From 89e615bd92bde7e9bc80b2942eea179f1213b59c Mon Sep 17 00:00:00 2001 From: Sense T Date: Sun, 10 May 2026 02:02:43 +0000 Subject: [PATCH] =?UTF-8?q?=E4=B8=80=E4=BA=9B=E6=9B=B4=E6=96=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- download-job/download.sh | 14 + download-job/download.yaml | 34 ++ download-job/kustomization.yaml | 10 + matrix/dendrite.old/.helm-docs/about.gotmpl | 5 + .../.helm-docs/appservices.gotmpl | 5 + .../dendrite.old/.helm-docs/database.gotmpl | 18 + .../dendrite.old/.helm-docs/monitoring.gotmpl | 27 + matrix/dendrite.old/.helm-docs/state.gotmpl | 3 + matrix/dendrite.old/Chart.lock | 6 + matrix/dendrite.old/Chart.yaml | 20 + matrix/dendrite.old/README.md | 193 +++++++ matrix/dendrite.old/README.md.gotmpl | 14 + matrix/dendrite.old/ci/ct-ingress-values.yaml | 18 + .../ci/ct-postgres-sharedsecret-values.yaml | 16 + .../grafana_dashboards/dendrite-rev2.json | 479 ++++++++++++++++++ .../grafana_dashboards/dendrite-rev2.png | Bin 0 -> 128391 bytes matrix/dendrite.old/templates/_helpers.tpl | 68 +++ matrix/dendrite.old/templates/_overrides.yaml | 16 + .../configmap_grafana_dashboards.yaml | 16 + matrix/dendrite.old/templates/deployment.yaml | 115 +++++ matrix/dendrite.old/templates/ingress.yaml | 116 +++++ matrix/dendrite.old/templates/jobs.yaml | 100 ++++ .../templates/prometheus-rules.yaml | 18 + matrix/dendrite.old/templates/pvc.yaml | 69 +++ matrix/dendrite.old/templates/secrets.yaml | 45 ++ matrix/dendrite.old/templates/service.yaml | 17 + .../templates/servicemonitor.yaml | 28 + .../templates/tests/test-version.yaml | 17 + matrix/dendrite.old/values.yaml | 428 ++++++++++++++++ matrix/dendrite/Chart.lock | 2 +- matrix/dendrite/Chart.yaml | 8 +- matrix/dendrite/README.md | 15 +- .../grafana_dashboards/dendrite-rev2.json | 29 +- matrix/dendrite/templates/_helpers.tpl | 4 +- matrix/dendrite/templates/deployment.yaml | 22 +- matrix/dendrite/templates/jobs.yaml | 18 +- matrix/dendrite/values.yaml | 28 +- matrix/values.yaml | 2 +- transmission/templates/configmap-webdav.yaml | 2 +- .../templates/deployment-transmission.yaml | 2 +- transmission/values.yaml | 4 +- trilium-notes/.helmignore | 23 + trilium-notes/Chart.yaml | 9 + trilium-notes/templates/NOTES.txt | 21 + trilium-notes/templates/_helpers.tpl | 63 +++ trilium-notes/templates/ingress.yaml | 41 ++ trilium-notes/templates/service-headless.yaml | 15 + trilium-notes/templates/service.yaml | 15 + trilium-notes/templates/serviceaccount.yaml | 12 + trilium-notes/templates/statefulset.yaml | 88 ++++ .../templates/tests/test-connection.yaml | 15 + trilium-notes/values.schema.json | 153 ++++++ trilium-notes/values.yaml | 77 +++ xianyu-auto-reply/deploy.yaml | 31 ++ xianyu-auto-reply/kustomization.yaml | 5 + xianyu-auto-reply/services.yaml | 10 + 56 files changed, 2579 insertions(+), 50 deletions(-) create mode 100644 download-job/download.sh create mode 100644 download-job/download.yaml create mode 100644 download-job/kustomization.yaml create mode 100644 matrix/dendrite.old/.helm-docs/about.gotmpl create mode 100644 matrix/dendrite.old/.helm-docs/appservices.gotmpl create mode 100644 matrix/dendrite.old/.helm-docs/database.gotmpl create mode 100644 matrix/dendrite.old/.helm-docs/monitoring.gotmpl create mode 100644 matrix/dendrite.old/.helm-docs/state.gotmpl create mode 100644 matrix/dendrite.old/Chart.lock create mode 100644 matrix/dendrite.old/Chart.yaml create mode 100644 matrix/dendrite.old/README.md create mode 100644 matrix/dendrite.old/README.md.gotmpl create mode 100644 matrix/dendrite.old/ci/ct-ingress-values.yaml create mode 100644 matrix/dendrite.old/ci/ct-postgres-sharedsecret-values.yaml create mode 100644 matrix/dendrite.old/grafana_dashboards/dendrite-rev2.json create mode 100644 matrix/dendrite.old/grafana_dashboards/dendrite-rev2.png create mode 100644 matrix/dendrite.old/templates/_helpers.tpl create mode 100644 matrix/dendrite.old/templates/_overrides.yaml create mode 100644 matrix/dendrite.old/templates/configmap_grafana_dashboards.yaml create mode 100644 matrix/dendrite.old/templates/deployment.yaml create mode 100644 matrix/dendrite.old/templates/ingress.yaml create mode 100644 matrix/dendrite.old/templates/jobs.yaml create mode 100644 matrix/dendrite.old/templates/prometheus-rules.yaml create mode 100644 matrix/dendrite.old/templates/pvc.yaml create mode 100644 matrix/dendrite.old/templates/secrets.yaml create mode 100644 matrix/dendrite.old/templates/service.yaml create mode 100644 matrix/dendrite.old/templates/servicemonitor.yaml create mode 100644 matrix/dendrite.old/templates/tests/test-version.yaml create mode 100644 matrix/dendrite.old/values.yaml create mode 100644 trilium-notes/.helmignore create mode 100644 trilium-notes/Chart.yaml create mode 100644 trilium-notes/templates/NOTES.txt create mode 100644 trilium-notes/templates/_helpers.tpl create mode 100644 trilium-notes/templates/ingress.yaml create mode 100644 trilium-notes/templates/service-headless.yaml create mode 100644 trilium-notes/templates/service.yaml create mode 100644 trilium-notes/templates/serviceaccount.yaml create mode 100644 trilium-notes/templates/statefulset.yaml create mode 100644 trilium-notes/templates/tests/test-connection.yaml create mode 100644 trilium-notes/values.schema.json create mode 100644 trilium-notes/values.yaml create mode 100644 xianyu-auto-reply/deploy.yaml create mode 100644 xianyu-auto-reply/kustomization.yaml create mode 100644 xianyu-auto-reply/services.yaml diff --git a/download-job/download.sh b/download-job/download.sh new file mode 100644 index 0000000..43391c6 --- /dev/null +++ b/download-job/download.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +cd /data + +sed -i 's|deb.debian.org|mirrors.ustc.edu.cn|g' /etc/apt/sources.list.d/debian.sources +apt update && apt install -y wget + +for i in {1..20}; do + EP=$(printf "%02d" $i) + for j in {1..1000}; do + FILE=$(printf "%07d" $j) + wget --referer=https://www.bilivod.com/ -rc https://c1.rrcdnbf2.com/video/xiarilidechuntian/第${EP}集/${FILE}.ts || continue + done +done \ No newline at end of file diff --git a/download-job/download.yaml b/download-job/download.yaml new file mode 100644 index 0000000..e68ba5b --- /dev/null +++ b/download-job/download.yaml @@ -0,0 +1,34 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: download-job +spec: + template: + spec: + containers: + - name: download + image: cr.wetofu.me/debian:sid-slim + command: + - /bin/bash + - /loader/download.sh + volumeMounts: + - name: download-volume + mountPath: /data + - name: download-sh + mountPath: /loader/download.sh + subPath: download.sh + resources: + limits: + cpu: '1' + memory: '1Gi' + volumes: + - name: download-volume + hostPath: + path: /data/xiarilidechuntian/ + - name: download-sh + configMap: + name: download-sh + items: + - key: download.sh + path: download.sh + restartPolicy: OnFailure diff --git a/download-job/kustomization.yaml b/download-job/kustomization.yaml new file mode 100644 index 0000000..45a0c78 --- /dev/null +++ b/download-job/kustomization.yaml @@ -0,0 +1,10 @@ +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json + +kind: Kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +resources: +- download.yaml +configMapGenerator: +- name: download-sh + files: + - download.sh \ No newline at end of file diff --git a/matrix/dendrite.old/.helm-docs/about.gotmpl b/matrix/dendrite.old/.helm-docs/about.gotmpl new file mode 100644 index 0000000..a92c6be --- /dev/null +++ b/matrix/dendrite.old/.helm-docs/about.gotmpl @@ -0,0 +1,5 @@ +{{ define "chart.about" }} +## About + +This chart creates a monolith deployment, including an optionally enabled PostgreSQL dependency to connect to. +{{ end }} \ No newline at end of file diff --git a/matrix/dendrite.old/.helm-docs/appservices.gotmpl b/matrix/dendrite.old/.helm-docs/appservices.gotmpl new file mode 100644 index 0000000..8a79a07 --- /dev/null +++ b/matrix/dendrite.old/.helm-docs/appservices.gotmpl @@ -0,0 +1,5 @@ +{{ define "chart.appservices" }} +## Usage with appservices + +Create a folder `appservices` and place your configurations in there. The configurations will be read and placed in a secret `dendrite-appservices-conf`. +{{ end }} \ No newline at end of file diff --git a/matrix/dendrite.old/.helm-docs/database.gotmpl b/matrix/dendrite.old/.helm-docs/database.gotmpl new file mode 100644 index 0000000..85ef01e --- /dev/null +++ b/matrix/dendrite.old/.helm-docs/database.gotmpl @@ -0,0 +1,18 @@ +{{ define "chart.dbCreation" }} +## Manual database creation + +(You can skip this, if you're deploying the PostgreSQL dependency) + +You'll need to create the following database before starting Dendrite (see [installation](https://matrix-org.github.io/dendrite/installation/database#single-database-creation)): + +```postgres +create database dendrite +``` + +or + +```bash +sudo -u postgres createdb -O dendrite -E UTF-8 dendrite +``` + +{{ end }} \ No newline at end of file diff --git a/matrix/dendrite.old/.helm-docs/monitoring.gotmpl b/matrix/dendrite.old/.helm-docs/monitoring.gotmpl new file mode 100644 index 0000000..eaa336e --- /dev/null +++ b/matrix/dendrite.old/.helm-docs/monitoring.gotmpl @@ -0,0 +1,27 @@ +{{ define "chart.monitoringSection" }} +## Monitoring + +![Grafana Dashboard](grafana_dashboards/dendrite-rev2.png) + +* Works well with [Prometheus Operator](https://prometheus-operator.dev/) ([Helmchart](https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack)) and their setup of [Grafana](https://grafana.com/grafana/), by enabling the following values: +```yaml +dendrite_config: + global: + metrics: + enabled: true + +prometheus: + servicemonitor: + enabled: true + labels: + release: "kube-prometheus-stack" + rules: + enabled: true # will deploy alert rules + labels: + release: "kube-prometheus-stack" +grafana: + dashboards: + enabled: true # will deploy default dashboards +``` +PS: The label `release=kube-prometheus-stack` is setup with the helmchart of the Prometheus Operator. For Grafana Dashboards it may be necessary to enable scanning in the correct namespaces (or ALL), enabled by `sidecar.dashboards.searchNamespace` in [Helmchart of grafana](https://artifacthub.io/packages/helm/grafana/grafana) (which is part of PrometheusOperator, so `grafana.sidecar.dashboards.searchNamespace`) +{{ end }} diff --git a/matrix/dendrite.old/.helm-docs/state.gotmpl b/matrix/dendrite.old/.helm-docs/state.gotmpl new file mode 100644 index 0000000..2fe987d --- /dev/null +++ b/matrix/dendrite.old/.helm-docs/state.gotmpl @@ -0,0 +1,3 @@ +{{ define "chart.state" }} +Status: **NOT PRODUCTION READY** +{{ end }} \ No newline at end of file diff --git a/matrix/dendrite.old/Chart.lock b/matrix/dendrite.old/Chart.lock new file mode 100644 index 0000000..704b648 --- /dev/null +++ b/matrix/dendrite.old/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 14.2.3 +digest: sha256:9a752ef85baa3c754e9569b2cd08cb15bf8e9d182716f0296e853ce15e918c27 +generated: "2024-04-09T08:24:44.156192866Z" diff --git a/matrix/dendrite.old/Chart.yaml b/matrix/dendrite.old/Chart.yaml new file mode 100644 index 0000000..acae028 --- /dev/null +++ b/matrix/dendrite.old/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +appVersion: 0.13.7 +dependencies: +- condition: postgresql.enabled + name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 14.2.3 +description: Dendrite Matrix Homeserver +home: https://github.com/matrix-org/dendrite +icon: https://avatars.githubusercontent.com/u/8418310?s=48&v=4 +keywords: +- matrix +- chat +- homeserver +- dendrite +name: dendrite +sources: +- https://github.com/matrix-org/dendrite +type: application +version: 0.14.1 diff --git a/matrix/dendrite.old/README.md b/matrix/dendrite.old/README.md new file mode 100644 index 0000000..9259c79 --- /dev/null +++ b/matrix/dendrite.old/README.md @@ -0,0 +1,193 @@ + +# dendrite + +![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.13.7](https://img.shields.io/badge/AppVersion-0.13.7-informational?style=flat-square) +Dendrite Matrix Homeserver + +Status: **NOT PRODUCTION READY** + +## About + +This chart creates a monolith deployment, including an optionally enabled PostgreSQL dependency to connect to. + +## Manual database creation + +(You can skip this, if you're deploying the PostgreSQL dependency) + +You'll need to create the following database before starting Dendrite (see [installation](https://matrix-org.github.io/dendrite/installation/database#single-database-creation)): + +```postgres +create database dendrite +``` + +or + +```bash +sudo -u postgres createdb -O dendrite -E UTF-8 dendrite +``` + +## Usage with appservices + +Create a folder `appservices` and place your configurations in there. The configurations will be read and placed in a secret `dendrite-appservices-conf`. + +## Source Code + +* +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | postgresql | 14.2.3 | +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.repository | string | `"ghcr.io/matrix-org/dendrite-monolith"` | Docker repository/image to use | +| image.pullPolicy | string | `"IfNotPresent"` | Kubernetes pullPolicy | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| signing_key.create | bool | `true` | Create a new signing key, if not exists | +| signing_key.existingSecret | string | `""` | Use an existing secret | +| resources | object | sets some sane default values | Default resource requests/limits. | +| persistence.storageClass | string | `nil` | The storage class to use for volume claims. Used unless specified at the specific component. Defaults to the cluster default storage class. If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | +| persistence.jetstream.existingClaim | string | `""` | Use an existing volume claim for jetstream | +| persistence.jetstream.capacity | string | `"1Gi"` | PVC Storage Request for the jetstream volume | +| persistence.jetstream.storageClass | string | `nil` | The storage class to use for volume claims. Defaults to persistence.storageClass If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | +| persistence.media.existingClaim | string | `""` | Use an existing volume claim for media files | +| persistence.media.capacity | string | `"1Gi"` | PVC Storage Request for the media volume | +| persistence.media.storageClass | string | `nil` | The storage class to use for volume claims. Defaults to persistence.storageClass If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | +| persistence.search.existingClaim | string | `""` | Use an existing volume claim for the fulltext search index | +| persistence.search.capacity | string | `"1Gi"` | PVC Storage Request for the search volume | +| persistence.search.storageClass | string | `nil` | The storage class to use for volume claims. Defaults to persistence.storageClass If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | +| extraVolumes | list | `[]` | Add additional volumes to the Dendrite Pod | +| extraVolumeMounts | list | `[]` | Configure additional mount points volumes in the Dendrite Pod | +| strategy.type | string | `"Recreate"` | Strategy to use for rolling updates (e.g. Recreate, RollingUpdate) If you are using ReadWriteOnce volumes, you should probably use Recreate | +| strategy.rollingUpdate.maxUnavailable | string | `"25%"` | Maximum number of pods that can be unavailable during the update process | +| strategy.rollingUpdate.maxSurge | string | `"25%"` | Maximum number of pods that can be scheduled above the desired number of pods | +| dendrite_config.version | int | `2` | | +| dendrite_config.global.server_name | string | `""` | **REQUIRED** Servername for this Dendrite deployment. | +| dendrite_config.global.private_key | string | `"/etc/dendrite/secrets/signing.key"` | The private key to use. (**NOTE**: This is overriden in Helm) | +| dendrite_config.global.well_known_server_name | string | `""` | The server name to delegate server-server communications to, with optional port e.g. localhost:443 | +| dendrite_config.global.well_known_client_name | string | `""` | The server name to delegate client-server communications to, with optional port e.g. localhost:443 | +| dendrite_config.global.trusted_third_party_id_servers | list | `["matrix.org","vector.im"]` | Lists of domains that the server will trust as identity servers to verify third party identifiers such as phone numbers and email addresses. | +| dendrite_config.global.old_private_keys | string | `nil` | The paths and expiry timestamps (as a UNIX timestamp in millisecond precision) to old signing keys that were formerly in use on this domain name. These keys will not be used for federation request or event signing, but will be provided to any other homeserver that asks when trying to verify old events. | +| dendrite_config.global.disable_federation | bool | `false` | Disable federation. Dendrite will not be able to make any outbound HTTP requests to other servers and the federation API will not be exposed. | +| dendrite_config.global.key_validity_period | string | `"168h0m0s"` | | +| dendrite_config.global.database.connection_string | string | `""` | The connection string for connections to Postgres. This will be set automatically if using the Postgres dependency | +| dendrite_config.global.database.max_open_conns | int | `90` | Default database maximum open connections | +| dendrite_config.global.database.max_idle_conns | int | `5` | Default database maximum idle connections | +| dendrite_config.global.database.conn_max_lifetime | int | `-1` | Default database maximum lifetime | +| dendrite_config.global.jetstream.storage_path | string | `"/data/jetstream"` | Persistent directory to store JetStream streams in. | +| dendrite_config.global.jetstream.addresses | list | `[]` | NATS JetStream server addresses if not using internal NATS. | +| dendrite_config.global.jetstream.topic_prefix | string | `"Dendrite"` | The prefix for JetStream streams | +| dendrite_config.global.jetstream.in_memory | bool | `false` | Keep all data in memory. (**NOTE**: This is overriden in Helm to `false`) | +| dendrite_config.global.jetstream.disable_tls_validation | bool | `true` | Disables TLS validation. This should **NOT** be used in production. | +| dendrite_config.global.cache.max_size_estimated | string | `"1gb"` | The estimated maximum size for the global cache in bytes, or in terabytes, gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or 'kb' suffix is specified. Note that this is not a hard limit, nor is it a memory limit for the entire process. A cache that is too small may ultimately provide little or no benefit. | +| dendrite_config.global.cache.max_age | string | `"1h"` | The maximum amount of time that a cache entry can live for in memory before it will be evicted and/or refreshed from the database. Lower values result in easier admission of new cache entries but may also increase database load in comparison to higher values, so adjust conservatively. Higher values may make it harder for new items to make it into the cache, e.g. if new rooms suddenly become popular. | +| dendrite_config.global.report_stats.enabled | bool | `false` | Configures phone-home statistics reporting. These statistics contain the server name, number of active users and some information on your deployment config. We use this information to understand how Dendrite is being used in the wild. | +| dendrite_config.global.report_stats.endpoint | string | `"https://matrix.org/report-usage-stats/push"` | Endpoint to report statistics to. | +| dendrite_config.global.presence.enable_inbound | bool | `false` | Controls whether we receive presence events from other servers | +| dendrite_config.global.presence.enable_outbound | bool | `false` | Controls whether we send presence events for our local users to other servers. (_May increase CPU/memory usage_) | +| dendrite_config.global.server_notices.enabled | bool | `false` | Server notices allows server admins to send messages to all users on the server. | +| dendrite_config.global.server_notices.local_part | string | `"_server"` | The local part for the user sending server notices. | +| dendrite_config.global.server_notices.display_name | string | `"Server Alerts"` | The display name for the user sending server notices. | +| dendrite_config.global.server_notices.avatar_url | string | `""` | The avatar URL (as a mxc:// URL) name for the user sending server notices. | +| dendrite_config.global.server_notices.room_name | string | `"Server Alerts"` | | +| dendrite_config.global.metrics.enabled | bool | `false` | Whether or not Prometheus metrics are enabled. | +| dendrite_config.global.metrics.basic_auth.user | string | `"metrics"` | HTTP basic authentication username | +| dendrite_config.global.metrics.basic_auth.password | string | `"metrics"` | HTTP basic authentication password | +| dendrite_config.global.dns_cache.enabled | bool | `false` | Whether or not the DNS cache is enabled. | +| dendrite_config.global.dns_cache.cache_size | int | `256` | Maximum number of entries to hold in the DNS cache | +| dendrite_config.global.dns_cache.cache_lifetime | string | `"10m"` | Duration for how long DNS cache items should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more) | +| dendrite_config.global.profiling.enabled | bool | `false` | Enable pprof. You will need to manually create a port forwarding to the deployment to access PPROF, as it will only listen on localhost and the defined port. e.g. `kubectl port-forward deployments/dendrite 65432:65432` | +| dendrite_config.global.profiling.port | int | `65432` | pprof port, if enabled | +| dendrite_config.mscs | object | `{"mscs":[]}` | Configuration for experimental MSC's. (Valid values are: msc2836) | +| dendrite_config.app_service_api.disable_tls_validation | bool | `false` | Disable the validation of TLS certificates of appservices. This is not recommended in production since it may allow appservice traffic to be sent to an insecure endpoint. | +| dendrite_config.app_service_api.config_files | list | `[]` | Appservice config files to load on startup. (**NOTE**: This is overriden by Helm, if a folder `./appservices/` exists) | +| dendrite_config.client_api.registration_disabled | bool | `true` | Prevents new users from being able to register on this homeserver, except when using the registration shared secret below. | +| dendrite_config.client_api.guests_disabled | bool | `true` | | +| dendrite_config.client_api.registration_shared_secret | string | `""` | If set, allows registration by anyone who knows the shared secret, regardless of whether registration is otherwise disabled. | +| dendrite_config.client_api.enable_registration_captcha | bool | `false` | enable reCAPTCHA registration | +| dendrite_config.client_api.recaptcha_public_key | string | `""` | reCAPTCHA public key | +| dendrite_config.client_api.recaptcha_private_key | string | `""` | reCAPTCHA private key | +| dendrite_config.client_api.recaptcha_bypass_secret | string | `""` | reCAPTCHA bypass secret | +| dendrite_config.client_api.recaptcha_siteverify_api | string | `""` | | +| dendrite_config.client_api.turn.turn_user_lifetime | string | `"24h"` | Duration for how long users should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more) | +| dendrite_config.client_api.turn.turn_uris | list | `[]` | | +| dendrite_config.client_api.turn.turn_shared_secret | string | `""` | | +| dendrite_config.client_api.turn.turn_username | string | `""` | The TURN username | +| dendrite_config.client_api.turn.turn_password | string | `""` | The TURN password | +| dendrite_config.client_api.rate_limiting.enabled | bool | `true` | Enable rate limiting | +| dendrite_config.client_api.rate_limiting.threshold | int | `20` | After how many requests a rate limit should be activated | +| dendrite_config.client_api.rate_limiting.cooloff_ms | int | `500` | Cooloff time in milliseconds | +| dendrite_config.client_api.rate_limiting.exempt_user_ids | string | `nil` | Users which should be exempt from rate limiting | +| dendrite_config.federation_api.send_max_retries | int | `16` | Federation failure threshold. How many consecutive failures that we should tolerate when sending federation requests to a specific server. The backoff is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds, etc. The default value is 16 if not specified, which is circa 18 hours. | +| dendrite_config.federation_api.disable_tls_validation | bool | `false` | Disable TLS validation. This should **NOT** be used in production. | +| dendrite_config.federation_api.prefer_direct_fetch | bool | `false` | | +| dendrite_config.federation_api.disable_http_keepalives | bool | `false` | Prevents Dendrite from keeping HTTP connections open for reuse for future requests. Connections will be closed quicker but we may spend more time on TLS handshakes instead. | +| dendrite_config.federation_api.key_perspectives | list | See value.yaml | Perspective keyservers, to use as a backup when direct key fetch requests don't succeed. | +| dendrite_config.media_api.base_path | string | `"/data/media_store"` | The path to store media files (e.g. avatars) in | +| dendrite_config.media_api.max_file_size_bytes | int | `10485760` | The max file size for uploaded media files | +| dendrite_config.media_api.dynamic_thumbnails | bool | `false` | | +| dendrite_config.media_api.max_thumbnail_generators | int | `10` | The maximum number of simultaneous thumbnail generators to run. | +| dendrite_config.media_api.thumbnail_sizes | list | See value.yaml | A list of thumbnail sizes to be generated for media content. | +| dendrite_config.sync_api.real_ip_header | string | `"X-Real-IP"` | This option controls which HTTP header to inspect to find the real remote IP address of the client. This is likely required if Dendrite is running behind a reverse proxy server. | +| dendrite_config.sync_api.search | object | `{"enabled":true,"index_path":"/data/search","language":"en"}` | Configuration for the full-text search engine. | +| dendrite_config.sync_api.search.enabled | bool | `true` | Whether fulltext search is enabled. | +| dendrite_config.sync_api.search.index_path | string | `"/data/search"` | The path to store the search index in. | +| dendrite_config.sync_api.search.language | string | `"en"` | The language most likely to be used on the server - used when indexing, to ensure the returned results match expectations. A full list of possible languages can be found [here](https://github.com/matrix-org/dendrite/blob/76db8e90defdfb9e61f6caea8a312c5d60bcc005/internal/fulltext/bleve.go#L25-L46) | +| dendrite_config.user_api.bcrypt_cost | int | `10` | bcrypt cost to use when hashing passwords. (ranges from 4-31; 4 being least secure, 31 being most secure; _NOTE: Using a too high value can cause clients to timeout and uses more CPU._) | +| dendrite_config.user_api.openid_token_lifetime_ms | int | `3600000` | OpenID Token lifetime in milliseconds. | +| dendrite_config.user_api.push_gateway_disable_tls_validation | bool | `false` | | +| dendrite_config.user_api.auto_join_rooms | list | `[]` | Rooms to join users to after registration | +| dendrite_config.logging | list | `[{"level":"info","type":"std"}]` | Default logging configuration | +| postgresql.enabled | bool | See value.yaml | Enable and configure postgres as the database for dendrite. | +| postgresql.image.repository | string | `"bitnami/postgresql"` | | +| postgresql.image.tag | string | `"16.2.0"` | | +| postgresql.auth.username | string | `"dendrite"` | | +| postgresql.auth.password | string | `"changeme"` | | +| postgresql.auth.database | string | `"dendrite"` | | +| postgresql.persistence.enabled | bool | `false` | | +| ingress.enabled | bool | `false` | Create an ingress for the deployment | +| ingress.className | string | `""` | The ingressClass to use. Will be converted to annotation if not yet supported. | +| ingress.annotations | object | `{}` | Extra, custom annotations | +| ingress.hostName | string | `""` | The ingress hostname for your matrix server. Should align with the server_name and well_known_* hosts. If not set, generated from the dendrite_config values. | +| ingress.tls | list | `[]` | TLS configuration. Should contain information for the server_name and well-known hosts. Alternatively, set tls.generate=true to generate defaults based on the dendrite_config. | +| service.type | string | `"ClusterIP"` | | +| service.port | int | `8008` | | +| prometheus.servicemonitor.enabled | bool | `false` | Enable ServiceMonitor for Prometheus-Operator for scrape metric-endpoint | +| prometheus.servicemonitor.labels | object | `{}` | Extra Labels on ServiceMonitor for selector of Prometheus Instance | +| prometheus.rules.enabled | bool | `false` | Enable PrometheusRules for Prometheus-Operator for setup alerting | +| prometheus.rules.labels | object | `{}` | Extra Labels on PrometheusRules for selector of Prometheus Instance | +| prometheus.rules.additionalRules | list | `[]` | additional alertrules (no default alertrules are provided) | +| grafana.dashboards.enabled | bool | `false` | | +| grafana.dashboards.labels | object | `{"grafana_dashboard":"1"}` | Extra Labels on ConfigMap for selector of grafana sidecar | +| grafana.dashboards.annotations | object | `{}` | Extra Annotations on ConfigMap additional config in grafana sidecar | + +## Monitoring + +![Grafana Dashboard](grafana_dashboards/dendrite-rev2.png) + +* Works well with [Prometheus Operator](https://prometheus-operator.dev/) ([Helmchart](https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack)) and their setup of [Grafana](https://grafana.com/grafana/), by enabling the following values: +```yaml +dendrite_config: + global: + metrics: + enabled: true + +prometheus: + servicemonitor: + enabled: true + labels: + release: "kube-prometheus-stack" + rules: + enabled: true # will deploy alert rules + labels: + release: "kube-prometheus-stack" +grafana: + dashboards: + enabled: true # will deploy default dashboards +``` +PS: The label `release=kube-prometheus-stack` is setup with the helmchart of the Prometheus Operator. For Grafana Dashboards it may be necessary to enable scanning in the correct namespaces (or ALL), enabled by `sidecar.dashboards.searchNamespace` in [Helmchart of grafana](https://artifacthub.io/packages/helm/grafana/grafana) (which is part of PrometheusOperator, so `grafana.sidecar.dashboards.searchNamespace`) + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) \ No newline at end of file diff --git a/matrix/dendrite.old/README.md.gotmpl b/matrix/dendrite.old/README.md.gotmpl new file mode 100644 index 0000000..9411733 --- /dev/null +++ b/matrix/dendrite.old/README.md.gotmpl @@ -0,0 +1,14 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} +{{ template "chart.badgesSection" . }} +{{ template "chart.description" . }} +{{ template "chart.state" . }} +{{ template "chart.about" . }} +{{ template "chart.dbCreation" . }} +{{ template "chart.appservices" . }} +{{ template "chart.maintainersSection" . }} +{{ template "chart.sourcesSection" . }} +{{ template "chart.requirementsSection" . }} +{{ template "chart.valuesSection" . }} +{{ template "chart.monitoringSection" . }} +{{ template "helm-docs.versionFooter" . }} \ No newline at end of file diff --git a/matrix/dendrite.old/ci/ct-ingress-values.yaml b/matrix/dendrite.old/ci/ct-ingress-values.yaml new file mode 100644 index 0000000..f3f58b5 --- /dev/null +++ b/matrix/dendrite.old/ci/ct-ingress-values.yaml @@ -0,0 +1,18 @@ +--- +postgresql: + enabled: true + primary: + persistence: + size: 1Gi + +dendrite_config: + global: + server_name: "localhost" + +ingress: + enabled: true + +# dashboard is an ConfigMap with labels - it does not harm on testing +grafana: + dashboards: + enabled: true diff --git a/matrix/dendrite.old/ci/ct-postgres-sharedsecret-values.yaml b/matrix/dendrite.old/ci/ct-postgres-sharedsecret-values.yaml new file mode 100644 index 0000000..55e652c --- /dev/null +++ b/matrix/dendrite.old/ci/ct-postgres-sharedsecret-values.yaml @@ -0,0 +1,16 @@ +--- +postgresql: + enabled: true + primary: + persistence: + size: 1Gi + +dendrite_config: + global: + server_name: "localhost" + + client_api: + registration_shared_secret: "d233f2fcb0470845a8e150a20ef594ddbe0b4cf7fe482fb9d5120c198557acbf" # echo "dendrite" | sha256sum + +ingress: + enabled: true diff --git a/matrix/dendrite.old/grafana_dashboards/dendrite-rev2.json b/matrix/dendrite.old/grafana_dashboards/dendrite-rev2.json new file mode 100644 index 0000000..420d8bf --- /dev/null +++ b/matrix/dendrite.old/grafana_dashboards/dendrite-rev2.json @@ -0,0 +1,479 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "Dendrite dashboard from https://github.com/matrix-org/dendrite/", + "editable": true, + "fiscalYearStartMonth": 0, + "gnetId": 13916, + "graphTooltip": 0, + "id": 60, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 4, + "panels": [], + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "refId": "A" + } + ], + "title": "Overview", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of registered users", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 7, + "x": 0, + "y": 1 + }, + "id": 20, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.3.6", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum(dendrite_clientapi_reg_users_total{namespace=~\"$namespace\",service=~\"$service\"}) by (namespace,service)", + "instant": false, + "interval": "", + "legendFormat": "{{namespace}}: {{service}}", + "refId": "A" + } + ], + "title": "Registered Users", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "The number of sync requests that are active right now and are waiting to be woken by a notifier", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 17, + "x": 7, + "y": 1 + }, + "id": 6, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.3.6", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(dendrite_syncapi_active_sync_requests{namespace=~\"$namespace\",service=~\"$service\"}[$__rate_interval]))by (namspace,service)", + "hide": false, + "interval": "", + "legendFormat": "active: {{namspace}} - {{service}}", + "range": true, + "refId": "A" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(dendrite_syncapi_waiting_sync_requests{namespace=~\"$namespace\",service=~\"$service\"}[$__rate_interval]))by (namespace,service)", + "hide": false, + "interval": "", + "legendFormat": "waiting: {{namspace}} - {{service}}", + "range": true, + "refId": "B" + } + ], + "title": "Sync API", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 9 + }, + "id": 8, + "panels": [], + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "refId": "A" + } + ], + "title": "Federation", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Collection of queues for sending transactions to other matrix servers", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 10, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.3.6", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "dendrite_federationapi_destination_queues_running{namespace=~\"$namespace\",service=~\"$service\"}", + "interval": "", + "legendFormat": "Queue Running: {{namespace}}-{{service}}", + "range": true, + "refId": "A" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "dendrite_federationapi_destination_queues_total{namespace=~\"$namespace\",service=~\"$service\"}", + "hide": false, + "interval": "", + "legendFormat": "Queue Total: {{namespace}}-{{service}}", + "range": true, + "refId": "B" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "dendrite_federationapi_destination_queues_backing_off{namespace=~\"$namespace\",service=~\"$service\"}", + "hide": false, + "interval": "", + "legendFormat": "Backing Off: {{namespace}}-{{service}}", + "range": true, + "refId": "C" + } + ], + "title": "Federation Sender Destination", + "type": "timeseries" + } + ], + "refresh": "10s", + "schemaVersion": 37, + "style": "dark", + "tags": [ + "matrix", + "dendrite" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "label": "datasource", + "multi": false, + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": { + "selected": true, + "text": [ + "All" + ], + "value": [ + "$__all" + ] + }, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(dendrite_syncapi_active_sync_requests, namespace)", + "hide": 0, + "includeAll": true, + "multi": true, + "name": "namespace", + "options": [], + "query": { + "query": "label_values(dendrite_syncapi_active_sync_requests, namespace)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(dendrite_syncapi_active_sync_requests{namespace=~\"$namespace\"}, service)", + "hide": 0, + "includeAll": true, + "multi": true, + "name": "service", + "options": [], + "query": { + "query": "label_values(dendrite_syncapi_active_sync_requests{namespace=~\"$namespace\"}, service)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-3h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Dendrite", + "uid": "RoRt1jEGz", + "version": 1, + "weekStart": "" +} diff --git a/matrix/dendrite.old/grafana_dashboards/dendrite-rev2.png b/matrix/dendrite.old/grafana_dashboards/dendrite-rev2.png new file mode 100644 index 0000000000000000000000000000000000000000..179f4b5a187d2f2a61c2743ed93790658e98d8f7 GIT binary patch literal 128391 zcmbSzbySsGyDy4>N-EtTsdP6;i?q@y-QBfNLAp`8n?*NBi8RtkF1owB)}5U1?0wE1 zQiL!9kJy@e(=91 zPGT}DPr-lQPmP1XV?t+14d;(`rp|5#jwT3ZwstlqOio6QCMLE{=622ph^@llNwg17 z5_dE)aJI0srBJc3F+or_F{WT;qmVanq+n-d=b&Ka<7emKXJxJVmG>0^fdWBBLR7^) zWp~c)lZxu~;n6`eM{Iu%&xfriVnn23s92sT6<nBIkb-Bii*$u%BzW4STbb(Ow zf?|5bgK0M3{fI+zda~aHp(mi)w9S)1%uX z#w~NRnn(iM9mdzSQZfA6&{fCcgi$D=<~3TyYF1WmD|C=&-9O*hoZQ*ag!8(-3Hho$ zP@!)jz=w+wh#orqwW6|8v>Prf^PkJI31|#NQA@_n9vPj{wZOq|wrXd_IxS7;&%@hP zUZD^93Vuw}*{N;=Qxl;Im-1^H2oE_vE~@1sm@U^B;AIRa=0zQOIXfrBM#P}iNPOlv zvP0}%JXY6hL|VOfQOCu3I%Q$+)cyrAyLU=V$cnc_EmW$g)6!zrqj1mP`C&aB+Q%$i zruNP!_NB64zi&4cCY~wHET@-R2{KlfxNB7N`a&&)g9_OgR``yXSAr8P^F6cWkjsJs)w zKZ%YVYOW$x{?|RiQm6j^yX)vM-{R;~Pee*e%Cq~D^75#xEHMNzF|m=IGnbhuYuCz3 zcG&KOkQk?mgaozQ9AEmLKyA6_S;)lxAUYL2Jpn#GK0C)ywW~T5}?c zZ3WCm@b2_62JODxq0{+}K$NcQDIec-33m?>D@DY!mHfl`8~7`h z1F@phOvn?Xr(=J!D>y9 zD@?73hMM~OeDn1SvibHaA_PY#r+4p#dwOH(=wH9K?bHh){*hiLGBQ#jA=S0Gx3<^R zT%VI59*7Z@#TU`KIu^sEWq)>@%i;$L&{wron+d21BCByT%re97LPn<2Kn zH#mjgB_<@~SZ%+i{v|oNzHO2N!=p!gL_Q0Beb3{{blyvK6`F2NOAdS|%<8tRIbONu z`mXC}sPK*;vb9wNK`%{JWKdiNg)c5`+j^|fNgWv@sJ$jFEIL3*^+#`Po<19aAuB=s z-Fd_0>1CElM<;r2R@T?*>hDFh&Gt)zfiV~v^v~z#g(alVUUAoAI<3zR96;c#8$%nl zZzIdn)r#5{L=fyV#w}SB-)4^-c6`m>9L~hX6yi*eQ6t)%XEP(KsAzsCD{C;a{HK4CbDwJSW)-=aQPwWxLD^5}G8-?3UmQK_Kqu-;a$z9m?6Q^F-{0S?=07d-3jJM|R2uNq#a(pyU5PeF@IV?NVbwLF?R% zE{+%{2M-U=MkOk^NKH)(p%P1S*>N@gT5c8iz28%e=Sz!iJ_$^w%gE?7cN%Z#6i5(% zeX=+D+r#GW?(Vq5$Lbw*wJxl+yZ+fn@$`V z)2wfm(0aB$BBwn#98&6FL^}#TK<(~ONIHVd78)s`zdnk_6$@zZU6Z-P9nLaOj|h*0T53ZGlH+jy+=B?St`eo<`n?%tlb@sK%K z4}*z*m`1ZHO}8Sa-LP`LQ>JWusq@}Tg-PZm@2hb-m#*IxY|VtM6d3yCBE{Sc8-pel zCOcA~JSElG+5Bkx^tOyAD%L52Ye$Xi`aUg9&v|RMgwRtB#!~uuyHpnjs_WL6-B0V} zOz{=AWO?;|f?;z`cMp%1gN?|@NW115dCSc+Pj4UZqmz?v7_6HQcKQ(tU0zxWPEQvB zy~f?slYh*4$B32S@a(L}c1Jb8L?OQ&lnHRVaU|Q?+Yv=Xe7$|{hIi1_cgqxAe1!y| z*PuX#r>DbBW+wNgeK>DEq$t4}TT}4+-}7$-+Iu#7_jG9QCC??CD8!3I*5)XX@_)1_ zHoh5T8bpn6YC_E+mwnjz;QbJOS=KDCto)gCI%uEluH$Od2~2JaSElOv#GQC~Id;L9 z;vMw$R#2@>^VwTTNu=c3;{2?p6#3-ID$jxEXr4kVU2^7YY5F9`H7lueUyxynXt) z(-3?`q0e~xgaji`zWJG=Vwu|Z(OLuHEHu)FE_J0r78f5MoETT(n`J5-NfU7R2KWa< z!?)VABL&+|3#)>H_rEnZdZluM%@sy2LWt?6c)mN=d$h9UygQtDWJEXVHDFKGFtLi5 zJmA{7vzj+*ok&@-X01j$J#Dr%)+mDP_oc6IhVYSR^OrAv0rvOa%nc0(c0hGxVP@h z`OY9$!N^GS%t8inf3yd4 zlgJ-aR#E9$XCmI5bVK;^MYKPGuSMw{&j}D+k33QpEog8X*qEx|R7eq=FSya`Te3ggGJ_l4 zUiS8<-Y}@$m6IfwY=7QfUmtA86jA_{7@XmD%NoafZ;U@J`u(H1p`W3mL+YsU(TRy| zlMCK$yReOy1O)z2=<3GC(bWcdg{S=9*Mf`w#&m}j+NGVHKydpR7-Bm*5M8d%Z=G1i zO0?Y|8qHrHE^cFENZ_EQ_h*gBVI`_@+LSTMxfsjc7T8# zF|R%A#rzEd=$B$es7ryA!NBt>-oDmBO2~F2HXnl}iL{n|tt4%a}^ z&`vpkz9l6kT?W$;WMqP=X;e*UpCBU}RZSOIi)*HWQ}zM}=l7QmAM3f=!UYm@NBw@%BYfjYgCIv-I{VPfu5ljEE%vpy0Gsi6n*&I1zX%*W4jD_Osdro*@5s28bx5Dqzc_D(Sm?GDh0E(fJbH^xWcYR_{ zcE3A|w@Q_uRZRObZEd{Lb%uktj!g^;{DO#bvU5YeUMC%sA{x55sC0k3(Ymz1-&VVq zEF_b&vTLzd6=y zZ*PwsdA7m_5e$!siLugpKO$U=Xkb8k=q?BTY!)=eo@DsL~8r0=9uYI$H`MDH+pBP)+c0wUf z!Hc;ItmHcDjLOQ#lFA7}Ud#`?qrqv~`)&aL`*)m?d^g`b`D9JIh1uEJM1B+6?#O%x zPMXA&6epJ%@5>P{M$Ky`OrcZluYO`4S7k%Wdae#i3;Av$X}=i#JGy2Evegv$m0f!s zaPMfk`}1Tgt=O-wJW@)?%=MwgO<_jeqwnNpMay_tGvE~aO-8~C-Zx0#2_=7FGvKg3 zv&Q!aXv?r-abu@D=!Fp=B#5Eozca;ArU17#tx8m_gLbO)Xw18?x4*Vn$5COV@&!VaK6nq->|u!KI!}O2T*zEz0q*6iM`JTHb5mH zD^dINy_aK?j7-$P;1R+Lp;y6SL55owp~E|8gN%BqYJu89E6$&tHYznMPqjDTHCjxN z7Kkd>$M>Z=L1S|RsSR#}-RA5D!#i6e&2#`ySvGRYOHu~F!zx%K6VdYUS7V$A^94gkDp%@--j7N zEOmRRj1!Mz#Fo4TE>I%!UCZ@))y{l#&$z0hwYA-c4>49ucF3Efxy0Pb;T&cP`jbwa zDk{ckV2!?iUq!A_l#!t|Sk=hNno(dihJR^xiMzZz^|>pglExgXv-8c$_N;K(F@66h zNf@CC!0V0HK#btB6Sr_EB{eTj)wG1E3)YZrozrp$+fV0xsSO2PUN>e`fPD88e0Ye$ z5C?dR|kBXw0C?CkB-(Z zT5qtCkdOqgr|t$5BWkSFk5qe!eYdWMg@Q#kgodh`T+r z8>%wuR?FDF*;?N2D~L8C;O9&`+nK}yo!q8wUKDgGOc6(x++02KLbSBjlr7Q%dV~DYHaDba18gl&Hnwz1pP})j0&v!MNZg|UC@Md;wkT9Rz zS0`Mp$msGg`gBL&^Bu}L_omPGR3Wwv9%o+pWI|4cVlRuUS3m^z6n3#$iaD0}lpUM{^j;E|Y_<9)$ zmY&@~*|}9GLoL=$P#W1NXK+7DYY>s z!GN1=i^aDzy}t~#ETC;KZA0^mi*b?%0>BY>oAY2PEiFxHjS2-M3Gur71<_2}H+`S? z$_{L{!2D$$u-r`@B+n+705(aLh5;a+8V>Azs z4b7%iVnF2p0%*9K5FjMs2?HAw3vVWkY|bktE^WELE0Ns;S+~(28;77Dh>gK}UGvkq zjnft(Vds2vV<{w%HgCjI38!W-CN0S-Kgom(U@caHS&fSo%a};&rKSD0<_qCp{th4C zDJqs!6&DIqwoy`t5y{@1?}2(!adPfpM2AH@7U&mvF3Xw|okT-WX}C7ZkCbcqxBoM_ zK-wTsbHeA9+~i9KOsVc-NKJ{_$5n?4Khp8K+l$;?V`Lb04-O(K*V)b;ogbU7^_fiV zVVGH3pyT7KU!M`bQyAoP-JR943LiUKu~1R@K9=p}e^Q%-)3_MLx?uyh0ZYqef_yTB zy45po*0RR13g+N+LBYw{KTQt$7Eqf*8yitP#yNO^Y6GxL&`|4T58=~7Pc&40=3D=G zJ@4@QJCyO~0oHRr3ny-DxRZMagrrqe(9+UCX~kPyUVcAWx`czXT4g%Wr_~nH-;Wk1 zMFn={APgL_kh(ga1?Fq$#0M%MZKpLi5^$J4o@@8|`#j)#e0;Pw^;QxhWk?pQ&9*#= zK-xMZnp?9ayE+i-faJ_-$%u=K>wUFGS99&L-fuCe&#PE>NM_DSWQH|lUTnNUBg?q! zDu8l+U;-qqYP*FOpD{@JmjUmJ+?fQtoXaLsk5)`yQ?s|N<8IRXI5>DqGG9UW(%|e^ ztFR7qES8qrgv(21>M*j&#ZNtn{b&=#x}DX9JjyCMzd~7rWj#ILr)HVsg?emGO8%etMG%caZM)`>Ec)B?3K3R|QBGm_EtN2QIa@2; z#MTyr+~@RUDoy#R!yZs$t;X|y&i>q$4Tb6@4Vc%#w(v68U!RZ4B!m(^Z59weNE)>a zwcseNy`NdKFZUY402^J?N_$}9CEf&?y1Gzs;CbwK6|Q7LT+JV&trjPdphgpiOZ}-X zCJ!3$d$Qm`zLu4drwX{VePUf)&gxz&2Q)=oRaI^s>QoPuc)*qc&8~2r zdjrHj0C6j(Z3Yiw=WJWIF9!^394QY3!HowE%%~#4funw0GX_!^6Z4XN$kdQKxg2Km zJuVLHm#29ML^J<^bycEx0fNor}IX$G)=H zTC9v`IMYX3AzirloK%}P#rx@)i|Mzws>sLJ;XCgLxZ?P#HjeL(4}u~>OzdavBS;m^ z)}Vm8lAvd*=@0$&#`u`uUvIe73$S&$xx@ISo-&TNw|B4AuK=V0nKB+M?6FYbDR9!$ z+ZW#6dNbm22&)%(jium7K0+cnPd7CZfWq}$$Qlv~$;H&vXs?hwyl;C^3ZOHKR{7X; zkySP~rU7VVgJ9zvwQsM51t|hLsQ(gk&uomg*Wb3-^jSbo9$E9Qnjsf?ZKvUSBh5k< z)CGkFBQSgZD<8T+0kiWpxcJSnd~)%?E&)HxY^eyzqVWo!ZZ#Z9(d@$1Z_8lKA|qM$ zW{@hKduKe!;iLUOfSbi?HDNO=bfG6j7iM&Id;n-Rs${2R&8uV}pfc)QzHa?_Au8++ z=WyMh?b;q^03AzALBX|Ta;9tn0b&2AlQ3|_TIYqq?V7yym1hc*9oOmDt{&ft$Y0sJa?n0wpKfB+;UB6RCMFRd%w2NbGCFhI^0TJ5xsvJ-vUW^ z)0rQ%<$Q%y^NP7ArCmxw4i{r<{8Z9mt`Vqz`rhv}5I_yt6AzCpuTg9CDtsQuCTKRH zonNz5B0m-(`aLwlN*5}>l>o<`0Vjla@GnrTDUD zh2xgV!N-l`VFPJpDD=kNQ_aM6O}Adjs`!UPo@Gq;(8aN6-XFHRRTmprOJeX!{sZ;J zk)&i0h#k=8=I*W33v3q!wnv8LMf%kVBwWvqg5iddL7l0{&3m525^}(`Fow%8-$ZHg zPZl6vw<5z_{?kYXk5Y}Ffls4tO>qRNKs2i(BT#_C2QeyOdj#Q9r==wyPeD=ooZa%d z>BHRxbcl|ICb6J^;FXsYHt|?8&awYG#)K z-lXL^qsQ)2G~FC_4?rgtwXk?C9YK9G4OLYD_IDSr((6K@kGX1pZ>pkNs+Hxr zY8!b`=S&89h`NjOSx#Mz8zQXZ)=~=8MeQ3-&yhFg&DleqB4>zZk$%O z$bQ6B%h*rrjosK#RAtRw59Zq%{-jiC$13C-0Y!m+O$~3q1K>eu zrod&94sI49yE`xNt%2--j`R%)xFZms1*)2vz3Il->QkJ@fT`v>)omL>b+5LQhlq3( zy9Nf(d3Z2^iIGwT+i)B-;7$g_-Fcua)0Dmaj81@iBCLq{0>a$|Y(mhpUH}yfxC3Lr zg|cll!C+AL8LC(bCs&-@I9!tGH|4;llUwTOH7eGacKm|%`Ri9f(A~Dk=COgbBxOW1 zJuZ8|BAq`r((I*pe0)-xFg^CcGDN7caeS_D%@R0|3(R^`mXZ!OYQz|U&4bKITpP(r z#YgXrXaI)#?z;CFT$+TOGa~@-*z+YQ`aUNfeuxjkY>76HL2)s)Fa!rQ_PS{x^#j~& zkU6Q2UCqY@(4v_H4sf9>`g*M){T73bG1OuLwX}x$dTw?Ocm{Oz z^p{CrDY--&Q1J(=eBoqLVFdC3nVlYpJZ+x;MVEdHB-RghcP|6yB03E-K^lSQ{%De6 zFl3S!Y*oonyh`&CF|f>Rj;jQ=jb|8;iw^SMenD~1>&`Vs=}5Bm&5`z|tBE2B2?=(v zsX^1(2%m%xh+{6uT39^m>{R8V1k!iEW`5S|DN{w_aoxJ-AkA&ns0A#@Grxg%D1?d!UUB$&=JPRPEA%Mo2=PEB_arUSw zt)w^J^{F*}2XM6rxveFdBYhXj$g;!(BLt5+?08dV zo!g480X!`?Xy>PuPwF~8@O=V(wE{F7V9%TMM7g)JFq#4CGNhA`%>PV+E96~!8prDLazT|h^4U@`t(c9#vZlq}Pys}YK zGmSl$$sWm=B<=yN$v~OXwULyCv z1z$;Ifb*xy#o^Pg$mIUgIaul+HGttbi3VJd7@t3X&YC>n|1IFb@CRx+6gmo&J_L4- zq7Y@R58ygKUdlmfGyp#>X zqCKxxjZ*c1E!B+<-dsD?L+$`rcM__qKV49}m+X1f=>fX>)!iL`Mm+J5NC7g>?e)F% zQ`DW$`GItu@qdw;hyvU7YQ7x=JBNgX%ve)Af%dUINNwRQ3t?M4fEo>%ZYtXhsJ$IG z=RDrPzn4&(=sx!MMjkmF@O?b`7NWobxgzN_c@H$fH9L1TR$*$>$2LJ^R4}6WLO9n^BN{{=7R(79j zMm?`Rng_vQpvu;4a(~Zyp(Xb^!{d8(H4aE`1p%T8q~y`j_fx)~SRNYTb+x8E5gJ=E z6A->1aDVfB&BV{G>lC5nU_cRRf2xN*5&!ADB?Y1oaLC30?UiT|v`^?{UtAdnunsDq zD1{~b{{5KWWn0YN{$1=iO`+yC4%vLR3|SearDc~~I(LzbAEgr4W)H7Z2&H&{zN_id zW$-Cxl8{jY+5sf6BW$+ocEd766stVC+04P0a_H z5eogFtUT!d>>~k)5TTHzs9P0@Qu-gBpD#@$Z`cDy@Suhx;7rO6-h^P7Yr}Tbw%0_2DKhQ^OtAH=NXSe*IiT*7lfC)nXB zH5v6UoQ3S9lDy}C3vLnE$vr~p;_ofT9fN@As0x^_!$h(X$rKtcg&u|F|yVX!*q1%8!06W1O+$eysX3xBCH8`7!hiU2tQsugV3 z#IX1ho5@k&r+Zv^`1|`WZ$rzf+D*_Ul{XiBu`(&+O^JAUzdL^plVVc0(*l>DuRXah zm+XlR46*jHu~-Gt#;91YL60VI{v}R>B+4e8Hit!l{&RSGm{VE#o3D3TqeNHZ`aNio zpwz%WyE^aB<|>PN0?9~21LeJJvai=AFoZrM0%@kNFSP3ROm|g_ab3$M$&q{I_DTnM zGNX-dBG%l*z~X9H#*+sQu?>vdX-Mee1b%<|7<99t!FSn!bt(!TaRy?NF9S4&K*32J z22_Viw*%%{>%tjV8C6w&l}Stbf|fEU6!<^6PVuGGbaZ?yeE|Fj&$mqNxo+&t*H{rJ zCK8@*j|T$VnKyn0q>X_8lE`ktZ`XPkDK*5Z!D#w`Wtu!Lj(VtCS4x0WHm{&$@VB4> z1Y#y;;tp4PjaJumKWz@bkW1nH;j#m<&*Q)#6AbfOpBvJLUkeh-tI&7>akytt_|N^_ zB)3NWcOd41Qz8Z|Q#u7Qv$O3VZ^tj}Izw`SN%0wIx6x+lK7E8GE>2Dx^H;6Nl1qDa z3+8`MQiXj&zzKa&vDOEOr|azSF#-{Jc-->j(j3lE>K_9Mf4~&jfHi7gV5_U*IXNVh z?CeP}+s3i0R27_Wdd=6YW`lylmx~LNg73C)Vfdf1=_0bn8h|Dn2iyhg`KB}=fyQ{( zL+x$d-Q7kbb+s#2y2>>et*0x$Flk#(((rj-VqM&CV<2~*$VrMYV#{dUHnw zG$anAt^vWr9qERvb=cLR_-p7J{{necRnGYSob>*>Wi3^V=S8}*+Nc44aZ*{z=*u|t zpwr8L|NLo`M-tC~*83=Z!s2V-OBkR9N)AX4fDjNhse*Iu$?0iUaq;)rS(5%ZsErcr zJu5H+jSY>iSv^nPL9|TOuht|yVqfyJZ{zmz@njqm7ARVS#-RhIE4$Mi*0ZNn?ST>0 zw0S(ZKX7yMNHe|M6?JsafFK0aVT~5UXNcFBhJSFM30CZRwe^zR7*ul|vh^$Jv@{+1n*I#MA|0>Al(7-0vd;xF@J zYH;#kwRWz0JS6fmv|#Jm>Nau!Zx^KZ9BDaLpfw{T7y=AxOeULAFHZM(5b#q`0sY>c zY8Y>@Ibe|lEzWA9#Q1l8?<}7gS#q5%H4ROJ8rz3d1!-erG;o4Jf+s~J-LK)1<{?v? zX_W)31Nld~A>-}ugp4=$jh=O~>Nwv3vXD3}NM-v}2h-*v_yEET+guDFGV;_983Vk= zk@m#7#Kr@YcE5dm{0C5K*&Y4cP#>jyW1yxASv_pJoEu-NOdwr;ST{5uL&p>o869LcQv+NHI8) zyc3uPK|r_zln8(TAQ~x{b0%q_q%JQT0?+fcp4Z)iV8x;Zh(Joc?^FKy%`M-ptOcy7 ztfa{pquJI}1xK^j*_t2by^lPKAG7Z7t34xMkXXFEyW1KwLttiR2G9L-G9;qQFjWh@ z`Z!=hBy!j-E!e>$AFw$)@dGabQ7Z37bA#;kR$who>cJU&J(h6wJdX~j>BzIn3!>^p z#mkD`y-^{32Q(_lbm6409!3=7&9;6Ilrmy}`*8^0F)qGe9fb83! zdPX0oYP?XoBXT(aTpu0#m>Ru`PCVf-nR)_LKr4m|rKd+uQHRyAapD@**lB;M@rU!n{xX!b^bC^jys1Fz+uEn(NHW%=kiE?niTTb3te;f%}Y>HY{20cTWXK zdF29|+pjGgZ2kwatk-z;_KM^&q8}lbC7MX7{unKD*T)YL!xiFYo}K3g&c8Ldt##DR z%m{%d4JB_e8<_b4QW9Omlt)Z6-HOnvr#nuon+6diLf+G@$#S%yYW!Mf8mL-&s|^%P zzz*<)sGw>Az%CtaRM&t0`~=j}<%k?1&r@p9w*X&wSUlI{RM4uUyjrfT9^WtfQ3|+P zFD(UHb{&@84o-#TtDvxeNR(zrpM6ZddGfVRgx`Kbo={n+x)n#P#=c6ziNl zvYIS~x?s&z7%`xxU7~a3E%axIif_&feFaAH(bmU(c`8AeaV9 zF+kT8OibVK^}PeS@dZ`QGF+Bd9q<@0(Rl`%eu(-7fO712dn@>WG1W?SCa8bZXTBNh zFlOg+C!R_NVz|Nf-$Y}D;H$P4uapg)AsWt(NG?k|>nfovN@$YE=GdH4c!>xgvT zE`ful-qJaN(n3rWjNPSavviP|-N1hFLPk@Q&uXHW`e+!E=Cht_<=Ib^?t4TDylgab z;jf#UdV?^<6yB~CR7m^ZLJqA$`ga`ZIXe*q*G$iOs{I$pV^d7TR)pMe=E407s` zB3GX~I_~-tg(B_bVZlW9;ptFEf`Ue0U|vJnFGO5SwrJj7-8Mw(o*jc zt=3B#e=H^@A)#-8v)QI`!5WBloK+YNC=F_6JX8+)U+|dI`=Ov0%|x#`kKyvSk^!Ya zHlE24SiLVqym9bC31fSEK>d=Dk*B1f_zd3UK~$J60~8vzCoMx z@w_nGPd$;53)oIW_CghkRsy*gW;!%%$JWW&2u{KGWC0wNkwKA> zRdg^tx8fx7JP*sVOMmnP<(ra@&g!hn+iH2xy#_yR_#efB3@gwR|2|(Oxq4@Gw{!uItT3XBNlpE>7V{WN*_H|9o33zjDFE9+ zo{tP`9c#d?KR%My2hvT$%3!kA?G^l}O8^|J;~kXs z@#L3uT52F=FzrNe{s$2^=47Mpv9iVm5Mlj} zr{8S)Ils=$ueQGRZ+Rvah$VNFd=X#*GAUqvnym&lCA&RE4sI7Y8IQ0@(eJ__ePBBR zZv%r|SR#H(Jn)aVP47HBJu@>7d(Gg@dHlX1 zS)b}=i04{Od(nEq2mllce7MZPg_uZ{JwXS6y}(q?1GlqQH3i1ukX<8^0i+a1a%sPz zbvcwpq|36o-n9n!n;?1?n>K%2L%x0TTmK%jX#CBWDDGD@Yfpzn;L@PK^|JI7RaFDt zJO{+be4vU!rNlKgVZ0CJM)+n|oSj{P4W5Sb^r?9_$Xi@31j3`=24S_nef?Vc-Bqtm z{6u^Vp<({T6(5RxFS-l`K8y|(e}lhnl+H?eQsRGT70ApjXYlrGh?L=eyh?ndnd#9 zUd!`2C>~lRabLfBvvVZ3P?VZ`0>VTIm@3%DF88MF$y3!HKA|X4$ut}i)$$Gw;vP#w zW#wi=3f$HjvJeOvsesG+g!Vo#cEdK(;Z)$o7JIhODgEoe=vqyPT3H28kFHP5CQ>qG z(y)vBo7>v(IW5II7F!h^*jZTw_eZV&&0`mrfK_{4V9a}5Fg;{r!LU*0hr?nqCAlctWjI4-#s_o565a%5;-wSEhyTa@;EcfnlrVE z?S>$zs)C@Fug>K4RZTnaHDIh|}H8DZAv}Gq8*>VPxU$rMh{`C^c z0tyHjoW~mZ*(IhaH3JuQxSY#V7RALK1MS&wHfOsclA&22rhgr*=YB7p%T8TTl2lg0 z0ZEL|al_1Viq>rjx`)LX5wq-~5}^wxWGS?S$@aVOlBj<9f@~R@uAHs!2d%9+YQnOa zAG*_^+qUelsA3|!$vo=2Q5yh>XZA$gCnFn}BmegWL8jx2 zP;Suc{E`E4e*e!T=8#tQD`FrS=!?MDw?qHuO9>mP|J?;6 z-hcHM;H+9DwQX+YS|z|n;53T=_otLekx8tMXl@HGEa(GR4!k7wKev+`wErFV#2OGs z0@mBhNTFj1zsIitp)OGXTm7GpK03*GXyL+E3?D?`8g#d?XPd^ z32m=*44CVB9cwn+;uBajFQfdw2T{}MTn2X=fKu}0)55*b>iTN6MB#W!Nvmv~igWI*`hov7g9-vbjdSzVkz3HomF?}2 ztoe5v`2QJVHEC}30DB17q)@1+^6CXcY0lOVIas2Op+q%R)t8v0t2I1&wuikVrZp2@ zjZ#ID;{^$Fd3n3p1$p$(0aYJO*O3El`4ct z*;CxfeW}~KpFiutz>27hOs|VbTox2~q;jplE($4iPD{`3*PEMt=-<5QFfHtohGV-P#ca^7t5@@a zpH=SoHc0-+pSx#4c$N<)jkzN8vO{gY9>k}p~Gz)OFAd{VBJtM*SdeM$+LFC{<&W*YrlWrLO{ zV*j&eLzV1U0X0-n_3O0GtIm0vJTNf|!mj^Zh&kS15+xMc21e*WvzOh zePJ^%%hJ+ykalTg zT&>gT46k0r42fvVS<4-m`Z7N(M73ba;|zKN28MDiMh(VwwP}7HYC}$lLGwGVzx|z_Qs?32WmM6_ z&g@`x)e66O48}KaufKQzq*i>!ld2F3CN9BfH9`saO8;%iLUTO?DkZzoQujg6Ic|1E zTf0%fX5#Kbs3VM!XR<+8l?&`U$jPvG1i7N!u+i&~hoA(Q7YpC^1GA;9<)lFQ0GW>B zi6X^Q^BUDwD&4b#O-G;{m^{9P9c>z2AYze{{sEJz8@ci6*~P`x%6B+mbtV3c#HoMJ zd_(kxLCfvWY!ulu|L%dcjx?51A~aY;LrSO^SjY%aEr&sAp!Y#xrZB}hD$)u0SqTF{41Bt9b2~m$*ySxRkAAb0k&d_TB;1VKAveTUdyW z+QQiZMnC>OPjL6R0;&yh$vKp3`=R@egsjTV<=`mc*jIa-${T^PDl=|Lsjk=e2k`q} zBJ=KnDCFK@DC8;9LutwgoT&l-WC3PDxK-cxgb&=ZS1WSJq4>T?Zvk8aA}aDd}r5<_uTL1B-=Rxjp2kKM$rhIzEWWN7Cf>KRx4w!1yty z@FjuBZF$Pw&4tRv&<`-zjD-y&P9E=@ut}b(5NG}>@rQ_?I<2zu1LW2L{q7pG;}a`z zGp1+et~-@+aJz9MHo8Vpt*?y9;`(CncE@W@j*cEgDlk|ae*0B$qEuJX(-V4fpeS^O zrd?}mxG@;oU9Eq&%>#t4hve4=n*&Jc`G2d;2hs{q49eY))Q!{syfXN!f!vASW?55V zI`AHhJTzJB18khgy+@k{KS>9LF5V`e{y8?SoXO&6Q7{Ws;W-fE36qqNU~~A5BPb{c z=A+b07`p}b6Qtt@N%pJyUR*3T=1J5WQZc(X8gDCjBqWet71FT;Q zSe}qVe(VDL@|(YZDlS>$Lmg!q_}%~Dd+Yz z&LghU{7VVsUMu0HUwLIu3&#Q!E{2dPYIoi}&Q7Yb-1pPC%{HH1A$&!ACi*CXmeKU) zfW@e8Ez8{buZ;^GTWY}a8o8wHjIHb475^5>#8>DtsYWQRP&&=4p8~dK&rs@oy7yb> zJ2eeEcd_5Y9f+sSVWGRaJSdXcYZ35WIwp(PMH`rF0owU5#_P$!vlW{s+)gewBBMO) zsn7*5G7WA5+1!z$JU)@ae0>wY_WOJm`?Pw-xy2U{^>eR$EjPN}kUwz6_xGM_oNpyF zVjWCg$`o0?%q{}dEDDM!*FF9Z7e75UP*Hn(dmm+-q3;ohK%RrpbMK#_T(3I4S?{ru zuyocC@xTuV=ED>LKtjTvY#`RuBz%}HJfD^Ue1158NFF2sGsbp2oO|rEURkl45{sz^&-#Zn0JhF)<;pY9_(`LWj z_!%u7Q`%l@v&7&CDM3Hvl(gadY_;wtn(51;ac`4!SmR-%0g(F5@dw9k{<* zLSNpz{Y8S&4VRd5Asr@c;;p|!alJiy&Mf_csN_okX`oWsnNY&rs~-8e-UtyrnjNLB z1x>T+;dv+0Di~`B^O!?i*yVg}w#rk63 z&~spjyY4M8US2z0pEg8maaqNBcZu({ny@FbCO7vC47{$I1ra+C0iV-z9J#3{X}W!7 z{?~;%I{YSUWb>V@*8AJ#NqYWhjPH=RTA>%1q`a72_sI$NXr8x)zB) zr2n36-_^P1FMJmIi1j95q+sWrrJgSb6eig>Q6{5v^&(N( z!wr+|jau*JQu(99lP3^!+vzX%nP5g)4%xJ63o{>EgGbPfz()UV$^ia(1h!_c3!}BZ zHHmJ{R~%HSi;GyE7u((b!Qh{}*vYG!0UoR$@|+~_9C~|keL?hziApLgQ~E*}xPf3= z`40o!2Q{>_vENm<@!YuMV>X}tClMN&PBgFG*GW89y#fdKm>?bJ+^%70xLxJ4Lv-pX zB;@5v!(2)Xx?BIfHLcP$q3_NBX1PWa5S++uW@i9m37yB3j?A^gQApx zhyqG?gNlHXBHbVFiJiT#t+RdS zUi(~VXquEJ{QNM_=xg0h(Fq{kiEI?rt1-A8Xcx4KMy= z^sWXq3UNmDRBjx*Y+f@zw&(m6JNbOiJq%?VKQvwGDvCGer&rU~fw+=ZN!^-g^))kn z)-%MyR~F2g{A;luaZh(w)sUxXuho09y(ZS(5W4pbd5D`q*`w$dfL{!M7f-t<`1%J= zlfx8~?mVL5`<2*=Mm-F&7CRqECQzIau~f5uV(S*Z9`MH#Us(Nzu#S#Lf{P`L>xr~; zr24{0*IgeR(ym-Nk+-w9siY#8?`lsLr7UYtxX&-Hp_E@;N|+3@M#3AkVJpzFy8l6> zrL8X|`%;Q#AokjF@kh$vQ7Gp`;0wFPQV5hf9U@6`uzR-0(~LQleIH4@d!@X?UNipF{Yquj}JB$~a%S*A#LTpS})- z#gv4HGhq)`xiecvg|&*iq2A0Mz=|sN3JU*aydjXO%)mc>Kqy-k@e4a4Df52(p=ZWz zk`bbhkvvzv{7g4))g3Dx=3azDT<-hXKofPDhLWdIM)RbIRxZ>z4yG&ESEFa{3EO;s z<}hwsZNgk-!+1&R_d<#=1aCB&#ZVPk)Tye0f`H_YVSgGfXDB>OHjQw`uN z1yKlmW2uV^OrbX%O@qnZOK;2|S7#F2r7r%QPTNJ-KLvFcUJWz4aGRc793`SIj})`G zIZri~@6deTJ?CwfbMyhSoAr^_kv@C$6G4mx9T6OrjRRy&Uj9w-RX0K6^cw4l&$sGR z{WqoIwf;xg7Ej~vdZPS{iqmb%@MKf}yp5S9VXb$UEEsQUdaYGjP0m`67NzSJ!(oab zQE()e4o-vap{UiNMCyQkryNc7Gh!4RZB%+P+|qMJ^OJYxmwJMiGlg((V`lb}uuR=7 zz1$U)u#dE_JJ>CFc2Rm%%(3lJe(!4hV0?j5uT6qyj$62AE)6IZ#{CCKd4zo}~ ziXd5u2T8FN$ulkuNZ^`woH_0VFmAHFVblkwtNmmHj7ig3?o=*u_?=Cqo;g(9Nk zF&z&W^-$6?TPJ|+c<@7ot=7@OT|w6y)*OyvrbiZ z^R3T{ilnY&VRWXkQEU9Ys79&9SkTx;^M-vGBrhPu1vMsjYy^zY!sK5p47?~RrI(j~ z=Q2}fe?P7DU78jPn?d$lB@CxRRl2v%;=Y78`fFoaZ7SQ)toFhZ)yXN{Y8P4>!$pSI z;GPm(3SN%h-L(Ol^@okoKxp#y^}UG}a=D@7Ayg;L5^>dSR9s}U!0sc&jaD^LUz$fw zDqznpFVE#19BvY4iQvy0|{Y zn|O`Rg9hyZ8FC#OSuUu=rC0&)?-Y=H)~r3~A%rINRAxLMvBYlJ{yf(y>tTM(GsQXb zcf&J;x0I!qh9@H!uN?35dy-D|+)%X*ou!(*8Ro!BmY48lG>@<3LIO@_Ny&o&8G}?| z$l6NESFW2oy)!?z=d_H9e<5{0&+1HPWhK*y^WX7m%I3jH4ab z%Ky~SllRc#yVUy)@}I;D)(>n&$l_-@gcRyJ-FPLj)bCbdU zLfAX;Qkx_2S}bu=?{enA`rSX|jfE~J0#WDH;g|W9{()=F*-Gsog=IWmPI$Gd$N$K% zZi(!@;03R}Z+v{!tdQuhqT*tDX6EMZp@Q+0eG%0Se^c%I-`u1?(zVE@|LtrY?#n2a+sxS$}R zx>~T*azfJHo*TOF{r!qDobR5;4(9mrY;R~UxDg;O^{jaX-BQh$`%T@(g(_OgU&aEzRr?vn zLgx^f9FEuD-CB!<=YI3E#A{3fD@PR zS=m2!JnKnv=M213Rr+DBr$-HGkL}5oP*6OcZ-z_ph9C+I!{>gWIpNQa351rYTB@O%AYW1kL?gVnde|UU&O}3 zlEue2?XA8eL-gX2KsjSK)VNxL%tMbOng0NoGN7QSXN;#;n+N!$e{055id9FaaW@c$g?!yPh zy33;T+=C^o)+mPyR+1n=fy346|9#%dwd{cro5OH*qk)Q@`&8J7nQ?tZxsOW17wS+uw3R55K;95MDUTRt4I;V?t zW52o7mOzz3Ii6HPhdHgL;yk5Lnq%J7viMYK!sH+$R7SqUWM6zd6pS^rDAW^Ol7Y37YrDQs2xly`q%LCcDt3T`Z;}c(3EFD+1 zm=`Qiv31Lk*>+B}me#Gg5e0`lq8j&OVhMJ(*h*dKWJ#!ceO-rPU;|BQ0T7~>GMaCU zw07EjI~R&KfAgfFqH>YlCO<;wN~tP74-@#C*FCMo@7lakgqZ#D_`92^+U`szkx@Fq z#5?+6mmuMa%k`}S@l?@X($^ERie-W4`$A9yt4E*OBJAVOco|+b_^_!mPL8{Diz5FS z4%(SaoumN4`c(O9MZV#?;0mZAg*C2ORlD}uXloBYU{P3XBt>1n+L}Jx%0$fCn`%u_!PWUHM}*IX2DV{QYVT_IO*DFw z16swhJ%gY4w^ZC-4AuuHyk%}#Xlt0Ysrb%j%Rl8__R-JprTQ=P&XRXlFe$b7U0`c{ zhB8VrDqrX|k@tW{0e!LSUP=#}PI}g*wiR(-2(IU< zc=6zTIwqz&^c$CBIYYts_-tU0GrgrXyNZIs@^PWjZS@SMGoG#%dDqV$ z{b&=``qQ~hrnQpjUC%aD;0`XbU9txup5@-u&?VHGM(yV&s^2q$plvC=Xp48P`gM)V zL@Q*a32J}349^ak#;sd~G$CN&-J`D&H{~2o9?%8qSJQ&nwucvHQw)Ns;v{# zA)mvOJU}YNpg@GYfk!*7Qjfywkm&}`iEgLVBN2UksQg?8-NfO#fQ5$<3bEd0)sqo7 zUa8!2ExcWh!#5dCPfZ*5pQrZ5+YS;BY`oo22}P{6>8u`aFi98U{v zX{Q7bed%@9TQ&IB^R3kGCkqnYI6T?e>FeIo~7S*%Wd}%&a7%@Gqo8WB9DL%JC ziB{p{H14!iLlR6Y9IthHqgdaUS2m9Ri}hIc->&om#AVmYK4}FJ?}gjIO83{W^v@W$ z8kg3k=e(cnJ*P6d6+EWx`5--6A7c#-y0$jF)57q8}FSDG+C)e}U)WSFGctgqO2Uv+>IExwIhktaYow5I$c?oh zX(5Rs4}U5T`Q4C4?eOkWos3%~199aTOS6oRU!-!(((~0PQv?d~J!X#h`SU%0$yQ@p zn|`;t1Mpk%($@7`zx2(2ABaX+E~xJ6G}=3Tg9ZiAP&`#o#@yqvo}Twz5h~_9qS%V| zhuo4Z4^J$Ij_E{hy|fz3REe+rK!EJX(P#g{?8*310$1WKQbcjd=C|h`Zm`%O?7tQ* zn2j@IR7KXvOx7w%l0(FJW^S%e>1wjgmw^y^L~YFjEr=jD z`&%s1@qSRY^dshOV)9Y^RIA#w^1*S6v!460-Pa!W3i=&mr4)|#9WS(aID2x2rE$3z4VLr)J{{q>FJ3q>AY9&F@TB^g z^mzY?6V0?F&RGY5ksUef*K=;$llr^0i=SNnx2T!h9QFZ(wx2j*T`5ImlJ5p@y?6aJ! zQ|2=-^vZR+-dy<1oEEZ_>FU+X!>a2ruJe0rYql_14$k4vcL--AH~t2W>$3owRh;Ex z9M7DIw6?VworUCaW>Rfr(L8>~Qy}Z|^_l0U(aewtFdm1?JXp3owj-BhW`C`}I7GE) z@xU;XefLdP!de)hQqjTWzQz~{`^(Q0krJ;v?-Iqoq=UW=B!LQV+Zz@bshv9Mh!*2y zw=1j~mJB~r!}S;TbJs0E)&T8^#O=F#OF{u)z0Z*UnVmE&t&hwWGfU5n3$L~^A;5;Sx?}giJgApLKowLMDlA?X<&zFxUOYqLpEs32XO)6t9Vx>bdtvWYoR@gfb3Rtyyw<} zKV3pIsI%EF;R#ILVwq;ep#yT|&Hh zXYUDe*8Obb9S$jbT!n2d=r5uT=4oirS}DoP6Q+ve8ZYJnm6_0=2rTX9bS1g6@7pBOdfPw#m)#)!U$O7msc53-$BPHLyb1co7TK|*A=D(11 zG_X)gHF=!vW%=`lCt{l(2@@vgj(;^LGbD=&J^L7zy6 z4)cFHhl5Ox0jb7<<=U9pb4O)GA#$m`x}}a0(Wh1XY$QQ(ts(-?>>M2*f)Jnbv%q}H zbdK*8e~m_!1+TnQ=+kSSvmm~tXWQppEh4)|OF5>_|5_(#-XIJ9A$>`Qy!~&YR0t3} z*Hi#F>YkLg_>N&h@+;(TgV6uMmjvqPerA%Eqs+?PRO$nr$iy6eqFJA2{J(if*?0cS zkRe6=zkL?||NUqnL45%CKOf=Op8dv?I(rp(LC1g7(<-%$nQSZKmP;z1m;`6S=<%kF zFveA6`@#$PaLF7w#oS6a4?A@V=BVQASZj;d?fB}Ins}T6nhs4TS?g=Q$UlZFr(fWG z2ExD1JQ5>E>e+QMd6*&RGgAUAMp#&w=nk>UvxdfnA44njkF%=les!8Qn6Rf*Dt#%~ zOqZ9bt1}AozwPZE@g{0)$;DF%MMOjb%$19ZIq07hwY{dX?u8o8sF)ZUp6KZ4z@$bY zQ^EUp?Nii2dk}~OUn8PrAzOX&jp3CdUfEdifVy9&X;XK1BIruNU6}3*+eWkg;lH~l z8`Msof9-toiNLxoGZVNg@&?6k3sti#`CyxMJ^R=2A@lCOGlkPh1<=!?!UH6=-I<+h zKK#D>+>aspU-GX!6HMa;1ez;N;K<_=5s%2yF5Q9UPXDI!4*5V7Z(}jPihRQC+1DN2 z@djw4D(wGu1&-=eu$?h6+IA{|?W`eWqAz(3Pj~qh$X~fDrjvz@tt!;?ba;^B|BT>ar|d_O;@tlNc-|FBqm+wuALs%ME`5ZKuGu% zhtib_Mpg-D^k$H6F;Fl?0D35Y{uGRJ1Ec%j*AMYO5-cjsmM{R~{q#>xf3{jx$0_`&!RbW-yDD<95F zOdi9VCR-)OqLA>-s?o|h`-8NDQ>g-x_vo*+?Y|6GJMG==C#&sLB!b7nkdmNKQzxHq zU%Yicv%Aheu_7-6q&B^kZ(N*~t~JJLTa!E>r$lDd^&Nvg!nW^!QP#~mlx`!%3ps;A zP^Z_t_dr_Oa8Mv#79exLh?AX)Bg@B`YtP)NQ6{Pmo)-+clv<3JKL#xiCJk;h;2<=_ zT2*()JB)iay+tJgd>+P(g&*?sALf<<5kL#j7$}!e@06NPfXHa78Uj)O#RnG@HfsRv ze>*V6@I)|QxW;PU^GGE90N290LKFSE_xAFa8RUzRs#TzJ!@+S4de69dqiE9$hRKHQ zgD8L}CuQUV6%O_1hZU=j&I!iK|Hgf4uT1Uiha@Q=$R57y!b}qU1MBbd&dwpK?oj@* zO&MQ;`@N5uF~3kiW=|z|5cEILZej=0YY{62W@ggEe?ZygrJQ3p>qVTUQASD5lRwv0 ze~siriwy94&|ojXAd5}(Q>>5e3-b-3lM4|lKi>XQ8!5HBjRFIX2ls}uD9J&4@{e*o z!Nah&4(Jv8DCaD6^5`r?YPeW0O{1<)#7di+)2RP44F>4D>8}Xt@;w!@bw9t%PffG9 zPunB&3RSDwqNN*Ov;eB5dO6f*bMy}}-nv#=oCap5Xe;#^+H1GIFPk_YE?bWrF@U|# zY34WG)<70n{rT2HW2UX%8Xm;dS=u;zK#HS}ziOWMg5})LsKdK#vDGLr+yGD`ZdjXi zXBg@?)N7U)M39ZhfiC5Y9wDdYI69P=QY>*MGy?pizwZ1;t%O_IC@$_`< zYQdN4E@-Qc_EFMm@FZtjuJ%`S6(`aL$EIXkD(7h`&p0iQEzy4d{JE|5rSVE)-L)@K zQ4M_}9uo4LC1zuUAE9}5Ey*yD9NG$i1>nO~u`|~K!}w6bzIy+j9_~yU3B0hdFs&J3 z?&W!R#nGh8lfr?eC6MCO8_eC^!fd}ye%rIn zq}q!K_`=qCS>Lkkjy5M6CLAV0Ytpyx zxrv4 zkGWWHoxW5TEA^7{Pc>(U(_2)4 znDtfK2|&-eV=6~wdp@kY2Sm9+6fX$afli?YZN$h(?FoH5VALJvE(lLf3UYs-hhfvj z;hlgj(fm7A4s_5};fGPt8MVO*1v>Yu3!c;cmG-|%IobKv@alY3rCT`G6>-(OtBOAO zR3M~TmYV%!ZKz;o;GIIZWRPlklkU0`dMO}VEtZe5Fnf~H58$|=U;(3Tg z!UBi_Q9}(@SSV9|5cvtv5%|jUYF5P~?<+KUu)8 zo?F$#AFu0lODHkmr2+rK54fRUVAQq6SHx> zZ-dq`5X}5vRkep}ly74vcwF8&Jy;7(p$FO2kzz3CAgie0^YWEoJ&nec_PAmKtr2LX z*1Db9F2BZtO>)vQ2hwA2w`zqx_^-*nd`S<#o~u^88)tZz^gFH2Lu1I+|{8%9hDU5f?0ls)aXjovvC+kvYKZ z?DrsXGA_#(uXXPSq)_wlLdI{;W|11Cb`T5zUH7RLnPVh#UUsxclh)A*AB7XE&mQI~8D0N0g!q_AGCWki4uXhtMurnnkCH?&U z>)#fB2@4Z-brpQHFuoO^4F%8p^#l0ChhvK)$ztE!++1va z9pt{YRJx0U`ktSnn&(1>lWZZb=7B5#KiwEqwGGS0wC}qo@Y$2Dp2jg_+^8Xhgw@)b z4G1>(d3Z9UD~{vGfV=mI^*#Ye4~I}_2(7`pJ1qIU<;x_A(1bX8#{K@I9#Q*be_)924iC4&9qQ?OdpP6>;k<30sJLx#~CMJe6mz;qro*) zcX=8Zdxnql+k_RgQ0@Ukkhc4z>+fHr7QW#DD6qM8L8`1dk!`>oUDUsaN?BTz;a?<0Sd)=Y> zYo(n)U|$^y1zckfAveWlzkV~Id(Y@C;sZ!RpGZmRWN$u*6E?3``G@9EDqom? z5pp>|rtwKhx}#-Vul3jw9x$AEVlc>PS)R-_Lr4fXlPRx{v=I_K&d1uq#lXGSno}T~YPZG>ZWdpoVjTv#6T1`T>R^uR z1OLic8P#1YD!KbFG6vZ7n{j}EA{|O81X60Vr$1z11cZ*tbsKf^Zo5+=4;%v(p8qa& z?!y1TNEt07V^EC?i*VWC=Ym?WEXyx3wY#>mvSQq+e2em~xa)a{jf)S_{8GdU>29Bg z_B{OgbCu2qf6b3}I-+q%dJ>0+#pf5}-KTXb4cMUD@?pLIB-ftHyyqhbY3wb=TJ7$7 z=Xv8&U#4|$-M$T;e4Km2 zi5`_9!z86vW8&b+!sj~Q>XcYz`>yAH9HfX7J*7^sL18_1R<9q zqfRn-2em4DCLOnfJ7JbQb*C>L@9qxm>FKeh44asN z&{`(F6?m5^1{tf`(VwHl$r@MKl{4GKjBjthhXTTJzgGfW&pstA@WElpo6$j0_* zqU!b&dOM@DcFL$;lg9S;^U#GSpp@W8*V29^f?NR5XVSU;2=Z@Dv;Pc(T7SyrCbwPc z)Sp~R1cRWabvfgmzYJG~kbH)RhfmvAb+7tcKgOjL{O;#>^M`cwo6XY}A0chMk>g`W zv}@N^dXhbjzrPYg(y;axJ7ENfYqy(itm7mgG;|5#m)_s-rFL3Zq0rwQbzj57UjY6I zJ>{i}C0grE#UtcRXQ=WNP3fPLkONj~TA(U%8=NprevzGDoP#A(Di~sdL=IHtBeiZA z*KX{CERHrX;|R%bH_X2Z19yPz{X-Jm8@*( zmTj{X@9;)dwG|HAx36EjnuEznI8CP2I7XFxw*B5iS=qFd*qz#Fd9{Rg6^dAxEo|}m znvl?yQEX(rzf6cclQl<^wu3>=kmI&(&w%%eh6;3M#ev-HwKFkAL~|Hxe$$PB@Wl|;K}&;-W2VVPMqxYbu@(7~cIX(_fu2jx$Y{`=AY@=* z6gk4oOYir6n1oULE&$%c6=uXtF+9LM2&Rz;MI*RPA!A_husxE6MS&Xv1^lr^Z=3$I zqlWw#(vj1BeV;)&cb_qb^o|%Pv#Zv+@|C8fc(`d!-o@^W;cDpaj*1)Cyk$?NqrU*9fb`-Eq=BGSB)HUMz}c5BMGV4ej>;OY)iualB9_N$@tCx@48}EK5JMa) zw(E3Q!$nSkOPZ?({AAoFFJHdA3EFTVF9WlLgT-LzI>bBZqT+bYPUl-4%txLc5I z=>w6g7$Q6f0vP<7vC%r_@JPQQ3hLrkoZ5suWbof_%p3Hge6LeCj=)L1OJyZHPYglq z%G#yoS?Hv0H4f96F`f(NBe7ECo2gJ_AU>t^PG1u9NI%!S8LS+LSmE9J2*Z1R*ctSa z(JrUh8`N*I!!7J93IA}XZ0$LH38-Jj{~0T>axoEre?>&T{0wy6n(g7aw!%Nl1lJQYuEjznzOkWSSp2A2;n{9)HJ5sj=1>n#^EXUORjtaAQr z%X5ewgs)keKrQb1HTLvCA_tLNIl-v0LkATzv8LR+B1Q6$K*wQ%p&!6_CLkh_eq)1n z{W|+yO-)L$EX@+V2bnAiGy!kbnYGkqOCkT_f36KD%~D-I@tj8ws&B-ESt+}@xn3!; zrg5reqd)(K{IV;~jRYs6v;dSNSBK1A1}^eAqG?_kO#iMT+1;Ka32v4&YdLwti3Q*Q zI(nQ?Q2X0Lzz)26O)A$nZmEcrjdi9Z)@78Z9qSCqkJ8M~`aZ#;ZX5sw1WNK#BIMH? z9;O8$W&$#@W=N=5H|nf_7_2!U1JqXQqv)Vq8RJVt+$m=dkTZ=WJ6fJa29WaHfis){_?+tsGRp7b68L!a}ZD06f zR17|gf#B~AKre`p&Yxt>@x?edDr_pslGN0rWFsAQfXEE(DVRd*G5z)Q9Sd%mMw2NM zI(W1J3jeHN2#}mYb!=AF1=3#ioNLtqw!QCmBFSnB79xf@P$MOm}P=OZyAML_Q9($_QZLH z7*w@DoSD};1?4id<}4(q$d!us(y7ac;pS)F_xO#UZibA<#Aq<&b^Pt+;8K8^WuSfjcd(5>5-dA zcYT9XzU{=2Ow$rBeyDmoyXQYi32yto^(X+FEpDl_A^FXBvmak$> zViCe;n$k7S2Y@M28yXtL#cP>N<~{;JSK@o%l-Xs=BAo$x$sbQIaUG2>eS^rHFhHx9 zmY+Y{)G`Kco+kuUn>LSyMXYS#_45AwR%?6rqw{Ul(}S8j zJSsd%vl<~Q2&2Boyf`2$2+!1?|5p7O_SBF0anX@4V?MS^8%NVK@_{gklafjU3534liHUE+rk(k~eP)^?9_^AF%sBmmOEna3}t?6oRzKyr`)YV^K znu_W4Gj8nQ?&Y5{RLALBj1@3~1oztTh-kiOg6_`_OJ5@*U=lvL`glCYi%R&V+tq1# zmCN>iF`^ZG(pN~k5k+EVfV4k;{7R`P07H=oErHwaMm>e7wXJP~IkzqC4$+neYhqd& z2TBR{>hJkip|d*Opynw7Duq&!%tj4AexY=@8&Y=0{(AU;J?=O6v-86uvu|UY{(UV<}+bd*t7#!Na;=`jsNT>_ zY)z3}`i@=a_B)^qw|hrQwaAF0+>GNHUn?M5TkE%Qn9fr?%y_u7 zlYtGwV?3WMK9?JhyG4xRZ<0KBcNg~kga2Ax{ZH#m8KPE;b%$>5cpl+>PlQkkwu6#Q z_vzuL+?Mu*KcBM~u}(tU=s_JK+mQT+v@3e%cjdjtIS$bO*Kg`>KVBT`hG;IGu-|$e z@g9=u7Y6-$;2;hYvmbXHL_UJYNidIb@%vs^X<6C?$Mbh&T&9|j^oa-LPqzW*x~xQwy}g4Hvg z<90I+lAz0?Tu(Z$o}So_QDu2Wy^&{BLZen$D}B}g!tfzs zZT>x9nEUhA+E);m590zd5)xtk1Z+9EW6Fp-n!sLgxd-(w(|J%&mzHYL2R2bFa)0sO z?OwXALNNA0fdJsR(lo>}vP5NTaQC;_7Gi_Oxb0 z1%Czxg7dX3Pg;%&!~&I3%%>{6Gcz0R3EUM`SAPOlG9SSLQ=u%MMaONAR3uMzwRPLk zeo+dCg8f_5l>3Z{S$)->AOEdSpuUG|?yFru!_DmjN^{ph(jgMWArzEpMV5G;R82Im z+A&Zdet)cU6-rmlCV2i7aD{^EQ^A7HOZ=m8J1Twg;71$`o>WmD-C&~w31E0c1mPWu zdgQ+3{z*|~Z)Lpvys~m;aWy1Lg#wL?i&pR) z1zSY(V|Ml(HR>%l$trt_6TOw$z>os1*BE46IMYW;b+2Em{&o;?6?>WS+6Rxcp6*IZ zaYYs10e_Q>2Q_dYpiMVT-^^5V49`S5(~fZpj+c> z(;LeQ^F&`7yl*ive_(t*!|g2OPJ1AwzwX4TQj}l@4CDaZk;}~xD#G1RsFi_0Ds6>@ z73*s_JIACN`C4g-0L9>OR-1vbO73`awrND(>tfRbD=%+*{nb=C8>zB{#wH3n!P)!Z z8-#v8O@RajPW`={BVIlwSB-%bwRTAh!zBa0+7mfRe&~_hb34QN-CaQ05<>NecJb!g zU_qtjlf}Tg7W3NO*{mYhe1hlakJ(l@VGK*|WdU*VGU z2{t2TGsgjUN!l4j!Chc3*nnzkL9>Ppgnz-U15CP1O2`BSO_PV#UP%ki z9mmHdSVx}GhKSa@=p+ahZ}@oW`Ivwv-Z;#WoDy;24sM}LY@{fg5(DMacLVHSto64HTe>V5 z9glD&p7rmod~k;9IW|Wly%1?17pCCT`+i5sm~*N2Q(ZPc`x3L5{FD5xbF;J5kWQ*G zS=vT6i&M{W+oOvQcq`ABzOd4c3;086`mh=GtG*2p--F|v-)7S=d-{MBE|?vtq?VL;feA*T!xS^5 z0kG!m+k@0NlBQIFKL_tUAOtyZi0L~|!*<5wAa|%%yn=W5AC!BBH9Sx=s zDATsqm~EzMdgD!yQgpWE^5tijmRh-qFdS3VJI?}uINDb*^>p>*R3K#Hr!`Zada2&< z7kQYQXpGmO*pfWo8G*wl64hj9Z(}svBR{{eRAhOvirw{&d>C(wA1M;@HNkqYaKeC- z5Olb_c5XXe1V>$U8G_OkFtrZ+j-uijxMo*!K!5^K;874&a2c)<7Q>wZwN z*9R>9aD-eOQij$@Ih+}B$!~xSXYiLVKcx~Bw6&XKelf@^MYK@5f9B2`>nnL@3o5ZM zVh1f?#`He*%tM%HFmHXC5YHEwAapvtIvW7el}bwMhXIUVz|ixxvXRl>`IeiT!_kmU zFZT$4AJTD&trV_}x+mIjitDuNZ%o2-sO?(4_BkLGuT6((gU-_Y4WklBGZ7J5`vK6% zap7-_iM=8IG_|?Jq&J}6(lhd9`x}Y`Q0olIgLwYOiSFHj10;-YYhO#<5J)&&}h( zgPdf{#<;Cd zKcJ!H44sR^`-1D7ll|ss^SQ&MZr8Y4hsy`@O(XFF1Q0M1-FCow$7a{yUSQo>K-+Dq#Ratj{X$iU5NT<&VLD$t z+AfbMhTD5nB}jTa?w5Vo!cZ?|AxN2q&#q0q9H3X1 zEJ!I|NrxpEzj|9S9{4rrOSbh`k{*x^W9`V5!{Xx?h9@C={Vd?~e)R*I%i$(^5>P-s zU~L9PMe#I=dA|^o_!1tz%-f>NdTX=-`v3@sot@8&d-jGK5NgHtkEq-=-z^U8VRs@lH5g|$NOT#Fn2%zx$2FEu&^EG#`qn&u-j~f5IuBMpeGe>v5(e_b8L$0kFu%=4hP26QE;D@OF?b~g>d)7T)g)r|R)R#Kl ze0^}y%02pqC3Eb9Nw{ysYjv!}q^>a3)=5kEZr zl-%_{Xv0h~We?I6=&g6??lH{AcTd#`19q^`5e)FeAE|$QnIh=0V58f&n4~ zwj4UN^qCX|)rV*^MK9uxi7S-rzXZI^x;l4*&|+y%8+KbJmUHgc$d%p|RM#hiaWRzN zpt4_Uox=6$U*;sm^wLa>i;KItLey;G=^GXi?+wZQ=r5s>8e?+g|0HuL>0b z)+K|wF2h(*4ni$(ta3F^Y-R9)3g1}wA{bp%Q7M9qdZ-XwKN8#*t&twONS@)?`aP_v z?!yg@pE+-q75v%@Uj`GvJF&xwe6Yz2R%^NHd*s&EDzyPf$yjSXE_NAl_U8aD2WH37 z(kSTv+lt84=IKCwQ^P$}z?`+R__YErph_+Q5bl!hj1 z&)~WJyX?EOP89#zwSWI*Lh*l^=EnTb?u@0v|5O#2J;lcOhcUxNH%W^k>-YbBWciQ( z*~a1gpUmvpH1hxJ%WT;BQ9x?NDS!VCEaaxHt^k;|tTMK=xF`lOWFU8=eYD63>2F@h zvRAQpALs^R<3H_S?sFhX&?62GG$kdISr&liFqQ=)Yn<(awZE!R=>EITq)a2tNs}(+ z`*)Q677{qq2EV@xdx{?pJ<1?j*GtxDsgd`kb$l{egZGGu8?0FkEzcsWUTx%?Uz)YL z!8{+_>JsmvoU1TT9fOq3f3ZtF-+s#sZ1VyLISjh9%xAzrcVjGm!trb}CFOB&Y{-64 z?%tMhewR3vSP%y`+M&FSal%KCc#FgC9+pHYX4`W zh^Xi*MGeKAVQ^Lh%^f9Fjtxl-#vAH?zth`90{KMbzCbFyGb9$Q7YnMyk?rBZyCw`BD2Q3@ z%fa@utE)0FN_YBln_c`ZIb<>sTCu{wxr4)ZXD>$_=Gtky9MH4|wSr^7#yC3bX1DWB zu7Vd7ak=^9W zct@Rr(;pqa z34TQT#y?lzq%jF5I5jeZ#j=_amv1REHKAxql4JXDYiZ+>B0uTLw>9P!8=ljBf}i!< z7sULy(lEOM%-*SJR@gkyF>Q(KbeA~#`g9G{%(g04I^Ye!L0qYXwJ zsBUlaf$jzcaBP2ko@f{p#bx|u`3@R9AFwro*_YuAXW`A$t`a{g_6a9wko(a)Qz=hh z@amaNYu&+z+lMO{-PaD|WZq1#I2;#eeC*X!SF7;}FO&MNQ+1EMude%#R2C`L-0Fi@ z6c^h5QlYR`jZ?-p-XXN#po-QT7bIrdJ-d>+EAVHcRuC@6*m1yMc#|aXgM_0aH$l|O zK;HE4dl+&XPu(A9-p9iWj);(~aYC$*)x@QC)EdrSU@_~QKZY4G?U27bx0As|0X|Zy z7QcII7$F!Q2*01KjiM%X_ne)54%CL9l>sIUs;`yg!ft=!nw9lUYTHjD`dqEd8Avo! zBCm8%NtS%~QrRu%w6}O~az34mg3^v+$sKiplnZl7meb$BoTK1?|+ zEle#f+oz^`7Do?ZPH#ifb4WVh9b3Qj_ba*$Ch0|^8Y{#~N(E!t<(1_;&@w_x?o~93 z?z%K&fyRI&Y><*Qcf&1&=JCl81y?z1Ufn6xrK1TZHO}mf&ASc3%P+(&uKhGF**(D{ z+gr;MoK?vaxH!X{Z(h>U?nsq*At?&)jMS_Wh& zVsdF+fueTsZL?Eucu=_;!5uLW7#&{XJ*$l$$u7;(+Ie{i&aHF zNRoX79X~-y#rx^eWYyu%)+z=#a3ROYwpyJQ>o1k)rp6h#YfU;^E>w&0;b(zjA)<;5e7aulM$r+0JcCT?8=m&`4IS zmY#ros~xA5`(g&z1}$#c|}?*d3?%r1gGc)k~`I5I(h| z_+QaSX9{Xxm49efmBh~RUi!(-G3do{f9PKRg?PYfviy`b6gk>LgJNa|9ZuwLS8u^3 z@?EU60p$;w9JpLw46l!t;rI<+{TbDy&>3}xZ8}~G!-xyb8lNU5Co}M*vrtp}sWSFF zrYj}_cuqvjwI0U6KB1?#BrbC5dMPg-nz1(5G2`vAKB`_|V+H_VURRtbY!(Mcr+e>tM!FLT^vygUrUjZL-9Yi;AJ!K><$UnxfuYJAczyU^BhGD4RcsZq1S%|Oa;ujGl$5yL z$ity7%*zN`M`GG18zE;M9UY^UrmS{nU-tT;gFcdP*>!z3~Q1JvOTx zTOXS>}nJi7uSVt#8jN5jPg9Kl?&rJTG>mQW z|NcgIRMF(6wo}d(yW!UPG_hpX@~?I-IA&S_v?PXQs!uv!K74y%@~srlfb#d_d6{#y zL!H)HAHCQyzxw&^-%-w)dn}p$GFu{LmSpl_uAXtzGHKadF@I+A`XOvS6MaSP)aW8Z zrsf%Ak3)z)EzxsUXV4S!<1v}0v#4uW#QYTv&X0Fdq@}T*L7HEJTy#c;3c;Dne;3m? z{dfU*ZZRCLX~DQNR89I?)4Lm=l%hQ?)SPftW16i%b>Q4= z7%kr*9^awy74wR*S3r3`ge_HU7xeqf5Q4*io=Wu#c;0F!#I5_OkX6|E$*|hWY$?B0vD-yZK?~qCiL$R46}QW zv)F(^x9FlcD6?J~1p6@IQ+6oIeS-ulgFWZ_DG4YKx8Bob;qE7DWg+lm`DxlEsSb_} zP<*XJUtjhzt(L5MO&UC+aHFoJcajTDQ? z)RsG;y;6>rbUK&uwdzKB(C=yI!W*Slo6{~6n6W8&Hhy3GQY=%fS6*$mXZVC2-~XKr z;Ry=E=W-p5m9vBxFZ6{4c}Zc#J8?2zGU<))bEB|CW>+I)rC!qyN#f$-4r3*^e@?9? zuA0>97lx!?P8!lHvl8tCL)#w&|JY8*9QOZD9jf_v5hL&Y4mC`5F)m@}M-s{8GH-E= zm#7bE{kMeG5LZ-cHYgh0XM$p0Tl#de@hfVevwv(!UMt$e=}5-yPZQ|!BC7+SipbK=YO%&% z;5+wcd<}?QGG;O*2iy+7VU(W+v~wQ+`t=Lnz2~CSVU~b2iYK_Qug{pM z_2l$`qzzBoRgJ<``wsFqP7FL|6&bkJj!{wY!k{fcm_;}@fXCLw!D>v3%0J=7vt+6! z;(!LLsjY4p)XqHTvsCWdsR#|zdSt5OV zu<#H;Bf7l+iKG55GSrTDbi##6x-D;Ms1xOMzVl>so`%+~v4_ z3E2m$Fw`>G&p@^YL+v=ez~3)?r%^DPeEL;*=8W-lYI99JNSw^=Q%~J_*n}kClQW0m zg$hG$o%Oh*S1`pJdU0IXBr9zgK&_dZK~HDa?@MNT_xtO1BRWh$60CDVl2`gz`=a<( zbQ!HdlO5UX z*Gtk(A~s!44h%tA066USUY59pg&_17eH8}AVKN6+Om)^8_(=)sn!#)M_Op7j@RkTC;+hn zEFxe=gtkbp^gE-_x@jT%RC4!`G!W?A6TmHdr8GMmq_V<)Tm{Xa|GZ;Cul7jC@roURe-9YrXK<>pC6wvLI6N@zRYe8JgpvP*729yua07cI!!Z zcQ3_y$6kB)EK?hfD`@7i8Xm?#8xfd~ z3S@EhAf*ISR~AZJclT_tSNxwdvf4+7uQ5QK2=xdQ!%jluk`Znljaag}qq|#I-hq)> zURTuhpCr1Qv&hA`Qn-Zz!0Y_f4$jF=I%O=ErT=wmg!POq%`Lcf&ze0{jf~o_6KEpa z^FRQzo^4{b+nV|aPQ~xoG)Dtak+En}OCIjV3iKC66=5>hia0_L%(yoX~4zWIJ$kj^FgUKm&WEz?$~@m+P>Jxs0u^l^V6~%!!lO zD)I5xZ0{W`&B@|oTkqchpM=LSf>*7CkA`0QM~L&bc$!hF^P95dC%4qPzBppRVETrx z!MF%RK}i^XMHqk_*#lg|nPfX1BK!KVCnhHu z#}C^TEF=A?K&s=ToRtdaK+3#tDJa1FLPK%r)fHWIH`dpIheO0OnM$TTF)oi{&SKDut9T1gK! zAd=q&83Fp!tAZdM|k`bQ4<|<6a2cMOABcp z+@EJC{%E?XQsJwXJLpCa4nC~`sSw#E0&XA4c;})#;OBin{X~8sN2o#wQ$*CxL5{ew zF$-|-8e&zZ$r%t_kQ?re|9TLZ7?Jb@B0(@D6-}0IFmo$Q`SKS|P|sr^U;%M)Zb{qC zMo&udizGS@Lp3@IP*xuCQ*<$-0TWAP{*l>+AbyRO_R6^+1QBWAb)nd8PIZ5{;t|DZ ze??q38BQ42RA<8988@MW^9?b5ad_5Kz1yb&_ok;ex%d5OY4DcY@v6DDwbFkEqyjxR zvB4jE!i7QV%Ox#Hdm=6MMWtXms^QS>JY){~eykW1I#Z+xr;5$peqpzY$4$e+?rY19 z!(8=PDQ^%8x;Z!w%~&)&Y88l+kzLHZdHfk`K z4xqIk$ZE<#gp4&Y9C^tm5$gC{f1teP^T*SUR@Ilp9pA9?mGosMyu?@}2%uWGE0Nbs z5M(S%Ds4GoBkZDVc)8Tgy+s z%SuSR9ot7oGGhQ;t3LeY{`z#z9_BCanrr@F52&Qb?mN42`6{)8Qfl=vX!gd+Zd1Xc zl5{^OebqBKobeSnwa}7+4&Lm$_iQNi>cs}YGp{arv#C#(pExUIHhw5ARekvgHft2? z5oK%b=g$teZr?gKYL;*1$WcBE@{Jna*)^C&#o8Gb1dJs&!cYS%I2>f4BRk0(#h98aJ^|U<%;#-!_q@ zw{eMlotsBTDG7=7=fe#i#D!lX`S>gruHTn)7+hS$N*l0r&hvN>3|k01>OTNi{$$BF zgd=16E5(v;M0{R#bu5fa=JB$5B!IZ~O0GW{$mM|~ysKQ$K;=P@-u-UiYE~G7YlY2jpYA{Qu z0VNg2cISs(p2S-qOh(Hsaoz^0=yglQAKw7xS%L17GLi}eeapVGBb1?RO`jlpO|{Z@ zT}fEeIRi`9J=LA7>~%=GFhr70XslK^Ph8_LS9Kr#V_^IB-`ry4w%oWbz7$HZV4L^E~Z zDTWF;HD`>I8v@A~o$k|JLnGE7_2D3>#&;Sd zWiJ-+!AGeBo?*Gk#5HKf^q)+Gd1VEMM>iyX6n^yq@~CXJi`%+e<>+t_LJM=_6VIzx zuYRgbyVwnyUTUVxP~RnZP>*^f*aQ{tcFr1*#kx+`-N`g9-m6AMeamuN%(XlM!HWoZ zc$8t{ch+81k!0ng_!GPFLfQlz-_7z1hSH4@h%?kcRfqM>;<%d(CC==eW&|+Uc$MW> zfcVCp*ONJ5=+vUB#%A7iaU}g{wN1xm?Q~{!aq;zoADMJ#JL+2T>=7`P8_ELY9pSYz zrQqdV`=mRZqb*&=!2i^j*lVj5C{V!Pb8tpztQ(8El0XZ7v(EmOT<<+lQTU48Au3vK zv?m^BJLsi8fgSqtrC$X=7uccQZ%SU@ytDBV&Oy~B{o7YSfAD7poeasleZm^EGL(wm z+Z!B~z)&mGq^ntSt^+G3dFuKmlTNqXYfp?-><8*&jTv-O!(y|o@rDAGoETB91 z;QQkm;5{NF+)_4DVae0L-2;&azQdZS&DL0G*uZ0fQ@uyHlH9<`LY8b$&u1!T?B``< z{+ha|GMZ+HbaO?YU7v3{w_mzPq<-(Sk3U9wZXOw`dCi?y$BR`xMj(3w&_h`6z8Q%H z(2-D{1*toQMmmfIKbV6|T&Dgzl4S#5P-}aE&%cW~rG9*4))B zBQMZDK!ydIE?8~`gM{xBAU7a9K>^;r)sypwhW-6WN+i&NFcUbtDCx416BR{Bd{7=T zuVA2}Pk1KvT5!$Yh5IGJWg9XhEZ$$BdxKiGrATjd*7%|Zj9{vc))OtC;hUAXO;K#b8EadCQD4IPWz)2#n##_Bc?y_jrmAq2ZCPQUQ4q$7xm~&W$P8cQ z6tT28Bjo7VmA32Sj`bJQ&FUjJo*iT6j>=cd#;&fsf-g-)x3GX+j{RJtS?dNHv2bGk{aen2I$q#;{hu-7 z|8M@1@?Wlla(Wipr))C7(f=_C@9ms9bUbk-nfw zgusk{&k>{RBU3cGeuD~tuGzJ<*7i`#K+~J)bG=0V1DOksLQJ42Wj0%Pfb1f*Ivc~I z{wFZZLD?Fz#xm!PtU=!*KUQA5_Y3I> z5nx=3f`mVWJjCcg+6Md#5P+5QwgS_@RrJyc6*Bw=03LzV^&etZ^4}n@m<-iA(&q1c z@(AZ1fy|{FD)RVCe2B%#iG}iu&fSgZ9Rs~+@)Ho%-X5#8{b_2m*5~oX5BF?{>Yn`)#}@t7|>p{G`Hw%|Z?+ z1XO3?h999Q0KZW}(E*A{lwu>27jKfefaT>{tTO8bp^sN4av z6$9E0Kqim4xqaMR(UM|$1z2{G(uDSo4*ljHNlRPnWT6YOk@t2mU~_6}3JMIIdyd|m z)A7Pir>cqMYkB}36Y~^L2WRG7RSUqhx3>qYlGi1tDgq~4=z%nU{gCcHpLhb;G?1a> z0CWeC6~u4R63TW|NS0`@SDGat`M$n>D9!iUP+qa!%KUZRmK)p)7;?>0Qqs7LKR{Ut z9}03}yW;O-O5)E_vpc2abRL1%Ppr4!!kjE#Uy-=^b6$H&PR0m`AR!^q7|)>Yx3smT z1{5>7Cs{mbd*evEk20GVBsNr#9L1EGJ*1&oNgB@VefOIPBbKbCAj^);w`sR+5KCO;@n&TWC@R@D$&s zVp(NM?|BR-+P&bJ`Nf64Qd4KZP_Qz%xVd=)?X7Kvl{O-~zNuIjj4Q!`=uqy=ReB*e zQCwbrTByZ5z$Dc=PAovELc1SY6SDF+hfDu5w`{W_ab-y+N8Z<92%qB~H z;3|xKZXaz=NKAxveMx4f??yG&x%)NK^Hc6qsTpZwk76 zRj)ikVj4gtBH{h~H6}vR&Q3YijxO9PkVNq1>(`t^xtDP;p8foS=r?E>YR^{{5RoSR zg^rT`ViX3}G#956zDe)6t*Ji#{Ao8KU_eafw$Je62hBPyD=R2-K+|QRfg|~5?V-S_ zjZSJq25^>j07|N6zqAE%^k|_e4s?pd&C8E>gLd;ThvyL!_#o)w$dcB|Bl@76-e^!H z@lyx@679dWvtlw76~Ae?{PE&rq-Ed$tUd4!2$&h!Nrv=hcB@veW#7wJ{g?*vZO`HTa}cfSyg5Yi?g*X$<}pkXC9{~G4bx*-;uU! zDnKpmDbQusGt}Q12<-_4hz&3!FeZP*!xPf|NVBb@gM$C!eX6;NZXoG***pXv|J-#L z4VVF$HBegRAVtnOdIi5YpcQhvH0fv@5**v!3&7cdWXg?AqS{4qCV05XQ=5B=m^)t6 z=m_8(dmU3*HH+$dpM*tk#FN$2fBI{^g(n6+MuZNk=UU?L@XD$xO4B~JO}m40#ES|x z$(I{!&!>7?Jt+{dSZ~a1jZuUhU{n16LXr|a~usWn(WghdjiIvWu2r=&8>3>PVL=OVoFMD2+h7M zL$X`9_S9{NcPw{oRziFlXHxQ?0KuDt-fn$SL|nAL$j}_7qYY)wjo?vG^7j`L*sapN z`>@p|JFeJB<&y zD_DQf7y)W_>(*_!!INuC#)^t;QJPiva2L}mD?{L^&+V{XqsE#zd!k-yYS13?MMO+g zPC-H1Zis`gN?Tk+aEMkG23kPJ+Oa` z&u&`+?pd056tOsXUW;QeF6cuSe&aTrx`af&%VE9qXN zy|f(~bQvltiMtKLR8^kR<>hx;&L`8=J43WmF$m$%vkg05EWzz-N`p##JM)b&T5HN- z!xiZ61-Mv6-2!`j40Y=-!Gl;T!e0uMj_oAw6{(`F`P7X}4l7?cPu5(^6qJW-Ztl$7 zCAin#FI(f?Ka*0N{n;#v-vQAaJV8M9UoJp;6sx^~A8{RbdaMf%`0>s)MKEIP@B(J2jQ`Cxc@19Zj=^c}b(=kcm4#q|ba_@kR`<3o0 zZlo%jd*hh*KBE8t5C#G#j>?Tnlgk%IMn*B1dl-!m@7~yM3dNekqEBV_4w8j=OC`&% z!5Xh();G&>l`N>xVur7wp}}EyXNk-7T-8NzCkB_KBPdW{mFp?(FLfK`HpeBc7jimR zg81yn1QLR*dn!Jx<(^Q`Dl;TkR%SN0>`*i^aT!hg;Jcjdr*~UNO=S`h5qVD75MAgh z_)0`XP17dDXWZ6;wUE{XgKsKfTD_eKW6F6+VYB8Ev#`u?#;U?$w!odmWQeWybjuKh z@1V)LGe$555_kW6CeFH=V=Eb+9mUmEEA$Cp1DxC}81KqwV;K<^ z*_m*;Wmc(w_@=&r`xy1g+oZP+>sweX7C+xW|L}@g<-r&#!d(q^KBtEL?TgdH^z7^~ z6)oq$lC>eW>Y+Npo|N`!X8lzW6dAz{xHhLmD2VsM%BI``{1~fa!Sf7B z$z1G7XgnC6Y)TXoZu>R%i?s(4*O2sys#V%scD`v&cCkJEvUIq>w!Lj$wroO3OiYDJ z_Jp)*a%vfotI1L^bE>{Pm4gm$((|yyQVR<|MMl2Xa$cA|pNncOU+<%pScz>ZUI}$P zo4#yV+Plj1_V|g}d8280tV|kAhUq%&?>2`<=M#pA+f`jx&?c<65+IK~L!$1XJpzB4 zmk?ic@L_ygBb{bxWNW+w%vW!b6DMt4h|m&!9T~$|d-@qRyQ$I0V39cExd2%VC+E7$ z(vHLH5~u6nQz>7hgS`K36oE6ll6j9=SfVTT40fl^%r~aGu;LxoRTsNrnnw!6`)izK zmGiXPJMs{rzP_G}`EHvNA3P~}sRM|5)+<D zF2wz*vmW(h7Xg%TdhJgAi1YZSrWAw5uk$J08qOO5kipbJZ(c21D2cKn@~*d+qh zvZ4VD$S`WQ(gOtjth*6+z+uNlaD_+!F@N#fK|S=4^Zvb)FVQTf*jdVqt!(3)oKocE zR@=2MX`d>#!br9Si>4Xo4r!yiQO>o~jG&|A5_mbtg)*^e0sI33=C^Es&O|QbJMAxb zwMY|zjTN86rEW@E%FcH3(e5b`qjmFw3hVo2Z!vcMc&APGZJ6pK5Cu|W#MU9v5l_hl zmV5a(aM#)1p5COSVfIvAJ6`*npsMGzO&el?WHR5GU= z#qVw02|VkCvH0qNf9g2jdvRK01Mi%ii@rtm+$~QyDg9E(s`B~a> zm^c&3W6Bc5=Op;X;y{U$?QBA)Q4F{hovVXgjI2KX-t!1&vPZPev{(WzNZs20`Y5%H zd-{mXg!^=IXB?-W*QFgJFmCvEMvBTOH-GDP3#{=?xty_UxttKdc6l!rh=2WAgn#b& zNom!|ZilSHdAk?$_ug(hl&C2F$n6W2>ci990cMO04D;Pp=FM!;qzekniCd~8?!AX*fSd@*iO0C1f9`7eH#6YX=Hgx147tR%De%YJE8(_=ZrRY z=73Xcv4EQN;iE^vRh!jyy}B~|3sO_gm-NV!=Y4YW3n{6T!pzz9qr^(In65zH&dK?m zf`T}Q`5Efb__$_@ps5ZOZTA*U`-z^6U|lySl9?IE5v(pf>~|K&^Q`&<%6eV#|FwJfxcw{Bh$rlNI8ZB7*0o>N>Wx0nt=L7I za=oMnyMgWy%G)dB>11a1Trg|9VQsIFRuHR^>DaD81ynLHC;BZ+ILuPcdo%Jom`=U+ zv0@LKwB2Us_rk)f2|Y(ecen(Px2HQ}IEg-h0tHs=4R||1(T_Vfkm}3y@^Ww6wPB|B z%P+|7w0|z)t%Gb~%Ba+!%#1&OoX|jVy|W{=wwA#r0i3pJm_a3{QlP&^g`5g7y=7ip zG}iMYH+QxMYbq@>6B}kNA)j}yrekN!^fuv?>y|WPR}gPnko0KSFs_Gpt2VG_tC0z# zufOW<;w@Cdt6l=Gr*k%y4*Ewj=4+hUcfKg1L}=|g7Z#R!p1OVu|7Ou}le#}|>shJ3 z>6JeEeqeyP1G{@0>e(;1;!8N1whQO50?Ghl-X<%y(g=*|8N$ZNff15eEm| zBe%r__az8lO)Kw5*z?*eW=ven{7GEF^N=3%K;F;W`ymxoIFO<9^*g9I%rt^p6~N00 zEnBq~7;S`~y!oe5S-o}e1KeZ;3Efu-j;pljByI$${#Umz%7KiAfZ@ zA===e(t6uy_fBiT9OsgDr^2O!e^bh1Ute%3w8i=M?OXNvnDt{yDzB-n?d==jY~SU) zRri3$K+H+SZUJ0;O1@>TKGkyEaIDm~Gv8%3zH>_$k^o44RKd%vsl_hIdP%XH>tfjD zy#1`HsVO8nupr zF`S2Bhi*I7goTHH-ZanURJJB{`g1cWDG8-~3&E>ehDg`PgxmyT?lc zypzbh_PLA3Re)*DZFVl^u<<^Ctm-aa#7{7;`FzJy=k7gHAs3hDPcVLDT^Mn^+91_k z>8~OyT9UdnS~tjV7d3wPd%rXxG(NnZEVu3p@`QeO!^JpeMcnRPG+B^Qv~_WPE5?Zuh>Fs84mbtlh&W;bBpFZm zFC7kd_~W(P)XnQ!ayX}DR2>QW4W(vc%| zY+gx^3uv5quQ(%K!E4R6>z#ZB#-lz>k9R@KtKG+h4YCj_EBIz;J)t{Jpyn*3hCi!U zJ|7wIsY#u~RkYl^z^8o=lr^j?UR#(8`s!jj-pJPr-eTh-k4H6F)#$PwPL^ z(Gh@@o7l0b*Jf+TBaYV^?6|2QeaF<%F{6@>|6mjig1emooSq`H3qr)<$i={bvURh* z3d#1!p%-jo1N@N<%uhmFwF&uN)0&PmJyVw#Ddwu+JOmH~kdE&0?d^A*Z}gtEwVOs> zY|mMtWN{J8$Pl^X`r&pZ=jQ5Ecnz=39P*l*?Uzr-x?2_r{R)zL)BG#-J0+puShaq? zK@!%GI0|hx~4~+|(|7x8riU z<<>12?-X1&VXdBl)&Bh!nunsI@@E54p+@ZVH;E^4O6P8Zxs$Achb}G;@jusGqm}W( zNhteXCk}0k;pt;uQ02CLfX4FNVI7NMw-g-O(o+5NeUffH=?SjCmrou%SeS4cKiJ>k z{ov+$YCWD~&*ENB3~$R(P9R8%e+1EsoP6WAxmi$ZPaY2DaROqAYI|0E=FAo&sI_sn z`8L;{zcmfr)5MJOuU+aKmIHFFVAMfo&~1FI%q1WYoRXrKCVlx4C`Srk6M`l;Q4X<5 zBNv6xZ^Lf>TrruFnu>a7`q!2t^E><&p^f)_b<@vC9hbKT1_zm}581R_FRoW>VNrRq3mi9g@L{1xO;e=I&k(v%-pcXkc?nRaxRPip5QgP$@Mcqx{>ZPe?n+zk;ifd z{$f``7t9cNUF;wLdspy7^jUaJ6>0>ne|J00v&Nnj_`85`{foA_19=UNwq9{EJVHZo zwU&^GQ>`&jTDFA2L*LK5Fi6onh1?LiuJJ_T{@lJ2p>@dyL8@dB+Wr7JKBBt^Ex!bTi`NCl1Sn-wF1&R-ha#{~yV4Wf+sbfi-!^&6LBWco7C1RYP+ge- z6OJxO9aL+at|z!59^p{S{+SPzX9Qi~ArXb|T6ouQnL^9%mm~zOj*k8 z8f-1Cl=(KJZ;}1s=DZ%n9k`tUVz62@E&uip_OLzp#>u3+80Na^6k6j-1P9Ua+9VdU z^$;5xCh_yK&P~V|aXwtS9GjE6&eI@|cBm4BoSg8`pt+fVm~d$v;&(kf@!~savYxQ& zPf)FLyQAAmEUKqB;8us0&?7F>ZPzWhMUIV)eWLU0$OYay;j~Ahr)Tp$B_$HDg#xFp zTT_$C5l!EJwNKXj6DX7~ERIKUn&T1>Xi7**&w<*!(VS^4gAJ`IFjS zLsn;!5%g*5!<#mnu??tLlO)lpU`XG*acPg0HJqCQ?Xt&B)VnK&WLNX84sPXEor=L& z6Imr&N@`+v?2ZV=dRU!yoxyZ!Y<2Aw=ZynC8unde1Z);JN=n#?FS9H=<5^Mjj(!^0 zl3*TYM9N?hdfutKu09S&E=Ej=LaT@fX8Og&`EBc}qpFY5ZM6UyLE9l!9pl%`oCVJf zG>?GOD=)_9Ex2x=UCj|VIE_fluJ#`&wh_2kM}_0et&R+8#zp#=k-{_eHwith`vii& zX*lA$;}oK}oe34vWE#xu^UWrWHFV4XeTb@igNedxZGGeRZ3-%maM<*3--ZPDvJaeB znGBm{Yu9;(OzMbfXz)RD;L!nk&o?lqHFWTXtpq2qjgt+X5uxUK9LQSy!U#6B5(_1|Y$|J5@GGkks;loePl zuxRM$Jf@}uwizE>fv3*b@MxLMZeo}=gYhg9d2+-F-%(0V)`h64dpz3_L^Iu5=mUTi zoJ}vJC6cwLuVky2c^(iALG~O3(A}|%7G#j(E-qK2q9$qR=>Ci@C8QJ>l5o`B>)zVOe-B57U6-+OoXNU;>sq%kj~e*Jpsc%jWGUrbhHizxz| zgoqi-tAn4D74a>LoM3;rFwr?kmgAzI-$Wg3_`BY zvI1uxYF*J^DJV3;V0aN79bv4mu*pVhDPl;$4vA>ohb+wnf}Q&dCj5E(2<=7_^XeD2 zwzkQ-X4CPaT3QVJ&WC^+N5cWVw8tn=xX;gofy(-hbbESL?4?th5$pPZ>hHGZgEK_x=sJ=(;Z~!fKt^Tq4bO3sZtYE{4_|IC6*zW? z!4Zc{IHxzKl$BE`RV#Rd z9FQ+m73Qz)SemHQ3}X@_`rx_tc|=E8(($sk+o{DvOU*X@KcOnTpjzd7ewJw zi}!xmtYS+mzU8uun2er96QLCETS|Fx8XM-5HzaE-M^CBxK(A*~V#bq&{Q!Izg6*LG zTetH=$Y9?yN|(a9`mwR>>N6d0Vh+gHLkT5X+Pe2ihrhKoZR2w1vNi~57+_dNG4J!# z-d^C%961)|aLn?}pwAh8|M!0POZ5+IijtFiMK#>zrdwy=71!X6^q*Oyu+=yh08i5JdWe6-vr)E;h= zp}D#WuaCNv3zrt|ZC_V+e)o4dkoPs*_w;7R@P2t?>2p;J{M^y8b$6t!LR zyH@T`T{^n!N*)&F8}Fm5Yf8NSt=xZiLzgQ)b{q@r!#Ho44-{OrmalBLy!RDXH7_Yqz&7vEp9$pLh|9Qf@ z_dVML2+%NU^0#!>zRRg>>dei*w_{*Tsm#Z%qy9b5oMtrpV|V69W+GeFr-0DH8-7;U zp}3+!x~$7?HiWPTb_+!90~1>d2;N84Htvr7=VN)0AN!^GbFaRlVaM7j{}nsBZo_7A zq72$2;_W^DK>=TmZ*s*y{JZ+?m}dJBkB@wcTn=Au;Z)_@8ekgae;Zo+cayzS2UtZ8 ze@q{neYU?;0Ft-nP^4OWxQ7G~4^7g5gN`@PF?9 z(03*gH)WAeF>dL$WyNV_Ev*Bsc!k!YkJ5}L-}`-FZ1a`nESRsc4IjMr^TVU1!v=y} zAH{zcPEbb zKZv?3BcH(4v8uG0X>f6*8a{Z&E#&^Sc`LhFWvwjR;3&D@Qj|2F#5QFPGWN&R_G#({ z_6?1VM3Z%qMv`!|boJ`gSl?>nj@6C4joWrJSw&`cFCv0z!p$dXN&Ff&|JbW& zG(!8q@#uonakgE2q;@WyKmkwNfdJrzbi~dRclTW#U%%Vso6#{AJnC)+o;vu%&Ye3j z@9dS9+i^tM-&V)|(TKl*uzbMEG#I;@`?hf@PWYr_YVt+_;I6NK=fcX(8etA33n18f6c5 zX4|f|Cdjqlk30b(+!e%@ti5H^2n7&gz`SkFg6l^{_6`2p?Ckq7IuztAg%UZ?4z`36 z9h;Q2`*1^5&%kbJD8`(cfr0eH#|w1J6-t#^Xr$EXkbrS1GS~6wUuoFDTndjdqvofN zBjGJv9-ygxWFzt7)}XAkG&N*amUBE({f{YXZre{;GBPt4yq^y4`uS0~{PY)*_l+Q~ zbMx50OY_Tp&lg2~o>U&9Swe6zqCdy2YG6Mr3DHxIKRvwodGTiC4oho_n!F@WTG#*^ zY)bgEHw{PAujJ)Bl~kslLFWsA38tH9?$M$Tw$Yg|^2dq1LSePA_V9VFMjIosb7a;z zg*aM+^lvX~PNs>8(Cwp2j#_<_#Pn`s*w+8z?k%ILY`bV-5JgcWl@0|2l~lS_kPvC< z1_6=o27{CmkS-Mj>FyFXB`pn`ke2SQvo`vk_d7qnKi@aT8RMKihT|FTXS?@(U-uPj z%{kXx&PywUBtmXCpi_H8b7S~$Hh-_t@ejyzrxF}>KsOE!o*Z5*K6-4YpL*3Q%pPzS zbE2iB8G{F2dyz@_!C`IE)&MdWn%unUu#mR8kJ>nT6j1l2aQTk90s{%#PYwB3k|3!p z%5N`Fj}bQs(BgFp#h0I%Uz?g(tEv0ixP_YU>FMc4?SE)R(8Uall08pa7VN@?zmYR4 zGbN8J;ywaT2>uddcBk$0Pq8UC2v*f9jc!KixNt`4INSu9 zcOEcq196}#2nfSL7JCEwZ_(quy24&+j(jH5iR0ne$a%c`mC-LacrrO;A~`j6_6Yra z@lagd!49S8vk$7fX((O$@eRWxCB5uB#W+tV=M)Zm$HLU%*oQqhIcF5LOQ;x zL->aV(C5s|Dv;yXLz)30<)ILE=cuf&XOkvO>Oy`Ge*0Fh(D&U3>PuK$F;6#Xd(EQl zr}FsM58SFYb~C}(%MXw}>(-xX*7X|<8*>`DatiA8-M0~d0MR+l%T_YnB)YlTHJ|wM z$D7C7i^IMFEM=c4d6CX*!j|$nIukQaAOeeO>%Th#btFS(t&@~EmmPdX)}Hd?&pAvx z9%AkHvu0#pyLJsRZ^aR-H#h*Rtx9{XhWai9Q4#fcCN$-i@rK1!#X_&8;8C8?M?iK;^`xPvp-f94l7N2gtdB2?djW#{k})5 z&R)5-2UWvtba+?fR8$;ECOUT8Cas{mX{`H1$_iHO<73N-$=UyC0fdA-yl#A+_h{$Uw$eNo7;%^La2nR`r(0FD$bbrJsb>6~+ zG}Q{APtCU7&AFni8)jku$kdVOnQp4w(tZGLK_Pfa{KBpl--kYur2 z_mpbx94+xIwcGwg#z>u^zqjUze;&hi?}iVBZM!w(l8RbdjrSOmng+7t?%icV=|O;P zg&Yt&uGEYUc0>s0roLX_V@SiJq(oHgWRh#i@hszXp6px#Y}Llru{(DH?f!kn?dxf% zO{IwcKiI+9YBnWqdh{4fz3)q@MOWj-#A-Lj{GMZ%ri_o|mdM5E7{I!`8Am4Rwx=rf zT4`=D&r~V&PH~DoO12V>9D6C*TK9dguh0X*=d!nm$ooQTT{-5qxo{bUEt$m5%*{a) z9#X;AOsInQ>C_#!-A3^*hMcY=5lP~bCijxXgT7f#oPx?u=x|05*d27MW9#V_WO2Am z!W0SLOP>DXez(nyBk1O+pr-a1uxW%(;Aa$yLPz&-vNBgK--dTS$rT?^7$)t4TQ@S$ zZbaQsR9A0@g|RT0 zmlRFGc<`U>6AqD}p?I$PuUe7)j6=Fw(>)?eW%+^H3=YL9%60`M1QG8`4aB)}Yj!Vi zRbFR*HMMp0#Iww`n(AEsb<`0>g1LW!e&H>^0q^T>0s3k5v*!|t&tu?^*7mq7t_;PL zhUeCt22wkw4{x0swngQ=-g#!mW#FhoAj}o_cz2fxMuOvj`orLo-dxrK2q|3mHl825 z25O-Wxs+--61YA}Og;GluiM4ncJ>!>+?zs`o)xq{kbdQW2*$V(^RlCzbfL`6gL>Ie z;n6L;p|zJtj*cXqRQ-2d^Ry&p>bd1jS#QyvCv70QC|JK6J~-c!SJQ*4IrMEut^^br zF~n39l=SQNDb6Bvj5|KrWx9m;QON8h9@6Xio}WvvjQoy6zBgRKuHgo=NCnHAT14z{v^@%+SznOrWS8VkiDUvjc%lV z?-^<=K$#K@dlOx2y_P~%u{k3)7N+zCs-?(ls-zVEg2y%p9)m>hXp~BQ==y5(EfVWV zH+4~#rs%ua?|<`?B5~Ajtji2&{XSyW4AZ~V%dz2_9Y^|=((vz3j4*iLCOFRkO-uSO zUD?ly^VYj*nQaf{5@ykc#eYAPGJ6+06wenKtfyL-&7xXK*LeT&H4HLeq~5~Oo%1`V zVHVNz^BPJRNW?L>Hu8%=57J}LNT&E94>fL`=eDZ5H_wSGU+1>re^}+NKfdTvXqWn;gcb=c&<1fhl=Suw~ ze7~Z0#`D+z0zurx{`cWfoTq;YCiwdQjbCl^v3>09?;S}T!8Oj{MW;^vy@AkOpuD^; zzRwnXx7*a$_wP*y$gjPk(M@~tFc3X1=E3Rzka(Jv(B$IFx6FM>^LFdU^Uewoc)dlZ zg5kk;1O!0vRu%a5>jiqZJx(;}4*eiGBt@qdeds#BMj;ow<*6AQ^%{nOz?OCL?_Hpm ziGQT#Y?2xH7&TlCuVHJsjh@uVE@EcRik;8PBrq!-{uv;Oi_K??qMf`)ZlFQ@pvQ4s zgH6r#fsv(>ETmaV&G{Z`j{^>lg-c_}O%s=#Fa9lt&+i>)joJP4C*}Lz2(=B_JLGI@YkU)etzORiVUyPoG|ZYUZ`6>Akx{-d*$j@s<(iPiGc2 zVg@vrEvuad2r&F!64M-Oo|V_KVh)2;Q~$Yb2aD*f?o~ z&-d3#b=cgSZd^b&6&609?>Ogs0j6|SzqY14i_{{tURP~gEwFfQe>2ftSR#cK2s8R* zDPk)3ZFGzBgWc{G3&)G8lF4`OB_6t9BYwnBPp%^|kTZ_pB_Qc*~gc zXYg%gTxG8(QrI;M&eDVB+pLS8m?D$2?a%;U;7E z0()VBH2N`N(x8-rJ^@QwICRF|Jgn6QG3Lcrui$w|PNQ-LDoe!tlUsN{*7gV|?x7=$ z*jzj9Kyv54xU`7V6?eXa+C&%SXDXSP7k{&Fun#IpiA)aizReW}kfqkCiek#ON4!=H ziB?x7(nK+T@^)0*Y)PDDkq`Iy!;EpRiAT2We!k z6kls<5&?w;eZp{&Gsarg5hg9U zw}k^KZEvK-+mM0MeP6Ft^cdZO@_(q1PR{NCIEP+p%9ILbQf!qZZsk zmCzsgz*cJnM@5yyAudR_dn9#Tc@xAa9b0`#NV*02lw%zP6kzqv`={l;H zK2NR48z_LZRrIOYgVhGb@9F7tspOUzpH;fFFTSVutXZ)bcUw}rfG#ZmOZZY4q?6G` zA7e+F<~7(zQpOc!_4O70Z~=qy@`as0#!`%92W>;u*bid*h+K@`#Ou4iCEs!s?SI z2&{cd?2GSb=h&ze8y1iLl6IviqDL61jx?t{tZhQw>OO{t5D1jMc-8;7B`Ek__nfl% zo|6t8LT4!+%-vPa)&$Xz!B96o2ukFX)qB22cFh}1H|+#cJc#uVrTWu-eXbHgHIfpZzwsI7B3sZSB@hZMgV@T(F~5=i7L1 znRt*%tlQ2+7qFVY&ra=#BW}(%G%~Q6c49{|sogl7d%%0on>?qI)E6NsCPqyEe4kZG zDI!aw)(4Wq0|d3jx2!C$KYvIZ%({$rVj}`c-RVH_2UI=RA*StY#w<###67X^`9fJG z3@_@(@qulhfD&pe9HE57NW%W{^}09y9UgCN{o?S)(}Oy&^U2HVvw3H$IfdNp4}Iit zIzluiF*|hc+6|Sn`$lOWFhIKv=vfpVQ5}($mE9qe$->M$Sv;tt+x_D+Ckq#60g37Urp?A0r7uL=8o|9-c%jXbiiZ!j|^54H6bv7+L=&%%DCO}@x?YLuap zlSF|nd^l0peV^({Nc*##HjqI}S_>Nupb;UXWE_*c& zoNFk#SU6JWY*1?dScr`K=#`wjTHU)O-gB5!!u50HX^+GY%c=C;)uXpZbvIY(9)4N5 zNF!N2MYi(V`tIuwFq9tUi;GKrw0$$sP1yYk59%&F})Wk$*=R%Cz1 zJ!KLa^NDz8cC}i)>#6Bt@6Hc?S70lGE@C{+2v}swjCzn!XjqJ+)cR%GjqKdj^>(~UOV8O;;G%5tnCbjuG|W<{&lUZu zU~8BxA&mK5k~LoUp)D}KNc(Bdzlbn&_ZjLl`Gv6+HeEH;Wz-Zb{0|o7Bm4MnUOrTWCvUx;-pFBc+>tQ<+;D%DKo;lc5A=&x&#b&265h zid(4Nr`QaKTwII$VrAy63~yX-Q}?w)-63qL#Y^sw3+7gfQX>ET z0s!F!Dv9@5FPTa)XA;LyJg(gkWXjyL#YX7vH=g)CzXHhi?y-PW6wbe2S%O~?W;9MO z=1;@sN#@@eGhoghj&IP;-!95CF=f*Y<5baD{F~Su6Tr3jzLQo>OLZ1e;M-8$brBPzd0{{v2ZRP z{J80ES&=w|Sd-sNnTowD`s`nsNhW3QJND<9wBksa{=HI(rF;v@x5xU_&#AM9+7DU*kbE24`h%)VI}+@omt05_UIVkcv%aG623P$Oy0JTdjwd0Zws6D6wW zw;YF+Sv&G%Fh5?v|s)qdI;ZSRAxwJ~@DNr7F40Y=#`TfuxqE6C2(-Qrmu-*^eW4DPSl8aRuzTZsr z_sJl{ufH&?JrG1U5-N-yd1xA!Uh;HDNt>vqI9B&o+1lm5jGROzWIi~46NE1pT$j{c zNqm)l5WhUlWZY0Tbq+j#S}m-hka6hp6U`QG_DV~~#+?#e#GqfQMT(7QeEnZpyU$rC zMvTK-oA5o6$cOHiGlh_DavI0~p4ySFGs%=4UpC7<^N*w)YTLVHC7msG97s>e{*&5~*le~jzeqSs2lTbXv)Y^<)GJ#fy9lNZW7vOD~Q?D{_ zxia~8O10>vq6p1%E=Ij>GlZ)IIKgLZx&?5}?Vj#8>mD6lxBL6eFVA?@UD0|@W9ocT zlV|zwlb#&C6-^T@+5NaHB`r_cCN%OR*t=5Q6`)MitLGh1=uCyC(hnvkgrl zY|#CjcmU$@_dRU8E$6*aa0d$>@vGwYa?nQ4C7_TCa zv;Hz~_`FpxxAc^X(m(m*w%_5RjRlU{PMAL7`-~qEuLGcr!?uoLg+*^Rq_bWzf zNp|*J05%bS`!ci3UoeJdQwo?r^-rX5OD~@NN>wm(z^H5s9y6g8=#&acUh-FGcN70TcV65s-U1y zz7xssw3%Kjulk~Us+kzI+;}NKegSn~33gLXsJ2PMrw2TH?l3sc zLCMZ7R!fFdlZW;rbUBA7_GM#}WtuEdvZbo+eB#{7*oubIPL`f5u!3X^#7VjG%&_M` z0g*VBGZU!NK1D`AlJxxQRR_IT`uWqt3*ayBCo6I5!EOK6)~l&q(FC!Rp|P<|55&(t z?3Z19z4SVU-;qddSVM$e4hC5S6L-EXSLhDj72U$&miFaNe1l*bu9Du>=?>k&oTh04 z)F_xN{k`Do?N;F!K68b;R?ti@ts>QDWQ6Q%vVj$!){9RnUQ{~j${#xNKzF_wV2T^Q)S{vtmbPYMS85j-o;j8qjLYsU{#dZ_-)w@XOJvl!qt_3XyF4*K(Uz zaD@Mp(#|p^krK>Z1vbdiUJXA~CmvMpIc3YwK+Yv)Xn4sVOY)7s38qL05FjL&L(98j zUB$y@$8%Ky!x6Os#M&;ghleioXX}(ub?DfXV09H5cwnK~&UeoAb_oM;o3Dr9qjLNG zfPgTJ&5R2wgq`Px8K9*QXK1K=yyq&a>yx~KdY~Rjyz}8O2>6mJD%8;cS7@M|n+wPl z(rb&9ZjTjAux5x4M0}C-Ip2wDR8NVsnwRn`Qv6z2Wt^ONP%H{O9BR*Fp|_9F2npF@ zJ?qanWbOG9UZyx2Hf5zd30zOAoSikCnRyB0r3)flMYQ{jj98fD^$}Ui*?lhtLA1yX zbW3Y2XC}{DRlpx)sW7tCcw=@jNnUN3jS*^&Vs4B0u$ye|eVI2lwxne=WkkVCOM|&k z3UqEU#mU+4>Yl)blqJOTjK6L`;_4hk2~`LrKEM8)gqE}!4Q+3|W*9-NMViEBmxx4z z2t-t8-XB&l)DQxPLCQaOm&$d@qqS8Eecefb1T)A;9ctK~_X6R{nGV$y5XA>s;KtHB zh)=80xn8}9!9#%q;y_RoV}p=R7dSrNML&b|tc;oR`J}H|RiD0yh(p=ZbD7oPZriPE z4jcR7xDUXxLo9^vouUlyd&pHcbGfyzUV7+i!$aZa>kG|jdpUsHSuUv#$xXK6p%|jv zRW=Dk{yKR+Q>LP4!R=9-^k$-V?Xpy+jkovY-ocaG78)}fPO&HLH}FFvQN@obmxfnx zpl0!gSct$o<3!hYqY33-jxsXtgRxO6O5LbgOab9+OH0Gj4$Q~#@4;R3Y2VBIz&(iV zz;_L3JJ{tu#)h?ih-ed;;1d%SgJpIF69f1wd_qDgNG)7;|8zi?%IJso1dJ-o3_ypA zQ@Oo+{N9HR#A#4j)d2)6lmYq#^TMryl(-IfEyKyL&f81;A1l`?l4ONWaJ{{yOUHJO zPF^S}QKmW;xZCnjz*sIW6=xL*S{+sGyL%j86&a~ISH&Sy5pcMfkfU(iqR+SA``WB< zdcxcm`e9MpTWaZvRz-z7j4a%r%9Q2Vi@$dF?$A?nb4nBr;vF!rpshXdUFO#BdEfL2 z+nor{-(J(Q`tzNd&{F1^lhZ}TR1fN_BEh_eDrTcaiBRUr!gHoyP*|cMmlpsee^ZDs zC@Y%gI>;qt76bhstEpl6`~S3CywMz6oJpo72anA5)R|a*ZR2BjVFEe^rlP#sua^Vo zVTOc;aY~ADEEhsX%e><@v2A&M93S~n*?Qc^NZ z?rMGaPOECYhaD&|8Gfiz!=d)pD}?2%UURxO|AM~YY_G1j+ho^n)e*VE2wRUUi zO4E@+tp}BJesBB;E)nux31i1LiSA=hs9ZcT_^d}Hhxr!$=pcT2xUj#!)I!M~cT9HT zsFHdJ6XC#g~Ja9$y^M_6?6wXIURP<%-FAh@FfeSCmd;gP*q5Jk#y?w&x!QkfnRMsMnpI-|OkQx@v+bOPl2G)G>z!oG(hBx5{ zG-sp;L)9DOsSR_I$1b`?iCIpV(D{>FwmdAC1+t|l-9QD3^6zh!nnAuCB7r+D4Fe&$FtC}1HBX|$@)ga~44gQV_vaPxHp zoYRwb6%up=UQZqq_=^^p_u5&Rg-k~aIud=6V=M1i+nO92(7t=4z98$pmHGMT?RX%=ILRePsM)kq*o4A#que|^ys$L?)duwr|?ZPgS^u6SGYd}i?W zr5nKmx(%m-9+D_um7|=Q!e5sR(;~_>>O@v(fg@P31Q)76h~eRUHILgx)q;b#JyK_` z>r$)ulHlR~v=`!bCz&19{Ph~Yn8H*rvmh1Nf0B4`G!2^jkW}e7_U%>Q7$MvHP^E+U z*)+;PwZ!a!#_Ioq)QNA~?5i{#!z+3~B=~>1AVD-syPWmQybnod09@uFGI;^||5)gvq3xY8j=2lH=3ecY~(*0UC5u zmv=oH2{G$11bz$@uL$lN&+e)=Xc0x)|4B4xf7l&pgCCla27BNPp1e?h!}q-S9Fy1~ zE>-15le@4sI6TRmotNHj;-0`%1i~dlCATCwD4_vM|vYWm>z2fbh-k(aHb^S+sNLbQURCPYPYrt4>u?&dMJg%iig8%hM*7ahyE`5dIxkKo(2 z9hfz03UP6(S+O_kVMn=q{wVw&nV{uu9QB4Fd)Oc5n+J5CWzFfUas7Jb^}4)24EenG ztuS-Yqgx-dcnh}huzNYc$b|v#Zry_2=2HE^@k37*st{jrb+ewnUb@j<7_!xNTyD2G z6p@s63W;{9ztueW<)cp!8Ok>UKd2GaCp*b)7yZs#eWR|J#}m_+*Y|0=3LM5>zaGr! zh-8k75p<;&cUgw*{>`X+v zdAe`UH_DqpFOwE-rK;C5`D4izFJ!o3`tl*e2?nypJgWAx@DX9{WkGF*{6Al`*e`C^ z5aaXSASqtrERaS#zN@J=CtD(FH+96SoK6`;D2c7S*Fe+40tB77;_n>DMOz7!BGgZ!|A!79$ zo!;pF{Ft`q*hG{@56bOC=*VVkzJ#pz_N^W4B7apsf;y@ zwBB-N>|e$F6i(IJAky>>Rj_%r=_JsgpO3*;F9tCRGn|Kw+0Q(cRbUd{Tam*S*^TmD z^?dgNg$y-&og{lq1R_Xs_GwGyET3e463nI&y_pkeOUML4A4i)L>1 zMinEZrqBkjhMtI{C;Ry=Gov21r@}P7o57DsQ2}0vm~* zCtLsGgD?e-hj22zq>h;jp19$Vqa;@|He~3D1OSY&;RlD~@>#7tZV9m_v!%$6*ly#R z7NS*i`eZnA`E~OSdx=)9yQlE+Y4yY5-MrNZKZy_LK~(`R8JAfDM9E?ZpCBkhytC%M z&IRg#+x(2aP;Bi7GfZh{f-Bw~y!cEC zZQa=&oQ*$voM3{EMkj={v24S@q4E>#tFZS`rzP-RiR%41v&QfcP61Jx**y+M#<<5| z81O)RFXgipBck@$3y!PIym@U%@a+C{$H1!gnn-GDkLlgt58u1X%y_9as#9>oOYzU3 zn=1D8ISKZ~?Yn}wtO`ZryJ9%eQ zdN&SwRg3lqukN)@T3NXzodPz&8<@1u96-dHV!Wr_m#!EB$MB>>W%*$S`FEY#+sR_M z3=~(bL9CeXaiY#;){bn#@p`!P+PF}oNZz^R2Y9kBlPu+u;n!%SPtX9|9cpeYS7t32@d-+#fP#o9B zujVy{7n%()G-X>QN3Z%fCFV{Z`cetHYyiT;22&61;xi0Qr@C*?4=n`XjL)3f#%1); z>t2aY1WPJ*9k&B4IP#B=nd3djpY~-b1voLuWJZcV^f)ec9vP<1%c z1`+zrwBDydi<}GKjH;M+;s=^W1_p5a%?3PChTk5KkUn^}Ei?%o`YN^B4~{?CS>&{; z94oS%@b^64l7y23jLUApg5@<%>SEoRSKf$#B=Y^^OD~{0;eH*5^y`7|k{+i-Prl%x z`HRL&lXJ`ETD-qnER5FE%l-$96KYvB!8YJ_OpF?K_0i+QJz@M_4il*Khrm&e;BHa@ zn7%y%BUaAWeSiSTGncw}>r@ZUXVdaCL~(c?*6}YORMpk_Oino8mJ>e3cL@Dp|qQ4)K+{>t&8CGVcwZKRvYs=hxu2l~j)tpPQ@AK0!+oQeC%T z-+;izuTkG@l3G!eQam@plz=&(P@e#tYBd&T6_wKng0 zEse{hCy>v6X>*Prffff*jJDGP^~Gl&^3BO}2b%}pW&dRLgjps^^R{`qQIF56eC+1y zKso{}CPsLJSHjrM$+moyB=s>}L2}bG0U{~wBRDvzJ!9LU56~l;#9N_$z2#fK+zy9* zMU&-;jt{Tl3fMV1Ux`QvLay8<3!+DUcxnKZ8vrs|lwKyUtUvkCsLw-*BVfV(#p=)J z#G}ckNvkQgj;lLX1j-lMN?`iJkJnGK1(9(=Q07eH^R{=gVQB;EmuGFL-1e!s%t!nN zmk^-a8C%d6{VES*C6h)N)#i>;aoYp#t_N+)@q) zmlihc!yUo50Cy%r2VA<+`PpnKAq$c-WNd;PHb$Tz_7n$p|DO?Zq{^M)m;|@1W6yvO zA6nYmQ;fT`hq&Ofp$RaItpr^?Jb~7|2}Ct_;L8A4H}hqa!ezPB*ohPGhuH5Sf{==0 zooi*xnUARzmRV6RE?@BB4{J0f^uGwu+r$>SSxI$T;8?Ba^2%DZunT}2Hay*^ggo?F zzN9J^Meqla1?k>fWFh%mPi|zZQ%RnAt6|gcv$Ci@;j^gSa;b@X z7%IhbdQB)P_X#-o8L0VRmAW72BUxV%M(gk+XMKcC+5qXUoR6F^P$Mc)+Bh`Fjry8T zlCK)LH{ls)*cNGZ#Jp!!|0evvrCs7`z*PtHb|_6#nbeM%E7|+>wEliAHGeHjp!v}v zDrCV7LMb)VFSZrj#k!#gcK9>I%)NFWLlYZ&45jkS8OyW9L$pBylJC~oBUn;uZz^Q6 zumIr`Oal)cGVNUGaiLH1>+ahgv|+XKpC>1$c2oX5b-KfE1%Cfwtv9mL(5o5L@!eO%lM@fcK!xe@xloGMC z2Yj7+f?BgTzWiIWNUi{4Ryua}IA!LL9~{!);xE~uUJTAn@&&u%%F09ud=7e}`#wx_v? z?y5z9RKW2S=dheQSbu{AGQMw8^9J9wt1+oUqH?q<@Ix9^t6$%2yweCfJQS`t!tFrP z8%)VZh#e`fPWEGIrw4pSM_IVP$dMM#xBvc=?D~7}Xv3+>ZnZB$I*vQvdKwc#>&8jFE(uW z;*+BUiKx!z^|2W&G#*MB)NR4>Ko#;}p>hMF3mOkkG8y0S)iD(L%7 zEo0`BFM^WhsSCfq-j3?Y9Nd7r4ogg|E1eeGn)T}{k@kJSW7@4dQe@F~R((tX2MT>s zTtWiEU4&Y1^OL_D=b;qLt|;wem0+O?{$ppDkbRL!a6t*x`o7Cw zYkP(lB<6e)be8vfP$y&c0)!1j|Tp$MlA5v@r^d)zpT;0)rCOj;%nK)FUZLMdysW*Z9)}Be=P6s*H(3-yd8hBzh!-#EVa z`=+3l6H3YOu6&}K0Qm88ZI^Gpc|@$-UDZidr1-vSr4*stKk~aFR+xUezLl4w< zExj0e-G7Wk+2rd6_A7GXV}Dv1BQzuL<;c&%a9o2R3zEGxsJ(BSrN1%O*0s$qTY`{26vLzs274*>q`~s4&uqpjr`s$tiDklML{rvA2&OyS^ z`^u*=xno!S+K4K z5mhd6?`W+j-}%*~*q9+{$gl{p#P3sj{W!%Dfi?+PzV%)r0FoB@NkrsBI79c0gCKh` z=NtiUp-%Ziem?9#7yKUy=*KIKy=|3{l4_pbSl-x>pnIaGwm>b^DNY@Hi@TI;PuPk< zG3|8U7m1`6pkf8~5MnME^!~B)AqTa98Ktsb3&hs#SPb!1&CRtZ4jf&lC;sn;l26te z2xY$+hm2>bSBDMioH^PYfrV)M8+3-PrnubopA2g%dbsDK4v*H-SBa!R%i8)jCY}p z*?MmKlb%?ZZ5b8+5n1>a!>5MHJ7SA}7f9u%NXI!iRSR)hv>O26=ytqu)G(bt;{jS` zOz>c&DmESb2A(?)CIagxt(JQd2bZQtZ9CH}C*DHB7^TbB0y5C^z0_sr8QLMmV93#` z>nF&t*z6ZWP_Xb^XF>-C?zlH(=qRm32vzlWwL+p_s)666h__B%EgzWfV%ykeZvFDr zp${1ZXt~Mb2%}4Ik0ZI3sxG^99P#FqVRN&sYpZcx77cRGL_t^fKkc?A16h|?qT=kA z1|C`*lZXZG2TIUg_+c2O_0wB~WqPYixM{(zCsTzQ9F$R5>sr+oAEZ8lZycYTFJRG` z?#(o85!C5ydv?sNof`$I9Q2Y3b=e`aIxtj$qu^k>7x&HP`c!1xT78Lm3DFE8mM`!8 z@->HhJ+DbHqco3+I|UuDe3APIP}awU1QGB;TLd)nIBG*^<1SqWP?lq^z!)rV&B0dMn%h6&>|`hWGI>Sr^X4K(GY3@TG_l{r;w|S zv0AZ&Zq$(oT~j7cE7AY0M&G>qSR&wy6Dr{)N|WDaz{^{H^PTsY$!OWVy|JSf7UbFP z41&a`j#FjA56Fj^7FMU7;xk$boZcEO@kICCr!2L{_vvLQq$DM=z$FRucN?qlELid0 zhEE)RFA>;U4k(Myd0CmQPTBbR@q5_8N3G|BP^V;35yxuPv25eA z^*rH__KTcfe7q)?`FKO*v75HjB5Pnu4&-y$)R_lHx?j9H$ zv!Uo_`0L4>J&D`uCDq8rJiRmhneVJX#B49x3*ZW^^N9FpLINPG59T{RPgJtCe`4%S z`~)E2yL>XeW%U6*L{Z5htDU72!KWPtf5nu3$7(MmNj6JsPYBxzoR{;D!s^7;)ybl? zZSFKv4n}Qt3ZHN%fj5~HSbaH~@BQ@MaB=6b9RJ`X&A^<1$Dl02 zAqYu}c1>%Kjt{oxH}?r~R}02U%pn9=SXcmI z0hQ}^%+1TtJNq zQS1C$vsOxX^jcuJLw9>7%I6m2oK6qU@b2FGVhiob;8NZ8e|dWD9YBbZt+BPYU#16N zDqnNFsaPMn&JvQVU3e8)B1y-@hW&f5{>^4HsFNCs7KGO}|M*;Yu02@hvtQio7V$)^ z*g%OoB3j7({uiDyphVKsKh!2F8kT zfxljzJ9QH=2Y)t4;#BR8&o@jzc;5S%jsX1B?jSXbUGAJY&)$I`nUAG>|0-q@zn5q| z4Ks5Pz%Ov9dKSvU;Jw^gRN^on2^`dR2cp^!rZxo&wR~83LiniTNM91F`YK&9jRjG= z9|^}eH!!=C7D)H`TFdS-Yeg9ntB1`ytKtGww9L#2a(5d7ScRl+;q6ZozxX$gWmBJt z`%v6{`qUeC$m`gyJ33&H791G(TscRx4!jte;J{3XA1JU}(6^{OaWQI-ekMR=fbbDm ztv$m546sxxj#kXA$$s$68zd>{$P)j?uYkKt<9=tQ)|OaJIbfYh&$ZDSRju28tnB`IFMQkxdZLE-hzP-*O3A_=iiD8{NRFN&-iKrK0kG+}O+FQR-R?ynjfA0Pb|eh49scOFw_PuEzkKX|XdRLOm7 zLPdrlV}_)^!E^^dM8*D}URU&`FjSXAHtu4C`F4uH44KonwP*Tz(u#)-+rX2nyvwYO zMwLho@87At$zXs)p-M=WE}HwMwLZ5~onLv~E-}Zy8mV`OKxyosco?4-cusnv0R7kq zT#-{dZ$bE*sFl18QcK7wGj*?~IRs zaNYAmDEx%U>%Ss#NTnj)llkyGzr3^9-^?Ms$u$G<(WzBjNpZDm#()2r`(^vsz~<@6 zPlU45Md4ka9kNF}%LE}^z?9`TUKXVQS$ zdraF^UgA8Xj{D$_oLRvSKVsttPY78c`Qjlh&nsFH0B0^;(l7yn6|yY{*ZX5W=4xIX zs5`p<#eT^_;G}fk;b^G9P^!%IPlssouV+3IQyG~D__2nq}8YjBE9kw;z9Nm&#D>YEc)drbO^@n0pm95FNq{e2`bo45gui)ORd^gaW5 z@draSrLp3PeqdySm&T$Xh`CexEzKDA`E{53XVXs%IUs5ir*`>3HRcM|ozILqqs4Y! zbC!d_P1(*|r8OVUVj%LwV!VpijobNx=|C3B7FJ-lg&njZR<%@!`5kM`wHmt>o98xh zy$f`J>@W6btPL7`JLu)fanuXa(!7jt)btcLhvK(}J~7flI#Xr$#BF zf>*zuz;Tq8#N~&x!jIk!F1gS%-~deGRSWF!4VvAhwZ{)Q}m;NcD8!)!pJvrKy@MJTP~43hZ`&9YPCV4cDK+-+IZ}+7&=|| zdBJmh0A+;*g*MQ^?_P3qU`mjKPC1C2`5c#@xQNkvduyQ3F5t;{7F)O|kXt-x57`SzY)6N`E^#lxdVJ<5eYnP#iR>x-4LUyRQU8l>qx6f3~{O3x1*seZo+w~od^b8%RE z3O#PUYuV4Z)tHn}do0B*$OYzO7<4|11;qjb1NbdSVajJqOrcLl{n8HfQaVd{x)mv! zj1LHOUR;F=hAa=tz89ty&>eXV#C!1WxAj7dEXov&hCj(-ls9{QiY{A=aB<$%Cm&(GkY73?p- z(lykXT> ztLEvSNnxNoh=5xCl`732{HmWUa1;L;iiZcwdCE6%{Tm_1XWoNLv;_XYE7onEU1+>{ zIBip2b~5k<#nwvD1tKPAKGbR=5Fw*&%e?HbfFu?HM{~wsUb|O@vLWnS0LjUY-^>!Nr>PL> z!onNi;U>cZ2u5v?#V8ecT5sc+_vg1{dsC$^12}^F2KFsm z7hl*%|gf_GU>}kBDv(S?zUel)L_6W>Vi~gjD*^ z(3dugTqM{$OF@6rC{4FZ(A$TcS%U%{jrFH~#XIjRPk zEh>BKUHB@GXhO}!3vUTlJ^xr()Gmpk<`yNtLn`ds&PkE-wX*(XL#TfDO=^XL{{e1>V$UAwa&CvK97oP!1 zO)5O8VNt%K4wRxgiuWC>pp=>xlRj8ac68d_I6_ygdWk=%>B$S0Q6sY?K)240m|CC` zPn28_<^u+;xclRPxojTK^~RgK<^x5%p011dt3wXsKwWGLo_cAG+yJC=l%go~HYnDj ze5;EFkB}u#?|#=$r=cnEPsL)y+eX+V;5xsneP5V+C8uO+gFXdULJh- z#_@f^?{$AhZ#6O>?mdcD$N&y$H0-lY!jTe_Bs0?=Z^A*EP<1enH`5p4KM^z!l9SJX zN<5F|A$kL3U82j}ub0_j__V_F&@tgF@MeHW68j<^-@?1a&+psb&UE$KwJY8Tw2SWz zFJ5@7)!D%z-AV3t8%jBvUM9n*U3>piTK`&eQ=5+0`!lt0~^XEk{N z4U(qdURg@fkX2}Pl{S?I77~2GBwo}Vh$n?U-5x+Th7| z!j3|En~>Qp+HnAoi7Vvd%W0~N&Nh1_i8@6299LUGdBhgDIS~n41js$D32XGgH~~(6 ze1Fj^7oVZ!Wi_k?%c+&P-GggDl$Z-qYqx;+Jly{xJefWdVVk`Gm?od)%x*OTj-F4?a^?rZ7&J;QOvIc(hf z+0V1qnsfeQPH*I{fFrBzxAlYDpCKm#dhcoJ6JaBxraNM&zYjXh$Y^D<(xqPAS-m@QQT9^`0ZTVJ|F$x97IC>vjNlPa?|mz#O%Wg`>( z)85=MRv61>Kx0Y^_8JiM0v`k@-|pp^!wz#&uPguyo4cUIP(#__Sj+0wn&2G=VrVc| zPJMDOGH#=J`XISU`J&ep^o-%BqK#p9Mc&n^Glue?p@I|(u3igQ)Eet+)7)r|&F<-$ zuAUwY>`>CeY6knso$D`ucJ%zH7%-IT9Pc|`XXlr)>Gc*d=uZ5>*w94|0>p*Wy@j(M zQI-Su9e$;~V@z~hAvGSNNebyd9Tl+Ut-e*L<1C$*5Lh2c;?h>-_u@BcC~SMsjl=$g zNo5jDxKbNBo3<%x3^*}(%JA8{y#|-)R32Tc`(`e5tW_4ug=-ZIW5hrJ4af-)wU)0h zRwW1?J?Y_Ibw%kiJN&B9J+7qS1zl{Sk+B~+a}N-B=oI6)n=qnOr>_yII&D>7u2wIV zTs5#d7c$}74-T+N1_w~tmM7FsyQFEQQJ_2$<$Q#-h#4%JC7&~YK3>HkV>{vhG;{aU z*%8=cUsL-{Ht0v{JwT(r4UgxX7C#uQJ9bg)6Agxu5b@bhI`2}8@yT6Cy7MWhzwO^A z(71XZm9A48*aM&EKkkO+O>?AbIxs*e58*3jC-FED&~V*m27y39!^s5$X`=-Q-zUng zY9?zElZ?U(bKO*EhJnhiSEEeryA3>cdREpazzb(dQG7iBWgq8}hL2mxm zYJx?qK&5c65Ge6vKHKVxjE4TNyUeA=PEUz=ZI_aIFM<@+&vD?`+x9yxo!WLg8CV@% zh~Y9KMDAWFbt>m~Ot{WVOK65tD6Rj!uB{>D^T>4k-!knaML)zlj7 zgaX=GXtr0UyET89NiLRnmIzw}MH!keIs*X!7|1x)&X*E^G35X{68$8V>pxE=%!Ufzp3|-*FVy9kTU-u!^ z{ZCMnCbRbHfpFAyfB$wp5pQg3aO_T~fkvv>p*mErBG$H&dZHFN6Fbd>k`%AWHkxm`Q} z)_-X{$09=_Vu=o>f!Lez{wkB?Bz9U8KuT#`&H$%>Qz65jUpudoAr&JGtWSG)-p#dW ziZ|6}%`Y12uNBe9ZFAM-g(SqUQF8P^h&l$Zg+M~AeGYXfCagUkVH zzXWQB-9gMt-465!xWySFy9$JMx&+8GA2NLT9K}K))~X$NBWpGtJ(JuMpCwf%DBB#`$^?(-GMTz?1D;4DiM zav*CY9LZr+j!~X;+sykS&?ZAv^P0YbXDE9p`CUaKoTEW~8lkfwP(|5lLXY6~*b<4i zThatkD-8ePKx$Wy1g;^!0?hwF4$Bn*To|-}N|k>U0YLW}Sbiy^Ohdx}2fFcKRtumj ztPqF3Y*2p2(PT&UCPk<{w^u;xj^#ic37iAUGC+qe2+IjD9)JjZSY>#FHZ!Cqza}V` zWV`{1qETjifSxkYVfs*JL8D=*Xg2$#6J*L;$^EnuW8!tuTM#etT*44BVET+^^2q?Q z#RU2U#+7Z&iCvOE4A=sn0xT{VYbfYR%g}%{3qTR4u2tGLZfD}Svn+Phsi$bu|NRa3 z`JfOqmt-*;@6A=NiT(KT;}r2}aD}g2rVKwI48m<_YDyLE^d`gk8Cu?=AS4Nb-NFJ@ zFcehMkTwF2ueY*C;$URZUfhBNb>m^giRyNgNugN~^o-iwaIq*h9;zSAr#gh8A9GAZ zNUsMX-tG!0Z-8Z1pXPxkR}JlbPY(GVaVn-pZ4Sax)f%pTPzrj?1s@DxXe4dW}V#%JxHMF z85=f09ruufenIf9P+Z;~dDabsBl9LLr_A<3ZLQ6;sye zhO6)a=oK+SVY-9*(`ApseW~Qk?!iYvT)6G?A9y zZ<0kl_>23`!FA3}i1&|~z>wr#@Osz!!Kav-Q?2hVuhr?w-m(Lxx9ADRbI9)>28rJJ zyixtI(;n>MOR`PN)?geuzVu37DSE!V1P0O)DzEBUVXqPRWHCP7>UYlz(9@E zQpSeAlaS!8rwom_6}ZaV7Jw=M-(<=w48JCrk_(d<*v4)Zj6fMq7AB6=pImyt*=)!b zyO!3A0GWX11P73+mRz6Xd4SCTMazT&_Z#rnJ;W$Fm6+lA4u z-#2Axlb&c#_>hGy@>|yMr)OqvT5DX49OzgWC}a1D`^*w2F4(((;TW*mBFAI5sVcOf z&fl$@hYL(Z;7$3Vsr=!D06w?0)K+RBJw4qu9gJz%uwBB#=b@;@4kA}f0x`*2E}`}| z(FDL($bM}ZAfF-+69;M8oey3<&r@_Y0LWsZDoE4DT{54!#@n!=-AASOqj=Fo@6_(2 zPgA>gDTCs1Hajpe{WFe?z>*P4{bj4DON@?dzCgHSxBWRjcc!2P8q z7vIlcuq2Z|DB~XKhyOl@Av%aB?&E*|E38J={(oER&`NzV`-`NXU#_D$Rjr@DwmPQr$JZ{(w&wiIkScC+oAetYYoG=^h zaLFv`LK}CL#>R2W?oX?LMpgyoi~rA~Nsx5$J*!?ZC^wt&>DJFFVqhzMbmQ0wTIO9# zHo_MRZCzMh4N@=2w0gy)5cHw;Y_enDFr8R7L#K@)Y7hUv6=LP|t>ngA{z?9#aZ^Jy zKO1GhJZ{!q5s_oAs?sV_(5#q9Sfzi2U0dg-`XK+Gd*y$5g~vN4d06qmr2TEt5{KY@ zicrz(6-3XU8ERn3JNS|f@@Mxv(;P*?XSb3@T#>hUnzb(<&F89SeZl&zq#Z*f4=>jD zW}w$qszB@3{cIJRs(&AX9D#YF`(B+5$N8q3xMPEuaju2K5awQk11Z0GOo+_plGp7^ z?z+B&>86>?^H~FiqoO9~Q0-CLnqLIH>J0;$d&#{X0*#be>o){18{{eVBe*ehhP<+= zELF^3WUg3ptr;3Ze@uDp)g$ctYi_cm9>?`#$or$Ts z_8;Wy+1sS$8au{SmZq<(iH%R&VTlOI4;k}|v{1)335kes$1bgi`(Vtoq#Kp~;qW4R zx1^Ovb@RL70cj~>>gTOhYUecGrJL`Q2iJZjb5;*n{j|Z-ZSl@->J&t6z^;?vFAZNQ88uUKb--pywTLYAhLFAe>XF?6bm{k3b_;C^uAIuCIwFgMO|GWUR;uYl^LD~ zR*Q3=&aGFIQ`7~4lBz1mYlTT%=W4=mk;rS6m)~>d#|~;4N*Pq%IjqKbe#R@p-L|!5 z_Y?hQ<8;8Okep ze#MY@KaBz6X7hKRW3>K>6+I{-q((C=jVB*dJMUw173&eVP=@wx$KovS&M2E6pIkvy z@u(fL1h~|v-1Sq{;NIlaM5$H*^&?jyDh z&#BiP)yGYYV|M2WJaMQ+DtUCOY*BtB&R(Q1@|&inAo@zVU;GwB2@en1h5})$c@*(e zAVx&<8ODUY>F+;sBlczg9@j)`f)^g)5>A=u?vt9@Xx!7L^Gye%i`>y*6C z`;PG^9Fo-VGFr`-4NlpXy!V2E*)Qbpzx}*u>HNN{!8Z*>iT0(X35I9tpI?=1?VonS zBUJ4!6{G9CUcG%J&yJFuzX^ObAF}MmWHzDdk+x?jf7e+w(XnhhMF7{P z)G*tym`Rjz=#PHq_WG(9Ee~tLbo2Mq`e!y=N~{R|K%0nV0aN_EeB3*pONAv4Eso&_ z^eqi~7Wfrau_kT#+MS%}VKIfj!YkUM?*vnR^u`aFK(l+C=Co^iAJ&-AD0 zZkw?hZNBVje~l7i6vL2?7{2=y=$~1;sNN_J1tgOGmjbDM#@*&$za@BsO1IfOt4ILh z_*AUCD^0q=?~dsZN!-`#o1Pra>qqf_?z2j8AKfGJtNlKt6M2PZ`n_490#8=|W;A zTvR2-XK{fZaF~^KZDeNDU`Iuk)~$+9)P$r`Wn~9WnLF4~!8f}QgFAwMRQ`CgnG{Zr zBITE__9==(&0v?2QQf`o`tG&*XL)wh)|U$NXo1Dh5sE-Nhid8P@G)}Bqg1t_Yf>{l zv)Fq~X-7isr;s{8AQ7tOmzq`S;`b@6@I&|{7E0~e^KVq`bHZKtzZj&tF+_$2zBfF2 zMD7INYSauHp}3Nw!Tn&Lz}|%WCMO9CCPzf212az@!I(r16>Z1U{a*#iM$vrua-SZx z)qjcj$zM<6xsysq^V0ek-c-9lxp)5=CeG6(6^*#mWbRUrvkK3LSpBMR9uet%B}WkX z^cg-M%6Z+4W$ECMSz01O!^<6rj9f2{dH4( zEFr2`uikzb(rR zz3Nm(pydgxza#QH-^zalZ%iqgiFda#*%NE@Z{OPU(N?{FE!(PEiIBvy8_7r*-KjZT z18SyoNb5>J>)(aTAZcLguZ9`<+QS1WbA0D}=cj5dw2U%~EjSdKOt`8<>g?v`KtP&c z(Z4HCH5yogNiI=1NlD*F+d$pSaFH}NqQ?4}*7>0R52EVrq?9?JNLk~Gr}hbz=jE5F zBN}H8m2-3JM=L=jTYILK2e{q(qNoi)qQPej&U}}{G2_g9wL~v0aDCMaa)y}AYxJ%s z@YvSR7JbX^C>xo47S*HHTiyNriZ^oXDhf|RVnKsa#}@BK?QGE?x#9uQ_vY<4h6K}z z7w7r&d7J{ta!sP}rE94J8~Mq^cDvp%_QAvBykGa_Tf~fLK>661^Mr(^QJz2rytCan(+q=81U3 zIanvvo*_nDJ`(x;0nt`;`Rw}FuU{EHu5D5WdSw`Ooh)8kJGe|ZJyGq_XO#_c3*p`s z&~IujqY7-i*BiXhUewFF9~_X6wpn|f6K!r-t0{)%Tpo@1qj13ptJ_M=r2E9}NQTp% zp*e}a_sH}3xUn|jH0`!@wH=ifl5>3iROw%?56RQWw>IQt2` z*(zbP39n5w%?gcZvcxErpSdXHslT5xZ(Gw}df%t>XT}2q%0u{#?!q{8L=mNEL{d^O z*ue}=L+H;cT_u7|jHheK(>B~bVRyeM;$1^lg9s~w-m{N0mr5-KIqo-Sv)?Q3jz(uX z+O8Sa*47?v)m7zQtm9PMtp+qC3BuM{L_F%mbvmRP_pQh*%<{Z(5Am={Ftyc*pP%5@ zS4oFNw+&`Qon`e8@BH8Syqn}tv~l>I_fp)A!aiy z=F635r}jiun~Aq>-@ct%TI%zNHVU*t`1y7ER1PyvBm&a{u4i+6^(W4x$WLEDUwS}f z6Ak`D823(+d*McY58=_&q_gp2=v&v>)*C=C&0vkCi0r&_NDU1i0#gqyEl@}-zz8xBeYi{)9v%t(?hhg`M(?Czsyka3g#BS2?FP4(Ft$O%bj z4@IGZl7^j3iOwevOzjEaDR7CVJ;=%>FR~qTc$)cih$~}kt!Hs$8aln~yRz-7#rm-6 zoeVl~+a95`g%ITpvB!4nQ`BEPgj-pA*h6=s#_joSfP%%P$B&Q888uCe|G90K77b0d z;9hX`p-^fnn%vu=)g`H`XV(G(1-cFeT_tmVF{!)Q;Y+kjbUC`P#AYzVk%UTMf9oE0 z&lSzd&Vt?JsNFGwq97paS=}d}!g5fqxIph`mD!r##l#hybF$vGX2PYJpnUw;Q?XT0 z(n^9E3XvWg#M08%K%gGq?w};!eizxK9ionqt1=1v6vO^+{#i-WVGTaMS*G2a7;Q?bFheWVhxL#Wu@M)HyX9- zAeO*CIFx(g5a;{UR02*SNpF+}z2<7Uv`>YR*yV+H{OUxxS+7lRZDX8;ECoAzOv=bi z*O66(lj)ivqPLmIVX~col_Dkk?q)rIPzopN!m0&!AFKp*SNE$W`X0{~-``d#H*IOY z^Cl;u;e8aR;AQd0$|I$Yj?Vbb-Q8Wsjh3RWggSrVnznWs1+^b&I|1IWS*4 zS?rLOp`)H`qcSMWAy~VMOm?g1W2kb2)qT0XGJ+>>V2mL`!}X=RJMr=|rMN7w5F9D- ztM~5ijMeMh1JhNm(l*)j^nGRp{`5-^%Kng&`6v>2Tg}61HC)u2_-tFPot<%s(Boru zCFy57zl4yGK#u#n_d~`vo(&MLO_l}k?P0Qqe9NW*7{_lZ8G86elgUZNTtHK#4`tN? zp3-q6pp$%NY|H{1PkW}GpOCLM3Gyij7eP@K4#D_W-Q6!x37Mi{lW;}t!{I}FiZC5>;9~d;8Go&?v-cuV+GSN)qWVsrgJZ_}sPDt#YB9_jn;xzDEy?>o%>}SfkM?Bj{wX0*4yT zk=ca{nLT$yLtv_9XSajpQ;xvs=q4;|?5)+6N6{ZCAWYd1+gx~!>FQ@hBqp|AoIkjJ zq}a*=2a1G*w0>Jp9{er_k)8iyHZi#eH67JsYme(NV`b=JNNk3jib`OHky0*pM+c4H z(WLXL<&pU_!y20P|0avDqZD8f&Q=BNQg^dk4ovNA|u{`}BD7R5jpFDo-zll=-4z^0G z+i({yM@}!M1UTZpDCCWQii+yY+%*`XkwK}M3Q5bhVv}y#C{&b01wjX5!rX5O8m6Xk z;ub2I^eEVz#OcL#2d2IiFm$SPNgi0v;de9%8FzaDz9y&Dgm1N5laA)~+Y0s@(>?uP zgWB7WwQV`c`ebP7DRETzPNk=~r_r`{WQ^&qFZ^{53um zGYPGftT=_H#}5&&f}tOc%}gEo6=33pbQjgt{E5^PI^XardQd&Q>`Q zeraes%>(EIl~znd;|}wAcqGhD9gg#u+Ke67g0r*F435N?dg7GVe;j`^Xni|jzLjip z*=I$-ZrZ%t8?vyVylHjjc-PrG@o?sw+x&{D?=;A;cC2~IH=!1Wu49Gz>zldCr!Hmd zAr!5wJu1g+fF}2T zFg^$0!bPk?OxJjo$-7{D^cdx31fK_>&l?*XS=r7%d<#cSIrMwn8&s~gZ4{0yr5V!WP-8y96$(Mr! z;?-MKAN7JZ(|otrG6RHMZ1?Ln26a~JfAXvLrQwv=o3&^c%`PuX3}kd$4Hj3tQHzMQ zC(LPiuB1c|{w5@a>MqC#9#c@<4f?8&Uf3z|+WN^&@Asf02#<(!e>>_+eRxx!@7&K|Xiu?9ge zxkISvEHR?}xHB zTJ=S-P4;)N(PkRe-R?N{%&b3aA9Q+QjWHi=8;lj}EpWSR67tk0K~W~)?7=|5k@pom ztZZ9+>w|pfv+f>nauqn%rp6?I)2hGE} zAunGvv7V16qWY|zT4HUwCIU|R{sCD?g`TycC2)t?PjX92+Dc(@QEG-ll>y@|9<9 zSC{b%bF9ZSC&{dHpW@?xwr8IZeYkP_lrWh0QCxS=T$cCe&!3T*!24@qaG-_|2OGc@ z?yV0bJ)-ph6~*IdA&%e`ydRou-jBtPZ~ zb&8bWvz6$DK1bTer>6@Wn2Zu}q^6-?n_Zp@m`*kr$bboN_5^rUe&PMvs5i+bDlF!J z>7Ng6jrj5vQs_rP%C0R5d6%xgSL_v(@u3TVAPlPfbl7r!X?m17dBwIN?7T-)WP0 z*qQJTu%Dg%XaA(Lp0?=71rlV0$0lj5G;fBK%h1rAY9v1UPD}UVQf`g)c^N0mQW#~W z2?$2bb{zwg1IhDbDgK-3 z{XcsN(wDy=d^rR(DE^RhQ$4s{_X*7jhRN^+Aa*u(N<)s$9J6DY8qeivXBeRynAKAb z@GN>{*4D12CS68qIedzZm0G;;4|30!Oquy|4bOVtjy>`n9X2*Ytk^+29TGqXK*KwY zeE7N}B zFJ*KASv8nkT8cAI%gTbvl5wqSl|^12&vuA?Z_VlkcF+gG3svc^Fe*hqJE1@O&gRwI z3dl}f&>AyG;auvaadA%5)qks-tQU|vG+8u6M5#MILPwW{9o=MJ?@b+{KRfijb7)Rp zhY9zOors1^y!da(kwE#+vbHqgblei~XWuu-{i0Rq$MvII>U+DYG?cRXn2+4D#-pI* z1XqeuZX~?EwPo+R-+~Tzjcb*ICm{qv#pKi!BS7d1_Vx?Fa-lJiM-YU-`AX=X&1q+IPkZaU=9A1D^fB`lQX_Id~T5 z3VCraJD#d=pxfCgA*AKy6LC)oM^tUDwS{KRuK(^fDUit&B08pv`iBBc?YVvb{sN%4 zF#-#A2kR5pJVPtcOZ44a3*#&h6JQp#@?ock&cTpYp#V&DeAMJ*yF3}}?^eUO;w1Qv zD{~mVBFcNT5?6acJDc7GZpGO}TLBi$grsjFmXxpy-ge z__h(d#VS(pt5ISidvg`P zlOmq%q;lYf#vW}s?`#D5M%Tr(YmZrt-SUqB%x}V?8+Htxj6V@=BvDMsmyheuHzYrb zk_oz2gx?~rkE^X!MQN?$yA#p=^RrRGRV2T1X3#tpEoBZ^{`_V=5`{yQS(pK}04gjW z3o;Fq{|!6m_^rlarYsAQdh77s<0WynO%E<_$mlolxMPJB?~~3M5~k3r^nLG)(-U-W z+evaq(d;*|08Rp(*8Mo_%K0s3?V~9|Ui;4+c}?3pJNmnk_gyc3yF$63u0D+f)&RLk zdn_0V+0e<}Mq8TBW+osL4*ITLA!-vx?(HM&`QHpe)hCZBHj2NWy4?#*jb@JvchOkxWH1Lw_7=w|bcsHoCpLn`x)SRU+VY z`O%Eu@mJYLz!-t`dO$dNeMYq2bh0ue{j&~g-35iKE56(-rSIT2Ybi<>PPTTHh%We7 z3vjy~Dw*KytUr6s5RrQzjnjN~nS<-zrsl}LrN6RRp;T?le2Ol*vwdqI>W!tT>S;JTZnPleGL*lP%RiOmfUx^Cmc*kpQcm4zw(|? zT1s=dxMgyG#$_A*c5^c4);?#DQq4suK4O2{NF3l>fds+R+{5)>1in@XkBuMNMV}Jg zuR1t{8n0RqI^U~6tsw$xTZJAP+4up%e&xvZhr`*yX#sF@I3AZMJG<7$vuPFLG7?uc zN2M!Zs){&_Q2p7>ACQ#P@HdS9i@=A>b;0ob~EQIP?9^9Z`(B!HEVbM?_c*L{i5!Dn)f} z3{Fl?_%JoxspC6$jJ#Tmp_w%%iu8c^OP-g98;XMgy8fsUf2(E?gUnqA1rJG4c*?9V z#|`_Qe7<&z%!Ch@gbP>V*|T+DAD<6pa~}|`yF(-QkO(V`jA}{?x>6o?qSFR*E1$by3jI6gKiQ-``=A>%9Y4*a>*yl>gSH}0eAi`>pAeJ7A|^biIz<LOVS@eO9VXEz7r$0Vh(T zNdZB}r<{U?uU5TVTWN;?1XpgizDsCx1wsT#y2%Rc-X?M1RF?QgT&lq9-ip)>Nl4svo21Q|3M!3i$v>GAk*diOB_XP%(W6Ja?l z3TapG?svnx&2P}R7gHsN3*UBdlXo2nVexsD+U}LIab~+55 z$?U|0@8swl>KATC0Z!rs8N_4;^o*5qJtrq7;l&3qAs^5B8cJSMqm$-d8cg4aL;iZ# zxh?j_(nbP743;B?}??}lH+ zl>O$vV9pA$RYF!!PR9vEi=t`Es4jzpnTmoetOH{n$K|kj&x@W?6*41}*KvXZ?x_1vlbh>vqS$ZbN-5~->siwkv21^iiIK5afS~|+ZLjw= ztIW@npw1%6k`kA4To>u@57Dt_ee?D$T<(qFZ0GHG7;He$qf+YtCHmf`!=r^Z=|(sk z9i|iRK7;eD+IIQoGb=0R)!|Daxc#K0(%XBc@Ph{h^#`x>{PLifv)>%M^Om9@H5DE6 zVZYDk>}ee2bA=otr$__VESQNSN=7ih1O5i|4u*KQQpA$ zWH$?S>;7D}qk|#Vfv=Ch&n@YTX0CwO#Xi4a{e?JyjS-nLv+w&tnGA-XzkVHYw0@`| zAt{@)&u$#@22nho%e9tielu>$7Z8L?gA8cj7m*m&I+rbs@vO#vJ)uQ9Ee-wBj+E=i9Usz2TZU5(|T0yr#_4YUc;H z?jVu+!L@33$ewm~cDQ13H&wB*v1JyLTT#+8GN6wW6Qyk2H?aXW#I+om%%+J6zeswO z?cb^7fNO7TET2{EmtL*lh#MMP{n^_a3R$LUd4uy!L-q~+b=1xanT1x;k8Wqm#2$M_ zfN9UCvI;tC++0JuMKy$ZD?6KK6VVxyMsw_ZQbzrk`pfCb^?yqpW37D-vTM#t%qy42 zB!$>nFxh6o(9keE!-NV7wh!~ z+Y7Ri;3d;;%Qth~yHEupX5rV|wVwU#Ad-H_y3o4i($Iv>$cZI2cLo)i9K!^i}BMtt!-=Vo(?tD z&o)yIR)gWj-4F+0Hs8Efk?IB4v(~aU)ahe&2AL(4Z5km-;^2!4i0(FLGZ_xIVyyF3 zx6m9|vP(8HkkXGY5c1BS%dx;#Se4it^ODUr8z?hDzk2OzPh~@f5y-zG>*+EGT2gqY z7^i|wPTm3&=2Ej)ZnzW{fOuowAya-;`t?{zwtahlbw*YeMnZNIzzC{K%VQ`tO)}sn zddGO3#>IQtmS=KuGQQ59kDtH2OUl7Y_sfcHH%6VhY+Hz0rTx$Qz}i)c;&9YWKMUPZ zw47ppQB}O@$-^oViY!r^FJr&NN!b!k`*T#BTr3oXG!Yb8zghRK1SS~0?#FjvU;|Y4 zEl2CsZkbnJP?VcbTz^YJ_p?3`nhkr{^<(+o`CjGh8ZYe=S2A zzF7r$Yw^xVQl-J7p@D@@W8-rk`<2)17c;`pP{w2k4d=DH5V4UFB@$^y5R4ZVats;M zUB7vA&VIaURKv?Vj>%(M5xJRR5rQ1&DL;Skr%xTi!qCchE^mS-bb_XI->Hpv?<9_z zhUO`C)xisp3imPsp(UeibO)FjwmU|FeTLQ)q_8%e6D~;hnf^><3M%fcb+1OK|IjY8 zo}h2)tyI(0)WN1#lJY}KfVD-zbAka3>p-pYJrrwe+5RFO11LeWv-=rp&z&?ZW(3aV z%L~r}WM>+gaC%eXH@6d`_czh0W}Df${QH&mWq}m6g_pa_|>SaA@f7PIpG91r{Huxtlmj|8o}_P6tfLD zOekM@)_OIBznfA5(JPl9zWf?TSFwv7ZNZ*v$GtAabX6cY3e0o;M7+9E9Dz z0G&x-A)|dpTVQi)cA1h}`Wd(hFn4q%nJDm9oZ1cb*6z%k5K6v;1cn4wnUE0iD`oUF zu(>#`2BZ52^F9ZK1u{xjn=LqPx-dvax;Ft&XT6_nqFi%<4h2MOnoeRWNNGTe<(v@G zl^yel0l>&s(0%Dkp-P;haVK(#eBO8P>=8fMY z{<8j1X6O*21)EK9UfXKww}{zpJ?%<3=LV+E!QpT>aLAC2Mfc}EAlCa{y{Qi#x%o$M zQ!1Bk@q!qpH7z@{OM{t2Fwv{qd||3Wzxe2sF<~G+F<2e?XG|ReyZ-wrF>gndMz_Jq z;Nhr;rbaNe7eMncv*TKUbo5IA9_#Dfaqo-j*Ye+h4wRfMz#1Is4nGGHb!yGMwVJ6+ zj}71H=trA!$w7q;ni!WeTcX?PA&bk>^YZmksntTuF7r%%ca`G3chEWLd!|kOB4DH7 zx?BKgayUV2DfZH0WMdr_mnk|_Ai8s7iucd26xJ&jWwbu1UtYu=h^{RSzw;faw&P-* zPV8`ytk-YdLyz9yc76RO!iWgF2Qc)}%5Ua;nwM{|b3Q;XRqqi>nM{v{oGs(o`*&;4 zH*gjG?5C}*Ws3joI`JKL(N4M!n8AYhSXzpCW;Je5MN2J2+RZNCCue`9`Vn3*#oIb( zq1MaFm`SChu?l1c37mr#M_kO#2`U<4pe{`8gfUd_+avUmN$Jz4&HYd_8%4~_mx$Pa zS;=M^A*cb=-RH>RDW}@YD2a(01+p2@#ihk+o{!EF|6>-Bw>WLN#MaOd1oi?*1!P|x zb0Yg&GjtbTAmTvzg6;yzES&3$zY)OyWT!sF@wkp6KlA{9{4U9+?`Or&VYYN(^V#O( zh?31^0Atl^>?v8S3rf`eQmLR8Z!#|d3_VCDldMz^7Zf=F6NJUZc^4FrFpH&HIvggO zIr5?rkB4?EDD$QPe*`!e6n&`@;%{8t&bciulXl}F$)f-c2y%uwvvIjs(XtSSgYl0a zPI5IX>ojRHfu|Zhq*)YFx!cdc*Z^!CR1V*}O_zqO-asi_x485hgLpbIKHjvr=Tnv( z)(6n=!EC4pkFf87uyhfD;2vSO7=8$BGZ2C8ot@-VRMC)PrH!mE|4PAxu|!xnio^Ye zW2ukuV{QDsGYzgGomoe}u7Enpxh@f^7a#~%a~rHU-0Lsc(9lSERxs@Sh~$U*QryIV z*lEwtem}QK;+a&?P~w>x6@>%F=jWMkxZU}__}-_@oH@^#aDVlR3798w8E#RKD-!Y8 zE;$RAZ^PgF<`G*FX$F%0tn?J(w&K^h!!Jf^|6+zGQzD z?*sW38g{!0#1t+Mdpw?c>m9^r2jn%?!Ry?&~Iqh+I z4`jj6PU(na2UyBaj%!)FyR*;b0N?I@-?G#D(BF;&ZyvzC)EhxiYG2b$>Vg+38ZIcv zTgV|rwnc)T8}+*a#P~J^HgrQly|Ul6iPo8kp zZzKS!#gdK;(3G<8F7;a5aYcPCR4`-04;F4C6qUoeU_CSUopR*`Z!>3kN!Mo(5=41> z#G!sGY0?FQKa$fV+a&JB(deP%;_`u%kJ(_l?b&Z7j+~*_d0A3W_tC5PRMY7Gg)dt@ z0Qe=gtf55ad|)U=wcN}5g`@S_?wTOR`=}_+loTzggoD2fp8E<3(!TJ!j16=Kle7f` z+48sm+=If90wgae*)ocGja+YK`1P3v$0Q#jk#7uy&`RUE3-srC4B=cRfhN=C{H*i1 zxrNBe>h1H}b3Aq&HXuW-yu9#JK3O<4ohrX0i!Ph!zH-C7Rtr}!Pe}#b?3Zz&_pXcT@0W!~%(nIkA1mYonHI$&T4TRN!C8Bkhn4s$P8^vAioE4;9pt3@B zzNYZ*_vaV-B{7rnYbC^Q3Pu#;uC6@qaX7!k`*`ys$3hh+7EXMh;dchJO%_lIrpb+8 znlk9K{AY$6QjvC2(cmUT`<986dBh7PoUi^cF4JVgv$CnD0ME-FFrh8^1gZM=-n6Cl? zxuvXMKLn|2?T9B*hWcDXURet_o(5_ad;n2 zmb1Oxeo5TFQjq4$L~t}+u7!%jrOaDXd>#4E@+(*HFU5jfNBe>QV9H2f`Tzb)FB1~~ zvHuLpLJapo#+j9$-MkVnU*3&fvb0l@0i~NyIV$h!Nt4_yYI^!AO~f1dFANDa5sB_z zAG`MM*-!2QC;Vr)41qWD^(ztLC}2>MurH?Uu37MqF)2Cw*icHmJhWVt8;afhR#MCg z@63m|ASO=q0sQK{cNp*ofW5*8lLK*MUsKn50tcGmqw(0RKQEN>BJa6hoII1mf&fVV z_%Q~soG&|=;S5qE8orT|O+z2+*Iy_{Mu&Y*LLvZ6{nb2l&;BWtQ$va} z$9gyrgWyX7q3X(aHy8m4&Dy3(!o~dlq{Wbnk6#Zc#{$5w_UcGu(9Nh=|;cE%fbew*B z&N1i9+xgAcZ+Bnk-rSu${Tai}IupP4yoWQBX(z%8^|){bGqfA=p&HsFKNBG0ButP| zoOOgDTX?L-S9My^C>aDI)%j0fRlSzS_F%sZXxq_{Z_5-I$mp3H&Wq#XtwO;T4I%br z$kcQZG*Nfiw>vo`kU9!x>TpqfDj*PfCqnd*gOaDX?`^Ng$Uo%bRo018Njyj{KKXhGs!UrZyPEmt9P?d+WKoR*o3i%ZKy=iMJ>iEySEDc34ZwASaMY|x_N z9T(?JQfK78=0z>}nbqDaW|6mS;ZNsQU3?#;`G&{GU-wMNBMJ!#X(1dddGYl%tNWyG zxm!hmTf>GBMSC=l9$J$ieoOe*OWKVs;-DHAJg~4fdbR9s?elx9fO7Dx!0D@r1KLG- zL1hzWJBAR(b@(&)1M4Nbv5Ub|;`&4LAJ6kCuBDM4zDEofj9_^G(3JLhHvKu`1t3A? z(znn^xcy&#)kYki;<7EOna|+86j&~a$r_^3?@hStnUh06;=vZnBd{M3SpOsNi^c;2 zht;AL0lKo6-4kvn$nnZx85Uf>NF-~x^i4?Mj~liS`}!JKc*E)3N1F$$AKG=(rB@GX zcMndvxOuD&CaF10RU~CdE&O;LoIfa5+Z*f*%7Rm5CO`aXUxuB_NgXGKn3zFNJb!!Z z|3%naM^(9Y>%$nJD4-yqfPe@BA|c%%ptN+Sl1g`niiD(egS50rw}5m@=c2p2`Q~!J z`#tCP{d4x%!=c1_)_R`%p7*?B&e>_)Ys4D%Y_aiY{$S5({Knv}{W{OD`o>+3Mdz6J z@(W+1qd&Ilfw%vFg0g9MzMfMdS1w-Qn%7%H!{!8Sw~oWza&=(wZ(?Cp89L``6$HOl zAKW$?+CWYi^oykb;k3?#Tr}XC@~Zo0c-+>gQDcRT;wf0?2c=4jxi!PX!xl4hj3w^1 zsL_&5A&uEv)T;u}z7A#*V#}uo=uUk|V#z^7{r-JDOChuA$MpHJNxe--XsAkw4mOyx znkTAhLn(vm^w=1!esj<$=D@tvL|h-m5DK-DchI57!@`=bG1{6+wbbni;2_e(ijLSq zpDP{+N^)}I5Bd1{I&i4P@z}<_72+45k3>qRdw<%IAl+j7KJ;`qd~r!uR#EoT_z=r& zd>`tz(|%PuSND3iv=Bif65P>1ns8rx#Ip1d{RA8!x|em@JH*P_1A8th?D;n9fdb}l z&YK2~68JrU-d~IQ@&H5F%F3pyKZ!Z>{Zm>sp2Y79UPrz-)#PZ-oGf%)jKq5W}3NOPm&a97$0CX zKAcX;R!bv9O9}q*<1UJowe@zbT{ISh9nOCj`AE+}t{BS_2a1@}(f%PFKC|-0aDBn1 zA^+C+Xz_|g*P+eFz=IL%jCW%PjgKetC8K}3aBe!EqdpMLnz!3E7RBeq9Ku)L5ZIvR`_-r~Bvg zaz_+zrf32C`#*84#*x-%-3Z71@D19iOV*1k$|^hikzr3YBd`)MLY0(Cb0orN8+5wy@hmULK3UI&YJ9cB8h~T<15@ zU!GBfcBD~zdn}`+&R-Z7x@lRuj1-Nxwnb7@OLQ24Wv!aXAhkB6d-JDX+OI!weXQm; z`>HbIVh4+s^ExK*GF_;()-W&R`i&bR!T}FNR2--y^N;4U4Gj&YXPY{YoJQ&e?@6I- z)=VTyF;sViq-lc`@qpuvO3f@O28opC4xVb!((Q*2iI3h5i=uQLC!hh|7&JMzyO!wA z=)qTg%H+`F-4VsgxH-DHm+`7_kXDU}6!hg^SB`7h#nXIm;nDnj*Xp99lborQo4!B1 z6Yl4jJ;be$BlBfGyXG+?BZ-IzRZUc-PtT7xFlExe`}Tem-@di5KZ&4{l2Y*KPHjhB zFLvmNWS6Gc>i|lkXi2YtfOY103`+}(-zH3eKXvK)-m!#PGRXVOp1-CLLWWy`yPt1Z z+2wDEez}Vx7Bao2l_a{z#mRXOTXrkJ5)h|d$-%1%VQ9@1tcQavJ*1)nliO;MNpA$q z?Yj5S>O6S$1mS3{j*Ca5FypCa8^z(s@^(52#ii1eJTV}#$=v(EnwgSNGY~6RNmp~2 z8S2$g{T8tCNj?cCO?5jcpRIa<4{ z0P9}T%*4e(2S|&BH8B*(NpjVT4L2tzK6{~B$Afotz3Fzb%Pk5ar<%!F*tDw(WN@q6 z$|6xgv%_&^zV*QrVY=`qt*RGo(WSd5)sp#u^e8$m?xESFf3ira7V;JwUr|QCg+=jb ziw0(IQsaqZUAjS=$(T26v0nlzJ(V(GL}fgLOXG*Ky}@U0dw0=1l71zpGBWn&jQxl? zJjJA>WA)T+4z$?*gQ~|wFkk)bn+)|8V2>ImsxhF)$Y*cw5IgR0%-BJ><_r?6@+#4F zhq~^_lxD1Jj((jbCX+GR2N!zhJT}W`w=juV=)YpTA1p$B|2|XWcG;~Dg@w1%B+9RS z&F&^+JHUr7mb#tnj;(ko)o)P~1KT7F$|@tL8|{dX9ezKOlat@@w|FnHD3w3ue1U;7 zJxzu*v3=MqF*n#rRYjr371vrG4T!d;yoZZ>^B04&{jObN&EOHz`*5+xD^T|lHG%W# z(_k=m+Hi8gY*h3Y(ByV|Z_l7@ZyVYz;ylE8>4%^De*8N@^W|BJsOhmbWn}BGtK;D& ztg)S`ORb!3n&TJB z=M$O1o|k9lA~a&)@vj%4&?&pPqqX%*TX+`Fa{{Z{iaVhgmX>y}G8J$fhh`!zElZ!r z_=nN03fS4zvCm9TCsiG+tojpi6L51oE70H>gf1s>zr2C9k)rR%mZMhw1tRgm##m#G z_91ThtmWamdmgKcA>Z+QYea&X3W=v;1TE>~^62k8LnEafL z)Q#sZ%B-e&MX?%Y`H6;PdKLCv{6f@}R-YXyxyQ7$QIqD?&7Uph3yKR~r77JPtv?GL z(W}@jys+GR9?w6xsU{c0^7G4fRgH=@5omF$Qm%6i8~g3r z@o}>^;ix$aLGERIY^>jiNgI3GQ+D>!7u;E4G+vklbr2D9_2KCoZhgCR#mDES;mY1N zJo@=F&%#0L4H90NYBeyYnj9Hz8yRyCkBndw5PZ}~7&>q7x;S0T9C$A~F1A%xS*gpW z?h|nC9243a<*xUsQKx*-C%j%^EAN9`rr!L|{Xr%OfHcZkk3-1jq;cn-dFx2y^VHPO zma5P`nHhP>^zv_>CgAYxH?=#>kSn&BQc>xQePPsV3gP4X%i}HIiHc0mbv~AQ!T1@9 zr%wys9TvVYF~JzCMa1Ou&~WW!4pzsG=rrjRj5{*N3_Xo_hTB4cp3!2bwGkZ|JUCU3v%6$~_9I7Ggw702{v$;QHNOE-qRnwpwgT3Ws$Q=VE-idkDT zVIjmM#UhoN8h_f?BwMY9X*B5a(arTn-*y`PF@7XXf>8Xe5bd9Ne?MtBO4;3TGTA3?%aTIwwc?j7* z>3{vT_=!_i!$Y_8{!Q!owpWwOyL=EO3h2j|*5)K(5GIGq9Lm%&H@*gV)`eUPchwX&;gsNE zb^DUIVwIiOyiS==8Ngxppw@3OnBt3*J=eLXt;7>CFF`VfB4!@TGnRVt`jO((8=pL` zl@r`+>{!djymqOHOaI2mRhs|}eB!QR0<8Rthqx}hY-zLR(k$HFn9*%{y z=PnMRq_{X!ib!Dd$OvjmFZ2zq>#h5;w>L%|PP4Y=%NDTe##J@^r9lJ>OgE=Bi;d&H z$l($Xx#AAve-sxNlHA6;Es!R6j{r~LrQRep;SJ{-9r(M~L~OwEoYH5Msa8xFNk9J@ zA&bW(x9YZ&?r?U_{KYr$*T_gX5%x3%#dx&f{M1q6Fx!EckDuQw%23(7xD4Aijqo-_ zxC!y*xdDc~x$5k)G>Tz#vjR>hrW9hyR%uzV%MYj8F0Te-VE=RCiu=RMnOwfTtt=Fo z&3d!+)zL5?HrbDrS{xmERP8TtLlUbC*-fq*pC}W7cpA<{uld?|<})byFzgLEM&*+9 zcIR)&(50M_Wy`X;;wj}!^`U5`%blW1fr{*$s zgIsgnZ()^paho5exOn=Ol~=&ddTktX>k${1FEq^-u zZ2vNUYinZ1rQ!o1{ zJEPqU1;z|j;n_UozTi#~4qWVrzUSbq{HrjI$}hr2c0B3IBYO+0=qF-7U91mDj&-b1 zL)J#L=H|s52TKK^^DlL8C|rg&xz0(0MX_mgs~C6tjZk;~Ud+5h|sBT;nP{;S6hplx49izMy8kM1@wP-092M^85b0b&poPnXyea ztMySu0=TOX#%&fjmz0lFs zwXm_N@2v~YR%XC+7)$(mS6Wo`?m*Vyug1o3>l#B4@va#Z5~TEs!n;dIm@MO{+!~uc zf8dXH^=f`dOpGAs9ch54Ievws!^1M^lBzDr* zN_`Ct6%rJDSZs7Mr|v$>@HF%3b#JW$1qDmX3Bgm%3XDaDxI(G>)Qi(%R^m9*_V@~}5QppQ zh00dkk3X(EkU#c^-(49n_Yur{(_Xr2X=PQwCt}fJ3%3Rt4D9R<&Z-Wnq!PHWUW_o! zi*}cp#`~ryWKpXRdK4~7U2&AJ|I^o(xhj7rO|J2yNA0(-&$cQZu0%`L_Z9NoKkEt( z4@dt{U45;qiypu=viNHo-LgfW31kmIu$~<`7#BR-H$o_63x!Q#7mm3P3rco$-r!r@ zeS9WNO+Y}<|6S|0Ut`BY?rPaK>9EtVPJzYp4ysX* zl>eIq{RL2qzW?Rvkl)|Zz^-il4{rzg@HiRr?}B{ze)E}{>i?py1nUqAvdDHnZVcr0 ze*9Dcq{3Ic>Zj-P_np>Tcj*+oVd1OR=0JrXNJ_;v{+9~;&n5m%rjfsXH{sc1g2(^4 zBz(W#`qjVJ`Fr9x(G|NHsMAD0Z`{r$votbk=+uj97PmcW*Jtfc)~W3H%Qd=IClD0Rmk7zo1f@$tmqs7B%7KsrWuk%5j9#eRfo{uEu^vX&^zGO%%h>7H4mvV-n=XaxHV(K&pA@H0u zC|j4dbPS=}Ee^nOOFMx~g-ON7y~&QxY7hmvqWcozG_QlqsuR?hQpb$Vx0-u}JSl}B z1s8`ea@cRMK)rz5CT1!mC>=4(^GGsz01k8EpoiUxm+cTM|D5L96L30Fzc20c3H@IL5+oR_w()D zLq`&&8xfaGw>&>}FVdzi5}AWl3vu7x;lDe8XLu@x%YeOAc>CtFE`rYIecc}e$V%?; zlnR`CrDh;XCnqC%~BS_R(%sabl&p!We64}w3>wie(7ce=BpvV1Y!h973(@w7d z<1&1UeISu@3cl0ueBg##-fSvYY9^Uouu$+RY32UGK1`HYr3@2sq>c8Eh;_4Zbd+2Xlt{70K2wzlpL z=4!vvk-IwI=2)s1&4*Hyo=2NDjCXRdw;$%rcurl*HgHzUZW`; zDV6^RvNzmYsADDO3tPe0P(Tv+v%6mk>>aVVXGl-aqY{_Ok2!0!3ms=6ZQ>M$bmDw+NEW^wP^MC8L@t;eCP)s_c zunYW6OK6ISHQ|l%YzYyvng{}bsJY*@z`e0D)8-6YO16O#?xNeoCG+XQCTwO#yN;K* zx9})Kkz)dJkHxAjZ(D?JXVz;VOyhtHE7TuD zV;LFoC*_Wo7RD@SN>!jyEjQuat%-Z3F-`}v4wN#GDdehMdu@jgP`F+d(KonxwA)b_ z$9~K6&uG`*MDAnNp_F?+4NP?#*9qL}Rm@RA_Yg3T-_d0uL`N@|@>?(!hogt~8_hql zo=3)6`kefUAPVl!s*_icW7D0Tx!kr1fv_c)7iSopCp%er)!L9@Dk#PK0jt3SphI-e zhM$Ut>?y2Hc0#P~UZj6PDdtani5{8}n4;Q;52fF@0hF=5y8Mr+IllTub}_H?1wrpU z8<))6V587K$@${Kb)gHCb~K|a$&TP)$ky(zesh=U(mv`~v1VoD(w}2I%Gbp0-x(XA zZy6|7r7ZgcHXmGB$>ERaOKJcpdpy8{;#(CclO?PV>wj}L?(+Ok|`ELo3Isqy-0PW*Y5`WLt9>vyWh4Jkl>V?ikF%VyN ziAnifFwFAu{9~VgQnjYsbqZn!CDm`=A++f=Cm{HgCKpi)(Yu?~+`pW1E>B63>S2@A z(PxN&v-664h+@23PbfpbFwS~eFYJABX^x=N{+-ltT26xd>+_csP)ZsG1_B@|QaqkP zOKHN;J-wq&z-o0Bc&%4P&6ixxH*P?Nvw9AESz7MJU3Aj zkEGH3f2m=oGKF6$L-rOHFR}-4sfXUN41Xu(`FVY30byv6ZoM;S3FWNFcMio9s9gTi z6&n+vEc%N?Tb&iH-T*QmOiengC73p@e`>@yN# zUPsev7->ay=03eTBrPsJ*D(_6DFyQyvq4N59vy~Bj7UWdYBjBc?{VE{(0s(Ufe%-V z<8;0y7Lv1WLH;-nKt`7GvnY(^%ZnS=(N5GeB!K6Z$c`|5Kk$@B`>K=4rQ7Y+ zRxyD4)?4!rEj;S3df{aP3@mhMoI?X4~7G6Ahf zp2tW&!0>WO(M?VvM@L7ew;2^yQ=_?kzdJ=6A%H=`;ZMw6OHM%nW2!-D>&)4%sHjL% z%5LfG6iAW@36F0qS&vnzG((js>cyy8?7oYSF9p;CF%u?NM12pX+4ME!}#L`5Xj;{Ij5<@RqEPU@q5+@UBKE&Y65MeczL2P~0-SYce0t8!meeaWg&7Wc_&9?< z0W`qENt37y)oPJqhDTVnYsX(<wnx}X|wcS3ciB#EI{ElKa zM$bjfdvpt;b_ZA=U{GK52HM%#?QI@j(RShNQ&TE6yLPfqeEkJzAwbNRl}EId();!9 z*~cnnsh|RV#pV*~E<5t|>uQUhV~W4k#_0YNcJ}+n@jG&9;%`}^Ma9HQNZ2oR34vg=mX|$q1LzQ@6XE$hEEHueLq`mSZVa0zF%kgBbQ~8lu+Q<_YijE#&ySGG1TC?qx@nboM)G9eh+UlX!}+o42s2+RX7g(uz|`#w2tla~wK zl$~wuua51FihL=P**`ZoXUn5VgU1w2i}<=-S&gv23nIyL+otQVq~7;d;cXrgpUE7a zw}0~7rIt^po#$!m&0ZX{aVTI$>W9{Qt+m0qpkAxxMt}gW(heZ^VEFb2x91KVW_f0k zF(*%BOfbPhnEXBzKgjkq6%|#Rp_U@opILIK- zv0j{CPZXi4DA1naY5@yfH#wZ0o#lQHR{Vp>>I-#reN2P#U$|;0=V>KFOaVRnwn)%C zUGmDhW&*HcJAE6ZAF2Ys)xG)E-WNMo+9&f=k%OCCJrrx2UGV)_`ZdDWY=GBALtetM z)?>sPq!F<{{pIPo(u_*T>i5` zjTXj2%gyrQU+n!E zXKtaB8s@Bae8--3C>$Dl$1tx!30P>`0OT7KHrr>%Gl>80Tw^(e?zaV&D<=xR{qL>YNvxF#dbE}O7JH% z%`dOmT@=NmYP-E&ALUD>pz8f@DeuO;_e?DpKeSa6h)dd|9pn0jhVQb~lm>-gngO*M zudT0bS1z5Z3_bO)z0^P1a|=4zCz@GNyHzY6Z|)sV#9oigqza0Qr(^fCNgS$Se6MVw zfhn~66gN;pb9FkL4;Vt|tdKtc=LE_W$$-OTElawoTcze1Nqt7GEgf&# zej~M0nZm)_o_Xs#&y5Ch0>H#^_S5|ETK7byIs0t0R8mnTH}Gtb3MTh0xQc`Kc;ts8 z-MwaM@~snAz^H&a-|olgAE%p6w5R8;Mm@Kqfv5EWI`=gA#kaWlm|EwfYRt!%A`Ahc zm>k>j){zZyI&V-|8(iF}^{WY^QH-%7N$`)|LMQBOctUXL2Y3yPGK{*-k}!K#3Cvtb z8q!Dh&Y``OSlHLQ-Qc2!*%)YU_gynJGH-=Y6qMdf+;;aEuWQwhplE%LZ@Dq%%0Q|7 zsMXhC zpyd&yE#LqXF&U>bHr#NMc?5cnp7BrEV5ti>2=*AU zfXOJB)XuFPHtb6gk%e5&wJHh)Vs|2RunGwduS;sU z0gJsGdRs|Sl1I{Ozes7N1UYQN*$xLD_te)_2r_D8{A~2*d%mAP(~F3__;!h?)D(5} z3%e-JdwINrS59KH{?XX+>+3JCM> ziU>iW=sX}T`5F-+uAuOlbr5uHoO}0t{C!cx9+NR9`1n{DSE|rD8k_!ZYLdy6(+47% z43-H7+O@hQ0ghpAP?;1Sb>-yHo&g^k8tb8yJ>9c;WB7R19_}Wb0aVf?uTloUzg3rz z=uSa>#3d`sz9Fd@>=P7J?56c3wW?cG=7a5u2Zh+U|CbV}%PiRxw#a-93NEglkERc- zS1Eyc21pYc6H*@m<$1ZSC43?_HWWxc`nB*MIr)(SYohxMm#m&*GfHc(b#%&_2*(CzriL2`C0**_m=x_ZuS)}gmo_(wSuNMGTFJklPAZgGGnM!^>b^N^l3rUN@|I>)W zALi$O|EBeSv9kXMWx7U5{ufqn#Q}j;uAw#l_U}K#8?RD^Zf9z0{~Oj5tnvL&Lt7R8 z`F?$^@W0=HT_$1a{g+|ABrGuahspg9;~H+LqbC|pGk~P&p|(Qf&aEF2&%(tCS&e+1 zmzh96wmNQm1%SzyQSP4)_V-Wm3g8Q6GyC^kX6b;v@Kws5KT34}6|d(bmo(=gKq^~o zWQ%ie*3zCqBDAUV*y&i%zbT`%#rN-f_|KI~;3eMwDI?IVw3%ICXZH)ZoDfi01H~3hzRhk#G08H=!VqcZCB?h z3#0x0_a18^fi*~v9R|Di0$wM{Of5}`F7Vbcz>fKx+{T7BuH*N(9Pis|RK*2y^ zW5=Xx;P`s3{j&vvQR1HUhc8gwP> z^=~4+36K*Gn%6^eHohAd$z3bHSvskInWR}t)L6COEbKY@lW@nCm8qi!Mp`}V{F!E~T4+Z=B}Lrap3URx zRNEZG+TJtIQoD3@!5N$DT!JNeZwK9~247}Zi$_qUG?Fh=(m zT=2?AWz{kVElY3Iuqizs@m#@_Rs&$)gJWW@{%Q?vMiTI0;&}Le1k0p_E)-%F<`H6) zp=6cMJm|#!$hYIP<5}VQ;*3>YzK5eXQiFc9w#=u5fe(2OOHv9Y$?$BmCtt#^r}eN` zbbsom41l2OEg8aSvP9*=_Lj?o&tWl>SK7=BD>U8Tl_rG{=^Q;>rnq`FZ)YU67uh_Q z-KedsKweZrV*Yol?u$t*UjXr7lI>6{HJZ;tZ4>|0D6z13S}2~ju$n(;ad8&yK7X;1 z*1jdU&UMJU*g|?^yK+ul=N=gfw1DV5Gz9hKa)DvKXZrjfKK-S*5mRWo3$kVq1q%y{ z#iZv!`O)E45;g8EN~x%(-q~7cMy(#)KIg(`Pj>AF#@qFZ@J8ZEUC<-m?zN!jXq@8# z`wWIFJbCbU3u7^k{YG>a&OEKFPK@rr9c*oDdl^FEw7({_7^n&9;M6H;iPikd6Jug9 z_@Pzte+EMKt}Am0a35cTgJq{iF<00P`h6^EPgZV26>t=rK2|Nsk*ARN;jZ0gjY6JA zI4Dkl)cKaItyK$*&|y2h&@%i1!&9qvtn6`cW>jk5W9o`X>#cp3zBQiVRxM0DcMIf^ z@srB+w05^R4$Cl@jv3EvC=D*_!=>KY*CzdJCKE-W<-6&9MPj>G^+!fjC1aVq8SZyH zSx~b1=p4?V9Sq`ReM%0M@)<+H{@DII7DAv0vLnpjw0NKAEYhD@5g58k7dUrILEjM( z;P1CjNo#xIJ%aK&n5T|xJ_n3vh&Ub%lC>%^(Ug`lllpk7lq(kiCJ;`?6^A7L=9*1R z@OUP%F98lR{@sX}$xgd$=xdMtcqC={9x9kEObb98P+8>iPlzTO6P3r%ij4 zMyOu}(mRIT*i+54VN@}efZq}qXv~FpzH<)O1qu-F40ehvSNOrsB6--lZ$Y49w}xlmht|`qfZgD6L6%P-pCSEY zFqY#jS6$sl$l=+MI+J3y0+ROPt*HG%$?cccjt?&C2W)%y#w8-B4^zBHs+~oW&hIAP zUy+-v6s+mq^lLwW@g*h` zzvjL$Bi}ky(;$glEG);Ad^Xc#FTiFfAV;brMa;T4Qw}1j+U@ug#zs7(vaIhchRLKYH;#x@9j`>ap9<|tAkCyZ6ndWYLOKat)Z4J@ik>@OE2D; zx1hrbq*?hIl^VSljW0nL$2Qe=xgaFi(T-Nv3<;oC|0vz2@PeM#MR-WB;0Mz(} zJ{wIW|Fv?&6v?1X!OeZUT%&H7@g8Im4R^RpWlQ{TFsFCwHsyS|e*GjxfhL+&mk)fd zF154jfW9DDuST)V%d^DLuG&6R&TE5HrNACx_Q@lkJhI)=(zZd^^xB8qc;Wye)>jaL z5&4zdP^nUsX??sjD*#8{q|+|(8L4M2k4fZ)NOCfaDY#|#l}6$F@9~k_ z92OP~RMNzYX;|?Dm&>>Y?tFM+Ar`i_?e;Z(e$Pru>`=Zd8i8mB4Y)l$ZXC*`8QG@4 zjurxb4Nw!#-6`qB(n<2CoWZ=FXEo>ILuPBEg|i9dfOpp&3p7Qrh&g`+Rn{P3qe_hl zF}vAk>$9Ux(293qy_bQT5tycxA@i27FNGu9vuwZ^!Zx0SGLY7p{Dobh{q*zNnuO0N>|n_o*(l6LR=z2 zF`m!B$cU#ZbInxCX07GSZ&~PP_v_420{KMrLOy5v5m_B0QaXu=<8#*E85>K0al5s( zbvm-T@?HNAbie!bi%kK~fpbCffaV8IvEZ25qSM3e1XGI@SgXNDa?2DBU*p~5I8Pvk zNdZLeElu8D&f824lGbbrOlYYSI)$J-x4%(sVQD$*O^irZ$oj65$pqH44lvhF$!CzH zi1-`+UP=O_S!6blaAot(Tf{{o{8B2gZMR*txN7=6ft`gZ(+|O-4rMyxX}9?KwZXZx zS#!>pJw#8=!ty{YWU23zS8JumGtvD5{f5X5O6i!!Dh30KflI5T?n53cD?3o@=3~{u zf}_94WdfLsSX;|E?WZ4!i;LS$SkGfkgj8;uc2N-ojojaqLV!N`*M^&JcJic*Urr(0 zJh+{-VuC0kqIE>ihY|Buxy`-NlDGc?n5&T zo8kE5P#7sb9!B< zqX0k8s5`poQmgwcDX9(x%wj^TN~YlGZ+i25XMe{Nl$t+W1J(AMhccN8<32Yt#KVpH zv$h3mq>6<@J5K_PTRLbtZc#HcdtA~*wU3WnlC#mH1^t|lVl)Q(2|8r;#zf%U0ezhy zrLJXzmm6f2CsP&t6I!e9Upw%$1Q5M-DdaPE5&|z&4BPuIQjt5>XTM1Y4~+UMT;c7j z<)%Y4adF5X)@LFpDJiiZ?M1f8mT%4jb)^0zAo~i3+sqxiONXA(jT8~7sYPwO0&`&K zb}`PUbiwh9+CoH7>oTtcx+ka8+D&J>b1z7f)N;M1NdxD+%jkP8|f96P+N{DA@ zLR@nEh8n#ORjfi6AyHv3MBm*-OSuB9A9CR31p9b3i|2?QOkCy}c=F6Q3sy1;lCn@vl;~V3W)#KI z&R2Q)E1ryvlarHH>*NWz!<)fU_kD@lZFqY^Uj1DCA24-vD4DoT0OoZCalCl$+WMU3 z-6$qkp7QeYI6mu7Boj`uDNb}iW0H`N4B9%c3>k|m*re`r!AVqbPxuWB;f4+Ebi>;e zKsRgEean^iJ+#ahgb+#9K_1yFSa+k z;`tl=h`F|p*F2F08z&v;a4^cxvD$(f>Fx=imvL!7b)40cf}H$XxOjMeAcfeT<0|i` zPgirye?TZx*{hv*m-0U8YKfbgdI5B3gW+rj zm>)g^YYY_f`9h2uEq=#g^i@)9g03&2%@25Wu7X}yxFOEDTu6XiOdoO)W>dd2b$?U+ zE_hexTV=;{P8G|R-)O=%yEf;7V7vZ&lGSK2zgwnB6FtV{HCtC#9_k7v$sQSao4)nx zU7MO$Ojwp*OjgQ-@U6d5^E6Wa0ojLTj1U&Z35?l)dmL9kP$1bTG=PU0b^_&oZowyiQs?c+=95k#B^ja?Bilf zcX@<*mLH7n{zOQwPY!l190ToKa?@{BY4P=Tl8c3p0%Wq3GPS-{=^Xn)q?a~%{b6m5 z)}Sj!vbtg)CYIxoViL6$f5^_!sK)(}(R-t~)c%{mc@wRAK}(EHYe&bM;jN3q+{5m~ zUc}BP6PP-WL?nwrV_*EM1i)!jH9lY595@6gB2+0bWXcb3u!Dm!$t?Z^`aZ;fTnER8 zKjeyPDeiy7Bkhn;miFA~V=*lyWz1XBd2g*&BXSGQ)9h`;ur4z_D|}Wm?fG9+n>AwX(w7z&{Da+A1>}Ua@Jw4n$tJ` zNQ^1Wo-Ql9q<}2@vkRKI&A(+3)CBmAB0uSmdrR#)9sIFsHS&Jcye=s&28Sh$KLL9j z^eBCFd3O!UivY2(prCM>?pK5l%wf|id^4Fzomu6lu$G9$I@ei3|3R6 zt|)`pn4U;={aK{xH}QF+moL4pIo_@*H9p0`4rXtm(-Zh3vaOU~T2Nf5J7(|br{Dy( z3Sa%zk%I{XIQ(R&!@wAif#y2dA1auR#+y@Oss$yO$6utK!PkQ+5_o11KPj7@BXV(% zB&k~~-|QMtOl@(FebFp$xgY_fwGn>})hRz@$A0W)tZVGoN`f0In%|s}ABKz?i8E0a z65MbW2@$>itEuT=+T++8grpE?a)Nk;I8C^Z?dTyK5VO-<(13C*tP1>4@_><#Z(vag z(Hz~*`M1yN!UkM`mB4|1?}0<^uVPZqx^Gl)01!W*+VS%Xf_fhqQsS## zx-+P_bCCB!M^2}vm@VPe_IBxx@Xhk@pMilO@zqs)GqU`j65@|mbOs?9my?3Urej6T zZ=SyakGuDMZfpWe4%pN*QTd6KKQ3qdy#1E4&HmH>PC+FV6X?gRwz%BpR4zF#SgDjo5(EE6HfU2x?_{`k607Jv_)=5yZbnZJ#9^eLd{yc~en4 z7;5qwAF2mordWy$_1D%Nu0N$Zx?6iY$r2gLImVXbL9yyjn*yVM1L1>y>((O{+NdC} z0KIKxZG07fHjX2%P^zx$JA?Je{IJvNV_ z^dK4Zy}c8DXM18w#Sw4IGd@Ed?o3QUt~6W)1>EqVCZ(6J6a;1NzFHHOE#NM=eLGl2 zrta$UhJpR^dR)R`kmtv@k#ZJx@tcbkRrH4)(bfsOV=z z>3)+sL*}8a>%3j1qJlyy$$c#=m7xObMXXoCFPGgXx(CJ`3&X?1lQR3#mlm#g>~{_` z09|1#xJVyU`^KzCCecD!LE*c3Q(*6Fc8s1Qbi`9GE;Xveenp100g3MwqdzRG@#zxs ziB2$jinQJ3#N!oM&Bhfrt4^K1$5JkD?%P~PK|u+;6*-m*{Qx!XI|C{Tx=}Q3rqk4Z z+7xWKPGLba4!HhuaPvm^+n9>Ind~CBbHZxo6U=h^Twx8$-*T&xCHZVcK6w`;8lyZLZszn>(90?A*2k%gK3ZfAXtmX{o77?^ah>pY8WE2W7gR z&h}>;nmfAkVUmnW!z3iD@;Ji%@q0|Kg?RHTq){_ne_xW2rR{7%QzLd2cEW$yY9?6WuWC8jpr%o z@15P2&eHXswVhyP|DIE%5ENJ@O%fzxRw@B?4+70&r<-q^wB1*-^ZEMlA~kcf;quIe zQp#ppc`lVC-QC@{V`du{cb_saC~s(zy*D!poIIVPi$Aa3Rjk#zcI?7eeONbkGFN!V z_M)8EruCKbyJO$9ljTKHET{PCg}!dS9#Z#MU^il3=VKjX0p5>l;IT-#n3Ile6MHGG26i!;kz`)^bt)h#|r@WdSt^i#fca-mJ zH-+E_J~Zrgmg?Hf<5k;qYu*vtSw${gZ_Uumt0-A~^>^VXrk=xoS!oEGJRg(Ty^12} zhpuo1zKrrhg$(2GUr^q9K1c346qL_+e}4l7<*riH3p`MbI-=8`W)I-67{HgN4o@K{ z1deW_Bd=Q@*S#3pK96C`jDm7B^js3{|NjDi-`)Rp6&1Dn@Oz5FI)cdnmI;nV*6oa& zyVgg4K9O*%y(A?bGb+wnFCZ>*X_Vu9s4oyi;FYA58#oY1JXU1A80c=3a4sg5l>}oc zTaAio*cp^T%-wO~68eY>!|F?q0lYYfUpyr7H1+fI0 z+%_64@&v;mt#^a$v}N`{7K{-xYG~T0p>E+%Uc_Sedi&kXiFY7RQ$#CYnt*^PEH;v8 z#ef(){ryT5S^$j8qK#}%3m_WG{{H=We`m}+g`yzW#=H*At5=X6F31igCsawTED6^EGuv?9ij%BWmc5cn zn~8npmRU>E@LgCpggiyHZQ>F^M+LgNvn)r0+$?5i>?bFy40GE~{Wou5N%rYDq7 zTA%yhEzNT(7$dh?{NcRcnz3no_PKxwQ~nTf7=<>;^Rm14$mVhc$x7FxT6dSr@Skz;^>>mZ@4&CR=)s$+>OVooM(`~dmocB(V& z?__t=kn75O>e}-b$9j!BWstb-k>qL>%H>z>1=d`gSO*YY2ApUhr0HTy2jd)>ZKqKq zTNd}1JtGqbXBuxm5yL*XsoA&cWV`8>P+~ff(@R>F#%)%q&VEptUhl|d&n1iHEu`%~ z(l@KO9}|AEUYfaLccL1@qo3@wU!`?l+a{V8Kf8v6S>TYLMT5$YPZhpY4w~>Ab&$S< zd5=GBI9rslnW)^iA!&Ht4;=^hE4K{>vJ^#NANR(Z*Cwy6#ryjB^c#}8XSe6^F#NdW zHh0U>cE5a;=yve2B7RacQqwBUErCn*zLrJi8e8n7%PAhLyQK&Lp@DC1LUbA|+W9pX zf@zxLv8<+fWy2huN2@{N?m_3L6Oa8GAD52h7Itx{bK98=F?RvV&x*qh?}73@v7aimCrjrHwyUP+ zHiCoo0oow#)Gs`r4cfwNfr6=-AhDyr@axogxVfum~(*XnVDa#l{1@{qOmg ztM5$a*{Dc(A2dH@WE6v>C9fzDqT26!Qc4IS^N9Cqd($GDN)DKDJ>`CRn-j|0mgq4@ z4fZFnoFLDznL(#Ap87y`vJ~1|u@OTA9i)Y8FC*M8b&b9)L~6Kr(w85JwcIWYC7^$)x3H)OUrTFwEAd=SzJs^5yC-Or@_#Tl-eE`u#xqY|NK#G zXS#J4pLV3?A9+Y05?!~G+)hois`$*)hVBRc>06;;qg0ZJ2&*kUI^&~L;ZWwyuTo-* zeQkEwi~ivf6IjgPvDw}j)@%wfsSJ6)NLrcFzV3hG%YM(&UXnO}O{Csg!13WZpJ~Er z^x%by1Hy{XE2%$>MbmCsG3I1d8bVn_r$OID18G?M`XAjO{%_EOW+`xNQ}M09#|65m z6dxZ^-kqLMNS$y4j#us#oAjzl2f4@|@^fg6a5{TM7nzO;uuoVNCb+t#g58ZKyLhH~ zrYRuS=pe3kZ|^&{(O8Mc2EoNwv!yW!sSKg&yp3FFEU|igKQW|veK5ckZS9bYi_~52 z(aVvsKl*+)YD3I=r6NnG+lcQ)IWIM(*V7FXAflGS4D0nV8WTU?z(05RrM}w)dcnY7 zqoW_EdkgCMFoRurF@8+waB}~L*M#jV*#I|hb)E@ZY=W~}Djb-}V_q0TO#!Q{3+>W# zyT_~$Py1&-N$f#NrR1>Td0!(rh~HIPU;lJ-(0w%1aB1CMdq|g=1QwQdj-g0(GN-lS z%D_;9vWZEY*EpA?@nGH{bafwCKDuXnYHE-CFbXi2(Mj7m)C;p(1cruxog_Z@8Z=kQ zrl+zUVD9G2o0-`mBaoHtZEI~G43*~3nh6Q{W_`&y%f4T>C8ufEs(5nLcW7hVJ$bU- zj2@0fm#LT?xKXj|R=s`jtgW+E>9DY?w=hMkm(IhSE0wF{{e)EEVn;vnmF`I`B{!2e zio@dW9owu*Z}Iv6+WYRHCb#fS?zI=J7YibY0t!e`K?DRu6b!v2L69OUV1j^jsZmrA zQP9u?1VkVt1PCo4AjB&w0#ZW=ML?y59_b|n_6_dt?9BfD*!j)u?(EDubG@SZzI-`3 z=RME+JkNXHEBuvSuRuM_u_YLiet)MMsp>&JSK8Fv8QV|!)y2%;cJrf2%@ij<03$(z z%9?7Y42Qm74s;bF`t0n8{Oi{ZYi~@WZf;Iaj~`3GxmRHQ_*t*ce+C8zuorr-Df|lC z6hl=ugT+TU{JtDH=tCIAWJOh#9zQ7ya}$&B z^x3nlHoGe@^Z_=M*9~eO4RGux(L1M8^bSM#ktkrXbHuOdemJ?!FU6`(;#TbLvFaoH z<7~YXtv`SM>^B_a*bgXho})NiJ!x6)LYvH%fI_+) zZ3&4la_JVNV!F|ilB5Un>4-jppu%0EI(JN~{FVEtzGI%{S~^6X65L^rPeOa-{09>D{*cPc|JNzD{N5fx7!9?NSKep zdP&f3_K;GpdE_=(#%tv>imod{h?Y-beXW(&)ms~#THcX>0MFfTBM24cS5Icyt{#Xl zw~>pt7;sKG;}c6Tl-|h)Yr;_F=dI_Q6{j4Fa!dRSZGx4h#px@${?p1C3dAEL1B_uN z#WJvTUi^GoN8yEshOxr~UT!K6M=VV(-)`AkP0GuAbMX))QZxO;Y6bUCg;G*d(U^p# zndzM{*vJwWwae|t#1X26K16MIe&6%LIo5@`@YC(;h;hKT53|u-q71kCgqR1e72CqM zdiE%*DR_@M#dc_~bFI)cUHlEFJ(L05P^TFsDme~6 zqnD3T;&IrPoxPhHyxQU&H;t&jS-l=O`B^7{Dt%`mXt_ktbK04=tk$s>7oz6--OG!x zjIFcprv#x}0~u=8m~$g((ED0-7ZMzbR7~I<<3l*^xMO{i(ltEtSgFHxe>=NWI6z$r z5=8*8QnIq9Fbm6GduFW#yOT0I*Nrlq-?(J1M#|rk+eeRH#?K`j>10gco)X=!>bs*W-L zb2|(J7z}NG@(3x z;mB)2xJ43(^U+HYc$xye@fB;(K{&$$k#lWe1-)noxn{?d}`Ps!kE_{&RZXGntfV~=V zz2zGZ>7V*#0g(O*-i3DajaW?~vsM{)A@vmVhKfplAC;tnuDX;$$(v~ns`D551@9&P zy3q&EiZnJpGR&tG8bk}&bRZ}nc#fcz0Uc|v0Y$%|m;U|kF+0r;sw~JV-f6vxpJ^zk zIMo_O6+!>qim8^a+OOZ!!=k=mex8fS@?7>UbwCZ?E-U?I#7;Be`H<9;gSayuiUN*#^p}Uv3C?}Jzx9kH=&BW;_-)) zj^1P{1%_6!r?YO47F78e!nrip7rT0cQnJEj-|N>W6gSnPq-Tb-jIaPV1sD6PV54qs z60KU-=uv82U>U6OYr@}5$#FuTM@2EMJ+!VbeE8{J-u?7xL@eFwx36(*&ebfSg0k`| z-1-QxJkQ_g{-GuunH)6erg*3QicA8v)t6=ShF+GOTCEdHdFQTBc`G73+?W^+0ISH&fkk{ z%-Lo-aa}T;+!q+zpcve!deFzK&b93a+9#%cp-nRxxaG0=WdKMacIzu^H1>GordNA5 zxo&uDlVPtDg#R^?on91h@(SQXs*27F^AK`uw?>o7>B=v;L25gmKlSj<#=R54B++l&&sZ z^>^y6e7FLru0HvUUWh2w#p{l7=B|`RxvKN;Jz1@0hUQR-=s6!)G8&(0)Aqfzu*jLy zwv}V;<|`*IE)mmMmv5JZrr3~7j4INLS{25>^+-lmr}g(IbmreIheh%0*UHMLkL8Db ztQ=um7xGl@Mv>7&>3fYBjWm5IDBU(w`7#|i(1HG2b$zo~puoPe=j&jF$jYkkIyqrv zXSc>bet9nFG@Sc_SkR-t>DN5R{_E!Dgx7|dKz0sHFDV3mVdHD#@`|sn4BjnYCCXeo zTc==IA)I zAe>Qz@L*(FsLHQ*faf0q`k4MiM+ejVYY~nwdi?h7+oHS8@89&X`um6ajC$xzqCVIK zwS%3Nfn9b~c6Ci3gH5;wyty;5c!zOTEbc_2?F&j{<-!#oew=amz6LV{hLivq+Q+vS z17~W6s#IL7ZVC>!U7Kiir;dWp zem6c9TIStN7F4>E{b&K_y*DK~I$KY+)U;7;wO>QU(0;Hnh1|pJAwtt#*oApKX*}UF z!6N8bgvuqfkZ99ITH|P{I{&>&3~TVKwR+>b8CBpvNQ?ngLX0ela)%{SPQlzHY8h(ExhUoPd#1t4M}wpo2qd zFL$LJ3CC>olY^!ZR;QXzExFY`dg#rfSQJ8fv6YIQ-HI?p-in5Wm($_lu(7N$laP*a zoZFFOU2X|&QOtrgD*=5=svf^45_sBDon~7XD;rzgXJTTP`d%Ff$=tNk>A@2a{~_^8 zPP!HDDSgR{h z#mltl#%I%tsZI~~b3#*#wQ*`Wpgv)lhRvV^6#3O-L6f=+tZB@v=#wc-^5^nc1hwOi zt{$1ZVH;~B`UzCf5`^sS0XT(;k$k83J$)X==$DKN9z>D!H6h7vNFt$gI#0+{^#;XTF=KwmlRFJ!p2)O5I*mKm4i#M9^rBK||40!;`5}gI~ zQRnLzQgL;$`NfOD5~~V`vx(LogUcDGb>bs1O;^Zhit(3R(Q{}rYIxX-dT;V?d)8QV z-2l?TA%vGScpYlPa^`YiLyAA^^8F1oIG2==K-2V-vU^uweTm!5f%;|Y)~#E4+#_JE zz~9ZPmL)C*#KhUiMQ#uTULArR5eQ*G8m+4Aid;C8triL!wKRnnm<};=&Lu*f#sO-&ceCJNDi4WV>(?XxxorYBKgPjT-tH4O* zx-Bini3o_K5J4qb$_stZ$9FMwZTCN?ZyPup4?QXSi{g7E)%xcVBCb z+U66INTCI6p-=Ap5>h6~cc1pa>-m~g@E^(#gFH6#{`RWPUVHiYHW&CWPNhBIz0;9z z2SY@|KLh2vCPe7jP*}vnDS!S2hRpZ84tw2k5EA%3Le_46Kkp)sSBGC8x7ux9`@?4G zwfq+DmA&hKAomRW<+9Me= zP~q~QuvE-%86Tp3cw1R+qrijlB-JEhoouP@?w7kyZ`ay;JdjdjCJ~aCv3ALuEb>0P zuZZKx*&sXA3h&nbI z?kd4fytmMdWDrfvT;j}NQ9p22^_eh+z_>c@ur}EDvFW;@qP&F!Br}O!jXRdoxPRtV zw?kC*=*vc$V>yHqef@8=Zv8(W|2eXQ_wh%vr2U3DTY9nMWr_km^3S#=E>GzNtr-wkWi2t{j$^qawRm`fB@m|dHWr2f&Kg0 z^Tge|cSGX-AVmfp{$7}EQW{Jg8cK7w5)z{B%pnqQU)E8**!?W;(zsS=XJ`Z_p};by zz>++qldx-gk?XD^G&OC%n~zU3tN-{WxZ)s`4%?7kT>Yg}ABtOB6@Vzb^8CQ!o2h9J6dFx{&;$GU z-}Olv*SzSX(jZzE*d+AEI zo&4JC-Yk*M+C6DxnPD)9rnA6rXGU!qUHg|0spJB^(LbwAi2wh{BKtqQrvLxj{YO#s zs#f>?b*BsW|LdC6m%VfP=~sD^+;s(-jDm%@#f0?tlZiV zQBX*&%OlE0o;sllwfOC=g>A9bm|z5p2{>{ym_>6skB=b{#KfM+WF~n5RRC* zb8Wh15n;lngCPDx(`Sh6s?Ov^y4Of8E!RV`pj-4ta812N(y{GL{tAO+BkJ9s=OHB0 z?^l-G{#EDeVkn=&=k|2KWPoNx0g>e8P1g~ehxGZ{DMTpY=>YTySq(1^*j|Ea` zM}o+w(OD@K6_tPL|7$G16vMAI*Ord(;6Lo1X@eUDR=CocqVsGkXUXeFjTwL1FOP_= zRSWYCkFU3?een5-ddy8|29oJ}9nr}+4gxwWC9l3u2YZ`d+|suNE235v(^x(D2A zvD8`x1Na^gc!mQCVKNyMDR6MND7k*$LI;*AOwG8L_BPFa>fe)M#K7C1KV7OD@DvWv z5prujb;@1YI@Lw{>f5>0n+b%IX!3V|E+;|_A{mV7=F5D1?K-f7@UWwu&v&xDbnM8e zYvpFYJDiB|g07>{FJ2Jezqf*vFfMg(e5-{+{6M{An!S3G98pEE3iY37&HriLs#vn<>f+UI2H9(l@CjA4q zwy)b?H#$4?%%wXf8Et;tQysxCsL&dng4^sxhseuQkJ0x2Aqtr9NU)Zo4GoJy@>0y} z{&{x@Xcr{>oa{d-X&vy>UM2UYV|)mS=in(VRTjOY_-77`Jd2*$7(~wl>q@_f$TyeB z7Z}BZaZ+G=N=OwHy*REVU8-H+?%}TW-#42bRkr}#xB{GGP1X#kyq7$cH70*>?QZw~ zz#aJW|6s-VUvg6X{}-YEUmF4^;-TM0fNN`B^vCtGcY1lOO@Rvn<~da_08Us3G!JAY z+SvN~DksQeUY|ar^cY|@@7J5HKuB!Wb_qyx6U#jY|8%R9*Ir%_otB8bG6_Oybu*L+FVs~XFEvoRx5eRVcA^mA9q9#e$6cG$lE{e9<>&%X8RUrn9 zGJ2^%aU$X1413#(!I#{5E_UkIYTS6c{56f;kWd(FQu(!bgdb>z&=1hGE>_0m;*Ga( zG$LugO^^evagxK;6p0PGR$xrS{4~MXf};mAr~mfR@lImWO2?I2>o@DQt_)pUV6K;0 zcDnd@9Dt%e9e5D6>y5^+fd;}?1@&7D$nGz7t1WBh^yV2t+-eElFipL4us3LJ=pgkcM0{DUh`ecKdVx4F2o0Ha++j*hl_nr`h0kWj?Kt?erH#tEXxp7RuMoPc8;< zG}>%9DDP}7HN$u3jK>WMr?xk;ru9^Qv!8T|Bybs@O6EPJ$n1&U z<9#c2hsS2$aVFO>mW?AXk3T%z(K%hFVO8#gwg}ugr(Q`}$C$qx2|MXZ;%2QKZ#=+m z!H8i(er-y3TuzmvEhA;;lMz#p>+swutk;35zxsZ8GS##O=H5vQfi6L+ejG>Y8g{Ie z*Ee|eI|(>}Q@{UGK7G`*f>MsC_8Q9${umHAHO#Smf9ogBI|Ymjpt?P#e#cnSb=yQH24Ph~fl?LgM~)Nn4x5WK@7NBuq-`Wb5&iz&D@u z_QA%?FEV!@oH+u^>$PgXeQN?+!I3!Wd*Ue&B4$TbuK+dI)|PW^rnx$e>M)-5p$`se zW6mD9@`&ahin9YtfD_50VO z25Zkndo`Y(1NPX9w3WHKAgyQ6u#i0Or9=YJ5{PEdzB}58t^m9QSZ_Jf zm2WEve#DaP?+r$o6h^E}B8V?(;(GfxU^PH#K5Rxyg&L?C)=Y1(%_`N2+3b;K1Fu>$ zLA@8IxV%rL5sX%?#WTd=+!I3bfyrls4JkRjL93VR6REA2_uCLOR$fcY@4lyz6~P;u z1QeQ+lPIuzH|gcEWE7~35=QYSs^q<@W&?T3Hsr4B4<85iH&SgX`slGVFu*b0&(-p5 zOT1wOj4G8A2m%xXys*0Ct9Ik74WsJcol*cYHJ+a>h&^eMjiIf8j!~w<8rwEQZ`9Dm z8>%lV@K+A(Fo-{mfMD0mQ1hyI41Eohx_SRpyoTMoT0lxt$s zjG`J@bdX~;3vW-DyL*f6~pYq1cNZsIO<&ysFs8UnDb0?g9=Zpg6IT=~`eg3X|aeP7N zlTB&Nge|SZ*&BqQESv5n@HRkl{}%Y7bPOEM<~`Cnd>{R=eVa-8Yc~ryXRXUt4L-Yj|dYs{{lf5iA(UlfGw=D-TS&8IRNH zqa;k!U>UdJ8Wm%<=v3~~y-{WU^)|&Nu97r`>(sh(rFF%%VxsEZoT;zT1)$s`)ep+V z)scX@B+U14tziD~-tPV^|30l#_Bav3bWOEy`$Z@0X9kc8B?l)ck zo1uG2`!dX(PGDmXw#UY$NP~42a)p9d`;vNQ_3M+T<2p-J4SDWB2#|*lJbayOV-A(@ zxi@a!7?|cL^w0g(S$VS@g2X&{_>`>;7X#HnrHKK@NKlZ?539t&(+~v1xed=JZN2k4 z*<>g(8FBw5x#Y3riVt>@LjaZ4_VKdEIu6CM!fJ9dtN^HJQj}ClVkcWhM$H%8dZoTS?GBHU_pX$_DStx|q z1%exBb)Yc$uS5Xc$OS)iOi@Z_If?s{$nEv(4s{zBmlPK_08W3KphJnTM+k7s(go@3G?Gp=UZXF!Kb(7bYiDt)hL|hWvkNfvJCi;iS=0vkJjhd zRAjD5qfeSyVy!K50+iPCU3mA?c2&3i4*DQLl4T?E4WiX@5Dj9=t->y3p@R&lizK%` z33nCi5#IqXL2l3J(r{c&?br5n|A}&~%bzdf(?JY}>bIn(MPx=s#_$3}X{fP~E~(A| zrz(%lol9`~H0)mEP*{V_uO09}-R{M8{EMYg=w;q!+Jl4-?c53{*8?F(j~yF0(RF5D zuL)Wrv0lQ1c~c!LA|`vb@}qGY9)IJqwl=z5NkT%KIWv-GZsRX2e|`|s&!&a2zQ2`% zWlQuR0vJDBdhS_UV;z$im9w~QFgitAR@2@-<3S%h29Obu#0}oIwuynsK>?t3#<9MM z=l6;unY9+!I|0q;)LE1wwt?B>P*~SDxxS(pTs)A~8VAW@Mf$I_+5Gaty@OpIWojx^ zR6pz~C0e;Wn-G^mhQrw~RUuw@(5AM$k7Nz7hI=@n<6Bp@fBy2h7OFlX`X=x7&oBNX za8SHT-oCIic*M3Rsf|J;4qbQ$Am-ybyDJ&n$5p4pa7-!j5K)jMf$Rh$S#r-oZUUfp zUZmkK^L;{CSqgt|WAsC-%LV9BN6*n*AQoX8B)&P~s^Qp@yuoDU5S=1KSjSYqZB*5S z0oFEC=lNzqk>c_>ZSlI~g*qeAgRPaP2^dmdJsbRz$CK|C=+j%L1pL2@v-$^-?G(2( zhY@g$Q*Za^lF>4~)RD+r=sC_LN19vl_~AoFkNkG$?qU>J4<+adP>>NQbG7I~gtbzT zKeIA``YbRaLrpPr?%#-8<34>}xS=_p@$!<@8M@ePh1;9cr zBfqZ_J((+P%sDg8Oqm&a!cn+>-Bnydg2b_4jj6<$#cpL4)Q)eZ2`jh!>(rZHHOULV zo}({<%2<_M4EEqCO0FU~w=&D;@lD@An|Q)O&xelruiVeQE^oLzKJP8&L_0*`Xt5^m z{jK%F`;5VvrfVz~$xLB5)NKSuml3=-y^A}^qDaZeymU-Kw0O@K6pabEK$>~*OKxw5 zt$IqyMXmw;h4i!0ov@aVZYMpeGLeYu%J}ps{X;SE;ua^-1N-}7QzI4?T_TbEgCo0@ zggHG5+B(%l_yn~;a3F&UX<%`K&jf2!l6J&)9~sr$-28wgCMF?uTuF6T^rNVUjG&TN zLkDKxkEn3xIIUdaI#Arf2(S4UD#y|bX^EDiRGZoOhd=IQ+fT>VKMjArv&`a(5k&;) zkH8w!QsD?KqHA?T2RlDPneehKxl`u1hn-0(IC0+I>?(>9gMtO3_jvS&KA8EC*_msa z+{^9v$m=WtH)ltO>bkn;vC;qVT$$L80@Pz=7hOGF5U2!bPOlz_F>+&|h~glg$gPBl z=i4n(xf~2EAz{;FAIPF>ze(XLVq;^6sv>oG6%!*5LPLN;x?SCHSRmvq0<4OJJ$oLm za`P-tLd{1MvkzrqfidRp{k0dIiV`}nLp>kx-H2kMjObg#loW}jgz6uXHd z%rXs{!;;ERD2f||*zxQvG4$c~S*3r1yqT4(AS}(hTQGx=PV!Dt0dXro-woT69uJ2o zfRQ*DOLOjWh*7SEfSd_J3b<&-YzOfE+OiSY~k=&rfdfdM4@n#8i(En81vYNMEAba46er*)0jw z%)HU7<3JA-VP|y#8t~>5Oz*F-={OV)gU*8;%pMjkbpgH6Qd`$=9Sw68S=>04hYRf% z7Nui1ewjo&f-1bTN8=)fG|aOzB0Y<20x;3&v8B60P^O{EerE*u;iVIEQ-QfnpkbZ) zNz}uQ&u7Nya-$)YYA7%h>{UrgPjoqOBCe~{NvLe5O_hSFX_@Mn1X=CvO5i3EG4DcH z7{ao`FC*E{;S=s{1g`pDENpzjfeVs3S4;IFBQa_6n9m7JQjru?ANz~P%?{tKbtoB) zVJ7eV-tRf#iC>y8hb1-uDOxL7A;I{@n*~!-9Lsu&t)H5)^f~zffB?5YK8pks0Boi3~&2^z!aKKe< zLkFop{g%PfPyawpw|VNjF{z&ys7l+lly)A--fMKuLRq;3W(g9O4$tigegp`;yCCf` zDcLa$&W^MR$K*6=%6sj_MPHuhA&VhB3m%q!_fn}G?k7Z_g7p1`1FnZf+G!G>=?25eP+TXI*sS&9~I15 z`fdR}Np6j--H@a2bEWav_6`jY{J^LJK^1H>An(1Y&OwjnCW{hy<&`0RbOiyC{gmL3 z!5==|1GfZE9a#>7iQRv9EPfnz#LGH5br43^#I&&QE+roU-SCV@Z{L30T7{p>sXz)_ zfvpy1wlb7g?rS~VX{^7U+M8&1;AzCuShb@UgHnvdIjx@@3Z-Rb4Sjt}1y;G9d<(cwyt2h3wMI9eDDg@S@1MBA zlkj(4UL%p-J`sf8t| zBwRZOulP{rXFGD*NYTgxg$rCRJC&a0$5u?rOlY8YngQFzx13=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "dendrite.labels" . | nindent 4 }} + annotations: + {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + kubernetes.io/ingress.class: {{ .Values.ingress.className }} + {{- end }} + {{- with .Values.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if kindIs "slice" .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- else if .Values.ingress.tls.generate }} + tls: + - hosts: + {{- range $allHosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ $fullName }}-ingress-tls + {{- end }} + rules: + {{- if .Values.ingress.hostName }} + - host: {{ .Values.ingress.hostName | quote }} + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $.Values.service.port }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: http + {{- end }} + {{- else }} + - host: {{ $serverNameHost | quote }} + http: + paths: + - path: /.well-known/matrix + pathType: Prefix + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $.Values.service.port }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: http + {{- end }} + - host: {{ $wellKnownServerHost | quote }} + http: + paths: + {{- range list "/_matrix/key" "/_matrix/federation" }} + - path: {{ . | quote }} + pathType: Prefix + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $.Values.service.port }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: http + {{- end }} + {{- end }} + - host: {{ $wellKnownClientHost | quote }} + http: + paths: + {{- range list "/_matrix/client" "/_matrix/media" }} + - path: {{ . | quote }} + pathType: Prefix + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $.Values.service.port }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: http + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/matrix/dendrite.old/templates/jobs.yaml b/matrix/dendrite.old/templates/jobs.yaml new file mode 100644 index 0000000..4696bdb --- /dev/null +++ b/matrix/dendrite.old/templates/jobs.yaml @@ -0,0 +1,100 @@ +{{ if and .Values.signing_key.create (not .Values.signing_key.existingSecret ) }} +{{ $name := (print ( include "dendrite.fullname" . ) "-signing-key") }} +{{ $secretName := (print ( include "dendrite.fullname" . ) "-signing-key") }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $name }} + labels: + app.kubernetes.io/component: signingkey-job + {{- include "dendrite.labels" . | nindent 4 }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ $name }} + labels: + app.kubernetes.io/component: signingkey-job + {{- include "dendrite.labels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - {{ $secretName }} + verbs: + - get + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $name }} + labels: + app.kubernetes.io/component: signingkey-job + {{- include "dendrite.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ $name }} +subjects: + - kind: ServiceAccount + name: {{ $name }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: generate-signing-key + labels: + {{- include "dendrite.labels" . | nindent 4 }} +spec: + template: + spec: + restartPolicy: "Never" + serviceAccount: {{ $name }} + containers: + - name: upload-key + image: {{ $.Values.image.kubectl }} + command: + - sh + - -c + - | + # check if key already exists + key=$(kubectl get secret {{ $secretName }} -o jsonpath="{.data['signing\.key']}" 2> /dev/null) + [ $? -ne 0 ] && echo "Failed to get existing secret" && exit 1 + [ -n "$key" ] && echo "Key already created, exiting." && exit 0 + # wait for signing key + while [ ! -f /etc/dendrite/signing-key.pem ]; do + echo "Waiting for signing key.." + sleep 5; + done + # update secret + kubectl patch secret {{ $secretName }} -p "{\"data\":{\"signing.key\":\"$(base64 /etc/dendrite/signing-key.pem | tr -d '\n')\"}}" + [ $? -ne 0 ] && echo "Failed to update secret." && exit 1 + echo "Signing key successfully created." + volumeMounts: + - mountPath: /etc/dendrite/ + name: signing-key + readOnly: true + - name: generate-key + {{- include "image.name" . | nindent 8 }} + command: + - sh + - -c + - | + /usr/bin/generate-keys -private-key /etc/dendrite/signing-key.pem + chown 1001:1001 /etc/dendrite/signing-key.pem + volumeMounts: + - mountPath: /etc/dendrite/ + name: signing-key + volumes: + - name: signing-key + emptyDir: {} + parallelism: 1 + completions: 1 + backoffLimit: 1 +{{ end }} \ No newline at end of file diff --git a/matrix/dendrite.old/templates/prometheus-rules.yaml b/matrix/dendrite.old/templates/prometheus-rules.yaml new file mode 100644 index 0000000..dc6c12c --- /dev/null +++ b/matrix/dendrite.old/templates/prometheus-rules.yaml @@ -0,0 +1,18 @@ +{{- if and ( .Values.prometheus.rules.enabled ) ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "dendrite.fullname" . }} + labels: + {{- include "dendrite.labels" . | nindent 4 }} + {{- with .Values.prometheus.rules.labels }} + {{- . | toYaml | nindent 4 }} + {{- end }} +spec: + groups: + {{- if .Values.prometheus.rules.additionalRules }} + - name: {{ template "dendrite.name" . }}-Additional + rules: {{- toYaml .Values.prometheus.rules.additionalRules | nindent 4 }} + {{- end }} +{{- end }} diff --git a/matrix/dendrite.old/templates/pvc.yaml b/matrix/dendrite.old/templates/pvc.yaml new file mode 100644 index 0000000..70b1ce5 --- /dev/null +++ b/matrix/dendrite.old/templates/pvc.yaml @@ -0,0 +1,69 @@ +{{ if not .Values.persistence.media.existingClaim }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + helm.sh/resource-policy: keep + name: {{ include "dendrite.fullname" . }}-media-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.persistence.media.capacity }} + {{ $storageClass := .Values.persistence.media.storageClass | default .Values.persistence.storageClass }} + {{- if $storageClass }} + {{- if (eq "-" $storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ $storageClass }}" + {{- end }} + {{- end }} +{{ end }} +{{ if not .Values.persistence.jetstream.existingClaim }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + helm.sh/resource-policy: keep + name: {{ include "dendrite.fullname" . }}-jetstream-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.persistence.jetstream.capacity }} + {{ $storageClass := .Values.persistence.jetstream.storageClass | default .Values.persistence.storageClass }} + {{- if $storageClass }} + {{- if (eq "-" $storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ $storageClass }}" + {{- end }} + {{- end }} +{{ end }} +{{ if not .Values.persistence.search.existingClaim }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + helm.sh/resource-policy: keep + name: {{ include "dendrite.fullname" . }}-search-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.persistence.search.capacity }} + {{ $storageClass := .Values.persistence.search.storageClass | default .Values.persistence.storageClass }} + {{- if $storageClass }} + {{- if (eq "-" $storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ $storageClass }}" + {{- end }} + {{- end }} +{{ end }} diff --git a/matrix/dendrite.old/templates/secrets.yaml b/matrix/dendrite.old/templates/secrets.yaml new file mode 100644 index 0000000..2084c9a --- /dev/null +++ b/matrix/dendrite.old/templates/secrets.yaml @@ -0,0 +1,45 @@ +{{- if (gt (len (.Files.Glob "appservices/*")) 0) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "dendrite.fullname" . }}-appservices-conf +type: Opaque +data: +{{ (.Files.Glob "appservices/*").AsSecrets | indent 2 }} +{{- end }} + +{{- if and .Values.signing_key.create (not .Values.signing_key.existingSecret) }} +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + helm.sh/resource-policy: keep + name: {{ include "dendrite.fullname" . }}-signing-key +type: Opaque +{{- end }} + +{{- with .Values.dendrite_config.global.metrics }} +{{- if .enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "dendrite.fullname" $ }}-metrics-basic-auth +type: Opaque +stringData: + user: {{ .basic_auth.user | quote }} + password: {{ .basic_auth.password | quote }} +{{- end }} +{{- end }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "dendrite.fullname" . }}-conf +type: Opaque +stringData: + dendrite.yaml: | + {{ toYaml ( mustMergeOverwrite .Values.dendrite_config ( fromYaml (include "override.config" .) ) .Values.dendrite_config ) | nindent 4 }} \ No newline at end of file diff --git a/matrix/dendrite.old/templates/service.yaml b/matrix/dendrite.old/templates/service.yaml new file mode 100644 index 0000000..1b709c7 --- /dev/null +++ b/matrix/dendrite.old/templates/service.yaml @@ -0,0 +1,17 @@ +{{ template "validate.config" . }} +--- +apiVersion: v1 +kind: Service +metadata: + namespace: {{ $.Release.Namespace }} + name: {{ include "dendrite.fullname" . }} + labels: + {{- include "dendrite.labels" . | nindent 4 }} +spec: + selector: + {{- include "dendrite.selectorLabels" . | nindent 4 }} + ports: + - name: http + protocol: TCP + port: {{ .Values.service.port }} + targetPort: http \ No newline at end of file diff --git a/matrix/dendrite.old/templates/servicemonitor.yaml b/matrix/dendrite.old/templates/servicemonitor.yaml new file mode 100644 index 0000000..4602140 --- /dev/null +++ b/matrix/dendrite.old/templates/servicemonitor.yaml @@ -0,0 +1,28 @@ +{{- if and + (and .Values.prometheus.servicemonitor.enabled .Values.dendrite_config.global.metrics.enabled ) + ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) +}} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "dendrite.fullname" . }} + labels: + {{- include "dendrite.labels" . | nindent 4 }} + {{- with .Values.prometheus.servicemonitor.labels }} + {{- . | toYaml | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: http + basicAuth: + username: + name: {{ include "dendrite.fullname" . }}-metrics-basic-auth + key: "user" + password: + name: {{ include "dendrite.fullname" . }}-metrics-basic-auth + key: "password" + selector: + matchLabels: + {{- include "dendrite.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/matrix/dendrite.old/templates/tests/test-version.yaml b/matrix/dendrite.old/templates/tests/test-version.yaml new file mode 100644 index 0000000..d887513 --- /dev/null +++ b/matrix/dendrite.old/templates/tests/test-version.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "dendrite.fullname" . }}-test-version" + labels: + {{- include "dendrite.selectorLabels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: curl + image: curlimages/curl + imagePullPolicy: IfNotPresent + args: + - 'http://{{- include "dendrite.fullname" . -}}:8008/_matrix/client/versions' + restartPolicy: Never diff --git a/matrix/dendrite.old/values.yaml b/matrix/dendrite.old/values.yaml new file mode 100644 index 0000000..2f132d7 --- /dev/null +++ b/matrix/dendrite.old/values.yaml @@ -0,0 +1,428 @@ +image: + # -- Docker repository/image to use + repository: "ghcr.io/matrix-org/dendrite-monolith" + kubectl: "bitnami/kubectl" + # -- Kubernetes pullPolicy + pullPolicy: IfNotPresent + # -- Overrides the image tag whose default is the chart appVersion. + tag: "" + + +# signing key to use +signing_key: + # -- Create a new signing key, if not exists + create: true + # -- Use an existing secret + existingSecret: "" + +# -- Default resource requests/limits. +# @default -- sets some sane default values +resources: + requests: + memory: "512Mi" + limits: + memory: "4096Mi" + +persistence: + # -- The storage class to use for volume claims. + # Used unless specified at the specific component. + # Defaults to the cluster default storage class. + # If defined, storageClassName: + # If set to "-", storageClassName: "", which disables dynamic provisioning + # If undefined (the default) or set to null, no storageClassName spec is + # set, choosing the default provisioner. (gp2 on AWS, standard on + # GKE, AWS & OpenStack) + # + storageClass: + jetstream: + # -- Use an existing volume claim for jetstream + existingClaim: "" + # -- PVC Storage Request for the jetstream volume + capacity: "1Gi" + # -- The storage class to use for volume claims. + # Defaults to persistence.storageClass + # If defined, storageClassName: + # If set to "-", storageClassName: "", which disables dynamic provisioning + # If undefined (the default) or set to null, no storageClassName spec is + # set, choosing the default provisioner. (gp2 on AWS, standard on + # GKE, AWS & OpenStack) + storageClass: + media: + # -- Use an existing volume claim for media files + existingClaim: "" + # -- PVC Storage Request for the media volume + capacity: "1Gi" + # -- The storage class to use for volume claims. + # Defaults to persistence.storageClass + # If defined, storageClassName: + # If set to "-", storageClassName: "", which disables dynamic provisioning + # If undefined (the default) or set to null, no storageClassName spec is + # set, choosing the default provisioner. (gp2 on AWS, standard on + # GKE, AWS & OpenStack) + storageClass: + search: + # -- Use an existing volume claim for the fulltext search index + existingClaim: "" + # -- PVC Storage Request for the search volume + capacity: "1Gi" + # -- The storage class to use for volume claims. + # Defaults to persistence.storageClass + # If defined, storageClassName: + # If set to "-", storageClassName: "", which disables dynamic provisioning + # If undefined (the default) or set to null, no storageClassName spec is + # set, choosing the default provisioner. (gp2 on AWS, standard on + # GKE, AWS & OpenStack) + storageClass: + +# -- Add additional volumes to the Dendrite Pod +extraVolumes: [] +# ex. +# - name: extra-config +# secret: +# secretName: extra-config + +# -- Configure additional mount points volumes in the Dendrite Pod +extraVolumeMounts: [] +# ex. +# - mountPath: /etc/dendrite/extra-config +# name: extra-config + +strategy: + # -- Strategy to use for rolling updates (e.g. Recreate, RollingUpdate) + # If you are using ReadWriteOnce volumes, you should probably use Recreate + type: Recreate + rollingUpdate: + # -- Maximum number of pods that can be unavailable during the update process + maxUnavailable: 25% + # -- Maximum number of pods that can be scheduled above the desired number of pods + maxSurge: 25% + +dendrite_config: + version: 2 + global: + # -- **REQUIRED** Servername for this Dendrite deployment. + server_name: "" + + # -- The private key to use. (**NOTE**: This is overriden in Helm) + private_key: /etc/dendrite/secrets/signing.key + + # -- The server name to delegate server-server communications to, with optional port + # e.g. localhost:443 + well_known_server_name: "" + + # -- The server name to delegate client-server communications to, with optional port + # e.g. localhost:443 + well_known_client_name: "" + + # -- Lists of domains that the server will trust as identity servers to verify third + # party identifiers such as phone numbers and email addresses. + trusted_third_party_id_servers: + - matrix.org + - vector.im + + # -- The paths and expiry timestamps (as a UNIX timestamp in millisecond precision) + # to old signing keys that were formerly in use on this domain name. These + # keys will not be used for federation request or event signing, but will be + # provided to any other homeserver that asks when trying to verify old events. + old_private_keys: + # If the old private key file is available: + # - private_key: old_matrix_key.pem + # expired_at: 1601024554498 + # If only the public key (in base64 format) and key ID are known: + # - public_key: mn59Kxfdq9VziYHSBzI7+EDPDcBS2Xl7jeUdiiQcOnM= + # key_id: ed25519:mykeyid + # expired_at: 1601024554498 + + # -- Disable federation. Dendrite will not be able to make any outbound HTTP requests + # to other servers and the federation API will not be exposed. + disable_federation: false + + key_validity_period: 168h0m0s + + database: + # -- The connection string for connections to Postgres. + # This will be set automatically if using the Postgres dependency + connection_string: "" + + # -- Default database maximum open connections + max_open_conns: 90 + # -- Default database maximum idle connections + max_idle_conns: 5 + # -- Default database maximum lifetime + conn_max_lifetime: -1 + + jetstream: + # -- Persistent directory to store JetStream streams in. + storage_path: "/data/jetstream" + # -- NATS JetStream server addresses if not using internal NATS. + addresses: [] + # -- The prefix for JetStream streams + topic_prefix: "Dendrite" + # -- Keep all data in memory. (**NOTE**: This is overriden in Helm to `false`) + in_memory: false + # -- Disables TLS validation. This should **NOT** be used in production. + disable_tls_validation: true + + cache: + # -- The estimated maximum size for the global cache in bytes, or in terabytes, + # gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or + # 'kb' suffix is specified. Note that this is not a hard limit, nor is it a + # memory limit for the entire process. A cache that is too small may ultimately + # provide little or no benefit. + max_size_estimated: 1gb + # -- The maximum amount of time that a cache entry can live for in memory before + # it will be evicted and/or refreshed from the database. Lower values result in + # easier admission of new cache entries but may also increase database load in + # comparison to higher values, so adjust conservatively. Higher values may make + # it harder for new items to make it into the cache, e.g. if new rooms suddenly + # become popular. + max_age: 1h + + report_stats: + # -- Configures phone-home statistics reporting. These statistics contain the server + # name, number of active users and some information on your deployment config. + # We use this information to understand how Dendrite is being used in the wild. + enabled: false + # -- Endpoint to report statistics to. + endpoint: https://matrix.org/report-usage-stats/push + + presence: + # -- Controls whether we receive presence events from other servers + enable_inbound: false + # -- Controls whether we send presence events for our local users to other servers. + # (_May increase CPU/memory usage_) + enable_outbound: false + + server_notices: + # -- Server notices allows server admins to send messages to all users on the server. + enabled: false + # -- The local part for the user sending server notices. + local_part: "_server" + # -- The display name for the user sending server notices. + display_name: "Server Alerts" + # -- The avatar URL (as a mxc:// URL) name for the user sending server notices. + avatar_url: "" + # The room name to be used when sending server notices. This room name will + # appear in user clients. + room_name: "Server Alerts" + + # prometheus metrics + metrics: + # -- Whether or not Prometheus metrics are enabled. + enabled: false + # HTTP basic authentication to protect access to monitoring. + basic_auth: + # -- HTTP basic authentication username + user: "metrics" + # -- HTTP basic authentication password + password: metrics + + dns_cache: + # -- Whether or not the DNS cache is enabled. + enabled: false + # -- Maximum number of entries to hold in the DNS cache + cache_size: 256 + # -- Duration for how long DNS cache items should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more) + cache_lifetime: "10m" + + profiling: + # -- Enable pprof. You will need to manually create a port forwarding to the deployment to access PPROF, + # as it will only listen on localhost and the defined port. + # e.g. `kubectl port-forward deployments/dendrite 65432:65432` + enabled: false + # -- pprof port, if enabled + port: 65432 + + # -- Configuration for experimental MSC's. (Valid values are: msc2836) + mscs: + mscs: [] + # A list of enabled MSC's + # Currently valid values are: + # - msc2836 (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836) + + app_service_api: + # -- Disable the validation of TLS certificates of appservices. This is + # not recommended in production since it may allow appservice traffic + # to be sent to an insecure endpoint. + disable_tls_validation: false + # -- Appservice config files to load on startup. (**NOTE**: This is overriden by Helm, if a folder `./appservices/` exists) + config_files: [] + + client_api: + # -- Prevents new users from being able to register on this homeserver, except when + # using the registration shared secret below. + registration_disabled: true + + # Prevents new guest accounts from being created. Guest registration is also + # disabled implicitly by setting 'registration_disabled' above. + guests_disabled: true + + # -- If set, allows registration by anyone who knows the shared secret, regardless of + # whether registration is otherwise disabled. + registration_shared_secret: "" + + # -- enable reCAPTCHA registration + enable_registration_captcha: false + # -- reCAPTCHA public key + recaptcha_public_key: "" + # -- reCAPTCHA private key + recaptcha_private_key: "" + # -- reCAPTCHA bypass secret + recaptcha_bypass_secret: "" + recaptcha_siteverify_api: "" + + # TURN server information that this homeserver should send to clients. + turn: + # -- Duration for how long users should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more) + turn_user_lifetime: "24h" + turn_uris: [] + turn_shared_secret: "" + # -- The TURN username + turn_username: "" + # -- The TURN password + turn_password: "" + + rate_limiting: + # -- Enable rate limiting + enabled: true + # -- After how many requests a rate limit should be activated + threshold: 20 + # -- Cooloff time in milliseconds + cooloff_ms: 500 + # -- Users which should be exempt from rate limiting + exempt_user_ids: + + federation_api: + # -- Federation failure threshold. How many consecutive failures that we should + # tolerate when sending federation requests to a specific server. The backoff + # is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds, etc. + # The default value is 16 if not specified, which is circa 18 hours. + send_max_retries: 16 + # -- Disable TLS validation. This should **NOT** be used in production. + disable_tls_validation: false + prefer_direct_fetch: false + # -- Prevents Dendrite from keeping HTTP connections + # open for reuse for future requests. Connections will be closed quicker + # but we may spend more time on TLS handshakes instead. + disable_http_keepalives: false + # -- Perspective keyservers, to use as a backup when direct key fetch + # requests don't succeed. + # @default -- See value.yaml + key_perspectives: + - server_name: matrix.org + keys: + - key_id: ed25519:auto + public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw + - key_id: ed25519:a_RXGa + public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ + + media_api: + # -- The path to store media files (e.g. avatars) in + base_path: "/data/media_store" + # -- The max file size for uploaded media files + max_file_size_bytes: 10485760 + # Whether to dynamically generate thumbnails if needed. + dynamic_thumbnails: false + # -- The maximum number of simultaneous thumbnail generators to run. + max_thumbnail_generators: 10 + # -- A list of thumbnail sizes to be generated for media content. + # @default -- See value.yaml + thumbnail_sizes: + - width: 32 + height: 32 + method: crop + - width: 96 + height: 96 + method: crop + - width: 640 + height: 480 + method: scale + + sync_api: + # -- This option controls which HTTP header to inspect to find the real remote IP + # address of the client. This is likely required if Dendrite is running behind + # a reverse proxy server. + real_ip_header: X-Real-IP + # -- Configuration for the full-text search engine. + search: + # -- Whether fulltext search is enabled. + enabled: true + # -- The path to store the search index in. + index_path: "/data/search" + # -- The language most likely to be used on the server - used when indexing, to + # ensure the returned results match expectations. A full list of possible languages + # can be found [here](https://github.com/matrix-org/dendrite/blob/76db8e90defdfb9e61f6caea8a312c5d60bcc005/internal/fulltext/bleve.go#L25-L46) + language: "en" + + user_api: + # -- bcrypt cost to use when hashing passwords. + # (ranges from 4-31; 4 being least secure, 31 being most secure; _NOTE: Using a too high value can cause clients to timeout and uses more CPU._) + bcrypt_cost: 10 + # -- OpenID Token lifetime in milliseconds. + openid_token_lifetime_ms: 3600000 + # - Disable TLS validation when hitting push gateways. This should **NOT** be used in production. + push_gateway_disable_tls_validation: false + # -- Rooms to join users to after registration + auto_join_rooms: [] + + # -- Default logging configuration + logging: + - type: std + level: info + +postgresql: + # -- Enable and configure postgres as the database for dendrite. + # @default -- See value.yaml + enabled: false + image: + repository: bitnami/postgresql + tag: "16.2.0" + auth: + username: dendrite + password: changeme + database: dendrite + + persistence: + enabled: false + +ingress: + # -- Create an ingress for the deployment + enabled: false + # -- The ingressClass to use. Will be converted to annotation if not yet supported. + className: "" + # -- Extra, custom annotations + annotations: {} + # -- The ingress hostname for your matrix server. + # Should align with the server_name and well_known_* hosts. + # If not set, generated from the dendrite_config values. + hostName: "" + # -- TLS configuration. Should contain information for the server_name and well-known hosts. + # Alternatively, set tls.generate=true to generate defaults based on the dendrite_config. + tls: [] + +service: + type: ClusterIP + port: 8008 + +prometheus: + servicemonitor: + # -- Enable ServiceMonitor for Prometheus-Operator for scrape metric-endpoint + enabled: false + # -- Extra Labels on ServiceMonitor for selector of Prometheus Instance + labels: {} + rules: + # -- Enable PrometheusRules for Prometheus-Operator for setup alerting + enabled: false + # -- Extra Labels on PrometheusRules for selector of Prometheus Instance + labels: {} + # -- additional alertrules (no default alertrules are provided) + additionalRules: [] + +grafana: + dashboards: + enabled: false + # -- Extra Labels on ConfigMap for selector of grafana sidecar + labels: + grafana_dashboard: "1" + # -- Extra Annotations on ConfigMap additional config in grafana sidecar + annotations: {} diff --git a/matrix/dendrite/Chart.lock b/matrix/dendrite/Chart.lock index 704b648..323dc84 100644 --- a/matrix/dendrite/Chart.lock +++ b/matrix/dendrite/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://charts.bitnami.com/bitnami version: 14.2.3 digest: sha256:9a752ef85baa3c754e9569b2cd08cb15bf8e9d182716f0296e853ce15e918c27 -generated: "2024-04-09T08:24:44.156192866Z" +generated: "2025-01-16T18:45:16.873847536Z" diff --git a/matrix/dendrite/Chart.yaml b/matrix/dendrite/Chart.yaml index acae028..4bd9279 100644 --- a/matrix/dendrite/Chart.yaml +++ b/matrix/dendrite/Chart.yaml @@ -1,12 +1,12 @@ apiVersion: v2 -appVersion: 0.13.7 +appVersion: 0.14.1 dependencies: - condition: postgresql.enabled name: postgresql repository: https://charts.bitnami.com/bitnami version: 14.2.3 description: Dendrite Matrix Homeserver -home: https://github.com/matrix-org/dendrite +home: https://github.com/element-hq/dendrite icon: https://avatars.githubusercontent.com/u/8418310?s=48&v=4 keywords: - matrix @@ -15,6 +15,6 @@ keywords: - dendrite name: dendrite sources: -- https://github.com/matrix-org/dendrite +- https://github.com/element-hq/dendrite type: application -version: 0.14.1 +version: 0.15.1 diff --git a/matrix/dendrite/README.md b/matrix/dendrite/README.md index 9259c79..5cafac9 100644 --- a/matrix/dendrite/README.md +++ b/matrix/dendrite/README.md @@ -1,7 +1,7 @@ # dendrite -![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.13.7](https://img.shields.io/badge/AppVersion-0.13.7-informational?style=flat-square) +![Version: 0.15.1](https://img.shields.io/badge/Version-0.15.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.14.1](https://img.shields.io/badge/AppVersion-0.14.1-informational?style=flat-square) Dendrite Matrix Homeserver Status: **NOT PRODUCTION READY** @@ -32,7 +32,7 @@ Create a folder `appservices` and place your configurations in there. The confi ## Source Code -* +* ## Requirements | Repository | Name | Version | @@ -42,9 +42,10 @@ Create a folder `appservices` and place your configurations in there. The confi | Key | Type | Default | Description | |-----|------|---------|-------------| -| image.repository | string | `"ghcr.io/matrix-org/dendrite-monolith"` | Docker repository/image to use | +| image.repository | string | `"ghcr.io/element-hq/dendrite-monolith"` | Docker repository/image to use | | image.pullPolicy | string | `"IfNotPresent"` | Kubernetes pullPolicy | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| imagePullSecrets | list | `[]` | Configure image pull secrets to use private container registry https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret | | signing_key.create | bool | `true` | Create a new signing key, if not exists | | signing_key.existingSecret | string | `""` | Use an existing secret | | resources | object | sets some sane default values | Default resource requests/limits. | @@ -58,11 +59,15 @@ Create a folder `appservices` and place your configurations in there. The confi | persistence.search.existingClaim | string | `""` | Use an existing volume claim for the fulltext search index | | persistence.search.capacity | string | `"1Gi"` | PVC Storage Request for the search volume | | persistence.search.storageClass | string | `nil` | The storage class to use for volume claims. Defaults to persistence.storageClass If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | +| extraArgs | list | `[]` | Add additional arguments to the dendrite command | | extraVolumes | list | `[]` | Add additional volumes to the Dendrite Pod | | extraVolumeMounts | list | `[]` | Configure additional mount points volumes in the Dendrite Pod | | strategy.type | string | `"Recreate"` | Strategy to use for rolling updates (e.g. Recreate, RollingUpdate) If you are using ReadWriteOnce volumes, you should probably use Recreate | | strategy.rollingUpdate.maxUnavailable | string | `"25%"` | Maximum number of pods that can be unavailable during the update process | | strategy.rollingUpdate.maxSurge | string | `"25%"` | Maximum number of pods that can be scheduled above the desired number of pods | +| nodeSelector | object | `{}` | Node selector configuration | +| tolerations | object | `{}` | Tolerations configuration | +| affinity | object | `{}` | Affinity configuration | | dendrite_config.version | int | `2` | | | dendrite_config.global.server_name | string | `""` | **REQUIRED** Servername for this Dendrite deployment. | | dendrite_config.global.private_key | string | `"/etc/dendrite/secrets/signing.key"` | The private key to use. (**NOTE**: This is overriden in Helm) | @@ -134,7 +139,7 @@ Create a folder `appservices` and place your configurations in there. The confi | dendrite_config.sync_api.search | object | `{"enabled":true,"index_path":"/data/search","language":"en"}` | Configuration for the full-text search engine. | | dendrite_config.sync_api.search.enabled | bool | `true` | Whether fulltext search is enabled. | | dendrite_config.sync_api.search.index_path | string | `"/data/search"` | The path to store the search index in. | -| dendrite_config.sync_api.search.language | string | `"en"` | The language most likely to be used on the server - used when indexing, to ensure the returned results match expectations. A full list of possible languages can be found [here](https://github.com/matrix-org/dendrite/blob/76db8e90defdfb9e61f6caea8a312c5d60bcc005/internal/fulltext/bleve.go#L25-L46) | +| dendrite_config.sync_api.search.language | string | `"en"` | The language most likely to be used on the server - used when indexing, to ensure the returned results match expectations. A full list of possible languages can be found [here](https://github.com/element-hq/dendrite/blob/76db8e90defdfb9e61f6caea8a312c5d60bcc005/internal/fulltext/bleve.go#L25-L46) | | dendrite_config.user_api.bcrypt_cost | int | `10` | bcrypt cost to use when hashing passwords. (ranges from 4-31; 4 being least secure, 31 being most secure; _NOTE: Using a too high value can cause clients to timeout and uses more CPU._) | | dendrite_config.user_api.openid_token_lifetime_ms | int | `3600000` | OpenID Token lifetime in milliseconds. | | dendrite_config.user_api.push_gateway_disable_tls_validation | bool | `false` | | @@ -189,5 +194,3 @@ grafana: ``` PS: The label `release=kube-prometheus-stack` is setup with the helmchart of the Prometheus Operator. For Grafana Dashboards it may be necessary to enable scanning in the correct namespaces (or ALL), enabled by `sidecar.dashboards.searchNamespace` in [Helmchart of grafana](https://artifacthub.io/packages/helm/grafana/grafana) (which is part of PrometheusOperator, so `grafana.sidecar.dashboards.searchNamespace`) ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) \ No newline at end of file diff --git a/matrix/dendrite/grafana_dashboards/dendrite-rev2.json b/matrix/dendrite/grafana_dashboards/dendrite-rev2.json index 420d8bf..eeb95ff 100644 --- a/matrix/dendrite/grafana_dashboards/dendrite-rev2.json +++ b/matrix/dendrite/grafana_dashboards/dendrite-rev2.json @@ -21,7 +21,7 @@ } ] }, - "description": "Dendrite dashboard from https://github.com/matrix-org/dendrite/", + "description": "Dendrite dashboard from https://github.com/element-hq/dendrite/", "editable": true, "fiscalYearStartMonth": 0, "gnetId": 13916, @@ -95,9 +95,7 @@ "justifyMode": "auto", "orientation": "auto", "reduceOptions": { - "calcs": [ - "lastNotNull" - ], + "calcs": ["lastNotNull"], "fields": "", "values": false }, @@ -191,10 +189,7 @@ "id": 6, "options": { "legend": { - "calcs": [ - "mean", - "lastNotNull" - ], + "calcs": ["mean", "lastNotNull"], "displayMode": "table", "placement": "right", "showLegend": true @@ -326,10 +321,7 @@ "id": 10, "options": { "legend": { - "calcs": [ - "mean", - "lastNotNull" - ], + "calcs": ["mean", "lastNotNull"], "displayMode": "table", "placement": "right", "showLegend": true @@ -384,10 +376,7 @@ "refresh": "10s", "schemaVersion": 37, "style": "dark", - "tags": [ - "matrix", - "dendrite" - ], + "tags": ["matrix", "dendrite"], "templating": { "list": [ { @@ -411,12 +400,8 @@ { "current": { "selected": true, - "text": [ - "All" - ], - "value": [ - "$__all" - ] + "text": ["All"], + "value": ["$__all"] }, "datasource": { "type": "prometheus", diff --git a/matrix/dendrite/templates/_helpers.tpl b/matrix/dendrite/templates/_helpers.tpl index 36bcefd..5f782c1 100644 --- a/matrix/dendrite/templates/_helpers.tpl +++ b/matrix/dendrite/templates/_helpers.tpl @@ -1,6 +1,6 @@ {{- define "validate.config" }} {{- if and (not .Values.signing_key.create) (eq .Values.signing_key.existingSecret "") -}} -{{- fail "You must create a signing key for configuration.signing_key OR specify an existing secret name in .Values.signing_key.existingSecret to mount it. (see https://github.com/matrix-org/dendrite/blob/master/docs/INSTALL.md#server-key-generation)" -}} +{{- fail "You must create a signing key for configuration.signing_key OR specify an existing secret name in .Values.signing_key.existingSecret to mount it. (see https://github.com/element-hq/dendrite/blob/master/docs/INSTALL.md#server-key-generation)" -}} {{- end -}} {{- if and (not .Values.postgresql.enabled) (eq .Values.dendrite_config.global.database.connection_string "") -}} {{- fail "Database connection string must be set." -}} @@ -65,4 +65,4 @@ Selector labels {{- define "dendrite.selectorLabels" -}} app.kubernetes.io/name: {{ include "dendrite.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/matrix/dendrite/templates/deployment.yaml b/matrix/dendrite/templates/deployment.yaml index 6c55a90..3952f4a 100644 --- a/matrix/dendrite/templates/deployment.yaml +++ b/matrix/dendrite/templates/deployment.yaml @@ -56,6 +56,9 @@ spec: args: - '--config' - '/etc/dendrite/dendrite.yaml' + {{- with .Values.extraArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} ports: - name: http containerPort: 8008 @@ -65,9 +68,6 @@ spec: - name: PPROFLISTEN value: "localhost:{{- $.Values.dendrite_config.global.profiling.port -}}" {{- end }} - env: - - name: HTTPS_PROXY - value: "socks5://proxy:1080" resources: {{- toYaml $.Values.resources | nindent 10 }} volumeMounts: @@ -113,3 +113,19 @@ spec: httpGet: path: /_dendrite/monitor/up port: http + imagePullSecrets: + {{- with .Values.imagePullSecrets }} + {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/matrix/dendrite/templates/jobs.yaml b/matrix/dendrite/templates/jobs.yaml index 4696bdb..7f96f26 100644 --- a/matrix/dendrite/templates/jobs.yaml +++ b/matrix/dendrite/templates/jobs.yaml @@ -54,11 +54,15 @@ metadata: spec: template: spec: + imagePullSecrets: + {{- with .Values.imagePullSecrets }} + {{ . | toYaml | nindent 6 }} + {{- end }} restartPolicy: "Never" serviceAccount: {{ $name }} containers: - name: upload-key - image: {{ $.Values.image.kubectl }} + image: bitnami/kubectl command: - sh - -c @@ -94,6 +98,18 @@ spec: volumes: - name: signing-key emptyDir: {} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} parallelism: 1 completions: 1 backoffLimit: 1 diff --git a/matrix/dendrite/values.yaml b/matrix/dendrite/values.yaml index 2f132d7..b5da4ca 100644 --- a/matrix/dendrite/values.yaml +++ b/matrix/dendrite/values.yaml @@ -1,12 +1,15 @@ image: # -- Docker repository/image to use - repository: "ghcr.io/matrix-org/dendrite-monolith" - kubectl: "bitnami/kubectl" + repository: "ghcr.io/element-hq/dendrite-monolith" # -- Kubernetes pullPolicy pullPolicy: IfNotPresent # -- Overrides the image tag whose default is the chart appVersion. tag: "" +# -- Configure image pull secrets to use private container registry +# https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret +imagePullSecrets: [] +# - name: your-pull-secret-name # signing key to use signing_key: @@ -74,6 +77,9 @@ persistence: # GKE, AWS & OpenStack) storageClass: +# -- Add additional arguments to the dendrite command +extraArgs: [] + # -- Add additional volumes to the Dendrite Pod extraVolumes: [] # ex. @@ -97,6 +103,15 @@ strategy: # -- Maximum number of pods that can be scheduled above the desired number of pods maxSurge: 25% +# -- Node selector configuration +nodeSelector: {} + +# -- Tolerations configuration +tolerations: {} + +# -- Affinity configuration +affinity: {} + dendrite_config: version: 2 global: @@ -235,7 +250,8 @@ dendrite_config: # -- Configuration for experimental MSC's. (Valid values are: msc2836) mscs: - mscs: [] + mscs: + [] # A list of enabled MSC's # Currently valid values are: # - msc2836 (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836) @@ -351,7 +367,7 @@ dendrite_config: index_path: "/data/search" # -- The language most likely to be used on the server - used when indexing, to # ensure the returned results match expectations. A full list of possible languages - # can be found [here](https://github.com/matrix-org/dendrite/blob/76db8e90defdfb9e61f6caea8a312c5d60bcc005/internal/fulltext/bleve.go#L25-L46) + # can be found [here](https://github.com/element-hq/dendrite/blob/76db8e90defdfb9e61f6caea8a312c5d60bcc005/internal/fulltext/bleve.go#L25-L46) language: "en" user_api: @@ -367,8 +383,8 @@ dendrite_config: # -- Default logging configuration logging: - - type: std - level: info + - type: std + level: info postgresql: # -- Enable and configure postgres as the database for dendrite. diff --git a/matrix/values.yaml b/matrix/values.yaml index 18e33d3..3bddbf0 100644 --- a/matrix/values.yaml +++ b/matrix/values.yaml @@ -15,7 +15,7 @@ persistence: storageClass: nfs-client image: - tag: v0.14.0 + tag: v0.14.1 kubectl: cr.wetofu.me/docker.io/bitnami/kubectl:1.23 pullPolicy: IfNotPresent repository: ghcr.io/element-hq/dendrite-monolith diff --git a/transmission/templates/configmap-webdav.yaml b/transmission/templates/configmap-webdav.yaml index 698a226..41ec34e 100644 --- a/transmission/templates/configmap-webdav.yaml +++ b/transmission/templates/configmap-webdav.yaml @@ -1,4 +1,4 @@ -kind: Configmap +kind: ConfigMap apiVersion: v1 metadata: name: webdav diff --git a/transmission/templates/deployment-transmission.yaml b/transmission/templates/deployment-transmission.yaml index f72f2ef..ac6bdfa 100644 --- a/transmission/templates/deployment-transmission.yaml +++ b/transmission/templates/deployment-transmission.yaml @@ -37,7 +37,7 @@ spec: - secretRef: name: transmission resources: - {{- toYaml .Values.resources.transmission | nindent 10 }} + {{- toYaml .Values.resources.transmission | nindent 12 }} ports: - containerPort: {{ .Values.ports.transmission.web }} name: web diff --git a/transmission/values.yaml b/transmission/values.yaml index 5bb9e4f..8ad6a79 100644 --- a/transmission/values.yaml +++ b/transmission/values.yaml @@ -11,11 +11,11 @@ webdav: images: transmission: - repository: linuxserver/transmission + repository: cr.wetofu.me/linuxserver/transmission tag: latest pullPolicy: IfNotPresent webdav: - repository: bytemark/webdav + repository: cr.wetofu.me/bytemark/webdav tag: latest pullPolicy: IfNotPresent diff --git a/trilium-notes/.helmignore b/trilium-notes/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/trilium-notes/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/trilium-notes/Chart.yaml b/trilium-notes/Chart.yaml new file mode 100644 index 0000000..55d0cf2 --- /dev/null +++ b/trilium-notes/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +appVersion: 0.47.2 +description: A Helm chart for trillium notes. +maintainers: +- name: ohdearaugustin + url: https://github.com/ohdearaugustin +name: trilium-notes +type: application +version: 0.1.2 diff --git a/trilium-notes/templates/NOTES.txt b/trilium-notes/templates/NOTES.txt new file mode 100644 index 0000000..0dbe80f --- /dev/null +++ b/trilium-notes/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "trilium-notes.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "trilium-notes.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "trilium-notes.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "trilium-notes.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/trilium-notes/templates/_helpers.tpl b/trilium-notes/templates/_helpers.tpl new file mode 100644 index 0000000..cb02c95 --- /dev/null +++ b/trilium-notes/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "trilium-notes.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "trilium-notes.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "trilium-notes.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "trilium-notes.labels" -}} +helm.sh/chart: {{ include "trilium-notes.chart" . }} +{{ include "trilium-notes.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "trilium-notes.selectorLabels" -}} +app.kubernetes.io/name: {{ include "trilium-notes.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "trilium-notes.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "trilium-notes.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/trilium-notes/templates/ingress.yaml b/trilium-notes/templates/ingress.yaml new file mode 100644 index 0000000..4d29046 --- /dev/null +++ b/trilium-notes/templates/ingress.yaml @@ -0,0 +1,41 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "trilium-notes.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "trilium-notes.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/trilium-notes/templates/service-headless.yaml b/trilium-notes/templates/service-headless.yaml new file mode 100644 index 0000000..f462f9d --- /dev/null +++ b/trilium-notes/templates/service-headless.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "trilium-notes.fullname" . }}-headless + labels: + {{- include "trilium-notes.labels" . | nindent 4 }} +spec: + clusterIP: None + ports: + - name: http + port: {{ .Values.service.port }} + targetPort: 8080 + protocol: TCP + selector: + {{- include "trilium-notes.selectorLabels" . | nindent 4 }} diff --git a/trilium-notes/templates/service.yaml b/trilium-notes/templates/service.yaml new file mode 100644 index 0000000..adfb60e --- /dev/null +++ b/trilium-notes/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "trilium-notes.fullname" . }} + labels: + {{- include "trilium-notes.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - name: http + port: {{ .Values.service.port }} + targetPort: 8080 + protocol: TCP + selector: + {{- include "trilium-notes.selectorLabels" . | nindent 4 }} diff --git a/trilium-notes/templates/serviceaccount.yaml b/trilium-notes/templates/serviceaccount.yaml new file mode 100644 index 0000000..ab2cfd6 --- /dev/null +++ b/trilium-notes/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "trilium-notes.serviceAccountName" . }} + labels: + {{- include "trilium-notes.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/trilium-notes/templates/statefulset.yaml b/trilium-notes/templates/statefulset.yaml new file mode 100644 index 0000000..091a72c --- /dev/null +++ b/trilium-notes/templates/statefulset.yaml @@ -0,0 +1,88 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "trilium-notes.fullname" . }} + labels: + {{- include "trilium-notes.labels" . | nindent 4 }} +spec: + serviceName: {{ template "trilium-notes.fullname" . }}-headless + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "trilium-notes.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "trilium-notes.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "trilium-notes.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: TRILIUM_DATA_DIR + value: "{{ .Values.dataDir }}" + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: 8080 + readinessProbe: + httpGet: + path: / + port: 8080 + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: trilium-data + mountPath: "{{ .Values.dataDir }}" + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- if .Values.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + name: trilium-data + {{- if .Values.persistentVolume.annotations }} + annotations: +{{ toYaml .Values.persistentVolume.annotations | indent 10 }} + {{- end }} + spec: + accessModes: +{{ toYaml .Values.persistentVolume.accessModes | indent 10 }} + resources: + requests: + storage: "{{ .Values.persistentVolume.size }}" + {{- if .Values.persistentVolume.storageClass }} + {{- if (eq "-" .Values.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistentVolume.storageClass }}" + {{- end }} + {{- end }} +{{- else }} + volumes: + - name: trilium-data + emptyDir: {} +{{- end }} diff --git a/trilium-notes/templates/tests/test-connection.yaml b/trilium-notes/templates/tests/test-connection.yaml new file mode 100644 index 0000000..fa6d84c --- /dev/null +++ b/trilium-notes/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "trilium-notes.fullname" . }}-test-connection" + labels: + {{- include "trilium-notes.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: curl + image: curlimages/curl:7.73.0 + command: ['curl'] + args: ['-v', '{{ include "trilium-notes.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/trilium-notes/values.schema.json b/trilium-notes/values.schema.json new file mode 100644 index 0000000..c8adc3d --- /dev/null +++ b/trilium-notes/values.schema.json @@ -0,0 +1,153 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "affinity": { + "type": "object" + }, + "dataDir": { + "type": "string" + }, + "fullnameOverride": { + "type": "string" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "imagePullSecrets": { + "type": "array" + }, + "ingress": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "paths": { + "type": "array" + } + } + } + }, + "tls": { + "type": "array" + } + } + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "persistentVolume": { + "type": "object", + "properties": { + "accessModes": { + "type": "array", + "items": { + "type": "string" + } + }, + "annotations": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "size": { + "type": "string" + } + } + }, + "podSecurityContext": { + "type": "object", + "properties": { + "fsGroup": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object" + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + } + } + }, + "service": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "type": { + "type": "string" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "null" + } + } + }, + "tolerations": { + "type": "array" + } + } +} diff --git a/trilium-notes/values.yaml b/trilium-notes/values.yaml new file mode 100644 index 0000000..46ad84b --- /dev/null +++ b/trilium-notes/values.yaml @@ -0,0 +1,77 @@ +# yaml-language-server: $schema=./values.schema.json + +# Default values for trilium-notes. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: zadam/trilium + tag: "" + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + create: true + annotations: {} + # If not set and create is true, a name is generated using the fullname template + name: + +podSecurityContext: + fsGroup: 10000 + +securityContext: + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 10000 + allowPrivilegeEscalation: false + +service: + type: ClusterIP + port: 8080 + +dataDir: /srv/trilium-data + +persistentVolume: + enabled: false + accessModes: + - ReadWriteOnce + annotations: {} + size: 2Gi + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/xianyu-auto-reply/deploy.yaml b/xianyu-auto-reply/deploy.yaml new file mode 100644 index 0000000..f17e4aa --- /dev/null +++ b/xianyu-auto-reply/deploy.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: xianyu-auto-reply +spec: + selector: + matchLabels: + app: xianyu-auto-reply + template: + metadata: + labels: + app: xianyu-auto-reply + spec: + volumes: + - name: data + hostPath: + path: /data/xianyu-auto-reply + containers: + - name: xianyu-auto-reply + image: registry.cn-shanghai.aliyuncs.com/zhinian-software/xianyu-auto-reply:latest + imagePullPolicy: Always + volumeMounts: + - mountPath: /app/data + name: data + resources: + requests: + memory: "128Mi" + cpu: "500m" + limits: + memory: "1Gi" + cpu: "2" diff --git a/xianyu-auto-reply/kustomization.yaml b/xianyu-auto-reply/kustomization.yaml new file mode 100644 index 0000000..5994698 --- /dev/null +++ b/xianyu-auto-reply/kustomization.yaml @@ -0,0 +1,5 @@ +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json + +resources: +- deploy.yaml +- services.yaml diff --git a/xianyu-auto-reply/services.yaml b/xianyu-auto-reply/services.yaml new file mode 100644 index 0000000..8a57318 --- /dev/null +++ b/xianyu-auto-reply/services.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: xianyu-auto-reply +spec: + selector: + app: xianyu-auto-reply + ports: + - port: 8080 + targetPort: 8080