From d6d6a1f161123268aa3e73dfed089b75bdf4f3e8 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Mon, 24 Apr 2023 01:15:09 +0200
Subject: [PATCH] feat(hedgedoc): Move Hedgedoc to Kubernetes
---
apps/base/hedgedoc/ca.yaml | 26 ++++
apps/base/hedgedoc/database.yaml | 18 +++
apps/base/hedgedoc/kustomization.yaml | 15 ++
apps/base/hedgedoc/monitoring.yaml | 14 ++
apps/base/hedgedoc/namespace.yaml | 31 ++++
apps/base/hedgedoc/networkpolicy.yaml | 18 +++
apps/base/hedgedoc/release.yaml | 65 ++++++++
apps/k8s01/hedgedoc/certificate.yaml | 64 ++++++++
apps/k8s01/hedgedoc/database-override.yaml | 9 ++
apps/k8s01/hedgedoc/hedgedoc-values.yaml | 60 ++++++++
apps/k8s01/hedgedoc/kustomization.yaml | 11 ++
apps/k8s01/hedgedoc/slo.yaml | 21 +++
charts/hedgedoc/.helmignore | 23 +++
charts/hedgedoc/Chart.lock | 6 +
charts/hedgedoc/Chart.yaml | 24 +++
charts/hedgedoc/charts/postgresql-11.9.13.tgz | Bin 0 -> 57389 bytes
charts/hedgedoc/templates/NOTES.txt | 22 +++
charts/hedgedoc/templates/_helpers.tpl | 79 ++++++++++
charts/hedgedoc/templates/configmap.yaml | 81 ++++++++++
charts/hedgedoc/templates/deployment.yaml | 70 +++++++++
charts/hedgedoc/templates/ingress.yaml | 61 ++++++++
charts/hedgedoc/templates/secret.yaml | 26 ++++
charts/hedgedoc/templates/service.yaml | 15 ++
charts/hedgedoc/templates/serviceaccount.yaml | 12 ++
.../templates/tests/test-connection.yaml | 15 ++
.../tests/80_subchart_postgresql_test.yaml | 111 ++++++++++++++
charts/hedgedoc/tests/98_snapshot_test.yaml | 24 +++
.../__snapshot__/98_snapshot_test.yaml.snap | 144 ++++++++++++++++++
charts/hedgedoc/tests/mocks/test.yaml | 2 +
charts/hedgedoc/values.yaml | 110 +++++++++++++
30 files changed, 1177 insertions(+)
create mode 100644 apps/base/hedgedoc/ca.yaml
create mode 100644 apps/base/hedgedoc/database.yaml
create mode 100644 apps/base/hedgedoc/kustomization.yaml
create mode 100644 apps/base/hedgedoc/monitoring.yaml
create mode 100644 apps/base/hedgedoc/namespace.yaml
create mode 100644 apps/base/hedgedoc/networkpolicy.yaml
create mode 100644 apps/base/hedgedoc/release.yaml
create mode 100644 apps/k8s01/hedgedoc/certificate.yaml
create mode 100644 apps/k8s01/hedgedoc/database-override.yaml
create mode 100644 apps/k8s01/hedgedoc/hedgedoc-values.yaml
create mode 100644 apps/k8s01/hedgedoc/kustomization.yaml
create mode 100644 apps/k8s01/hedgedoc/slo.yaml
create mode 100644 charts/hedgedoc/.helmignore
create mode 100644 charts/hedgedoc/Chart.lock
create mode 100644 charts/hedgedoc/Chart.yaml
create mode 100644 charts/hedgedoc/charts/postgresql-11.9.13.tgz
create mode 100644 charts/hedgedoc/templates/NOTES.txt
create mode 100644 charts/hedgedoc/templates/_helpers.tpl
create mode 100644 charts/hedgedoc/templates/configmap.yaml
create mode 100644 charts/hedgedoc/templates/deployment.yaml
create mode 100644 charts/hedgedoc/templates/ingress.yaml
create mode 100644 charts/hedgedoc/templates/secret.yaml
create mode 100644 charts/hedgedoc/templates/service.yaml
create mode 100644 charts/hedgedoc/templates/serviceaccount.yaml
create mode 100644 charts/hedgedoc/templates/tests/test-connection.yaml
create mode 100644 charts/hedgedoc/tests/80_subchart_postgresql_test.yaml
create mode 100644 charts/hedgedoc/tests/98_snapshot_test.yaml
create mode 100644 charts/hedgedoc/tests/__snapshot__/98_snapshot_test.yaml.snap
create mode 100644 charts/hedgedoc/tests/mocks/test.yaml
create mode 100644 charts/hedgedoc/values.yaml
diff --git a/apps/base/hedgedoc/ca.yaml b/apps/base/hedgedoc/ca.yaml
new file mode 100644
index 000000000..919958c4d
--- /dev/null
+++ b/apps/base/hedgedoc/ca.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: namespace-ca
+ namespace: hedgedoc
+spec:
+ isCA: true
+ commonName: namespace-ca
+ secretName: namespace-ca
+ privateKey:
+ algorithm: ECDSA
+ size: 256
+ issuerRef:
+ name: selfsigned-cluster-issuer
+ kind: ClusterIssuer
+ group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: namespace-ca-issuer
+ namespace: hedgedoc
+spec:
+ ca:
+ secretName: namespace-ca
diff --git a/apps/base/hedgedoc/database.yaml b/apps/base/hedgedoc/database.yaml
new file mode 100644
index 000000000..c424fdec0
--- /dev/null
+++ b/apps/base/hedgedoc/database.yaml
@@ -0,0 +1,18 @@
+apiVersion: "acid.zalan.do/v1"
+kind: postgresql
+metadata:
+ name: hedgedoc-postgres
+ namespace: hedgedoc
+spec:
+ teamId: "hedgedoc"
+ volume:
+ size: 1Gi
+ numberOfInstances: 1
+ users:
+ hedgedoc:
+ - superuser
+ - createdb
+ databases:
+ hedgedoc: hedgedoc
+ postgresql:
+ version: "14"
diff --git a/apps/base/hedgedoc/kustomization.yaml b/apps/base/hedgedoc/kustomization.yaml
new file mode 100644
index 000000000..64f890bab
--- /dev/null
+++ b/apps/base/hedgedoc/kustomization.yaml
@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: hedgedoc
+resources:
+ - namespace.yaml
+ - ca.yaml
+ - database.yaml
+ - release.yaml
+ - monitoring.yaml
+ - ../../../shared/networkpolicies/allow-from-same-namespace.yaml
+ - ../../../shared/networkpolicies/allow-from-ingress.yaml
+ - ../../../shared/networkpolicies/allow-from-database.yaml
+ - ../../../shared/networkpolicies/allow-from-monitoring.yaml
+patchesStrategicMerge:
+ - networkpolicy.yaml
diff --git a/apps/base/hedgedoc/monitoring.yaml b/apps/base/hedgedoc/monitoring.yaml
new file mode 100644
index 000000000..4ac0217ac
--- /dev/null
+++ b/apps/base/hedgedoc/monitoring.yaml
@@ -0,0 +1,14 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: hedgedoc
+ namespace: hedgedoc
+spec:
+ endpoints:
+ - honorLabels: true
+ port: http
+ jobLabel: app.kubernetes.io/name
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: hedgedoc
+ app.kubernetes.io/name: hedgedoc
diff --git a/apps/base/hedgedoc/namespace.yaml b/apps/base/hedgedoc/namespace.yaml
new file mode 100644
index 000000000..757afa82b
--- /dev/null
+++ b/apps/base/hedgedoc/namespace.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: hedgedoc
+ labels:
+ pod-security.kubernetes.io/audit: restricted
+ pod-security.kubernetes.io/enforce: baseline
+ pod-security.kubernetes.io/warn: restricted
+ pod-security.kubernetes.io/audit-version: v1.23
+ pod-security.kubernetes.io/enforce-version: v1.23
+ pod-security.kubernetes.io/warn-version: v1.23
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: flux-reconciler
+ namespace: hedgedoc
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: flux-reconciler
+ namespace: hedgedoc
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: admin
+subjects:
+ - kind: ServiceAccount
+ name: flux-reconciler
+ namespace: hedgedoc
diff --git a/apps/base/hedgedoc/networkpolicy.yaml b/apps/base/hedgedoc/networkpolicy.yaml
new file mode 100644
index 000000000..e1d0f09a8
--- /dev/null
+++ b/apps/base/hedgedoc/networkpolicy.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: allow-from-ingress
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/name: hedgedoc
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: allow-from-monitoring
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/name: hedgedoc
diff --git a/apps/base/hedgedoc/release.yaml b/apps/base/hedgedoc/release.yaml
new file mode 100644
index 000000000..192708f22
--- /dev/null
+++ b/apps/base/hedgedoc/release.yaml
@@ -0,0 +1,65 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: hedgedoc
+ namespace: hedgedoc
+spec:
+ serviceAccountName: flux-reconciler
+ timeout: 5m
+ releaseName: hedgedoc
+ chart:
+ spec:
+ chart: ./charts/hedgedoc
+ sourceRef:
+ kind: GitRepository
+ name: flux-system
+ namespace: flux-system
+ interval: 5m
+ valuesFrom:
+ - kind: ConfigMap
+ name: hedgedoc-base-values
+ valuesKey: values.yaml
+ - kind: Secret
+ name: hedgedoc-override-values
+ valuesKey: values-overrides.yaml
+ optional: true
+ - kind: Secret
+ name: hedgedoc.hedgedoc-postgres.credentials.postgresql.acid.zalan.do
+ valuesKey: username
+ targetPath: postgresql.auth.username
+ optional: false
+ - kind: Secret
+ name: hedgedoc.hedgedoc-postgres.credentials.postgresql.acid.zalan.do
+ valuesKey: password
+ targetPath: postgresql.auth.password
+ optional: false
+ install:
+ remediation:
+ retries: -1
+ upgrade:
+ remediation:
+ retries: -1
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: hedgedoc-base-values
+ namespace: hedgedoc
+data:
+ values.yaml: |
+ postgresql:
+ enabled: true
+ postgresqlHostname: hedgedoc-postgres.hedgedoc.svc.cluster.local
+ auth:
+ database: hedgedoc
+ resources:
+ limits:
+ cpu: "1"
+ memory: 512Mi
+ requests:
+ cpu: 100m
+ memory: 512Mi
+ podSecurityContext:
+ runAsUser: "10000"
+ runAsGroup: "10000"
+ runAsNonRoot: true
diff --git a/apps/k8s01/hedgedoc/certificate.yaml b/apps/k8s01/hedgedoc/certificate.yaml
new file mode 100644
index 000000000..14b9590c7
--- /dev/null
+++ b/apps/k8s01/hedgedoc/certificate.yaml
@@ -0,0 +1,64 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: hedgedoc-tls
+ namespace: hedgedoc
+spec:
+ dnsNames:
+ - ENC[AES256_GCM,data:lCKhFI5WZgGsMkzhfxTJ2M8eQ+Jddd0=,iv:WVw1UFH0x2v7II9bZY1nZt07rtkcP161Tk9XVWma528=,tag:44WbQUbBtjAK1RwU8gKuug==,type:str]
+ issuerRef:
+ name: letsencrypt
+ kind: ClusterIssuer
+ secretName: ingress-hedgedoc-tls
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2023-04-23T22:42:19Z"
+ mac: ENC[AES256_GCM,data:mEp73QGrUnBahXkrM5UPMtGbGDRl3LE4drZs56T81xpf4jqiqI8cIvGwZIJxqTsZcJT0vNbgxz2IulTgizyM1O5p24+Z3ZzrDZ05Zhgbu9HNZ0CSaOpfHZDEJuIUm5TQwsvlh89F7pNErXu3d3dxrLtuU6kX87ywZoWPpvd2k3w=,iv:ASRDctACn+PH49Xqb7O7FXK9Pg36BHqHX8A5/01Vubk=,tag:DALMxmcxUs6nYgmTXPOThw==,type:str]
+ pgp:
+ - created_at: "2022-01-21T18:13:48Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcARAAHhDshl1OJqNRUolNvbIXzOuDzssJnvyi6cIZuMmVMsxf
+ a6wAWAtYOehvtn1ODL7/h4fIpBtfp7d8VuwfJSrh3ghUeiOl3zRzQbmaFA2L5/iG
+ Jd94tFAVwIl30qjcYqGVB2RF27VF1RElzgDLQh3hiXn1hDC+WmNSnBF5hwnwCFOL
+ wM4BHuE2AB4TX3PlYSo1n71VSzcCqRzbIxelZasYLnJQVL0VE6AjEd/fHS468R8N
+ aZ3mhmHW3sWzuLHNREMD2Q3ghkguLhau0VoETlYRI9103I4k7/khFrhAj5l2/PUr
+ 2SWgpXyRqXVaKPeTiQs3QR8B5jNq3BlZj6Celw5Ig/wx3LY0EhI9e9WFgtSlZxM+
+ 2yk65HQGvTIgsbys/z/0skA9vqik9csFRsH9iK42E/+XLvoAT6yxyl0cv1kBEyAS
+ ggPmKOq8+CT+voHzuh8kZHq9Sa8kH5xL1DQLzX2yIruV3OhTPSK+VlDpjUbycmI2
+ qR1oCo/snOJwwwvfl9vu0B8FCwhrz8554ZQBErFfJl6GFiUV8LElRlZh5S9Jiysr
+ nYJS5gxrcvjF/0Y6EHEfWDRDxvCHoWQpWhl2hRkh5UlQKH0ab+QWLYpISyNJxjfl
+ orQJdaVX3BQwhqMLwiMLGoaNGrSpmxXveLOZmsdK0obXC67lyE6ZM/Wy6gx2dFnS
+ 5gFdXCLzQmmjYK8gIlsejQdnxZI2qWavZIN9T70OZQGaDE/S+U1uxKjuGBM7HTcP
+ 7f1nUa6z96A9ydWs1xHjtm7k172V16PMSrvjQ8KLhFJd9eJDq3ksAA==
+ =XgF6
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ - created_at: "2022-01-21T18:13:48Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4oYbIHZIrAPAQ//S/9rOkbd3beNH20dxgZ7VuZxgnjiV3Hd3om717njcMm2
+ kCfTJ3AmpLtQsT2s1W221tIyCwtHOobj82ANP9KzNi4e6v3LlNTIVHTQiHXk9KJP
+ AX6JoCOLu3bAI0xcdApNBU2wAlHBVC+T4BUfhPqD5AdHpW++e1qUIsM/6TViunHj
+ BWoIA0bpXqyOhTm1GbkJrHMgczJn2qgR5lBf8wgGmASd8jlNyfA7SxoKHj8sl/Ji
+ nucP/90dmyD2eBIJYdYS3anJYa2uP96oioG5xxIyfppnL5dwozDAit3Z5vvnBZNb
+ 1rrpUnN8H0cCcaj7tmDEmjGfjGwxLKegQRZX7Pg5hwaaOOPGheXf8Ip/DpDf6T0n
+ Sq24X6DC5gD1RBU+YY6ZayMt/OKpVVVwRlY4BTDIUe4M+ecK/fve5vpDW2M+KWMc
+ pOkO1B09/prsX0w5XjFh8hb/6HlDDhomiB+BszcRCUDzocRzSEIFwMf7/iTaExe8
+ 2fKCCHB4kHo6GHpydlQOpnGMOvDmiNKopXxTkFQUFQjyRmHGXf/u79JNXBjHkniv
+ ZiokjTEarwMp68dyiaL4L/5Uk+4NG3MetobqSaeW2TbeBwif3G2eFleYscz7QPIR
+ 5ZBBhU/CoUEz2Xge6t8rlp8PNcQ1yq/R+tZjaeqIIT4++ZxCErhA0lsxyFrgLefU
+ aAEJAhD7hR3IMDGN2zOZSiw1IBz9P8Jss/oERQiuVpe/eTv5Vqj9vuL+koKftwnF
+ vSVkNo0fLwNLtnU659Mkoj9utoUL9tAhcCMpP3NehKkBG5RjF9crnIP6zT3lvVU0
+ GYyW4Lsfrt/a
+ =FfV+
+ -----END PGP MESSAGE-----
+ fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL)$
+ version: 3.7.3
diff --git a/apps/k8s01/hedgedoc/database-override.yaml b/apps/k8s01/hedgedoc/database-override.yaml
new file mode 100644
index 000000000..c6e573cc2
--- /dev/null
+++ b/apps/k8s01/hedgedoc/database-override.yaml
@@ -0,0 +1,9 @@
+apiVersion: "acid.zalan.do/v1"
+kind: postgresql
+metadata:
+ name: hedgedoc-postgres
+ namespace: hedgedoc
+spec:
+ numberOfInstances: 2
+ volume:
+ size: 5Gi
diff --git a/apps/k8s01/hedgedoc/hedgedoc-values.yaml b/apps/k8s01/hedgedoc/hedgedoc-values.yaml
new file mode 100644
index 000000000..6a5adbeda
--- /dev/null
+++ b/apps/k8s01/hedgedoc/hedgedoc-values.yaml
@@ -0,0 +1,60 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: hedgedoc-override-values
+ namespace: hedgedoc
+type: Opaque
+stringData:
+ values-overrides.yaml: ENC[AES256_GCM,data:pFsh2X6nivnIPPrkFk9juoVenBnF1scm003iHsZmrNw+1bQW8uNZWLBEAtYC/fJ/B9B5SnQ0+Ja50P8MfuXMkxad4+4Sawbu4dJ5qK1oCEEjy9ol8lqPlgZjE07g67jMo11A9Doo80BJLElWpZQWRyhtnywGgZTrBCBCLukZbSnAm0hwpKJ5dckDVmL8A/kfufRxEFcfundPf9rk6xFUH2frBAil5tZqfYd3CSgVZHA1MHH9stOW4tN08UXCoyHGdP4ZHpFj/ChRZ99KyapetF5vItj8CMvWmvaRmkMLc5i3hkLiWF0Zfrp4qFL9F1KQhmXX0m0C9i4QHLW1QN2tXiS8WccxuMhxHLFW0TMcKdSvolZDioyObUMwAAyoGTE1BAwBb18Vtk8O9GXC0TKy0Df53XRoJh89r914D5fRlmUTqbdqW9bTdoJApYMmdhva0PrNJknmcjjAkCH0FN2iwV0N3MuXChXulYxd4ye24IvQGOh2Hen+IjxCbkFY5tpbQoQ4C9wzoD183LL1oepNYLUkOA4v5x1dUf8OxaGNQdfn6LIMXxnaFKrSrdOJxgY7fwIrhqjOinu4vlIXguiMtY4WTQXjjccTg23zT1HD8z17LmyfANjXH2ljA4jH4fky1SzizspRADKpc7k6nqyiAl6BHBDJFJrdwQ3ERJYiEKnOlef/jv9bncfcP6R776mCCnlwmjM4Pgt/FytWn3i09jviRIRQ25u6Jxv3TM8m2/k2pOBr9sc0P+M94xvR2J3gvSm3xTqEFhQcSswjjCQ5M97sCqBkbT+CacY0CpyawTSbFeeBngBU0bh/aXsghFmcc0KawvkSzZwTTSvQL495kfuL8i07Agh8ZAuk7PPx37JabRVJ8CMIYs6kOQfRsTG0c1yzgboFcsH2dlAVN9GhdI+A2E3WAvk6dPrfpDwZqYgzkdntWVW92fkj2lulxazxnrSdLuu76eQTtPbGMjePjOD3NgLS9hwdFd/A/iAkQ5pJqCUXa25gZYxYm7ji4hUw+t2eJedmlErLQPIZcophAPkj8a3tx5BGIuj2ehtqMVdSVWhBBRiVgWquOT/I7cj22cksdOwRtNLyyVaxb++fy3mKI3JVICFgPaUcfpfH1ByhcAUbCduzzIOMykUb5lhIvqmqzZ6OZjA3rG7LqnMTU7iPqezgu4uNd/Lcuy9+MMCMH5J1bhA8bffCDyg+r6Cd2rEpU7eczOZoo+Q2lnVLWmgxj8KLJZ7VxU5C5ItMeOkuljTpQzXyDKeQ61HlU0tTZKiMBbM9hq2V9LmgQwkwBqBNcDf+6Z6w+meH77mLUXDPIyE4X11wWmrH4+tT5V1R+014hZwuC3Zpm+fUH/STMiAz10m1mCQvgaMZ9ZqwarutLHl2Yno+QyduchwiAgDlYEL8aoWMqmfWVSp2fuPYvuxOG5AxUjiJ8ZCc+OZHrS3zj8ysrWElj+f7qgeYbINbIQ2ctpV/yrYOxuOKqzxsHJ26zwWYhAvO7goPztPT4ZU58oj+IA1l7EaYdiy5tK7UvSHPxnNUQINdTT7AsHi1xwsVL+TyHAbSRZ4mZNARn4mr9BHC41+xgZfNrY48L5McYUSZAXPbN3HcvXi821cVc9o0pXf1X8yE36PSZY45iKTsG5tHcqxfXHAm62aBngKmwrl6D3BaDq8iauX4k/PMyVgq6qt0r247MAlcvu1nwgFfdugHLPNitmbIyZOTCk9nl84dQX1Ps5Rabr5ZQitB1sSd9mPttX6HvbIsTzRHxTIKUW/KHHtIpR99YwK50w+czKrnTBlmw/soTunzdVByso88mAB94+ebIlFhtYVHz6myGxI/GqJFbFep/NYdWtLvclAttr7TIlPdQljQXyZ8Y7MBOXQu5IGyNdxv0k+/,iv:3w5d5fXhEeXUjTCU8TFnA0EzdEo8p7VtqxuR5HL8tSo=,tag:FZFOjEx3HPPtfqx+zc4gNw==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2023-04-23T23:14:45Z"
+ mac: ENC[AES256_GCM,data:M5EVgZy0v2QGRlggG3HoQjoo8PrzG3iLv+TySSYg75cyUXY5aYUL1QyetU/A0vilvbOq7oxH74K51QG/KkIFY7IRqAfaDqj69Cs1GV2YUqOtQxkLz3H7dm9X6nXGtDEmIj/J7PM1uYw5CTJt+JaxHytYDkhPSld5aakRb9qffMw=,iv:+HXfFQHw0PzSR2P0uE8mKSnjPWFg5bFK77tvB8MtWnE=,tag:OZlPDi4DOFjoJRQgPd0nXQ==,type:str]
+ pgp:
+ - created_at: "2022-03-22T22:26:35Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcARAApcdDAfEgx93xGtkm4f7xTuRhvUyl8lw85rIHbWcAveYU
+ ayU88OLaoQyeZDZkOXbtxMHpry8GbId6vPAJ7KflT2eMP0A4uQGSSCQO6+5QcaYg
+ sbO/zT4vdprN7icLbvmmoK2Dh+hOo5Z7/7YGmdJfaaATzT2BGL/cVS1bonI83vXR
+ lzlW/DglIe7oNEKGVT5vWR5uGvq/dJwSRe/34eutEnJuV30imxHOcpxy3uXJFFXJ
+ 3eKTk8dNLz3UE3IeUjbFdPFZYU+grOAOOCZRK0IOYFn+SF7E3dewgiwEdaXzz3gK
+ /6aEMEmf5vyVqn9jOaqZhKRqE7tW5HnhwIIlxcMPhkLVZvYf4F2EDA5f12C2hdp0
+ s7fFhU7v5GgFaHMJuaWVPxDnWTrNIst9bgeJv/N4RVfrLifrZJcqa9lE8ou0iCr5
+ dLi9d6UjsgWAREIViz+Uz7dJQ9QeJ6PGYgg/xgf0ihJFG7sx+TBG58DKb3G3tyUV
+ 8hfK8Ou9m+zYnd13mJ2mV3rY0rmXusT+NcqTG2G4bBG5NimGpJS3rO7tAjjp/8sN
+ hMM46ay0vVTUXx1FwmjUFDG1e4sc7fKxTaCBizMjeUfZpAOiy/10YQmrFHBsftpo
+ K5j0nFMoG9NeO+2ffEmLhRtxvMe3WpINk7du3F624rYIGCB0aNUP69FCeJKuUQHS
+ 5gH5AwnxOAtQakDksfLxJhUG1NlaS0iAFkZkTTibvOJwsY9L/scDDQlseb5zBKaZ
+ sOPwmn6hL4KavxF9BPG33ILkZKbkcvlaTlAMMY3iBs+MZeIB4+i/AA==
+ =SQqg
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ - created_at: "2022-03-22T22:26:35Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4oYbIHZIrAPAQ//fGGoDT5KfsG/o6r5xhDHSc0IFH6zT2TFIB6TuA5SwHfV
+ 8t3IeKD0bE//4f8AxGAVocw+AetolwrQL/Tl+n0UV9P44Jeh5VlCAGltHcowR53o
+ zdjS3+i9K3OOvQFhF+aYrPcnc+aTn9KbptHCam0w+Lr2UkYSAPAZHsBcoMp24mHX
+ 6A+5kP1kaRzFzEn4TCNeTt13W1AsJIoSagkBWfYRBkRPk1OzGOuYqX6yeqj7a0kM
+ 8uiloTQgWOiBSOyRtxUJi87CTrMXyb0F2E9HMyhgRnzF0YX0ZU0UVG8MNdRL8eFD
+ WYY68OK7DQw3zlJubscYQ2jltxKcq5g9qUCw/sXaNurtohIx9UeaHtfp036EMb22
+ 5StgGEnBirUzfSrQGT3kuj20lcMtQAr/d1UsmQNjB36eOZSrx0m80pO8JVYL62/O
+ HLYnAHU52aAPtE7brNEVg4yRLCbWyVY3Z3H9OaTVXwNIMFoMEgkHHnNlsb+1ZnhV
+ cStKMO3H6W8eXQi3VGIVNhuC1ltsxHQL1I22Kr41JEnuaB9Jy5bsEbrO4XGyDdte
+ hMI8Gx+0KZAMlKuZKLS6sMa4oVnQTy8w20PtVrrS0zDrQRPpxBrOgzjrNeMj9FpS
+ q/efiCAOBc8eVd8N/7j66UItwrysfmIfsHWfoPotS7F6WmUHeAyoWjfcvTZyd4bU
+ ZgEJAhAtdCnHNvUSl5O9XZuSu51pRwj+O72kZXRSJWv7GTT9dsRfuM5Dy9A/tuVI
+ BuZraI4JyAWb2KbkM6onp3Rh9IcLuzqEYm/ETktxTtO1HlcVPJ2NMcFgTCzaIGX9
+ +rtkG7tPbA==
+ =tvBa
+ -----END PGP MESSAGE-----
+ fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey)$
+ version: 3.7.3
diff --git a/apps/k8s01/hedgedoc/kustomization.yaml b/apps/k8s01/hedgedoc/kustomization.yaml
new file mode 100644
index 000000000..587ab8c3e
--- /dev/null
+++ b/apps/k8s01/hedgedoc/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: hedgedoc
+resources:
+ - ../../base/hedgedoc
+ - certificate.yaml
+ - hedgedoc-values.yaml
+ - slo.yaml
+ - ../../../shared/resourcequotas/default.yaml
+patchesStrategicMerge:
+ - database-override.yaml
diff --git a/apps/k8s01/hedgedoc/slo.yaml b/apps/k8s01/hedgedoc/slo.yaml
new file mode 100644
index 000000000..bbd016a34
--- /dev/null
+++ b/apps/k8s01/hedgedoc/slo.yaml
@@ -0,0 +1,21 @@
+apiVersion: sloth.slok.dev/v1
+kind: PrometheusServiceLevel
+metadata:
+ name: requests-hedgedoc
+ namespace: hedgedoc
+spec:
+ service: "hedgedoc"
+ slos:
+ - name: "requests-availability"
+ objective: 98
+ description: "Hedgedoc SLO based on availability for HTTP request responses."
+ sli:
+ events:
+ errorQuery: sum(rate(nginx_ingress_controller_requests{exported_namespace="nextcloud",ingress="nextcloud",status=~"(5..|429)"}[{{.window}}]))
+ totalQuery: sum(rate(nginx_ingress_controller_requests{exported_namespace="nextcloud",ingress="nextcloud"}[{{.window}}])) > 0 OR vector(1)
+ alerting:
+ name: NextcloudHighErrorRate
+ labels:
+ category: "availability"
+ annotations:
+ summary: "High error rate on 'nextcloud' requests responses"
diff --git a/charts/hedgedoc/.helmignore b/charts/hedgedoc/.helmignore
new file mode 100644
index 000000000..0e8a0eb36
--- /dev/null
+++ b/charts/hedgedoc/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/hedgedoc/Chart.lock b/charts/hedgedoc/Chart.lock
new file mode 100644
index 000000000..f3c7009f6
--- /dev/null
+++ b/charts/hedgedoc/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+ repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
+ version: 11.9.13
+digest: sha256:00f9aa4e28ee58f51a9c56fe6d07219babc24ae34571815e64b388f094c4de9e
+generated: "2023-03-19T19:38:00.244092372Z"
diff --git a/charts/hedgedoc/Chart.yaml b/charts/hedgedoc/Chart.yaml
new file mode 100644
index 000000000..4d6639e88
--- /dev/null
+++ b/charts/hedgedoc/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: hedgedoc
+description: A platform to write and share markdown.
+home: https://hedgedoc.org
+icon: https://avatars.githubusercontent.com/u/67865462
+type: application
+keywords:
+ - hedgedoc
+ - markdown
+ - collaboration
+sources:
+ - https://github.com/hedgedoc/hedgedoc/tree/master
+ - https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/tree/main/charts/hedgedoc
+version: 0.1.0
+# renovate: image=quay.io/hedgedoc/hedgedoc
+appVersion: 1.9.7
+maintainers:
+- name: Sheogorath
+ url: https://shivering-isles.com
+dependencies:
+ - name: postgresql
+ version: 11.9.13
+ repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
+ condition: postgresql.enabled
\ No newline at end of file
diff --git a/charts/hedgedoc/charts/postgresql-11.9.13.tgz b/charts/hedgedoc/charts/postgresql-11.9.13.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..2d3ac623a5860d4fcc1255afb5c9ca7c4d9d05e1
GIT binary patch
literal 57389
zcmV)LK)JskiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0POwycH=hkC<^CqKLtK@X16`tlq}ymqxH-0JC5vhyyA<t<xckO
znOSa#gd~h9f&oCgHJyHg^GN5N&MTaS8wv0x>SA|yVy>CAOafJfLZMIqstPe-d_ocX
zE$sBCkn;8%&cbgt`|R!Q?HwN;%76Fv_VWLBkGhB7bPo^qkN1y{y2ssb_PPg$dk5cu
zy$#b*`Xr1)`pw?jxbltrN*)+RghP%=#Clr*_>iLsq4OR%g&d9`Lt8M$zaYvmiF)8+
ze+$NO`e*mBebnCD3Q&xq07X7VtheQX2+mLs_+&OC(G~y{#e`ulp-wrES+CRag{-mm
z2=fTeaN8%dj{dy`0EZJvj0f~PFNO7BQ17=tv_EVGi1`%9T)rA8Q6B!U3$U$!vmJmL
zfDs@uiU1=C^${SWe<PoJ6os<gFa&{aE4Yuyqd+qz6i^gmIKm<3a{!}276LfpXhJcc
zx4}vO{8SJYhZshD7hn!p632vcCh8+RiNHOYvt96Sf+MyosK@A$?E+5mWP&J@U>PSA
z1t6xxM?pdnYi~`7;GbdD1oLS!vRS0L*WnbQ&J5xx{g933E$j=P7$7#IA!CTM4&%_j
zXI7OCo=vPjJz2op-{1SNe{k52qsi7inm-a6$WFFUWq)jWDKED?puSNQhuD{_-tvGS
zCX6GxCCKIwM~GS?^Ft~E2@M-?U`tiANKsuZLDtnK26sIVGa!$TkL~P3o6t#TE0x7=
zxBa(v_h9RDkL6XKg8mPQf4^ZI3-tfq!NEaZ{~sK`dC~vR@oZXmTMBxweYh3i31Ykl
z*c9#`9ruub^k)CqKMKAZchTXSL*GC4|K`KL?fKpB(AYmX8XpFupnK%|aJ(OkyNBPs
zIX?W`;hW$H2FLK&-<qHZQOHry1FikN{e7>y=j|Web`N`pd%gWP?fo|ghkrZl9`FC3
z)>k<kpZ&4M{{svY#Gb$atR4T|HwOpDNBQx8eDpH@pXGV=3jALT`C@hkZ$mPIA&4P`
zGsF>PTd!V$L5LtjyC5PQ0X~Hs@F`~C5r-il4~SA6i1)~<whM6Nhe?2=39$9cF7Qb-
z#*;)CJe+`pshSgoSIXbkt5;j<Z(#un>LgrUrj2KCf^N_RGfwA*;8Wt?BMRg<K=nsi
zdkX-kMh~=Fm0$-+7!Hw75obBb1}0$gvs97{KxtV*N})mqP<zr=zw+>OTZBnFn;T+&
zMsxM~3eJ#2u3Z!S<6mVI3$qbUP(Oq$rFLk)6DI6HC}YM^#KA8lOlD}C?HEKh0L_+6
z7YKSwkXjZHO!zeYdjJ^|h9O9Q2<)P3Tc$`0z+i?W(dQIw8^K}VeJP;#JIx3X&_rhd
z!9s}?0zYA#%oHL{fKL(RsEE>3ZHg+cY-2-&@se#z7bV5ErJrihnKDh$p%0jG98Hwm
zDWqf!%xfe1de}<o%GO&xMFEO9h9N6b;zEAE({4tPLijV9v$hl+!}p)jJf-d)%>j-!
zL1YcK_d9KH9fflNGXRfM6oL1RnD|~SJ{jW6H(1Ehv$Z#e>@zgiS|UDMtIKh2tnu<6
zQBJASOt~6lTIY(#s3PlCTr6b<wDrm*!TON3)1U_+FV<FZMMBlLa!#d1>N=Vs`hb1Z
zmb)U>2fM>`86e6yJyumY)o5F)sj^hYX3DKbTT_~#cgr?+`f`!unmek5YR-K!LVBwU
zTpLU0=VXLvgg9bmsUvDxMJ1jLi0Id}@{m&@znlo9LPW!PW<#kpS6kW^?Qs%@a$@6X
z7Kc*7ON+~Fo5+cWB59jR96N#x8(EGH1F(b^@u@K#0!<!P4wc^GIVFNvn_+$R0jMtm
zl2f#2YPLh-!_b0=K5z<8Q5=#vI1%=inwdC-dNYrSb_A-xBj!_wJ=;iFmSWK;O}4Zt
zl4TZXX=+)`kbJm+BNQ@l5(FSrKRE#~3?&AI5e0xEz40U)WmW8fkDm%KPqIB%3E0|$
zZ3^82VNje!a1<gCU^s~g<Jbo?5+I;ug>lHyI0+fz0!miuk_5;#wcT%RB;f{C@V5oI
zF(o6U7X>3xhN(I*3Y3XNW;5~I6wtyJpeVIRHJTn6!;qmmf()>}{+E+Xcm*-p?p|5r
zH98GMX$lXp5TUpZDWnqyPQ-s!LMN&lTsRuz2=lqCjqE9`N-^pEQM;^K^kk|CP&CfA
zYNpAk9mq9|+@_%=o17gEC#+-1sD#)~mplbr=>n@*#q1T8RWjcS)i|6K%Zr!Wcs5J8
z6goj8fK<Q{%n>WfV5a~{Z8jBw>G!&K9^u?<M?u(bx7&J&YgV|JWt`sycr0f1-IDb#
zhm!&YaT10D5@NrE1>zfs<;T)`X6ZSMk&nl7yOx^HS+T)rluWV;W1wEBjU2$HBnbmC
z-1MNAm3nel&n$<vaA1<#>nqs|m*+C(%*PAR2*b$hc0GD<v;~0K=rikULln$bw2Cq6
z^C=p`Bvg9)^-1^$=j^p;K-T-1f!9JyGyZxPppeN{$l~YYE5Zj9F%<FF3Y;VK_vwt&
z#-tMvpLK+J<4qDAppL}AI<I1iJi%NXO+59^jMc0Yd%(t}P+iCB&?uY(X4<HC0mQ77
zU%%@O0n@p&gmKX$GZ-ZjhFZP_MmXiH8$%zpn>CC>cF#KLwu%>%z)KZUN3=vW&WkC2
zfE;<I>pKem*#|g_Lo)%ytL#|BWt$a4)mNM*NObF*B;Zj>V~FqNvXvpEXK);i37yHg
z43G$fWRmuT6lXIdym|#r5<V5Sy)s5~8&wXgRzLK4#Sj-Zwa2H(ql9qJ*y0|EyfLPX
zdo(Gk+BGmr84xI;XN>%3#U)2a4&jzryJR{?t$O4%ZH`ypF+{-$V|Wq)m@Zmm&sS~!
zw81r>BKn9K+65HNgwln+k630tj6$K6%mxc)vYu-v*aY;Xm=#G~ad)Z>&L@#Plf~om
z9Smh+idE@*10WR=xekmedB6b*(jij5_RG=Rcr(j@&8-{r&0lWAYPn|DwzjsFOKoeV
ziojj_=0I8t)OQXK$yhH0((jHamDKCWmv?EYDm>LPl}EM|U#-gZ5>-M<Id3+#t=F#F
zsol+QZ|+K~|9ut5-lxMHYrcr$F_t4fiNTnXnHu$qv^KaECbc4Sh9^@FV91CuyP0IV
zWL_A+*yh?8T%4W^1o!mXqOHobM>q=Z;wJRuiBZ!uX26F`PtjWy+c3F)c*@<(;+EBd
z4XSF|Hoft<LDHURlW+wJw~8BV#m%+C%&=9u&*prs+G#6O3#Idisr4fc5d)VbiMX>N
zD)&Fe@*|EIM=%hqOPF97i~x!rFeT9pMI1apip8k0CL0I3WtJHts6WLV`8=V>X14Qw
z`#s|@3SdYg^d1oE=)CuGOU5qW16gr_>c-Np#_CnBMXz4Diq--md(XxzuvlnaGspVS
zX7k9OQWBAb^~r38xioC8w{oqHx!ekAgOe~Mk0{U!upW3%BB39Zm2(H<IGkI5KT^z*
z_*-swy;o|JjK}XQ$%&HLFvG2R!N65A8zCxslA2fYpjIljDSSW<#Wp~2ML6n#zTANl
zI&dPVT``lvNDvAGgT;)$z7VSSWy_NiA1S#;@e@i>#5**JIG!O-^_%wy!}gTV!dGwK
z^}XTWulhgTTwh(k8+!fg%ggiIbfo3Gpa)uHJQgapoE<%|SII!p1^Tzt8)iq+dM}q?
zZSanvaS|%~BzS<4FZbcHQhJq;E>&`ndtf%dv)(y-fZ9?Y)NG2Uh2(~|+V``o_1xoH
zaCCUEuU1F_<{5FXUTtE{00mGS+1nlRRXZe;p9tg9;JP3a;D=bKj;Vgf$}03p6savQ
zwfU**gk<7j>8DAvolr5ghh!o(RvD~Q%=~I_B;jlsfbm3fPc%e8a%+lON>55(2US$8
zU{S=}{>=mHLk>l4$sqk(LDFRkbyXWKade3ogA<|2)elKUh#pWVm(Wv4QMTPJZPpSd
zUEl}}C>rAr;MN=_2(gy1aD+gtK5hqUPe!Oup$!<~J7w^0@eKWkL<pomjOi;NiV@B@
zoW)EnA_L5YtXh(i?eMzN;JkNxHv5#Z)%Yyr`JAbT0vme(QA()7kg-KWvYKWNG^G7l
zm}WFXq$!!(9G4Ze7qBRLdN#N@>z~}7ovPvq4Z*oq%wiUJP&+>mj1w_Y?SfcsMGBMU
zwXT6*o4GoVoFV#vC^#Pg7z9+Tpb3@g%Pf2pIkHqcUs)cv30)%8sGL5cd>y$CQ@sE<
zDF9GnW1VSH>FZ<0nOt5<YNS~;CUj<o&*_yYB+T$alajFu6vivT%rjmr9#5~9<h`gA
zL=O84aB&nY4;M#41GwoDWd-o@W2MxnR)HHrxM3Qan3D@6?51=;OLpUe&@1{yWobMr
zK@l&-ze0Y>D#VY)wQ^P6JU0|scaU?sBrjCW6V53fB^=fATw@vIP?!X(;Q3Kjtr@Ql
zF(CWJ37A3dPXU~WH7(BxyVE=6P!(#uR#u&;-slC894`S;D<kp!e@do9XGgUF+Ml8s
zGMl+_@yy;Eh@!KGWqjmnp~2J`#tZ}~rpSjJ1^@5=^M4mu$3te+XeH;YGGK_(on=n+
z(jMGi3;~LKI*)ZbwnV*N*}0<9ZK=x}H4FCGo(z;8(toHCWB!oBZ~YNJnmTUxI&W3?
zm{*dm`VSuJC1lM3sF?|ra(;Jnp@wWE`Kx3@s6y34|6u>>bvnWZ`$tbS?_V87|NAyL
zAEz5hyXi4A;ZsBv<ZMGdzbT^a{hMX%eIZ+(Bwd*KGN=RRTm`b~r;x)_>@3n{z)gTD
z7?UuNw#`<dd=HczX^NVqScbx63I-H~1O^v)L?Ok90rgr)fOrqW^uxA1CiWN-fH)GL
zn6!$v7QyU+Ry>jBk8JOdL+YGN#w6HgJJNb12?rsbVdDZIRu|J5n4uY=b2)GSFbBps
zQwMf(t(cnc0oay%R)jG;3g@~<vn7OHc(EOY2E6YC=%K@=GdY&uA0J-6uRCH;C_TlM
zdCKPwW-LLhbJ#tutDRA4|I~F4j*kunH`#Qi98}$<c=|eTXQ5fl=R#Z_<Yzgdm`3II
zdK9M%ZU%)jgA5tN|3MentoG%8U#4jw5T7+Cwap~3@>x7qt3kb}mLEh>ZH&nRz!%GB
zmg@PGC9j$8a0NMaDAo)~N$P>_Tb!<qv$twk2{o9vSGTl=$y#b_)3Z!}atg;|?5FnY
zV#f>t2qv7oHBlMB{1OujnL#nJ$dghOjy;Aa5egKIh;lp@vrcyG>Hw<3CX_UyL#e|1
zIGzes_3IQ#fww%$m5zVS6f#*3sH!OP5d##e8dIn`P%RZ+XGg$AG$j%v2(nv}+hd0%
zyOC4K-JR<)P84Al_LL3kA90AJiO|pL$klCRozU6^D<S=i=B2>y(YzF(RlX8t|0Dx>
zQca>eFIhuZPC}N6BIUF*9A4-SV_-A~6#bSU#brK4GXQP=EwN4YxAw7`vSx@+Nx;mk
zm9{u*O?iW9n6_5@F#Rm|R-MM*pa-J2kuEUHT#_;XMQ25eD+7vWkj``dL9u%4j&%L9
zT{sfcAF?C2Z8R}2cfkxY>HHER7>Iw{?RKg_b;zYET8hk3KxKqWzd*N?T!jD}{Tun(
zPp>b(U&45Wokk|6Qa`uh==P_Lz0jSeCGq5^5$rE&j^1)|P3fE(UbziYBIAiS9YNWS
ztQB&0c%>aT3WWB+@1Aktko(Kh-jg;TO|;AbAh+t$FS49`Q!F!^r=l{OGr2VB{%ybA
zJ^rq}*WT;wAA(tMl&a4Xaw=GCG^8p$gK??)Ooc&hca?QQk=<9<w`V=@zEmvrZhLh{
z7mfw<hkYr*HBIBvQOy;gGyQg9Bfz%W`%tk`a?B8#+JR2dof7$4XTLWL$)jgBkv&el
z5%Pp}ivn*<$;^`{NS-t^Ju!z$Ul~oAmjMzqW^5~A#zLt$b84+F9R_;?F)1Z<p)?c-
z&6;)|VIGVY>VtJWmXsfw^kkFBJV+<WOiYkzSebmE59=~*R$rBmtL?X_C|7P;Hpnc%
zflgRSAV3aoM(VFH6jpoY9H>1%LNgzlogs?~PGQ8Lngv5LvC-!NFD6B$i(udsOMpT)
z$k;Sge>4ybm4Q>%Ku|LlO(Fm}ke*XuL<l#Pwdt;mcU2|*8-UsTPT;&#U)pTi1HWfq
z#lQc*&Im^xHg(=2e@Z~>lmJGAk%FU1yXC|}Xhh)Sr$%hZ22O4WHEg6BI=97m(D&u|
z-j@)YVs6}d+RWDfG@%!43xh+<UDz_e8HyO@_yO52h&v^1^I-%Y3B3m}B+;a@aq={K
z0i(+}kc-}_Y`&ayjZo$WN$NW$7OEeRFE<sZs9dsBPlN_T*KFBV;I&=;n&B;ahZ#+a
zfVO>19LQ^y+Ns%r#0VK5`zRQtAH?LSc0F_mi2|L8rkvA&PYGkDjB}nVH&E0XBv)#R
zCsP0)AP#jl7!CXHBvGIvq^9W93%A7nNu6L}#I4N)xwkMzP`XA)NmjO68HL7)sdU2B
z>`0gO)|yzOs^+cSt97_3=U0cH@??qdTHN~YpM<%1J4HbL$ea?C%dW<$cP$+pO@PY-
zt6M39ba~)1>{-IA*m4EHYD79ZEZlX*9))Mo!!M9B9it@sQ%#;_jx{RQCy=63VzNXe
z&^rRwHjs_Q^3YamvLCOnx6-*nx}fwxYXoV_vca<2`MC13hV(Cs4ujcDVXbe|R*KfK
z{0>~PNjYNrmyP&Z<-@4oZ;qadO_yvXp#qQ6SUSrn*ITZp$abRqNaXR0I`!8kkBT|i
z$;TsAb&IskY7olrjj<`a&7jH@u#TyV)kbs$+cLBCH3;zoiV$PFfFc-R@l$8Df|Mt*
z4h-8wEJOC*;Pg_Io<`>>be&fg5Q~5uOAVZXD3ae0bv}ZMg@4M32Jpp<h+%k&LO35H
zpF{zZO9Ko;5Qvw6>9^83!>-!^dW<M0fq^@af2{?O;~63eHxO^tpKE~}LmVa)-A*ZD
zQxXQ?NA&{m^vx<@St6qcGO$DSVj<Wq;J(bw33|I%t(|f`*8>N8YHG0g-UD6r)@5D~
z9Lcx&_V>WCG6QoB=z(r&vr};|6<GJ{Y7(2nu$;)cm7Bm{D74FiY#_GF18pd{%L8sG
zx+Q>R2!Q=|Dd9bOcG=Ymx>R!QZ>!0z1ARHEwW}_My-;G81J^)Wmjl>PQkMhTP)Z9x
zm9?F|t2DXS*RS0Q8SNe|C8Ww$x^QOxzTTj6Udm&<EK`LF)>jr8iLz6&A~?M>Q-%7*
z)!`a<PO~qA+y%G*`_LYT8n-hxm%(fUtHc}PG4khrh<+mEo|SF>6%>G6G^w*?l-n;K
zp)sLItW@DxELk<}*<5cU%V;XWW)d!#vqfdo%7giawyYI!?2}oX$jDor#i3I%HR#W6
zg-5P()0Y}~BNkQ7?FPPSR9ib7C`9rd3XB)RMiKdOlEWh2G)Ez4yEL_{7}AOz=|-o)
zWD>uqM)bh`(eWkL@BBCsFZO1p+XJz1Oep4au>#`g1K-3tg=v`b75c!-dpnj&O%~L+
z3$vo3&9`Y=3}(#UQj)|#{rCJdWphldc+`BgD)T`@6PkCgo30l1Q2c!COUo}{Vx~44
zv9l5^O`;PO>@5FdaW$=Coh+BasN!%6+U9YNt|?*sB*c&*=X}QOcf}-N<|J1ZQb20@
zz$cN9V$M1`dlK^^#2*R0$I+w%gTO-(rx?kzKhZyk`<_6+yhqHZ@~5Y9bxgx8A}e<>
zM42mv$xd4#Y1b53X)8=;79G04wiPy`f$!LaXe4EBL^dtwgMNVy@opnDoDceS_;os=
zOBe$(wv!75sk^(CNTwEBnB^KO-8-`L4OzeQZL-8E-6+cC8LCi17mM2>g|w~_DVRD$
zHu)M`K6}z~DD#Pws_>3g&K{WxgjaA4KwS#NvX~qCo%V(<l*W`6!v+}{b9J0Fg*15I
zOs{5R+Ml8zk%>*vgF3tHK$)XKj^&61sPhU(98vkVp~r(!;K7LF^o`9Xr~TCqGlHQU
zH{_O$>kr7X0wa1rP+4hp3M_dMdWv?4{}u=qFLTsZoD3FAw)s3pWxZV1A|MKHu$$9^
zMFF?wK(mDGdo-`4TIw+A{FugOG$PqxKU2AY<?nl$Ez#{aw2wUaA1{J4<Q(DOmu6P1
zX@pMpRNoF=$TX!P`^(y*dm?j7@PKMcxA<z`ZkXx9s`CvaC8l|GvlCD<Jxh}^H69?&
zim^B}77T3d*<Cp=?A9y7U46=2)t7}#6!IJg^VhOF(kWTjshq9^;2{c;&j|%rsSwo8
z_e*osTHs23!X!e$R9mAMGAe21But}hZ>`_Y(D}kj=dz<SB2wZlx++DMlbD2LG9Shi
z!Jtnf#;JfQTB5!H^$FPDM9bvtm$m{hRSGJ<gE>jEV|O?s(ZuX*d4bH6$=cwoJfo!|
z^QI|3goPXu7_g4utN4#++T<yk#45~C-g#Ag=Z%S+5n0B!3Z7JQF{YTvWl{(klSjJ)
z{RXH+=2iv|1pVnk)4Kq$(pu58C884TJBDN?w~!+mL5@KBc~@q32Q9`4y>Bg*nN8*e
z!J;cY-KEybcb0@4$071kOxbG6p{=q79MKt$q@2E`&_@Gje>&Z#F1NoTgaQ>6uc06?
z5kO=<*d>QnQItBbEaE&ecEzNQ?#k9CaR50Qatb+`%nMeBv7_u&6VrvIb<hMTB{C)8
zJNb4IbX^!I7`g38%RPTpUiu{B0*4R`3vcI@Lg?w%;mnJ{ZB5TIjBf0PshtP=O{IpG
zE&(bq>Qconm1ICvegh#^4nHsmu)bOA!LHb3!_N-Y%44qgSy3fdA+MIQT=<xUsgfLq
z1LR9TpdhfZ>GyWVSiMrM#|wTGy3fhfXiyZKfW+*fQ$A+#HS&~2CjYd)=ROUrtd}Yw
zXI3Chs%;!mQ*`2si$`v?+PO-4pu2x?nCdk{cop-6ZPU*flw+azx;+1MmP<p!t5?9q
zQs81hywt_Ez`{|&<|FbUd!PC4ybj3gUGO@s`}$u7XAWVlBo9b1jFDe0$)><^VykP_
zo_v^O>_u<&tz4@060z6$+NEB$(tZy$Os#@*3pSmC=X|gLYSR?*u79|d48D*q$2j^5
z3t3&;C!JVh!jS6(>`w_{Izjyi@kfLr@LvaedwYA{!Ty`$H~+nWbYTe>lKrG;bGEL5
z)qKrgvW2VPbzTV`%e76OH7QMH?5SLTnilz{)4))MDS_;TTyyB8FjEAB5HV&th?RNA
zr&W8hqD`drX(35VZgT2sPB24ZE3giqn4y1wA&h+4><a<|Fw%d6^MOhnoe927L3Ux)
zd7p+EAeHXH{^(ZaMBY0|g#sjzw9PgsA_laK@bOF&Y{s}vZO|9!g93T0B8qiJY;z`~
z!sYY{>-j+K3(*IoYE07_7}xSx-?P$eWk$BlW9At`+_uT&&yrT1=2wyADUv)K+l?=6
zORBb(5R##UegmTklG7SRj3J$=4N{~$)Xk#b^gm{fTo`m~u_j%A_#sIGPkX&nZ;UB=
zgkjiuMG@l^``puD#41lT#W2t-89lFFfvVP~L)`=2y|((_UT6QXO2(YJYNlKuZDMj0
z3j9n?k2z&-{K1=Pfecy$)C@6(NtEtc4b|W7CYCi7>Uz5}q-2CZOK7~7(3!2il)>{s
zI=0To)=PPH8bf{}<5lz!O1%@Zdl#sRpEc)4ayd<c%_@usOnCxB564VypXd)lkUn7K
z1bgK8<7oJXJXOxgV!)(kv<^&6&7WM2H0-JjkhOE^Yv%Us7^}Q%(ZSwcO@lPdI*Tec
zcd%7iRaSv2%gQQ}KjALHDD$S+Xq6}U;FrE5=Y^B#1$a%|YY6eIGz@d_OJ8r+xZ}yH
zS2K6mxMpIxH-LO9y+&fFGu-K9A4b|`DHH&h#iPmX*-9t){FMxjsHQkeQ_3_TnkA!@
zWR{H7SR^WF(4w9bg$i(Dfa+Y6I06BBuwzA(-;uDU2ERyYH#<gogG#%(jTHTjc<fvt
zD7sGH9tf=K11n@pwZzg>0UF~71-s6rf@<UHzwB54ZPn4YIkdc1S+!Pc7d%d}KQ(vB
zFc8c|pZF?DOAJD_HZ$;&NK*l}EyuJSp<6YoC<((|5Rn2pxw-<FWqLqv)=RVBq?a>}
zZYg#|+W>4&;(Z|W{jbAaovD_J4$C0D{rPNHd<OpmT*oLHa_HZ?_g59~VO-R8YF54^
z0a878qTDgXi+sO1U8Stttg<ovJ#d3y@GHd}T}OTsWgzp~*g|uorlQ5@Ma>@g?k#T8
z&Ki?mPUx;iYi7UO2=uwgMRq(=0@iV^SjZT2?vftBWU1Y3Rhhq-QwS|)>X1xkEU&t<
zDxKT(!Ad4+5{veruxB(F$2~Bc3tP~g$(*B^MGX@JU)g2GHB@xJR0qmzwqa+5CG@I9
zCi2unENDy=pPhhgo8;4S=QBF%VO>lhZKo~H=XSOd8kgJ?0D~-rvXdG`xn#@aC@h2z
zs4ORns9ufDPM>ULY_4O6<@}h{%{wnUNSdddC?b2wK9OhTW&%1hPCs`@XJvaf6xUhS
zvc-{|l~ipiyt4sW6#<?OY0nwu=^*|BLOnAUe(k}Y4rf=6_$=c`Q#6|j{H#H-M)YS5
z)U`rDYv8UO2U-LB4<8Jgvnf`N2whI1pDHl44#_&vp>=TA3lXh@yndW$9rQnbu&C4e
z6(dHMlk2Al9IZyMdh}>D%ymLYtD&wNM_LW}4<AhG+K|s5QCfokxx-3JNO->3(wuRy
zD8RHtUp#4uslD!gz97@wys~1X>9RJ%x&fza<7*suT8Zh86M5?JYR&M|MX>(RF{rss
zf{g~EHiP|{qEQ{<Dne4Tf%N4Er54(=naI>KZZwTeEs*p%0#w}@bjc{y+SXUZsk*yg
z&HT7rK}$EgYN9#wN~>|qYHgFMqgM0yRtQ~Pgt;zwwSc}dCevZ%pEriJ*k5<U0E=
zgtC@wy??>MtnNYJ;)vGzhCO#o>murNfvq{>zpT*KMQtg@x0W{N%Z+e#XSYRRt~mqh
zCD64b(6t~kO`=`bWbB&pt`5l!gI=FT6jly<%{AdA_I35xSJ%{7DFC+KG+Y=0>u%6~
zwQ;bnOfDM?>)LQ%O*pL6=mjycSreN@#n!>D42>;E@<$GiE&8xLS%hrK*5pz#vQ?yR
zEKt@NMNLCxUH!98ylg4@KSji>!^3sMX3N?5<p<6d#e1FT*;-kyi=VYr;0h76?r7L(
z7;P!&uPBzbl>V<jptiJGUqDoCDP2o%$u1pSTZ;B2!gc|J{<LAX3&rIn)^<a&wpDVs
zY`|@;Zm12pEv4Wk?somS+a`?tT7z#bJ8q5eTX&nLQ4DT|c>O5cYV=POid%{Bi;u^x
zr2GpG%B`k(smR=%#J$AkK3{BZWe+}YfNr%QZ9Gc1y2YCe)vd&`Uc7EKpZ*9zyOpim
zSmdtuThhx6YX?`9Itc>fCl!kV!XSC|YAdqqxUsm-r~H&^T&_}BW+Nu=@m&RPhJ;nk
z7Qs~tT$KgeF_rsIC^7qAwV)$7Lo9}VcKrAcGWs|2`M<y=i7+QrNKINQ?K~}^Z80ga
z^tjT@qB7!HtVaVBadYEtM%e2NV7md0(#x`jx>!aatW4J+rAwYswoNx_^p#%vxy_0K
zC#|s{$>@PuO0%=+QmAMR3>$;Rho-RYDyfZm9trz{ftw^m*5&H*rF@sSA>D4VOPVWf
z)#Pv;h4UXNndJpm*8nsLwUhh|-q+;&mX?5;La?Ymrep?WU_Hlv5<&_H#S<L0*QK*Y
z`mZWPUeS+Py8PxulUkLZNi?agZgEx+Dx?vMzoyx`J|%9O?X2C>(lIn30sCytQ=8Lk
zH%td}h!R=D^c>+R%2MxqrxDJ;DMMyVnG$8-4%Rw_;0{~e!t{&&QLPh75Eb--i$Zl@
z9z#(x=z1ms+Zwa13bVz02eT)Ktn&(_2Q1Y*F;Bsu$bC<nhSH-Q@z~T9ZHpSovdxaQ
zHJNm=$RhWjLYdXj`=lBz*R*F;YBeq1yk^@#GnZCwH4R)(!{r-eE4gZ<FPbigx&MW0
zy2>SqC1U}K=6w=HYAM8S$(cT{Fxm~}m0N%!vA!S)pAflGp$<003x)%v!gbU!!7e}_
zd=#s7`RUaVY|CTJql29~6W=Cp2{{)OrmLxf-3m@oBt1<`OVzHvYO5a2n1P6J;FDPl
zxzx)tF^*g+Yo?goNovScGB39zu(p}Ce4)H}<xe^DqNN3k6K6GDBUJSwwOF9?;^eHD
z^)|r((HWLo*DSwmKF>L3WS@KDv)Y-l>i0l@3Zsb<AMz;E!9)R=$Ur;2rx|Da6srC<
z+fmz_F~JcRe{lj{XQ5s?!0t65k@7GU>Q1cQi|8GBEPO6b`F88nxbUayRBo9DG+6x?
zX^~sXZHgwCaXQa&T9@}?t7~KhU@A0(9utP;hH`WGrb;6W98Ma87G<~bY?g4zeGVr~
zo_12?li5rrz}jhqG{6(Ycw@Y}xIXoJgmb{AaR2DI2VuM2Zi7LHAVWfF2)V_Ul<%rT
ze7>uU0~7x(;cz%<L~NY8VKpXLRMGmdF$$G3iY<qOsY>Zaf%JpY_Jb0$9tenkk7yec
z{oaU2513;Q{jbNSC{!mO98P+m+w}r8!Z7l>U5_5B^aQFe(#`7F@=-e<UlA@H@T2sE
zro>4KMgYomXJnlDx#`xYR+-_(EMZ)p{lF-ZP?SeNV1&WhtZH-?S|6G#+M}KIVu~N2
z40%_a>=+DZncttXd@}l-Nn$p?(N%v&b5-C9y8GaE)ztGWCjrkH$6plCLNNbg`AiA6
zX>5QXZQl|oOr0fz>8<@X8`bNIaBp?aC@rcfd5p|FBKNq*Bn%K0MoT~<dD6Eyu3AAA
z-6#wl0cwOo@>s&1rm!m6yF!q+JF7N}^tR%<_gow0noki01J^7uzJ}2E<*{h)z(^e}
zx3@N!=gl}XXp9|Ue&}~6>XmDIxZm1J?WDd>;xExSGB!;)DQ}6DkU)Vbvn_JCWZuwQ
zt=x>P<<J-onG;YUM+|W(Q<_%H<e~pAfC><1V1gn<rTR?L!%Z=DlSpk&w8u#p%EC_6
zOPYZ+7buXUTjn$ozg${x$vuixR3ejkPxMiEfp@APiL~2?(_XFib#?~jWTTIEB|pVH
zFQb@D!!XN(2#DlTgw*ap!VviRI|fb$=V?G#O#@O7it6UuN0fz?1}r(WbkS7Bn2QF>
z)-ym!s1A5@HLX*+5%i6)s#@SiR1$I_e*A!=Krm=qs6tFlT>o$&SR$5jD#7gt`n_6_
zm3ZW`$t(kJemLo?g_Ho5M&o9QNU2#x>FE*1SS}0lZtO<Ll)|>uxm6|&ZjpaKAUevI
zm>2@gix9Jv#flU$;pWq&C|jn9;z@m~l$|Fdywb!T`kmD=F^f&V{5nNaCyJ>;y-_~n
zy0Tt=gI`Z>uFkLC_KM%+WP@Ugd}9h(u4oV4_I?-0oi%9yClP#rIMnMU`S~dQEIK=8
zaj~x*6@IDDFKs1moxo*{%pZ!%L`nc!$BWW~kMe9<sabLvXt{-!lQlktd#2&mt+Mg}
z)3sGYkfjSN7pPbwHG;PETFS+vmqd9Fr)OF!xwKddq()7zS{)UknpHrWp=8r5ALH=l
zSz@VIKYQ(Nx9zNe_V-^_K+m%R$_a#;LX8$Wm9AcP^pT!ob@7rlk(Dj{k&*<l2!(0i
z-<iIDB|t_KFG7!=hUGnA=s{2MN+t&1vi1cp9UTZjJh?L)lh$nXTY`khwT5RGXZ>3c
zv;!yuw7|(wcHS=NpA65yuRon#2?##qFeH=q6tWcBo#+W1q6ykgtM7u>{p+i%v;OVt
z9dMhgY*BK@@PDjoJK*eMcn0>s+106_KzzL$&Be^|<IVMD1rQ)z*{NLeNZN%Zg(I;2
z+8By^uXjQEM_2q|`1^Xtn$TxCmSuaVy{+7KXu@PrSL@>BhqH@T{%e4kPjRgCtlL@k
z4b3eVN7m3vOm9!#y**oiX^8(*z$7>!A*X56UHQl#1EkZWodW)B*}U(Aib)kPgq9Y4
z3$K^rtqOH4%_(mp^agM5&i?n{`sViR=I-=-c=E%=+1=^ck0<XgZtpJ7Zg0-}!<54&
z<Ge7f7o?o8Z@802{8>`Ay<&*Vpp*O;8DIfDcl}(@Xbsc4t=;OTc(dJrp__+jS+t;h
zW1<-WS0uV2gl~oh4XoMzMUzZ*z=3No2peX-U(}ATG5@{k*p*Y?*E6L7u1)2?FNeNH
z>icqlYh}GJ2f22_`*N_KC)fS+r2{vurmJVUUqN{36Q#PZfWJ<b`wEcjCAhBux_)l^
z3c!E-wDzXqD`vD`L580qt$iu%)ic_cf?Fq<eJQ|o^VpXH{VXZ$yU&=y-d)!}Yxa5<
z^>Zh#cd<WT&iaD&t&&@qxReFTz!b|)WOZ%|*RHmbQ<zmg_*?h8H;vYB&w0q5O%yBU
zsjt<T3s9x)bMwY$Xjj6w!pZk=g*-B;x^nWo)QeHN`P(S*OI~v7u&<lWWHV9oCQ{Us
zd7Q{&<l)$ZDkX&7%(|>7`IhC=5A;<kGQ9_v&k`^pyG~+&m;{0Wlq6B$Q8L15Na`;-
zgQ!VAVEELOBi0x*Jn7hNY?2lr-&XrzG<7X4WP!=#Nnf7f1(^9lH_CP!5kyfSeGqM;
z?DJIPcASC}O=CWVvAqpdEE3DCS*?#BL0j>#T|X2)ebU>A7U9=1qL62Yw>nC$b^z)!
z3&x=?mD+sz;5Uco#;90nJcu^qXp(YHXAdZnYqPRE(ypGUEIu&{a>yNk7bx7;(_ETJ
z>;|cGs}zJ2MxCNqJhTi|GG)#K48ghi0l5x3Hyp`Q;41+M$`4qq4OX8}L|7*i9gk=x
zc19r?b!Jc|Z8;@=GD8v9sdHo8o&~SUB-aqxyjhA;W7nF0)m<{Gby7>nQZk}A3Q&0#
zktb}HLuB)|>3C7gwZi1omu|nxCq%}6Fp`(7ERl**8Ylpxxh3s3d6n_qRXjJLEY{$`
z5#ul_#^f$yb$XZW6jEM#k8QCNURm$*x&$-`?5=1QMUrHhi{(cBR@<CP1;=qH^LsOS
zFu=^sMMkf<p)4t+lKeXr=+)~Ri-=46O#@PJG(jxShXUB<6irD)s7?)F4y5gO=}CHe
zT$2s8vSDD=T}q+;n~Y?wf{U1ng3|s|9MTEmSr#(o@C4N=;@@PXeZnGpqO++pSTd(C
z6WpJczmc&hM2;(!enS-$bS=tRunQR3RVjzn(bBF;mm;f)u^gZn$uuaSZInNupxqY(
zqyB`qT3x+TOC@6|OQNMNN!<uyr*T!&u3IWU?ZP~Zat6%G6Kf7_-Nc%s;3+58992tc
z=^U9G)zUe-lxJEFp(_Cr$|bx<fXOW!>B*~eY^(d*jdz>$n@lJbX1J9h(%6EjmM_E&
z!4L^U@~32iZn9hDFW|(E20|ZV+5_?A&boO1E`*bh8vggf4vi^}_!zYQ!i=v%3vA=a
z50e0aR;g2G3$%BHW%>zpz`^m}9{6w2wegO{^w6EzufnoeC59dlmFB%qF~>d(?e7J1
zJFVv&q+4y1Qv2~ESV%qi^vUsfVjzT*iLhHoa{)l`<y)mfK7DG5(o>R9JJ?e<Aeqe|
zo%h^W%#5Dp0qfI2<5l?0%VVBwcy!eL6*3$A47UHxNVFjwdwY9($A^dV-@U!P+`rwu
zHwOpbbPo^qkN1y{y2ssb_PR&i?*2DmZ$tQNpM-Hpzu8+GSH5vy$@6gwfY!IF&s#mv
z5)*c>(-FPzX-Ob-(osKOwRS~uK97+ot9Ap_yO@euoMXgVJ@8SEw-%)S6m#VBgrfAV
zRiAN+qlv7q-eVrh57xMMV5B9-gw9&(geQGxsV@Pec+HMX0Tz-7smpdOjq+Yio}YF#
z-3gzT(QCEWrS~M^QxtKdpByW{p6C*`$@j|O(0q_?4$gOrs1YF{f*Bf@GJU-C&z2eI
z|7-zy7lWANsaq+}KzT`rOt-+;BcW+_%L-s^6-x4m8QKLD%?L*(Nq{jNMj`R<wNJbB
zZY>gFF)4lhDJzkp9%!Pf*pid2oP3!U8GCFM{+wE-8Uz$Z0hxjBo+s9Z(3cmOgz*$c
z$qZ5K14R(PX)MTc?M}VsR%&lHp0qD!3a+k&w%1;+o?cfNU)La^CSIj0-J9hJ7XD8f
zg_BXRT(d<lNb6!V&0g54B~2D}R&TD3nU_FhDv2p%zz&rog<QF{U9@m~Y;;`YSfJYf
z1&s<zhrip9q}YaLV{wrTGI>pAFw*e|22i`QRnGe<4gwVA8UR2`PGPDIW(sov%5Ila
zmOJHIMLsQJ-{$n`s=RzM$@vUC-m?ESW`&iMv59q2Wg0O2pB06?kiT*$Ks90;MNuGa
zkQNJZknc(L?h*^WcFVrN4=w4YS@P{>>tG7Pl7gFFiqB$~L<(fpj-%^(vDwa}zBb
zcdur}rL`-%D@Sx4Ecs1cE?#(FF93D@y0~v$W?rhh+I1e;VnIg`_NqQhY1rR8{H~&a
z5s6FOateIP4M;yuJ|i#sgLfNZ#9mba!-!dq4@)Q=O9eL>Hf7Rn4W&$-pCS%%$QG+B
zy>+_Q^2I{DtbLGW>8hdtM;uM^8ZD(jrq@nEeCbn6A-}*n6U{0;SH+WjkIK9b*|ko!
zhCw0Yk((yS<Z#b290?2JCZFAC(d=S&X`h*4nL0@)pVV1Gd*(C{dACJd;{TtT?Q&ZC
zf9C9mb*`>&&xUROfp2DyX~F*A{^6T$asRLTvj6uSPyeTrn_F;oa(UJRA3y2?ytZ7|
zeEPJdzW#D{Gd#b(vJ3no#vX}8nUlewti(wiTZOj%`d1U%Jd!s^NEfNcDGqfeJW&T=
z21ZC&^#O`QGDiXU>tDCFK7RCsnQuIM0t_b+VI2FHB*;$pK7HD{O#z8T_6VUU1B4@x
zRRlAcc=sd>b<7T!!Uv>ls5=b;>ELJ*aERY2O!9!}BgLGfNM^q4ZEaas*-2`1CnY=%
z_2#;^FTi$yeQu_Ns-_vtEgibn0^ja{-$8_<KydF+v>5<MCv2l=1;ARITW|G+TIQli
znb~7B2k3*mDJPmpmfR;J<ns_r5LYEUFFO+zf}#&M+u8Z(r%%8O0gU6e>)mGjHNMYR
zljNLasYqiIfH_IPBUIBsfJVv0A<d>tylhAn$Kb!jC;`_$g4>_Yz~K7yzk%n04vBf{
z{h_8UX5CZLK@q2OIV-i<6m&*7>Wm<pZf%`MfY3ngs~96qkA>8a*94YnxVjNKGk}q}
zEvfXEq+>y8nnZ0uq>w5UGR0<li%OjntL<GBfCsEDfpU%sGkA^{o<1nl`(9%bhU8I<
z`O_;EZ_QMiUoo<9<lG3Yn_7XxTsQ6>NVcoGw9OuT<D%LQi4Q}4%|=Jwvti}HOf?Yt
zEgdqpf#w?7l2tWiS|;h*q^9@6I+UVFYD4+^TeX8HBS(ARmlBk2u}UILTZP`)jtB?a
zXcqIi4QOWvY)8leox*GFWGqVfv|T*MkfhxbsTJgiwfBxPIDjUR?r&uWfx-3g_U+Bt
z@b2XF^8D&<a55bJdVO>H{kPk;qEUG#nhokoVKs>mw5WOn{F{+T80X)&KFSL<(u*fO
zL;t51_#KQOL&t}}3wCPS`0=B|yHB6$8vD7MS=Bm6Gt@QJL_}C!`_;7m<3}J9)zZ1O
zv7UkPvUl4nkCz?r=~Fp(^)S9AW`v8WLh8fx6ow{wE$Yq+hH0W)Lk|vpOC#_+Is=}^
z`5bsy{DtIf^!@8A^nmE=hSR3XR8rLm@}uFuhoXn?TZ6Y*pBKcS1^%g5I-X~YBhLdd
z`z-{XHzllc0xF*zfcFkG5mDd;K<mXa;OR+?0$M?WTgn<gsf$w9>%fbfPo=7>|65<M
zdp?#1kd>Z2vnP}jxv)QWW%7OPNHv9A)-mQqYel1`C9Le!sDTdzD+?M?Ds{WO3Rlfv
z^1wu<jXpmGmfODRrv`}-K7ING0)kXBYI#XhtA4OZv!W#Zwq;h8j3m}e=YLHU1Fb84
z*>9^rxO026=^L%quC7nd?#>4}Wu~q=Xf~W&9fdiXv48CStIas%32Q@h(W!W+|M=9}
zDUdL@zPZg2u?l(?BVWZ;2z=)L<4>(LkY~BUsOYrDf2&LZ*kk=$%~0TZvT@(0t@~mJ
zwl#4&0%c!3+eoPNVCP^4=YWf`48a&Zf*FnyZiT5icOIV)^g(u-a;}~3A^j@vJCi=q
zQkvA#7QA-m-G`>jrN`y^{<SkshG#dwocBwHN@M&>&H|p<`jQrl_&=3fj@x3@`vI8o
zW#5}?uAl&WJF?St-|KD`tAN%D0-d$o$aM1s)z>ES>5cUbm8cN}(PVE-=p&>-GihKC
zerGv}Xw3Cq^ZxlCON&Ey|4n<Zz1Qx3v3<Lwoni?^UOvh|JirhKkRv4>0*Gf8s5wLS
z5z+`p6V|3A3~@BMg_BIGlnJ_0)ry4hg6hw`al4_XbpQWuiozIC*5+}z0UY)F{|5(q
z-Q(Q;|FQV|vj6`K&&Q9Qzk&xm>&bM@V;mx(bibbow)j)j1ApzPA=>%tRvJKK6p_%H
zbMRXNLv@W4jAIqIR7k9)u8LC!X>99P1UOA1x#I~rI6jcu_6&@W4-<v}BQs>@%vCTk
z3ImmdRR+(S>((&?+aq-yrQSjm*1IrHciLN$dNJ%(1k?iE?`8X6jraQ0R-b1FeEg+h
ztVe#@lg<2Hu|_aO{KT_iG9Kd(pyg%sNrmiL$QLi{Jxk~2f3MlQ*)>_3H|z`R=<+RB
z!-X|E&bf29dGD36-A*3z<NrFnDkQ4cLnxmuVIhn4VR?>Y%|-@$@Y@DqDZ{3r&9HjA
zYNwVt>+q&T0H1|Twp^{ws)_@F71(uyctRs{VQ`FSG5@pxUfU+UC8rut&@1Yiep5)F
zCd$8V2;q5?t2GJ92!`2f_4m#S)El3OhOKZ?Rj=I|2in@L%9;SS%dhmPyi{nXw$T;F
z>e|h(GJ@A-#HmdG4bErkYI>bMUL~7W0k4ZC)ymAhsGYH0)NZZ#Q=VkI(p%p93z)LA
zI#<%E6_&f**D@nJ#ItM|mx8ucT%OIDI<^(lv`VEV;+*~!i&t77wT!T%P8u*HTfsJG
zMv9_2Gtw#!Gb~iaQl(rf!l~ra+x#h;I>xG>rtG7x<_wWL>NuL{@mOl<w!k)z!zCeo
zyHn4wTyd`n<|cS50W~oAn)i&gJV=iR!9AKUvLp(D7(b)A(_Mrv$>%!W*h`0nlAz@0
zXEbLObQ*B03dmvvx-SiaQn^_S#cN9E8dT+Rw8{jc<<_%>Dle%u^_vN#jAmRy6lM7@
zS_tzLZczLRpqCW9Lj9FRZXqSLLQ~?Q&|G3<7P;mEBZ_|pc_GxeT9mG;EU%`W9k7jl
zTU^ZXVyf%6GC;*)({7+0mXiA%qiqs5Ao_Xemb^8U{yYe8846dSM~iQxF|n#6&tmCP
z?mbJ1R}+iESj04uOoztnN$ss!>F><ldv$|Ul~Du98KJVJn;fRD)Jy6cx7AwkJK0F<
zty}w?sgZr_=7h8o1U0h#D{C)Y6XlOLt06oEqnzEUuZL;Q9_t#MGqYRCo~o0tLthqh
z3DstIvyD;(VFu&MRhB7f220=6XtuzquHI~!<7OUQX47^BMU`@+Qdd>&ZcC3a?XzYj
zN^H~x5^~BHrxT=3x0IaQZKmV%U*pM7BiOf#?5LSxVW;eXN);F`wazbL5&FPoR?rPd
ztpU|vT6)j&HCL13BAABKY$$(9u`cNY84RiyWSi&+N4M4V#=0D+JYsmh0bS0mB}R5Z
zRth7$C}nmH(?7K%xPWBsk-Pz3I#Ra|LmhEz!qw6_xSXwPvI$s6eRj@Nmb-{t<w@NF
z4J<-^`EsRBE5AWJ8*b^5<1#10Wmkol>$A+8OaEv!0<wyrWfCT1q*0)x$d2b~EJG54
z)Ajw!swMxb(`*B)XZa<DQRlg2O(wK%8MQ4y1f#aDnrnZa_FUl<%~BI)6_AG0rKs-d
z%A1=ci$ZsMF;rR0RRpcjV;83<13N;kj;~<=<2Db|`>BgI+&zwhbC#y|Ncm)H?l?>L
z!q)}bJdZ`H!y=0O8#@GfMWM{@6O{4DCiY;VHqY*|>8lzU%a)J)^T6+h*`*?4IfiOR
z%J|uMa)+59X5P$A^>^@FLO9ays;yuoNcg^yGirX%%w;}cEc6lORj_!-`Y3hBWh}f$
z^95zqMxJql)vn#%)b`Ac?eLY{1wQU7`J)vww?6OcSs^(4gzRX2v|NDKVMpc+?D&S8
z*rS|BiG3%$Wa2-7H+F-WZGYBT+-axk9tGfE;P>Bkm6GCa(M8U3WESHP0T_nBcn|{|
z$<$>GN0ShN8Db1h(5}=ez9=|`IIN#p@*dCWVAjBx7|PODq4W!kWm5L+UFkS>kw`V>
zOuv_iPf6fR0PACkSzHZKm?I?N*2`A0?V{kn364PPpHa&y>ZLB^<E*TgbHMs%^vlV`
zyR#wq<>cc0^yK#Z`l|QONX)lsmEUFmG*H^V=$7f!vR1xFxf2D>$3RXE2@Qct{V2oW
zWGp)fNc5V62&s2~@Tt6diE}AI^1jXh#!CoEb^lc?k0fnIRTQ?nol*%6cWS0oVW%Rx
zqo&o2z+T$?U0{`ybK~Dh0(_Z*T>2Z22%m!YruchF=X<NpdjNTMaT3Qf9k8TRiNusV
z-~a&#k_i8nAn*w1IxoD=r6bG_RpnCMIWZ;zq`8*h@$u2#r6hEsua;8D<2x|nQ%}+}
z<+E^oxfl!wwt;l>!%5$=&dqC1$T9*ThgQ{En8jvg<1BpX2>SX%q4%;nyTB?ZxmZCl
zE;KET1eJ@~p$t5GB=o+fGwQDRib;t5c_$`8cA>X^_eyjUq4+;Iny7aevF6@JF%%1G
zeP;lo$_Kt)OQ$nuiP<maVVH387Db54)qIIbUNvJ0{H!BD_%`^0X-`c~!<L`}k5%pv
zLAbg#gk>cjh2oKRc?43k+9p=u{L$3>y&;KzVNDK{>$rT6=FK^sKUUr_v+r&2&W1%f
zqkq=4ug2`3(foP&-9K4Iuuq;+w0*chvYWFb&({7)%GK35b#u{>OE(vlEb?hspk&2n
zl|Wiz14sy>Pf>s(Vb-z@oFCtYtmFvUo^OgW;!HcHv-C(}=E!*E6XUgHeOT`p*+}01
z!aOO_OL-CIb^<dkb7DG4FNJV4QQc_qtU}|kYK`M^yKXD-b4R1SJkR}<#($y@oI+2m
zGuv}GTRQ}_KK^rWuX}uykN-S8IC_cye2zz2IWpOS(HgSzPi5Xjxhv>-WkD4Sa|^l|
z1l|3f&)w*kCw)rCzrIIVEwDT!6J4yK2^Nh1{lho8@xQ-!ba?zS{-5J1vEg*@4`lCW
zJ4M#PUao|ckDDY!tR0|e-cL_^*eyBxARRBm26gon{o=P&7%;{<gKV!Xd6^GmIKm<3
zxBxY)sgE}9aTN5xm0f6ShByo$hrKOzk)lLmdss-)n%>&C<=n<tm5OA`x)`w}Y+HS6
ztNh?pSaQX5uLZ|pRaakfS`!mqqOn0~I#>swrNu!>^4ZMsR{mK^ntfTg%2;b%LAVK0
zZ3GMGwWwt=@<rdrBp908cV&xako(h%#oc6;b5y-!bS7QYt(~M}qti(T9ox2T8+UBm
zw$ZU|+qSKaZ5#K=^M2zU=Q}_5kHQ#LwQKJ=*SwbJnfk8c*}co33@K6`JJz|CX{z0`
zq{m~*K&j{8W8Gz2-G|;e|HCj`rT%ca{y%Q6oMxI2&3v=u>~*^(f_#(PdKb{cs8x-N
zy$O5Tl!Q~rOC{<qSob6KhLXp=m+-R^I^xS(kkskG=a^@QCtwEK2o&8t(2?62>MN<b
z>9YUhV|K~W>MWz)&PQj>xna#H12@UmXrAVX_<4+)6eYrK#*M3cayla;EBZj$P32YO
zSje*_L3sbq%cfS&#^FmkTR}Z2iLPxqdSb^Zbowu=YEY7w^p?F?mcuUYWhE})apt5N
z3;3@|;AX*<kIm;c52sHX@Kq!G=-xNH;zjhr@6nJ$7e0V5UV#4(a*_I0Ov9-}H+Owr
z@?edRN#zo-y5?iNp_lN}H+2Ts=3BeM<Mm(M{qJj35+v?lC|MP7QY!;pbr!SThDk^|
zNgqc^pQ_7l*xe~{vyGn@Kmw;1PPwYDm9pz)W+28HFwo}fqsG(i#sRqBz)kYDP0Y<q
z=KK0=vHhWFdY}!M%g9gzIDO=Zjo5-_ZOlD%FH+YNalCS62E!FjpRMyXz3IN27XsG;
zd!}J#^Y3#4JAo@-TVJ;s7@t5KIa$X8XWt|jytBr2-=CYh9T^4Kw?%Sb%^o$yP4rY&
zK|3VH0V3I;qTn*sWUcxE=R0&l?YDTl_n43T9vR=n1o*MPvt;{q>cNwqF5*^yJgcov
zow958v9-&c-b`uowMj~lsB2K<koGB#>rCNzXTJzo$dy&AHB2zeJ^m9}e`s()B^%2U
zQN65Dw_v;*kp1Opy6@SCYHx?A)%)V({l_;t1GGg1TmjvaO@DmlsGN(m{OzWbYtuCc
zRl;Zii0yueNt!_RrtEx_m3_8fCZ{Ns*36hYh0886o~?SwJlUU#UGLfJ+P!MaZ|yC~
z9+hzx8!cBzhWz_kmxSCpiM}+(+gTf`dQV<OTHRmL=m{-(hp9#uqC2Xb0tYeXRs6I8
zUbTD&yM2fn$dsZ+YHFWMM^|pzdc>qOwPOZSc-m?XVsS~(gxUt^HPZ^eBKsXS@i>2s
zTOc+6raaKXio2*3`%e^uQx&n;`ORu>^7>ANr->9qgx<}fxMuQ(3}IUx6_~?XUht~a
z@wI}@#e}Ladoqp<0=End6?=CF=GeGiAAUS*WTQ{}HYsacl$Ekm&I$$=NNkY(L}|M^
zJ3vBaj=OtwyNBC=qq0pDt22V=&gGa(aT$~sFl}vX^5h9&X}JfuU@dQ$n~@>_Nr}c#
zAcj9wTC@PV3;GzI^|&!6(FPFv?zmD0C<(BJ1Y%8wcdR(`<gf+-1s7o?v|MoJ(-=7R
z!g%$y0FcQHQe53i9W%9ot6PewIht&OgqzCx`*s)sbUW3;2ttZb#w-)fC6BhFI2%7_
z2my;_=Et|<O8;OvxrIqW2)X4|ig0M>5(JRS6dB@*pCLkWL$o1_`twHgmQ=R4K3{5W
zL8UD~jsvsIAo!{z=<?;S>nq%gYxECa#2CO`5BJ2qeUb9*MCSCGpt3zH+oDKFn5`Gd
zjRRy$!kSHMN1w4M;z7=Q+t`iXf~<_OotnMLd`4a+RJ#Kxe#t@w=|CLM%OypC0D0`x
zMiCsX5^MO6(YZLK(K+FF?zZbix5+jzHRYPv9^ZBm=>dD&Vig&`qOHM(^a!+>@rZLS
z&yKdbJB!lZ?C)hy%fB(1bZ~!g?BZr<ca{XWvnh)q%J0npv~R?RXYwSctX&h4-NyVS
zgx5y*Qo#BbC?m6<7px|Fnx7_@V($N-E*gxME7_LA8R!~IxGlV1LsSac)vJO@6creW
ztQAkvrDdEGOdot?h>Un=L197|?${d8lwjS1gN<(UTO?&PUC6XM@>!l_08H!xfyD4C
zX9vUBn#I9N{Vx(>1VYn<tln*D>SEYZ5ZFDI-GAg{U`9wZC@CiL+`Y?{UJxW?ZDk$A
zB_OomLp0x<(Cdi9C3+R_Ubw3<wXpvA5r(t|6_5`9GCMV>8gIDc@ths=AHOX=ZQ!q#
zGZY3}OyyT_LkVW(7tz)F2~Oj_DHu5aY*rl{%0gKaq1seiwhGrPQiJe*X)?Io*U+Xg
zArWTg(_N?gU8{sWL24c=Ax?U)FOBk(6=eVCUKkfm8F_t~i;99g3V*jCm0<+Tkk=Lx
zfuY))ja(JkT~4OVG$cs+eD4PZYyz@EOZ$EM&lat@HF1sd5|pf6aoAZcSZ`+jpNV>5
zUZ@Z*wkzmVMKuIF!`>w4<L4o7<-q$C9$2bDid^vcNjnA&Q4}n*q7>E-8`X}fAgRgk
zD&VfaD9f%b^RKx8ja{$VmYKiw*VxB-d*#Hw=VE7O#w9TB`1*`!S@Z*pli?h^Uy%9X
z9Cs4j&j%{x$!vd_`zSBl3BfeB7_Jn_`{R^igb|@A^&0mZ-4tdmjY0@TQO}5ul4Sua
zHr7T-RT@@3VQej5AUo(U=%*8h4~O_5u-<omLd*&+!WG%z>|kCIzi$YHBDE5iwb&7p
zvEfwg&c%d@R8J<9bm(}H{u3c<&9ACLKmKKGJ65~-z#ph2oW*4KsOqwnbstm7nG%DH
zczUXUW%g(+l-C^GDN?JecQaV@%D<efVRRnEO?0FWd9;`|<^Gfxl~;0embSylSe|N!
zTMF3M%PN-<{%wLI!b|x=Tz7hb0aK}3H>xaHPt^(H@WNt|LYSKLAdQ<k!!=oMvXd}P
z=QeTHe!^CZ!2WxDBCpRyrhuvm>pP-Biq!Ao!VgE9*%)#1@m(v@>xlzG=f0f??1t$1
z!MA(2r85h*<p%UFJ2hz{#g#d{v|s6<JwqKu(0n*ms);Jh4`(v5rI0Xip19Gp9-WAC
zGkFFrZi@`S=(`Hj*XoE>_o3_h$E^(;FPCr6aw(bBqj2_NN#qk%p!eIZHv`5S`JUng
z%odU_b-SJ7PIJ{bV?SIoyK`Qax@?#xQuo*}LxkQ$sb6dQJdXa0Z-h9!(Eny;rUDw|
z1>`gcH1^E@bdy>cE;`iX_l+s`iwu<GC6rVa#?fhc-QlJmo9&jLtlu9_D^4vGow2Hq
zU-{1P?K6x^%*YjoS_*7^+$E(|{O(N_x>NJj;2%+4U2dm~IM`-IC+TzruzT{7bFhPz
z?J*U)z)BmcbaVlm-yr{%raV+<z{b@XDQhbDsD%MAxdv8?ow}kzC6!d=#-94>#jP0%
z@&%1O$q=?8h8a1S9T_&*d<@h6fGM>;y0xFwcTKm1p06a2nj4OQ-4NAk63~#uF#4EJ
zDO6>6wFY*;xiWF6_&_DMY-PH#B$t5yI`@=2`~-3bXg6G>cY$<@lplhfcK;fE8RCUA
zW^{h&9l|u;v~7(n?aa08jE~zhYe^;v1EnE(K1!kE?4EMm3f4E@Be@}^R9W;}NH-Gj
zz4~jJ7*+hgnz66WKZI&qo9pT=oi95VC5eA~>=#EbK5gA@uI?_b9^IHaU7L#j_5P2F
z=I@0E-8?*PJQ~t~^)IE-U5a97=A>1`nqG<i67oGxryh2zp_7zQh5r$+FAuvLel!yu
zymXZ?DO#E;i2durUVdmnX#Aa_-(RBn2AK}sm8_{wrEdoE+mo321ts*gY6o?`0gr58
zw`PT{#FZ}_keS3*tYUm$%5|pkHXg}>P-QTaM9qkSrXo5ME6WRcPp;@AdXLRa>!Y)y
zJ5l)#lu`}aYZJR4Kci3G9j)#0(rAkk*_ssBt=qtOZcYMPDf9q?n|fW!off8NQWIgo
zS9RSnuYN)rIQqYpACT*ZRa1+qXpI~AfAd}ram}P&o!^9tq^TjhE4RAG?yCMah0G4O
zX~IrZ;E48_b(^82vA!Q!+1YRLwej?Hw|8{%R{g;&t875#g@!YP{Egu<M+l20dx=QW
z)DT$!No~`)aH}yP%^_upk})nbiTCUCT$aGN&>Od4+n}FQlHYvQ>YuvahSi@}B}u}B
zTHdtqA<M|95d`?G{~r-y>#>H8ZpQX}M1tu+25M-jLn;((b7bH<b~0v_s*vl9q@`$%
zE`AQ^#NNu@{Fem}>8eJSGGPxsd}_P$S)ClBwxg|UzA&h_lCu4C#fwCSqldGH=X3Y!
z;ONp|IJplHllTa3I<TjP8NnhTwCBsyrfwpm9BiE^BOyusl7OCN)?4fA$lIzi5h2>Y
z2(n~xvGQgr(SH75O#?(|H>L^8OE=DFw9-i2xf6~#Y=iOw*zJL&NyjA9%5UONjy
zw1eg)Q8pz6eoHBVB063!&i~cC=;WD|=`)K}LTI9lN$1o1-4b$<ub9gw-Q_PQ$53a@
z(gVTRkO6b09j@QION4tEc$9{E5tiZQMI#1f_!%1?^VxS)T%m`&c+L2@U^|vT?3Gb@
zlFiSYX{-}UkrqCYLo}VGI}z0e#GrI)LwMsB40I-q3M~U2+U!dupRLSKx33;-hrjs@
zU$x9~+n=kLKct4K^j>z2+`d16row-bO<Sibw>roy!=66Q?O?h%5D=a0umPotT<o3*
z!4a+|)A3qJED-x6drv~v8{M-ap=R>!&6;8_p{8VPpE*~uHntVcD(+;A#LG9|JOa(9
z-5|#Zu`$#@VTHT>*CFfZt;!<fD4`h1vR4If4MS`>=^A$gWu6Yzv+}pGC0<Hf))rQF
z?UvGxE=);hSC@k0l8&#}osx!(q;T{%<hi`eo;UVvLd`aZQv4EM7e}ogZ;ky2B}Q?|
z*$=O$=cGF2nhi(XU83=KGQK@z5fZpwO32Jg(NzhEAL(4iFU;D>%NdbNVO?$Nju<*w
z@DQnVizF+yMQPh+Ll6*yF5;y9tu-5_75t0eFFEJ=b~XS&qia;s`bHcPR}(;;BIN49
zs|~YHVe(~A7~CbS^A09vmV1$HVx*f1$YN<KAFr)!(v<_<+WY;66rO(f^z?Ce0n`T2
z5HL{$Ak1RR71{yfBog;eTgblWFI$K;gtDgIniioWgP#9b6qSM^cn+AVX!o$%jtoiE
zghjsgJ}%CluI@h0uI{Wj*_}L=oa7(K1z~`_6I2FBGPAUJ_K(wpqYGu|m!Ze8)6Jn*
zBsMa(V+46qPJ8y?pAbJH1i=E~xbx%oEU+k__>Iz|8%}mH#NjslGwgtNJ8Vur%AQ*(
zV89yUALuOkDztGSkP`FJxBLK~69!`MM<)A<13cxhS=CS-|3WtNk6;;>Q1zX$CU#l*
z+NX77Kq>|LKUb+9e}XrA?&_UZz~f}E*^kO-x0HWC9PU2E35_SZ@sE*TlURGN#hq)S
z>_g)8T5(c&;jY+>xs;g_J8BxRI=Q4*z&;R2DgKp^ka!>{jpA1ZaQECeEHODj$jd|S
zjp3U7?9)T+balCVolMK?rxJ&>11Dl2@2;VbputjRR=2+Kz9jrX|0^Ozr8KiCf&5#|
zfg3NT%9j4o=*I@J`3+a=divftM&4Vp2RP1u5LW^s6Z5yT<1%QtNNp1TSrxWgqVGcZ
z@S_-13ZsQQmB^F}VjM#{<q4U$G5+H>9B<M;VLcMT?Jga_aDG`TAHW9xp`C|Rc5j^s
z%Mj}P18c6RNt?tbpXZP>{%HL^m_h`}tyEhn`OR_7`jiUQ0izq2?Po`E{foOIq6#wF
z|Bb{RnyP$SGZheoT4W*r4el!@@kCvZ4gLo9Wj;<d_XaqqaEV!%c`~X+)25?wl1(PO
zJcoIZ?>W)ZrQ9+n=Qa#?2S}MOO$(BAWv@G`M_(kgKMtl`qiVbcI^TsSDE`McgIx=$
zNVgD)Ji3EeVQ!*U|0`_xnzQ6#PEn&1c{G2&Ejm{<tmHZrSO5VPBZnDOVN!8Up7{(?
z0;8D+n!|_xMpErf(2_il=u@Q{M#dMd$23$I)vvB1SJ}b!5y_IrvsT>`Xp~h2j6HM}
zOcL+Vuk*CWQpYs0;itv3xmwg_z38+vehulL#_0Q82+8ubM_DzOlkhy9@2c1;e#N7a
z%fPtYMioBRg@0{qg40~Lk$*}CC9|b?S;^<67FLZ^+)mf|Is3k41c$(X&J7j>83rcn
zcc#NM+M7v?FG!A@qaNkOo&5t^k$xj4IH9{)`G%O72($U}M55zF*7A|Oc_DElv19kK
zBjamrvm@hvd_e_mGt~y~;S1I2tN#la70iU1d;MclID>=)J$&kc25cUn8rNu8=MY$&
zv6<gDX7@4@vp(6<T$u;ZU0og*$S5+<!nj*;L#mPenumD|_X3sNtvQC1cl6PAa4dH(
zmy3mCDqbheOrkiL!XfBL2Xe&3S<>6+L3(}>9WYK(StB{{{Xqr(x$Vp@?Tlzqq_yOF
zb&nZ2v$M&~;TySCr?^UL*L*nKNQhCbs4BVqI_5+y9cl-KdEp)bJzVWkCQ#=A?5Z`z
zuIRlguA<TAq+4^sap6qZuByzo&1;C)-6>ig4q;=J(fve>L(0K#0KmF6W%@|EM7DTw
zztd_a;x;aVF5ntRSI<k=yi(PDRCL^$$6_UOny8oDlFJP#N}E-7r<c(dCH_-2imX3e
zv6gz=dJ}V<in&xht-`TRk#dz^Sm-R0y~A?Ch>a|nC}Q^7sN{*9PQWq>)=?OBE0v&$
zZ#XJZb2vZvx$x(uRq|Pb>mnnE4rj+wx51JN;n4L8I|BtyCQL+V>>}_pIBoo?IR7Z|
z`|sT?=Wg1Tr{YPjZjYZD;V<+I55b=H*h`X*qM0#4I52kOI}7oP)N%Stl8>G14+14E
zqlu(P>sS+ak?~|Bo**}safYW$+VWvJN`3Z(5TLVMg>MPmD}!aWGT`DeJH)gGz42JI
zy944aj%DPZbR_~^jU5j=dEoXAee;2jdt8T!2T_Ti3OlwA$GSH9x><ie!j>~zUd=*o
ztzE%0s&$>MDkR7oufatExI1=6zgfW9TDpp}SPj{T#~S2~MHD(C>)#2y4udC`d-!Jh
zYD)UG_GyiaZ}vzsAec$El!Ku9QK%P45xr!!_d}tTT{RUuqm#Ay=Z0nhjab}~;sz4I
zMD<J4?D9Og=2>A)64&>`p``Zcc6aApF|<atXZl@~vflu;ok55h6jt`*c**Yn#gJa%
z;o<r$@Nlp4ZSnD*{c-JC+t}v1xbpq+#Jag!Po|GEZ~L@7oMih??XDLSNEkx*jT_DD
zaE>j=g$g;#^qgoG#j>Wah3c^eC)Ht<$lwa;UhZTg7mmw&N^-wETW=rJ_E!2mi$CSA
zf`>Jgys%Jy6>P{-*%ageqDqs6V?o^nx8LfW6NMa&ELIsULDp5@1;vcrLb-02z;>p}
zaD2Azq-fKZ#6rDNskVbFbf&u&Meaug5(qM}oe9D#0`kV~PY{-<5VrOZaf1yW_$q-c
zKbWe^(*tH0)ejOSFaD<w`jtMuHy+^~B{VN}-jH69JsnyIUzAr2R4+(a@2{Q0fPd(3
zOa+HnV*RK|WH<Tz8Ia$BISaa{r<zLBhRf$pq^WX=@jD7+=bZ0k|AW_g*u1^{N>0B|
zDu9OHr<i<f>E^<9mmn5$=KcvWkDmVcfB>mA>~ip*jL0XADfZx1OQOpC=8B{pFU~Bd
z`|%D<gs6uZkP0rnc@x<iCloU*!7i+A=L?HRjK+YTmA`8J1`44kT^dAc!RQtXE;VS|
zUlJA|@JpIVAs6bWKMEEarT#QPiJ0x?xWi9hA1W*bHCs@s7aH_bk@x^4<avG!`b`M|
zPpeyu=peE?erH`PS5b975Ntvzm$jdpl@`>bxWe&j?1C8a6x{w$PTo(;cGEnVCGcMk
zWw1hC16EmZ$t*DP2*^_W`Jh1$#Jj|E*?jHs^!n$0&j{ojX;^#RURU=_dsoYPztrez
zSAa0oBcjpj2P0>$IU8M=45mWU_Px;n>o(xg7H#EPN-o-1x)A|2m1A~Q5HNpThVbu0
zq7RCXHM1-c2&O{CXIM(TxHt)PT7$Qxz=^E`>}6+%DrpYjnyP4ZPPCK|hnjR7n5iga
z@UYRR<C}1cRCKSf)|bzl+HAk(R;u)CTCOJF3wXno>lM1_2eKAF6~;46lvWZj2`NbE
ztEhw=;O3F-GsMv6RB*PXG_^{BRtorY-p~{Yd9P2J=<qyw&>S{iIcm1{@|<kg6h2e4
zG+*RevYrt}_r~0}c+X5dYt~WzNbs+X4N1mSHf9!<Fl(rPEu@GwCkdBhFx8w*NoDN$
z5}BDu<V8Q{V-)g=Kow0yuId8UZUk=da8FkOw{WiTx+;O$`x<@0M2Ruj1h~s(tzD^^
z@z9Qf_RQw*L4<^Am|0HY9Cm)x>gK8(wtuS_WLl-iG#v$m@=G-TE}wC1%pFGRcB#H>
z9HnB~#H@S3Ps9URE=w{<PJ<GNr!~B%#Dck@<OCaSq$oWE0;*kcJUMngVYBaEbA~cj
zpIK(|UwwNzax#Fi?NB5CV>U4U;WoJ)`!SfuoqOty)ciZ02Y;Qc0aFoN6S!o3jpy!3
z^7WTDY8N^*)o}0tr{vfd9rx0lCKmx7L#~}%-+rS6y8LySmB66QdCC1G2065Bmme(g
zjNjVYde-Gd=~~V=TFFTI_6On|I0O&At@rkLaJ}1(^BLR6dZz;7&S_3jO!2AO{&*UC
z$-(wru104X>TnIRFYyC!0e>eq-oqwF;Qhh{#JAw$KGu@2C|%5R^CsHK6Mj^4i2A)`
z9t%CYmcR)$3n4@tXi3h?jnpNLn%Il5DtA$C(%A9;9pjOk@#a6Z6Z(gpmy?ry9ZYYM
zxKqZTNneL8$nG}<qbbf5Je96h(9Fl*X<+^gXB%?iZ|yZwb$Xy{>{G167htpNYT^S(
zJu{LX)FTK#8Qta)K|5HNh8!{Pc)(m;?iJHa$m-BvJa9@`->>eJ6y(7D{8zW59iy;Y
z`XeLbB^o{+N|+*fEid05>Eo(uMnG(RqJYct^n<gc-r}<c<LkTv82kp@kzu<AdU|=?
z<O6f|HMoLic((!<a|~j<vcpsgoR8ft(Hw;(l(#XsC^}2uqs!kD{<)r|c5p`rQst?x
z_+)XuQREE0`FfMhioE-VhT7g8`-;7L(!BvWvLWAmbr1mOGH*#|&!l1=TPu1WK!Hq|
z1z~$ju8ifJ0Gb<C9dQq5Be5(l?LVGHT-pd?4p*LsyuNUhG<OnI5_#xqMf#0dbCUJ+
z>$K(^wKKck#GzL?eVV1&K%%CqD#UMx66D)K3Vk05egr(f7z3|0vJ+kbuAQ7ZTI;an
zp#ek$M)S_So8}zxYY5c^c3(s!4V0$&2|sv_59UOYmllt`#u3}<;b<B~nTG&9EO#vG
z1b~HfW*$%CzS&7(t+Q3CEC<z$^h(RT^oP=9`4Ov%KO++{z1CEg>lShI3VN%Jq}-9a
zWd$uz!?G4PnfTTbc2uSzP_Q|U;aR`J1(a+rWl#V~xChA8NsK0!vW{))n7jaJpjCj{
zzBa9Wn_8nk#+I^r&#Fe1KBt<U0g0uT&(*pxHHyQHY3(52jFL6*93uT`U)L10cJzzy
z>epQl&PC6lFW*E%|7+~8C@C6DOB*!WFf>fg(R8swHOv!BQTT)OFAX9{$`%Z&FmJG#
z4+nTlo5QY3sb#Gc=EM-+#Q1|SFvG9%jWVhljXxNzw~z7-qUa0PRffCNf{OY*-&iK;
z0pnrk<X>hJtVB{z>KP1BVmNb9W)Q9EY%(5Q>K(JKA>Ic{m<3wgLd13RbDT99$jYFm
zBIV=>{b2>+O;FZd|KyQn5SGyk%QO}i&ok;FfAR9jFh&04)-Ws~CVU`FAz1cU6Rwxk
zXMa$>01+1<jSih;@!0*^Hq~8UTm^D^V+wsp%mBA9@DA?zT()uWIx~TM69u6vL>rr7
z72coP*YD%!x73NAX<c4gSClSyRg*4q^@MI~b$~4^*MFvLt;^(r?<G$5c9?bMz!1ru
z3U)TLtX<h=L`a={xrDHcqQJ~ROWVU*F+20(HO?54|Al&(rNBJvoKDF*)1Ns$ac>%w
zhTqXAwhd=@sOmY3!2CMcs8R8q_9mQC))QiR;V!S;^(HT>M@!TjAXf7OM85<iG_E(e
z*v0uD%f<W7Bxvw9OOL3rqqfn^?De%+JBo?ELygXY+)<b<L6$bT6i(Jr{Nv*^8MEr*
zrAqt7x@9jz8s5IuP?KJ286*4r6W;K^)+DkJ>jRdGn+GEEr91W4FKw`7x-)X}5{aiN
z&7)*r=QgGNOVX0G|Ft7fnY`P!@{CE!VMBaYyv8o3Z)2`=7eSJbcSBC(;+cuJ+DN#I
z$k4xwV=TfKRR$>uziSjcA#z5X2jm8D<Oh*cdKZ}&Q77;)8`C#y2%s28<OK5|TxBSU
zP;-ZgBl@Gw8uKW@oHaW=-B~;aD8J2!!*G_G!f`bgw=xETT#PLAixzAgY{Ys5B%3UQ
zt*pk%6l|-IXp8--u>Ub5sCAzu2HAtz_hd6DBdi*ORgA1!yBLOo40x|Y;}{r9G-yd)
z<(8x>u*jtp2L3-I0wd(UJsq~iWtXw&@ZdYl8dDh6^&hWAxK0{OD8Dy3xZPmsFKbY@
zwwwuv#havXgzE@Hiyx}`G3NyYeuHOS-?hoox-@iFA&H7t9c&wmu}NaP=5b)R_i&K=
zb}JWp%CF{afA5LoW^as~@e@X5T$24i^9EcZBb|S4B)C)99M)6BBqwU-GpPyV4jnOk
zEy(+Qs3it;Knrk7h9<6lR-_apUDa3n)h-4vziGz%3D>lB${;9#=O)=e71COrHKR=W
zA^o;kt!}*QSE%n7F9Xx%)5T&CktU*t)%F$nf6a!h9?%=Z+1-X#qTr_cmGO;@rDw0h
z(<tyAH`|&c#0}p34^wmhw#(A)vhKd5c6`?)&-DOB{z%)gseuZ^fDW+bwlr&8#WG49
zUlX;4<$s2ntyfLT`=gPG#=dTCp8SBt>0?~|rbMUDscJ-!2kceIOn8o=IdH2LyB@`+
zB8r~gX+*QWphQ)aEIyK06t~zPJ0#bhciSyHt~+EnZlGrVzix)#uPdziDkM(hC~g0C
zEW6yQ`P<Gm%jI|^4WdUAW?8_0*TTn>9tKNrH@t%=?F>l~orL9Scl@A~;({?a(7EKQ
zU@qBDG}GRMExOnyHwHek8h)D!=BeMN0s`v)H5C-@>ivwdkG@R>`E3VuHX99LF1!uu
z0EP_IEeGAupj#jZsRVIVxUY|H6=*M%I2pW~GLqi4NgkqkCF;1JFC@gAQ|F40nMZsF
z&q*it%@NS>dUJcDHC}k`HO&_SF-t@0cirO+QN#M<R)M%=K3#Jq(b(9Py#q}xHZckd
zHZBNF8rtjE<+Bjzi74NiOnhS!bjS9f!M;K;7;JF4;1b(*?xo*9tK<82*Wc4!8-JnN
zV{u+IWJ`a+RdW535t~2OaDv;BpXtItTe9TRCE7d&^sdK-yq(%zUh5YHE5OWw^-_DF
zRQB*wz|zs$A(qd7p6_YLC*xB!`700)oFPtzy7(<VDK_X}`CRpPFQif5TRqon3@vR4
z%=XUVjgz!PuEmJnb%xloh~D*MMz*oPpj(XI!MAjGx%O0S15Li<(M=&T!6HUb&=THk
z)#V$4t4McrLo)mMi)S>Y%s1DR<PbNv??7vCis4qJa{W->Q#e2EV%3-b37JZTv~c%&
z7iS8yEsZbP%F)UpZDo3~bACN-K0}ZqBB%ZI;qLb`aR?~j1(&`)en?Hv12;;II+k~7
zNMA9c&+6)G{rLKL*#mZd+5M**4xDzdZU4zx0b>J_c)s8Ic)Y)DX6z%0k==({5?n1t
zZK$4<C1oh~_V97Ga;L(Xv!aQq?-7k>fK<e>X6FV9%Zd|6-+Q}L2{DS2Ddq1cA#wba
zn3m(?Y0E_BVUI^^;J5lFtm;^#bDAYVJA?$c8gu*Qe%+6L5WJ7{4GqoM&cyP1x!%3C
zdSJaf??uY~!=KNAtn<$UWY0%T9C+oH@4V7t=neit7>_k_krh3xapbmg-cQ&_*Qy??
zZ00~LX0BfVc$-)9{5XPZhMRZg)yR60yodg9ofE^R_#s`EIVC9S-dJ}dy85p&vssnu
zSb!!~7`eOGLqYq5+Y`9JO>{hBS|f*uL@T$I?c;X;RBB@xiM$=>^Zsq#G_nWljd9W?
zZKbV<(I5p5sdmC0GNz{g0D8Y_qMIQZ7I7xl&IZuP4DFt~Vx){5;~`E@^Jf0(EHjl!
zGl~=3*=7H9-GVDOsbzzrUq-T}qqQ6<>t8=Qtn#v+<5tDiuj&iroPyA4P|D7oSi!gl
zZ{1%Av<2Y#k}p^OG%*!^P~bE8loXNd_*@r!+~aqBecKyYd%bo2z7TE9j4vlI(9X@_
zY2fy?zjrt@YLO&u8`(#EA7(c{u(6_-gPZr8DnO3iI7ss=^!L%oK2XE$@0*Sqevn)%
zH@7@BlSQ4#1vm~h<f_0Fc%$0dEB6KL`Rn<RACK=Q!hE_GKmQ>&J)r0FPpT{xWT;B4
z?&vTdJwb--Sh_#rc6Rn3yz+)3AE=~ZP9p_juS?Q@)~yAJk-?(e`TaS3W)i6MRe*)C
zOnb(BJgtD&w}S`F)yXm6me9H1MH`p3h!;|vBtQd&jkYdscgGLk?Q9oyrc)3pKej&u
zdp=Xc)_+mA@jAIU+m!WMf|gIav1_LaeA&5Mxz)iVgsAP+ktWd|RLcvD{*Z^($i>Lf
z@pW==eBK<r?CtHm?>A@kBT<AOU}JR=2<|YP)}zt+u(R{=D#Cp{ZUhz})yQ@8@Uiom
zGdK;S(UGPm?nEWV?e4JPI!v1Lz&mc&;fk^G>Fc5{q`aq3A<ioztX6tfIr2M+ae6WJ
z#Q1co&a)&3zcxF%y%cwX%~z%+rTCT3z4o+SyHMw&J;CaE-?ox9E@ic-75^0UB{XG{
z;QOPjnHFc6&UubQ$;{?iz2b$9?psg=<3x&q>X<fYnu!p}>UKQA7>#?VpJL2tM^Igt
zx`|y9?eU&Ix@%-@k#U&@_nO*uKcy-gJV0IUoW2Br^f?_NMd|~Q;vNk6nd4}ROF1gf
z{ly>L?-l}i{jWD7ZG38J&^QY3Ur0dSI$4dyfjJcTWy<P{N8zncKoIm&th3NzwMO|J
zOWIUfhHf%r@vK-N%=+g0@W!o6=VrhUiwPMW^<}9H_v6W~ZE4E(Dm&KqYPlmu(*|_9
zoEdDu0yZiN0cEP;iH|0y>m*Vq^;2qKTRI;tXcZ*n@1wc52}kjVQ9`w0LOhNGPWA(i
zKF})tc<yKGQ|@~Dhx$~bKW7%SZSa#=tHgAAPr<iipjdGhM;d4%<O7HDfpJI^_3!nE
ziWiN%eEZlfq_u*agkO_LV@Odtk$bzA-8A+!KZiSFJCqXT9`=q@M;@23MBpMTf;TEy
z>SzU!6ynjncn^ZbRS=++UoYy-z=8V^k@&Oy>dk`B22=3cqPtdj64`MO$S)t&Td}$y
zRCjxH=es@*siPJu9c}Sf1>2tmob=8^>$T^EcwM+tkIXGPF3;>UO&4eG*(M9R^$V|^
zKEV2~BS7YWvor4_Z0dHwS8t}n)-}v-gFw__VNdYe(F^6V?R5d*SfTEKzskbf_`1yu
zn1mpMn)@XYgoy+#mOvl_=$M*~A|WRvmd_EE_WEwd5jAha>fj*p)?irmJJc#nXy&ok
zslsOYAk0b?R^7zT$<F;|cki;}eqbNzdRk60!Ew!<vFq>>$g}#@@!}f<T|$jt14j9C
z3q)or@g!hn=BSt{>s~fh)j*3y*Axl^LxuMz(ilsl#DsjPBTM^|uIv5h)z!7TD}Zh;
zgsnPhqV1yNRI#%Ow%A>#7|JG4<;AC8=n%R}B;=~NKjJ4{^CC8^RLPl!vw?LZv!(u*
zlX_@gt^OcMro%ZKl4^8k9Ix2hEyR6IIQ3ohdZs|rd42rod7T?`bQ?IQFCv%N;VN9b
z=G@&otl+uSmBm;Ot+UO3sgycsj##)B&s$16^cUe<*Dp03vPPpTtObyg_J@B;NUA@M
z1wGCk_GO<>UnOHZbKnrdV%5-L@h`pW@IgG#Q+~wL7GGZ$p3CT*-F1{$)5Z|8E8(a?
zzu%j)xOz5kq<hR9DvVX*Z`xAagVxL$wS+a-;a4&;Bl@H7G_Pb0Ox=gwc|V9@TXh)i
zRT*nK{$B2EGPB+H#b~apIH1SIOfYGSO=j&tX;f$c6fDV^GC@861!qpXDqu4jf2qu3
z5t#LjUs1-Lg|Nx-8QrYWWbWiUcVb?kGRSE|X>XW~5LxF;weTK_RTjsJMiP=PNwUPZ
z6_?nMjD~KUpo0c{{<X3By|QX|p7%mIup$|M<=hr2Q3@Fe1{k$Wv0)sv`pRHNvSLU>
zD?jV0axW!}#}te#Vz!AtFE-gxO{3zpA#ts&{p(gn5xmr;KxJBX?w6D?2}N-6E*!>2
zO&&pwBW5^nklgU(Zd1gRs7kSR#V}(5q3aiP+C1%}Gv~!MK--?c_{u@149rGW=)8m;
zYi(MdYRQ=QRq0N$u<oKMBC<!Fs4`(aK5VJZp6JV57@tf(4pldzFwV3;77BS=M_!=A
zG@+EG4ej^!+WKe*c$kj@J@=8ULWbT+Ky0Rg9SzS@6IqI1+sCo5zAK7fF9lj(0Jg;I
zsp_ebim8am!@a7>gSIQLP6(e5W8-z}M2ZGff5p3gk->J7q86H+2k<U5VKT%qKS5?e
zc4+bsEk<H8aD4zNyRbbYd|7HHqr0pfJr^{XY!E%hC7GG91ZFM)%o+_ADjwM^hy8nZ
zk$x%SH6{W~^zhkeY&e~SAGje37O7&>=%W|}mV=872z_5M_~uCy9Wr(vo>Ia^hAJ9`
zVO>ubPq9M+{1T3}sgom6B3L|Z)#r95h3?sde8T%=mp*$3tWG9^hEbf*P7g1RJS=V6
zp(t>mD9!bdn)LmIUOI^Q<DjyHR`6*1{p7C*EYIkLLnKkS9cF$igkXssfsLj$%R8Fa
zk3{h{!ia1eDJaxjl>ONZ3yK>S1*QD2se>Rpr{vev0px=aVKZ^jD50E&lFZ)uENcRR
zrQK?ups$Bocmx<QHpC`GJ2!+F+|``aud@AX2IB5~1gGOi`Aba+m718#rdxLttLREc
zcXfhvNlJK$$q``-Lu>Oe69F4t!5zf5L2RSk;d@}VJJ34K@vFz}_9LVJ73gq$xc}Od
zeD^v7oXL&^_T_x~4ue0R`nS?A(nw378!l>lWXx}#3$?JK<^Kl1%WLOU9-a$nxIDvt
z1Tf)vMGE1(20gQFG;<n*DnQ9?n;njc-K4|Oar}uc1?<vjuW1-JeEh0hK&A`J-mh6%
z<#bv%f1Kfn85UOG?rOijx39K*9m@4|Pz^3by=%{PaafL$Hxw(=Tl;mbOxXlCk0Ns{
zkcFTMXJ_asfR8pPKzr)EJMt>8{Nw;oZ)9jeCHyoGx9B!OPS*e+&d>?_iMltOih3rW
z(T@Z-TZejMr{(=~ZK?LG`{ecgRC)aSxSw9$el<#ImQU<-+`8X};35j*Vm#8!Bpj;r
zKGEvp%~16AH6mDF*s;B>dGg(iEgR#?moEE~dkeU%7~$z2<~?%^Zn-84xSrM!cfjCF
z$;+_b-^WBU7bj`zGD3hCvhBuQe*Me61(RVMMW?y&4o*RfIxkLm&k1u&O#I&NA46H~
z1EK+@>pDcp+uFw*)c#&G8-l-p-H)`!Je-;P<$LAfNe9V=z9rs<UW)11{Km=_?LCk3
z>yAjn$Pk5V0wBT0UL1!=+XRL*yMRe6Am^EsZ20nL)ih2%2{n&u8=2RMiZtNB(;p&B
z#jHmFYe>EcS3f;#2F?@BIBTgYu&dZv@6T~ka-R@8H87~?=>u<`Ja^9Rw?S{_z3=l-
z<YxZY^I-!<>@kp2a^oJT)rIqC$WM$Rw*xcxCER`SO#JWWnC;A-cVUVuAz9Rd@2L^O
z3Q#$vHd{QT2L)hB21#z3!+ztPEX<kymRZth^BM5$n!@sOh-Z=XvE5msv5anq2=slb
zoCLbMxZ=G6Imhu36c8Rca&!3AufMR~bIR{V*MJ_GIvd?v!!OT457d_xe{hzH(x^nN
zOSPGk3DzY0GxneZb}_y4=)XbS*hyb3X(}U;CnK4gvwq-Mcf9M+WpT^bjXyyKzr2&3
z<v%@ljZH6urxYmEY(@tUn&#Csd3-H%nuAR%*rjw#OPXQ>+GSH5&8w_KDAC-Prd1hS
zHQq&j#At&?W=jU4jX@fs`sZMJcsto8)51G(5uoJXmH8bS=kcrOYAxYJW3ut8oDwT%
zfDV9+oWB2JL!j`Ie;z_Q%`K9<tzuD!WS?FbG-W65C&PUgIzdDL@RG#?ETdhr7Wke8
z-h-2|UXcy}m51A&k^cABz?q1z?U_HHJ<CcFGenMTcw%U?2hYaWDpi|3SXXMX4tnF;
zKw=x6V3MX*AvKmxgiTja?W|nnK7yWNx;2*YyK6tVeU|T1ZY)2^FFGLx^?XFVtxw<U
zHC+i{$Ndx$5FnQ33+!oBK>i7}*=YGjg;(&YW+t6K@S|m}cf|YQ;xMu?J1I`(Qnek#
zY=~uhX7%f<qI>`!Le#S!r;ef+WwGfW^>d#p+pDTCeND{dG7pWQMtok=UR{De1{7|4
z#{Cye`yfGPl;9(%S}+3k-(Ab=Yr)SRi&xh<*P~W$+t;$SNlpzx3=(#%BWL^3<OOq>
zWzGm1#FIT9lZG5xGuo-A_T2q2@X#Qs5=~(tQ~%P-;-`JWGY+!Z&>5{QM?8q8(CS($
zZhAP8@{aquV{E`+jn_qAdqubDxm9~JWy<~8`fP#xvlwGV<y%ptlyCdqsP9%#kP>GM
zCfNk8Va!L%y}`4Hz?bKf!}IOe_pAq=rB4A93!VUPerB1pOP{CDU%(Ji=NmmD?AAqg
z;vfitDglqUBQ7nDnQuQD0{vlZ&b%d<8Kgds4K@dzwf!AO$<7UndUX63jfskv2(qcj
zApo>o5V9?>3sDEBK^G?{#R+C6)ScmKf3YL@P4<0G<W;=4(;F~|zmeH&#SYkCYJuDL
zA;7(jo1Ul8F*mKx*iWT@!W$Z5LKgrs2CTWbu&tHs)@V<Fr;yj?`+DL+>+>UU#WTRC
zKeJvqH?hEQ?%rV9hp79)of+RvYi0kUC3Lht^V8SI%kJT5H3M?uPk}v<Z^ON<L8%dV
z<$Ztgy8i_b`=0DsFyWD7_Wj3RD^~`FfbP+dfxxrJ?A9JkS>)VZc<+h<yC;w7X9Uab
z4dI(=yt-6jaZgr4NT1(7rv9i04N!vvod<1*=!NZ26)*Xje{2Mn2bd9$r7CgU&-U$(
z&Gnituoto?XoZbOVMk+<IpO44GNNgnu!$1Y1>2Cfp=*gdaQ;D~%~i_7l<+f{_Ch7r
zwr}2gZ()-(B5MhY#`){JnJWJK+SYb^YpeYi&G1M@*A~eLXqtf!%@cyD5s`Z&hd*4#
zUY4@5OnN9S*&rmoe5GPBZXQMW;zL|-_qb^R%5FK`5?x2MlN{r=e>y6T0-@hbzVPbt
zi_%Z}d>K9`tWXP8Q|MSx=E8I&rfP87VF(2x&o+6n;CatGaGmb2*n)fA>$5Y9u%W^d
zVaP#=Nn}JY<}8GrZC1npzCLZ(8DXnnH|V47c7o`jLH*K=zRy0FU13)h!^g#0viJjP
zar`{r8mN1OAGrjEisCVb{`4LIVqF6KKm@#uVF`?l1ho1p8w2z@V>Si;y|}5x1N>iQ
zp!KatYakr{9t*tILgDg3N{t@CA21~v-of2uq!}*G_|`55x;4+Z`zN7+G(XQ_P=a!w
zk;#Onq?jb>H=|GBN!=P&m?q@qa`<^;X5&gl3=s|aQAX@R1s)?Y;xaB}Rx73lOIb=7
zX78B=VRf8J-%H}Nkee2=xdlu!`Hv6<NKm@AdSQzEUAi`Xfnv6~Ty95~?p$Xz4LOb9
zIXx?w7SAo4cwwEC{@+%uW`lKc+@Kq^8f>-W)FdFKy4MLs6LO#BYN&cOEy>y5t=0hJ
z^LvY)+9xh*{ib7UQA{4!e&cHC{XOYm9T7;W47xtof;kJ-yDxZ0ZW4<S-%U5v5??Dq
z0lgj&A=Fu!C-gCx<m9(zHPl@EU61deGLLl4GvMUBhR*!sapnDl1)b9)Oh6+w*at!>
zKV+WkNk{nnh_^1M`3EX$SwT}P+9fp|&oOT#I9zzP%K~`?AlpE;_#y<_h~h%F(z}!d
z|6*cIE>sSpUywe>z?@B>nUc9r(CmyF5eeD8x8|zE<gpataALMO*4B$zoa{jbg@NU@
zL>iUlU93DfOM!=Uu(^)M*!IWn1GtbcrpJjiot%herZ}>x41cm8Xjjo%)+v~RFR#FM
zAYW*MjYk(3czV^)I4&n)|1on&@T=W8F4!kr`}t;GUq8fV$*n2%FB^W~_{$5wZk;1z
zvEbdB%7g~<`DxheN<>>3Ei#*TWo8&$3YXK;H6V}iyI2&{0-?f;;fKhB(qL1UOohr)
z_7F;c=02UV=+*4fI{@w^BQ++J;Fq<$80{N|tX3T9^n7l&xY*++az=${xp!Iq7q@F~
z1Vx+B6VXm3W^3XnG?Wq+1w&K;f{PG)2`I`*dHa2ntSt6Jm7~FcB>hN;Aa2I$0hZ2K
zoIMK#LAJ~LZ#5yRvlS(t^J3x8<V0lOU*)EDGh*9Yhg^z$Dxl2xIWC`Rs{Ggw);D(E
z$jY(-0y)ufRaWlZMt1s8w5gj=Ub0}Q5)ncQ*@^vb8C%C9d@?#@+<FGGSZx)kZ!1Q{
z)yz_<!NvMjyc*jUWW*LST$FM6^IGtqf~Z{;jE`yoKK84|`rGKAuwo{u!RQ45ri)Kg
zeZ)7LRV+42sd&(TZQ^O7$T(!7D%Q3+mnRdmD{2CU4Ce0W+P5MzTO*kOEE^N5Zr7xa
z70Y25VY?)#uPTDhid6bt;}izAbi3EKHpPIyxX+YopMn9?VvHi%O}qWS>!r|C+5_;<
z>B3m~Kk0{lGMAHlu9@I6H<u6!(=wOKdWv5$v2o;NQnj=T;iECa{0^-r`D<lFXT*zG
z!_18Q?*v*|FWA`;q(u;!h<IeU5^Pzkih+uXfo&845p7nyEYg@$2i<B&_dddLpMB(D
zWl8`U^Y{;h|5B5=xOkk%h`N)_*NZY#^ghtxP;lP^gbuwB%dDKKq@3tlJ+yt4GM54l
zdfl&eA`>B8;U7YHbPTFrwF0N6v{v7RpPz6B1v3#&JD4jvb1^o=RNkpVy%iUQIHORQ
z3NsuUlqT|;zRlLNh`9Jawuus0tjUpdRSWdkAq)Px*;#S1mUG}4j$XCZ+$l8`(k*>b
zD!_sQ@91g-5o;y19Pp_qweNMNgJ>ZiJEQXBxNs*l|M@c@(x5h1<cXYW$|Hu60ZqBy
zV_jKsm{pU9(6`+ow0gYxS-EqHoaojqX0J1V5jA!WGD{Y%?4D?+4rCiyb}=6Ew_p$c
z)GLPS_ZxlXcpcor1U(wJXI9(6wKJp3&KOxN%|9ZnOm#P(E%|pYy7GI^WhyRxvlW^0
zj_H}5qNztjDsz^o{IV+O6a*fxrMV+jM7R{2{|w0eTVs4R62<u4`;rsZ9m=K{ivYLT
zHkkZFVgk3F^LG}b`*1kEg1*vE@&zlHE+Gtt+f%cngrQDmZ6sRXYQ^sA4m?~N(GZDy
ziG6vKpj^)RScSOMT5t!dJe!o-9v2G0%w}u^Ba6QMcmNJ3azG4GP($h;Qa071%T*!U
z!=M{2%F$o!0ul!EVa4M?`lW-SmcfOB8+bs%Lqr{k>_tpUrg7@I^y@q{H#g+cE*0~h
z1<npjMj^GLT4B8?@qy-#v<WX5z3>>w*difwi8PWoey0s4-?plR<mA5^*`C9O<{Fxc
z!wfn-75Y|bx7u3H^N_w}j-Kw{r!SNEh*OTxQu$kk21ePc5zn24siAVx+JmZO*=DMG
zZhg2U;iolZD9hJup-!W^Q)~iLdd2{;#uYvn)=-w*!(#SE6AJ1mIf52$N1n<Oc{&1B
zE9)TeP`x-Fkm{?Pdh_OAa(+;7!qTq<E^1j<%Fp|2&{8U`i9H~x%VXV*@l#_$=P;|!
zr!s%?%xm!v#eOoE8Y7MOf5U&r{|!6Z3x1*7rYFO1&&4U5vs}+&CkrzkmqE+2BFlno
z&7$CtkDrn`unQ8m=VglADBeLj!m4JD<V(SIrJ=pIG<lO^(7WwRj$pxR2v;NTw+-EJ
zZ2$I}J48GzuDYp9*;dR>75NHk2qW2xlPOU?;y$Ad6P87|8OlTbSHSIr9CDEiE(+|7
ztyV7-rmGtN@cVAt$l<%~KpFnF;WpzhJS<v}jFj*Ne^?E(i)x&2<Pk5^HC1k=j>joe
zEYy$Q!)QH8r5}ewz|ted)&g)ECtec^-SI66nq(k{U#x-_g9RrGE--g3RX<+Jd1-7D
zQsZiZs}ug+)Hu~67ir<wvG}-H265H&$AfH?9H!}rw6!lDNjFA=Mxc;$ACJaL_WOv1
zH7HYBN1LkkiA8pzUrN=w=$_*o=;@;C9l$y#I@go4p?g!$=%+M4Njjr_ywo^^WIwKl
z^yqjzMG|uv>CF+HT03*Y1?ImTMhb;Qa?0&sW^&d-X>rj|KMf#mC#|()!`?s)9?lp%
zPl|pR$CTb+hbiU5OBK2mPW2bj81LQszg=6Zo)_m)B$fo_3;r@3eefR@lgK~pBzi+j
zVa1x_Hb$%))Q9k&<S6LD@=(|0PQEh!@)lJRbu43J_7Do{-G}|0#AVFUD+xLX39{G-
zgE=DhBzrUyvDCVnMc>U#sxm2cn(iz{;RyV0GxwAx^=>A&spZGbOeih}A%e}inlu(c
z66Uoy!JO3mkJ@PeKU1N6cDImc4Yo{1NkMF$0tHoWUktQeD^2b<Tb*iy=t3tsxM5DT
z|FilpntNlW+$j8y;(i7E?S--5{Q|w=$YJ)ltg|ncW(ERyz6LTY4pI|51<SsX&rI6+
zqophbgc7|C65FARe0UR?^T~{lWWLLZXpVk~slsIdCTOGD&|YN@122nfcCnK3`8ZKu
z7q!&sA`)X^#xud+IDDu_-QR-{^*H==p)|+g!YoV1=9&YTqc39g6+g*|aM@cjI%^7{
z0zF#e7}=&IKn_JM3h{#2l;Np1r#xwQmQY$k>=9A?mBM;9Q*R<-;ek`?sO0Z=#G)K@
zbbJ-)enV*@0=N;G>^Yv~@%eDZ?K%17EsLutvT|P4++t^jz(4?0)bchEv;&&VL6Fc~
zW;&KcZC!CVCvMnPX4zGgaZ^xRqn`YiOC8n@aPj+2jmVG8&3+p5%O1gesHusi)X*V^
zd+~Zk{apM`txpqYPCGufFF<{C+^=Yw#5lS9U{_c~7kz%v{b>J|(DVhnw_|^&^w?ng
z{}UoBcmN$%#gdmko@8r#TKEeKf%MK-G;I2nJ(g)4Q#&Zu_?2nzWs0vQz|VnINAK1+
zO09S`t0FR=V$IT^CNi!qO;6VMn~Y$f&yw>Xbzw5dCG^4d=Q%8SBg-r#coH^resUKv
zDDj6|<1{k{%cCKEpE5^0)p*#LGE{et<7}ZS2xIi&MVN!rkEtD(2Hdy|YlgI60I)&o
zm;Aj`UjbtuZoeqTfUn5T;sr^<;`+59*yE28aTdWm3**O`2!02w*grDn(Z*jK3xd>4
zJh-OwsRwS%`CkQ~*0+oRR;9mv;YQnuVZ9Uz6H`_Q&cQ}XmDO?j>_P!S1^#{qEBq`u
zb`oM|KCdVJYx3&~q(?@=FA(azi00e`o#U=Y$1tG3SF{<Lz(iTxDVZg5N#?WSN6EnK
zE48F+kDS&;j!%h()-##n6gD)DoM$o`R{UD`NbnDw90BlrSD73|n;Zqjw_I2W#j{MV
zC-fOsH?h&bW)h#&IpvSU7%hoqvl&;6p2V{}lb-%^aGPzhxSrhX*l$qRG#0`m9WyXF
zg({<aruLp6;^a+_Auzr9j6%Pur%&LF|0P_^vF9A}a><#@$YGH7))9WLK4s!F<bQ6@
zi>8!G9LYe7oR$v3{y$88WlUUM7cTCu#cgmX4uiY9dvSLw#ogWA-5m-P_u^jM-QAhX
z_uky(&W|TMIXiojb51gA)_SCWta+l}#xB0$!wFHo!9Tp0tS{iT?#Sb5cHJ~y1IoSy
zxbKY6ro6P;0&k_{T+?EMP&n%_$VK}VdHhB|xCI&ZHz#R;j2Of`7&aNMwrlu<7h5jf
zqxjN5XUDL_BW4(DB!!H+au8%2yQ43Po%tkLPKkmM7|)fki$av8b4Ru@BVY-bQGmd5
zUecr*uy2v)ncV?~$>tJA&Gk)9^TW*{z~U?8AvG1#FA}vEG!_Jm(FeZ(Gejc4lC!@9
zO*NwOoV3`f%?hICe}@#L$X1WU1(oarG5(o~TRb7wY(m5OAT7s#eU~zrG$R^kV==Sc
zCA0}5A%a!R;ck5Gjd6J3`)b?F8Ds!8dOt=C4K4;Uo^I)%-(W<QDfI4ApiPtjWVgqP
zyDT0$Tw!uy$}VNe?eH5b-KhoWu)m`rC@AKFSQ_2P*@#OKaf6C-o396qtqNWpv|6@|
zDE4sY)8UX}{diMf0|aj9$_AJh_#>GmX4<XXNHv^6hzx~`aVVfxb6P+JilXeQZ8i_1
zBPGh=6^WL3H{u0csQ@>bk-wYH?-&ws;wiIa1y^RjJavA!Szs?)JQD^i&>^lUE6*_m
zN8m!L>;tm381=Z4*_dZfAFQ)T<ThNZUTL-SFCk<Lkg&UgcTa|ly9shYnYH+swpna8
zu?y{c&Iz-@L+-92O7tT63{DvPmVt?+)v2;%B&U&$?Pgz$7%Vn~yW&Uj#;8WTvazs1
zpoUF_vY}m2(5ay~T=NiFF&BVbB-@Fz+T~a(X0H8jxHyL<c^1ACe908fqJI#NAuURr
zRJaB1poMaNxNDfg{S}Q8N&Jk#ebyzRj_m(_;I!2pYhVbC`)LtbkL@HauHSe9rXBxX
zga;L?_G4%Zi3qNmN9YM+eC-r3arfg#p^zI0P8x@&HtrW8aL4p1^OKzO)xyR3x^5;(
zC<ei;E(6p%-V#Ja>2z`0hJtlPF_C#u>AvOprb^$f)?1Ls!f{gqp)>xy=1~+pOlDYZ
zEKLK+J9NPN|6WwTD`_EZfFq*AQzbIcfyAkKR{3w&NZL}+*B$`ikToJ}uq2wPJ!P5v
zdrP;X1yC(YHpZJaZ0S~(-h(zwwB@(j<o`P|d7wZ?uX0D$M!4|Jw;U(U`ehEkUJ0ni
zvg}D%IaH$4-AqMzI45j?XYgej7UFv{qebK_LJZtp5vyIroc^J%-3%z!Il1IOIpS6@
zIIMvQ>kp`h0q|@)?o>z8ZAABxwf$NW4*dxXb`^WiAW0<o)>+#EsjgKm6NYd3(%i;Q
ztA!qBItUbwrr=8iY)Fmw2VnMLTw?C@1%+mA*QUk8jx8)Gl8Dg{UV7=c4+bP{VUibL
zmzriy$J#sjUjc+V`a2x|dEMN~pQ!Kg5xxUyH}`IV&rXdvPz)%%^M_t~NR8tC71>0M
zQi*Ym3@>J^c@^-6iE%cLoHlN_HN8fF?jwc>eZp;6SLb8}zlkMGO4$99oLd&n`;XaR
zhkOZ{uxQwtDDs+Pr6@?nLdYb|CzJ|Mhv{g%wv&~37(C`JX|a|XRb~TGd#lnJ$tVQ)
z%_RELq-Mx~cUN2BZt|$^aGmbIvJ<Hwq7xj2N~@-Ox?GmRm<hbWDIptu-zu+ch?D(u
z$5`Z&@PV<FozoqM7}4-BK(>i^yQqU>^gp<hzp*E1KVGF6#%SQ76P{q&5yD=M*Z~-Q
zEiC);lCat}bGDstCMPA>C@hFSrYXePh`^ppF!L!;VDF?7cDK>&<ineXjo1s(Q<~Tm
z#LVVKc{U^Kts;yqGpCO;YBf~9TnaS)ngISuoqDTcW<PmZ9c@(}lUh*_KLEuNQ8Xe)
zb3VG@!@{8fasJd6PArS^&?uEg320Ir`g9myHzi<zgO*2gc^52;keIZDtZtQTrj;Qw
zC^x<85qJzki*E-%ixGz73t_b^Po&L2fC|e1MP#FyS(2jREiHcp4IjZ|6IdxKS$0y)
zmFFZYS%i&}7{W;{KEUmhv8cm~a<`ml%7VD^>nFNPV2~&d{1{7&sjr}3rjC@Rr~-d4
z{5Lz8o|%^V=?pZ>;lzn{Bt>m@35f<?xPMslQooM1E@*9k$QuIe!rwK3gW0UVUxT&6
zRUlZR1~Mu_@-wr5$%cN7Snw^WD2(qf@9^-6@z?mzZjx6}!axyVa<HVe@0_`A_%9RG
zhY-`Ra^wD3w#G3&SkVef_QNaI$63Qj0$k9fo_8U88J#RZq1D8b!m^r&fYJ!4%a0;W
zXej+1Fp?N;alnR;Jq=qW?p%l5&mQLT`h!_>+i|KtUSiK3>{uO<@RwPT2QXbj%3VXL
zmB*<Er{74x0a{ap$Q$N%LZd9-2XXq%^&gT8<Dx(~*<x%b5U#w|I1u_|N~Z!cYZs>F
z33(C7{@nI+qyYW>5j;+3htyK&9R{SgF)NJr+b~n2)_ie2<P!S25J<yv%nV&}Nvzo`
z%%KAbk+U?1hxpxim#IEgZv22D+nVt3%1Zbd`9YdPRi5{i1rLK5T^g!m203+F!X~tv
zwL(I1s`hXPjcb4S%fx8jP~M8=%vnlfH{bNSgD_9x5vCkb<qY4^l8gzD@SQHQgh*eC
zp(1Wh=5)!+8uMKa4n>4Km~xg?-7Lq^a_*^R?rw#nb$!lCF$@WIYZpz@H{+Z8F~<Nn
z{@07SFSn5#(%D`iq*<5q{jj~yy|;j$XjBrdYCx8V`XV}HA+N-_ss-|dYkn1>LJ2$t
zsYhG?`6!x6e{!U+WB|JNS1d&m8Ojt;A()h^jpGo?sE9c52qKkAjWi8kwyz+hI$>5g
z$L){IanRE|A*9LNER5i=T(Q%fW;-{}4rw@AvN)`ICB7SMV4Vk1jLUV#kJk7&3U)ww
zUAl&WQ{5+7bx%^$XCW|K!%WB~D9E=d`7#Xh%QV)bwdR+yWjk8AJg|Aj3-fz<JmB_h
zAhOh}Lj*rC{f`3mA?4&(18}^*AS7mEsBc&jjwR>Nl}+8@20LA%uc2d3!ToBRS>3&k
zje+`01bq;k|1GOJnX0l1nFhH=%Kw^fu<Z1ApXLKF+*B(dU`QA+;P0$tJ!LzA85C=Z
zpL9UIb}9!;hBsmY;aMNJ{yI<AF=G&uS$&91Vv8EIV$la4bhl4{gH^kP9|n1$Qz3xM
zqD4MqM!5Mj4Ugh`sFv84p!n*jw=f^@Sw+PkE*s`@G15%T_tgp!?5PW<H&6`2Uuj`z
z>%aK}c;rS6vp*8eneHX>%*h~Lg6YQVpg<`cPAxP={uml#-^;~nMU7}KMX(bhw5WHY
z<&IagIb0iZI}QyprqeNJ+$4$itIG7-=975+;ZreEfYpp7N6dg=@mSJTMY-XR8c`qk
zh<*4OEVDZvjA=t2d`>mR_GQXCWi*X6gDUW-ZGzRvk$ebd8M$zjsbCyHV_C0)lp`*H
zlj)lbK06~8?l9UFlurg}-%^|*Iw<5?UYrb*R4q-zW3BgA<-}X**BUQsdIQwM{>2~&
z&@8G}6*C<IXJrk>g-e+IMOG_r+M>*gBVx%CS<S3ATxe<)H!2#NmLR%M20J-Q*4R9X
zx3a5!J09v8BMwQ9O7AW4KMeg3<Nw3V|FBp>*iuhJFD9kF=27pA40hR4WM5eP-~TXV
z<$pM|`agtT|2ng}oS+K5CDVXsk>a*j#9`qJcmKmc$N#O#o&JaYPWxBqs6Z-7XmV6G
z=KqjKaz~)iFg!LA(-B&jXO*IH9Y`cAxP>chir2@Z5g_GLAL|j$fZt$(y{lm|7)wZw
z%56KsCq^uH9vg`9wgYo*88!+TzMCLg>_QV~D_cjAF6m|W&a>;GCNC;0D*8sSD~fWO
zfUBHJu(C&-WDq7bp7gP~!;j!)K32j{J|20~V5`CqIC=}=!$6W{AMP6Yn4l{|ANMr7
z$+yA1FA1K24f|n<^pfy|a*F>%;qYqUwjcM1bwc=F<UblY;J1#La0o}55?;*!BLzDh
z<`n`?OGrMB3N@E&v%!lqYVGuO>$@NWs|gcQWzWbYp~vzlWD$`YF~~~zmpw;sgl}bS
zW=Y9jFn!gHL{=&0xK*S=dwGmQ*d-9GL`;2u$6JeOU^5r<zv=r;#3O{5`XGhGUN)W~
z5GJl^){qM|OPadPigt+lFo|hkiI~!Axf<xuM^H2}L^iLVqjIN9QIeyw6#j?R|6%JF
zBEo)iQh3D<{&v#6LSmepAR|U>T%OR5<w0{JaZ1w|oKGRU#k_&;5uPBqN_tD$AGe=^
zia1O<hBGTu6z}Tz?N@Jrlr_4C<?Me*CVh&o&G%i}Xq<r&IBXow*SrmQ!16FempP^V
zdf>?m<hL`%DGN+BusHR_I0>-dS_XlfC%R!pS^5m?Qv6tXj7ZWxV-U#<Sc%0pf8wWg
zSo7~OV)YuAWr}O4X5ng<wiq?^=dcg9tdWx+098UiWdLQ}T2LpRrr1>+L`5;_O|%J^
ziR;u@uCVz!qy#&(=q!&%_{$r<TlL{G!`M~wYZT+vF&`VMi6v4sHyWIw*Aj_j`0-M6
zvvR!RC3m;%XZ2YhEG8Dnqk*a}y6p7vF+2Jz{g$~UmVqa}PLMVfjqEC#5Kg(lP_}ET
z6Batz-UJ~{SHP^P9?MJtG)0j+B(ummX)^(sYj^Mp9oc5J77`~;akO<A6+w6w$>@2O
z7#!htC%iVHR{M}MlWOY=>*xxp2c<;3{nOo%N@*qf0EBtbNuK=EI_c7F8KX6{tW8!L
z-M0R#89c;6ivd+#ugHZSrpCjF^h#x+B`I}od%c%K%D8`YvR<b8w9cQy7mXI`(~#7r
zGk;s{-uT!2ZHI>ShjSU_`ajw(RA_V?oUYm}()=xkTJ;ecu?gA+av8~58|T6qoE(v*
z*m?iQN>#$pYcw(Gthj?<_DaQSvlSwz<Y*L&%}4|mw|<n9Kp}_w&K1=#>4tmXOINGY
zNtWSSLNb&x<)%E_+L)d_RY%zpt<_w#Wj6ZXAJKg`d+=GNL70NeQ>jM^KhX2+2_~@D
zADn#CbL<ITv*kzfM7Fso6rIy>=RFd0^KrR{d7w7z2#y)GC*#z^%4hi##GZKvoEKoM
z-mLbz4L(H+LUSdiHlYL5IXx{23lK)Tas~a<zMDa9{9pik@g9UYG{C%6)-V#Rm1Hm%
z(I22wJ_}60uz(KNZi;@n5|Wd$WMp#-m*%tg##_W;i5RgAQYecEE}_5C@~6$g%#$xe
zi**&w86fId-5`Q8m2zVLw?TA$#91ssVGK@$Ig3Wo%4pm{Vk6Nr#0H@Hbu~2Z6U{$;
zH=`|8PfBB~k`ueIv#Pt=CTefxGy<dI@4Mi-xMFumibHLbemA6r#<Cd4kC^t=rdu34
zPL}@Fo)|UHi_1b3+`LNLifJt3-t0O^M?_?eZi9PbBw*Z1LI7jDQlfyj1;IkVT<~{&
z9-L)u@<_tALGv;s$rJgj8Ld9#=?wL^%~=G<(;0^JLKz<WogGnEyc<fJg<d=<?1qx(
ze>{@8J8mapj%15Ip3MsD$nUnM8=>;3>WbT%5=rYhHU82r3mzA*=-ezvh?bUl*^Aag
zdU6v+dLi(^2r8hzLBGaorHh}z{}^MVDUbfHN-l?RLywBS(?n5~zok^Bb;+n4EWSbZ
zm@=D$N*l(Wf`yi;DaTqM@ecps?i{f5g5#LwMucBaSP<+kQU0O^tSXHlA8_go4rS=r
zwnZD%jeghoN9_;qP|+*(fP1t>Oc=NXvCa#v9c1Ez&8`78N2?;Xo(VWc`QRgSq?0yZ
z;+vc1n9#OK=086Ak})RDUp<X)p<&aIvQP`ye#39~E#T_h-24t9PZ_=?9qho2JgJW_
z&?6;yWLc;<!8NSlnaAcbS!Uj44$WAquYIPx!k7NTh^S`w`Y=E?n5gLcZxNSv@4o6E
zvc?vI&^<A}PzA<+@34YQqWV}LC>}cEb*{6TN%eaTLU9IXe`!fB1eDyXV?R%J#6E5_
zNiG)vemS@=kDqWpKI&~q5WkzpNT9z@mvxnc_h>uJ`aY%=wUsX`v-=y=<;-M{z?ADW
z;1?=mDnl4VIUU;CV2s3#hD!|k5LyF-&IFs)u5D@$D6iM{aYa_{(oj4?rf>vEJ0^Ui
zuKmhiBgC=2S7bNJMjyjbcthc;z0_u*y(Ni^35^fB3>DvOpnc7Xd#1MY8jrJCJX#p8
z<^9I9J~&T)t`E&8JC)&;yfpbbT-%WM6g?cSRE&o+<GyG9y0YwAaXU5sGY#EC^_N%2
zK_Mr^qKB&WYekjQ!GPt`R~K;{yObqZ_C3-I`q@t9@OO3@i_KJ`mLlxbJeBek;Z)PT
z9x2h1Z`M7~E!#q!TaL#ums8rwntM8O+razrOlw-FX~%V&&kkdo-7!}^U@P^mS=wvQ
zIX85IYaGL)<Je;r(3vsdk(xVQG_Yisv|Ac`S51dHR=B+!$#*ts*L1vEhwZVHHCy^U
zY?ANVMm+c7u;GOH%}!<c_hY)7Y28Uaja5?pFti^Lw+&CwR(9$CmKoL^{tnaFMC#T$
zMfO$mPNhdli!EkTfT*yU4pB`|_uI6?D*VJ9QHn~IPgXU1jD>^E_1cs#fja=!JFA~k
z)D-%gE0`e3j~e@n3C(yWwo{$3p?NBt435bfdO~g3JF%>MvCO-ADQ6h?-yZlcbZ&YC
zO*QNhkh!O7>@vCL(pX49g1PU*+Z|G3$lKG>D@y31jJm>91WTm({hGE|_4U=^V!{)a
z)Le0wHd}w3?Pl1&`Nc-*`MBB>!3hUmbH`e-D+qHHgtLlm4F{Vn+7mz59DMLSpNv-*
z3XgdJH5?0RjT((&YuUdYanEXWG)HkS4Sk&ys7N9GEdR0+-%)$a1SjjtTkr|U*<*l4
zloN!%JZoqHKI4N?tZAMC-DJ38z|Pey!O6G_4Y`T6qJj)axQ1^2Hgd~svxLX`!PFf?
z(SN6T8=bPZ#>n59*g$gIX8P@RR#XBsnUj(tOvyWQ&)6w#1U_ej0od_zuR4xiqfjnO
zGt3CX;sGMtR)iQvNid~I$Hd!hEetrl%Yu1n@xR&Z<u4NQXVb%nveR&2{rbs==~*94
zHQdT14ol*7el~Ue>2*5r?;+g+#UO(>->x$8w4cJ(52LCX3sA8lf>jpH82JRf#2~xL
z;&V^QA+NVU9*w>7D)v)-d>WmWrr9WCk*?-cO_mIt<Mv)TpW<9UGnCnbzrWpnK*-P^
zy+L1}5o%vW`a?qjY|w<#^behKe@x$^=X|FyBh?X8gX+OYf=W2focJM}U;CtcBIws8
zk{*Y7O_zYAFE0gLl+^zA!{eBD82trK&$Vi~v!eswnB~MLWZl}5hrqF^*!P4s|K1Up
zki-u6fQPf2db6GKNDw)hr$n?mG6COFE^+#R71SsCQ#5|MRFx1~3QgNH#?LHEpUn18
ztKF5qvTrYa-SQig>+9p~FOn|xGLGla7tD#0n_lFVXeizA{w?$*8gr`fAk)KyO5eXE
z1Bl+@_htPO2-n;Jupl6ot`y)?tl^Is8VZ5-MkWKP@i^KsEQSKV>&YXdb5~~$K8s>d
zMR;on1O~>?NTK$NPqh$%g<ynyS6(QOM(nWqBo#H}26~~hY+tFCD_)C{h$weHdVgQC
z1eS{V3;_ob16Fvf(rFZu%iF`Upb7D;<rkmiSY#wLWE3|P@Do)vsUbp~hP>@3qgAj~
zuy;!)sf^Ra7_u3B@Y<JI+=X@LP=9{il=M_$L#mIFTPDX|LDJ|gj&Lg)B4ju`tfSmD
za<Q$lpblJHytWk>cZ${Y%o*bsl@M^lA#BP{-hDrl5C|6dZBbq@no{dmQCS*70vc*g
zQi8zY)&Q!d!_mQI9l`&{N#@U!pU*EA;%-208EUQUt|&63U7;eym{+>@gr)jG>LS~*
zMKrn>gmw5)gx(T><|+ejog6`xq>*XHIgVwl<utK^j7)0E4(;HQpLD<grb3ieZh{e%
zfVY&jW2M#kv8d8fe6wtDRRl7E?=`_KR}biRe|>Qqcrj^O{^CIq9X96EG#;jE^Oz}q
zv4pPVyK(O4p?StUdd=D4)0y~0k@MxuUDk5z*8)t}q_NOyzeDu(7MtRg3&1E$PX4%p
zN{@=q7T<F`>{!;3uGkK)`k6;A9xp_Qw2U_sOhT3*1!T#{Vg2-nkYFcZJ0IGIDHGUF
z%P*3vp}5f!E@2xjkD;T6EAo$(2(HR)ZnLa=s>ucGs$`UBIX9lv&4=ys2)0R8tA?oD
zD32*5`4zweQ-$ns_C=c>K_^lsk+f0+GgK5P1LNwD?hkk5D<(^^CKLT7qd2cjKYP++
zD4O|AEOW)^L9q89t2p6A)eE+YK_`9bGH<+2x)}??7&3g@LLQ<0q7`*GvL8kFB9TA9
z@KJ*&a#dfHiki}YE<UwB2tvfTKgNOX1Gm>uaxfbU#<gQHVH4r^-!DT{nEOzeh{9HF
zS}nno%my*W*6g>Y9hl(?9`VlbO2f<)wOE^H7y@qDkx59>e7fq|YLQAHwk3fXEyIj3
zP5PH}5)|}9jn214AR8MyfUy3<_C&+FT|&%(Md}bZR_Sk>9guW@t5z2G3Qb{PXVGFy
z#;mV1B(cOb$X35f7<@A5q=s$APe};|TP8CRQ5Wm=FndaW24|GYw@>7f?_LCUma}xG
z&&qBV5R-N!gZq;$FdA%IH^7o!UU2X6$G<<Tl<Nr`Ik@l{43R~KSvPuuQ>qavHc#9V
zs}U~7m6cZ<P4MZcb5#;l{3urJUlY*H1PO_9X9cbnQ>yc&MqO?))h;S<umqU%-Ft}*
zjEkn^(57u3pV}7rBJ>fF+rcz=>Z!igoIR$s%ywkM(SVHQ3whDS>Xb5_0z0fYLAg*Z
zP|1`_L9pz`9swb}M+O4Ln<bv29dW{-)h^Vywv=+{R2ibGkJm{?)SXp|wJvwk+048>
z)U9&=ODb<-U90R#0v+AKC``1bGky%V%cwL@A~^L(w}hhf1Ro~$Z7*GBS^a@P1)@k~
zN2XBkmcTbhX{7)&zE7j@v-~H|t|XcqnWkuHVWiD@_{owvqa7G*vaHI%QC0^>TNLvl
zCaNJZhk81sEX_7N9CXS@U87bZ^duQD&-7hj+oHllC!XQ0np#(KyIF>%y%ID1G7zl7
zEp#><lSMkE=vC!uGZJmZ*c!*1ZAaQ!q&1~i3BA&9p1J59JndL@Ah$}Y$1wOq=nOo>
z268XpkZYgf22;A4RiR~i)GWia02FypFpL<QTamCAH`Ou4m^7pz9-00F$GkTckpk6>
zrynB~mIu#DMQy;sOb8$apjl_p=d`bzzjOoo735;q!gJ7^j3~V1c$`2TL2?!s{VGrT
z_=}lT#rTl7H9!vpZs%=28)%yMok?OUC~?cbed!dtHV@7a$AfAtO)+0}+hNilnB^Z+
zF~maq$DIUypyzMUw>9jF9T*d$(*sHNH>;)12O6_Q5QSJQSax<Mz#t(z@;mA;o;)Fu
zV-`y<bxFj_B0AtKJSB>*n~{C`DZ}p*|D9~r$!Qn1a2)p6rUl`YZV)fLHbv|Iy8QOV
z1QBu!^>Iz-0P8OIt#x>&$XIOdqH5}R<UiU(Ou8pJ5V2pu-F`&@d+xnluq@WHwC~!2
zB>K0wm@-Y?Cj#L|XVjloa4~kzN`=0&Fg-aW6l!ePjS3@Ui&ySz;IUSjdUW?U4_hT9
zuc6Y$NO@FGL8>|BvZQiR9ofsy_P1stbw^}V>aAev@>rEGa_fg4g)E=GenBGWa%Ner
zovO(<^t%YCBqLL2);bQPHfStJLW^0*07n{PtZjcxa_G#=SZ-H5LEqCjNVP6e+|B8A
zOasnAp&@c61Y5bVTJZO77M)xFMD;A}hxgr;*EDC!ek6Br=xF7BzWOK~1ieTTdWZE5
zvx3X26?w54$-ysCO-K7c6^I0aehcS9|KDcs_=CV(7OHMQfLQ^Rrd3_pG@Os>IRDB-
z$?d*0RMy|?iUlU<qyAfap;a@&_7ANyfjt`2y#|QCp2BwKl2W}3j8CD)laWnom6<Ue
z7CX>6!#fk}?=j^Go~lM$7M`z@EkhBf@rx?iTaZI5NQwiSm`bo}uxghXpv$ND$wj(_
z9#})=wXmDX7?BS!dcsdvL9?FR5{I;>S>az%77$;ucq0S)JNc2*vS!KTJA`$~POs@)
z%^<sE`obfbR|C@PUg&HsJRQJ{1=~1AV_>hvE_1QH*pjULhQO8uXR+-xkA%Ws&Ic!b
zXOTH&bCAzd-j=P-e9)9DuH_=-G15ir7#4FY31#Io1JZ-V@18jtWIL}9#e_qz<+%v3
z_-zAM8PSOvH%@<2k^wm(4~JOb@|?NcT>F_MW!zsScMvzyilbK~HgK(-;Jp=ZyoP@i
zn8uYAnkAtpTedO!rhS~!e`fEKHVyRGN$sHyR;85IL*o|?i=0!0?r?4%)f7@jQ@n?w
z;VCat(5IQ4u>2<W167$Dvn`uaObj4b$3S9xM~%>7$rnC)(JRFNyWp2UtY_d({CD~{
zq7PJpf-h1zaAGrbfFGjrO->ku4xcBMu1eK9!zirEHxCp4ep73&mET3t&=D;upsrtW
zp={;<E-BDFCRk~+fnAfDG6@QZFNIuX^c{cgvN>&Yj@Bz_9<UwdX2kb>pVM7eYbk%e
zDSe8Iw0e>BsFe|XsH9N}KB?WMUYwZ}v?cff7zl7!?$zHZ<DYkIK#!8ePDyh>8F4)+
zS+e9-&JtbQnTZcRU$VtKd&DrQnS!yLRC%01J=cg3`l``H=YQe;8Y8w9sY-ry%f1s~
zhGm#xgdg}L0x_6W`DtsgjNZv;_2N8i1%nEAKMRvBP7s5IczuyGn;v$NE9bz%kp|A8
z7`uu=2v&XbmI4r|6!gS7*01x~=)!S};;1$Tvo06Jm#D4NC2rSi)1v6bKy8?*haL!Z
zI<rodWLyg7@F;Y<R%Ru_xMa1fNFDC2M#isjQATS}x9VOrWz_cdfkDxkNe;|l%`ZZK
zNK*1VCKUnBcNgk*8WPS&R+Y|TNZ$CX$m-SsI)Ayw;564(Xi>?_5B*(%y7<SKYnQU!
zrhwR9ZUaQBK?iJvIg(pw-!2tjV<kGNI7bImyGt041+xc4uWRL;W3krZSF6zc`B9hs
zjH)tY-7rtp`I`!`L=Hf@aG?q|iTa5ZAIUGy$zG5-afKS!Hq$qayZUA<Ls1zlP-ijJ
z^rU^<VZfDZ8s&xwpM&4etW>ir<HCH(7YdFo#Lnep=s7!B(2?;?84j!r9XMDlF@Ro5
zR(-C$pLOPmg=ANWi-tac_AXzJrK<r9vKzd^p&#w8+hZ-kZ@tGz$LmUM<g9Mx;KyjD
z3WJY1z=>=*Am%$MZuO_#_eFhhGeKBJzi>!)M--*NS7u>xfASU(t!Gb+Otxzhxn4@f
zEqMC36bwlzH@xucygZ5{AVu{L&yfpF<(Uho#gttDYyG^PEJN*3>w^Kgw_&Zw8u*Rq
z#8@vF^Gv?L>}P)vo-B+gYw4`{DVAE+h$1WIU|%`(-7JAYzMm?{<HS-yD31vf<#CKp
z0DAJzY!z{W<)LZF_>Un=xA*R%Nb1>er(fSwrru!*LrF+^Gxa^JG~Y7DV;6Zdr*dQ}
z$ZAN?Pmm)9fA|*OsXm{^8N5<iO)`D>JcJppUL2-<elq#MmKeO|2|RE>ergkmy;LyY
zb*5A<G17;^dU_gxN=sGCEImGLrzZsUyp0vS>CX9V)zQ(u$8lCn(ATtZddui?kR~Nn
z7E?2&1PI|(<w)Fn(I$zPOT^xJVrvIN(Cwm4H&$`Vnq~_{>qk%U?kQue))YRiC9o8{
zZU6i303V_B;@!|%Pa|{{M~Xx4Sw$7U%e+Px*_JL85jo^7^%BOd9gY7Do2NW{*rF@C
z`lI)Cq4$<OT8e0NyX@Gz8p)>BEVVI(F1jv%DGN-vGN>S<kIi6&eBE3DC~WcNEYKq;
z*!_Hcx%=!*|8{q*dlc6c6cv@Xl}o}cn3J8WN9^;qv;F=Sbz3J$@<)J&JB(ZK?elp1
zwpSE(n0zE+cRt^?8j9%MtJxygVLFPZ&@+^-MGW>rnSDDtK!5C9uc=aXk)vKq95*+8
z9FfhJTa&!*by0)q;v1DMRjS-Zj;u}XMLc@P*DyQmvAW}S23$)e6hKZv=SD$?@MuFv
zI6{u2b%Lh->r04GGu6P<*MNXRSJ2wt@e5jmWx~171(FU>HXtS|2(|@vM|!qkkq}R)
z>NXX8pPApr67ikN6|g8rZ=U#B51mHkW<`Ou`+;A>6c0qcFYU#TxFU0tuLMJ}*dC;M
zku#~q=4KNY-qIU*q_?FmR6qn(#$k@V>JA|+)k0L;+WbfsP?eV})v3OFA4`UQsaqPY
zP%LJ{;lqZ@YAcqoZbhN4-O*>!UB0%@`ki_M`n&=?I=(V+V4sn4t-7m82Z~z|^O;64
zfPEE|M3|B>0<|K*Ywi6ct;j$Z6r8}=BH@X^0F3+AynnMWKm-_IqN}0b%Drb7B>2zJ
zbCqN+$u%Sindc<&2)&$X!#~U)b|*dSWX)g@w8E;@O>5yRtXFJ!PCPZUA~@L*<K)Hm
zHVq}G49q{e(=s;u)^GfMSrE_1jl;R=>RKC76N*dXqR*}nvic>D@GDU}Wv4KPNU5VM
z7MIUBY7q8ju+a!leQKSAgI$KPj}RNs@sQ5E>3TniOK{EZi62WR;v$FPk)?vJ(o&&C
z&Y;dYNoZ!Zw+3NXS<8t2%yj;mZ~_A|9xtbg@&sJUm5wdk^#kG9Uzpo&bzSs9+Rb(_
zY~9w!91mX|)j_f-i|klxjE}78-4(z5uADA@-j%N03S83bL>OCC<8#IE3nRo2(?5t$
ze~7*;itZ=NJ`erwg?<jRp|RiFg<8{h$p3@&9sE)WU8AvKFUsK(1AkVa{6mXw{YFc3
zvB}<ombzM9V{Yr`_4fF<GyqmI^8AZ;p=I##ENNhGK5DNow{8BcD{4Ey58vAl*d&mO
z)`hWEDIPbnt~X>EY|pJOYl8^Snb?+|^utr(fNE4kJSRv_Fsm2+lteE-DN5k=aeH^)
zxa#R{>;TnaOTRD=b!r+_fk`ozX=csE_4)Dsc>i|);so0Bjfe;ML2|!0b~2mF-#0q)
zO@)#b<%zMf*6nf04z_I?QU#uJa2BXsIIOinOmX+x*FyUwB*cYO8yx%8Hgc=^y;inb
zAe_Bw6Golw+twxj@YL65{AhZohnJUk2y}V*=l#&3b2{&$Yu)R``03zs>*r5{%kK3z
zf>mvVP!}0;z@gt-`;(UVKCzUOi0Ane+HC{CWZ2^E7~l@|;3zj4Q6Fdj=n0JdQWX9n
zy7FKeWmP#Zg1pZ};XY*ZskCVd+0~C1SJCAZB86K?e?2)^$^NP?9nm``_z~1bVwQ{{
zxJahZQUZf1>bQ(l8{=@&8a)>@9oJCSO}Gu)lt&#&TSYm|$>n{3L+`6mMNU_l6TKHs
zJzUI|4=|P@{pr`6VA8BHDb4c)`N|jpq0L<N>5o`65)tK@HYD&~aumte_0Ssp8xzrX
zyT}!nhiwz5<@1Z;ozxaAE0P7JCRbF77t>v~B;$!Pj3D<vOqaaFgr7Z4Z?|R%Ai=GV
z!vs)W5uZmOLiY6-X0d^I2kZUL*yB!uhh_C;4~vBWdLW$QB4}$jb9jjhwh{Uvm+z$A
zPxrF;${_B1FN(J1Z7WyT_)WAl;M(*L7*~1|$e`O>`5(yZs|YpVy9Bu<3x59l#NU`X
z5hzbw!2Xf*R#$4R^A5ivY2e`Zx^Pxu-Q@zI!HUFXwoez6{hOdm@KcEWb^t(HUbmch
z#6Zft=vf)`r8q5TQU+yCyq1GD*4lg)mdg}K?1IC?{Nf9gJ;K#yEpv)l7!#6ou?
zB#>2?Ic$N}7(pj#N!xI_p?c4l7yz=EVd~ZN0zZM!FmaiFa3-yda4~@uE&)ANhL5p^
zucF0DI}N;ps>$bmgaq!-i=dA)-&H!iPSL*Akwwg*@07Tr(a?_BZ;RaKLr;~xa<Uns
zSAL^Jte(n40K)lnTW~D3Gs(r{d6;lUY`#wqDv>&DRY?)CFh|3PvKMP5@pn0-dfEQ6
z3i?~fLNmyROX1(i=GIM5$_7`dDN0J1ihE*`;qS40zcB5G+0zG>f9egm@Bj)(Uw%Az
zp3GH!*%K^IxDTvD!n)pHtU+UYd3g>p&|Hh=$(!ILNR>AGL#aC~6fX9Sy^g*~M;#3@
zRdS@KydGCAxjGBgTl%Fy1Uwp;5ySfIn~}_QP?Ba-`Oj0)L3RLbrp)#2tUGUda~-~{
z9SF)+;@^bUW5^j@7w8=_vwpBeWgVl4tG(S^T<*73XwRT0Sq90OaJx|1HECfFWlJ~*
zzXD?sFY&F4eD1&WrxxAp*#lcq-iK8-tZO0$eYNU$22?WWg>~#fkmeSv>WxKny%p3l
zu?`y5&gJRi3ge|MeDVMBogRyJyI)>1m=n6bS@~5nI=CF7v`;s2H>o=MWHr5c@Rn}|
zkFN!STs6(lKHNbYnhj4l>mD^v`bML-xt&|FHceajKmW~fE_*_u^Uq=Iqa79N<$l{e
zzxGfWy}k0Yy95cu&Z8+tS%PI=fjT?Am~wHiKuo!UUVpw`eFjI6d*R=X?iQ+E<&B>c
zjO0U3(H}ItOUE?)+>?;d?jS6|4xiuH1lGve*7asNJr@bbL>-Qw=`D}8Oh5fsb2of!
zB($gCYA&g$DzPkB%Fr~pIM%hVO8pUX{R`~Vp-jlTezHf!WZAD8#5xDcIlu{;&VO?W
zd<C_iU0k62d_8FD_9gn2WfkW5qo|wM`OVy23b1)`RMt{!?`P#=_MU{idtqL&J-`05
zvAg|A
ZbyD;2<VqieiSlWtkTb1)Pe9O`&93W}V`Ebe)%;V{tm?aiXJZ+V(PGqU
z#xwC}UY(Ef4iHB+hlZ>HPz1oLSxH_q&QUc}0ud&e=DIg$lj?SwJD=~ERC0JbdrH}~
zlpBW}Og9-;!G1n@q3R7Or1gi8SlDe?EWfnDhG}osrglc6Hf#lKt%Lq7LsB{S|Bl#P
zvO>tpWOATGosL^o$e#{ExpN1VgqdVAzA30`&O3X2IRySRzCCZw<|R~J%m2W-WH3RH
z2QFQn)wN#Smfpa&G;0HPGW7gWFvf!8M885*P65M2fH@2OGPXsB4(jU6_O3ZSywNXh
zaQ8|OoeNdlLcYDu5vRQ(N&rAH9N83wX}0fWK9sf;g8we}W8jP^Uzcy5n=sr@U-b>g
z#$6F#8m<+k_Bk=sD#T)w%|Wt<VRWlpoy$D6O^)H3-PcF}OdAxZnD+`-qEMUbBT~{^
z*iS^zALz_VMIzjQcqIgnf<_R4|5FVW^7S4bIU){I*mas6zs&x9S<Gv6wS!#*^fKX9
zsz4IH1*b^y8qaDM>;u8ZYAlU)|DcLr_w=xwhGw0WMB5p#4>kyMk_t54D}&g)R!l07
z#5eHUP$}nZh$7N*dF#u__#`3Vx^jmBeV!dIUxBt1dwf4m<~4nq6S9b1!vLNB->OC}
zPt^tMy)!k|j+RnB@MH-->U>*T(yx}c4&VIv*L=ElXF!*HTVD4d16ivw5HzQs)m&Y#
z^Gq~VgW}PIs)}8hEF}1m@ttTj^iXf8*z%ocmpeq<SU0EI=5{;`DH357_|Km+pH+z~
zfGR+=MGP#9Q#h=C=^^0xkwPoMn1MRi)JiHdCr98kYqaE%r0kc>Yq?+{04YDBmgnEf
ziN%o%eE){J@b5M7{tc{t3>x#TOs+tyr$VHNC=F}ts(dLA1kO7NJ4(!K-JTuxMYKPZ
z95<9vMFrrjl6_z+sl=W&V1^WBt?+*t<*eaRSVvNMyyf^Lv^>>T2Zb=F>@UbFhQ9(%
zz<K0ADKYNm{UI4#D=lTae`qHs+=nV42HqT^B@D}%rUPxV2bGm(H)W!8r3sF5!rc#R
zDs23o5e(T~IzR{yei63M!HBNjzMqeJWj6sImWc=}M>~Y(WNSSk^0j-^$9-=PLEWr{
zrk5k1Ob4cM+Sks`qU4ynp_p7;@l%)wq5he>89HEJR7jkO{osl7y5++gD_TgbTQZqB
zmEO<qJ6}m*J`lD^HN9RM&}m}h9>sq?0HVJ6X<K0Zai}UC>93CwHxM+RT{EN4vip@O
zxcfOMqs{h74<_2iRurHUIR^S9P;Sq<hjKC~w`<)e8MLI#GwK(+Bu>r9ENma$q$K^$
zJPz|YFG(OJOK^R}ZNhq&)N~t{jiyiV(DJYuiRD)2<QuG}(8L``TGRJQzh7eF`Iw};
z0^?Oxom(m)^Cj>Y#2W(=*1k>sPQ0d#x%Y^_lH6_ZI&tF=Sgb`E_7Z+FG-|yxG6NVa
zHkUuhI)2uKj*}uEr^B5D?vcJDJb>JHT%DYJ)n}EVmoB%LSgx*&-@eQU40`;v69iD$
z+Z&GP5GE5j0?HK(GfM7?*$9vM{#a6cP2%H2?MVuC_caNqm4%+QF+w|1>i_0XhRUN^
zEF$WXVYk`14_s<|v~^9|*6s5fd@=9|)nboN-)nJL{mTxUe+z7w8Rzo;9-ql65<Xqi
z!r#H}X9>QX{5VzrzWHv@wLU{-^e-Pt?GKgEF`V7+&vFH>ETOpF=5t)qNo1s=e_T7)
zdc|OpDA5NseucHAJPk4JJ@jO2k&wtyf124+yB82OC%MNvA#z`$*1cPn#fL^NdR&5A
zIZpMLkfiC)7>$CGZIM|~V)}(Cay2>b6ON|xS_Eu;Y1eEoj=hDm9@zf+)$IH2O*9-s
z8|J=)-m?-vpN7Uqo<KIV`tN={Tmc%hXm88b7l~4^%7gg<cVDg~7#PiE+}DJ#J3&pD
zHa-}&r)}Pu=?CT#(obE|?bhrChgC1*-n=Gy=35g6;vf4NMKP|ga@Yw!<OSGst{3kw
zS~d2HYuXgaPspC7Ss<JHe#0a7WWdmJwR*ae&x185?nxCZ-!$%5$EWMUCWVPjX>3>}
zVUg$HhDanvOG__$6jMzty8Or#T0U*!5LwO1C4Oh9)bvjcPulb)JbU}B;!eG$BWaci
z0`6G`z2~0&`KxQyq*t}sB89rG^n=aToz`^A&6xa%SE<!ffNN`e)=58%hiI<bYf@GB
zLM*?V%B+Vy)aOMNUT7+5LoVeaUV?RN&HT|0i<QAZfXTOQpihMn^;cP{)=<XMIi6#w
zJ_0}!w)F-{$y*5CJ*_F7wBAAp;U@vhZ)lVHrDL{vS%bXRyHwlujHVe*IzH3Sl@-y_
zeR4=6-K-pr`+bH(Gb1Hlqz1HJyGxEd>X1#IDVuhWCP<a16aAO-(xfxY@35+bJ1km&
zXyI}ARG4+lMEf}>vB2Ccg4z9WMK;9r2&b&4sWF<U^Mlw_i2-@6jn+wkgP=4#k7H+s
zqTb>Y!A1)YOnCfC&BRHC1cAj%bI`B5$toi?o05fU>%gHn(@<yqrzlLLMo3FlI8EDb
z^(OAcyDK6y8km21iJzt8o1b)3G<N%bcYN;Zub_>MjjqH`(950Viyu)*(C1dd0oe`0
zVSw*7qxDLFHg{{sA^3shzlvy8Q0_{$IOf-!mSxtar2yWW%kJ;q%KEO(M8lygeR;~6
z%@PJuXp=YMo~v$+7h7D9d^avmhNK{I@i*+lm_Kia`WBq+H+LL|lXjQ0?>=R1XKEkt
zc)JGG%{w5^42Fr%qcy+0l=B|1xKF<`TB2vr&B(vf^4RD=fV{qD9kZjy1ZkCVu864a
zHkHP^8pqZq+LV>hOitp!m#3RI45)ZM%9Op3MA=U%^@JlnjOvCV7zu_Mdt&Jf5Anj<
zzH#nYr&sET%n&8Hal`rAoszdR{Mb)de2@sR(kCGN;dieL67_Q`cI0s?0w7r&KS71L
ziY*QSV!^fRp4eu)M13lTmExlop!MsmzWZtZv{_ijq0YjDdf2Lm_f}w1)1L_*8r-_~
zq^3ASEajEXInQY?%Lqg~Bw9blzJ^&n<krNN#g*<<I3IDXK|)YOlf~AV?DPtGr(-1s
zuUW2wwBRA?NPC~n=+As>Ve=nSPd}57TQh6m*or^;-p{Uhb1qyv^jg*YBL>fNs=rye
zV1ZczJ7<y2*Q2Af_AUwD+(c8c!Py4W0#feM+zH0+A4^P2YQ5du$r$S5&oiu#A9uRt
zw`W~#DrR-#n<}vJlT$a9ZjJ9&To$Ee)TC5*au_l^j;i3LwEXgaQ^<bht%AMYp_*Y*
zR|fW#8rX2#`oyd+93CnSYy_+=5V=WNSaVs=Oc*^^j8ZjRfU9y~hCnONsp7=ZI5gG9
z5`0y}^QYQD@5>UO%S>n*W}pq9?z>&>mCrXCP+f^@JV^Df?g#4OKU*NzMaLLX%2K|k
z(Po=kMb4euLIMJ8#4d?v+r6?Mk1S}#beqwYLujO(q;<ZH+QH<5PHjz!?5%MO@-W@M
zrYCQzDcwv;$i!2W+^fca@E_0LA9Qv=R0%SsCT@IfF;Wi7&P5z(I>x=_CE+(tb4Zmc
z>pdr)m#i7n@Q*XyiJ%EEMNv8nVxenP{Fr|}7)5*y|IVC@6lC`ux2{d^%A4T89^>hf
zV`ms=S8|}+$q2)S@USE6Ivboc>?Wt`W)i{J@=lIymrmeyScKba4X_n)DUOrZ-2Tv`
zOavY8R!%FpU;m<8$zdDMv?poDNDW!35@;PSG_X_0ow0>scwGz>N;uO?(xxwkBm-Ra
zxwyjpwSll7`H&oLL>YFLH(#6vS0wUDsx*CpX3y#A3P?S{S0_5}nFHT+S!*?3-XEAq
zeU$GO-+ZZGFT%e;jx{+$x_XwR)A~V%54~@qT2-f#f2L1(WY4)a^xl;!ux(1{M9xjg
z1$BElr<_@{1uM*N*+SiPl(<^B`}^ksapx+%i!W+nw@1yl_heLfU2nlo-J8;%bv+TU
zWDbCR9BLZYRXZ~{;-1m2fhF;gbyXK5M?`1`5ns`6uHR%&El?n!zUKjn_n5dZ+w
zW&2gckX(AsAO(XR1uXntuT{`O&WC1q8@Xy@-Fx+uJGAPm$RNQLJ-XaGaVgvS)66tG
zlCs=~4SS*9C_`Aa6CC>++f0s?5{LW@*n1SKeTCtY0aB@Us(Wmazx;f}{D!4-A^2-*
zL;N<)*5WiK1QREv>aqmDe4cE+wH-&_Vl@hZrA!F5W)OTB$-x4;R5-OqA&OJu36NMY
zn=|c|7Y$Pa`<H*TcM9@XsC9q#F+(-gShfclGUS1Klg^*cQ^y$sAb*HVl^R=lOcHuO
zwyajnP~xb30>a2|eXpNC^AP4)b&)j+()uee5VSOql7{R9hH^_27fp=F<|KQMPdG9-
zP$=vivAP=VPVf4;v+bm-m=;u}11E_^yoh;Zw_0@79B97VC)(a(4NSCF)eEhij9o2C
zJojB;a$0tnHH<^(^$E+LKxM(eo8C_E$WIW<Q!lDji@j!qO&Qq)vstuZm5v*F`;$A{
zxT|<bAiqqsa(UPa$Ii|d2=Yzdpdc%8*7q|)I$Yiu2>hH2x~aly{Ln1ll02ahY~n%`
zw5ZPi_Dk@?uxd3H8Q10X>XLLiKTm_xrnk15q$OO1PZCpFbSEa_Jz=7I&$jY+N0zVT
zeS)Up#}s&~zQ$?j$JlUv9nm-I@&Z5CK^tHxy^|%Oe$o+~ERuUoe8U+);)B4=TUYv{
zN=Cd|gB<_W-ZS8oymR+AQ73u!4YZ43r?l_wcprjE$!fdMtDl-!Vr!#@_`i^Gxrxsb
zko%1+33T)^P&0J0B&_4}Q+A=va&<N<cb!0S8^41`F^`qO=9Fie^J?b$zy;&w`{DP^
zsjA+7RceeKBdNf56P3<}AMKqLmoZbCOAogbE2Trvw2So9k;y+_ZI7|ihr6MRu7uPY
zv^JiM#g$0m`bE$U|7s!sZGNdB_YOxHS3wSU(bd-YmhP!V_vH3zmtp~Egt%b>D6*`;
ztuXFbisoR$8u9g6y1RT$IWpzo%LG<8#0aDb(`+^}wCG4)-QI9d5%cCSm}+f=hWGc{
zIhRO+cWmf{B^N;lX?Z#A{?s$>GQThri*W6Dr|k_LVcFOc7Dw%XEYcE1@oM&6)}^W<
zdh!catc(H6GiEKKewU};IuTnp#Xpw9*S-y9uPdd7H!k?=->5dX^PgtkT}J0!^e-v<
z=TSFn*}}f;-TF$Jy(D`h^*k+quQ~TibmF6`@&vVazBQ(U%#MblM&9deXgBtHe$PUE
zzyB+AeOQ+0o>j6}g|IS^#LkENZHT`4Mj@oN&k#Y>Oq1^p+z@K0ZoWP34M;O$Mr-Xl
zdH12h#^s>tJE%DsgC7IvEgP?yC_}#G{q~hT#)<fq?&;g<c3(7N@Y-{~5e`=?$5K~=
zV_ZpAHFS7G`f@8n@R=uWtaT2RJ^*t6ap|o(0cv?WXZc*#k)i%1fetRi7q6+8Uu^o>
z#m=pw5qvN7l1_{*8K5E6{1C-}s=U2TNw6tjN;n40ixzzwLI$a%@K4w^?rapFCV~3q
z9h*8HaIwIPCqI{0dltJu|5j*+K>xfxk3lV|b4H-Ek$3jFo7)}Q8q=>1<L#rl-MQxj
zp%4?LNhKks)uYc{$|ejyXOBo$z()h6K{+0<OMlDIzRS1LDD>w0ij(Ud<{_sl^~*Q5
z@A6cd8+~Ppb=|AK6+#Eo$mC+xd4Tqve(%Z`hSfdhnRu8Xee3hH{smi5QCKeCiy+8_
z&D_cYk`KSv`--^B88pP(TW)+IU`Ju#;aYGgIQcAcN1tBSOmh(YlJAoXt!6s3Jg02r
ziETW7(9wM1OiB?%2-7wcb{G~rvB(Fcu?W4#GU<6U81@bs&VHwg>I^$dq;hqn$?q^R
zI|uFU$_{)2DSCSTW^FRGfxL{(#@00aEu;*hE{dtr$NB}VY}s~+J^9n`1)$UBG8rNZ
zeEN_W7Bg<F``3)Cm=&+#^96VOffb4^6u+SCztHm{I+IFlL>2o@d-rVR%yWaQ7r99U
zGR@Qi5rBhX%D|YJ`JSjU3CRe{U|ZJRy386DZMf^;d`-&%{3KSxTl&G5>%W{;DnliI
z{}G7yOnjDq{U<6HW~yTB{)s{~?l8p!$zpGfZ%1QG=J*1yJXjb|v0*;8NI-|!&AV*c
znq?5S-7xP)c{oh(>5X^a2bbr&w;$>#?5iet*&}kOs7l}ScfC@aoXMR1fi6ZNi@T|$
zi4ft^_{WO<Qh66w7K#sE;*rS<h77?A2<I+bVlSi)%;lknm-6F^Ynu4Z@4uqNZ)qHC
zhfKCu`ng~GTR%MmpFPIgJhthn!LF0&^Oei6DP~*U`Q&28E{zaDg?XU^QQX@o{Bf66
zp&yQk%a#@IwL3e4l3%ai3+3~Orn_<A(~m#vS7*KXf+X2_x!JxwaZ_yP%0hq}O8A*j
zjIo^FojieyDg(6~#XQcocy#VU_NNe(<Fd(v9VDm189;(l!2nk@%)tt0d!MnC63mp*
zf0ih(J5awZmM!v`T||G^OVjj5pzby!P0&Dc{Ozq+arp{YlN`+}Zr%pP3XVU*k{|{Y
z`R}2G^$~u8j4htb0ziUZkGHd*U&(v{AOa@RK$HvoQSv=A+92j-D+F2E?$u{$vnu+F
zdIfG%$ez+zy`=;}KNHKN&jdds<5R1&I3#TXq#Vq>C!>#T)pFH`uy5ZiAAT<lRR87O
zkj<HIN;q%gW@v1UuCjWVN$7sKu<^E;9&JrJTNg&0HlVX-*G4TJpBt#u^BexCQ<v<p
zF9<VyRzUL|9t-!iU7X~|@aRx3pgv<fenmHTFFHpSHJbP%OAwA7ZPT|?wYx?VE~M)%
z4#T-5|28WZjv|xc$EbFDiYb1ejvF_M(a~}lj~&$}h*~d)s`06Dv6hZ!cz6dE?u3?h
zd$8h5zfP_1Hz?yi7z&3pCW)^yVKGGkUNawBj^xUhpm8w#YiH7c!X>Ly-F817=H~<6
zzhS+47li*4*BvP0HZKFwSusU7;H*!*w~FuVtiHS8iO|$#>yDO1c(ZdeRJzgLa<^)t
zw<m_}rv(*URbf3vEMg6FpVK)i&R65+U8V89@4Q=Ycunt4bM77mR)R=n1rrwdi{E`N
z5_4!?++|hd%zt@w@q8?u?|)OwDGr96RDpBuf8V^^E5?6(w)5=q{<oI0$o=n)S_4Pl
zF8%gr*VY$v_p^xB-u&PN^!;vqc8t~B`6{Ng(~ZxzH{IbxP8PoO75b{a@?q{zs3g8j
zc%@OT2#`~~*i#}W^;gG2KkA@W4Qj59=Zwjkt0Q+l^>d?E^rMbn>t^Egk(i(7wx54}
zZEk-~;*k2VMC#Bf*C_Y;g<gq^RI0re=PK4;jm;VvC=xIEcASGCj|~9nE|f(c<CYd&
z)eSlC80qFh%fYZ&c5q*|62i`Od6Ji^hA8^myXfl#LN52|JA0wuFbOrAs($rV)Nio}
zvsNpZrYe}4XY8+{$Z2x|E=`xSL}8!}+zTjkY_}EtEuzS2+0ByGI2MTxbYD<~Q`gHq
z6*#urFI;`&vePbmEGN{hP<gY$?UqB~KKsl)k-BWGns!T8%&Gm`fwGyH{UE8Dfj@_$
zE|;vLnEU(ZRl{}G|FCGxma6~R-Fg1382|U#&Wp$QA8RQK>3`H3IQsVAI2r%P@|8el
zfqgkjAQ#(uO^^orp1L4+s1+%M%G29TA!OPwMIn^$t41Nztj5WAQKQD0t5hl=Rj*X~
z(iB2RSmGi6|JnQ6?zU}Y|M&b9_)FP;?5ssucI)nXPwzdB<K6l+jeTt=IeW7`6+}W3
zY6@TgP>$O4e)fCtM1mA4ihA(FUGqiiQXnvx82~ds3<kXTeP~|a7oc>F>^YBlC`tcT
zThmD*#%GzXIQ67@Q2|4#*Jssg)&wtcsi^Tqw}5_W48kShQNm(os{1#9#q<a6AX}%^
zw4Qn}PHI-6%LQ7tkI5BQv`2->aU_<2<g#h04vaG;mr#0LzQd8|q-mu$h`<>_p0T%O
zjg8G=Z_4-@Y{YF`g6>r?0aNYM#@<XP8pwTB?5(1fb+I>7?IXwDmPTl*Ea+__G#mDF
zD*I3e(>Mca1(;^5kmw?p<mrlLeO%OvZ2P$ALqjw7@-)W(RL=iq2SMxNzrLNj|M%c%
z|M~pqy*w-7f3xfVdb@exFL#^7!^3{6lUt4aQY~x=<|{I@8OW!;-U!6!*0f^8SB{vK
z<GtKko};~<qrK)md^Mu~4M44jj`hmToR11sdf-Set$@#QUJrvc)vkG)Lz*_V@YmD4
ziif2tecBk4>cY~}UKL*|tz%tuNmcsDv8AO!jB3+un-Io!hS%E2g&tQ=Jf5rEjDB*`
zTpl7!XT!%G$F=Iy6#vP}FAoCM#DDdU=J21xqv!K~_w%fR|6FPv*aisXsMn)Gf-;(_
z;h?O{dYF*Y)^>oQat1d-hny<bOaoI=Qz=B0dY5T=*Zr!mRnGSIEzf|Cnl>C?X+d;R
zd26M>il1L>9uQ5LFILLgYBztrc(q?!GB!4pVrHI-JiKB!<Os5n7P?Z*q?gALN}4Fj
zV*#_90tyS2b14aI7hYK0v&RH9tY$ukD8L~~@3%veFu5X{%YqD@i`Kk(WlK2n?F~n{
zoZPo))}h0W{cX{@R(Wy0$}Dbf{<qZXTX-=sRNE!2Fo{<#DvNuNH>V3uOvRl_rKOy9
z9QD+iqHf8r{VI1|Ynkpn7}iw3f;K}U>g#hBI?brct9~0OXt9y{fZ1|S*(NgIDazEL
zr5r=r&39*kKV8{I(~36?RXJU3s4=U7RtqXx6S;DQ^|;|H3wF$zgbhVdVODMt4B4!E
zuyl{MGJ9l2-=`a*^)raFmFI`%0=)(97>nmj#{8X5WgpF#B$cW?w+fZFxP_U-HC9)f
zO7iCJ6V~F={%me`a~a)mrYqK3Q`Ls&JGZrX^(n8^w|&CuQrV{(m8npPxG>CJeOOfP
zVesRo_%A~tZh8?!P5j@{;r@Ox{_or8`ycP;@m2wVucQ)e=lHMIuSbLZDsrk}U-k2P
zh_7y8J7Dh|Gna#9^=Hc=vXudMxk_%)jQg=FTc}7~IRP2|4TT>N;}sBHt}^Enf2zM}
z>AR4sF>E0%Of~~MS@4^>5~<LSR#_0mZtYj|AE3{rU9-?&72IBFS1%I>Rs@U7qrm2a
z1VhYS@UaoAQV6l0Np8`l*^{I4Jx3>r7&n)vQQ>+T6OJw$k@+aleCOuEj6>^066UyF
zji9D|m-O4Fjop`r?40<sg0?M)opVc8W83*DxU%8KadK|!Pan9hgQ4^UyJ)R0Ulf{w
zPvv#2>6z(DA0_0ZS3G@}q;<q}@0aGZLS)RsxkVpqV^&D@vR^G`{f#TL#jHOaqu`dO
zyD*C1ihfn&OKv&JwLNDia6Kl$j<FfQe|!&m-|Q|eiBhv;4gD{z&jGvKmB&u%`Q>Y;
zfz7q6*TPnX?Ijy9*MhFNb`+^yY<}QjRrBtMmFitH7$4eydg@P8|KDBRmPG+-{Qqx`
z4vYT(;dkGB^X&iM$Fqw2Z`@&7MmhQeH1F$c+g+7c1N)Sc;r_myTy}~kUwY}Udey4(
z_0wPmV<L6-_l=oc(OPe_t@YB@mNEINEIobgaVc-gx-fqQazP9rb{2cv%W{z8W^Ast
z7SviIifS@4Rbk>-DE<siqTFf6%-O5JQ!=xn5>F{_mxB=^h(UqE?()Yh%`NbC?dxKu
zZ-$r<3RvDmb=<=ec73)~=^LZ{6dlVsO!eBsF&WLd3z-i4sh}(UB6CN6$@S99nYXEy
z*(>K4j`sRKRraM-yrQ6XNKR%Qw`^t&JAXb8n)@9z1y^IPcF@Up&lXh|;5z+tfMnUj
zSa~2rzsaD?kDVfBx#~sj*@&w;T&YcJ+c5{DYPDS4$!}%O&#pa$>AacW?Vir<bHA9v
z^u(wf4rVFK6&WFMnlOe)1}e5%Mc@XKFr7Kfj8VW(Y)e&KQy<;XGcx@EnHwZoK}P1o
zfSb%+4s;Q%+Q<JQ{~|UT@lX6;q{P$FjcdxK<O~P=-HJf3JOZGrfB7f=a(-G%FKC8g
z2wrwN(kznh*7q-DaWe}@Dj*4c>4jygkxAcqXBjxhiO1pBRNDXk7)292B9x(Z+o-Ys
z_rE<T-2dA<Iy^dhw*T+rX@g5B<V?k-ZfkkVWru)4f}>E*;xP<v;RtcxYlE9H=71-0
zOqt+-k5Lq<m=`dCA{b*b+5-$lP~fRqHnaDTgkBpEG}2MhI~tlW(Wv16?fT$?L^D8%
z`cjevV#Gj%3GzMv&Gj$Wa*^}e;8ZCn_;7j+Ld>}5kFe;fe>M4@KlqJx)xY+|c+{2u
z*#G5I(#<Lwz~DBCmG8s7S3bXsy;uGK-g>WmF^Rob|Kqj62goo@I5>ZE#yvk~^j8!J
z&&MHxU0sgRUp;@y0~(_46G9~_$N$yY$(x_f{7JZe8;i&P(f)V6?+WAp+iwq^^Z(q-
z(+01xAaH{1Xn2bUOj<3cQX4$)1bq4dMU(vNpLfPW#QeD1m5YSW$K8+yyenvo1Ky2v
z(O--{wPl%Ig@2D2O=3BvXdMF)9pL~Bkhnu~!ZC#C?|jc|x53TZzrDHgyneqgEo(1C
zF(M%%0Y=7pmuu^>sZXu*21-2!J^zdU#YWvwjs<12V_*q4jhHt5fKIyRZ`qh?aRB+)
zdjTZ*AZ>UCl33cQX(>e)jPVEC?zHFKViFz$>A~aCPcZf-NI+>lOOiFgB`%Zvf&0TG
zigYZb+R?UOO=j9O0<9lV6jAVzvM6k6BHC?mP6VT2qP8JCPfgO=5Q!O`;t+8FEzd2k
zC;Js6#=+ef2V)RGB26F#|Eq%zQxwq{5Oinc0TO9gYi*d5|E^smzyuOFLd^HP*Ew<K
z8c;L-ryr96f^p2V+HTDoKSa~6R+$jR5uHt>aVU*dUA_8WIs{5HPj&s6fFMe^K+LGl
zB}2;n=2#%^c^x3zV+0ArLC^2~_0L{MS8(Vb`1^m>-$=g@$vPw#5g5`aqIa_20uCai
zwp{hDg5@5ZLL8~zjI(64->_AMj07}B%9#rBaEO$l%Tb`67TIhYoD7GUV1Xr}UnNy?
z<-;K&0uM1_z<s`gH;4xeE6)ln{d@&yUt$zU59^%7iKzd;``TIj)cwAx&%SzJLEnrL
zm~zS|G?eZh9g05q3a*ey7y%H-7eM}Im^#xwBQ9gtSI~DulK*~j(K6Tsw@_W{^~qIB
z{`=pp-9A`I${4aRM~ZxL-=xGev`m@fN=!pbNmu?&1TLd2B_*Jfm=Z)pN>GNY^z*7x
zNs4C599OnSiW*R-FopvhEjgr02FprgZ26~bG}aHe^@q|X8gQi@IDGcy^lg^GezCho
z`f`R8kV(JanU3v_?2cYzf(Xkw(jM8tLtuC4ofZJ*%5UdL?D|qq{JvfafKd!kNoT+)
z`IQd*Y}M|U(Fx<2(U@U{f~G~)s$^?eLGBIc%+|glsms#o)UZW5xqt!<lZc}tq07?g
z*04P~F;VAQ){wicp&2uq(#ZxeC?T=|oma0<P60!lCM-Zr$Za@|!g4Z~rt|db%?iwH
zN@q+X9L&l{U6xL{lA$1BSj<di+n|#maYxzh<vh8|(rIdFMq^_-VT`X4o8kbiIxn4E
zp4%F>DEDy;*VNA+D8s)|B47kAX$VddL3se9I`g6F{Auts>5b%xwRCbF3WN3TiSnV8
z>oU#O!bAV?&&_yQO{X%U&KRStk@2*3t7%hDV_#^wS{vAJTQ}S`^=yYwcPJpGXMPfo
z7z|N%T0!sN$+_=bfIA#T01=+3Ga02vPDXf&h=#83kb0x5loln_D1;BrhoGPB8EO^p
zTT@c+#bMK$7&CeYAOVU%g+8eFT+mn#LrpP&%9ZysU!~YUG3vwq;KY2SuX?*6@7kEr
zcs_xndROMYuz{7Ix-oKJkiyE3tGQUoME|GMl9cNT(yB8|q6nyx3IUv#fYBXQ<cd<!
zN}V1Xuq4Jvw*^}EK=q6M9^eRpPv`ctpLg1-45L)+ra{MCutcQ}^g&4n;v|annFQW1
z?Z6uv+#;rR5L}@V=7P<DImYk~P7nt>A&MCapg`fVT%bU{35H0B*k#rbz=R6~!`(vH
z)4@{N``%vlZwI>>Z}N#j`ehxTqiXf;+vF<QVKJUUt$g#HESn*;Z_*6yc!(wY{$`tv
zJ<Xt*hgjU7j6sn-xdCY$>j4aI5efSxA^`s|;Z6YBfoW78n6CgLa$xGc8oBIKJ&aE-
z&r?genb_^9<=R=XfoPPr(s!3s1)L2aYnjPdHu=etW~W8jHlYFsD8JpI5ilRq?jWM0
z?!kWVuigFcy1l=2VT?P@*Sv#Cr`PEnb)9K_Mg;tlZYu<cgEFRC|Kbvg@y#qoeW!z$
z3=_faNfP5=#HOGP153C3QMiGzRN`_x@@ElKji65>$hlnE`&CTEg@PMp?*9>{28fBD
z^bX<``kWvxGP`Pysi_|zzv`HcM*s<-!W{LH<K*V;HQ;zeOgTKnfm){3&KweU+s=+x
z_w#i4J1;BDGK(x`1xu!|dts`w1>V8|iniq~R5iWAmd0jRt-8&MNO8p;ybAM(m9rgT
z3jqB=BOWY<eGCOEC`!vnP8a$wAgD5&DFJ<r+xt95fzMHd0zp~+E9q18`83Fv=`R9w
zl%=|ydAKRfSbdvoQ<_ny6FTZbPuwN6OE$~tfjGg->A6TLt-hTOWQmI@Vho4*s_Jwi
zANP?*DNh;F29Mnflf`D>a{?nNxDdcNR<tdIQJ14Y{Tsso<@Os+qKMv^BbGWYHZ5n;
zN>bhF5G_!YW;}37ad=SGcK}0W?de693m8Re3Vz8QT9>0hiFR)9Qh%kIilc<DW=k#_
zna2BEJT})HlTXm=YWOUkSk|0So}ho#@Nq|j4y<?QMaTUr&W9!nf3a+=DK(cWyu_L+
z=E*RVpIpDLlc74#+?veNKV2+DfnjI4?|<HD+X}hK#!&)`Z9@Cz*msL&=|)b<K6BjS
z7B$$QTZ?^ZHeuzyJ|vG8_0VBowgsS#`hE%f(o;f|0fq#_Xo^(qI35BRF$BXI2-M0E
z`mP_JJ6P5+Sts)x0xc6Y8GguzUs)#GwtKDlcL%Lq(25WliE#_`_CbpaM#(5kP$lPo
z(@gH~Oo{h^{(cYWZ<Vd5%br-bQTs16J-bz=eM+LdpW8;XITIj=8Jen)_Vg5)WvykO
z{@w?*>?@DNdP<L7hXrMDgf<t0`7n#_<{~#AX4T6nvlfXTM3B4iyo=8pu>l3GWZD`_
zGmQ&G0#rUxIt5C$R4%h$f8J?3Wh=H-lm^|zIxX#{Y`I5lwQb1Udc=m6tA`?v(xiGM
zL`<uq{EMeYq}5?oIT=DsvfZEDzHm~Ziuy=keica1`KITK0Uy&O3V|j;C+e}y?4?e{
zkfF~BA|jgEkAs}k(SOmGtETiujMlyvxE?Lq?rzb>6nzPJVT&rav8r9&D>-SaSM}Ek
zjzWOQ6f;UD`T#A%>NJ8f&~-=z)Fwm2a4@a1WoPc2Eb{Z+D4f|%;d14=Gkt`G+f-W6
z+9W!MKx18~F<fl#%v;q+$G*&Ou@<{gI4!PCRFTaELq;blIMfGp@GA<05eODs=bwjS
z+^8G3xdbNq|C$(IrQP@u&15IuV(uOp;9!Uu7fu%>#p>V=G>7m*(^bk$S>q2XV_BKu
z5g?RwY-zU}^G5Y8n)ULXQ>JuT_sp#IAv^oOLWuvvhpRo}wf(-I6^=eUyyfuF?LVT&
zomgs8a=4q%OC*`urqbo?vZazk`DC3`G<~z0?U}7#>DQ+zBl7<IIROFW3TvBX(T#h~
z(L)`KILcxo#`MlEo6b_|gKO!`d~j1s{k+q*=~h%fcR`K(@_CN>W%9E{s*{6(a{-uH
zTOi<LC=FO0TdD38Rw0*ZBAq7k+e~(?{&K8(luw=f3MrPj+4@umg<W;3im+7@`bpOE
z=5-;z`|4tyx6TZmoov)CNOjuJ#!ebZVF!?g%#^P*Kst6_(xV_aEKGzD2b7o$OEa2i
z1|%E-Lxu60><*x2)0XC=I{D=?N%0g@ZYV!>lk%pdS1Lc173zVdCuw*@vMalAwcl8F
z&Xv0x5#YS+oI4^PR)EfRFZUwF8u=COP*`#7IX7mkCBJ#O>HOypD>5hh^8JjtCFB-B
z&LIgI%*n2)+)iyR8=5!g<(Ja=z%oqfxGy=@t$CD;==wH`tmVz?4U9anNQj2mhhF+L
z75BUNDJbS6WCW8@Jr1)3=CT$nQVS$3;k2*i*SlJMXSm`s8bz3lZs16+{DxTo4rn4w
zS{+jY2sl!ce0rXz-~4=!*KULB7zG$c04omiV2mb^J15CxRayEXX3n%6djN=8jE-f6
zn2bCC!c1Jp_8^Qc?xZKx=aMi75mje^JOI!aIEf>43_|slkE!Q5nV4#tx=KqbMb1u6
zxiy=NO<gj=<csGCII62w*CXJ_t)}Pqj{IIHL<0;-r?=l>M~9vlCsCx2V%Jrwm_3{U
zsH?wBKTK~;P=NN!ljsi4_)CC?86A>mFV!I-@p4b!f54GY#m|TDsJLW^BO+dEdQ6~L
zMi68S&O89HKsul8VoGf~)@TN}C7S3;03BxJ+e2DA*`3k3^Gv?yg=mmC>>lXLCFWS8
z`(jTotLaM3ZV|p!0fbV!(HFrWz+_0-M4yz<xxu(ABz^6K)a?_Z!~95qOl1Rf?6p(1
zbTzJ>Oa7JDm$u}8h4kCN5kGJx;kAM8x}nIV;A#VBzc?FN=1P%TKG}OXba~+HHv29U
zBp*G`?1`)G?mFH4$Cz@Rx;G<GfDbfECMdsgz6Z{SR`*(+)*f)1d8e|LwOS^vRfxHy
zlY?+385-z3V;oaCvE?Xkby}VWg8*^<6Ae)vxhJY5n9wl0y0Vh)Ttim~h94Og=t2pA
z<KJo<yT-qv1}*&MAK3F^D8_a5UYdN-gG`WNuBJ5A+#+?hs-uP8&WS_wwGAA`78uY5
ziUW%1w%TcOnoV^!9|e}Ftx8f?(@Qs>vke}zv4C!8Co@y~Et>rV;}{b)ZRF}Q@6%L(
zx=v#S+@hI@^DPO+mOo-rMTDkbZ@w*Lw$93zlG+9?v26fSt5O!Smo)u|W+^KrFI9&n
zVTqinKAMy0DmORah;XdZqN=f|EKE1K9VY2!=N{m6f`Gsi#AO9{kf=d9l3(jX0!;7g
z$CPud(n!p7vnC80GhXBd_cQ6XvzfeWc%|NVI-T-NhK4Jvr!fTPD1~03U>q<1sTScy
z3_m9*O^29C<M-d4cnV|qe+7f1Zx9L6%m4rQ!^?F#jH9f_zVDla)rd@wJ!?tY)RLDc
z*Vi8}uHJZ=kvX*+zsH_ydumpytILM@Uly>-jkHZuj#ou_R^IUU!sH-#pIbCr*y62|
z<9yi$?FMvuMcyBODE@hEHvzt4Yhgs?2Y=mY0yz-g46t_>H)q$r_@d{jfD%q4w9Zu{
z`}_BM*~orxh3iI^yl<rTin+Bf9#OJ6AIceNNLe6PPRi5$9=+V@3>tFIQkgOk(o-3X
z5EDEnHj`J?oYw%-{sohnxj#T9T`!30`&MhOz|HSlEv54>3q_aA>RxQ%g&pd@$SMk%
z-mA0Kd+E4CUt-DxaH{$K#m;RqK!J$V$M*JzPIfNE9_-1q0dy$%l~W?g`@Z$NFXuep
z(ZfGla)N^#9eo2j;jUN4g5F9j=(#NDZH5KCEwG?hWPweC``#veF~OJ=^!$B)-}63Q
z5b%yp(PV%a=pF8XgZ+d3J(EM}z#hN_cTk-fohS!shzaIn6lUkOM_7!LfyxyumDl7D
zZgT-e!aH=>5o6Rbxxsh$fEZ&ACh%9v+&oSCC>56-HYQAVj&%&l2ywYSMp)<JmA_|M
zZp|oDE`p$PTA(bZ>7k4)z3dP{kuX_R80yrsx~qrUhElc2k!Xxw71onBWqJUx;3yhO
zw+gcKfR$z0*~MGm^IpCBsA3)s;dh83fK4u9WbO|sGT}d8z4E*cxU})-<~7&sz})Sx
zI$@VLN%~;N9`cfG7|g(cin0FaKy~lX^4_UPN>(RsR^89nc`#q6P7DkviDtV#`1Au}
zXmQeOo9tSu0F1Helny4_Reo;(iPWhOOsL{g=Iv@ANOHIDrYqA?dtL{;mt4?xkjXCG
zpQCAd=;z29!q45dDcw=Tb&QtRP$L_>$t#mSa1d+%*IL`J6l2wT|4QY~2V=;=Kw9sV
zndsCg9>W0=I8XyhnYd#*p(8|)l>8l><)BuZG1^J%ELH4ODr$(BIhCz4JY}h!)F8pB
z8foP^H&BDIoNcD2LRlT8=NyGl=SQ?6*eum%-0Z3PboecKDZo%pT#(EF<~%`s`6jiE
zZbp&OQyw4!8K!AU(=;Cd<oT~dinwgvPFQv{LNb$b%*e=kq2uK9W6kZF9y5|`zKHHT
zGt5fD&=4^@O?{%nAy%NHDi+cpk)Dl`+TyV@J@{pM_{#*3w1~Uy^v_PhQ73>L@m(`Y
z%ui&bg=hO9D3~5fWqHrhFo{5f$t~BqU|W_g=JLIZL{Nrd#Jdb}8ck705_h2fJ?zAk
zi%v#}mUGvsZ<(Hy6jy0JbP3dveNgRnrUxBC&7X%|wVJ)f0V2|qJf-nWUnu+k0~*i%
zCReWmJ6b%?lnX&ZLUSGJNeqKAvNh}ho73>X-v>LgK+F8p+Wng+^<@HQO7#*IbA-7b
z(dbKnVm0CeI*B8!-DbO3m@0hlpQZvj5Ks+rNu^!gOep|`wh|;ij=SBvyE`8$Dt*dE
z-AI?>-M8nbXYa1hItOyueorFAdA2|fW_oQ5bTW2$2juKAVo1;Gn1DNmg}QBo)1kP7
z40$2ug5g0TatyLmVGi5^axx~Mb#e{PuUp{t$@Tg5p7-(m=7)>-H{j#R)z!(noAa}4
zaB&4rFW$X5zd65ncMUH74o=?v6a0Ao?#&)RSOa-qVwF#VGJq#)IrqJ5lN`o2o}%{(
zip2qlAQ>fagusYSk=`VT5u0GH7f47#FTxXS^Ha=q$A3Z>k32um&-3%(&;JGh0RR8<
K;&UeeS_S|-G#SJI
literal 0
HcmV?d00001
diff --git a/charts/hedgedoc/templates/NOTES.txt b/charts/hedgedoc/templates/NOTES.txt
new file mode 100644
index 000000000..0f1572f96
--- /dev/null
+++ b/charts/hedgedoc/templates/NOTES.txt
@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+ {{- range .paths }}
+ http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+ {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "hedgedoc.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "hedgedoc.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "hedgedoc.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+ echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "hedgedoc.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+ echo "Visit http://127.0.0.1:8080 to use your application"
+ kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/charts/hedgedoc/templates/_helpers.tpl b/charts/hedgedoc/templates/_helpers.tpl
new file mode 100644
index 000000000..f2c532d11
--- /dev/null
+++ b/charts/hedgedoc/templates/_helpers.tpl
@@ -0,0 +1,79 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "hedgedoc.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "hedgedoc.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "hedgedoc.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "hedgedoc.labels" -}}
+helm.sh/chart: {{ include "hedgedoc.chart" . }}
+{{ include "hedgedoc.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "hedgedoc.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "hedgedoc.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "hedgedoc.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "hedgedoc.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Get the postgresql secret.
+*/}}
+{{- define "hedgedoc.postgresql.secretName" -}}
+{{- if (and (or .Values.postgresql.enabled .Values.postgresql.postgresqlHostname) .Values.postgresql.auth.existingSecret) }}
+ {{- printf "%s" (tpl .Values.postgresql.auth.existingSecret $) -}}
+{{- else if .Values.postgresql.enabled -}}
+ {{- printf "%s-postgresql" (tpl .Release.Name $) -}}
+{{- else -}}
+ {{- printf "%s" (include "common.names.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "hedgedoc.postgresql.fullname" -}}
+{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/hedgedoc/templates/configmap.yaml b/charts/hedgedoc/templates/configmap.yaml
new file mode 100644
index 000000000..04fd4de87
--- /dev/null
+++ b/charts/hedgedoc/templates/configmap.yaml
@@ -0,0 +1,81 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "hedgedoc.fullname" . }}
+ labels:
+ {{- include "hedgedoc.labels" . | nindent 4 }}
+data:
+ {{- if .Values.postgresql.enabled }}
+ CMD_DB_HOST: {{ template "hedgedoc.postgresql.fullname" . }}
+ CMD_DB_PORT: "5432"
+ {{- else }}
+ CMD_DB_HOST: {{ .Values.postgresql.postgresqlHostname }}
+ CMD_DB_PORT: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }}
+ {{- end }}
+ CMD_DB_DATABASE: {{ .Values.postgresql.auth.database }}
+ CMD_DB_USERNAME: {{ .Values.postgresql.auth.username }}
+ {{- with .Values.config.session.lifeTime }}
+ CMD_SESSION_LIFE: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.allowFreeUrl }}
+ CMD_ALLOW_FREE_URL: {{ . | quote }}
+ {{- end }}
+ {{- if .Values.ingress.enabled }}
+ CMD_DOMAIN: {{ (index .Values.ingress.hosts 0).host | quote }}
+ {{- else }}
+ {{- with .Values.config.domain }}
+ CMD_DOMAIN: {{ . | quote }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.config.email }}
+ CMD_EMAIL: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.protocolUseSsl }}
+ CMD_PROTOCOL_USESSL: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.urlAddPort }}
+ CMD_URL_ADDPORT: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.useCdn }}
+ CMD_USECDN: {{ . | quote }}
+ {{- end }}
+ CMD_IMAGE_UPLOAD_TYPE: minio
+ {{- with .Values.config.minio.endpoint }}
+ CMD_MINIO_ENDPOINT: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.minio.port }}
+ CMD_MINIO_PORT: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.minio.secure }}
+ CMD_MINIO_SECURE: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.s3bucket }}
+ CMD_S3_BUCKET: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.oauth.authorisationUrl }}
+ CMD_OAUTH2_AUTHORIZATION_URL: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.oauth.tokenUrl }}
+ CMD_OAUTH2_TOKEN_URL: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.oauth.userProfileUrl }}
+ CMD_OAUTH2_USER_PROFILE_URL: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.oauth.userProfileUsername }}
+ CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.oauth.userProfileDisplayName }}
+ CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.oauth.userProfileEmailAttr }}
+ CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.oauth.providerName }}
+ CMD_OAUTH2_PROVIDERNAME: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.oauth.scope }}
+ CMD_OAUTH2_SCOPE: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.defaultPermission }}
+ CMD_DEFAULT_PERMISSION: {{ . | quote }}
+ {{- end }}
\ No newline at end of file
diff --git a/charts/hedgedoc/templates/deployment.yaml b/charts/hedgedoc/templates/deployment.yaml
new file mode 100644
index 000000000..4e926e5a6
--- /dev/null
+++ b/charts/hedgedoc/templates/deployment.yaml
@@ -0,0 +1,70 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "hedgedoc.fullname" . }}
+ labels:
+ {{- include "hedgedoc.labels" . | nindent 4 }}
+spec:
+ replicas: 1
+ strategy:
+ type: Recreate
+ selector:
+ matchLabels:
+ {{- include "hedgedoc.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ {{- with .Values.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "hedgedoc.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "hedgedoc.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "hedgedoc.fullname" . }}
+ env:
+ - name: "CMD_DB_PASSWORD"
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "hedgedoc.postgresql.secretName" . }}
+ key: password
+ ports:
+ - name: http
+ containerPort: 3000
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /_health
+ port: http
+ readinessProbe:
+ httpGet:
+ path: /_health
+ port: http
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/charts/hedgedoc/templates/ingress.yaml b/charts/hedgedoc/templates/ingress.yaml
new file mode 100644
index 000000000..719ad3640
--- /dev/null
+++ b/charts/hedgedoc/templates/ingress.yaml
@@ -0,0 +1,61 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "hedgedoc.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+ {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+ {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+ {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+ name: {{ $fullName }}
+ labels:
+ {{- include "hedgedoc.labels" . | nindent 4 }}
+ {{- with .Values.ingress.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+ ingressClassName: {{ .Values.ingress.className }}
+ {{- end }}
+ {{- if .Values.ingress.tls }}
+ tls:
+ {{- range .Values.ingress.tls }}
+ - hosts:
+ {{- range .hosts }}
+ - {{ . | quote }}
+ {{- end }}
+ secretName: {{ .secretName }}
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ - host: {{ .host | quote }}
+ http:
+ paths:
+ {{- range .paths }}
+ - path: {{ .path }}
+ {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+ pathType: {{ .pathType }}
+ {{- end }}
+ backend:
+ {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+ service:
+ name: {{ $fullName }}
+ port:
+ number: {{ $svcPort }}
+ {{- else }}
+ serviceName: {{ $fullName }}
+ servicePort: {{ $svcPort }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/hedgedoc/templates/secret.yaml b/charts/hedgedoc/templates/secret.yaml
new file mode 100644
index 000000000..19d8837bd
--- /dev/null
+++ b/charts/hedgedoc/templates/secret.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: dotfile-secret
+data:
+ {{- with .Values.config.session.secret }}
+ CMD_SESSION_SECRET: {{ . | b64enc }}
+ {{- end }}
+ {{- with .Values.config.github.clientId }}
+ CMD_GITHUB_CLIENTID: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.github.clientSecret }}
+ CMD_GITHUB_CLIENTSECRET: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.minio.accessKey }}
+ CMD_MINIO_ACCESS_KEY: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.minio.secretKey }}
+ CMD_MINIO_SECRET_KEY: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.oauth.clientId }}
+ CMD_OAUTH2_CLIENT_ID: {{ . | quote }}
+ {{- end }}
+ {{- with .Values.config.oauth.clientSecret }}
+ CMD_OAUTH2_CLIENT_SECRET: {{ . | quote }}
+ {{- end }}
\ No newline at end of file
diff --git a/charts/hedgedoc/templates/service.yaml b/charts/hedgedoc/templates/service.yaml
new file mode 100644
index 000000000..92a1bfb79
--- /dev/null
+++ b/charts/hedgedoc/templates/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "hedgedoc.fullname" . }}
+ labels:
+ {{- include "hedgedoc.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: http
+ protocol: TCP
+ name: http
+ selector:
+ {{- include "hedgedoc.selectorLabels" . | nindent 4 }}
diff --git a/charts/hedgedoc/templates/serviceaccount.yaml b/charts/hedgedoc/templates/serviceaccount.yaml
new file mode 100644
index 000000000..7dfb0ed66
--- /dev/null
+++ b/charts/hedgedoc/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "hedgedoc.serviceAccountName" . }}
+ labels:
+ {{- include "hedgedoc.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/hedgedoc/templates/tests/test-connection.yaml b/charts/hedgedoc/templates/tests/test-connection.yaml
new file mode 100644
index 000000000..99f9ed6aa
--- /dev/null
+++ b/charts/hedgedoc/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: "{{ include "hedgedoc.fullname" . }}-test-connection"
+ labels:
+ {{- include "hedgedoc.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": test
+spec:
+ containers:
+ - name: wget
+ image: busybox
+ command: ['wget']
+ args: ['{{ include "hedgedoc.fullname" . }}:{{ .Values.service.port }}']
+ restartPolicy: Never
diff --git a/charts/hedgedoc/tests/80_subchart_postgresql_test.yaml b/charts/hedgedoc/tests/80_subchart_postgresql_test.yaml
new file mode 100644
index 000000000..fae99ccc1
--- /dev/null
+++ b/charts/hedgedoc/tests/80_subchart_postgresql_test.yaml
@@ -0,0 +1,111 @@
+suite: postgresql
+templates:
+ - charts/postgresql/templates/primary/svc.yaml
+ - charts/postgresql/templates/secrets.yaml
+ - charts/postgresql/templates/primary/statefulset.yaml
+ - configmap.yaml
+ - deployment.yaml
+ - secret.yaml
+values:
+ - mocks/test.yaml
+chart:
+ version: 1.2.3
+ appVersion: 4.5.6
+tests:
+ - it: should match service name and configured host
+ asserts:
+ - equal:
+ path: metadata.name
+ value: RELEASE-NAME-postgresql
+ template: charts/postgresql/templates/primary/svc.yaml
+ - equal:
+ path: data.CMD_DB_HOST
+ value: RELEASE-NAME-postgresql
+ template: configmap.yaml
+ - it: should match password secret names and structure
+ asserts:
+ - isNotEmpty:
+ path: data.password
+ template: charts/postgresql/templates/secrets.yaml
+ documentIndex: 0
+ - equal:
+ path: metadata.name
+ value: RELEASE-NAME-postgresql
+ template: charts/postgresql/templates/secrets.yaml
+ documentIndex: 0
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: "CMD_DB_PASSWORD"
+ valueFrom:
+ secretKeyRef:
+ name: RELEASE-NAME-postgresql
+ key: password
+ template: deployment.yaml
+ - it: should have correct default the database username
+ asserts:
+ - equal:
+ path: data.CMD_DB_USERNAME
+ value: hedgedoc
+ template: configmap.yaml
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: POSTGRES_USER
+ value: "hedgedoc"
+ template: charts/postgresql/templates/primary/statefulset.yaml
+ - it: should allow to change the database username
+ set:
+ postgresql:
+ auth:
+ username: test
+ asserts:
+ - equal:
+ path: data.CMD_DB_USERNAME
+ value: test
+ template: configmap.yaml
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: POSTGRES_USER
+ value: "test"
+ template: charts/postgresql/templates/primary/statefulset.yaml
+ - it: should allow to control password changes
+ set:
+ postgresql:
+ auth:
+ password: test
+ asserts:
+ - equal:
+ path: data.password
+ value: dGVzdA==
+ template: charts/postgresql/templates/secrets.yaml
+ documentIndex: 0
+ - it: should use the expected database name
+ asserts:
+ - equal:
+ path: data.CMD_DB_DATABASE
+ value: hedgedoc
+ template: configmap.yaml
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: POSTGRES_DB
+ value: "hedgedoc"
+ template: charts/postgresql/templates/primary/statefulset.yaml
+ - it: should allow to change the database name
+ set:
+ postgresql:
+ auth:
+ database: test
+ asserts:
+ - equal:
+ path: data.CMD_DB_DATABASE
+ value: test
+ template: configmap.yaml
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: POSTGRES_DB
+ value: "test"
+ template: charts/postgresql/templates/primary/statefulset.yaml
\ No newline at end of file
diff --git a/charts/hedgedoc/tests/98_snapshot_test.yaml b/charts/hedgedoc/tests/98_snapshot_test.yaml
new file mode 100644
index 000000000..eb71eb5a0
--- /dev/null
+++ b/charts/hedgedoc/tests/98_snapshot_test.yaml
@@ -0,0 +1,24 @@
+suite: Basic Snapshot test
+templates:
+ - configmap.yaml
+ - deployment.yaml
+ - ingress.yaml
+ - secret.yaml
+ - service.yaml
+ - serviceaccount.yaml
+values:
+ - mocks/test.yaml
+tests:
+ - it: should match basic snapshot
+ set:
+ mastodon:
+ createAdmin:
+ enabled: true
+ chart:
+ version: 1.2.3
+ appVersion: 4.5.6
+ capabilities:
+ apiVersions:
+ - networking.k8s.io/v1/Ingress
+ asserts:
+ - matchSnapshot: {}
diff --git a/charts/hedgedoc/tests/__snapshot__/98_snapshot_test.yaml.snap b/charts/hedgedoc/tests/__snapshot__/98_snapshot_test.yaml.snap
new file mode 100644
index 000000000..9ad622dee
--- /dev/null
+++ b/charts/hedgedoc/tests/__snapshot__/98_snapshot_test.yaml.snap
@@ -0,0 +1,144 @@
+should match basic snapshot:
+ 1: |
+ apiVersion: v1
+ data:
+ CMD_DB_DATABASE: hedgedoc
+ CMD_DB_HOST: RELEASE-NAME-postgresql
+ CMD_DB_PORT: "5432"
+ CMD_DB_USERNAME: hedgedoc
+ CMD_DEFAULT_PERMISSION: freely
+ CMD_DOMAIN: hedgedoc.example.com
+ CMD_IMAGE_UPLOAD_TYPE: minio
+ CMD_MINIO_PORT: "443"
+ CMD_MINIO_SECURE: "true"
+ CMD_OAUTH2_SCOPE: openid email profile
+ CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: name
+ CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: email
+ CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: preferred_username
+ CMD_PROTOCOL_USESSL: "true"
+ CMD_S3_BUCKET: hedgedoc
+ CMD_SESSION_LIFE: "3.6e+07"
+ kind: ConfigMap
+ metadata:
+ labels:
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: hedgedoc
+ app.kubernetes.io/version: 4.5.6
+ helm.sh/chart: hedgedoc-1.2.3
+ name: RELEASE-NAME-hedgedoc
+ 2: |
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ labels:
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: hedgedoc
+ app.kubernetes.io/version: 4.5.6
+ helm.sh/chart: hedgedoc-1.2.3
+ name: RELEASE-NAME-hedgedoc
+ spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/name: hedgedoc
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/name: hedgedoc
+ spec:
+ containers:
+ - env:
+ - name: CMD_DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: RELEASE-NAME-postgresql
+ envFrom:
+ - configMapRef:
+ name: RELEASE-NAME-hedgedoc
+ image: quay.io/hedgedoc/hedgedoc:4.5.6
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /_health
+ port: http
+ name: hedgedoc
+ ports:
+ - containerPort: 3000
+ name: http
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /_health
+ port: http
+ resources: {}
+ securityContext: {}
+ securityContext: {}
+ serviceAccountName: RELEASE-NAME-hedgedoc
+ 3: |
+ apiVersion: networking.k8s.io/v1
+ kind: Ingress
+ metadata:
+ labels:
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: hedgedoc
+ app.kubernetes.io/version: 4.5.6
+ helm.sh/chart: hedgedoc-1.2.3
+ name: RELEASE-NAME-hedgedoc
+ spec:
+ rules:
+ - host: hedgedoc.example.com
+ http:
+ paths:
+ - backend:
+ service:
+ name: RELEASE-NAME-hedgedoc
+ port:
+ number: 80
+ path: /
+ pathType: ImplementationSpecific
+ 4: |
+ apiVersion: v1
+ data: null
+ kind: Secret
+ metadata:
+ name: dotfile-secret
+ 5: |
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: hedgedoc
+ app.kubernetes.io/version: 4.5.6
+ helm.sh/chart: hedgedoc-1.2.3
+ name: RELEASE-NAME-hedgedoc
+ spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http
+ selector:
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/name: hedgedoc
+ type: ClusterIP
+ 6: |
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ labels:
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: hedgedoc
+ app.kubernetes.io/version: 4.5.6
+ helm.sh/chart: hedgedoc-1.2.3
+ name: RELEASE-NAME-hedgedoc
diff --git a/charts/hedgedoc/tests/mocks/test.yaml b/charts/hedgedoc/tests/mocks/test.yaml
new file mode 100644
index 000000000..95e57c375
--- /dev/null
+++ b/charts/hedgedoc/tests/mocks/test.yaml
@@ -0,0 +1,2 @@
+ingress:
+ enabled: true
\ No newline at end of file
diff --git a/charts/hedgedoc/values.yaml b/charts/hedgedoc/values.yaml
new file mode 100644
index 000000000..32a9bb98c
--- /dev/null
+++ b/charts/hedgedoc/values.yaml
@@ -0,0 +1,110 @@
+# Default values for hedgedoc.
+image:
+ repository: quay.io/hedgedoc/hedgedoc
+ # -- configures image pull policy for hedgedoc deployment
+ pullPolicy: IfNotPresent
+ # -- Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+config:
+ domain: null
+ allowFreeUrl: false
+ email: false
+ protocolUseSsl: true
+ urlAddPort: false
+ useCdn: false
+ defaultPermission: freely
+ session:
+ lifeTime: 36000000
+ secret: null
+ github:
+ clientId: null
+ clientSecret: null
+ minio:
+ accessKey: null
+ secretKey: null
+ endpoint: null
+ port: 443
+ secure: true
+ s3bucket: hedgedoc
+ oauth:
+ providerName: null
+ clientId: null
+ clientSecret: null
+ authorisationUrl: null
+ tokenUrl: null
+ userProfileUrl: null
+ userProfileUsername: preferred_username
+ userProfileDisplayName: name
+ userProfileEmailAttr: email
+ scope: openid email profile
+
+
+postgresql:
+ enabled: true
+ auth:
+ database: hedgedoc
+ username: hedgedoc
+ password: ""
+ existingSecret: ""
+
+
+podAnnotations: {}
+
+podSecurityContext: {}
+ # fsGroup: 2000
+
+securityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+ # runAsUser: 1000
+
+service:
+ type: ClusterIP
+ port: 80
+
+ingress:
+ enabled: false
+ className: ""
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: hedgedoc.example.com
+ paths:
+ - path: /
+ pathType: ImplementationSpecific
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+resources: {}
+ # limits:
+ # cpu: 100m
+ # memory: 512Mi
+ # requests:
+ # cpu: 100m
+ # memory: 512Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
--
GitLab