From 4f62868977c7810e0a20e7a47b18b0c98bf15dc1 Mon Sep 17 00:00:00 2001 From: USHER-PB Date: Fri, 9 Jan 2026 12:03:36 +0100 Subject: [PATCH 01/11] Created docuemntation for manual argocd deployment --- docs/manual-argocd-deployment.md | 502 +++++++++++++++++++++++++++++++ 1 file changed, 502 insertions(+) create mode 100644 docs/manual-argocd-deployment.md diff --git a/docs/manual-argocd-deployment.md b/docs/manual-argocd-deployment.md new file mode 100644 index 00000000..296c0a38 --- /dev/null +++ b/docs/manual-argocd-deployment.md @@ -0,0 +1,502 @@ +# Manual Argo CD Deployment Guide + +This guide walks you through manually deploying Argo CD to your Kubernetes cluster using Helm, with production-ready configurations including high availability, HTTPS ingress, and OIDC authentication. + +## Table of Contents + +- [Prerequisites](#prerequisites) +- [Overview](#overview) +- [Deployment Steps](#deployment-steps) +- [Configuration Customization](#configuration-customization) +- [Verification](#verification) +- [Post-Deployment](#post-deployment) +- [Troubleshooting](#troubleshooting) + +--- + +## Prerequisites + +Before deploying Argo CD, ensure you have the following: + +### Required Tools + +- **kubectl**: Kubernetes command-line tool configured to access your cluster +- **helm**: Helm 3.x installed on your local machine +- **Access to Kubernetes cluster**: With sufficient permissions to create namespaces and deploy resources + +### Required Infrastructure + +> [!IMPORTANT] +> **Ingress Controller Required**: This deployment assumes you already have an Nginx Ingress Controller installed in your cluster. If you don't have one set up yet, please refer to the [Ingress Controller Setup Guide](./ingress-controller-setup.md) before proceeding. + +- **Cert-Manager**: For automated TLS certificate management (recommended) + - If not installed, see [Cert-Manager Setup Guide](./cert-manager-setup.md) +- **DNS Configuration**: A domain name pointing to your ingress controller's load balancer IP +- **OIDC Provider** (optional): For SSO authentication (e.g., Keycloak, Okta, Google) + +--- + +## Overview + +This deployment uses the official Argo CD Helm chart with a production-ready values file that includes: + +- **High Availability**: Redis HA, multiple replicas for controller, repo-server, and API server +- **Autoscaling**: Horizontal Pod Autoscaling for repo-server and API server +- **HTTPS Ingress**: Automatic TLS certificate provisioning via cert-manager +- **OIDC Authentication**: Integration with Keycloak or other OIDC providers +- **RBAC**: Role-based access control for multi-tenancy + +**Reference Configuration**: [`argocd/manual/argocd-prod-values.yaml`](../argocd/manual/argocd-prod-values.yaml) + +--- + +## Deployment Steps + +### Step 1: Create Namespace + +Create a dedicated namespace for Argo CD: + +```bash +kubectl create namespace argocd +``` + +### Step 2: Add Argo CD Helm Repository + +Add the official Argo CD Helm repository: + +```bash +helm repo add argo https://argoproj.github.io/argo-helm +helm repo update +``` + +### Step 3: Customize the Values File + +Navigate to the observability project directory and edit the Argo CD values file: + +```bash +# Navigate to your observability project +cd ../argocd/manual + +# Edit the values file directly +nano argocd-prod-values.yaml +``` + +### Step 4: Configure Your Deployment + +Customize the following values in `argocd-prod-values.yaml`: + +> [!WARNING] +> **Required Changes**: You MUST update these values before deployment, or the installation will fail or be misconfigured. + +#### 4.1 Update Ingress Hostname + +```yaml +server: + ingress: + hostname: "argocd.observe.camer.digital" # CHANGE THIS to your domain + tls: + - secretName: argocd-tls-cert + hosts: + - "argocd.observe.camer.digital" # CHANGE THIS to match above +``` + +Replace `argocd.observe.camer.digital` with your actual domain name. + +#### 4.2 Update Ingress Class (if needed) + +```yaml +server: + ingress: + ingressClassName: argocd-nginx # Verify this matches your ingress controller +``` + +Ensure `argocd-nginx` matches the IngressClass name of your installed Nginx Ingress Controller. You can check available IngressClasses with: + +```bash +kubectl get ingressclass +``` + +#### 4.3 Update Cert-Manager Issuer + +```yaml +server: + ingress: + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" # CHANGE THIS to your issuer name +``` + +Update `letsencrypt-prod` to match your cert-manager ClusterIssuer or Issuer name. You can list available issuers with: + +```bash +# For ClusterIssuers +kubectl get clusterissuer + +# For namespace-scoped Issuers +kubectl get issuer -n argocd +``` + +If using a namespace-scoped Issuer instead of ClusterIssuer, change the annotation to: + +```yaml +cert-manager.io/issuer: "your-issuer-name" # CHANGE THIS to your issuer name +``` + +#### 4.4 Update Argo CD URL + +```yaml +configs: + cm: + url: https://argocd.observe.camer.digital # CHANGE THIS to your domain +``` + +#### 4.5 Configure OIDC (Optional) + +If you're using OIDC authentication (e.g., Keycloak), you need to deploy and configure Keycloak, then integrate it with Argo CD. + +> [!IMPORTANT] +> **Keycloak Deployment and Configuration Required**: Before configuring Argo CD for OIDC, you must deploy and configure Keycloak with: +> - A realm (e.g., `argocd`) +> - A client (e.g., `argocd`) with appropriate redirect URIs and client secret +> - Users and groups for authentication +> +> For deployment and configuration instructions, see: [Keycloak Getting Started](https://www.keycloak.org/guides#getting-started) - Covers deployment and OIDC client setup for all platforms + +After deploying and configuring Keycloak, update the following in the values file: + +```yaml +configs: + cm: + oidc.config: | + name: Keycloak + issuer: https://keycloak.yourdomain.com/realms/argocd # CHANGE THIS TO YOUR KEYCLOAK DOMAIN ISSUER URL + clientID: argocd # CHANGE THIS if different + clientSecret: your-client-secret # CHANGE THIS to your Keycloak client secret + requestedScopes: ["openid", "profile", "email", "groups"] + enablePKCEAuthentication: true # In case you want to enable cli authentication +``` + +**Where to find these values in Keycloak:** +- **issuer**: `https:///realms/` +- **clientID**: The client ID you created in Keycloak +- **clientSecret**: Found in Keycloak under Clients → Your Client → Credentials tab + +> [!TIP] +> If you're not using OIDC authentication initially, you can remove or comment out the `oidc.config` section and use the default admin user. You can add OIDC later by updating the configuration. + +### Step 5: Deploy Argo CD + +Deploy Argo CD using Helm with your customized values file: + +```bash +helm install argocd argo/argo-cd \ + --namespace argocd \ + --values argocd-prod-values.yaml \ + --version 7.7.12 +``` + +> [!NOTE] +> The version `7.7.12` is specified for consistency. You can check for the latest version with `helm search repo argo/argo-cd` and update accordingly. + +### Step 6: Wait for Deployment + +Monitor the deployment progress: + +```bash +# Watch all pods in the argocd namespace +kubectl get pods -n argocd -w + +# Check deployment status +kubectl get deployments -n argocd +``` + +Wait until all pods are in `Running` state and all deployments show `READY` status. + +--- + +## Configuration Customization + +### Resource Limits + +The reference configuration includes production-ready resource limits. Adjust these based on your cluster capacity and workload: + +```yaml +controller: + resources: + limits: + memory: "2Gi" + cpu: "1" + requests: + memory: "512Mi" + cpu: "250m" + +repoServer: + resources: + limits: + memory: "1Gi" + cpu: "500m" +``` + +### Autoscaling + +Autoscaling is enabled for `repoServer` and `server` components: + +```yaml +repoServer: + autoscaling: + enabled: true + minReplicas: 2 + maxReplicas: 5 + +server: + autoscaling: + enabled: true + minReplicas: 2 + maxReplicas: 5 +``` + +Adjust `minReplicas` and `maxReplicas` based on your expected load. + +### High Availability + +Redis HA is enabled for production resilience: + +```yaml +redis-ha: + enabled: true + exporter: + enabled: true +``` + +For development environments, you can disable Redis HA to reduce resource usage: + +```yaml +redis-ha: + enabled: false +``` + +### RBAC Policies + +Define custom RBAC policies for multi-tenancy: + +```yaml +configs: + rbac: + policy.csv: | + # Example: Grant 'dev-team' access only to 'dev-project' + p, role:dev-team, applications, *, dev-project/*, allow + g, dev-user@yourcompany.com, role:dev-team + + # Default admin policy + g, admin, role:admin + g, ArgoCDAdmins, role:admin +``` + +--- + +## Verification + +### Step 1: Check Pod Status + +Verify all Argo CD pods are running: + +```bash +kubectl get pods -n argocd +``` + +Expected output should show all pods in `Running` state: + +``` +NAME READY STATUS RESTARTS AGE +argocd-application-controller-0 1/1 Running 0 5m +argocd-applicationset-controller-xxx 1/1 Running 0 5m +argocd-dex-server-xxx 1/1 Running 0 5m +argocd-notifications-controller-xxx 1/1 Running 0 5m +argocd-redis-ha-haproxy-xxx 1/1 Running 0 5m +argocd-redis-ha-server-0 2/2 Running 0 5m +argocd-repo-server-xxx 1/1 Running 0 5m +argocd-server-xxx 1/1 Running 0 5m +``` + +### Step 2: Check Ingress + +Verify the ingress resource was created: + +```bash +kubectl get ingress -n argocd +``` + +Check that the ingress has an address assigned: + +```bash +kubectl describe ingress argocd-server -n argocd +``` + +### Step 3: Verify TLS Certificate + +Check that cert-manager has provisioned the TLS certificate: + +```bash +kubectl get certificate -n argocd +kubectl describe certificate argocd-tls-cert -n argocd +``` + +The certificate should show `Ready: True`. + +### Step 4: Access Argo CD UI + +Open your browser and navigate to your configured domain (e.g., `https://argocd.observe.camer.digital`). + +You should see the Argo CD login page with HTTPS enabled. + +### Step 5: Retrieve Admin Password + +If not using OIDC, retrieve the initial admin password: + +```bash +kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d && echo +``` + +Login with: +- **Username**: `admin` +- **Password**: (output from above command) + +> [!CAUTION] +> **Security Best Practice**: After logging in, immediately change the admin password or disable the admin user if using OIDC authentication. + +--- + +## Post-Deployment + +### Install Argo CD CLI + +First, install the Argo CD CLI tool: + +```bash +# Linux +curl -sSL -o argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 +chmod +x argocd +sudo mv argocd /usr/local/bin/ + +# macOS +brew install argocd +``` + +### Configure CLI Access + +Login to Argo CD via CLI: + +```bash +argocd login argocd.observe.camer.digital +``` + +You'll be prompted for username and password. Use: +- **Username**: `admin` +- **Password**: (the password retrieved in the verification step) + +### Change Admin Password (Optional) + +For enhanced security, you can change the admin password: + +```bash +argocd account update-password +``` + +Alternatively, if you're using OIDC authentication, you can disable the admin user entirely: + +```bash +kubectl patch configmap argocd-cm -n argocd --type merge -p '{"data":{"admin.enabled":"false"}}' +``` + +### Create Your First Application + +Create a sample application to test Argo CD: + +```bash +argocd app create guestbook \ + --repo https://github.com/argoproj/argocd-example-apps.git \ + --path guestbook \ + --dest-server https://kubernetes.default.svc \ + --dest-namespace default +``` + +Sync the application: + +```bash +argocd app sync guestbook +``` + +--- + +## Troubleshooting + +### Pods Not Starting + +**Issue**: Pods stuck in `Pending` or `CrashLoopBackOff` state. + +**Solutions**: +- Check resource availability: `kubectl describe pod -n argocd` +- Verify node resources: `kubectl top nodes` +- Check pod logs: `kubectl logs -n argocd` + +### Ingress Not Working + +**Issue**: Cannot access Argo CD UI via domain. + +**Solutions**: +- Verify ingress controller is running: `kubectl get pods -n ingress-nginx` # replace by your ingress controller namespace +- Check ingress resource: `kubectl describe ingress argocd-server -n argocd` +- Verify DNS points to load balancer IP: `nslookup argocd.yourdomain.com` +- Check ingress controller logs: `kubectl logs -n ingress-nginx ` # replace by your ingress controller namespace + +### TLS Certificate Issues + +**Issue**: Certificate not provisioning or showing as invalid. + +**Solutions**: +- Check cert-manager logs: `kubectl logs -n cert-manager deployment/cert-manager` # replace by your cert-manager namespace +- Verify issuer is ready: `kubectl get clusterissuer letsencrypt-prod` +- Check certificate status: `kubectl describe certificate argocd-tls-cert -n argocd` +- Verify DNS is resolving correctly (Let's Encrypt requires public DNS) + +### OIDC Authentication Failing + +**Issue**: Cannot login with OIDC provider. + +**Solutions**: +- Verify OIDC configuration in ConfigMap: `kubectl get configmap argocd-cm -n argocd -o yaml` +- Check client ID and secret are correct +- Verify issuer URL is accessible from the cluster +- Check Argo CD server logs: `kubectl logs -n argocd deployment/argocd-server` + +### High Resource Usage + +**Issue**: Argo CD consuming too many resources. + +**Solutions**: +- Reduce replica counts for development environments +- Disable Redis HA if not needed +- Adjust resource limits in values file +- Disable autoscaling or adjust min/max replicas + +--- + +## Additional Resources + +- [Argo CD Official Documentation](https://argo-cd.readthedocs.io/) +- [Argo CD Helm Chart](https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd) +- [Ingress Controller Setup Guide](./ingress-controller-setup.md) +- [Cert-Manager Setup Guide](./cert-manager-setup.md) +- [Automated Argo CD Deployment](#) *(Coming soon)* + +--- + +## Next Steps + +After successfully deploying Argo CD, you can: + +1. **Create Projects**: Organize applications into logical projects +2. **Configure Repositories**: Connect to your Git repositories +3. **Deploy Applications**: Use Argo CD to manage your Kubernetes applications +4. **Set Up Notifications**: Configure notifications for deployment events +5. **Implement GitOps**: Adopt GitOps practices for your infrastructure + From e91f635c97f8e23b12a756fa67e9a16b57d2db91 Mon Sep 17 00:00:00 2001 From: USHER-PB Date: Fri, 9 Jan 2026 12:04:21 +0100 Subject: [PATCH 02/11] Added readme to introduce argocd and providing links to appropriate agrocd deployment methods docs --- argocd/README.md | 90 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/argocd/README.md b/argocd/README.md index e69de29b..6ea08ecb 100644 --- a/argocd/README.md +++ b/argocd/README.md @@ -0,0 +1,90 @@ +# Argo CD + +Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It automates the deployment of applications by continuously monitoring Git repositories and synchronizing the desired application state with the live state in your Kubernetes cluster. + +## What is Argo CD? + +Argo CD follows the **GitOps** pattern, using Git repositories as the source of truth for defining the desired application state. It provides: + +- **Automated Deployment**: Automatically sync applications from Git to Kubernetes +- **Application Health Monitoring**: Continuously monitor application health and sync status +- **Rollback Capabilities**: Easy rollback to previous application versions +- **Multi-Cluster Management**: Manage deployments across multiple Kubernetes clusters +- **SSO Integration**: Support for OIDC, SAML, LDAP, and other authentication providers +- **RBAC**: Fine-grained role-based access control for multi-tenancy +- **Web UI & CLI**: Both graphical and command-line interfaces for management + +## Key Features + +### GitOps Workflow +- Declarative application definitions using Kubernetes manifests, Helm charts, or Kustomize +- Git as the single source of truth for application configuration +- Automated synchronization between Git repository and cluster state + +### High Availability +- Support for Redis HA for session storage +- Multiple replicas for API server and repository server +- Horizontal pod autoscaling for handling increased load + +### Security +- TLS/HTTPS support with automated certificate management +- Integration with cert-manager for certificate provisioning +- RBAC policies for fine-grained access control +- SSO/OIDC authentication support + +### Developer Experience +- Intuitive web UI for visualizing application topology +- CLI for automation and CI/CD integration +- Real-time sync status and health monitoring +- Automated or manual sync strategies + +## Architecture + +Argo CD consists of several key components: + +- **API Server**: Exposes the API consumed by the Web UI, CLI, and CI/CD systems +- **Repository Server**: Maintains a local cache of Git repositories holding application manifests +- **Application Controller**: Monitors running applications and compares live state against desired state +- **Redis**: Provides caching and session storage (with HA support for production) +- **ApplicationSet Controller**: Automates the generation of Argo CD applications + +## Deployment Options + +We provide two ways to deploy Argo CD to your Kubernetes cluster: + +### 1. Manual Deployment + +Deploy Argo CD manually using Helm with customizable values files. This approach gives you full control over the configuration and is ideal for: + +- Learning how Argo CD works +- Custom configurations not covered by automation +- Environments where Terraform is not available + +**📖 [Manual Deployment Guide](../docs/manual-argocd-deployment.md)** + +The manual deployment uses the production-ready values file located at [`argocd/manual/argocd-prod-values.yaml`](manual/argocd-prod-values.yaml), which includes: + +- High availability configuration with Redis HA +- Autoscaling for repo-server and API server +- HTTPS ingress with cert-manager integration +- OIDC authentication setup (Keycloak example) +- RBAC policies for multi-tenancy + +### 2. Automated Deployment (Terraform) + +Deploy Argo CD automatically using Terraform for infrastructure-as-code management. This approach is ideal for: + +- Production environments +- Repeatable deployments across multiple clusters +- Integration with existing Terraform infrastructure +- Team collaboration with version-controlled infrastructure + +**📖 [Automated Deployment Guide](#)** *(Coming soon)* + +The automated deployment is located in the [`argocd/terraform/`](terraform) directory and provides: + +- Declarative infrastructure-as-code +- Automated dependency management (cert-manager, ingress controller) +- Environment-specific configurations (dev, prod) +- Integration with GCP/GKE infrastructure + From ef3064d0b88c6ac9e1ad0df5fa774f7b83a5b500 Mon Sep 17 00:00:00 2001 From: USHER-PB Date: Fri, 9 Jan 2026 12:05:51 +0100 Subject: [PATCH 03/11] Feat: added manual argocd config file --- argocd/manual/argocd-prod-values.yaml | 93 +++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 argocd/manual/argocd-prod-values.yaml diff --git a/argocd/manual/argocd-prod-values.yaml b/argocd/manual/argocd-prod-values.yaml new file mode 100644 index 00000000..6892ef35 --- /dev/null +++ b/argocd/manual/argocd-prod-values.yaml @@ -0,0 +1,93 @@ +# 1. High Availability (Redis & Components) +# ----------------------------------------- +redis-ha: + enabled: true + exporter: + enabled: true + +controller: + replicas: 1 + resources: + limits: + memory: "2Gi" + cpu: "1" + requests: + memory: "512Mi" + cpu: "250m" + +repoServer: + replicas: 2 + autoscaling: + enabled: true + minReplicas: 2 + maxReplicas: 5 + resources: + limits: + memory: "1Gi" + cpu: "500m" + +server: + replicas: 2 + autoscaling: + enabled: true + minReplicas: 2 + maxReplicas: 5 + + # 2. Ingress & Cert-Manager Integration + # ------------------------------------- + ingress: + enabled: true + ingressClassName: argocd-nginx # Points to the controller we created in Phase 1 + hostname: "argocd.observe.camer.digital" # CHANGE THIS + annotations: + # Standard Nginx tuning + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + + # Cert-Manager Configuration + cert-manager.io/cluster-issuer: "letsencrypt-prod" # CHANGE THIS to your Issuer name + # If you were using a ClusterIssuer, you would use: + # cert-manager.io/cluster-issuer: "letsencrypt-prod" + + tls: + - secretName: argocd-tls-cert + hosts: + - "argocd.observe.camer.digital" # CHANGE THIS + + # 3. Multi-Tenancy & RBAC + # ----------------------- + # This section sets up the foundation for multi-tenancy. + # We disable the admin user eventually and rely on SSO, + # but for now, we define policies. +configs: + params: + server.insecure: true # We terminate TLS at NGINX, so Argo itself runs insecurely internally + + # Define RBAC roles for your tenants here or in a separate ConfigMap + rbac: + policy.csv: | + # Example: Grant 'dev-team' access only to 'dev-project' + # p, role:dev-team, applications, *, dev-project/*, allow + # g, dev-user@yourcompany.com, role:dev-team + + # Default policy + g, admin, role:admin + g, ArgoCDAdmins, role:admin + + cm: + url: https://argocd.observe.camer.digital + oidc.config: | + name: Keycloak + issuer: https://keycloak.18.198.59.109.sslip.io/realms/argocd + clientID: argocd + clientSecret: lGH4qCY4mtEVaweAAHzktyrXTwRLHdWC # Used by the Server for Web Login + requestedScopes: ["openid", "profile", "email", "groups"] + enablePKCEAuthentication: true + # PKCE is handled automatically by the ArgoCD CLI + # when it talks to this OIDC provider. + +# 4. GitOps Engine Tuning +# ----------------------- +# Important for production to handle many applications +applicationSet: + replicas: 2 \ No newline at end of file From 7439f742fd05dcc2c2ec440c05dcde40d918b716 Mon Sep 17 00:00:00 2001 From: USHER-PB Date: Fri, 9 Jan 2026 13:35:29 +0100 Subject: [PATCH 04/11] Feat: Address file based on comment placed --- argocd/README.md | 52 +++--------------------------------------------- 1 file changed, 3 insertions(+), 49 deletions(-) diff --git a/argocd/README.md b/argocd/README.md index 6ea08ecb..d2417ec2 100644 --- a/argocd/README.md +++ b/argocd/README.md @@ -1,53 +1,7 @@ -# Argo CD +# Argo CD Deployment Guide Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It automates the deployment of applications by continuously monitoring Git repositories and synchronizing the desired application state with the live state in your Kubernetes cluster. -## What is Argo CD? - -Argo CD follows the **GitOps** pattern, using Git repositories as the source of truth for defining the desired application state. It provides: - -- **Automated Deployment**: Automatically sync applications from Git to Kubernetes -- **Application Health Monitoring**: Continuously monitor application health and sync status -- **Rollback Capabilities**: Easy rollback to previous application versions -- **Multi-Cluster Management**: Manage deployments across multiple Kubernetes clusters -- **SSO Integration**: Support for OIDC, SAML, LDAP, and other authentication providers -- **RBAC**: Fine-grained role-based access control for multi-tenancy -- **Web UI & CLI**: Both graphical and command-line interfaces for management - -## Key Features - -### GitOps Workflow -- Declarative application definitions using Kubernetes manifests, Helm charts, or Kustomize -- Git as the single source of truth for application configuration -- Automated synchronization between Git repository and cluster state - -### High Availability -- Support for Redis HA for session storage -- Multiple replicas for API server and repository server -- Horizontal pod autoscaling for handling increased load - -### Security -- TLS/HTTPS support with automated certificate management -- Integration with cert-manager for certificate provisioning -- RBAC policies for fine-grained access control -- SSO/OIDC authentication support - -### Developer Experience -- Intuitive web UI for visualizing application topology -- CLI for automation and CI/CD integration -- Real-time sync status and health monitoring -- Automated or manual sync strategies - -## Architecture - -Argo CD consists of several key components: - -- **API Server**: Exposes the API consumed by the Web UI, CLI, and CI/CD systems -- **Repository Server**: Maintains a local cache of Git repositories holding application manifests -- **Application Controller**: Monitors running applications and compares live state against desired state -- **Redis**: Provides caching and session storage (with HA support for production) -- **ApplicationSet Controller**: Automates the generation of Argo CD applications - ## Deployment Options We provide two ways to deploy Argo CD to your Kubernetes cluster: @@ -60,7 +14,7 @@ Deploy Argo CD manually using Helm with customizable values files. This approach - Custom configurations not covered by automation - Environments where Terraform is not available -**📖 [Manual Deployment Guide](../docs/manual-argocd-deployment.md)** +**[Manual Deployment Guide](../docs/manual-argocd-deployment.md)** The manual deployment uses the production-ready values file located at [`argocd/manual/argocd-prod-values.yaml`](manual/argocd-prod-values.yaml), which includes: @@ -79,7 +33,7 @@ Deploy Argo CD automatically using Terraform for infrastructure-as-code manageme - Integration with existing Terraform infrastructure - Team collaboration with version-controlled infrastructure -**📖 [Automated Deployment Guide](#)** *(Coming soon)* +**[Automated Deployment Guide](#)** *(Coming soon)* The automated deployment is located in the [`argocd/terraform/`](terraform) directory and provides: From 7b786e023a2dbd8c418b1aabf7ee75398f38d383 Mon Sep 17 00:00:00 2001 From: USHER-PB Date: Fri, 9 Jan 2026 14:02:44 +0100 Subject: [PATCH 05/11] Docs: updated documentation to meetup deployment work --- argocd/manual/argocd-prod-values.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/argocd/manual/argocd-prod-values.yaml b/argocd/manual/argocd-prod-values.yaml index 6892ef35..8a368196 100644 --- a/argocd/manual/argocd-prod-values.yaml +++ b/argocd/manual/argocd-prod-values.yaml @@ -37,8 +37,8 @@ server: # ------------------------------------- ingress: enabled: true - ingressClassName: argocd-nginx # Points to the controller we created in Phase 1 - hostname: "argocd.observe.camer.digital" # CHANGE THIS + ingressClassName: argocd-nginx # CHANGE THIS TO YOUR INGRESS CLASS NAME + hostname: "YOUR_ARGO-CD_DOMAIN" # CHANGE THIS annotations: # Standard Nginx tuning nginx.ingress.kubernetes.io/force-ssl-redirect: "true" @@ -52,7 +52,7 @@ server: tls: - secretName: argocd-tls-cert hosts: - - "argocd.observe.camer.digital" # CHANGE THIS + - "YOUR_ARGO-CD_DOMAIN" # CHANGE THIS # 3. Multi-Tenancy & RBAC # ----------------------- @@ -75,12 +75,12 @@ configs: g, ArgoCDAdmins, role:admin cm: - url: https://argocd.observe.camer.digital + url: https://YOUR_ARGO-CD_DOMAIN oidc.config: | name: Keycloak - issuer: https://keycloak.18.198.59.109.sslip.io/realms/argocd + issuer: https://keycloak.YOUR_KEYCLOAK_DOMAIN/realms/argocd clientID: argocd - clientSecret: lGH4qCY4mtEVaweAAHzktyrXTwRLHdWC # Used by the Server for Web Login + clientSecret: YOUR_KEYCLOAK_CLIENT_SECRET # Used by the Server for Web Login requestedScopes: ["openid", "profile", "email", "groups"] enablePKCEAuthentication: true # PKCE is handled automatically by the ArgoCD CLI From f5ed6bb8242acdd9cbdf6e4706b6860d2d17a17c Mon Sep 17 00:00:00 2001 From: USHER-PB Date: Fri, 9 Jan 2026 14:04:13 +0100 Subject: [PATCH 06/11] Docs: updated documentation to meetup deployment work --- docs/manual-argocd-deployment.md | 177 +++---------------------------- 1 file changed, 17 insertions(+), 160 deletions(-) diff --git a/docs/manual-argocd-deployment.md b/docs/manual-argocd-deployment.md index 296c0a38..3ed79a56 100644 --- a/docs/manual-argocd-deployment.md +++ b/docs/manual-argocd-deployment.md @@ -7,7 +7,6 @@ This guide walks you through manually deploying Argo CD to your Kubernetes clust - [Prerequisites](#prerequisites) - [Overview](#overview) - [Deployment Steps](#deployment-steps) -- [Configuration Customization](#configuration-customization) - [Verification](#verification) - [Post-Deployment](#post-deployment) - [Troubleshooting](#troubleshooting) @@ -28,9 +27,8 @@ Before deploying Argo CD, ensure you have the following: > [!IMPORTANT] > **Ingress Controller Required**: This deployment assumes you already have an Nginx Ingress Controller installed in your cluster. If you don't have one set up yet, please refer to the [Ingress Controller Setup Guide](./ingress-controller-setup.md) before proceeding. +> **Cert-Manager**: For automated TLS certificate management (recommended). If not installed, see [Cert-Manager Setup Guide](./cert-manager-setup.md). -- **Cert-Manager**: For automated TLS certificate management (recommended) - - If not installed, see [Cert-Manager Setup Guide](./cert-manager-setup.md) - **DNS Configuration**: A domain name pointing to your ingress controller's load balancer IP - **OIDC Provider** (optional): For SSO authentication (e.g., Keycloak, Okta, Google) @@ -78,99 +76,39 @@ Navigate to the observability project directory and edit the Argo CD values file cd ../argocd/manual # Edit the values file directly -nano argocd-prod-values.yaml +# (You may use any editor, e.g., nano, vi, vim) +Edit argocd-prod-values.yaml ``` ### Step 4: Configure Your Deployment -Customize the following values in `argocd-prod-values.yaml`: +Open `argocd-prod-values.yaml` and adjust the settings to match your environment. The file is already commented to guide you through the necessary changes (Ingress hostname, Cert-Manager Issuer, OIDC configuration, etc.). > [!WARNING] -> **Required Changes**: You MUST update these values before deployment, or the installation will fail or be misconfigured. +> **Required Changes**: You MUST update the values in `argocd-prod-values.yaml` (especially the hostname and issuer) before deployment, or the installation will fail or be misconfigured. -#### 4.1 Update Ingress Hostname - -```yaml -server: - ingress: - hostname: "argocd.observe.camer.digital" # CHANGE THIS to your domain - tls: - - secretName: argocd-tls-cert - hosts: - - "argocd.observe.camer.digital" # CHANGE THIS to match above -``` - -Replace `argocd.observe.camer.digital` with your actual domain name. - -#### 4.2 Update Ingress Class (if needed) - -```yaml -server: - ingress: - ingressClassName: argocd-nginx # Verify this matches your ingress controller -``` - -Ensure `argocd-nginx` matches the IngressClass name of your installed Nginx Ingress Controller. You can check available IngressClasses with: - -```bash -kubectl get ingressclass -``` - -#### 4.3 Update Cert-Manager Issuer - -```yaml -server: - ingress: - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-prod" # CHANGE THIS to your issuer name -``` - -Update `letsencrypt-prod` to match your cert-manager ClusterIssuer or Issuer name. You can list available issuers with: - -```bash -# For ClusterIssuers -kubectl get clusterissuer - -# For namespace-scoped Issuers -kubectl get issuer -n argocd -``` - -If using a namespace-scoped Issuer instead of ClusterIssuer, change the annotation to: - -```yaml -cert-manager.io/issuer: "your-issuer-name" # CHANGE THIS to your issuer name -``` - -#### 4.4 Update Argo CD URL - -```yaml -configs: - cm: - url: https://argocd.observe.camer.digital # CHANGE THIS to your domain -``` - -#### 4.5 Configure OIDC (Optional) +#### 4.1 Configure OIDC (Optional) If you're using OIDC authentication (e.g., Keycloak), you need to deploy and configure Keycloak, then integrate it with Argo CD. > [!IMPORTANT] -> **Keycloak Deployment and Configuration Required**: Before configuring Argo CD for OIDC, you must deploy and configure Keycloak with: -> - A realm (e.g., `argocd`) -> - A client (e.g., `argocd`) with appropriate redirect URIs and client secret -> - Users and groups for authentication -> -> For deployment and configuration instructions, see: [Keycloak Getting Started](https://www.keycloak.org/guides#getting-started) - Covers deployment and OIDC client setup for all platforms +> **Keycloak Setup Required**: Before proceeding, ensure Keycloak is deployed and configured. Refer to the [Keycloak Getting Started Guide](https://www.keycloak.org/guides#getting-started) for deployment instructions across all platforms. +> +> During setup, ensure the following entities are created: +> - **A Realm**: (e.g., `argocd`) +> - **An OIDC Client**: (e.g., `argocd`) with appropriate redirect URIs and a client secret. +> - **Users and Groups**: For authentication and access control. -After deploying and configuring Keycloak, update the following in the values file: +After deploying and configuring Keycloak, update your `argocd-prod-values.yaml` file with the following: ```yaml configs: cm: oidc.config: | name: Keycloak - issuer: https://keycloak.yourdomain.com/realms/argocd # CHANGE THIS TO YOUR KEYCLOAK DOMAIN ISSUER URL + issuer: https://keycloak.YOUR_KEYCLOAK_DOMAIN/realms/argocd # CHANGE THIS TO YOUR KEYCLOAK DOMAIN ISSUER URL clientID: argocd # CHANGE THIS if different - clientSecret: your-client-secret # CHANGE THIS to your Keycloak client secret + clientSecret: YOUR_KEYCLOAK_CLIENT_SECRET # CHANGE THIS to your Keycloak client secret requestedScopes: ["openid", "profile", "email", "groups"] enablePKCEAuthentication: true # In case you want to enable cli authentication ``` @@ -213,86 +151,6 @@ Wait until all pods are in `Running` state and all deployments show `READY` stat --- -## Configuration Customization - -### Resource Limits - -The reference configuration includes production-ready resource limits. Adjust these based on your cluster capacity and workload: - -```yaml -controller: - resources: - limits: - memory: "2Gi" - cpu: "1" - requests: - memory: "512Mi" - cpu: "250m" - -repoServer: - resources: - limits: - memory: "1Gi" - cpu: "500m" -``` - -### Autoscaling - -Autoscaling is enabled for `repoServer` and `server` components: - -```yaml -repoServer: - autoscaling: - enabled: true - minReplicas: 2 - maxReplicas: 5 - -server: - autoscaling: - enabled: true - minReplicas: 2 - maxReplicas: 5 -``` - -Adjust `minReplicas` and `maxReplicas` based on your expected load. - -### High Availability - -Redis HA is enabled for production resilience: - -```yaml -redis-ha: - enabled: true - exporter: - enabled: true -``` - -For development environments, you can disable Redis HA to reduce resource usage: - -```yaml -redis-ha: - enabled: false -``` - -### RBAC Policies - -Define custom RBAC policies for multi-tenancy: - -```yaml -configs: - rbac: - policy.csv: | - # Example: Grant 'dev-team' access only to 'dev-project' - p, role:dev-team, applications, *, dev-project/*, allow - g, dev-user@yourcompany.com, role:dev-team - - # Default admin policy - g, admin, role:admin - g, ArgoCDAdmins, role:admin -``` - ---- - ## Verification ### Step 1: Check Pod Status @@ -344,7 +202,7 @@ The certificate should show `Ready: True`. ### Step 4: Access Argo CD UI -Open your browser and navigate to your configured domain (e.g., `https://argocd.observe.camer.digital`). +Open your browser and navigate to your configured domain (e.g., `https://YOUR_ARGO-CD_DOMAIN`). You should see the Argo CD login page with HTTPS enabled. @@ -386,7 +244,7 @@ brew install argocd Login to Argo CD via CLI: ```bash -argocd login argocd.observe.camer.digital +argocd login YOUR_ARGO-CD_DOMAIN ``` You'll be prompted for username and password. Use: @@ -499,4 +357,3 @@ After successfully deploying Argo CD, you can: 3. **Deploy Applications**: Use Argo CD to manage your Kubernetes applications 4. **Set Up Notifications**: Configure notifications for deployment events 5. **Implement GitOps**: Adopt GitOps practices for your infrastructure - From 3cc2b7af5ed26d51ca47b9d7bd2d4af8379ed712 Mon Sep 17 00:00:00 2001 From: USHER-PB Date: Fri, 9 Jan 2026 17:37:18 +0100 Subject: [PATCH 07/11] Docs: update file --- argocd/manual/argocd-prod-values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/argocd/manual/argocd-prod-values.yaml b/argocd/manual/argocd-prod-values.yaml index 8a368196..49b8170e 100644 --- a/argocd/manual/argocd-prod-values.yaml +++ b/argocd/manual/argocd-prod-values.yaml @@ -37,7 +37,7 @@ server: # ------------------------------------- ingress: enabled: true - ingressClassName: argocd-nginx # CHANGE THIS TO YOUR INGRESS CLASS NAME + ingressClassName: nginx # CHANGE THIS TO YOUR INGRESS CLASS NAME hostname: "YOUR_ARGO-CD_DOMAIN" # CHANGE THIS annotations: # Standard Nginx tuning @@ -78,9 +78,9 @@ configs: url: https://YOUR_ARGO-CD_DOMAIN oidc.config: | name: Keycloak - issuer: https://keycloak.YOUR_KEYCLOAK_DOMAIN/realms/argocd - clientID: argocd - clientSecret: YOUR_KEYCLOAK_CLIENT_SECRET # Used by the Server for Web Login + issuer: https://YOUR_KEYCLOAK_DOMAIN/realms/YOUR_REALM + clientID: YOUR_CLIENT_ID + clientSecret: YOUR_CLIENT_SECRET requestedScopes: ["openid", "profile", "email", "groups"] enablePKCEAuthentication: true # PKCE is handled automatically by the ArgoCD CLI From d70a90e604af6cfbbeb3493de47c3ea7baf2e35c Mon Sep 17 00:00:00 2001 From: USHER-PB Date: Fri, 9 Jan 2026 17:38:11 +0100 Subject: [PATCH 08/11] Docs: fix docs based on comment --- docs/manual-argocd-deployment.md | 61 ++++++-------------------------- 1 file changed, 11 insertions(+), 50 deletions(-) diff --git a/docs/manual-argocd-deployment.md b/docs/manual-argocd-deployment.md index 3ed79a56..2498cf72 100644 --- a/docs/manual-argocd-deployment.md +++ b/docs/manual-argocd-deployment.md @@ -93,25 +93,18 @@ If you're using OIDC authentication (e.g., Keycloak), you need to deploy and con > [!IMPORTANT] > **Keycloak Setup Required**: Before proceeding, ensure Keycloak is deployed and configured. Refer to the [Keycloak Getting Started Guide](https://www.keycloak.org/guides#getting-started) for deployment instructions across all platforms. -> +> **Configure using**: [ArgoCD Keycloak Setup Guide](https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/keycloak/) > During setup, ensure the following entities are created: > - **A Realm**: (e.g., `argocd`) -> - **An OIDC Client**: (e.g., `argocd`) with appropriate redirect URIs and a client secret. +> - **An OIDC Client**: (e.g., `argocd`) with the following **Valid Redirect URIs** (Required): +> 1. `https://argocd.YOUR_DOMAIN.com/auth/callback` (For browser login) +> 2. `http://localhost:8085/auth/callback` (For CLI login) +> - **Note**: Ensure both are present in the list. > - **Users and Groups**: For authentication and access control. -After deploying and configuring Keycloak, update your `argocd-prod-values.yaml` file with the following: - -```yaml -configs: - cm: - oidc.config: | - name: Keycloak - issuer: https://keycloak.YOUR_KEYCLOAK_DOMAIN/realms/argocd # CHANGE THIS TO YOUR KEYCLOAK DOMAIN ISSUER URL - clientID: argocd # CHANGE THIS if different - clientSecret: YOUR_KEYCLOAK_CLIENT_SECRET # CHANGE THIS to your Keycloak client secret - requestedScopes: ["openid", "profile", "email", "groups"] - enablePKCEAuthentication: true # In case you want to enable cli authentication -``` +After deploying and configuring Keycloak, open your `argocd-prod-values.yaml` file and locate the `configs.cm` section. + +Update the placeholders (e.g., `YOUR_KEYCLOAK_DOMAIN`, `YOUR_CLIENT_ID`, `YOUR_CLIENT_SECRET`) with your actual Keycloak values. The file is pre-configured with the necessary structure; you simply need to fill in the blanks. **Where to find these values in Keycloak:** - **issuer**: `https:///realms/` @@ -135,24 +128,11 @@ helm install argocd argo/argo-cd \ > [!NOTE] > The version `7.7.12` is specified for consistency. You can check for the latest version with `helm search repo argo/argo-cd` and update accordingly. -### Step 6: Wait for Deployment - -Monitor the deployment progress: - -```bash -# Watch all pods in the argocd namespace -kubectl get pods -n argocd -w - -# Check deployment status -kubectl get deployments -n argocd -``` - -Wait until all pods are in `Running` state and all deployments show `READY` status. - --- ## Verification + ### Step 1: Check Pod Status Verify all Argo CD pods are running: @@ -161,19 +141,9 @@ Verify all Argo CD pods are running: kubectl get pods -n argocd ``` -Expected output should show all pods in `Running` state: +**Expected Output:** -``` -NAME READY STATUS RESTARTS AGE -argocd-application-controller-0 1/1 Running 0 5m -argocd-applicationset-controller-xxx 1/1 Running 0 5m -argocd-dex-server-xxx 1/1 Running 0 5m -argocd-notifications-controller-xxx 1/1 Running 0 5m -argocd-redis-ha-haproxy-xxx 1/1 Running 0 5m -argocd-redis-ha-server-0 2/2 Running 0 5m -argocd-repo-server-xxx 1/1 Running 0 5m -argocd-server-xxx 1/1 Running 0 5m -``` +![Argo CD Pods Verification](img/argocd-pods-verification.png) ### Step 2: Check Ingress @@ -316,15 +286,6 @@ argocd app sync guestbook - Check certificate status: `kubectl describe certificate argocd-tls-cert -n argocd` - Verify DNS is resolving correctly (Let's Encrypt requires public DNS) -### OIDC Authentication Failing - -**Issue**: Cannot login with OIDC provider. - -**Solutions**: -- Verify OIDC configuration in ConfigMap: `kubectl get configmap argocd-cm -n argocd -o yaml` -- Check client ID and secret are correct -- Verify issuer URL is accessible from the cluster -- Check Argo CD server logs: `kubectl logs -n argocd deployment/argocd-server` ### High Resource Usage From 065aff561babab97dfa8227c48a29d4e29f4beed Mon Sep 17 00:00:00 2001 From: USHER-PB Date: Fri, 9 Jan 2026 17:38:35 +0100 Subject: [PATCH 09/11] Docs: Added image for doc --- docs/img/argocd-pods-verification.png | Bin 0 -> 114146 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 docs/img/argocd-pods-verification.png diff --git a/docs/img/argocd-pods-verification.png b/docs/img/argocd-pods-verification.png new file mode 100644 index 0000000000000000000000000000000000000000..c501dfb2b625e7db7b9cff92330027c0c9dad461 GIT binary patch literal 114146 zcmafabyOVLws#UN1b5dU!QI`1ySux)H35PX2=4Cg?(Xg`jeFzH$GkT)ckWv6-tVtk z-PL{S)UH$e?4RrqIT!_&{r&LKQ9(@b zL-{!F;fD`|AH;(QBI^o?Odx26EIt=cr-9N{f6m1*W@1WB!D|PC z3ik5`=aJ8^dfaBkL%U=P9v&Qi1D?D}jm4vXkPt$D|MY&ixIsch_WxF`-{t`0zws+a zdVn6^ry85NbGn&o4T>39AQ3?CeHR_BBTR5Z4WQEN)(L-fDb{GUtn<9=jd z2>w)aTcgHB6Izr9Rr%6YP$U54{0a?gKHB!MPOatb_m+OBuaJqESFK~>eV|S=aVXC4 zt#7k{&5VMQH%;GThwvpHf7UqZAGcG7h=}T+Ik+A^L@tKJGKqc1g21O=Qpg);VrA;_ z%h{>otfy%wzWwJna#Bb%qoVbo!;+N?BQMv$iH=T7*ut%j6kP{5Lqi;i)hRJ!UMLd+ z$1RPPN4HZYT?~|%jnw%&b|)g3Jj&gH9c%CemomelLHCok=nL+oPe6rV_SlEQJE4~+%~hfyy;~+r^|8L74gD%Qf^IwxkR!N>v-Q2B5P$F%S%a0n#<61J zTMJvUOB?Dh1#q?Q?Lbe`_^95QV zT9{Ni7dx*!HmB(m2Rg@1d2?Ut<>+=nWsbVmIP_>)uzSem{dL(`LQb-ZFvTb*P3ZXDdb(nFqyhYNh=BS zHVb}-()7CR?`t<}4SobuupzJj_yJHvXlBI!SgL=m*k34!=>FeE&1wy(gc5&P2T5~F z+-zs!^Lf}Bx~$Yll}|-Vv+>>p#`hY?5saYsB<@@>vGw2TKS#r~hPza|7)&;3q6T45 zlUwcct=dM>N?@_`ZXY*G^j#Pa1I|-&8K38rLoi3O-(n3F_Ck)Giq^EC4}P7sSZdhzHs7=`$>MciH}<5zU%kdU_nY6%KiH-|5_Z z#LkLdxQ{6tM}PRo681aHYSfa@F*(!XHuW&g9tzwLcu|NXOL!BV?_8)Ud)41ANFv8Z zroGf;EvSSr6*i8&Ib)j7sI_LI7l>-q8@FNUM#DgcmQW{F4%H3Xt(c>$X50cJR2K~c zO7kae!@%!CQdc_#a(kA~^@q3>)45l{HFxYaK|yw}>r}8XO5G+(vKHLx{H|1dv}WFY zWxVbs%H#{jE5h6!{?nz1b5Kn)InN(gDLowy)JutqiP=xTWNG&rn2awC#HAp(J#v5f z8dlocWEXlo_0%H*6qzN+J{9sU+?ejAVO0EQes352v~7S0p?+$D%&pi}%lNY7!8d1t z_@aQ9gw7gEu#vvi@Gzp@-~~l)+y9;Q^bI+O)RwBcoUwg{lk5;;O)&0A4}FdjG}@Z-OL&yx zC!5ZZBf5ST+OT;7ocyo~j9{<>GoOw5YPJ3V*g69*H6G zzFy6EJzi@4T)^hd#VOq@-L=?{-3lge1SsxQ3rEJS!bU}-$@q{7h0a^g?y0+-w!Dr< z#4hqII8YBdR8$GyS%O_EiQSpWKrDbY93;ThI zXZyKA5_I)>XVTfa;wDmCyvQdMPIY*)@!sAGSG4BUX?y9ZAVh#Z|13H!oMto9+y8^j zu0`a;5K-%aW`@21bp05mlzFuYn~kmL)F@H7DJ0*P%W%f!2(BHj57{BKOZVW6pzxs} zEahe4sU6Umk1DV{yn}+Z3Nu`sT+cR@Mq@Dwo8hzQtVUxPG{j4#E$Sc*jHXGd%f53* zGc1fpD&ab#BAp#MK8KgtiW9_}daZFkmh1X$gTY{^TL-E0t(5v~ggKX}+_nX#<%>V` zie31HthYaX-)&Sarcz>q{^QaX_n87%r1Ww<($`D2Q>ldXc_r$E$kN9OchuKUKtU5+ zr_%m|o2m!sV1X^SA&R|7JD#fBtU-#i2HUEy39OR;NJqc1KWT&rpsJfUdf^Bucj#Gm zY`rwKAk<1l(T;L4{+xbfc*Ax#fKRi0uov$!2<%>rcCb#f!?Ko5YT!y*)I-!PH+RIO zGPyiCHtRKv!zyMPN!nyj^Cn0u3q|wiDA1oFBk5!EC*Y&W5_7Mh_d2re$~%G`_uiN2 ze0!8*K7zAFp^2uvz7FBs3D5=_uQHhR_FBd;V9o#dD0!CWHLn1Jln295NV$@b*P;P( zJr;F4583cZRD-3IgkHwk=cGCLo`yM_bKNUFTDOi4jLcqBcgsZCKRsf2xcm9^?dBVw zF$`}V+oqNwD@M)?hy74HElR^c!Hg4<__bIVAkExZHO=pljRUzhoK$ha;n|-lcw1UF z$>3?yjwsq5g-jc7LUZ3DJQT%Nu#a+Rmp+EHX2fo2BeHH~0<@usWFMHF?jrs> z;|C^cL;|wGD|-d`Ja6pOL&%f#=U-AJ|EL){*<|>+-iwBrdM4Vzs*?CIF^8jqfWWwT6MZXeh+C}tnu`)t}{>l=2;OGsoI zP8T^!IsB1gpDENjDaO<~=f%q|K{D;{2Q^r1L$pemiB`ud+uB%7j?+ZvY64kESL4^N zNCbP4w#JFF^z6|N0RT>0!JzeotV(E0fS1zJxe&oDUZ0&i-p?o)!BgF#kg{k`veElj>@CY zmc8N$(8_3rR*5pPT2p0NooeT}auC-w`0>V0Qs4N(-vcXIFEL6@)nxJ%#7V|1b*vo@mN@-FSGgw&H9s=KEpx; zZOph>29{DrNOi|iM9h^7F*APFX!pbw>($7F&!)T&IG1gnkve**>ZyrYEELTN8;BVT zet3JFntL+3XFkI&LaKw?JCe5V(bg3=tvi_OOY&@z0D~uxlG;YhqBpZUo5&DBI_p3I z3U?rFtE?CiuRdt{0Yt)Cr#_O_$mH*?L4UZZ=J2#UWjqYAP60CsIOg;a9?Q49`mjwK zgyx;iZ*Cqr5kkc6QZy9&yO#ZXp(n$l!y5b}4}myLQ02XwL>{IvyAJq^uin$Wa0j$2 zIb+seg~=cF$p+%bvc61@5;K3}6-*m;Xw8-zv$vhhkH(L%1$!eexa>|Lo{<~bw(`ND zYmn0=(j-*a&U&DYWvzt7-W_#1HfK}1{+cN`6Sh;K3qA(Z>}_!EC?S}{W7i*=vav?A z>wd4i&g|>AJq4sDYTHOMbDI&4UjP$xHKeaM&-PS9de$qci>ef zb40Xj9-^`GDh_CYjw5$=EN6`I&(ar*moUyZ5mi&Rcs|eGF#}PLMniEKCrF-4tz6t) z5{03kUcl5@8DY41OsftT!BEiyhU|SXG!aOUH$>;KT)HDI#7r5j&nR?E>3+EP;@6+G z6!Z-jM{C_OsqLu71uI{v*Pnf=7=r-`F>x(3GZ=dwv(s+h_SX`;C!G4OzI#_2HV83v zI@9B`t5vpdf@{9sX7P>~Imf+alN5tmhKR3Ow+GfBQ&2UKn~_QgNK~$N_!g@9BL0l^ z^pQ|;m-pVru7BGMQF8x$_wvQnh|)+}mcWwMDY!*iNqn3Y?C|!*`SzT%@7KkC>qx3U zvh@?=Bnu4Djg`6`H>rL`a=P$<0U~L<_6u}kY62hmIHB7@2e(&QccUH?WW`D6Y5B4> z3Ixrz$RvS8*DcXr!z_J5N7TQ)BP5w^n8E_+D_B3rS@leo)~(u0cFVFusbgL6BwPoM zVkzVOM*}6+d78!oz&sb3t!aKM^JKOlH$eq9n}ZinBi^HIYp3n! z3PW6?ik0+&zRPU6N_eWeQmY5*_^%GuP2kQ*)IrI;;cG0%@Jy)>c`|d6aMh=!!Cpyx zEv^ZD0@;2jt>?)-DUr%__GH?!;b^uN{EG8b!-Yj6DJ^#zBpgzXQYd;01)O0F`t66Z zuxAcuc0;hYx#%pU0FAreJRe2MxMAP*8Jtv}M?}dI?i1^z&3f_P(_gF_ixE56x+g7> zWoM4p9<1$jrXlt_Z3nId7?Izf&vHVo=9Yns)9D&P4wE68Z3f@w?GWD*!$?qG zN=42o3$1~6czIvuV@m*5UfR>vY8fjjOp;+X!BCi3WN;%OYRsk$`dKk-ML6dd;x7z& zpWu1~q>d2z_@aL&83@q~IBW5U<;TlbM$p(z{Xs9)GF;@Jl;c~I~~>wi8_ zB@mr_bSN!Z4na$pnPI~2l@BB$rOGDzZNDw@DD-cX1%E7maWCN)#Um)29-bN0<$CRe zQTHa)Vxqpx!i;J9v`;aiaD~PXKT{g;FHh?5P5MeEyVv3<7g`UdSrb=^T2e&CoZ}7T z#0Z^Zr9~q#@RBHM{%s-R5dP+5C|svpHo+!pPr9I336m~rQU>Atcrs2bB=!jch1-`1 zM0qXIE41%{#==q;5qkwI;IzJ1&arr(L>bU~H(FA%3^2M ze@>T>^bC8*M=Px7iyY+3&QKP)y*jqM?GoTIu*HCDhdv5gV!DDkc(=p(t8TAH zU>r`@TRK^3V05c@0@BU{{KglV()MD&l$OA}OU>sSy8dR!u_VVG>uUs5_vI}|2iQ1R zloU|>h~hGk{S}shVmISo+rq)mA37AcJzj@O>$rwrA>`>Y?B6zKaMe);i8pvwJ+O2` z>w!+yS70yI>@S=l^}CLS7WeT5TMHZ=`>yrWYD2aI_}S?+Kkzp^%MAewFmCZUqvr_O zy!1flBZ?}yw_@J{IQnKqCZLO$RM9v^$1X^J@pN7 zhI`CvDORF5c{4z&=ExHij!3sbnLbFhLM;x8^*|;M2}Ajz<4`y4=#Hwd+K+Xa4o$6z zMd=Rvv-&P>vW8vpDN`>&^)Jezl`oF70&1`>-;jr}WVt+~Ixwj^nL`A=Qc7hO2lx)V|}_U5&ad4q5w`Fe@80X+(c=%MwCDU0QvI z+B@-%`5}gCi@!?rEYR)qgxhF@_1D_yRF&cHVDyieDA2N#6@^;;B&6t|YW7_$QU-Mq zD7t{p6&#E=Ye=S=4Rrc)1?I02-bx?lcjZBE+~df&Pb1S;k7sUbIK1_`cA@3Y^Vm~U z9gG49dc0UIqwoiN4MPh#N=m12#;`Uyaiu!c7>Epm?ojYCNuUUGHo9H+-C1n75rAtM-0f1 z`NTK%9NyQL`5P}IscgP4PkIFOE5Se&8gXprV z9Qo;;NfpNvCAjN$3g_uyQyg_R4cUF`Tu5(+D4XA#H&kfpYrz^b!f#ZhRNM!pexYr?s6cmV6^piNDysZSI&Tho`($77W~ht) zHXlU}Xqp%9$8tY+FL5A)L#&zMKMBB9f{+#8^AQ0ZOKWHmJgl=Qc~IIV@!d3jC`G zK(5yde22BL*eul=f5uFg?ju}`jIq5b`m6rLp~|nsdODLO=@fg;z6XJ51G$%}H}cij z%YtW#pt}Jfr96*HJy&v@yXp`$K)+Hth)R(vVB2bUqR(lKJvX~@g)*Kq!{GZv)pOBT zhD72HW<-CDl_(_5fN>y4+H*+&Ubex7+VRlbUyRPVD@5`bn>_*OXt;%VV@O|ql8i`rD1i?Vrw2M zJ93&{ax%Jhd|gP@U@%{a0T)x89vCTBSi9Ib44q1@atmJ_-6bbTw|*{Ep(w|NzL;sk z1TQ=NPOv(ZkPHbbWx>$CSB2r~?cGe+)b(v#c>1`&r!uK0rn=npcGHDN76K-86q=h7 zif&LzYh!u2-RjE0XKR-^l3Ow>{?07fTZ^V8NA$T_Lee%##&&;7nY6xk=S-fD&=P=Fl_mS_HeF;YRqg<1m%J-;nC|4ofl)6l4&OK z(}cEN%3K=uQbmm`h*5>^GjPWmPBNY%1Of?QP6#O=$)zwx1?Q894l1Sj-!KXH=>^_Z zd|$(I+t>7GA<0B?TZ@C$o^V zr6wx*QqyW+s-mmdA|$@f>kAIo)|aRtv{crvJey0QlkjNQrtauf!EAU0vR7)N#}O;( z`vz5Jpnr;Zl3Wq`dWiw772qbA4{3VZ=9(;2jcjye5d@}hhJV(W|GPT4C;luf%ZV{X zwvVIJ2EijFbd4JMV7dj~9{~$o7HbH}=azvPLtrk4?bqVoSG43=1KjR*KOuBcez{g3 z-PRXzFY!r3Q%U>G9n;m0TvDx2s;;?wW1lIIgz;>9jYvj&PyXnC2jxQ%3_%1iCx$d+ zLaY1w719m6*Rgf+G5mF|8{VEFvFe2i^)9du%h8^!iJUb*@+}SAKu)BJm$xzD=@$}h zho}!pbTjcGWN{v*my}Yz1S~sqkl)Pd=aPnq_4ADQ$%57e6EA>9SkBz1^4|7`OzO3; zA3QFp^_D*u&MV|JmVu6=5kR`#C14G-uhc3a9$)JMr z_)o6nLK!8v#oNA&Dkou`Z1~yqvEnGepp?eOmjK|7fm6`82W5uppHzrb8B~QnV~+P! zbWZ8bmZY>(LVN~8_!uK$(Rc0o+iXEQpm*~C5@dDK-ry~Ubo<}OUP zXl?J~8leEluawA9O%edWm@Q+NZ)0ut2;(o&b#lyqfN z;f|88tb<{btJbl21=VUkVdP_8Cty))B6`Ys0a#ZrP=|69yxUY*5g4$tfY> zj_LOAm>b%|2Wb0KW^=vw0 zbJ2g7A#O6KH`6_wl0c#%*|AXzKrf)b`?(0UA@2HR|MO@IEn)AeE@WKVpssB$CaQC` z6!~8j`aw9q0){eXZ0^eV?(D`|8f{JlQiGz>PEMJE9l%Z?>77dP{&Jl-(hW+2E?o=R zH8pI&>%)2?4H4)WhJCc;&BJKua$nv>m|!KXaUdC`%R-j1A(coXcsj*7K<53@5|Ls^ zkf7SJD4)SF&`NP)E4e^{!IIG?F%F*wkp<5*ZO?64s;=>*8r2&^hrPT@9?}K7t!ur# zUinBLZ*9>Z2ROCY1u)$Tg}sNO?3?oY=GU*6XO5FJ_Z7o+-?_(SP`;XjPVcnx7?$RA zC?mv$&&Yx^NjG87)O=T_l!iWfvJOH`DIcmMkbKoYlTZ>$msQ%MGkE)}{CVc&b0Uqf z2=DHC-RI~g0hL(ae?{f{CwuVd);c*~^AU>D%aN{V3vG2zQWGe-Vc@lp6vRFhmF;}E zyAuF_kYDN(VV~X|YrP)fa{JIkU(MCCPYwd81)};x#^OK2lra(LZ?xB}Hs2xhgb^#9 zEyIwPc-}7@_8-B7h?M2W36OFKKNM}~dC^73cs9s|1e_{;+Ed*NJ!k$T__k%gmpzNk z4n82UpY-Tx%PP9@^!p1JqXE^lId{o^TG3{Zkyj&LZm&BIp=Gq%GY!}>0d8t9w+9RjRpR!Z#F)Bgi~EK zREyVv`c%}>K#m9b8nropZq$Fs$eRciJca;SHX1eqNp~{5-#>eS_pWkoU;3_DX*Q-x zKlQ|{e@cEw%198_&68C%XlPWZL_tZswgdrJ=Up4>Z0@u;ZywK}8I0s!KVqt1;QOln z@#~QjY8wu+#r4+i|xIJtLO|Sd#DxRZyFS_=!j=9|t;fvf(SQArM<4Sf@ z0Y0ke`kNqkuX9`fu!)=dxD}G+yhKc?0KANmj-n9H018sB+uo%*q+Ll3JJBFVJ&k{zzF2z4+4oCwBYywKu!HRH!-B^qjSiN&^~UVWV+}C< zpA*j|^0n20r5x3u-%aI`O|@XMIX-3S01g#mx zL$PNuRwZD>s}Fh*q?#HhMFH*A_ddbVKYb5}Fi8HG1}c-$rGc50Ygp&*B5K;=HJD0j zi}bs*!WNjR#sXt5)Erm0S3hh1>8pU3&db+);YA3TO&}hmyMZ8i%`?*q$)C|4Q;3NH zWO=a59ty>1Kny*fa1N+W82109FXxe!wz*`B?rf0aN03|rjb77?$2Suj1~ag{G%)a1 z(4AVTfHuT5B`ENb)>|n3*6x|)ef1wJudG){e$T}KH6NY)+*&Q4AR~~BO`0O_R zX4sZV(fBqhG36FaLa^pLScSnVhZl+t#%32_%K>^vp&VWfk_P0NSyoNFO%T=gzk)DU|+iCM~*aVvK zu-BsP3V#cbb`hRKD!1QZrU;M`CS);!w3o2_iTO>2x}2Xm?aVUKD4Rst!gP!HVJEZi6is|6qYZ&6r$f=Wto|)7&AkgXhK-ibZ#_6=mKNxlj!J7+M zfs4`J8)zh)XMT*Odqbx(wloT&vK>^ZqDTvDAel(taymfGH|9c~knJe_`t{Ldcd;U< z@sd9hcNb^6tBnOc;v3q@b8uF|d(lg5&5(-T5-2^{Dp*=(J+M8KVeb5Vg-t6N1MVcjUm-=_s(P1o zkX8m>8lJtDJ8e~zb~&7BUo-TRn$dJUlJ?nyO6N;HD_5s zm3YlisdjY24ba;AUZ;9c#JNjq%6w$VvU-Aj^d_ZYkpT2be)fJ~9)1-9|4 z{8y*Nl%l@;NR&>_ihNEhDOoWacZ+9A2{}CS32%rs29V5>vRbvFU?BMRS&ITebi&4w z%!(z9ymUwHJ_v;~PhA}Q`c$wc(D<7Y30rxuLzyLc0BT4D$6^b<|EI6P)5QQ{`%L1DG%hd?rL0BQc%zAI zv7H`Gt;Hta4-)~;_S#p=Mh1h6GWd8pj}euWhcy|{NSB6%MvW`PjoNKLxv^Scy$__?SC~l6-8Zmc!!kRG&FZ2PJyPG! zCR6asZzxoWG5SL>xSM<;HCy(Xnio8fy$~e12ssDUrC_sV*DdCTZXQ{YBG)sSsf2F? z&aS`td}tU>$MrzhL{UacbqScHHDF-cKLHMpL2-NI2SkaetZT9N-3&139!gsv7z6CM zU|k>(G2MP@PTUM>G(+(4P}wiCmR~9UZran^3#b*UGN%puBzw8oN<9{IlUvXDljx?6 z{qmb=Am!Dp;r(8bT1u+H)vDetUVA^VP|AoZG14_iXo-M^7Ao#8z7;-ctQ*bL zOGm)6SGGdUZfUj=Fo(< zwVidvx)11O8D_Y>Ag=L~Euz$pyDvST;wrJ`Vz6b=C)b7}VeEgYR&E8`PkF!e-WLt% zRNay-M{HN-QePS<xz$SX9Hy#@8i2|WDbbLE_@~chG zmGQ-}4U)SqSJ@5^Pq#0jN za0`N-^Jd#LzQF)u!vh;g+RD~KlOCMw6xRDzU@ zHHC1VBP?oob7Rv?^C(0=QzSR`8pUMbw%z4lXRn`r)g1g{83fL`G zX&i0Ft`Q_R2r@f2wHoWCiW%a_;%KX9(|`4C_i}Ybdl{z5l)GSk?6}S}U%3HM1!g}C zJ4JW0N%1SSCe@}&1b0xh?`kh0wux{Zz7xgmYC9o)nduBo!z`WV@mzBg?whOLICt4x ze5bv7+wQ#sz?55{-X*~e_!Y`~DoGG}PbE4#&RXU851cYRwiS>f}21Z_H^gI`BVBw7hbER+t{c+(aN{4#_>)7P~1FlKpZD&iit09m~B;y zEAX`(r|AKpFCgOkaYX&hAy5FV-*Kl#dpOIm^k|oHq;-RI$xy7_T|8=^tcnyns>9s0 z`MNgWpvlW<&Sxy=0s|9+5twPnB3codb_gwX^e(6X9jAXKyp&=#Urs&I1-;)OaRCjJ zOv_cXu67^hJL3{i$cxh&hvAVDO5!Xs^xsEQ4;$7zag(!+7o@WMJf43saA`WxS0oQ0UvHjTIi zN=a6haDqW$Lo&VVi+&=#QdZMDN94Fr*!L8pEA%fXcKEJEz61H-#{v`&s=p z|9JAyHtyfe`{-zEqi-~wxCpw#+HbJXQ8(7*5~q#EY*yF9vy+4{r&7LvpSTf>Q#_0< zChL|<^&1E}deG8!Z{q39Hf~B+L_FP_r=j{c69^hbY<&7i1j--uQ|@FHO_Itfv;KS+ z)1)Wxt%DBBsuojAI3?BA?FRiC7H&$BdoLpZ1(S<0-16KO<%OBy9&{gn%`FIIPuzw_ zsCpLOcRt)x;GoUL@mNDEC3a1L9=$CYHf|^n*YMbVIa&=em<*3UuAh0xw!GdA@US+i zp4*4W32nUUKS5^a=wus#=*^7Qf@e}^Y=KR9eoo;9XftKow@9!EpB98I9=@{x|>8)Ac|6NBcL}44`ErsX!LJ&S+2UhP>XL{a(_iW~o*D zj0`e{Lh9)NcdvX= zq#r@}bgt~(bOa{-9G*gdc;vRuNgk|tlaL$xOf^Vac0^uVO-Y#Ddt9*6s1WZ!y6NNn z4f`grA%ra83y*g;yu1E_8-O*4k(Yy!U~o%%WXb~5lQ*>Jk}&mlRxRjsEB&OOEsd z8A_Et>#ZN-@>LA*{wo1bc~l%DH6Ed)9j*Y=!+E5&%)o3RL`7>MiSvb zmc;}Wu*IsEfmhAv162MhAGtuIJUA_6BTYGXC_=JNiZ(?&5h$-yt&E91tRBYn4*Wc; z!YYuz9OQPOB*P7D1wuRkL16_wz`M6Ej^g@#75`&<%57!5=hg0(@gk(ES2FO9lL6PB zdakS}Hn3_gPW$}GCeI1R0QkIuLk@X0Z8IXunR+Om;v2N?(>;8`2+v$r zYJupVyQ3>WYp%kV_kqv%mQ1HZHn@ajTQ+JXLY@2xWMrqhNAP@KX)+u3wA%d2zDHg3 z1Ml22A$lX$-K>QpJUwy;g3+AGXi%#|`#7j4&ookxe6+2Y;5R)<8={YFADHes{UdP6E)b?lC6U(rDl zl)>hwX7qC&Cls7dkv`Yf3r%w&!HrQ&6_VbbtyM9u4J9^zT}l(wy+8DFit+!AY1L!{ z^^zW$8z6)!3mlft!z97pQz(6N8JMCtc~OauoPb5o?zxrY(6icAMa1%oZq&Fn#0$#x)AHOcTOZGI;8-HB3)fS5^TynC;?~J=MO;mU|Xzj*j zpvA6NS7SCh$)Z5jKKcPgw_lyleZpueOYO6EIWo^(Ja*3PE*6L0YDK$CW5FxruGx!oyRT$|8PF4~4GLD9$6wK<#WHX4zF=dxy3qrY6b4pv~sY55~*ab#%c{hCk10W$i$`A z++g^29@++_jN$W}oac4@eU00aJ$_PL76?(b^xCJd?3Ls-{FwcUt;=wPZg!5VU$n#d z8FVL&FLo3|stTwUJ2AdGOANAQQa86NIw1eP^?g zXOhNG^EU^#cdgdE)1M$k3b`r~#vINJoYETUpt28+QGZeEDPCqcc_kLoa3s`krT^1&UulD0OV*fU30fLF$w1)V_Q} z1UWTSvVj+ED;~tVSurb(o}Hrt!Wuc;&+r-=PErP1?-=jX^H1Sevlj&<)uH|jztK6U zZ48UZt#rcqQqJBy&52;fVTtl?JDUgm@_z3G#A=~c`=fyXsB=)>dfM*2)KZUj*b)27 zblh_XLRQ!@JieE4WM61Z6b0!=>(2-J(QF7NfmLh@bj6*#L9gJt;Zk-~PEvr-ld(i6 z2UriGGJDOaLLVR9TsOe-ETd4q^d+l2L_SSH@kh+68_jfAD|T?)lzBu(Yafse(&(ui`4^N^R{SgE z>XForT zfjkphcE~vzu{;+V#S|8*8rj_hT7dLQ_2NK&nGKI$5r$YR&@JR0SM->vbs=Kp>*xY0 zzmDQ|BvEPb%2BDMN|8Z(d4p#^B{(;}7A6eVgP-^He-{{Co*;G$3_Ub{M7-?+`auII zQ#Vw9DD=!AW5(w#`0^i}pNa?h`XJVrWcHRee+46Bm&>uT36HaN1JI@7n7$Dk6+)$q z7n8?i1B1+(5uQB9uE4A>|ETCQ{vZkgCyJ`o_R%p78tn7j@r*uVMRzW6RgC;@G|nUORYLg=#ZcIp zYXD}U&bzf&7R2pY7NicMthIB^8)l(vu7%sH-)oUmur_;qkyF|U$(Q7lG#dJgr{)*@ z6pG6##lhg`>R*b5f6Wj4wI02^AhoHPvfw?|9$W7n20kqSTRga-&uzGBAxEOi8XjBW z?sY{>&I(>NX$gk0T_54ivW|%6o_*MkO+StJzYM!CUGfhC&RiK}4 zZCdr^5X$}ho--ppiEl+1KWA`P1x#kG=)cJLzqoQ=x~O+PUpITfDD5AeeSiJ#Uic3_ zpP2u_@&DlS+yCceh)#_2KmFK$de}Bmpx;^fkPo{P|JSg{?rj?ID^i^GtBwfwmb611l61l=`VjV?-2Xdc-tNv&NN?E{>v+a(Up&@W zR>9O>@-L$P=<$)xM8(eFMj0-W2|F(Dm`wL%%$2d-m)!H*n7%7z>No-Pb$g^d%ZxiL z|Eb!1aM=e0e*KNf9>vijaNCF_gUXf#izNAM1U!1kgSbo5v8GVaRnQioi~!}61V5!@ z$?*!%evO^~{;7!M-5XdR@0LN(pCh9ijMtl0COT_}k z=!!Q+KeAXcI{otVZfNuM&*yFS#>bo;KLbbyL}p1vQ7u*?+x=7I+SOE05i0Dr7x?!g zV0OLy?yS&E^31q<(OOuQzeTSEv)xtLlTm;6iBwJnWS$PxB;FaAsv`7P*<8NA(rJZd z=1DUDAE{w_x}JGhvjR0jzuk$_HlixZuP|Yv@$K9^q7>RF>KxyuO)AHs?i~wa`9Pe` z(U*mP9 zQm7fN;KFduO@3T?ob^fX<*Z*`k4xkCyAU^z(`9`evPW|K>1RblhEkbJ`Q{<3_u4Gk zI;4%&GGsH`x+T)!(zP1;Dro#)^$5|QDjpY9DE@)*N(7t{TVTZoS?uJu0#muPhB7jJ z27-!^)L-_&XcCj3dvVjN6b@BQCP5FeFlR#tKQ#5sB+kCT9Ue@DeDYj9ST+obw~tfV z^CksWe83l(KZ0F8m3(Ot7zHi&t);Tqr*8h-z4diEtqTj%sB`rFWQ@FqG+Dhd$qhJY z?pR0*IZTUrPe^T;QU!>TV)9Y6=sq;J`8jym#Inq5rjcL)9CiC;CSIpCqh>5WolT?P zo-63f1m8AH6-@leTYQp*Yre`r_h#}co1AvGIDLSJi?{pgB3d@O-+5x_{n@qFU=za*SP*ydl)Z|-ACjLPo{`vX4C%HM8l6?W=@Q}vATNh3cw9iL{;HC{7t92PG&9U zHjk0~J&ZZG+L{qW&aFuGj8RX?;!Gq@V^tx4rAU(*MR8mKoVFG;K??MB56~XmhNS;d zb}^zBYL8zo{5Hw=o4+AQs%$oB%yo8H)>j?J)^88Zz}lJ%J>ylXCBGd#H)9Ci`sr6} zKf>DWT?TZw={HfScV)APX)R%W3?^oV8)aA(p$TBdMI|<-cQs_%`j(kJ*nJ0|WtFNc$_gIo<}W zt69EvK?f;Wp`dMN6WgwA!JcXV+U~p5Gl8Y+uCOxzT6}8t<8bD)sYI2=AV3?E39WmN zTCeP&&R>nmUX3bQ<#(3wx8(zwou9L7i!;9C77m*3kN+StmM;3s3xKcu?KX{cspbIb z;Q}4Q#fGrck;q3&wvx5zKX(#`WORI^r=7zrh>~G0)lNMb7SrOYjEhTmT=bx%J%c!% zt7d?C0MmAu>V~ITZZdmP1|p%kQxu?pQaor0mvuupCNh`lRjh1ADGK7lSMKTCb)}B> zr~Itp@FC(S+t%;_8W@3VQ$GzRe=mpKG4SrgF4unEw$WmX%A?T15CfG;;`Il#NmLtn z7<*J5+_9#*TJ_Os5)8}>r9593aXz_{8C~XvT*<&CWFByKs3|J!5bwdjS~5LuQ-5(= z*FgXnajC!nvAj8V4jlq~k@e*;N{)`mAJXfmbiF;K;pWpB-@gn_5lldFpckiPf zUtf>yV-hiiGg{}0V~%gEiSgS6%vFMq{8ta^ z&S7684K!*QWqAT^(?jcqC|D=pOg6SGxg&;!>-`?wT-jq^rnVJ)#kF10%gu+5e=kvM z*#~0m_1#z1fw{19EUnPK_k09Po+NCO4J0z?q3z=f#TzJBVI4`;v02(%vXjokPdWJ+ zAc9Fq8@CGw6?Q>N*N-ApvT+V zD)NY-eyP5OYR)$~S=AGF1;JTgj!5-n@?5v>39jgiu~>oTodFE!xufr`Q;&SpZ;Qx) z^+hz#yN+#$vf^)Pt^s;au5=nVT)%54m5mCzrf(YeHTVnqeGAX|5d`4 zoU5gK?j_KSQ^0eEUEOH~70Evz4%5{EIUoNQ7N(sl5DIDQd3v#&c|^w_bGCvfw2sL5 zbJ-dHru$8+uo7%&gl+br@PO{rA7r_?DEC7+Trtx#0pBpq|0C`#gX3t^ENx4+#mp>= znM!1V1r{?iGc&U-W@ct)W?9V43?*iU60P2u?%kf=-j4bH%ole=Wkh9UW<}PMbYJJ3 zbjZ#-Afv4)r}VVpeU?7RAKlPBorKFad(iR(Q-LZ({Sz){DgG*4IuIpue8CKXsWtag z7S3B!aV&|(gucmasJ^47jD9+J3ROL|6gZwiua3|r$PNGVU zto7X&#WU!#bLn;$N|M%q9djraV}lu<3Oyg}U~ z-bED{k%a1Qn$-fw3#!xqFxbWq?1E~bJ3b35=$XjC>&r%Y;umeR)A8z!<6k~A8`D_V zW4-9WzFE$}ymyV8b?CuHnrPKHafNqgAZir;Ffyz`KJ`iXXx#_62@Je(1nB?9KV-RQ zu`%e^-3c@1k)|-TOr;PvL%~o1i%V31zGClhYNx@?ZQ3DwrAXCD#Z6THN{Zprb;mwP*3);)PUu6z{xR zP^7Ci`Q|T=b8kFajQL_YzWP(aFH&5y1x2jrqkAM}Zx#drU4NRRu_5uxnB2WiCDnB8 z3x;M1vf`}UPfhx#5~4PII3#Hy&^fG9>{c=sUylK_l-6Z&sr<&rU(fqUf)K6JD!*x7 zP^?KmDR`%Rjs#Acb~XS^K79Ii2Ub2bf#t!QJq2=b)QX3=hdHu+wo&ewV!J0zA)St) zwqmUg$~u~|7TfgXXt%wcF`$z=Q_g8=O~#DhSY63$f~OI5DuRlAmS*9NV_ao#^;u;!_z%x&niM1&ZGQS&bIUXAj_} zYUe#c%L!YK+2{_p4sRq;;rCHgieqq!NH3l#)jG(Y2d&8CbAOszbI!5ItYxC$Ny zETz7TcQYhEUCDJaE^LiIgwGIQ7tha8HuzHM^il&}70l=;HlehtUo8#dhgnuu0&RIy zU^)D+XIm4o4M9MG4&gYz6% zpo1U!GyMOZ8fNWE(LyAUwbotoQB17P8(d#NXPwXIy~NW!&Tag1h*(ZvwD^Za1hch7 zl(;O^q|+0CorkA)YF~D(DCRys_D{1{tP7#cWPt;9Z%y~EOUeZ8ghA%FnJ$~mD}P4hr)m{QQ|?SK4P=$&CFl5J4quI9m7{WmFmt`F;|?H zD#*T*i})ti7#^!f4rU4|{TGVJ`VSOwr!PD>Sbp+ZA(V#SCm$VCD}?_Fbi|g~aGi#s z&nVP&q+(9u*cDr7W_(aUInf1+xP!$qW#TWtDs876=>E@KE|nZzQIF&xIg zYJe^Il=oz*spf)2qD$r3s%8CPpZw}fX5z;rN0vk9fg8`{Nc~FM;j$+ICJ-{p{+gXY zc;R?#+0#P!FgC$pB5GrZywBF@tbzVe6m4%9IKJu8bxLl!Q5K_Q6OX$fx z6OqD?Q}Hh9TeY2Gse4u?Tw%g9i!dVbu9WeLuN}o;HgEaYjZvkC{;OWbX{(~Fz~@wr z7{|0jP8VVN4yp2GMAypm2+MkWo>6O>3@Hgxzpq6zg}orj3Aj=$!u*p>!9Br~%4D8t zyNrE4^CQfX#*l%EF$#E|ksWF))OnPl$sPr`|&^Ak5nLl%GZG?vkb2zy1mg_ z;ndu)9%<-n(@&Y*MF(<5C7&mNGZVLke<BSsh3eA&+H$YeRk`lDnpPA) z8H!>?NdmK)yF%`V!)Bvk%_v*$rl<*ZYfr13Z8~gbftf`V$ibIC%xT>`sC0wL& zn|LSaj|;u^CgiRIgj9}fa=xSh|Y(gsWCU) zi{qzS`Zch+MJ92RE5j=q$k2x>w^vK9ysmqri)V9JVTRn9-22;fJ2In7N(SMBimvH9 z%PhxLJYZLzRm4+X3LXEIMsC8JBkN)k=t1ewgVetjx0T$|VXl@Zg_3?4(tUpJ0M0`e ze*{!Xz68WEC`Hg0xlTg{g!|x(rL$VOvK3(Z6=sr-3;&+`aD~Gcuef}=d)MktZ%7&@ zX$CAY8nWkwPITui&q#jYh*7Wd9KQXtVhS6;^|F*fuceo<^7(jT-_2ZUed*$Z*<*$g z%}fS%yuuJia6vC2bIt@~Zmfe$lKO8hC`v-fgZ0qvJ4?9_Q;`p!ZAnB zZ2dG!v)ho!liKiupf_1<|Hy4*SMHdP6cSlVhwF#Z@Qxmw$VCVzu`0T|LY676 zwk!dDr$;c0dab9itZ^U~ zJ$0j6GP}`j&ah|09P$B^-KvJrp1fvQSBj;N1_HYbCt^|09e}s)@)!OzTg68l$XS?= z?<4ecnxOzsYSl*XmMX6$eq(WSCJ(=IW{MZgG&j;2t&*+Wc6Luw=2oa zUL_sPwMN)>XtHyg{j6$T?pk@GGBQS3OY<#-tPINZVQ|> zjTb^g1_$*4Ip|*dYr7qdcOg5mdrf}~ljk1vS2!UzAiqz09Jd%s8Wk?Ut@8Sna&aGR zV<&8T7?dbOLC~#=PYxt=vf1( zPc$XA7){*__Tcc2xldN-!U%Y6!?R7TyEKaF;D~upn{k(y75w9!U#y&aUrZ?_Fa@tB z{T{GXSqDj~IWSvI-P4LG>7hxDCME%qwA$SZKMvfYi&)?xZVQyU*TY|^^vI~qgk?I? z<&}>XjfO&6<~TV0N*tt-6|%n=BR{{K zTa1>jQIk|w;@SZ5R!Rk@e>KHMkJBd=EEuwq6yQ0*a={v$7EQRLq-nhzYA2UR)nEYt zn|-iL%bk0`7ua++NiqHLYbbvZe71DVHmw*z=eg4OcM?5Ukc{DcjJ8y7QK3IqRq_owiX zf8gb?_o4|{8rXPe^sBD4F5Z_Y279+i7a11DOY8S>Bfjb870o%rl~M2o!JE>`xy?3b zRs*W8-l&}**$+{yO<`Iag3Z12-eeXUKXAk9J27KK)$Ux?}Tw!GJ>#Bm~Ls3D~XdW>znN@>FJI}fkqB0P9nN#e_vczHghuv56$e{ zgW+o5olzJUp@P|m)@p>&nk!}AflgI^@FP{U%`KMvlQ^OJPL!Z_sa>R!%^szm$kN2AgT0Ty7FHw5yrcpz29ZcLAP?Nbg{5bPn6!vS8KhzGOxd;`nHQ*oUPDWV`3-Pc4b2qs;=&z*EC zSPBAPFSL1f?uWaUn3$srwigpBlM)RyJAPCOoYqt-1o}RqwR_tq;riH+Pmu+am{r|l z-m7?lA%_M{JrIS4L42fw$r0O)s`Hp+KKR<9-V1oOqXhL~d9J2v8??<9Yg0)Y%Cy*h zi{0xrMsXvLOBz**Ay_B&ykPyLQsnNb#Z4HROtHp!PqF>RtlDy7eLN}?+gS2e#n9;W zVAM{hA({mjN7xGFXlC71qK|9|q5nvS*ylK;p`)J68x4o!gkb2P zOQ*foJl5j(yo6sHc;>S%;TM6hDYZOe`9O@_9tMiEn8gFy3`8n*O0mo)bo)Q(cRbJK zNiO&7M)|1R0|tFG2Ib!y(%Z8@T55Opxh+ZX_E(#O!fRc#AG`OcW9bWZu-QS1zmy7N zg}e^2{15u#TLnF@<*m^{<&qsU=v(Spk9Po$h})FWA21Yzks+pvlkmmwBF9Sf;W;nx z3>TYw1It}%yh~AZCO~pR!IS1<&EwWGchBsQkDJx?L4-j0;ac=27-b~beP2#FZANU7>ES+kGKvO9Z2scVqheb@!x`D~!L^-9msg3M=jx>$z3+cZo9we|3IPY)2W+wmje0vgb6zp)1>-j(N z?X?u#9@uHP29(RRMBn~JWix^6aAU`(tN@=@Aw>_hzv z4c?4}Suqzhm9D<$c^hdqec9G+46Bh6Ms|8fC27xU^&VbLJCOkq60e!y6mG$isrv% zq%#W%A)usoCeigaTbPrTf-u^*O7=A8zPnC0(tDNuaN3;%^Q*@Ek25z|+!}qUx({UM z%_EnKtkAx^&O6tsFFs7aB8{8Kaa54xw){*XB1>JF?rwo*ElbLos%yBdV$PVgVU{QB ztsl1CudEf}8AKN8QV`z^^?h+_oAOZgFjuA%1M4TLJbg+C5IDFVoM#UifiuGaQRHbH z8JQlmIlvxWy~4d=ZZ-yYe&^um=T1W9tfb}~QQzD&@;Wj8B1qOyVdXUvVH6m)Pc(hZ zz!F-etT91k#HqRxVI(Z8MvNPLOB6Vl)f7=9u0AJm)Rk)!WW&b_gnemwrmo^qjvWr$uC`*%hgfBwNh967B5G#S`4V;Vp#(%*Jnc%T3Y zf!i@t%LNh_UMt=YOPcRA8h%smy6d;v;>jHFP44u!slAPEptY`nWN4CFlffAq>;yh# zq;X5r60a;2o$?ts2Y)3_%V!CY(CYeWqgg4-mE(WxsnUS|i&;a@$<$==eY|q=TpVeyzJ#Mn7)CWab@4 zP}*2N>9>cksV77H@>^SrN;S^}P_ufC=hNawo7;<6pTM6O206iO>qBK{V^v<%T%R9( z2_l@TidN#7oA=2dDJ;_lh?A&5nhhH-H9iT$%Q^}_j`%4KQEK}>;AHGMOJyej@J2f^=(D`LGDAo7Q zy`I&0SHKd@K~MOjR6NiOV-v4lkw)r7(VkdWN~g26E+JZ}#xYejM%3bt#xJmfyoP5f z{Au%UXHkPnk+BR^zcV(dj3NVZa5LV{b_>&@o%z0GM zO}*7ncOX)sL?Q75FngzB2xcu5P?{S5dbu;GBwU#&MV^J`ee&IfMpxtMv^x#73On}H zsQLaC7UR#7X!k0Git1*6$s@1R`@F&^?XEGUmXsR-9Nf9 zF~8{LM!?W|+ZQfQMb14>p!6=faQJMoJ*CA1{S7c0LtwUZvrPwc;Eol7YK=m5&7rE! zwYU3hETFCsfpdQO6Y`4mWK{rsGz-@O@ekdhk5kDH56oFjm}vJ3;)!!CgnP5TKSqcl z^Fur_+_JJ`8<8QMq_#qJtnd};hj->YS6u9XOWO`*Bkm7tVoTz97^zX1y>)8jx2ggDwucF)KqM!LP(X!0gO(OiGHH-XI3!j6hQ z^bgLny^n~JB|;@~KX+AzH@}*%MYG*(@g8DE#5xi$43S$x4_R2KSDXU9j?{PLt|pKZ zTulZ&3q>K$rnxdnD|OC*30*Wc>o!r?ciV4&*8;4drM5Czok+}8Vqn&&_ElJyR<*%& zV&Bo+qzZ0X?rr9j2Jz?b98S`#;$wc8W|Vi_Q4M8Y=O3+Pv3E0(- zQbRQ6SEaZG_`?g1}R`TcA@lr@t7QfHZ)a^8^YAVZ{+vQm$IDxAT7a%slN zF^wq4!4D862oJ;TQB?`djis5z@ak7buZz)t>~Ek+gmm8*Vq&KgKk2_Qb8{wrCC?CD zBgYx_dEeN5yJ?Q8DE7*Ai}v5NGltiie0r{$rjhewBjGN7uq66{GqLw`rln4z1bIHw-TVahO z1p@%Z+?tTlBaktXmVV$m&}-Sg*B2peHkO}bU&|PoGY>1~em%MK8M)?AKGy{4=6T&v zv4aUOw5rJL%@Ctr^^S&z+~IJ=ykMp;kQ{V9!{W$5u;@N*HzbFy(cVzO(2aQ496TV9 zpXu9j@^j%?d$6s?6rm_2rCn3TH?REZ)q_G=YXLd5>cxT`#=6t6U9zK0?ff=RpSvH^R`7ECuD_~opra=rD?^=_W2mq)vAs~+QlNxN}| zO!^$!NfS#6Fbe`eXdUnkTXIvjXDk8t-O+SpuDDMr>5*R_i>)nVR?|QG)l8`lEx+7?`ktMD++%q`8-T@xkLO!tiSJ1fGzdam1bu2o9?WK_=$ z=d{&~+Xe|Wg*b%J-j^$d7z^xu{`7K)Rd{AHupYN)CU1A%2*YvEilxO$V2cRwkBV%M z#a9~l3_ab38az3tV0pRNi5T3&0xrTPW7y{SC5fSHcD*?{A6k>fyv4CHD&`QJ$FwIC z8Z5*LV616EFyYU?#u-g&k*|GfpHv^>G)`G{?#YDIE#NI|eNpnMQJzWCQTyuR=(C_? zD!=JmN4(~A8DEqZY;kQ*%$q~iwYE0pX8=}GX+SZ%GX#lG<5pI+6rQ(QL}O!>ni+d^ z0|j&E72lf_gKr+ELyd*SfQ>|5w}N6;E}Ar#Pyg$x3b)&1^m7t}Ew}w=3(T{+3+o+JiY4T}%!9Zh2O>=xmcg0Q+^d?nLh*n-i zJwSG}f{wpvgt&6tfWv0;k|2hLx0t%IYNcA;MX0l>A@xoTTLZHic;Mq*f7(oC)Gym1 zEJh58B&!qT_-MUjBl$oXnfU_GzWC}}^lY=HxUoSzWfQV^h4+alEftN_4}@m39C1!C zUZP!qMc&H9-SP}0K%;=bxu~~W*cVg#XG>f;pZPb1*JG8B07R90EVn~)BHRef3e#&n z1Jf%mBPoknnF1b+n_0ajrZ>iKN6VJjHqK3;gE@gx64ws*efY5k4Xm>v2wP{vjjhka zXas{k!BDo4k39+jpayB ziNJMzu_Asm=c7guVkYtHamxnhO;Lj^%)lR+J-@qLjg2n4t~yO=HNe`d6t1?`#zIcZ zYf0OW820DB+gIuufP+?Axu#$qFg_#j+z8K3F!&-Cw$rn#qNNQzK*D7!_DN)GhcMYU18rA(LyH&5nAj znWYwWu-stj8JtNO|x_F6h?*b+_J z&JsxE!us{*3~S7FAj9;`5u;zl? zE?Dsnc1@xuCpHyKmM>_YX$K+WMDq*ndDE`1M;e@^Ay=~pR2Gr>UEBXqt=|l}xsOP$ zS4denk#({s{k@Q8SH>Q8!#R%SV}&9tkh;~d+c{!I1r5?{-kth&wW@GiLhN@vv!3G9 zmloOz{oCC`pKV<}g9f=@2z_`qXXlY_%&ap)yP@c&t0~vsmsEzT3qW@d`nZj&KM z#VbNZ^KWy@24v;HqgF-kWu(bx4p_O;DTn>__K1m2dNL;)ds0UZiNbQA>yDb@Q`5Qs z%W_hc{^lk9c(!n1p2R7UCOfiy}AGLf7e(A&w43@hriM@Yj^c8%w3zfRb0_7_}f zM4Gizd*s&}FIAORN?ybq75pla?iZ{p=6gF0dU$id)|4X53SkBgXK$SAcwUt_$>;p6zsY8YtuNrJ0udxl-;`^HEL(0cnZ zO=e)h2)F7B@R?_RM3>x9mR#M1H{!SN&^O6{V$pU4A&1W_+>^QJVof2H4ko)Zt9_}j zzYdN!hJ;tQ>rNYImg@xps}cEsLXMKWjjHvA=!MZU z13JcG&JR5&w`OmOYv;fY?A{eR0H%7FU4X}hGGrcN8b1(5e5G!P-VPmQ4a0@))$RK3 zjUf~;*SLSuoCiTlV6F=8e~d=Y>f|8*PqXNG=iLbnpS+W0p8At6-gy`FcYG_0F~V_6 z=+I4+irb>Hmd?4Zs-K%AM04v?=ta{-Zbe3306EQA#M{!6$zx@RxZ@I9YY9s%UaO{^W2^=h-DjjjWUek2s~D57LBcJnCuZ6eXrTf%G+npQhDvldq`= z)$X{O-tDWfc3)x$q=>@zq0I9*hRaOP7e?N6XkNTORacD8>+*KSvf92A8tgO7&KQ*y z0?o0W5VT=Y6Qg5Dy+ZwLus4O_JS-_yiJUv!iFsABHJDSMq4;w4JM~cF zta+>)9W^Sd-|#05Xsl(}!|DXJU+9sJaoRmKsMW#cdUP?V#l$V+iB;rMrD3}~RUyU1 zy}y|=n<%fb@2diBXH5wNa>+BXml5Dm{gMlFqU#i0kqas=Wy-LhE%5khwgxENa3^2U zdFn**-0;uX*%U?GKRx#&{+#oXK99zuj`^ylElLc6nUE0bzU<>Fcq*bT1Pd)ALHpnq z?i0}|Ncw|rn&;P4KmkH@qQG^8=X{r>uvF`TM9?-ho}-D|ch zJ|+t{W-zoBYJ+2j$WVUn3#&J$UK_*Bcj4c9!^&{#^8u@ssaB{Fo7RVn8Cxw4Zq4ps zqwLz>2F5~RDo&4d4aV;8#hXGFaEIFA5e@|>46d$$+)NdMur@9@$8VuBz>t>&#qVLO zTbLZbAvmXB*jz{;BiDD2G(PS^sHJ}g$@yQ1xjrsr8|(P8wdr}Y#23KkJ|1*?z?G*0 zk(bh8wOBf&6eF?dq5B>Gf2Yu=_0bB|y`Q|__Bo%Ovvvm7liDXO_*)`hv9>a!?jlZA zUAedKm)o5n8D0E7yL$+zwSkb5tUJCbZ~Ff%*jfwi(3I*gW4%<7(nAUhYP6gFX8n^? ze6Evr*P+m@ihs@j1*vMsepER;3`eR&D-JrjGinvBpz{I?w7@kgcmgI!{sSXf*(h*T z(CKl-g%!5lahb!DxXfAeputYeyybbSsF&+!8do*tcI9awuU9$dgBwCEQb4$#kg-l1&H^urEUB-G#5hT3^BNIbA8E01YO@bUi^~ z$cyQuP!TAd&8!tj2$aIx-XIK>I6@sOKOZ~p)50Xal5$!gs=EZFkCPMOhlgTx zD>7UOA8(nzY#)j(^*4z({iI-_qnQc~q4421v32lNE-bkiUI;lEB@g1sT!FJeP0(9& z29zDBSLa94oWx$2`s0H=3(JD0e(sO0Pga=NUne&7Ghb3fx=7+6hTPla+KbB?uDpl- zb*}VkN6NRNI-h>x_wX}yH2L~F?!kVtot_?5ld5wz?fjg}m6Urr-hsz6g)VFk{;QD| z#FXqi%b?80&QTio?t3c)U3=?I-uXx9FV19+Yv;EG8#DPq-lSxx=sM5Pro zXZe&vIz`MKfn1jcQWCd1YdeyC>KIX4!<%NC*!9KYG%^&HmgcgBg5GeCQ6h^I4&QCj z30?OAOReY1LMbw7a`+MyMHV zmBxnISGWWXYgxZ^r0^wui_Gs>(OJ^D+Y_K9`1!$M{t{s%3x@R3Sv;k?ZNLslEg{}r ziQ}OdTv}PUN1RFLxfd|T{MZ}#Et-g!CbpXrZu1`gow+-U9XB&Qu-?{~w~ztkkm z12Jm3wlDR2{_5EWsKFY_=4T#%v}aRwXpof`1EwAaA@9#RVe@7s2EINogQglmLDzV==Z*2w1N^_!M;`fJ*q-|Lb+8$E^4e}&6h(qBkx z4Aoc%tn3NZ)iq)s_TVF{G6%zJwl#F zo%MEF(z>(_R7BBU{|yf9)#*bzp6iDq*AiveI2Z2!>!bK8h4@N~2q_!^*Dlb+mLnR4 zir0n~#!;}|cz*fH_FsN8SZOAae3OU}hcd(k=iq~=8^;u@`Hw~aTKu2t+XoOv`y!4K z_rLl4-#PtX)5mnA=%K9xG^t_Ce+i_)_&-oBB~&~q`M&_jA3&Ug=!17pQl-W+{GHJM z*Qqa*s3GI|u*zqJ>ygaMQ={^4mMLLo8d=KWvGM=8PyhLolIXHOjz6V@E^hMadaOT{ zNyC8WJ4b!Rg&%w@n&)?LfCBYB9$ys!e6emqQqzNt-Cdve0z$^v#e4g+?Q3kHr2yXt zr+bS5TWUu%Fs(Ba>>6q;B<=s}XN5pvu@K5E&GdXxIq42e%bM@)&Qb}#`*_zd85Crl zR=5=)wD@@?1?jz=FSb1f>G1_QdPw)J@k=^k4=M#+3_sn;^NRu_1^3)wseum&zBb1k z8`UuCFCVti7orkF&jYHWGec*;){(# z8iI#9{6|0>&WOdjl@zDINVtenwbhotBzz=$XuxCZ{i07k_^ zT!oiH{PeE7;Q)ca8wDu+)p#CPcKi|C=e$!KLQBb7kXIlL=o|vKhAIg3$Qire9PjYG zvm-e0-Ma^CzTX%J$`BJ|!LO}23HG+;w0<}_2Ii!~D_+^lOoALpZP#SCRfccqB^h|QAx0M{trtv3Z9Ji2r*9&yD``8kz9$hCFoBCGYr zAfAG=o@-)9IK;sxPr?-s0$F}?G)1ho6tz7}-Bml($@ylAf9A6RVO2(a3Gj_nFV17&XB8_(wr?*1%YwAh4yspvY%FKyogK$#4 zqyX&;O9k%n03-kip8WC%{%_{|)D{~@`#=^|^ z24Y%7v@)3wKJw4<nx6@{6b$uR}lsDKaPi$ z8$&{m-u zW)QUFp9Q;IvZ8B1E5#$EARFO7PtA5PDUG1_$liyVAf7u|Oo9vFZwQL>(&_4GqJm#3 zDIN{hu4^^#EckEZW>R4nO3aICK-DkvXB{hi$Lu?STE6QXgVVKAllQq4kQZ^A{ z)sm0r@H>5nJqXLri~YDHTl4>^MoXaS*jdZrYOmmlR?;}BRieXY>EU#x@iu0zv1y7_ z6q%~cXK4DBFd&Wop^jdN5Q4<}zFvu~@a`(HHWARQ&e~1fK6+wA89S&pBH+@7)#myl0 zl*aPG>l~O>{d}E7JMi3#yM!r2Z-m8qX*9jk*jJv_pPOLfYNQ-^vBIUlS@=yZgN4j* z2XtH3g8HbzF!sPeYPv#S*~uXGc{As`%6DI#j_y+sdk)~p(`a%RU!Yp`C~|P9mwWL! z&>ES@v6%^H(HePe)|Qy*FI;OJ(fjM~T7dr-x~)QGmYd@d+$qxt=nP7lKEC8zc~}y= zCY5;UVko$ZByhat!IMd@U#UD)DR{=uoR)apW>>-Ue3vG&4y`(D^!VXC=ssKd{`Tmz z$jlJhVuoyqL6^VIn|JtwKJ}5F{T_bOdVOCE<=1Y3*`YRfD>;; zr1Lo4zroo!Kw4N{DsOGgY2=+8Vp9W4rCs;8$qD%0penrPrE*=hu3BG(n)G~2zAG;U z3W6`_nKpyNbqKW)md-0OW1JXIvVUb(m&73TJ3^LBZm|buAxNd*Bz%8~pn%m|I(1g| zA_~k!)AG@gX-Wcfv}g;(4dInyM=hib0XD)r`f$cnI_s@Tk^ZzFZIt9Z406lHw+2gc zjY4+vV*_qp+6=JZ_gs|bqAs3C-ZgWl^DRbFfoj_;{vwy886@me5-vQ};~2J7H7oxI zuqvqM#L8vQyJ7^)?Z>y_;!?{PsJEepznGyt6PUKSzZSixsO8U4-zX2Y>;YTtvr1OCQK<(%k~3R#_f0=X-r|T`>Xq@I$r{M^OcRj_&rT8-7t8wjt;MQrs8O)kkF&3ur^Zkzzgf82=AKnEB@dc{SdbGjA-ai0OJj#xAjEI!=Rxe*BqZ0Ai z3(B$f<1^&jQi!9?){%}UXG<4zR2NIeGSt(97b3@AX||1vTmg?obUv&WgY5>!^_zGh zH)<}Yo(Opsgrd72b}I(vaIaxl@D^TMUqjif9lEyZ^*oOGGPGVn_CN|39X(T{5&i?t z@U{3M+b=`D<)S9wGN4PH_dq!9J5slOMmp?x^m+r3nT|e)U03u_p#XcJokhJ7miHrY zt5I`UE92sdgEgvj6yJ`(LwJu(T&+7&k{3A2H5uqy<(XbCLxvqsH8q~+M{Ad*cKY1Z z9^saB&BgBp{pNmCs$&r7UsxYDhLzUfap}hFs~m}(Z>c>hu{S-Me5CEGx=hE`c+zv~ zH90$3U0TDylhajeavZ4_--grO>ZT`X8M$wr+JwehEAy?>?(Ep}V7NBJIsI%VohimH zb1$d#-R28hc(%!UO1jtQPj3-gpC$IN|N~SF^HF<`gV%x3Dh4*{BqMjzVG9Z&LDq^ zeSZEj{2BVUBNS8&yBZHpprwKTv?Aw91x4MH1d&$@2f~#hV=}_m%}Wse;o(sZiO0x0 zMufrbB~&HZM=Y}52SHl+ZDta5UGMSZrLixf7eH=vw8s+;S2$0>Svgu0{ekCu62y|D zEFuO&XW&-0WjbKNZqGrGn>O)7x{>`ty@5)L@bI9UT{d*IbH+%u5BE@16b(tDw%7($ zVk%tfj5E-=Rm*YkLypRcZ(PlKiB2N^e0`84^wIdRPw$RZOK4`Xp+9NN0&X6_NRF<~ zm?&FRI#=~V!4GBU+Vdu!TMyRUk3%h`**EE^11K35{e+$~zT0dDi*Y4fe45KS-W3I} zUrE5GQF*kh6l2ATMT<8tjeR@w%88mfB~C|4i!E&SJ1}%9?XvJgbFw~3t4u2 zwxdr%G1(Qo8}4$V*q!Y3M1Kx+F(Vf@;%x0BxE}26w?C(}0%LvLNZT4ZkM~6B-^~Km z9*Kh*Or7q@_S&p#)a#EnBb@J@s7gHINODHi07m$OsFRxJhFRaR1@(lIHrclvji8(> zyKdI12?X*?CKPcf{B4h@mmc>+YAvVitK8bDWwgu+0HS>0xp&s`f{< zSJS7cg>FqruFp9GosNVlnb>=&4gK9sknj;MR}y~Pr%&t{5vQoZHb2|!$J)k?J`_t| zJQuTgPo#|3Pus^Tr_<<~P_gXp>v3I>m~NVlG(88P?2i3rw`PWSo@$uqzm`w13YY_GAF&PkpBLM`8#AVLo@=WDlh-y>YuXp5?b~|p z$p}T2P@}k4?hI^%nVqns`QvS!xB)t;9utA*s-5Z3v2Wmd6;P)j3stB zT$L(I7L#E4hR6CGO(1|9W$^k(mxGeU%;CkmJi`CT3>lmxe13;h4x=V0ko$dB#a8o^ zYRG`+KfSBNHCU!OdP+_Lb#I!1S2BJnb%pSgg}3@sb8-30j7jck zruAS-&j{IXT{Ovc_W-xfrG$^CKP&e0?Dx^_B~Iad&9p2bK(MtE2wzM5#-Q_in;@wT znV669R4Dx_`_$QyU^-{Hgf>SUW{uHK_cR(pZPD{CY&!)Z?--&<4NgWbG?Ez04|rM!n0Dmsz>AJWO&KZgO7>ayN@pOu-NB^ zeD}zcfv=5!L-TeGJPkKLaAjGjGCf-_9gp`6WLz}R_HQL!)b!Y<_dm=Zhzo)Zq^A&{ zHB^G=kHa9-pF%7l1{qSS>vd+SKwGbkBQr@l&qgv10c1Sf*^KU5j9^uS{ZY%ryY3)? zEw#ozGGigRS7^G_!r3r)n5?!+6*@@CVY9B-a9MC$DHN7Ng3Q^{0y$;-Ei|JQ2!b>6TBYTMU0Q-_vTHfjzo~s|+L_Rc1bu9a^+8A~!&{2E zeROreTaV4k)Z zohFKw|HIkldd;i%UsyBc`x51xbia9R1E0tBcdCo{yFGa-C|n~L08bas7U=UGMNL0Q zOW`PYc6?mY5hIbz*@mAKd`XvIWgNUi2*$8?gP(4qiNSRX%tua4bQ+&R&8^Vr&e@0V z$>@q;tH<;8D5H!2D`#osztXZY;teu79g&VU z6U#npOv)<*O=x|vcfW6GfiS*60JurjFquRc^}+;!`J z@u8w%Ni2|J-;*)rW~q6tc-G~$#9|3IS-ITqz#x@t5wGMU4ZlrouueMrJ*m{*XT%$c zo4T8Mk6r(nV2?TMFZA2A*q)05_G_}(tkLDyh@soSDA8rg>D()KbUmJ+mcQuuP|r&{Q&~| z!lJP&0h`kK{tCHX`mHxC(VH5fz05we%Jq560(p%z$=LN$N&>*`bJgs>Ik8(0Zx~#i zui-#4TVO|!3}JS;)n_nt(5kv6rsScBla z%nfcE{7%{mT2OgH4O9sXY%^QtJ(~-egPtNqwX0^sk%&RyW!1D3{ielFP*3nh>zr-t zEmaCTSdV=n9~mN^B$5{^FVzTzRim>;3~WiiZOE9C_PgEv`irqrzIPhsKr!$B&44-V zDr5K;1hK^V(Enh3R9r_X3S|P>oF=oJbz8qnDNv_2kS+Llnk3OMBhD`&l^}r z8Qw^IRd$yJb7MPum_XP)Cjx^1=8v4ReGSm2cvS+s1PP$LeUr~x8uo99^ayj~b8=Q9 zzD!Vltom4^f;&h+sy*)_@4sADvy_%YJx@RodTc9MKrGO14G9Sz@k%Pj7*fQxDKc!d z(sG-C!N8diSL#<<&Q)9XINhp;S>!ltG7T#l52ijH`+>h&6i}NMux&}6D8qH(WJ~XV zteB>1E0lJgOg*%YjiV9`Qo($%_)bu5+`WU^?F^{k5D>sGY?)M3I~8^16@tvMS4`!%K+;i+n~jSSkT{lA9*#v&p#aY30Fz{jWrYeH7tW!mv$W= z6-C_NvoL!w@7c)5!5L)yTNdUGMoWYs8|gOegec`ZUn9EQWQl5;>3^~%l#l6ueUxi` zhx8#x{13C`#UR0dWm$HUpqZywn^hEF&?0RgE0)mAtHke;k(eN!PZPx=5R@vryQi;e z>O7U{wE|?<&wz83C|Ohwj>tB!)sn+|Fn=Xa3LHq`zojk}scrD5QMm_hsh`WM(NNw~ zJSQnG3$_iH9L0IYfB)E6x3*v9jQy{`%cSj5eQ(&vqHLzzb8a&>CHl)3A@DnTTt>0> z{4AZqi_A#Ql-ZQeCYe^MEq1|yQmESGJOmzH^El&tw97Hv^^~e&D;%4X!ar6GWId&N zOQVl$p3t;>y_YSOT~rCXedgF{D^ny|A-(V2>yO&;uu0uE+hg)jhn&~k zi{O*1#wPef)-?JJ^46!imT{jEYsocK(%F#8Y)A=XTs(_8UJr&>amge3YC#YPwu(4e zSGw%x%M$t9trge25?9WYsh0o3q=u*zErum3fX#6DeG_w@sL~31O&Pov4+SLx%WtO3 zZR0}e^kYj-DzY8~#f0s80;3@V+G1{5woCOgslrgX0VM`D!93257F(X+bMOv#{Cs7n zawwb*wY6*Azz4B4h!)cPGNUE!0}_V4EFs7?L@XxrcOkc;9%FP;0}a;iSt}14oQClH zO2(^YDMEcw3))X1dYygZEfngg&!W6D?VID{sa*}|fOKNY_=S|s`I>Y<@SEfsYO5~p zvKL@%mukMz^-W8YWG;z&)|H8_%Ujv5pWdw(D-A0?zZVmb66CiHTu(p15Y01!7&GC| z2!k)`18Rijyu9b{lsC*$65mo6ayi2bw3_PCa^)LtF~|nULU?j;KwaC=T*9`AQ_?1& zd*Gi4B9c%1Z(h)qM1faNL|?)G#S2RG>DM5Fq$&8`W8TKYRARMfVaco7)selwyyd&s zZ5%s-g?MDEz~L6!WuSXJK7bqrYou0Rh93A2C1u$4Be;FY{X=Pv9#U;6Nd++~rUWZR z+$$Eu9vsCDmI~m1fI{!HG*o(oT5w$Hv9rL;=yam^uSgGU5l!%BsB)i4!}EVfYR1$) zm9|gm{4d-v<6pU98>UU8^V);g-57V--bv{8xtkS*sL`=8!8i6hn{6iOSWQAs3gZFg*XEShUJns!rm9`y+*|GD)ZlrfOxTiFv28n*qaafe zN%Y!hzuVl@%i!)9U?*z^+^SF7wkaelTR9O|MLd#xR+=SOYr`ZB!g#T}hJAMDPG~*# zb`61rWwYsXsKE_218Uzeh6T5;Wd0Z)O0k`)l~CXlb)(~cn$6$B_=+}C-hUiW-&kYB zq_d52J&Z8Q#DmOpV?ytQ#N_ss_!h6-Hm>jb_}3o1+S@P4O)e#@oBJnhDm4{U_Y;KA z_wkrCzSdu_;!oz3IXID194eAW62zn+4)*7Kuw#RDiQPJ*+t2OX*7;kWt@w$?kr8wG z9}J4|eAtVl+%6xfIO!CX2J52vu!I$trtHk6Re?%b8866{0a-vEPufYNDwF`h(L8Ao zNAu+{7amnS50+(tzNJ>DOCmEfdZk)`^kMFe!@@WlPId(#jsa_?crJYc3_TB40tY9< zQT5WjN!H?x)xh`W_@IT?U%e)ofO#wT3TKnjOPw#!GLB{hMRFp{l#8&~8qfZo%hzMoN)eQ@RH02io#jJN72z$;2o=J!*mM zONR7NkNn%5rlGXlH(!zDW^B{%per$2>bKs=>Qq&x?O%){0|MKR&k5@6f8i`64Cc!R zCXBG34&OB`>ZdNOiw-%%}SYO9gJGc zW?Li!S5itz0B8@@uBSL@xPfV9Aly*V)&Jrl#%wM)`M|~Pd;{AE1Y#pxXK9TJIM3mX zZ{{%K3%R(Sh4yTAq8N_ybkwT7U);ES^!Jl+aX5r$Q@EGY$5ac`*YSmLx%01df0VTZ z%=gz6v7Bum+xDG|cQMyYMa*8Qj1ghX@&ky>vV>o4jbgQ0 za9V_nS6FC5ehTZkV*gGDH59XR8j0{tAyOQxPqI~|rHtq@(oUu2=o{S#m0WQ(>K&`l zZ<~o&_#;_8Q#890DMllEVvO_lo(y{p^S;LEhe5(8R=CZmBTOlEBoIFdxxSJQqWIT| zvlcdR!kb)tAnC=qR(->}LZbCfXO4ob#Ek)Y(XGzj7Hr9M)o{XsmQBf5x~%E+?Za~? z?#gywW$s3g0Fk0^5-k9Rlvt0TNAbHOs-WtERRS$DtuE!cJ>PNrxnA}COEUuXUA0^F-AJV#s1dEHItmS7iNefsqL6K2U)31OS{kMiczO`t)Ew(kzfwwo3!ZRpjUO> zw*$XPwUv|mS10V+2j3@dr!cRFp&nHF!-aqM>V;kivCrHrzICok%F_(D71Lr+s9F+Z z2@o2{5EUm)OY;eoR`d5?ovz}`SR+6=q$`FPJ6t#U4tk2)R>22`B7~->c*-Wm|Bm9D zbf#O9vR}nGl?Jc<@7+5lJqG~(g37MIGw|%&$r7yHGyI*7MZ%k~z>dq5Pp403yX~=m z2q(UbxuFgDHGA6FhCY-@qdBUk5XNNoscp=;#$da(&L!WcGQe=zBo*RldjBR` zzW?Fos39r&D7~#3OgKT)VF)*#+s=&sJQW2v0dQ;qVNtev7d&<@#NDrns);hj<_U zb-%7-ehexdGLJp50&Vx8@|kRwo=JOJpXxTsu^Fvab z+gCZgTvU)i*|m};vpggD`%vseLYey6nztwyGn^_y!5)UFb-0@^N4TM)#5cNKVYE_% z-e2@qrsp=&#Guc0@>SWHXaAuEh{=6ElWa(O>047_DpH^dEL?+o<9vpbl{Z4hv!gSJ z*N~0rYpcF^%cS=bHs2b!Ub3(89Hd;CLfqh1uZ-UoNDU2bqIHVfMV#w`?H|r+7T>_wotu<`u zc@@FM-?;FP^8t>I$#PQgcBUy&EAYqz^p>A{FKbqhWviay`3++Ti$JK~+etKmGLfC{ zz-zT*sS$vV)c)wQ4ez;s=|1w!DQJOrn?jE&Y%`;b>|^6Xn~(lPgxsm?&5gK12U z0w7JqhK`=ntgn0w;c_i!Yy>ij9(Y*>nR>Ug-Z_fd_#}HZrUNElRJ!6DK)S6@Yz7Jq zO*5iU`n*YW>mcb(f|I3ELaB2c?(vcQJy^07k8u+(kLusJ-uo@iOgUIYO1Ux2Cg83Q z)RW6i#2`v({KXwh`S!Z;iG3bEvB923f{Q0}xEouakr{WFE3qP$0S3nu$)Q61XaxKo zayLgMIG|Q`wCUtKXp22~QIe$w_HJZ>#eZl%TLl2{DH!b!oW7$O8hH`=0-m}iqHB-Z z0n~pB8WRsyCh}#aVWc3F48b9CW+;Hl?qU%`F(6ebT@KhUwyALn;#bTe$PlrW7#p!H z@_*W)lMVT3NQy=cOdDFS?Pzk6hfPoG{S_wOkfRQOJWZx%1Fy#X1td6?rF~+&(LGzf z#shsZ=-a}hd(`Wt^IWgjzs7P__gISrpMQzoI2HJq@N-+C*}jFgjt)nWxNr}DFj@zo zZ0G;vdR=l(`J8>4>Oh@T4PwGLN3~LjT6*=LZr9_cQghH76um_-$fm1AKm%5g>yv|iX+ zuo+(W5bo9B^6ebrwEv~_uHid&KZ{6lh6)B?&zE^adYm^z&5@>2my`vIIeWV=^`_}0 z&viz&e3&{5q)A`ag7N;`GLVsyB~`7$nUAf!7f|835B26+)Nvwi20e1val3|ql@EcX zpn%^~)tbsa*~s$YSw4+PR2+IY_POdo28niw&FIK-)JXcKfWv}|FD}`}ggYSEwKNfp z3w>Lb=2FE~%M2){>&4T!wGbo9CI2)n486PSR=siXx#)!k>YtQp3xE3HrYKtaodxV;t?nd!s!bd>P(-25{}IdpS$^1I z5q{@fHlr!^fH-FQ7gKezbqhux5C>}}`zWV$#H<=(9@_im@~QjanE|!zMn5ouEfJ{p zA|>5pEukh{GST*x>KWsZF5khE?oqTnu*|934SXbxwCfEdy$z5qY&E`w^{q0qU{Nzd zB-2J>tze;P)C(>L_G(z{L@~RB8Ef8aCbW%*%f|+$NpdjDC}f2zkUsGac+RYwhT?SD zaGNy12B|#L8`;R8Nu3NAH11Ejzex~+unj$4kFZOPD33xOf7T7J0+^d z;(G+5@v;0qMv;`)8Ls8ShWwI>(j)zgS`j;LAt`7CIQcg-xR9ChMq=*v;oWK*?E9V` zAImMo+Fy8sWFQjjg*HFS{gp$;8*Be?Me-wfgW0<#bJGdXMX@UHN%A3#?_O2}pO;II z_1vJAf{V`G0aaLa!s?pMcL+Pm`m^8J%34W@C!76wdW-S)B9e>jOkT)6=b*#yKGhvB z==fTko{H_Cz%382U!05S(^=jzYEm!*@ePiLEa-TG3pswcM<(?VXS z=0tz-My|?rzLD!`;r~rbqP92nknLDi427CbbpC+G9su~Ekyd0-VPYd?8W*@KxZTP= zmY4z`r}0a#nBJ0tH=-?Z>8hJ`Af;t+z=|sx!44r&qZOdWqNm3xFx=9PR6PFa{56#e zG;|&WU2T3MK+5(_K;lY$I^T1G_G24-u37T#pp*N$#}8p}xnn`raAw9~A|Vbfblrp$ z*39~$Xg)dH+KZTnAX<-g0J?K&%isB%G9tgfXmsR=npt=BVHte7O;Qb%R^hgjBZp;`D78sXOF1i|x6l^I5o1LJC zr!4lNU3t>@!)cFEon92ftyP$I=V8#`>hkYv#9K%J>of~}JLjIA;5O79u_yKMD!|30 zN!Th!tLxj7{pW4ftJLfgPkT-J14_Z$pV+pZOC^i_1CaP7xb=n)A+0T2NYqcgaob9` z32uVJ7%&b5Agp_`-_^8lS#li7H|Tx92}{+F@he@C8S+HVCr>nbgbs~A$$zhZnilxW z2pNThyAACxMY;prqk%})Be$BRiqV49C)(U?2RhfLlaU9tAB3(g`(4CLR^u_zZ3$AA zyyK=oA&_C8``OIN(JB|9 zqasRYcQKNskfjZC{PVs{Vla6mCXUL9eyIbWt2s2$vzTi7t%`GE<*NAxFJkbT1aJZr z4fgOjWtz%;Wx4 zn93*N{Pd-*;2UzBqi@$}X7Y9R(6@{^e(Vsk}|Gfki`~aUoz3Ogca;aKOq- zl*>JX$EH>ujS`84Mc_8eWM6kedna=1={2xwi#U9wXwuOaXY|IatGXA>QyexWx8!1x zH!;t(e-WiBQcG%O>(b2Q3WG+d^Am&la{R;Qa?33=O3R`je}5OSj@}>e?kT=jWnqnE z+MR0&bdzL0^*gKKGAx=Ggu4BiB7Bs=!U}Nf8#g?@^ol^I6xnRQNAVy(M8!ISF`D>= zOopNB!s?4v9d=RkgCmG%NqWXJv>%62oRekWlJs@Z&w8#?t4dKzHU$cUZ3pd;F$TY_ zsk5`yr~&IfrT!6Ce$n!a!0Hw1;!2zlnS&a4&&9AMPZT`$hBDY9YVVF6X0Y&EHlN?v z+59WhUh4NYZIcoF6SAj{*BNOSqXjA9Hemsn#f{&cZ`O0A93!#I<3H({bB#F~Dr^Ds z(RTvAH(#`B;BmONmoBjS!!7rru zg^>m@bsP2Z+x$Krnpd;lM!y}c4_|%F_<7ld_PS+uq~erWtpRmLcdHvS&-*rIZ7}I* z8+`ZBE0M91W&#O`w}VLXFlR;xfs<|&v@26r%u89&kD+O%a*#QGRw=L2dJIh`IV7__ z8vQ|I?aNwUWN$yJw5yQK*IMF9_2?}F-{rI$?(x>i*_r-`;tA~(Wyopy>z4wS$Q zXRj^2kzAT-4@m`o(SDN>7>bc8e-D-NvZ#poI+BeI_91-Do|XuK6;DDkEfO<-NS4hU z4LM%oCd$xpRU8bAm9mLRPh~Cbi?xZj~b7m_|+CW78ExmvBJ#oo2yYp(UH}`E)bYE&d`uhUP(;$jFQ_3*@KrPz5Pb5{Sht1VuyO^ndC0^9sw&HuQ<(ypDN9l zL#cTLXnfNn+J7HqB5N{r1HsnNjS{T6T{O$>&ISsN0^m}_em&jw^39}#O4?nsRAOzk zo?JeYhw!4_Vg;el6_xWNd02A06=?x@B62jZEI~=Yz!p{aP4gN&)}puSthnreLb|fo z`p%TM@!SKAuGJPv!wvwv;KjcAYCTFGazijCDAYan|0wx{CvhJ$-eC468FX}gvZqM< z;u_JaW48FX-0HLxR3~p~zgs%>L3w?R*-9Nzeo@czttu5=&#?M6rH?A}srRu@kKDtR zc`sP*QML!Lbr<+vIqLPb_^zi=8p@#?*kfBX4r4&FX7mGk-|;C~j}7)h5dkhlbA5kk zEtDFo`d31Z9O`a|tpvECG)77&(>Y=a5h!+R!xx$k zdr!vQwX!TToKHeuAoVUVYyzItRiD`&p`u3EUlPfL=PAWprU_54q$6em7wQ%b#jV2Q#!D1x#2F+6HM-@ zGeJ8geF!u*Eps=2IG_RO+SuoTv@W;zYerxn^K$-CHQwe>)F zB~SA8sPXraRR7@i|4jHL(1Wa5#fq^OP>QHCt7A$TTyR{Cv0RMxodN^*n0b#h$M~AJ zn=fBpY6KlANxK`Q#M|nfyGoalT)vhE0CS&I+!|#8bLnf2$OXk^Rq_Qhe_;JTe|~%g z6Xy)p4She01V>YNtAJV^`v-uk*3B5<#nd=23}jBrSu}k#^G}!$H2*Y{7A4aGTv_wn z2R~vCZM(Q1Gv>1fR4;fj#Yc&?5=V>v!=?JiQMm*Ahn2Ts>7yNdmFT&dmndiTJqY2Y zO`tj1$`lFhwK2MCQt*P1$8}IHX9~r1I5%xW0|(KdrR?-^XnD+5HYI zP&OQ`fz#wZG#TtUco?~OI(RR4aQB}*tY*O!x#oGO`zAf|iX^FjTfl38W7h^03ICee z)Apz$vlFuto~t!BFnH>jzFM$@=V3RHe%sdfI&YmqMTL?X`ko4`b*s92T0ZetJ(A}C z)nY-4Tv>vdS^HeI8MmX?I7hz?xy?1%AiL zOHCBq=H3V1ltPG)dl);$$*(UCQ8d1vHV_Q6w#Vzt*;0QmK8+l=>l)mL4@@%_EWUVW z$ZX|n`q9={@w;t(WGj3g`<;d<%brTDiM>8YGc^d!qbjTu0fM7=QFu|kCe?8M@Q5mZ zCj#B~c~(%`F2-v6_sK-kuLR}7{xqn@bISMcFN+aXj^M!;D?v%FIRIn*GzYJ&BX&dV;9yG^h+7GmLIt;Xplod zqu6h*0dPl4T8@X8$j_6-K6VQ9Jf=x{`s75L>qajgx6~r@G-S-qfcp2>-+F^TX8Om8 zY?Z8Dt43`SS-%vY4@aCYB1n~K{K(Kks~op;RFASphO`gFS-L`rNL0)`{mgdKJd^Lv zAfWk*JKR`cz4u(Qc>=(Hk`WRdPcb2i>@*h-0)%|1B|C*3IcCnS8zgzFzvram4RH?D z1PG!~F&?BuQ8Cs@*GoD^@_~wYU>1(X;-Ot!Dk_qpv10Vpn+SVHcM5+*CC+sl9MTV2 zV*MVj01?}vXVV?DXd{Bu+IAm?ZcknwiIvM&H=cUioinl0g_d&}B%hur$pNOg;!9`U z-3F-l(NS~0Y}~DG!2wCpl)<(DaNM?RhbyIyIF2<-N4OtO`9+Zm&q==P)v2VHr}gg* z$0QFzp;VocHO*jz+dpEKv5jzMTL?Jp(3An=aA>qBjW5g2%$7sp`T6n#<+ym6Hh*lY zhv!6vNu|1Ax^=R{Zz|ZZjq8X5FF~%qW#WUJXH@t;Ypgjt7fuQohm zmC|$*^5#4}U}z%hy${b*3olS-qyw~>kT5Z*$Nr z?`54%p{Aa3D__)}8}7L`elcs7Bu3azO>YlaL6QP1@NJeF1J~|7d)7?gL~)W`S)h^Y zntA%o!E#%AhsS2{rgEnKtdM)Cc+A(a41A}pL@ zN2L9M@qcw;#2B>Z@`#Ul9vl^gmt1)Xrj*$bRkwhJ0bi!Q@Gt0HfD$ENRC%6gx2fQb z#*JLXsD;6y=FEv$Bfk)L$#v5(9)|-~*ju7!w?8gAK4A^wP*%OT@6Ny-*Etl()uIUn zq4o5rbRLV$|2{DkmyrNlRbf5OCA_RYVb9les9Xja-Je;%&Xfx}OX~FR=7<(%XcLJ% zg&qz$IRxuHoFMLJ%~kbSvGi}tNvk(5#@BqCNxmyBlC5)RkU*n**xy6HdvvCETZXvB zL`SpS3OP3B!k(|{I57Bz;ngVM9T&^78{@|)tK$KdCz^54J%A&k= zC6{H+ch%A|p8m{MWv%}?z|wRp-<5DVY+1Xn-g7@W zCx?jHmzb9t^~PYEJnx02l1;G4+8Xjj%mS{`B}ZK(w#O2eH#dH2UI(yl9@6!u0`~Eh zt9tP}Ic;Xyk&%i3q{47qu)}m`>*`Vt7b64J@bY@1ncu!IAx6679I2&4+c|E>J8>(~ zy4COo5z{L7WcI!S+jHrXi8!P8tXXb701)CWbmMvUzYxl*%kxvZ4(9b94*h06+hxqp z1Q$vfF_MB{#g^PQC(C)!+bc4(J$W<%Eu*7wEj;L&-sAYx4fp9=}b*Y~Y~MXAz6n;#tU zR};=}yrdY29es`hSBEkGkX1CJ98Y|F=NYnfm~^37kYW%2aw2U&3a$}8nN!wx@S5US zB6;=n*}zFhMJa77J!mHQ3;iH_g4UGu2ug+MjuFfQ{i3xYf^!L!%ldzy$1%@qm@fG5 z$V8w6`79lxpuY9Z&TQp@(V;2h1dLZxysqjsXGDNJ5}#~Znj4XgbA>O^4$1m-4#4e^ z_Dkoxyru?cH-e&M0=(XEBz1^2!T1_|935cjbpI(qskYC8r@w841SKQT4;hKy6gX|tG8oITV$>qH1z6bc_Jt6CjpVZ-~S8^E=qHB1I z9en7GF*++V!M(?vDEJ%!y~SgfT`h#QoLo9q^1he>)De8&JvuAuaQM{JDeR4rJDKjS zUoEhbTtoXFkFy_`@dne{XBs|-(jk%N2I*$e3CNZrF<~fcr^adYxtDstXaSQ^d8dIG zcB%d42=o-1K~;~sk1oehnnybvfubiXVevptPn!HP9>Ppx3(ipdAKPAgllcbZ%F&M* z8SS43$1NKJUq>rBr84@lX}SGh&~dbxru_WN=e8G3RjahV>ucEnW{b7QYc#USTZRyv z&WX5L9)dJwb?h5Cym`TcZXu<^i=ykkY&nNaD)!sZo5WL|*N1R0#Sg)q9-MlK1_+6- zocHd@W=)2);df7wkN_vm3Dm5<<_+&j3}lqhTPVN#<{xr5)obNeB1Z-^c~3&Jh8zA^ zHA$Jm))HC{JcfHTMsLHvS5ZC@#wGGdBBE3tNEBUK`I00e3{^>P8loPzP~V~=?_Y{7 z<=4G!b6n}IHuO!l{i{G2-EK3DhxN@9kKY6(<%F3PaUI#yw8=%Lf*_k7V*)eazXA4g zNyRZ)N#dtq#is%<5kIt~D&yr1nuPljBlAhxTqy458?WL3_`kwq*rp`Bq|aYiin_f( zonB}#lpzu<=R7|7A% z{%T$9-0t%+5;<#iL#CZ(*0uHpki*BXtmt5&K<3|ea5gO1q`uQ1JW;ho6Y zk53B{eG=T=%4s<_^0SY%lN5vx7cBrLpA@hWwwo?_P^ri;2N{SSgStL zV0nQF(PAo!(@iyf+lb?XxLb*S?lFh|?A`8xn---+yE>EAFiZ);d(c2%7swrP5W+Jy?osV=5OURQ5*{PB$parGS`Vj!bMj+hXr}b|!~Xb?z4C!QnLJx?J3EE3;QtXF>wl+{ zE$b&~9w*QjrpV%CN4`?iZObJDy;twm&!r}Kb)}3Y*KfP8A*hWL9V~yU^yriCQ~K7; zw<@JzTk8NdnDIS#={Bq04d-ZvJh0G{JA6x1TVXClD-~y}Rdm!EGRo+GA;->QqKUR_ z?T=SH4`_&8Wvi51H*KBQBkrbU)?JJDDNiKbP7Lwrl|&aQ7*_twdObxka?GWFl8pi3 zc#OAY?p@3CEn!~KuKDsR>&PvbGd{AL*d*4Bs3mi!-Pg11OI$*i>hqTr*V__!J`u{n zqRdkNp#`Wg>MLVVXv6D$dPEkq;FU_Lv!XC8vU&;*L74{{1=yB1lX!APg~3C<3iXCF zc5^iEnl^)s2kwLKx0FdC`{x3i1p>)HSXP#wpG|CmM!ZGRDr4sLQ^W(7)s^yWdwA|i zOXW936Xz4AoZs+%t!98;#J2>dZB3ff zV#MeT#()Pt%$}3&)vk-bKYd7GBTCu-!^;K6X zvc;viL;0Ng-YWWi_PB~C7yiJ63L8f)y?d^zz1mFSCq1tFqn|`wt_;q{HkwGP?#WKB z{IP)72CCW(pvzb6S@K9UI+-F%vh+zJt6czH0(HwJJL1~v#6mNUdT<+v$o~8mNl9x+ z@)(`yq_g)p$$hqpnO-{e=2E6P3+UMJ9Z04IjCMKFk2ym-)vq#>b%tdFWU&yk%@`?+zqjG)J4+{+)#<&X?(u+7I;e^E=MQa*WoP#BE}xhM930+atMwKCs8i^9Phzz+@#R3) zZpqPynr(Z^84=@Fm5IWUvM*b8tMaC8t}3SI&DFNIk|NqM?iGFfnXzRMTm+O0I$PHpTLdgjxpTB(wnARMbeE3T$#U67xmZ)EG)LaZKnCS1 z4G=%Mv-LoK{Ws%NJv(-rPww=*9ph>0u*B^wf7TU{;Wmk`Ts?{v%Kid_B>dsPwl$!FrUmExM*-$W9+>QHql`s=O1{rCCHGG2d( zaq*1`52i4ql}em9wW6r@kqgv2H-SnQ!8KQS9&V5i@7zm+Y-?jA7S@P-^7nrJ!uGP| zW*pWhhYNP(AvWaI!?+h9?Czl+E_ay!mB$Ry0+l#B)N<>rOL0Y7Q`RbCF)OE(=T`bJ-+JLI6X)?nP@hKpfa_?RF3>$6LAVr}pFjUaq~jX@9W zshLd`Qcz5)XHf)6D{0dj!nuLdPx|+;?`BU#$=bpDwxb*+q#z+f?P(H55En>wuGDES z*SHx?yP62^_nrfX;h2I!mXSPbKU(YoQEcE|0?;14gaz?1C7zsI_q02uSF(|-k}i8M zP2_r!GZ5ZXW$(7wi{gC+Q-5#4e5E%6V{L)mLXtz6?XaVUYCCXV0#Pt(-?lZuYbLb0 zHTi0LFJ`INNg6tq%q2Sz|K@B^ySjoWgpT!-TXF2l?6ZHQ(Z0N1BGH&6oNXpUur*0%+6*gF&TOjDAZsw6pM>Px`ha(2E2r zYAX{obdfq!`o!0BOBec0RNY1?q!yj(l#I^YbS$3`cbD6h7_C+nuiWd%z~XQ4-qpLY zuUF|9B<8Y8AFTi7H3^=xE`*h=#rg~@R$c7sEVZ-Be!07~(LerfT8g9N&izyc;L6#a4Z+5#YTAQYM%rf4ddy#{3q(xPx@ExgGg>l zQ@UDOuHjr|VfVIT@aj?z1MH*<_??!w{b#(SSR>$KIpkB8i$>TYOXZTG-@d@hF(NVL z;WSDr#Ahvqu+QRL{Nq2JGVMmVeSB)u;e+-`7@5TTz9k8bY6u)~5tFW-i|3Jo3SYY} zs!2ctl?P1e6@?@Z7IFm0Zsk|>n%=UBcko)PpJEU zGS702#YKd^*lv9d*E)`FH>QB){jIay)`PUZ2cEyXF-nWZ`E{(ykKyI>O=;;ZkDLoB~aC;M`|03P1;)P?0S|Jn~m7xrSm}ur>Otl zUHoD=!r3+bahLqg7$Ex`8*Vv3F=apwaCZQK+{Ue$&N!^D(etWS3H+OO$*LM@f~Ag7 zULY}`G+u3Q3GCD=ZQiWNL>9$0r7nzldqv4pW0?1UPMDv!)qPy-(2bR?Vi zuKP9AS<3pF&s>hDl`=o#6~4=7xUv;Q)Y+a#x_>2iH}WzI8Y+i(`Le{*%~grTM{%TV z+v#!>RsugPh)}6sg|yD^ZC?jWekycv5c!|L@4Cba3|MVaRIa0Eq>jV8{V++j;zda0 zwTR7(GlNl#($0A4Chgglovi-dY0evd?{zGAH`%;_t25L@Es8fBg1BYxFm;(*0o4e& z1`hVtOvuu5m&84$wXZAgc+J%exmxPiI+V2O77pP==kM05PGC5Pzl0Lkd(#F?emc8W z3b+hBq^fPXul=;gTefXDu$f-GoDFK`ScQ5+U^D=Ohm**L}so?ma2YIaMU zW@V2PdV7BBwNeA=X~0d#P!TPr}!)K0B zx{jdwVfVCQ`qwfx0b$1srCT{P#@YSZb+$%(f+QBt-~~6}HMDnuI*TO*#LCkvg< zh^YdqS$R$`yJUycB@}0RhBIs@1YJ8BkF?d6AwMmoDmHT(F0bbN+vdO_XN88)PuqF+ znT93;Y3pqxR?{L(I*nIcYFXQ;lZxPmCQ(L^7miJFZoF`)vnTFEiq3E}c;;?(S#{uN z1^VixA6ar9>N4B;U9TQf1tf@?|35(7@JjYS0pbQaPCB7w6WtV9yi9Q~@Mb->sN8N2 zr=Ew9k!k?E;%OfoWVueR)F( zb)sDHjgx{?3B-`RPLN=aL9-!OcVdXeyyRh=hR4|#kFqCmm(_h!7twQRgb$t4;`;fj zj3LK0J8r>bD^0HvMwhM$ibdhI@i@17uZI>G-c6iTTz+C6qMr+p2X?`khrgn<_V!1I zUldN5e{H_r0vDG;e~SZo&|~1~{*ljnvH2wey-sJTkf8;4&VO?A-PmLDxjXd75yw7q z#8p#Dy*Kkm81E7y@Dy7azCz2kmxINGD-t+u^6>r3(&3b)Z)3Xeqv~R`i6c#Ne3V2rjXEe-gh5pc*6vKeah$kSR(txI3Bn4TK6 zX}`5H=bZ5W7&@+k6D`Dt@lN?c@M%C>s(@lJ=5MXnU_bmHj2s2{H~jmbP}toc93yLcT6ndQ=p8@6mCc%2F+}fqUD$AD zr92a+4IL@?jIix_*F_W13WdFzXSahk*D`@#>mtyyeqN`dL3DqR4&b+mTW^+n^~w6Y zW5XO4YSRC?Vm%qY3FwbLB&R>6TQ4rh?6@XG>AB=;n zQ(R3^qOLQ{rkfCGc<*zUHDpO^I7#n2@!^b@_wJd-G^0t48+flgWH}x)h^JAb%+cTY z$?Dm^VGgllVocwsYrI@)Zg-l9CD@usVeTi*l_|yM$t^H88xWbXu2Q5&G|rxI>G

z;MMxuccvX!L|@t9#o}wCB3)D6F4Ym;>+HH*nhB4rz?)9lQ(LOCh~6q0sG*! z$7b%;>j0hacX+Y&QbGcVuv&Vi5Nd{AO0f+Cp?3S{T}>hk2y9jl$M|%`R({zzq&KC% z@zAAX()O^hN4`DWWBcjxj!wIbLc;?mPyL)iWC{6WhBVr5N7)8VRs_mB=!HAX*g0BU z!G8EE^zltDJ4nokA`Q{l?(})mF`dcfM~Ohz(NexKKrUw0Q!`Y}CajPpKWqSx+a4IU zSUu-S!^S7NK~(@JbHw+zi8{tpIhJxC8(Xgn1a%2$P6`Dfcd?Qyzd0~_Q0ITZZVw@4QC7-z;e;2^!`q=E_}9d^P8QMx ztvX9`X$Ddo{=#T;fVz!J74f+w%iC)G^}D&jsD>zeL5|A#{7lidRPa$U*^6L{Y|t zQCN-iDH!)XsmGnkUZNfS%T?qU+#xeX@45tgFkaqB^Zc)}L0e+7<@?!u^%6Lsdo`Xk zfN&MsDLi2pR6G%NKA4z{4=TV=%q9kyDcD@Q-}x{H-HCfy{_J+XiQO#{)CYgtI5j9P z;2+E`T^$;$(XPhO8@&d1#pxb!(rg?Dp>=Yub&ty5RvY7EkB-C(uIb-!Cb;?i5L-0J zKy9fwPS-@vL6c(V^+A4fVd1(_f`O;DlZ@#I-~@BI<-CCB=jJmiiBT}{o6=h%{Zj#| zwJ0)cmyZZarM2r!*YSe+cS>P!tY(6=YQC+RLJ)N;dI-gDZ(mf5?ZNcMo4Q#K#F&WL zKnXs#Qc_5&P2^TpQoD8Mi1p@(|AdCYRQ>@CAJqfMsMIa*vp$Cog6y@)4W$kVZEG?i={6$1I0He#_ zDrU^CLm4OE-`TX=qg!?8UW<{L#0d zF=&ZLu`*xMun8f1M(XgmI@^v-%)pPvh^bhufd?k^XlTQnhmvjM5vUXOFWygjj{%NA`a$8T$%iWZz|WF_y$_dQUfFmN;xTB@|~Y*I+haXRALS zh-`F~mB`gN>8HdEIU^xO<1RO4jfS%s$fuCoDD!M$kgMA5DCc6RYpDqM`r>xmDlIuk zgp4oAbyfdsm)Oiw27ULig&idXN-Bl*{==f}YwzqnG!_Qa?tB6Bn*4m=Fhe8WaL;F` zs}p#m$E*A`-^v&Z6|1$u#obUF#f$jZ^VLn7P-lTg7lPbTx$C7iE_|^TBgz)y zKFN&f|A9%^ss6y&5n! z5*_mgOWv%CLegh+p*!?@rFNJ*=~dS7p0YLjd%hl}fT{y@bg|@g)Pq@SNtuhAVlE3< z;^;vv9Tz;P_%o)R*Ca->Jw=aP{PtJ+!)o)e=k_HYNtU$fdn5JMUtg)y;Ej*Rdz_au zpg}3Cg{Mc^7c80L_jhG1Y+tVA*%{Kh_NL*AxucXcx691A9ejuhD|+s?368_pi;aG@ zr==8^6l)Wkky$vA6nAUh3QIq!tH&5hPPwgRFd%IdB+F+;94#6ST^4vZ6(C0Ib`~M2 zh(dUtM)lo^_;JDW{d#gE1{_Xhr(}m8Q8zr(6XhV029VLFx_iQq@!4SGxXK+5MBDpi zQ@Lvn<#g zcm?Y>#bd9v<4yM4?AZ!H(8iz2uBN`l!edOUiWxT^>tpub<&F0>&E;s)7>IhGGN>iO z_Fila<5r`4SuQ|lHk`9apz?_ROBr@#{4bT^5;>tA4E)rmGQ=Q%YX|7&9<4|Vv^MN_ z(@y4^c?#bJQ~ZK8o!A?1hSW1x%GY+amW-brCI_uPpDLeV?Je4WQXiRE@9rAwJ1lcMOC@ywOBnZKE6rN`V z&8Z*u{r-8}mWVl?05{U*57bJ;rlHQtD?{Az43f!6i;`gVi30tL+Fay~rrMPtBkJtlI*4mRQ#ut7I zFAJ@x*K#Sd9@nlJlK_Kb4{)DnqQ*)0k)?1Wj^foY$;!q`B5aml$^hLPS3BWM98$*l zn0T0`?3i@y9WjD(S+ zq*OZFW7q3|%I*q*> z*cfRC{Uo)<3NEoqyvElTTp>LMwdl0hH1#O`Eib3fWnnpY?btSKBl_1OCd8{~qMK>3 zlk4cbE7bJQbIkMpD(TPB70LOY@H%}RdA@1d3#lMUkZW^_PuVDZ<6XZRw&L3h>0qk*{i zDuL?E>W)&43b{9wehPh4q3*cdk{2D=axeCRi$e{#gXTafNdh_wcFwKOPuCe3W=q}` zI5yOoUx$X%Wz1%mD;WQ!i0n>c&A#hUDd0C8{`tY8Qg`K7w+Z=2p&gl|Y*PbnEHj=@ z+^gSM?wWwu;qrdVC0&DOQlgN;hl)Gs^c&x^et>z_f_@m5VxW!kLuEQJUVTA>bYM{G zzW8;sn~`@T)u*zg+pA31KPvGE`uH(lBX-;_c7wrHLkZf|@%QJEE4Ynaxos)1n{(gq zc5ITy41*_m`M)E##qKKhONMi>@!8LQEt;@fi{lCY4@F^HP&vh4qHvu%vE0Aa0{l%H zCI{aB-$=ur$Nwe`vmkbYa>d)iaSh&azXb)VwMo<|P|ePgZ&vf)*{EHpk**IE;VGFK z%O{>CmB)<#)^)D66TyDf!h_fAo;f_`Oud^hDSWadR(LE=@f=T9qmxMg$n_8rC+_Xs zvNDuY%i~0Sy>imkAgI4Zjwo_MeN==K;^EPWEqHJTOz=SKttb1m>`Z$aR{B)?{PWmd zjj;E}{vY)edyx5T3I3gSe!cPkj`1eB{U0#iuNyyH*mi1q;QCt1g~o{r%d-s_-Y`sOa32`-K!N+XQ)fm zAeuwg>04WOdVsM1qZ^#YEa5V^7EkiVbnyrI`0g*v)rTml-I<^!OG&ZlN|n!71EiFQ zs5bY$#y?s96v^P#nU*q5*HMN*hD+YWj)*vo(X_%~gbAnlyk)mD$CPn;Z9hB%wIt() z(r8WLjI09;5>mx#<16xhng}ge6ORU3BO?!E4968<1@~YbPqJYFY9^MF4I2XTtkuy1#IIV6voowxf<$O_O)wTI&M$%p8v1RVM&Z=YAtAAJ8*2h9lQ3jwb!Z(=@{u|DJY{VnSuQ;?b+{kp+;I@C zlidz2q^1G)JidDHt`9Dw-FPWUnM5a9-?rjO{Caf5j}y83G~tZxm&ESxx@{#I;(j*& z&UcCtlbd>2^}y|kyhjin- zASBj8%lbDnzc;QLES{`noL4BN_bT);t!Hu%zLiA5AZ#196aC*2(@UJmnw_IUHzea;#&RGs8>@;|<0+jjI->y&W{^@#jJs3r;ZPhiK50*1qF%h~ z^kL&WIYX0ADO@eRyrndPqqW$lj@R)#>tXgRUzXbu-JNv>;848orVrD|b#$7n{In?W z-zfQCvqYgzIe~477o1E5EvRor!I!_>e8hr^SRbTcZo^$*j)p&Nx+7cSF|AZ4*{}rR zGQVB0@M-Ktjs`BB4hY>+;}lum>c(MEt1%W|fMV-4hjzc5UM%ybeJbK@xAvd-5-57GbU(fpk>jDGi?l&EABYei-BKkFl0p0b+q~ zFY8{07q86>FXsJ3l4D+D6ThM}3(Dtv0AC*_>2+JL2;C zI-t<&p)2_0P^P-y5lPYYcD6ltu3@&Q4LCh7x3UMK6K2C#@jPr5l63~QO9$_vA*X1* zQC1vM?1R*fOz=0+*Gj)35we>5GF||x?h}Uv0_Z~x8RP6S ze?Ti7cMH;S-H)*pmq0U!QH7UFf-iT)^y~79^{@IJ?=O(gZkd~V?U-%jYJuShpRi7n zvM++~Xt+wGw#k<$4^ZfZPQ}DlqlWE(_b?!xwtHb6^O0N50|)L*ZZr>o^{kVJu7u23 zT&b7KF`sX}(NBYO=l?zU(^7GZr;3EZAT~Hu0!eKmDp&{*bAMzedW?r9G`tGl18a_R zp1GzZ7cGjq;I~`Cm}==N2n_4i;-2^T)?2mjy_W46F)OAu8E*kE6IMCl^*UeIa=+g4 zl22_M@hFu;p?WZzl6_;zH1~k7&_2*P=lo+OcPl|W(v})A=a7#}5g7I~5xjVdvjc=S zGiJuxbsccVGt>@t$X^PLw({GQyAvo=8 z(n~dZcwyWB0@7E!NIOY+uT_6R(yjxh+B|IdXqA4py^QiN(mVF~;Q_mojqVSq87fW1 z7m;O`=Bfm0K2quOwhfNg4XX1i`h*40ZGE%WvW62NC2LrjHVPzJxaBJ__eHNF*x25) zOTReB=~5Vv$HkfAdMfH0Yb4C~;gYZO=F2}@E!!6u%xTlJ$UH=olGS+a@qUOS3`z^_ z(q0T1E8FfV<#&#pbnn=5C_sCPj#JjQG-R+%-#ve=IquXO)$)b8QneMeJ3nKorxFM2 zN3|u0G=3~z7RibLEHLjqBgrJ+xmD(Lv9CK20>kOc5)19Ye01M^;-#J&YdyEVxa!EZ z$x>UYea&g;s}qFC@Y9w(7cyvGeQ@03#B#eai}%CN+IWeF4Y{kMc86c}YtQ~79P5cX zOz-1BrD&T-8}Ay4jy#o%(_V@Zle13&UPFI~z(QP1Np zm*Oz~!c{#u$ZhKH!7$Eh;NlsHX z?7KW5w&t}3Eg+2Q%hPQqv>^kmkn)BjcrI>PU9K&rYN6LuIz+T2YD>oVM&O>t$_tG(13GU@u+0G?%Q`w!7EKY*F7;C#kJ^jaE2sya#kM6LUkPnZV0_&&sa?J ztwi$C}XE0_e)^=FFkdefB>g*N<|gxK77^Y&@( zYo4E+X8d5Bm7{N5KMB5lJS6`KZzwN%C<}b~Z6Nxn2*IcoYXjIHc4@`=QWW@!e3_@NtiCnllX}SdnWGt*PoxDDJYgGzgHhl zOIICDEX)yLj{N{iB{PM8$6GW(lSqyE`V$|#RuIlqoUuSgLICCGpWXcXj~{*DzpxT6 ziJ-rI1g-DyKf1)f350jYRL_{ilK$f|e|dpNahUecLhoNZ5|0oU+1r>Q62Q&}25SQjRW@ta!s#%^%$RkTK@EwQi2*MQGgk zb3T71fp+ZClUBz%pgGHA5@?dVj)w_@eIzd%^9)Bzb5WDXp8q)f@)b-61Z26ws!jT# zOPAwsn}A1GN~vtr(8iA(U#MZpZ6rWvhXQnDu#MgKTb~KshI0+&BmBa9DpEm2R@Gyo zuGkkUDQnc)B}wP}8kA)>El1&2sAR0ZM$KTulGddXO|j3pec}?F@{J|W;ou!>V}?jn zz>bb4Z-24wftPFAk2;cKb}8$QF6yClp$N^ZHR;Fg3r9Lf6jzIRYoA7ux-MzKS~4nE z4WwsSySG=&g{sWO`ty^|#;k#wl`{p5{HPCBR92zV_w9NC#vkxCtM;mlHRTsy9ElCuN18>zrwW3x#e!jgug@8s?>wW^ z4aDFOC!2SjocYok{Lw=|$73y)J{L{DG(W8*Z&1^5$MKIZWMcNOqIXZE6%k0^%GQSl z-n9E(L3N4Y-Eg>QX0kF?g!N?%W%J+D{$SWjtF|$`>oCW0I)x-1S7vW=hh`C%e@L`+x7uaJpY$&U#rg(LSPB@`Fvl~N)4mr8!xAt(D1YyOSXX7ySOAwQyk zj^6!Tjql!Z{8hl;D4~Af=^rm9AEe?k2`tzX2P8l(+Bp+i6%r&eA8j(%e(z^}&ztrBd^`ohRK=UM>=Mwg zUDT_`8F?gHK#MAzsmqN?GQ}tzKx3TU>eM6&fNrPFIHY>BH=ae%VexI87*{tS4rcckDx?^+>%#*VK*6Nkk?{NV(&-U}Qp3*S8!h4VZS0IiGeReL zY$*G(wb_2(btob0*eVMeB1v-88eluDp00=2E5NHf#X~4nLhEI{Os0x=m3sol)Gtiz zeA_aKAZF9`1`;V?on}J2A-wrIS=(Rj`d|&Wlaw@?>c4h30BZNr*7(w0So88Cy*?8Y z#H8o~__fYT6SF_g-hsx=)%uwYBvKQmcW0&L)Te&KaqfSP`O)t~a|-DAF4xCCJT*{> zE7Y}7=<#k1Y@U|mY!4>QPKIU6E9~q$?b|M~mWl3C6;Nu{BasbI!1@fjc9jNm4wNqPbozx@6(Jz+aR%8WZ}Ul_2hn66u$Gc+%+dYWyynh`Q16Wk zE93Aze??TY&ln{h1@yp6CO-| zK^_&^OP;ThsthfDL{AFL#OuMXsnl(FKZ9c1&fx}PbGsL@(X;JW1%6tj5ym{493>XD zv)zJUqQqBio?V1qY}NMeL{PS5rHIq+$ki~|Hfo|0A+d0$YB4a`NnLZFb%B79lI#Vf z6V!p!PE?nvo?B|9A~6+*D0TnW+2tFHPJezQeu#FM%!}s&#Odu!Yz*g2cF)8^9|pAN z4e_Z36RR&j;Q{W=q$@3E!THA$MO>m}#_BK_E| znd{Hdo$mmDoym%zvq^2cmGB0{76Cu2+FA^xR@$Uo%;pE)eU^HU2gvoG=fCR9l9sri07q`8q3t zeXL}31jj-Rk-nlvP(G?zWEs&R&Pj;o<%MbJ^1JPAN-z;CFjK ztix+d-jW;K=ewK|G4i#ozEb!MD(eWHYdQI>4WaL=XpK4}9&VA|-%diq1aBxcCgThh z+}s}?SS6KUX+qp*$_BuAI&cOz_iN~iM`m5rIPeMR3>MaWwA*hHCw1F;tL?#b^+1B{ zcoqZ1z(TJE*1``SfIl=e=g2AM6I!vMc(y|Wry=3u1LcsK9|dd=cg_+|OwP|)9>y}U zGGw1>)nMkag^>IhqYiVEu;9owrp&?tvn3|_NFVXa>m40km?YZ%Rg&Z7D&%CCNL=?? zcN^Tip8aa~T~6IJpONI#3x7PGP2j$GB)F2#o=$KTd{gpX}Aj3tZkRY>#YSnxri{lSYC&OLSF7@VzgBTImhybFoN& zjsyu=1}KPGjTsVZW09+dBty^Eq(~Ih{Vv8p$6aMXiwo6JVcj4+yt~==_^Xpxu+wEX zHQdNt;cW_^I z3Aa|lnOCnp7kelMuiNDY4$uttP?|N(^REm3idhZg{Jbms^$Ep$ml`rSYA3>o8Jl$z zE;}Yuf_|1rJB<#M#ca-~ArD7ZwULrat@dWVk%H}IWLCfuu+NZo?l|3{BdroW!5=bv z8brUoQodz+A{Rd%STeHJX2ZLlEuCBEgLQAHCX}#elj1oP(erlK{G_`{JD?6}-7~ny zPR2seJ-K2jZsR7-p+hKJSSKvxOIWWXTij-Hh}Dt>1d&yn+Mm=l6;XNmBm?-@-QKQR zo|7E|tIiKaj|^WrjbGI$E8t2gn9U)mJ+qCz$=F5vUgY*9G+FK0uw=33W~18f_SM3! zbVj0Wixw{rnFA>Ii)faEOP<>)_&PtW7wSeLYx&<&V-y|1p`%%HhV^&5aBlC7JXtcQ zF5jUUb>a@bb)qh4-WnuaqkgKZw99RHTQPFkgh}d_5WvVE|om>l~P~H*$*~M{inEzZbhR z+cIZfJd%OW*&D^1QtOWR~6LonV`+_vQGlv!1W- z*<7rvF9a@{Xl*Zm6DZwxQZ_*i&yxO>@xdcb$*w$=QdKKgP$JXGl$;K$H~_SB!Xm=` zu6r)SR`)^1Fj%#JUyQ&&z(rMst6Sl>kP8(kJr#qz+s9#i;OF+WnMryiA2V;FL`lB3 zUGl;c+?dWD!k)x>J*2ohZp{0lJa8iUl>!o;ay<`s{h6iUPZ{-8%+_UlGL}Y)<4^&C z5&HlY-jD9OJQ491Ij@Uz0o>p!Pdt976lFN7@Re=1h4|th@L0%c)dkYL=^G5jf}4yJspN!;68KC;IZ-r;!&51H3HQ2_W}RWfVQSt>|$s+;SBT=_obaX{0w zhXF3Q$qHu8qjxzum&bPfSCU!!bNE!q-iF$e00&xw z$;@FzdbgkuP7#LjvvQN^44aIWhwl{migPEd2^}_h>eJ1rQnDS8-OfF`^WO8Iq-Tu` z|3We}DwVA8jU~gyb}&)d$vnMukTQF0F9^7VcTc;-OIH-IKJ+=19iqR>IG;;^jy*cX z^eEoEMtx&LzNyU^e-xnxlYk1l@a5T{BU?BdNEYtuJUOcWwO&q6^c9HqSOX0lz}m*< zSPF?Z_oYtl6?!!BVPu}j6N7`C?l`d0Z3pB1^yvmo?!o6$WFRK`x93aE0U~MuOx@iW z4}To_dd0;`xsM}-M=R)$64#){btZWF_)bigBRgeElsq-)KB@_32MC1abdNJl*L)p7 zqW+v{mO5IGqf@bg+x_zhL8TSzCE2D?+q6;O&B~-<*}K$0!u^gPVKSDo;+O}9)V}iW z$cw;&O=p+hq;iUCZT?1vs`jyN3?o;lph^Q6&FXv->S@|<0Qu(8-7iCVjT-U@MCZ*s zBjLigxQB2zUQ6kSz70>*N>!)k;>AFT#UewVJmi2RzNuDPQnJoUZ3oM)U#HNI7N`Lu zSL+(~&R8lpMq7MObK0#wxI>A35qcjD1vQqVe!t)D$GcT|#2e=+=N3%@diglmv?lb> zov-Cil{5|Inb&AlLKZ#&rWdB;YX7*gtr;LU)`96Tb(CeaOjKmoYGSSo*yb9Qjy6TC zJID29^wbhH;OI0pJ$2C;xBd93pT~npu`|yh&76_`e6ja)_=)WDpjYahjvt$@OluyF z*V6hcj!{{Z;YLK9bLd*&Y$_iI-0N+7osGpMYBWfWJr8ZuV|=)PgYj6t>kA`l6GFS~~jOXB|11ff!x4H34iW(rmb?e;1_3@d2|9WgFJa%wj-oW=+WM8Xq z>(S7p##N2{z1HR%5xf~I81iKygUvwSEGh%ue5Ao>!+rmyPx2IYUpbuxMX*rjhBGf4aMd<20cL3Y^v4AoyrWd!Fyk9Jk@bLoxRdwn_=3SkPK47 z@DF|vbat8CYq!ZWL&bnsMn52K3Okx$PWL6AK_GRdZGU}Sy;p@S!20z9Yb2jC?b(a4 zrWak%aJ?63;vBCE%ASrceh~X+f1zE8dmYp2(B$>WcPXLTjS<8$JxT4pDtwBof?EMU zH`c!7f{i24yOoccoKHjnQp_kM>|`5wxR8uZ{I0tiEk!Z zY|$7Q@(ttJI6Ut928_x1S+K@!$2IzwI$1`kmt?>9vi(~vz%Ym$Sk7wLvPUHfMnG_| zA}kn~$TP?qm5D3#;Y{k8DsBr9JyYHEosA1U)x&H##$l6*DsUGP;06IHxOrUFnXldL zY+cQNoM(N7p8Z{f6jjD!xDlI`NPgVNVQ@!9HI2<3WV)wydxu_?Wo!0gmi5(D3AJd| zdU>%g`op+tp@`oIlk<}YNhW=((W051|C9XS5Z zTAyaot#I_=PjoY`9<{}QQ@KHb=I?irA}1en{)g(MQL6;BGmN1$iK@$2N22$-w1L)^ z#}q99efoKy55Vx!yQo|pkWK_C`Z8LG{DUQZ7kq{wkaEb5KmPVl$Z`dJI_fHj$fXeC>k?_-l`?3pUeSbvizn7V$n=4)> zHCO))bz;M6gsdfi3K38Qvj?v}V&fO@Hvi&k!aY2h)Fa0T7`#@@f7d^HZ}9i9djC2p z4qz%~$R7{Jhx2B{;oc7oT!o*dgq*JG{%$mC?%9KyT#09e-xfrn zu!f~_a%UlfPBms;%Mfa67R)?%4$@)0ejeBekdi{tkk7p`5$L%)aHPId@e$sWz^1UQ?ga-V4=N=%)?l+U-nzE^VQgHqApp)TzKr^LHb(~567_T*B2c!jtub_wT_Jv)| zI^Ws`cV72QSkx_;(V`VLy1(uT54W71RNv-b&*wTHfKpS0uxSJMMQ7YGY}~eW(5~h7 z4Mz!gBtKdp^q@hQ*Bj!Jz5)GoHy+Coh?X!= zt;Xe+aXA!)*shAqn?;9nJ|d&3Cx?__)_V7n=8e%j*TG9R0K2lwWE5* zf`XJ^zQ)Lu%~+>^;tlw>47h{zws9tA#xKJ&q(8N9zo0e$2q3q;{HmG#(l4oWu&LX4 z67BK8cCPjcy|g2_X_QN&)tt=#<}0NeQFwD{H&P&b*e=5o1?wdLbJCIF$8jdZ66(mx zd`OGqGv_%Rtb941wt7v7RgKq}^W9_)U9T)%-;*^Fvnl?jMz-_);*d=evC5Hb1agR_dxKE;&GUgYAY| z?}~Kg-uJiE){`(J!sl&S2@^oN$lgj@TT+N_OHw}Ilh!33u_*|bC!Y)estHdut32LI zADcy)u9KwKxU(F&i#Cs&vbhs}b?k#bX=R#)-|By{8yEwpgqRIWTAUgQ0^Vjhy&Rwu z@TmOU$m3%BvsT7c#wbIGOvL1t4}!&UuR>iAZF zeSYb#Ad#Wc!S6dI(nqSL&9irWa{R3U;k?%z^HvevBCcqpak<4i(qk+2 z*MpZSUNDw6z{htBuV%faxXO4h`KM$9XSdaE{;T$k@+vgq2tyE!zS}>~#O9&v*B@h3 zxXtcKpsM`j@CrfxMz&()@s!lqqlFm6KK|Xt37TbF3W>jF(Bzo#~j$kmYqcT zP4{g#`xujRiyz_q_h^mR4LX)uUHZ*i zu>m)TYu`uEBaAG6ZH-6xH9I}2xsKhLEhph}>E_d{P#z%B`@{dxY$F8_ zkt}OKD*zaGQ&#WnqSq;g_UFeL!+pCFb#T?0EWy0ClOpFkpcm~{97<`<$4=U9d2si- z4(1u-QEOmA*fx)`jWMLr?E67i?F~L@N%LHv z{uh(isJA~0<{`Ni#0hBiNeIu4pd4&_E zNS2>e!)2N{D`<6H9aL*NTQkSxVN0B2@y_=9u0R(h1{K&FdDw!M;+i1?Do;;Uc}Bei zZu^J%Qh}yTz!JicMi$%L?PJpS z{Yboe`y@ zSsmEpea<9CDUp#Z*_j&olMNXZL`6E^*g?QfF!V?(n#kG6g>CM%XT%xNv#v|Q;!85> zlje@|ox*h?2TO;Io+V^J|F;sCM_q%U--!8VQA;kLvQma1D}Y08}Z51X7=t zB?Vai>_Nr+4Ix`4#Y~z-k=Ui{Hzl#)xBOeN^LK`i8Z5V!WSo`p4n)v9nje>mAXO61 zcE%A2R1@e`kc3Up(m&kOI}k)s zUp`aoU}*gBh!wO(6S%)^;oq0OKt}m#DF3=+rK@yBNpO85y0(4JNsZzd=_d(_N4~na zdQ+l}3E8Kyox%MFWcvrdPRahx#|(f`;x5#=*s)NvBD0Pfaj40g=kK+=S;G4szbxB^ z8)bAJFosds&Md9n^q2UkeGi@^3h9gK~MD59KD-1z$};m@EGdj1c(jql2c zPF{AV5XwZgf|^FUv3H`$FSYF#sb}9oU`-j$AEpk}vCP6T?ESQLU{o3rof486za|~8kRmP80{L%!I1as`n$>dQ~@D$e+G?Iz>K9{TnFjE5~DSO}@ z{rZ*Y0UG!^ig2c^mvg5j6x#$sp@Srai)WKbfTP%;f5K~)4ijI#w8w&f{Sir?!%!0N zOkY>rYJmsn%n};S*HJZqWd)u9#>`Nqz3Lg`O ziaSxzx*AzH+1VKxiy5{7sbDu&D$#kS9ts_veNnxu8mt2`v_;vd{M`jZllv3v)mEwz zBPx4;GH5>syuw(5f)|fzl=G-tkMm_ z8>*nyI_E7GM|&#)z=J2x?dc5RrN}C`9@_7rS|w*CS#YK@lcLHD6*@S`N|XO|Qw6j` zGJ;-S)d^M59w&l;B>2@&GkE!G_s#AX2oSg`I|)u)jbSj!YCjZqO`Y-A69*R1DSmm6 z-G0*2V6~;wn*6#I^4-r^o~?55*q zM~q^2m0PgDlcPSBMX^ZTcb3?qr@53??DswH12rqIBE7PA>g|*8FM<})MtvA-1g`>C zMcM8+_sBTx1J6AyV?L`hv*(~zrn^BlLxG_C`oaNK9>j(>G}}gK3d}-yz1xXD4jPq& z2^y6LG;W!&;SM$)e{)UH*?)1Q^rZz&CUqzFLuGQTHbOJsiGK2^PU}n`7WKBU>E!ce z52;OHc8b2=^Mum!b}i+`MlZnQ1vO|z$o4gr&3*9{;cp!;$V~rC(3BFuKIc*L{{J$v zhz44=%F$r1#8(qGfk~oxvE5?TTT)Df4bs*HBvqRR<1#izikXhjJ4FcDLKNZ2O8ZN$|ChRvM{bmCZTt^^2389d-G+dtCuxAolL~C#FV3k6eraot1ye=!k z@5^}(1pXMSkbi;2qR1J`F#ktbOss1J1s=P_gi9uBvf4x!>p5C`e;Ck)MxzzpB)(9m zM?!~=#eQLYxxywAG-+@-;?&0SoItvC>PkJqEL2%h#DN9s5b1c|FLSPGhd^`RyzSPLVmMaQWj#~WM>y6p zNnyC7l@9Y!xyMxMhZA?1LuF`1hbtqP^_N^>I6*LmUuJ=c8 zpJe=1$S%(RAa5|TDss(+GnqCu3EkvqxD0WsCl-GBWls8Yk}&Cz1}LWhsp#MzFpWxp zr%P}RRV^~qspe)AKMd1aB@!Bg<;XA4BsCXklDdiAZ1V@0x2qrPr!xAUFV?tc@1D~= z21Y&Mx%!Pvf1c0ZKH_|Y)SGhJ7b>l?H`V{m3Z#lCpoENCl_vM@fCgh-Tl%%!nsq>r z|G2x7_KoUKG^%PlvW}UTp+`6DV%DmA4)*K;8RYA6rN=p&UBLN3Em<4gDozvGMM~?t zOiQ+G7Tpi)KNZ%0)d8yHf}SaKSJ;;9DvT-7ccd!+9dr|yOT)y)EXZj7?GR)A09ZuX zP@0_g-4`w9yuELzCqbC*77M_ry7?Kd7M+x9%WoyX4{C+Mdw%;NwHGvTt}sW?S(haO zZ`~C-MIL5~bv^x`q8oU#zehKG;gfP@SjxpylldV+$N?|wtLAz6z&8F_N^PJ)8=n4X z=oC1B;(sGIEdPCSGb=4qx;WCeC7Q`112EhT4J)hXw8E%?IFiYfK9_P6@~zqTE-I7` zReoneWcBv#*&y@RO{(L3$6@NNgf!69j!a{EJW_^{vlh)p-^Fh2g({QkxH)Z$sbc@e zm@*AtFeZoc(EOQ#^6m9w(jCVzQF@EEJfi0eNIrCe2`HC3hS4vGi{UCs|j7f+wba@j^5)KcX=N-21)<; z8(IA`oGL9${6Ae*=`R+U(F+q#4%my(7h4yNA`uMbRcteycb z7T-v|QzQdNHR@*8J#C;o9WzY)_Y5RY=wCCCe2W>RfFqWtf}<%lId8MS&1^g&6vodfZ|b5wx-iv>z=Qnr5|~B*rp>-{ET(ux(3CG z&eh=fcmjlUU0N{{f9&JYQi!933$ldjsAP^aMSr8g9jTIs^?K_ z;q2JphVX9ZMtVg!vN_om>VSWAr%uOyp@aH3l2COZqu?4-|ARbrM@OcItz5Me_0>|~ zDp4@~cV;9tAJpI;b#vK0YcHsa;}a9PHrZRHk4bfCyQv9-r@Szah$9D)8VaTMQ1t)Wq0^ZQ)et zAlqV1+Eibx|No)xEu-VwvZTRhTav}hEQ^^Xi^-BKW@ct)wwRfjnVFfHnU!K@hDpDw z>Z-1;>h76utywd_@<-;nbk5y*PQ;D~5)13=)8O!7Nl#IKa~L(SEGOU$)A|MGFbRu!FwRVgEu8gL>WkC zl-`F=CT?-{JRTThx4x`%B79IPa5Uv))#J~Qtj}t}M6YB(`{3*+b@u+FkBfSGB5_J^ z54_e9|8UIf(B5u^S0D2Cu8i#S-;_yui1dtF|D;UXGFWrZ`A0=i%!6Iaexl6YP=&i} z3oi)}$lPrHyt>YH#J&HWo-${ZYZV*7o4j_!J^Nt@DR3FgtK#Dg&4uhydl2 z?n47ypZp9;5J;ai^%hoS6PKh;jowb1LmTl z%WDPq9IYYmWEVH?-2i=k-SJW?!g=odne7lVa4!=D1)c|7Ny!uu%SnFx+PExmE(>!T zArEKBcL1YD!=FCZ4QULfpfh0%pZ6A2R;~PcQZX=QO*y&*X!U~LgQL~e-1=n6qYzW+ zgLD4AX){A$$w{>G5mF$w>rw&$pZ<#+q4+QRa6=V1KnyV*b5J`UPZ7yW+B!rl_IRh) z`c5|^b?Z)D1FgwHVY39&`R8PSEVS&qzl}H!g?RA}JN)8Bd9l7uK(!|mEgsMQcKE3I z)uHfECHopl$?z0>sH4Z>*@n+bd}!9g>2FuWp0xrHw^gE+bYv9J6NkJ9W73Yd5$xWB zMmDtS1mX?KC+ef*#&68VM;re8<7PJ|$v(eR^qM`R3Eu&iupQW~!dl)o%p5Hd);$HD zpdl#ISI662mKj_F&(V6zMJI&oKp|>%t=IoUxy)B98J!JRGT*PPS+>9&7tCVkn;pFK zwD)+N+BcPky?}^G*dRwpb|C2il`X~=2X2E}(TM&vKA&UDNgq1iF`}nJg%&Cf_A^n{t1XhXK>Eg(krt zbija?HzbA7C-*jo_f=8lHWB|9u%!q-=x15zk*fcq8Tll#MM#9-za^}ER5SEDEJ5A4wZgdcVEy2%T9PzOT;wQaw6-)=3@MV)2EQ+t{s~ocBcpYPG)reh&;2lTR zt-4_;BUg!3cvt5+COMd$dTe%Jb31G8XA1abd`ew{!B0`Jzqii?h|=0C#!TL&*fJA# z1Is7SD{k0?$CH}@PQ!n&*J+Mxk(=^qT#wHA7)b8B#@hsgXNkcuhC!pWy*#jaeYhm# znhAhIF7=*yF%FhhG#kEs=U0MbWNGgZ6i_d`D|~7+7=CyKBVDBGveE@v)Y31*Nmdg= zl$M#QLGlo;2b5wOkmo%ImbQB7PY?0lYlyW8OE75&J>PE*i-iDvvcdTLRm#EUn40@O z95nz21%r9WzR3~axxk>usaJNyi_ zpu$nJYi@W^G14;g?nHGYXLJwiUJ3$OGbU%%H`>R(nB+pkBKc90xGXsP<}{>l zFVfcsT=HEQf=yK_u!W@T2|gVou)ebAtx%z+P$HL@&he+C zS44Pwq}WbBz1qZbB9Ri@w$eD{X!xSYJVvkBzW?;bq0ZqDL^nxp-irMoQ$nVH^rKP+ z=c&LE0y=YZTfGl6L0rB6%I(6d>HiI&wHp3^2ekGn{ZBw^u1XWOPa1G5t>EzoK`Xn> zd_6+$B9FvwF*lI79O!(4eV$L5Fd3)u538jN`4Kx&ggsxrV`ePBZr=&c=JYH9t z)Q_PWILY()d80F1Jk72sYU46+?l12Gz_BCqNx;IZVOK&Dm(8(PD+rfm9Mf+`^Xqd3 zfg9DPn#U|8qg582fezz4SFr!2KBBw@6X|u=0WMs}4FCyUm8%+ZV=ug;VoO#gs5o?O%5>9?ocY zx$PQc4}g8C>&C8wYxE4Kj|d2a%0H&X{WD?X> z*gGPXm|rg+O|b*@5=~^{3r{Mn**VpF%9>xATu<;a+MNS+wm-LZ*au)q=^E;Vl?T?+ zm3?t>1Vuu$ja#L?C714x;0Bo5^>J5R$wgJZOQZTZ@m9Ow@(~oe=qiRQ5YrKts0{ zbdqOCc?CB*yDQSNd4|!X%3#)PN>ke&Gj_8FO@K(&z32;e9;=RD&q#>nOO~!0}-%DS_yuZ&^N`4R$)NwNS zIdXXsy#Msx-%QkL%_W8HjWD)U7?*DK5sx8}6QNI%w7oV0{^MkY|C(;h1$wk0k6Jv} zJ{cmcSOKxk6eiuCBl09?W1Vx7XpNla8v(_EZDglbk);rE36FXqdOHfL)|jn zE+uEGKr8s^jSP3wEjZerJW&0Z-chft2LWB5Qq;chqwebmY@N0@ZAh5kZr-;kb zh$|R#=@&w_6yiADey+}tWLwB1U`m(x0ca=+0ES6XISur`q%B}gAPeGLavTg}Ibj8q zyCY|2D$*B8XJ-n-`F|s!*k}(YVLu*!VNCDY!x2e2l3k^Lb$GQE`kA%U)?sIb080`65?pSZM{}j!6Wa+@D!kkVNJ0|H?hX_{QaNWb)CN*a1kpHeXPM1f!4~$+C_ctNtcpf+DuRp&-&-F!@SHSA3(Xe2fu7K!pL#*(Zpa6?UajSXcMWbP7 z(LbgQu8f?|9jN>HS`G|wV-5^;l}NJppco*;q&GhD)nAp}IVS&iE#|gC+{}rVn_#xY zS38Nnilh}C2_L=Qo_5#GHi(kR6b_GW&a2=e#uILoK-XVqjZ>KVve?5ti`naNm%h?OuNJuG!nSZL`H5i1$ z(j}#zh4+P=H5BLM`qV2kj^4m2qLl^JhvzrZ`C99(jeQFz%(WTB!pDbaIZk#i3*RDuBgzos;J_@WKL#E49iv ztArP>S>jgU$Z+QZrg*#7JK2GCru4|2#*9QJ4!I6Tu?eMORu!=mdtt+KVk=VImbNVOm12$;9kwsct4)6b_2-y87 z*2JJP$XCa3XKq8WlvM<)7n7+^AYi}FTO#Ic?cJ-bKAKz>fk&ySVHxA%3LDIQu6}%| z%VA;LJorGg10Yn+Q)kLTM`+(Q447N)^B!)pt%(;HbSYW1Y9CDFF}9O=nzLoJkJN?? zd$B!JR>#T|b`YgZOj`z63H#&8vQat_iv_90D6kQ~fYexyh`D1y16X4*%#*bIp2ELY z-#H?-wpEvMqY;4dtgt8|i^D(ef*U6}R}u8U`l4OssY}E-pL5&zi(T!5(&Aq17SeJp zCAwa!3(1r&o2ONdueJCtr8HQHs8`BzbV|XhJbyM~XCx~O)BA&RfJfi-#^y(12W7U1 z+=s^F0(g#aYt)?BI)fHIVfBYXHA9k2TRye#)S9DJqdz4b2uFYA3fZb;}ylr=2L# zihgg-nQ$M?DPqHvs0%;-49(Tx<4DSBeTtLZ5>IrK%tz>YzVB*=(nWjGXl=>K?IcCowbxUM6L!aUEUtfX9u7&)$ww>6VRC| zr06I2i?P$V?}j9YLML@x==E^vTUU&LB6j0p-z%Y2>*?un&e|00hg`19?wXIy_Axe5 z+yXg1Bd@K8OJF2PEO2B>iNW{^tRjFW<8hf6BQ$nAt{OQ0XIY1hXd}DP8V=Lo^hGrE z(VFn^Ao7T0>OQsx4l+b|u|HFu7_!cG@K-W1ddWJGUhU3sC*}5$4El}RO~0P2ax1G@ zjjT-;r*0PFrj*e{k<0tyHP*K#~nx55Dh@OZ*M zPapmqfeH~Ru`+wNASnRBj{;8W>G8xVVg+!rfHH)-osL#nBISye5X|1YPO)DW{$WK+aiHYZ|cugN`7x}QU8amZuJzH8T_wW-_S^`Nom|@>N$K@x8zR%?^yvbg;|$8+ zZKYQ|*hSRGk$yzp8>;l)hFWE?ScALVFpRqyeHLf}m15^d+FvToVu=_1a()fQmfsq= z6H(hdWBkuY{&h!|Aw( zG`jjV(?*8etICL#kReLhb~93e{2lW!fi|#1@p`<54`$iwLUd_Q>Gfff`kV{lLRlo6 zYzF+Z&o7YA%jQV&@rOfovphNU1vr+aav8QG1e0kK_@ZPp!l^`~t3M159g@3Ox@4)W zHX>n^Vpoh@h$-FS#IugKiK)Oje~#&~36`ks9Di_;mdgzY$i8S5AI(IKI${$r^ArPG zUPG04a&L0)L8p!_G2M@<6Z(6Zm$^JK z%^cUa{51_yTAJvaUd;Gcm#c4`bAH67NFF<16aI)E6pXWOm_&Z(h?d}<1 zv^Y>7aV@~sqRx}ciFb#-RR2!S2|q_#E<4Z71=i!(6t`PUhulqNEb&yOTzeT%+8y2I zrvubix3AXnF3grYnJs&EX) zCuGiVr=J?7KDsNK-^+rUviF%sWH~^Yfx|yi9)X9*CKjP4`)Low;);X88&d{Qb@C*J zTH5NO$12Pz%EPif!%HYI_|3XvO@rT z@{tW6$}VIYy0|-RIgKxDfHp2yR0bhzbRDa3L`OAYFX^hDY$Fx>bs}dg+UWR=7b5pS zZ25u0CSr=qOCjc)y{U2ymT*yQ=A4bjyN5`M(Ej&vbn&lpgdv=*!^8DZ$pD=0d8S0! zeXS$EJt_#}1VHLG;o*UHPa;ZaPEaJ_exKEk$1xoT`P0>0otT+o#tbUut0)pMo zO0}P5#bALUY}vb5I!Y;=^miS8Uutp%OqW8Di=|N0=bJRdXI*vD z<6rofCh$XF>B$5dWz0Gl-N(w40y)DMc{^R@sJPUPUDpFU7IfB7TUWWmR|rMP!GFIB z_|jPrL!u6b1I0FN7|XB^Q+>kO{aW3G_yZ20wEI1P$zWdYAU;qOH`kloR0su1WMMVj z$=u&CF>zczw^~zNi@~*B50yK@->#0E^)o}r12n$*KBeJ;je*T>fbK&@850R;N$mc@5EO6-;sX{1zgoe z-pHOt7P#9|-$FxPy`Jl7dg9(`ITQTTwIC~h2GxWfxus6F>GmCLmq@PTde1Edrx-2N zNc2?uQpFh5(^`)<{cx>1WGd~X3Ubq-66xy#zo_M9U-ZNKuczn!{Mmn1g1}r*#Rv1= z2ta*heJKndQxWP3u35?mb1V_r*SX9NT!6%o2oz|=-sfsm9c{#w7}UEwT{uh#2GmU1Q5)gy-tBe? zf969L06u!|KR#hRmk%N}4S+p;c01*o%xW2&&hGEQaZZHmYPeB-AC`qGiQW8aec_Qh zRTQkJ{|D?H%+z#3^yQ}9``ZhZ@M0i5a#du~$3|oK+TO$VAVM?c!OL@efedAuA$0dn z>j<)ot8eTH>NYD|%*o_NB51VK2EtU=)JQ7Zr}^athEn>glP}6)9O&zFZ0j!@& zElfmi?an76Tg`p?`al!6dLStk`12f!D@o~6u)~Mf`&*VmD{F_^S6P8lx(Bp}F-_=W z;L>xJk({mhORul)uqaeX{AS@#)mjKbDVhS!C0-J+!Cwiu23QT*iG^R{@0+Ksx+)^` zJl>}OL9b8+Wl8je4`AA!tZ`4=ZcS<}pb@cddQEm9Z(wKJ*@v_@wBOlO78v@R$B5Pf zS#$GFeL_ItK@|ooj8tCQp`BL7+T#L9x0$8R*LHMJeRn52a7Kd7Qa;dhFJn=BO@BPK z6QSr{wrjgbCJ)_;N}qPVaEh<5r!g@$47|Z=YK46h9dqmuUin7Jm!*vub;R87@PK`6 zex-ZCI(z6`=hUDpT?nx6@r72N>q^elV-VwWxOpKertIJP)}gtCVf2Aj?4#TWuxFv7 zm9hqGl(mvHOnNpgQ55ZB@&~O77_#8<_oe^XBNgau1&X%9mb6WKYieEETaSBPUf5J- ziU7YZS_s^2j5xZ@5UbJ^Q!NTq%AqNWfQD->%&2-M?a8EUykziaQJ5%vDd=$+mv5(k zfH{@$oA~w&X>tA;YLdJq+;>!%Cs{NUa$WC%N43hDV|W%4N2BqXO9QlWrvhbXmPW?s?Kr8p@TcSWW% zN^J`OR3GuEH+#aU!kvi?vN+I{sG@T9+u^RY^=M9RkA*j7stbYUcR2MeuVco71st{o z?d@c*B3r$o6rS2uOUT!BGT56o6h1s|)X|qqLbzZr!dV)HFS<8miuA%k?9CSScWnyT zyoyF6??3V+&q@mpew)p2dD8}KN|L)MWjGwlxOv=k>pRsL>*Gru&dHo8I3^12{*_VL zgs7HuEksOqyMya>w%WHt?~UD-OoA(W5;_+`u?!cSM%*VMV?{>b=4v}%%nV@VmXwo~ zIF{NB>FlQgV@(-0*_-fvFjAsGR5-Ff+eg}ln=OUWQCn->C-I~ORwmGtUu9(DuL}Sb z6Sg;thpX{|pXLz;q+ky8Fe?#--RkBomiV(Wj`cS$KaNV_eXoxtskrn9mn$ri>pxJW z!DId1l2u0%Cls;dlnQ@)tvjtHpET@0{vdW_fTUP*rgP_&EAcS-8JvR&O!Mo_FQNu< zqu!ee?`uQ+AS#IEjEG9osJ`j!Gc zWo$#SY_4uUKWyUtWRiYUHHN8Ddf_rzOdbqD)i7O|ChD4UC~!!&aYEk~drS^^IhXIb z;~w8J6K@4aN9%jIbV<(aC*iB{!`^^CH)Pp#{gg^u`!dX~WNlW}L41{+i7p=qSw-m1?w? z{N*XJL|_L_&11He4rwiz!u-hr_IH?J!@i)mW;lJD#jeu29?`~HC3rL6N$(R8cM4P@ z3559%o%M;M5f|5{C7OjoWn@aSal-rno_Dfc9@) z$ek#_Kh^Y$fogXZP{kA&os)4{`^^|%^f|NfyxG~Q8}rGatyU}2kXV_L^vy!d&nUXm zv-Y2{dQPgQmolP4gK-Mv>67L@CThPAb3RzpY`A$V<`39s(80$JiXB>^4iWG5<;~g4 z4kF0j!~y}!!e6Ki18-j5b8041w3U?TDakT>8=vkosUYMq}@XF;3->sBFM>UqNI%vpfIfK!W z@jdm^GvD_HweIjqpr1?*`dApF$^J-iXG^1wqCJD-9zF+jC|5*DV>DUG)XAdtGv`gd zR3h`5_`69#GM%8osgrr$MXt$h4J09pi?IJ%71XTPLtb7die!h9voFoSC$&rZmsk;t zf$P$eL!y;+6v>Mhxg&!&7M|r+;HG5P%D~lpHK=y~TiOcEzNoDkA>{^Ur5-o>#97GA znpxYh;8PslKm(Y$dCdGsmXBz!QuW9aHX)X)-EBG?iebA%o%KnkGTJlqHi=_dQ`Yn7 zP))~AQzoM4?5H6XHW!NQj2ynRVKwkmo3LsJQd>F|7*i&k@f3@4HvMIY&M#M&8)u?E zF@oP)i_^h=MdXfT5&65~!De7A;s+?6kSMTS_DHYTs;AzH6bZN7J5y3zuH40o!tZWUh#&^T?5I|-k}V_kLW0HBtt zn^O83&Ww(AN8(%6eebL%p6qrljU5I&z;XgyRDkXR=JANL9TkAcxBjEZM-`6U#5oz;~k)Qn*%XqNZ3}df&6{Do%79ujm^aG%@%|w ziRXaPBCdqL^#Ta35HcdJ5agr3j>qt@M zsmTmeQe6;h1?x(uhTuF;IcalX&X@Aik2~+^X6EYUOL`SLUF2?Z%bwUA({c!3l$TC#nFiqTSd|D1H2|S`?|XI0hV0n%W*LY7 zj|#hqh%HN6Ig*Q?&E+Dx9wH#Axf&*(MDwL-Y?Nr##C_EC$wFV0_#M@3I*d3-EW}<7 z2##M~eL7W$zJwjvz7y~IYZ&;)b`eWBNiLtqCZjEdb*??r>+~yJ!S1@5;0luX@bVGk z7oNg}DsNm6^^Wh`5!g({#-hie^iw&1MY1>2u|S#VJgU>CxqgY823lmpuZwl=_M1&j z&F~A{2Ypbdk4XUtn={yz9xQdG4X4tV57u4g7C|P`r z9LK=Pk+v4>U0T9mng~ad=#DXG#e|JYFlTD%JVHRPq znGna$71*tjU?cK0E@Boq6Uyh&V!k4hIZC4(&g~=gz-Ip7HQ`r+`>I&gmzBnFZ>P*% z39Ez(R-Yk=idqH#-~Au<%xBH7l1y+u!r(fz4id{tKVSXI`uy;*lLhMZ$_ zzfcr+z93tqM+eV* zrE)j(_&8pw*u)mzH`s)Uk}3bDirc=PzMy8GIwGJ#|7i>+ZOnO}LD)+{9bc}`=SZpD zIm>N%B-nFm3ka zRBWI2Ywxc?vf>QSoUy1oS&lZr*bx0R5A;J9@4cQM{U~}CN7Dzh->8FHJU}`!@4P!> zXwf7!RKNPhU5^mMGL)cn)Z3Fwvv#x^gV)%$-kRiMKxacdnf{oatOPdhlY2?Q0f!Z; zur~b|KyQR5Yvqp<5&Kc-YETsyZ)9LD6BF>M* zB&b z*zbs^?IRo+-M1)SqefJkDOLE_V#-Fymr0`>C1F@#da<=Nlii zNT=)BMBG!cbc{rqIa3y_12e|PbNq&aGd0A;(z%HXB%{ouG2q(~@u>{`BdQpP^rkBv}4CklGn8U>?PnXyeM72^|pLZvA*f z#SnZp^*&6USS)R2H0f+4- zTwqB&>~1&}l)=F|b1=<>-D1VtoRix|H4tOc`SD}<53J{jrar8Y>$4p20#7$^DImPw zU-Z3^r1D4PSt@!IU8HBaPjiZ^;{^_Gdg3>Vm`Uyxjhn2-S;=`TsJ$HbYg3-8-6)hn zYIgdMpN@kDo1Xr*0vxYW;rr2cPy_y@c2Ux*g;C#K@S8i@1OQRPaK&l!h`#uc|A*h&uH@%kbEK_@QVoED{RSKPJdlm4@CA|jwB?ye~}$@ctWku zDx1zJI|V(@pNl8WL& z8T9WMzdt{~_=m61Pj%uXy6)ezOk)ER3xp5=2q3_7m}!xnEaL8qj>#d`g~}8_sw>w= znhmo{o?V+T>)j6bCuP9sFQgH2l56_c*t`U-IVG|Vk*|Az@VI;UesP9TCmtxzCvXV4{Cq_NV6;If+$YHo`8Pm4VCQo3!7z`*CVO+ZwReZ!v;+^jm zQ-*hrN*c5ck#Fpq|8SF3Ees3HyYG~p&CgCa`_6Cb`Frfq%KL;5gwLR|=F=4(Czl4- zV+L+BRw6@Mg=ZHH(2iQBUMUNz(t>}1wd{>%SH`>hdP)o2ueKsOKB0WP*@e1E#dHu_ zAPJ|X^6WiMQ?9vD@;}+7!WLdA)W-nSAWFz1jsace{XfnvKf~(=4>8*(u1RCq7=4I zWC8{QWI5m9evfPfw2}lE^Mr4!@46#J$m*)P zArlHS78$P`$*IiUx~u)V#{KrSb^p2c+fG2rBAM73@>~&ZObVC7D{v`pyA}gUR%sl% z84WQPgc%4lXKs2txkt7hwqc-s6!)O zi6_tdZEs#P{UWdQPh933{R}tWi-ma7F%wP)5RP|A9n=%OGUE!O*(4dkX1nKtz5z{2 zY|r@jorSHL&n#k}lsI+RC_j%}t&pf=8tXr9{uN^nj+J5v@mNJ$q)#`NZu~|ZYI1$O znX10hnO+~8Sao2_!b%QKpOnW9J?fRbtr|yrw^O6B?hS%L1nUhPr^&9N}WC;AGccs}??Ch%Qf^tkNRBIZpD?tR5E zfs6sOEUk9(1Y8=X_HzNP6FT|weNW7vg5~w+|n$VhJOoWH?}a$gwGqTiPYp zsXI$Xx*ZwN;)Ch3{cyksM5VKQLb%$WrpNtCP(pI4BM+v3=bs~v$YxTji>@;~x%`2u z`6p)n8<5T<{e;o)1_sY^gTi>yRKxWK@X0J3?J1=K|BZ8_{{H~yrpi=*<@`qdukdnw z81K)tUW)igs3Aqw=VFsm&UvV8Q}a6-Cim7Epy83uJmeu zzkPk06QkO>Di)TG`@n%fwq*6MLNS0aUCIn^+-TFY+&OR&;%%jQYXH+Wg7$_;noEr^r#m;7yZ?JY~b{d2#d4sWGS!~{9b^<2vwC8PY)f4x6b6=4^86t zMxUJlE)1p$EQw>K0>7P4N)PX2h!4E?T5iQTrwq4hk)+n)FxQ~>OKuqiA`QiQtn}@` zWy%di@*Aj^WO{!r@;j#6Zvq4$VJAo zW;~<#YKiw)l-%eOV^to_{;@2m;p&kRXtsU<=!WZUJyeoSU?mMu+!%u>nrKL9pyElK z1&M{FMm_Ipb^oIweeqg~gu2Mm^Fsdd^{HA&0-NxQb&=Jth=wq~kBsY!O(V7zZojNw z9(}KgJpCia3W_z1j1%JBc~dS4by0|`k-2Nl)c*elg11f0ebmrIiaJ`%doxBeZ(+?h zRk6@~cT2a6&ZfFmA6@=>{7~3DDmCv+UD^I&{RBl%*0&W{YLOX7%+?ZLA|t7lQ88De zD`Bn5jhL$yu*G!!NAOCHbT1!OSRKG+i)g=+eNe9*vo3QtSim1#UG35O)x>bH-t=L> z>4ewR7-j!`C&Q#K%f59)-Jrip8P6Xp_E5Jrxk=n2_x5$85--?aPTJwrHKBfU)Vgqd zO$-B>q-}pVU5(Q{qmP)?Q9+3qqo2AEsjUse>qXM=s(`YMY852)$g-~Ks28q5r!Nm@ z^w?dbQSb(R;TdL7$wK>}lJx227^XtwHSoYhWrR|@Q4gwtG`$+r!>^8=UI28M05@|^ z7#~t?3c?sem(vjOyf;-w){!qod&*)svd~D@*7j?_*ZvqusC|-7DSEIJ33L}*`nw)5 z2Kw({b+=@zRWR+GI7M}n;htX{ZM5EO%yFZnwWo@RVeV+IRx`|qSchG-Nk3}iP#6t& zH~tvA2w>PWf^!mU?6R@7f_93?+RWnOd?nk7{z&7lKs26pUNCG+eH&hRLP%?Sj@b!k z-`d*nw|!YVI)X3WcZzF$m5*HHrcu3+#RR%zqq`?Q%T;+&Qi?Km(z$np>-rS~o%@Me zDn(|STQAFT!aPp)*2Hn2hA5X9FCO7_amJJCsNa~X#4E`wS`Va+LebnhlZ6Iz+h>Ei zsiF)`SlQCsuon;zzH4HOvn~o0sRoMEDs#u-L7KW)>1c-cE2~-w1yjyuKEKwK+h2<= zU95?3w({ueeL#^T1!CR>Ahxv<4zfG-T<~5yS|@)h2wm8=aK-Jc$X&LlNj-8c)}>>; zB2(6izPv{w$dVcSwCN!5xHIACvq+@PQO>d|Zl}pLbM!s^68{S-v-SQ#Qll(gI&-zheQ&=aAMqkQ{~9hsEpYLAPDH_j z@x1N5W%Zb`|3-Q1a3JSU=D?Ca=iD5jI=9*t+W{%b8Q3S77C- zA2iD}zRU~eOa8Pu39D^gND;?E7WUdNV2QmkoC4wbBh6Fv*e|4vOl$R_yT*gibfMzs z(G2m_timP5ImI?t`DLVJaKZn_NQ>>lthRcNTrk!`*LvH-ldhYk(zIs-oNjKNv?o@J zL4x$qJXi96&tSN$W{O=AR)>!_U}hEtFynZ*r5?TS1N%X}pz`R17Rdx~j`K8sQEC zNyhij3~hC2snT-f!4;UF_K#5*OXE3(6(j6rRTCG;wv(#*hb9Ta6_76q%-3zum|1_(#wN-rW#E%O67qkRh2%m!%Y4wbIjGwwFtCJtRF@<$2$XfMeR(N`lG@(gPZDkN&o1LBe%@?fk&p zd~x3J52K3J6aZ5E5(Gt&HlX|RlSJ`-J^^uv>E*EwbYe~e{Aqoh0ITdh#ZU13Zy80l`$ zM7=sYXDflc3cbIG3CKUNL)b$j?vqnMX*v1e9ncTO5UEf!MbG34^!f$?q)A+Fka*t7 zM}LgA9(g4A5qrQaW^i)GeY8@3rVl?Q&dO3e`EhkE(k)nh6C4nY3ti*|-$#twGfiLMq~6i79Vcs%kgw(al0A(?odr!_ z7LgZUYc|w-=Xbg5EyT};!Zv3T2CA-20Ob?13=+MdXVU0Uu)6|bhRL1pp1q5<+X%?z z3t_|>>E3XdYQC;^abme#1J1yIJL*k^IWvvG|V^oFA0*>N#M8sA$*(${3(Um(Yv?gm|N5%PaIS32hN4<|_~hTNNZ4wNr_ zc6Crs7s4MUU$(=|wxg&TFM#uO!zJ_Q%m4I=3ey#eHdX{%(oRz1pw)&-OVK;tP+-Zm z7J0pK7iep?0$LukM_#N28=5b6_?(F5OM)l0(vfr-Gf3YUESAf+3GAhsiTnqmqd?az z-}TiNI@9ordL-?^s@Aj4!PSAZXglHP9Id!3ws^I&vd^Up;dYYZOQ2?x4ecE z-`C8UoDmQ>pKA8+{BtL0lliZ=k2-Nc>rxT}=8D?4t) zSbbF>?USZ7GZv5J+3B+7g%p8=;nk;& zRv4 zBKT3%Kc{9eS=D9M7M(aO18r!=S{-z4JAxq2N`z7 zj%Hg|%Z#sHTKE+%QKO0x_nVE3WjK(;Y*Wk_h|!-_R)+%AQUu{G#8hXK zt6d|$QSz5Yk#UMW>8eQPvyr)RO1Uuu7uCW=|Jfc0`-;@)Tv z7fbn7cag;}DF(4Q&s-^PEASNx%kT_yP-*eoaur?J5cOd2_~pK?>{{LLigcm3mJG#d)ABDyB7Jki!KKf<4D(1 zso%ymP*a`C7IVn3$mlap99LH=NR+z|6r{RvirF^2X^vVV+am+Bt14|kf1UC)maTJF z2{}2D$>CS%cwWFB?Vu)iaE0}4r2@!~AaIGi#^e$ZTe8m|9dh{dH87JWz)za_r+rim zUgq$F;*MAMPrrDzEtn5oB6Zhwwr3FEI9l)TaP2ryOj&o4fjI;lDWqmlaU}19?7txT z`sdXvnKth3eD&eQMT{ca&=;hK+UN#ZS5a2;zp-LLv;8?j3->mBQx>mF7j&Mlb-lxE zY;2NE;MVt%Ah}<76|FACmGSz|EEtZ&!Va}vixZMB#-Dt+-FXT0;s3ycCFp<}v`QIj zYBRpuo(%e-D9Jg!=b`yN+b`F}awlrUCAOQ`XZAXN9EcYkcUv9xWgWlHVN{A>@RaTu zauX-ugYCstXZBvZI5gGJMZs{;UQQx`J~LBca8@EMKC>A4U;@36oX9AFNl8B%8y?Ty zIF?5KnFL$ZHU4)b7+3tNY|Qn^I7(}R`0^7AkAkkWW<70aL_|S@p{%}UdWux$#pmW2 z$7B^B^teTPg2zSz_vp)*MGSV~8p}Q;tcMl3hMKH(*tFCqn{B9I zby-FA{Ksf#7*YQMd!U741J)c>>WF7#F+m=paGpjmvc~wWz)otTI$(( z{bLa10dP~)QRR00{>E9ITGUHqD+AUkEubC=I&JSUNkxKPSA0<$ygbgrn6=JNL&@R7 z)(_-Asv3~!dpUL*j%gtLQ|WdtsYIPsuK@+SBHn3z+6|7eYS0dfU^kj5Vd78s2LHVi+%bs{^>2c@=EaTAN75Nuy@;Ub@O`{;cMe#=Hd^74dC2}k$*7G%}q zI?Z^e64|%hB?Qfb+2<6^qaEvLb^@GhD>Eyl?#FO`Dt!22pJn?}#XGrTrKI@X)ZK(C z<=4?jF{5IDq+7_pBi$-||B-a-f8-tXFWPhho#|izm?L@@w-+BR_I{Vg~`%2Rk!NO5>7De#kzqvMWk+qOHlZQFLLW81cEC#Rm7vu9@S znLYDA=e#&Cllo*ORk>@`TKDz4zF&iieBR6aObx~|(FAEFlYjWbs&Jh4DzbYzl%y>wxW0>5WB|Y-C zF;&9_UL)~vOX+hzW0MRwP|^epX%i1dxBn?v(uz0gXwHR%+3W=HeG`-a&J-=q9hK+y z8>75%)|{hR{}zO@jm6l3F>Js`=5>&Q*|XT6D@if2nOpR4mP(@@hWlo;UU%CBch>P( ziCXb+jUCN9>-275DW4%I&4*gQ-@T6l`Rs`9#IxC+en*j`O#c(dVwKNtJaI&SE!K1W zrTS~t716FvT;BhvtoU+Kn1GF{F`hqWlVj-$Zek?63d(h9A$QN&z-^oHMwK{5hZGV} z{7W8)4<^RDYw}lTrQQumxc?z4&g$v-3c5>GFM7AYp+j0zD!y-j-8}Xm#g)m}i(pQD zc*Bf1{dATLnFmI3C2t)6aE~Q3NT<#S4H_9(lQoB`jzlXI zW57f2#_p3wY>wLZWRP;x)?S3y&|){O7SR2Xlf0iB&KU)cF#nwkCLdU}W1p4L{JC20 z3XH&TQk`eg^%b}nUAt*Ee(sa;=wir^kT2-7*Rw5M4=nof*V7UY{_I}V=BqDR{Sw5I zIT4y*HjuZ;bp3?grD-gYU22AxOefyn=z$Tx6;pI9MD zjs5?s*31f1FovN=cvVv!eqc!tA+WewO20a1mI^w+NiC~bWja^XMs2rEB^{{y*{Y>QM%!#fFMl=>&LW|d$+QOnE` zandr4b~W5ZjIYf}JNcu`(FpZF=qoK@i=TDtq-pW%dpCy-h>0i0($Aefd<|0AcGe#W zyQ0;$m$eajBKP!ID|q2I0H$LuHt){NC#5cbEfj(T6k6$H`$FBxv^9;3 zZq?|{xA>y$7%XQ)`#TxM&@|ub%`espS*W=2==%0qW<^9xNjIhiGtxJ@`kr!m9S3#y zPauXQ<+3N6JeGVZH;$3W3=sCA=ZSNelrxZD-2{Jttl#WUEsA&9F_sX#o@+t2zfrE! zw2in`A_CtyFQUu?4ZT)QX_o|A-35oqY#*M#HS0U16oa&rF)CoF`)>~3muy+gf;6;; zp*BH~O59x`zkh{8yj7KsJxOYL@tG7mO}LH`k}EO~mMc0hFjF=CmuNZJH8e@F9SCFb z=)o|++xsIh8tHy1yC`q-8Q{4{V9t7&^HE;lO6eqPmDI~{2mRi?c0c+tYJ*aL{CW4Ns1k^?;v%0d%GTFJxt^`lBkxkD%N9v*A<5$ z0&!%~x#p&gdS#)oXUbusNz=x{|7((!&>+q)| zv)PQ#)mV(%FgT~TkjrH3NA76B8wJ*}FCFp5j-LQa3XF{COIt;&<=9>#8@n6aSj5qk zt_W$9(tWJE0WN=tCd$AOv$Wl|e~i{*^*^^|5pY&t*cnZdCPiupIgZF1-~3jjOwK6J z`Pw^?kIs-s!UCWS?~3wUoW!+#y~8_8JDm&*!7{7TNZJW*)2FwywfslqnxZs;)y`2b z_b?~63i-(fI!XXuw}D%t7G)C@os;bksiRCCM#vkLf&@U=W(uB{tEFtFHSzF`KyDu? zBLTKeP&{|4@EIb%HqliXa8Bn~3yY)9?(GBES{r=0EXe5eWM;NU3IJ;>N(evJaX&19 zT_UsTJ`UTDAZL);gA;rg#t2*(ffmj^%k6ZPl4Y`z46ze)?0u4kDP5N;e65!gs@SM_A;->Lc)&j$U?&fyK=MlvwJkE*0_A(F+l4%+& zuvT;2qjPhnOG-cdB=(FT)0iypB4OTL=21c$GL%kE3c?1t?T&b?E!3MQ>}c~y?41>1 zuzS`q58-zjaKd9oJdQBKOxT$C0nF5jB){0nfGkr{^TY%O=2;nci_6! z8Zq*gNnO;;wyO4Q#V0to%3H3279XV>W!a(b&*9uXjOKEl>DvOo;-7V;&P_k9ElmX} z|D+5Vy)UDUdH&-n5c0277dUOk1_~TV1~_Bor-Ug*kE>bljz~4_ux0ZCQSs}Y0Xa80 zI_M2Q^vIOeT-qfxo&(hZfy^$;RP_e31RPqL_G50f6Z*)y!M6*UknXQ&_S-doQI4|N zzo?Z?jIpysu@S9q*rg_wop{e|@Z zO?&#Qr}YB@fzts-Z`Q2h^!E?c$#VQi6afkJhlCmd@q?)rg8d!#d( zd3b)QhV6NmiTfp)y#gY#wFV$*j0n3r(S`VvlUEg^)6wuEE0d$IAdJctn^)b1l|ru7t|@)YKa}~y_gmhUXdnUNn2ej0j9NW_ZQu#gI^m5G_tOcz1-Q@}tEW zWY@#Q3cx>IfilxK+!#y$aB6C7FnVsyAWd;Jt+fT;*axXO?@01tH2c%vxdO%v3rD80 zi-2v(ZvKH|g#r1=v%d+Lw0HD^;Q#U(@_d;|(~%5qNW#UmJBBO?m1!dOoubx@&iIxF zNh)6%C?@*#yChQF+yUdeXnJhyi5Ii?HDUwwhC%1d*c2nHiLt0`Ap_Bo^=p1Bxtqa` zPFE^M+P~a54jc8SZ8dljivXaz&Gx?FlKjXG@>fMS8@&B3Hm2hgHR#S_$~TM@4296r zbhZ67JBIpyziN{T`26BkbmTkaz_HibWv#QhcyI_?vsqbhpq9>;{LaNpDn#)3Ig0T= zKz*YleB4m zTdxP(X2V+I&Vu((C%aAz0148*9C-g{EpR@Z*Sb9B z+wZ-HtK=dnFSc)D`qM0CoGxfxjsCSZof+xFM0jrBJPvU11S;||;+qPy!IJ(-^1@_D z`4&ZePFftF+{;P$buirj_`n@P=``lp{$1Cb{O>jv21%8q&&lm*Jybl738aXTI|=#2 zrWbC}1*?oYhSsh(cr~2}LZb77S_nU+kZ{}^@&7TG-6!+cTvZP17WV9{VVd}0lmAw0 zJ$P)Xs-3kp(5dDkWtlzBqSNS8k`reEL0}D+y6g&p;DVT#4gG!rynbiY_b-JRoj7RN zsce$F_J92GW8GQs{CeJleD^RWkePv;Y3p_Q3-pCz;0#z`EWmXrvX@JZsXIDkRz@sS zHWp>y;+0pm$wp{=1%*PZ4b;62O1oc+q@x(+W11qL_!|kp!Ej1QL-GVGuiSNbw!OL4 z`NXA%yQp^8enhl1C!iJwWZ-^lbzpzW+dbVO_EeSC4Q9|_)~Ch(9kT&SLul@W{?#i4SFEX*!vY zKSf5*A}hqd%r@`X)P{FQ8r!RvT5n`)iE%3u&y+BQ6ela{Cs00Ziog!kalLzYV%`Q_&Oy&Uw3*kweF8fm75A&MaoEd|}I- z5;5NAh^|hFN(V`x*rRO@ueRQ%GnO0Hq-YO4Jrv@BvP$vU1%Hf8SuA}MW#bx)0OTmj zxqiq%FHT?^=MOSBX~_qFH*I<_mQZD5q(&6{3)pw8u$#EA~awhxM900VZ_LktBj$~6il%|-N4}`6=n#gHZ6i1cen$r|CN0$C zBqrB_GpJv$33&xc^5>A8ewLYhMH2}~C#FLmW#M(aTtPoMYTzp2YTK_rE7}=LB#LW6 z7!re-R@Q>^hdp-o_SLs>8RDJWOhQ!Q2R?`v-4bL|b`q(s4u(Wv$@>eT*OPFmwKfBv zuH2}#yrK@l=1r%@anmOXLz~6}(G&LmlelI-owITG^FR%I(B?^!Q4dO|~1>PLgNwm4AI@-`_p4?{bdOZ@jgKMO;kzi6ZzrpYGA*=)*8Lrxx z77U_Gm!L{<0U5ny`61V~sFwCZm%qi6XjTSw9<>#oMkk=NZ3fIv6COwerI&3*ia~>n z9Aii0you;m<6_H2ulx1rG_hIjCH8Bl5F4~>F`^kIY)$b5MtCsA?5Jdljlz#?y$J=2 zv&D_$fBSr{?Q9^`>c==_2#3Lm{Qy#wlSbp2W3wZ-CKI8n^=71g3@9oN0NnB3YeS&` zw0WAeuAnOpE9NSaJ%gPlp%Qda1e`SEBu_^8qjru`DMKb1bl=`J;!FBBd$DC$v42Bi zvt#Cm%3~NVKED@ih=d9_#}=L6xgb8x@0*Z#o4=vWWw}=4`R@nszvS(v`~_;Zfa8X1SS>f zxA{((`n-6P!URJ6znXTP6#vn*GkVR`Lo52c5EJvE%J8hd0@I2BY1%S)Ad6p#*jG`K zlWb_G%Gh`;o*8|y@~(4PCZ!zS9JyO+LNFN@W^dFQOWa!!QSM;T9`vNoSVcK(U386K z3wdSJ2>w&qkEhD-@I))ZyDB&n(0Gvq3}Fpx7I-&8QNrl-Qyw}*SRRebDFuTe%fJ6b z@aLEVVJ_iu`|isV#n5yi1WQ`ZA6b;IR$s{yOwG0Jf{*+E0J=W;c$na-I6MqoKXx`J z5XZ8N8e%a$tjAywEekY-2^fy2(HM@#@es;C7!J#0YAh#159pqGFVxa44|EZ~bY58L zRK0dm1kPq>T;68fdUtI)Ode8Csu?k*IGG@x!^}~MM)Q0xZJ6=>(#7^fPM0GG?LAX1 zo{B6#?&{n&mCOplVuSRacP@)uJbS@sOZysRB9nD>v|=P3Xr;Tp^S&nDVI)t6l+WtPOJ7} zi3{h)0fAC9|9Qw^J=c09{fN72Fez(61{NO;cjt}QyRxNjX)}kYGcO&3eqGe6DG;w% z3sK$^gjsrSA7d(W(jx5p_6h^JOO=TJHk$^(Y96>OfV5%_+;;88z*@{dT5&^Sy(P&PkKEHW zM>;-UOR6xI&O@IoHm#>+zqb}>6c-*U#2T&-VM9;BxJ@>&8nBE|Vn^(Yt&sKTm~6Rm z{`IX_nJ+w>Ly{KE=sD4!jg1g|&cs!BEs2|?3!52Y$=`$5#xlK1)l3V^~}MWg0I(B z^hU_kW4_L-xfxy5Do9>E=eUzIX%qgqbL~&}5DC(fu0ojH(*F(eJSMrp;Giltp%r1o z9e^*umWfZeoEgqw7e51Ast@m2)&gI%8uT3}jh;ZVwId^PWR`W;3PF65)1l=Gm$9e% zgec)R$+p3KVaFiem`ztQFAEPxy64N(7MW#|tDa3weBvpdTum3sxO(Ej{QxAi)5egL zk{idjb{bu^MFr@FltE!5lYBX7^Q-bk^tYMwDH4-yzdcq~LYY{^gy(rgi{h6(E~fOZ z$|QRZX*{tVG%OexyYN$;jXRkY8&7p;@vRE`Z2vGMW%|KmjPIEDhU1@eG?0|!OAG$3 zU5!tRja2!`Ix?-o$|2nq4;thrw~$}s`qHV%P(M~Ntk{t>(sglt2nm9TJ#-v|6!mQ( zt!@E_>)=zilU{GL*#D99Jfc(;u-!l5KZo2*8jCk?uceNVKsA3aVUE#_L*9T22l}UvSXeuH=2M zWftx-SN*W08!;*a(G?ZXCT}_`IhKnUvR;wE6o&hAIwavx@lN_k+QB5(GhL?&1^18j zTo+e`Ty9%6XUxV5(iIr6H)4E8aZA^e5DluCRL)PC%tZZooPhMTC-mE3ki0fqkl5U@ zo8$9%a(QTSG)V}*o0`en=b7m6(WB?jEG=!(l-rCh0ql`nue+oWx%48=r=fW)xlSK^ttTB>Rzqn>s|jxmAG) z5?@t`_ul?q6L#oi8tNL(682&uTA8LSmSF}F6#&Lv7!5sVf@gyowRZS>$1oFUm%B;SbbTIp>9|4`m#_ahI{7hN&Obo zEh_*XB9%=Ahb|$0Zwr?L+N#NSNFH?F%de%zv1t0Tqk6x{vr<6|LfBI66u2iOfA|U)F1gxf*&z(iEfador7W>2VE-9>#jfx7q3_BE~MHIMT0s{q0*WW2vvw_ZaOI zdNTSWiTwNG8xVx?<5yHBhcs`G^i^A$XBEo!I)`XMnYZ~f_8!`1DMomwT_OjPMXXzG4AN;0_zq3d7;pAKK8zBRv55Dq$yy-P3oOON=N$LBEvBm;#R z9a^4hT*o|FN?=#T&yEX|qum`RUQ70LA{-_WI{W-Wkk^s>c_pkNN~<&+Q|yTa)NM+3 z9JMJ>;j2>)5BH$H_;doVR_VvCxpbA_*n}%v>e1C- z4B*D{B%ToK87}2w-|2df9`(j_R^!l^+!+iHFyd%x$Z}%PinNxDIWsP$R{2E>jC|jB z_&R%X@!*F<*Omvrj&RSklk!A0U<=pV9;w449kL;}wK}G{i zM3U1s+OOWsAkWi5`?7_ByNx1cL-FdgwdmM=Wi=<374xCLErutlB>JWa;AL55?TkRN(H9JFZYdXMVCITTvPcoBB=+S z>Hj{JQ{@UEEeMv$M;B^le2=Cp9u{N6<_aFLArW&ko{E6wVx8K5M&@kPntX3z@(-*? zy;*dHdRf|LerLoR9B&C5HhJXTopFQI zmvuXka(kHm2*S#2zkKRj7cg&f*|X|=}*;i{yLTYy2gz}6lSSn4n-MhKdXkvkGVc!@d|I^G3kXN zv0cDtkB1A0O(N&R`5`lmTA#<+Afk2Pc9a)0{fFsdqASzKT5yTr#*1!f(cD`CELxf= z$)py}3{)Gq79KR_G}{Rpr}HxKV`@Q}!`RelF{{=lAUe&KR)S1B1ZDC&BdnwcG-POe zC7ZI3noLNNUfs8tUxd!0zHkJ-euHPH_Pa(2uH$;BYp0_C+b?XZJ*t5rt5B!EG`+!+ zDGcQw-ffE@s~!*>n@6P5%x0`~=M&hiN;2IQ+sfMkov$|M(_&zDri-p{lP#f)u zqAtCC*%DP>f^wl3Us~*~>nvGTV z!B#YzxhXYJTS&Fsbcq;UpP2KJM zJNH@e9t??MtbRb-Pl(xqV4-G)4G&OO;;e-78q8cUP20}y-)67EE(2*X%^gEi`8z_vD;Zv!tIQSovlDbefQ8+dZHtJI~bYp z7^%KtdMm;dzz|8wS8XUFkt67$)^f;dCM79d8^~&svajRm@(J}&MM4|;D98GOrD5;W z!8FT8*7iWa8J7Hbal`CvVcS*pU6l<3mE{(nJ5)E~;C&W?FpHSi5|fJ^BQc(5_n>CK z&u8ccm27jj(~^t0Dk<4&nPayq5_&9rO0VO!LCPW)zBH?KzwG8l$fe}7Y zL)ua$|M(%^oE%&ELfE7*PDxPDHQKAjCB3a7T=h)^`eljh~9gy$Bc%3o&CF`3})8(r)m1JjqL-r?p+n7^{1F9H@PnAFxUz zs^ct?Q1t1Cv5MT%OX^z2Qf`3Pbe$SJ-i%D$vTR{&lUdh$3n)!(4y&GypGx%2R+xtDeB0C9ZGp;1>{3o?L3_#%eNXZ3U@l|`<_RfNz$7Ae8ZO* zV=Ac!w3#(^Wzwbkt-});c*3_H_|mT~&UzW<=Rp`U-#ZqfIlQUZ z_*5AC@lOy`9)oHe_rCV*CNU~K6gW(;Ws}oeaRl)DpC~j*@<+fRd%C{kJx;uhS8;4m zZ@N>-wHZ;IPbowDb(nH>L`5AG^AOcu)^H@M?MGafr$(M6r@;c1`D>r|nhO{D`*Y8> zz$c?E{5EIC!@)cbIU(NNi($THPAk^(2ceSnwzpwWM)|igZJN+!p~5AJMdzWR`*I}O zUUk_*eYu;1nf>?ORZZTSNEY1iB`k*)#sj)a?|CrU;5XFFW0npYC(3mFs|VUcIKF}( zL`+eAI$B7tH6pYl70u~tTk_QVUQu`#byaE#9k7(Id^lxeO9R}80u-ayzUlSY^2VwY z+J2<*16y-#gn_q5@NS=k9)oa3GbiagT~uOt#pDUOpo#z+0(O;Yu>;a)uN20J)k%UO ziS7!hcL*u_R^2>NlGV{EWiO0f^QxpD)r4NK-*hoH(qa8!ksM@2qU>-)!Q9z(wQKRg zZXP?lk-N{of5LN*WzwL{nLtWWj1+_o^r7#is6H6YH8?BM#QK*6FLE#%K^P>xmjln7 z#+r{t0x@Z5T1*mcGM5td?#6qrUg-)JZz()>RKSgo=829I$jMTKpB4auz8vMtcxHx@ z#Nh^%g-WK3-;s$BrSqXmpWe}<_a}%$1(C(B;y~<%2vM-+OmYOIbwAqRWA<~8)98cf zG14EfSS+KZ(V}~XR0MuRoOZ?i2sQV91Z4zXlF?Tz#B56H*dAUeXbYd{YPOLsSWnD# zaKMnQ;w!cfcD3^nfC1WL!ohqPfbOL?!(7j_i^z|pYLZ!*=)K)7(g=t*87q;?OXyLT z1x+ANo%l+d_8N&W1jT5n~1!^!qq!YzJ>R+WB zkYf`6GpGEmBKjkwyPDQ8ujlWO@^5(5lNX2u`Lc6s{`Q@}BhCMhKgqwJSiKxMOyDsP zzPM>YI$LqSVXVx}IBK(yM`up--~Q06PWYz_U_Qc9+A-R?>vStFQj@SZo!w;J`I{lP z;XuMAM~F7hiNXXmxLovw{q7yXLS)Lsgb$yma(dU1M~v_J6LG-U&8u200vr$+|6UZq z_lOq*rJ);&E8|(RJ#6n_e>#Oo^%ickzV6;IghRrLB6^EWf&b+EN@h+0QSc`kb!hIn zow3bw0%qTM=~OnT#g|3~XMByig-B6~^C6uyeDBiem>%^vd;ZD|3Ar6`A}T43kcG>R0j2lp0i!K+#w!~8r5|Z& zdb$*YIWI1^)z1kw_pqa>sNW2{(<{^wD=B;W_^IwWW5Rkb zaU^8`&gg_ink!RI)uuBk>O-#9C=2(`+;5GIk0?Qc#ne%`ypCm-e!g81N6po)p6A$u z3*Tz`O!!#`+JEP@$?K=HoMbMjAEmM6yxw`MzCVC)Xs_?gt$cHJ z3$VX+Ql|+!?85$H^#X%203*8Hz5@H~2?U3ed8Lal_UA)sSph)YNiWfv3fwuNMpHh0 z*ct&_w5{K3qoGE%mU-BY~-T@<+#&dQ1gq7JWu`w41FxqR#^!upMRJpm= z(C<-ReqZ=)T}I_(Ba^Suj(q3*KCqoa*b{a3By6$dn#x<0~;ukq&hrRI*Q ze2*JjNPMw62FP)9YDwj={*TYP&-5{Fvky1)K3dp3oCa+M@LI2D`({ZYgDTM+2ADZU zfLxU>rYsHj+jwo~Eb24-zMOy(2%rO;6R@~9iXuk^wjWrt-i9(L;bpdKpE9@jgq)Dx z657f~)3@SGMAum23C`5!1iYU}s-QFcDmz_o(xG-SS_rPOw1;Ydt|Hs;fz!5wEc zoU<8mjBR{8E^8^~5gtzBgUBeRmlVvAAuB9y;TwpyC|HdZvF;fxFL826cV#ncp zFYq4!9gW{wVac21B4074IEsfywCQm1Byh^dDf%|oLhYnB4GBREm}hw{!+drrbSr{F zPbCLW)Q|Pi?v?0u0g_sOFJ_5@viG_kt4(CdP^}-<-3~#E(kR-SWxINh1wo0THIC{ z#m4T64dq}f%>EpL`y|WWbwgO^%EkCS2=%nHLP0LZ-T+Jna=P`*{@`*4v{yR~D{Z80?3OvqkyhQt$L3$a zqk=XIHW~3se4V&jDGk7m0H^=i;c9fWM<$?d(tzcO>rms*t9F5FIBnyj2GBx zkIfaZ*)U%~m|@f|K2wACh88v4Tgjw@?UC>@SNLgcr8hE~Pj=G^G-^L;+nP6m2TtFE zl;X{iYWmXjkMU^OBB|*0J{u>M_g8yrm;2w&M{f}mk%<2 zHHrxZqZ_)G(hs@!zXUtTu;x3Pw&!)Ryvk(`@5t=o#ms{Z0W%huNe-tVKclJ(E;W~7DeU4mwB`Q%h@46OB~XUW zY(5mgq(Eaz3ow>dC;0U`(=7c^*@NTFv6g;QX5-{Pvx~L6U>1S zDX975?E6e5PVhTL`LKGAvrCIqe0; ze^aE+(hNaa_0C}Q+_PalK@r-VX(Cp&(55Iwh#{q}lYvQP{khqS$T(;awp~e|6r#K{ z>Ll3+rT@5vDTTJ0=Xl1PrP%;aiUFzU=}YiAmaRK)U=%CAP~SyKOnQ_4iO$8|eN%4x zp%SnDPn>Ki$@-^Y$jG321rBwobD3io75dC<$)bEKKc0I?3FdxP{#suuwdGT8|8nWQ zl(zAQFg#PdCSUEg??)T11S-4Es0Y?VExWVynX{aF`(jXhj^vlMked&K7}|Ew!TR$# z(&M=muogplr%UJI#}_I{(Jh~oIj%$BON}2mwT>jxea)LfDZ^&X9`V?dy?X1(WLzE3 z8H;;ZYpk!mt@}%jhcA6`QMmoCkMH1p1`#TtqPH^FetlJ{I6CDED)Vq34B-#Nz;UrD zNS@w2>ok*Gh5~}1+aT~mSR_s-R^M&7_z6~X%U~gZd@q8Ew7-rL*>f?A51V!5rWn$S zB~mYJfcAW!!)z=#@n{$+9BsDQ3#T)i6;p+bajo#bfOwD>KT-`f5J1> z37lW^?vAW}L50?Mr}jReZ$(eoZ|*+Lz={PqVdB1W%flG>H-HSC_#Xh7Qjan(aMd6m z8PD>QhPzSZ@rfXyJQEB{7IzfjFu6n)j77>WynaJyI|fA+0mdfyEb&J#yk)1y7Nu<;?v=Qu#2aI=gr#- zkfWpHTq2K&PgD3bOeBbjASDi)*@a2f@0m~Z`7ymVZNxhEhTF-ML-6vpMeBe zrS45nFv9)`?{5#qK4!eU2Bmp_YxEu!&h1+I`-#lrWx}c(rg$Y{K>(VP^1yLOO$1D0pPH_o}Kn^y0vwwO}?yjICIoy@LQGnMb~z zhGan7q-tf+WF`vK;{-TI6oB+S3Z}5bTCyTfdNP01rb|<*>8eEIe?eH7`$n19pY?bo z`J1-{%hCCge`jJNi87)3@W9i6vvtnw{q~aM`mh9ugGfe-gc+de`gMb;ulnY7rcap9 zU?*4dSDu{_ec~jg$9OmOhVkIIb|gmY2L>a}CP<;!zR{iA?LPiXKhekNeAe@z2hw!q z7lRMiZ*BAFuJ(`sP^SXHox6T_;8&KAfI#P7+Uq1Gnw4uYK&{n0dh{KtKcm@o;!9@v zDP;Vh6tVj#BLE|haFgH*#g3Hm8geuf(iGluLN3+ZCo0voSnZ>dLDVQ|+eRwG=p};H z4Hd1$3qF>Ozs2uPp>|>Ye%+7M21~5BP$vJ|6ng_gytcu}-h!l8ZibY#%fp99 z4BS)VRiQ}|YD{wRStU!Paoe}!{U26<*iJD2s4?Q`b`}FceKf5A^f{<@W8kn~uF(*! z=0-$rVQ*4^kz+opB!Dw&=t=r#T1qV1rQarl$pzQE$yrfAXCj3PSR$1hQOH@gz0p*U z58N))ME`_2$)l6E-Vz5NB~A0-^sdi|3fS#(i85F|80&APk&zs4UhxE`etcF7vAfe( zO%5~!A6WWtMm$I(%+`UO8gSGR5A;nR;N%SX`r#kvHClm4RwDi|2|JOFE!qM!f>M~BCbz$04+uW?*3}w1Ad1rPgC?iHBC((KN zDVyWix+-8EH{K;S)LwWOZCwYY->kr zUW3J#sBzR_{Kl4{uY9xQ+>?P?N!pGbyaCQ$JxGWnhA}$hcmg^9g5z8(+V1OS7@X{~WrX&T}*tVDAeBbM1uJ@6( zCp@)b!5yindnM=)RB`dUvuec(Ny*v!+gYdTjz&0{1!^7P9%C%2ae{@ls0J00bAwod z)SM^1H`duSzhiKWQ|e6vz?B0(^?Pip&N|ST^6~F^VvHuGJ_Mf0uM9ZK)S3$;t;BF?91L1k zd2xwf)??CH2Z=nn`yV9-XHW4T$tAU#A@7&~zZ2a3A=)!do0J5&3SQ>1L;KAl^{k!8`!f+IMz^`QH>_w;eEoBI@Y|J$MnG5XV&(jpWh86UJSFe* zg!WKyvDR^i@|BNYi^tlwu)x80k|<}T6w%KCCDYKE@VVRu1Pr_{low;*{1ASxP**w7JAkxRlYTls?%Yee zvA%Ei{{=URX7U&RBu(;MO#OO&e`ZOm1Ys6SI(hhJOr#|NGq#Hj; zjorPslCHcqc<8ItlzCvvbYnrzQh@)zi3#1mBqm||FAZ|YGLT=@(tkZo)H{0$or8X< zgdDn=a+E?BOo@$`S?ixUTQkUCXSEPmjm5v4)Z*Y4>0bj+>)3%fpx*VD(EZ;dRsZ(z5CjnS7=tS5 zDFE*w|HtFL)Y3rGLXC?r$MY`^%lM};hQY72^sf}Oa9~lDtlPeYvw{6k*7c6l+5V*( zx9O()JtGxv>OR|OpF&Z%p0(Eok6ZUEwE~44!hib(z7d31>*4&VwJfuAZP$4YJfxQ4 zW8@P(RYG60BZ7g*mIr*gT-0kMbszs^TFW|vx33LhcKP`dJQP=+?m>9dAKFrMh2Th5 zZwB>Xe*K3@c%bGdcZONHNYY+hQ&C7UsPAR!j|b9t2zBik5+#qC?TNul4B-Xq_J1NO zlPh148j(O5gMiPqRb$)DjD3<5k|BkmI>lMp$b6Te_}4D?SL4LJ>|rJ~z$L29-Hon# z*B>$h0_?dj2=NMiM&EpK6Q{+_9t=RcX)t#&s=Pa?oB%H=%dk10@Klt^BY|hfQqrFY zzuzFSS`t=(Y!W1lr7pM9K+s%~O4t|e6kT>T+(9msil`7r{be4uHf@GeF%5HMjgy~! zVG^2wJW!&ISrPru!nI0>BVBW**k#^A$nwo7qeGT)WDMCw8!n{puTxd~n79Q~ek&`p zWp!%#HPUL>f?h|8%b*}$7}GX7*H0@PQI+3yLnpm2y2df*6ZWl!@9N{}C!KwToeKL{ zE#|l?8>d(-emow(*SwsA+jq3}mo|RCx`Eg~IBifzo-|_ql4_@x2J19XWhEt!Ja_oM zo1Os&(>Lh_bNDgqeM4yVV2I9!9e8QZwRekSYs(j2q)ngSTF~tEXL6CLZhfFU&*T!Nqc*^f#tbF#t7o+qZVJM>4e@f2|gO^ zJC@#*9Q=H`b2N=Hi{pQ^VnQcVFT~wN9ba)Nm3_j*##p<+SCQJBsIa&h->%NY8EGn< z`%ZK;MWHx)NpAIUH{vqjAYtP@Gdd9;h!cQ5_Cgo+z@i91EbOGY?mI-1#e#Dquxz&O zzn0foX~9-@D3aoD4NXsZofW9CV!M$KKPkAPq6_Mcie%@(4$tg0-XYC#q`V*WadC)h zw)9=>Ub5A#p1D&jp)k9#1WbQhG&53Bs@A% z)*|k482bc^t7P1feElf(AeQ$buMt!n0X*teC*~G1#)?SE>-D8IX4tRZsRFkKnE(Ue z?dA5P8t_kBm1iZq(nK49FPCt1coJ5t##%kHZa+MZ&j&XG8byew zUD_5LtD|=}uN42%Ch87j7WQ_e2%U1{_GFvKI^!c8znQ`kfcPj!IixU{l|{6AYjH1d z1ZW$4o@%7NR~-)xDZr~*dm_VpaLIGahe}B#4~gA@`CRWB;eGTSTYe#Kih{a%zxY{= z(3GOW(7&Yxnhd*1VSxKnR)L_uNoej7o z5c48w68sLB(a+1NIfn?ktCTvH52R=P#fGrR(dkC>G3&?v%5MDwkqGRt(XB6bl!HQ} zlROA7%ht&TVpN0%|INLpnQA=i=05($>(AJV+Ps86*BaUv{~g7OtDtbv3nV2g`ts&^ zy>t-<)1RFrtF~;Z{#vK^#2kJ}q#nofDRh>ik?0A@7ZW?Z4;dEgDXHKIhv0R37tPVb z&)jBa^#tBd;@W+_tz_53N>gww1 ze*1ks&*w`+{n^dZygw=SY%mrq>k;DP6W{O{!dEt~&c|H- zAXoi*c7d7j_n`wsu<7^aB}tLM(FK+A3mCI67?OUr7Vg&{UU%$8do77sf@ns2JGr5R z#Si>RGfXLT+uxDK7$USd-fQw1hUHa$Dxf}O<#bz$7dzndmE(I%8j=Yh)c)9ky)DN^n)2&6KTu!JPrW zXup^GL4scDjUEB{?aD7qaL(B6JY6{ZAvU^I#m-Gd7Wgcw!SIOkECzBpsDN(ojt2e! z99w=OJ$~oWPy@GFM>?Zeu91_(Mu1>R1_J*|eC#46(5{T0Q)ru^XfpOWAZxG~wUw=v zUKXVtY-x_~&c9)vhbeugTmGABEr^V)aWu-%F&(6fND)pYL&nm{D=b-#d85S7f zFs6dn#IR`Db2E$Ix|v#OzQh+F(w{Rh$P*GWK|oStEBNUG12J`Cs)d_kINy!zPPR&f zzfKr0rN?(yBvl$L z14|glE4xARI>EgXYAMfkhGaxcH2K4dD%?wrn|mkvbWE#h9+THT9uRd55hkA?NTXa3Lf6|Px1C3$2k??S(rS>Z_N z%WJ{xF<42#x~{$NAlbo;jWvS|BM#3X%z zGgk0v`in%ihkz8HS`Y;Hj5i}7BQsydt0NjOQ{jf<4CqvMW;&UVg}Ypyt}h5%{ZeH* zw}56jD?>HXzu-VBWwJgEMyd)oD!j-)fS%nlwLNz=|6Kdsmk-y35rm?<*HE6j@qq@0M zziHOW(zN^_WvJeKKjpwLb|mLE`b9CulWXEJFCm6I<*BnhAI8HHkJ7`3)x>WfV^?Zr zJ$p;iRyLiuXls2Z;3o@$0Bt@QahMXOFw7^q5pjt+=VLfeBk%NMwvwy8&zAVkWSC|~ zAN>j_nC0tPEpfw7MU%IG+JKlcCWtSz8mnU~BIl0NIQ)=v0X!mS3{>Ppe6*$G%smSZ zo->=H3GX*h9K(AGI=ymM(mYOInC~}wwZ5*I62J6vx>YM_-osXWr-~6@TjWQ4I>KEo z#qnt|BYu?dkE#L33GVNu`6}{?Ytlfjo1VPFLMM1Hrt)@Ur>D>8-ok4r0O81xIYA2! z3~?Wg)d8ers!1T}%LZghC&|pbsICs(y%XjY!yw(Z*mL#Zft1xM(P3j-zPEPXG-UYE zWZ{mcvDDyUUxa~Q)QcE17lYwzlU_{5_&>R)gee6H_xnFuP0wqmFld@AJu`2MWuiJA zP;g}CsrcR9^UMC_?nyiZ*gveg^@9Iz^s2l>4OYnBSRwC5H@m8YpH(g z_PNZk(>K+O-m@=Cy?e{$-~@GsYPXUK2UGhrrf|e>I*}y&_r#~gkcY+c|W*W)cdsL3L z81rHO9d70S@8A~jnGzX(`>{)pMSa`mmcQnwHuheG75%wl#OX_;JquOQcRk>HrKDaD zt3uN{AQ-=ZT&y|w{w7U0-D0K=QWgz<)Jw#n< z-DS4OziJsge9--hi?>l^qHD>Fe9=+%gTh0R*BV!KOe2n_@2)Z^#G{3Ap&E#UBY@6c zd*Emnb-b1V-hLAQzR8LGXfx}aR9X%;x4R|}5o8BKRqw=*jjiB)(@?$-|Mm)v*{7!FP zN<=cc>r~zn(zD#2y|oHDwP@xF8r#xY(RbsrP|ux|imjqpjMB_ma=pgP%U7kJ^998B zH!ox<)hT#5R>Q8Jr0dZ{%!zL+&2Uoq$Wgc}5arvc`LiH})yQh-FLJh4LK)&E+A9q@ z^s5UUAAYqx2%P{5CjXNl^>-@vsf~NtE|dnXov7Eqmf@nWQNGLN40UQ=+IVKo9mB?+63b+Va_{8=d| z#&ibn$W&;zs4Yg4*nq+{QH@HxOR_4f2uUG7#nr`Qr%2yOdbApN`q{mWKaD{@eND$k z$o=x`s4LOyc8?U5B4_esP2W^1`y(U(2v7=yiR&+(=&5Y4=~x+fk%$Abspyk zLI|65R{F+!r4(H~1bREXFB&3F6|4#56^Tv4#e0~_KZr*)ovhTBGmHf>ZohSQkU?hU zZwp&Hr%$GhY;#u9P*wvILio6WK=RtXf8#;5O<#j~9e^^-VlcLSvEr743}aWvpSbAD zau)}=!`B{PYL(JC4J?Q;^#c)O1+{(qx0ZFZVvvGpLWRmbC@0+Z!A7%OG z65A-%o4Z_~$*%dF)^rJYp6abphfH8eQ|cT7h~C+0VxL|eUvb~oi$e8i-X4iu=qLyvHJ zE!5}wFj=-*L^hTFuJ#_BaR14t8V%mU!u-eiPaRA5<1QUd7jlnfc+Sj1XR}0GN-`x= zgQqQ_RT2cQ{9eagZ>LufWzSmarR+S`a`A@a?$Jx+Dq3|@w@%z?3Ld|7+3uO!Oj_*S zE2^T*=8v<~Eh04uo`x2C^6#za?))^kT6H-Y2(w{BWVIpe6>np05XXm(c3wJ&moeareGFk%}j`w~TDRb!7UmzQuS7 zZa(onS?jx`w+EJy?ozJ9^s-{}1p7?jn69hCw348KM{e+Iy-dyX{u*DI2pZ0no1Ti3 zk-3c1SBB2jL+@{%`xmjf;q)B+(9gq^M>t2%{WTtZs#kJ;Vdkce1lH`MzJcR172XQn zIYo;-SlUm1lUZ>AKia+T3_n)x!_mSKk+bl!GU z3T782C=)o~l<35~4P`~zi~8oH^7KZGh5b!c&X|e5g6gGN2w8ZRfy&24IRwdp^VfO{ zWs;?B?{mJl({vXcUJ3F>BDwvPNvt-6$O|nYEXdAKK0mHQd8B27IS~{n)_pMwRLY2> zyX!kvlMIG@eawJ*@$C~@UoGo2x zy8FC+JZGIqW!s}iCY*XPTDk?mj~N+CLhOWqG2O^U#-B-$;!y!r!39nCq1kUW&buZz zb;Qe(mn(Cs8YJ}ZgMTRj2L5k^$hF1;#R5Ag%I6Z+rO<^sTF_uo?O*Z}*zE`OrW)}t zG6o_kkX(`;rkkn3#_GS9qmM_2RwRo{Izd`Gr9viVU)kD5d8z&`r>HsY#(h7!Uk#A3 z`IkI@LV3sIGpbOS*45T(2o=Zf<=Z=YJb#PcfPq&+eCzK)wcyW z_0M0-Zwht?K#}vXJ5MB_|CY?n7tjU-o23jBIc=q2$^}G;es7liqxG~?M0v8_maglc zLydUU?N`u5yG8l0kPqn1L;!GW!Q@Z)54Z*LTsyA^x|49RLSpdWfa9SG Date: Fri, 9 Jan 2026 18:11:10 +0100 Subject: [PATCH 10/11] Docs: refactor docs --- docs/manual-argocd-deployment.md | 48 +++++++++++++++++++------------- 1 file changed, 29 insertions(+), 19 deletions(-) diff --git a/docs/manual-argocd-deployment.md b/docs/manual-argocd-deployment.md index 2498cf72..2156fcf3 100644 --- a/docs/manual-argocd-deployment.md +++ b/docs/manual-argocd-deployment.md @@ -271,20 +271,40 @@ argocd app sync guestbook **Issue**: Cannot access Argo CD UI via domain. **Solutions**: -- Verify ingress controller is running: `kubectl get pods -n ingress-nginx` # replace by your ingress controller namespace -- Check ingress resource: `kubectl describe ingress argocd-server -n argocd` -- Verify DNS points to load balancer IP: `nslookup argocd.yourdomain.com` -- Check ingress controller logs: `kubectl logs -n ingress-nginx ` # replace by your ingress controller namespace + +```bash +# Verify ingress controller is running +kubectl get pods -n + +# Check ingress resource +kubectl describe ingress argocd-server -n argocd + +# Verify DNS points to load balancer IP +nslookup argocd.yourdomain.com + +# Check ingress controller logs +kubectl logs -n +``` ### TLS Certificate Issues **Issue**: Certificate not provisioning or showing as invalid. **Solutions**: -- Check cert-manager logs: `kubectl logs -n cert-manager deployment/cert-manager` # replace by your cert-manager namespace -- Verify issuer is ready: `kubectl get clusterissuer letsencrypt-prod` -- Check certificate status: `kubectl describe certificate argocd-tls-cert -n argocd` -- Verify DNS is resolving correctly (Let's Encrypt requires public DNS) + +```bash +# Check cert-manager logs +kubectl logs -n deployment/cert-manager + +# Verify issuer is ready +kubectl get clusterissuer letsencrypt-prod + +# Check certificate status +kubectl describe certificate argocd-tls-cert -n argocd + +# Verify DNS is resolving correctly (Let's Encrypt requires public DNS) +# (Use 'nslookup' or 'dig' to check your domain) +``` ### High Resource Usage @@ -307,14 +327,4 @@ argocd app sync guestbook - [Cert-Manager Setup Guide](./cert-manager-setup.md) - [Automated Argo CD Deployment](#) *(Coming soon)* ---- - -## Next Steps - -After successfully deploying Argo CD, you can: - -1. **Create Projects**: Organize applications into logical projects -2. **Configure Repositories**: Connect to your Git repositories -3. **Deploy Applications**: Use Argo CD to manage your Kubernetes applications -4. **Set Up Notifications**: Configure notifications for deployment events -5. **Implement GitOps**: Adopt GitOps practices for your infrastructure +--- \ No newline at end of file From ff071f549ac31b508b97240edad9ccb38626fe38 Mon Sep 17 00:00:00 2001 From: USHER-PB Date: Fri, 9 Jan 2026 18:11:40 +0100 Subject: [PATCH 11/11] Docs: arrange readme file making it more concise --- argocd/README.md | 28 ++++------------------------ 1 file changed, 4 insertions(+), 24 deletions(-) diff --git a/argocd/README.md b/argocd/README.md index d2417ec2..b4c8466a 100644 --- a/argocd/README.md +++ b/argocd/README.md @@ -8,37 +8,17 @@ We provide two ways to deploy Argo CD to your Kubernetes cluster: ### 1. Manual Deployment -Deploy Argo CD manually using Helm with customizable values files. This approach gives you full control over the configuration and is ideal for: - -- Learning how Argo CD works -- Custom configurations not covered by automation -- Environments where Terraform is not available +Deploy Argo CD manually using Helm with customizable values files. This approach gives you full control over the configurations. **[Manual Deployment Guide](../docs/manual-argocd-deployment.md)** -The manual deployment uses the production-ready values file located at [`argocd/manual/argocd-prod-values.yaml`](manual/argocd-prod-values.yaml), which includes: - -- High availability configuration with Redis HA -- Autoscaling for repo-server and API server -- HTTPS ingress with cert-manager integration -- OIDC authentication setup (Keycloak example) -- RBAC policies for multi-tenancy +The manual deployment uses the production-ready values file located at [`argocd/manual/argocd-prod-values.yaml`](manual/argocd-prod-values.yaml), ### 2. Automated Deployment (Terraform) -Deploy Argo CD automatically using Terraform for infrastructure-as-code management. This approach is ideal for: - -- Production environments -- Repeatable deployments across multiple clusters -- Integration with existing Terraform infrastructure -- Team collaboration with version-controlled infrastructure +Deploy Argo CD automatically using Terraform for infrastructure-as-code management **[Automated Deployment Guide](#)** *(Coming soon)* -The automated deployment is located in the [`argocd/terraform/`](terraform) directory and provides: - -- Declarative infrastructure-as-code -- Automated dependency management (cert-manager, ingress controller) -- Environment-specific configurations (dev, prod) -- Integration with GCP/GKE infrastructure +The automated deployment is located in the [`argocd/terraform/`](terraform)