From 5a28b287f0e03f435f52abec3480b2b042892161 Mon Sep 17 00:00:00 2001 From: Henry Kiem Date: Thu, 12 Dec 2024 15:43:09 -0800 Subject: [PATCH 1/8] feat(Helix Core): Adding plaintext variable to p4_configre.sh --- .../perforce/helix-core/p4_configure.sh | 86 +++++++++++-------- 1 file changed, 51 insertions(+), 35 deletions(-) diff --git a/assets/packer/perforce/helix-core/p4_configure.sh b/assets/packer/perforce/helix-core/p4_configure.sh index e307dedc..95c5a44e 100644 --- a/assets/packer/perforce/helix-core/p4_configure.sh +++ b/assets/packer/perforce/helix-core/p4_configure.sh @@ -126,10 +126,10 @@ prepare_site_tags() { set_unicode() { log_message "Setting unicode flag for p4d." log_message "sourcing p4_vars" - + # Capture the command output output=$(su - perforce -c "source /p4/common/bin/p4_vars && /p4/common/bin/p4d -xi" 2>&1) - + # Check if the output matches exactly what we expect if [ "$output" = "Server switched to Unicode mode." ]; then log_message "Successfully switched server to Unicode mode" @@ -164,11 +164,12 @@ print_help() { echo " --case_sensitive <0/1> Set the case sensitivity of the Helix Core server" echo " --unicode Set the Helix Core Server with -xi flag for Unicode" echo " --selinux Update labels for SELinux" + echo " --plaintext Remove the SSL prefix and do not create self signed certificate" echo " --help Display this help and exit" } # Parse command-line options -OPTS=$(getopt -o '' --long p4d_type:,username:,password:,auth:,fqdn:,hx_logs:,hx_metadata:,hx_depots:,case_sensitive:,unicode:,selinux:,help -n 'parse-options' -- "$@") +OPTS=$(getopt -o '' --long p4d_type:,username:,password:,auth:,fqdn:,hx_logs:,hx_metadata:,hx_depots:,case_sensitive:,unicode:,selinux:,plaintext:,help -n 'parse-options' -- "$@") if [ $? != 0 ]; then log_message "Failed to parse options" @@ -248,6 +249,16 @@ while true; do exit 1 fi ;; + --plaintext) + if [ "${2,,}" = "true" ] || [ "${2,,}" = "false" ]; then + PLAINTEXT="$2" + log_message "PLAINTEXT: $PLAINTEXT" + shift 2 + else + log_message "Error: --plaintext flag must be either 'true' or 'false'" + exit 1 + fi + ;; --help) print_help exit 0 @@ -407,10 +418,18 @@ sed -i "s/^P4MASTERHOST=.*/P4MASTERHOST=$EC2_DNS_PRIVATE/" "$SDP_Setup_Script_Co log_message "Updated P4MASTERHOST to $EC2_DNS_PRIVATE in $SDP_Setup_Script_Config." # Update Perforce case_sensitivity in configuration -sed -i "s/^CASE_SENSITIVE=.*/CASE_SENSITIVE=CASE_SENSITIVE/" "$SDP_Setup_Script_Config" +sed -i "s/^CASE_SENSITIVE=.*/CASE_SENSITIVE=$CASE_SENSITIVE/" "$SDP_Setup_Script_Config" log_message "Updated CASE_SENSITIVE in $SDP_Setup_Script_Config." +# Update SSL prefix in configuration if plaintext is true +if [ "${PLAINTEXT,,}" = "true" ]; then + sed -i "s/^SSL_PREFIX=.*/SSL_PREFIX=/" "$SDP_Setup_Script_Config" + log_message "SSL_PREFIX removed from $SDP_Setup_Script_Config. Server will be configured to use plaintext." +else + log_message "Skipping SSL_PREFIX removal from $SDP_Setup_Script_Config. Server will be configured to use SSL." +fi + log_message "Mounting done ok - continue to the install" # Execute mkdirs.sh from the package @@ -421,37 +440,32 @@ else log_message "Setup script (mkdirs.sh) not found or P4D Type: $P4D_TYPE not provided." fi -# update cert config with ec2 DNS name -FILE_PATH="/p4/ssl/config.txt" - -# Retrieve the EC2 instance DNS name -if [ -z $FQDN ]; then - log_message "FQDN was not provided. Retrieving from EC2 metadata." - EC2_DNS_NAME=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname --header "X-aws-ec2-metadata-token: $TOKEN") -else - log_message "FQDN was provided: $FQDN" - EC2_DNS_NAME=$FQDN -fi +I=1 -# Check if the DNS name was successfully retrieved -if [ -z "$EC2_DNS_NAME" ]; then - echo "Failed to retrieve EC2 instance DNS name." - exit 1 -fi +# Create self signed certificate if plaintext is false +if [ "${PLAINTEXT,,}" = "false" ]; then + log_message "Generating self signed certificate" + # update cert config with ec2 DNS name + FILE_PATH="/p4/ssl/config.txt" -# Replace REPL_DNSNAME with the EC2 instance DNS name for ssl certificate generation -sed -i "s/REPL_DNSNAME/$EC2_DNS_NAME/" "$FILE_PATH" + # Check if the DNS name was successfully retrieved + if [ -z "$EC2_DNS_NAME" ]; then + log_message "Failed to retrieve EC2 instance DNS name." + exit 1 + fi -echo "File updated successfully." + # Replace REPL_DNSNAME with the EC2 instance DNS name for ssl certificate generation + sed -i "s/REPL_DNSNAME/$EC2_DNS_NAME/" "$FILE_PATH" -I=1 -# generate certificate + echo "File updated successfully." -/p4/common/bin/p4master_run ${I} /p4/${I}/bin/p4d_${I} -Gc + # generate certificate + /p4/common/bin/p4master_run ${I} /p4/${I}/bin/p4d_${I} -Gc +else + log_message "Skipping self signed certificate generation due to --plaintext true" +fi # Configure systemd service to start p4d - - cd /etc/systemd/system sed -e "s:__INSTANCE__:$I:g" -e "s:__OSUSER__:perforce:g" $SDP/Server/Unix/p4/common/etc/systemd/system/p4d_N.service.t > p4d_${I}.service chmod 644 p4d_${I}.service @@ -470,19 +484,23 @@ systemctl start p4d_1 # Wait for the p4d service to start before continuing wait_for_service "p4d_1" -P4PORT=ssl:1666 +# Set P4PORT depending on plaintext variable +if [ "${PLAINTEXT,,}" = "true" ]; then + P4PORT=:1666 +else + P4PORT=ssl:1666 +fi + P4USER=$P4D_ADMIN_USERNAME #probably need to copy p4 binary to the /usr/bin or add to the path variable to avoid running with a full path adding: #permissions for lal users: - chmod +x /hxdepots/sdp/helix_binaries/p4 ln -s $SDP_Client_Binary /usr/bin/p4 -# now can test: -p4 -p ssl:$HOSTNAME:1666 trust -y - +# now can test depending on plaintext +p4 -p $P4PORT -u $P4USER info # Execute new server setup from the extracted package if [ -f "$SDP_New_Server_Script" ]; then @@ -492,8 +510,6 @@ else echo "Setup script (configure_new_server.sh) not found." fi - - # create a live checkpoint and restore offline db # switching to user perforce From cd01cb5b854501013e63e95a0a9af4213bb98896 Mon Sep 17 00:00:00 2001 From: Henry Kiem Date: Thu, 12 Dec 2024 15:44:30 -0800 Subject: [PATCH 2/8] feat(Helix Core): Plaintext support for Helix Core, optional EIP creation --- modules/perforce/helix-core/README.md | 53 +++++++++++++----------- modules/perforce/helix-core/main.tf | 8 ++-- modules/perforce/helix-core/outputs.tf | 24 ++++++----- modules/perforce/helix-core/variables.tf | 7 +++- 4 files changed, 53 insertions(+), 39 deletions(-) diff --git a/modules/perforce/helix-core/README.md b/modules/perforce/helix-core/README.md index fd40f79f..9369be33 100644 --- a/modules/perforce/helix-core/README.md +++ b/modules/perforce/helix-core/README.md @@ -6,16 +6,16 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | 5.69.0 | -| [awscc](#requirement\_awscc) | 1.16.1 | +| [aws](#requirement\_aws) | 5.78.0 | +| [awscc](#requirement\_awscc) | 1.22.0 | | [random](#requirement\_random) | 3.6.3 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.69.0 | -| [awscc](#provider\_awscc) | 1.16.1 | +| [aws](#provider\_aws) | 5.72.1 | +| [awscc](#provider\_awscc) | 1.20.0 | | [random](#provider\_random) | 3.6.3 | ## Modules @@ -26,26 +26,26 @@ No modules. | Name | Type | |------|------| -| [aws_ebs_volume.depot](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/ebs_volume) | resource | -| [aws_ebs_volume.logs](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/ebs_volume) | resource | -| [aws_ebs_volume.metadata](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/ebs_volume) | resource | -| [aws_eip.helix_core_eip](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/eip) | resource | -| [aws_iam_instance_profile.helix_core_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/iam_instance_profile) | resource | -| [aws_iam_policy.helix_core_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/iam_policy) | resource | -| [aws_iam_role.helix_core_default_role](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/iam_role) | resource | -| [aws_instance.helix_core_instance](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/instance) | resource | -| [aws_security_group.helix_core_security_group](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/security_group) | resource | -| [aws_volume_attachment.depot_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/volume_attachment) | resource | -| [aws_volume_attachment.logs_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/volume_attachment) | resource | -| [aws_volume_attachment.metadata_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/volume_attachment) | resource | -| [aws_vpc_security_group_egress_rule.helix_core_internet](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/vpc_security_group_egress_rule) | resource | -| [awscc_secretsmanager_secret.helix_core_super_user_password](https://registry.terraform.io/providers/hashicorp/awscc/1.16.1/docs/resources/secretsmanager_secret) | resource | -| [awscc_secretsmanager_secret.helix_core_super_user_username](https://registry.terraform.io/providers/hashicorp/awscc/1.16.1/docs/resources/secretsmanager_secret) | resource | +| [aws_ebs_volume.depot](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ebs_volume) | resource | +| [aws_ebs_volume.logs](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ebs_volume) | resource | +| [aws_ebs_volume.metadata](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ebs_volume) | resource | +| [aws_eip.helix_core_eip](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/eip) | resource | +| [aws_iam_instance_profile.helix_core_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_instance_profile) | resource | +| [aws_iam_policy.helix_core_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_policy) | resource | +| [aws_iam_role.helix_core_default_role](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_role) | resource | +| [aws_instance.helix_core_instance](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/instance) | resource | +| [aws_security_group.helix_core_security_group](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/security_group) | resource | +| [aws_volume_attachment.depot_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/volume_attachment) | resource | +| [aws_volume_attachment.logs_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/volume_attachment) | resource | +| [aws_volume_attachment.metadata_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/volume_attachment) | resource | +| [aws_vpc_security_group_egress_rule.helix_core_internet](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_egress_rule) | resource | +| [awscc_secretsmanager_secret.helix_core_super_user_password](https://registry.terraform.io/providers/hashicorp/awscc/1.22.0/docs/resources/secretsmanager_secret) | resource | +| [awscc_secretsmanager_secret.helix_core_super_user_username](https://registry.terraform.io/providers/hashicorp/awscc/1.22.0/docs/resources/secretsmanager_secret) | resource | | [random_string.helix_core](https://registry.terraform.io/providers/hashicorp/random/3.6.3/docs/resources/string) | resource | -| [aws_ami.helix_core_ami](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/ami) | data source | -| [aws_iam_policy_document.ec2_trust_relationship](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.helix_core_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/iam_policy_document) | data source | -| [aws_subnet.instance_subnet](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/subnet) | data source | +| [aws_ami.helix_core_ami](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/ami) | data source | +| [aws_iam_policy_document.ec2_trust_relationship](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.helix_core_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source | +| [aws_subnet.instance_subnet](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/subnet) | data source | ## Inputs @@ -69,10 +69,13 @@ No modules. | [logs\_volume\_size](#input\_logs\_volume\_size) | The size of the logs volume in GiB. Defaults to 32 GiB. | `number` | `32` | no | | [metadata\_volume\_size](#input\_metadata\_volume\_size) | The size of the metadata volume in GiB. Defaults to 32 GiB. | `number` | `32` | no | | [name](#input\_name) | The name attached to swarm module resources. | `string` | `"helix-core"` | no | +| [plaintext](#input\_plaintext) | Whether to enable plaintext authentication for Helix Core. This is not recommended for production environments unless you are using a load balancer for TLS termination. | `bool` | `false` | no | | [project\_prefix](#input\_project\_prefix) | The project prefix for this workload. This is appeneded to the beginning of most resource names. | `string` | `"cgd"` | no | +| [selinux](#input\_selinux) | Whether to apply SELinux label updates for Helix Core. Don't enable this if SELinux is disabled on your target operating system. | `bool` | `false` | no | | [server\_type](#input\_server\_type) | The Perforce Helix Core server type. | `string` | n/a | yes | | [storage\_type](#input\_storage\_type) | The type of backing store [EBS, FSxZ] | `string` | n/a | yes | -| [tags](#input\_tags) | Tags to apply to resources. | `map(any)` | 
{
  "iac-management": "CGD-Toolkit",
  "iac-module": "helix-core",
  "iac-provider": "Terraform"
}
| no | +| [tags](#input\_tags) | Tags to apply to resources. | `map(any)` | 
{
  "iac-management": "CGD-Toolkit",
  "iac-module": "helix-core",
  "iac-provider": "Terraform"
}
| no | +| [unicode](#input\_unicode) | Whether to enable Unicode configuration for Helix Core the -xi flag for p4d. Set to true to enable Unicode support. | `bool` | `false` | no | | [vpc\_id](#input\_vpc\_id) | The VPC where Helix Core should be deployed | `string` | n/a | yes | ## Outputs @@ -80,9 +83,9 @@ No modules. | Name | Description | |------|-------------| | [helix\_core\_eip\_id](#output\_helix\_core\_eip\_id) | The ID of the Elastic IP associated with your Helix Core instance. | -| [helix\_core\_eip\_private\_ip](#output\_helix\_core\_eip\_private\_ip) | The private IP of your Helix Core instance. | | [helix\_core\_eip\_public\_ip](#output\_helix\_core\_eip\_public\_ip) | The public IP of your Helix Core instance. | | [helix\_core\_instance\_id](#output\_helix\_core\_instance\_id) | Instance ID for the Helix Core instance | +| [helix\_core\_private\_ip](#output\_helix\_core\_private\_ip) | Private IP for the Helix Core instance | | [helix\_core\_super\_user\_password\_secret\_arn](#output\_helix\_core\_super\_user\_password\_secret\_arn) | The ARN of the AWS Secrets Manager secret holding your Helix Core super user's password. | | [helix\_core\_super\_user\_username\_secret\_arn](#output\_helix\_core\_super\_user\_username\_secret\_arn) | The ARN of the AWS Secrets Manager secret holding your Helix Core super user's username. | | [security\_group\_id](#output\_security\_group\_id) | The default security group of your Helix Core instance. | diff --git a/modules/perforce/helix-core/main.tf b/modules/perforce/helix-core/main.tf index 1f37aa73..8046a625 100644 --- a/modules/perforce/helix-core/main.tf +++ b/modules/perforce/helix-core/main.tf @@ -43,11 +43,13 @@ resource "aws_instance" "helix_core_instance" { ${var.helix_authentication_service_url == null ? "" : "--auth ${var.helix_authentication_service_url}"} \ --case_sensitive ${var.helix_case_sensitive ? 1 : 0} \ --unicode ${var.unicode ? "true" : "false"} \ - --selinux ${var.selinux ? "true" : "false"} + --selinux ${var.selinux ? "true" : "false"} \ + --plaintext ${var.plaintext ? "true" : "false"} EOT - - vpc_security_group_ids = var.create_default_sg ? concat(var.existing_security_groups, [aws_security_group.helix_core_security_group[0].id]) : var.existing_security_groups + vpc_security_group_ids = (var.create_default_sg ? + concat(var.existing_security_groups, [aws_security_group.helix_core_security_group[0].id]) : + var.existing_security_groups) metadata_options { http_endpoint = "enabled" diff --git a/modules/perforce/helix-core/outputs.tf b/modules/perforce/helix-core/outputs.tf index d86bdf0f..f7311d9a 100644 --- a/modules/perforce/helix-core/outputs.tf +++ b/modules/perforce/helix-core/outputs.tf @@ -1,15 +1,10 @@ -output "helix_core_eip_private_ip" { - value = aws_eip.helix_core_eip[0].private_ip - description = "The private IP of your Helix Core instance." -} - output "helix_core_eip_public_ip" { - value = aws_eip.helix_core_eip[0].public_ip + value = var.internal ? null : aws_eip.helix_core_eip[0].public_ip description = "The public IP of your Helix Core instance." } output "helix_core_eip_id" { - value = aws_eip.helix_core_eip[0].id + value = var.internal ? null : aws_eip.helix_core_eip[0].id description = "The ID of the Elastic IP associated with your Helix Core instance." } @@ -19,16 +14,25 @@ output "security_group_id" { } output "helix_core_super_user_username_secret_arn" { - value = var.helix_core_super_user_username_secret_arn == null ? awscc_secretsmanager_secret.helix_core_super_user_username[0].secret_id : var.helix_core_super_user_username_secret_arn + value = (var.helix_core_super_user_username_secret_arn == null ? + awscc_secretsmanager_secret.helix_core_super_user_username[0].secret_id : + var.helix_core_super_user_username_secret_arn) description = "The ARN of the AWS Secrets Manager secret holding your Helix Core super user's username." } output "helix_core_super_user_password_secret_arn" { - value = var.helix_core_super_user_password_secret_arn == null ? awscc_secretsmanager_secret.helix_core_super_user_password[0].secret_id : var.helix_core_super_user_password_secret_arn + value = (var.helix_core_super_user_password_secret_arn == null ? + awscc_secretsmanager_secret.helix_core_super_user_password[0].secret_id : + var.helix_core_super_user_password_secret_arn) description = "The ARN of the AWS Secrets Manager secret holding your Helix Core super user's password." } output "helix_core_instance_id" { value = aws_instance.helix_core_instance.id description = "Instance ID for the Helix Core instance" -} \ No newline at end of file +} + +output "helix_core_private_ip" { + value = aws_instance.helix_core_instance.private_ip + description = "Private IP for the Helix Core instance" +} diff --git a/modules/perforce/helix-core/variables.tf b/modules/perforce/helix-core/variables.tf index c430b7e6..a15b855c 100644 --- a/modules/perforce/helix-core/variables.tf +++ b/modules/perforce/helix-core/variables.tf @@ -157,7 +157,6 @@ variable "create_helix_core_default_role" { } - ######################################## # Super User Credentials ######################################## @@ -187,3 +186,9 @@ variable "helix_case_sensitive" { description = "Whether or not the server should be case insensitive (Server will run '-C1' mode), or if the server will run with case sensitivity default of the underlying platform. False enables '-C1' mode" default = true } + +variable "plaintext" { + type = bool + description = "Whether to enable plaintext authentication for Helix Core. This is not recommended for production environments unless you are using a load balancer for TLS termination." + default = false +} From 3939d9b30259d6a81153126fbcda9432e16dd725 Mon Sep 17 00:00:00 2001 From: Henry Kiem Date: Thu, 12 Dec 2024 15:45:19 -0800 Subject: [PATCH 3/8] feat(Helix Swarm): Shifting ALB creation to support external networking configuration --- modules/perforce/helix-swarm/README.md | 75 ++++++++++++----------- modules/perforce/helix-swarm/alb.tf | 45 ++++++++++---- modules/perforce/helix-swarm/outputs.tf | 6 +- modules/perforce/helix-swarm/sg.tf | 8 ++- modules/perforce/helix-swarm/variables.tf | 16 +++++ 5 files changed, 95 insertions(+), 55 deletions(-) diff --git a/modules/perforce/helix-swarm/README.md b/modules/perforce/helix-swarm/README.md index 51974739..ae3c1510 100644 --- a/modules/perforce/helix-swarm/README.md +++ b/modules/perforce/helix-swarm/README.md @@ -6,7 +6,7 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | 5.72.1 | +| [aws](#requirement\_aws) | 5.78.0 | | [random](#requirement\_random) | 3.6.3 | ## Providers @@ -24,49 +24,50 @@ No modules. | Name | Type | |------|------| -| [aws_cloudwatch_log_group.helix_swarm_redis_service_log_group](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/cloudwatch_log_group) | resource | -| [aws_cloudwatch_log_group.helix_swarm_service_log_group](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/cloudwatch_log_group) | resource | -| [aws_ecs_cluster.helix_swarm_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/ecs_cluster) | resource | -| [aws_ecs_cluster_capacity_providers.helix_swarm_cluster_fargate_providers](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/ecs_cluster_capacity_providers) | resource | -| [aws_ecs_service.helix_swarm_service](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/ecs_service) | resource | -| [aws_ecs_task_definition.helix_swarm_task_definition](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/ecs_task_definition) | resource | -| [aws_elasticache_cluster.swarm](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/elasticache_cluster) | resource | -| [aws_elasticache_subnet_group.swarm](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/elasticache_subnet_group) | resource | -| [aws_iam_policy.helix_swarm_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/iam_policy) | resource | -| [aws_iam_policy.helix_swarm_ssm_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/iam_policy) | resource | -| [aws_iam_role.helix_swarm_default_role](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/iam_role) | resource | -| [aws_iam_role.helix_swarm_task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/iam_role) | resource | -| [aws_lb.helix_swarm_alb](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/lb) | resource | -| [aws_lb_listener.swarm_alb_https_listener](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/lb_listener) | resource | -| [aws_lb_target_group.helix_swarm_alb_target_group](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/lb_target_group) | resource | -| [aws_s3_bucket.helix_swarm_alb_access_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/s3_bucket) | resource | -| [aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/s3_bucket_lifecycle_configuration) | resource | -| [aws_s3_bucket_policy.alb_access_logs_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/s3_bucket_policy) | resource | -| [aws_s3_bucket_public_access_block.access_logs_bucket_public_block](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/s3_bucket_public_access_block) | resource | -| [aws_security_group.helix_swarm_alb_sg](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/security_group) | resource | -| [aws_security_group.helix_swarm_elasticache_sg](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/security_group) | resource | -| [aws_security_group.helix_swarm_service_sg](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/security_group) | resource | -| [aws_vpc_security_group_egress_rule.helix_swarm_alb_outbound_service](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_egress_rule) | resource | -| [aws_vpc_security_group_egress_rule.helix_swarm_service_outbound_ipv4](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_egress_rule) | resource | -| [aws_vpc_security_group_egress_rule.helix_swarm_service_outbound_ipv6](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_egress_rule) | resource | -| [aws_vpc_security_group_ingress_rule.helix_swarm_elasticache_ingress](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_ingress_rule) | resource | -| [aws_vpc_security_group_ingress_rule.helix_swarm_service_inbound_alb](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_ingress_rule) | resource | +| [aws_cloudwatch_log_group.helix_swarm_redis_service_log_group](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/cloudwatch_log_group) | resource | +| [aws_cloudwatch_log_group.helix_swarm_service_log_group](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/cloudwatch_log_group) | resource | +| [aws_ecs_cluster.helix_swarm_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ecs_cluster) | resource | +| [aws_ecs_cluster_capacity_providers.helix_swarm_cluster_fargate_providers](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ecs_cluster_capacity_providers) | resource | +| [aws_ecs_service.helix_swarm_service](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ecs_service) | resource | +| [aws_ecs_task_definition.helix_swarm_task_definition](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ecs_task_definition) | resource | +| [aws_elasticache_cluster.swarm](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/elasticache_cluster) | resource | +| [aws_elasticache_subnet_group.swarm](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/elasticache_subnet_group) | resource | +| [aws_iam_policy.helix_swarm_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_policy) | resource | +| [aws_iam_policy.helix_swarm_ssm_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_policy) | resource | +| [aws_iam_role.helix_swarm_default_role](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_role) | resource | +| [aws_iam_role.helix_swarm_task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_role) | resource | +| [aws_lb.helix_swarm_alb](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/lb) | resource | +| [aws_lb_listener.swarm_alb_https_listener](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/lb_listener) | resource | +| [aws_lb_target_group.helix_swarm_alb_target_group](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/lb_target_group) | resource | +| [aws_s3_bucket.helix_swarm_alb_access_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/s3_bucket) | resource | +| [aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/s3_bucket_lifecycle_configuration) | resource | +| [aws_s3_bucket_policy.alb_access_logs_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/s3_bucket_policy) | resource | +| [aws_s3_bucket_public_access_block.access_logs_bucket_public_block](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/s3_bucket_public_access_block) | resource | +| [aws_security_group.helix_swarm_alb_sg](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/security_group) | resource | +| [aws_security_group.helix_swarm_elasticache_sg](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/security_group) | resource | +| [aws_security_group.helix_swarm_service_sg](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/security_group) | resource | +| [aws_vpc_security_group_egress_rule.helix_swarm_alb_outbound_service](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_egress_rule) | resource | +| [aws_vpc_security_group_egress_rule.helix_swarm_service_outbound_ipv4](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_egress_rule) | resource | +| [aws_vpc_security_group_egress_rule.helix_swarm_service_outbound_ipv6](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_egress_rule) | resource | +| [aws_vpc_security_group_ingress_rule.helix_swarm_elasticache_ingress](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_ingress_rule) | resource | +| [aws_vpc_security_group_ingress_rule.helix_swarm_service_inbound_alb](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_ingress_rule) | resource | | [random_string.helix_swarm](https://registry.terraform.io/providers/hashicorp/random/3.6.3/docs/resources/string) | resource | | [random_string.helix_swarm_alb_access_logs_bucket_suffix](https://registry.terraform.io/providers/hashicorp/random/3.6.3/docs/resources/string) | resource | -| [aws_ecs_cluster.helix_swarm_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/ecs_cluster) | data source | -| [aws_elb_service_account.main](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/elb_service_account) | data source | -| [aws_iam_policy_document.access_logs_bucket_alb_write](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.ecs_tasks_trust_relationship](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.helix_swarm_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.helix_swarm_ssm_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/iam_policy_document) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/region) | data source | +| [aws_ecs_cluster.helix_swarm_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/ecs_cluster) | data source | +| [aws_elb_service_account.main](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/elb_service_account) | data source | +| [aws_iam_policy_document.access_logs_bucket_alb_write](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.ecs_tasks_trust_relationship](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.helix_swarm_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.helix_swarm_ssm_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/region) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [certificate\_arn](#input\_certificate\_arn) | The TLS certificate ARN for the Helix Swarm service load balancer. | `string` | n/a | yes | +| [certificate\_arn](#input\_certificate\_arn) | The TLS certificate ARN for the Helix Swarm service load balancer. | `string` | `null` | no | | [cluster\_name](#input\_cluster\_name) | The name of the cluster to deploy the Helix Swarm service into. Defaults to null and a cluster will be created. | `string` | `null` | no | +| [create\_application\_load\_balancer](#input\_create\_application\_load\_balancer) | This flag controls the creation of an application load balancer as part of the module. | `bool` | `true` | no | | [create\_helix\_swarm\_default\_policy](#input\_create\_helix\_swarm\_default\_policy) | Optional creation of Helix Swarm default IAM Policy. Default is set to true. | `bool` | `true` | no | | [create\_helix\_swarm\_default\_role](#input\_create\_helix\_swarm\_default\_role) | Optional creation of Helix Swarm Default IAM Role. Default is set to true. | `bool` | `true` | no | | [custom\_helix\_swarm\_role](#input\_custom\_helix\_swarm\_role) | ARN of the custom IAM Role you wish to use with Helix Swarm. | `string` | `null` | no | @@ -82,7 +83,7 @@ No modules. | [fully\_qualified\_domain\_name](#input\_fully\_qualified\_domain\_name) | The fully qualified domain name that Swarm should use for internal URLs. | `string` | `null` | no | | [helix\_swarm\_alb\_access\_logs\_bucket](#input\_helix\_swarm\_alb\_access\_logs\_bucket) | ID of the S3 bucket for Helix Swarm ALB access log storage. If access logging is enabled and this is null the module creates a bucket. | `string` | `null` | no | | [helix\_swarm\_alb\_access\_logs\_prefix](#input\_helix\_swarm\_alb\_access\_logs\_prefix) | Log prefix for Helix Swarm ALB access logs. If null the project prefix and module name are used. | `string` | `null` | no | -| [helix\_swarm\_alb\_subnets](#input\_helix\_swarm\_alb\_subnets) | A list of subnets to deploy the Helix Swarm load balancer into. Public subnets are recommended. | `list(string)` | n/a | yes | +| [helix\_swarm\_alb\_subnets](#input\_helix\_swarm\_alb\_subnets) | A list of subnets to deploy the Helix Swarm load balancer into. Public subnets are recommended. | `list(string)` | `[]` | no | | [helix\_swarm\_cloudwatch\_log\_retention\_in\_days](#input\_helix\_swarm\_cloudwatch\_log\_retention\_in\_days) | The log retention in days of the cloudwatch log group for Helix Swarm. | `string` | `365` | no | | [helix\_swarm\_container\_cpu](#input\_helix\_swarm\_container\_cpu) | The CPU allotment for the swarm container. | `number` | `1024` | no | | [helix\_swarm\_container\_memory](#input\_helix\_swarm\_container\_memory) | The memory allotment for the swarm container. | `number` | `2048` | no | diff --git a/modules/perforce/helix-swarm/alb.tf b/modules/perforce/helix-swarm/alb.tf index 3c32771e..7fb825ad 100644 --- a/modules/perforce/helix-swarm/alb.tf +++ b/modules/perforce/helix-swarm/alb.tf @@ -2,18 +2,21 @@ # Load Balancer ################################################################################ resource "aws_lb" "helix_swarm_alb" { + count = var.create_application_load_balancer ? 1 : 0 name = "${local.name_prefix}-alb" internal = var.internal load_balancer_type = "application" subnets = var.helix_swarm_alb_subnets - security_groups = concat(var.existing_security_groups, [aws_security_group.helix_swarm_alb_sg.id]) + security_groups = concat(var.existing_security_groups, [aws_security_group.helix_swarm_alb_sg[0].id]) dynamic "access_logs" { - for_each = var.enable_helix_swarm_alb_access_logs ? [1] : [] + for_each = (var.create_application_load_balancer && var.enable_helix_swarm_alb_access_logs ? [1] : []) content { enabled = var.enable_helix_swarm_alb_access_logs - bucket = var.helix_swarm_alb_access_logs_bucket != null ? var.helix_swarm_alb_access_logs_bucket : aws_s3_bucket.helix_swarm_alb_access_logs_bucket[0].id - prefix = var.helix_swarm_alb_access_logs_prefix != null ? var.helix_swarm_alb_access_logs_prefix : "${local.name_prefix}-alb" + bucket = (var.helix_swarm_alb_access_logs_bucket != null ? var.helix_swarm_alb_access_logs_bucket : + aws_s3_bucket.helix_swarm_alb_access_logs_bucket[0].id) + prefix = (var.helix_swarm_alb_access_logs_prefix != null ? var.helix_swarm_alb_access_logs_prefix : + "${local.name_prefix}-alb") } } @@ -27,14 +30,18 @@ resource "aws_lb" "helix_swarm_alb" { } resource "random_string" "helix_swarm_alb_access_logs_bucket_suffix" { - count = var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null ? 1 : 0 + count = ( + var.create_application_load_balancer && var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null + ? 1 : 0) length = 8 special = false upper = false } resource "aws_s3_bucket" "helix_swarm_alb_access_logs_bucket" { - count = var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null ? 1 : 0 + count = ( + var.create_application_load_balancer && var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null + ? 1 : 0) bucket = "${local.name_prefix}-alb-access-logs-${random_string.helix_swarm_alb_access_logs_bucket_suffix[0].result}" #checkov:skip=CKV_AWS_21: Versioning not necessary for access logs @@ -51,7 +58,9 @@ resource "aws_s3_bucket" "helix_swarm_alb_access_logs_bucket" { data "aws_elb_service_account" "main" {} data "aws_iam_policy_document" "access_logs_bucket_alb_write" { - count = var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null ? 1 : 0 + count = ( + var.create_application_load_balancer && var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null + ? 1 : 0) statement { effect = "Allow" actions = ["s3:PutObject"] @@ -59,20 +68,26 @@ data "aws_iam_policy_document" "access_logs_bucket_alb_write" { type = "AWS" identifiers = [data.aws_elb_service_account.main.arn] } - resources = ["${var.helix_swarm_alb_access_logs_bucket != null ? var.helix_swarm_alb_access_logs_bucket : aws_s3_bucket.helix_swarm_alb_access_logs_bucket[0].arn}/${var.helix_swarm_alb_access_logs_prefix != null ? var.helix_swarm_alb_access_logs_prefix : "${local.name_prefix}-alb"}/*" + resources = [ + "${var.helix_swarm_alb_access_logs_bucket != null ? var.helix_swarm_alb_access_logs_bucket : aws_s3_bucket.helix_swarm_alb_access_logs_bucket[0].arn}/${var.helix_swarm_alb_access_logs_prefix != null ? var.helix_swarm_alb_access_logs_prefix : "${local.name_prefix}-alb"}/*" ] } } resource "aws_s3_bucket_policy" "alb_access_logs_bucket_policy" { - count = var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null ? 1 : 0 - bucket = var.helix_swarm_alb_access_logs_bucket == null ? aws_s3_bucket.helix_swarm_alb_access_logs_bucket[0].id : var.helix_swarm_alb_access_logs_bucket + count = ( + var.create_application_load_balancer && var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null + ? 1 : 0) + bucket = (var.helix_swarm_alb_access_logs_bucket == null ? aws_s3_bucket.helix_swarm_alb_access_logs_bucket[0].id : + var.helix_swarm_alb_access_logs_bucket) policy = data.aws_iam_policy_document.access_logs_bucket_alb_write[0].json } resource "aws_s3_bucket_lifecycle_configuration" "access_logs_bucket_lifecycle_configuration" { - count = var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null ? 1 : 0 + count = ( + var.create_application_load_balancer && var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null + ? 1 : 0) bucket = aws_s3_bucket.helix_swarm_alb_access_logs_bucket[0].id rule { id = "access-logs-lifecycle" @@ -91,7 +106,10 @@ resource "aws_s3_bucket_lifecycle_configuration" "access_logs_bucket_lifecycle_c } resource "aws_s3_bucket_public_access_block" "access_logs_bucket_public_block" { - count = var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null ? 1 : 0 + count = ( + var.create_application_load_balancer && var.enable_helix_swarm_alb_access_logs && var.helix_swarm_alb_access_logs_bucket == null + ? 1 + : 0) bucket = aws_s3_bucket.helix_swarm_alb_access_logs_bucket[0].id block_public_acls = true block_public_policy = true @@ -123,7 +141,8 @@ resource "aws_lb_target_group" "helix_swarm_alb_target_group" { # HTTPS listener for swarm ALB resource "aws_lb_listener" "swarm_alb_https_listener" { - load_balancer_arn = aws_lb.helix_swarm_alb.arn + count = var.create_application_load_balancer ? 1 : 0 + load_balancer_arn = aws_lb.helix_swarm_alb[0].arn port = "443" protocol = "HTTPS" ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" diff --git a/modules/perforce/helix-swarm/outputs.tf b/modules/perforce/helix-swarm/outputs.tf index f629048b..16e43a96 100644 --- a/modules/perforce/helix-swarm/outputs.tf +++ b/modules/perforce/helix-swarm/outputs.tf @@ -5,7 +5,7 @@ output "service_security_group_id" { output "alb_security_group_id" { description = "Security group associated with the swarm load balancer" - value = aws_security_group.helix_swarm_alb_sg.id + value = var.create_application_load_balancer ? aws_security_group.helix_swarm_alb_sg[0].id : null } output "cluster_name" { @@ -15,12 +15,12 @@ output "cluster_name" { output "alb_dns_name" { description = "The DNS name of the Swarm ALB" - value = aws_lb.helix_swarm_alb.dns_name + value = var.create_application_load_balancer ? aws_lb.helix_swarm_alb[0].dns_name : null } output "alb_zone_id" { description = "The hosted zone ID of the Swarm ALB" - value = aws_lb.helix_swarm_alb.zone_id + value = var.create_application_load_balancer ? aws_lb.helix_swarm_alb[0].zone_id : null } output "target_group_arn" { diff --git a/modules/perforce/helix-swarm/sg.tf b/modules/perforce/helix-swarm/sg.tf index 09bdff2f..8babb704 100644 --- a/modules/perforce/helix-swarm/sg.tf +++ b/modules/perforce/helix-swarm/sg.tf @@ -28,10 +28,11 @@ resource "aws_vpc_security_group_egress_rule" "helix_swarm_service_outbound_ipv6 # Inbound access to Containers from ALB resource "aws_vpc_security_group_ingress_rule" "helix_swarm_service_inbound_alb" { + count = var.create_application_load_balancer ? 1 : 0 #checkov:skip=CKV_AWS_260: "This restricts inbound access on port 80 to the ALB." security_group_id = aws_security_group.helix_swarm_service_sg.id description = "Allow inbound traffic from Helix Swarm ALB to Helix Swarm service" - referenced_security_group_id = aws_security_group.helix_swarm_alb_sg.id + referenced_security_group_id = aws_security_group.helix_swarm_alb_sg[0].id from_port = var.helix_swarm_container_port to_port = var.helix_swarm_container_port ip_protocol = "tcp" @@ -43,6 +44,8 @@ resource "aws_vpc_security_group_ingress_rule" "helix_swarm_service_inbound_alb" # swarm Load Balancer Security Group (attached to ALB) resource "aws_security_group" "helix_swarm_alb_sg" { + #checkov:skip=CKV2_AWS_5:Security group is attached to Application Load Balancer + count = var.create_application_load_balancer ? 1 : 0 name = "${local.name_prefix}-ALB" vpc_id = var.vpc_id description = "Helix Swarm ALB Security Group" @@ -51,7 +54,8 @@ resource "aws_security_group" "helix_swarm_alb_sg" { # Outbound access from ALB to Containers resource "aws_vpc_security_group_egress_rule" "helix_swarm_alb_outbound_service" { - security_group_id = aws_security_group.helix_swarm_alb_sg.id + count = var.create_application_load_balancer ? 1 : 0 + security_group_id = aws_security_group.helix_swarm_alb_sg[0].id description = "Allow outbound traffic from Helix Swarm ALB to Helix Swarm service" referenced_security_group_id = aws_security_group.helix_swarm_service_sg.id from_port = var.helix_swarm_container_port diff --git a/modules/perforce/helix-swarm/variables.tf b/modules/perforce/helix-swarm/variables.tf index b054dc33..130d8a60 100644 --- a/modules/perforce/helix-swarm/variables.tf +++ b/modules/perforce/helix-swarm/variables.tf @@ -106,9 +106,20 @@ variable "cluster_name" { } # - Load Balancer - +variable "create_application_load_balancer" { + type = bool + default = true + description = "This flag controls the creation of an application load balancer as part of the module." +} + variable "helix_swarm_alb_subnets" { type = list(string) description = "A list of subnets to deploy the Helix Swarm load balancer into. Public subnets are recommended." + default = [] + validation { + condition = length(var.helix_swarm_alb_subnets) > 0 == var.create_application_load_balancer + error_message = "Subnets are only necessary if the create_application_load_balancer variable is set." + } } variable "enable_helix_swarm_alb_access_logs" { @@ -155,6 +166,11 @@ variable "internal" { variable "certificate_arn" { type = string description = "The TLS certificate ARN for the Helix Swarm service load balancer." + default = null + validation { + condition = var.create_application_load_balancer == (var.certificate_arn != null) + error_message = "The certificate_arn variable must be set if and only if the create_application_load_balancer variable is set." + } } # - Logging - From 5484999bd5068309d4c047f8ce3aa519f47c7c99 Mon Sep 17 00:00:00 2001 From: Henry Kiem Date: Thu, 12 Dec 2024 15:45:58 -0800 Subject: [PATCH 4/8] feat(Helix Authentication Service): Shifting ALB creation to support external networking configuration --- .../helix-authentication-service/README.md | 71 ++++++++++--------- .../helix-authentication-service/alb.tf | 45 ++++++++---- .../helix-authentication-service/outputs.tf | 4 +- .../helix-authentication-service/variables.tf | 17 +++++ 4 files changed, 88 insertions(+), 49 deletions(-) diff --git a/modules/perforce/helix-authentication-service/README.md b/modules/perforce/helix-authentication-service/README.md index f1ed3d97..8427f888 100644 --- a/modules/perforce/helix-authentication-service/README.md +++ b/modules/perforce/helix-authentication-service/README.md @@ -6,8 +6,8 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | 5.72.1 | -| [awscc](#requirement\_awscc) | 1.20.0 | +| [aws](#requirement\_aws) | 5.78.0 | +| [awscc](#requirement\_awscc) | 1.22.0 | | [random](#requirement\_random) | 3.6.3 | ## Providers @@ -26,50 +26,51 @@ No modules. | Name | Type | |------|------| -| [aws_cloudwatch_log_group.helix_authentication_service_log_group](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/cloudwatch_log_group) | resource | -| [aws_ecs_cluster.helix_authentication_service_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/ecs_cluster) | resource | -| [aws_ecs_cluster_capacity_providers.helix_authentication_service_cluster_fargate_providers](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/ecs_cluster_capacity_providers) | resource | -| [aws_ecs_service.helix_authentication_service](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/ecs_service) | resource | -| [aws_ecs_task_definition.helix_authentication_service_task_definition](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/ecs_task_definition) | resource | -| [aws_iam_policy.helix_authentication_service_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/iam_policy) | resource | -| [aws_iam_policy.helix_authentication_service_secrets_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/iam_policy) | resource | -| [aws_iam_role.helix_authentication_service_default_role](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/iam_role) | resource | -| [aws_iam_role.helix_authentication_service_task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/iam_role) | resource | -| [aws_lb.helix_authentication_service_alb](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/lb) | resource | -| [aws_lb_listener.helix_authentication_service_alb_https_listener](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/lb_listener) | resource | -| [aws_lb_target_group.helix_authentication_service_alb_target_group](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/lb_target_group) | resource | -| [aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/s3_bucket) | resource | -| [aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/s3_bucket_lifecycle_configuration) | resource | -| [aws_s3_bucket_policy.alb_access_logs_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/s3_bucket_policy) | resource | -| [aws_s3_bucket_public_access_block.access_logs_bucket_public_block](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/s3_bucket_public_access_block) | resource | -| [aws_security_group.helix_authentication_service_alb_sg](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/security_group) | resource | -| [aws_security_group.helix_authentication_service_sg](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/security_group) | resource | -| [aws_vpc_security_group_egress_rule.helix_authentication_service_alb_outbound_service](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_egress_rule) | resource | -| [aws_vpc_security_group_egress_rule.helix_authentication_service_outbound_ipv4](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_egress_rule) | resource | -| [aws_vpc_security_group_egress_rule.helix_authentication_service_outbound_ipv6](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_egress_rule) | resource | -| [aws_vpc_security_group_ingress_rule.helix_authentication_service_inbound_alb](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/resources/vpc_security_group_ingress_rule) | resource | -| [awscc_secretsmanager_secret.helix_authentication_service_admin_password](https://registry.terraform.io/providers/hashicorp/awscc/1.20.0/docs/resources/secretsmanager_secret) | resource | -| [awscc_secretsmanager_secret.helix_authentication_service_admin_username](https://registry.terraform.io/providers/hashicorp/awscc/1.20.0/docs/resources/secretsmanager_secret) | resource | +| [aws_cloudwatch_log_group.helix_authentication_service_log_group](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/cloudwatch_log_group) | resource | +| [aws_ecs_cluster.helix_authentication_service_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ecs_cluster) | resource | +| [aws_ecs_cluster_capacity_providers.helix_authentication_service_cluster_fargate_providers](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ecs_cluster_capacity_providers) | resource | +| [aws_ecs_service.helix_authentication_service](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ecs_service) | resource | +| [aws_ecs_task_definition.helix_authentication_service_task_definition](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/ecs_task_definition) | resource | +| [aws_iam_policy.helix_authentication_service_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_policy) | resource | +| [aws_iam_policy.helix_authentication_service_secrets_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_policy) | resource | +| [aws_iam_role.helix_authentication_service_default_role](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_role) | resource | +| [aws_iam_role.helix_authentication_service_task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/iam_role) | resource | +| [aws_lb.helix_authentication_service_alb](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/lb) | resource | +| [aws_lb_listener.helix_authentication_service_alb_https_listener](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/lb_listener) | resource | +| [aws_lb_target_group.helix_authentication_service_alb_target_group](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/lb_target_group) | resource | +| [aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/s3_bucket) | resource | +| [aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/s3_bucket_lifecycle_configuration) | resource | +| [aws_s3_bucket_policy.alb_access_logs_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/s3_bucket_policy) | resource | +| [aws_s3_bucket_public_access_block.access_logs_bucket_public_block](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/s3_bucket_public_access_block) | resource | +| [aws_security_group.helix_authentication_service_alb_sg](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/security_group) | resource | +| [aws_security_group.helix_authentication_service_sg](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/security_group) | resource | +| [aws_vpc_security_group_egress_rule.helix_authentication_service_alb_outbound_service](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_egress_rule) | resource | +| [aws_vpc_security_group_egress_rule.helix_authentication_service_outbound_ipv4](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_egress_rule) | resource | +| [aws_vpc_security_group_egress_rule.helix_authentication_service_outbound_ipv6](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_egress_rule) | resource | +| [aws_vpc_security_group_ingress_rule.helix_authentication_service_inbound_alb](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/resources/vpc_security_group_ingress_rule) | resource | +| [awscc_secretsmanager_secret.helix_authentication_service_admin_password](https://registry.terraform.io/providers/hashicorp/awscc/1.22.0/docs/resources/secretsmanager_secret) | resource | +| [awscc_secretsmanager_secret.helix_authentication_service_admin_username](https://registry.terraform.io/providers/hashicorp/awscc/1.22.0/docs/resources/secretsmanager_secret) | resource | | [random_string.helix_authentication_service](https://registry.terraform.io/providers/hashicorp/random/3.6.3/docs/resources/string) | resource | | [random_string.helix_authentication_service_alb_access_logs_bucket_suffix](https://registry.terraform.io/providers/hashicorp/random/3.6.3/docs/resources/string) | resource | -| [aws_ecs_cluster.helix_authentication_service_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/ecs_cluster) | data source | -| [aws_elb_service_account.main](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/elb_service_account) | data source | -| [aws_iam_policy_document.access_logs_bucket_alb_write](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.ecs_tasks_trust_relationship](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.helix_authentication_service_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.helix_authentication_service_secrets_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/iam_policy_document) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/5.72.1/docs/data-sources/region) | data source | +| [aws_ecs_cluster.helix_authentication_service_cluster](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/ecs_cluster) | data source | +| [aws_elb_service_account.main](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/elb_service_account) | data source | +| [aws_iam_policy_document.access_logs_bucket_alb_write](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.ecs_tasks_trust_relationship](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.helix_authentication_service_default_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.helix_authentication_service_secrets_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/iam_policy_document) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/region) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [certificate\_arn](#input\_certificate\_arn) | The TLS certificate ARN for the Helix Authentication Service load balancer. | `string` | n/a | yes | +| [certificate\_arn](#input\_certificate\_arn) | The TLS certificate ARN for the Helix Authentication Service load balancer. | `string` | `null` | no | | [cluster\_name](#input\_cluster\_name) | The name of the cluster to deploy the Helix Authentication Service into. Defaults to null and a cluster will be created. | `string` | `null` | no | | [container\_cpu](#input\_container\_cpu) | The CPU allotment for the Helix Authentication Service container. | `number` | `1024` | no | | [container\_memory](#input\_container\_memory) | The memory allotment for the Helix Authentication Service container. | `number` | `4096` | no | | [container\_name](#input\_container\_name) | The name of the Helix Authentication Service container. | `string` | `"helix-auth-container"` | no | | [container\_port](#input\_container\_port) | The container port that Helix Authentication Service runs on. | `number` | `3000` | no | +| [create\_application\_load\_balancer](#input\_create\_application\_load\_balancer) | This flag controls the creation of an application load balancer as part of the module. | `bool` | `true` | no | | [create\_helix\_authentication\_service\_default\_policy](#input\_create\_helix\_authentication\_service\_default\_policy) | Optional creation of Helix Authentication Service default IAM Policy. Default is set to true. | `bool` | `true` | no | | [create\_helix\_authentication\_service\_default\_role](#input\_create\_helix\_authentication\_service\_default\_role) | Optional creation of Helix Authentication Service default IAM Role. Default is set to true. | `bool` | `true` | no | | [custom\_helix\_authentication\_service\_role](#input\_custom\_helix\_authentication\_service\_role) | ARN of the custom IAM Role you wish to use with Helix Authentication Service. | `string` | `null` | no | @@ -85,7 +86,7 @@ No modules. | [helix\_authentication\_service\_admin\_username\_secret\_arn](#input\_helix\_authentication\_service\_admin\_username\_secret\_arn) | Optionally provide the ARN of an AWS Secret for the Helix Authentication Service Administrator username. | `string` | `null` | no | | [helix\_authentication\_service\_alb\_access\_logs\_bucket](#input\_helix\_authentication\_service\_alb\_access\_logs\_bucket) | ID of the S3 bucket for Helix Authentication Service ALB access log storage. If access logging is enabled and this is null the module creates a bucket. | `string` | `null` | no | | [helix\_authentication\_service\_alb\_access\_logs\_prefix](#input\_helix\_authentication\_service\_alb\_access\_logs\_prefix) | Log prefix for Helix Authentication Service ALB access logs. If null the project prefix and module name are used. | `string` | `null` | no | -| [helix\_authentication\_service\_alb\_subnets](#input\_helix\_authentication\_service\_alb\_subnets) | A list of subnets to deploy the Helix Authentication Service load balancer into. Public subnets are recommended. | `list(string)` | n/a | yes | +| [helix\_authentication\_service\_alb\_subnets](#input\_helix\_authentication\_service\_alb\_subnets) | A list of subnets to deploy the Helix Authentication Service load balancer into. Public subnets are recommended. | `list(string)` | `[]` | no | | [helix\_authentication\_service\_cloudwatch\_log\_retention\_in\_days](#input\_helix\_authentication\_service\_cloudwatch\_log\_retention\_in\_days) | The log retention in days of the cloudwatch log group for Helix Authentication Service. | `string` | `365` | no | | [helix\_authentication\_service\_subnets](#input\_helix\_authentication\_service\_subnets) | A list of subnets to deploy the Helix Authentication Service into. Private subnets are recommended. | `list(string)` | n/a | yes | | [internal](#input\_internal) | Set this flag to true if you do not want the Helix Authentication Service load balancer to have a public IP. | `bool` | `false` | no | diff --git a/modules/perforce/helix-authentication-service/alb.tf b/modules/perforce/helix-authentication-service/alb.tf index 795c3100..1b34aa4d 100644 --- a/modules/perforce/helix-authentication-service/alb.tf +++ b/modules/perforce/helix-authentication-service/alb.tf @@ -2,6 +2,7 @@ # Load Balancer ################################################################################ resource "aws_lb" "helix_authentication_service_alb" { + count = var.create_application_load_balancer ? 1 : 0 name = "${local.name_prefix}-alb" internal = var.internal load_balancer_type = "application" @@ -9,11 +10,15 @@ resource "aws_lb" "helix_authentication_service_alb" { security_groups = concat(var.existing_security_groups, [aws_security_group.helix_authentication_service_alb_sg.id]) dynamic "access_logs" { - for_each = var.enable_helix_authentication_service_alb_access_logs ? [1] : [] + for_each = (var.create_application_load_balancer && var.enable_helix_authentication_service_alb_access_logs ? [1] : + []) content { enabled = var.enable_helix_authentication_service_alb_access_logs - bucket = var.helix_authentication_service_alb_access_logs_bucket != null ? var.helix_authentication_service_alb_access_logs_bucket : aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket[0].id - prefix = var.helix_authentication_service_alb_access_logs_prefix != null ? var.helix_authentication_service_alb_access_logs_prefix : "${local.name_prefix}-alb" + bucket = (var.helix_authentication_service_alb_access_logs_bucket != null ? + var.helix_authentication_service_alb_access_logs_bucket : + aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket[0].id) + prefix = (var.helix_authentication_service_alb_access_logs_prefix != null ? + var.helix_authentication_service_alb_access_logs_prefix : "${local.name_prefix}-alb") } } enable_deletion_protection = var.enable_helix_authentication_service_alb_deletion_protection @@ -26,14 +31,18 @@ resource "aws_lb" "helix_authentication_service_alb" { } resource "random_string" "helix_authentication_service_alb_access_logs_bucket_suffix" { - count = var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null ? 1 : 0 + count = ( + var.create_application_load_balancer && var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null + ? 1 : 0) length = 8 special = false upper = false } resource "aws_s3_bucket" "helix_authentication_service_alb_access_logs_bucket" { - count = var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null ? 1 : 0 + count = ( + var.create_application_load_balancer && var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null + ? 1 : 0) bucket = "${local.name_prefix}-alb-access-logs-${random_string.helix_authentication_service_alb_access_logs_bucket_suffix[0].result}" #checkov:skip=CKV_AWS_21: Versioning not necessary for access logs @@ -50,7 +59,9 @@ resource "aws_s3_bucket" "helix_authentication_service_alb_access_logs_bucket" { data "aws_elb_service_account" "main" {} data "aws_iam_policy_document" "access_logs_bucket_alb_write" { - count = var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null ? 1 : 0 + count = ( + var.create_application_load_balancer && var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null + ? 1 : 0) statement { effect = "Allow" actions = ["s3:PutObject"] @@ -58,19 +69,26 @@ data "aws_iam_policy_document" "access_logs_bucket_alb_write" { type = "AWS" identifiers = [data.aws_elb_service_account.main.arn] } - resources = ["${var.helix_authentication_service_alb_access_logs_bucket != null ? var.helix_authentication_service_alb_access_logs_bucket : aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket[0].arn}/${var.helix_authentication_service_alb_access_logs_prefix != null ? var.helix_authentication_service_alb_access_logs_prefix : "${local.name_prefix}-alb"}/*" + resources = [ + "${var.helix_authentication_service_alb_access_logs_bucket != null ? var.helix_authentication_service_alb_access_logs_bucket : aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket[0].arn}/${var.helix_authentication_service_alb_access_logs_prefix != null ? var.helix_authentication_service_alb_access_logs_prefix : "${local.name_prefix}-alb"}/*" ] } } resource "aws_s3_bucket_policy" "alb_access_logs_bucket_policy" { - count = var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null ? 1 : 0 - bucket = var.helix_authentication_service_alb_access_logs_bucket == null ? aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket[0].id : var.helix_authentication_service_alb_access_logs_bucket + count = ( + var.create_application_load_balancer && var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null + ? 1 : 0) + bucket = (var.helix_authentication_service_alb_access_logs_bucket == null ? + aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket[0].id : + var.helix_authentication_service_alb_access_logs_bucket) policy = data.aws_iam_policy_document.access_logs_bucket_alb_write[0].json } resource "aws_s3_bucket_lifecycle_configuration" "access_logs_bucket_lifecycle_configuration" { - count = var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null ? 1 : 0 + count = ( + var.create_application_load_balancer && var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null + ? 1 : 0) depends_on = [ aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket[0] ] @@ -92,7 +110,9 @@ resource "aws_s3_bucket_lifecycle_configuration" "access_logs_bucket_lifecycle_c } resource "aws_s3_bucket_public_access_block" "access_logs_bucket_public_block" { - count = var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null ? 1 : 0 + count = ( + var.create_application_load_balancer && var.enable_helix_authentication_service_alb_access_logs && var.helix_authentication_service_alb_access_logs_bucket == null + ? 1 : 0) depends_on = [ aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket[0] ] @@ -127,7 +147,8 @@ resource "aws_lb_target_group" "helix_authentication_service_alb_target_group" { # HTTPS listener for helix_authentication_service ALB resource "aws_lb_listener" "helix_authentication_service_alb_https_listener" { - load_balancer_arn = aws_lb.helix_authentication_service_alb.arn + count = var.create_application_load_balancer ? 1 : 0 + load_balancer_arn = aws_lb.helix_authentication_service_alb[0].arn port = "443" protocol = "HTTPS" ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" diff --git a/modules/perforce/helix-authentication-service/outputs.tf b/modules/perforce/helix-authentication-service/outputs.tf index 108f8965..e9085775 100644 --- a/modules/perforce/helix-authentication-service/outputs.tf +++ b/modules/perforce/helix-authentication-service/outputs.tf @@ -16,12 +16,12 @@ output "cluster_name" { output "alb_dns_name" { description = "The DNS name of the Helix Authentication Service ALB" - value = aws_lb.helix_authentication_service_alb.dns_name + value = var.create_application_load_balancer ? aws_lb.helix_authentication_service_alb[0].dns_name : null } output "alb_zone_id" { description = "The hosted zone ID of the Helix Authentication Service ALB" - value = aws_lb.helix_authentication_service_alb.zone_id + value = var.create_application_load_balancer ? aws_lb.helix_authentication_service_alb[0].zone_id : null } output "target_group_arn" { diff --git a/modules/perforce/helix-authentication-service/variables.tf b/modules/perforce/helix-authentication-service/variables.tf index e365b2b0..f2d60fdf 100644 --- a/modules/perforce/helix-authentication-service/variables.tf +++ b/modules/perforce/helix-authentication-service/variables.tf @@ -106,9 +106,21 @@ variable "enable_web_based_administration" { } # - Load Balancer - +variable "create_application_load_balancer" { + type = bool + default = true + description = "This flag controls the creation of an application load balancer as part of the module." +} + variable "helix_authentication_service_alb_subnets" { type = list(string) description = "A list of subnets to deploy the Helix Authentication Service load balancer into. Public subnets are recommended." + default = [] + validation { + condition = (length(var.helix_authentication_service_alb_subnets) > 0) == var.create_application_load_balancer + error_message = "Subnets are only necessary if the create_application_load_balancer variable is set." + } + } variable "enable_helix_authentication_service_alb_access_logs" { @@ -155,6 +167,11 @@ variable "internal" { variable "certificate_arn" { type = string description = "The TLS certificate ARN for the Helix Authentication Service load balancer." + default = null + validation { + condition = var.create_application_load_balancer == (var.certificate_arn != null) + error_message = "The certificate_arn variable must be set if and only if the create_application_load_balancer variable is set." + } } # - Logging - From 73523d32d0ab5c1d681672abfa9a1da77e238f76 Mon Sep 17 00:00:00 2001 From: Henry Kiem Date: Thu, 12 Dec 2024 15:46:42 -0800 Subject: [PATCH 5/8] feat(Perforce Example): Update complete example for shared networking configuration across services --- modules/perforce/examples/complete/dns.tf | 68 +++--- modules/perforce/examples/complete/main.tf | 208 +++++++++++++++--- modules/perforce/examples/complete/outputs.tf | 14 ++ .../perforce/examples/complete/security.tf | 146 ++++++++++-- .../perforce/examples/complete/versions.tf | 2 +- modules/perforce/examples/complete/vpc.tf | 6 +- 6 files changed, 352 insertions(+), 92 deletions(-) create mode 100644 modules/perforce/examples/complete/outputs.tf diff --git a/modules/perforce/examples/complete/dns.tf b/modules/perforce/examples/complete/dns.tf index a3d9a107..02fa1c6a 100644 --- a/modules/perforce/examples/complete/dns.tf +++ b/modules/perforce/examples/complete/dns.tf @@ -1,4 +1,3 @@ - ########################################## # Route53 Hosted Zone for FQDN ########################################## @@ -8,10 +7,10 @@ data "aws_route53_zone" "root" { } ########################################## -# Perforce Helix DNS +# Perforce DNS ########################################## -resource "aws_route53_zone" "helix_private_zone" { - name = "helix.perforce.internal" +resource "aws_route53_zone" "perforce_private_hosted_zone" { + name = "perforce.${data.aws_route53_zone.root.name}" #checkov:skip=CKV2_AWS_38: Hosted zone is private (vpc association) #checkov:skip=CKV2_AWS_39: Query logging disabled by design vpc { @@ -19,54 +18,57 @@ resource "aws_route53_zone" "helix_private_zone" { } } - -resource "aws_route53_record" "helix_swarm" { +# Route all external web service traffic to the NLB +resource "aws_route53_record" "external_perforce_web_services" { zone_id = data.aws_route53_zone.root.id - name = "swarm.helix.${data.aws_route53_zone.root.name}" + name = "*.perforce.${data.aws_route53_zone.root.name}" type = "A" alias { - name = module.perforce_helix_swarm.alb_dns_name - zone_id = module.perforce_helix_swarm.alb_zone_id + name = aws_lb.perforce.dns_name + zone_id = aws_lb.perforce.zone_id evaluate_target_health = true } } -resource "aws_route53_record" "helix_authentication_service" { - zone_id = data.aws_route53_zone.root.zone_id - name = "auth.helix.${data.aws_route53_zone.root.name}" +# Route all internal web service traffic to the ALB +resource "aws_route53_record" "internal_perforce_web_services" { + zone_id = aws_route53_zone.perforce_private_hosted_zone.id + name = "*.${aws_route53_zone.perforce_private_hosted_zone.name}" type = "A" alias { - name = module.perforce_helix_authentication_service.alb_dns_name - zone_id = module.perforce_helix_authentication_service.alb_zone_id + name = aws_lb.perforce_web_services.dns_name + zone_id = aws_lb.perforce_web_services.zone_id evaluate_target_health = true } } -resource "aws_route53_record" "perforce_helix_core" { +# Route all external Helix Core traffic to the NLB +resource "aws_route53_record" "external_helix_core" { zone_id = data.aws_route53_zone.root.zone_id - name = "core.helix.${data.aws_route53_zone.root.name}" + name = "perforce.${data.aws_route53_zone.root.name}" type = "A" - ttl = 300 - #checkov:skip=CKV2_AWS_23:The attached resource is managed by CGD Toolkit - records = [module.perforce_helix_core.helix_core_eip_public_ip] + alias { + name = aws_lb.perforce.dns_name + zone_id = aws_lb.perforce.zone_id + evaluate_target_health = true + } } -resource "aws_route53_record" "perforce_helix_core_pvt" { - zone_id = aws_route53_zone.helix_private_zone.zone_id - name = "core.${aws_route53_zone.helix_private_zone.name}" +# Route all internal Helix Core traffic to the instance +resource "aws_route53_record" "internal_helix_core" { + zone_id = aws_route53_zone.perforce_private_hosted_zone.zone_id + name = aws_route53_zone.perforce_private_hosted_zone.name type = "A" + records = [module.perforce_helix_core.helix_core_private_ip] ttl = 300 - #checkov:skip=CKV2_AWS_23:The attached resource is managed by CGD Toolkit - records = [module.perforce_helix_core.helix_core_eip_private_ip] } ########################################## # Helix Certificate Management ########################################## - -resource "aws_acm_certificate" "helix" { - domain_name = "helix.${var.root_domain_name}" - subject_alternative_names = ["*.helix.${var.root_domain_name}"] +resource "aws_acm_certificate" "perforce" { + domain_name = "perforce.${var.root_domain_name}" + subject_alternative_names = ["*.perforce.${var.root_domain_name}"] validation_method = "DNS" @@ -79,9 +81,9 @@ resource "aws_acm_certificate" "helix" { } } -resource "aws_route53_record" "helix_cert" { +resource "aws_route53_record" "perforce_cert" { for_each = { - for dvo in aws_acm_certificate.helix.domain_validation_options : dvo.domain_name => { + for dvo in aws_acm_certificate.perforce.domain_validation_options : dvo.domain_name => { name = dvo.resource_record_name record = dvo.resource_record_value type = dvo.resource_record_type @@ -96,10 +98,10 @@ resource "aws_route53_record" "helix_cert" { zone_id = data.aws_route53_zone.root.id } -resource "aws_acm_certificate_validation" "helix" { +resource "aws_acm_certificate_validation" "perforce" { timeouts { create = "15m" } - certificate_arn = aws_acm_certificate.helix.arn - validation_record_fqdns = [for record in aws_route53_record.helix_cert : record.fqdn] + certificate_arn = aws_acm_certificate.perforce.arn + validation_record_fqdns = [for record in aws_route53_record.perforce_cert : record.fqdn] } diff --git a/modules/perforce/examples/complete/main.tf b/modules/perforce/examples/complete/main.tf index 674c5166..556a0516 100644 --- a/modules/perforce/examples/complete/main.tf +++ b/modules/perforce/examples/complete/main.tf @@ -28,21 +28,27 @@ resource "aws_ecs_cluster_capacity_providers" "providers" { ########################################## module "perforce_helix_core" { - source = "../../helix-core" - vpc_id = aws_vpc.perforce_vpc.id - server_type = "p4d_commit" - instance_subnet_id = aws_subnet.public_subnets[0].id - instance_type = "c6g.large" - instance_architecture = "arm64" - - storage_type = "EBS" - depot_volume_size = 64 - metadata_volume_size = 32 - logs_volume_size = 32 + source = "../../helix-core" + # Networking + vpc_id = aws_vpc.perforce_vpc.id + instance_subnet_id = aws_subnet.private_subnets[0].id + internal = true fully_qualified_domain_name = "core.helix.perforce.${var.root_domain_name}" - helix_authentication_service_url = "https://${aws_route53_record.helix_authentication_service.name}" + + # Compute and Storage + instance_type = "c8g.large" + instance_architecture = "arm64" + storage_type = "EBS" + depot_volume_size = 64 + metadata_volume_size = 32 + logs_volume_size = 32 + + # Configuration + plaintext = true # We will use the Perforce NLB to handle TLS termination + server_type = "p4d_commit" + helix_authentication_service_url = "https://auth.${aws_route53_zone.perforce_private_hosted_zone.name}" } ########################################## @@ -50,39 +56,179 @@ module "perforce_helix_core" { ########################################## module "perforce_helix_authentication_service" { - source = "../../helix-authentication-service" - vpc_id = aws_vpc.perforce_vpc.id - cluster_name = aws_ecs_cluster.perforce_cluster.name - helix_authentication_service_alb_subnets = aws_subnet.public_subnets[*].id - helix_authentication_service_subnets = aws_subnet.private_subnets[*].id - certificate_arn = aws_acm_certificate.helix.arn + source = "../../helix-authentication-service" + + # Networking + vpc_id = aws_vpc.perforce_vpc.id + create_application_load_balancer = false # Shared Perforce web services application load balancer + helix_authentication_service_subnets = aws_subnet.private_subnets[*].id + fully_qualified_domain_name = "auth.perforce.${var.root_domain_name}" + # Compute + cluster_name = aws_ecs_cluster.perforce_cluster.name + + # Configuration enable_web_based_administration = true - fully_qualified_domain_name = "auth.helix.${var.root_domain_name}" - depends_on = [aws_ecs_cluster.perforce_cluster, aws_acm_certificate_validation.helix] + depends_on = [aws_ecs_cluster.perforce_cluster] } ########################################## # Perforce Helix Swarm ########################################## - module "perforce_helix_swarm" { - source = "../../helix-swarm" - vpc_id = aws_vpc.perforce_vpc.id - cluster_name = aws_ecs_cluster.perforce_cluster.name - helix_swarm_alb_subnets = aws_subnet.public_subnets[*].id - helix_swarm_service_subnets = aws_subnet.private_subnets[*].id - certificate_arn = aws_acm_certificate.helix.arn - p4d_port = "ssl:${aws_route53_record.perforce_helix_core_pvt.name}:1666" + source = "../../helix-swarm" + + # Networking + vpc_id = aws_vpc.perforce_vpc.id + create_application_load_balancer = false # Shared Perforce web services application load balancer + helix_swarm_service_subnets = aws_subnet.private_subnets[*].id + fully_qualified_domain_name = "swarm.perforce.${var.root_domain_name}" + + # Compute + cluster_name = aws_ecs_cluster.perforce_cluster.name + + # Configuration + p4d_port = "${aws_route53_record.internal_helix_core.name}:1666" p4d_super_user_arn = module.perforce_helix_core.helix_core_super_user_username_secret_arn p4d_super_user_password_arn = module.perforce_helix_core.helix_core_super_user_password_secret_arn p4d_swarm_user_arn = module.perforce_helix_core.helix_core_super_user_username_secret_arn p4d_swarm_password_arn = module.perforce_helix_core.helix_core_super_user_password_secret_arn + enable_sso = true + + depends_on = [aws_ecs_cluster.perforce_cluster] +} + +########################################## +# Perforce Network Load Balancer +########################################## +resource "aws_lb" "perforce" { + name = "perforce" + load_balancer_type = "network" + subnets = aws_subnet.public_subnets[*].id + security_groups = [aws_security_group.perforce_network_load_balancer.id] + drop_invalid_header_fields = true + enable_cross_zone_load_balancing = true + #checkov:skip=CKV_AWS_91: Access logging not required for example deployment + #checkov:skip=CKV_AWS_150: Load balancer deletion protection disabled for example deployment +} - enable_sso = true +################################################### +# Perforce Web Services Application Load Balancer +################################################### +resource "aws_lb" "perforce_web_services" { + name = "perforce-web-services" + load_balancer_type = "application" + subnets = aws_subnet.private_subnets[*].id + internal = true + security_groups = [aws_security_group.perforce_web_services_alb.id] + drop_invalid_header_fields = true + #checkov:skip=CKV_AWS_91: Access logging not required for example deployment + #checkov:skip=CKV_AWS_150: Load balancer deletion protection disabled for example deployment +} - fully_qualified_domain_name = "swarm.helix.${var.root_domain_name}" +########################################## +# Helix Core Target Group +########################################## +resource "aws_lb_target_group" "helix_core" { + name = "helix-core" + target_type = "instance" + port = 1666 + protocol = "TCP" + vpc_id = aws_vpc.perforce_vpc.id +} - depends_on = [aws_ecs_cluster.perforce_cluster, aws_acm_certificate_validation.helix] +resource "aws_lb_target_group_attachment" "helix_core" { + target_group_arn = aws_lb_target_group.helix_core.arn + target_id = module.perforce_helix_core.helix_core_instance_id + port = 1666 +} + +########################################## +# Web Services Target Group +########################################## +resource "aws_lb_target_group" "perforce_web_services" { + name = "perforce-web-services" + target_type = "alb" + port = 443 + protocol = "TCP" + vpc_id = aws_vpc.perforce_vpc.id +} + +# Default rule redirects to Helix Swarm +resource "aws_lb_listener" "perforce_web_services" { + load_balancer_arn = aws_lb.perforce_web_services.arn + port = 443 + protocol = "HTTPS" + ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" + certificate_arn = aws_acm_certificate_validation.perforce.certificate_arn + + default_action { + type = "redirect" + redirect { + host = "swarm.perforce.${var.root_domain_name}" + port = "443" + protocol = "HTTPS" + status_code = "HTTP_301" + } + } +} + +# Helix Swarm listener rule +resource "aws_lb_listener_rule" "perforce_helix_swarm" { + listener_arn = aws_lb_listener.perforce_web_services.arn + priority = 100 + action { + type = "forward" + target_group_arn = module.perforce_helix_swarm.target_group_arn + } + condition { + host_header { + values = ["swarm.perforce.${var.root_domain_name}"] + } + } +} + +# Helix Authentication Service listener rule +resource "aws_lb_listener_rule" "perforce_helix_authentication_service" { + listener_arn = aws_lb_listener.perforce_web_services.arn + priority = 200 + action { + type = "forward" + target_group_arn = module.perforce_helix_authentication_service.target_group_arn + } + condition { + host_header { + values = ["auth.perforce.${var.root_domain_name}"] + } + } +} + +########################################## +# Helix Core Listener +########################################## +resource "aws_lb_listener" "helix_core" { + load_balancer_arn = aws_lb.perforce.arn + port = 1666 + protocol = "TLS" + ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" + certificate_arn = aws_acm_certificate_validation.perforce.certificate_arn + + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.helix_core.arn + } +} + +########################################## +# Perforce Web Services Listener +########################################## +resource "aws_lb_listener" "perforce_web_services_alb" { + load_balancer_arn = aws_lb.perforce.arn + port = 443 + protocol = "TCP" + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.perforce_web_services.arn + } } diff --git a/modules/perforce/examples/complete/outputs.tf b/modules/perforce/examples/complete/outputs.tf new file mode 100644 index 00000000..c91a51f2 --- /dev/null +++ b/modules/perforce/examples/complete/outputs.tf @@ -0,0 +1,14 @@ +output "helix_core_connection_string" { + value = "ssl:perforce.${var.root_domain_name}:1666" + description = "The connection string for the Helix Core server. Set your P4PORT environment variable to this value." +} + +output "helix_swarm_url" { + value = "swarm.perforce.${var.root_domain_name}" + description = "The URL for the Helix Swarm server." +} + +output "helix_authentication_service_admin_url" { + value = "auth.perforce.${var.root_domain_name}/admin" + description = "The URL for the Helix Authentication Service admin page." +} diff --git a/modules/perforce/examples/complete/security.tf b/modules/perforce/examples/complete/security.tf index a682b045..5a79be38 100644 --- a/modules/perforce/examples/complete/security.tf +++ b/modules/perforce/examples/complete/security.tf @@ -1,33 +1,131 @@ ########################################## -# Internal Access - service to service +# Perforce NLB Security Group ########################################## +resource "aws_security_group" "perforce_network_load_balancer" { + name = "perforce_network_load_balancer" + description = "Perforce Network Load Balancer" + vpc_id = aws_vpc.perforce_vpc.id + #checkov:skip=CKV2_AWS_5:Security group is attached to Perforce NLB +} + +# Egress for Perforce NLB to Helix Core instance +resource "aws_vpc_security_group_egress_rule" "perforce_nlb_outbound_helix_core" { + security_group_id = aws_security_group.perforce_network_load_balancer.id + description = "Perforce NLB outbound to Helix Core" + from_port = 1666 + to_port = 1666 + ip_protocol = "TCP" + referenced_security_group_id = module.perforce_helix_core.security_group_id +} -# Helix Swarm -> Helix Core -resource "aws_vpc_security_group_ingress_rule" "helix_core_inbound_swarm" { +# Ingress from Perforce NLB to Helix Core instance +resource "aws_vpc_security_group_ingress_rule" "perforce_nlb_inbound_helix_core" { security_group_id = module.perforce_helix_core.security_group_id + description = "Perforce NLB inbound to Helix Core" ip_protocol = "TCP" from_port = 1666 to_port = 1666 + referenced_security_group_id = aws_security_group.perforce_network_load_balancer.id +} + +# Egress for Perforce NLB to Perforce Web Services ALB +resource "aws_vpc_security_group_egress_rule" "perforce_nlb_outbound_web_alb" { + security_group_id = aws_security_group.perforce_network_load_balancer.id + description = "Perforce NLB outbound to Web ALB" + from_port = 443 + to_port = 443 + ip_protocol = "TCP" + referenced_security_group_id = aws_security_group.perforce_web_services_alb.id +} + +########################################## +# Perforce Web Services ALB Security Group +########################################## +resource "aws_security_group" "perforce_web_services_alb" { + name = "perforce_web_services_alb" + description = "Perforce Web Services ALB" + vpc_id = aws_vpc.perforce_vpc.id + #checkov:skip=CKV2_AWS_5:Security group is attached to Perforce Web Services ALB +} + +# HTTPS Ingress from Perforce NLB to Perforce Web Services ALB +resource "aws_vpc_security_group_ingress_rule" "perforce_nlb_inbound_web_alb_https" { + security_group_id = aws_security_group.perforce_web_services_alb.id + description = "Perforce NLB inbound HTTPS to Web ALB" + ip_protocol = "TCP" + from_port = 443 + to_port = 443 + referenced_security_group_id = aws_security_group.perforce_network_load_balancer.id +} + +# HTTPS Ingress from Helix Core server (needed for Helix Authentication Service extension) +resource "aws_vpc_security_group_ingress_rule" "perforce_helix_core_inbound_web_alb_https" { + security_group_id = aws_security_group.perforce_web_services_alb.id + description = "Helix Core inbound HTTPS to Web ALB" + ip_protocol = "TCP" + from_port = 443 + to_port = 443 + referenced_security_group_id = module.perforce_helix_core.security_group_id +} + +# Egress for Perfoce Web Services ALB to Helix Swarm service +resource "aws_vpc_security_group_egress_rule" "perforce_alb_outbound_helix_swarm" { + security_group_id = aws_security_group.perforce_web_services_alb.id + description = "Perforce ALB outbound to Helix Swarm" + from_port = 80 + to_port = 80 + ip_protocol = "TCP" referenced_security_group_id = module.perforce_helix_swarm.service_security_group_id - description = "Enables Helix Swarm to access Helix Core." -} - -# Helix Core -> Helix Swarm -resource "aws_vpc_security_group_ingress_rule" "helix_swarm_inbound_core" { - security_group_id = module.perforce_helix_swarm.alb_security_group_id - ip_protocol = "TCP" - from_port = 443 - to_port = 443 - cidr_ipv4 = "${module.perforce_helix_core.helix_core_eip_public_ip}/32" - description = "Enables Helix Core to access Helix Swarm" -} - -# Helix Core -> Helix Authentication Service -resource "aws_vpc_security_group_ingress_rule" "helix_auth_inbound_core" { - security_group_id = module.perforce_helix_authentication_service.alb_security_group_id - ip_protocol = "TCP" - from_port = 443 - to_port = 443 - cidr_ipv4 = "${module.perforce_helix_core.helix_core_eip_public_ip}/32" - description = "Enables Helix Core to access Helix Authentication Service" +} + +# Ingress from Perforce Web Services ALB to Helix Swarm service +resource "aws_vpc_security_group_ingress_rule" "perforce_alb_inbound_helix_swarm" { + security_group_id = module.perforce_helix_swarm.service_security_group_id + description = "Perforce ALB inbound to Helix Swarm" + ip_protocol = "TCP" + from_port = 80 + to_port = 80 + referenced_security_group_id = aws_security_group.perforce_web_services_alb.id + #checkov:skip=CKV_AWS_260:Access restricted to Perforce Web Services ALB +} + +# Egress for Perforce Web Services ALB to Helix Authentication service +resource "aws_vpc_security_group_egress_rule" "perforce_alb_outbound_helix_auth" { + security_group_id = aws_security_group.perforce_web_services_alb.id + description = "Perforce ALB outbound to Helix Auth" + from_port = 3000 + to_port = 3000 + ip_protocol = "TCP" + referenced_security_group_id = module.perforce_helix_authentication_service.service_security_group_id +} + +# Ingress from Perforce Web Services ALB to Helix Authentication service +resource "aws_vpc_security_group_ingress_rule" "perforce_alb_inbound_helix_auth" { + security_group_id = module.perforce_helix_authentication_service.service_security_group_id + description = "Perforce ALB inbound to Helix Auth" + ip_protocol = "TCP" + from_port = 3000 + to_port = 3000 + referenced_security_group_id = aws_security_group.perforce_web_services_alb.id +} + +########################################## +# Helix Swarm to Helix Core +########################################## +resource "aws_vpc_security_group_ingress_rule" "perforce_helix_core_inbound_helix_swarm" { + security_group_id = module.perforce_helix_core.security_group_id + description = "Helix Core inbound to Helix Swarm" + ip_protocol = "TCP" + from_port = 1666 + to_port = 1666 + referenced_security_group_id = module.perforce_helix_swarm.service_security_group_id +} + +resource "aws_vpc_security_group_egress_rule" "perforce_helix_swarm_outbound_helix_core" { + security_group_id = module.perforce_helix_swarm.service_security_group_id + description = "Helix Swarm outbound to Helix Core" + from_port = 1666 + to_port = 1666 + ip_protocol = "TCP" + referenced_security_group_id = module.perforce_helix_core.security_group_id } diff --git a/modules/perforce/examples/complete/versions.tf b/modules/perforce/examples/complete/versions.tf index a49b9edb..2848486f 100644 --- a/modules/perforce/examples/complete/versions.tf +++ b/modules/perforce/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.66.0" + version = "5.78.0" } } } diff --git a/modules/perforce/examples/complete/vpc.tf b/modules/perforce/examples/complete/vpc.tf index 9e0645c8..73706742 100644 --- a/modules/perforce/examples/complete/vpc.tf +++ b/modules/perforce/examples/complete/vpc.tf @@ -109,9 +109,9 @@ resource "aws_route_table" "private_rt" { # route to the internet through NAT gateway resource "aws_route" "private_rt_nat_gateway" { - route_table_id = aws_route_table.private_rt.id - destination_cidr_block = "0.0.0.0/0" - nat_gateway_id = aws_nat_gateway.nat_gateway.id + route_table_id = aws_route_table.private_rt.id + destination_cidr_block = "0.0.0.0/0" + nat_gateway_id = aws_nat_gateway.nat_gateway.id } resource "aws_route_table_association" "private_rt_asso" { From e4de8b12d799f1d07ba787567361918cef854561 Mon Sep 17 00:00:00 2001 From: Henry Kiem Date: Thu, 12 Dec 2024 15:47:52 -0800 Subject: [PATCH 6/8] docs(Perforce): Updating documentation for Perforce Complete example reference architecture --- .../diagrams/perforce_complete_example.drawio | 103 ++++++++++++++++++ .../images/perforce-complete-example.png | Bin 0 -> 279640 bytes docs/modules/perforce/examples/complete.md | 68 +++++++++++- 3 files changed, 165 insertions(+), 6 deletions(-) create mode 100644 docs/media/diagrams/perforce_complete_example.drawio create mode 100644 docs/media/images/perforce-complete-example.png diff --git a/docs/media/diagrams/perforce_complete_example.drawio b/docs/media/diagrams/perforce_complete_example.drawio new file mode 100644 index 00000000..5459899d --- /dev/null +++ b/docs/media/diagrams/perforce_complete_example.drawio @@ -0,0 +1,103 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/media/images/perforce-complete-example.png b/docs/media/images/perforce-complete-example.png new file mode 100644 index 0000000000000000000000000000000000000000..65c03b0156215b0d3924386e68ed6ca3ffcbb80e GIT binary patch literal 279640 zcmeFac|6qp`!C*V$)3uVrQA{0BwN-}R6@$WCTV2PHntfdRJJ69L7RlE6Jju-?8d%~ zZOCryV;cs)*XZv4+gv*EMgCuWP8%9biAO zYu7HiE0-_c*tP2bX4fuC8Y&9#3gel!8t}i}&Noyq?8?L(o!GUDXV;aB=e6BUr}_*c zpI60-&fPKl(mi!B{myQ~-PFFjsK2~p3zyHWQjiLJk#)M11229Qk6Akq_99q(!Rm-t z<;%m5In{2}9E`5)R=RDcn4igU8E zvi|2E?ApC&9~C2y(oTLD5Mg2EllF?y>zd!`N476}b&nsC-S>Cy^zy{MeGsG9_4HSE zvaTQR;gL?K{H=uMjNW&JUEMh==sm_G-E%?xn6!~u&epv?#h@fbLhu^bnfRUGoAt(? zcH)&X>@l6VQF|4~d{@X>-;Ot~tfk~Asbi@Rfk4Kt3tdMp|0Qjd^kKjjW_p)- zXEoG=UB0hQ@<_+09ha6pgmR{uzT)Ucb+|%z$90R6KS&JJ8jks86xLByph`+^!R)w7 zf+8Ob*rsI;O!f7S>~)kZ!|qo4xNpZ5;A+_ZeUO{G_d(D@Dn}=?SP-0(hjSHo?4L~q z;O1uzBBoJ#hMs`~wrVlBLFyfso=l7g^?*Z&5;gWBgDOUZUGxXnoqqVi=K*Re44+LI zwhUi*q4bJl{!>fjy&bRnIxjdc>3tBGnCD?eL_5!pi^Z3#;HXjq{g7X0N8TlZQZu#q z$j*bz|2Vkqi~SJFKhFe<{kS1%n@`#e`(OnRhwK z`ym|8ghM-yK31}flFIIfR3EQR+=Dc6h@KX?F59-}BY4G%QSIQ4@#p*zu(Sa`Cw#5Q2J@(D38b?b^3!;V*Jl?bevdlc68reRB4gTW!ICv3WCzI59n^6+Hu&;agu}99blC8=ge1FcMDry-hO?K&L>-; zL#R>@UB~$UE8$;Bu37nr3o3hNt?^_E=fvdkUgAvFXak<$3^)16-GO zn{=UiC63xNR24=O$*)0G5lB}DzkBi;X>>T%ak-r6I8*+$skxbHCP7AA?vrEL^)5s6 zm8ScIyVBTxQ{X)MlKrM?_3Y z4`xDLo-d#A?#e!GKh<^mUirfosCoYsHW|&aLxdSu1JOoJjahC##g?QOq?XPhIMi&K zLhHg>5V3JqP}*y-$Dv{t*N3f+F0YQ@t?=_2dpM#N6F68AB=xcKmYmB*W$0W->Bb=G zYp_ICe6ys4T!D4_E!)9NSXC@xtOAc(X+t>lF$-ROHSDQE`=&J4&g;~3LoUK-J-w!= zk?z|4?DfUbhWNpaaE749aIOZ0N|KCod1Sbp@tP^?PB(D{Y@&t=vrLf9_1r9CbO;I^ z`Vl7ZO!xKq$-E)q{CUZqRTS%8;qX-yIW84!Dp{YDVHadn!&sRTO-qHo#H$2-bGN~j zI!@MOW%K!@Wly)St#sn3#1O_@$P`V6#!T4)07F zuq}bH@9oH%#d6$s&+iwzy*fA7W)U91x+by1cyCGoPJe?5F+H~O=BN2vFx(e;a(PLTY7-4uVO_id`>g zRAA=och*d5WaxO9`3e(jXJ=lKmO_DF5+)>W_0MapE-#GKdO+0Uk8~*Joxzh-!?_ty z3|wik91fyfiuT4MP!oS-!+5JAYz;m522D!7%PrpBT`sPv&P+wV9z&rXA(8rsL$K*yM-Y zuv&F`|FPM~G~MBYu)~|?yl;f0Qunlv*J$S}PtPiaykbR!j(IxI_B*ak71lDL3vR*n z=bMz}xn%may+(V905@VC*Ltyz_>PRzciYBKyDkhnZWR|E+hkrT30-y`E6>Ass@=T( z*{S6rbu!w=dEt(pDjZ z+jKrmjpQ3S6Q{Z(mZwBR1-RC68qD$=>^d`ITKH+VmHTq1qL;*%)Al|NpELN_(#o)_ zjjdHa?@Hy!Ir4+o?Mnsiq^atNxqemd&V4i}jgZDFBO9*+O_fIHvv8lZJZ;z7P7PwC z1S@1I>DwMcEm+-#A2AK~)WvvBr?I|<*|(>~$=shVSea!Q6EU7z!V;ZFA4Y{M9Q>B? zx-YaBwz*L`X3d3mTC#R`o-K8psEy*naVsYTkM^@9x~~qJI=FCB&3cwbJ4^wDzx7G( zu7(W_N1|t1=ZUbt^Fb_gvj?_HV5@EnEq^+^LY5N#8kOx zVUvSg#@9LaWJ1*mJEP*CP@s`@Q+_{Wy}5IP8WZghltEvp8>G!qD3MR{HWuIX@EB9u zkT&sjc~1esbr+yrylg#$O13sZBA~Rvco8}>ve!5K2fI>Tm>tY4zRV3C>uKT7NAmYHK7``DM0<-pkXgdf3fur2yXM+z8CRNJhi8!Iq&XZKLXWk$ zJKw{+kn(bK_ax@ZzN3E&#VFJ|7txe$4ihuXSF_FKMUWO-zK*X;N*0KVsW&Ss+w;sv zSIvF=ktIv_re5i1P0qh*h|hIc%BZR~-Wdjw-GvL(YXd08insH3J6HL`JRKfo(7(}@ zx^0|(^u66*(i|(y4hb1tOEVdQRo7`T{hykdHVF+<%Cy$eRo#aL%VEg79kxE}nSF!3 z0W=cmV5uh>2uICNTMp z^WLb29uT$dcCTv4DqI($gov6I9)zzihslN=a_CQxbiMkhqdB|#oJLr|>&hOj^eQFK zPD0+))D$fmyJ@H{tS9Ov_oc@J#c_X=oXTEg0pJDzjt`pvegHg7>@=qXn@Bk8qs<`U zc)Uze;STvyHJQC@`ysKy%vaB2oviXn`b1z=T(1^P+?KXlH=NZwboSoaIrh%5H|M%I zd}bOw6@5lo3RUY8JFR%c0=00xs4N#|D~~TP@6kq7p1$Yt#Yh`kx&m*2bHV1k247Kf zy(jiXSX5OcDhFA^3l=vo4d#3ewt;uvIQdd)0Jn$4}mNA?cK-cO3%#i^Z3--0w17A}AC>F>4g ztf$5#qTR)8dkWJRylFEwr`I4AtLQ)nlt{0{9NU4<)agHF0TjavhN3Hq=Er9Ikn+>w zo~8L-&;}bxxh3sw&LeJug3FV};vICREcA)|jSh4bL3Dx*oK~~-S(cWD>xIsPq4HjW ziZROtu4)tSaG4fWn|lW@dU=g>{!QUKrUg+H5XxN56`wit)o=JL!Px`}J45}gwp!0{ zdxafVeYpVRm?H;lbx{wmmr_e=gcp42aIUZ=9tIg$fMA!`niiiIu|KUMYiR}s_+ltR zP=VRO3T94t$Ech#GEZ!NGx#~kCygX$SNlABVxqmI^mzYmueB*`Eh02sFKFUsiZ*

!miRr@a7r^B9umgoy1vNhOJ@d4_pEZv#1J59h93J3>qZ7DR5W_ zDR^9Ibjgdu3{Ft*TB%~Nj~6v&j21O9Bo^A7MB>%6Ogb^tm`y;S2V0^9qg1!xL(Wh{ zGQNmhWiE5A4Lz7b;@6YR3M4PKCRTn`iz%;4g6R_7Ysv$Xi4Aj^W9wRpUUPGUa}z9P zx?G`UW2_G{xlA0Ur)S&-Cy9GOO_QpLqDWy8HD(3rucf+KUU^46VVAE05R#Z925gfu z4qhO>>oO}@uOl3bjk`U@qjZ6-8p;C>bA+LZ0BjI%C#c834)QA zi73DHdc0jvMT1enRs5GZ2U^Usgos%QJAA#PC+Z&ZojMIZ$q?J5kdEVanA*6)4Vk>> z&@eYs_X^dBieuoA6e3l02ul<&&35_lAgs`^I(swoc939YVC??gV%a8Ku)f>9j~+vI zSQ%a?qxC^QB+Q#X&Hs&zZ)ak3y43d0v)qV6%3>fdZ-z)EE=%72bT;tVI{VgqW&B|G z5+0_GUm^g<4+H_AGpbDqv7lN3b%z(MG;3h00YE32y%|`5dd?i*EdiS;L?XpW_}K!T z(NJzF5z?)SwW1XdKxOA@^QWW6DnmIrz6lqFhTL_R$_-zw_nCF)_x2(>jm)QTd7Tw1 zo-J)@Y!*qB*({J-E0XzScPpuXABcOy7_*tR9x>Y1%VfV@`-m z5k#|(4@?!(uv9FYpak&HlEM5Gc?NCAWuQ`+_h5QvXEm*mZ2h5aLI6eR6kJvvN9I8# z|4>~sOJu`)adkd>ec)9sgn71*pEQkZTwF`bEW`RvwW7UU|0-T-R*hPzx;_&w>0muR zjzh?iaXR~5Qipub>sNVl7kA{_pZiXMc%BrH?osvGT7zT-vPy5XqtLXXv)-wL4$9xR zYd_V>q8atBzo8849%)nDoJXdebt9?u!RI@^(y-{lxxg-y1@+2j`}?&Fd{lbc=6ch5 zq4!Xx%7whE76)D7^8Z+_NSQQn#L3VVN{Yn`(*w>_Tfr=9-N$s7u_xnSLLmHw1Lr8H1U#w?l-M` zRP1^3NMUt)nGbQg`z}wtG3pYaC-1!NbjdPC`ZRi;n$%QjcsaBTYSlRED+H7 z8^ppym@e970Z%qlFCh2`Dx@yTL*o%_U;oT}lX)TTZ_fdS6+wD_bFiTPm}$B#Qs&<`iMB zj6X?xw90f%(TCu@OyJv@cHG2HuC*~Buou0={g6xWulpc)=JmNq%?ff(@vypUWYpE9 zdihNMH+BbS;cyAT=%7O6T^)EP|5JAET560vE>94Fa?Du>tBMh#S34p+xs;8@=F9gM zyQZIk;JfpHKJ}Px+WBv$9|hqCs6SWjkHgPzWKDN-Vssm}=0_XM+uldKV(VYhDRy%! z_Fa+R5ud0}R%elooo8jGy?_Qb*Hh4+iLDxb%v>=FbU!9u zmBm7|`#Y(Xne^Vb9NaHty>#`F-X2MfaXae-D%k*O`kf~zf}2;`rM@mpeO}YVZx%WQ z+sTH*egDbKBq+96)mkdq}oi|@6d(lDS-bP@Zf3xS3$+z|SPt$$-WPo9z? zfERdWy-`X3BYoUh!QGPAu`t7aC700Bc8mJ)X7kq8^a`Lhc=bZO?{=ds;@dW_ZFIuya{isPbd3Mec^pcOmIPHrIBhKZ=i0$ z2NUKQHmS_f4WCUCVXjKi=LP}A`T-$nc@@3PwzrZ+)FjPgtHTu#`^xAlaw${FpzywT zfZYfEcQqsEOwo-(H~0YIhs-hhM8thCh-^>nkULx2?@snk6T#fc!mT^ zrP}M8IrrF-iVe!Jk<*a!p7j-6GtGVOl@Jb&bN2lL)8dIKo`AoevNb@ChK)`3LH@1= zX7%~ceU&#Z^jr#48j~NY3Yb+~w+(Gp@?!WB^QQZ?XGsPSgib~BS(e;B?T5V28Q}O!0dJWGqWGDk z=SX9w$`S39kEEVt8sr?O<(8ZZb8bg9e)=rMuNi1E%U$oe^=Po70%xahR?xjmnE2$At71w|79INs6qu&FeQ>#2 z$ucQAjjA6TL=5ArJWarYW>zeLr5upTav)5bPmPNu_rM|fc>(Kp8)$h|LRQ1v#`1P{ z&WFe%g3dL^d|!;P;fs%o1w%)sKhQmI<=xrGK|5j~lLZ*-#1VvDcKeWeX8LG`aNoFL zX?tE-a@>M`vH9{yf@oAnn2&=C6-H8EOlF5V8zawY7qZwWybltjp-EqpK!u^N$?e*C zgZVwVop_%b)6p)OA!Xp0zhpi0Wv82RT-grr1DJkTiTq3cg9y&+8o@iPjzI%|_9D1- z4h;s*Kdpy|0ge0=UALW&26>VjRcHK=rMx8vs4&)yJ2u#LZ*osq8O&C!INj6)<3-x0 z!8;?vfG7B#C;NQ8AJV_Y{wwV9fbD%7$kVA4-#x7 zE4%a2A4}kte;t#?%QmM!82CVOY-g+#nDHwaStJf2gyEu6OZ&iJ$Vi^_4n;gFM%F{% zwqJy#Wlv7)_Qp_Qjug1L?R@m778D0pUMKq_#SU37ie!^p`CB`k0RTxx={|YxXxi|c z^!h|_%9Eb5-?%juWA!1h@9TcZSUL;#9q*S%>E(NJMFYyROVhX3cRmHUkLnJ<8NQQc z*!n=R(EpA1{+kY7*CykQOd0mITQ+RRKm#^(hODJM2i&6Kh02a3itmd$nMUR$hyhzI z*{;%^HLSkp`&eKX>Z^{DNb_sFJ9fT(RENOamZT1tO?=O3i`y|20w}!(?6U8KbUgO- zyB#MDV3sFfwk=+OU)rdRKHp)-s1Ka&9k7evK}3TsYwN$y=YO}=OJM#_J&GA2Y)#oC z^&5W1a}(I*JT>O7WXQeWG0SVsh2=+=BPaTJ7&=$$KVJ+ ztM0O8_22NbKjHVwQ~eWuzaGB%6Mny}s+9hO->-A&pX~R`T=OUU{StNm8)ZM=r`MkU zm<9Ny3;ZFXzc$MsBKm7u`-h1Bl9BwW1OF$L&!0N*myG039r)|2@=qQ3OGfgi4*VtR z{*ht+CuaFm2mTUu|EQq9Hp`zn@Rz9j->44!b&>O@3Gqu7@~8IuQ~UioV1Aiy|I~he zYQJ9x%&!|@e`>#9pzc;uiL7sub^n(1rj}vUa*N7eQ8%tyK0eu^e)8glXLsuQ+g&p{ zom{7FF4P`5c+fzA$-v=w^M%x>x-lQEwKlku#J8Lgu{a@Itcn zOdK1N9U5GRZI$}(+C#;9fDsX@#DtJIdit#LuHE|>m44$7KLOB$y&>a=JkMFS$nl#W zW;}g}N1DU;xU`M*EvrDV6rKma@y9+L&~JY0v=8Ec&Tm5MH$TjC>m*qCo=c7$j-Q)o ze|OzfX}ij>mq(~D6t4SP9e&SZj7p!cgN5&VGVo#W!7H}kT{ollZa-v1Efa!nlIk7q z_bkTq;K3`faH>OP1{J%N#ea9*Jn#4HgYZW2N^`U^T|+bdj+>BuN*OGi>7*YraBtw< z-(9!T_5D;B6#-R8$@jc3;Jm-%CS;!qBrp8>J_sEpZNqQ5H+Zw}OLBZ@hYi?XS3SL< z@*Adx1NxdIw(7`y~1&KYPHv{{?Q& zLT8+r9CS+h+b*T%DEWc6_)!u*k-V8@I)T{LR&^hX67=3woSL^@|d!{a}B44nBEyu#t|E5+??nX{0c<8&D| zJACoDx5AO=`e01?v%Sgib?#s0DE|A8A2>dJ4#uT2YY_)d$4 zq?O0i-8EDU-}Js%mR?bQqfAYS@+VaF4cV`+U;9FYk^c{UaU53@;pU`Vn{Q;2< zt@Chm8>k+dkTZGtK1hW^OYj`=KuPv<%qvpW2=3G9!Gb4E++_3kX48-})r$e!E>%w^ z1+!9?=-yY@YvoxpUpeV|OwX9#>QAdIztR7`km+Z%Dg?lj7`Zm-SMTs5#{V~gr_@_S zsF3CE*||9D80^IntDEQ&t6h5G*UAfGqhkY-uZ>7E`~-6+i^1Ijvd)WmeFhs6A#jZ9 ze!TcoRweO)f58b{@Y!~%auG7aH1|WAb5C4a^(GqXJBil1Gr27ZJdD?Fc*RrUx1?jY}6trPR9d==merUp9=CmERC?EtLG}%$^znKXk$yji-x)5Chrf_d;wT zC;N_Q_3&*-m-oy$5Zg?p=YI|{s!*_%SEnp{DM2zSF8yB`@mGceNshiCEKcl#ijPA1 zO-nyyqLY)@Pch8%5yWsn{>Kh~F|Y$OKjiQE!Fe-%YqG1kOR}J_mGqQHqMyvsmGl0a z8Y)=wE6gyPwC1hgYzX|o)zB@TLxQHuF?xp2LV3$FLHOYZBg)P1e#u4;^d3n+dtIIfs! zaJ;T_LkJZuz)P1V`8-f(`I&sWpv9t!UaPDvWAS>zZ*AnIIjCEHC3&UoTnbBS;IFVKs zG{gmK5l2#|aQoDCpk;KZ`clb4^DIxFMLFVruIG?IdL7JgB~oA{og#I8@$iqepA-PT zTyA3jcjoyYcKI-4V^mS9PF1a+Wy8WTp;I62k2tsBV2W>gtF<&~%Om z*AMIQ9NJUw@bGnr+`jE-d$12wMo%s|N-FtBXT|}RdS~=)2I*7wofT8)?Tr=OOjO5G zcbwvN3SsA*>r8C{$qX^qB5nGMkiWo&CJzRZGf<{G%kXc28vlrvjd0Eca^H4yx3g%g4mas#2 z@XNwlZACp+C4C&16KcJx;}qeM+;Afy_RJ7@mwEHHRME?kaScv70{EiB_j($#Q)OSF zwHh+s?lxmrO_rzm3fxe2{(>>ZUxJZU)&AUl6U89O^4A+5`f>bo*B%6%Xgmq?I0hV` zuAHP||BsiejY?fCet}!H=;32Kof$5)v7tJ2@S}tKqh9RLF`NE~y+5v@^qCtR`05+_ z#XaPgUb>SH+*;i+-@VeiSuT|Y5vF5(ava$uG#t6RfNUeBdA?>$@`s@ppUvsTD4y2a4v~;?!XfE`k8h0eOZya%GFfOLZD^!Lj4baVNHa+*cI<<_J{>e+Tl<$o1_!WP}~Z&Jt*5Du{g3Y@ z9stmAil61X=EjpuR%V#Wu+NnPD9$s_-QH#%l;3h>=^dhU6bX6RZP}BiXO`<9pIT2d zOIdC#$a)&?v&xe;EeO$kCNI#b<^kuUbIQ3MAs`)pMbX&<^JJ+mc}3jE+5S~9jp&k> zn)QsX;Dnvx`h*4B8L?d1T$r49i&e8pq_gYrYtzEXbiK|7OGh^VybBd^Ul%$^ox@QM zmC;@IUkrTE(-}VZW8q5nAgk7frkiB~@bftF0(bJ7V@L4?;=LM@3LGI`65L7PAm}zk zoEJ@EYEPi2V~Bi};PAXC)8ormG)%Nplbwva2iupwBKx0G=q%SS-v1Xt{HzRONbbw< zjqi73r2>SO2S}5wLT9O?AH>k86}?HHnVL*_qrS1c;FzVQ8&iG+(GF?h!Og!3f0h^T z1MOPEx1N(ccZT1x`VynKRT=hPaDUDb#;KulWziV89VNR5L;SL+hef}8%Je`*<}>kb zgoTSeU#OE-*0r^WM(1J>dZlQwEgd$AAtr+obDb8|W76@BSDi)w@dFq@#uh1>7B&DB zdUXzE1|URi#wTJqSC{Q%GN1Ip8PQEu08i?PNO3v+4#T9piiU79>HCP{Se5+zpe%1k&w1}-~5V~ zPv6`0;f+f-6DZkS=1w?ipa=;`V;>OHQy~V<1>L!jc9kpKYw=NLHTly<8IrDooiRnI zPG~p(f!p@o`C6r>3Tmasn}y>WY0t9+8f*$aZgv)#ax|M5FmtB*Aq6`{V;X$y^EI-J zGjrSCzi@}>(H-Vjv!^?Xucp6H*th|RDC^rGsX3@OrUglM2C zlO@+hpq6=mp7M_$Q6go%o)1=S%nuReu4mE7Mn9Klqpy zcw|^AfMmZ=;SijxwFG>MU? z9i+zKIV{F`@BksB0&TaMLxod$1VoH0t*Lj{;f_XEf%d319rkzaEOw-(Drj9-R^k;8 zE)ZQ8&;FxZ9uW9ke&amR8SV@Y@Nq2ea`BK5fdix{SNPD2DuxKa9h?+SzN20HYvL$& z@$0Ms&c%{j-DXZC2hQ&ct|7CuM=e)G?F2 zSJqf4+3l32skdHT4-Tc(k5DWlHngjnik28A-gU`Pgp%&TgcI$OWsjSAe38%^TPrc0 z@m#cb4WzY#`jXcBIEEv+Q~1v|nYg+_`?RZGo3YeJWtp8s+pnE4zsXtA$?0s=)=6bO zgz87@@YTakO$gtva!%Xq%3?-HM7`$xkq!qOK$MV7l5D-IK$*uw;F$ME);pX=Gj$N@ z62i|pT{Id~z5tEqyuZ+TMe%G0X+C~QSa122&mqO>3qG*c7sM2YUB@vuO{9hDB;#+V& zXD_rpcuyg0!652~G!uzGri?2VvK|Y$lh6YHLZKVVb>SjkJsUq1<`~~<>|dt2%*LPR zmTu?y`0X^wR21r%Z}EoLa(O}YPDKaZsiYDg)On}PvKT&F7JS^4ANzySj2`)xdr2Z1 zNMj0!Ye8%~hi>%vGYV_SCdq7UWlB2UiM8pU68GeLu;TqAjl>2}CGy{ezq#WWO{4=- zV!15(6|VX%!2y_ISEdhD;#5=LJy-f_1s9RKYnPDqidO$pQJ#teq;yiL3;3?~JrV>7 zy!?V=wAAHsfX`<{Q@L597X|ledZyWEJI zjL(v>K_2`Pb#D$trcFG(2<-XPS$?%$gzORk%pwnD;om2A}ZcQ65xO`dX{5T18QXn6VseaIo>c_yo zGUiJSmw_Shb-~ zz8}iBP(Kmj!9xE7>v#E@Ph2o-SJqYc`8~NEE@8c;7 zM>7O3^5;$~vq1aLL5s8n^sqz|1-}K%qeQpg>})%+Z_}0j zX+%kqIQOnCoKwmacuKt*-00AXao?*;dr?7CSgr0h2mU<4>4*+_l4+KEnE_p)sn?=# zOJ0o`Dn`f%rH%0%9Dcu6)iVLzh<0tUSd7SpRk>A7tZryVqoGB*wa-QHB>S&xBWE0Y zC&=XaN>yaX*xaB`fHP{UN8NtfP0vu`v>nL!+E3hmB(4XFWWhz1)2W>X0I4Ma(xV7V z_)ymUFC>*OuUSW>ZY#>WP4ymwlsG;keY$(4&A35PcB_u$ANVhQUIu8}yxdlAZmn11M+)o%bmZiWfST9*HKWu})5yO|OVO(K+}- zclL$SE!-Xt$e@vyxw8CVF+EG&gJl+#gm^s9XwLf5)A%C#;2yJtTZ%)(M6ImQb4&a0 z>7oJ%C|f_IA}Rke#(VJXdpv*llDOo{)MG>USn3aLY`HL$bYLwsBS2s$%jx(R3*))0 zrtQ6k6;#zipGZU|4y|~8rGP9EO{JY*YiH@d`Qi*CRZyN;Y*0(URnZ9Ih?~L--Mujh zk}!rT(HNJb2Rp}OLerDCy85*Su>}+wEU?BdN;3C*M)AX{O3ep=`Zv=;mJ-ZHrM^)@ zfMFE^ffvt`0#OU>aU~li93#^XW}4@cAe)c>m5p|1k^3Bm&+*^;O;3%QzhgD|<8d_L!Y?v+4-s0(D3TkZ~(#&eLMdUz?O_{%>qlH zk;Q;Rjdk*BzzqQliew^Y#c%R6c)O$&qa1G-j!9+p-N>AB3H|uKRba*go~38&xZEvL za5;RmO?~bj7QOXaEhDx7X$$8>?nbJeb#NI~Bl>;Sk-5UGAjk zXW{ltMqu3@w1y1W8dgM9{$oHbP*Wb7aUvTK=e-}&;B~0)**4I=M$4-}Ve)p@7$7g* z#kjwcRBE8(wM%s)Ygc??i0NY&OWqSi&TWp(QSr9my+ICb-W#f;QqL$MB`?BngE(&tnU>A3BOnu>M~DZ;yy&zxwDDoX zt`~-s=G2gGKK@sbPXIL}BJ7CW_ncL2N_Nbr1GdW+j|Eq+eFkPE>uooh`z$5g-;a0 z%GZd`Uy`j>E=hERWB8=;^p=x)6dGKMk0+X{ugGqkL+wY`$6y6ZpNqm1kC}DpsPyJAkG4ZwqhSF)TRc=YT4{&|^}OOtRFx-K}11 zRAyFOM2`ghOHJ@0s|i_ri`$u=rjyzC^R|0)w4}BQ)MaN)`IRYzj$w>*twzuG{qc(EV{FOGR zNivsD)yW;0I-Hdxnk2d*B#1v?DNx%+*eap`MVzz@+Yg39l}8rWMY4c`xQ$G}PBfS^ z=wmk?5#QfV#J$KJ5H6hV!;=LkE$*YqYEjVyhEnY{uC64LyA6sr?)}qC8#Z}B3@wgy zRwi5C_c)msv+V*;8X$!-R#u5FmOm?r{~#;GibtrgO2j)`tZUKIsNp5EqGsNNIdaMC zI4&zz$@8dA^~sDF@fxt6Z5@~blEui|lyKLXKBw@Gg|1VL@21ow>H0U9UD;&Uv%F|0 zTrxhU_3&k=(R&iF#THC*j3I1Ly~pL_R-E7(fEPXT^eD`BsTfWlDVgP$ZR{_0Q@f|{ z+W1kx5-SFH8XRc9 z7woGCxmimL5dthnonog&fsQ;-DcJDiI{4+`Ad{^Nqasi^mMDBzg0>6ZW2~AzT zHXdNAe+GNM!?ek~3R|yYe(rqz3AFGtq^WdGp;p?!lup9tDG+f|_o^gq4Mh7A$HzZT zU|$!|%1^3{ja~Bxs9w{RU_0b`6?(ckI~6v5TPfA#DqBVAM&HFkyGd7#^T&!r~(<%k8CYiCty^YaovYUNG?CjFQ8R_-mvG7`EajyG`8~Nxy-UJS)dYyQ_ z7;ueM>Hq2)4m@sToJEO^uWXs#g@c})*TZ#CmQKX-j?8Z<99mNO0N{oe4@aNPXqQ7t zorL_S@i7c~tD(hO&b;5lQHVTz;Hv~GgNx()NZ=V#f9HH-GcWT~2JsgI%&QETR?1sS zCE{yaVWwB5!^}3Pr;ibVmw6Hk4~}zLVDa z+SF&bb$z%{G|2@HUDA?zG&5<=4H8$(wpbGZn8y7?n9@4U2%v5$i){oq(pD$6WLm#I zd#BYmgtDXL32wR{{bt|She0Q#xMMppF z4S1J#Oj@vo*u0$Ux_%`11E{&rY`iwOPjr#$KvpFlXQ$5#*Df95=1dpxroH!eM! zEPiKmQU+5OzQV;TJo(XyoRnnme7m%O)#R4#ECQ+fBL4<6r*i)%eTDUT-mwuVW=mTj z8r$F^{g|C|zS>u7I!SRz0-N65U)d>5jI}2Vo+%qhSXG@u`-&@k*{h`3SpNy#alQ2G zCZ^nTrY$B9Qpg8Y=-0(w-f=n~#)y#MdUE!k9_tg0?T|x|Lykg18vnz?)=kE%h@onx z@_K++On6^kwDyQIh7B)`av%LygLW=-7lEVn)PBzM z2j7Oj(*k8qX#LSlXsx@?^+WJ@pcF=)dJuE;6>S8<=u@ zhBvTm6g64j02N-W+&FVeA#O~n!_HK&PjzD{RE;ie>Xb!e+(}fm$ZyzuA}HX*l19E& zCUd>d*h9XzJBQo|>m&QfIM?L+kZYK9u`NHx|| zS%zy^Yk!#NRfQ&(z*`uJpbszx1vSlaP}?Le_n4HdDfqm$#pTFP_69SQ+z7k3Al1B% zVxaR9S;cv?E%&Qyp@`P;8tX0*=6$o_*0U>~9&Ctq%B{O2dQO9a5LGtg_6b9okq51B z;45S$dPRytHNZB$quWd+NizQ;oouKTvrbYc#zT*+XipoaoCCj5PvDrT>JNp5bOLB@ z=*dA>2hcBNp|f`EnB6L=CsBZ&e*(@O)-UK(^)WtyfjU7`CKLO3l$-tdjpPdw6Xzf8 zZ~rk1(EZlSaIEQjElSSXJW_yr3|B^_e;>$tdKqBE#XwL}MQoQ;HG!_8{o^w)i`1+n zDa#BZx=hUMH0hcqbIkF955K%CGg#kqxK{h)o^-(uQ9&jlJ5yA$-2F+yiJ7SB@|G2} z$kR;=ub5An6#5*x*qhOr8&`BQ%$SynmPh9MEnd5MszVSZpqdh-;+SnRx#Kz(Ry*Pr zlZ@UvX(P48Rgkc3{-s9qN^Fbe8`Blw+w_>p3fyU;wa4swjTU{8mt$-9x)JJ=5D5oe z7>YZgm4(+p53QA)0s@ywIkfsq@WqOj8Re?c$LmSQV>sci=aMzLqk*LI{9lqvFd!@* z<|19{z@jM(KU?(En7>cms*Gry&*d-o43fQdJZuIQKV+8G{3yhB?dd0XK|^`vV(xTK7;BzWH8GY$)P+Vqbj1NoQS5{+=Yy zw*VLzwV)Z7U0tl)U-UK)?QYJtn2MM#e`cz=w?j|8SU=w$_bg3NmyrOP3(wOIrzP9Q ze<%|-lRKta&uV&{$JVL2QX;N;C?zCf!BXIh-OQNh$Z=`Zy&e@}=X0CkA#R1!gUodN zIA_wMgD93Be)K|vej#*i`b1`X;eEZrX@?cozKXX%cw|1&{avF6<9VA*x6Er4^Qtdt z0^8^TZzHE5c5!q>pSQMHgM;yAH%}~);M1V^*SC*i$KqcTf{bULW{gt>g3YZ(=J69pkXF~>ZnuqSc&6&K9OLA>{&_L zbi!OISyrqw$hM)P-_(^aV{1r78@)z0z=3#llzRKORJ60cn0~lvvCQMmf6c z9Ud(;oSi8I+7i%12&75_QN&+B3A?j-j434)Q7q#9s~R98)FO0{m$p0_(?UNy zwTz5Yw=BqwI#YP3*4d@Zu57C`in~)NA_=}#W*BlZPwiA{f!AK}9}K_6VBK_n`Mt5| zNM0}9lUJrWJU+HPf8jRHn2lzvRj%Q}5@dx6Kxd;`Oufix(5Te{i~{7|X*iB8bWX{u za2#S^x0JxB&#KA(D8_c}_5niDaAT2syC9I~P5>3j_A40-M`zy-3&-N-u0F&6E)CeR_h81>8oo~;m_aZYdgIUY3rKVMb8M#GVG-?L(_s{%8Gq!c;>!7)Epf-sR z55z5v`rjN3OaiTeVxhfd2BH#$M}E34qcOOypOI{2BDn7BL-&*&JN}0u>i=G|M*sH* zqW~Fa|9iYc?}^=HUZgLlNbXwOefRVaYhe0P*BkM@N%%usJfscixZlDUX%w`RnStGZ zF{lM}kBsAsl-o>XiX4=O`J_3PBTOGQj*WoPFe3Ps#3dINf1b1aFT;ps2ER8>E_x)| zr7Ri9Z>1gUPS|T~8^lK+)~f&SuOH0OI_9ML$TR<+4DbEF zH}&>^-xL4fYSRBxZZPZr_2x(<_dAxs$ds*WJA6T;dFj!@LY|@KN|n{(#iMsL9&?AeizQ$yEHQKLu2_{wmc3>pwkDx zzgV3GW>X%4nI}@1>`XKz$Qla|>V^Ny2M&mU`HC{Nr>*or^}lHZbGF}g-I1I`P5lsVKrcfqINkpbW7_^H ziCnZqUTC5t|IPO`d35uX1bE6Y+rn4EOE9jlnc;C``;8IZQIq9=-}vQzT?c)p@lBRo z0(i>}#g!Fc%$3UC-G3YLZxg+o1I9d5O0l?Y_?Mr^lW~(^GVW6)OiNCfM(vW;U9N48 zHLwMCa^}$X$Nb2X@Pq@o+0P427%_L?yi_``!~a8(w|~L{{uYtJGxoj4c$!E)CYCbn zVkKS1ULJ59yPjNR*@js;W-#l>c7o-?wv6)>ysv)HK)<$EgbH#7&Gb;9S@mag_}YS| zVzus5!gr9qtO;tkFTn%0o=PDPsIMc`^SVYwsD>)Y@$gs~{>!u^>v-jf#p2N+)y_RJtI&S&$NXN$4mDSSWS` z5)kQKdI?29MFm3dgd$3Skbpwyfp-R^vbAEi+_3eK|_9kns`@ZKKbBr%AlMO#zy!|;sJWoZRasAlb zCoZciI20L!cN{8zHs_e20lcV(>p%N6!gf@4I?hkD*wh8@)UyQ|kufE9mQi7I-D9dP zDWnsuG%F(DSZr?jXE)9f=H_@Q9n)gFvEn@Qib7t$nSzc=FJ#477|-5(6*0zjK_%DH zxe}Ph?86F-+dsHvk1%V-Uc6lCMVcs1knu?4^=wlPv+dlweG``JoWB;l z5Q3NEPMJTADEAlWfusuNTT40H@oj_nwnO)L<Q%k4RpVP$5A zWv$fwN?>OV$y?Z}#{XJ3cr8}Axhx~bsia=BO@+RIC4zq38*x#e%_%QU1;su1xQC4{ z&{{TuQkH(P5_#0%k;4CMh1`8d7)bllU`+JZIaBhbXAet8+fE*-VzzsbCbpm2Z?W~P z<}{C5x}v^+e00%&*)6Ot8o8`QD{z(A9QdL z=r#9<>{eJjEOs|SGf{!CLap7Piewt)TRuX~)~w}KEq{N~GfV2t7m*@(>OYe7ZB^&@ zxumcskwQiTd7u&>uldRn0PqneKU&q1)&WA9uev^J6RIA#+ z9o;mt-R>{6ac??TW{hKqIj#TsV(rE%Nj|`3VxE?kq!qwV z3zGNbwYRoxgx6*Z=DKBv2c}ILBj%gMQay-xH>VE33m)co5K$7xvv1$&NV(c$TmSvj zlU!o2n}3_~uCH#5d_r87-Z$%83wtg7w1)lXwMZCMHkpsB5eB`u*&4Gnt@yhEJ=3G;QN1)=w2_`zv?|kEa9e$2j-+$%Sy8FYP9Vuij8? zF|zbY<@7FMr*>PM=@x5G8o$<1u$Y9?WaE)+o;E8~MM~fLxLaoB#|sT{jr5+yuiOW_ ztdUu&BMjW;QRu3pZYFN7H?C5r(i5F`-hNRn;*29pt~4rc9E-6)#ZnWr zJtO$#2UeHvtwHiyY25u!AqFt0>Le-{9_0z!ApUn9_b<(8?tOqENfv3FejosrI9>h@+ScR<5P_e(veu!*nZU_;FcR=Yh+#(b8|}tM`&Syi#$d z?`G)C_Y!y)V|4=4vsT1xRRl6uXqqkM7fM>&03Cpb#G+2nM~`$9g0$EPV@9e!V|gvR zbQn4-HHri5_&n1s(9+_P58wb8A-S%j=LVlFr6Hu_NlRvqu035==pWs0GuA}^KH$_M zgGS}5)_?$tcjEmK|M|#b$Nr1oKJj5Bs1mewe|V2zj>RW3oX6VKE%#mv^yQuMROEn5HPw(rZ4#+9r$>EKqJ(31oiO^%MM;iy zviPbT6oiMJo2{DH7Jie3 zbDJ*d>Sn`czEIGI+~1jHTLm7XBO*1+x8UOw$Ns`kzJb+ch!1|SK}->KmFxs%eY8(8 zyS&w4W@e9hYcEHFAJ;8v3DPN%m{&qW1OyUx8j>qpoo`v~TX?g9 zsRBaGyI}?b4jofA?AtU&e0f?w$9FJ1>KB9*le(MavM?5}7!&k+!^U{0r#(s>1*q|s z(!ijNm2_UWkNfn-?3av93T}mpI}LOlDVxs0Y2rqnSXR@|yv9LH_2j!JIRrg+`32pT zUyTB}7TMu!eB7Ley0Oow^T*n4ztK_8txu149--rxzNh(=gxny_x3jlt<6*P4o0guv zMt)Kz0lKv2EFBYEzXoLwY_~8c7y6VJHgH4ZT8;!zPNqI z#|pJ~*j*BDO5v%>lErmxf@nCVw3_AbEJO)bbN-<9U-(u<+QN%T?XrS!N_{4-XCORG z)NhGGUgs6j%*2fhqelYtZc51?vwW)KbgTBY+%Q}8FO*>S`~DC28L%~W+j8B;KihYU zNlIrc7gu-?zfo|r{9b&lC(7*F|2i{Q?)~dlrb$s+w|0YFrG9>ZU9IP?(Y~YkVHP^l zV~j!(IdxxeWE)-$W#+_qfD|t)>ACdXo9aWO_NLmlCiGNr^YsaRp~NPa}hOTOyoZxq#eQSvdB_^5JR3aMgQ*J<^XSV#u8A} zBc4RVCFA0JH*!huxA!+2Fn&`}wYvoTT}{V7G_9U9FK=Uxz_HV?Ophei*Qc}dWku{Q zbmXaB8Kr;r%@Zz6H}NsS3o%T*$CM;-+(Fh8M25NO_%- zl0VYwGzrQVhw=FZ$_lJpigOW-iQ zvM9{FZ}@I`tNy_r_l~PVGWpf(znk2@olZAaOaw&Swf0Agcs#xEhA^Q?Pe#*FKkDj59sJ8aUWk>NJ=`u%L?OdO5lppeMR5jK=x6-Ma}_ z$PJ4E0PYt^y{#(&g`zW2e2BA1zonZ2oA!2c*oG#fM%mYYdjVFb0;sfn+WY9_DA{Z0 z%SVGVmeLhQ#9HO_-^KrH^;z-L!~{x;S+y^<+@^dwD?7)vI$%<}3MyCiA-9QPH_62D z`X_EV+kJD>1J)M@U4YtHt)wUn7TRbCoz26Y(}@%RDkCK+z4lEw-&lF3PgRlRCFQ*4 z4Fy7qdNluu0eexS#*~1`wJ#ep(2j;rSNAmgrwUP&Yfp7&wxzkM$L7XTZSFm5$5R*E zTcQyZX=J#eytsJwn2CH(o&|~Vq8HkLRbk4gnUsX6o<5)MJBg35`S#N7ynu*zdB7Tq zM7^GR?ZiwBC2ESzHWkGB@~+|S5{vz}Li`g0S2IgGoo6l}d(I+l4c6LRGbkP0e)Ixo zx+j;kzDhukygF}DnQ}u1?J9{f8t!A6a?YS^E2gmdP`i!HTH+*~&QyxM=T{Be`wXBq z;-;eb(ez_=-PuNFPT~(8!=0(NONXx>lI<>q9<~84L~+*mW%P+2Um;m~0W#H<`C`5> z@J2PoI1~1nq+afAbYA!TKnXHtF2TVj+)@WY78l-2-tb+!gOeQO>R$TNsiWvbJM2Ov z7=+X}txi>oKggIJ`}#ttvAU#31-)JCVBX^Q>eyB~zCca3CAmYJ@9{gEqao}$t(Vta zgAN@Z{Cm-HCxakZ_1t!N*t0SI@RI22>?0_e6e!YBux)Jps}yy;m&d|$m!bpKS4sJ9 z49(nCUbFmp5@)Sys=T=2)ndZwA3BP(JLIR?h-Q4OSYtn}jbaDB-h{HHVZX+JyuPD}!`U|*!cGiK2W%miC2l#7 zO~=|%y5e6~1;OHZ)GqXg4z@F-yd0aR*IxL}{0yCg{G~iol-kAfHL{1GteU{gf~_U0 zz!vLeSg!zkE5ZBwql<3eFOk-toUgp%X?_CXi77|#=^iB(H1Z>{`+4j%4M=OVwN~PD z+2K*uz~;%@8%tRREhJPT^7z-tWma9zUw;kME_7)89zf>Hh&T}{CC*4E%*0mbB?ja} zpfjP@OhN}|C=KvuM4-UG(_wmNZMd1Zb`COGNn1h8Y%-_P?Zf7CMvpVcg&klX;N?m`r8(AL~ZP4hBIF`;Xbxwm*u$ z%TB_UlsIww@9WNApP%T+&=ahnRFZx` zP$~<|Pr61(Dl)Hd*G8~@pa9N#hfCTR7ub9sI6GX>6L5ePWj{IxkIPF1lX>a-PFsRi zHospktT59dG{LKPe^~@8exUW>U>garZnMKKg#$8nb529$ZaqyFI8;e+a{;toA71mF z(JrHm=7gz713B^_Mw1f*|4o6u8J`q)jRwl@;Xt(@`QbjnAN4FE#oAX7*?C&c7dD-L z5zg=XW%U)4IuVbJKmVvJQ@^qQnH2fO<(&7|6o1;&@nA4h(=(DKZ05Ca_EtT7Lg_o;8YW!zYj0SC$iX8}AXjktjxZRj? z`#PGb7yFg0iaz1oUzkcw1{j4vlGp}+v7udiXzE-APJ8g&0dgsXhoPy(Uw3%Hq?h|= zxUiT1s3?DP&|h?cn%g@j&ARmu_qPVYjRJ)zeNVcj7AW79GRcLl$%7yKw!_}YuW=ny zsQ_$zslfxKbavRn%LotT&c{7h`kjW7)cw@eSZ~;uUt=d6LFHF37VfCz?&@xECJx8y zg(Ot6WUaMfFH1aK0fyz|gSPytUSu>>n)c&1u7;{{zt~uxKoS4V=d@K_|1&}LZ$3n9 zjHk7^Yu(P@%j3~zPBU`@;R1nn z6pF*E)A#ag|0)Aoa3hbsdaL1n&hV(DG}6j~!HWA`N4{+klrxz8x9AZI)vVR-LD*03 zf%130aI{yZ01!pQ_& z*<@76V$zre?eQECB3FSv&m}k^yR&Snhl=g>O#pOLTW_-Ahdn#Be&+|#gs0w0Q_9CL zF+B3ccy?U97`VQ?AAz6NuKkL76j^=0M-7cFVHXK0dQ|`D5&!j&2;ZoH$u}h-{$MI( z6(C8sH$369#i3`<8(Db0`W1hJCf+rJ(nPt>L>2Y-wAL6EVjby>9=CHe+M7Cj_KquR zx+~KicDm4=UOq34nDgYSJj6jO_pc{LL=bMy_1h-C!ebF;iX@{DlF7nwL-QkFL6=70eT_5Uiz>9YIMWpDzCWI(t3Pdeoj}Ld>PF_?B-#&{`8ph zIux@Rt+EKact_07Ez*%H<_AQ8SArgzUlAzD7i{A^E>(KYKnW0w{Gs;N_6shmSY@1B ztUPjc(VpU(} z$5YiG9U3Af!|c9xUkuRo=k(Jw>jRNygXYK-E2BjGm`J8nDUYq;KmWEyDlq3kZ<5(Hh@Q>w z-=fQsnbI&6h-c;UTouU1%Flc*Z6$hjC71vf*nu@8i_V0wE7*l@JHW?{DG9mWDmPCr zUPQ9&VITb{>9rJgTP?I{dWUlC!tN!%&%qUh$(xlpaC&Xf=)qn_7AE;RCvug}=HN-k!PNO%VTdE7{jpw(boW?D(W=}d1*1~O{#!dQNqo!=r!*s+2E-eW_DeSr%ja(K zlJK3;3ac6Oj$akHZlV36XlFs{?J=vgj)VwxIKa}md0ox&O~s!78KIQ!gRXtbb$hw| zR)lKbics)!-*#5ooT4b$4e~GOYzb&{G54Uuw@o)COpw|KXF5ms%^LD6S?qJPfJi#V z{jtY(*4`4J5g!|%H@hs92;r8U!?|4>v==%Gr(u&g8z2ao`l_LnqiK?D9`O>$iQ;ah z9&*_TzZaz^*X-x_CnASfzg0%lIr=Qcw42we)f7VfeHB@QOYJ*9Pt~k`WI6+Uu4_9V znxO93XWY;RG&9IgFFMbnmafpQd9gAKr~{>cS@mgwSK@`+VK+PwXLBVwIEvSV3DtY? zAi*TMgNpGeOol8dnUP&@uS381x^*4fj-2!S{&`^5CAala%3jp^+$fY46E-t z-ZKs<+CLiI=Rv1GMD zehC7h4nGU(Qc?!N_C=(aNMq<%qH5{5G|GIcFJ8{4P#okehjoye8V9I@Y`LU0?Z)6W z59k0m80!)Qp6RmGUn#enUA*gI{L6n$`q=u(AKHAvT3IeFZGBRq+YGK>4=zgL8Ia>( z(TMni(r)d44@YjUGrzx-owd=zk6iN3YA|;*r%sf$)8T!Kf-Gw0lz{)-{Sx8SHRHlN zR}H-NtZ*P2Txz&WQB{os()%;zutQnzoCzIM@(ECvxEE$R)1#?gzXbx9lQ=IGqaS#V zs1Ht^f4u6?&8#J)8QXd^anXb!6O=pGN`Y2EOIJgk$$^sWNu((|xeQ^Rebb2bT~DUI zP!MQMBDBlF(#$paIcCk$1->oVVo~^(xeHLTsdwN>_T^dCx zskD75bghls;jn3AW*Dn_#NmBj(PqvSmqDrt+b@8K7RVh}?7uPLWS(L{VL4ZE_ z{Vpa}8^NI`tX_XA(uO?vw~yt&7ksV&{1yu5*(|oe-fsGEr7I>d*3sRYYe^OChC@{1 z6hKD^zOde_Lm-`&%B{^5sWEb&@3hc{%5}D!953m_&FSC|m^vAiRifk2_dcoUMdk*D z+G`a9D%LTIghcru2)i$7op0Y!QnKzVE#0(2-1yQGpiMuzRxhkEP&s(HhWG9t0~y&O zO8Wc5{URji3^{nh7C!-f|s0kJ0;^BNt@{ieAQvDlZot> z5w}@eNY1?g#Ke5o9x22JMt$UGw2fS59)@b?U#>I3^eS`S|4wN1pFRkIi)T57!*i=) z_pKe>h;R)YO?F}azvND_XnfK~CTtb8N*@8*V;Kbk7W68h`hL-Y@tw{z%+N#EX?ji? z4UwGREEc%`{I(y5okmt3$QkZb0P=~4Dlt{i+iP*2E)A7$mtv(6f;MS}qkyY#bbv;g z@ivj7>-+tY&^G`bDIi?pQ>B~+4E}PpubmuTG03k4C|(}D4&nA10CH@v_-Gn#@H2ny z`fm+`Np18@cVH!Ui-_WNNw-A1F5(fhFXb2eRGHZMd8L&6z8nkx0u}|K)y=PLtS)Sa zMUURxZB(0Q5t0ev+Ht6!KsB~)8%EtR;O zz_5=907OENe*L zU!%=00qnOv{>QiY)QXNlUBL0dhaNh|4wdiE?XhNCzgt%Oz=tV8q~gv`Yhx?tQvxqn z0C!|{Gaq41somV@0NftDXtg%qt}gI(eP#Z#Y7}5oF4jXR%8<#om#4=Uw9r~ze3weJ zu(Dn$z%cA#DBKzFR@{Z32U87qmCIdC?J+Z~mUQepsud^x>~2e(iLyF6L!v)dTuBa1 zF<$`$d3Ny3jV$BR%1%4To}DwP=$0~P!WnMOp0+WJj7QGf%qV5n0H8A2@IL6qFR#Rp z=i;7#&LGUUxkka|Q!Pbh#2?mJ*X_t2@ny{oVG1pgEV$kM!#8taIVn(is|2P4Qeo>2 zU=$xQc}ukAN_1X8jo#m7x;gvl*;W-33bTMjamt$aFLZwQ8g7`=%}g);Av4pqI+NB@^QdFNMLx+BYR3)%gwFfEAJbBm@J~G~y45hYjAb9D zg-1e)xd0M~D`yON8L4;vAu3kMwMXn*mBqtRN0`X0_Yi!ZVcGOS3i(3+l>A3G5>Aj+ zK;2KHn>>1Gd9@q9M?|fahAAzP9J`-<0N|Ml)eL@I^Npx7oAl_t_i~o)@{nMgHSquc z%~$s^%sFvZr5~wAcoC!TXg~3h@9TNm^SLtQ16-|Gc%Vc5?lxN`&^pZdYZ-!R(f`}% zwmVB{X5A#KLM%XgqBYpm>Ca0LM$y2Au3H{k-Le34NJ4yh_IN*rb@0oC&x6ntOh7^$ zd~#2|F8{z9OgLa^NgGdM*+#j1uSY0fhv+$QNC`Zt+uJI(h=+UWusOwu|Hq=PpSNy( z)xvMpKa~|TZ@U^k#ppm&V4mC>_<3)HK4Ql&^v@@yK6apI16oA>9>jUn10GoHV8MU-hyyv^Z?+AIc-T7B3nZ=GywkR8YkA%R zr?BtkwRWAYPw(kN84aF~IvT5qw~j#;_-GBcE4q8xtzI!f_{p|V0Vle5k->M%68&`R z7HR+K)4Z>;=iszi>_s0-tl~I(o7l7Qt@$DMZ-I|H+4xM0$ChHTe3^cK`x$L%7yp_H zw}s^4vtLmvHwQf&@IS?&X zO8*%XlxlXmuQX094w>Xlv@SC&_(vb2{Mk(hVQ&RrKfSs|pl}?b@2zXFGEEOBWO%_) zd3Z0p&_VpZqtH6}Y5;9hKF+0pe?-3B<$F?qu}m$d+h9{B-u2ve(*tg^1K@+kKNtSv zgI0t4n4tV$7sALaA2gAGXhLmh63GieGb-`CTHo7Wj8z)#_g;rX$RE2W>uawecdoXO)Z+`H||h6(>-G;Bpr_x_%o#9Absr5 zgalZ||F@#$e&Xp>>z)Kf;f0~txD>J3MpzxSeZ5;;?(W9`=#?`M(zZ;UyPwbj{Rsf{ zHkamkqk!1m%f!erSEN+=Vk7X)Tr|;sHtlBR?hi(7Kb;NWz+ulBZH*lH5=}pF*#Gn^ z180VaVE*iD`ZqJeH)r3Q zN~uj0S|9I^Q;11u+Hr3w`Ne3?7r7QoLNENFA(23OlE4d@2U%|!}fZ~-cjY1O=;Wl$y(uk)X^DHCpZ)g|>!RO64E z{;1A~Gx;{e zVbyCSU@7)o*-)WtK&t9)@%??^plh~3gFjW$b5d6f)HJo2xwT;U(iVkda>n1BjlzU8 zU0&XN{imxy$#O?&*Q@7IFGLcFC53id9dmE@?)bO+d3z1wJ)!@&v{~wn7GvJ+{AUX| zU^elU9ao=>#j__kA3T*?|ID*lZrc~z(rkVVRw00K$z%L)FF<9*ug^S$&2SR0#~TjIMw#_m};|qI@S<_Z+~$K zF5tk0%LyMtQfE*$<`LAR2E%zExncXNBC~|L5VFQ)hkhRMesDH;EtDu0yd0-Dk zS8mgL9%hyvXMRv3Mb+!R9mLrdtW(;%?oMQw?YTbdcOXL*F2_FGd|- z8A{xCWAuLiQ3b-*U%SNzPA7l6y!p14|DI<2z@TQVsLM?87Zn7>{SFYK$h~l#NL#?~ zVnHiSR+uNH1eBQv81vGQ_uws3Z{QFHYh4MWz&^OQIHKYG{v{!AuhI2?``(-#S5=Zr z8Py8DR6Z_eqnD^}&%j2=y7(gEPl3Di|mk*Epwxe?K0T=dTPDsb2sNm`T08Ij)Djb*R#wNP-b+iTM76rH2W2XUSHrq?Drcytm2T_D1~U4do0q_RF4mEea-zhUDG& z!1)%byFEE3cY#dD541G*Y9+|^=YaEhgGwi=OhDvA4j_xiXJD&pfhed6Zf~(A!KqNI zz?IZzMy(0*FD&=_Bn-T{9VHXz(10@z=vb~6JdB~WxCFvKO}zQI1om1TO{j{RtL8t? z{)H_rfS!c`nH%J8#9chbo^BN@`mlrL$KB_}(I%};9vg*=%DwhvBw-h^Hg>TF3b9Lx z$tlEcQWMZDcYUeT-L3%{krx?l6~QrYO9L(S#KGf5IzLEHfw zo>o*ueyzG24QA2>sQLWoDi`mFoK}?#9Fwzqs58L%=}!;Q4UV@pdZ8wFAXNhfvDpuu zPWVH0{TFjhSL3eS+okd7jr5-FjP8f*4#wH2ce~X6Sz>3m(lgS)0ky_yh*WpUE%x1> zm<`&*jbw5fnYa7T`i+ReFQfY%i(39-@S)q$SGw~9e_Dw_Tq^pwU*i&+=FLKo+=n*_ zAnPH84kN&x-~qB?9NnZi1SYwS*`>bQ>|h+4e`E97?{durtdJH<1#ex^T zWreU*yBRPaBC!5}7r4{AKpePui^N6>C=ScP>P>*LOH`zK;rW55X160Hn)7fJ2h>Oa zx(E!?>ZQqRV9%Mt&wAobY_UHXXNq6s@Y;9}xizlb90o^aEJWvJ+R&XBTA0mh(5K@# z4ULl~`019OBQowOo$28BZ>{+WzI)pq6I;Id`NYj3cu0~3@iydpGbz-BDr)Bzy6)8Rut&jC%kbALHRYSS@Q^NSsfFPbfRjm zOYZg~S?BtvJjy2Gkg~)Lc+wY)tO82rm%f+P(sDgUSfz&ADl8LCTFjQ;h}%E+nM?}D z2q4d~@=CX@{}c(jAgC5GH`r#Y)$PKr`FJE<$gN%+m;h#7a?ly)L{ORr>hI?H ziXZzMf1+#Gut6+7u!@!1lNJHdvIpZ{$F3%ggB<6&k!B8$_Aa!sO~5wHp7)?>_1YQ- zH660@cO%-aBGM&NS`!tXR8rIxSD(#Gk?%3Ei9R`7c%>s+?fd+0{K>Rw_rKU*7Y@D} zyEe^Z^X6ZTY){qR>S=vhY|F8Iq#t+VQ^nT7`u}*$4#F`@ogCrBwKHt1FZ#-5H(X~z z{+*#aLkA`A4Z;s=Lr-H!@6!pIX2b4npb$kiSX~L`328Hx?a+8xTRZCBO5)jb!okKhxfoGfL-9 zWxn*|r+)Ud#B9C8P}dm%u3*R{>HU1+x!xZe$>}k(CY*_A76@k79`!Y$7C` zn?5SeqsSvC`qegdf)67PCQ=&TjcWcg%cV1gO>y>}Y26PlQ2jzzisNt1P2O>p%*;}` zHL$09@aBanuewpk4y0#-N-{G!l%1TFHEQ3XiZFI)Y#iMO0yB~M2E4Iq^clFh-X^QO z857KM!X^_mIScph+7@zOjT~`=vz`iO!Xx@gKSuF!brOf!erL)@%6sdC?kwxO^`y_$ z+FOqKwgYVu>|Rp`yD+^o>srt))_g_j`ZTT}RxEMbm_?$ZwBR1S<9bc#^utt+MSt z;|}(Oil;>km%5bgN-tO^?-CmDd7WINlmKU5yd2WxvXsHH##q5<_6JUXx%IgQtWl<4 zxFtDHDF*#x9|k-IIxUR?L5}neAtLqnaFXkU3d^}W6BrNepvH#LsG?yX=FbjX2BANT zN$)Jb2159agZA7m7i3q49=^4M*R8G}8svKWb8q1K6yVQkFaIj;)Sizw3<8yellY1_ zoMcV7_2itPhu_ZIbV1EFLZo)RuqfHZd&zv~JQQq1D=s#?Z*3dK5zwc$_x1Z%T%ciP zahPQ!a|AX+_>QOYz6+vs^mL$WZ94hg}?C2&WHvz&c@ zZ$5eMO)<|r7-B3sty(U-R)4*0ID9^Z8;5#kc%>7u2rBD&9EbW&Tbm4@Hhf_mLvG_J zaRliCal{?v&>hu2U}K6j!KL}COE2(oV!GqHqZ*hMk?Q)PVkP?Su13R7WrUvoDH-oB zmOrR7gjF(Qk3J|l?f8)kR4NudeBp(Vj^t{GlIV;tDYq;xkv3zS*&7;6zTFr_%^$Rh zvA|S3%?&PJjZY&4h9ruFmR0kGHsD;5i|Pe`E~56vt@YehrwiJ8(j&T~@%J z|E)OjjjgNUu`4^Z=vDXwv@#2|((jKRb=pt9a*_?fzE4^m@$0Z4-*E^AP1P5yp7 z=jv*BQ*)x(Qvh2@4}6Fh|%oQit~Aq+?t}+!Y(^KL)4|E zad0Iv_a{d2+0b2@v*#YkH}_cXi_r^yi;hM0%)-ka+zLW)ht@?qy6aSx$y$>AALTZd z$2X!mPto^=U~g>j=Q@sp4TaNH19tMleR)`e>XOu>bFf$99keFJs-VnR>&=kQ6%+X| zL;K4=A-HYTZ_LCY+=0(Det;(9_--V0E&FKBMCV#F9D$OwVuj#vl^?%Z`SlWgO8ADR zq@20P2G;jq?7`oCB^LIdi7Z1%sYR%ks?2v$QN#4l)P#g>)X48Gd*ru1Wt4&@feze* zH}u1r$;k4bHIX6j<-T9a(j~lJ)akf7^+BvU7JWIPu3tF6s$=BY_5Az2q|xyxaBL2b zlo%jX9G0%lPI|gZ^8R3rI(AsMi!FL!>O#vtHvAd$^bfyyJ(}B7kL=v=WDni$#TfE< zAk`>IWmbA~eLfQ99f6>udD}+ae7>C_)qY_iMFXde$G*8*cOh|*HgKc9V|8k31G!@5 zYq`PobwEE8|v0#6#S+N73>tcnf3s^Cu-2m z5ZB_6Zqq6;6z&=XVcFf5XfoRtz_Z06;sHImVg=gp!qEB0NCWj9NM&`f+mPTV7 zuH^#ENxN!`Ifg1Ec`-L8O_d$VXZYk6R`!H_22Y)ZEqd76cmQFAYjwz-wp)-A&WuIF zyI_iMjU=@GCkgX$&m^lBv!5E@6YA#B-0P$TWV)rdVS@Y5KkkCJ5p+698o97Fv-fTD z7M&z0Z8mX3b3||_pqF}}Hw;-gev7NID;Dy*UG_IGdNgqabAuf!Vc~Q^X06Mi%2Y%s z_bxWxNp!g#B*tq4MYgS1+CU&A_+YEpst;Kzmx#le$v*nF-rG%mE>M;TwV&sXTwhjy z(F~b@RnN|Joy0y=ecg4c8Lbz#h&D#L-LaOoSm4yng3l6w`r>^Mx!i5M+0u`EBjySs z$QM_3Mu{A1lVX%{8;`^y(_ZBl#H zZg=eCdSiIlbljlLEIc?5FqGvRvFWhYb<*s;DBpSCkNec$fFGz&MhBPg5HSpwuSPz} zS5;R3VSw+3y0=tc`KY6GA0OAyA|=_vympN+yIKad5V8f_ncU}gZ7$WdzTWY@5()t& z8c51xt)VE*=Q$7l?kJQ_&%jcYbx=cHzi-`-(UDc(MC_=o=6pI|#Jnt|hnW8( zJ$z@J4wcPv#Joe)SKohgx53`1)2l&W`>up(L<)|t!io?G`LopR=i@EtQj;U8`s1l&rcyyFzCzxA1WmVOPXH6+7D$*J%8;zD>xW+Mk+a3R3v9BL z3RQwBnk5WrmMww5zY49D9aaqVCny#%x9wDQ@C{gt4qOl<#zE4VF9vA*xztDmMoz!b z;U-H@@ljFD3wS+OD%3XCRx{=p^ZiSz)8(3)F4zb z&L!V+glU!YS{@g_;W)Ey)3wIWJT8u4dVRT^;DfiCOA|`)ey8{0f#m$ytI->XOwsG-BF9?=d&*)<>9!=9oecq!<%f07;$Mc z5r0z25l7+m{zw+QgONEoio}zdas>1)fJXs>J=X&zmV;FkDyYH$3+ z?u~$J+%xQf3Ef6i6F4h=4XjdcfPXz#h^WKf0j}eEGPWX_Ex5@3Zcza7w{>Pf54QXO zHBvjn;~ zUB+W{y7)LSiLZ9J;cWUi;$9*7LxW26XJ7fdeXjZ};%h?$a|`}e*^v8_1JesCp^*yu zEsVCD(=1_fn}Fut%=!}%8|VI}WjAY+QK@oMDKDC3h?sHAJak(0of_gs|9}mHT8Y4o z%(p7K7@9drZ1xVg=_6byaBS6ZU+&6Ns+TNnd$st+MrY`jAu&JMUu2wms&r(#{4-9BvKlyxV z_`JPqX*(sy!F);gO)nxCDdvm~MLRg(*}qZUQ?gW++Fk-(&SG%l%Y)+TN0{%Y%N#7e z;d&#yzJpz1*}9<#o|eWu9WxN8iu`~^m)S({VgOXCBUL`ug+Uoa=W%ABE#TSG3F$#s zSy}fT?5}0(hfCwHkJy1YzmoI5#9LsHmrrxaf1+e~LHB zw2scu+an|g9mSH39yanZ51vjzK~c7vE`9)Wqt6Av8gPQPUA#Du2EJZG)XzZz7 zmsW|{?8TK=Z~eU&&lK=HLT5=42%Kh6 z3NSSf8s1zDDXKI2#4eyP)Xyr}lBD~#jKL+2ROMl0V#AsI)T2YNb%kYEA5otrGB73O zed=%(G)gw2bQ0CclV-DR&L84Bp(a@1$LEu#vniwarmLEsSjsQl2n}z43#d*>Iwqa3ZKyM$>TLg&0ki(I?9U8+l`}pw z^zz5Rv1y(P_m0C`T1GsazNsJ7R1YnqYLRDyHQ6rluf@u?L~*+p0IMXGJ$UF5cRS+- zyxFQJ^r&=``a5?}IkJXcUOdXkeC&hs5sEl$O*0o_gzx=9m9wuU(SN~0X(PyY=u;Ph z7@7O+g}$6C?W-C_W%RNP4n5N!Ilruuoq(h6*maYFn{R{AHcF?qTf0 z2-1gqZ3JBi$#|z^PHRpRQ7IFa&Zah)#b+&_zNHD2-aRZpn;8sRZHuO9lYwKBCtuf( z&sC-j{YBRzcE7&6@4flaJPwP}`r5}!KoWeBizhSVvqIe1xu?mc&wQ*;)QG}MG@)f~ zHvHD7q@#oKOGCFOpwu`oJ22%2117`=`1IA`6)C^Q8{?Hjm{yifnE^nZ&#Rb-D-fRS zF>{dshhNd=8dxw}-4sYUMa`piA=pGALcav%B&@?Gkl#FH&1pVn1}1cK?TExaNzTokm*!prF=klbHE@+ypd=N2jDoCdXirA`e|M>DuEg%X3jNwiX5Zw^9 zbnXxtpc#v{ty-H`${Ev-%&*2EcjG4{iaxo7@6z~` zn0(jwN0<*cQ!R8-fU$uC2z}jdNe$*2dE1H9JfI*eIBWo*l+d z(H9q5cM$il&6dM}CE8mXgOPfiV*;3+)o|6m>aet+lsFYPWTH-$1cc zXP0inXSz8+keMogc5m548@@C$<{Tfti|BM%2Uf| zXnpE15#IEHh`7ny!?T?l>Ch^YO!p{fo#fyeJv$hK4;j}T@k&|Q?`yz!;cLu?B1^8N zp0wjjIRo5x4Ob)+|9m<~SGRcT`rY%ad@a;L-8u{HCST0noHFi&>G`+6W`D?cr#gzz*YtfVfrIl>glzq>MnH|qpWz5L)h+<{F3}Lq zKHKp!_(x)Ovt;eXn7VQ5<?gqiR(>Jw{YeH;(6u|GrABYCbA zeej$#4_gCMqbQ6yile#$a_lPqm|Nshv-0_D^+Lx44C-=^>s;o19c9)^hqx=${2=nk zDzxqXe)ydCZ!f^(Auoh;5`8+|-H#9VZR96{)E`&7eOQD(2FlRf?Xu#*T&yR3j>tT~ zX6fxWXLZZhva<6YS78-cR@YWQ+L5g_@@rMxtWuN=E_$ShPgQ)jOCvS0zLEh}n7m@+ z2`jAhiZSbV>b$R4Mv9e6EBCz?Uu@4lE4loR^hX7BbrZ#`JM!LR_=v<-S|!q1tVKp! zL>W_s#}nYvyZ$ncyZqt${j7r<5&>@8M>8@b2U(9Jw@H$`rp<(7C|hKMoDQ&X%PhlX6PEEyOD0rwbmMS@8{Y3yze>x_;G+)>lask zuevQzXv{hC2|-zKr|y4h(Kc_Mi2q>l$Tyg9%kHz+woM15HCQ{SUbEG>60-zV7AgZy zvO`WIZx&s0iUSfg-*NT0eq+#F4wisMF9Kp2W(ln}pYPR0UmSvh;?(>&aR`%|&%ys! zBs?K%XjbvwBT=GjPY!eZrSB)B-0tC=$D$l%7XpfWv#8#0P8dtfb+m4^EPv^}`H(Ru zE7^%-Bq@hZ{N)Z~2Ad|DN>9kWSg(eXi(4_BYQ>i?Uc}Wxozv77_W?qS`6R>3`2dGj zy;d!12m>aMzVb;p_=+)J&1>FZYgJR>?RBv;JADfgMGr(~X-4>AzWJrM4T=1ZQ)3ipqfDv1ofKDa$qV$v<;vRE@`Mrsa=_&@=4a%*+#vQPW+rtA&?$aC8Xgl)^; zk3E03&M^s9%=ok)qVI<~3rC(D3$SstY~DlTM$0UiA|HLBDA%DAAX-Z#)1j0#^z=pq zMOvlHIQM!S$)s@d1!plq*WJ&Vh4Aa30hgv@B6JtBdg@K|Ok{L7Cg*6#9Zo8Qs%7y? zY%bq9$&s2{bZl9QJOrti+lufh0!ZCWL1NyyzWa8n{PZViix%Nn4CdKDL+SvnbB5Xv z(}kTJc!yAZO!ib9mKa-0-J^YE8Nyc;g~W7N&b%2#|y=h;|n0_Xzz6d!LlO zpNSeJIuQg&wd)$eNYEJ)SqtoBY;udt-$qt~i~LUu>Zt=XAsLb%6SiG<+n4zI;nFC%vZ^;+kUw2I2u-{Ucta_x%?V1Z5;F;P;XcVOsT+vta02XW&S(4G z$k!nNYZ|0&cB(X4rA%w%`bDXSYuP%OZhck z7Z6MM*d{iwrJAvT#B{S9`7c=K_01Sh)$rBYfBC7;@u?B9$Gu%PQtO1F3)(2}I5($m zhe^bTVz3@RvzAP~3oLdtZ9c>i%d#tTY`O-#%<=VNs>5IDgHkT#io7R3z?<+v}N#StgR6f8e2N1;TTZf(0^ z+}ghG82%>5QCdwnx&EDIlDVG*SZnJlQ)hQ z^~Za}vnBXgii!eaC((E5b60eB;}AlAhLsu{o3x(GzAD1}oPmcTcRsWmWTKfH1c%?9 z!KXPb#lIrnj$s$l(4ydh{z9R&cg4(s@$u)evad7s9Czi(-D#)HlHETo&20JF zRF7jI^)!u1Wta5hO~H|AE6DjVS1jJzT#MKgoUM~u?fZg6b_TPct?CO82M@qR$7&3l zWD~8`Ts@eOiO$Ll-brqwx^pjJ++Lc3;qK2y#k`*a`c`YxveZ|y(W{CsK$5G(@}8kB z4Wi#7u&DD9VV#-ONXL_6?WV9|E)_*;j zBY`f;ac6UKJtKH)5^V8aI?Doc5Q%am%`dYtJu@K$DLQuG6p1KsJ#c|^sY)t+ zFuI4p`?m8)pXmj!SKH2NSzwglfA7~f#-&=yX<;z{S%)KS-$^ZuBXAsPfNdq>(-ci@ zLYm5Raj7W)1U{*l*z`VRoVpj_IM_rJ+Vu-GjA$WQB@3ADxhvxaTQDf?V)IQlzWX?+ zN(v|GNmPls-EnDIMLjYAGlBuyhdeyMV%w;cB&A(CL@U@opLRF=a~BpXR3FQavT z_>}CY+6!x6chKfEj)3r(AXAJ9prk(`Ty|^v6GZfDz}Ma9Y}K+7CT#n@9lBF)2-JRK*GI6Hf*rg!-TJwDXo2B%)9*FJaJ1$`H_=tZ+*k{nB$ z4|GG6k5^%I`r+oH$<7G~NIR^!zjTO~Om_5bcJB`W|1Jay<;qeD#*!4$sVA?yLD`FR z+C}$xhL>GXzh&-tjiw9HxxsVoYEOiw>Vgjph(UU&qllCkH&lA%ZRP3Pr3mbIsDW-% z9uf;ns-BJSY4Y!j-5jT;EsJotBNj5lIE`~V*&7nRe?QPzPAl2JSk!FFai=484qxtX zcoFNN5!++&ld-n-fN-wn-U_2eza7D+lr_)yyw2?M6TSLiN`bo7`pdH;3c* z!BelEQIsL^mi12Bzo{6%t8lrM(zIgNDydS(UIGkF$BZn54k{QdH-o}Eh}#*wxy z?=EGA&b`sl{=uDHcj=$d>s~j^E6gv?9c|pUeTT5!t0k2OD~-d~`qf81frq9@p%@Wexr*6)OAU&hU7{`BAEh6swetS#8lDDA``(ber^JGg z^tPW#hscbxYT5r+Qc@d_^0(6w=F*K#wO`&frHEC6P%0wrcZ|r{@EdmYyv~FKc9q>g zgM5oR=7QF6EAt@8pBo^5Ed@sW6$b##-37zFXuXpdHXHY?pD&#WU|MxX-6f7qA$?pb z1zxZux!CwCx$z{!tpSR=^iQbpM&|z{C$T{){u=k}%~OSXOlh$tDvz|#R_tEIr0VMp z&OxhM^*&j)2I91(>Q!BDs=uRMN}h5^y2m`px)g=tT1ni1Yene!WU1>91_k)Y)*{X7s(I{m&%Z;&@$+XU2gd5`55>6GlyfcN^b2u| z>|DHNt?en6$Mac-iHWEw0KyrO=O0EAXGy&6L7eL$Eu~s^8wX2*lX?6t^p%z@Bk%Kx zH*}5DYWbWZbRHl}tpq-K8;zx>E@$r8{etnEEevlbMSZf`e}1C!&H(M*azz=E|NqlE z9jU&$e-udyQoH-kh&1bc;uLU0~I1{Y2U zcXT;ab`scN?}BW0)MT8zba}~UF%d_eet8)$nNC_n!_ZVNqoyouCG>*(PAzmNAP8Ju zswLGia#rQXL^o`Ti(?0?wPU5 z2wh2xwh1lJjcI-*Ae`(7z{@c`4=ksN9hNB-x_i|J!JBXTB9Y-BN<1Nhz{7luHi$dS z=8>Nyp49f+(tH0`;*J=3)oR=ve-0lmh4Gn!s^3#Fq3WxqMmxJdosJBi^w-w<`Dq85 z1MP-HFNKWf(b;y<$PnGm6^LF=Ib54QhU8vl!fhLoRozfiRGp{YVRSx$pH{5TtszuM zb-A^;;emVOVyeY3eYoZHGbGO#LFMrZu2AN!@Am84qN7*g5#>GJ^1S(9pB*^+g$W1l zlMyt2R(@y_aIx8{16>^3C2h+Hd+8T&j=e9JO{oof!wb|gt(G*Hi;^QgTatV=( zSce}Ic3_?tbfv@|XGl$H+DYie+scs2fDk14Te1Q#$$!Wj9>|KFuQA%5HRc(_;uz*W zsH=8gDAiE+S9gUTA2deSJCC&tSLTN&v>QM8UxEG!dRh9TJU)t{q8hq5PELEB(;O+T zNse)znTMR4@b=w_q6vhSupD8O1nD?l0-qek?Qln->x_#C#8wRu+l|Q}e{kl56okvA zfTuI}Z8nk_eQQh%lra2Kq_@xSu%uz@GwTExSsvg?Wxs z^HEE~4Q^erxiOt2rsESEMnQ)Zvf``)z# z${Oi~V(uJ1pR80}=WGU@Rw(ZhD0x zmJ;8Rd~2{V%vwi9;o1Tp%fgsrZZm$MjInl3-!dDGFV<1Pm8B}jDPTgZ4>30c$&6QC zt0}@d-h^G>@jz0C?5Xy0YY&9J59bKmBf9vhM~$@R8w%3Z&hS?Yt6- zCMJAWXXAXpv@jIo=sBwEdx(FN#WO|aUFS`A9?jQ2LXgoK`!%EKZP05ItR8uq;x8r%@h?xB;F5@JK*riqGa5a@CE@c2Sd1A zo=UzT>vO!fpg*^N!d%QiAYtth_4=53_huGEADs_zMkkoc4=2-V(M(@Jq7V0+gU#Cn zjxkCfMEMVH<|T47vGlyvY$#euXcWU!U2*@OyczpZDU2Yd?uu)v zot-EgGwv;KVY%Nid#m>ZdXFCf&xk$IPm1j|6e%B=-4kwU#$;=|2NFEgzG}TwqS$A^ zhQr6Dx^?P=dJMc9JO5odT7Z-NP>GB_?S+?J>GcO1$s(C^zD*Npn8Z61k|aM^@CBun zHVHL2+X|u!GbeAD&?Qv4D8NIG>@6~A=ro^OZE)A`ZP92sH+Lo;ojtP+?9+@Ln7lE8 z!8=;503*A$vN)Ohf)7kU2Ja+BOEzfYOh;0=1@riXnLVDoV6O?)>@^5*F4~*cNh{C! zX`X2>@D^_qG?6*r)wtX`deZ zDk^>|BwK+fAlQ_EdYsJ~h=b$&5%QHLGiFX_z;lGaa;^&AvS;-60ahrF7ZIAAAuxpd zbM*;P)j|pk?oR77{&dP~VvNMG4X~PhdaxR)sCPrFGVU=V5@}eOo+g{Z0YO~8scU=M zX_ZPCkDJP9g5wkJNK_1N;!Wy$tJxv9_SqTRPZND~N!cpO1Cr6j2vI?=fk{25pQ*b+ zZkTO9mnRv0o79wgN*!!zvvCHz-~MoQPaP3f2A#28XoVQq5}YT%e0Zv0Vj}!EPR0=? z8G71P^E`yr{itgp1)!rUz7&0@6jEUFKr5OS{UnH1IED43C?t2i{5X5_$IE|=-ck&3 z+`MC>;kH1vV%yuE7?^~&wEr&bHt?}Og}^S{Asf|A90Mw;j?h$dh(qPS0C1UP5Peo48V;ZCYcHfzQ9IO}t ztI6;8Gwx0{@!61_qi#DG&TxY;W6=_5)-wL`ni*Gz;yq71k!7}#i5`c|EB?qEE@=`X z^w;R26!DU>?LhdOYk$5~qyMkpihcp|RQl37(LQuT$RH9XMe1p0Ymh*wkm2TD==pY> z{t5MSnuA-41G3soP1jcGE)5SlfE(YN!_w7$bi6G~KltvmR12{m8zR3if^OtBP?6~I z?#MNW?*A^7mOVkI?)eYFRy{T6Tw=&P^~~7i;!w>@6;D@<;#?mZt;)!S0``6r!w$Kr zS`mya`1eMa)XP309&;edH&BIEGXAuM3b7SQuaW9WM&Bhh+=Z7upJKw`dPY1Rd~GL00k3#79BcBe!2WD5%)5|F>~X1$z4bpaQDN8}`TRFp(-0^jnBQCMQYy za+Je_R=WJT6&0geM`nwPP7jTLT^+I)$ck0?;S!!&*d&yhZ_9v*7_x>Y$A%U{!@RI5 z1^<-atm)L7A>C=eVeHV{ubBnK@(^hungIw%=iSvX>otb+d5r$#waK01 z%0xPcQj079*r96?J#|ynJ?0huCo^i;Y=f~}DO?wAf@-e}!n!o9t}@Y)@-WJ3+boGT zRMDA)KBja2+~jJhC(NI`X2{|S(%{+0HliwFDu~uxPx3pYgO*6pHbLq=uFs=<-8y#n(5Ijh&VO`aeTw_ zXG|)5=%~Ws=n@}D5`0{_d_zqSU*h+R5`?u#`Ri@#kd|q}A3}<7U+Q)wPHNy~VqE83 ze_I^UuSf;Y-+)8^@us2}yR{5H;V}5J!(L5m`Rm)MTWjB!G({TnK)v_-3IUXaC--H1 zD5+P}oO*~jVqTI6f~*O1yQ5xIfzVDxb4j#$K~M|In`qGQVYrSHy$D8ll`VpLBFd7j zhpKJ<=082$$wWzqm=Nt^ylw4O(ME6_8adqWv^taZaXgj=;9W5EqqD}mGpX9tx;e%V z)mtOW_clW`#4t#ooECwYvlVpVhD@*+ZSPN)?(1e`y%7t~h2W%1p@9k1BLHwP>2l+x zqk=7QRu~0a9nH3|!`xtkR6gxH{FgO1T8#X?`EXv|d`CY%JrHiGS^T1w7F)L#xkZxo zU4cF{4PYDDED|J!a($egdcDRGAdLOD4~~$L#(}HzNWsoZ`-$WJ%<_lp?1eY3ES#P^ zP&@~@kSE9EHXUqfkIkACj^gXl<3s+byG>lnuiNjPvAa1)5&NM`?N+6h?G^W1h59Cf zQ=ut-$@RrAbD7nvYmz5p-Fw8bzZ|24W4U=8J6UBi#9QHp8j>$&v9$RJhrM}KL6;%T zrf@TdvrJ1NZHeueoQYs8&f`j4 z;{v9uFLt`mc*u=wIlKQ7Pe1)AFEc3Q@mWjktw5i??WmC<8BKwxOD%BvA2iFd-UIJH zjO(QTk(>UKp{+P6hAEAiPtFj7S3Ihra?bpB%`b#FS%l{FSNIrljxSjOoH-wloHVrVVp&iVAd3Exno z!!`Uk7bEDzlgRSkpoHfoxd#d6BA`4)@{0=toPaoKDjvN2`Jgwy*e!ce;qgubZ*3OS z%jxQ&YWf12aqV}xi8LFi@i~5{Jd~lQ(fsZS?&%#X7VIc0%v|Kzpm%$&l~dZ!*6u~C zRqnR~$BR+hiKEaRu@fI5pv7TGXTNiv@2MAj2m-Y9?jG5!wM!>`vsAuW zg|U*rm1Pq0F?$|T7>?d-^gRxMmR1h2#JYx5uDflYrm^{8o9{*CF{$pW3GLj`Z{{v{ zU@L8+2lgzxO0?bn`*rkKG+p-5xFi6fgQZ*^$?5>6R9y$mv4gWRq{9T(xfEG!?4GiN zcWjxKNcNoHa9QY$m`*Fp33JV zq2CC%A1U-yr();X`;bBWV;VWp!;uqt4F)2Z0jIzaQjuH;w5lezWF0!9a!_4-fRt8Wh!eg(l|JY zl4thy&+)6$Tr8%TIQNc4ML5+$ri*`*e;{EzahW4Zgb!oKV?VkhW zVmW!ua@PUjn5p^uca%H2wlpSFMhq?t%MYtBH=Tvv8j_zu2thEeh9d^eCgLbS=;INH z68E@<(k57^>ML7lytA&!CjYCH{=WWqfzg1x1=4JlTetj8>z18F&t|JFL4&%dey@l= zQM3;x(RIqmYXVVicJ)-?px(-7UjEWlgq*N(qjPW&w`Y}eZK0Q{cz?eTbwgV^yVY#Y15}8rqc|=F`DhB z#sMiZYEfa9eC7sNQv$>e7GBwlgC1?>&+sHJhW**?r zO19LEnxhynVxn#(N>L@Cm>pc$d{OVC(BQ?v7}_@M(KzP*T^$G}Eu8<6mjkIG&!+kN z25}PQ?`m5njQ;$$dW)#G#;jZVJbxZiSeLoc3pc{(79bfHM(^>iNDBLv#oDMX=B{D6b1hJvh~u_J`bW0Q&z(i4bK>7 ztO5EnK~TMvIy5RdvF}%7Q==51V?^+~E6vo6*&W~GLtO5L3SAQz+xgq{XeJeG7Sgtq zTf?5m4yzdFgo&G(+QJEHKrr$GdiMLhFHxzzTRz=pM7^LQ_GSMOVc?oTR%TJmTp%H3 zA&M3n?lV@zj>^v@Ls@S4Jxe5n1SBe3y!2oc5N6h-uUTD8VBa6^i|R>9KIGk@wtZ+n z3{bxagaA#1aOP6=inkE;Ys5K10Y+)!)nDCVUMWEAeV)1|Io4b44#PUP1_0^5!78+W zy4g8S&))t|qs8xRn0#g0PZ5k=e%&SS#M6;NS(nYI3keycMx@!jdX6z>n)jH_*hqJJ zj1=@w244&3;tIX4*6o1c`Cw7V~8%LZ2Tn*N;w5!hwqo! zl0Jv$+=!6zoHaQHd|_%MC`Te##rMOZ*H(48_RjG-w2TfmtR{t#Ome0f(@wBi(kr#)R z<+G47>`%P?%b?I3X-?w2ptHPSt)i+G+r#~Ei^{X@0E#QYChijT{WbXqe(1yLOg>05 zl-{3euIA5W&&fJUZVcG1e6W~5>h5PNBl4Y^$@CyT#c)cvIvDTwF<^uoy&M-rj*mKg0wssort6679uKa&flhYY zEx3J_ND`~(k`KusVenudBn-Ybi(RPLD-@Xc_>cfPzN#&@&l+3Qq?#d+?s_8H-rlJy97+3*EXrDvxjoE#@@oX|xK zk%7I+fAU*1b|nKa;kCs9ltrz}`!}RuJoD7utz#hLgorLM$}+#W0_V_pRN`Z1G?_@X zn`2$G$M-Ar@j;}iWb|?3YF-|{5`#UEpGSGRnjlwV(P_W)o&}qNO-pjbXm{B$G!d?= z7_KOQ+B+WoK7ki;VJ1KQq{GgK0*-{2s!Z#`;WyBiMkoK2p(KSpc*H0ZngYl-9KDoTF4nV7u z%5VBSZ4Py%WxB7`rs+)3Dj8wH%XQ7E{;yud^I(&~Bq`3ew{9QCBs_FaI#P2i48)hr zZpis&-l~G!8*#|W;x}0r<9TZuimG@?Hcy09R>temA;~19qX?-OfnAx-lE(1~yn7!d zy3Whdu@K1G64-&~Cz!t9_1FX)6%hv+ztghM*>!6u6h?zG4^hDI+Z+L$$yxm0oI{B~oCPE8)+oE)Qodh~c-gKkR^ zvm-OEF7O$3N&yMBA4E^~rD*+Mr79%Z3>%|rNMd@6>vzfCQq`HQf^3YmG-@PTRhr7^l zrk)r^*+vFZ25}rM`WHSE1&zISbQfc-<;qceC<1jcYC0uWOvp#2mSiNNFlOyzcrfjs ziIkZQLaa~kqORr*Ai#$a2Sp!A9w)Qt7CC0Mu606)*WwTqtC%{y>j>tYGq%5wU{j^P@e{kB*4tFbt&;EaRO? zDtp6o%nF#eNi7*O+=qAhdlHj%_&T^q#E=$7o{woeSkvxG4_?9+OqT(ME8=pb>h|qI zWgAdMZmZL5n}gsK^+0ax3Hj9*(U{f08{zeg1K8nn_#nz>Kd8i80u7IKfxw2UpxXIExH2tV-M#+9^S@xaT@(-ftXHs{xU5cjUuUjc471S zyL@V7RBX!AId)@*#cC^*t{3k-Szrc6KGm6W`#+=ZInszOkP}M-AGW=Nl>ABCEHB(I zsMmQcY(}o;^g3db#X;HW?l+XH5ldoKT7Bplge^f#yw*XO+!L6*IAGNM0Z>X1sIY7u zuNey$+rw{Th5D(8rzXk9jS)o(I#XdASrreo9qC+GvA#C^tsUFueuUnqLf$W-AJx%K zv6r-{G7h7Yn(0d}A~|1pkNw~gp+}VfPyyyJXce}K#t{8u$(R{# zvBZM8XQ~1%Vlk-dkwtXJv3x3H49=_*g==~8RQx}RN0m*zrNxp62O=%i<_%J|hK(TYLwain(~yXols$o+ z*pC)6WAwRf$~(4=UC}d^GY}5;+hlQSyP?Wm?h^kTT?Y=ene_cI0--ZOZ6;Zp+?AXw z)Z~a>%%FrRA~!e#*~Jlut7@mzt9=^`LCuO;hp>Gh7dnb5M8Qr%j|FydPkHM&#FIBW z_U`-kekA$LCbmIsbb~ym#G&Tw$OZvdkkgytKhDtPI25*89Q=aRsv^?08l-a%6d$n}Tj15_h zU$ih_xd*4Mj1k%o8zx9q=4?fS@k;WbIcJy(}HgPAbPr@;X&GlK+fOuI-z< zTJ^-ZG+o9GOrrDXkL+SWh0MWiX2umO??nuR^NfCANSyZ;0(9PNz_jas6Xtf|v8KBSJvohDLwvNYvfjzX2B6lNd>kw(P)Kg|aCdd1r6a_E*2v_@2dd z+}O~AUcG)|6a_gY^O382ZEiHegZUhYaRS*#xk+3<`)v1w=iHxV5+yypS9Xr%GqXm5 z->`mLEA`fi!72OFSBtOaP|1ee3WVBFJ>9Nxas!(h747Vuy};KTZEt_>N|+#b^5*Qr zxuI4n9+X60>mbCLZ~U|i6{u=pw5N!@A~R0Te9!dww4_bYHz0Jwy|QcYRvod!WMsaX z1=bCE_lhqhjg+qRj2ed0tU?|v#uTrCl@YBepTj@Ojr}a2@@{GbWZZjdZ=5*UTph14 z88Nn7wTuvQsbuUVYL$?X3Zfu{b0m`(x^r6ugs=k;LfHIe5GQ3rp@mW|)m?WA zI__*&sYR#>DpF3-9MLQ^_08P3(NS>s6BBU_Y&TIWHHaL|T=D|_(8U}W`azR?dlH;@ z6MjP9^BIbLN9Uj(HJ98tws>}6`*Bh5sB`s&ldm8iHNTcU!#1)43V!D3RGG2!hrX|R zy{or3W&EjFLY1zv^&2bzv_$}8npDD=Ay(7`sddVe*D4`&W@H|XS1-G1$u(wd7R6#@ z7bSQQBVaFto~f=eUdEhQ1d?>x3-o;REZ+ld5VR>2P}=At$;C=KFnYO6LP>$}N31pw z@3L!v$W*29^WSR+mqL=AfdUyV}8Y1yt#nfwc!f!R$NA`4?+`hyD??RkO zmXGXXfHRzkCyXPv2Tgi)@+wU7FT*j4k=0u6k&Nacjkr(u8GpbsMB55YBSSP|ED^VA zs`jPEC^+MKPv?i?8c65!-%Rx+I3#++dqOS@juF@K5RY{c<~)X|^K-8%B+;*2MVyHU zkN|P|74{cEo^p?aD`>HI#wYur-C-bIL#ZM-cG^p8t^gf#&{a5V$-po?UVUT z-7uslrs@hZ%4Wya$rRx^1ts(qRcKTyobO6HDj1Rg7;A}uG;ejC_Ggu#YWE zEW28Ixo(QF*Y~Id*Pp;4M=)kL1eselfVM=g`zbG7m%pIg#xsIey)jWuyjDjzQET{# z2gZr=2q#7XC+4Iv`JW{-)*>ga9XUAUg&Gu?eas*qdJz+xzkdTY1aL&TG!^;xFOZj6BGya2k+v0@L*ykH3)CO{ zu!oy9@NXasBM72~_ol!uZ18`)1=c2j1c%h@b}(T9;&v3ngajcAuHa2U*m+0b6Z(I9 z7I>OO=!xM*#;)Il{rgXlH$g%X3Gt>NGqxpy+$T%whX4E#P2kJlHQ#@?BYBY=^NgeY z0yf-|LKEK&Vd3bP9W*7m{%60HydRp%fpS3?v`m_q(wt zvR%Sxc;$Z_0*HJCgi4yjFG{1>sZ=IZ{CclldKWoP$hS5k0zZ3Sr&j`9HN*6vzuY#1- zqiKHs_Au~xG2;gfAphH`CdMNiVTNam!D1g_h~}#Ryw-BCq5BbB1oK{7biU%>2TGC? z4PjF1AZQEy_ZP_j;7t%^B*%XGU!shEDGvD`MQ1A7oK zgaxut{z-)JeS4L{sqKFhJNCpUL>K)}!2HjK)l?B3Az&P+f{K~f3W$!l0}f^Gy;1AS za1p!z5&j?YESi+aVcz7`zY)bhrvYyQ6oC|@!~YUL{_}G5-1n(rL_%FaF-pvt`%6L! z2$7h)d|Hi3n(v4)SuJZL7(968m=pvJbYk11PyhXM^na;D#91TtC;_u5{;WjXZdg@=vE(zs`P`>Yp=pk33I{d6p zmZ47meBL{_h(}k#|9z`$%G)pwOa1I)2=f5`{kQNY@D#RTKm9KNj4aR0lxrhyZQAqg zazW&Im$x1p`vssz+^Ns}sZAd=Be}h~xul5;+j6TcTANynmw7&A6ji)46iR85DLT2_ zS)s?{Zoaj-)9bc165T~cKaQ`(A8duXPfMek^`?C2GoWwua4>l4p8L!N+u_*!QD~H9 zRI<7{ekIss@^t>d?Uax!+Tm!E7+Aat(Udbr4>+2NvqnBzoTebre~l?|;yc);j%G|Zpqmx%{wI4 zt#x!^VY2Av?7*p^0ae~JQ68enL%B|hhb;H&-!F4?jLTdi^gJ$Xex~3(5N2IeH$Tef z*>{%Jeny#Z(E7CK@c8Ou)}o~9oU*mA5wGSSWnBof6zrT}lv7%&)v>R?5WiJb9p*2n zU2Bp5?a_zyVPZxrU4|w`laqSG&k!w}_>#ndZ_LO!#TfqKXu#SdzCbjaiTlS!d7XNpLK6{@e`rYAsGl!+O5#Gbl#PdJG-SKZjtx`X(UNtIN z84|dxbiSsBk2XEL`VRj6VUono7mN|NTeMtruH7`dLHyI37MySync7u*nKqwIs`C5C455Yuh!1?!EoEw zaPuIT)_BR^ZGu54EIBQ*XK8dID?osG!=&@l!bhrze_ToG(!1Xe71$1kK`%yuLq-X{ zSzM`~Qu1$pmD5{Y!3kB=gf4`v+^x6<{fv{L_0RM{uyS`zhkRUlAaPNthd8#^dz#24+<9p0vTd*?UsI{5D-RbAgLrxPVyVEU)DUY2l zY594-v3Qeby2S3;Xru9_qhr}q*Kg-Z>Uuo$rxo!M{sD?RjdSRK8OA&o8jFYS<{?7^ zWyfj^qBaXXts2ak1@XVP01y$HHPG*AWPFtv=0U_WVJW*=M^&(zO4J~6V)3nYQ~SUFEY-^aQ=ml@8AAE3c+ zdNc?(W*IAqoyhZ#Nm(M1?EK`hZe8P4l69r?@SEep$rr`9)~k)Swm)9(4}lI5HRZJW z&C<43zaz|s`!F=;97H{zq1t(Wv{gmu_sd@Y-$_2ynPg_#)AMF-_b)onSSs2J^Pk_G zSPm4giS86N0LeJlP;LDd8hUouoPB&2`f(*{8BaFXKvM!OP0JSJES!0I$x8Q@pYY?+ z(%F0QNTY+ayjLDV?WUSruC?cL1v(3zobb%9-*7`^j}I?(6t7fJM{JHpfspnuiXz-! z85FAFN-r^m7B}j1zbg4~NB!o{Lhp{(T2}3GH85&zB#*UOvcZFfVD6eV@Y21I{}=pK zjo<0b@}ikO^P#w4eIWz4l{l^Y@5m!I({hG5<2|C@AUis-w)9-s#dj%1-|i!aZ) z@1KN?6HU{8GBh6w1*`UjL(TZ<8tJfINk?4fms*?k7)`}Rep_Uq$Iz^#X5DhsYR^#c zD$r_WO0WvrRF&+kIWT54+PYg4QA<)NLOkFcZH>zIMKmG;NiyfnyFy<;M8qhG$>btA z9CGxLhfde-5A>SX=-Mq#og;+sNeB!_dOn0U<|l6--$!wND6trqlnYnA#t>vs@WDg>+?ZO{(2~Xn(_=+`)=j$w+ioh@jg+~z>^?Z$+evrE=F;-E z&vmM_d=eciGodGTM7d?O8;$$l4&za^S%iYhvpQSzB%a)UyoAbY;WnlR&*6Vt57d}9 z*7AiM9|-K=O+}?F6l1ktGvQj+PehK%XXy(gr^(@q*rDfYcDiGLObMdx0zk`ors@b? z^2usZ5ZTWAR+5jFB;Ir8MZ066@A@8|Pd#o!k%a|2G;++xek44zxs)as;7d#BG!bf< zfyz-DR>x0Fq7!|*!-kZ2kA-H}c9NHM5pZJJ$THy=kK%_BNnk zK-8`}b?Ib5X-azW>QCM>1HJHIr}qKtOR+QCy{e^Yg@iiY((_FQayGRL)rtOwK-=Fw4OoJf#Su?_O)fRlqfH+)M=%rM82kFwDPv9ZRRO=p)-B;?SUJ`SUYQ-RFO-EZEhSUe9ucj>>6Mo2*SRhGVq+IX_rMd2`)VH37waL!l>f zVkQonr&#RQihb_f`%n{S5b2gyt(aXZvUO$7ciJ<3s33M@*AC;;tgbLaJd{wE7M@)= z(dW*1Hof%M>A8^@rIw$@lR26&hT=?{{dfy*%Q>>kG{~%JJIQ&qcIz!wVA73p>#JgT zGpm>YP~lM#vpyn=pA1@49wv7BHZK1;#x|lC*XO=lZ;fnS6HDq6vCT%haBpROk~Ayz@C$Wc+ziq3$d7xLrdrob{VJen zS=+8(VM)}IM+Ly7K3A8$k{NeDoH zl7F0Me+<{$c`l)DhyTptc{@OCG1&AI%Akl_!c8=xz_#pIX{IzM2 zC}QcEwos!P_mDXW=If)C#H*|f;Ttv+yVaR!`ZIKImTfo*ks0$CkcrSnfhL5(cEb;) z>>@y&cdUp+?{uVoz)HfgUNFYl?SExu`4!Vpr&B_hg!pPOZ{gP@FSl{rF&s>x7&Q=c zp515Hbk=xfE0x7mCfxHq<%KIt9v?d89`9yVr;jYQ`TD~MdgRQcKL_@l@oW{uY_eM2 z7w(FC!_RLCX@*kfNsJhHHoYi4Q#etie%Ezu_|#=y{?e^-gZ1v|!rIyzkJ6tab`lH~ z#p9)714%ES;a}Y@mU|`x8|fuOj&>_;VMo_O^PEDJq{ z8#{iOGzIQg)fraxQGgDTYS{ZB=BL$iu?xXr0RD7N=O&CJc@qIj+gPBF-Z}{zSEXrr zz!_+Vd=WRe#wz?3F%~v!t@1~YLPH$CZ(T===EjC3Rt)$oMtV0_RLa^5rw^%Sxmteu zC0*98bRonv_os`**15^6uHEPFAeQRwHKs1pJO0g@=Yst=9hW-!H`Yh`nT*CQ7t`~% z^qllHvV1Kwju95@!z^iMJhOWrjlVUBau1*Dc6LqBqFy*mQnPB2+wT56#($_)Y_Z## zF{`#~ySbGL)J8adI6u&HzUH~mipN3TKiWf{s685_@EM5qcuI+Ak0G8>n}~C`>j_rU zo!mH=UR}ge{{MD7(d|1)s6sjU3(Izxx5#=xXW^m85`^-tcIXjh##>?{dwJ5AmSt$# zC^?taV}^4p)P~Igu~Hr%&NS{6WF|L;&NP}e9y`PP^4^_ExD??ZP);L(TVEJ0g&`=7 zwKE%e8>1(NV(Dp9T-P46uEc~0PIlu({J0w`Ek3T$DsUAsGm&{3OmFkTQ%^rij_SO> zL6J4zu(59RlrFqkw}J(nHLgV`-$g>#A-B3I)9-&-@IMgDvx4@l+7ddgE&2bfQ)Sdw zA)3m`_d^&ElOTt{JRls+*DxBC%WqMX7ldEGs^m^?#_zKvH_OO}`MA=v!?kWbG=xb$ z7A*PwI6gVWq zDh$dgp^4!G5r;O}Qh#~r2(y;;F3#O+Oct6ayIq$Cjl9W+xb}-a)}Xgj0<{R4tj`a5gC6{53lU{*&49e|bdUX$X%$i@|A| zryfjh$TFtoYt^+ARCAsEFkG`oCbE8}Nc!YY&;eS|k};wYIxMRkd)zdcoMyTYW(J3L z;0Etl&lcLw`7?$d51!~q)G=Cja0-=|F_?}La;zDJ#{8vW1yQX5VJ5uHb}`-fxAh4j z&6)-udpF8YW`7Y=IQdeXWO=4ssRmzo*whF5u$9+J(c*WUzp!#Qp2>s2F;^*ZzJKd} z97C`G=m5w6^LgkJ%0vxAk1L_3s;R~f|SSO3sI7@#;_bq7yM_-0v%)60PyUF)!f114tMc_J;pA;aTbqxK3R!5< zZmo7&SB5|XtoV2Rh+shQl?+)7li<;A+XX>Hy2K0=lPDWxNl}g0T5Q7U@_?X)6bB@7 z^9{AsCqfc6rlH8m{DLLxZZSNegmjiw0&E6gn@w}S{bEq1m0M2#c@k95RS5c$=(b4T*NZ-IiwoOb!(8XsdtQ)~LUMY%a z*q3STzFAuwz_)dOgU6G*)nBZeyKv&A>BwI}fkAm%e)|P4BgQx6^z`%G%9v36n8Lgw5BezI(3!$4ie^rzO#M8Fk27Dml4Y zBEg#ND>CxAGjvvwUUtE%$)vKqho> zUGys380gdlHOYQTlI`rDWwg7phu304GZS|`B@M`Ydg2yE z$1bW_32ULw#a4r**3Rx$Jw3gp4|d|Bo$7g0?p=99;c8p=05u4{%9y8E)?Sd)V_|!K zSdp9(vfIce1tBp0Y;32O*tBj)WbV=}98B*TR~$Wma?`w4RM&aXy74JPUNc??#xKP` zpxa3qD`?fkCG1-N+%r;tD}CAuKmJze&CHZw{&yN5TdQ?wefpRtM}cB$#9yDH#RbcUiUs z)*zTDYi1#TT+&POA$gI|TvtkmYt=%zUwp%GB` zHWspG1~I&8uikV6n_MeSVX^hDbA4~g$&4#?N%Cs-Z>mXD_(X#m{?^~ zCFb*#mJ7QJIf@5USOX9( z2eWRj&u5lL>WDeDb@_@P^4%nv2`>Hlist-;|EN=G>AQZ*6Gwzy@j`f|Y0=)-L+ir@ z+o#yN@NfXgshm*7&g5j43@#M;K|Ixc>!D(;m}7))Rhrq9`_?TR2Ehlv*5|_kvMC=% z&qbzqm2XdYs)xUw_B)ux-pp&1>XYSQT-JVj6{knF4B&=IsLq_eQ zB$Az5hb5**M;*4Nt;KS3l@i=}D_NJS=AR`@w}@LpwG0fTKh2Uq!ZR9NT2$a1l~+2M zV_JJYvhJgSRp|ykdn7SWkqrcuThoCzCu z(khF7xsQHf)hDc5{i^JKk=wcWB1eL@!!>ZHQ5`GE?TIrIeGHXOMG7IlS)Lo??xXX3 z_{hvVR@{A0f?40vh|P=mX8a+TYea%Ex2i@6MhYXCdcx%Nshy_I)3_ob=2(Mpc`p)g zIlAwo8x`zLF`Rb$!c(svPd!FPX1q|A0W>lW19Qr!xcmL}ByAigj-TE>r8}7B9F|A7(Ut?*}>_bz)5Ui`Z9a^jA-_d$r;MrJp#?`hMY1;2%&sS*0d!D^4jb@1Vw6s*s08pMYS zjfkh`4-w{HUVa{OPI|3+`AzbaVnX;m>D5`y5`k|c6IqI;+B9%NGIsF@%vadP$)hb$S@ z6C%1)X&Pp`!kn!IWlMz-etpFj*tq5|mnfq?#38Kn=Bl>L$27fFHc9B>ha;Ez?SKAa4gbP?I?SoVEFR@`y~=%fm};mDg4*>Lkr{*Lz<{MB&$;TQ^mV?yq<@eLLW6YYQS$Ks&_2Jtl1^%;!vy06m5y8i#GT<3FOAcVqHUFmM;~>dq++c z($qR~x9(v>S+jZn_tD44L0c|mHp7qD7`IL1#@;M;S*(J*ii8jUzlm>SyW~s-?*~@l zQ9gHh){TPlhPlYXrR+Hwrtsp8MX|B)F5+ResM6V^Ig)c7Ff*a=t z*?6WA0`Z;qL&WkKN>Y*H?zazI)C>b4ALm1?!vny&FC55)@SvWWjbmGcVbMpJq7_g~ zb|Nrel1%%UNxQJ(`9Vw5wG|y&J;RmR@y1`)E6S^#)7B%Ri_og|wf_C@9(vQPVkISG z&DN|YX{=&{&+G}K#;s`~rj_l>o6sUk-q?Mz@RY~CkkPh5IqHUAmBr^$3#UX`l)`Z0 z%-h}PbQoioinkgY9eXU@ww5cW12+c~FE?oDoWETmLR0Pf`P^3NBXvUo#u27Rby;{d6J3}+?4pC&T$PTkUdEh_pKN6uEL3}r2%~`I;OD$1$p128kqNp z31>(gN`bs0tyW!4sKGEFl*zLK^`6=@G2&A5{mx#xa2EQaj=cwbKO@7a(*7UX-aH=a z_5B|&QA#Og$=1RtBvP_YmKHf>E!lTsvJ=J@vXshJsq9N3vc}lgcPS`IVXIzvR>}PA&=NGpp1L1k ztxBr*LVC=l!g?(fpw(tE}|cm*1X5KNl#x;o5F88Q`+x z1HILciL-wxiIMsAJ*UT;#=X2vb?nNWn-1?JrA)mfEj5jM9)45WJuM!(;+qc$4Xv04 z)KI78;1FSuQduGlP4H}O9Q7ih1C{#z(I^`9NQEyp zaa1@l^fVaR?Sr-#mc1K%X<3(U(XEJB@94MN$dgulAM!)OF65bvRKtfwz@mHsUU!^*4c>KPXAS=pk$ z2jIPYAZ3xl@`g|RX!0&gy|6)ZA%-g>{QTk^h@ZiTR$bx(e)P6=oj}q_T<89Zn4f+4!jWMG% zlTEmkxCZB261UK$+F!4#I;GR$nFS2UBxt5(byQrJY*24|3wpIZ{tVZ?uX^|7U++%% z!c6(@thAuD+=Ej8^*DF7gM{hOQ%Ntq?tUi<1crYa089`aT`E?w(>sYTfOx+U&YWY4~D^yn!v^Et5r|+;<7g9ZeWW2lG_| zT~#g6jNaOaKMIY8(*178q$0*$(H_%)ckmj52`LzI?Lq9@ZyEJD2ulVIgt&_hw~Jy3 z*#v*YVelUGHcL7AzQ;O2NyioQ&^MgnnLg`MG4Wm_@q9;Hq{|y}=~rfQkK$$Wy#j|y z0z^D5oz!S_t4!9B92op=ps6LrV}(wx2sEco$KE^tya)0^k1is*lI)xP^Xhrdm>m_l z0qEKyEHS~Rwe7CxqKBTmRczp3y7CBP45#LFx`!bgrLv(xr+4%bvJ~w_I~sMxe@_d3 z$lbjH0Wx$tOjb*e>;Z0M?XF&F$vKvvdefA(8q1IyQ)uKR(1z+r%o(xjn{OkFgq*+W z92gj`%eAtr5sYFzrUmvbVR(PT`33WM%O=^zi0F%Ri0e4T|h9-Zia5>7YYGSc)dJLdscf~ zr!90?6rC@cM0)rJxjKCR*Y!9%6BLd>ln%(Feohri7_tp^LGh8u)EF>E-!597rg&%rC>%1H6orNYf?K5#CpIha2xMsE-{U(`o}FMc)&6@!X|@A@yCvziSgrQZB3k6#m@k&xN{A#QJ}8zNO&VcAE8V}@ zL!@S^y+WZNMlHYK@`$Lz!PVPKyNfp;5u}UyckU@=eW)TN#C_d0@JGS>Bo8{gvPtV> z4?GCYJQU!Ts?^ysgMwmZ9k)_EK`~~<>M84aL3H`|wLxZNf_UMBxw9SWGrLE0_$BdlPn^S4mE*;k+ob}IN{C7kls zj2D7flD9b(eL9m#)adGzBfWTs=8_K2^sh&t^nEO9VGh>XidP&pS8h#X1M8vVOQA2< zSM-&@A=%DGu?5f>7o_~FR<}c@+e2Th@s;HJ14WiyUfsbeQcwHahl(sd=2!qydw-%i zZW2ztU-;_35fMcrU+gB)kfz#WU>z3OA}M$8gZ_$?4|E+n{|{VTwh?B_FrSs2E}3$H z4u78W@WE5;jxhiXIXle1nQ4BKKBjgcU(FTMcm`_>Q){k#fh&ajD@w|Hh(FyMV&(rh zAdceFs;1nH7r(&Zl}z*r3U!k;x`r&=UbZM7_ic(M_M*({xbN2fqJ3IRZ_m1yh$-J$ zfrE?UV+U-kTrs=PVns;Y^!wgcj-Qb@t_#4yeTW8)^`uTKwTDi6EiLaUKtzw-iu|Te zQmiQjhzMhg*-@A4j}BmJvG%`K!LXc1uK2M)<^aGb;+B z9zE>I5T#f&AC8sji3WreoTreux0et>mS}O&vl7&`7k&Mbox{QY9;XUP0>>K1ss5+% znRIei<^IG=u}y8pfDlprA;Z#sL8!E-?I*SjXefZKGEf0>W;(x_7C%fOio4#P`$ZdC zSk_V^RU$PYqzC#AHAOwSG-%VBCfaKHT$1I-Uc$52kqmJHefaFr5yJ}m%Hx>tpLAK& zqZ^O5ojWfGg2KZb!|9e@eEK65CPqN#GnryBjW~W8gAjU06^dyd5OPO^G{~TdlZ^_> zh%novW>A&SUSs{Jh1s9BJ`NX5cc|ADswB7`@AeAuYVEGqsuo8Jim>6x9>K@|^mGsY z=0SB3#vk8QrCopa8z>&X=4Cocs6xLo`p7Th>bDrJic23KiXaI5Wb18ebIXr6{nShF zIuqH;T66D>g1fRre`yuNmR4YIhIkc%O+p|x&g;8Un>%7HBQmVLmuJ^C;P*03!J{7i z?>*|#rymftG`)H93^q7cm&CxK?pmOEz)>)SOnq(OgqMshIj*VhDRFYd#S_onfGjx+ zL(H`G6=m4z>xc3wapB-EYqO7XcVEsOgGn=)B}{%Y4g@SnHOkP?5#h2wvycC*f3er zZ2ft1PYh??L;Uz5WS+ZYMw|I6;>AH{@A5}(T@93OzB;<1K^W#8Uv{q%t&NC*h`4$E ziut|7ZQe6+;?!S1=p6Oowq2**Oz32~QLrWj6~ znrV;*%&p{hPsRY8{ekjt{ueY9!YaFE1rJVBs1EVrm8-LR?riHY(P&|~Q&{U1OP_7k7l)ZgJw&}D!|lp2lrt0Pjr@PDH^IVRc^TVF zc}i$b*A%B)jbzk{%2W}$q`n1Jfhvv|_+tI0gRwlaKzdQ#yLyj8G=$JAlZtgL-Ae&@ zAWU7RrIL@z%JGO~^;j2nUJNMjAX?XIJeR$ea&w|+xaA#I5q2xqrski}@P82w_H8q= zy)nF%?=?2FCQTtc8PG>BZ_|S0t<$wv)t}!7_{tg=XITfQfd4kCNsqwAZ=_JK|B;Iq zhch1CHlmgv`NUCKo%TE;;;4|W-7%c4-G4Nf!@Ysfa2MM=I$^DOSUlQhNFZjltJnTT zL~CT)9II3||K+r&PG~Iy)T}l%SM4lay+!P_plkG6| z1RCAxJUg)mGGyVG?F&u_*c{xku}ZuAZ=k>8p(IvF3u}5#n_$Yp5|P2KXN(uM=s6WR z?8Za~>o{%m4G~V&DVWQfwJLmN`O(}L+czJbR5Hu-zYlW)>G7C$8_`|&=(T2ikLjxB zTTc#s)x52bra^l+7mRN~La9LDc-kfK$I1cl4k=vqrFdZ>>J>TTJX5`w5<1a7QboM% zp|9D*NB3ZuZJJrYewF|(Nfs_ z>i-E4D}LKUY^Uo_X>%wb-)XS+N7p(%5@j z-ldtIVn+9WF&zC3A6x#UP#p<`YT&M!53#E2qsKpSC?urH5q#6kqE!mLMo-prc>qzR z=N)!s7U<~d_HB5L!WyhTu+#;~h4!nh=hZ_ia8*0M;0+}pJHHH9Q!`8rEgw9^wb_Vb zVr`@#60q{Q05`X9%VH*&LX0pShMi}DjnUnTpXnCH$Ls?8ww3RZ1;w*o#r(3}%9&qG zR*w!;x(?zs9u?3s#c07W%Dwf`%$(6&r*sPvtxq@S)}`o{m(XZ}SZCkg4TR?Fm}Vs~ zH{Y0J>e5ChwSc4D=Ui}c^&`Iuu1u)drF5FYfk20FgcWLLd*Yxk2bd>?fb0$L5mkv) z&*hb?SB&f1{wEy>*wFu-KZ21^G;Aw_1cRIveHDpFwg0*rcUk%{YE#- z?)C!s0Ogp@9k4-%fKketPOmfq#NFDqjRIO9NM2^)nr8epE7; z%au*ZSlJYn?2a%;93iMxi9NSp*I>?L`fBx->5I38R^*=MDrdZ?O#MC%%KM}9Xe2jHO zuR2xjrn6qTXjW9Qoe1Jhogs67UPf0g5R!@*iaGqx;s~w};#r;Y=o7&QEI*{D$ul^| zzEg&d9vt=XGL%h9V2u;{C`>Izh6%(6FU7)fZVpL>-X z1U*F^kDzavi=}f7OE!Iwq(KL^nH4p8qIm|7P&p$Q$FC;?Ip6$WVw`)lT9|Dwkkk?5 zX=o#@z7x;Pa5?q`CKfX#V4@7t;r=Y`|Ae%@(?eutITl+0l|~<*RNT2gtjIse7!y2+ zIMO6KmKaVxyC;5h_?B8o!I_aXJwAf1&dNse;QyFo*S4;x~P*yr3ygH~vb+aq%j0@tlHXr7A4 z0tryCp`k({VY0tso#?ajy4)1Qe&t1IHI5NfmPn{1V2@aN4>!yH45hlmO+zOV+k5VPR9(ak5TDo6-LM;mz$$M55 zjO2m)<+6g~V!6khd^Y?u2G>z&9bNhw!5-Nbb;BMg{9>?;mZy07nWEH(peob3;HY!U z1@2Lf1YVNUhrN814{ zoXs~w2Ii$Z^>%ZBXCEr(2Qm=&QjLmc0ZMa*#CHVvG)!Lxko-ULz5F(ed_oxs!!M}< ztD{toRYMM$ln=y<5auZydC<)#<&QV-ui$Ce1%5^W{LJCiJF)VpivqA;!#^T8D5MqU zlW>J9kv=U%_>;t*DagP1Z5AUQtxxm<>hmmUt!vnHL)>P!pVrWzq==xqONJW{WzN%)i%cWvF zbUc)b;@N;)Drkxc$gi~(Qv(;!*-znZDD33&;%oy%D)6YIZrxn>2sEf%bIhV6GA3le zGu8GM8kQRDgT^H@I_OG+PCUdj=?Nnph%4g)I(WxwOS`jRW^Z@|JWubId4XThL4E3@mw&v3*oM;0QIk)NOlW z4I2<5^lD97zsZ?RYd83&>c0-W~(f znMo*DkhzFwJqLg+>yS9=&(`I7Fv?X*um=PB`d#OGP0FE?qt|NpK!~a;>U?zFWdmFNfEBT_;+}yZ36^V+2osG~Ph(QA4ox zsl#;J4s;@p@-SB7FuZ2C$jk`b?~wgyavq786hP`aj^o#@{I0!#E{IxfosZTU8=(jA z=73sJn-C?znTry8tdCxW1TIETg?kq}eP>9q)}!NagTxtojP>Xk&Jj`izO8ut)4O^X z*H{f$ZFiW;NA}WnQju^38K&A&@AP|HXEr%|OhIWZK7X?r9X>>uSE_^U$~U)ykY3P( z79|>VK)3FB3I=mo#`ZpgDeOAFLvHP;sYS2!&PJ1eIBiQ~b{)xomEk&9@}tqr;?0*sp4m3AJ2RfP zFqH<{mk6F86w5m`?6$X35;6HY;9F8sGX2*~;(+P}*r1C~nxCzcHEssp zBY;ZwqZ4vD?LJizaAe6$H&NqWB>rnBiyk${_7hH)^$@K;=?RB{v(%TjZ*e@cc9s64 zF!P>(s+bI&uVmd`2p*bl$La-sCTrMZPCD1QT>$_z4T&4CZDy&JVSm>GWW=tW02q2- z>>kxW)Yb{eqjL#wdn{8_O&>gcuW=p3@MKR>H6Xae7gqR0Xlt8(Ogws0&1jTTrNM`6 z1(A-u$rZ^(x#8fe{-BauDW8&inM>9Jg8a1zHCp~`1+bkdJ8m>RGgYHb3KXYC2dd(c zRNu5aBu1NOHP*>a#J?mtk*VPht6qg92Z2vZdy2zkUl`Oyyf`gM^ROl-%&xG(@m*mq|&1rE9~!WCtty!~PVl9*IZ z)!UqCRNX;lRx3!ATngy1zSKDP8E&&Tu!74b-McQXbEbRvASv{~OxR-WOkQbG-=ojK zaiMN$1jfn3(LJtvI=6wQ!$j|ZXK_giu1XH;3as5PBj|>N=E=HxSaGdb?v0lH=+mrq ztJY44pyrYn$T%B-$;#Hu^)B!uGN`_E*m^K|Ln|~WF7eVC-#I>xj!>?#&R`XL%wNHed%wfOpV8sX+ZLXz+rNlEV2duKJt0= zi#n{Qw3|nC(kf4#h=fiZO%cEw`L!vH%fj zt^bCVOc~x-due=L2iIwy$dG2xsx49)*bgaFUAQkcR*k(lVy$Y*8hwIwPGlC9UMu|x zl2pJvgjlr_+C-fFxapNAy4592QV5W3Q{ZPl7U^&ySfpmoZ(m=UrpzQ`%&7c32|omt zl8zEDW?%QoVT}YR6?rvMFhWdqQI2hUU1$7-Au5>Dv~TaH!s+%F zzH=MIaBQ;&#ZhD1u8c3jzD9vN$}Y@YQ?>@shYxW_kDE-^85(XT#L#>wjR?uxK(n)p z@2BLSuA)?hv6w;5t3j6pwb#_H+BL6R@VmgU#ztI@q$vGC#xWvNLF0tY=TaI>Bm2c> zOzIq{Ix&I4#-tq;5IR3GDDJ($BLGM?h)f=YBH|rzi_)B* z(cHQz3?q|b#N_=4Lqrs#Gceo-gGI5wwQx@thJ?U(=tYHgkEpuCra?_4Jh z)SIEaiF4P7p><0XL~|I>Dc=;|DU|CT&Eu!QySeT!GBF3aDhUNv>ef01NXW-EEQ~YJ7it4LrJy0w>BN$yahZGJU z7Du_2TjADyCj*=f_DCUR$^cog{y$V_daRjV$2cBQtzuCrfhfIdM_AP;_$E0Z?Gp$B z57sWf&^uWDFg+>9bqdAEuiD>3ObQSW%>4R&OcW_fsvgjs+FJ8h>IvV@_l` z#JsWF`FLjJL`Df?4hF!~qsbD0YUN$fV_~|ydA*T`5(Lbbi{`J_t$NPZDfT#yY3cx0 z{AaLoP0t}o&|g9#DjGLJW?&>euR24;P%P%#1t{|JchuGdRg?_w$p}~%jL7~cRaCv* zLlin2$sX^1=H5gJXEDt+51I>GUMvZXoJEiWoQ} z;+GEzPuoyk)^!is4Z{4GHxas!u92s05KYOpTO3c^ZamZOR&YH2(zxt0P!#ZlF#Ehl zhnHWX;|mh+h^S_SSF21bsYrT1tdn~t4SI6Ojei|*Q%nLBdhSVG(mHEv$`GM&^Sa<3 zL9QFDvu!{LsV%r>)W&fn_^I#;VBao#d4{#g1HF;CF}o-7;f+RJJ%a% zm^e!~{!o-4ZWx6))h~nJ@+47*MZd;t-dZ)x3+JTV1?w_B577{rLu(CB4q??4e42dh z!Pa#$cad9&C}fs>E12I};_VnVSmflHyorII-B^j+tTDkN9}x98Ip3)-isv*7u2HYI z%?B5+6kcL}7%}%DP-yZ0CSyYHRn1av;Tf&VAUTYsPn`*rjNV{lN+eKQ3_ulFw)p0) z??wCB^Mg$x@FxHGFkE)x79^StK$4uEjgK&?*1y1l3UPudR&Y1|joE%rd#x`NmB zhh*9NPGS=D-IkQ|_>Yx76TLyg=aJ#0rJ%z}Ojs;JC%1aqw^`mg62 za^Gx2-e!(K`nm!ZqpXAN$}~3A*HAP@eWk_JrllecMV5pJ6;{OQCC`r}Q>4Y$nSfy+ z5j6@6G|sOJvb5@4Z-%u(?2IA@e13e9?$J&py_+{oLEReqOi4HODu=@MDjv;e{5S^K zYJp3eu3Uv%uBOibbWVCIuqGb?&{-X1K24*gWZh8JfWJ5^EUa!~`qWe+Fn&UYa9k(9 zp52GgTmOuMo0$`NynJW+Njfk%B5)4mQ*+BYA}2Kg)}AKN^1`~kX8@`-gmz}pxUk4| zD3AT9VNv%rJDuE*9=Ff|LjZ7czi1js!i#gkizh@1P*zjG%c`2eiyzT!ZD0T5Kw)xb zp-I;O2|j>AGUM6!9^y5UM9oJ4$?6d7=8!TY*8z&tU`_U1IjXkKW(H{+wN<@2ek{eQ zkOk5f7uu__iGxyAghnYUiiF!*89tzD18->A+B&@c4H@^!xjIBlMo;BXqf<0qGCxyY?nEq*{-)dFobZECb8e-5$TJNn^9^T? z5lHL%9I$pbWQ{c7m$4>}3~Qf%Kmiu@XsrQ34hV#TJX75W=!^nK5Um9U*CEc0RAh)u zXA-}1tbLaaK0uc=Z&62d`?5%F4l{@_C-f%%7;1j{pM8`)Oa+JR4V!|+x+1cQ`=gvD z>%>xahn+IxTxpnQZ8+^QAT+-v~ zU4OueD4%(J*eV2c%N>M8qdRIf1GeYLE>xW@woY^?Ej=qLmkKI#1X3+hcHZdOG&G&< z?Wtrk5bL7MqVL4OM8yqRGfvh_U_RFv-N*1jrrrgt!TlcVmT&vteF4SG@Wpal9P?Z4 ztc}uMWqVDh=RrbBR7MZFZ!{Trj6TM+83#BmOw{yo2{|A-shN8>?j@j>@cOUo2KqY- z#SQk7^SJ%(YEYg);N*=bb$=Z#H-O3)&RbUbqu6O-{&P$`y6MG!wsm>xt zh<7I$&%^&m1K+JPQyZ!H;1r6D>LJ9~sAD;-pvtQiD*ZUf*O*sr?G?QqBDP+63x~a| z<71a@PZu4>IuZT~%i8o@uz!!!bu03>;-6$6Hm5wifoNGe{DL;WsR0(@8G@r$mEEio zhzM67q{D>VF6YtwR>3-*F=)G-hhwukIncB(CRk$DdcH?iVVApF%kjZF)7VU(!qeIDe@#}4EedCNEsPj0=?D|QxsI35K8IdP zp2}DKPANEU#WOdvR1fw+&rGQ|H}?O0wFUpKz`>!?d3d($siGy-W`=*ubo*it@%dY9 zmjmhM4cct+yZCw4WO&PE{daXQ&J?!3zT;5VyTdN^mV^w6Q2+c*AWI4~EiIdwOWZe| zng=~bp0iYZzcuti#naMoL~?0ivZ=6QI@9Uhq41>ra9Ex1%ynJs969&*YH<$@emo3M z;*ptqr(feXoo=X4N5oCU&6e@NVfT`uuVE@#b^QH|juJoKayKC|=k$h2GbvdiT(ri$ zDZ1+lsT=yhX^+Ot^!d^W{)vupI6pt6;vFSeO3dwVJ>I`3{^ws&Rh!wZ8ysxANnNvz z-U~I}pDF?;4Hv$!q!=#Ew+^+LhAMTF$6TzePR)LHOkve``}TOqbU#UJ{$r@u$!~GJ z6B%eJe)34=qE-8~#9(u$^7-NPrtr#zZ%z|$SW@;ceh+{V=hfQnt9LZLzC~v>dB>pz zS~pZ!HjO0FGJ8z~8Y+U;UCPAd;IukS_f1B$dp`5hwJV>_GY*ki{5e%4vzRkCS8Fhn zn}@XRF6(p~h}A5WpVB4n;usMhOz?Xi!(P=g_;m0M^3oP_KfdLUC+-*RzA>q@lhf;G zuSEbSX3#a%US=pM%(7cfe7=0#)2?K$Ke{PEW}$cLarTWv`p(Vj`QruMUL;1xV6R9q zJA+Yds=9w}VraEdn3Cv)($NClcC&E(Mh1C~;{sEsKA{n`L39urjlGAo-Z5#i$z@CsuKZRC;ijNs7%> z&hW49O`#s2`z!~}t4b}76@js{sz;wf1rLz#pQV4%EHiKx`XmnPqSkr~BO%b+sucA#3uQqN;Qd5xdV~~+mHussNdhf+aR9wN;cMlmiRz`-<=6j7f#w(yk^VG6+>wbFr zZ{yy}?$Zn((8=%5yX`EqI1$?F8yd{*TUGl+AiB|XqBFCwONXutSI#C+oxy#IAP${G z=BK7oWXhRC#+=W&&LFa#r|*|2!xh9T?{C9x&r!Z-W36%x^vR9ILyKIe`Jt3n-$*z? zNH`x+=o}8YXa(|SbRaRXcxK`r6ThWTAMMe4Ct^`w$dGXSoMMg8h|JQYOsj97!(YN| zZkY-b_!r%|VKhUdgf7;;COt<)C`>9HpElUfQZoZH(NT1FVVf}9c8sD=;ibdmY-AaqJMs-3GE!h0oM68vzI)7hI^a!eZ4&N^i2+8B#E+c=# z@sg1&odd_uxaRD++IMF|4`N&R`tmjxvl*T%62SPx%6NO-Yp@LBG(GPsipdS)#)HN1 zQX_R+WtU@gpu3^f5=p^u{<7rvSDT_|?|4T^Ee_4>wF(w#`ICVd_{xfy*X~}q*D5hs z)Y7Yk?V5G0J++$)!7P00dw@)tXid@K#S3$YgM9DGa5ES>A$Pgg|9p^7Z}`w57zO3TE#d{Ymo)eo)4qnX&k^ARXU1e^O{QBpFG{7YuCOv zM|b2dPh8u=Da?ZBLf?KFRjY!4KvVhNHtizvo%^PrDj2kEc9L*&Ib&MheRqoGuSr@m zpxzaXonq^=DgO3E&2|#JT~4urjXytk8DZ#-B#yoqOn64-=>aG^L)C^-xIFAOELV~GCy7wsnx%Fix%98?zXk1)OL|CqgoM|$F}Ij^*|)lU3* zd&#)^W)0m;Hzn#ub`(KWnwWPMGi5^E!Cu~G!!qi#@7Y!<$c3GuL%089T2~;O&vC^5 zZtN70KMd5viFWHP%y7`b0Qx=1zk2--AXf~L^=Lcho1$spX6A^lpLxvTIrR~sgtDa< zN9ldhMYl-=>*RN;_T6#d5}E~|n#z6Ne>b-*L7a<`-KP`x5rC||qG@=GvV3+A5y5?Y zsCzhkE;NKF>=Vg$Q<8-H2BHm@z8&+n7`xrRFUAu>vv|;gSta&i=y0!`GilX#Cswzw zU0L2=&lKH_n?NF`g2@pCco@JUipj+DZD&WlyzOi%_DQqi$K#>I{p4%i!Fx-+Y)gio z*X`;B2@0!NoX&PBm!=BNH12I162?^9NVRXOvh(QZutbsKuD|E2YkFn~C@Wm4RE4;K z-8qmuD=_v9ij%?JdWRYy!AfNSWzLhIKr%mxVzNLkrDi|p)$H>)DHE~*Ju;ROe5{>R z;LOwcYyXIW##0W|!QA$r#ce?tLY_|ll%5yDgzOj)H!1A4^O}sVv+D4}w(7g+*9dtM z7dh%L_1!V@T8RDRm3Q0MWBNw-&L-+OI05V2Uce1N{NGanhtDQR z5od3Ul|3zPLZ>jrcrVTk@u|37oJOU5xkuYAdM10zK35}wE1&1R1KL`Un9JU+dhxpiPhLY_f}rCa&cimM&{60cEg4Gr3Dom z&S18}P^MDqc;^;vPCEuNgK>|ziP*=P1I{-V2V|CtnbV|t{r5zfPHn>%%vg;Cd(U9w zliThVIXLNhQ+w;WRv+ZWpH=aQ5m6?D9MQtK;KWdL34;!PL7ofX z%=riYT`(ktAAoyv?k{M1- zY^;%<$zdJHH+gf94>jgBqT78DTAXQ)MzzSA`rDhPG%MF^k@;E0=+iC!B|f+kOdfjs z2!@S&jJ326$57ge>2S_>7!9wON@kq4;$S%H`D)X?2F)R$4FxY| zi+W_>@P^4^abd3RDc2xjegMbf2OVxmNAqX3shhaJcZlCx20{Mu5Wr6Nf380@`GFC| zQ1A4Ya!uybQPfxwcP17unXjPZhYe&Fh|2YF7>UR%<*ezJ%Sm)jISZAVQ2W?w7^X~d zGI%+b_>)i0zU4GrGy@g)e?ERQ zdl9}Qx-=0tb{{m~THtM4$)=$M*_@66xM`!kEJNfiQ}0Kx3)qqSuo=3x#b&|@?4@B9 zLrQj04(=1)@81Zf1ou5sQ@+5^7-;%DR#tb5&5o~9{l`NuAkbpVp$kh>DodZ73tPN4 z2fiG0AIWU3e=&rOCtFJrUslgc7B*d|;c!%RpM^eW6Z3n;aCTB$9L4q0qz|r@sPQsk z&!5%%mEjHy6KuD;(o0QyQK~Mu{05h2-0p{Ez;`+|DW$}U{R!oj^_R1y`E!r;x7Ubu zI;pw0RqtzYDueJ#jYyPin&{iVBresvRpnY-t~DVSLHNy!pV?w;7CM_OGFp0w59Ien zN<&EEQU=-TSULNG*6yPf>oT^#l%bsFE6?~+Cy*;HSn*Xnwa>&hFc{foKi*Fb%FDRp zE=Vo(?z9`5BG6{*|FSI6(*ASB;);>*;J@X8xFw}SCFQe^#&!<_DePxGzj zp=4m}dMQFG>|f~FvWf7QU^;n>xx=PMhCHM)ba1EJpN6x+lKVi9J!3nDlG^metR*=S zLv*jxUN^LD<4FwFDCXSYNlaR>h!e_$r3)hN2|mmpwj8j9or_Dl+%d)EnGUfU*7L~1 zH7a^)I2nG(4~5IE9_HEizJ6{cb9f@-)Z9B2TLVXEm6-xKG;L-8i7{@I+FL6M(DhJu z>y-f~7uh9N&7UHsokAE(Ix_Ti&DNM$of7L~zP1zZ1^cb!LCleFwa8y;8sUk*aoxQ+ z-9Q9RbhY_7J=ZtsuzLwKMpBz|fx~uTsCO7dg^_^Jy#FN%H$fivu4Mf>A|}q>`&q?v zSS|nH?VLWMaNIC0q@gBBEtbQqwO~l!86p>>Wi#J%Qt{ z9caE5lv;fLm^f;E|BBWh{ zA);b&ek6K;4v!ytKy=RmieE4Iw*{ljEVu!e{Huk|swzpJyNn=eGuxgZ2sm?8s6%`V zV*fn6fd5riegx6E&zeHr?C}nj)J+l)9 zPDN^IqJRKpO~wf#N&QEN=X8OFS{7m;@u)8 zU53zz8oD;kAA4dP@fScp>?TXcZw#O;ATwdT=oSHOyu9bhj`1Wt_jd{gjSdDt&MbwQ zgnxi0s)#q-Ejua(pyiwtP=t*S4=G4?VVwi&XlKsziujh~paudV{^%EpUs@PQStxdX z2{-yl*yMdYUl(ffp|E_^#&g!t!|3>Su1}v!bgzvVjrKxBR4xLflY5;Smn-R>X4$j3 zf%Et0L1|x%KJRe<3ypZY$;6q2Nw5hm4sbo3vu5TN1OWEWLXQvpH|?kw_2AF}6%$W+ z4!=kdwL00Dm;HBA|xTP+@cNbmJX~k2agOA z;6A2Hq3%}%f`HPNekrj;`w%CSQ-MUa=+Pxc&xNpIh721HIu=1ibgZ*RJ7T}Y7l15N zs`ngoj4r*1vrR)NgGcxKh5WF<^Qs_;gp!3Hwb7H;b`IlM7#eN>zq7&{yH%1$?W|6> z<38Hii{iZ}qq}32#e4nx^AW#mBi7uKC?(5rnn3#&_fdMBw%H5e97fM~xSuOJo`r&E zNAItpk4MbGWIY3|*XO={tqYR~y=zg`o~llyZ5KDG`II_=boc${We9ryoI2ES>KRM& z&kTpW08`Vh3GGi3Av5|W@l#1W$&>XmGMN?g!};Sfh~XvN0)D}BzA0YXj2&t+_Jzh@SE3FR z1IGtKh8hyBxO3CepN+jH1U05bmwLYKI8{mSUS~UwOWjDMKlF5`=e5y9T4&t67i^4Z z{asZXe=GJHq`z$(P)I5g1F-6b?hyPMq7Gq#ZFZ1xXxJG;BqC6wzUlqlZ@*&X*^x8c zvSqCX9?2|aJv2ibce=`smN|gUwZ*#q@)beSww>w{iqGtx@f38}mg?01)lHWp>|~lU zAkKqn34ZA{0)@A?Os{!E;K-KjvnqeHD%p3y6o?-831D`-XpjDL$l_HJEkHKzh8eKy z7Pz4riJY@&(=8uc!T|G+O}*EwIDyFCSYU#P5W&6bC7e;2DTU<8)N`@&7ujxdsiGL& zV0+7vkNgd7(mxM{>s{`6GYw7T2i>}}At7rK?>Q5R>5`Y3|2UPVS)Mj9?Qq6luky#^ zY(=`0v+Oa!ou_x6`u=JP&}mUN$rJ9x%)VvBUgH6o8>bJ)Yfdhe&31XTzE01a4my?% zI-#?-aQaT%y#r<(42zx+{YG^tl!f=%p8!rcEa~X4(eJ;qR8833;FgI zD}ELedH&S=$L8@ zugDt_e32794CGZr0f6_cvu~915C+T!{aIO_XgOa{ST0ZwN}-evST#@07Vho@)6Xs< z6MDclBe`h;D4k@DK5tT?_lRWtpdanq0=xt!$rGXk(Qi?0$*uqj$Hnm%cw!%gNY4-U zyX2^iB3UVtBk>Gd@5h#1wjN72mh&0oWsWuj?fMvk*?TDybUPAns$tmZ6G1RD`}Epf zih~m-03Dqg{hVrMWwfv`S+9a5n?}nJ5_|@MK0(rpz^_J{@C?|>w*f9NR04u_4=QfA zvn|p5vw$8u3r;y7N$lAK(e~hqV?zcj2dl-A=zaUDdhf>nMJLPO;M>O+so?7Y zI#VpJV^xiyP!ST6KMNF0yTyx(u|xtYHo4c^=K{ofWSETe)0+=%hY z0pn%quJBLUkI)OM*Ir>d5|e__H_ENvsbr!&dN3Cfw^ZN@QkYfP0;1p*KPEh?8x{Xv&*f7I>{ADke;rmfD zwc+;ySN=squiplFFLL~xQy+SW*9|;bg?zRj{tk?ngbn1b>H-0%XCO|oYO@2h%6^AU z+WK!#o2^V#_LmwNBTWe;D##zY-#o(!>SkhB_DrtjQ`}l ze+v%$AS()Ap1uqfUQIuk*9C+TiXa2;GNQHDewj@78R}hzei$xFCX>dj48T7uJrZ50 z*-|h5Hovty!nS;RDQe)9bzg9!jI=8`POM^j$yTA&z~$^@8RV*@Y-S@eJq%cQ7Ut8s zpCg4-ZewtxMAW{bF&U>a(H7^AD#z0G9Y?3dlD<_|N_W~f)eTj#pW?MC7&>gxq_poz z!RH%Ic>`*g3s#x==7zKJbr;McYpnanqKfH`E|HywW;(_rPBi%K%QJBQ3*glEo>}1c zhwiy*bc6^Lx}KX4aBg9BJ;kz%7b&$Dgx2j&1I7DSDd4XimxaaI{PBPv%RF^qbBX9N2m)GK%u9OZOsOMk9E z`@q{<*L}Vz?!BVaJw=f+iZ+JymAmjedV+ zy_2cn?ufY3CE*gm*;Y-m=%`0e?eiOz#AkNNZj&uz?sZF@7!RG79TiO#-Ypd# z$+P8?b;6B;b3X_}KV2#+-SCO~^UdbxS!ATXMa3J;PddHr&5jkt7j&FDVpH-CXW=*9 zsv!1xYKc&~rzrCMVrXCGQNpZet;WO5qX*BK@yVUzJ1FOW=iHe?+wL;UJvj7!H<>$` z_sGFBSKnpjjz9DqSSsm1?1_a68F&*5%6?aU3-Xf@Y^*WG?yASa95A_sq1!F}EN=K6b? z;4(bzP0Kequl}Rwq>mdN^M%5$O}@$_A!(1lVne%kNPJ7z%)a;rwf{R^r*gE=}?0#eW=cn=B#G0?)TIJuWR34r5P#L|Ej(MdtX8hRU50?duRK0B# zVPWpa+lO<8eXCKa%F$U9=T%DZ(Q@QjuRD1Xm-jOl)PIT)XZ}oz|w- z|46-&dOIWBadzOa{>rW8a4+896TNweI&Qd8_sLOR*6T+D2kIaB&Q0FBQHkzu{Wju8 zH$Cei)p|)X--;=heDmP=+fR{>z7x>Tw$edNSMb??I?cZIUtyC&Z~I(GGKMJ0!ktW z?rNVau%L9b=@HmipgvRryuA0PmPY|>Sj&jkrA9ucC;>34W_BvjJAj55` z=npBJQ>}M-)Dh&KcQwl0@<$|ihf0p8XmULC@!*vMXhHctx$+6akLRY1I-WD{Pj1#F z(DOyJQC6fcky>mHBpRWc*j-1FP%lP?Af|~7UJEGg<7iuPE;Xj|642b*W^hJf`<>nF zOO@R57HcQyBp7RAS!ALx3FwFHfrAiqO9V&A|2StL9OsL48)evOu=iQI{m~ z$#>U;4`!2^a2m9TjC5f$+R_w8v4ilVVFr}Q*7J!^vRzIwq_DX*(dr#%z3N&e>^CCo zzHfOqiP<8pYR@eovCYZexvf?3h%!};<|F+wJ6^LF;d{t?E&6^rlko^$9jTh-95y|+ zw^@oVN-Q;ACfEZG>;FPW>7d#Q{#g)tK`US?c9FS>j@Mthtn#4J#1 z97XGgC-tU>PdZVnUu-AKr&+y7XZxvcskmZmq(GETt*ff1Ud;MnApmEx&Y zgZp;#UuxHahwW#Bh9{SFy|&iKBAL`Vs@4P}HjHJNwD8P8%gy|lRWCFh#0eR7CV)Wp zi_cz0UkF3G(R!-Vdll&}^2frIo~f{WU3hD6NUm%*t)I~+q`9zH-nZQiKiG%D-dWZ` zsrb;YWw9qC+1~CvsB>tfO@k&;jjBg>)!MMrolr{1T9sp+P*wUJZ+AQOf~81y^O$hu zTD$Gs!z$Y#o$5@Uswx$n)^L&9`Q(dK0xVuuBaF*OV{FaGkT15ZZnDf(dzn`vMReZ> z?mni_FAh3%`kH=N^(4mlOJ5f;^&RP)rKu49(wU>!bX$w|a;9RaZ`b!Fos4 zh_f#8`)|L?;E>{-)lyga>1N}u3H1IqzQdhbon+pEzU;{{Yo;NA-ewmco0L#3l*kH> zglkw8H7WlO7Wzjj}i z<+<+SfL+h>Y=f(mO6_o(EM#${q+qhDq+@!lYE$Vb^!c*Ck4D9mY->DI<}t5lip%VS�$wQqZe z5~4ZqJQL8qR8Dq}K({>4)9q6@l8i@W5-)+@MP|QdKa)+T?Dm2~{|LqB%7Bi2*SZ?f zIYRk(GgYgooay`iMiyjdU#dSMS>-py#*QVy_WaRntBZ0%_Dx8K8dGm3~cq` z(se6P6)PT;@W4im6{|rrh)v4h`wwBDHef&H<2sOgF3q+Q7^3Rsu9Xum=#outeVl`r zOi)GFQm@-g$~mKjXC%U27b$OPiM-)b_9{XXhPi%-O$k*$2cO27cL{4K+KIUz&m+@U zBUTwZGtba2T;%37q5|<08Lo<*a9nW{OJCFFAxs?2mVhWW$RTeT_T0#E*LHzBvIOt$ z#ZE312@e$~UGPdvPM1p*EHn;o<_|@?>FBvTWM|*erw_nA1wS4zw?l6~@#Q^+3vAA0 zoU)eeiOzaxK+ScNe-!BlorRIY&_2UUHT6>#`I}O5Hamkvc^RwR!gNXI#o>-0nSuhX z4V3(By$)UDREkDbkoQ(^j=lLP6+BdmZnROI0L#T3)jLUA3NI`|C6jQ>(z4Rz|9E4hx^Dk2As1u5LstZp+(so>8K}n!m~$xZ|}Nk%?;mJh(4qFjd-V z*lAQRJB~&OJM0Im2 z`opUPD)y?P+n!UOFL!YiK@kbt@m9s}v(L)L7H!~hy2}}K-UvyTj%q^Q zrfbd;RHIojL(yYJdT?eAY!ucWh@CYP!-nd+8)tXyo77Fd>o064VtsYF+*7?!GuD(z zpGf4$Y^3>xh_(CR-E1Cl8{U!X_PSLZ#7L!MF!`TYs9qdsE92K5p3{oBHlmU^lJ@^# zjGwTvxaQ6jN1}H_Ee7PS`m-ONenfcxV(bV{-r2->T)Khm!3SRQt8?$R4vsg?^BiM5 zK0ssTiHzK*CftN9N1QwqFCwuad^h>C?-jEMU31R1y=~P!!6~#jD(N?EHf~!DMYV4j zTk*0>neXs7$sg%VxTEMi%viEPvY<$2SX*YXDCfGTphry2t-~{-nN)TA4`i-Z-}PE; z>(A?%Dak@RZq^p*QMi~Z=(oPUZIeOjQLs zq|6#O;WHgc54nt_kOIvuF4;#-4-#1DCXO|zl5x{qeQPI3;IGjITNJx76OyZ?`Hsh1 z!iBokjJdk-yN%ni%YC_wgpv#iB%Kc_+4v7;2RGBZ@^H+Z_n)I?ciJk?t`0bzGbFmF zyVpyu`EB#c;(8Bttp{jEcYL?exGBHNHJ%0-Gvd3BK6 zA!6L7Z15Rs@M)F|mDfGkuAGQ%?XBx;Rs=Z2r2x5Ur@g1W^?7Yz)eDdhMU1$pvv`QY z(PHViO6gsa^D50q5V~IH%U@Q{QZ*ltZFd|$)KflIdbS^X#yw1-VVFsaH%gEvPxi%Q z33}O>j!0qc0n?b+)sczYY+)jEs~(|4R)>=Kucz`ABe#72H0o0~fS81`Fh!MA0i)iD z*YfS8QNKeSQ9rgPy6?C4-q8XWD22(NP+0aM8Bh3S>#d79F8Z*F(rIMk{s9Z<{a8F< zxZ6_VDe6?WF)y&+)sXjW{_P{W?F#QN2t_LS7?emtHXKPdbb&Q_DsG&&}Gh{&F;dt-25 z5x_LF2OVABOxRq#xN+~e0YqHSA#NiYtqIJ^v_bXH3@~xmYgC!NFE+HlYe0VA^!ZhG zr5lR+l3ilD)L@tR-*L{?x`p;8EFHI`*Sxsi+>ThP*z*WttCZXKB;Sd|BFlJt4%9lN zx9MJ7S{|-ewx1FvXX9T6X6o5;evY9Sf!9#Aq0!jP;yx&~*a(@7!zE6ze5$YO;%0OF z7NQ6jHHidXIf@>sN!MHn2!fo^U0e7bwr8mGq>#s4@NLhnC-8CT8DAKSP=UyOci*qc zUR*M{Dr{7JH*I3A%176aJ>o7|sWV~YAsDwg>FJ>b!(Yfj^bma>G4iOKOY%?6_I`(V zsV@j3Kq5|^{uhca=**vn0jPfhASx}8C!&si4L zG#cx$m>0>NeWPL5Z%OqbGA8J9!pC;tM-l#=$$g^)D}%~f<)*2}6#Ns`CUW80GUL}u z*|aOrvp6Fh0FUJMof0VDgu?x(7z(55Im@IDMSP~ulcdqBqSRhmh6C}5?Kr-NJJUs0)>UtN&VMt6Qs3a4I<{-P&}Zry_cLdvy+OAiU3)68^cNSF zCb?U?{7#8YMCWkBdq&+w50sfTYqF1=3~VX@0-NjlPw0GY&xa4z+Cvt19%!SjiPrM4Q1KDw%&-xIQ!7^TuoacC64T8<&ke$e* zp0Bt3B$B1yp{LLx=q=c)oFUUT_6BG0!b)$8i}OJ!JwMsIs8TKYq8%5xwE}I3(G8)m z_X13>fzEx`CJvvjKmgb_hU@JUxXac7gFes0GcZZw!TzK-Ga4L+W7?GO_;L+cXZT+Z z;H;!~6xnBxdkT;xNiKv`(>&QdH4iJj^3T&(m;MgPr6yZ}3xjxW%x}z9<3O6^l6Sqw z^m6V+Hli*2se0avU91hk9m%aPK%EEfd~J#Bg&*Mvpt*CUz=?i&Zv_5~#Lr*jxTDZz zqa-L!J$!mBtTl65{7>Zsx>)?S{xy!WxZk+u7i#_iH{9vfJM>%=jMlX)9%^@d!NK&F-`KtRq^k8kEUZJh}NL^U@Z& zo&rkcvT%x2aOzXI2dThCqy#MvqEM?=POHL;W8qyNL2G~R7-OaSdsVBtoaehDBoBz& zj^%KP5`ZO?33h#sg?C(xt374Q|r;0 za}wAKs1*pc8;T+vgyHmYdSETP3gu;EvqqmA;ao7zqe$yf4?3GU*X@q&irZnOq8 zHpZ-UGgY^NSV?I0v@Z;O4nG!f8cQA*ylRt;+T$2nMJ`eZuoTrqeA^q!(PdrS*13-+ zpLDn+EhW5yWibMJldFM4E_ik8FOdCdGwXGLmz>-0ft>C>55QEKg!aEzwe%S-tly(J zdXl5GJ5+sDD)*j#Lufq((I8r|3npvQRaewLxJm3Pr|4CrDKrR^%|WiC!-8gqNv@nO zQEm>~dVZ~6J~=P>4vJDtf0-`qcCF~hBPO#V$AqzB+dL5Dsffhif+z;6p*yNa9u2P0 z#o1!{D@Q>pF8W`5<-d*Gcz#yZ`LkPgcrxw*!~A)2?Ww{KbspD+FIrCmL#e7w^jYoh zYI>-SfV~vD+FW|te_LqzW(=K*joS8b#(eumqrB{vTVr)vzAKFl$$YEfWJKKYXasN1 z)XE!fsPWfVoHGYhUhAWZykqVk07PBw)lD)TW;5c8I13HAmi#`zs?a@5B*rGi(xVnG zq@j|nPvPC5IjLaDpQnI4cedMO(0im-ZT0bT6KJEZ=HLUf(m{8S{yEFk`G4K5#h5y3 zE1)~JX><2Z7{&9{2Bq~#FN^TzB$@LvjPrILZjKQ<@2TC=Gg79% zt#ThtzmLXWi$P7gvUl$tC-O6^F5Mo`M;<;kcS$in*CpSQ7ycHtyB_~UsZ1(m=7R8y zfLZ03NKxG)PPgktq6D4wUUh#xCLQRPrgcE4^t^qtpexe2jr7pR_EEj*jBvu6@$$GHdV4OP^c&iKA3u_Xih6| zUkNnG_`x-ASuurDa+I5^Z66j402|x2c?iQzC_0)Yla68xnMX?b!14z2V+(8bq79EJ zFG4JM_$D2{fR~N6-ZKruQb_ud6TI*{nP+d4^4dC$*g5Lart7C~3H?jD12w3>%{SAD zbZ31DVR+eks2Sy(v_G0Fn(h!lx$m|#KV}Z_{%!N^;G>b^yPVRS=g7_qPx5J~0et%g zVxOu~os~nmAiFf*scL`<+a}xgY_5T5^kh_vd}Yo}e5dbhv-e>*lF11Xc%Xpa zN!|=N@^s1C=ei=QuS+F*&!t{ZHXEyv7E`R-Bw>pz6iMkE+}{Zw2ot&L;I;G|bkmUR zYJ^OIpA+^wYY=Mq;d>=Ob2GQA7vPY_sC*gDA(WKy-&#!Dkp>8LAQAV8>&5c;(h=3Y zLq9yFLaj6C?fP-qMr>#pC4|F)%3Y}2{pD4T8$|7~5sxK;q$2KN&tyh^!u-RaeJ;}> zDYUD}IcNy^WR?AV#vui2UxO#Y8|~^}p!^SRaRi89|Djeppi~z;g!-2viqY7-*-AM+ zW7?G!M_dh>AwE<2b9Zcbm$Y9J{`BfUrhbeXxDk9+lTgRYQ=VnA8P}Np6};0k*zBwb zK1GRZ5I)Ocj*B8YWk*WQ zOxkTh!jTg>n;=S03eOkpvxntta=9G|#7*UQZ+?@b7HH7a4`Wp?Y{@Ku%nZ)v&E#2= zVC?_?aIP*CS+^OQT?^Wn<|2~Z)_L~U0+NN%xi`1klIL2A;AjqtYE*ww##;YUrF!2n z0ca(%J14cbvZ)F9ir1xUXV+D|k>ykcG&IY6#QpY1pu7)Y5O{DYR)Y;F|Vp8X=k~yj3JV1SGnbdIclq!R%n+; zTcZ;7!ZYCDOuY0DiOYOe>xa5Erk6EuLS-x|DkEkpl zG$P5TlWGr)n?5mHzwg=5si)f>oY7&j~8}Elkmn1*v9ktLY zsfWR=Zv)P7(41 zX<8R^ZQo7hm9Jz< zca}W&(P7)J@h^$mWOghxx8WdBb`==Cb3QOduUB@b|J0smWLW2ys#4lIx;cQOam=|o zE&h`f`5R|@r(=ygb)VpTE@-=DlcNhW6E_uQ*JGqemK{QKfmBhdk3)lF9{NYx<#{5j z2WPm-lv=qm#8WMI{6=?IyW0WirCc%7n#jHITJ^Px->upJ+(pEJT_j+C7*hq30DH?a zD0hA&SDkVzBmuw7+@>qhvpP|vyYx-XNVC`Ae7XvlN7$IWlvw5wvO=QmK>{9Mr*ldrjl5U^<;1?;K8Uv;a~owLy-$+BQM?BzX< zz@EFP`?49@?TcQ73H>)fW{&_1ns#&poY?lKwc|Svv`H-bO`0yqGOQ{wH~l-qm4bya z>Q2JnULQFYQ?Nz#RNH(>eN~_~S=2gHf|TksizZC0SnKNSsd319JMJggTxlB?d-eq` z_E}24m>Y~B&?OLfKqP{Rdf=Ze%ULR2Jd^bN459=Pi4aa;>>|71hmzKg`n7^wW*^^X zlSB_sYrJ=l78(|ysnG;ZY!A?GG-p0|pK71G$ouM%uU^kQ(Y2?Z>5FJCqxzt`PRj|q z!w*O|c1+P@ByLY5L**;B4k;{c1{PehZ(*H`Pr#sN046n6j}Z9w+{Sv{L=Vo?53MZeD{jw6ZFdIZ@VDLWuGYVIo_Ns3 z(dZq3+evVJr|v=GBGnbJD0xi=Tf1|d8uYqu7e8lZIlfO4^h`Hud5itgBMjhQ89-5? z_3$nrC5x^8Dg4SnB$g=qn*^8aRGME-Fij@7*EAfM1BiB0@2%@Edv zYSk`cTDiBp$~LqXJ%KvXS@%tskL74xMjXw#Eu!1P#VrNPESWu$E>gB^gFU#dc8j0c zX|Cq#sizEAo)l6o#p<-i8=AsbgF;T)=&A_`aR_9@oA(%Qx3SbXaSNSJ-lq@R1au zB8?(4^n+Qz=Ql9;!>hc9o;z7erOt|7F5PFL{Q{B*v2E0+73&OSedU(RQ?p4eSBK>( zzT=qH_pP}+%iDu`3nO<0Mf$nA*IF^zJkn(AQPL>M7q}XdZsJ!G@GBf^mz^+m3xd>J z*E#q{>z0Ey+Ixuh6_QuKJ%8%?zI+m0>DJ{*%D*BEcbp*f++E^kR$MuYKJ++8;NnQO zL-`%x$=#zcLr3R6tvqrBxf&w_c+&o)WSD$GH&fE$Vr8Bq;80rw`SxGnj_08&S9kBL z7#wsuiOSqwsh`R>`!+le6JLF>EZhfe{n%~&VrdYy>+s2JaTw(Qca!p{%k9#f1Xw)t zu8o>KH9y%Z6Z7f`>Q9FTfDj^MlSp0+2$4>?_U{Y=7LmfKiV=M6U2L&_f{fX=G4klw zxLK?j+r26I;seKY zA8Ruv83&7r3OYp%kk}ivr^ryQR(sSOr*ek7xy0%CZq@S9eKbeW(pyhrJwL24iUV~J z+e+`Oj3Wm#p@UhNq}CODh>C{hYD*lCIq`7u6Z6!%{hbxs)nut_Vs;pKXgHYUp;Wm( z{X$3Ot@BP_37|>UG+}G+VH= z?C}?TWA|Rr^XEA_6uQb2!YSlb;qv8HG-x*lf~o*Kgy-J2km4g${d9x>NN6?7$|6|| zfkoDbl*(vMI$cObv{04(%kBovwC1cPIJ(Fy{m~{9VdwAxsl!~yaCipb3ssM=)Sn3} zi=yyCZb6V0xW?&kAw8e}sRgiDR7#ytM@dd;DWW=`UkqTvg#gvP_Cs|WJ?u74WM-eS zVgnCXy7FKo6?iye_6v>o{^j8UvD6CmnAk@}vntuY*9mYlq}qFsJ|5N= zT{Ppy^hFi*m!Om9F1QRLxBtQ1-400e0bWH7%hjSu>A44>op90V1Pox1&+5V*<<&St zbakaWL$?&ME!?_d%cfr?=~{F9M(ejUq;s6m=X#i!%@p7id5`&^Nj0~r-HSEL;qZoW zF1w+>;Fq3&)ym~en@_nn$l^}n%%=SXZr^N%}(pX>_;1)rzr@_(I#_PRiFgGAK-S% zWTz>3!M>Pltq{M_jfqjY@%i`)t3i*x!cOJp10*7UWNqB(j^2W(hFa11r2$2r8@jpa z5B3)(upmF<)2mJW$7cRpAo!Y9A+Kt4NB6>kxOdNah0C{+Aw-+g`%Wc!q z;OKjS&!k*-=ChN?g?;WV@A+H`W^JK9DN6GRDH&qU>xIkN6MXjMn3%VyX1$_AyZFY; zYn2;H{fA!|@f$-y9Z!y@-BGfxn@@#m%Cbn8Q{;OGGsY2@?SDd{8ohBrsjQuXMm=So zn|72KzI0rVJlu3%Z4#h4OHWi|7cj2}k9?cu%PbhjlU$VSjJk-sb$octh705KwO|vQ zFJpk6XB5JoPRaRp-6Bu%oGGzJ=52#4mVVv}1ZiW+NY};$Ovx93Z!}c2u zL#>*fas$P$FzXR<+EfsU8;g1N^G$Uz3IsINZN z&FvZAKd_{-<|wLpeQ8SF`kH{qq;~?uNl!BDK!uoNpGWa8{Z)>!x`%i!ASIpN-#c!M zDf7tU&G(9Rzv*u9c`rNBSTydY#KeKk<4E&6U>pDPRyxL0nL;KV-a2L^-kw`EDq@Bt zOWCO9Q8s8oiXJzG{)zVu;{LiT+-tgc%{vYbG+-D;G} zk@hNe&OIML+?gmJ>xxyV#o*bq_qJu4cpvR@c194K>=P@@ktvpEE*Dpi7VIX<8EmqOP**DBzN?P|vo< z#H32#zTus8cE}%?@DI^8I+(1USs8{!a#~X=(kwvC$2drP4vG#Et5I!p1rTvR2|VH! zCZe{OnA=Z!UJI&lH)lECQ$u-s~1>8|)E|^q!Id=iyFMWXG1^Yt@nC(2E$G-x4e4W;0;RF*jhjXcqyDKK?a-iC? zgIij+M(F;mT=~h$t`matn8*ZSCq1}9Ovf9awZ3J`xA%%MT+k?Lp+^qnw8-G6s&{2D z&mv54SbtdGcft+c1L+h)2WkU~Q)~B^`+OpP-uuKmd7n;}OJ?x(59!lC`j*I--XQGc z|2&S%u%d={OBjs?@IZQYwCxPpxl=x{>s$@P{A|1&Crd0u0nfOTM@r{d2(oeZ=ItGS zBISSVNd3`i5GY2N6eM*sfl9h3dtYH;^bWZyFBnn4>ZKc^>h_nb?B>Ej1{>Sb+>3O% z6T@v1`oIRX}_rhw)Dto|6_Z%y12!}{m)nFDsAPAyCHn)@9@f9w6ki!HJYLMy7#(YUUIpm{F@-Ui zcaDeoV)q_12-Y4BRouQQ2PV)&+GgM#kA(a`GxGP72(D0P&%b@lMKp?MBRW#|{J}|2 z`}ch7(Aw;67=z@olIFVw_2Fvdvz4)0b%g#qYV3{KXi%jk12O}-4*08Nty@a}>y4H{5pBPjn9aa@^H&ik++O-yK;K^dINx&~ z3y|cc^e0~Vx643X%xp^8@a~k0UpzURSHW!7r*bijg0h8?il-M&)HVDXTm3yy$y@#y zRP}yNHM())HUk*JO4Pb}1tZe`uJ-*YS06br$5nxp(}7m%xf8=ahhcdP6yHQz0;6uJ zEqL~X)&F@DY6BXe(^|LABeYBvxvrkL%`ymYVRG!(Z~zj^|5NvV4F-IAOacfe(klre z9_-y`P7oGn0Gtyj&VJBZ0d7*kPI2b`AAkDW+!lvpYM`%SLD|c0km8=WjRW94G_#0< zv4ANX_)}4S4F-HF!6?)P97I!H%)+TZU%B2JmJHFt0yY-q z(gL8{ma@(DCoK1`Xe_O!>Fz!|h~PQ#jNdNrtN?lA z5d-aMiWpo^q+@M>>%2%?Ww@b%}=qmigsf zn}K^lktru`qj4YH#=)#X>e7^_5&nr^{&sn(8pvBG=%l$~{(|z?gn$1;egjx3ZwX_W z3L+3dS}tDW|5F}+t-~`vOy&0{VC+&PS`|**CZ7)6MzGv~9%EL{p7`Z&m;afS-zMXy zwESmQehK`~Pyd;fKMl_hY5C8r{M4G?H0eLH^4nzmoS^^A%1>kR3)%cZIJBPJ%|Z_tcoch3y^g~c(SF1-P< zd`p6<-yIzCf*`7`QqwLPN9X{pgG8SM(h;8@(EZ_d|kDt z{(s(g>MDq}|9xNY-SeR8B8*%8MHo1ja+kk)5gg23ZU)G?-dt$m zZ&QnjLICyC7xen2|M}OL+9knTBtIS0uN#xofiuZ(Wf;-Y-m{4@HYfuD%fnZo9)vaM z=+~FNe&M!{A7G)gF0aUjhdMctWa~~ z!PQ^B0P~6ZIv8%ZX*cmHdq5#{Zf7|C+iBEGgRnAD<>4H7IiCMs?(Y@(Z{~g%^#5e; zKW+Wbl>E**{eN$SO|YQ7>KsUV+PTN2^?Utf7pg&zzs4Jj3*a0ID9?Ex*w~fdRT4uC zVgZu5x%5uGARuMG6Nvvtzxf;nMm8~@Q~UEQJJ(Cj7HE=4W?)!1^79D0`@aq7JI{DY z{MlQ|_S2`90nw%Pou>WAU1)^nX8%(Q@be+X@1H5ANR+o*G~5!)7tw8kDte<6_g`Fw zbX}RKF!i<+Vgsb~I@lxRe3|>{KX>~3uQve`{01u9bzU5>gx3nLovi)9m|+y|HKGKD z;)MwwqmLb$0g^X*0!T4)q3Q!O$>-QVQ8QOu3%JYC*l-+vDL{eV{ba;)a=NIWJ!?IU zMf~t==0PBqM!@A;-8a5Bd{_VtI}FxsrBA%#GH~rM&yZ^=ZUBOeE1R3V{1Z!HrtBk& zfuq6t;SzocLBu8nV|bn2o;Wv`8--wS_~J)JKtKCGwBZd63Y9&Ps~Eztn;vGLq!Kyn z(F=#yxy4RA99-7lIK_P?h~;)QTv;^DUq+PR@(q5IKrDY~r%nLDBg5;=7*5%ji9h}x zUU+*PQ?bo~;-2N8?Iy<*sHP_Ar0EYbarzwm`gab#3CBn}Rt>q*=O^3b@Ie0jwHx7k z`?t^Tn2Z;WT}znVlbl(Om?w+S?!NK|jwnujrk!N1(LIr4$i-a@HlF0ZfNt;Ijkpo%cm^j`1b&bsDt%=9T@Vlj~s8>LzsX z|5&b@O7#!B_=2CN6{UmsExq@Z9Ta&_eAVG3#<2F34Z|90m*=&VK)a(E<1axOEd{2( z3Ld9Kz<1X2s>V%LGC5;_?piuDIn@YF1{U$Di~ZDm49E?>YSX)kPdC26`ULz*ez-Hp z*@RT`4+cqqDbKub!yBXeu_^|1f+2I!-2HD^urB@oYFUb9Y<6~NhlNEF&BmtYw+@mB zli;FS6|A4oV68sM*8lZOJJ{Gj`10Y?BU8##d>$oW)AuZ~a2KBvB8m0S%$wCEj6m@9 z^|IL0^P5M@yn~WsL4n<5>HxuxnuHHbPNTDd4VRj zQFhgrMquyDzV#&UQu(WWALcmDhOxTB*P{Qc{*l4^TY-ve+B5v2;(wiTLZ=dJhbI5! z{R#Xs|;w*>|F)h>}#Gq^6%OVX;}uwZQMIu|5GCcEK-vd6T_-J&8d!V^M1{hDwX3w7v z&Oi+4G%s6RyFbPZ4A~AGe(K!B-wdfbQOSPiF~*?1Jz6KEF1{veUU*gOnM2D`aV{nY z%ms|}`+KD7rPyCd6Snb_a_i0C>6(Z=ltEue-S?59XvLXiBng_bu$$$-_;YFN@xf}1 zD;T?VbwAW+yPUw|RIuURsH5+CBH?_VeJXRFEZ=t*=aNQnGLJegd%d8MgN7=wJ!+&r zFg4wjVAkQ&>$r%0&m1H1q5f>noK$Z*ezFi^%U^Rl1{jC|OQOn2_wlVyR~j@o2bj9} zI$#;lKUdWI+i5G;y32aL#F99#DKv!OuD*(58B_u1(~EROx*v4t1rVeFcMKLvO$@l> z(?MafajciXIX(M&<-&xwXm2kQtsk+aj#R0w8kp~Zbf?9m{a?c=hJnd~sCQ8qI`xvs zVnI8#dxa)%Vrq;2q!K>hy<6OqbjH`Z#$aG#py+3Ua$17+DJ(YAoW^dx5K;dv|IPAe z8jA;X-&2|20H!fLWv97`1uB?oYo#0&Y1AE5u9XaZZgqwiD}gpbZ+SLBx-*l* zVd^5rSr-o1e|XEed}xyO>uH&yU#{-^r-<*bGQ(09tXkhuPYWDM-gL(%Xe9+JluIN6 zOJ52Yh4&wHg^HZ9ptau0+>ZVs^Mx=hsIGh3O^2V8>s<`iy75XkwIA@knEAISCIjFkKKnpl7*Q@e`@Qv=Sc>~Wbq##P3NGz`De@zWW->Wz8amw~XD z)hpXnbQeLuN%~zgs27YFf)Ti?gfh+nHO#zPiugh%11%3bPjd$f=1BLhnhZ5f8A>85_mZR z=5*hzFW+5h94x#OgK`=Z;<{OXdn-^#a2umVHd?FsLR3I@3q!e^C2a=YI5;fjW6TC9 zUFsuR`|9$Ej=#E2-7?JPfOJ^`TPH-QMxQN5gf&>h!f5ctK0pL4oQc0JCI%dJ;w|`m z`Fk3eKy>}MGByK`@ZuK(!7I6gW3fa2kDyKxt58DZ zYU`U@1y@_*LO&e)K!OAC?oZT#n84OnKC^c5ttc=w{VHe!Wja@GUQF{z z@IIx;<5XU~bR>sfsW)i5)-MNRp}+2Y=;3ClTnLSo1O6&QDOed3Z4Q8gx!2A$gO4FK z=_c6Fi%IXP@tX<*-Kj;`WoKLIJKN@C?_0Cp$WbOGOf3*~^dlE^Xt0mg`eff0(Amyl zZjo?RYiejXh|6`6V-LQ4j`p#cYEF1rp^g-;u`HG1fd&}`zsubDA+-;r4 zXok?T!6`)tp0timvZ^X!!UUed*ohDz`FSo^5_lYSyW=tOr=%Vh>se@R8s{6{EoO1`xX992k;a+ehgn?#C1(R`L{E=) z|JK<7?uOxXT|*p91lABUPu4UJ2Oel`uPHij(C9;(@J4H!u-)9(=x_<8l;J_L3ASyk zuln`8Rt&v_|Cq5UPK@sLiFlrt^y4449e|spIL2>R*ll90{qea7!~R0g+BrTM@r zNpL7`#(y)#?#c(qQ`U3R{)2)yi$v)Q+_Ky>bnrIKfnNDM{B@D}>{Nc74kGx8v0U{i zgLW`PeT0X<+VNQ0zMqdQJjU*v(Ms-nzH+qF$sx!f~+o+VEoid#{XXh5H6mb~36a7$xG*dGbe z7j;bLq8{1|Ts0Atz}PUUQ^2S&KSMC2U9tJ@r_;2qdxp5wMYu!gd|*P8m%i*tZVVbs zy#XI@ecfx?lU2{?jU_YcoM=g2=4FXe*Q>64rIRceZHt}3^vk~iPn2Y>umNC90#CDG zpA~E(k95`wvCz31{Xba^196*y{5v@jLM;68D#g5!=5Khq>N#Wj)=KCo*$AIXnK=b0 zlW?>nyt>->;t7~s4Lpw7U1mGa$=v5k47XHyEALVAHuR-mX&a0u=u@A5ja)?|iR`$E z^()Y!I5R3+3ssesuEH7TOrp8n>tq;7nEUO z?uGK2pXrt#++9W7v*FcCzM}J8x#}&zM490AdgY(~9t~S;s0C>r!$n=va6E~-_-F@b z0L`G*T>*ZSJzh7rZh~JE`WCRdF}r`}1!Kw)!;#${tfh`{ezwREN?3dBzWQ}TrJr^^ zUP%4t77`s=jI?nu=P+bGQF#_c0VQlBwW`##maSY9l(iYSQYqpar~v%RSqU5757=Vd z2j{PW2INO7Dg9901}IcR+gkhpD3_Wl=7Z+h@#dqHKGh1Z???naA4UR zhVur+caEIoJck@rGV>?mO`9M2z%tp51tl>u6bPW+Fu$*TRrU|SGn^e8FprgFP2bh& z2Bzlm=4KK=*@on*oFL#v?=@A>L1(_S=AmEqyn7(Bs8{`ZrZYj#%LBD;pL)8&8@|s2 zH&k6mPX;!r#wPuY*HE|sC;GePfo*ZX;7kaO0hwaGZft#cp<^}Tf0QXBuw`Z8`mW9G zjI3-ymu``gK08Jn?Q zOB_XgaB0e_@;l;kbg_qYgla3@qq)iN&DBJ_#OE2aF6*;>I{Fl8r(e994Q-z443J~e zJnI8%)yzov-U`Y<0*H%RKCa;g(GR_fs@$n<(8Np%XBFn>uG^+Noy#)kkmip`aSJ+* zc)?1TB;C&%t?keEUP3ABJ;&v}Pps;~@Y3n(1B>P*KB+;ion0Q*X*EjWpTyhT_j##` z+*)HbP;mxA!_zP26u&)CA5x9Dk}%8NA_ox8&vrPMF}^CWwYS9#f^fZm)bxRZ%YN0< zgBHCsaU)EXE&I53bJE^!;{!w2q#0A-p=Q}QH7_|o1FO?96C^A-TFHe=HonbIsEA6y zLlL20_jPZ+V=ya%{CM=TL;IKBRLW;=VcHue5oI}qqVy=DTK8=L0-nlvF}v-T*@=Z- zxZADz&Zf~jsuVecEnu@zWAt7mWTxG&7TN*g)F`sjbD~`k_``GZ?cr2T3m$o{{cK5% zn@%qhNEz(k-@aRv=eVZYU|8VXo>XtfVj;c^rx_ms#hD4;e>^6h% zerbc-gC`F0DmTJ;QtK)y1?a+dSJu`SEU`1ZYRS-u?E?A2;6Yi?D>rIow9=!lW08LH zc)(APxsOD4o<{&H)(Bk z7L_PSR0ZqCB3`Vphn0|Xn{oi~p;E(#n(0p`I+6s%UFj=B&1$Lm9VYDG3@8sS#pWq< z#Xik0L?^sOdJrx;t3Zh2JiJ;F#aWjU@MXo%d^e!+AWvH^ouVW3;0G_^f(K51+Zd~X zegYe_JifV$xp_8jhCH8_2ZD1b5Utt8w-lyJ6CkJiS(My!Sx=cO^C87XB;24hMw17{0eJd^2pe1(GIa%he!x39Gebv>=`EWHYqey zNZ7Z)%3m_##_uCI`>N=!PtxLBA)*#6dFm!6En>Jy%I`pnrx(rm0=YtX?i{Rr^_n3} zrV#Y!VPVIYoewcRm8)P{IZP&jt`uY;MzAEV-B@xeM25DZCKB%Z^X)hh)P!3f#1P@h zOuomtJ7$219M=SwyTa8N?2TVt4r!Na9V7Kcv^wcJbL>|+Ut0H2x&e5VVhKjX#j?Ez@+72ayjYt^FKl*Mr#Vf zgojD-sC*4y;9I4fJqdHKfS+uQoA{j{gXhVX1XMmb#VjnCRSr8*vPI3D`}ATnb{3)7 zzQrrRof$2myB7GrtYUrk6e9%TKVhl%J%VOx2v*4$uUKXSnf~!f9p>K)n>8L_!V&Be zGn<{xy(<0BY#sjqPX$hjHRn}I0wSirVm8hQ`dK#{w1o@K7dDY#^j3ejn zRp4bAMI7_$w5?Un9O+NHXcNdLS7~o4tA2iZm_{VNn)LYNBNLknr7sqxCde0o{sQm5 zboRWns1vsY-6+i{az_r%mWVk_EEitc5Rd+Fcak?X)Wp4Hh9ZCDA*$s~(2J(RwG1RL z)qp;_RE`3LX!!zvQ-f+!PH>6`L31tCPBAUa5~a{^yx5{P{bs~2wspUYH$*j9W2@3a)J~Eh zxsKY40+JUdu|11#{j^Y1#ftT{suyzBMSFHR1jk!%+aI@7?Z)eV`|*A^`CasdL|6T7 zluNu!D&;QI{E)|C!tJ>5sjU5$ScXI)7q>@G6j;J$TFJGa4RlQ9Bi;KC^RBk8ksf6F zX3cc@W?ixEKq{!>n#dwiu2b>{dv%%|Uc}4^!nMspLx@K1 zPHDuCb?cVjP3{*e+|lNCux^_jE*Q=hD;Spdn#^;$Z!>U1bN_oOzZ8axXVyJcNF`VQ zoj=2`yzT=B;kAp^1ne;e;fp<=CmWFgw8z|~ReKihBx`cuq55DX$aT|CK6YIpRgs5p z72vKJNfNFXxABw=siY6N(@Q)?z$vJIhmBKK-@`zsjA@8l+P!$INn2hJXQ!S{@eXjR z)I=_?2(nT#&Ca^Lt|FLryKl>rg^2)JK&<_QHGc1W!*C0UcfSt|%BdSMSU1VISxMf_ zlyWbGC1Htd?E+DPM~xB>}HuC`ykx;{_QoPMBAwv8H5Wv3N3BN;qCa@>5hcwqT~AitCKYIy7#GcyQ}H;$?9 zLpi0ZNtX}rl{EOgF-Il8V#;I?dhK=4z@-FNSra!LwV8TV7PlWTx!ia?I>tX^bH6sz zQNv?n)4{VShr+R6uDVsA@P$;sn`L20!C6Qj32mE_pHe$f3#|*61W9^GGl^`jBb7&e=sQT=&+fL+>)->0i(Kj^T!9#8h(7NR9xd}H|AM+b!YqzNx>?Z=oA^Kjr zX2j8QPFF!&>IK2v{V~DEC7vNaj4mHzR^Ov88h)~vz_Z_1fENUi=Di=POo#r)*TlRH z!!uPbT{2b}jXgU4%G||wEU3FJ&RoZ!{zfSA&q9^pj<{kUO2R}K#XVn-7*r*%*aCkV5RO7;hkj#|_ zowcs-#!YI~p@W(}u(?8US3Zz6%Vz|Oybvwn#mr&wX)1pNtwK?EQ8Nl}wmK>o>AN+v zMN$O*cX%s$AM{E53IN;ex5c0hR0#}&{XMJ8a|u;G%X>&qxnY6*?0q!}eQZgW)V3^> zRcsu0{C&Bm4lG?ai7Sc2W5t5EKUKw}@72PR^Jy9Ep?zHxN1OT^!%H6fld{zV;rWZb zScxc3FEs18$#D)GbtGmyTNrr+(GlPH6p4Gk;?2@=Z$Omx1Pc+KF`nyqy)IWDLAu%f z$r;KlPQ3`gh_}v(Wi>h~@@u>1=+MW5fJn@YxIN`uyjY^CqfN!b*?T<)Yms+3;i!); zRbFE}HTFWo*&S!l1#1gzLyjFKBHrPT-?RYd;5Oij!rhoE1 z*ZvGNR`h{AdSM#=;h#8(I3DcKPqO~zPG`fg;qE(6Cg)oBrMgblbf@;yaZ9=?4!k&R zB6-`$xT<@8PhmqOQ2_5J%{FyB47qqSCl_|gtCaQ=ZXkttpl%?phQj5(x01I?F5kND z`?5B6Xouuh&~=Frc4C#4Au_ewK0&FeL&YTZ{uEdej>b-V$=rP0kXb~>Dk{ls;y_5G z4UvOH=^lwrx}YA2oQhf^6BiLY9T@nCHu;}g0N9Zxq}Gxb617-~u$#_5PB459w#p*3 z@-IWv+67Er2HsKnsOj+fY2UN8NMV&WtK*R;$uIVsm($YtmmP|hntBch7FpXXG&2nX zAKUJHE2wVAfo$D?JY=wSd?XfS;k8|+qwfGKxT0tNa!zMU8)o4)8&u^OUr_Q`GP1)9 z;qq0?Wi5(|OLSz>DKBPBA#QSK+}bndi&NRe6^P?P6PHnAA@;PuWoTCC8_xUVqTGW; zk-PDhx95iCXOj5l=k|q!Qj@nCU`cb!+k0 z)i&-s^nCOZ#)6QiDsj*((JV-Nt-QWk^Xcn~v704r_0ZV){3a!z^=CDQ%)~K`fplN< zquA2%v8ew#b^gv;WrQ94#c(tUWi-wK(z&weIO9lJxk6lAx@3+)uL`Jx1zu*jvX9? zTs?0o&-Xcw7V-bk_SOMW?OofjAS#F`p(u<b^eaJ7ilQjGh??=}b+FHGIc+Y{#U+=-qAw)-Dq_bfcf5R<&wv zJMVB#K62+^qcHw5g%MrzbNx-R_eZ>EAzyeW zLVie~`~Ju+Onf$?c4){7jZS4hBeCtr(U@1^TM z=T-5!>Xo)yYB}4x4doRY)lIfl%S=wjQWwQOFrJoJZb)42g|7%}4Cq(aUlDXFG+Ma? zIZf2o`V_%w7umhV)pXcWyj6~=1){%}etZRd)tn6d=eO9*v!%w6`g#%n`aH*&+v>I+ z^8Ge@Ys0x2o-b;C-4ZcgBkxy6%hhRz5)nQOWQi(S!ktm3U3`jQ3{=o5*H4~ZTg1T^ zZo$=>LkApN_;%}hi_jsaUb$wbi#(c2H(Ib3Ek4@ftlr|bh-*mKIDxX>K-pm&iaV>o zE9P?H?&~Kz=Z&T>VjL>kf}Q3)v-fUjOT*S=0tb1urW-H=1DiNhjj{GfsljwU2ZmeD zX}d7@hsD5;_`>$U*I2V(Zv%3=Cb8E?Xq`V^fMGSUrFSfFwWA%Gi=MMHO7~vj=9p=| z#)vf-OwCgK?wqh~m#8iKYJ#&ZIi51vWymXlN#vZNO*9J{SZEu#)QW|zFY*nchVo~0 zR-CW@STa6l|6(?J5BqJ@wS8Ff_H@2W$!VqYRPe%p_@n!nQ2?T`kR?N|>kk&$dCr{b z6H{o|tiFlNZn$;zRK8=3Co9ET*o=GhXhxOh88?ryZBx%^FOA(h93HU0Y>=>OV zb0obuY5h&NrO?ETX9jC`sGSPC6QA`^!J{dU419|@ghMGFM+{iEeb9svBSO$(zq4;l zDCxTM_|idw%vEYp<#{`;`$wY%0sJf^(W^#c@Y{W>Fc z1rB$^W^QFHYkX>qEHq8fy7a^R`9}Ogq09TF`KARjt~YOBpP)smEC+`6Hea44R2zUv4-}iSwgPxAU0zo_gwPRU zK^aO^P_Nolc3W-7)w&K?%euzeP{C7_65LdnK%grUAw-OV^1|8;7LX^cAu5% zziTt%!07t3vU97jW@ddf!Ygw7>z3r_$rgrz&cJMkR2oK4T@J5h^Wsi?v9|K*#92(Ex@*YV$108Ev3zeky~v#65^8m zV#NuPh7OOj*W#zp$>L_o3(Fh3v+s}3$E~fO6{!CU@(+<1(Ok-J_)dS4;R?+qZR8qH zQQYB$RZ!{nQeSDVp08D97%66rQH-HGjSy8G?D`Q8MKvX2z>(vl41xql3r`t-A9Y5j z8ZltF^$anFGHCa##6(6kn8xVGP+O!)J%;I*RH?Y_^r%()U#PZ!DB)Inft_5}bkc3G zWrN(a*y2mdXVd<5tKiB;lZ!Tt*ms5EPnKC1gQE1%J!Lc%(P!ccmyQl7zM7QYyrud0 z*N9Ps^K+EI_L}~uR#KLY1_|An)Zc8MC!aAqe*fL@Vb5=DnE3YQjS$Nom}&P~5eLTP z=esbA9u1wss;`QTA|W+g?Av+e`65t361r{U{aJU~>;P~s_l$_fm=wCXq{@~(gSZUgqe!25tE`2|dJ6`! z5_1Hj-EcXqdMD{6Aa)s3Gp|#`8OoXWaMLNU5Ul%2q&2*s~>iIGo7DD?d}z)@rm7Vtk1^bu8PHth|UuRR(iA{`zBYNH#>eO#)k6^a8bZKSQR`s0~^|R#-br)@4=WV?U(~S;U|MI^7+*qy` zbNuHX%o>+foB-zJ)JK)#p;r&FOPmcGMaY$w=hZzRhPPKu?(^xhihu*1sbK=SqJ}OlSHJySnuBUXlCSkT+2)uV`Tl% z&-S+CRf^>}-ST&>!d6z1J&a;+D7K6Y*?Zi+I0;XG_$)c8>veJ_vES?dP5C3DCvkRn zFVbBkCJsc?TC`wEqr$i{@OUCnG04DgnXRwLZhFE+l?)+z1+l)Z*w~Kw+<+u+W&S&7VDCzI2h=NY9?jV_CQ-0Y{edenp#KeH$H^y^-0aCz%iVP465MgrGRX}LA2gY47N zKx&U^TtPLWYId9~KO3IUg!&bjo3Zp~X=S`+JxcCymHa{W&*QuDTOCK;QRg|2P%snX znhcPM|D#4*nu7!Q#Y!JBN^~-}_rNg5( zW`#F{{jb#U_BJKv=oi~5&1iH67Vg*QlF+%TFXy&2yQsVl?|<^d_Ju&t<5-($ZhltG z<4&^2t@4Ku1GsQ;*o|F5+dv3%`UjSO=&>6&thW+Rf42Y8Rowq3`f=T`X!8842L4-D zO%vHDB9C^8Q@1vv8YL2euN5}5!v>TF6w)*C+ zZWYYGZRGssq#YhFp!;?0I6*^IUZ&sXarAUZb_#e;-QL`gp{Txxf3P3d$F-MI(h4h<;) zt}ClF{9DICy*4@6?=-wQ(EK%69*#5K(7(F|dM4FyPdqD%bO9DsiJ+Vnp1w;45V>KS z3f>>uCzj`UbM)fg!mZKBE`ghcrdb$il~;~=j`!#v^p_1k?iXku6?*Etbdz>vJznTw zZLq_W&LbJDcQeFoA4)k$BU;&xOAOe?pl=sZ+ek4W?qcsvTyS-p@_iM5l?n6srBYfI z)G?1!!N)peCn&;XsavqP=4@Q|<5;VH@nLb;*D!SOV%Dj~_)i=Sj>&1C!Wo%(%FvC9 z>v6h`F;KTPE0%tpv-)QQOeHtm-dQGjZ)*X;5LbFbt)hZzN|@ zH}w`gW@m?c`tEgA-Se=R-y5;nUVGctRaAd=eE#atmmu-N!IMKz`8Ew3%blapQ5w0J zqUZYr3Tbzj>MfX6h-xIeLR9{2U z+?PUhGJl!>-(@TB8em&T+bJ1{Xj=6ZE2FL?_az&wps%%~Rb}}$*tCq}tThOPM4F>_&N2UZP$I?5?WSu;p)U%Lomfv#vw_k7HUSe#r=&2`rwOoQcyb zk1MJ*tUN1L$s7CIA?3x3+bfLhgWT>q9=i*bGG~Xs77W_gI&fCIHFjrp3w>See>9QF zINo=C6g?7Oqv#ghuNxCPD8Q4pQ<68g`*5ybk$=dR#@bM;Dja8MijK~cr&|MkJ3J3)DnFUn(C-hFk%k$j+dU2<;2w&T5h&Gu$t zUb+CjR*>S!FSXJkgy=n@dlKyXEy+4D2{XnDp40GM-NBV6{}M!k9axyJd9aEjMBCTG z_Ue8m8g2B#7osxr)@o8D-?ubxZPWW<2ptZdN%%t@Ipy{gX#zKf`)&U?)_shFZMjV+ zC0oCh0U=tmk({_gBa19Q$Aa1FVOLT<=aUtLK7M08y`bmIfv%IL(S_e;w!L3(RVd3S+|k(D~sdad;=Z7H|ug`I?8xF z@9Z(ViUD-~Lfmu6bdUFyS2fe8tR(R#zXnFe+jJZ9YFb_KBFFZ|&?@u9S}>jXiZ;_cUQl7)f?TDSXa+2m>tCflAo1o=}E5 z7nxf1%ZY&k<>*f^boohO>I}%#2{3rH(df<5merQ+(Q38O3?L;n{QOAwSGV_t8W3Q) z;|kZCED$=kirIP!dZOK&3m1A(X2IgHk?n5vT{3`aC#c}RC#hN4Lcyh1yzgw)C{AX^ zRP5}=k6KL5nqWNA$CcTwkFM?fUZ`~P&5C~g{OhXCLd7Si%I6cWG}?2Yt3MLnV0D$B z{B+$;d(CPfE}P|4<4Ty3(B`L7>S@gEEACvtKsLE+#U}YXlQ+L~UK0zj~@r7QP`>@}l@^6%T;&&c~QWCm%fKGSP zMbxJyi`7=9w_?3M_rxXVRtCR66*0wmwbsQYhWxTG0b1A+58>>hGMfia?@L%euHaB& z4pa*lox3twLq@VwdPY>jvZjhY!@|sGM z3qt4nC&g3^zsrS>STS2qt*0+=0V+u@hO^7EerIuuQWoi|DZz^v*gW2gb=rNUX3?fg zZZQzi7%XWqTl&;c-???YbmVc0MgI?S$44m}v(yluvII)4%fc6(EmV0Fs>DcxC?PIe z?MHGN%yPlEE!1MLdd#V}UTeFQWzjc)WAkUN>3H+v+4fu+-l*`-{`WRKWzh>DkG)-` zRJJSDD{GHZQIwDBuXx4^cpC7U?({J^Py9~OpETepj~3Cf5wI=(qUqT4JOOXpL40&9HHi-|ou=mrmL$=yNcspP zDLHNqeBtQjaGL#|fH8Ne)AI^CH@Vm>6!lv*LizhIVmftY>i~8 zjR|v9?uB3m3lI)oC?UhR#}YV&z?Cq!SpN&x={>I;j7sW*J^0-q5{ULB>y=RjpG|Au zg1v|iuV!KP7N0#Yj6*r=9PAq}MF4xc3x2kLw-0QZE&7hbQ%4A0C0;DY|M4Rgz$_{T zZL4d@@*bb6AJ{Tgbg(Fn*K2V~0kGv@S{zDKztez$N;yOP$tTk-iviCsR~@AW<+GK3 z*A}s0m$pKSHbgGqPy$cETLu2&=E@R)i^LogKQgpWAm1M4!`vSINqg+E+`h~98(eQ$ zcZkKm_k$)Rad2aeREl8ZrQ-$NQX6^b?0aopQ&DW+5-H(_k9ItGNe#l~CkrMZ$?C*~ zV?J!bXgMcYBt;a5`N0oOzXGzi^k5?xg8r&=Z!}~}De^KM`Co92@AJGHpa7kMvH#Y& z5VK?bP`)5aDt0`7MN7jh1$1%WhGsWsT1w4l_`3_jm@!9Fg-)Dffxv+uXBVi__F)ME z2TTeKo`U{|&IJ6Lb9i@1wS$x>fj_&k;M3$lVB`N77!Gy!Q+Yx(IJ>p;d2BtvN;*kA z6uqd7Fmc1HllNbo2d>uPrG!UEN2A!7pqP^TFXV_mT;lG-%;FikGVq%EvRZ^FUoUEq z5r;w}Gqr`Fd_l+}HI$@FgAaj%CHXu^d=`0zZ@+beQm+frf=#+yhhFcC(lm$xnApF% z)&(-I!u43-zmy-|BN`8;xq*(uE&5-d z_fe7FM%KFx!k587fVwr$v@%wa?A6S)aK+cpgOqTO@0r4X1)8^P2e`$YD@|NqQVI7$ zEy@E$T3f`wf&_kA_x+Pa055PMy!tNZlK^(iV0)TeYdhAV+1_6q#&4>0Dh^~$D-A;Q zOPv`QRDfI2XmaD`2YTQ%m6^u@;E@F2)i3eb3N@1D#}2YfBIOLcel5KCEbyqFFwNh$ z2&IKj7L;f&F0Wgg+_-ryCuNQ0`~0tibH592X{T ztMe81dWZ=O3TX;!up;ddHDtOY=f)<#x9Q8QPLcne$dPU!EUY6+cDMgDYtZrk14iat z@^8HyguZH;q8G*M(1Km}cp?>Nr)|hSLo0*cI;Elb)@jU+`|bTM4oY~@O;!wj^zww= zWm3ezX@fv?jzW^hwZBvN5d=T}^d1>(_@2WqCNX=|2=wtGbUX*(0K%I{cA%yB$^ORs;tu z-TdQxM}^L0>>tf+AKge)K#f<596nblM3l<{7YT3m&9h01gTd?Px{Gf}H``S92XMvf zgjjw_dtO~>Gu-?YHkJ#)<{7OP?COt-B`GlMNG1O7+&~LcZ{F{rb_@Dl)n^ zRli=tSo8F>M-f$g!^Pdoc-qe=m1!)n7IxoV81_#=#{{+Aq){+)Z4Szq(CHsKI>u(7R{De3)yiuH z2MWuq&-yu;chAV&IcsP688n|Bq+x@Q0UTQNGkd>=b_1x15I&}c(f>&OH*7Xt0r57` zYE;R9SLO>1-IQugK=EC+68$H9lY>8m8iq`qRRVDzE^ceJoBQ}P0J`SRH&OqwsLjNsd@PRNQYx!Ur1<;xpxBg+ zgn);nJ?u5aFp9d~Y2MY2Dy%{1T-D6d@Am{_mfn|+j;n8{5=u6R zqR2U!qdG`@sRidrdY_Wr`7HiLB~_oQ;uF;|oe>>DQ_hSc`a5fA8hgKB-G2Y)UqBzI zP<4Vq94a}WHU5_0>Wu&=a=k!wG7kBlN{&wDT&P=ppIF9^Zo31R1^v;N4J0C~vO}nL zqU=qU92GE@M;5ebk4O%=kN+&F>>2Ei)}fQ=y5d4DFesaT9$Y%)1dex6c?J{)$x~ea zm2hBEzb8l$1@F=2tkGo7Rj)r@27t%4K8MZqTN{>5(XadtRAH#DA&cU;o)$Csz-4yj zX5ihQ97YhlRiGYZdsS-V5|Shi)Fh_JM<6bPPQ6$nzdU`nT>&p7>LRxS{xOE|P;?oh z98qo3-LnXw0GLO%!Qio93fOMsM(D=5&2e{20Pdlv(q1DSh^|q>bh)yEiU?9tcu%W- z*3{EBDh-ybRexRd*xxw`*vzvVz*|q-y1qp~qgo)=_lfP)Gp_y<3?3r7N(z$l11rn4 zUbZe4{bak=!L0=WRR6mDa@iKs2Hk?obI~p;;i>LHPN45NFey+c^0a;)CZ+ zKLT9C_ts*S1rGxvlKt2#|Cs+oq*)0N!8rX~5MfBJ`c^$t+?MkZ?XgQ2J+X+C_cd}o zbgs8qFiIN8%^g5w%BPqyTkR}c98sXlVrhPxaS%|`8Nk)%uUQTI60XKykG=Hw)nsK! z2D|cmLi?;L)*LT{$bR}}a1-z=GG-{$nBRx#Dcz*bvBufm9PVJ(XSc4r*QTEMqz^kd z!HGjvycBl&4p`0?DtMUso{J+rLUd%w^5Ma#4Gac%bSEqE9nXH>XGQk=z|E<1l+2Aw z<|p2U3;6~=F%>e4DqB5A%1A29WCc0eOv%1)RgNqj7`k)b8YI7v*YL9sD_I_+Uwhrh zAKco*Kx6E2ePhNJePdSmL=6?ZsEQSnl(?7wRRm{O(A+t3;9^Xabb#BwzbX9U`o4Cp zPF-_=f1cAwAIV!+T5KGgh=o4&0=Nwm=r(Zd_5*W)=-9Co0r#V=9rgiSK9%yLU+H{A zi$$u8owL`0me*^6DuD{XGb(s9=5kvE5}bSdeIn&Sc*|!4+IdGwj*S+c+UIb)Vox0K z1PSDc_=>UT3YVh4YF!R@`0(T~>H;wr6Xc2`-+Qgd<$@Bd>kvB0Og0raTlBk$t$sOy z6O+gyMRpXG$JVLfpU!EolN^X`pDA!pNKd&^J0x134yj z=&WzY-+%E30o)##2mR>(_W<+0LHwfy8+YNbM>q=pu(f$X4%si9ijp*jfIf@Isr@Sj z&aQMUx~-oXlOtF#JwgM@m?5a+6IHLJnkTM-s^)`80`J^i9Y~+2SE&7*}HU;E_jan5suNumbh?df?g*s3*SO+d0xXR2Wb z186%Z^X86&r%R^+D3_99IblFRIpKF$k-u}x`ysI^wY`+5a{D1QCG{u}jpUvt3!*xU z=-k3w2DHn3c(bS*;>c2A7+%BW zksdM-?>n^)`M+tlY!d?!(4%T^&5uwx=-IN<^SH->MG4a9kP{z}3Kc-;yv$+)u5pV7 zE-eGqj>kYOC=F}~g5ctPNy){(mLY;5|3I z6-Qv##Ym)>G6A|tKn5j!;zH8PgmI&nFairK^JIfKI$_J*Dzfk`?(f3g5inX$aVE^x z%j=_1(i^mZZAZ+N3Gx(R=c&NN1BW?8tOUx92uqiNV=umUD$lX#v0b;lSBhf$iz3tct{}@ru$weh2PA;+rvj(?!}(3tkG)ekYTSv)TZx zkP)U6iAV5WSnK%w2?Q-dG&wd9-Tp*I|JDw;T+uo3O=%%0rn|uWM29WK4_uA(oGQrJ z4^6gZ_IOK+sH(>u@OmUEv1comos}afXnC$QdN#{S)mQ}x#56Akcv-UX*mn6@&@e5I z7iT9b2>yLDxHK;TvM!MI=M%f^jJLG^O8t4OjE(UD=wdx}|u_we)el`a+EC6eC55!TVLL3SMK)^{s3GxbH?^T!dYMFFB~mGkAtsYCV$LBBxc&C)Q9 z$a4~U!>Q>Ok^@zp3sAgSzVv^+VwN1zezdaE1&q`m!g_44dJU6Y_mB!ZzmS)L2}73t zM87L9u9dyhwVZZodI^>FGzJ?tiVHEcvi4zE0~+TXBiKV zP#0@^)`Z{TJHx!=y9G|uDC*FcykKq>^xdS5G(fgJGbyMpOMlDDU6Gi%=Tjf7h> zhyehsVr|-SfNTKf{7YI5^(WQI~I)j93mOU@A0Ibyjlm)5}F8`fOvb%e!Wo~I&dGD$iA1JI1vl7I`0wP zFeUMi<2C?(vn{W#9G4M^o^2^U6ew={p8Sm{KCPPcfWg}WOp?P0-J*s;>CM0M!{-?# zsTLAIYM_1h6=uT-dpcF5{RJZ)(z4h7-a#UeWFY^E(z@CXFx}>ywG1kF`N=dy$aQ4- zHP9&<&E$GD19wIUN}WjaPWCnURT$)Tv>}OW_go1v;Uco7JqN0rb}7S}bsQxS;(_MbZ{}W0QTPdu7cnz=8fe-9CRKFe}Zre(Z z(0Ns7S$-0DL(*G;hV%~ex14k21Lj@QKBdZQ60b5D^Ks=ngLno|Epan-0B|;B~&3B2RQ?_953KIilPYsRp zgz8BzWB2&nB|zMAUo>X}Dx8|mpDL&|5s~~Y?-jLl^lI1DnK?GTcS{D8aE8o`d*D$U zjDZ{|lCnaj&+dYtgzmkI4V*rQbg5r`-Mx1o^AZ*2_IEHNq1_uUQnQXq0t9tLC(a+> z>LlQKpp;QCB)9p_H%oEi=_$z*d6?_LpbubRc}E|u0GTDKD%XS0ni4**pq`7cO%T*V z9?t{P*_6u{d<%K;@PP=*uq+rGR86)x;3M->MC8!098wTXj{Th&M5I-$-*PaF&%|wK*r^@9REIDXG2cCj z4+{m6-4qsp%1SBz|DoJ>lm6n%v#uDq89&r(o_-O}7YNGOZ(zrnv%;Tr2s0IHY`5ou z3b;f4({NJYA=k4Ju@8wm^R|FR2*>VHQVN11T$c$jJ4762T%j+_{6EwB%dFoj({r$H z@}>@BQvn|)@9rn#ArfC8>cOsPDV>NTtTVrvI0>3C=JnVtwEA37K%ThMDuF2;h`xH+h25!)P6ng>eNJB?Un@va5ctoVT0=5PE8Tsp7 z`^CoRCOB_^Z>-$meT~vPsQKofD+26Sq67!N4)&TkKpP|e@i=iTRQ#A|G9bcH0h+`H zZ;`Hq>Ac2K_wyRKj2E9=YtIQqUk0&MkDslF{Mh9BcK(yd7@99Ene2!MwNPhU+5a70skn9X> z0{xHuG!7-KS>`Lt4yDX{@FWSSk741o!bjvlu_Fx*r8)zJ-DS`q)4jX$0;&loL};=T zWc7}epJwf}v&Xi(-WJX-wn&Cl;w#&D?C~iBn51EA@d+(}rzM}FE9Xf5aszlnGV#6s z&7p9{+fF{uYSc5WAK1TX>)V+rC9CY|y>M8q%}GirW*+dntZpM~2&7qy1l4g301?i` zy1W7|8d=g9S^&%_kOh;&hsH)QVWLPVf8Jn1`6lhfvOggK^S^h``}aLR4DQ8MEp+|X zK3dJpnMohWgb}i5+LI5tF@t2;nu!&w=Pu5)88Tb|DVotj9}PftOR3lVMa~-N`?!)G z&mBSNM2Npu4FU1dN`#0LV*zhgf@__g zYCL&{WyBML1hC>UP!>2_X^OZ1TIUU&0|cB>z^7zp=T;DUrcK{<#jcl;(3(wyW_2sz zdbLfIfq`%IUo&Yg+ zoAvMhq6)O3&&6jsL#C3IK_Ca6AP?yc1;-TemkTo%uGSQ0!NeD?>+amyF8Y5S?yn|ErZ00KA+-JOo0$hL1@etgTQ+a0#Brw;_F!)>dhPY ztPd4wVY-gPa1(9urfk7fPO#6FKM24ERW2c16L$w8{Nluj{&xQ%;ssI=eH*M8(Qt>0 z*k{qMgWc2NN|%b}2O`8_Ck&MYlOb+^W@VTMT74!ETUi3p7CxFF=8En!V`gH?QTr^Ip^t&d{9PR!c+HVf93s<&m({)ZOtkADTG@Ya5wpI zKzKhy94xB`RnfOQPR>f#tU%kn4l&fo!+*G?KDcf>$-kL+ejF#~A?)xNKPl?aHZRI!4q zG9uz68*AsXL`aU~w+Gk%uTN<^E%@Qf{fn5^Q#jP?>83V(bz|}Ym!vs&I_?fZ^3jiC z{6{}4=z}W27fRvk`LJ5m7GDDf|L-o@qJLAE>+-x(xd4{`h)A@McRgMak?jT0!g2K) zst13>}XM(0zM-C(6J|9FqadLoqVijCmd94Ad zLHm_H9QaN0twQEG!YT*MJVWrH&=ChDt(ABh_=tDkk0`R49fu56L((t!M*O70^+Wdr zB?l1Qmw`$yPXh;?8GlN+_=k;w_wu8pbWCi(&$N0i*huQodt-nvz!;xcX`b={w=w-v z&x7-HUx9GOk^L~x1m6pZ-JFC)H`getGSGqip{mM~K57Cenzf#Mc)!&y*-8)^6Cp08 zV(|FH3E{d>3ZFapnQB23`%_`k5VBJ@4|U2TDGss7p94WXaQrH8{wvwXV&US+U%!;1 zr+~q4hB(A8^*j@Yd7aQBB3ve&8l>m)pKSq+$D*YNYfmmo=`zZOF-I0m_#20ZHR}wlRt2-kD`iWg6v5J zAU?JTIphxt6{uqL`NvSS$}(Ym4NeS&*{dG6dHoV@MyPq-gdLTS7nKN1x-H?pI>p}t z2IWPcrwCE02j__Ghh2Ap%o}Ln7oUqy(32ZVCIYjiv+^l27o$SWg&?xX@lIl<{un!^ zz?GFxiQy`Ik)?eFfDe`|k-Nx!tCZHDBIm#O5f2mpkOLvZzo zo+>_*V)MIilj6}mtl1OxeVg*$9g%HN6x}m=U_Sf+tZ0TB z-m@WnFe@lQ`OibQFe&1$w4=m`vwd^NH8iUWMiq3IQ72Cw5rK#ZKCPN8Ksa+;H;t$# z^t#tIOH~gLnMslYU?4Ub=mtC|*;XA?QcM?rz235*gjNGi;H*%@h=EY?PV-5P)*h7%77Xxe2aT@%nQ=VAJ9<^#dM^6`eTM z{V~)^uAt73b%y&@UUMki^+MPavCoH z?^I+H`;vn=v^)WZ)?>_szW0hm8|pw=|4#Fh6=S6f=lsy7KY1$6z{x5dlZMnQq4t0( z?FTW{t)lY?oyLUMxMdJ`?cwPlIt&!3;C>k1wh&0qonyXB#KihC`Z~+(syyQ!t&-aJ$^D)l}`*N}tZ<^LzaqbzoKA^t!%V2kAwh_0{i( z6+KuDm(Ugp))a$bJJuU~&@cgb#=hgC*fNiduYO6GF!T$Op?EDkh z#Sd(C+7ZpqNh;h+S&1DR4N(p?@Z!Sn`4MFVA%z%r4a zJ@tiJGsYw3YzhG)`w`p$$T+*yzlq?f8%(B1?Ox_nBpGZErv2aay+&6T?lQnrOkeYC z%sXjT&A9mSxq5O^WmAxFiwGqLr-Z@ zaZVB<1D?Uw`j^}q1sNqTpQ5>WbLCJNKOum8NI?K8ktXL~*`GFQ1%Dv>L)FfbEVp8} z8PnJfyPccL5Yu4(meN#~zm~Dw(-SSwW%UkFgjWN1b@$wA-huIqV*jS=qr8<_O7?*S z7l^P%T?n~cbP6G=@zDZ6+_>xqsQzVu!7H40tQDFTtW%bFp9Zg_OAi1<TC;6a2x5E#kibGFww=U>6;MBQf~g? z%5Ndels5ll1%^>9K*ltffR&iG=pXj&qLt?aIaM?~>>%15hIRnIqGW=vUB{*3CY5dDDW^io{xd|R5Xzmi?!@>w8HUoT_L-Go*rUJgKu>aU+kd&m! zAcVg>qZw?h}&TMyQe1N^e>nz9X{-}C$p2I`m=)6yYAC4MSdDoZF(-s`}R<)>b{!5%mbq0ZhDB?qd#3~r9ip8wZ} zh1Pp-^6|?#u|(=qIiOpiKNt4{x)Dx0mjY1T2Ymg+J8h%>On!rXpb~Jd0yY%mkTv#& zw!LLPB>jNP=+8gZsBplKxHweWh4!6B4@HakBYOV&L3^|(h?Z~=ErIAjG<`!HuLNM6 zU|XWaZnzIf_WoD;VIWvsADLr;8T~=9#I2h5UV?%}CH}Pr6fE7R+iZYD%%PY}Xn4HC z!RcH>lk{x~QwP+rRpow8L$iZ6xshRs&Jj`AvrEa@^l;GNffsWOS0<-Cf!0Kt$r-mE zK_j6sSbY@Wf1-(qkM7z4URS|qV$22{0I82_@%HwD5P#>DNg5EK*MiRQ5Qa^{;J%XR z9;Ue25*%-ywKr!8`|X?LC)f|~>uT4)ZYJ!w&QXd;0%Q?!oRt3~w%)~C zGtgIdy#jm5A3G<#-|t<*oQ039hSY%eCND_Xlpf*(%H}&!HJm_#QVMW&-{1G-1`Mox z3Tz3a{HxeW?SWWx-$LW1qZmxbgXMZQ^+%*u>k+SdVG}ti> ztJmr+z?0O#Mj$XM)+&ZCnRk7mR3?YI80(Kp z5bw>-?s==mf8X7GIZp64SYsSG4wl{9RJwZSLBvJTL82xGh?@Pg!oJ3G^Qco^0%BK| z;-r)BW>bP^sP-#WLW%b4^Q5w}y5N?hFZg)c{`;j`1cYrVb4AiTrr_n2GCAbVS zLz-ynk99wBTh%NqJON6GXYDUu?`O3pu)aYSSSzceG~)RHrfmJedkkFjy8}R71`moubz8&3L#sPR(lq%dcy!rxOhK+& zH(~mO&v~Mg70O4!yFj>z);3zX-~%1r3`mcW%(IB~Uh<+nnTbBMO$vXA8|6=Rf)>_e zeQke4bcp0Ub$Y`$%G2Ft0B=)FVai0jF_K<~DCyolg0MRDl;|OREHF_4vlU$em70Y? zUm+6w#V@N}FNYdWWD1|J+RoIzX^2+w_A9bz^VgPR3L=T=E7-k-L(%vQgo!7gvFdM( zy&NK*+;T#BG>K5OOm|CJ_k**S^roq@fr4IyDU>I_i;Z)41JRO-A>|y(JZ>+WO{O zJ2xzN0miec!vO)Z`#XN^PYG8)MDmsc_yrIwMiCzX-M1D+Fq>l#iw4Y)7}re3kP(tz$kjwCJ}7ds*sbOc&f0+mBc;@^?bn7fN6M=*-|kp5H@(p@U}=|TqGa%S z$}H+NVCFNRiR6Qb=JyKh6z;t`=o5R008U0++Mn-aQKdITmIanvXe2@Q^`M=r^0kNh zhm()>2ao)q^4v(5_Y#|P`Ettk*ElR)}qL^8QC1|?g#>)9?n!=b-s0b0^*=OH_FB9TW1 z0C54C{H6e(-RA*;Ad~{Z&Vqsx&>y`llGU3O0?}lo#A+W>A)Ywz*Lsu?&}Z-g4OD!V z6s!WiAtEB){S!)SX>UUB(u2HG4-wz?m%T*NF(Nq&cX3EwlaFXH*`M^Y%TMjU_sZKF z2K+PpA*1Ldq-)MLapsAzV2&zAA=Eh_<}oggeuxh?WiY|h=b;6=J?$zw)RX`iy=8?$ zKSJe|84O(Me=omwzX2k6`B|7I<)u{FazpqCF|Iu=^s5tFiw8x?P zLPe-Ac===RgcZpr(g!7$1}#_t5?@xz@gnrFD9p&{T)PC}+9{Jq{(4I1r;_)Uub9KC zDnFDo!NEz5R!+tfqYkN1Stv`?I$t}#e5S& zYMjL-dC2lW4vFK5!k!t43;iH3otU&t)Ed_I1wutV3!Oa+@XdC; zf$0QLInD1}ekQ9=e7Y|~<>Yajj}NTkR%yQ7<@qgW^_-G4+I!RxUTrVhHFe2NgwV$8 zbRPZdG1Ddi;C<+EJ!_J@mFqNAGds}FyFhL7iv{J<{Rfc!!Bx(1fyHB?I9Ex44zuUZ zP%z)bi#txvwPd_(WILkwPHzvU$_(ju8t|{&b!NOCxQRmvXxH@u=nB z;L$~0TgMA`c))rCub$@6lDul1?n3g&9YYbf-OM&SdZXlRs!?7spsAl03YXmNI!2TN zNeUmh_)!GWq!-fCgZXfFkDZ6Vq%dRXVUI;GF!_js$D}E0-zI;WKXY~pxgL_qKwwf~ z5Wbt=!P1aquzy>_yF*m7OGkBo%5&&nF`cL}{?0RIOo3oX+F!JIWm5Oat$Cd1@{ezG z26-#*7|u-GIE*KPfoGrWFEKy_Ku`hnzVTQ&h+^I*hVX$8Q^1fns{C*}Z#3%jbY&G+ zUUk@|c`&W@_Tv)*7)2m0I(3(Q;RPz+_Zy>-E5ve${tj8NN_Q5FyrXU<@ zq_R~)BI2hrRw+^tZ7Acq%S0v|mk&XD0=@Y zuW8dpC1*rNzj`1<)&O(kK-_yp`9KZa2S5w(ZnrN~51v2{jJmGEL=fqyg~I9S5)Jc&{`-c@bchEJ7&ZB}ke~vMV^d z%g99b-;guBLb1#w87$u>@Xp}o?$Qd{S1|qvcBIdstAS2l<|MJFgN-rRpPv`2lc;8r z_sBHrj_Gxb9c#mimwHPuM?QrBD~gd~f9;0@B7hly0A8zrRe-ngG!tXoOxqkK@h$2HKrpZDR-&VtC;)3E_^IQOe~CviBJB-uopAm81)nClp!DN*I%pYjU;&jzu1+%QpiBT z=4r3cdutDpSHsWNnKWj~0BmuPsHjEwR3yx0eRaY)^orNsi!UojUm#`k$7AOuI0K=K z15U5c14x=x7pjf5{Z=m_V=NS?2$v;)CvB zhWs9l)ealY1Fgb!R!q%3fKdUo_RN57rOd+A;`w7MM}Ny&O!pd54j4JR>f878pYdD9 zo;7X1A;b5+T>nXth-E*2O2JX^J{0mF=$^)|^1}T57u}-R5*wNRZ+;Qdv2AT_Mnh|l zUE*VPjNVkd8vLyG$+Ty6b1p={asVkX-dR1W9FHkfj#!vg-f$g=GnsXbH$G}FFh9sQ zdEZke%o8bQI%A6D*UHt1f7P(7)3E*hx_+sJN&t9M@j&$2fH5b!*k{O|k3q`qr?9r! zmS|(2|d z?=8>nnkp*1L*C|zPEAg-6<&_~?$p+PUAy)1eAvVH*}4%t_r>NDj}-(*c6WD|-WyFh zzV&;uRFbar(@A#chP{uRw;wKPFL&5F>KNaM$E1u0HlB*Vw>`(jQ%qSmEatd-!wK6j z)-iHQ9aTfyFIzNOht`Z5al_tPwp9t2Kj>e@4$z-Z za4JK3O|22lZC;t#Xh*93}SZm;>Gf|w&85KDd*Q!;)~J?y^N%>Hcj(f6QWmg)J2 zG8Z!iYFIwM>dAq%`#m%<6}j!Txs4DS>rOl}&(Gi-zGEH1d}f=Q&TXos`S@Vn@^CZV z$IE-w3lmb7bFpG~jISdOi(r}`jzm^>U(TEKk2i@mzagbd%eU3P7CGclo^AAWSKp`j z-5LwG%gxHujXN{2MA}YX*5%5>>wMMKpTYB+4o5F6Px@J|!%btl;=sx_SuWEU&W%?J zp%b<=H6qr*0V`UxsS=Dg;u~A6dzA&&BX~kDyMaBj0bhUdSr+U21>hMK{j0bZ?r2EV zPWpB8W=McAIx7vdM9`Kk)GY)%LI5V7(S+oP`>wJm9@GO5Ya8SmWq;*?A(`{>hc z4;3kq36IL%T-*gD$BOgXr}01GMO7wgU_S&v@gqBCf zUd8>0vz>Jrd_Q=GyyH`<$4wo>aKfnhghLQY! zTK|I`2RA3?g2yj8rx^q*gMh{e>D6ziwmTwLCgNAYs$=Mj0Dg$iG*QBhIZk#*Lr)TJ z3Yz)1b4HRNbc$YDm9AtAg2g-GyCEUYDmfZ*eC;3a*-KJ=yQ`La|FsV3lp@m}RNnh} z+;UJlpZ(YcmgJCY*TSU#3T%khQ1A`rgvp-6*~Pt}zMmouC}B+8UjJ6gdQdHc>n^m? zZq1Z#>oL|2&w0O;8&OK(Q?sriv8Vy4y|E8U}>%6&b} z=$G2@g4h3tueS_~vWwb=1yMm%8bqX1Qb0PTr9rxt7^S<1R7yg+K|n$phE5e}WM~*# zQo3`9Z;yIE@B8EVUJrigfj_S6T6Lc1T6=B$7si?Abt6@8U)Jn=Sq+btrO1p!UUcEz z=~-i>NJhe99OM0xIkvaB-gupLzL1rNQ_LuITy6(b<{oF7F4wQ-6M5&^wrKLrpL?wM z9F*Lfw$bUv_1bDtu=wd(JK2ABp-{g+xwrp27EXL9bm|8+8%fUPD$hK+H8>uMdp;cS z-f@UDhkK#O^Ga|NUOB}sM67tdz{0)skyfSq()x$-NuraoSm~#Tp6Y1Ev?r~XHFO6~ z^m^Jc4S^HJs;2zE2uBQzI-W50msWUcC!dc%V~pX&&wK>l8Xke~h);UX4?vBT8aNLg z!&Ws24kLo|Uau>#P`muBPBc}N)xKm;#^9A)x53}G@=vO%en2%cqft6SII~xPI2Web zpP(`O5vUo5KX7Eyt-y*0X;#g_`A_w-1+>^+@xiWLAIXF(#~)3G=t! z+(U=HH7=LQ!^)8L%m(c-J=3Gg%uL5IF>ERLurj|yq~Kwh`BYTHJXig}tgN+|?`bKS z8BB?nb;@lc{mOu6c|*Gx?N3;Vmw)K;%z<2(S-&^l&3&HDvUJ=? zS!EN(zwwUBrU?a|0I~M$rZ}eqXBe!r+u9bMQRC+GZ>(;lR=R@@>YL{&0V%|3gRUw7>Mp1l5u-69m=+4t+g>lrk)Bz_a{?~6gzsiN(o(*PWwB~M;m|YYc+<6gO zp-BJ96uP)!*Ah$aIweL@NnSgrH>PW)1ioFclbF!rQjXaYbz5)H(UojQ9Jj1t9MXID z!BkIOk>0hzG^er8)=>RRf6OA=*P69mlOnEsbuC8=vB{~HF!)4KN4E>#Of>Q!7H67f z<3z8_Ql8nvbuKV620$dL@#D2%+eD*{_*r#*m#27V^EoQ!@K?da&zjfPKS=Mn>=zuR zdAb_bTUeS!;byprKcV74}jm73fgJbL$4S_fe&K`Kt)FZDzk6 z7|7N-d`JS;XMp5A`+fv99APMjP`!uYOad8=fC+l16M#NZOzM-DCC|-$F{L{2H zkLQ`5%+YmYRkER-LdjeEwedvFw$#>|x1c%iw^cGXgyU)RJZjavY*c60qY~@4d-+m4 z(?YSfj;;J+kUaupuS4!Ot_)m&+HgsNt=<^6k}HWT&yZPG+^x2i-g`WA=Klp>q3H z3hkz>wr@U0iKWw0dY^{&U2Q77ePbQRqqW1FdNM0@ZiDFLWjHfsa;VF#r$5Ls5*d#t z($+E3)6+9^yi_3la++$_nke>wlr>$jB<-ymTr#Q~iX)OiwlLYd@!2Yoy|RysrkQW1 zsyPVy-z)%Ar_r+9v2L{j5Tfy(6_zTPTbXtidp zVdFB__2uaJoV?RZr%-Xp#aUZ=pRl$;`N@snD62dI!$h>o_ z_DhdsM9I5>#JpB^N?$?!meX~svtONO*{>@+$Jr}aQi^&%ZPiA{YwHcVlImtC3)~`y zTM8sx3WJXSS*2}l^>Y09Y@c`W@%a!8M++K7m=hSqFTl5)dGeSBM{MkTt6}tqu2>qk zgXP<3x7kba1orBL@?W<_awU<+$=6o^GB2f{h{n{;dKj-s%xk z+UOej^vp1GhE9x4hiRwjB+L7BkM-@v7N4%u(dcKm1=)+Tqp_dQ>?|!~+V4jsU)xT( zA_}cEte2?wh-Rx#nTA{bnI+t>m z(R8>@#^u#dQaN~A#Qewew#S?w3h_W=7o0IK3^&c_0-RAMC?!-KGE>|)pj0~rc0M`qmQ#6G3O#qLZIN07HYnfDmM1Gcdh6AgP`%GJ^pIU`0jynI z(xQJJ)w~~6>BNM#U;HvMT5N0Yj{cd}i`wQ|1kbqfixGJvkrG!$Pud%7X%nMfxAhcS-T zO^kMrJX&-(bUADtGTffor3K>PD~e*MRq8y`-x~bZ}*lZ?1;SjI!x2F~X<6 zUpg+kEOOh_Y}W!Nut;Qnk|lLX(9d7C8PQs}I2cSx*ZJ7TUe}*j3Ua#VV& zo3G|by7~iaSk@X>%O$0;q7j|SGMbfhfEe~wBdksgmtq=Vxp{dE#pQ|N`qvB20*4dB zPGUIv&yWtY-e;ZlB*fG9`fp+Kw_ElX4$SJ8CyAf25JTXiM>_SF8NqjdSdLP!Eo@#! z2|s~EHgq{O^@hgEKWMo~NqroZV{4%$fT$m4P8Kz4M|@gXbN@vX!=YG6mJ|P}`Dedx z|NSi6ha#(0W34P7f|2t|)1ub4NYUJyrDo;~{h5nK=}aZ*nW_>B`q`q3O4G9a!}C2ifx8~HE@Lr` zwoMY1wcRUjJ@A`HzBt6JI!u6a>piud@XZvMlv1MwTU;;~iW4`pRQ_kGh5$X@R>rCF z{nH=1jbtNf)8YEt9sG<)%*u$F^CtzjUL;j0G5}?udl0gNS~w*QR!;fGR=UnSNVu?< zOhffM{=@kHNta+yq=x@a!NGwR=zgKh++JDK@Kg1L+PcTV)(IDv;jtRm%*IhvJdx`E zz`wN^+=T{fKG>F$oG2)BO zOYO|~8XN3o6`{B4SdcrE|7UzWy+}%^o;~;83Y0gRNYFLTe6kA9#dJ%a zrBrpV17WKCB_7-dmG(B)SE#sQrf#^0#XQ0O`yee>ZMtB+!!cmXY#+;EUK2j4K9vYS z!1?BU7~zUOS$@Gip%99CNfb@9?S+r3#L_A=^%>J^9nWM(71w)etMLUD>MM@2Wu8Sf zcpMwAW+tBv+O@Jp=covDax#uGcDXln7lCVdN=P!}S}9!$n|AlDl3&FwiEbh8>1Z0wp^>key)RN90gk% zErF+tXQ7pwmA%By*p5(36MAX8=9fhu)5MZ{2H`Df`dS5SjQv-O*X(h37)3S9ZCz6L ziJ`pROT&lbbIkRex-VvN=3FGZ=Yr2XRM~yO5#%P_!5T0>nZO6`Qvsz6y-P9L6Qq=H z!4DmH-SfgR{aHb?tm_u$Z!lOx?4SkjQyMFD5z^V01V`v_M9%*k;+}tZ<@npX9PlJ|ech_5ymd5#Bi7?*c-#%mvsLi^ zwT8r=EKD`OPGB5=QsEe7=+;vuuvzE3L?_kQ(*8Ol#w0#X`=Y?*9=WTIe_!&POgCi8 zZc5Cl(QHSF_n!1;a;NT5uB(2e<1jOpPWRVW!hExywFb^-)%98NxFEGUV3 zrx=8pToMg5%iq1gnPV66a)w_P$MAarRjYd?)rQ8Zq&mpi$lQEwAPbr|=fXGl#I&r5 znlC7Z<=~da(esLdf{sTXUAqC*!rUH(kD-n>+mNU^J|kX(R><>I%Z1|e3za*MjqF+W zY#TS3NHTpBoHr+^`4W2Y=r@@Kgpnf|K1~;wWys|#@BXvIE)g8j1mwZ3)eQDFYg<*H zjr0?90Qn1(PLu_{xIXU~R%$_n!f=GoKc_j^ZV2)I%45m(otv9_km@@Oi&4!NI|(UB z%5Yvet3L)V^D(VA6b9v;VWQn*Nq&Z$z#2Pi<^O0yvUEO@1h)Lj*B_PMaom^yB8TIw zE@SUXGhhFUMoJ%Hg-D^TY5e+eW@~iA|?&qHz-M^wY!csHK)MqtNu#>y0pj zsn=f)z~0_?-|N+t>DBgZ)2nRJbF-RF-!4x2+Tuwz1FSs#qZxw{n<)L0IfKbst5qS9 zeR>m~372aM+Qxg6vnO@!H!pSGk0yL7|+{c<9Qu2+Rz!9vbL9CY7F zH#8Av)&q(-z1-N}Fq@!ZUPf>HJ8bX$;wQX4Sviv<=XrWY?{f zI=?^3a?)aM7sGxf)S(R4Uc%D(8&_?GdUH+tE1I7mdp2yNS<1+a_jcl_#!pZJe7__P zE2hHUoD%}aSGP(o=xTX4U{^@OAMEh7!8#&e{UYZw zLEy0QKCiwjMZQOXDUNJFFf9@|UH@Ay^MuYs`@*q7=?6kxJp`r<3wFh|NA=fE`hKJN z(*aVC+IT{--f}w~6sby?v?GO&SN|0$4O($%)+1`sU_Wq*zUC=Cu!Q`xl z+FP52#y*Q;7i*sarf4XWpO((w)`8z7acKg0VkyO;cG;)UHbpbrq+T}ERr1Q)-qt2r zKPc0KijinC6egdd$##RoQ6h>PO~ zkoh7(ara+VU>dOkl_14y{>nGz04|XGdP4S}SY6MnBIcZWsAo4boeA6^2S-d!S;Y2p zszz8Y+y64-NsC&mwQ;S}_l2YJh?h5$x<6q-B8_Kj>s6~7K4^o3Yg}&m&jStxP;8>o zO62F^Z!vRBV2RlO9{H-7UG0+Pa0_<;M!wuN_D?d?=e zi3T`+R}9BmT@WsEm2};kd$DXg;!>&1xY3*VaWrYC_1rq>Wqp2qy>89pI>ZJP4M@bF6Z1?|^DDJq(k~bqVqC29biUhO<(N$`dDQTV z1RVM#KyN_Fa*1*k%9yC3Z0WS+^j#J4#6bFMA)@DL_XB85|LY^Fh5}@{qQQQT7wlWRr(x@ z%x2d)Y4*n5YlAx#Sruxcr@JpbOjjEB&r`t?@~Sm~CnfGr>5W7^Pa=i@fhb*l(n4N4 zSyEEUcxrryo`&U&18F9`D8DGez5G6HsbF%(`KY~e@mL?yK==Xnk2rx_CJEe=d#B2+7x@5(0f+CHI#zOCA<;aE!|6n>?E zsUo6_<}{l=?-XkEW`?x&qDJz|Dr^6PN1SL1iO{TL&R0v~(+)@*Bc!m)3OLRse|_lVq`<9>A?Kjfaj4*wjkZgGdxPx8vH+w!tp9$^~GrTh@qi%Vp@ zJaJFPO_>E)yj2{-zUNdBhe4%R>ACAoAk4D=U{4bujf(e`@~Em4em$+#@n9o(m2B+( zGwa0jm_dim{?>AfONKtiFP2ef2xwgO2W6Atfdi6%slkOgGjRzb`NMt-6nkUG|q9kN3+jpms1OhOqZ0=HHO}% z?GG{)fwsT(or&dVaS=Rv96oBrSD0z2FQev}TvJ;7j`Uk_b}0unFw2HGZF? zd18Y0wr{&G+d^z6PkWE1w&|X%d}7bO`OUK-e?o}Em{H+W=zo7QFn7KEy#g^VXvH1I`0~lx%8;c$9)aI6 zqs(!7HctNL*s;OnVc-7!-v}%lW6y6k!%ueL-{MYI3&&UB?qozg@viPm?lUQ)Pt7l$ zCLWWp8%dlo!wbPC#nM}zF19!jyrU^NNtXCk)3bZRebl3}@HLCJ05RaitK{2> z%c+C$>PZD_zt8z7-*29$moLgqgN~mM}?53^ROkY`@!Mb=K#-kC0#9q4{yWKeH;QsHkCtr0uutM(C!I za~3etNtWg>fN_3J?|#zgsaj9GOHb#+dZ}YEWLi67h-kyTFKG+5c+Jd@-9!kvq|b+Y z5<-sZ*~6JJ&u17FgR6?lV)-Y1*vQIzwT1+I36hDk=Yk4HcRShI`A`=I7{FcmoUf=31j)!?Y|% zzsY^!<>w8AjL_lIqgU9s{JL=8F;Sf{uA^!(;)UA`Q`TIC5pOjXjW0Q@#b>w^Mx?f8 zxA56Y`9AX~jhs3@UKk6M{xJU`%3`r%{k|sW;M8K9^u(nLQn`BWWR4;toRs@iM7o<* z_Yz@t2g|WHWx0+IIpcFeO*HOPOG@5wUv;WWSkzb$`xqi|<@!5KQ@sxRdKd!#)tx^K z&Ola8RJ{`MZPeW0d8>K{KQm5;7}9!WAtE@{o!)laS@r|Tqg#EFkJ3a=a4dxrH)-fs z;E8w4w z4#&y2+3a_Bf%cJ@Dz*a?TfMv7D;loH!(3$dGVT7utkOrSX``c#Pam>jg1`L9VAoi6 zu|`WKU4}1oGOr?drd-^D<+8j@MG_w5GWDOg!gXRXnox;w8wWo`30VJ0f5%GysP;&O zz3B^<*MyL2nr#^qfpjA)QXC`=8a`&k4LFI!V&_-~ z?Z>+Qqoz4`!Xb$DlQ;%dox6D-2xV5j)yIlcVI2CjI2^6>2w#}l1V3RrHNgjenv{nv ztEuX3_<{v9*^)zpf&7!34)Z=6i6z?AsULDbNXHpzAZxk8^l)5u7FucKUR^Bt!aZuG zu&VsNE2oBrl#V|3b0gRJ&$mgidD^2GC9eBs_vvAIW)oHM^iFx%-pT6z&SwK^wi`zda6C*rbUQXcU2Nle&NM%TBT5g1&d8MJg%&UUx19^Gd?b zodaUi>8YKf@c_VTD>D48Zv)F84p;9y^{)0zAIg=R6f3zT1kHX}AQiiq0)=l?xL`4d zgO*jl-UpaoC*=CpjWb;;F@mOe{aV|s(;Sr|O%S!pB6m!WCL`95=31`rA}THJn;{I> z)zj`{8IO>?Op7?je|nv1YrEC!23Jw$-o?6aD3v(G!klV531RsCHj@Ur*i0S7h z3LSmx_$l_qhS%qk({Z&2PnA*~A@I`r>FbRR)7g&iQCbD23JFHtV^%CN?c*Jqvq-Bc zLAoUJR>HN%r-P=Q6+82bhN6sO*A0dxFIRry*BwMojgAvSZk~<&E@N-ky)40^y&HX_9f6Bh zDS(9`NA-BY+K>8&wM!U`v(fpU0R+R{Q~`qh-Cpji%Ae3auh-Q1iH+7gr!(ZZ$JB56 zA{H8b1M8H=grmojy8HYQ+;xUwSpD-+;=_$-zZ#IcKe4GC%lxalSNH?SGnw88B9G}t z{uLr0CA+PlpT7rO{PeUdGsCEUv+Hk#*MH#jQTM#9j6`d~s#WLU;UO|-84nhwm^B1$ zE3p03r*_JUCOXXf4GYa$>4h0PJ^{gH%3{01b+*B>^Ptws>Efib!)TfE6<8YIt5xMw zT`L*;>SjYuJ9fmy`pVSN++zIpP4e~r%spNyx|;YF$&S~ERpX+ve5J>0yAv*}{;b5< zS7pmZ4=T4JDYdAb@)YGqK@z9;L564SpZ_cCwjTLK(;I_%{@DWE%O}Cs`2Y$%ltc%=K77hg<6|h~?GF3-6lvs1+qi z#1Q@e%bEba`hDFj1c^O^TtCK71QoA7RR6Ddosaaxtn_778K6ro)_SMFBd^)OJjyR! z#E!th`shc3E^Iu1{14Om|Hd6SIO_mN{*z_11@l8UQkrJ9Mu$ZPdEw)5$#{?9If?ep zp899V%P7M)L)ke~+rrfqWz)^qm?6%q2HPA4xW*i*tDK6_NQ$z-uICNV;tSd&E}w@| z0Y_S;hK-SfcFOHBDx%s&qdpCH^I8OGe*ZM%$U+Fd@M%H2eXH0b`mRL2TFJD23DZ^z^1+tT4-Z^g zbZha-j^*HQ&X+r#R5$&eguY*-Q55KPDYJ1Cy=i>}AkP5ig6KkA-5(Dh$#01M%Sl=aFWRAl3c{47ub zNP5kV@n_TMsI3oW;iw`FGH$2n>3QnW@99++qG+=$BYr0?E{HP0_*U#M#^pH?PzMYpTpgm!rA-MXfxqq^R*f@srVr^D_G1z@q#4 z1q%Qzv>N%c3_X{p>V>)25|qxeoD&}xtnaZuk_2pJc4BC`@+s3zg58r7^fU7BhA+Md zJ{*&Xze$r+ZX4G*CtI}%S1;#Mzj@Kz?rnb)e=I7j%fPNV?P`M0t&QgTzgYmg8|DHP#QtrIIe!66ZMIEMf2<3rfCEnFcQ)1bNV3 zn;D<&4z{A|FFV4C(&Lo6>C_jVa500$wYn3HMeZRHiWHOJ#STfH2F=8W% ze`6bFK9!j|&MFyz*nIl=|CD@2ubo_NPeHRwcC{v^*~dJ%`?)vjTOf1KL&PsTrgrLC zGhzHJL@OM+x4RXsSoUGBkE`}R`fT-{h+PE$f+^_DyR_PRA!K6A)PH;b%b>Ag80=i1 zK!%V8&@F0oGben^0P%%}XQV%tBtN+@4ymTOV6cD3Hcz19rA~dA0?<6E=b3;9Io`*) zJHlAmf_G!HE@Z`h=61EK=$~EU4;)0$mwW+?_z$!&C77sS#mjd~b&faW{YZotnxOmU zCUr*xiW_HeoOXs*{{sTzR_LB0bGQzbl{2Pm=Cd)$RZEiX=n_<1SzTtw%O^Y95|!hE zB#^9^rP^NWSl+w+WTKtI9_#m*N6*C)JzFSjY^~-mLY$D1QmnCxQR=Q+h*g^2$@Syy zNi_1QXD6gZWp}51u5T*odyvGvpNnVFo^hogH=AAVjdS$6oY;#k&^x&mY&9f9(aO#> zTko{Gw-G7ka5&)*Ecj1?AfE*+i%6iZ1J=#H_@S=R`80@9*x{oddL9aNQeFb%^%-&>qT)O;(}k+OHzRhm z*pY27*5B4=v>fMMx&Q{%EohkKc{8#3-0?%+!;vYMsQ(KFeD~V93M?4@T-`e~;S=O} zEo|>@Z)nrfz}^^($wST@SW-E&R-4Q6c)`w-=tlE$kCNA$p;`!#FoG~Y{(M0djxlYXp9^-xrhzS~d{m8*`shs+M70XNq3yW-s@wye0~(9W z8r>aaZ*I@jq2u0(9o&e>wf~gMPxhd2GZrIUR{R};yq7>C#l3%lI2Rgur=)9dZf?1H z3+k4xV4<%sa5*B1xuPHM0nrKN@$N zJbF{_aX?H_a-0^(&*#u*@~i+EuAq%ArsqH2*|fELRgN|@xbR-a=e~ZU0}Bc1X6;U^ zL`|_Sw1x!D8NjYn`#r8qml;jmUlm^Yyw9s$#(x7={ZQbF+>X&^& zvOj4HWT^pAq{_JRp?B`Dk7{t;5`tjfmr0BFk#;0TAnL8JRtT2r_`IarbwhvoW|m4_ zk3+F1)oX2kS|$l^yYOd@HxEIn#(ZiKtDd1DB2Mf4&*Zn~)lUwhES~7Tw`nI~)E6lk z8;0z<5?$ayavRJ@5;p6PmvcOZ3Du_RPw^r2ZG{PG)x?nMNO;F;a7k-60KXKuP<@dz zfx}f}uTdxy;xkFVbKfI2m#9l9dh_jw4vyBXU8`&LyR%Mmm zn2HsD1R~g;@#76F)Q`9`=Is!Liysak-L{oUaMA5vz zds;{_as=e2*FWmIMc)fVa~fM+;~Tv(pd{tC*tIIgCgFJ1RS>Fk_R}-!DA!mQd2OZI zX_LOeXZvZ%lxNhcxv@&Nvxdz(vh^1-b0BwTgFRW!W?^%U8?v{=tu*3u`)Dm3MUMw| z8Y1)uS`>Vbnl*b@bL6s+kJsf^ma@%@zU;Vo`_6*{I}!>&)&Vy!DCFhVV-wAOUW>ipJ<3H|t_QU7JAw=HRpKwl?u7najdi zAMQgbr!`r>qjJxTOuA(I=Hj+y=j;?*b0JF41dk$V!TO!QQ{65BKqP>o9uPRFIr!g>-c*SG-ZPE^_ZHI8tr5m z9(dt#Fn{&^*2jvOUGx!fUV7+yS&c)( zxze3ZfRpHs8yfo7n7uk)TtM1Nq^*I;R&YE8HntbcE!us^DwY}(6Jrmbaa-sYvej<$ z&3lfmd1X6WMID5*`OC$U#-MlAcih;k0&-1l)*B;z_L#VigM(S*R|6oDge6x%?T*gp zCo3WEa%htQIbvd<(iCW`KtGjz2ZX#?^-VtvLXiI3BgD}MflYZEE+om*!8Ub_oT*tk zz67Rz88@&z9zTQ!ou==qLKtn|*f&fmAtHfkgH0y-jmi%1nFvWV#EGz0O6mM4m~Z2w zpApus_wzEAwz|J%ej(j2x}R?W$|fL&vgkm}*Ao3&`y;*cmj|}J38O_+9Qf8KWtAFS z_kJ5x$RV!Jb!#6MtS8lh;GW9%GjswdRm(O6SGC(85lG# z#HEJGd!dl8(MgA_eS+KsSf_{VusJ8wV}#tcU?dR-3gB|EbbI_wbw3`VeDKHQ?2radIdral96WBY;D`H1Bfb=9?FDozYbhm*VK>A4lr$)Dk z%}u_c@I0$P4Xyt!fjwit-d!yj%j$2xC=G&X>%5A2mWjyO2_=V6ENam|IsJ{XiKHQ4wVp@a zly2`^y?%_SH(*$OCQ~4Un0l3QdE$ovy|%KiBj)KwWO}QkeKDLH9~or&5wJ#((#8Hy zN`JWKO)L0LfEktIe=zt1m#UrcG_^|ezJ_bW3gnF--nry_tn-PRGGE=H z(DQjjGnW``%c_5zZWQE@Wqs8Ie2Fr<3ynG-3un!z*6=QJcaQzsjwW z$rwTU(@|Uno&KX`#iz}eNA{rKQT;Y_L3&RQnW$PIF8Vo7uY98ndTP^|sdGAbH+b84 zXYM{*D$fIFxwesf{?wWgLdbpCas;?$`J6?HRt3=}!~T z;Tob>u=g{34U@8BUTS3!bJqD1f0saA5v#}7G)pxt;=Sfwb{X0koos%xX^K}Y_)pQ% ze3u5@`-r8e?JGbCHrmg{!Dizuy z{^{Q8+(46It=|oevVFQ)U$19;`)O{hxFCSM z;%)D>Za3mv0rT?X0$JA<6F-FAUxx@H9ivpKM|EDbAqn;7uD*dgbDR(Z)tWO~^sm6Zjsu>VOhe;Jl zcRwX7+-Gk7oYW`h?{iBJ@SO9$H>44NJZ98!wVVS#1d2}68}@9YB!tyU>ct49{}>aO z!{&~2Kh+Q_>fbIr27LFA^9*5vUd{m-rNq!NPafZRS`zGaDpshum1~xwPw&3L{IE-Ny^$B!v`TqdUT<)X6 zszS|Lq5n4ne7vp%#=ww4g~ej~B;6+-e;s@Xfywh2O|HHm_C7%;#rIgXir-esMm;qj zBXju4j9LaaXZ~hqr+f!%`~ea)-_Hp32z9kWhp-m(D3fP#5L(Ps$#xUP&(Pg&{Q;0Su%v=f#UWcVDJSNyj{_tT274>a)W08# z=LQ%{$4rc)#NUUfn~w)X)FJSr_#2F-7x7s~_daWo7n^BBY2mr>45k!baLNvtR_pi^ zz6{uxHJf~s=x((51{QIAD$`IQ<-j}H7_k^Deu#D2lg(Ud9pPV_Of1~DgEYO>)T!5RVA`{iT zs6q2!>c4alE)ASKym~gRGX;EYro?Y7Kk|dH+-EDuAI)ite($96}4A^5dsEVF{^W!U#yJxtqU%L2_KWi z`aJ;M-{*Hee8v6yK=)ptygtalL^u>lDRh ziH{lowbnF-iWD+K#P(U&7-20LVZ3pyXZHSx0lva&>mUA20$qk4*fXb8cvb0dTCw@_ z`FO1&RsQ^299;syv`NuV{Jn6=X*_@!+!T7SfCi7M(0n6 z#Y^@P)ifz(m{kdw;HH{}j*6PR!I1I4*}*i}K@p^PG`oO&;-TWc{*Z;@J|TSToJKEx zK`abeP%6JUn6mtPbIf>DFiM!WAO8zDaH%73dBP|CmKCWJ!KJ8rCudY`g!8MF!3UnJ%;{SPY<4U?Gk_4aeGF=k}~b|H2?LK>72+xvOGKjLW!TC~qK>o#X>MRZzR1 z{{HSX`S)9@F`9fnh$v{Yxbg4X-auKI7g#y!|KG}k^tf0KTJI1TMRKq&VS10s+R+JY zsnNbLBv-hCvJBeloPK|y&>XZcIogjK&5jGQe?gXl{vqzuqc;Q5;k^WQc)`*c=G17k zAiD)bYfT{ya43Ys0b|Uak>g3;oez|bzrL;h;4y#5#`y5njJ%wjc*Se5+D>@Bfh!^W zEz5gs5{W!T($Vom4&#n!+Rl;jlR4vuq+Dj0?rHYCbsh%{E!S6f9*cP1>x?AtjHZ>{ zgNu=TWYJb$>P@@@L^X-Mg?81NO#bsKhGsyK3U*za;fe8GMUJk{}9q z=#M{f1H-x0P~8ju6RUn0-xY!3zTZoliS@%l|3wIqrX*71?Y4Z59?*Nvkg|28G2d{j z%j9+?owy`DkMNY_;k-Trx76oR36x-!;W8vy_9uU6;Rr=?eiT2&+SEx10qWKC1H#CA z1<`~WH?v5(>u8dH@!{SsRzM%5`g-vGjq3Pn5=Ya(-Oi{?)j<7vN7733USid9xX8Fh zw5W~w)+9$Xzyhk2{u)L&RcwnOAl0d9+^rP+tJ8Z7p^DMVsMF2ZAMI{c?8; z{fi|&FNRf>KgPr!qxY8s6a?7%W;pb7Vy0-ovN&^lL62?tY5#IR44kN%iE# z>UALHZr_9-PzO=TwnN{rKk09>jr#K@ciVMEwv{^w@xhx=|1vfG7nLCbsATJ;(BZcj z?w7DoEPSd?2izSK7URZqN>jL%Rit$|W7@v%^mf4}8;dD{=uLd*yLGqJj~uaB$u1db zGW(l(R3IR_o5|876dia^p`T9@{@Qz|F?ugr{5OVhH`wo)o2{`JH*m*(Sn~5NOidH1?caQBd}lJTs7^8uQCy>U&4JaF=ambj!J$&wAc=wAG>sa3v8w zA8Sdgf7_mb{k2+yWxLl};+Sqe;~v9wMpD8z-WX{*qwY2q1Vs8%{Jp9x!Z6sCYS>S~ zzfgkrgeivs%@@lZpSLa9M(g#5giq@q6si{XpOyX~Q}#!Y;21H2R{(DRS#HBO%^gS% za?qjAZhPH~EF%MxwRRDSM)Jpx){i#$p1N+P>NFk;RnHQr2nX#g%C0+vg@=M62NhIV z-zC5*`d7Nebx=^dO~HY;cq%+yHV{;*H>#^i|9k~k1QiD&$B&aS-ienl6f&thVy=OOo8X0xq?O z*WhYeU9N7jWEF;{@kKW2IKVN4?EUok8^1nam&J?^+f(ySM8$+Boh>e8zT>kEdQc6YbP!Pd`v&Td~4X>qMmTW^KO&nvs;>W zgEHLg7U}oBDJ!HeP{{Y9*t~!{Gy#mW4z*6y?%X)ungX3hWtQQtSVoeb1hznl_jldX z$KYail2H_wqk=E<6vdOda!1F($m>@GY;|P3-f>xjPV+;1m|>%<&|x~GimkNSk;dmt zZb(1PlP53MXkX@qcclwyi%*mp)Q3%0lNH)9YcNHH5_F!AIcNJgzd^tO|`O>ft1cgN=2Z%=zH>jm9=;Xdz= zoEeMVtF=DE>Wrf73?<07zdU!DhMpM8-#eK}#98i5lvG#G?(~qqyhP$Kk1t>QQ+Ss% z^;y8U%63|&3O1vPw9B$R4lKG7IdIsGTf*CdqY5uyKy_omG}5c#JT`v&c`D^}!9cI= zda|>FRq5p(qG&dK-rzkBqo#L;jaT3M(;MxtE<6a?&i%M-e|^6d&tpODFNcdt8FcQB z_x?*6(x{X{4aR9*@0N8w21$dn*6iNjs^W(sK?9P;pGpEIML#VR)BMz9lanYU8RcFo zk9$D3vDwthrsFdiCdPg<@g?*ml?|=HJ|9bE25YnKo;P$XtjKn9CId6PVJ`f-*E~S3 zYLI#1U{)f4W=hHY#>$lMUAxpnjnMp0XZc4D_2LiMUUN3d=jnwS4 zis`OxoF9?NDf{T+y|R&>&E(x;t3?<~cUceT#il&bn$##Wy44npbN9{O)#VA-`j|~| z4PJ#aqEg!Dq{8B-p!d-zbG1*Ikzq8S9fkGOF{P$?$+%3gxfcSHqUpzsODHDWx(k z(wX1b>G^LKfT7`TRsRN)VkD(l=&!a;{^CKQou*J(3Xg~V8x8Jz1_1UEnszF`Gh1jC~^HNSpsr~bd9cIo(7In9d@GnfNRIPIx-^1u|Sy3t~MsLX0-!vd6u7KjM zZ`9L99knYs41qjV^ugTZKb(WhiOPwbBacHcrtvW~(ukV519^zBFzs#&=$F?Pf35kT zRm^YG-hr*P*>bPTt3`gu_oQ`tG+yCoo9ERVJc2Ouqcm{R?4h1vVmORXNn!-biW*id zY4!P|WEEc>Q_|9)v0=LR@TLmSMLF+1!oan8J~~X8O-=&qw=A!pkXA%NA4PV3oq)*C z{EcoqqW36-@c}5@wPG)88oJG<_sr=FSusBg`Q`DHtMl5>R2IC{(762o&gV!9=}$XL z67gy|Z!yce+-<|LUrl#AC2ED{c0|OIn+;@$G=5Ucf!y5gZ1Fc6gPyM)iqf^fMUh>( zD%~S``N|D-EJSpYWoGLx>@?UQ%2l9^%IPU#-j*ye)iwIHJ`=6iesdM$1!_c+L5EJ! zvFYP`N8@))PIoKVFFo-g#?Wf=SueXhIDei>X25&wL_xDHmvOn%W^fcqS{{U({U7qg zFHmXsU$`Zr$dfvl_MPD@CgDbDFMaBqs{ejF@D6A%Zv&#!KZ0ut(1{=fVBzpBngN+g z1LcZ^MqfV;xK71#08wx$^&6KHf7Y)X(tYj>jabQj(P{6I6;esfZ{-h@+CZ1_aGc2i z@8KUU-hS)<SF@{mV5r9%#a zbV_%3zx#l{_r3T2@3vfWGKJ|kG zxcB>e2XgXd$Vgk9e$ZG0phc+Pt`ZkR15-%xt(@OEDH?Dh{sW?`9shj1)A`C ztAqIwVBSo1kK0`=(i4>2+513Q{#Ai;n6=7s$SV?9)j!W!C%e(WP5nd;|vr$4W)yBWP_xnoS)(ZBmS}$R@*P?~LT=Tq)q(e8% z6P3RmI2y?kaX_PWAwCO75*A9Wy+3alZYio+K-96!cJS(_;Nk8JdfACe!DTdrx~$JW z<-L#5vMz2edm94B4`{uQgiAb2euGP}$M>y(M& znX%nvY1S%s_?@A7Uo~j|Cq6mKO(5j+4F47@48;)R2Z2xy=UpCun@4cB$^+goZAGKM z1$H)AhjJ)NG@yXW$rzq&M9f-!q{oV8Qpxh0{bZGP_^)i5-%blohS-gDApz6nh3D*M z&6e_X4JaffqSE}zEE`m&KeB%5{>LK)u=74^}FTP4d1jY1S!VV^Y&@GKKr85$;J!EKmwx^5|)QG z(tR%p+oIAlhsdAj;8+a%v}J6BlfXHBFY!NLX33`pgN?vjD`Yzb`IW+}?!A>?6wf3A zdpM(9p!Mb;DY%z_AyT|E7N=^z&ajm@0csz5>T_{g)(3#^2M@&B+Zskg%eA2%r5weV z9j9RrExD6RJPx$N$yS)lWEu`u2bG89yNVhvBMaZW(UjG@I6G?ks34d%APb`9P{FuP z<}63UIV!M|BNqMphI0$HiFxK=NBTWHtoigVq-7A+a+EoZsqEA6(PaAeusu z>;@z>`F$((ZQD^P(bU4J7R_-l8%=-FVVH*VQ0SnUzaG1$J@4R=)s_sZ?k{TqjOZVB zq`2%!9c07HPWjiLz3rMQSoPWa@rc=V1)+;~x^?$*2$6V&XPT@aH1g0W^cU2yg%o=i z){#ia{7EH0kQpH(34-a%v%^&Ktnnf}98fr*QTkM(Q+h?S15+BW?bNIlFPB`Osq4UynxVIY%%d|Gh*ZzK zL|;0B&4FCo+~Fv4{zzgytAcu)(NYpVr?+$V-9Kz5mExkp9x{bjIZnIgtjVVoXzbWO zAnB*ngqzy043jq)G~dgRh+t-S79S&YAFi(jA+sX3$nhSyV17!ebhtEHxDqK0(C9oE z<@mQcs7TW8FR{4%O}tAkncL`epBL)1 zTs)nu`1Cus<)Lr1RU>d;IGKM=nULs7V;R-_%%+_=1hDLVi(#A0dPKTVx>m)j#Qub* zCht5p0Pe`qg!`XXt7IR#?X)fp4tpMLiY_7Q28RD+)kU0baje@@0C?GYG=23&=d(RA zThfN&FlaSi$(AKA#U1CdBQlfy#E2bZuyJ+OsW#0^U|VJp$7vWar}ECqS-nsvg41Z~ z^@pS<2G1#c&y^a6KM+b&DI#kw^iNo8{|RPLKv~LtldImq z5?|QQlRZJ8gLbYu^V^3yWwU#K%r(tib?zy{(ulb|@qaUBV_5GcDYE8cEM8@fYWiy1 zbKcEy_>2*^g|aF2l=|@{Xm5d@Dc*ZRenS&Bw&|t&)VY-j2 z^PO|vkp}4}uMM@zR#nO()PP~xiHO5k_wLQoJP?07Gi}cR;)V5>_p|ra38--TQ6lWsOjd38~-xmE4sXV=_ z<~rBb^9X8}pyfJ{L!G0%kgK27!%h2_7>V=yK5%Mh?40qS6Vc~OVv4p=WFc!B<^%}0@Aff{>GBDfBgaMsN}Lj1q~H(ET5^h z%dKwT_Sme-I$lc0v>^4gKb-GWal1T;UoBJqF7w5Gj~E#BZKp)gGWOSs)Tu0oSY`MN zS^&J?o}qc$_ce9gEtHre%lNsRl+-qfEh8a-^QBLRg{~$7H^#3TLEwMkqMqCT@sWTB zvcS?>8rJib94_=87;X;25{r1O8aE88!q!@MbCS1~gC38;w{HyNC|6qp^%WjyoLAOW zNEalz~{%=djN2vSmbMQX{=h_vRN1akljD1^1sYOpS zOnV+vEP-YMY*KD?E{oUp+P=*}Tbyry+Z`nFkbtkpSo7KX{r~?A^eq@3YjSwxTcF|9 z6zaTG0CmIKjx|=pGnO^Jo3z9^GwLbVk<7%Fyq-&{_Djg7bz)A9tR`)$-8!Uk&NX3M zgq>h@0!(q~?z_WPBkPd8~PJ^9_B6xBU+H+-{iF+agIWWJ;l93<~9!s5%M zsN9fxdD@%WvIiB=vu=)tubxLf)JEF%UYw<74U#L8vi54HXUB632~QUUK0hMnNP7=3 zSP+@#7jm5jA9BEa-LV{kHRq{X>LeYl4HF!!Wt;8PIj<4rsTXArS&nRL?ynAtyHEZL zt|w=Hx9b!uY}lULq=bW2V%{pV9DZD&MaSZ6J6`^gxt7~vpVi~=)mn3vPW3(q7@dmV z{nwYZV8nt(vypDk%qL9<_yB$V2qDC-UMy z0_h3z5Ges!?boIO=^Nn0%3oVBu=|f}$e8$_Ke|m54F9a+->aZqvK>Gur1xVs zsr3wECU=W@%3LJu1^o->&ls)@-v@;}1mu$5I5jCHl^xIeTrVIz@ko++o zw<8XP&(OoBFRyi77-){8q45_6tzu8U#aOG&WP{%uXCU~yv@0M8L)hQON(^E*)-lgrc(TlssBwvck6+#NV)qzbr4X0%XX9r|+q zqn7o<`rquW7)VTdCx6TWbm8UD73!^CXO>9V$)!jC#Q>Y&@zV2|3@du$(_Xw2p1TR| zzrOA}p9dZJY)Ye8Od5$qy`!HQve(x!36bJp27!w%zY^0&bQbi#4P+A)UjbUf7nvX`AP)2Ge*47AQk9>axod zQtER!D%mwHUQF0Gq*i~j=x8;0ig^#4EUUf(aFQLdbP*K=$ozJCNIr}2+4uEG^b%ks z$rBn&)+6S7SdaYy{9!p@Lfrc?4(&8a*Z&d-Ad?!sjvwC5UR439Pv-1+5!C516 z-mnoms#)v)lq4GlTseES%+ZfLumro`p}hzV`^7BRHcfoLb{n*$1@5`r8ovn=^1xwI zBK_{Wolwi46-)lUHtt&-aFQH{3XJ#nlNEQl33MEPm{%-V( znR)|EElr~O?WJPt8k?tAbA9+CCh=*8_i_CHdPZdFz$9mQ-D0hzQPPm^otkC|s)?m@ zBw|bEUg)MA(|XbBn%>`u}X}*KpY?=zlsDpP`9%5=XVq-i%AeNaYY-JX(`pX zh<;!#S{p8Mf*uJ0A>lEPyjl%8mj&bDmQXOS<08w}s9COn@8yff&);SZrSdsLKoSgA z5Y)`5RnHJ{f0Y7lqidO;=avz{(ar_H9E4m#B(J&Qbh=LxKufY(9CsE-S)HwV>A*;7(4ccqGlGof`qx+lmnbtCd{%4(kwSYQ=A(R zw=x7Bus?EL)9!7PODXPNc*icU@Wq;(*!v!uS(gM0lUmp_+?ACWBE#vjW%&7-td&iv zcYW1n!`LR)87b5RB83_gI?;5=%H9*e4d+Rvmn$RD13$L_JU5$Uee8gkU8nMkPW?vt zxMJzNsD)}l%cxv(xqhSHFu4dW$?LRZQN19At-k@_i7rD z&7>X&9@w0trR`&`{ngHr>(jo%?)m0_+HiyTUDjXg;!sQwmstoDsC{Ow`G8HXrdt6r z9-x}8g;L$4X~1*z6&qArX&39?{*`vY4lJw_2+>XRfr4?3IBzDzY25_u z?JXo)f70mS5PFltIE6vv9fJU4pMOsm?j6v%&;3LfR>0va-pL}*jj)QeiRy_W8si#UO3b6s*17bHH+R6=UhuSr z`gp>S9C5yGCK#IGpET-kTJ_8An48M;-qrk&uZrItP&_*#Ld6+i0K!Ne{A~_S&|Z=M zn>uUyu!D@k8La815WNBB?;8=-nzY2|4nc6+7HOE4snf;Pu|zK8Ae3%Vy-7t)4Nq45 zNyNcdvlZT<(WgEaNVU;t2r?EUHk)!)wUjiQ?%PkR!PFhkwwv(%bs@iOQk0+;k!{^U z(3ozRqfbb-CR`1BX{FB7RkT2h>v!HDOP(0>`yrU-9YFtKdgR8lU!VdNLVbL=NRRa5 z^kBb6sB?^YRNHz1uwJbJ7~kHEjZaHPvlhn&4yg%Vx(R}T54rU|N0T_kZaeK=mND-) zh9$*j&NjQ3em9_3rt%#qPVYJQ8XRp3yq&IxYk_uy>F%D;dsKjyz`DcAkS%p{=I$WR z92+p!J{o~N;CzBSbHKtjh9BJGpHz-_Mr7uDX3f9&OY;l%c(wu$@C2x@JwaKuJv$WI z9(`?@VRqC+FW%G;_7x2|@(QkM7U$Cfs`T1hFViTCE=id@)BZiwG&n;QEv9Zl9d! z_N*q?8~5=|jqyIJ&578n8GYd#NWHO6WJGi-8U+bw`c7}t#>WF+CV?mYRO{aa4b*!i zE=WMhKbt^8g}-$E%=FjK^OG=Ddby^)FPjz#JO-zriL6kdd%YGK;D z{QfdCQas~XrXa1%>Ab4_Bv~%{4E0U*zDw{w(lGbS(4ZzHPM(%#J-?`2)bQ&O>o$Wz zT2rxsQ8C!p&Q?`Cze|j?KWn5csA=Dgc`L3~&VhJZxRFG=s!{EfCOaLQs#ZEMCX>p? z#cB72hGx7BlbGG`Z=-=lxwd=ytd*knhltrv*RE?P3|_YDGRyxF@;q7p1g!2zn@MFo z5F-zIg1MR`sqoP(v?RCIgyq(Dek|Mmr*anlr*e)R{J*K37I^r`*(bpeWa$R+0-*rq z@M+is+FcmMU9Gwhc(=Uf?=_BmNLe)t$*;z56?X(MlXjNL=_l}JRT5QTjTx3|zh0QO z&Jw8UY)3!g_(-y>bZc1;`f|@()LzXolk-o;&Eh0lcM2PY3)A{eBYVpD<7+PY6JA_N zgey5x7UH$^yCEKt5hq7~1cr7nUqIp!4>|HU0hktTzYb3dg^uN_c+%2lUU|BMu>!Sw z2+!l$up-s^SS;tAS>BE$uKd%qBFD=cVP^k984zYj=wu$Mj~8i`-TNjH;i}Pm7t=ID z*#CUh6KURHNcYOCN5s-SBVtQJs$2XyW$A+6++eik?C)|weJqb1sM6KszfeWg>(sho z02zqFwn1Rfq_#C|38Gj3f_*DHGxLjX9X-3kckt)c%YU+KL@xk}`RcL}#O__YEkfY5 zc^=w*mYbWKqg58!d}h@4K(sYffw8pYVJ_TqSnm<9LyBmdZWaC7@u(Rk?~kLhNW@EM z(ORwhGsQ}~mlbQ&%0D{#%AdOLqJCo29l+fJj7NmG>7kPOT`)SH8P!HYeN_ z4|#R8>b**u4ZdazF5oIt_?xge6jxZNp1#z3Qi3Ebfy;8cO>KYJ4=><@AH2hmRNNM& zAgyJTfCrY-(DTk)eX=N|BY$x7-aR7jxt}olVBp)0S%+ua-gS?1Wr#}h{(6l7;|VJtIxHb_U%cD^wYF=F;I#Xa+>70gX6y~G z)ICoEGlf(>An#jjJ(2%_&GF5oo0z-}H>5&5tQ_jN2s`y@4UIBdADJn>@}8XjUIU6l zK9}_%0nfuKYY2%ZIEMk?5}KK!hQms`Vy;-$vd+$xrAtI==bz>J6Vrm`@qcCgo3@RC z+z+B^8oAqtI4nvS+3!YK7-*CRq8ea|2Ye5>nly$SXK6md=WE+pg&03PD z@_&P_ZP^$J)LolXr-t9{+@R7&NI$_3=PamY_=Qc5rg93`fWw+iX$+sDW7_d|*(<~8 z`a2^PwnFpKvNCBesuatuNFFl3Ze(H5L*x8Um%dI3Qh7vSgf%W3F3Z{!nzU%1X`%Zx zA1tJ$rDZ4+pPC@cI20|(C0lRx97PI1i0{E$xgxCkY z!LGzNTS#e;jPe;N-{2_&qAjNWA!q_jlf2sPE?SyyfWHg089ubLj}9L=wF zXePf%EqBoKU^TSXeUB0C{bcol>U5Fnn)w5Yl*_UDt8#08UN6l0f3kozy7w8jQiCcx ziA}?$M__ZsmWkjlG>?!)@aQllgn_e9^^3Evq=CcvvGfB4eIo8Av=BB1^ZXKZn@GQr&JAH)H653NmR%w<`%Y2izzTrMZr#b zm(j*uBGQ=LVVErX17yTt_*s#bl6U@HVr3n5o<7u1HRK6e6X9pgv^`@I0^WZ@5x!c* zn=kBCl>7MNtS}n;`%Pb0%htf)fPPpYDDY0Xj(loo7tIvXjS^JK4YrltYFc?p%raaq zdr__r*rSwMH8t~q&&$xR_0dy|%4?T>V1%%P11a5jenE#y_x!JC(fyV7rOj3AV`X~o zufpyAHd5DKp1%D62dX5qst0~&XYaSyx%f8C(Z7DYsX0_Cs^ix3TK&%paJD&)?VJi9 zN2Ks#wT24#0V_zr&-aqheO{wB{^+y&X&#tR@~Tl;7Ua^n(pLp zy!gTY50#$;5bao6Kcs}nO1bWfS$KDc9`J# z_MHj$C32ruTfNSc-z8?f>~9B_NBz!9Y^f5R(|!2ra6-1=y@C!aDo@LXazC^8LnmvkbI+8cJcd?w|P9!Hv%(1s<(JTzT2+R_(>kP`zrW**;uQk$yxUjljkO$4e z(p)f&Fp%}CNJe{k27a{hUC3ION-Gd8K7a&C?RmH^qc%`#LaCGnA=;v&qq_^i>lTPI zYQJoo_N7!$3vwNP<4WzinbHwMgEqfn`&~vL^M$pXt$5lm`Zd?%Z9F>npcjLi{%E0J zoK}>vceGfEOd_Jlc(XbNVrPbjKi)auR&NtU(Yj8PL+c}y|LJts>>lWI`MFL}-p2)~ zoNC>)N*s3O+4T(34}GO3o@i;i5w0gLz%Eq<4#>;%%QH&$TJf=m?tkh7AP5;DP-M0D ze@}<*R{?1a&ABN;ZXsFO4Mj%fUQ_TrjI9*`H4K zatSxdc!o`<64$1NEjjkY83-=yh6O@v%jWf951gGkJYpfaJD+^)FtSw8QL(pBy!(H% z6!4tC?B%1y#YZ~zF(^sfZ{7A4CmMeZVf(%MGDWULLum#L^H9(6&2Jb+WB!TUvffBI z?M7^^$0RTC+8uZkAwjxxnC0LEiN9Xj6PkRDACG~R^09DuANx%^Sh$UH5cxCIri-(n zGf2Ms`Mc#t;?8cb0OSBLvw--^JhciZS znD>J9xQ}Fo%}P|N!=@BP`s@008b-}h)X;}a0WB?J4Q;3Adqq!t&S}dwzr6JR)Gjdk z8R(%#m*;fs7jmh5N+*kz-ibW6c&3Py{Q84I_3nq%YN2+yY6XQJaxF_pzRbAugU)Gu zyKd)Pk=1vfi?QWljthIG-TFPgvDMI#v1(^WfXNiyt>UCgcCF8^s}d>oT-DP8^`iJv z7v&U6ER!|$)79w);xw;a&IPv4;9`&!iF1#;IfQ<0R7@`t`>H|w^^w>ci~?YfM@MCb zcT7O&kZU~&%3&_w^1n$RGnucF2s=<=%w`gWuU29$@(7_`lc8lxFz5n3ixrjU+|+}{ zKSv3QPv97b6zgd$Y6F+8?;LH;iDKM8f99Mk;Rho`nv$H~{NsXsP^7>(n5L7nAl*P& z1^d8s7dx6@C<}`9k5JuVPOTSEn{%X*_Pl_}?8f|zOM1i8n%Z#?xvWEVy-LbXt4+F1mw#tOw6pyIT$!pMyK?4}MTGZsMj^j_xnXNNr?Hf;aZgg~ zcRkm0prr;p=E|!aAT(E>e{;4w<@s?!rXE2OZ1&4dvQrlrDrRT_(La;fU4I}#^(dy5 z$g}dUmOwBZGgAAvQ3WASK_p9j--90=Sg*XE+~yWP$hxcHI~7{*$qL2$`kdvPbOWSU zp3y?$!1Gl!=XVX5@Hah`k{uMPuZ7;7#`oHYxiVCBttr?#!{Ht$nG%B7H)8e4MJrx} zBvnd-?XqfRCX{qUaCnXH9yjI?{q0^PcR%@mrgk8Y>oV?Q&JE_H{VRo(NpOIl+xR~} zHz!wyR4^PwvS#4#e9bN!|4V$T*8PP8-wg{)%$M$-#TSIVQ8Y9xk`jkl{D(k;jn0o_ zmd9O#n?1EcKP7Wpx9zVu+AaS!XgCTnma!gMzoHuT1Ki7UKRa(#M3R7dDV$xqT&lnk zm@NkiC#Aeog?t6eY=Fg<)1(Xa02Kejig43A2hQ2@8#}XMz4=8)o0A`aEd&`;JxM|L z%E;V{(<92zt%j?YRqS)@TF=LkD|Yxt0hr{d%WeO%BH|g9$RN#Qm>A`!h(x!1)%aldr$h1fwG195^L6{=? z5MfEC{K1M0_x8=Q{vOf?15}fQE5U>wS{1Y90%Y{Z4Yc1g&};%LMMMo(A0(s2>Z7VS9vZF9cb(C8Eb+|i)u=p0A7M>Q$W(_pSy#49GXf?#F&NV=bz?KZ&`LFD=lJw zOqz7*#K818H)$PwEh$3sOZe#Q)uY$6r(m1{C8nz-nMJzQme9=_tzFgY%i*I3BG>4K z+UjnIj}$MOwE{DB=G_$Yi$+i@Ae(M0FBP4^P3IP$LX{&_-X$|?$M{7eyBj6Lek$I$ zD;|hncQ#Z0O*7u&A?(mRpUYte)Ob&g?nX z>#d_785CwtmbCMRW#X9q7kl)!N3Uw#G06k^iyCzOVVZEpjUV`C-;03F`-^y(i_IL9 zZf!zr-*f7p2NH?B7^sRf)4m)mju(5qZ$1DT6}H8#wBum9=qp}d3VS`{|_NQ>6B79{hT{d;ZN4X5_?{0*&k=jAGUa(+Px zdLx5;N@EBCgZ=Kjc?zF1QgL`)y297p0oEH(;GzI(y+BNY;kMjXxE2FBv*njTSkp#; zi(TcieF|X3EpC>43yH?dws_OjQW`J|^LDZ@DbB3bbOUR`L4~Ki%c-d8Kpl?&=K9u^ z*3JYsCi~lU7h~=_`CW-hr-%C`m#+Qq*lXUjYIZ`$i=r{=?zh!L`7hD*Cy4HN=|jbD zP|X+g5ufQ`F3@cJE-(94WnZK$w?Bw1yLD?%tV|ES9HNuPfbkgTTit_hyScy95MPF? zIN7iN6b!~71uNyDjR#;WGRER=U8`A7KnK|L%DoiIR?R!?)sb0bKw1B+=Occ!c_EUv zv%3%$1DF>XA<*aEKiy8r(f)~PtEvUCE@Xge=b0b5v+?)zVC{ILf?NY`O0HI*HP>IO z*N~Q@CnONI1)*{Jk3;;9GHI4RQIk4KwOc`)4_rcAyC=m<&-+fEo_DO2gpFiXJ1}ow{r9sH2y|``C9e+3y2ZoX< zJ0d-k1zW5LkG14kSkd6z0n*Ki93}Nf3RP`CH#}RJJHVtXrVGmdw&?B_r8A)!oc7jx z%;fDcZx9ko)*83HiO#ov5E4b;cP7d;!bjyEsSJdBCH5=%*bTg+K7+B3T0cwlpE*kY z%_-D6T5R>gh?IlyT?Nn|RFWGsgK!VpY1J~6Qfq%kaG zsqr75fgFQkJp=fR{X4k5e*iA&&CkE83e--y0PHcR&4f1f`{U(rI7k!ncgliR&817@ z2c4D7My6fHX0ZV;!W#LZ03uYoY!rkR_KRM#^!m0R5JA}FfzE6FsF37L&?Cq-kO%H3 zt^g)_WTPbT>--EQ)MMQG%%t)dbc{5D1`ef$%RP%p`#Fi(P6kRxjN?BF4J|cWh;61{ z_l3?_Tfn}@|Ijjr40C&nJ;I=kVp0uEdO6lL3hO`)8qu60WAj08QE3}R_LG%Nhic11 ztYR^8d^w(Ezecfg*B6hUbRG=_!R>ekqK{!OE$+?c%Kzl__A?pdXD?~BnDAw4Kq@^Ed*t4e^AMZ@$`c%B^RJdlkYD&EC(osUc^10B>r)vEF|G0iZg~P27K* zI~W;;%xjqt5-!vBKhTjI;C2UD6OF%J7<_Hmwk4XHW^f1T$#httz;F`>Nj&gZ;xm?w z9}mrd&iM|s8}SF{0`&Ua+;4MI4-=}kbdN?dvKcg|##LYv)#ALVc6yN03usuTQGM&y z)PQP-1&eT!y(}%W)=)aA+cvJp{&G<*17yuC-8=LA4XQStwe>=>tzi35L4!WX2&16&HouE>+Lg+ML-X)bN_9*f!|*N`$($fhoHXs@d46jJhlsZv-aDm z1Q~isWp}CyOP=O~h58?UfNju48fwMdpPT*Eepcgkjv{-eo45zziE3y^4&*zqP^z&2 zZ|HLLg7d{`oRpMQgTE_~0)br$=E83=pa|4uT*t*<>QnGuWluoJK7afBRRO>Asu)bW z0x#XGRK&dqKz`t~4wnt??6kJqU*YH>2=R; zfBaf~dAOpfL5DJn0!fyjV`UBrk$BID7sH5h?;BMprbIBN6mH800>X(plnGe1{GS{-#m8ut?2|&gU7s zzn+%Vd|c2QNywlnLS zlb&C{_8vno_Vv00FwpptvzkkMF3?IHmk`T;fOY+2xwWt9D`y$#Sr^OICvDq0fuE>! z_q-1Vhr`=nXAf05nn~4ppe>M98QX8B@cPCq_9Q1x71h@2Ao$i?F}Pc6+SMjAeXlG{ z=GvmZ;ko#Ni=KDwaMVlPHS7%R0YfrkDw?u<< z7(jWhP;A>CS@c~p>W<+!(B8VkNpNJ%&CO+mm|0l9Yggz7jS$bkR_vbPq2T)Yaigv~ z`N}dRINy)N?}y?y=taTy=nUL_5jLF8WFIE1T%f^KG1A_+$S z4EvR*IhJHvzxAHcs1JnS7dhG_2Dikuh!tC~YCY$${;Yi9RVuYN|B=6AzSEUtEfp8R z?8#n#yc@t?=zF;r;eg;xUD)ludK)Y?m;r)cJOH#yWW9GWiMrn72%5r#wrUHXdL7GU z9jUz0Ry`UzhAw>iXfoTfGdQG>ei`s9iHqm7aup@N`gdEq-W8vABy`qp?&t%hkIrK6 zmF2!G9d_YkO1g(OLooBEOBp}@x4&`cN+<*nVJ^vXJX5|`q9jlL^39nCz_Xfr#E`pd z47cO^nRfkMxP7HA9zw7|fK?q9)^Yi;2Vp@NlH!`v(J~kM-C(sh7aGel6Wrn35Y^Fm z6|_({36T*?e(`wtp{BP(44Kj&UObK_P06OEZn;X0U6YYlq;lTP&zb4@#HiA@c<$3x zdbuivSa}N3u6oscd($h!3v(XnL*#W8I){akmnfWMTUiaWh-3QHAg(Iw744lmyvqHB z)xc+mLkv-F?zg7mK+Un8zsr*R@1D7Sd|@c5=zF_(;t&_qN{xQ@%zB3oteJJt*JEjG6V07$f72G4%+6@iI#q96_jN zXsF2UkoH!`!SEID&-xN0N$G6)hEAsPPKa_@$SOL&-QPiFW#w4=UN-IWuH`=0F3+t3 zp2dTWGqkG1vHZLOS)z(I21dLBd=_=`PQ!^~M_@RJzl)icQ(mzupI<%D)?T&b5`#yB zPtuw`UbUx9!fE)UZ$nKW(vCZOzyJ^Vn$!5jV;4PaKds1e)C1rPGr=iG>BY5&)~kxc z9C##7ucZpD)o9Voe7d7m3K?V8Kh)4Tbbl~#cg~h_zu#viEoJN`8En~_T(ygU9vv@N2Bfm+aU@zv+Wo~Wl3$xj!kH7o5xc05!0%1owe6CFCJu^dC! zjG}s?c^%VaG(7vI89K0d9)!EN7ASp_XmSL?y)3X4vK>tx>6h&-_NLPTM_}%uo49!3 z`KBu|y;Gm+$7cdr zm$6)>l9I<3h|>egj*${q2B&pZa1sR1*8gCv!CN^;gBQBhyGBaT_;7@FTArH^=81Q? zF)IDQmuzppI8yk8O)f9Rd$jQRii3GSA_^eFP7cHv|>Cd*0c`oBsqtD{_`t$fveN@Ltgn_$Bb_b66 z59W=vkQbiHG0z#D3&&wk$!1^$+b15J#Ip6+dTMjIw#MQusAw3KJ3dCb4M~Hn2(u3Z zUct(7cjPft{)8xQ1Pz+o+p2o@hs2!ynz9|X8WL?J09nWb^5D@;6ueC<>`mkMvfbo* z=@}V87UDcdH^WQ{B1^+T(P3S9&+M5*_csVUd8x&qR@FwiJ%%Y0r^(sjMyCB-^TJ+l zLp0B{S54Bg4&b1XE;QrtWIl*k?HJ2bl^rd!{Oq;; z^TQytg*cbJ%==X56L+oag#G8*{r;|iB{1WF8YtI!<)**CP-DC?7z{YutdaHE3BzVO zYS=@B>^5O?sD{mun5D3TNBImw^p(jg{?;O3H|~?Ku`muZ+BHQt>#5I6L<0-> zlP}9BeQx=>0ukZg79yv&Dc%w=1S> zGw~6ND)S+BLnjX;pWlq3heQgzdmVM3;x{JOrup7HaLwTQgRy*yv_; zF;N;bRJYmV$pSjn;xQ`eQdEO-u?zD)=8tl^ZKuzJ_s!uJNdEgY)sCAivLl+hc|qvP zy?X>M9=7<@sEtNhOY7n+YT9j1j^u@#ThmF!#M9S4M>USWs-vIScE=Y0z<9BHx^{&y zzu2DP>2zOm?x}P+*(L0YEK+U%D!w=WTa;8)o5ym9EK%^HGobxyCu%9vv}cvvc_4GE z{!I7uu|DQQ$QR{{y@<&mfWf8 z<_wvl4UWS9fbB=Jarl@L*a2gJBB)(jq+TS5k*cX)cP0VkW`<`@*I!xFL#c^5c#*~)w;~%DQ zTj%|-@z&AOrkC>&PIEUkZ`$Li+fNzDi__AvxHn;0bRi4;88N7vD?>~_Ew`owzFQ8% z#hsUXxLwwdwLJDKM-qlIrHwR;|Au_(o^m%!Jzr7aA?an>B%lvRxCP)}$)}y`k8PHA zwIT5w=zJ~=7Bl{pfKlqOkQ5*=*EDKn|B9QIw-6xAXfS9c>xa5?L*2=u5_oEX=bFHK zW@%Bl%ItNzl5Hy5vv-Z2qTdNuZ`$hO{c4jtOaif@?D8ylqF9jiYAR0mmli%gZ(*U- zbQ?7<+(0U67+d-cLG@5@u+;*e0 z87kEnt(`)Yxao1qDl|ze>L~Hc6b54ys4epfe{OiF$<*kQOg$LA+vA9`_dgs(v9n{?0-?)}^+-RCqhK!loiy;yW1TS!1l9-8syUEPcw^zj^M zK!-4Asge7Dz9*X_w;|D6$TK8~LF?)(qpY+2pBG>+NuN8iC#*@6&g5jc0*~p8k=1q` zKlj&{C?&&DJ#tounHg~htvfN_ECR(sEL0*U;~wwfmd z`No|Nf8-xN2N91dn#DhFa=Ml|A>wRNdFv;3bAFR%t6YfLus3B4Q!=D< zcP)7R*EU;|%-9&Lyrc1(NPmNL%)sSNa^lhJw!`D`_}~{60+3|5SMrasrQ>RdFBC$n z&W+Xib7gFp?~z6T9J^_MR85EVgjJuY=X<>Y-lIQk1dJ_b5$+cjYVc=z#&3Md$%0{3P_r3Vg0u(e*o-;%6+;3=oI;zL=38wh@F?vZWeKVuqful%4F}5 zZ*fyNZ9loqfoVp_J;-(l_r^=S6c`9=a@;kO-V-)Hg>0poJfC}QU~tzBEJ{9*`C};&6#7#{NxDKfaCy+ zfwA<%FnT6F9Figz9vg>UnA-w7nO(_R9<_826ZlCD;xe?PP38LOw~0U<_rG(d-z9jn zHp6f`wJRN*ln*+rciHEm4{jbDxuXt z4DrmBwCD4(s8<}tV#t(fxUb-Kc0jch@%c+X?`c1?KZuO3;t6zgHQ z^4LMw@BZnDpNP(GHvs-&&e*G03X?lPB*R z*C;L6G^`&We|dmmB>x=f&XU zj;O|b>J|if!qvRUW3W8MKv`FH+7YeeVl0KtgeA^D;8V;Gf%8Zj@015yO{I^vNqmQ7 z58!mVe+ZgSk$_;yh~lrQuT2%xq^NR+{#bw8Jz|IHxn@mHvE8b}x{`WpfM-9_RtGgR$+Cg8<+BaK zX{yn9t1~mW!bY-1RGwg4FSn6iR*I9#Hrc@NJs;2a;N01^+-AAnfK+Z^ucC4+y4@^l zAf2Dj)3)?TcwmpHeD56qigs_su~Glqs$j)`&?(khqY7vux5_h>BhFxeyft zDQC9}5lp5eI^RVj>fqKB{aQlo^2}Q-%Ns9dsa$eCd3PUGMijy@K)_p}^y;~%(`0l` z`+d%JbhC}IWac)PBjY-Ea5xgp7TOaBc+MYjS#gU}sV*tgt-qcH6S(parKX2UW)v=7 zv>8Sgg`T;4{my!-??zukbf0n4Z>`Mhnj)flr5RE-p7D1xgu}?1bkN=Wz?($ZxZty=5zW;JU(7sf_;2CG&An$*0E*imaG zKnfj(yc4+IvA7RGfPaT?ejafBNJY5F+7Y!$v&fj%1uEeeM%S)bdR+wHJh$*IbW~NS zHrJ0l%#AhyJojaI@VT|6OCL7#VSQssl+%q@)(erNWL^|ouOcjM7zI4X_BTtSFKEdwEr z7b4(U^&o+%*U$Qe6axQ~0>~H4~G>sZ_<`NjHFNCdzuC?gOKSg{OEsm>vLW~kfxKIr26A8BYzWWwhy3e}Oyis) z(6tMlR*^73)Rdx!uU!Ar%{la^|66WXE(KAhQD$nzKSVupZ3yewAZ;q$wTzLvA132t zMX4RL+L?L66(%-DM(ZH)K6?KJE3Ne!5~1t~Fn^cwL1+4!i{r@Oc5?Xn0tff6q4bv3 z|9;|^S*iwR%rmgDZ`QqCpMnR^=VNl`U>=*rL%Gv%<1rQ=iE8!|8LAWun6?gUsN8PH zfc;RHuG&c!9Gs@#dOuH3qwLhCM`lT`KeAggcsJX2w6*KC7Z$pHH*sjbo(h%61= z%6t*y&BfsG3n*)i%CaRkbNpL0%|SVr!C}bNC}B(;{eC^#=inbgjI<3x5Zceru|x0& z7A+YCY^xs1ic3ky7GRpGhOdW9bw}dc^z|W#U}Z1Ci6Y(hD*kjDg!3*Sq#PaE=gbYN zzSIOKBp+afpa1^u#ERpM%_@PTZ0w51)J-X#6%T`gsv~EEeboHIx)1 zvJLA95`dWU{Vva8d%AG^^)1@i*B4G{s^q3|`fAQ8a^NDclAZzk^7GIIbUn;CKkSt5 z*4R6^0=0J!uyD}O{*X~e%cEO-XUS8wXKWfR&LkjYK#Q}1M`rRSABTgGntu0z<8?{^ z2V{Wf2L@f_b$#up0A4!c?)@2<0zT2R9)iDyoiA8S|1YUkxRKpo2l+nXp<)YZtuet5 zWere&cruF%ju9Z?fEP%aTRxOANA<*`wR)L7FCooZ4?C+OM3l8?mE5<~g~W^}k08DP z9ep3C*b}_=QQjuJb(P_NvG>+dRj%FJsIWmn z6e&eTLXeVD=>|nmkZvSYN)hQsQWO#ChD9hMor{oGkcNdQwWI{3OF+85`GD@d-(P+2 z{>~X^oN>na8`ksO&wbCh<~8Fc3p{#%`BOA6+e?V9OHR@oM96&4q=i6$GUSQeRT~|* zki#i{r_`mTif4lwJ*vpH-!ZbYRh_~{Y*L|;Cw6l}8e1LeRKDO0XOT_Sh4kUu*VATEqb&wN0fvxu`>d4CEAJAd6&dZ;X`bt8?GLB z1Wyh)A@gCw%Lj1t{S_n#Ga@kMNF^q!Pylhyl_A*rn^m@>zoRKYWvYCER9QSF!`JMB zD_jzGS#6|q=WfUisW%$dS=<&Gug1464W#r3Sg$zR3S4}n9>f^b7f9T6yv_f@O^=7z zZL72!7sKyss6}bpdSlnm!`ntz+i*D}ACqUGj-^zEkn^3|2=Y?`t2dE z0-LZ=g!)RDTYFK81mB^ZWg)vqOw+(IhK-@W^4E1PF#p9`%0b-z2A z#AAwOXf*cR#P=^ewdMrTAX?oNOicS?cL?tsGi0%>-9_a&VCQQtC@6zzT&*>EBdR!TMcCPOi$xo{{2<0$AhV_ zmLb{NHxBPD_YnXPNR~1FmD->-;U`HCpct}xP@Zq6y&zT@t!FJwn?~!LC6vog8_XP} zX|5SKNiQxX1=*BN)K6 zMK+wSGra2jT4Rb#ADC*iACk5+q2!tGyzR^4#k8(+f!yx~P)8mF`PGD=-j3UOH2dq= zmO+R>;4F8d%C%5Wfth$i@YgOM!s}-URvb3(Ct{@K2$XuG7XC(U#j(ql<&`=3k(4%K zbdwzkW;%wenGIrzfb6B0Nb<6-d>Zew-yLp0(MnEK+XaH+&_68f5X*b2BP-&@<(>uD zn@v&g-V^%=?am0to*PnYu`lvJ*kG~wjptD-4-XqU>VSxcoco*iC$S3hq=Keqep!jz z7w@wAsR@1Z?Gly7DyXP@d!dvcE@S**Rk)QY(btOaHs1D@2&LR^K>V4Obj#>hAJ4@T z7?H)iCASnhe=EST(Eh4VT!yek8E1}(A?4Ztp}`mHTgR6M19>LR z@Y6r@Mj1ZmXkNFAC3|ae+u*_iCnv^Fg7bB!`4L9PzP2t+dxbJgWhp@<8VkhP{qOB~!w51Q9hr0W#KM6#D|4}0I?a~G)5o*0=ZiigaV zjufiMck>xq1luMKgs{Z*)+zIIwo^Z5vhabaup|YI&33wTd|$%xd=ISzeEWD-@jzp# z5RDxHi$t~Y{3J0MIB>~mbNs(-Ymz7q<719Zqihawf6XAd(yG_0F=`3gCJ!yq{t@?! zc~n?aUOm5YVMtWBO-J2WpXI_>NN~8Xnujjqn!TkF8Rpq-yYL(Sfr3=z7Fgv@nwK?z zJku}r4+uqUKD+%!u)!bi3ZYQnN>;c-<;9Bo#kuC*`MEVu^Er_OWtHJI6#Ht{%px=r~CjtE2u zy0m)$5i}9`GBe5}I)DhsGEQmxpvz30JaE zJ|N-^S6V&78rrO6{p!~9gv^I8iH>$L_=2kmk@((pY?{g$x23p>K5qo0f-S3JNoli7 zXyXWvkwW{H5X()Fj+H)Yy-09h0s^SRk{|I8j0Ph_UscDbqz|M&2=S8mCx)|v!cKot z1t{j%`geiybjB6(zo_of6MDn=XKG`eN$&9T8`skWHdO_%^IqpZ3D%Eu>$S%K6LF^J zohA}>aSg^WU&=LTD-0uTkDW*}F(GTqm_V{%kFJ?qli-G};U!|3-#-*jO9Va1r(HV8 zv+yAF(y1Fh=-3N97Uv+!BEueN+%KE9jOR_4p{8dlm!k55A>)Yo?lZC`jb|_3fZ|m% zYcHQCxLhnPm57D4khiEM9Gr}4g6FhArcnD^s^_L{`K?T`>hUJ(4cdqCydkPI4^9qR z*nhav4M0CfZziJm#hdOqBHphdb^IKgTiOmsO>?LJ$$_y#7H$#Zz7V4~=NME=uq`45H0^at&T= zbuS=w|Ha=B*i~`zMAm`G?jWa8cX~K$x0FWUM5)$M-A3!v2R;zliuZ@TlKd{JH(<%q z!$a?{X>Z}`6v^D^*Y=YfWvWFJUEke`> zTuzqTJqfHVwKk4OfG?arqgio4FD{TLRSoZ)zI%RO*C($dCNP1(bfx)W1t}?K6*}oL0T)<>myXy$6h`DnOpSjxnFt= zB-=IFqo9O`$>Ht`O7QRB>(T^F$ybg~XcdHs;T6~`s3#zv#J5DlBmIeJxR%4f$jHmr z+FJO+GC!(>z#tmoANbj%OJENvo(ZS!TSp12{q3TG{WSRFs|%(swD?usrjs-$aY)$?zQD5&Z~G!D!1iL~^KhwfJPrHA0HeB86LsnG){9Nq(*`p; zURK>(mz%o)=GZV!1la?@M9Q3Hmncz;K{vlna#X&4XVzWc<~0qnf21-M(C!&8?k24? zG0}yKvp@pd7_W7Q@W5mOeTLOSkzx)r4E-_2NGa!alpix5BGHs#ty1BlOQZN>t=rCY z`A>9#V)*7bZ2ptBo?hh~p`4#j%8eSFo%!KS<`t+9$F)Qt0-4eC5i^BaGGe2(g zCT>2f9(h_cPbMJ}m$3FiSdQBvMxAYnXU3w+Ce{OqD;2ZyIz@1%w_~6#n?F&m)ki`M zj8P-A-s-ahX;x!Kj3VAJdoJ-D0VI3$Zdj*D;F%5TXG$<{jcTn#)MupC|FQ>o@t(vr zSf^tV=ZdvzRLGP^w7YI=yvEgDF*x~(KK&M3=8D59c&EeTSuG&{2KA#0j)nN}$~76>&JAvv2%+jg?I1;WNQ&16Dc71D7^(x< z0O-c{l%cCEf^JTeb6>gh(ShO;b4uL)${mO8OsTNhfDub!a1 z??5Klakxjc?O!X5D5Jf#2euvfYj4@{k1qf zk$CGbuoB@La_WQY!nc6Nb9wZI4<0qIT``m1IN5T&&Tm)|iI})8OtRlr-HoJJrXyh> zp*Wv@Qe544pjecxXtq#p@ERR0tZ*Dk6;6d7vfq{3?A#!V2|yk9Y6UF~KL5*XBU>1- zC@nB!F=!o21SEzH&J~&aigbFC9BDN#Le)p#IIX-hvz8Ia+>ygMa)2-JaD;lJJ--jL zO1gPW3d-s?>X7ky?)n^}Q&fh8C%DSRyp9BZjOIf4B=8b)4Ip?D8bm3w& z4vq(~pKx*X-4th#F7kcZ7jE?d-A}W8Cy!d*j}Pf4Vd?c(z|ws(AUwO-UKjdIvW~Hb zP)R8{Y24+rHQoL`tw(~C4n5;E1K8xz5aiG3(ZChA(#c;yI^s<5hB-;Q)Qfh174`nVVCNlV5$HD+g5ah3NAGoC9x`4cRTsdeQ0DNc@F4Yf=XuMSuo$Ax<>p1b@t3| z7AhjfpNw^MN#r22Lf6R+D8MvzZa6bayhqB<))`fL3HP_9Y@fZpP@}DP<*fKIMDdS- z;=ebO%(gR$x=$JyawDk#@FYt6@Ieu$r{^l(3(bJA(5}(KHC6s2wH!h(rUhDla6wjL zn@X5FQg!IkH9tX;Jn8p=o_y|~hqG&KdKW_`bA5}5sSc+#d+8A$l7VaKalQkGPsX}>kZPCI?``l-0%#l_KvL40n&rE<|Xj~YSGlfRUo)e zG$yJ0PR;-&+BqT~9-cYq%dpc)OZ>K>>V z<)H*?{vFpS@Kb_kg!fs4Hk2Us3XwHSAN2eu zm@Y~>Tc1@tmNY@CksZTT!SeIvzqk$_y5RX*{!+WE>Q{S0d8mKbP8|))akb#2G@csN zOeYbVV_Oj9ak{Hz=jG4n|Nb#w{N}TE+-Id#%-^n)a@^A%N&d-|#mx>(ikcm{CcWWE&$LE>sP%*l}ESun}~$|C>`C@YXR-y+U|Ft(| z=}|KwDawOiy?+2w3(5U>Rmpy^S(V8OZr2vpN8+mqK0YmMHcS0jD0?CE@KtS(G2HHH zc?b>$7mvSo?A);R7qZ{&f0ut0*8v18?^;mNFB86>qKQ6_DoPN}`XK;XB|<~jx{Qxg zj$fo(MTVukQ*c_lzzju^x*mHURQrFo4jR1B@{SD7qNZ#1LD@nh-rAxB-|+E%0>h<| z>ogKT0E;N_6!Ng>*TTmU2FuXl zIruHI_7Sbu9Z&{;E57KMg{&T3cEOe}56hK@e&|T$9hf>hz&#pk1V`G%r?*S%Q2+nC z{vX~$2{9rwvxO1$(Z?UoQ!+$&G%@tQHmuL47Z)?IHqqvkDLDMgw#w~G^5zw5Q4=0G zY@+A2<4QwTr&;=b*@gme6>={or9oWgNmDS1!onI?=_nzlvUyd1_7^&vM?8HmWZgu4 zwWgH8ojCJciXLOb-ME;R($}MDwRAs=tT)miUnGb*k9XhgOS~6`-_WC06!leP^5TZ_tIaFuY6?M=G~WKOiMHQWDI z@OZ$q!KbcR5*s?7MLg$O1Tq`o7k!S=yU_LPt!fS0D}HtW!jYI#0%0piG1Cd77VCi9 zsltgI53dB&H&vBy>;aQMc;y+e;9Xk0%PLZ@8 zMEP@oh`Yo-df5gGRSTa_#Vin;Ds&*(&&pAM$Afi?!nzDEOA5?X_J5?0Lo&OB!D9%l z)ge|=vOUgw+geZSB>9`JEHnW7&}6C z;j+^zq*M*pCf&VqfNYWY%fR=bJn!d+8EWpUXz2ohPU8y zHPE8e1{DX+cmbjPDx>d&hyvc9TjVZ}6{^-&X?+6jx0An-_}5XFBU0+bfU@Ub5NN}P zk10JA!%)a9A=wsBqN-#IU;m3KgtzH|0={`@Waxeno+0(ghj8KgBCBrK%OB`n@zR$2 zMok@f?cLFDqK|m}M8X~F|2f=w&xX%y>>EJ}3FPLV-t8$#8b3(x{6#7K;DzsgOkI^# z576PobHZN_lR?5y3g$RxPY6F9y(Qv@s4=M5{IGj24U`M}+w$IZU;DgaX{CPG`4G!N zPSKav^jd&|Ih6_gy((%fcs#Ccv-ainhAdrlO zIz0bbB=8JM#CAdG8G4Tf?=z@{q{FXG`Y-9!SE625DLYk8#$C^%u7g4gR5hru^!DzCiHJTM$q!uEQ~l?-eEXj# z5e$MGaGeSm!U8e6Dw}+YV2M!^eL{+*Fo@_`(#Cj8vF8pv6ujoX6yU@F@0gmC|M6H{ zxR|tzg5Z-}w_9`GN8aKz2J7~}eDQ&rl5 zLe)pe{vfCOCJFi|a+>1S0qdBJ5Cc!4Nv-<<&8>-dT1QR#7r$!b3Y`QAT12H7Ta>8b zOS0A7uuZ*mz@6{QE!_>o1PFiqZ|uzU_Ud|y4%ivzx3dH|`w<7?;i&@hjIHMep#7cX(5b;Cd9@kX0v+3A^xMrUjRqab&GiDe?n&B3u{=7eZr z2y_de>}H)}QMMRMj$Bj8A7C|(>$lpkMGI9glfK0)Kxc`MC-j>>5&5;$|FV$msw=KO zdz!Y_Jmn&5jW(OIG3TG=(o^CJeAiD5;eMGk;eyRcjD~2r<&b!zC(cf?o^Br2ZGR>%jm(Wgb=B%V+%Uv=8{ z;L43K*sG7PCj`vncL}VnfbEMxIFx^Nt5p7k;0(r?PGJ#8A@9lV>-ii22=j69|Nnzy zX0EWkDv&vQTHuG-)Rzf*=36#)K`C+u;pGbns65khhezL;#nYML1nBK&x~+eT@cENQ zi|^$w{iqGntbJ8hvO8yKo07(2bTp#J2i<(X%Wd_Q?|j(j&t$4%msp*^=p5!6fBM7e zvyb&syJmN@d`bA2o`hWdP&|R^zmH=mv;^XEqD>hu*`bQA`j`HaMZ^ZUBXpJlgDJ*h znrd7C-&v!;%Aq&!!{;iuxbPdR^8?H<{3yI+&_#2+&9&?+iaEjQmQIn`6f5dWs`z=d zNgJ>ES@B(msoq5%MQmE!WhjV&)*M-}y>0*S9MSb}MuNjW#c%sDsaC7KhCv}W!l-#?g!tqauA{tOcILtsFScNjV{*I84oUx&g6`yO)rCL+4olDy9FZG1s z9o1G+l~8fJ+Q-hK{!*nzTl|=q-~9jNt1H)ToWekxtJKt|VV^7oMAL0X18R-h6DsTb z6GYpi;w;LiR}EOA8llmJ9Pv40sDE*TbaTodoDc*jlpiN@?JX3V>m<4=7$r6V90k5o~+ zxLN1yA?Z+q*1Us^-!?Ea=IriJi4fnQmFNxr_YFSYEIEsvB*(m0L2dJoK22JnWXSZ! z|5iD70W!EZ7f}20OZ*Q^pq0bcYVI3olzMhX_7)6!Zok1oA^R|Pda(3vZ9~D`T4`*V z{cSt_FeaHBzQoKoVIC}Z8H@`P!@gS#(~=aT2ptU)*Ld;b#cMswo-Aj7sB3Qgk)`1?|A7hAc?&=1)Q6%T!> zp{qV4BTso}_p@BPY_?8OhG2#3nnjGjqPuqfJ$s$gvLr5}0Z-n@$91z#Y;O(i!3`)D zmlJLm-cK+ethiqPvQ#zvIltJm6SVX&_18dSvR!03{G82=S|8`>mvGhm>6&)6xO1+v zm#-kEVKVtPwgBk>O}^Tj!BFaNnem5$=!)hQ=%zmNv|ix{=IEt5ypuy6$qPIQrQ@+| zDF)U4W2F_LQY>+`HEpwx>cZWnmLLlNSPOCpY0CQaXr76TU+FYir#bbboQ&4&N1h|Ai z=$3|&P;~Y~T>YnomC!^~?JPFh;Fq#tNilH$YLCqad`c=4p8HA$32v)XW+v%5>Bh!} z#>?Ye@-f>D;`*#n`Yv~d)?b4r!f3yXhV{47icL9du+Ui?!}~B0I{16S1I#{yZyYOV zA-3x;GBZ^l&YHfz`RQ6vOU={vXd#3A1i|GFvl@e|4$8N^**i8~R@2q%G1&Qta z4Ey|Uk#wnzUpU2e&7aIfe68OAW)eQ(rWrknJSNLVK&njO3dQp6Lo!ohA&b~`mnOd)1 zv_!6Ew5bMbw;ObZ`)VYo+vUxl&{MBCN#nZIM12o`PAR0{y5UATU_BUZ5FIbJb#Wn-h@pm7qjJI00n?#E0f9DPwCqdaS*@WB_; zC76H_Wd)e(Y(AXKzpy0x zTg!n&^u}7pQ}+=Lb481~z}9NtLbH9(arsNbu@7^?-FL`@>n?s6hCa`h=v1Gil75>o z9`oM!PP2e=gBM4co0}sZ!fX$jE|^>|XKkIos3kNEw|NGnc#_U0YdbE&7$nM9 ztK~40eGMjl*uESxc)XZ$A2ph6KQn6dwJ`lmP*bXv##r084^LDQpeH}!epEmIpp&Y; z+e(p-pzLg>RP`}}H-IZ5`&saC&>+cQO*AC@t-9l%tNi;o>Ob&7c#-enPJoN9YxQNB zPobl7cik`<#+;;C*g*4o5T`P3^l0E#dc;`dLvBV3C^UC!i8Tb^H)DGAUG)GJP-F8Aea*22>SjGT9B?GjJeGsE0)?h;Jm`2`x;;Wk z{U)tZN4GyOk-I_>v}mEBG4N?8|LiBC`maV%BVAqm!1l51MD>nClsN=J`tBQDW_tG` z?%03uW`6CFJTkh{GZg&lnkBEhCiR1bO2@~|Yorko5jG9fj*QPu;oc&;>g}=ifEB2- zM;hl}p0)Sygwfq8Z6-cw7#0^%=by;kJp^;hrv}PRn|H$FO9uE9x^vvRoT@zbr)R zEHp_sx`uRj!*$jXd2{`x+;6neZyy9Tr&@Kt@K`Jbd=&{3A;t>Ad2x{PbBPbD(U}^c zI=rHB`>NvwfynhtfIOh8wW{SJK`_1kJSSiqMT>~iG?MdGX+dU6)NJ64x}(t2C=nNzP!3D)@eYfS&E zV!d)ch%45{j3(eBS+u%^-Om1ScK+oyOS1SV8joBfgjLmZJ%BVV@Y6qxUkNL+I~+UAgS^^T^k2< zk&PFR-`{x2|0^30gz3Dm`|2!Qa!~k(fxUSh?#jxC3{`!m4?z(-(V5~%SQvPDzsugo z5oUbI-p{}bO-Y;9g=*%^CKwzY*3qUhS80wVGn6l|S`C$R zX@S`xSLS2n14Pwv&qZ=31r$AWNjr{)z)0T~)>M@4BO>Fi$&S&01|&}2 zhG_1KLtA@^l|~)sKrfnkHGn9+J|#+@-D7(+LWATozXTG}vGmf|@%H4P)%9+k`b3Yi zXa4jL=y(ECy%xwg$vlr-j6T#>n6$O1 zXz&%sQvY#8p9Aow{B)Oa+E?4XjrQA1lgVGmrKHV1_vR?wM*J|HwqLFjV!az?WA+}EjcyL!s1#rn7_PCu;rNZ<-fu7I=DWCP6F z0I^AlJem%mRvFK_~~a;Uv{^vA105OL*bxfBy%}F zQcrfLo;r6wpO$0=+ECvMBeryjZEO-CpBB!XXHLa}`}7nhW7%IbAagZ+#a!}7U+P!Z zG-H33_Jc}ZJzSxqP`TFBu(`B!wDjlaOe4gJ%ysopvf-HPJ`bDk2bf&C(%rGt?y+0# z!{AX7z$_kM$cKi^o!S z3Sd7D%s!SJbCD_{dodr(iZZn-Isirog*MQ{-M!Uv0o7(SA-Z-eWFld!Jii?!_$9@8 zIk|w^U~c2_559*V1NaBor=N(F64%|fpG77N6>(J1!#oujphi4}T@J;g(#+C|{XDO$ zou_~#@m8KQ=s!PJS;W414QL*7sK)tseHsa?lO%`wt0wb1otn4O6S87<=Uo-12qh&U^c%jR}L(%eFgZrm9D-+@u1h^?oC~`AAtBEs&ra8|_~l3*;wSx-<8)1OM%p>sTWl?_+KyOqOCu=9Wo_OR+4j+f zAx>)H1dT_5Q9via#hQm3-^wSRbr9S5J_@MQwr>}WgT$k$1UwrzIr?tb;iDG=j&h(< zFhd;|B3@7`(E3_s5@*mJ-7Gmhs0JJ7I-ainI6z$1r#{``58rpT;| zM`$!go`KP2u4{%2i#E;8{|+!IY}%)i2HO(q8v z0H|1k0Hqmjc9ya)ebkkaQfSsizp38QoN8wXmJ|Mgxg+)3tKf4U+xaSLY7{GmZLv|w zi+yO*pr3QD)?afgi^)yptfEnoV8L9N52n@lIBt+(+<$f)E?sJteC7uOlh}K7ZBsbH z&^vC5Mb7GXv!=~6gqk&|{ZEOq!5FNh#ZQF~R8zpM6nu4V;V5a!%&jtMy^S`Bp*Z>U zb@lChRX@uJ0)DaiQqwGy%XIFQgxuZT422c5@W{v;zzkfVtw3KT3BjT#T41hPK)R?4 zimQ5OE=D^lN2iES(kV*{Eh`cyQo)2mroa$V@6tLO$^P6SL+Z{vDG6@HUQ*~(%wf>J zL^b3qVh__{2_oC}T zKAU7q06%dk-y@w=RG55T!7qSk_-K13Vr{OE3kLF#o~)_&6&iiz%alqH92pfQb6rwh zI4It}`^*)S)*EuH%Mjpm)9z&{+ z62K#TeYh8Tx0ZN&fQHXJ&u(FmBRL)hdPZ>Sab6lPyx*Z~((c~BKJX&GX#!>~X*L67 zK`m})=A69%H)fp|ns^hYK+@I02j_?{=k{$fRBp2cMn#`hoxsGOhuO<*#cD9ljA*Kl zU-?F*-PF+cZ%;fz^SWWW6*3A9yG*t*9;fA=ad)f_r{L<{{ZV{zcs6rG^cpJi%giKRULS;Bf(7!f5IHAGCH&t81cNRRElta52e&W*2QI z6oMR76!~HP90Obs%%1>Mx`oYh+mnEy?B0z!%DCi_FY8K=cUMaUJBa7grI)rdsHfw{ z<2kAa-Cg5#9S7v=c~(9!b>;WWP7dvTz2CF7euGhGHPni)>qva4@aedfcxQxyK`{l( zm0-=Gm^c8^RDl}PJ8AzuLn!qTvZ;_~*Yua~V1Ah5WWSP|r(z4WsL~T`2AvgGgI;jA zWW-2FW`9y1evFvZO>!&Pjk4m^8GbsPwCRekRc^N*^sf_atdA;65%PrkPCs{pD(NLAVTI)|RpwiX%T!7-yc9R=N&2MMaXfuzR z*Bgu*F~6@+Q(sri z4c&{Y7t;Bl>peh<9>~W#&I^?*^-CSeGO`mG(>I07Fuy)Z^2xIcc5#aHFwYJH7tb}$ z|cc|zL82>vKDXQmB7K!hJ zEZ^`fLTxv*9ci9O^td~Vg_%}YjGG5Ki0w|EJZS?%Wf|>ms$L~!Jl$l>@*$5byuJa( zy|yTNxZL8rZLAyC-=ru{19`rwu1wdOGAjXg#{ph#HPfPXrPp6!+}?$cV)0hRknQaV zEQRoe{3 z7Tnv(KuCXUWeu)(iP=vZgB4wDWJ0Mw?9Se@R1>*v-|sS`G}S$a@@WVcm;Js8$*eO$ zj=!jmOI&?h!A8QWZl{^Gc`6{q;QX^=s=#VEv~a--H6G7et=5VWobdKxg+S8o=Ry^B zv3l=OB!pC-9%*LBiF-ss{P69Gtol>*v~z^8#xoa>^{t_`@Yk<{S)KtY@J%$x#RH;P z%{ToDe&JnPZxzKh)Vg!`=!QjK=_GCI=6xef*DEhRX}jM74)ac19pZ{$z7^HOx9&8F z4^uSaGsg9yXCmW;tei%G9QLQTkcYmCpZxi6u28h_nD*+q1Bx~g3H6Ci!)yaa&T*3i zMS&=Z50|2|fV5y&q(*zDRqLR}c@+_oxdoO`c9h%B3cu0hr`rM9Fn7+Nv2ra?af7$% zzoM70cx+(z%ow_y?caOOko8lGJ${aI94uY>9lW%&zM3Rg6fx0O%HmVnwVSrHs1cNl z+EphOTff7s#5{Z1c}Y#XVqI`FpUUDiOQq}DE$6_3nc}|srmsc0XWQ2nJkry0eFB4^ zX}gQnu`})V8;b#OyD0!C!YZ?Pwn(8+q}ezQeOq2!ne8hW?JcWEl|TZN9%oM z@ck^SHXMo+Ce+I#Qn$*N-~T~A2ClI2`3D&P^eD+(tyqIvhPq4bYw=D@XO^}qFze{F z_$EUPs`>^{onX*b#V$mAa2#~DtU035d9E&9J}&X*1u})EG_w-ydV<0d1`nBgc*S9M zpq^r7&A`63L@1|pd^7D5uUKgLJ0>F2?0MRj57lyT>k;p;Ij3tnFNY3K)Z(aR6b#NA zFT3E3@DT#pYZebiuj;$b1rQp9 zYd)v2M#Aj-H`vR$dxa$@^>~UNwAJV&TuAHjyNW0AL6~M(e z1AL{|9wB-2Vc!M07H!ddqb6@3&JXJRjzSm*r@Yle2p@zw{QKZIQ0jacoaw4>MU1}o ze|WNYA*0r9sS)w2I3`cg$e8JVw>7r{@Dgul)o5c&moa@vE=lm7DdgTnett3}q&DV0 z6PjW8_;HnL1$Vqh?eSVNpO23H%1ovS*ba*FjIacEmyop6b-p7RgGVxm_spDN?slas zf9dX~mrACFd`ndUQavOgMqo6}_fYc^RY?>SMT8{(gQ5tEPSlCZ_`DM_1qbzGM$EzN zD0OeS%xiA(mR-t4qvitVBDpb>W+DS%E`eoSGZGyso3RKj8PcbWPc_#mo_()LX-eK5 z4OJ6rYK^pePEQ`M4?inhz2GR_V&?Q2kFj&AJ3DIeegT)pnjF7@y{)R=z(_LC`LE5} z`7(|g7Fbt(4;_3^eN~Xw8e<~d9>)N60fGwd@z;?qeA{*l#{245Th^6mgOzB*ty~^& zFEW+xtS%Nna^^t^NWFnvqFCjZgj}JjjA}UzbGPpy)r}R-im8vQgUxSTAPa$Dlai4M z!=vWd6~bT{>9RsBE6719JW9oJd-a4e^+?!|a9yIN-o_E)3Y|c~w`F%qGA=9pP-vjr zsPvCrg9PK)1*U-l<4jvt=)1ZMMZ3hCS})podcKk z$AccI8;W#8HCQCMbNB>}g)p8!WqXu#0I}cv=o>4IxwW2Z&d4J)PH$oZmM7Z7VFYI3 zBUc;#B0<|-`nEWJbfsn2@r1`V2_n1e?4z$XmQ7>GSlZ&tC1~92%JSzsWES|#vKeiw z_ICX~zp5oLi}^-Tb~m>d2fg63uOTJ&EJ z_l}K7yF$57Iog~LhH?C#Q@EN392GHjg+9E$nW&$aQ=g)nw$i!J@}zN1-(nW3)wl0T zx<665{%&n>aVgUv9z{;R!rME|_IlK?JFDT%-P*&-^)Kunv)?Y3n(j=GUwQePuxbUu z%I%w%pUvl+=}*xc&uukEWA3~Fa^UTy4F|H7<3rDgYxl{yeWRv>o6(nbR+cAjK{8%^ z$j5N&A5GbL|Cm{8=FsA5HR=-sBJB00Ky*o?9CBkt1`uUh& zNy&O!b>W{TLid})eT|1}OjUAP>Px4qHlCx6CD?Bu$>&P)C;MYb4l2MA%oA)0^xLw$ zK(YA0UnC~s^%Onz!dU|s4PClyUx@gkymdZ&vb}^j()T2dC046Y=g}CUNqog=b;dDY z*S0O9c-@5Dj?>j6JsZN3 z$w@zv_XGs%UO=sgOA%7-3xfnRY>i=ult8Ac#;9C4h|2|Bq(sL^QeN9Y2<^{8WpgG1 zTI5Gsw>{d_Ig1%{p`!nH)w9$lj85? zSKnp9c4-@H{>yz2io~LY$~s|=zeX!N?H=6wa73t42u574>ONi^D==->A4Q4pZAc4F zpfENYV;TuEh^~q-h>o6#)JCJ-cKu1R`u(Z@B#?FjOJlJ4!15)O+*{to}5Vb#_nxTWcx58+5dj~9_p@D?UMOw zUy#wLE}j;$^8x0$a)yV992u|Rc=bPv3*^(P2pd-a&+A(V*m3xM z&`0Mp)E|yPn8#?P@w)eSr1tbRL~6w>uttd9D{V&n=E!MUm?m30tsQ2%AK74y{~*I4 zbzyG|s^!QqN)EbzUJf9eCv>;wG~v^$f)g!pxBA$JBeX5fJD?yZ>n_B5YF^gJ$|Np& z`=~GRCJ>!tkWTftQJ}FM-@XpFrJMNKUSvkSw8aE#MI)WPmE_+4H~18&M*Dlgl*FC= z0sNloM>M;dx@J#{tSj0KKc!TQOUV2^eV<(DT`@x9wyy8Z4jd`Gpk5>}U;F+Ly$FdU zBSEbvJuaCP#fmSTVkiSW0loDh$!{UPB7YnMTO#?4MVSPT@#5X!bO_U!%*GzVxkHt)sRPX5ZLUhHp>t4OX zsQm6fU<&Jj6#zp_ne(#s)EtRttB@H~Wr zizmdHWX+dIlD0fCY92XwN@-|vZv87Y{DFW%QDW4bj648c*CNj*%lhpOD`Qdv;eAva z#}Q};O6DVlf7;Zz^F_XdwQ|n>TiIMORqZ+3$4RU~$N72-N7}L=PM2$w?i84WQ>Fr% z;rWkQbo+7PhN$Z8y1c2kR8Nhg^vcFX7X#9PaCF=-HBE3eG}+9h=^wkB57xEZ&ulOo;DH$=_YYnm%k!+Z>0YNB->}zCFHZ zj8OHwKz_P?`CPp(m;2)K@ya;|80bG-PvxO&hM}H%VfhKJs7<^}Wj!Mp#N%+vI)`ZV z*)zOz?7Sa4i}=$m?H*0CqmZp3AfZztzzINa_yAg?HAVj{h7lT;4L$Sl2ZuYBn(6|Xp_bSp%_oj46vf(4-li=9BMu^}TnWf>f7lF8x68uhn7vU-g8AKlH$Uh0heUutCU$pu1 zLglD{mMr0Mhm&w8u_5%Xx~|CvDT zZ!I(aIrbGJt(G{IzoZe_@&Q;#9|!7XE+#Put?hDK!Y#RE^r7SaL5aXY-MqzvImN}F z&648zBqiLFh8aY=N|lg@7{+Ak z5zb1$U|{Y5TyF0vv53cmVY=KQaJ!P z8=#gU{n#Nyj~x!DS^ji*JQw)u_&!VvZ-MpIA-KRt~@Qxot9HFB0kjJ%u-%KG3 z`IH9QAe~aSEVdFb|1wVfw;a5<0KoAPPv-`Dh3Bjn4$jJP7!!iLeCZ@?l+#008~;LU zR9@tW^T**`O3f5)B;Y;CV9S5YMP4rE+u2pT{4;db;wD|^ukjg1t+>4WYZrIm-DTp>80P+FO%a1gPspR1 znX_`L??I;g(S>ZW^oo?;EMeWbDwm<@?d#2W56^!(14a__4u)OAf;Tl0wBQSn!Q9ZV~k=Ic3P4sOd_+FS0 z$9lH=Dk3X8bYPSG3hJ@$jjLjP$xl+mh~CXP=qAOyR${;}Qf?ol8gYA&vv+PuA-2KR zwfIbV|0!eoKh-sd6buRPE3*f$rl~mcouB`be2FA{FB7w_>FtR3ZM{V#XM;#4iC_n- z2+;Cmh@0_3+{}kh0=JXi6o#9FN*a&er@#$3+IjJ){Ow07Z4IVXTR+Zw&@Q-Ht~75w zJUMt)PceJ(tQ+6L7DeaMDSq1Da#Mn+vxZ2fV{%o;|6=bwqoPc@w$T{{L69&apfo{6 zMTwG;tPU6u5S5%n2Aa^&AT&9M3OHbcjuIp*B01TTp<6(LgeK?E1fj_}r#^KPoJZ!F z?|s*|);a6^@Ruz#cimOB!?mxyYggB7meih@y#(^48|WkHIqnd3=Hf}9dd&Z>dXz_w zCa52?IFz6fJI?EPmL@xk#p)W%`levAk9o2x)hx-OG%lu`7{5MN?yMILSBl>V)H;sOsl}lY}LKTyMkF|Rb-uy zO+p?!d$jfPwoZc`b_dGXYMg>6L|~oa*{tA?haMrQ z4m=?{)~usSL7vq*DSc!25hv*%KZ)zbANbqlLpui95rPY_Bmc{n{ygH}dL%ZgD97a0 zp2`dn3sx_aXITeCW$jrfNrArmiSvSHM5<=-&O}SZ?(BZ?Dn2l_kxG2>zucUAhie|T z^?#MSHzrcwYLU?*q5J3RRBMj!azzSv#rCFd3tcm#O~$>Dgk&TzU}H1d(t8pz4oL#_ zoAQpKPT0mQ@9w-G$wSDn7Y|wi?}0n$(fR7~ zk%o~tUAwk?e;)9<-R)W@wqN%H^tx#*a93g6x{D@wUC9kGLz`d8ftPq3pD+Z0!|lJn z2}acPP97}-ep`8XZ?IpySiv&4tlC`{zPs=Sylymkx5M`94uaQxMQ;`{>BOxg-wF)y zMu?bIoGR+w-HmJc#&!SrF0)LgrsY2ni&Nm6A$So6_^oIEk$l|CJA&Dhqs z`^SOXJN&#{o8x5^1JFFXQ(14>8A6BBN=s`TIeLu?ZsH<=0bu!%DtqAzY5er=69H6$ z0tdy{`OEA8Dxo8T_KcB>zI-Ik;c3gNtIYglx;~Jm$-hMTxA!-J4|qV^28nToMmr#& zF8uGs_F}&ssTYNujDyaP;BIHcqX2Wg`9G}8_cee%urY&~%+h~C0m9R2NL1px_COzw z{SHvcNw16}(3X$DAg`YwieFN$TCP)M;{|<6CtvT1>h^G(yui5T#HRn?_IAE-ovc~> zj|1BeuY{n=K&q`6p-@#V&p#zYp(|ctKw>XD>+#GptinUd$;qQ+w{O`Ls1xH zW@C_$(|+43(ItL?AO}NbG|OdX-`x{X=nob!kjVkm^$$Y2{lt^M0Z@H-=i`3^)jted zZwuswjqb88GXO#w22b|(aL0pR2GgTDN?8rGk0y?&af50<)fs@tn`7V=sMG={IIj+V0!1T zpX7Z4?ZBEMgbyvy8249mn;10;rA-D)sk1vmvhyrCYRKA+{AeY1zVK6^{zDXg3e-=5 zqWo#0wk_RH3-y2H@)TsWT!!BeOS+J_NVgf&unTTuccXbX38rcB(H`dt=kcC518bz` zYmC00m20ROR3^ZPes;8a#ufZbrqS-%bJ3*DX-{8Jahkb7JR5u*W(q3zKM>8A52j<+ za_C9IHfR>nq;G}`<5_J6)PXWfzdOHyxb9G^>=RoGhMonjZG6scV_UB7o}76b1k$Eq z?ljiWo7uoguyAFdc?P7OpMn#9(f!68>t+x^UV4Dqjh8p8`L9zROktZ_2vPP(kF@Cd zw@pjKJFuw-kRXY$cg<@o{yGFR_iMWZK#u?j;qs0r%{$_;Y{JVfJ(#xTcs!vy{vG&Z zwF`@A#kgHQ=_BMaB`hLp&qY7KbJFV_JFh!YO4mE_t|7NlkIOj92-KJ&Zdw;Dit&rS zq|tNiT^$5RPDehJn+*>WHiqA3RIslHaa>w#9xS2a;nm!l2Ym)k&`M2=%teE`)Ylmc zjY^`z3jE7cMay4ik_~0F1lwL;Ao?mW>z@f()s1}Lx%`(Bo(7~`%~82g&S|=HY3efu z1cD9!a<8kQ#OgO;?yzp(0>|013ZK;MPLY)Sv5=djqn8B?H^bW$io4qM3u{=YlB^^v?LAh(BTTlZWE_(-D_Tz8tffQDKem# zUfj$&>WJEU2|CP;!-Lio-8mh15DPCvjD@klF*V%Aj8|e3D3quyB5wrpq^%f9%-78O zfK#a(^WK(edAy)I%iU{C+2E9!HwA}Vg2-}(9M&dxV~*N4C6)sQ*R>r5v91BZkcZ;~ z$f%tGWdkNx+4UVd;z~gu5qe1Aftc3$f)+m9g^R6SSEqD6H*Jkdp6ctq$>)huyFKoA zQTxm`U>per05G6|C}gWP4$DLIp4ndMm>3ZLL>_)F=?U-Fjm&Br?}JurAPq0~F-+2P zGvy8;VK35o5eGKq_q!lJr)`pQh4R?q{X|e_jw5YylqfJOU#M^gr_QNCanJ2jb0_&9 zfK-|3zlb9~> z0R(;5-D9yYrFNiSFciKkqcPg1L77yiZZ|)P1C6a1Pxo>14uDeiGZPu5)}_4-U&YnM z?r6=HcXT2L_*{C?pRkGpy|wF>4wIm7fN3u15mXgumD975F%%pgAWn^NT=oXkS~jec-;Nr2=W za7mWlV<9%V6oIJ?ULRn&kYX0mA`$NTU|71JNf*HkQhs@jDI9C{(*0}W>6D;BkX?`Z z#vljj$ardwZ5ezuyURLdJp#79VqgMA=fI-3oz}^Ve%C7QqT92bm3;KM5{T6*{27?Q zusIy@ZG&@?HPQ_W_BbU~(i8JwD*Y^={RDQF{YS?A{8;gwcq)tZ!nwAY=DT%ID>yt) zZ_G!h`?mAu*I%LbR@Ye73k5mdYtJi@9`mSnza%*wWt(usoBxjX^$W67S>pfZFXEx0~`@g`?l(W*YdK)4C| zrCGD~x{OaY9=F}%NiUR`$nKKucf`5oN>BCsavaCb1(C!Dq|5#$i9@czdUFg$ z!P=%LmfjRE*NHUU>c1PUBLu0n6SyM%X6Cat+lt7eQ7&Vnjh=!0*Vs_kM{#w66|6>? zWlVgV%l#~Hg2(!#&2o<%U7gJGm6dTrLmIofO+%x^xZoqv8{dxh4{{jhzAZ2HD#Oi| z<4Rts%Cbed%_Y*?oy}a+(y}dMtQtRV9ZT9;#wl4o(|q0$FT3~^3^nUHTZVfIiaw>m z$&$f1oWE&lYPxnv|D1I$3cIxi>(8u+I=@N$lPl^7)SV#|iFH=Gl({h%eW642VVPb& zX^Ubz4Xh+kbjOcaIPY=3MvmlW^iqL|mM3+g19+YKLbK(qf&3_^fy6tq3iBYP9Q)}* zrZF=$a36=OdFMxevpbzEA@)FGB?@Gkc~Xj&)`oC8&O<>Zhq+igW-c;tu^$C~2s^i# zIqHC2m6aZtH=lF2VSQD%$W@x47JHK*xZFKI-$)z*#XwZRyX9U41;2BW14OA|ouYA2 zV@nIF!2;*3lz0WRo0|!VZh_P{2Gx-`kKOq14^EJhfK|K;xYN9*s8*D+ljr+(Dh8j9 zCm@P6BXLWs*W$;b#x^*k+eFr7lJJHXK7ijGs?9ZYk3~tTLUi~qUK&tnZNUQ9{mNc< zOb600XXfT8&#kh?E_I49VN3GKWW&vy?asvMkgy30{Y4gdGPNuyroXA>G8%UUq0?jE zl&XZzIH82+t^E z3V#YZlAQ$&Q@#$_g5DhhKCuB|(gV_M`pdC4jW^;$rt`l2Wv4{*XQ@7DauKf7j2daSvIMul_DdUH)%25)Az#NG~S{jrspU4CX@xe%aI}u(Pvyg2bNCakf|d`?rKKAa za7S-l>%3Gq($m8QKHf|^8N>71-&_}$jr2h0AOYX2w3j{(6j*Pp)RvYpt6oUwTr;#O zeuG-h+FUAldX3#V#f<>Uu9*jj&biYa4nwZ2;?(K+Fo%OX9LkG7fls`3oLcHS@QL2! zn2Xzt$%`kCByp0Soi0de!`nm-m#w!zU^s9kEvr{Y%PyJMW#wn$)3Gm0NesqR+kbHJ zIv^DuzqM_xct?c5%4_&#KC#zq4=dGZ%EZLh*=)ZQ8^r}_us-xmMq_MaKuaMyqY(Y2 zq~msAmPcS#3#q5(_3Rts`b($<_(<+t2dU7?u1A?d4tU5U^OcU7lDi zraJ|SciT77U5iLQkH#dYt;P9?BWQC-?I)e9E>t|tBc}C8!wC73=8Z;1W6dEfRWGMK zJ;O6VxyF&aocy;)s32t?UywT$n&~VirbbuDCSvtAQv1s`$ zKfh!_bD#8zACj)uD#!gAV&NI%x4l{b`Shs!Xi*Jn3ie!N-i<=Gb$_G?y7mpTp_}&A zb${`)6-3_92P=Q$QtA`-g8;SZG}z}8qY9oP-N#|6M?@!twTHkq_7_u38_v5zSd7wj zQoUor6SRMPzS7#UqBuV7;ppZ}_axj3W*$+?O&C1zajr__*`eLsnGeV*GiMfLTl!hxML>+vdropP^%2JNF zfE=#-Vf9l`i3CEHu@9Yx85|Cer^~rv3^agbq=V8UYjZX_*_GR6Te8b}?`6;)_Kaq8mz{!h7X_ID-*1yCkJg##!5L6*aDd^ z(*s_XA^HxKFr@V0WPVGXfkTIS{{%+h_ySv&r4|6dqBx4qH`CfKaa0k$JA|W`51WGqku|GIgEm56b7o9F=$#U}A5SmpMMmx7h*eQk+IV{z+oCI*&{ zG{jbWE)Ityy=lZ&tQ9bNZg)q-x)3K61Eb>H2+8SNeB0;(M4Y^&9v#a~$50XTXusJe zF+3K;z9nK^6Iz0*2o>qoZ^k9JglmuWx=t6(6irX+HP|1AX&G}`hFMm<<|(~IJVR=I zShz&+yrSjUlU3!p^;Ok_B|u^zcP=_a$KtCEC|aYDG653ygsUB3i>g`-2Wh3Gf36yy z;@F4nXJIjB=sg5WVK#kZqIfI0?Rdq?s49|MG>sO!)a&|Sr6rx6m!yt3(}TpxlmaA> zu;EBr_9SV}fpb@`Ri4Z+6o5m1ev0M&t;}}jIXw>CqQSI!v*?o9+L9;f(OV1GuF4)v z&ArDQ@xY@({0%MEq0_wJ&fq|wVhym+yc5`US;puPYJLgfFFEezJj2AXwHRid~<&^bO0qw7iVNF|``v=4d{01U>VM9d^kM)Fa*=$ z9WePD|1-xaSXg@-7VQqA(tx+PH2`5MVB4=q{M$Ie$;26_=#$?tPJAg z*OiN?vFC#-pkSgTqw+L$+YzOgpaxCY6j7CeVzaOB z?@ue3;vBk{8W*yvxTPcM4WS9Jj`@K;6XeQ({ z+vm=>Cb!W3Cwd zvJQEcfcq$Q|L23t)Epaqtc*<+ABNhyrB{@z+w_Fbx-Gwx(9Tp4w+4U}%OV`tGPknJ_^Kv9nSY}wrsa^{Vg2W!BG@B)+N#puaQ zSYshVdr?M6*@xJ_CrP`{eoSm*2NZ_~M1 z1Vv13IIL0G77(7!-{gob$b@b7K64x;OIgU*r2I8yUu{u* zxuG*h8-QJ^v;{+etw>rJ$2S>(W`Pe^8Un2^(B0jXQ=#y%sbE`v`t?=dc>=R%(VA$R zo(ASZ766@`MVBS4&oG^RaCPQ0YUJ&!5@4})){NZ_4r^kC29>jBYa>C&O@#hbq+>5; zBe*>j1H6Lq>YK5WR*!XM$iM591~`M!e8Iz0@~~bwL|nZ@?#r2%*Vw568?59Uu;S3W zf}9StFVk~c9STv(0nz7%QLQLWr!8*HXMLK4GDjYaZg3FAYfKAxm=3_>d$Y#VTzv_f zQ~ixr&R;TnT`V>?Hkadlfr}B5Ug<-Y3V5!L(=T^cG7_d>FfR(v_-sx>GL8I2!FbwF+=DfrnI>Z{*xZ@r2YtAMOP?w~O;N!gTAGEU#g6N|Rr<=lzdnJ{>P7 zQK6Fv2gd#}CsZ`qwsr05eUMF`0TuG8srhEE&TSVTszt) ziUHz4P?slLb zn6ya1Dw3^F!wNGbrnTXbdJVi9j{Tz65D!t(hRrru<;r|H1^7j=8lh_5t5X3q0hXzY zwSKt3TF1=1)HUv#gA)Lab8M~SG&zDlNE(2)kVh<2W`i0x1#lZT+s$J6s_M$!t+P8E z$Akk@t1+gBTv1iXRMx>UF^XIKgx!_f~a?s*Hr&0`;Cpgk4mh<50lHCi2# zyX$BPPOLcOu8oaXErU>+4vJRw*X*PQv>Y$fbkh^wu~EPG+?wYE%;AbLXdCD2NEIAVdBCvTcc`!Zm=wW{gI|t;;E+)(CKW^~EMp?j z0Kr3*g>o{!z*H?eIEm6f$k|rAUk{vs^!S&|&sQNmzAvP-6MSQ8^1J{m zKW?Ms)Fmx_0@&qea|y1kYgYiYyvK4W{p$d=dZZlAZF)%(x2DJxEwNLQ=2cE!Xe*Z4 zDADDF&&4P~abxq;<4ynuS@`ou8trx^0MR4##ZXYhrp#x;BzV<6$$gt|0@MLp z8gA>_ka$%qEJGiSky|Mq>Mxw<=U4SCV`TOP@0-#4umqf;U<3}~@tpgUaCFyi75UT_ z{XXr-NuWbCa@5WPV0)O*6*r8HTd7T9=gaAq==8fPm-th12Oe@xee;1?({e@FSgb~Y zc!*}!(BgP5US|27&1jtFYm&4{)v8g00(0VVyY~kkYOMCsrZZic_-&`QA%+}OBk;wb z8aM&vYyaEZxE;!-X1g|tf=iue5dkjtycn2I?9&3S)Pqgzp~0(FW;04~ltPWoO)(Z9 z9SUkI1{vVDb|U#gDDj{;n4)^4?l8n~_mF3m(n_7{_E=|29JmCr_Ty;ZwWclDsES;+!%-{7`%?4A_jb0*-yON#$;v2 zmza7S6ZE+AY)AyGJb+DjVoT8i>W~%v)HvW$rb)OLg>ed#R-bX4oCb6DSZX@h9UlHC z)JFhm{4jU)gKpJ&gwW9AjFER7NN0k0@5-PJNTIb_g`%CMSFGwMEh5l@&ofzbtwESi zKcC$zYEl){A7N)Iax4(kwkxoXr*ci!8M@h8w4>UJNClP)xE6-kVj$$O}TR$qvKVh*~PkTFmvp|1}=$rGE>%A5+6mV1Cz*O z^;~B6oPh|$2Mfkq7bOEO+j{Yn^$w-t4Y+JdfNX>kgIpYn){?>hv|D5-P6Kne(3Spj zK8zPDe2wL5q-Ww$Rj|jCD33+7gXh5Wou_g``4o0giUm>>Zvkc67r55M{ z=@mC~vM2eCUE3(Ry9nl-$mcHyR(LKPWB7LUYb=rN1gWxn6WYp_S zq=6up5x`zNq)iYe{Z@|Fg;!qWbgwfFnx34o;10Duw^Plc!vqKvA$?70EkL1Y_U)#L z%w9p{7pbqgs=zjz4OQsS?5k^gV&kK4%2<@3#@I#{?g+*rLY=5dtQ+IV8G~uxVA*ko zBIlq=Env>Hu(`?pyXH&>5r!^%>NO70JJA4}+)+p~h}9BCV}Mt7%LNH5U;R431~Y0H ztYY}m#kcb3S1ju&(iYoDiYwD3gQ6)X#~u_?;i?gMPA%q1x+x3}nEYIu@l-iJIyG>@ z0VKYJKqlk)xl+FD_A?0FrWndyG5_r|@~n1Nmhj&x(jbhR^0A6|tsB14A`emBqfrg9 z@C&$2Cvar!FqEEJ?Pz~4YgCeU3i~FnHEX$-p)}oN@&4#Fpi8OvGP^n%J}Bpl8q6hl zPFjt62; zTHdy2zaB^hMM)MtX|O0>5KqD;QeJL{nV*!Pf>BQ!>#W9;VZ&(5WWr!ptZcVmHNXkq zw~OZcc18b>+tmr8yZh~y>3-hp63-9m^p7rRS(>jjEQ&s7@t zN0V+X34xY|-jI7*eRGszv za1>0~w85s|8}0)-dbP1yg67UfJt*<>;w6sn>5u8(}G29$$t6r{{egTfejqO=ZUtK3X zVy-QLpIA3h%*6bx1b~tV~GF7h3*E$_s{-v-O02$KnYGIG^S(d^-HSLyK$oda0ZFa z_I-Y}wzC91cBkY&QfKaw{KCf0mAarGphfWI7kU@++<7bvsvZ5SJ zPo!hiZ9&v;Ebzg{Nidi6f~h$pLKMq%IzM-r4-T}3$}h|TTbm?DF*}(7h1NjNl1wG< z5pW<<_kj}sEef%VZ5)~|T@yBKv4OJeAR|ef3+w{L=RG5A#Jq`*)POBJiwsOf_1IR( z7|ng-tdd(R7jLBjnLbzD!S+h{bW(B}4M40atF5+!t+eY?QiFDS$me4Nqs-WuJezJ? z;iWeyY}>jlt9j9P^qIrzGV&fUt-c{7x5gXSe1kM}GQV%;2_|H%d_P_Zznp zqXvuUlr!j^5?vPPRFwqa8hH)7TNEI!(ZUgMR45d9ExPUC+KkO(#jBskaMe>Z7F20W zdxKa|PMo!(UpSO+36q=Ab7?BT@#A5u|q|o zty+AyqTD{em<6;`7Jax41j$6N#|Tx*T0ihVKm};a)A0% zDV2=0DM{=H7?7XjHt?mWwA0cvb%O}xx)N6`om=0YptJ~k#C1#Jr1Z>ZWYxHI-=m@u zfLJd55#1E8O1D1kX;T&+NKx(=?GIc)+Quz6*?_y_YrucfQLtXjYeq=fhyt%vwKWjt z*qu3NC%b|^*fPG}hTCETJY=9>o%3Q>C_t==vTiL3l`A#nFeJT0_pIx7QrGqw;DXMA zsr^y5++!N<&IM`!vWJKt@yjj*Urs&=Y#z9=!ZFcV$?dN7M!@m3yn^0k1k-A7z_hR8 z!_P81<&yF)0Hi|4U$1~HlY$sVY#S17A3*zED^kwZEG{ZC+g5BmA1*aknwpz1U+09e zSp>Imc{&hvK;e6b`ZQ}s59t=0G^pN<>KxuFr#S`6>_5r_q?mWEgXY;We~}=KI@?>5_BPdr6N{+UijNmQ#bP2oPnVcR%RSGwCl3 z4&kIgl}|}lTd&sEJgc4CNj;BMh5k~GsGPUmAgz&8s$*HZBDyg9c4fTNSXd`kbD{l@ zS0|9;=sJDdvNEH7?^ovr_L3dx$F0{Va}I+nrdp`;@EawZ&{mzN2QRp8jGVFd)j_&u zfK|6ZQ~PVqHQ<__({5Yy(aE8)9go$E$~(Z1rM^hBcDKV|jE;aVZj?QgX6Djq4p$f9 zyjBOQxX!!HJmKIav`wtB0PQG?%a2(C-Hv>L@V_njm_NDUDJ>WA~64Nwkx0&}q}YRO}>MJ!+(@t2r=K#DUZ*B#UyP=ll6##(>8^e%+}|11V{ zWak9ell1h1zH%HwWqoys4WrgogX#5*-YD@N`|uf%>7&iF0t-sng}{_$1h%b5)t)AF z^{dyF*6n62c8*?YHLLjnuaFdi+F^mE0bR&og4+7>Hpm4Dnf>vo$ppHbfp>Tg(DHAn zLr-d~b!_9Sqh>7ek@JQf>OSovS~{zC#{`M|NHMUJXC1E@Q*2&wG%n|52?nVGkmkbw z1}yiRnF4~0-fzq8-$1Pw@u@R$^L81bZJpxK3IX%k;gciMs+_D~vNoFx&NWsW?< z&*TW;=BrXDpx9V8Tx(=5QM<+_G>{(6k$Xujy8Lv_XU1rmwUMjg`0*97%676#HdY0b z8b*L>uk!2#p@?s88OJtg2K62fzpPq_;-M;xesBpN$5G$2AsfH1w$+O3W+b&qz_h4oK)v#+L7`300*DwQrX6F)*Pog^LRFnV8bn8#&IhLci_IV2kz+K_V<6D z4UmXtH?UitlDDF_JZfb$0`0!Ntnk)FZjQbX1ce;}zM2NkqELO_aaflrM9O{T zL3yCIib=edOL{!x)4tMMd6E}>|HEjoz$qU7Z8I*UKh|-3H4H91(4Nh%fBBe|Fym5k z_*xLlR8l%{{iUMzMWn3-sHV`zmwnCMxw5^`6~HL(hFIS%swKkKlA{q|TT?^-ZWIxg zwWQWl@3Kn?cG?>lx-X*oKQ-a`<#PHSQ$GbvPi}YNIv^-DbOteXvf=~n4R*vx97ll6 z(ziMHEC349!w6=vZ;@}F&x3AQXXD`Ed|JSM!z$3o6*NsN+Mr;1OU|g2hKDfLRkf@8 zps)cTGHQ5)tx6fp(<~1=9nh=lU{M28?~X35Y1sqZK|(izLD^?FL=Ze;+3gE}ZttXA5K~@@o`c~Zyz-U^u+mxQDU76il;hDrs&%ghT!|J`Qn7Y)ThPL30Y8FQiQUaX%zG8l8Ah6EWk5 zHaMuc*u@I2n|Mx72z9BG!BM_Cr;e4QI0DVJ&>1_HZWlzLOp57_|7 zi~LbvsNDqnTn%Vn&&r?oZO#wJ(Ji4n>Dpn!9PHt~Y139pM?!+4o5MpK93Cr|Phr`z zS{E0Z>U^Hi$v*g^*az5Nf1@U4@uX*~eVJkUhHkM)H_Y^B(eAY{)QQRho%O=W>}YQQ zH?7+1ia{%rdoG+4N0p9PoktIr6-t1Vk*|9JVk5^Lw_G#}$_-IhD4R+F%f<-GVWRxv zj#x*a`Wky+_7Ury);~U|w&K0t7Qta(q_iWtO`I08xE)NS6+9G4wcb#eARjD64B&y611a zH96ULyE2e9f>`h-QtR7qkYD)tCTqtpI8Z}b1x=zBX3+q(^{wobbE{0ts;`Hzn2SNv zgkzGVr&Xr(e39<>#u%*DqqBR5SZRb>JZy;IKU8z7GT;7O-1s~OD!VQLWq+{knzi&R zfoO-!{)z1pXp^8ix~}V*pEH;&ZXm%;M972A_|a`^m03x7a#p!oP&_G}cbU0jyVx8Q(CM$GR9McIL6vI!OrT)m zmi21$GvgvxD8Jqa=P4gAVh_H%NqULO_yIPoz$%_d#k zdc*nUe9_BAaTis9_*4zh`T2p{Vfit2pyFzruWIv~#Xs7LQ0;5vb&2Bst`SWi|PAO z;qC8S05uJ9WV|bbV=!{M7vIl;?pTF$;27PTi!4vKUrB@)kTY)q47RDt&D4d;o0Z)SPO3*cd+H0Ymi_H)gC%Gm+3pSro586*2? zH6F?Tw6s6H(@($o6Knj$XFrkSe?!{?#eeP8?Cm*C(17N11P0$o*ELZslZ0F_X}1dd zPb}_!0rXY~G0HKAc%YFNpd^9JU=ZPZwEoi$q5PlU{nwv(6+-7$8bNoiDv9~;BmXZx zNS*<)f>)bF*IP0XzMay=9o)YiSN!|fCk3EN`cLH@g+h4ge|@cgKG2I63PSrt@eb#I zRo-j8vm2EBABU_|0>>^+g9aMu&xPs!`P_f~Nz7F!4dw*e^xTwh+D)+juikg=C{*|j zI=Ar**8JT;<%eby|MfXPxA5Pj=I0jvn`-^k!hc(tpIZ1YM*OEC{Wo{<(--b!l>X_e ze)__HTbZA5=HHz5PdM{$EAtc1{F~GMe*@0Qt5OxZcb$^S69^wO^rA~a*^sPz@m;59 zs(HGEQZ661zt!g-ZjZ2F_@PG~w0C!)h+_q$y>4>S?f>N_KRpaiz*;@T3AcL&Qo7ww z{R(tNK!o!y0i=-;LWjPOu=All z2ShRJVhb{PwrC7!fggYb4azI7-v9Lk7{8Xj>Gr-*M1Bg2dLE)NdGS$)_rJ3Nc%3e# zhEL3B%)=Nq@WrmT7Bwnhl_p;oI`987FBDk%f$lby=l<@lyNgNOdBBX2R|&6RAb@;j zG`aEtbVrsZV|wux%_U6UD*^itB0cFuKW!DA?9*Un! z_5b6gs<|nAY_AsJ|9c7Bl3SXR?hW{e5yI2XMNVhC=W8&9xVoa53N8XAUZsdk>~`#azG0F*Hb~@nSroVD_+MWJQd))Q~&wqDbLbt+7 zh+@C$>;78Y(Hrc+PscAI6=D*(_LdADZ*TyXpeApVt$6G1c16H{{7ot~CH~yE$Cy+@ z8S4Ff$NZU-5>l!y_DsdvjxmS9bI;wYy~GFpHUFx+-y9`emA4U7I~I{TDE4N%`QhJs zOh1we-WRDP7ec`t5n26FW%Kr9%v}L5n&$H-C3HDIB>u-&w=>GEdzx=zjlk1Wx@k@DY z_}!i_d!do3A$Zlqw|x^61QV{mS9NEPK7e=XV%NeGSPD99LwMCEyf(I(eGL|*`wj6-)~6RUGw{CU~=Pp z$RpO}@SYERc?=cwlO|m%^f9$T+_GSca)Vx$k(-{CfE|39X=&;9fY>?-XOtWKq*%Vm z?lCad0zWG)WyW3ve`}o9H}T230JVRCB+0|y%+t*i1M$UU(b`nx#s7W%)GQI zud>_WCnjYq>z;6R@#nhR_fg3%U zJ_cH|r+PNoi^=fI`$CWVQD9p!$(PI>JIth59rQ6CrzUXbN?I7Bw~eBW-VV~?eTX>A zp*U8rG@q0HKBi5BWxtFqVXi#Gsf?efp0NS^uN3&GDPq;djW%E@mJu9!z~349Bmx`6ENsL0~jsO@T!m^PmfpS}rN5KO!8 z9fO+H)zt3E=FSD9zh3E#IRq0V59-ai$z$#d8=3X&>T83^@3C8woRPX-Zu9%F<_ zoQba}LKW*p=uZ2XUPH<8vB+Ct))5A`?b>rDR-}`YqKT87c-=3q>OmNj{s4{DVgrydKcb{H~Q>aJ04UD$y(Wm@L9xBTd5^B43g~%b{aVxa|I)K z1SS>np)NP=(`abF;~4g!wySd6*N?T-j$&*ZwYqXso=(%wM#K45$#~6g2zBBT`#;3t z|7=Cpjz>hE(K}I407+l2o9@wktGPF4eh;6rTMj780G9Dp*FS4%=Ul zkm6sENWz#OsVjF>M8&iHo+kW^rOm(Yl&fbgw`r8+%SS|!CAK<-gH^VZ{lri^#b~kV z6f1+3(`i;y6*_-!&yG>?5`qLJxDWA0*Z6zy`n}D%e?3M3SfKoB6`rS(Hy()vOZk`y zbU9oRIPmE)#^a0VsrsP$!Q9Wr8ZU$wE5|n^M>IsA>zsR`-Tdi#TX*hqE^(zU&efC8 zg>GPjf-Qn$PMKKUwVb;-T%>DX_bPzrZv2h5IoW@#mo;Q{@7ZKeg`3Fk6W$oj1M}=) zy{@0I8fa2YxEgz`Ve2!i&+8z}Ei@2S5%5~REs`lEa1V!>)iRArrRu!rz z+fy}@pZXFoHo7U|aKiJM)PFmgroSwRNHOY8KelqS@$4c#B}y*dQPZCp*WA4pb;caRh-*Nm_>U<*Sb4i-y+-Wn$XzqT(xvN-P zxy<>A1UQR^Er%q&byeT^Kkg>jexVpENdAENo(zY}?Ax0AX=K9}_YJRfh5T{IXm&kA(?Vb8a zQy&ub@S=p2HNm!SHc`q=+M?8oB4)mx3_kzVZ6Cy;wAY3(PCy?b1esX0-(5yBkJ#Bb zWJq9G-=U2Gt!j#AYlMj3V%`CaX7ixY!YlRYC-l=g9H;O2LtO8epcBN~872{J_Rc{&#UL)^5O z=p$;eNAxGI=w5T|P~&2XSiI^bpDiC=+>vtIm;+d3Ue>xxb#;Qo=d$|DQ|;0PQm}o` zzbFUv=LR1+oJdrW+CTV3axZ5(pupp4P2xTfg4zntehMk_1y$kSVar&D(knw#A2Z8m z^W3^-`yX-EahL;yFskE}$aTQVo23GE03B&c6ul?uHswrvxWdL}LRxBUv_xk7YtAR* z{SHVN0v^XyZ5(_AGE?`n5KYV@N;YCaDpwOM+c-2X{N82yNX#K5HNVcOS1pS%B64dv zf~_V>9_Ce^e=tb!IScW5-4Z7ML_Qnyv4C~!(xNJ>=j#Egou|atf}P7F3(&&EypT)& zng7tLY{;D17I$PLqZapTRo>ANT_8eEV7XzXA7{05%$4F?#oF~9n#q76(<*AV^ZHQw z9OY|je62}DBs`ek!FKZIBQcsq+G*Qn(eX~~AUj=3YHDGiKfsGYEb0Fp3;9P4+QqS`;7zKeeuqd5m$s zBFmMb6La(8$LE6yF_vy}K8kg+X*IV_ee*sYf8uv#sVrIwRsRT^&UJj3U67Penue}8 zvs$9qx#@s=;VruVSQ!V%-oT4H9Hzq6_pi()M*0YS?e-f7KG}Xa{-6lab=dpBCltU5 zuvV})O~^kgEbhhJJpXaTXY5FAz_^~2g`Cw>wZSM_NhefD>pR(|PRF1Z$RO9h)JfcS zjG~MYeB37cp?AFkv@qO{G5Up(OF!OuK}K2g9O$J(Vi;vZ`K2~%t%PoUu~r^gh5YIO z$v1ryHEx!jX1-)$RDuE27t2*Jg6%pB7hqv*QQ|ZW<>?{Xj!sb`=V7?0wm8&Gj~Q$9 zipNHL<*O;X^6@y?z$c;gQHN0mUR4-_qfXc*lE-|sT-Ta%4Z{o(NI zH{c(%ve3tMdQfZSo!R2%%$-88H=hb760*qP)%QMY9r#n8p}))+enW z=2_=Awo0k-TzT_X>s8@WJ&wVyy?KhYa#Ja~;>5{>ZlXSl&ygy2e}IMsvC6q1=7`C0 z$47Sibvuia60ZSAoc=xBA-)J0k`{5XVddfuMJ;7X;sN!?F9xqacp>V;?;FkCb90bY z`&4)Ps(pqrg89Iw1|iw5kcpknYr^1!D|+TDPLi%=hWf(#BD5?zg;YG#W--$FS=)KXnB^%gg#7nPkY zT3A*NNuw>zUS_*mF&k}rilBx{Ir@m5*_4e|UR8&uxZ?(S(cWc~dtTz!U0}@{03$HW z_epHOC7uVCcriHR)-$oriulB-kFhG}By^EQwXJksl2@Wj?+ljso3vGjC67p(Uu(;) zkbL~fyiWx0INCd7-Xm^u@%OGTSbzI3wGRbg_Nnvy$84D*_}=|-WZx+D>W~@<0W~Um zyR@Huta%E=M%cvf*Ul^$Q%SzEt_I&lWxL`I(=n^oRi^VS@_fm+;rBlx+B$4qm9HjJ zOitbkXZ(QvwWByb@dZMyEw|3TZZ^{PR9|tCW{)FVkLh^fL4`;%xc|))-*2|tg;Dl^ zn-NR&>q9Uj<7M_cYhlidwe;|w>l9HB%aSfEPiP$}P$6h7-|-&y@9#JmAnDoCt{-o8 z#MObHDJ*vC@?#9jKP;W@fHFBewkMZvop2q9yfKPRH>HnT;MfQlflC=wPDUZ9|o^EtXg?;X+&^&oxA$H z;R4SBOToMHlco*v_%w_{+r)UTWPWXV{X{}quF1GT_901pFr)C^wM}~fa^x>)M4I9b z{+^qzJH6EZmPb<+K#1i1br>%O4;RJsA=Zc8wK7Nh5F#~HYQg%h_hK*;tnLY;XW%td zQNg2Px|&+~RhP)%$qCN8J(%`Hjef)r8s;#VSoihy??2uBV0s4{=HrjUp!>`xq*+Qa zu~Dhv{ygK7y4^`*l{X4%1Cmj1W~^E^sqq>?^ZR4AdU8mhsDMD_qL=ojxHnu)3U~** zIEDx-yqKkFamP~add34-amPp~qZu#8L*qQA2F%91Mc8yT_;6usi+=7H(7EI)=be)y zd)ol2z8*u90i+jyx1#Ib)AxRDssT-=@yE&3)|<2Scc`(cbxD^>6aG|t+or@%d+HF} zUs}7kOUUk+HoW`z|Ba4fjz*wQH3R(!E)*a*Y+PSHsG9enrEOP8C4wYtuiA(mQUef| zS8o^d-eaxi1(;E>y8Yb&D_<2Z8muWfXO1<$%Y(s>WQr{x0<1A6!=axfA7fro{Uh86 z{QzeEPC!DcR@cmGKg1p;&u5KLF8w$zW~JS~(G?z?Vs0bD6#0v@js0&; z$FBsahFk@~)~e&@XLARvDB!3_KEqhC-pVm1U6F;bMGws>O_)#X{$-`S#SIV{B^6%9 z%&P?q2pgmg z8)*)Ij)f}riSTr5iTrVC zbbSn`bN}89sugJH-NX3&p1+lDd$7;E5G~xo5D__~inR_> zNH`T`GI*1E0ewvB!;ra_=OYE5MIK`s-2O_#WC~jxaiNt{c#`9uzM3!}m{jo|1jy5E z+H`;*5Zyg{{P#>h0V5Osj2fTqKA*DROx6T_7I}hEzZxKk*T6kiJ_K*lR~DAnT~twL zUNq$(`@k5%#%NOrEoJ-1O5q#zn92=z7GZOG=X*JwLRl$IIyTuV$~z4+|HBbjK{FkA zjIkm}kMFm=c4sf5`w&4k#@%o?eu9JB2V4MVRTFc|Ml8~*cFjA3^nuT)*2jB;{E%Wz zRS!4n{1ev;^>KX&UipT!%-E8!Cduj)!-yMKYP8>WncIh>QS=d!i(O`<9~U%+0EHc! z>su#xgVMRtIt$fy#U|TYZGQj6tRPY91e5NSwA}wYJFeU3LM6ZU zSCg^$+lR1aF&B4iP${!SC~KaF#Y_&!RJRE|mOp*5He>XRS8d9pKNr_R6u%@-lc?&NK+9kC>?^*lrEu%BGRMZ_8` zMv}Yg>Gu+nR(>em?b=BFKa25WM`{WH!+cym<0??y%TIUh;}r9SgI00o+8m0DyEkB` zMxMqV0K*MdJ%o9Q1&EIP8I#O;)U`gUm%Dz$?sT|axFk4o{LTq+*GcS@h(Bj~%G_je z-;3#sH2z?EFV~vVf9%R1qh+Oo$^3d!(G)k$N6(gX-WBct?U9^#`Vn4tn}!Wd;L(%d zKOU^+s0$Z_wxH~M`W9A+5wI9&@;(hlk>>IHkSrX4y!zd0&3QzMXI;I-kJH-=j%F`% zz{gG_D~{9Ii&gZ#MRuupth_0~q@@Q8$XmJ$X7WqTd92>EX|b@ulUD!>@lmFt>|;d) zEFscTETH;)e>z8zilRVmm3yXe>dex{Qt=HsrPU2du$X+{WC=~`p^q6h?q=c6yBMDL z?gN-Eb|WtC8Zex7-Q$V^kk{Of#Uu)tbJU*WT`V_L6oYz{3JGQvE=woyiAkw_3Rm_! z%wCQCaTjMm3XylOmp_nSwxSg^b~6%o7;-4=D?Xo%c=!@1uOjo!jVOn z?R-&gEyrB+1}``tA3LWwIbVI(Lktg&uiqVId5XXUvp#H}`JU5vk~gM|T(k;n_5B*? ztLD{E<38>%u!4QZf4JCkyn*M4l%nZxoqTk2oK;Bkg?9TK;DMKy>6G!D$p^ygB4BQj z$6;2mO9>ikfzbCuZ(RVsL$2VKbkCkFo>{t6vNI*64D5jGP48Qzvo?2CNx$8}!4|zD z1x3@%Df7bS9F(W;u;)OCKRuvu^rjXF!}S3Uc0Z_|ephjhiTB6MxFQ|S1qRgdq-WSG z%s7r*DKqx0nqR(9@>KK1bBC1euBSrW6Hm==+cI6icQOYXvORC#Tx2%qkzT&$DW4hi z648*2kiN>cwwOr>Fqi8w?ZD7&s$arS(U1iLu<6~Cl;~}9nrTSrY=(Wu_}vP9Y)9#6 z2;vxT&h_STuke8?<+Vjc({CeugIeLoMEml#)Xw@SIeGeF=N93`;y%W$KA90PEreym zwOLeAVYJS2AN^kcCESa)+2a9t%tf~*H1OD$@!BMlHfVKF^S}}5&})mo=INK-Nux+d z7X;ShZ*^nbA`5)ei*xUsI&vu4{26?HH@{(5o!U)Rnsh43=VSLGcrJlOkX` zQTEv_Io{8Jv%p#$prO#t|0N2Y%A{xS8(a*B&(~af#dcHv;9ECwMblH~(o*I02}OZ| zp5L}<5siU}f|p3wNJvRzicp?(xYK??u>%O*iDG#cZ-2eP@*~rhw=sauN)5x#*^Ekx z7ny93Z3+(y09W19d793AveIZ<+8k`@0F7mORyX-z_^G|GKsK+l?+)x;Vf5))VFxghZT1?Tj;%hs7uw#B01SAE=6erszo%HC< zt%vCX_uC$p^YRB%1*3#7=aD=nZk@48Mes&ctX^%YSS4uftxN!6=mS@?Qs>|O`cJU! zvus=@w&NWv$Z7NP0vxZa-DerAKbkS$I6kF#wR-$+f1yM%jm%@A>ZT+cLX$I zns>;<&}Hd8+h4@ z<;UG>=7krl`~Yj&^?t!bhyQos&CrVJy4nUjfG4(!is@0$ zAt^9l$;^n6uXLZiF-aE&C$4y1k)ZPQ;BQ(L@eIFjr{OFBkM&P|=bZtPEGw`I>fFFtfPFLp7fdGg$5JxI^Y~#bpawXAAmZDE&T&lvh1U$hNuicj&{{?(C(VrsfQRM|Pb{8G6P94G zr%^-CL0clgILMd0opqgUZ7|ECg}?DRG#LZyJDz~lC3({mpaV{;7_Roc!<`jaF~41u zZnw|V48KuhaOk_|{Y#=JPdj4ln#bkc)95M8@LFyl^$^(89mzkaIS+&{)_sV!5wh)b z8cq4BxxY$Yu{X;#uwBOYDc)x@zS2Mz+ta9N`ld%8c_Z5*rKH5z`_%zIdjnVCI~nc` zmMyIWMWDw4iN}>E#J%$rJ0utOVp91m(PS?E1{_;7$Nv{r2yqALeA3cl-Ee81hau?`;q15Q}z73N;TK8z{9y=x)vN99e z4KkSE(q)o?{E%tIsrF6NtQ)7x3+@=^j{$HhF~xR@0^7Q~(UYLeW30i3l|PbGoQ-uI z5wyEBpoNU-IPgCJc>t@`ez?H-qcp(N1M~eFJ_#ljl~w&P32dVI!$H~FTUU0%DgdA zE8nM#T`!L}7+s|Yo-}{Rvwk!1ta?0Yr%SgDvlR9YGArhNH2Ae*m0Tf<1#+W#vqyeB zQaAZu#UXtP{RT3=lP<){!7zUNx)_di;|c%>o3~+?;07ZCkhydCa_m!Pl@8zTp+;9X0NFn|LJ!jT0D+zS`)I(3y5~0h zg_iy0&1A*;Uw^b^uC^y%8Vegt>=M$8Vc~44fI}=e{qT3qcHWg*Pbgn5fA8fSv|Tl; z;*G~LSwZH`%MTn0FSq_IBha@fZ))FLr#zB44oUgo8+9YL$QW`LGL;IO@HGU$j*d(; zeWF-EOB9a)L~{BjiC!pZe<=%uwTC6x`rE@Sf#Wvpu8>`>-|w6~KC!0|FerscNuIZb zkW)Av&#Dm*?u2FT(_A(ZvGN6zu1oLuRoZw$%9TfSVUtTM)7nvTlYVhQ1+WAcp*NVC z{3|FjvhQ$A+&p=aQ5oU|t!@bqgcX+DAa@EMwA6&xe|G(FhB0Ojo8kY0w|jHxBe% z^7P}p!1e+MBvInwU+Qhx8Qfs)d3&aa0sMZw{F7Ihj(d!@lt*9=0)Wlj zwu|`!clz@6>hYnVI}XEj5k(P|Lf=hKy)xU#e5!0TeskrWQfeLKAxul$<-cU$J{IkF zh_SYPF7Ia(7d})Hsq2tO{8b=hIBTh_a%Sn=bR!O5`}h~z1kg8f%tOe)Sw&Ih?9qux z9U&oGY;v|^-2aFsz&4Lt&o{?ctjbzX3>!(ab++pP<7I^n>C58<0AsB88Dp?7mC1DE zi(6H^ZoYwPLF1qy$EAo0>c9cPN~;!qfX+b52^Q1UP`GNk6uN#(oE7t{I3K;+!P9f_LEyO8+aQ?!H6z)(}QVpkMZB1HwHe%{q zsP=x}w0CwxCE2z#m;0$&>+Jt1CsYSeEAtBmXFzr`0Y9#YzUb>Me|N%gog!mPq#p++7UVXr>6tyIrsvw<;g|yWp4Zrbufag zE$yXknyx!b;{o6C>xeJ;eE{#fv%G~cfp~h|`6%P}I1XtPs|p))^Bc{)fadcflEfBoY_cna7w8MQCRSNQfc z8;@qwlIPg$y0*jvJ_um*G7gfaqgPux?MAP6I7How^~=cEARiB8IF~laY~bpdI{RQT^_V5HuP0Q8 z!FSNNe9?4{U5CF2Q5ZMln)&?CMwfrjf4JliKpFruYZ8?T^amV`EzFR5!IlV2R3hBY z(K=k_O-KDz?I@o0OF0qVx`hdgD|KFdPRW}CZ;mcsWE4{o=C;u3d&z4f#GaMs(qr-Y%tgLaVOjAr^s)tRw>YZlBo3^VDOB4JG!Fyu$XRj>77lXA_ zL4#1cUir%~udoEa{h1fcG8}Sd{|B?N&Yww&nt z^Yt(YMPPtI<;=|!^Ts~2*?ZpwAdLoVwWF?1GDnRZOplBIVCp)d=9g}44p4d*ql$K~ zDUkXKoBK%Vi~`K##>u#obWl|tO`dz_H_s{;g~8B&S>mDO>KWGwb3c$;e)3I@IqC#H zo89#1yC;lL3qI96{%LgjXT{S*&WfFCpS_~%Kkt`u|-2xkK{8T=Wht8bmf`b z#rh@pPFki@vm%V5{RZV2M`PDrHN-ut<}~`4^LY+5F(c$HMa1dD3z#^VoFQFLKR@yx#`^YsoUW03d9fhueW>vETM4 z47t37toxPxPfP>GlU@viyMFoVbMm)Izta`s7)g_S#S*t{nIKs|zx|5`QgN2kX(NVV><{+M`-SZF@Le=&Bm&*NExG^)rkWH&ywjBdRe=&UZ zNDx<**|%JBs&+C4Jt1>hfJct%QQ5yQl@&olfr0F>2@tfw*(GtwCw2pgk40NkIn-A( zTS+nt#}!rHXA$VLU?<>jPVImSiTbFKKi^yMx8d1aSeaP&mwQUD1b)=VBn7%njTbOD zh6Qe@=WgBXm;pTH+o1~q7z?8=M;{L{od90oaRdO%nCN^F4J=#dOGmq`KZFJR3;o9pbSBO zWn%+X5@#_DG`tO`Z5&?2-mC?02k@QYlt0~%Wl7PTO)fYo?$2iY++L1})A6^g<)eX!`1%@vaobn!Y>rM{*6$&(`MZlIN~{S zg*e^)T3y*U!T!+D?){;y8>9TJAOZRcqY1@LohA!QF(r4>bL)gHYpV=KH>P)4hK}e0 z=z~f+q^DS5y9Cf;P89@Cz^PiXfOP&1-mZ7D%4iaU*y}`^GGLi_o#i!54k}IC>&xJv?R!i@ znVJ*cBdE3I zbVDw@Xy?^|#(3uG!~hKs%pX!Yde=@9Bi;eO(p^0?{r3+0Gsr*yyk=i9vy7x>orA+6 zpSZr%O_tot6(8VBxD4LN?rNbXn@q`lzo)4}RF^!-*_Pmr2x{+@p#-Mi!j&(-H-6Iw z^cBW{g^%+XJyLS6N+6qIfBSwAj-p!dgV{FYNnu}iqE`B?4 zf?mqm9}phEg2>4PUXr5V~A(=Bh=V3!60;E}k?=WtnwlH*dUeVM55j4AR5h$~L zuk1hGT_i0@wVg8S0~fO93@{q6o8&kwHEWA!Vx$RNr4CF=3- z;q2LaYwYk>EQHp!(g}_9VbPwwgERnhW4}Xw0824FN7hrXIeD?az$%38`PSx?FDjv6 zJ>Z$<;dd&LsoZAg;JOyS+#-z6;XE=!UI!%%yKODaE-oK6yNB=XOi7{34v(Hs0lV+3 zn4-$K+8VuDtKS=h#b0=j7T$K7v;Z|XjTeD{0b}PQ9bO(jatsE_d=~W$M$R01_;k<2 zAIko64cjX$hgai04Bvl$2f&7s;xugWl`pbG@PctV3){1IlLj%y13lQ37>xd8RpWM4 zVKRALTe@eUF%ympy5*~mKlo^`!KLQ`_kDp;VP74%w0J4aC}kL`jUoz`6GrQg6ig)* zxx+qKe3*63&`TlR!qolSzYqPO#sJ9YmDWQ~jcovlji1i~c3x2cbC-62Ojg(hyr6|x ze>!2FI`4eU0Xb@m?rk^&sN`mgPB=B3a)%X=ox%{IgW0D=IbBKEX^O%0g4>- zUo}_vMw%QS0Qh05`uU8jl2mr=fg6V&307aqFn1XAE!gKc2(k5-r+6<+TgEQ*P~HLE zXP5++s<7(z3COn;1m0Nt8|tJ9Xm0MP0!ZjdWQ#HJrsWuKI2F(*L}N3*1&u3l+Fi(@$uo737#ZRzu}1g`8}yl++XU+1<{*ioas$ zuRH+_G5bI=_Ini%vupeB(;gx7^0&?7$B=fh7Eko|m;l8|V5cG=fGw`@awT67RC0gq zCEBh$QhZ!94Hsq@QQ>rR>v==?xQ#)dFgNxPl<#!rwp%pyFkuuTp6J_$r`K2HHw5e&qCLvjjq;dFlma1F-* z6TG1#t3h||{ODeo@S~@sXF^u6x>CdC`a1W))k>dNK*UQL2NB^l^kj2vvR{rHmUd*% z?WB#N`FR}yzs=!Ad^|2Xa*FVr!GS|r(Ku}2s9T!oMBS%yC++dOF=JZQ?;R!pFDD5= z?gAGJdK+Y;O$f+T;wJ6c=&o70@1Hx#nZkWSf-C*c@&~)Of!c#avqp&&kD)=I2UR%l zzHYUYcV!m1V$Fm%!`4Gy=yCbF7kQ+sEimbO#&W+;-g_XAG#YNmMc$KYP>ihUlh2fl zw4YVl?=bnU>R+gO9u0B-fyO8Q3yrs6>M=bk!{7*5FRNM>w->)SnIr9HqdKwsRD$29 zn!s`1cwjE}MkvXU?4gD6T<`I2pZycyyh;%E*4+w7W6h4goq6K-G(Yd+>;#wLe$0i3 z9D?Yq)=c9nt>W*&=^b9^MyUVERHWKCskz zrTW^KEL-=;!Li~%$oiIAobufA`$gjhdPNtfR!dtd$K`(6wx zGbJFIy%OaQucy{j8`m8N6(VH$-Z=^wKku5>-uS_ZNvo5Ek&dwpj(#$F zfVAGkSR8*|I#K{CkH}yM1**s3=_=(-P}7p%C9RN_V)#*dFAtlNuJ<#iH@3h=ymv_T z*PnA|Nd)42D3a-6hKmLx@}<%0^gs?%1+D1O5oj?2utjuKAX87q$8&&YJa*womXJ>; zvu(Sl6PM^nQNW;@TnG*c&YjGRtG`1=Kqz5cIOe(pnRwG9BV-=yci+vVu_trZ;?}Ip z8w61|xC&3MT#$`RYnpF_--Nym%E-&Fq)V#y>@}ukHcvrj^XF?6|2}?x)Q}0L3#s}E zSr0fKgrX%2jjek?RAa`RJksEoj(?DiurwIfuPm@#HeQxgS)2eRoGUFK3sd$Ef<+P# z=ki~=q$!JoyFRG;EVmSI_YwJ*7T}td{K)alQb!2VxL#Xp(VAYUt(m1m+s^j)!h{`AkCv!)Bki<9WSJ2Nh;oF1N{b1fFEdLs@Ps0BK#BV-2P{gO<{92@dMbZ@aIZOw`jwu7 zi$fO_;pC#66K;%7g-byu6sMc=%0g?8){Oj3Kotr|JO6tSY#r!dR|h#=b_ukqD^Qu+ zc*ne8pTq24<2`?A#O-m`1K`eT|H4XrZ~<6J73P~A67@vO8ZDfzYLy#kAzG?x@+HU_6b zR8m0G=dl`01Uox=Ahwhh#}iQ6lk5{$_psb+*o8r`QOG_rd4pcrDw-+x@A=7zb|v0n%#mePB{g6gIRTO zqxaTXq2RY#0s2FM+x;ul(gruN-Nplyh>KlJfJ?e#)3_zw-8_!IHgqH>PIQ7#*sXwN z`9$^U=*zRlVr(oOFt+F@vGLnR(}4K6c5;c{=e|1zywE#9d)BH=)2s2BmO#}=Zxc|r zZ(lJ#BC0s~`dZJZ`W#^B%~C3kV{=3YOClY`*rM_-j$dco3tRV1yPQ1aIIWsaFUC)% zMJqWVQGoe+EGN=U-F!0e%AprQQDa=43=pr1zfLX<=>g@6HMg8%Mk;Jw#;@rD-kiV> zy}U&+vG4m(wVHwfvU`t#7!GNdO#&o-BC-}I{i_pRk#CQau9G>vGU}g1=@3b1z;O| z8$mDQ8=^_m`_3q)c?`Wi2p;u)Yw+@APd{I^?r29WQ-2~`PkUXP18Le4gEchN0Pwo6 ziU&QxHb^UYcLwb~$Z$tSx@Y^y3b6M%UMcaXwGJINHK3x6CJT6xP-NW1$qv+?2GC^? zqRgpy71K&d?S_M#4H^u$J@_vkH3bmiWM1(vZYgE?fpJuKN!ta?Ub+ZTGs^|c&Q&e2 zll)|t|79y@_E`7q-sfJhQ9k>dDX0Ou$5vU8Z@3NPyJ(gB;Hdov0sS9!p3?^gG!RcO6-$XcXfs6~bPcYC>i zg;f3Vz|g*e02vVi`{Rut|6v>X;OX0#gFe2%#K;NoJYkzwIUDV$-H@=kS>H*+D+4YE zQbBluFV#H$%fpo6yRi%xVnPZVjogyRL51%;sQ1#7>9$bvk1CXFV1IdcE`?eLPULpd5Z~BTzQrZg-DXYWdYL`-*U=O(USF_qI+WOIcw{npS>$x!fz-?HmK56L9@0uy}xV`58m(xY}EapBDoggc? zy_eGzz#fDG{K+!JRxR|lXH`d=$I3ha5zy^3u1lJxTlx{@HsiBE#|OK>MQ4)zjbM&! zBo!wqNZ2vDYv*Y$H-Q%xFIlm8K0xRz!09&?Q|)pe^xKma-a7gxkT;gFmg7(9Cghj! zPT(N8E;o;N;$I%2Pp5@hm|Ve|qGZe+eUpku)e*qXo8BL}%sK5k$J2^~Noxv(32l0M zv^O|9)}{>iUi&8|`(x>oZ-9-q3aT}hgahb1X3W=uhmqyAGUGLw>rL)3-Vf@xme+gs zruQ0#DSqyRo8#?`Wa-pof};wF)Jgs$P9{fiD9xE&7p#>+>Ei2HLV2-=6x!Hj(FV>1MY7Kus~rD)ML7+Eu5eB3#}K1hrr)_ zi-)yS;Frx3E30D;r7ycJ2+?88JyBq;Ze0PD_%#T2df4a2bpZRAtc|!`0u@#V47`~U zb-(`IA&JgiYtWu`m;fl`=1S?ZhMXhC5wTv0}Ar!pt5kv4`n+jJ4GQOHb394X4Vz( z9e!yYIa&vr_eoZg3gFg~?3R~7^Qa)xKt{T3#hV6>z0&velPrN<{>Qca;nW5}iAP3a zy>A-eV%;tcrvsAXqbe91aa%5fuEEZR9!-)1oEsI__^(EMa)4(TdE`{^9vnWPsg`#w zxV74IE*=~w6(=VLR1|;Sm&q*Pa?aC-FmJC6A^M_>{X(gRp1#^efeHs7m zxApUMXNA!Yqh7$cKnNN1j`gn|S~`IG@>@Ka+|33a%g#6`=rpb6)^zjF#s`2G0Fv1q zPS1$NE^+=m%!7{=U|I7|dLU_n@3fn8`7=c-=k>tY>vwb<=prvNP5j~v+))!8-%9s8 znsMMeayF^Xi{S5Vsb({GaBGs?6O)$@AhxPD*y;L0%mLe#KLcV6Gc$*ne-5EP_I4hq zDp8RLz{-Q=os291UB3iKm3==CbMyzW1-gw@|Ji-)j3So3 zCjqRcs==V~&t6oMO4}%@EQl>UPDPsTcmC?gmI?}7mxivNPZ9vP)?L1}1v-&6NHj$J z%*lq=(xfh3rxjIrN5@5f9_E*DCt%FF*Qe`r!1Bt!an=RR(SCGi`tMznjpxW^@Kr$3 z%jk7@C9*TM&J@Lf%_6w=C_p)mZUgVx8$v6dDgg5Gd{g|tdZ5rf@IT)Afu;x`@vLE7$Kw!tP5ZERqd;FJ`8L!%5Hp!%#^1PFeEm}{iX2+A z6+X(U(9n4ieTtE+dp8W07DVW+0P zwKs8rG{J0hI;pAZcsgxpsW`Q&eF1J8kC-_E6%uStyrMS5s?ICuDZFk#55aK7o zsJ^vfo??_e=`7V$%z#MrcBft_&sJ@hI#?X!>0LyeJE!{=T)|?eMOv6{3bUGMLC-P> zGf8SQ-{@nyJ>e2kp<0UTOWuZYyQM5tU)SdwP(+}IB09I!EEK<0-QeqwPbuv-U+ohi zD4=DbaL2ZqVyQrP{}t$z#}Ztcm6X*2Ewkwn)3~qusCl#*Q|XX?L^pI8>rIeWJ&N!~ zOj?S#`$u43heB3BABo4rvrU5VQ`C+y%IE-zw8ZtvR(Q3{MCE|dbTaRCmS8HQ26K#i zAhCdux$~_fI$z`aYA$B|Q!t>D(}i9=5}hz=*d=;)vnixq&Eg0lK3vJT-UP28j9n#L zhwVH-WX!&K7I=T)OJl1y0X{9AzTGZPMcJ$jn^V`D&{|>*%Jmp%2ldU%v8xm(ZB@ys zxsmGAAIjg*&C17mS~&e0gwsg^%Yt+lHJA5(;F=Pd!ib`&6nwdXchl1Tj(E1O!QWj} zT7KoQJYoZPBvqBUBMoE;+p*?UF5LZ6#*&@j^Bqt>CbMO0PHzMnNp@i~C+ zE7JrL%ilSvA6rSN?e?j7jQO{~se>JnEY#V->!z{hhJ7jow~Wa-A@$C0sq zcBOfpr{y-Z((c`cW8c^K09@>+S`lLPcL;RX=oxEY;7&pkRW15HzIt1#MK5#* z_Pw;N#Ji6&DHfB4+Bj7>vWtEeb|^jw-HATV8*J0&@L}DJb@EO~bOek5C#bbtrfyJj z^WlrYgH<*S&|G`RWdgpJ3@W^y&fw8>F;>z zGfpk&Q*~pA)1$DlS(Fr!I8YkVcU*WY%k%4crjmD-IR}EW;h@0*nIz5(lw?1IHBmN8 zTe6|VYP5z1Dav5It>2S%ILxg>!DyGDAw+ybXq0QkefrlP{?RS280=y2mhxBsdE5Zw zJbh-xNLyVzc!>+z6^zXmQC69nXBh3<-JNd=vL<3ULjAYb9n_bvq91i=ob}#K*qK=w9rV-|B3B-0n4GQ{?3RS93I=R=b!V6iCN-`+ z=7=H_ER7uFOIQ~JJ-60*!<1B)zG$EGZa@zuMTeBWq@sqgW+W4|e05_R^W3^dm7416 z`;HRg1WG969&tTJ?YtS;*$9+}?Bcg$c%@i78a%ND8k*}9VgC9?U7&x*&vBk63-FK! zK<@#Tq~1ex*FG*C2*#5%SPAu1sD#IE*=4*id)*hdmJ|mlY_}4lI{RpacD~G^r$caz zEgwuR>UOu=gQkzSdfph3dHt8>PPX;XA={>!EE+3uR-^aSUm|s8N`*aWJf5*LXK9 zjwstg&tz<9(}0x98P_meeF8nSe{!D%H4ze-L~U_NLivC1u8PE3U_P#V7E=w`c3Cae zRL4(=x4df^48y#{M+a%lcUifyR)%cZiZGEZzMn1hD_>7Tv8M^IC4Vm!AwA8HgftQ? z6RFp>^uyG=m5C7;i4vy1IDVBWHG&INEzGrgyqT?WIRnqq(ezCuvFT1;1bXG-B+yDx zCl;5XJFdhXgh%vs3MmNPp|NfJ2%UwsBut>A73xFpDsFIm@(}Ti`%o>)5EZtLMV*T? z4qHdDjn?c8fAR=jPxGW`S4%}bYNAGnL}@gl+Btt6&d#J#ra3-oS?*pVjzA>YNJ}ui zn$C*~%n*3DP~z4>s3m35$eMstyWV68876;9m2;6H$aV${c-OCoP!COSHgcRRT}?Gg z=PL0KpM%P;bvba zd-@OU{lF9E35|)QlA5{`r|VY1&>{iU$t22?E#UUNyJZ`8zVSwqP=vA%viKb+l?_Fl zgCurL;i{@l7LSps6cla+&l{{7yop6It#WX*LIV`YNP!pp=If;VX)gay6x!r5gbLi?&7q>SFZLo6|L=jO+QT+xS#gb%6>GsUP z3i7#oHejREkQ?oye(e@;`JfWMy-$NANlS2hRBnU4nwO>J&SLz^a4DXZH)ORC?a)MQ z8_2Zr-$=xI@Zf?wB0Bt#!W%+n;uO}$8eEb)14b=vmb=c6P!AZX(-MhGU&HhY{MLk3 zX?=YZN68{PV`Z}fD3i=BiBcsc!N6xIj~=Xp233o=1)&55P=IUe{-D9d*ugT}gBoHOYIWAKk|@s>zt$Uw|ZuHO*^O zMWIaK@`7vH9Hw6m$TQrrxp@++VujPxAhDrH5ta|rM9>akkxu8k&k1aDk+ zh!H@}>_n~Da4wuQ)iV_)&15tC6HAIwav~L;~-3U%e|+qNo{QvgvA?U-1v?%+zV|D52Y1V z)ookK*Ei_#u%O@kmlB>GfNoD|T^G?HpLxci7qZqB@O4y7O^@{j5+`hwdA!gHs)$!B z6twv$72Tl+VoX`AV2k5w>91ic(A_V$6vqaOKCTcDve2DY&sHwshQnoHI2K(K3)N7M zIr1wC9Cx4+m9^{pv}juEaycRYziF^!A`0o3D*^Du;>oEbH+ zFznRpT4SKMgc65rTed|e8|#-e8gZ{YKO^xn_XT|Y*{B4(C5oH~Lf>(rFR1%-@RrA7 z8FlqgyM!-_CJ;&_U8rZCQ*H2LaG z=jRW7q0`qt1)->Ka{Dq@k~J)Mj7`2jzKDW@*yXzsj1nZHNJ!*uve6>!Uak9VG!BFO zd}jUbKn- zq{0$;{R1emy2i}jd3~{&)S?v(hxzuXRYxB~#5L*XHRKjN8S$Q`<~b5H-LzY&5%Mvl<*FDZL_&zY`&C&d;Jg`| zjs-p0Q{X5!<>aBLNFsCya#I#E@TLcI;@3GC9W=_8kE0j*ltdv5LBjW|bKNtYv^(;J zR*ldgIdC5iO32K2_S^#bpRxbey5%8SK3D7T_*a{o>jqL9jh;zgE+z0+T(hci+4#zc zU}hvE*peQW0GBbxJ-e>_J3FI_ZE{dqiysd)h_WDu_VoxQJ!#?z9U3FbE}46%se!~- z!DQ2GiDxHCFR=Xy)HvXK=nNUpRn<5T6yp}dN7CcMXKq^(MphO_o8&xHx}hRug)pJ` zU2Kz?TB(0+Be+V`=9cLE?8On*bNdsfaV0mmubk49^?5I<@mo_%i15be?{CB! zR`4yCg)dMzZm4eP>sc(OXR5DqFciZV4PwtZ(95RIGt#omg8*8ekx`-N-EWqD^c>sl zQD~HzB9}nSOinPE+svE{vC(er3*E4k`So3kbytk~JO%w-Y8TEeK>1!8%FW(LA}2O& zIiyh)>%S2(k?3DAmg-;MSa*NWvs`swdI`zDO!aRYZQO;5SZt1_HIb$`qHU||ecEdH zO32;Xs`nO3AID=HXPwR}l3qLuJ*K+gByRpApMlhZRGY0d49Tft*3MqqV%Bd`OX@7ijg=Pjwa_A* z+@QeeZQc^*k#_tbk*rLdLUV|muaaG=AxZCg%P`ne(HpXc^@mit+TmdlSaSuljoi}6 zF>_yHx<}wLl+4SA}^ng%7-i^B)n zH9mS$V@j5YLM}d|Do9B|pKO8X(q-ZmVqagVwZV}q$PSrG{(87a*r0fl^2ZJw&T?|K zw`|=M#Xed$Czn)*oBledz*b$mDbY@8j^w+d2Q9R8qZ&}jB2%L)BCK7DA5G`Z{j1I! zMr&*~bluah3RjGz4`kU`SRo5fn>&c3n)smCh3AR|sm!DxwV9O_vdFGufY{%O(l>++ zap^fp-3Q1-uE9Mg;YLs6GVDawzhx&i@kBfgD_@wtPNhUP1#I0P^B#grf8HDmhuAW0 zvE`Sreg-v5>cT!mt}7I|rPXylc9jj`CJ~#Xc)#je1KW!e=$WNC#%ZZmP0tie6-ado znyS<&2Aiv;MS4(P4XQDEsa7Z7KA$Hh<2okaB!MuwgB>|pnorl z9Xnz!x4WazbbuqY)v}anr!BrwTNV8U&4cye-x_y-=5AJzN!l&?9jYF~`r1IGpsHuK z@)wAcG^$H=UPt%VuNFH*B{d#9kl7{{T|hzS_HnG1=IKF+YAet1{`eEg8}|jRuDMDRccx`6lazuC%VhmVLWy%4 z7L73J6XbVI7Dq;&CA33hrIaY+=xKuTJ*T*_kd05vP>Y=aIb!h6Lqd!TWou8jKZ_0 zBfI;Wm$o2GFjI(^U1-^015$i#sF0yosfCWd@_s@ zYmP37QF9C^A)-)3MwRl+8Y-_EH3jVsxk~v(?=>byW5c@LGkjD);8Y|zNK0-rM3mqGZi;{K-S(-zj+c02QmnIyV`{~Yua>;B=68~+HQ8p=H%y3hK^>E7yNgOc_R-V*A|P( zZwbkL2>VbzXNTcnj+H3C8F3Qj-<_dlol{fgBBfFKt*}(AVJC3D|GmG)Yi2~%x9!&b zMu*bLOY2gfOqLV`|D5pa3TOXa)+;e4#f zdy|q{1`nWtR>8MUDhl(9pRGn_UH)=fXMf7|{VFWKlA?ai75D7Gw?7p$lvxVwN@@9Y zGQ0gmOvj4*uG*aGPUTwerIaY|4%D^X-d3J4qt$9louIAlq)Q!YSn0CN!3Us$QcvD_nLAjNHqCRKoYQL7V&{ZIPQ)%U!t-uu3bfVC(dE6&= zWpmV6)=XyU=?O)PM?9rLrM9|fnfuzC4y=YJIGffLc;t3K#_dRESwVGFwa>S4HFqEH zV4z{_r46fooiX-bn>+%y#;U(-|4PuiZdNHd>`9_ z3T^pZw(&BSw|8S8r_&ma+>+W^N{Ml23(N2wc`1G^rZbv-QKV|hrzOYZwrFQ(Y15Ia z#TvZ<1v2y2Mqo!=t>Uitc&@G4{ub!V7m$U?2obSe9Mz>Q>2RI3@) z+477?OV%U=XLy+JY4hh;gj(^tYmRk04y;c#yzsp`jW~64FF8ZjhPm=LodLNav#95* zqvol1B=sh9McVn4f<5n6n@`#=FM(QcKm!O zAHo`DG>~XfNkJW1pm_CVDiCv~LQLrulzBACZXH%aQN?XJ$bnvfdO>uB5+f4BR$ai6 z(^^pYVa@V=l~)Wxi~DGwpr_ebXj<>}tp-eZjCW}hqWaU5n1!Rd%1b;gk6kKJ(g(ua z%F)W`PonvA(PuX&*7HU9EcNB;s;2{_rbr);qZ?y{**Iy%%f~t}8)^pQj4Z>u%Qw+PN4tiA@zs&PDVhw&P@e zI(zn96JJCJ&g`X}(3(pD-khMy8MvXWengD? zTvKjTVp?I=V-v7^eL{vhp7PNs$RweEIvW3AeCN8de>PWm|sOEjM z_ng;v3>Ku+1C5dc=2GszDZ8sLjY>5o<2siK#CB?gV| z$aFq$R6DaIsp8J1yBu_EEx~@7??hxU^toE*#3yC08P-^fPvyaue)`e0+hkM?{cYP`wW^k}w*=-lzsaeE3eqGp|(&E8xtuv zSz_YH+g>pIA<(x`&96_VGemk>W#^@L3%{G8yHAf8G(df+u1~a+pkw~*K8rYadK@Y5 zLn6niq#bp`V~sYgq*W4rU?M1ndk`ub7Kitj@!`c#ev87E1EJMg{L}G&8 zgGhi1ZhYsH4KJowbvPAT-vzX5C48^S(Ez_D~zvT!Km!Bw}{38If0@ z3kocyf3F?kFMMrwJGXgUs%c00X^pE-jZIHnT=d2u*B$iD<%)+_z7FYy#vTtV5`F_zbIBB2Wg)-%u1SDUbs8XB!xPOeU<``njIWfe_3J=QQ# zs#N_2r~7>Vh?Sft?vz$t?5NmMeMrbr_zzE!L7Y#pF8x)2BHv{}yc4s5dglDBG$(9F zG)0TY;{23%_xv?>iAAo<-#OIQejCg0IH(21Pdml*vcfJCGk@ zD3#81SF@t_XZr7KmrXWqa#K@fccmLRn9T_jmEYcA%sibGF%P?6;=hW&8FhtUbA(-t zIiXm!IVTX~jUa+)v;FM4$yTkSj{iUvMq9@CbT_oCGU%@t4}3I|!|)V-7Y_OARLkks zNDe7cYRTquFS1Y0@o?GiAQHA%>-qVh*eUCwJRaUr>ULPu|7q_!1Dd?Pe(L}g2v&-q zj7SwwkR=-gREi4$mAwrpAR`H~O+uz%IS6u?=TsEXcZjqHf)9M4vg;IQr%v}IMfGP` zv?`5V9~yI!c`r+mcF1Cr`tJmk_CB=tUMyp-|JrafCjSCAmc_ zOM>XAGy4Wq#8OdfNlQbwvv(m^OGiR+vuVM%R#RRF!E$C|jpOE1V!mNG z`V@9&JU$kO>AQJ=sZ6dC8Kd^r1ml`YDMX!to;NQ+aOv&0Drb| z{W0VbZ-TlPx06lWIe4!yPp19ejxRZg{a>^J)Ov+!V6$8deL z3ejP4pb8xBbhYt>v<85*!07d3`4s5q>vZSfA-U86W{#Y5fnN#T>C6zVknhpcoMg11T_hS6Bs{Kjl{2FZngMR|{K(;=uN0>Ga~=R_ka)t;oliqH7vTMb&78u|VNO0pT3m|img z8ZNPJ`DtG;H*$VktyvA21g>$;uln>U*5z)!_gp0+RQ)cHlgD(n3mRT;rKUhjT`ETB zzrMjVtv(mdrmEc9bi?#&<>lM0B-ewqV~Of9;$cCX;ri@IxlYaC7-j^ymnyfW^sUQ- zRlET^wiBNv{rZ^GIh;8QbD^*{9l2EhECg%skzSb_(9O%=lB@@~p5_Wtfb925^h@3f zHLufm0%h^0SRp})e1eCG`lSlAo6cyFdqOQb!>7Y(Z;4gefPjjGREG|s_T9~~9cDYB z?!>^z<24mHhP1@gBSb-hPu%GY@u+sZ_$dNyy{%qQz5Q~xZus)Db|#H)`Sf6DT)cTj z@l*GnGzUH4ZT|US-rErXXq@eP2*NbRS?)`XZO%4!>Xtj0=w1A20m_ng_;yK2u%o4-?jL z>M^O4BLVodGgQOI#JQgBP2P;+kBHjFi*Ln1x|+-kl1hz&pyX9osg0jS;sw)MPl|t@ z_2dZoz^dF&jO^h!X$@&q)m8;r%m1RzlTfcp25J*}olgKoJkU7@Ri00~61FjFI1q|g z%5Z{=XWFvL*b5fy*a4)HCM-X=;tb(!RPDjvVJF{k25M}w%Rinjn?$9kVbX*dJw~?0 zn#1qNpdM;-(G=i?yOc|AWDEj;TW2~3t$lEzJ${iSY=r$f0*lQn1Sbg+CbJ~4nGx&S zb0nX(_p$_6}$X+JpV^iY@hisBrbez^z<> zhC}b~odfqC3KcUhJ|~I37%9px;8^v+*EGW-RZ%LnCS-#Q8N=*9>d*|J0_l}mf50Fa zJ#WH>)i3y5Kt}p%&u>;`mI3GFv05n&(9i}4&hvdZ-vuyK;kR;Ozd7NFMh zFLIgXPm*p{B~BJm|!Zn;#T6Twm>Z%IMHrZYZMJ(DF{ShCqRGX5`!3f-aMT zb;B!r3|6SmX3BaP)vVJqA?y7no1Zp&GV$UXE;nDUt6FtR1IdKK`NA8|EjHQ;Ye5pw z8lNkwVK`6<&aej5ib)D*uW`-@n#B`n^rv0c;i-VX?Rlqshlp{qTFfKZmUWKs3BAl1 zHx|4&^p)ITz`-o3?olal`Ko;tI ztwhJKe(z6&z4DuWTDWzcn>5Umqx4_p>I~xNPCeaHDt!3Jj5Mo(+DeR*xcu$6F+S$D zRpvM)_YAHBcxk>CW`v=R`LZTZ=5T6vHF3^pU@j4DWueZ_ViRYQv_3vm+pBc#Jh#AJPoiA_9?Zm^vbuDBYsoG)GL^AXfU*OMw(x_uWO?g zk2p$oyQ~u@1`a>!`@jWdz&zAWiZ`%c3OgCkbvba9{-!k5eVApJ<{VUYfzKq`#+DnPS0Qxj<0 z)Q6m&9)aeW1#r}DCQNOQ9(Qs@nl0xlDuF?|*BGjuLjf3XfKVx4O?zlx9L=bx4ro)E zH5JGI%WvN4I6M_)R7x#3?Oy-DPW9=~t*0pBaJn8GM>>INxO&vLbh$uiz0Ceb<6cDx zGggoDKlGl$y1z*}&0_S=qsCs}z9YU8ok>J0B9#!D=K8eoYoYYU3oSA@aH%Ua zzS+jCs04_z_>Vj@*U=nOrLR2gi6s7{GyvOcxH0o!?{>CXnOE`BzG%!d5F2ZeQNQOY))sK2fdpaIg#W&TIfB4jfUDZ~ne$b4c zzDjW;ieGm2s#_zaz=$aXIv11|RE3_mE1~6*p#&$6ok2ONz*!>Zz_hd9q-gym^|#_K z;ge-UL$g{dxdNn%FVN2#yj%1cQ3l`3#{ng7m`}tB=;BiI+t3#$FaL2Ajwvt6S(A`VyBt zgh0gKJWQUVC^o|#B#fA^a+kH7bO~}TZLY9@BtWE@<_rbHz=xOwfAl$?T@%1CS+hRPnrCI549B}NdfMpGV|Siu>vTI z15Uw0YDb*yHi2$Z;=<6`&n+rPu?0Qki182+MwMZ^e&)0A+qplWFSGiT-YIcKHngn&?4!HOT8Hke2M|WSZ_ec~uPMDHy8Y!CGLo4&7`z((7It}`7@?!@XwT0i!&4jT>A4pg&$MD;Z zORzX2zzdPvw^$bg@l3a}Y9z?kJgt+@KuNFYJqd{*!e*ntAw4NpKvvtV*#J2kA7y@^ z7`fmP&;!mI^Er92U5j-I7aggF2BdTX&FUsIVe?&I_0YBADBt{*^n!~iM)WA3CM-JR zc5o#ms@4cjRhBUn6k+V_c8ww^T)@vpSy_}&S zv&E|of)>JLY+9B2+|Iw~iIb{_O6hClMOoJ;AZ-hOx&$S8Tkm5;L#~=kg zdK}QG@T%$Y$AkimwN^?Mf1^SX<}@QuMe3l9tKaj4xeH9G@Rehkn`h_tFUJyp3eQd- z_6q8+D7-B-q!~EipR(Y%E7LZEJ;rrfA3V(GDUo;C;n@4I2n$dO>{a*`rnmzbHT-t0 z;cGMgQTNHgJMvNz9-Kj6+3dU~ZP3EJfC?@S5opmAB}2Bu;C1~dk!>Vk zb_|S^#=HdXci~`;7C87lF-4FLt?Is=IcP}0tcKua9r9lx>tt=QtEbE?Uy>fuj5qYV zDdBBkiOx)Bu{`%eH8K&Z_VWn7a}3h|Jjv@`k18LJtx-+<6>X~mmdJP9L7C^%Q%|1n z7zv$ATUa45aCmB%5tBnja7a!$ftfp}1O${-(RT1VVI+sV!u{-x>5s+;rLrdP=6lmi z8_^HyC$vXER5S;b3>yhMlYgWd&?g$Zz_rUAh{`?)=Tn;sqz-t9V&Ou(DoIe?O8>^Q zP50F$00ehfZ%=1204eME)RveT>c{JDG(Jc=0;u7;)d*r9@Vzv>Nw2) zWTSR%7^C@6oWP@+`sm{oJKpV-ha5UJ*H=X?0d6t_0ac%cWRefCx$k|x-nvV+K$(R+QHdtxmmG3 zh#Q|I#()rZ$0o`V*^QB?3HLAHMs7pij;FIeB)H_F?5sHnYv@w^}`FKcq6R%`B=ZI*(`yQ&7fX6 z`E)p^0sb1&d<3;+(fW_~9{=-`wnGWkTx^*tXyF#g0*`2q%=l419oB@oUo=}}Vk+($? zcNvz4;4L|7V?V3oWDf@p5(0FpY?%p%)BRU=j@7rFm8S;%enH8;7L4P~$=aHr6)3)+ zOWonAIH+>_ue-!8hiRSAuGb>WJ1!0ProbeF=PLXF`CqF~at)Vq30+H6UF?=8rHM!% z{iyw`d2drW$4d>h6^tz9cBz&s9`((GY5t|4X~(XO?w!gN6RoN)F`yAm~J${}ic0S{?UCpIQO(LW2N$l75DP z`ahf~uQvPjc_#n{u$SWi-B{q@qZnRb{&zF|KIVQ6cT0c}{R*PX#$@Cqe!47XDG0{ZS2lc?|?g4*%1CE^|q=2l`WZV;TRx;!|?l(CaijHN5S*+=GAEjz8Io|BlJY z1k9Asq8Trb{(ndO&D8hPfG-92dhj|L{&`P;ANggbEoAUz_kP=nFB0)ZBL1wFzDUFu ziTENBe``j+*xcW5P5;Mr1kUEeov*&ycKgEjr>*|{D*O!)`_Fahi*)?|kdFU#iFnP~ ZPW@EgVHAnX{tEcJU}FA#!I^7!{|BUIICKC2 literal 0 HcmV?d00001 diff --git a/docs/modules/perforce/examples/complete.md b/docs/modules/perforce/examples/complete.md index c40b6c49..ed6f5164 100644 --- a/docs/modules/perforce/examples/complete.md +++ b/docs/modules/perforce/examples/complete.md @@ -5,14 +5,70 @@ description: Automated deployment of Helix Core, Helix Swarm, and Helix Authenti # Perforce Complete Example -This example provisions [Helix Core](https://www.perforce.com/products/helix-core), [Helix Swarm](https://www.perforce.com/products/helix-swarm), and the [Helix Authentication Service](https://www.perforce.com/downloads/helix-authentication-service). It also configures security groups for each of these modules to allow inter-service communication. This example takes a single input variable:`root_domain_name` is expected to correspond to an existing [AWS Route53 hosted zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/route-53-concepts.html#route-53-concepts-hosted-zone). This hosted zone is used for provisioning DNS records used for external and internal routing, and enables this example to create validated SSL certificates on your behalf. +This complete example configuration deploys [**Perforce Helix Core**](https://www.perforce.com/products/helix-core), +[**Perforce Helix Swarm**](https://www.perforce.com/products/helix-swarm), and [**Perforce +Helix Authentication Service**](https://www.perforce.com/downloads/helix-authentication-service) into a new Virtual +Private Cloud. It is designed to be used as a starting point for +your Perforce Helix Core deployment. -If you do not have a domain yet you can [register one through Route53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-register.html#domain-register-procedure-section). +## Architecture -If you already have a domain with a different domain registrar you can leverage Route53 for DNS services. [Please review the documentation for migrating to Route53 as your DNS provider.](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/MigratingDNS.html) +![Perforce Example Architecture](../../../media/images/perforce-complete-example.png) -If you own the domain: "example.com" this example will deploy Helix Core to "core.helix.example.com" and Helix Swarm to "swarm.helix.example.com" - this can be modified from the `dns.tf` file. +## Deployment -## Deployment Architecture +This example configuration can be used out of the box and takes only a single variable: `root_domain_name` corresponds +to the fully qualified domain name of an existing public hosted zone in the AWS account where you are deploying this +reference architecture. The deployment steps below will get you up and running. -![Perforce Example Architecture](../../../media/images/perforce-complete-example.jpg) +1. You will need the Cloud Game Development Toolkit's Perforce Helix Core Amazon Machine Image. This Amazon Machine + Image (AMI) can be build using + our [provided Packer template](https://github.com/aws-games/cloud-game-development-toolkit/tree/main/assets/packer/perforce/helix-core). + This example uses the ARM64 version of this AMI, and + leverages Amazon Graviton for the Helix Core instance. Follow our documentation for provisioning this AMI in your AWS + account. +2. Next, you will need to ensure you have an [Amazon Route 53](https://aws.amazon.com/route53/) hosted zone created in + your account for a domain name + that you already own. This example configuration creates DNS records and a private hosted zone for you, but this + pre-requisite hosted zone is necessary for certificate creation. If you do not wish to use the provided DNS resources + you will need to customize this example. +3. Once you have completed these pre-requisites you are ready to deploy the infrastructure: + + ```shell + terraform apply -var "root_domain_name=" + ``` + +4. Review the plan provided by the above command. When you are ready to deploy you can confirm by typing "yes" on the + command line. Terraform will take a few minutes to provision everything. When it completes, you are ready to proceed + with testing. +5. By default, none of the deployed resources are available on the public internet. This is to prevent unintended + security violations. You can update the security group for the Perforce Network Load balancer through the console, or + add the following rules to the example configuration in [ + `security.tf`](https://github.com/aws-games/cloud-game-development-toolkit/blob/main/modules/perforce/examples/complete/security.tf): + + ```terraform + # Grants access on HTTPS port for Helix Swarm and Helix Authentication + resource "aws_vpc_security_group_ingress_rule" "private_perforce_https_ingress" { + security_group_id = aws_security_group.perforce_network_load_balancer.id + description = "Enables private access to Perforce web services." + from_port = 443 + to_port = 443 + ip_protocol = "TCP" + cidr_ipv4 = "/32" + } + + # Grants access on Helix Core port + resource "aws_vpc_security_group_ingress_rule" "private_perforce_https_ingress" { + security_group_id = aws_security_group.perforce_network_load_balancer.id + description = "Enables private access to Perforce Helix Core." + from_port = 1666 + to_port = 1666 + ip_protocol = "TCP" + cidr_ipv4 = "/32" + + } + ``` +6. You should now have access to your deployed resources. The URLs for Helix Swarm and Helix Authentication Service are + provided as Terraform outputs and should be visible in your console after a successful deployment. The connection + string for Helix Core is also provided as an output. Use the Helix Core CLI or the P4V application to connect to your + Helix Core server. From 9556f4314221d9c83a10626a008b04d1af8e157a Mon Sep 17 00:00:00 2001 From: Henry Kiem Date: Thu, 2 Jan 2025 09:55:01 -0800 Subject: [PATCH 7/8] Updating TF provider versons for complete Perforce example --- modules/perforce/examples/complete/versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/perforce/examples/complete/versions.tf b/modules/perforce/examples/complete/versions.tf index 2848486f..58167efc 100644 --- a/modules/perforce/examples/complete/versions.tf +++ b/modules/perforce/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.78.0" + version = "5.81.0" } } } From a12471aa185a54daa42606402083a4b0c5f66aef Mon Sep 17 00:00:00 2001 From: Henry Kiem Date: Thu, 2 Jan 2025 11:08:36 -0800 Subject: [PATCH 8/8] Typo fixes and broken documentation links --- docs/modules/perforce/examples/complete.md | 4 ++-- modules/perforce/examples/complete/outputs.tf | 4 ++-- modules/perforce/examples/complete/security.tf | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/modules/perforce/examples/complete.md b/docs/modules/perforce/examples/complete.md index ed6f5164..e27e5ce9 100644 --- a/docs/modules/perforce/examples/complete.md +++ b/docs/modules/perforce/examples/complete.md @@ -22,8 +22,8 @@ to the fully qualified domain name of an existing public hosted zone in the AWS reference architecture. The deployment steps below will get you up and running. 1. You will need the Cloud Game Development Toolkit's Perforce Helix Core Amazon Machine Image. This Amazon Machine - Image (AMI) can be build using - our [provided Packer template](https://github.com/aws-games/cloud-game-development-toolkit/tree/main/assets/packer/perforce/helix-core). + Image (AMI) can be built using + our [provided Packer template](../../../assets/packer/helix-core.md). This example uses the ARM64 version of this AMI, and leverages Amazon Graviton for the Helix Core instance. Follow our documentation for provisioning this AMI in your AWS account. diff --git a/modules/perforce/examples/complete/outputs.tf b/modules/perforce/examples/complete/outputs.tf index c91a51f2..84c0c2ba 100644 --- a/modules/perforce/examples/complete/outputs.tf +++ b/modules/perforce/examples/complete/outputs.tf @@ -4,11 +4,11 @@ output "helix_core_connection_string" { } output "helix_swarm_url" { - value = "swarm.perforce.${var.root_domain_name}" + value = "https://swarm.perforce.${var.root_domain_name}" description = "The URL for the Helix Swarm server." } output "helix_authentication_service_admin_url" { - value = "auth.perforce.${var.root_domain_name}/admin" + value = "https://auth.perforce.${var.root_domain_name}/admin" description = "The URL for the Helix Authentication Service admin page." } diff --git a/modules/perforce/examples/complete/security.tf b/modules/perforce/examples/complete/security.tf index 5a79be38..b76f4aee 100644 --- a/modules/perforce/examples/complete/security.tf +++ b/modules/perforce/examples/complete/security.tf @@ -68,7 +68,7 @@ resource "aws_vpc_security_group_ingress_rule" "perforce_helix_core_inbound_web_ referenced_security_group_id = module.perforce_helix_core.security_group_id } -# Egress for Perfoce Web Services ALB to Helix Swarm service +# Egress for Perforce Web Services ALB to Helix Swarm service resource "aws_vpc_security_group_egress_rule" "perforce_alb_outbound_helix_swarm" { security_group_id = aws_security_group.perforce_web_services_alb.id description = "Perforce ALB outbound to Helix Swarm"