9+ulFqkEqq8dJ)XD>Htb@Q_ou?ZBjzV&hWzM-Hy{3wV zWF_+5S5dG)7hD40hJ@o{|5l|9S4{ zGC-pqCoOe9N=IMyMIzbF|_t90@sO?#zFrLGTe16dFM*ZECMz zNoEy-rU$2FdX?1HO5_TH~;2d-b+pFg*e zJpZB(q5OQ9N#06z-j+~9nlHre-}RgV%07F#yJHps( z!&`b*JSwL?%nF>Gu6_r1SD54q5Q()#7 zkcDF;A3sQ8t+}ir+*7aXb*<&OYjuuHN@^XK653_N$7_Ah6xVE9;bt>rm$tGKxdN^s z=-7?`nH^&vQ*FWr3}kAW0u8wNjtOX0J@P$OXzaUH*MMdpHIW=3!Z@`}^SUmN$%I-1 z6MYH{9IF^OCyQ}BURkQ$%53?1UGI4-FA5!U`D$AaWjh+{e_Af<3}ZQ=@x&C#)YNB& z9XS#HV@32K9P)T>WGQQ?=h|TCL)NvyuvJ{+gn$0?pPqdWch3x1{|&Y2ksr907WD4m z;YgUvcsdYCTo^;DHg+zYYP6#jjNwp(Ll(uV7@0;XJ`OvP@H<)-*nVVt>(J2e&@kp5 z`)1Q?we}U<`ebr&-YUS*#z-fDsKIbjx#oMH+ElmS%}>*r#Db^Kh) zN)O|!RqOcm!Ln}u=XJ{E{g$g#HR4wvPLEDrA0O)w5nSD2lmqw@L;o=CQRV z19R93*oZ0ev2qL_amRnG?&)K8D%zPJ!112l!^JW&X=4p_%z5I3LX$uw?B{~?y819~ zwLZKH$y+hQweIb1k)7^NcMCVjY$s*vFF{!+r*J`OH3606Mz55iHIGzG<3x4Ds1r|E zCz9fKHjFn7k3Xfq3z_l;Tp4B=F1`#_8HUxjE-Gk=&eF{LFiO-Mn?utu6g(UX83}2P zWHPsd5u-6U@lfAK;R`|CMeaaYlRTpxOD7#l83+iE6$?g=-9uVpwnL8Iz4ltICr^F> z3nMe|OK@okV{k8W+yQcv@c(=AM2lS~)|kz_Rw>Kuzzc@cG~(~E%pRHb`eehdxSoc= z96eW{(hh*PYvcKS99oZ#EfOPi1S=s*cQ6#6N5&mw4Bpv@Wdj} z6PN>h*Xodc(0j=w1aS@ZUry^dP5muGZN)$gFP@;mG*_-(Ad4EGnvUT9Oss-6^u)2v1l%Gz?iwrVLqWjG@%2Qx}=4Kl8KlKJ!0MYC7q|5 zPgnlT@B~o$K)`Lk3IJ<{?wnU{S;tkB%ytZt+N)%1sgTL|U`626 z_61Yn<4gr%w;~Pa8l|#f7+hw4e(r5Mu-miBJ`7te8n;tpH&w2tYGPo~gq2>PSPhq2 zwQ*)UA7{HCr+jSq(?{vgPNG<6NR?*PaEq8v;TX~0!Vn8G+tn-gvtpwpAOR0A6fR6H zTN5X-kemi;TQVhr83Sf!2mZecitJ7{5Mv1DwATcZisFMnjJL4_L$g6(p=LXsSeT!? z+i-e4BHv3!L2YcPtJPJ-OioE3dE0)r35+v})o>W&Cc~bnfX-Ood~)rF`Xru6k&Gvn z0vV3@R0Kvhigye+26GChox5#os+#Xq_tW=4YwjRcAJ61I2!feeEf`KqmWfa&?+;XZ zNdplAs)SBq94t~K&rEq!o*tDfDX)<74|wgok-vsb4OEl@&+AlOV|g)11j3ce3-&kn zGI#V7D3%(pQZk^!izL#g8+z1QuXa?#r*xQxb36fsVuTK@@60>ke@fSR*4EHCq>rvK zWy3@Qxix?lHRWhgLn?Tlyo{i8w#IoR*&ZWL17@#Y)CqR=AH_gd+P@AD(i4dih#XBJT8un$84%T zbbs@vET%9}4cX`RCi20D=&4_HZHsBFiH~A2+*xqr7iP=?`W;QlhSX<91z&eDVd4Nd z%_)yYks|J7In$bN7DxEjV7uLQU@BVdFehs`Emp`HwNl1671&`*JGvJuO~LJJzS8>x z9P+>Hy(QXF2|EutVa&DR6n?e`*rhvPz@rFrRHwU87ZM>`JnOpE%6aZ|ahN~w5EWqh zm^H*pncLm~+_jOY@UY-`X3SFqF)l5H9fSTx3K%VX)f}bErNB(Pi1gOixiQvzp66)V zNcZJl_t{==$9wi2Iez=YJ3?N)`n%Dd7FG$3E(|94Kz?*%`oC2Db}qSd9K4T z-k@5Np^@R<9fA%l0Ny#}Rp(oS2*FGir^&sY<8$UCPO2rYrG`gnF$^%tnt+x<63XtDNJ{qyW(|KRAar$_IP&yL@{ z{p-&shx_M8hgEic?(^5P^ZoOm&j|VJ!9Vs-&-35*Pfp1Dqf_0UvqS!Bk3aI)o-Mi4 z-RX9^FFW0*q_?}b``zBNr{0T~yH8(scV0dx-*&s*F8TTV;IB4v&0ihbW2WM-y`J|{ z?~{yVSQ_DgT6|8A_7DF>2(e)3H)rSjr|0_j{*Onk8hS?v>22fiPYs7cNH=Tu#dBrX z=G-}Ij5vTX(cvy><2%5K9914s9$fo4Y8^=_W4@0$VleHQLz7li-`{yXZ^!O#GiARpAiozp zb%eHx@@q0aOZd%2oR9uiz0#d-w$=}WEcL!KWXXzQVd_|`w|=T;E1j93M6^LvHr!d& zvmFV46ZT&^zXLFN5HsUblB=FtznH})bgX5#RLk0Tk-cxjsio}DOJs*mBpdNh)*eAi zKPc?kX1JDmMJ$FQK$i^x-c#`TSj8OdbY@y$L`l*HOvsyAXYJZp1&YN*9NqH<1n@7+%%zp(3q1dXap=7jNbJp zuK6$_$&c@U@-QNf<+Of${}Vxz4$u$kg)MM|1Ig$Glc*-iOf(*wOK>qFGtMr-X54Uk z`p9YSQ#e84L_u%5zWGiP; z9t3bfQ51Mm%>a0r86S9Jf^QfjuUyn5sCAN^dG=$kyG45FkI>uEm}gtv@t%3)IL?%R z8hResrt%ss*Zl~1cc2=BWaRwp3|k$L2I0q;356ejPv_%VrHqF2@#IMwc@f1DXGVHG zVEq~OH6pklx=)^XX*@o-7>R8NH$SxiH0A*qz|LMX8GTp=A}D8x-C|GsC4d%(dH;#*%+((nY?)rZw#ZY&Cj0m7ljQqsKI1 zDnO&BVj=06;ngJu1Wb@rrm-${wM5|=0k^*4*d9PmoChs3D=}r(t^kb1@>8u@dNcoJ zWyUWo0FR1-eV@b5rK*tDSu#NHNE1c@#%np~!JJ%bDx`b7j`_K6eG2wZDluksW~$+~ zm8lq93a(|@j%~Ki^eLK{Fo`3^`~e+akSyE+lj?sv7Y?mfrYm{!1TzsAwhA1)ZWW^CaUel1WHlMf@4ZxCW|U~5y&EgJJ?eXu&E&SDWo z`LX7kdGe&ZnAV2if9PdhjsZ`evBBaQ5`_8Y%7Og!se=rH(Qg&|%PHx4J#W`&^X%C$1jgIZkeUmx z%*!Udv=)KyYRH(CRvdyu!z@&v^{e)r4Aqc7LCdWU0vcYp zMtRoX&JAV^P7&x^J7a-}^eA$72)oYiNI55%VV;luZO!~LdlQYkXDk3Bx#gIlf~8cz zTx(WyVF(UW8Ye-`;kAy9%M;4$G(^6`-o$6b2djIdBnTiv5}B|d(z9ao8S6l*d3P=>wee!r}xi38Auvp`s98O-sBD_=RyhZ?^Mhp6qcO(cN;Pn zEC4q8XGf>+j}MMMzTJOw)JF*+jdZ`!fA{(@qhp(P13PNGj3vhVmy#ruvsH+Nv4lje zjqS(${r27Y(U}*2GKqw91GQ03OVa1sb05k)P^oyEEu+XT4mVIJF(%~@yT_xDz z+AAk5eg2Z=C_$UbLQ%D!@Zy6;Pjmc%29Cw(9Fm0rW9L2Gl zMoDKvTqGo&pVO-3aQ}S&`~5TXnZnm{BX$CEvuLjpvS}So*pz1ejzF=}JQ}VY|AOqyE)5Ii)YX{wmzz9} zW@Bi5WcE}4YqTW3Q3rqd%U`5HB2U%I{L zPj`3zLb^BYxXF`fZuBqR8~0TN?hAQJE56qv#M-M)gt*uv?O)rGWF2#QZ)pH9zkpJ`ySiZ=k6b8|6^8%)1&>vH%H#o zzr8+|p8q?$h4cSucjxQ=U(0hKqB()gaOg-?xC^GCzb#}%YAc&wFvgS~CYtw@MqiKm zFX}1nf0MlEHp#%U{r}==iU04tc>Z<&uj6T$N9(4^vxa#xQ=LM~Yn?-io_tm;9{!G@ z*b9UP?Ru#1rA@?gEO{{Cq^pIYN0g1hc|F*hIO0LDn?%ZYJm|JP@Ax;9N% zw*Q}YcMAM}ulHj2>;7NI^RMa+Y7D0GNt=YsayB6iuxY-iWHzsuPy8(TBVG~=gh->E z*yO(}?22n{2kscbbtt3+ux^u^PQWzpzE|LWA6NcIV{X(4Z)fo~ZrsO`{om_8dr{Q? z_nv*#|E=YrdCmWj#%wI)e2*N5BT3V6F0FjToED9u^v|C6!t1s0;?Kl++$XR3KvFq( zgYb-mM1KtojSmsb(1^^2c{Q7v*ihtzoaYkzqiJarh`9~agF%YC)B6Mf0-_gQ^lSWc%*hBOc`S!=>pq|=Mmc@ z0j^(bmS5%jM%S;;EkCvN{}!)+mg;|=m+ybOFTT?Mbv%zAkpdlj^oShCB#WdBHe(0J z+Xsgv7QzIdiKG}ZrL@fU=n?tf>Vii$e878+IITyITJGPLNMX3huVm!GJhl7Zo?2@A zV-_;ii=%5$gC+a_`SYD#QU2T6dG>YxujBdi&+R8<#;1D_`&J8e`uu-2)zdPZus!l* z`}5~kOBZXMGDzw`i4r5Uo3>GIF-|yUT5kRMr}cIuZA2!|!63*$;^`LJWW(pfn6xk0 zyiM9aynELsZ9I0`WFz1zChhO{Puu$c|JmN$B%RNnTQHnI|LoYvIUw19kB;p#hypam(jHxKWB29CbRs4)^fq>-C*I;HPgGj zP1?9y?qmgV@en3HBJ2<1=}v8*26Fh?jB0pJgDg-i-zwtEDy?FTT&rfj7tB47Kqo@@ zb|ENu^Ys89k{mr8ifJT57RKpXuurk1Z#2@rrUMqJHu2sge_s5eYeNQvHuH+GgaNa=J==}btjj%E+>PQ| zKt<(EbJJ^Pag$t;kYl>JUN^r@4MK+^CL3rpl}*}au_%co591MOm&3HBmG;QrRNI~T zQg;r0FVdNBF4%mFd;_~y&wqJQiX-|42^yi*f~^KBXv zvea@cA`yu3{3lIr^Aj==DoZll{2aTz-IzPo?q@e<$KLvO zck}I5vDvP<)f#WKLYL)Dw&E6RvcVQ?saxAk>tQvpr(57OoU`!u7!7AjFXJ=TEdMo; z|A#c95LxG%8h~Z;|Fh!#&ra{z)35UXTApjj|M7&8n94DWbEzPWD`?$b%^{H{N9O)0 zJLLE%Jx5I%U3YU8Ke}zW1s9a+IK^N;JAc~)(mQa+`BPTgv#r<;YFlvG!jYZw=qtY*Lw2gJQq+I(kMXOC>qm1j2|m9 zxiS0D?R@v!=93Tq|IfcY`TY5tHrdEc54j?- zIE%s1)u^6yJAgimuN~j*Sq`w%X0aDxA(Mo|KEMu`|AI-mZzEg4>a-| zQ-$HSEhalb{|eN~X4zcL-6yzK=q8Ct4-MtKR_kX)$7~PP)-x0BRD_V>q1z>UuSz<# ztdKGntDf#SU>-D?>KftOPoQFqXgu*^k!CsVcH5+lS*y|?Z|Rh^NgFaWKou<7>2}-M z`BWNV@2*DJTVaH~bcCg$n0;$vb$D5fz0ycruu?s2#fp@tU^9Qkp%2tkYd4mL&;gGi zg%<|J-bjZSI@%$&rbk}u0f>=PTAy)_OOAvCdrMPp3{Hfo$76B{u1xVnic5RK=zh&8 z2}Bk%zq0;LD8vG^%JteKW!aQwy4~Vb!8Oe9f`@QzQ=SD^b4^3PqJByBf2@8s0q

z(>E|iGpBp6Nc-2&1}!=xN2jOnPWK?%9PCHy>6J?f=VoIrWi+xG_S*HGzA_A1?q&Pe zkQAS{X?6xSVQ;vRLn6Wb%T2^ujI-y2m%dp}?d?Yy@Et_I4kXF$r0ZhJ+qjq40P$~yO6K+~SFDVX zSCGl)VclnZeO7y#@PFX5b$9&V)2F5TpYHCnul~Plc~;>69L)koT}Ed1Qjb$n7PUCzJDW4|Un5$UMHP56^Krijnv!C3; z))TO@xc!(_i0QacO22XBL02(beUWAErmzJ&B5Mjz2H{mrjoMo$=Qke}8go@9Bhvnx z+Wwo`14D>hvEsY{*!9X6XvsFSpkfoXl|imU@aQDRfDkFnXP9mltRBclmJenR!cpY$ zLbA|j@+1iYtfj2ZV{-wzMp^L!(x!}YE#CIF>c8!5W>}rSqillWxluVxrt@ASB@9o` zX%W|43^aDBE=sv`)JbhpN=BIf^U<+?_oa@EY2XiWp*BaCQl?TDOa zHeo%A)3R3>X|7}FrDJ^az^=D2j@&SA5C54KA~Cs!k+d~CY!B`QNM70*w~p!sp>PR$ zSBz&llAEtqu+ucz{?0A5Em3b=V3xG9+%0U7k~%z&0;3v0!1GFhHu2o~vsQ7N4`rLJ z9h?WWS?`-&yY;6L|8MS$uPXp7)Bl#^e{`Qc>we|`*YT`k|7CJHVT5(PBOpi&DsZ?e zB?_WJ;2MbSpB$&@R$SF@`HV8?W_n4fiOFkVG@<6J`OADe5i-ucnZJtq$rDE#>9mN(F%Iu`xe-r%L_M=U!b!g>X0 zX>n4y$hl$Od$r^WxXRQeGyisE7a_?8`y{afG zX{C*4_%f6&S91_;qr#Tq<;u1UC1VB%q`KH@0Vn5rCJF|$gMcap)aFL>d0c31#d$4P zUu-I}`t;t(?B4eYe7{c<{?9n;+?D>f*Xxz|zun!ZU-`dvJS*sb9bQhwH1w(T(fv!+ zk_dx2wm5FYvP)Ka#ubSHI6-+1EwZU5Ffmen75HxIl>4)B;P9ApJ*le8PiaWU%)?&V}x#)4S?aeWjyc`qPB| zBbr>B{4b;bJKd+H`2Ra!AYfzhQgosugQ)CFo{wXSZ? zOLC>T-Ec^r@4`<$JxfL-{)x0ZWu6WPd4MUuFk~PMQ;*r2j8cVmx`Vlsl@$o-G62kh zQoi)+{7tp^{YQGD)^_-JDlNvC;bik+FC?Oyv%!Zk&!?$O;ENDU^Hr(`D$0KVCWHL=! z3uR~Sd8Xiic?TP0J$N(P#dB^`pjNuU6!W8&JY7l!8qK>aLVOdN8{x+I>Wnj;4s0cV zbf#m?yP_H>^9T%_PHG}R$Txfk21?eV(^ zU20HAu18}tv^rM+)`|q)I}uXJn9o>f*@{FlX+m(MC!gbO<0cFcA@j&SCLI8e(b!ZH zs2#Sp(Hp-fCf%Ad`I}H>K!+EXRQlNk3=eob_h1Cy@^B<>78v=Fg&%u{SuHJyYsH<- zB*qa1_#smSACXIjiFy^AF-e2soGOZ0e^V#yyS~rJ<7nyRFR3SsoJs!HB4tu4CMehR ztK!*hxP)@O6}iQZ@h22|YC zEZ=RZ6OWKYvRHC9!&K>fL}(xx_2(wfw%=%1W-c?RRdufSa}G}(q_2ftNZQ6@#ebiV z8CCS5>Q(qv?X)*ZJ7D2Bp0r7?3u`F!8p1siX#>8RZgRgD8W5PxU&2_@$)W6HT*=3& z13S5dbSt@3?_3ec((ZeU_ClfMip_u#Y~6_>9q_684{Yr3`PPbL$$ENNyTS^xv_+UV z-qUQD`XfkZxb2Z&w7ehj;e|>5l4gUldG~RD`q&r_71xAx;Ep+?mwL?j#XveXxaku~ zLtjkOiNj`aIZ20nFGRp-m~ZNr3B#mKf>7TlYCatZ)Xz6)Iz@*nMyIeIsQ&=c4E|G! zazD#qfy|B7g{Wj;^k>U_)JUhXlUn^&ONqfZDa!4=BJH*%7~k0O6kccG7sC&xA8b+E zuvs~$e6LG9v(jl{gQF*=(oaa1i?kz&d7!*8i+^JCAEcOSOm?FVt2Xfp=w(GlW!Kp_%mypHpWM3d+tev zhlu&&`81|ZIOF{Kzgk|n#O&!_tLLz?gPO9A%fuBKJb%i1}S}pKp^XlYB^en`9%2qH?J#-qV|L-=r(#L~}C3)7g@r=g>Cs)OW}0M`@sHkp=& zx1h;tv#}g=8o4N2ZwPg14s=Q)$!1(6$~nc&j}- z>u~z=BBcD+ej4fjV48yCrd4dVbN z$EpK5X-1dEd0dPao{^wQN08r@2sLqh)&3JSwVp14PG6rte{Pd2GN6h*e@Z$XpACi2 zHY*e;-zPlq2@7XrMkN|*;w3XhOVFk3SC|W2Ji8#%c_+ONTD~HMrW_?Dd;vp8%WkC_@N^B5RCVFJEE~r7KSFCNN z=5{vD4&ad#Q+s6M3NBr_g;yErg(?2E(#|S1oN1IaH0EN*SwXLz-M*V0Xf9#ePGvZO z;&+4JA6F9VwIeiRmTbn^B^qXgF_-32RE)^uzp2MYhe&ux zY`!AAimwfWmj!}M7`hBHm^_9!A70sNRjRU7Svu3}m)*u;6=;zx(3|4Dtery* zLDkJH5z>@2+Dh0$aOoeAP=p;*x(UkFU)vRK?=RTAm&Zf6vtJbxbNv-Ya-H%&~bV)VugLTRw8~7_Vva&|Jd0C;E zVMgA%+>}FOj0{*CVpB3>kzs9M(^03257jZF#eS{zSCwU|ml~#KJz1w2sS^`J zArLp>9b(^ULnh5EzE4b>w;TFu03O#*Qg;ZTWG-_{H&Nfk!-|2HEQO9 z%{{DCXvtdgxi)^8RFv5-7y9hvY!8900Chsq<{zSuS$Hw#P~H)sWKgGyTB%ix5lhh2 zS|V29W_#JdG6h%pTeVqXZ3^THESx4m%%f5|6x(iv<)Ui}Sa7#mc;USLq_v-X;sK{} zPDV+HY?4t~Ln;eCp2Sv{CS<{(XCducx)ajm@%7Z`9;m|7VdpewUN%HG!EV6IFYmv37LwKH9wjx|z}sdYxcKgp(^d9Zj%T|=;r$M`TMmSq>@)X7 zT4iI^)VpQHjNZR1tZc?bf03)24S&gsx>T}i#oYG~+{JZe{f`L8;#T!Pz3%Sw(*1Au z>DT+;wLI6-|7aXI{QiGRHvV6?uLLp(_HdLyF0}QUARP7$bwO@dccc(1Pw#39AyfZW z6his7Y7|0?)j0VkYScJOl}ZJm>Xk|lO(AqhV>+O!Sl>6V*QHQ8W7fjItV+UfOIzAc z;>l5lD^5EpUeu_e;Pp{GnysQxaYwO4SY2KFg*phghX<(^GnDMVfm#eJxO?a(y{7Ff zSH@|?DS%uU%iZhb3J2DM(#a_nH&DrCRA-qo&XjC`^jN;5Slme?hTftE&J5(M?yV^= zaeKNq;H?I?A~rS{_jPmvrr9rB_hx`tVcoB*d#h>Xrn)!N>;u=mHP+D7G01nRp}A!- zrWS@}Y8q!lT|-TCrz+7!62}*!JX-|9O~~Kft3>Zx>GFV{RrP;a`Q|FXCHlYKvlq{c z`oHJ9U*rF*<++aj?*wt+?Ek#Jb?u*nUJphAn2o7k{g;)wnFi45>u&Ua)f2pu3eaid zhHfAgEmi6OQ?WKJ?@GbTTh$zceXBCv+>$;VqlpFDrRv@)&8WP4G@h!Sx_Sjdxp=+s zT!H+z397q}I3| zU+=Ra_gNZR+GLPo#6$x%<6Ly8m60t`%(Ed(bK!O_*t{b~9s6z3!Bv|T2Z9Ef#6EVk zJ_K~(p&7M3qY6~I_S9GmL7uZO@ZdE;Q!7h3{W$1}m;xzqmew-ScU+Z5e%0?yv$gz) zTus-pyglb6!-=ZRX|V!=7CTvfBT_Bu*%(C|#Wi)tQmv`l%!9K)9IWkQ)rN0bA?AR% zBF0=#Ew-Sc8*0Yf#riUoVX%Ug2+ z-V%3@MJ1LoAGEcqQn_SUi`u1AsJh2Hpd>D{dOcE-XLr9~EUtv-_NbdX(JNBAVyjD< zx@CIj_7+{A3@xi=b?wAqYB0CI2_`-!rLdba=VOoGRW7>$EWrYP}Xa)-0%;lZ`@- zv;rLMDr=6-rM1cx*dLXkS>0is!u>|6D2o}atL@OrHk>|Ju6A;zsY-Q>%O}Y#+IV_$ zqx@O1{RFd$uC|^Ag_n;pQS4-;VJ=ta!-CzWPCvddW&#Lmjd+s&W0xXOF`+T=swEuds`}C{)zmDfR z;=d7wbr}%z2dpgVBj*m~Vap$gaMbNWUg07$n5O%HSM54UKecr*%u}b^H4Jo3Z@t^? zt(W%Jgc+>k0Wsl8<=j+(P)>eQSOyX~Y=DKbTE%fbF$ryAVR;l7bvQOn@zCL2yg8i) zxj1K;s8^#+$rz4WZAx{&PU7zE<^k4B{-{ttu=r88JQY^E{rWWq@B43C3JL+4=c( z)2w&X6oimc>xInsX;Dak;lSspku`)7$R?xuJoZcXPElid-4spPj;nL-L}uFp=4hze zZCC5$wKK73(?(=--jpxHXQgX!H(R0J4(2G!6&bVmAd!-VnM$!;N`^{9KcyVGe0rsx zR!WQL)GrPrlWxd)CP)vl2%`4hui>wuHCFta`ZcVOfojq@dYd(NV0qmDHV;YNN@Oif z&_aEmJnnQfTcicCSKsL3h6?CW(9rj^e3qd`w))OHJAtK{co-5-E&uOLSTN<|P)K&u zK9=zR-Df+6`@i1v-Dh9pzpUkXL{4a|DHSAh#r4+5PDlm`4}49N09Q@dosw^~8&(QR~V7)p|tUQ^`f5$noKk zYI%_qzq4W7^0?3FHkOm(_m($PL*cXSFGyceyZ=v*_7C42c~k%9eJtMp&z^RBJB9uK z>{<8g{r_5?N923V3ubr2Yd(;gYdO%^&}!|I5C34nH2?ay4Vzg^9}=FLK!&mHSVVlN zwgW8s(cse~U1k$B<6|k3NRt%AF%pO|ACdu!FPSDdW*}J4YqcIdBImFF*Wqca)$jK; zXWjBy#6q8iL(UBMuFuvz(;l4jM#;KIy51-6lQqgQ$=LSNlxU_CHz}I=tviDr2UJa3 z-w-`~l6E{NNu>GIv=oesM*O|)ch+lN@X+5QT7u`}H#BNZSxhzetcQ#Pt`M0ZJ+wDU zf&fh=;Xd2en$D3mBJF>$AQ0piAp^gSgLw3a9EWk52(HxvB8`klB*l#TOc845-0Jl- zToIFsTu%6KLWVTdED&4_fFHz+1tKCLyEN-zQqTc5l-7UK9uj0qLpo;CYqh@5EoZI+ zp!gqtN(PKZk;+=TFmGTv5M_K81!6wc%%Nshv3dAYj0j-n0k+RWG7J(GGpRg0rr;}1 z!-Og_&^Q(|rDY7b#))(jAM7yoXk^G@rpQT_RPQtiV?Jg1Ax2X89v9o2WaImvPEI#H zatNa&`mZ!6dJ>B%2sG!f&&ZI;n2-37#!PK#ydOg*#Sj7}Xw=kyYIx@&k%UI66`9!w zCz63KLGhTWR;%LCyPchq0-Nd zM88<~NFw2zDJjiKBz!xNZT&lpdDXzukqpH&5+MuYbUc}YsGrA^x{=_Nl;-5_Mgp7Z zfJSt{gNECwv=GaDusD~wXbG-jhDP%J;prlWN0-`yyA2+lD1i7c-8f>GM~t4-vpqm%^!DVw#r!fANt z2jOi!cQa6TBQU@-FNwyI`Yf|w$6FnJf*i->k_Q1{p-R9?ztRa|%x5e_b>=05H`pWy zUnm=Tyojq{Vdxf>k`eb{kWLRVNLL#ema%TxuQ=MhNv@2 zf`C9t&dV`yy@YgZoW?izvp(hhtmqw~a?oMhX#crY5Q? zmI(w)^GF2%Q4$1bzOMR}033?p1(S$_1L^gzPDBXZD%u^n|v&Zeih)QQC%N=8;>J%A5y9MP2E0_ zRTKhw)72!$TRO7WM?h}vSxt7mB?9xs9Q)am+crl08PMSc3;lk@tdbv%p$egP`xwL| zrWRqL-ae>h*N3yf&9;AXobt2jc2P{u_>ftvAR*f6yAuJ{KLaY;h6?IdKG@zYJ<`pE zBId(_Vi$#ZkBjX=AjaD}-QIWG-51-vm)kVr9jCVH@UYYC^qy}!^mHD^^i!%A9Wq6# z=E<`4Cp4a%&m-mvNhgwrv9bpLhO>`ML2Hwf-oG-x8i^~|_XqwgnkTb%2LV+|pOXE$ zdE$kF%jWBgoF|~_ujzmV>*V{^$f3EY5CELkg~HECzpnDl79d!m8mh&Tx9JM36>xg5 zee5p~pP|5_b-U5gn_oFxx`ZrF5in(5V(89JtbssE8?5c`(F(Iwu^ zn3UXy9lv<>@>i$2{DEY6-dGi^{x~OpBs9?T?GqYBFpRRcsaa<*Y=elE29=4qS|JzT2KJSv?}E)!eRDc} z#s>F-&71dnqv=Z{Py!o$pL4VbLTCCi9U$6(^ed(>H60g{NES=ZW(*7p`H0X!GV0IC z5Kac)bLEMgw?W55D$CChX&X}-|9$=@+fK6WyVowi+i7o-cEG}MJZY0&m$X$ZML5o4 zmT3BKy2<^{ka&w={VjrZL4ky2_bsoBI!}=r^jBdYtf=be?h&kut(MN%4D1|J*8)4W zcKWcsN0v@s^|khw^w@Ja7LtzH?HRM&&!KyJCNTGN>fN5|>~0e@eRxqEYFeUfHZtjolv8c5 z-~GTDQlcCuvh&yjq8CMK)5CcpITUApWI{Htf?J0~_eONTaJb*o-aB*j4PNrzqs!eH z>CpGqlw#2e|Bq7SDR8+Ig_3isuqp(mcw(?l=c9}P6$$G0!iQ~Qx!Psd6=iO-;9nMF zrKqcZ--o9|1?A=HI?L9_Csbs*wJ&r8FTpnzdVrFJriE-YlaHs!m6Ns%9;}2e0A^sFPOvTiYi9(w|1j{jIb~9I{ znL1Hb;o7>rAqLJElII|mjD71+jLQM`Ij=@-;V`UTC!U+NJ~YLlTjx%~PmsIv6R+(L z{cN38dZ%;k4WGyE|0jCFiKU}vJ3J8E0EOT_ovsy^ZG;{&l()eu7`xSM;Lfh>9>1cTIZ!BRSeGrO7j5Mqz~`+48j<1Y!ku)}_B zAdK-k`}rnUqsPFpfx@jV4D^iI0G1N1@M=ZOzp9ZIwz1#cz^{xqQ`JxTblGnOgG0NM z4XmRI-RY`yJG79$T(S-Sdvmj1j?NsPaWm?!LCG68W2Zg}_5+AspW$9lPwOAnu+8{dbmw(`!79B2 zB5U}tI@`g#bF(ub0A|e%Hb2hZD05nH&868Peq8EN!w@S9Rz(29aDvUdo>PzdmRF!X z(~^jQ${O~4-v9IF=E_!z{4k1AJ}CorPYB)ml4?j6Ul51W70zzCIOp~o>)rgDDHsTu zsbWq!zyv{}Ln9IHwe{`S61T}rCfpI5@S~_-yJhHc{T9YZ+h6)t|5sSQ4}tk1v_#Yg z65Vm+kUshloH{lm%VC;#>d6CvQ+o)`EQg^ItRACC)4?|;)OPvi?=z(dA+TZ4zz3C= zbM8;j0VxgOIP<>Oi+ckIyLp4)D7~IToJfVXd}>H5tI&ktOtesTVry~Si+fSTl7wsh zmr8jTyRWe&%vIW4pminRt&ZMumVPXR;U{PSE&lH8>`eU4x9H*jeiu=+U}n}u_te2s zP8vg|ElM?_&2{eVU5AX`Z<&Mi+J``~D+=fXY5Myof2#M21inoBJZeGSJVMwlUnj*#_{ z*#NYfb1-7gwIy)DBo4}{{k2h+dO@ed3#GNdy5x$w#Smh~MWI)Q&>v&g_wfAqf%=R3Ah%UI z+I-dPq0jHEG~Ez9cC~|NeyD%8Bvt@ruLi}9>T$=vEmUD3AoJ?k^Ye1T6O-eQJ;*d> zG3W(LcwGk3cmu==zGx*ad#`%mhjz{z27dUXXD2wO`O9A*j#Hkfl)s49DPnXZMT|m4 zjP6DeqkB-qXuTpl^4@!oC*aci6pV)Z!~H1wbRyx6TJrgX7ce>;z`_2({=h+W9Qc|v zxL_J^Lt-~enUF%yc-mAYPKBA36U4)_j_hCy``R#5>R4s5neo`ck-iv!nF$SZ_C*yT z3pmc4 zElXIDD1Mvf!DX5R-v>(O)r%o~`WG+w^*EazU(>n(TL>oJ#fOL^{Eu*3boYi zeCef-)$TZi!J#~`D2De|3ltMM5Ww*zo|cEh7F!wny4QEDV`MINUf#it?eJaOnJAro zL3?2zdGDfPaqZtlxZVcWQ57!VF<;Esgd36IfWmNhrsitOCAXHpU{&k2t4DtfkR+{( z{c0UG<%PRU3IRkKq(7NP$^DZe~ccaMpsZO|Lg-|sHSzRK_bo6Yr3c+%{ zS8%QJC66t02l(${yinT24I^ady@1{(lB{Wt#q89A$5saHFJ2zRM!7!^|CcbUpPr}Z Y>3Mpdp4&hF4FCZD|IhJ8_5d0M09e1kJ^%m! diff --git a/mastodon/charts/redis-14.8.8.tgz b/mastodon/charts/redis-14.8.8.tgz deleted file mode 100644 index 835707d450109463e0843afdff427d9e628c8af5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 77694 zcmV)aK&rnViwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvHTiiI(Fb?nEdD}zTJ-|%3CJ3(ER4Pd&sSYU$Lekrtz?61pa2oyT z9-e-`-+%G^Isdoc@7w=wKYRJ|PutJ8`#Zb+{&QAtd*@ky`%j>MAH>*CMkq}G)L$Bx z-MFvhfpLr}q#=&UU=08tQZ&ZtYykElg_n?^HJF6IqLhR<9)RneHJBv%&llaD?(SNE z5)=n0_CrJlYaWQ<6b*onr&AoS0g$2ulaO+t6G{^@==FRiZ=`z}(il#|u8*fZ`S%(C z6plG99+2<69M-kMyxslS{kRq&;-_Ik`Kz}HiUGk{>Z2_HgKHT3C;(Sz=3T=mLx516 zqAob3AS3{fD2hRfMkq~D04N5K00;s|;TiyhrkPK(6aj+LYm@>K#y(=O2=HMHd>m64 z#;jZzkI5F8Kr%sO3q&EIWD5{P34n0`2u>*q7(_%#cWr_hXA~30A)REGdgCQudNf6- zH-&_vH2=g0>RRZtrYZ?h-cqgb5J<4&{FiuHIfc-0!da6OJ#-Jy7&<$~Ktq`E+-S4~KuYK;} z_t_tP{*SPKbssny=Kub)XV2{Ue`oi_vkI{sE5qJG(F8 z_BPtxdC?!OjZutJNKr5Vot^&9w%7mO>pws5?+kW!2L0V`|HX?RzJJ+&zWe|0JdW)) zj~M@a)+hI+0M?HG?cEp8cAwkhfA{(BYSE5}MAo#Ltr~ ziq4Rq<~ke2DIBA{2ol!3HHPV*9Eb$pHJ~^dl**44b#;_xbyX1%{+Un5gzKg;fN2UH z5OsPLv@`wP2&dqLP0NHbZvBd*Y>GC>W*L;wlM+Y>QwPn2idw_#QtKybr2SGRm_2beQE>U24P_k z_1?fs6cHf*VcVxb?4qKG4dn>WPyq1dzmZQl7xh{LaC=t*I4t&|K>xcfXswP7Kg!rf zY9F(mjNV=H0|>+y)qbP=K$T+3F^n{@=p#+xKBor^*~kQVBwi}w7}0`Ya1+uApTbha zCrgG$1Hk2$!9IxjG!}$#9AiR5A53w8Kp6AN0@xJAl+`Z^9pM1UK_iJXzjYA@8&rYc zV6072e2L_&eaXrYQHM>53^`*n`&$)|f)t>5Qw>LnW&lPoBB+ia1#D0LOK~BXjF@73 z>1eyeCSiy{?Ew-Yl+@vb>6m~a`_CfSSZ#$Wj7MP{(wRAX7}Mlod7b2?<;K`7%%?H- zHASOB&1PF%v7O~AwsjKFqi{@mnmlqK-F*EhBXBKBs*+Oj-PP3BQbh{Kt{Uw1MmU{j zl#3gq6u^{0VtvMz`CzjIE6Jkh1V^FoB!Ybf3IFV@saDgfs$w}MrMdyS%*JY5i1OkU z8yKw9_`3mLLDUK+J0--{{>VJ3;pbTLh|CMnWe8($yYHpj+d@ds66A-Y8GywqCYmok z@1qgSA~A_P9Y!~BMxKIjq;WVT;AsRYBJ}ANKoLQJAj*p$j*c-sNfALYeJa4^k~Qe{ zuJS3c8{%GoebUPaO1*Iw2B^moklvFdMIK{a7>_;iP7Q^krv^YrB{03^$8mfmBdUo~ zcVRQ6y<|%rK=t1=Bb3c9Qy6C)hMyv~-BSaTFINflQP*l0aW{-Yaz%Q%I_V`i@bcl_ zV=WPl^O7{Yh7@_Kn|lI2>W<~ink=HABqiNMo8${Qlco6^HG5XiEn>mTb!5KiSt|LQ zCuL6zSeDiUQ-2atB+f$(Li8_PFpMI6g94$RlL7cZD2xLb;TU}YI0YY4ltiJ=QG8%H z^y&kkePzfEM8k|uP)y}#tF49zv~4g!lrqVt6Xc0AUQg+T9*(_Hm=fxx8RrGlZq4PD z>$}#Xnk&Z8AhxtN(lkS5U~K$^F^U?X0UQHWluZp-fmbi9;OFq1%6xgsfgpu(fTv)) z@A(s$LZ4|$FiIvc&Za00eR=rJ=A;-?HuvO0uPfMPwtWl0$Bt_RD&Pw}}LVnmB8jfR}q9E@l zgS<9PIFWFFK{KHK23Kgt*m%hnJ(`B-8UhH&rfgOoxR@wQU5i3^TyqWVndgoKLlb?DfU?T zMsgz~Xp}|ZhRxh!Vv+JG)XhzMqn9gCCQ81qtHH;=w?@YIc@>zF6dim-{@yeoU>F3U zP;`xsPqP>#X^2zygHV2*Id(~IzE~D8tI+a;f}bMDx39VE!4d%=3S$IDykNz6v6b2a zw9;uk(DA$}{5VBZoX$M4I7@LYH2SGf!=zv}Rie=pcyZtL)7!V|6%Y#S0CX;4YBodFZqbmv zBXBGyWyg#xg_DnM)k@a7%6`+DWD&D>R5gF;rKGY|B1yhqAw3m(Q!&MhQF($>$`~TY zXu^I{3~++Dj@yXR05kwEp1u4*O|EjQr_SOMagJDONO9=%6hz@QikZ&EMiEIzb7$2M2SPMFgL#77qqX@EnEoSrEp?C)Z z_L3>E{4L|GQMVa*g3=HN3hW90wG2EOP7%(i0(dTdE(37{!zfG9`6NYTf};TZBwhfT zzgYk($$TFXQb0WuFB+k)0rRC;nC(3!0FGW8fSta$_t2R>0K5F9$vO4brgH$c`Fooy zqI{{*xoA73)ciWPm|DQ+lT)*D3-FDSIyb}?vN|`+meM*m+?Mj{fXk0Y^|$vXvD>SV zSfLBPG3L)bp&y!)D!<+?Za&3bfzUW{oHyM8j$cYuVm>v;ghXwPlzDKQ01M=b z&zmGL@E<79aLs{)%XDsz$fQdUD!B`C{uS&lw2>1W5Tk>wHnQRXZ1?-yb`KTW=$G70ImAUeOV@eZbXg^`G>eDi9pSukcU>JSkXJ9M z^DR3v2cUPQNjvc;D99p|@=eb$q9~0aMIe7)xwl~=Jx`azU>e3DtLjN(0Zj^~SwzDm zLSBwnPKj#(7$jD0nX)8+6rIr&QZ$}*=`3+iR)j)|Mp;A<1w@txth5A5uEL}OW{UYW z-#h-cUCVtO`zWELcZ1Wb2*ZHCq6`vip+-#aiNNMbqQYVmXObcM`pFZZUYrZ!#W002 zxXf=jPj!L;PQlxFA4Q0&;zCiFC1_w46|$qhsalr#84i=f2ol02sCx1%l`YP8tPfRv zJi&wxqYx5AD)9hT2tZLv0BO@d1f|!ZkBAo|%K9pd$2}MX9*SuiBH~fZCn`jJk0Bu5 zO-LvFPfy~?#Z{xS@`MZr(j@4B@4h4PWBHMmw}I!Q6pe2>+|I5=Z(0R$wB#}NXF_+H$cgG)qj5Q@3! z3m!@19^C?F6_aA+I>@N=BvD>YR52&I+T^k*(t2;pb9#)s&Q%L4JL6!Z(jc&@3-^V~k1#+!zsL>(9lLz5E85bC zsew1z4Yq<^y1ky^ER|-gvD$ueK^4Z!+IQ>IiDtbNn2~M>!0yK2&i;0Il){X4; z&a>zFI8cOFFpW*@dj(@G*0HY(@NLm~g`q3xFzbk%QB<5T{(X7ohv#dFf_;Z^z>dA3lY+DNi6>6s!7BS* zHZiiX3t(aTb@J<;6nEuwqg-ur-y5k!Ug9hc%y}S1e`H~bNX@ivOuAw=*2yW3uAG+{ z;?&w+rMRO5|5CBM$gefGBoZ(!?iRG8jy-XGb9hn@om;Ebl8sa2EF;m4)M@~;^^IG` z@eM3TQ*FpO=aH4;9zee9Jz=fq#{nAQvZwjfBxz9x$A5p;@Av!Ovz?bOUj9RGr=q`l zUQ#VZANhS;be^(}z3+1Tvv{g%04k~|Z@`v}kXLnlGGn7k`5F~hc3k>Bg~nqlp?3)* z82c#Y?r@wE=`-X``PN9!Z4D-Chn4&R<&7J%BQmoYgV^&34mE~)-h>vF9 za;*VSi)#R$^=mv~q%$L__l1$AOlKJRvMc}H<7)bGHoZhCQ{vrd@<;=Pp;A$M0G>H9 z%;j&Bqq+}|8%5EITy9*nev?i&MNdAQ*NwvY0B$!5)oT21lvEVf8P%RQ3iC=_Zw$m= zit~-p!qs@+xQ5+>_}{qNvN8u8N2{7$a9k9v&IhNNqzW$_ZRVff4abf3zs?ay@o))G z9M?dpg}y3h95?hOym8zBmvYB(gIwAl#|`#dcgQJ}$t65;T8Qg?IptKqU&bq^0_1XT zITb*c_sgjO{OvpDy@60myjB8n#oARs*WD3bZmRU4-B@67fuVfOsFr#1C;M4~Kw1!J&_GA{n#0 z;G7qa2nJ#7r-++%`x6-Z;@^}KzF)yc7!@M)?kJ=*lE)$iIa_QTO&AGBVH~nv?t;S+ znBfcr7~H_vXpL4ai$#kmCvSwK2;bzFSbWz)wg3$Noe^GQ%233JjaZn@wxk+1#n&PL ztDmLO3|yv=bBG(3JT3VBwCi$;VmiH_WCO6X+n?rd#14nOd~p=IoTu7W{7Rgx@~!Ng zURJrFxA3#7!BOdGrNe)8wW``CE!JhNy{#JY)wo-=!gjw7SBm@vJgyA!o~Q5c$>&Nn zrP1jsC%l#0RR!2bzbn^SU#;VnH6JeFdZiFn`d%5RzHIL+ZRT&~ezm}`TeSn0MsjNp ztotK-0UxY<)_VvitcB;vdw0Xq`*BV`to$b7t8_K0cf>NpdqGdEubV&3u2^5L50>Km zl1^Albs%W)!m6RMwHsCyfz5tcHQ48L#A=}7UOlmF+%>LPrZ(`Iov|t>-49#l$4Yms z>i%2SA4`Ya&LL|#)-LIirO0jVlXWkGu&`HFu7xb*mZi7l(J{+?UDWKECCfgHYnE}d zymH?xT_D&O^(^p>NtpOYv=aCoL!I9^JHR-Ly^~*i9=} z9v1V{GOvnP9({sq}g(!Jg0W$wp9id@2*)*7eDT-NyGxv!tE# zu;?>;KiQ3K;r>+O>^JHFWwWNj1FFQ1`F)^lOm$9BC3IiB8&qBEs{NoE+WF`SRq}+g z`MiWHl+FCM&QST8)qQzGm9Lvx`9pCUhZ)7hhY|PnFw)AYlf$Aw)q)jE%H$F@aW|2>G|;Ze4r&mS1xL-W2M8PFt9VH z0d9OKz=$=uxJNe76^cP3HY1l&djuVb&+;dCAcoHeD%p{ zJ;hX+wbse+x&*cs9eF0(T0rikwk1$`cH0_Yr9`(DlvWvUYv5NUzqQclS#TSmITPZ# zz^Tl*HSp?_fsbGq;cJvCa5~ror6Zh91zdH-3RDd@ zJU>D(Hk^R=4d)-e+VesTtT-}0JSqI5U2PqJ7i{~z27pEF0BnCRK9tbfz9l(<>}M3A z=xi4IM02vwS7h$j;R_o`HkV8B=L1PqX46JS#Ht>nn|x*GmwV7;5zmgR;mj{KZORDK z{r$szCD`J3AuxygLPz9Y>XO{G{HRs=v-7WcYGJN}j8TkIp;O2Vzac*)*KZ*i45=b) z85pD;=5nscRZy4rMXrMU?K>kE3)jPY zBU`vXk2`Wc^d8V1SrfN~{gL&9K$kzV1IJb{3^>Aak2<6r24@ z`;8Lt`Rq4J7|I45y4^-;Yt+h+ql84gIB7<9rl0%f<}yX~VnbJpQCVKF**geHjR{G6 zNcs3PfmsxPp(ZG~;TPveepOd6*KvDS;zbK1m6CjZqedzv-c(qrl=v~fl}ZU!ota7r z-xqJDQro<0JC%lpKH902>{LpOUcykt=6+j4m7Ioqvs8)2RNKu(2c-ENxg3KM z)8~i3Wz8-X3(ho?XU%&^IOG|o&&F3#BE=CJFu*ZI%8X?W*asik8cz6h;zqz7k{K4) zX8>@5Qpl~X4`X+U!i(7Pkzp{1S6czaWP7*b=-7i5_3Oc+-AeIer?%?UgEoCCd++${ zsNfTLV|fvbX=D3~uVxw!>tgXIJVI-(OClw20(K*s&d%Jj>nx&kTx`s4}2 zt&TmGUI@iTfO`k$=S%V(TmBLomAM3#K6j;QoG=Co5w|Ab41f-@$pmLnpeMQ6U<=fT zGFZ7reqcQQz-Dp&7m~J5w7AOUa9m4iB}}zqm&mJFpV=b!<8ZIU^R@I6`c~3_OXyc~ zghMF~FiXs6ZWD(uW-oc-EMThnEDzsN%wYVRHg~}!`4 znnWs6*&2|pv?coqgKmCU$^J5FJ;zrlW=a}omps&zPL7NKwabHf)2@)q>~x9icZtH2 zD0)vag7~3hl2GY14D<5h44tuA1s76Cb+ESi7Do#|zKaV$NARN)u{0{n;#N2fn0(AV zc>>PgoRz09n(J_qCK?fY0b&)U=Fnnm$N<2MPWJdljet{QBS_@vov^LGugwlx6^Hao zp!nx}_K~!)m&KIiqm+gt4wvZTEU#8Yu*$9=lPlOWXP$gPSU<}y5wnE2FXha2U^fAm zray*TuO{*DADo;X>QQ8SGnDBENl7nP_=y@~tUyI8Z0ye@J;4~0x3&|3G zdcOY}TtdR6DoiFQEv|ZOz-8}}BSh2CC-y%3U}_fRQA{Q#RdY zgnMqJR8YyiIP9c_0#w}~b-HaFD7ab-i+S8N6kQH?4b{3jZw(W@+grni<9604L2^24 zn6OH|8g&rocHA&=RrzgLSgQOs%D|j%8!l+N+s3lq7pl7p?~Cp3&hu_xcfWZ4{iEl? zsy!FVg24OZoIAR`#)N_)xPdc0v^!&_46GbpTeHOk6D{VC4E@1RXtjBF@3?n1JQn8& z!of}&sTha{pc7#qMhs-fJ-dCRDIBI_6>1iy<4lCHFWnv}@!Ap=>mT7XiO?Y5FLw1K zF9tE++W8aYUwKz(Mh0NY7`ru{@dNu`(9Af-;kCX#0~*E4#q4MD#iOtHt z7GZ6papwelzG&PU$$A9t-vprF>%(&2AN?)Da*L%kSE(5W;-`>@%w@Am$5B9BnRI^G z-r08LAkW(~e-?7d#%hDE66`q>ky{AL_FQG+odJ1R+Z$lFF#jnb`$o-wY}VA7Ur=JF*YjK{gAB_mhnugfi4l_7$;t z#_Ig^J0~G7QZqCSYefN{Fs@<53CMpyD)Hy4W`5`{mQw?*sx|=6`lKCN0VVe=pCIL; zBagj{){BxLB!C~k7^cBGkoHYZ5m$twFdmcqD9?CVWHi<&(Bv?uK(Ez2#1#P(9OG2# zf+~82{w`NAazg5<(CW@5eZ{6jB6fsD)GsFp3IM@%gGZJOLgF)3PUKK8hK(^VS;(~w zyO{BcYNuJmqn=(O6*hFyS?Y1e(Qec z7>l@8bBsmll5>njK?^y{16&z3TgXcb^oF5=w({}!u2a3-Rv};SVT72P%op8#5ilcP z@6g929f%XNi!8a7W9(Ju_BOvF2OZ}XdIxmD-JK`N?%aV_uRvc1J;Lb#>`e7nQ8~^i zTN1BP%Cj$^G|eRj*vr3FDVt7VIvZG~lRSunkHGCMU`<#T2)p_FySom!yHjC9Gw1uzwjFfO0;W!L0Gp^0DnQVgW@jUmOz_mmF;yyhy=gIN5RDvnvn~NDU6m8ir;pp zzi)zn0EZ}SlP^^iCXfKh2Ef?x03x8HbV&iHLtQ6DkWjD-reU11EvcdDJdxIo&!(CaqbC9r=c);eQIS#Fyjz{y@}XeGkWk%EQ11$dA?R@u297CS0UkrsT5ZX zWuO*$Y_2lB3VYZ!&Q5XbjYX5cE9Y?SeOGl%Z-q=OHO;*FE`7EQPb@wNUDIxU&uIF| zuXbBMlp6b?%?0_{1Vz#O7vl0?kFe^F`|xs`t($QNe)o-dHKhD*+zrclCtd}O!m$&~ z+!x_h2(&A47oMuC@H%kna<~%SYA(Z#uGa3tjeGFz-R;svc%BO6@d|u_EAT^OQh55H zDeuctH{X4gIia-%-TI=+0e^veDU-ur+O2q7_O-mV4sCI2xTKbD);yS60ZAnK$Sp6R zOkxN+Fr&D$Wv^s>`%Gmp;|aduBUPP{29QE9!ckC|I(q>Uj*8su8l`{bYu=WM<|ae1 z4Zw#m0ABWC!2kUjd;)$(ffsZ@2Y92M4+?{ziXWLta-$i@3ImY035w4q;Yc0wF&&Bc zzHr7<(TbW)|g7JyrV@tD^a??W2#4>Es+UOg|wG{lau z7|q{l=ZLI&IlDTAaR4J6BavfWhO=hnKNOHroH5A1b&BGhEzr>lcf@_~-Ii=$MklUz zX?!u;H7xw3m|AN%Z`HTZ!Cpx-*FKGx8YPz)M+g?MtKgetz9R@EkdPak2D)z-qcX2> zSJdsO!c}Bg9qsDu97HQptq#`{KIC!DxBH$yfhqKP9QG)gz&M+tH1vTW2ZXtctci3I z1_6q#wgAxK;?$7~^OpH7fm{^0Nc2>vXhrVU?7!{|Q4;nra|x5oRG?*#5gU`m1WC)9 zSk;RbB_=g`(pt7)PfhCDb!!E2pjy&FleE|2Gh0wjZ(9ar$(fiW`eUrl3H%Jy7?R!nwtj#&poaz+@7)mn)U#u}?rZ9<;h(bMv}|S@XYHJomaQ$tfTqyDsx%tSG0r!mu0+QYB&~1` zTVwx!Jg0leN1XpDTQt%;etUj!)}K=)U1cpQXq9AiR5{|E<# ziTvH&+IbFW0vRL}7l6VT6cu^q#x58}k<7RyV!?_UDybcegFHwX`#Xn;uTgrFhLob1 z-)s-o^eY=qZR|%`P*_~jB$6lJQo{rrLFiL81y(gpVeUvnh7MTY1fM`0#sTBrbJk{+ zeQkwkdGfb9oNGTLapR<%%z3z}%Nal)k)KhXaC;4atLzf_Gy-EpMG4OLvbJ`pg#l9MxKgllO+_Zk0Af8Rk|HGXHY@R2Tl-1v zA2|;J=;4IsH}ROUa?Cibp_Kb?lLm1kyJ`S&6t_v&!cfS5>ljHZc9;7 zLnjTzoCN-7L`2_8lJl5Zigt1EVtPP#-e^ve9R*4rzp9EbqZ7Tsx3{bWzn;~LIb&gO zf(`d~BP#PIC)``@vj+Y(JUu=<{#kU!kNLeln=U&JZoD#?!RHaZ?XS4n)#0Os&3+v0 z6cY-f@CrpUsa6NBj4`GYb~NMDAosD0XVyW!0E_$yj6*W*3hJ4RDJw0IB1mvdw!jSn zgr+ziM>9aO@fZ;qFpZH&ZbBK6wv#)pcYw4n?;Oi~6rC;@5kx|EAZ&`Xp%`HT?(Wofc!b%o;1Sb~&qQ229zd8$OBl1BNmYspImfhhSLjwv z)LnAzcQq0v_4GV>9MsPX`i;hC`<{>L&R67_Yugpr1e{< zdw_&-Gy9B$Hg|Vgpj5(m7l=l1KEg|Ujk;^*Tv^+Jm3=~5bV`zjF&%-c5Z<*s%4EQjcxAI;*jZN*w_x@OID`m|-Q-D~HVYnPnde4b9TSkf#`m%!=4{^8lh$?)v#UvE$MU#)NG znyHM;*-8sEcp&mWliY?(G#_{v{F~r7fpqe!bK4Cdg(BRVrwF|3fKS|4=EZa1c>(fq zfXtp}?UGp|*jmM#S6YI3&un+WX%^cl*qIibubfO+GJ*gk0Loyhf<1~0X%@F@zG#L_ zq~Uof;wtT{r^o0TrB6X^UjffU@pY*y%-;-zU;*%iwV#XS{Db1Qr#4BR2S|ia0>YU4 zUe8MEt{$P5F&O}`hm)CLuN{ZA$OICY-13ul%<3@-=uzAg{NiCs4Gs=^beia2SApdU z&8m@H@o;vFl28U(ya>nR_2NgK7WVSa$Xnho;Fz^rHvV=`Liw+wp zAYTm!9NY6%uT5)f$C#o4I16LnO6(-!7;%`TG-x8{*<#C?3fLlCYYeqiXk*qM)SqE-8IL0`HghAdo%C8jnDf*Y=wCqnN!T8_MXEr5wn7;B)2Sp6p6NJ<<^yz`H8yC z8oUx_R-P(R+&Hms7GU!_%BrJa{(@$eRkboY1iATk_Tom_yv9g7XPt43BYX)XaVOSQ zcVe3ylQ=`ldB6|8bw+5`Yn(n|#8KE}bVM6E29r9Y5Jf@9#RLb=9NjAblZ5qk`BMdf zo+cok-JeF$gEYk{G5SD`WGNUt5RtUqn`RLWlL&RuG@-NHhEDF|31WXd)xaCT!+&E_oW$y5#mN_Q^pp5f(GEbo|tQU->sb@nx(M{+ngX}kSK11 zdFnAi|}uoRqZme4=&v-1KPc`%5wh_{#>5!?p5F3iV%}ax4Z)G zVmy#RibTw?DuL8uTrDq-8nC6iZJ)=<0*4%!is&SRQvt3;*Uk`HWUEf)`Y0Qg=wPdt;>z3JPT}|bc zJGzcY(DWLmdw80_6oJk^UTt@ud;Kl&_wDXWuipXPJ($4DFbZjiNcWfQ5=kiCpF^ss zQSkWA2XxR!iek=`-u3n+qHw!F$+u@#`67E!_v(A@J#ekph|7vv6PrY&W5%SDBBt?4 z6{C_;83m$=Rol-O<&o&MdcG8VT#g&M&@9Z4mcp|vN7_kDt%NmlD9!i@0puoR(wb0s zi8?aMSIkP{^LZq*aCfTqUHT?ie`lsR-za%Alv9;&mJ5`#fp2cg3w*vu;w_y^awIpj z)Y(EQDkVLyU<*|Y5gXcyEwGPagotLC>qyLA-%g#~I&e>GeQ^%c0UI=ljDp%WD;KbG zMbA%ZyVIMwxST+mTha034W?Z?24c?BJ(QXvwqYM+*y7j)o6a^F9zJ4=$0#5@#-$Et zwvMXAo7|_qcym> zX)=)qi*4n8;szQ^*H?$g<={K=k4`HfZ6w2pBPf4OVN!djk(a9Ems+X!a(K1NZgsV` zi?9(5amCAVt_&93Sxgtqn`Q8fAI;XVV18{)xpL>;GeWDW9O}fOkCm=>Ox?>K==ylB zD_>UCl^m?3%StV0%elByPT3|MU86vlELyHNE%;;HqSW4@xYbn0H~ZdV4vxC2I+<(w zDb2BNnBGUSeie(#@TH6PhAG|^7e$(k*OoM!>PBJQADQdFvq;T45944MB@=j@O~H1* znRQ@qg8VB+7oDIKiHP;$?ofoVm(ilcSre$5EJ|07RmWK>O+h!!OWP;ji`2A^xfTIo z9*McvZ#+%H2mu&HdADqc+BdNI-crIL<%?JS zi@F=k-`V=53BOB{6v1E*$AqRZj43fDsii<0p%+&MwR~zL)}_^9pivDIR6v2^WvARn ztl++sFHgER2!@Xg`=@ci)Y@!);T=F+^g9(YpCi5{>dfKUQ{`JRAld3@DMOkHARtu7nZDcaw+yW20?9-?iQ9h7Z^ z#bxfmZW0yQB~EYv&T)bxJf49wUIgd>7+Kswp>U4JG3N#N$1A|d6)_^hH~>?eA`r$S zoKA((32CcT_BS}aiZBdFFTvtJ9+f0{f@-D)Dw29jcP>wdA@jxOfg=p>gm(RFj%B-R zV^rb!pv7k0tSM$XNN63Y7vs!7j2%rNC_+9(L02$DaRXWuFj_@a4jo@tg?}Q5x;eDr zdHkF9?p5dG$B!R7o2CA-RH>4W$A(zzTX~9bjiQPX@3MY?pfFZV4i zCAoV2sOZD03g$U=xm4~*RrF#NC@I=Ss3wV_)Kn2QhDVHvk;oY((1;K*RWtx@X|y!w z&)=M>!=IMS=1XadD}&OJzj1HixDr_8&Oqx34R?w6;yr7ugWGZ{<&|Iz6d8^S1vYd_ zzWXvPkVL@~p^fv~5xr!$va>$7z09}v*!Exf`AByLrz^4mtGEB^?>^stX4!x3Za?OK zd6=j67+yQ<;-<@M#SQTQTyL*kg>f(dqSO&g)~1NU08%(u1N`uDV42D`!;2lA!$Mmu&WRpKfW1eIW zs{3NkIPqRxmzZ$p>lxOlgE(M{gR3=bK;}d-84-l3!&qMn5#QzaJ~;-HZ8FPBGut%O ztL2*$@Vtz36DuRW?n!rZV4mvfwp+F3Q+^qh$0K6Q26uO$)2X7w)uS#(bIBIl@wzTm zWvcp=MDQAUMSQXuBF?^+a9VV>PSt9A+YNci?p8os_jf~um2|k1+vWM!9j+&TTat@T zk4_UA(XuM+U~b|n1J4L4QJdVUj12FpDWvoa(RsYKy%-0`>vvn1pCA}Sh>*pDJ+|}a zEtmNt!)Z1xu_VAZu?I&KrQS4*qL3gTGkIvkqEZ0{Y{+08>7ZuGpqxt}HkJgYFp5y*ky-37*d7JrjDx6HM{^{ojK;<<*r-z`i&hy}MfzagXPZ zVQ;#cJ&v?5^s&dkTHHOhhOcM_Xc+%H+uNn_|Dylmar{5T<2=!kNr)QHbCj?=9_4)N zM>!-xK9d4EOV9x1u@=^ViWPTwG62UoMs2r9Np=~9WO9t@DT2XlsA9_GiNFk2@$fG~ z9rdInQa|zdx{aBk&vOtg9~UfIq(ios+l6KX<_Ie*<)aVp$XU6Ra0h zuRn$qZ1W$ZP>FC9UZY0|ew5(PF2PKI${*jn9qu0<|E%Kc5D;M)D6=Xy7Zb$OR!`9s zr?Z6yLc3iW8!N?L<8hSKjgqs2GLfBFeNCLYSM)_ zSGipG!lVaoe|r1wc>m(?cK{f6wFEsxN64he7`7^xg5{zWVm(UYLAhH9x6B zlAv$|HgXiNwl}pT+=nNx*0=u#@~{2B$xn(q%4uptqs0Uv!tQSWEq|evEWp`-1mz~A z!XYESNxO>iO`IPhG~Y=6g^2%kw!q=Z7N>0stoKz51y-w(ccx5ODyKS#X*(Ak4bRRG zPMfDBtDH46xuCS0psboJnx{*)3c!+G(7eSaZnGV8~2TSOz_Y3h2>4k`){i@I3bk>VXy^8aT4wKSPpN!h; z|I=7Kr>~|yZ|u7E!Mz2&&-Ru!yK^iVWBtafSUEC{_9QqpX7v>AC|9HRfwcal%`vRU? z?<5Vc!w8Mh0r6oZOi{rIMg*+^Fd{r=r!WRcvj`2q)1!>g(<~m6r{XP)$4HtB0N{aX z7!O=d7KJqK2|BwHxUND?;m1WPPcWf}Cwm3m?1jt>Xudo-+%H}vs_8-Tj_Dh3<7jq@ zF%P6iW`v@t{#`^V+fQ+#2NO{C62mudSSiMzcLb#?;9PE@ZnGdq(t?9+fe`d2jI)mh z*_`BIJY!UIBW5&3F@+KD0P?l9P(&Hd`|GK%u3w+3H^RR*|H*^p?1yRoBKIw!zj9c6 z5e%nK+n8KdtpCcaWF1q`{*WQN>l#O8v$wBALJVJcXlC=nH+k4yUt1sRd^K|GDVetSYPLLOVQ>gWh;o zN4Kl?0}_0Ov(!hYTy+#Hnph-Kt88Cx^DCfhCcxF*VAWaJ zytm#UR~)cbpAO$qX1%_*HBXf13Re4SHpCtcL; zV@{HZZQHhO+qN;WZQHgvv2EMQ#OD9x{k~J@@>K1v?&^!a+P(IE*7~hy+sG^*G&D=H z(Hbpc!cK&ap|$Mrrh%+|AtJeeoP)VkJGj}1gYp401^hH@OCU-X7YaKK4NR8ss+A$D z;@;yVwR@9aDUQRy?jM9rIOiiFK5sHCa9-n_(oy4h+p2|rUb2@UU3RLA8wIC0IOQ)jq##-DPA1cghHDD2K*$Sk{QBi` zFCv(?biWb1<;0g2FiA0$@?5&PcE&Q4JqCs3M1wpX4pSmOV?C?nBg~u|^yR<;a~MC< zOe*|WGh*y$PkSQDur60w31ea3KtnpW8VLqFl8BTthxGbfN{Cw$F^)Lrk`Z@KaWf5O zq3t6y0zZq;qTT3%C0tq=;}EEYEDqH!Up|aHJZV&iXI#s9pPD5}Nq7SVowO=*RcQlr zi@9T$VRmoEN`Cz$*$Z@f!b~cXIC%p$``L-K_)_9$dEt}|6zd)1b}&QNl(e1*S6?lK zmYJ7~^dT`bKy{U`!KNp{=rt?!Vusf&a8u9_d7xre4)rg63AK#ZIz*$B;LqqFa)psXXxf zzpjxKQ}~7Aj!}A)t z*qv+q_J}5UR#%3f;I{L9d9ZhO^y%juSABvu(hkbStTG`(Aua%Z-d5|9SSxr)mx)-M zi0cHq;x&U2Yk7^<(YO%#K)KM=NSYc>4Qq=EOt-~f;=xtV2b2MHjLyO>T6C{|m0H;y zMSt(+W?MPr9Ad_*8k3w#3N_QO^tN#{@RrpS6?C{CXAiFxj+#b6r$eXS?WUx<-+fy8 z?VT$JvY2J<&NR>Y?<}bPIC_dTHkk2dOPqx-J+JDRihzKW65#|hR#A-IB z>tRymTr#qD{WhgyQwRr?2L#Z+IQct31c!offz?6cH&;IcRO@908}+(L(v*4n3^^qc zG7k8(PQCToZ*hj`MwDsb`C3C^5&WpGHlapbZcRpPrycyidI`@?aN_DEpU zfKMhd6;2@$=40uY3T05Wns&BWD%cf}!OABM;w|uiwa1B7*J3o+(_(oJX}o=!S|#%6 zAd;%Gvg#e^;v~T+VG42=LNZnZT<}y*Bu05=Ew)jf-x=nY^mE|x16C?m56h?s<8+%U zsl%1!$dS)FGJE=pdxTbbLKkqQi@{k6)8JT&y{EyFWs-0NAD5qH1Wd7ssSNIPotmOu zp-xP*hc{V|({0Fas@O%a*R=&mw_9@A==xqoBvgzG{4nB z#bi3`qfSgv_ZnFHe|QYGp0%VrlpZCq$_ys_f_iB_X#b#m-Hz@r!E^syeuBeSQUJDI z1nCcQJx8GTB_t?%WRoXt@eMK4HpqEE|D~5Aj)vVU>=*;ibMu_K3gqryx0YA9vAsQT zF}~{9vHA`p?Xv!pWvIXY-6?u9B9>FUy#LYF6r{|K3yjrIQ%J`W+7+)1SoiKuv}~AY z{Y!*-eWU(}RF?e9i+5CMus6r~bbU2l!NHw9{qm?L@L+->f^8WR@bVvG-e1u!yoXNz z;-an?W1pfqk}a_CH|$AqFsP zmgd%pA~#RS&ibMcIgf_KRJwjUK1b}U;REST5^?(L?bX0HK#X?hP8BYHBj^Y z1RUoWuv=rON~_INwHkR8YGhGrgV^xPPxf%1x!4qLOfRn$V{w*rQWJ*6fwlJYXC-)st%4!bg|l|Sizl#oxu1t1qN6sq?@wOU z%Pi;;8krn(g4m$M;ZXmq6`*r|9bMW)^)8SckfzRMOE$u5-PpS$vUR`k4D#vWXHNLl zVJS0HN$fI=*?^GfVo+%vpiGWQjg?Q=_i0opAjFkVvEx{cW5r|5;B=_jJIc^&EG>?g z%OdG{fZC3=PM%7dEV`6q)X1@DkEV?HV~T5xLW(hiOnwY$J|TfOfQKfCH8JYbqKy@u z9U9*yP^FQs>({F}W6G0>q_3Kan?`<(_T4j*utbmYM7mk)%wTMl?!Es@A>L7jw3#b5 zAySr2#Cxb%6V^euP<>71DKEv1g;r@R7A-EFz|bf?1V|mQTFN+pVL|jE8c*3es(@ES zzAv;dfK~tjb(~{oiB=bpID%`1b(dQ@O&)5)ruklB9ER*zP$c=8gs)X%7jUS41b600 zzv73HyJf`^mW)Bj&I_ON&^r@Zqk0!wxiz09&|JJDl8C-S!`b3W<}=6Ml14`|9kdyr zbh(yZzDM8TOW*MiyIdz&`(0$GYO zzf0ND#=8GKeebRczJDeL>YDhvGreKPT+;E(6(derB)ov2O~yfim7raiC#=$I2ow?q z_P`HA%9+{*W(oN}Uk}j0^xMN63gbLdv`K@-q^QSh<}WBF{qWtZJPZOyF?vTd$i7j> zXz%$yD4;Ur6spkP8mIAIF3uXDo9ei+)lRH)4+kx`)4v1OidT_Xo@i(tHfi0lV+xy= z45~x_-d=ZLL<< z^vyEc*4ZK3+yD~yoLnOS$BXrV%^e@ZQ-Igb4gWO&@2FuY&$XBPuy?NR&+2Ac_`nrW z0l-&cfyPklKfJnDYUZiE>!WUMo3q#wYh=(GL(E19{ppcCl47}dJ?<0UsI(~d`BAU;lr*R+~xY>oOI!m{gy{%IjXREz| ztMc(71jkNXFld`wm&?kn1XK-6nO9S;4kNp#BE69pB$eA5*7ev7vJYq)uA!>Li!dTC zhvDOd6V=lt!Pu5~PslU?F#ig^H}U>_sZ%QbNdl|2B3^6$?pbqDXu_674e5zJb<0{Z3%v)XHnpn% zHg$&DKf~);JQ?yl7os44@EV&)BXKuJh^lNu92E|8T7tqw2EOSBIqS+&>vBuehZviW z2~kZ=O`0b;YCd!z!=@(p``Y$Rlu(PZg%zEe+xxOBnLTpNZ?Qfsy&{y@d2TGReLs&E z_SQlXkseyQ>LN`(>+yp%4`dw zrFhx{c7lx>cGi-4r}RB&q5J2B_1qKNp>vCq{8}Pz?h?zqx+&P_r@5`UM#_dp%VmVA z)QB*f_hPAToBnG5S$F*u^!6vm2(XdC+5l%+xC%2vssOCla@Gb}YSp$C-n_F*4Xk~( zXu{-}F*qBbW_4?}PTtQ}zU7UiZk2=PD$3xZ1UEbcZE zPbCE|K8r4mFKkemoOW-?EK%*zi&LqJJ}O5|G}#X@1xvByZMSl(fQFwqX{27yLyJ%Q zb;X?4Gcu8-9NMknEHw(D1Vp|Qbn&OUi9M33;@oI}WDK$;7^w6$V zTx6R4u*A!lb9QsJ(`$>S(6#xm9q~b`KKca)-p&NUBn)5ADFsCB8ZXDHvvp`P7mSej zGr_p#w8;=?Cqqm4O5J0equ*I0KY&_6a8<$bsZ1rYMkSQ+uDO@A?2%|!IwE>q<+^1! zX9^<8(b`y}?)%YF#RQPlH;HW*P^{R0wp6WdW9(Ik**Lz^6^tP4r^QFcQ8A-h?syS|m4X-+agQ|;V0Xn%O7?9cZWz zrmoFD9#ITygNy}~zhZRA{>KSnJww-o^@`G1&#;P&L6n?G{H4KiX=)XD)%+#Fi8p`c z@f8`x1W{`GY1rdx#9qZlPn|-l%y6pY=oIDste6ScnNH1>6{hbmagl_o(Fc)ESC7za zo`P|0b-Z-xfI3aY0OGy5Z?K-Rw<%}R$*vkR6phMcsIk4%p{j*?4qX%UwQ;A6Ir)}) zydUZs3mbqcC3gecQ&N}^StUS$~vtr~lZQVrWFXj*S1X?;Z)wX)Z@hlei@ z4_EgZ|LfiMtQa)&xIWgP3)!H6|IAN1&-JyZsRIV=j0u|^YQZdpxi=&7_HplMdVlAC z%5lTb3p(ommo9Y>xfsb%e;&3^&7RuLc}C=Z%LtcZ<&LJ>!rkV ztQCJ0b#5Y+cJ93Pt@Ta$R+}du=_%1~b=1AChZYi%ll+Zi(SE2_*qKHV}-*y-at?o=Y@qs`X{#N zH(|Y6q~6|!cU0N}QDIu}-K$W73*t}P3OWNk-IAQu!d5UB+iEV4Y4E{0Hm+LE+KQ%F zhXAd6qk4K}KY|85NLq+FDd<#SM>b4xT?PXPMtTe_IjT6=_EnT*#6zVr1%q6hplW4X1(|)kF zOE!P7ZPoRjO01E$Mx|FpZy0mX&GV`Quwwh{dx7o2a@Den`N4Yu-|Pb96s=Z;ai3m8 zJluXQfA@u9s0?hi2*eC6H=u-^{*$4tjIpf=vu+f%tO2JL9P2;AGxB!L-5r)1S%1{l z{t{Mp-gJ;XY_RiT*KHq%+EdM)(-i6cy86OQ&dkrPfbnx9yHkpC|Gmv?lX=&5tZ)^1 z@arp5?;tr*uXjYw*99vX%GNgA3HN0sfo88?IqAn9Ah(;Bm!AXm^yPEmF!vg| z@~-B7qv)75O>)FR5b5HY?t~MV)|x%v8zOV`)7{OBPyzPe=|qZpYu=xD-9?^1#rDEq z?j)7HkWal>lM5GqU$F#jQZS%L+UTm(4N__jSuqLJQ+}()!5~B)PJs)S5>RdHc->4o z6}49&q-9jA-<^#zEjKdTd#^hWge6+GEH& zKY33iaV%W*Z!mgFsh0K0)M4{)U0d+zk*}+6Zpx+Rl+I~TR$HLRSqrQY<9bD5^O9d> znmi;oP*VN>S9@wA-2VTyCrgeSX>3vL#ilQuV-A`6Hc1=I8OA&Dy>nz!uLiJx$`xVmaH1vdDix{;(b?)0!A1d7;`=chY^Q7C`Ux?(WiHskJvJ`7%qojD`<(LD+45Ovxbue>udn0O_>F7Fvnz zrgGar674K%&3%ONDXU?!Ip&b+iUEQ+vN`rVE76?KkqB)qPDy{f<}*Xp^sEXkh0H$; zxq#YIiq&y+nz@=S2zk)tElFsBsE0=5KXbOxVgEg~2!}31N;CS?V^WozxR^ZkE2NTa z8Nz6~?d4$A5#etrpk9QGcw$Usk9+=Mky{c3uk ztu=_7Ws0-@>iu>2p`=Lx&3<0@rvpZjy=R>{XhpY3$f%(;oif3r(;>BnC=h|vx*={{ zuu1Bd*vK*zaXAMe1Dhhhq2a~-UzSZmx z+y1@`-T+R0+!vqHUW?kG*#dBS{Y}z>ORKNX*WYd*y)Pf9`|oB?>(~Jh*L~Z{^Gk{p z8i>YT0eqpsiBSY(=oF>rHpa+XCoWQDc>w>J_Yn+5GLd-3*q_JCp#ATxpr)p%rl3WA zgco?OJ!FhB3g8?-oA2a?%PMddZkzHPoQyFf)NcckSKOFpii2uC9^iCWDG7nVAYg?# z*+V#yCKiYg!}b#<5|DGwIavbWMNAGJN1zm-5Yn-ny)?Kz)zkfhRp^P}`R}c>v_7h^ z;a&p?XpDW7fB1R8kr_)-e9*|xNv_E%4Ia>R()Z~hrA<*;k{E<#ebB!`lhSc(Z&ky> z$WUm~^$B{cWyv}u0(-w(po<*R)2@1HPeaoO;}c{nv0;}!zy{Lo0)6fD5)hM_{-OsM zIU!4bTj2#U*`kiEbAepO#{1Iw9@}~6JjL_|&AitX;T^hSHdBY^!3L?$2pt6u++jA= zciFFZS9iAY@Q#lkMAI4?@<7-`?wNY}KgY7NerL2yU0H7@5u&HhT;+m)759T~0nJAb z=YA-NDCl+-hfi%Y$Od~(qFJN^7lLE0Hsi$#NYK$S#{Q0`Hw!=FtsTC;F8Hjh4`3{$f~Q_I=$_0NeIi7!DBQw~`=crmNvN+6Y^=WK zBKr$fa`ZH86w;m!KJJGQurl^B-X4#hmaWP~Q+`Rgpa)&~L7#87T$?>wP*vOf(vrF~ z1`*1XQG(+OEg%R?BSB52+u{x}-c)K1C=cY81G1kxWr*P^)u#{2P;QU2(378pa8Bp! z1}H!%Okh~j`#h=%M=9gVLG6UNfN}Ze%^f52`3<*s_pL8Ey3M#i3^o(#IP&s&n35!P zN%xxWst2F~urcn>qb5w2EWiNB z5#{ziI8<>7+};=;`Up9lM8b$RlpVj!SOmBr!*AGdRK zR;%@fb2I{8H4kTf(V!VPjYm;BR9Pl2bz2fa$_LSN4$EM*BN&EG_TA3v*t*=PVGHaAL?VFw ze;mP(?2I%vCR0BYr?7vO29Z^zMs+`s@Hu{7$284ISJw|Xd)n!}>G1=6_du-E-L39?y!h3;eSiCT z-RuJ5)coB;y9xh*b6wP{ul%9!?YXgdY%~P%aX}nGm$B1fR-)VWwwegZnU%|b0OWeV zxE^UTHwZ+)Jfe_H?%%jPw-vxTFyM8xo5eCceN8_Y z{x#?63jP(0VX;IKYz)lqREW}9@J8a#WY_3s;m>$(6Mb<>nd{c9#6&V3ce>7ofqF-q z2xdXw!O?|{L4iVWwF|l9n~{fj^$oJ;0StWqtSlqU0Xo_$I!8%k7f`d7&PuiCi-9}K zNX+iPON2NJ;zPgpeL)Ayni%4P?Z?iOrXlTTXX3)dA#*q_dgR^Axa2uH>X-D@cirHWjL`vGiluZrELr> zIKr&pW6CvIIxc|*?Fs2IbHswYAs*)GcPMg~RJqVqwmeadus3uH*rNQY|EtSA^9xSp zu=Qi4aCf z3MaA2F2n@pFgwpqZJo^YEdIGB$yiWw1QkRR1VgO$?F;K7prWG)w2ACijbAOSqbavG@tt?$$==MvP@m$ zXWq}S05m&tb2A;Ry{z8 zT#>UGG;#Cn$^8Z&m~9b?xxT5?+00BCFGXL5V`~%{W@AUM&5B^mY*IY|W7oP(<@P?) z2vUx?9Wuf@gQykpNJTnr?N=h|*1kL#o=UMx|N2%~8R-1A+NG{M2lSbuXp3`>&D2PB zh|@@)ALr9=z3$TzH1U^ckwMWem4f`&03D&2F*7w+F!zLR2<6wmrmIBN4&_FpL`Pdb zN$RCREjq}rFYMj!fSQnpjK6K(MIB$vDn|bxi-Th|j0crpq;vJ*O`V?e4b$k6kYRLXvAB%>rtu)^ zbvqPb7I|heaNVlMBEyiMifb9sGIpGRH{%Y<^x@DUFs|yG#j&Y|xjybYhuY5}Vn<5; z<1s97BQz3%;|%8_D`)^aMo1B0vBl)RsVh$n(SBk2mSwYzPqs)n{)m-zwMp_fR1Dt# zipQFZVjkQRxh(nfKvsy%xXhuO5&E1O6`dZqwl(BA|n0gDQu$GFF$GaudX~2`6 zP-&oFg(;|CsX{`QB->1?E;AP~$_63;gb${J{^+FyT5+-uJ3KV_evOG@~N5g4OH;!Iq z3M{$GcY8)LP&>T-eeoOI42)3%b`3-YZ?6a^GP=u|)$-!apzt-0O1iKRx7zqSP#AV* zXr)&t&-rz#$Uvl00H2)?@|BlnLEQ!L(fhppz=u5gsqXgpU;uAR0d%qnZoi~eljiuL zd*@sL3?v`InX0#_bqSEIx^Wp$|MELCpeLm-8{JeH6#Qt#c=RS-trSc!Dfi72pXjz2 z@&zp!Rq`{*f(l&civwIxsfxI!Opcnb=6!Zsd8(4(h73V%tC6xG&k;*dwL88E``^AUzW({1wFZH;SwU`08=bv}1&U>$g=iq0@CT(0sZL_b zR-K2w2{0Lxie*9~IY!Y^B5eWBUhW;km76Cpide62Hq3^VhGirjX9i1f!^tk&r}%5C zcs2!JOEg|x8QuxsTKH6Djif3J4QM&g16e65{+rf9S^XZ%6KMaAEi#Hg4?=^yB62`Z7u+68VOUojfGJSaCLEUY3_XNeY>)) z347`Vy~_~$s#^$3c*Z?>usedHXF4z!Z{`&hTLebfb|3o&e;OCw0HahPOOW5hB%)lN zIXeSejDyU8)F(*JA3J;fjOqKb-Ee}3e=2g!| zhyj}?w~0uWN10a%{`_ZsAg7vOx15YKPGfrX$8Wzkri)+;+%_Pam+K z+{V+gpNyGcLu}*n2C_yxw0(f7WUbzW&_fN3{y=*oTmm1uIELJ1T;vTpf+idtnx6m) zM?2Fd3oQ<+4K&j~)D16FM+2qxyXg=oFfsvlmzo+MZnt9{S>6zOH|2%6cK^Llu8XR( z@pCwZY~ka`Q)BzW^K*b9?wm7dk&z+qq>PE7AAgde;gI~)5Dg9$HN?~LYdv#z;)KP< zg_3D#jLmB^t$;MB54`ooC<`o)lR{eypnD!$O4H?s$_-n;Z{fKPHIHSnH_hr#8#oyX zs`Jg_>PoKxiJ+av8mSb3LEkpqKVK!E!|y4jd<@57a%PnZWcCx-u}QIS_I8)d57V#0 zwpd#YNU%{JY!V(Y!sFBlt>guh>Y-;TP`%I4?Crw!AuS_WSRi6U%RPz9B$eO|DhXGy zvunn&fD;P~=I67tsr#DP$LbviS23tUsAQSx*3Dp4b5WnL4cFl0vGDdg!xkCXku1Eb z+zz?lEAYozSisNi%*;O;`Sz}QmJqn<&Y+~WGb7<}Co1QEO3&bq84*=Mjcw;eB+{0J16(yDA`m0aoDI> zZ_KbZT+|EJAAHLs08;V2H<@`vhva9QME0BRLY=~&B=2XtdG_Fy4AoQ}49&({ zA~|x6=)Q5Hbb=_6wgjhLZf5*fZS<{{r@VJD5ob#>;n;Qb=ugjknC!!3&QnI&-F>=h zSHFbr<gfy#o20K6PtT(d zBEEfx>UD{Qq0wL_e6u%q#>IS9b}v$nHM@QfFZFW%knMm__KHet#4-dL|6u~YzX$DN z;^7rHMja8pKIss}jL}IrBqgiww?jT|->2vEa<27v@d@-egNrG(V1Z#G8E}CKO7#!D z*eGLr;2Tr8#J|!AH%&2zeoOK-4KtTK;{I!c6SMUrhAL0VOW<7dX+jsyU4pk!_bUO> zij~&{#-l7%&J`Yt_uMR^O7+p^WCz0Katl5*uq(k1?4P4TZn3uQWq%k{GU-!tBx4{g=@{v^Zf}72+7fRo zu1F3@Nw`CW2L6vDP8@T3yp}Cx{ae;dPj=1Q*7ODhzc5m7>lv8qlULKUB2L`>>{1Cr zEEjc0_Kbi=r6omH+0LqVEs>bP8`uL~t@jr5*4g3^L&P1s_AX*A9MjvoXc~-3!v9o@n-sLYth)0_o+Z2B@UYI2#d#6l0A^1_tuL?0kgKfz< z|8HGcK|=x&GSo^o`qQvD=pj|vpsUnce?sgxp`|-8`}ESUOqTl)f48k(HG7nOc6{RP zcxERoEQ)`8=Jk@I?r=gDYUNTD$QWLT%ax4PtvL(li(t4tOXcudcCzHBEA!z6s9T@I zQK;Yy#Qg3FPgRimFy~bcyG3{nR?c2$zPAix{I*`hRqiU>RiRHBY0G>-f6aUUTDkK5 zfh*gIJ&A=6m!ztD6`{Oq;pRz5KmB{F2L@1bBkix8lXHQav18v1 z{>U#HS9(fqzwCxQ(Q^JIr=yB1n-|BthdE;PJJnU&zOF2SIr*chlbC@tEdHbN_ubvg zuQ&fph}C#m_6)h*czJf#^+unK>`L0rvJNbpbw1h^lgVexhq-#wO_K>Mb2g2R%583x zH8tFrwI{Beoxi1>9hsl+6|-;ENloK*Jzm*!UY%K=SYPZsMXa5ff!f^RqmOwzUfLng zH}Z+4dvOotK5K;TYlQ4M@SK-5Pg1#@iVjjUoTEwCtX5B9g}u|A{?=N!cEH<9M~==h zBR(aeHN_fWdP6Jqz1Y$$>OJU_icMPNspUHMW%4C%2p`_17b17f>-LU0s?RPOETD4F zj3{}(X81M_1udTMd<*Q{jIpr#%6iDunLle7E(i5g%xH!Swtl%kJ-${WiAHj3Yw@hXec2}OSaz!n zLacSRG4o#4EEb(w{C<< zmu|=3Dd~~&PNci>m624ozT0UVr607=PPItq3)u=NMbzS90!35EQXN8#ci~~$japy% z(3x?{29*$+8P^Ev+!NE-D@*=VX!ObJ@EXJv{mS#a;;-rFjq?L(9qOp~T}46dXb)STJ$#Z>LAWrq63%17$bUg#wY5g{hdHrS${>bT;wgN~kNmv7lR zfX`NC39@RLM}c(t5a$6mP0YZ8IFznRa}L9wc_?X4RyH3P4X&m@XNV~;P;LS#94#s5 zahB8oRstRFcZvY01<E8xx>;%k1KAI`rNUjrl2N?CzQoW|2bIA_n(BIjFB~CbI7M?eREp* z>9V6*ZFGu9n%~(Q=5cEJagqd1g>D%|6u4jrhYxg&&y zk4#Np-RJ!sCy_?b6nayyV^m}v#bxR?lHG|)aXRb_eIv+@ zyJO!Vn>yOm1mw{zd6blVy_$^w-WX%)rv?lpVZ1WN=78ytUPo8&URCMbS*Viyf@IDs z7eQLeY0@Su8oZr|#KxixOd;#thh!XtKuh!K4032l*hIVx+3OvizZfLCah< z1d3>oCrZ6Hd*MOH%5o?RCoC&VyYlo}d@vyr%(0b+iio9zQ8Zih3kP5jns&$J0~!nj zW#9ioS{kuR9!k75O(gTdAd4)8xh$x`FJw&}c*_($``q%|z0E2(EIpT6>%Ny007$t` zhIQ|EyIWsB2k&xm82%?s*>GXIqL*epkjB_U3)|+aP5)^3bVeQ=KOvffwscR+ZHBcZ_Y}oSZDc{nZygs*WtSE5>d$s;pj14YV<8?Ej+GJL2%DqBe9> zVX46ekg=8e!7#2(_hy~SO zzu@X=fykUBz$*%?B^ooq!PD`AG=q&3G!0nDjs2s*GlxMOehz{iqtc3$JZ{Xig%A;C zIC2yz;L2gU{y|Il9K&?~)$&|82lF0XW$sePN6gA={ z#uob}E1sa4pOx!g-}whjqA`}Zq1vW-4#51HpkdXtBLtxTJ7%gq1{mVMYu_+pO%6P7 zFakFD*=3JyVdPSXoQxL zv@#kwf*KX*6@;jEO=r2?SiVJW!;$JL6SkO+A!s%ka#w$fYGk{d2fzVk{ zt+{5#L(GU6EV#rxi?OB!7J;WsOhnC8*h8YBgH_nGB}`Um7`Pm)W*tZpWymaZCu{_Q zLGp_NA@WIpb7vsN1`cOZQ(4xjI7WI)SA4$R6;;(5fKkDZq!sCALB-{8&Lf|<>aaS= zP#3|BNQ69p+2R(nO!tM#rNMdF2m}&SV|N%$?DW1eQ(2xf7B~Hw&+-q3iBuz61Yt>O zZks~+n7aBG50(X_&Lx0|EM{@^Tca0+(zD8$X$E74HG&xQULi!Yc$5h7XHMmw)yfh! zo@5`+UmF(q*Q|`Zvb!+Iy0EVaBpsViH!+$3^$*0-Kr~X#9bnYU8p0dJ6G__<*wpuM z6r3CX8oVd{np_R^WvwEP&Jx5r7fX)I$23VMQi6+k<}SAOG&xd8un{$|0AJwEi5s2_ z4b35@ILj2F1ld+=5^$GW99!6I%gtwBfwEwi(;6b*r9zIVUX1+r*~B)!b1D!GJzZqU z_qHOF=o&l|=)GZ-Ai;C8Wzt#;`htB~GCYT9H7>l6&ivK{Ei)E5fCvPokwKxh$APrX z-h^7{dAIQSFAMG7_#vSf&tu)QE+7SDAzwpE{VogR#c*oGj>C@_%#vg| zV-Z;>J7(3&jI@66k9f*FioM#3Pn$@)Q2A4)!$?y&f!06->hZ16Xbc=&kt{nf_yKIj zUsDmeu&W#cGzt;%ARrrDyFB3o3VSfqf7h^p1VtN#{3N)wTn(op-DEsI&uwMPxbA@ja`s) zFFw|#xq`xYU4R2A0wjt(z=I~&L!V>6sgyfM>qb#WYm^T8^>$ISH#GSCdcfzFZoNbOtxl4vZC5R+sOXiijzA-^z2CI3h zM1Pf~b(san20NkzQG@F(#SR8{J93Qp2H>&yHxEYgB1ta%VrsI}Y9-U&3i`-AEs|n_ zAVrD~o=uW~d&*PS>VsqF>Y{G8Scc!1)_Lmt4+B6()g`7DP=v!9&^9?JTK%nr>1P(Q z?8a}>77A6iR?s0Osk(W>TR|FT$eNjzeA+-QAPa|=(uV?l_NaV?R96J!fv%c%`wYu) zk4lOCd&1WRMC6mIM;AeQl?;I~Bb=-%1NR0f)&^NcoD`;+=HT zP(dWq4@{SA>s)(Cq|95vTY9YjYGLpj-fVWkYzDF1498@x0HM|32_qc{#OFgjf%2_6 zzoMHGS!bZMDNmzG#;;Ly$#91~E4vF4mPxqi6Nte$1qHK{$q_8O<9u>8r?Y!wbaBxnMxLQ89M+8Wh?~Gwj%%LV;aihs;4qzJ!M%zU3XV8 zev+qKna@p%KPsX^{>lKVE3=X~gP4Jf%0h#Ubv02&tVq;O90rm|b2;X(xtaQM@pGG_ zIDHTe%H;tyV{E%iT=Z9o;Pp%S7fx#QP>3Wot`IY#UF2oGu#@15AF>-R0j*%5t_BuU z&flcN9O@FBU_~-nR=bCS_r-OfUJCAdwDEl%dp2l*hJBnI;o6S}S5#cFP?mjv8_NTa zZLBHRL*HC$`0Sn^JRmS#d~&E|J85&CpF1-SQAieWzf8NC@qEBIS3^KzOX9gxw2#KEIXRPuiL(h_zT@!P%G3g`1X=-MUz$2Bh4n+*fx^btXL;>a zK#40)OT$1ZFI)hP)=H+R-mjEf0oqN~H;rT`*5a3Gh#Bb^Em=mdM6^Q7iwdh1R4d|- zc;>hg(?_cUdl+$WHsP>?pCf*bRZ}4%5{gu?6;7MyNE8rTy*Guj&cS^_C55+4-BCKk zU>c%%_18-Oojlgf2#S=!>#DQDni5HKsE~F(@(^&CpU-ywcTeN+^5e)07NMGm=A7aUiIn@Pk6KpCoGDp1Cz>XGWq$r-rrfun{Wq0!_5E-i zB58~0BPD}{814sBDsZWw8-eh~Ew9Ft!1{j~z)pHONGUU;y8~Z0Yn5dZ0-lL$LHq1% zNCj#IOy>jcWN%A&f1sBJ}5ewG#j)C5$5 zt5KcECEd2)ly-{2MUURbO)^yb_kW8Vco|crzXd6HbAgIif_#D5 z^4`s1CCIdV)Oq&i<)w>&g&#jG1I!DuPj!U+l4n*QX}CkjpmX@rm-AhEl__-GeE$70 zNJqd}!8T{5*#18(U1M}5P1g-3PA0Z(+nLz5C$??dy0L8=6Wg|JJNfdw>$^Yp>bq9= zz17{-b*gLceU2OpbQ1B!`>6=#v)JjUVo60O$Np5GGw(sKY3Chx&gehpD-hjrZSc(7 z+)$ya`F;DLbFgVa%vyTT9AZ{nZC%sOZib3AKz8WHb<{Glsfy#N`^e{%Tb2U&MA2|T zFJAMoO)(ya1bp;cT|WFpo=CbTtr`AtF=)~KtTMYaa*^fT85A={k-NFRbo_n&E@cg~ zRJ3z1GqnVI7QsDZ1*EOE_fKU%*senTkc6)o66~!vU^vm!@29ZM-G%Y%nOi}n84@oh zglHgp4WHy3{jL3P=>XhANTv^j?5J_Xh)}e0AxvBA==a>p2M($FJ#9^Dt??-EY2!lx zZUV3)X4s4ecK%V@z$s2b1oT{Z`bkBWGv&`D-;6*%<#`clln;(Slr0IE%czdv4`?(7 z7mIu|3bP~_efd=|IQEP{T7E!0FhdQz_~#iRQ&K+`+`6_1BB_oGkwyVbl|YpD(L6RO z_qy?8Nl@LK_WyG&6eH<}9rcA=ewAM+w`mlCRyOI%cql4Mg7mD~wbHL#w&F0x3@Y@o zsZ^G|cmk}n1k||$oTUYXI>Z5K?umkF)`mezAP6`5?;zB+I-7=MR{|o4qij?E(k1ur z!l~*fjmd--vXJ0RZ|YI4frZkAkyphT<#P`Wa&wOEB?YF`Q;c=Vpp0P6@*G^7QW#SU zxFD>5FYe3>scpo8#ycdH6N;6dowy?VY!!_` zPzqS9j-Xbl7mEiFk@@FTQS*-!tMvpxC}ge=%O3gh1qF^)PFSJDlP{PlJw`p78U4el ze~v3aVNEapW*a~aJ)u*abn^J+P&~j({;)(wYxrDxJM0T0raD8S1}y?vlk~aiJ&js} zN9sGk|3IX?0{F0>fld-nxDaq7?GWfKkm-}jG{yfzkp-{uCTSy^RH(>HsG1Tmp7VV( z<0*`ie(CNn;K=G24=B0^dcz7U`I&TB?09%jZOaPR1Q03>v1Ma=%G!F1A^C;i-!U|& z(h{r^{Q-R&0UXwBxKEJ&36G?dSfWg1njhoT?^`h6SX%h|!>e3Uj3+b*!yH-;kAuA7 z1b?Fhe+7w|d*%+1>ZKGI8Jm;X@d~Kgd(?KWlJ_kd(j87Z-|%tC)2S1Y3*`p!jTJJt z2c-q)NmY<^IGH)S(ozJn=)^uNkI^o%B}Jrl3m5IQ3sgcEVH%2;rVFX+1&3!_4hbO$ zBXe?QfxZ&4nN87mJtl0`D-=d0!Jt!Cm4-x=!13{Ze2LgHr>q8)utqLswgZnxCmfeO z!;^X|pndeSQRNoK<2(vrBD4_7BTXHl>-VujLz|BMl}T0zQMYH2xGWtjm3?SxOalg? znkp)Vf>muYun5DK?A{v%N-{q#wrfHNQq=aG;b&QN|CM*FIGfvuK_xE(5P}os%>4ru zR<1Op$vcL4=7<$yky1BiArI}lh$0U@dWKVkzYR?2E;qv=m=8NQ9G?wPS=&UyEuM`N ztL;UbsllRJ>x;4S&jdnApuAXIe0QzSQ3a_0xsh*911x5!$sR`rwmH2GSfhd%=25j6IyiKIw%Cdxir%f_vN;?0FaPbot|T z*1k~v;K=`Q$8CE?L&~mN&&$htxVx{6Us>>gI{QtC^yiY|@hXEHR%{kP(5iN?Ve*>o z-l3X4$cLvsH-T{a<9+15MhKkavfHv#ERs5OM7BXVrdT;fUh@HsS?21)Jd#o#TG8dP!>phMN;CL6Eiu;Ud_5 zNVzOKbMsg>&p8V70Cs{Ve4HZ9zRLB$b}#2F?;e^o2d)yhv4pFvfuE8TfS0uDI-c>$ zKfh$w488G~_v1Z$d6Nt+%SL=^%6km2Lyul!9qA@3L^WxQv48Sm@cu3L3SNO`2AB8L zq+fN=UBm1frgFlm7RHL`jg=>oodQID~pG17^j_eHG zRrBis2x5D^gjf5e3t|Qo%~!8__?PfbhNlyj&<$wubOS&jcOETR4|fb9z_APDR>$SG zJ$TO(xXP2pM`Z{%$IOd9_Yr=$2Hc#~{Q)6-qz3w=7j~@Xi~)C|)oTYm?V7Uyf{~@C zzTGQK_*hL9Pyz4VVkHMb^s))p7;*B#(>`wxePy6o=JaH#fsV>>gE6Ma^ju6Vx_%QgSJ~Dt#^>E^gFVGOH=Wq>V}b)O9_cV|(u{|Rja3AHKYD3!jOfy5g8gC3;m&|Q zkc7|sZx7XUe52uhbG&GoN75!L!q5T?8YPE;c~2`=HVP(zXe_-W*pN(mMh@eY-w+2f zA~N(xprcH11bd!;Noo0X;*fp(|NI_FV9RqchAo62iy$&oOZPLA7T!l1l@$b+RKmnh z>GAkw1S_7X6u2?Fwzj5eZ)lWTX|^wZoXZn>8l)}YAxhj1*(+_W%F+|x!VFf4cJLCw z5H}AUP)@B@*ja}s_P~*RYbFwqv3m0!YM~-KCKT>XfD9$45XYpbIPbHC>uFJuJZa%M zn{5YoFXNdO9$lzFG=awGX|F4SOca~(`jBgBJeG`tKazSfc>0yCuZKeJP+9AY@$Q+r z7og8&Y7wgR8ARsbJUY%gEWh2Utv3>CvsVFsAjAo_1aap?-k=SpM?w~%OO|~&@ zJn|HxJ$%rQ1^>6Lh85*Nh#HRZKP3Dgvi=Vx{)alV5DvV^=$6Eod6YwWnSB_)?+BA8 z{)bEd!=3-(*$L>YysQUoke698|C>OyD^cO*wSpy)k;sU%RCp%Q*$uYgS(z8!%vr{m z8tuVOVYi)~rS#dozqSwuD_x+@am9o;0shXvGoVY>#&!<|!OC&hWY@4J_yfwI#x!18 zS8*+{5tUypoCa%SQ94ZmPjyf)0%&?}Y0OlAe%tDn0dZ#H_T#3BsYj4>fU<%R-Jd-{ zS&PzyT5+;|5-gjlT83zgsQ+EP&8V*JgO00!WS|M;(E$!YB~U}OPzQH!7lf}(W#@s}~Keu}8$Kvx}03|;D)-E42c+OUw{=4`;W`&N%%Vt)ldvpB=FasK({2VnE z;xBC7SPYEZoJ|slgpf_gW`Op3RYemsn0__xfB}%}9fIZ`?RyuM7;stgs@o46xI0@b z)}hbwqWR*65@L}?V~IV#bp9$_2F`qY~=Sbdw;dY zx#fj>!7l!>fXUt@*yYW9xnewK?Q@>dp+rq*c$weC!#o$E0;8vs)KDIVyD08Zq)GuS zR@+lh2NkM9+G8cDv4m4^E3!CyTou+x_xe_ov60;c;X$+JU0 zhBJ5sag!A;+B{6kMFIS`npS{vVIngk6=cG~NCXx^w3E=3eCMMg(S_Y+1GUZYbBEZr z>hdJnMC79eEbsQnMDdhYjM4T2172*Gr7bPO9oo!1H_OKQChOWda)AcNR6K~rAb5Zx z?rJ*x2A{^CUYyi$j-?TS5VbP=<{LXeo}%%9Z0oqZ`5WQ;zsoCV#vUyJ*Ja>refUlrP`7a~oQ0v#0gs{MR;Ga? zGlwkIgB~tGQKrt)3_L(X4H2Wk?rf)ojxb`drPvQC5-y2Kf0plrji?R$$VP|sJAyto zvw}ys%Q-rF5g$OVQ0|~T!Txa_p{hz!IrUc&mDIx8;5tB$BS8=5lXmT>Cd*+2d6$m{ z3*SVOt{GN6S@ku?6h2?5CQF?Nsspt9B*TLa?SzgIJ$kEHV`~$p#s3v?8z+%f(J$8O zZK!eEfd!w^~m`v})fvrWn;b#z6vp^y>sZ@i4)H%tp2ds)Uyv5$~D zs-0z*T-R?iq5dpE=`5(47)Ix0kh2ZDim(#uK&{a6y=K3IADZ8|ojW+LjH%TbGOZki z{xC#K+gKGd!1)2vsK#TCI6l8-^geS-tc^=78nJt&Wt|AXMFkNziwnw?f<}3g~ z7Dac(2tB$rTyV%77tM&((m}%qyQYk-hJpY$Azjx_$h?oPwR{-{F@-d_3yiQrpNPD~ z(S<(_BcQdgMG{{s*;DObvI^+we)SAGxZ20B+}_#r{D@P?{CjRxF$B27J9iT6QvI`r3Sue@iu&}Xk_~8~j8D^b?jE*<|0quFP?#&B z-pT(6OJlrUd>Y{O=_L^(vMVeBx!Y0=gJ!sfW8793Uu;pNf0_upJEWwTB~A8)#88Ej zYzc_EM9dYi=&0M7DzYQFx$RS$`l+B9T%0i69dxaW$V}*W=43{6t$FN$?o#>4m&*J~ z8?f2_3?>Va)(v$lfOc;XN>E48hl={Y9d!9A>Y7?D^Oxv1t}x2DO4vhgdL^;G@K(i*EEEMp&UmZ5Yg+87V;uEkD`|p)ro?@a4 z&=H$4{rCG+yIOeIj@{aRZOs$29}-kRP$|E%$z#J9<2PHfAHZS-<5nGwekIUEfXn-s zeKkO0Fsk^bw#o?Rl`lew^>|eX0|XGkByZovI&(oLPHgT$cT5u(U{cc=wjS^B~0qW?xlQ%};{|6G%af{9QQmSK)OY?q6oNJkk< zKC)IP&Bgrn-vYKAN%vqvqX!f@lMpV(xCDIj}HGU z?Xtcw+uWjP!D3D|a!&UTLNOu$T1j#(92=!dne7j#cjWcJh7S>6GHvoO}= zWpm^>S$Dsf)t+B4PPYrPZpgLVuMZ+&h)*or5p79X`R7Ejcs*nm;)+Av+qu`YjppCx zD0bMl(Uzs3rCO*zumS1Ov$Zs^8r|&6B0|()(pG&y+A!%~OHX1XpwT-K*OcAE1FstE z=Mx%b?_xN`0NvV9Br-S0F%*wvvuFS|(s>-qDIA%I3H+NKuEqo|^7hdEi_C}^f*|fd8vL}7luSjKNKieOOsg(4P8V^q znbq1~n)ENilj%5f=L!cW5lu$MLw0DrMY1Kh`cyd!k`^nR{DV=UbJ`yGzKDnjm-J|a zRh*8r(6gZxZpSJEE=u?_dU#a2q$uVhQtAn1vI@5Z)$OJ!`1q_hxm1d}g>}3(BkH~Z z&nkgOq@iI;+@O_teWGuMkySR&v3Y&6Mk`x0or_5VJtqx{Q}hk$ohz7SfRP>3=$uoU z87PW7Y?_Ta%~6CNmVp_V%xpcAf$3kglfTCmiQ60asIkx@M3!L}2O_{LJ`#ewS&48- zY!O_VBeo~S%O*+&vMsRWuGNvJua`d_29~fmQKxlL85PL~L9Q?2u6N-2=jn_S_Ygig z%hmL7dnmteA{;obfP}~Lt4XI@KD=$8_uze|dr@_*jj ziQx%$T$vC-5bbE~m|d-YA@5> z)9ohG(*uL4nV!Chyv|JER78t}o(hvoDbpg}UhyLsY^d>5#uxdrhiKg(Xw#@?QqYuZ zzs!vIYf&N_iI62g$K5sjJ(S3kjfjc6#>L(N&%ga>nDQ&zD3VBc)2T$vjXunYuHz;3 z0{0X$F$C(Y$PupRXplTmHmzYn(etD7tLwW6B_2$Wr{XdV5!R#Tf!OH94O$#V9#%P3 zBPT;6$2yMs|6F!mkrd6G2+>ScNxSf%6R7@u(vB=UN5l<`&=8?Q=IW;34im0bL`3$O zC#v^1ja;i=PgU*HB1$wtuoyCr5g8o-5ejTUj1&%02w7FGG)PD(rfPbW71Ny$R~3@w z=`j`uJCD>AqQ(~VvtclC=t0w%JVC(rh@VrVgI+`Bl(D8XKtc5uk#56GgM`dPX`HgrZLI1#;OX-*Napj@`t;pns;41-d-qc0m+z%?La-0l2!Q&y*&0 z$(2#V(!g`AlGb1b>-36;G&_uawY6%cnuuiyc66Uyc7RopN%{b`u8UL4;23rO>vS8# z6x?|>WNkd$X`!jhS+B5?X5`sGKo8_$)`CgKXi~e5CxuCR21#^$v^}OrQKbeLGt<80 z;d`BDF1`^;s__%++^YxCh9_NC@yNcot@WiogmIvm5gIyLene$Hg>}{FU!s#J;a^B3 zN>zGM%{b1mv7=xPYx(=)rVqkP3&BUxY6qqf^IyzOX^Paj1c+$dJ4ZqmFL%-x$e_o| zyQ?-EajeM_>gFbH)(5TUHg-FN1FSilv&EApLx^ojy^KhkDtsv3wAYBQO`%Y%0 zB#&^t50uk?M9&}5b!(Zv^7t}%#g6rou3tgLvGE0wWH1!g^3<%}%#(5RA`a!o$uo-M z{{owMGNmoc(~XowM$1VIQx!Rs)a-#3M`_e1kR-?>Eea1a#p8}B-xvX6S!quTZ}SdH z&|&p-1^H64YrSy{F(nEl^{pgsY7N$L?kQj3y>Eo$2~%?y7&B97*p;c33JbzMa|NsU zG`IX|LYv!jZU3yRL<~V-o7*+{}}HTreN7HUzT-lWB`&>#;L)ehxX*3GC8s{?KUnXON0Vjn+C1ik%)~ zvAR#0ibvdVXjUh!(sYnQK<$&9!6O2JbQp-hy>9RQLeb+F96_Sem|~6&&7%7;>8jZh2k-B2;M-JIyh1U~3Y&O&O@FQk2OtG-7c@_I z0?oOIS(LFc3nk_qAO7tO?a6awPzm+m#iA-G=(BVI4PGG2iD1QJrxg|^7wg+NvaBdz zg)!w-3aH8KwkJr>!YvGYR6wFU{dTp+R4h~9}dY?F(7Jq4o_ESM|!}h3~Hvbxm zwWxupb5*J$!jw7Is!x2Fqt;1`cljVAGX(p`gx^`iu}FRZMSV zLa%TyBo?{U0mC;#P9XHXIMI4SSZOdwz=z5XEY5N%rnU&OfD$5EPp^^M$O(>zI5`Qq*wM`;w44(62R1Qa%v#90mN(WgVliRAto zgBn40N(FbApb|MV?Z~rV5*b>Nueujo7%^ZS`2ojdfedzc`_QCERf+hY`9HCK!17wV zE#tfvJE831d|h&AUuHsPZW1|CxYvQ@uWd*PxWn&Jl`Rv`LeT%L!zMoph6@nbjf;rw zzDXd=Q;hXV`Gh#(_Os%`pkt@o9DV@2C*Ka#GpvtK?y*%;!)Kw%oN-l=b?y6caS%pB&;S+ zL@R+9xWN8ePMWOgs44}RG9}7s2zxd%gJw$ckk75mNQ6Z1zZOW(s&i44RZHV~i6rYq zN`)2$l1$8V#U(fv;}fIiNN9Ic+!2CAdyRo0>sQ_d*|32nJIDIUKa7yw_Lc>0)Sgw- z4&y-9Us^)N9pVFs?ln1s3F{bAc(nV4JP70c*Q0xpZV&OqHsRTcMq-u8r+;zlgzHx~ zMp6e8Z=o|69mp)gwOxc#QHw?nD37ibUvC^Z$>MilbA6LAv*Qis$3_(3t} z-olI2Plavy3hy#G7HcJ0gM&4HI^~J~6k`(>qxpL&KPkY5Rn;GkLF_LQ<JcuJ3%}3M7?3$c+xg?C51z;`Or0Pgkwz^;Qk*Zsz#viDZ;WQ(%!$x9axY`t zr0{RF8#QjsrvgjO=s)KV@UQh1n(A5dvf~JtNr9v=JF5n1Lz~B`vDX zV;e@M&_2QwYazjaJZvx%Snm@IonpBkwiSU=cvt*>y5Sl5~%tjoS+MS-h`<<_9Jjw&lLIj_N&MKcI zjq#Tc1+hZR38gDnLwh=^eS*Mj=ASIpL>%Z)$lB0U(NI=RAA&g&k*1^>M!kQ00-+?> zf(&wZYW)@}Xq~vx)duTRkRBCD+WLl~8BU_z+eTYZ+i$3|p`N2z7^db}Ky4Wb%}7OC zHqg+%#0&*&o-!-7f0D_8deJXj-HcREEg>W0N!+5gHR+@liHhb~v-Dz&_?wI2-gDuI zMDb=Inh`Jg*{CR#vQZXeBM>LsV$syr1ivNHPTz&L<^#(KX~ObT)SrP%0&Jj-=Iq}> z_Q_#h+Y838j3v{DV^YEv;{A}aY_Hcc9#01dq;#U2rY zL?xA$;L}d(EYV6pbUj0+FbE^Dso4y^NIaLX*|Ka7GL)3|rz1 zV^pbZMI&d}hOQk;Af||rV&vcs5ixb8Aw(4hq=#?o*?^GfQm~*Z$H=NK2I5NdzgjClbN|xWVJOUx16=PkH z7DZqgg^Kk!mugke!HiisD0DxaMne$=Ubcay%EV@E*M~bL|IahiX-=4phC5EY>QC^U zv=1ddEYAI-%L-cZ)%eXHa zoi$KY)=h4RWwcj+%n-PESR7t+s6{3Ng)4_vuIEzMl~eCWEL*)@E1+Lm592bY-DQH! z0BT%RT42J^8%_AHSWlyOpU5v!wa-X17x)gcTpKx4z%PyUl;?pXWdkiE(w&4h7Ml1M zx(So;*G?mR1NesUe1yvZ84x16A(x9ENyAem&~}0$MVyDWfo?t5^FS(HQG{*Xy?`V= z_Fx>@-{ENdbx!xfP{7g9AQsC-7Y8X2 z!ncYBnhe_#3$z33Rta302@f=yeH7a!R&$V-jZm~Uz5NIE%Kk+Q3uhtm@>>8%aWztx z-v;`W+@u>M0v*Jjas1K4O%@KFWm81{P|+1bTtsVb6SQqngvvXw8Z&-Yyy_KR3NISX z6UrvF)GX0T#WK<~L9}^eY@1b9?HYb;$&_v@V)bFO2<(bZAb7*J#lUM(UCj;>9z0Gm zb$H$mLkC=f9#(DQOZ!n|a>l)xPQav|!sIXl`GVBBPu6O+TFfKn$Yz;wrs+JUa*&4* z@uBgv7Z&l8W~;5GwL;PUL>8+lAwwt4V2S|Nln7q>C9Ftt>-Aw))ju%W+$>07mTpK8 zoXLB=gmp8NMrwb9Cd^%~F9L&m!`+NR{d$pGBo|^&>N;tpn=wnVo~`PvaEl8yJB)!b z4?w0j_dM(at}*oG`dIXT3PvAvzGX*HAro-o#mWqkiEO1$dL)nsZ6HC+Nh;KDtBWDK zl!ZSVr3V>xvkmhmA`P@9fjiqyZmHqaiV4kS(Uxe|b4>`K+SK+Du-9su;MYZ~D`kxM z1&xC053mh-0EGVuDASitFhOA=>uZsRUtr}lj?(j(H%ar^G4P#P4FEyYmjH5E)w8pR z36GA+O5iMGw4p2xP^l(@Mz_uN!DsO}TBOYr8FvtY1RnTx2V97PizMfi2b44?gjZzO zbwVSm+LtjP-EAgTl*rtxp_qMdF2tIRSr$Dd;(`|db zz?yk%i9j%(g!fDc%z^G|k*x*6+M|Zkxn5~Oc=UL&Xi*+%BsDeqCj70Lc+uYeV%Ab! z5Hvq6;0dmx=L91`Fs2Gb^xeq>b%bxtOgZ3`%?x+vKH_-L zcdf-)b?_#dUP+@GdydeGX2p@HI2uF0%>IXX9Fj(@?H-G*tzIV421zsgsuL!VH+W1$ zNH!%i9(8gyJ-z^fhZCjE)rVG!su6ItOE2yj;vqlDm4olZ7DLPhJKE z|3C|9i|}PTV;Hhvo|;%uoMIHaV9LZETEicUt&9@CMY*fNq=d)CHI6UT z%KxL?zeQovC&C2%3^7(pR-uR{-V`X$OCnm}Tb34a-TgH}c0i95&z7lV zhQ~ne7&fb~T1r9cQ6`{*f!^4R7$L5fNEPeF=++9TbbxGD4pWeAHzWe0F23>n$0+w| zzyyvB(W5eI6TT11LhnPB7=5Yb$K5KkIfcf{tSX(?m=|Vp(OibH%1MAFBa|6}q$%#~ zp7DiXY#NUXh4y>CND@e*Ug39WxLPzzYsC4IFoKa&+h}tm-U{@>mT}8aiogD(Sb=Dn z9~u%XrZ5bQoUX5IpsLx)FSv_bR+d0;2hCA-S|bt7fnu||Eb8WVIIU^EHmo0F=P^W} z*mT}BY!A5 z4=IMqgAwEci@Cy36P^+=@+R)c+yWOZ8pnF=^|3d5*0(y={VRA*^|~K_?_(I*e)-il zXM4%zk2Y}%ev(hmv8tR58vhM(5qQwWwKO-!$LC{#-e$NFJRg?pO~>{(fNxT>3$vl zKU3f9%gi0AZ3K>3%zMTg;0bm*_0~5gjd7oKxO>-`*<>Q@Yp;0Nbi(aYMD$vdm_IEZ zmBmn2i~W5)Q`l0re<-s#n=||u4T?bmYy;QCeriM%XZS#-Fm+denkW)=qM1yisMdPH zZS$<#d1iC<6PV*#`x;VRjPRbcDxOLF7uzc|K;%w3p$=g!3a=`HOZpem~yV-^r zM<*>+y~RZ~-_~9=XW3Qq{m4c~k8dOEN+-)qidMJ5;IMPlIK#t3Y=JKmi=FM~@2}!j zC*@*|)#%dV)MAVqFER)AdS!;}y4ee8r;X;_ge|xWSO|>4BR|7g!>^jU?ut=Cso70t z<|-4kHXA(BtSZw^BBs~Xe=>~8fjbuSkdw}HXp$-&Ip=*tP_>(!)bvBxoL z^lrDC*M9Lsu}eWM#$YlJ4!#Zm<5Y7!^jJzN1-{_7`{Ev>^{9Anm??nnQY&;yx+pr@ zuxe<`%Y5!ctD(_1mp_uZB9zO{<@IJw&}LH8`n5eg@5;?bSZ9@0&N6FznX7pxO3=Ks z%e0V%UWMxrR$FtU$4Y(F8For*i5Hw(zrD&@X**p-YFN!0PkKL(xjjT`FdFJG$;)On z&8|#QU03)lEwTUS{02Gl%F37z6`VIe_*AHjmT9RQNtdj#Y~`x{yp2uHh*#mJ)D~yA zDbr7iokk0lFJ+J0O4rb)EOaaFQR}Nsb1k%c7`t+Ljtv=0X|5v~I$Rq8xGL$jS}e>h zR)@Oddwou$p0?sglYee{siBUS%sJ-I7IKAX2Qx9TcmL1!uVKtmem-sW26I^hdxJx_ zcF%jw`a?E4S~}enOT7f%22dNU3^}xFQ(cQjTgsp|V|UtZHXbi%X;{<<%l9MGq`rgn z=9sUh`n++&!K>z&CpKjomlkKh8hg=AdP*#v?$%6wU8iP}=|7IPj<3$! z#P}XpR>`+Ii(GGCUB87rFt&bi+u-8hSa+R$w$amhUe!}WSAyF~MQ z+{T1MOrQDe)2~B(?>_*pyvEynKW`?~ayY(am}5J30$}Jku7pnEb?kb<#&mA0v$L~f z$ZNpi;NWs-VLKmB3ivr&cM4(XT6ew@WB7|pO2oL15{R*}u)5t3ylZ&hP73fpM+lWK zn=CW7-TP(Oi=Mk*F2Kf)=Qd8CM{*@H;e8~EA)ma|T{_JV{Iq|PUE0OuC>xK9D`&6#23Puf z`lkTE^Y|U$X~RkMc=H|5ZEd?Q0l;~E>+V%J{Q_?UtBu{+ao z-CRt62Wx%notUoSe$+Aieq7|H=lpTQ@V$=SSL->PUi&^4#lPdb_KFnRjE<@L<_{O`N-DQRh%@8#-gLkr#2_4}^kd`;Km zFnQq<(Di)g_T~)G^LaI1)TI`Lf2UMH$a0<86+oYrb;^zKsp&$+hi{*F6}UHCrQ zQfGgyi|)5=KU4L*F2!%Re!h-8le_5MJvR8x%xrx>p9&r<8MEYuF})BIrK^l zf1XC5MqYJZbZrLX!hHWWnf9^v_5F4o&gn9lZf8HG=V>^rz`o+Ro#MX!5P8pNpZ2}y zWw+*cy;^eRyCc+e-+Na3DZ_oa{)GR&(1q^%QeLt3=szhpt$_Dwa!uVZz3uK{DCbd~3(I@!73Dr`K`Xb?xccG55OM zh>3Bf<2fGemybZ zPi%UOqIdkX(i1tnC7vF?-F`Kin+>g(U7r5%Pa__wrnK86mdD>+t33pn1>x-BqXkIv)Ay z%6pqsY^wEoE=|gX|Ea$qmhWw9{@DA{(KOS3NK20AHUa#6wtsUkx+W_bP??{RLNzJJ)a@i8w0>%Ig3eK*JFvB;2#n-6`{WA|q2Qp>h`-_UM7 z()Ehp(qU(9%HTkZ|7|v>^*OFJC-rp`%1^VIt?98{#C(13Gu{{L<$1AeYW3YS?sC~`d>mr>-yyd9%_|>? zKH28)?ng_!!$UjMH8Fa2yTJhZGu;Nq_idZ*{g{R3Z!e4e?(5I9GxpA1IQ}o$uNL+T z3KmvY*3VPGa!$|j%JsL~cN5_1eN*SXX4C$V`eonVZG4S9+v~0~=i6)NG`=B(-S(>U z^JzVl@5X;+31<6dZxsEq6$6%_?CVmHRv}=kvl8 zf937i@R{%94gGqZ|J^gP#rtBwFot6$*K*E!E;W+40>A!SAtd-EztKH2Hk7?Ks;lH`V<$c=37L`W0F97Fs{O^p; zt2=B~6x{kF*{zAaHyqyN=)PV)hFfs%hg=8wnojzsNq)wBL^b-gw@=>TnC*sdHPl4>jGF`%x{u=MlLzm&~W#P5!lxkK_WMxQ!>+4Yv0Zsb|~_O!fDs z#qG71k>Is}U4Q5En9s?U0}UEi0O{!tBU>8hOc_V+YcE0*Rk}6 z3VPmWd6#3cC-3l`%%lE-ptEV?(wL!cw-KSz&trp$3>!~Xp>gKCvagR9Z)x@WUK>H=im zbXV1QK1@MqUcC(Xc79DtwbWRxHW~I#rG56dY}`(inBY0ip^7~{Kl3MbT?DO?XD!&R znVWXqg-_b8cNrC;UuikdXIEfnq_=-P@xyPmf@Zeg=3&QttWNv5^vBTS-5Wfy1RSWv z>OGes$A%B@tF?>+t~pgT?-slPTh9~3dTp~hzXV&I1|urayxr9HJKe82{tI|xUuPp- z*5uu-2Y0ikF7)54r1-ukdAm<_-&k&k6rX|5x*ypk|3xl%V_)apZo};+SJm$gUdxz2 z&zs)s`^UOTo88W=lnrL*)N&V_-oq-9)p}i)!>*%l-FCyQ(Iwdr{NL`IBC%WPI?bPL z>qD-WUXwfh?>RlEyVNzEccXxx5*n`n-M17N`p%nHUc*)Cqi>(DdwxE~_lfBzp3fWF zQSR^Qd28(J)gH(9i=Q6eQ*u4)hO_m!rW5;V_eq`8x<6)F!)tM~OYU;r{qTC6^L>Z= z{@=a%gl~~ck-XRCBGPr+`y6(~diLEZHof|MTjgi?vbPPmIMkB$y)Ay_?>N|hp4@Qx zIDLQ8t~*|_)^q>L#y;4mOLKpN(0zGSscT^We#+0W`EU`Ud3rQ;(eoN5^{(G|=$*E4 zGn>Aj_C5I?P4xA&`x;~i{)p!0d-^^A z3nn-5y3g4D7+hYO{yuwK-|Dpf9w%>s|2lAlnQpsiKc`dmefDnsUId_LzMlmkPp_i( zykB+jf4@#ozYKS8u6GmQFX!=!hP_MCcL~Q#mirEX<9EC76FW|~dpjITA^Wa)_m%C7 z>A0Q^l#C|mwAb)ASuaChDv{$j?uC*!K6`NmY$rqnU!Cwe7NOSx_4Y@c;=81${y{mAQ`%ER5~+;@+J(dlc>`j<%=xyP=jFyii;&FgN@*?bZD zuA6hXmII&FTH|SY07CuyAw2BHZR}@>&jl?r{|$&H%gc>cEawq__uWXanx6L~;QEB& z>mic9=Nuiq>BH<2CKlg${-5c?c6RsIAt!(L=hOU5tc{-Irr~7M&%0mONC7y$TPkW@Qo}E-%xszOcbV7d z-ye1VJ;vkAIdZ=56IyJ1OwUCCU5~x$*zP(;tgd6Zp3bk6mYz>yfZkU#zmLBDRmFXW z_3++^N-VFN=k4_O$7P*fqW6;5)AKf8!OeR|Y$i=|_Qz`S_4;dI_~t8I4!7wx zOwU(<*G5|nU&{gVb=o)Jx{>GWqM)VwYgjMiB+Y&8K+CrCc4+;{TE~9Pu_ij}^K%wm z*R`LV&wfD;|9j;qS?=rV`02CB;c$$(*^1uA`@Li9aY2ZkuH$v0X7XicrRFEA<974U z#MixdKrhDD=NROtCw=W{ z4BbV?`_b#N?&E6sh=;Z9d38PeeH`8;=TC&uG?CL4IyN}Jb06dJk9Fq!7T>zd9>VQ2 z$LBflm7ec?J#o~0qx&>vp1$YrZL>S|FvL{*{suBQ|GNEQK0N;S!12_pl$!0e*fY-i zQp4lE93vrk)a^7}CIcg< z`MKD1?ER6N_!I3}>72cuPM$lDy|vz}J6<13cA8f|*{{CG;XJFm-K`z}8U)C1yyJV_ ztX^BidNZDz{RKC({pobRpKyvGozGo0e_39mJ=eFS&F-pgoxX0nJD#uCJs;|Z*$}^O z2a}i4zuttG=dGu`oVM#~$XQ+oS(kZpzWAB>7+wz$$839;U&a)+KfW)z+#6P`eJri7b%-L6NEIU3q>700f=LLIg;xP%bZ=eR ze-uo;bME=Br=Op>rtyul-`iWxyPw|E+pfIb5`asduC(()8U7DvL72XW;l5v{e5ad?~+ zwl6O)@5)GopB;NFozKf_N3^SCTeE^8eQF&Z$;}!vIgEtZm&=yf5;3PVG14Iy7U^7s z7%xI3W6sVqDT~7V!i{326y7mQxrg_=g$vht&T$dUU^^Tg)2$JA-mvAKJ104()qEWl zK2tMql*}@#*qsi85sAd^4FwN@RI%pXVt&I$sHAp0K$*g%*rWg|&o4eAiSq~GJkvWu+!6WNb z3WUX&Y6cARDw$V}547Z3`btjZF+&7RJ~YpS5QRZJ@8aTOWNLa;yILgo+_@a*oBq!{ z4x_@aKvKV3a<1%t`uXQqJuLBWZta?3N=wenjB~jiY@C(7VX$GkwL@mGVcIDlk;csm zlSfsqolnsc<5Kq8Dr$L3IxO;15uyhb9$r14S<^g2DTA+qef;<_aP%I-k&`E7!eX}Z zX$5Z`dU?I7+;8BlWuwSMkK^EF|G|c0r|XC`URD@sVsIC=?-^YzyG*in^-gwKr*+}s z;hCBN7BgF&(cuaA=KCY()FY)Pd#<2!tf^F`(9qB#j|Toeo0N$ssvW2GqBfJgu zn9xjL?#Q_|hS{!k7%X#p(3Y^-38bf|_$B9?qG1WvF)=Z23dcuZQ5rfQA6I0|d@loQ$cg)a|2CMGy!9n{#IO<|aE5!AHl8v(QF^ zBg3s(UB!29qQe7f;8wBVqhr}&vlEw~L1*oEHfH!otGB;@NVE@0gscY*>P+ zTX;zkq6ZybQgr7|4cv-BAp8sbRN%Yy)R8xQQVy3Qn!QrB>m(#4C5zmv8P~2|`?gLj zOJ7&_z?iXYG-N|VP6l0#z7__90VE|EeO_L>S9?V0NMy`JTS&tk)E)mAQf9{C%gyHqhbkEZb+OtgCwr%r#ex4BAK7xr8IF4<96CSUqZU4YYYeCS@X@2H z$c;SmzVGz6f2tMgZ9KyuC@7eeoGci|tqhwLG9FBXC9J=xN$y_f?(RPNE>9c3oPESwQK6!$)u-K%as0e}KUzf8U$s!<-81(rAsxo3d=k`GP%F4>kn>WK;U0nl1LaM5&);!5jg^2QmDsdAtGc)wE zrG;bFs#WVYY^ZvB?;r~s+o6CrK@1;1erzqHh+VmIh1B(6W1nRz^)PfK9%j6(jN(#K zRkcTitRRWQSO(DCe{MC=t)p*3Mj($UaPoCPuH`lkTBN~dO-;n=6UyH7=1os8?o#Zt zsiiAMB;TKZeixoi8M!^le?rBF(Y)#DHJr^Q3R#jin1-4t^%6PNVK3?AQN;!5d+=;@ zv%@rE{v-1@u-$5+)Qh;LbE9Kp5hW$6O6Gbu{fC|w*hwk*ytJKBBCn$1=Q_!(_ql3E z=o(8)OJPyb)uq#?VE`P?a_ZEnshNSxA`LQ#suJoO2vsjGXA-Fz)nh3$EIHN5Pby~-2g$+V3(ArjUj zN4X$6PHxSb_caqg&~R9owwtlUf2aC)s{i+=+IH8y7|_z(eNLHlykb7C=;hV ztm{F%9+j%(jz$-U&H7_7nA6v;+0NLA@X;2+#aa__aPHG1IU^I3$~Z2?&0DudSe(?j z_xd#-3WefS^4$Cws|fkt%HA*BY7+QrYisW|o-y?8e=gDe{(W{)(Ps8oy1P#}P$<;4 zPoF-K`kzbiY6WlQ;^Jy8Ml-y7_YP79=})js+)C@Rv$H*4T;vK33xi{7H$P5?uQ4_@ zuC1?UpXb}=L0e7PriAsHrk0j9SHMT|_*VJtqj%S=+q5aN4paGM`ty|9R`G@fCAEC9KRsny~0(|Kb-%H@F{1yy`rMmV?x(Y?MIVAyiWnT4A>#ymsCILlz1 zcHU=9cv&}&)rn=f)h2B#?Ku?!DYCO?g`IBto6lUNFAE-*d~w+|@$FkT&l8c^dQtD1 zED@>Nv0nFRoi%;Uo>w&>zQ*}>J-GMi(FVEOV_R@)d zP5O@9o^*eC4ObdGUNEL!PJaK8?bgIgZ_maYI(9i1>9B-tG>a&qW_~zf?loVHzViC@ z>wBB>nBN3;Z3H{ax}}jwWV(tE_v$rkj-;oHhb3$)g6yt|n)&{OxjD9)wfnki63+yT zyg7XM@Y}2t_Ld?dBI}r$4c**MH{FSPCEn^*b!MFikk94mQA@${_o-xVX5twOEKuCZDy0pY5ti?8=VfuY7skJNHLhmxmR5 zl?!_nvajW_k2&>`NaL(*slkSz)(+QVM33+Fc_%NkwQJY9wcqf0=24oGlCpKIw^46~ z$=NNuzGj|)3a{@mfh_eRN9obg(H&UqxiJY@2`w!?7Z(?CIk_}#(_kK)6>uLO0R9;kiGll$&>dL<8gC+Yaox_DI1}e7=7Tt>Z#dT(=454$OuOw zkt?F3*){rS4C39c@6K&F?e*~C!>4DBS^E?-56ty3&k7kE3^x>^bNmKgOm!t9&NiIp z?*8zhvb}xJ3{#YQ_zdKnT0ssGr#e|UfmdBHjJ{b=OAF%uXC7*6XPXev9IaWM5AJ6W zE20l=;4sP3@hft>x7sXA+j)lR=69FN%WUw?ZJxQA@uS)Y`#X<&oVpj#5hk|6S5p+d zXfL(vO-uf(~F7nv5^J?x;RIpi_rBJS=$yFX5c%T9V^^HldYUx4rZ64ZCm8(}9b4@w=6l>`#Dk>h%zumUntlhMQm6e5`UpCC(b`he>EnL{RdcMFW*eoR_<#f>J56?W3_>^(a)`B3oGV*DX z7@eNZX?8-%c!uf9nU7sH=<)vMpFoO=~inP%zur<^zubNKMOKE?isIWFkfB*z29 zz#4rVPU3{Jw`dr>`i`y#@xGAJsOVKa9|!r*Y%>?4ub|(x6Yo@CZP1nqGdRe$bt`~C zxXv&+_c!G+SA3lhS%OyQpS`KM(7}E9Rav@L$c-_s@ngr1(F+JQoxqNJ25$F+k08`VM6qJR#CUf;n&YRp2t?Z@4s^g z@#2zmY)+1#Q$;8j91ee~v@s|sNX_@%+FQ47?cBK&2rD@6eAB;gJ{}xwC~eI`7u_kh zT8QlOhkxwN9UaHNI)uZ+=Ehr| zDs5!g#Jj`Zp1s^}AkuH(MQ4=2-hF9l9G9HRR>O=eEF!bA1Rg$oI68Q>!Ts&s{k8S= z4|0&PPjiqPG7;e}{Y^ea=$eFVN>4ovg$uH}Fa8R;vZ_k2PIc7jRv-&xtKYhHtH6FT zMZ#vMi_6~j*uJs8CbiHhdDz?j<_nPb>F(}M8hWWbH8thdQ4vX^=xU=GvfoDJv~vMK7DGRFK@#? zcvl@u4EYxCOjwL}u7Vvue%!O8LQ8w5S12MfveN6ipr$5|i;Ig|`26;m*jQAtBWd)l zj?=Bc#=fk)LR-fV%VU6&^Qu*^UO9Q5h!inB2Kj#Mv2-2bU$vCXtA=0SB!ciAaB9J08D0FYFc`xt zV|^Xl^Q}GYJAVvvvUNORg1Lr`H@jABEpe}Aw6(Rhy`3Ht6H^p0@}|9lV|Kj7HR>Er zjoP~z254*ZYinzlgjr57BfgN@FK48ui;v@8>K_VFyo#6*gVgtJD}OV6BvN8B>_zG& z*Eu{e5F}*f8ocLz@;}goJGfd=tB^`TtMk;16{TPlc_GsWA z8)|oeVBXvgL3dPy{d6}oKG4#54QJD*Si5SttcTy$*4F69*eGl>KYzltYf62JwF%ZX zHgK=!;w!~iZq5A|HYs`Eclr>>W2~Y(8vWBv5_>G&@bEAsPs_^6=H4@3Z(*5iF+~K&m6zzk9ZqLtKsRfRn9^)FXoR2#Q3Cr0F7Sr%m zFu7Z!2a*wd352#=L5h)^_$0#&4i+KCixJ6Z$>FI?aM1(-#3lp+0qGZQZEdxnPiI#s z5QY2cuzkK=54Oq5TFfwc?Msz%5R{ZOnPJK(LiiOUk}(nUur=}PVWVSXwi73dETqTNT{++N4TlmcnWzPzjl^K-Mg4MiI!@*w39_dF~6!P?Wq z%*MV*gD)uLpd}xq9t#mw@#|shHf+!{Fo+!EvWp^fVq)_2RuE-{weS?3 zbN>9g`T6;09y^s!Y6cki`WBCIS=^f+i<&zkEHvrS3tt7x&CMlIC{>3xaGbUD#r4#m zJa`UQx_7R8Ov0jier!MOdiZHpXU$qzN?KagqemNXINY+g|f-v6x|k4_dO* z44hm<8YgRN@Wf#BlMGeUtWN9XqemMrILP%WQuoiP3(Vd;G^d^=HQr;5UJVm9OTU|S zrAPRTL40L*-O=2Jr)(2F+XqK3w`P4V-5oBgDoW!yX6-59%GIm6mhiJ@3=?ylZ~8ly z5KfLsl;5A{jh$;wm{UJ?VWKA)y&6`3N-I{@x!kQW2l*_I^I_$o4V@z+iIkpt+2#!4e9;7lfRj5OhQ6rVj}azV4F}_%(IH=4?NV~r>j1Hcye^5Wy;G6+jmsV zGKbhvv2NqW>g(PuXB(_ctgKkfL|IRT46A3VQw(N!MT(cD4RofT$Ii`+uVZ4mf8laP z%%e0p)2uVzbaZs-8h(;9;{#EUH9}$9KiAARdlfO^5HL7$SxwYy^d5u2+ltxYs^|GO zR*sJ1VF{PIdwS3hQzS~i&d(O(+Z6gJOwn_%`DQ8GCjtTnM~2lzy`b0Eh#mZA3=<#R zJIIjRz%t&Ih!7MMTs`#iIwX{T&a>!$+m(oTz-qaD|M2UZ==Tp(i*^@26H`Ybk#zPK z9ry3s2irc~ebmUvC`r3cqqK3&aMP(e{Kw?VK7kz750UIlWu+B~wh2@9`{=T@#v+NPJ3o_>BX;~3+H z4M&oa_MJWrC=p(9Rz)$_L~i6c+mN%n2y(uAEqGb|i@-|;nVJZ z|1gVVu{+(BD_2&yplYqrtYS%-nQ^_no@*Hx&QN;lNfgS#I*jhu`8gIYuIOD?v8d(( zyVi0)sZ9dfagQIHb$53Is;V5*)6?P-602Y-DJcK~Ay8IUR$Eu6gT;zMV1;{1+}}S; zO;@Lg3JM7|-U$zn<5k}h&!cLPChH72slC0P!eU}VVq%6<0TG$BphS;`n&{e;w6w0; zBSNiZ6tQ<*U686UOP61Dkb&92(UEiY>eX)t1~w3h#K6En$i`jA#H9cE!;{X=&Q(Mr zacX8p5CC8(6pC|upnOhF&S<^n2*h-n0mJ(C_UwdLrQ7E6lQ+@gA#u_F`IzaYwy`R5*Bn-gF#7|a-Hp?^u&?ZE#!Z~Ff)&yV^4e`ntR((^m{{|c(g z%0GVpPelR#Z~p&3@%)_szse2#s2pEf4GREj-rx?qK<-sthx&P zKgj>LQI^5)Li zB03WEh}Hq1g&oz@SkcB8;teyF;@;Y)};peS)sAk z`e*|KYXd`ncO|1;I5jnWjFB;@U>B^b=0ns|+GVdMuVdq*qQBcz!QR|Q*`Dg-XNC6) z-iZ@YFxaW8ZXW1|SH>9z`3G4BsG?2bMhb8os3M}EYpo-qVBo2Sw)EAvbX2!@w+`B6 zrEIS1i^l~~ccFJ$*`ri#D3%u9#9by97z<;oKnf-(DA+GRUct!SNDr@TO4T#LVDQ*o zlt8Q9RHBi*f{KclmyWj`($~Yr%S#c5G%{6DLn1vy6buLy1s`{LRFJW0z%C0tGX-Nk zb6sTvMIr%bfkq%8G^w{kl=wW7WMJ8A}QgnU1$h(nt3TBpeaBHlw zsSn&;9cOB*;_0j6h;)Fqp=@cX6GT<>qwdzh23Q&>1uK{l&3)9YL8@7RJQj@?Q82LC zEux@{6;aUjG!JwnsamS<46^f3B8ey%P%YIA97uR?jEzE&xec@oJ^!7UV6wfUslCrm z3rk0eh=Q)~E{vf!#^2t=OD(|M2jvy40$MowDw?SItNMX9I>E{+J~mchfR34?qv7rV zM{ggbimsxCpD#sT)zZ&%7wBu^X+$;m@Ub>DLc9AC{JcFBu?BW}dLjzC-bjkFrzKg@ z3a4v;_5rOFv3`a=9vFS1p@|X_t*>gKW2<838|1I7O0a=r$!Jxag|dP=&Ro?>RbS0S z5o;u(pc@eEs|>B&4kG;D&dtw$UVmzNZoapz?Kn66XyJ}`5)Pso?{Xg>Nz!vMbx1oJ z*|z)m?(=R5J3QB&@x+38vFFYkYMR<8R&5ZMYGk4qNqqKvpDTY=h^)SDTT&Vm+k|DRp_k#>OTtBU7Dklb4j0m6(~y zJNV`{Pjqy&W0BjcI0GSrME>}qB6-Mo-n(}%ry`c=L;cCvl$5Pow{BfGpOAE{*w)y; zt*y=Rx)!p}%~3B$w0m z`gwIM$B`2!VmMp^SIx~%8fIySZDwbWeE!_FvC-(gV*#e*Nro!=aXQ@db-A*xp5Bq< zyBG`sg@uyD%__ixZDzEjrW0I?2j2kwk$y0S0IrDwNG+f}|Qqd=bV*ci3Z%691Oy@S2Y7dSpNWXWkTuD@^Xht9J& zc_1rGAd7mWErw0%?Z`-?K=>Cc>eem$a{JG1*|O#7RS(Op92~I;ImU+$9V#8TbhF5} z%b?M!w%W0PQ0u8w>8TWx(8+$z?D&D!R>wwo?IFhk!Z~6`#nf1nC9;Mjg~Q=E<=yu6 za&`+!+o_^dG8(h>7`i`vh)H;N?8?=v*-d>rU0vlg7}dEVIE!3KteoVj?>jJmbN zzq67qFgW;=h&OkQb#v*bPvo`q^f3uKs_WLR+W~^Py`0^`(suFQ%>``I?6JL^)Pv>a z8i7GU(Fr;hmDbHg^(QsEda}aV`3@3t&YoTSy4;VI?_lP>+yX0BF^l^jyK0a%rx8a^ zo{S$IB{jm0u+nxLgU6d4im83pjqvky$E0^1P^Wx2oS>uNp6~UzB5YPZbc)mnucc4a zo)NE@>6dDR8;MHWZ7g<_?tPxmnw4&Syu4gvYGx)TK}P|V?^T;3VKY_oLGt?ExnQ%C z8g^8sTL;H0aguHZ&wMls3YS6&S>ED>G(=O&ss#?A~|nn$lVZhS&t1 zP44+#JA#8Xa?YGV)&N}FCtp$2LZ^y)IlE!U3g|hR=+B-#3oWnp3b;W~P*A@HU?{S+ zyL9dxy-)iMHok+H?)UExm6vNY!fP$0?NVbC6KmqQ6!mKWF7uNbYy&NqIrt6^-nX_Z z8yzKKJUn6(bQB)e*6zSy&h~O*#EuojG{1O}W1gXsgHB?Fe9G)>9V*k6HKume6C)jo zHT)rFR3`F)Y`v&=1DEfx^Bo+#Yi(D2Xah&VJFO1^BX2euC-0qXaq;u>3;a|kmfbQi zr0q!|5M&=ddi4HqzBuK><9o>>rusF2W|6HO{^d1XYY8!{movN$qo9*4yq2C`B_#3O z$epkJ$-+8$O>NF`XAI&i8_yWNk15~`nH+x4nj~3mZCA{|9|-FRn>^Xe8J?eSD`KpR zLS>J4NjY4?+ZV9M(nUu{zqlM98+)}Pt7(32HoK`0Fy7)4Hg0F@;Gn7*-o(RwE-z2- za?2U#oBohkV29kV7z4$uiCx?2Ud>_v@k>R6NTDF&&(e;H5CXs`ggw0$q5@*Ch%z{rKZx|c1aX5 zJ?41XG+FrKo{~)*axPoH@J)M*S!C`Qd2<`NfW(V>QJV?^qn;17msGjQzwK>2GdekG z7#61W>C-2OwZG1dguk%X3Y$?CZjB z6N9^8EniPaOG#~jxhZkOiEp+KjPt9JV8OTf+1S|DF)`UTvm(-Doev}?CiZe-7>*Uh z(9zLFCp;BwFCiL|Nb&_2E@Zb1e5_(dxV2pY14nL8j&>y?cAJjpW$mq;`q))?XWle9 zVrnYTQJVdJP0b#JivOUa_Yv*Sj}>3k*m~4wwhi7gXWp1{>{!8vmU*81_g~Xapz{mT zPpCAXJ`FfZvp+tr$WUBd{B&Sk&G+3}i!5y)8M`x$htHoEAMn|I&6CCcvP*n_zgMO@ zg?@aT2ICSkq|C&nuy*6djZaLP-Q?fC4(LFJg=sy;D%PLWjH-%auEMKaxMW+FU%+8% zSN;4`x|dD9ii(P$l+=b~;avjs;?K-7Z=1_Spn((D^v6z*ZT?UJ~GL-zEI8|+8LEDcB`c`q+7TZe*B zGrQZ41(N5Ed3;4oce8ru+uPY?yWZLBSVk6soj!kloyN&c4wszn-8;yTG52!*(<3?P zpk{|k4o64hCcNkNuVH|FnPEI2WSDUJ#*G_oEm~7=50+B|Au$tPve{pfw!M>(E zNDe7*#~T?LZC;R1>Q~#Ch(ux|+{ob6sZ&o9J|O!mt(*5170KgYmqTJzhfG%JFhRa| zEZ`>fKHa8|L`Em*D5NXlwj}VX3u@4-@5?PHIJaOM91b@!Guz5{aInaKX!rdG4yiQ7M|+r+0KtU+HFkz1g%oii$U^t9T`D(mL+ zqoX7{KE!iA5Q7<2&gZ^w-CRU?UA`;vnB_zAhsRuFy^VTQCi3cI1rLIPg0e4NvY;}R z>zJEwe0jr1N`qc~y{TQ7q?8m3C#Sdu{p-^KBX7=My2Q?RFf$^zpWe&cyR)w^dIN{- z;e>ZD>Q8Di7$=j4UMe?Q)kZrO5OOLi_%%)@)VQz-3kj`pzUj}#chG5HZa5edKXPk9P^0!*>hpF6h^6JA}%AmbLr3 z7h8G2NJ8CFv72)|&%z-7ii^{4x#V0NJnq%#Yn1I+@LX`@&R1>z&{3VSkq!axmP?1K z-C6kRM7Vi)im^|)$A;QDn6<_>Cm%hEG!#69&QCTclgXQTcs97Yx|(IGv4|curqH!N zeY$U`y#!quu^uuS&RJ$9yn5x-SZpK$nY7G^FPpQovpt&&*dD}j9hBK~uxx}JtC4!)st zCZ?vvKJ6-IS=xM)Z$jkgnK<{=)*7A7&5celkgTy5Y2!oe<^A~aW8jD59&ZN*VvEr= zf=WtTH?T|Z@bZ$h$W-fmww;cSPX4$VVBX zoV+C^H8uO(Ir_WfXFjB*re>c#ySBQzy7tKvBo-^GLVOb!^!WqoVT#1zn3&4LEJE_W z@ALx$0|5YlWoKs}j*UH7htc)*Eq*()4##Dh8UZPG59T*&3`RLK3;Nb2fh9|-vH#J>tYY7PqbnC7?Vq{`cc}goJDJ?B3GLpVg zHT4yfY3kOl_i3&MH3@tf!znLpGE{uz(GQqlEzEmb&zWa*gvBQ&GS5#pgfmvq=}X&L zr#rX=(Vf%`xN$7Eq(n96%$ba^C*5^NJBNmR=D1y5U2o0L3>?_Ps$63&(z&1%qV}(0 za36hp4?1vR;{$1F90qZmzD=K*1hjei`T3KC*Yor9mwug}_3a3oM9s~N%UW1I=QT}@ zP>0-$GiMqL?4-;xR5tF~wW~CATH)n2+`$)xd(IF$D#C;3?|hvbfd;;H>()*?yF-s3 zo0*-|U`rO>CMrr_lfXx5l-V}JW}52MU$Un!awE@)u!{5N*Oj~pmZEAn$I3R;)G&n4 zws(;FpXXx*EX~ZiCrosUZ0ke_H&Wl2Sy))aZn$n-lfZW*D=WOI!8b(20iB=R^rhLp z-|Ll29h+l;@XffmICh`h98!pghkJgqG~tyA!$xl5P$?e?!ewFAW0LCneS2`Gz9AxI zMYeTV_E@@smdg&W?O$5Ia;amHw(~0HDS4J}lULwR>w#fDCOIcjNX(U~9!lLElWU@y zdgRFd^mNXWHj_Ou?NW1W$0T>n`AeBY65F_u@XCdC%NB^g-SW4TSTlfFY^A3XIYa~| zZC6rV_*}j8_7>CTCnPDqjfBg?vAO;9CvH5O9ln{kCm;68<@E+ryQ;l6Q?XcVOhWgI z(%a<>#|r3urR=l`mtR&}Hy=J%Xqzld$d#-dvI}u6kgO@R)hxa3wZ_!$P-&_cPl!J z3sdypP4w@UwiA12Z(>q4)I9B2prGkL=yAEU4nf7X ze0K{|u0^z8*zQ>1?>SRfUzl<&rv1X4V}Z?1q$ms5u>Ccd}dql{v(oG(am*1=vGNGR)>-@ALEF>@_q-*%*NMuwL z1L5Y73bpSU9n|XP1~AdDF-YKzPEY5&UtPUz+qP9V{fBfdEH-(0dm}q+1vAqN31ay^ZqR z@s6dWZ7TTIeXnl@2#JX?Oixd%`Sou#F*UWavRZYujp^;o$-9hWyA2J@=m&B4UX@XfBqtv@aA5Vl4wf8OU+qj& z*4z^(PsZC_ut&Wr_3dpf7Sh$#b(7~T3jFAPHaE93N?)z;1~Isr_(;BeV};6>rO_3QTw8*^&RIMiP@br|mj|OM7MPAj_ z2JP6BngKBh-CH&N2X_Pps)dGzx+!rVNlg{e*pd(H(F@wTr+`NVfA_S`!B?N$gx9ZM zWNAV1~oS>Z-sqy1_E4^J{zr}lq(|ERHy;-PP7C?q7LN9D~<;Ma;de_otA{EAD; z;nG&VsIB`xf0W9tk8(E|A1dj1P+0ONrtPXnSAX+`oG$T)sZtK3&rIdAAwR4lw5(T6 z7}nF3DB+_Wk><5L7{Xj|^QT}4c~!mPBMDGDBGn6p+7`*gb)dG^sANiNgL?Dx=YXK# zY8@RN+3@&nW%NB&dvkj9jPmPGYI4la&l_1<2K0@4J-K&~q49!)+~X{SD|Kr!OOGCZ z&WEbp+~EG_5>wOD68$=$jAOAo-Iuw!k6np~m;~KTZ$s6hF7#A^xhIm6_MOrS$tf*u z?Q40Tz_?+9Z;NvPs_Q{~&Y2`WHG%r~52s1S`P}gaobd*EE)349;KQv8wxr72(9#5{ z4^@4+FH4B7p)-AX7B@p@ZeP2m#KbATgUaN!sy=E!Jw!Xxz5sibi%)~PgFv`6m}VX> zqp8WGadOl6_;}8lr{*N>`{WOyYPq&gu!^^C-?p;17ae$?>?7+`3bVAdtPnOtsR=xM zdvQAHw(X-wk0A50{r!=y)vH(U+_g(WgMR<#Y<+S=)L`z*0y`;3Y4$eRL|z962L?Gg zxkmW9OlFbf5N(W1^I|yV*!wF+E+Qf#y)OzgdN~R4pR=9F^-=g-4c~YAyokL{kw)Fp zZEbDqn3*~Fs$_h%Q!Fn{C*|6@hK<`vJC{H2lT{oy6nxsQ(6O+vd~eM#y}l5IxvtD3k)D>u(cj;% zU-NWrebhv&hJZ?%S7_*V?BjHlrHb|We49M?xtZ}CwCCy`y%79K<_uHi?b~_V+S(>C zLWjNuWKP_je#*b6r|O(_VPPRML&azCi2>t>&d&XiwF0+||D5f7<8hREZh83Ez1t^R z(FqvVf?KyT8R+NN=tXU+ZgCBl(TFVY)xP%V*mP08Er+br`G=F~4G$k4aJft@FMirb zeQ{?pibK^!jF+Ws%z9rPa;cUBmqL=12uaIO7o; z2gjZfz?_?h2k!GyX)6bZ>dhucX?9^z(cR(hHPzMGH*T==s1or0y*FYxDfv&IK0Uqcion0Tw!S0u z^G2!$A1zyS@v9ro&V2kKgYY#G$u9w%nqdxaE#Fm%&Yx=%h8$3C@fM7L& zeet<3v-KG4w3EU~8Y~2YApY%>A00 zGX({V!MFMQ`ud6-r32qZi;Z?h3FMqVzb;w0bFl3yY~RdG@Ru%uuRGt*mb#Wx*K2EQ z=b+DX_Zy7!Fw{G#~=jSI0ug}lVe=@9um>Xk#kSIXB zjW(u5TwpC(5$UQ#ep%;o%p9(rnm0X!tBTy1L%5{(eCq23VXrUqzS_Gl<$k?$qQka? z@R~6^Jp6e}i|TA?qv!ok?;mBn#>E*3<>cgCEb(p3K|0RB z|KP!cf?>Zv^GnV*BPl)gojqCM20lJR0(+hP{FEVFhPh@J6cn&KPaN97;ii%SJ{s@} znH;YE+<=gy(Z>ALmDf0Jyks*nmL2uxR!{;)=umK1yz1zSJ;dmQY_Ck_p(`NNzJ_6w zTWb*tYUf@Gsw`u~>)tJ-M=~X9$?;nY{03fl;_+Mg^qSQKUV@K8TSK=uA3nSe1A=WC z@ms}(gw`AtHQ&Og$Eqgq5QvzU;^MurzNVqW1}2~q_mQL|KqFF=q<=?6(;Gf!`trxYK zjSXxHGCD45ej-B1FyU}QwnQfLP?3lBprjovus=V~Hs~7HOmhOCro8{4V`B1pFcV> zO*(J8>TXR$TeO@Z@U#~%m znxD8IfVAVPj~Xa-*LJclxH~?%_Ri;eO{<+d-;NEC4X3B4dtY9cQt^2ytijl}|8u9) zrA+3uR7qH-RtWp5RjV9t;E$VLYH*fzF5kL;|9-WA;mls~ZdiR3r8HREX?KD7yLazS zw+#5cy}K&SGx^9jb|9xWp)c|FxDOZyp7rF^R~0LtKN3k9pzNPb5>SX?zFRe z|7pPC>W^Wc?zNfBv(cxRQMoTMkX6gbSQ#rkBtAG1+NvA9>;gH>@R*(Z$|AGC6t6Rt^p!RaK7T$B$2SAGIv+>^J~I={i`dH>GBK!QZM}tEW_JXx>0D=DUY0>%pxVsD&;|qo zK^=Ip5wgJBZ}_k*WR2$NMQ!SRQONV<%a^AmMAwL@s4l1r9xpvVemQ)bgv5GiKo=K& zZf8l(rKTy2h$4}`eT2)Z z%EB2jAO%gvk*Ks+I)E9@os1#}0Y)I+2cQuYt&*DundnDast-ye0C=JY4h^`2)Bq49 zELHJbsEkLEWds%q_brqHT&yRxP#%a@_{lv8z)>k69xKb}N%R3VeyNbuQen_V3a64m zaH%5jwHqyqx5CaH!A__y1!xKG-l%+Nq9~9YJmPGJi^ag_hh-3^! zgHdL2V~jF@Cx|D3WJZ~9^#d7Y0IVN@R-TzrW@)dCOZ75AGOau4gTmo8mX)dBv1}!b z0IgE82B5pxdEwLIloX;L84c1#`CUXT!f43J1q1}hF5fI8HHZXi0QiOTWAtBn%KvL} z{rCBspI?&y|8)HaxQfb8^`GQb{+0j##3LjG{2&K~gaBje^7`?RoYgay)6)m2L?WI- zD`ZI`6VV`r0#all_#G5)9BHWnsy#$Kj6y<;%Res(DH$52{VPWP&pf}x|4RysBIk<2 zE>wyKDY8`3e<}@rhyPVneysnbAP-mgxBkOF@`QxQNdo>j9}QaRW-Ja5(h4j3KxjdG zf*OFNTv!+*BLv214O0Ec1ONq4h*&B>AYwqB1@fSkDW=g0kpM7;ga9}K8t;bz0l@`| zl3hkdP&bM!G=d-?j=`a+fS@-RBnSu^SXv4Kf(yDw5D>@XC{#dDSI1fq`ggaWgajZH z7RE?hPDqH%!i>K=1Js2?2C*QS3}W>C$T)(B4cZgL_~CH`4`UAk@!M-8t>`gi>M#O; z46xAYd+j*@pcRfp29n6&Lbc&$rrx{|}wzZ=Bv=IJj?T z264L}Ah^IS|CJM5IJ|{D;jjSc3&=u~F3q{Pb6V>klNz$i1_bdGaOJ2A^zvs$UFfl5 z)J1&%2JUGhkVM2R;a?8=n?S|=`STzVF+a#dG|`7dB!C3!x3i#C&ouvDxmFO6wO=sO ze{6wz(+b%O0>XdzoR%$NY1_iz76E8zeXEczC`!jd5PPUNS-ZXP1bs$ zXtS)v66DV#FMZM26cV>95#mXtKpqMBC-vCh$Biqr+W&?dzpK4}jvN2Hf|dDYuKW9V zPHj0U{$Ymu>+JRm%=RC$+8<`LAEx}7$^ImZ{SgNH4VL=bxaprUH5O+28!U}wy72Ea zG?uaS@7Wpuu>bcv{y!Q;Lb>Dce=P#=d;Y)jkM}d4EPdU2M&XNEuInn0(6B9X{M5*df0LVqt^+|e%J7Aoz_ z{;^|P1pYq6io>FSKK>wCkLW`}kwHLkJ6u))E+a4av$Fs7qnDNVHXu!51A+@v%K5|H zK`II^xDu1U1}pftp=aTC(FY_@{~(H%b@;<*f-C)HG=YIskU$Gv{4rFaNF>VNiYN*d zMFp{bcnbJOF}1wMKZ&Zvt^Y5Ogd=#6K?>y$B4`QvSCF$L6&AsMqiNX)-=O{g$dZZk zzaiLPo>=`aPfP%*0YtJlj^H8dtwytc{}3(wQn!_a@h{f?6RiCecCyyh(F4ffVxGev zIh#~KBolKp5*1)HOCEm_9Jj45bYILh+5Q4|0LkU$dxRB(v1dAg8+ZAOMAwKoPQ=t_AC_oTLpn_y9 z3JuaQf+hM9FoFO`CKJiBjFOVJM8F*c$e<6=AH)Cwp5OxgqES>7p6DS)0eo--oR1&j zmrg@c@(-FHek2l+Ork3+4h8e*SasNH?GV0C}l6zdjoF&7;garZd73cv%0V>gk zN`^487oHsv`W~-+%l^oD^gG%+5Or49Kl)<|nJrG*$t zD5|F{l_JreeTSmW!((kd|A5lfShVdfe2()XP zpRuq!a*ZNjexd(Qp?_nF-NHIn#Giy|Yh1*sh87^`MA)fgW8+|Ht#1P$t*tGsHGo}2 zzXg6Ik%|5|3$swgoUYuO;*C*9lG{{!G6m%j0KRy;jD!3pV zK!1<`ps-Ys43I&{GC|?-w7p9ML_7vSlR*qfpyE(?3gCkZf(U>Bf|v!XhUy6hExq*y zNsz$>kRT0Dp+dXyC*u8lKmd(L;e056%d!pp$W%`da__N3vd;o_qEQ5Bexf@qZ5soi zsNa&XF+?WstU@=|Jr~5#PcWYzh#jH5}8PX1Rz8mz~W8vPv*xW?a=-c z1jK;_YlHUDnn8>zQ|gsNaG z>aEkVzj4?f23sC7!2*IJ6gd%!1}za{1=x>xp>6xugDCDyweYlU+6_yig`%<2Dy^H zga1IZ-wfklrCYf4ueT{ke5dM_ca(pG#8<3pnUT5dJw%kW7i1)xYI=-gJkmHkCRT=|J{#ncO%TG4H>h4c?C1cwF0m*){J8%Bb59zUW* zO)3S@kdP*j{d9$dK7LgDet6U20O8ZTYlP?m>&f7Vfp zG`Bd*H)%ov$^JMrxEKjtY+d}c*tU~Mrhac*{Pbgda_6#W+7%#T0TclM z1923Zf?b4M+WYd}&^+II%NY}>vH9Q*6oyvuE!>G(jE4e5GPFz_feLznKZQE= zA;c|@bJ}`>-j%w{CWWNr^ET?7cIMC*3kN$E8t&Bb@`tDz07wZk^ynh zcg5hploTQHGt{qVFf2^4?Bo~Jz;aUf-VPn)igwz`{^$oSwrPC(freig5CBNfSj!zj zh}DcKfZ)PW3jQ?5QXcp(E?`9_<07h-2E-AlD@T*~-iE~!QB)PBAKRCvqmk;*6NW-0 z_6wTwx4pWZ3m5ZLGGqoUUaLcL05TbEgGeAiyU&2=dGUG{#QXuluymEXb8!^G1s(o- zB>Qu>WrQaF3%Lwxe>#`pr(^~!3QqxlJ8NM9IsaLT!s6ES@F)s}CT;!_K8=4E?N8$M z=kC9qD)Q&i`(MHC|5^k8Z=c_>{}#We^Iwhs!r}0r>^}uX#eeO;f8zNQ@!w^(9EFM^ zU{GYt!q>kj{~vqb+TAveEcl(j0!w9Xth7m6cH+M4yPjR=F*7;cop|kZa(27>v>_6b z(546m0Oe>p+26hgPl7K|v}DJbF+U_SiASNTP^c;t3auhSvyUmRCSv_amR;kj!ayE^ z3LRNAL&-d3GsUngs>tuUPQ5?5!I(yRU3E`VHJ6{m6i!hbjF;sa7g{H5l-K$w7$?#* zNm3nK9Ke~ACOlc$ILfAuL75=!WusWy;hl%~uU*(#=7857iwLdm*Pni#LEDEW4QD8(@X zpM|!YM&RgB{>1Z(d@{kGfFIO#ItAnlii9bvQU*#e1bEgOKLd)g1V#w>-}%7*-M{&uphesyPm(40n8QR~unb_9$-#!+2c%k; z<+%Y&VS$0(_{U&?tjG; zT7<9gFB#@hGF*G{jYIuH$2T|aBA3emU&~)1)|B}2fj?i`pQ{}Fm8Jsls`O&d#vZ@T z)R7wHBNx!9H4wR5049n=zIW23f+=30)Tk9XLsX~Wuq&T)+C~&HD+)=ZnUQcZ?(C5jjd|xOgawomE^HBI!RsGaeQw+>uvzk!XnOcjwfEE}q z!*AApt8(WGE!Pq|GQ-RUQb%Q|xk56I&3_OrcOzP^(6aeR$Q#Gz6orh$kX5@UxTL1# zQqjQiiOTUG)A9R)p}%sZV#U6 zoNlIx?%8G!@em3q;uNC=61*kPsU#G^cnKnDpT=v=%Hqh3@~S%9`=tXr2L^4B;P1SOVz ztSI@|9$*L8GenV!_%k@h3@}avyRVuHm6jVOgUVp*A_@fZOx6ETjs3OUT2(BWlO86n zut6;C0u)YMi zZEa(CV%u|9Dz%8{FJTNhbkZ4@>3`B)xTfrhUYl{)*g;EK=g7ooFg|*U(#XwW_@|RU z%ZX>N1nHs_juRBSktqcepSYac7G3(tq`f?IrbP9OZZnn5lBKC)kLODC`34N%fvABo z+(_ptDDt4)jZPWYM-|j*^SRf@?UUj$Fh@< zYed10kn5*OHiKX^9I8LxD$YY@~{1L`TsegaEfj<{(m$&s_p+j`2X+d>3{y$J)?G^*aOIz z&qk@L`6m(uibG~LJwt?=eQ{2Kbq@nqx++W^{XxPgojy+EVd-PT$=#|qM;{8SRdcg= zmwP-}U1_C@R7%i#EfcehK1w%msmQS6Rx&HATSf)F|LXthyXWlO)xN8)QZJezYaPvl zh`)bNhx{*&_HD2Nbjbhxqy1X`@BM>^`(N+m=_UWu7*PhGb_&XKUpCCeFip5Z$8I<% z3d$!%8_W{<3FG7SLgre`_bXU`OiCfddz=ymOzm2GTZ?bC0U0E(Zq zt8t3Bp7*PbZIkp)zm;_Y^KwnO(9&^G|*f7)3mh$T9AKz~1Px_B}586rQ%AK|sJCjHE(1p7?)CPi-hls6$_0zI^e) zXE25g9X$m>5Tl61XxQLDd7k4W1}I&C1*9raQ*AOs6$#o&zX~oC@eD!c%fN02byK9$ zl;fn7Ut}OemSE|TVB&|&3@Ef-J#43jbm6^#4E?QEReAzz84{{}xJyNAYeiCowh}u) zITJ%LY)fiT_!V1QY1y6S#R5E`WNwyBMZr$Wt=!768>Z^7UNfuKaN$uBqtP2X4h2KM z*nQVCP;bKcPGz|a@wekYJWS0sYW5jX)mW~Ze9rpzJEhZ9q+$yH{Zr3*p7VmD4z zku8E1ep9tCYj7w=(6loP2-PLEw^B|ax#^#Pl%#`hWLp{@#y;5k3O>*Ja~3=?5lKBA5PETyngfdV{l%K9>j>Fh@%+n2$kGP9QozT zv3MiOeEBlm1zOoiZSG^0&_!)zCrdz)7$!<%bqWhE2#)L6))y;e@^%NAff%I=Oi8N3 zre$zudj?{S8$_8&LYzzA4u@$R=w1TROW>6B9N)#m;_)x?td{>yn91Jn5o8ReF@=2> zgD(Hi_s^bH{J#eWM-Tab@8szr|8;~80xt|B09sA;uMUw4!CJfGVVxMJg2iluZO$Q+ z_{#=anIPV>t*~BTMmf4%ms7zQ#b8Z}O^S3xhKYf-P+P|b3pBK@z|^8A zb7%&#qAsBVts!`+?7d?(-qtm8UF15}XC?H#!ImjnSeW~+E5|BI?dj0GwHi`oD=oz1 zpBbWO6ix7_wVJs?%TQISv}7Xr+!(*YDk|caD}4r~*h8sSNOwXt=3izXGvie`hsp;5 zY5{eu>Xqsfj942@Yb0U=Z~9$;6%MZYx8|_I)+>-3xNx2)9A~xbP)xfGk&A99VCA^g z$_?keC*EoP2`3oRC79%?Qj@gHT3%&=r!#JRX@ph|^sJO!oio8+9^WpFzJgTf1iR!p z3kwk43wA3JxJ8?4>Qs-=7Y+$ux@f?Z;E$wdPUK@7tUQtZxjTp3h1nF_kQ-dgXo}nb(S@ev;1Yf z*vcOI{~S^b<8gmiP>25i{j+NP-@)kngQExi|1O@J=>I)O9zuzREXn}N1! z{_^zOW?H}L<92lZ29);F_)UG?9L)Lb#!7#st!9-U(rAV`l9!pT1CUd^+EUJE?WRMe z9U+NDg%-2noDkk(I#B16U+T4?9U-4hn1Rzqu3vZ7?>1jn*FQ&Df+NWyZNsUTsJHrc zOrk0gTFs(T!FJO~vp^syxMl081VMQ;5=fU1ZgS?Z#!pQaQaSF;y+EM^!>}H|ylo@Y zV7iXvt(u|LaB6q>DnGa@TzrSs{S`=PnKSL&*HC^9CM;^*0-Bm&T8*)P7ejuX1#WA$ z{1(^xb>O~%F>jh}XzwP5{F=>d*^D=X=t1`zn(%F{Y-qrnX79QA?uyesbF8GZ-JnMu z|GFzled}!LH0QHd1+O^mSiWd+L&?{#+S#m+L&b%n!&vR_{Zc*%w}*S_7SodK-@q-V zD!6lKlU{8*-Of0{IF%t+V7YytTxG$!S3Wt0_!=&`Lh5um<8;Y2m|m3+7~+A=7`jCd zoCf5<_qMJsu|40L)UC!_F&o!_`zAgC-R!sRd((sHLHC>b-dbAO)c2;Fz30BSwLLU# z3i54wXtr#|w2q<6P2)_c8@Oq1)g`*h;`m0KXRC&=iTJyHm+04ay4<6uhyO1lj87?I zACsOgzz+Z4=-Ky2)$Faje?L$_2TWua|82l>5xesit^|*iX2MyVl$Ua1v`}e6AfKd393ls&(4sfqqJL()`v2M^x)teB6#dz5 zXLm~wsSnqu<_f+A?i|Z%Dq}fmYg46q$+VTVYpYOmkGCL6TxIoUqNJ?ue#2bcIG*iE zHy6=8C0(`Ej;6LO@7&(9n~S_g|^24ff_tFvF!~ZLb-XsxR z$NAr*gQr#h@962_=)wPc7ms%n2k^Pzg#X|a#%TKipo-1zjrUiA)9(0{pEvXQsvd5~ z-CINEdX8CDZ9SiCYiwqzkt?)hVJ6E~8j?xpAjSVg@q0vBix02Vm{TQOs5-vNgWB%J z=0XLfOR!V9BdszHzbTqy*jcMy0ex&7n(-aBIovn8in4lxb#okAJ%%&J%=J$8LY4I~ zb|c9xx;A=BQ2xx&X|8S+?MF||!rd_D44w4?v)i373ARn2eqLZa1*sa1*E8_FqlI;%evY2h{xOY&V+xxfgz3%cwDIvOQJ#H5K{X9_3ZER?s zsYdUm-$|`%Dp$O*#?7iE*)q3Z* z=vSfxo%a8RYeyB@)hdR%zOJczcgET)LGQDj{IB}-u>aj9ua_5~EC27&;eIv#>*(ztCM z3&vbM+4=b}Y3_E?RE&^X>y?}DZBcmvhBH3LjVwl(N!w)7evf_U+^KpjZ+b;jG2_|} zcPeGu49xLR`M&FQ3jM+?8k&r3&YSvX_@cHA?%q}?rh{I}N=2rKzsM;?Y2i}zYnP$I zG`5nXbe~?Wr(V}0I`yky6xI!RR~XWfDxz5X_}BE;)C4R3h5ec~*g!4UIflcQIIyyB zKs7Hfb*qUrdqE3~WAHc#gjysFv6DxlxRwF}3Yf;Bu+IwCD5&qeGYG6<;(k~>P5OU0 zL&+RZQ$o>J`smRA_n#e9_WwrD4xT;af4P%q0L~y6l1g6Ys)#O@ofM37oWw$kXE3^g zQ^Z1V0N%|o11!%nLOBC$hLS{v#DF>E(F~{4T|iL+IbP^xvv?2F*c*TpO;r%}j&fS) zU{&znh9P*HCQCq4SyO-nGDJawQxtmP%ZuMH#3JVnzzfNx;QfmW5M#=`aEke!{8xeR zh2wwHJ^8PBF`Mp*f6Sk3k?s`@jbU_^XVUgz-jk4BXWo-=46nQ=A)ja7lmF)pzFg^3l@DAoq}Kffs%Ro^=~`oW-+l+glr~n z7~A6{!x7s{RMFoxQw>C!q4bPTDakV-QWT?sgiLV+#)w}dA#gMxs$S@Mg8_K=D~?+T~!F%T9!p8f}N5eFel|0A8ouUIgcPQb;RBB%@@3W5fV7 zI5*BcF|G_z2Cio~nt=$WLIsi=1M(ci0wp8^DZ1A5&{xn&Zm7|JXch@Dhbf#Q8hYOI z5;;p9NQwW;5BV6uEMrA$SNe@4hhmu+WeHi%g>opARn@%wlT3i*%onPCoPsFH8Ap_b zYMGK>6&hxcfwAB*j+n49;!?fyJmq+f${=Qx#33eoL$LGw zhqLox2wqAkf%wbbiJo&Zmj=zdA1^?JD8~~VL5|q2;QOh(NimfP69j9DKgD>LB&Pso zHi}HogENYxFM(l>nCAs9xTA1%@SPW^@g9bwa9>psHZBtQ5FCNPgd_>MR@VoP6Lp`j z+B-3v02dG^@|!mN^i0+)B7Dj*$z)5!##LpRG5+& zg^W!2CHM@~Ma=*L@dAiX8mCKT{^BNVeFm3q@b%x`zV)@6rMPDK`RTbY{{6rH@Di+o zWCm$mf<(NyYe+H@Yn0S*l9AW|vL}A095(@GA&JO5BPmL`g{N>3U6%Qz4HAWt8cuEx z5;>V(zzmLYvgUNE5#mO(YyGEb9(GT)O{Y-br>O&%(2;}VP{?<^lwX#Is_8D|B8OCn zct-}C-R2#&N=6A5lF^(=!V`Pht3{ysAmEtR)H1+!-vM-c$ z45J!|J)k^)e)->4>~ z@uh6T5WJp%%VHl%vG}D~oYnpe*1ho=CD#C^KmsW3H~F3kYf?@_1u=lqBnk_?ui8O1 z62N?L;sETc(GZl?L_Hf{&*8LNExaom>&8#l9Jwpg?8cAFxmeOf{dZ|m>8vYaRY8h% zCV7$oSyFn1>J-qtBa569!hNeonjjWFL#i*}n=`nNE_VS#2>kNeRQqjbAj?of_|S%^ zGEQ@uEG+~L1IY3uQQ_M=%~%hHfWI>*zp&F%&GgZX z33M%hQZap$mt8E*L`}BSv)5LiwbO+my1)@KQ9*?G_T3qg(LZBIeJuq=E5DfDj64#} zrG(?C;@DNje2B^3I3d%$gZHa9{|Lt@xl6t84mC8F6%sj4bA%!;S--CH%@hEtLi4CrTi&`W8Lgnu zd*fw)h50NCtfJdSOK+KSigc?ex6#7WMLV^dsV1xiPAI(snW+;BXwM%B1@Y1-IHJVc z1)>zka>lQwUU}PzGDEhOoCDOHm%p01Y2{YDk}$-C3)ct zUW;a}%%auL)zf@KUF{px(Rx0sMc0P9*EguT^?Y2$SJ9T`No_T|>a^COnX74IG`d>; z*akDFdbV9pY#~xF@`*hD=FgY*r)vyJYxq^E{%<=2(;(A1R~zi&ZE#-=eOG8{{mmAA zItKR&E!XdLBlOt}lv0iUnmAfDLI-_?4^YK`TsEN3hK>^oDB={O1(E@UcmiNT5sa50 zk}E?Ty7olrv_YUVm6b6Bd>u*?zc24(8zh^)M}Ga?fj9U`CzmUe8wqBr$x>Z zA^&wZrQZb;?*dhS7pS_@fuzcw8eLcUJc$kHZ{j{lQFd9{M=(chg>{A&GS1N+EikAx z=u`DW(22h0ZS8OAG3ziV6i(6hf?2-KqPx8in6I0 zbSYL)VVP*I{h8x#hr{je_HK>Q*KqRQBFk;9X_xmJj$)}5{&|j*7@%~4DM{z*gcZdy z#8WEkYJU_e^`Vb0XIZxCP-dS6zdnr0p)Tw1le?ANR%lj?WVN{M2Ds`0?vS32V-1<8%0U7^+BCZL7IaB$IA)oac##QNryZWn-BGx#J zAJ9?^;z!KfP)r6Um@@7RK|m}cyP-a%8S9}Es>^EIP%6$+B~L&~(!i8P`E6%l&f_ms^1=@Kl@noHHqp-%Y0n-5UUNY8+5!QaL7~8^Kr4B* zqKvxl^ed(1-iU&A%Bcjb zUzcc3`p3JOb!$*Af{ej5rm#f4zLa}mTG^89tkciJ`ITvC;kYY0cCCE+*5M6TKKI7! zTU`DWuwQ%mQ&8OP@+S@Y50IufopxLEYgq0Z8P}cW=o+TqX5lvuS6^$agp?!+PN(nS zRIL3PSpben&h_biT>@}8l|tTzh+p;(8TSSQaFL-1!vtW7K^D!>95Ux{f@rG9l0bF5 z)UgKuUuNi7G>Frw2S8kq>(~TYnc_|sG!^QO8Ayl>EB63EpWr-8&@qT*tq>E>a}qvu zbaie^N=7b%@!ghnVu-zTiqlV?$KkZAS=A1QQ@5E>I64YPL5#*2rom`Gpht(Em*q)v zCJ&T#H7b!kSpuku~(XltMZ0T~`pp;{z%r66h{}$>GfJ1)ZQoqEg^e4p;z|3rY1sA8wQ>KmkK3!!rAtoQqP!baUw7)NYyW0!HQta6Cs$G;j@5 zIVq>2HYcKWs&LnJlZ@v3`*)kue1CLj0R#m6 z!AL5=JMsSvh0F^bKK$Yf0S6g6dJ2LdMiGh8&}%}(=thVbxri8T2N9!NK*XpS5hnBA z&nBOM4(}si6z+%np7+b!6ucn|G#?`hMu)rLVE*=qv$l?*N7s3b^1f3QndoNynkjUcRDo)|@)%NCJ-GxsT7XD2jF(_c_)Jwgki$DPxOW;7lvTMRH7dlljSf3zx)GHv^vkG$*(C`0A^SZN`)s4r41axRPa;`=0swtuzZzMNMQHU zO@pK2z`OwbEU=(-BAo>AvIf)QFf4&Jfgkq-|3s$iE%G`Ns^cA#YzD`O<48^@sqW6moJ>)Q1m&;cvgCF(*&m%ul7huv2u6(& z)t5=h1R_P|5IIS(Wh2F0ueIAjYtbeVNTsX_`*H&9<>>^)2qrP6o;SO)Jr&TIKIUK| z#1~AL05g^&wtkmNU)Qrp^C^o^3MnQw2bn!03t72#Ob`>@8-ZnJBTScqjs+OSDAak$ z@?3L=rsj+Qo2`Poj10Y=P&7f*h^b%5WP+swQWlFzlnX0IQf>9zSseVnIQ)H%r;5aT z1N$?`844oE5F6@QqCcfmMLaVGPQc<&Fw4&jP4WaJIK5(u7fjEh$5M(}o^wJmOxPYp zj3f&b2;dInzlT9a7!L|S6rJ~+_SP9mLveYSU6nwA7=!FDSR4eL=%0t*QqJm!=izyH X9-fD1^XLBu009608^4Gd0B8mPmm+2m diff --git a/mastodon/dev-values.yaml b/mastodon/dev-values.yaml new file mode 100644 index 0000000..b3a963e --- /dev/null +++ b/mastodon/dev-values.yaml @@ -0,0 +1,25 @@ +# Chart values used for testing the Helm chart. +# +mastodon: + secrets: + secret_key_base: dummy-secret_key_base + otp_secret: dummy-otp_secret + vapid: + private_key: dummy-vapid-private_key + public_key: dummy-vapid-public_key + +# ref: https://github.com/bitnami/charts/tree/main/bitnami/redis#parameters +redis: + replica: + replicaCount: 1 + +# ref: https://github.com/bitnami/charts/tree/main/bitnami/elasticsearch#parameters +elasticsearch: + master: + replicaCount: 1 + data: + replicaCount: 1 + coordinating: + replicaCount: 1 + ingest: + replicaCount: 1 diff --git a/mastodon/readme.md b/mastodon/readme.md deleted file mode 100644 index 9f7a889..0000000 --- a/mastodon/readme.md +++ /dev/null @@ -1,37 +0,0 @@ -# Introduction - -This is a [Helm](https://helm.sh/) chart for installing Mastodon into a -Kubernetes cluster. The basic usage is: - -1. edit `values.yaml` or create a separate yaml file for custom values -1. `helm dep update` -1. `helm install --namespace mastodon --create-namespace my-mastodon ./ -f path/to/additional/values.yaml` - -This chart has been tested on Helm 3.0.1 and above. - -# Configuration - -The variables that _must_ be configured are: - -- password and keys in the `mastodon.secrets`, `postgresql`, and `redis` groups; if - left blank, some of those values will be autogenerated, but will not persist - across upgrades. - -- SMTP settings for your mailer in the `mastodon.smtp` group. - -# Missing features - -Currently this chart does _not_ support: - -- Hidden services -- Single Sign-On -- Swift -- configurations using `WEB_DOMAIN` - -# Upgrading - -Because database migrations are managed as a Job separate from the Rails and -Sidekiq deployments, it’s possible they will occur in the wrong order. After -upgrading Mastodon versions, it may sometimes be necessary to manually delete -the Rails and Sidekiq pods so that they are recreated against the latest -migration. diff --git a/mastodon/templates/_helpers.tpl b/mastodon/templates/_helpers.tpl index 5814a31..6331a26 100644 --- a/mastodon/templates/_helpers.tpl +++ b/mastodon/templates/_helpers.tpl @@ -51,6 +51,17 @@ app.kubernetes.io/name: {{ include "mastodon.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} +{{/* +Rolling pod annotations +*/}} +{{- define "mastodon.rollingPodAnnotations" -}} +{{- if .Values.revisionPodAnnotation }} +rollme: {{ .Release.Revision | quote }} +{{- end }} +checksum/config-secrets: {{ include ( print $.Template.BasePath "/secrets.yaml" ) . | sha256sum | quote }} +checksum/config-configmap: {{ include ( print $.Template.BasePath "/configmap-env.yaml" ) . | sha256sum | quote }} +{{- end }} + {{/* Create the name of the service account to use */}} @@ -77,3 +88,76 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- define "mastodon.postgresql.fullname" -}} {{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Get the mastodon secret. +*/}} +{{- define "mastodon.secretName" -}} +{{- if .Values.mastodon.secrets.existingSecret }} + {{- printf "%s" (tpl .Values.mastodon.secrets.existingSecret $) -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the smtp secret. +*/}} +{{- define "mastodon.smtp.secretName" -}} +{{- if .Values.mastodon.smtp.existingSecret }} + {{- printf "%s" (tpl .Values.mastodon.smtp.existingSecret $) -}} +{{- else -}} + {{- printf "%s-smtp" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the postgresql secret. +*/}} +{{- define "mastodon.postgresql.secretName" -}} +{{- if (and (or .Values.postgresql.enabled .Values.postgresql.postgresqlHostname) .Values.postgresql.auth.existingSecret) }} + {{- printf "%s" (tpl .Values.postgresql.auth.existingSecret $) -}} +{{- else if .Values.postgresql.enabled -}} + {{- printf "%s-postgresql" (tpl .Release.Name $) -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the redis secret. +*/}} +{{- define "mastodon.redis.secretName" -}} +{{- if .Values.redis.auth.existingSecret }} + {{- printf "%s" (tpl .Values.redis.auth.existingSecret $) -}} +{{- else if .Values.redis.existingSecret }} + {{- printf "%s" (tpl .Values.redis.existingSecret $) -}} +{{- else -}} + {{- printf "%s-redis" (tpl .Release.Name $) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a mastodon secret object should be created +*/}} +{{- define "mastodon.createSecret" -}} +{{- if (or + (and .Values.mastodon.s3.enabled (not .Values.mastodon.s3.existingSecret)) + (not .Values.mastodon.secrets.existingSecret ) + (and (not .Values.postgresql.enabled) (not .Values.postgresql.auth.existingSecret)) + ) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Find highest number of needed database connections to set DB_POOL variable +*/}} +{{- define "mastodon.maxDbPool" -}} +{{/* Default MAX_THREADS for Puma is 5 */}} +{{- $poolSize := 5 }} +{{- range .Values.mastodon.sidekiq.workers }} +{{- $poolSize = max $poolSize .concurrency }} +{{- end }} +{{- $poolSize | quote }} +{{- end }} diff --git a/mastodon/templates/configmap-env.yaml b/mastodon/templates/configmap-env.yaml index 5e06209..265bd41 100644 --- a/mastodon/templates/configmap-env.yaml +++ b/mastodon/templates/configmap-env.yaml @@ -7,82 +7,100 @@ metadata: data: {{- if .Values.postgresql.enabled }} DB_HOST: {{ template "mastodon.postgresql.fullname" . }} + DB_PORT: "5432" {{- else }} DB_HOST: {{ .Values.postgresql.postgresqlHostname }} + DB_PORT: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }} {{- end }} - DB_NAME: {{ .Values.postgresql.postgresqlDatabase }} - DB_POOL: {{ .Values.mastodon.sidekiq.concurrency | quote }} - DB_PORT: "5432" - DB_USER: {{ .Values.postgresql.postgresqlUsername }} + DB_NAME: {{ .Values.postgresql.auth.database }} + DB_POOL: {{ include "mastodon.maxDbPool" . }} + DB_USER: {{ .Values.postgresql.auth.username }} + PREPARED_STATEMENTS: {{ .Values.mastodon.preparedStatements | quote }} DEFAULT_LOCALE: {{ .Values.mastodon.locale }} {{- if .Values.elasticsearch.enabled }} ES_ENABLED: "true" - ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master + ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master-hl ES_PORT: "9200" {{- end }} LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} - {{- if .Values.mastodon.web_domain }} - WEB_DOMAIN: {{ .Values.mastodon.web_domain }} + {{- with .Values.mastodon.web_domain }} + WEB_DOMAIN: {{ . }} + {{- end }} + {{- with .Values.mastodon.singleUserMode }} + SINGLE_USER_MODE: "true" + {{- end }} + {{- with .Values.mastodon.authorizedFetch }} + AUTHORIZED_FETCH: {{ . | quote }} + {{- end }} + {{- with .Values.mastodon.limitedFederationMode }} + LIMITED_FEDERATION_MODE: {{ . | quote }} {{- end }} # https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior MALLOC_ARENA_MAX: "2" NODE_ENV: "production" RAILS_ENV: "production" + {{- if .Values.redis.enabled }} REDIS_HOST: {{ template "mastodon.redis.fullname" . }}-master - REDIS_PORT: "6379" + {{- else }} + REDIS_HOST: {{ required "When the redis chart is disabled .Values.redis.hostname is required" .Values.redis.hostname }} + {{- end }} + REDIS_PORT: {{ .Values.redis.port | default "6379" | quote }} {{- if .Values.mastodon.s3.enabled }} S3_BUCKET: {{ .Values.mastodon.s3.bucket }} S3_ENABLED: "true" S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }} S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }} S3_PROTOCOL: "https" - {{- if .Values.mastodon.s3.region }} - S3_REGION: {{ .Values.mastodon.s3.region }} + {{- if .Values.mastodon.s3.permission }} + S3_PERMISSION: {{ .Values.mastodon.s3.permission }} {{- end }} - {{- if .Values.mastodon.s3.alias_host }} - S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}} + {{- with .Values.mastodon.s3.region }} + S3_REGION: {{ . }} + {{- end }} + {{- with .Values.mastodon.s3.alias_host }} + S3_ALIAS_HOST: {{ . }} {{- end }} {{- end }} - {{- if .Values.mastodon.smtp.auth_method }} - SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }} + {{- with .Values.mastodon.smtp.auth_method }} + SMTP_AUTH_METHOD: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.ca_file }} - SMTP_CA_FILE: {{ .Values.mastodon.smtp.ca_file }} + {{- with .Values.mastodon.smtp.ca_file }} + SMTP_CA_FILE: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.delivery_method }} - SMTP_DELIVERY_METHOD: {{ .Values.mastodon.smtp.delivery_method }} + {{- with .Values.mastodon.smtp.delivery_method }} + SMTP_DELIVERY_METHOD: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.domain }} - SMTP_DOMAIN: {{ .Values.mastodon.smtp.domain }} + {{- with .Values.mastodon.smtp.domain }} + SMTP_DOMAIN: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.enable_starttls_auto }} - SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.mastodon.smtp.enable_starttls_auto | quote }} + {{- with .Values.mastodon.smtp.enable_starttls }} + SMTP_ENABLE_STARTTLS: {{ . | quote }} {{- end }} - {{- if .Values.mastodon.smtp.from_address }} - SMTP_FROM_ADDRESS: {{ .Values.mastodon.smtp.from_address }} + {{- with .Values.mastodon.smtp.enable_starttls_auto }} + SMTP_ENABLE_STARTTLS_AUTO: {{ . | quote }} {{- end }} - {{- if .Values.mastodon.smtp.login }} - SMTP_LOGIN: {{ .Values.mastodon.smtp.login }} + {{- with .Values.mastodon.smtp.from_address }} + SMTP_FROM_ADDRESS: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.openssl_verify_mode }} - SMTP_OPENSSL_VERIFY_MODE: {{ .Values.mastodon.smtp.openssl_verify_mode }} + {{- with .Values.mastodon.smtp.openssl_verify_mode }} + SMTP_OPENSSL_VERIFY_MODE: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.password }} - SMTP_PASSWORD: {{ .Values.mastodon.smtp.password }} + {{- with .Values.mastodon.smtp.port }} + SMTP_PORT: {{ . | quote }} {{- end }} - {{- if .Values.mastodon.smtp.port }} - SMTP_PORT: {{ .Values.mastodon.smtp.port | quote }} + {{- with .Values.mastodon.smtp.reply_to }} + SMTP_REPLY_TO: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.reply_to }} - SMTP_REPLY_TO: {{ .Values.mastodon.smtp.reply_to }} + {{- with .Values.mastodon.smtp.server }} + SMTP_SERVER: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.server }} - SMTP_SERVER: {{ .Values.mastodon.smtp.server }} - {{- end }} - {{- if .Values.mastodon.smtp.tls }} - SMTP_TLS: {{ .Values.mastodon.smtp.tls | quote }} + {{- with .Values.mastodon.smtp.tls }} + SMTP_TLS: {{ . | quote }} {{- end }} STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }} + {{- with .Values.mastodon.streaming.base_url }} + STREAMING_API_BASE_URL: {{ . | quote }} + {{- end }} {{- if .Values.externalAuth.oidc.enabled }} OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }} OIDC_DISPLAY_NAME: {{ .Values.externalAuth.oidc.display_name }} @@ -94,53 +112,53 @@ data: OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }} OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }} OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }} - {{- if .Values.externalAuth.oidc.client_auth_method }} - OIDC_CLIENT_AUTH_METHOD: {{ .Values.externalAuth.oidc.client_auth_method }} + {{- with .Values.externalAuth.oidc.client_auth_method }} + OIDC_CLIENT_AUTH_METHOD: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.response_type }} - OIDC_RESPONSE_TYPE: {{ .Values.externalAuth.oidc.response_type }} + {{- with .Values.externalAuth.oidc.response_type }} + OIDC_RESPONSE_TYPE: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.response_mode }} - OIDC_RESPONSE_MODE: {{ .Values.externalAuth.oidc.response_mode }} + {{- with .Values.externalAuth.oidc.response_mode }} + OIDC_RESPONSE_MODE: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.display }} - OIDC_DISPLAY: {{ .Values.externalAuth.oidc.display }} + {{- with .Values.externalAuth.oidc.display }} + OIDC_DISPLAY: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.prompt }} - OIDC_PROMPT: {{ .Values.externalAuth.oidc.prompt }} + {{- with .Values.externalAuth.oidc.prompt }} + OIDC_PROMPT: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.send_nonce }} - OIDC_SEND_NONCE: {{ .Values.externalAuth.oidc.send_nonce }} + {{- with .Values.externalAuth.oidc.send_nonce }} + OIDC_SEND_NONCE: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.send_scope_to_token_endpoint }} - OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.send_scope_to_token_endpoint | quote }} + {{- with .Values.externalAuth.oidc.send_scope_to_token_endpoint }} + OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.oidc.idp_logout_redirect_uri }} - OIDC_IDP_LOGOUT_REDIRECT_URI: {{ .Values.externalAuth.oidc.idp_logout_redirect_uri }} + {{- with .Values.externalAuth.oidc.idp_logout_redirect_uri }} + OIDC_IDP_LOGOUT_REDIRECT_URI: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.http_scheme }} - OIDC_HTTP_SCHEME: {{ .Values.externalAuth.oidc.http_scheme }} + {{- with .Values.externalAuth.oidc.http_scheme }} + OIDC_HTTP_SCHEME: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.host }} - OIDC_HOST: {{ .Values.externalAuth.oidc.host }} + {{- with .Values.externalAuth.oidc.host }} + OIDC_HOST: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.port }} - OIDC_PORT: {{ .Values.externalAuth.oidc.port }} + {{- with .Values.externalAuth.oidc.port }} + OIDC_PORT: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.jwks_uri }} - OIDC_JWKS_URI: {{ .Values.externalAuth.oidc.jwks_uri }} + {{- with .Values.externalAuth.oidc.jwks_uri }} + OIDC_JWKS_URI: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.auth_endpoint }} - OIDC_AUTH_ENDPOINT: {{ .Values.externalAuth.oidc.auth_endpoint }} + {{- with .Values.externalAuth.oidc.auth_endpoint }} + OIDC_AUTH_ENDPOINT: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.token_endpoint }} - OIDC_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.token_endpoint }} + {{- with .Values.externalAuth.oidc.token_endpoint }} + OIDC_TOKEN_ENDPOINT: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.user_info_endpoint }} - OIDC_USER_INFO_ENDPOINT: {{ .Values.externalAuth.oidc.user_info_endpoint }} + {{- with .Values.externalAuth.oidc.user_info_endpoint }} + OIDC_USER_INFO_ENDPOINT: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.end_session_endpoint }} - OIDC_END_SESSION_ENDPOINT: {{ .Values.externalAuth.oidc.end_session_endpoint }} + {{- with .Values.externalAuth.oidc.end_session_endpoint }} + OIDC_END_SESSION_ENDPOINT: {{ . }} {{- end }} {{- end }} {{- if .Values.externalAuth.saml.enabled }} @@ -149,54 +167,54 @@ data: SAML_ISSUER: {{ .Values.externalAuth.saml.issuer }} SAML_IDP_SSO_TARGET_URL: {{ .Values.externalAuth.saml.idp_sso_target_url }} SAML_IDP_CERT: {{ .Values.externalAuth.saml.idp_cert | quote }} - {{- if .Values.externalAuth.saml.idp_cert_fingerprint }} - SAML_IDP_CERT_FINGERPRINT: {{ .Values.externalAuth.saml.idp_cert_fingerprint | quote }} + {{- with .Values.externalAuth.saml.idp_cert_fingerprint }} + SAML_IDP_CERT_FINGERPRINT: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.name_identifier_format }} - SAML_NAME_IDENTIFIER_FORMAT: {{ .Values.externalAuth.saml.name_identifier_format }} + {{- with .Values.externalAuth.saml.name_identifier_format }} + SAML_NAME_IDENTIFIER_FORMAT: {{ . }} {{- end }} - {{- if .Values.externalAuth.saml.cert }} - SAML_CERT: {{ .Values.externalAuth.saml.cert | quote }} + {{- with .Values.externalAuth.saml.cert }} + SAML_CERT: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.private_key }} - SAML_PRIVATE_KEY: {{ .Values.externalAuth.saml.private_key | quote }} + {{- with .Values.externalAuth.saml.private_key }} + SAML_PRIVATE_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.want_assertion_signed }} - SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ .Values.externalAuth.saml.want_assertion_signed | quote }} + {{- with .Values.externalAuth.saml.want_assertion_signed }} + SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.want_assertion_encrypted }} - SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ .Values.externalAuth.saml.want_assertion_encrypted | quote }} + {{- with .Values.externalAuth.saml.want_assertion_encrypted }} + SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.assume_email_is_verified }} - SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.saml.assume_email_is_verified | quote }} + {{- with .Values.externalAuth.saml.assume_email_is_verified }} + SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.uid_attribute }} - SAML_UID_ATTRIBUTE: {{ .Values.externalAuth.saml.uid_attribute }} + {{- with .Values.externalAuth.saml.uid_attribute }} + SAML_UID_ATTRIBUTE: {{ . }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.uid }} - SAML_ATTRIBUTES_STATEMENTS_UID: {{ .Values.externalAuth.saml.attributes_statements.uid | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.uid }} + SAML_ATTRIBUTES_STATEMENTS_UID: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.email }} - SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.email | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.email }} + SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.full_name }} - SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ .Values.externalAuth.saml.attributes_statements.full_name | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.full_name }} + SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.first_name }} - SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ .Values.externalAuth.saml.attributes_statements.first_name | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.first_name }} + SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.last_name }} - SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ .Values.externalAuth.saml.attributes_statements.last_name | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.last_name }} + SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.verified }} - SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ .Values.externalAuth.saml.attributes_statements.verified | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.verified }} + SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.verified_email }} - SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.verified_email | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.verified_email }} + SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ . | quote }} {{- end }} {{- end }} - {{- if .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in }} - OAUTH_REDIRECT_AT_SIGN_IN: {{ .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in | quote }} + {{- with .Values.externalAuth.oauth_global.omniauth_only }} + OMNIAUTH_ONLY: {{ . | quote }} {{- end }} {{- if .Values.externalAuth.cas.enabled }} CAS_ENABLED: {{ .Values.externalAuth.cas.enabled | quote }} @@ -204,100 +222,106 @@ data: CAS_HOST: {{ .Values.externalAuth.cas.host }} CAS_PORT: {{ .Values.externalAuth.cas.port }} CAS_SSL: {{ .Values.externalAuth.cas.ssl | quote }} - {{- if .Values.externalAuth.cas.validate_url }} - CAS_VALIDATE_URL: {{ .Values.externalAuth.cas.validate_url }} + {{- with .Values.externalAuth.cas.validate_url }} + CAS_VALIDATE_URL: {{ . }} {{- end }} - {{- if .Values.externalAuth.cas.callback_url }} - CAS_CALLBACK_URL: {{ .Values.externalAuth.cas.callback_url }} + {{- with .Values.externalAuth.cas.callback_url }} + CAS_CALLBACK_URL: {{ . }} {{- end }} - {{- if .Values.externalAuth.cas.logout_url }} - CAS_LOGOUT_URL: {{ .Values.externalAuth.cas.logout_url }} + {{- with .Values.externalAuth.cas.logout_url }} + CAS_LOGOUT_URL: {{ . }} {{- end }} - {{- if .Values.externalAuth.cas.login_url }} - CAS_LOGIN_URL: {{ .Values.externalAuth.cas.login_url }} + {{- with .Values.externalAuth.cas.login_url }} + CAS_LOGIN_URL: {{ . }} {{- end }} - {{- if .Values.externalAuth.cas.uid_field }} - CAS_UID_FIELD: {{ .Values.externalAuth.cas.uid_field | quote }} + {{- with .Values.externalAuth.cas.uid_field }} + CAS_UID_FIELD: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.ca_path }} - CAS_CA_PATH: {{ .Values.externalAuth.cas.ca_path }} + {{- with .Values.externalAuth.cas.ca_path }} + CAS_CA_PATH: {{ . }} {{- end }} - {{- if .Values.externalAuth.cas.disable_ssl_verification }} - CAS_DISABLE_SSL_VERIFICATION: {{ .Values.externalAuth.cas.disable_ssl_verification | quote }} + {{- with .Values.externalAuth.cas.disable_ssl_verification }} + CAS_DISABLE_SSL_VERIFICATION: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.assume_email_is_verified }} - CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.cas.assume_email_is_verified | quote }} + {{- with .Values.externalAuth.cas.assume_email_is_verified }} + CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.uid }} - CAS_UID_KEY: {{ .Values.externalAuth.cas.keys.uid | quote }} + {{- with .Values.externalAuth.cas.keys.uid }} + CAS_UID_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.name }} - CAS_NAME_KEY: {{ .Values.externalAuth.cas.keys.name | quote }} + {{- with .Values.externalAuth.cas.keys.name }} + CAS_NAME_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.email }} - CAS_EMAIL_KEY: {{ .Values.externalAuth.cas.keys.email | quote }} + {{- with .Values.externalAuth.cas.keys.email }} + CAS_EMAIL_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.nickname }} - CAS_NICKNAME_KEY: {{ .Values.externalAuth.cas.keys.nickname | quote }} + {{- with .Values.externalAuth.cas.keys.nickname }} + CAS_NICKNAME_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.first_name }} - CAS_FIRST_NAME_KEY: {{ .Values.externalAuth.cas.keys.first_name | quote }} + {{- with .Values.externalAuth.cas.keys.first_name }} + CAS_FIRST_NAME_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.last_name }} - CAS_LAST_NAME_KEY: {{ .Values.externalAuth.cas.keys.last_name | quote }} + {{- with .Values.externalAuth.cas.keys.last_name }} + CAS_LAST_NAME_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.location }} - CAS_LOCATION_KEY: {{ .Values.externalAuth.cas.keys.location | quote }} + {{- with .Values.externalAuth.cas.keys.location }} + CAS_LOCATION_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.image }} - CAS_IMAGE_KEY: {{ .Values.externalAuth.cas.keys.image | quote }} + {{- with .Values.externalAuth.cas.keys.image }} + CAS_IMAGE_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.phone }} - CAS_PHONE_KEY: {{ .Values.externalAuth.cas.keys.phone | quote }} + {{- with .Values.externalAuth.cas.keys.phone }} + CAS_PHONE_KEY: {{ . | quote }} {{- end }} {{- end }} - {{- if .Values.externalAuth.pam.enabled }} - PAM_ENABLED: {{ .Values.externalAuth.pam.enabled | quote }} - {{- if .Values.externalAuth.pam.email_domain }} - PAM_EMAIL_DOMAIN: {{ .Values.externalAuth.pam.email_domain }} + {{- with .Values.externalAuth.pam.enabled }} + PAM_ENABLED: {{ . | quote }} + {{- with .Values.externalAuth.pam.email_domain }} + PAM_EMAIL_DOMAIN: {{ . }} {{- end }} - {{- if .Values.externalAuth.pam.default_service }} - PAM_DEFAULT_SERVICE: {{ .Values.externalAuth.pam.default_service }} + {{- with .Values.externalAuth.pam.default_service }} + PAM_DEFAULT_SERVICE: {{ . }} {{- end }} - {{- if .Values.externalAuth.pam.controlled_service }} - PAM_CONTROLLED_SERVICE: {{ .Values.externalAuth.pam.controlled_service }} + {{- with .Values.externalAuth.pam.controlled_service }} + PAM_CONTROLLED_SERVICE: {{ . }} {{- end }} {{- end }} {{- if .Values.externalAuth.ldap.enabled }} LDAP_ENABLED: {{ .Values.externalAuth.ldap.enabled | quote }} LDAP_HOST: {{ .Values.externalAuth.ldap.host }} - LDAP_PORT: {{ .Values.externalAuth.ldap.port }} + LDAP_PORT: {{ .Values.externalAuth.ldap.port | quote }} LDAP_METHOD: {{ .Values.externalAuth.ldap.method }} + {{- if .Values.externalAuth.ldap.tls_no_verify }} + LDAP_TLS_NO_VERIFY: {{ .Values.externalAuth.ldap.tls_no_verify | quote }} + {{- end }} {{- if .Values.externalAuth.ldap.base }} LDAP_BASE: {{ .Values.externalAuth.ldap.base }} {{- end }} - {{- if .Values.externalAuth.ldap.bind_on }} - LDAP_BIND_ON: {{ .Values.externalAuth.ldap.bind_on }} + {{- if .Values.externalAuth.ldap.bind_dn }} + LDAP_BIND_DN: {{ .Values.externalAuth.ldap.bind_dn }} {{- end }} - {{- if .Values.externalAuth.ldap.password }} - LDAP_PASSWORD: {{ .Values.externalAuth.ldap.password }} + {{- with .Values.externalAuth.ldap.password }} + LDAP_PASSWORD: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.uid }} - LDAP_UID: {{ .Values.externalAuth.ldap.uid }} + {{- with .Values.externalAuth.ldap.uid }} + LDAP_UID: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.mail }} - LDAP_MAIL: {{ .Values.externalAuth.ldap.mail }} + {{- with .Values.externalAuth.ldap.mail }} + LDAP_MAIL: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.search_filter }} - LDAP_SEARCH_FILTER: {{ .Values.externalAuth.ldap.search_filter }} + {{- with .Values.externalAuth.ldap.search_filter }} + LDAP_SEARCH_FILTER: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.uid_conversion.enabled }} - LDAP_UID_CONVERSION_ENABLED: {{ .Values.externalAuth.ldap.uid_conversion.enabled | quote }} + {{- with .Values.externalAuth.ldap.uid_conversion.enabled }} + LDAP_UID_CONVERSION_ENABLED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.ldap.uid_conversion.search }} - LDAP_UID_CONVERSION_SEARCH: {{ .Values.externalAuth.ldap.uid_conversion.search }} + {{- with .Values.externalAuth.ldap.uid_conversion.search }} + LDAP_UID_CONVERSION_SEARCH: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.uid_conversion.replace }} - LDAP_UID_CONVERSION_REPLACE: {{ .Values.externalAuth.ldap.uid_conversion.replace }} + {{- with .Values.externalAuth.ldap.uid_conversion.replace }} + LDAP_UID_CONVERSION_REPLACE: {{ . }} + {{- end }} + {{- end }} + {{- with .Values.mastodon.metrics.statsd.address }} + STATSD_ADDR: {{ . }} {{- end }} - {{- end }} \ No newline at end of file diff --git a/mastodon/templates/cronjob-media-remove.yaml b/mastodon/templates/cronjob-media-remove.yaml index 3d6e25c..d70afeb 100644 --- a/mastodon/templates/cronjob-media-remove.yaml +++ b/mastodon/templates/cronjob-media-remove.yaml @@ -1,5 +1,5 @@ -{{ if .Values.mastodon.cron.removeMedia.enabled }} -apiVersion: batch/v1beta1 +{{ if .Values.mastodon.cron.removeMedia.enabled -}} +apiVersion: batch/v1 kind: CronJob metadata: name: {{ include "mastodon.fullname" . }}-media-remove @@ -12,6 +12,10 @@ spec: template: metadata: name: {{ include "mastodon.fullname" . }}-media-remove + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 12 }} + {{- end }} spec: restartPolicy: OnFailure {{- if (not .Values.mastodon.s3.enabled) }} @@ -21,13 +25,13 @@ spec: affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: component - operator: In - values: - - rails - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - rails + topologyKey: kubernetes.io/hostname {{- end }} volumes: - name: assets @@ -49,24 +53,32 @@ spec: - configMapRef: name: {{ include "mastodon.fullname" . }}-env - secretRef: - name: {{ template "mastodon.fullname" . }} + name: {{ template "mastodon.secretName" . }} env: - name: "DB_PASS" valueFrom: secretKeyRef: - {{- if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - {{- else }} - name: {{ template "mastodon.fullname" . }} - {{- end }} - key: postgresql-password + name: {{ template "mastodon.postgresql.secretName" . }} + key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Release.Name }}-redis + name: {{ template "mastodon.redis.secretName" . }} key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} + {{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }} + - name: "AWS_SECRET_ACCESS_KEY" + valueFrom: + secretKeyRef: + name: {{ .Values.mastodon.s3.existingSecret }} + key: AWS_SECRET_ACCESS_KEY + - name: "AWS_ACCESS_KEY_ID" + valueFrom: + secretKeyRef: + name: {{ .Values.mastodon.s3.existingSecret }} + key: AWS_ACCESS_KEY_ID + {{- end }} {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets diff --git a/mastodon/templates/deployment-sidekiq.yaml b/mastodon/templates/deployment-sidekiq.yaml index baf6c2b..8a0e9e8 100644 --- a/mastodon/templates/deployment-sidekiq.yaml +++ b/mastodon/templates/deployment-sidekiq.yaml @@ -1,92 +1,120 @@ +{{- $context := . }} +{{- range .Values.mastodon.sidekiq.workers }} +--- apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "mastodon.fullname" . }}-sidekiq + name: {{ include "mastodon.fullname" $context }}-sidekiq-{{ .name }} labels: - {{- include "mastodon.labels" . | nindent 4 }} + {{- include "mastodon.labels" $context | nindent 4 }} + app.kubernetes.io/component: sidekiq-{{ .name }} + app.kubernetes.io/part-of: rails spec: -{{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} -{{- end }} + {{- if (has "scheduler" .queues) }} + {{- if (gt (int .replicas) 1) }} + {{ fail "The scheduler queue should never have more than 1 replicas" }} + {{- end }} + strategy: + type: Recreate + {{- end }} + replicas: {{ .replicas }} selector: matchLabels: - {{- include "mastodon.selectorLabels" . | nindent 6 }} - component: rails + {{- include "mastodon.selectorLabels" $context | nindent 6 }} + app.kubernetes.io/component: sidekiq-{{ .name }} + app.kubernetes.io/part-of: rails template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with $context.Values.podAnnotations }} {{- toYaml . | nindent 8 }} - # roll the pods to pick up any db migrations - rollme: {{ randAlphaNum 5 | quote }} - {{- end }} + {{- end }} + # roll the pods to pick up any db migrations or other changes + {{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }} + checksum/config-secrets: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }} labels: - {{- include "mastodon.selectorLabels" . | nindent 8 }} - component: rails + {{- include "mastodon.selectorLabels" $context | nindent 8 }} + app.kubernetes.io/component: sidekiq-{{ .name }} + app.kubernetes.io/part-of: rails spec: - {{- with .Values.imagePullSecrets }} + {{- with $context.Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "mastodon.serviceAccountName" . }} + serviceAccountName: {{ include "mastodon.serviceAccountName" $context }} + {{- with (default $context.Values.podSecurityContext $context.Values.mastodon.sidekiq.podSecurityContext) }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - {{- if (not .Values.mastodon.s3.enabled) }} - # ensure we run on the same node as the other rails components; only - # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: component - operator: In - values: - - rails - topologyKey: kubernetes.io/hostname + {{- toYaml . | nindent 8 }} {{- end }} + {{- with (default (default $context.Values.affinity $context.Values.mastodon.sidekiq.affinity) .affinity) }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if (not $context.Values.mastodon.s3.enabled) }} volumes: - name: assets persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-assets + claimName: {{ template "mastodon.fullname" $context }}-assets - name: system persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-system + claimName: {{ template "mastodon.fullname" $context }}-system {{- end }} containers: - - name: {{ .Chart.Name }} + - name: {{ $context.Chart.Name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- toYaml $context.Values.mastodon.sidekiq.securityContext | nindent 12 }} + image: "{{ $context.Values.image.repository }}:{{ $context.Values.image.tag | default $context.Chart.AppVersion }}" + imagePullPolicy: {{ $context.Values.image.pullPolicy }} command: - bundle - exec - sidekiq - -c - - {{ .Values.mastodon.sidekiq.concurrency | quote }} + - {{ .concurrency | quote }} + {{- range .queues }} + - -q + - {{ . | quote }} + {{- end }} envFrom: - configMapRef: - name: {{ include "mastodon.fullname" . }}-env + name: {{ include "mastodon.fullname" $context }}-env - secretRef: - name: {{ template "mastodon.fullname" . }} + name: {{ template "mastodon.secretName" $context }} env: - name: "DB_PASS" valueFrom: secretKeyRef: - {{- if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - {{- else }} - name: {{ template "mastodon.fullname" . }} - {{- end }} - key: postgresql-password + name: {{ template "mastodon.postgresql.secretName" $context }} + key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Release.Name }}-redis + name: {{ template "mastodon.redis.secretName" $context }} key: redis-password - {{- if (not .Values.mastodon.s3.enabled) }} + - name: "SMTP_LOGIN" + valueFrom: + secretKeyRef: + name: {{ include "mastodon.smtp.secretName" $context }} + key: login + optional: true + - name: "SMTP_PASSWORD" + valueFrom: + secretKeyRef: + name: {{ include "mastodon.smtp.secretName" $context }} + key: password + {{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }} + - name: "AWS_SECRET_ACCESS_KEY" + valueFrom: + secretKeyRef: + name: {{ $context.Values.mastodon.s3.existingSecret }} + key: AWS_SECRET_ACCESS_KEY + - name: "AWS_ACCESS_KEY_ID" + valueFrom: + secretKeyRef: + name: {{ $context.Values.mastodon.s3.existingSecret }} + key: AWS_ACCESS_KEY_ID + {{- end }} + {{- if (not $context.Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets @@ -94,12 +122,13 @@ spec: mountPath: /opt/mastodon/public/system {{- end }} resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} + {{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }} + {{- with $context.Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with $context.Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end }} diff --git a/mastodon/templates/deployment-streaming.yaml b/mastodon/templates/deployment-streaming.yaml index b332b68..dd80404 100644 --- a/mastodon/templates/deployment-streaming.yaml +++ b/mastodon/templates/deployment-streaming.yaml @@ -5,32 +5,38 @@ metadata: labels: {{- include "mastodon.labels" . | nindent 4 }} spec: -{{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} -{{- end }} + replicas: {{ .Values.mastodon.streaming.replicas }} selector: matchLabels: {{- include "mastodon.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: streaming template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with (default .Values.podAnnotations .Values.mastodon.streaming.podAnnotations) }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} + # roll the pods to pick up any db migrations or other changes + {{- include "mastodon.rollingPodAnnotations" . | nindent 8 }} labels: {{- include "mastodon.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: streaming spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "mastodon.serviceAccountName" . }} + {{- with (default .Values.podSecurityContext .Values.mastodon.streaming.podSecurityContext) }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - - name: {{ .Chart.Name }} + - name: {{ .Chart.Name }}-streaming + {{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml . | nindent 12 }} + {{- end }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: @@ -43,16 +49,12 @@ spec: - name: "DB_PASS" valueFrom: secretKeyRef: - {{- if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - {{- else }} - name: {{ template "mastodon.fullname" . }} - {{- end }} - key: postgresql-password + name: {{ template "mastodon.postgresql.secretName" . }} + key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Release.Name }}-redis + name: {{ template "mastodon.redis.secretName" . }} key: redis-password - name: "PORT" value: {{ .Values.mastodon.streaming.port | quote }} @@ -68,13 +70,15 @@ spec: httpGet: path: /api/v1/streaming/health port: streaming + {{- with (default .Values.resources .Values.mastodon.streaming.resources) }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with (default .Values.affinity .Values.mastodon.streaming.affinity) }} affinity: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/mastodon/templates/deployment-web.yaml b/mastodon/templates/deployment-web.yaml index 8b8bb4f..30308e2 100644 --- a/mastodon/templates/deployment-web.yaml +++ b/mastodon/templates/deployment-web.yaml @@ -5,32 +5,34 @@ metadata: labels: {{- include "mastodon.labels" . | nindent 4 }} spec: -{{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} -{{- end }} + replicas: {{ .Values.mastodon.web.replicas }} selector: matchLabels: {{- include "mastodon.selectorLabels" . | nindent 6 }} - component: rails + app.kubernetes.io/component: web + app.kubernetes.io/part-of: rails template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with (default .Values.podAnnotations .Values.mastodon.web.podAnnotations) }} {{- toYaml . | nindent 8 }} - # roll the pods to pick up any db migrations - rollme: {{ randAlphaNum 5 | quote }} - {{- end }} + {{- end }} + # roll the pods to pick up any db migrations or other changes + {{- include "mastodon.rollingPodAnnotations" . | nindent 8 }} labels: {{- include "mastodon.selectorLabels" . | nindent 8 }} - component: rails + app.kubernetes.io/component: web + app.kubernetes.io/part-of: rails spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "mastodon.serviceAccountName" . }} + {{- with (default .Values.podSecurityContext .Values.mastodon.web.podSecurityContext) }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- if (not .Values.mastodon.s3.enabled) }} volumes: - name: assets @@ -41,9 +43,11 @@ spec: claimName: {{ template "mastodon.fullname" . }}-system {{- end }} containers: - - name: {{ .Chart.Name }} + - name: {{ .Chart.Name }}-web + {{- with (default .Values.securityContext .Values.mastodon.web.securityContext) }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml . | nindent 12 }} + {{- end }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: @@ -56,24 +60,48 @@ spec: - configMapRef: name: {{ include "mastodon.fullname" . }}-env - secretRef: - name: {{ template "mastodon.fullname" . }} + name: {{ template "mastodon.secretName" . }} env: - name: "DB_PASS" valueFrom: secretKeyRef: - {{- if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - {{- else }} - name: {{ template "mastodon.fullname" . }} - {{- end }} - key: postgresql-password + name: {{ template "mastodon.postgresql.secretName" . }} + key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Release.Name }}-redis + name: {{ template "mastodon.redis.secretName" . }} key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} + {{- if .Values.mastodon.web.minThreads }} + - name: "MIN_THREADS" + value: {{ .Values.mastodon.web.minThreads | quote }} + {{- end }} + {{- if .Values.mastodon.web.maxThreads }} + - name: "MAX_THREADS" + value: {{ .Values.mastodon.web.maxThreads | quote }} + {{- end }} + {{- if .Values.mastodon.web.workers }} + - name: "WEB_CONCURRENCY" + value: {{ .Values.mastodon.web.workers | quote }} + {{- end }} + {{- if .Values.mastodon.web.persistentTimeout }} + - name: "PERSISTENT_TIMEOUT" + value: {{ .Values.mastodon.web.persistentTimeout | quote }} + {{- end }} + {{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }} + - name: "AWS_SECRET_ACCESS_KEY" + valueFrom: + secretKeyRef: + name: {{ .Values.mastodon.s3.existingSecret }} + key: AWS_SECRET_ACCESS_KEY + - name: "AWS_ACCESS_KEY_ID" + valueFrom: + secretKeyRef: + name: {{ .Values.mastodon.s3.existingSecret }} + key: AWS_ACCESS_KEY_ID + {{- end }} {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets @@ -86,20 +114,27 @@ spec: containerPort: {{ .Values.mastodon.web.port }} protocol: TCP livenessProbe: - httpGet: - path: /health + tcpSocket: port: http readinessProbe: httpGet: path: /health port: http + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 30 + periodSeconds: 5 + {{- with (default .Values.resources .Values.mastodon.web.resources) }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with (default .Values.affinity .Values.mastodon.web.affinity) }} affinity: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/mastodon/templates/hpa.yaml b/mastodon/templates/hpa.yaml deleted file mode 100644 index 3f9aa8a..0000000 --- a/mastodon/templates/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "mastodon.fullname" . }} - labels: - {{- include "mastodon.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "mastodon.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/mastodon/templates/ingress.yaml b/mastodon/templates/ingress.yaml index 2c18ae9..5a3409a 100644 --- a/mastodon/templates/ingress.yaml +++ b/mastodon/templates/ingress.yaml @@ -2,12 +2,7 @@ {{- $fullName := include "mastodon.fullname" . -}} {{- $webPort := .Values.mastodon.web.port -}} {{- $streamingPort := .Values.mastodon.streaming.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) -}} apiVersion: networking.k8s.io/v1 {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1beta1 @@ -24,8 +19,8 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} {{- end }} {{- if .Values.ingress.tls }} tls: @@ -44,11 +39,8 @@ spec: paths: {{- range .paths }} - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} service: name: {{ $fullName }}-web port: @@ -57,12 +49,12 @@ spec: serviceName: {{ $fullName }}-web servicePort: {{ $webPort }} {{- end }} - - path: {{ .path }}api/v1/streaming - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} + {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} + pathType: Prefix {{- end }} + - path: {{ .path }}api/v1/streaming backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} service: name: {{ $fullName }}-streaming port: @@ -71,6 +63,9 @@ spec: serviceName: {{ $fullName }}-streaming servicePort: {{ $streamingPort }} {{- end }} + {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} + pathType: Prefix + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/mastodon/templates/job-assets-precompile.yaml b/mastodon/templates/job-assets-precompile.yaml index 825a7e9..bc5ff7b 100644 --- a/mastodon/templates/job-assets-precompile.yaml +++ b/mastodon/templates/job-assets-precompile.yaml @@ -12,6 +12,10 @@ spec: template: metadata: name: {{ include "mastodon.fullname" . }}-assets-precompile + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: restartPolicy: Never {{- if (not .Values.mastodon.s3.enabled) }} @@ -21,13 +25,13 @@ spec: affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: component - operator: In - values: - - rails - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - rails + topologyKey: kubernetes.io/hostname {{- end }} volumes: - name: assets @@ -50,21 +54,17 @@ spec: - configMapRef: name: {{ include "mastodon.fullname" . }}-env - secretRef: - name: {{ template "mastodon.fullname" . }} + name: {{ template "mastodon.secretName" . }} env: - name: "DB_PASS" valueFrom: secretKeyRef: - {{- if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - {{- else }} - name: {{ template "mastodon.fullname" . }} - {{- end }} - key: postgresql-password + name: {{ template "mastodon.postgresql.secretName" . }} + key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Release.Name }}-redis + name: {{ template "mastodon.redis.secretName" . }} key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} diff --git a/mastodon/templates/job-chewy-upgrade.yaml b/mastodon/templates/job-chewy-upgrade.yaml index cc68a33..f86a4e3 100644 --- a/mastodon/templates/job-chewy-upgrade.yaml +++ b/mastodon/templates/job-chewy-upgrade.yaml @@ -1,4 +1,4 @@ -{{- if .Values.elasticsearch.enabled }} +{{- if .Values.elasticsearch.enabled -}} apiVersion: batch/v1 kind: Job metadata: @@ -13,6 +13,10 @@ spec: template: metadata: name: {{ include "mastodon.fullname" . }}-chewy-upgrade + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: restartPolicy: Never {{- if (not .Values.mastodon.s3.enabled) }} @@ -22,13 +26,13 @@ spec: affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: component - operator: In - values: - - rails - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - rails + topologyKey: kubernetes.io/hostname {{- end }} volumes: - name: assets @@ -51,21 +55,17 @@ spec: - configMapRef: name: {{ include "mastodon.fullname" . }}-env - secretRef: - name: {{ template "mastodon.fullname" . }} + name: {{ template "mastodon.secretName" . }} env: - name: "DB_PASS" valueFrom: secretKeyRef: - {{- if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - {{- else }} - name: {{ template "mastodon.fullname" . }} - {{- end }} - key: postgresql-password + name: {{ template "mastodon.postgresql.secretName" . }} + key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Release.Name }}-redis + name: {{ template "mastodon.redis.secretName" . }} key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} diff --git a/mastodon/templates/job-create-admin.yaml b/mastodon/templates/job-create-admin.yaml index ffb8bb0..3d137f5 100644 --- a/mastodon/templates/job-create-admin.yaml +++ b/mastodon/templates/job-create-admin.yaml @@ -1,4 +1,4 @@ -{{- if .Values.mastodon.createAdmin.enabled }} +{{- if .Values.mastodon.createAdmin.enabled -}} apiVersion: batch/v1 kind: Job metadata: @@ -13,6 +13,10 @@ spec: template: metadata: name: {{ include "mastodon.fullname" . }}-create-admin + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: restartPolicy: Never {{- if (not .Values.mastodon.s3.enabled) }} @@ -24,7 +28,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - - key: component + - key: app.kubernetes.io/part-of operator: In values: - rails @@ -51,26 +55,22 @@ spec: - {{ .Values.mastodon.createAdmin.email }} - --confirmed - --role - - admin + - Owner envFrom: - configMapRef: name: {{ include "mastodon.fullname" . }}-env - secretRef: - name: {{ template "mastodon.fullname" . }} + name: {{ template "mastodon.secretName" . }} env: - name: "DB_PASS" valueFrom: secretKeyRef: - {{- if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - {{- else }} - name: {{ template "mastodon.fullname" . }} - {{- end }} - key: postgresql-password + name: {{ template "mastodon.postgresql.secretName" . }} + key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Release.Name }}-redis + name: {{ template "mastodon.redis.secretName" . }} key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} diff --git a/mastodon/templates/job-db-migrate.yaml b/mastodon/templates/job-db-migrate.yaml index 72f910e..41324fb 100644 --- a/mastodon/templates/job-db-migrate.yaml +++ b/mastodon/templates/job-db-migrate.yaml @@ -12,6 +12,10 @@ spec: template: metadata: name: {{ include "mastodon.fullname" . }}-db-migrate + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: restartPolicy: Never {{- if (not .Values.mastodon.s3.enabled) }} @@ -21,13 +25,13 @@ spec: affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: component - operator: In - values: - - rails - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - rails + topologyKey: kubernetes.io/hostname {{- end }} volumes: - name: assets @@ -50,21 +54,17 @@ spec: - configMapRef: name: {{ include "mastodon.fullname" . }}-env - secretRef: - name: {{ template "mastodon.fullname" . }} + name: {{ template "mastodon.secretName" . }} env: - name: "DB_PASS" valueFrom: secretKeyRef: - {{- if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - {{- else }} - name: {{ template "mastodon.fullname" . }} - {{- end }} - key: postgresql-password + name: {{ template "mastodon.postgresql.secretName" . }} + key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Release.Name }}-redis + name: {{ template "mastodon.redis.secretName" . }} key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} diff --git a/mastodon/templates/job-set-admin-password.yaml b/mastodon/templates/job-set-admin-password.yaml index 1ff4246..75fe0ea 100644 --- a/mastodon/templates/job-set-admin-password.yaml +++ b/mastodon/templates/job-set-admin-password.yaml @@ -1,8 +1,8 @@ -{{- if .Values.mastodon.createAdmin.enabled }} +{{- if .Values.mastodon.createAdmin.enabled -}} apiVersion: batch/v1 kind: Job metadata: - name: {{ include "mastodon.fullname" . }}-create-admin + name: {{ include "mastodon.fullname" . }}-set-admin-password labels: {{- include "mastodon.labels" . | nindent 4 }} annotations: @@ -13,6 +13,10 @@ spec: template: metadata: name: {{ include "mastodon.fullname" . }}-create-admin + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: restartPolicy: Never {{- if (not .Values.mastodon.s3.enabled) }} @@ -24,7 +28,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - - key: component + - key: app.kubernetes.io/part-of operator: In values: - rails @@ -50,21 +54,21 @@ spec: - configMapRef: name: {{ include "mastodon.fullname" . }}-env - secretRef: - name: {{ template "mastodon.fullname" . }} + name: {{ template "mastodon.secretName" . }} env: - name: "DB_PASS" valueFrom: secretKeyRef: {{- if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql + name: {{ template "mastodon.postgresql.secretName" . }} {{- else }} name: {{ template "mastodon.fullname" . }} {{- end }} - key: postgresql-password + key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Release.Name }}-redis + name: {{ template "mastodon.redis.secretName" . }} key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} diff --git a/mastodon/templates/pvc-assets.yaml b/mastodon/templates/pvc-assets.yaml index 58b2179..36d5558 100644 --- a/mastodon/templates/pvc-assets.yaml +++ b/mastodon/templates/pvc-assets.yaml @@ -1,4 +1,4 @@ -{{- if (not .Values.mastodon.s3.enabled) }} +{{- if (not .Values.mastodon.s3.enabled) -}} apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -8,7 +8,9 @@ metadata: spec: accessModes: - {{ .Values.mastodon.persistence.system.accessMode }} + {{- with .Values.mastodon.persistence.assets.resources }} resources: - {{- toYaml .Values.mastodon.persistence.assets.resources | nindent 4}} + {{- toYaml . | nindent 4 }} + {{- end }} storageClassName: {{ .Values.mastodon.persistence.assets.storageClassName }} {{- end }} diff --git a/mastodon/templates/pvc-system.yaml b/mastodon/templates/pvc-system.yaml index 52398f0..9865346 100644 --- a/mastodon/templates/pvc-system.yaml +++ b/mastodon/templates/pvc-system.yaml @@ -1,4 +1,4 @@ -{{- if (not .Values.mastodon.s3.enabled) }} +{{- if (not .Values.mastodon.s3.enabled) -}} apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -8,7 +8,9 @@ metadata: spec: accessModes: - {{ .Values.mastodon.persistence.system.accessMode }} + {{- with .Values.mastodon.persistence.system.resources }} resources: - {{- toYaml .Values.mastodon.persistence.system.resources | nindent 4}} + {{- toYaml . | nindent 4 }} + {{- end }} storageClassName: {{ .Values.mastodon.persistence.system.storageClassName }} {{- end }} diff --git a/mastodon/templates/secret-smtp.yaml b/mastodon/templates/secret-smtp.yaml new file mode 100644 index 0000000..98b15f3 --- /dev/null +++ b/mastodon/templates/secret-smtp.yaml @@ -0,0 +1,16 @@ +{{- if not .Values.mastodon.smtp.existingSecret -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-smtp" (include "common.names.fullname" .) }} + labels: + {{- include "mastodon.labels" . | nindent 4 }} +type: Opaque +data: + {{- with .Values.mastodon.smtp.login }} + login: {{ . | b64enc }} + {{- end }} + {{- with .Values.mastodon.smtp.password }} + password: {{ . | b64enc }} + {{- end }} +{{- end }} diff --git a/mastodon/templates/secrets.yaml b/mastodon/templates/secrets.yaml index 0452a8a..d1776ac 100644 --- a/mastodon/templates/secrets.yaml +++ b/mastodon/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{- if (include "mastodon.createSecret" .) -}} apiVersion: v1 kind: Secret metadata: @@ -7,9 +8,12 @@ metadata: type: Opaque data: {{- if .Values.mastodon.s3.enabled }} + {{- if not .Values.mastodon.s3.existingSecret }} AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}" AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}" {{- end }} + {{- end }} + {{- if not .Values.mastodon.secrets.existingSecret }} {{- if not (empty .Values.mastodon.secrets.secret_key_base) }} SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}" {{- else }} @@ -30,6 +34,10 @@ data: {{- else }} VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }} {{- end }} - {{- if not .Values.postgresql.enabled }} - postgresql-password: "{{ .Values.postgresql.postgresqlPassword | b64enc }}" {{- end }} + {{- if not .Values.postgresql.enabled }} + {{- if not .Values.postgresql.auth.existingSecret }} + password: "{{ .Values.postgresql.auth.password | b64enc }}" + {{- end }} + {{- end }} +{{- end }} diff --git a/mastodon/templates/service-streaming.yaml b/mastodon/templates/service-streaming.yaml index a005e61..bade7b1 100644 --- a/mastodon/templates/service-streaming.yaml +++ b/mastodon/templates/service-streaming.yaml @@ -13,3 +13,4 @@ spec: name: streaming selector: {{- include "mastodon.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: streaming diff --git a/mastodon/templates/service-web.yaml b/mastodon/templates/service-web.yaml index 3563fde..acf1233 100644 --- a/mastodon/templates/service-web.yaml +++ b/mastodon/templates/service-web.yaml @@ -13,3 +13,4 @@ spec: name: http selector: {{- include "mastodon.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: web diff --git a/mastodon/templates/tests/test-connection.yaml b/mastodon/templates/tests/test-connection.yaml index 09d9816..185c037 100644 --- a/mastodon/templates/tests/test-connection.yaml +++ b/mastodon/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "mastodon.fullname" . }}:{{ .Values.service.port }}'] + args: ['{{ include "mastodon.fullname" . }}-web:{{ .Values.service.port }}'] restartPolicy: Never diff --git a/mastodon/values.yaml b/mastodon/values.yaml index 99554ba..f5d036f 100644 --- a/mastodon/values.yaml +++ b/mastodon/values.yaml @@ -1,40 +1,48 @@ -replicaCount: 1 - image: - repository: tootsuite/mastodon - # https://hub.docker.com/r/tootsuite/mastodon/tags + repository: ghcr.io/mastodon/mastodon + # https://github.com/mastodon/mastodon/pkgs/container/mastodon # # alternatively, use `latest` for the latest release or `edge` for the image # built from the most recent commit # # tag: latest - tag: v3.5.3 + tag: "v4.1.2" # use `Always` when using `latest` tag pullPolicy: IfNotPresent mastodon: - # create an initial administrator user; the password is autogenerated and will + # -- create an initial administrator user; the password is autogenerated and will # have to be reset - # CHANGE PASSWORD!! createAdmin: + # @ignored enabled: false + # @ignored username: not_gargron - password: mystronpassword + # @ignored email: not@example.com cron: - # run `tootctl media remove` every week + # -- run `tootctl media remove` every week removeMedia: + # @ignored enabled: true + # @ignored schedule: "0 0 * * 0" - # available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43 + # -- available locales: https://github.com/mastodon/mastodon/blob/main/config/application.rb#L71 locale: en local_domain: mastodon.local - # Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation + # -- Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation # You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described - # web_domain: mastodon.example.com + # Example: mastodon.example.com + web_domain: null + # -- If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled. + singleUserMode: false + # -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch + authorizedFetch: false + # -- Enables "Limited Federation Mode" for more detauls see: https://docs.joinmastodon.org/admin/config/#limited_federation_mode + limitedFederationMode: false persistence: assets: - # ReadWriteOnce is more widely supported than ReadWriteMany, but limits + # -- ReadWriteOnce is more widely supported than ReadWriteMany, but limits # scalability, since it requires the Rails and Sidekiq pods to run on the # same node. accessMode: ReadWriteOnce @@ -50,11 +58,15 @@ mastodon: enabled: false access_key: "" access_secret: "" + # -- you can also specify the name of an existing Secret + # with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY + existingSecret: "" bucket: "" - endpoint: https://us-east-1.linodeobjects.com - hostname: us-east-1.linodeobjects.com + endpoint: "" + hostname: "" region: "" - # If you have a caching proxy, enter its base URL here. + permission: "" + # -- If you have a caching proxy, enter its base URL here. alias_host: "" # these must be set manually; autogenerated keys are rotated on each upgrade secrets: @@ -63,88 +75,220 @@ mastodon: vapid: private_key: "" public_key: "" + # -- you can also specify the name of an existing Secret + # with keys SECRET_KEY_BASE and OTP_SECRET and + # VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY + existingSecret: "" sidekiq: - concurrency: 25 + # -- Pod security context for all Sidekiq Pods, overwrites .Values.podSecurityContext + podSecurityContext: {} + # -- (Sidekiq Container) Security Context for all Pods, overwrites .Values.securityContext + securityContext: {} + # -- Resources for all Sidekiq Deployments unless overwritten + resources: {} + # -- Affinity for all Sidekiq Deployments unless overwritten, overwrites .Values.affinity + affinity: {} + # limits: + # cpu: "1" + # memory: 768Mi + # requests: + # cpu: 250m + # memory: 512Mi + workers: + - name: all-queues + # -- Number of threads / parallel sidekiq jobs that are executed per Pod + concurrency: 25 + # -- Number of Pod replicas deployed by the Deployment + replicas: 1 + # -- Resources for this specific deployment to allow optimised scaling, overwrites .Values.mastodon.sidekiq.resources + resources: {} + # -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity + affinity: {} + # -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency + # See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument + queues: + - default,8 + - push,6 + - ingress,4 + - mailers,2 + - pull + - scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica. + #- name: push-pull + # concurrency: 50 + # resources: {} + # replicas: 2 + # queues: + # - push + # - pull + #- name: mailers + # concurrency: 25 + # replicas: 2 + # queues: + # - mailers + #- name: default + # concurrency: 25 + # replicas: 2 + # queues: + # - default smtp: auth_method: plain ca_file: /etc/ssl/certs/ca-certificates.crt delivery_method: smtp domain: - enable_starttls_auto: true + enable_starttls: 'auto' from_address: notifications@example.com - login: openssl_verify_mode: peer - password: port: 587 reply_to: server: smtp.mailgun.org tls: false + login: + password: + # -- Instead of defining login/password above, you can specify the name of an existing secret here. Login and + # password must be located in keys named `login` and `password` respectively. + existingSecret: streaming: port: 4000 - # this should be set manually since os.cpus() returns the number of CPUs on + # -- this should be set manually since os.cpus() returns the number of CPUs on # the node running the pod, which is unrelated to the resources allocated to # the pod by k8s workers: 1 - # The base url for streaming can be set if the streaming API is deployed to + # -- The base url for streaming can be set if the streaming API is deployed to # a different domain/subdomain. - # base_url: wws://streaming.example.com + base_url: null + # -- Number of Streaming Pods running + replicas: 1 + # -- Affinity for Streaming Pods, overwrites .Values.affinity + affinity: {} + # -- Pod Security Context for Streaming Pods, overwrites .Values.podSecurityContext + podSecurityContext: {} + # -- (Streaming Container) Security Context for Streaming Pods, overwrites .Values.securityContext + securityContext: {} + # -- (Streaming Container) Resources for Streaming Pods, overwrites .Values.resources + resources: {} + # limits: + # cpu: "500m" + # memory: 512Mi + # requests: + # cpu: 250m + # memory: 128Mi web: port: 3000 + # -- Number of Web Pods running + replicas: 1 + # -- Affinity for Web Pods, overwrites .Values.affinity + affinity: {} + # -- Pod Security Context for Web Pods, overwrites .Values.podSecurityContext + podSecurityContext: {} + # -- (Web Container) Security Context for Web Pods, overwrites .Values.securityContext + securityContext: {} + # -- (Web Container) Resources for Web Pods, overwrites .Values.resources + resources: {} + # limits: + # cpu: "1" + # memory: 1280Mi + # requests: + # cpu: 250m + # memory: 768Mi + # -- Puma-specific options. Below values are based on default behavior in + # config/puma.rb when no custom values are provided. + minThreads: "5" + maxThreads: "5" + workers: "2" + persistentTimeout: "20" + + metrics: + statsd: + # -- Enable statsd publishing via STATSD_ADDR environment variable + address: "" + + # Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements + preparedStatements: true ingress: - enabled: false - className: "" - annotations: {} - # nginx.ingress.kubernetes.io/proxy-body-size: "0" - # nginx.ingress.kubernetes.io/proxy-read-timeout: "600" - # nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + enabled: true + annotations: + # For choosing an ingress ingressClassName is preferred over annotations + # kubernetes.io/ingress.class: nginx + # + # To automatically request TLS certificates use one of the following + # kubernetes.io/tls-acme: "true" + # cert-manager.io/cluster-issuer: "letsencrypt" + # + # ensure that NGINX's upload size matches Mastodon's + # for the K8s ingress controller: + # nginx.ingress.kubernetes.io/proxy-body-size: 40m + # for the NGINX ingress controller: + # nginx.org/client-max-body-size: 40m + # -- you can specify the ingressClassName if it differs from the default + ingressClassName: hosts: - - host: chart-example.local + - host: mastodon.local paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local + - path: '/' + tls: + - secretName: mastodon-tls + hosts: + - mastodon.local -# https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters +# -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters elasticsearch: # `false` will disable full-text search # # if you enable ES after the initial install, you will need to manually run # RAILS_ENV=production bundle exec rake chewy:sync # (https://docs.joinmastodon.org/admin/optional/elasticsearch/) + # @ignored enabled: true + # @ignored image: tag: 7 # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters postgresql: - # disable if you want to use an existing db; in which case the values below + # -- disable if you want to use an existing db; in which case the values below # must match those of that external postgres instance enabled: true # postgresqlHostname: preexisting-postgresql - postgresqlDatabase: mastodon_production - # you must set a password; the password generated by the postgresql chart will - # be rotated on each upgrade: - # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade - postgresqlPassword: "" - postgresqlUsername: postgres + # postgresqlPort: 5432 + auth: + database: mastodon_production + username: mastodon + # you must set a password; the password generated by the postgresql chart will + # be rotated on each upgrade: + # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade + password: "" + # Set the password for the "postgres" admin user + # set this to the same value as above if you've previously installed + # this chart and you're having problems getting mastodon to connect to the DB + # postgresPassword: "" + # you can also specify the name of an existing Secret + # with a key of password set to the password you want + existingSecret: "" # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters redis: - # you must set a password; the password generated by the redis chart will be - # rotated on each upgrade: - password: "" + # disable if you want to use an existing redis instance; in which case the + # values below must match those of that external redis instance + enabled: true + hostname: "" + port: 6379 + auth: + # -- you must set a password; the password generated by the redis chart will be + # rotated on each upgrade: + password: "" + # you can also specify the name of an existing Secret + # with a key of redis-password set to the password you want + # existingSecret: "" +# @ignored service: type: ClusterIP port: 80 externalAuth: oidc: - # OpenID Connect support is proposed in PR #16221 and awaiting merge. + # -- OpenID Connect support is proposed in PR #16221 and awaiting merge. enabled: false # display_name: "example-label" # issuer: https://login.example.space/auth/realms/example-space @@ -155,62 +299,62 @@ externalAuth: # client_secret: SECRETKEY # redirect_uri: https://example.com/auth/auth/openid_connect/callback # assume_email_is_verified: true - # client_auth_method: - # response_type: - # response_mode: - # display: - # prompt: - # send_nonce: - # send_scope_to_token_endpoint: - # idp_logout_redirect_uri: - # http_scheme: - # host: - # port: - # jwks_uri: - # auth_endpoint: - # token_endpoint: - # user_info_endpoint: - # end_session_endpoint: + # client_auth_method: + # response_type: + # response_mode: + # display: + # prompt: + # send_nonce: + # send_scope_to_token_endpoint: + # idp_logout_redirect_uri: + # http_scheme: + # host: + # port: + # jwks_uri: + # auth_endpoint: + # token_endpoint: + # user_info_endpoint: + # end_session_endpoint: saml: enabled: false # acs_url: http://mastodon.example.com/auth/auth/saml/callback # issuer: mastodon # idp_sso_target_url: https://login.example.com/auth/realms/example/protocol/saml # idp_cert: '-----BEGIN CERTIFICATE-----[your_cert_content]-----END CERTIFICATE-----' - # idp_cert_fingerprint: + # idp_cert_fingerprint: # name_identifier_format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - # cert: - # private_key: + # cert: + # private_key: # want_assertion_signed: true # want_assertion_encrypted: true # assume_email_is_verified: true # uid_attribute: "urn:oid:0.9.2342.19200300.100.1.1" - # attributes_statements: + # attributes_statements: # uid: "urn:oid:0.9.2342.19200300.100.1.1" # email: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6" # full_name: "urn:oid:2.16.840.1.113730.3.1.241" # first_name: "urn:oid:2.5.4.42" # last_name: "urn:oid:2.5.4.4" - # verified: - # verified_email: - oauth_global: - # Force redirect local login to CAS. Does not function with SAML or LDAP. - oauth_redirect_at_sign_in: false + # verified: + # verified_email: + oauth_global: + # -- Automatically redirect to OIDC, CAS or SAML, and don't use local account authentication when clicking on Sign-In + omniauth_only: false cas: enabled: false # url: https://sso.myserver.com # host: sso.myserver.com # port: 443 # ssl: true - # validate_url: - # callback_url: - # logout_url: - # login_url: + # validate_url: + # callback_url: + # logout_url: + # login_url: # uid_field: 'user' - # ca_path: + # ca_path: # disable_ssl_verification: false # assume_email_is_verified: true - # keys: + # keys: # uid: 'user' # name: 'name' # email: 'email' @@ -220,7 +364,7 @@ externalAuth: # location: 'location' # image: 'image' # phone: 'phone' - pam: + pam: enabled: false # email_domain: example.com # default_service: rpam @@ -228,11 +372,12 @@ externalAuth: ldap: enabled: false # host: myservice.namespace.svc - # port: 389 + # port: 636 # method: simple_tls - # base: - # bind_on: - # password: + # tls_no_verify: true + # base: + # bind_dn: + # password: # uid: cn # mail: mail # search_filter: "(|(%{uid}=%{email})(%{mail}=%{email}))" @@ -241,7 +386,7 @@ externalAuth: # search: "., -" # replace: _ -# https://github.com/tootsuite/mastodon/blob/master/Dockerfile#L88 +# -- https://github.com/mastodon/mastodon/blob/main/Dockerfile#L75 # # if you manually change the UID/GID environment variables, ensure these values # match: @@ -250,19 +395,31 @@ podSecurityContext: runAsGroup: 991 fsGroup: 991 +# @ignored securityContext: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" +# -- Kubernetes manages pods for jobs and pods for deployments differently, so you might +# need to apply different annotations to the two different sets of pods. The annotations +# set with podAnnotations will be added to all deployment-managed pods. podAnnotations: {} +# If set to true, an annotation with the current chart release number will be added to all mastodon pods. This will +# cause all pods to be recreated every `helm upgrade` regardless of whether their config or spec changes. +revisionPodAnnotation: true + +# The annotations set with jobAnnotations will be added to all job pods. +jobAnnotations: {} + +# -- Default resources for all Deployments and jobs unless overwritten resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -275,15 +432,11 @@ resources: {} # cpu: 100m # memory: 128Mi -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - +# @ignored nodeSelector: {} +# @ignored tolerations: [] +# -- Affinity for all pods unless overwritten affinity: {} diff --git a/postgres-operator-ui/Chart.yaml b/postgres-operator-ui/Chart.yaml index 23ecad0..2c86208 100644 --- a/postgres-operator-ui/Chart.yaml +++ b/postgres-operator-ui/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: postgres-operator-ui -version: 1.8.2 -appVersion: 1.8.2 +version: 1.9.0 +appVersion: 1.9.0 home: https://github.com/zalando/postgres-operator description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience keywords: diff --git a/postgres-operator-ui/index.yaml b/postgres-operator-ui/index.yaml index df6018f..2da2636 100644 --- a/postgres-operator-ui/index.yaml +++ b/postgres-operator-ui/index.yaml @@ -1,9 +1,32 @@ apiVersion: v1 entries: postgres-operator-ui: + - apiVersion: v2 + appVersion: 1.9.0 + created: "2023-01-17T15:45:57.564334046+01:00" + description: Postgres Operator UI provides a graphical interface for a convenient + database-as-a-service user experience + digest: df434af6c8b697fe0631017ecc25e3c79e125361ae6622347cea41a545153bdc + home: https://github.com/zalando/postgres-operator + keywords: + - postgres + - operator + - ui + - cloud-native + - patroni + - spilo + maintainers: + - email: opensource@zalando.de + name: Zalando + name: postgres-operator-ui + sources: + - https://github.com/zalando/postgres-operator + urls: + - postgres-operator-ui-1.9.0.tgz + version: 1.9.0 - apiVersion: v2 appVersion: 1.8.2 - created: "2022-06-20T11:58:48.148537324+02:00" + created: "2023-01-17T15:45:57.562574292+01:00" description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience digest: fbfc90fa8fd007a08a7c02e0ec9108bb8282cbb42b8c976d88f2193d6edff30c @@ -26,7 +49,7 @@ entries: version: 1.8.2 - apiVersion: v2 appVersion: 1.8.1 - created: "2022-06-20T11:58:48.147974157+02:00" + created: "2023-01-17T15:45:57.561981294+01:00" description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience digest: d26342e385ea51a0fbfbe23477999863e9489664ae803ea5c56da8897db84d24 @@ -49,7 +72,7 @@ entries: version: 1.8.1 - apiVersion: v1 appVersion: 1.8.0 - created: "2022-06-20T11:58:48.147454782+02:00" + created: "2023-01-17T15:45:57.561383172+01:00" description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience digest: d4a7b40c23fd167841cc28342afdbd5ecc809181913a5c31061c83139187f148 @@ -72,7 +95,7 @@ entries: version: 1.8.0 - apiVersion: v1 appVersion: 1.7.1 - created: "2022-06-20T11:58:48.14693682+02:00" + created: "2023-01-17T15:45:57.560738084+01:00" description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience digest: 97aed1a1d37cd5f8441eea9522f38e56cc829786ad2134c437a5e6a15c995869 @@ -95,7 +118,7 @@ entries: version: 1.7.1 - apiVersion: v1 appVersion: 1.7.0 - created: "2022-06-20T11:58:48.146431264+02:00" + created: "2023-01-17T15:45:57.560150807+01:00" description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience digest: 37fba1968347daad393dbd1c6ee6e5b6a24d1095f972c0102197531c62dcada8 @@ -116,96 +139,4 @@ entries: urls: - postgres-operator-ui-1.7.0.tgz version: 1.7.0 - - apiVersion: v1 - appVersion: 1.6.3 - created: "2022-06-20T11:58:48.14552248+02:00" - description: Postgres Operator UI provides a graphical interface for a convenient - database-as-a-service user experience - digest: 08b810aa632dcc719e4785ef184e391267f7c460caa99677f2d00719075aac78 - home: https://github.com/zalando/postgres-operator - keywords: - - postgres - - operator - - ui - - cloud-native - - patroni - - spilo - maintainers: - - email: opensource@zalando.de - name: Zalando - name: postgres-operator-ui - sources: - - https://github.com/zalando/postgres-operator - urls: - - postgres-operator-ui-1.6.3.tgz - version: 1.6.3 - - apiVersion: v1 - appVersion: 1.6.2 - created: "2022-06-20T11:58:48.145033254+02:00" - description: Postgres Operator UI provides a graphical interface for a convenient - database-as-a-service user experience - digest: 14d1559bb0bd1e1e828f2daaaa6f6ac9ffc268d79824592c3589b55dd39241f6 - home: https://github.com/zalando/postgres-operator - keywords: - - postgres - - operator - - ui - - cloud-native - - patroni - - spilo - maintainers: - - email: opensource@zalando.de - name: Zalando - name: postgres-operator-ui - sources: - - https://github.com/zalando/postgres-operator - urls: - - postgres-operator-ui-1.6.2.tgz - version: 1.6.2 - - apiVersion: v1 - appVersion: 1.6.1 - created: "2022-06-20T11:58:48.144518247+02:00" - description: Postgres Operator UI provides a graphical interface for a convenient - database-as-a-service user experience - digest: 3d321352f2f1e7bb7450aa8876e3d818aa9f9da9bd4250507386f0490f2c1969 - home: https://github.com/zalando/postgres-operator - keywords: - - postgres - - operator - - ui - - cloud-native - - patroni - - spilo - maintainers: - - email: opensource@zalando.de - name: Zalando - name: postgres-operator-ui - sources: - - https://github.com/zalando/postgres-operator - urls: - - postgres-operator-ui-1.6.1.tgz - version: 1.6.1 - - apiVersion: v1 - appVersion: 1.6.0 - created: "2022-06-20T11:58:48.143943237+02:00" - description: Postgres Operator UI provides a graphical interface for a convenient - database-as-a-service user experience - digest: 1e0aa1e7db3c1daa96927ffbf6fdbcdb434562f961833cb5241ddbe132220ee4 - home: https://github.com/zalando/postgres-operator - keywords: - - postgres - - operator - - ui - - cloud-native - - patroni - - spilo - maintainers: - - email: opensource@zalando.de - name: Zalando - name: postgres-operator-ui - sources: - - https://github.com/zalando/postgres-operator - urls: - - postgres-operator-ui-1.6.0.tgz - version: 1.6.0 -generated: "2022-06-20T11:58:48.143164875+02:00" +generated: "2023-01-17T15:45:57.558968127+01:00" diff --git a/postgres-operator-ui/templates/deployment.yaml b/postgres-operator-ui/templates/deployment.yaml index c82d38c..23eb750 100644 --- a/postgres-operator-ui/templates/deployment.yaml +++ b/postgres-operator-ui/templates/deployment.yaml @@ -19,6 +19,10 @@ spec: labels: app.kubernetes.io/name: {{ template "postgres-operator-ui.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: serviceAccountName: {{ include "postgres-operator-ui.serviceAccountName" . }} {{- if .Values.imagePullSecrets }} @@ -75,7 +79,12 @@ spec: "cost_throughput": 0.0476, "cost_core": 0.0575, "cost_memory": 0.014375, + "free_iops": 3000, + "free_throughput": 125, + "limit_iops": 16000, + "limit_throughput": 1000, "postgresql_versions": [ + "15", "14", "13", "12", diff --git a/postgres-operator-ui/templates/service.yaml b/postgres-operator-ui/templates/service.yaml index e146037..c93e076 100644 --- a/postgres-operator-ui/templates/service.yaml +++ b/postgres-operator-ui/templates/service.yaml @@ -6,6 +6,10 @@ metadata: helm.sh/chart: {{ template "postgres-operator-ui.chart" . }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ template "postgres-operator-ui.fullname" . }} namespace: {{ .Release.Namespace }} spec: diff --git a/postgres-operator-ui/values.yaml b/postgres-operator-ui/values.yaml index 1fe4d37..31b925c 100644 --- a/postgres-operator-ui/values.yaml +++ b/postgres-operator-ui/values.yaml @@ -8,7 +8,7 @@ replicaCount: 1 image: registry: registry.opensource.zalan.do repository: acid/postgres-operator-ui - tag: v1.8.2 + tag: v1.9.0 pullPolicy: "IfNotPresent" # Optionally specify an array of imagePullSecrets. @@ -48,6 +48,10 @@ envs: teams: - "acid" +# Extra pod annotations +podAnnotations: + {} + # configure extra UI ENVs # Extra ENVs are writen in kubenertes format and added "as is" to the pod's env variables # https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ @@ -85,6 +89,8 @@ service: # If the type of the service is NodePort a port can be specified using the nodePort field # If the nodePort field is not specified, or if it has no value, then a random port is used # nodePort: 32521 + annotations: + {} # configure UI ingress. If needed: "enabled: true" ingress: diff --git a/postgres-operator/Chart.yaml b/postgres-operator/Chart.yaml index 96dd679..7ab3e39 100644 --- a/postgres-operator/Chart.yaml +++ b/postgres-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: postgres-operator -version: 1.8.2 -appVersion: 1.8.2 +version: 1.9.0 +appVersion: 1.9.0 home: https://github.com/zalando/postgres-operator description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes keywords: diff --git a/postgres-operator/crds/operatorconfigurations.yaml b/postgres-operator/crds/operatorconfigurations.yaml index c5b9a4c..e01a5f9 100644 --- a/postgres-operator/crds/operatorconfigurations.yaml +++ b/postgres-operator/crds/operatorconfigurations.yaml @@ -68,7 +68,7 @@ spec: type: string docker_image: type: string - default: "registry.opensource.zalan.do/acid/spilo-14:2.1-p6" + default: "ghcr.io/zalando/spilo-15:2.1-p9" enable_crd_registration: type: boolean default: true @@ -88,9 +88,14 @@ spec: enable_spilo_wal_path_compat: type: boolean default: false + enable_team_id_clustername_prefix: + type: boolean + default: false etcd_host: type: string default: "" + ignore_instance_limits_annotation_key: + type: string kubernetes_use_configmaps: type: boolean default: false @@ -162,10 +167,10 @@ spec: type: string minimal_major_version: type: string - default: "9.6" + default: "11" target_major_version: type: string - default: "14" + default: "15" kubernetes: type: object properties: @@ -209,6 +214,9 @@ spec: enable_pod_disruption_budget: type: boolean default: true + enable_readiness_probe: + type: boolean + default: false enable_sidecars: type: boolean default: true @@ -270,6 +278,9 @@ spec: pdb_name_format: type: string default: "postgres-{cluster}-pdb" + pod_antiaffinity_preferred_during_scheduling: + type: boolean + default: false pod_antiaffinity_topology_key: type: string default: "kubernetes.io/hostname" @@ -303,6 +314,9 @@ spec: secret_name_template: type: string default: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" + share_pgsocket_with_sidecars: + type: boolean + default: false spilo_allow_privilege_escalation: type: boolean default: true @@ -319,6 +333,7 @@ spec: type: string enum: - "ebs" + - "mixed" - "pvc" - "off" default: "pvc" @@ -347,6 +362,12 @@ spec: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' default: "100Mi" + max_cpu_request: + type: string + pattern: '^(\d+m|\d+(\.\d{1,3})?)$' + max_memory_request: + type: string + pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' min_cpu_limit: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' @@ -411,9 +432,15 @@ spec: - "Local" default: "Cluster" master_dns_name_format: + type: string + default: "{cluster}.{namespace}.{hostedzone}" + master_legacy_dns_name_format: type: string default: "{cluster}.{team}.{hostedzone}" replica_dns_name_format: + type: string + default: "{cluster}-repl.{namespace}.{hostedzone}" + replica_legacy_dns_name_format: type: string default: "{cluster}-repl.{team}.{hostedzone}" aws_or_gcp: @@ -448,16 +475,38 @@ spec: logical_backup: type: object properties: + logical_backup_azure_storage_account_name: + type: string + logical_backup_azure_storage_container: + type: string + logical_backup_azure_storage_account_key: + type: string + logical_backup_cpu_limit: + type: string + pattern: '^(\d+m|\d+(\.\d{1,3})?)$' + logical_backup_cpu_request: + type: string + pattern: '^(\d+m|\d+(\.\d{1,3})?)$' logical_backup_docker_image: type: string - default: "registry.opensource.zalan.do/acid/logical-backup:v1.8.2" + default: "registry.opensource.zalan.do/acid/logical-backup:v1.9.0" logical_backup_google_application_credentials: type: string logical_backup_job_prefix: type: string default: "logical-backup-" + logical_backup_memory_limit: + type: string + pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' + logical_backup_memory_request: + type: string + pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' logical_backup_provider: type: string + enum: + - "az" + - "gcs" + - "s3" default: "s3" logical_backup_s3_access_key_id: type: string @@ -588,7 +637,7 @@ spec: default: "pooler" connection_pooler_image: type: string - default: "registry.opensource.zalan.do/acid/pgbouncer:master-22" + default: "registry.opensource.zalan.do/acid/pgbouncer:master-26" connection_pooler_max_db_connections: type: integer default: 60 @@ -618,6 +667,12 @@ spec: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' default: "100Mi" + patroni: + type: object + properties: + failsafe_mode: + type: boolean + default: false status: type: object additionalProperties: diff --git a/postgres-operator/crds/postgresqls.yaml b/postgres-operator/crds/postgresqls.yaml index b8d3dcf..6f938cf 100644 --- a/postgres-operator/crds/postgresqls.yaml +++ b/postgres-operator/crds/postgresqls.yaml @@ -223,6 +223,10 @@ spec: items: type: string pattern: '^\ *((Mon|Tue|Wed|Thu|Fri|Sat|Sun):(2[0-3]|[01]?\d):([0-5]?\d)|(2[0-3]|[01]?\d):([0-5]?\d))-((Mon|Tue|Wed|Thu|Fri|Sat|Sun):(2[0-3]|[01]?\d):([0-5]?\d)|(2[0-3]|[01]?\d):([0-5]?\d))\ *$' + masterServiceAnnotations: + type: object + additionalProperties: + type: string nodeAffinity: type: object properties: @@ -320,6 +324,8 @@ spec: patroni: type: object properties: + failsafe_mode: + type: boolean initdb: type: object additionalProperties: @@ -365,13 +371,12 @@ spec: version: type: string enum: - - "9.5" - - "9.6" - "10" - "11" - "12" - "13" - "14" + - "15" parameters: type: object additionalProperties: @@ -401,6 +406,10 @@ spec: replicaLoadBalancer: type: boolean description: deprecated + replicaServiceAnnotations: + type: object + additionalProperties: + type: string resources: type: object properties: @@ -620,7 +629,7 @@ spec: operator: type: string enum: - - DoesNotExists + - DoesNotExist - Exists - In - NotIn diff --git a/postgres-operator/index.yaml b/postgres-operator/index.yaml index ff025ba..c42fc35 100644 --- a/postgres-operator/index.yaml +++ b/postgres-operator/index.yaml @@ -1,9 +1,31 @@ apiVersion: v1 entries: postgres-operator: + - apiVersion: v2 + appVersion: 1.9.0 + created: "2023-01-17T15:33:03.869287885+01:00" + description: Postgres Operator creates and manages PostgreSQL clusters running + in Kubernetes + digest: 64df90c898ca591eb3a330328173ffaadfbf9ddd474d8c42ed143edc9e3f4276 + home: https://github.com/zalando/postgres-operator + keywords: + - postgres + - operator + - cloud-native + - patroni + - spilo + maintainers: + - email: opensource@zalando.de + name: Zalando + name: postgres-operator + sources: + - https://github.com/zalando/postgres-operator + urls: + - postgres-operator-1.9.0.tgz + version: 1.9.0 - apiVersion: v2 appVersion: 1.8.2 - created: "2022-06-20T11:57:53.031245647+02:00" + created: "2023-01-17T15:33:03.86746187+01:00" description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes digest: f77ffad2e98b72a621e5527015cf607935d3ed688f10ba4b626435acb9631b5b @@ -25,7 +47,7 @@ entries: version: 1.8.2 - apiVersion: v2 appVersion: 1.8.1 - created: "2022-06-20T11:57:53.029722276+02:00" + created: "2023-01-17T15:33:03.865880826+01:00" description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes digest: ee0c3bb6ba72fa4289ba3b1c6060e5b312dd023faba2a61b4cb7d9e5e2cc57a5 @@ -47,7 +69,7 @@ entries: version: 1.8.1 - apiVersion: v1 appVersion: 1.8.0 - created: "2022-06-20T11:57:53.028188865+02:00" + created: "2023-01-17T15:33:03.8643608+01:00" description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes digest: 3ae232cf009e09aa2ad11c171484cd2f1b72e63c59735e58fbe2b6eb842f4c86 @@ -69,7 +91,7 @@ entries: version: 1.8.0 - apiVersion: v1 appVersion: 1.7.1 - created: "2022-06-20T11:57:53.026647776+02:00" + created: "2023-01-17T15:33:03.862914146+01:00" description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes digest: 7262563bec0b058e669ae6bcff0226e33fa9ece9c41ac46a53274046afe7700c @@ -91,7 +113,7 @@ entries: version: 1.7.1 - apiVersion: v1 appVersion: 1.7.0 - created: "2022-06-20T11:57:53.02514275+02:00" + created: "2023-01-17T15:33:03.861539439+01:00" description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes digest: c3e99fb94305f81484b8b1af18eefb78681f3b5d057d5ad10565e4afb7c65ffe @@ -111,92 +133,4 @@ entries: urls: - postgres-operator-1.7.0.tgz version: 1.7.0 - - apiVersion: v1 - appVersion: 1.6.3 - created: "2022-06-20T11:57:53.022692764+02:00" - description: Postgres Operator creates and manages PostgreSQL clusters running - in Kubernetes - digest: ea08f991bf23c9ad114bca98ebcbe3e2fa15beab163061399394905eaee89b35 - home: https://github.com/zalando/postgres-operator - keywords: - - postgres - - operator - - cloud-native - - patroni - - spilo - maintainers: - - email: opensource@zalando.de - name: Zalando - name: postgres-operator - sources: - - https://github.com/zalando/postgres-operator - urls: - - postgres-operator-1.6.3.tgz - version: 1.6.3 - - apiVersion: v1 - appVersion: 1.6.2 - created: "2022-06-20T11:57:53.021045272+02:00" - description: Postgres Operator creates and manages PostgreSQL clusters running - in Kubernetes - digest: d886f8a0879ca07d1e5246ee7bc55710e1c872f3977280fe495db6fc2057a7f4 - home: https://github.com/zalando/postgres-operator - keywords: - - postgres - - operator - - cloud-native - - patroni - - spilo - maintainers: - - email: opensource@zalando.de - name: Zalando - name: postgres-operator - sources: - - https://github.com/zalando/postgres-operator - urls: - - postgres-operator-1.6.2.tgz - version: 1.6.2 - - apiVersion: v1 - appVersion: 1.6.1 - created: "2022-06-20T11:57:53.019428631+02:00" - description: Postgres Operator creates and manages PostgreSQL clusters running - in Kubernetes - digest: 4ba5972cd486dcaa2d11c5613a6f97f6b7b831822e610fe9e10a57ea1db23556 - home: https://github.com/zalando/postgres-operator - keywords: - - postgres - - operator - - cloud-native - - patroni - - spilo - maintainers: - - email: opensource@zalando.de - name: Zalando - name: postgres-operator - sources: - - https://github.com/zalando/postgres-operator - urls: - - postgres-operator-1.6.1.tgz - version: 1.6.1 - - apiVersion: v1 - appVersion: 1.6.0 - created: "2022-06-20T11:57:53.017863057+02:00" - description: Postgres Operator creates and manages PostgreSQL clusters running - in Kubernetes - digest: f52149718ea364f46b4b9eec9a65f6253ad182bb78df541d14cd5277b9c8a8c3 - home: https://github.com/zalando/postgres-operator - keywords: - - postgres - - operator - - cloud-native - - patroni - - spilo - maintainers: - - email: opensource@zalando.de - name: Zalando - name: postgres-operator - sources: - - https://github.com/zalando/postgres-operator - urls: - - postgres-operator-1.6.0.tgz - version: 1.6.0 -generated: "2022-06-20T11:57:53.016179465+02:00" +generated: "2023-01-17T15:33:03.859917247+01:00" diff --git a/postgres-operator/templates/deployment.yaml b/postgres-operator/templates/deployment.yaml index b910626..1752cb3 100644 --- a/postgres-operator/templates/deployment.yaml +++ b/postgres-operator/templates/deployment.yaml @@ -57,6 +57,14 @@ spec: {{ toYaml .Values.resources | indent 10 }} securityContext: {{ toYaml .Values.securityContext | indent 10 }} + {{- if .Values.readinessProbe }} + readinessProbe: + httpGet: + path: /readyz + port: {{ .Values.configLoggingRestApi.api_port }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} diff --git a/postgres-operator/templates/operatorconfiguration.yaml b/postgres-operator/templates/operatorconfiguration.yaml index 4e380f4..ef4674d 100644 --- a/postgres-operator/templates/operatorconfiguration.yaml +++ b/postgres-operator/templates/operatorconfiguration.yaml @@ -10,9 +10,9 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} configuration: -{{ toYaml .Values.configGeneral | indent 2 }} +{{ tpl (toYaml .Values.configGeneral) . | indent 2 }} users: -{{ toYaml .Values.configUsers | indent 4 }} +{{ tpl (toYaml .Values.configUsers) . | indent 4 }} major_version_upgrade: {{ toYaml .Values.configMajorVersionUpgrade | indent 4 }} kubernetes: @@ -21,7 +21,7 @@ configuration: {{- end }} pod_service_account_name: {{ include "postgres-pod.serviceAccountName" . }} oauth_token_secret_name: {{ template "postgres-operator.fullname" . }} -{{ toYaml .Values.configKubernetes | indent 4 }} +{{ tpl (toYaml .Values.configKubernetes) . | indent 4 }} postgres_pod_resources: {{ toYaml .Values.configPostgresPodResources | indent 4 }} timeouts: @@ -35,7 +35,7 @@ configuration: debug: {{ toYaml .Values.configDebug | indent 4 }} teams_api: -{{ toYaml .Values.configTeamsApi | indent 4 }} +{{ tpl (toYaml .Values.configTeamsApi) . | indent 4 }} logging_rest_api: {{ toYaml .Values.configLoggingRestApi | indent 4 }} connection_pooler: diff --git a/postgres-operator/values.yaml b/postgres-operator/values.yaml index 2650824..bca269b 100644 --- a/postgres-operator/values.yaml +++ b/postgres-operator/values.yaml @@ -1,7 +1,7 @@ image: registry: registry.opensource.zalan.do repository: acid/postgres-operator - tag: v1.8.2 + tag: v1.9.0 pullPolicy: "IfNotPresent" # Optionally specify an array of imagePullSecrets. @@ -33,12 +33,19 @@ configGeneral: enable_shm_volume: true # enables backwards compatible path between Spilo 12 and Spilo 13+ images enable_spilo_wal_path_compat: false + # operator will sync only clusters where name starts with teamId prefix + enable_team_id_clustername_prefix: false # etcd connection string for Patroni. Empty uses K8s-native DCS. etcd_host: "" + # Spilo docker image + docker_image: ghcr.io/zalando/spilo-15:2.1-p9 + + # key name for annotation to ignore globally configured instance limits + # ignore_instance_limits_annotation_key: "" + # Select if setup uses endpoints (default), or configmaps to manage leader (DCS=k8s) # kubernetes_use_configmaps: false - # Spilo docker image - docker_image: registry.opensource.zalan.do/acid/spilo-14:2.1-p6 + # min number of instances in Postgres cluster. -1 = no limit min_instances: -1 # max number of instances in Postgres cluster. -1 = no limit @@ -82,9 +89,9 @@ configMajorVersionUpgrade: # - acid # minimal Postgres major version that will not automatically be upgraded - minimal_major_version: "9.6" + minimal_major_version: "11" # target Postgres major version when upgrading clusters automatically - target_major_version: "14" + target_major_version: "15" configKubernetes: # list of additional capabilities for postgres container @@ -122,6 +129,8 @@ configKubernetes: enable_pod_antiaffinity: false # toggles PDB to set to MinAvailabe 0 or 1 enable_pod_disruption_budget: true + # toogles readiness probe for database pods + enable_readiness_probe: false # enables sidecar containers to run alongside Spilo in the same pod enable_sidecars: true @@ -156,6 +165,8 @@ configKubernetes: # defines the template for PDB (Pod Disruption Budget) names pdb_name_format: "postgres-{cluster}-pdb" + # switches pod anti affinity type to `preferredDuringSchedulingIgnoredDuringExecution` + pod_antiaffinity_preferred_during_scheduling: false # override topology key for pod anti affinity pod_antiaffinity_topology_key: "kubernetes.io/hostname" # namespaced name of the ConfigMap with environment variables to populate on every pod @@ -180,9 +191,12 @@ configKubernetes: # if the user is in different namespace than cluster and cross namespace secrets # are enabled via `enable_cross_namespace_secret` flag in the configuration. secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" + # sharing unix socket of PostgreSQL (`pg_socket`) with the sidecars + share_pgsocket_with_sidecars: false # set user and group for the spilo container (required to run Spilo as non-root process) # spilo_runasuser: 101 # spilo_runasgroup: 103 + # group ID with write-access to volumes (required to run Spilo as non-root process) # spilo_fsgroup: 103 @@ -191,7 +205,7 @@ configKubernetes: # whether the Spilo container should run with additional permissions other than parent. # required by cron which needs setuid spilo_allow_privilege_escalation: true - # storage resize strategy, available options are: ebs, pvc, off + # storage resize strategy, available options are: ebs, pvc, off or mixed storage_resize_mode: pvc # pod toleration assigned to instances of every Postgres cluster # toleration: @@ -212,6 +226,12 @@ configPostgresPodResources: default_memory_limit: 500Mi # memory request value for the postgres containers default_memory_request: 100Mi + # optional upper boundary for CPU request + # max_cpu_request: "1" + + # optional upper boundary for memory request + # max_memory_request: 4Gi + # hard CPU minimum required to properly run a Postgres cluster min_cpu_limit: 250m # hard memory minimum required to properly run a Postgres cluster @@ -256,9 +276,13 @@ configLoadBalancer: # define external traffic policy for the load balancer external_traffic_policy: "Cluster" # defines the DNS name string template for the master load balancer cluster - master_dns_name_format: "{cluster}.{team}.{hostedzone}" + master_dns_name_format: "{cluster}.{namespace}.{hostedzone}" + # deprecated DNS template for master load balancer using team name + master_legacy_dns_name_format: "{cluster}.{team}.{hostedzone}" # defines the DNS name string template for the replica load balancer cluster - replica_dns_name_format: "{cluster}-repl.{team}.{hostedzone}" + replica_dns_name_format: "{cluster}-repl.{namespace}.{hostedzone}" + # deprecated DNS template for replica load balancer using team name + replica_legacy_dns_name_format: "{cluster}-repl.{team}.{hostedzone}" # options to aid debugging of the operator itself configDebug: @@ -284,7 +308,7 @@ configAwsOrGcp: # Path to mount the above Secret in the filesystem of the container(s) # additional_secret_mount_path: "/some/dir" - # AWS region used to store ESB volumes + # AWS region used to store EBS volumes aws_region: eu-central-1 # enable automatic migration on AWS from gp2 to gp3 volumes @@ -312,6 +336,17 @@ configAwsOrGcp: # configure K8s cron job managed by the operator configLogicalBackup: + # Azure Storage Account specs to store backup results + # logical_backup_azure_storage_account_name: "" + # logical_backup_azure_storage_container: "" + # logical_backup_azure_storage_account_key: "" + + # resources for logical backup pod, if empty configPostgresPodResources will be used + # logical_backup_cpu_limit: "" + # logical_backup_cpu_request: "" + # logical_backup_memory_limit: "" + # logical_backup_memory_request: "" + # image for pods of the logical backup job (example runs pg_dumpall) logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup:v1.8.0" # path of google cloud service account json file @@ -319,7 +354,7 @@ configLogicalBackup: # prefix for the backup job name logical_backup_job_prefix: "logical-backup-" - # storage provider - either "s3" or "gcs" + # storage provider - either "s3", "gcs" or "az" logical_backup_provider: "s3" # S3 Access Key ID logical_backup_s3_access_key_id: "" @@ -381,7 +416,7 @@ configConnectionPooler: # db user for pooler to use connection_pooler_user: "pooler" # docker image - connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-22" + connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-26" # max db connections the pooler should hold connection_pooler_max_db_connections: 60 # default pooling mode @@ -394,6 +429,10 @@ configConnectionPooler: connection_pooler_default_cpu_limit: "1" connection_pooler_default_memory_limit: 100Mi +configPatroni: + # enable Patroni DCS failsafe_mode feature + failsafe_mode: false + # Zalando's internal CDC stream feature enableStreams: false @@ -435,6 +474,11 @@ securityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false +# Allow to setup operator Deployment readiness probe +readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 10 + # Affinity for pod assignment # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {}