From bf97ca20f2ab2ca98208d3660da8cc9c97c16154 Mon Sep 17 00:00:00 2001 From: Michael Thamm Date: Fri, 4 Jul 2025 15:08:09 -0400 Subject: [PATCH 01/14] feat: TLS modes with docs --- docs/explanation/index.rst | 1 - docs/explanation/tls-encryption-in-cos.md | 35 ----- .../assets/tls-diagram.png | Bin docs/how-to/configure-tls-encryption.md | 146 ++++++++++++++++++ docs/how-to/cos-lite-tls.tf | 28 ++++ docs/how-to/cos-tls.tf | 28 ++++ docs/how-to/index.rst | 1 + terraform/cos-lite/README.md | 17 +- terraform/cos-lite/main.tf | 33 ++-- terraform/cos-lite/variables.tf | 14 +- terraform/cos/README.md | 8 +- terraform/cos/main.tf | 48 ++++-- terraform/cos/variables.tf | 15 +- terraform/tempy/tls.tf | 91 +++++++++++ 14 files changed, 396 insertions(+), 69 deletions(-) delete mode 100644 docs/explanation/tls-encryption-in-cos.md rename docs/{explanation => how-to}/assets/tls-diagram.png (100%) create mode 100644 docs/how-to/configure-tls-encryption.md create mode 100644 docs/how-to/cos-lite-tls.tf create mode 100644 docs/how-to/cos-tls.tf create mode 100644 terraform/tempy/tls.tf diff --git a/docs/explanation/index.rst b/docs/explanation/index.rst index b3003cf1..68d246ca 100644 --- a/docs/explanation/index.rst +++ b/docs/explanation/index.rst @@ -14,6 +14,5 @@ Explanation Telemetry Flow Telemetry Labels Logging Architecture - TLS encryption in COS Model-Driven Observability What is Observability? diff --git a/docs/explanation/tls-encryption-in-cos.md b/docs/explanation/tls-encryption-in-cos.md deleted file mode 100644 index 2a0a9a13..00000000 --- a/docs/explanation/tls-encryption-in-cos.md +++ /dev/null @@ -1,35 +0,0 @@ -# TLS encryption in COS - -## COS - -When deploying COS using [the provided Terraform module](https://github.com/canonical/observability-stack/tree/main/terraform/cos), it will by default be deployed using a self-signed certificate authority. If you have other certificate requirements, you'll be able to replace the self-signed-certificates operator with another TLS operator of your liking, consulting the "Providing" section of [the `tls-certificates` interface page on Charmhub](https://charmhub.io/integrations/tls-certificates). - -## COS Lite - -COS Lite can be deployed unencrypted, with TLS termination only, or end-to-end encrypted. - -### Unencrypted COS Lite - -The [cos-lite bundle](https://charmhub.io/cos-lite) deploys COS with workloads communicating using plain HTTP (unencrypted). - -### TLS-terminated COS Lite - -The Traefik charm can function as a TLS termination point by relating it to an external CA (integrator) charm. Within the COS model, charms would still communicate using plain HTTP (unencrypted). - -### COS Lite with end-to-end TLS - -The cos-lite bundle together with the TLS overlay deploy an end-to-end encrypted COS. -- COS charms generate CSRs with the K8s FQDN as the SAN DNS and the internal CA signs. -- All COS charms trust the internal CA by installing the CA certificate in the charm and workload containers, using the `update-ca-certificates` tool. -- The external CA provides a certificate for Traefik's external URL. -- Within the COS model, workloads communicate via K8s FQDN URLs. -- Requests coming from outside of the model, use the ingress URLs. -- Traefik is able to establish a secure connection with its proxied apps thanks to trusting the local CA. - -Note: currently there is a [known issue](https://github.com/canonical/operator/issues/970) due to which some COS relations are limited to in-cluster relations only. - -The end-to-end COS TLS design is described in the diagram below. The diagram is limited to prometheus and alertmanager for brevity and clarity. - -![TLS](assets/tls-diagram.png) - -As with any TLS configuration, keep in mind best practices such as frequent certificate rotation. See [this guide](https://charmhub.io/blackbox-exporter-k8s/docs/monitor-ssl-certificates) for an example of monitoring certificates. \ No newline at end of file diff --git a/docs/explanation/assets/tls-diagram.png b/docs/how-to/assets/tls-diagram.png similarity index 100% rename from docs/explanation/assets/tls-diagram.png rename to docs/how-to/assets/tls-diagram.png diff --git a/docs/how-to/configure-tls-encryption.md b/docs/how-to/configure-tls-encryption.md new file mode 100644 index 00000000..6a11d82b --- /dev/null +++ b/docs/how-to/configure-tls-encryption.md @@ -0,0 +1,146 @@ +# TLS encryption in COS + + +## COS + +COS can be deployed end-to-end encrypted, with TLS termination only, or unencrypted. When deploying COS using [the provided Terraform module](https://github.com/canonical/observability-stack/tree/main/terraform/cos), it will by default be deployed using a self-signed certificate authority. If you have other certificate requirements, you'll be able to replace the self-signed-certificates operator with another TLS operator of your liking, consulting the "Providing" section of [the `tls-certificates` interface page on Charmhub](https://charmhub.io/integrations/tls-certificates). + +TODO For help with deploying COS using Terraform, see the [tutorial/installation docs](../tutorial/installation). + +`````{tab-set} +````{tab-item} End-to-end TLS +:sync: e2e-tls-cos + +The following Terraform root module enables internal TLS by setting `internal_tls` value to `true`. By instantiating the COS module with a `certificates` provider offer URL (from the `ssc` module in this example), Traefik is provided certificates to enable TLS termination. The combination of these settings enables end-to-end TLS. + +```{tip} +- `internal_tls` -> `true` +- `external_certificates_offer_url` -> not `null` +``` + +```{literalinclude} /how-to/cos-tls.tf +``` +```` + +````{tab-item} TLS-terminated +:sync: tls-terminated-cos + +To remove the internal TLS configuration, override the COS module's `internal_tls` value to `false`. By instantiating the COS module with a `certificates` provider offer URL (from the `ssc` module in this example), Traefik is provided certificates to enable TLS termination. The combination of these settings enables TLS termination. + +```{tip} +- `internal_tls` -> `false` +- `external_certificates_offer_url` -> not `null` +``` + +```{literalinclude} /how-to/cos-tls.tf +``` +```` + +````{tab-item} Unencrypted +:sync: unencrypted-cos + +To remove the internal TLS configuration, override the COS module's `internal_tls` value to `false`. To remove TLS termination, override the COS module's `external_certificates_offer_url` to `null`. The combination of these settings enables unencrypted mode. + +```{tip} +- `internal_tls` -> `false` +- `external_certificates_offer_url` -> `null` +``` + +```{literalinclude} /how-to/cos-tls.tf +``` +```` +````` + +## COS Lite + +COS Lite can be deployed via Terraform or with Juju bundles. In either case, it can be deployed end-to-end encrypted, with TLS termination only, or unencrypted. + +``````{tab-set} +`````{tab-item} Terraform +:sync: tf-tls-cos-lite + +TODO For help with deploying COS using Terraform, see the [tutorial/installation docs](../tutorial/installation). + +`````{tab-set} +````{tab-item} End-to-end TLS +:sync: e2e-tls-cos-lite + +The following Terraform root module enables internal TLS by setting `internal_tls` to `true`. By instantiating the COS Lite module with a `certificates` provider offer URL (from the `ssc` module in this example), Traefik is provided certificates to enable TLS termination. The combination of these settings enables end-to-end TLS. + +```{tip} +- `internal_tls` -> `true` +- `external_certificates_offer_url` -> not `null` +``` + +```{literalinclude} /how-to/cos-lite-tls.tf +``` + +```` + +````{tab-item} TLS-terminated +:sync: tls-terminated-cos-lite + +To remove the internal TLS configuration, override the COS Lite module's `internal_tls` value to `false`. By instantiating the COS Lite module with a `certificates` provider offer URL (from the `ssc` module in this example), Traefik is provided certificates to enable TLS termination. The combination of these settings enables TLS termination. + +```{tip} +- `internal_tls` -> `false` +- `external_certificates_offer_url` -> not `null` +``` + +```{literalinclude} /how-to/cos-lite-tls.tf +``` +```` + +````{tab-item} Unencrypted +:sync: unencrypted-cos-lite + +To remove the internal TLS configuration, override the COS Lite module's `internal_tls` value to `false`. To remove TLS termination, override the COS Lite module's `external_certificates_offer_url` to `null`. The combination of these settings enables unencrypted mode. + +```{tip} +- `internal_tls` -> `false` +- `external_certificates_offer_url` -> `null` +``` + +```{literalinclude} /how-to/cos-lite-tls.tf +``` +```` +````` + +`````{tab-item} Bundle +:sync: bundle-tls-cos-lite + +````{tab-set} +```{tab-item} End-to-end TLS +:sync: e2e-tls-cos-lite + +The cos-lite bundle together with the TLS overlay deploy an end-to-end encrypted COS. +- COS charms generate CSRs with the K8s FQDN as the SAN DNS and the internal CA signs. +- All COS charms trust the internal CA by installing the CA certificate in the charm and workload containers, using the `update-ca-certificates` tool. +- The external CA provides a certificate for Traefik's external URL. +- Within the COS model, workloads communicate via K8s FQDN URLs. +- Requests coming from outside of the model, use the ingress URLs. +- Traefik is able to establish a secure connection with its proxied apps thanks to trusting the local CA. + +Note: currently there is a [known issue](https://github.com/canonical/operator/issues/970) due to which some COS relations are limited to in-cluster relations only. + +The end-to-end COS TLS design is described in the diagram below. The diagram is limited to prometheus and alertmanager for brevity and clarity. + +![TLS](assets/tls-diagram.png) + +As with any TLS configuration, keep in mind best practices such as frequent certificate rotation. See [this guide](https://charmhub.io/blackbox-exporter-k8s/docs/monitor-ssl-certificates) for an example of monitoring certificates. +``` + +```{tab-item} TLS-terminated +:sync: tls-terminated-cos-lite + +The Traefik charm can function as a TLS termination point by relating it to an external CA (integrator) charm. Within the COS model, charms would still communicate using plain HTTP (unencrypted). +``` + +```{tab-item} Unencrypted +:sync: unencrypted-cos-lite + +The [cos-lite bundle](https://charmhub.io/cos-lite) deploys COS with workloads communicating using plain HTTP (unencrypted). +``` +```` +````` +`````` diff --git a/docs/how-to/cos-lite-tls.tf b/docs/how-to/cos-lite-tls.tf new file mode 100644 index 00000000..efe3a5e4 --- /dev/null +++ b/docs/how-to/cos-lite-tls.tf @@ -0,0 +1,28 @@ +# Note: The deployment order matters since the 'traefik:certificates' integration depends on 'module.ssc' +# 'terraform apply -target module.ssc' +# 'terraform apply' + +module "ssc" { + source = "git::https://github.com/MichaelThamm/self-signed-certificates-operator//terraform?ref=feat/tf-output-offers" # FIXME + model = "external-ca" +} + +module "cos-lite" { + source = "git::https://github.com/canonical/observability-stack//terraform/cos-lite?ref=feat/tls-termination" # FIXME ../cos-lite + model = "cos" + channel = "1/stable" + traefik_channel = "latest/edge" + internal_tls = true # Set to 'false' to disable inter-model TLS + external_certificates_offer_url = module.ssc.offers.certificates.url # Set to 'null' or remove this line to communicate with Traefik via HTTP +} + +# TODO can I omit the provider instantiation since this is not a tutorial? +terraform { + required_version = ">= 1.5" + required_providers { + juju = { + source = "juju/juju" + version = ">= 0.14.0" + } + } +} diff --git a/docs/how-to/cos-tls.tf b/docs/how-to/cos-tls.tf new file mode 100644 index 00000000..8fe1a790 --- /dev/null +++ b/docs/how-to/cos-tls.tf @@ -0,0 +1,28 @@ +# Note: The deployment order matters since the 'traefik:certificates' integration depends on 'module.ssc' +# 'terraform apply -target module.ssc' +# 'terraform apply' + +module "ssc" { + source = "git::https://github.com/MichaelThamm/self-signed-certificates-operator//terraform?ref=feat/tf-output-offers" # FIXME + model = "external-ca" +} + +module "cos" { + source = "git::https://github.com/canonical/observability-stack//terraform/cos?ref=feat/tls-termination" # FIXME ../cos-lite + model = "cos" + channel = "1/stable" + traefik_channel = "latest/edge" + internal_tls = true # Set to 'false' to disable inter-model TLS + external_certificates_offer_url = module.ssc.offers.certificates.url # Set to 'null' or remove this line to communicate with Traefik via HTTP +} + +# TODO can I omit the provider instantiation since this is not a tutorial? +terraform { + required_version = ">= 1.5" + required_providers { + juju = { + source = "juju/juju" + version = ">= 0.14.0" + } + } +} diff --git a/docs/how-to/index.rst b/docs/how-to/index.rst index 7d52e68d..55352c72 100644 --- a/docs/how-to/index.rst +++ b/docs/how-to/index.rst @@ -41,6 +41,7 @@ with COS to actually observe them. Integrate COS Lite with uncharmed applications Disable built-in charm alert rules Testing with Minio + Configure TLS encryption Troubleshooting =============== diff --git a/terraform/cos-lite/README.md b/terraform/cos-lite/README.md index 9e95d9d7..d1a1d7ae 100644 --- a/terraform/cos-lite/README.md +++ b/terraform/cos-lite/README.md @@ -24,8 +24,18 @@ The module offers the following configurable inputs: | Name | Type | Description | Default | |--|--|--|--| | `channel` | string | Channel that all the charms (unless overwritten) are deployed from | +| `external_certificates_offer_url` | string | A Juju offer URL of a CA providing the 'tls_certificates' integration for Traefik to supply it with server certificates | null | +| `internal_tls` | bool | Specify whether to use TLS or not for internal COS communication. By default, TLS is enabled using self-signed-certificates | true | | `model` | string | Reference to an existing model resource or data source for the model to deploy to | -| `use_tls` | bool | Specify whether to use TLS or not for coordinator-worker communication | true | +| `ssc_channel` | string | Channel that the self-signed certificates charm is deployed from | 1/stable | +| `traefik_channel` | string | Channel that the Traefik charm is deployed from | latest/stable | +| `alertmanager_revision` | number | Revision number of the charm | null | +| `catalogue_revision` | number | Revision number of the charm | null | +| `grafana_revision` | number | Revision number of the charm | null | +| `loki_revision` | number | Revision number of the charm | null | +| `prometheus_revision` | number | Revision number of the charm | null | +| `ssc_revision` | number | Revision number of the charm | null | +| `traefik_revision` | number | Revision number of the charm | null | ### Outputs @@ -33,9 +43,8 @@ Upon application, the module exports the following outputs: | Name | Description | |------------|-----------------------------| -| `app_name` | Application name | -| `provides` | Map of `provides` endpoints | -| `requires` | Map of `requires` endpoints | +| `components` | map(any) | All Terraform charm modules which make up this product module | +| `offers` | map(any) | All Juju offers which are exposed by this product module | ## Usage diff --git a/terraform/cos-lite/main.tf b/terraform/cos-lite/main.tf index 34b7712d..f285434c 100644 --- a/terraform/cos-lite/main.tf +++ b/terraform/cos-lite/main.tf @@ -41,7 +41,7 @@ module "prometheus" { } module "ssc" { - count = var.use_tls ? 1 : 0 + count = var.internal_tls ? 1 : 0 source = "git::https://github.com/canonical/self-signed-certificates-operator//terraform" model = var.model channel = var.ssc_channel @@ -353,7 +353,7 @@ resource "juju_integration" "traefik_self_monitoring_prometheus" { # Provided by Self-Signed-Certificates resource "juju_integration" "alertmanager_certificates" { - count = var.use_tls ? 1 : 0 + count = var.internal_tls ? 1 : 0 model = var.model application { @@ -368,7 +368,7 @@ resource "juju_integration" "alertmanager_certificates" { } resource "juju_integration" "catalogue_certificates" { - count = var.use_tls ? 1 : 0 + count = var.internal_tls ? 1 : 0 model = var.model application { @@ -383,7 +383,7 @@ resource "juju_integration" "catalogue_certificates" { } resource "juju_integration" "grafana_certificates" { - count = var.use_tls ? 1 : 0 + count = var.internal_tls ? 1 : 0 model = var.model application { @@ -398,7 +398,7 @@ resource "juju_integration" "grafana_certificates" { } resource "juju_integration" "loki_certificates" { - count = var.use_tls ? 1 : 0 + count = var.internal_tls ? 1 : 0 model = var.model application { @@ -413,7 +413,7 @@ resource "juju_integration" "loki_certificates" { } resource "juju_integration" "prometheus_certificates" { - count = var.use_tls ? 1 : 0 + count = var.internal_tls ? 1 : 0 model = var.model application { @@ -427,13 +427,28 @@ resource "juju_integration" "prometheus_certificates" { } } -resource "juju_integration" "traefik_certificates" { - count = var.use_tls ? 1 : 0 +resource "juju_integration" "traefik_receive_ca_certificate" { model = var.model application { name = module.ssc[0].app_name - endpoint = module.ssc[0].provides.certificates + endpoint = module.ssc[0].provides.send-ca-cert + } + + application { + name = module.traefik.app_name + endpoint = module.traefik.endpoints.receive_ca_cert + } +} + +# Provided by an external CA + +resource "juju_integration" "external_traefik_certificates" { + count = local.tls_termination ? 1 : 0 + model = var.model + + application { + offer_url = var.external_certificates_offer_url } application { diff --git a/terraform/cos-lite/variables.tf b/terraform/cos-lite/variables.tf index aee72671..86f27858 100644 --- a/terraform/cos-lite/variables.tf +++ b/terraform/cos-lite/variables.tf @@ -1,3 +1,7 @@ +locals { + tls_termination = var.external_certificates_offer_url != null ? true : false +} + variable "channel" { description = "Channel that the charms are (unless overwritten by external_channels) deployed from" type = string @@ -8,12 +12,18 @@ variable "model" { type = string } -variable "use_tls" { - description = "Specify whether to use TLS or not for coordinator-worker communication. By default, TLS is enabled through self-signed-certificates" +variable "internal_tls" { + description = "Specify whether to use TLS or not for internal COS communication. By default, TLS is enabled using self-signed-certificates" type = bool default = true } +variable "external_certificates_offer_url" { + description = "A Juju offer URL of a CA providing the 'tls_certificates' integration for Traefik to supply it with server certificates" + type = string + default = null +} + # -------------- # External channels -------------- # O11y does not own these charms, so we allow users to specify their channels directly. diff --git a/terraform/cos/README.md b/terraform/cos/README.md index 3a1cad12..69fa3cfa 100644 --- a/terraform/cos/README.md +++ b/terraform/cos/README.md @@ -73,10 +73,10 @@ The module offers the following configurable inputs: ### Outputs Upon application, the module exports the following outputs: -| Name | Type | Description | -| - | - | - | -| `components`| map(any) | All TF charm submodule which make up this product module | -| `offers`| map(any) | All offers which are exposed by this product module | +| Name | Description | +|------------|-----------------------------| +| `components` | map(any) | All Terraform charm modules which make up this product module | +| `offers` | map(any) | All Juju offers which are exposed by this product module | ## Usage diff --git a/terraform/cos/main.tf b/terraform/cos/main.tf index 0896e388..320fe7f5 100644 --- a/terraform/cos/main.tf +++ b/terraform/cos/main.tf @@ -71,7 +71,7 @@ module "mimir" { } module "ssc" { - count = var.use_tls ? 1 : 0 + count = var.internal_tls ? 1 : 0 source = "git::https://github.com/canonical/self-signed-certificates-operator//terraform" model = var.model channel = var.ssc_channel @@ -608,7 +608,7 @@ resource "juju_integration" "grafana_tracing_grafana_agent_traicing_provider" { # Provided by Self-Signed-Certificates resource "juju_integration" "alertmanager_certificates" { - count = var.use_tls ? 1 : 0 + count = var.internal_tls ? 1 : 0 model = var.model application { @@ -623,7 +623,7 @@ resource "juju_integration" "alertmanager_certificates" { } resource "juju_integration" "catalogue_certificates" { - count = var.use_tls ? 1 : 0 + count = var.internal_tls ? 1 : 0 model = var.model application { @@ -638,7 +638,7 @@ resource "juju_integration" "catalogue_certificates" { } resource "juju_integration" "grafana_certificates" { - count = var.use_tls ? 1 : 0 + count = var.internal_tls ? 1 : 0 model = var.model application { @@ -653,7 +653,7 @@ resource "juju_integration" "grafana_certificates" { } resource "juju_integration" "grafana_agent_certificates" { - count = var.use_tls ? 1 : 0 + count = var.internal_tls ? 1 : 0 model = var.model application { @@ -668,7 +668,7 @@ resource "juju_integration" "grafana_agent_certificates" { } resource "juju_integration" "loki_certificates" { - count = var.use_tls ? 1 : 0 + count = var.internal_tls ? 1 : 0 model = var.model application { @@ -683,7 +683,7 @@ resource "juju_integration" "loki_certificates" { } resource "juju_integration" "mimir_certificates" { - count = var.use_tls ? 1 : 0 + count = var.internal_tls ? 1 : 0 model = var.model application { @@ -698,7 +698,7 @@ resource "juju_integration" "mimir_certificates" { } resource "juju_integration" "tempo_certificates" { - count = var.use_tls ? 1 : 0 + count = var.internal_tls ? 1 : 0 model = var.model application { @@ -712,8 +712,22 @@ resource "juju_integration" "tempo_certificates" { } } +resource "juju_integration" "traefik_receive_ca_certificate" { + model = var.model + + application { + name = module.ssc[0].app_name + endpoint = module.ssc[0].provides.send-ca-cert + } + + application { + name = module.traefik.app_name + endpoint = module.traefik.endpoints.receive_ca_cert + } +} + resource "juju_integration" "traefik_certificates" { - count = var.use_tls ? 1 : 0 + count = var.internal_tls ? 1 : 0 model = var.model application { @@ -727,6 +741,22 @@ resource "juju_integration" "traefik_certificates" { } } +# Provided by an external CA + +resource "juju_integration" "external_traefik_certificates" { + count = local.tls_termination ? 1 : 0 + model = var.model + + application { + offer_url = var.external_certificates_offer_url + } + + application { + name = module.traefik.app_name + endpoint = module.traefik.endpoints.certificates + } +} + # -------------- # Offers -------------- resource "juju_offer" "alertmanager_karma_dashboard" { diff --git a/terraform/cos/variables.tf b/terraform/cos/variables.tf index a100b5d7..b054d951 100644 --- a/terraform/cos/variables.tf +++ b/terraform/cos/variables.tf @@ -1,7 +1,6 @@ - -# the list of kubernetes clouds where this COS module can be deployed. locals { - clouds = ["aws", "self-managed"] + clouds = ["aws", "self-managed"] # list of k8s clouds where this COS module can be deployed. + tls_termination = var.external_certificates_offer_url != null ? true : false } variable "channel" { @@ -14,12 +13,18 @@ variable "model" { type = string } -variable "use_tls" { - description = "Specify whether to use TLS or not for coordinator-worker communication. By default, TLS is enabled through self-signed-certificates" +variable "internal_tls" { + description = "Specify whether to use TLS or not for internal COS communication. By default, TLS is enabled using self-signed-certificates" type = bool default = true } +variable "external_certificates_offer_url" { + description = "A Juju offer URL of a CA providing the 'tls_certificates' integration for Traefik to supply it with server certificates" + type = string + default = null +} + variable "cloud" { description = "Kubernetes cloud or environment where this COS module will be deployed (e.g self-managed, aws)" type = string diff --git a/terraform/tempy/tls.tf b/terraform/tempy/tls.tf new file mode 100644 index 00000000..831a5c64 --- /dev/null +++ b/terraform/tempy/tls.tf @@ -0,0 +1,91 @@ +# jam cos +# jam external-ca +# tfa -target module.ssc # since the traefik:receive-ca-cert integration depends on module.ssc +# tfa + +terraform { + required_version = ">= 1.5" + required_providers { + juju = { + source = "juju/juju" + version = ">= 0.14.0" + } + } +} + +module "ssc" { + source = "git::https://github.com/MichaelThamm/self-signed-certificates-operator//terraform?ref=feat/tf-output-offers" + model = "external-ca" +} + +module "cos-lite" { + source = "../cos-lite" + model = "cos" + channel = "1/stable" + traefik_channel = "latest/edge" + external_certificates_offer_url = module.ssc.offers.certificates.url +} + +# resource "juju_integration" "manual_ca_to_traefik" { +# model = "cos" + +# application { +# name = module.cos-lite.components.traefik.app_name +# endpoint = module.cos-lite.components.traefik.endpoints.receive-ca-cert +# } + +# application { +# offer_url = module.ssc.provides.send-ca-cert.url # local.ssc_offer_url +# } +# } + +# resource "juju_integration" "manual_ca_to_traefik" { +# model = "cos" + +# application { +# name = module.cos-lite.components.traefik.app_name +# endpoint = module.cos-lite.components.traefik.endpoints.receive-ca-cert +# } + +# application { +# offer_url = module.ssc.provides.send-ca-cert.url # local.ssc_offer_url +# } +# } + +# TODO +# - Document + + + + + +output "url" { + value = module.ssc.offers.certificates.url +} + +output "traefik" { + value = module.cos-lite.components.traefik.endpoints.receive_ca_cert +} + +# -------------- # Other TLS methods -------------- + +# module "manual" { +# source = "git::https://github.com/MichaelThamm/self-signed-certificates-operator//terraform?ref=feat/tf-output-offers" +# model = "external-ca" +# } + +# # manual-tls-certs +# resource "juju_integration" "manual_ca_to_traefik" { +# model = "external-ca" + +# application { +# name = module.cos-lite.components.traefik.app_name +# endpoint = module.cos-lite.components.traefik.endpoints.receive-ca-cert +# } + +# application { +# offer_url = module.manual.offers.send-ca-cert.url # local.ssc_offer_url +# } +# } + +# https://github.com/canonical/lego-operator \ No newline at end of file From 557c9e42bb71f7e468c87e838db33c11893c97a8 Mon Sep 17 00:00:00 2001 From: Michael Thamm Date: Fri, 4 Jul 2025 15:31:24 -0400 Subject: [PATCH 02/14] chore: remove testing TF module --- terraform/tempy/tls.tf | 91 ------------------------------------------ 1 file changed, 91 deletions(-) delete mode 100644 terraform/tempy/tls.tf diff --git a/terraform/tempy/tls.tf b/terraform/tempy/tls.tf deleted file mode 100644 index 831a5c64..00000000 --- a/terraform/tempy/tls.tf +++ /dev/null @@ -1,91 +0,0 @@ -# jam cos -# jam external-ca -# tfa -target module.ssc # since the traefik:receive-ca-cert integration depends on module.ssc -# tfa - -terraform { - required_version = ">= 1.5" - required_providers { - juju = { - source = "juju/juju" - version = ">= 0.14.0" - } - } -} - -module "ssc" { - source = "git::https://github.com/MichaelThamm/self-signed-certificates-operator//terraform?ref=feat/tf-output-offers" - model = "external-ca" -} - -module "cos-lite" { - source = "../cos-lite" - model = "cos" - channel = "1/stable" - traefik_channel = "latest/edge" - external_certificates_offer_url = module.ssc.offers.certificates.url -} - -# resource "juju_integration" "manual_ca_to_traefik" { -# model = "cos" - -# application { -# name = module.cos-lite.components.traefik.app_name -# endpoint = module.cos-lite.components.traefik.endpoints.receive-ca-cert -# } - -# application { -# offer_url = module.ssc.provides.send-ca-cert.url # local.ssc_offer_url -# } -# } - -# resource "juju_integration" "manual_ca_to_traefik" { -# model = "cos" - -# application { -# name = module.cos-lite.components.traefik.app_name -# endpoint = module.cos-lite.components.traefik.endpoints.receive-ca-cert -# } - -# application { -# offer_url = module.ssc.provides.send-ca-cert.url # local.ssc_offer_url -# } -# } - -# TODO -# - Document - - - - - -output "url" { - value = module.ssc.offers.certificates.url -} - -output "traefik" { - value = module.cos-lite.components.traefik.endpoints.receive_ca_cert -} - -# -------------- # Other TLS methods -------------- - -# module "manual" { -# source = "git::https://github.com/MichaelThamm/self-signed-certificates-operator//terraform?ref=feat/tf-output-offers" -# model = "external-ca" -# } - -# # manual-tls-certs -# resource "juju_integration" "manual_ca_to_traefik" { -# model = "external-ca" - -# application { -# name = module.cos-lite.components.traefik.app_name -# endpoint = module.cos-lite.components.traefik.endpoints.receive-ca-cert -# } - -# application { -# offer_url = module.manual.offers.send-ca-cert.url # local.ssc_offer_url -# } -# } - -# https://github.com/canonical/lego-operator \ No newline at end of file From 70c24beec9bfff16fca7a1f23a06e7f3937dc574 Mon Sep 17 00:00:00 2001 From: Michael Thamm Date: Mon, 7 Jul 2025 15:18:30 -0400 Subject: [PATCH 03/14] improve: Replace the TLS diagram with a Mermaid diagram --- docs/how-to/assets/tls-diagram.png | Bin 53539 -> 0 bytes docs/how-to/configure-tls-encryption.md | 119 ++++++++++++++---------- docs/how-to/cos-lite-tls.tf | 13 +-- docs/how-to/cos-tls.tf | 13 +-- terraform/cos-lite/main.tf | 1 + terraform/cos/main.tf | 16 +--- terraform/cos/variables.tf | 2 +- 7 files changed, 74 insertions(+), 90 deletions(-) delete mode 100644 docs/how-to/assets/tls-diagram.png diff --git a/docs/how-to/assets/tls-diagram.png b/docs/how-to/assets/tls-diagram.png deleted file mode 100644 index 7a90f48ceb542df4a6ed13439f44b3f777e1ab8b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 53539 zcmd>G2|QG5|35>e)kKk!v1i}2Wh{jVrI0OQF!p_&$(~A*HCq%alzqz zH6+{roH5gN-+SMC@B7~6z3=~>dp|kzoO7P-w|#%hGkzB@$Q{^wY%c%+2hPdMr~tq& z1OO0??*4YamS{sqdmC%;5^T4!F)}kYLmO?~n_DSsIB98MjU44sav0~W#XDkc(Ob_Lp`FbP!I|(g z3&=9_o(A8C{uhuoGDDfzqpZL$)+lhMxKS>Gd&UJ$2pYuHb!VmunQy1R=0ctLMOL6HNtMShzJO5HJI2F#=#E@ zHK>|h!%v70oGdgM6DKnxv;)4kttLks8%sws+aEU?+E`nIJoBRmQTFyWE^;Ehw%*#rYIvD zm#z14P1~umwU30|w70PVyW2*z?Y9XJSz)Bnme6Js_7Oi0$V~tGyWe-i{=4Y>p6)=( zLBw-LSvukOk(pn}5?s?61MtEGy0CFHMcZ?Mq75<3);)0M-*0bq;NXZQ5W?QZ$=V2~ z13(@=<6>&&h*q^lf&48X;{viC*kCL!r!CD)AUSfhfgboy0q7A2 zP`_B92{Z+{8dM6nIfJjF3GBPoWQ+P?S8yBk%cS{%KyqkM6*$^s!L7jeD1zTryflD1 z0^i`WjkySIrrY>R6#pCw&(9{`yM`wHTWAhGgJ+pvo<5|I|ADjcBD;;88X6jZ28I3; zB;XhN84?h-`)@-6yc*p`0)o_h7a5!^aXH#>*%&yW?VUl*|34#ELIib;mn%_$pP}jB zPOLz<@DEzj(8l4<5G!LFYe!YQD#htOf+_mXDMA5AX+f(eXhL3sYTTv?g$bg$T?_>X zwEmB%LJ$!`v)*QyZ0sFPZA@&eQI<+JkeR_5Aak^%BNmTlP)?3Epn2J5p3oRGM@{^b z(6ttL4MIimA?TY7WGf&ehx-EU5AKUKXh@)!zJJ+ziy!wIbn}PzaNh_o{$MyEYNL%n zc!OsJ(A1kbVpY(VC`S-(%KmWY4BFc0Gz6Z&;jC?}K^qIToCT3Ie*CRXfcgR(z%O|C z;9%oqkF&^N6Nq@BjdDcUo1pR7i164SVNdOGvj&yi_VNEC93i~5&~2L8(b7TB5JDiv zAO>*+(JKM_*#C%ggzTIkn0Lm&#@+~oLWVY$Huj(^13u%7vS;Pu+TP9vJ_mM#e*?V2 zVJKEx(AVJN0o>mf?Sx#6@TWKtd51&c@i-0pxPr#{W7NBlLqq zWZyC3FV8>#bU*)X{3e1Y&kt}M^lw1^v^Lq!ns}Z<{YH)=XptZE-*yf1L+ih+6?wUZ z391lMaX78@8`L8HElBs_G$Y8BAY=biwfN_#I6gd7-p<~?(`5kJ8xIuz6lMnXJPLA9 z2&{~kZIG3JnIX5Bc>BMQ<3JD$yt^Yzz+rf?s@tUauY;Vw6(0PZ0q2$&{T4+Jsrc^*?Ryjt zG|9XoqIgq}*C1S=@__WmpJJqcFsuZ%^EbCMeE8ki#-a{rOJgwJYi;IeWB<2Bo?G5D z!6k!aO`QOLXc!}S})HpxN3S|vuf$X>Bf17Fk zA@Tw_&A*be_%Fv#`~+O|_r_27u)sD7f~p7%Z#Zz-f*}|uP&xgKNBrBPEPo*o`>v^e z2>U^*3bIDuBZNN_F8sA<;UC}@6HxPZAod3;r{8Q~p?UmzD)e`RRrv6J`8JXNi_!S^ zK*@gv6A%#kA7P^YMqGeT3H%eCg0i*Uu2QyT4hYfQ?Q!0JG5!mJarXcA=c>D%}><`fmZ>KTSz&OGoHA+M}!;j3K;&FUf$ew(<$M1Om8f zL)6b_5eW9}hj79l7W4hLLcZUv*tEsDKQ+R8l8}wXyTN<{1R(h9 z#&=7=w*R|b*zh4_u+j>@>A!P?e=)?1Pq=({{(pJLe^+{j51*g;Cph8{7q%Zq^!~;` z5|7rm14%;p;9rU%ewp?^X5c?n+P-^P1X3*iVlmBOEFMxMr{-4nvztU~W z1Jv-2Xh8ukl%W-x%LYswpum*o|CAm02alZZzr%?CG+h6?*;+-FY z8%_XT-w#1-OSck)@NZMC#{bhev=SOTn``v@_WS1#_x<>c%NE}IQ%OSDZahhT^N}My z!U<7=YgOUm;uH&tMWLDTFr^+hj`^j{vvJ7NNHJKSRf##<3Kf%$-1;wiS&b zoSokWS^sD0Nl>1DXL=HtX&cP^iI)6nZN@g)+xyeA3gBM5@Hbqo!E6aljAzwRDF&k+9qxg->UJijpN7Nq(&M*RyjO#(ly9RAn1 z?6=^}|L-g(DlGcfbKK7i`d`6tp!h)&xJ|9uqpfTl(RwcS;4e7*ObNn&F6{Qh30y5g z74N_9(0#AH`ypJ1D+PuW$JV{yeX^F20^RPz{eks$gmeop_esH%cqH^Et9F9o{+k!I z6E=PuGlM^*V+>aRa)I@~(1Fn3<3?`B(f&aIkM1Sor(paRh!E%==#= z+E1_(gn1yI-9|J*if22*BRocs)4$YXC8T|~Nu9JQ${zPqR6k0*{jd5re7uB0jwQ68L?h_fMk=e}kWS`iY^B;9u}J6Mq+0!He>r8ejdMR3iA?f2Wu?&S(E8KhsC>=YRM? z#O+mAxVwa(VBETae*px5V8Rvp)jvw@Y4CS4-Sf`LoL0m1PW5B;_q)*6&e=>igvj4s zWz|l(L3*8Tx>L*K%-hS%y{ue`+U&ACZy!HzJ9Ve#vc^HC8%*K(9c|AsRhLb!Ix#Ux z$~m~jN;=_mTuZ{i4F%gwfq5x}ro`;U?v3i1dn8L<$imelDQGAtdwVb;MZx5pN_f*zwkTzjAv` zl|?2AInXM=fEw}E5`p_9rfe9?%?W%EnWZ&!X9~vk6qPq;iMSxGT@7hP#s$>U;wByYpeV1DN9+m0~)HCdV1tjN(9 zH^pS@!=7=??++g1U>Lf9h}tkRb-A2!ATCbcVSX#dXBFoCssT{^*zn zEA%0C|B}#>%ola`{jVM}98l%cHlmHV^QG)XCOcN2vRpdE5Tlnc`k^2$j8Y127v;g* zAsbEnwwmz-I#mAh+SRkYIwIpd2fiQ^NJDeZ34bBJJ3;yNwvxh1&lPqP1X<64x39)k z*L5Tq+BcRf&$}Ewu)ltV7o-;@oGXzA@H~2_LPZUhDvR53tsPSbdv0y0FzwvU2yZ09 zU|_e&wRU|8GqHVr;VclvYX7xRes{3e`II4&kT`G65Qnn}-FtpR@m+j#l zgbd%~#t@3pOqhP^Dgc1vs=$C-=WaG$sYZuxaL<=>`upxpnv5@yu}I!G01v@!b3Reo z9ht}B9Xqpvki7c_P^+R#`!moSHqd;GcD)9rF za)_wJIosFjXOAf#pjlNlI_C94g+ff`vG=`V6$kg}N1PzR6c_ioB{&|NeN;Esc<;@{ zK5c)Uwx;mKmtD#8H+(s7Y@k4X*^l@pcNY3Esu^9Xp`>0Rx+1IlRZqqY+QL(aPXCg) z`#Nz*Ud3V9=W4sLilU6RW6xM9lu>>Vlbm*INflE077^YI<2=4NCatLv%y;_C7yMhE*}T39YJeT&6?^ zdHgkT?n%Uj2r{yec@}RGl57r^#62ClaVl;ee9PUrLNa$_n)DG7tWnM*R{0C0SaB> zoR^}F#Gq#9SGIz}TNf@%tmvc=b$67=zd1oxS0Syygd?x%8GjnDA47%L2}yY#fkdhDs@T%Piqb&5yruWL|7&7bR-~rxh_`qrGL0NN z>O60oU3Lbq`ivrVdN8ldd~yNsSoqkGNL5#o#t41wX-xdGr-2`OEEZlvK&Z&1TuyUK){hx#+D{DHlD z_s+ADA3l88@zvU}p2^5We0==r1Ea|?fHOrAz!^H!zpEhMsb{CYzT}o!xfx9YNTntxc)H%TaxLTa?n`gV!d&vlKmGr1eaIlxNZI_|vpo zov1ffGEWeF;fUFzlVx^)7ZBNE418@JB-%1olcOk~yJwTSIDl5U*l)HjFU<1X$?+Q$ zvJiZbnmT57K=NIMwDV?jW%%to`DMfLjYMA5nPPViPi7wgg2#BnaQ3j9as1KE+s`qx zw9^BRu3f}^-g*vJM16MDe?Zp|NSUUfdt@_Bk))q29SP-0k|)E zmzQ+@TR4&YXZAgSwOEM)Vmh($zTkt@rX2_SI(jTj`CEq*k38&s;kWw?^C%nH(TA*L zQbvcm_$#`+qav!0r?%{PCsT!F6%!`oyWlN(Ei#8^A%&>q>5_}f=Wi_frkB&?sfn-4 z$Pk~g5K+G$ZFWrx$F!K;$aps!APQ~Rm!PMij3oh_>&@qFc>;22Xhh!_QyNTNxz(~@ z9U6$>PN(FQoDydxdlYJ4;@MMGM$SwWWA!2}PUErIQZI>R;79g35%B&SWSvspa=gs& z;be+W>AmxTO0bfL?-kzZCUJzBL^e%QV|B`A6D`I3UXwpJ%c<0)>NRk&Xcsiy5W4zZCbWvUQuv5+0<_*pi^)(CL$t2-Hi8|TFpb`yZk+`kJ(vl_U>6a8YvV7Hw zibagSRaNI!|JlL^GQ`~wv&*MKU*s;r!)0*r*7@CD9d#ofvJrZ+Nu?pa2~($wFtfy2Qtu@XJa1b7 zjHXB7)=6<9?*RZSyi44X51)o74go zM25&qn7+Jh$6U*f&?`JbH0d0H^((zT>hN+EQQgEtUYgk2!m~?s4is|tF;r?hq(WT{ z1>lpV&44YfAGlHbNDsl*y3Kj8tzF;Vu8CVYo(FMLFSgFL^ILObw)2e4`R5P)cgJK* zcAeymHa(@?mArEKMXYatkhoCu;x#guwc?VSYQ6CdyMU?FW1l+K*h_tBy+rx#T6#^a zK1E>*M-tQD&F6fE?~XiFPPJO_cq}r*DF*p*fp!bp2g%)UPdW8g2hevgGznUAJ-^vS z>yPXYoWz#be7itV^S=CMETTI0YOAV1Mu>RbI|k)~VevH}A&6^I#r@q$-_)^tie(Zr z6KOZ8^`g&?eR+DkVgF0OVq{Q9p1SOk*mKsrOMUOFZSqf@+7SIfS-G4V5S?VUkZY5| zYBkR4S=JTAiqK z_9d7kSy4HqF*Fd$6(|U9rml)=j&$lHxs(odN3`;_fr<)1vIBm9H&z`=jqzvxp1(9 z`!d^NDKt-uFcr4iaFy4OdX>*28ik)cKcJ8tpk3lYk!Zi4Pg&^2+(fQPOY9O&CN)F_ zR#rswT^oj*$;%5S!w)4D5Q5#PShlt)7}G- z3qlC)Zv@00;grM_w)HRHySW~1w7{!KU2JETS)-j0Lb7mv0i|1TM@95j6icztMOTZ7 zjY9PTB{M$BI-#cu)i=?=!MLG(rsj^hLz8jF00v)gk!nxICM86QxzRXpdoe zKb)i;b4sO>JcWAsQ2hQ2Wa$$dUwAXSIGjU!wK^1<2s=FB-RAQYlX735nH<~Z5mzeF zVcG(t)tNd_1Fhdr2vbSTm8=SWI&a7id7=o62p#Q}w}e#m*>vVHW~S1?-zED`tve5kp|9*M`i1E=VE(5^yf{+ z0b^ea3%^>wowIe9(dycD#jE4Z<>T+fXo<6$vuD>=X6Z7;*N%78&s68Fd`V1O;XMih z6nZ#PBq%#&T{45g%OB0oqx-gQ;UuZZfeL%A>y__)$eR>R#KifQ9WY|0;f1A28u}6E z<-g>Zyi?7=*3CM^9qnnigTHWX?q5ojvj7U-y`+PeM6oi$Z{G2x$!Shm@~lJvHK&g6 zQky`P%Lz@26DzSq=0r9}Cj>W%`Cfg|C&hURk2fvK?fqKpR(Bkv4_T?KtbLqjz8QIR zPx;fL3VmLxC14!+ss8LCc#ooqVsxPIb9TWY8w1}!--6F=Fe(qRkKLc8PMuIZ<~7|C z3PE7$jrpvK1>ebV8CS*@h zI5>L%?>y|Ac3Gh)e`H;KbuzO`YndC6hzQUenQ%s0m~kVr`dZSBCTSAS#z-y)Bh$jJ zw9|TLJ$=wnM#V-}zRPzX4h06&BB_GDqH+$UGHJW)1F{r^G#n08q%Wt4s3SZZsw(GT zqsNh_Xr!*+u6wiFZ-+{)nqwOO#)*U6l1r@9ohww>uQR9iyHe#k?`3zpatFl1vm)~s zbCz3g-yNUQ-E$zvRf4#I8KI#Vxp&V2=agtWt5Qe*i)7?}F)xLDj2A;9%yu7XiRW_g ze@hSFyn21LXf4jM%$2@Ge;3IAgLWg2;9h9{BjpTQ0i)zWJWQnJGCdZ^qQmqdQEYm! zD5eh#I=g@<&ehkIp2ArDjh2;n1vhP_AvbH|p|7wu60-;1Sm^>>I~7;#IMF8R>#fN> zS0}P_V2Nbj=e}=*t{Gr0;&Qq$4aib4*m5N(%n^@a9ReN-irPnKHYT5BD2w@3MPr}6 z+YMZ-BpJ-1kowv$dHOWYRh-I}Ec&u40q`_n5AELPFq_rdD9!103jGB4S=KMA8us$N z@^p_yS;xY~*L9Wm4k+<%IefWlh>~kWADM--R35|Jj6j92SSx*`_%JZRL26J`^~7f# z1;kBaXO|U7Y}<>(ww#rH;}u;Cr!pebcTEMuy{|YaA){<2Fi|`+fF_+lw$9L-c%xmm zsTneis%Js6D4l`1aejc*B^YL~MZCPn@=cOn!0XGMKt{=wg}Z(v3tTjC&((8MA7d^^ zuz~x6QNEV>K($t@lPH$ir$t7d$+{zthW}~VNkx_|vpxlWj1|JX||u9h5$xGdfziROwyBe6`@LJQyv^DKX6RE79%qc$?HFWO0QmI!|F#gR4xXaJjehs9T`&70ECd7@M8bVI^Tk6uOqYE1_uW( zUo3M3n-9Zx9^BfN-x}Ba&8{}zA-IIy&NeBwsM-~9(6y1l)>|bqh$z{Gi(eVwoST^L zU>m&?N;nosyEqrDr;!51iWFv-mlxQAORAs7f7;>?&Kc(F!}7#TNx+sn{!gN^-HaSu z$x_#@gzn8cJgu=*I6tfSp*|4(jTUy0`^|`V_L;9*YM{}(;S0C)C%J2CbLEQ$6g~j$ zLoxHb8@X4UPQ!c9PlLE#DKUKhg5U-j{Rb%E%?MA*uM?}G4RwCXsPodZ=ZWdlVIUCB zIzI4b0x#)%A`6>k-|1brI-B6X#0bX5v(L0t%H_OvW7N4Lyk>O!YJids*Hw0=likVY zyVTFUelN}Vs@na_l5pbmy#`@5{`DeosfK9>7kJNjv@f*s(@?Rk&fTnnMX|bOD|`cX zM@D)z<_M8^qvr*%`Zse`(`P=PPXb-EmPvl&WMm1O>lY;Fjx3dYy5YlKeYACOP38}< z-I2_|v2fy9pEP=SnyrxX^ylERqTwc2-AF#g(LvRoXXEsHrEbUop6(rsW-K9^X`vsd zT-V%yss{G?^0XM=)vMrxBZDT`uCJ9VDRKATgZhF@WMHt<>{TxhGi53hrB>W+I(VZ> z%vH0qAvqccwJWphJCx|MT3pc&t~`v^ee-!m()(_vg_y?iP2nUz`Q07QaxN@7Zf5Rr zDkh%I*b{%w6XT)w0ju&XVXgATT?zz(zdl^(W!u^#rLMWwiVa?`me<4_oJbMKI4ecO zpT9>_L*yOEbNn{jSU)=|#>7Uyu)n+M-tpq$`olf0Y`FoGEYzz#XQOHZm+Q(sLj2`( zuIy2c)F|tvU}xLR;x@eLOTrmO+6A+;=X5_`EA10{v^@O<`FVuq;K1olB8`V6K$P_+ z3(><2Vt31C;!2Le8=qZ)mtnMg$|_k}ltdp@Dv?VpJw80KcG@??NxKHLSlYj~ed+H) zryZONUU_lY(+=anMh>Te&zzeHcladIpgmu{cMqK9yT^D?bDva}u-9Dm+(RZJ`4Bj- zvI=kSlD4*XFOjI>#-Tn3c3rBs7?E9hL`afXjg=24`PFY@03oDa^P{PF!`1~`SIeE_ z>^!vjv=;wa=E#=GjZsYJ$E z-OKN;sv|3RC<*i}PHTW-ZH+^i!U0~g@}Tskv5~>TCRgChD2p3MSGKwV(D*5>(I>Op zDcx7i_k{A9+Dggq?|k>q#8}`|#=_1EB+U=K^X5BSCIXNqmJcl@Wh8r*-viNgtm5#^ z=iH#v3u?1rdWUbSf#_X&QrrlBiHuJdM@#$4^Tq;C7Ydc!HOyl(`}T(R^(p<5s*l*O zPo0iJfk-H|1f`}RZB|KIkfv^Hh|AbCd>ZphQz_z$N}SDF@?Hg_O*NW>qx3wGd~+lq z4_}8eQc&0qN^e1FDrl+v=0}`24au37Hg+kw-=~g-?sKLT9T3>(<=dxhIh14!J-hGI zt*#d&R8Aj|`pv3G-*rO~Lu1h<=duHI`N_Fmtws;HJ1OOp+vpDParuj?$L(RNuODkh zn;=}@Ck}N(NdkOJT$STk;d8Y}tvhsGmE9J!S)z|qs~9gSaEb}Zvo|UqH+MbwC_nrF z+c3=%-D!g+9{?akassb)=;o(nw_D%n?RsYyA1k+*z9*nQk=V37fI0@Z%A`r>T-eDp z59)3X4zKZ&uDas`)SHe25$lJU>cz@YM|bH&+}s_$8*p+3yLR#c%DY$&X|5T~#}8?E z#ZdIpspSJ7>h|jAJpgz!FeikCA=+pukQg!A_8VJ*46mJ7Q9fai{}~1pEM-2_mxTG{ z>@8$^Bo*B#^{mMXU@Q%$%YJbhu*2_kev zn=<*n2Zs$m!%FD%VDdC0tfQ`CfpU*!h$4+1`H{E)yR&7lSA8OZ9T`y^zA?=R(~o|3 zv1m_P=pilSjn{V8);O~sMyepY zU;(n{FIXdtL~Wm_=`qQtVGjaQsU-Tz$7wa!_SzO3^oe1pCM(jL5Nz=5(5Gu)<{&3} zdDlTyyVH8~E!jhSt)H19UZ2@f$knrOo-KyVWp-c=jS(o2mJilkpmTh%*Yf#9wp~V- zzlciOQqJ3^_zD{p-u56lr zd*@?zkj@(r>U2rrUD}mZW*G9=$^}eDM$&ZI8|KP2`4n#wk4Yn<7Q?mYCAfDTV;83V zVkeRMTKRmgTyrHc?GWfo=e~N`F}=R98{S;mq%c{Sd|!4Uo|)-5GrTdS-m>%=fcaV| zS#UDf65(cGfLM=-B*+_QX7_T@0bCS+y_Sc@u=BO_s2mF-6p;`@ z;jIkO;sp8%Y8Q*f20O4w>v6EEQ@M23Y1Dl|eu`W+doSCz?qEn7lcR zC@di``J*O!?L2UV%_Yn-(;4SO2HG6AJf8$QKOSV}%smeLrJ zCQ~Yu6uGN)2#!e-=S>mO~uZf@L5B?8y6R@w%8=Qtg>6gvUDBqx5+oe0S5*+F^d@+hadgF5p)1$U8d zCmw;$jt!sk7|gSal6b5^44|x2f>5PlXSMY6Ixxob9ly#&XZBC#x|ddYm8~<;eL2q( zcbM>CwCjWtBU~P#^*+0|>I#qnUv{1>QrR!{sjxnf!iQ(h&<@P~8;c{6cOdrwr)Y6> zgeJ3;@sp1NH{N z+-;Jq`&jxnfF*sS@7E-yAk>zy_*eGhRZRY@3E|IkTGcxfOmF28LsG$ z@gXlk=+lD$n*oxa!@C|6C&~l({1=S-ID}t=w54RCw2-2l5j>#)?9{}#4 zlp!_iZY&UaE6icm98nQa3#nA~2I(`G$jBz(4^mkf7)ApbbCbI-+frQlhO2-8@2av< zIINrx+41F|?*xhT)dbPN+f%p92N&215I8N*2KV%H+wrVNOogZC^={yhEGaEz^6JF< z{nlbQourL$_Dd7oILt$C?KYn#>p~V1YNIpQiL<*Lqo}8K^HXuJV3tSr$bEY(6v)ta z_ev0ClG4I_{TU3ssGVG^ujYh@04MGoZ$KVBke8lU$80Tu>-hp=fJHVEaf~60AyQQrwTUVbcKYbJ=_s#~I z#ZoKwB4wBMw#ncwA@=*t-XflRaZC8g-u#5834FfA@;|(^rAvNgP^2kK1{($MRs{|f zwzVK{f*H4V&=qtM5X4_XLIhHqV*cRl^n>x}FaDPm79V^;4U?LvtsN{&I$a#50y}iX z$*jX-HMt-QSz1B}-j8Iw4-?Q%VKqvro?1$;u@()HxA-abfeInx3 z%v*F77CT7U!#na9^b{UiwX@0YH1!SFP71iJ;6#(8Qe0}QmCVuaihiim=FIB!;tlIM zO%IaE`~zF!`{S|*&6jfrId1ZL&X><~Eh?&gowpfx1IsPS-ac({pKZOumUt%bNs5U{ zVux}sLtko3>a9MLxk%-l~R#{i6oHDMT*kR5HpL}jr zvwQ-*a4`9NkU#Vh%k&&qiIeyyb{FYLl@xX=*HT8+s(f)xtSIc-#FxPjE>>{@kBfY7 zhfS@#m5|^`3nbY*Q*fz{xIvN4Lau`>WS8M9@@Z_N`&_FcTcSk!g`?QpU6jAbG?nGQq{hpTk0-%9qEysGx;(~i&MzVp46JzQ}v3kTWWjOKn=S)+qf zmR@>(vSTqaT4~+mTKf@I#I#uClDp>BDw`z=iOV=Lt9MkNqma?&x_}MN zUaqbzpNU)E*PEJyxya|Uwx+i#+h5`H&Caylc)fr%vH9hcm|CsRN?=DTX~4I2q+67V z=Y@%Z)psQ0hz;s12W%n^V^IQeJUEldG2x3~P*xUS^?EWBM54HPW`?U&HluZ{GO%{=^x^Z?HZ^ashfNVc>95+LT(?XMoS zCU8i*JZjB<5iak48T+7WFBZ5EICnU+VC5`SI#4H#ni?9hS2_9hV(fT!r@tS!C0(27 zofbyiJ$ehdc=_~9l?Bv^$EATWi7fn8Vh7)m&!lkl}N3Vo@QWg z0rg`=j&{33l_y%_g6Sv{VEMpK&s;l)HU}ZkJ_c}cnkq+FA|oGX($sf}rpJ;Dj1?@( zzL*8?$4?@`1xBd3*@QeTD~WB%4J84-CYI%@#WhDJr^osp;Og%`<_WLzzg?I3kRj$h z=fu*ha{!?vkxpkSU)?cQ|2VI5{d(K0YS(w^=O}d6Jl-n9w(1hkF)0a0fx*9-eEKiz z%NntDn|`l-vZ*DT-8L&1k9<|iHAhIC)Ri-T5a?^qz_94u_mY93ZRhSIF^?H6axu2f z8QLldB@ct1gq1#uAu_d6%a$O%B73F>FQHgO`1s6vr4kF({OE(q`3svk^|kFw^)8BgAZVN`-h9C7F! zMcM@mc&;}ML*E;fUf68pquodD!}T4&I+RwP1sQU$v-3>0Qbu_mcW_mJhxW7|I02tR zMVv#-`}sDm(FVUBf6Bbjs_h1p>wyXC+e97|erI;J?`*unpfe%|sLIH^8uNQVyq3sp zt7cT>aYtR{NV!A^Z@>P$J{lXu{Y-9ehgYH0e6S?4YA2Dv^l-taF^iahVtoy+TFOVE z^Kc8^hS5RM;q21;Uq>+GD%a(iQtDJIpidmVj!|5!ucB8O(q!nguq;$R7>rwBR*tUr z#fw2F7Z1c|o<+?2`o8R4pR-kCxLX|Wbe~7qavHNh+X)4XCx_e+^6cC^gV*cc9Y;PV z2SW@jUbZ1sQ}jjH*7I|B3ZKFzWnMY@fR$mlLwx1xiGhyK%X;9HMo^KrKeQD0-ILz^Jz-27ke}ReYz1V+73)uM=DCQ!PZ*AMP74poIr@)pigeB~xaQ zdswbff{Jvvz8TGU=sFK@OTGHebH1pvC+Z6pAEq|%ia#6flu|&ZRS5vq(ty$-FwB@R zf8l`V4kAIvuoBOUzDR)A`t?zwwZ+E;4*iMWiZg;(Cwukxd9@x3yqsiwY`Oj-*_>Rw zv#tyigPKaPXzneCy!-fU;?2`CYfV1W4hTYxEzk;>UBPq_hN!dPwbITRbA@4y!gNZ7R#OKkvC~@zusR%a2^@(Fn>md zhr54QeQv|pVgNG3WNsjTZA@WYtIl%x+v^&Se6l1|5!Uuvb5^ESa^LO_+a!l{8Ck^q zAgu>JQf)0`78@#0clrD2ma zxtEF|Zy`DGC1WRsbO#|jdgo#O+xG#=Bq|Enk{1#bB8SMy$?e%MJ%-(A@P3ou)z;QV zS$A|ei;bS1Uh*Sm7G`@kgOojuD;6BU{J+nl@Cx|R32RPs7dNUG>SEIW>KV)E- z^P8vk((K`D{gVGt?{4J-8KXOaBzk}!`Dp}VFTCr0I(vT0L;eqZjSXMR{FPkMDR!A7 zW2l?Qc{5y|g$G;>$RH1RLjH)_v9<(4%NApUd3%A@r<4Pt2rp#^u)c?P3g#6PVuj}M zy4zndkL`S&m<~kLKMJviihp<$sCIO`~$$7FvPa9U+T7HgUnhfx-;_qeA}7LePv6T6b~Bqxh|ZN%uGDvgd_F0cQ zpD9n(MvZOmKGox~`wMb^-lpmKg0>T?F!z8Mk^_xJ5u`{XF$dV)?F>*8J( zl?@{5F`*GYz8voU6mV^jwQiVSP^^>o2)o#1_If{T>Mdvguzp!DX<%jv zzj7#PW5fgh_2->F&bY0J$Y%GjCynd8zFjfY@BBsmYRUEG^|V;N#K(%marRtFg_Ao! z3=z!;oqkoOcRT~LJL9sbjtHi11Q){Bv`*Z^S$M62jaJqA~D0|m8$ye1jzUkG&* zB?M*+4ZL58nz-}Crh}UkX&VW-|D4ZRSBT{g7mNyPoND3MeeBV7DX6zWUC_BV;Nohu z7-`4CvzLO8E{V1m`M|-V2siq3fR_VvtnM-0rz#48hD{gxTpk~ZwDu8rXu+KFy&7f7 zf7OJRDJD>`Cn$JuTtXn{=`g}^`9bk##h}h4!=|A5;>20r+S=-BmsCIBEsI7Zu6ylG za(c{dx{Jhw0#L6+WwE#ZA(!7l`YYJCwk%s0AV;6{3Q6P#cZpUF3^?bWp}tX1IY6xi zON%&^wCGPW5cAt zzR~?adCLd4wbpgLH|8@nPb)DDR~F7IDk@IuQLLgvu>DhVR5p0|#9FC8U1n;5*f>cmi9h991Gy zI@cE8E_1W~yngrt;4w4m>23Kn64LvC@oOhQDj?QHv{U~IiOF276|z%JNVoR=&Q)|O zZYE>sZ!_Ir!wSC&g`aHCPBQmY6fL^3Wm*~!%G4!2fBxK%{1zho(Kw39OZ0Jb-5J1l zzTPK%1{cPYhP|yNk$P;oGfR#1XeNU?Gnn`gWvtDvDcoQe-7~OgUvuT<29UL=cD>3V zDS_Bbh#s&N$Vs1))jKe2X3a~r|CV?+&zmvB^Gl3d>c8)Ftu;v-pXjQlszKPzSzCg| zIeJ~TW;jJjHt2*X216|cCScjAVN9dpBpe^MSck~`!JLfqL9gaffq>d*@9IpTfFr-O zFMBL!-EqKq^mNUYCl6bQpIVij57umqd{R!ir=oa~-+RX%xlI#qGG=aK4A!w3nuko? zDZ0|Lo7FiaUS;ou5Ed#{FSGU|+EO}hm-*40MZ7}$L4`%lk9*c_6*OdKtYGtrmVw==~VP8h^%P0 zbP9=o_j$n$kH$d3E_MXxGhcR1#ES^M!vY0LEL(3AyT0SlL~z5oCpFEc4p=)wZm`ej zQtd}_mHCJ5Bi`$ZsaO1-YgT`r-Hj1>UO}FVL2!EJj!RSb`JW^m)`L%#ojO?(73RL_ zCZVj|?Lk6I1gE~GZLpkusYWsaskvd?Vxf_wPS#biim~_WS4@7?a(hSB=y=%8X_whY zv(WL2<;qHnM1(Se(>-@QU2m6&V&25LPJ3HM_)04r#?aDuu1OBDw`Yb9Tj+_n)97}KsOBvKvuz%BJg*m0NMlt7D}ucVU% zEni>elGV-tO(?x5hE*^ai9Cz6oT6)E-LKv$IcJ;LmhDN4!Fp-DiS-=Q78$nA?RT?U z=syuPms#rr@@R&30jK#D#9nUp(G%d=juHA9rP8> zFLvAzzJ1`ZrUZ)M_ zy8PcaJ4L>tW7v?gR5i(b^jaz?QrFQurb$|9!GKx!lu0bGmGm|nf;stK88{)n>7m6Y zw002GxL~GGK}!aK5Qo>kpFftW`=cq=(yryFv3fw2&9NX>aHYlaUH>19%59u1y zY1&5wyjY>KvC5yw@zC{~7R8!weyL9hJoo-JGki zw{Co1dz_`>+nwTrny~s9=JsO;^Z>7o%XbUh-1)t$l~0ThRD2evGwcYexuGDJHOY^BWt-GW%DJX*CG2qsN6-YusQ|n_R72QpVG_pv! zwY|Z<@7&pH?u~C1b?#2vN!LwX{&na!e9xZyH+Efx=}TP(%B_aqMu#k9`jR@sKEw)_ zF8z>6|9Giqt+&!_&rTry{L+r{^mPlCZe`v%Th>es(rY&oo0pFyBR5#Fm??~i9anAB zd$3HsS3WTeCBGnauUXO_5!$D?8;iMtoZ3ium|FO<@M!1ze(cwa{4h&51s%5-g=0kS zupJuw^RwBvyC0pm06uPT0t46GutyLXrB^On#);j0LhgOfAWi(*Nxp^Im>a}WwYz!_ zC6L;O&6m>D#$ZGkKWNX_h_Bjlg|PUhmnb0+EQoxe(uA`6Z6noiiLV1b6bkE~`W)tt zczB-!$uYxG$5InFy-X~9AFEgS3EM54t7u1NRxCm>HH~y*JXemlYQpfE>m0;VpI-uA z)SxL;VZ3LuyETu^>ofU2pf;(A=x0yC26zf) zYAUa-P>2}ic4HKA+5b5DazzS$Zx^N|ottPtcNTPp0Q@S0F_BgW2r)-HA%-d<-3+;U)c(Ka0 z+>37E`kb`uNe4=7+ZRQ&+nZ?*%*Rw1c!23_$(K0Sjl`XsS+~I4#=K2{r(o9A^%Um2 zPlX@Ekv?#_#R*1j>PIc~%dEQM3P`%^-WJaVZ&>zZQG{Fc@2V-?K`1zgqA%w^N+pqB zQuSCiIkUihhe=Kkd~QD*hoX=O}6j z<<@g%-u*b=a7?6-#HLQYc>B~%Z<~$DL(Ye>bz*RF7WeML%A*vLRhee3+=*%hj}+M6 zqN9!_oArt$?mvBg{kk(p;>*qr1qrOUt4><}$<^^0J@ejYlke2PY{coND?!L-YUNe3 zSC1|BdVESZwvxD@{z7Zoiu!fg*rL(!>4nY6b!9g?1fbt9shiQIfc?7MG_CU3@~!q_ z%<}!&&w-L`uf%7)rmq4w#7A{Ds^$F(so^5DnjKHN;()bMm}T0G8fxl5<3Tz@gQMfl zu1u7k2SAIr_+&p_cj5_r!3FR9K?c8?7V)&y8MT~E(S;pHu3bCq>U>(csj4!UaqpX? zm)SP!CYjc*4rB;MIrUAPPysdDK_(zutYLT_ijH9a7G$#)8|6!=DHBk6kzDA{gf z_?UTmnLyyFvPAc%{#vSTPXhMG&^}AQ#Ga3eEL!Nx6HO#qE4I1&>ErUN4qAyfl&t-n zD{Dn0^2?Qn*s4-B5h5Tr3+*O zLGKf%8cI@HFUc6>lJui>UoMqTd;9h;1^GO2J)XWm%!VuqqeYsMge#c$t?(o^=TC$g zjGb=k;7;za<^l5%3d_0*J54jwbz5au)!7n51)E&1ELn7>>t0g0I`4Wl89~Ftz8JF< zzPFW>BTtDsHSE(VB}v7N1^u=1i*pC3p1ZSLvzrilQJf=j!ZBNEv^w<|Hnzs{Da)7# zE>0HCN_OOBm=(*Q__1*XWa-J03yEPJdl%KMuyRQQO5@so?5?d37eYy#d64nrF+mlc zI_1=$qd5q}eoPDdcJ2yz#vwQFh7NM7D=ALgb!qD4XSkr}OO;Os#l{+8DjNAR2i~Zo z&(C#fC3eg?OLttd$_GzIT+`j@cuAq!`~yegtsNgtUV9>Pl)2A4yntDfzIkZU^ew7Y z)3?%#U3`BoI(?$!(qkF$NE-0|$z1+|)_~^CD7{ZCM5evH;K`|Yv2kYjR4nFe>Z=gB zjSou>0o0&9N3z1fM34n|1}3aGUUqZ{1*N&#Kegvw1#3`?3rZ*j%)wJJePMUpJugz9 zr%oHnvu!trfmtv+?JyN{Q{{e6Ek?vHxR_OHDRo>%G2^P?nP?lR=4vw~ii>6Dm5<&M zWrGN%X!;pde4GQBKO0E79T8S`)%J>#Q9FPlrueJVmXp0)Ox=3vKu#i za2b4bR=J&U=5fma?fI{;cVeLUPcNF))(VP>C$sF<@+Tr6ROn(~0I!#oV<#V$1ZLTMyzMRGej%=$a&akUCfu2ZKZ% zBQp&LS4^a4sZg#Zqz@IogI!nwXp0*%?hhR7LnJ?7XyvlA0l}n?ZLkEu?w-*;Dr=?-Nbw z!rHi$^fc2CkJd|&T-q8}fuQp%JOQQ^Kip6@(3vfj$vW_Yd$pEBIWu`7Vb9{Jn+Gv; zt2z`0tA%Y?cbI))0{1VuI}57uk#!~a&n6^4-0V|ndbev`;N&}VG6M2(($+ZiVf^zi zD|6x8%)y57}CMS~}$7DntBiEkqA(mlr5iR-8X#-N6JD$esnGCM=h3) zswDS=-vw63U)dME;Nsz`+A}dSeq~+>Ytofs>5hf>QfsZ{#&T1aH0jxgBz&t=ehfJ} ztGmW|L82j>!}M=y$Lz%w9>^^Nlp27<1oVuU#1Gg@7v^gv}LBKD!Hk-&IyDW9C`F z8|4Gk*yyNlR@SQ>Rbq;rpl;7adSiGHVMI22xg>>$4o#sqvNkJgP5kjw@&%C|&wfF5 z3G~{~fsUJZpZs1+JzNj7y*gk@uH;q;!&>86^5VbrWv@McP=nWoB@o>m=P7-mtUMH` zVZhPs9gh@iz@ijKXA~8FLpoAIVXm3(FH4-nOW*UHBWH&+pc*Vb^YPQ3Xu}E$Ilboo z>G6ipMTZ3dS}kmv@Za0J63RnovaeL@%us^LLyQZT6vGdtl!ulypwCkG&?U#uyBgh= z!o%?{GMI3aL&;Hz-EF^dRzZ?MNWa~DE%ofIH3h@aO3|^zthLbxPOk8#EHl3{63cpF zen<%NS&hNxMC!#k!5rf#k4<~Wp2>X(>qT4#?EE{SX5L(b-XO`v@B2Nw)@3;@MBu7Z z<3U;XRDIkYw+fS|&4dV8a5zko%!TJCDLC!63nO))Ns&CQ*a1yjN9hpER@!N^Y{!89;<1YW2c*ptq^o#Oo?V31vE zVu%1!Oq~WGZRct7&kd`SXdys21>&b}Xlh4kPVaiIBRWLnTSyvd&7CEpBnOgjrxHAy z#JT@C_pR>q3dJmEjcU?AS58*eZ_?>|0KY7Bwj+3s3n?of)FX_#@MypRUXKyAi2gv5 zmUT++p#Z^6p`e!#@I9Q?LY@r%{kckv~Y!?9T&c(t~Q9ZQ@ZJ9 zq)Q*6l77hNj$N+iaq(LuHCNEs=|ToTq!@`V<2aSQ44C72>m*mYd9!>}u6ifA-0eg6 zjM-C!C+ZK#0v#l)GWp|5i0J0zVP=+UsNA8 zJ}5S!@@E*Yvy3=*RA_;~oRvQnN$}Tir`Mgum92`mZe_c$q$_dfo*};qU#3tJO2nm$ zP<8ifKaY{di>TxUIL1%)|M};qZ3V8IrG?!M&~fNyqbT{=$pUE90*>$EYJrs>t^e3N z^2XvL0%b9QSu$_TTdV`KoP>fFRzMd&mS9^CnC46F47y8OPx<*%ekds`YbVAk)Vxvv zM?tllitr@VjDyZ0p2ULBcX@7dcJ8GUh*Kr3evT0vg4zW>W%+t)+DRhHs1W-16r3aR z=-OOvf*tL~*0Z+hLM=-Y0(=1GB$oB5g!A<5qQB+ko>l)nNid(j{LYIDa%*`PRrR-9E7q1;8 zf!o{rC7=J?H*oVgTci#e9c{BZ3UkA8R00x9K5Ga5VDu$wWVV$6YUUku zA(X8ta)-I3mgp@%LR-@IeS_8-OGalyg!(7|B48oJ_2>zP5n9YU;J$dlBXHxsY+h_#|L1g5=i~2B*y50W{>nPNId!_fyQ+URs+{oNvD;TD z+@xiO^f;MyjnF(Y+;GSWLdGr#O=a0%n3}eTxhf51+w7ePIJ~FS=UbFtYe0N>^EHPz zlIh5~{)n4vcg^T;&9##gNP;Ufm7$}8t_1}8x$m&(z) z8q)gItuF+{{+Q?3o+2Vu9UhmQ(o@`F(=Q)Hl$hJ!+KCuFWFYw}o;*{WT}0^>_AQlQ z^H2qdh^q0uyHic9XYshof;Yg&qn8c;*4Dp3!ER`+cLVVYlmu#Sfl?CQ<5#Jep@poM& z{M!67K0IDt6-Zt0k@_fid~kI2(K&V*S$lkk1~k5^Q^AQSwM;w4YhasC;7eVT&brzQ zDR-5+(euPtC@hB5)(ulg^}YIETOAoSsj!bk{k$gUREzWrzbq-^PZ0Mv8qZr`x`&+X>3Fp3qj-8^F(!?FqG6)nW?)nwBQT&li@w(xtc*}*m9g> z-v|l|)Izi10kR;>cI&~}9DBjz+a?Kw%BvL zWpieh-X56NhE=!S;MT3he_^2Cm?zGOquNdH~JbI0O2b zcV6?9{tEk@mn75JnEnLF*S_=$>s5kH1}_1Z457|uqBWw<6@ViBv@-712_ncoq+iFIF5&q3ETo=Uq8FpZOtvV_4sfpHuT zt1jldDif*xSyT&v47GYn?f`n?FK(CVc6yWz_QQAMDNfSo%?kLlgi?E-WeIT8y)_Ok~a(y;SAb$XUfSJo<0aVY1{M$)2nSLxY?N!2rR z$CC~Nh57aD$+}P^;h`q$?IZuOazS5L$np(HR0h1_V_GoIj$VM_I;D?ppJ2)z0nk}Y z@f+klb+*@TtWpO3NdOYnUZoOXarGd8tcWjN9Tj9J%b9%fi?(JnbxrF7n8l|v{V`C) z?6KQBo}LkjZK1b&z4_V!7iMMJYr)9sW^nwCL|J-gIP1ti!QM&R_^$idL%7n@W5wat zl+mGQ1Fum*E6%{JQI(XoXjqYe`~yhTYQpU=sY-|L)Ur@p>oNy+W&x?{jyfpnKE!B; zS?&u#p7ZJtTxWMVs zo%dk4Pd)qF^Y+Fuw}`#F5ImR2k(Rzi`WDTBK-eM^^qgs!Fy64t5ttWKZP!g%z^Sil z`K)l5liT@t`&g)bE~Q5bOOS?rGq6FHAdK?x#s^G$N4#6~`sD)yzb-dRyl&lgqWe+d zzWWh^u%taIc9m~wtR?;88$_LR zGgc{VATE>_GH!E0_DZsOS(i95d!YX%fv*cNT^iT3!MfPLHV91*ELN-@Apt7O%{*AL zLv2*W3`clx@LhENAAu=j;)l@{umyl?FZ_=0=P zjT6(Udr=%+EG&ULJ3U@M70l)z?_J=a9zbYSI#zXG2Va4M+~^4>e-MlqH@Jt`MuV=KUw13ts9Jy9p`=W~Es1|vI z)Hc9p@lv)7!L;RFAL^!90{h(B25V>xA7*&W6M2vq#0xh${vdbtX++wd0Rl(jd3b+u z3T!jnq@=;lFAdkOaWBLtcywIz<`jBvKB^KO-N6WodL%If^5;C5t;U`&G%@qFls$l*vtR(dwMmv3HVNZW zV}bA8i(y)!_rSd;k`1zpies@PKwq-;{tnE(=$5Rcit-4NzK_diKCvXjke0G6G?4ED zyiO+rW(&TtBg$v-K43cY;N`3S1ZID-wFL07fAk9O0ny+X7%s)ij9j3(CYLT5Gb&{W z`Drx|+O`t~XTHZ1vOdVgjRbm%@L=`5S<3idJXZL;4Ik(rMqQq)h@!%U=ySr^*!Mp% zD+saM1HfaIpisj}YuVNG)fpRNsJ6B?dv=Nt(5hMw9ApdX=!I_f(SYOs8o;m>b7I_+ z=M-W1sBBA(sDjA`A}wr5_>4=W_CggP^%@nwnd@7YLO$A%I2KLv1993mZ%VNorb0jB zL9^o*Fz#sr#~r7dQ<#q&Ks>dDV%Ubvk=^s;-CJ81S$j5$7d=b8anX4)FEu7g4J*@s z)Xatmp@OQ=V1o^Q@ZJyjdy@E=w-`Yg$78UT#5ksb0!Gb?4Wm@Z$GyDps$XK%*L=H_ z=)#2KZuUW^^rIf0+!2i27@2B44^^Te#R?vdM;^JTw_WTzOZ?DvIr!>Rl7Ok}L5QvH zK%k*f&3uln#_W#O9R7`?*j}gFSnM*hoE=OF=xw)~u=2kN8USh&mz3a#*tN^p*)=a~ zEirTg%mdhMN-2|;8q)0xS-?F0HfqQU)2+zoH+LSESi4?#BKj8kOcT~wnG0aU+bILZ zE(u`1lNAAT-P;mA`)y+asKKao&vb`zxsf>Tyh z@!D~3N=co_bocqgB40u>#)#|7SYVUg0=MfMRG95s3^j-`W|_z5>T33MF#RAq^|zE++ism(p5Bl7cH#KRz}R-93a%%q&4H_ml=UmNS} zBf~tg)l#^ZL}FbN16+sb?9m>;X6s;WJrQTyrnh!yxK-E^1<)Dk4oAbBbhj4Gj?B|m z=poD9f0dQAsh+^LBg0mCCUb!ynuw@(3sjYben>|Zt96aK+((-0-j@>o7!b59L##Rj zu0n@Ssnj#iRvzT%R*N-+IhPL?IEJk;pWf-PXX0k%WG}DUw7IA-mLnGaaPA&)toyMn zgj~6i>ruC^!EVXH?^$n^y{9wny!KO?q6XX%glW(9K?&hQxTzLNAa%r3;!qSdL``Q% zMg2)t@!82@#gK*cK^@VQO;k#z@&Ze!rOY!t$dlV^U=xL?!4Za zRw<|Ui?{pA4&}{nL+6E@tXYtGK2%ZccVEv~6nPYTqI);a?Qc559)%=pA(MnzFc>ny79@IJW2^8%TOK>x3% z=x(|Pha+Eit=0lNv!l^EAZ#)dM;s`0Px#I)22ZpaPyp-5oh&O>LK4bZ=)gY97OFuN zTkUDU8G-eoKLe}R%rJ&jIJ$|#J;tg4tA0`!QS~sI0q2%GeIfKh7NjG z0!wlINeOS2g?4_oCF(po3B@z&gYD-+j`8i8!&h&H

)1PgmOYJcDV4ZGxV!9>==~ zjHSHR_dsnS0hysIKl2aJr598>V|WAY7iv&~lfS9oE=&+~GKk7edGPB4;i2uZqQ_QL zC?v6ht`~vlS3*I?+2>+vkQrSSa5~yf+I81dP7N%ippR>Azb@?X^hQ}{`Aks?^d+dJ zZ8zu{w=Clkb-%PjVLT(lrbGq7vJ17lmg)*A+VZX@X5{jAhlUrcj0&@Sf{*9)#HvO3xeSHgR?D&VGFG zY5dRHRT;-$j8l72FY4^O&hUE=$xuNxQY&3?i?;xXfG+peWczc}|xl=N&n zHPA|j=iM{}kF&m!vyB0=;xpqsr8_@)D6{{i@FlW+F{EPs0pxjqAE(FS>9*@gss;?6 z&j%g%cR5)w*O<7sRs4b(ju=6VTribFp0$*N9}XYT2WzR>{E-sRarI`ZzP!)w#yanK zpJA$LzHO=MsyanWIAIq4BB>^dliyxncXI?8+KgyzO>p|utt%y5y^6&30=iun z#%uR-D$kS_IK89sL)P$m*1w~FtC${=rI;Q!K}qIrZ5s9;ekt|;MM3579ay| zgn6Q=?(DpwK?P-QDVOh{@VC%9yzAOtc>hIZ-*M850nPf3y6F9|&vPc5%!>`r;J+(| z)L74;@cf5R)ETDN*`P}Mhj;5(9^QC7ZA^4Zax}MtS8D0m4DElf2)G`n=Y{eSe(*6Q z@vR-FPrT{{g|gHza1UU3Cq8bI%9mz+q|<&I|@#!QWoE-(QjbB^+(4D25c%*F9%(1**Y(P05z8 zZPcIu{p|g`uAd>|&E&Z`MKWOYiAM?zuSOBsnnnWbUE14|WZi;Siw~`b%?txj);u$Y zC_NuoZ16#|#+WQMdk7xEe3A_>@Qok15o(h+OK)gza`*5Tjymq7oqbE`{0MND!uuZT zhUPn3#0kyNinAJvD~28*sryRhD4g;;mG;WT0UOK!;9Pp_PN7CAj8%P3wRfSy=s9f1hCM`{6KKtvO zL6okRbR}bDd7+J}!1_#qXe})EuVb$m%d<2A-`=t1&WHhl<9@_*i5Hf|34n8~2R^)2 zq~Ih1>-So*eb3MDP(+!<3fI}qiemnfmQ}{hyW1t$h$rLhCZnc9rW1t*+6gO37CHV^ zXRRNPwdXx>&QLW}`JJhz43*D|HELgdLCUIVmpx`ZF!Hm+sN|Y_29vSlL_XEpgF-Z8 zttf3&sidH6NaR(UG^?pCScdmrJtWy)l7RCqEckTR=Wx73Gf}L`J&Sp#5GfV5vCdLaT^Q6xbUcw3~V}gQ$UMC4uDu1>d&z^?>Qsz^b_QvI) z3z!+KbVlhN1|!LwvRY*s1w30BRNI7&PE|rMu$9U1%9caGVw7$Dd!P`>Zc`N>0`>{V zGvQxWcXoDS+6|_bZ+1)5Ju#Q(Gykvl#kJVA?%46kgJ4~#pry2ZZqyxNKZB^)dkuD#72PzFM?DkyCC-*8ogjJ7pNNuIJ2pe4VXY(rk zxVU?K`j)OWOS89s{^cBVJ^v~dN9m8xNvV7DFS$_izuZ^LDL$&iPkb;};*e@=96ubH zWv+Kwt#pTvp^hA`*W6q~dhv6=mf#gh^m@$5*&0y^vogbxia3yDe) zdJYa}g)cpsKpw3-s`UCGd05s?7`F!Nb0%oNa4s_PL9<+;Xun=)fD^)?u)E?869AUsrpj zcuZNoP+Dy^eiyEGpV#lQ--|oF<~E$8;xa}{>?ZLGacH5^QID+N9T$I2Usa9xg*kEN zEuB`+v9eX|U?<*CB%6Kuq=49r8`2#10Fs7A3Lx#P(8o#bT)et|F&xJZ3fj4Ao^*(G z_c9LlF0}=3MK-#0lT=r9v0x@GX(F>lS%2t$5$g~k^Jl^>mPwNN>O(j$!>wZ zp0o}yQVG?m(+ri8PMXWxd+J~WA5Ei{T$v^?YHGap)a{fALlvC*E)b?aoSl&7p!NGs zJn!VGgX7LEUcK;&9qT!1W|minoVq-V^cM6a`jo7fr&^Z>g3!WDJ7EH;J|XpU+JueS zxg-N9Y*KSnt!b02)}U3m@^QF{r9D_c^6O&pi9+8B4DM{RYd+!2=g-%sN&t5j(w(r2 z3B~i>Xx<-Z7{ayc+;H-F7lhnFdB%QekThvTxfxc(Vd zU2d8X+1q~AK^=ey!P{FMBuf=Z*~-`qEQ~{HZkOofJ8CS*6`e=8wMdFq$5l-2>btLER&C^v>@d%)tZr4g z%!x3@H5EhfMIFnFLAoWdU7Eg~Pubs9_e5H`?2!j~=k4#u8CjJQ&n>KHG?)aHw;fdf z>1Si5f|nN???ygxpb<@3o9%-6bIb4ES~lN0_=fwu%o-JBJh3wHJ!P4-le)e7KyIZr zp>F?6f3mokV`~AKvaZq%|cd8AZ5xqXnlckZTazxEEkC}Qx0*j zLT%+Cx+O$|yXSPEA{gvry5CjE+1x1Y!IVHhz0I4UB~wJaVGd`nY9jZwo=T^HA-#T?9kJj5HcXuo~HC^`UeOW=>}-Ac()ae<=VIhUqcs^8d9`Nc z-nv-E3eVr+bhKtEG%T7Ez|I>+?aZBlAcx??jOIHYX)O%h{|~xc5+L0aG+k;tZy32Z zvL3ZkuHA;!@eI;PDVmv8snyZw^|cR7NEp8yk#_FwNm>!|m`UFR1D<7%=uN{#LEn3@ zvl?Al#h)+LzzmeRn>F!O(Sp?dR*{uusib1&v})77{|xqfrFSo}&gx5{v@-3XA~<5c zpfid;iSGok9pez%M+}Lsf z!~SbVOLyytyEC#THnirLx>kk$w2LHL3S4lCsCTp9 zVFHP|UH9yH-<(iR^ugrM?da=zGtiH$CpE*})hfJp&Kk2;u5|<&03aPOXcLHhnpW9T zp<;>iry&S0d3Q&@WW;^mc!>)re;A#8uem)ybvign9~RB0a~WTHpXT-M^vmFC|kzM-ApXxEO|sp2x0@jFcfHTL;p0^y|o^nZF! z>dEO-jv4+3%`Tif`cZz9pir(m29|6JwqzlUu@XNJByO}&R5B*#T&H%Sd26@r@@*B4{&Nal|6E0@ zaG=I=f$Ss=h*63Pa)rHrT2;#oTHi5nYjb1h#Nw%z;&|?2!#td$rF^PY_z?Bl;33G1 zo?kF>@K*h@f=$tmTHIj=m}^dR#LP9*DP|n@v-#f%?v$ zhI--1?T$6Nw{CV>GBE!UliBi47!fFOMo1;C|2LLbfBs*+GWo%6!XWR7riz}N*WJJF zA~;vBIYXy({CN)~j9ylMhUyy02xRGX~VO$j}OS=lN9CFp!T^x!IW<)2D1 z{2l6*Y|Zr_glGzAs`2Z7grWxq@?b8Fa|^G}zOSZEm(cSYvjz#AC%%q+SP!G;D$KEL z-nLJupuF)g7xl`12GFoyi$4D~w7JdF?J*SwwnT8Bt3X6qcFv4W0~7I)H2>Ktq$oS~ zb4?77#rU9NGvjpE+Q7-n#VKrTuYp8uX@VgpbdU9-VE0woq7gSt@#q9!;f6?S#^DUN z>7Uch0T0^ofqF?Kk7OjX0A?f`>n%EWKqgq?S~R3>jToy$iPc@Qbb`Zxi571CHi{}F z7jWj6{eXvfvBWxsHT^gq3>dgGW4Gc0RED(Z)qv-_sPDyAX}_vq6@`y2aRXtL3lO(H znC*6oFWC_J3Bb(ftZxebY6el|a&H7p0hsr%huo7174%x`tfZG)(eaQU+I`nygX2TT zKloT2A}UydI7E;kO0)Doy-9*$OP(Rn4<$<63_8AaMpaLZj}_i#3;;*--oX6kpBdc> z*1K1wa-E3kh5zV@Pro{L40ryWbYgK9zCTYMWN!a6_S4xFVjg%*HuGw|(C4Myy6fAA99-O_H+1VQpWL~6%`mvd7 z8qVMOv%J)yhi!Gui}bv__t8Q`Mxb^&CLDhWR1n`K4K}>umj7pdM0rE%V8q?gx<(%V z#fUN>rb2AB_S!&=8qtx!SJ%f!POjo^SYV*IBo6F6isCE$8Lr`|yn^+CK>-al18x`; zdmOUUx_n6{6<4;Q-x(r^60AvkSA!s zJI|=S{MVnpgDBfEDuZBndN$B$pX-~+Z5kSy8f6uOlu29;rI0t%G{E;<{YWhwYY|c) zZW>#xT^PVKM4!>%Y*p?Gi;y05uT81iM`A!!rSBeSk3O8Cr-2kTt#KlP=X*Vb zq@y4rQd3W(mh~gOyhg(hKg>CO(vg;M)qM$~?-9=auKJ>dI|Vu!pQ3gsVI~6Bwb*R# z6WtYirhs_%s2nEZa}+m?k4wB{)V@L<$sxBfGdT+3QR72uFOYb)fiaR3gIO=}{PoD? z<^jNwFW5KQxyR8zGIG>Gs<4a$PC%=svqF%cY`l*=8*6PeJmFY? zz5kXxF2Fb*h+(bWe0|t(5J79#^m0yI;@{8D>8=vdZA@WWRXg1fbbtUElelrBDP-3B zHN4cCw31P)n%Uy=dCY6!w;6n|8HvP&2;a2#2eVN_@H%YuiX2L|)53aa-`5L&E_=`a z1=O32yIeYWWL_xt{H#Gq?&3t#ZdtLauF_v`jRUjvq2@bGFhcT|F8hi6{hYVurD{)Z zcsb^VrL17QBJo{ZQ(i!{aL@F2FFvyHh*uN^gWQU&1w`$?2d>X9Jsy~smqZZ`e*HG5 zJlAHM66l|_=>wm)i-ksM+jV$5`SuMhz@UZZOo;{>!F#cx-?{v=@yG6OJs4^%^gzB4 zrowLiW5Zh+7hj74LWQHL-@)@e%wYc>a|cuBk73-*Ns8D z5wUZ+s**CX4mhgbZ|q*6TD{@3{2#?Nfn})gESzpfdo(!~6Cvx7u*Emf9shmYpNn{1 z#p!RdDG*JV8c?}*Rlu6zxL}z^*(%Lw*ds420T;kpq=f4=zmICdq-7WXq#c^tVjSSo zcbB5}>;xwDc(U6;28wzFk$=>&?W|C3OKn~E?#sL4N0bCVLV4;%Dgv8sidtcqIjp1u zh<7VKHuc|lDX|P6HDiwWmK*JussRuXB0qEqqaI8B(ubw+XX8YIHBrp#S762yyk0Kz zg3vt2tULPBsFtRl^Gz+SQid&+-p69iPn$fc>5qS~*O?ffDz9B~45jv7Ap~vW1ajVe zOok(ov`o?4@^262Bfg9BUt(qGhLvWMVT-i4_kY3l@?zH#%Okt(eV~H)H{9q&rOo0I z96-h)E#l_DwHnRDP#auWXrDBtwzxJsTS~RVUQ|(Pv6LzpA}=~2wQ$GM+Y5VM;pivM zxR~ix!_?%hX7da#c&j$FSJVizp^MY z(dJF3Qvv{UYU8E@e_UU>J_hWE``ii}8*iohkKu7d%JDY_IhRm3-c2C9 zbk~SftJ?T$S8-DYW&9hPt8ZE5W{Pjqv!gwBFv>pfo@U^pHDKE#^nkorB%etT+h7Gx z>o2xvj_o}F|BzscpTu*qMNZ16D6ZKYI<*g2B)xZdB z1Y_+))YL0Zu$atX)}QMFBd_X5&poir+8V|)qjp{D@WK86L0cnSz3nLdwt3prMsg1A zgZuZ{BFuveIccD7@9jPDCkb^Yl}HL?3=X(bmxYRCX{j{_qz~(L4FJBthNFJBLv_&Q zHXjZ;VSB3zEzOL6#GZkfc6uSOL}#m70e?0Bt>~-6AswGR@stfYB(mXG$pGFT=PSaH zBs+nH8vURJ;XFz zq0{SzOh@S8!jBlq8PXG!b;@T(#$Wf{P8U7SD!_ z1wg&Ky0W4$X#35ALun(GoQ~>8WTW&Lc!eDJO9JopU$h3{!N@l@M$hT;D=Xc{;u}aZ zq8JPxxI;8YiTl~+)wo(npl5O7>u`x^jbGjH`jM(ch3G_{G5xNGg-?MA6mkA ztPLX->%v1R#LimKG+qauc^7NK{jF5F9$zX**=SK1DIW8Yv5*-xc?d8&N4^Wwh+Z53 zp$iZmxIPj?jtPD!!-}ZPjjW&LEVf(;AE%}Z$TCaYGhj>DkmmNg3163XfQ+O&6N8Ue z9(J0rGc)pd$1td}>g2Sg3tSj3*69=`;DNU+a5SR^8yTLF$} zyqU9vhE_{$bq^Qaf60rmsBiqY0^)D61hBO{(W%^u)?&id7UUD>^vkv6ghy(W@2j*3D-<#8eX5#(imRrlx{{I}0El7j@|$RgolZ>GcSVAYjelwi z8vaXufjtbn!%EQLBFfBH8EBpWG2Op}R*+nO3&qbUL<#*6{17PMe5~|S0qSP`UY30f z#5ryeJDP&2a{o8-WWj3Q>sP3$rv95V!1XuZ z9+IdI$^9q%Ei7M)JSYm5PsUy6-0lDwU|q?3HplYcvH^6DcJ%U#-tKwU|C{| z+g%6O$jsNq^nadw=*td3DB)}1UT{vLv9zy|h5x5!^d$UaccZWJMk`n7NeJp8==N*a z-0S9Rz3Ey%0fXjXJ6MAOwu67ckN>ykYn2)#^Iw<5f4+j@|HKu@^j~Jtu7K->rMS|- z9s9J|Hj@^#p>{zQE6`IA&2?v~;?`D|7R6h(qc!kVYNWg0)9~#7p&xA3pUFWe?jZxT zXQZGL%{a*a|Kru=*Iz_4iWV-qbN}~OmtTKTZS9gaJ6z$br|"remote_write
(example.com)"| prometheus + prometheus -->|"self-monitoring
(am-0.cluster.local)"| alertmanager + route53 -->|"tls_certificates
(example.com)"| traefik + traefik -->|"ingress-per-unit
(prom-0.cluster.local)"| prometheus + traefik -->|"ingress-per-app
(am-*.cluster.local)"| alertmanager + + prometheus -->|"tls_certificates
(prom-0.cluster.local)"| localca + alertmanager -->|"tls_certificates
(am-0.cluster.local)"| localca + localca -->|"certificate_transfer
(local_ca)"| traefik + + route53 -->|"certificate_transfer
(external_ca)"| grafana + + le -.-> route53 + route53dns -.-> route53 + + classDef ExternalNode fill:black,stroke:white,stroke-width:1px,color:white,rx:8px,ry:8px + class le,route53dns ExternalNode + style WWW fill:grey,stroke:white,stroke-width:1px,rx:8px,ry:8px +``` -COS can be deployed end-to-end encrypted, with TLS termination only, or unencrypted. When deploying COS using [the provided Terraform module](https://github.com/canonical/observability-stack/tree/main/terraform/cos), it will by default be deployed using a self-signed certificate authority. If you have other certificate requirements, you'll be able to replace the self-signed-certificates operator with another TLS operator of your liking, consulting the "Providing" section of [the `tls-certificates` interface page on Charmhub](https://charmhub.io/integrations/tls-certificates). +As with any TLS configuration, keep in mind best practices such as frequent certificate rotation. See [this guide](https://charmhub.io/blackbox-exporter-k8s/docs/monitor-ssl-certificates) for an example of monitoring certificates. + +```{warning} currently there is a [known issue](https://github.com/canonical/operator/issues/970) due to which some COS relations are limited to in-cluster relations only. +``` -TODO For help with deploying COS using Terraform, see the [tutorial/installation docs](../tutorial/installation). +## COS + +COS can be deployed end-to-end encrypted, with TLS termination only, or unencrypted. `````{tab-set} ````{tab-item} End-to-end TLS :sync: e2e-tls-cos -The following Terraform root module enables internal TLS by setting `internal_tls` value to `true`. By instantiating the COS module with a `certificates` provider offer URL (from the `ssc` module in this example), Traefik is provided certificates to enable TLS termination. The combination of these settings enables end-to-end TLS. +The following Terraform root module enables internal TLS by setting the `internal_tls` value to `true`. By instantiating the COS module with a `certificates` provider offer URL (from the `ssc` module in this example), Traefik is provided certificates to enable TLS termination. The combination of these settings enables end-to-end TLS. ```{tip} - `internal_tls` -> `true` @@ -53,19 +113,17 @@ To remove the internal TLS configuration, override the COS module's `internal_tl ## COS Lite -COS Lite can be deployed via Terraform or with Juju bundles. In either case, it can be deployed end-to-end encrypted, with TLS termination only, or unencrypted. - -``````{tab-set} -`````{tab-item} Terraform -:sync: tf-tls-cos-lite +```{Note} +The [COS Lite bundle](https://charmhub.io/cos-lite) is now deprecated in favor of Terraform modules. +``` -TODO For help with deploying COS using Terraform, see the [tutorial/installation docs](../tutorial/installation). +COS Lite can be deployed end-to-end encrypted, with TLS termination only, or unencrypted. `````{tab-set} ````{tab-item} End-to-end TLS :sync: e2e-tls-cos-lite -The following Terraform root module enables internal TLS by setting `internal_tls` to `true`. By instantiating the COS Lite module with a `certificates` provider offer URL (from the `ssc` module in this example), Traefik is provided certificates to enable TLS termination. The combination of these settings enables end-to-end TLS. +The following Terraform root module enables internal TLS by setting the `internal_tls` to `true`. By instantiating the COS Lite module with a `certificates` provider offer URL (from the `ssc` module in this example), Traefik is provided certificates to enable TLS termination. The combination of these settings enables end-to-end TLS. ```{tip} - `internal_tls` -> `true` @@ -105,42 +163,3 @@ To remove the internal TLS configuration, override the COS Lite module's `intern ``` ```` ````` - -`````{tab-item} Bundle -:sync: bundle-tls-cos-lite - -````{tab-set} -```{tab-item} End-to-end TLS -:sync: e2e-tls-cos-lite - -The cos-lite bundle together with the TLS overlay deploy an end-to-end encrypted COS. -- COS charms generate CSRs with the K8s FQDN as the SAN DNS and the internal CA signs. -- All COS charms trust the internal CA by installing the CA certificate in the charm and workload containers, using the `update-ca-certificates` tool. -- The external CA provides a certificate for Traefik's external URL. -- Within the COS model, workloads communicate via K8s FQDN URLs. -- Requests coming from outside of the model, use the ingress URLs. -- Traefik is able to establish a secure connection with its proxied apps thanks to trusting the local CA. - -Note: currently there is a [known issue](https://github.com/canonical/operator/issues/970) due to which some COS relations are limited to in-cluster relations only. - -The end-to-end COS TLS design is described in the diagram below. The diagram is limited to prometheus and alertmanager for brevity and clarity. - -![TLS](assets/tls-diagram.png) - -As with any TLS configuration, keep in mind best practices such as frequent certificate rotation. See [this guide](https://charmhub.io/blackbox-exporter-k8s/docs/monitor-ssl-certificates) for an example of monitoring certificates. -``` - -```{tab-item} TLS-terminated -:sync: tls-terminated-cos-lite - -The Traefik charm can function as a TLS termination point by relating it to an external CA (integrator) charm. Within the COS model, charms would still communicate using plain HTTP (unencrypted). -``` - -```{tab-item} Unencrypted -:sync: unencrypted-cos-lite - -The [cos-lite bundle](https://charmhub.io/cos-lite) deploys COS with workloads communicating using plain HTTP (unencrypted). -``` -```` -````` -`````` diff --git a/docs/how-to/cos-lite-tls.tf b/docs/how-to/cos-lite-tls.tf index efe3a5e4..61c7972d 100644 --- a/docs/how-to/cos-lite-tls.tf +++ b/docs/how-to/cos-lite-tls.tf @@ -8,21 +8,10 @@ module "ssc" { } module "cos-lite" { - source = "git::https://github.com/canonical/observability-stack//terraform/cos-lite?ref=feat/tls-termination" # FIXME ../cos-lite + source = "git::https://github.com/canonical/observability-stack//terraform/cos-lite?ref=feat/tls-termination" model = "cos" channel = "1/stable" traefik_channel = "latest/edge" internal_tls = true # Set to 'false' to disable inter-model TLS external_certificates_offer_url = module.ssc.offers.certificates.url # Set to 'null' or remove this line to communicate with Traefik via HTTP } - -# TODO can I omit the provider instantiation since this is not a tutorial? -terraform { - required_version = ">= 1.5" - required_providers { - juju = { - source = "juju/juju" - version = ">= 0.14.0" - } - } -} diff --git a/docs/how-to/cos-tls.tf b/docs/how-to/cos-tls.tf index 8fe1a790..d43c2740 100644 --- a/docs/how-to/cos-tls.tf +++ b/docs/how-to/cos-tls.tf @@ -8,21 +8,10 @@ module "ssc" { } module "cos" { - source = "git::https://github.com/canonical/observability-stack//terraform/cos?ref=feat/tls-termination" # FIXME ../cos-lite + source = "git::https://github.com/canonical/observability-stack//terraform/cos?ref=feat/tls-termination" model = "cos" channel = "1/stable" traefik_channel = "latest/edge" internal_tls = true # Set to 'false' to disable inter-model TLS external_certificates_offer_url = module.ssc.offers.certificates.url # Set to 'null' or remove this line to communicate with Traefik via HTTP } - -# TODO can I omit the provider instantiation since this is not a tutorial? -terraform { - required_version = ">= 1.5" - required_providers { - juju = { - source = "juju/juju" - version = ">= 0.14.0" - } - } -} diff --git a/terraform/cos-lite/main.tf b/terraform/cos-lite/main.tf index f285434c..9aefa757 100644 --- a/terraform/cos-lite/main.tf +++ b/terraform/cos-lite/main.tf @@ -428,6 +428,7 @@ resource "juju_integration" "prometheus_certificates" { } resource "juju_integration" "traefik_receive_ca_certificate" { + count = var.internal_tls ? 1 : 0 model = var.model application { diff --git a/terraform/cos/main.tf b/terraform/cos/main.tf index 320fe7f5..4abc7953 100644 --- a/terraform/cos/main.tf +++ b/terraform/cos/main.tf @@ -713,6 +713,7 @@ resource "juju_integration" "tempo_certificates" { } resource "juju_integration" "traefik_receive_ca_certificate" { + count = var.internal_tls ? 1 : 0 model = var.model application { @@ -726,21 +727,6 @@ resource "juju_integration" "traefik_receive_ca_certificate" { } } -resource "juju_integration" "traefik_certificates" { - count = var.internal_tls ? 1 : 0 - model = var.model - - application { - name = module.ssc[0].app_name - endpoint = module.ssc[0].provides.certificates - } - - application { - name = module.traefik.app_name - endpoint = module.traefik.endpoints.certificates - } -} - # Provided by an external CA resource "juju_integration" "external_traefik_certificates" { diff --git a/terraform/cos/variables.tf b/terraform/cos/variables.tf index b054d951..4168f3af 100644 --- a/terraform/cos/variables.tf +++ b/terraform/cos/variables.tf @@ -1,5 +1,5 @@ locals { - clouds = ["aws", "self-managed"] # list of k8s clouds where this COS module can be deployed. + clouds = ["aws", "self-managed"] # list of k8s clouds where this COS module can be deployed. tls_termination = var.external_certificates_offer_url != null ? true : false } From c8daa8ea83e244183237e67a7564c41986c8f973 Mon Sep 17 00:00:00 2001 From: Michael Thamm Date: Mon, 7 Jul 2025 19:05:45 -0400 Subject: [PATCH 04/14] chore: Docs cleanup --- docs/how-to/configure-tls-encryption.md | 2 +- docs/how-to/cos-lite-tls.tf | 4 ++-- docs/how-to/cos-tls.tf | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/how-to/configure-tls-encryption.md b/docs/how-to/configure-tls-encryption.md index 9b54efd1..d60ca772 100644 --- a/docs/how-to/configure-tls-encryption.md +++ b/docs/how-to/configure-tls-encryption.md @@ -29,7 +29,7 @@ flowchart TB route53[route53-acme-operator] end - subgraph ObserveModel [model-to-observe] + subgraph ObserveModel [observable-model] grafana[grafana-agent] end diff --git a/docs/how-to/cos-lite-tls.tf b/docs/how-to/cos-lite-tls.tf index 61c7972d..eefd2f99 100644 --- a/docs/how-to/cos-lite-tls.tf +++ b/docs/how-to/cos-lite-tls.tf @@ -3,12 +3,12 @@ # 'terraform apply' module "ssc" { - source = "git::https://github.com/MichaelThamm/self-signed-certificates-operator//terraform?ref=feat/tf-output-offers" # FIXME + source = "git::https://github.com/canonical/self-signed-certificates-operator//terraform" model = "external-ca" } module "cos-lite" { - source = "git::https://github.com/canonical/observability-stack//terraform/cos-lite?ref=feat/tls-termination" + source = "git::https://github.com/canonical/observability-stack//terraform/cos-lite" model = "cos" channel = "1/stable" traefik_channel = "latest/edge" diff --git a/docs/how-to/cos-tls.tf b/docs/how-to/cos-tls.tf index d43c2740..4ad12cda 100644 --- a/docs/how-to/cos-tls.tf +++ b/docs/how-to/cos-tls.tf @@ -3,12 +3,12 @@ # 'terraform apply' module "ssc" { - source = "git::https://github.com/MichaelThamm/self-signed-certificates-operator//terraform?ref=feat/tf-output-offers" # FIXME + source = "git::https://github.com/canonical/self-signed-certificates-operator//terraform" model = "external-ca" } module "cos" { - source = "git::https://github.com/canonical/observability-stack//terraform/cos?ref=feat/tls-termination" + source = "git::https://github.com/canonical/observability-stack//terraform/cos" model = "cos" channel = "1/stable" traefik_channel = "latest/edge" From eb310c406b1216d63db3f99280824ac4221b17f0 Mon Sep 17 00:00:00 2001 From: Michael Thamm Date: Mon, 7 Jul 2025 19:25:53 -0400 Subject: [PATCH 05/14] chore: Add Mimir to Sphinx spell check word list --- docs/.sphinx/.wordlist.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/.sphinx/.wordlist.txt b/docs/.sphinx/.wordlist.txt index fd1f1010..bc39fde7 100644 --- a/docs/.sphinx/.wordlist.txt +++ b/docs/.sphinx/.wordlist.txt @@ -329,3 +329,4 @@ snapcrafting subcluster swrast zSystems +mimir From 55a3ee4e6c2dd23b122f2ac4213cef7c5a96b164 Mon Sep 17 00:00:00 2001 From: Michael Thamm Date: Wed, 9 Jul 2025 14:45:54 -0400 Subject: [PATCH 06/14] fix: Final docs review updates --- docs/how-to/assets/high-level-tls.png | Bin 0 -> 197737 bytes docs/how-to/configure-tls-encryption.md | 151 ++++++------------------ docs/how-to/cos-lite-tls.tf | 17 --- docs/how-to/cos-tls.tf | 5 +- terraform/cos-lite/variables.tf | 2 +- 5 files changed, 38 insertions(+), 137 deletions(-) create mode 100644 docs/how-to/assets/high-level-tls.png delete mode 100644 docs/how-to/cos-lite-tls.tf diff --git a/docs/how-to/assets/high-level-tls.png b/docs/how-to/assets/high-level-tls.png new file mode 100644 index 0000000000000000000000000000000000000000..5f5723c93272b3bfae226f00dacb08cf1935d40b GIT binary patch literal 197737 zcmeFY_g7Qv_B~9MCQT_KRZx+xBE2I;k4g~)X+cDK?*XJqm98jAM-YP237ybIP`WfB z5_%0Gp_dTy?%=tfd-Qz&fcJ+x24@^}nC$0SWv;pATKlDrmL@IrMQS1(yHmrFlnvE`-xMcFR)06QK z5mPD?kuU@k{qNWR+2Mad@V{jE9}@fz5&u^X{#O?N#|i$&jsE{l43*=l9Ix^ow-Zsg z{_}??o>XSzVujr)h$TKHaf{cLk3`>;4krEcXU3bS(=5n<76^4^NlMooH*VV*Qf`h` z;{W~>B0?N@q95No2=@Aqt=t<*<a zJ_a11luExbsmQ9!`2TU(CvrOXxbr3hAC$`ZJ8}>Vz`wv(>uUr zXS{Qg6~WcG6ApE5M`|*jL>;H6BYsi>;PFnNrD*;LNM~X(s z>567T2yFe8lNJEJ(iLSNuku{mt^_SmC54Ln^CHd^pH@u_zx$M3W$$*-YWD`*D8S3$ zv&>`@X*l^xRKesb5*-7Li7ZB46TRMooTRyTuZ6SIaQto1xDS)!$#LyU33`V0%x`x{ zl%g1`W|j0hF%AfkK!x+4Y?_!JsG3;BpOi{BN|(H#ahnU1aXY%{hE*3>`&J=HIIVHC z@=u&+Mu6fWGaHA@<$nav-(I{=AqzF@^Zn{$A{c9733yT}q%I_1QS4ULx^QK>p6xJ+ zoZjP<+N5wtdj3|of96Gw4BeX-nelT)*{rJppq$$0)|)zvt9H1CQb{l7m$RYpdsxQ;buAfHqF87g)!>EEkucnm z3z2Ti7cUoPp7dfeciJT-hi5N~#X7PF&i`K`D6?=}pY8i3)5%U6y>&kXq~iv9tP6T< zeoag1uk4OrE$QXkJpF-Ej@eVUX*Rmc4n&i}(Kn0vvgZEpOHO~Osw7=#{2F#mm>kHt zvmw%e9UvyQhxgO(-yH5*W5_Lm&D+2a=R$vT_Nq?~(~l}v$yHllA#2u2^$&)J<4p6Z z@H%zhsiV8GvE%RJh0!F$lvNzWTS6LIPj=4!JJ(r!f}hteZt+N7AW7w6;ICVEzj>Et z!=RSc+9TZcNL$!_D@C&XA1Klq0;aRIh5BjD-WBQg$9PW2ez-PZp2&Jj6_j$KcgR~H zjS~%^Q#wT~hWo(Pt9njSjs+2$31}+U-@fSdOS?mXd$)y9Cje=`%deyB`tki0avu)x zw(E=)JLbYa;DqNJF|ET`4Xe3OLi{*f@XPS4t=<)|AN!-k@%#%PUOa^z?Nj%kGF7KimC-hKh8u=R{oJP?xT_W0=Z^uI9Qlb}$ZkyFI6>s#0w9X;D{&C#-e}+cM zlCtvS^R+w!O0pmu^CHtINRa04KqUhI3`Yno{d+w2_#gG!S6b#8?-m6}S@^qg{o}-^ z&zh4{ZZ>hc)qw<1;yOv`Or^i=1nBWMEx8jdc7yWY3=(oImtzs9rPuh};Qej2Du#jM zwQg|f(B}G6SpP}NqbOF$1#PV7F`>8bmLqr+wtb-W7LV4iy5SW2TVO~Jo~7va+2#_e z2w*4_3whjTW#>0>m1U|)-le$KtxX?2)j14HNX{@mnyPXyg|uWlKmKuuoiL#XA7SwU zRjA z?}uc{q<$g3IYn`2GIFo&AHjF0k@V`wkYWVOO6r`v$e@E-kY-uNb2qKctBgac@`g7+ zx@x^HBZc4sJd3AEOV;Ik5diQHJ|792z6#>F`ex6_B$6Fsy|Qv@Oq@oZ=Wd^j>{8bh#>bZU_keuw~{lz zk(HV|mQ^5G$ePwkr9J?G0pC=)x3*Rd5jCR;+(=LmJX49ZgKz?^& zwX;M0gNth3TYtC# z#6=sfjT`aJlkehsE$vnzm0ScsI40{26kJI@j!qJK7W418kk+XNz~JOUM9U?jkiRI& z$di{U9=g`o|L<`g0qwkhW^*}v0rhHc{xFR`w{0U-n^ZJ%hbHXzmmJ*rJ@#i^oGJ!+by$pLy zPx&lVS;y9n3t3T60(N~J?jze&9Pimh*WAD<|8wSdJ5G4EhDjKATSUv+H&s(_9zD9Q zP$JMiY|_XuutOT^3>|8;5&>={f1YwuDz&S-?7~EFG2@?D0U*`d8quM1mL-1;Ey?Kl z>%>-rPOD_S;!Zd10yH<@8f#OoA_W?HmZ(&<*1tRdc5)qViq~`wRSf9O;b_gMD6=S= z0to5~?@`Z4)#(0v-zz{KaFD3fzx9nhjy^BsrBKoClXLW(;)RguZ&5`=u{8snz~cok zf|r94yz+q$;bXFDNsYfM7;M zy1vm}3I{jwQE#pfVRiy_vWMi8YXU`)q{Ng93BeQ7WK*xrb)Rc)a{l9M{!a3mjnE3N=b`@2=Zn>TPhxvFCfMmE@t^Md;i=&hO ztQ1fVT^L`T7+eCGGrpAL1^rZoNeAd;0Z&)Xxk$2Ln4xyJ^X?n@!09LH2VDPRP`hqG zO-!SV8dv5?CsXa{8GxjVJU8vR%cXF)%5KrL{RYXyKMQGL8}a!ON7L)oORBIgEdh>I zq0hs-@`jf{Dr&uDW>KtT*}c~2chvwMeZSA+7^HV`*ExU!NXWm|JaWlOT_1c2VLjk7 z?bx4rHc6B+8}*MI9W(`!bC^S}!kM8kOZlH`1~RH21<9Lz3(2q6{7fVCStvT{B#l?TDNZj65^z6|&=cz43qBT{ou}Y8N%OBH zKf!eU18jd0QXSywMRCz!PO|Unt!$uDJ0UL9o+uw~5t-^L=uB%{2Wzya z@uPMaKLEiZgrIwJ$>#IF4BQ%$>>2!A%H$G@13ZoFMSIWpLZ2cy4YWuA=I@Jmj2@!}r0-U>yggeM3oFm`xCIaZ_x zXa9o>zc|UWo)CMQP0w4fNG(wgC+4|SJ3Ews-F$q6%~768ZONdf4Lbm|Pk;xL5lSB4 z^bKCo{|Cra!3f0j{ka6y97eMHI&7YBOD9b?mHcp@`%>v8=N&T`@|*r(j>mM4#xk{Y zc6Qa2E{DZ)B?gQLB1S5~&&WqyR0FXQh763`4h8wNYk6s17l#a&6o7*7$#^{*Pbm0W z*Hd%yOgm*_Vnv)pL!vO1 zTLLy-igsF6i}Pyis5^3h^iuM?^#8-eGr_XT&FN!5Vs^ig5}x;X=qq!kyMd6+gfDda%O8ml@?172 zKoNy~^e_sd4mRWxZG01hIrElgvt6TOc-0oC_dRXZc2}~PJ3UfS77joc*?CIr&-7Gw z!AbsC=8M}0pZDn|ng7Hhz=OHKrD^H1!AvC843xBD<5kS`r3=rZ6;pK4xjxU<*Db<+ zcSj-x#i!ItWKw8_MRSF_$JBxGKjr97zwIy+dz~$p@S!`PbOLV$eIEX0@e+7lK)rgS$L1 zWWS%DN0ZLhy!`bLriv0>4~?mP8-rPsxZ-r=H&e_Az?leOeGX3Xi*6(#K-FLeK&+57 zBesD1%Z-0pAtxOO^HB{0prg$`4_x06XzUDc0#uh=uQ5RRwp`tM?~{K?A@v^0WyvGW z7FPnkx-%jMsS7@c0Hxy#CvC!s5|GpZ0G4rxd-(KTmdcm@XBGZMVtJeh?Uj<6B~99G zo?9@}anNJquTmX` z%42u>i3_qG#9slmpCkC_`!Z2i{Z2Ji_W8-n^T5+JC=BIENnVDfhz+nKb)PRQ&VHtn zIry!GBBBF2e81`sdz|y2h3c9nOu9Q`mckVj5#y>DFYa19-(axvJw~3EZ(yD2Z(T|? zndqQ@L$t3ez)SKgr6p@rNy1XXQuNdQD@FVQN#zcX!doAV#37iMQD<2hMcSbN3swiK znK)~KWY>Pp9l$TjRW601R zcbRK{+-FAl(}!;05x3N= zi*FlKUOoqMHog8f(=^)KJ>y;P^vk=GZzMbafe+n9q!+*2X5ZZKtP-+jP6iSo;!vY~ zSisIp)>xzc-o3e2KV=>nAW#;xo+bR-Y{1_L5K3%4QS23~6lGg*J-}vfZG5GVMoTlk z8$Tc7$m;x?A(bsT1{0U^u0Xzsw)I{ur*R7S6RT=XkDpsPn@#n|xq>xI)h5>|3QT%MpCodo_07ky|FOEYvY2pol z8<pw?QmNsS3Y9Q?d| z>d)$;bi&5%1t{R@hQMV6;9^OUiHv^+)M*HR_5wUr_KFj3MTm<6ugQs)^Y`7qGyIN? zL=^7x%2zJ+4n)eocvVf*(P((H1DMS9$Zy_Amwn<;?_3uGo$zGR(!PAvU1ER#thz}5S5<4qphYI6oma^S&t9Qfv-Hx ziM=>+6~>As;%E&qaGinHa$y9i>_lbn?Aai?k_JvGvS^o!7=^x6tKQ7Q%Ha z3AEtFOSYK5m_u@ipiH1rUGmvrfDnxI-piMm{rDc<`9*g z#BNG+#wJ~B?eQ~tomtS)S?vG$Xr2)$DqW@PwQG+MmkCU=v2x-N*1FS6s`8oWMyVK_@`pFNw4&YEcC3G<8ktjMMMjN$- zow_ov2Ogi}Z`wM?Thf64BKlR!drxrgEI+T}VTcFVEm%Zxv&JWJDS-KJN0Klcihe36W=+8GT(e?G(|c| zV<8+M0kON}P$O=AL`oI&VlxLa=*y_-1 zw2DXzI$6b8Rk+^I`u@F>noQhoyds5elGzV@8s5g3Ap9K>gO zk9kiPi}lYb@6sKkI+zhFv$q?y;^ zopb3yMsqRC?91-QMU*b@qRukDYU91BqjsMWlpV|~kJqn?4O@=oI^ZX>zp5OlzG+sR z1TS$fwv;;rMUo!6&h#HbVRqR2v^ZQx`aSV#bdiK%8}d1rb0psPT5IESLwxJcL=xDs zAN#`1gdqe0*aj~E4sqxodaQh&@}T1$uF;bm-vA62+_WC+JRg6@c~;I{8mJ8)Izv*j zjW1ldr4t;P2Yi=_>sPywK)v9|X}bvuC|6w+=_cooDtG5%Uf7}yYjR2qM&o5SCF2cs zaOkIN?KEqaQtyifOjLP%$X+O#EEqB^Sbe${ZV5iNlr9G7*MwKjm}z*;fHPdP+Kh`D zLkD+B`OirgCGZf`DMe}~^u(gmJ-cVZBT~fr1*$p)nz6QDKa!b+Wu9K;Dcy6gu^S;O zq~zdT-0ReEu}$ElaLZ+ZUney>I9nMHjwYSr98`43Xh!MTu%OSqy1{!+KTIk|{#=%p zI=jtfSWdHdX$QF^9f{XfhMiPF=IK}FUejnd;b5xM0;ep_Stwy>x74tW*u||sYa-It z%v(1SCR>VNni(DER7}SZ3U|mDAo14re`Jr*4kOgt9miCTWwK6ybP6=sRpheMIhO>u z<^i3}eCxptK9bNg)EL*xNOCZKYl}3*S)5$NIUUDcTNg|^;h_u>9Bg*b=l0pnXm@c@ zDsbgh2ftjP6(%FOdyc1t*Pl1&S4-U;MS6EZaHqaJe2Jb5PUlmndgc?jDidknKWY-wlI^QAY!eR}MgrOw|Ko|W>-{-(BTEa<4 zd+TNwA?z#}(fM6v`&kX!MTj|vC9o98uVKH0y?-~W zW!W9w_qNtQ28Xp=9Z0(*9qDPx0gQS#}ijWYchz3O4xAz;jUtKL{X0R0|#xED@2WtjCYQbIU;{8Era+MvVF>om^AuFnV z)A89UnIHoJem|eS+_anFm)+k=pWw>4&)um8LveYD;m>``%#UsoUSW;!)EVY zx4z+^+=YpSz?xytRU#Hj@__ zqEmw^6~dG#Xn;h#%yH17p#yx9X(8_2GFAQi1h2u&uYEcaKJV zbi0r-4hX>PimU1m6&wm(kN-BjSrd1TtcceF1937o(p#e}$JbZ@`w z*n{Wi?pIFZF{IwRJ8Oo}4c*$ik#}^_hCO&BGZX)#V92GzD>gx$!%uphlm6OpIPmTx z=Qmu`5^?lJDaA9E2b0r%=poMhq>Qc74VWJFpl)%R*4|@zRl)ldK;xI)iCg+rvgfi` zW>Y`fhDKv#AzzsogOp$hTwpSNh&%%($XQlNPdD2Fr*!zJVXuXQ-j1HoCsF$3B$LQ< zzU_T`{zqP$lWCxX`e8okNikF+tlF%}of(g{i!Z2uEO8iR?UfdDd>9Ib-v7M#5qf?l z9ICP&N{yKlHLO)w_1@aP6@-lCFjvBVh|Val_36$z$$y3K-J1LPFu1l-|EImj&h)tH z4Z3@o>N z%OnqUbK2@AvG1Y{uyX`ObC#g3Z3FnL0QQ7JW8eDpWNVg*u$nVzrW*g7B+){r#m{ zGPBf~xdpj#X@1@-ImC#rGWiiJ&NZXp@v{+=SvJ|OcWjk!IAsrL`b~L!@?V?EA(0=~ zr}e8YVbR^dg*&NE!|P@m%>3Y;W|REA1Eci4WozGN%J;`|RcH-55CigB#2^&Fo_4pF z_MhOp0bZGzRlR zqfO{t41z?XEswIy&6g7WhA^^Vn%>Mjl@pD>g&0#~JkuTgS~af;Hk zfbF5ody8&PIO2lThP?99yaW3YN}~Hyui`jqDaaJjE+z*q1{iw!9 zpDKuyy~!I}UJdKlf)0W#6R{J0>Sa&m58ZU>g z;%lhBt3ZR<$(<_9Rq5*%mB9*Sfr^htGR=2IvksYEkT2&m;0*xln5ya6NO$rZ?b8zj z$9*$@L5)e9(AwKu#gV6EEIs?6xZZ-@%QwY-^3cZg%kSMoNSf5wuj#jB!%m`-N=~nw z5DZ~WXjFvCdhLYxZ_H%gz}-Wv+Lz+cl2Z@O$SqQ{Y#Oq zp!~g~N)r-u8!=>b{Cp-Fznf za2)B`-Y~W2@2&*fKEwWFM!A`D@FR6q8T%+V$WLR_nUT#rE85$$o^n8m*(r$ehTf1p zBS@QZ$j&yeAh#qxVZh;1B0+95m`<|PZB9_H5<|t1uKLWNX@BsKKLjW=JQa3r#eimH zy-NZL+sI`@e8QG(Z8VkU=|5xkVuUnif@cLkzqY1O3{n93m)0c%johLFN#XU8NInYKmBcj%r6wOw6`h`td%=)R>c9%>ZD zcpA68j)OB_01-AGH8ULt@#4F}a%%>Yx}6AZE55S-fSR^$N8l z?)E{pB2L+*vnj=2_EFdwf4|N(fc0+y%eHv$dTNX#qMa5klgiO>QUC24g#&iiQ-X> ziUq`_XTB~4v^$TAjF0}%HS~`ZN$HYN1lpQ~Az~C#WA~*O6Kn$8-MskGw#!&==qLu` z$s{k*Zpj4OvAJAq;RmR^5;=o>30RMsmuLY1FO0lf-|E?M<#d`@z*!&tu(CNj4XaUb zl|h#pEv%CJ?|Fo7IH>6U@LQR`yC~?=0*>@BTk4metmkSF^}FOaD7j)u)8gm1g3JT2 zt$174&uh?b@9;iu(lOXh)1LOrz4Zv4kkwKR-^xpNNd8#6>j>#`Nr%^;?D?l*OMhzD z>ef!kj|Ua8zG*lf#9MtN8fXzQ{<$=5jYUgOG>Ae0&&OD!_N&lcGLRfJep84(JPW=u z3cc{o7i)x(>M}hQwL@+Z9F9m7D|2AE0E)gtUyx>rxBBYu(>jl^o6_+w5TKr5S!B@3r^Ziw{9_T1KdG-4Ow19yAv z(|gI^Z#m1m4#Ib=;JzImVtBL5OmtxWF`yqOYEnpwzPo4?R_kbOq3$a<+1H~t6#wa| z;3U^1y%_!oyXxD=_d}FYU$qrqe?6OZODKBlX%Kz?yj!%>9F~=CVLGHRL+~YuyrIQg z*}a&cBWqhO3-@Sv>ATgR-288gIQ(r7dYSxYiMkc)dqb>Z%M zH5|x{_pL3*bv-3Ma`mDs1{%7lp8AYwTAb_C-dGoEjJ;5+M_elypyqNDa8%B)gu@Uj zu+e2X6Z}~*e>L4}i9Yk2O#gBZh-H5}C^k3F&Jt)#gb7O*caOh#I9vhHzFE2vd}rkC z$x#qz%?%oE!Le7FN-ar|&t8w;6@i(v9&e)e;>&La?fDcd1T-2YGr-N@@{<{6M2 zwC#`;?`;)%{{)+WaJN|Z()vVHHgPuZ#RIDk0~JPH_1r)kp;x!IL$2EseKA~Xn%|zS z`q&)8yy^e+1OW(S{rd$(E>;4CH(@WF-|9Zb*0tL^vHCyjDYwE%cikq0SYaMJCRo&09uL8ncb4VfVsPB;~@Gg2V79Dri}(94Xjh-x_>gJ!FVpk zNNe3Eh&Wsy4mI=*mcHHE*>$sKIoQu`5IZ~S6$=$P%9y945nG^P?-SE{ZwhpA*j*v| zFCcoe6zLu(eYws>)*X4ntP-bUIgAXWMYh39W-O)Qcmh$yV(2 zqy$;kAnsf`bjmx}u9QpkGaGILm}PBQ#bM49^m<_mPtVGy?-?#?pc>)c6~0c7{cf+g z@2o-V%xg@^wPi(u9qfa}6TA|vm&_vpRsVbIb-^Dax|CkujPQG!IL=4GK0`*DoyG<6 zst~^OXP8}9E&alujx>yH1sPtb>3AcOfktiVjw|#T>Rx4J652P`X!S>i!*9dQ4mm3a z`k5nP)pe~74#=H0`atPK&R>E~*na!^T!Q+u7g4dSjG58iRfLwHAlFH2tgUe=f#~q< z=>Ecm*O``-PUe<-GG`J0`8Ot|)4 zW=D>*;1#D%ppWvY(myJL`941`cRRv}pX;3e^s1mWa<~z)KW_e|@#zD(eZTMz-aA5v zQ+{*OXeC5Z@$C&`n*elCKP_FE-4XC|svwiv>mXU*d96wrI z))(s#eCt87-^||KlkL>_f!qNQ2}nWgP6@y2M7rbyRE_R_!pL@w7pMLqJ8FmV6@vHs zJvG1RJHX6l>{gXuNXC?nwq-%9tV)h9+4{hXdhna$=oj+M%cq*!J!yuwdZPfVU_FOF z3|*{{K3N_}mJxqxNjEWEp8V&uY>eKu{f=d4H+RZ4F%6O0 zS16{cKsRoW8>2r3?WxUx3-xH_S$7Oc4#sT4Z8(-zZPX#j@$edXu^<@=r@zvHr&gr_ z%MEeS7~}nbb<9I_I+6I;iVv_9*Uc(ULPy92j0~o=eLLe)qCn!^xxHm1Yu6Hf)(5?N zW(RrRf67yEB)hmld~d5SrRx9Uyojn#($Jm#QSg2ddYaq6K9alK!Pb9GpVe&~nSho@ zDS+n>5kFHk{rR~n5+K8j_p`2l(WCgZ`Gy3xqGck&H)Gcr=!+NAACZ(bo_mkom|J~2 zWxVh)#Me{_4D$4Er__)hl%=!fmbMq1B&Ze4uS7WYhUhAzF}?a#fNTOxou*w}rpQ7? zT&ze=28a*emT`ZpDD;X~uaaz@ML$FZj5;EPYb zaE|Jv6tzX6LIaevfUJ)$;5)a6gv)u#?A@G4Bv6w%P`x^qXUF-RQ>iHRC?N+cnY8?1 z2XwYkRDo0J`;YO7`(Kd>`nyIhxBL-eh#QnzuI(X5att<1Fn_IeH$a3aOa5pphh2$% zVTgAP^SN`nEJ(JMSq-9FsC)7ft-gx~kEv4eD*~^V?>MIt=`q#V4ol!=P8;Li@M7+lOJNCUw(L0`3>?~ zr=XMshPs+i7S*VATL)2xXZzFNAx zvr=IsppRY2#|mzhO$Lya#q5!4TyGEYl*`d$Rx>L%;39W<`T}5>Saj;yOONd+_3yT# zl@6IFNTy9r=T(awQQtn=3$!Ao7kijDImCIN??3@75fmv2n@gn`pHH%vq)twZ^xvEQ z7^yy4Jix~rJM+Qs($sy*Wb0UB^~?rR>ckmv=GvITxYy+^nIT5bvK48>ubxfN ztcY~3YnqGT>yPh8$jVwJ<8%xs`NR|>9Z9F zn2|l_FVhWM8CHV&L|frD<4(wAyF+N1dEj!Evtusx;-n477)rwJ06`eOW)u{?sD;XdHzY7zhmn)p@7+}S|mwz(TVK_ z+7KfMb5C9Vb5*===)slTuHg3b6kGGHFYal1c-vPG%Q60&BOPHR&Lizs)Y?Mx^0A?KLzM4t2jM8x9aJ3(N z(-!%ge%e!CQ3_nVRAxSn&}z<$q~Fw%TOuN?6zp;}ufBNrDkYO00bX70AJ+?Jo#F;4 zr}oqlFt1W*iZU0QL5)IJ9N7&)h4|rA=|Id*+?3+^FBZ;ua26nk2%7v3Kz`wgre#)$ z&ve)2I(k@bSm|F1He2pA?yNKYP#I>CPSm2c0ur$q|K!3Jkg9&zjsi>*W-BqTO*H&Wcq8vKw3Qfd+Hm zAGa8~tdPldm`0y-?Ce>cfOfhP7!JKg1+6g^_!?v zHR3E#@P#*4@4A3#<5mNg-0LN~AD0Ps#fZue2Mm?6xZyT4A(_wfCf||3O0%7YPxhQ% zlY{r%32Y1OzKFB2!qdn_DC28jLW1R#>!IHJSGqbZw@x>nfa$YlB zG!jU(fX7YLnB$GrW!YGGW(d-T zn-y>~J<4FVA%oQ<(Ro?31M4MvhA#g#Wo~rk3k|YcNEc@>eR(;{t!W66ScA4{8HxO` z#?sz+nf%JC%?4pFfu!1Z^?ecvy zV5ei9yX>G}g?&zWkF)R!(|q02*Dq|59-~&Db@tEOQAPxy!R| z!f#G4jH_3871Tczvi2I`e1ckZqzocKkM)qNGSs(sK~lX#J2d z|5TqC0jTX=##&Iev2%_M(h`kCrz6`MXw5DlKS@*um=ec|-iAQDZrFN9Eg07p;?>DJ z#R8FkE!U(k@*4&3r_g8Zdr~JV!Rl{~`KNmgnusK?@6}J=|0`j&W^!OLa1S8hY)%oR zac(^Qk6!cMyz-1m9_UjGqt3Ft3gP{3u2w}$ zHZaKA$m>YEaw7lBd$v}<^BHdjq?!)F4a6*Wq~nInSsbea#x?l1^seS zP1yuF*suCiixaBFOHFP3$RQ*ZcbtO_J+tE_%J-GwYjx@Ffw{iUai0S`6Yf0ragqdv zub(wR;Ar}HMIF*N>`XT5cFDBMWJkRZfYD0@0$v=7;40TVh>9u`Ys{Zpoak9n>@omK zt--0wViM49RzL}R$@^5Jjh&BImKx#8$i~YXs`e~6YDeg_tVw*ODEmqZU`o+U?xVeY zNB(Jc!s=)%N?Ana5tOEJz2pmNw7^YrD&DTH_D{blzp z)8PG$H1&QbDdD0%t!cuRP3a-@-U(M=YiU;hXUjcj|r32Je>yKXfB|AKSmfY|Z_L%!D@r+c@b>i%+vMa43|(&e4I zNIsxME0Q-Op?GhWlUVdttMatCv9YMpFX`)^WV4X0vC`%)H$Thpb6>1G z+i|If96WC7TA9=)V(zhg7@<-Va<5OMrU@RBq?P1-utphQHOEPt1|FG;ZXR3 zdt?hXo~ryoyoj&`P$6=F43tzn?m3d1oXtm|g>|zQEiO3_((pC5HG~ed>OnHk~$oo4#SUdK|M7IcP#?i^%2=v5iWz=mc;J8+{ zsiQ|*hwK={K25V= z*oNia>v1K#4<0h+`geJ%$pfYmX|;|@zRztHbJ<=l8B80wo7FzQt!du~Y_KhN4nwq+ z%Hhaf@5_Bq&}lA?^9c@f-Yje(EW)8~c9z{7OVwL1wjaT?nVr<&rL1}?5axLry2%7|jRi4zsyS2TLvL7*1G`#kzjn2Jf$f`=Cza<&REP^eGUktg_hBx2#y4_L^xAKY9K7Rz+PkCFAf7ZVwXw66|=0Ta_ zy4|~TdqP|{yudBNx9KkFB5wzNhg*QEYM00 z>-JUM>8T1u8bFc<1*EGm-|;YY!&=|2AYZg|Li+N@+v6bVyjzbdgBlj>Z(mmGu|6&# zeyat2QX{@@z=j4CAgbGdw=zF!M3y?M zCENV2MytoAL<5q*vTCA)<4^4|ZQo%n&!(ia2(M@;dlCA$D`wXX9$2KEC z=6GXt2#t5*ciPB&z7U82*zK=@^Vs<=84t!j;UL_%(D(IszRT05e@HQTAZHi2u*|ws z%OYjJ!TjbDGJJkI$o;*COczI`jg2+XH?nwIWG<4x46~ZQ)=x#`FCk@lGp%EBM|&HU zxV76N6Cal<2qQQz`$Z$Wj<*Eh^vOFh_18FxG<{H{FvaRmGe{a{Fs{h8YV(?BM(P7~G$8&)ZuEKm%~ zZsM|&z?_`XUq&*?SoN~MOkYC~P?oIAw7lE_avPtm`#;t!C+!_M>VGxj|lz!sG0 z{gpm=m9PbtTl(5`%HSX~%5nYzxr=n(Oum?oMchST!tv=_AU}34Xg$V)n6O(2lhwJW z^){kiw9)K!_oLpejrvl)q33F1wpE(f#L<@10IUkjtu7kq1w+IIKi9j83&(ta(H+<0 zA`(|FSsrxI%eIHav2Iw`6QNrIPfQoCz1XWk;($gKm{|60;Lu4U)3OpJZpkL`^#slx zOiIY4+V?U~tfzbFuJ?^_=99prhkb1GZ4ipmj`S3yz?n2;G4sr|GLeA^@I#c5Fqp7d z>XBXC(b1S}Lk*d8!~>OS-E=HqJo|iusBE0_$Q$yL-Lpci!(L98Z+8>`ZL~1oiX<&L zShgudYk$TiR60mIy9TlkY`=qlD)TbNFl35HW^tB<76JI2%%)}t&%ds!9l3(U1VitA3H0*`)K$6eE*Nf z|8ZWA9w*7U@B4aQ*Y&){eG&VpF#hsEU;T5f5BXLR?WZclR#weCrzCuuj()#wWpfyW zH1Bvah(Dah3`;_+p3le*8_9(U>JcX6Pd@?;1)ezt-$r_+cczyhZy{4z-ss+3bJ#tx zjC)j+UQ`sPo!#~OMdtVSnwzOmFZhlSt<8;BmAUGCS;2S6_GdI%rOk~mwN!#WqAKRv zj^S?rw;s~pc5F|8<9FX_kj3EhY(okI#xfKQAZX~!Y85}WT6Vo-MB+Z^gPtjULjk7< zamTlJdAhw@AATXL@t_xGW#s25ZrK;fx8V9&f$heD>-^*!MwTs;lg_WD%pyiQYy)TF zMbxu`!v}eyxQE@dBRe~LI?|B+`%26tU*)-L&Zly`_r|R3Nwt`Qu?`WJiEg~h>(c#j zy(nM&%Bz^H&3?t(nhgxl1W(Ja5x&DN46V3t?bo#4yjKAcW$AGM@oVUuk0as?iH4mj zDeh@Y?R|oabxTxE0_&=jEOc@DllcdoAe*iuwznr-S@vgj(AJ3tpnt?^Rk+@wAVi;M zKi?``P~O`sW8hgW^?hg8o06GymJL~N0;qQET_${-N`kZ2D#|DJ&;VT z6#9y9b}`8bB_Ee6E0FiNlXs%y$cybwvWjqNP~xgO>r~#+J;VDML)AXUc#!&VBr?CC z_cC9cbeIs%B#5w3v5X4(B37)dVu`gdF}k(0H*@aTRa)XVJfoW*1h8Cx zWcyZrWc!*&VsejPSr$~^?_=Uv`&=iVb0PSWoP_Iyww56AH$aCjMVg#j6&rlCcH4+a zCsAKl;p>KcR!d(B&qp7pl7=t3rHs*hGdA}@t*2d4eXO@c0td>qrICjjkrxR#@Lor7+=s&zCE%P*)-hKATGjL77 zoj0{Jl5QNM@T^^jYJbaPGp2OCui4t&tu19zej_Xd1DX&whxNU#=#}o7_^hF3s$87q zhH5_D>V2-8U{m>JsjA-vC4(@zDiz;bYFf2=%QKVBwh3HQw2t?yd^jg;f-I$ve1{Ox zL6%ZS-a>rlI1DaZflJm3lL!oOIVI*BwG!4T_}ir7np=yB>*JJj?QT54z(1GOE-+Ln zdQoQlx+<#u3tdV4M;nDge5bqy(wd}mvrVQ(^?A*dhNAno%Uag5orYJ)nv-AeJ?d)c zi6?5*zdzz+sLPzCz3SAOy;%8;b?Hft(@7&%*6DS9uZQlrTd9TJ4*mAK?_>pdlW05q znpK@*j6?Gm_fZWF$@B`d*2*E;npU}GAUo9W0j>;uD$~sPxa!SXfUkIP$^uSrrD*wl znm*ugY=aAasG1v{a!!-k_Q&~o!VhNMm%sb5-+x9>;=w-3aoFh&oN1ipuv0`3IW?Rg z`^=IK<8DQMisjHc0$g;07}sl^x${Y*>DFV{R5pA_`uEc{0fN7(&o%af{UD&PmOsSa z?M7`+WB)w>!Z*(Se2&d4wb+uD@`d|JoIO=px4u zB1q)C4z5M4*dXA_sr?(ik7kwznUpX+XzSCQY=ri1VeMI;WmovNpReiTkN&?;Y9tUw zHkXh_x4{Q|fJI{}vUf^0S9LKJCFuG6+9dGJ-yfUfcqvc=Pw@e)10)7I(BLdYNsZ&v z8TyVxKnoqeaq*|~O|a4@OJ{xy?|_rw{~CesOr=%ZyIo8yi!BaWimmoHeGHfWu_{hc zO2c9AL>`3ZPSV}o+Bh?n9DbH034B8_h+{@U(y(fst)XM2*CBAEHRZC@AoF3T^dS4A z2pNh6MtG+V&Y9VO?XXj7&>BOeH-bhCALmYNNJ~F^^AfyASOvyz)zqxt_+Jc`X2+F%l0?C(q8HQBf zw|Ts}^XI+q@6u5#g6eeB$+=jWJqh}nlO_%jLJv>6clm5Bi+z}1{}trt3(D8bLb2UP zJLrI@5^wU{{~uFU@C>{MxYNO?=Rz({H}1!{o8+YS^4gy7Zhv7X2v#`iU?45&VxF^= zNjlefPVx7l{)9;l^j0=6b>u?6Eh&KJZg+H1kX-FQ~sjEkcuM+N7 zKQe)rK0f#RBz~$NUS*U{f;(s>x)}OuJEB--d?b(yse1PH!hVi2@3s~zPLk*G|G+b6 z_4kiwLn3q1h76G0!Ed7xBF0F=?hcR)CnHjj9&}#eJLDpw_TQD`zoM1}dL^XQ5zjub z%3^wUK!1g?4PQ&}N$hyQ`CZzRFa3`EHWEJ+TPYTbA81g%J$i*rH}+EUJy#ZZ+$jXD z%CR=FVlQN7j1!$)_x|Sep-V_I4B;Uc;D>v@UW>2t-F>ikUKHyzn^r7#d7~2Qqi?Rv}i*-2IhwrnA|95S=lwjIYFG$>W@CNSW z>)^73)Oy5sjq7Uci?^91f1 zH}8#+3mG-IZ7U|#zaHk{ysE%c{$G(B)cS&Z!Orxf`8W7>s}0d*RY5&=%mdM6svkx* zsKMPwQy%~S1Lzk)A9X@-;wu3@+aEyBvj+RC?zkLFdkNi7%A@o_^}^bJ2Q!G(L8{*J zKjrXlI2!m-L-|@vXh2|g4A|3{`_uY$RaOoZRrUQp&HhiMY=b-EnoiiOOX5XP4gP9T z5I^nN-)fjYQ_1($$8A}xu7Lb-s!w}I#qCkGeP4fx^svA7o2u|#ngIvW1i7`rV6~F& zjvF;2hG^>*0$HwHH}=| z)B~5mwe=Uaf^uV^tY03og}t=t>(BD(uLT_ZUq9B4>e6R|-@qKHLE)SgkG&I_@i9YHTMz^$@cW5^x4C{B#9yQF{5v=z1DK!3sg(6|pCH5Xx+E{YPmIKyQg(O}16A z=G{BMSrxD^V*EZ_^32(99ymwd7enjxU;k$7hR?U&q#w2Q+5KQNfdf9$>@X?=X^AQ) zI3O&*Eu{mAlP1d_N}eL%W_VfTmmP2f!%OH%XwMUtVXMd!$uqHg@!+47BA)5!nLhp#g0r&6yLdh99=@{`BuBbI3OrJ!MC9 zWa?^nha(qAX<8n*@o}W3b2)()0MvW}@LJfpNtVOyp{J~@50j`;pCUbUiS}iZSh8!| zu#$JfH@StKJAG7V|6LWpXX-j|8~HM1EfZu(kSYAkSzfGNRT6=$_WCg0etw0@&GN|8@LI&%UAMkLyZQ+3#5Qy7Xb=+;GNN1{j0uJF~luKZt4tO|N$ zqEa?sqS68hqC!CMgiDJ1-cbrI%*bj$j0;K@8v0LQL)^>*Xx0A5uvxXP1B(idW%px4 zN)Q-oMFOt5IUN}dqmE3Q1bJsXh>bfdINK+nu2!ZhB%cD6>PbEbFe@&Qsl6*8{-nq8 zn&+;)slI3bPg3xQv-P#d7d3ILuWX$d=}m9oUR=R$8uS}~0Nq48^Z7)?uZgAqmslw& zZBhn%c}#jQf2|6dM<8T_-)xUq0QwNR(8XvG5;>4N)Qw ziwy_@2`zx@>zcKt2oV)zDNQ5^A{|g2vBO-zEGv706QbZhjFKis-L579_rpdbPyZh* zX9}RF_3jP*VL3eC*q~$2g5%ibj7qZ!1c!Jmr1VvH{?Q-&{T39s>oa`*|kdjScS`1Jo0%tK0>k-=U`a3GpT zBH2{lfCfLBNPZQ|A2p|RNNdM!$S}b(ylOA#w;j?DNM)GWy5rBN1J&|X`b@aX{xqRc zZ{?ZHqQ^;+M|TBy*#A9qpw*mqlo+M#!Bj&q^>rB|q)$mx8)kF95Jte@8>HVrC z@df&>_M{yVUmt_@KkIySOKE2qm?a`BI(9k`HV%IG5J=0yAPu@mexzk$P$+#Q9OSZV z5$2@0?FT_X?*L_Ou_R5ESMc$EETKRX0UwpY(|5@P8)bd}axIj}x0A_mFK!&lv zgMi);5Nh%|7Z&;N@*KA}V8~kTH7-Poe%#U)l$}mze6qcQ5oT(d7rm=I_AItEd*71P0m<^0sspvjUU`+^CHH%vmbI48xVEn}?CxqvK1H5MV(aR(KP|L90U`RoE zcKMcb{h8`{r02(X<88hU?>FDc55#Qz6}0&}OQ(7{T^aG*0!H@1+ZPC$G6E+XFwe&c zZbpb%{74cmhEME#r2UtnD1G$3@jxF%p`s12clRb|bDa2=<0`b#{e>^+e%)h7=$_c8 zZ`NzqMmNRiSGW9i+y|~$?4vI!G(HJw3AmCfk~`!r68^D{8R8TW^aj+bLY0aR`FLx$ zKli(?jMc&}aco_Bym?livQmH3`AAGRd+|ZD=y#)ZaY~7%LDXk&k~I8a7PeTo@3D>R z`f}cYr*PGH?m6HiHyTqK)7!fL4G=g3DKAoY08Xk15EzOT`XpR6j5M6w~XzD5NjJbNL^&ot;!V3~6OJM2b7` zL51Z(q43B^Jc0*wnfrJ`!Dr)Nf03}_0PxuwhKKo{(Di{U`IGDizg58|6Z&L6!*HiU zYUjQC_2QCKF`kmAwwu3=yQ10q{alDuJ9bn7VQxbh6 zdB`|r#pbIH=xsfl8o^S2168F@I3*{H1!6#GbY`Cpt(eS^ON`E zfw`G9d6%)M;lp7yX58{M6wY&j1Ff0sWM3+uM9@6D6Z+wh)x`%aI|8;Hw-v}=nt`A2 z_fz;*DQ#=3mado{vcw9v8WQGMLM)MpRzJ)M{VKS=diWzZFGdgef;AoU;>d^N$ zh@nCRzn{44sS$VIR7++AJH4(qyMA=<>b1eB?|Hb`$??QL;#Y=A^`WZ!yX|_4nj0iQt{5VM>Zd2YTvWq%= z9rAmV-#7fxlJkb6<4AB26Rw(>20{fjmRL`EZgK=BNA4`AMEb|KYoCJ76-x88J?ev7 zRj-D*1#0klhQA^KN25+I#Wg%wKrU<9NEW~1*SVa?)UHyu8e_I#U$R59He`Q3?iOK7 zO-arO8ARJbNm{|*=J#%X?9A7|G__+_&J-)Fj;ua~uzv7%2JxsJy}3!G*Rc)9X^=_j zBI6&tg(JEqM)`8NEcN)uo<6#K==36Mcw@HkjpykmM?93HNAA#a{Dp?6jY_e+Z?fXT zEOKX1*R2=2N)k3Wgw%L6lhf}^wKZ4u6^x|rY%Wc!FabGT41?I+pPw8!ZkI9d;e#2iqe}sO3W81NqI=0Vgl_Zw?=_;YHe_s!U0hzeD zXM32|U!RBeJtah~oVqmt6i5dKctIqs${Qx!LwIB^F{%x1-N<92uJ(+*?rzRALeDAt zAt_|dnaVSjet#eo?b{M;ydvpnAcw@kGVe&|f zNwnw~+f{`N3rDWMu~QSn+_tO!Lub@zr8)WC{2RZO>-=eJfGv)=3}XhS5>5kIx(b(8 zMYf>(4?&G>2^ltYyMWO?173ea?xHZYRrNKo5-sD^Bo+5~Q8)G}*%mjvm7_N0JjI+G zhnvzsUELJ)5V5Xnwtll?xsG(O0qeQZ^riB6F9mIpD4_=ISswHA=%PrAkx%HrKLHJ4 zRD(jp=xnM_Ab3K8)K7b0!0D=oYSae@L=kKs!N15eANcNPRqI|dv1Q!9^{_<`4^>Vh zayq-}xvmnHdkN?9_U}YLl(&4t$IWb<7F9es>(l9`Ooxr~ z2}K7p`Y|5*!}@;rP7w&$18SRrkf0R5KE!AoWQh(geGX|50vtyanXLHj?Jrk&Z)Chb zexYc@dB{1tI#=+g(0vWAbGCRgM7u^u6;X(eo0_M8GEJ3W`l4v6U3DVes?Nh=%A&&U z-PJIW&*e6#+Nk1Qp|P|jE4@x67KxouW%)14A22GVzROmszoZgPuzl&lK(0Ym=X)0m zkw0D4i9SzjRT>Rsi7g_1IM0pIMha@ijVbYA&-5_nxbqgE_V~j7^Q7k+Pm4*Yyd-sr zG!|lrV~Jxw+4%o``rwDE!J))rdA+7m%lBdqKJbL2+?{czpSq3b5qR|;iOU<0W+}*H zcxBr)!5h1zCQF7tMhZ*L6q2QB#hq7+266^&g6v76pSL=33WmbQiU!iB6^+GD^V1}A zP!uq8%dHLF3kf(kOaq~XJZ5qD?kE5Jlh>TUm;0Rv+4SXXfW-4UESEwgua#SA!2bNE z)6nFQY_YGtgL83U4THG1SCAAL^8gd9&@By=m-{zeHv#4+qWII^iIL9}U^ceUKxNI( zb-FcYa$de$_Rlc{nVYhG*5TzjGEbI_2UhAb`5S7RHipPMDw$P5iTns)Wl9mZ?|}hB z$P4hu$H>f*AXY&{(*rd=xGgV&ADLMmw3{C!MjOecl9?C8dK95aS?$T6_P!8yzaWwZ z7k7u1`SF1#WiDzZ+f%ghXC8s++=~KE<_`kXV?7!HaoW?nF=vGxlygJMuNuX?7z#r5 zVuP-B+HZ3+zA-nE>WX$J`2K%*=CPsxJ@wRr`d;^u^??>&R5=cbr>~?ad9G zE5BImEi<6JuwBtUu&%q|6}ZL+KRu$E_9Yn2aDq}9;eOyTLcjTFh6bzhP}lpmKO?^q_<#jYi6@xUt&C9nA@@2 z>nz3NPm<<}O91%ydwD41aHozh3?H`;Pa!GLmKiYJF@E}u$*VtRudwJLIvD+~RqUrO z{eq@1oiJMIF`LdkzF?z62da1exN1?#|4==fwwqIxo_W^OElFqBWYb4#!J#SzGsTMC zJLnDXO$L@2F;-ssDZ19Rnr@G6+tFTA=#pY6mnpjn zDHW_W%Le&@h!y{Hem+t6eRG7v&02DKVJDAu#L_E~4qQAZ7pI`V#y7APe`C5?)YzQ$ ze0kl^@5d_TF%id$%vZ&U(`zp1wUgfloF~@tynV${_p9R>_kr}yE(4#_r@~y4rBa(9 zJsV!(P)j^ieKYf398LjfjXzkiGRu<(eFNK#8$4esKlTX2h2TOgLsDX;x6C}a<$g=! zyZxe0fe^;qlZqK$vLs10NdvDxH-J@2XT&Qoq@an-XpZspDS7kD8Ulty_xOSLJ0=n# zcw}M8`sd#1e}7A=(+uhjiM_TPYyJ$#Q;HFl)wwB{2c6$z5Q}A%)A|ms)QJO zQaPrYlWWiDN_4{DsUIbVTaDib-~R1%eP>00$8BcVa|DK#(dncm=AD6<;EVgjE<)OJ z(7vf{7>1HfpjWf#K2ZJzltU)o@@`@jR5t~fo&lJfHdu3G!mns{XkFI2XkAz2TE&W& zs{P5he{A0`k8UfwaG0!slN4xw#_gSGYcm2)+3I&%%bkHb)Vgb z_zR7~_b3mf*P>K?0=0w@Ic8lqD6({GsKPWrhIV+dA>)n?E|H`_H_xWijYWWl`)+eQ zgAmirXh-ZheckAP;4Y-?4WqVsbgJm4zg4f}{;C9KH zGi9p{&tn8*y*CyY<%LErNzL|}6?H-0SKqikB2?cqR$<}sK3$C5d1fI0A<0s0rDJE= zx0Tpx*_~7pr*HU!Ndp5E_fEfJ20A7_(Xhe+e0J@PUZQ6W5~{ljcO?n(XlDuk;0QoZ zng|YQZZ*(6jClP&c;tKOMW&y<0BGN*BGh8nK6ohZ*@w$k^a*=hB}ImcWeIm_KaAo6 zSb9Z%mGq_}>F|2LbDyLMbEZ>`oK(z%jjHncmF#q235cS@_0&~%mYsJMiEM$LFp36!fTHR(GDs#4PLvPkTxV7E+p5(p;s;`YfWb8;rPR3HU zdTgjiDF|>cKa;u2pAG+9_O1$|Hl!{27x=WL0rEbdXWtc2{@=m|ITc8Ic(LUiqwRU? z%(PRy>iC$3Nr=|@rBSlXYmc@71`U;+Z_l)H)m1716XmA^^~ip!I?4^QhA-n^Dw%Zo ztAGu)d}+{IdqX&kx+ebV8 z*LeFLl}fG0^pm3%ciV)9M0{S;gBmW=tG(*lzSVV(Ed}L~upWrs&hbOsS|M*730K6) zJsXex)P}-(rJL#4o$aGKz_S`j1PG`@<2@#F8w`6Lu8_fd{gCVYtV4!U})i!+S&@DfNKtY5x z-FF0YlQqlAOnQyr>seN*5w*lnc5W%&aFVwEh?7-|V!)Wr+32YcWfv;O`uPr+6Ue7m zxD!rlZPgQyXGZ#tUae&kNZe{8M@f#{bYXkklvutRgg$GafmhUA5ojO%4h)lG`(004K$O|kW+F{k~L z3bZD#xy6Gd;J{i-$xMl~Y5{*egG=JW?T2?BhmM%C;z@w-fFYpljbaKWM#S5;VnzINeb17WC5T4vu5QiQKH0Z%c_E>6t?M zy5|hz%_C&q&n%(pKiamVm zL6GM;WE*v)4^8A_ka|TPamy;hAixqD~Sqf3)r#$FegXSE6nR)8{JM^n5 z)jm%V8hsb@nNC1W5MH+I*`IROo!WlErjQ?Ly~;!e>d^Wj*`{4&kd;z+Ao2 z_URD60Epm67%RDM4;6Wj0MzQ<2G^*O`^=`x&kIJJ&>(#5AY#GCe4JV2Uq5TTn!9kyTz{KIF^cy($eCz6!bq7y zg+|RtTT+F);+E`#AxjhkA8(fx&2u!Gawd?|$vSQLm^|0_AF;sUsiyC|(C8+SW9Vo) zVA@MSW#$;=TIPMna$G4Cd*ofHpzq8$Qy@+acdB{;KyUR~Y`5{<@9r?5!>|>EwJ_nB zS9E_PzN?9kP-J2#wK);ddP`ma9e&vQwT6DUFVSx=_A|qj|szVlX*yoBa8#;Gl_ zplfojIc34?1nF=^9CS7-4fydeO=T8qPc%eOv$W#t^aGG3XV(eGOXT38X+sOH&>6TP zw0jDVN``A_e?G`2W0gc0Q5(~m;TO-_8-g+!Bw%IuMd%p7`qh&iU3b5$=?|5uh#^g1?s+fqG zanbUtxj>@5-8=Le%9TJ14|jJ|c-JoReGVlN8f}m)$(o5_#L;-;b?)(qrJJ_akZ#$* z(G8M+g>K}!NMhT|K8abszQE>QKPNL&&lI`EO= z!RQ;m&ECpe$d7s(_?`dxXtTo-b=q6*YEdoZ6Kl2t?iQ1ZyRJ9m zoE+JApLc{wRJXr4cfTUb(F~~K*9FWRgJH@TIf|noUR&#a!&kp8P(UGoJ*ri@Nm)9P z3UT^j9pVKk7D^9u-G*U|Le9>Ctb_|bn)5$0z6ShU&%mxHOm2>AS0SV0^&g68Ci#hM z55A?407cC{asQsb6oT#6-mP}wS$RE~p67M@UgapE-{xd_o^rYFi@&x6wim$;Yl*ea z#_%e;KMlD!Mt*lOTfZZATI0yKuGZSU>($bg`%E%aGE{gEV(Aa5ad6v1ufy9st@p@a z7|U3DAz2+fAh#Ha+eQG5v9)PMGXQkiZfJWsEehcy8b=c;-B$d+Bth^_`;J3(!nLa= zre1z?9Qe&hfz8C*yDYaK!6(Jj*?%PmF2+H8wAl^apl;U;0%SGZX39U(CVp5>uJ|`i z=sPQ9YK2*>k+*LwO0ZgN)Q{pVh=8|G&DP$<>{oY$NmjStJAL0hlidtBkFO3D-L}G` zW-ITkSH?tNqkSz!s1tpv6xOwF*xFo?>#t0PEDe2Bo@K$3adFol8bo#C<(PR(5%R!n^NIM8(f_+!EsNoiUxfGwq$PyvGz`9bk^t<|WVl!Us z?t=k4z{tz{K^m&ZScCGhv~;F%F2i4>9u0D~*w!mUyS=T}4tGIrro8+`>)qAXzzl`e zRup~7+qh-FdzjoWsJ4Ky=&h->Z`Ofpkm|F_2hMpyc(iQ1baB9w92MGn!^OVQ>=)LeL`Csv)DW@j6lwNXc+_>sHQPJVucU3)(PvhY2 zlH-%=dUGtx_Cu|6LtQDWME#v=9q;f4k8_KhaL}>8+5&5#5tS_rpC&CRX;bPzm)X3x zhGDL^%RS{wS;_$1Z%W;NZ6Ste4uoYc&6p;aK|grKcu8bAF$$zxYv#}GnKr!sWC#H@ z+SWT+uTLUI;Sj;DyUm20TeJkTK{DS3FG@{kx4U`awZ2$MxGM++t8$L}KZa_!X~f!j z)wQgza{NlCe1CHy8X`Io$5f!+?-)2ebj7*jUHH)B%5wVajUg;Y+WQIo=4@o%^*iTs z%@V_I#Q2&fEI1p2QjwJdVpLdw*VV9Y$qWX9Y9$I zmt6xRx|*Kau<4UtadLOHpe3 zf_!}Zugn6Kcj^>?bJmwgOY5z z8PQHyuD8O;om?*-#B|8pyNE7hWE(uv714DWIS};L7IFJQP~tH}zRCm&E`1qk5Ui#S zw>^qzRhc*ex8+8heW0cXmp+4xXZ74Neq~=i`V=MZomSyjdZw(d?EK63FVEW=6QfU{ zz6yMVs?FZt{*nLlT@j*YwIB50!8Qe>tQ#w(?@XIj45s9haL}S=Y5#^G-eaKSmPu6_ zM7f61``=vJf~H$gRiWTo8Z%{8PWXCSGM6HBBVjovCgjd&^d8Mg~5o6G7M4>3U^BXrtR63`m_FC*sOFjVqtiYz;pEz z+`T!hADN92UQV%b(_pOU4)vsD$ul1%Sby?#yABsR!}fD~sj5sbrN4rp9NE^pKUZe7 z)~c_(2HYN{N<)a$moWzI6EZw6nEGRhA+aH?LwiWl3}B$W?nFo5Fp)O>0!l%GKU zz_$ah`qE1RI{Z0@qw^j!?s+Q}Fb*bTn`}B>VE3x8Kha=#L7xLElP%z94&ekG`VBi^ z;&!OD*le?x)?&BT2cM-I?)}or&OQDvHdK$Q2l@vX3CMdSpaSywidQ!Kjl?j}=B8fZ z&tAnMa)@M6yVpGzFL2>p{72n;T4k!$Q-bfyWVD%bCV?dv*;VHAgA}FkXzxa>uQ1m- z6?DcF%h5bo;e@^R&ECmKysF@ZS6a;r5Nk@DIy79JWkD6Tp9E=F!EQ8dd5^$*_bssM zFGF6ybM8S3kdmJ=zR7vUwE2p!t5$v2E4q5LV(v!2W+E@$I_0>L4EGI<+&rFt?Qbpx zh#r<5D;9Yw%=)OqEZ&G_+)GJ*Uvt_z-nZcB*SQ88nq7JdGQ4=sx1&e6EwInRzNOq^ zUnhrtv`A%y4mawD&&U?^Xr8XT(|MwVuGk7&^s0sf-$%lgc!Oz(?jJ`k_6TAUy4H5~ctRPpMrbcP9(=0SaFrERX@^{&W*&qx8D262UYkb!kNy>4R51POt)AABf66Xtoe(IlL9{b8_CDUWN9;QDvp{s#m6Xo^Mj z6FCi+Z(6;%w%;|1QI%8II-;R7nSlF@tXI~0pPh`X(k&2*@Pv8hGXR6VeW&qy4;Oh4 zJJhjdFb8J2OY!BB@Ir+jwMni-ghu*}h z=xYmEf8PNsEYs2_8fdZ@{9To2!PRK_TSuxSYP5|`bATeD z%7og1O$%0Aosksp&1HZ#&r_Vr)0?IHp|W*MxWkNPj%Qkc!c2;f=vU}_m?yt8cF@|$ z^_l%?4Dep?;OS~rx+*3Y5&$y)RqBn65AIEeqUaBYtD(lW$p+}ILxC6Phb2zgsgt8- z7Au)NbbN%gE6JtCldcIQ?nVfBZ^PHQM)Tu3wfbwMwCfS03&wIXo2jk7ljCcEPtK{l z-e_9EYln}@-GX^pxU>nfjW%)varYh#pT5+;e~(tYxzV3Q zAPOqItMN;xX4z;l14*Mgn<_nfz6kHil#x166aCA7xiG%8L7Ayys^xv+L_yVo+3}zm zK^&SaI<{qNo78BkZsLLK?_}aj6TM9?635sFZNt=MA05;}cEDKps3Qe7EuHp-U0 zL7yeW+%{MNsS1E`qMy*E_J^3R?* zSdEE($MbC=wJe@ib=Owwuri%EN)R&C z+MpI;$?E6qU{oIEEO$$t-2-YuEApD$o(O-@Zi^B<2yd%g7KCAPjU*IIJTECeVU^Yy zi66GN;%OpRg{6U@5%3Exyf*!F3|_z#OKq@6(?OR@y2M6ZLjqm7)8H#}>t}Ru$ zn6{_d$K*7`8xn4u5Pc8GJ0~TyS|AicrFY38?rE;mtgI|K;nL(59G?ZTNg@VhlxERU zy>`Y78}fRL-5S^6#F+Vmbt*{!^G08`7!ZBU5tE%9`*2G@mR5wjzvuW*X#7%bP+1hB zHO8msXJA0~;ucD60oI+kmVjwpeQDa{tRm8QTq3;PmZsEMCa?yX@;+NZ1@9uXP-sn z8Ar{Yo~X+66Uox}{+a2FxP~WZreqN#fm-&lYdRAD6=F$?k^=28hxgqKd?o;oSRhGY zS#C#y<_iZ4t}zu`HqZO?2YS^YJZkrb5y#lxvx2&3cYj|@6pe=tOitsL+}5wwDDC4g zPqPNe5ekrla-Xpf8WCRBSbg*O&V7@AZ5gNwM?dT<_8$$aIlEL&L2LZPnS)%dfhppI z;QMFMOgI;Fa@6F4AXB(@HCXthIj0n*iPY9nBe6-ikw|`wfCreMvE|8O^gXat8u7G^ zs9t?fJ%nc!af*f@i5sj;)jIzpN5Judv4A5#F*W6Ra&F3txJ(}-*>n6dPv>}cs{wZo zd#`X~B>3$X;`Tvn!X4z#)`Z*fL5TOtgb7 zszo75=L{A!x^nGinSb*ApS-{{H4PM|$Bc%@M7(TU_R8Nf12E>r;vVHOq>bwc;z__) zcf4^VpkRZ(WShq-xd1GlB^@|#@D0?^*MoA;{y>}dD*0FQ2iGKZu7kK^Jz2Y~b{kY; zghqbU+5fU=_?=2Xt?I~z3B+iJLo)WS($FS%i|!t8OdAlV)Yl3 z7S$H%{T;#Vc)k8d^+4?Km|H6^M|5{b%O~?1Lnt<&sfu~A7kt~XP)N>^!LFHx%+&k^ z@5EcI_z1y*01Cwa-u5-wA`8^G4tB>@Lg?lqUxV7%=~Kpz9((7kG4Vcgtgz3 zY7%-E)udm6_OFjW7Kqn*;~^)$_W_%rEPbP(=0#Gb73@`v=zT($hhjIx6GfTv6>b_v z+@M~6qdC?>E;4GFa2gUKL>&%n6C=)#yZm-_6EFwiJU4zEYN{0zPK9p7Ge&UT9?*87 zkw}AIIo4l-25(Y3$zvNwN63pW7OSVsurvpNqSrx%{60CzWlgsnEhV32J110llkxzK zU5)6G=n4sXsIgohd-1GGBm zGYf7dE7_>VTRG$KMy7_86cu;Pe=QQ;{AySb50hh-2lk(VA}{-mI$2PS0@b)gR9YDC z&t3rU*X9^{yE^59^D)LMUOFa15#%t>1xBdx`nE0`W$IH>Efzv=4iBA0|wX?!R3~KB@irG_u9Gh%d3eY4w)!};vOZrXvFX)DVU$u<@ z0O4fxcw{!8#t!lqY6?*Aotc44b{6^hB@&yUq;<#2#xC3+MzuXUv02*#cOit9;Bx`o zzwp9qLHPLLgqF-fM1;TG@wG143G1;iGrS%^qfS(R?70NDS&t|PbN_{mHU(@YE8Q!- ze`&3%+(i>rNeNm#)KCZgOj6?AO-;|ZCp0*#A?=c5hg~AX>|_#Uky)`kjht8c zU$+L}9%RL7a&iFlS+R?ZRqfBx;&XX6AI*p>u_Q-z z?lJDkO@e4E;vx*s$I0R+-fyu(*|S69g^hZ;GSPO|X%4o&#q^dZJ{Be7@}>Wjr(-<)$m^HSeouAaDq>@oe}_Bfnho(;daxzLgP zg8Lt2Ds;Suf^Mf70%&-`c1vlY#;)6jjaq77xSLfU+Mw z95M$dL$+mgv~LUoJKu~h;Mp-Kj7#KS*yMS}GnF0@4%}#OA?HN!qTmxj6joqi6BiVzXF|5j;s^%(( zsn_Wqe?gtSm9>QU8$Ies(6_sa#P{uTAr_FC`9a0-$Zq7sk7n+-%ZS_0gNkV)qY+&o zix~1&2XN${=5{8XTZ2I-jAi7B>zOlmb&~-+&t1ndXm~=6tG~EyOi0saPh5!2WtoNj z$Hj8mkxzv9ZGIY;UmyBNq={O+KUWGmI2DiNi;e|mrMqNDrV2c|xOZ>$%r#&w)JUP; zl`{if`}(rd)}>fz!pwjUIVx~RWP9gcOy{HH>dv3v1k2cT zaPEzB?B`O+;m{Z2L{zT4FwEQ8Sm2vW9N4Hatv$r1=#8Odl@fB>^;j%F3;yL<#@X;b z24mFeGN%#a(mNljJjz}eR~cBh#%GN;hIM=IZRfG=cb?^Ft@7ELjB(l9UcW9#^wmMC z<{ZB)Xx6|!%Y;(n9lns(j~a#26caJ6y0J%vTh$r?2$cB-kBQ{bQn&GWJU%}gC4;Z{ z`3_t+1wY)qo5J6n^B;+9o(<(Kq|yhx$ZUIEEsCctU%^upiQQwNvK*2fh?YS%rV zc3ev(q;u+J=e@$zQ{WW*$OCNOXQpbZro=sY)to2|ejV`s-pKk|w^n#!eVI+?nVOA~ zf|+_M#pkkai>KbnlZy_8u}bTLzdYwjMww46Ybs04=4PyY4iW5I9IBkl)=XgbqV(99 z?}T%yewmChdC?j#&WG}pCGvRr(ysr-4JtOPK*);>i~}iN0|wI1)!LuQQPC&SU))M0JI!xvCIQvykpU*LaG&G#df&AWngZd`>nXtoPMfd2 z8Seu{<${{&;OcZc7mY!CEoiL;*9qc4kLShWpRtD(-LhUM%;k}RXwS{6*tbBwpFvvy zC|@$_McvjAcA35C(EId~&Z^tKnM|4Y#{XmOJ;15{|Nr5nL=jRUt0-EM6tXLlh@?{X z9$96tW0#SU$jByIw(MDUWOM9eZ;ri=aX;Tjd_Ld*_jlj-@4l}4x?HYPpX<|kzhAHC z>p35f$E!nkQqiRFNg%=}aG?EPi(m)VO4x`FK-oU4O3~ww3k4$G{jqa}(O0Ra}c+a~K;dzc#;7}ZUQ??)OV{M@`C04silvc^Q6Oii(xkT_S7@n4F70=8)6$>0Zx~C! zLha;n|AKnlFA)j32Mp4_XgiqRN;Tx%BEu&L@AM&zK2cq~^m%su_oWn3uXfg1RkJ@g zIY4YK&O~UE{{W6axGHUL0(x8j|*_U zU;Rju5c&I~?Rk^mbVN-*oiNfGC2!G=jrHQe0r3%;ElG7bC$oNxy*$}7^IdiG8>3bC ztAmb?vG}nD!o*l36~b$G#A|7SjZH6donHS=Gstz1vnJ{(Nz8B1Q-A9 zMEfFK5B8h>Gx-1Ad(E34Al`cO7j+SZ4Pz9pd(^xph~2-^yL;Kgj=W4Z9RSHS}QsCUPbY$ z8JNnm>Vz00j(;D~wR)Hm8XoZ}v|I5#9>?Uc+Mj;S7w}E?4EM%unsq-cZHKqgaVSx5 zul(So@OI%bsuIi%a|!Zl`v=OE%|UN72B0yop!3#aFMJwX+fO>EsoiIYOHW}}d|@Iv zXY{owDd|SDSwo+HmXP}b`!=tBr7weR-OW+ax~@NlJVu?@Gw)eAM6~PbhQGQyltp;x zXkvy>abc2Tr@U_R5ydPBB}f1PL)wZ#O?PE;1Zym#i?=L(PER`*!ILv~a$6rIBqAm5 zsq`0T{Cbk1J{ETV$kB>DngsYT{-=BTpZgxu($wKxMI`DfEq~r*B3l%%q2rf3<@i()4yK(YE zMQdzLrg0CSIn&9cD~a70`-KNaZHdpvvJz;O%p1iHvQ&}LaVPdU-1VlRv}Kf~T+Oq> zGUi1%DpRpZlNS1NIIh*CE%#&nmevz>lBA$ifxecnFofN%Qh{B@N2q2AwYZ_+`F95n zbx)#A)HL4A?W9$w7f3Iw6g-Q9K;O<`XUjMBRS&mOMkV82$YG^Kh00(ZIyY=vw7rRS zZwrq1zOZ5gFJ7dlZ2YEOm=sC!MU;u8zRxZlk-RhcNb~t|0ZFmR*uJ&#v{R=Ja**gy z*Tp!Ezfg9@Hu7?Pel;KU<;p@)1$|4fr;~hkeJnYL5~FT}#nZ9yp6fx7L!1cD_G1*} zGi6FCn7`kP+Spnt_Uo>ToqXRTG7`=KPj;ir0LER{LCE3~Tz&56rk@PKqYy=Hb_x%|#4!LjJat(F4 z_@Sp$<&ax7$=~u;%f;D#z{B(GT2p(RkWTbjEqmaz{5{7s~7eA4-L*8;kGJhoep_pIng(hw^i<}0I0uz&<}YAfRWun zs3$T$6S@+7a&GVmm8t%*KbJN1sUFb1x_eA<{nTNdsELoL^N!G>d0*~?5z4b{?tJ*D z;Tr1&OR03d#@KtP;juWsHi!YRUSSf+HVY#$xV)|P$%UD?hwGh(7_CoZE!UFGATR0s zq2JtKcC}EiC(puW#cC#Z^o_CAXoS^B4=d*8EbaDB4H{@Y9VocZ2dyXdA60IRE)o*y ztmj$|Edhk^Axsa|%i2({+!iyWYP~{3<`k`A!vDpB=sk=ei%|JRs{?OeP_Ef7j`=Ir zMGEGhS8o%YIC1IeSZyemMavi2_1RK#rcN}HHVpgLLh2|K!Eco;1b&!Ltz_SHN5shr3K8qI;O{E$oaeuxoabN0PVmkkA+9O-0JuV!)+3!k`t7Ov_XeA4PGAcUS zBz`$>{kJR)eDQ*hp6&r9G*To0lopr5sabMKwK%wyQw&pty5pm(^DKX^f=;tuPD(Ck zGC6;~NQ#RjsDGmMJBwe>wo=YK930|s zOn?!)R)6CSzEK2gS>EQ^jbu*PqC109sLdUb~hy|=Qx$m;ig`Qhv7r5FFwO9 z`%z_WO=Z+iw92a{B`Ie63S>oKc#7u83b94F7E*V0oLQ7fPu>kvM_Kf^qgA7r1q%TZ zcTI~=4%bE8dHMVsv2_5OOdE@zz_mpIumU;DQmxreYt_!I*YlqQkRtT75MjdeRlYaz zF#ti|et-Apk%{vX*NR_W2}y$$|5go#2SFEO)d&}ae~;Q2Vv8|T3XAJ1wHdz1!!@qwJmp%}U=^A3C0q9+}+VUYl*Y zJV&$#{Njxwj{iVrQ)m2$t;q^eYE=6sPM;%@Ib8_y=dD8rq*QC~5I<*ZZj<~LvuKZ0m z_Tq&I?DhL&5j-Z54p=*kLBpI3m|nx@at5mBH~OAymDZzX%wmRhSS2K_27f!Bn}*&7 zvT5vBDWvZ352tM(_Ho%QupuE`e|V~s{Hb>{Obj1NiqWwhX8b6ZGa}mYko)RGMN+r% zTG0~C4cVzxmWxZ@#*dw(EpA6uY@*IID~3G3@?v|i(vLhMyK70wey-dmr851P+xS)W zs3@C}(Dml1t?Sef+t$P)s4;Vx+RA-I0?hwv8i+pIiTO^>Qk)d$yt~bC4=hNnt*la* z-V0*(MbwAn>@-_im4D~kt&yOpVNf}C%rREHdfTdi`;iqpH2H$PTQ_SWA9MAgay0A# z2nK8+3n}X>u>mRZYFEFpyHYMaK$VK{LQ{UMQ_`*qn!iSi#qspI5w;UwW6YGBnMdlQ zRI_r8W5(=y@~t@5+c}CiOox{2hcBs;^o%Z{Rhe>)9)^(=@!W|FJ^bfKj@`;k!(d?g zR=a%O_5zZ#AADdsZ0|=v-Yk|NMJ;vw7u(@LGW<0D2^`ms{0h{H^}11{}U_fXuPo#W?18@@rq} z4Tq|CXKef;ZV>k7V~f5&ZTmTCg;mTl{K`7J5XFIYjGT|R#~-y&=!V|O*STAKM|QT? z!6w!Cqu^sq7{65Z6`GhUhkGN@mGoXNxN_Ot(cP<0@H*(^ISivpnMdU|yBAswCv{liQ3Ief&Q`in@8v>7gtD<7 zf}u3@dg5fi*L)>*=<*^-To11h_NJrx=AG`z&sKr5 z%zxBy_#H?2{UB0nNZnf;*Mc2Ml3aEEd>l8c7o`4vbfAT*IK~JHM5G~3M+o`Lm(RM1 zk-hSmRWnB@C`5XACpl67A`cZo>oE7cbflP^tdEYI|OCl_3Ns5L?;&;2S0IwLU(tgnGKqCCB2<+^fkr*}?0_{Q$*A=@dx z>Rq7Kr?&*E6lqJ*=jRt2A}tO~UQy2HJkzC`A8>`Wd#9aoTqjzIsGz^pUHounHpanj zXoa;%A{4V4C2Y;qcB-(LVJ-2PXDvOSMj7e3$Q#ie`8FJ>z3nm>> zdI9T~y{KmsttpP1lQEUWP^3*5=?)Y`WN&+QRzjCXc{JM?KzSoA9ab^K4zj~)nAaa- zP{z3Bn%Xw@&i)VbDzteK@y8eiZOsd(U2y%V{%tO8QCfVumq&Y*thCr>wIw}yC>E>AwMCv%euSp z#;y9Bqv2JXVhlAXq#RBU(oEAX!v-|pUDec6L#?0oiW#N<+`Y-CRhT|aIQ+l{pDbu2 zY=$jdUGjwZPrFGDzw!JGcl!Hxpq29K&@<{ON`X|!}Llzcby(ILx#H1i@~PKW}|fxEPkl%%@u0YR4AA3-I?aaP>qyI zDUYC|E8o5+zj&!tuu#X(u@bGCRynfLvE`^)5}?Cu`pM(^34fNILi8m-#Ld@<8e3@p z;zb_5Ac{ReDf!*Bewv5j*h|9_LH+r_ST<*=vUEYpIESzJzSfr-kxZC|39R&B9pwLn zocyd(;m5>uVN1nvbIBiPgDqTP&fcz;aX6M&7$0zRu8isqWQs+ov8=7kP>FhFyO%aS z7U&b*;+>?{(61C3Tk2fGfL}P6(!n9zHo4_^f&4ci;=a<$cS^8R!ujhL0d;5su63R0 zQ_LpFqufYxyZ&R$EWT~DokP{;EC3|w*3Ft_r-=Lk!Mp^cSL-N*}F z8!My2+craKj?f!Bj+&BXh8_^X@jRoFN{Fft2nn6O?~zixR-y9429g>y;mhCssJQ-+NzPeHMKHjd&uh=#NAK zlENA;1{YF3Hx$K2-V>y$meCX}ahSJ)@)O`F(HydVQ% zWT-eiUC;~f=UztrpXo_gWoPZ1MQ?apzh2ZakYrCEbH7x9){mPmFo<^?;2ZQQpCY(} zIeSvcv;1+F7b&#b9pZ#kiyaCrvAxRBAX=@`#8?md zY-}%A4qp3Kkg*tn30A{Tn*Ug3VT zWmm%j6o?K~c@drykOv>_;XbdYVp@GJ1_xQjXXcfFlZ3sJ9EG3687v-;S$teIx$xRm zyA*eyWbDv+oQEal(M#oLDxGi85MNU}^(MtY2_d@yi%c^s}&S`oQ~< zwD?v&v^>wBBV2>3cUtwFkF`VCSf@mD_@4r)0|M(4YN`xNy|Fn5A6RYS6peGwEej;d zr>MN>ywz?n-I-~zoCyV8m8N6=5!D7rchDWI6ADxLj<{^cx80*uG6J$KTZb9yx3{LV zF>PG+0$hu$I+lx$^?ch;ipkR~5Y&81I4iW755|rMnl@Awg}5OpERx0A&=6DI2|qnQ z6W(v(_JU4}YffWem$TkT`nbkP*MDpvA(CC2K_QS|b>9kFMtF0vA*~e3X!^W}Y0Yx4 z6ER&x_1lotll90$SbNA~eAkI`)R zWFK=|E~0{oC3k)Lw^Cu;?50H!%X^`eH>1$GR%a!Q0ip*moLPw@Vbe&^6mLK032?tP5 zpL!8X#I70)6#cg~sshglPI|OhS@{(?{~7vj$*S6N!vfzA?I%5c?1_xvQcJAZqf1z5 z`MVvCXWef#)t+_>w=`)w*_QM|c5&*$Jkv(sp>;4hIT`-xA5~Qbw+K2NnY2sz$3F!y zr&MBOG}{~(9`F&F1s^r&AQuG(CUhARm2XiEmhgBZU>~t7$RmJy-YLK zl&Q#IR7z_7s<~lC`Px$udwL}NjPpwHMgQwR8b_FFWdq4c9|t?%hNH_RcGJiD^>y7x z4Q(o_-3@cWVj-8bT)2`xHEgk8a|leHg;5VLR%j+~GP!EHPUvTy3u+e&fSYQUoppc` z#j#=>rZPT9Iq)sgU*=P7x3pIY z+kReLuNOjK@`L+&ta*zy^Z!Spf%e84Tgls=8mlV&nZj^9 zmT&kJUGD8q!gcqtYlT&7gn;Z;pfH&BSK9Mu-;m~QXIqF)Y!MQ1lCWg%0#lExMJo^$ zfRX0@w8+q{XWX1Nas1BOch|G2+<{uV#GoTxTf*;zr7

  • RP#Hdz`2(mA6J!ah>RU z!is&4)nu-n1?nP&a#*n83MYNqEwVB@?ARmdJ|HyT(O6l8=4;UeS@WH+OPSo2TWa50 zNXtB3MzcMKuMV7O3g_%=6sG37izMEkEY*k#zv#V$0H<<`3RA;T94^n({zE?i83y`S z7Eh(u9M)l3P1#=O$RxJf5)jHMvYs0#7=1bXLH>=gF6F}83pJ|S>*yHVL|c-gEbih+ z&IWhHwoP#gvgF5!3O=UQ-`Khhsb*HG;cipnt4;~^Z9_p-zI^~Y4yWOaiSNZ*R338V z<_YcBgZ7R(FEC-$1T`3SRo%V}n@q02P0Q+Z6bV=+~eq~9HdQjG0x zt;ub{VjyxHknINvcjc>{QsC;las7q+_~m%+)>L6{1^Dl;XwI`9jx_?W4N2}^x?Bqy;zzroht8bmC(kqUzvWN*WT> zj}h5;f;MP{d2Ca|jJ1(gozv*&7!Wx;0L0vc&=AW3^W$702P}fl>WhRQ0jLGw2g>jM zTuAKy|$-coA~8=6c7ig@f5h=CtI)(|exRuL!*0 zk(rvhl;;^bw$SvO2rk~x7M!nQ(KON=5tPiNE3X7M4NhJX)HR^&q1oys;Lwsgr(BvVZQHSix?@3RZGn49YAx{tOfMWsasI(Sf7Lnd zOW{Jmkst8+lgtdSa61IXdt8LA*ZO>DIAisGwjAiV&AeQ^QBypYl->IcnLYcSx^W-r zJoBX>!OffrNLDD^@(HP84QBHTDhzz)9+!i!gJ2{7Oin|3mMwT)&7sVMHOKPYW{#ae zcRdiF>2UUKF0u)?00GUm%4ww{3O5VEK&`C$`eu40vX>ERmYcajfm-~q9{j}f#i@BQldMOT2$}Ir))JAMwD;Z;)JM)|ea>(l_`bbW z%@%dJeWgpTZHs%$HiV%5cX31Wm`U-bS9_rir#gSO12&Fvx^*)$y{J^HaHu)<-c-uKEn~kU?igL{Fnw zc@ol078Bl$QsE6(~`s6zGp@|({ z5osgH5RC&pW@%GC>LD<2RRjR{Q{U8}u*gbkt%s6mUgu>BS)@HL2GR-kvfh*&zB7hK zU&T%=`KeDXYOmq0{T_aq8=^inU&G1%&j`y(C(f!r!Y2IbZGu3o zWWv%nst2|`wFJ3(O&?B)Qy+F>{ofM?)o-;OB~r|YHaKbj$0ZeV(%Pdt(1%@Oq{uf~ z4;D92M!v&9skOOICRIf&zRUPINCPH|6&GHY{iH_6_P#S&IiGojQo97#yHZ4*nD+Zn z6#wFz-}LZy&vjOX6PRG%r%fP%yL4zMEc}_f`&q7s-_Bb*(4DIEpcc0Rmc+A9X`24Q zDz*|S`7?Z(?hWBzFB|G7WF!3+sGSwx=g#*Q+F3x$Z{3w?BU;Vek)Q2t4mwR!Jo9>9 zz7^JZ@#eE30j@b^s58XkhciuATT>k37e@TYzoc!n{#thEGMS{Ay?0AdnjArXQ-9@F zK5KKkB$rbiKO&z8nTgX`#$WecCUc59+y`?ZAe`O4$1Zg?_bxBAzRuqu1cEneAq?Yv z{Hv46+$56b_~bBqoMawB3P6gMeyi6<3L?wdFmKTG$rBmS z^uk;ys$P$92ZfeiCjyB?2bW(PS6|`gyjst7yD!F}EBJmca5Z39MRsadiffLgFEmo4 z^ZrAVTZ0#iE5s088HzfQuW&=8j`w+%NX*IiE9>nfDhX$fsj2Jxy$YzQjZb zr{)hB?{*g2Srx*-#*{;miN`oRSt&Q&aFoKr!9KW`y993a#FsuJ{9Sll9nI`+HJC~2 z=6M>}lV2Z8NgX|!8hSb2DqXZk)(W4(+$3t!C^3Lj|HZi`vcUl+F-N>IVD#kG?JlUy zP|+KBL5?{)6XkBC_`AMYuOwq~dm(C@{<*_wxS6y>WFm+5^Nf_=nRfzjXya=G3tHj{ zx)hmBxhocJUZb{?6XU2QAK?`=8OPC<9ceE+k0J!D1;QxV92-!JBgrF(gz0E>Rs#T( zZ&4(UD|Geak&5V-niSf1I!Z*eY0iru7bt%4M;F>Sx6s^tJsq_*Z4So>QjCSgiXYfO z&^zmcSC9Co_6xc4$RJPckzA+**|5}2XeFHub>?LzCK6z^mk67EC3F=$)4P+%tLG1R zU1BCvio5IMb-kp6szrTVxqFmdF^javT`(T?i-b*dhDG{#HjLsYA#fo0r&y?^pK=t; z-Y$e}b#dZ*N*nmS6W5O=v^wc-yWiG#vs)aaRM^sA6Mhx>V-s0qM8)H@HDTjU*Z?8| zKz>_+Op1@Sj0)EYJs~=TO4ZI{6ClErHm7PFZJMT+H=wa+kKzuYc;Of{YeTe-IqV8;j zGl=aFkYb)uvl8?~`P~uS|yB1k-v5zHFyy_NNmeUH* zL#mEJvMih+iefYpYm+fvS2!t@I~Cde}&+TF2#ghFD@Gtt~*B>dnF zrD1MF@>q1rgXuWnMJf5mzdDHCU!Pe5On_a(hBEi1ze4H3fXJZ-wqNinf6+~(t0Vl1 zezu1>c}tRCOB_U34bkFK zv1omgmQBu2y}f|s)s_>jKj>x?1(0cD)jU7sq2^F#h0HED7Y*aK=V+C{tF-JVyoJ(i z46JAFV+VQ=IR4#16@oO*2JOTm0=x_-Fxamr6V#gr-=7qs=jc(06T4_3SDz_4B94WO;)zfQAysbeGr%eVe^;?W0(-Kc_ZB=Anlu%;P1XX9} z>!22(NI?Me;Nk22lmz5dj8wXRvEd*f{t7QK^NuROm2m31)L~w6)|4GT)2eg&0c2*8 zmh0o6#Xn}-Ylao~#@smsvjT&`&Izta@G=tHR=b=`E!<0SG1?+gKH$JsAA>E^faMj6)O$JKYNgpnV{5s+$PMxEDn zlY>6SfK3xGTuk0xi`u3&V3J*G&(M`YX1toyY}V32%-N3HTX|5#$9n5L=j=;*o{Tb@L-xlFuEnq}IkAbMrOky`O|B3H;9Y z)XKsa9Q!SjstR{c?95+Ct#|eZeiIP6+)gDa+s?2wozad>^Q;st8N7S{qw%Mg$+IBg z0GW9cuIGNyiXAr1A%V)XUz>kc!Twf6S9S>;d^EsBvk!2JH*_B+S zH*Fjg&`0bR$k4B+_q~goecWhTZG|2C=$DPi3(Omjy6MCtd~Yq5KTh9 z$y2y)qB(hVkbx*)txK*38!=Z0Z^?P(>+mZQ^wDj7wbSjoJB%QX_zI^A=@;!qmTW)p zI%}}iuW8R~m4Fg`nbLs*a(VAjk}|h9ThgUN-e#hr5SsswAAsb;CP11F;ytHM5O9D> z8&r?$pxOE2qo+3cRkHHEpAR6A;KDQPZ9uwiuWm<&kNows(H$xV2J(WSma0jkYB4P;=(S03MT|lY~w6pDs8~|ST zI;*IZ##gT0$N$&DeW`~dtPx0Hf+!n-mJ{NIe;kKFRxAdzbNEjwaN3T+G@G+my}%Wu z!TFRMZ&6E+qwYBZeY!X$b~`}|vWMHWybssXNqnPr$z6VXY(wO<0`k`(_86Z&b9vGu z?%DsmNd{RoQ0Rl@iXbql{-JWp+X*CptW;=Y!$wIFI~oJ6vKU!p(^?by>v%>5`Qe&g z+7yR|Inzw^JNFrZ#q`avpY8s}j~J&i){Kdmk^6!1|Wy z$|fTB7ySyziGb%s3i~77Fa5ao4f2q-?07S^(_NtNXwd!1Rf2AKxAXbWrh<5c2Be^z z$pj{#{6sUGQ-56F(jf6`b*-f!HU}smT&@gxhFKOJFIr7*Fke5_1%%UTv4fda(V(i< zYI3bErU;hGWl(oV+=r7>BYlsgOQ8l-Cn`49`hR~Ne7>L=efWaA+F5OH3U$G2zielT zn4!p%_PKHU`SH9rAF)bq`4y3bU8S#-h)(@}kvi?Y&`XOACz^g_27W;4XZtZgWGRET zlKswi9yA6e4-ZiCnEv}c@05wcSJi8-5)46Qh>xK0^=dAG$t1^?#87_?YG?8Tv0QT> zm+B|k?_b8x3I899fc%jn%GsWW zf?9af;|k=1!NOgN@(-}z4RjWpm!K^2$$*Q~cT7f3_~0~XLR;XwMr%3UcitvM*r(gZ z!j(ktw=AYVDcOpxM8~BR@=}r3Owq)8`LJ?Bj?pS*cl8|uQPbn#^7&JS97hUQe5{g{ zHnG?20E)BMJ33pnzRRu*dpl5^Q&Rq!8ct(@DNa z;t194-#d9Zei96Zyz_IhMx=<&gJ!m2#H)4W@_XfX@u@31Etf2}HyBwZ|A=tDX}lWb z8YK?;DQlID;2xf2F==(*LXZi^YeZ5v*`RpA_jE$~b{enn`v8r|KK0lqQ=)G%rF#~# zw~QhmX{)RV(;&D!5}kdib0VmkN96>SM6I`Ni~juN^+}7zq!~ZCuVHY!75wrEWA)y& zO#(W7-Tl-=LYk-Bsdthl2%-4Rn}y9=-ENab1Q?^A(!%%duRZ{020^-)5KQncSQJF@ zCHVez55NlHqOc%*wU$vh`Kh6kcQVZ@zTw*wql-r9LhUW87b9_}#n*bn#xEG5E7x@7 z*f^dn=4*Ic`JP)GUEQQY-PDFbDbNXB2I+TBBNQ#M_^~G5z}5BOaJ=<%bt3pB*blu(!d z7rkUZ>1n5{YZuFh-l9tOFcAOPh62sK2{KXLr|O|f3s31;0yf|9Nf|S=DfC>wzOH=1 z+bTJ+F^ZPyleT?{&9953Zd~tL=FA>1^5cA=M)*RQ zt^FZN%TwTeA-^eDnZEf8hBc_kdUS$n^QPVAc}*6O3VPv3P@IywGkUjQ&MzI|=jw+D zCEE6i@Ny8`Lx*L&F8->=(dueKH1W~bcLv-JC+AGHpO`PD@%D7IiQx71A#gsEb?2QC zX}gmKeB&Jz`r7jD%gM*y?<2S!!au+|L*&{xOqs_*(t`~aw>onxoTnQ1baQJgyKZ3N zOSYAcrKPS;w(dyWx1>m$AN>4g>&-o%WgJ(`w|u#{%MsNm_<2rydf%gB&tn0a6MHO& zT}Pl6T}SGc=M-|IqIC4F50#3=oJUqyz1KZI+w)nBsV26#1WKP5j?dg?r6;{sxrD?c zP)8#fw!Z&z@}*W_E}?6Btsl#MVJ$e|pi&%j$sMQ419(X-IEnX5_YqLAIz0*9H&37X z-)!S|ZwQomTdoBj6g~0%VFESHQq$All1dl$7pnAEATzR{?qC*FG9@!$9VLP zgD~dG>2J?oUlUM2(SiN-ovKs9G~!2%1NumRL>uMYsD0&C`~6eUBWoZhy1f)d*|+qJ z79E#z$H{#xHZb;xg~Npawu|kDa9~fM-MRm?RNFe|^FjXp-9FTwhgFMKMHcqi@Ty!# z)F0gn;b19EZO6Ma#R{CWIa5}J$9pfx!JA=mH+mNe%QLc}+Tk~BziQy^i9*^EL3!tk zu6SjoVR7#W{Mhy0whWv>mUrmzUk84_dLO~Nc^P}J$Y-xmG=GPa|IQDO?Y`*cGc6fZ z$yq{NTe(_valOC3W%HrMA1~)S5MzHF^$;Gs^SIi*@A>k)faTOr7c|2z7T_7~C%MDb zr`Dfi1rAu-89mi;u*V!CVB8OXB4!EMx0hsClTz&aS~2vwmWpSFfoRX=?yZAuwaAwv z9v7d+kV;my8snZ*a?9$fw?6Ng)GX`JCH1_EyHL<6XBfY< zNNjCzJ^%)~;{1g2So#@gXXle#9k`}(!o;%_eP9JNKhN%|Pn2jn?Yo!BdTTS%ZEkZG zv_f~i``-@~e25v0oGa<)TO;{?Hb0{Nt)p+@LIzJ(VgkFT@F2C@4E0OLIq#YFv{Dt@ z@pwxZTVn6qixU-CcLn+IW47UR?IS0M%waiN)SKDrAha6quxA9nYmmKYYZe-8pvUuDdSP9hSIS+C~^&rW$@ORMR7qk>-3`{r*Nvrn8O#G18i-keNa z74~H`W;vWAS2b(hy*b@aX&&XQpf~isSw&+O%{j79vv#W@WYe1y%TqCB;B6DdxwCef z%zI1J$0@S!)2RR^mouPVx0l51efXq_?AL+2{UqLZ!vzIoo!DsSzhuu&`0$Z@m-Z0; zOczE|nkMH#YQOYd)#n5n1)!O%44pseJU!-eQ+8k>49Rzvq5{gS<{gP=y#lLGSWRQN zD#i?=FkczOmd;Oz%ii)j_2{wxp&x|%K3~23`Q3W7(2hZWtAmq0A?0*CJlafVb{C}e z&&E=mLbmj&AkmYG(S_%DOJXiraF|l8upNnft4vtMu_cwT)=<&>V7O9iN#%K-c_pqI4#0Z^V5ZE9zjaaBu)^EUR{FZ@}Cabh+M1kwXoAEXf~_s|plHvP-~d#vXHvNIG#|Rc6`N;D zzPqPjaUzDdB%zT#WMzk(A#kA?f872F4V!?a8bi`t^$7SI9h81&`8!pZ+p z>s|nwO?XYhu2GD-V{Kv7>M|d0N>`W;$AHlA!;-Us@LRF6F&?$0Kcze5;0qMiuJN|7 zrrYZRvhfBOz@pr6vz+gi#kLkRpcWg+)FW{nDvY@O1%Tu20jhgmbprA1L}LYPao0H! z@DBdhatD%=IyEVnzxZ>=ZU=A4+$MnpN>Fw|PuyIVAUr-~Vy38PXsUp~!Gf7wtj_=K} zj9i7Zf#do&^3x3-U+X(lpw_heR`G~KfOpkrYbhXS+;jhXAHLNgzF_lMAg_di=WhHXuC7#0QniPtkAH6El1EaP#MyGul_?Zu?7DbtM>VGbG_^g!|up+$N zu9=3_w~9hQDRMpTh74im>>Y2c8e_$l>$j%rk71~-d{}&We;K!@o@p&y<(^npy4H)# zUoAnhAPw_&UkamDP6>%`xMJcQAeetOvl4Z>3|&tMT4 znTD8ZvWY3c`pOP>9t9TS8@;5Spo~{5(T>!VA8`?~m6{dao`vMObueq35(Xr}*&^{` zj^vH*Q6coQQ0z=nS247$bEj9}M2XXpw>sVhcU;eU%SnzVNbVl$A=8d6J<RbA@hdR1JOhx@s2Zq#;_5*h0$s&}Yvl&e0g{=#~@5P(fJ2$$MO zcmare*(aPLU|^7jzByY$IGsBh*)_j?h{62bX05JJ^ZW{Lf7k{J8tk4cra;VOQ^6h* zUcEK6&15%~w*2nSQO}LyFF0C$OTz)wVyDR+CwV{anROA<+LJ#FZz+CS^dq&_f}(2A zl(haHn@IBo)XUw!{nxR%h#Z^cJ2a(M6-Ux3`pUbAj8h-5k-|xF7k>AHY)S|>rO758 zPIKXuLAKH4XQ8F9RrR?-6&<=!5efyY`%6Zn9E-+35)u+Fn`|$ebg2xwQAz8qhue{x z+M|`NG7H}vo)9%(0buhpp3?4t^0!7G+3nATVSr?C3|n5D&0J5}*Ba*oSqa-Y;ec(f z3VH+Yn-w%>ft(}vG;1j<~vJUB;QYSyY(gpku}9)%#L;eE56#_S#Eh=^t_ z0fZ+XP8_XfuZedDnr1;rb0@aT-d7i8lfI1AZrUj^8!iwY5Sie-dC}D6Pp0}_-2W$i zmqN14c6}-L6>7ReqE7OOsQzrB<#Ss~C?@s(U$38vT3)=eAX)t|c!-UZj{EX*hG`OD zK+b^-bZLYmx#<<`+kA4$U!Lc$Oqk7JM(QHy?0i7pA$xjsSYcj}j>p)$unqy^c-~T#x)`!>5x<(_TrY^iXPLlSBTShAH_dAHsD~f`_4E5Q=6+jP&I)Bn` zEXMtquw$1|Haxn|J}lGr91~T_nW9=i*HK~bl$jx{L(POeh$}V?LP~(!epmmlUzTHdnbJyeqsX9kbq+eGEG+sk;7X%A$#Q_Wc2STk=P~bUat) zgqAUmj`=XZX}5co@??>7e}V0fSLj2xohncM5c9$gbwU=Se6?|x0JyizY#mBWzI&^? z_u=<1WSKpDejTGbQ*z|HkRH=;68S*=>Y?ck*C*efp7Z)s1fy2JA1eY$WX9)p`75}ux1#=b1(`EyxH@{v8ceb}4=!+~V zXlbWl9Xh2Im7>|#9A|qgp^~DqVVb#N`^p>f{@p9C?Jhx3O$CDghkRroIpX%=2VYIu zO8MGyHjePC?Mi#?J)c@MDRRm@C@x$+^S<8GQ5yC7iE4{@&eE-oT!$iO;+ACCTRV_C zXa|sfBO_!C%c-SDGjKEcCb7}AG*oNb&ktIsmm9HdRReFSzY5oYvjeyZ{&``1gBEkR zGSmBpoGH?pNnYudSo2branFn5IUf`AC51E%vF6NynF|wGe8zziCf+T=?qBd$YoeI> zj zEzp(ltCnpk3n`Xe`NzBORxlPw*;dAU@TyY2nezu&b>9d4*%!FKfBpk;wiF%0XYoyN zW41K^q|-Ui()7c#T5r3gHzERLgl^8=6xE})D74&P;Ld1!e%?$L{k~YDqTpoa`>zd)`jO^%`xW&+S8h>-f!y8 zuLMUlLNd@}O;)+-hgl0>9c_`_p7h{5FU~*#U=`!nLd(TK!bgIi#PPT1NUA$GRi6^5 zd|t*aXBS7TUIsR_(XpcOr7n`$NXMyVW1H)kvJe95mTky@;z$#6&85{jXPk9l@70A__#el|@9Qjt7NQjg|?2 zF8cM2V}hl7{q&a7^qdV$QKL#ewEM3Sz}2_XV1+{)wxDw$mh z^lXLe`Pf4{=d51wWhE^cnl|3}3mtwromIdkxJf)uVb!xIPuy!J?4??6C5T5T^g1{v zI6mMDc6!rNN>_Z!Ey6=s-fpTGc<;x=G#nSj9kl?Li8*_G0Y%WkoOO?&7pCRMiZR7e z#cN^35(QB}Hx)x3)CBYg{G%3%RqHuGrl1VB3PGa9To3}8vB7V#;`{%PYn(zthdJ_p zThqJUS10*kFTG(laVc>|hb`qSx_0!G&5bBka$@ z6hG9Irsv86$VlDAuOoO}pN()_&&(W1f_<=NLZqKQCcE!T=`{MI9miBz#N-BLI9Pzm zPX^uVO1gnNXC98dZ8_3s)7}h8oQnYQz5h5z51$gXGYej}%>U{KwrY3c$bel_IRgrw zbtu=M-NxW@O`<=iK z8fTlKiB~1cX8z-OcaDAo6W(gS91nU}{hwCb9hH_$EmQ$`V5-;hjh{x>m+iAS=Y3cCTXV?!1at;0{$^A$_lFqv@ra!EC>dG zVM1PzT@SM_W#5x*pZtQ=T~AeT&?>y~WrXa+o4lRg+SrMmJj|5sKE2%Ne?PT_4&tp; z%3W3?&0mS*Ls&uvi{&rrvZ(KqW{HZ~S7c9HHrzUtdBOt};CdJ>+toeMv_kgQ0~X*; zkMj2IyR`DLV&x{NCqZ(sI_T$DD9uk0skLS|7_UO&_o}^@-YA{OpOQDAohcMpn;)5>PkO&=M>qh(G`n&IZkc8=x)@(F;xip8nV5 zL6wXzn#f5T{O$AK4k7Z#_8}EY62t|F$n1m!f9dz4LoEZG0X<9(TT$r3orA% z_rwD9RJwpE_wM`Xt3LZ=BF7PkO(D5WH{XMSkUjH?=`&JapF zK%Qc8rw8#?BA0fSxk=*KxuqS=tla>H7|BB`#Foz*x1P$L`1}C8#DYUF9fslLr515h zB+Jdh%mGa-Bk9?c9R?Q(0FKsoV}^j;c$)R$iE~6C#4o+(T%4n6f!a@(n0lOp)G2~U z6%(LkS(d&bdw~8Zgv$F+YrYOZ3Odk2@F zTBM5q?X62h0B~VJKuIZ+?(rGDJa==h-VP;fulmgXA=CJz>#EsW<)5>dQQ*=_99R7s zVibj1hJ3;ETQ-O9U$6=&~cwTCkK0PVa3FL zkj@Bu2g~M%FI-F%r0w@Izu79=|7c^nkv#4sIf->W@vlr}r<3M<5$U06q=<3atEN-b zfH$pls9r7=Y8R)48~}w;-`ZGvn%*8y`7RghpJ@HQQ5y9YIU%h#>$)JpkcSA{bn zp8bY#XudZ1uQhI+izy@dTTnT#Ly`FZ_T*iJc zqD)k9h{-crc1;%t0-$gw?D-PI`AXC~V9XgamhOJ`-s z?>~hYzI@rBV%`55X}|j&|57~)GAHv1^;uL1hEHc~69AeSEO)){)xNQ+I^+I~vY-$I z6YoSx4iaWk^+~)DF7$1mNUyn)0h$ojLuTJrXFdf;r`HQ_Z#0Z9E)-sbl=t&ymgeu> zKrzamGwA(h()-cwUA`hI;CX)?_|{YAwe3#%KbR3G-i$PE*~{eR#38vjLvsfuzdGAM z{nEmjvvOVDv|Lj#uK>C2EnB;#R{5@1gB8y^Tr2>W_q9w5I6Y~=#dtKhkbZC~6RlzZ z*i+hk5KjrJ2eSu(nQy~frhY)p&a&#Y(H-nWE1CHqX#Z=TJrEqvN~#44pR2zK;wyKv z3c)`&L3gkX(T(!2Kec4D^|Y9~&5v(o^E6DRW?hc=62O~+kOWSvnQy4;n|4tgt;7{lO z&9`bgHfjp*7ofTHku!PQcWLMKDEiV4vhNq)djTYql9CP;_;2JviAV$u;*--JJ<~V` z`AGQs;qOIX{9b}P<`TNwC`9!4pZ42VPm}R~arWl%Q1{&*u$`iiY)O`ADm#T5p%4;M zmSi{9>hulxRO&-2IgkGwL*d_T)M z@AE$Ib54fL++o|>pjep|Ifnlal$m??+`n@>|0OuqW7)Y?a8DM#aha=SJ3AV>2b}Y; z43fW$!&jIb6K_x%A4;q`jqCtOr*7MU>e}Rk* z?SX{jq4!yXvj+b>VW=g=OmtjI{LeH0^CLjUaM0GjK2CkEtS0Z_2XHFSZSs;Cbfmv` zQmr}$#$*Mt(7~mRufQmr1P#Xcjrp5kgH>b_6X|PZ`_`*}ZO6Sce@=$|+W*$KQPKK< z!qEFd4KAGBg2K=G{yZ0xyR{%c2$ol6qPAq%@Qn|D#CQc!PF_?JuF8^+`rNJPJ|>B` zY}sjS){rG&r|)t9pMN0P4sWqom9V*Y67;fiaQyRk&Y$GrWZVEY zXv}s=zgma}W4GVHy4CT5dXn{cYw(ue+0EWqnf5cVIFR_VkGa;z9z)s4yowbX(cF*_P;kbKlIU#=uaT%T2>7Mug?YDubs>>Za zIwoA6u?4Rjm>;S8N38v8dj;W?55L<9TWh@v3NZe&>3UGv8QPc+%VL)_ckIV{8_zzb-U>`!ol=$F6{Qti2()S=> zh5{!IX0ffVyyXgr#MZ@!<|?F3APgWA4?9hS2{yba%i^8cqkQI^|39BUjEYspFo~xV z`1<%gmf#nnJWhXqdSoC=I_E@TXUGa;*t81PbD~~;0i2sb9`6{Lxr?ywH*Igv$H-(z zw*_|dth2-L<9R;+XaTyX+TJ#UtgCF>*~c;0K;reY%$y*sI}}{l7@7U^4PDw`Gi8}b zdm^=-Ncp&o&%;!FzdEQmS_dPA%=)tXQ8^nk%;E1eM83J8f#id-SXgBRLmk$Mc^RZw(&QytpA{^eJfSyQ=7-qw#a*YtJk}F59fNrR;u0*$;@PLuBZb!-?w9tv zJYtAiH2ES416Wmc6cMp)&sRZ-JSLK@Fk-A`6w~D&$T-AQ*pnY`y9gk8wM?{(z`lkI zX&E{!+9`QZtSI?6!o&#A1~HLj9U8omrS9=YS5$W=wnB%gp--DtQN-TEvx)t-7xITW z(Oj(|I7HQ?HS_57g-dlGsOHMxsDN$vE@r+4)hgbvA4`ARPqz6P!D6z`<+qp1zShj> zsCh*6O5V#sgoP^YMU`(Q+J9LANGUq%&~towI_eM0L+mLTE=KsCCwCu|ij%3gj}=O@ z^@1b&H;*LsQA<)kci5-8?_A-GQ<@oH*<^NF7E|d){7(ea!hJ?^|@|fARcE!cmX9RBWAECrOBXUL=XnB^IR-a>a zXl;a50Ga=3>(=(h>t$uYt4wrM!95=O=mc$40}LmZQCOhT=-udxcrTs~nKtcGaKG=^Z+eEIZ^H+z)=YtG1DAb)UowPk771NKKq4*w5?C42-&zGOPi z=Z8wclDhe(iVnooa+r$YIxI6$o@?OtriT|1cL+_KdwlnOe*0qoN1Sq%1o*7&>Qdim zbo-v`L!zI9XsaCanVQ8gI#h2jB)eWj*Xr~WQbd4Q`&-Q$2Ksfjg1Q+g{SekTvE_O4^8+V>YphUlTx0HQ{0bfBZ%d)R3JXi9e5A_su<2p^!4oQfSCF_ zqid%j^QQhce1?pC=MquXoF#3M8)NcC?FMe+hkS`so{;8#-NVH;x3tk$?D#MhFISY{ zjO3iSS@qb2yo33S&&aIFsCVy?<&00KvsH6yLuyE9l$_^UzE#y)pYPF%3c9J2@J16d zGI=n!S=}^RqhW`N|1slxcpph~U&&=>=Aw@}zlO~B5`mv&y*meD(=x~w7~G=@-iR$| z$}kTx;N| zz{)tNz`FNAvhfUT!jXl-#NRlL|I%YPRwh-m&L=THa9qzIV`?ZjV%_ldc3UE9_{dT= ze}OaE=sWjpK3ub_W^09v?C`0A4E1~LY!a$9-Ox;=rVm%D%uc5qZF9fm4Q>_)&Og7H zm%;Ltrd;eR?u&P>kCnklV4y*|nAV$_D?yx%U!>c47sHa zv@zE`fzZZZ$d1p+aNT%jn^LK`BzZh>pkx##SI@m^c7?XwTIuly4;s++ZC#u*9c5CK z-zNB|bZ&=1+YA)?b+J4RSX*<6XXdke(id3pR$Tz0Kzc6 zCwd^}(M@()!AzT>Qr$3fh^|%$+34X+(In!QscN^}L~~VnJ1d1lcKtBkHvIXVya@U1 zAkV{Ge}UfPK#eazTQ6`r>IiU?TD;~*C9zZU08{}-{b+>0TRkp2nbQs@RF-A%doOPTv!DSP5yK9+hfv~UL@?X>5T8r+f zppBn&J<33xbHf-$Kyn!cn_6GW3-xl& zd@)@$7qT=DX5gr^rwM?0@W3Iyg{}u;ql`pahCb<#V51Xy2UU@jbNeogQ|^D9TNBvQ z-5JR0IWP~bpzH5*d%l5?p;hwLqof#^;r9nH(-!^nmi08kP3UQYnplpVU8CW%5 zL)`iV)W^L$A{3TK1#m~^8%{H`(W?nB;g^?x^sOk2d0*(B(tDeq_IMx`w_NEa+(7Wi z;D_9QgN=SG8cRBPRDkt~n0#^A)u0L?XE3e0^ZVdlGxc)Mh#p%tXHP#1+4Qpi%(tzz z|0?u}?Cbt*yj60Ao^y1+Sp+z<$>BN*gO}R>5*Iw>%`7%I2LSd1E1LoCO?G!cR!a8n z@MHzI-e_cHdD-~SLy6sI7{a;?f#CQ0U2>US-F~X~tM(|k$WNr*mygXXADgqmAfpWG zV?1~GlB*Y4^PWlG!VHv-+XtgbZ~ASOzD48;3tT!RH{WpVJG-3yt~Ot9yv9urcYy{& zj%C)4Zca#^#jsDtucWS)k|a8wGSc$$Xw4i&vU&W-LM?%E^!w4PSI(!4wdgDo0sf+=Ix{rUakH-?bfMjuKgeHb8T#u zO(20n^=pCcV*Ns1f9~i}6`d|%pNfH}S&-Krq8EoyIG@sZ6kqOy8xU^}7kk{TggPAc zEx-51j>{e0++Thk9=<_e+m*ib8RC*ytG5uxuMJZI&k^}6>R=A=80PqKm@}KU=?dG# zkH}nNi@z05kyfVkC9(7fQk&&^>6Qvty~4c$9;wS>>F&CP!b*N@x~HZ^PZS(j)g(S% z{G{YF6F<{;4oH%7S>w#kx~C@79~G!9_g#YQDfIfDXmC^TGm_PwHn2C ztv`#Mjb1|R&j?u>x#1G$pQToha6lc|&`*Nv>`xyRptfFlES&)L`FJZ0Tuuf?L_)BB zw_75}OjRVE%UJ2#f6c%A79oqf=((FE%2Z~|&`G-&`nYDeEQueAfi(Lv$zQi_7dGELT5G_MjH-UxbfQ2WDAih=(12*X{n*sTg#onNm%?9~;H&;R); z_3_DsZFuWu6NxX6aq+KZ7A>o#y_=Iexj)a4*FWUCSFT@}bhV(Kh%#w2rGsC+_m%S? zqKX~=MK9r8mu+3d%GmAsb5_2)$%>kE3pSa;ED=o>)t`KDHRm#vmReph>G!pDifKm- z>B?iS>)-SDrMaRZn>q6Z@DzJ;Z(<&u7udKEM) zz$c6WEeam`gWFx(@ru!V(=HAqvDdAsj*iEz;Uioc3=F{5Ze~aX$Hh{`51Sb-QMUBo zfuW%8foa0EuP1fD-%`2FHGAY~vB<^H*%fjS@pbcs$!kK zy4eRa&C594$os^Q8>?SlPU?EO=9|s(yx-y!trvEXlYIh&Kc81HyZ6*ya*MY73^kOU z-o2&7d8Czp7-J^u?}o(Ka=0cWQ=?*?`9x?fSK2~qTBj~O_%v;0q>f3ylD-yP=i)Ma z9bG(gpu#={`Zq}7fK*jM9d2+7BR)dPLofM+pD42#2M+i7Zmmr3dP=H4SegN3iH%bv zRs7B)!$95L2(f>2C|VrB#?%wNlGjm}E?kC**6SU$>A1!dK@9hjdLh~(n29sh=m^^w97{gz}k#@}wsM&-ugOQIx+H2crxwg;C;*J}T0Y8(=UwrDtb5x+P zdFviEv{_Y&){C4GMPgw5*YCNYL?wJqSwV&wa1E+*v^yr>wnA8!sA;Fs zo8_Ul`~ox6XuUw;4zlV~2~Ds8p1+@P*o9oB{YwZcJJq}4Sk$sS47z5j@@kz21x*LY=sbU(xa`k5 zDk7Bb(0rcb+|958dd|)brR&u?kyNFAhrVOeo@3P&J0^97d!PmsVDkU+eD6& zCers+)f5DwzdNdDm`JzYpu_wGk~zUud~*%}#~o1`)Zse8KIr5| z!!WpWb#`*M+1h=f*GZ#CHKH6NgOTEZxfqwmSBts%0kv55*R8&QEJV z&WIoZ!JMN4(B_J?=v0UjabT+2Y#381x;DgSiGgU#s0qV(_*we0p<=_9Fm7LO+(**~-wJA}_%8M4a^34J2X#wl{J z{4N)V^j=1x=f)=4roW7k)JMn}(dYQ@qtGKHwy7$;`|oOCiCH|~Wi0RT&$Ht>hgRAo zPDcO!1zc`BRygye$_d&WTfxpF=st9QWRoz21EWW-yo9^UV}L|@1hfNDuuM4C`|VXY zQ)x|E`0nZI;_F~(~tMx1c#1utd~*fR8={p1xI%*sj2aXV;I8%Ke{@jHbc- zaVuW;dASSa2iKKa<2Q$S_?lHgs7Hfgu7@gBQF;8VL>DuWs=r|XT_tMgRTmHebbs=C zXjI3-n`7-?=7U+=!|(Eg;9iYID+3g`y+S_C3fc@M5VuUXua-~cGwD;l^!C2mp47Q8 za%6fvzl^gO&0h>PNQ7OeC{8qWeXe`mzQN7pay5k3Qkf$$@0evj&1$)QSK6NLLE-e0 zfDz>2L_o8uFDSNJ$$p?$0lE)hEI@Cu#DBjv%6nc94H{y%8CNd*RwA(4LH4Cmt`R2+ z!AMj6udHWDrFhKa59>;suro&m!`J;_sZV04;^B`B|3HfW=6~qnM`a|N{o$IfG~1ja zHE!sIX-8YoDmqkzLB!xCfp+{^E9>ZS(jdk++(N}3<3kUBpQpJ&-8U31ueyf_4p*|s zecB$EUA7svzE!0y1?w&Yk#dZTCMX=a(stG+W*5-nFhGj~4jh~TWD#BZF!h!=&Egh$Am0_Dbie&QGTpUmnRvJn01=H>1@4Osxhd#m{WlKgE>bOR` zb%AwNaq_h}5PK-e*EJ^9y$9SnXV*(~#Km?dQbdkMYac~ikk?C6c=$Zjm|=Rl_solw zO+gdTpJrfHm!MNV@hd*@12ry7B$ivnmWf&M zIwsP=%XQMF8eCG7AkMD3rzSg&gc`&QAtuAEViY(hWD>|-wYk*q{L|~%*FZ4R`g>DI zMw~Ijyje+&wbo0>KBhgA6j+5mS$ml!p>HKOfx(ho>eCdh`#G{J1eackbS9~l8{DCK zDdAM1Up>tg{;@i}72E0VfjoQPR)^;|#k5XJ-JVbsX-brE#zm5@FsC~-JrIgbLa5vs z-zsr0yIOrRnHp>LU77aixPzK~%Kr0jdb|zT%W=HHLhK+NB&%TjsU6UXU+UveA*==8 zQ7e#(2tB8Q2YD)wlSCLKvRK$1KkO5Krm4eS)y&4;4(A6q?dLP|t)Cy? zpGm!PMO#6e(JbR+O6{i-sC|RJwwNi&k~~}G8(lFJki^u>@A=bRLoA3haqO42HQAzaVsy;l<$pL{FZNJoju=h-kpn6 zffA+u8y0!a^wusf0o^3OmO4)f)yj`D6_=>A1p3mqtDgnxPfTiCG=a9!BtHy#c5Ow0 z4!#JDrds*t=pK0*@AmddD*p#W?`uib>dfTv)ho2=i_}?_ROFgBSE@loTBuj@S*r9U zRWG9{QqVL8yEeV<_4MIcyHI9^>$ZZA3uA)!r$&4|t((4E^Q9isXB^k7&PrAmbEcX* zdIYH-rb}a@UEYbOk~)giADjNnL^=pNO{2Yw%ji&&4-1`;1^30`=_+<4SfnPQ1aGtBu<*}W!yrSU~a{J%wW;}I_IL9ncWw{z*c ztfPM1O0JaH^p$5zy#3=3t+91%@nZT)J(NI5vg<)=zfmxu6Ljf+xPSXw2)Ag18M%{R zm(bTo7LjvJkxB05lKW(90&ewyo#17@?G4S+_|y2vl_In6Q7f1&1;0n&LIw>6$pgtz zJ7e&e)|qzTbw7m?2w`HE8Xh#XQm;X{Tw{&D#U)WEJo}bLy&yJ5Rx8JU3ve(rV^3!& zzOw0>v}duGr^kTLZhUt{SfM++zdb~DhdyaXXzz-pY#Qs#F~J3%j`U}W$rstUheYZF|-Xz7JxK*to>YSK=`CP zaB7_ye8I|bRHfLm{Clt$loU(e_P3x$Zzq*PB2yyh72k)~;_$Rjb=%QD@`z6Mc%R^FmxYx$@eAij*Ke*v z+_h#Hd6xa`D2H?7ixIe7&dvZ~{`L66j+hq#se%hV4 zTz2K3oS?IUGcUM6PsSt}BnWE2i0&2Q(gstqPpr|-1-3VTKj2>u-wO+s=85P;Y%f`) zg8Sof_l&dS4X+o-_5N66IyiHB-9Y_j)9=5QeiT~OotF=&+#r@PQ0&THRi9PO1`S4J zzCFY6^|V4vTs(Eevy04N#$ON^)N`e;r&d@=_s0I#7~}h`;MBWtyGEFBhOcn%el4tZ zlX{e1B`_mX{O}%jS@GSg@M<+!wdluD!pc`zO8;#lYV2jb%(-pk_TxYHKO%#t0{CPr3J;;{=!0ZhacU zRwG0K)+hDqVD5|lq@6|xiuA>dIL&<t*HF?0u#yx1Z1^w_< z+gWz7eaYf*f~CMD+tdj?Y^DT3oyB&Y&ArhyQkFW*E4a+Dnve>v4)pD-_010*Z2cK2vw(TpwiNHLe!QpH3hyX&eimP+H?1fjd%H9IIvAyFXr+%3F`4ar+ z(_Ghy`%0;Yzg?lkH-s}IE9OA#rm{aLhZ@%CjepEe@oy%HRQh{QfYYCp3<4xxA7SQr za7gDdl6oLS3LDxXMZC4dQUhTC9WQ{9h8~cAeF-QTMKd031T1lB(o5yH+6(OX(w1#J zxXkke;^~uyS;No;l!I`R-%Y=-nhkGHF!{(8;lr$fRcXO?I=BQMwWpS-*M(mg#5%aucAW`9x7C6?}p0B z3>>tz%I;~5$!)UI?#ki!u0K&aAmqxo_!)p+5L6yQ`qw4@(E>D9pn#-8#}e~R5{%xn z*d*YHqmyITl7K*t?8B(!H$JJ4IS;#uav_7L*_?SORq7&z@rM5zwt#P=GDLGc$VeVq zTKQrQT14ll)xn0M2$_KYcul2W zG5PJ;G(#a}%~p!Rjr_-YnP8u_PyB+?a=h}zu5+wJQ0asDzQ~oQO0Tcp3C1`nTmY^x zTDgQIC6Pnb8*ajXj@nF+0-Dl3@b>NYt;+5+sd6#cMQbS3_zaRtuU?u`&_$!2#UA-d zBm8bUE;v;MyC_^-Kcc&DjqkYN$VF|rg_y89o8s*k`jF1g-6|qDd3?^a?SgXjp-tvP ziVHBCRBo4i__?7T$OvPLol>Q&&VAu5wrj+d+eZ%+I{_7^4XEL92GceM*yLQWX9ni) z=e7=B+G?!_&a|M|MMY4>6U4k-2+t0`CJRdHt26wDpQR)v7Gd9$xdrq-Q*w>|z89X3 zw^_w+f#RpDe-#}gzB{spbv5x<1UplVlCm_AM0*)6VC~J9hTe8>&&geYX)ZC*9y&I} z7it~tt#GHiG8_IT=<2*$u{wCx*0lQB@8kSC8d*V|IYx1vGkRS+ms zeC|k;FPJ&(>*@Jfr~y~&Q#f896fh$ythAsB;+$J>_vO$nM%rCja4Ji0OmPG>seS=* zO=m87%>N4j@nU|ig%QKQcHX33Y4r$n_;nP$V_9-6+6c71Jo~8nuT8MdCyI-BB?1vK zhdn5AevX@PQc@K=K{JWj8v=*+eBaWNBE&FRXW9n=ii1`4ASfj@fTEz?-c%o zl5gDr(a}-Gf9CsEMZ%$^^S=MwOOQiU4L?O z{ZrcoXUM|A-q5a1fU6ZJ!@=Q9={{ET%GOJ(e_2asXvg#1{U(TgqYhZD^k3RCTlw`t z(=-Bo)n7w~c6VkZ+0fC=!l(T=%Gy^;ClJ-rhk<=VuaC;2 z=!aoqqgP!9hkXcxBQ@gi+7oW~xiGb(@8&YfD*!;2#&(!vfihd* zXz@zhwdtiPU752P6nWmyOAjzd+I*bhDVxrm_}wz6@mIzzeC4nN5%*Q#HB-`H-9!)KVd2UPxfLPn`;H9ej>b3x^Y6{9@~`@_ zFP}&O znAmMx0Wi;HDbAUiAnDCit3w+d*AWkfvFc)?1r9J3vZP(f=!}CMDu&}A$#gm3C^tF= zG=eJhT`K%JJO_%n&xhUUj7~yYCT=(Luv~F$h(3kaR;nGBuS}r#@U(tDuDIzAonLTb zpSYA8^ey3p)c(Vfl`n#m`ut6*WR|-~`5S}n?5pER;U&cD`xb@?NU$Wph(s?-yp@tj zrs}nDiud-sP2uBa65F&OslkwN-7@EK9uni0T<^|fooAzn6W{NK9DClMOg$v!sjMUhIcS9p!L-A(6KE@%R$BWT^saRhYSQLt|`E4S0u;i90@ zVbJ$^1mvA?peg_Wp36-?5m)tq_xChfYWM!m-T#jIKy0T}?nnuG0FeRq8p&#+B}(ys z%(Y%OM=S>&TW(+%r`dtn7{N$uA0g;x;AfL7H!~|pG!*AfBeK)Ysf79WKv^X?eTZiDykQ0FepnN{xtg1 z)Ju=Y1)1CF#ur;u&A-!9TRP5Yqv>rshMxk7Q!Dne;J(_|nRDBNrqCwKfy&gCqev(`*=k~M|9rp4udac}QI!GeK59=8 zgT(`f>(}She77--d}h4v89o_4;6NWKtw*L2O`EY?BkrPn>2`5MUku)Rq}?2ZX*QWy zmK|@#Arvop^8v;ByL1GmR&EyUbVOV6xTPLGj})hf@(Hq zr=@fzCEw|3#EZDR?%O6P;^R&rV}La3$v_>wcUj+Y(rKqqoR2#jeiL=xPOyn=WUtzS zS#Cfy9kV)j-02JL=H8_l;wNW61w@BPVt(b#VkL$}JqDkNw3QaVfUWlQk_Uu6ddl&Q z9;3JQ^Lk4^-Lv#?U^RaJ`HSm7))#E0yl@)oJ$Dy$`1z0`4hIcfP=&_D<)CVhlBuWw zOdgU-N|MDE*6bKWov9N32?$Gd-sm*`9P{Q56N&DLf8?SeUwX>ZkXGN2Veb9G zus z6ye59TLsisN9tfO5FhB#&}dfU`IiMyMSYjA6mFtSP*DpRBFb0#td{!s^t8Dw8A%3A zStS?NJ6ZK}vuwmsoM`o+532;oYNdM5Jn7UhzosY+SZ7|6wID66yV9e$8N}%lQ<8c} zY7)Kvsq0z{7dl$59G3AdMM4l?L{AnHd4(*uWKL(W@-?Z}uzXb#axXL`GTL{I96KNU z;bMJav7=GoyvL0~)2yptIU4^ZIJqL5v^TPH#q6o!7F4%rCZ4&(YH;~23;gEdyzHc* zJsmttQ6q%gJ+~v|_PAjvH9x+}oU~L799{}mN#0mOD*y2;x8CyLNrM+vdV^z)wd45i zBM!SlIa+tKA6qlz(R&9pyY^Ap;e)<~_MCg!m~wT8{9`lfD zd-iE$0D1e&EzXhjAN;Uu%dU4@Er*#I_PRo%mb3Mv*DS`c+JopJfm#Qru919JE0^3G zPmoCR?@ePA(r9&j3F1+Cx!!wd%|{ceo5zuSsF$$#`&oV3q23_h)k|-qR_s_v?O}Qc zbae1{Rqi(}si@D5h&t?4gebfh>6|(R!uiG0yD{OP4q?8r@~miA}DX3 zzegS9$fqcHsBH5E|K)DYkRb$3D~(qGpA38ZZRvYfAjI;pw$6M*@3FNs;)eQb95hD2 zxjFd|JWx`vPSR$)EpZds2 z1K&ppM0Ts-oo4}Hu*NMVepdC@eiT)!cD%|6Jo2KxrLgOdvKO+r;poH90xVB^LpC(l z5)j&ZmpY!L-uBE5`oOf3UO!WwQsjq>SjnnRAE-KTFQ0VAmd=Ej6=^}riyRB>K2VINq!_xmzfD?h-zJ>&we8rVBK^seu(vjL5&KD_s^ z`dte@bIm&XWL*ZuLDN)oXfQdD;Gu?owz)X$<|JB}7vZ7)^5bFgMjaxU<-ve`RBbV0 ze2>U`RIulxhX&nXGvyfiOZ!e8T~0d$=~<4Xx7O$-zrKlIH+*6Q*19X-V0b-YeYKXw zE`tgD+QB^MQt9=5?~cl^E2Hh(>Q1ny7l|$y0~3)ro}&H|^8C%vIZTgbP=~*poZ7Rz4{`C4SeDo%mw9GS=-k&DvF6VeoFnFfbQ7(gCytgB5+; zIvGnV4)cy!m(+WjZ7=lN`TlhjGm~hP{N9XPIB`3+tr#8)c`6^;PC5G1yrlh9e=G-H z;u#`oAZW(^xd_&{ud+(kb3dRB{h}IbT?jZUMZZ%+3nAb3k6rE$qedZX>O=W{tA=n- z=4uD8fUsi3)SP-^i-=n-z3*_xo<(==#J+WgtSoRRAo_A)B02PYaGvje_w(y>?y3`D zCaDV%Og40cZD&sqfr5$Vw)QRKsfe;%ZV9eq&vX3qPSds zm3qn&GbSl!x=Il$rZR>^Ex&sAU3k{0YHmJiQISH&0z8RtH`!i|RA#CU|G82I*0tD4 zgGboxN3Ad>tatpeRS^Es{(5w8732eHw%TpnWB)^{Rg60S{cs!70{eqV>d8iSKmw|X(J1k@_^iNr8#F>73(Y7T=YDlV*Z>t0w8uwACL8sbgy#02%fO0_(fR&L{fEebaPRE`g z_T}ghL4z7%fl=Yo`>QTzXp}}?8Pmf7>;_AI07B;w-~C?&xa9edD|xcOA`fm6$u&3k zsDOS%H5o_M%P>i#a4c;R9x8P3mW{c)=f;g+H*ZyV-ftWB_`1E+mNPpXuS*!M0;Y5` zlaj;Q?hgK5e`7oJ_9xNtC`xwvlSmWWhL*;g9_A-^;jpP*#yQ(aWte+%p|;MB zgY#y^MtRZFui)V)poKbDqP*A<<~ zbd(`+@%do^Ol9)YyZsH_*kkbpzb&ZKm-$O+lni?JU!YjV>YrFb9xv0Cq}@#GWi!kN z?iKo@`UO>Kg>otd4Yj_FtFz8TP=ezA{0GIZiCe&>S2B@O#7+A|8q84cNFWTt<1@zr zt)&rSqJsD>w`e-QW3pM~HwxW6NxJ}C*By_-izR{k3r!#Q)olE7H4&P|0@qlFhpjrB@@cEM{?m)kq!!{Mk6}?W+12; z`|biHlnFzm(v0gO)rmxV4bNO$XKl{$Wy7brX5UT%D#9nsZ#ku+4-%zn`m)n&8aiI5 zmoTrDL0Gn)FPTK6hg)~s`-b*sR25*SXfT4C-tRmLPSYp}So_#zec-|VjCh~DhH^~| zTnay2>oWbi}b{_q7l6hN%mtV<5~IXODkH5fi$koW1~3&qJ0 z7WgVG1+6IFZs!zSsSt1(@@hy2ruRtQYVo>5Mv*Dc( zNc0k!E=ll?BL{pbtj=06of;ebrqRN1Gb@jqI-Oi=_;dL7F_N9_?5EP$2fh1=DEA8? zfv*~F4uJGzBp?3!>7%}S(64UWS)8pM_o|Ey2dc*}QgX7)Er7WLDX;E#u=#IksTUh? zmCg^^L02_=W2UT@sU#PvwA09{Qfd((pk@Hx<!xUcY8 z%cx?Gp0k2eDPb?mdlR6$}waw+pwt}D009&m_nv)>g}mpx3Hkcz8a`IrdauZlJIjL4;z|62;7dl;0A?%mUZN#|uFC zpKPxW!5AI1?+eN|PNM%-E=lfh;XGLF1vmHYdG4BMf?habEg_R}9nvfrLaQBh4X}$W zc~&|0n&g4&2V#G)?Dcqvktl-#;LOyfnPwZM>;py%l%#qMtOnIe0u+=%0xzo^-x1$B zUhIUkZ%TA)83Kx>PnMx=e7FfadX)Il+S7P8wZkThrxg!2rV5GPsm})hK*MfRE2;n`k^CmDJW;- zU7z0_fy*wN%heT#IrNS7Nu3WL30nr}A?@H2m)8hvhJDPfkW^Cw*Dw0Z=No=nvF>oh z+@oP0W4tNJ17Hf`NSH=Rd$pKG>D|Ux{5ePij#sF`+h{}M1m2V(SXsyVyd8tNrU}wY ziz{F!&vC z(S4&mtRg=-d}J1ANT|Pe^gW`iW&;OXzNl-b-Mi@~k^*dXO#Z~84>|F5yK`y2prNTQ@1M-yPbP}? zX;NxvWLXJ%sAtMc!j;)IG-IF7m#=jPHM<*7&ZsEa$gwDYyb|<&#MWd)ELM^e?{vI2 z8F(w$YoxNQR^qL2ySN=uG#YC{c;y8sdvjZ40 zK08VIj)q^K-fK1!%;hyZ+ z!uKhl(SzF9VwWug!dBm;BYzsmi4NA%`-g&fKU*fRd0JmF>iB8T@g5r5Vdem%P+)1< zAvX=TW#2@e!Y`z+QBvEWE!m4&G=1^O-`8IgtV=kqN>rSj4ouHf=j8pqC6pu34~kQ_ zX7m8LH6qMTZ5aSHwh5f!&2!|5a0CnhXtOqXMHa7{p*#+ZHoy$FAP+V%{2Tx?J_UEz z(dWh#OzFe?hz`EG6|U?0K%SumJ6h)$Z=}-2ji0h=d^+-W4q;Qx1Y)*wuUVWvSEPO8 zeXff>sV7IC>&S{|Gq8<3D=eeBCf!I87> r&0`FxGdu9^N&mC@REv;1N*F8i)>x< zU3-&^1N{~+HOopJPyHr8CbhbPkj1y%2M?5O}3ij%9Z-@7X z+Wp$+(1p^L(q!ds?up2Z!Y1gdUyjt%iiwUv?YjS-*=VZs=r28CNWYyw>zW8C_ zIoQd6AjMMDccwo70go1ist06a zXVRr=GXNFxy=asc!pH01UBB~>g~q+g(FGzeN3B2xf2oxwt=F6PNe7HaKx##aI0hiE z-umK9ZC(~T5}GvzX0Z0plogEmAx%F8V!LXq+lpt@;W)?fA-1?H>Tp_)B?|fGYjMge z(hikWfLPKknlA12Of35>hfDNC&)V?b9N zSr@=+spf+iga&;Dbf_4)u;RnAL+Y0Pd5pIH;{p)mtqEW9(D0E0iP1HVRBHXCP1*b> z;N_Vmw}kzgj6X$Q*uE2zYr<0FrjCn^TEF`CuTT~+!?|y(aBrf9-gX>eELSPm04pkb z%!mJC4Lw0i-kAc{x%;h+sw zl?mE*X*MoecfLVi2~)|{(xw8)=!wlA!Jx%E;hv|!KU#o8Y&h8qaNpmyD64Oza#BH2 z`bVd4IbysWsREr^G%qjTxLn`9ZJ052eV~l56aYB~VtcWVqk<_U>eLkRgLkl+qVT)4 zYOM>H&|_*NBy~IC5mKN~dXcX7?Tg={a&473e|4NmVR~ek1c5?3bXxtL@0f@;uUg8$ zI9*qZgURjHuvkp)@!n3k)6MShmDMLd9>yn)N@)w^;JWT$XQP+1<7q&J@45sBXdm2xt-!PM=-w$(CQOSEF(vTQ5 zXaAi$r_TMR*zo{AD}OpT9rxntz>CwS;~}s3x;^PZqlW4I`&0_MCewXu&t+g#pnkE?CwA*Unx)_oI-O^r%N^c*eQIsb)NbW!n+Ui%q; zk7T#TirFso76g%h7@yLo@CBF#l={6Tz^}z8(kU7=LD?@6QYzj9$ail+MdiBW zQPZ3@4usTuMvtbgeA+Ohx;o$$u`Z&mBBBHfh*{5Z*4%Vimeuj7$7`=!jvsLwBhjmm zZw%J>h>N3eC!{V3=jjCF!|5$FXjp2-$Uybouy8=I_J}1 z{1ZLgvww4K)+?TneZwBEdI1`ngrem*gVnng!aZoGs1J#B+01pf$TdOQ9+|wfYlvPc zH5H6QotROo2BnJk82VR!-sg_U)lG9alyJIAo6bZ66Xrn))E9Y`rv*Y_?P3J3BkncP zu(Zf!B9c>fOjfI-rnQKlL_t+zOLkNg{hc1r7JSczo=jFE3!eO)xW$XdE>qp zfMCLZT^^ZQSWV64np~(kpOK$%0-h51MQ>4O~0y>({9#DoWAwoF}pdnArN`|SRo`+alkSjgyroHN+vV^H%i4^k&ZGX@iinvqc z1O$wdS^VcX4PNMX2MJ8E;DfsrF)0C?(XiM#CP4O>simY-*=C_$5=ns4|QJmnaA1m zi4WLgBFSYq=UWcHGFbM!`NX>M3cqDLHS|X3-HQUhCdv~WvbVk-0;_rImp?DF&iz7r z=~oJKdu39lr8y@~0D{^}*s=k!zFl6gVX5+#=rCEtv2^46Kbb2K(xW+?F;HH`R`BU( zC~8opz4XpDEptxtQG>Tvs~df*v;26Q8)ZRNxpe(|9lHBLYrB$}DQS}fA!E<;C#b3= zD2olbg z=kwU)gbj9+Z8q%Hen$IjB*X>^F}`{qCg!k|)#Q7uJV>yxaM&@bS*9;L$Ba_mu2Mt= z_6D*3+D`0yg0i*6Wa(Cst$2rI8v0<1ZF~{T%6!na8Shoq*nSuFn`(?~(&`9uo zZv(7#6=qLKR{DXpHh*8Wrgd%Pn&Q|F4eK2z+p>am%_S$6A-__*3nE;CestTJ#;gOS zxnV2n@&smMeMT`wuO!vJ=lTu4x94w2I#{edAE~rD6?{fbOjzc%{YkOH)UuPiYO(-H zMhKhrVD`TM>EOllwnn?$s66%rH`Du$A1~&*Vn$RMsUb)`s{_!dJZZXJv!lSexK|19< z+@9zsz}W}29|ZVgLsO?e1hp=^p|9`hzO!(l^#~10yzhEl+6D{GHp`4u@$DKR6k`QO zFS2APbo~WZNu1}Cgv^9NyUSs6ys)l6-y#npMTXMQ|6*SgoWVIy7ksV}dop#{*VM9R zv7WPgx^|hi@@pvROl=5zZJ0%JtR*y$dYgu2WU83`mV=l*7ONc)Y%$6wg?k#uU%Qwh43uvmgq-U#PLk5TV^LOQo2)e>FRksnO zgd@hW3FpE4$_&LpaLHVlPq)%(vGhlKFu;8pej?q3_cvV+MnI$*)?}_f!(y<+Lo3qy zaTf;&KiJi~Qg&goqpJWPNbqrvc3IJrd`14{Vfb)ewFbsGSKP*PRKimUku#6u3y{oo z7-KWng?1xDt&AY+^Ep@K8a6b$TO)Rx`0NIY)(@~msHzpzCU4H%t8Odz+8nyEG;?ix z*xJrQ?HkF%!UqJX=44}ngWn4o>w|2m31^JIsEX2Vd~|SL6gIN&a_)YmAi&KTW6(r^ z>}#&Pc75;d@~qGPTeN2|x#()lhOO%pp_f*d9S97%KGglijG|%c);+ z{2N066jVxUMC?cxu7nPOg-yM~rK$)Cb?2c2dvy=6%V2Gw6g0|S6A2H{Z#g9#PFO7b!bi$gw*}vmXYN^cD%4p_<}e@pRH25B3_^ziB>5;rt=(hI_%c zVok53A0cU-g(mC-mJD5)EfbC57b?rzkiZ45H(zRtlO%INi8GXPkPVuUj^ye9mC3qQ zqI_soA~rEgzArIrA+TV1VBKf_-;((M56gC^Ftvl|K(*u4b}YNl#CWcE@K=Y#SeVe0 zQ%X`tAyx4uC?R~MVHuzoCfqG5KTmfwGIQbyZLGi1WsOW7E_JZ@%hSaf{0#A4k z2R&#~2s4qN&=An9+^F4f-d94+g`lb?LTpx+;Izx!o-%wpm+ zD|t!Z{kxTb5B3EHF4(_Eix&^PTNe)|-3h2Az8;LBNvbfQtzDllX?8-F?`m8}rWR9^3=qy*cIDQPpNi8HO@+Ea8vrX>@qhF^k*;*UYZr)N@Sp z$AaM|Ft=pf3N3s8snp|lXUMg;R62*R3v0WVb^FSWA4?2h$5;isA1+H!%H7@F6LG-S zxYf36Ff`jNNC`jWKDmZ{wTVg-XrFlU!dS@O?x=k3g!i`JFy)RuNirR(x#XDeAW2c^ zt+hc1du|UH-ibaXweCnA`?}Ot^|crlz?d(W z6Md*n%{C}$Zwx+8^WA02c}gg}YAxo-382W|IXuwJ&E-Q#ivPd|@3wZN)97>Zm!Jos z1?~9Z2NA-P1NAKOHi616+b;u-gKi%$s9(DxCvPZ7obK2&Vb>p!wQ0pVdAfI!bXz?G z;5m8(Z!%l)KNIw|F5FkCB$V>q>kaw15A%k8`fT2ul$Wy%5hn{ac^hEoIR*_`c3;g>6hXfu^A%NjRWMWM+NthFKa`$Y0gTA#$0@v(l0(JJ zX_i+2Fvp~$mX2(y%|!2qn`^Ef=4@ICH!1!b*u)>41(XF zG0CzjuGj83D;K7kdaeYScdEN2!9CT=S_|h!b}cAnVS$W=L6vPAeSCxy#+NIH8JkvB zLwf(gsSiJK%j4K>OQP*)K_zGJ{#(%cNjSfu?InCjRzdtOvc@U=EBfqyp-y?d0@N-5 za6H)Z3se3<`D3#Wn&6{1=9v++d}DuAutwGx)?v?}Z#_Ins4c}e#4Fk@1&w82GxYAK zMVH4!TNa2}iVKu%?x@8Gm)4F_R(wqQmbfv+th|0q9s)_YpY@XH}|U~dqF431hK&U zi87VJjK3XN#M&K$Ob#K5p-BVFPhVHtkuC_&hQeLJLCHRj-vLT=PP|=T;IW>dj#fQi ziXlm|5UP1P|E7}ev`XnL!B^ijHW15ZiiXI3Aifxk63c#d_C?nJ*fz!)#K@6Tzho#-Y0wOqoe=FP8=1MIx;dR8iV zr|{aBS`cQE%NI~~g;*fG*8In-OoSK1%%_r?WMRJ$MK_y3hssrt&lULB69yZ(Ux3?> zEOZ<9_>62T>4zK@=vB$Ath)6%J|eO5CU>D&<-(kDw(IR*W3t^80zT3ciS>*xUR_rF zTo0@Txj1d1oVwwvuMN64Nz<wKV0?NbOtSd$ys7B;YlwcJE0KRoBfuHP^Venbc6r13CT zYurv@P&cV~MPFsgk~st+qs>QVY_jF(fA?;ra$XFWtK5pE6;cl4q3XJ}W@}LW)uV~r z#6>`A#aETbbzETrV<}eM1xUBld|9fwObqKKS5V?s?@|4M$L3TUn*mid_8Z}_lSF7Z zh6Zs56ue(y^gH$kA`u5&aPU~lSBejXD>SLn2?6hbz6D}Q!z4cDk2~pX$Y4uD@>J4& z?D`C@52U6jsLtShqbAtJ)kL86!Rnt}eDXv-tZSaTCAw%OadD@jqML( zvuz7&)|14Km=MvY^t;ivg}hxcnvoJ?QzcuBZNu*WBvU}Xz#E%n`=}EI4J5xq!jWys z3TUef>~|H33_l~%6{1UU3#5$zr6~=SK(L#};jcc6lvGim{8fbG1=8XZ{fYI{y#KJ<9%d9|&XJPhJz-GRmQvL2m+-@_lz_BCozN27fWS zO!o@yA5nkkwvaA9N_jBI2-)cj#q=G)Yz2eAe2w|b*CGe1F6=!BfsoQH9bfak5n;yW zY`v9tC4Ew`M?;v0%|jIWlz4v%1|Ty4EUrH8JIk$TboOlGLm%BI(a)K$Sw5E8Z{1wB zyj)0=vCsX0l(knG37Q7Xh`5Ee?M<(t4*bmxn5*~srHl!H28$2z0z9*KE#KPyebnOB zqnI=Wd`W0+p-FdajPYSd3x7)S_XPr)0kWZ|YvMrCWarEB#`$A!c*etr#8^+;;Vzi} zpb_Y5ODxzvo1pjmRqV2xp3fTXHy1i>Pw}U1iL%4c$*(eE1H`osLf_rM@IG({f#|ae zq%}9V+}$gHQQ0U!SJT1YpG%+L z&YhNz%qd5FD?OO`lX6BvDG#oVEOtY7-C}xjW%lm8_LP-CQQM%mv9$?xn4IL8;X4BT zrj(jWRGZ@l`V@7=_N$~ArMka!D4U&r+ny7vwZLen4}G$YAsEbK`(w0s60VH4g|2M< zMK<^E(=*B>%Z7k7a`P0eI;@*Pg%c(iH>c54V%uEgpxw3s=QzJB#BA?gx?vlp4|S4E z4YiY@ly`pEzd*T$T|ctEG!|q7F7XcN{mJ1N2=>8KhRPv6{VG?Q<;#An|Cbz-S9~({ zBgE&gqX5bX{kNSE&FPpgulaN8*EqKA)3T3%vi~JA^0-dhrqSrU*^01@1^yJYVwGrg zvInNU63`!8^H-+oG!Q;R24i^#S|BD}-ztAJgU(Yc$Rtvp7H(6QK1g zPr=74H-AvXH82{h$fExrjJO-0FEER%6`UVXy*kvPAH^QcdlJvph|lHE1~bz#qqkGTkg1 z#WK&nhO@4Zbonlec^X9({760fUtb;f`{)1t<=c0#9s=XWs8@p>OFC+|wTAVlrV6Gp zK#OJ96~g=B7Z-|F?6mb|8cD|{3@C6k`pS6&9%Q$=is-==EsWF_$P?r~QR{F@Jb#k~ zCCJew9CPYzwNhIDTC(!AD?^*!{x!r32M=QTYYU90?eHWaY~}6M4my~e$vN0foNkM~ zi-NWN=DI~H+5YqhAGWnt*6FB3v?wqU1$@{%uZI)DaHy)=1}U$Ie~kK%BLY9~@00|S z>zV)qS?K%|xphlgNz#9R{_OY9Gi8S5@Kjxe?~n;R`izxBA}CM3s;?fV}rq<++#4Ek+w%eX=@KNbCB;+|Bc*yxGhxwc-fv zT!ia{!;YGr%Lr!!(6cICdbtY*1^+AG)hdD)1NLO2A_kh^mGS>25R;c(laZcVkH;@B zkBT(a)G`)Q;}+t4QsK7)hE)pk3*U)`40;m%qE1=p6EjZ1D7anlNr@T@AK#lPSx^tp zJ3aT6*K<+5zPD*@Tc;Q7U`7EU$+6`atKTWOB(yf?kKk*Abw-5`2^cOqYU~MQ?X0VcfRKHCciJPW-v_eiD3=kju{|VU7MS1bk#Y*{f)`7?Y z6;%r?ZYD-$!Cwd4>923SuZXzB+*n)F8}qs8|G=T4!C$#(-B3;jYx{ai>|W;;iV_tD zf2$fFm20HFCgcXP`?B^D8(_em%_yhHx?vTc)Hhj$>^Fuu!)HKdH-2_*xaT&_QNjr= zXe>W|tp-&N%@gfv=n-cI+HlTJj~i@A7}ZZ;Y~N^4)xT{^>ozRjIn1f-9H%3k#YfK) zDt=^D3tw^)cU#J^Wz++*NcM@F$McK~NE$*O8I`N2zGfht>B*1mm!Tw2+?Kct*`QZ2 zd@%_|#&L6ZxOxVdx2-1RO6A0uR-CTtJWg7lo+3ouW)w~zKCBb=W@VAkBfM9#UgEdQb#xviOY;s*mOgb;d~qISpLm6UPVbN)q56?z zd(+`&9^S(9B0v0EhlC;^oFqs9b|~0HtIhJQ<6yLYMUI5Fz}UljDN?HJbdlibjiX=L zdogw8tC7xH@tO+Hw`FF9efMH_gh`Mgmb@iJwd&bY`)GfchN~;v|G-vOmG~Zo>~`wc zmIp4|Q;ntnMGkpO^Vb-{OBkS(43VQCfcDAvY%vOm97C)SQ-mFm|36EHwd3);16}cN z$pBN;JzIfTTkm0`0(C-zLnWs1A00$%7;)ihtAQq?a+?36U_dOPs6`H_%glt{u#|83 zVYmx!8$lJHuJx;vB>RN&k6qUHZxTLZn0!8sMe2^shE%m%=Vm5+7IfUBc5bAGsgUaD zep%$jm+3? z!Tpdy%Soyma-`AhG=p%7`;X8vT>R;iugsD+5hGdG=kDqwp=wc4pmJS4b0fCkghHw> z$j5|WD(T`O|FL}o#27}1F`;8cpDY4TuL$CXOo{WoXUpZIJs;k0#$=e9L5!(}GxDVN z3jS~8K<7=r)x)T(d~^DQcLUPZ*tPjvL)wOHug!l8Xvtd8;fwPEQXrLVgXUiXghT?L8cXlIBw0<4=Gmdrj^#>XsIj zhyQP)5yHyuPNL(A<^VtEfF#s|SWB4gHQw(x2(CsSN(mPE04fX{6Y`H^+O2*>J`SOr zG(*h9)(e03zm4MtJz&+_{eoK~RkS_S;Cu{-h4h|s;87AqG2OsfQn+w$s$p4c?j+dE z@{@%E zz>)9CSA^M0;qQ7ZU;eckp9=-(1AM^~c?^C`&yVok{;5p>84M(#cp2K&Ko;2T%sMiM zZ0lI&cSYU|ZAhOwMk53s542Qo$5_eS0U~r!G8I59sr&pA3MP z;vkAw7m{4^cbM4Skg~p=@@`2&Th_(*Il&(xW7i^(B2&AW!{klUwfY6@FM&%t(|Mh* zFY%Ss+YaBs2_{A5DtoT;?r$#ukU_=G(*(gct{aU=XVv)(S+@q^0^o2Dn-@LG7%-^@c1`)Gj-~fo%beP z%Cn2K7eD7my3(w}V-S-8s;0VdsrYNs7Wns0D=yRt!-#A#FmjuKeswKE`lT>+`N=2*(PJt!~`#5On`Ut1JrBzC~48CQF~!Ypa$Mh6f5<}%2EVr?Fo{v z+H**p=^$~|9dCq#?KxK#rrfEYeHBN*{G#*UAgbKS_eY7N}|n{s@mwHC+Txv5%A*Rp>xgEXTF&%w?O9 zyTaN!KTlQZyu#msux|cwyWQyDa}^y=b(b?h>6p;BZ20AL%&k!JfP6I zrx&a)QT^;dhQU9r_X#=DaJWf%!DGqogij0L$$JMjli^R@mL8P1)Sgsxo<-pSX9tV} zWZlt`(@~L`tnaje9_{?)jzx}QL215UY)`>6zeH|OaKEJd0=Y#XQJ9%&ZfmK*_k1)L z2xqY1VwAEWhhn_d*8J>{r475Xw4f)qjK*S`;7S@;uB0JRs7*e$UomG5`yX`z(wS@| zuvHMGne331L?FD730+_IvFT`IdwkW zR!%)tc^h^5Z?6l!>>qQI#zTv4t=LuiAQDMN+?X8^DDVjwoHIJX?=E#$qQHhQ9RVZ3 z5EKndikVSdNMRf$v_%L108q46JZwk;2m9zhvj#h1{+2*HEy$`^@yEQ3&?>odVE+Lg zqaxLVT_SGh*_z?MRs36RX<%(!aG5Efz-9XbW`o#3&zk`E=vs$2>Fwge^J?8j6x)PQ z1hT^j4;}pY2d5P`3sDq@uLGz-eP!65L56KdhNwYCT&S8FqQH+cl5EG%FiG;TD!-Jv z*?w@n=IQEEIppJlxpB>#k-2~SAYl!^6kPos;0j}K+~^YK1xR$>&%&)B-* zINxFU>onCSRUI{txuhY}{{5xTolHzlEha4SMi!r=QJwcex@zWIh-*(jq6T>t{ zo3dywJYnQHQ=UL30|#ikb~Kr|9uA<5_{?2spke2B_p&W+JtseFh(?OtN1>$k63M{<_>xXhh<9XN(36j!*k z^9q-GiS6_S;ALZBfUkUjjq&`mPayOdxhDM--CbpjbkJ+?#~y$YnR6ThfzNp4VTWX!^c)ug;;M@%0@5Hl&>NctslWk{QA9I!3#Y65zmsB5^*dDWxY6 z1rqN%tV<7kw%0h2D6H08f$|{v!*f}#?HkbVHxr>kC@00=bPd&6acuG*s~8gx_U?X- z)kQ*RS21W^S;kZ;7plUBtSJt#5kp4uF8F?r-kY=cs&!2>YlkK8R9lq+22=nB;I$W! z+9YgwvLA=Uo>x->V5&t0F79TXSsFmHxO1*}Op-$LTNZ%`K(i z5f$;SP&GkKq0fNr_-liZ9HcD%6R3srDW%S)$C1JP;&Mm3An!$GAx3W@-=#^2=3p!e3`Qa? zq@Hq6+=RHXtJkH{1bN1BAaU2|72gj+Ei zuY6q%iNmV9Nq>G1Og`c;2blb*#k^3NyU7VS#)&UgYLseN8uGEh)#41*djuekdQe_d z^Oi*%4cu)l06U-n7Lb>$MF~iksdx+K?at--A-k*a?aKY=^EbZgWn#@_DW3jNeGSyM zv9^td7R-ihv-knJ&u}LFah8uviVF7k-I#aA+HU}7`Z5zy_ zp;-%t{$Qqrci6iC5|;GHeC)zey^{XwClhSli1oh6r(82=##lR$tw0P9-JX0|8fYK8 zUmSL*VfWvlmV@U_v+fBQUB7b4YWtN+*z42V>vy?^pgC|*b29q)wOlFxocn=w~!9z^W;wqD~cyP*hTN!^sf(b^H zW;`!fbbYSENhS`V7SiMPTc|_o_UaF&XizjtvXiIU4u~#kFIsXDN6o?{SH#ZuLncR; z*+UsQ#oB3q|KU(Ig;CWZsSo5L)($3L30lhRtbhGioS_)LY)DP=o!>t5E~mklyBvC6 zrE`A#{UM4PDdyn3!FNDTM(~$;<;kJ}oC1EV{n&ALzHmXTKB7wqk?yqo(=*~s!a?cs;ylDM8~V#; zT{mWt5J10WBYQd24Ys6R|9@l*|Wq|CVqyw))5LIjlpI z*z;+{j4=hF_M31{%js&mqLs0tth>C{db2r+$pR0J%NTWdX=Q31KjTqmW>y@k*tRhj zJvt(0QTtvT1CG0c;U;d!CO2f%{;%AV!}X2RH68;dSrvn4UQLgqA7!R7OhpR2R^H`% zpM1-Y{(wO^r|6g;wr&SL;PWoHik@*4B4pdUTCvDq0c=lt7%R>c{lS$#MMCAmXn){9 zCu1b$WjINhZz0UT$|LDOzjEswmrPtci3Mbd{zhO}+fh;6nwO_T&!QjkZx+YP-5pJ_ zJY7lhOuXMlK^y*q&~w`ZPbj(6ek+q}%rvk0{e80&7)UJ0S2!KKkxP=63bu%Lbp}M+ z;`(H#6EDRzLd$^%cC1(M&3)mFAn38yHVq$lrGncy@0v>B%y$@$a-rMjRW&P+4>D}k%XhTshJ$X)XMH`6eq*4wiRO@3 zq>E*YH!mv~mV$kf{ao}RFn*kmK;#<=lD z=%X^&5yhFB++QVnC&Vaz7eAo9&*)yh*TelR(?aU1mMPY3WiBocO_8lv$9x>vSqDiMTxytw$!lti*#}z)cN22|SYcxiPv%N0+ z>;M-Y=XUlc(McLx7F)_Ce!@-s{dU@=k7eQm;a#rVj8!{bzcHQI!B_xm_O&Zahk+_0 zyDeGyO%#YAasJkuB+#oKP1m!PTk}~0W+er;b^piCNbvNm&Z#}vtI+ZBJp-=kqqOLn2jE{8KXTLYkHG%L~N2 zt%@Vu3S4B3Qrygnqm{VBNqg6W0$5pU*2a+hMxG{jfkl}4yQy=$*PsRF$7=5Z)xfW@ zns=9|xC-icJfgOO+iR(jXSk=I`KGl_$Vbn}9h$jAPWsS-&6>P8hf$r~+z)l1e00eA zLf&*MpZ&~ow%$7@NSAA=yNSd25S+f|kui9g0M5mA+kp{L(q5;Ng)oAhTPK!Js7;Ek z@%Q-fu_oY%jR1lwk&}TX(Ql!m)geT9fh`ljL~`{fa#)>p@^8@=dIyV#F&mNIW`D5E z2g@|1jK zEg{75el7V?E3+%}?i7K0v@wCRrqFbEVE`WU`enS|(XcMwL9Ya>S+QnPd=cp7Id}IE zWTCEZv*-=JW@3u>8}NwLJW;wW5X4;!T+5orVSMWv7&3e04Hqx-u9c0x06_T* z;f`0NIMO|MYlMn6oDfvrZ2>khzmlzGBpvSLn=-&;bC2{O`BG~eWJth z)Ez$sx53FB(6u^3F;bN{f<((4UN^&;kwuR0!+;P;|CFk(JE=l3h~m?wa_v>kJX@a<5LaVEk2@+25HB>9v?e?QV&?@Mt-VOgIrS{35PcUw(r|^U2+a{ZT zhXvBO#njifH!F@NL&@YuMF{glvP@$gX0Oq!Ht)WX4N4bT5sw~oy*!VUc=L&u>fi*r zdjE5w@@%&)vP}&JLIm83=eyukEOHE8v1#}NG!VXFp*np~vM4*^d0BDXOM>Qb*+zVy zLAn2X%zo9yIikrLPg#eFL0y?zIpA$3I) zjKc1t2sFz4VXBeFuOi2tG#=@l{XQ8+SgmUvwf#csg5a1N1u8rigeYc*M)_63_lZ1733Z0d|4U-)7 z#;)su2^$FIvFE5ay<7(c3a2dH3ONHyJPa;SJGvfoa&ecop7RoKlzSukE%5F5=jOVw z@It++7(0=FH0|cJt#vON@0<^HH34QXaNq z#Fg8hnh|=tjwibd0f*lnJVC7I$>{OTCIlO{5x38lhrS$2W^HbGI071Vo0nciyDTtj zUW093o^@S5iq+-g@c==8iA*6z0cxZv2XdQU7=ygY6Sh=a{g+)}4)wd44i*oQYN1RU|IxbUg${9}=$ zk)=+-qw!{!Wr2%%dSNT4P|1Aw9O=~SvW>#XKz;R%rSPUmv%+wv-4=S9*jO$+zO(JR zXM41=p+QW~NV#QM1A+?9+cyA4p@{GV*W?+#*}T#tIdQ1V*X*xkk}(jH+oFNYs@)~# zrEYo=dky<{uR6Cyd8bI?DwS+4k@@3$C|MR@6g6PzPy6Yeg1ywMQY>GN7Q$!=w_du zVZdILO~DZ<57^_PL(6T9NLQJm@D8-I@_M(;3m)J?7B!h0BT%%4b4phVXq%9cCfgvW zOC^czmpSPM3#ICUy7_;SRDjJ!hF?pVeUMmJ)3n0JLzW!?pKzIinDFS@_(hpX?E&^g zn@lsqFB`s?mFhR)+17ja{N2& zo6R)-IOQ@)_j@+h0dI)aEJZvoKl!TJjp(oDG*QUan#{)|g*8{~x<6BU8(iF?-7+*{ z7@J{Q144+l2ujlLCxu61$wxDul%GdIPT>6%?8r7dGCGz=I(bcew|uXY-!sv6Sljbc zs4+Nuf>Y7e*|h~f;(u&4TaRn}G9ixKZulP8SCh<=#5!1@{mFx8n_*LP{=yXDjjoqR zt`@}#Q#7jKKZfj*cLz78W?a9VTsaaelJ4?X7JIXb)bQLU;yooHtw;VIhX5I^NyA)Y z1Ri$m(05r298Y@$6mp-$9Or|*w3H9-OnKr_PL9Vo%z6hLt(6A*%g>qGb@DFNC*G%w zVo@*6f2MM4L&_louF!q>g|l}!21#r#{>aCU0zh^H2Bc5hS=ZPIrq_2YOR7IOmKK^QHH1Nq9AZ8 zZbEl#YhZ>uHHGFPA<@55tixqj;W5}A$cW}ZPR|{_-azp?{qvd_hxY3S!`)Xg+ab(o3RkmA(ZgzE6`#29u*Y=_pz3sZeJa&G}2d zSh3AOvB@K7yTi$_$fDe;L0u6zgc464d z^x|L5(n2TmFIe^wQ*g{Z< z(~Y>V?j4a4OPo*6t|K~suI*@YP(EP+R(3ACe#uKS1LaUjgEHw|YjUOEZ2^?18P99- zPQ>{Ayy1$lvz{i}G_dL8KPh2)ObJ;u2TuwoqvSfH{pB8MeSG@QOcVDBW^&KI^Q1u7 zErry)SfmB5)P?!Z{BrTd>Dsec=1xZZL-Yy57y?7R;ai2dRdB=kiEI`wYj=aWN`kXJ7ei?Z=?wp#pp(yhpumfbAWz*^qWYG{;0dW zGddY#JE;8AxLA7p<$Ihx$HPjjg7u}*rXdYyGo!nB!e^HA=e22~35LQ$0-;#9W!sWs zENid*JSy_QRCk#9^i%(q1`*M~FjJ6MpDF*U?u`DefV%R@ar=jI-;;YKmjFh@>hS3F zB`0hsr$p9xgqe>JKBm;Ixbkvj7(TUGYP_GmtnA{)@+y4XSn3F>-3{4ynOv~MSGtzv zuu(8Xy(U&~<+P4BhT;97pu*{BliaaNv|(WAvspvdeUy^yC0`5Xbq!+k;Qp-;`Y9VT zn_D}~?R2N*$INx63`=5BDOop0sjF#FCUbXC`*&aBB_Ac>yiH3KN*|OYO%RG=SIUTe zEDC#sU_UtGeKyc!L#cQf#VvVma=~`6by7FrN+i&8cJ7KD`}(vg;a%=ad9WMjD)p~L zg@~SkQ~vj5w@5s-M_S&wO1rQnoA5cLT-#c?w@%N)POHUEbQS*Arwb; zg|b?y_xax1RfnG}{9GyKp>8lo3I=?xvsH(TLWh6}L{pGviF3rr79b z!ZJql;l1}=S$pIdriHtYM{Fl-hj{%fRLx8DwNz?pYCo#55ZHsHLY5o_$UIOSyQo)! zi}Rlo_v$Dw*mgCPsUI7y=Xa@FH4y$>@miJ&4a?mMn6ulaQto{fCTPSM;QC=#C&ssR z$lvvBt{D-(8FJPv`tEJ;-Dtd%Y8r;xxCGmU5XH}n=zx**`3T$pi;+AHiIL{1V3!&( zpTTmDxW(S$OFqiVvGTSVu;X0cXs-2PxkxC-joHViYQa+vHYbHIPr7m(zX`zCRHv?Y z)R~uU460p!l+0u`{-X6}$mNemd-KjLW}Ey|Cw@UvVz(L9l!tV?4?*ySC58RF@+;{? z3`2=HbCphKsnmk(Wk0VjUnYQaYamyZocEGUHn%-Y z@@a&ljIL(XcUjGC3YYDg&MueLl%%I^mLN~^F_B=&Yut87ohA$>p}KHZgoH$e^iovh zZ5^(yOkIqUwzuc%H!>^}-nBQb?#!y^`h_mPm^Dq>6vuWC3SAnQHEqT=ijvQjyEK;U zThpSC?8w^cw}-9f2Egu~NZEFUERBgTSm5YTR>y-95dyW-@$H$qXHDj$hO!dYFK=@q zoOtcRi-VTmiyVzE(Z0&;wD0D6x5A+8!?H{PGru@Hk#_vfYm*p=hg%D0tva*T;@g-N z5ht?}H7dd7U(c>CH!5osBfQ<21f;()q(whYJ!uU1#BS>s1}B+Xr}fy({7KJlT`@e7)B%QRs?ppq>1?weezo{7+IKm z+tKx*5QaFsA-Qxgr0HL70ilWVE|% zCNZy`zu+NOxr{LPSFFwaB^2y zB>k@ezdaVn+3hZ=3P#Yav21rHH>{jM=@-c1;4Y`!45jTBRIdEQRIGP z$u^De4{w8tM%%+>Z>gaSmtTx1yxxAqh3VnSgFj#=Plpd2D~F__`5tFW z&yodzivZZ=tjPjVV?5Ua>WL1~z{K$%#mRk#QqB~gXEYNn`ZXlhYYVhc``_T-$d{ud zdlKq!<8II_-KO43&ksaxr&-~M!Ow+&aoKZi2=P)fWHE6#l$VhrLN?}{l&&3Y$UvbP^277rGMP|BwZv&{6MZl<2Y zUOQdiXrB+r#{WV4B7F&X#9XiRB=gZ>WuDkBP)MEtN?m2oBOhW-+ z^sZ@`2&M4RxJ^LRleooIla382C*(MFKTPeGLu~lxE%`}eP&CE0^SvpC`yaonQH244<3c+Gr|fN`CHTagwbLj?RS}0hVqX= zCUEIO;|P&EVco{eIfGPN(7v>KUhG|#?9CPZx#a7u$WPa{XXy~qd@Bjn<&j+n6BhJ% zJ`t7|jog*^N?ghq($w?eWYSx0Ct&a%ZPIY`UaBOBI91or4OGBsL9BM)&LC5;qW;cz za0z=^=&B(nZbN@I5M~;}4VrMs*-4rn9)iH8+KM`rVsHK>D1&_^N3>hL-oj+Ai7@1? zue3rbXUr<^EitE){C?9oj15^MDr*xsAM4I%w+-Shd}p7(aTS7R2^?#vMM~sGd>-D| zX`=K`AA5$&OPlWp2|VBcUf!~h&@Sflt76}Z?hhFbj+Ju-qsw7@{-|II}oWX==huA1;y1oNPj7=r(mKUEjU!r2-;-m*X5Kj=zV_)+< z_anGrJW?0qCg!F{9*C;VY^bjA(rsvSnJIBw`p6p^zq;;yeVM~9$*Kb|lbk2CNoqVA z*ai2a6{o_Y+;=PEBqDj77vJdz7oGL&=MJX%P(OGWfY^;{kAT0*U*r_zQb36?opd{sy z{y3mNDe#aPSz~hHCZZAS_q#Tb?Udam6V7oz5D!G{AkrvqMo>5{-&+zGcC;4sn|)sS zhp<8Z9_nT^Ltn}HxpMvL;o2)#R7J{)g0r55^ppPXo;uc{>VixOYE|WN#_9S0Wztvj z9|E%O-pB0)0kCX?)T7T*Y-3BmTr4UM6q1?YJHDEtd?oAqE`D3ZbAHt>qP)~qXA7*D zle&ZV5ajffDmk8l$i7H;yGpjZiu=3rVs1m7%SQT*H!fZMP-`_fLU> z74;p69C|VI1&C9u1b+_Sq;OuxkD#v^O;^rC=>xlhCy1d=YK{B~Ny%LQjNN)bUe1eI zo=@pq-x4}^7hf8K%m<6-umISve_1vtm4+hV9b;fE=j;mbf2X5mM;c81HutN#t&qo4 zz9u$Rh>5LRBX5PS=d3jdT=a%j-j29xal_i))+U;062GW^aMgn(NYcy+dCF0_Bz;rH zOAGu$tW?m)_}?;%B_Zc#4-n0BzAv+(KOXNDSk64P9nlX<0gj2AL#po{VIga0Iap_j zIXdUVnCT_ydNg6L$RQiixCK%Oxb4q^Y2I9LZh-#omd}q&b*@YX8#+E+r@p6eD%SQW ze)RoU4oQe-V27CQr{M>t;j$g{y(EbHUqMo#%w5-Uyk4CMoX2}n?I>O?;eq*5?~Z!X z;h@InLr@uet!kPhHhlm}LLq^dw*0=M&#lT7sHZ``HWs@*h{c~Nk~EkS7-*P#$7L&B zwQ3i_oNCi!6lE!H?CHolYSpS*tg($xx#JrZl=AYnduC}^DCKo{!UBQf^W?}`UtCx- zJ6dv!U!H=QE&At!J&J(Y-TS{4KP)=ydKFdS?;^T;oHi9`r5CM=C%>IRew!Wm{lBe+ z1h;;6-s!t``+ha>EgMn2-77HQ5x%@9xsN}+@<^X?wghBP(}HA#N*05TgJycs!!-{SyED>-7qjm-|1GIW~aekj5m%k`{z;rLEDJ zGUCHO^geMLQclnrZP|oK%h^^7f3L0^yE=>sCsYeFwz+Q1>A0JakLKVQ_AEvd4OzpV zLXf(ozJq&;teK{Foj<-<_AWdt{RG(7AiUt9VOAfH>zDk?KRh76Rn@B_rq1|+7oM>d3<#LW&4)3Yo z(iLD`-6E&h6E?HaM~{uVsqXiz&4%`}(K7&-)|0{n+^>vYj0|u?(nsG1UNx(mv64oT>1GLlo|o&5>Z4IlSGi@JwyHdq~PziAd`+;fDa`%MZtk?SL{ogzx^>A zjZZ=$PlXu+hU`-l{E@m;*A$x3Alb&Y?fmYS@eEJ!QEv-aA4-<=e%?fGOhk_|>0UMG zUgnYhNQMyX^nv%Vp>Uso&{C8QU&sQ$Enel~Xz)|sjZuRcFH^$}Vr7hXq=H{uS@I@&O$?s*gbSdnKz8Vu96__Yw0SJ-<0EHpcjp zbXvu91Q&!OwN@cqN#9P}0Nnlbv%F0f4LRnx?E}w8A$!1)&(_}gtM`0JTU?C==p`VG zRk<6IMa$3!LN;P$aoK?H_KcA!129*TEmy-*LgRK z=cuCvs9)PyeVhO#mVgy6-7Iw!foNf626HIH>1gT^r<_P(x;105*TIcfVF)@MHs1Tg zHB`o!$O4QP3Q|{wAr1fADwT`9?Gl%F3uuK?_{ldt5d67cwh3xG z4(VqX$?6C0)1u_TWQMKAIck!ktX~mry&4td8 z3&UNmkiInwqqrWUV_KUa6h;Vm>B+y)P;QeoK-Ng>QSQAtxgtc0tZ|H1P#9pUZ|oG5 zG>o8+anMn1x&+u2Z0OeUti$DJ>ct&Wv-uiC{u$@at?*9BsC}1K5HPBCL;iU}3ff^- z$BHbLFF_>Vy!>#nN%yK0YA~Fm%drho|eF=-x^%~9-?rV z0?ZJK&7y{9<9u1H8Nw0@KnC~Y?(3Ip4aAx_Qj7pKkO?v)N)u44d^WS@OpQPfCe)d9 zdeF>0jE)NRruzP-I?EW}uNxsy6X<_h45e|2@Q1xQ>DPmj zq;%D!kBnY(<~H9kjOvL(n*=5H$d#9(APpWWDm2zP)Eq$bY|nZt8uI-Y7M$4_t(Hl(K=dE7Y^lUZqTQLNYh)f#)Y_IGS(lzM|LS zQ8-~YRxNOGwj`{mP5G<2*VaH;9n{nlHV~lX*px_GB$}N-c<}QD2%a5MB^*`C1pa97F@sL$^{KbVtTIKy{CP-rl%FOdRxLy@2sg2BrVod@7LEYy?FzwyN z#e!#if%lu6X5bQr#=)8TFhq@@K8DJdZch?Js)Al=eP2uMgbhn75tjzipcZ<`r7MIF0Blctw3hvg zT}O<~1wQI(lMA|vqBO61m~m_C;JV)jPG1h-J6BNGK)c%}ykCd1TQOHcx7YW~ikrQA zYmX-EL7?irEd_|Y+=b2r{3#Y;$0Y%>oNd-;n7cbTZ(;#aBR1PT;cJQwn;*Df%8 z;9w@zGm&uJV^4CiNPhHIf$)CGyexTW^N)lnWM4)&Xjw|ZI*Sc;x>e7ERyXVGp-c)6 zC10Q`w$ahwsTOgZ2m04oou9T@-(Hwo;#uHA3qnD6Y053WcB9>=YK0z71%rW0IH|Zb ze_xE$%4VDEF5uh+T9-GaEvrY(lRgKtz(r!Vy+DACRF*pqFy5ttf^Z>PS2PV5g5YDV z_>2xR?87era(>6MwXzye4nA`a+xo2+JHNiaI1ds?`<7Pq{f2^B^cp+RDi5wN{sNc$ z6J$nB->00XlHT5ZK^?YEf5CDI4*YPhh$_IQ-4(NL#$=~(mOgA(8vqGgj(q8U()4jA z-HeKO@YAY5*zqjQ>*YWdnJBtj*S4f|u4i1lx0~h)Q$32F3 z#zm~hcpMN+N?pmKC2}6@4~j=vJA#_XV4$y%WIwU|dkj8M9hNLlHb1;tTqNJkzr9+_ zqIvC>H<@L}r_YB(qY1y<)h8Zh&9ITY`Thgce%3+Ft525wtNW%&oO8PYO%mlMJrup1 zkmBJ_(&j&Z-NmmDD;O^oeQBrWvBjPee7oEu{v#j)i#~c?B5TI|;UqleZkiQ$Jy4p- zd*|ot{fpClhp!Cmq5D`;urJ!}k8CLu?a$m&-wwP$A@)Xn>Izu4G9!QCIWS-9$PS?MTiV*|76c9Vc#orrwp3;8P zF{!-S0|tTq>CXZ9Ma=R?!b#!PiqeucGtZfqG&z3Q_=;lQ@jM3f@3Nr$WXrH!4z#|- z$#=$HunHCG2V#SZ0`$f6iOL&_3)`SGg}}RfHQcs;J*?$y3jWqB5N zgkRCV#7?i=>z?jDGOHnRG((CBxUtcimt8b(+@-^Hcl@bS48kCs33ICT)L@+b*(!OL zcDg?SsVE5bNi2-t+c1m2Jf_?qv9CW7Qg+6bl(w7YQNo-8y7DFo(Sv4j&sm;-zx)i4 zm=8gj&FT~Jd@7(EOCL(y6ZycSG$CZg^y@|BtSdf~b9Btru{8^1HL^~nD9c-F?MY<` z+;BiEoh2yaLr-U$h`+tg1D$TD*HqQ&u4Dz#*(j7G7uS^#xhOMt!m?1D6=KRs8gFem zcvGJ)UXD1a=}>3KoLViYXZ|XYyNL6G^R=IX2sQQPCom4Z&9(?eQGpn7dB=~XxbFT5 zuG_VhLc_J5`!c6jrQ~U*Kb9lS5)7!Vv~R3_by-c8`a(^@d#Z6lvJH?%OXlQ*@c>xW z?znMz8BixA^)b^t_IiWObv`Uu+$bXsK^C5*uOA~GcXt0BJi8;`6q&Y(sl0!NA6*;Q zE*2^y>~(;W!H=zjx5r%l;PLL3h3cAso>jQ}z`nuQh_JjFaulCw-2UBd2arjy}AtwJ#nJwY;RS7~1z`J@zTcN)j)@ zcYfYY*}n928e%Y?fl95a2jJYs$)yP~rvlA)Y(pomcj73qGlf!KA+rR^XYW6)cX&p4 z>9dpBu=~FXd15AN5qf$>=`7!{RyR+lL=mh{FBj$KiJdc_PR3EwPpVOCGaoFXJMPHi z>0hLDW#|at81=X}Cld9X66_5YqO2cw9k)$*%Yd^IM8$DfPWS=`bTtAi&Y`k)0fL;j|dT2ZT_b8XB+7GKG***d~ za**Q;8;+wGL&=TBoqxluu;)j3+)rkwB2MoFTneoNz@n z_;nEon(L~ASsE}MU>tU)$6`^KQoRlh13pO72%NdClu8*Ne7oC1Cz9=riFAg?z~`_0j4_M5JLf$ zH~dS0A{V!ACSzq2Ba2qJfGD4OVePWnLX!*iB7eI@&7)7dymo(f!UK?bn$vaOgMhhA zv}}5K?V1nZQ?mgd=K4J;Joa0iV*EhdQl|iHtev);Dr-ToO@g;lDxo5Q z1REmJ0}f1m0A%7>B+|#Ik#?OKS!iBrWw-!#>uY+V>I9rw;$A$Z;A-zw0_n}Cp+75Y zf=^g9Gl5sDko&48eNuXKx?j(d$P(($rj*z&kY(KSN}QMR?5$~Js8=NF%-(xd4;q=U zITUp~yxw;vbY|*5Qh?-oG#QhyHGK8>rVbOp?&)I>wIpubB(*wD&=d{3+0ZZaW?}HE z?zj|sjiQ|_kkb}?KNX*uLgR1b+kw~Z*w2=aKULXsKp2oM=vF5iqfR>OcrqYLKHy@o`e z&MB|;yenfeW$WR8@eRX`qo(z}ZA`pikb|yeVXKo@d#f7M0tZ3%o2MAb_!(>;U5s;` zC|N%<`&u?txFKPR{*FElsM+>;BYJpYPF^xkIPdEO42^qh;Ba+n>Y8e=dOH z{YQ|f=DtHi6HwdII(@vq47(3SQ;UmPNb;XiFooD0u2d+463UT&#?u&)+|!N)Q6LD$ z;3<##bQtVK>i~-UIiRONp}l$TU~^8~`xWAmv{{Yf8td!fr{n;<+S@%Z0080h4GBv4 z8$n^^Z$av>NdS`B7|i^5Em5J6?#&si4O)|ysEw+#aY7L53uJ&QvD2l-V6zb zLwQ>22v^FNe|*+XXokI;jzvE>t{$N z0Nlgt7xBE#DGf#%+%~f=e9+xNj`x1&PcOjl$uH2qwXPb+XF<4hlFU8A>xrI0_$&W= zcc_Yb6nzs;L>|dAMrS!NLM;WaU&}r<8EAup##dJbkIi;_17sOgqCp91Xuo=B$7gH; zM){bPB?@6)5~Z=omJ6sD#o~POR3JEE`>h$V=FQg{MQ*x*mW`hoB(upxji@WIN|?It~ZFw$#&v z55{wN(AVff9k8CQPs_`9vvLxu6H2ySI-&u9OWFjHwD!q8D1Q<<~KfSC$A z`wq!X(5B_u)`OaUa2S$4Lec5I77Q9I#Sen)qJVLCaa^h@?JwB?Ue7fEE&%mepmCsC zX{&#P1w9W+TWb(`x2i!1Vy0Lbh)T(!oO*PC*!KOHtKwf0F@J{D0XR$gCG)gXyB>_E zC+|TbBt2#(fz};XbHIG%)&Udo0jmaFO-ZVaK=2#~=QXwG0}Lm;yKiVf(b9;QcWrax z=}4#l`NL40Kg?M1|LN8(Y44ps45GsFfZH1W_vm&+XD9FQfhcJq%O0l~o`Zwz&CUn2 zIq&R&fWjOeB%r`~^j6_iH+R}`uJyCz-pG~5UI|(|;-5jCByUiCXrvr6qUQs8Ln1RC zh&zyu4fSp65o#JjolP+JGy^90UXHhBAPfJ2!6)!Hgf_on@Hd$lD5L4jH?+haEEoK{ z-hY!!LO&T>e{M;?5ze!xH?1WxhsY87>GwUp01i5rcfx0e`D7XG7+NP*#?6=eGR{ex z1OwMZh!0AtM|vYYUxRH6(-~AJs(eA<=tN3>KPJP8$lpiTJ<^$kTmY4x=}~HhZ}?!K zHqr*D#&D)d6S4q(I_NfHU@J8HDxF)_B%4Xa7mvSFuQJWT$G7oG4>z4q1Cwx&7R8%g zb=2$<#*(O)O1WSnjUMz?=JGt8yC$z-V{s-l?d1ebW@NOckRjqe5|2UYiRen+nm6Sk zFK;(c!pIXJGuU0>0eyk{$DoHQvz4afS3iKcu*yNM$h3^&te3*aeFi=vmq0&{G7vah>u!QwhqN5jTdbH=o<{MC%`DCJ(W zPT~(^|Jn{SUPk?zXzjT9xHA1kLNctH`I8$I&F!|Wl?F^nEh-^nST!J{lXB^P1-`p` z@gWOE^Fp@pk@d1MOU^-g$%!hc@MyyOk zZ>65^g>$mrRGO4m0PvLQ;3j=!r&Q#B$|In{Bb7Lkv+au(6DKUXUu5GSz?nkRR7}CP z1!H7<`xJB?Zk@(ln4K3g)z6RYn!P4phGBnpvab#GP3awglE!mH`#-*JXLvxv5SnnU ztto7C5;x_AK0nAh2vEAV6++UWjL#@dB_+3lbxs2q9kuFB4okU|r+vxS&=)7N&p(aT zJoQgUv{!ve?Qsf=Y;)coes*Rym0&iVv{>@rRmX9+O?+rG=-1$#!W1;}Nkpizv4zn2 zU2|CJ@#a%~d+=MGXH4o4SIbWTZ)4_DLct(qB@gzuh2LKlM+zkT! zU;(VYeCsLr^bK(kl^OSO>Q}|*tQu(M+S9{0YRR?LaLNmq_mbF8;Kg5#D~?}(W(}Cf z)Ow!_EKEXx)p$=t%jZ3lj~=t=7BXmjIJhqA@)#I0v8eX$bB#Kaa*E;8?wWie@2~S< z)6~B`bp?48;p*L3r`t~DM)hm!78I($8r~+n1fVhP+J_-t&{{NsR=gH6Y1{HPJP&Ay z{ZnRhrHyxUh=fwQWW#_xI@nffq=H1A`<#g4fH8 zm1n-_XxA*pN~PxIuQRBzv&ZAx0MzN}lXmMdX#FfA<_-VKH0<3Z*8vodra$4+Hl2%; z^v(rM{VUk21!P&U#Pdvo(G998eD6KtrkV<3W?l^&A!WMlJQ}w&G)wC zvab&M4~?-YunQtq?QmwB1AJThd#FIN+f1i?hZ9P?u&|L^)ffmbBlG^x$wx`0p>#V7LI)Hy-t|0 zUVMQx$Mfu9brG4P^y2fBMcUAD%E(7F9%dZ#tr6xRmAXh`OZ-ve_iY!ZHMjat`r_)P z)Y|Rmy|r_-?=};Pf0KV<&XTZ6a;1bQ`$?8snqi-bdJ_eW}G^c56=AA)<@GNB!#mp zj8C#W>aLq!_&1{UsJjO^eedCiL}IA;jACy9n?=#Q{4^-Ya?N;X9_;o(yMMzes?N*d z3sT2h0nj1nTpiB3D-uCkJqYQN6dKZe(NHbi2!KRE;Qv^yc0KC?9$K@>cX_FNU*#v0 z`uZ`h^qxouzYs2VOQSEr)<)f_2_*cKB+cF2ucsHibfuNEiPrzG>g|<3a&`AljBY`IZSlHz^qQ zTeD_pRQTR#qYrq?qslIC4R?$E6Goc5eDVelX^dFCi7YQqjho`zT$&qAui@iQP362@ zVLttAV@WdTKi>+({LEaRMY~C7LF#q%*g~OAz*E7e=D%$82!|G5>z4%@$L`SJeg=5WWxc0iXH92g_RqsA57vvA$m zp83HJBXWUCl%Jm$-}@F1w(qf0U5k~V0@7T)`V|Jv5{?~@n$&>#z*O-8z3OSfs1jzi z|ByV;%oCgT5`(QpPKF0!Iu#~(GwLtADC&AAvRSh?_l>>vodhVXu?W8fUqbVBE8Etc zT0cLV-~M)VjHSjDS!@j8pm}GI&K9Bh_PMN~8^mmvPoD)wkum@j7)_0*>{DLLtB!=b zb}xTmqYQQCP~X_1t@g;A9*F>})M-Q7fEh!ZGP)P5kDdg&D;d_QL5=ek{Hc*4Sxc9| zj7|NbqwYzqlGwjxE6}|3ogM(UNZMZPnyFdDY|Hpd8AlbggGr2uN-7zmrT+V`1WCvp zWZ1S+C;9mu8Ov--)q+4PP1L*bd7B*y#tH21GrFip+Cbfc*?NyDqi?{cD5SY_{g`urLm`8u;+(qZ8Y`=*&xM;hX;H zvrvQoRcUUpnLAbK75Qw&=>FY|m;a{cK%nk%Mt?dZQG?NY7b45Hc<9k_CBj5DVdza` z@tc8s;JA@<&~a0la+G6X^V2?I+4c#YuDXrv2YO?vI2iu#RZLE%jSNKM}YnmKH_gHAD$9JKfRF}u(^@fS=`u{hHDdeSuw1uNQ1;JF!z z*xR5nKEnD3=5n^ewJp-iOL|Sh!6zW9S_1(U2+>2cGg-*%XcR-hg@qei)LyuOIl2#1g0El3dP&^a;5BMRZ(0-1sL- zK2R9`OJ$|t7K?2d%0JMZrN>*pjGnk4wn-DTVCjNTjmBWyP)y`FOPx0sg;XbS8g-7g1w1ZN6TjX~;=I2KqhYFxKIo7m^(JvLg^|RFg;lL@@W+ifBHT;9-T z0vQ$Alt0ae`f4VrmiiqDCgL8$7_A5HT@^g{_-s0a*cIM_khu3koK!uOxVq_vC&UXo6>$QAu3#%2!(b`qX#5BL9 z^<41{%2~IDZ>-0N*>C`(L*%9$u-T$Csemya7uoDs(R|Q7HRH^R16F|BfL^ zPtoSElc&-V^OAyR{u8e5a_GKOEj{?u+~aZQFw7pXCx>-4vl0!bLU^SV*qDaaCma;b zd7}}V^woZTFMwnsAaGVR&r01^#BYFSHoA7hyps9H02GF$C&vG`FAk^WI~mOEIRc{$ zUt^Kim{~sSbXKty<;=X~u-1XB(T(eq8Z+%u=)W5T7hn9$X{| zar&u$^ftd#QRY=K=1mr4iE90q)e@niLBAd(3`#Op92Jmz%-d{5ezmWIne^Hw*imzg z8xG;GIR)nP2=)75gE7Y>T~cwtVWMJic=ZVlSIz}V_aODkA5$zZNiQXVuzD#FvtK)} z#cj4^!+Xz)De!V%)Nma3Lpy1b=+u)Z=0cKs)ETO)DNz93Jcg7afTH%do2Mf zX1`zg5=RA{7smhNiIZUKwQ4kF`*rBtg7tAtZ`=C(XK5#2KYLd@YoIrLe8=q1ur(9% z@jvrSl4zk>912%nG+fSE^@C|o&b##r4`AYVB6}B+4RUp#f25r-Mv|`1k2hai9-a4; z{K|Q<>b z!PJiVT$)S(FNm1sXXxtGivH& zXk2Y?qr4UpJO0IHj`}bove8%iTo<zfGqe&y7wDD@yzddSpM+>CNuB0PTh~~FWv6_sv!N#t3~mh z$HT_f|9d?2?JBs0DAOJ>8&8^>9oK7iFSc3Vx{pmZ$Gx&f+I%-mB@A2}X-63+kRgD~b%DY>IQxJ+*nLnYEKXNnHa%kj=BY1W*w?lfexA40KccdfyUE4Z2OU1I|v~k zelbzhIeKe%XrrJrLr#hTAYQgHnJM_S`$oL(gc=|IBR0HWq^>2>!OdYJe%BUd?4@clXMdL`vO8J$%-s> zXLTLg*7wJN1)lxN6S-1}&p}Olof_{)qb_8?O{t57o>hJHIw4p2lsWJre()+qb9vX$ zHWm>ts5-x=_-(@*;-ZTw#6)kQSHY(sT?+u)eE=;08^x+ASRYndAJ0e{b34NxfTLNm zzdB3ab6IvR96R$3&>Y4lQ8yqx{DrQmK2IavE|orv zt=ZH{*Q;+~>xy0F>O(EfHBhjs~6)T)^nL8X5ge7uJl5RbB3- zk#^tC07rpTqsvw%n+m>#C;Sl+O2BJ#LwB;LQ)~a^#dycatADe1{&t+rf3C$GKBl1{ zELHFF{fSso>f1$edDrT;sKNqY#`9{-6H;C7AQu|5t6yi`HB*YcU}9+ZCnxijgtIna z2YVo*E#mRrP`O(JRO?}1v9J$8AlEL(um>!EiWhBpmk0@U)?f=y2x@CnZuYEY1LQvS zrRzyjMR)f}P7YE|Hq1%79Z5*w@hsBc_D1TS(GrCDS2)|80W5ylj2`riWqGU{SYbZ) z-kef`yQ%Zp4Y1VnUqlHfX^tYerOD8|@`!mnGyo$i!EQSv>11uwNKEV!;;N7AQ-6`F zt`&hPb=5*lNKpmC7(!!s$wq{Hy+E8hw_6C4V+04da7Zg%S{YLCPpp-``2+v@>*aZ2 zTj%LTwfI+{*2ciA3BrQjt`vHQB%QIECzdgsK&_9slW-|KfN&-Kos02N23YjTt8Q6g z7TWwY>LnvO;w6+ogOD1Gx$L=qda#Tx&|+)S6N3AalTC%Sljg(~NPW^$@qS`OW|*t= zvs_^6zW@)WF5tke1DR;%Y)1#p?S(3;m}bdCqef?Eur~IzsRhUJc~VR5z@{|dYX+fw z0|;9dL|Ro0SiOU+GVAuHye{H%4*36}@i<^G+P%CU`)VN%-sXNw|dTAEXGRmbk60H#XO{u*69CedFF>h#H+ zdU43S+g*7^HKX$4{f#DTmm9jC68FRm{}U>qJ-F=i`|(|U5r~^Z;r5SAzU?j)NXJgF zfyZY9X!Uv0Va=K&?;alZLi73K$CWT!`3&g&E!dcNE-hUE34t!`+lO9P!|@;=?9PWJ zn8ttNmc~PABxI4O_>@iwpY&-P^ySKl$6vkFDPbP#R?p7>bjJCjdGVfJaEMhpncvYE zm`&Kwvaf$`?{s4fa&`J)TImRAmcIQ_>6yD}_L2L>+<5`Rr;BBXQg0Owi^5(MYJVH~ z@0}67X#b0Kd!4mNdXE}%nK)kJmpFuU)Q^tAaDEc| zs9n9nFO98kY#?Es=V2PX6woMO)W9r#3E?*`fQXk^3gwcBlNpvdApEKF+q1gCtFDbpEmLq`=I-n{its>*uR+q)q^O5%!F?G=J-LDvxd*}2@7liaEu)~&p?$+Pw z1q=p~QK0_|P~gFxE2Ts>dsXM1mb|CzvP1ru$Om{y?lhlI zDFMIY52~UBhSP6}mh1>ZqMZrJWp8)B0hq3%R79 zH8ohYjKL2DO4Zd-F|XSHZP=?xX7JXEBu<@M8fk!!sPXv*a8}cdvg5q8Ue)6@CLxV~ z@3IOJl_eC67~&v10{9Nfjw0}nuver>fT{422a}!RUom=L;zJBbbAyp%O3<5qVsiiE z%x?YWBYF4moG3!C*~0o$aI2mF_i6PIx9mq$*YjUHe=JN$(IxbM2V7+;8}(D%AkTA`r`u z`ibKJkbYtN(dvW8mHF^p(->V9=LKspX=i7OOVMoS+Tk=YGde&9Wx-JMi^!SS2ZM+B z3a!4v^}1>&)KzexYKnus4CT!hccHv_Wrmc3ER|q&?TAz?KE$J6ao;8NxFt)Mlt{hj zbeC~4eCX5?sxvc45JEn-mxL&Uc5Gg$e$6}R-PuISvl+sZ^Bd2jj*@zJ^7aUw{9$FT zDvA@Rq8`Bym#gkOy>ei3`j4?BKs_`B@B-MslW#m=D^Gdz^4SAd3tcYZDc{MxpYQ5U zaDiHY>(i6(MU(Jx+4;`+%zd09(`g-{>S&nZ4lo8jexoQBP{|1nCEaTbhyZNB+d@cU z3IjU@xUm(RSay*j=yDrM-69(rr6mxfCQA+3^FOvq&ZRNWMmn#I@5pu5t%t{xHhHFb z>jv+M!kgq5r%){CsONdB?@r4#ZL#gr*ue>lBi9iB{qD+cbrhruG6b@&Q?YIJ-Shh$ zappb;j&A30i;x1*E&{rw{~OH~6+U9;9oAo6N(M&PLxa7D!HpKF?DOz&xqMkaATNN= zNKDEm3jm)3DZt>nGaN=TOhiRA${hY?Iu;5v#;&@Is6vdEw)m#P7$W!Pd4w5-BFxd@ zkJJ~4cO(?;Lf3X2ktJ$w?~aMLsvPs-mFe9dS0{Gl@PQB@&E#Al($z94oVqp?6(s5o z(%1%>Zdw9zMD3>Xv^iys0`Jt|jf?*UNHy?+b*CXm4y{II@S$k)_oUnnw>~1kC-h8q zpws^E6M~n^5mCJ!oHmDpj{625^Y~C9Qkf2WVDKGx*hmg+S_#yO)n`Lg?PozbRhT2a z9>g>KL*K%p2-j#%EZrhLW=Q zaPH%oUi(36dz4OwxXRG8(j9yqti{0|HIixWeJ9+xCq6Bz+I6_S{%oqm%{k0}eM1I%>$C#~X;7sjByhm9?ZRWqtKoe4x`m0Bl0#z#(8 z66MJ^q7h}m@33mL55m# z9BH4(8d*U$Cj@O>Irm=;I44-NAs|Lv^pc+mIBUSC1-BlAy>cT+s~vr;s<6KdU^~dg z-N;WyXfIzh^yYu$Oq6iLhX-z1z0SXZj&S=8ssR1JcIq*tQDGb6Ux9iFPl^8kGT6G# z-mkA5|7P?5sM>q_wl==pZu(8;&(0o1NB4sDCSPK232@IEE;_$uUBoT_6A#W;O^tM3 z^pwa-ei8tSE19yi2lL@Tz8*kC&v5_|N2TgD=)7LAHI?uiv%tLX+iM0DN4LE&t@^c# zoDD7?XFhJSulWWaAq6PCl+S3t=T=&c=6%YVs-B$)gCN)S)u?73IW*X!a{VyT^krw| zkh*Wh=N0#w&}X;l@rCFk>>?CDDt-JpQt{JrZPN1g9{4fL?lyfj5K}jxk7!kmP@LP2 zP&BPp{J1%)__0U@{A%$}ORuj#Ep2{U-WIaIO`imQRfQp<^&0rqGw>JHPLMqVVN{QP zXtgRQDh>uwe+=KuApa!r=}~zh=Y*6irh4x1TcbgY)BWR_u&ax|-1}GD@8fe-0l4zs z(P4(t(nWu+&bbg<8ns$|zHz9tvQcn^mgo)S&_VyksaS@=qu_PG9AES*qkw%PuFC-x z^Ej4xh+a}|YkO=COCeaZ(SO@UepM~-g&EHk5Bwz$z&y%!*8R}vWGs_Zvn>}NE$FCJ z5j}3TJ;w#7w1wy;x{vni2NP$JHm(u? zUlM#>$3^Mrm=!aXyD6LjZPS?I{R-09_!4%Dm-VGUcI7g%pV1=f;H zS*pq5VW4j=9_pj~h?BDN!HQKyO_YWgkr{0wAT@!p3>=( zAx1lUPeGo&GI;@e0LsQVVcz#bfw;tnL9Ci6bLk;U#3*36qAxl92w@oh_dUi5YA!q` zHr(#S!mP|z!9}@Z3oy{2oy(yDl2OA3%mElx$Q8BYX~S0yq{m0j=lhIqr8@AI<6|#? zH5E{2NY;j>#egQX(8I4l7MN@S$71El2SNtZ}%YT*4_|NNb zG9+BC9}uR!PJ?Hox^tAB6vrhej$R%YyMUUa8?Fz)u!s0zEU0P$tvj+>dHtye>~>Lg z)Tgd8zn~ir4@XBhYcDDCRw64&1+gi2InYv*`3=t+ zf?DzP3ITxttecm(I6a==Il? zL7Tb+E;4ua`cp+vm2W)ZJLyr!lGv0TKXGDeb?*2joM|cz(v;#x-%084f2_u%XX*oW zT`%t=-wL~Ukzn-J*8>x(MX50FUW|c;J?v6^T+QDyBF}r0sz`i#HwkJ1v+FfZ%vgX zAr&y?Wzh9bP^l|LT$}qzp-e4k41NYCW1c}xfMD=2T({1vO1H@5rEb;pj3Y3lIRHlY z237`h2j2-=4*(ggK`^ZIPP)WCQ*~S;YlN!0oC4dNVQ5`bJCIV_6x*5F(e(SJzfGiCxs;t}|FPO+Z71)p}^O`+*)-sPjh+iN%@XD71tERr& z>oKSiUs@2Wh{7l!dS11&{X`VVA5hed&s;SH)KKWg%kP%}w_#6o4`xErJ1x5L#7wNx z1~b+At?sbwJDNpj!?#7IWowpVG7wqf_dr0_t7%_#qZc3a3XLZvc-i3Lbp(T>Wb!<| zaPyhJ``+3p0m>bT0{u7z*I_W@A-dz7iCv4KtLTBNw3eixXmjc+coJJ|f5Z`Rjm#ka zXOpxJlTV_2RSCZdvl_#s@beqDy|M-yv0M^W4c?tD@c~^pY0i`E(V?d-JTuaZ#&R}b zSC0%maQqfzh+3%?^Ngx(0C#h6d!|3LSE@#1*zcCgc2FbkPoF_eQT2F?T@Du1VwSd$| zv8n_~zO!NAM*^ZV&EeK-ub~o(0vDjj)I9h8ISla#8il@w4I@@P;Ng*_EGeUuhzJH@ zRh74VvWa9U^B-?NfTgi|(xv!o2J#R-HY0PqpW0yd8gf`|AD7eK0A6=+*RyQ4e+?8F zn2v>o43DPWZ(!BX-@R{xtKm}Lwj*tgnM%Mt&yh|@1_R?0EaPF#n%@b5Ip=_HKnlzm z!e*ry$SxY>Bl}t}wO|5w$QM@;ph^jPn1$0@)%6@KSiqXqJ3I-ew{Bi(pzz=Rxz5e`tj{H8#w$T!@pGIz3DV#$7UapK@A<#Ze$m zPG?h@=wH_i^cV4gMaq1LaLjSp5Wqz5X&H`GaTrXzCAkEO5a>g8ispoqjeQg+4xhs_ zzK75Y@$zD(@TTqV?z9o)Z*qZ z5oFs>;+uFt#X}?9GRR*Tj#Q^@$f{#&JKL(~CPGF~cM^djAA?r0Cy~=)vOtlC+zJ z6C4)*o;cihA83q2aOO7p`1azy?H?F3e$SKK|JK?Dr+AIg&YDYI1u96j_(=-;uB`XG zpC9Lu{@@4us*?`FIOg|RK$CV9dnbl}KRd$|oohCSpAD)w47sMgbY*8QLRyHJ3T=p!*g5d!2h*3r*eDsFWC7!%=- zN&_iydDlW&3~U4Q8z4Bsfp1Se8!>;5yH~^kip^GFiJfe5!P5R!EW?rGx+)yo>i>Cc z+ly~cnGAVeBs*XHvz99Y)6)UIc$zCj)C+bOl2eY}f4ERng~A4H^1RmI3@p0d5rYHR zWmf8kJ6@|r?M2x36#=CHpeKQYC2@4;=nmf{uoO&F?1XoY))fbP5L!rDZ)eK@*?|@M z6u2TQe3r-vy2I(ZU{ePiJb%avz=kU6^2U?G%iy`!0ZaQ*AIF{CXbI%8<$?{7+?6F! zkZ6fDgO%DH2lkwS3zJbuls`Ybsreqhl{mv~t6N6CP#N5iSq^XI#y7hOkP|-oZox0J z{haam`747Qdm0+JF9vT7sj7f1mwM9Iv;*%0s&s4-LE3C$JpY5~PTqP@E){m1l?S_B zo>Ea`+HcOb{E69N1nx7YWXK02na?1AxSV7BZp(N1HUPg5@YVKk*nrnV*T)=*fGu&M zpWe;N3tC zFseT(6m06o(`{{_^3GrB&6;pscv*y1Q(;(lxAsqBPdXJ3Nwc;L1N9Vkg`e^ojd^QcU?v4Bq1mZV*nv3~d3P z;UQ=Y~f*AP_&m&pkJcS#&}19>3IXgCG=#&GYL%xsCf7MKOwQ>%Mn@-xhejJ56a>5y!CtR}heEF8kF|J@Aji;?$Y3101OkmuxjCQY{|W zeQ8Y`IdFim|``8=)eo+F9wi%W>$|slE~W z*xlFaE6FD<`Cg3!b80QiUc)JEIhR_(C+o#_OZDS7KzH>P%Q|~Q|ExHUy9n{v`t9sT zM?6q~n=!pJf>V^rUe58`2i*BVl7)v|1|?8I#0*pSeTB_BC1DpOr; z04j0&?@Smpe6w2I2vALJIi((w%f_pJZ<00x>nv|F9gn%n`v&v=+}l-Qn5+mmYi(5q zwBB8ixlD{y&WO-b0PB>Lwyh`=h#H-jOyOq`H@OR~{~I|e;ciIUUK*#ulE62kOAyg{ z?~EmJS)6=9QT}E*hT64J5FcmbQ!P@)X08U9S%&{?4v?4&^m76AFXK8s}n_i~ILucBCQL*D?HZ;?{%I_ULhLtJHn{kUKsY z8wsnHo*l|*8m>em>$Gs(%+5%wEz+QVNRddAD-r$x?EKTVpMDZ;PYE_JLOGu9x0jHM zH+*5LuUqr+-SU@$uDeBpU!=$Gr|!}>r*#p4VT^a3y<(xAmDi`R;w~ZD1)T0UC}U3b z!t0TIvdWYaVtW$euBirw$M>g=Nq$u9RlUE_(BI8Xh5$nCLo%3Cu-3_}c(oc>-rM8% zx`!)r58~e&2zxtduydIh11dBjZIBH0g9aEzUM=I?9w40|Bi;fGZNH0vSl+|NL0 z51P?cY9}v6)}ie*nz_6`Z)kTdSe*InO-YPJ=KMfU^Wsr+(VKlBSRvQWWqqK;dAoN+ zI%p%ooHD@Ih!WF`Twb33o#HE^JNLjpa{+RJ=;&y^z#rdI1SXV)w}}()#_%biz1QKx zE7GacM_OJyJ(CqVswqxA4_&(VqjWW0g2Y_*PB$!&Cu?ewQHl-Q>jGsl@VvsvCwJ@c zj$PNV-5Fu(x9ZH@RaFMU@I>lvrViz$#b6ljqU$bh+HY7fPIkM^S!b@64Wo?h6&pU{ zkw5c2U7Fp6l?g1)oP9FS_S>;)U?HTsg2g;^@H(SEe{)qVV_kf<^*Ovl=Pdb#rPDV% zt7Ca{Oo<5p;B0kcjHygfIWc8{YxP2L&LaKh>evG^Cd3Wq2Px0L)7?1b7N&$)|16$m*>NgU^Rw}vzba`Nj8NgSs5HH6u9lsn?{MN4 zm&*%rO$^u-A7>Wg&Vq$-F4vVJ3;KjV{D`m9fqyA*wqmt87Pjb4eu!ZYl2+RrmOz|_ z+j=;kiV$HtUd~PCi$5OTRna-1__eh0$jF=hr|)!RnYVSIab!XEM|QDUi|p8E{TOZ9 zErX@V+=1XgZDk~d1p5~<3860L>nL?Qn256LAaR0Z#1*r%*`LoHMmx9Q+fNQH7eqvB zUfe<4y3vYd!i~=A+nc_C_?eI_q+)&uf7W)UKT(%6)+%r;J%BG5ZA;u7k)~Zgs=apL z(OGlZj6oXRkm93?!5iUju;H0QkD*30Du~OSuDlBrYF)#dU-iY<&VBEW*wwZpK2Tda zU7?YVZ@s^cS#x~}l!5V=;#n|xFEFWLM5)GdiQjnOfpqqD&WGJAmhl4PW30NdiVbp< zSyMgr4VzTPd(C{FRcO0Y!=*K>PNeB(o6r6Pnln+{%}yMnpsr3T#1|ihWCK4ayLHrgoC}K>b!8QZGExL)qWy=VHz@GnnHi422X zaudMP^Ud(SF9E>Dp&)>(p4n)l3=BJ?4aj^ ze(qE2TQFps2P}l`h^eoK4J#EFrKO6z@_r5zVf$88Mt6xQ3>Rhd0)K={u^~JS(TCZv z721!%#F|pl|B~wxa0P_f3LXV8Wk2IZme$WXf*k_WGeGPOi`mxz9`lb8rx>9 z<4SoS4|!Y0y?z3B-+Qj>V^=%l1>Fi`8DTDUXCHWUf(B$3ZeJ2QWe{4+09GVyZ+Pj% zZl>wwBW-OC3=}o5As3LwBkb$R*DZShREn;w4i_W<@~s^R?{I=G0>o^HMssQ`ggRkd zKUQa|*|ZL1NW?B$a>r7FkGbg)2RXNO_f8nBbYwoIfpj+MGgbzARGX|7oiw^8&ZnEeJ=DEoz&raUW{q^2a&(k-1gTMi zT$gDElA?a2@ZKxb{_U_)zOXMGLmHxjzPAVAcaIP3?Glbcd+>fDxqK^3Ua}p}GskY3;AabOjsklz8L?^U`4X8LpELMqwVOQ#Vtu4Y z?#14Vx`5jGgPd)bN8M6U^({x~c#)RCYw!Q^IaW3ANoA6+FTr5$>k$$X>HxBJVi@iW zLN=E8h(;}}hJf`z;w}zc?$x06So-hzAe433O%_cSZDjk+o?oxHi~^-;`^0!$`J<8; zbV-N07C4pd=M&gIR}9`6c~fe!>_{i%OK+ovQ!OgKkls=vNQ`}B-N1sMVRpQR?RF}P zSu;@N5^8sS8)M4H-d*LCi{-%NPcMM=x2K1lN9~wD{O<{0M0i)4BxAhLL3hhk%~=SS z>9H#wpofOKZin0u4q)z^M|HH`Dso?-Z(vD-4Y(*OK!l_ zG92McGt-2XkqEUM`+k1FdM@tzev;GDk-6`U5rxBB49RRZ-uOr~L?$M<*88sLAZe?| z`j$l5AJfH;Nrl@27h4%Ldwo*>w%P8j*tf)JHA)F8WH;r8RaF~A242`M#y_*19$Mvg z&Ga_1grP<7dmftn5r<8}ge8w0V#A6O;=b6IPWHw2+nZbtOUC9o#0R$SYKpeb5T!^u zXV}KA!zs}F6g|{W)?!-kT?j_F{xy)o!ornqQ__=PJhEM;8;y}JlV>N?C+>2$glo~l zHUa~_*WIxuvh~I+Bva7tdhpZqj0 z^E59t_+qR_ALnWsypLamxb1m{YWuFjVW!`RZQVt6Nei8&KQAdc zOryFc)808W zp13q|B_~tmp$K=2UT8PE-gCm>SoP_ZKgH2UD{V+-SNYeWDJa+K=njdy(W(x*5c1)AiFh=MKkFAT{X*Gb_r;*J=nB=+ax$FE7b&AL|w7lxq+LgndrL)9Q< zZ=YC>LJ{iARA0W5A=H(?lUcw)x1vphJ5(O2F7tS6&{hva6c|z4Dl5hjc(A~RTE~Z0 z0aoFG5PIY*h{fzVOKDmo-vQufzrN>Su2*<{tNO1C;H@Pd_0jphWw7vAiPVN9^NHVQ zqkSH863?bJ+t8Pj8R7ao=2EEPhkBb-tGdUEz@_Tu8xIKJ6QqTaBn%&y7s&nCgoRCyx&GFBMMJRjz@w+cw@I$aK@UE`Q_MqpR z2vNv|_knjLSQTf4R)p(U3V2b1T8VI;!B95ym`c+4*V!SWJSMLuJ^P1Opnm-g`vAMi z2e713@ah%>L$Ig>lK1#_4bNZYGqc(uUz@q$QNI$qlTdp2@uV)0$lm2CD)g+1| zkNYN_{c=whGtadMa$Yj*5wz!OX@3?l@~A7{Y&u=BKW(H*ze za&N3Px=GhCC$qqiRu9V}(KB$+MnA9?;i+RRotttCHEn7DVh(V{w|!B{;8urw=4M_F zO(}gT&dE7hKrgNE%Eq*vC92|nF-->;r|1;E;lgIpa#_71>R~iQn~jZ4s(B7Z7uXWU zrrt!61&q{-Gp^xy1|r?Y)X~AVUF$RQN{2z-!m={@p?(qL%1gT7<#wAb+n=6c&gY&t zi(YuAN=yk7!#a;von@!a$n-z zO!vbImXxGUNjSWkygV55sUr03o5+b4~I+mbZ+5#N8WmyDNao3xiWDZK#z zJ*Iz4(%h%(P~9*HK>GL1r9(Cx$8xLbYy~3!x;bJLfEj!$rcoWmqF*i4jLF^&FJE4& zLpC&hGU{y3Cl%#u;2$O#<WaqOdIW!6 zIANp4UOeP{(C?(y7>M4k^nA+g=r1UD$mw#%h4z7E`|fq3%TxXVZ#UZpx2(=nkgb!- zW2(3PRETeDW#*TVj2oW0q)&nGb?^g*Lj6AI1O29`87n^W+cPk!SX`%hJRnLHAjY&|9pB5Lt8AKLBX z!rAL27vpcf->kJ`TKaBU&7f)XS+RdZW^u@(%HV6xV_5r!VKV?R`KSjsX^pTnM2E@E z?7xpGWwKCnOy6#`2lNt))?FP8hSRL79hfW-bjP5pp=<@RwEMeK!t?g>bLk}Pp4;*3 zt{?6@6mj0=%7qOFHuS$3K84=!HO&J>Ufv||6HhO_5eWK)bi4grCRY0|P1H=f}@L}W*Z!+7=apOly?itgV4Gp!z7oP$?^w-(HT zB%!6He&KWE$kPeZP)g|8Hd`%zw=ty0BlF3Z;=S_h3+|ZLNIq!=YCK;S%ggqmfpsj( za(8`75cCeC8yeu9O9U&5x(~*DzcqCuN_81>D0y&b(LPj$dCa3y8>V>6nxzYsel>g< zsnSdqO0erqKKV|870mlx4`t=L@+`X7@ErLi$vB|*;oXl zHss>%x+(>eC|uabeYtl+VO@qJ)`i~Ps}D@S4uQwIJn(>YYc(}fM1TCRTbrMa7aTKs zF>W0Mz*OO1FcrtRaW@iccb$xjB1;#>)v!d@O|I(>X#%+EA|gxh8uc`iTq$?CW_oB| zKKMet`fJs1)s8ie@so`94bzNvr(MVKMmtA-^gp>m{escPG+1FkP<*h&3m-BGWMQGr znCo7l)qNK(;rlp+$}dJ0yzKsp%@ zh2s_DIqPD?GhOR$$uKJb)&SHNcGHaqTO-5$%4on~Q5Olu>KM6=C{$B;#+)1z2fN5N z`gGvVvkjncTQ^`aa+;eh*x1>_m;6HUAk8NtXju9dqzY(UICz7RNF)WL0^{kCxL``t zLf>r=OOWlyLM*(ebjO8Kok*Z`#7BJP!%5+;_m55e`V}+chk6}g{r3uPtw4?zWkQ7j(#5(8riDzaD+YP86`v%Xng>bd`4vu zWjlJkFvZMgl-ca+x;F|>>>edY7~qT#3jFSMX;5($THHqXWu2R|Iw~DzP((?jscc|?4BZKTD5cMf^XRQ zuDYyhNK16|v)W+dAs3ZyJ_1{-)%x^a%V49`^mSw3jZNTwGY2X;peO3)hmR z+3(Yl#r*vFQv_I^pZ~Hyil^=?lhuH;0W^< zL3tXPjjStT+5pAn8gj2-M}kPmO;j@ub;jq@VHCQmc}U-~IPT9Fz@f`H`uR?=z_=Y% zU`7pK$B3)o@pFIK?ms<~ME6E;A*twWi_$Ol9K?5iYOWzQxA(U%sq-73IO+KR#^Phs zb9f&0k~}MdjA3@qmG8G$jI{WD3)%ub2G=3HGSN%9$yD+<&Q-vE^@0TckU!9wlF76D31G1)IL_8ncf%a@e1Pv>))lW-H>)A*ZOLMqZxGPO`aIM#3 zAJ2`eGjMhy9rC8(ANa(KQ>p0jZFIH?3AK#`mpEmfz*EtS``6faeiNjJD?`;Yjq3v+ z|3it?uSD-8Oat^L#U8}hl~K$O&|B2-znGYE{m6^#U!(dNvT+^q>Q!L2?gpgAfk`G* zEb4wu$mSByqfx*PK^4Mpy;0|XS^Y*`wC>3r`h$7CO`Z%1Bcb#1)5O#7kI*Alu(y%4 zvC&^B`u8R--iLj=6^eXLi=)P!*>FBPqm8-R(%`7Xg=g3i;ocV!+5ynH^##*eqBbr$ zy<=I7e`-11yUJ}y?>5?Et`iD^rSF|tqFby{9vOmnX&~poL)kdR_>mMxDnAEp@%11D zJX(B1;=HbWL$^UbQ1f`BL$87-1ML=D_GX;B>zq)L(};q7R|o`uMLV!YX`~?#@DL+a zV8jT!q521edM%wJYcHlKm9kTHG_VV^xc+3g3M9D|E>0-mWk9QTaYwCb^z)$pwyAs0>;E*EU6c>`}Y z7Fr6m%?3*}4GPdyGY=**_eL)yT?QOL`n=$w#xw zHHPvQB`MX<8$fS37u9Fw1}f~ozx(WhKgAXxF&3=<43e&qsD$l&6opdOLVH zB@}pQu&vqx*KJ*mE3Uj~q)R_j^AU>it(HBofsi2%bUfF1E6jPc*>dd&yEs<{3uosd z$V0_?)lk7AgAymoSuifeXgWCH#ZfcioafikanC>%hG@2r6x3r1r4h5B9ZV>mMc8CS z1SjN@7=gEHuxhvJwHmgHf-VWkJAJ$X0-S5<#1bsmP-UnQO>lt_QH`|I$;UMKq~P_tq*R#qZiI0v z{Z?=xpVP<6|4^xab2eq(@n!;LX5tVo3dQ5O2Gy3qs|biSU0DW$a^9Wi*OWgGJ*=jl z#evWTGUoDroUzSx+gIM0_}J1|swwU}*Y?{ph?ViJ7IS$4L_)XwnoQa2n=cnKh@L1A zZZ8<3_B|MIZifTAj*rFBoFC!bjm{sA(u6X8>Q!g&%)+bvxtqgXA%T>pVZc~(s@v0= z&Z(ioe?X65>^U2pYY&(LDd7g+zFi7Q?R#D97)lpEbkAgsOe|LTc_fwghikM?PD_Md z0VhDiD}RxUiC59_nhE3@L|?*Xf+1885Llc%jbLzyI>>z7x^=7j&$7FEChOt1pgnm2 zd=-UAW^}Y=!7#{jy>8D?vAV&~GM$MHM>mj8Km8;1whovui@={Jmfj*Vr>6*w3y~`8HfjF* zT7*+*PvAi_2M#SHY#j)ZVJF%p|Bl|ZNQkfoS=<|d-2-DE?Q_)PxNi8YjLfv&|1OBL zj}Cgh+O8uH^fVX1ER_vH$bLI_4roJt!*^|>Wsd@7SP^1aMtO4K$bDmqBy6+@+*E1B zqd<%DRw=HmuO>=`y^8oq!iwYSvE={o-G2i<;Je#-y15|&&m*HA>M~4cbS6OW!^$6n zMCcouw)Py~gX+a_@1&b*vI4}+FP6bU_P6U!V%@e9xy@N!AmK-#BRSo+N|!? zT?3X^1V{s3-HV*RR?Bn}K|+yd?-*R(Uc!0`_sK8&))x^McXJQ+a)oXt8;=3s7mNGt zR$JZbt1e12qdnY%ZX)xeo^t#=S?9G#(FZ5TyYv`Oa6np~Tvu)ND>tXcw&p=wXuuL_ zn6-Dau>#*;H@Vv{4+vUtcUIaO=jp?O8)_xO<^^~AjaM`MQIlgrApM9JBuczXChsuW z)6K=55CAzb?2BsTKCB!53@l_7);-TB)&XBsTB=PNJJ=0oB8hwSskn7JRR4^(bXsYNVa?sLcC4>PvY(_<+r4*p7#_R*LkYK zxj8W8``4-Hb-bak4-ljKJX)8ARGhAvgx=D)D3g=han3H(2QqunbF8wkiTpY}n{bvB zbgPwOhLRn^GbO~4)5XFyw|Vo^edgYXg*j&hOx%<+eEU7~v@cZd!M*4T5b zm8DfvUrB(QSsfP>69YX1>w@v>K|8=u1=@`>8KLbIA1T-&>{CL4*y(Pzx3CU6 zPoljIfEoUJEa6NP#@8ZmId|zl{l2L$O&F;b;mI5Idswu$0NA&(QP0_vyiB+y$dIP> zHD53BY7WHH46cKrDD}z%@5!FjpI}f#49{K8tj+~O!{I@SWw3Fd^lI_5VD3GSw$uFG zFnSq=V#+1)?MW1vyY2~|JIfK_OJuZ2{Z*se-HUz)lW6DhW63B;2E3=vs;byX;C=On zdZh3};UyiZ#d^ubSl>R*`84>LlwX>T+2P^=oyn^Me>kMA0!39uv&lxTqc_MxJ$vyv z0eyi8yRW7<~w`cSHD0Y`B*i}O*e6!QlP8RplAR4%Q@ z<@~ahD(9#yfMW7+6=Zc2f;lwovucfcq?-c^q{P73s{;=_!?wLfKkF-2Yb!Tvl3_2> z-q!2)E$#obow#5q2>j$LqB{%0a@q@!MX`lzVj!xIBuVWxSNR9V~g>_d0L5Js9c5K#sx?eY?!o6H29({k;BeB~!QPQ&F404R5BK~nzAHs&p%=EO1g|!zg&il%H2b1!|4E+2K`dflCUQcSE6k(zSm(vhT6|*Q;(g@$ zLH2r7JUJCTV^w_RjWZop%Z}nICFEN|Z}SJ@rv&eJ5EHzcg(A@+lo*L4o9fF`LQf)n z^9R=lxWwnu$?z z=NEI$E~$11K(0qAkiJ(KfA*j6xxO+XcPk(NnpNH;a@8Z`Qo3kw*h2hc+V7d%QyH$Q z<2DngXr@{%96I1M(-A67n$%d}0X3xosLdN19Ip$0wa~TIn*|`sqs-Lbaw&TT?1yP^ zcZ)SMjjo5j{eT@g{0Yq1iv!nvlZ7MyzhS7>!paM~%#zCd6Dji`E0)F3W7+nTn2{3d zQWYE{C*2^f84QW-AC3-MGWylbxHasDS^W|v8crHTprmvzLH`U)%wEk@wb@`XK-kScVWmG`0 z(b5-Q3u2%zbcF5~r%m%if?aH7wDf4Mci-`+rk!jeQ~4P}W>^6dhC(iwjkp?FfhYL` zoal^*^#KWJFBu5fB9YM&#k%;Tw^a^=awy$xZ)%4DS)M+Hm+ znV-Z^dc?XF9I{QeLXM#9HXQ!Z_IqEz-a6GPTf%)>h@|9;?|}`<%wGEQm-=Cks{Sce zZe;!+Er1j2JTI29Sx}o>h4NajSkYhO=uxxNbtFHU>j)%iSX7=5RIC=Y=5wfUuGniq zq{}u~iWFB=1V@f*7;p>auO*)YWDlOT>Xztp{Lxxfe{4iI1VgI7nsKi@p)Cs{u3E+s z*FP$Tql3DFxx3T}pP!hI9K*2(u`{h4`+GZtckOK7OW~+k%99T#vT5ymV`Y}|QUJ{Gl?~?WWDek8n8%fkY7=(56i;nX%`moTN{Us$ zE{2F%WX~KhaD~4AqK+W2#w9mtWs^bFF3P07G02{UPQN7E6neb~^N;Gz)!l-eS*S9e z0lv*jHCbu5_hP2R$IMaR9L9B~FG>M0s%VL&a6fhNq8UzJlPqCOfghZOmZrrNM2paJ zauR>%#C{+`*BlMokUZ#H2WcF`gZe6>9JFyrEBQ!et{g;B+SkPlsOagQNdmak26d`n z$k5U#8r+yukf8y7jf>a9@vRI*>cGXf^<|eD@5>6{VROe6mm)NUr(650}9+xC3 zKwC-d#uLqvld#N{5j~xlMvAOal_1vOQkz(*D_afwL=x<5Ci{}#| zvjo0^4`qKco}-b-d(w3qb?`%ZynKA#W2e@Ol-iGja6ucNgAg;%_c{~#tm8wD)DI%m zZSZpMdywf<3>F}3WG-*!EAq5Zm~EOwfjD$gZbJ4Z3J@Q%3>0}36zid9D^pe1=8hAW z!h~pℜZG7~Ex|_&Mp|=K+q$jI2?KUCnfyghi}q=tKgH0p}-Zy)gx5+SDlhfrt7% z#}A2H_aR~7I@E+6dqNRqE-rEDyxoC8G$}R=&g}3YUoAJe)v~FNJRAc@bSTH3 zVK~OW0$`&(@gXwU=y*~f1Ox%2YI#AW`+gyNehD+@AzxT61I74dBtS4X;XI?5R_=)a zL$+*CkxNfEJR*X|LvYw*9QIL}&$r7d$`*^6$IF?#sOYO9$L=cWeBz=Het~fBtLL!R z?Qa0cnEHc(eWw;+^5!FZ`%hhwj{h8&#WhHy-}(yg%}2;vwC8c5S6QFu7dm9~&T=|& zv4`G{3XJ%Z2=TmiS(t}YxgAz*qX>+ain4IbtNiO3Wd7;_r+L&r$>g+mULRR=xG+y( zO8QHW4~LhgHJ80@2m~|8bPX0|vc}U;<8zbWntSo~WRHDU6Gb9l)ev~io?!49kUD<)x4bzh&@rqYh!X6!dxw|-j&3Doy{W&KqVGq%?<`C|aWNE%IAF_)vxlEur z_B}lG+5en1)I7JN6LL6AQhug6vureQ`~CDt7_SF&yzZ1G2nM-=dDwSQta+DZy3x6s zDcu1rC#_1Q)>v6EP?;CC*UcCAJeYq?I#4)>O~)%8q~zR=Uc2~PQS^uf$J&%_WO%L1 zEdH$PtHVn!_WAauFQmbTrTpr>){FY;hSR((J^RvE(%_R)es8?il^1`W?yH*zf<~#u zSf9Vq1zKwStJI#rBGpVTSxfKb&|9?Vwa{)dgi+df)I$ko;VUWBbB>o9Nm{)uGoXA- zf;6^vFfmw|-bJ5hpg(7NOB*7`(pjaD5wQiKGM1#DiJxK`n?I(i?)EJB;aTq5#^p>H zltm|#uMez4I!u=6T$u)3&I8W}E{xL%9N1;@C=dlaLF_!|@u|s6k05TOKOEB~$IN4L zZ%y8t)(lQ`OE!Gk(~A@YPe1dC3Sj&%m#79-7CMNZ=Y#61tJquauRo>eSe}d2LJ^2poaI4)tK-le~4Fm-`R2GL9yB`zDu0|>;AsA z`=c>`ZFLBQCKa(o-oSKA6H3e=TwF#k@Epy$`%0&0a=Rk+-9oZZ18bQngy8*vnxe18 z<3V!A_NerTn3Dq&X~MYYh$cv#@wMKBILm_psOQ@4fk%A{23-kx2h6?Xmo}rM|Jd0Y zLYhI`H&PXR;cM=jukK)yVP$*J4BNOxfa|X&4xbU-XD2WGD^CJs%BGNduj}`4K-^A3 zTwCgj(XDBm49gWF-xq0SXEm;q%z<6@tT8}X*A!cwoJ`o6``bW_GEC(k8tzR>6z-?C zDgWdS`)ov4V@?-LXsJVTPi4Cr&uH^a9So%ZjU!naVJ^+ms>J4bF%_c%DF&+BXKPwVlzH(jB*Pyy@UiY;^uAhdvoAsb$D7yRJ4sY^=Y-dsbvMrR@~mgxpbQ&%x_Sn8Xi z0xw;2{y;F9Hmz|K**lrtzt%uJ9eBYPy2&qJUuu3zhGu5g+LjDavx-`MiWA3GKk^Bm zmyH3%!hK#-VzkZorKWx;;be~k@O(TiVC5}wSB}?_QKs+yTzi`j;1QKTTI5TQ zpLtIh_tba9QaoNN)G_LW6qX(!eLk16_y9LYGUPA);PH zzK#2kJeHRi6TZnXNF5(@$3N5!f?cBE;UE94BqMWj%F5QbT&Slc%nUbr$Cnx{;F8~x z9^-BQ2|jUFdGZVlZxs$9cP7~Z4?y2w8Fut$ZD_tfpX_n+G}%PGMV8qej9DDKm^|aG zH`3>j19Ht1w^JJ2f8*^ey}%jjV9%1zi2oy9;ybnRdH6&>%5pmc(*QJcKZXgzYUVBV zHWz(b@wN@-zky+f()Zy$=bs3xns??}kb48rP<`L3xsI0=JX2s; zHpgKINfS(Hx_*D-_07I`Fu&|_RBUAApZWD@e8p6RW6OU}=m|I>)u+WYf8?IqXD>KN zo6yW&++yb8$oY8cZMXx1r9(-%F-R->*+`Q0^^BOTTDMo#n)m`!aNlmEbB-E@plfZ) zhz;~JpLEnPM52-((o04=*!3E}6S1v`X<#9`QV07R6gTo zmX!=Urw-q*i%pki*c${sra03_{e?vZuPHohbb_!*S908~5}~zFGQV>ADDOojzjFR^ zVYW>=iLSiVo$Tp|+_cMqYW5cIZpM}AvZfD`^hnDA6N^7E1CMjbov>$O_M>ew_j#bW^f;?_|{iBAve&)vP=NCf8&Ipak&40PM4GX>v z5AqtSKkPAVK1-7!E+LV8?`B;V-UmM|i^p1&TPd!c9E{aAGyDI*xHSmxHdr%c1koyR zeY~R(Z4{zzLV0AiQ&W`Vvx2cF89k~QW~v$M87E4$r^VqpW(*c03_8O@s$qy=TN!W= z%T7>ofp?Vmsn|bWbQ6L(@w}&~o-!KHwuY0hw|#8r3-xPOx|{xBOpF|pwcEKa^)vjUhnou{U@35$F+WU03lcD1G zIoSq$T@~RGIHoT&;p@_{>DI@SZ>wGh8fG+KDLfaGX%qC2ge*VD2EUr89kXEp@*aKP z!v|!D$!&A}9_;?F_Py$Gabm>cZ8bSiu$FG*SNyPP%dgiR_GUlx^o(6Tcge4xn-ey1 zF%f+;wbw?8=Dw456)0JkiSot}_GU?%uLoV3Cr68XWiPMd%^Q4Uh|M8Q1>3{ga4j&p zSdF2q#fm0($P8V&8W&EA%J@RZzlD`^@&I2kqNa%O5OAa~%isxCZoGQFU$xU2w#BB# zr4jV=_{1`#NHbGLv zj_rZ$;Xl{*f=-xB&RbN$mT2W~9_1PpDO`u{DeA z*7d99EUT0=4(K61Q_`Kj5}H!dTz%HdUM7l*JbrmKbm*>+JD5HnyoP6ebLKJ?>;60j^G459ns*SdV2h@ZEB_oykrV_UB7OR21noT> zk4BtNx$Q+6^DldPLoZa?qscY{&*NK$#1vm?hRVPDb?q(XRVsGK#Sp#FC_+M*S15ox zgs$|t(p>JX3@g?;;7xYnp?4hj30k2&M-TeDVa?4QnFpZ4cUnCJ{@YZJxJ`;{p zLJm?Uu-sCfw$rF4P)jr69K2hVspYLDb7qVCWRu%-chbJgLe%hJmN={<-;}dp^!aes zN7G$t?L1W%$+(PigtCh7udJ>5ezcAA8JvEGfVeQVRYmXDDahP2lQ$C+i7JSAS=@$* z{Ln?QK@Z{4GInm2A&(Hs$!7rG`J+lQthd#v1$jYMHTA)OHiiw&B|*OKQVp**j6p;? z_yOS(&2%eWfjML*@l<1Y`f~Bq+@ACBWXn?>1H5&RKNA>hQs@Wong_C*R0p!|Z#wJW zbS8MkEND!xBBMJFLJ@$iO#nIRULXK?re)p83HLqqgcid7&pJH7I-=D9z+*A~_q-gz zLJSAAU7;>8un;S_m6DZaxnl=hrX-qHhZpu`SPRfq+J#dOCcdJPR|#Fse16#08;>sN z!Zz8WDn-XA3e6wD$y0%diLfKIv)VZBy`=vSFWDGVYRkQg*yBeZNE{Mp4evli-_sY4 z1-eG@{uY(MctNyl46YoZCLIJrmGp}oA^#p)EwAJ-X!FM`~hr-R4rZ@uv^VB(D z)_|-&ig9zz>Kj+2BBDO3jA#19{I*6pw5NiHi+2_BbFez;LxzF140reNk|{OCWYZlb zaGjY++apOkfy@TMLf{M?4hWj=_(}W_LW^Cwi*BxI0yye9zEaFMUoZD?RiK!AycyHB z?SM^Pq;>Y1wu%qJ`P_bTcGqL`it&NaS(}Op5hj>-Yu*gaZm4xR^z~qM{C_`cKs`Ot zbVuqx9~E+LLAuJ0?Sk;cdLUivCWuW00`qb->_S1ySRH(RYno)g0tG_FU=A4M+TzD9_R-_ z26_kED5mukx?#7=ij9|!f%jZqyE!b8d9-4PVxuW;+U#V%Y+CkZJ{JBcgfNae_L)Wz z!Hn51i|uDLBHe@!$iD02u5ND0V8nUPe4M<<$$s3)c|w51o#~N6J@^i0R}NvuiNkQi zNZth;LwDj;xYbr%yMj#2(}=Hu<^y|*GMrWstq90g+eaCQB1@l=tw>1Kby9Ld%tmU& zO==(4p5YuY)D(fMroDElC}EwcKAH><6tm8JfduP*sc#~IZ+=wTOkN%hb@f6^WJ6@C zLqg)G(Dm=nRoqZO7|GE6eH6MhUp=mKg*INlO5YL_v3<)aV+!;25*N2d?>ACdp$|ji z4!h9PKJI)!3uEp_8InRB&b8OiTG(Xo;u4<;kG)WViXqaq>sFrhRB#!`ISwhL{ir}{ z;F8dyHTF)}wQxGX+jFEU@*7t#+#p_ zhqvcbV+8^)Z^WU6c#LQ&=($a?nh!!~gA1kBaRptL zciicGktJ5Lc}FMBh>&ta9`!wH8jll=w>Of>dwB~fsyUaZk>ai)5ej}QPb#(fYiOFM z$`{idSnacZc-l(+9tw5!Lrc`446L}cZ6y<}S=Z}#ego-`c@T{Mk;#Z6<#7b@x z^65NH=YbH5^NMR!DONXJyClBjcWK%LjEmk8e{+^6!UG|k!l)+Q_&Tjk-Q z&DEUZ#?P@Dxs&Ki+cC+7)h;AHU?5$8;^@fUHtMZKzjW!4EJzow@R6!X(skxRXr~QI z34xOPuNVdn>M{Q*QGFx4{h}L)L2dnrPoSZDpfc&y#@+I-B^#3dmtBExI8R~Xz ze?f~YtpPcc3G8tjYcqpw@wfan5!BJvgmWyHZ2gq%FE5-~<`mL3HO-^*LIR3@LTp@o zKiIX#6cah~4p6WlfWMrfT!(_(<`p42q$s=^s00 z!x<55C!iAvT_FK#z?p=Gg-bCC-UzklFV&6y>ifxv^<_nz>D67m0!JoRE&ZZpCt>gG zF5khZE&}?&VWp4}i}6?}2*ll8pP^4TjH}Aa0FGmV9h-Ck{Y z0DOen*kfbU$F6B;S!bG(m=POi%^-NuqVc*C0?z@{h0U@J?BehxTKD1Bdt-S8=@rN> z^d;w_tTp4@HD{LKamtN#RJN%$#C`SX2qLq3PG3HHr)i*8KM-pm(0hxu<2m_~r{cZb zqs&HMr1$&k=B%t4kPTZ+Z$b8Vc zS0+uMzQzh@OVRhTk)`yUFRg;F+#maXN;;17hfU?q!1+k-ny7L5yya>0obV%#Z`1*{ z?#f{?aebyWoDUCOu#xYb-&&R_vBUlM9i4A!5ACPRTC1QdSeq7EH?>l`$R)Io(F)^U zV`iEDY627k-Mo&Wt>GW*E5Nl{;1Z_PCM&9?-y$r%uRVZ`mW5qyuysx0 zDvGJ{1urR<^0T8%%gF;XS&YZS5s-OLTD9i_rFrm7RjmBcXW0K!)(o03eEMAh8X(LH zhMh3WJ>1s}g7hDnKe@+kv=C?&ksKrvbsEq5)HPT%;A!`R^vh6n=7Ou2qwH}XcjVhG z&bAbpWxo6BFZ$cMj^~SRw(5de**lQny@a6nxSp5lM%~m2hNiO+nn=m~m)SE@p1r~q zwz)3ublGMb47(}L-|qj^vaOU)0bfU)NDyU-w5T8~fJ zuG?ZUs3&8WWE2z&jXdo-0zlgMSL>-&-iq~XmT2azP1cY%&-`_xH3EqWyyXcC9iDen z0VobbpPnM@D&x-VI)$&v_4y7O8>aS2kHJ@Ewb-JnbjOlsC(v*X!tQ-s&U(9x6M9V! zA8Etr^zjcHRTa4tzc(Ip&e=WC^!c_VCg}=$>R3P+y%H;JMTj$EPXgi&BwyqL4%^TT zISX;QjieTPGVJN2yp7xfOY&frRlin`nu8>#*^^&)m1u;;sJVhV9bIYaAP=0+d6-c% z^rID5LkzGt$1<(dpf?G7iDSpl_w?)PaEUr{7f#1OGhiQCS!vxshDqvTGbjUiUh2R0 zv+i${({X&PZ)ncE|6=~u76E%=!7$sW+P@u_nwqMFpRHdljXs(NS!CwJ^nw8YjaEv& zG9P@?nMMYEx0=IxcM$NBFofY12z~fH_`6rqV~WY^J`X+zaIX)By=#*{mOFEP&KZ|Y zRVib{Rd;KqRxp5T>`G13iUp=>JsXV*k}Wx>H_e)Ur6voC;qrLBTjXj&umD{;GHw^A z^F4=H9Hh~D&5AD<-mO>T||XrnAGpRMKaRe$$y=Le|}9uSMSA=L&)TBCpD zq2mYW&3>q`{&2|ekU}mjLQZ$1xD-s1GCrw7tL|rx?!EQ_9C=b&J7*sa`tu(nGKQb| z^2BBJCuevt-}p0y^zyZnf(W}c1b21o03b)|48DEsF#Q<+rMiTA(ERCg?ht6SAi~Dg z`3$JAJc&EwUB_~zn*&PpH4W}W*R{nTsjLJd_t6YxD}DmM-vw|)l6_{7#IE#B`@YwW zlqXMR%4`Y3Sa*yZ+28Ppu|<$C)ShzD*NWMUg)7ex;`BWp2h7Mc=_3GqGc8ggl%A|fWaS#M|>3RNB z8-&FdW=MApH?3xtz6az`U( z-`<*&&fCow0ca}?1P-b9AYD&eN=3r$=R2>Gd2p7Fea_}XqiO%q0?al8Dd2f2kSF?; ziapBX2>LVlvKfY;x9R@!w0VCn+RK6l746^;bWHg&hfCR>{jz(fHn8NZW<2Kg-Y<#A zms8Bn5(pl9oqL~aWt~wU1ODO6^qLeKxK4-Y;8Z8%UJ8GfAehFUz_1Y_=O2Zfa8BKU zHj2CNCGOxGuckhxf9tnMmwX+9C;qOu11Uou1#4u@C>p98rrOD0#5YO%n1h-N=bLaC z=}gk_?*$yBP~Yuku0NS+Npm#wYW3d@QvTuWXuL6_`A58Bxv(i*dI`hlQ5&sO^ z0g;&$-Wv3-B`d$a?6ZCFb5Z`ppH$1)7tozwx<9$%fI;fCi2aj?xkfcJso22jpu)Kd z5&CBFiD%u?S@S|S0B+s}Fb#A@@RiS;nDG+Y84n-rIpea)5<`rEN3kor?l5N-(7i<0%@eq%wMQ&wP2HVMU7ogzM-Q`)^xg-(USJSgcTMQe6k~-vE zs_?OvxUo{>v@E(WFS+}PboYC>o;PK5{2nOv>nm;dvu35UTne^?L)^dqkyAX?2zn*S zG)6_9pVbW0Q6UO8Vqc=hWmadv&l)6w~*VOb;{+-jK7O+_a{V55%=kbcd0Y zb0vVhXV>UkMid2Rwn$rXf}+tug|n%PA$enmr;jaTV@NvZ8BENj#p>1cs#WV{dv^XE z2iOLwjt;V602(L-LjFqrirl`eIdTX9$qGx($5AT8MgrvgLBDtz#U#uViWr?!`#gG* zpu;3~2l0nJza;%vwk3BZ6}+Faqql2s?SzGZ>e~saxgQMaEUo+f;hADJ_sM=&`m243 zM;%mB^RI7G9}~+07X*h;AtyW-t>&Ew^+3=;sEi}zXp{V;nJjeNGNh^4q~_IzIr$CF z1yg*|VdH%pBsU0HT={?eddYI)fl#`X0QmPJV6!}w4K&R;lx8^D|a<=b>Ily z8|?A$Tr9a=6TU%lhU5D;f{agsC~$EtDPt%gewpvZHDmM*N~Q5KN56mw<8at2Y1sLEO5)&6Hf(qcV01* z_pivDj!KEcPg<~djZVvNo-n&>!~NFH>UPFV7oshX9%-Ma9l#Lxu%bIVJ1T?cJ9|OA zl?Vv0o<+I6I-rw|3INH`5}ufK(B2Tc9H8(^Mj6i{p9SrAPgWsoT@0PX8_p9b1=g6UNq^K~X#v^|vLGVR(N1 ztl5i1|G|z797pUurPS%u25-J{2LH~U5l{jIANXq>n4=HXX7dn+zrxMv_GlJ#mlX&S zghZ2B#pBIjqmTH9cjeoL`VS$~JwPZ;1KaQ&r%wSIsAp6N$OfsFXoekht&mH+B;c@o zvp1t(sJJg9a6iLWPAo(bodMJ4jWXoi;mV6BZZcQ{Ll(wT^Y>E9Z)nT~s9w^|`?wHT zVKg6^mv`m8q{k!37g=Dkwtz&4ylcKQCJ~gqB{NCDUK@f2LGxX4^ugy)F#!;l$ng!r z{=JIhqL6fugjUzoj3yP!S@`EZ^k@O3=&Hg3}d) z4&?ZE|6mY{iIy{EldTux1Zmz8QCdmFps|pJUir`ITRzff3&Pf%TF_%Tkm=4zuxmRn z`B+=uh(4<*HZrIw4J*dLr$c-s4~^oAyM!D*jsZDENbGx(exv)DR#9?5agqBHL{q%+ z=_O*ZYK!UrufftwG6Y`u0w3UD&$je#nCOWerG&nNj2_SodMs*WJ!hVuM#QWg+V|@F zKu{-2VdKLt^6!O`>-fH z>ZC}TAozbsd+V^K+xCH*21QDgZbVQ@q#0#Uf}o-zQVJqcA`%;&f`W9ZqYBUUt#Bl9hv4`W^>!J*mxBFL&whWT!pv7e>(Jolrw#@tJ6-S5sA z<=tEbA+q`g^HTN3hOJN+afI&1Yz~KuVVe+)3Hg~Pr8K~Xy$`#eun`kLl}?6}tNGOL zNQGxEH4$a|ER#Z%vKQ+_2x#Bo^)(2u6Y>d&VFo=mX%yLhHUqvc{%DqPdKZ=kw-XvK z0sRW#heTNL#_%k!w?XkStu}9UR()=?gT6FX&^CJXb}GlOLC134@gK_;kSe`Nn)yxj z_U<5HVNJgtDYUPn7Bqu8f1_^3t=8__Q>Bi6_Yae0ic3o>~z3DPPLO?O%*!;GwevYI5P z7KJ0^%~I0B1P3wVRz38~CjR2^O`lB8OG@duo5!+G+-`GpjEmTs0NW(Tl0}hC{A-_o8&K@lkXr``S0^f?hF-)Zck8*{YZkHi`B#7a#Gf}FQ&OOyP%N7s z)=9lrqz>%X7OKdpgFm4bg)5k7iO~sa#u08;#DM%CAzA#gHu|a z`I?pK=I)b!`eK@c_@G?WQ7&cU4A!x~`D6%0G`-i(h{vJX5wV4d6(jsp@*p!LE_(TB*=1f$W4f_$l$< zANJ3qA007pcP7|;BkIMNY<3N~YmIgch>mh`4`+x7rSxST?6=Cka;}$Jq6TDgG5kv< zk6jFAC42>_XNZyds&tWDGQPKeWdE~hn?2%k4=DsIquEFA8MJp>ANVf{zjGs}m(>4u zlJ7k8)kf4m{n>u?QV;Cq!+-ja2`tf*s-+{OCWlu!- zCr58x-B%&li|Y^MRxBz2)aGC3{MT_mG9T`(!zH@#iBgE6D|Wks(>*E7L@)p=igN*) zui23F(OS|aLWjU$;gdIu`P^b2iR!H$+RbDii_z4D;EV7>GR55u^Z+S6H#m!7 zoa!c#UeCAsInQjj+>w>y#3A`^7V-$js$072F#CBzPvigD51s^y`gByEo~Mka$^t3u z(-@3b6F~0~_S8XbNHy`+lpqFsptE^!FFX-8h+0|y;8Uk-1F&Sn1Y(&~Q~E~f?cF-< zLvJ^pI`fQ-4dyRyy0APp>1SXHw2%MN5Y|ley1wZHGDY>yJXr6D@#OL9u0pFk+gfbs z&#W_ZAsYG0!0oK5h*iAgPjRC9PWnM|y`&;J6a-L%M8*RMA(MY8r|QJ+yn0c ztkF;IJ=*c|{RPHbhdyQheYOZk?EHJb&$H0?9xA7<)~xk(=|}1GEP*TMp+%B$F>Gz=g{J7%mr?`U-Iut zrxB$r7gWuhw|=t^+BX`!OD=*6vE*r8aG(GL^)TdT0GABMvhnioqVq|iAwe4;o`SYk zAR>YhL{Sp*nKHNW=JQ}7SOnC^UoUT^RqgM-{(HN4vM6YaUq6q(=^dJe)B2%S4~QD4 z0XSs6I8<;eHdEhS3&?X-=$oUB#9k{ZXZ9_uee(e1VT}*fb4&0g!6yO>i6|QM=h!jGH}RlRzs4eOny0 zO2f6cYqFPY0Dx8Rr=GS>g2o73`Uquy1gzFxVFxE@5CqGzh`S zmRU;u{_f+y?@)I3(e=3wJA3h9F-O)k62Ohd*L<<0%JkP&s8LkJivBJyYQ23|#yEDQ z9xB$uI3GOZewsbwM2>atI#m)Fn?rtU0-qND33ME${wltHL%wzS?6G}X!Gzy}N7coe z=Xh-~Jy%k@W}&}S$uk8XppkjV+x;>vrsBLKN}V`BtWGeoPhoHhpI&w(l>dEreAzTp z3D3E)b5ND6t3sVh>B)`r0}N3VmFF2y@4PR#tNI=+CFGMB%CK;O@j?puDzG-W<_INl z`@n6N?XnfVWn9`1WruAYe9E+LqxP#|eNc?|865afP+*z-SvT8nsMq(mC!#?VaWmrY zGV!RB&U5rDB{e_eG9tp_^Ame#=)Z$cahd;g`#V#}iIB!69a-(pI$D{tnYiCjH>=Q!~^~ z_B{T5dH})p3aKMtOxnNUP#on<2y!*+$)*M9j1VU42a6AqTapm}FFLMQRRSOn-OE7l zuf=;*UecJx{jvG~5Akx`lfw~k(Mpe1pR@x83M+90(cO2%B4b8N^TlrN_@V~r%ib?` z_iM_eMh{6*FVBPSP!7gZ7CN=IH#B-xt))}}SP*nS{;f}DsBH)Oq0V)Qw#;xV*W;IH z?DHkZJ>y6S+SC(eY}C6F+AH!25A>~KIcZHXz z<{8%cg*3lK5{$(}M+4?p!`)IulU2_y|FNHYQz&{_)Axk3G>zHrEAk#bM`=J*VVaZ; zuO3P3oY~>d{-36xpYszQk&VS{Q@T>M8jzQf+L6EXPUN~u=qyxI<nAILa<@wN_p@Zd zbcQz}@iFDut?Xu5GJgfaFC&ofw%Vt9dwx)DGIb76x(HSN7u&!f1;d4TkX?!q0bAOEEOef{(560v;-PpEg+2COlIH=t4a3pPgOST?aA3=zXv(j-sYy9uf# z1r{OxhX_rh$hkubnjjYhm4(?3o~}&cW}yoxx10O3(0AZzX}0CScfMDNLWO*{Q0%6* zp|ewa`mli0AuKEy zB>DGQ=r4?EBfv7HQh2g!s!*FzdUD~s_A4yYYnh|TYV~n}9whe&zmbV1mT%XD1D1t{ zyh;V*mgJyq%_FZi8r^eD0FLD;r&+<9F+moy0)Qp^5o}Z@&T$q#A4Itj_);W{(umOU zLvY8a=KUO9x+#rHRE`aIefbpHXpgK|OLD>}V5)%}7?y{|J1y&AM&^(e1qv8lC!`l} zzH*$FA7MtckQI!{PJ*Cg8j9q^5IUwoxiZ=EzAe!2&NuITQ+u;AVViX37QuMGVZ`?G z`D=9R(+q>Un6YOH7QQD0OVsNch}cN2Ph>NY)9Hl=XQn3usE&@pwtQXg=&`d4DJ}%C z++PuTbWv3mq;43Xz7bc0!3+l9d%;2FWTH&aofGIR*ou$q+4~B3Mj_s|W# z;{0||^wo6Rs=(y`j!ox7e~-9pI8FX^IR&1)FSBK7}#PI4k3yywL zZ~z*ueF-)sH$X7S|Frpk-yXl5ZeN$zXu0!BzUp=Q0BmZA3xpY+LIg1sdAg%$!&iW* zbqReTg8kc?lJ55JpZcRge_g#=8=e!@4gP2#Ie;ELRoycSJ&v+=4*xL=1tQ|*A=?2` zPbEa`YTARoY`Pe)+m5<<78=lme} zArMwDd3O2w@AbPKN0Dm*oPCg(w`Lmx-FA}d%BPQymzF&}8`$Ek@n38F$JYYbbsX<@ zs1JCqbvWQgQK8`kw6?YqkZSY6Vey^7D%v@`H02V`j|Acb`tm*NEDd zrfKeG4+WO-lz``dP4R5N;7#Ix7JUyeM@gaq>JX3<)s^s?lp6AU;{vQBYm!N1w@B5x zYsdLaf7El^NhMP@zACUn5bJ0g2@IW&-kG8?L z0V=e_Jj1xw@25_imwJ%QFBkqilBl*J22GG6jyG`t*>JYX8)`;rCC`hn)BPfM^D%+j z`e)hyXrx$eQqYu#<@y2|W3oP4NuO_7weHfsy$%Pi;c?H?@P**^u@5(kd{&;we_6D= z^au|eE*RB{_<~^jk)@H8?R|1Vkj2qzB6LyB}AfE;7jE^mU-_u<>m?XJq3*$7K z9uAri&ywd!o`A?M z53o)EWX-?#PQ4YtP3jn@VMPcGRzbP&5R@IV$ftEgk;;7+u}g0Sq1^xRApxo^uns!< zba99R)ps4H4j^yZS?kd=10K}C8t^VIID#qys{jzyi@6W-9Ur0LzI3G3C$^=~!@d!d z08|(dOzX8x>&-x}m5UAZE*aWgFcfOrM%D}#%9fCvGlKu)!~^o=gF_GbQM!<7PcS*O}nI5zgclHQUQZ>LMAUH z?S(rn+hIlwkrk53PFWC4HR$u|l;0A-jC@2^!~lT^!c@-4WONdQ%Mc9h`0DE3VOE^V zM}5BNADhRw+e1#jOkA<`J_6o9K7RkQTj1(%2|>Vh(>{014KPD#on$7*RtZ@63%0IY z-62E)x<7hNZKjU=;5|8ZWaScw{l9O<<)oMqmb;@RSXYrAG9f>Z_atYtm!JG zKhoeD;EWtO5g`Oy5b&L6({28t=Hzke(h@xS3xK7)aHh_&HzowIzyhPaYuxN`WEJXl z!#x-HVD%gypD^pWDW9r`gBp^d6lcs-5To($tNkwn3Vd$h715KU!WMUiX``@21bQhG z$>goBvUf)SHtr^HO@XCbm$0&uv$C2Me~g%(#4I?~`|bf>bxmM(@z6$c;j-ZtIJ5b) z&}kxUiB4|b?LF3w2jz6I&-j9>!&H})JO#7zr^z~?Uz~!DOGHm;BUTaA;$8&Z254zS z%WlVAujamlpYGqx+fQYBi`y_|(lX|5ivXo{3 zMS40ajuFxG{PQMZR!yy(V;U{$)3Q4k#5H$+RzoG4kd#kyDm*Hx0OLzbPjJZH03@5l zaEXKQ`TW#dr79$_Wfq`CkQHLc3O#vH@A?KnyF^J~fnsuXAAWz1ocpBxH~lAttX_rr zW3tkl7^gKCNGN5y5j+5|SS_V{HqanPi=m*sRqD4D_(vWCYee;~RABkK%I{hLqHUzv zNP~PgQkQ)dW;6vFssLi~^b0JLp7O~Z0%5V}C%`sUX8S1^1aKTp;7XbW623Hndac#E zRRc0`0oy+V>?s!m`z?XjQBSey8Z--H+3I zNdTmn|O?ViOhpVVtkr6xuDT59GIt&!cVXORh>Ec$B&QCjR z7}#O)+kp54dJ!Gva_xU|;<_t&szR@;!7axasIUMd>-?;Q|47dCtUS6+qsH-d^=jmn zZZPNnSdqaVRTHl(l&M5ayOpCq?l6VpEhxA1$NTuLt%y-`Bx&`~qj=cZvY;=P;Mr*b ztS=BY7oV%utPv~jw%ZJwHSby-WL+nf*)%K1f)&PY^{6V2shPgPLPX+HdG@vDcXX0w;Bx zi=*HB6e9a}i6&`)Cag=@U5_#t!iyMs*U{tFu>0p!{5|ApWl|S*NZQYM#F@*BHfg_C$RH`VfR`PG`Iyf20JD zap~t=2>*T8|1DcprG4dUbo)k*swf>}e=lVq!8=Z>*rV=CjYmiG5xLfq1X+}Cw?LJe9**~A@0FVRT%D? z@(0^bLCX?YGm*o(79z7N!z2&DG>>7a^RNpyn28}V?o8fM$nAUECcCo)wZJ6x;Gh+N zSGFQJu6%wCTu^PXiZgnOQn0ee!ZC_SVq1B~di%D&7@~+w9H%a3$-u8h1bu)N6*;p<- zdp5hzMePm@(DOY(id@G~($~H7MVIWvwrQ2gYoRy^Ax}zFKs^-Xv5$K)64-;==h4N! zSQ5IEyVjqn(3TAbYN>n+uh=vTD00Q$f*D!othusqV?zsT2{rqcBC1eAMPI!Wx7T`9 zlF#8z;Q(wZO2fRMPQlttFis>Qod~9L$*8l#_$HqHzr4(Mz{^ZJ z@hUK_Xc1&g0AlizrHjowo1SPhlF`rjYGCs=yzz9 zDYv=M0XMe8KU(!rFVJV0kKQ2d%OqaV0PY>qyRvsO3$#0FJ2@32KnwOo&+TVBliYZr zF6BMDXZ!s|4y|KV9>OFKJCo$~)g!n>y>{250Af$O#{1yW>QrkHz>5`)=~-C3M*t4e zDgf}caUbF+=lVV+yap5az-Y3Y{d+hU+(vv`>g_9L>FA)?cFG^RsF1=f0JM>yX zTyzDz6#Z{Zai7~AB?xNI=6EG~Dy#CWO0Hf%!PYyKPP`yjNW_&SBy)VstY42dg{LKE zioknK`H-&kWpTQe7%U}7S*O#F!JR0}18@W;Ef)fl^^aaVX}t$xk5NZ^&(ZR%S<-sZ z$lnmpzsx{S8X`oy;JgVhZuDLG-Z8F`E2q4`2@>F0<@BV+N!$Y`iV7%x6dB(}g8{+p zZm5kX+##M9+qbqkchN`kLi)kMS2CQ9Rj%)>6@gDkE%t?nsrEUN9E(3d;j0wazg;PM zKHY}!%cT}aTv(MAgD)1j4h(~`Hyp%le}b96CcvX|f3==9Ow0-?*4L*iq6{fGA{^!_yur;uY#~GS-2DXF*?0c zm4mM)|InwXH;}$GFhJG5Vt=Uk|6)Fquze*TGjZIh2~j`dRi~p(l%ud9)XlO(3*^o* zdz?wb%d)RfCIY9Lsd`Pn>--u2Dl9%*%{K`D7R^G~;T&SyD}7}{lwThD^f>@$kIa0+ z?@dX37a%H40oKER&>C8AFktu`Q)l-Xt0Js%pkq8Ch^svs9MSN;8C`~bx#077q)%-^1~cM@tZ+(pLOCLnmy#gu^3V@X%g&e)1K@Sa zW2&c;Abs-CBB$jun2}c?5(mm4z~mn%F!=}6K%}2^l^0Vdiuk71d5PIEC>-m^N1%)M zsxCdLrS*5TOBSl;SL0R8NN>`gVR_;M_#)^zrxVo@RH#trl4CrIR~tO$$07We6m=-5 zCgNP{n~sUL6Ji~Ib;X|`77?0rX5x?}SqbZEF~BpL>raScwHYS5GEsW~4RV}mD_+l| z+TKt6oF^rBfC(;u?lSWMI`P|A=wUtgKI=RRcfhso))(Ft>e5;HfgAaIVw<=k&ywuF@pySN_@(D9k zG-KSP_;Hx$PPddx~_(Q(ux0y^<-$1 z5@DASdt*N;k?G-q{oQ6E$;TZp$@7R}lR@Vff$elmwF-a@u8Vy^ z`zN8^UU+y}S9JlP`3$FA!c`7o6=3Ev1mQ!Vi|znI-}r_Qj;5gCULoJ6DR9L(Jd|o5 zKO9iOBG#rdVswvti7&1ZplnqUB~NAo=#(P~Ju`)P+x_j8x7*^@=X$P<1#_YpYn`Z? zKllxb2;Zf$ZN>)1`T_#!6ZKmDmp6-fCL{cQSFZ_U!KJ@tilsdzg)sT@3W6NE7G-i&3@R5y%pD-&&#pc#D~ zh?GgTj}t?iNzVV;!u7xlc=sr;gc%wv>ZeuT%Crn%>lBh$Yd z%JAy8R}+ZLc5Ixk4xl5dCfX(gbjiWq zVw_lqJfPcoa`nPc$7R*^=kTIB*`A~Iz}?hLZZ7C!`1kMM+qxWq5xlu!H5=@@m}Mb! zxT#TlrFP+sy+IK_nPLVt1^NOJDdBZtiS=v1xx!@1JC*0gcWAdg3f_%Ub-+c!ipS;e z;kljYu2XtH>}q>1w^Lj9c7+czh6u&z=f^)UB_n=7MDZW52lp>L_`ckn_*A!r)5qLm z5F2WiqZGgS#l2q;s-2MHe1m_|q_Ed6WhFlj25s4Y&n95SzhLqe%C+Fp5#brE(<^?F zp@lf~!UbgtKHb;8vOl6t;;2gShkFJgce9e7Uz>I~*M7fZ>h8!P=!(0yv#UTd)}p*w z*ygpprUX!oaV_JM3cz?XTFwghEuZ_4c()Du9SK?dd}X?@q`jGW?`_Bi7%SKvBAkEE zZ69E7ET6v``Y5M7=49@5Q#oSBo=lMpand2*f^H+rcMHAkO|%jawdqgH;(PRZBSPw? zDnOTWuQ3$TwgzWkcwE2NSufeGU*4frQ#n_%-bj=6p~c7b+HRAc-n9s0kBK+YCA1wH zT0>uhpqNaQ!%LXTen0V?@4@3RTM}N1)A6f{JLsZPrZw}GsX%7E+pvc?nZi2uC3Scm z(TUoBzf_?tFIQ|{n^`DAZhjYQZZ$Qk+}k2mQBkiHehi1t`D4#$L)BK6``t9e62CZA z7)FfpFC;tUuKiG+f(ywnu=rXKhaZ!ZL9_T-kcYD>dM%9H&RVp)GXrT63vmoQ^_?9!^=y3{bL6e&!45=Ms}tYJF|5cBaZ-Gc zC3VYXA$D*NbcPXH<5+hV%>JHQbt_T zX{6!i>XvQk!7%DjCa-#TKCb2Y-ctF%kin;|+4V{MZUO$j8-jN{*?V`+%Vi|_Y4F2Q zGslr2-(X*ZiB6YAUNXf;Dvwlte_X%Ueu|%OodtKfWnZi%M+a7826Sw=QXTfOJ2DdEz=c*c~DKdS6w{DmlAMb&?SF{bFZ^N>JdUo zr4+(9NE;x%qtCIv;)CS=&%;S{!a3eAayk64c{>wsB&NV8nzS`KWe1H~5o?5hb!VP1 zG3JIp%>a0a_xylf zwX<_ce8%abySakG=!(WAnDQhr<&E8vR1Q}nw6_LyYxj`QYW>~HyDc&xWYjjfJtJEq z|JX-Q<-mE!sY^+)gy0WbZ1&B+35kGsjBgG*n7Ji6a?#08MINitSW()+_pb9dNwAY} zk(j=c9ViT@$FUGyAo_Fbgf2u<8kj@;MNC_g!*@o*n{;44#?QUqJ9n%>lM_8<;q9&a zo12pCew#so(DtO}WUSuEGaL7PD+_`G;vU3tG>gQH|pdB%>ND(8m8ENP#rbpfE=$EX2SC z#3fQnA7Pr_E?q7QJy~SA5V>UTwe~{ej5yPBNVkc^aB|BqmxsrR6e~nAjCuNTa_g7{ zEMj^s_efm~HnNY&SVGS#B@t3rioC(i=^B>MZS~ z9YA^x8JIT}%o`Y(58Dsc*rw}RePyLDU(Zte0Olqr0#NmG>7(4pqItqDiGm(RMpv@?XZgk}l5{j-ZdyZ%>?r|jQ8Wej;`@P6*rQ#ABd&{0oNn*gUEaUQDt?w3 z5q>QAUdz?1jwUj0br!*bL%uR#=igkT2;ZI6%(;JNNzj^GD>b1cA*1WskbXBxYd1C{ zLVL)hTjR{qd21^z?$~u=Eyy+Z)C|19oP)rDo)-Q}w@2}`Qna~S`5C66wBZwE4yG89 zch@Ct?shKjMVHZN~Y@KBXJ>6B?ZQm1m*#c?J?qwBJS$tw~?4*!JZ`PIvt^} zLcmT@EMP^14X+w~V*cK}&%>^e=*QCJ2)%2&Z!$*Tk&KB& zE1$6z)WQ}-VxJSAPske+c=bYNR)$pGNj@}wrCAep2SuYYuz(fDwn&o@tU-k?)z^AP zd7+adkxK~V3;4x3AC|Y;P3!erya=v1Cm*AI*z)>B#?72rOeV#Uidh=2r>05@jVZxb%Hh(`cClT!?^m zd(rsm_U;)z(?ThGcrJ{0Qtj=1Z8tUEE=KyDz^iu5f}-2_c7c#5)I(r79-L>Db1#p& zT`DyVv8vhIi(Z7Lew_l}3ddkqbD{CcA}Z7VeYD`LXZ`!EcYX~SpkMhvN1cmQBD`~e zci4?{68+_7r^S?z_^@szd@E-#EOFdZ-&lA>tgTboZPNPVoqjlC%I+()+O2Cf$byP@ zj2A@{^d>;H$<5zy+=?gS7(bdO=!qm3?>w;5^o$&;Trwj|CqjfjBtysKy*56XT_SKx5m}S?Pg+#D>|QNVRl=4a+-q>|_A>|-QKcG3t3B$_F8kQGucAxxipJ%iVC`Tx zi8oUc zu3}?uCzco2k+-mkQ;O<%;2qe!9#nGOVmUOBP3{+x-CKBJb;b%2kqhk-Re?(DN-m`z;cC3uV5T zla-FTIsIA5u0wAoL%JH=pVeTLp;Ry`7-#W<%_0?07!j8gej9zNG!(18+IAY~Orh}# z9i6y90}-u-2m1~VD#Z**c;FC42W;p`w|AGFT;X~e|AB@oPvo7+x?S~X`3Tdo=MgX%A#^Z@;1RO41(w}?_=JJd%oujrNR?^=L4 z{p&kVx1zg?Au`%s>ND_knAOfX=G?M`Q|+$N_nrhim83_wB^N)D;TJZ&()elj>2`&w zr-mC{J~_eF{pLooTKMGCQsg3HlSMY31@A7xk!h)-t{ z1}n55(hjX=6)zgwp{OeAfQAe7ib58?klpHR%w!u1FAE@M$!<_>^sNe)yFfDbAXKhG za|29Ysl3(pPRYa7h}CvwqA70gO|CC=&@!P^DQI7^Y9-7eS25*NL3O3G4-irXJ_ie# z1??yZ>Tm?3Y~aR$+HRI@UMxr?8H?~}1&%RJnFYOs57f)g6uz#8n?| zMqyKs3MPGaWMQ9b(qX%h_Q;zjB5mkY<$Bgy&cEHQOK_4DesG;k0dFkWG(_>ZsNlq? zr~9PXu5qKs;%*E(bQrRY)gnUqVIeCw0E zBuMtA+Qo>lj2r=BC5U!6*YzD_rj^Rsx%bh=?ygo^5Un;zR8_elvd6GVMEV8HY7Xqn znAo}aaxL?JXev8ZaWgJRb1Jv?tB4$IQ0hYOR^-9AtOnras$y7KuwNt(m75C+X}{+S z4aXgWHt9esoH2!jt0S^3vSD#?jPTfJD~%Drr)`8p>|Ci94uQH24z9F8!?o#y*_P!_ zVG`D;N%gx_4Nm|?{#h-_IAiER0L}TPTyXSr^CB%T<)42)^oSg>^7xUFb!Oc82+ZLg zR{TH*Yy+5r3tx9}^OzY1Gmvbj9h087otqpotH!R_p`a))>!s3xe8u=qnPCwnTrH`R ze98(3#Ampon&QZoay1F#oapR9ImEEe!<=k5CbPUKOc}CM@I~Z*nL=_8}y3**> z`p%MdlrN{4DXzD*leg4`udLtIyR1 zJNKkf;g0sNo%rDAy8r4;v}Y+j5i-oy-oo^u50IP z!=(GO1s-w2(0*}yZ*zSImN(qk$3Xc>T#Gq_D1Ofqp6pxRdNwhG*%bEA^un6g!7{W) z8z}#~(}g3zJ}%vi!$J|mN50DAMEmm*7Q^=C*CRkYc_6|P(Sk%l%Th0au-B(?;3n(Q z<7{-ltX*;6_R(|-mv13R1R~N&pyF$R)oVVa1#1G^)U2V7_!=~DtFirBkHR(G zhOmlvg)?7H5oBMs7fT6z*~G}W6Rl_5I~ab9u3!9ESPAJ8LAqE|=x#R>jNa+DSmnVE z&vGOE>S48R%EY(Wv4P9gp(iYO#|+)u$Uo%?G+op`Np1hlp2AH@bky8V0=toY~$fL_u)UQ8)I7_seG#lW$_uL0h@(!l%eL z*ww2DtEUjjuycAI?Mb%?se@}Y_ez@l>2KNGRPAXU5wH- z<*Z-dQqu;sN3OE*nf5^&x?J}5S`RBI2(CE@Z9b6}>m-L87f}<0znkLztczeK{c<{D z@%h{3YZ;J;rqImCAaWcBOR%bP(s`gbkvw_g<;9JwtV6F{L3DOjij-ktLm^^qW@QwQ zz|^l#bW`8DiBrv(3)k#vbsYsc4`G2kf~FNE&%=6e!Q%>O3LQX3%D#fmCmzI*XJ?-% zfHF^`<(9YG%KPJV23!$aHw8}hGvM~$0?AL{3-t$2IuiN=B~GWj{lL=0d4BD4YU_qz)8S58XoL>5L*@KvDSB2tjtr$bEs@kh$0ht_ zqBll1rT+_Y%i6Q9F~_^Rqv^#lKG?mp>{~m_drB<{RwdyJSG||AE5%GUUVOh@`l#?e z=#gf>!Aa?~zZ4d2DsIiM#eVI+S$Ac0e{{)*jJ`8@eAbp)!dicfd{#IaBXZ7R=P zvv^kPBL^mp{Y28{9B^PXcVWegiyG9HR-!1iLBn<^M6<{f16&v^UmD{CxEx@|#ai1R z4^E`f9SOGQGyVb_{E!WV zM7*jBd?xz=VW&?BYA3#gVYDiY5uvT}Q}8)PVLq|16+wP=R%s$gc3DFWV`gH9=jI)^ zL)21tI;_qMh_;)X?RF=0gWPM8P7yGGZ$391q+djsf=o7;ALWA_){Yl3+}xeOU{<(V!wW?f^ zt>wUpq3UfMjb`}#$_~cxWv8cmjUC#%f8^BO=lzgc!&vQm0K8g8Um52-B!`n$v9u z*#NOe@W@XxaZ}SYgA))jLxOD_Dap)1kr2PuVe`v2*7c$rr1Ls5?LiDz!J=~l)d-XB zmq-cAb(QG2elmIs}lLjD< zD{9OhzBt`Ym?Tp&^UhXm%lNA?P)m2-zs}WeC2W&LVBUFRhqya;wXhzjz4&1)h+vM$ zrTp-LmumMYgUpY`SUD^lI61(2TX^0weo#HhiG5c?Bps+!v%DU73OO8eE zs3es?F>jp|KSd$^k#L@{0ovZiTd_Dk{*(Y&hT3BcU2}O?n%mVBvueDbejg0G{X;Bx z@|C~w*W%aZI$zr_PPx_dp5?yWQJj=O?JjZiX6%MJU%-a;AmbCtAz~1KN;r`uZ!2|2 zG+LR@+CYmtdi|0XRy;P@D=TBEIJ#KO0=@W<=}pp|j>|FAXSMZs@7nXtxpZ1uXcc}L zA^vSi1YD71^?Y|n5^hKkvKy=LHV;R8LS)HrSt2sxjs>K-*c4-765*9_49dkQ`vMXX z<20VHQ@I9%=XT__V7NYM9Lu@5B33lkw2fL<C|^RW8M0rwkd1SeysEuEqQuH) z`l!k22CD8La^-TP@Z+X-ON13xPWbc-MN}&{>uR&6+jR-?i!*Bdh&S0nZSFgdD26T6 z)Q18#3D-%6)Cw#AE{91At~q4btt+q!jEW#nW&tbI2(Yu&M3}K63NN-F)y__>7cTrbF?Hay zj-rA!2yBS}bgO)*iLhH<-y|{w^V*e{DcNgtuyph0DV#B~w9jLE#SFhYFbA4LQa%SJ za9eQL4!SRoRK&G7eph48q~!LzU|-n86z4NAU%Xh-qdPZfm1@#&YT5GbV+%blXaO>G zOpG2UbZPkdc>WiMqv#lO{qM}A^D93^O~zq{T(I(!{4jluMrzhB=m^Ge8LWa8Nn11%QJ{kPeq5Kfy=cEF8mlOY(;LH3B0-u{xiXIb~(1a%5Fp@7s#s zntliD6oT>0)BLe8+|e#qsX0ubsL?}YvB_fc;<#9sbAmS1tqlGZW?+C=yQk8OH`TC9 z`=Z{>YNr*v*0K}eH~xqR`{})S1k2NrtJf(IbqQV~sd+%Mlr|Lswx@Km6H>mt^-=u7 z{bNs7U^i=R6Ns^dGSo>g!T{a2i{*v*dvMRCC=ITP5s9+sw?me-kgX9X_C0qn6Rk&P z*sf>Oso4<*TuzUytW@vHO+ct^u8aT?xkG5taz*~$QRGEUD?bshQM=F$GE-&XxnwYL zYsZf~{0pWOtE$%>AtbV<2CrZY-(C^bkU|(nT8k%M5Ek6{gUq$Qph$zW)6?drI+~4S zYSrPb)cxXmQ{Rq!$lBW%o*kkhKICMo&A=nEV`6i8(Z;U*Z?VsJkOE4g5{8KOOo+A~ zQ?6;BaevII_R2rDGAGBoR{GWW)+2Q;dm3dp7Gn#XQV>&1@$<}O8wOg#<)tg{@M*~r z;K6h0wRAp}7^4N@UmQyUW^lRf;#l8lEQcVALy}*Opv+NRtLh<7#I!mGQ08*eDWHmq zue4pge8}cgCV-x)D1p3F=EXsMJ*7BWMO-b&DGSFPxA8sz1>K4>rNC<^)MBhCAi!B=Hi;4v*0f}SYb2Q>~{&vaweVEMogCt(m5@3qYftf|d zo0TxH@&Ry>b~uwy$Pxlxqo!4F>9D+nHxHJxQ}o23X)uIaGOTd*FKYo+#3E~u8|~TUhHV$ zd=odzyb?G$>rnSG*>?-fmQ4t8NLDTYzO@Q!ZtIcHLFdecxgdiVM0yYVH_fk4sz zk@bHwA?t7a_9tVR_qEN)zqa+!siNfknMtkt6J1$W^J*m zkZ-i$>gc!D3Z!yhzoQ)w;!>lu(Pdpz@N%hXc&Fr!*hQ55LUQ~6!`OF#Q`!IjXD3o9 zEk&7ej+ISzk#QVZhm3QK9312SxwU(~zw7#6 zm+L%tPrA?j`F!5<^?tqI_w7(Pb8lvz5Y^3oNAY}}h{iJWP$*91VhOTNkog137{_HNB}h8S$9&d6s!59MoC zc-9soZf1@ijKMlBEXXrfcU8#8+Hy(}Lhp_WRJiVNkrXyFE^du+ZgGudsCDw}B~YqQ zSz3bS?1t$--SZNmmq=L}Uu;j6Y!Ra8RkOI<7TFr+ca|3uLrv3aMkbO6JL;Z#5Sczc6{q0)ah~ zY)rWjAhqe;lWr`5Hp5kq~SOV^KejwENE2vl7pzpR(g??t70-poXy!4 znC~K4Y_K-?PvUIF*x0YUp|!UU=R@4JphfBXgt?wwKoq(7AdT)011YEC1**=cn=-s( zaU^bc#L*!Zp@Ev(c9U8^7%M@_pbEWMG8B`e2ZD#7@yZ)l>SB)yakcGmF&=#>pJ@7UbA27Q0A@(evnMgAA}4ruI$zm~b|4LA4q zJ`5a;pl$C3y!w8)|EbTT?OZV^X0oH-mpS7`xy-Hi(VIN5t=}$zddVoCI=rYkGJ$!k zCad-Obn!ecg!)|!^(UPy7ZUUl$O=|>wWI&ssK=)8$HFW$g+ z*q4%aVhV2}cY!0Wzb<&ZlG;3 ztJ{0ZXi7O0ZPT7r_>V}l=Ry;DV}+6aH2fg%VMtAADam{SxCZuHn)+1%0_x!}A>1K> zRGOJ%;r{=6hJdtAmM6jWj>Os8xfN;{BIHn0?9EO_EcG6233B4ey6hJV`)M!OnxDE{ zXT$uRUNS>PS@6jXXi~>KZ1`j`#)WTIjDp0CQHxD00xIQ#dTtz~RvLrGkr$J*&faOW z%cuVZM0VJUf0nnIc(Dgd9l~6T338_1Gpu1j_oDpsn?Bfeef5~{x=ruAr$5i_xNGPd zPBsnPBu8Bzq+or9Aaaj=bQ5{|=#^mGKGM;m)B+pl7)*zwc!kKRGw7(4qo&+$9~>QJ zE7>q47pP>|1e6Lk-+@hEr%d#%8Q- zTjT1--m|sCS9+)8PbIBZp4~8ZsPWtwY=P?29EVz_koR*u29H})zqF*Y>S4-si_EAP zlN>kTftGa~T9&LM1{Raz4153x&trm?V$xS?gr=ppt;NAhK;(gEKyZZ5Ns)3gbe|K* zDH?!0AuF?DzcEPme#T^)l!|S1Ka)LLYQVyL2C_XPYjg!Q*HC;JfCFa8$ri}@$WeAM z58iiP79r^`PN~-t<+mM#Hucs>G$kcbw70BjGjL=}luML*i{`EoZ*bdBj_Qn%>N7v_ z4-*M4HXtx^w$no;00ALrt_NU^{va1>4N)K?p(KUmYwt%L=qmki3ja5L5epM#!4|Zo z{4Nr+3-P1Jot(A4M|4$ZdYj@c_?*bJ=1#VERbT1-BK}#pHLbx6QI@(b&i~BpUE9Qg z8#*OtU_;!%!oJU!P1TnnM(ouj3lU@E$_ktXjN6S=*x(fsU}AFQvZi+%jJ^e>%X5cG zIq&GJ&}gu;`Mpzhru?~E*;Ju?sk5r~oDI3;V)2}5aX-<&(C{Edc*Cg#6KEZhaM}{a zsKfaCV;?xE#bbHC`YKo(SR9HAl!b2}8ldfDrLC>akqNvMdz2=)=VI z%+^B}aL>&&lApVTCF$F5&pURohx|60D{hN}Y>yDN2lpsGYdFQ|4Ber-h87eBJ{^2$ zmD2pQt&Gq9ZXm&GckP0iteh2@b+72u?2UC1 z;9S!LFmLXJvrWDUacvU)BrA4U48kZGYQFR-UoT?JL}j&l{BTN;TR@~zi6s2s0$A-M zDJ<>2Gp{xb*_i{tC^o?O-hPTaNuqlvN%zH15)b&>Z$Gq$$@G^qvjGcUUG6Sn#+~MH z%|AKHFSrDCYm z2w_|8p9D#C5vkq_VZyD8uZMeM=(ah7E;39~ZjFc?umg z%fSe%2KRTze;i%Pn+v3=TSg1Bu^%fLwYNADV!s{rug^=J{~z})Wiq+%@5lz3r*9GC zulwo?cDD(2e{(Ot?VweTI5?0h+H|~ye=li6VYnrI%^xcY%8~{vw>oj`4t+CqzGU}< zJ;AnUIz?@@Y*YGF#bEB@u_c(U@=pWw{TNl{|3B_KVB&aY4JeG2BhrOJY`X4nU>Tdj86#6@C71#6cVvNez*H7*qQr&O?(^pa=f$> z>$=SsLKiv~`Xa>slipaC{ofDnwvv1!QHtjqTD50bp!-Pb(%#}$Ev9D0S29{%D>Qc@ zfkZgm@((pt)niqyReSaY_9lEH_%e%QSMB`+K&z4egl4RFI#WqXVBA)xUm)kRk!!EB zc4k=OMWm$%A{%m*7($N`d+an%-0R zL$db1*;%5Dd$(Hy+-|#5H7T%sa@nR=$&fRBv1T)DwvLM{o3moAVRgOhqL$t$+{E`w zvi$6Yp`X)8dJ{8$NW7_+v|^_%-=6}xkG90YDxT!Q1p&ZOROo%TgY5Y~)aky? z5gr4hqSs(1<-6s(0<`TcTpM_C;S@zq-muIEfm+}D>b9`iJ`|fY%?^)}< z8jiW$&c#W$wN9KfJ9udfu>Xk;wS20553LR$XMKQ~9rra{@g3Mez>EsG{OCUYGM_<9 zQj(k`IGWqrXqMIq&^e@0OC($Fww>a!IHV>iDGxm->1bB=P!-RZ*k;c%>8Kj$Sor!d zP}8p*%hS?YbuDw>H0HdCPhB-1)*z|E$76?t{N4W0KhE~M31(*fCKJ;yHQ>sUCow4I52(h;aR6{MC9OdTcRU;K2 zmKW>V!avWbwHGXZkqHbOcx#-*_EO<+>PsXIX)3v7nj^@7f9>_&HOpa2!DC}C!cH_= z6T)Y7C{dMhM|TRC#ZbWVHylfwksfjVj}!@&4Q@SPJi+j=(OKQSuwB(V%7 z&;leIX+O~87pty&SMGk{da{(5llh1iXzOkIpp41eALy)h9J70H|AIqtT;$aKMB5Xq zO?kfWc3{H>cI&%a{C+Y4(qnI6A3tq{=*47+gLrP4p@gpc#wd9Efm-kNc!RhSkKzm= z*!hdnGw<3J`XTX`r-y;?^ViydHvw|wHhK@k&NsF|Xp}e@1Yc?9S*QIfV;83%RR(CU zHe)%#hgkb$xj<7(?y$s$g~{sU$Gzq>F&81Krg81tA!aDb!=2oTbL$%@FvOn$*&Zs+^ z7Cvu&@)W2f4B%;+PqzMF?qh-;^dZgGBNr7lR^Ki?Nsq(d$3x!ADuU%$a&~DHY!1bj zLJf}`wyh4$x#Jg;3MxWQMBUn9lU`GPpcDoi*dYuKTOnUSAUx_%0X*r)a`38`#%Eteo z@yFYrNKs7g-iPzUAaFY|5A|3UN?6gQG>GI!>)R8z3 zY|hm)D*=;yHWF38q$mw`ui*(F`=NeFuUbpw}u3i|G5LCqo?=7r$`t%7xIC;e7viir_Y_*oOb^k zJNvu12W<$a96S5+we9D|cXy{~bXbz5MC}wIVYb~9=7w}(2DcXbQ+|W*<(_8rElH2X z7jHmKI}$=;5Hb1|M!&ePYj@)9Dqip6d41ARu0`d-o&hYWMGFi_V>oV2AN6K}3d|>% z77+)2-=16%acku<+kc{|90IMP{BEE&3GPu>^e7t8quKbAsNse0rN^r7(84)lt6tZ) zmIJ3xuGrxEhq8jOsUi^Tq64=h9Ss=uyr$OnI^zw-BAb)X?@}m}lOwA4aKIrMNl72d z5yJE`8giE=ayVo=IZ8od8)1SPn>j%b4h3ObD{=tdIHzH}m9f4!862{W3Ns*ie{AB- z%aE{KL(xyL$&uqExQ7+DS69RISYIpl6ScU9GEV)nwBHO!(4tJYxT+`QpR~zQuZkE- zK#@ydX-#53{4ye$p=6sK&AMa52gQF<|B3(9;~pIwt60quh%&21;@91x;*?wN$oj-l zvfhIV_bd`*i?=;Va8y(Q6+B~T@1?lem<>$<8aT{yE%*uvL`J=!2ROEyP)Dmwd1ji~ zowW^Q=Y=>D333!_>jqe&g>2jSR0AwbA>3Ftup&MfpE9rHOHOJ*5Ylg}4p-Db{$bRi zq^GGicyR4RT8NSK?dCRGcyoZY?M1<{D*fL6c+s&ctzP^1F9+Z;BwNw^m_)-P_+_~} zd86f@Vq;4;Y5a;7uD;xobd;pN=S@EJ{Kg&O*40wcL zJP^QuEE0)=Ly!RaJy>6CudBW`(ngj#Dn5EfQJe&~S?JQ;$E9pnyUfDq@?YhzZwYK3 z(U)ypSQT6lcT&)DOZXs8HcA=apHLE$Yp88vekCy{nigIW$ZXsk;U01=DhZ#qSx6Bv zLSJLOoW#Qa$9~*O3VL*&{*HQDAOW!Odbv_EFvqU0*9K(BY1DeI<*~U{rp+5FwIS}l zJ>l+tuk7&xWoA&(JS-*K_oiAc(rYwsc1@=`g=u@{nJtN1>r`_t=ti&7t-THPs!pgV z2q=N>mf7c~)45OGGSjm_7t|3DV8IDr#m^{!$ph=IyA&J>KIiO6-tV{G6emcLj?yEY z+Fw|yka8xN)yuUuI^1#o!vX+E!7Asv;vyC(T$+G@qipi(KUzFvuc8A7S|w?SU#@`Q z)!L&pKOuj+yV;X=tN)j;58AQLDF81lB3OL7FD>eT0=>bZF9DbHZ5Io5tSCJELa_KL z_bo}q{j`a80K7AHsBNb}HG++)J=vTWhVVH1f&o8L9u|mI4v>bDC~=x*4*JHvbTe$01 zLT#(qU3W9zbs?c#%dOSiy>{ch?s(ATk_-5z#c@DjH^D0=i<}jf(4S*(#wY~(Y#<)X z8fw80b)bW_nC?9K^>};99Q4QTGn9(`1^+~5%R5iLxD!|&%}LQM z+clNTkhqy@y&^|N^Sc~#^4FTv_MjeW2`rD`kKN9s0MT1L7vn#y?zUr@x_9 zIRUJW0%O|*GUlhd#9Gv93K4tKHVPubhGtyTngB-JWj~x?;qNy@z^N!{?05HR2;=l+ zp)S;6eNCywGHygaVwK}bJ2{?N?%?lH9_nXkfaoV3jc<>20{_l(yMA>nHdYUeGqCmr z9U}=8sHcGaylwxPb+)`bdvK;5{S?S>^(fFoge94u7@mRk%8IkbU}@(1BKKWhA@7$H zbXHkAvvKAx!0>>YGLi&Qa`pcPVOBZ8wEsreZ;$NY(w6MBhIM?AxrgziyiPh=={iII z_6o*FkdB&MAaOg1xdn;_Z^jN3e(?p$3B>ve6Z!O;oy^s#k(;jHBD%f6^$Saj-2pe# zqWzzF$x$j8*yZB~_B!F!M&DvzOf>C>GpU&g(l0&n96#uyW%{mm)jsFt>io##>Pp?( z$az?~<#LtXl!Mq9`u4~9)gL;$*EIjPAsU{kN2f4TC=xd8NG+CpFMBTtRu6w&zh;R# z!`YC*)7l;mx;{lt;Cy$}?GGc8>XjeKmXl3XI3Kckbhq|@N=P6{?3>}}dVwlW2GY@g z;yr*@2|Ue;-{gH(cSbiIiphd@az*#Ox4A0&P-nPr?U%xI@6t|QQMZ+ElNq}ki0uu5 zTCJgUCOZBu6t4SDm&x?WH}4F4FpRo4XNQMqGATj^F_oW;io>tPV|%WKYklL^#70<3 za(2~9FHW|tOB@7iQ*B*4%b{13ld?;J!5W!zKtDyg!MNN8E02vedhyg4B$^N3!(B{Y z&ucnbd+XB9vcIO=^8-6bZ+F&z75jHpc;z)S`2MuKpn4!dnUxWsnimNB5%LHel^LtL z_%rh6YlTwlCwjDw_f>?U_-#D;*GeIy;7RH6ocCPhqd;tY2ryt3>JGBxs60c?l(mid zr^yND?&F`p`o)XN+;^^7dCJS|l&1J|+09md}b zn}0=`8b{FutJ0)I85-3h*H^#`K^X9^O1JF00=6X2e6VCZmvN|*>Tk8a6}qR>d}CF7 z?STXXEhc8ywcFMK4dUpG!hH%%X-Um)KHS9YKUU}z)LN?A zX@O?}%uSI0G%>{fnc2q3bZghrP;>dQy8xRMUl| zW?G80S&uisgqV-8=Ne*3blo(mhaLr%$MaK77%F|e%7-+dh7Sa|1jp>Y6%I~pJ}r}` zrqKImJOdp=4J|y%{3NByEi7x8PElZaW^TDwQJ`!wC}FAg`gYL5fkz!;U%5SxOUD}= zqsK=q1)quVzxgs4L#nV44v&|6R5J- zD?|yCqe=ygYfaIz!}|N-^g=B*R1^2)@#Q6|PeINo`8H}VQ>=+W24qIeapPKXKOiQs zo+tsKepmdd4exdeMYpgJ5F)>5>puOs_o{4m)}q->-RB|Y80MNp2;U32FC)bh=KUC; zPwT8Vxn`@2jJ(TqtC3TWQpiz%cjGouU3-a{T?A6RfOS=Q%_uP!+`*1+E9+d;ZAF0lk?!k$_l7}Xq$YOZLN@E}6nXmQ%;7YJ3`<5?n{I*oZ!M$&hJVC42Qo;Vf zv(-(Y31e=}oq}Jcg*S@A8>LHXYF08dSWO)M^#C7ro=@_Iv0RzngHvjGXQ>68nkBH@ zCwlB9B{OK{<}!&5psSv1WR@(ts91fY6Cx&na;NL;(T{_;5lv*F_v}pq8g!fM_`$B< z3BS5g0OCw>HKcB>!gnnPGJeRL@_(cUl9KL}FPhMZ#qLZ8b_?Dy7bQ9px9B^8*f%Pq zqyK6+!f`Jkf0Re9zBzl3&{x9YLIt2f7gkjh8@ecrfTUyxi=)72d9qQ<#Q=GlQ3$_) zrsr(dqp^A59R}r>+qzkkmPO&6Z*L6?Xg=-g*gW^#X#56zMLbJS%S3t{)CY7;DPI(g zc5F_%I@PsO^ zyTfTOOPn%h*{kK#M(M+kZv)p|^`E)PWwXKdt&EwkCVS^x3QZnU%fA@fe2wf6O9ZUa z3sy(NtXi98g4@GbzySepRk=1Wa!I+eT0^?MZ2Z4DtiJaUqanjR>)Q6e4TVnz`Gp4V zeVHR)P$PaXFF{!`j-^E)^00*HwMk>VsFNH`R$eqH8q~y{d9KfdYA#Tb7elQ-yVWqT z3ws`djnYfZ8Ve34Bf(nrtOP&6fV4jZ38jcE4%`>Xsx)-UG%xG%nA(_}S7pv!~ z053%pqja;wefD8?#(k(}F{%8CRVy>CM1M_zFtyl+E)VmQwSb)7>(FEQDu(&{ro(f4 zrqQ@K65P>vgQSwCDPqj%6@kx}L(5<)o9jUrO#ja90i*F!v0@z^h{&Ln5u^n6V0c6l z=df(^I_I3ioWE_Yrzm(cxP;6D9ZrR3G17QZvF=Q!7FJsE;H%??Ek3pnf5qt#`c)ux zp9VhKDS#>x1*y!7qOoldZ~ViWnsIM-I@MRuRDTg2FQW??S#X!C{`0}Z zOJ*M4opHNn!ay3pzyp}Y=5`6Zt_O_!8O^tUN-W&D=8JD`mS{&{mDgL@^mO#l(of?a zen`_^nTIXbo7&Yx0(F}^YkVVX-4#X}vRyr(7&z-fCAG3|`alQwmUjHvTGQ>9UGLYm zlL9qahdw{p5}uQUM|slzZ6wgwa;~Emutm$oxceZpKLvK9BfjkZs)kl!O39ntf%8Ma z6~^}`gPr=STf35qAp|Zv-Oo&J?_!EJ>ak*-f`IzQ;14Sb5+R7d zGjyqUGrr&D0NgowKb(^Y;6Phek*0$~jjZr2rWp;IBl5J${)`|Rw1s=ULH*zYC|ckD z-CRRe_6X9fUCTtg*&|7QMTd(;we&#Syyfa4g9L~NsV`>iD3^^yH9lHDq_ZzYz;5v|*aQ=d=2 zGhcOQ!ig)*=1dihg3c=u5v4gGR>4Am)VH}^%#1o27 z++r4#ng~W1S@cJGJf%=?T^yYa1XWxqbxwHUMReSWnFB1JZ{-zWK=mji-l>PPh-(^& zsu4k9^3!2_hSpxW5-N8*Mtz15KLm&@L)Skqhh2{7XUJ;jGkI4mx!mVjlR!sQv2;vl zJ$~+JKQ8Z;ch13ePFiI$@srL=kdL)2lbbNl`YPV#2ODmbNXisz_XG2)hz5i=HS4ol z(aN%b-YDUnJ>Ofr_!w=NVpmgarW7|11L7kkYP>7+k=m;A$OZASS7%sTrqZo z9{;8J@_PGoCs0y=NGpGAvZNh^d5DiCX~FG4KmkysQ2dg!4je>PqIcf1KWe-m7U1!Y zh1zZQXmjpdr@SJ^rUWtXkpE2Ze*69Q;8tqwstQX5qR{BVNW_V<`Ip2_vuaPw7v+9` z7qx2S#wxJ4U<+&=j`{Btc(SqTWLA9eFK@r6@YqQlQ;{8uP^n=miHKvwWIm|9R)ccR z-)En=bo20N-TE;#hW<$eV)zDPQ0R`Xh+W6W0&@C)lTlcLUrZYkP#OSsd<*!Y&Ic3R_E zQ4h?=4eL*^63498Cd>ll-G1(qf5*O>H-ZAVsouNgYEAn|B&0tZkKSZbjARGF$>oSs z{3sz;xl*1`MPKwX0|c$6Cz~O3AxM06LgvtgW)5G~(|DTObgx3xD2wa5teWH}0XjOS z#x)}BZ7F9voKiqoRyqTE2&}DQ`v(yjRr0adLi4*}oH(m>R%Ufpr$Zi1UFk?v>v8*1> z%7ky@N4>aG!gS_~He5U(4iGoT7C|PxjEz>-9MQ*eY>CBZjjt?OUu%q{NH+4Q5GeE9 zxVuoVlgB-D*E=YvQ~K~WpeZ9>978AFgZcC;5biCq6H7cU=vKfHq^bKVF@j0VN z2B1m4QZ`E+Kx60NKib~qD&{1jFv7C_w1)f8p;!_ZYWsV0SBJ?_5J?%4rd!M)IU zJVg1-{OUZ1gFqyAJ3op|&)L@LczXzJ_oIp~!Qv#6=fOE>x~QSxcv34|okxP%!h=3^ zA*Ictm#%~i8q0|4YAsh|Sv$>dO}KXX`YGwryHFE-u^+a&$A6M+0L08&OG~q#vopF| z1iw_5#Q0%p^D>Vs&B5iD&^t8z7eCTR3k7aO*gt=8lE13R97;rNJf5s1$dm}X{3r3N zuMceQ1ckg2V?IM!3Ppz+khZ2|X9_0>O(WBOZoH_$juCOD;X0020$(ej3wFCc^cQFj=1Ph{sFn!kv?UK73Gx&(-)qFYsGz+;9iZuK^Pv&;T_#bCaP3tC z(i)obv&e@wtn9jlnN=T?-+~RM&zd|E}<1eWUI99Z)4&$Xd51HJ#Vt@*x1BNWOB)PIKu;J0JB%_G385oS$Sv=CQqIvJ3UcQg2lmW}d1$gITsI;Kke4W#fBKK_7u{Jw-Y`v*P7$zF zi{4>@D*Y?qYLC|}Mvw1L0hhP}Ta)qRa^| zp=UXZ*ohnMq^a}`x2XT2n&3zzWG+<%4jfZcfOWAF%aNwL0Q%+Q*0^-!5B2}HIBCi+ zBODvAG9CP$s&5!W6$s@2NHjqZKzi|@cHoz_63N&QDXtuP~)bimXOe58^nudmoR{~UC`Ai|M*|q)?&PL zmH@N;Cxn)LE{9{-Y-cTe^ZxqqOc-yy`F_}9p(q3L5E#HDev)lGQ|3;k#QWmWy?kxF z2)OKri#ncQgKEG==`Win1rB_vJmXg$Kz8q{kFC#PnMHUk17|YcgG53?jo4OLZRzGB zG&Zc;o70tt@ru*2qU-dBT5QO#vgVIfIR#nMOx~a@Y$!au68;zKuZ#5=-)CTu zsJo2uFZfZIQG~r3yVH62ZzG+>+d~PF*;ya%UyR_*no2||x+Fe37}t13M>N@NSwQ;Y z8-)CAZkIEr&>X84V&+V2TL@Bd7)&d{(mrGY;7es;6f`DdBt`jlv+*np6rk)tY&dSc zhCIf@Ded(ppfJLe5hE75xL#w*eaOmJL3&L6a38EeK@P`o63`PEPB~k?9+L*`}uo1iU4pG?Je{ zIg}c^`?O#rf4g?CK{!0tg5Y6*GHYtT3wq>=$Ku<4m@JnCY?b;Yv?BLh(1Zgw?&|Ww zOn~)5wJ`JIh@0`TPGEK1lVjQ&6m;4ydz>m7HLmuw{PG^QXuA7$a!bRK&CX%i4kQ`o z^8@)!f(7}9QG$^yV@$} z*!A_@I0`ou!zc|H#u(1mIg;p559VH^nB3}rdh9~F0~ofT=n!>)M?!ki*!A8Nm}0Ec zC}7J17Jp`M@qpLxsb+n*XSZR<|El%qk_*01`)wx~*(dAn& z-J05M$hH~ZjGcE3N-^bjI8hUnxPCO@bpyvA`B)B?Hj$dGqMJTmGx2fhR-D5-Px~h= zp$_g1Y3ZVIMh%{)6dk-Hib^`yj^sJz+k)LGYGAlB3c&YI$0i)>1SS<}eD!r&q+VLa zhwP05F_F3SF{Qz?XE($VixA!vCK&rXL7G*1S`t2hG1QyYEpX=XOyYS$Qry>0e@Bpf zr{G2i-rCikim8DA5p=q&?VBk%WF2!#r>{hG;IXMDaHWAYSOVEEG=-Ln zEFliRGdD`ZR&+k=pak>MBT*L-dN30}qG&?B!bC@mXWIDIlJ)G}yU;A;849u<+~gx@ zMAAr-7A%1tH&Qq);Gl5X`&0oMs=a+kzgP$*v1K7x22QUw_{%8^49%{ z|4qqsMJN@STw#4fcW+0F$AKWqgNE89{*5P< zNBQOZ{G$kfOV&j8>$*J(Jw88n_ z@6S8pNiU(@mu%PAE;Av4Rb7>RV@ zvZfU+npOVZ$#(TtO%e^P@dm8%O7S8aTC-nRepqWGW_@vtg8u1d_zJguz9^h-s8H1D zs8;?-+%wqCfXqHZs=F1E`mX7rOsz{%|D!x!TVh>n^Vxf1%56b$LgB)OxP%JZAP&Tk zjq|W?K+y6hv-sv2&;}@lY+mH7zb#s0eWo_jJ%E!Y^~+mwoF2^wr=X0%F}a$c4=)*O z#!t(>D2tPR|Sdc$VM;CyPYkHRNm8Co{`C;+EmE488az%Nhr`*RBcY-i}{fK0@-fLXumj3mJmB2@Ug4#&fPk@ zbrAc{UrJgja|yfHqC;Ty5o|{|kQ9m%%|T=hA%v&mO5$=4f~*2`tBQ{Kh{gt{XsUkV zoCIZ>yJlf#-xkak1Rd8 zu+^P9wkU|}n!ubgzteSFTz65#bE$LNv8AJ@Yueu}f2X3e6vzU182!`5Pf$*U4Cg2z zm^X-DV>HH_4L!LWx;7IVX(gbKdAG=9ZYf%fbUP) zeA!@7AldwS+WOJ$-9*B!*PZpPj&-3@Cz&By%FS>Ra;1WkTcbdskJ;rUO~yrX^MoBy z-y@bRGg#jfU~Ct(5Y0L_*mz8jP1@peOXU1zp0dfg`xZtu{Kvng~+`WaFY~K1z z;Owv2^_pAQgQ2~i0mg!(6>c5G5rb_H^c#vL^yV3bo#iQ}7GM-QgH!2iZ|FDGgDv@D zUj+gm&Id@%*+cP_fh#co6D`xtCq@6R&8P~KaT3drS_|*0G*S{lylep_T_zxM7D>+b zzmUA$Y2y*w5jo{BXJ6yV9vDzk%MG=ZZI1LRr@(oZ&i)2}1R<{FB+Y+r_7vs^>GY6o z96uO;t&Td*+67IDWxk?gn{?b1D-9yNlT5`As8JRxRna`{ z16X&j50P}q_WSS<&3Bt@<%%{T!|vRC$wJ}F#eH~K%idhzZ?y?Po%#13R|WU@!lQ5p z9ydj4i$r@`pT@bvCe|E9G;=9BroGSvoz>8wnK0{2f__iHg>%3qvu-=Qv3&IcK4WX zNgwnHwW^6Qu1D!u<%rOJ5WXM@>u>pZcOC}P<9V34${gs`PW~6H^&@AnZ1Xs00zgBJ zYn}BGWpXWd`&)f5sf08i z%b^!FnJr#H>#hNm6jTe(mbvXg(K1P(>g*LzlzPsFaj&t+1O>d+EaaNx9UJoV|KsE$ zNMgN)(TUSo*oay7dq4z))(1@ZsT8n2*Q#lw5u0U2VrKJv+_o!45$2$YW9Y;ysOjmg zH|@t#8{PzxVEjL>YpQ`PCd0GV!Ubx# zK&HQ{2F;f4W}}SQzPzPkt568ikFW4t&M0&U&1r8^PK+ z8n(7|Z^jV4{Hb=H2gpuj4_%OZdt~99753!T;h*G$pGe`1As{Ha$a3y{Zq}T(2h&bE zdW#o8!g{86j=#zP=-vv;h|SV5l{u+Ox8%s>;tD^_jX{%Z^gE8KP`e!|r@Q)ZdIt#G z$0$u&c@T=^@kU`G%yS0P7Uz%iyqcUdbA4XSafNoSpO?=CbiURaQGQt!+rUiv|9eAI zg=x+@fO$J-pht6h?nSlNqa~YhBpCw-dtm*0U`t$6D7xylKR(EFO}48eVsIbVK-ZtI zDN-v8@DbUcacMAa-&sB_NcH!b0Y=HQs}IH?YjWOKPjF1%u4eek6)7UxncroMb`{Ke z04i5GhyyfQE-}gQZ@n(o5r0I7k~e{J@h+K(C&Lv|^ibxBSC{AEJgy3vd zx#pD9PWoSQN50e(S-ahcklJj2@%5a|QUi=iO7~Muvtri1C%9)_?a-lsx=qYxON$T~ z@Pya_#CqD1*vIz}#y)7g-dp#dvwgomfus^E9Q1{`$Y6YExAI^ea@+~HFTgD7LTlLU zpk4J@L+YE_)_9&G8VuqN<2PlM>*Mqx_BLn}6#66ng6akWG3ynNZe9_bxSM-L@bwWc z5p9XB0E@l${TXqxM#QuE-JaN^19tvaNQ7sRyU#fCW1U=9rV-8LnfHohS!8RML%kdA zwbGLWjuwx->O(OG1p8#Or43ws=eemda4Bm(C1@b!g2#5aw;lfH7?y7)Y9E=o{aB;A z&_Fz{^OMcw12DvX3b_Q9Vsr&0_cm@0k0k7CRysU5i?1TQt)=KKPRfDPc+u|9_NJ`J zh%NSyWLXu<;wY2=V4t(P!Ush3cO@7t;WsRtG|qg3)g>=|6grw6iFkFx{AppveCa(9 zwvm%lEu3Eg2%smm1T!848=^F$LmdiB1H0q5S7X31+wAfX*+B{NLflBK(zg)-KNSSJ z2-<{9+t?d7K}?m-mHc^_j6jufFH`)BB8<=cg6?X*&T;!1&`TjzAQ3~L60@jVg0SHu zK6IUtviJKVEX~VsErr94ufr`r;+QK!yA6Jqv4fPHxg1{*%wP5k+F5JoH%EBT?AE|5 zJgQ5mT}a8Q>~i!2^w;2-%5PkEO|ZCd+%%7DnF5;B?u;&#WaJrL8hDa1{^HJRRDdgU z?dpn-JuWGxAh{R_d zWVblfx^;wDdU_W(=@qxW_;1MSlY!gGP_5lqh-TCzjzX_DziVTDM#@W&-|T8dg5{C5 zlS+svk1YAFzaANI)IjTxfljqZV%DoR1R)s=|4^J3B%)U%`tVNeroj3XalASAr}Z(R z{Br)-!VcxvEdhm+1O8dJD1`~0fk3dFoD{x z4m8Akt*mjFoa_^h~#1P6fw&>mLkSc2)0(lB& z!tRB8fy@)@*n+>xW6ztAmN-2Xl8~4%hH19Qdojo8=$M`_Z9#r^Z2w_Ed!I zDm_u4S^-t}4!qqNAgYI~rXeBre_9osTD>v~8zWxy!^GhfR{X=NaUU@F2EER8lT7M} zu<1pq6DodB9z7mYO3V1GGyx3>9g}j-e6z5N7>FX%DFQ1QhA?{<5hpe+U?MyCU5-03 zg84Az*Fe>oGrf?zRrbC5S|Lj_)`p0PR=H_bQfmte6^d_Tac4%(X>Uc`Gx&?JD=Eg3 zT0nXzo6YASvB8YGuA9~Zon3aZS`Cvn{Y`YSQp0~T)w zS_BpZkDEoTwQf-9Mslfc_txEHN2g~zc5yQOQ*b#cLFn_b)}q} zZu*4$f=xmV?v-b?XV>R_RC2G|>E2)HMD2WhToWCRMJ~b?W(LcM=1dqRcKSma=e%o( zpUx4GQLl>o{Jb-|I#&jRlofg$L`Ru1b|{Ob+iZQf0Lpp=MO)HWb5j8r3W;5V$wE5C zp6YfiPazt6jP7P28T%Oco?4P`m$geA_c2P7A3l4d2&aP5h%OACuFNQQbyIV^>vr4I zi9tIG_{P`y5CSY<=Yl$%;qf2;8rD&kb)cGSV-dI~Nt5)v*YJ(LHvM@$O_ft=aVj0dq8F!4ck)_s7+=)yQv%H2Ots z{Bg5y8}x~hY7!Qketl*4)R~+MR?`U65ZR9u63w3{jWXC{6AZr?GNaO$wRhOniJOL9 zyRjAO@JJ>#zYc5GUwiy*fj8QMWG$*C^NDC!wck$1!}Z0AaQG?Stl0?MP){*)Wlu5T z#AAnIqIpy2fGisNe>k=#M~jovh_dmo$}yO81+|{MuU*J}adWtbHGwB~y*-Y&?1)8A z6)wB!?OfN3pHDw63%AHt`0px^p98lR%kuE3tW);}1tpu~Q*j*esfL;jRD9$0^+$<5 zN8O_zRf%c#Aa=Ppw=LD-NcT$~%lO;le;f^6M^Hs;+CYu(YB~MV)_DR_uY*PDw%fT6 zGlRnqdWt`8i`#sOdL`4;Y5g#&q8L8Y7XFr(clq7hsE!qbC11Asc1P};=gCb7;PH2q zHzUta6&@L!wf`ZAzkO9LCy;>K=bh@%K7}r%GK67%`|MhFWW@S|&u!bNh_@O(BReA5 z5!h*_&s7_34(#h|>$NaP8lTa^M(5uJ{6;xhKEDIvYno@xsVjadj~%ij!iD&(JHhkv zJ<{kh0D6??RWqD9a?j9rjeN3jGG_9S{Qr6$(`BSX_Oq1(PpC_@-k0rj0~*q<(WBA8 zQM2{0qRLYm3q&k0YQZ9>C~$^Q|6Q@Zt!F-%jP-VB^i}2~7&`*;cr_7zPLY#7wiBpI z=0st1c+|t;MVP#}jDk0-l0s%V{wR5TtpRNU` z&ETpKw5PQ67T$Hv3ZLzmQD!VHOLAN+O;eLeM6T#?_Qwf8kz>Ny3q70Lvz0b`M;fEK zP-~B_+kI^N`<}1qsidbf*s{GFVO<&xGW2noIHu?}Tf!e?bo%Z(sPWd zKI%L3mrLl~vH21iL}pKB`6Hj@@4HO|jW~}B{H{9Q!$CHJ4q1`m$E$Bwic~9ffG2re zE=6>;=RjR2|9|a$S6Gu-*R}!U<#+X&JF5=ugm5)cq9^bks@0wDyXhVt#`{O^GC9sVcZb-f-S2f3cT_A2*%ueCRM z+KxS6u}xdHbO*`QeX!_PECI1_I0pa@e$Me@exkq+XFaWMic8FRs5tNK z-_&uSiz-XcZV&vnoDn*O_IqD{_f@aVdNZ_g@dBA@F@57H`t!Dss1Qs53yv=LOBdH? zo0#aeg(U~#bKyCIsU)t<+joh1>Tz7jbp<_{{)9d+>g{aujYw6$OS zrQRCv@b(Gy9UGS5q@II12(0_fmraTZa=8Z{bw<3*f?*j4x&%$D2M=`NirBXHI!g?I zGK;)}eea&#+nHVDwZYpD=@k+x_Hp{?Ia?L!m1`z?h8KRMei&}Tf1ZWI>Oo;9)m4xS zuUwcPIy9k^I2;v9AI6QEH9JpqM<#z1V~66>iu}?SU`X_ukWt^4h{pjC#ER5V@1M(0 zx%3xJ*H_rzY=Z9Cya<0=0pFjSw&`Xje^1MSuE^unvsK1b%2kzBNf{#jEAv6mMsMwWJkbJ+mF5$u++3(;ECzVcjx2 zs$6GifH6(Ry~Kq58yh8UK5ky5`Mmj}*M1pdbL3I6>n;@R@L*Ar9k!08iwXSpVZpC= zWo&UxyKpB$q<=^z=HBP)yt3q}U%;_7_{ct&e+-On&{&g$L?Hjyn3{x89s`7z&R^?84jOPk@#zOV@gCCX%jRtt9 ztf&11pFPp)-YN_AOo?y)v7p?;cJ&U8cFIHP1RVAjz@{3^{Pr3QX1nT5O4()qSb_(o zI)FuEgBXkjx_qDTR2N;9;flrJ-0)L_Ip{qvCKHP~y`g0b8&grTuOeG}Pr2ey;Y}V9 z;l3=LdRb9PuZgCQRbt7yUP|XcTGZNW-wv3pJb|uc_ooCLJCZke@Yj+E(|N2q&@JZu znnRdrbkam%JGx9lvCPloKp9CMng>#XCaIr5xJjuH=g-l(4PZT>AscI$Ah#!I$p6r7 zgN}llEjjIX#eRLTM;}S_#@#`TW|H~La_ZUV=NyJt<`n1zC^_)Y+J{hj{2$%s5ws6m zaFSKg{5!N`MjRnMGNst>y54Jd^7xp%Ii&{(a>ex<@E#OItXA#|ItlPh`oiQYu8vM3 zJrvVK(!zYz=du8H?R0VT{{sGxW?+k`4MnZ& z%~b+mFkPeu_3}5jzi<7@HAhNhkJq+yuoK+~Q!KtZPM{vEZvB{)IK9b+L8In z?B%kX!1z=M%irW`JE?4jmMTksi*v;@r6Y0t5Y`Ekt0N?(GE(8evWB1bW-MgO=(Ee5 z0pNe~HfvTWqo(NLF?r%Zz=clj>fgA`4>HNE;((Xjwc*Q!c%zhRyS6Pkp;J9F5E-%T zX<(mZxp!6W9?u&V_vZK`e*fhi~rsG`sr@9FF z;@*4-lEs5pWIwH~T;jljqps-GucZdSG}j5Zf70HoNjKiip>?0LZm5Q+ zMz|}_!jS7G}N<*iJet$Gp{?#kE!Qr{)93yibS+t+|Th`B&$3Z9! z-Cif)>!QxZY?U&S4)pr>37Zk!8qAE>jxzq>VxXOfO3%ugkmV!Om+$`SNUdBMU{}*w zpT)9(eTSY_xS9DTM&cA7T+lfJ0AaV+`~G{7s8_D}{6?@7c7{sl2aRh`Rh6bNhwhya zQT$Zd+LzDvSr>6G`xt?eu1SYhq&H}^;Dfvo>QDM+bEH=oTa%bEz=@4lfD;?6I0mD@ zj|$F@Iz~rlSPB&+Nfx`vPsW?SXD3&J+^01uOHsW=#SmW|sb4!I;7|_=C!ckW3@>7W zjZ!Ka*-xwO4%f@-_75HCBJwe1A)bskp;Nc2@@+H=Y(_lY*FVAmBel@L3}j?k!oJiq z^=rV&p6YEM`I|Y++8_2PQvJ3D(j73YgAXVum&6m8WEyQIvp1<%YC}kXC~*4%;J$Sy ze6@CUht{Smv<6XO-N!ZOIAt>oZSFpEttW z@+#$V@8a~LrYwE2f6mTCPq#by5g;qN1%!3UL{A)&GD>MO*bNahtLE)FVLt=OJuk-^fm`pdtYCo~sn;czn z(wu8mC1^cadk_Vdr<%)HRupsw!iEVyt_!0nSPnyh*#Q|$r#l7FmfZWBhn z!Em9MFY*2zP$&mXvFly&cjuc(;GQPQpS-zP{?O?8ImfmGUEQ$VW>k^>fCJEM@#Ej^ zL?N0c)mMS4mRjhn9WX2Zk%A>t)5D4>zKXhXZqEG^v)lEVoiH!dgQxTN6*oleP;>AA zx>Q13+ct@5b+F9O_4N!Kalk5xsfPY2rh)9-t(&0g?o*Zk^or^&8G9LH^Y?xxeed|b z2ifx`md9fzd?G3z{i}#7f_=1rh`#bo#n45DPwBK{awLunhd`{4S6f0@J-E6MT*kwY zM+%kf(OeJJ3_hk{AZv8qO1bju_U4n0Qu4nyzn5Jv-Q0SDC$5%VZ;b6VMDBZ^*o4Ud zEs9ctXv{1Jfta#T9bX#-Mb9|6%15W&;>5g0wd3OAjnKE;H#ibqIpAU3d;-`QJCdty1 zaYZ-9wtWB8tS4ePR~j3!x}=o^>A^1EH70MDu~R0O42%Mb6H5p7YddGJQR5?R8efdwp*I zY&m&H0N?CQ?IzFr>=*_8QIN&SMiM1-%KXcA=0|IT87t{+0=|R>zrv1&4U!`d^U4s6jUH0HAyI{IvoV%H^1qm&At9_$lMzywe*WWOBCcpZ)IAg@0i~DV zMr)hql9;=Cv(yLriiK=sHZLmj@0kwzB^Df8Gd}|is`HNy;>!%Lu;KFlYKoP?166L0 z6+B*DwYJQZDZQ0wj$I7$QbLK)#n0aO%u*7OS~=6RP9{jkbIYG?yai|GZOYlo6cO$n zs_O*o5|t0k^f0-4X0bvD>73~sUxV3k_{Qn8SSU}-j>qL!kat%;HQDy$G++OhUBMWR zK(fJF7r*)I(z7Li&!-b z!7`-}CmH3gpM-7VZTn^<=d3oYbFy)+9()w>X*OF%n|(>$ix|p;ZA)Tukh`8-apNnf z5Q#!n?@5k?OFjL3O`?%KZM}8omf^proyUS%I5*grChxrPol33VakX1=nm{5HEq#ub_$MNj|J=zBeX=b*!Vux zE>%(wD2lup+RkGf<>t4KlqM+ZrK||}`j!;Zr8bngt53>(wOZHE78Hb+{&c{<{0HLN z2ePh)U#r&ZluN?U^w;_LiZ~DX(kBam+)yU(OtFQ>s~Hea7n5!&$h=8)Kvl={hv|IG z*R&}w&jX^50;jt00%eMl{>pKay?5XCzU^J7-zz*N>uknehhW5GrCyEGqL1~%(WMP^ zlB70A<){zWb%yO#k7rkU`Om-U&}R?K=ApQXgdgt&QgDLHc6k zI43S@} zy}Mx^q2<9RaJBKzN6(@u4vTB$Gea{sSL;?-HGd3FaEi|5p{=g_+*b(eEv~MTGRAU28)a1*-EJgOyiSaNF!vSVaTXHW znJav&Rq@ftuKu&(uRn&w@Y`b#8?2?2d#wf~-GUq-X_8sfTL!L??oI7g+IKrrq;Wm) z9hx-S@1$m>bFJ~|S`bih#03~XGx>TbGku&kaI787r2Gy+uMbXiH(|u_WB!`5zxUY+ zbzA@$Gp#Ff<$r-G=AGs24|2NkRNc7P(ujS-?1vCTnJ^q69#@l}#CaABYfZXEAQ%%9 z`}?uT5Lm=(DG`J;yWL)EKBtV6=sCy>CscbD=n1AL?ba`myC#sSdr;bK2N$6g zgkV}{VR&X&HU=r{0_0odb^?;}Sp2l}nP&tiN}Tu&=f-ER_No8&(Wa%N^WI4$_7(3b zqt$xjhW9G(7P^URDb(eNm5B8YsR-@?xd0leY}|Q&%yaGcNq*FX6OIUVC0v+rKTR5f zIbKbJL`iK2;~b^RhME|>?6nLDga|$Bl`KMd+DWx1A;C>zjj;HDK(QmXAsB5h;#OvI1dceBeZ0xsr_}ba7n%bnO&}a9+x+ZJ z$ePfeoe*o&6HOC#=t}`Ud!hNj=<1&|Lwp+=285QRhrtwt?W%7AgAeJ1jATJkGp%8z!N>)ehF z;3C;^nO6gBV&Nb^vuw4~yWHn)CFz`riAe8IQD^M~8x>?3c~b`CcA?v#n@^dAe<4Hs zw;aLXj}XwsX7_Y@7u4ie!S!ZH^Q4h=vz<-6F<=TXP9OXD*H^un%R*qt@(d-NPeYIAquQF}-NcKTtPmd=}i3oj8{N;IJ9d^bOz=o)(vD<#zP?SZCJi(XU+wtOCtTN<>) z$6a_(`V2|iT^3L&HbU3>$XX^qfYnv3j~v9|-s1ZQ?dV6@#eNIjPQ z@Q4J^DuRZ0RA{^a&YZrR`8F!wcds?&iMWNc+cQ;XO1w5&1KB+0-;OR-kLgoV+Zrgx zm1<_RdOdEk@9vi)0kB2G8@HuvqC#aiq!lP)hc`d5KK9g1bW>=>$>=!k$<)v(gF{MT zgEr3X=MYxy>ErARlZBzrV z5^!%FNnuBqIdHoD+hRlY}A7Z<=>Y4no&}`({bl(AEKWelRh?>{+GbAAOsMS}NcTXVWBmzmXWz+dd8V+{+yhS$``k7tLr3y*6b{3%}!pdq#8NMZC=cHv9l*{ARqv~ zdcAbSKjp>L;D&0{$_)a6MP$}|h)*QEm76B1M_ZL`500tOiH_@hu?HL@fDy;*EO)Ht zHYtHOCH+Hm&bBX@zCvEh7gB*5M8R2s1M*F!{xLP!r!DUS{3N#uXl-bH{UmM9-_ktd z3^30?7~<=v0PVVvkLrg5X6*l?dxHDenOFj?_CeFgWo*98tmpr`3($@!ZRp4?=?S=s zlTv@sXp<+U4Q5c`-3-|~ca~d2O|eZMsNUvtq$$#`IxE-`=)myCEsGB;njm7Q9fy(l zj%54jPE5=z9w_`=!oj95&VYhaI=SaG&%YGL$Ou2uH>>)hR08p}pcxRbP3O`ve z#q$>^nTP>MB8s0>SW{QLJeVNVahz+vXF2@R{aE}SBoK|TG=L-gik+Q%@KbqTkM@F# z?M`{>m2g=QBfK%XDg(%uAnhx-Sekgc7}GFdXn75-)|nOks5iD(bbYsKg?WCu{wjtv z7gK}wX@KN6P#T*U*jUvol0x8?>w%@PlgpAHu z`Pi?X@=T`d{aR3c6-@y3{Z4*{5BWC1W(MVDbLF`9dzUAja!i)dfhZ|dHkkhg?vL=Z zfc>11#BoqVy>ssimFfn^g!xuFH8-bc)##W3H%jWitdu^7GLxD1ifpw-2>M(OqmUU)0W57M*>l=JKWRz z+|57JYzo29o6f@3i7ApI+tWG;m87s%HRti#kIwBRC9xq5TY53$OPz(O)W?72^koUEE)sYv|E`;Yx}o!v5Un#@ zE1u6M3v0s^Dx=Hua=jGz6>C?v^{p)~*98Z7^=++{7?J!>^gNz}$Q>U>4`Bq=&yB!U z_MAW2Kw#KF^ULEG(t#0v4=xyMUp!#OZwa9Aua&xLn=Ym52Gd091H!vb%NGnB=B9c) zCv|0ypQre=%kCGw*;){sHDta}qn8+`7j#0g9p@$6}Hc#$vYkh0Y1gzaHm~?bZJe{&WQKj;RN^D+<)1YIrZ(Sr;nhj)zX9 z-=nnuoLO`XBe)Vj`^5o`yAIUWg=qEXq8|7ymhgWT&>Y|s@#|oIB z0uFUTasW9(&%)XUUw(XPOs2}d)S=V#m9`Gi&!e4-f<{};!&$>31G6+1W$Scav`M&E zJ&Lr+ip}7&qw?{r@@K1KJ@+^`jDWO2^ zrGrv0$m92=AjI!EVWx=#v`da}N_v!cYw8w`!zs^%gNRf{XiVvD9-$67E(YP{+)xgz z`HzB;HE%~3 zk=Kz85p(!C*!r<%?m2;$kyUM~#_!SW0CJS-30fWp(O?756pH-xpi8X0NR#SI{cskuGm(L3QxHIZ4t%|O&0f8K1{x&p7aA7Wiutsi+Auw*y5p@ujz?g;Pj zpwGD9Ag0&7qjeaeAoKNR?2wPYRPepMpVmBER^|lXhE91=BWCN|v8|As=@JN7+dC)CW(FYTh$067Zbj^75vtq5M_)CnmF2Y^1F#%69~DJ$)xhjo7aS?#=9118=Qk@Uxaazth}?H!2qU z6K|}&^`IGacHkN{8;g{^F0)(5=#nbJ&&N}EP+6h=hVD@7T^qkWSt~kqFlyWT&bjGq znK*}a3O1J^pu{HI+vjM#pjqi%penpeP#|UqU{LSj6m?WADGVbWhU10OS8=Xpjn0`Z zXi@_{{(7UEEjE_W4u)Se56>2b5R7lXrLMci!23|ajH$oE_trW#-gaA)MKOgo^R%6P z9wCFI&UIMSzS1!mBAi+so8~tkmyDsJ3}yTR0?q!HEbi*Sd=5-#&swP;Z?g)V|H4J~ z841vn;qp7?pyYcwvfyN6x6J9QbF`^pbajI<*>37XO^O{)ea&+Tk|SB6dYnW*D?Bjd zcnNmOQnja}sEhxY{3F6k@`OfIlKfbk^obkg0(lKY9}i;byM{f|*mZJu;x2cC0kgeb z(L4=Rv!fs@ySueBTZP!Lun*7Zx=RXtH_`o)G=`29JyJlM1WGaNy_!gZ?scLvIbrN} zdu_Pzxd_y}+~c|9;Ic)_?_p9FV}w<$Tds>4dLu2qX+)poD@0m|cV7Ew{x654V0brH zk%uiRLwMdoDdyPPF2ZXtsmVMu-1GPTF5k?3&h9gz^ttPFbY^XO2o_KIN`$jwggKa$ zz9%PiIuCEsyI)1Ll(Kck%QKS^-!5%8e#h?#N~#*Aa&8y$?(ge>@r|U`2bYDVa+KS7 zwyLb3?aU0Jo0*C|FCEE}q!vu=4gTr$V+i{{ zt&^s^D#6{T4AZ=>w#{faTi!pYg?JIqir{}3*dawy48M7d5Gs1z))d{^n!S~go(~U? z&T=FXt7taw;f4tGh0ky*1E%72<*xx+9th=%g22Q;Rj34;VZNmbp~S^Eu`75LYcbCr zu#hSo%;|w`?M?O0pQq=`{ko|}pXXl1Nb1jQrDbDupDIl|LV(QY)Nb~ZIWpoX&cOvL;LpeIbL(t2%&tvf}J~sr( z-t*(nQGUL`vT||j@-&gi?QK|F*lW!)B4ri5P|izGctFoYZZsJH@W&54oa708y=q(fvG)6Zm{`c$ODcozy6dI2H^f7IjUH3 zQ86Xj97x}kTJ8VHEDruVP^DaFh~D#5vOA-JS!R37y7=kY5g$E6F5Y9$SJNm&aLhqY z$F?eldiTqV-tpS&nkjVisUx{ex98GPgwKZt)9fo#*ZF7E2%U18R2~=fTUXuDp_g4P zS^6iaL8QkJUdi=SAX@O-=6S||uxJZ$tE`tT%fwx=DXmBr`B;J2Q1m*KF&T=}m4zbX z$^i8w29hT(rIMVG&Z%3Od86(ZK!_I0*B0=}oo-4*A?rEcd&%x#yX@KY0_++|vr19r@BXqMv#1eAX(g zqN{whJ%n5kg0-jtlmCMNb$lo!(3wh$q6cIT-IxeX}c&e;%j00A!C?UeZi zT{I3xMNP%3(506oQ(5QQ5}IW#Y3w|LHrZy0EzDu%&WCK`A{~3~Wr?(1%s95$P!Y={%%~@E}b?$;0vj!ZuFRDlwMd$?|!-J2j-hiOtwdT_q*) z5-QeRA8?S6w3+iQTe&TB26Is^^CHI$(S1Ct`4jO{&Q3FZ_%OOII3^S$3- z1Amo`x~EfVCHzb^*msU-=n&z0nz5T&Zx6q+uP2#$JxHSI1L9uugI^gWH=SF!y{Xg6 zypUGUbU*D}J8sl>hc9gZp>cxcj%U`}WFx#-sXBBg`3DNsH%RnZ+3QqC@{I>IsS1=E zq=6x0OW{GMTAV^%2F%y;&vudFf*M~`Fv9+IEZ!AGK=`yIkWhksbG-}`+!m2_Yp3>C zbT>0r<}D>ZxvN{H*;0gj8aiIOi+g{sL5s&;BEYHr*~FG&hT4GSYxkSNs)_P1g^ zEre;HFS5X5jDkspptZYDoKDDEZY4$UU7E2AT07kIA@D(S;JS5w{0jCMu&guxlO-9$ zL@!ctR=2zR5N3Y@C}$)OWk=j>N21B_BCZY!D6xTH7O=M`&yhS95zBwxH^Y%^mpBIS z^fW?baMskfc=U)>V!O!btm$pWd!jxcwfy_*`@GWY7G=|oB)D4w_am++sG897DzZZ- z6o%`JNq<*jI;XL*HpK`tFTICTzX6%V8D6H5m3ONrsM=7FzBfp*^PYA!7$h}(OMJ2z zM*@Pm9@0j?O=i9e368Xfa{MDYW1Cfbcw;w|WAHJ|bFUHxak`}7=LXvoU$bt3u0GCa zzj7@RzvJ1nmdvZeHhX&%YOvt0tg@vj?#gqpw>P2F=@tn4L~HoWbwZ}{myCNT6qTE> zf)SP4n3yt>Y0WDu#BgD+@~sm~P*Rxon^4B}*AsvxglSHV(S=H!piOvLCrxsSjyAcg zM>)bXKzK9HTy%v^Pr5YquVu@Gs_V_#D~oA{_N^-cTJnB^2DZN*TvenCT(axF$;Ot1 z7i0v!_5ufq>}TrJ*+LyUKZs)PQ6t$9ZRsgYpZ!7WPK6Jz;L=0hazbW>I*PFUoB4MC zksx&-{RYC%DC?eEIZCj4P6dvw<`(>?zJuYI=WEOM^HiG`XDi-GG14>OwyxGS=pz?3 zkTE6C({#FLw_sX_+@HQA5vhO>G(}#8*Lcl#v~78g5aI%&^$eGfodh*PN&-aXLFa7q zA%x+>4N=)FK-S++0C55GEbe!awe6dEG)@C?)@h)j8PypvA7>HP9+{q`P626nJQlzOy8AQ5|SBIQ@mE+`i3GBG!$!rwk%^*eo?l&II<-Rwk_S5)a@LWcj`SY z(VWvUUp7$_i7rs3cC0$TI?)VTLB2!-kV0^FM+doHoLm zcZuvy%K>Ubv5<-|(MRtEQ}Ayix0X$K1VW7xaud7kW9k}TJIkq#$MB!zhX(ADDm>^oql6+!s=b+-H&A`b^%-}`-Bw2t?imME3XhZ# zi45b*j6&WnQ?`!-v6LJK*?DForJAP9QgbX5Ke;O=yW%GlCS8$H8pq%AKN_RI>~7m) z#!>zTKAvCXLMPE$-@ku>7;OsP2@z|!ToC!eesLm?kpc%V4f`dxvF*Vc4@s`&AIICu zmM0%wR9aQ%;&Y2PN_Yo+d*qq+kujwCQG~Kb0UiZRK`Qi{RTg&b-rTYlQC#r`f{>({ToK`w$5=kJT%tARtesDO66zQU3@P0~pR z1z+vC1sh}U%c=c;1>|5s)(-s$_leb&^2_V!AG2Nw$=x zqYNb5A2!$H-}cLyLPhX^&L>I}l8sbdu*vMHoe>@>q!PL-Yy|#LYCkmFVKCxI*5nb= z+8g|q+l;-?aWqX@Lf3T&$q3GxW8ZV=kR-wwEe6$mBL2|7)M zBX_%Gbc4Q+#I3G&XkVX1y7&sr&+z3uV-7rH@y;B3pOp|m9d+4H(qUGeIrn-zflrFcM1nW} zwk|{uM=LxX@k@po)oP6S9{iIXMGB`;0!|AcbM-T@7w6f_M=}kxVX2i15K@5XHHfw+%@! zH*FJl`QBX6@A2X5k1e?U9=y6xp3OFRII%V&RE{i1{=+Um*g@Xg0j|2xG2?c!>wSX} zsPeXR4inEu2pdO`eHER$xvPA2>QIhfCZL-~2J;Q&*-{Jtx*ZFY$%Lao<&ERuQ5wb$ zt=wr$%$K1J=ZwQTxlwy4(LWv~DH&WmBGo&hzV+8odN>3KNZN5#N^qXkcDCZ=wE+43 zN`!Tp*MZ?}lZwO|03U*nfcrl4Ga2(E>iKNCbG{egzmfaD6uJLK>;GT0D&Fud2kGuMGTn3}x@r^nchc0{B-_~G?*9N& CH*|"remote_write
    (example.com)"| prometheus prometheus -->|"self-monitoring
    (am-0.cluster.local)"| alertmanager - route53 -->|"tls_certificates
    (example.com)"| traefik + cert-provider -->|"tls_certificates
    (example.com)"| traefik traefik -->|"ingress-per-unit
    (prom-0.cluster.local)"| prometheus traefik -->|"ingress-per-app
    (am-*.cluster.local)"| alertmanager @@ -48,118 +55,28 @@ flowchart TB alertmanager -->|"tls_certificates
    (am-0.cluster.local)"| localca localca -->|"certificate_transfer
    (local_ca)"| traefik - route53 -->|"certificate_transfer
    (external_ca)"| grafana + cert-provider -->|"certificate_transfer
    (external_ca)"| grafana - le -.-> route53 - route53dns -.-> route53 - - classDef ExternalNode fill:black,stroke:white,stroke-width:1px,color:white,rx:8px,ry:8px - class le,route53dns ExternalNode - style WWW fill:grey,stroke:white,stroke-width:1px,rx:8px,ry:8px + classDef Charm stroke:white,stroke-width:1px,color:white,rx:8px,ry:8px + class traefik,prometheus,alertmanager,localca,grafana,cert-provider Charm ``` -As with any TLS configuration, keep in mind best practices such as frequent certificate rotation. See [this guide](https://charmhub.io/blackbox-exporter-k8s/docs/monitor-ssl-certificates) for an example of monitoring certificates. +As with any TLS configuration, keep in mind best practices such as frequent certificate rotation. See [this guide](https://charmhub.io/blackbox-exporter-k8s/docs/monitor-ssl-certificates) for an example of monitoring certificates. ```{warning} currently there is a [known issue](https://github.com/canonical/operator/issues/970) due to which some COS relations are limited to in-cluster relations only. ``` -## COS - -COS can be deployed end-to-end encrypted, with TLS termination only, or unencrypted. - -`````{tab-set} -````{tab-item} End-to-end TLS -:sync: e2e-tls-cos - -The following Terraform root module enables internal TLS by setting the `internal_tls` value to `true`. By instantiating the COS module with a `certificates` provider offer URL (from the `ssc` module in this example), Traefik is provided certificates to enable TLS termination. The combination of these settings enables end-to-end TLS. - -```{tip} -- `internal_tls` -> `true` -- `external_certificates_offer_url` -> not `null` -``` - -```{literalinclude} /how-to/cos-tls.tf -``` -```` - -````{tab-item} TLS-terminated -:sync: tls-terminated-cos - -To remove the internal TLS configuration, override the COS module's `internal_tls` value to `false`. By instantiating the COS module with a `certificates` provider offer URL (from the `ssc` module in this example), Traefik is provided certificates to enable TLS termination. The combination of these settings enables TLS termination. - -```{tip} -- `internal_tls` -> `false` -- `external_certificates_offer_url` -> not `null` -``` - -```{literalinclude} /how-to/cos-tls.tf -``` -```` - -````{tab-item} Unencrypted -:sync: unencrypted-cos +## Deployment -To remove the internal TLS configuration, override the COS module's `internal_tls` value to `false`. To remove TLS termination, override the COS module's `external_certificates_offer_url` to `null`. The combination of these settings enables unencrypted mode. +Using the following Terraform root module, you can control `external` and `internal` TLS. -```{tip} -- `internal_tls` -> `false` -- `external_certificates_offer_url` -> `null` -``` - -```{literalinclude} /how-to/cos-tls.tf -``` -```` -````` - -## COS Lite +To enable `internal` TLS, set the `internal_tls` value to `true`. To enable `external` TLS, supply the `external_certificates_offer_url` value with a `certificates` provider's Juju offer URL, from the `ssc` module in this example. The combination of these settings enables full encryption. ```{Note} -The [COS Lite bundle](https://charmhub.io/cos-lite) is now deprecated in favor of Terraform modules. -``` - -COS Lite can be deployed end-to-end encrypted, with TLS termination only, or unencrypted. - -`````{tab-set} -````{tab-item} End-to-end TLS -:sync: e2e-tls-cos-lite - -The following Terraform root module enables internal TLS by setting the `internal_tls` to `true`. By instantiating the COS Lite module with a `certificates` provider offer URL (from the `ssc` module in this example), Traefik is provided certificates to enable TLS termination. The combination of these settings enables end-to-end TLS. - -```{tip} -- `internal_tls` -> `true` -- `external_certificates_offer_url` -> not `null` -``` +If you are using COS Lite, create a cos-lite module with the cos-lite source: "git::https://github.com/canonical/observability-stack//terraform/cos-lite" -```{literalinclude} /how-to/cos-lite-tls.tf -``` - -```` - -````{tab-item} TLS-terminated -:sync: tls-terminated-cos-lite - -To remove the internal TLS configuration, override the COS Lite module's `internal_tls` value to `false`. By instantiating the COS Lite module with a `certificates` provider offer URL (from the `ssc` module in this example), Traefik is provided certificates to enable TLS termination. The combination of these settings enables TLS termination. - -```{tip} -- `internal_tls` -> `false` -- `external_certificates_offer_url` -> not `null` -``` - -```{literalinclude} /how-to/cos-lite-tls.tf -``` -```` - -````{tab-item} Unencrypted -:sync: unencrypted-cos-lite - -To remove the internal TLS configuration, override the COS Lite module's `internal_tls` value to `false`. To remove TLS termination, override the COS Lite module's `external_certificates_offer_url` to `null`. The combination of these settings enables unencrypted mode. - -```{tip} -- `internal_tls` -> `false` -- `external_certificates_offer_url` -> `null` +The [COS Lite bundle](https://charmhub.io/cos-lite) is now deprecated in favor of Terraform modules. ``` -```{literalinclude} /how-to/cos-lite-tls.tf +```{literalinclude} /how-to/cos-tls.tf ``` -```` -````` diff --git a/docs/how-to/cos-lite-tls.tf b/docs/how-to/cos-lite-tls.tf deleted file mode 100644 index eefd2f99..00000000 --- a/docs/how-to/cos-lite-tls.tf +++ /dev/null @@ -1,17 +0,0 @@ -# Note: The deployment order matters since the 'traefik:certificates' integration depends on 'module.ssc' -# 'terraform apply -target module.ssc' -# 'terraform apply' - -module "ssc" { - source = "git::https://github.com/canonical/self-signed-certificates-operator//terraform" - model = "external-ca" -} - -module "cos-lite" { - source = "git::https://github.com/canonical/observability-stack//terraform/cos-lite" - model = "cos" - channel = "1/stable" - traefik_channel = "latest/edge" - internal_tls = true # Set to 'false' to disable inter-model TLS - external_certificates_offer_url = module.ssc.offers.certificates.url # Set to 'null' or remove this line to communicate with Traefik via HTTP -} diff --git a/docs/how-to/cos-tls.tf b/docs/how-to/cos-tls.tf index 4ad12cda..7b7399da 100644 --- a/docs/how-to/cos-tls.tf +++ b/docs/how-to/cos-tls.tf @@ -8,10 +8,11 @@ module "ssc" { } module "cos" { + # Use the right source value depending on whether you are using cos or cos-lite source = "git::https://github.com/canonical/observability-stack//terraform/cos" model = "cos" channel = "1/stable" traefik_channel = "latest/edge" - internal_tls = true # Set to 'false' to disable inter-model TLS - external_certificates_offer_url = module.ssc.offers.certificates.url # Set to 'null' or remove this line to communicate with Traefik via HTTP + internal_tls = true # Set to 'false' to disable TLS between in-model applications + external_certificates_offer_url = module.ssc.offers.certificates.url # Set to 'null' to communicate with Traefik via HTTP, i.e. 'external_tls' } diff --git a/terraform/cos-lite/variables.tf b/terraform/cos-lite/variables.tf index 86f27858..b65faa56 100644 --- a/terraform/cos-lite/variables.tf +++ b/terraform/cos-lite/variables.tf @@ -19,7 +19,7 @@ variable "internal_tls" { } variable "external_certificates_offer_url" { - description = "A Juju offer URL of a CA providing the 'tls_certificates' integration for Traefik to supply it with server certificates" + description = "A Juju offer URL (e.g. admin/external-ca.certificates) of a CA providing the 'tls_certificates' integration for Traefik to supply it with server certificates." type = string default = null } From a309b250c111a5a1dec42bea0492b3495bc3fe69 Mon Sep 17 00:00:00 2001 From: Michael Thamm Date: Wed, 9 Jul 2025 14:48:22 -0400 Subject: [PATCH 07/14] chore: Remove the traefik_channel input in the doc TF module --- docs/how-to/cos-tls.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/how-to/cos-tls.tf b/docs/how-to/cos-tls.tf index 7b7399da..445bb190 100644 --- a/docs/how-to/cos-tls.tf +++ b/docs/how-to/cos-tls.tf @@ -12,7 +12,6 @@ module "cos" { source = "git::https://github.com/canonical/observability-stack//terraform/cos" model = "cos" channel = "1/stable" - traefik_channel = "latest/edge" internal_tls = true # Set to 'false' to disable TLS between in-model applications external_certificates_offer_url = module.ssc.offers.certificates.url # Set to 'null' to communicate with Traefik via HTTP, i.e. 'external_tls' } From 6884f15edfe745ff5a5e882fd2e18ad367dbb345 Mon Sep 17 00:00:00 2001 From: Michael Thamm Date: Thu, 10 Jul 2025 09:02:39 -0400 Subject: [PATCH 08/14] chore: Add TF URL to linkcheck ignore list --- docs/conf.py | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/conf.py b/docs/conf.py index 4d2e65c3..e939afe7 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -220,6 +220,7 @@ "http://127.0.0.1:8000", "https://github.com/canonical/ACME/*", "troubleshooting/", + "https://github.com/canonical/observability-stack//terraform/cos-lite", ] From 4e685d91e6930500fbda3b941387c9adb7d1c82b Mon Sep 17 00:00:00 2001 From: Michael Thamm Date: Thu, 10 Jul 2025 09:52:22 -0400 Subject: [PATCH 09/14] chore: Add terraform to the wordlist --- docs/.sphinx/.wordlist.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/.sphinx/.wordlist.txt b/docs/.sphinx/.wordlist.txt index bc39fde7..68b76f1f 100644 --- a/docs/.sphinx/.wordlist.txt +++ b/docs/.sphinx/.wordlist.txt @@ -330,3 +330,4 @@ subcluster swrast zSystems mimir +terraform From de509c237cbf6259bfe1e720898c4231b683922b Mon Sep 17 00:00:00 2001 From: Michael Thamm Date: Thu, 10 Jul 2025 12:20:26 -0400 Subject: [PATCH 10/14] chore: Add editable link for diagram --- docs/how-to/configure-tls-encryption.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/how-to/configure-tls-encryption.md b/docs/how-to/configure-tls-encryption.md index 011cb517..4f6b47ec 100644 --- a/docs/how-to/configure-tls-encryption.md +++ b/docs/how-to/configure-tls-encryption.md @@ -10,6 +10,10 @@ The combination of these 2 configurations provides our products with 4 modes of ![high-level-tls.png](assets/high-level-tls.png) + + ## Full TLS encryption implementation details The recommended deployment for COS implements full TLS encryption, which requires an external certificates provider offer URL (cross-model relation) and has the following semantics: From 7da02406e3ab8f29e5e15a827e1ff7d777492d33 Mon Sep 17 00:00:00 2001 From: Michael Thamm Date: Thu, 10 Jul 2025 12:27:59 -0400 Subject: [PATCH 11/14] test: Sphinx drawio extension --- docs/conf.py | 1 + docs/how-to/assets/test.drawio | 54 +++++++++++++++++++++++++ docs/how-to/configure-tls-encryption.md | 3 ++ docs/requirements.txt | 1 + 4 files changed, 59 insertions(+) create mode 100644 docs/how-to/assets/test.drawio diff --git a/docs/conf.py b/docs/conf.py index e939afe7..7a51d749 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -273,6 +273,7 @@ "sphinx.ext.intersphinx", "sphinx_sitemap", "sphinxcontrib.mermaid", + "sphinxcontrib.drawio", ] # Excludes files or directories from processing diff --git a/docs/how-to/assets/test.drawio b/docs/how-to/assets/test.drawio new file mode 100644 index 00000000..172fe00e --- /dev/null +++ b/docs/how-to/assets/test.drawio @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/how-to/configure-tls-encryption.md b/docs/how-to/configure-tls-encryption.md index 4f6b47ec..18b986e0 100644 --- a/docs/how-to/configure-tls-encryption.md +++ b/docs/how-to/configure-tls-encryption.md @@ -14,6 +14,9 @@ The combination of these 2 configurations provides our products with 4 modes of https://app.diagrams.net/?dark=auto#R%3Cmxfile%3E%3Cdiagram%20name%3D%22Page-1%22%20id%3D%2297916047-d0de-89f5-080d-49f4d83e522f%22%3E7VnbctowEP0aHunYFjb2YwJJ0zadaYdMA08dxRZGQViukLn06yvj9Q0ZQkshlzYv8a5Wa%2BmcPbqYFurNVu8FjiefeUBYyzKCVQv1W5ZldixH%2FUs968zjeF7mCAUNIKh0DOhPAk4DvAkNyLwWKDlnksZ1p8%2BjiPiy5sNC8GU9bMxZ%2Fa0xDonmGPiY5d53dum%2Fp4GcgN90vLLhhtBwAi93rW7W8ID9aSh4EsEbIx6RrGWG8zQwy%2FkEB3xZcaGrFuoJzmX2NFv1CEuBzTHL%2Bl3vaC2mIkgkD%2BkwDOjHy%2Ftpp538ENPB5fDD8iZo5xQsMEsADbKSRESYfZdsDiOX6xyqzVRJmtFsoctiSqkx5pEcQGRhZ1ybHWUviJBUgX7BaBgpp%2BRxmkIKPi1At9J%2BlLEeZ1xs3ojGOOhiv4istDx0HNtIM8MUVH6y2gmOWUCu6pjwGZFirUKgA%2BoAEFDCpgf2siwHywbfpFIJlgFODEUYFrlLLtQD0PEb1HgaMzT6B5lxDmAGGadi5vHavGuPXPcWffsUfyV9HLaXbdvRqLkTmIzp9PSsbHFANn9NHCAHeSgoONAAb6BlJwcdt86BAlxXR7eBA9M6lTqQBjUJ1KIOJhdywkOutHJVei%2FrZJQxtzyFduN8JFKugQWcSK5cEzlj0KoQFOuhMozcGKWG2j7A7K%2Bqjf01WLqU%2FEQsNiMxjuA0nfF%2BVSmAeCJ8iLJgb8UiJBCFmnkXhGFJF%2FXsTRxC1y9crU2VerHq9VKsrnmKbAjQa6sSimEcVByWJsVkTsTf1OGzKA7ZW4rr6oprEpxzKr11nkVvKyqHleeK2pRVii01cq29co0iXaPNe5B9pHIPrQakHxAjX6xj%2Beo1ZhtPa8w9p8a6L0dj1psW2R5F1aXXSNO5lNf4cvfl1Ej3f43spMk5U43sHWVlzRak%2FVaWbeeAo9FZl20dbZ%2Br%2B7kqAWSmFYvjuG2%2BBNiPuoe7W%2Ffw4rtWBXbvnLDrl3AdduvNwY7MZ4bd1Ev5jDtQefofVfecJzagcs8Z5fn%2BfAOaq8VfXqSfnZXDZ3g%2Bp37uvqYsH%2FG59ql92jj5Uab5%2Bu9uH6w9u54iG792%2FdcSeeaOpf7o7wjKLL%2B8Z%2BHlbxvo6hc%3D%3C%2Fdiagram%3E%3C%2Fmxfile%3E --> +```{drawio-figure} assets/test.drawio +``` + ## Full TLS encryption implementation details The recommended deployment for COS implements full TLS encryption, which requires an external certificates provider offer URL (cross-model relation) and has the following semantics: diff --git a/docs/requirements.txt b/docs/requirements.txt index f464c3a8..63c782ab 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -4,3 +4,4 @@ sphinxcontrib-svg2pdfconverter[CairoSVG] sphinx-last-updated-by-git sphinx-sitemap sphinxcontrib-mermaid +sphinxcontrib-drawio From f23b1a90bf877aa3280b1164d010949855c876e6 Mon Sep 17 00:00:00 2001 From: Michael Thamm Date: Thu, 10 Jul 2025 12:44:56 -0400 Subject: [PATCH 12/14] chore: spellcheck --- docs/.sphinx/.wordlist.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/.sphinx/.wordlist.txt b/docs/.sphinx/.wordlist.txt index 68b76f1f..a1e89e70 100644 --- a/docs/.sphinx/.wordlist.txt +++ b/docs/.sphinx/.wordlist.txt @@ -331,3 +331,4 @@ swrast zSystems mimir terraform +DrawIO From 9088179ad0b95d1e4f1b84e08d25fc423e3be346 Mon Sep 17 00:00:00 2001 From: Michael Thamm Date: Thu, 10 Jul 2025 12:50:40 -0400 Subject: [PATCH 13/14] Revert "test: Sphinx drawio extension" This reverts commit 7da02406e3ab8f29e5e15a827e1ff7d777492d33. --- docs/conf.py | 1 - docs/how-to/assets/test.drawio | 54 ------------------------- docs/how-to/configure-tls-encryption.md | 3 -- docs/requirements.txt | 1 - 4 files changed, 59 deletions(-) delete mode 100644 docs/how-to/assets/test.drawio diff --git a/docs/conf.py b/docs/conf.py index 7a51d749..e939afe7 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -273,7 +273,6 @@ "sphinx.ext.intersphinx", "sphinx_sitemap", "sphinxcontrib.mermaid", - "sphinxcontrib.drawio", ] # Excludes files or directories from processing diff --git a/docs/how-to/assets/test.drawio b/docs/how-to/assets/test.drawio deleted file mode 100644 index 172fe00e..00000000 --- a/docs/how-to/assets/test.drawio +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/how-to/configure-tls-encryption.md b/docs/how-to/configure-tls-encryption.md index 18b986e0..4f6b47ec 100644 --- a/docs/how-to/configure-tls-encryption.md +++ b/docs/how-to/configure-tls-encryption.md @@ -14,9 +14,6 @@ The combination of these 2 configurations provides our products with 4 modes of https://app.diagrams.net/?dark=auto#R%3Cmxfile%3E%3Cdiagram%20name%3D%22Page-1%22%20id%3D%2297916047-d0de-89f5-080d-49f4d83e522f%22%3E7VnbctowEP0aHunYFjb2YwJJ0zadaYdMA08dxRZGQViukLn06yvj9Q0ZQkshlzYv8a5Wa%2BmcPbqYFurNVu8FjiefeUBYyzKCVQv1W5ZldixH%2FUs968zjeF7mCAUNIKh0DOhPAk4DvAkNyLwWKDlnksZ1p8%2BjiPiy5sNC8GU9bMxZ%2Fa0xDonmGPiY5d53dum%2Fp4GcgN90vLLhhtBwAi93rW7W8ID9aSh4EsEbIx6RrGWG8zQwy%2FkEB3xZcaGrFuoJzmX2NFv1CEuBzTHL%2Bl3vaC2mIkgkD%2BkwDOjHy%2Ftpp538ENPB5fDD8iZo5xQsMEsADbKSRESYfZdsDiOX6xyqzVRJmtFsoctiSqkx5pEcQGRhZ1ybHWUviJBUgX7BaBgpp%2BRxmkIKPi1At9J%2BlLEeZ1xs3ojGOOhiv4istDx0HNtIM8MUVH6y2gmOWUCu6pjwGZFirUKgA%2BoAEFDCpgf2siwHywbfpFIJlgFODEUYFrlLLtQD0PEb1HgaMzT6B5lxDmAGGadi5vHavGuPXPcWffsUfyV9HLaXbdvRqLkTmIzp9PSsbHFANn9NHCAHeSgoONAAb6BlJwcdt86BAlxXR7eBA9M6lTqQBjUJ1KIOJhdywkOutHJVei%2FrZJQxtzyFduN8JFKugQWcSK5cEzlj0KoQFOuhMozcGKWG2j7A7K%2Bqjf01WLqU%2FEQsNiMxjuA0nfF%2BVSmAeCJ8iLJgb8UiJBCFmnkXhGFJF%2FXsTRxC1y9crU2VerHq9VKsrnmKbAjQa6sSimEcVByWJsVkTsTf1OGzKA7ZW4rr6oprEpxzKr11nkVvKyqHleeK2pRVii01cq29co0iXaPNe5B9pHIPrQakHxAjX6xj%2Beo1ZhtPa8w9p8a6L0dj1psW2R5F1aXXSNO5lNf4cvfl1Ej3f43spMk5U43sHWVlzRak%2FVaWbeeAo9FZl20dbZ%2Br%2B7kqAWSmFYvjuG2%2BBNiPuoe7W%2Ffw4rtWBXbvnLDrl3AdduvNwY7MZ4bd1Ev5jDtQefofVfecJzagcs8Z5fn%2BfAOaq8VfXqSfnZXDZ3g%2Bp37uvqYsH%2FG59ql92jj5Uab5%2Bu9uH6w9u54iG792%2FdcSeeaOpf7o7wjKLL%2B8Z%2BHlbxvo6hc%3D%3C%2Fdiagram%3E%3C%2Fmxfile%3E --> -```{drawio-figure} assets/test.drawio -``` - ## Full TLS encryption implementation details The recommended deployment for COS implements full TLS encryption, which requires an external certificates provider offer URL (cross-model relation) and has the following semantics: diff --git a/docs/requirements.txt b/docs/requirements.txt index 63c782ab..f464c3a8 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -4,4 +4,3 @@ sphinxcontrib-svg2pdfconverter[CairoSVG] sphinx-last-updated-by-git sphinx-sitemap sphinxcontrib-mermaid -sphinxcontrib-drawio From cc576eb1852b444ccdea898788b82133aae0776d Mon Sep 17 00:00:00 2001 From: Michael Thamm Date: Thu, 10 Jul 2025 12:55:38 -0400 Subject: [PATCH 14/14] chore: remove DrawIO from wordlist --- docs/.sphinx/.wordlist.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/.sphinx/.wordlist.txt b/docs/.sphinx/.wordlist.txt index a1e89e70..68b76f1f 100644 --- a/docs/.sphinx/.wordlist.txt +++ b/docs/.sphinx/.wordlist.txt @@ -331,4 +331,3 @@ swrast zSystems mimir terraform -DrawIO