From b1032c58ad4e6b38dbbbcc9630934c9b847efabd Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 03:57:44 -0800 Subject: [PATCH 01/30] Initial Commit --- post.md | 736 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 736 insertions(+) create mode 100644 post.md diff --git a/post.md b/post.md new file mode 100644 index 0000000..d515249 --- /dev/null +++ b/post.md @@ -0,0 +1,736 @@ +Data is a crucial part of our infrastructure and particularly vulnerable while it is traveling over the Internet. Securing the transportation of data is a fundamental requirement for a secure network. + +While there are server transport level protocols to secure the transmission, connecting networked resource in a private network is the most basic and common way to keep our data secure. + +I wrote this in guide in an attempt to to help you a build such a network on AWS along with a secure way to access them using a VPN. + +I kept the scope limited to building the private network and did not cover application and OS level security which are also equally important. + +This is a technical guide, the audiences this guide is intended for are: + +- Developers with little or no system administration experience wanting to deploy applications on AWS. +- System administrators wanting to understand automation. + +A basic level of linux command line knowledge is required as well. + +Before we begin +--------------- + +As you walk thru various sections of this guide, you will be creating real network resources that cost money. I did my best to keep the utilization footprint to the lowest possible configuration and I estimate less than hour to complete all the steps in this guide. + +By the end, to demonstrate the disposable nature of infstrasture-of-code, we will be destroying all the infrastructure components that were created during the course of this tutorial. + +Please have the below ready before we begin: + +- AWS access and secret keys to an active AWS account +- A unix/linux workstation with internet connection, almost all commands will work on Windows too with a shell emulator like cygwin + +What we will be building +------------------------ + +We will essentially be building a Virtual Private Cloud (VPC) on AWS along with a public and a private subnet (sub-networks) pair. + +Instances in the private subnet cannot directly access the internet thereby making the the subnet an ideal place for application and database servers. + +During the course of this tutorial, we will be creating our application instances in the private subnet. The private subnet will also be where you should be hosting application support instances like database instances, cache servers, log hosts, build servers, configuration stores etc. Instances in the private subnet rely on a Network Address Translation (NAT) server running in the public subnet to connect to the internet. + +All Instances in the public subnet can transmit inbound and outbound traffic to and from the internet, the routing resources such as load balancers, vpn and nat servers reside in this subnet. + +The NAT server will also run a OpenVPN server, a full-featured SSL VPN which implements OSI layer 3 secure network extension using the industry standard SSL/TLS protocol over a UDP encapsulated network. + +In the later part of this guide, we will connect to our private networking using this VPN server using a compatible OpenVPN client. On a Mac, [Viscosity for Mac](https://www.sparklabs.com/viscosity) is a good commercial client and my personal favorite. [Tunnelblick](https://code.google.com/p/tunnelblick/) a open-source client that’s compatible too. + +For other operating systems, see [openvpn clients page](https://openvpn.net/index.php/access-server/docs/admin-guides/182-how-to-connect-to-access-server-with-linux-clients.html) for a list. + +To summarize, we will be building the below components: + +- VPC +- Internet Gateway for public subnet +- Public subnet for routing instances +- Private subnet for application resources +- Routing tables for public and private subnets +- NAT/VPN server to route outbound traffic from your instances in private network and provide your workstation secure access to network resources. +- Application servers running nginx docker containers in a private subnet +- Load balancers in the public subnet to manage and route web traffic to app servers + +Although all the above mentioned components can be built and managed using the native AWS web console, it makes your infrastructure operationally vulnerable to changes and surprises. + +Automating the building, changing, and versioning your infrastructure safely and efficiently increases your operational readiness exponentially. It allows you move at an higher velocity you grow your infrastructure. + +Infrastructure as code lays the foundation for agility that aligns with your product develop efforts opens a path way to easily scale to many types of clouds to manage heterogeneous information systems. + +The Terraform Way +----------------- + +[Terraform](https://www.terraform.io) is automation tool for the cloud from creators of Vagrant, [Hashicorp](https://hashicorp.com) (Creators of [Vagrant](https://www.vagrantup.com), [Consul](https://www.consul.io) and many more sysadmin favorites). + +It provides powerful primitives to elegantly define your infrastructure as code. It’s simple yet powerful syntax to describe infrastructure components allow you to build complex, version controlled, collaborative, heterogeneous and disposable systems at a very high productivity. + +In simple terms, terraforming begins with you describing the desired state of your infrastructure in a configuration file, it then generates an execution plan describing what it will do to reach that desired state. You can then choose to execute (or modify) the plan to build, remove or modify desired components. + + +Settting up your workstation +----------------------------- + +You can install terraform using [Homebrew](http://brew.sh) on a Mac using ```brew update && brew install terraform```. + +Alternative, find the [appropriate package](https://www.terraform.io/downloads.html) for your system and download it. Terraform is packaged as a zip archive. After downloading Terraform, unzip the contents of the zip archive to directory that is in your `PATH`, ideally under `/usr/local/bin`. You can verify terraform is properly installed by running `terraform`, it should return something like: + +```sh +usage: terraform [--version] [--help] [] + +Available commands are: + apply Builds or changes infrastructure + destroy Destroy Terraform-managed infrastructure + get Download and install modules for the configuration + graph Create a visual graph of Terraform resources + init Initializes Terraform configuration from a module + output Read an output from a state file + plan Generate and show an execution plan + pull Refreshes the local state copy from the remote server + push Uploads the the local state to the remote server + refresh Update local state file against real resources + remote Configures remote state management + show Inspect Terraform state or plan + version Prints the Terraform version +``` + +Setting your project directory +------------------------------ + +Create a directory to host your project files. For our example, we will use `$HOME/infrastructure`, with the below structure: + +```sh +. +├── cloud-config +├── bin +└── ssh +``` + +```sh +$ mkdir -p $HOME/infrastructure/cloud-config $HOME/infrastructure/ssh $HOME/infrastructure/ssh +$ cd $HOME/infrastructure +``` + +Defining variables for your infrastructure +------------------------------------------ + +Configurations can be defined in any file with '.tf' extension using terraform syntax or as json files. Its a general practice to start with a `variables.tf` that defines all variables that can be easily changed to tune your infrastructure. +Create a file called `variables.tf` with the below contents: + +``` +variable "access_key" { + description = "AWS access key" +} + +variable "secret_key" { + description = "AWS secert access key" +} + +variable "region" { + description = "AWS region to host your network" + default = "us-west-1" +} + +variable "vpc_cidr" { + description = "CIDR for VPC" + default = "10.128.0.0/16" +} + +variable "public_subnet_cidr" { + description = "CIDR for public subnet" + default = "10.128.0.0/24" +} + +variable "private_subnet_cidr" { + description = "CIDR for private subnet" + default = "10.128.1.0/24" +} + +/* Ubuntu 14.04 amis by region */ +variable "amis" { + description = "Base AMI to launch the instances with" + default = { + us-west-1 = "ami-049d8641" + us-east-1 = "ami-a6b8e7ce" + } +} +``` + +The `variable` block defines a single input variable your configuration will require to provision your infrastructure, `description` parameter is used to describe what the variable is for and the `default` parameter gives it a default value, our example requires that you provide ```access_key``` and ```secret_key``` variables and optionally provide ```region```, region will otherwise default to `us-west-1` when not provided. + +Variables can also have multiple default values with keys to access them, such variables are called maps. Values in maps can be accessed using interpolation syntax which will be covered in the coming sections of the guide. + +Creating your first terraform resource - VPC +--------------------------------------------- + +Create a `aws-vpc.tf` file under the current directory with the below configuration: + +``` +/* Setup our aws provider */ +provider "aws" { + access_key = "${var.access_key}" + secret_key = "${var.secret_key}" + region = "${var.region}" +} + +/* Define our vpc */ +resource "aws_vpc" "default" { + cidr_block = "${var.vpc_cidr}" + enable_dns_hostnames = true + tags { + Name = "airpair-example" + } +} +``` + +The `provider` block defines the configuration for the cloud providers, aws in our case. Terraform has support for various other providers like Google Compute Cloud, DigitalOcean, Heroku etc. You can see a full list of supported providers on the [terraform providers page](https://www.terraform.io/docs/providers/index.html). + +The `resource` block defines the resource being created. The above example creates a VPC with a CIDR block of `10.128.0.0/16` and attaches a `Name` tag `airpair-example`, you can read more about various other parameters that can be defined for ```aws_vpc``` on the [aws_vpc resource documentation page](https://www.terraform.io/docs/providers/aws/r/vpc.html) + +Parameters accepts string values that can be [interpolated](https://www.terraform.io/docs/configuration/interpolation.html) when wrapped with `${}`. In the ```aws``` provider block, specifying ```${var.access_key}``` for +for access key will read the value from the user provided for variable ```access_key```. + +You will see extensive usage of interpolation in the coming sections of this guide. + +Provisioning your VPC +--------------------- + +Running `terraform apply` will create the VPC by prompting you to to input AWS access and secret keys, the output should look like look like the below. For default values, hitting `` key will assign default values defined in the `variables.tf` file. + +```sh +$ terraform apply +var.access_key + AWS access key + + Enter a value: foo + +... + +var.secret_key + AWS secert access key + + Enter a value: bar + +... + +aws_vpc.default: Creating... + cidr_block: "" => "10.128.0.0/16" + default_network_acl_id: "" => "" + default_security_group_id: "" => "" + enable_dns_hostnames: "" => "1" + enable_dns_support: "" => "0" + main_route_table_id: "" => "" + tags.#: "" => "1" + tags.Name: "" => "airpair-example" +aws_vpc.default: Creation complete + +Apply complete! Resources: 1 added, 0 changed, 0 destroyed. + +The state of your infrastructure has been saved to the path +below. This state is required to modify and destroy your +infrastructure, so keep it safe. To inspect the complete state +use the `terraform show` command. + +State path: terraform.tfstate +``` + +You can verify the VPC has been created by visiting the [VPC page on aws console](https://console.aws.amazon.com/vpc/home?region=us-west-1#vpcs). The above command will save the state of your infrastructure to `terraform.tfstate` file, this file will be updated each time you run `terraform apply`, you can inspect the current state of your infrastructure by running `terraform show` + +Variables can also be entered using command arguments by specifying `-var 'var=VALUE'`, for example ```terraform plan -var 'access_key=foo' -var 'secret_key=bar'``` + +`terraform apply` will not however save your input values (access and secret keys) and you'll be required to provide them for each update, to avoid this create a `terraform.tfvars` variables file with your access and secret keys that looks like, the below (replace foo and bar with your values): + +``` +access_key = "foo" +secret_key = "bar" +``` + +Adding the public subnet +------------------------ + +Lets now add a public subnet with a ip range of 10.128.0.0/24 and attach a internet gateway, create a `public-subnet.tf` with the below configuration: + +``` +/* Internet gateway for the public subnet */ +resource "aws_internet_gateway" "default" { + vpc_id = "${aws_vpc.default.id}" +} + +/* Public subnet */ +resource "aws_subnet" "public" { + vpc_id = "${aws_vpc.default.id}" + cidr_block = "${var.public_subnet_cidr}" + availability_zone = "us-west-1a" + map_public_ip_on_launch = true + depends_on = ["aws_internet_gateway.default"] + tags { + Name = "public" + } +} + +/* Routing table for public subnet */ +resource "aws_route_table" "public" { + vpc_id = "${aws_vpc.default.id}" + route { + cidr_block = "0.0.0.0/0" + gateway_id = "${aws_internet_gateway.default.id}" + } +} + +/* Associate the routing table to public subnet */ +resource "aws_route_table_association" "public" { + subnet_id = "${aws_subnet.public.id}" + route_table_id = "${aws_route_table.public.id}" +} +``` + +Anything under ```/* .. */``` will be considered as comments. + +Running `terraform plan` will generate an execution plan for you to verify before creating the actual resources, it is recommended that you always inspect the plan before running the `apply` command. + +Resource dependencies are implicitly determined during the refresh phase (in planing and application phases). They can also be explicitly defined using ```depends_on``` parameter. In the above configuration, resource ```aws_subnet.public``` depends on ```aws_internet_gatway.default``` and will only be created after ```aws_internet_gateway.default``` is successfully created. + +The output of `terraform plan` should look something like the below: + +```sh +$ terraform plan + +Refreshing Terraform state prior to plan... + +aws_vpc.default: Refreshing state... (ID: vpc-30965455) + +The Terraform execution plan has been generated and is shown below. +Resources are shown in alphabetical order for quick scanning. Green resources +will be created (or destroyed and then created if an existing resource +exists), yellow resources are being changed in-place, and red resources +will be destroyed. + +Note: You didn't specify an "-out" parameter to save this plan, so when +"apply" is called, Terraform can't guarantee this is what will execute. + ++ aws_internet_gateway.default + vpc_id: "" => "vpc-30965455" + ++ aws_route_table.public + route.#: "" => "1" + route.~1235774185.cidr_block: "" => "0.0.0.0/0" + route.~1235774185.gateway_id: "" => "${aws_internet_gateway.default.id}" + route.~1235774185.instance_id: "" => "" + vpc_id: "" => "vpc-30965455" + ++ aws_route_table_association.public + route_table_id: "" => "${aws_route_table.public.id}" + subnet_id: "" => "${aws_subnet.public.id}" + ++ aws_subnet.public + availability_zone: "" => "us-west-1a" + cidr_block: "" => "10.128.0.0/24" + map_public_ip_on_launch: "" => "1" + tags.#: "" => "1" + tags.Name: "" => "public" + vpc_id: "" => "vpc-30965455" +``` + +*The vpc_id will different in your actual output from the above example output* + +The `+` before `aws_internet_gateway.default` indicates that a new resource will be created. + +After reviewing your plan, run `terraform apply` to create your resources. You can verify the subnet has been created by running `terraform show` or by visiting the aws console. + +Create security groups +---------------------- + +We will creating 3 security groups: + +- default: default security group that allows inbound and outbound traffic from all instances in the VPC +- nat: security group for nat instances that allows SSH traffic from internet +- web: security group that allows web traffic from the internet + +Create your security groups in a `security-groups.tf` file with the below configuration: + +``` +/* Default security group */ +resource "aws_security_group" "default" { + name = "default-airpair-example" + description = "Default security group that allows inbound and outbound traffic from all instances in the VPC" + vpc_id = "${aws_vpc.default.id}" + + ingress { + from_port = "0" + to_port = "0" + protocol = "-1" + self = true + } + + tags { + Name = "airpair-example-default-vpc" + } +} + +/* Security group for the nat server */ +resource "aws_security_group" "nat" { + name = "nat-airpair-example" + description = "Security group for nat instances that allows SSH and VPN traffic from internet" + vpc_id = "${aws_vpc.default.id}" + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 1194 + to_port = 1194 + protocol = "udp" + cidr_blocks = ["0.0.0.0/0"] + } + + tags { + Name = "nat-airpair-example" + } +} + +/* Security group for the web */ +resource "aws_security_group" "web" { + name = "web-airpair-example" + description = "Security group for web that allows web traffic from internet" + vpc_id = "${aws_vpc.default.id}" + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + tags { + Name = "web-airpair-example" + } +} +``` + +Run `terraform plan`, review your changes and run `terraform apply`. You should see a message: + +```sh +... + +Apply complete! Resources: 3 added, 0 changed, 0 destroyed. + +... +``` + +Create SSH Key Pair +------------------- + +We will need a default ssh key to be bootstrapped on the newly created instances to be able to login. Make sure you have `ssh` directory and generate a new key by running the: + +```sh +$ sh-keygen -t rsa -C "insecure-deployer" -P '' -f ssh/insecure-deployer +``` + +The above command will create a public-private key pair in `ssh` directory, this is an insecure key and should be replaced after the instance is bootstrapped. + +Create a new file `key-pairs.sh` with the below config and register the newly generated SSH key pair by running`terraform plan` and `terraform apply`. + +``` +resource "aws_key_pair" "deployer" { + key_name = "deployer-key" + public_key = "${file(\"ssh/insecure-deployer.pub\")}" +} +``` + +Terraform interpolation syntax also allows reading data from files using `$file("path/to/file")`. Variables in this file are not interpolated. The contents of the file are read as-is. + +Create NAT Instance +------------------- + +NAT instances reside in the public subnet and in order to route traffic, they need to have 'source destination check' disabled. They belong to the `default` secruity group to allow traffic from instances in that group and `nat` security group to allow SSH and VPN traffic from the internet. + +Create a file `nat-server.tf` with the below config: + +``` +/* NAT/VPN server */ +resource "aws_instance" "nat" { + ami = "${lookup(var.amis, var.region)}" + instance_type = "t2.micro" + subnet_id = "${aws_subnet.public.id}" + security_groups = ["${aws_security_group.default.id}", "${aws_security_group.nat.id}"] + key_name = "${aws_key_pair.deployer.key_name}" + source_dest_check = false + tags = { + Name = "nat" + } + connection { + user = "ubuntu" + key_file = "ssh/insecure-deployer" + } + provisioner "remote-exec" { + inline = [ + "sudo iptables -t nat -A POSTROUTING -j MASQUERADE", + "echo 1 > /proc/sys/net/ipv4/conf/all/forwarding", + /* Install docker */ + "curl -sSL https://get.docker.com/ubuntu/ | sudo sh", + /* Initialize open vpn data container */ + "sudo mkdir -p /etc/openvpn", + "sudo docker run --name ovpn-data -v /etc/openvpn busybox", + /* Generate OpenVPN server config */ + "sudo docker run --volumes-from ovpn-data --rm gosuri/openvpn ovpn_genconfig -p ${var.vpc_cidr} -u udp://${aws_instance.nat.public_ip}" + ] + } +} +``` + +In order for that NAT instance to route packets, [iptables](http://ipset.netfilter.org/iptables.man.html) needs to be configured be with a rule in the `nat` table for [IP Masquerade](http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/ipmasq-background2.1.html). We also need to install docker, download the openvpn container and generate server configuration. + +Terraform provides a set of [provisioning options](https://www.terraform.io/docs/provisioners/index.html) that can be used to run arbitrary commands on the instances when they are created. For our nat instance above, we use ```remote-exec``` to execute the set of commands on the instance. + +``connection`` block defines the [connection parameters](https://www.terraform.io/docs/provisioners/connection.html) for ssh access to the instance. + +Create private subnet and configure routing +------------------------------------------- + +Create a private subnet with a CIDR range of 10.128.1.0/24 and configure the routing table to route all traffic via the nat. Append 'main.tf' with the below config: + +``` +/* Private subnet */ +resource "aws_subnet" "private" { + vpc_id = "${aws_vpc.default.id}" + cidr_block = "${var.private_subnet_cidr}" + availability_zone = "us-west-1a" + map_public_ip_on_launch = false + depends_on = ["aws_instance.nat"] + tags { + Name = "private" + } +} + +/* Routing table for private subnet */ +resource "aws_route_table" "private" { + vpc_id = "${aws_vpc.default.id}" + route { + cidr_block = "0.0.0.0/0" + instance_id = "${aws_instance.nat.id}" + } +} + +/* Associate the routing table to public subnet */ +resource "aws_route_table_association" "private" { + subnet_id = "${aws_subnet.private.id}" + route_table_id = "${aws_route_table.private.id}" +} +``` + +Notice our second time use of ```depends_on```, in this case it only creates the private subnet after provisioning the NAT instance. With out the iptables configuration, the instances in the private subnet will not be able to access internet and will fail to download docker containers. + +Run ```terraform plan``` and ```terraform apply``` to create the resources. + +Adding app instances and a load balancer +---------------------------------------- + +Lets add two app servers running nginx containers in the private subnet and configure a load balancer in the public subnet. + +The app servers are not accessible directly from the internet and can be accessed via the VPN. Since we haven't configured our VPN yet to access the instances, we will provision the instances using by bootrapping `cloud-init` yaml file via the ```user_data``` parameter. + +`cloud-init` is a defacto multi-distribution package that handles early initialization of a cloud instance. You can see various examples [in the documentation](http://cloudinit.readthedocs.org/en/latest/topics/examples.html) + +Create `app.yml` cloud config file under `cloud-config` directory with the below config: + +```yaml +#cloud-config +# Cloud config for application servers + +runcmd: + # Install docker + - curl -sSL https://get.docker.com/ubuntu/ | sudo sh + # Run nginx + - docker run -d -p 80:80 dockerfile/nginx + +``` + +Create `app-servers.tf` file with the below configuration: + +``` +/* App servers */ +resource "aws_instance" "app" { + count = 2 + ami = "${lookup(var.amis, var.region)}" + instance_type = "t2.micro" + subnet_id = "${aws_subnet.private.id}" + security_groups = ["${aws_security_group.default.id}"] + key_name = "${aws_key_pair.deployer.key_name}" + source_dest_check = false + user_data = "${file(\"cloud-config/app.yml\")}" + tags = { + Name = "airpair-example-app-${count.index}" + } +} + +/* Load balancer */ +resource "aws_elb" "app" { + name = "airpair-example-elb" + subnets = ["${aws_subnet.public.id}"] + security_groups = ["${aws_security_group.default.id}", "${aws_security_group.web.id}"] + listener { + instance_port = 80 + instance_protocol = "http" + lb_port = 80 + lb_protocol = "http" + } + instances = ["${aws_instance.app.*.id}"] +} +``` + +`count` parameter indicates the number of identical resources to create and `${count.index}` interpolation in the name tag provides the current index. + +You read more about using count in resources at [terraform variable documentation](https://www.terraform.io/docs/configuration/resources.html#using-variables-with-count) + +Run ```terraform plan``` and ```terraform apply``` + +Allowing generated configuration to be easily accessable to other programs +-------------------------------------------------------------------------- + +Terraform allows for defining output to templates, output variables can be accessed by running ```terraform output VARIABLE```. + +Create `outputs.tf` file with the below configuration: + +``` +output "app.0.ip" { + value = "${aws_instance.app.0.private_ip}" +} + +output "app.1.ip" { + value = "${aws_instance.app.1.private_ip}" +} + +output "nat.ip" { + value = "${aws_instance.nat.public_ip}" +} + +output "elb.hostname" { + value = "${aws_elb.app.dns_name}" +} +``` + +Since we are not changing any values, run `terraform apply` to populate outputs in the state file. Inspect the `elb.hostname` by running: + +$ open "http://$(terraform output elb.hostname)" + +The above command will open a web browser. If you get an connection error, it is likely the DNS has not propogated in time and you should try again after a few minutes. + +Configure OpenVPN server and generate client config +--------------------------------------------------- + +The below steps configure the VPN servers and generate a client configuration with embedded keys to connect with your openvpn client on your workstation. + +Considering the commands are fairly long, we will be creating command wrappers to be able to easily run them again. A big part of operatinaly effiency comes from our ability to simply complicated commands which are unlikely to be easily recalled. After each successful step, we will save the command under `bin` in an executable file. + +1. Initialize PKI and save the command under bin/ovpn-init + + ```sh + $ cat > bin/ovpn-init < bin/ovpn-start < bin/ovpn-new-client < bin/ovpn-client-config < "\${1}-airpair-example.ovpn" + EOF + + $ chmod +x bin/ovpn-client-config + $ bin/ovpn-client-config $USER + ``` + +5. The above command creates `$USER-airpair-example.ovpn` client configuration file in the current directory, double click on the file to import the configuration to your VPN client. You can also connection using iPhone/Android device, check out [OpenVPN Connect for iPhone](https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8) and [OpenVPN Connect on Play Store](https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en) + +Test your private connection +---------------------------- + +After successfully connecting using the VPN client, connect to one of app servers using a private IP address to validate that you have a connection: + +```sh +$ open "http://$(terraform output app.1.ip)" + +``` + +Alternatively, you can also ssh into the private instance + +```sh +$ ssh -t -i ssh/insecure-deployer "ubuntu@$(terraform output app.1.ip)" +``` + +Teardown infrastructure +----------------------- + +Destroy our infructure by running `destroy` command and answering with `yes` for confimation, make sure to disconnect from the VPN to be retain internet connection: + +```sh +$ terraform destroy + +Do you really want to destroy? + Terraform will delete all your managed infrastructure. + There is no undo. Only 'yes' will be accepted to confirm. + + Enter a value: yes + +... + +Apply complete! Resources: 0 added, 0 changed, 16 destroyed. +``` + +Conclusion +---------- + +There is a lot more to Terraform than what was convered in this post, checkout [terraform.io](https://terraform.io) and the [github project](http://github.com/hashicorp/terraform) to see more this amazing tool. + +I hope you found this guide useful, I gave my best to keep the guide accurate and updated, if there is any part of the guide that you felt could use imporovement, please leave a comment and I will attend to it promptly. + +I hope to continue to write more guides on various topics that I think will be useful to improve operational efficienty and readiness. You can reach me [Twitter at @kn0tch](https://twitter.com/kn0tch) if you have a recomendation for topic or want simply want stay connected, I'm usually active and always looking foward to a good conversation, come say hi! From ae58c120b0cb447bbdb8e101abf2979c3f7022f7 Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 04:45:01 -0800 Subject: [PATCH 02/30] Typo/Grammer fixes --- post.md | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/post.md b/post.md index d515249..7781a87 100644 --- a/post.md +++ b/post.md @@ -1,36 +1,38 @@ -Data is a crucial part of our infrastructure and particularly vulnerable while it is traveling over the Internet. Securing the transportation of data is a fundamental requirement for a secure network. +Guide to automating a multi-tiered application securely on AWS with Docker and Terraform. +========================================================================================= -While there are server transport level protocols to secure the transmission, connecting networked resource in a private network is the most basic and common way to keep our data secure. +Data is a crucial part of our infrastructure and particularly vulnerable while it is traveling over the Internet. Securing the transportation of data is a fundamental requirement for a secure network. -I wrote this in guide in an attempt to to help you a build such a network on AWS along with a secure way to access them using a VPN. +While there are serval transport level protocols available for encrypting communications, communicating privately in a closed network is the most common and efficient way to keep data secure. -I kept the scope limited to building the private network and did not cover application and OS level security which are also equally important. +I wrote this guide in an attempt to help the reader build such a network on AWS along with a secure way to access it’s resources using a VPN. -This is a technical guide, the audiences this guide is intended for are: +Before we begin +--------------- -- Developers with little or no system administration experience wanting to deploy applications on AWS. -- System administrators wanting to understand automation. +This is a technical guide and the reader is expected to have basic level of linux command line knowledge. The audiences this guide is intended for are: -A basic level of linux command line knowledge is required as well. +- Application developers with little or no systems administration experience and wanting to deploy applications on AWS. +- System administrators with little of no experience with infrastructure automation and wanting to learn more. +- Any one that wants to get a feel for the current state of cloud automation tooling. -Before we begin ---------------- +I kept the scope limited to building a private network and did not cover application and OS level security which are also equally important. -As you walk thru various sections of this guide, you will be creating real network resources that cost money. I did my best to keep the utilization footprint to the lowest possible configuration and I estimate less than hour to complete all the steps in this guide. +As you walk thru various sections of this guide, you will be creating real aws resources that cost money. I did my best to keep the utilization footprint to the lowest possible configuration and I estimate less than hour to complete all the steps in this guide at $0.079/hr By the end, to demonstrate the disposable nature of infstrasture-of-code, we will be destroying all the infrastructure components that were created during the course of this tutorial. Please have the below ready before we begin: -- AWS access and secret keys to an active AWS account -- A unix/linux workstation with internet connection, almost all commands will work on Windows too with a shell emulator like cygwin +- AWS access and secret keys to an active AWS account. +- A unix/linux workstation with internet connection, almost all commands will work on Windows too with a shell emulator like cygwin. What we will be building ------------------------ We will essentially be building a Virtual Private Cloud (VPC) on AWS along with a public and a private subnet (sub-networks) pair. -Instances in the private subnet cannot directly access the internet thereby making the the subnet an ideal place for application and database servers. +Instances in the private subnet cannot directly access the internet thereby making the subnet an ideal place for application and database servers. During the course of this tutorial, we will be creating our application instances in the private subnet. The private subnet will also be where you should be hosting application support instances like database instances, cache servers, log hosts, build servers, configuration stores etc. Instances in the private subnet rely on a Network Address Translation (NAT) server running in the public subnet to connect to the internet. From 70d467fe378599c0f4022111ceff90fdcbd8a84b Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 04:45:22 -0800 Subject: [PATCH 03/30] Removed double headlines --- post.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/post.md b/post.md index 7781a87..444cb3a 100644 --- a/post.md +++ b/post.md @@ -1,6 +1,3 @@ -Guide to automating a multi-tiered application securely on AWS with Docker and Terraform. -========================================================================================= - Data is a crucial part of our infrastructure and particularly vulnerable while it is traveling over the Internet. Securing the transportation of data is a fundamental requirement for a secure network. While there are serval transport level protocols available for encrypting communications, communicating privately in a closed network is the most common and efficient way to keep data secure. From 633d8b1f7a1a6fa20fb79d97789365921dfea3dc Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 05:37:26 -0800 Subject: [PATCH 04/30] Update post.md --- post.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/post.md b/post.md index 444cb3a..f09d724 100644 --- a/post.md +++ b/post.md @@ -24,8 +24,8 @@ Please have the below ready before we begin: - AWS access and secret keys to an active AWS account. - A unix/linux workstation with internet connection, almost all commands will work on Windows too with a shell emulator like cygwin. -What we will be building ------------------------- +The Private Network +------------------- We will essentially be building a Virtual Private Cloud (VPC) on AWS along with a public and a private subnet (sub-networks) pair. From 288a9f8b3ceeab2c98cf978598faaeac64d8d522 Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 05:46:07 -0800 Subject: [PATCH 05/30] Update post.md --- post.md | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/post.md b/post.md index f09d724..e34630b 100644 --- a/post.md +++ b/post.md @@ -67,9 +67,8 @@ It provides powerful primitives to elegantly define your infrastructure as code. In simple terms, terraforming begins with you describing the desired state of your infrastructure in a configuration file, it then generates an execution plan describing what it will do to reach that desired state. You can then choose to execute (or modify) the plan to build, remove or modify desired components. - -Settting up your workstation ------------------------------ +Preparing your workstation +-------------------------- You can install terraform using [Homebrew](http://brew.sh) on a Mac using ```brew update && brew install terraform```. @@ -94,8 +93,8 @@ Available commands are: version Prints the Terraform version ``` -Setting your project directory ------------------------------- +Your project directory +---------------------- Create a directory to host your project files. For our example, we will use `$HOME/infrastructure`, with the below structure: @@ -107,8 +106,9 @@ Create a directory to host your project files. For our example, we will use `$HO ``` ```sh -$ mkdir -p $HOME/infrastructure/cloud-config $HOME/infrastructure/ssh $HOME/infrastructure/ssh +$ mkdir -p $HOME/infrastructure $ cd $HOME/infrastructure +$ mkdir -p cloud-config ssh bin ``` Defining variables for your infrastructure @@ -192,9 +192,6 @@ for access key will read the value from the user provided for variable ```access You will see extensive usage of interpolation in the coming sections of this guide. -Provisioning your VPC ---------------------- - Running `terraform apply` will create the VPC by prompting you to to input AWS access and secret keys, the output should look like look like the below. For default values, hitting `` key will assign default values defined in the `variables.tf` file. ```sh @@ -337,8 +334,8 @@ The `+` before `aws_internet_gateway.default` indicates that a new resource will After reviewing your plan, run `terraform apply` to create your resources. You can verify the subnet has been created by running `terraform show` or by visiting the aws console. -Create security groups ----------------------- +Creating security groups +------------------------ We will creating 3 security groups: @@ -622,7 +619,9 @@ output "elb.hostname" { Since we are not changing any values, run `terraform apply` to populate outputs in the state file. Inspect the `elb.hostname` by running: +```sh $ open "http://$(terraform output elb.hostname)" +``` The above command will open a web browser. If you get an connection error, it is likely the DNS has not propogated in time and you should try again after a few minutes. @@ -732,4 +731,4 @@ There is a lot more to Terraform than what was convered in this post, checkout [ I hope you found this guide useful, I gave my best to keep the guide accurate and updated, if there is any part of the guide that you felt could use imporovement, please leave a comment and I will attend to it promptly. -I hope to continue to write more guides on various topics that I think will be useful to improve operational efficienty and readiness. You can reach me [Twitter at @kn0tch](https://twitter.com/kn0tch) if you have a recomendation for topic or want simply want stay connected, I'm usually active and always looking foward to a good conversation, come say hi! +I hope to continue to write more guides on various topics that I think will be useful. If you have a recomendation for topic or want simply want stay connected, I'm on twitter [@kn0tch](https://twitter.com/kn0tch). I'm usually active and always looking foward to a good conversation, come say hi! From 1828027a8bccc019f83880a80130d9d82eebe7ad Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 05:47:57 -0800 Subject: [PATCH 06/30] Update post.md --- post.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/post.md b/post.md index e34630b..eb29a78 100644 --- a/post.md +++ b/post.md @@ -729,6 +729,6 @@ Conclusion There is a lot more to Terraform than what was convered in this post, checkout [terraform.io](https://terraform.io) and the [github project](http://github.com/hashicorp/terraform) to see more this amazing tool. -I hope you found this guide useful, I gave my best to keep the guide accurate and updated, if there is any part of the guide that you felt could use imporovement, please leave a comment and I will attend to it promptly. +I hope you found this guide useful, I gave my best to keep the it accurate and updated, if there is any part of the guide that you felt could use imporovement, please leave a comment and I will attend to it promptly. -I hope to continue to write more guides on various topics that I think will be useful. If you have a recomendation for topic or want simply want stay connected, I'm on twitter [@kn0tch](https://twitter.com/kn0tch). I'm usually active and always looking foward to a good conversation, come say hi! +I'm hoping to continue to write more guides on various topics that I think will be useful. If you have a recomendation for topic or want simply want stay connected, I'm on twitter [@kn0tch](https://twitter.com/kn0tch). I'm usually active and always looking foward to a good conversation, come say hi! From db2a28a2bfc9bb7021567b971fed9b9691d6291c Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 06:06:00 -0800 Subject: [PATCH 07/30] Typo update --- post.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/post.md b/post.md index eb29a78..af0cca0 100644 --- a/post.md +++ b/post.md @@ -61,7 +61,7 @@ Infrastructure as code lays the foundation for agility that aligns with your pro The Terraform Way ----------------- -[Terraform](https://www.terraform.io) is automation tool for the cloud from creators of Vagrant, [Hashicorp](https://hashicorp.com) (Creators of [Vagrant](https://www.vagrantup.com), [Consul](https://www.consul.io) and many more sysadmin favorites). +[Terraform](https://www.terraform.io) is automation tool for the cloud from from [Hashicorp](https://hashicorp.com) (Creators of [Vagrant](https://www.vagrantup.com), [Consul](https://www.consul.io) and many more sysadmin favorites). It provides powerful primitives to elegantly define your infrastructure as code. It’s simple yet powerful syntax to describe infrastructure components allow you to build complex, version controlled, collaborative, heterogeneous and disposable systems at a very high productivity. From ab414191637f009132e430eaefd06ecbc1a95d57 Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 06:07:18 -0800 Subject: [PATCH 08/30] Extra from --- post.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/post.md b/post.md index af0cca0..ed71977 100644 --- a/post.md +++ b/post.md @@ -61,7 +61,7 @@ Infrastructure as code lays the foundation for agility that aligns with your pro The Terraform Way ----------------- -[Terraform](https://www.terraform.io) is automation tool for the cloud from from [Hashicorp](https://hashicorp.com) (Creators of [Vagrant](https://www.vagrantup.com), [Consul](https://www.consul.io) and many more sysadmin favorites). +[Terraform](https://www.terraform.io) is automation tool for the cloud from [Hashicorp](https://hashicorp.com) (Creators of [Vagrant](https://www.vagrantup.com), [Consul](https://www.consul.io) and many more sysadmin favorites). It provides powerful primitives to elegantly define your infrastructure as code. It’s simple yet powerful syntax to describe infrastructure components allow you to build complex, version controlled, collaborative, heterogeneous and disposable systems at a very high productivity. From bd0cb2cfba902a6428af76b2abe2b7221a0667ea Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 12:44:03 -0800 Subject: [PATCH 09/30] Typos/Spelling --- post.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/post.md b/post.md index ed71977..1130f54 100644 --- a/post.md +++ b/post.md @@ -1,16 +1,17 @@ -Data is a crucial part of our infrastructure and particularly vulnerable while it is traveling over the Internet. Securing the transportation of data is a fundamental requirement for a secure network. +Data is a crucial part of our infrastructure and particularly vulnerable while it is traveling over the Internet. Securing its transportation is a fundamental requirement for a secure network. -While there are serval transport level protocols available for encrypting communications, communicating privately in a closed network is the most common and efficient way to keep data secure. +While there are serval transport level protocols available for encrypting the transit, communicating privately in a closed network is the most common and efficient way to keep data secure. I wrote this guide in an attempt to help the reader build such a network on AWS along with a secure way to access it’s resources using a VPN. Before we begin --------------- -This is a technical guide and the reader is expected to have basic level of linux command line knowledge. The audiences this guide is intended for are: - +This is a technical guide and the reader is expected to have a basic linux command line knowledge. The audience this guide is intended for: + - Application developers with little or no systems administration experience and wanting to deploy applications on AWS. -- System administrators with little of no experience with infrastructure automation and wanting to learn more. +- System administrators with little or no experience with infrastructure automation and wanting to learn more. +- Infrastructure automation engineers that want to explore cloud provider resource automation. - Any one that wants to get a feel for the current state of cloud automation tooling. I kept the scope limited to building a private network and did not cover application and OS level security which are also equally important. @@ -27,11 +28,11 @@ Please have the below ready before we begin: The Private Network ------------------- -We will essentially be building a Virtual Private Cloud (VPC) on AWS along with a public and a private subnet (sub-networks) pair. +During the course of this tutorial, we will essentially be building a Virtual Private Cloud (VPC) on AWS along with a public and a private subnet (sub-networks) pair. Instances in the private subnet cannot directly access the internet thereby making the subnet an ideal place for application and database servers. -During the course of this tutorial, we will be creating our application instances in the private subnet. The private subnet will also be where you should be hosting application support instances like database instances, cache servers, log hosts, build servers, configuration stores etc. Instances in the private subnet rely on a Network Address Translation (NAT) server running in the public subnet to connect to the internet. +We will also be building two application instances that reside in the private subnet. The private subnet will also be where you should be hosting application support instances like database instances, cache servers, log hosts, build servers, configuration stores etc. Instances in the private subnet rely on a Network Address Translation (NAT) server running in the public subnet to connect to the internet. All Instances in the public subnet can transmit inbound and outbound traffic to and from the internet, the routing resources such as load balancers, vpn and nat servers reside in this subnet. From d25a3c3da4ac32c7971c0b0f4f495502ed610e2d Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 12:46:20 -0800 Subject: [PATCH 10/30] Typos/Spelling --- post.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/post.md b/post.md index 1130f54..bff3307 100644 --- a/post.md +++ b/post.md @@ -36,9 +36,9 @@ We will also be building two application instances that reside in the private su All Instances in the public subnet can transmit inbound and outbound traffic to and from the internet, the routing resources such as load balancers, vpn and nat servers reside in this subnet. -The NAT server will also run a OpenVPN server, a full-featured SSL VPN which implements OSI layer 3 secure network extension using the industry standard SSL/TLS protocol over a UDP encapsulated network. +The NAT server we will be building will also run an OpenVPN server. Its a full-featured SSL VPN which implements OSI layer 3 secure network extension using the industry standard SSL/TLS protocol over a UDP encapsulated network. -In the later part of this guide, we will connect to our private networking using this VPN server using a compatible OpenVPN client. On a Mac, [Viscosity for Mac](https://www.sparklabs.com/viscosity) is a good commercial client and my personal favorite. [Tunnelblick](https://code.google.com/p/tunnelblick/) a open-source client that’s compatible too. +In the later part of this guide, we will connect to our private network using via this VPN server using a compatible OpenVPN client. On a Mac, [Viscosity](https://www.sparklabs.com/viscosity) is a good commercial client and my personal favorite. [Tunnelblick](https://code.google.com/p/tunnelblick/) is free and open-source client that’s compatible too. For other operating systems, see [openvpn clients page](https://openvpn.net/index.php/access-server/docs/admin-guides/182-how-to-connect-to-access-server-with-linux-clients.html) for a list. From 84bc6058181edff18095f510e82e7ac6cf9e3820 Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 12:47:25 -0800 Subject: [PATCH 11/30] Typos/Spelling --- post.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/post.md b/post.md index bff3307..d7001ad 100644 --- a/post.md +++ b/post.md @@ -53,7 +53,7 @@ To summarize, we will be building the below components: - Application servers running nginx docker containers in a private subnet - Load balancers in the public subnet to manage and route web traffic to app servers -Although all the above mentioned components can be built and managed using the native AWS web console, it makes your infrastructure operationally vulnerable to changes and surprises. +Although all the above mentioned components can be built and managed using the native AWS web console, building it such way leaves your infrastructure vulnerable to operationally changes and surprises. Automating the building, changing, and versioning your infrastructure safely and efficiently increases your operational readiness exponentially. It allows you move at an higher velocity you grow your infrastructure. From 0d6bed4fa11ca9135c9e4777dbf0383c0b2f0bc5 Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 12:48:11 -0800 Subject: [PATCH 12/30] Typos/Spelling --- post.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/post.md b/post.md index d7001ad..7eca34c 100644 --- a/post.md +++ b/post.md @@ -55,7 +55,7 @@ To summarize, we will be building the below components: Although all the above mentioned components can be built and managed using the native AWS web console, building it such way leaves your infrastructure vulnerable to operationally changes and surprises. -Automating the building, changing, and versioning your infrastructure safely and efficiently increases your operational readiness exponentially. It allows you move at an higher velocity you grow your infrastructure. +Automating the building, changing, and versioning your infrastructure safely and efficiently increases your operational readiness exponentially. It allows you move at an higher velocity as you grow and evolve your infrastructure. Infrastructure as code lays the foundation for agility that aligns with your product develop efforts opens a path way to easily scale to many types of clouds to manage heterogeneous information systems. From ce0bf42177d103a54302bfdce318f7a225371703 Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 12:50:10 -0800 Subject: [PATCH 13/30] Typos/Spelling --- post.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/post.md b/post.md index 7eca34c..5016556 100644 --- a/post.md +++ b/post.md @@ -18,7 +18,7 @@ I kept the scope limited to building a private network and did not cover applica As you walk thru various sections of this guide, you will be creating real aws resources that cost money. I did my best to keep the utilization footprint to the lowest possible configuration and I estimate less than hour to complete all the steps in this guide at $0.079/hr -By the end, to demonstrate the disposable nature of infstrasture-of-code, we will be destroying all the infrastructure components that were created during the course of this tutorial. +By the end, to demonstrate the disposable nature of infstrasture-as-code, we will be destroying all the infrastructure components that were created during the course of this tutorial. Please have the below ready before we begin: @@ -62,7 +62,7 @@ Infrastructure as code lays the foundation for agility that aligns with your pro The Terraform Way ----------------- -[Terraform](https://www.terraform.io) is automation tool for the cloud from [Hashicorp](https://hashicorp.com) (Creators of [Vagrant](https://www.vagrantup.com), [Consul](https://www.consul.io) and many more sysadmin favorites). +[Terraform](https://www.terraform.io) is an automation tool for the cloud from [Hashicorp](https://hashicorp.com) (Creators of [Vagrant](https://www.vagrantup.com), [Consul](https://www.consul.io) and many more sysadmin favorites). It provides powerful primitives to elegantly define your infrastructure as code. It’s simple yet powerful syntax to describe infrastructure components allow you to build complex, version controlled, collaborative, heterogeneous and disposable systems at a very high productivity. From 4bb8bb65fd7115d7f7d8047f9b8d9e20367aaca5 Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 17:07:25 -0800 Subject: [PATCH 14/30] added terraform source files --- .gitignore | 4 + terraform/README.md | 738 ++++++++++++++++++++++++++++ terraform/app-servers.tf | 28 ++ terraform/assets/header.png | Bin 0 -> 307256 bytes terraform/aws-vpc.tf | 15 + terraform/bin/ovpn-client-config | 1 + terraform/bin/ovpn-init | 1 + terraform/bin/ovpn-new-client | 1 + terraform/bin/ovpn-start | 1 + terraform/cloud-config/app.yml | 8 + terraform/key-pairs.tf | 5 + terraform/nat-server.tf | 29 ++ terraform/outputs.tf | 15 + terraform/private-subnet.tf | 26 + terraform/public-subnet.tf | 31 ++ terraform/security-groups.tf | 68 +++ terraform/ssh/insecure-deployer | 27 + terraform/ssh/insecure-deployer.pub | 1 + terraform/variables.tf | 36 ++ 19 files changed, 1035 insertions(+) create mode 100644 .gitignore create mode 100644 terraform/README.md create mode 100644 terraform/app-servers.tf create mode 100644 terraform/assets/header.png create mode 100644 terraform/aws-vpc.tf create mode 100755 terraform/bin/ovpn-client-config create mode 100755 terraform/bin/ovpn-init create mode 100755 terraform/bin/ovpn-new-client create mode 100755 terraform/bin/ovpn-start create mode 100644 terraform/cloud-config/app.yml create mode 100644 terraform/key-pairs.tf create mode 100644 terraform/nat-server.tf create mode 100644 terraform/outputs.tf create mode 100644 terraform/private-subnet.tf create mode 100644 terraform/public-subnet.tf create mode 100644 terraform/security-groups.tf create mode 100644 terraform/ssh/insecure-deployer create mode 100644 terraform/ssh/insecure-deployer.pub create mode 100644 terraform/variables.tf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..17b0f6c --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +.DS_Store +*.tfvars +*.tfstate* +*.ovpn diff --git a/terraform/README.md b/terraform/README.md new file mode 100644 index 0000000..7781a87 --- /dev/null +++ b/terraform/README.md @@ -0,0 +1,738 @@ +Guide to automating a multi-tiered application securely on AWS with Docker and Terraform. +========================================================================================= + +Data is a crucial part of our infrastructure and particularly vulnerable while it is traveling over the Internet. Securing the transportation of data is a fundamental requirement for a secure network. + +While there are serval transport level protocols available for encrypting communications, communicating privately in a closed network is the most common and efficient way to keep data secure. + +I wrote this guide in an attempt to help the reader build such a network on AWS along with a secure way to access it’s resources using a VPN. + +Before we begin +--------------- + +This is a technical guide and the reader is expected to have basic level of linux command line knowledge. The audiences this guide is intended for are: + +- Application developers with little or no systems administration experience and wanting to deploy applications on AWS. +- System administrators with little of no experience with infrastructure automation and wanting to learn more. +- Any one that wants to get a feel for the current state of cloud automation tooling. + +I kept the scope limited to building a private network and did not cover application and OS level security which are also equally important. + +As you walk thru various sections of this guide, you will be creating real aws resources that cost money. I did my best to keep the utilization footprint to the lowest possible configuration and I estimate less than hour to complete all the steps in this guide at $0.079/hr + +By the end, to demonstrate the disposable nature of infstrasture-of-code, we will be destroying all the infrastructure components that were created during the course of this tutorial. + +Please have the below ready before we begin: + +- AWS access and secret keys to an active AWS account. +- A unix/linux workstation with internet connection, almost all commands will work on Windows too with a shell emulator like cygwin. + +What we will be building +------------------------ + +We will essentially be building a Virtual Private Cloud (VPC) on AWS along with a public and a private subnet (sub-networks) pair. + +Instances in the private subnet cannot directly access the internet thereby making the subnet an ideal place for application and database servers. + +During the course of this tutorial, we will be creating our application instances in the private subnet. The private subnet will also be where you should be hosting application support instances like database instances, cache servers, log hosts, build servers, configuration stores etc. Instances in the private subnet rely on a Network Address Translation (NAT) server running in the public subnet to connect to the internet. + +All Instances in the public subnet can transmit inbound and outbound traffic to and from the internet, the routing resources such as load balancers, vpn and nat servers reside in this subnet. + +The NAT server will also run a OpenVPN server, a full-featured SSL VPN which implements OSI layer 3 secure network extension using the industry standard SSL/TLS protocol over a UDP encapsulated network. + +In the later part of this guide, we will connect to our private networking using this VPN server using a compatible OpenVPN client. On a Mac, [Viscosity for Mac](https://www.sparklabs.com/viscosity) is a good commercial client and my personal favorite. [Tunnelblick](https://code.google.com/p/tunnelblick/) a open-source client that’s compatible too. + +For other operating systems, see [openvpn clients page](https://openvpn.net/index.php/access-server/docs/admin-guides/182-how-to-connect-to-access-server-with-linux-clients.html) for a list. + +To summarize, we will be building the below components: + +- VPC +- Internet Gateway for public subnet +- Public subnet for routing instances +- Private subnet for application resources +- Routing tables for public and private subnets +- NAT/VPN server to route outbound traffic from your instances in private network and provide your workstation secure access to network resources. +- Application servers running nginx docker containers in a private subnet +- Load balancers in the public subnet to manage and route web traffic to app servers + +Although all the above mentioned components can be built and managed using the native AWS web console, it makes your infrastructure operationally vulnerable to changes and surprises. + +Automating the building, changing, and versioning your infrastructure safely and efficiently increases your operational readiness exponentially. It allows you move at an higher velocity you grow your infrastructure. + +Infrastructure as code lays the foundation for agility that aligns with your product develop efforts opens a path way to easily scale to many types of clouds to manage heterogeneous information systems. + +The Terraform Way +----------------- + +[Terraform](https://www.terraform.io) is automation tool for the cloud from creators of Vagrant, [Hashicorp](https://hashicorp.com) (Creators of [Vagrant](https://www.vagrantup.com), [Consul](https://www.consul.io) and many more sysadmin favorites). + +It provides powerful primitives to elegantly define your infrastructure as code. It’s simple yet powerful syntax to describe infrastructure components allow you to build complex, version controlled, collaborative, heterogeneous and disposable systems at a very high productivity. + +In simple terms, terraforming begins with you describing the desired state of your infrastructure in a configuration file, it then generates an execution plan describing what it will do to reach that desired state. You can then choose to execute (or modify) the plan to build, remove or modify desired components. + + +Settting up your workstation +----------------------------- + +You can install terraform using [Homebrew](http://brew.sh) on a Mac using ```brew update && brew install terraform```. + +Alternative, find the [appropriate package](https://www.terraform.io/downloads.html) for your system and download it. Terraform is packaged as a zip archive. After downloading Terraform, unzip the contents of the zip archive to directory that is in your `PATH`, ideally under `/usr/local/bin`. You can verify terraform is properly installed by running `terraform`, it should return something like: + +```sh +usage: terraform [--version] [--help] [] + +Available commands are: + apply Builds or changes infrastructure + destroy Destroy Terraform-managed infrastructure + get Download and install modules for the configuration + graph Create a visual graph of Terraform resources + init Initializes Terraform configuration from a module + output Read an output from a state file + plan Generate and show an execution plan + pull Refreshes the local state copy from the remote server + push Uploads the the local state to the remote server + refresh Update local state file against real resources + remote Configures remote state management + show Inspect Terraform state or plan + version Prints the Terraform version +``` + +Setting your project directory +------------------------------ + +Create a directory to host your project files. For our example, we will use `$HOME/infrastructure`, with the below structure: + +```sh +. +├── cloud-config +├── bin +└── ssh +``` + +```sh +$ mkdir -p $HOME/infrastructure/cloud-config $HOME/infrastructure/ssh $HOME/infrastructure/ssh +$ cd $HOME/infrastructure +``` + +Defining variables for your infrastructure +------------------------------------------ + +Configurations can be defined in any file with '.tf' extension using terraform syntax or as json files. Its a general practice to start with a `variables.tf` that defines all variables that can be easily changed to tune your infrastructure. +Create a file called `variables.tf` with the below contents: + +``` +variable "access_key" { + description = "AWS access key" +} + +variable "secret_key" { + description = "AWS secert access key" +} + +variable "region" { + description = "AWS region to host your network" + default = "us-west-1" +} + +variable "vpc_cidr" { + description = "CIDR for VPC" + default = "10.128.0.0/16" +} + +variable "public_subnet_cidr" { + description = "CIDR for public subnet" + default = "10.128.0.0/24" +} + +variable "private_subnet_cidr" { + description = "CIDR for private subnet" + default = "10.128.1.0/24" +} + +/* Ubuntu 14.04 amis by region */ +variable "amis" { + description = "Base AMI to launch the instances with" + default = { + us-west-1 = "ami-049d8641" + us-east-1 = "ami-a6b8e7ce" + } +} +``` + +The `variable` block defines a single input variable your configuration will require to provision your infrastructure, `description` parameter is used to describe what the variable is for and the `default` parameter gives it a default value, our example requires that you provide ```access_key``` and ```secret_key``` variables and optionally provide ```region```, region will otherwise default to `us-west-1` when not provided. + +Variables can also have multiple default values with keys to access them, such variables are called maps. Values in maps can be accessed using interpolation syntax which will be covered in the coming sections of the guide. + +Creating your first terraform resource - VPC +--------------------------------------------- + +Create a `aws-vpc.tf` file under the current directory with the below configuration: + +``` +/* Setup our aws provider */ +provider "aws" { + access_key = "${var.access_key}" + secret_key = "${var.secret_key}" + region = "${var.region}" +} + +/* Define our vpc */ +resource "aws_vpc" "default" { + cidr_block = "${var.vpc_cidr}" + enable_dns_hostnames = true + tags { + Name = "airpair-example" + } +} +``` + +The `provider` block defines the configuration for the cloud providers, aws in our case. Terraform has support for various other providers like Google Compute Cloud, DigitalOcean, Heroku etc. You can see a full list of supported providers on the [terraform providers page](https://www.terraform.io/docs/providers/index.html). + +The `resource` block defines the resource being created. The above example creates a VPC with a CIDR block of `10.128.0.0/16` and attaches a `Name` tag `airpair-example`, you can read more about various other parameters that can be defined for ```aws_vpc``` on the [aws_vpc resource documentation page](https://www.terraform.io/docs/providers/aws/r/vpc.html) + +Parameters accepts string values that can be [interpolated](https://www.terraform.io/docs/configuration/interpolation.html) when wrapped with `${}`. In the ```aws``` provider block, specifying ```${var.access_key}``` for +for access key will read the value from the user provided for variable ```access_key```. + +You will see extensive usage of interpolation in the coming sections of this guide. + +Provisioning your VPC +--------------------- + +Running `terraform apply` will create the VPC by prompting you to to input AWS access and secret keys, the output should look like look like the below. For default values, hitting `` key will assign default values defined in the `variables.tf` file. + +```sh +$ terraform apply +var.access_key + AWS access key + + Enter a value: foo + +... + +var.secret_key + AWS secert access key + + Enter a value: bar + +... + +aws_vpc.default: Creating... + cidr_block: "" => "10.128.0.0/16" + default_network_acl_id: "" => "" + default_security_group_id: "" => "" + enable_dns_hostnames: "" => "1" + enable_dns_support: "" => "0" + main_route_table_id: "" => "" + tags.#: "" => "1" + tags.Name: "" => "airpair-example" +aws_vpc.default: Creation complete + +Apply complete! Resources: 1 added, 0 changed, 0 destroyed. + +The state of your infrastructure has been saved to the path +below. This state is required to modify and destroy your +infrastructure, so keep it safe. To inspect the complete state +use the `terraform show` command. + +State path: terraform.tfstate +``` + +You can verify the VPC has been created by visiting the [VPC page on aws console](https://console.aws.amazon.com/vpc/home?region=us-west-1#vpcs). The above command will save the state of your infrastructure to `terraform.tfstate` file, this file will be updated each time you run `terraform apply`, you can inspect the current state of your infrastructure by running `terraform show` + +Variables can also be entered using command arguments by specifying `-var 'var=VALUE'`, for example ```terraform plan -var 'access_key=foo' -var 'secret_key=bar'``` + +`terraform apply` will not however save your input values (access and secret keys) and you'll be required to provide them for each update, to avoid this create a `terraform.tfvars` variables file with your access and secret keys that looks like, the below (replace foo and bar with your values): + +``` +access_key = "foo" +secret_key = "bar" +``` + +Adding the public subnet +------------------------ + +Lets now add a public subnet with a ip range of 10.128.0.0/24 and attach a internet gateway, create a `public-subnet.tf` with the below configuration: + +``` +/* Internet gateway for the public subnet */ +resource "aws_internet_gateway" "default" { + vpc_id = "${aws_vpc.default.id}" +} + +/* Public subnet */ +resource "aws_subnet" "public" { + vpc_id = "${aws_vpc.default.id}" + cidr_block = "${var.public_subnet_cidr}" + availability_zone = "us-west-1a" + map_public_ip_on_launch = true + depends_on = ["aws_internet_gateway.default"] + tags { + Name = "public" + } +} + +/* Routing table for public subnet */ +resource "aws_route_table" "public" { + vpc_id = "${aws_vpc.default.id}" + route { + cidr_block = "0.0.0.0/0" + gateway_id = "${aws_internet_gateway.default.id}" + } +} + +/* Associate the routing table to public subnet */ +resource "aws_route_table_association" "public" { + subnet_id = "${aws_subnet.public.id}" + route_table_id = "${aws_route_table.public.id}" +} +``` + +Anything under ```/* .. */``` will be considered as comments. + +Running `terraform plan` will generate an execution plan for you to verify before creating the actual resources, it is recommended that you always inspect the plan before running the `apply` command. + +Resource dependencies are implicitly determined during the refresh phase (in planing and application phases). They can also be explicitly defined using ```depends_on``` parameter. In the above configuration, resource ```aws_subnet.public``` depends on ```aws_internet_gatway.default``` and will only be created after ```aws_internet_gateway.default``` is successfully created. + +The output of `terraform plan` should look something like the below: + +```sh +$ terraform plan + +Refreshing Terraform state prior to plan... + +aws_vpc.default: Refreshing state... (ID: vpc-30965455) + +The Terraform execution plan has been generated and is shown below. +Resources are shown in alphabetical order for quick scanning. Green resources +will be created (or destroyed and then created if an existing resource +exists), yellow resources are being changed in-place, and red resources +will be destroyed. + +Note: You didn't specify an "-out" parameter to save this plan, so when +"apply" is called, Terraform can't guarantee this is what will execute. + ++ aws_internet_gateway.default + vpc_id: "" => "vpc-30965455" + ++ aws_route_table.public + route.#: "" => "1" + route.~1235774185.cidr_block: "" => "0.0.0.0/0" + route.~1235774185.gateway_id: "" => "${aws_internet_gateway.default.id}" + route.~1235774185.instance_id: "" => "" + vpc_id: "" => "vpc-30965455" + ++ aws_route_table_association.public + route_table_id: "" => "${aws_route_table.public.id}" + subnet_id: "" => "${aws_subnet.public.id}" + ++ aws_subnet.public + availability_zone: "" => "us-west-1a" + cidr_block: "" => "10.128.0.0/24" + map_public_ip_on_launch: "" => "1" + tags.#: "" => "1" + tags.Name: "" => "public" + vpc_id: "" => "vpc-30965455" +``` + +*The vpc_id will different in your actual output from the above example output* + +The `+` before `aws_internet_gateway.default` indicates that a new resource will be created. + +After reviewing your plan, run `terraform apply` to create your resources. You can verify the subnet has been created by running `terraform show` or by visiting the aws console. + +Create security groups +---------------------- + +We will creating 3 security groups: + +- default: default security group that allows inbound and outbound traffic from all instances in the VPC +- nat: security group for nat instances that allows SSH traffic from internet +- web: security group that allows web traffic from the internet + +Create your security groups in a `security-groups.tf` file with the below configuration: + +``` +/* Default security group */ +resource "aws_security_group" "default" { + name = "default-airpair-example" + description = "Default security group that allows inbound and outbound traffic from all instances in the VPC" + vpc_id = "${aws_vpc.default.id}" + + ingress { + from_port = "0" + to_port = "0" + protocol = "-1" + self = true + } + + tags { + Name = "airpair-example-default-vpc" + } +} + +/* Security group for the nat server */ +resource "aws_security_group" "nat" { + name = "nat-airpair-example" + description = "Security group for nat instances that allows SSH and VPN traffic from internet" + vpc_id = "${aws_vpc.default.id}" + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 1194 + to_port = 1194 + protocol = "udp" + cidr_blocks = ["0.0.0.0/0"] + } + + tags { + Name = "nat-airpair-example" + } +} + +/* Security group for the web */ +resource "aws_security_group" "web" { + name = "web-airpair-example" + description = "Security group for web that allows web traffic from internet" + vpc_id = "${aws_vpc.default.id}" + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + tags { + Name = "web-airpair-example" + } +} +``` + +Run `terraform plan`, review your changes and run `terraform apply`. You should see a message: + +```sh +... + +Apply complete! Resources: 3 added, 0 changed, 0 destroyed. + +... +``` + +Create SSH Key Pair +------------------- + +We will need a default ssh key to be bootstrapped on the newly created instances to be able to login. Make sure you have `ssh` directory and generate a new key by running the: + +```sh +$ sh-keygen -t rsa -C "insecure-deployer" -P '' -f ssh/insecure-deployer +``` + +The above command will create a public-private key pair in `ssh` directory, this is an insecure key and should be replaced after the instance is bootstrapped. + +Create a new file `key-pairs.sh` with the below config and register the newly generated SSH key pair by running`terraform plan` and `terraform apply`. + +``` +resource "aws_key_pair" "deployer" { + key_name = "deployer-key" + public_key = "${file(\"ssh/insecure-deployer.pub\")}" +} +``` + +Terraform interpolation syntax also allows reading data from files using `$file("path/to/file")`. Variables in this file are not interpolated. The contents of the file are read as-is. + +Create NAT Instance +------------------- + +NAT instances reside in the public subnet and in order to route traffic, they need to have 'source destination check' disabled. They belong to the `default` secruity group to allow traffic from instances in that group and `nat` security group to allow SSH and VPN traffic from the internet. + +Create a file `nat-server.tf` with the below config: + +``` +/* NAT/VPN server */ +resource "aws_instance" "nat" { + ami = "${lookup(var.amis, var.region)}" + instance_type = "t2.micro" + subnet_id = "${aws_subnet.public.id}" + security_groups = ["${aws_security_group.default.id}", "${aws_security_group.nat.id}"] + key_name = "${aws_key_pair.deployer.key_name}" + source_dest_check = false + tags = { + Name = "nat" + } + connection { + user = "ubuntu" + key_file = "ssh/insecure-deployer" + } + provisioner "remote-exec" { + inline = [ + "sudo iptables -t nat -A POSTROUTING -j MASQUERADE", + "echo 1 > /proc/sys/net/ipv4/conf/all/forwarding", + /* Install docker */ + "curl -sSL https://get.docker.com/ubuntu/ | sudo sh", + /* Initialize open vpn data container */ + "sudo mkdir -p /etc/openvpn", + "sudo docker run --name ovpn-data -v /etc/openvpn busybox", + /* Generate OpenVPN server config */ + "sudo docker run --volumes-from ovpn-data --rm gosuri/openvpn ovpn_genconfig -p ${var.vpc_cidr} -u udp://${aws_instance.nat.public_ip}" + ] + } +} +``` + +In order for that NAT instance to route packets, [iptables](http://ipset.netfilter.org/iptables.man.html) needs to be configured be with a rule in the `nat` table for [IP Masquerade](http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/ipmasq-background2.1.html). We also need to install docker, download the openvpn container and generate server configuration. + +Terraform provides a set of [provisioning options](https://www.terraform.io/docs/provisioners/index.html) that can be used to run arbitrary commands on the instances when they are created. For our nat instance above, we use ```remote-exec``` to execute the set of commands on the instance. + +``connection`` block defines the [connection parameters](https://www.terraform.io/docs/provisioners/connection.html) for ssh access to the instance. + +Create private subnet and configure routing +------------------------------------------- + +Create a private subnet with a CIDR range of 10.128.1.0/24 and configure the routing table to route all traffic via the nat. Append 'main.tf' with the below config: + +``` +/* Private subnet */ +resource "aws_subnet" "private" { + vpc_id = "${aws_vpc.default.id}" + cidr_block = "${var.private_subnet_cidr}" + availability_zone = "us-west-1a" + map_public_ip_on_launch = false + depends_on = ["aws_instance.nat"] + tags { + Name = "private" + } +} + +/* Routing table for private subnet */ +resource "aws_route_table" "private" { + vpc_id = "${aws_vpc.default.id}" + route { + cidr_block = "0.0.0.0/0" + instance_id = "${aws_instance.nat.id}" + } +} + +/* Associate the routing table to public subnet */ +resource "aws_route_table_association" "private" { + subnet_id = "${aws_subnet.private.id}" + route_table_id = "${aws_route_table.private.id}" +} +``` + +Notice our second time use of ```depends_on```, in this case it only creates the private subnet after provisioning the NAT instance. With out the iptables configuration, the instances in the private subnet will not be able to access internet and will fail to download docker containers. + +Run ```terraform plan``` and ```terraform apply``` to create the resources. + +Adding app instances and a load balancer +---------------------------------------- + +Lets add two app servers running nginx containers in the private subnet and configure a load balancer in the public subnet. + +The app servers are not accessible directly from the internet and can be accessed via the VPN. Since we haven't configured our VPN yet to access the instances, we will provision the instances using by bootrapping `cloud-init` yaml file via the ```user_data``` parameter. + +`cloud-init` is a defacto multi-distribution package that handles early initialization of a cloud instance. You can see various examples [in the documentation](http://cloudinit.readthedocs.org/en/latest/topics/examples.html) + +Create `app.yml` cloud config file under `cloud-config` directory with the below config: + +```yaml +#cloud-config +# Cloud config for application servers + +runcmd: + # Install docker + - curl -sSL https://get.docker.com/ubuntu/ | sudo sh + # Run nginx + - docker run -d -p 80:80 dockerfile/nginx + +``` + +Create `app-servers.tf` file with the below configuration: + +``` +/* App servers */ +resource "aws_instance" "app" { + count = 2 + ami = "${lookup(var.amis, var.region)}" + instance_type = "t2.micro" + subnet_id = "${aws_subnet.private.id}" + security_groups = ["${aws_security_group.default.id}"] + key_name = "${aws_key_pair.deployer.key_name}" + source_dest_check = false + user_data = "${file(\"cloud-config/app.yml\")}" + tags = { + Name = "airpair-example-app-${count.index}" + } +} + +/* Load balancer */ +resource "aws_elb" "app" { + name = "airpair-example-elb" + subnets = ["${aws_subnet.public.id}"] + security_groups = ["${aws_security_group.default.id}", "${aws_security_group.web.id}"] + listener { + instance_port = 80 + instance_protocol = "http" + lb_port = 80 + lb_protocol = "http" + } + instances = ["${aws_instance.app.*.id}"] +} +``` + +`count` parameter indicates the number of identical resources to create and `${count.index}` interpolation in the name tag provides the current index. + +You read more about using count in resources at [terraform variable documentation](https://www.terraform.io/docs/configuration/resources.html#using-variables-with-count) + +Run ```terraform plan``` and ```terraform apply``` + +Allowing generated configuration to be easily accessable to other programs +-------------------------------------------------------------------------- + +Terraform allows for defining output to templates, output variables can be accessed by running ```terraform output VARIABLE```. + +Create `outputs.tf` file with the below configuration: + +``` +output "app.0.ip" { + value = "${aws_instance.app.0.private_ip}" +} + +output "app.1.ip" { + value = "${aws_instance.app.1.private_ip}" +} + +output "nat.ip" { + value = "${aws_instance.nat.public_ip}" +} + +output "elb.hostname" { + value = "${aws_elb.app.dns_name}" +} +``` + +Since we are not changing any values, run `terraform apply` to populate outputs in the state file. Inspect the `elb.hostname` by running: + +$ open "http://$(terraform output elb.hostname)" + +The above command will open a web browser. If you get an connection error, it is likely the DNS has not propogated in time and you should try again after a few minutes. + +Configure OpenVPN server and generate client config +--------------------------------------------------- + +The below steps configure the VPN servers and generate a client configuration with embedded keys to connect with your openvpn client on your workstation. + +Considering the commands are fairly long, we will be creating command wrappers to be able to easily run them again. A big part of operatinaly effiency comes from our ability to simply complicated commands which are unlikely to be easily recalled. After each successful step, we will save the command under `bin` in an executable file. + +1. Initialize PKI and save the command under bin/ovpn-init + + ```sh + $ cat > bin/ovpn-init < bin/ovpn-start < bin/ovpn-new-client < bin/ovpn-client-config < "\${1}-airpair-example.ovpn" + EOF + + $ chmod +x bin/ovpn-client-config + $ bin/ovpn-client-config $USER + ``` + +5. The above command creates `$USER-airpair-example.ovpn` client configuration file in the current directory, double click on the file to import the configuration to your VPN client. You can also connection using iPhone/Android device, check out [OpenVPN Connect for iPhone](https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8) and [OpenVPN Connect on Play Store](https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en) + +Test your private connection +---------------------------- + +After successfully connecting using the VPN client, connect to one of app servers using a private IP address to validate that you have a connection: + +```sh +$ open "http://$(terraform output app.1.ip)" + +``` + +Alternatively, you can also ssh into the private instance + +```sh +$ ssh -t -i ssh/insecure-deployer "ubuntu@$(terraform output app.1.ip)" +``` + +Teardown infrastructure +----------------------- + +Destroy our infructure by running `destroy` command and answering with `yes` for confimation, make sure to disconnect from the VPN to be retain internet connection: + +```sh +$ terraform destroy + +Do you really want to destroy? + Terraform will delete all your managed infrastructure. + There is no undo. Only 'yes' will be accepted to confirm. + + Enter a value: yes + +... + +Apply complete! Resources: 0 added, 0 changed, 16 destroyed. +``` + +Conclusion +---------- + +There is a lot more to Terraform than what was convered in this post, checkout [terraform.io](https://terraform.io) and the [github project](http://github.com/hashicorp/terraform) to see more this amazing tool. + +I hope you found this guide useful, I gave my best to keep the guide accurate and updated, if there is any part of the guide that you felt could use imporovement, please leave a comment and I will attend to it promptly. + +I hope to continue to write more guides on various topics that I think will be useful to improve operational efficienty and readiness. You can reach me [Twitter at @kn0tch](https://twitter.com/kn0tch) if you have a recomendation for topic or want simply want stay connected, I'm usually active and always looking foward to a good conversation, come say hi! diff --git a/terraform/app-servers.tf b/terraform/app-servers.tf new file mode 100644 index 0000000..dd4463b --- /dev/null +++ b/terraform/app-servers.tf @@ -0,0 +1,28 @@ +/* App servers */ +resource "aws_instance" "app" { + count = 2 + ami = "${lookup(var.amis, var.region)}" + instance_type = "t2.micro" + subnet_id = "${aws_subnet.private.id}" + security_groups = ["${aws_security_group.default.id}"] + key_name = "${aws_key_pair.deployer.key_name}" + source_dest_check = false + user_data = "${file(\"cloud-config/app.yml\")}" + tags = { + Name = "airpair-example-app-${count.index}" + } +} + +/* Load balancer */ +resource "aws_elb" "app" { + name = "airpair-example-elb" + subnets = ["${aws_subnet.public.id}"] + security_groups = ["${aws_security_group.default.id}", "${aws_security_group.web.id}"] + listener { + instance_port = 80 + instance_protocol = "http" + lb_port = 80 + lb_protocol = "http" + } + instances = ["${aws_instance.app.*.id}"] +} diff --git a/terraform/assets/header.png b/terraform/assets/header.png new file mode 100644 index 0000000000000000000000000000000000000000..f2a37cde35c84b0e782303b27b671d8168e8d307 GIT binary patch literal 307256 zcmZ^~WmH^2vo4HJaDvO=B)A3{+=2%NcPF^Jdw}2$!6CQ=cY*~A?(RCk;O<=Vp7Wi1 zzq{7m`_G=*)m7cqwQ5(_QxmSJAcc-Xi~<7#gDxZeSs4ZfF%t#`j`$tY8>Jxa`!);= z%5O_?aYY$%aSBBzdoxQLQy3WO@Z?m0qRIjOK&Q98S018RJhqoqgv$X}z*Kp3+&3)Q zcl0F-idwqecoLrxX7IFNl^oO}DiCW7C93m&vi$v-TN#N+!f*-~d$yL*bh-Cz-Z98( zJ|@Tu8NMBTVueXEN>TiQ!3Yya8TXwE?l+O+IWpSQDGXd$02*6BuW@9EzL62-hW+&> zS$gzg4rjiP=8<2pSj)PYYfDmd~KU20F&b2_z*U zuEF1yC)qm%mMeBI;NEG02svJexgMiGVL(qfZB$D9)et8NG(5qNS|m6 zf@x$_)QF6o)FRD+!Qt7l+rgZD)IhhglJ4AJR)n;#&6^g5q_}*()ixp-z_T3ZxxWQ z@trpPXy-QeHgh(Z2}vbgi)&k71s$3@{A!yiv{P71LABd#eYL zRTC+gB8H64AtxSVeutwMK|u(BZx%sF5cwz#!0v+S2*B(W`R-=|d*vbB%t(_ce)knc zBjWBiE^-fQyM!*1N>^j8;ez(^0z8{1ZSm`c`&DTh(qz?Gf9(>i1B*!T??pm6@_@u~ zm|Wi<(FdIpvBTUj3hs4C742sZdVW_L~tO|HW$@(@X zs*y{!56cM?En=U?$_A%mXsU_I9R&HKP)z_tlj@c;B+EpEba|esH=|VsVfKuk@!k>p z5S)Y={4sea^7kF-qy*D@+Fk&%1a{ol&)+H}P~wyeP%K53;uLncr(%DL37I$$5{CxX z^fnvAu}>0me?+aruR~OcDedDlVKKBbL1N4QajMCnj$<9;+Rahps7dC=%T2BmA^6?) zkACl3ABK_eh69Lij1cl2wYP6u*|FR~$HChny4g(^(+-O#bYOe-e9wc&hb}uLb>s59 z?L6$<{JiN*{0@x3AsS{VcScKth42mioAMvZKSY0+|2Y2vDFs?cyHJK=^Y$k9QWECoxWW<*-0y*_(MeN4RmJGSG%k&`LMLQVd`;3H<7uu2l0 z87}#daYRyWva+~ku|V$ceC1L}Rj?JDn%JuBul(#{p*+8Y{6Vcj_Fa$@bcbOleb;WV zJ%x6NWXOAvHF-RqHCdR&U*#nkPN`eETPm=yT0Ku}vp}rs&krj3NlA89c5%nZEy_N| zh#pyw57ZxoKg1|!Pr(*m$_8_OD*|8U)mV~P&eliPQ<`Sh)^MossUrgwuUk5_NgLkZ>wUfREwNRvdO%IX6Tu#tjpNpZ^II{--HKI9Q}y> zC6z^Xxs|H!opz}w&Dk~j^=nA&lI;TzG`_UYU!Sp`F`kv+NrMrQ%Fz$e$%wJhv(Qw~ z+=<+X{Wv+eBe<5n&KPsrRG5u$jN{yKAd!gKJK7f_&U4QU-TMQ=?g<%`(a|zndz*f19h@FE{(WwDIk+W&YC+!BM}! z=Z}vVkMWid2*o7JR01_x<#^~v$4EeyhCuTadO*hFrEW3I29%~B(G-36~rPT1U3s+ zr zbcB?wM=my3gTsOPiTd>V@T-NZel#&j<9?aI1PXZvN)>)*3A5M<-5;z+ z<4%K1XsgqXpISrOcMrkb z!pYB^HC&$78u8+jYqrg{LAJMz-ZoXt>P%zwWGgj>QqIWv1-U!VW2XF7Nn?zwO_B9- zt>v9e1r@GM-6ytfohijh>%Yz_Eh=UzR&?(jG0n$+wP$;i+*lqnuH5dLzl`7B0*>q} zIm#FW1Nh^7H?&;8xI$PJI%h~{K$;$BI?=gBo!mcf#Ij8ERw+ltC9WOX>-~1lwt7~j zd}8alHMx)M3wZF!5Ty#G44%^OpzS8z1AH<3r1l^qkDs;SbE*?)Tvaw?wlbCn_R;po zyhJXw`J)ZL4tUDftrQNj%Rs-JTKCZozO1E%*YTPUEQK6bjh&C7yD>rc`N`d1#zM|e z^$3Dl^*eU_4}6L>AdACxsbD?F7N?7{>Dd%(jQRAcWdr+GBmex;;k@$uqV3T+JIG06 z_PwCFo#zUl`||BgA^!;f{0YnNWoOohwdb|I_UBvP+c5G1VUJ6;$4w7|6Y8Vo~zPXqILzs+aN3&&lv=h2rja){5#5BzHO z`zGWzhtDu_^u?c%(jkG+z(H!*2cZp+3~q=cEtO`&SMdC zW`t+`+#Xi$Kimvop6?o*8w_`(`B^`bJv~o;?(h8;_rX|R3l>4o!HEOL-Wn#iKYtDO zdX}cea$Mkp#S#Sk{*FKUW>&@N?F~-AzAlWIVr(seUTDkon%5MEgeTm>m_p+Vy<=_G zu?sWGp+HT}$B%24umSe)8yObH#y;b{y-im2ivXBW%00ec*}EPU<5q)-X3jDU5qF^ zY;EkE`8))v{=>od_WX~`N=5M>78h$lDouGs3UPZUQwlB?P8K#QAruM<3IV6DW_-$@ zCI5T)+b=;X3l|p$K2}zDcXt-|Pb~IM=B(_zyu7Sz9IPB1%x@gb&YpHIMjp&|&eZ=U zRi zw6J%vf3upCrHPE4i>cF_vi}~<@!#71-yHufOMvy?!v7CL{FjygLwz%|5Q+fn|7@8M z3fw{fA`FZOjLc_IRS(#scCCsJ!|7zWjLxIp^OfhSv!yDoF&UvJjW!>3@C7Ik@L8q* zHiyKK$9afIGj9TR0NZ|I(ffeU!kS`-0MuSoF~Ycb%g;P;OSNd&{kHp!j_cl!jlQQu zfD!AM@{|D3q+Y_h_Vyh9t z`*ho&8L4LG*Rv)#+0%LdU~9JGMRoOUHRHSJsjBAB&Os+;-5Om3WPtD*iMuY)FvoSy zxkfXGN8RyCfW4M%W7T6(lgRa}0MSZc20LDAImEb~<;C*o+N<hqo^*J?Tq)u8 z3B`Q2Loe{SuVyd`nXAszd{OP#U+cN;AVRHBII=@;o;9+=1f5*ly)R(9_A+Ziyuwr~ zfwZ!`pY|rYvdKXGb@Zn&|Gt;Xbo;fxM8?1 zC;RHbKQO~2>OV*vasd|Cy)R#Md0{jr2{K$%e1Nl3Wy^`kL4>+@OE5f@Sp<|RSZIH> ztB?2%u?omDu}o~R9qIy5v4X}cHNSZnliftZYd!Onb9cYQ<28k!m0g)n)Nar{1p<*QcU1#$Q(<+zk~|vbwMVd%7*l zmtnq;*Su-}{Znwm4K!TkF|FBA-?34HnK5z6p=%pv;KJ_|4O(^(N-NuS(5|atBQPq@ zg0V47S9D`ivD~?e{ED`bS)TTVrYF!1WN2b|94WJfao+32^dSPekXGAA7<_MOQH(Xr zdgP@yNFMl;Dh9_-kREl7V6dn6SO`$iOZY(Fy;nrw*q+V&aju6MrfFE0YJUabZ^y?H zua_BifW07dPY<&}=D`vFY#I|?i${aK?`4nOUhts)#OBWpRP22yz{Of<4S`N zdl3v|(~yQ~8GE=-8FYf;j2|P8kdskqGz(XD(^RoJ`E&u;h?siO4h{`{#Rx zw+d|PIYt%gCed<}d^Y&})^*`Z4H{8ixG=T7HqT{N>V?x9aGCb#*%Fcjf7GrnD(~RJ zvd?QUg&#Ljn!DdEOf z`k^=}rujYUZC39Ea2{r?Z;2YH6We06{*Zm8sn0#Y^iX>-E}J8vq5h(EkbzO9-O2RO zs{hLL5WE?oVI{C-AOt-Zmu)g0b4JG_RvJKOS*|T?iaZa!q}XlNs+=d8RCN`E)(-7y z*gkPt)ArrM#+ayZ0khil|MGG{y6)FHcepKHp39c}RiB4nB1`du;q3Qx z)C_RST=^BqMf9wdj!J|WR29@{@_Ff`H2)g|JHRo359cActZ)3u0*x=C*6gfr3RK*UF}x*wXo$b`SoNxV*UQW zo|GW}i!C}p86@H=A;4T6(BZP(+8tOKGzv6tnVcWsQ*Og^2V z6U-E%NU4XS4_o~*asioNfaT4&6f1vT4#F?&e$@!v7m6Em*e$MnpG#`#(wy@#F^*Jn zBH(=`<-v78r_cLFQP2Az3iQ|euEf^c9Ib|DzxXZU;#iY=U_oi|{mcv8A!>&>^Q_n) zws(fXUq?TLjC&IS=gf}i6nc&Rg$INTMD7CDPS#Y> zK~>q-d&CFl=>+o+$RqJliA;7dqZn{5l}KZsc``X4uNEjM4%kjsQ(Lze_cEi>^Ig*A z7BzBW7afOt-^D;or_3i)ll|2nn9~3G|GJCE>|21IzkV>EBuBgTEbOO=sY%RU!-`(7 zrpn!yEcoFnbbMBHDA2HU=l%V1$1ta4JDcJ7BOAvcy5c>0P;P(DQ<}fl)7@hy`T>pAK%5&n0S?NlXw)E9fR(X8C>%*)FNCp<7d2wyRKXAK|s7^e5{R`+aiK^i!!3RF$qZvD^Eomc8lEe4OCyyv?CzewGY z@T!j<52{&oc^#uNe59VyH&#OCWQzhxOgIsom}9qeX{Br^zL|oL!Ml=j@QY39AD9_b zf~=5)PMXRaH)c?W1We$U{l8~<7T#)!L=*{fu{o3=REcWqhr;(yITu zo0Hsea8`Cb{Id#rJ^s@mOzQsgb^$^rtHwd`j}isy5^nL`=}-oAc~7;j>ZLnt81q$( zMU7RSewducIP83#Uyua^K`_E%x_@WcP0o>5@j%JaD~D66b;}iKR~&sqH{0D$wk%?s ze(7%d*iXROT>w~Zlp%4Tr(Raptke`RBmsbP=x-Q@g=b>E zW+FM9$jTA(-F%0)nks^ImS_ev<7i@*r03CmqWw)U2EHxv8!T|bCeKW|Y(Y;Z9>h(H zqrq?pOP6v?!WDl+B`wp+ec2X|&n47$hsndZ0lHK+ZWMgWJCs?D?A%|#I!@KyS6n9{ zm{|O zo4&Ke7_>q!tVC#81zhU?DXvNqFd`-Oo=7a?3Nb z!0*LV!flo1NdyQeC_1gF_46ud8oPea&YeUMxr&8~eVuiAh$sqGn&1N9vx&e1yCwP<%Tep}HWcGA zU@WyZi1_nZB{Mj#RFeU{u>qsry&re~b{ zzxFde(JCNjqQjWti92Ep)omEp^jP*ahRwtPPSpk*{`iNS=PiTxosYAxYslKIA_(Xs z=!M60r#qMkekqEk?s~8^M`G<5SxDL6G!AK7?$`7vnJZ_@GHW>)xG>sjGaimJ;eBLU zx|RU>CYiYa0)K>z$L9`&bdB=aN%%3Pmulz9*e-#pokMZ845ThibF()=Utr%Qx|1B5om8LEaw-djt?11i z3h!B;-C8t_?ertrZ|<(Cvbyi1uly8JnQ>z8x|c=Es@Aawb&H_T!!KwlNr;k~xX)(N zE%T)W=@p`v6|5FDHG`d2BOz)6A$G3?Nun>GFt#sqT$-Eh+`9=SzBawYc<1CcRn|B< zWzt@>&JtfMi^nN1rVx1$nMD2Z@eDC&U@z0>leaqn63S3ReKUW1rjgaa=czztJ{(w6 zZ>|JNa?${~0nH{7t5uKtB`iIzMp%<2V{xMdSy=9Q^1PI^U2WK@cZ5D+GJHiO@vib2 zF0tO2n98lZ3v)_YZE{TU}n=1c&5ekI| zjKba%#gW7R{&dHNWuwomp~#H&B!U%ZmyMqCLnHzc-|W)ae>(^xB?E*srIR3}%+s-? z%M!_=HEJnaZ5t2(bThH?QQ&qB8Nv^FY|7RH6p_qy1j2hj{j+aTb<_uQ2Xm#!+UR>( zCl&v2Jc&105Rbk8YQe|A3E)QUSLoz;W>s+`@;(y%7RxPi)TL6ork#z*l=k$`s_r}6m1)90_I&{LgpCNq z%p13mE2$T0cQ9yq`4ik?h(+g|^r+6h0Jw8Mtu=9!YSB?oB;6cl*@S4uu^< zo4g1{nB1Q+@YLBRFQd=RYZPbC)}^*Ku1nZR2Y_zh{qF1M$Ub&7WRAA7Btd8=Q((S1 zL0%@7!;X5t@}Mmymp5D^hoQ@G+GXn-LTadxNn5&ozizm~mT~zw-#gRhgL1H|5?9%% zWwHK^_8A}Q{-{AJevS`FO3wg*qMy+J#6X~S+jMtTHjX_WM_d5E%T$7`<37}LOoNwB zZ@pM?s_cgi4;N!Z>Y#p77QhmM=VA`h9CDZ0{-5J}@?YGR-y3({N!{&1o1{KXx>A@< zgvI<8irP3QJ?(%tW-2bl>jaI+-HNe1X;hc}>VC;{{rIRuW&*Ojcket#3kiicq2ChhbdvUWb+Sjq!Jr`+~zuQw61fq+_ zVGk+DHJf&1229{;eK3yJNtu2avUnSm4Q$Xy2wk!92ZcV56{3)rom1L%-B&q2jt7Qc zOQVb;M9-hd{aO%C)-H9zB|(Nb`9NLDUXPky1kW)$UWEDNw`<jt&_!OS5 zK0DYmPGW5yUwpWy!#I%sSr~l-72h&HVItXbdUH84bK>^=lTAcbTf%t(Ky&7;>(*uS zrEMum$_Jb%Gyc0S?aQkl*l2*(u0V=hoLABb94vH!kWPZ`D>bM%eRkmB!KVqN$&4It_L3Pk_?6Iqr_GE$OafeTe^N5(X0k=am(+hzFia-hQ& zb@@bYnNIZeC^Lq&f93&=Vi$2wD9pU#QBgbbVWZT2G1SlFIORvx*s6wEM;Vb*u15Aq zK{`p9<>8*$*UKm#N%#y%4SlzRh?AkQ;0Ts|O79we^)=B;2gk)Se^Zr9G90IY^1)9EM#bw@Zc9$@ zrS&=S0t&CIU+L532@06J=!Wrvq@Eejps3L7x}&|I{Phauf}K4)?zgySKWp(Io$a57 zvF1Jojz|$$cRUtlae`wuhtQ>E0n`0c9enqs!NjGD53UCcgk3G1&@W;=fyTg+?GR>l zW5F6;85?6NeN5MZ#9`bA>s7AkSsR_q7=<18Nqqr6-vb|C0d#B?l|u$s#H(Mf_%3V5 zL7zfRDXT1mF%Y-%EIJ##;B6)Z;vP)s@#Nc=9AQMyJqJA13>1bX&PvDm!CJhT6hm+^zI zuu$jTfwp+7W03unUJIqT8t~Hy9r4p%D)>TH+f8cbDh(Sw`UwR6@xwQL%VQF znp#X#*5S_w>1n=!HIAlWmm^{6KTd(ibs>b)+>vA?4FTdSHi$JT458bvWhr zH`dGtPVqlnX@De@=7_plm>^&HdIGV58ynNRdMpa>GICr}4OiaN<^`s!K#3kkQNQSK z6^31ZCgZy|eXK!WwvjrV))NhL^hPZ{aeIf%CnpnHDbMECwlFen+)7T{_iL)S1&eU; zmfiGcUNIRyJUJV3!HfJh8UQ02e$!n~`2C2|DWUI^J%T8yAHOd0Vba^qA8T_{?Lu4*pV<`$FySX2(OM5$kITsKe1$vEm-2>Bg%LCXbGFi* zlOlv0=GlJ(AEM2oSfDSs2DjWku8*|I5-*RoJF#FtpB(p&b;mU&f(q*B!7OrGcsEUJ zVzUA(G!#y{rhXq~l4fpSmoWM1w4coET|WEa?iYryY7t7p0$_-$62KS+GUfsn|I6-R zNIq)?6mN5Bh{>FhrluHk{|0E4E#gFT1x}6L{t=8I6r5luiuKd^GXWKy_0z)mi_}?g21p5yI7G9K zAilf-^Rdy<5@?YvYUSM5uZT(1+l3UVY(8akuNB}{6?Uu$)M+euK+mJurhr{#QnNf( zV)`=9ns8X!ljtNb3mI4^P`JaL_b*n6*X3Wo98rH>%m9i5HwM3s;XTHk&BXlS%3QWq zvt3%(MF;#1jOPg@pYkceI2wW(+k0jMTExQ-S#*&SzF$<2oS-5qDj9PQ2!)+h$~-AE zSNsChcBe?IOKQu>GPgE`tAnBLgb8BvGCq7fxnZ&HZqhk)(`ZF3g|NHi4^y|-zsG3c zQjIp&Z39wl9KpTQZnN9BXn@UJwhenK)Y?iJo#wHx?siKSUX1S_L7It4Vs9za!(5<) zH7_j+)VaHZ9K%g?9-vFlomof=m&(m{{wQ2B5C9K(x;B_? zd^*%|m`kNoxAs})y1esldCUH}+W_wsiurQ+Ou3}!RSnE#%BolNUb!p^wq56A=zn2v z5K8u1EU9aO#&`|0tZvV(0_P=pPUM&{$ejC^cx50Uuh_*{udIeLYT5b;7@FAL$-%*V z3%P+k_NE|Qz7@8B010lGns7Ti?LC<8YWlTAPCR1f#IF&bfPXgvme}@+Qk(*ke+zy! z==7AtXMTgiAwx9`TCJoa- z{?F2*HNp)JRTIN8seu=n_F*1H1B=W}k@pyi1Lp|bK9#x3BT>%hnfxAIX@-|z{Z~7m z;uygw)xODN}eA1%x#<4MdJs3?+d!^^?mjihSOsZoxNH^<;}7 zkCPcD`;&FBR8D3GvCCG4)HyAIgo;K9pBQn_fuI@+u9i@jHfx3Wq+={x8p4|sxWUl zO-_GSMfKq+(yZA&_ePWAOHcB{*1`JKtx{^1+BCA4oX? z&EcYW!~?nD)sh*|ex(hAdkJs@FkUhXnwewPXKmx@o7@4ztX$BIy##3JZYVaTIW7X< zP=YSw^WwO(K;^7!2{$;L{6ye}S=<`d&%z7(f_cxGv{UA82m^j5zt(0-_);iNEzD91 zvcT3>^WvZFCjyLFTHB_X_jUcMzOlS<=uRh6yPzsfUMsu28T*w)?1_T4!1%iR2VidN zw5(~+Mmvzcdq{sKJgn+~ipFG3O9$wFR7zb$U@4GCGO_26w^}Vm{U|IVlM}lwQdy(tdf`RMc4}mRuRyv$Xc?^Y zH#&d&)|A{!9C|Ek5y+Dd)apyn@JkSq86a;QKaBfB%jNYWI@_w+Lz@giXPD66iqjDd zr>0*Lc*L1?gl8sA#}kE9uUY;F!tY;q*PnJ-;*)~$xf1A*b!Fkmi?-Wjdzzf9yzq~L zzEp$}YPIZyWowuE1#h@a0~POi^oH^psBD`RSA&H+LG{EbRhYKcXm1}KQZO7nXyIp%~rU)9V$K)jxrk+hE7f38+HM^w2O)e+ap&ZAZm6Gptum zq03b1*KX`G0KW2gix%4MDUNnasO+ZmSm$t#Myjz{H2G>7d2Cd+*z9z}Bg#5`zF58$ zm=D)-smzBiwIjwIej7!VpRTxyVLeyXj`yKf#Wnvqxiv7)6)6b0wW@%Dhd}aOIp64V zf!E<#fm6cN{W)|W-p@|2ZCdK8DidNskpB>fJzS479fnZn#wZP)j*)DNHnp;PYqosYu9DwfK`7(fa@(VV&F zUtjkCu1{*R+c30>GY#&$K9R9=ehRs%L=rzt5M;K}`)l;kXZioGKH`YV=IOO@+i zq@5}2qE6w18aHxcgK;NchqkeY;p#^(N&4?q?wslumu`BA+lN>|$kaYLXBu9xekl(* z?nW6DZ7+W0@8;Cj+wA<3UB2{?509{DIG4ASqf=sx;Z){opMpqtPP^d`_2-sHS-8bZ z8Zj>(1_rTJpkoe(3vH;B)h; z6^+D`NzN<4jT(B{=JdXmnk#r>Bp<5SA^Pxv=ZdD)4C(OT7VoI3`&s;QFQeWRVc30v z;6p@nTc+6g*N^)jBFXfgL#&=ncgH9Hl)@Z#H#pR59ry~Z5946mTiY0)5CCSp|Fj?z zJbt>p_KWx5m{CXU4_eQutg~vX-0eR*=F@l#TM~j9&D;H4@V?o6Ir?G&shR&B&gv{XQFx(gzp<7BWQ7LL3)du6t&8|w2 zNL)ArXJuxprtZp71e%H+9H17q<=eMx_p8T5GH-&shsQ(s$W6Y-7tfN&swx(0Fvf8| z@_d8G;`udmc5F`2AHig~XZxcjH9vma@aGLN zPjE4zOWW>1)K?|XN89*aWgndPC<5wA{gDVgWW5Yz+c7K?MefIuj&v0BqdTOvIC#Qt zEsidag-3DmLy|F97(w6HO|C=HG-DyIr%;@HK2M$+Ma`qhEM>H_@@Js+5_r$vBWAk} zmQ=OXNbKOn$jq(c-8V;hvZw?m)@_OqVf?*hP+qrdJ@JO;Ox?75;atJb=?*Ayn>ps~ z8x(ZSwm_$EzEQC5YjB-&f6JXlbpsCSwxC`qEiaLsXZ8`D*ZHqP+y~WwtVPhZ$2&v( zkRl5jt#ZRW8alAGUfZ|{)K1_HtQ~>9F{xa(cNjv=*GrXI`I46x#Q zSU~3H?+lwMgG-cA=oNmS8fRE&*C_5#KOsl0%oB(>Ksi&cNy_w}$BS7c61IG#`%%9uFi#|&-#r;F0-@{4f<#Xh;Qj+06uk0)+aG@mCt{Qmxzeh5)dd>OD118tt``1Mfx+^uNDC2VN8JVqe4jO@!aseU~+6r>=0UDo{*5 z7*8KvQLQk6ACv}J$E274C(~>o_C3O49a(6EKjBfKaTPK`f|APH6-DXo@HONPqwtkP zTZh6Yxd=66Z}zv&G zbM;577k8{caU+4PZm|h+Y?QVR0XVY6x~*=GxR9{0k-z zy!|KQ+&bPdwR&m$1z?c;WA5iLBxg)JEL zg~JzYlrJiRD)#f}csl!eM;wKWR|I7?ASVYV)UX}zDHG$4h2sH~x$$B(dYdjRKrW-N zP5!q}q?gEhg->jP21TIp&DicoFF@7lo7KD*pLvq)ABhE~RdPhde(+ zFKU-Qwm*rfS+dtoS^9)Fh`J+kAFUx5q>i7ZmvV1N-eNO!%nYXDr_{*VXVvXcir8^z?+lVUvmDSrKZHyPQvs$c}rMTwTW zVkg=jt8siBgjJwJesU1={2tojfmS`7xck)p(N{DdzreDkuox_-MRVjK3URyBDPV5J z<%#CUXSNc5AVTpy3pU0N7-tdL&z+7O%r%Jj=0T79EV+0Jj-P7WJ|VV~-hSn7SQct4 zTK^MoQ7E>J==GO{yS^5rnB220fcf|}nLNhV25cEX={YHoo7Q)Jb;Hlgi#Idfrppwv zUCEtW_p|MwV|SWtcl+diZ(9Auj-;10M+01DwhzBk;5_GCs(yyWBS$-DQsuX*weC1N zh{F{m+b&Fk*r6$$kP ztbA?tYyu6!1oLdV?-9}E)P2ASg-zqxsz2E|E}f*>>uzgufuj1B=z8hoJ3&)0W3%ZW zSzi-n7k8DjBN@vknq52#yfu=(ChH{k$YkC=wHQq~yeGnS;RB&0NroR!-LlJ)T*N;jzMPHF_Eu4X&`ZTmRurU6H$nFdfPnH5E97 zD6N=5Sr77kXX3}VG|>>Uc^)`+aE!B`BIT(Q!!PI=6pf_x4ph~f{G%N$?6r)6S zR4;SOt4)UY<&pC!!jGl$t&VpXiPXvM?O_fBnURcyE1dkR_b6mHN!v8PPvSE@!%bpo zkLs|tHv4W0r_jqFI|Dv5ADHU}_{9+M5Cb{6R}fvM^VJ#`;8LJOFT`vdZ5${=Sih%K z(6xe8rpA%IR%<*>*Jr#fdli_A)j#7G<$kH-^C61D7T>=VB^=~H+U4_c1NZ@{)(#Zm zNPwWIf&aD25W!FfQ-w3xlN-nel->@AUN!H~i6oA;Do8f}Q|1`J@0Uc_>}H@kT(Vut zI~Hribhc-Bn1(^*>L}`KFrE*9i#)lybF!SV|1=d%pY$o)&4prP6x z@7^==<`EAP858jI4ZTPF)>S&`qV`+3YXTPFJHYUTsve z+1yQHK5Wj^NP;?Rtlh*n8~oi0P%4k_%ey-hzW(%Dc9)g&qV8jO+%e#aD~yE#UHGIad_L2alNPbLTH1#ihAh zLB6pQua%0hT_JMlV3jV5;zPLooZ$WFR&&vey>7~I#hj`p$pW}=bL}IHfgPR-bHXZ# zU5P&2yPqefpE~R{jqT6?ji9dcyIwz}&4_tP5w}SG1F{)WgH*oJp#bMN)k5g@nwdxe zoEOy{k-6>@>E=a&~hIqSzl`UBRU2Q}UYbU&d?8O-)O%JUnAtsC@ZFC+UOt7A^y4 z$^s}CMmkj&|CJaL3!C|=wP#F+F1Vv&gYLOZ%2rOud{>1_AUme4<%HXp2L?iinS>Jl z$s-sd_(QDlA=|?0RBROC5|v*ye8q)6~89gE0Ib9?=3n605{I*4hgi08;G-@ zSZ_(@kCCk(ncmG(jz7QTz}RHBuwtU=#T3Q-?*J+-(f^ac+j&j9Onf!~&$X$225=bZhoO*fSH zucj?kie0~Hj6x#r;w{fwLT>V=_Gv2d3+9WVyh6fCeUOGaWl}RX;FCL>56XAvxrT9! z=o6PAwp{I_+$^tXrGNhiyuxCf`9fNsA96#S;qdIv-0Wc?6yT%>^pnpq1-B>(<3on& zL=M3|9Jd2~u<#)F;&x9}dj$AWS76_yh?xuJRMt``{pQ#i+CwGActn+cTqv|W$A$j@ zVyBO{|AoHam40H;AfV3gDDkj71G1bk)~Rne#`dujewX?`#GCwbyTHN&|y?qP-79_6RQm<*+O?uvkbN`7MpGCsuq2^^Xq`<&jn5m`l;7LwlUg3LLAY6fJ`#W)4tEjfh z=^OfUL;$WPlQ08|h+z8K3{3dRt-B-72qPH@@RUJug`_gjvBC9jpZq z?81n=5*g`eSx%+Y6j%9++U2~xvGTp=8dyG`tcep`KArMKO^>pB?S1IUl?t0=nzE~q z=~OyrD17$|K{hSj8c^YtYEI<9++hD0C8PLMY4nOuRus2nvN@q&GguJG?3to~qZb@& zf>3ua=pxa^R~W3C=G_x$vI&ED0|M-Z#yDO(Y*4^L=&VcF3`*C#6lm~gIQ^7uj7Uc( z1xPTC0D!2Z%af(>l-yak7vBDitprS&Bq@Rcne)~S;S)gtLszM8#98hpSAN?tm&szZ z{gDUw^l<4%D+g}tnnD6)y`507ibHqFvd(M^ARNNNk6!d)l5W{jrF|4#NA=^NY)+EB z-ivY&8n)gMEz1>nO*&kM*8QfHY!KPS`{RH#>fk>go0T2+Yn!r&4VA$o7A%?Qk^y8n zt3Utr{G3yFXu$Pq;c1%fY1Lh8^EA_T)LQAFSIp&#Y-%xQ8T35h?@d&e6U6RPMx~Jj zj_3SXxf!r0QvF)mft$?;w0r$ojd_euCpa__z#6h<$7!pA-YpVKSc9++Fo$HWhGcY1lAB&1iIl~%Ja>_R!NMN^*&qOlq@#%3{~|Z zJ{&SX#^#RuMI(aO!to71l$wdLk_AVOkg6A_{B+Iwkyc4ySo^L^UrvdCltvRgr#jD- zRl?N8W-laDs95`1E>%-A4qPJw3Ci?M^vY?o_{&ntV)|5f2fZESXn}GHmgdB@O0yR3 zx*pqC{);&OZd1^P$ZQ|F-x9i!kAs!)Tx>=;yh+70nJbThk$AFXZ_oOc{AXtqkRfOS z^aiPvxI?dF{Z`iy@_F6eWlMmvKMT#5Z`PtyRz}|u!F9#s0fIZ<+DO8>U`dqaIO+1< z{(h@i%rYNHfr^eckt?ktFrQGT2k7W;2N$qB_i#!N=>NbNIe2SK^It8BP8jnPHMdz; zUN4=ot#G2kZ_^i-RSc@tnhtb%v7Mf4#5};9BK!qrtFT?F9Ug}BNi3bGoO}o!9)bH@ zH-rgEc@4*zuaRgUuU~|1ACDu8{Ir%NVbE-QnObFHwwt5oKWds~aFw3yulDe3jc}bo z_M*#zPSxVGp4B z`b(cMmjB7TpZ=jihob>i@yUg#`pgqM5afa3u=;`)gl0cd8Wg&;bdu%Jh{vzNs47`z)t%RyV#i zda#TZgKDz-_lvAMR&He9v6M8*%^ug2PPyj%&aH#XteIqrEv!=)h&cfXB#cR@&WSN( z`L{u^59T=^T$TFanKyGQ_1v@qa_n*(1oRB%Myj0Mp^L#?U8FXp%JUzh=)#AiPeyDe z*fi(2xJHJAN9K>8%9HhfxxQPt^p>dR9WafNtDsO6d`EM0~)(Upu@Q zWPxPJ77aQ(jA!2`@LWlvLEk}<&>p*sfC2wHwQxg=)RISU=8c{ibbj$$8sR^GZg36| z^E83N?uo5aoNk@E9V3uhgw8OD%Hy~q=aM390Bx-O{(9hs;yCkZf77d2-yCz19mKjc zX9XF;K=v{$ZG7Rv0Xi#&VvF_DB4!>JYc8dI7m&$<4>6YHH#N6cAyIb4#+lIn1tdY+ zzDn$D(3zkN>qrS_%Tl~>T`tz#oKk}6{ObxQ6dkPBTGq7>fW6-zh}nGBEfOQtuzk{< zKaWvyRearV*^cQhfBxzD)EBCaFma=RW6w>hy^bvU)9E5Gk>;}apIv%N3#&EU@E2KEr7xYj>Y+jE!*$h9!5C%A)A^K1 zYtk4F1pA-Ym)3aeFi$4fs@^~)F)Tr1>92ID=jR<{haucSAei=<2o4JmEEWJ$t3Yxi|) zM{#^WsJjb7f*NYa_y8I?whF<;RBQwZ#>R*2i*HYyLA}ODsfT=f;YPql_eI>ON=eCP z1%_n`p`FT_eR3zy)_ck!2>ZJeIhRA z&&B2Jd$Di;8o1Y+; zOAjaKw@)GD+!&`F`Hj7C^9iBQ&>#g@=I%SQR@Hni>?2RN=#_2sqm0%Os(Ij#xwVnVcd0rc(2M;($IYnujp=U*%M{nj(zfqUCc(g3@Y&cMb14hcZ3ismE>SJ;Q zRCbvUOOm}wRz|{olbAORe<0O~5RO8sk1HUb-w@?T9%~*2 z>muVbNjiHGtiDHjgN#*DPQOzb8R+N-aV6K#cL@$-ER*UaJdjvEOK@28C0~W5-eD;v z49Q_nr39skskn&1ab^Q$6yvw~VYL&Fjt_85{~FSKN(Dy-BO<|6>p6na@tG82$(ln) z5}QZE0mFe*4h(?V4e*Y2Yc7;Z@<9X|z`4d|enoYLchUBmWiYZClz0G3X{^eRHvvZWown8dO zC{G}vd{dL*F$r8-CsIwH5oD{-Fea(tfX4yiAXN33q~69bsyPlAz_~fzVlpwn;^ZFY zLtNxQE(SXD;w-5*NP@}QaA3m$O5<{NPNnT#bzFo5U9|~mFsJ(NDLF!8c$8kCv5(!l zFu#h^Qpcn{Ov3;=?|DSYS?^xmK(s#<=g+>U2)9j@+7Mhk>wf`B=P%{bwn|=INn4dW zRnzY=TH-Zf6%H_M+4PuI0YJ8({z8GuN)3i>189amOajUZRE8QUfXXX?E{?Or{T%lM zl@}6-iS|PRK6fTh#qH4p@$Tl8_%QogjP1MP(b+#PzIp%uA)PPrO7#>&`$UWeC%95V zno@u>v0TAuA;4z>(di&hmHJ01kALn10GZk_Vha@-+#EG7%mMv<*q&$T?_yT}WIP== zoVR*P3yX_i%r9$0C@Z&SsRL&q;ZGj(pQIH9@+y7cucT!;3iwjxq}iqJ_*}#xQdSdX zF(FqtDfA4|VT{;F5L1#^g2Tl(-Y6lg^$t^|gq9#CXspJKTnxxXeODuGzjs9_?GAs~ zA87oKHlCW$1v~D2B2_(=m6$HVRTI~6;1D@LJZ@?~fglvri9t}nxb`_<0OuBYZUgWe zZPaf#p85@=JEp}ZIQpWxF6FEjfcomX-IB@}T6b_1=M*0;9!u`RgtzKyt7;v#%RjZh z0KoB8C*C#Pk2*ojPKelUpDJV=8t7b=J5|#ww4{12Rob*#+N!jtr?+|oEVQ9d8Gx?T ztxO%uQet_G(U)lnWKjhMB#rTNoP`9GDXHwZ1eOW1<{RT|Yb@?fo6G4K z1seO6h$K9M$N&1ze=Yv4U;n&PP5t+;Xg0xiFPgTV_+uCyV;>_J+-yJSL3;WT-X*Jr zvg+ZD$;EJ>3mh0h#f^ozP+nc?U7-08X)u8E&RSKe-=G8v9Szwi^&8y+*mlMqQ*a|3 zFo1J8wsOHVwQ&^3y^u$f%jMEUs?Cb4Wad>T?BVhUy*r=-hyQSzqYEw@Fz5o6P0|o< zpE^o9B+$7kcdDi*Fw&BUUL8%pl?T;VRC5?vp=Z>FRI)bIrvPP0ECVbOkS1J1^#yrE z?a3=Cr3{H>XD$I;r2>P}%GKsg1N%(en?4mIdn#UB{7_0K2kZ6lg5C-D zkaq+4JhmZV(4RmLG=VQ1aCa&FtaLy7h6k(npePZ1KTlx{XYRh2r|P2N=Go^!e82JA zB>Vf3{{4*4-!H$~9bwsO{XU)gYShWpECB4(fU}f%=9?t-WCNzNp-bICEub@9fyCHg z!pQ~pVM>jvpWhx)ie!ivtTzdyDhUk=t5HLO#7gflCEKd;EJ}lUu7?BVKI?C0Ie;qn{xJ(13hUNa0c6IT{v;OpFFIOYMug78*}yK zd2~ht>tP!wWCK{I4XWROL7EP$KB%kSCZBdWKw}i#h3~3rm*@ho+$6MKo>H=o1LdU) z!+_FYO1=44%Pn~^mM`C`6ZUZVU6O8Q{iFRUA5RV`R=9oYsu?ZSpF&Uf#h$CzsLGwp z{-sfnSjMyTEWkPI{miOCR{B`N0-ovlXV!m{6I5VO+R)RhOe1}LNEF+6rWB%L6Qz{_ z3pqG!P6=h`&s_nerEcXU6&RcBE8I-__W?FP!5pk7o?rX`r@VlP002M$Nklv#W8;gTp>GlU+_(EtXf`&9WMYY9*ro0m|(vB)w!SfE6yLIYB8mo8Ok zY}cbeR!0#v3<#^fp1)7C9n;^hX6G*~o8W0W4QUNo6ngc6U`Pt%8^Cpog-xf8E@C;J z`6Ut(=X*uRd%owEC*5pgBgXFAVzHcw`SM0?AW@RI*8`M>zN=0rq*I8jyu4Kj@^4_w z&EJ+PAM@`?KDq9htJ6H0cZnn&W`hr+(#N z-Hw08?Un;nEj;Yqu2tob0i0`UQ@e)+3L1w{G$&zm?9fmzs&R$`RXNagDd(#7t1~^1 zB~xefwex+Q+18j>Iv|u)kY2DQ#mia%s0E#(ff64C(3b1>N!e}rXXU?@prD6Ya8~Od zY3x1((77siG9`Qi;72?!4-0VKsK5ZAtifffb+GIa5GSSnf)G?x1%}kC4C8$Sma710 z@jOoQwZyH_ryJvdudezSfK^fYlp#8R!T3jGbV{07sgN^O;lS=WFz!9XH^DU-WK z$uZJG>I9rA@p|ceomSjdSa5N%6EJ`}gcpTSt(jacJ&JV9k%mjI<48tv06FrZi2 z;l_DI6&P7mXN61SfS~vG_>+xsz_c`!QvUSx=f&mnJq!tclNPm5Sk&+!v{3_e$NUZk z2MItgo$Jhb9=}yeg~mI~3%hF&xDaDniX8nu6#pLa{Yrkv^5@4^1OU4+NT=0F_y+3Y zSQ3`d4#(hvTYip!>Hd#=9dWxbAW0!IB7CEjlz7Ntju=ik>}wO%Q8N}ejigA=sv8fr&ue5YsP!}Yh=_}rGPrmBvK^$;6MPbX#kDi5c$u0mzakCIJe}6QWY01KlncJJ{le^OM{M#tJ6yQJQ_)Nn$u~badf#! z;nDcfXO4N?wBY+gsF({~`Mg$FO;z;m*Z$G`B)2Is+~d3GNetr(GngBYIGRR1M@tCD z((iTH*MF)8IP0?Y)z7!c9cd&F`+ewahm+FI$kKuYG?*d%WSh%AiAS$E_EAbnhvP6h zLcDZk+gBF42Y*;kRY(6#@Hi%U&~*JZpOaYCZ25jWCzW5-pHg`fthH~Pmpo@&HM>^Q z_i@s21l`gz_cgv9+uw{v*>K0)L^;6C2`S~=Y02Fv)$Ke}HyfpZ zE}gI1Deyo_q5k=z(#;1_^`ox_k5yknPui{i9}yp+(|NyK5(K1ckrl4vC0(=9GdwF! zQr`5hl2%X46%87=@UR*$?`Zx#7}mQ5iDs%AngFa8;=|2*0L>r8qtlokIQ z8a4p!1e<9b@Vk#cl6sW$5;R|4i_?>Pd7~GONBaN^@R7d@@X-cC z>kr~;@ft^`6@LjdQ$@l@=gY!n=>!D&=z_qIyqD{>Xxr;l<*r+0g2Ge>Glw5_4->@qV85ck zXJno11A1|75s4f}Dr%SR^5l_}1M{wuo}(AnEc}6UQmqDZlsv;q27?P#Z}>b2(;*>N zkH3r)q=fCBlrEgh{y%Ac1?#{6wc2eBxPdgapGYI&`!=s#!C?0a-w;X^j_n5k%PH+y zpH$&)TgH@bIIztD;$N%vHNfU?w*!q&CpaL#*ELgO0Oy(+nkPF4FWNPJ%4zi*59Fg# zzwr)}F;0SwGaN7+h~ogI%TBFl^2i+D8RPPE08?`umC@r*{&Xhh;c!50(tIn;UA zCvtOuY}Iy>#sMcV4hX5#Z$JDVfWcxC*i>^taB*Ot0;s;MN=`<4%-A5=Om!ufi;v=J zej`qY_n-pgHURxg(R1Oy{8r3FHFZx^VL%t{2TA@JMCS@ld*}GRN=ac#3=<%>DD|q1 z(s|Ov-aE^T6=`**0M0va zHLBR4EGc3#ER ze*!6reUk!-t4Ew)*8zh#ns?==K<=K+INi0L|Y++IAc0T&}J~fASbLvJkfdh*vw?edB=hnNAUhas@pgn-W68g#X{>bbY{Pm{u=}?!n-V$3RIz@ z+8bX!58UIJr+W*HnqqX1|0d&_J-@?P?0enjb+*M`CJ+ojrI{4=v6(b=7+(Vd`+O)I?MZJ=mnb*17!D+JfbT2SqnXpl z$visr5Cb@Otc9iejWsOldf%6@`VChC)0Ct!?zlLx#HNE%t8vVLa}SI5&mf(9i5*gN z6sOD^U#Yei><_ zfLAmxr6V_NxR7-kKv(f(@Bm;lBx+H{<>Ff0ETP9T<@Cn_;{e-#*uO32E4ASrEwAlo zO3U8yj01kSc`e?}zA8-ub?e?h%K2n)2ZjT`E}c)_gaa(5Y)ClYtQ5FU;B6*>=Z{bc zatgI3RBdugOolh&X7N_cmmd%#45SA)5)?43!C+pguX_M#X|zAUVeQywB&cikkXtxE z9fw!aLtuuwqggIDoM;eciGHA-ecj-UAAFZ|zhn++uIDHzW(gF_xZXSCy*E0a#5^L| zD;kui%qjK#Ow82_U_SgYr+62vGwVQl^_U@_Gs;h`UxsvbJVjw&O-tCfy{8R-$U?8J zdY;rh!_xYPCNAE2<~Dfr0Ra(~a*|F2V~%TBCm7 zWAw44`c2{jf9*f`M*OG$CD0|%0C};{sKCkzlsJIdala-4WJQQDss;NY-5wv>X}u;S_|9CjGzs9MAZWX zpJ=phY~O_euTw}DLO=8D0)Qt}a^+Az;kYxYhjrRN>jdDei~~XkG9-eF7zf;9Qov)r zyb@=l`vITkZU_AdGN;kN#a1D6NLbHrF2!&G`yInGaXR=}ac2k^VFiDw`a_LNK|qme zB?vSSL}q(ZwS?=;87u!=8~js{P2{-fofc7l>;>trkF!k(kZMti8CsW`O7f{%HVpRN`Z+(J)swEXKn;u z!>AfJ8~^fO`wQY9eb3WA#u*Om2M2Ke1*+X1Np&~T&Gr4LfuXWa4j90>PHr}y7u9dP zmp>N8kI)Dfc`Y2BrK9BMa{WQxn?Hxg0k*GA!%s&hp*pr`@CrwjD;Qha$KLSg|MXuG zzy3FVsW#Fr=!M%C%iXnA+GLcA0}6D00ZHfTpmVMQOGoln>51vH!V?pE0cq*e!m{$M zC!By2b*4^6cOf-<7ih&0QeF-W0ltG_Vto4n{N#01g)nojAr*Zlpj>#Tj>Z9LaBm1n z;O{>Eur{5`3#iqgZrPEP;%;_sG_=QPi*#d83-Eh!b1g2d5rFmE;Qbg9<^s~r@32vD z4%H{==`|3_#?n9@L0I_@$WP^Tm2m0Z4yKf4P zp;PmgqbT|5Q=;yIeS4G7LEZp*LH%7vb3k7Yva*FLrTa)U5!Fjj^$$;Dq4z|C5B`}# zW&hhB{yKPo?}q(M8b>4+V4UGVS2-~5eIiLSDm1#xcI{SVwITQ3B2@>S|4X|C91n{(ML9OG&QFk~Dif z)%VOJi~jWR>~~axxr*4Bzp9O60&;q>?j8?vrr3@Kpw!zG7z~Coc(tNY$2Ihq_r-Fx zVC$)5n~T?;^rau-(y4x-o^`+5q?Ivh{*%(~HJ6l{9qS$E()&(aisF7rW$T=prGfpI zCB@gDA<^;&y)zimy9)`)7m)Q`$Ueh($L^?Va{@t}!&w_0dy5`U{iz0q>-HN5D&0DQ zKmF=2{0j37~Nn^XiJW^vgYfzwU%N4=UUm>rOaRtl*ZM1Cz2>G;^s#E zMwc3>6fMUBI4j-dQ2zkS(`_8Z(G%UQ3AtJ^m1??L5@9W0$`ME$S@)n9?q#X;!9+nG z5on>r<#05_g3}h4mlwgPTlc}VTY>P%9k!Ji~r2nf*#rvsIR$* z0iCnjCmS#zf0KEv^;#xZFe`m>-pn(r{#EOzfs;h~lT?Cu`du}c!}nbClBYYy{d)kL zA<>M}OgGCLakYGlBka{D&m;S`czpIxh;IS(I;~H}X&msexC_IDbJVGR zU%+tSZSn1gzn>Mgbhr)GCZC=Cf;hi=gSIIyNo_%QH6@-W!-?nvcwVgD19)Z|&qFk2 z_D}Bv5$xxo`;>Q&1?m3FzNgD#`k+7KF^m8(-P%QH07PS$WrsJ8T!(5ws1rFEY?7H} z{Gm}sx?p+1`;6o`9pf-s=4&^dKlpxgevsr?)%WG zU2k{`y>r#*+3(Z@%~n*SQe%rHhvETqFgS9)SF16xA7eu4!~$OF+&PBOtOY?l52iShc-fF-JQv@NlstB!MsZzs*_(?@ymn{pdy3P%GzLH(L89E z;9~w366-J$1@#}3(L-^2d>1;lKVXC5Esjv<+gu0&j=_7*^VCeQo%fGrYalmFM^VlM z<7?XWH5jJub(z~C^Z`xsgoH<%H}%!@X#hGtZP-_V$J=vfxnacFHa21TFX&V`$+QRK zCf>^ptL<_(@l%4(Ac)3aYNSn8+c#NhnIbLk?HpV8A$b*>pmmxLs=##S^SzqdPw+I|fCEZ5HWcmv~4$LyF?Q~ZH*V1f-IXFZepn!8q2BiUT6 zMf%Xay=Xu^uK}EkwZq=VrVgmt`t@c$NYHX(J;vvqk|-{upWh#yZs2`vOl}}dttaC8 z0QETY`17gt3}Dyy^24={?bAh?c|3-Or#3Ht1tRt0Jd_2%1?tx1acJYZ&4F}4#$SuC z#T>^qUn$TzWJoZ5!PxEEcbGZ?N&Jr!17jHRn+)y)w3-5NTmz7O4+*9ZaucrZ8t~-P zay5f4;alQkeVQy%$<)RHPlxx!%Zs0i>lNlD4LYgE8M>7zAwFBxdqhx^O$i!q3RE>{ zOR3mP=ySeWeE{%$Ce^3hBJk{9h}q%|1O={jk+IkC_{?`z12#$>hL#YFO`OA%ur)y; zI!f{e9m9eual*8)ZzEkeNiccly{wHEf%IYr%iz6MiIJ3<1*z;v7BVW+t~WY$lTyd~ zvtF7G0?wp?lFt0mF^u2GviZlC+D%{GHtoK<9_x;XtmTxaK#`aG+@paD91Ve+HoWIX>@Zv!iK#w~;?jnB*}$UX&ICI2YyE zfyAfbxtk4WN%b3N^2j}_XVh z#Hl_P1TJX+2dn8^nFrJ5N?;NZi0o=G zvFGp?Si z=z4L(fZ_V5{do#WIX`SFYw%cn;rx+O(ilpFoeypKJW2nRbR` zrjNmDMo^hC9eg5<=B=C=q(uATbOgPOt7`zx#q|NFQ@9c^gLC?C&PRftvMf-Ui4I5xKu!-e=Gm>)8@>egA&Rbt~DoPk9JJ9Xv zolcIE9iqo5`Mm=tqIIXgJn;j4(2UD6HMpIfdwL9Ac6zLoP-&DkZ468cW4`I(={lgZ z)2C2wf)0!WN-~mj|0|=5IR~(Aw?4zk z_z&3Bc)sU#G32+!0UO7^ex_WXyMQ_w!?@jW zfI#yEN2l06`|NmZ;}q6xsX~Jw`Yv7mge=~P5;1NA$Ew^d8mB1Yc+O+Yy=t^`?`pDYy_1{}k*N)6rzfmoH7PN!)ra}5+2yhV9g zZVkhnq=U2taZ_E-xH?7i)N$#r?^Uf>7dVd$S$~fQvOE>K`@fRRG`^F>r0~4tr=`zs zr@W<w4o12dZ$u5+kWXgFv$jEW)_Mh4=bpkBWe#Zr*@>7eE4lF2T zoz0(k4n*588Y@1WlFqaB8@WMrDJ@V()0yWy93Xf5u%GbX{OwoR3mpB zX&i9$MBJV{hA!%tjT#3`BWg~y8u&MX+LF3;MoWW%IB_(C6m=VJ0Tn2Vn=3I`jL~Li z0G^+U5hUanka(U!|Fi3}l$S%PAG?yl=EP>~k@=2%UK}=X$SqB;BPZtiddZtq892i>n zAh>i2^%*bZCU$yk6IurcC>%zWdI~6fhPeg>$==tIwaMeiI56rxz;_=8tfBhSIKzRW z958@$QI47T_*lU*u9S2m)MR4R*(wd1OnzBn=GdGytybl zfmHL{eJ3|6YA?WKxZwbGH!JDpjaTIxF53M!+rQHgg6~tgD3d|m9AM*QfgULhxTJK< z`kezGrdoh4u@_ z%^m}iDbw#s@_QIAYda^l6DbJRp{SaTAn45UbUk%x^b3w-5^e_1v_U}~ugo>8er56u zrb+K1dTjLDA(%G%-fR0R$v0zVc4;O?cQ{~)3FiF|A-HrdF10;~?vQsBlyI$h1+|4X zPRE?upUbvzU=zSN!+|Ug@O#E}`weWmP(Z;r!+|m!Fe)|5aLuF%aDcMSzWNO=o_+Nj zx3K7;`VC{bG{CT0Zk1Y%M~xhNsD;3oOl%kzpuT2xjIMr3y_g~!@Y0K}2C_z$aV%7WCcnn)Gv^gO&AysxO%j z`-K9BkQRPQrAC-0N?b6^LciM74WI^b4b`s{r&zDde_pvsbr=kW(3`uI`Hn|pF&d7< zYUM~U$+oe7FTs>BeO7M(qi>JI$>%i^}bqa<4O2>x>qnD zhlxG_#*@Kaarfj4=!ES7tgcU`k_8Ff+v9uUJwWg}+`v8+4?yRne_K4i_#sq;>|UbE zwg7rSb;!q=e_E@Ky51f?Mt^|R&tf-q1kGyQ>Rd4x{Zv17re1f;#=eNll!|;vLV6^4| zbun+^Z*uT&WIV6l+E??I>PF;!%3qx(`AXWu^e4yN4pHNylJr)_ei=u#7spT5k2I22 zK5Lp8C(K*6?e_0q{}cbd`0@9DN5<7W3tyARe%&wP@>PB;l4VwKGW|B)$z?|4Rw%oL zq-lM#h2po0;J0~dKSfWm0d{_eaJ3fHbh6Fa-{|NU?klR#`F<*njBNgt<^b2@6bj=> zs|hv%T(Q82QsV}8Y06B(E^>ey6chUq-rsN0PYw&q`PEAA2_i(TChxUk?_vYxtE z<6jqONUniioF&Id3n8DiniU<-udmO4`o;ekhmwL@UUbR@ZG-qCo=m6~u*CsT3v_FXX^k7a*e z0)(bo3W7A+vFs^8=F`z5S@H#d&X2RNC4ihX296;CZQBE=)A(Lz<6W^VbUupf=!36s&~D-z`IF(z~vo{13s930bUHm^N;^PP`bDaPU&&} z1a0tA_TM^ak}5;SpF+3t98%)Dl@{YWxo}|Qb9sgO0eBwVfkZv5$Xi3SsRumEF;2VuJ#Iw2 zH;>FqJ548_bvg|&>p1f2Ckc7)-6N_d=~D52aRqJqR{m%yxJ3&Zne1cRexS3;|eO{quIC zQlmTVe2|o^@Im8`j=SB%-o1eOjcWiF!6U^7$%4izMZKyt1i>BZt~w4}$}r%|Sc$%_ z(!JkwaY>1VeFvo$xZsUCwT4uGgMdIZUOmr;yZc>xLKSGnHDHGn~G%qBS+Sb8`ALz&;%kCL{JQ1%he~R(7 zyg{HPKw-yO0-(GrJ~(B8)1EXAcxUnmQs6h@)y0od=k6?E7myTpT-33DUtBI)1}i_=nX#kltnCmIG2RQVnw?e;u)@RVR^@w8bf4B(u_AroF32e|m0!|;?|H&6#LcfmQh z(Q}StJ`RBl<8pCe0ez}UPj9_|Pp-mqL{i2jZ%YFMW}=^iVKqhJu5?#-q_xo}e_=^A z4Z$TxO-wM^WN^S=TkNbWG67+AR@u-BPiQaOo;6Vci?-O4{IQsFu zl2_alY-X5#W*Fo11=Qoey7DCt7R3jZrwUhrsvP>O6ACIuFkLhEhXyv2OH>I&eoA#F zXb;^+O4UhEEEZaLfxHhj4xY(*zm4!v(CPfzYQci!ndp@`V9`ba?1n5LV3cGGT#p&L zAT>^)XL)0Z_BYq|IWSuTe8UF1l4=!l!$7_B?bBjP+#LtFVKjgm4PzK^cWtoCl5OB} z$_`uoRAjGg>MzseXgDA_z#~1}P1Ua7yM+nM6FjP8+jI9Vrntoy&pN-uzv=}**J?@- z>QhLz&+ySIV_d9j_1PzSxP8;_?5;EyxM8OjpJoXf=1Ox>$oDdD3^za5GmYsw&s0FHD7CrFuvL*1$ILwRp8oZJ^ zpmn5e!gBdgbq2v2=0!k?;2M7;0D32VSnviIcMV;>mr#jO#<+?Ei*o?ZidYw_9Nvi8 z<$G~5e+a{Z&%_sZ{%P^<=9Ty`D?aYtK#$#>$)~ya5RB9%Kb5zyAL_`a)qy~*TV<8P3|DwX;h^v`wQ z3%6;mG$vB#IiU13KfziJCo7z1Wa6~Kffe+D@<*rCZ`_6Y zjj?>D`Upz&7M;w<#0UI`phlO}YVb(b2|ijh3`o6^#$0>HjhK|*jfHTV+!Vu~hM%tMF zYRy7g`Dtd=l5 zM;*JARLiT!nZ^O{pF9;q`=8gR#MJL;6wj8R2px$m_y# zY}Z;@skF_~6iDGS zyKKMnb1--LIKb1$*I2{h+!lm~oh$g|021yM>cdub5!pVU_qjyP^WdZ+c%N1`#0xjzCbBdh2w>?1 z>Rhe@r&cx*a^7eFM1xV3B$mJy!7LohSK;XCF`Y)I<&`>>rS!3Tmq~)I#CM7^Ydl}~dK>aZP3DhXO7Pm)F#V4mv zLDOgA_0>;u0l`b8cie@n*Y(mrd6Yy8jRW4BK1E|#;@kIsFE>b?lwTYE3oM*h&O)3H z?u(C$?qw_bg$6VH%k-?^umu8Mh(0$0IIeOtkN@b`q(k=Hm}5&OxojGe(l3UyUW>U4 zHHihC{#F-EW}>&u0d8hr;gl+m*%NqPV2-nd>PzDehXbSDeSEL`Muo=VG-+pRVgTpP zHjN=H$N?J0OH#kVkK)Wd$29gBC2BbVF9%Qr`CH|l3m6(0m_x7V)j=P{X>YMxrai{q z0-#LV_R{DDqt8qBAMLpCH7*YaG|%)kng)Cf1_juv7X2!I9B>=WDfk>r8}#S>Qb2lC zO2j;Yv5|PdGC)Q&`Q};m2QMZstcQFIJ$Ui`c*LLySOB6{fEQI>cwmZ!8BX|TuaU-!@UW*TlZ(wkzKEtzZ(6aW~kt4@8+5nvcy8j4NQF<3eZCsESI=zg;yuFBP0wW%l z$@pvNPbTQiU=@Y+LEiAE@G|SaT5%jCa6&a2eH9<~$ZCUCNl9X_FX+5jrUGIRO-lQr zM3#krlw>^_JwSdir~$)sAFqE3ow!u-R4>q~0X{(HUK^r_Qf@6~&bgRhy%*EPLkT>8 zap#{D@8@sD`|Gb0@`mBw#f6xT?j@E;F#OI4Dm$i+p(pxPCyfIp67L1vtS-gfDQrbl zv`;*+#sKPQFtB1qSp>HbzJx(Vw&&%1h<<)sj0aEfdjR11TvA+;&pd;9F%RaMML%m$)v;^>%t6Pp^$8N~AF7wv zUU~yh=b_aXIgTU8P7P>Nl@aTw>myH_U^9*7s?3oO8iLxJUV+q23kr-rQR@=|_6-KlU|$o2uZT z4u_iv9QBMd9B6|B25@eJ%chJ*IY4kl>X-7y&8YefT1~E^SF=&#Ysh@QK9`n-Y3!j* zM}5IqRg{!;Xp_>zFN?bLZb}?&JbcdVR}Hz4Pj`B9$aq|Vdsim%g1B(=mctV4k&A2z z7yz7&WG>?}zPE5zhV>$myhlYDDAbF74}?&`DwJg{Az^Dll5T24)sOR11~ZM4jwS_R zDvB(UgK-tjeqJO;*GCx z*tqUf15dqQ!j7J<~G2Nbs1fHWy>?^n&Lp#f|}*V#laF763!Y7P)lM; z0>d~Iev}N80080yabf}>^bdmr73+pP7f`RmA!(|OSjs~6GM)6RIs^ga{G|fykPCl~ zd#a{>KJbzC0iXzJI!ak8uvtsisc>07nMLO@L_GqM!7~B#2~-P=>@%tJ_v7q40IaVY zUsMrr=8u50sBv*mBY+%zh1t95vh2Civ%C1lc~6U`?i#JriunF?b=`W#R^92(p(l`%5jSCr~K!= zx54~s9mj$h*K{8Qe05#5pT5>qR3q6)8r9J4e>X7BQ-Yo2?Vu09xwnD>yrl%4NrY~b zy{TUc=X9ItDEhmj>!|$?;cCH7!HN9{NABN=OV@x?``o7g+yI|IV874&S@D1W^sm=m z1qyo2owop;A7Q%JhtLaw=d=x-+DR}O=Hvh^{805JHwTE37-u*T$ARcKE-p@4KLa?I z<(x^kHyogJvoGP?!*2au7`K~9`l*g$0SVzIU$QnBMahF6)M{i&AXTMh07-`tBpxoY zJG$>YtICV6q^Ge)>M%F%&^h3(^gXcFuPuR7{nNe#o4E-ERT3^iWg78vq?E7d0niNQ zfo!>Ou4U0oFvtUf6zF^#r!O92A@U0OlYag*@T_T7<@--*cRDTAXkY~LXjl1q`OwfH z>Pzs$wmHS=iTQjX7LaaMJb@R1UCAHCH`bkGbK`C@xC^PyJCFi#A?^7>TrNp_I}>!O z)Zn<<$KoKYJvWUf`NMc5_Wb4#A>I61+<|`QPtX1_NI%a3JpTkb8D{_zZy=$#64U;j z4d6`Ui1%R}ki6R$attNQBio6e;RHHxRVtgj{YG*c)?82~Svk4e`R4m1Ha z2kSPI>eH0k6}}J3-qPW{8NoX5)BT`#1~n+RjA6iiYP22DO4Y1Qo?D*x{WFA3?IF4-he>JIu-Cxr~y(Y zJDsPFLC|?*5p@2<1D(~t8;lpc*Xfe4D!mMsEB?SUJo`A-y>bW)pr$z54Xw=Z#nRc6 zwCoQk>FniB(Am2s4I==MWBV?A)&SWk-T6|2uwIl_F62KYgnBS=h)ZK`0Yitcu0D#% z{CntQekPvX`{Pg-at<*1YXHqx0Nl@nm_ZjeR4Uv%`4oQ84!=jn0kar4UtWn@Cv59- zt`8%7)ZaW?y)Ku*o~7dE%hmD&r2Ich>G#vo9dSB7!~1awJb|<;D+z$Er?`6?{wR?Rg;n= zK@h51Zo$+Rj(4Bnqjlvz$0TAOcoC%ju90THej>z zBu8{Oj9#5WD9veFT_p7H&ZIxsHy1zzI3wmzfLBp$DpwJG_ezvQ``0VhnRp5oC2!B5cg%aL9wxwu;sl{!j6DM^m zc&bhd(15IB=VBX1;3n!YX@XKE@B=Ok#}x!Osl-)>VZqU)V{9xPaGldwH7e6lNz54e zTyI>T#`NhyDvX`Ck`%9NxM_Kk5$i=Q1t&yU3e zM}18|70?U7R)W*zQcazoKLoGpk?Q@_#AF#zCBOk~+zFFr0c*kx2F4YR27O$OL-`iz z*Tbi-caMN_$pw@_jv;_@zM@Lt{dJr&?y+p9d@L9NV*)cprvk9Iq271? z6yW!b_M^rS?-7{NM}*g)9-gg(G*A;&D59SDN5^pHKf{|!Yd;;IXPzI|Bs6$UZA2Y^ z0^s==TC5M01LJ}3um7bsI;ayqpg%)Qg2&?_c$_cP)e3-f3D0n(S1b-lC`(lZ!1K7N zdfg`8S1i(N;Q56bU06fOR&v<~}7+U*lI{iMQ{SsiA*W?a%3iy`r z&G-B38`@m6h@sJ0Zu|SQ1Kam(|81U2d$A}_wl{2R1yGi{uBS1iz*UA#$JhVN2jWG(j zz`q6k(k(P?J-ZMqC!9r$lt4LmuE(IQ@z0TAvjCX{L;_TRG0H6Blk71AoRgJjmfAr{ zV4i-19LZ&D4X0)k2bzOv6Wq{dD`^_4ZD=(fyZl+}m57rC8W^B+aY@u__>f%^L?>f7<|zQM1g9TC=b|FLh6g&!{dh-{t^q~RLb=6}ym%as$WvWV zl`<#~pxLaZ;6g?{hwvxxRV`DS7@8lY6Ak?I05msy?~IYdc!eO0q6hPLG?W1rQ}fjT z$^^O%s7#`1ZZ928`uO!!w|}jM;Jzj3$saZ5PAlKTh~KxW({HJvGgR08cPMu!W{K=z z0H=AW0cwKme4ZNm(dRrf|I9souETnu_Br^PCump3Fdlf;c&>m&06_d;XR`O_)bQ>C z7_Amh)F=`&OaK5t07*naRMpZv&ZJ+dAFRQ^WgjlJya&CmI-WiN70bDLSb2_J0(F25 zd}pwbGRWb*Pi_%h%Exwqi%DE;ArMF{>eK_yY3ghc9{0(&kNcthON_cQ%`nGuY|c?r-%Ob&T(w2r zv3lA%-d$oCa10Qs2@)`r^bZx~69nh~^@fh)=COk2c zNGwP>f0{b&X8Za0Wu+%)=+Eph6ov^W9i1E#6O%8Y_0s3GaveutAOtGRSl0 zky>uz#GlvVKgdDT8M`K`&O@}NUnMBs2{|=dapcM*jfA1bFlka-juU=v-_Ap$(E*S_ zjb>{5Qp=G%&7{p>8(4tBz*4b{_{@8#xt(j}nmTSgP@}J50!SIwXOoom+n9FxKU!0zsdTEGMK zu<-)V=b5@}zkvb8k9Xqit4Dv>Q77e#rHfA)k;D16w>%Zc(wU_^0>2Bb-3(fqa?7l|A0Ryok972-*0J2P!~4%IvH5T5 zYxakf5z8TEk>|o^)Px~S&vD_=exAHzo{tyCcNTHm7dqh5d+q@@V|kVH7udDP1)+DS zY4Qs}u?mp|x_1&F-+v3ciHe{BtU%+rtLa;IIbS}kN8seJV-E^(1otD``NOJuR+~MM zz`X;U2{!-PyZ>iT9#2-xG)v$v{l+OYJRayGlip%5y+p(B0WjOB3pthvn2<+n6<0xr zMIfa)ez{8YEY6lBK%j~m_GxpRfSD=L{Dh4YF)_Hq3EcYArnJ>Osq%!+NXC)2o2HnV=a#!_2%}UYmMf5@d?tS=J|H}4JrS56=3ra zb`4+%?g(J)JA%x8a6FgK)kWhwbv}KeE<5l8{m8z%0kq8Vw&A@v!TS*Q-p|*RU~>WQ zOK)^PxlReZ85#}4;Y^NnwkscRUx8-B0CL<#a8`W;dY138xbs%?KF>>W^(*EdL@b*r){V9pId4HgEKOy2pu=V&h8x zCYcN2mCmfk~ak6OUb~3}0J6_mBI$H#m#H}NxGv&lr|2Ib?Tf)f%Wa;2P1BGcC zjYi~p;87)a@d)55+b4ql<{x7ep^aFnR3ZRp6OZ9-Clh|#Z_znHUWV^YuFyW7&4bSF zyP&IwD$tq9K5NAiQ)8PyLswzyN>G{gLS1xVYDS~Z(BdA!_}x+Y1q_}#(AK>IsMrQ5 zQBbDa_M9G^|JJ)9tVD zB+P_MbEpAK*@dHA>y^jQWc~m^`J*-%SS=jk{EO;$!139y8{oPAt-7c^Q(rr8_ZoPn zF{2Tld98G|6yQwS6ovks3l8_mQLDd(_n}rk!a_|QRnM#2{#R&vf5A654;YNG2y@we z55V~$w>0V^L+SAW}}zU+X$YPY+q*R4qw|2|0I z-T}_{;h|=A+`R+{AoQk~V7cQ|2Zr|yXBvT?F*rl7@OKm2i3mI`N2@_<5CdRlTyDF6 zbD~SY=QW%ewu}zHs}KYS={U)C9h!n*E6>0gWT0O);ReKGBjiKrG}uqrjoo z7w;QDRtE9~fUnx0`DywLLtQZ#aA$-8cEgHdCe(MIT-*t{N!!FXpffd{&!HK4iCbv7 zu=U;m2q+$l4*$~Tc5kJg^Sbj zchIsPsm=g9b0GKbpsDI*7$qH03mprp09Y?U&(hMs^O?G+Ki9zXRp&hnF23DD36sr& zbWyz#>PQ~vC6cBVJZWj}i{p1xErNfue4&7?TXw3MY7X-Tj1kXR2O$ zf}I0py+9F0(-j5SEs}W{5W6VOD*jP`NZa*YY1r@uL)l8tAVC)n|01NP=k+3|CQQ>_W0|3)U z)K#Ys(G;+=gk1EWn|}h{;djy1+Cqp@{ser@KL7~7P#;?V5?Zx)Va_6`8g>CVQ+xab z6bP4H>~H}c6x~htqk4SA^42uiEF$uN=bF}dKCOQPZEXPP(0INbaIz?i1QH{?$KJ55 zwQyN~S(FJcZBA?V_79v+gOoCrf}zZ)mg-sqtu?q+A38td{V+Vf;c}9@FiO^k0i*G; zYE&=qj+LMh{RWFf%cLP`Wk*WDw4p{8y01-8EOy#=lVyKGU%T&_4;5XW_4*H4xMr?) zU&(TZm)(?ewthKZ?0_q?Snl0mofp^J3zv>F&M(;CWSWoZcph0Pq9iZ{wZ=QD9B6I) zv9_1A{*IWaT=(@pmDjlYuB{i6_O%vSxzi?rcw^wzOPvAEtIIBnnMq(p2?Wq@07T3y zL%%TuH}7z|I{ij}`W0G(6bdEP?ToN}9_2aJ0T68)rrJ)~kIUZz=$?S~fSTsU^$3XLU8$6g z)S!EpK7xh?FFPGWwE9DwH@IiAxGJhKkuI4>8@pzS=*CoXcZkJQpF zIAy%2tM|`#dTBc+H+8iHa2P+W$vvK^o6aXtXVAFj>d&(~x>cig9}5!?)CqWT z8973caDl0B+%vDrs_s0|b`o0SpEsUgmO&(xOryWFduvmHJu ze+Q85g=zzI`_lgB3zOm^AOZB@IF6?I!emyuaawr-?c^KCa(*$3bQ%O7TfNT!$%A*` zkjwZAfOHFBbpycjN#&_JtvplL0G)3EEbjUlgb9R;cjR%dmrh~<&NLWE1Cyj1ITXk5 zt4wZYXfoHZxWL^39cX@kxOoMR@#GdihLb+1I6mUtcnD4B??B1%LG_07TK)nkN6D7q zY|xqE+1i=5E-Low_jQ}Qdi1%zF({c;$}eqdPlXWL06fExF$_(wql6VZ;}i!h z!R85f?Pc@!6hEXrE?OS%)@Ep4J)tZ{rMxiNStfx@0$Y@TpMHY?aTyxWbkvOFHuNa^ zjR`tz0vP^qwfr-5+)Zp>+CR=s^9VTLUsVq_t&;^)v#7t+UfJ{tWK5?>xMBA(?R8)M*<{$A0264Xe5tj}NwNLi z>&Y@A3U_mX3joj<=Cc~|IRMn97IC3iP@`eE)&%F^CNKM`uuue>>F578?fNjXDW3_9 z>AwcLd8A=g7!oX8s1me*dzfI10dVpiA+TW1Q7ZuEAR$r%O%;NjBH&~;AbdfWtLz*D zI4=PJeTg{p;3-SDO~-}9^V;tKgng_&w_ZZqnp(e$ozdFP0|1S`xVSjA_;(t`XP~;y zX~5VY>l(Bg-&P)BA>bGwl@P5OF0Dxz0)P6=y89SLh4~QLdFbqh_ zIof{8Tqc1{NWcNUz&Y3^T?ROBQo32%sgb~c^l$uu`XBy}zm=Nu#4iXyp($5)xuumu zburcMS(Q1J86x-IHqVs-(v2(Ddnm>&+USl2rxB8@#0G9#n%%nx? z7&Xz8aGO4IQo~6RwSiey8bl-DMq_Ao=P|Tb$hEzC{Wo2HzZ~c1M*y{2^BQxa;mUH& zhuus`qa?>kYq%4@G(6O*cg?$rCu~i6`Ob@+j8>PFkvAwcGeNfVG&>w@iDEL2%Oc(@ z0>;CE(V}JA1fc20qj0d9Pl)sb^G}L->*)An&IJ_VwF%3-jrL&PuVmC_?Wj}@SzjhxqP667i1no!TuBri) zi~^jcEHuV=)$Ia!zJk%gQ)oOtQKwa7B$52RX#<{nqc*4>p5Q&^w-NpglmN^QVOVj0 z9kiKg1h9k&JT%uyQ_~yv)W_Bv9HZaSBC;S=p^3@ukBcn z6L9dmZM11y2sX}|q6N`yK+;Y}`Ykywh#px!iEr1#K9~Eerf-*D(uhh^!tu!66XfR> z;8n`TT}WK4~wTK+NJ<~?S9D)g=ZV}0QEu$7f(%CQ+|%+OsZ0! z`Bc5DXj!>w1s0K>^7GPM<_zRd%LKm@c4`TTM#HKwxZ9b0h9S?-CaiV;PUKh~ffaXS zQtmAOd>C8iLGrcl$0|Y=D3gFs0;6dQn!PP;`=|mN7~L@!MYq2b%vY?9UsA)nig_Qk zz0)>s+IZ!&47Mr(2lJ261WCLG+8SC1rmENnUKqZ6 z>%D)`0^(%O0JJ)+p5N&|`qDSmbCdIY4TvITl%pFgR@uF@B$jvNy|DY(fr0l{oSFL) zgf>3~&Cpt;4(NhPz)FN-~tjs z2!uTfv04WQ=LQ3*!$s^5cuaH?M4{vqlc51@pOIi3*cLnhnPaIO^|Vw)XyiX%_ zQae@0)uL*4-(c(#4I+45xM|WvW0rX11`FT&5O;Wy- zMe*c5zoRL(=o8bCZ;D#lj~+b)o61;qLA}s{!MQ#-zX>v%1u~^-)vB6~V7v}(Rs#UC z!)^XUPzXWGpT+{2zE0Z(i=-U2BHBFUb<=r;wBiB05;v(Mfq>J>59+w`4QL6zf;!;0 zOC?Q84N`JX0Df-Eo!7uE4L;&Qhz53Z@L63z3%XJO@Bbh^;4F0@NPW|N4=rkHJfA^6 z4`E#JDW25_@I3F{_ziihhv0FpK^r>^aCXSw>=g0-n%zcHzce3NDcw5IbQ#Av2zU)ZjA?IZKzwQd*KX@)pypAcAw z@~0CL^&oDs4dz0g)Z2eNh)RZ3Lh8FH$n5=C6kwvp4{_>BJ03Kc*d1fu4&|}TWfC|P31oot zp*+c~9+?Eth=O1<*iTg@cMiQF2U=X)*)p3wh}9(^6C!FhizW>%6ORExg-@kd z&ohgeP6^CS)-*ms5SL|L{3gizv$-0vAVK;20UUF!ODiBTj$LTHjz)llwbt?!6cXHI z49#9Jm5?%HID!#CO<6DnXWeI2FFa8dP;T^dx0()wMg!^WdXiVS1Tgdl8j{1wZrZqF z{z#oye*n1mKz(Tbc`O5Tx+2yey`^omJ#C$G;S6*tpfhNbTRP~On!*vlZv$j)lurOu zLKE7&gjUJpo%(_2M&$vF$34Mw+cofv_Y$D{5$IULToFc9_>4OJc37~T-y^74b{a5* zcnl+eHI%ui7ZpA?-{Sj7-voAqojaF!2T!mN(I~x8z5GW_ixVtJzNfB6a{y>;w+lh> zZAt?BepEaO8#kPUPur1H8m`#p+EA8ruD?lJ!S8u_D%kN;$TzUH{=K&2vJc|O-lu(d zO8Z^LE))~kAJpF$KZA17D-?Bq>ydUjXXV?C1Tw&RH*(K% z%_NYB1jx-?29F!Lo!LS4vE_&c0l7-b)n9HoqI1xZ)$`9a08L7cL*0g?E4##>^bLv) zpl6qh+|6xmGv7xyB|M&1Xn0IoS|t4{^b&k7ZPkX=}uJ#n$HAvsLf1H(JtDmA~^f# zH_Zbq1K?}`6O%3hlv?Q_IGt~y3C+pJ_Fb(2s)*VTC|5><;~I+waVbc`@>urX z06fkG@HmrtiiYiiTmc%wq=iW3=|Lvl*>58#uPlgP!{#`I)+!4uoy8)ZHF$98!Jvy)LjyplurT zCYM;m{8{(D`%tIseM-kudeC^TzJQ{H3~Xk=F^n#>@gopag;nc3 zv}Om;cn&f+s1rWWKQvax!La@(C?2IEYCk)!w?KMQ3<4m=Fr4^g$NiUpfU$RL67?Pe ziuJJEyU`9GcBZ~8yOcQfFW&M@E)CpgFD z@1UjoEex)8)#vuFP_xy`P;^RYkGI3qUUZIB8B_}&!QmT6ZvD}Xejb%lUG=-s0Cj-4 z?s$=_`WD*FhH3)_5%p9@!q<$sK_Oc<_5I zJ9R9&9Dx#~fpGyeu!kM>zWq9sCM6)LoqMruA~-%8A8W4f(`p?c^j}yD0J_1@<+R&L zX{dw{!T~zr~mEmt2dW_ zx>j|#>!+UoMsKNaZk?xj^`gsrwR#F!%p@gn_+YaqEh?5Op}^~_d)BKKo$*~5!|{9zHveuBr}oSc8{F=HJooW z;KrP@3E_6-zl+?$Cj4=p|8^&Q{9fqf2X=`VM1kNj)*!$c?{lR9 zuzi#cTL@f;ticFiz08FJEIv;QFqZj6-S)mD`fL_UY;$+IqgyrZj9_^4LOrVeRdoX{ z^zPUI2i*0*_Q3B1SSA&sU^%YTHSe}29s+npgD8|zOtsL zlvzpQOMq_}e~X=8!`NOFAs}l&lErCID|qwH&VT-#MhOjofpX~b@)b6`p$2efc!C>a zg*6}jdh?nKK|E5^ndgOq8JZBlCiMn^rVc>oM&T*GUJ^bJu+{h++wMOBG~KQiOW8S7 z=k*`aMxUtnH-7?(iJP@WPT8Q=SoqsK2ekw0k81f`eQLqL;u7!64M5?u$|C@;$Izlp zUgqN|fae~7XKh^Y6kz_jdI62+7J$^t?$0P|FxAD{!q*94A$HgT$oV8NIm*m|26`V9 z6}xmLP-RrH&_X`#5*8?WFar3s1%r&k_20o=*2|ywVBAq(+e18$hw7;Ey{Zl$s@u_9 zOo_T~8;I7zMV{pd4{1>R$z|6*37F+R({@vST87ye!zZQXFW1p*Ciqm&!*J>NgVtB7re>|F*$}T*$#_E`aCmuN(y?HSj!M&i^rtsV&F!Ub*)fwqk`myK zcaFa|?J~f5(-O|o&m<5-0_+q^_^~763T=P#6_bGFwHu6fGvh5Ydm#7oXI)A#KcjR0 zmXMIvdY-^oU6PLYDeJhZp@guZu-22x((`UY-Pa^*^o?R;}f zZ4^WR-G<|s{1{Gy&e)w%gVukgR8`$k6Iz|?YZgmcqL0{dP<#r_=3iiNrqt`(UjaBz zrhUv|aWN0=!tr?XgT4!tpPIVe;c^R$6YvZ65U&pUhD`v@B7bru-}XKMXr{*V88n_x z)c57z*BZQ6-B%ma;3bbU-?2QvW!BYp#k?^X*uy)wZO8Yb0;8Cu&8ULXgbNc*$mRp+ zP}0gLorH{NDEAVSDDw_{5? zRKQ}_Xv|#|X5q}d4>|0}01LMJV;b~lTSeo(3_C^~=AG9&sJKAP_REB0c!tq!Jr}y& z7Shf??)h5%7js5ASRTJ7GwTz_Es|eUTpdq89xjMNHVYifM<@C4XxCYG!z_p%=`HC; z23#1x?Hf@p+c8~}_Tsvk@bmHL$HlCggLfO6n9I;-*m7~ZYDhLJf4kH{=Xc9zhqA}p zwtse>Ng%Bf7=b#nHEv>leWog~2hxS&!UR0eyK*q;tH1a581^c#v?T5i{^tL#{?Tp5SBhP7xtuREAslnw!wT{o47B+)Cs~iUb0SLm$wYNa9u^nu?)vp}sV+khOxw@Ga;x&g;)qp<9K4 zx2~0P@~0C3&rM6?`3Q6y-$BE=3EGIu?#sl1=fR|-d7K-?3w1k~U&tsrReXp59#@dr zs*)+7@2vu4Cg5I#!9s$XH=WM_-nmd<+J;rr-j{d;xNcxfa13qtM!AM>WT2cu1pxdR z3`1e7bkL3ftE~%ax5Da9VA*zTqsKEa(cGaQ+hiUkeX~OYEf@SUm#hTLXfLcoNH)Ky z)Z`hDKe@tQCQINvYYA+z&L0+|HXl>lid2cQru=N>@oxuR_x zZF_#jy!qV+QD|gf^SVzsi@&M_94vx_(X_6bu0LJ|IQu1%U1t*5hy-Zt?*tuPU8hcK zw7tn^04DPjoOQA`+RX%D)}QonkWXG`I%;6lVbp->vdp{Is^Z|@np5gB#{ILtWa8$u zUbq@87I!8e)=T6b#wNhJjth-{=cV)VlF4UO-V7%{hJ`-m47i}b2A5r$g91QEYAh4X zpk^~cXadeTP)um;WlnUhZ=Lbyu3cH!b+YdVm6cl75=M>^Zhi*=^O^^nO*m7(Ssc{Q zDk8jNw0E9ZC7Ic=n6Ii5v^}pouK;)kXgSV8CU;WEHPkuynybYJ>QnQj>WqSo%B_>5 zHVz7drlav@LEN+IFVt|@Us*%BJ@}#?G+t;RwAtHiSw)@(c>V;c4a4z#46WzyDt}FL zNndJ>=VY{%CfHKg$6{+0#uRUTNtOXP4<}-yZ2X29LE7(; zcOHLqSp|h%0UWb56ox%a8!vU1K_-Dr0!9M;=@%$?DMjThg1=qNvyz;L2g#Xj7Y!M9 z_567|16-umSDcd>&jS*4Cm)_vd8CVlHFJL;FMcLq57 zB*u^CumAlDgdbyK?2DUSW)iR^fQ_)Klt0s*8auRsHuiUI2TAmtASJEzChZ80bNdfF z&2s($I_ioVfgh^}+7BO^lyue$)AI)T3xh1Uad%R%Xp*xafh~Ab(ggmpiO3d&y&-h=QpQ&c6rFx)#0bZfQlEb)A02nqCE&EB%?bI8$GG^1e<)ZpAp7 zbO?smOOI5ye*@0ia9+G}uf7t8beB0$Qe<;Q(}UMSStppq;032rAR6emN{) z9915J8}|dWgIA*hVL#S^{OjdoXnKFaquky&$pfCRT;qbL>P6+RfO_LfU3Pv(oz@40 z$>V%pdk!m=o|JRYJTDh&syDPez1xYLall_Kftwj%H;n*Ns<*wbs@a7RKz)@+HhY~2 z=}gA$fjX@{RL7O?U}W+gCto^9h$vo;5{mUC&-772oYat;f8bPUUD9mfTg zXYq7D26jY3$^d3J6GQf3JSGfeq4DsgP;8>_x&iX2cojR-upLyzE~EB zPaaPfu)sl2T-kPT@OyrNEq4G`N5e6+<%X))>+3uSwvr!|VL0#RWLN*QCcP}n{3KXP zfjBc4-4;nY!F4lfdG`!huFEycgI69Ws27%b%g+kTIz>4|tCb#O3;j@C_g^9Orh(49 zIxam2xb;0WONZ*+?H{4!n_B=P;4IpcQKDG&{%QGz8lo0jS+oA6sv6+`e2_eXq6|Z#d~=!Q{O<0kz5z=xsWKkD7~|8qNfs z8_;+r%|;(|8>>14D*Dc)ie;3D8W9b;XTs@wXnc|;1Kq^;14l>Px6wZKXmA|?=>TMoC6Sj z`Snt@J8cY733`D(1OHrT85+)0RVW(GWqx;jmsuU=uYY|1wFa@tS-uRf%FL8?@MRuQ zP>CCGO9SHKKVNrK4t>wf!n<$o1#{*}xg=HJ5w|PFQ*2o;V7uN=YXOSBlmjnmK;yjf z1GH$LscV3%H@%mE;ga;s=L={*H`i})0pPg$1iaUzL|Pq?Wu5ylz%zzHTT)N#0&o_& zd%!a^p7DMhfo|c&`CnC?-lh7YHJ+ER=K#FaBN(P@6wlR-3pk6xKpLq`!jY@H3fhcD z8HR$3b(NnwsyVoZvCLN+Uo=jl{JTzLf_Lv4#stSx7!xdh1LJ*VEIxeHv>F7Si_ju9 zz;g?{ga&w)eqWA@>LBfvX~{}c!!fPTEGt(gfhY-ZT*~<~Oml1Mi{Ye=zGL-;c@1DY z&s9fL=45lZDEVji?}r33!1;bW=d6|qNr0NfWdN*s90}YErnh>9G@;~IN`{>z0pQ&@ zYCU6XH5|7E*PzA0!8QHX1vYe|zCRq~n*ly@p{5Zhg6?Dxszz%~RpLQ$z5*qDSC1*)MCYzR5>{AUcb7Bn;LVogIfBuRc1n|#;&$n1C>UVrJ9BD8^UUPCd zFH-Ogn)Z4Vc%-WnG2ls1f$eY0zHj{9@6Eko%RtU;Tt)oY9+>kmAc6OS%f)tufHMuq z^~S4D0_^%MIxj*?@}lvB-U9i)^{1*oT3u6eQ6545MW+Og?)51lg3_kn5x{c-VyyuU z&aLlmpkaJez5p0sLb{tPcbt+=0Ms|ZE!`f1;~DQs9l-Oq=YK_Y0X%;N*Y`60&=hqc zk8`bfjJlcJi%t#C2A|xT^dU6-N07b&I+7ANp@*Zsx@vt?tzk0HB#x{OB@Ej%8n7IX zPgSGx08}w0P^-Mf5MZP=oT=qp%r^iYJO|f%8{?69?M4pN8PX>~znEuP_ZLMbKyj83v4Bk}PB$EP>sA!p8pAEiOUIZE80!Dld%*w#RRAn_SOl(0YETCh3?4a9zBJ$;oa3oSAG7@+9g>N8h(6n)Z3LxXk-W z%-8>(@|tN?D^(3<@OnHVtpL{3PXWv}0Aj}j z^EUP5BwZVLt^s&%0C;|W2H+VS&tE~cF`mY&JGq)0^)pEpM*IK{uecaMdK^-Z)Jn(r z)$kn`ReR7>pPO%y=JFcYvqEJjS^`{T7=dQzxON5&{t`H^VNBH3;3w#;foI6SQ6TW# z0e7xh9A6|pQe}*>x*&it+c^HT@j&#g11VY{zoC?2z86qVBE>*m>DFoiPxpn1;p zaa0Y87mu*Waiv<5S8mBSUoJPJ?2t(ylfar17{f+Ud;AK9J&!c-%sDLmqFfEM976!q zoyohXpxOOQ0{2b=8Q^^H9(h*bC<(ws5cmMkG32G;HX8f8QXO||W>nm5-v?{-Y=X6X z-ggJV96Zl3Bh=nF6ArgxyTSAd+TT}@U`cBkQI_55S9j7c33-EbCTs@oQCZAyX`M_g ztME}#7v>Q>wTY433PGgqccYS)qzenmoTjesVV$%Wr5WFU-P}154Rzkj8xTwY zUjq)90AcA-mIhET?r#O{ z^?7J%PEcn6EC}y_W4csy0M3lH9C$QoP-EK|N_3#PEvYfTiT`=IWs$tAr3V_oxduf- zFdYX|SLF2gt&0!CC{!1{#iD!%VC<=HUfJ%d)VG%&(2%vBg z+Q^+H4F(pp5x`?ruN;G?8Af*TUEOvs0s4Q{X|GhVdlE^viFjf8kD9}zsn8%FS|Q$} zAFuU&934=Upyg48d`*3K@uPZm^-t7b+(O%9zF|_p@Vbcmq}mvPHl^$C%JPd;x8G>& zq}|k7?e42>+ECLHN<7|TTQ!k(6W0ciG$FjN0%b?Jqg)=qHI2hEU*^X)RoYI*x*KfwHNCr5^l~fk)U?o5>lpTtbtLQq?u*bHH{jDq1ssrujr414U4O?wL8CKeU zEUEuGy7YRB(u7*i3R=(Sfbs$4JM_K8qzc-bn5fBCWlr+e8xTjAC(R)W`3gX%Pn#4h;M1SXIcKr3-16!}@j$vsX^B~1Y`Buvmz!pOJ4 zBjXbc(Gz+Nr0`+NcPgp)uf<=E^6(cOSv7ltEb+{dU#C+lX`p911?U59{35`E0_0)9 z9h8$3ev~y2!)v7eF!g4B6ao&Eou$PrC7I93ToE8D!l>G{)>>=@1zFqA$<@?F?RQkI z{8)Wyz5?KE+N!k^ULt`UwAcAu$3xk6y+q^~K~L+?!Et*FgMrD)@TUJ+J*Yib#U3<( zK|_%?N3LIj>_W9cjpuLA{xUS4Z`7CGOY}X#8cRcH!j8w}alTN^;THg8CDrRj(_Zkq zr4hgy3;@=^&s@kCVbrdp-nU)@@LXZ4Gr*X48IE8v ze=e|0@R8y44`Fa(($Z<-66sKXSkI5#dn{W4@%fwx{GP+m=f~!+XU&XhW2Vq{ZUDwxFIY551{8^g1PU54xr+u&?n3^=8?{4uJS1<53EZzZ4=sK!^Sl6#2$ zstgV0_p|T3oCC!s#&8*h#=U(#_PXNRq-4zi=e>Savcj(_0S6pQWl&{s#0#B4&G9#d z2JSw&Jm6by6HU^|#3m?B-s1#lRo4fPB4u0x$a7lz7Ls?M_4NTD>y?>UVbVASsCFM+ zHILQvJCom4BoXp_LT;^+)BeZt1QPsSd-tWTT1zctV$5^|C}tf0_Y|Cuq;4kPawTzj zq}H2`>*B$79uhu@V_5kp4T5M?=9`QQ&~io_3O-sIyc-UOFt*kMC=Qx{9D!4=nDfV2 z{vW(t=LblnUQDxIehB)3YXF9u;WV!}=jy!vBLMSb_4el108MuT3Uac-g^EFpEt?{@ zxW`K20u!VnG;5Qmz3BA6sC?}O__Z6U1e`@i(;4u51KN~hP_)3f;K^Tx)^gKmJiEpL zz3?OSNp0{gpTH<$3-3os4MH@W`TS}y0$2ygTrSq|(dX4IDI3)zc%6D;juq=c+rLf9Kh@u)X1e!Vpvk1@Lqp6<$~x&j^9Gc9)L% z>v9rIcgI@VkN)m2tb7tDEX*$NQT}#4xZ{Od-1L*(LAxy9vU!*D*uelriVid%N1C$d z?wDcOG_&xT1TqPvQv$syZLAnWp#Si1zf^zY4}Pg_?j%K3md;vdrP@~s{5yZ?KUDwQ zzxW?Ri%%ozW3?T6w+wI&eH7WvLy-W%O=IkjJg7AGxBom#Rq(_uuiYH|L>En3I4MZN zkq7&B@LDJ3z@q#Sj5AC$=#S3)o;q#^?vBFwCGV+dylV6HTVuh)ONeLQ#L)k~^IG0@ zxyOkzYr>tW}~`^={SKIOrr zude$)BgDK+*ROkC9hJVpqSyD>E;&`Nn}3LMMQl}HKhuRN5D+HFw+X|q4*&>v!5O?6 z4OfNfCul!FjRNj%-3}4PW!qx)A0sUA zG)DxUD;R@3*WX_UT%F0cH@bK${gLvr?6XD3l~PJaBvT*ulBP}PH7PbUod(){asR=; z{`b`X^nd<6xlG-WT8_0m-?1BYJ9?SA@@=X>d|rGPGnYx=kR?F8Adh~bpsH9KI1!ZUB;Ab$**n!fT{rG@J_nzmwH6C_87WP^f{E`X`hwnfBXX z%^MgGd{+4-_zjP+V0P`loyu#Y@oa$S8s4>|%BgyO0*>cl3mVTa0X(-fSUHAPZKHG! zu4<37k(%h00*wFy{4CY+H53811Ngjsr59O}sPOWDF=;9IT|!enl#&8p9lkHqlHiR% z{n!_4?O|7=SZfpGoQpBiA{Vv^6;PB^i=-)O;9V}M{&1kawm)L$!_A!} zxhO~N=>h0arV0xR0G)4pukM8Nd(g;W6SQOnfQTA+21jRSOlqsmd^7(1!>*;BXJ5mA z96yCQ2_F__m-nQd*P=ytGP_2h?DK!{fBlzp*YV37)&H&cOu1-U2UjbXpvco~sHEbT zjv@b>|M>q_|Ji^4*OrTvlF)3MxN|A(?^#O3l@%kU5+LWYgB>nhY$UkscT||5)+ebn zf)>*2&bOe@FnvqS`DUj0Rmfp%kbjEgOgls+f&uJ59SZK?ms57V{}SNbEa)BIM9nh5 zc@t92(%gvz*opjb@~^3P&A&kY05#EBbX@-6ofK$;nN}QZH(#2&d4mOtnKTXlP#cN^ zRu28mB!itZwlTx9FR!^!(8zy_VeJ@x9}m8>E7}Ba+a|AdjU`@z=Qa2 z^@ySq^ieQkScH~gxl{wt44!2G&c$L+UmH1j&xo=zKl*WCkE8kUXMh6bEzf}3zU9)H zy6L=CeQ@R_=?d6QaZ&vd0M-L&M*b$TZ*JW(l9E7A;?V{s>CUxwa~pI~cfq-&@*y}o z0_6e0*L?w;rS2SLw?Vtm8Qp*q!vN3EPJR!dW>a0_{Tl(eEQ2=Yrh5&8b7if~Ol@v4 z0(jH;4C)NNqejzL(p?KM2E72=4*d_`1vziMYjdvK0%VqUz*yw5?6KfL){uK0R4rw+ zGhE2J?O&^A6Gn$4G^9tkUj%U6?zUB=1u)3k!kPfmYSAFjg}V6}Al0O91_T(0(6=u85el>iro zJndu}x1M)wTgO;r9Ak$|S1UFx*Dh4Cv!OTs%v5y3Jf|P+K8>ar58)?{yzb@PIm*MG z)oj;ca!_kQCrgDX`DMpU0%?{&1~{kr>16Ca;D-PJKmbWZK~!ankU&lw`y&@09XZtg z{N|tHY`G3ZN8Y19T$vqCyiRQsMdy%GKp>1Plar{PKrwamjLe{Q{&@|d;mjXbo~tm% z0+vWD9>C}o{0_~P^Jf5rk_FZdO-7rj&+OffNSxvHKX;N96r5j&Ouht=u+!IH4_@(U z1lY{9sij8)TRseH_AT*;0SKOuK>`Qfah%w)G=f1(82q9T78JgqytSU zfWhD$Cnv3LFWh%~X~1{{zT%W<7;p2LY0Ys`lz<1jiuQ!O*&WcDe7t>!$$k8>4%?mz zK>Go93k*l6SV#cv0eH9x5K7w|Rj)BLoST!^GvJw;-kr%OwDR){3sLE;a$goDbvukE z(x%a1I~m$Ouae;o;z*m%{*b$1#+sws^r6xh?4Vc+v!p^mHUAJ=@1M7}^>|@nHh3cn zY-ZM(hVup=K$dhY32;|YUTY^;_1w@OiETZsG6C4VL3^3(xT*y3m^g#YdCT)5{0J=j zsR>}J7CUyy`z)o*p>Kmx;rut^f%LkFe~Tanz@FX6PBIA`m;^Gw`M@6Np;yO&!MQT{ zk_c9?fu2EUkbnnrN^XlLxWSWq#y3uD8ta7^Gf@^Gz<{h0 z$_?v=<5iq3(Nl|ZVm_taU$H3|Vq5!Q&;o$|8HNIh&4-M`Pz`D&Z(%tqysj#%pM^Ed zHLx?6N#KwqkO9tz^fV8!E(8qBmJ~zWe+b6@)_F_>+z04rS9NAUe|KOg14S9|vm>Xb zmF?u7?YGLgowl83*x-SkbW3;ic}xPR^<01+61g`0+QBlZSX8p80ZLT-Md>c@U&^0g z(3C776ji(BOSzdC^V(*%%tLCRfdo5jP}%(V?evU>?%WvFzK!JU_tC{IbS9kpbLKx7 zKvNDk2s}9jXfwK#EDfk4P|!PUrx|o#XW;%R0HhVC^MUrH?eu~T@{}}nj;3(hFYl0J zae+e}IJxJb+3#lQxoPpf_|1-pN#jn10yRvy;Mawrzz<5b*`Bbi7-Au52!Cj4QWgN< zsM!n;SKApNbisr*_ZfzhcTQI0k(~QjXh6Yn2D;Q}ZR{JKu&Um4}@UwTSwITUDd+Kp5qlL&)radvebA zwg;`)v-~5~>D{U~H@^koOoFGO21NIy8mTQNwVA7+%g{g2@}MOJwMiS_=qu3Zthd#e zyxRt)?~a@26Jg$q)1D8z*(-St=6T|; zJ7!@2y}Dz6J+CBUrxo?=?6BGS{geRodtL5iYA1VRU6IBFV+m>}6SPf}B3T|g<4C8| z0iDhw*PnjHPKc*igdU)Wh;MrY@G^F}(q@1-(n=l!ggz4wz39a`aN3k5W(CYnG6}?x zz}+uCMx-oACV@>#fZD7jtR~WFV}HSp+DsE>f?>CF6vX6IO!F+>J2CUjvj9j#K!7IUl!it{WOobO~*a>lW*&il=eh&qjo`svMVmROGz7%*8dx-U`}ht@qchbgKE*fD z#&~k|ol)GXO#qTW2?0rhdW(SPpt2o;p8%QrS(o{KC#Vh;fIP+gF`nxOtw|XaCe3~h z`Vu}P1DwlXhy6Bx$&{Sq1R47zlVX<2VMsu$hiO3B(Z={>yeG9Y+Q|fz`;#wxOXWtY zkE~VAc|0=`7*^OW=B9P$1=^3dsNbq%1`u&T!`Y^ggxVbdXwY||EOdJLdvc8&;se`Z z<<9P964-_WGQfEoQqJ-Sm4Mk&at=6xjVX=&T?151mcui&0DE%N0l+$#+}+NzT=6;T z^bZ7>f`Ov;X+l9w$d=ZI%mW;FgtwSJP0_OyiEH;keR8_)xq0L&Bp6Ksb$uk73Va#bYA-fv}E$?_3f`v=JYN^ zQR9c4gro7g?Yb7F*1|k4KLT|KCOliLw=sJ9ovM`3N5Np*K060o&Bvh87|!I!H$HQ# zNFWaYtX61%*5U{TMk{DL3aSll_|MIcutSmjmSJjeatuQrd;ziB&{99C!w_-lX(GEE z$m!eyppb{LPXf<$9T+zzn9V*RbNeTO0=DqioJXoVzJwCM&-+&ax5Rw++4r)qwEr^g#yVsH4e#bT1$rZHV&`x%Z;Mq0e*lz@5e4{BAX{Xy;?6%90{5f|!e2ez} z^gKpcFVM3c(&nuk2q{clKEl?ERWI0h~rKVD(00z;~{PcxswYzsXQg!?0Co$ zpz_eF3nRCQQy`?z}KnlBO zKvSk^gR=rQbF#N-$Gq2Zwk%djhjrC7%o;3aSxlV?HjBFpHuD)!b_k8&EQ6U8W20i> zSf5{aU*TI_Pg{c)!B4?md|G`0VChnQ?fgcHl-eUFZlo9(VxpFWBUg2Q)CZ`y{YAGH zG*ufgRM_l&#WP)9lQaoAtdmBgd=4$gs=DfYRL4~;gmZCZkL$CJELMrjHmVGYoCsWv&Ib~3k4Agb|3ygto7Kk9=OrV)IA|@_P4HwC}y@9HNle>(a4*gLwi#r6E2|QC# zq7Dr>v~2E9tNnfVS9#ucoap{(-9B=S{!e#4c4_&<@a(|P&2i!_03w@DdOqZST+yhh zI6ez53X}ee3*qc{`-9}b1?k5nzwEfr65y9m!dQd`Te&cJmv)WZ$yz)49_=`8KwFsr zvhBjaW(h~InQ;y1EWXJdIlmo3F^@lSq>!tEZc?5d7e)urf+l50<}wKcNr1|p{I0j< zGQfFTlD_BpurVy>$Vp^YRE)8|%}zcJN#rzG&`0Nyxo`=LCT-PJZ4R}K)^omuPMKQI z=`m(ifYtLM%9*)kC155{)S6x72>SBb8yplzqMY>6M_zIuy*U1&bj4q%Ef+Z2AhZ9T z6)ZKUMgw~uFppn2YEK#Ce@2EzwkAF(HmF(U{__BNku`w^0j16JZ~(TJipKz=UPHrq zy}p3EKQ3xNs%q(>`q=&p)fps1%@JQVtA)%#15|5@kJksBseyDRGYFlo9l5ySt zpuVjzu)2#NM>_aSShSxxuQ3F47xmZPe zkOw#Ojr!1hrHw9bqYea{ITuNlB6-g&IPw@jJA9051#V z{>{4@&*|M+v5jYud>+!5$Z@?K%&xc+p4B_NG1(Wsj5Gyomg6#Uv#{Hj0NW$2OCSUo=!_s2tW^81miOpYo8RgFB zsuIxarMdH2=Qcz`$AMkuR+B(Ef4ULvW|qci8zwV|U#)h@$088OZLV|$EOs=U=Qtzh zBD9`&%zIS@4|k^BtRGF{e+2XufSDQ0gP+O2=giB_Z=Fin0CrG1Qoo>kas12#kvN)> zgD0CfvF$L34?szPXGtdqpvO3Z%l4p_=bmOWjbhbGFv`}yhSuYH^huS%1;FOt)!cz^ zZhs9e_GF9>x)s^z!NC-ehP0BP7dWmwN8LvN`L?g!Od*ZOU4VRD0FFm{3pi7|nS6=l zq^>v(clqS5w%0~qiako4izQX9&D_BET*nThBD9(N>MIsK+Jo)$rgH~|-i3jMW(A|B zwrlsB>bQ0e(7C0W{p81@8h9R2;~8xmG@hv$Z>Tm72Y6n$|FNIPYUk_s-?R@?$)95^ z_z7>w{5!H*nbH$Wb2z(P8tjw#8=+6gO_Cducfh!CRbst)#S?9L? zgXbz`f3ltipjV1T1NJDW%S&P3&bV?0Fa!xi(O*yd|S@O!iY?#j)V zd_Qs!AXQ2$K&Ux#(v>WDBolDSmte;xo#eAl9+C!S!t;3<#Y~x6=9+4NlN)T;#Xn=P zi$;s6Eyf>tt&KcP9tLzK@LVaL17z)~%kIx^_?Y?5158IcykQ!OhZoup2ssz@Z|H{R*KShtdt+R4C!lD zioa$gYIfF~hX7!jnm%LASYuIPqA1b@6}YdkF<}Jxx<$LDgCyI(Pe=1;lEQGt06fvsVTs%yaew0u&kPCF()tX zQvM_{?PjCc=z&a9S{XFj14+4eC`S&%dK0tNKCdd+?(|Gotqb6Jg2CE0Tor(K)5i(6 zjePHG9`asG{SE&xmmY%MD$6eXW^zcF$H{23fOBxEE#Hv2h6c|7xU=??m1dtJHy+J7 z>+B_EWMJ;m--P2cFyUA@n8<@hWDWzJ>&|a6s9$Yh%dKE%l^*~QJ_E@50U9eWk@o(% zJTx%{lwYUx$Hk}Ufw7Hq2i(nextoK}>Z0+jHWb$!Y^P1N^I!cur%uWb@GJ_@el_$< zBLb&*zp0I%IefX0Lj|CG6(DmBloRm~Y~EnOXM0*QVb4NqIHNZwrACnJ4Lhn> zJX4MGH)`1Zjn;+^3YUbR4Lnz2kd8);4e-2ux|<~G!!+2>g*ktJJ0CWrbD9qra>X>l z%ixd9ey`>{h4%zwuQ&R*IE|>Zlc20mu334r#HoM>?M4 zdAeodl{KAbCbZ98?HJy%tGFwDk*b>=oBfg-oAQ%ZqdhTO`3V9Su!U*_@_Yi)Q7Oce)7?-G_|s^`c^wz`DJ{xF1`&(y%S2_- z{iyhh;)VO$5)Z2(K}@za9suMo4>^kYj#I-&>O!D|{``$>V$Xm=MSTZSQsygRb$;3y zVL*aDFMoM`x90#5NuOb6@uUF$i0-x2pO^BjOFH~UClfmXBWv&ef<(m|Q3>QwbI&+D ziyX8--L`{eBsVJamAqMUQbsTc^Dh8kt(MNf+x!7w)oMJ;#r(16YpxV8zz_Rp*utM& z`zTf2){$GFN6^k**PYeA1yFi}-4p9;<*ZW{Y6W*tjyiadn*##3_WQO@%A1W_DF8$T zkovV{Ci%?G({K)JlQvtfG^Ac~s@RbL1AvfE2|UdseB-y>E4*))82P1b?1w2d77B`3 z&{jsE;seJpQ2X zRq_Cy(FS%f&e(*p9+t^pUi#^OIHC}1xjX=8_O0@p$n>Sojd9{_d@#z}hsZ_{qXZw!isu0^vzg~Af#BHZ76 zX9v?;ytnCCWDb&d=9f+hWPo!zpG#^=ERIjdo1rT9>wFN03 z0`TkBp;mkXI_=y{Gk0F@+rPT$e^gJ7egxG*9kd0jX|Qj%)H!ury#P=-Rjr{%T}5qK zetS6=)Y@*DcAHxsbU9TR|ErZ60Gn$7ObXxzZ>!7J&v>TE_KQi^lz@2ISp+x(oSY0* zuRnyQ_G2{|H8H03CeC)7PGgbAnf8q19Q(dp^BplRygg%|Wb8^n;}&B98d>ZDc;-TP zQckq-^Nt6qvV0RPi0bk#-R91h%z(W@mBc=P_f22Gqb;BLn8{obux6fS%xUsAd3t4_ zZ&7oVKGfs5rlwA_@(+JZRzTnB?0xY0-Nhrr3=By=iHQ$fqCQr)IysX#{U|4c0~v8 zCbaKwI$yxeOap-X@x4*QnSgni>j69`wMHG3Jj3pv<9+q&X4*)`_JC%#Wdxwd(C!U# zQSIt{90JeW-I2o>;~|VLR-ge*;Ca2>Pt1em6xs`Ee_1vH&{Hg^cy*gEQQRwP63ZAy z(zoNTo4%daqH|qGx1+MPowYyuiF)p-rXaZ8Ab7N>Y?=QdNdTh`Qe8mlipRTSV?c43 zGmtyEk424ar*HDlej8vjOI-&Lyh*TGB+~+&V#E2~&1-)#6>>b=JkMNsDFZhmCor8> zPSje^yWMdoa?g(GkU$1Fr{g*7v=m&eD#0)v2f!1qW@%%88DGy%9||%r=8x1Mb=u7W zta%zVd~fUt+pgu7ME(T&d+IAX&=LkC-=Kzh0MD1`WIb)DW%8-#AFEcT-3*b<;K~K! zi@Lucn(NI8FaPns?UI}b>$FfznSkgVk#7>tKZ%z-m^SCw=6ZD*nfRo*;2A*~ZigkW zGk)M)=9Xf8?)vNdIM?~RoXj)LKU7)D`~8F8Q!l^#u?dIt%+_X>)08y_0H^?9<#Xpx z(587>q&h;xA6nMFsQ(CU%O~n{^A)sEli%_fQG^ZMcC?mbf3W(XyaJ7JCtuX`1{*5m zO3B`WPNNR$lxFWU78lYxmf*X8Tsc$y5wu>1w|DCbZCQQ~hwMn}QY{`~_ds2hz|Bk^ z(bk};J~iL2y%@3!xf#Q);q5WoY@ybul^&^f-%xAV{e*5K*-qleHczfuCkaPCp7Ut? z>x;-gQ@xn2CIp@z0C;``;Q2Gg80%?}6Ij+|@ppoe<%teJfR~-C$U^EZF-0zN?LYd% z`|n3xGkx|^{LSZu-7n5#6fLin1~Tw3N|M=qQUz%3WYAp*P-aU7rud+60;6vj^QXb! zn_af-JUIy%tz+&y4ev9O%CW6M=j{O8NtHP&ovFh3iM-b{5#sC0fu;;JBI4Mu4FN*$ zlXkb1Jv$~Nfedg?Mvi-x3Om{|G&s!`Aj8L#8T(7uBczsj&%YHgT}8YXrQvpWPwV+y zRdd*S4NYazaK!C6X%u9F4p{@C_d;rmDk(sz9D~9|-3z5s+pHJir;H(P`(@AAb}sRQdrBKwWsG zV_ix6a5H!dAZt0Wxa^z(Z2lc=kv>*$Z+;DpOY$5ZhRf#)T9(7{>Ke}HwHK-jz`8#U z084i$rrYjEby|6>D$r{04AZ-nxDM^+3aBIA-@FQx7O^|~`wI-Thn{Rl$}rwp0cA!5 zzk*W&=sp0q`X_L2Q=55z9j&exTu#}rT8u!g(H)E-gGXwR#|{C_f6o5Hv}=6s_OqY0 zt6_<*bdSI@ChKTs4ebplgWCVM`X^~|9_-;xoU4JN6$TZ#sFS%}NC5Le z%=otHGQfG8(%xBK*zf@3b2Oeo$Bwq28T;GW(}kXM7jfjM9Y2!ITkG&4OqPQvvO0IhInY7gtr z4A@0{ea@o>era|KhWE6QL!1-*weCq?l9b7Fu?z|H%6BM7Ny8iwR|ChAqIF#OXubS& z8g6_^Ptqq)BVdim+q4lCY+WaqbKQNZ>u%*3a++61rKjL){t+O;SiNfg5$d(ye9ivK z8o(KbELR+G7o8K(l+@K_=O-k+@ZtHh-O4o$A@#={Xw5cK3pn#zZ-BeGH(*(VsXzE0 z%XhvN!EHE`0w`RnGyn+Nj8dVBZ_0so?-e-J-+(S+^@WcO7kjDX$1v>1r8GiJW~pp( z^xmKaIh?7Z$~Wq&^B0IElo4K=$JpUi8unHLYoctzLju_y`6pGy05V1)cKL%;G%^ z@o7N0bf>f&W3gZ5kDylC`o}v3&OEj*flBTn78`Exrfh#)Nd=@n=8iNXOGEYd!BNih zbtNu!3=sNkR(&qA5~$|)o4L(OfH+2y_9NnyHUpgFNNEqlIN*#e<!yCOP&WZ0`pmbUFbYf1_SH{ z#*FZ!>;S`r$XM#JC?UZ2v-nbfhBe>5T{k`}7{vo8EP>Ul&d*rrj7LY41C7mjD?Y(X0`of@gP-7o6A{!|ru6*ZcyR>w^~ z;5rsU2-v^7{j-JHux+s4^MwIZe1qR+1qK|eWf=N_0l)&dnS1??`r3LALx6{~V?Z9k z1lo#h&GR(KISB_7_jt6KRM;QL1;<)|sW zK+>pK~Ho?*|R!Pquu;|Yn3;HbAr4E+$GpRKlxEZ$%Jt= zeDytVk{mT*Z0~L(87G6-Zy`%dNJe0NIG>v92i*P`#V{|SeOGkgfe({Kiz_R z&}xg*RLS<>lX}qjPE}!muGvc$;7o4*qv{!qEjBUXSqw^!0bV*THB6dh8>cKq8UO^q zTrX3Lh_p^Q)#_bBoB3w|vFYX2j#Ia=Ff?q+{>MT4Gm4?TMrw^7s5PqKi0|ibusGsP zZgrof`#b?O%|w{_du?R`4fBEu^{~s0yQ<0no{tLOg5x=SN0k@{wqGojFmcqFks9<14=HcGy|1;A=aH1vYdOMEtYSt5Mcvy|2;F%n@ukGrn%aY zMx*g=DTBhAP?Gk#gGWi{Zr;1}p@y@j%|P|Idfv!?tBXSo=b}1-+zbHh;7AEfpru1? zQ87kDxs3rFMS&Yy{tHEDCfXdZi^i@7e%%Q;SM;fsr2P;^FB)*NXbtGa;E*nS;Gcz= z2Zo;a-WtF%*+J3gb$c7WB@$J;**tt9IpTx5FSMRavB zC_z>)wMl<*Unb>QoI}*RvN-LE zytlq^_x94rS8Kj&1clckbAl@V38maKlX|Tw=Y}!wD({>3n7}gu38qm8H!gvntM1Q` z|6&bNJ_ZgPkILVvv+DO69Q)kuh&Yv1?h8YJrQX%RD#szwK^Y9n~*XtpsX~L0ZOO^U~~NfvK;q zuvl`cHJFebv<@1jT z#6LSOCjstSDo{fd&!vEV$QwJDfh6?-Xar1iv4ZMp+knP$waG%?FA3yS-FXHh@IR-n z+8t0dHk|KNdu%9zQdhtf6^QLi7e8^t#mEI+fU=&r!L)^4{-g^_e1a=kWXBaGkO9ss z2yL5DjIqCl&T@i@dmp@R+)9?Y!;=7w7<9+G-R9%LOVU&uK#9_p$w^$v&rf9TNy86u zX+sFma{lXozp6!51t(P%T+eMT4$Z`XN!|?TGZOV*$CdMX;bsMLld<1`^-|tNY+Hj# zCebqal;bYSm99JqEZfi7eB*ww*}kSGKAq!WRowT=NH}VLjYk0JuyPJPOLg6O1+7X? zGa*O@+}3qg{Slgl&(zoUYjxXy9Te;!{hR_hX1(qEaVvQaV1794rPdgqU5`FM2WnT= zV5lxFfb&uL41ir#y>I`8UDUvH4O~KNFO7~G@-zTg17%62ND!z9ptPwzw|)jMxHln7 zW7#)ZCO$L%D}qL388^hY*dJ6>h1440w%)cuon^{OjV}I5`4bI14<=2_4Z_=6rf>Iw z(g(lP8CJ|CvFVHd~K60D~op)3EZRT3ZKft$}hfzTfIP1ayq@$|p*!cwp zJa5$`H$WHz;IV8ots~ECOGTE+f>#E+Tw5wcqS@G6YMHP-!REQ#Pc&02u_*b?p0yQc zo2LYe{Q!fJ5lU{oe|8uFn@u@QTfjIXTLR7kI+sc``T<%XXpgoA;k$22&Z)Yn|BePt z-rf8$c6Ovg19n@_gMip5!l;?QEHtQiRC%brv_C-p`!RTK_CAA0_(I*_$nDg-bVUHo z4QMxCL-RV0<}W#%OK8veUGMtarQBGK61bVGr8=lej#SYpso`jV#htIvW+vcxzqFZy z-X%V#F*Ll3Fp9IRBd2$%c#3!A8@wYg5#8$}mrZLM;i=usUnzg=YCIEo_9ou`GI(va zr`c@xS!sC3E13TjL7~wZe;}0LuR`dx)K3DjAG7;1@xPx(M{6e+@Lh00*naLt9)xcC z0F-+$)b#~#zMtovZJ-Pi_+8xnHnjXD$PR>@fz3M*`W|FicfQry!$I$CdWw%-HdtJ1 zI4>|yBn@5WR+Rt^GIsG3M?8(j8HuqNXBYxT(1gz1_9T!2&fAmqf}AjcfU!SrQ=%L3 zL(!z^cRTY131r>}AORW<=vZX=yROpw+c$r;Y}q&ny$^%_26(sz*!me{ad-^Qx?8MV zH}cQP_KZoQnH1U+JWc@Y>t*GiX9{TIdhWBoI-Mo;Apn<3OZ;0^1j)V zPy0M5-hJ}3pOGyW+h62igUtk$sX@j#^3xDlj(pGt$Ud$-fmSmBu=Y#5%ZtD-Y;7z) zQRlTEu>Cf#Uf=v7fJp!3R!VTFN3aP3aPE(m`KmDL<8IJ|s z%ltA4Y(oOo{8QB%f5O|I{+;10BNy6g`EN41)C6A+y_81#W>%9&8)$qtWZ`WLWk1f{ z?=G|@Sde?3R0cTj;02(%e;KPSoUH2)0RybTbiW3NI}qDJXGu=9G;H_q+GFdCYLRO? z0k#ftBA_{FG0AI#4rKz%+R}jqiHw@h)Zj6z*wljdWV@Zgx#VX+UwIy)p}N^EsUbjf zkg!(pllN?esP`%gf#iwxUGqKg`w7@A?+69t0nN6!49H(B)HK9=)%h7fvZq}zAF`lM z%fA2s`2zGAU)9&npWC^HojC!Zf7wPmlggbi!H-WrmydS} zIF}rNape=dbMH~mMT;Txb(n&~*|d$DZ@cDmHVZgqa5LA6N18UH=#*h7vZJ4WdvL#Y z1NdbVbv=fi1e;zdD!hH4-{fEj@Dqz-{ZR|{7~+4Ub~?K_r(Ku97+Tsh;JFR()?1vi z+j2SI?jrYHsjwZagFa&f?bF}clEN;~^Y9AN-#9^}~B-(2F``OJBETx|>hD>C_$JgYjg6BQm=r~Wayq!R zdZzK`wqQMH=UrE2~)O2pg#Js-JRbIL`uG!qS|TFAb-Lw9QOy=3F|5MIM-Fg1L=Pr`>S#h4W9J729ZCsC4>Jm0{2Mymfz8_Ki!Y)1*$n294*Eqw#EjXYY5O zjN5&ZU-~K=SH#$tfOBo|2(MRk4a8I`HENHvi$^(MWm}@qPGN4Ca-8vTOz91jO&`h( zUD!>AD_$heKz_XhF5#Nb(x%J(62uZ$xh4su6BS*PaUQp(N|#g(K~8=X=);Rn=;N?@ z2~e}SJ;dC_`n0AoXDLDpTIM0$+g;YT^4X>G5 z=Yyv;e4xR6nOibf)XbP{WC>^=tN6yPb0TSdQ8oXZQu_hT-h9k#0480`_m5whFy(xS zZFD3%qeAi+S~>56&uQ)UGy&NXNq+1*s)}+2X!i7nWz*4NfIgedEctut^Inoo)?;84 zJt-&f#mRx0Y({+!Bl73vH{!KSpqDrC(E^Ohl~aB`S>X=pa-&ktBd2dCQtVWnSJIsn zx#vkj%`{ztbfLu~H8~U5imrhgUDkOf96HQx?3TbF#bZhFYb05*80!|(U zF#1>>7vDm^SWyoyz6Rj*YTHgrCNfxn&R{YT9&kR$-vsFR5};%FGNT)C$tR7@GnFXc zgG088>bCr~-&e_EKE0=kxr%yGqjq!n(1!^bKJ(O;UF8&m^m8dV00fT(H~=K*-0C#c z)7posiT5fF^GQIDwG)%yp|DhF-@C3&YaHW#T;Lu|w~HK>=4IsT0=Ve*>i{l_8hGvx zn=n~n76iHYEd8P!rN3M?uUP;o`Q!n%k3Yf4cX{74^3R{NM~=&FkMx>;R43EepVA3m zT7$~8oh*H)Tb|pwX?Cpzd)&~ga}%bXP1Z9t>sZ3#?}Q-}raX9KwlNmNlpA9-zKA8T zumt$Naj~trF^XLCH-%2{sEjs%5yojd2Ir?5mzYNawDD})d8VnNoK_w+CX1+$V6>pu zKc=0h9p1d$QQx0q?%^%J=yeP@FDf}txk+b#XR)(CkBs8WNeL9R?dJI=!IM@-_Dh;ja19iXhVd^*K3|$wva!W2s*QKz|vmAhCezdFo`*T%G`3|9dC74`e_#p;H z744mv4kPHEYI=|~Ir`-cN+YP~mZ3$3K6oLhB0=uE1|N}GCZG~8N6GI!l4fwQ7zoZd zHC1?G2J)kS6e#|?K&Af57rQH}k=CGBdizEG2x7Y;B`CVp4!TdNi4_=psl^`5N-CmZf-ZKK05n5 zz{6J5T=5}`o&9ap4cY=`IDAW^Bbgi|ZvpdHmcqhJky2#V{; zr^!9~%ZV(N{tSRTDlj6!69V>}Co+%59&}x%W;1Cdzz^UV7!Kv0fhJ};m51i&H}LF^ zZ~aTcdC_71O;yg{1{nPqThregtLrLXB$FI^QI=t}*%WME-v(fNj_<_w+LJqPJyv)2 zKLSnO3IM$EXJwVoLNRjy8^~q#xcYGJY6uqbeR6@8xk*eENCLFVr;W)BIs!}pu%Z_8 zY{Z&5UL|>Z{IX;eXGvT zc}lhSzM{ST5+=#qB3y%(@u~wCJ2`IZW8_rD!g?_1xi~k=mOtP76#6lmyPz{Zn*ZQFlE$nY*FvbEma&_PCAp`uF?c8JSUDCrcjZt7$dY@NPxuiY0$| zF5;ZA1pFlcht!xy)!?9gS3-U8&{0TwF!t@)mG*6SJFpA@JJ0+{;G*h(^bfyR)oL9L zL>n#WbM&=M$#UsO_Gy=4Y9oCc3wc9it+Z_$ALKdRAe zs&esI-W229d5mR zo}3QdFY`ii?BCtCn7YE&Vdpc?`skV0tj1rug>K1`3gx-j3#X#H8jLgc`#aaX8g{3Y zG56dhAbsaEe{UypU)4`E99Pyr%JzoJx%* zPvc2zyOOq>_HrAvxktPnVmm$oHWTNvWa3;I=@fl??a86Z@6rcYqiuV0doMG~^N@gP z0&K&E)?finwc60QeFak*?l$3sDrT;!qvAK=*~zE}Xa53Qx7Pa%gPDyF)NrO|T$pfJ zya!P7Tsr{^lYf)*RGZHM0G~kH9f129o{JI|MDhT*AD!P{NGxVTK>f^lwz<1i@je&R zWjFvVsT@pakWRf*RnK5cnkF0Kuo?*vDCRE(lR+w?oICxd>h=!c?DVF72gAO%t7%y@ zs_Z8i*jF&n)I)VZQ(hTWPTtmlaC7(+vpGsGD=YU8 zW?}LI+Q|yq$v)<+XzZc~Tb9&L?qggx%hb@I`NG(AzroM{#BLUhSTr7+YcLO2Kg>d*a!`qBT&jJ=~$jmxh?0x-k@ z$B(x2#}xXb92R1UD==`Z(jA=P@A}PL%p-y8d#|e}7w-iYG5+hy$YT_9>145iwlTzj zvlfHOzb81qLB;H|a_!K3j$a=q#?eB$Euw;3uXrT>{+MP)c3HR@C>F zG7+0zlS$$B%xeEVZM&-nJ*4(vox3Q^gw&r$PHKYE{Yxz~mXjcvypS%>?dxUMwTZOM zBv2-p24JRkx1IJR_$50_p+2KIWp zApqBW`UoaVvg&!A<{*|2DlENWGYD4OkJVx678WHcs@8ciBX_i9nyx4pPT+j6g@uvD z9PbfaRq;H8Ti~0A zhk5ggyr-3$1@f}In}f<}bh7$0|IJ6WqQ~WO6W1O^0tA-(u+J@lDh&i`bBSY#!u$XZ zf3>NOXy5b^!6lsdfz4?wEN8*H>4OHU4RC#$V(yg(oH2FAD*O>TS&Cv9D6A#iub4zE z0Z4$uF0TH}KbVijw_XWk;Ypny-YCBLyu8+W0ht3a+q_I{c4R|ATc`rCmvj{;5; z8W?tFa>(HZ`yBbG;l>}HFI$_-++#Bd)X6RZea3S7{^N?8V!7;|I;(%EnmwaS;JnE@V?cpV}h|8+h7U8wV~l##Pd_@&_sy!94}3}hEOSUsB*BC{Ncr)MWRd& zY0_j?NG0JA4O+|vw5N}h%`89RJiB-J`!|ICky(h0>)p z3)|SE4vxHnjjv+~Op`zn&QoIB&C{f_Iq~$S&Ph$ZKRLNv7njs-?!aDjCH1;q-R{FJ z%_@UTX5_f+x|RhtYpq_+SP(dA;m@8#FPrb>(i@-5jnfWD!<;Xh$?CTD`va|wOwgE` zoNT|V-7FL*X_@=#fX6-SVScTF`r=jy!uKv$GY9jc?!H)%U% zA6$G5rUG^Y9A)E)NJqXGKo(lF)eED;%jt`vQabU^&kg3$*?{0F0F3ds2Wl zb3OyJ8M!im$*gL3+t5gV0@E4mbBrkb#783m4dTK^HXWDF3SMBD0CNTaa~ePH3gP#a z|L}>$`&fiC!iF#4%sB)B+L5W4&=?)Q2mn-RSCI-Z89J#0(9Q3JH+TU$0jm1|sfPrr zF)8IQC) z?+6#yDvSQz0N*h3IjjO;ezZ^pR|0Uh1;#;PM?3p-R}vPITwExYzycDG)v9=bV*%l< zu}CF#2V1mYcWH3>;2G^WSNre6q2O%{<$D0Cq5)ouh;dmHnnmjNE5k_^!BOFhM}0nt zvHBH{7#F1ymJKQ&l%`ZBlYz5202|mIOn{w}zyTZ?8JYl}q0wh#V$+d2-MDF!R0B9; zvod5WVF)uDtcSLnxlr4Mw&ttGeGRUZv$tWd`7Hp^1NDCO|3$v2;GWdFS;u$Y`IzGG zv!DH|>eqhltLn>N{_4UECJ8P9#F}Np_o#?PrcMJ+N_T6l(&#}mC-J(rt-LD0xtzn! zlvEL5{huy;pQIqo$aoiXsG(kf_H+p*GxF&?-o=EvXuncbH~{Q#z}9`?{VE@O0ANda z1|-maHouQXW0{)En82l=i40&lMPQj}L)ccw=adU@R;}_jNw)pzkkECf07kIvjyaP-&AM0;FS)en(VhY>Yu`pg8m<342Q$yOAy8x(+ za|yyff%zVs@%6B6n9kQFUh>7q*%Gk(aQl3A$yMjzJ7541-dBztBqU*m%l{pa9Pu%h zKsX5`@m=9o{;=AW;izs$uFmi!v|n%FYuvpOn%&!RS60g<`^?S|3TXIAptkXt7Bt2@ zZD>iePhT|fz2XA0vHDqEXE@!*lkfhl0KL(W&@r8wJsyl_rw`IZA#n;3Dz!9tmhVa}nR70wPb=4~gJ`Ny8>* zuh&!J9FX~_bxWEA4!q@jD+!1UDzEQ?`_TGQnFct>q-#cT-7eB#K5a``10i^7bX-EU zT5U(O*??f_G;J*#;9cx5^Iej5nEQsO8hL1T185k|4Q)g~ZUmE|$FD(UP7XP!piKLu zf^(zYNgq=*8IXrv+86bAp;^&T$Axc#1GszYto;lC^k4eQW7i^o;0L~6Yde4Tv!B+$ z^Y8xd|2B6M6VRYc0B{a6v%rC5F|)6p)ZW+kXzofjyg=dEYmE83oOH){UGH4%b29~0lLC;jR4D(&t z-+##?>GFMMy!81zciYOV*K&n3H7-YPh zxBmD#mVhk*e!q&T8MnMbJmQG`O0_+1tdRiy=QJH3I*j3akxd+6 zoFhBCj7BoG;wA8#Y&$+Cu$+Tg8jb}RdZY>e4YT?Roq5hbI|De|hO0RUGtU0vmvGMK zA&8l+xF1~Tkv0KCK zNFov5_QIhiL(6JpP-U~yg3>MipfSlnFv0-IoSYfZ0DHQf?+DWMr^Mu;CMFPNosSba zYV7GU&IFG@1cxL%@JqxRIMEwelRfW*m=jPYlU5NnajUIos@FUKM?Icucap>w) z=0ac{`0|8}E^HvRLFRWUj$v%G0rln>X)eTyysezfWA4 zwZG;1J8yxNTEmzN)&Pt3?Fz{(WlM>cQ@7PW{!jiu{ltI$8Z@rrF-S=9#o1yB#1e=s z0oaNM&|2%i7n#zw6R7v!$G7-32Y6@47>BDY0ru-{IM1~E^b~fb7GTEJjF>Q&1F-zn zpZmJ{v0r*ai;8B2X%F1?>9Z;sCa@yDl~1Wg<&(#H@I&d+hL4TnuS#Gs-B<#PN`NL2 z%=Vwnd*$rO3EQ_ijRSW=>DKASEh^in1jQO>z~etl!VEKGXUTQlNn57o)tl&O#{yBr5drq~fHD})g zFO^{WprCnl@1eIm>lYdmM`X^Vv&N(b0TwIp(r7<9c{hiGGrL=yNdH7wB`>B`}h{Z-hDEU?^If~+UKg;s4Yd? zJ(n%0a>X zB~!`Bw@RLJBMHRn@6gm@aY8JCkpu{^5@vpfjImUCtoOMn(iPII+_Q3XJkI6VOo|$WL0-Z00{^ zPN&Mi$FOM+PVNp0Z>knR!lxJiJRa~nH)3A<&U6qKWa{Cla8GsMc&@Rd+RgI((wxRY z{<=DAqR)Pe`G@g8 zkxd+80r>>xxawoJp{JFP8o$wib4ul)rEr7+9yb8f+21SGfI;jy#1hyx2^ibWA8s4l zJI^n-hH^`2XK=ojwi*y`dR6mI3VY}{E_&}_h5L@);X&s;yBur{Ap4vXYfiLzj1q#& zN248vFS~vLfu$U;X|Gz_V|LnUw2`TiOrSWaZ9og)K>6_8ILabO?q~|)%xElf(!tCGK=p4VZQ4;l!&9I7y@ zaa6nm;I5)-9c=B77_wLxp|ijj4Qe(o4lL$C=b(71N|`-%QGcZ_@a&(KZ>vJCs2c4m z06a3fIQ@vtjEj3Dum>B>`-KC5%h0r~x3O4bG|{z<;4~ex6IITk68Im7QMed)WO# z(7Dln41@8em9Ye(Nx*0~6JUr3SJ5Q7ywU`I_tLN9yYgafVDs|0 z_fi@{yU2imWvp^*6;^MS9l4fCG@B#9ssUSN8nfDl{;f~{LSO~Nfv5iP%n7eSN2x&a z*w?hvER!^CqZKq6m^bB^(lEB0&16nwq~~?`lc2}IDSUh@gABw{kaS$hlJXPqd=Nppyu=hakF4K|b3tNLRAj2W10 zAg^)Q1PSmxy1su8n&^9~-Rh}Y4GYH(*ev{U3qQ4->&+(aT}hSlWqySvd7-2E24lft z07rW;HMB`VzTy2rUpok-lR$B>8@1gfI=lv;>^F|(M3q1^z1!zu>Tp@%yWaePWs!>M zY=8vh&Es<_LC)nU@$oU1fJh(%M`#=~?Yap!Y40LOnns|eDlxP;#1gP2z`mcF%(T_) z7x?Vd2M;ya%!M6-&jg{D9WX~teref6=b>i|TA#vH#-83D-i8KqSO2Opz&wv22hCI_0)!G`(dN~8IeG`E1h4{f#eu9j;skW*d^xcz=yfn*q;9E!|% zlyjYJ><_)dQ@e<5qvv=|0yitL&B1G&)1E_-6*bJnRU^acJ%8M)?jR>+RxX#+ zr#|&@_1)k7aaAmq)YrfMu4*=oz3aW)E!+!$VBPV-AMexk%G)q8@eEp%yS-CE#7JOl zzi=JEb3;!kC4SyxJ`LNw#cS$i?J*V*=T}TfL$my-coV-Hss(N9r!|-;!U$9Xfy*>B z(~FrB>`u3E|6&biku{q`SqcQ%BdYR*WTWwf1{czmNb1KKH zG^PkAp*WXFfSQ>!9oTWq_(*(woRk3U06WS4Xrv2H$&`jHem<3}b%p0Ec1`cm8Edtr;m%|&i>&^(*dF#LJ* zxRWw!F&h&Z1end-l$yv;wsY_=o)d^>nH02{MI&0wYtYU!`Dgl2o;7{#0?|@mKD7^1 z2UYEStCG78@cFtf*XuQ4)3yrxrDv+yKL?$7U~BH~)q1F7d z_91L%*M0doYdlkT4);_kS61iEtFa*9D~L;s%%$?`uyPHfs)Xt^;Pj?l$M?tjzy|Qv zX?38rlLF{m(2H+PlwBln2SP55Nf?gVVFg;wN6@O@40CC^?~pFY5evWP`p4ZZ?ixzy zrjuqNbqWpU`%W3Dz@G%22~uNf56+3`(73N`b2;Jel|SVThz)M~3H$kU^h7UNSJ1 zBR^S0w&ooey5-Ga)4g6N*qnzwcxvBN2aDUFbvgIHqawL!sV3fN=uD3DdumE)Eh=lWuP3!g4+@lzt!3o}3uvR5 zf%$BDx-P`0QtYx!9VuuWG6)NDts{N^ka0e{=J^$wGppP;ZKD%y5If1tBkk1f9vV5i z5d@w$dHg=l3u+d4b)9H-L;79FP z@|VuQIVormVD4-48%85Ki}(bc3Oe$2T{p_KK0qpej3N`SO4>G{tNY6 zzx`ViVmT<>Q5UTjxNnnS^hD+zil}v-t8(^0RiW8E(C^oLjVopjR581+9-lv$tDtcV zc%lyB7_c`;z=Xy(pxrSYk)xBqSIrjyw=n_kG@$Ws18H+r9cP|X0$dK;FI|WE71(0# z^i{o$-8>6uDK}wSqm(SEVxfTV10=ExzEL4I)2#d}O!D>gs)2W*;9V*!7c+$V-mKkAq!Oer;7w=f|gDM8`{C*^f8U(kB_@40a}pYxP%M9iw13OWB3qX z=p;0ruiA?&%ox!etJvjiBAGznb9V9Kx5v4IIHFbFD*fdvn zUP|4>l#2%O$G5T1TjMP5g9qLsD_0&O7k5H1FGth!)8<)sP*vshU1VaX)76vYD4$;e zPc;qeGcN6x<20_!GcYaHjVB$E%~-5uM#7B`dq(+VQYHWROzMAp?#;c?bu!M;5;m00 zT{pa&b35LBH(1V;)p3x|NM5=ImZgac^G`r+soO4Nmt(xpl}TYboz-A-ngBdNY-)G* z@y7F-cSrxo?^gAdfRXJ!XNIRn2Hun+va`5{27tEDmC>9y5y@wRFM$m`B&4uhcI zN%0oGZ9|wMdE_T{-?(h5sE$iF)j{r5owv@_OE_sXMi+duk0LwJOy9?(nTuOA0}_YT zOCX;qtCPK3*cq8t9oTBFx9V6>n>~r9Ne%Asph*oo(5`VlQ&gEOzMJ@F(yYrofzMjG zP{D!&`qyq-<+7+J!379_*Zk&B`G;r(`4-PpWB9zR+b`(;V@jHx-&;Nl$B2VO7Yj0r zjbXWiHJvPCSJ@%vfQ#;6usOWMb1ho-W7GRGSNf8VAg;@^x1V)WR(q!JzaE=d%y_Dt z%^S-~dAD8CKJT;RAs^z>yg3|W#9=oj(BU^SWS|*bN5;gIh}#4J&2WayR8!E()QA{bFb!{ zHPWVWYw${ci=x&ts|CS>ZYhmimJD5BYYsCXZbFTXwM9Z0_~+ z8fK+SNj>$Lm>?OsNuEWIhPDeb8<|t?B7185N?mrmq_bu@A3qumCB*4Dlh8nJp$Bl- z)Njg3yc{)U>)EgYVdmjAwbZp1v;&HBV37pyoKB}zuiw|4F|XE$<~C|w6&OmGi5#_u z#3`WUOQ%xM9#3h_X!4LvR{%03p>g{JG<(o2+*ciF6z0!A5MOOHIh|p`7I+$EkW+eV`ZAW|ic-SI!-& zlM(<-*d~8=@ep;+2ZZ$pJyppc;C+BYw!wOR0L*INE~O^{Fdssz`JlM32Hl}*G#Ze3 zc&+k69@@}8fHP&(>EK%iE#*um0nm6}&Ez4R4;BG1Lys5yWUvsIPD5L|`*O5^=X)RY zci4RQebbi^$>-ZI=>BC&nw{S+pTt6A0p<@IeQw8HJoJZ6{mrjHQ<_e#wsv=`^rHcy zu;nM&D0>O^xx_8=DB}g8sqecro?!eq4=!&~Cg^DBP3Dj$`n7*DcW{iR;mZ~y%@`(_ zLY%to5-6uI9_n*vaPW?TZExqQ`6t*+S;nCAswKU7^vyf8_-^i?7SX0N@m&rnxQm~5 z!;M4F;P3OofHMub(=mi`_J_e29_&u+>@VmZ#c6Ajz$Spr)bi)n1EbNuriMqT#tcI3 zQJ#HH!p^lGS@PWf$7C7g+Ib{*1QzEm$_Y~?{Tc=?AK+scexe#w5!(?If(P7YJE6!( zYq&y=Mx(=Mn~qNgf@+#Ctv77wi5|iCu5&&g1(TcnaZ+PXY}jV^o(EG6+dhAqrk>y$ zf>S5?bnoai-lU9s6hK;z(tdMo=0q;9hAvx#0Ki#0|HG-&$D;;^ail2>Ik#J)0cLHt z*~p&q?*s6l?=osR=iv;iSVTVzAVv5zF=Q zCMbcQ92~AyV7}n6@S57s-UN7kNRJNCpd$djnOeQ80Gvf&H*Q?hrZ&FgulyCQQU3dX z@cT>qPDveGa~vjNy5$(pOAXJ0`%DG#Pm>r&<+}j=dg{DA8>lCsZ5#t$*I+Th=3dCU zY(Bb!w$?_cIU8e=A$X8&myOTENuUTY__T5Z3#BR5YQbbr6I#u4I%>=Z0M6v11Lu&% z!XC8M6`r9kzGdO>V*wh{LoDERpy5o%gxO31&k}ZU;@Q9l*!So5G~r~hNG_+BnJB9J z1k(deq}dU6`AYf@Gz>pLa(KDewCr<&%(U%H6C0$rm9|Aq2W~fO;@p;>BuYQeYx`W% zmwA+Nnbb2na*T$5@{CKosXP3W$?<~wJQyu!KJF6y+AnEgj^vLtWQ^q21=-=BeI15g zoM-zaP}GWAPw^y#8wYG(3)jmr7x}3CrUAnBRvp)NNfIak1mb zC(HoU8ae90oqdm-G&_r(JaO)3bk8O-tt=u1uf}DV(Wv&`!?$U9tK_rV54Lgl}oD-JT$>!?urfCuy3vAo{b?cn92j zIDS9;$_l@7bW6KbOgTf@@a+K4tV_?voO)O@ZnNDkIhP{=XP%phokQ7rUM44$Np07f z;1}&%(*|^6445|B%$hsxM9_T~q#gmYdCl$Sd^R$vJ!m(d0YEXfzq-&`rk&grwE3Rb zKY-ILnk2wC4q$ShAd7Fnn@6)Qu<6|Dodckz8ICj9zl9kNXohBCrlSaL)BXG{XffVV zMS$FC*d6DTbD(KP2ReM&nj>fUQNRJGPn@4kCqlCI2=TJc9P zt3eIcPDmTz)QYBd^OK8j;0qsY7J<%bPb+tzX}_;t)Slzn=3spB=d0Uo;+Z|gvrR4k z&0H+m#)l^jt>)v(EjTDGL#uh98g-beSin{@+g^l84cf8yn$)o6(rtIJP*=td5q$el zPuOQ7o5|xFoxp-aO9SEAbO|&%&~lznL*M3Q8RzVO{DSUZrli^Vr9731Xbxjp3-wY5 zHSIFV3MQs|m^;q5vp{HE+EI%(_?sc}vw5WKCD`W@x6I?@_`uXX;>%^l8JkG$Ot2Cq z+H*Ag8yVQSNq2<@@k9o*GiNI6O=?Y} zGywSm26voP&J$!pBW2iLJwdQ0Rg&g+H0}3G8ISX)Yw8-$Io}nfOWHEI^77-oCUt3_ zd-T_AHat@Uh=IKF+}uyG*DQ6rw3yHQ&>3sMm;kWEiM%C_*EFd?aG9FTG=o8{=^kv6 za+^4>nMeNsKGSptZwmOUc9eOzDz9;GNBLWf;pI%$-#+TtIgdb zF%S|`bW^j@Y|qKw4VA)uYBk%c*@`At+Hjr)IP<>oyGL*uHeIx)a~M#Iz&IVWaz}~2 z_xJ{Lr%1bhhHvQQY37;!Wm3etKXLk^$y7In<oc50cxBQ08GP)Tny$fSGJo(jrW*~#jRm9 zGgwjD6l88=3~-)w_6M73v9rG@vX9GNK?xY`=4BabUylIIV9_4k+2`azt}&pLQy6HB2J(=I8>!yw=$aM6Xm<}928(k}CP>#=I~ zu!0V7h?>qRfE3LTK%vl*qXDw1)mlgSGt@~f=qf-wXt`hueLk~?`i^0Ssx}7`#xY=6S+}*8^D*8XEcVP{TR1HJ ztCBCB%xb5AWjNpKwqb;Mx@~N2!`b;R2Fa4&OD-Uk3I&~w<~3#o_5k@@9ws%q zxc^wFgX6(0ObsQHO?=C0`a8;R>G;q2{LdmDAssdPmezbsNwW(OJS?YguVk^_u1D{- zqKOTF&gi}HZwqz_Xwe1(s($jP>?PRe61U9b`12&w0nJYwI-VUb+L>kOhK>g-9cKN|O;|igL9(^ z;ss_YD_36QrIvSP>KA$h``WO(Ur3!|AVM3I;eagxn@NZ572bLDwoB@gW7sy@bfv6J zZrtnn&q&ui%Z6{EFv*wPY34%-eSbt_*-g{5@V*FA zPzOO{o)aXNVCpt`d9DExfW!SBHGY{F8qdhjG6bvzYz85K%!W3#n#rZMIf^6ilhF0n zlgk`JgSigi#H;-do2C5@>@Xh!AWviaIDp|EfML|RS2$9|%n`JeUy!+7v;dl-J`dl^Ia7G9-9O+aJrag{fL;9B5FWyz9^f4TEK|7J4JDj;K+sVwj0cR1| zjT@)1@BF>$oo{~|fR<8U`=dXRq@6tyWZuVO1{WIWh;mw>S(nq&T|A?BF1nN7dOqp2 zH+~8e9a(5iKZ90ty$c5?OAg$qO1scSXl1v%#%>Z03y@1T#!V6wwsH^tU7(`*fLXYTC!pQW2Gf6PR z_wav%>!vJLD-W&B3f?LI$)5nG<6LrEE8t4SXV=(OoIa_Vr0KRtCN<;K$FKa#+i{e? z_a2afNY89rN6qe3FNJxSGV~ z-jjWO<~(1lKM7t^04m56!CMA`%KUkGVw{-Npji!!8u8yu_DDzWhFy;50{|lgM_3Q7Erj|J=z5LvH)k1`CD(j zu731y{x$W+8?Rjn`_4%`f0gVJo*_D<^at(ujFqx`u-*JF@{E5F2ml`zuWPM)YN|f1 zKEQJj?HQ1J;dgBJ8d&%^(VTYhJjNlM1TwJSetqvY!1}!E!YN>*Sp#r8-!7Y3H5GED z(10^(@!LxiEV*13-$pe8lKtx8QfzX2=*nubC}x{k+!w6#B|?sjNyRXw~6g6Q*ZU=qtTJ z?1~cXHg%7`({}z*dwj_*W{=3HeQoEX0hv(K3)3WRUf@PdF%70JEIds zv$2yu4qHqt|C(TEa=Zd3#-8u7bB^zHmE#rVuCflUIN z`81WGC{*7NtxT`1cJZ2i*Gj3|Gv|7{*!Ep*QyO-Yscb|0=bIc-iRAE0o6KO$TP%TX zkpQ;^aq#8UZr*gTnesJ*HG42r@Gr{TA1a5(E1Jn^S9MFP>UFlW_Tk&C* zArIavxl;g-cL7A-!S#XG;HO6FygXet;7s}PK3x_2&NNMNT)e4GRM3QrH)N79lL5Qo z7p)h@q>Gh-reIDgw*goms#lF?>a0n}fU6DcEBN+Q^81dKbM!uFwH#kI^`ts1o#1z@ zKQE0&Q?=oEZx#2cm@fiEHl~Kcwwl_|*>qNAahT_t5t2K)aoR&q4;; z_v!QiyFdKxA4hE`zXd_T?U#abO{TGLETyiidOw<$;aL4(m5Zq4nR4uPWx;c@emb?{ z_@k1#r@!r-IUEg!d9VV?G07kaaA!$5^_t#c5|l4a+k6QayUoY2+q@bxqRW)Pm<{J; z5{_xb61Zv-poVB`aCyesqsZF~#O=YLeNM{OwRJjKXJF!F_6RZAB%PXK`+t9VHj6Z% z$F}PK4tR(O6G1*bnerI~hi?L9vs(ECPpD?qFI!yqRW7;jtbm7aU6`D~{LP{;TXv+c z?~_H!jpKdf&w$N_7cbb1JEYT%tn71=lrp9c!;jFDdnlOqvGoT%THj7x&+z5^byQ-Oas=*_a*?&BEPF(-#@x6rp_Rfo2kn{|AzRs$@u3Hd@93vlxR&MZf}%=v5? zz%jI*VYZ0&o&7=<+SzGzB?QbR5Twp#Xr8L-Yll24U}pLgscrIT`lZSESuqvZQsxe^ zX}bz$mG?^*UTNc;{hL`V^~-7E2sCOFU)b`UhH1L6CcdUqoJQj^N^qg!F<%meCd-Z{Y-olaILiQ7nl)u09Ijpx5klcg%$qBCLKUul?L{8I zkM<%Dn_tV&9G7+k^C!8c9cRmqAgTn`CH0wmNeyR5GkEMi7`d3dA|sY1EjMj+jX9SK zGV@%@n3~;dr+&{IP3N|FV<}EV`4f#W(hx0VL)E2Cz?nbJ{RoH*0CG@6jb&IB=`-*e z|8*b`Enu{3=EJ1%ujUzNo_QuR`yaIrE0WckAI3Ohg>om=9RD2Eges8FJY7g-_fJO8)l~=OYq(EG+QbE&U>dF9)!wHSh=x}_L3uYbEn53$ zwaNSRPRI*83L@RZSq#MKYmq=9c>{|}FY(ok{e-PW;J%d%@qKNm5^Vo2`#bAfT^zY| z2^4Yf8d}M5a(uG%%9cPd2Ar25#F#`Zfnw^0HrT$ck}!ifd$?zxvsKo$bvoJJz{JVy z3&fORf2s$kjO~H{w$%klj*3tY`e(P7sRWw!q-m6OffLGRwekrbjEAqETUy&#`Q~6G z0g$#2@NO9)n7>&yIQK^G(Uc>p*b{F#H}_URJ!;}sme(dcKvRP!0Phm2pw0mxhcP`t?cp-)HfNFr)f{umHU!vG!!t7kAPtSwR0U4k zUZK|2PFC60=>b}HF!5o`aGb*q^mCX4fzvtIg6=`fG6#+4a{d?q^j!eav@LrKITzGV ze*TBl8*kp5PWBR0-g;{{?K^k-O?6nf1C8}A09;x4NZ{VwgejT4dRDs+sl)aoG@(z+ zFqwkq>v{D9Rr7HmxUSpN?YCiKW)E7iIc?fyUG;8yJ^4&UUE8~DBbQd9V&w?FWfWWO*^NaDWa5{K|R@@$@Bq4N?j)L=c>VjnXBAWoqKcg6t0n=r9) z7qV>vm|D&=GfRF`*fG&sw9)Qh*!BnVajA*X+JC96$CYn{1agUE%r07ZujAc7mw!WO zXb!#y&|=SIOXw9Ok}b-?}To=Qp#p^ z@?l+GzN6OP!M3Y3Y?BufCy|^92_M1yNv>(f+43WOZymg6CXT?W3&_gkPx7NEg5)(k zm^kMgntF2oq>P*2y{{wfX8;fUCuIzkp|+(g<$08!4K_2c)^KLOg5v_MdO(=V0qHb0vzh~lj=g-Z4`w(3K+_CI9a_)?(i70$E@zI^kN?zP zSNC4K;n)0)h~vGp?K?ky@=QH@`g|jJTbv1)C4jBwJRAeoJ7%FGpWcUt><#sz_6Xnp zo;oTR$AJCbKs~*901chX*Ocl(yZNASte^SbU{&_Z7nkZfOQx|q2Ic`PR3W#cVR>I;bg*sF*bk3Ujn-u^Ua?JaAx)FD`;Y) zn7ocYDx-nt1=$)Ev-ulEhCR_;e6%|#V~(&@ZeG4w?U(V6&(R)CO=+0@eld$Y&%AHC zILL+|GlhB_ec2MAb2AuvLw`NF`{S~CyQ=j=&sl$8InUeH9okpz-f;(ME_sapaWxCY ztCD97IIl{wG2JU8fo<1r=8ZA~aXq4T?wftCb2#zL?4C}Z1tv~r4;e#EoJ#ths`VaV z8sbjwLKcsd%?x%8Fc^u@1o#+@nqTSQ2^H_n{P&02&D2QH+D14=ap)7wpI?jYxY_(C zsgCB%i8xu|KL&FTX?B7?PJ+iLPPB9E4fe!l1R^_`Ogn@&foKWxoOsjBwYM7bA-s?# zodNPl?&L?x)OOZC0K*1sW}9fAnYNqLTI*TBXrXD^%+j33nR;l`ndxF)!?eTD&!zTZ z#-If|%;6^kU6|I$LKCzP9{Yss{K6p8Itj_Dt)vM-H{cLYSI|+nm;Yco@&8udcvLFA(Yyyw#;GvYQsFVHM zDhp_#)oiI|3$~ga&~Y90OC8j3jtV&QyV=L0SrPW26Zm*{v8Z5&BJOt|05d^nJ0xMx zJB!7?R_`S!xQlF2p9uM0+jZIJ(%;!})6R=<63AU*;C@<`x#L+s?=|_<{SmL7_kgBV z7I`N+FsqSFWdQ+33Vs?Kk5b-zEekjq(e5C$Buu za^LV+#bHY&0Ei4@#r>^tZnmW&UYKpTxm6h~1`PGwV|o3-!VJX)10_I*kM+U(fq6DD zF$SDB@vg)?ZH)xd2{@*~gm{~^n<;EFptDDF_PNgC-V<+uON}c|f*FW6%jAz~<~P3OSCe8ZQI27Z zD$D49Oy`-MKAxrvJAaJUmjQnT7#2R5C7p%_G6Ekn!NhI;6wI3l?`RS7r}g%20?!Gy zO$wpBZmVt^9bOtfnLdOmjS=rS(?Iqxs|sn@$AxzDe2)IG`~W~^4^G<%Vs~H;!5e57 zxd~^2*;D~qs(0a74GS0mqBlPb)K7om-&SwF`P$~Q>TtL#_MO?MmUGwii$HCT!y-&p zb?eZWJyEGdRy{j^Up3d_kaE6T--83W{o<(sAz^0YDuonw1)NlFstU~P^g4Z2uXBgP zvP!yMnDapY!6fPHuYW+xj1Ith%!CQ1Nqe6gr^O)Fh+z88nhlt3|g3-8e* zFy}60ZziXcT*ZL%q)g(NSOTFXP=J<5Yen|&LNl?1jH3Y^2htqT;lKOy#JLG}Cg*$! z%vdDyj>q!);6p2R@zb$pfsFTB?B)s}r)%QqR{x}4Zz=nl;G})+Jr^4ON6}K{{h0g_ z5M?>h)HNEebc83r;JQt#Ch59$+2AK@GS3Cicn?YeKYbgDU=C$)?lm#jiGG?@PH+#(JVjm%W_P!o%RVJ z%%-IQ=+Z7HI!rAS=H*slmP>(F8X9fsR0d#fUvp18%goCo@2UJ)j@ob3N+w?-Z*$+1 z+O9Hbl5Z)`){tjl9sp0^SdiuM<8==v1xRaue_x#(pQy7l7eM&vo$ppp&K@{*fC|Zg zXL&+3(2U3;-mzQ?4$m;DKW{w)T^CS6iJ5^~!2|&h;3V(@<>mg^1?f<=*{vd93L2_+ zH19NJvFYIpU-+@D0-Qyj@_*+o002M$NklxEw3|H|_q zNB{EEV(H9P{7O(VwDar@Qunl@H^29KS~(r>^uv>PW&92VrL$jO{Aa*?FVFK_2ahkq z&|mD{36HZRMGiq{B!A;D>bP3RT zU?~Ov8QNLv_**u;RGhLd31kxc82Q3y1bkR+V}QZOIK&c&C9sGDXpgErZ~>l0XvAfv zOQ3|6JeqQ73?5IIi5&b!?nfXOr5l`2e} z+{M7;6@CC0fRa*^iGbqj0-5JzdUoKX&P@E6H%tjblOU`Fm|#Y`oFD3C8)*lbN1add zB98%}Mfh?gCHtI!gZpDDL1&gFkA`Pg)=Xzz3}QxO2&SAU#FAIY9XvIg9Dvw$DfPAY ze;;vnKpoa)5+E@(8n~^R+rGPlEHsbDffFlx;OTkmi7I9RdKd4hXZ81d^9}$yzi57l zdSHXMcnctRQ9Z4H-8XL>8C?Q=*1q_~A5(wr2R^NSvH;=#1yF2~eFH+}TV{_j`ShgTOYN4(8JbFs*@c zV(-GK&;A0>&4Tm&_J3atwIKQ|NATwsz#nQzZDSa!+Tfwe!@Nc*fp#oO5h1iBfM?JvgnnXTa1&Wr=y+aYIs{^gu`cPsqTPyep^`G4|#Th%Cn%{A;!jl*_G zfcL7LdL8%dz3pK5if~BT0{ZxAs4#9$ow?qN8gej_Qa{#w2j<`my>C z|L)JI&wloM)NlUA@2UUstG}mSJU{2naP#qT8U;@1O&Glgl2!8QYq{WiH7bA$$;>!O zaME=Q<3^PAxtnU2O=1z_KqUqVt$Clu^U4LS{^%RzmfEBL-ybla0v4m4b@$3oCabD{6XqY5?+A;T({y2nu>2J2ivIVQK~>%&H-%EHz%I-2;{* zxC#2!7kd`K>8)*6elKV`p5FymIl!l^$ZrPrAoGc9>Z11$8ejrQdutAN9V~y+p#5Qn z@q6L&De<7BwVZY45gcm8JMS#&MZ4I}{ecPV62d2K#}?`^9ELp<%xG#zqua1C15-S{sDH6%+}8Le$U6Lq1V+5bJhT0 zJVW3WHKa=EJ6If^t|a01qyD6V`SUO1#&Xoaerz%R4IR__3r+O27%$#If5x3wt2faU zt^LCFf=4ucpcgfw$Zx^AN5!JvzY!tdlVISOBN%i4^(YU2ct7+%jMdz5neuVDxawzl zj5E8#i;W!DUG;ktru|8{{mmy&q4+gvdMQl#IM4DVP)y!dP3-jEcH7#q4QK0_xOesGvFY3WIq196QJPo1Y5)NXXoWPf4N-VfZ`a_OWo8i>R@15PToWs zG`*nhx@chAg2UL9W0ck9)!ZWk^cq^;CiB_`f=yX7Ng=Q-JTM;tU(3to)t58B!hToyKZ zY1f%f;TARN;c4p9F1OW&bC3YueCv+-k-zzA^~M{wRlV9&@4ma46N+--Q00<&bx}Xp zn!*hLo9T2;?G=txDO(17X3WueO&J8WeSK+oKVi?k0$$s__JsE9`uJF0O>L_b-;fhRB+=%=fFLv9+B$k?^&j7J~YZX=TF4lV8?7AK&Bo zy|oQ7_Bh9PVh=r71=cO=-VD2Q4YA4M_~MP4e(w!U-kYE>t9($|sA=-tI8OvFSNpt1 z<@f5A&n6DF!ccEV6tb@3o#Y&xzA|!&1I+MdFP2_K8LgwuSuOuI?!@Br>UHoLrj8hJ zwxkq;&6Y6Y)2R~3-~-S_M+$glYMyONFax(~gH3m!x2ksK95Adln67=ZjJl__P-qL- zDA(i1Fmjkx!#G9nRqz0s+y!Ys&mMpW(|5VC^SS2r|)D$$Jr2aqt4(uuypwTETf1X4-}%h*yxFYddBHQCKftd7a4(DZWw3FeZl~W?<=j4O_-3@T!xe~VZ6x!V zk~-bLqYBV&ZZ+Xo0r#K}Kz)-#u~5;^5AE)+BD6alRnG5$v~eIyb4%1{-Y=f2#gJh76-?l@6m9LYouKg|1f0Px(l+r=H<8JNN93}0*;>%RQPfU~by;>cJ6(G^fs==SK z#0F3J$eq!qmHcw#wnB#B^0U*uG{)%>aD@$3OsvJ!gq@$0ta|9vOg^B^U_)Y7s$9`kc?Ro?M&zCGFG`e#BFo*^wwq>oOWF);l-lI%R-f z($>KNuUWzYn}x2Vr_wNq0m38AY3scj0Q9AXvo@oFbMnIS1e*zVvwqRmlXwyn@R@b! zCYj3g-(2z#TFrad7WW8rJEk^AGuvc?)_P`NU336O0~A?C==PhiTUt>?(5-i7J5A#@ z>t+vigRf(NjHzT6rU*8}8SAbB&T^m2<)Zq;cfX@P@yTyj#bQBy{m<^JW-Az!lCrBj zCSk7O1i)Rr)xa}9zOc)0U8mbdS`}xs^SlSG`hAtj!c??6l3oU-y zI_~zmSn%0CySe-h9+j_S0qIB$dIOk{fTKLfej7ruPzK-(vu7&;oGF72oamOzd-y(Q z)qd`dIw^dMI!b>toUz_e>0w1BhdF$6Q|J@h>RI;>P{Qq>rk(3=JHPurKi0`_yk8pQ z{6Y%6Ws?qI2xMLM2+2-eJi6wA* zqXW*fp1)cAno-fLT&qdPJHhcU{+aK)jL^*Zh|l0EpRd)lX}72vGYm(nIb8i*Znq@2 zxvk-xj&q11d~@uQlHKM?+~uqU^P&wn$=#LU8m!!v7RBv|C9pyXaH~*jhfHa#P*fpE z!#QB`u4)a}V}CCMLtB$&RfB8NofeqZ>2^neGxJG)4)g^e9jK1FfT!aUOl)K@32a{S z`(glQX_aZ8@GWhSiHfv?psxhxH9r8p(CSMO0M=T?0GyH5*LI!(BI9U+OzK7yKo5g(kb3FLLP{0{NW?{%?Imi=ax>BAB0FpD~!Z@MKX?%)a+Cd<0zq%A>t+}v_j zgw}7h_dqT$?hgClc zz$qZRYy(P@QRcNB1(L^H@&IpFLECDk_Ao(l6F`^emWFdCU4r%%~B~Hz$W-D)y>1fVEY{JAx+6#o>uNlIODtt2ZH%rSvA^x z7dAVjVXow$d`%Ux=+o`MDsHo(zk8d_^)&9}+czyeT70ooRHxaG0F>X?{lYYA)G%f* z9Ss1N{>uyiqz{v$se8P=G^Nz+KXuqLeY|tA&_T?oNPo>fT+U|_1Z#<*^xyuulc^*Y zwYd|AePB|LN4TqsJA=B6*L|5a0P-gTt*|HBUqK}WyVd=N=rP0eKT7W)(tWBkPLuHv z2U$m7{{NC6Q-~|Gg|0Q%P8rr)9@s+8haDu})g3Yu?OyHORbT*rV)^1w0V6K3G^N+_Rr`8T2Stm}%Pkn|c zL4O{T3EFDD16nXqfh~<@;$`PWQ4Kb`acMYZ>-51Z%xx?;4AdDkmZ=SKRJ=78=~nMt zJ*mDAu)e460d&r#2-d{mG9>ULKk{kyv5$T8+N&YbLFIuW;QN2%mSQTFxC&)HIq@Jc|~Bk z17MkevjK}0z~#I#YvBO91e9qygPKuY4&GMf>~%?sk86~`r$6&?^~?Y07u3)G$3LU4orX0F5RJiHvH(rBG~SoR7eNT_ zRO_$QID|fXhLI~!|J#v5PDMlCM=}BPAD06_Gd37(4M~D5raNq>JiikPW%4! z;-q^&>^|B)XAYJxz)>JgN_^|}?;I6!U}u4!Cy(f71TghG5@eQtLe!=yagmPfFZ*;B z+E%T0Q?=V|y`bxDW0*Q<%lQI|4U~NzG( zHiKp`oFBBLjQI;}tA$w&YCAI@>kt|9XironUO?he+GsM%vS!lDi7)>p0pnA9oR2dd z1L_m!(PmE3q|*Qf%R2X$M>^;0L#uk3_M5%Zt970NG(K0?DzAByW?ob4`g!A_I%_;r z*UGP}!{YojW>yksm?;6;cm6Ma>F=sv{>T5h`pM7#;LQ9{GZ2*3ws9i>&NdJAc2zw+ zd!){xv71fp;aLRmT)B-!jD5U6>lp&~U`x8%e5opMZkWbK@}qN8@8{iD9w zl?BZ{Xn9!Ap1!v7&f+&tUycNL|NivJ|G6AuF_j4kfB)6B*-(osj?) zh#LJTu#-RE&c&S(zzQ3}9jY{0va4bCviz>LJZ@K@1pd2!_Dg~3S1mD}EUI?@#Z_ze z(%M^2-Bz7J6<)+Q--czBMw>}r6bjMGF0+22CC6x-nbOelg~rhXRfbkXF9C;I8)gqZ zxUHD{LUW0B0-4WfKBY7Wz}7LICNpSLIR#K6l}I7K(czqZ+=rNt_^x2^nnB&caLywVI7~i8~V((3&~zHkorX$?*IDxswwHC)ap5`u!-9HR{d1?ivr5P5%ap+PfA$lK zzt4Q`6YAH0^|#dT{_a0pCixMqT&{#g5Sn>e?hcrCrw*;jI!xPSRi&`6PAV1EfwRmi z9S?S^+IIMei4~ljx1IrTK2#;teO|v@(_Frpq~DPipgaupO7$z2kxM zkltfFWi3~_YPXN_tCRg}p-@zZ2Zy>Jy*NLI!%E}OmVF_bx^U>gCT1VzMfOs!V^aSC zV3Wxm6k3j`gU^o0Rr+Xx>*kqqSrEWo=hx4hNz-|;%SqDR64B1=zC0SGt5e#Rnfsnx zo%XM)r5SwB_>Jigm*;SLRlLS@mn(sRYU{atE^&edhv&;BenqKKsj)S9i9Tbw6^CUG0{5=-C`B*2eq6DxXgm|p@Mh*#2dH1G%mlgo45G(YE8w}d@Fx6hX+5jcl~ zmU}*Rq_uNvnEY*95U`mV&2BItwAOgW%s8RJV}jHJZE}Ohq;~peN@#EgvuJ8{F%TrC zyk$}(M~RbrL9NVU@&JTOwv@xOW1j)CgomnUme3iWp8k(>aBCt&<+OY zw;dg(p`1p%f@zJz(sk8r)nGe)xsE!+@W4Dj^uyn)e&%oei2Cb4{K>FIwliM>0HLhd zEujS*%alqLbz1zG%0aWw8xjDcxj^P01~BPxFt+&TpKnGi7By+3pF#QsIoC&((a!R! zaPWj4g;As6!k^PY=a~ShrzmBj!BtPcGpf}0#O;G7l7$ZL8^PxuO;h09?#Cv|%n?D5 znI<;M(9UE3$sJdAU_D|&gZ*z0eU9A^b1|9M@?-lY_}vetNqH-)6p4?q1h!HFsYDUJ zc(STB6o;f+*^HR!2omVQMt%~uhN<|{-El>-2x1CVG^uisWg0tcc6;$A2Ao4Z4soWd zECJddjaTvJe*)MUQM0+)yT383cC#i__5@=77H@xvpoyKHP~lE4D^R<+o2aY3^gY;` zdG3{AB>oPoKSvMiiy#ERf45z254#=ne+ZzOTIiESFTJVgn3NYy(4o?(Wg-D_$vEpnqQ0@co$+Cv>>0Nt;uq`$uKT_69L`spwJkotFi`g5vS zn$M>C`nX(PP0N-oHE&PpBv9SN6KXFs8lF@5p3-!R(IR$%NT!k(e!G_ubU%!~g26uL zbvb=o)q3ww0JQtXYwEo51OPm9O%JoiM|Qf5mE<^`YWS2)Dx-ZIym)24CGEBu6VN;r z`$Xx+!c+9i$p!BZv?e%rTJc;0<;lL8N3$TzuTetxeoQ&YwEmRf_CR(EBPJp`?UH1pz}?2cmHkm_~IL?(X*c!-MskE znj}E`&iv8T2F+}I<;%YvspevC58B3Dpjn^xI`$u^Y6DvM_!VK!qmn;X6)cW4do^g* zpQ~24jvUL|=J*Q0-)Z@-Y5-g(?NtZbY5u7%{Gj^$7k^N__Qs7>SGPg*&9`nD4CQh; zbyE6PIK6!h-};O%$ppYsHQ+8Tzj_k@IHBR}TQY1UOFQr-`wsLMHn>(uoT_=vLADLJWPD2L6e-H=hbPA3FJ8%@(MgK{E z2ubY=A(2eL91eHlkVfbV1NmwX&af0r6B}=0vj0$nCIj?|dWRC~(@g~hg5AYJNfnC) z_0j>t*{4e1%u1w>m281vPAe`?(6jSo3Vo*Jtz`3xCxbr^i~4>bjrM2bu($*;YE`Awtt$bJEiR?2Rg(Bf3AXVYLz?zm?QY3kl(`pF0Bd|EZ{1sbAUw@?lPo&ZeqRFQahEV@|{k{ zw(K?SKD|gTPL5|Ssg5E3pai_pDKS_)R-N>**?WS6cYAs&>pq5CbtDG zwk!`WN8t>{d)>#f9^I6(?Va@g%YQz*5i?S8&GUHgYof(#>9x(z>R`d;^s@Edj1pzi zMN?p2{+*ZWQo^<`*YdYWoBj5ltef}Ja&slEEpMbpo13YnT>!fWFVcQ@SGy3-FHr4E z$;?6z2MBh$2Xj?s7u$lL<{$o%-;#d#NB_0-?Z5VO#iZMD@9gT_ZDp6rz12^rEh#2z zm6fURDjMUb1&zqEaK4-I=jn(Qcgp}PcEE5C&#z0VjhhGfv5)bL_2MswI*4*0o~UyX zf@g*64fvbS7c#yeTmoL6W>IRNr}-0j@?5}IJkH}h$N2a7yks;TIPgtZi0631>AjAQ zl*%myZ%}4hQCLYpH=_tw0!)ZaE_Znq=>rU1@3L ziz{(um_&iK+S{eFc@kl6c^ua6>pBd6SLgHOzo%PHloK=`cdf0#Q;k3&PoALAHO?}9 zhIEY^Rib`-DR6)7t@KpNh+aIp;k(`04G__@Ss1rKQv9S3bk(U;`}$Cl$fo~LE=-70|qzc^R?TSZ|P@d zmE6gcIwyrUp6~hY$LZBOpGnJ0I`p$W|Mq_2d%rXNt{?ra=?lO8JI1TNHP0+=4#&MS zwi+wjt<_i4-R9S8G~SpAg^`s-M-+RLLcOvk7}_B-!^#p4Q{=tC90oDCB2S4io-!-7 zN9kqf%i@pl6mK=@MOYs1x(1w zCUwr?I3g$=MKc!JOFE=@|6t!1wjDo=6(+x%bH;KCIQsp#223eBj6O~I@%M~pCTYNk zc>?!=SL8oU9V&iH!n%~rduBvb(&v_R`Kg+Tve}i+UpZB|+nTwSmQ6P7U!u{^Rnyu; z#WGwh1rQ)26z?PM zG}mHz1WqiO2blttXS-M2sPKB48uGj@ScZV+R!lAoc^tb5c6;yYAc|Efp5-f3?F{@5 zCFEhL!ykdGSvyPd%ysktzr4=kUBC;N1}&>2;)?ml@4Y;D`v)vUBBM=Mol%DS_|R3j z(ZEuUt=Ulz$^rB7Oa=wwgU0x2Ua7vOg_}>LaDHj&q(!~QT>~$!@u7?b>d{TBck$c# zy~6yv)89@n_8+JFE05HdCs&~75Q=wF6v#L9lil}ak-DDV-1?m8b6%K5_~rdsC=mXg z|EE9mU!>pr`+hXN^6=h?z^uug29}Jy{^IN?>gj;N=Q?2UlV=|Zufue2?e+9%>z#CW z^^q1iuy*y|?ui;$$kdkWg?;&o-dfqxxHZ3b7C+5@;!pj-^kYB%M{c#U8B&LOvq1J! z-HNNo*Y@3Xf9adWkMs^_b6uYiWqR;XYN)2yITraHhYXCUr zSApvI?nH_QnTz&6);oWd3l^g|l~0RCfkRu6SgXCYXoxK!J}eTyB7Mp2I&^b> zGu;L3(h{Ysp}=4MM}OjKDxPDlIKtl_d^kslHy0F&qjfQvU9El(=CI}X=2B`tEkkfP zGI7p?ij&k(6g-OeQ8r*7O2IPkkk>aV0DC-fUL(Go<%A+_=s>~U-iO-C-m$~>e2Z~x z5go;^xc&Gzyo-WHj?;0aB>Dz|2+LKJ^Iis;Vflmwwh72tK7{1Fj9hU@SjCk_U)yrA zaQ0L0eS36G*3T%f*(E@GcYE(SEYuEy7yU8|%VJ%{d>${H1s^v-U2RkD46f#okDd0% zX?^KVdS&gM^wBO>$>$4uU0K6#%hGxMjr8`NUz*<2VS@cL`iMRsCS~a&1y1YVdATXy z-m)U@o7=*B5yJ;pEKKky}2+6Mp1c}bq` zX$BwO2BVl5NShv}@t-JhXxo4scI3_ZTGZ=x@w>Q@e| zFWeP{A6z(!m*X)h?qV>U4OLFYv@n)zjzP|j&WwmfiepcVoDKTsrC!b}b?xcKw*SuI zu57~bPhWZ#pm#@ay9oj zD%NF*x>9?Pc62!4G!f-E7-jm&DNqzXLtu;2#k7bUzZT1k+?zl*nmdGC;La~hgXQt= z`&iTjfeRen!pIUmAPsCIJUnk}vf&GW-_5+v$yq1;o8G>rVjRppZz z7aX2{kezOiWt0v?)3#g`&ftoYnLwF(buBg19UYwbi7A|m@Fvw0>BZ}`d>-%k)T>Kr zuh*4guT?C1Y4;oy`F!ug^y=1U(n?$H?VeBB2IB4hZhE}))pURL_4Kw56Z~-d=cNRE zeratgE1FJ$llga+rKS$i+ulW`ySRaIXYW8tW_?zqAYWhEOzWF>^sep5+Fpw1j{H0i zw`a6J#1k^W{&41R>gE$6?u+<&8ub%0oOO*DkDvcH{+S7Thwn*g z@=)HJ*L4u%W7|E|kc$oYcHk4pFi$evg`6v<4aAjvg-e(1o$b_=OAQVwCRl$5!dHUX zVpKXlr#<9Aj*EV&7NhBB!lF^x6nQj%JzQ+Qe5S^gg)W2wI*MGb?sj$V%zgRAFI{Vn z6M4DvP%_?QMc=-G=VZ(F;}k2OOA6dz3SixQQ2K5@wuhH=2+ooOo*lVBxP3$CvE;e1 z42YT`q)`d?{GBF@lrNMm#*f3Bl{TJt+B1Tg3zlNHL(Q!V**tP8{ZODYAZ*imUzsa% z+47dkvHF*AILSpvT=6Dn`Ou4nKw1zhnFS^#q;3^F|g{u#j ztF?5MSvFIzx&M$QG+;PnurEvUB~3yq{iZ1oaO2~aXV56?UjZuKQ^%}NpkHiTydxF) zc;w(RL62;ge%7jh?yI;lgqtKHA{qf$rX{Y^Cexko2Z7#olexN0UxlsWB z&j0g||FQJP|I7b4eap9e-3Z*(#;TsHT4Y)rcN!xIPIx%z?4`#qKT0pQpW1GWM;mWx z5#^n1p#kNq!yIQ_~0?msD&&9g~$s#Fwp4_1GP zc5S_*H*)DzWu_idS&*x2MdMtB_I=r4)?W_ z<~D}X!udA#dfDa~6kz%>`(T$Dg>OyLs+95rdA!@}mu^R{s?*OZfECM)Pqr%(m@&{R zDk^E83054^cTP7O2;$V4!$*ij2=HrPK3oYy9HlVkuRVCFRrCF{)p#fEbwAR*wz^6k zfJG5`4c-J{!hjXN@_M}vQw&&@WAzrw6mLNfqZqzI8Q{3)!Z39>KD5j&uS2J!!>DFqbPYOd?j3pB9e>&7kSanR{JeKKF z9|!4$4iH@1+_FReH~?@S0hc~c_urGtkglwq-;&SN<@99#7v}-GgfRySyz=N?`n`YP zN7HZm?q8k$!cY9Q^cViz|DHa1{7lx(>vnKvuiu$NEtd#F!*%44!2opHBg3!~Pqbt`_8*&+UF!)$Y!6*uX9^Qr` zeu1+UzJf25%9<5f&EPf2EaI;kuPY$Mu~k~XsVk=~4jl{N24_G9UamdN4hg)$4K15? zVHCi+nM2PHr6=eg9zU3Y_*9?a%-quhmoG+;7fB0Ab(exMo@Bi$ApqF4T ziUJIfrFHXc>e}R6tKPlA+eLKr)LQS0q=FnoZFvwJnE<4dmB2eJ!ojAEl-giY-lOu!yES!aP2l!wP8{ zYC)f%RkYcaxwD03!v&2os#_DR$FB(Qu51P#g1kLz%4N!N;mVfWTD2*E)EpXdFReGW z(v$YjrD{!e%PKPP54>ncu7nQ!;yS67lhTOuPrasXwo-;5L|=92$#>CUIVl@O`|X1dr8JOV=e5^Tv%Zo(-1%91N3OcfW&KWpasSRg{eS$N+)5nS@8!DE z2&=*uyHC>gz7Cs{#qyoiSJUR|y|mljmNNNe>X@JBqpjQSJWm^|_tSNuNcU3VT%^Vv?@ML#9Eo{ppfrKh-)$clr;)p=jl=8mX}CLh z&km`XoUbULc#hF2`Q%a&Tb#g$axl_D{)p#`xS|+5PblIKoZ>UEk849Q|4}?#A$v3) zVZs%iyuZhVu;_@qQ77~c%bp?(@}E?YiY=U29#>^?6|jMaqP(aq_cUQq5GV%{*s2_+ zC*hgUmx32%GXWur`&Q)>`L5I{?1MM7rTBeW4ErI1;28CV;+Jy7MLaNsl|6?t*kStt zer!V}uUQHS2kt{yr)^j#LpP6y<}T2OfET!Wy?lE>0Zm&PDxU_8)U4c<^~lGv)@FwQ zit@+@On1A%wqD|a35l@2BaIO4@lt}2#e3eoy^)V(aA?+-)1DN295l5EVW;y+T5oQp z2OBy-aQo-xiqdZ9sTL`^>A|}EI^X$a>Ae>}Q(9WgmBQx-7XF?8%3u0>>CgZ8Ur%59 z>;KpJfnG5L#)<9y7xr0|;(1+4=gp;iX}_~A<@1Zw((VFw85F~_y-(7kjW^PMeO3OT zM;CI#Pcv4{zxvmGYq3~)Ka~QfFrSUBqn;%StdXj{&k{!TaA$a{&b%Ei zv;cql`|9}T)%mZWneNFidtH}?U<;7X7_ zxN>(IIrfKgf${9%qx9P5XVY5az7+8DJ!GWS+fE;EOXpZs%QO8@+y{o+F40GmK$zjaJV@!2ax5s$yMjLtY!(X!C#yGQ z*|9BU^I0b%N92nsO?0tiN@5v3HwqMm(76E>pipj_Vw+Cq=aea(vAn^8+Vgl%NB+Q} zF8`OgYYYU>T=?`nu8c((#sBGU|Gl&>zgSDP&9pPnwk_3(+>7AthbIXIMZ)kcu^@a$ zopE&m*XtaQi)WL1Gn|ME85=yQJB0D^D_fwKg=edW)vYET?g-lObbK9_m&20Xt(t*r z7E4%nSzM-282dpD`?CE%_qFrN#sKzTJQReC}f~?n6G_ zeOK0tZ=^TweslU{`^#y!^U=bzzeL0-@bHzp=|B7fKbXGj^S>hf2P&1O_(XmvxhRg#?CzhY6i(KtyM$}Y<6B2KZ?(U@W?_t@i%hodp$Im+jg zQos(`GvCNw0tIj!EK?nrvx$>}nwT$yP!fwu=L$ZG72E==cyG}ryv7R?LM@8cQP&!- ztPY_R;hFjlB=FT`o3`0_C+*0^Mym8xP73GDEk{K@894*U1$5PI3TUwN_YoK_^tur3 z7?CZv4z@gK&I_+_lnZ>g7Vm+>^Gf|8m}=7To)iRi+ftpI-T^Q^;Wh;S&&0X1nX*Dq zaa?@MF|fx2_{5giXb&(VR4YrVBOlV;!D1<#Y5$AX$2vIfj`?$by!Vwrd2ZK%{6jz9 z|7z;!0JleS-?4PCtiuK8U(ehSzQuq(_idj|e^j6E`fe$nW$pZz{`^nf7;1ESt@LcC zm8yGkPqn&f?q2%%rayQoS2r)ygV$EmzxVt9o%Dr&3@NKk zWr1I$M-D4^wfO%;cvlm-rv>gM8Dp$haWluEw^@U(2A#6jk^*O@K(lhs4#@16R+wj| zVOelC1#}9J7U!PWL4vpCoGkZ+{_bqT+@jP{;e3layKL%Y3NUeJvdCWX(xANMYJ=Y$|W{)ipT>-Z5DX|CK}(m_KHwT1qvaB3UA_}%p1 zl8-m!;}hkq9uvNE`Vj}{Jk9Hm`XWBA28>z^jz4iXGgGd>$=E$)z`kPzMspr z#w+XZq?fHVDaJ?r*vjwbk^|&i}_RU>@L07;~n;Z~XkPOz}bS z{I~z+KbUh3R|gK)K-;^|((Z0Gt*vgPNB7@MU--cvkfQn5rC!oboJeuJgF)S>O2XJ9VgIkSu<=K#j#5lgwdOk8{7t60=5OMgi(wVC= z{`;5(PlA)Mkeo45OF#PMbE$q-E>9<3m<4i{ki{9cBMC}%IC*)$yR-I+l;uyXP2*|B z=ORx6G9mbuvpvP?Ch|E8%j!IV4`+vXdEf2B7pAD&ti7Z8$NQy=jmsl_S<{>-P}lBN zWZ;g;d2<32+h7pxI*fmPG#@mMS)Xmj|UyD_c-1t>ot>4q(Ot0(B%@1k7y$0K? zBNWRUu1d(`3K^q-u0}iIgYwsDr}jtz9_7gz_e-)yLpfkp%~>Auy45xCQJSkAx~0ty z4+sv!73*FPih9b?+<;%qA7u=`j3x#sgB9rs|INMKNLsk-UiXQtJny83>z_*Rzx0D5KCD`*);0J%?^QL%4>3oy?J3|-T0)5Bl zzctau-}c*o!+A+nmd_{<++!L+nB%Ok-c9$HzB$z;{LVZ0SUl>-Ik-xrx}}bHzLxWx z;3-EjX-XL`+c1q$JtaC6c#A2W;R$L>D4<76M~yLQqRya9#8E==%+$m?4v#p!4j2x3 z65k;OWpnT*&pG>h60fon8UG5pWNWwv8{Fajix&E+V=gwXeZeK>-ZdkdNwm?|O%eE03I~?X}99@oPCSJP()~SGH6*-?%O< z8*~~9a6k+SHxxi+kOisy3$9C9x6^-D6gh)0F9Zfj2?!M9!bwTrtEWJ}r#@xW54lsf zh?^)lYqGu#h4DNv#hNVw#3+gh zMHp5205xCD{U@p0=O9CGFnPG=t;@VFNT7b3-#fno9Ey8+kegH(hq#`yG_}=wmv_14wu_A3tAhB)dH^>$8vRTEj?WM zoW|-$jI86yb9t_cXC3w9JV?zXh4TdD7_Z02b{1$GvOvUr!)O`C`b^QRb`I||e&TtZ zw@hvf#F>>oxfJ*XUm3qnE^#y#-j*xAJv|iW0h8FE1#wYkzzXe*5M^d$xu7I1WXkQ_ zQsu7scHZmLUu7sMu(%XJ_FdH>q`Q*!%1~0^GAYnLe3IC;Gth3!o2HayKCxWACu1WH z-z-Cs0;R&aNR9IT)=|K%o6E@|9p9*K$WP#wS!zX%^!|&VPq=&NYOD8oLI|WL zI0{v+xe%yI59@MYOyyWr(-s6+YQ%C$*pNg7+h-NUk_SR}t-u;TLtM_f<`59;y6NI!I3xt6iPY6wZ_t_SRSw$T?i@5ypW_9fLj*WNxS!>PonCpukP=@BFDxzm|ST7R^8S#m}dAKKuF{s8WJBLIIeE4fc$cqhWb@ zIXznWW+_|V)M$QjA`osh`ePPOjNeTxoU_1C?flWl>~TfxTI~&U)ez%2ysqe)%J@;% zMEGGSZZkF&)eNuBD|w_)@QDn7F27I3Q=|&2lO6w*)g8e>xA_c18j~E z^oTjbu-(QJ9eZXDqv0r?qv@CT!~ueJ%{OqdfnR47Dsv6vO+OXz#i7%w&@MAy00k<^ z{mXvk0$`UQO9~uM0d|$I*WNb%b|&Mt14mS+1B(r%aoD=3qb+5ZbmUw zPQ;d~547IhkY)3GdEX4l;x|}hh5#^)W&>GKl9nsRa&V`+%V9VyFI}798*vowtQmQv z#dWmgNuID;nl5(Dh5!{!WIA*8hi-+8D+VKq0CAO+M!)dsb2?rYTs-s2yx$~VWBDaz zZm;V~Pb`N&eEDTl>e6+t#0>~XuhIWSt6p-2A86hY3x<~0ZHiSQrEE@v<+QT2miAln z4X(rMR+nXY+i%PAx06;^*HWw1NzHmaEw5~-EwWZ__tR2iHErmCEflXiFZWUf-_8i2 zUX$`m5e-eGpsgXXf`jP7frz{EtJu)?Caj(JyDTi>1_R&F`Jqn!enCG3c7Xc5U!AVR zh7b(RP=fQ^sLP_cxtbb>_tJLjLmgW9(XcP-Y6n)?pagw-vdpgQkSbHA^BY0Qp4Auh z1SU8@XX>eEhb<>}Agje>VN& z-I|W)jPmN6W4doT*c+DOioVja`G$4twQCO6_3JFo^}j0I&pUQpee=zLQEnY?LR&6^ znx(?|BB)xzycQHFt((1@R%@@zm(qa_2%PQ2-zVe63EeCPF)QsnuLp38IGh&NdCRK& zd75^f>ebW`EM0KPXko$?fTc_x30~Q#)f91oL|pSiqj~fA;+@UghXS3aAUKUhDPa_T z<*=GQ`{}QjU|3I2pM98KZevY~@>G_*C^+;9VUw~5&j^}_@^{&8V<|*?QJ9C&gb(fIOM}h0& z-}$$F-*31UewtSrTj{ks-)K7_y4nqaTcEyny_k|w;~L6O7V`L;FyNoBGv`@aV_rVi zI$#z6@2tL+?ld?gaDAS&O@w9q!xkpxM#*>#oJMNy${q1Q7Chk-kP)RQ*May)Q#?;Q zdaBE*t`GizS=?kSvN2uxj7Mi|z$&);;7diGNM2XmI)cSQ9^>CCOOlke&Q`K-qCt$L zOwsIfA5YIRTYCOAtqzaRz>VNFKFZpe1p-*K> z7zcw-G)UsyeoSFGoWuL%{*qsbvbqTr2*GP;X*2Tr<_|*w7wzyILx2mxF+dZ~XFNXA z?J9v*NB-gOLirH3rMAGVS^=S&-(;hqZOHmrn(!?JZKGb3;;c=#Z5D$Dz>=MwHf}r(@S&`#nz1^7JHB^#(2NOxe?z($a56LY9r?K1O4G>I;aI$GUTN_lb)$at8+R zm(A4&IwbHLWnrAVv^X)aGiGGbH26S(XjHXZ$9N1FI^QA!> zy`RB~XKQ=5kW22MgQw@Poh~^%sN!!y;89Gw`1^ywV=0_h&Bex!e0sXfaq;z*HIx*X zM1keXE2$;JqQf+2S1*$)E8|KEoPYu*n`tMiEriGq{&ft|Im*FN@}-!uhf& zUDh*`0+*?51`!Y-|d<*5ceF8V?p?p(mBT~YriR? zM^M*0eW)$2PfY>Kc2}&9#(gY?z@3*AMXf@wgWteX^^T~#tOE%@vcAB%2U*C6B{6~a z1buksKImlWSw8Lw^ZH#;k8d}298f?v>Pu-?^g~H>ZGzhILI()0H8#_|l{aMZ{Qjk& zzTbUjhY3E|cq_ei=a*&Hg_lxwS;;vmQ1tKomww`>(og=xm(B_C?8V>t%`>$HVGjBffIqY;Wi#T(&q462(+=|9}DW$t8pmo}O|4>S36w#)b=GxLBrF$B` zI~vcil4gO?KPWVLzNk<&*x6XDv36~3BRyF87VSuRcu`eOgo~nkoFi&PPSwLD(F=e2 zI;>Y{R*Vm7CyHE3aFF3%PiGE@htw?I{We$Brr?uQ2G0?f6mKD(PJ+4T3_f@w`3M=i z=FXmvekmiFz{mJkT=RaicohshoX3fK8F1iI**N@&gD2*&j@Iun4hvKqj@OkxN4e29 zN1ahuk#i7`m2F7nlMZ6vNhs z+Zt+8mMzyFYJmL8u_Qpj#)Lf-aUld8Td>S7}RCKjGGDHUJOipP`lqol*|n&H*8PBWC6h(EZbUadS8o9awU_n(hHXjR><-KlXrfoY!)mQ zY1ZYIqut+;`x#j^qx{z2P>5C;6ez~?F#9(HoCM@Tk+lAftB-xG8ED(BgL!nnj^}~Va>B|glEPH(#pzedbs*I zIX-$#xM$k)*`?=}TGb)4lfsftv2SU?(|CuC`@%~&*9S{#dsm;f^A7lstfa+iOu;|S zBZx=o%(tg;pY!HWIuqx-CF?9h3JUQd5KlQOQk?NW=WW50fNwdAAgmlkNOKtZ)v{+_ zBZV?tJ#M^BQBRbne&UMUOHm_m^ZJPnJR(oT6`wEno&}n1Z5?MRP!bs=v`RNK@VeSMh=% z1dmLnJW19gu#Ydx!AA(S2-H}~Nl5Ox*)|c<5S2jMCKHC1d zOKU=33ZKV&UzNpXx%KqYh(70vF5AEJb@9_YXEG1Lq0IG#=}gI57;c-a6DnZIWY*DG zNDr;0<+el0Xe>Y7N*dQ4a@C;)CM=|LKhokCnId{1UZAJKc<=DXznjgabbsaR(^}k4&&CIee956N*YC)u{$t|_#Hd+PDr?`2Tt4k;=L`o21`kmqjkmdS*%wW7 z9HF{+3%t+*ieGU!)tmF8sNd5pgXhX_Bi?xy{L%QR`p@BbHtvrE?HUSYFJ(Lr@FwI{ z9Dh+;z$(J^`U0kCk}cSJd{&~cXv?mpsNW~2)Eo7W*Az8g-F07z=BE6IZ0_k?Lt zjed1_l{Md73ZTTpZ#*t~%1}~ZktxtUe3_QDD8~Xx|HxT8i-$P}0JBqRP`ao&QRkEj z=M#~s%yd&I0P{tVxs8GCDmb)1n6YJr$vZ;9k$~VdDgH>ttBsKOF&zOVO_G_W7g)>` z>j!mFE>J2aYZz9yL4ry5QRb{IE0&Ksi7UoWhmB$uWi!3x7Fh!ck8C^E!Sr?(pebds zqEj<^Jz2(eJ0^7cfqQPfi!d7&_g+^fY};!a!X_#4E)=hpX^3KH@G|u(`BH6A88R6q9Ee{-?TEKWSz`yjo(DWy^4UfPq(i^~f5u*Drf8Llq{F2ld`b@S7F zmA%RCGCmdxLvfRP_y~XXu8*navO{COggLj2*5R*MNoz3(D`_mGQAT%UC2a>A#-WC| zW6~H{)7ZD%yd(d)pV9rwl{LF6fB&(gF1S-YZK#bj+IdK=Ru>O?!(1*jby#4G-z>~B z4v~-C&gKOrXlFb_yov=+@vKl3!~5U`!GDHniXRO_Kv^`;lnq!uw=lTFg86&{rVT`^ zCmLtS#lu*A!im2KMSjP;?7)b)U+U@Nlt6PcCLyh z6I*F1$*Q^kp~<;S-a{NJ(gB#X1D~WQ4*Xf74+<1-pdoM>KO_1j6wdSs3v35HSI*>A zxL$Xy-i!3I{Wv|;0fPI_U#Jf*+A2(aUt3M9&CRq_cYn6mi()0V;}p0E|IXLfPxCl+ z7UWq2r2j4DV|F%7H-^Ktmi4fV&iqGnxFL&D_$KY?P}FeSfik*UJ4_q(cT)Y3L;9{R zRN!?3U%2vSi2wE1gg3mdF4t0ZjWzd$ulPq-?lW|70g6^!i*&m%7Wf`x9z1t!?1QO@ z$6y@||H&1_(ca)#@IK1t&-p!AdAz$siD!phWdDr)4W`!6wh#iUO8@*rA+~Y`ipJnc{Hpwb?8&)59_eJJ9lmp(qlPijYuaN)@jv*ljeima8ZYw+EE3XVy@94YD=>12k$XTah4-%Z?C2i|;z`Py6tRTx_hTJM~Xn zp0=!?_Yd9IqHX2o_aI#Aq7m(+j;;>l<65tSrwhQO(U$RG?L?Vi@2;mtdxLJFxF#i_=9omb(bCf|9HV=9?za!m`SaGhZgj?1;pRO{7@r!6&C(uxj8?blzX zid;-BHJ8)U626=V>0o~^9kjq)i-$U0uv^$21U%yfn)W!a&FZ@b|5ami+znY7b>BHym_J88YH zE$l0@Zo9MmAgxFd)R$6YZ+ABxbe^RD`j7va^x;RJq#yc`&!=ztmQUv$Ro-1|3Y^uy z^KJLjyzreaK7z{*4#>h{_5RxH>4{wOm@<*En;kNj9fXrKwi=JKRbM^V#c$k_IY}k{ zQ1;nRg>gd*zD-kxc00b13BRf9kX;sF8JDVBR6I0ZnJZGAR|~e?s4jROt|x{}ocd|B zeL0UKm(t;P!Jmui9tV%kz+`0eOM!R8lMNpXv1uQ5kgHHuPZ7xDd`i~b@Hmy_uLcY& z!@ZQ=kPH0P4zBi5x`(_DuS>C3W#HxY=Xv8U%KP)8e0Suxw5J2JHch$m{(`&wn;#9W zf3r>~-Y-hOTxUE`i0#W4{7H4yxuxCo=w-?GKOhXHVoHxOF6lFLa z1xkhU>F8DFzNQqYYI8hWE^kXfpy6;5RtYaZgg|gPH6s*VUdV)?OmIb5VzPW$O6L&J zXzzHvh6A$Jj6fc<2G4{%w-@rQxU>byEf+v@K+(R_2nLhjlS4L{G_!48z7GQ-DiPWUz6Z{x+HkBc;?j9I7Y z@I)8vWz#Kz9R)PXX7ai)?-uX0sa|WUU5Dlt;?d@()$htDl=~>Gbr>F2YLK08muC-Q>= zpFiJ8fBL`qi|KFujlZ9M&%gb>>HB}^JJP)eSGz_3bPX+YPouzT{5#{P871`(eDS-} z+WOV`1D@8FGJcc-jLaL$_cR7J(yN=FO8cGd^knw~joaEebE)$M$IGmo^!Z(pyJEj|kcB<*P7Di1X6)<8Y@@X|Zig$I^GCrVX{iH|RGL0D&N>oh(h#d66&FioOnS?Mn zqiDrCSvGG{BHvXWtiFOIdkOaKK9n+{%Fzw)lSJr8r%nAD!-A)-0Qy&}w6z#yz1Yzt#luH5<*;l*OxE6ww@HwOrR$?%KNihi;i710_84gI1Fi(j8ey z53cZlBl`UL!3XJ$t#6Rqi&tdn?CwsW$4Ns~2Z^m}`}*ec{j^%YBL#dl?d|WT7wr!< zVoneL{Ga|p`on+lzfJ$(|NNKfd%o{irSJP)zhQdjGUZxPV3vR9&CRv+@BiN4nSSt# zpHJ_6_VsJkuG@?(hr6yeH$(#GSNLOpLwg6SX|VkJ`-CIB_!DJ6!l$B@8&`aHD7Msw6Iub zQ7{W7Bg(_Q_Vj~q+zM7oQo%wXbYG0wc32Z|iRY6GWxyWFaL152@)e3(3E~k%Bi`tk z`Ed3=^!n&mGDUk_Kt<4mRS}O12?>rm5DH{`ZzsUlR(~iX6-t@hByRpD{aY|xmn*xJt^n6cV4JJ z+s7Bra&)w<{cnHi@29`}rGJwC&foY)>HB~8ccg#yyG#GhCnn&6XAJ+&Klu}18e;mJ ze)F$N|LGt3H;2#V%{8Ea#{bP#76b|K2_N5Cn!LC6C~d6VO^sdteczi;k?{jas{yt&28fsIa9=Hz%$+ee{vqe z_^q8k8SggW*%xyKypHj+4UB&QOnei#y`f8}tiG%w>W2R~KA2N@aJ;$qISRZG zX_T&@!%P%0fn>5$?c68*xgb+%-)EV2Zy&{gLT1>ZYz}Yq8!C0=Ujn zHdDsw#GP9EMTb~&xpH&b=#o&=q&KXvWP3cEXyyN;nk8W$wE?3j;2 z`sKk#X|1u99w<^*JOLg)ycc}0N4Ztj+7J*_5O}mX_*s@@7jpxqJVQLCpw0vF zEW)Z@%^w`CBK#<)xMSuoIn1lQ>uVu*Tb6Vi)i<@gy>0W4tHo%(wHNz-_#)4@idzMZ zU4F}z`So)al18*8=&?_EI(A>f=q&sf|9l`F>KjHsWem|GGdP`N-eI&nS`h`D7# ze3B@2DtPn{!kH<6bv271LGV-E<@r&H%t^tNzmpQi;!r%gScfp13!N@7qKqU?6`MN@ z7X+P_iXSSQ;~jQk*A>qwG-X}e8&-Xr(OPwb^bs8JXBkw$}?6_fJFXm{KLDRr8 zZu=pyzPQLe?vZ+0P=tro>pE#b3#-j$Bei-OL$h%m{sdnjpa_Py^kpUO!LP2MCB|t$ z9(WG)!0Oo-fW3s}a&4_e1i#_I?Z%&boW+j)Yj zrVgu%?Z6gL?s6Z`9y=aKIs7Qs5Ki?63`uZCH|U76Sl)Z1@bD@!TR=c{dDe*Uk%mLm zE2tXP5h|%>uAe0!Gvu`+DdWFal3k1rs& z%MM;0lrkuxO(8A6(XN!<&lJ)Qe6RaB?Y6hlD_d`+uRW7<5cR7c0(eJ<0N%3+V!PAU zA%IV%;GVCWkNwWB;oWYv?EU)LfBKd5$Ntb)(og@*e`0PnaJ5l}>rVmR%O$xtD8n_O z04zddF!8!}T=Tn@6v7?D#bB*kt0}cs>cUA_xnODK@YJKqw zU4aFsHowp+OMY>0wLhExSxc=Y1~2NbNMTLz>Zm_(^f?HR(0X!+ypvONSkuZ=ZdTef zxU=J1gC|weDq#jIF3fMF^l(ZQZC+U-jy<(jsokoPhGP7cRKva+_#eg z^Hw$o6*)YRcOJdYW$aj4lbm*=lebT7a2Nwhz^c)~ps&te{@Fam`M4@!3BB~wVx$AmJUw0r)Od?QSFQ0*qLxIjW& zQ9&1Z;)>vcFoW>nLJ~?)7kG*=$sfiY6 zi?D)*=1wA`XIzFL)XvC9T-+Do0N?#2(q=?Dzal91^g;NY6i7$e+-$fNEi~=PTAA(u zPP4uwYvQ^K#wL(L3wbqG6jpkc~z4aSu3kTRKT;V2cn$R>rfl=wr1bX^K*Srx3~u0!t? z?lH(oK!Mzqbu?DhtBsBH=GHfHjrr=bx6VjncpKys3V9@bv4E58c(Yx$D5tVB93{979cGSgtBO6wlnW`3#o23~k|uIrs;7 zGV;TB;dSUz`<={gSbRe&TBTc}Wg3XTGT%{d;VvG*N8=)aYw(Lu77uxCHV=pf2c0aR zz-8=DP&g}~t7rLJ7IAFxeK^WG9#KDK^sl_Z=bhItHO2oG2kfZd_$1Hb&C5&6!+6r6 ziNhd2JDjk9rgm`)DXHlvbKzw3GFd^h2&*{*WQg|C{tO#kX`TLxeQS%^o+s$V(`cYI z1PT@lTjcP|+mxpt#eu8=Ygp{qo1PBq-RZrX*6VVyp+)Xa!9~}xh3A$5ylI=`AN?2L zN81{)<5$W~Zoj>EE(zb#iz%o2fX zLxJ7C#zI?Y`O1ajyk>rz-@DK{ZWC~A)@o|XFkcIx+eE;!t&2;6<*IyIX%*}yhE;8` zW76rClb7AX>605KbBFBHWKyp`i3xT;ZIXF<%=5|o^s;##6PmJ&hS5;c$n#8xa}g=0 zuQ#8FQx>J$EEwK5qm%#1`KJq4)7mWytkywl$e$z!%Pnb}@1ZydUO4D?6v|z>FF?WC zkfyn>gX(%Fp!O6e>m-$%9dbN5{A8)RWlBX>u{($IW7vNxt5{iyDOAFG-6VgfH`tffUH5j0uHw=y64l zP)OIMkX~x6nX3+z9r%!j9{1ODa>_-3V80EHO(k}Op+;f;R`IH>VR17P8;RHK7PkI?mU7~UkiugZ^3h-4Or?H z(IUO4gH6F1e&e`vlPTNP6jR8GkD<7Ozty!H2n8;S&?s|Vi41zc$axsh2#}9@0=FQK z)s@v5_>(#CGgw(UD+?e#S+F~Ob#1XY=Wmg23+=+E)0M(mye-^o7h@N)A{nsN|3vRaOqxzli{JPSKbrp5zxcDKFIbi+DR89}I5geP zdhKo7^>GoXG%I%{-)*1k_jM6?U1yl}W(A?XDdzQo+HrPfc%6w*;(qfeP^+xV5>g7F z8y7en@U67p*TGi{xlqIy!bido6I6sEE@v28tUQpiiLUL5J+?nxAfQZ4fa7YGF#)Rp zXAvjM!!{T2Jn3z*Z1KKWep-J_AWxx~XezmO(`a z@+A(Ak`lk55Qv2p$_2el!7Y5RbKt#dRF|b(Ue!T?n^HKh+jC#WgN-3JP=rdq}?5NW1I<@6i;i~a- zQwN034$8zh%V0Vsuu%74{S6&FC^s9s@5@KL{PB~Wa_0=VY3buuLt}ScJ9A>353pwK ztA}EI+;jDvKsh3w2KS^8{7ayX-#E_+UJx))T;u227HHXi6pga7SP18f!bT=zTtO@G zU+Pf+E->Ngt~6I}XqquP;-b!&cX{4`;BboH@J0?x%<*T@l*L+aFW0Rt`Q+EawjG>{ z;vC*Ag&R9uypxI$i}%2YPceS_eYDZbO~-pWgo{ZzkfOPv#fnW?`0e!Hv-V$1P1B${ zE$B~k&!&E{{$N)?87_qaOFAHsgQ)vDQt~{ZR5qW7dS%(GqyXbSdXUxX>zV#?e%N4$ zi_ud@hsc*9w-4m;{d z2@HIcwq`Y@yadI;<5C<>Cf1X>dflpimm5!8qF2D*8)m_2m27Rjk zLs>cXW!a3f87ndlTyhI%7c`^IzyvoesM}hUa*O;?dXUbCypf-01YDkr3g^J>K)x0m z{bl2&2ffGIeNc3ZK`w_Wz)@s)^{6a8d&vz4O{zNSxr+Gj9VI%7`G$N~^KPK*Zku&9 z3iceXl~s|2w{RX(z;CcVuUA*nQf)1*G}qIL++;MWvZUA8*Xr!0o&BA(*ZokmZOaYG zM%rlJNiX-FrL~m}S?RUY?g75CFFv$7EloySc97R3g>zsK{+<7>+-&@gFMg-F+K9CB zx|kHG57=FBvN3isTW|}p($L2tfE>&>Jup7PDDrV~dfuePt(ElV-CvTnTTjzdSv-%p zCpzQnQIWzKKh9v#s2o)|!&@eWh!0*=%u`H5SSr zTud21(~gmb--7}88MX9qbf!rTD`q^$70J$reSz8e7-Xgn(&3kUy4e{7Uf$twAG}K? z?OwTwHvSd&@WAzrwbX8Dfp>3D*3Q}$BUfEOfozjWM=C8jSqNGNK6xp)?eUO2S6*uT zj`qzXaOOi#=NoLu_yh%XcX&wgJfI&BBj{uOs`o7xN{%mC<~T0}>KZo)SF^kIyx5oJ zOA5@70vO$4g}fwVpEkP8Ifd2QYo*`jInlBRCYzldYK7o^vG}H}C*PK3*$WM3H_p( zgg+WN{v7esu8}_`#H!V@5>H&DPb+_s@&EcS|98`0{fGbKiK__VPg07*2_5R1VA{FQ(rLfl}D`xGesmmWT`1PeUY)eUtQZ)K& z6mRc4D))Gv&j)X zo3c^9cu$_dooly$AZ7cz_FJvVH*>51I7{c<6TTAgqd$NXWx;`a7u-hQQ?JhjaFq7= zaO~-K#`{r|GL}O_57n=bdQk1iLfidA8+Gt^vdBSWLMWJ*LYXED|pv?6-GiQF%YLD{ZrWpH(Fa z=b!$mf1*$6-+30D79%YmcNPPm5{sD>V5nEvm~>d6C*|LCtqg2zu*_p;-tik>*TUA5 zy${UCvj&|r2mHqrs#?hUoFVv9xP*c?lFjRfrdEXVY9Tlf zz>WK@)mPG!m+Yh^&eQBcU(uH0t{u{dw?$Kdq{ObyPv~@XE`tt)1%Ku=X)Q3TIDcwE$<_DC|%? zFYdPeDXl4^OA3erSODH6-^~pvlxmfwYu6?$P%UtXiwPhSJP;dv4nOf-9T!9xiTv*ay{f9p$*fScR)oe71`!T`nc>0XOFBUgTBZNN*VW=Uo z4lW8(#k^VdM=pNgAavy*H|lbNc4c{-`1diX!=W_j_7FJzA z!wMS9EYj-|yb+pthYW*EIJdG{-xc2}!@;F&qgA|n2U0ZG(vpP1H>{q%tewHft+~Cu zj*t82jJ9(X8rHT*2Qc?><=*p2X)oW-Y^!tyyVSIYEKJ>1)_Q8_K*hu4?mevVLVTed zkc$jiF|Ww|$l8*uwd*T-m+Eqn(Mbn7;PGJhsRXLoN@FY;*P5HDBcI}gJy|x_<==aA z^{!dAk18H6rr~?79Vxl>Zc9Vhg}2p7hXsz4#l~ul zr9Q}xr%rulm(D92Z|V0gHyb-2$bFB-9UqdXmYI~`{0GkBb0Q9m?G+Ay8z1L^5j=)8 z_f_nQ-QXEskMlrw84(-~d;$eCY3$6=f~dw=5U2SAEq?ZTz*3s{pYxDnvs6w1Q235E zmGZ!L+vohAT$Eu3J_F}Ac)Kk_R?u;}yY^~&zIQra=k?PW$3&Or>eYV7uR(z49d7s0>tU;9Iy^o9RwGKWj1Z{F#bM9 z8B%%2+TNKmbWZK~xgE+tnOXpN1BN50z$&%D%Jqac^zS>nhF{fEDSEKkaa( zGqA$dhAE@7Ia##Rd7Sg`yo@Rw3sy686qKC9G%v^ej`@cjOw7c_+CT|%Rx)LCj{C6q z*v%+TDw*+qvibd3fw9LZKNjtesy<$qiRtHv>_}$sX&2Cj{5rFskIZm!!Rbi9G4~^Q zA6{IICFF{^Q(W{Nu4O-!6u2r197sokb@Kk#*GIjsyALV<}2 z=cs8>{5zM*=ID{~dK?9s^2>Tttef%I%$EFqI=Y?wI67Qax^2<4Nq#-mWr0F4g{0}5 z5kiQWG4UTNgwHmKMPVBP3^k#^GeJR?JcO7SJ08T$z=h;13`OC^d=ckT)~T>63UR=+ zPl3(=BM*xN<4W7{imEancBLrRwGv#V0IpUVvb?x2MQ+oCzJt!ow5=_Fm@0&NUN4gXVE{p)l|mtuyktz=vWFWok`ueJic^H)1gYFBV*+^Pz8xG<5hCEu_9; z+fO4cl(Ia>`(Zd_w6c4Bk!G~Z^6~8XiFf=WZ@}icou23rGP$d&zo~k45Tg892OQEP zFV|2w2Od#JJR{iCE}qFB*MP&}JwweP~oyrC?r5>vquJnk*2P^}ZaMV)=Rd zncQS-OIdSr1@m|t@b7%s*E=OY-4ST%%a>2m)}04weRV5s@8SFUj6a$Hddw9o=k=vc zDQX(#Q}meZBgv(I=Mi$04XP{E4HZ&}A&Vc+l%e_?5m;i~QIJ*KD z8*8=KwYblr%NL_Ki9U&UG6+e0^nb*a*ZEL@9p}6Kug(Wp38kdK4W+=|;5~U~_>_5S zINeyUbL`}rsQisx?29o|;p|mky?^KaIRw*-C0_}BktooR51)&gWL;)E*^aoT2?mPu z%h=lC6G#afYGghg&+m$DC(o<^EdH=)K4|6J;xqZ70DlUUT!NaCVRke^A1AHH#Fv9* zJSg6jbvy|}Ayo7iNI6RhMD1z(>$ujB=b!&`2vkKhAz4iRU15oEHo0!x77!2sgVd21 z%k&Uf{he?akL*|J=qrHNVERT;8XshLPhQ^ z8XWW|1@lT{!#*gOv9fE+MaGN$Z7G`Hm(`UkSNr52+G$yXgwa)Cr0*ATBZhY(= zi#+jTU5evJ8*itr<$LLqo%gl7L{_B+vM^9jfEIq7Nvg}j*~fgxB`lnSx5QW;V9ceI z_@z!r5VL^Cz>C~16BfReN>_*f$xq=zjg;~Q@uh$jNMMX1hD7GhfU&I&F ziua_GH|8wh5NAmc$J~MX#>;@dhv7|@$Dac?_-5eJ=gJYj*Cf1Q>;mIC z`kwi7`0^epls$l(Tkq>VL%^>0pux6|)!L(Mr7b48 zmq)|Jt|=EBrr|k0A!h>bae3L8)DH!LX~3>H9=wORO2UhK&{EQoP)t9Pc*clOaO!9` z`9{AdC9ix$s_yP!H|?1(W)KP5O60Nv9+wMrjxT~N!ZG;~Tx$Bz#=Os>uSSt|MRgwM z`Lz^dL>MJR4lB>k9r56{Qsdyw_eK+oPX;rKQ2ruKi}&Q6 zSk$VlknkbhKa2$tuhRvx(KbcBly`-MROKk^`6E&RJoum>cV&b33JX8;4)jMI3ud{- z;NU)#zbKgHtV9PUw$qNReh=CorOpLy>s^-5=jGaRdft9Hv1y%7O9u(!&v{GA2)XT; zpqQRm@QjhWI@s{u+5^!5i|eylZ8H{?{+-X*0cEkU!PtaJWemrJ1x<&{?k&du;Hl2vGIk&s z@SL147$$0Oug5O4e(H7mTCnRFKd}S&q-b4|qMAi`j2s5qjf4v_K~R3ym3?v87o=ID z1$(|}B^ddFZ}2;dlQP)x3mQ+Oh(H_(&eukxy)KUnm^>Bl3ni?73(wq60y~!FB#*Q+ zcz^KVla#xxJRSKV?Wg^;S$jwGwD*t9Gp6Ce+`$&vMY~uqH}am4Zt-sVJFcE#UXt}s z&}&-VW&BYJ;8L-5s9kYqa1n46S{YMP;5Ja;(3Hn+wD<0@4PL6;H$%mXkd=7$g(1t5<{NjGZ(eAU7O zxPjxOz=S;n%JIqjyznl<;XtD$E#jE)stIprAR)%K0y}<=OW^8Ptd7YaRx!~IwYk1w zKmp}}@}ED*0$d8^B`KMg8>?xxc{eqr@U6*9ce~$~a(O@Pb)Lv~{!xqL^VfY8!fJCv z3K80xyVDrYg=I5tF1A+hq-RpX_xhuX{qg+gdES?T{qE|$)M(0UdFyNn=cxax{X6?X zpn*+!Eh(_r6llne6T2!-9c-NUarD$>Clr7;++BGkZOBLclid$A9=>#bk?njLFM{PU zV|86TmJs7S*YQvAB=X^ws;V7C@YCQaDEFKvFz&0oF7QUTe3q@MSpX|ZZMGdax;0Bw z!P?!~F*j7eV7yGSY{vDGm6d<3L!G`0>>B4b2xqsVb{vI<@{wP4naMNp;mese`MtL- z=ZUI*Y6v=vX9yTRuW(pJx(Ji8B9r=7dB`>?X{_|DN3~L5M(ZPP(E^LvxY$_N!NnK| za2VEcfp@a_{uzzcG}@&gBt#FR27sbDG;8R|2HwEy8*SW@9 zA~>LvZEUj!$J^b*wEp-RZ%k@q!W%RTfdC_7iL%I2IfzPu<{oqbj-bNP)$r0_3D{;6K2}K0& zQS=3ACl69ERF_iI{4jIS-yK;qFUy{-DZzE1gZ_49&G)g~WZ*LAd+HUIBbn^W#KLiRGF+(#WEDM&}z!#%$1Sij6dqylnWrv*f?mB zQT#zEnl>n)1eyA>u$v%b$`&vi`4mYGq<86v|;SdAv+9543d{!Ji{_{5j&U_IhYLx|X#& zZLRvc=5rs+LnTQR5hPPanrz3_1m^X47;gO1CnxURk%_QRgr} z6!}&XqHJ_YfiqG-l1l1IhQ)%ptz7~~gLb@X2SMq#`6y*BD(1`zXGiGj{X1V2VM@5y zhXSkww+2tH55i-Zu2tWVB23n!hvh2U7-`P@$V3+bV0cBSnkh(}xvC2*h{6z@W6~b& zp~4VuTtMR41-sJ-b-<}tWVKqmqw=ywk`?noPrjH7ZXN<1F?Tbd$$G_w%OWTzn;z$DyB8^ALk(p=#UGOm0-={7N3rGy{mwdR(#SFg$S z2M7J>$kNVUdUl|L{-kJTQS2(iN_|!SzgN<3XVL_66f@}aV&|#+ls-)BYyGsdt3w3! zcM)Mv;NJ1RYD5B?V4Q0gZVZXK|-7tbnl~ zQ=ZOwTv(M~={N6fq?dc2q!%sm9rzgaX1dIZ4pvR+K#E;o+?~cZa^6SjLt9XcyeNbD zV0la$EXl@yt#`#)43x(z8vaDp%{p!~EV~vJ<-o0pzvoyaRl!J97J~B=)gxYD-C{aRIs>7Uz7)DLR_Q0mPRER49{hiS$;qCxClQ_ zvkZn6O>G5}wX>9^5xkzPyxI}L-W6-8 zD+b7if&d)Y5^Z%B;6ypDC_F;Jyec20_#wq@#y|&Ab-Fs}Z|{XHn0M!P&|k6c^W3jC z*VAE_A8}5fS@75bzAHuZ#`+y8Ub+eQ7Z(wFa_@n~ceAO(1Ep}D{OdSd&AfL-|IXk4 zyT2oS)3<)=Y`~5w#bKIv*B;qnkF8#Q=<6}X%H)y)mrDWtz|MYH;N_qScfP0J(#Fc2 z^knBlE!b_F;V%}$?qbUE;1EH!023Iy8OLKDK%DaqAOGvw0f0WXGmbky;u+T&HvVgD zwDE^DSt-Lya7AGp(iF-mwc9PlbFiCc1mdw$NvkX_FoZ{T*c-4JKi8MQcdJ;w3?&8TM}hX?Gg&gfD&E!+pYxrOOO*#^qzDfz z!{t$6E(+&BxAgBElqj#4MFDsC{`j)0n_E2<`9EFL!C~&NdHSGtGnLInAz+-Ov(m=% z9{22Y^~tZMznTOeN>~ZuAg;$jxr%gforIsqyRz97&Jy;BGbQ5`=2@$(n35UmMFiWn zd@=WQV4cYXY8(P&D6S{9HH0~*X7mr&;(IH6iGjwtjtVAzNFdg@l5UkrwPixccpLqc z_`m{)C{u$?p-2toGXiKP;P$i(vcLV6d%m;ngJ7=tO_h)JFhr&^Yi2 zWxwGdOv#C|!Sn0P`Ra-t^oP$=J`K62K)^ZRpuhb+DNH}Uu!H^#iF1B|FP4Mt{nPo1 zZs`!gM*ARbt!xYwU5fMj>#wDcUVe3+ z=$Eic3e1NB8Qa-fxjzSZ0MmG{@pQ-#=K!?`f^qA$Egjw_zs|VX@N*FI9BiNO9_D8Y z#26nrcy|8bN@e4)@KAVw4tb05AOFmR;5CdxxIw7coCp5p3glWthnsf0%BKTnSC);3 z4Wv-S%|>6A%raI^hh{Ymw7R(mY1FkqEjTQ!IS=LHyx!>t3B`1Yv;Oh=Fp34g|DU~g zjj?UZ?z?8~cRf$ldEMLh-tKnWar^*cM~;OO65GKx`9MTsD>f)d2tM%qfP@eqP=v$> zkRl<31QHVPg%1!Q37xp5AO+iT+X1&x?6d<(yC1&&xUcT}IOo)<=YALe-xzD`wQAR{ zU3*vUy=&L0Jeyb`M{1o2&;32m|wWtk#osQ^#Jt_`|sNM5gSs%oM>@-RG^R0 z0>9qXjGwjIqZR^&YdcNi{jp<>`aHLBFS80`D6pov-=`%LetS%rRo03ED+)|Y0StQh zZJo%a5W6`UyL;MQx(bV>KuGd4ZFS|}d8XuC0UJYsiu{bWdUtF4Z&?CHeeJ=@chH#k zdh;w7Lqa%UqD?ThprR(k6a;322jNMRz*`VBJ0_fN6MDuqG3gqos%=Howw6w<;`>N4cKNStwO*K_`q>rovxUm zy|R?_;JQ_NEE+$Of_Ya8WFT$l^>>^&As&Eu&YA^FW*vJtT#;@*CY6Bt;#p*JQU7>%e?(Ne{%S4dUNlOrrnK4 z`hr&BK2d<(Aa^0)%bi^rGYdX&&kWosK)5Pe-`h_6Cm*I4&5t#HS2b>TWO4fa=|%6$ zR>gT({;T8J`G@m2AGf4vl|s0z`dBCvP!yv;?slCAxSI|9`HRP9i@Wg4cDtor7*a&@ zn#H>+m6EyKpsq1HfGIey)ZdKPz~^9l{g%q*=;cuumzbsVCwQHhrTCRO`^aePGZV@U z2V=;VD4n*|GgnbrGHG^MyTSv0E11TY6?I%4rlUqhVi^F>8axkPwef9=M)^U(EHYew zIRCoOj^%Z0U+mWukg}#v&puAov-Px7`94`azbi`lLVi~k?LMdB8`D9OIul}DixSl? zs)94Qi@N&k1h9$4Z{AI%!eNuX@I3{lb1FLOokm*R=hXBSV12jiJ6DuiWv?i(qQG@1 zaIA4|yZpKIzx_vFOaJ0ub=mkja8`A$Pl358oE@FZ{X0M0cr!ge8Gm@w^}DpHd0!~N zwg@a2?^3`bo5}Er{HQHUa3P23i|E9TzWuwQdg!3g3L>!1zIg@7=k=|K{db38mY$gqfnOx**2Qy`zC zFKyEf{v=)apzN?167{Vmy(5IfvjU=#4~(va>^%5;W$PzpsDee;cIBxScHSGjf3_8q zZ$i9P=d0)YAYH<6CWN|Bn$b&XYm(6QR|3AXOe}YRgH>6#%b`u>w6(D*_YFsuPWyu( zftGi~g1{N(V+utj0(}Ju(twA6mMYEETaz+EC(JiH+WxBdNg*tbz>)WWaG3YQd%<@> zs7T?wDP?m_{<)joQ}e&P-_${WI<5XL257%o-?0UU;csTr{=7KcPmko!`N76sdVchY zXm?#mm$!&A{DBTKYjSwtx$pn-I@isamw)H3@c!iR{q)+-XHrFnk*&i0p+Hqi%!<^6 z-AnueD$-cTY?h^7#Ozyo$3snj@+yH+C+SFeYv2L%Qanj@c!h_7i07_ z7Vde!$0v(h)OMck?>BaU<=+BE2Yk@1u4nFV znE%Y~uyvV>mBJ+Rj=lf{IkQ3${#6}>P?p8#nFP@!->XOM@1|yNoV$RbiT1T=aGiJP zb&3Lk3nn4_IWpvj02hK^NCP3X1Az*mQwJo;S9PoRLeEhyn_lo3NdYYTG+a=0 zfzq;2HY3o-U2*ULK4rFZilX&>J}c-6P{ zQvRHGcOJ>FYFlnZ_Ah(}H>J_Bd_?bTJoLi@u?C!TU{X8}|IWwqH+$H6p@po?Irm@% ze%UCnTi;F3_3k-za~T8U-pvjR9PZUHGZ@aF{d2Y4NZ+gU5Tmu8XaW2&# z)OF)O+_Mz%0b-%#bpD4hjiQn~coO3TWw3}gJ_=hBBXMP}mjMc{HH@c8@r`vfJjKe1 zx1p@AYr&IyuhTWYhcdfli?Aw(g4mnMtdPZ{;7ex+_O#)2hJR@_TyS-VuL@Tb#rz9} zn=cG2KMT|cIJDs(!DA68fqct?+p2W5hqBgcdwtQP7*O(h*{rf;3_Eh_} zvjYCj`1{O0pF&mWk<+A*v5;t^^fa~37;k64>uMn#ST(Yuz^ze$MOGaou3h6SkVfE8 z)J{6mc&77-vcL`kT$sXRw#%O##3O&y9mO>+IJhcFZRqTq;6J0v!$!pWc ztYUx?)SBHFIxN!#gp!21qIJx5;4i8ULR2vzU`1L8TP9d$Q#=?M&%8OhsT;o9S_kf z61s9HaxC{6+w$kk!p%u*wie&KuhZ5^s@EE_7-X!EZ|x>nUtM<|{+*v4eRuFXxEh01 ziC2XJYf^4Kko$-IHVZO~`F_Jxtk(oAe0hk8uPXAPb?*|vM zoCi5y44w#nD1!@#Dh|IP&G`=R3(I0mfk}@`35v_T0m@auVVoMkwK~qve9@G+TPGLi z6u_!h>vGG{)Y$3DY!+MNAVY^hOA1E9z%AT)f-x~r-z z!9ZdmjdIvSk+%+5t};nSxji^ISBv!Y%Pg$1AkXU4HuWfvWjG4!p6KGp!%KldX|F-l zl+Bjr^)gU)1CDA~JnxsM6>%-rxhx*LZ-k)~!6@~8em5J1^Tk$A`X9<&l@2X7rObQk z#kse6vBHw3*y4fSPrQdf)4vIf0_ML69Boc=udeNy%eR$3*-5CiDs!JHP}2M#SA%6K zej_ zS5ntaNnMtbTHIogKOAAKawRpE)H++?6}F_F@vLo_loy{@{+%zx&kJTeM_LF6 zv6aP)Gww5zGi)7LcA2iQaBd{bjnjM z>c_nZXH-032R$g$(-!07?t6*t*9}=CwRGqs0&)@lFsxqpSd+6IwO>vTH(r+;tI-Dp z4cA+?XQ>a;R{cTh=%A}v1Qfz3Np?0L*dbW$&TOr}k5Bj0#)G%a{Yj^@SROS?|IS#r zo_1!dke|i-Tfvw=1*)Z5+OF=T1G)2AnxG*Y;cRCnhXoGx%J|V_{9vf&wIAurv$pRf z9mN|+i}Brg0gBYzipv$Dq11H+=wJ?jWwCz0z{r)(?$QESafLE9I)S?jND*+bT1NQ` z-$uFIZuc~HYQbBsF^tywxLZntpDt4*X9{3DfRJ*I4=@~#Zp5sw zI)&aZ1|v0HDB)xMAma z)eCFpux=(JuV=-)tokJ=gLs~EF;e_p!uZ{1g9v`rE(zU*E^B-`hT; zGpR_iT-EQR7`i&-uYIOPaP9n@Camjl)aKbUQ{?9L&a}|`9l0z->74tp&-1SzyPlF- z{8WnRlJr_wQeUm4hDT)XKBS-~9?JCVV?O_y3s*RMmoE43JpV4QTDa>JU<(o}^2;7L zw5=hZ&8t&~m;FsG4}MrN*UgHVp;;$;>-74g{(BjMZi&NWn#r>ZNC-(Th%DQLdK6X7 z2eNR-+9-rt?t%NT!gdslacM>q3A${r>h)U#+60Zp)g6`RcxA$(=p1-bHsaunZ%FzP zE-@l6U`G4H>5(6I@}taoT4*|3jJA8q1A1r zw)|$-YBedz7priNKFrF$GYcK7aK9*E>_lTqLvA0i_&n|{j|;GHtuxOz!e~EV)t+O| znEkx<^#P9}HOBAY0X!3rbW?fC8rSnpQ)<|HK63%*OX9AUjxuE#N}|9~T&vO5OMz3R`#*m*b`Ri4@i-cTtbJ!q=&Z@_0?> z7nF3t`%T$v{lMakJ~9Uoo>JrznB(x@(B#SD(82MvLNGoH#W$AqOE=2mR*C@r&6sKrM;4>CqX>|N>Gz+IN(;7Vsb z4CWUjs?8)xCu5k4jZL}#tE3GxaF_|;1p%?&g-CBZzx>78yAIbe3qs?{X0%s8#w2@7 zb(YVSNZ&$%m9qI3h`z8U*}b8ii!!K+ah0YyQXV zr3Ky8hKHPv-WGx$IZC%Xn7Fl;;}`;XRy%tafv2a2z?%0d(#PGskN$3na{-sFpx!pP z_SL`l_08;RLFeY3v_*Z0I z$AMY13kQeK)58a@bbfjCO!SQ}?&fXa%Xx3}X==(M4-2*12z>wZ@b7#ZeOa}+Ucgr8gjs9AkXJV>^#j^7@$4Q*k%E0||rLLDp7o8s% zNFRaX{fn{NyYJ=W&_TEGmZi27(D_(wl`|l@tA&hw09MG#=pJxGSwGC{jj0xN;f%e| zIYRNhMB1o3bS6;V{^=fy=K{Dtm=!aF{h1C7IVe~$50^gwjHLz>Rs@m| zdO{HyLe2Ra%k|_w^c?rV--N5IKM@D($R|E&-^ya7-LsaciqPvE_+nksbs>~kk?dIy zQOB!NKo>&3Nt6htSTValMdFl?Ix1u#(&A3yMI5~B@L#OSXq&o03$IH%{Zy4J2rS4D zoLhbQ@RlNWtMVyL+zy1{MTIPB)oLvr9Pg(`Td$=@8*iqMPu?GHc4?oPAZ<1FX68<# z*in8<`$zj}_rabiP7Y6I=RV-Hb(kJ(J<{QU)zoWVe}Y!T_qy?U_;dQV>t^!cZv^6jM@hz1GB&W2O8ygh6OZf zR^JMt*rwlEpJX`&qq5c*w8-zTD=XvH*>jDLi`i2r)Yni_>z!6PKgxVkkAm-M$lh3~}sOzC)9)XCi7v%p z&j^}>KpZ+o0?%T|Ru9^GI&H!%8F>(5`+c?)JKmHSZpUkRdgR4@68v$=ft(-0e$?@I zD=d`n2OXQ%DeLO%pzCb&%WG>R7(x@pq~y}FVo(}!*tR)NXMP! z*(M(}8+B(}f1|V^cN+6?1;QbMCr3x}=j?|Fp0;Mw4%4d>DV?_(4^pei0!aQ&M)h+M zX_NSOE}=BCG0G>1i@{^6PCHH#4#FHl4{a9AJ~v2zXZAN#4! z_xB1<*>AnAFA+9p5Oq}p$y_#nz+|FzUBPM z`&+B)Y!ntWrTy(@KJ%Gd02ixgcn>&qyL<;Iapm7x*3P~ti(*&153!;)UdtE)5_Hgc zD=vD>y@Ar`tMfJB_zoT~@BBCKE2+TAVA)-dg5kJd><{S!9-b+ysj((yIPG!~yj(0! z=kS2-W%71;#%fxn26c&8I%%G4d87WIFwU*EN0pF3j^#M+xtMEYigXUjEYJJ9AB~Q_ z(vDngd@F6~&@B!tKJ7odq~vlW+dJbu=wi-8@NdW8)8M19oW=jylCl|}u~&X9i$`tM z;)((jQ$QoPb{%fX9meM1_eJIInGTed)pA?P<=YD7B*m!Y?bH5ur$WJ%&ip>v9lN|b zrl~r0ZMXRJ8f3}op1b&yrKZs&3E&3gUF&tfkMg; z2b`?~`bFR$6KkJ>k8jZ|NMa^Gvgj4F?vZs~okSOaB!+2#ZImC$hi=_E*Xm2jCk7b# z<9b{y!@CLV7MnPm;Nfq|-`hAy)8|#oRUM?}C)86Lfsl4#J6QKz)h2?GDP{}b2)-jx z6!7gJJds5oL!bm^T#*)-lOFVlGCapMz)|HIQn>clPPK|!8EgTLx}l7BrLja21V_mu z;8d2?a2X$yf)Rp%^&5P35nO2TXM}O;dwHz35SIHUECyahTn&K!kQa3#EpJmqQB!^} zUj7@3Ew+JIv(+@5_$IJ+CII)e_bjdTYVy_mmMov2OMG{0=f3=c=^P>{o$Cp!+eWpX z9&f&tPG5dq@AHnP&QkLL?WESD*a!82J7PJhOXpQ39RwXDQEpM?nE6|L}{-VT5mqur(fV>wFb0A zSMzJ?g!qF%G4(WOXgEt-^IEfVMyf8fr%z zXABkHeJr8E**o|u`*;3}fBZj8fBVb-<#pcVJ+8wvudPIG^SzWy*yQ_bL`~f2LIWE03UfYDiU9<%@8IY~+I#RM?aBiD`O!xOU!T_}L08+#PumBk zh*>6uGdzT4d0N&BZC*+R_qDX^;f%1}V#pHzV9LG6LuKyaAP&3MAJ zbg4?I*{E(!TW#v{=T&@DSD&bY&j8laC(S>w#mcA@%H$Z=Ne}+P-IxisI~A(9W3GN^$m}! z&10=sHCsoi!(y8h&Y+;=vdP}~W$6;C3fp3+y4GnV3t-Kl6hgIJ7D1bt&E?>;}4JLH7mFQ3kPs9v_a~EWC zWhXLDQ6RBOQ~n7-v*+$h7AXRN}ok~FP@qlL8l^59u|xT`}1H}=xYV-69#-n%a%d)z!q zkGI7mq?9>teOD}Xd+}la&Oh-df7q-O>$RHPue_c%rSM;c6$Oj}8fR)!{O(kC(m{82 z{>~?%?t{joNs7&=O!m8ncgTyD5xm>p0KhlSFX+#q7z zOq;%|$(7U8#ag*m*G?64)1f*##1{C*ldTbWF%j@ADs~-j+9nuHJevKDes}@z7in3A z0gXJ#{2*t*++tWb>L2y|a!Y9kp2HZlGO%{enjg9e%20~+W{?(E$|M-wxesvVEnciY zs9cB`9fBx@^m#{nnoAsXza_uUZ_3+89J zD!oN9bk9!on|`Tr=`OmHkjpLejsERom#!Vh?afN*d~NbwT5;(W&Vjl4bJhfE<=;6d za-Z%@!?YD{$+jXj)}AnpSV~3s+`bN*6!L{eCpS00mlW$^KJJ;79$=F_g@3pPDEVmk6`E+h} zj?!_vmY!_Ak(&F55`>m>g1KJZOyx6_=!>y3;QM%a{8ESgJ(O#WmK5|i_j7&PJ~1Uf z{!f=t;mo%}2>;GM`KNx^o?Eg?NOztPytYtKRp67( zpQ66=YHx!n41CouN;qF#OTDh<1Gs&l0rHsvYkcN=0E2c1mrvlOLnb?N?_pNF;?pH~ zG`n*+?Vh?0B3h4oD7hVXceA0ASvL4c37)ysAkknMkG3bZoxvHJFSpP=g zK(}r>l6=5UrB@?tl|Or9%jRK9n9^Ck>reY1i(?dI{NaMD=ZPtBXB5ufqm_T>iQnui zRB*lYx_uia zzY2Lpt7a1p3!QR0ctQwCksb6IPLKS{?v&rK-47p{FbAA~!JP|X+1r+|HzJ?+s${E= z@OhIEZ5R7fj86j_Si^PkF^rK_qyvvQN(;9<3xU?}t@KPv+eTWiyeXg0$En-)1MCh@ zU#41RJw4g}O#1G@H>W{sA!Runc2hoMn^IaVGIT_r(^DNHC@bf#Xxfy*_@?1V+sb$3 z%bCLi;~=P;!kkzAfAHI1JqNlYi}_VpQQ$lU&eB$8Q{xQ_uFdmVvwqUTE>`v|b}l{y zFNiU9b{M>9{}c21&yExyyPZd|Q)M^=Px1ROE<6{~M6aChMqbQ6*a;)0uUROwqsQGx zpyb6R)tcNg!AoeTc!3XPuxiE^v?*$pX86cb8H+f+1y^F%?9SN%=Cj$#v1ka7(#iE= zUUt~6DWV-OR}Rw(Fj0(vH?(*9!<$KS+;W98^}xY-p_kR8g*6tSVU$@t5)EI2={uXG zMz{QP?O7cwo#j!HXF`F_o^Y+d>dBy<<34!2GU9y@CQg(>|D%6nKv+NWw#Ss5D2oFG znHS??<46i<-uWuz6fl3XTJS&azn3SjVk-*FfdX+*UL4Lw6By{VWmWHs9kcu0&jI}# zft=?-ocwk-N^feXCG<=w?PBOiWMt3_M7bz&2Srvw9w`9ePKU^daEOo|)OgKRx;0ggD?qlmt zkQsu;Wkqk=PHd44#TW|Y5MVt%kiITML4t>@wKB;Me1>rj9OE8z8ZLKf16c-bAn^30 z^ax=mU?;{+yvx z=Y|&6$IX4g+O@+2In?Veg}?hN|4;hKf9{9VkNh*Ay-R4XaJ?o4zWx8X)$RD|j4Nkp zr@E7RZCSF)YIQEbWaPyh7C0LJ`3UKZ+b`PRu<;p1E{fV%EL@WUH^yynA|5==aReu> z82fV^2jwi=d54$H>PWw8uvOLDEGTT{8Y9|`JM9Hb=Pz;%> z)~+w+Ot_~auUx4aT$Jj)o~)Zy4TWpK&7fGS$7wTS#Xb^up62)=5ugNjr8zZ#iNZcl z^L+5|_C!l7&dd&s)o1Pe@jUL(r_i}TBf}cYYTnPdaK2x>C1jVJ7gIOVEPmnrj)R`( zL4#QMln`B*Hw z0aWx)dpl+L){+4nJ4^0UKp8ymgE&w6@0(|Zmd<4AX}nv7>r>zg?aB24FQVqF=-+t} zbh}G!Y{(DkviNQ;X|UhW7P6z>cSOR$toSaG^TxO`c^=nyCewEEQJsRLKxtVK)~fzLZfOePg+F^b+(&^8w~`oP#&X5zA8k2DMz2<9yAGo zE@)x}^ru)a(k8jrbwJ*c7JmY_VYo#YmS@7Br_yHrE%W7$`gWtwqwQAM|ukBuk1gknrPJy?7|2X~5uRKft_vfEojj0VkJ_bFg?WPwk?ex;W zd4#Im05vpj-AaIe+3+7cU=~<7-8e9iae=Yk$8}eD@*HW!)+j?jnQCYicyZKWZbqD7 z+)M?%9%;G;?joEYF(2`^9kx}Zq+oo;>16v=tWc`#}8 zOIl`|({T0!p+_IoHtmD2;b%GV$J=*>v*JbYQ6#%_=xT(RPsBaaxknoBjCT0%+E4+%mL;_1aBv3;k3#Kq(*b$vRIM)3_nYbXRMod z_1<0zH{olS{tT5V!Xy{G>@Jv@jB4-2aItqM_}V%=9K0^6#JGlory2YJJXFNre=d-E z_IX&or8-Xof2_m2P1!fdV(ffhfdajq=4S}hD&VyB7WmtjPvUB6QCUIq2QU9HuW*a8%33XLR(4H!aa(BcmR`R6B<=1#(IJAn^6iZENd8`?#S4GX zo4c}dmXGd^9h@~Sgxf2Rf9L=FKmK<5`@jB=q;&r2^b1lxufnTAfsfy9Nzwc~ed!C& z(#P*ix!|N>vZS%nl+JDaK1Pm1hn@c-&x+}t~~YT!;&K+AEG zMXPB`<5I4U<7_AnpR&Zgr z1;2tkcf}NAa&{Y(VDgTTP_zgU#!Miy;Q8^C-erIqAaGc=~~7z=`&0^Q=ds|OHCNFK5^)eTa+UF5g={P ztd6{G7J-U58g42S7RKf5&>mzw!&%TZMGa-cyg==ZMaSMk9Mh6%;6>LnO zQO{7UhIO;S7X6%mxzZ8-1@FKmh4ZrD74RdU_jq|n4n9J8c#GA`cmVauqbzQ+oX1K~ zmM>-R3gs1b#*;A$m6ac7<9*_DWU<)E9XRlI*e9@k2h^GTP;f=51!6D;=kNzK_Qv>Y^t1?Z!_l8;XIvmV%0n+TV)UX7x6t-^+vPA+ht6ISVm>oEo9{BS zP#;~ulw{rRY1)>Hjnm%8dLE^iiT3R!UIJ+z$+SzG(SFv(4ADSlZR(J*Y2}J}^mYYv zxhPOdH7&?&OE#^&V>1|mlwdZu<-ZekY$3tgdw7Mthuz8U7HlB$89;D8^4+6WS zUy-~i*Au-SLj8E*JIc@V-flN_h#>x)IYh9VTJ79AeA;%8n}=zy@i;Y0%^SJsn6}-U zl>c-8(m$Kt`R4c1AN=F*48VN;ul=T3J7ejL#q-L)^MEvWBJ$;5+c#zNKm64hEa>=9 zqupP1`ElKmW#bHlz--{%loET?!tFwd%!I?{J#@6l5w3>?{Oft^{K1?TA&I|;1;ygN zHJ`PekMB-+pAQK$MfjKVDfkiNC*>S>%F+Yxh0+{^rzunF-PD#(ZVnaUjf2EzJ*lr97J#I9oBAjc`QZL&;)BbFssscoC27oVAzDUe=%U>)INKupPw7` z6!TW`$tX}3O_A%H+D&m=0T-{h^N+rEtEUW%Fq2t^7NWrpsMP zW$VK2S`>3Q;AhN&auGg)mg>FOw+~P|j z#L#z3p1Y^;I@TxprOT|Zbw5|-+=IlCtZd*zVcPI7QaDNg_BI_~>q~}SfQmG$r;09E zbN4InO~ioZEeuj9JQRQnOjoQst`r&Ito*(X_o~UI27Wj>46hiDPY>*nzSp-uliq## z^PGp;apHy@^FvfAp(+W9)+^yDz@uJ765fxYJ47?b|= z&;GIWlmE#trO*Gh-%6kVpMNWT@{ubkKmKq({rCUX7t)u$_)pTm@~{2*^yh#1C)4iZ z#&yWDsTQC5vpw3ETxS!ZY2EeFHJ2I`q1 z@~nB4!dc@s|1KHl$t?!PeHQ0@{J)q-dhieyMU6+8LNf$0|6>^MTnTsF&QkF)#7h-YQOQkptBj{>IS;BCUM{MnSc;@6%|-<-eYi?p=o z@Eu2Y7n0M=^D^juQxd!N;MmlOdQpeFrxoi)Rp=HjNn|N*7TBH_e`BFKo^yE4hoim7 zzv;aQ&-#$j@}_WSRsTeanObQ_*3O?zN9JOKF=xq;oKa^(=D0tGNi!ncodzQ*L<-QF zl*=rVMd(Q`>82y;FBX5`b>Q$S-b<;T>auRWUA>S~_O$CbUTw1+IK%(-?7Q*ve0D_crewDfY4J6{(L*{B=8uXWV6~? zFFn#5)7DN2QCKk_ng6t?vASQE0!2Zr2qV&qX|sx(40-Om;~VtvkiXbgVL7u_Jxyy( z7f5M4z6-Z7LYQ;`oILPF$aTCgD*CYEvTvJmRLK5XH2Y&P$U*AVPaxVWmLY?5ibU`> z%gnyov-TYlt^eP8-3y8g`1{+N``znT8l|MFYbRjdWy`Nm=TpZ@AM z($~LKPyhTczL|dJ7v8*z46FPFQ{YB^nkU88hM=>wRn_hU{We-R*(IStu_|{->$i1S z;BcP@L#`s(*gafiqGt{CxFmSdd3$W};2Cir<~7B1=ONB_h!+=JX(Z~x4?Un5fk(j; zy<@5^gI(uExcqU2Fg(OvTZAGSg(_zVL|rFE@TpKFI~>Q07J2r|+ow%DmO&Y$gb{;sZq+wN<3 zsOBBp^6Pxk`<^TUM=eGb;l;bV3i9&gm!$}+O6j=rx4S&=WY(CJQ^VY0l-6(|*c4JZ}jEBxOw)Gl+I6#Vcmv%kL94kbXdId3TG$B%D?k; zpT+H#cHhmn<1e|qwxL1fp_G>2zFi{RQtQP@D{(?`!mNi|!YrCyv%?#)oIoIu2dvbT z)!~_h07Bqu534`dqCmWNDi`Da>?`?^4!w!T{aOu9QAx+iX`0tc%@&rH2w4*Hu)5Me zfA^W-B>|c=3&@(b$2b3W1Ao$O>v9NeRLF~Y{p@eliNyHUis_!_G%2Q2C(1|tk#_`d zvpxg&A|iTLUJ+)*1Fk<8g?rk}Xkd-?Q?1f7KhDkWMZvGrYo>$dOSzADoQ`!r?VpT9 zah{1AHSJF5=(jvjkj%5S$zh``esTCo+I#RcZEbeb;n54do#OkM4Azlcmuxp4n3Z$8 zeLYL*$y%Cysh|4!A4_pz?fkpH{fFuC`VVP5evh;u5|Fx4KgQ5__VUq(upGpi8GKQG6DL2E z>$J;Kw6e26LOet~yJzpv�gdvbIZa^*37@_t3RIIkisnw_q~M+KwHlnwe8 z;~9c8y+Kz3?ZBtTg}`ZCnelnv*7!2#b6Lzj=zd#9Ja43Ozmb~qS4(ibb9nQn(|N3B z^Mr9yW62a@v+3FWgo0udKg%2{p9lGCKRc11We$!WKX&JJRstu~+B3$X&`RjHkdoQ8+shR{ovGe+(A3&i z;u>ATmYnjr!Y&jmF|l1V%4@P-Zpez6Ll+46!8-qrG-+M@=dx%rETlaq{Sk`s@Fz)L zF+GHYxJTW2-D{=2bku*}!DsK>EwaEXZ#B~L6k@rMYEQ)qk}v^hf;gGE^vaV1S9$vl z41a5ujw0Tb@m^ddN!OJNdDM0bvnbQa~5k8PB#Fd(*T!_p*%Kvk1?w@ZW6X|A=v%bRXwOjoLY8!(|*^p6@aE#3;q2 zyzk0g5Il-{D0fk?gaVp50QIDYwtQd(zv15R2aZzYs!+56EZaqdlH2HrvfFA8>hoKJ zBL%+XtC|9T*h|4P%4Sy(qipuz^sqLpg2M@TUgmsSwBeT4kw;1J2QIh+H}X84di8ok ziuA5_2s!;IhkK2_G|eTs)N&=b=TScB6K%#bt=%N}Y{f7(n%Mz@0G#sYHXRPo7n_%`r$A8`oM3c=9=w zP$(@BJ*=v6>VKQg=oi@C%bQ~2=h6VPKrdH(_WAwg^=Fh*UE48BW~S6;#jFG3IE*A$ z>VaDz6L%WVCl5TW!u2RnRM-}k%|&QMfvT8(lelDDh3tK1w|Jv9`R8u-_6I^7B?p2Q z4+?AzCX7rMAo}H2UKwze#bOCp9--qM)vwD0BGS3Ab^>-+2MEQ_ChBl63Yw0Cp{aBi zZgb(>(=S&#LyfqyvT;+Fito*mww$B466w>so={ zE`^@FwwwO)zx$`spZuAF^qZgmz!c59c9? zNzr2Hc5$DqbqPB4hx%RXfUr9h=H{n)3L4m$s4;4o5b#irT?vBmONF+U;jq99 z$a*ip@A^Rp1~&g-Z1vz3@Qa`u3K65J#&0Z#V~i(_;P)J}fD!r8V5IXL{HB-(^--n* z-xR0tVI2?%Kc=qF1KfoL^+@xJCr_syie~|Uv65lCi>y9}3Mwynq4m-Dlf$P>1kdv) z=a=Ncr_pwk?$6nSJyR}VQ`SS=c_Qxh0(VO_9vn*IA`EgV?-xp{k`4vN^4pZ(!Z#Gp zYM8nFdy#(gYU8GG+fvAM<>P(3@;SNK_&{@eEpTM--D!2x78X~ZGk%uQ z>T+=uxEn38Yq_e0j?!AL?&@pzO-Fu~S8h<2`yKjk>>VMQkFU#!u`8V)NoTRE#fp{E z`LcJE{{k;7@d~G}{5vn#%Vj%DPi$b(gA0S&sZKpzoi3bx4>oybl3jd`hxy!j_eCpa zR+)X_p~z@lzySlF(7W&ulY7!*@=AOaW>0~jZ`_M5j7lr!-z=^#L=(r;KFY}45{h|9 zQ6b)y@Mw4x(qjuO%IH$L@LiiAnPbIw z`A#F>1z5HzyAl8ktL&R+`)_E$t$6nR7k?5CCV-iufQP|vB5NpqFB}|Lk#-$d0izVo z)a~?J>19(si#H#qleTsfbf&lD1nktQH+B8)7vD=i_e-BkKlhh@AgV3>odu+w#>1t@GZ0*epXO+6lDpo2Nr#i}R3D_5 zoe2dn)nTYyio*g&^pUaLhvv%$;1QJuNgChv?|JL%gOsZxF@{^aSz%9e{zp9Wj3)`b zQ6b7iUcilek*0!c@>}eRUL`A?a_;^@&)H%P@VyNH zI}ItzL5H*vSK#5#`fGgCI~6c!%ku3NkVnMJC{hT;JS(icjK>O}e9j<6xfIE?1y1Mi zG}r}@ilS`BqSk+&I?$Ws;{!+_+l z_pP*5dQ0-&v0N3r%;>&&T&~;Vrf@&*!RwZRqSx)kt5uI3u(-qET%QPxxgGggMj`0q zQ{=4f%T575N9#SkL0=49c6?iB&!ljEsB3R!A%Drsy4MP4r^(8{^CjQL!jm}+?7XXl z`J#{?4*0GHwYly^n{P*E2;KbQYO-vT^K9FoPx3W^#b7 zKBBF@te0D|V#eZOTo^TJa3LXTxd0Lqa8g~EAl>t#geeV{?3aRJ(* z*aQy3P6RA%CTZWxAOJ>97mj!b5sEnGf|=*y)3I1K>criZuJJVe9ZO^T9!vmqff{@^ zDzEFy*tfn%Kk2{wW_F*ET`BJ>vKl1}<86r}tL~9hi>N|%M(N0fp4$88`GPo*d zek^q_>mp4zmG-hmr>q|EDSQ6VCI9wFryf_OQk4~1$I9}yfx$tCj+4W6`l_%6@QXP8 z(mPk3;b6EZF=#V7f6ZJ$)aqUN5U$I$!_jcD!SiYBFrCP?#*@uYr_+~TGiAdda}JT3 z+-a=KeZgt7IS1&o2l?Vq3i$_*W$7%X^PzmmXNrbNTRLnVq@DVs)Kq_`tvhKOi!ArY zf9i4K`f*(-p0RG`J7vA(E5Ch`{=paje)`?tct8F8FaMGB6F>dNB2l|mTiXr%^5x^} zwSX+3Qut~9(yu&EZ-4pn-}3@cxzGf|RJ~kJTW8zps5`-;mA;jl$~Ttfu)yISF@VD- z>6pcb3yga{)56{NQoEn~&W|xWYQ@;ioxC#V6J+hcLkMLlcnt@8@;?E`?>Vm^m--IF z)1z#m`nf2|;^5(aSRgzw4$>3f&>|Up5FY5k^NCXr{8}2*dcD5+sVBW7o?24+`ub)% z>!4^BPPm{@dH2T*ZjNV+g`Vzxg#`2ge2fknRIL5NYw+JH3S@ExM#F$@Zby1f z*CNmN_ve5j-TI%ww!U;-eu?~{W+#3OT!2|@*V5H34vmDiEEae^^wE3NW&OX351Q3G z^hst=(kMNYi;XvADV!}-4!$c&csY;dah`88G)k|@4|VLgyiH8*XWPi_6}iHw$^fM} z7P3PbcZ+A&K0Dxk(sLPmy`eGTwD*xlfV-uaY0J+y3TG70#8=@w1y%~@j2*>6ioD8Saabj1Ox6NFwCo$C`W07E0nq>Kn@8g*KObAkxbBt zHcF+ci6K3?fI#5wOVBgH4H?8MDBl&g+=pp^264!FY5K= z$9cW7t__85Ss}+kbGVFIKx( zsypdd|Hj+0cK#s!{4f20DW1RoN0-Y_Z&0kPt+!kC-FRHu`>pwDo`NF$CN|_M2PM_X z1c#9BG#*U>{WglKN9;VAGBBP#Yko!J{`7UHY0AfW=V4KgHa%Ua5BR{vxdM4!)_DTT zUsnK=?u(s+=io^Lew4RCyRIYAC=lnDRJ%OcmV=_R6 zEYMz0@aglF0Y0xn!PBG7VHaSL&vz4L{M}vI!i@_Iw?q4JtvA+1J1N_x;AVk86wgl2 z9M{oE3|`nEyQv*(@ckXR*f{FFCwSBC78(FrPy}TXJ7IfLZmz<-DZrwe+^m_O<=nLu z-v~QkPgaMt&HDx13jD^}Q`_~>*WvJYG2s6j*BbS;N9xD3yV!-f;k;5f50Q4|-+722 z3wqqps_`_|%{NgtS7lYpDYQqucNWyU``b)a2Q$=l(A#?-zneCs;BWR{NX4}nrPA=k z`7XSL5Hv>Pnh8geSWxzc5P)At`nrhzqBtljoej^dZ3Idb;Wr5=lM%=8l^A{GyE*B9 zXkcr#sstTb>UO$jVH6hmlr36(QyBV8OB2c?JVh^n5wPq||1v>U4OpJFVX_qOz=dI_ zg9~8so+ym4MnKs1vcRA+@3UxOg@EgQa2&jh%i!KFa7Kk_FK~An`1e6tuh)_#+J>&W zl=qhlPThVdy*xQc54Rqrt*Q=d?9AsN6~6gx`EBiWmRr~yrZoou9!b%>v-Q9%$4^?5 zTbTCy-E`Xa!vj054l0dd@OSok?@2xV!oT(X>Br?}!~8q{@9(F589Z0Zo%G`4ll0gB z+kc#X?>9e?n+++RbuF8J=iQChmYVj<;HP;~0@)C$PkT%5a=I;<6zEW&CGVvO6Dmni0lqeFqdua=y-?hTs@Db0@emo0#)s>kqtHKBUzvbB*Qos36!~2YxY+{Og3P zV9;iSC=1Pr53cMRigKgsMBXI#t`xY3-EXI@@~1UE>}#jv!KKxLewP)1PV)*JGRJpm zt~lq_$UTLN0T>5Lme>4Xc*vj;NZ$i~mOrwmdrF#n)om<;dr~y_&hni=caZ>$W9XSU zOb~Z2tKbw^DV#6)5?215FCokvlJUL7>9C6k4Jof!AwBJXZxPMiyEfSF#5Otn?Gnt2 zS=;59JlLc;n?TQxFg}qV4S!tT=o*VojY1)>m?azX5>`j_XA&!N3g zaC48~0$Ds={|@}10e8M5CLnx21eD##y;v-jBn0*{8ju?bYRVO1@QgU@4q+w}NCtQy zXaQg-Wb&e=QdS7syC9*M7uBpx_K@SomT53Ym~#wsI=X;I9>Mb!9}@N~bK*Y^lLJ#K zqDD>bJvw6)&VX&o?Z$DtmY!_Ak(&F5`aRG7kh@w*yG^u>{`BN-xYH<-`?PgpZc;cz zuq&lWyEAzoj++PR>9%|hRx4USxm(KiA`LE!7yUc`2L7Et|DJxYZT)t;>Fs|a7ZAFB z4~yqt{(+_P@7$9T?(X={s*^+#oce3-A=et#NewKI#MuV z8Oj3ED%?*BRM&QFoWm{3s}MTs2YqU+Jy|VMWiNE4a31?*ulzfYCC`j9*UPeQ?!7xB zXqSWGpogaX>h#V|E-$ponVJISv|(1v*rlAAFXsK!Ot-U@BqqJ1CeCzhIDP8Q-g1S3 zuRKlmJ43?3IpJzfc%twn3=12yJ*yD!5O{SR&UUQR%=O|7ybHk+Mo~PAd#y?79sa8k zS<9J#WQ8yMDGHJoGA$wcVL~2lnuMr&iWk2f%Q8V#S*jTVq1VraL+W_FOgI;rLV)vh z7iMXky2Ereq^1xyi?s8)`QN-;y3h!dz5W(Ft{+#!8h~UR&tv5+Onr-DT{Y@LT%bFTO7~8@le0f9L4eqVCJ=r+H!;Xh_7P!ESXoJ#RlpwU}4+;dN;b3(OJC zV(;Bmys3*KR_6ZGy3CI!TsoD?4SHE55MXYB!-f5rhC2+D%d4=WKu`eJDP=7}G_#$ok$%_j zowEb6Cn=q6cQ=;$_dBc<&J(=&rBs(?*yY>0uL<^CH71jr<ZdKyf`~c#=ej zcNB4+8H)xu4$Am@_5J`GA)i`#P*n><$$5dH7;P2XAIi2}9@TP9@2qmAf)pYB;N*o| zYe=bDdo0E9?6!y@%xyRHo;$ZMSPs)@n&*SV=Q>32N!pRpdH+ZU3T3WUu7YtaHypb< zpsrbJnzH4p@{7*rH#4h%e`i-ZKT7|{|N4*9x4x1Kop;5*^Q>qwDV)3Dr+L!8FsQ*N zc4f)@qK(h$u|G5%K!q9Q7#U<-A1vby)Glow+T~UO$={&y4v2twJ6iwzXe?2?QS?=qf; z@6+Qm3}N^g+40k>vwnujQg}vLSe2jUaDzh@yXZPPCFIl;h?9SB1+c5=J)wZ_9@vu( zAr20GwL0FF(wPw)-_*^s`>k|dDV(SHwpae0ry$mZMc2zu=W5-|V78$xT1UO_*pGff zv{uE2D8T9?N@iB85d>QD#e7><%tNT1dt^d-*`#w^-Z>z*_z;4{Whfx%tc68S*4OCQ zW&OSk)^*aO4cc_!HUzm`2)Pd2sAGPZv-v6RG!DBT=$p%h#C*%FzvsY*df;>+C@oT> z?1eIggtGi~=t#nJCV|-8mSlpS)fMeg9uNx9FT4vyr{`N1Rk7S|zyCzDxgA2$zmc;KE653HtE zbJ>*c+5lV0eJW1yIBnX5{HuTc8+MT3i;sQ5nftQ)cfPWNGb-@* zmygo#eBpWe(yu&At&>@wqk>e<(b^R*AfApNu?OaPjD!0tdbBg=} zo*jOi^Agna%jOrxtKb*lmn+4MpP+T+zoE+?S8#h-?@RC?=Y>VygG&oA2PXZbK1K@k z$=zv~65fcL(T1`%-wBFa!>Z>Y_*zNI>N6>wV@?7*zj8iGjleD9amSSf#>E`|M<~)P z%D~Tg7uILqffK=C0v8Qt0}N-y9a*!(?6en|J`4`8u2MhpgV;BuWLN>MVKi8yduR{3g>IQ$d!NR zYY=Tj6&P1{f|JWfRGlcPB41H8U9N1NsLHBPMgf#!wbHJ(w{0l}e|61t(&OMZELbm} zux8a)w@WE7OuI=0h`dY>ABTvl5*)+&&;%>J6DIxT%;m-C=5sis^RG_rblNI(Ih+vq zE{9aC8}YciTM6X2MtZD?{zuj)CbbAM{8PdJGy-r@&@pAP@98~=Z(g8YB%v! z?(b|Fy4YxFF`%+L7gWCgM|ab|{h$71`iY-;LyG6O)35!_w+HPkvw!CSl5>jOSwGE_ z(u46!pLkss&6{Ui=~#nk_Ce(C3Vjf)*MReifj0hS}@+^dk*xWyg55&n-=I>V0}EurjnzD7Ac30LK0{m2(yHIM9C>sH@kQ&;KYx6Zn8*%frP zV)iFsd5ZJ1^KpL<%mJVwY!+PTWAIPIRd`uHt+Mw6y?S`EAdh;K&FSOwE%Kayd!G$Y zl_cF4ybUNRS;PQEqNVfR97ePQwLmm0mLX?pmNY=90B62Y-b+q1@O0$38}3>6;u{>` zs$%iIjK?tOGrknLCps_=pTAqB&*@P4ca#!@y1MR7OKgHbd$iHRIH6e&yf!+N8@WHcC&fv~K}*dpsRg0{tA?VH6Ec)GHjv_>wt-~CA2n|ZwO0K#> z8XQVOEO+OD1ywGbXNXGlAj+CAjfLC$rGEbt4anT@sdNTe5>cp@cprCLk7n-A?< z>vXT~8&=L+4K41;%DL0d-rs`p9&WCpg^0cN?=y?0;k;Qs|B0V@GuicL-<0C{57Y1c zW_~Esee&=8O89A>^uw@$=qznkHf+qSR_YoH{cM0qK`cc%V?@q3#^HmN^2^qHwutF2 zqhjvicj^YOGR9^@v5&`$%l$RnNUhRIimKLqx#~Q1B zVH8X1in&gzq;=7m`H@ug`|?A1HWH}9tA&r&Maq+CYH9HD>KF+a;EugKwT z(XZ8gxhSwDH>ZcT^L)ARnkP0r4#(6ev|jp@l+Md_FzP(}9k6rlMWn3mQ&C{$-+3x> z4GQC;q0_(G0_-}<=8e)DT8TY4=lg5W@G5eS0-T~+D{(rk4lL79cq*$>lv;N+Fkxjv zYuAYBWmgtPd0={qqAyoG=6Umq4NrN&A<~AY%kdodC>QtfI5Hm(0l+5tl5hf2u_k#@ zu9!Y99`Gn*@o|OEf+={kAM3U)S;phl|bb9Est!s%v|afY=>yQ9k{X zKlm5Ym%i~U!&R34ncc*dggcDfMV4lUQY_N>`R%(?JuTv29SV_R92?gt)W-)}ytx zM-nsm>7Usu{&DX;n?NIe-1QL3otV7FoqmO2l~1B!b}opKPuV<=l)D#Pz!@!-c>nS~ zx!~l_)AT*c7OkmCyE+Ijl+8$oCOKWivtHhkfGQ!`va)=EHuzTW@>Y0v@s5k7hSQ4g zxEP95LjD4|(|n-9ob7!J!Gtg;a10mN2gs}GEfzQx6$ zNTaV22Yx&c*9DQVXrl~D=9>IYa$wh_3TNtJkz21e($nqFq<3F_ouq4pMwNqRr0mYD z+O7p;Nh`fPc$OaRJxSXe57WzI`8T}c_i-e*8js{3yDSU)o~-b1Gi zP&D?Qtfyc8_x|bh6F>b%`ZW~Kx?W}f&abYY<}sfQgCWDZ?pQlM-gqO`v?JhD)}mco zn90U)KwR;gp~&qAIy5FI`$gw%DJNw?$T)5;$u2L?*q@IT0o(b2DS6>B3Q>l|a$jWE zj8`-)TA&trTeKMUc#iyHTJRzG3|7^#7~jbj^08Fb8`8h*E}juR|J$#^BoX6i(H zd`Gb;oA)K>se^LDB9Hs`Mfr@B#*g_ZhhgO~y-i@SOAZ>bFbr+D%dp&(>#>^-+Jc+i zm?Lm00Dsv-ynpa4_Md0^A89;~3qf!05vP1c3aiSmAwscCq>Z{C_r9w|>g}{GIqz@| z3aj$krhU83Gu#JW49l);W;X+VmO1~V7&<7q&U8?#eoL#cqQGrZ05=-Pz4!I&U;goM zUUcfoJq>#w&27&sdRXEp+N~7Mqo{I&w3UD7tBJ=po=#s*)MprAw43F(R)+(QpsD+^ z-mx4M@vZ*Huk2utRgH&i#y_BkKO-bCY4(Y5&hVIMBj{Ahxdp(W>K%*3L>{q_eins< znAk^}vO_kyPm>^fT^}K71!1$`dS3BNBkuqyVYbQ1}ejxcr%elU|sxrV{)4Ge zena0zzRh-#6#apJ>S5x#%D?l^$toJl=(`qPc|XmgUP!K6(kNL@Pj^411(t_W`f2G~ zQV7aFTqB&wrA$)`P^Y@Lbf+4Zjfuvr7`F<*Mzyu@G{)7@I5B=7bl*1RB!}9`h<8k2 zy!UJ$&oj6N+B4v1G1db+Tp+M$hn4dnkFow7EXW4mbNJLHcv?PBDDs=&oum`rf(!HyXjN((dIc=D_iqeNeixa?et7REelmGT)VP5=7brp^hb3-djLzgM4Y}v zABj5*&u3icJH=WXn%E)7dLnIjp|D67;P_&~*bjhWw;F;5#r}g(q)&oel;u8%^ZVdC z&b}3UcNwrKGYM?UwE73Bvvw+_^Y>}4_+6>3W;2K2Fwe%?!^~Ioq}bd}Ip%U@^Rv8Z zzo5W^?;oq>w%mcN!ioaRMu82vl4zR#;dYHGmVqv=bbfZPl+G)K^IX2Xm4D}PWNnmC zD!n_d$W(bKu$d?v^}an-y;rp`ih{amjP)S1yq0`%o!paEw3xgWWFXPNBocewS*>j{9;Rn>>J%{V5MYz!xIfk3=eF-RyvfNr|w7|k_($J9-^`QAO z?QCc)*Zp+L!(SVf^;FjZga^k5lQwzh%5~bUbaHYi*BU6Db!1rkWNaTeJdnfFnoTy` zP5v&%0-Yk0aqz+VoAQo7T zGY}VAT}(o7(7`}IXqKFpop0H*^P!xVc%i66I&%}~LLYO*vX>(lex3(Ycn*B(`n;w% z{=@q%WVZniQ6jhm4~RQyz~mV?;idzncI0^|*`Z-*qi54mz?HCo*76E#A2zXLdo9hsKR@XKAl`@XQATl~oUQlh95A}qu z_Z3C83^96Yx8Ii!Y`FtTx`d5NWo=}(#A@=@=yJAQ@_d*71#wKw(FPNl?pc3IJh z(m8iyQ(N4ZQHI3*BnKz@u2k<1i~b!Q;CCvY*71!_)X`O;6$NgI0`3?60I5J$zfe4U zHVZ_z)Qy=o3oV*wpJ?oPOAB4^%@p=B0$VAZ=lE7u{+%xpmn}vUA(uM*`mU_J=MWy>3yz3N+ ziF@>q34REkp67xg{p5L2E|Y}f`6@a@J6Dyvn1B9#L_RpO4e(^lK?;Uj_TGrcg)kfO zfERs>^uU*Ay2_mp=~2(`@W$`AL>mE=-+=#8cje*C%a!`(B57#fy5w zA>hOvMM1=icaN*@W@6{G16EHyHY-v%mu1=CmlAoJa3V!Beutm#$hF4)S4~YaX?=62 z(bMMYTeRk#6xW-SJCxWNdKLUT-%CHu@E03LvQa!%q^!mY-w#++Z%Qo1YJMnKjrzJNoN3Eo+pCm{yrcsb zrL68r5sKTC9%mwCzM`$M3IB|uX|Za&$70$%;z757eHC6&?y`DO-<9}YI?Bd9U`%sA zmLW}DGT@dJHb-Vum7S8kwCT=J{5Z<7uUEUch@;`FGBV+$d?w(u}N| z*GsSKV89ct5WUD7xF<0zD)Ge}hd^*h;(c>KKl)XNFgH4vR0JCWK604|bNGve*41^r z;PU@v5+9TNVQhKF4Hr6*##ADf^W@ZyeyNu0OCAx4pIX(4?o zFZvRA#XZ`I=cqrbeB?!);d`_h<%%%ZGR3zf%|SJ5BYXC;{$8+@!io#Q9E-2Wt5p2Z zz<>*&Xp1-kvU=+DDD*wb6zfr*K$_==Fy`%%)|0Qyy0$;pDmwgVN`*7lVh6|j>9JgE zJlcFKeSAFG3VlTfP;J(>r8t^S!R@`ddw&m)o~K>q;(Z{kT)lc^Zo0+_IUnp6-3}@>oP;)ohUDPHRhZ`Q`v-^c}psPn7dl z=`q?D|1>`8eet;+v79(|Bh;0{EbZkX5ymkK&{9?h|9+euiDkOkFKD7_IzSktAZ;EEIS2o>B%?Wrwq~7 z002M$Nkl5oC$6HaKH~Wxxn@M z{Rp@YsjulocMaccJG52r)gch)UVd@HOvdnpwyc9|IIM_tF3NL9aAl&8mBFhP)YEel z+n~!Zt)}UBk*-0JY)__RWk!mIE0#c6PLNyDH_z6ppn=0h=(bTCJwNjnB!->rJ!jo3Prg z6uT?_oj-o3m44?7&(oK_@GKF(7ojk;Y}EJCgYDPFYwOnay2iU2u6c(7RSMOHa<6{G zhwf&*ZWpEDb*)a&&vQL_(7D<0FS&;Kgz?8;5ET-%*6$BBVCli zB~`J#s270Er?F6x+SHQB=b{cUqAu*t+oc$^DQTDDL6+}%rwh-(Zo+yEM!0+0MXv|3G5TGLObg&c8cp%9kkinV?53#3(i*F3DXdLd zJ)N?3bUV@Soc_?e_%1H3CrngwkRA2>jt}$9GJH^CHWB1Ncd_x7xtf^NhcP_wSk{GS zW0d^Y$53xl@3bblxA;zR2hx!fv(quV`L5sQs^*FU%R>Qo2eYYf{d>!U)RJPt!sCgQ z&giy|>_F5dMf3(}trX5TAl~(=-e3RD_0ryrt(#%ovGssS)~g(txYgvFy1eFFtnk^j z>{iSi*rI8)Ca3;pm}nEXiM1?1m~h@KS zL@2sE0Q2%8(}kMx_#uQ8!|>!BskJOCSNC<;H|4k}Xt;B@Tjz?c_JhN9ij5TF&;)q# ze#qi|MS>rKBgJMWY+>z#u;9WNvYlHf1;`LWqVL1>i~K0x5xrl3{f*R-GT_CF7dj-Z znzn1Nr^D9!)=q9E3`*eX7xlrx6t0DLNqUsw4&CZfK%hhemsYD~7yYh@emQnEF^NvAKrrf+Bb zxV&DI0M^sHyzy8tx`)e{+LhAbK!*rE*xr>Tc{|~1V^qM;bEntRx4IaGGvDa;x~#8j zKOoM!H43GrOj}m}&iBqwb2gl4G}ZWame#d%VR!otDc;-ynUANUajkKg4o&%mq4vh# z8hA7`_H(f`Pr!dV7SJf5x!O9&&f8?Hrvq`P^fiM(07ZklcgPx8ONZTWncrW=X{jjH zu6TsTN8<-r+)__}P+oFxHJh&d6hDDgTe)mb0v{S4?|BYB!QJEV5LXiOPP{FDQO?Jl z$3$J~5J$PZwY6nDlsJpK>zO4ve6%UtoL=ym+^;jdHRct;A0b7wTZCV$)vYbhb5dbx z%roVPv&#qmIShj~jI7E4Ux&eb&HL?((O5A1frQ{n9pF-yxl60nHu{#O80JFx?0&(m zIV;N?h(&PtHj94H!j#5*-y7=#STWahyu{ztPS;$#088|?4}$j_^I>q#elXsgO5s0R z|1!U(&CdD!tk|Hm!OT9fvXs=!S&@m#YjOjk0~Z^5FXMtR5T2q%W?3zV4NAc`x)i|$ zc?z0Eh;JjF$K7N8S*%ZaV7MaQzxRMKT#olNE=2i&#rI9%cTYI(zbhI%PMd3QDE@(^ zUG`_a^wcb)`)8+@6`43)j`=jsZR_a35)VFz0ikprg+mAeqw@7UYRgf)Agd|66#tcp-Q4xaJeUBGnZaNst{H*i^*fD!OR zfPf|;>`>Pf&FU8+U?B)sD*9buT_u6j($x>{z+;li~VxrX^E$AM%UZw|)C+YuZ@6BRlU6T90uhy=r?mqiDcb%C#Lz6=Tq-fBDENEoI z5Nt?ZsKo+o*nr>c7eCn0gP|8MG@utj4}vX=vH|i*v|(8bhqOf*CIzlDq~zg{G}jS5 zoI7`&yWew8@3r~=i}<3xtm@jks=KtxPH`~fw4~?mZ@HAnV@;6wmVb^ z@mEV+23cd)Ni$en0w+ydRk*78cfZoqg`6$~XMGDZ9Cj(8gwO+X7a$~jnA05JNtlnr zPIyqt@5K5{%3t#ShFQb(=-_rot1(v>Uuy(|{ z1RT~p)|ye5<{3>Jeda^33s}95SWke#+7?1q$J^Jf$OEhhv$i9Yc44e`vicC5;_Em; zTX&JxXt+Qc!849{VBmle_NSvBXhLtfFy6JZ*{mQ`B~SdIjUID)Q3l+pLt(|+I1QgAoGpzQKJsK z&$MM;P3S1Ew?G&8?TKcsh%&z|(~f5{?a{Y)d?;!Au%*DQqW~YlT9ud9uBrRSzwqy5 z|Ll+c(T$=n^VMPZZ3&$}C;EN+Mz!tS3iFr$?H|kj#?SmGH>#1F+?d;9-+8Be??T$m zHC>2T)os12vj4m}V*)Ma`_?va;*0pEYcWrwo!EnXQ?E_C_LneG_-x^ejpsB7v(lz- zT0`JGuCB{v2xhfoa=I~DFgg-6V_TKBv~^KZN6g^5oeP`2?+UidYlZTKu#&!obt!y% znEFTUkfzz;;d3#M&U`m3GBMD8Q%qf!?MSP$BkeOBu$>NK6!T}|t1^iKJ<|S-u;mvZ z7{JgFCoS-de88FH(ma6!c>@MM$o@V z@$wEAhL&f3z;+zGjf4Xy^PS|A&>!TTl!4;F$-7QrMd&DQSr;Q=$N98#G^yy+_)f1a zq4U%1!QP{6PsiyGPRHBT$DBsBtd9&Qq^rD9Cc|p~>>RmP5MeIBOnScL#vb&E8EwokO@`qo4 zo_*z~-p{`JQy*mAW4-5k-*3EQ-jJ*7eMY0XAci)B(wX);UE2q^u$i*dk!lA=-R?se z!PVXq=K^ZibO!$vXXptSWY+Uri`qQQ_6(#klo-YbMy_xxq!OR za3*Fmom%a}>acZO43U`#v;P|wRyVS`PDY_RfQydosCN6+ z!p1YK@UPA^n6QS^u&2FG#8(v;)pNnR@sf7Q;G{~q#ClJ{W$Y{$^Em>3PMR(%sGd~I zHhxQin@53?okBn8zP|RR-85ly5R5qyd-OL==zLD#ycIS_mtU@blkGbrEI!eqzpQKM zA|o@Zenad4m390IEoL?{Of09pkF|lhxfeySL5CS(^FDz$ntNyjqcOQa?4HAid2%5* zn`PHBDoX#W-}{%cU;cxCP()mD2nGhm48{v>Uv5Q5c>1g(A+4CObqh061}tbzzu|a> zhPa3e-y-MubJjk|4h~`LB;eGCmb2^=wO8;YNUrb5jKJYpF;3KP=;KHMSnmlVNE?4R z!W@Uu>H=SUXco_bqv1b87!=I2m!YjbZlf;Zf#a}-X+hjTQ;q^4Ozx<=QTs5foyoLD>!s}E>`)ir zoEN6Hc65PAcZ5#!R&Yb|J$ojb*Y}=C=zK5x`1wZ~Gs6rwjEX7;oCh5P33ev-ZYjo-~)|5_>g(w}>r zed#aga>NU|_un{?p!ow6HWOxUtVwh5M!S3{Vr%x^-pd-JcgHrDsS9CqA*vah&1M>( zMaQRKR_uTyI&?ov(=o7lI1!0?;E#L+CJD9Iovr5^=x&7wzYX);Z z1=yEZ!F&xs7#nF0n`hUs9i9VXouYI&^5W8UgE49NMy45l2$GV;xD?zSb$X5s;DF;kY^!$!UC-!YRdJJOBDkSK6@x^A4?@i9FvqUv|mBX8f)Q` z9A(fD#B@eY8p%h!_tZ~yJwM70df&EUydPzyk&gDVJ4$wPa~SU_>il@iGj6>t1-29z zp}C~!0FJJ-v1mex$(Ex)Rpt3T2vXZ-QwY1G`D zG_;uS>5I7^!|Lexl^fB&c^etFYQE9;ojn^m9GiVKKvHd!b@Wfzb_>`cY(`KE4jh?G z-6jc}!7DcD!Mub&NON+gO}Nys!f-&^X2;k9~|jdl@d znpS#-kwz%ZI345@#MDJwA}-p*bK0IrPyNxdX&PbDq2nN&H?Pw@vHsvv%}(#Upx6q` z{L{}4j-N_!-OL{Ey^_8A{98jMYULdruiwj#PnLy01n$~Ch;`0BdH!Mc;O^sWZ?}^@ zKhRO!kuilP^!~lOX5&0;%&)4!^#5M#LH4lzJz2GX$A|Q)fNubtu!SZ@aH$YqDvissG)+jE(gG3&7lc#Qyh z3Rr}IN(u`Dl)|i)ijeZc2$n)i*uSZifD%Ce!tcWQPDP)xO z;o5}NA>gLpaOZ)-lOSlmQ~56IyRL-gd*Um}%fEK-(0I(^;=uDT4D|NTmI7M}Or-$A zWF#%B?>;RwQReK28=dVY*>|o<(25=6 zMI9TAUES8n1KXQv!3)iFddmu_3I&;(f*uGAkqR7yMQOP?o&XW?c1 zoW?}6@4kzk}q%|F5<(FwD5`da4;t0F^&BA zHjeW3opEgS$j3!K!U3B&gbFa*9J!@@SLQ0v=8iW4!E-2HQ7#y)fH5p^0J^)V4?HgJ z0v~6pfsNKuT`Ji1O8o)?XD(HgHogR?5B48rck2(cr)S07-_Y^$JuATIBa`(5)H7^{3{YR;}1K1Xc}n94X0e&C(TbW zKB_u4e`oilY)^vbn2RR0tFF16-$JgaYN2A6l^H=~vnK6G{j$u*%9-Bb6A7L%#c?FR zZI_@H>&x@Aw?wN^42fXvBA!1qyqMFWt*tW_#hRsDgE);b3=Atj>qeNEkbGEW_!V%J z$y}7RwM?+a<%zubu7zyK4WiTjF2aRCmW%-x3=r(rs`YGlw`Bt7W7(p|R0lW@w2#SW z_)xkik2#HcUAm^Zz?nSIiFzs9@3RM@mfdjN==2sb(5d4ic>6Fh24 zW3=3+JR7r=YxS_u_|5RnM8OP(fO1{k8-MWd`lX*_|N2O3%{F9#S6WvvnrKypmR7{2`KE=VozX6Q z*GTp;93%lg4)~7%r+5yP_F(TxRyon-ff8=5!qp`(yWf0GA9G(-pRfM|)+%tm z2#m1r{3rhO=gr14ww9lM=yu}qf9A*E&VJ`BpJsnj+Rg}{?>-uD5+k+Kd~!7Y19)g# zUIgEbDQnXN^OQ7wn=eY({7CbV&w0~ul(hkUO!QsP_*r^<>0&k-pT3E)b!ptzn-aw9 zB3vAE^Rd>q!;{nOy_0{c7zD=YIzcO?8Oxs58tn5w4?ZpX>6nHSVsd!UnUbg-H}W4lAqXE1MTCgD#W}MVNefx z1U$-w0~Yw>Q^wokV~{xL>*=mtY_wE->e6&kM)*)E?bZ`QVg_hl#&F2#+1JUp*neQ? zj(Zm6dg6W$$N_{UAfTq?n(71zo6=1`mQ zv5t68o0KDp*#=x11?0C4du%XOaD+FAA`AEh9+L{e(41$Igo&60(|(?VX`Td|HU+~p zDNnk|9-n7;p)iIh&q!Hgs&s6YHXvxN*7zpq%of^Bq1iDW_N-WEkjRzdS%iauvK;#3 zxEf7!#>@r!q`S+b^#E;LFdk|6DQpk-v%T6Y+ME>H%`l0;N$oDfAf}FIVJCpO_*n%C z*hNnAS^uM9Y<eO{j`scV=5#S>cDWoZH( zpC0BtKR{*S0GHvR(Y)8VlRcA0b6xftAGTh|PEQa%xWI2=pf|9$4w{t4f1$S)hF|ID^xPSrzr z{JuYRFZ(Q-%zCfh{DZ>*N(i12I=}f1#p!ka^`9*?@L&EyGkfFr53`^AAK$b*o%Zm& z6hQPwntjsIcR13ojh{DQuVqc_uFughR{dSc>zPrCS!KSKGdImq#eBf7 zC>J!UX)UW)y4gSa){mH-SsPHSA9}CNoR@6WvYxO8_`E;tvo4r$lzCn*=uR90P3#9d z%#^~wa5yfcwW5Qv{sb`Q|MBBD@}%_rtI`1WQuzo{- zGpmu8V@Uj7`TGK_-_O>{ecp&ob$nW1EV1qw-kCmqw4CPR5pr zi^ER{qc+vmN_Vn`E}g*V2<>VALldggH;V|?H?4iXL5vODD0anWPTT!_Yv-H1(Z6X) zOVj4iH=7PS1a)4Y=Z+0Lej1;`@^FF2`81E==4)ru8VgmZlM4tv6MF>Kp#T878tXA0co2C}Zg4b<`!`gHC5>FvT(> zA+rV4)z-7)RLyGA1Z6BZ-Y&%Em@f<|7dcX%u+zu2vY-);ehS-;HlBc^y1Bug<7P0; zV1)3ws~`P9z248>UIR4v<8jc)7=G1FgTR4*^l5~{PtysIkB7je|nQGf3>_65dqytDHtJ34r3s9Xg0O)GnHCc$!J&yJy=obfT44)ebVTy`al zK9km@$6C_De;60LySv#7%|B+BC~2md3&u?mI7efje72GO(7*XGd-9n^c6!vy-hcBX zk}@v-ONGrOJd-f`H-G+q05E5%3kWM-FA=RpX0Jc*~Huo_9fL~c_Z7plHTG?)E*HCB8r7mbeQ-JBe zENe8l1K~_U?NbS}WnzK-p3xI<3h5&+Fu|c_W;wJU5X#`eo`s8vRjoS#KR$EQ3XDHY zVc7+)`NsfAR|R+dC_{VfW3x)LzWKh!;X*&(FF+q0m7M>1pZNZU^!R5*^yKs|`Xl_iq!OrAXC6?hCqCl5Oa6WN#w zelS$roDOV$c{8j;fdh{Y+v$)1918k|btr1a!}q=VuVwE)`}T}nMKb&5$!>Q0ZR0Kg zv}4egAhp_v26_--kgm7X!ldQ(d--8F#6|za#vk8{P+!uoR?ncS0X{7qZFEyJ-b&8~ zguLQ`?{(+7RNlu;c6(?tm!w7ZP;{?nm2OowPYVIxcnoi2 ztTycW@UY*~=3T;$vvxtFPN%E*`}VQIwC|QA&yL3Ylilw#J8)dKG_Sj90_SM=XTNt> z8qfF5ga#VU&psNjbw9~`M!*TbqL0tT$GnKW9)1a-kKWVW#(fEzKQFEN`wO>)O9HFI zQ_@0>*EDJK;zETsEHiWKyNAD*{o-3cYQkprjoto6oibT+a;Oi*C%Hh{g}dN~aFr89IQjv4GhZUS z_I9xrD=zW};Sdc-tBf)N6CMeo6=dekxQPEK~31(-z zlD#-bz3*r%S1{VM%dIa5W<44*mEl^e6@o66FOVa{Y_>`7VL=10T8dZ!p zyO1##C}o&;X{ir*VijTH1zS zvVrL?a1NhX4-3Qqex7;AOW_VBwliAK%Q)VfS?}I5aMxNUpKh8v z_p-`oo-0T)>X{ z5Y~>yr)i|)DDMJi$CW(vIBT1y`?J+c-G(M{;arFu^?R)2Y1+7|hqVv~==en%bL8>y z(Lk_FTVt)Ju3`;F0Id(jT6_xJg{Oq&&_6H&&w*2Atk2b&fB20wYfI2l`6&-gz3pDw zXr*A38Ngg9;JDD{3%eYK^|@MWV?aRBG!J?#RfoY%XtppA`X3GRqLGAbJmB+jp8dhV zMP1?ZR;B5Kj6(tVww>~wk-LL(`r3Fc>Zf2=_w8V&l1u8_I(esnr zK@M~SCtHcDa%eI0HC%`L43AR@@{f9NUllqxx?bDB+eV-ME;fF|n~lQ@w*E|ZPhq}B z83N2Gz?>8ss|AB#8(wXKjd4hs5HL(O#}`CxBZ>!86z$@<2oG=ONwXL+S+2q3O$c)l zY1wF;r%4kkXF?;sT#}iJQd73sKeVW{Y#NUIV||8;hK&iu1>YDcJqP~7Wnz4V@2QM2 z>`S6K8XBY4PBFVYbG$d6Va@_K#ttSw;JukI{5Z7eVp0+q+o;FsNjyWzf5dq_$9&zS zMlt@VgEn<_jJT@$-5D#EG%4Pd@I8sLxbVl*!tH(bk7Dud$PL>N*MygV#IGPP+#ZuAYf@`WPg__DuLM zn$yX*&>f#1X>8PFJNJR;qa(k$rZblZKH9&dG|_EATh7dddyNO#{rY$7oxF1ksXDvK zXgiz6^Ox>rU-{_|vafu3_TFU_Ds;Y9POn&_z9*aBFK0Wo*3zigBx`KsGU|&^AfLvT z#^b6BGGqP5hd-Hpa`Kj;67%tK?|tnm@9BhGO*88!ny8DpnmjQFhreh$0tRy?W02>l zJB4L&%R)Myj<01SM^Ko&W zUf10O)pAS1X5PazAK}UE=Y!Be_jQ?@dRhCPldaZfO73lVOM!#}oRGt;=ykYfD?$4P z2KzQ=?Nwg0k87J~>0p%TTY>W^MXu#@-vp%PtS)Wg&t@mRPi1Q3>W&Ao;GcGCBA z${wwcczi^JusPElw}iudlRua`4||^nylG593g5?(%2HfaM_bZ7&T!-za%O{kXo^xF zztCt#kOz|)@%X{01vBp2S1_8Auqa)|FcfwswQROIiFO;3;6Yu$aomDQbqtA*Jiz6# zXTobwpY%6iMtVGZ9TB^{k4;SR-}>!H06zP2S_I5h36-&V-Ke%CtkyGHOg)+9z&^D; zhBkGyym|H+9l38vY9YFp&>#}6<#)u~aoK98hkq=sKnbFIdhVRqoZvzP%@6wM;WS^q zZP%gX^TVgvJ)I6h==|}s_eBF;$0BX>cJI_^yr{sr(QIXpnqSmf_jn4seH|#XejK?} zkl&&LXX!@j9bZ3w7plRh8v}uW`R?w^S{L^&1QI!OGZ!{r1dx#~!S5oluB5Ey{KL-2 z+1K9tyMs9&JYp?5%Rbghv1b=dANJq%X)K@r7j1UHM35M32)?ZYietVcZ2yu$Nq)C) z?0EUS>iZ+sH`YOZQ9gw|sMGdS*0Mp}EWmkFjPwYD!};3ePXaiOmPrpsg~wK^t-L(cB*NC)!Be;XKai zNgU7N2vZL(jgR!J@b`A^XGdqcOiE~`;{!awk+mZk5=)`zZ7t|93M6PU8XwQ}1!Sa8 zfyF(acg$o4hvOal2MZ7#O%aw*^&OtzS8CVeBEZ;$PA zmsFE>SunCO@3z`e3x|Hkq_{20+Q|2Hx$3OYC|K4!%`U<=vJvPF=abFgz%_v9v zqg|t6`XgmXQd)sM&(L->K5d!zpEF_+Z)O@KFm#)~4u>?SXMs=TpXNv1-iExd7)u1@ zQv5x}^LPf1bV`d$8qNrpX$#s-#8J+fpqvqcE6U-;F=FUbljbhRLd{-e*dnxiPM6Um z>4A^I7m{{yU_Ym!>cHGV2)*$Ofg&_a>F8l_47UvZC<87|zkuXEv_%M9F6(k7wexh0 zz!{S?2$)IVsWqj&T$g}Z+lXFSxVN+RiPj)p#DrNJ;_vT$Hfv@tinwZQ*x|h^` z9m2ORsbu?N5g$tsjj1BhzN$;0O49b0d8Kym&;`;GLZcOZ)|LIv?vaEd9G6B|;vcGF zOboZ?`aV5-{&Du;?&Iu^gwCHHd}!nH==523ry(;{CnrYRd0JPKiK2(iFX;5ss~Slw zkPOaK=`GA7i?o~D>X`n7VXfN8?n$GW%K$Ixn2lQcu9VJD7lD~i-xmRKb!GL@@#o+8 zTiR#nBHTpanj+NA4)h+MW_#6F#2CI~ACeToq7zG3ntkCgb6~6o6!v*O)(q7_J=7;R z5ccI|SO?SfAo7tnUGFLG>rVlT5s-r=yYl-yLaDQFIU?1Sq&b!*eICYe^*f}oj= zN3Hh^9@|FQ*kXU_V>bF_xNdsWdvrKnr!1s#i96~|<2}ch9fj55eje>L;GyAV*^6x5 zmI7M}=$;3Ch(W-)b(=*2J^)+?q4QSYyjkOBCD^cF9(12egZQyFZ2IDBg4OvJ+lwNA z7Tc+89#3-3@=FpPNN_NhedkF~=8NYth#k8{6)onDH0NO6xAwW_quzRQu^|p8_QQg< zNw$r0q+HBrGt0&{m>z65fAaLB?CG;ljUgi48KL2N3Py`}rNEP1o5EBKW4zo`w4c&x zcpS8XCg)Sfl?|F3{X|BXOzfc_cHXh@FjXDqI5_8P%VS_h|Z@S$R6DB`D5o0de zR@GjFRSjt|*DDP(n}HCZEwdzNiGZ2%;b>>8v7g(U^b;M4rW8$Vn zO8rz2{V3~8_}wq(8qswL1#~dIqxGZRlPynaN23vaCc$)D!f~{L9e*8%);vFp7LL^B z{Y6;+?BJ8^&fSOlKyjKqKYE%SoII0OsxDuw>uA2T0B1Q&qTFe|klm|&L4DYqm3^Cj z0SXL+W*305@}l{?1YAB4-P?O9Yv@wIRfxs`y(`Y4m_aUvJ@8fq>tdKJSXzkpwT682 zlV8hTfBOHJhOI;JIiC3^<{$*3nk}=l@<-Wj>18Q{yr;Q77i5tyuX=PopM??d(=rhT zV$>ZlJS}SSb%!|CALdPdxF{ECJjaiAM0$~Txc4aMbrJ7rQ6|ds-0gyk+f1fz;$jU} zEns4}0VCFEWwAJ~gVF5se0&tf2M%jI^C;`Rw+lKsR26dk0&Q?nUdnYOct-dfv>0eL?1{?`_QzZ zT^NlZLBALPvk|zm99*z?bbyfgo@vD&pB`q15;`~PyK@PgcUybeqXw4*KDe?r+?I-2 z(>BKOqUNt#S!*F0&3h6wYm!(Qin?D>r|4D&F3`0(W`$r^hu{QA2%EdQH|3Y#{-6Dn ziauC!%43pazAfqW1{W=HsrGU2V|^r>ZMJ9#-k7GM?8psc9HXyy{Up^?Q4Y z_72*YC*1qet<(?a$5(_@-~xa)JiMv_&Vjj+1EW%mKZnf4F{6`V6Z@W=PQ2wDy*G)SbUHnD>q z9I=F18k2Dzac!zk#MH*ok@#zlXn3p48)S-Z=mTQlRVQyYnEh6qsRMF^dEJCHy@Tv(|KuO9i}-KpB(I$}AaoH1HSZJ3=sjqDALCCRTr(cdl`>M3c?{SHs#`VGR^K9?# zU9;uf)`ycxj$`2uo8KettQSR}pwOh;+xUx6Kr_unim$G0@`_0um)+TWG23rFw0UK9 zm1O$(V6e75}NnAV-aoSe5k)&*M|NT(J7#;!f<6Jh3ke)eH>OgYvFTznAaIbAp6 zIRv>m2!kJC)~rf}HOkkbfJqy1;7J^7XW$%lxNsXyYMpS=8pfwX9Joi_gn6=;^I!GsL?)Qt zeK)shEYwo`0)FZjb)~UIcvkrs6Ge$M#P~SR9~LzBJsCLAk41dZfAMjT^p-C8JCW9Q zyC=KVW1Qpa)Uo}b^-c7v7w{eyJ%>p;1PzlKn5x{ZysA^OpJ+dEFqFQ1*izsoQ=nCT z#muv6#ktANyfJO_xe9YY?`nM;H{V`eQ?~-=tE2s;*1T@}&W+L&X%m0vT$>OGH!6>{ zV84DYZMg`vnD0x&#*YcNwfJwfn3tpEGNsbZ?K0&zzf8d}oX2%q+WFk;jB$pjs9_eP zP~?owyKx`JfUq%7c%wAyQel{0gw6^ISo23ADwThR7R?QTS@8v5zJc zP-COb&e(Xr!jHfZ%Ge0-!Z0^eY|#dsU*>dd_32W)6O%ya|O`^cHf z0bV5JF5<$Ec>IWi$xi7&eEib<7YU=e$Gm!aQqPW04i^Fil^Z+z*?#r2`rr|!9Gt!> zAn4W+!;hvj^{r}NLHiu$vDD8$3@I!Ck<&#J0XBZ8`^9{qZQqe z{YEjxCWO{lFm1al6hvcM=LKSmwrw;&TFqP%$gF$*jULUt`188pE{@6U6092^ zpT3d()(1a5J9CmF)@gi9&v9Y{`?JU04=h)t$9zvDaf4^g_dLfho%_>#gmI*&@x#Jh z7x1x{i2X!b&H&_pi1)R!5EMuH0JkKs3m$!xM7qOp+*7;>Q-7of+|+j%4zI}PZR9yz z5msJB^F7n*V#HG11euY0*r#mZL5jmF=s28vGoOm~kHN1X)0o7|hzbO}AHBwib3diI zbzqK`rA9w%zku+U69O*$4H#(~tg}6WcR>HxA`VSlHm1jwP2ohiZyKJQpv5fYac}vH z2?OHR-%?=HDbOsxpmpjK?bgTdH#Z&s+lt?zeIWac*`VK~zN_+;aGc{{EjQL9AxCS7 zuxStJ@77&k3arb%Gnet9QI@)z>?c>H_3TG6(v-!*WnD0Z7BkvJd}TY;M&mMUKre>n z&B$GB1&fgH((>nIA2+_m*L!|&#%6rWhIgwI@+4$il@M*TreL4~SKFkk-l@z+4kYrF z#Nbgr7|qc-F8Yj6mXAUwdRM1u0eTxCT0%IUgxh!*<10-kPCrGNVv-pKBreGVqbZm! zuyy#<0b`6G^&wzJXomoxKwrP94Q%Bi+`|SU`JO&Kkgs)6@XbcBR!3*TgNZKS2JX&y z7xB=ax}qNhmN{u+UN9lBxL4- zLJ6Zo5RHE-jp&YOf*{&7qfN7r4-Sm8^}46eKFS{6e=I?wKH!`lW%rs7vlD5ujcT1s zY?SRcA7uCI|AN}Kw_c>S(2WAcX^tx(NIvvI zCUZLXQzkCWi!P#$bZub0A}+-t^04-?K1TlVi@c7Pt+gN|=k+r>JnVNFxYjZsUDFRA z;OFhK?1MiJ!`DR8!v$VEJ1$;Nz;L{L&;*WN)<>wpg%Fm-;X}K~OFH`EK`YAo2`I;t z=g3Rg=ucpS-DRvtt80Egd$Rvp_Wtv44M6&Sibr*n5!^a#&<}j5-Ye_Kc;|gvrw0Yk z1sLNwoVm7+BW51j!FTd8`#N0EHE7&6u%*Bf6xb;})cV9-DGQo?TB5FP zk=0WGx!bNT3_tFDpjmT0W^5P5x;jZa)R$uHpJETHrrYJ4(psx&x}HySg2@~63MRPb zm}?$p!LY?-QB1e_S4x3Z+IQwF*wM%r--hC_tu@)E^R(um#f-4JWtlpf@QzJ;dU%sC z4Z=2UOM$DPz&K_cro|bi)nEiX{zY9WQ#7jv&#T!z1kO1ZwQAdg&B_ye&O``X z)#ddU@9`*ILPI&)k){`6%JYK*A9iNi!#EAnL?aVE59f&|aDjQn57-e7`b1vR%Q{ZX zP4)(!9>|$@$AumNBUo63`Dkn@MSt)ia~u^8nBfCEeqMj16h7&JTM_Fa;=_?|6^;+h zWl3c@iW=rpX2Hc=%bmsxW=f;f8xed35k`POHS9qnC@DttNTzi@<~E{D`$-=*=|r_c zJ09&*5JaOHUDf_Y0_hIg&?bo1WrbRkIx^95+LIt!mw&l=4g?hltfhsX^vOlh=fuFL z2cOCw@5Air@rPMgxYV#kYUX1K=#6G0dnmij_3V)kxFTsAS`!6E=c_eUGYmFfcfFgt zI}bE2Uerm9>875B0WAKsTaCAKHS^0j45C@%(l#rupZ(rP|9AG@(Ki-Gi)q2v1aB>2 zS#>t1uvL9U8cE+#I?6r6E}hq7zQ<43jfkftdjsayC>Lp?`9r`vZoP}Lz>D(kv!*$Q z0k6ngtf{`<6}V8wKX4DXE?}kg5Dr(s_OZtt%jMriyyM5S!)N*AX z!^<{VpNX`${kEC(FjHOqPnQL?EqBQjc)a&o_QApHmt5=BRrl}x;9tr9;n)A#!U)t# zclExp=Y76#*=>Q%p}=A9EfYGQNa)Ok>sReYxWWP*1{*&F#aVXj3C#ElIBfTF#1)}+ zSr@rg#m1FQfE`~Mrvro83lq8&^8f%q07*naR4r=+*S-;BGgf>BpAKQ0I-LTmuR;DlUe84k^WwD4x23?M6iAt%v~01_EtsG* zebKPlYE0(ic{T08BbYMk3`UD^vd8CfDF^(DK1{+iFn8lji-;JQRDMburPC;bNV&*U zq$Ld|gW#l0B{A5LF5-gLxv#owxdvdsPBoq>A2yr`gD+anPy0`eW(b(w1|jgg9h}p& zcJa)AetEKm^SFRVCgQ2z%aKyFmA*;iJ=Onuzp-`-0Dl3LyAT|Vvn?5U7V&9kRRY%v zHX)~6gcUGpa;teKyHovKR_^+xt&wK_)WMYtovm-?+ZznQUc&<)4SeKki_{N6^u8OZ zD6=Qh{z!soG^4Tc*w)3EoxWdIXy!R&C;Ck0FWfYT^5&Y+X`d~Ec3ZYZk7UF7PV>It zp4vrFr@Fu~_CjdlKWu%sj{Cl}oiLP5d=h71P>UtGFm|gt(k`_|!oSrY|YA-GD`7mae2OZ<`(kD`X3)#W9X*{aUAipD{k28l z;uJvWj2-S%nYV;jxk?wS^IC9VVX(zPny!N-Vxc*n?EqHt5L(ylB_NE@n$5>-2Rnw) z+BK~)2}0Nxtc4JnUDY+taS{8@Y>-|1m>wyMIq};}=h+nS6|GkCqrYg6xi<8+U#@Z} z6&up@{URLC+y0r>KL!1qS)7*lB55h3M0gn&%n3f4dajjw@sD}U$_qO3_>P8*KSwA z#MH(a%r2Gi-@s6TRg%NPOb7H-oGuI`qr+8ZqNtM+j+jD)8^*1OClqNeEO5Ld$2eG# zwx}Plx_m6C=mJO+0?*bas@I#@z4~i1r6DsFCafJ(Gi}bt#JNS?u*pW$`u1-B+V&ljz>Dt=5okp*1+GbOrg85R( zWhPlZ*lg^#*iE9qkv@oFJ{f!5iztFlg12n^S_RI_B2|=Q(SdQpBu65dPu8U(@Awcx z(1DhR7(|Z0R`ly$uxo4OU6~p<(%UUS`XBU2 zh0Z~n6tBn^ewr3xgx15eF38d$1=3a7p`QwUEvn!-!hlJ`Ja63)1ujLyIq!p=S}VIJ zLGwmsr(0)$K0K?PE z`atF%q|XpUWT;WdbX57S)O7)LO68-YmN`O)@H5kewrsv1o>pf z2fVNwZFSln3EDyjW?xRq7VWjLO@v-SSNO%m=O5wINijzvMQj^hkOGrv=<)O!A^OGl zYPy#|!rbRFVX+FH+iOw(D=@{{+CpstFHCHpe8tCO-rud;QsBB#z~nPBg*eZhTYuua zemMKJZ~htJ)mbrKxJC&+59IGzeYs=(8zfFqQ4V1}_JoKS6VIC$o+Ch2W zvKzN;db71I8DUULlE7OM)Zk}@VgLN0%+0Z`QfM8gS$_%vObRVclWY~&F__P>cxCa z=aulP*;tiN*c=gqhoK;2w5pS1e6Zmo2_Lk0Pnr^RZryka%xlJIeCZjnc{kN`ap(Qr zm$Sx>@1bUtT3Ir4X!8<<%{Ek%p}De#tPl|E>o2^mivsgC1JI*uZme+;k59AguNrBl zuqNPC%;}l5o1f`o(}ol@xF6*`0buQLI3~~qhSq?7N00~W1Z&YS5#u@V;xb&;vk)w& zYe&={Wk%5~w1%znq%N;BE$2e#+FV>K2$dWipQ6kPKHyC1 z!xYluVNU2)q|gS=nEu#kS})$bZHXI90r;Wa$}9HaWS(Yjh0XI&Y4h@M*BWxWGtGgV z%(!fK;|0#EAShoj`DGV14Wc7p2(Gb@;}Ub-&~dV@;?5zgik=`X%r|nUF_|B({EB9jdR9ZA%p{SwESJW zWswaln|?~;`_}$qY6Y=bTm%Q|U&Ix38CS|QT$2rJY=FsYErghf3ur+Hl0%CJ`?!>W z2}O8OwTr+s*NE})cYXwxfSC5D;CI>``z2Lb8s(-rpU13=l@071L)z8up#7AJ0|(d- zKn~g)NkEWLm44;)!g2QljU6c zdlezI`dI=3aN!4h7l0!aKKNVC-G12`clA5jv;M%fo0yqX*5c z_vX~!)$Cr@V80pZlCXOhsE( zReP*QJ3IA3Ug9VZEbcB~t=Zq-AEYxc#Cl++f0U2;I4%Q>IO;`+P5#r zYvY9{%77P+u*1kj;`wvYZgPz}=KHjcS^L3rYwHJ$wGn8bd# zZKE)zJyVi>%ehHS3HA=)+gni6iP@JVZ2r~|xU_9U3HigU^g$WkyC|a?jZPqUL5Job z!e%ZvJhpp`jxGpsbBq5+fAYV|{@1Vm)y+k4i`kqMDCHk^zCCCDZMN%70ZiZ)Lg#}^ zZORpFD=)Qu8&Vm|nFMwcWDMMbiyML#`-w>`OJH5ic8y^)0n7mCcSbcIp*fluY#}g8j_XR3{8Tq$Qs35H7YeZTN`HDXl~VPh3FhSI8}!9m#2^Q* z4|dnhjkv`i6}cCDaf*T~2+-01vIj*!Dti?6b0AMuW=CWau5TXSgY9 zl^+bCMJ)U$@D4u(!24SCm8Xy|+MMQfTv7%Rfo`?j(8r|@^Ac)9j(6lUf23;9LtYmO z57#p8Nfc9ExS(C&NOkeEF4D8-aVFPVmNi zanx-*uC)a`bLQIUphP_*EWiW>Q9&2rIJ4yyrgTg5kPn7A;tXs~ZD+3ahFP5;3M_xt zLmp3@#2XJC)IE*A$@#H34`zSlm#PSB2hnbK&@GNmyJc+ThBAaov23WU&nSm6V; z$(gj?>(+2S>|mY)U;Bx6=~>pOKGKonCpM;Bm@FYO+R6MR9Ex{kd_CLPWht<7y85fH zeyf?Fxv5J5L$J3jj?0!q*qqF8%Ys>`-1M1fAy6yN%wG1O{bBaC@BDqu(^{(r>qFjY zs?lSaZ+$Kw#E{=7YAO3(0mRbZ+-Q))S@$Jw2e1FT#0Xq8Doi z8AikGEf6~6^Ru=JcfzbY>;a1tG@6Q%Jme*PcUKoqDK9_b$j?V$qk+~+r;}4BZHMC` z`Uz$@Te}4VlG%W?I(!}C{j>PI9h8rcsZl;?=+CN|eU)IC8vs=A{28=wOgd>nvoXmQMIRd7^@QL#9C4%O zog!^ve=J>qLW1@iSyTMvgE0XZldeil4)3Ph0W8bbA8fW zBmWH{Jl`C1eOk7~bP@#+I&*r8c^y-_m*uts=gXq>1?xfIf#33`K^R)vNDj2DWy@Lz zdrJ~v#|C2-iXCZNaO~pm{+Hj#{)4~%May27$&6FkVcu#n&!XNnNoV)1U8!&Vv_aPf z6ozZsMs}W-`DSvS0P1ziyVo89QJFKBjdHx04KksH@N#=i;L2OH#l~Tawm8ygjS#fFF4+J{~6c zQO4SlO=nC#+;&$od*Twb7+5%iPn-;4>$h=PW>4nBfjIY#>eFp+!gvC6w zp3olh@oc!*x>EE|nvb$|PF+Y7mUy0lVM0vkB>)9|V(l}q#UIsYj&~r!iU?ds@dr}y_Q^~U*+_M3p`7KhtQfn90h z``C<+mbaG{x2@$TG6B>mKe1+Cme6@RcYoV@;6}HX?T54tw0RwJ^X)^l&C+*geG$Qh zusPsxtEsLqk_N`J?V=h)xyC-MLG1T!Q=V*G7j0H-U@2!pE>j&{6w1xXZ(1XI=Qx^K ztMS1{8~Zca3KmmzrVGG`OPPb%?1!JGT?JK!`_q}xN~x}SMY>qhh(*g%Jv~4z%}*Or zCWuU6;e@98mmwY=9c0JmU}&5m!-kl(uR;z zBu*>h92aPh_8D5Nq#_&u4rVrJyFrwnAJHa@IjhiM`!o6SP|ldA&pm0>RjWE$dm6Fs z@6;RFz1)<>xc(TW)EAhm|&!01EA=~>(`p=gE3TQ zOb$%fEQ@;HT?oGRTQBM-Gh{Y*E(`GD<#se5aZzBj@!}AdfN-UipU0Q=>YJZ_HGAXP zZ&=6MI->y)^ExHcwa2OFaS@;9IbXwYOi?BuAW1SdV(a?MD@QGR} z&rg5sgQ^RceetA!s5^xJL4V46ITxA}Z_n~MO*X(?YdP^eTbz6x2mHF!Dd%wJqpKCz zfIrYB9Qe=c$V*@0_+WsGzO!}MV%GDgCT-vyDKI@Ba~IHhYFs~5KOy|>Y*#0MPo+uN zu@k}TuXkI+mIAXV&?>(y6NucYH6jz5RdAbrV<^C#YK_ukTlnr+-EP%JgF0MWM#))V)6Gw$ZT-!qfc2O5sIJ{S z|7LYki;4{|oZ6&ZwlO2T)U^)3En$33sA6~cw!3C+FMHH@nNHQ% z(Z>ruI_RJG*=?uJdfN|`*%vMC{I$1tZNK>_yR-X(_21I)R#Xss>5cplK|Xz~2=ZcJ za`G%zXid4<2X%U<*{{6)<3lyr94|zDJ_qCVIO>n}1fSoD%xctRx4l*2!fx%y^TmL9 zyO_JD<3ql1Ay5vD-+)7Uz+=rJ?1J5*EOAjT;KcrfXK;)72-|bikFPvY4|S4{XWU>7 z)-&40#Bzd%I=zg4oYh8E&&08Q27YP37$udK#_4gK%W)zp>Ii&-*5it8N*pasU5ax` z+cZxaPRn!34krUC=6iVyuKW)tWx0>QFPvUE_$vo^sC$fRx=4IH!(nGaUC^6q$tGCNVbH&Bu7hy^Zi+Fjt6-uN znh3sMc0`+k>81=n7f@5DGvvg0nlu04OqoL9?0p6;smp1D&ogE5dlEQTWC8>&CoWVX zSF5>~o6=}e$)z~3Ho?3Cw^``itnFtHn>t!={pF~yo*uMXdquM=U~c}^cYi`3{XQOK_H{*F zsd+YjBu3aj{1rk|%dd2wSACuy02>o1@)wE3`TXqlv@>1eCKE@Pw>#8_Ue??+Pf_xG zsDSTlD9=%rbpsc|V(KI=gvKeffJ0p5BaZzI&-@|}KEJL$mSabmHAETsJMeiT4;Rx} zwCW8w7Qr8_M|K5+f`KC+S^3AQARPFn^;)F<7<~K@yuc&J#LEeX)cJau3tnyQ98OR3 zZd!O89cJMe)S&E87&=*>^>ylMH#_MZ&H^=edP9QPk`$H>yEj`9+m><`N7voN#yfgz z3me&U6Kk7sOMwegV5jszsx2p`D0o3o+u}Eb0+|2VDLu50V$4(Pa=yb@7xXRMYe4~o z%&66K@n1uiHJtW7GMmh!8qMPxgGxRklrXoE=IQp2Gwj6hMVH@k@7+OOzV!0rw#-WD z@&p$te%CSlgP;AgYeyRas0o}0;3eb(peZAwK*rN$3bA}DvT=3~_MVK08@o|Aa8k+nt zGZJx=d@Gojjd1wDrCjRlIj2_|KP?=1f^!Iufs-=dp?!t0xMNz!-X`*x9mu?bXe*D< z$89hpv_@0eeK(;2!wil17{P^-ZGC(=lSZ@5tzc3@?_$`Kq>i91@VS%;Garx@(?pk}koh8v{*0q|7}u1XtRl_V-Ry4!m6=Rj)U*yYNkh03zs#{KN&hyP-B|IVxV zySWgQwPfZEZf(%Fij5hKjKK6^&0{<<-zCQn1|12 z>`LH#)O}a`XUzw?iv>sBvs?<7aQvb?Ffi@K566c_^3Yb+99)#a$HiJi*)YFAd_0p* z-m~1ihLy|9j>DO_;s<=zE{6?V)=Rq!!PZ^viIj%(52UPZ2AIw6I}Go!nhb2@_yC6Ak6$YJa7Lhh0V<}HtTCQ_F}zJ`lGyc z(EYafY+WcQ!QX9h|H|k8{B3FKMz^!3lLWZSFrTo|gxDf?jsmCskF>Lut%B11b7`xJ z*lIYhijvn3PDw&$>;~4gz0&ut-Ur%jxt749O+gL6XBP@$fd0*?#k(@IajakAN;*ol zC*iZSwsHXm8i4KIQ~L^6W6UIi z-Z(b$)tXPg{WAoc5?pdayy9(hpKttwalrPvF+MYdd}5h~>RabSQ=8_aj!rcs&KNxt zW;)ZDBw4#gg_H#|2QxdHp(B6JtEQlxW{N=&Y^-Kv3MMoB8T5hPUPnR4z!CfqFq_a= z@Nm&T)LG3LS5i_u$V0mE#qhQUnm;hd#^+j{(S8?1D_O4JlK>m0U;hvk2QJRUdszg| zCNx$Km~R)}yJlKPC#MT zq!>lmG{Q@IS7ux=8TqfbZzCt$t=-8U=u){!jt>-7w451GvtOf0V7Bp7D8L)x@3srx zreyUb3dl8g?qv7&UXu1^!y`82FGFQlOVFIHxg4x>nq5w1lWXC^*I#(!Z|Qa7{X6fN z(_`)@HD3-aW4eA2#*sI|7IDEpz+%r}mkCN~qg^`COnovFYTzBXq-}`8ams3EXJ>#j z`B-xh)Z(ICzzLzUn|yNGkVZT{`6(Ob8GsRG35Vn3E%6oTm6z3{IYH5Sh_IPE4*YGb zR#_8^DKGF6hB8q4W1;1kQF==z8bs9+7f2LefYE9@L$EE)j;&h-1=u?KPCkTyY&7}jjx-O)1~gB& zkjLe6^e+Or(5$q2Z6_ObU#N-;7M_m7C@n^xgE0vt(r4)G_7KImi4JHH1?{m-7%pu3 za)BU@GB`|b;Cd1;M!n^VGX($;@+6#)ZcoC&)5(8hu7ws?7{z7H~*2E$EyeQGXo$ zHChQ0jx@2f7UnWRo=vFD5qz9H;A-^fNU<}0ye?>j8^f&@yZz=;wzJcafJ=fcG1rGj zhsGc_b}C{TMW55ttkLjGDGgUK?K`@Z@VNcls{s##VnT60?ssHC3 z`TT>SuhBfGYl#bF`OxQUlIQnUhtQU>6Z^1;^ZA-`1uj(1^HKjhQXYAz`LL#aw4XLQ zhgcE;tZ?9g0}mJE_Uz(f;t)I&A6mb5(EF@!cX5kfPz_etydnBIuv%0+Py{&@P3Te9qHB12+N|ik2-qwEjFj=-w zV<>>287*hzZwR1Q>9zvrRZ?>!VMz#~&1j{xqlFwzX4z!!ujk^iI4;Bjitt%hYL}u2 z!fLdpQv>E`_i-GgDy{5rU2RwpLUWL<`0%ZI3Y$itzHV z1#HWG^KSXY6P3EI^%StvbSr1K(WOwA4|8eJk<8^xa@04r9Waq_f{Akm9U;6kLTS2( zi~JnR-Kp;wQ;aYaE%8>XWsGg<@W|{$CZGp(fe(zG$ZLKufRT6boNM(&JbvIME=W(S zlF)!i(Jp5?iSqcscSr*{7e*_WwU>Dubb;cGbxFeJrrFW7iwTv2AUe!#kTZk^%(2v& z3Y#4V${3OKNMF$}?W|UAX058UG_wbSlHv_ESL67ol1Z}{p>z5^Tn#qssWpVn={qs5 zCfbi_jf%9sofhMAZR0LN0j8~q_M4N}8BON<`!Y`^f%B%iy5^0YRZV3pY9u6#sb@tX z7Y4(-bJ~5D{n~f_mvd!@*0hOJU_N(_lpZQOk~ZmaFb_}4ki?(J3?BPqOxs}!Z&?=t zZswbDzqB3W=A^Vt;6Rx{TPD)YbMwKN55?r?qcRLCLgy$Sb>f3-_=NdL+iW&Wa2|qi zTL)FA39DHzsGqh4a`<^$ef>)lhQoowaP0Y~arxLou*cBWrXj_3 zTA9!wO!Ir#>15j8YG*~7-5oKeIJBD3q=MmWt1g@gkd@ChkUS1NJlVyqgM11^eHE3# zk$1GLat-x`WnAhH_)t&y1rXX1H1JsEarEV@y%phwHmj9)+s)@E=V1q_7@r z{b0Z*9zVSA-So?k~OlW7(NB50`P%1Z30FCe^h_8TP%szF#JY zedl78E1<_ZSHuj5NRK*week(74W}gnUihKmo8|#t{Ippw;FD=&@jQi@|0%M%e7j1~R_&A*`z>zf5 zHyS$Wa(sQ>7+%{0Oteom6~Rc{D1VejqsYbB8I6zUz4EKNBj{6^Ow>iw`iJA48#p6C zzF#ES#-s1^26-+NP+c+Rw zES_$Yxsx4Tkp&7a31pxmoLaS7evq46e(mc^vPtu!BM-E(ECeHM9bIb6Y)7$i3K?z2Ly?(@{0HR%KS{il*aM^p$&5B?`!|Xk_OWENerX!>g z)%GL6!{sD&Rz)zcUI(>04I*Fo#@ysW?7)pQ%6Xn>S)?xRQ*+w?!w?)k^%ZV73=?hT z5h^Og@ot>qsE+`jKKpcVtQZp-F2JsuFy72`U?zi-V!n&MDC+R`0x$ZhERC}>G5x!W z*w@cWTb-No2Tk{G$u*rf1*ePRu~)w@Ga6481cQ(UE$3qGTM)oDyC~3-!1(C&=~!Bn zWe=SR&fX7ylVrxHCL7JV1X-5?Zn{J4)!N`)e=!qXJ|z)kzIE{1*+2jImu$X|b-~vS zCdAn|`P^N!BG!*V$r&&P<&%6Km(TG`+EW~+?T&lj$^SVd0~T}!;Cz{**Y&A5H=$kbkiSvbPb!*fus1I6HIOB zV>l)m?ER!ZP5|-V>O-vJgMxuu;EwMfs$D3Z#uFZwe_9@)ZjSnKwEs4{y|PS4=!kYl zcla13a(dYJ(Y#lj#*DLkoRCKk^U!`aZGD_DlB@z@5#x;0Trpl|!&y%b-rWP4qeMV> zs*AW+rL46cY`0K1p8_Q_*YaGKRBqknP~flr#eb6h#8?08><`}i>e?$@r?5GY$I1XF zry4qe!AG%+x((iXUbJbqp*%w72NLQwv{)i!#$3j7W-Qi0Exw9ii@B*wrnn^GGF&gi zE|^}7WN%j~HHE_yZ8Kc0hm8dSXf{4W87~9DZ5_9o0&c50=Rg>J+ECj@Hy^JEo7n`L zy=AG`;K!zTo=rF99b&>TYUBsZRIt5FN7Tyu(oQ)5^NGcyJ=6)#fjy}wc^*Qu zUAX-(_X;|QnFd89@;V4`KE-(V`!cH^hDM-19gRu!$j04qX zk?>beTko@B`bn@VhFN-A!p(n_L&%86IZRW#eVSDyl*eACZuZmo5kUC{U)+8rE?H7_ z(LQQKxPUAAh5DH7gR#d}wriNpo1*oDC#zT7Mc&VU7!9ub9gOTa}lx zGij4{`txgRQ%`)HjrAec1k!9>QKcz9X?m0yhu5^YfX8~yyTqDnxa4%O^$E>p4c?AE zy1Fo&`z=`e7}2cVvgLf@Z3Pd<#p!6vTOOBoLDU=mD2^WQ^QeW>!lRk<=W(!HD|=Jl zya^3iS#&Ae*9oa3*(q-81nS@=Pv%V9GpfGvCJeg%5_jcJ zcW-pxv`f1#lW)HAW^WN#IR!9n$_I>#ygMsL>V^YE*!^R*iq zX6%K)fiOa6V4P(iXGf(!%y#?V4IqQCX@3|)T*~AZp+%2w8kW=X*{?s4u=(-yOjA;s zN8FaPB#WEbO;fPnoTP?KkyT`O;^{G39lTGFQ)5c63m?ty?7fujwH{h{bFiL_32%8z z^MS7|Fw8q~S9o+j=ZNX6HyJKjp0shP<|29S^f?`n0CI$R5$lVD zUV}_Y!1H<^Cebs4Hiq(C1|#nl>a;PYQKfB@I(H_hOU=N=T_wG@Zerstq33(vOGRQ^ z*|nv>Zsjxf(Gj`E)?E$-{@lOxm$RS#&A)Lum0fZz$nkIu-4Stefjc6CW4&bbx7961 zfkMcv9hhk{uhNkBVz?}xn~eq<7kjqxz&_R0FP>d#Hy@jZbF@dt^-FtMOWN4M?(}5$ zny)(?b=tZu1y(_UA?76kmmUBVidl>cYL*}Cq{4JtPSL)!-W)~4KQ#{mj**`{&M?Agx^@$BLwUp$v~_798c=q7 zy%@_hPgnMeL(?z>&6XkmV+_VflcRoYM&d>pX5xS)gREY@E9DB-?%79T zWBp6(OWQ%b3vhk?AU|;t4<_VK=@(&qw69Z_))QqT-C*Xhsi&enQAMY8sNX-T76aN~ zYds`i{OF&Ek9zPUtUwW_QazJjv4O(CACwuyj1Q#wA`DDi2*f9pB**xq4T|+P&5LK* zgv|%i*v0&zJIeb0El#`n=_HK{=%4TDf>u$JQBdBXj8QzWd3NSw?$q`6Ou|0G9PqbH%(`b zR;6FNlWbQQ)bwm-HvCHth#;`QBnW0p!gXb`1iLoUhmNQl;>U&yKf=*8wtK{dAMsb= z`{sT5nn&BVJfvkxx&W|f0~_Jk4C7n6lG)e?!-7v5lfC5^ z#EdC5??JC$HRmw!BRl|`1XQoy1uo}276W_UO)eX_dl})NU4EL|84F^HehFqHa5n}; z%!V3fm*DNltcKlOkM>h8SmkoOGntdvYwfv!*x;$YoOZyPHh#&6Lu)$1CTLb1&mIR| z>4#~qNG(Dm)Qtqg30Nsba@b1Cdz@y=QAo5y&}9N;o*4vAPxA1?-ZJo_4fwRZTG3K3 zjc7Eay*(;Po5gV zcm}f|#hsl;5;i|v8C6{9tUjlYqmq?DzdeAem3sEM$KRiwoE>GY`dz(8T$p;j9D?S? zHIk2~@5NPRc*(c;DPIhVPbxQIVr zeiYvM=f%sQ-CWI@X4m=Hw3C1_3df)AL#~3@`v+(ISR0%kUN&f8(~GSWX}q`5>7dr; z%{Aek$qSvz9_{tUT1#Ha*&MF5-9M^gzDD~GeMPikto5&Nr+5%Jr*%23f@WTWU8IV6 zDB$LaLw!plA@Gr*$n(|M*?VS+x9sx_9#a!ga z_d3$%S$_r+ivhmW+}wv$l^xaH@+;Y4@9j&idt2G{q5x(OP9>k{CZ`FmR|~E;wg{U) zJb2@JH)0C*UEPPqE@@ez^H$(Ig}7IdRF`nmh0J}^WaeniO>)>2!ZsBb`GuPPrnV2} z0^u^haMH1`n>(wrn;ov(KQVJ0!yBte-DKalUnYpurmxTDOPjr7Qx+RG+Q8<1-p%IZ zHruw(z$&Er{Mk2~zRxUbKM%z>j%*&6bHJwTv^u6io?Y)KLoxhJy}=}TJ^9``f5@^g zJo*0Y+aLa3j)V&fITi}7VE)`@p^|e{NDD{z*~M^*FvfUHcd^|s9N~C&Kka?T-D%d+ zQJRCcHoKrdC{sX+kk_BX9FW-q{6*jiTEUD03WlFFK1!vUv&5OUlG3pqi4eVA;<7+} zxi6Y+um#eCPEwDxZfn|4}|&UsxlUKf|T-F>skn z$?tABOkAy2)4S^?kfQE1zt3S&J_nO{kvDvjz@bw*Qr#WR+tN6UDqChX42O^!12d$15eCN;iIYTc=I=4TfsrggTBg;=fQUzy{y9k zFMk#!f%dS+<>8!Cl%M6ol-l@w0pH<{&y(*z#wJp3T3Ii|{sa?>&${1I#3($`MKB;O zVrO@vfr2!>uXQV2q{cHe@e6UCW`>F493%hh`;;gl-=n>c^hlrE9*p`dIi-J5?%(}^ z|2+FYf9roJBCa^pF>{ZHW@6*0`>v?Exe8DJ@t^vU?C<=_k6bauZeR5%D0cg&`f)ea z)?Eb!ZlY%MC>vQF~ME5wsWC!ur;LPa=y^Q#(3uJMOv37F8C(|`bDwfehH?xNFNsp!sI?L zgxWaSrQ^kg^XKz=p3x)Aqxld-;;`||_!|5?HXma=&_fcQ5E6dKr=clK;?wfiv&X$Z zqtG;*4d9jj0soGWu1a9YxZ6Z*@9sR7u(>!vvnqnodtF_kXbd`?xQUHlRb$r#r(WIB ze4~$8_AdB(c%8@yt}T?@AY3j|~eDRXHCkT_9Od&V_l*_w4D2 zXMN%sjMJYU$GQU6*knaItRmHLC?3f%^t8xBUqa!d{=3<(E)zWIeXRA|O~n~jCg^0w z)Jkd*Nj(Ywt)YkuMJn_b3ezEb%DCI->UFI$@-Eq zlU(#+-uHw40ABn?%Mu^ugolFQ5W;0ImzJ552B<-uX_*LHhIknE4F%Gt{f<2wXp>O=7M!=u!8{L#Vz<~ZEJ4D6ho8~b z3UJrisb*o!w{QaE|7Y(_V`NE^{JzMm&i7uw?tXnuPfyQYGbDIO0L7&!as?0qMS#*m z;sxk~^no8FLC`nq3n2*N0HOeW5Jge~p@SlpO9~Jqfuyv%SWu9LT!GvjlDkXpEN3~( z*`1!Fr_bs0-Bp#DrT@5WeW5GX<1^8|XzLQF0i*~84=AuHe|8#sT`0s<|lLu(Zyev-=>~P5+ zS%R0Mobxmk47ejy`EeyN%4Wq?_$mZteA+wN-2~sd2oYCnG~ZEYLJvF(WY>(%OOv8L z8=Bo>kU>W74;mg4EcIap!#WBfJer|JHkNT$JJ6MnFTn@J*NZ#FZ&O9upCL%7W~5eu zol*S^S&Xbjc^Q& zlY=^!#dLXahngzWOn7;GtW5cWhAO72UwHc`i$^C(NyqTWoELL5^D|e>gT(P$^0d$W zq~m^mdlxs%=U)tR2{w3ex)^EC9(a;I(uR-y-iz7^w9C$Wx zD4)xO7rtSf=h;ZQDd4ioEXD$|m&vw!+6}%uh{mHhe;|$AkS&|A2LpXsDADkxmwnu& z^jK`Fs(7M~%Z--;bQSr8)Hi~ew9m_}&Enn8(}hSLw7vj^<5HV>KH9z00W|niYC@0v zc_Hya-5R}lm99X3x7d@h`DGcKzb$T)d}guEI5)WiiEx(;@w+I^%vQ_rO!f0DgeB0d zBISj#c~0@xWaAd6*Ez6V3WImEl=9~UDYA6HjSf7A! z5-+YcF8aawuYBR(E`H$~|L55|w4o+Gs-KSEuR!$Vk9%J}miXwOz~Tu5^w2(mS$@$~ zLAvIfSOl_Ov|S==WNU(Z%{*T%bO^M0;mZO%84fW3E~CtDMhb)O9nDh@g?usJaL}wf zlnSlExuT^HWgWHfW8`rK%v3z7#!_qri@}|-W1r&=osV2eK>?;5C3q->6&x|v0xs_1 zaZw1^s0%!K+~>yTJU{9z!cBcz7x3VW^a9}->YS%pv?jP_6=rlPc3eKz%t$Y}k$1|A zCQEbgaHraKMxO07R|_6=eyunxK3{ZC55)f*VpG`;xZFsZs(cH?z^VWMKmbWZK~&}p z=2<@Z9+C?WApCjjLlA+orJj7@aIi4M{Q{?frH&!`K{6#MavKL zTHTAk-B*{J0qx>RpPM4{!$t#hnw~E2KY640)$jj|NYyFE^A|8~L<9I!DD*W<-} zL#s|N)$(~)<>ds$d>)r^y}+QGFwIWI^Wllsrn@>!aIbh?>(uWvy1jzU|LHjgBRqri zfMJ;s#%5$do*nqMfImA7QFXmd;BmSxU(M6nq0F<0FO_hIgewj5cu_hUYRxc|!v=kI zz^><>2KY$N`(wF^>M9*yAGr*nA?!TBED&R+thWXjf9~;?bGk{!{7zw#1yQ zuqUhh1}xX5D3qY-_V|KZij)*L=~xy*Nwk~zba1-rH0&IhRkHWHcZ>VO@2*m%5jH7+ zu5_a8g}RX|isZR6>V{sBQrvbqgF9Mu@ zDw3bqn;>gQ?d>)|fec%c?pQd`A%bVY-_lv&_;44^rF(5BqA9wyy zaj)|Sa&$|irMw%d3;w;UA->ZY7YT$5rtd`U@7=wZWNf~hXAld5(m&uY9&1jX%*#xP2*$uM`ip zL&?5mSw{Hf_zxp7I2S#4g5}r&&C6j;OxD*tU%(ak^7cnP@bm0?I>f&-#^%2HyYBb3 zPGYxn`4w2eV;J^lbty}BDr@b~m3uG*3VEZWV)_!kz`+h|f2kaOP#p&*Kf!x@)2wRw zS-&MdW~ajNZd{bEC1yize=c9DV)Vk@!!jX^$}!aF3-Zth76o1a#qZGY2uXgw430%K zu1@)>ZPeQB+|zu2yWQb>bvkY>oU(E4KwlL2X1%qbY>}K(0ykl2b6rFnQ29hJt(P%6 z>&0~UOLYY8{rMy?kdb*$?i2>{tHTafb~3v^-*h0t`6yhs+NYAyC;A-gvs&!oj(of1 z^wRAgEFK+i=0ySSIN0gU_=w%kJsn86*S%-shcVRC3FD_aENzo=i3RlRCEx7aWk(^n z?JCV4u|Pxth_dBy!N>V{S&q&;sCCg_)CQEDbfty)V*1{X%kiHt&S%xz@4lcHWS>ZN zi{E3;cj7PS)hRDimUx^fe`QvTiL{$VhF*jq+w{(0$3C5f0)ep<$|`YgP>pdGaKy9P zNq&SV&+AeaJh>8^@I*c^_L(t>xdCHFstZ`qn_Hz;fDh%Sun1qyZ@|X*Lh+A0Q_eX# zNdZ}q&#p2W5ci|b19`81rWl+)LqnR_nv}77I%rHXFEGKU*7OtYyNvMc-pdzeY>xKv zJMZdntOY|Sz$@|ShVf%oFiBqO_?^X7p4S)S_-($b0l9NA z)od=D7Qgbr|5bebL-*I3&-MQD&8M?8r7`E};bU*g;@LLM-K=>n&m$ertyDX5v<4os z86k|B&I54p5xfL{ss7>=bmQ_}`f)GU6k2Z&<;R*$569#Cq8|J>UaO}bVfQlq!p>Ck zcn-v~5F@SaZqD-NafQna>e3+QVJ-~a^Z{4D?}z^}KLh5^8hkbH7q@TSDem0XSt;U$ zUC%)uu3*k(gZ!XQJA{`-gZ_G+lFa)Q`5()NhPil?!MSS#&j2PcK)d`@%SmPUfGzPG zU7%+LFEsfEdVxVZg0;1L=0@IHTCzE~= z9JA}9fWg_uUkxziI;$*!g5SqJq$bp?5321-b+$h>DmW1I#Pny}HpbZAe$HDC&n|&Z z=~Cr8XGhW2Y$dQJ39wOgq;$!;$8XwUZt9?N|57YAbzEGPi z!BnwKDcy!2kS^D-g4wLZNZEOc5-B;lm_ETwW}oLn;G1#49OkfiI^; z9#^y}@Wg!%TTkaOfxBM6ejhk;nvqwH)iQPvD>J8)r>pSOcV_dL&Yt8f!sT+GfR}t^ zvPSq~5Ik3mS!D!yp#Ql*4=PHG8|IW^apje#SK&Wx-@WBUA* zeHZ_8GB)4Zm2v)p1LG368hjkFxQD9Deek`L;*GD$SKH%p@xp8ReDmOP4E0s6HhcGT zKcUb1XOdu~@LSnV8DOizZ}V*4XEtbSGdE>$=EddH(I>^veCy9jK^j&Jeh4Gx1Li*F zH-0P+q#0@^o} zzH(m%t5>wvJd*LsUoc0V81q4&n82=J()J=!_qela4lYltU$TI_lYIS|L%FSeG?M*b zxsDwgxVI}G!3T$CY(73dn(ShqXw40kqb4J3(LL+}pHTam%Lu#M9h}_ri zws+=(&nU6+Bze^T%>bRwlAswg5}1_*zu=l7;;H&Zv+TTyq$gu$3jE4sVDP~o`=Ji; zViwsZ{rSoW@d`0|tM~b(zbLpu&1zY_!V++!^Aj1JKP&rHIvXNyQfqL|rLkf<8JX{B z4`6F#UQv8A!SQF@#|gfC$GUIhnP4|86SMNuiV>Ox1-lD&yU$LH&>ihJ#8~Z%ol^p4QAl_eL2jme9rT;q z$u1q_gTl*B9_iDp&F2Pd+ooVLIk3O)Cx z(3hY8a?f?z;icC}vDbNZ7CW=^MBfn4F1?UkjLz1^4H^%vkF7P`;<^1-io;7VHis}7 zH)q}D{NTf3@#|lCRJ`>Ky#&^Hc=Zc9xa%5+|L-SwhRzF&`;BhDokzGapPA&AyahDP zK8*;rq%eLnn=&}_oBw~l`{#@AKYnAX#msv)H_GT2^SI?HpTLXr*hR}dun{KkSsrE3 zi(vC*i7WD$Z9OO!sKaM@Woh8aX(k-aDeA_hgn$!IMqfOS_2tLW_*2_7!(1WrmEd>| z=o!F2Tg!R-!37@}?`b!?lDT*P%Q@~kUtW*gSXV@QffNyBn^G$sUZq^jI)ac1~ zbOc~LI1=vNr4;$#puZ^di~DF#Suu+OSC&;Wm)E%}2IpOEe(A|Q$*KpH+1kP+jy&=U zDVCj;i>RJ9QCH#Um$-6S)~j+K;~3JD9`a(H(P0up?Ourm{-mIm@Wu5!bu|`-w%V)Jtlmx* zan_G zDgMpiIlDA+89yi#k4NuD)+8>aKDng zGk{_Q<)R*AfL&H`z*7@_6j_wmsORIJQ}0nY$Hm^Rz8nxvlv3x(u>~A3^MN z2U?|1LiKN62s)Hc(xp(%V9vow4PjEJ0cLhl*|X}C6qJ{ZHTd2c>`G298|00#ftN`4 zMt`{I$+d>FI=_7h_jaV<-3+lCWaoJqn-6yGY>>iY)b!n;zbioX&7y7c3()=OkKZkR z&yPP-{FdKaKUi-;#Vb<$r5}6Lz^Q)09pt!O;Xrn>LH^U-F7{UDW`L{Rm1{LuU=8%< z{jU{&`&)lb#+b)ukYSF`ujc2cFpTjb?9Y#&mOm$W4h6m_CuUye;vnXL$9PSegFX3j zL?xO}-DLn}JZtbzOg->2*B&1q+kN09PWapa9QV|V_JE6ddnkJ5mH1CFD?>fcTMZ1{&cMzUsLLD#=>QJ?6a zyY+~dkl;%XK3^|@lU>|n?Y7=ieSO_?a#Wm*=nvK)hQ<1;WTqCCJO-;)DulJUnEuXb zSJPCgATTWTKhbvb^E6d)DK(9=j-lyZYb1>i!c!d?%VjWox;oKer;GR0Txa8^UB?Eu$?=$AYZx;_`)gEXL}z@`YNxta?8WLqK8pID24+2}@RA5KiT$vcNt&p*b~| zm%|(c=gf8m?3_p%tJ6QX`k&E4b@peHi+V5mVLlNz5IbC2*vEaU&nR_jk;k3wqEbvA zN;nr<0}49In%_54Hzn+~dtWR*ef+^>+yo6}*yv&$%^FLt&MVWs(8Fb~&r>N-#526gsK6_`;NIRw921 zz_HUA!^S4U^ZTEpB-) zx1*PSTNL)xr8{Y3<`!{wc2@9g;B(R0anx&KRQ;)M{%2Bx-qlZ_X9u0}@&GpyF>ky3 zFKVV|lik@ZMkx~h3?siDW*J<8iFw}FE(y08orN#*eg5`x=gFT#F|P-ofiLLi`Q&k* z!*H+vg?1R3G1&~RW^`s&rwpUB8*0a$qoUs(6np*Wi&5ukX_)n|hyn&0IsTj`>G?tQ zFbH$$U&z_{%jL>%&7ZXq$2> zGu|+2gO7aLilN%^yOCNPg2vVwC-NiBblTToC6^Zm;0U?Qimh_~$I(r4=!fP|tI!Nw zEw!r1=Ir61`=WG*6YYlo=KELqlW9{&`<{m!3~9m)4}YggF=KQ~73pNw17{ zG{;pBtDjq~E!bKK?CWq>es^`#%2cXiMHvtpOCCBaQy1^qW){9?@C*pEAHt+SJq7%v7*|NA^Q$@Y?n;B7YdAB3f)8T&$OHF1^?wdiPv`Jw zNrP`*;5P>kfCLzZ1C;Zjb`19AXMVTP?x!f6he-LfY(Axiifb-{2b6qoQ}b_YRnqtN zUzM@hzlK`1?k3=E{AjnLg>woYpU!Xm%HwP4-+8{l8OiZ0@ZX>d@^b&~XvpqeGh;In z#qPJnG_sQL|KU6TOYz42f1tUCSMw*P5Dia{WR7vSWTzd?16}t+oX>+X4ZAUrnX5W4 z=dk|#nPw~IX?FH{{qmUwHzEM;m|MNJ(;+WHo(_Cbmd61%4WqfcW^kt7sf@TI@x{(% z>d*#UB^8p#t-ky^Yi_4Am@>{{a1K6LyRefxb{m7x=UtzS;M?WLJ@m>L+5jSV{t3=^YWv(TM1Gpgmlkv>fgm19CWHu&Rsj&&Q3AZ=UlU@P0KzDLeI#?QSpo)Z~9P z8?=yX4x~rl+wZ+(I^eJ|Y?*2$FeL$5lxjxj?b@m_#qh;u zU}WaRUBZzbs*lHST`U7FwHXpPwQc!)O7c_(F}5yDW{7B|ESaFSXncYaQ3e+FeeHZc z(1Mb*t%G@ws>#AnJq}1>7Hwx=wC0%3lI9cm2%%U-9QoHfM)u{xc>@jI>)tKy55Kzs z%n2pRSXD8k%-cl1E0VyV47w4J{ZJj14W!&*bjAgS)k1mT^Vsroqkt97_ycTJcF;o! zOiHOMo_Xa^9w+pah|6di|16T9xnzMy z{ys_&{-So-nFX_;l&#RwyD)OAg--eqpi)3ToiQ0fmf_3a(We#O$^Zw4Zxt!qh zefcS64rNTOp%dQv=TD2jr3)X=KPopHKl*RpZItu%DD>asWw)iL{@a(anctv2w=bKa zb<#(~YZ#xfB-3GW|LC3Km*4x}b?1E-^ELPxVZjIBrGk0-Du;c^c4 zc^<4xf$61S^StlyL7O|HKjFoV&2Ds#MypqiCj9y{ihAY_gSl71%Pm>CkNk)e#B>T6 zt}p_-!PjvQ$4`rgr*E4-#;2#>mm#+LRopbTDo?XyLSDLDhB+P#f&Ofzjd5jok%=yF zMEmlz3Mp1OSY39Mdz!oyEFV`GR8VkPSjy6l!|QtAXgBk~pKX+Ro*U|^h3oM^QyJe=1O&-xhN|KOF0CtT2q$d7o+oN#Mi=~E1rzrlhN|&QuSJ(?T`S6 zbNUzG54VG%mWx&bOG`*o+_{(LQ%rTDDEr5j++%foDn`}(2-g@PT<^THy^uH4P5 z9g1Kok3K|!n(k}PQB62N>2Ys50vaG`;s2kbJ+UQfOtkzv#+Nm*U$_svBI ze5UcmuI6q@M+L?QyZ|3?;BkHf)Zb2+wFZR0%n58ga3zWU_{ z#RuQh0g?yZ;@)fN9D#Xtwl%+LhcmN|W}7pQk#)71@ya2A1fP*SeO>v-QY!k+F+*SLcTewEn@!iqb^6|70AtJ~sz* zkstRF`y2_S`uyq!Pk(m#PFjO93z);^Kh+$6q^axmom!-wCS#S+;`5ssbL~E4AUWuT zYdVP6;T)6FDmxxODE5jM#W`y~$-{U<9tn5gCk}d%4mgYT?66SE)1TjtC)I=BbVYr` zXS9Q^!+1T?A%`TlkX^`VD7P1sGQR8*K$NlL*?lO}2A*|kT>%V6`GL+b7|6jmzP6Fg zaCBm_!`BtNo7v?Y_^NSLuC!$;h$eNK1MNIxu&RsjPvgGTd(B?J_~w(<>rZ36tQ?nJ zjHfi-V%%I7Ul&2wU2N>ic*&P&e6`(%?Uw-dDb8j()@Hjlv=X?Q5@4q@o(f)UyT-S50@xe$2t^~D;EDczD2tL~+> z`Y#s#^XSp9-ruq3NvF(9q3h@{Aq=l5euMtN#>4T+u_=4p&ksrAz=#Zf4g{)x=8B=i zeT5SfI6x_Q<-jBA@!4&RMPfqKvzs}8e5}qXRCeG}0_}5hANf+X=T}zABK(b&8w-8R zqE!2Q0IwwJPp^m(=fU_lh`K3~RsK9o=A;puz&dFYVT&RrRwcgzrt zTe6tzKo;;ZH|Myfh}AMu9iK;iuJl2b_)5m@pha1#TNP5!&tYn0?G{5RXYxTaV8iem zUk(9i_>9C@Um3oo%?J02UA=gHGHzZY1kO6`c%Je!k2V04=NnC{n2gFfEbaj!IBpZbrKfK9U)QeK_iY2pr8Bc82IvD^dFxkT7#H=~n#gVi8opGJ zLq#+GJQ}?z3HaK2E0}AUs7QbfUjw}ycruJOAKk$GuQSMIC-Nh~zqb+k8+;9O( zSTgvnPHaB^w|bu`9!trVYSxI>dtg2Y%3V`Hu>*#7q}VIDe@L(GctYtcF&b-(AQ_xx z1V-uW;XhHp;Ke^A`SSyCPCIrin?hMuu-|}iVNi-do=J_EGL1b#K#&KH*bSA#THUf< zr1=H-WoV}U05=KL&5Yg9K~dUdnEiVSqS^so8uWqVLOSq_$WA#-Q2lz+`LMX%`J&}- zlGjb)b{XI|TnB7fPiK8HhbS_*cktR)8=Hf5+P8^a&Vm1``*&{I;mmLMR6oLaArWo9 z$QU;oxPQ6MK|d$Wspo4U2BqQXN%1pp{O84Rtb+lC4wp)d|H&GHIgEL=yeRYEzktO9 zpP!F9kM(=m(YY7T>qUbO;L;i>JpmGrfg|Oll$YsVIB6UA2}jJYUKadO8#tbG#5`m8 zy2o)*e>zNfR}t{>TyjXC&6uMJuwcH4B@=e+a$!&n{7#cO(B(7K!DF<4M{c)H#`uQy ze8;WUl(Hk=@h7?R>=H%2;FWyiC9kp!RxuKYb_L?cw`^G7o$?50SRD z06wX;Hg&TiBLNp&lAV0myG&G)_cav7M?BxlCa8vw2Y3@T@hCvW^uzJ-k=i2~nh$6l zu+$4as+G2?M3l4$CwAC~UJ#fP5V@|1nL*AW|s}?kRP<2KK+IwT37t?J~TzIRFKKv(e9$549o09?V#(ae(W}4 z=g}gCj!#}uIKgG(M#^^Ac0zey@L6pH#KrC=Q&3AqKQ~4PoW+8(&?q8rYgPIcER~*# zaUHSAO3Hdu{VKL~-9a%LCiTo-_<&pa5~U<$<=Eo;gMKmU-Y*^$zgFBSen(j^aSRr_ zn>5-mQ9Uap60uKi16rY+wdeJkdL})Cy(K6ADxjkUw-uZAI$cub9A^3BVa!*^L z{KGSfXGQQ8)QJ7r=k;h8cxfY#MA9cbR4c)N${hbRwipkz_I_3RRDI_i6g0btzVqvJ z0v+^d7wdJ4P1MGfflx2iRldDlb)0k`*ccbYNgkxBZl#K>A-1NlmkOfh2mLbZ$*`_9 zf*$2&Fou>Jn4MqTMX^2rVUz_OVlWJctUsNn6S>nMZC^{V#bT&K17)=Laz&G13{LK< z<>0D^fTt|db(pi<&!RPrhvzvvo7vS~_1nE%{b`Kbk|X}hwIqFM{czQrbY{_>N_T!! zUvNAp!{#g6Mf=W~F|`%fD*?VXJ=6xEhokST7jcWNmB1xSK!+ChuGN%VH!=^k3$qQ^ zRRSF?d_QN#=O(|x*R}QQY?m*r=V`Jmdb!F)+8GGr|Cs|hdmR~Y${7craO{!}C2Bde z=Usp=n(mtLH~fkw7%wRJ!1hWPAMCbsr3~Bj?GK}vLxX&-^`31uZK6ZB8Px?>_ zH1Y_8{wYR&`==He55C(BCC>W=Hzzx4huoeNJH==Fe^kc&1A`5oET&zhJSzEHc*A&i zqcesQ+L?l-)s7eTWo#Z?4P$d~k6W7lU{CF#FCurd@sIxa-QxGi&Bkx}z1wz}Vzu30 z`msmVjHx?D`#?iD%}-Mx8^{=_pKzsd69Pk0w!t$8UKqXq!I&Wt+FLO$P7g28m4S86@EpUWev#%4G+S!4u_#dWnt5j%ZSS)FB@SWaK zRD}m`uec*$n-BE)Gdp4Hfzj6#7L_;Ey^u0vUwvTRP_{)8GeZi^ZA@_2BgJl744fS9 zW7dB6MRS+Ip%zD{ADFug(%T;X zz!(3$;@cno>bA4FwfwQmWWW2e9+WH@w!go(Rgk`*&KKf2r{vEo%i-pyc_Dy-nHNB~ zLcyI)SH|bP?sMi(9b@!B2P8n}a{IBVolRxY_SIlQk%`*pjThnz4XPx>VUWmsq(dSJ zwc-*gA}N7r%ne~eKNKs$qSUy%1+ zAlA)9;g(znxCfaLf<_cg?sMi+p-IX)G#0E8lR6UyqCzzeV>9wXv8P@rrG4?oO9Le8 z_&nB)A)$AvN1LEL?mjFIJ3m+@z}+mqr=hkY$Htl3;w}`zR8h89?XaEASIpRKg0=Cl zS19H0=^}*v);FFOU;l+i#e)w=#hrWo;?DE4$NNR_(nO=#r3N+W|M*=uVOn1qvu+#` zxIV1gjVXI~b_PaIi=TSq&lHb_pZI*koFgHQv@6w(k3K_^o#rylTACmI@;S_B(3nki zXLA?*FVl=%Yp|vPey{huAFABNcX0YjrpmZKW9oTM!*f9oK6r|JPdlG(7K`U&H3kE9 zIhO#AF@94wzRDqu?VV>7X@2{_`!k4V8%A8PK-;f$?>XkCLWWEG5MO6^9I*D*mrz~FP;gWmyFv`Aw*lFjz2rRjK4x>7qTGT@2BU#@veMgYm0b>edg?!?z~<+I#%B+ z(0*VjGugzw8Tye`82r^L@&pGzU?O;$lps}ZQzpjx(lG6C(BNe`aI=ErN&w~kEYM0G z2=l8_xY~{J2Hl)?O0%=_jy50Mx1E*K#^%+CZ8Nk4VY0}1OmfI`Z$?@gfb{4Cy+GoH z!&qMsx8ZUmz*pPt&gRRJeM@!o61cJk=cfN=3lXN#D5v8YA>0_2F)@D_@BiLfr^`Xv^b^+rggr z3qDiaR2ERH!6aoS>YqLSZLj{m;)93ZYd`>RRsIfpFIPT|ZRSUHZHM%H5>ek2JdCeq zfK7{eGyKk|ZtzkB3E+sU3Q9hv7Y~V+*C7`asFqPi9%=HR5uuLX;S)@~zSm>)y8Ikh z;xphwxkd2|8c_z0;cz77*z0j03NWAg?(Ax}9J|vf$b%#EcBl=3SBV_T(int2kz|R? zD1;ox&u#*M~I!OB2lzMN@O);%*}*OYnuWL&)QE02pezWSuV z*YgXn?G(EQ={LP5GUr0GjKSGPeKr@Ji{OIFbPdMl3+kc;+-$y>UmI;btHGK2|M>mC zQGEU5FZ(njWd0=!yMKLCLdXN1!nIy@+8Nn823K#p@^8$#g)r;I zIdrSR=a$HGqou>RJC6i!&oGmWKR<%^I?gcK+E+EASK(LlKkdLkOMMKe%;9hV49oz}F6XFUkKu>sW8^~%JdWGj6ujhl!4rAGBfg*mSA0Fh zH0{zlEgnAo*vd_2qA}rD&&PO1BWv<=gEO=UE^EgZaO7K`Fb<3me~_oQgV^&)%?TO6 z^S3@zJUPC=FK~_L>Uaw-+5B-!K7AjUvAJABMB%lIB?yy6-Z1aSJm)5*4+hWZOW_YR zFYIUo*FBrhZc_WVp{;za%`S6h**3HixQ-IIQU+&E?cDFaWX454_eni4e_q*&bQGg-Eb~cp-C#%7@+@tRK;_p9r)0DUQSl})3cc8iSsSZyaXP-_s^CLwot3Qhl z^+UO-CJ3iZ-wO_4A>EX;R?fq85m0A zLcr8xj1^&EhClAPCcMx%c6J#{`Xl_M#2r=H&cJ)5Q_=5qf2(BTu$DiA?||Q)*ha^M z9SjiaFv-#n(RvYMvs_YK^t7rJmt%v|ph+37bhyXW24Ap{$9(U3z9Sl%vjR=88=UQ#(s^Q= zJ^K1WZCq~nuvQ88ykPAq3!xpC@mSu^s>}1z4jwerJUd+;JXdk&;c|0hG=m3xe(_u+ z9axnx;biwf7=Q!OUZlyLT`HqW1bB8No@2LBI4{nCF4WizKgN8tCNanv9{A*bV4v}O z+f(UvOi2)VM_LnaLc8bp<%!$^5jc})sPlF(eh&53BN|y7HZOsL?yK^n{hs7~oxd#D zyc}B!+bx0Z{H8IJ8Aj$^IkqS8`C5DMUnZP3S&;zl8aU*Fhvh^0AZx>Qkbu;+(~s?n z*5Gq&w|l$TD|}ucpWQ@9`oy#S94w?X9lvnO7x)7$S1g@WsjQd8TuDrnQB+Z411I-{$P4%=2YsZ8 zokpVT1`Wp{?N>fCJ?(YmH&=>2Y2Z+fC!ambsC#@A29m_zbgINXU7#GwT-laM!oT>H zaRM13m#Vrv6M^~v#1KIULj-O%2)=VJqmL|%rV2~B84LzY@@Z%1LGf|%%f+*u9|gq~ z3O;6oVH?BB8tEXx7Y|-9cKR}qB8n|eSu*ZSP+4fMHyENm=@O;mJkH?>=WbxrY)l3inQ`mD=DxAq z1F^BM4V#kyE)_>!eQ-eQ`LrG2e(YpgCVMEP|D{{FH*oY}Bsbi`8JvB$8j3!T#)mye7wGMf8ASQs@V4_)kNy}S2PaeMD>3Gg{1#PMvu(7>XY}^M~`uyq3?oJ|i;aj;%0Pppl6_M@qGV6Xx=m;yPbR5)BHrwgGC1w-!#dz?Y)i? z*cyX#Px}?);6EPhe2Uu|nXluJyNEVvAIa$_GCIFzJ2+P}I9>#Q+egC}_*1K}l2P*K zm95qmQw&zCvJ^CZ%%@AqqgOEk!RozUbt7b)z_b>2&9pr z9OabQ`E(Er174T>~DvY-)BDE) zcV298c0p+bZEQUEMdCmk&-rCta<{C|gX;xlDw#12&LqNIJ?fkkf9p5?)8gsSU8*s+ zM({ZkIzm34hs7hCFZMdm zYc4*py!?>C;Los>M)2T=IVpDFdb!WjqyvVSE80go=5U*n@qMg0obsp>b2|5=iJAMu zP@HIqy1v+fN6G{^p%ZdsM-=!^mD^zykq`Qb!clf0aZ=%0wKNk$i%j44GPEKYq{<|=ZW&|PS3 zrqTpq!f;`!NgGaWJ-pj}Mmt&Y8GF-$1QGo@Y5J_bofO{Kguc}7z6e%TuB?JnGP z4F=9PVg5MLfsJiwC2$iYaH%dedOGCI-DPxa2f*X8f9`z~1mCuC^Ah0A{k~4#Wydq_ zHrjBrB)|cZPs&egqvieL&^~dM3RGtCz<*S}!4G3vKwr<8Pq-dz$mNVFfKsYr7m-O& zy6Ndi3wkMK=E^q|#Zvjo70Tr#o|FUhOGkqSQ7V?uDKGM*rV7SgXV{rZmKT%~uE?1c zd%MC|Td(7^(PH2Qo`84SU?Wq;0!8D|c=9PQfb43f{T$ZE&f*gt8t8SY=XBCNIcg(C zGec64+36hhh`CVE2j)IuW@XESm*4@OsCRU9WN~f`0hnEHRn5)YOg_ptxR5(CIV#>S zJ{f+kc((uBqr;5edjCMbDjmC%p@!J_K?*V`uNv6hc<AHJ`&{S-*U7wS^AwWyd6Ik& zRq2;Mb%XQrfGfc*ioA%G8EDEZ|2m6Zik)IlFT-U;l{>IcZJi1V_|6Tl@M8vE3d<1l zJFqbVt-Ua*z>BnS|3H3R%*`VmTpI>o@J4&d3z>k!@R2A3(7)(0;4S{Ms{^_F-GkEg$rdx( zvbH4>&>@`C7ub!vqpwKuHQa{tNubxcrPbCzXXt$Ye2CiGtpu)+1Uh>AJ?qK4u_kbc z#%}j{;m64QScaaDH%6;P+)4lm_)85f>RVq_a|Z;AX$*6-17%!H73Z5STpgNCWgWRF zo~s2J;q>qy=yO+8H&aTaSh4$;-O?Ci9B0U27WPDQXRu?RrH0l3jUdQ?yA9G_*kvV{cOkg&Y{_)bU6F z4b=rN!*}drwgV0YjbWK_!{^jogpdR2;Efo=CV7V;* z`~5?W>;7bPVRYvD!oPem2Md1b$CmrN)%@Uh25S`)qvo(L!`BrXKWi02iA*0yXs%j} znU`Ci9(}L)YhV8lH9z@tms&B05l5OYE|{$1K4S6^xy^Ahq=qkEpU*I=>I*8(jRQU3 zdwu3hHwvGexKCz`ojW@+AUx$vgk&JLZWLalqiNxULuJe0w3#$cWqP=6E)Fg+I>A@HK6K;x7r646atzDfe)ueT z)iaeB$;|h@{(&#`A^a*fzRS4NlioRmKYz|yyRFS?mHHU`UZ<2#i6h$SakLc}F4_g1 zWN;36WvVRoBdbZv6W$0pEbS%uvnwF7SaWmmM{Zu1`{rHNr`l}sj8?gQorN^dXqfl{ zUp+LJil3}q^}5?|kGy!{jFef+5RiE;Q(Do6*%Ig$JH>%qY&_D=c;h--m#~&D$i*wpe2Sr7SNvY5WmYfHt$=^^|a{6U^q|`Hxf?tDhBsOMD zVIyYK8hDYjyNIL;5gvKAzM zp=Vk4D-fs14Vv5!Rrg_WyZ6J^hWrl_qgupP2JMoM1ncdaP87{o29rz8_YWbg8I0G*bq^a+D zAqVH5JS&I3Li`OHMzhSN99W<4yl-@?>6@N24$WW<9Dy=01`X~~@Mj$Nls5-27pL|w z>O?)_0+}*hh^}Rg3n+FcB1zSGDKs9 zz9V1A2h!hgACL@i$Pq;}l$<12l%Zu5l5=w3pzs{XmB!OCry-|ZR;y8?4d;_DwG)Oc zHNjh5_`8zmT#`n%IS*b9JbAs@cqb$p8|`=;mL;`^R9EHtpY9{=kcqe8C*@PtGs8w; z4Mu?VYs^*vwm?b0t#mt;uDB{utwhgpVbn0=LTRaCe1Z;s&ETvX>X=*wOPt@6&hH&- z`YTkfE5}v?+u{@|dpy*d-T-_jP4hMj>|}%P8g; zNER@ZNSq-h^*}W59embgvNQr@odZ{H@`CM3(?{mZ8SXEM=dN}P_qvP?#!CvvPjn#M zSC5Nt|LSpZ^!QZ%o%Jf*5+t&o-H2<(z zd0=?P&DW0B8GCx!Jvn4hRZFfxG&A7K*xIC0o&|0c_c`C53uUcb24u1Ox!OLLQwi=k zp-TI3N%S|6R*+WRvyIzKd-ke~AqX?O@+Q6Ja{DX(gH_Gf`V*8aH|WobgU@J(Mw47T>+`zUtBZo z^KX5)JG?Sqm0%1_@p7DYKI_Lxq z=hMNxEaA)=P*G|;-~CA^XiEkCT6Ww@N45}kU0IIOQVHz}KZb!)fHq#OUXmd-P@b(U zRk!t~vtC7iwoK>16Q=b7BpZCgSZ1n^0+b2I=yuS1ASS{pfxVaO4Q^-wL3j{Ht zxw!;=>VBKgzzbEZo9TzL{u$70u6468V|?L-j(>7I3u4oGiwwALf8(Th`y2RoJ~H3V zxZ1ePz&MY&<~)21G&c5HV{=u6_WP-3<#)*bc=WjVxi|j@Wyd`1KeCu>fX~y+dGSIx z@|l0!FbfW!Bgu<$aL~tAw=~vK#yuCbM{*&7O9rN{7!w}nKl*4;o(J|>K`-aVA8IWj z|HOK+eWw(sk$(}q!cL9=06+jqL_t(&C+&e3+^X;rGkDc!O9qCFhSWD4sV?|~1~BpLrIO?D z=VRO(vN?YY4{Qoa;4~ce%uCPY)Xsz`Xw~V=f=#vL4_+G$*lcsuy00vy?9yTFk&lsF zW^H=01Wx3ZkF$|npMG1iY<35?7~^$@=txeV)7d%SzRrzo+tx~;Q3B`Q;p{t^U)1iu zXGBP+(VM%B`(|)yq}&#^61WrzoNDLlC-$b1ovD20-G*2&Pb&~E8}jFsttP$oV3|*o zMdbOybbZH3K8lAMGNHlg^5%zrj4KYmbc~K(y4{iS;Cb7j#4e?tcI~mN7*%c4A(WUp zom*Wgdh!{T)TlbdGWWE9T0YCv3>cSUe&^|gH|MZQ%N471zuBj(BJyT!AEFKP$zuI*Ufgewe} zz}f#kyZ2JDKUm;GrcMm$n^V;#euCUw=XQ7O(2+~Vm>3&=f4#1?Ce;c&2wg0^s2zc+&4jH37_NbYYTRtnt|CNVqWCV>X$}M z=fRDKKJUkGK7LdYJDx><*(hP|HabtWrf@f3j280iAwQHa+71uqY6ITQT1uO!nVvbp zCwX2k$}(8J#2jhO6Z3g4=imbw1}@^92j)T6NqgNFj1Sz1)C01M5P0G~#qmp_5&Q=A z*BfLY`Ab;lvv?N43sTF+2)oi_hckHGm>+F6bo!HI!SjjMbQ z0jun6E@9w0sxBQm1&>eN}5z4#oboECT5q;`Pec@t%&N`HF1J&=(eNuuMV( zXNu9MKeeyfu?4ZwrVY~)xYhf-Ho1Lgx}eQzC2)fza3+JZj+ZIjW$1G+oweB-nQzdD zxh74;U+S%7p>`sn6Gs zYGKl>0{u#Hk|5QRtgCpdP*noCVo>J?#Y|X@M{tDVnA53ZtKXpzR(WvV;AyqYe9-G?^VaW|9 zV9k|%?xQWlahbtEhKDK#aj#tQz#Zk*y&;-1wwEqSb6D_4qhHlJ;${0?08Smiwjp3> zzPrz7$ma~vpfdJ3;+!})T-|;H+B|UKouLCQ`~CgNxLc-~oAB?vtif5oeE(-JahBnB z8irwUSe`o=LuDH3=HN_;orC)by7@;N=sZ3|nMEQ)&Jy&ShQ48ujPFu*rbUHN31y z0XikElzDSfF51Z$<+tr}yumVAL+=kY#@IA~f8zF>q^dyK+3bfbZhpg2m2!L6N?^Mr zu(ZLsQyQ5$K&v$}Z&xR_+?-7Uy!q#I#es}~q;GQYg)b+V#v_mTDZAdW7rCiBd4t6$Fm4hVD;JYfzRGzRQ_auArqi%vB&q^$7R(TGa zr|YoE@F1G{?>mH3jexJm3Bps9bD`uijzU?aG|Gtce6Lyko0kJmh!~?n;0OZ}a6UV?XQjN|^+F!OupK=!%LjRQQ-sbg@=mDyZq z21_$uyAd|#$O=Q*v&#AMQB#Fk@=jID8C6E+IAn0Fmv%4MA%i;3O9tVg&D-!C?YEg& zd{aA&>d~G$<&a&JgCp`rGV4~~E#9r?s@1-^LJ@MV~7T+)|d!{X88xl_ke zuOIislaZmO(L65ChYOxr>Om@^frF5Y&fFmn;uM@`rv_ZcT^R>A zMgr?^DCZ<$c*elW{M3Fuj60iG?U2r!Ad7pqUn?FT-(Ua0YB63L2{amV2qJjwSVrIC93KnqpTT$(Sz7 zz-q}HHuakWK@S6jk%9$X22aLBS*2ili~s^GJH({2PGCHrGN)0e>AC5zE59YMvcVY_ zP#8%=nI<1ap9>{>B!e^fEfy@sXxe}g!gv;Ze;_3+97T&w;Ny~tZnUT~9mr%iHJ==N z`)LzA5R4b4y?rTAIw;=wrPJcQH{4kG@(-Wwg~750XX{AG@2ouU ztEq#tu{g8Wu45*L29{IEqokTkR5J(19Lphez(z>(TmHjg4h;zMqim8Hg|#@~ zyv`}}r$IzMJo_Po7;yLO<@H?|(&WOcql1h~!NIHXRnFz{T+mNO0VxQpq4cyJOsi*r z#bti9b9m|oZEAvt%iAnWWh2SU%L9%)f8pw_7~!G1Gn8NFSBp{SvC*S%ysodGye?@B z=<#ET_NO?}w(4RI8pu8R#_zl8OP;~dp$;fZcI}=ogpfkyfrH@qNk`kf{ay|om!0h@ zw;J>QP(S(+7~~hQF3V_3J)eSugiVf`{kOiQmC6C=6qN~X>44R z@_N1eK5*oDS0nA5`k@h{QlzW@BICh+t^gWm4sN(*CETr=@u-?q1HCCni01nk*6vHtPH)K$)}JXZ-5 z<1M9vwSUCr6?3uA%T!PEGwEZ^ozWn0IX?F*3=Qsc9MDYjufvf?Nck~|@N!z4CwBO1 zN-vs+N5zxT_w^1>hD_l-J~`HlG~fBma1A;Mm+$<=SW7t}+KX&(*MX5P4>=CfVK5Hf z$jh(M=wyOBo`Y;=I_PP4-1uG5kfEGeU}9V@sg(z>*0Xb7NMkT2#EX9D(FS(~;s*xC znlNJe+4<$mjT; z6Uz4Z4YDUcc=X)%@A)LqlPf=5Y&;shDapo*pY!3oDz$ez&#T3J*?My~v0atEYWci4 z3D^#2jBWef7iHXd#&+2ypUm~oaW0OrmQpK$iNVk9Z&{W9wC;@sZ@%bd|I$-iw6Ji&(9CJ$1G$00 z|9JR=#up+BI($Osfz!#4PCv5zkjs=JmseOKo%me>_zWP9KbJ+G7Q#~ToQFEv*<4=j zgJxJSO}~%ww~z@UOR698{+q^ZQuN#o$V9DeF6f z_BYD1tV)vd(=NN79~8s!6TQ^9CtuHZ)ZU@KbUOB3%lxDf6zGkFI8#hpt-WQ;u4a=3 z^3Xp*ef^O06X{v8=Lw5&kq#I{2kv7XynLt~fxeC@zvwcyCQLfBuo2fJ5gAs&a76#W zvr!Ns{@Htj2}28UaHtW5Hc^ofiM}O)4~E~>Gkeh&aquxK%*%IJqQ4Q66n;2z0cZjlCL^%LKw)7#xL?j{?prVb_x9OOTVl5=+Qf8N6^;X zItlb{^$s7_!o;`dgE_rIcHD0 z0+27la$J*DTAq0+X%x4n5Q@yd_}U*V-o5|L3FxAF6Tl58T-k7i3tmH6U5>0PtwR}| zlPeDG;L<{Fr*q4V&{8gUbnW);$}qie2J5~K4D5Ea^Gg@Tyq@O!p504%p2Vd2#E@7% zE6dCI#mzyfBq=tfNjd%x&YSyWxwb6})l4h;e_3pGxO)Bk-qY!~5M`(P5+i#WVdM5s1d!Y{0eVGQMBD^*ObZ@qK||o;WU|(F>Z% zI51z%z-^cxd^dNy?7p82?giX=aktwq4)*v0WOg`yQWS4~ZCrd$7wKjEJD<(qyxh0} zibDeD@jJT}H#e7`BSvQeM!9c(`jz4<@BDSU$9S0n^P6B~Z1(xjcMsc+Ta9B1-4N}@ zV(J0U{F~3glerT-m`NfQEy{LxcT4;jB|Xn^B|LSUl$)_m^$n|Hb_@IOi}N0Mwt6GU zi*&@)k1#7Q%80}0E#x*YACDi(?DMeL>D|`);8}a_yL&CsDJw#g;6`}nc%A|9m)b`; zv=|sd{L$b2 zr;5M%i~r5isJrEkmQb=HUQVvGVO}4xl<$^1pLGDC{{8j;dY+1VE8M^z(O+N?T%_=%wk=>U)9eyXwU6Cu z84sz<@umKpk3X*y#*~1T{yitqgX&@93ptk~8-OfmKn`kRy^G&)K${yfM3b_@oR z+-G=o?|ga;9#h7p7>_V83w$7DnZ$`1prtI^fm>k&a@t@t-W;`(?C5gZ#F2`;TsFJf z#s7o5f7}k&blyO=nQ(9a)nb3=)@G2efYrJ);7xdOb2)Lp$IB|sIX3Q6Z>^h~K~F|w z8IS#S$nw|^_wU%4URG2;^rOAvcmC`B0(Tqp!YVE`>^G@bc)YAz6yOnKGc)+I{4T|T~|C3Rf<)vx`@;{MV5nn&Ci${fegjJXN}F~RegdNjxIqf)@27YBhxUYc)8 z7`cw1%y;*ux`sf14)*mmk(CRkG#Yascp?t?pyT&^u~ZtuRTo$@HruvaL4dc+2R?8G z4q|q0$6Oitxq;OD@*65QYJ(>?XcyzYUPeEs@p`IFMjzN3H-E_p?qqCE24{Hj=U#Q> z29MBj82y69XMRN)F}PzlH*Jk`1>#^v@^)o(?)MIg$D{WqI2{KrM`8|&n34#{PiG|1 z`3giY-Fdxu=aV;#AKE60laHigjR>r#eJpWL2>E*2#}&W#WkRLyvY@!Qv{VH<4C%XfaH`2K@$OQ+cG&3zjb!Hq)Q8k}!bcejmQMFQ-$ zU`Oba@q4ROyOOZJP@HGXj71`gwOFuSPBXX7;Jm67)^Bj`$Q{yi8mEV*OdXFumEW`% zxLBcBRU)gvV=kUIMjg*0{@mc4D;x9a=eRtrdKlbG zg(=D-22;p+KGv#I<_6>h&Ca*^L3^2Glp7llK+zg?CYm*Usu+A_SC=t{0`mFgaCzH} zXGl?(sLUtj!Ew2f0UG5mPw=?V=*V!5!b}(rG19pI%w!O#;f0Rz4IX2*oJoRm4c?g$ zd%fc2!H?;4;U6k<)*l_p=jn6%FRdT(c`za(LUf1UUHD)6-+Vb6AHmdm*#Py<;I96z zhJRZrDh6l!s7~O~y4hl-U%ceCD<=AY$BfSQ$8wy@YS_2UsCDI#Oc)WE36ifK}hY zT%C`@SPG4}z#mtfLBM@IKx-_cp&42=&r^RB24`z;jlLP8MbCD8tLZ)cu6MO==$!V= zoyCz{TEL&n3&SOcBYGR6ojz)-BbTxW2`=q4kFtoFPoj>=LC+EbhID9?M>*^6z3x5v zb$(lY;(5@Y|9FJgWE_Pp@I?Q5|EOI{8l0o;@aAck#d!_R@XuExoOiIhv!fl(dI2ms zV{AT=tE%H;9i*s!h>)j!hqJen@}3M_hrL%yW3%&@eiMPA8Z*9UhsgKX;gUSPPQc8@ zP|uBiuI4jd(wM21UBq3qA?KkrIA4V1g9c}Goam6#>*R8RlN=7rnEqxovyEE`v=XRE zVDYw$T7~wumB3ArzzHYJo*rpY$3YzJgXE_4`zG6&D>79&u>g(*akaF5x2r>eaGil- zaHL)MPevb_f%!m(ble|)Tgp~pi@NTq{F~}i+NUEvSqd6;Y&YkAzWkF6LQw)XPXiI= zQPNQ!F?pK}^fo;C7_pscB6u3RzLY(tmvMNg-CFYlyk)fK16E3YbNIg&_XfYKcy;Fw*|^4VzOKLy-n)A* zt_$7z@E|Js#`?!PVtu$*z=XjA&W)sk=)r+tG-^1dY^6$){ zf*7A)`k}LqDg7dskjsILrWl(EOMp9I`&V351>e(!HcA{d8UFicI%aURqU zWzzjOdl~ar!0^)TWTXR5V@Gk+w2Cp;2lD8rWV8hQL_VRr+IEd$IgHEchl(*d&42Z| z)9;;5r7RdP`I#3n_gBK4ffO$-d*YMl6@H_s>t8B32EI~xJYuK#DSKq)GyfIA9orXu zxJz=waFw3Rvckd4n~-;2NL_IDb?D$o&npb0G&^3vM_=-MA&d$gczF7**50pb?fsU` zLEa;j*BcI>Ij?ydY-OO@oT31!^Pb;Z8b;3*=n3Xj9m2?1G<0Ihb}xfCXE4$cC&GNT zf6#kT?x(&}tCL`sPX&H>Q<_`x<86A2P%USEvi_PP3IsTe)z+H|f zPg_~WL()GPZ@H4@_uii=4Xzwto(4A|U}nXkkOODRAqmqEEnz$6B0qSe4!F$VU_Xob z?GKucE&XLYae-@+hJfm*FH%-tI0d88AkE{oVDj2tko+fHr4L6dYn497YXLOYx}koZ7fM{yW2 z>)t|#4+dXerz#=xg4aBq%OL7|tgj_>xaaAJX9oR4eK+1ae)`&fD0DG~@1yZ2`eN&4 z@vVbu$2#;-FEy(@RrX(rfO>ufum0SECrR3&qNpOdT#62sw_}n9`I!TCx!{R0=@%~q zh8mZQ%?X_fZzVxhg*=Bwv(|f{wO&1>`t_1|_t9>TeMfaQZ(hx1@@I{YYX2>RWfL&; zLxgB=+_&+jB{0?trJ;5?-;(cfbd;;>Vxwb+bv~5;^ft5-XeH1rfz`K`G~;VaTM1k{ z3GguF?IjP#$D_BkY;FAwUAs=cum;8AHec|fNcg?!zZoyR!aps=q;XO_(m4E{N&|-j z?sRWU3Atm3#-LOtrNiOaA@ofD2V{(X3son>zJ1A%!)(qZqYGjm8P4Mc8HV2J>D>6x zz~C}lA!j$dk_&D4GoQ-!0aFu@yX+`=vRzb+GaqXeq_rE`j`A5}DPq7Pe>ieHX2elG zb>_*;(FY%k={tP&FFRv?{mK7WyuSBGif4L1TrE7q-Ltzdxx0un)V;7O)?KB%5Fh;= zgYSZvFyn}fKW0>g=GnS$F1H=MK+rEr|H|<(7t#y%!{&h*g6XMvzcn^5C(?3U5!t0_RW`ZeYaje<@$TcVn=$g_ghSDAvEV3) zZ3@&M#;Ir9554JlgRB&_Q;|L6S2!6`E@(UMlcn+tw3YW=2#&zDuAfGNW5Q=;brxy2- z=RBMg4~K87PPf?aKc_XtJ(-=K%IM2EChj(=N^SZs#}}m`A6|HJf!}Gnfw?Dl8rYxh zrGOZo^rAKUw0JapQwG)-Rj)689tYYo&SgW|`=bhkROy!-whGa77j0^SS+;M3caaG%=Y&^vPV_h9^H%06={r&C7~W%c~_zLmgwBoKP_e)lE) z9`thQ3LdnFO~8%K?eAqhqoT!foh8uvaK6sH+qP}(62Sk|u}li=NAnX$X8IdffwuYwUMlkby^^pB7KFllen68HEXhUe$WB*SRYtcuy}v z-ZinHY$lBsh12DQkFndFWR9Y;s1FR&<^BmJ6)s#kg=vhSRlcHq9+`0Q4vv^V7L(4xiFURA<$wAoipR%t zZzcm>^@XbHPaX)2h4=!4ABhJm4+E{Tz`=}BmX<`*I7;(b%r#yXbYgzxo{RhZ8V)gt z&kyoMq=3OOrGpcDKL2KX8m?~=pG zP`idpcy<FmD+6SvX4gc zV+@Kgyz(+L4sbl^-O~=~TgBtydlPv$t>}lGa@K#sN54YRc$I-0dHPud@@2iF7hWpo z;J*3nJHNOCX$qp+P^@`E#&&-x;5_p}SXmXH;UPmCixYWcY`$Y(vax|+erTePq@8Zm zH@Ps*Y<)S&jl|mGXp{Fn{eRZb+`i?p<~*bq>&w?~A=fE^Ub$=kp}DSHS0AsF!)aW& z+I&2EN57rsIe)rlo6}0*W=f!0yS$k)X?U}u!!Hl@!sL;5>0gJCl$fOGVi?Qw zb7i^p66>^Vn}OfJi~VaKL_qNKmCQ`|NZu#E1nJ?7(_m=SF6~M!LnkGDSsd$5@q?^ z5_wdamCo~OluAP`xpjUP&s`-wJ)rbL58m3BQa{UGy8SO-%M! ze>WCV|B0-E-)ma6K%N_;(+d;8=$pOnUG>0j@nAS@Z2oPp{=VYZ-uih*vee&F?lWPV z%4Sw*Gg}FqTLL4w*TC3(OGex$;}7KCr~W0wxk;=Q0UOVr-~)ewjh5ngrKy6O4zv+bt{Uy%Bad`%QY=j_bKE?gB)+9XO%};!ZI%fM~mqP|2dYBLB1n6FOPH+ zFZL_OK-m!D5T|({IsRN0KJL60JmzrZCjNbgd0w8UbDZ;dh_u?EDcs*fsJO z#V;OyuGsDGF9O^C^6a-zHLPrgb(42*SI9-Uc^ECtz@T>^gNpCETvTa)=dkDxc)5@_ zd{M27Dwj!4#<&Ov+R8DIjNo)lq6*X-i7|G$5zNuseMX6Cv#A}?BTXA=}u`dwwCKl%pUpb#BU@?>D7{hpoHxHn-J_E0;X!HJxif7n6JW{>^eD|*qc!vs(9dz^Nt za$qFE+GferkBop5)sI6X!HY2$S-9JklZg*$LsI$Uye-(^EDCv>DhRS0)&VdFwEkK9 zybq!+$TVcR-+Nwd?iWu_zi+;tGek3z&Gez?zY(u$^hzE={xguCJ1hN8Xt#CD8F4nZ zZ+WCS4@uU`*KZ*=B>^^cb*1M#(FU1q413bOPIRu*NLL$L3A7SeUIMMbd3jm2kgWtN z5@0v#LGPu~hf}5K%H8;a5N&8yh(#icy>%`4X3<%kcO4AQJDq3E7axm%4941fytv^8 zfzs8JaqX4j?!mLgTMz!(R6SF)vITuw=mT2T*W39c(H-iLpluDVV7gL(;^oSh8=Uht z)BWPKBna6p|O@W_TzxR$7WFGJkcxa2crig;FJdLS*Y{fIj^8yDhC}M7lUBOXC zobx(CpC!g7cX5}IiuxIt;fc-44Rj9Q?VJG;m2^u_xfIkxwIn#%qP4uH+q!M3*eX?ya4&` z?d_Z4cX%R$_K^-0QzbVHdt04$-_}7KoP08RT(-|$u2{RuKK8NVxRDR?ppoEAfwW}C z!ICDIRFYDGBjwCWG4h%MBL>WMZkRe+(NG5+s$p0lz1)ZD5yVUDt9 z`u4ks&Q%rbU)pZ+Xs#O+&Jxo;55$o^3#N7PnDdav_*pn=>#Sb_-9pcM={b*dW{rNe z>nCtVj63#w9BID$^o$tVYOMrrt^`_x^Udx1w&iP(0G}G-%juCm2im3wrnH zO)L^w?5%6TwFNj{D#{mm88sAKp`g=toK z4wo>^NiKmlP32HuWN>b(53PE6$Rpx_nFR+72IsuYjmD`J$(WS# zQVO}GIVud!OiAnvyxaR?@wuIU%W2FoI`8)Oix+QwE}^?lseD?VKfKP}Vq`wBUCu&v zPNOrwg`L42A)@{cYBt!mY0AsyI8!|-$pei;b~kS#Fa;SU{^;VDfaL7f z3KknY1K#+n+*r517grvT-R{2vL-~ zVa=hcqb=_0F?D0-Zlc2uTlnD$gERa>hbzyEc1&V1B-564SY?N^>P3JizcIs4hbsiE zx804Cd3nG<-+VwTb{7$nu8fvuWLF+!c6Rm*Ka#+p4Q|T)8d-fCXHMGaLpN}AyFR#~ zPw-e{zV{qXH}oR=QRCNBNv2lYaO8iW)9(+=n9gow0{*25C-Sij-_Dwm8O%w`1A1 z%%Zg}9&;XAgYzs&Z$sW;_f?Jm2ihES7JX^GE$GXKy1wraKb)!4hE@Wt1Xh(mYj9pw zVl8|tff*9uwA#lb9cEG-%_!aeEME{NV@{Q07H3>6_RhE9!+6jXSpGJJt7LHQ>A;=v zvwTuKXjH_S+8kxKy04qx@RLUWX2>teI4$(Sf}$+tO(47|xvdu^_ebBRVCw>W2k#T* z(Awo~i!vCWHKt-5QD(SMCJ~JduOy#(!=V+SLZei$XO-u0QFnF>H~hw$=^MW#y}%PP zSVXI-++?v}hjUYXc*)B{77+)p0TXeQ6Hko98Loh%e!vED+WXZ$MOWAD6wehu zxc|qCT^+iaOIhlC@$&7@%O~hHbgUafit%j*H?=+&K)|da_Fc{z$LGY~>+TkPy#y$K zlyf=T-@7Fv_i}DG<|5g60Xv-g#WRDngTIkv);%W1nmEk>RwAfP1y!{4dGvR+WUKFF z!qo8T6kq$`XN#Zz-d`ym4Kb=M4j2c+fCzM&FC+*PBmyBQF6Z)qr-ZEP6ll3t!~bw! zrbNr|@VCSj24^6cw_@&!@-U84J{8nYBk(8=BQh{iH-`_rkp~Qyj|JlDk1uez&*NfZ za3(*D#RzC`ci(nPhmjThl(VxKLnj7LP;;?^8a{yy9M$>P+aJ8xj_cDsopEwk?l!a% z9^oRax;qh9u^NDJy01&=+sBx;)^j}q&_)) zeyA0aCP(DuGIRdC zFS0z*I_SP!oQzpBerm9|nxW1x^T9ov#w^|g67Kwk#UzLRRbGsr$X|CHW5oNqS%%HD zo7&f0vs#+-u=(~^X}5Q)NMNA(WS~O@IX~&L0*4ynMrd2zd|Z}XTDq+SR*}Gl_F}BU zLJQkU;Oa}@;pn@?e)kpaTz#mwv3|(S)o)eXf>kBJr(k<__+MWhmLC_7bl^^1L0T0j zi}c&Q*R_kD7aC1Io|nhWZv4mNceOkJ>K!7OlouqED-ODsQkE-Es8az`FI!$(Eo5B+ zA>)Yia`N&%qHGpi)R_ezWvj-=#mB`rp8nP1vx7fWJU95Alj_gyzjD2e&9s!Cg052; zU+h<*eo#kDWU#ITyYjl>%lRBgeYa$@0b$VJEsf3RAap@h2VLYn=?3k(cfxrO;L5^! zC(q3ILmIP+LP}F*mNAu^Vcec1ZNRvO@$8+4UoXD=oj+f^_vkmK7-a6K?-Wi3&pLQW zhWtn?X6%z=Mq^9qk3Sm%id?Ugau)qu@@GgsZ;}81v-f7fnkCy^-#*`P=Bn!P4t=MV zu6%Vb7_bcn4+I!&47R{nvJeq=_?ZX4fqC(hU+l0zfdXtRkRz}oE)gbVV{kZvK)}_2 zLd-~DV}y{Adc56z`&ReuuC6-sIiLT(wf6cl_x|?Y-*`@)s@hrgot###T)A@Cng5+T zvp(iI|Ka(E!Kwu%{#xW;8oq?x3u_+ zE_~#)B9W!j3oxLo-ci zEOQe!KETQ3PcBc_JoFKlD4l2gE#o3v+4L_1SG7A983ARjADG?7r#*+r3EOy;0Rb4} zrA+*Yk7FGojLfHcV<&7`7D31+7ku25fV=z#>57G`~UF>?W^*M!|7RTE445;d+p3hcsdVX5mIk+P*cvKu89~Tdg z9u;Rg%NaS@nLI|vGRRLJVfcdVYH}vf`HKcR^FqDS4onB^F!vq4!;y{#8jp&>rOuze zJk!o$@eH1=+6%?->^+xmy=Vy#HwDFeqF_9ZMUyud)QFcn_dIG z2G-L+f278G`s-8o8ko_*XzNg)-`styp8(AWH7CFq3$d`M6EjQWXVc<(@JXuc3EF`sKe|0! z$7bjhN_}c|UnQEi`#2`LVTW98_D~CuFX^o1H^rMzNhx1j9kubOhF8nyaR=H_6#IbU{l%I7j2Hn+>Jl+thyurh!5L=49XsheYh-d*cq0a zTrS-8oryWEmA}+oH9YxpeknA$03y1L*GWE#=Q_ycYhFdy*Vtb^Q0LW90t#uCjJ9nl#I_q(_#qXnt zOS7Y$na}UdYoE78@|%+baE<5s-+AZj#Xo%if74L`>9X2-f9Ik*`eBSC5s#lUZrNc= z7~`15S=%Waxr#J1zFGV7vNH4}EEdlzG6>@-4@+9Jpq; zaM|gq8J9lODHH}k`y4IJ8C*}6S9vxx$y{F71Npklt|P{4o;`M1-()24=4G2coNaxi zx;QmCnNV0YidW44OjlMO>X{!x@rM`rE{7a5W}tE9&iD(Odw)w*XC;5VT)#Lk&h(S2 zEOnF<2Fcyd*E5ow9eG!Id5Y>^@wYNG<+EjA^TUhxY=?L?UGAIr{H`|cc>Ws)MOn_K z%xI4aLC+S`Bv+pI`fhJaRT-D!x~_;i>ZQq~HqaE?hutO(u)f|IJZ~2YmM!|4#N*DK zF9~dZ{hIjqYyA=Vz2y$lCEE9pP2e0XErw`i2NwW zdSwBqz%aqHJj+E<8JJD}EoA0TK2?p$KS1DOh6QUkWm;T8mxz5rsxuI^8+csYQOs4r z&Ec2YA-tSfOozHYMw6W{2yA{`>|>HlIos-JF)1nwkSs}DB3QIc$epyzKdB|-a6Qgk zUg~CE{YCp~lZJ)#1i-m$f80t>9{BmxxZBXu(7(60s%)MTFuN(-VhwEWZmTTb!+4u> zU+yNPnn&W{CxSk`8RR&usvOB_2q-#UwrxS zKTzMzM+_QsgG>!U?cAS$n7q$!sB8evw8MM|UsMyL!Jc09@Dd;wET!JoQ5w5D2d(jm z@}^x)%JUZW+&0I50Kna}Ot&+?D*=U!$G`mHPZvM?_Ky`GpS)+_WG-!t8-(HJM<0*z zE#mPz;2Z#?(?)#oB+o8$rRvLD9JQI|5jjt%3jR)`XM_RXo`=gM&{whn>H@Ux?(W)) z%XoQ7Twa#6+qhXu(m@|-g39tL!vSx}i?BGeIr5KmK~MTwz&W^9pCc)>>f#s+H$2+_ zh5ZFW=*IHW%NFX5@&bq_P~L%PX!%|0`8d!$5__YUijiIdUThudxQ&me83H&nx8hmM zj%N5oS;+h1QeSydX)R``_I3{NU+6MHjF=rkz(+zAFFqe47EB zXUn*lR4P}?{I;{+7GvI1-Jk}ThaYHtbgW|rFZHG7b(q5;UzWZh*4Nh`u0!sgXRm?V zs(~jSaQ?5p?=Khs?O*x++p6DQu4h;S{!sj)-o(D8M^=8s!tGOvPfBB9QJ0Si9zPzu z>pgtg(Hw?F96Oq@jjgg^^4)E^^Y2a{<><;G&)@SJ>#~UP);&vfX6K1L>|!t{4xZg* z7!*5pwz7lGIW4la)zO@6=S1`A*d0Dcy?UdAvdljhse^hGQPahem@NW0ch|pP48-Ch z7M#A5OEpr0(A_e_-9JMPx?H{p3!4QlX8ICCdb72j2RHuB0o8mFl)Ig0$=vuScN5ck z+9sMs!YF+c;GFZ%<)7t=oZYg{rm2Q>>AOnV?AspPExzaQ`-<;A_^k5aVL9OJyJ&3&QPFkqsRU-82`?Nof2v0hos?(m28r|YI4hT$!ezO; zm$3+0^Bu;Vu}m7~H2}QzQvsYM7lwGZ z6S!{y*`JU(1v%hMxB;*D+Z$tHigTkQGtRW@SboYueQpoft*A=|1r480 z^aB6tT=H^(p?Fwbkf#IdlI*==h<9$ zhj)vU%LlU&^^hKLu509p_U~@JZ1SH>zP-_M_<7N++voMijb__3>oxFHYv73ooS*92 z=?nK%Xn;4dCpx?Cy57WYLP@>=X#+Evr1E1Ty53~e7AE3Fe!d9xPh#9ZXN2x zFaZ}Ymv7eVSs+_m9o1>u{O$F}@gV!7m&=O|o6?v0x3g$Uv{qQI?@a>E2o<2Sxz%|1 zXYH_6Vq($1?5v&T?ns(Ni?*yY>8)I&2ic4rfB_Ntf+W>S;;8 zilOuX&N;u_4bNQu**s`J-oIw!77NMCx>$;4DlVD&?!(`!UC-ZFj0drkR}>h=4N?m z1nh41k)hDpus1L1?a6VXU1tx9pL^@i7XS3azc#%%(Evp4eC1`rU^3SDwXGApQIsDC z5%M#hFotl16ad`C<*9bM0#Y)z@Fj}xdZi`;bdI!)4f6oI0Gz%1Mtz12r_61GwVn#4 z4NyrQ0XRdAtg*`&zX%w(D`TXE>rafw;cv5}T;#Kp#JC$^a-`vSC=6+0 zE)+C`N4lWN=?KeBQ@RBDr!vALexwgsA}@4AJpJVC9Ke^I(5^cVrxoZPjNwZtsW{O~ z{qw6wHb103C`a%(J<|^0Ib+Sa&V1%5kGqF=bU($t;^Jgje0cJ@9iIi5eOmx$Uh;Eh z^C#Mn0^lCHGe_&6Zoqju*C^9R9hkSQ0}o@iQ-W#MqwsW>>0Fa zS$lrH2A*XN^nmlTT>E|5Z%hMwgHLNm&q?L;!5hnbfsA}YSOQ}+^uAc|#aQ!%Z6--a zfE|0lu?p9|fpeyk%i zyv&H|DfuWz4e>`-?!>fr62j*>Zm2jOmK7FLB^-9nA5B8L{Mgz z`FFF(=+}4V`erf3kriEL-jNy{p%Er_HPd#&kuz8(eIaqn3P%2Gcpe3?F zSH8Hy!V(d3N)c4SYDXWQfePBJej`$EC-+9&yMLFaE2C|pv8}gys=|0lmo|3<$r@V=<+z+c{=jK zcpZ2-Euj1pyn-&biSyq;FAy9M3VM=9%9vwf@x!9MQR|T-EdaS=}&UtjX9i;8bzdg=}6bFpCFx8Jt zdqYo;1d`FNx{arAqhUh_CfC2yA{V>+V_cICvV0Q_E-ypy@VM3g=5_7kYRIqx&kps@ z=cdFr2sqD|r>EGQ2DbE7=;v+Sa-pMiRyBKr&lYD|``qTuVXKy{PuFYUaciIloF8`$ z^!YzC8ras3Sr*$TSN@6LZ7R4=3KQ5>m5m7^KW2Mt&G z4fh4q&29q*WIWirBP~vqdP90@D)?eD&?lbT-qv5|K`NRJXE{F$1~8Cu`CokWw~C*7 zAcK{U;OOP3n^o5oCrPyl%Yy4Gb-V07Qq12jraroJ}6(BO3tMKxnz! z0O2gl8E5E&G8-@1c^C;yH{u`qLD$gdbO9viz%evUCQldf5f*-Ic9?e=j@qC-L_Y9{ zHbR)cFZMbP{_GexP?@=)#Pj1e1j!C|^_AHR%Jiyuc=5i@X6Afjjms^dVaRo%9nR=~ zcSm0x=mqK7#aY2g8h5t8U>A*Dsx3TDz?r$`f$n$tMCZfOHgiLLcALcjXLz{o;a|38 zb4C59aA?C2>oS#TRDbK3Xa|W0IfM);bYa(8;wW)T+ljWgupB+%t<=D_#tSZpKE8T) zY56#wL)X7+9k@DRy>zC1f?fm9kOq3d`5CJ0zNn9114Ds|yLu=-x_bNZ3zJFU6T>!u zB_@f?_STy5d5*zCY+0z2_u>;i0B2v&#BNp=f;PFf2uF1)L zErfI#&5Q{_eezE9>;!ry(VT!;9dhIHP`kLeS-so1{M|I&vGe4Q__#!{diHpke^N_# zW*dkNd0@2(z?pX9yXCx{#I7pZ4ZEN7h3KsK-cF}$mU8i)%b2(0Jlx&h*0mjPmUS7D zf1Vv6F;R)Hr=8{P3<6{**_nmj!d#SRYleRr8yx{SCs}g2oYT61bI!X-w!GX;@#}^S z^#bbid%vUj-n&1bOJ85sXy<_1QhaTZUaw<1O&L~?T8jBK5l5e1K{nc#?Q))WjBXjX zM|Z6+SDq#6ONYA(*A6}PvTg<&iKU=kC#hzZ&6l&AwYyoL@7E2-YOJ8jI-6VUcddPJ z@@Dak*MGG5wU7R;jSG4Ir>};eew~A9c|XtHq={do32@iIV4cAVI2k}|p0-U{Jnwm- z#7^n0fp$yVQ695(JrS7AeBko(q`1=V+A9ImHU?Wo20Z|({{VSyyq3(d1DQBG27|W_ zGF$=}^ii%hISGdrx){gf84$p8q=k;l`9e47ne(GLP6AWs0X-(3FTpoti+Ix2O$wt9 z1FZKvppCS++5K&LQJ)|k@&Q7-p=UF9OV1CQjyNI{#(;_{eJY|($zFYO`PG%=Zx2fbrD%abKZ&cum2 zOeXi_?nJSeOEM?17fTXUmThz5<;xjNd;7L&fD6}oq4P-RqF2{1?UJ$?j9zlyF}Ad) z?qhll^cq-11G6*bMN;)Ny#{&>tfYa<$x(5nGYPqr;9<+8b0x-4NFu;KEkSG|>pMl0 z;DCPtBB#)*3(yPWi;~jKL|T*Uh^wXu-Ym*R;%Q(ITJIw*UG4sLZD96p% zoGW-oXOBO)eEnuJyrEoZCldi<^|mr?Px)H7E)#1Vr7xS{G}hYQbaj;$jFS>r_JuPG z9Tw8s`q%}`wXVg;yftzvO8^N0Sj6HU88%_8{4I>S;#!j2x?p{{Uc7nyGsRoSf3x`9 z-oK%vHvSV`rujJ=vjkhs)O}+CnsiO|hsoU$wwdY)ZY$c}##neQ(_S1f()qj#=!f?2 zZL+F_T^*(2pMzJ!S1d?JG8A3rL4UHbpo6?M$}4QAcGfhUEe8z)6A&yyH2Db6mB ziof~I|Ec)L@Bg0~6CF?lECcwAaUjOMuw$HzcuJnTn>3NfyIZZ3F?b0BNO-BQmo5c0 z#+W>tTy1`$7A#P6Fxb&v>3vmT98XXM`3#h1m#p@~ZRtmU!L-TM7CtM3^FUwI{>Ssm zo;eB=cnYwMpK%_WAG83qfUWaP@P#sVUmK{K@q$Ot#q%Thnk*_W@$UARaMK2mgLs}n z@yLpJ>H^sVK(`}IL}ag-q(*;1;pK{p37HpO*vt5dUU=>mhx!5w-5=>*lvzMYylt0y z9M6W|kK*FOz=xXG?2kUJFupYWFpAY`=U{Uy(Si}WR#Y#iUeuiGjRjL&1DSNM%Be8+ zxsbPEtJktUSBNT}YWhl4#go(J?h4WJo|Rd78JEwnPw^yaK(MjhfwMn&MF8^ATo8Gr zqYN2=&L;P7RWZN((r+$)_5Ls1Dw%p=dJU|jfqsYcI@;^g_8M4O1KQE03qu}Ve$yt; zE3?^9LSJC84AG>_=4JI+9ezdBgO|)7P$3pgzFPzaOnLQ>1&U|h%GChr&Us@sa(nBZ z&P4`f_H&7~Oljrq5ne!Kah>=gFcxLdcz87)-LR;tFVJQ)LlT#9U*~%BsqabUyyU9< z)%3_VuL9=9S2=e1Mq1qM2&AWty3rz1mp;v@qAr$e#<9rdlXYKMqwiSAa+Cx+l&{J& zB56l?eAH#wZGzAayNt)S)6~{-HCF8S<0ygl^s%!jZ$|+hqxU&SSkIK1^72DJ*s;U8 zuA9(H=(8rcdC^T=8VInE(?&i~H%;li+@%IHMMd7ExwsIBQ_37X$S3k+7hjiQcN->n z5Z++Kxsmb3n87srt?%AB)_ZYG5OH6zAM zz^p8^SKsAK+_Zo*ghRl*;a-JiB=BcnM`^fePdmeG;Q$Iy({+c8i?P)UOo6NW4ZE93 z57_*)9jg&z6Cm@?zw_sck8|0ahk$gBV^DLU{(^5j`=K8zJ;!kI**0z2c1@S4D)DiY2JQ=OEV$J9 z(j3)=%`=JeN4{a_lE#kk2n%4={1PnmXZ$r*GG5|FR??z>+|b4D>)<6qIbC<83D6o~ zH^$fC1&=8IG`$=S=2oAr#0M=qtZ^et@W6(zsLJP83@9$Q4>&Ft&nJK0xgW6EWmA1= zwzOq0Yo$l+Sl`o8Xey~L8T?Rybah_m`5_tY$Zg6V&K(__q{GxSw^{Dfd!Mrgm*AW1 znf71i$R)MxqI`7qCK9CtGp?>Uh>4#^GsCnDkp8Dp&3vq8?2p&+l)Q9AJ=Vj+pU+z& zY&pBTYFwL5fsxjJI|7s+UBw!vDj_ehSR)?mlEB{d8t64} zy&C8N=j+vP&%M_`rv|tYmkBdFpC7032^c`0CS^7+i$y_5g>kojcQC+PDh+$dmT zpL}sv*y+^+vdB!6f+Bix`6I=;_O6cmz&I#=`vK=zbYEU*5uJew)ERAOUi+dAcA4(j zwD4}`!9pCsw4F=7@bPx0MZRP=BVc15;0#@zhnJo9s?Uwf&zqqMI^rWQt?x``t- zB0YAVJ^+zc4j?(DiTv?~yDmqBhuzIT@rgX@{ObOo3p?@&e{O$j_cs+^)sE*Ew!c^H zXoaITa%Q=^?DDkD{HqUwt>)XCOU`ApZq+Nf+usHA_p_Wq>e@va4-W*&>2v!aQQJG* zy;lNR5x5DP989ArFDuQaco)TUV=l9smSl$USY5p%dWQbC23T7cu=mEtzfgSR%^xl9 zAOBjbsP+Dn`*F|fzd7T2T6Uvf=saHPHSfo{J5S%}W(PJAdN!D4?c7}ExACzAH6#C= ze;i3+VNto_QKxmk!08F+dvlz}ShfSfmQneK7HT`D1xVWtZ0+2|Sb{1Ju?4Loq`4+EodV3%)h5|47{bh$&BjR66EL*qYm=6nJK&Ux{Ci5GGqPsl`i z41GU3WP}AzY<68^BRkJ;jO}z*nDd5@^Rh@W<0nzd@Z^?7{} z@vg>No*!-)llQdg=e8Yh8S<@Tf8|rZt@xGq|K2(*ZZz%h_{x7;{M@hnuQ!@!pV`f8 zpa-09Ugv#|y#^{8*d2UIlk0NMyF0tKi}(CYXK}J~ON&<8m@mM!1G-$qwv{?> zk4-f5v|C@uRCyrB;_n-Wk zPMkfz7tlyOohJcs_8rKHkNvT z|BW5Qp%ZLCT==9hLwt3v?_k2A5^=tCbsV-!3UzGB#np+<9zN1ZA9@JrENkR~XMoP+ z8elYWCU?kaA_3^~1xNzy54P_XpPYPT<%J{w?a^p#XHi=jm50etrj0!Fe2u;S#1|;! z9R_+!BYQmFwXq?>kR|4X4y;Fib(=Wag46Tx;}kyrbo7el63K_rwo5PZ>N}-KKL}* z>jTbyMoOyNnOr)eW@sA&y2|hEpfTB!fqDBRY2HqjWYv>DAsPT&zS1~)s-rU;gr?uW z`GiQ{i`i@7$=5&+I6wJy*q7ib(7;#|Q!cSPo_lfJ^%T}8VAl^gH_Z8$DvVDpWG67Z1rI@GP zrZ$sv@*P0kTyh?{o3`tCd3$;;tf~VY!6WRt?g)>#MFHpFk(Uj3@TrHpKLO5peBP(1 zC;W9VBV^2Ja~^H(I{hX9X9o?6;`#0GDZZkkHa@%euPJ-A!)*6=fWcMT6PZ*Ll_ zXU&ire8XxafVB(l2K#&Oe!cjG_kTh_=ZS%l%a$b{Z|RHk0Oy>Zyz>5wOnzyd*Ka=7 zggd8ilJzPZ>pb2;Ec+TpZ3vvyK+X)Pq;19cLmM-|I0IBeP6td=t|3d+A#D|Hao5CNq(NL}tFQmL&p1+qHI{aRb ziJ#F(<|}>Ly3Xm4D&psbY*ssd(lej=rEx3in0(C`B~5 zkfAI8To)Wi2C$Xx3JKY}&CU<6R_(CoJTst))p#SBr(b3AI5;b*|oro z9tK)y0WuGZ9f8c}S|o6BO!YI-nMBh7GFTv!3cXTjp%fF;n3#qgr1kg+51aDc8NF)f zAzx~zaJz{KO%uf;@-I`qraYR%SU3TeKfHSTG0wGEsCEO+oFN$|>LmQs**w6}+F>MU zu;*#Fo@brKB7k$G30`5_Lfz)a?NVGf;A|Jeg@Cf7AB5elU;2@M4h{>-H3e_v#<0T< zUaJDmqz`>z#}D4PLr(lnW`4W_J9*lB<1grP!5=I>xBqWiuq|%dt0+&p88@9`IT)y86Bn|X7HjHA@wfmK0g`QysL_lDy8^Pb!%-tPb#buwoajlliXkCSkLa=J;3kZA zX$y!um~)o6Ng@%q9T&U_!8Vcy&t~f8pM3kT6hHgcj}=GfADTay6W?W`Hi9Oe@A&Ck z@LtqJUksc2cECA+N#~UFOtek8sQ+7oi*dl)%(P4r&H4LS;e1sB$?ZU+dUpAR%5>aP zHpBYezMU*wzHAp>FD-?5_~fxlW>u=Iteq@7>p{0h=e;_{5x$FFg1$ zUX^Zz`FwNnXGW968l5$UXuQ&jk^ZwYcy3DOUlwz$A$i0|8E&^L;f#kfv{QCZnIlF^ zAGf@p)WU2$_3_AKO4{i-OQ?sXu}vZN5C~e-7Bt}|gs|itMSuD< zz{B=n_yqxzZ)&)WN%-}b(<2^?;5Byy{M)vqfI_q=M|jO_oDVO@9T@ctK#JH zzEW{{(6S~b5X+>?7EGFG*yFQYF~vkRCa%~lDC>r@0XB0(I-hx_2XCDce>`NH;uev= zRf$aumkJwg>C8iWA@a^r={85qVz(P`J~=zK2_e8H;1_j5Jw;u01EOha*(UQm?M7Q@ zOCJ;4w)lGb+)tSt?`fBU@xq!8`S* z*u}@^<-zal%s+$9`38@m34fCf;EaK`>DSahb3T!89+taVxU`wW@hbwJzrXmx{_o_t zS>+F))JDDG@UCHlF{QI!7nFseEh`UMHnDBnSYBTwmfV;DQ({|PVXg8F@c{?w@+yRR{w<9~e%q2Ff zF_Rs({(_t%rA#NahVP(hdd{?!D_)2Ns2t;Mq|f6SAH&4BP1uFTIOK`CF}hNoc;Q;r z8~udB^TO3Ra`E9{q6=&%Dvy3VSJ2By4VJX=W4?09j%nL9eW5QD{P`04tLu9T-j{;A zt{h-zoaYXLkS%O4JA;eY#nhI_0KCvyJ_t!MrgUW{tyb_;wQKgc%O!&XvDnFc(el!t zi~ZQtaMbdp;Ua)DmqB0Z>i~f3y#2e}$du%o6}>AC>UrsBIi`?J0nSzliS5F!d1Zr9 z7tQ?swXi5XVT%SB=^5|&=~-O@!2rJo1W$qCRoj4POTW--H1%!$WNU;qyD0qz5-Y5` zJ+u^|BlvL0rk}L79_f7b9erKQIr{!3LRb6iVEj}^d0o>o+~jtI66SM+a*#H^g;~0s zM@ehU!tJ)x6CuBzSa})jrRO{4XmvJed0I#qAodj#~y@hvs-|HFGyI8Xuz>ChX+7z z@GGJooRcizW`{Eapzmy9l~YTU@#pg=ZWv||iBc3uxx-W;Y&RdgfSBiZYECY)+a@Mym`0EDsmi-CSl% zbG_}yYM{oW^AC!jdgD(Qzx2Uh=jk@1H0qB&RDZtJ3D*UjqrV5=-0xstJVR+psnLZy z`hTRa*dpK3rLEAgLpaW9ChbT-D(ud+!`OL+4#H+EB2Va;52U=wBLHJ~hb)!6OHaf@ z6Th5S0LzfKg~J2AFc#WNyBHG{1{h6T{6YrL%Xe^x=pkp&2G8U#v`bnS9_k1Wz9<{A zYg$J(@erEQC_;={z;DFEjP58KNOJ-~ALg-WU33gB$>CsHNe!K2xB zx{w9mmgZyJ^}%`1=fxv!Uih$*6u^AEbx`bXy-<9@*Ic!{<^j&^lD^Od;HT4LJaSoa z$FGuY=E>=^;Hh(7`YB<9V*`M*?nsdq8+eyN(YP8Z7LmQH{NAn`SwGc*jK1g{*jM%x z^mPzeqk!5q^9*R#G1imScO3*aKv=yx0mDo_@!KSHos1q!+QZ?O1UA2I<*5q*n9f~F z=<-DO>s(H{kJhQD@BO_7HlqO_Tj}v`ayvo^^Z7#>i_0)e=V_ce!r>Nfw~dEoB0uwy zX?)OHrVEHoY#IF@@nTYFP}-dL%5AYqz@aq zF8wmPF(o z2De`dhTLiK#3DaFAs_29t7VJ>1d)RF3*VGy#DpEX3xCz7O||cEuF@7d9_jhwdk+6V z@#VwcC*4c#tgLm~8}&EzLHf(I?YFCER?Og4OT*=X`3~>FV5|!T4-}@CseAX#o+9eH}vC^uvx~ zPKQxB;tPT{k?LPKD>KmQ@7*F)H(^6~M@^9?{aKw{G6`R8&anNm9rzWEMiqbo^_pDEw-qx|H_Scrjt z9C5+8PIT4ol+M7U9O45*92_%gN$LK z9QgAwX{;}{_;OBCX+r~-44zNx&*pBL=RCaPtF$<>4X*G_ydw|nL(TQhu0GM6{gY{M zo_CaS8rkS*=Ix~Ic{j3Z2(0#w*}S5qq3BuJ37k?ia95DpO}mNw!fvAMimS`il>X+z zmClI(>cQ>b*+m{m?xE^T(*CNL+j&%eNNAd9D>_o@#c)z`U zW$GpBHSnZqpa-0vv>NN>eWo<9v-Oh7s{5av*yLq79&C9*;K)l;_tcC-3gW{ik@Qvad zZ~mF$@+fHJ| z$M|Rom;S?enV&JAk44_*uP!IW_V$jI@A5)AS6TULgz~z)C=CFZu`hw*NfcMA$2kpg zQAa~HMt{+e#!lkmho1PM?-<+j^#1&bii6g34*mKI2Lgk}4|p84hy}s(RuFd zDztFrpY*GxX zF&F_D10?cw+R^2ElEq)HM>~Zt#>)-ZtV;(kKM-Bl&d6DvIG3)!=!R#mX3lCZCub|X zTU#l!KG9klI2e3hFOak8&}|pJFT$;- z={3-6pa-1$HqdL}mTQ1>rp8-`dT73TZIb$egawc$gEk+mPsn1Ds>pg&MXL5lVhoTl zTc1_y@;}bY)BX~b?E{4}LCe#pi7C^&O_<2PomZZJoeKT%a~gQL-V~w*5Qc^M?(mLw zX}?%}tYb7-fQ_{)j)e;6D_&kP>FFvffQ8bz#@tIB=84?S#N7kR!-JNWbXdG4scX1Zu^?PUo4uv;(8G|cp#bPzyt z-Y3{$7RJGa44hVa!u;n8e&5~fKoa~SP4KAOUF%V3yW5ZF4_z$$(O0gsC@VCxMrF58 zf@fnE3emyLEHDEAiF~{BOq|(K_vJhPp^n@5gLYH8b%b)bupo( zaw$)lhO?aU6SO_jS&3uqDBRhHu%5c~JG^{*K;~S`<##tnYGFkNI*0#p**rt(>)$^9 z|BAo*+Mg)ic<_rZO4bG^0vc)09DhJxjQ(igqv8gtx&VJkOg!`fPzHTl8MCaW{Wkg$ zX~JFaQyw1Ui=I9L;Q(R@=S42Sb5q_`K7xg|91zNP=#p=hj*w;(@-@fK3kAsa@ioR! zPeF(A-__++v90;Smdb}a0B7W5%tL=Z_6gQ10rMCOp#hY}kDNhA9#Ot6?dHbR%MtMr zj$PLg>0*43JgdC&7Yd98#O5Yss^(ALdHx(jrq?@~VQlN@3mwff9kY=Mem;KK@f{rF zp`H1hnN0h}(8i5t`3#&GI8Q8~Ao_PYBd-0~(J^k@ns398UC*RB6kr7ieWow&a-EVC zJ>407sW`rT-;UC#vD<*x%VP5i>GND08g92~(k(S2uvc?u$^qz0omw9t+}s`??QgX* zQd_kB0DZ9?2=*|4;Xqh#o(&D`>njD$Y+voppQNL)jSGi1E^twO*BFvg^{!q6y#{g( z^ni1&jo#gB;FfA&pwAWeho9EPb8lXYgg)VCF`@~h%^B;f1^h(lSC7ghV!{}UhaiO9 z!}P{jJGS}sk_kNzZrc@*rH?coWP+G8784cH6+BFRyG>U-`r+p^!7G)w&<)7C6@7S5 zyMJ|7m~_D+ICg>Y$?N&WI+q4^OHOP|*mIde-ubDQqu?CGoxuzGRPCG7giVY7X{6~* z`b*WCq84;j%e7#lDVepzsqZ=*(I&2gcdEzsHd@zD_zi%zu3NU<^2mw+okQLLG4Kbt zfZOPlo&~?}M)UKaV;3CxSX(c5M3Sb-s7rL3khhH}kB_zvZMgIJSsrEm&-*NRHlc?Y z;H=%92I>Hwlt4Sc97vE%d|vMfX8)3g-F;s^_`SvV-u(f6(tS_efltNNFWRehmeEay zOzTVzbXS)%_ge*f0N}!Cv?Fp|`nvl2f|(ire8B3naO-#@QGo zeZ0k+6ekxCif_E}KNSDy{l9E&u1T}(?4^GX^rAGz@@e0qnzZXS4Dr$50DKt>e1~gL z%-T`^!4rxmcOC|f=Yt0Q$1eHpZH{f>7#^OhejGxiBRphFZXM)sc`7j18#Lk22e6u_ zjUBh-O?d2h4xWTJneKS;DFMTLY<0Jn3vkqq4N~6$aK>0Ypg74f81gzs|H?6_eo5av zz*z&;RP2y7%1uP>o)XFt<63>3OZ2YO1Vq!HJuK%#F)*Y{X+13J!+riYr-65wi|Jsr zrJdk$zO>wBq$Pxx@l)XC)rpQ~W2f|~;N~O6&j%ctqweXFK@5P^SVz4v_hYwn%4kbF zpg9-z9qoSP66@LWDsU-7-TE9N)l*{N@M-d|?jjFBU_H%cI|$6)^KhFjzeWPl3WK$<8k}*Nd%S3z=#wYV# zoH`0;1!t1(G<9A(gXgp`+1Cx{@7dy;T+l;Wm`|Q6z?t&x4*a}rK1Ia@NMW9tKj=;M zyGB)dyP9FVU;z1d)$f9AI>_p6qJwnBsBZbApM)G$eQ5-#0m3=(0hqui;{ggFU>@)F z1`pqz#KJKLVyvy_iDycE*er zU8kcpDrU^r-T9;KhDzsvOj@Q~U9{D>sMCez?+JSiEU1B9fx_py`{+6^|J&AG zLtHS*%chgbeMwer-wTS`ll2;SW;DOO&f7;H!(gJ}`cDoGI?PSseoC)$K3=4>E(-qG`jRn9ghdu4|)rZq|$%Id& zt3rIEQ{`%jO~L z9;wmBw;JAFpY?u{w|85htNq4;TitPL0`SNe?GYbwbU^@X{P02-vD?>qb3STU`z6CH z(`oLDJ95AyPgQO2c}(su^Y0QdC$GCpz&Su2+Ij%^=%MYi{yLkw9}wh=2fwrU+T9=0 z8Nr`n`7gjB9|!9xZn59$Kh-fu1H5$aOFAY%I}m5gsueNA=o$mIw5Sxgw8rjcgyTKW z=mx9Q+K|TDU;XHB6@UG;A1OXKe%*9*m8!=2FM-i#>CgNCoNXM>p4S|)0pP3-KTVg9 zh4jA|6D*^aKY2fm^kL^o@^Ogpc&_+M3mm!zyW^xJumV2k|1=I%QDmsXJm+%ULF_y z$U#^yH@Zl3ttl_nKkoP;gVT#=S#IL$JG`MGJ};l^!t;*2kZX2`Px5ie;lK0M|E&0_ zU;6rtj*(?5r}Dy-mbs}p{smxda+Ym1>fh5uer2-KQn8e_`A7}sokQ)C=EwaToabCO zTqGF!{_}tA|1SRUk9@cI=_nU9Dti&K>X$Rqj8r!LQzz5U0bk0h6Rp)I)NbV3(lf|` z;Ax^;=4jTv3z_0vkGD+pUYw^w13OzUtEZgk~Gp z_bmEUpE6xcd^Z*3^@T*4WX5_D0B01CPnbE2nx(>tokJ}RX_e&Vb)B&&pzG2txo^BvBB z6!R|Ca_~Ck7x{#p0~!&Q+YWMgNYLgo=CsXj@@~(+IZcGpuhr85msNK1jSKKDbX*R* zEax355S*H9#)vN*{M*IX?)*@3cl-q#Q%qk}`Klr}WptBal6`;oUh(|hSFGiFF}mCE zO^Vl@mrHwBVDrfOO*i$t*zH*iYhIES;=Qqa=j6@eCx7iv3UL1U3Xe&gYpZ8e^z{H5 zA*4;yucA){4Ss%nbdMoC0A5R@zR$QoSeJn|cm|&)`kaP%(qRCcaR!dv4$=NnI_G9(HQk}JY94uhp_4o;+??&a zqq{j=TD?3FsC9gKU)<8p;Go^4O<7$nk~=DTlNoH3SG#V}d%a#Znsv|Ynb*M1)(aZl zFSR!Q__63>TlsTW$A!L>IJI5Rk420=(_RC&QUg8Ud@HM^7pm95d=2n$1;E?HgUu(} z%LC4XVoz^(eG+~u0KDr#&qTepo|q|Qb!T6iyfW$DgsB2>O&nu6(Hv(xS+wMci8JSU z@fqf6d8C9b>a^&>X7{7*P_c^wS+ue{x_d$1wHRuWs2&z_RToZOWvX*n%?}j8C4vvH z-soU}96jLNp&+%a?z)=S52*jV?yLOpIsc#uJ7lW2pK83fVdGMQ0|CrH2N)5+MDVNI z2B3D7F#wHvy6^|!6LRI?SkQFal)qcY?dc~vi+IN_|2#cAwJ`v&DEjq0upPc3cUvB| zi&XM`cJH?oUpxGv;<@cF8=yh|Vg$VPctgElLb%4--F$cd(*~;fPG>8LKMYo_ih4fR z;@`~f<`8Y9-L+~i*JcCBSU`U*Q4xMcTSuZ~u{R*byIgq)+kcZvtZRa|tg7z&S1ujC92F z3$PhFp1oWeXlD!O9VuvK&ohgTPi=ex3=X-FmtO$s*k@gWnkuV6*EWJ5qy}4Q09O<8+iO*I(W)qC7r+yDmK}+KzNL?aQIZup_mBCptpyZt;-&Is|g13?ua_b|_JLt;tCl*!O(9O_zMpR&I9* zdg-1_4Q%UTKYIGv#EQZP0G>d)oY;F zz>*p`)ln6rt;1q}@QTh2erL(ltCPpWR7+2tbaz}ly5iC}pJ*~E#xzYko5GBE(Lcr@ zCgh7Is?n{P+_@phq&T#rBt90!5n=NmT_rdG(Z;R-X7gf*;adL&_z5)M*unq zax$Q5`gybb)s&GUv+a{(?>kv&)hXWHrYVri-69- ztKFUy?;igH`+aKXH|cW0KUBQD{p&=|&P?fN+2XcmbiFZB^JuhP+&%bI+17N1uD~;n zY%pWs*Xng~y}~>9Jt}nrhEiVF*l#Z}rOSW({$DD7=8YdKj?P(dhhD?>LZEW`G;N4x zzA7ob>i)7RA^1Z90@! z6Fk?2xs?<>cJ;A5O^uzryhK^!9kl@G*daH|+e5nZk9OCVI{LbHJ*pj_Uz``GXD0$U z$HmU}PH}R2DgdUs+-tQiK)&M>e#?wlv7)}voh|4h$^03X9f)$>L-2cW&g(I)dYy~T5E<*L%l zR~--G&*Icq$u075Al08YxC30KUjl$)!X14T8h&|NXssWW05pDf#@gd&3Pc*a${)&{ z_ssyF$&2tXkvIO_jSNwipbZzlb1Ef;b5?r(fM8~Oy>zJe~gMz z+Bnpj%XVRDsl&_wLWiy{G-ig$+d`BvB@G_3r%f(}IlcR*?avqoP2@6bM_wM2=mCF; zn{?FQEVp_H{1VSRmgnMj@nW$(5ID4Ttm861u=*lT^uw4NJERW=pVy1^x2MV3UAaBD zr#U#goqawrjm#Y6(Pb!Om+6k}O1YW1gM)+O{Onv`7wBTea;`Le7FiZu5_};2fV2Z$Civ*`ElpWj)GcRx@>K_%xuN?d zdppaySnTxBhpfvnu2FYSw^_S%Q4r?~sw&$w$@N76{uJi4EEwj0Qd#9&_j&$zhF`MX zyj)B%YwGg595Jb_PR?gjKkks2gohk;f0V=R(6Q^5G|(Rm%1Z>b`@L$)`io@MNb?2% zwtVa1br#+6Ep)jz<%SVYzN-X1^7>rh}OXs!!$3-Cq1^%j~Xu|;+6 zuet%8dEwB-p_-!ZW1Q+rpUYfNi$B^&QygKW2Q=and%&#|9eqK)a#X;nK2_&4^{)J@ z;K*z))pkD{KTm!Dtm%%?61^c!$en{c0r;h`t>XFdmy54z$Mfg*{&lqifRLu~a8|CH z4&lYb^M{`m&{dPqUOEWa(avWHUy2oWNV!=14(jW%x9p-oE)3kHQ8QHgT!W)j!-oQ} zcyRh&@i*T1(c+gs_=W>IWY0ZPCHz06|HMJ~&4>=rdb!p0|fxYFBi`k{9L8 z^A5cem$!xB9X9bMpEZq~qq|ePqpbD#-0z&?ZZAAd8hD~La4`HradOF|xd{wy zFPcxjd_l9l^}HV9hfKHiAiuAL$EgxBsnldLpIf%GYmJ$goQZzBA+8$$@I?WW-ulGX z7gn)gXwRc7M&}d{UlpkTO=%{5VwtCyT`=XbEL!HvUrkZ<&EsFCUfvgz@JLzrNB(Yy zj$OB;3HrOz(ICQ_~obF)&PlQd70u_~PbIM2o`7D78w`|pq;K(01^ISA53<7Xgq zxtPvR7ie{+#qmfWIesqV^8VL8#zZ@7;!RirQkp5c^;b=k=S8}D+K5l#fayMdaH-(; z-uZ#z^LxMDn0kryx4mf9%&*I*y5)@1dv{)u&RfPhwL^|37;6XgtjP<|(NJa+ZZJeI zETm^H3*58;e_!R44m5#gXnz-z^Wx{<`g6tKedo{HbBOi<;7EI?ou@XM13cm&0Kq^$ zzXlW9Pp;xx0rUP9eNioQO0_A#IofpCkpV~6(C#Sjt|eb_;t`w8R6 zu@vkIp9eUj1EW_aF`h(N@FoAC$=&Qg4%&z(4ZqN*?@;#o5|=4pPF{R%L%O^U;qN^B z7!8U74f>#ug-mfFq01w{-l~n3lVnAD+@C{ z@FHZQm+I9W&d|8oDt2_P^Y-9*pC{`0jjBocSHswkzdk;^Mx7>WlfPka^NY z``C;u>vD;bzK+;*-aWrw z12?UK9&o;CjraNW8n|W+aFHFile$G?7qn95KE?>_?@%p0~wVB8(_yk>B zc*KWYPZ!~C1I+k>8{m%e0XVa`2Z&@bb^A?s`^n|cbzyGnzAYeNp0L9`53ub>YEhoP zooZfu0%DqZ0Afa4xm3N<-wc=mXp>=w-#R9ExADkz-b6$CoF>Kt!jKbCsvWSR4Al|z zVE7pU&);8s>EL$>Pg9)I*GQVgxSlZDm-PJn9gflHIC{mZKu1>Sc#}9nU{)aCVaxpr zFaQ8R07*naR9G$TEYry;8qS5Ul>9G|SjN{^kM%@35mhaHVg=j%Mq_0#`5e z(g*{6q`^;F;}_sGet7VM7TsJ-G~S0UNLVw`|7yY0F(n6}gC_KhpLqH&c}BSBJ=?c^ zEK2||bX*WfxTi(YD7`GN<~}^Xr~(Z1URGYDM)@5O<=KXb@zQu&i1a2s*gvIr8mLRA z7Lxu{!Di%2amhtsL?k=P4_&1^DPe~z_(a+=2X?4W^Xf?65@pBF>9cmV20Ic>C#_Z} znFCmxu{lA~696mWYL)tR1I{pnKlfQMk3PQ2KW$Fsg061nm90BKeGv18byDjkrM@cbggNlOAs1-VxZ$c~U3Z%?wCA(GIHG ztTOrY`DGj9j_`TOnc}w_#g@PkG)x%z0Unl1gPPdza(+P@3$XS)W@7}62t56wcI>{P z$ab)qlmNE2perY{gn8b$nB2PE_7~d6X(Io8;S*u#GP!dpQ+SFOn5&)fy!_xo9XF{y z^3+Z4#HSkD79LdH@ebx0sG+jNLW4GCZRj!UKFZK;N8<^*osyWmIPRvGSd9H$<&W!k z^)}jFKi*fm_d z^U1^Flk<0rUwinIHtyUTzp6SeUz}7)^JLfJMz(u8Mq@bVoNO8)^?@z`cO% zGbNCIEh0BCmG)GQ{Vu?~A=NTLynC!wV{3Bud;~ zXQ`CVLE1#)lHzxsN+Y1v0Mw2`B)+`xaCsts?AWE8Yq%aC>2g_uZ(J&hpO-C+1sG`Q z4{3fvO*pve<@H?ndI0~lOl4U}$4dwJdL4SXoi}{KlzO98!KgF_l8Xo9XP5w+U8c4Y z2Q_xk#}X@lCtwjepz&I3Y|^_8aGB$g&` z|4*X)&#KI<$M*H2{U|#_{b|s}g&)& zb>El#Db@f-YA`w6H^47Vj0ar)r?4GOz==PZeA_0*SNg1wmFU+#^V^I258pI*RXye8 zGUk}o$c26Ll4}{%!HY$bFNk8Y2)!)~w0L6i77LV!hgrC>(}J!en=ERe1q!#2e_}gz z^MzYRlsWhJ_9aJ@LK(D{;-!|U!^Y1PIvHSvT-WK=?Pd;O}-D?IKwB^2j_&oV(bMzy7F@>z9Jf!0n z{x(T+KnR-s;iq(7=mYyI<-L=CRJ``+r>u)TH+t3jo@+xDPu*Xak;0Mv?x7Y*oXxy| z5xEQiAjd$o?}oM}YvSXwMAITIkj)AtI)h$q2GIGs46OBtm}_XqN9W%ue)8A;yW+3C z_QS=4vvf{nv=@{SZ3e!%*x@ECo=BuI6?Wv!oFL3JeMavvY)~v~)4q{0ftn^$#wPkL zG@id_P8oSN#SZQ$zlSH8Ggeb)(3-9Y&B`++Djh*KfXrLu*TP$#$P9=;_Z^&P-6bTPg} zn9Wr&h|9(b02cNSe=8iSj<$PtA zvq~Gj&`Z)I)U-Wh$GAP#xv{+Ln>A%cl@YvjKhyYppi8|0pB+F-sea?3xY@3tuKTL7=7o-khYf+4e&CZzQkQcPpjcr4S;9H7w%Bn(Gi!F+}G$& zYpMHkJqsG>kJMzV)u5n?3SS6&rmlX?+MU(c=_hSX#kwL7>Q4R?YIU_6T(EDg#R|$EHKd*6&-q` zPQsn*H|f#iDUYYEmMmQ&2asF$*12WIU^W~*l z0-W}A2I-~F2tCtRDPaJyFyrE|_@2Y>E57H>_t^^{J8dI~HffiA`5s`i^u4r^U>plD zYCO-m&du8mSteJVWc00zdvB+Og{+)NfUi_`M{$~MJ>9c>@ z3i_g-&?fL>)8+wV6F}(WMBZKvI3uAeuTjtd8i|bEywf%hVsQP{MeBey+k%w$E^Ven?JAq^Ty*A<;L^pa>U)O7i>&Bxq4rHulq~e z8yB$8u-Cu>8t4J%1(ej2^cq-S15DDG)MK+?)K7kMF)z7KW!rcu)&OU0C`%i+ewZ8(jfteu zT09GM79aDc?W1zh^5|;0H|YREEGo%^-FqP;;kemp*=^>@*0eC3m!><%Jhr~54jtw+ zxIH}bP5O^|sMGuT*Kea0MYXqr$gj?48s3qXJnQMIatbH6uBPPy(*Y(8fo!#Qghrid(dEOoz5<@3} zWPM{zN#`B!YZuP;{)+tQlK`+?=Q-C|yZoso<674^&qK+vU4oSBa_maa#ewx~cwW$M zfBD0oDZcUAj}{-DzCFVt+Rs4e85fMgeNZ?Mi1+-+E>ZtwzA<4K2 zaHg_4lF!In2@u%q{m(h1zQVYWDCxrho%9I+W^DX~Gk(Mv9bhOt!wnbwl!KQ#=#zW^ zX)kRDuu^AvrCi-bnYW^1#3O$p6n)S0NYC-mZ}3XxGHpk&if>FebUWze(fHE?Yj z=mFrF(q!UXae%KKY`YN@q#y<;AavdhiUVJl|TR zqFA&s!Lx~VkcuZ03S{V>uu>CRQjD~7aoa!L2B2X#F+52hlgF4$R&9N(bXncS8u1}1 z3kuHX8%ej247T-d!CeHeeZ-S)HrT1%Z~VhsyTeFvmdlz+3` zm6h8 z_>L~q5eq@rCf{(dQ+)a0_Y_|_{DES3$Z<*z-bK2l?Xnpj?!PE~0c5Xhw)CQ4$8^0o zCqN-L$+dXuIwi+w+*@UrcAe1zel>HAwcwa|Q9!aBPOhA@U*{W;~9q=Oux{ z$crx{f(AMVrD=WMFTFkzFo|xw4+HG_^T2dKS_CN#&jmN$lJk1?a(Qf|+27wQPESwu zJDI+yiaJPXqgRxyr0Rg8!(v~@3cW;C>*d?~#l_XU=j*I|ufF&ji`PH+f682D|YC3DY|^YeLT1$;OIpGXzxfTX-=w=btS(AaqGyJ(#9CE=>kPRnaB6K@}HM) zAHRwQ^io@3v)`eU+R!STo~AUztpn|P_Afd5UC&Qb%|5+l=>g}bw{D-$=6ShzR z`CNby03W7pvRMsxU_Ta!OgufF#i6%`;@5joD0y>!DkQ?wsfYuHV2WqD|B0 z*9Dx}WxTyD;8V;wisKBxS?*|8sb4iqnYaI-4Vx4ub4T$3ekflf;4IK_jOUy5*&)*mFH`tdak%$_c9GwiiC!r{F9T?M zF|IGqgJ%cD@W0FVG0tutX?#l0*yUwdEJaAju^NmIXO|C)pL*-RFMjb`|A&E-U0i5i z(VoJNI>(N%E*@QRdHS4ho+fAjU8B8U=^4!N69yWW;4Nu_haF9!@LfH(<9R)@^VJ6> z$O#zg{A^C9et>-iK+Js1fJT*1cTh~M|N9tfK&kQxnOq(C38r|3mUkztqYO2 z2A);{W=I>r^Kc3Pt7nMJ;#4kde)gqOIUX2Wafn^8*z|8?pxj<|@h$;po(HxYS!weA z9Xdjo>8|6FCgOq@fH-p=UW6eJU^B> z$Twsl9Pqr$bZ;0ypKHvgsa9(Tg@Be9H5=a5VHrnuetpP`PPz^8T{K;BIcHrgI{0ko zoI0ltcg|g!Eq6PgYQFhxBcT>KNly-hSt)_+4R=d+*SN`3(_OYvI;BfeAd5lJC zKdbP0TGKF&upH?+b6RxBId7w_y=hKpgI&w)-sqkv zPm|ngM?RsBwi01s&np0vMcZj3+jkB5LyVSD)<1afFBCuf_Kz1Q7mIxw%QzBkG1_LdwLFe|uG3hak|lP@;x`breCCn2 z^&x-5rq{%(Uln{XqV(|`1XM-~3E=d(ozpN@GADupUeNOFMuC9SHXqUpSlW%p`OzXq zV9!L6U|?68sZ;S`aB)xvtOM|MImlPDT+Tm%MrqE^*#WGvLD@TKtZ}}S&4~2J%j7=z z;LpQ|L2o(e?9{V=Nf%|OyyyC&>sGu^s3lbv!9 z=xNL78?*Ez)z=v>SoQ$4#}nqn801a$X+hWihw+9sxVn)x1*E-gU##5GC9jXP+nJ3d zz3Da3Yrr*dsGZG^mbgRbS=1Zj$nlkb?Z#1%2ZPV+S$3fpah&zcQ>{0>25yH2o=Cv? zzxdrhUi^wz)U6B%j8FsZzkwK!3h8+Y`w`C1DfqJDR%%n5X{jK=L$bj zY<%X{4{nP#2X-xUBnF^;m`j1`oC$X}S?&C};B%{OTRqy6%@#@~tHNkw{9mN0ve;sm z6t?fEnN64$VZ@dEmBE!(y`;lH6Mcj8|7gd@S07m1s(*a3ru@o0f{*1@TbM@NGB$hw zWU%e%1}$i-c_v*{!^tJZEtBUaX*pYwO9U^A6HSQ#V4p4n2t-@vg$RxL@Zhkxd-q;( zrq7^1nVH@$llUMabvUaIDi?M?Y7*ef0CiE4#n7`0Cvs(s2@BwD##= z6*aIZ#oph&TkP%LYam!B$eCa062+~tW-uDx)-sknc+Atcj-1j_I6=KuzFA^E|F`*B zR+giS4~q|uU)Lh~e)03~{Mq9E(Q8?X#hkRG0GmlcyNnl&i*Z<;ioBy8=kDkmxg3P? zkIBahC1)$}oV6QU#*?iXRI|B27!f;pxlqDt+hg4Y~62>={| zfCD|2zl_XE$TKsmZSo`?Hhn+I?MH?%CfRw=0=Yl_=)n|hMn0DvIo;&)JGkq73FnvR z8=!Nf2^|Knup=J%{hVfh=DU9UMGd?-F01nk4>5FJp}g=b!pZ{Q$kpvx5Id!*0zV`((WaHm8C9 zNR7?uvgE{+62R9%Uk8ER?K^_yHefiW!>b9v#6?p~O}u<3Fq1GAk=mnChT&Gcg{_uH zpK5�Q_?v@K^wI7;27P%a@Z!H&#El=(>XIdgD&BTq!gMLQ?3g%P$dp zOVV|JqFYT#=ALy?3uT*YOM=e)M5^ zhI5_ABKa;xlj^yNo_5h)|DtG0I1O7@f6l)>4=!+w{)27Dk}y7$KX2<^h5$#RdqXo% zK1Pr(6X~(xM}Os|7IH7rwj(`xkUqC@o6K`|-crUY;L4}hx}E*}n`-(#ei`G2KY9MM z(dfNh_n+DQ&Bd?3_d~_=#wgQdIEDnbphM)bG4S zJf~w+Rxvi`Qay84dl=4<{qXdS;)9c4EAAh^R(yE!dhwmp*A@0=adyE=wz^!AGPRi$ z((J0Y#dxlC*MBpwJT%%YVZkeG!Xh8sm;iWVr>*UhFWWu!hn!R+VCX~__71n0pYlB7 zg=zUL)*OkpMlx@6-Ui6mn?UN<7otH%c=*d^@lbzq8NI){WF;?ly3=>zZ~uIAL|!K6 zm&O><6OZg1u`|?BE4<{z|KJk=&Se~B4xrkP&2X^V^QW!x3wg<1M&e-S`B(dT(kbLs zLrUiK$O<@|#xi>Wudyn2V^`CazET$v=XGt|f}qh(ZK9-YZ@x3_Bl2=v@>^QdL^UdM zF5AvPN2lx!UM>ccp#T#-H#JwD^04y5BlviGAwJ3K)U$tSbCGT~c9{@%5Py6^Z@I>x#US3_AkZ7T4KU)~!ZrTl;CUDE=K?;_G zOr`?_W^#!8LKD+7{bjOCJP+RV@Fit$o_q}qbrgp0T29@HUCW%QbfmY8kJGSJxD}>c zte8BdNK@H57BWe8Pvq;8C{s#kOQLeo5^0!(MxS%=hy|bT{Abr7K=bL<1EX1V!Wz8m zc1&cQPm&9|h^wbr#;>B-ZY%hom$+C4#TteCF4fBkgOX zb210o4F?$U=;)DyEj$_6!gtHfv@f>E$&>W)n|i+wzof7A{i>`06VSGof%H*NQ&3M~ zKCUESqsq7H%Vo&jM%A8ml}YA19DS~Mbn%|r(?tbj%1D-QwwM3ClV2#lefE!vmv{c< z;;V;0SiH3J>s4;RcAppRj1P2fa}G9Bn9zNT2$5ZBQ$4j|tC~>t0}aOpjCIEEdWKBh zXk@g1P4eyvP@HGDK-&$Hl98;h`c?h$|HDr{X_~;h;IPKp;J%m<;ZmkxEzKoD5ta-LE=@$ zPxGHfRUL?D`UyGZm(znoCsljO8=aG!zZD%ZR{Bu#5(Hk#lT)zXzL_(OVlW_ya%YFMHZt#l}Zo z;$2RT+LH9)y#}sD1M_Fv*ODzvnIQKWKe9Y2P}5U z;B^U2ulJ=(xp>Jk%Hy)&iqjWrwnS36F9L&rxLDv3mKK1?&FDfp%%R?*A76f3^~QsD zGkxF35shN(>?-r2yuP3%56_$YS1~L^^Mx-w@Uw&KO21fhCO!Bf&2`}m^i}fRbQ;EC z7L**XvHB%~o0e*Qe)UWD&Mx%A=~3)_+e{l z0GvC>EDr;v=~v#jxI7HweXAp}XlCRtc}>G@m!Yw1{1g2*BKL=%wM(&hak;)hcE+Es zGE9nZpZ*j3y)gbt@x40Z`7^u!YOy`uEAH&SIeQL=Y}ouR?bru) zG)woUcg?0s+rA1>J$d=4Cw^XU(BrpvcE(F91lh_;6h3#4XCsthES=JNdWDw#FXT#e zmVwC_amW!r0CUVpUl(CKJZ&C{G}C+}tCz#uA8G7p5d6Kpoe{!{%V}qJx zG(DDMa#K9L|5{DG^6Hsc_IgpRi~k!EK@Jllcj+g;2e`}Y$k;X05-p-1bjM( zdtGDTuRvgSjyMQhg2CzlzITAhTn_@TtLHxbdK%y+Y}>W0PyE7M>8A5@+qL|01l@Z3 za-s{{v;&)$ERWOJ!bZ0?`!rr6$Z;nZ+7ZWDn*dhXKJ-}&&rDGs#5`f&V$wP)sjoT+-Q=L!2P*(jh^t~z4AShjZo#k6~9 z0TnGyK;J++|Fy-{=a8hc&VVhNGF-&+Zx=7@ewWT~{FXqMZRuS+Hv_cMBb zhGYSc#Yx!$Y(@ZYtEt|uQz-JnM4tpGjWEK`baW7Y;yI22V48k3DebdUcCD4|L}xi; z{M>c`S?%eh|I>Dq-rAGWg&TzQ;!Ha=*x@2o{{4B#eBvz!0y{qJ8$^p87ukC7x#Sf zvF30e+Z>G}C7G+8Og_+a^y#}-=jOHB=h&u!tvll{OrP)p0`qXQqajK#m}#0H6Cqpf zG%0Cg+lTiWc(ODAIK=sBzH50pGuEK|NDKalHsO1+N>rCt7b6Wmtv8(S)g#RB3p58T zSyxO~NKl zR{`xw7l_Fh%8=)NO3(hkNx9|HKxP*6S`1$36LiXxpC#(qq4cN|O)CWYuxPa%gbHV& zI@WoqJ3HI@oOx_#RC>DRzxm=9imH5)WtvxW`UuVW9Ozh+GhHS){}MrTulkST1hbp8 z>tJPN$Et%QNt|daVIz3=^E1~=;*(stzEkL;F60PV7EM#7Qwgg9OZjv*?|9oTP^6uV z<>o>#+tsW#%vq`31AD$sbBi&y7mr>oA}j@ z#xGs&7d+$TTh0%CSUv)u#{kl!T|L)#B)QJL7Z5%g0#*~ZUmR?|Tzqi!OU1`$ZyR7~ zM>5zJ+MHwVp5K4SJL&`*p5`}OU!iaav7}km1aH!lS8n45v<#Djrg^%EkMwz(Q5-KK zJ`o>w4v0n?^58k7LYjT5%Tb{xKLF=JS>Nms=0eCZAap4}$dud1$H&Fqo?eXW8F#L) z9RO4@$aP1TufF)wr;BgC`%dxEcfO-%)>u1^hjy0%YnHve-GcNNO1G`E;A3pzr3bQ{ z39Q~$8ZHgwY_<1xz+imX&2=+5k(=!7db(!wi_LQSyzt|ss z`UZA8uPR}?>?tOVDJkq`T=jM}za8C-TzxLC0WP@X#X4*4-aH-+jJKZCaYl!l3!U07 z^G%JDkEb+!uD4MGqob>LZlheiOuYuKO#{PXN5Jx3Ee5k)%YwUX*K+yE$+czv*cfZ^ z0a*788{XpH8GcEV_BXXGNQ;CgRV7TCa{#MzC0Z6T7DTp-OkqsKS>&=9zqoijI(c;Y z&ElS30&uSL(@-y6?a3E9*SVf|^{Bh}h&+;Dj9=HEf99n%R9 z^rR0<5&+$BeVrWn#)sF@R-(vwwYoUwAj*;Fbq2ih*JSX--i(-Q)5!DrS2`c}AC6{a zW>*AcQ$N-c@;zR$$NFH3Xf1E&zjAM9y%|6_vOe`1cnBIe8NM$g=S6R9zT?5XmUlTH z{pu>j(a)3*^*~Tw&x79M{Emm_!H}hZ`}Qc}0bC&znp$*n+U#|f3hiwzW)Jh;Ang_c=zph%#ifM%O3`3=VxY! zV&2t_iHl<7hL6QoYGQshw;BLXSyb?IfNOynk!0ZFTp(=5?$YuL;CP5f?u)_e>1P!- z%wU)OhUMo^Zv3lsYCLe`U}MwLO8D;{gSv-i&Szd;N~#5*{=gt`#<<5Z-J=fOMLBPe zGHp?AA-i&QeJtvRT;dLQSt0BCs}tT9pWp>o=mow@UZsybEu#qzKJ>@n9KETV>b#== zkqpP?{XPv3UZ8FU|MNfoFAGxOaGnUufu}A8>cBmd;rR06a`5%nUk@%W&)ooQJ>6@5 zG{(c4H+U3w16eqqWgsS3qz;?5yd}UrAI4*!$IgSx=Un^zDp*p6v6|}xMsMo{lSK-> zgb|u*kuDO#P)zXNu@wa6Eih*HxUoUfx#`9vt8L)mHc(cSJo_$fHv|5SZ#ZbE(+ci@#?NPW)b=9crLA zIPXxoJ?i~wU}Rp)FLX0@ToN@er@`woP=49a7uMH+tqQxk+bXLIV8gap9IcLKqy-PJ zfxnW6NLpO2-v5vxSzJbn1#lcUGoz0Z9*CX5DNix`-Z)x4WkCK2Bh@5J3D={;G5Y`!xd@G+EUq@M@vW3xG5 z-MD$L8$yEgqOrCXojp0Y_f13-}ynopNckU8nON`h?seFUL`~xm4&aSPA$z4%n#Y z7?~}{$lIWAjKJfGB5mV+J9BR-$HN#E4+DxY4QALa!^U9jl^3&l7JL5fci$A}up5AR zWO}5q8vJg76R&D`!?Rg{GIA@Fisr20g|`v(Xd^j&FZ*}QUvRjL&L4a@&tC6d)AXm_ z`#N5oToH028sc}>z{GLa`4@d1<-)h~uuxrAT*;u1(fsMtr-OIjdw1}|_dg7N_~8c` z{-+jt#5~YTXbJ`MW!_d-bTZzfPf=IP@cPBjjQ%gQiT3%R`ldz={N5g7>^&Ym)5fCv z6@fUbFQ( zz-=|q8=P;eu^#@8HK0qMc`ZNJMKImD6aR?|WAC+m$HTKz^4!@o=BwY~Yyb1Xlktyb zZ2rrFvovRR%IXf0+hSOHVDZUcr0~Xy1mA$2;+x@7yRvtkrT3l*XCeN`gTWQg-eXbCEiW zH>>0`B{Gp7^pSF^Zb0^MS<_gBX+Zvr)39Qnf&Hd)`5)B@jx&)tj+qUL4 zUayhrJV1l7#Arxcd;*@ljgP?9)}G_&D(41ua2Zd2lqLX6J42mCGFEM#2UE z)>fP|bvV~G#!i`jH3k@&`9WcRIxWRV*FFPoltl@}_~17zBWuuS4}!76KlnJyTUiEF z7Q24lIQtZEwZ~K@q{oDi9!mau=KB)>Ozd;UMzh0c8<4>zJp>QYmgh02 z;KP&4kYHk9>v@9MR|z>RT#>?L5rza~GY0p?6m^jU5#@Rwy{V73sPp_pn~5F|p6Su? zmG;Q^ouJTlJvH|YsID<^m_6L21T#x=y%(mLmBR8Z0pEJ_+3a&U*qj#L&YxRYf~^zj z5%wC`fd(dowA6Loy=Henphvk?4OG3J-&NSRAIt0cq94DlYWd+K>kZBie~j;~gv7Bt z((A>%wiXFb$SZ9&;+x-f-@HbjJ`W9`FK*b^*PHd!f~GCyYtsc7Bfsf_p`CV}9&_h- z_#?$^{&mr`DeXFi{U5U+!z(ll2H{<{Dksq|p98))$MmPg_XcxgRUW$FFf`-kOx&>L zn+SGcI?Oio|Ckf;S7&-%-eRI^9@xLr_0KhLaL^J$=<~XN7`1jg zJ~$DGx?03v>lSb7vP!XB)aHXuwnO6Z}>BW_pZvxQjmI`R@Xq-iM*=KLwb5;IDLGOLLfoZj{J+d_+-^(G5RDg>9Q$v{&)Nm zE;W`V>R^61=~x^861Vx~Yi-DPaWQyvp*ZH!>G9-baD03sUF0#);iZkoCjJ)TWzv^7 z^9LFVZE&hEb+7bUo|L!fZ5e z3ceIk57291PZ}W1C1G|hZXV{F4|`JMosqfHHJ%UG{-;{2kuDUMUpoQa8Baao`=No} z;Cw&E>49^J*YY#lEJ;hpQr4+n9lN^uK?{Y46ZfqY?hXpXVdAyzxnj@lD#c>74L?TB zeWYW(t~F7tyR-Rc`yjV>8l`c}VoSQoiS_dmdxi1IqB-DV0ZqexjLj@IeGUZeG-rGv zdZt*9Z;gNTAU6@T`QLF0Bwg50J-Dxl3?dkPM#ThV4)}c3*fW7wN?itv_BNTTHSh7J zOho+HJp%7a_b(>Dkf8vNK=&Mu^8zCqDU4grU&eeAqbx<=vZ7X41xKw*I#euxu{Qsb zIV;uGN^SJFsatR{he%up@lNN#1!cVES4lDFg0INi_+JGlFz}Ek1y_ z0(xFJjO8tT`Mzmjt~r!9miN3i3r<>C%t}4BH zTN5TXcC#pszAT6_M)n+SefZ1UKI=dS898Erac#|tb0KzqzP9ck=B?genG zNU%-qRf9nj#39$+49+fIX<_WfLFOED5wB-A^!R39-4b-`XIbBv=LTm($K0POj-d0B zkJTcsuCZQ(UaVQ{PZ*6ivoAIOlcChkap@&bG47G0w}6W};Hh7lI)lh|_2#-W8C=iW zUn}7cEzbPq5;LOjdsLq=MnK5~<>@Xm&P z!rIVQogF!iq9w1YP+s+*N}=BC^6J8_rxTs0@DuZqO&G7`F}^5vjxR6QF*6G$7Mod` zmQms5;MM#$i$F_jP(Uc5iC(>~ehh)=zm!-Fpb1wE(iC(raKx8X)}3i5!7qL%JQ2>CxVS1~4*T>hj84>F)J>qlXG#>Gv?**WLkJ zJ;?*pKyPq9umO2E?8v*so@Tz#%}?^MAnp$#F>Y3R_3q(l;}9g_^}FNo+cFsZ(7;aZ z&e>jlt$_hjE>df4D;;vfuTR|f7ptF~ax}G}(^9vs$?Bhsek=$Xw&d~Alzb+#U~Xz% zrEcwx1@d$*G*OEMZBrX^p}a8E0W%{uWknc&wH!R5SNi3PXUg@|MK{5Q;UO@m7D|q_ zxh){aG7h;Mj*D2GcyMALa3h852N(=-&qhDDc#zS*AW|OI3(Mqq_Vk(Q?^+&UEW*(x zv_f0m{kf8*@w?GE5~>WHHZSNyCyZU4)2zY?NUxD1mQXI-s6W*@XUiasSSGyx& zAS7YH@=d;C4h2L#Px`L6#IYNo;;5R(C{$}Xa$TeD7|$jc>W+_2Wi&q<9F31vJ{nwJ zUYd99iC*1*{pPh9J{S8o*YGO(<^1K~Itx(|^UrxnlclT|uO#LNi5W?o8{ddko4+z| zAeFB!{QwwquF|PEaEdx;SERyOz*z|iqn?U9f*12(fbTSxe?!0+(rkLB8 zgXhnl51u@IGI;q?p|%u8037M#=j%|$OFV12&ZIF;f_Qu0w!oSy5F$Q#d*FdCAs^y6 zV5pBWd7+HFswn5z_P~>3bo=<`M*Z+4j`5$!*xH#)exL8aF&|7kRnjkQ zguj_7j`EQV!B3x_YU8;#nqyZM8<F#TE7CV(S_1@@n**$65 znS#l{Tz5S%e;EQl513C~`a=`T)0^2BItSg`nKE97DXoGbL2tVh^RhZ;w@qac-@fTB za`3ooFhrgX-+!=goIdW+P15t*ki4GXm)G;DoH@>9^Z70T^`%Fvf!^T!Xor4#g5&vc zq*v^?xJ2SM?E2=lo^thG%b}CI&sk8h@LpI|G_$q5ci(-d z2YALy-l%MF#XgAuO6 z4P+R_n&i;Ts2I$UqtHFSJ!U`j`w#99&E`hCu=&_{8N=vEp+^|oZ@*`uDzEyh`QW>k z-bilzbT#<*{^Y&E z`E;|z;wrQb3nsjlpX)}}z0=^&7S8foCXjredJU|u0q(qg0g_6q_s$`CHJt|>SMnHq z$jKIwW{hwtV{scxOO9g!9*fDc4P9q_?@CX>BYfgzMuNvCgNkh;sIi?5&uv%aO?f7+ zC3NFsw51a~^We*3h%O-#dd}DVII6y z*h4%D<7pdjWB)m5X?9D^%nbZ&@~FEI878lh^hBNvR^B&9oa-?e ze-`0VpRTq9wMhw2&&i|vfOTvkTd3-=Y>pmO_bj3jS~#{^T9FR%9`u`4u~8G zuJK@A)Irmn%vp?f@-XO|NBNLzzZ<3PB({O$Sm&5xJIn{xd63A{(;+8;&&uc%&$BTJ_6>pxp_8+4%E5s>Fi_bzo&sa z>f*R7$7uvlM2z$2^RMmRz6-u@V?NnrTuBwjdJ~4X2zZ!MPt23sj8(mV(=i_Dqv5f| zcIJ(-sk{yQ)N5d08o*BQZ2XZnZvSLoBzrmsrUBlpKD!~-^U!`IIp4M$6#!BujLmO2tHKgUdw0pl!{yTKJ^;7tp;>Yt(4zb#|`^n@ZbI6`QQ)! zmpr` zq8;3R-pN?3*Zi5Y-+%wT&ExY+e_a^^0wH01ld|Z!m`_GeZFAgh$JYR?KvTcONGbcP z=3sp%y${zyzIUP+>432_$;>GwkEFeVR#N+O%5UR>sDZ8zEZ=rtSVzb_xVKW??E}ehx%Q)Fx zrp+`ncI%v)>aBv2-X6f=+Ru5Ibsm@pLBovJrBI2RoDXY;RzV~2w_T!jV>8$p zTgw~gsWmlx$q+DlPrIu;k?+~X;I(Z8wL>K}aByF%6#ZXwRbgB@!i?my`FY^y8fO}b z^WDzi4X@8RoxIE@;ly?(gcF--dko!vd~+T3)}1HEsI zSKwVI_zOc3xO#n+QVF=3lWmryPcE+S*ex zpa2uFk+=6-y@jzVjRpmO(K{BXar_wbF)>&%ekopSsSn-2j>f$DPt4if-ne3@o61Z6 z<=IOa3jF-S$jlswacdiwu{_N%?7W`-rVV7JdT7PD;yH76E^ow@x~~m19zBs~ULFs0 z5ml$bdlCHBHU3aaBadNJAFdIq+^buMaZE@mWr3 zC=X@-2~Z!&i-{7sF>aI359X`~PDs;1BZ#9s6 z{T0UMkT-;>%N_Lw=ffRU@;y8moQ~hqJW!}0ZTfVfSD@?oO5ma(756FA0P7??_Au(M zk~p6%cDSzBOjWL1JfuUdoD&#ec9nRY9pm_m@h@d`{z|_W58pv!SGw%+F4MqJ#^#TE zWAidKJ<|4>LM5Kvd?x96*ja>b(p&P^H%bsOG~E ziPu{&EKg)$j>IhvuQyy;Y@LU4J08;Y`Qd3Gt$JA8qy^HAJex6QthS;7>c!+&x}o{q z$~XImr;FQi_9TsN^FDi+-D zQo}7vX})F z7q36)KgGP2Cd`x4`oes6qc>)QrbGyhr;20v>iSbPH^b0xH94F|_)5v^N|sVX zDgk1B95ywqR>A}Fde9w4EWC2tFs>$FTW_z&$UL=8KYa&ujNDUgCKt5hybS%2`v=2h z3I&$hV|2Ue`nav9yJeX3_K+j$&>6gzx`Tx}8%15cZ{YAe8Jp9LcE4b*IV23fx(XIk zn}?J#{m$GgT|rC)p}In!B|p~FzbbsHY5~T`1TAtt7~dEJUFDUVK~B~1f@d=iPiOLs zXN>(pr3()&elzg67GOn3t$a9X(aKX}We!l3m%~A~oS6jDtgeUf^*{@~f`9QC?zg=v|yf~k>N3qBB_%txIhZ?Uej7C4V9^d%iMq+tA z%l1UV@sUm9QK==;MnbRzqEvgJQuGoz~8)tFBm(Il5|F z6A65GUrc@}WAkscIKAB~+U`rzgmoWv$mU*=ZPYNpcBRP}ud`T`g=z^d+N2nQZDN{R6}oVee>~Xg2CglD~0D@8_cq+ zOPzj|U-j1T^QymvBoGk{1k7C$u=V~{uNm^3>(%sAU9Y-5u$Rq0r%}ua&4)ADiccLwUeB1NajQcHU%`Lgjz|4W*B{y<>;}ID^f3>A)h{zR zkIlW=f5*9$IX(C*Qt?{t3__-G=|J^n2H;3N3tIDcRm^^rTjTtAs% z@Tqf#@EjPp?VR9P*kzDI$9#lRkb3VKjj53nZ&5Zl3|`mj_bKUXiogn&Tm7c zcIVau&d|%qO2ADg{@d%*-evBNv>W?ud3@+QEo92s;`&bWrFxo*YZ}anwIaN2P3}kHn zSPQVvG;=T}EW2jKx!fi}dprCvhc`;uhGgsDNjh1l_wqhdjsK~PkrtxgnSETY(EDG5AT~9R} z1uDqkIbaFEKk*++~3O)9PhL7vkvTIPn)t9<8z&$8N=T%dJkBQ^w zgBkL*0qQ=JwgHv5^C$L7`|0o<8O_<)YuWtUCx<<)`=){C3fFQbMO0mX^Doa2HXNPIDGs<7V5b2W@I&u@-#gIUX6$CqEy& zGGlWaFHxUpq>^6S(L(lm=JEE%h4=rg@RB|nYX|Wqn_9UyO3u}7%5b8kbGZ^_QJQln z`8yWwx1rPqy9__^JADH*H{AGqkg>sH53;bA2VkhUg-9+_UIrZcIS+Z6_HGZeq@S)$ z1dT?3?E&`)xJ*FI|Pn!jMK%Uh>b*VjV3Xmlm_fJ^fVjsqvJ zreDij(L4xwFrl#s!znPU7;A~4Je5(1gmDUwVtY+kl4B$aTD0fm5OS|VgT8HP75&bTflAn)j*SJq9`NFSKdSx#DF`_3HI1iED4@D&X@=!enx+YG5!NIYhum z&iHa!p*`mNSo+{x#$dZ{vT!!j-&^<4EeClyc*yJW@-o_CoNR{E?~|@S_JBbT8NkaN zBte(@oL2A>?d0|AOAgc2p5vojho=wY5ue;cI?0mGK?5&lQQ!)%Gf#$e*g9E&@yDVPs`lAkyaSPd`^M!{eobQ@VkkRjg z>dYoqOgyWtenB6c@DRA+4PChY9NydA_~~BG&S$PahfKQVn1>9g2Hq&g!%OCY&-*T; zoqIUD{Eof;9lER6$1yaUjPB9CEFTpH`?yXAeCVp_xEM|~N$(OKSous1 zFVp9CX;Gfr_Fsg5uGhd{&p%siXsGcs$#syLqc+tvmIPLxH;ZuV>1W8jwccPkpMRs@ zD))Y0#Jy=v;w_(Jn_}(zABF~=%Ms{o_FJ8;^>g?z`0Kg2zZziOh1WB0>RjsgY`S6y zqx&oI!{og8a6Z6s<%ZF{mWj0-HzUMaexsA^Tip=$7xV)hwtK;nZt3l!-Nq~nlKH$a zSlEqzx=C#7vyb|bHn@4F7^v*Fy-C8L%z_8w^7H4<4b|({ugwU(%-FmM-MlY1+bj-A zc{zu(+*)ti@u2K6!a*M*#%(!E~A^bm$dTA z11@76ws9JQNE@hmfbw_oo3u?BVTvGJ1b-VzHfjZ|D7K|Nc{YrVYK{SUmXN zHgW$)^YA3VZgF0ObHg@vAH1FqPm6cYQEza*<1rWy<+W_FmNTzq?a<986mJx3w@_g?AkJ^$dB1-4?H_ z;o1bs7IQlww&|E*bjJ%k425_cVK7t>11%8c(Yi$Foc^w4gauzzFK!~pf)={*$=S_$ z%j@%UEVlEyRMzBRj_8m7z(=20m?zk~DdqeJPw*M_k;5Hj#?=hM2(&^nT!N)f#7oX` zQXeVkM;`T? zO=GmGT+9^txULGmGdLC=b`qBJOe0>L@6^XR899vPWnNv6V{{X9H}Wus#WAo^c3gb7 zCG@&@9?85`)+a-$6pD_;^ zy-{U0HS3-`!CTHhn4{jut~w@0nco&BuIUeE^f6LJ86Z1O^xfzlxENRNTShWA|3jb~ z5->4;8k$w*?agh;*qnH1fxLBfjC&Ygn-GY5S3%LpwUECP-5X8x_M?Jk3|`HD)6{k4 zy5J-4VDpFZU`RF;oq53&GD!?2ziG{5@pYyPEwapNB z!%dI%K4{?S=%c~;?8~(uaNP$Pdmax*1H6I3C--{3xcN@^x7)ebJ{(CO9w)uQc~4`? z$uTZsEpw9?srOnAP4xL8XuuX+S`=)$u-KL?lc8b|4&Tx%i<>Q^f*)V-+-M`D%fYKx zzIwWzdWa3$s!O`)wVT`)a;9tNqiL~sd&-WhyV5|Nhq9bN$sjBfGa(<;ZoC3|0wdSUiNmu;ZUP=Hs-}9$S8Y#uxRvzGUyhqHa~(6`b#37GKP zPPKU{mnU!szn-W5QJ?p(>aM0o!Y`O^-9t9|1sy+5x{mgg)22@iZEB~rqrWMyqdiB| zST5+-+N%7g#-yJ_lZQtP`jPhGcryO60l$&4=grNRHZS7Mq=aSt5`4i!@YkuE70DP* z({kYT`3!ECH_7TKn{~D#xqAp!mp>DsqbY;hxTqjmHE(Cah3tv=#@zP^_NjpD9i83?06i$#$p{ zBXX_~5i>2UXV>Q?QuFmx+wQ|^#1EmbdMgXMiZP*NtyYNswd(S4S$oH7TR4u7jxB@+ z@j)><5Yw6QCsromH7tg6Nvoj{q#FoSc1uUOcx~uuRRP!59&<9<+cpu5IU9Mv zZz~VEZi}zZ|84s(gKy)Du^>eZ<$T@+Ps?;qe|zXqSZo4k8%^NvDy<^RE_j=ap6Rz= z*R0v+8=-F+pH&gkH~Poedd?h(6LeK<4mXj3>v|6!B*_zYk-zfFB@vJ(bAO)o{kKr)Mdb9q+~4k zBzdD>(6;W4U*0FMHG=H8lF&9WM}qG<$*LSVw?oCTd|%g>r-Rw>V(?n=QqdEC_bKsv zVO(nr38TS1S@prueUj$k@>=zF{!R}ZU*3CR|MZWp2LJA#ygRsW%G4oe22ihXrZ!K%&(>p?slci@?-ngHk$IoCe2! z2F2ou*F-S_Unmw~HC6jo+c=8FSAt6=7Sn8Wra0AUrE4fyY$NO3JiHdMMooU6N8ReV z%bDO4XR-LKE;bWnDj{FUm}*xm)#)$xIz2g+_xF{I&e~i~-pnV*CxekT9J{{K=A_eW zg(1;Hv<~v&86B8&eIX;CT*kZ{eY*0{QynHY5gZJC{^oGdh|e+)u)JTLh8t{rrq$3?#@RjQ|&MDwAI0vub%He@qhM(~bqqTdyW2n+A`7#{L*_bcW!7^M; z{BK&9({I8R8=y6{ZCW=Oo+$Ls2l5Wv>e*eg4FeUU(PHUl^M+nAhbYIq%j@!Tv;*6ea@cx1($b$X1TN+=aLl!+ z<2auOIn5k@^s)Yhl0t8JUFri(TAC8v!Gn7W1Cjbsb|WvG`3Hz949CH1^feia>z7HD z{XPdwn-4% zmpIDdsPkit?!gms@d-V3U*F}sIltBvuHy}QCT==dC`kjE{ui2;R?y!)$N>%BeQdll z`cKLE91o7o(9F4ae)Emi7H;5)elcgryX8l|F#0Ddc`0yGm*X`U4VClXuD@>jjCG3P z3@tX9qz|-s*zfp_TJZ&~c6vGFD&_pTunK$~riqhhqYrgI{kgcT-aFU(a*PH@TzgW= z%S{v#q=)B8$BU)z{)_Od)p*#JCx!FJx-?S1m|Lq+-yYQIz4mbaSN{6HGx*>B^1t1S z4oAA_bFbx-lAiVnH^cH>c`cWW^o3pnx6l9=U_C0)<=1z)&%649kA)GQIB_FPzQ2n# zyV1hiqOm#WbiFc*RT2i~JaGfMxY)@dc2P#B&PP?>>(feO)`X+k;E+SI;5A+fzT$YD z1wt&Ux_Qc}uV0Q$1izpDr8svZ1ax!SdAW_!ayiqy@lCXJW@Moo+VJkX9$ArvKT;`| z*!Q{aZNzX6y#N#CHhv9{a2T9WTc2^#GrF&*;DP$4_BwpmagM7CZg*|X*TK>7NUym6 zWbkVG$ws6x2>BSKYr`VKMI8gfwflrO6sEjQH8rE0k9)v3^S+3GcQwvWJO0(?U&!Nl z$~jq__f}ho%6w_VX=i}ue8AV|rp@i*JZi(?ofp3Y-t)vS1~$$>QvIPPb#?u493MM# z3w{GXeex9jX{St{!{%kqM#F7(vX~nMy!w$KN8Dz|dovg>Suq4%!&~Du+K?mh5p+X} zFxo{uxjuyo@nG5{8DANKzxC0-I{5S7{;y?CA$ECOEiC{2tirb)A!C{o0c9TM#oVCo zq*yRd^}71m>~}I}R{P~fci@vwIa)9IID6kp8NOmj)pD}^W8P|=4L0}m2m&!q#O^PYje0ug^Ieqr{2!J zXY=N>>ty(z=DM6xdSmnE%Iq=hOas?9Kj=F3gMMkX3)JYRmS5G}Om$;C(re$d@`i!M zkKgF>ienKb(CYF<;w{On1x`#b&b8~C+s8j$g;Fu_Lecve2y-t23gw@V5X4Tr-5j^OFK4y5;BNy|E`XafmG#`sfjJsKLfED`j zLuP1r@0S2Y0UGV|2+WS%Ve&EvqA$50^Bs4WVR(jy8{uem9F$z)K9-!@_BM`cfmjIB zAsnRO75PI4eoaq!?KxR7mag~IW=O<0{P+hzKC2jf3tkIez!m&ZCON&RFPQKq|289I z)CXa^hGtD}8cgUY3KfJLsDnUias}{RcI`gt69;9R^=n)r!S%Gb0y>`@Z`9f*#QtLeA-h<4}E20*xqCH7Q24Q zgPsSSQ>~>mY6{ymDLvL#$8z_)fL;Fo_=z-_eNA&5-vnCG4eoXd3Xfp@*_PR+!FHy*W(=ex+92drW{P!dADeznN(|L}UX&Qof0xRTN*#<~i;4IZmB_MrPp3@zu*?UPV{J zFa#d^BQF;2%j66F1fNE?JVUAmiaPE3anLt@3i`xm&5x~|-E>vwm4Rko813+~ivd`i z2hMlYN1jlakt-eUy)>Q>Ql}W3LMJd0`i^mGV~p{P9(6*|{nwZ)J8TuAe$4j;#LIlZ0`8WV-)@`u_JxyzrN9NRg4b$x9c zIma7liFT%Mk*$a9N^mQdia85EHYaq^6`S#@`VMx zztK%zpLz{!TLb^XNB`#F|M~6zv~9E-`Do8^$ev8v#K>SkH6AQ&|>@ zss}a_AzTne5B@*{K3%?e8$pI)h4VlQiB|NByzms)p~(a&<85B?uFb&>_*|37<+^m^ z9knKpix5abVrApW%GEs-pcRjuV{Ed{S+StEfIor6JTSvy0cT?tW$05bb(Z=rFVShO zjwR|`KHiLYqFAWhi(Tm<`^)*KC0uhM7+;r%;J^ACRi#xZs#;kbb+t8iXson(B0aJR z@wE)iJY+}@8XCK7uQDcxFvj^C^SS*z?j|pPPmSSfOKHwu<^cPMOtmKli88#nUb<=7 z++6~)>t>rpdV|Kjo!`;hJs;~g@H0u(HLrHfRgZs{8ki^+F0tf27Va)7^|*Tt>|O(e z?0hr-oe{$Mj?H+dHy0Hryxnv0_$aLQD|wIfGBmH{7Yd7UT5`<~AzsVp^Dk7l?#)_> zt}pZ&SV;qiXl!1I@jU~*HTmV>&Fl*qZThE-dsh8}BuBi<*hG+rEBj1UgMu&6Z7EqS zbeDN(rA2V!I&j*8RK}UE6tKVmpXYY4g|EQtoU|Ds7WwRk-vVPRq6iP?I=F=+nJx02 z!{y`iRN;TlXJ6??_0kP=0*rQO5RQiAhQBsF8OX|C>l#H?CeQ#l*1Z%rBs~AfQVPV2)<`;QRyQ&XwiM}};W%KUD z3=R)Q6XNk<{uBn?Qkl?nqp?HjyWkarWuySl>w+)()6RLj$Uj&~AjNQu(Ws~^`J)}W z?g2`xE6qsB?EU|4wV`?+4E;wlgtPcM}S4OYHY(*3baX zdR(*IezFFFzDuux1J=OR4cD;mbmc#?w>G%fxtM>gU+2pM=K6lJc8?9tcr8CIyq42z zki=$TLxZcEZ|~=b^j!BEc+eWiZ_J1CZ2qOasy*-DGI-FVzHi}T6Tz3WUvHK4x(nlc zp}i_YZq!N8EKHZt4?4DZE#T{T62^5(cp2W`EM0cXS~+u zO=+ky-Rttk7*U>0{b7e26sk1u)6r!3L#56MiEqL~fB1*RkRzAD+A;wghV9LWIP1w}bs=dFJdxK!=7etO4ZrBfXNXM{ zFPlLaobdrRFV_stpis(jdku9VTXjCW(HT4mZ}h?B6{*x|Ase2@=C>#ia+6ai42y`N zXS~Q=7Y1RdlKzv9XfU_}-T;fbC@;%h&xzmV@ChP#4|yGzx98>5qp7qy?YuYF1iYxm z+Fb5>@MiEzv6*k5puHabL~GOj3DY_y^laydrixz|Wp+0Y-@umh7v&<4!vI|)=bV8D z<3r~iG3_}g=c;!;nAy8aG0%*LY%GJX-BI2a=7vGgL#8u%=N~Jq$n!z(?Yu2b9|E4S ze*2FVcJzGiF>nuor=Evi1G~_`4ZqB#*Ymr2$ns;|_n!A5WVWd6dtq=U-pY|)>0sd# z3GV%Ke;YTn4`@GjcuYrTpz)-Oy-;%NUl{O)9FVx-M=pUQ{dWLqY0p`@3`RDSy z`B1NW`m0krC0HOIjommDUbMcbc0&swO-7=eucr1`q^{CG$F==3=P19mUFYgy{}$)E zTvtCQqqp@MwDx+KzidPiV;HnBHt`?Fjhzm-lDEY!9&_m`PDb zo(!GVRDPMkRYy7gvN0=!!8pc>{Dut}4MrZ3OJZnesLFFa<^yeE(522le!cKe8F&!q z7(zxSkNPSk#)$SpFTrEp!)XEJh!P#>iI!D2C^knTAlH+_<%ax(A6+^PyVhZLHt*;} z8jzA3?|teu&}-oSY5*Gn zudY1TD|qgG8VicZ@2_l!#Q8t_lYedS|91xuF=i07GZ?v@2tvGJZ5una}6*BNf zPHQR`eO*aKN3TorSMe<#3BJ;Q5rUf2(R;k0t4NU-gV)pFRQ223WyRWV`By}8M_|&j zbceG+B<6FBK$I5qfZjZhxnOfpl;vD)W8-{P&#uj>wPEn9PmE+$2W@>0qdxQpH|d;B zdczTn*v?1V0Q0#VO3r4?eSchc7!vectfB!n!hACRz{YPC_#UR$z(dpk2IhF+a-uL; zIKA>#V;@0bz0tligR=r+6kf|uOU}9J!)y6s{-x^T=eTU{3%v$<4QxpR?1IiYc-t7a z=_YeMMtEZQZ2XZtn}00?{W-p#7MJ&W?8fHM(6%=bG-G1Nw5@L%2p^m?w!mG%P+{o;T{u#YU6gWNP`-^m z@bo<%ypRDYdHj_93y};0(C-g%`6K%<(i9|MsEG+$gRM zW?(LLYRna|@LA5b0<)iI^rekF%E%N(=cqRlhMO<%3nEHjX6`y)o&!(FfjkxLnpe4d zriOPaQ1s)YZ!>*s8$^+evxjN!%n8=0EFSs&R0?n%sMPcd)(VMTRpHOA%q*q$<&IVD=n3G=Wn z>iito9<4S^(D(Dz=el_{Ge6rp+>?6b3K@vyJe|GNy?*cQd{2h2WRrE_)A7&j!9iKs z7kUjmat&PGe53FhtZ+^Wujd=vgMm;S%hKQY;BOE9>6ia#8Q6nw-;2SSI6y~QsEx9n zeAy`Dn%8dnO$HwPBrxibdanD?FV!F7;nWe9w+^9r;*eJaKPY zLolzk*FmkgdwfNx^XpM{LZVBn8B@7*?^a-Kp4=u_`~3OrOcBuM5)_W+^(2Hof$ z9@Dgt=|93~IF!MZbf^PLNYu}zl5 zPZO5rx@OwP^5#6zTbZnB&J@P!wh!@}X?4}E!+RILyloloT#Nw9qAq9jmWQQg6C1-%Yb3 zc{~5ey`3#?xu5g*MXtxjC&p$T61<*$^4LW0MBQW&F zW>@WSJRTRndMoL=6Nrn|L^odSXc~!|3I<~)&*lErn$Sw0_Zqlc4G>dMxb;-^HObQyR$7?3m=cU|AnFKE(6IcSoH4vc5DA0HhXdfF&YCO+rSFU|*7 zSC=w)9d(c&4z6cc`h8cwqa)G5I3>B|u|}D(bKNip8Kn4t(&g0bwOF*&kn&j9@EY^O zTNl5Pu`7jc+F(LwZSA4Uyq&r8Vxka0GBzXUE>jczL=WO_q_Mh;nUJfyf5Jp5`qaxD zCp^Q!^U2S2gZ;U|$N3M;I;k}Lnz7O`1TFI5DdiazTvUsBM0*%1J$7@N`_Us{xXv>- zIi63uuaCh?;Hc)z;bdH|w)xQ{yM6>;v^ZV`lbRgMi#PE)2A}xiJixnmI-L$qPoL;> zI^g#R1NT&$PtxChDH#CiF0MhLGi2kF^PiWU2c56LNf%t_XrBu|xNKfYy=u04+QQqI zI&fnQp3kQS>&9l}aHDh30xTu*YR7)g^6hx|-SWP`B9iB6{Jp0B4Pabb>TP};d^ER0 zSN$tIRv}#%)w*;f`h`3r-9O>YOnxb+8DiG%BXO-|tlE<4x2=($$luYwyA9zxlt(MS zhuI`xJp7}1!nMo#2aa5hD2I-PtRV$dL(`pBJstgIa3K%4$G-V>+xe%fwY}Nc$9BHc zY1&EL$LM3N(SF?t*EjYW=rvH)0M2`-3c0~=9Q(@M=ne8dEoxwG4`=gQwphyv1wXde zgI8Ldd_VZpKe`(HC;!F2HTXY2{T~;p_BFi*dJWvE2Dl)OwV{o!j5|-nWIq}{m-o+S zqUDQ?v?$>cO{y-It!j<0Bu*+pE58vA+UBuU(6G8#`L02C-(5m$`=)#7^kQt`lQJKS zE0f95U^03$cy`&niC{iY8f7h}RnW1;bQY^O?^D98c#_3NRymG(*%$0CTeLw3KCDfr z7kSXmVPGQ+ywqRmkJp<+W(;%7(pyh|G`PN=nIQ}s==MlP>*;K&I)&*`9UQb>SX^Hz zK5R~}&U45D8C1RI)W79MC(AY&{s^t1aj$9U-N+Mh}^2Yq) z;bd?{ou3oLMkZm<^qhn01EQSf;(Tyi)_IMuFw)XBm&fHwxa~aTgw!cFDh%oNAW=qU z(o7GqW_q}T!P&y}pbU)WFrN!x(EgRnl9vO-^-TsL&=o2c!(knPJj#F*c|& z49=l^HxeVC88a*1slWtW;;~voebhwmu#4Zz+82A&YwUNkMSl+4P2+g@Oy11z$m~6} z*J;W3m*B0Nzy0yjOo_R|C(h%P`)^CL!Mu>EGIzk=CTlv6nz`72?NnZGBV8+(8=RN% z-X`<@W!ff193gNvVIA;%{IS*oztud6&??)c)ZZz#j_`(|4qJa8Yup*k&+wYXYe9^u_H(T{|CEys@~UdwN^5z{xiC20Q9z}Wm3 zpZ76KN=5dCUIUL%1IMGcbp>IQt>2sU)rGg;T>FC7%dtRNS5@x81MK$FE~< zw8d!Vm%-cso%cPYau^3(XIheVE}jpGbLYi%UX=I1JM)S0#V9%&&jy$BKKEF#GMSpswyJdO!lb`aBPwR(a?Wd^hEI$X4ZXUR?$^%KG_- zr>Vagfgzd1sTUs7cslcYG?l@bdfQ}B{EtmRXu?0PFF&7~Stdb9+KJ>IHxfp3I(x0~R38ndW<&V)9!v93SjX7>%fi_F&}ZO78M9uF z!_>fy-gNoOZc%W`eKz{Jehp`Z*K@P2^x5&-gR`se4^x~ib5#kcfm^u8T28Okn%A;^ zBxc$IqffmCdJQ}r4LluvC`0h?DgyZ;vQoA7!HITiC-GpanwH&mSD|lnlrK1wEKZMa z7Q`6XxUFJwi-CgB0+g?{$UpRCuT>k9xentd5t9mrjP|s$L8}o31`}^cy5%_WQmt=9 zvQU|i*;YepNE^rtPCRkRudc52YUhWVlizB=bKBoEmmfSfholVV6Z|80-C&E6CS;2| zsjerGrmv?l~&iTm)0a@7C4t!0U9wu0g^Nk|0AL%|pAvG|HonM?ukGw6R zAU!hba~?T8=AoTsWp~cCYZ=f8ivlhCWOE1p+VoN)*{}eOu9VY%u0=7Mf93OJS^qBF ztF-0x7vZCI@qEkY!eYNv6LW!@=ukod3Y=B89;i++k=AskzS3 z4i9;_3giGbFMpuH8?SL;URA{Qp+XG)-*H#W(k;8wAkIcEG8jQ`#kqO*f zry^Vubr_sU7^25IM@I(d*Z3x0s7v&mv;6ql4C0)BYO^mPv?3L9B$=`Sj@LPU&3K*D zp0sqDrFQBZx8UinlpCbI#&LnuN}@^L#5?e9^$Azt^P2j1cYpEM;vf@v^8QC!FxqRf zGPqV#-%WfSm_KO;uG;z?FKY8-henWU5>2J^Y??GHQ z)45Fdf{#wm<|?oJLX?xOk%POb^oJ534BpJ#v7(KOs{D&kp{K=``%#mhKg}Gc@g)4_ zlaa#g>CMO9+qqd=`>4g(d?xSnWow6h@Y2(`9~$`g|Hc1!@ZbEy|LlG+d*@u@^{fZh z3Pngrq3fF;?wq5$Vqk*NDH5@kFK@o>FaDvBKJPWqYhW!6JQ;mp3$!bR*U3|ULz)&x z={Een-*D%$?xc*7082zH)+$8O&3vVLj|chq-j-~d54Y`^;3EbnxcGw~>R9}eFs|mC z2!`isU|7z-TUG*&oWGzIc-rzb)2k3M@7vm|(CtUDQC%3IgHL*Z8v{AIK@Xwt+<4uN z*)bd+oeW;Qcx&+VsXSk=uLi^Khl8_o;+J;KJ=)M)7Yz6hCp{hiME623E5_!-;ZEA* zI#8s%9Ch2vW84zG?csJzxsjQgFf>!X?fH<;ck6F+U0AptXwJ_S581F5`ty2k2fp5) zy4$39pcHt>^D+i!k0~vh7@L(iC#eT6h83eT5_yZTb`2!?2{6l}x@Q)0N{OKA?s?rQRk&8AS+oD&6v#xvi z5+CrrVBpM1i?=5uZ3HyXMnHpec{3{vnEIqdIX_M<`zdwPj+`R^# zj(%nvg?e4y827ZQD&`!9g*wBitWXcq8F z4&n#@`3whf1-p)HxbOYLF#L}KA zmbUJ8`qXQn*TC*IFjE+zGYe72gY6G=?{!o-wshM{cF);2ujqyaU(L z9?z?$z>|AYW3+`9btpw9R!=3?kYQ?fJJoaI~zYg++b_K#!Xt<(uGeR*Y{ zuo-w&vd(}HmFcJ<$NTP}ZFxr>Ko`swPsjW(uk z&BjspMP^Y3FA8w7?-yVR%7S`RTTZLFJvd0Mr+TITXz)z2cP|w>hFI;3FbVqpmzK#F=h?cFaxX>lv1Cs8 zyx`pHQ?G@#IWW}*Td!wlitYTNy;ZarhOez>U%!q9Sf`!OKG#`!_+bRsk+1L5Yv8ao zK$xyCjK#4wB6hFmY2o!;TihMCAh+VKH#px)T|IEGfrq1k>CL&~3Y`vS%D0i&<@n9) zOD#{^W8D(jEgbbmJ2nHAKrq<&xcl4+V@AFyn10?B(N&uWj^EMioZngh zv;P9AfO6&%~+0$#^vrHsOJ%lCNgUR{P@F3x(3SHpBDv^l~u8K&HRhd@7vN!SU$W z;F4&CJ_G}#d7j!sA14w#dMEYj7+deL*>~uo3Cq#wsqJCm4l}k-j_Mq4 z^LSH=MgKGzaEi70!g;J&$AJ>%;=zS^*>g_O5Fa1{3A4@H(^$s5pOtBW z8F)QjKXaWvevPoX&pEBaI6_#gsm3rk2XEw22Bn9jaQeU!qZ#Aw@sS?hi1thmgNz@2 z&8*;z7#^v>PkHGpCSsvtG(<=KtSwZRx0~L8gGTPv=0I-zX0fB=VJv#kyRhmQ+`4qs zlGAg3T<0}_bSR#=E|)B&mO>tJG8g*IP={8|F%(}Wvx8-uv{(Z`l8n`Z!zF)6_UIX_}14EftjaLx|V2 z*i@)1HTUo8@!;CJ)(l}tI8dQ6_H->cm$AL+=nsc%`qhqw#qDj=Gi?s%n+Tp4-iNov zkl@h|3#Uj`elWOh#(!yO3IeyxN5k}t*$n~CYtAQLpc944pl&MTGWkRXv7_;kZLDei zFe2E;4GB7MP8NnH>B5`Pkp415T!~M5%il5xJpxan&rAj@D;IUZ(4RyO@297y=E;3| zbvd}cx-Ps&-Jp3Ri&@Y#y=7RNUDLLWyA&uAT#6TWifeI~;_mJeyg(_zi@Up9ad&sO zA|bfDd|c1{e#zf#=Z~y8*P5Ai%zkjNINrjZn|ZN&@jsS!Y^LvWv;(3Va&_YwAK#)Tw`mZvuRO!E{8&wWEE4HoLXzc+Vn6K|QJ}a`44=J9$ zo&iQyh7g9u?dE&nP$_KfohfK-Bs}R7$MOhdv zw`3$bx3w$gzDab%Ww*3p{0yw3{A~8!I{BI7=Ev4D5kz1Kn(Zb;zZLF9U41HgQ-n5u zE(-C_2*8J>uzg<{2=xk$*xl-8bH`c@2`~T!VZKf&6p+vE@;g-n3olAvJ!U zS-4;4oaJ5!WOnaqY-H-&T0C#M9T#uUwB$*CdVPFq+VFkA`^bA=)sH(qTw2oces#9~ zU(hZ>5tU`31r$8*h40^HXl8p>?qvD@7p1-nP=m&3Oj;ZFC7A-&sr+6-Z;2+=er1w{ z2BlMY(wQV=uBJ;q5Q9VW5ajweVD4Y$Cw=>g{s@YP#l32D0|jB+?$c)$lL_ZN^O|F? zkvu1?ttK0@BaYQvX%2e=CFf054hB%3;sW}im!wiSJNCZ;dp2Hij6J!qpOPVx(=HP_ zB2oVc<5&!${Bs#b8}|POcd>palI$VK*tQ1u9mMvV6>oxq2}=4>)gDNSufM3JL|Bo= z=&W~sAQCR065Cy%?>l?)7d``t*e|COYa|nU-i?Md4Ur!UJ!_;>b4jE0;F)~0uYxt~5 z*EL3OV#3MJpb6Vyl9OMD&7J%{fEQtUA>6GuBk`Hl7vYGWhY7o8#9@`SHxpq#C7ZqW zY;Z^7nU}OF+Z=rc^sDJOWyl!3kvkYo?aVq18+9S(r+`BgNsDX*6=IJ?8jfPXD9s==tC3jAffjA0VzuZ ze!d}wf%PsIhlKsOTujcANHYR!;0dL%oj=>7Hm0J`3j9+@&xjbaDgiQOu@K;-h7qat zAqBjt?uWXovHgoUA5g?D-L#J z_*-&q>NGc=wBF`Dfs%Lkwxh^2UlhK*zdUmYcLT@(+SHYQ)P_;57fZvKWpI~gkp03G z4pYf|GQrAovnTPW8=t-KEtm~cb$gvW<|OMd=2Ele9UohE?ryz5wC*mi@I+c`AK^D@;1VF#Ey%1B%dLk6J*Kbx05CAe`=6Zga`DhUu z(t9dBRFZE|#HZl!A>S;jXZM|ykKfK_!S8q*rdkSR&k>wQ=J)09-gjq&w`Fe~%ld5% zA}XzG)hjhF4NjTawK#0(8teNBB>B_!-CrjD!64hTeTp$h^W`JUMtD%*TQU$Yh}fL| z$3(a}-8xOA6aMne6paV?!RkOLywUhCmv*x?;uRniAbZW@;r1*qb=+u0NMbsWMV+Xm z8za-a99ogMpt>$<(E$6xouDf67#Xp42gVX{u(}zW*6}V_*umgI&$NNijh*ucSFNwj zq>9WaB9CM-&|ZTv2}N=I@-ux#z3ZAPDBCj`osLYy4tvW}o2;7O0Pje5z$-a>(h&<| zhi%*Vks}lX7%dVEz4C%~!|l=MP|-yG-R5a$9J|fx(v16&F@+ihcMClm&MYf5E_}R% zBhIApKLdZZGw}g-g{}vmhh9`@%tquf5mN$`DL{kT6yyR2ysk53UyXRPhIQ|?a}AO1 z*%vI5ekwVyZ(s2p4C-aO&TE91rq1>I`nC;GdZr@5#*5LzZOktXt%H;MA}|5|SSt^; z;S?B-FQygDZaA#lMh2LYkwRxOCt?4#myXy-laVtbFd4s%p@Nz9Gn5`!u>QPuL^=Oj zf_F(#kB*aoQN6idx2f>QH}rxPj59VL*VPSK3gvNCETz=mbQ0M&2?S9+OvGURnlRcY zts$s5CnT^Iy$9aJ zfhGbpzJkbp88v_2?RxKv>=AyS>GB^l5PZnB3A})w>q+k!In2zg{k2ngT+h)<{f{Oe z)%}g)%Yfaev_bC`0d*>tj0dIwz3ZkmY9IE#U%{{R$l6p)1X+;VMUZH8>-TwGU*iS} zW{1ghRBvv>O<-y3nX<@sgi>_6ONY>^)Ulz2_n0l}fCnEt2e z@{rUOd4gYwcsPMv+|0Ajh+Tlp z+F{W&UpyZI+jOhOp25$;SH#PcSM|6oD1ME|15L(ff7{vMoeBIfbWPk@BE#?oWUj1O zVS)sNJZumLA(NjS!ltS2*v8lg9R;$vqy}DK@%ngKvxu7kV_NP0&J*MV-Vku+Zf*0I z3kJuh&n`a&%J+V+I^0uDH6WSRXKJCGOUl0ubPmpn2CyM4T;pbXmn}-4`d`01S^x1% zsT_U*jz@U)37j0xIdE=&ke3f}ugTUddDKbq7V~%3Xr>#hBLAPP#1;x%a{YL2-vuQW zx^pYPjNY{+X!qDqJai~5Xou%HwBgwKNE=|Wu6?eI5a{7Z7tPCv@}r6SUj19C`$ zz&NUq?ap`Y??s!5v6T=c6$SuMI;OYY;=DAO>U+F>wRIelN0ky5!dU1p4=>f`Bqq?m zy}ol`(65AtjFK8 z^P>ykw9m?4l7|&;X$%kku&mC{D1PB(0khig^KY_p8f)v%cbb;oTk|8Zg9~*$Of|ib zdG3|wW27Uy(7A9w{|hx>W#!4t9!x|CuKif8%ZCHtxYSPRjWhwyFk143oSh}wIEVxD z6B3pvWky)|{5J2%r>pRa=xO)Q_F*{>qsObG(3pi6?aarZA&Km#?vQbzt`hh`@1bHpt?hT$ z8|>)Z0AE})Pc0ejeH2gP*V_903bZcRzUyxQT|MP*{`jKb5H6=8XjdDo(d6LQjlHO+ zQ`XPqaQhhgkTq~5@nZ=e#S#WwF1*i_W^~qm$X%8Kw<>Cpesn6Qp=GDugKY=YkLQdo zVgjDKZfut85lrINq&()}g}qjC4k|CJ_j=xmGI2jByirH5rH<@$eRV-qC_IPtv5PkIRjTQNsFF7cl6KmQPgp4=|RKh~^i@v0nlhFiUN{>luH^ z28Y*DLgRRqjE?ciH^5hSOY&_Wd2dt3D4lggiq%?0Ee3)T{eRHdvd)6oe0@H#{u3++MQwITIQvL*=i#cIBqAFISO6Mx;Tv<5ZP z5UP;XwW#IF3$nOtPnso0BsXi4G`qisbxR{XX=B>lt&z&$q3)FUVhQ+Vx66R+w0UF* z6wEpH{w8~@RuvL4*IGeLS&dBQ*F~2 zsD5HLH`e!rDUkc;#0-P1=zy|o_!wc6v^#oERuwegJEIHjYLzwcf2Xs61bU4kH77Yl z+mS0HdUH;2uTabZSV?$BhCwB06LM{gCORegQKZg68N&^R;9TDv{|heOm(DM4a&^Pk z+gh~Urm%uCz5c*zA+R)39Ei(0thwX|cC;F zoi7~S&^R9_uycmjb*p=)Ydfh;?-12Tp{&Tr;yI_s`S4TA*|W=ru{zAPuQkQxg`s(K z?7#^=3BK(|cdTzJg$QPDa>2Nv>q0T9*q^;O$-8+%0J9M8 z#)3};2IrNx=Rg5$#hgRTs%~lhFO8vC+NVJwD-pFHYC#n?PqsS~c?!0r(&UkrlOeYG ze?joT3oV*IKXzdWcW@Pn2F1YQa!Hg)4P)YlGj)zbRyW&om}^~FYCj#!xIEXPTZfez zzK$tLosa&xm%pb^_91`py-XZwsc>Dvc}vlC-ajs>bQ7EV~gwl4cf=4eMs0%1v|C>VaT8(NnON*UyXWt zcZPbTIUPmRJ3Sq3wSxX?+LggHr_^R~KNCNW8!-hO|He}|YA|wsuz;=^gr6@>ppgXF za)BL@*fC{w%b4(AQ*hYVG>eY$EMrj)0Vk>~LM7kw5PjAg{{E>(M%chm{0ATCO$ETq zTQ!Ew>YXJeSgo*6Y*?m1Z6a@)iVDkdF(@qMGPojd#_snSH0uyB8Z$U`Yjqkb0KHDc zU?my7bEZ>Uo?ne373l#A*i&m%Yl?}M@uE(@Z@7vBWsRv$mxGOYIYWG`kt$4FSqzdB z-w1xhIfm7$`0+-o-x|5YZp=IkgOU&9T#Z4w241lMVp{1TO(DW|>fO_pUU;T68_ag^ zeOW<=D>uIoQ%V+73$d&maWb^G9du+gA{bT2&9;BxZ?wP1hzA!KFwn|Zm6iLH6uVfR zR{9XJ_GJWM6RTLA}#Artg`*o(Nor#%k~d(kuRL96oAmJ!=Ix#s{qrr^p+) zJ!_!=uQCDjr6_DleKL(-qV_o(ezeVV%19&n8k=^+AKK}`+a{(70DViyf(bIri8 zJPmF(69?z(SkW!l>Mb)4HGlggc)S%23!sW>U}M`HujQM(eHl0V?Qs<=c$6ZyfxJp` zgQ_3qPpmcDvgD~^HAK?!0dKY=uBxi$-1IT(%^n<_yLvnCyp9e{c)VM4MAWL6(_e}{ z1-57D1FCZ7{u6TW?as}cy1poAU$^c*jpW|z(_|g2ywsD#C3@@%Y+!}9N%^|u zA!bT?6|`1l9N)HPY!&ZjL&mc(KZN~z3o&INt?P(hw9w|=eC$sArvLIwDRknG;Vf~w zUP1j29Zh@IIn6EUq-Xwpmd%HRdAeIKPJZb3kF_R*ZyFgA4*%AdfuFwK%ij=MEr@(w z|B)&pyqB`D5aTm)Y_qlCSqFXnB0S-$k9q{zT0zK8!(s(Spd zUeGOfXOPU6=K40H^VUze%?NR?Jf1Qn6({azJ+8BTbf8~G{99Vh!m*y=?dr4JIPA*U zm|Xfd5F0Yd1sL4#7heQ!ToTcM6=1dbR=jouD}Htg>T$mtZqIZkO&;Wh5X-* z>9&wHRJfQ>E9?jQIou>O*31w>YTM=b^9BL@%xUXm@G+Po0&9<&NV}Uo9O#sbx`6pD zXEh(VPH1#_j)#kf?JnNi+6t}oRlc_dTdKa@UgL!zEjvnhRu>B2hacE!(@g51fZo5{ z=pJLMfehwOX3s$2=8{V@ATa*ko_Q%jl-Zf#e?;12k=h4Ecdi5CdP=b@xEh&J;R`V7 zl)$K>0!Rf7l=I;YHKfm|4_XNnv|-nHGwdsy>!u35Ip;I&;D7J&y)n&ddt`Oeu#OP9 zJZf|QNUD_CZbT}*V|6+F%)OW&DhWzw>?JY6CFl59EXz1%~v0yp@Z4 ze~r0??v9FNqp6a+|9R&TKEoqGu4L?n>QTZ&z{pE#L%9<~ycAMG72_P?kqp~%LCUg< z?s;<+63b(gdphF!Aj`TsYVH#?e1J^4`{66^aLC&O_9J1udzYXXajZ;xu0mX}41gC0 zMGtxsa-XVN^d$q*UEgpTyX(^RdOpB0{ONl7HaHnt*IS&}3{&r_sPN4~7g2r~<+FlM zA;qz@(OM&08C^5pGJkPDbY~M6{=KF34dB39f3!xsn4A|~ge@2)v{kBC{ z(Z74)(d0{9xitA1rRx9W86U6XY@nXtXfv7Op4G5!dxb5_eM7C4qmu(+V&?~miE62P z?lSzh>ys*e{(x55xhB_Z@R7r97r-5j!a8n3yY9OIXNC5Dn4z)6>Zhm=%P`xkC4_3T zn(>ZP?g8KTr{c?2#!XZCiQ!;p$#)e?J_Nq&CnnxM(qLCXRxiF+IAxy6Vdan@UNoS{ zEPjRsa3b0|@(&SAezd^hht>6d;Dq!3ewDw&i$X447`r-laL}8AS5M;ZAdRKe(JaIH zd_@)Ox}rJUpcNlkF4LrhgQm z#3*v3bD`Jx&=A3Npi-8D0iOO2$Y<|&Oj+Us11YhSRemN|^T&;-R5I1&;gwE|82Hyc(&s(>F#Y0Q81vE?GIyuU6%H=HdPQ&1%>gj7K-UAq}S=* z9>lmSa@Df$vJ6W_wB$j`M|SCQAih$K9L=(0bKYegc??wh>i2E{J3;vCIh2ea*w_Sw|?mP3)HKR5ik$BcZrwfbKJFl?-gJ>&jvOkn3|{kST>wiBcI^|DND z`Rq~|buwl`cNVPYh5tm1w5yRiCf?%kGc23+CC)T9%FLJ(1y-el$><~9&&zTlmL_eV zf39>T=B2_+%YfP0*JaZjy&?d|^o-_!!6j-#U1_Y8N9&`}L$O60#u-hcp;-s)u|%gt z0!c#$Y(lBT^zDQ0SZ!(uYHuiB?&^TudaGoQg_3IltCpThIBb8f3GIbkTC`yeD!)U) zLw@G-*rkP?Zv0btm$9o>x=7tQTE4LT63mRaC1(V^L&~3dn?o@IKl>;vcPZy(=V9?p zWim%BUyvA$m4AEDJOWu?bNeWNl$xHvR(%FN+!fu`v%$LX-pC5uE)r&y9JXY?(}fm210)>OeS4MEIBX_oj8499PPsJ=41_ z;+RP4Fg(etZ|7q@t1YtyIA?skeg3QILJ*M3FD=fVKWEZ?nUZkct~P&eX?^rKo<9%o zSpiL0>f(1wFMr&be{A(EgI)6j;OmfEByEpf08fcV=~Mp4SVN=*Pw>M(Zz2J9;nf2X ztu^*lFYbCHiuS=fZY({iTehZVU4;s2TZ^+j(}{qTW=Z zpIQ%gTl*Nhpi$AxSI0RbTeN<*mE6bdcH<1ifq}|e;T(kghJ)BWQN26PCjxL;K3n{x zt85Qxw9OAupWTfWhc13ycGQR?5OmbD5Af1}*CWFPLeVILj7d9EDwVTRW8J4t9=9J3 zBS4e1i;h5dh|gD2|G)M#msCShPhwN%!FV?^1dbzYnzU0YyF(9*dj%nAO9(&QFkWLn z-fhxb1U;a84`W#v|qfXdLf%zlxdV;VyCnAL1Oc9$EmhV zQ|#p-0eo)Am+I58=efX5z8MJT;t7Zm@@6G0A?w`fNJ(VOHP~l*?ID!@YS8tmx$DeM zEWpz*yp`-#d+@;UJX#{A<-cs|KLq|~w`y=g?{R94gyGSB#W(fsGL%+)1n_3P_rlJ} z&WB*v0Jifxc;Pyxai`zW+-iApVE-=TWAvjHffem@Q&w8Z+K;c{J*a!P1G1Z%RGqUs zed`iV)H9d}Na8pM^{h>QvQk4YnFn7WhnB0KcWpUr_Ag8aFf1@k$Z2k%>X~`4(|5Gp zExs_(*i56W$AzmN4XJGX;psu}-##{&o0lX5Mf71I45&+Q9g;cSlongTF81mh;i&-X zzZ3Ay%zekRzyrJ5|CQ(%V)3A=8#m=@aF#yDB4k&rE!Fvg=6>-*IzM&7vWCzxI z>l17wR0WSRU*&S^`zd`Z@U7@xI*{1~R*N&a{WvGO(zsO%=LeaR3OH32dP7VnTJU$* z2kFxl2OA?U#mTn+tsDD$w^ZKa9VMgd-_EbX^gM?KhtuWvL{yc(t_6j2y4aEbYQBaX z!e&xY0aVV~nmHUDUsc)tT)x|!c|-mi34^u@40k!Z75I|?WiUm1nBNh)?rXvBHj#6b+5^7_?M3o5y>5@=+2teE{ngYL^vJ4{+&H zz^3=VdC)u@J+%|CR+}Gyv?9zQhUN-W?>>R>Q=~H zg@yor#NoDhyVa0MGx=3+s)i%hPh{v>^zmoj7B4W>M47H61ulnS%2*eQl!%P{9!P}8xIazEH6-pIPxgn)oGOzS^tYi4i8@x&(Kw=fV)nEQ8!5aw zL@GlNEs)PoM?bj=|5E)IR<4@7G)x__iDG49h2)8W5z6hKZM?1@4_BZ4n6wamtpeLGigu?{``9eJ&*`+BrR=pP1qTvl zo?(o6ZXE5T-NL&Bt1=Xaaoit)#Z{Z6PT@(S>ZZ?w^|iLJdtNX{he2r@Ol-& z!=y8H?q9*b<_8xB}Jiwb`6=%1)jhu&2BbP(25E=s@6R7E4i*WlF zuVPGQ+J|kCCb(WH^q{GF(&Q55Yx6!#h|xXAzq0`yy>kaSPv47_cFKLQ%b&K#`z$_? z;TFuUh};NSYIK!DXMHH+=Fjes_jk*4ekf}C-yWxDWB1J9VG>U`NkwJRJva;rc_fvHJuK1<*MQ(UrTNJgmete2O z4~~y)f-}N|+TI|mfkEEO3(FHJO9$s5myw1MM{|sFivQtG($9$L*rBE{n=xO+5#LI09zEJL@!qGxZ` zT2aQuf*A9JH6_ehivv3@?D0N-1uc>$1NnSgz}o#BA4CG`DWb?UI55ahhW6XdCZpuS zq^+yt*dp4GxB2k!J`UIVPPvAE;-NY$G)`CKo^%qwPl%Vh02OcJE9KcsGZ5O;pv8W) zA|+FHc%!c1HbULiY~XDAB|XtOu%&*#T(4cx#`#73y%tAobxZqaaaTp5cZ~Dmjel&Q zp_TSb^rVTXt-spI^*mJ>q^ z2-e>@?GpHF>I!B~v@tru+bkCDQ)igzO59K5ch|GpD=|m2E^T@XOCsK<>4rkj8BhBU zS_hD+fj&@63!O{xqq*dGm|HETi{*D2^E34v7HYn8bfGI`UR~V1LM7Vma|yov1Ts_> z4JaGo#+U8u3cR!|TaeqxX$So8_u~tFoLeKpZV} z@zIzHEnj{r7#r~-9k;zs7#zID4YW69QluA;og9WkT}HCLh{PYZ4I-N@&^}9(mp#`1 zXSVnK98t9Uhi7|C+7`?~y~{(AV^vUkSEccQWPQGZpL}|JdS(S{ zJl>_UgBjEn+p{=_4R<@pJ8FC@rjuTEjsiFm3FIzSYiQmvo&;GUIaC#6{dj|W{k7H} z_St>u?pkz#oXPrYN>->lJO6O9pXM{xUK8F+t<|`8`tIX)efN#gyCt!^@y)+`aUJF7 zk0yls{cfv4DBHx`ufij{B@g+V3#x*7WrFPt!y>zVHB4>-5+D2Hg#;X*3@BqA+V!rQ z^M_X?ygR@k;#hU8tI$Ye0A6oNxYe>D2xBGWAp;PpUOqsIU9N@ujZT36kvWqg1z@VW zyRNTf19j}+W*EJ=%nsadxGkWAPpovnG>v4{fgged*WLN#u}lc4p84)y8L$-NOj~zb zcUuK+>7wVx@sk3|!Rx!KSb_ET*bW990)EHkU#o5xs2(Xz&b{wk0facr;Cl7OfU$w6Glu3{DR4Zk@@!n zZjI(<{mGAzgoDdKu321|haQh)Ah!Y95P4VLdax>uauFQD!2l@C7$O7Bm9x3KO0(~f zqUwBPnxd8#;cTM(bEsIN*%PwD8)F-Ru9^0LyYahx>N<2hySur@P3g}a8^1lhX0dtq25Yl`$4mJ}=q~J5P`6S>EHHW0qP#wa& zq7Ccqs8-v&!0YWK^yH)NVzh43Y_#QFXWP_`8X?Al39;_%h9th;X3ieX@P3piJpLh4 zCPK!?7iAWzGD{j(x-6up2VwjBG5bN8HHy-3iV@WW>L*ZjV@x%K%O#QO`%}0P3X8x|H}x3W z8&Z$+PqH+;WwpTrNeaggYrklb3wUBu#$#BbL%6vS(5-CDm^zYmu+#4Ys_(@~OUh6) z@^H^V8F?%$69=^~jnQAp-1Ft&aZXlLvBnXGHAG&Kvt~IE$1Z=v;ehs>pg;W?8Xd+S z=Yq5)9m|REcLmW`qYG89Kk@-mxs2*tS66isgSu@Ak_yn5Iavw&P|~73tdFhaMw6Lo z$COA%V1Qe*izo{ZzD1x?mm20YGM~IEJ3smK6dCfQQXGcXQc|ye1^ri-RF)rJo2a@7 z$Z={AjgBl7jzX~c5mreBwDBL|-{eNNqPl*a%1NhFUs?Qcp&u`592p{K>^Z&6w`SLB{5o5k+;tw{v7qW9>*=dP|&( zn-ifR-2U75i5L-eL<>Fbu3vV%ae-iK^5R-Abs-}$;ZK-oL+@Z~4i*^T{*j9=)2|>$re!6uAz8JbVD5yB7=;Gl|VZe+;`qTahxGj~; zHuGWm1XOwdM+&M{hLCFaGH5V{y{P%SC6J^_Rrm!lD@i}`%5(I&Sv#1dxFS-VQ=o9R(jZW96& z^Vf7_?jfTESyU|q-S-R4@Z*d%5pk7{3Z4 z0B=t2YT{OKdoiYxh%dhPD%(`cq&+sO_-ON?)rS3fh6K$57WJJj`ZjQ5Cy`4)4|`#B z0a3qN21SeFpwH;j4`D=?Gpj8^0%*H>=QSP&o;u&S4MJCxez%_u{&$90=QLZBBb->` zVEA7XXxTQhDr$%0UJ|u8Pi@lFCJg=egEGRLtpPWq)cThY$_wFebo$?@UK%03QC1*k zZuuO??7?AeG``JQM{VWiKK=05?Pj;L6VB-+u4!yTxPZw*2g>C(8^@lXAk{}C@xeVY z%F}B{QIaJ5_Q@aqI?!-1;YO*Dr$ap`V+%fEXe!$s>yeQzer^cy1zH?J8AX*k94YBtiE4C(!&y<=HZhfq(fP(>vX9r3*12ui+B>nm%!kg4eq)XPh1H*Vj!;5u z!sga)oaD)^FylfIRuOi!-q=DhIKCk%#qm;RO9j(Bnun`~g1hUd0-Ud*{+QnxY9*F1cN~4@TTOL`V5!Ikx&YcO-^t zkynCL%5EE3rI|nXlrt@1t+ZO47m_VHl1DQL(BfbX+H8y$+k<)>vJd$P* zP1Q~{yZ&$bg53RiV+~o_$cot|nXG%c139SwEtn##p9U|uxAV*iflT;Z6yVPrF;;@iu69JUP6FJ8=3Uq=_DJpvSfI-Ks>uxT_U)oI@-*smoaXUKu>)3>7Kb z31>yGE3jQhnJydr7`&8vlbV(lWojdEU88h)aZSV&Dt?fdb@?Kl{3$6(@869iM&q&! z3U}q~zjcD1B9;jL7wl$;1O~JvqiY$Q-}7WZR+NJ_(K9HTP*8{4VVRtW$3dcNuU=B? zOUmaS;jr&Uz2a2sWD9|(35p~@lVvU5yA+{aw^>iF=`8I~wt1az)hFB+$s#<9??(HF zgPr99v@LUiA72p>SPGy>i{U_^*m~idNWc=5=eJ3_4Lh4n&`lJeGMh2?!zi)9H4j%s z-zw!P*n*G=ZFL8hKMe3Di|}lm8ddxbot;W)_%`0s%CUH~M7DUnKu<@))JiZM+G*VK zGdoCbBeM2vP9E^C{m4#3Ih*{ANb>CA<30mCnJoLfs28-zie`Z$N;Xa2EtQPC^TlZA z8u^YMmhK7a7ya1mmEGFVAOHpR*C%-j;jy_a1u~;DeR7AZ!guN#ywHV;M5^GZ4Xc%* zCfWy+m)@i~sg~-~JjHDk zRXU}570NMI`w4-;V0Ky6q$7LvVQ{Pq!76YH(R>tlwlZhVI$aEh^-jyOSHd<(SQKk+ zf4}31?CD~@`UV76QG?APLAHrN+W`!D9IQ0C`(&O7J}2qito}l?T=M|Lqx{YzUV)u0 zfvd(eD=t?>>9*u}Q*P$9vc?E(g%*;dS0#G+>2eO=g)y&PCdu+l7o^Q$4CVje2SsbM zcyld~2cE0W{53p5lN=qw=f^)fB=SQoq!{%G_B{-fjM?7azOEELDb%Sl*JqY3VT$G1 z!sg86yumjxJn4Wfzf(i#m(`6u3I+PRr{jhDV#hw7X4)1HYW}$c!ySHWE~LB7Rx7*B zYCmHaHtpLqZL6+_mVpEMd{4L^I>^1u{#0I^I2w+`N%S!If1wpH6Ikzb#=-2xZ{A=yF-zusysfR0p8td$5p%J49fhmdf z1vz%r$aBvRhtPSk&!-X>6Tt+cSy4oCbM*?oLadUwHbLMcc zYJkq08B98THH^fAmF24`6s4{5mZ*XPN{Zw9JPd2ABGaEzqP6N&TBM9P%#hOZmc=ev ze3?`eCWl z;)PLoLC@X#+AX;5ygpf<`xuCpqj(f+ibXqk)Ejc~)!pdIJ3=umrPVSy29n}2t9sJ^ z#c{ZP`l7ZpJ1+S^NRQ4N_i(v5`09#(WykE*$1V&cLlt}kS_%MmJ4>$l!XoW9&2Qrt z@?ZCVKf<)8_?sq!41Gx_7tb9!ym3Q=?&SD~m0P@UjTiqZ27w>D{8GWJGE+-qoggf& z3>|%eE&L2Y-|3@haw0rbA`FDqeYkm3r_jRxFUvk5v+2PJ_BB!#8YR0qS*b%! z<${*~l!i;g92lX@JYiB|`i?%pcv{e(a(+Yq(lpSKrj&$)@7R1z@{XF-=8l%9;F_4l zx}e%pg&7;sOWM~Aj~KKw>MW!OkIz=#&~F1ipyL8qsSeiTsZ(*7!=)Y_z@9t#D@YW6 z%YvasL<_|pc?CvEI6Mgtv|S&ZBW;qMt6lRGDvFW&6mPns&Yj#Fx05__k@@kE?B45- zIuFH*rnPEU!7U)?YQ8=HW^L-tqnx(^j9-Jqh-=~$r$fnzOGs-mQp;5$-S06?c=Tn< z9GZ3Y_-FX^E|fgJB-|M&rkE&EML(~f(b>4hs5D#;r%^^BnuMEww?A5nA5FzA&TT00 z+hSgokRt34PUVnHF^F7hpiAc`WG)8%6+A(G6o%KxbeCtS8z10}37?bM=k5iF-=-lK-n+n@|_rmm4y|Xz$b9q_z=XvWhWH z)FzG%+)vt-xrz0o4rXR)cae6fs1aJ41F$@e+Nmmt$Jt2_@fn56h`_f>bH3voayF=) zXhrQzTK>4-Ho25=6BSu2%y5gRUr>*2F!4&B`cs86AO>M$r%^({4Q~`e4)3&2^4HZ9{V|1?-(hKWvqjWb3#S;FL>~P+Q8Fx8@p?*ay`0SHuKEQrt`ltv|;u zG2SW3{aEGWHHJx|38Wp%d*h`qnK4L9jI%B~H!GSQ^=v6Chn|yimOn!4YqPmzgiGBD z-K-8G(5#l+@jqN7bBxzI5T;<{`S9GO%i)ikCfDY{gjsHHhq96W_rEZ>|1S(Wmn;-b zii6@gr;*C{?|6BBj*|W5a8WY@%CJndv}m1$rU_j=s5**TCD}q*G2@e#;mzo=+i?rC zt0q2+89Mk=Nje9de``@V_!^*rSLNTf4f?>)@`@vfUDs9y+?w+2oASZ>8LK4PzK`!~ zBnJqc!Pz1!_ZzJc4}^Jy*bJ5raIA%B*1+M}T|CE=SwaJZqvmP+9-rV*QfS!1L4l#* zkY$+9bW2Z$G~bV&W1Cb9vTV2S`hv;uylDOwFf%}Lry8LuPNd%}mK!s+`1V@owDFmc9zuI(Y|+WTmZ1j<9`q5ko zH~r5A=PMAmiU_yShMgNi)j`nrgVWT=29yG1EaHF=8E*XJZnk(FcTL(=#|yKcjLKag zez6^o@qL2AC$t+=VWx>IK5b~v4Mt9*wd90+APW=s^2@-1>y2P;(9d?xcd|OOTd~qO z3aj(=DwKMe@4KXT$xRQlc3+q`|5wjX*>*oVon0$@SoU$o8p7V7FX94p{lEuBC z?Z&-QbsB|jh!Ds%$jVi4{lHG%;xTFlJN;GMJyeS!a(3Gor%o-@GRSa$hQ7MX1Ea=I zz`(*|;mh=6IvjH}4p+d2Wsrg9u|%gZpgi5VLRgX6#kh_0hM@2}8J0Bzx1+VlYu2IY_+dPGgSayqiLkNKvW9>?;iFGZidjU2C zp7s;yY;2Di`J39kzNpUaYB*ZqtJ%KYdOx(}Bo_FG)Iye0uZz?)z***6%`ZCEFv9}z z9R!QxV^P$ub?jLdYER8^5wG#@4;jlw&ozP^2DCO#7F*4)370*#o0gbD@8g^c3rap@ zxeO2TsjWm2FHeL&J{t{PPayxD)b{rGuFPsI2xMq5SI$sO^0pTxw8xB@OdcDCyz&26 zy;mS?>b}LJ1X?q+7t7C1?@ofZUgj}-630DU?JH`coh=sT-{jMCw-^xa~%mnPL#FWT!)Y58hV{J zvg|kE=QI66bGH_Ts-VvmG_aoT`y!u0-l0A>xK;f*NRxRWF6Bv@w9bj1>J21%^E+U? zYTW*rC0ayOoBK7GzH#}Bl4ul^m8hH{OhLou>EYq{_;O^FWF;;~w}xG?<@v~5V1>Vr zq7?3TGyQa`1oM#KiBL$miz=o7(&jW}3h+Ux2TXSa$GQ>B1Hud=kCh_riG}(rZ^e)p z_Sp*gPhS(yQajI;4yhDPfzRc5BB@>4#BOmyGJRhRUN`$| zTz~GITCMbql@io)Ozg5ZCydc4w{k|`NhaUMqr`d!4J9)&2c($6d9+o`w_TpSAIMM> zWoZ?Y>Py!44(^UqP1r|Q&^|ofB}>ekuDxJN!y0pod^r}DOvO1^B88&jV&N$WB=zj^ zdmTy{K6Q@&I7hG7m061pSRU>7uj?^ZVCur)Wk!zS16q)E;XD&8BmVx!-mPqmZsaz7 zUas?374SI=4i*+>xFx{xZ(0e~?p@JCFN)mm|MhH68U}=}PTD-bN#0PR|GZ#J^Ho2Q z?B!SauiyH6NrZ$O`L_&FMdoirP2>l=uh=D%OvV;9RGwL*g$Tl4)``maq|unSG)#dk zQTCTy({n`?@CetI)MYkeXFF+RQ#4;#J}AhRz||{Qy&nWZ70t}|x2SZ%hOwN6&&gCg zVSGPoc=&|(F^kB;;-A-pzGs)^dlQ+U|@N0 zX{o)qTsxcTV0Umc&SD!0@2XK8(SmGQBB==23QBoW-8YzFFb@;2o%Giz|1?ZWXKen= zdZ0T^)(9{BZ#q{GYJ_8jOnVSh@E{6HLe7WxYi*-Q%jIYJE$`lEKL%#f{|(pyqYZvKF~mU8q>PmZ?$fS~$?F869F zh1`48oxl2z#Kq0Cstw9{8WoPlmcE*ue9IKx5%R~?9Ql%)cPXts`qA24j(lSNEJ%lYQA%l`wG2QY`y0<8N)ZFm3K|qDbgbCJpAcw%EP1<(O)bvt_^Z2*t_FhJCMZ7?5?{h>ggOEN@46 z__pwKYu1CHUZVct5(6??iTu!!Y3L12Ed5b9e3T9bCD4ex_q|filziyws<0tYg!r}_ zc4J`0aTTbA!oY7$kh7P@Eb$*G2QvVu}-T;C!5fz|0xrRY3VjQc;|mmYl1&BdYq ze-?oDtMm2$N7Y&XHQ|1Lf3!%0bcskwcbAArBi#e(?uHGdBqXI%Qly*FAqb4_Q3L7j zhH>xx`TlhO1AD-BuIrrhdOgp%(uM=S-FdO;icM|Q&pe!RGWjr_Q{2V4^eO!?;iZFQ zPJwuJD|q_81v$7{zBHB_866UBwvI|ATDufFMD_mwoWw;hIN0AW>crQL1B8nMM2uqE zU$ffZVTF)ki2uOx*XQYpxlo6^+R@r-<$J8ZUXLY<{b$Vm^Pt0HJPQCm`fzEcOwRWjY2U1-B zTGXqL;1Wq!ybMwrt)W<^lG)Il1~aK9CxP63Eol?nEN;ow<$7cN-+l7Y_v;Z`AO#z0 z%ibU6j4XI^Q;UnlgZ4|XDvmBbFXP02}oZHEyS6zGffnj0-V$Xl>+&qwIn#EQp+YF{{W-M*m9$_c55+%HI)FNmX=eXp{mP^i)ih zwNpM)&XMq)VIxr+LIGv%cYwrad1;)iuLX7{ALz$vYa8h#4+&3u2jj8OG?|L{JBeN| z_yfp`L&-3(lT&`RiVYe%f|UltA=+iRhum2;Y$N%D=z-t3xN2XyqI9ctlbq)C+8C1N z>o3>DRq>0h_hnS^0OYA%U)k0C6?7KXu&>!Cqp7iZnR4Hr!fHL{c=vFUf9h+eTycyl z^x)`mHkk4eUu9fjBW>pDw}>ydq_oGwX+_>|O(Kn(!d6p;TAHC02Asj(ut_$u0+Y99 z4x?r^!O$YN;Mc|?zGcIZcpXpR@s+H>{)8&xrYXfbpihIfidqt*y zY9@@f9Pj=HoEVnHJZqUAES*QEF?@Y`LDgr`AmtRLbF0cdJF0VLWmKl6Kp@?8TW-v^ zsl?v-Hm%PtzmCfFslM+1uxnY2$tgvL! z@Lk99UmrIol-{Sz$n$ zVT;$de+JRYL6U)meL62I?^C>pC$73~&%Co##B112C9d4r@hHb> zx5)iJGdK*BX3ZFzQw$lq9U5qOHQ(%`92D};U$Zsw5bJg zygXSZz6g>~0PIem$4bE{zC?Kg9?MaxDD<#W*kNw_1XQmlRM>ZHzd75t-W!iT4JB$k z|0!_B%g2*{J}vv|f!mqsH>Zkox85tzDz-)iqEmt@U#KvJ^ag8o6v?REn9fB;+J(sS zNF`@OiiazEmi^ioQ;w{Lv76-0uPRJedMUbMbpjE56^|JW^3w3otgP9ffqOjaqRI|Z zXMuu6mr=`)qU>_-(;s6LwdCp>d>YIf727_DIq2Y`)?zMfa~_xxs2*#9k*swW+xiDQ zkn)@vN%vil62iDQ6O`K(zx8i@DjURi_q+L}0dgA#R&iy6yHUlJa|3n^~fO1G+eF1GL>Nl6$c zh<;5t9v>Sq@d>~+FdR>vOC%Gsf%XUK@!AJ-2}aDAk@V~aUK9Z13?+CBq*+=r$Psoj z?TC%PxK*kWj|2g~>IT@{KS8zV0WVF{7*xgpCF{Gbq+`(t0_y)svhJKh!+jrcOoq}s$LjXv zG9EknrYj*kc+&fV#5@1wq@K1nY|m|~z$U)mX8H<5Nv*1iK1_MwNvdQW9V1#Q4PnYG?s%K|I;f>*$SnRVRd0^G-_2L)?`;_FkJ&0HB_*2>sna*I_NeGH~lMM(lEzLD`5=y+S zR9K~XKtBSLoVS&%#+y1&dRl53sY@3c$=3bE0gYhK$9-r2H7j4}79+wVIy-jZW<;St z9m!>lhGuQg&QX+asNL!?b3SqLdk%6MwsprQvYG?M^Ha}pL4D0Jh6WSb1e`B;ql=wBQ zdOkD$a*}ZNsO?kBcBvE`ksV!pCgJMK@Q#I@?YWCG&&tVE{lr&c^lvo|&$q<7elq^nnRxo&?79^R;W*?y1aAAv{^b8&$_ohMC3W1a8qoz^ ze*TejZ!TgrYzcWdZrfCl7JHu?bPY>Vl6W|*w_I$nJFj#JYEuR^JuvHEc&~imQRq@2 z&WksD4GnD6OfM;A16G#l77#7!CZk-%<|jg!8$m@aRzv! z%U#$~0Tgq!JILmh!(g0-HdZjEQz(b6l>>!g^|gLuheEkh<6;kKyOCK#&G`47_e3`0 zr}Qi$`ofjQYmbZR@dOSPoFswl z3GXM-Z^o~hwI7aoPgq!TSnI8iIDoJl2S~a8`~8}qa#jbG&8fnxzFKo~&9k_NB;toP zp(D%QMwDWn-z1)UW6o!^)OG7W{av!lUlQz2AzQD>@IAQhH3?a%3dz){uTonVStTw# z=vfm_;Z_R>BwcpE{VV=#FYVq9Jk#q5EMN2>yP{OJ(sd$j7;JVzUEg-Z#qd?{Zo@or zCA+;IQ%q?0KcRf-A27EzK>E_l#<<|rv9d>%>Lf!g+$(EJBNb`WW(XpMz7c=7TBKvE zi>6xR>^z&6JFLs_@`i}$N;&Oeqa|BYuEAA{eYDE>MXDz`&vfIZQvV)L>{!Z73 z8nzh?WTP2|dRvgx4c*0bftfr9C@y%6OKz29Im?h-Sg{IDv?d<41>U(suI83D=es&J z$T$ttm9%@>pj>U*oi`mP!(Go$v4>4d&TQEbN|?}+Bjf0)f{}f?fL+o^IGupMIO%l?er z`Jd$YvbJ#Uz~h+nQ$~US9kZt(%J#uGYIo<`$)ge*925KSSGnB4pKntCvNVVD2F{dY z)Uw1F5>f}LWQ)j_sKbqyBAqN3qvS*-1`T3uc}bvA}$!ykerBPM`zAT||86<4L`&BK&%_^r`zFo@XXX3<86&nuqf5ck0Nf zR?gp=IqFC4^~-)YN9Qof>t6ng54n7-E}b^7`C~paDh%gU-z6V*J~;XzAUjrPNlbk1 zGry$JMC$S8s!Yn~t}+}Jn!og|e^W{4K}l{ujN}qQ=7CqGAqfIu3KkO8q18`bip`V| z--&-2&O%}@sjoe1-R*Sd0q|H(!noe^MuX1FmqW_8OBFL0!LDEb(cN-tI_L_$W5s`M zyn$y@*0mJ=EeE|rtNZjdA-)Ob)Gw8bl}S}4_9EiAl6@))p5Tk8QqMv1aek0ad6kYH z(yu14>mD1-gpCcqoTLM?^-&9_dC_{*DrVd=cC`G-XPM<0Q-O6T3E3pB@PHSxV(Syl?W-n;S?_8=V32VJ|Rp={+KwtvcGF@w2z z$potFQNEInDB7uT_y%DxG|kkT_tKs4(mjpF<5Rv_~pvIQb6wTHti74|Rw;i!}wlW0=+3}7ADv&D$+ zq{efx#Hw2jD;QL^3*a*^jCg)mC_m+we_|}1F1fV1{tg02%8<8BiV8|QbD zn6T`U6OViC^3m}YItS`Is^)y;u>YlGGvR8)Q`cSigq3R%KT5jy*yU#ln1M=1Z+y<@ zIs6itKQ!G6)SbKBH4Vb)=wxGD1~5;a9H@aH7)(S%3%%oP9IcI$C$|AW@F(l$y-wVd^Yg_J>WyX`ooRq6(0rZdyVIvs!jR{~kGJ}Q z$=E6`7@s=Gqzh(Io{}+qF8UW69n55#KAHwy=|Elr_Rt6((RQSV*sCAaw?{Ix-0aju zw@TeNz6%cpU5qn!pp9O4L-iX-h|16gFmAa=`=({_%OKS$;?@K zL7*$iM&()x+e_M}TNE4ExmDd&D!pd69|CosRQA9`f;*WK3?0neoa`fiJS8x!^-!^y z7{@4rnVqzuYHYEF_(6x%_xM!5-MSmyjf!doLbgg%6At3$MwTCf*+Yf;$qKeP#FHN( zEtgFVQ&Z+vlD`vy4w{m(BN=rA>P-Uh5~{FmiAzvx=K-wxJDt zRT`kX-7&;|pZn8v>99C75Bh01<(t>f9VeIxM{tr2$=o)>@uUxh5 zWNTFszFpKu!q-8DcRH`6FmZNL7nrNV(3dl34m71WH0MQ*zp1g?adDn-htQM35!XIe zJzxDqz(!*d7bEYqIVbyvTVIC1`jceFFS~$O3!&U&bX9P@n$?3w;8AZTiyyyLPIKGH zSPmh}>*_pxFX^u3ZDWrLDrfm^r9mTOjL^8(Z+g@3E(uojV@pCxj<5M$j!k6=(X-eR z{P2XG*<3?;|1<|%i-n-#kfBRIX3RbH9N?@Lg^#`V+@srbN(RB1J&rks}p-jPr7%MMXXZ|S)PYBb*h>jD!>u~`UIg;Km$Geqj z@rq9(r(-)JE&T-H1dKK7TU@C&vkr*S$cX5Ec5O7_88t5L8YeSw#CI=bTT?(OcX1$c z)*UG=Nlc02Ha16!5R(9|A-jBTyI^Mup%mT=(@!RaXF?d_I6u7vW+wqC+q#Y-HgXiy zpjmUY-=7v*aHCnoNQ1|kiBd-4M&nTP;``&alOgY=poZpXeObr|^VdhhAxlXQ362!$ z^F*i3`n)G&Su+m|jB?iUfeG7|$Pf(hvPwQWP=}+&U=o$Ko{Or69&t|;uQ%`_P-)63 z{%U-LAm~8d#KbX}c_i&$5r${Y>=bNANx77Bi|$d9oUjaHzy%yQ5*3_X)=_T~YXnih zJJZk>MpFeXTM`!%{7w1YGb#)>4!US=YP=j;oS!vMYX13CeK=Ru7E8otIyR=d2=nmd z`}0F$UK>Klie~3xhco4kElfrD6W-6y`tihlf7ba3^x0DCp*#N*YY1lm>m~fZ~q@+rn6t6_{3|Hy`Z#ahojVq__)@0Q^o?7!S{<_e$C)*ZTB z9~u3#-&>aIndQ`!@%Xq?I)sdQVZX!Lzr*hs^|rTVNBR7JoC#*da2ZjpcSbFQ*}Gn> z#lF4zg}i;f$L0vU>I`vsMfKLamOkxA?axkL3(BpJb8|DpzK;01N)&v)-(qQak?*2k zF)84D<%mR45sk1B$9)(|X2Drvm((}0mJH>d{uockiKHtGRlWQz`D&1RLh2!A}l}0}-;P&r&dDg49t`X^C6S zagSrOgN!4Zkx}?^$tk)WzIq6z8ASTG$v;5{*R3EK^e7M0NXs{mRr4S0Jv6P9Dk{rJ z;v^-BqWyGtF@IH7cG&VVu2aDR7q|KBEfH=}h-WN3Ds64bZ2b%gzi2{@G16fS8;EpI zgWYsdQ`7y!psT6vR8f@JfNs4S#CJ!z(B;<7c0Q3&VT*D0vWLP*VUyAb=gUmx2bxF` zQ-};+Iz0ZLmu!A3MNR81@gt4E@*3tUk)5`KwR5L)#cg1wlCeAq=PfBza$CEA=5OEs znWnCI6tA;EdypPB;ih==ifD5kOp_q*URpvut!5To^ZvgtE7pu6EU;sX$jCiKx*?~j zu0N216|zJ>U0F_Lwc#)5{XLL25O-^+FIxKbOZb+z_R3EbRJtSmVJDPb3~zrp zn5^M@O;{;#x0A35W=(zT3M!8I6-f_j;V`IcQ4aJ+?=k#37jS$ByL^iQNN+l*YV%TL zfBOZQ$j)!N;BPLrM|I}u%XKRgo*#Fl&trg(1)Bs#ako^x`nMEkm3#OiYk({Hz+tvh zvNyV)1++@lQVv{NOjiRh@C+KQi#d$jWwuB2*nL)lN)J=zxaA^oQ$*=U60tY_mJ1%T zm1e(*N#jZ-*bd4M%ndxphS`@_Ce=B19jUn=bKaOhyEpF0#cDxAk9yzHCPemCb(XS)}8XNCyi^Fh$u z_0d=VSO;YAMZSJ*czcC-IAOV2^&!7(ms!oaNUbog*ER)jfa}JkfMfb2H9s8-eJoL# zQ7EJ!8*%4La8r)zjaWcNH`W~1~v!v?~b<8hQOx&pLHuu@N?Q3+4Z>P zz@54gcpGn1FtYrF{6RY_!r|o@=izWu5ZnFElgXe;7g)V1y&;sVarK%cYY38-!^+)- zc;$H?QeoOmljVzGamc#Gm0PGedf|7Q7|Bqd7&LmXbN&x(nvkp}#>R3x5{2sg+y5Eu z270ceJPDLeV1kkbJP8`*T_|&1@2g0#@BBEem@(7byWNPNw@Yj zKR?u2kG}KU_&$HJ51y+q5c6v`@AE&TJe4+RcE%g%7T(%SR!^l;5rcK(Id(m)oD6?f zpe_51Mdurw?TWg;Myo(~2Ts)$9kx@@jNGT`vJaw|(@(aTEk4DliV% zN5^s!H4)h+I4GcR>fvEE;KV*q$uc4f%H3s57kJvk#n$6ZD;0>oc%{@5VHiKF>;mPB ztyh;g`;aCPyS6YaNwx}l;4IFHhZo;n>mB2uiEM`pr%1rzW& zJiZiERjKKbYdeIatkAo8v4(83>fSp>b8Bl9yOzb2Zqjk!ts}NbI(<1?X#RhZb&*?; zFjcIbmGmD$qxyBHuPg0g!29_~E9> zb&w%)aIGg4CF!Xt#`f`+LX@vrkd1%x>vzw_MyYRR8D|#EMw!J!-mBnew9T^8+#h3O zYNEGma#l0Hc>QU>kJx2XM(i{{YINY7oxE_+04_#pDYA*~ zyvaF%B40$`+@OCz4=%Vm6%9&>ZrS+jliGINCQo;})4^wPLCII-_v`R3W4u?%JE0vA z>;&a(0_0$rw#`MaO*8_)dR4}3ku>fU!xUV3i*{t5fu-3#2#7n547hPl6}lMP$?rLs z(4g<3tUQ=OpHr59+HnJCTM{^ z#l1468teq7l(KBVrRG!WyuIUACgBKvei#O~1`B80ZpIY$-_Fh(hqoe>jyrawGCB_E zrj|uiq}s1kAP-dmTd79Rzp3R)F3hP_KTxaY3Me8!8UQ(rjG%zu+n&fSua48ZU&?aPndiv(uNT{dry|4ND_ey^+~6ZFE$0Jx1910;MT%iu;-O(? ze*UMP+q@gy@*p!;p91duP?o1jG5i8X%Qtf(Zrx799_qj%S4v`e8BB~MI_`FkFRw8Y`x z-Ric2E~!WbQZg^LJa{6tcfVhtr z`^n`Mhrz+Yfz<#Rzh+z%$*AQE(mr?Vk@PCD*0YiW^DD{EAm7_~tLww@UFI@jcwkJ) z8Nt#{rbAWg#ke%^7_wuUBjD&r^VZ1ai2;JljhniTzx;Q9M!ww(C8uel_urNE+e}p8 z*%LA8fig_M%p+-;#ZMmDAWzpu$(z}yk29rG7@gMVvAQ$-Jln8PU1(3YP27fbJn}X& z5bo$$kD%U+0WKS@FysVXi!Kyhk6NZGJ;o6Qc3g}t)sFX2{ikk6<@NTB9Xa)M8TSkH7he@D%5VC zk}7CgRoK3b4kYq-9!8PY$%gz#J^ab;wuQUcxI1qp2Id6MXRASYCn$2H9LO}^m2bh$ zf;|;-#--vf^0jI_o77?Nd$�iHiiqS9VvWo&BAnNetQTh*Q>fa&Db`QLg^#-cwOB zkNz84t?DoCqK5zH_;>yesd8xuYGhV(E)7BX9fBO%3XZ~QZM^1mU7rXW6%gt_H_GrX zH+$;jNvB2?V-t4u!$nS$o~uG_P}w)(QC0$zfBZ4*I8<+Pj{o`Z|Fy1-12pJ%X`eJVFg zMCy&n#y%T5=P}b`2_EC(^kf0nfo6+H8Mf;084FEJgU4oZ8Unie8>`h_Wc`oD);D@u zj04>z=U)^;Bt`wF$AINkzZ0iBUXE|bfGc>jRcpaMb~|1?i)XIp$i(xx`MuD`(Lcv! zrB5@vp3RcQ#a>!9AaFtf>py1rqG>Qj*ox`tCE=$eA}jO)wG+bAv#w%RVO^LxJrr|JfAb*K{waPSGGyNe+V-52PK!0^LK9sJvOev{VqSe)8}@EKxC+rQc? z&Etxs^ZxdD`&VI;qpP--D48m9n2|vG4LM?4*ubvqJSFHVBVF{Our={FQ#St&ngmJd zZ=JU+P{es!my&YKiE!)BpPvz@k?dPDT3}2VS1pXkZ6PG;Yw6{S*7=tG-{k-*VDZ{E z@{Gs09SgH<=qJf8VwlL&1RPH4Q`XQ1>TxTVNL?=!4jm|&7>5r1;%r`4lDZqpF@qgG z>sA>x>mvFQ=&m`=a<|JK@&ud*l*jEC_!utW#|?TG`C5yQdm}JCT9C*!};3ywHz1}cktGE>(R1LEe96ba5rIj{td(Bte&FB2WbZ)I9TDKmJ ziSR8~DFLr^=vI%1z;IN#e*Yo_<>8a-#u0uyd@2)C`rcUVtdq8fTe+4i-Cya8Ue*6i zj_gsnYB?4kjBR;R?YiN8sJZN%UJ5Q34_AEq<-YFKUN$J7i;$C((Ht&fV>Q zMJRgGegW{7;xul3+~PiA6z*P;E2(qj0$8FnrS`$E?l8w>^B}a8q|Za15H+!U?VrjZu_n*Eq!^~wHeJ0Vv!a< z($-J!aVHXdL02(BqAtZo4sgUDxDdkxck3CS1>9ZefPeU`Bi7l1NB0DBYC!F;f@k!) zu5|$PHJDiGltm0+Lq5W_T{$2)KkUuF81)#ZQ(mbV?r%AFMR8 zM5adXFFEd}R)M`?Gg0SU#-!-}YQt9&E%+}=YE2v7NMEOK;0>yoVYywuJ}T&snE+PH zfuEd}R$u2O7~)X%FD-_CkFca(kDEJ^_|%s_{&ILOit_7wyT4xm8G*VYXUVzN$0@40 z(%AYm>fu`lTmUBS4_g}Er=RA8epZonK0lq5J75BFbg40SOHz2jHedI|4^OdawO)L% z!J(yvRM0%}eGPna=(}3>02h-a$<~M(`EC92xcZCiF7VQ1{-Qa8;MDXYm}__QLkt%q zT>3n~7{zBNm1oJ)gYTOQ1>-G2pE7d1YzB)%NA|K@q*V1{ZQHg7$DO?<<-25ot(ayP zIR;QMq#5h!HFYyF?*UC#p3|Jt@9ITedF4h!`6=Y7JUc&Y#$RGE28qffrXXRw$0H9x z_=j8ietT)aXbvDdfN$c+B#8C-T}SSZ$&{o2=~)_Vcp^AEN_JCcZdAJ{cmf|j`m}k~ zS2A;U?ypD2a;tH@DnRLs#gbloIW)~LQ2U|00kBZZfO;CPOn}{6gTI_#$5>01|DlwL zZ9fp1BRydsqIJ`aKd#KpVLrD%hsQ*J?tV91pU$TA3-ues7<_#QJ0(KCJu@QMC+|Eh#w{-SXyU(T<=X7pKodAfkTe&qwC-hLh+&O$ z0XIT>?fDh}wW&`WEU)e;v6}{bnwYoqZ^4@TQ9iGaGkK})0lwSP>yAFjtLuvsH+!>| zfs|?Dm)^I$_azSYt2#Z0a`(NvP}rACdP*{%t5C<``~$x1JDkf5oLX8m-0A@%w7i0j z8t31XJnkTC$gFsO3|t~!Fe1>-$tk65x}+esYQ4$GC2h<$l9|<2`Ss+(FP8JRFa4SZ zb-q!KQbAO<|L#W;eX%aDR;*9n0atDgOxsZ$Gg9dcCD}C{ex~M*1#oID^$ng(pGrxN zsjGIpi#S8N_5J`11A>2L**7&lY&55|P4F*G4%#55 zoCcHC*9{onq%&Fi>((V$e=j+)Xl*~$PEO$hqN3qFxJ1>v)Wly`&2+TNgi`P847IT#fF-N0obCbGLjHs#Jc!}(;hE)yw zYvo&ch-e$_GtOrH{%85$h7VV&!SawpAfaEq80vqxY3>YQ<+bOZ0O!X*gn&jI_CuFx+z|F=GwluF*=YZ*XdeE&oldu`zG(T+wV`ct#riOlI z>_DQml9Xy7%ZGH_SUh7EMrgZ!t7nFq{_KZS**q54sRmI#d8+q)GxD!iwEEd=Mlym} zI@FQPZ<8zJBJ5q{+<-(ZlRX^+j*4lEt9crNY9v!@eyCG60j6J5o)U_>`bpLUkfT~gB14JWN4`-#EHLQqcX4C%i?GpXbooWCsnn=JpfrY>wQA3gVu zdn-d(bE|W3RiRE@XmgvD&*ymg>tae5|K;p+rZ7=P%!xRK5hSAm$t;vnz1WMWx*Q*I z%bpu?iW(t_EW2xcjw9)|8n5!|TB!PiDscLpR-Gew7-<#Z()@R2g-p*?l{~4SEpN57 z1qqjyCv<|a1&9N^&DU&$Q%9YmwuWAMpedqG;MEXX=3jjb2&BE2KSSW?^#!5&)RnS_ z?BoV~M1BvtD=kr=M}IL_tzs)^s$xKZ&y~+DdPMb#6QGw`8vRj*jawy8YNcGx8)wuE z8!4ZvJ8zT5j(e}rWPEe8qg>`spU2^f8YOegnriKs>9#u9)WWyTsdVJpvsxR7#tn0Q z@!G?qB0Pr7*0@S~L;=SV=ig?i;|pTSEKPSSJ1LC{-j~bg!{}UKdP)CRkJ$5oc9kt> zXhXxM)xW@+G^uEDs~j$ql8TZ*&4@pj$y@K0VedJwa9O_-e-1-wcic10@IQwVOrcjh zRcVfeuH{&N$_kRU=;tu$a!6C(^AdNe$@3qP?jVQaX06+A#X#$0q=eQCTmuH^5}a03~Let(`E z@%nCe(qiUslNY%f?bTjJ-$?HBVr2`FX#9l!iSWIW6T09&X$HF6w^l7GPy!w#Zr(R%t}_hDI;lc)~4{DKZuvEtq343xtAW1%QY{=4Fwym=DtA#Y_&^%p{A6SqJ5d_hkXHZ(ug`l(_68NE^|LT+;8{(vhwa33eA1 z3;Hws#0GUOty9;Ev*iCf3#%|`)BPA5oOkB@qA!wQ9uLE(uO!kW6k{j-%f0`)wLU)YW&N`1>a^K%-7*53sfV@v_5Ln&AaF2^Z%d+k2*%mlX}K$h5g30BbL~%gjcm+EQRRZ zmLB!-pDe_`i-@UjiAMigwT!do0DO3v8|7q~eWOxg*l4)hC#t32;udqJg!mt=MrK?4P5eT>94=F8OzECl74; zBe>cEQIRH#ncSl_+Mo*;UlnSY=4>4d|74!k4bVKv!mMbIyz27$R>(YoBc7BBBY!LV2k!rNPb|Q z(OiEObkU2${fm1nKIqV*qaX>L@AmU@&id6nJh(j3oX@MAsC7>jVm0mWIFeqAQP1F7 zZ>b2VjpMNyqsb8SGDMNjsQ!fD+zQ}(fpFaz5WQGU zMk5fDp#vXci<&*V45v;@zug#6`9T1-E#Xl6ss>T!>m~{LNbh)w@2OD}q~QzQD?0AbJ}rSbc5b2m)O^*}dDJ+m9Lkw1Y^CPb^8^#s@@x7o z^}D0$PkhL=6_yC%be3)!+@7dNv%qoV$W0sR2TEOn5e(bFe2MFYjnk)g>5B8_iP|GM z`g_9VKbv&*bl^wcD^dyb-Vawc>NrP8ef>k6$eT8o>)bMjZOx-UJGW;Wd?Y^zp*ws} ztRbpH1|m&rSwfYYk6atw69709HE+qZ6XszCsjateFIwS|3FrSt4N5Sx!#&`R!Yo&S zIY3BjlWD_e`k)7)j|0f(%K^@0dRH_^{(3S)Kkcx2pp_>Y#4m*{rmzkwMALmhFL%l> z54$>;hbAz{IsVAS1`$c{12WX}-fM?vVc?JrhGAdgC<&CXC+LR1*=jwgO3OoBzJi?o z0}iEixe`7ef5B$%e$?y>IO)KGmuz_Q_r~GFTLr1RMuoCa^D<3@FL9>k!y{!FUDYSh zHi)+@fWF+3)w}r>TP7_3ISzQc+_Rif7@BxBS%#W~6UwS*C*Q_P(1PZT0~!O7U3s$P z&4O}J)_ptPn_oBW0?jREibK>^$2;qljbTkT$$dYLAb#EaEv`N9uR@fYX={B|P;6Sq zhDdQ)bDkhP_d`j!Ok%|n+6NZ&4=u=#yXid|qu(6iAOC6$3)x^0OrB&}@{IDL8I#kG ze__mZ`N7tyxcac4&udYeb@}VrOb`QUb^D*Ppx)Ec6X5+1>n#49e39`(RY@kBl1yOv z_#YO_cuA>bxB5vHzqs*7E*bo2ny^%ty05&SfHB+FR z0*YyfQu#1#9kn)cxd{&YPEW_5;9u154x|68>nIYab~A)eP|ED}>`Ft1ZS%P#C{n{X zQ_OWyxI9Y%ST9M}HuZ7e;(Z{Y=2fiy#F@VrBavx~yt#!SL<~=|@pOV}197zM++C0E z(e@RB2O^F?=5ovtj~Ms75>AUV&g|Z^zf<(DpKyZN0|r-tFgg38sHT5RY2&K(FH{a2 zrq%rXCh9V&`8)2mvkdGUdR1$5U34|L**}w#c*BEyuGWnQnL#Opp<5bY4q-4WB2?tX z{>0OeaFfJ=E$RKq4#K`&G!2ORwz3Yhpn1Eu87TlI>jz7>1cz}H7w;$Ab%+s?(3Xh*wgJ++SQq(GjW6740 zmM_Nu(MF$NkS9t7oD3zO2lNMfLN%R-fn>=!D&XO$c`G?@d2;uKm-B&-KtIaX)ig%(z{?L?#F!v)+e0yqS%$I5mzmRVJN&6K`7#vE5>ybY3K!}-Iptz z$;^OLdS*=myRGe$9i&tKOGPG$O1s5*{n>wXNN3M+q2hdcVow+th z6m%ShK$2uOT1j8c(g_Yxu6tDX&FhN?q>;@;o!iDhJG2Tr`Ve`-Qx#!5(ulKoz{)cV zxryh`k=wyf!RP3U7tew7b8|yTR}ll)MV7CIY<{G$r8Bs@?e8s52LUvg|Kh~~sDkn5sMaL>+r^k?Ku~I(QXsw7v?HaG_5UJF-5q69ex@-mfm=Ptkb4-&Qp zo%KJjWxsrDP=$^`t)sro!&wlS*f*i|w*hsVC`RE*#Vq~tYdQ9>Qrp<>idy%l9W(-a zAX1`|V^F6V&$W4~$ma{O@=!tAO5QLp@=-mKva8=OS$)Y?JRF(gmK`%f57auurwj>dEA7t+8kje;@Y)E?uk!Uig+b&y zIHd(zQ)V?!DN%O_%1rHHC^!IPAlzhgIuFr+`uPXvEw{dIiGv}{5~DtddC}30nf@+c zeT^rmM?*{fkg_Qp0-^l_6#`m=J&NLg`zl}X!2(DQ@zAQJj}Lx1DaA`8MAk92 zK%Zn>Sj-C>CAVt&@GlCdtGrkJY(%%y3%8a%#`{VFGfaF1K1Aqw^-cT_ioKt$E>^U5 z?gQ{}x1Y`f`k9AdHhDRTC5DNm+2>jrq8=sL-ivm0HJOkiZqQlG%QQji6bmt6JHpAc0k7N`&;^yP>7}-&5g~YTFpk~2_Io={@ zcQ;A$Zbd%HooEPPfvS zsa&sm06jd4k#L2&SNx>C^2@}iN(qmxM*Xro6mFStqk?WHlELG(KVzmnEckc9?_wL< zL>#?usu+5iis)gdw4H>KBBud7zvwox#On=&JBcX>mRr}F}Offo4=(s===5#=x zV3X#6rCyK=Ve$B&%nkA7sB!$0l;J;R*IRb&dljbWR|3(b<>qcrMV}f)-T#w9q>BEV zy!|=gUV!h2Hxv0$*e+V4r+nPH0m^`EaZMTXD-OhFb09NL z-YH`SwL;J~e*iN|vQpXFR~%5K)b~8lJzJyaDzf3LMeopkF_DW5T=$DnVdzcQb5L+c zybZ_sFguu~>uxmM9dWl~tujt_H)rI6!m;$9VIn;Y+sS4lkoJf%zC2*pwlQ*QBn_Tt zd*4AU0J+=l8hS?D)KwVNQ@ICGt=(k5YEqYe5)c}>Peg43BQElg0(XAbc8_8FQ8S!w zZd^JglFnbFs^eM=2@ydx&(9-tGjJ;>Q*Mc>+1%+3D`6jaN{u$j5Jeaw)6 zqegO$^xw42eF$9f9y5}Q~3sk2goaOO4?dKd3Ze`5UGoh&2`ECC+|-K;3k z`L2O3;pLV*LX9{Pa1+09Sy6kr?==+Aqs+Zt9IhYpzyP`2z7oJ*hAiVB58tVc-?PSZr(!6FZ+A2roTuqaJS#K(|AtEE^JN&gBTU!v?V33 zHaE_}&o>r;uv_0V&%Lmtxn zMc0DSypoQ_!JSkj9^;-wH#orCum3?_dmkph5e*!@jH05Vy1Lm!9*!x5V;(Iuc#R|I z&+{e=%W#om!#(~U|0$9?AN=*Xkkeq&Cbe&fJ+3ReC|fG1bw98BR=BeVUfVSsDgDTx zf)5fpI9VXz5tWtV?zk+tW$?tAck7uQo1yNM9eE^lEL)m-_8OUbAG zAK7%*&kah{B#`1CN3J?w20a|zj|f;K#RP?sjh1G+M=vA&wASctB-^Ssq_>Z^5_Sq% zE8@^ga&@E?wEvN+NN$MqBDn|VuuhjeoziL>XZXrfxZ`~OeM2M0(clJ6zqfd0yZwM( znQ>R8H|i6E8n!Q#gn#SSL~ZY5^t0;q|J6^2B=;YUilsRTdf^^GjQX)xBfY$?c}l4_^FgS#6wVZj`RB;SSt3|i3PF%y(02Gb@@cmX zpb~hHF6c0~i*-ld)zXZ#m%bm(>H+cAw(Tna;t3m9gT!E%)IyF4dZvCDsr|sntwm{m zYkFe`89Y?&S={A{1n9uH_=$0F^W|qd1OV^`r1(Krd;XWS`8}z%wBI$%hS%V%EV|j{ z=M@r45)X&ok4rxX>URLK*Ies96n?$}KWt~Ypvbi1bq_TI?n@0LrAv;wj0Udt5`f0-;>F2QA>?*IFh6XbV5SrCSwFzR3?)RVW*MEs z5~lp>4^B}cB3V30^SI?gXfzY~kW0KIR{;1}rYzao?;ntR_-Ev!2FU9e<~|Y?xwjo* zF%Xy7zmRb9Pnjzv%ehtY<98Y+B$%n2@NS6weRpCQl7Z>~+yY;BJ@=gym6a(9IW3~o za-|^KaP4dO2_PpMDM#4z88LDH0>-)2d#~z@1uLiK<#_*gtnJ73GLp+1IuxF_NS;8B zWYOpjlsRcBiq@S)n`wP&wTQBy)!{Jb$n)$_ z3L!^U!0-bvN+ZFdN3CIxN5zW>B*DO}Le?2=b1flyyU;n3}KW!1{PjBj`vz#>Sgw=X5{PnMY zRku%hslUQTFM@|n5gjyvG? z>3PU?0VY`gpp!EG*!reU9C5;E?b@{|vi7!{1fHV^jWBxtvFUB9QF+1`(YaR#6~xWQ zxgX5H4D2Az{%>Hmy{om;z`)Qz2tE+qPvO95YgfxYtbqn>gw!5ih1as)v8*+lDhEX- z=|*trz(qFtfft_&1a*J?%N_2kD}Myb$q6Xvzcg?|!K<`5t3O&QPMx}$0yfd8_1_Bb ziCCU#T)j~4gmlI?!m4vUuHrUpQD+O>1vAkajh45|mlwYJ;Ip6IOFsYk&#C|6Ag@xc zhty4xDbr!C7wME`%a$tuqTpVU%xDouFk#`s1vzulS8fZekJ7=)oS7<=NL>?{qs3w7 zkgtDNum27oJ{-&1M=N+qFe+29rSFCI|6GRlS4&d#&P-wW(2+7@#td1vZk+<|ZJ2!M z8f;!ulI^ed99OpphK9?QX-O6g`Nr)LUSD69rLWui5p+&IulhV^2AqRsXS(JlQH|j- z_!N&wTVjp+b+>f%Da;KG2f^ZU(ZYqY0>B^pJ#}d7YiaG65{#$6Vp@2%wYAB@MV=l~ z)u-9X&kvTsk16IVQ|{(LgJCs05q)}@tX-EnIZ+JnLTH0E$wbe(+CE^1TJ_!S^+_F9 z@-fN8xJq%uh7H#~z-NLRx~7Awxr+^{O9_s7@4ovUCX4LvM)q9v4LyDO<_hS}ojbP+ zVZL!U*#Ej@MnvY{F`qIYe^Sz=2;E$8j9j-aKOoC-pKgiXdFNe#-MLph;IU3VGu(i) zy8<__9W!PO#?~b|A=+K#R-zpGA#RB;t^})o!-KBTxX~~-if&J=>NoW&ry>pboipEf z0~K^HM|&=>(}2@JZ`XhWoO^o5}gBkLx6WRgAc4w2{yt_y!z?C(2lp(05)3HoPnpfX)XPq!pL- zmR4K8``z#0_Tqn8X^Kf09GNN`V)K!uG$6guvYNu<@qxHrcUCVnPi5)y^}l@mJ750F zN}JBjmi~u7{2uN9dv$vfqzQtX7WiYj1^*&pSjz=M>NCQ++Y$^>dVe(*WJX7&0M3D; zGhQZ3Co<&;ZCgZTWqbjF8_?F{h)btVZqQP&pkND2FD6@jI@1hv!8Spq(sLAbUtaE_ zipofwu9kEnHW|l4Q)m43GFacv8lR6zI@1AkpZYv@t$6zL*p(u8Og{d(b5|m@r+aWE z>d?JB9N=v99m48~2Dk+bV>7@ufXun}59r<&>K&!=owOd--fgh-cEM@DX~1cqzi9wp z_bxaMI1Th>4K%{Kxiy~6qOW&J9*4`1ny|mTzjsOJr0MM%AfRD@HliAp|G14MHo*da zQ&J5P__1w_j76#Dr!bai1E2~3+FMSZB&^`YtXZ?*`Xg2`u$iI}Y#tn$g7e%8N}9@w zOJ6%-kwhK3P`U(zV}Pu$jabu<8mtnPZaXkqGXN~Z0%oy^LX+r`sOiNNg&{W!klHKu>4@n*ai2uF;KYH_FCXZZ};$Az^PU(}3~WekpsS#7-t^z=6%KA2cCD=ia!|BF*Juc&H;LN!?0 zKO7tXG-y8hP;ZZ~?Xl&cY{Oi^0>g9@k}2fNpDB;JAqfouki8^RvWqKJ1H_v0v|o~y zF*7x{9#~5dur^Y!U?73NXe{4Xe1QrJ>12uO^99Cfgo-;|UiA1A_| z7C^STq|CNo#{rVMP(2OkZ%C4Tu-6dK_d)(7Ns$-%0BzgO+1TdGpDkZ;@wVQ@<#N>3 z*MRoVEMruzv}#H=kX&k*RVrhl&JbKftia@9c6 zfYX4}K)D)l7S82r(B*d;sFDVZWivmq``$-1m(S5>+rZs*x=NiQ4_o`eo&I6Yc$=1o zML$kf#ILCO(X~cfVns3!pUFD-fNltn(l|bw9r1NA0Nj|Q>B$QM%}tSs5)0AwMW#*V zijxjr1=ad=W87IN6{ooj)Vb#hQZr)N25`Vk0)XZ zNOKd;FeXiSuk;>YTAsDXH)#GKd=>&98a|VsS_FI7H2|EWiB1KsHB*Uy!qR}{)#llu zHFKL?Igq8kU5bIQ3OXxr??2DUv8_-(T^PHF;xrKKHGVr3$D=P&2kYGz!Df5rhgMHn_jGsNt6d%eW?F@|i?Ki< z*jEGV-$9W{D4J+j0s!=SSZxx_>zS{Hme?ZrbDoA32J;|6>62CTYdt73zN&tqtKDAx zjlZ$(WxpcqYW~r`ZfCSZ0c8WKn0^<71vKd*0FQw=2$$Iv?R9lg`Gp#3~3}hGdE%yvQ0L{x%q9So(+Yc3lqapISn`sI1O~O z2I3eyY5Cii+~O6cBCb*yjhbPlOky3z^@W9Hb5u?PP6JK@P6Go@0|1=ONAiHHxvQ|# zKrhySc|kRRK`$0Ft7rteU~`u>-6d340|b~Y;LMVobx(El&3;b5#+@m;8!V(1=z}XV8Jm#26 z>t?!^u%InKSD?bt7~N~&mjixyNfm=H-Z(&F=Ap%M8~}9sIAA##r4p1TUjo!|T${-X zT29x(T}NwciyDzz4Vyt}Hj27;QleaW^- zFs;(%I(|+A#cCkgFEOU|WPlScOyJe^m>aH2*PY`!-68SahO1QQX3T}kX`mhNlQp5i znB+ApkSfR7adH}P8gLruISthCgMd4ub|zY!-=Lmr2UoJwK#B&MVBOr;Ee2ZSD`D9- zqG11=DGG2mP6K^X1Ni*Hhe9;we=N`kGOhhNiNp}q-`ceR|EjkUD8X$mZKZn+T09pQ z2sRU}o{wxj`>|e}-2I>0fP4goEbA``K;fv{uMQ7TyL1ZN}hw7o299#Ng5g&WX+oVz9s9z!(sE*jFLJlY|TvRf<7}+ zFP&S<*RISj+9C{UAE;++nIh`byV9aOIOm7En7!d_x{lP$5(%Cb|s~D zJ0U;~f&d?>Z4W^-RrWfK`GK~#r%m-w5&~_id)Mm93B+}9wQd$25K=>k3%v|{))&zQ zNJQ-bZk@2?32iu&+$I5-S|j{4U+k0KGZCiQ#<4LxW`FBaJjptzW#l^2Gv%Y5No zM$cCAt3B9OP_EVSmW7dOan6>udB1F?%e%IjQho^nbt4cTAL}kFPd@GPj$q$-*~-Vm zUybWW7}wvlUI`|zpX8b#AP5Kofouso(%)01&he5VaU?+y5Cryvz?mX^ z>Y1?brvfui?c{Ig73Zf4)zJ%6Bx z-`Q-YOlIgSnm{IrJcPzG9R)Jb<}#fHGU#+j;nQS>2hI1VYEi)uwdTGVfT&j5(>N-r zD@|4#zgd6UFF%3iTS)!A@C9ja7FS!)CPg5ARWDO-i zO7AMil|M^v@p!qvien`y4FXi=YLh<}wJ7dCRO9+gjqAJnf-o4!u{Z);pa|gaK;})w zF_V;nfFRIp1X2m-c$LjI8g9{@g|F0PIDTEu1pz^zIs~}W;21Vw=h3&-2|cJJAGTz_ z0|#c}P-Gw7zzKQQq&x50KI+ztGBydbX4Gl37CuNrdVJ?LTn3VO^YE=Afp;Zbj1xf* zgkx5q)-@+M%jkVp5{WO3K+*dz-cOcrzH@f&&0s2HK_`Lu$160I!MlV+G0(#Y+Run# zN&1?vh-ZGo@%}l&eZ_l=ix4Ix#|);UEoj<+rYt%UG&Y^NA8vws1(u!hp8A0M#n>-5 z(&{_1P7F#zJC$^f<5pii`YbtluNW*`W0Ogjcg&J)^0>-ytG+kY+bXR4(A$FfX_WpS-+stq1~X{i*0xFA5{?{Ri7Wnz|;@Y@Iflb3hx^w&%A<kL#fA;?L_uqPd`RDI4 zQb@FuaJCRdO6zitZ*ER{$JlN%)N*q@xM$#MHX#%){WOc2;V0@ONNhL`&kdX@!JqSIg~t5g3rvDR$BZmqek zL1!dW9yC=ox7cZf$oSZ~blbOLd5!4P0A7WQU zF_Smxe&%%kMAJ?a5Y1fBm_nO51V!DCpr4=gw&q<+ z&(XA4GyY`NtL*dblAl%XA>wUY^)qRES3hW`EjArSR+z1kAP8)WKvT>kaF+`g5V^p- z2;ZxnQrosg((eZWrPznQq77{cf`A|(2(%r6Ei|0dn;OBq#x(p|UF77IFIK+P=CA{K z1Fb6wf`B04Mu3EoYdgDJN^?`pV1t%gnPMNdxqZ}+nvqPv8!Bc(fJB4(&A6Z(p`dNu zYGQ&ijcl4EFa(CiSzqJ1A&GVTF8|{#jCU>nOc_JiVVn$~pnUB>?goy3xfo2MnN9=) ze+m*Y!29}%_aXRVmqH~^=MaF|G?;BUhUttO5X@KMS7>2HEO!gBGS5z6Th0dm&L}lmGUNK>S%W&*z@2(8}Vd7&f8V41AN&xoa5i-yBja zfjeNOsVp!+zex}T1OY*y3kXy?n$h9Vb@W`}LIRB*?-}Tvh8|ZX2m*pYIs#*89(K!i z^JY6qhEdCT8Hhu&O=RSkAW%I5L3E96ve#?D+UxuyZ!kDkaew&vJMYK8`W$99UP9aH z3~?k_NG{S|aO}7uUQC?IEdO;10aysvWCUopDV)`I$6;-`Zi!mBx#{Kq6zU3<7kX5SHH|}5bD%2PrD9M-NbK_?k1kitZKq%@4s~La>~iMlrAeR z*7weaPnGsEzsp9j-yPt4j9PEiwK1*SHpS_?+z`%urZn`GbihG@aE=e^S>L^iF8RAl zu0E&fU#;J)|Bv^xX^TzAA;fAvS6?HM=t3ag7ffsV$d&KV*GK*XwF8OvlIssX77!of zjeQK~!xtc%Hyy;*U%r%36$0!-&JSe~xGF?Njvyci>=OaC=n1Fy)8NH^2xr?kY}xcb zhP}xX&}&OfbYI~^UOwO~K62Ja1iEayIo_X~#-Ebx2)I>Sf*^1R1T5i~oV>C&RZL*x za^vzCAOF2e>*KQ1@@L7{M6))raUDFzdpA(oX?o)nlhbRwi;GN5UFE0MX+LqgUo}-| zNpnpjF&5W-8?V!u_|-9uY-hf8eEF8R_&ji%xxwDOHkqbFL5{1;{6!(=xFXG0WIHw8 zfB&;Dy`TL0bC_7Ugo%~6NXaz(4%7Lplfh}j+0=$N=g(ym&gq{o@Vj*~GA_kzHZf5RaOj-k4i-w2uT=Hrunl@rvaPDrzBz3UZhs~tWD zoj6iNa~Rz?1(A5<4g}hJ|;__Vm>&hRO)yVUbk3Str&S1A&Ycy}) zLKnX25?ACm2yRfhNJ3&8e~R$lJdYxz^)(5u3G+>fbjq0*;-q0(Iv4rv`CKG28s8Y7 z*QB_SR;~kf!_Sm$j=R<&A3I9VA0t^VW$ao$OOPN4^b>)};8U0``nr()Ob3J zUgMqJ4gfilUm$6}=@K|l}?1PUX-cM{)mG?_Y! zUZ&=21mPU7*$}oR$Agbm)FOJfR>h8|k#j+y3kcA>3>R2JZ{CIG6mA2Z2VMrx3a5X1 z?+4zC_g_HEtoA3KMr zt$YHa8Q$ol#n#oP*@aVhw5Pv?o67A!x=F9R3bPOMf{V~|<e-vE2P{Ir}__Sq+PYoCyMgK(i2-3}~)#pp={P6cUb_Rc%k17clmUj^NPd z4EBroSw6>Bp}wr*Hmy&jKJ_4QG&uF<0UUPqEYNo75w-vpC9}Gq*=)L)L^D5>gPU!M zW+Oq4+aSORZv1bXylqRXiRM!^5iO&k%=hev;7hgedjb;-S0QXZXPDw>8%9#!z9T@= zbVc+UD3UyC^0!G>!7)kZY9gCsRMNBw3GZXX$BA#GgPD(Vi>n`6V z-&Man?GblgrpSK&6p_sZx|LS9HhnS#;cVh?#Sq};Sdr#;vhIrf-q8NmHndGVENdf+ zA;yLLPU6?p-!vV@XTbb5wVrjn}CEHcJMYwH$3FF(7emBv)pML3LDP5i1jt2KJ5%~y2 z@M~`lPr!8q>VjUu$tTCFkA~kvS>KA8t2%&gh)hz8d4czXgl;0BG?~fW=4q<9jAT~? zjk*sNsjbOwlHbPmHyxmA&F_`1@4b`X)UecKw_8in_k{Vz{$+j0t_aDWSHJJ#eM`Sq+b&qd^UJv)AP5KoWf2&{vHWE42n(QZFfaV?*5X=2INO%d zyv8g1k+y-w=fPuqiXLGS44bIRL$6GTELL*XLiM5$8@j2si3iG6OszVHcAA&-E(!BFa67K`8wy41AbAS!so< zBb@*8SVvGA-YGV}E#V#0{6;z*zelhfjqU?E=zt*OGJG#!*CU;3&p|Hs*=$AzKq}fb z{^#Xw|F!(Z;P$sqS|A7r0!>7K=G{)=aC{kF!T;9obIukL&bB+Ki7^eoQ4s?I0uPD& z(4(EJB^(Y)5Cocs0H-fU`C3HHt90cxqGs~|leNAD{lUzMASSZPo}rq~@|XG@02c}6 z5FoByoR}Q@=di1M58BKZrC$1F(4{8z!n@FBHt4trTdE{<2LaJw?oMA;*OEBV(H!!! zy7uKuYAX3{G``L87Wqxh@0Ip9zb~o|N%C8f+X*s!g9z`bDUCeb2i^z^xQ~z|!d&)+ zEaK*Ym2oY;DAvXAKGSSEfaWuvy931}mZKmb2nYft5g?yB0k2AvidVt2lG5-M0-IW$ z`+}s}_ZXgh8Ms;;L|3JO5&?oh6$tR*o$XSh0PbfR_>)dc% zY1f;{M||R8;&`OPnYM)^*k`8mzIphrQ46Wm#^NIH6eRQw7I}+>a`(UK%dE2E{hpS_ zl|L;{SK{=Ju!oA+$ZC@dzpQ*k<6ZcdE#D>IT~F8jS#JC-+rBz&I47~OSZYkTJ{pFy zAezLfufO$DIc^Hv7#v%)R(H(FWz5tGuaW$YBBs6ljG24Q^?aCgNzAz@z;Eg>q;DT% z-ozfYgG*xuMW-$QEG27^|C_sU=P-Z8deSB@{VwR8x&3n-o{yAVO+$ds5Em!7Fd;z@ s5CjB)IuV!*o~U=a-i=@GyVun7|4ZPA4p241ssI2007*qoM6N<$f@KiQ#sB~S literal 0 HcmV?d00001 diff --git a/terraform/aws-vpc.tf b/terraform/aws-vpc.tf new file mode 100644 index 0000000..ab2c54a --- /dev/null +++ b/terraform/aws-vpc.tf @@ -0,0 +1,15 @@ +/* Setup our aws provider */ +provider "aws" { + access_key = "${var.access_key}" + secret_key = "${var.secret_key}" + region = "${var.region}" +} + +/* Define our vpc */ +resource "aws_vpc" "default" { + cidr_block = "${var.vpc_cidr}" + enable_dns_hostnames = true + tags { + Name = "airpair-example" + } +} diff --git a/terraform/bin/ovpn-client-config b/terraform/bin/ovpn-client-config new file mode 100755 index 0000000..4bd5dd7 --- /dev/null +++ b/terraform/bin/ovpn-client-config @@ -0,0 +1 @@ +ssh -t -i ssh/insecure-deployer "ubuntu@$(terraform output nat.ip)" sudo docker run --volumes-from ovpn-data --rm gosuri/openvpn ovpn_getclient "${1}" > "${1}-airpair-example.ovpn" diff --git a/terraform/bin/ovpn-init b/terraform/bin/ovpn-init new file mode 100755 index 0000000..a497db5 --- /dev/null +++ b/terraform/bin/ovpn-init @@ -0,0 +1 @@ +ssh -t -i ssh/insecure-deployer ubuntu@54.153.64.109 sudo docker run --volumes-from ovpn-data --rm -it gosuri/openvpn ovpn_initpki diff --git a/terraform/bin/ovpn-new-client b/terraform/bin/ovpn-new-client new file mode 100755 index 0000000..1a8ba1e --- /dev/null +++ b/terraform/bin/ovpn-new-client @@ -0,0 +1 @@ +ssh -t -i ssh/insecure-deployer "ubuntu@$(terraform output nat.ip)" sudo docker run --volumes-from ovpn-data --rm -it gosuri/openvpn easyrsa build-client-full "${1}" nopass diff --git a/terraform/bin/ovpn-start b/terraform/bin/ovpn-start new file mode 100755 index 0000000..6e416ac --- /dev/null +++ b/terraform/bin/ovpn-start @@ -0,0 +1 @@ +ssh -t -i ssh/insecure-deployer "ubuntu@$(terraform output nat.ip)" sudo docker run --volumes-from ovpn-data -d -p 1194:1194/udp --cap-add=NET_ADMIN gosuri/openvpn diff --git a/terraform/cloud-config/app.yml b/terraform/cloud-config/app.yml new file mode 100644 index 0000000..af0fcb9 --- /dev/null +++ b/terraform/cloud-config/app.yml @@ -0,0 +1,8 @@ +#cloud-config +# Cloud config for application servers + +runcmd: + # Install docker + - curl -sSL https://get.docker.com/ubuntu/ | sudo sh + # Run nginx + - docker run -d -p 80:80 dockerfile/nginx diff --git a/terraform/key-pairs.tf b/terraform/key-pairs.tf new file mode 100644 index 0000000..11dd553 --- /dev/null +++ b/terraform/key-pairs.tf @@ -0,0 +1,5 @@ +resource "aws_key_pair" "deployer" { + key_name = "deployer-airpair-example" + public_key = "${file(\"ssh/insecure-deployer.pub\")}" +} + diff --git a/terraform/nat-server.tf b/terraform/nat-server.tf new file mode 100644 index 0000000..dfffec9 --- /dev/null +++ b/terraform/nat-server.tf @@ -0,0 +1,29 @@ +/* NAT/VPN server */ +resource "aws_instance" "nat" { + ami = "${lookup(var.amis, var.region)}" + instance_type = "t2.micro" + subnet_id = "${aws_subnet.public.id}" + security_groups = ["${aws_security_group.default.id}", "${aws_security_group.nat.id}"] + key_name = "${aws_key_pair.deployer.key_name}" + source_dest_check = false + tags = { + Name = "nat" + } + connection { + user = "ubuntu" + key_file = "ssh/insecure-deployer" + } + provisioner "remote-exec" { + inline = [ + "sudo iptables -t nat -A POSTROUTING -j MASQUERADE", + "echo 1 > /proc/sys/net/ipv4/conf/all/forwarding", + /* Install docker */ + "curl -sSL https://get.docker.com/ubuntu/ | sudo sh", + /* Initialize open vpn data container */ + "sudo mkdir -p /etc/openvpn", + "sudo docker run --name ovpn-data -v /etc/openvpn busybox", + /* Generate OpenVPN server config */ + "sudo docker run --volumes-from ovpn-data --rm gosuri/openvpn ovpn_genconfig -p ${var.vpc_cidr} -u udp://${aws_instance.nat.public_ip}" + ] + } +} diff --git a/terraform/outputs.tf b/terraform/outputs.tf new file mode 100644 index 0000000..6774034 --- /dev/null +++ b/terraform/outputs.tf @@ -0,0 +1,15 @@ +output "app.0.ip" { + value = "${aws_instance.app.0.private_ip}" +} + +output "app.1.ip" { + value = "${aws_instance.app.1.private_ip}" +} + +output "nat.ip" { + value = "${aws_instance.nat.public_ip}" +} + +output "elb.hostname" { + value = "${aws_elb.app.dns_name}" +} diff --git a/terraform/private-subnet.tf b/terraform/private-subnet.tf new file mode 100644 index 0000000..869c64b --- /dev/null +++ b/terraform/private-subnet.tf @@ -0,0 +1,26 @@ +/* Private subnet */ +resource "aws_subnet" "private" { + vpc_id = "${aws_vpc.default.id}" + cidr_block = "${var.private_subnet_cidr}" + availability_zone = "us-west-1a" + map_public_ip_on_launch = false + depends_on = ["aws_instance.nat"] + tags { + Name = "private" + } +} + +/* Routing table for private subnet */ +resource "aws_route_table" "private" { + vpc_id = "${aws_vpc.default.id}" + route { + cidr_block = "0.0.0.0/0" + instance_id = "${aws_instance.nat.id}" + } +} + +/* Associate the routing table to public subnet */ +resource "aws_route_table_association" "private" { + subnet_id = "${aws_subnet.private.id}" + route_table_id = "${aws_route_table.private.id}" +} diff --git a/terraform/public-subnet.tf b/terraform/public-subnet.tf new file mode 100644 index 0000000..1008258 --- /dev/null +++ b/terraform/public-subnet.tf @@ -0,0 +1,31 @@ +/* Internet gateway for the public subnet */ +resource "aws_internet_gateway" "default" { + vpc_id = "${aws_vpc.default.id}" +} + +/* Public subnet */ +resource "aws_subnet" "public" { + vpc_id = "${aws_vpc.default.id}" + cidr_block = "${var.public_subnet_cidr}" + availability_zone = "us-west-1a" + map_public_ip_on_launch = true + depends_on = ["aws_internet_gateway.default"] + tags { + Name = "public" + } +} + +/* Routing table for public subnet */ +resource "aws_route_table" "public" { + vpc_id = "${aws_vpc.default.id}" + route { + cidr_block = "0.0.0.0/0" + gateway_id = "${aws_internet_gateway.default.id}" + } +} + +/* Associate the routing table to public subnet */ +resource "aws_route_table_association" "public" { + subnet_id = "${aws_subnet.public.id}" + route_table_id = "${aws_route_table.public.id}" +} diff --git a/terraform/security-groups.tf b/terraform/security-groups.tf new file mode 100644 index 0000000..58f68c0 --- /dev/null +++ b/terraform/security-groups.tf @@ -0,0 +1,68 @@ +/* Default security group */ +resource "aws_security_group" "default" { + name = "default-airpair-example" + description = "Default security group that allows inbound and outbound traffic from all instances in the VPC" + vpc_id = "${aws_vpc.default.id}" + + ingress { + from_port = "0" + to_port = "0" + protocol = "-1" + self = true + } + + tags { + Name = "airpair-example-default-vpc" + } +} + + +/* Security group for the nat server */ +resource "aws_security_group" "nat" { + name = "nat-airpair-example" + description = "Security group for nat instances that allows SSH and VPN traffic from internet" + vpc_id = "${aws_vpc.default.id}" + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 1194 + to_port = 1194 + protocol = "udp" + cidr_blocks = ["0.0.0.0/0"] + } + + tags { + Name = "nat-airpair-example" + } +} + +/* Security group for the web */ +resource "aws_security_group" "web" { + name = "web-airpair-example" + description = "Security group for web that allows web traffic from internet" + vpc_id = "${aws_vpc.default.id}" + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + tags { + Name = "web-airpair-example" + } +} diff --git a/terraform/ssh/insecure-deployer b/terraform/ssh/insecure-deployer new file mode 100644 index 0000000..6fd68fe --- /dev/null +++ b/terraform/ssh/insecure-deployer @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA4nE0/9qcJ0MP7GB0lBxWpXnRhKfY1xnykwV6zNxb84ulkL0F +SSt0UIps9aiR/irO7pj2ZIy+aqWGTzv4uIMD3zAYrpQneten8jDUvs5yA8DuQM74 +QiggfM54ErWDfxTGb6IB/tvQoQit+0NyyOXPo9XHkHlkO0oIpXUKHqt278yzaUpo +1+eh0x3YgE8KmxIsB3jKw8ohlkxbKyNYdOVXyOdr0gS2Zk/hGS/p3hpguSa/4hsP +mPQi5YJzEY+ogSvqurJP7YULxNfEZH50JZE9Ooa8jAL5I8GdwUHa4RJS2P7ilYuf +Y475MLOyLdDfJQQpaT1arkRxRCyX38XJ+8aKcQIDAQABAoIBAEecsbwwcK3iAYkp +v/SPOb+/VMl1I5hzNknUs89R6SqOgV/Sx3cqbPCDto3CL9mHxEWkzldiQ14K1vz7 +5F7F4FWXKlcbt5ib1xs64i0tsNULEM4iJlUVx6Bw03xnNxzbfx4SyDrHXaVvz0Xl +QMnUE+SmWSSRn2c4tJ9O8lJcu5J+O/0a1xkJe6hE6p4R+lzCvjMaVOc6e7IceOvk +OXuItY2zhLOUCrCaQuSeC9WVf0Y3zxyfiG8m8Dy/io4DIcOdgrgKMQlh6E/OxLC7 +DR2tKnwElbRdHFwufeq1+kObcfcG3EbWZS2dkJL6YaVXrTtBevqBoolcpcKXRBua +HC26K3kCgYEA8dFNLaoPh4DTbJz8e0/eCAfD+Pm68Q8sK/FuIdgZPzlnB+NiD+Y1 +y5RdwhDJ558pkBsfZ8wNj/2Ld0Jkr/lezQ5DI0aIIsTx96fglL//4/8uhaRCnesr +mvMfFsUS8tXbTL534UNDTeoAQf0oqn1M5Wfy+4SATkiHpkPUTK64npMCgYEA77kO +fwpc8sydPZT01IclFZ+aokpTiDeUQJyuAfkJcgfeCRWumnyVECwM60JElIaSOtB2 +DBAApLJDOf4umt8DQuguJGHIS8RMzmXpUX3+7ic5ESvychSO3tjbu2s/znRrAtWv +eM8DPJlL/3jyeziK2KUQzNuqHDlELCUq1BXpkWsCgYAcWUAmAVDOvuCKVCEZR7Ss +1lQ4JPaweengwO37U70p903H0/VUDdXyptMTBCrXV4Zk2XkmDvrsDXpDIepx4tcl +TO27/fHJubLwKKMgbR3PmcPXcPlKUB6NjMDxR2tAQqfx6EZfhyYlxTAAjHAvBH92 +SWhn6hGsm74jVMJXtwf3twKBgQCn8vP4B2+lX7tOOLzq5SATLTWuO/qX9bB1MBAt +K6f1bxOdM8aXT28z3FjUviHEGR/7+q6pttBsksPMrotCT7o+NuKU9LjadFYHSJkV +Ufu4KFyv7iU2zbZm5HHVtccHQsLyQnlkX0x6OUBoZPklYTDNpZ/GlqNwkKJ1dzix +TATOrwKBgG3JFEG1Bxlpn7wJzrRtcbrERXpzul04KLEuokZYfQD+hcy4G2dJWpoT +arwtA7tEvcSI+YIWDKgjlVe6SqWrFStYdPo4BtVyafUusypmfdtjKUqp63SlnPmz +ARIVPJZg6wC9FsoZguPlO3avsLpxf2N252UbRJ2jhFUjUUjM63wy +-----END RSA PRIVATE KEY----- diff --git a/terraform/ssh/insecure-deployer.pub b/terraform/ssh/insecure-deployer.pub new file mode 100644 index 0000000..b0772f4 --- /dev/null +++ b/terraform/ssh/insecure-deployer.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDicTT/2pwnQw/sYHSUHFaledGEp9jXGfKTBXrM3Fvzi6WQvQVJK3RQimz1qJH+Ks7umPZkjL5qpYZPO/i4gwPfMBiulCd616fyMNS+znIDwO5AzvhCKCB8zngStYN/FMZvogH+29ChCK37Q3LI5c+j1ceQeWQ7SgildQoeq3bvzLNpSmjX56HTHdiATwqbEiwHeMrDyiGWTFsrI1h05VfI52vSBLZmT+EZL+neGmC5Jr/iGw+Y9CLlgnMRj6iBK+q6sk/thQvE18RkfnQlkT06hryMAvkjwZ3BQdrhElLY/uKVi59jjvkws7It0N8lBClpPVquRHFELJffxcn7xopx insecure-deployer diff --git a/terraform/variables.tf b/terraform/variables.tf new file mode 100644 index 0000000..92a3604 --- /dev/null +++ b/terraform/variables.tf @@ -0,0 +1,36 @@ +variable "access_key" { + description = "AWS access key" +} + +variable "secret_key" { + description = "AWS secert access key" +} + +variable "region" { + description = "AWS region" + default = "us-west-1" +} + +variable "vpc_cidr" { + description = "CIDR for VPC" + default = "10.128.0.0/16" +} + +variable "public_subnet_cidr" { + description = "CIDR for public subnet" + default = "10.128.0.0/24" +} + +variable "private_subnet_cidr" { + description = "CIDR for private subnet" + default = "10.128.1.0/24" +} + +/* Ubuntu 14.04 amis by region */ +variable "amis" { + description = "Base AMI to launch the instances with" + default = { + us-west-1 = "ami-049d8641" + us-east-1 = "ami-a6b8e7ce" + } +} From 7593b55d29f50ee05a1ad04b603d3a609c7d971b Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 17:12:07 -0800 Subject: [PATCH 15/30] spelling/grammer fixes --- post.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/post.md b/post.md index 5016556..49c87e6 100644 --- a/post.md +++ b/post.md @@ -18,12 +18,12 @@ I kept the scope limited to building a private network and did not cover applica As you walk thru various sections of this guide, you will be creating real aws resources that cost money. I did my best to keep the utilization footprint to the lowest possible configuration and I estimate less than hour to complete all the steps in this guide at $0.079/hr -By the end, to demonstrate the disposable nature of infstrasture-as-code, we will be destroying all the infrastructure components that were created during the course of this tutorial. +By the end, to demonstrate the disposable nature of infrastructure-as-code, we will be destroying all the infrastructure components that were created during the course of this tutorial. Please have the below ready before we begin: - AWS access and secret keys to an active AWS account. -- A unix/linux workstation with internet connection, almost all commands will work on Windows too with a shell emulator like cygwin. +- A unix/linux workstation with internet connection, almost all commands will work on Windows too with a shell emulator like Cygwin. The Private Network ------------------- @@ -124,7 +124,7 @@ variable "access_key" { } variable "secret_key" { - description = "AWS secert access key" + description = "AWS secret access key" } variable "region" { @@ -205,7 +205,7 @@ var.access_key ... var.secret_key - AWS secert access key + AWS secret access key Enter a value: bar @@ -496,7 +496,7 @@ Terraform provides a set of [provisioning options](https://www.terraform.io/docs Create private subnet and configure routing ------------------------------------------- -Create a private subnet with a CIDR range of 10.128.1.0/24 and configure the routing table to route all traffic via the nat. Append 'main.tf' with the below config: +Create a private subnet with a CIDR range of 10.128.1.0/24 and configure the routing table to route all traffic via the nat. Create ‘private-subnets.tf' file with the below config: ``` /* Private subnet */ @@ -536,7 +536,7 @@ Adding app instances and a load balancer Lets add two app servers running nginx containers in the private subnet and configure a load balancer in the public subnet. -The app servers are not accessible directly from the internet and can be accessed via the VPN. Since we haven't configured our VPN yet to access the instances, we will provision the instances using by bootrapping `cloud-init` yaml file via the ```user_data``` parameter. +The app servers are not accessible directly from the internet and can be accessed via the VPN. Since we haven't configured our VPN yet to access the instances, we will provision the instances using by bootstrapping `cloud-init` yaml file via the ```user_data``` parameter. `cloud-init` is a defacto multi-distribution package that handles early initialization of a cloud instance. You can see various examples [in the documentation](http://cloudinit.readthedocs.org/en/latest/topics/examples.html) @@ -593,7 +593,7 @@ You read more about using count in resources at [terraform variable documentatio Run ```terraform plan``` and ```terraform apply``` -Allowing generated configuration to be easily accessable to other programs +Allowing generated configuration to be easily accessible to other programs -------------------------------------------------------------------------- Terraform allows for defining output to templates, output variables can be accessed by running ```terraform output VARIABLE```. @@ -624,7 +624,7 @@ Since we are not changing any values, run `terraform apply` to populate outputs $ open "http://$(terraform output elb.hostname)" ``` -The above command will open a web browser. If you get an connection error, it is likely the DNS has not propogated in time and you should try again after a few minutes. +The above command will open a web browser. If you get an connection error, it is likely the DNS has not propagated in time and you should try again after a few minutes. Configure OpenVPN server and generate client config --------------------------------------------------- @@ -709,7 +709,7 @@ $ ssh -t -i ssh/insecure-deployer "ubuntu@$(terraform output app.1.ip)" Teardown infrastructure ----------------------- -Destroy our infructure by running `destroy` command and answering with `yes` for confimation, make sure to disconnect from the VPN to be retain internet connection: +Destroy our infrastructure by running `destroy` command and answering with `yes` for confirmation, make sure to disconnect from the VPN to be retain internet connection: ```sh $ terraform destroy @@ -728,8 +728,8 @@ Apply complete! Resources: 0 added, 0 changed, 16 destroyed. Conclusion ---------- -There is a lot more to Terraform than what was convered in this post, checkout [terraform.io](https://terraform.io) and the [github project](http://github.com/hashicorp/terraform) to see more this amazing tool. +There is a lot more to Terraform than what is covered in this post, checkout [terraform.io](https://terraform.io) and the [github project](http://github.com/hashicorp/terraform) to see more of this awesome tool. -I hope you found this guide useful, I gave my best to keep the it accurate and updated, if there is any part of the guide that you felt could use imporovement, please leave a comment and I will attend to it promptly. +I hope you found this guide useful, I gave my best to keep the it accurate and updated, if there is any part of the guide that you felt could use improvement, please leave a comment and I will attend to it promptly. -I'm hoping to continue to write more guides on various topics that I think will be useful. If you have a recomendation for topic or want simply want stay connected, I'm on twitter [@kn0tch](https://twitter.com/kn0tch). I'm usually active and always looking foward to a good conversation, come say hi! +I'm hoping to continue to write more guides on various topics that I think will be useful. If you have a recommendation for topic or want simply want stay connected, I'm on twitter [@kn0tch](https://twitter.com/kn0tch). I'm usually active and always looking forward to a good conversation, come say hi! From 680291ab734934db4675cca856fdd94b1d0746f2 Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 17:18:56 -0800 Subject: [PATCH 16/30] added gitub repo info --- post.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/post.md b/post.md index 49c87e6..59e4e42 100644 --- a/post.md +++ b/post.md @@ -16,10 +16,12 @@ This is a technical guide and the reader is expected to have a basic linux comma I kept the scope limited to building a private network and did not cover application and OS level security which are also equally important. -As you walk thru various sections of this guide, you will be creating real aws resources that cost money. I did my best to keep the utilization footprint to the lowest possible configuration and I estimate less than hour to complete all the steps in this guide at $0.079/hr +As you walk thru various sections of this guide, you will be creating real aws resources that cost money. I did my best to keep the utilization footprint to the lowest possible configuration and I estimate less than hour to complete all the steps in this guide at $0.079/hr. By the end, to demonstrate the disposable nature of infrastructure-as-code, we will be destroying all the infrastructure components that were created during the course of this tutorial. +I have uploaded all the source code you will be writing to a [github repo](https://github.com/airpair/ntiered-aws-docker-terraform-guide/tree/master/terraform), its avaiable for reference incase you feel like you are lost. + Please have the below ready before we begin: - AWS access and secret keys to an active AWS account. From 08d84c463159ee8852b80a83d4dd96ae505898e4 Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 19:34:22 -0800 Subject: [PATCH 17/30] spelling --- post.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/post.md b/post.md index 59e4e42..9f2a98e 100644 --- a/post.md +++ b/post.md @@ -1,6 +1,6 @@ Data is a crucial part of our infrastructure and particularly vulnerable while it is traveling over the Internet. Securing its transportation is a fundamental requirement for a secure network. -While there are serval transport level protocols available for encrypting the transit, communicating privately in a closed network is the most common and efficient way to keep data secure. +While there are several transport level protocols available for encrypting the transmission, communicating privately in a closed network is the most common and efficient way to keep data secure. I wrote this guide in an attempt to help the reader build such a network on AWS along with a secure way to access it’s resources using a VPN. From 570b8567c7269cb0d09442a443158fe6e92a5073 Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 22:25:09 -0800 Subject: [PATCH 18/30] grammer: fixes till private network --- post.md | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/post.md b/post.md index 9f2a98e..94f4a32 100644 --- a/post.md +++ b/post.md @@ -1,44 +1,44 @@ -Data is a crucial part of our infrastructure and particularly vulnerable while it is traveling over the Internet. Securing its transportation is a fundamental requirement for a secure network. +Data, a crucial part of any infrastructure, is particularly vulnerable while traveling over the Internet. Securing its transportation is a fundamental requirement for establishing a trusted network. While there are several transport level protocols available for encrypting the transmission, communicating privately in a closed network is the most common and efficient way to keep data secure. -I wrote this guide in an attempt to help the reader build such a network on AWS along with a secure way to access it’s resources using a VPN. +I wrote this guide in an attempt to help the reader to build a closed private network on AWS and to establish a secure way to access network resources, using a trusted VPN. Before we begin --------------- -This is a technical guide and the reader is expected to have a basic linux command line knowledge. The audience this guide is intended for: +This is a technical guide, best accessible to a reader with basic linux command line knowledge. The Audience this guide is intended for includes: -- Application developers with little or no systems administration experience and wanting to deploy applications on AWS. -- System administrators with little or no experience with infrastructure automation and wanting to learn more. -- Infrastructure automation engineers that want to explore cloud provider resource automation. -- Any one that wants to get a feel for the current state of cloud automation tooling. +- Application developers with little or no systems administration experience, wanting to deploy applications on AWS +- System administrators with little or no experience with infrastructure automation, wanting to learn more +- Infrastructure automation engineers that want to explore cloud resource automation +- Anyone who wants to get a feel for the current state of cloud automation tooling -I kept the scope limited to building a private network and did not cover application and OS level security which are also equally important. +I kept the scope limited to building a private network and did not cover application and OS level security, which are equally important. -As you walk thru various sections of this guide, you will be creating real aws resources that cost money. I did my best to keep the utilization footprint to the lowest possible configuration and I estimate less than hour to complete all the steps in this guide at $0.079/hr. +As you follow the various steps in this guide, you will be creating real AWS resources, which cost money. I did my best to keep the utilization footprint minimal, using the least possible configuration. I estimate less than hour to complete all the steps in this guide, at $0.079/hr. -By the end, to demonstrate the disposable nature of infrastructure-as-code, we will be destroying all the infrastructure components that were created during the course of this tutorial. +By the end, to demonstrate the disposable nature of infrastructure-as-code, you will be destroying all infrastructure components that were created during the course of this tutorial. -I have uploaded all the source code you will be writing to a [github repo](https://github.com/airpair/ntiered-aws-docker-terraform-guide/tree/master/terraform), its avaiable for reference incase you feel like you are lost. +I have uploaded the source code you will be writing to a [github repo](https://github.com/airpair/ntiered-aws-docker-terraform-guide/tree/master/terraform), it is available for reference in case you feel lost. Please have the below ready before we begin: - AWS access and secret keys to an active AWS account. -- A unix/linux workstation with internet connection, almost all commands will work on Windows too with a shell emulator like Cygwin. +- A Unix flavored workstation with internet connection; most commands will work on Windows with a shell emulator like Cygwin. The Private Network ------------------- -During the course of this tutorial, we will essentially be building a Virtual Private Cloud (VPC) on AWS along with a public and a private subnet (sub-networks) pair. +During the course of this tutorial, we will be building a Virtual Private Cloud (VPC) on AWS along with a public-private subnet (sub-networks) pair. -Instances in the private subnet cannot directly access the internet thereby making the subnet an ideal place for application and database servers. +Instances in the private subnet cannot directly access the internet, making them an ideal for hosting critical resources such as application and database servers. -We will also be building two application instances that reside in the private subnet. The private subnet will also be where you should be hosting application support instances like database instances, cache servers, log hosts, build servers, configuration stores etc. Instances in the private subnet rely on a Network Address Translation (NAT) server running in the public subnet to connect to the internet. +In the private subnet, we will be building two application server instances. The private subnet will also be where you should host application support instances like database servers, cache servers, log hosts, build servers and configuration stores. Instances in the private subnet rely on a Network Address Translation (NAT) server, running in the public subnet to connect to the internet. -All Instances in the public subnet can transmit inbound and outbound traffic to and from the internet, the routing resources such as load balancers, vpn and nat servers reside in this subnet. +All Instances in the public subnet can transmit inbound and outbound traffic to and from the internet. The routing resources such as load balancers, VPN and NAT servers reside in this subnet. -The NAT server we will be building will also run an OpenVPN server. Its a full-featured SSL VPN which implements OSI layer 3 secure network extension using the industry standard SSL/TLS protocol over a UDP encapsulated network. +The NAT server we are building will also run an OpenVPN server. OpenVPN is a full-featured SSL VPN, which implements OSI layer 3 secure network extension using the industry standard SSL/TLS protocol. It provides an encrypted UDP encapsulated tunnel to connect with instances in the private network from your workstation. In the later part of this guide, we will connect to our private network using via this VPN server using a compatible OpenVPN client. On a Mac, [Viscosity](https://www.sparklabs.com/viscosity) is a good commercial client and my personal favorite. [Tunnelblick](https://code.google.com/p/tunnelblick/) is free and open-source client that’s compatible too. From ea4fd493ca3e7f08a90fa57e1e34adb5cd41a389 Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Tue, 3 Mar 2015 22:45:05 -0800 Subject: [PATCH 19/30] fixing source code link --- post.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/post.md b/post.md index 94f4a32..5b0fe95 100644 --- a/post.md +++ b/post.md @@ -20,7 +20,7 @@ As you follow the various steps in this guide, you will be creating real AWS res By the end, to demonstrate the disposable nature of infrastructure-as-code, you will be destroying all infrastructure components that were created during the course of this tutorial. -I have uploaded the source code you will be writing to a [github repo](https://github.com/airpair/ntiered-aws-docker-terraform-guide/tree/master/terraform), it is available for reference in case you feel lost. +I have uploaded the source code you will be writing to a [github repo](https://github.com/airpair/ntiered-aws-docker-terraform-guide/tree/edit/terraform), it is available for reference in case you feel lost. Please have the below ready before we begin: @@ -34,13 +34,13 @@ During the course of this tutorial, we will be building a Virtual Private Cloud Instances in the private subnet cannot directly access the internet, making them an ideal for hosting critical resources such as application and database servers. -In the private subnet, we will be building two application server instances. The private subnet will also be where you should host application support instances like database servers, cache servers, log hosts, build servers and configuration stores. Instances in the private subnet rely on a Network Address Translation (NAT) server, running in the public subnet to connect to the internet. +In the private subnet, we will be building two application server instances. The private subnet will also be where you should host application support instances like database servers, cache servers, log hosts, build servers and configuration stores. Instances in the private subnet rely on a Network Address Translation (NAT) server, running in the public subnet for internet connectivity. All Instances in the public subnet can transmit inbound and outbound traffic to and from the internet. The routing resources such as load balancers, VPN and NAT servers reside in this subnet. The NAT server we are building will also run an OpenVPN server. OpenVPN is a full-featured SSL VPN, which implements OSI layer 3 secure network extension using the industry standard SSL/TLS protocol. It provides an encrypted UDP encapsulated tunnel to connect with instances in the private network from your workstation. -In the later part of this guide, we will connect to our private network using via this VPN server using a compatible OpenVPN client. On a Mac, [Viscosity](https://www.sparklabs.com/viscosity) is a good commercial client and my personal favorite. [Tunnelblick](https://code.google.com/p/tunnelblick/) is free and open-source client that’s compatible too. +In the later part of this guide, we will connect to our private network using via this VPN server and a compatible OpenVPN client. On a Mac, [Viscosity](https://www.sparklabs.com/viscosity) is a good commercial client and my personal favorite. [Tunnelblick](https://code.google.com/p/tunnelblick/) is free and open-source client that’s compatible too. For other operating systems, see [openvpn clients page](https://openvpn.net/index.php/access-server/docs/admin-guides/182-how-to-connect-to-access-server-with-linux-clients.html) for a list. @@ -49,13 +49,13 @@ To summarize, we will be building the below components: - VPC - Internet Gateway for public subnet - Public subnet for routing instances -- Private subnet for application resources +- Private subnet for internal resources - Routing tables for public and private subnets - NAT/VPN server to route outbound traffic from your instances in private network and provide your workstation secure access to network resources. - Application servers running nginx docker containers in a private subnet - Load balancers in the public subnet to manage and route web traffic to app servers -Although all the above mentioned components can be built and managed using the native AWS web console, building it such way leaves your infrastructure vulnerable to operationally changes and surprises. +Although all the above mentioned components can be built and managed using the native AWS web console, building it such way leaves your infrastructure vulnerable to operationally changes and surprises. Automating the building, changing, and versioning your infrastructure safely and efficiently increases your operational readiness exponentially. It allows you move at an higher velocity as you grow and evolve your infrastructure. From bbc55f385b10b386025b6422ec5eadcad63e6164 Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Wed, 4 Mar 2015 00:43:08 -0800 Subject: [PATCH 20/30] grammar fixes --- post.md | 190 +++++++++++++++++++++++++++++--------------------------- 1 file changed, 100 insertions(+), 90 deletions(-) diff --git a/post.md b/post.md index 5b0fe95..2617acc 100644 --- a/post.md +++ b/post.md @@ -34,15 +34,15 @@ During the course of this tutorial, we will be building a Virtual Private Cloud Instances in the private subnet cannot directly access the internet, making them an ideal for hosting critical resources such as application and database servers. -In the private subnet, we will be building two application server instances. The private subnet will also be where you should host application support instances like database servers, cache servers, log hosts, build servers and configuration stores. Instances in the private subnet rely on a Network Address Translation (NAT) server, running in the public subnet for internet connectivity. +In the private subnet, we will be building two application server instances. In the future, the private subnet is where you will host application support instances like database servers, cache servers, log hosts, build servers and configuration stores. Instances in the private subnet rely on a Network Address Translation (NAT) server, running in the public subnet for internet connectivity. All Instances in the public subnet can transmit inbound and outbound traffic to and from the internet. The routing resources such as load balancers, VPN and NAT servers reside in this subnet. The NAT server we are building will also run an OpenVPN server. OpenVPN is a full-featured SSL VPN, which implements OSI layer 3 secure network extension using the industry standard SSL/TLS protocol. It provides an encrypted UDP encapsulated tunnel to connect with instances in the private network from your workstation. -In the later part of this guide, we will connect to our private network using via this VPN server and a compatible OpenVPN client. On a Mac, [Viscosity](https://www.sparklabs.com/viscosity) is a good commercial client and my personal favorite. [Tunnelblick](https://code.google.com/p/tunnelblick/) is free and open-source client that’s compatible too. +In the later part of this guide, we will connect to the private network using via this VPN server and a compatible OpenVPN client. For a Mac, [Viscosity](https://www.sparklabs.com/viscosity) is a good commercial client; my personal favorite. Additionally, you could use [Tunnelblick](https://code.google.com/p/tunnelblick/), which is a free and open-source client. -For other operating systems, see [openvpn clients page](https://openvpn.net/index.php/access-server/docs/admin-guides/182-how-to-connect-to-access-server-with-linux-clients.html) for a list. +For other operating systems, see [OpenVPN clients page](https://openvpn.net/index.php/access-server/docs/admin-guides/182-how-to-connect-to-access-server-with-linux-clients.html) for a list. To summarize, we will be building the below components: @@ -55,27 +55,29 @@ To summarize, we will be building the below components: - Application servers running nginx docker containers in a private subnet - Load balancers in the public subnet to manage and route web traffic to app servers -Although all the above mentioned components can be built and managed using the native AWS web console, building it such way leaves your infrastructure vulnerable to operationally changes and surprises. +Although, the above mentioned components can be built and managed using the native AWS web console, building it in such way leaves your infrastructure vulnerable to operationally changes and surprises. -Automating the building, changing, and versioning your infrastructure safely and efficiently increases your operational readiness exponentially. It allows you move at an higher velocity as you grow and evolve your infrastructure. +Automating the building, changing, and versioning of your infrastructure safely and efficiently increases your operational readiness, exponentially. This allows you move at a higher velocity as you grow and evolve your infrastructure. -Infrastructure as code lays the foundation for agility that aligns with your product develop efforts opens a path way to easily scale to many types of clouds to manage heterogeneous information systems. +Infrastructure as code lays the foundation for agility that aligns with your agile product develop efforts and opens a pathway to easily scale to many types of clouds and manage heterogeneous information systems. The Terraform Way ----------------- -[Terraform](https://www.terraform.io) is an automation tool for the cloud from [Hashicorp](https://hashicorp.com) (Creators of [Vagrant](https://www.vagrantup.com), [Consul](https://www.consul.io) and many more sysadmin favorites). +[Terraform](https://www.terraform.io) is an automation tool for the cloud, from [Hashicorp](https://hashicorp.com) (Creators of [Vagrant](https://www.vagrantup.com), [Consul](https://www.consul.io) and many more automation favorites). -It provides powerful primitives to elegantly define your infrastructure as code. It’s simple yet powerful syntax to describe infrastructure components allow you to build complex, version controlled, collaborative, heterogeneous and disposable systems at a very high productivity. +It provides powerful primitives to elegantly define your infrastructure as code. Its simple yet powerful syntax to describe infrastructure components allows you to build complex, version controlled, collaborative, heterogeneous and disposable systems with a very high productivity. -In simple terms, terraforming begins with you describing the desired state of your infrastructure in a configuration file, it then generates an execution plan describing what it will do to reach that desired state. You can then choose to execute (or modify) the plan to build, remove or modify desired components. +In simple terms, “terraforming” begins with you describing the desired state of your infrastructure in a configuration file. You then generate an execution ‘plan’ which describes various resources that will be created, modified and destroyed to reach the desired state. -Preparing your workstation +You can then choose to ‘apply’ this plan, which will create actual resources. + +Preparing your Workstation -------------------------- You can install terraform using [Homebrew](http://brew.sh) on a Mac using ```brew update && brew install terraform```. -Alternative, find the [appropriate package](https://www.terraform.io/downloads.html) for your system and download it. Terraform is packaged as a zip archive. After downloading Terraform, unzip the contents of the zip archive to directory that is in your `PATH`, ideally under `/usr/local/bin`. You can verify terraform is properly installed by running `terraform`, it should return something like: +Alternatively, find the [appropriate package](https://www.terraform.io/downloads.html) for your system and download it. Terraform is packaged as a zip archive. After downloading Terraform, unzip the contents of the zip archive to a directory that is in your `PATH`, ideally under `/usr/local/bin`. You can verify that Terraform is properly installed by running `terraform`. It should return something like: ```sh usage: terraform [--version] [--help] [] @@ -96,10 +98,10 @@ Available commands are: version Prints the Terraform version ``` -Your project directory ----------------------- +The Project Directory +--------------------- -Create a directory to host your project files. For our example, we will use `$HOME/infrastructure`, with the below structure: +Create a directory to host your project files. For our example, we will use `$HOME/terraform`, with the below structure: ```sh . @@ -109,15 +111,16 @@ Create a directory to host your project files. For our example, we will use `$HO ``` ```sh -$ mkdir -p $HOME/infrastructure -$ cd $HOME/infrastructure +$ mkdir -p $HOME/terraform +$ cd $HOME/terraform $ mkdir -p cloud-config ssh bin ``` -Defining variables for your infrastructure ------------------------------------------- +Variables for your Infrastructure +--------------------------------- + +Configurations can be defined in any file with a `.tf` extension using terraform syntax or as json files. It is a general practice to start with a `variables.tf` file that defines all of the variables that can be easily changed to tune your infrastructure. -Configurations can be defined in any file with '.tf' extension using terraform syntax or as json files. Its a general practice to start with a `variables.tf` that defines all variables that can be easily changed to tune your infrastructure. Create a file called `variables.tf` with the below contents: ``` @@ -159,12 +162,12 @@ variable "amis" { } ``` -The `variable` block defines a single input variable your configuration will require to provision your infrastructure, `description` parameter is used to describe what the variable is for and the `default` parameter gives it a default value, our example requires that you provide ```access_key``` and ```secret_key``` variables and optionally provide ```region```, region will otherwise default to `us-west-1` when not provided. +The `variable` block defines a single input variable that your configuration will require to provision your infrastructure. The `description` parameter is used to describe what the variable is for and the `default` parameter gives it a default value. Our example requires that you provide ```access_key``` and ```secret_key``` variables and optionally provide ```region```, region will otherwise default to `us-west-1` when not provided. -Variables can also have multiple default values with keys to access them, such variables are called maps. Values in maps can be accessed using interpolation syntax which will be covered in the coming sections of the guide. +Variables can also have multiple default values with keys to access them; such variables are called “maps”. Values in maps can be accessed using interpolation syntax which will be covered in upcoming sections of this guide. -Creating your first terraform resource - VPC ---------------------------------------------- +The first terraform resource: VPC +--------------------------------- Create a `aws-vpc.tf` file under the current directory with the below configuration: @@ -186,16 +189,17 @@ resource "aws_vpc" "default" { } ``` -The `provider` block defines the configuration for the cloud providers, aws in our case. Terraform has support for various other providers like Google Compute Cloud, DigitalOcean, Heroku etc. You can see a full list of supported providers on the [terraform providers page](https://www.terraform.io/docs/providers/index.html). +The `provider` block defines the configuration for the cloud providers, which is `aws` in our case. Terraform has support for various other providers like Google Compute Cloud, DigitalOcean, and Heroku. You can see a full list of supported providers on the [Terraform providers page](https://www.terraform.io/docs/providers/index.html). -The `resource` block defines the resource being created. The above example creates a VPC with a CIDR block of `10.128.0.0/16` and attaches a `Name` tag `airpair-example`, you can read more about various other parameters that can be defined for ```aws_vpc``` on the [aws_vpc resource documentation page](https://www.terraform.io/docs/providers/aws/r/vpc.html) +The `resource` block defines the resource being created. The above example creates a VPC with a CIDR block of `10.128.0.0/16` and attaches a `Name` tag `airpair-example`. You can read more about various other parameters that can be defined for ```aws_vpc``` on the [aws_vpc resource documentation page](https://www.terraform.io/docs/providers/aws/r/vpc.html). -Parameters accepts string values that can be [interpolated](https://www.terraform.io/docs/configuration/interpolation.html) when wrapped with `${}`. In the ```aws``` provider block, specifying ```${var.access_key}``` for -for access key will read the value from the user provided for variable ```access_key```. +Parameters accept string values that can be [interpolated](https://www.terraform.io/docs/configuration/interpolation.html) when wrapped with `${}`. In the ```aws``` provider block specifying ```${var.access_key}``` for access key will read the value from the user provided for variable ```access_key```. You will see extensive usage of interpolation in the coming sections of this guide. -Running `terraform apply` will create the VPC by prompting you to to input AWS access and secret keys, the output should look like look like the below. For default values, hitting `` key will assign default values defined in the `variables.tf` file. +Running `terraform apply` will create the VPC by prompting you to to input AWS access and secret keys. For default values, hitting `` will assign default values, defined in the `variables.tf` file. + +The output should look something like this: ```sh $ terraform apply @@ -234,21 +238,25 @@ use the `terraform show` command. State path: terraform.tfstate ``` -You can verify the VPC has been created by visiting the [VPC page on aws console](https://console.aws.amazon.com/vpc/home?region=us-west-1#vpcs). The above command will save the state of your infrastructure to `terraform.tfstate` file, this file will be updated each time you run `terraform apply`, you can inspect the current state of your infrastructure by running `terraform show` +The above command will save the state of your infrastructure to the `terraform.tfstate` file. This file will be updated each time you run `terraform apply`. You can inspect the current state of your infrastructure by running `terraform show`. + +You can verify the VPC has been created by visiting the [VPC page on AWS console](https://console.aws.amazon.com/vpc/home?region=us-west-1#vpcs). -Variables can also be entered using command arguments by specifying `-var 'var=VALUE'`, for example ```terraform plan -var 'access_key=foo' -var 'secret_key=bar'``` +Variables can also be entered using command arguments by specifying `-var 'var=VALUE’`. For example: ```terraform plan -var 'access_key=foo' -var 'secret_key=bar'```. -`terraform apply` will not however save your input values (access and secret keys) and you'll be required to provide them for each update, to avoid this create a `terraform.tfvars` variables file with your access and secret keys that looks like, the below (replace foo and bar with your values): +However, `terraform apply` will not save your input values (access and secret keys). You'll be required to provide them for each update. To avoid inputting values for each update, create a `terraform.tfvars` variables file with your access and secret keys that looks like the below (replace foo and bar with your values): ``` access_key = "foo" secret_key = "bar" ``` -Adding the public subnet +It is a best practice not to upload this file to your source control system. For git users, make sure to include `terraform.tfvars` in the `.gitignore` file. + +Adding the Public Subnet ------------------------ -Lets now add a public subnet with a ip range of 10.128.0.0/24 and attach a internet gateway, create a `public-subnet.tf` with the below configuration: +Let us now add a public subnet with the IP range `10.128.0.0/24` and attach an Internet Gateway. Create a `public-subnet.tf` file with the below configuration: ``` /* Internet gateway for the public subnet */ @@ -286,11 +294,11 @@ resource "aws_route_table_association" "public" { Anything under ```/* .. */``` will be considered as comments. -Running `terraform plan` will generate an execution plan for you to verify before creating the actual resources, it is recommended that you always inspect the plan before running the `apply` command. +Running `terraform plan` will generate an execution plan for you to verify before creating the actual resources. It is recommended that you always inspect the plan before running the `apply` command. -Resource dependencies are implicitly determined during the refresh phase (in planing and application phases). They can also be explicitly defined using ```depends_on``` parameter. In the above configuration, resource ```aws_subnet.public``` depends on ```aws_internet_gatway.default``` and will only be created after ```aws_internet_gateway.default``` is successfully created. +Resource dependencies are implicitly determined during the refresh phase (in planing and application phases). They can also be explicitly defined using the ```depends_on``` parameter. In the above configuration, the resource ```aws_subnet.public``` depends on ```aws_internet_gatway.default``` and will only be created after ```aws_internet_gateway.default``` is successfully created. -The output of `terraform plan` should look something like the below: +The output of `terraform plan` should look something like this: ```sh $ terraform plan @@ -331,20 +339,20 @@ Note: You didn't specify an "-out" parameter to save this plan, so when vpc_id: "" => "vpc-30965455" ``` -*The vpc_id will different in your actual output from the above example output* +*The vpc_id will be different in your actual output, as compared to the example above*. The `+` before `aws_internet_gateway.default` indicates that a new resource will be created. -After reviewing your plan, run `terraform apply` to create your resources. You can verify the subnet has been created by running `terraform show` or by visiting the aws console. +After reviewing your plan, run `terraform apply` to create your resources. You can verify that the subnet has been created by running `terraform show` or by visiting the AWS console. -Creating security groups +Creating Security Groups ------------------------ -We will creating 3 security groups: +We will be creating 3 security groups: -- default: default security group that allows inbound and outbound traffic from all instances in the VPC -- nat: security group for nat instances that allows SSH traffic from internet -- web: security group that allows web traffic from the internet +- `default`: default security group that allow inbound and outbound traffic from all instances in the VPC +- `nat`: security group for NAT instances that allow SSH traffic from the internet +- `web`: security group that allows web traffic from the internet Create your security groups in a `security-groups.tf` file with the below configuration: @@ -418,7 +426,7 @@ resource "aws_security_group" "web" { } ``` -Run `terraform plan`, review your changes and run `terraform apply`. You should see a message: +Run `terraform plan` to review your changes and then run `terraform apply`. You should see an output like this: ```sh ... @@ -431,15 +439,15 @@ Apply complete! Resources: 3 added, 0 changed, 0 destroyed. Create SSH Key Pair ------------------- -We will need a default ssh key to be bootstrapped on the newly created instances to be able to login. Make sure you have `ssh` directory and generate a new key by running the: +We will need an SSH key to be bootstrapped on the newly created instances to be able to login. Make sure you have the `ssh` directory and generate a new key by running: ```sh $ sh-keygen -t rsa -C "insecure-deployer" -P '' -f ssh/insecure-deployer ``` -The above command will create a public-private key pair in `ssh` directory, this is an insecure key and should be replaced after the instance is bootstrapped. +The above command will create a public-private key pair in the `ssh` directory. This is an insecure key and should be replaced after the instance is bootstrapped. -Create a new file `key-pairs.sh` with the below config and register the newly generated SSH key pair by running`terraform plan` and `terraform apply`. +Create a new file `key-pairs.sh` with the below configuration and register the newly generated SSH key pair by running`terraform plan` and `terraform apply`. ``` resource "aws_key_pair" "deployer" { @@ -450,12 +458,12 @@ resource "aws_key_pair" "deployer" { Terraform interpolation syntax also allows reading data from files using `$file("path/to/file")`. Variables in this file are not interpolated. The contents of the file are read as-is. -Create NAT Instance -------------------- +Create the NAT Instance +----------------------- -NAT instances reside in the public subnet and in order to route traffic, they need to have 'source destination check' disabled. They belong to the `default` secruity group to allow traffic from instances in that group and `nat` security group to allow SSH and VPN traffic from the internet. +NAT instances reside in the public subnet. In order to route traffic, they need to have the ’source destination check' parameter disabled. They belong to the `default` and `nat` security groups. The `default` security group allows traffic from any instance within the group. The `nat` security group allows SSH and VPN traffic from the internet. -Create a file `nat-server.tf` with the below config: +Create a file `nat-server.tf` with the below configuration: ``` /* NAT/VPN server */ @@ -489,16 +497,16 @@ resource "aws_instance" "nat" { } ``` -In order for that NAT instance to route packets, [iptables](http://ipset.netfilter.org/iptables.man.html) needs to be configured be with a rule in the `nat` table for [IP Masquerade](http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/ipmasq-background2.1.html). We also need to install docker, download the openvpn container and generate server configuration. +In order for the NAT instance to route traffic, [iptables](http://ipset.netfilter.org/iptables.man.html) needs to be configured with a rule in the `nat` table for [IP Masquerade](http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/ipmasq-background2.1.html). We also need to install Docker, download the OpenVPN container and generate server configuration. -Terraform provides a set of [provisioning options](https://www.terraform.io/docs/provisioners/index.html) that can be used to run arbitrary commands on the instances when they are created. For our nat instance above, we use ```remote-exec``` to execute the set of commands on the instance. +Terraform provides a set of [provisioning options](https://www.terraform.io/docs/provisioners/index.html) that can be used to run arbitrary commands on instances, immediately after they are created. -``connection`` block defines the [connection parameters](https://www.terraform.io/docs/provisioners/connection.html) for ssh access to the instance. +The `connection` block defines the [connection parameters](https://www.terraform.io/docs/provisioners/connection.html) for SSH access to the instance. -Create private subnet and configure routing -------------------------------------------- +Create Private Subnet and Routes +-------------------------------- -Create a private subnet with a CIDR range of 10.128.1.0/24 and configure the routing table to route all traffic via the nat. Create ‘private-subnets.tf' file with the below config: +Create a Private Subnet with the CIDR range `10.128.1.0/24` and configure the routing table to route all traffic via the NAT. Create a `private-subnets.tf` file with the below configuration: ``` /* Private subnet */ @@ -529,20 +537,20 @@ resource "aws_route_table_association" "private" { } ``` -Notice our second time use of ```depends_on```, in this case it only creates the private subnet after provisioning the NAT instance. With out the iptables configuration, the instances in the private subnet will not be able to access internet and will fail to download docker containers. +Notice our second time use of ```depends_on```. In the above case, ```depends_on``` only creates the private subnet after the NAT instance is created and successfully provisioned. Without the `iptables` configuration, the instances in the private subnet will not be able to access the internet and will fail to download Docker containers. Run ```terraform plan``` and ```terraform apply``` to create the resources. -Adding app instances and a load balancer ----------------------------------------- +Adding Application Servers with a Load Balancer +----------------------------------------------- -Lets add two app servers running nginx containers in the private subnet and configure a load balancer in the public subnet. +Let us add two app servers running nginx containers in the private subnet and configure a load balancer in the public subnet. -The app servers are not accessible directly from the internet and can be accessed via the VPN. Since we haven't configured our VPN yet to access the instances, we will provision the instances using by bootstrapping `cloud-init` yaml file via the ```user_data``` parameter. +The app servers are not accessible directly from the internet and can be accessed via the VPN. Since we haven't configured our VPN yet to access the instances, we will provision the instances by bootstrapping a `cloud-init` configuration file via the ```user_data``` resource parameter. -`cloud-init` is a defacto multi-distribution package that handles early initialization of a cloud instance. You can see various examples [in the documentation](http://cloudinit.readthedocs.org/en/latest/topics/examples.html) +The defacto multi-distribution package [cloud-init](http://cloudinit.readthedocs.org/en/latest/topics/examples.html) handles early initialization of a cloud instance. -Create `app.yml` cloud config file under `cloud-config` directory with the below config: +Create the `app.yml` cloud config file under `cloud-config` directory with the below configuration: ```yaml #cloud-config @@ -556,7 +564,7 @@ runcmd: ``` -Create `app-servers.tf` file with the below configuration: +Create the `app-servers.tf` file with the below configuration: ``` /* App servers */ @@ -589,18 +597,18 @@ resource "aws_elb" "app" { } ``` -`count` parameter indicates the number of identical resources to create and `${count.index}` interpolation in the name tag provides the current index. +The `count` parameter indicates the number of identical resources to create. The `${count.index}` interpolation in the name tag provides the current index. -You read more about using count in resources at [terraform variable documentation](https://www.terraform.io/docs/configuration/resources.html#using-variables-with-count) +You can read more about using count in resources at [terraform variable documentation](https://www.terraform.io/docs/configuration/resources.html#using-variables-with-count). -Run ```terraform plan``` and ```terraform apply``` +Run ```terraform plan``` and then ```terraform apply```. -Allowing generated configuration to be easily accessible to other programs --------------------------------------------------------------------------- +Easily Accessing Computed Data from other Programs +-------------------------------------------------- -Terraform allows for defining output to templates, output variables can be accessed by running ```terraform output VARIABLE```. +Terraform allows persisting computed values in output variables. The output variables defined in the configuration can be accessed by running ```terraform output VARIABLE```, from the shell. -Create `outputs.tf` file with the below configuration: +Create the `outputs.tf` file with the below configuration: ``` output "app.0.ip" { @@ -620,22 +628,22 @@ output "elb.hostname" { } ``` -Since we are not changing any values, run `terraform apply` to populate outputs in the state file. Inspect the `elb.hostname` by running: +Since we are not changing any values this time, running `terraform apply` will populate outputs in the state file. Inspect the `elb.hostname` by running: ```sh $ open "http://$(terraform output elb.hostname)" ``` -The above command will open a web browser. If you get an connection error, it is likely the DNS has not propagated in time and you should try again after a few minutes. +The above command will open a web browser with the Load balancer’s address. If you get a connection error, it is likely that the DNS has not propagated in time and you should try again after a few minutes. -Configure OpenVPN server and generate client config ---------------------------------------------------- +Configure OpenVPN Server and Generate Client Configuration +---------------------------------------------------------- -The below steps configure the VPN servers and generate a client configuration with embedded keys to connect with your openvpn client on your workstation. +The below steps configure the VPN server and generate a client configuration to connect with the OpenVPN client from your workstation. The keys will be embedded in the generated client OpenVPN configuration file. -Considering the commands are fairly long, we will be creating command wrappers to be able to easily run them again. A big part of operatinaly effiency comes from our ability to simply complicated commands which are unlikely to be easily recalled. After each successful step, we will save the command under `bin` in an executable file. +Considering the commands are fairly long, we will be creating command wrappers to be able to easily run them again. A big part of improving operationally efficiency comes from our ability to simplify complicated commands. We will save the commands in the `bin` directory as executable files. -1. Initialize PKI and save the command under bin/ovpn-init +1. Initialize PKI and save the command the under bin/ovpn-init ```sh $ cat > bin/ovpn-init < bin/ovpn-start < bin/ovpn-client-config < Date: Wed, 4 Mar 2015 01:28:32 -0800 Subject: [PATCH 21/30] README: updated post link --- terraform/README.md | 739 +------------------------------------------- 1 file changed, 1 insertion(+), 738 deletions(-) diff --git a/terraform/README.md b/terraform/README.md index 7781a87..d058e56 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -1,738 +1 @@ -Guide to automating a multi-tiered application securely on AWS with Docker and Terraform. -========================================================================================= - -Data is a crucial part of our infrastructure and particularly vulnerable while it is traveling over the Internet. Securing the transportation of data is a fundamental requirement for a secure network. - -While there are serval transport level protocols available for encrypting communications, communicating privately in a closed network is the most common and efficient way to keep data secure. - -I wrote this guide in an attempt to help the reader build such a network on AWS along with a secure way to access it’s resources using a VPN. - -Before we begin ---------------- - -This is a technical guide and the reader is expected to have basic level of linux command line knowledge. The audiences this guide is intended for are: - -- Application developers with little or no systems administration experience and wanting to deploy applications on AWS. -- System administrators with little of no experience with infrastructure automation and wanting to learn more. -- Any one that wants to get a feel for the current state of cloud automation tooling. - -I kept the scope limited to building a private network and did not cover application and OS level security which are also equally important. - -As you walk thru various sections of this guide, you will be creating real aws resources that cost money. I did my best to keep the utilization footprint to the lowest possible configuration and I estimate less than hour to complete all the steps in this guide at $0.079/hr - -By the end, to demonstrate the disposable nature of infstrasture-of-code, we will be destroying all the infrastructure components that were created during the course of this tutorial. - -Please have the below ready before we begin: - -- AWS access and secret keys to an active AWS account. -- A unix/linux workstation with internet connection, almost all commands will work on Windows too with a shell emulator like cygwin. - -What we will be building ------------------------- - -We will essentially be building a Virtual Private Cloud (VPC) on AWS along with a public and a private subnet (sub-networks) pair. - -Instances in the private subnet cannot directly access the internet thereby making the subnet an ideal place for application and database servers. - -During the course of this tutorial, we will be creating our application instances in the private subnet. The private subnet will also be where you should be hosting application support instances like database instances, cache servers, log hosts, build servers, configuration stores etc. Instances in the private subnet rely on a Network Address Translation (NAT) server running in the public subnet to connect to the internet. - -All Instances in the public subnet can transmit inbound and outbound traffic to and from the internet, the routing resources such as load balancers, vpn and nat servers reside in this subnet. - -The NAT server will also run a OpenVPN server, a full-featured SSL VPN which implements OSI layer 3 secure network extension using the industry standard SSL/TLS protocol over a UDP encapsulated network. - -In the later part of this guide, we will connect to our private networking using this VPN server using a compatible OpenVPN client. On a Mac, [Viscosity for Mac](https://www.sparklabs.com/viscosity) is a good commercial client and my personal favorite. [Tunnelblick](https://code.google.com/p/tunnelblick/) a open-source client that’s compatible too. - -For other operating systems, see [openvpn clients page](https://openvpn.net/index.php/access-server/docs/admin-guides/182-how-to-connect-to-access-server-with-linux-clients.html) for a list. - -To summarize, we will be building the below components: - -- VPC -- Internet Gateway for public subnet -- Public subnet for routing instances -- Private subnet for application resources -- Routing tables for public and private subnets -- NAT/VPN server to route outbound traffic from your instances in private network and provide your workstation secure access to network resources. -- Application servers running nginx docker containers in a private subnet -- Load balancers in the public subnet to manage and route web traffic to app servers - -Although all the above mentioned components can be built and managed using the native AWS web console, it makes your infrastructure operationally vulnerable to changes and surprises. - -Automating the building, changing, and versioning your infrastructure safely and efficiently increases your operational readiness exponentially. It allows you move at an higher velocity you grow your infrastructure. - -Infrastructure as code lays the foundation for agility that aligns with your product develop efforts opens a path way to easily scale to many types of clouds to manage heterogeneous information systems. - -The Terraform Way ------------------ - -[Terraform](https://www.terraform.io) is automation tool for the cloud from creators of Vagrant, [Hashicorp](https://hashicorp.com) (Creators of [Vagrant](https://www.vagrantup.com), [Consul](https://www.consul.io) and many more sysadmin favorites). - -It provides powerful primitives to elegantly define your infrastructure as code. It’s simple yet powerful syntax to describe infrastructure components allow you to build complex, version controlled, collaborative, heterogeneous and disposable systems at a very high productivity. - -In simple terms, terraforming begins with you describing the desired state of your infrastructure in a configuration file, it then generates an execution plan describing what it will do to reach that desired state. You can then choose to execute (or modify) the plan to build, remove or modify desired components. - - -Settting up your workstation ------------------------------ - -You can install terraform using [Homebrew](http://brew.sh) on a Mac using ```brew update && brew install terraform```. - -Alternative, find the [appropriate package](https://www.terraform.io/downloads.html) for your system and download it. Terraform is packaged as a zip archive. After downloading Terraform, unzip the contents of the zip archive to directory that is in your `PATH`, ideally under `/usr/local/bin`. You can verify terraform is properly installed by running `terraform`, it should return something like: - -```sh -usage: terraform [--version] [--help] [] - -Available commands are: - apply Builds or changes infrastructure - destroy Destroy Terraform-managed infrastructure - get Download and install modules for the configuration - graph Create a visual graph of Terraform resources - init Initializes Terraform configuration from a module - output Read an output from a state file - plan Generate and show an execution plan - pull Refreshes the local state copy from the remote server - push Uploads the the local state to the remote server - refresh Update local state file against real resources - remote Configures remote state management - show Inspect Terraform state or plan - version Prints the Terraform version -``` - -Setting your project directory ------------------------------- - -Create a directory to host your project files. For our example, we will use `$HOME/infrastructure`, with the below structure: - -```sh -. -├── cloud-config -├── bin -└── ssh -``` - -```sh -$ mkdir -p $HOME/infrastructure/cloud-config $HOME/infrastructure/ssh $HOME/infrastructure/ssh -$ cd $HOME/infrastructure -``` - -Defining variables for your infrastructure ------------------------------------------- - -Configurations can be defined in any file with '.tf' extension using terraform syntax or as json files. Its a general practice to start with a `variables.tf` that defines all variables that can be easily changed to tune your infrastructure. -Create a file called `variables.tf` with the below contents: - -``` -variable "access_key" { - description = "AWS access key" -} - -variable "secret_key" { - description = "AWS secert access key" -} - -variable "region" { - description = "AWS region to host your network" - default = "us-west-1" -} - -variable "vpc_cidr" { - description = "CIDR for VPC" - default = "10.128.0.0/16" -} - -variable "public_subnet_cidr" { - description = "CIDR for public subnet" - default = "10.128.0.0/24" -} - -variable "private_subnet_cidr" { - description = "CIDR for private subnet" - default = "10.128.1.0/24" -} - -/* Ubuntu 14.04 amis by region */ -variable "amis" { - description = "Base AMI to launch the instances with" - default = { - us-west-1 = "ami-049d8641" - us-east-1 = "ami-a6b8e7ce" - } -} -``` - -The `variable` block defines a single input variable your configuration will require to provision your infrastructure, `description` parameter is used to describe what the variable is for and the `default` parameter gives it a default value, our example requires that you provide ```access_key``` and ```secret_key``` variables and optionally provide ```region```, region will otherwise default to `us-west-1` when not provided. - -Variables can also have multiple default values with keys to access them, such variables are called maps. Values in maps can be accessed using interpolation syntax which will be covered in the coming sections of the guide. - -Creating your first terraform resource - VPC ---------------------------------------------- - -Create a `aws-vpc.tf` file under the current directory with the below configuration: - -``` -/* Setup our aws provider */ -provider "aws" { - access_key = "${var.access_key}" - secret_key = "${var.secret_key}" - region = "${var.region}" -} - -/* Define our vpc */ -resource "aws_vpc" "default" { - cidr_block = "${var.vpc_cidr}" - enable_dns_hostnames = true - tags { - Name = "airpair-example" - } -} -``` - -The `provider` block defines the configuration for the cloud providers, aws in our case. Terraform has support for various other providers like Google Compute Cloud, DigitalOcean, Heroku etc. You can see a full list of supported providers on the [terraform providers page](https://www.terraform.io/docs/providers/index.html). - -The `resource` block defines the resource being created. The above example creates a VPC with a CIDR block of `10.128.0.0/16` and attaches a `Name` tag `airpair-example`, you can read more about various other parameters that can be defined for ```aws_vpc``` on the [aws_vpc resource documentation page](https://www.terraform.io/docs/providers/aws/r/vpc.html) - -Parameters accepts string values that can be [interpolated](https://www.terraform.io/docs/configuration/interpolation.html) when wrapped with `${}`. In the ```aws``` provider block, specifying ```${var.access_key}``` for -for access key will read the value from the user provided for variable ```access_key```. - -You will see extensive usage of interpolation in the coming sections of this guide. - -Provisioning your VPC ---------------------- - -Running `terraform apply` will create the VPC by prompting you to to input AWS access and secret keys, the output should look like look like the below. For default values, hitting `` key will assign default values defined in the `variables.tf` file. - -```sh -$ terraform apply -var.access_key - AWS access key - - Enter a value: foo - -... - -var.secret_key - AWS secert access key - - Enter a value: bar - -... - -aws_vpc.default: Creating... - cidr_block: "" => "10.128.0.0/16" - default_network_acl_id: "" => "" - default_security_group_id: "" => "" - enable_dns_hostnames: "" => "1" - enable_dns_support: "" => "0" - main_route_table_id: "" => "" - tags.#: "" => "1" - tags.Name: "" => "airpair-example" -aws_vpc.default: Creation complete - -Apply complete! Resources: 1 added, 0 changed, 0 destroyed. - -The state of your infrastructure has been saved to the path -below. This state is required to modify and destroy your -infrastructure, so keep it safe. To inspect the complete state -use the `terraform show` command. - -State path: terraform.tfstate -``` - -You can verify the VPC has been created by visiting the [VPC page on aws console](https://console.aws.amazon.com/vpc/home?region=us-west-1#vpcs). The above command will save the state of your infrastructure to `terraform.tfstate` file, this file will be updated each time you run `terraform apply`, you can inspect the current state of your infrastructure by running `terraform show` - -Variables can also be entered using command arguments by specifying `-var 'var=VALUE'`, for example ```terraform plan -var 'access_key=foo' -var 'secret_key=bar'``` - -`terraform apply` will not however save your input values (access and secret keys) and you'll be required to provide them for each update, to avoid this create a `terraform.tfvars` variables file with your access and secret keys that looks like, the below (replace foo and bar with your values): - -``` -access_key = "foo" -secret_key = "bar" -``` - -Adding the public subnet ------------------------- - -Lets now add a public subnet with a ip range of 10.128.0.0/24 and attach a internet gateway, create a `public-subnet.tf` with the below configuration: - -``` -/* Internet gateway for the public subnet */ -resource "aws_internet_gateway" "default" { - vpc_id = "${aws_vpc.default.id}" -} - -/* Public subnet */ -resource "aws_subnet" "public" { - vpc_id = "${aws_vpc.default.id}" - cidr_block = "${var.public_subnet_cidr}" - availability_zone = "us-west-1a" - map_public_ip_on_launch = true - depends_on = ["aws_internet_gateway.default"] - tags { - Name = "public" - } -} - -/* Routing table for public subnet */ -resource "aws_route_table" "public" { - vpc_id = "${aws_vpc.default.id}" - route { - cidr_block = "0.0.0.0/0" - gateway_id = "${aws_internet_gateway.default.id}" - } -} - -/* Associate the routing table to public subnet */ -resource "aws_route_table_association" "public" { - subnet_id = "${aws_subnet.public.id}" - route_table_id = "${aws_route_table.public.id}" -} -``` - -Anything under ```/* .. */``` will be considered as comments. - -Running `terraform plan` will generate an execution plan for you to verify before creating the actual resources, it is recommended that you always inspect the plan before running the `apply` command. - -Resource dependencies are implicitly determined during the refresh phase (in planing and application phases). They can also be explicitly defined using ```depends_on``` parameter. In the above configuration, resource ```aws_subnet.public``` depends on ```aws_internet_gatway.default``` and will only be created after ```aws_internet_gateway.default``` is successfully created. - -The output of `terraform plan` should look something like the below: - -```sh -$ terraform plan - -Refreshing Terraform state prior to plan... - -aws_vpc.default: Refreshing state... (ID: vpc-30965455) - -The Terraform execution plan has been generated and is shown below. -Resources are shown in alphabetical order for quick scanning. Green resources -will be created (or destroyed and then created if an existing resource -exists), yellow resources are being changed in-place, and red resources -will be destroyed. - -Note: You didn't specify an "-out" parameter to save this plan, so when -"apply" is called, Terraform can't guarantee this is what will execute. - -+ aws_internet_gateway.default - vpc_id: "" => "vpc-30965455" - -+ aws_route_table.public - route.#: "" => "1" - route.~1235774185.cidr_block: "" => "0.0.0.0/0" - route.~1235774185.gateway_id: "" => "${aws_internet_gateway.default.id}" - route.~1235774185.instance_id: "" => "" - vpc_id: "" => "vpc-30965455" - -+ aws_route_table_association.public - route_table_id: "" => "${aws_route_table.public.id}" - subnet_id: "" => "${aws_subnet.public.id}" - -+ aws_subnet.public - availability_zone: "" => "us-west-1a" - cidr_block: "" => "10.128.0.0/24" - map_public_ip_on_launch: "" => "1" - tags.#: "" => "1" - tags.Name: "" => "public" - vpc_id: "" => "vpc-30965455" -``` - -*The vpc_id will different in your actual output from the above example output* - -The `+` before `aws_internet_gateway.default` indicates that a new resource will be created. - -After reviewing your plan, run `terraform apply` to create your resources. You can verify the subnet has been created by running `terraform show` or by visiting the aws console. - -Create security groups ----------------------- - -We will creating 3 security groups: - -- default: default security group that allows inbound and outbound traffic from all instances in the VPC -- nat: security group for nat instances that allows SSH traffic from internet -- web: security group that allows web traffic from the internet - -Create your security groups in a `security-groups.tf` file with the below configuration: - -``` -/* Default security group */ -resource "aws_security_group" "default" { - name = "default-airpair-example" - description = "Default security group that allows inbound and outbound traffic from all instances in the VPC" - vpc_id = "${aws_vpc.default.id}" - - ingress { - from_port = "0" - to_port = "0" - protocol = "-1" - self = true - } - - tags { - Name = "airpair-example-default-vpc" - } -} - -/* Security group for the nat server */ -resource "aws_security_group" "nat" { - name = "nat-airpair-example" - description = "Security group for nat instances that allows SSH and VPN traffic from internet" - vpc_id = "${aws_vpc.default.id}" - - ingress { - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - ingress { - from_port = 1194 - to_port = 1194 - protocol = "udp" - cidr_blocks = ["0.0.0.0/0"] - } - - tags { - Name = "nat-airpair-example" - } -} - -/* Security group for the web */ -resource "aws_security_group" "web" { - name = "web-airpair-example" - description = "Security group for web that allows web traffic from internet" - vpc_id = "${aws_vpc.default.id}" - - ingress { - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - ingress { - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - tags { - Name = "web-airpair-example" - } -} -``` - -Run `terraform plan`, review your changes and run `terraform apply`. You should see a message: - -```sh -... - -Apply complete! Resources: 3 added, 0 changed, 0 destroyed. - -... -``` - -Create SSH Key Pair -------------------- - -We will need a default ssh key to be bootstrapped on the newly created instances to be able to login. Make sure you have `ssh` directory and generate a new key by running the: - -```sh -$ sh-keygen -t rsa -C "insecure-deployer" -P '' -f ssh/insecure-deployer -``` - -The above command will create a public-private key pair in `ssh` directory, this is an insecure key and should be replaced after the instance is bootstrapped. - -Create a new file `key-pairs.sh` with the below config and register the newly generated SSH key pair by running`terraform plan` and `terraform apply`. - -``` -resource "aws_key_pair" "deployer" { - key_name = "deployer-key" - public_key = "${file(\"ssh/insecure-deployer.pub\")}" -} -``` - -Terraform interpolation syntax also allows reading data from files using `$file("path/to/file")`. Variables in this file are not interpolated. The contents of the file are read as-is. - -Create NAT Instance -------------------- - -NAT instances reside in the public subnet and in order to route traffic, they need to have 'source destination check' disabled. They belong to the `default` secruity group to allow traffic from instances in that group and `nat` security group to allow SSH and VPN traffic from the internet. - -Create a file `nat-server.tf` with the below config: - -``` -/* NAT/VPN server */ -resource "aws_instance" "nat" { - ami = "${lookup(var.amis, var.region)}" - instance_type = "t2.micro" - subnet_id = "${aws_subnet.public.id}" - security_groups = ["${aws_security_group.default.id}", "${aws_security_group.nat.id}"] - key_name = "${aws_key_pair.deployer.key_name}" - source_dest_check = false - tags = { - Name = "nat" - } - connection { - user = "ubuntu" - key_file = "ssh/insecure-deployer" - } - provisioner "remote-exec" { - inline = [ - "sudo iptables -t nat -A POSTROUTING -j MASQUERADE", - "echo 1 > /proc/sys/net/ipv4/conf/all/forwarding", - /* Install docker */ - "curl -sSL https://get.docker.com/ubuntu/ | sudo sh", - /* Initialize open vpn data container */ - "sudo mkdir -p /etc/openvpn", - "sudo docker run --name ovpn-data -v /etc/openvpn busybox", - /* Generate OpenVPN server config */ - "sudo docker run --volumes-from ovpn-data --rm gosuri/openvpn ovpn_genconfig -p ${var.vpc_cidr} -u udp://${aws_instance.nat.public_ip}" - ] - } -} -``` - -In order for that NAT instance to route packets, [iptables](http://ipset.netfilter.org/iptables.man.html) needs to be configured be with a rule in the `nat` table for [IP Masquerade](http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/ipmasq-background2.1.html). We also need to install docker, download the openvpn container and generate server configuration. - -Terraform provides a set of [provisioning options](https://www.terraform.io/docs/provisioners/index.html) that can be used to run arbitrary commands on the instances when they are created. For our nat instance above, we use ```remote-exec``` to execute the set of commands on the instance. - -``connection`` block defines the [connection parameters](https://www.terraform.io/docs/provisioners/connection.html) for ssh access to the instance. - -Create private subnet and configure routing -------------------------------------------- - -Create a private subnet with a CIDR range of 10.128.1.0/24 and configure the routing table to route all traffic via the nat. Append 'main.tf' with the below config: - -``` -/* Private subnet */ -resource "aws_subnet" "private" { - vpc_id = "${aws_vpc.default.id}" - cidr_block = "${var.private_subnet_cidr}" - availability_zone = "us-west-1a" - map_public_ip_on_launch = false - depends_on = ["aws_instance.nat"] - tags { - Name = "private" - } -} - -/* Routing table for private subnet */ -resource "aws_route_table" "private" { - vpc_id = "${aws_vpc.default.id}" - route { - cidr_block = "0.0.0.0/0" - instance_id = "${aws_instance.nat.id}" - } -} - -/* Associate the routing table to public subnet */ -resource "aws_route_table_association" "private" { - subnet_id = "${aws_subnet.private.id}" - route_table_id = "${aws_route_table.private.id}" -} -``` - -Notice our second time use of ```depends_on```, in this case it only creates the private subnet after provisioning the NAT instance. With out the iptables configuration, the instances in the private subnet will not be able to access internet and will fail to download docker containers. - -Run ```terraform plan``` and ```terraform apply``` to create the resources. - -Adding app instances and a load balancer ----------------------------------------- - -Lets add two app servers running nginx containers in the private subnet and configure a load balancer in the public subnet. - -The app servers are not accessible directly from the internet and can be accessed via the VPN. Since we haven't configured our VPN yet to access the instances, we will provision the instances using by bootrapping `cloud-init` yaml file via the ```user_data``` parameter. - -`cloud-init` is a defacto multi-distribution package that handles early initialization of a cloud instance. You can see various examples [in the documentation](http://cloudinit.readthedocs.org/en/latest/topics/examples.html) - -Create `app.yml` cloud config file under `cloud-config` directory with the below config: - -```yaml -#cloud-config -# Cloud config for application servers - -runcmd: - # Install docker - - curl -sSL https://get.docker.com/ubuntu/ | sudo sh - # Run nginx - - docker run -d -p 80:80 dockerfile/nginx - -``` - -Create `app-servers.tf` file with the below configuration: - -``` -/* App servers */ -resource "aws_instance" "app" { - count = 2 - ami = "${lookup(var.amis, var.region)}" - instance_type = "t2.micro" - subnet_id = "${aws_subnet.private.id}" - security_groups = ["${aws_security_group.default.id}"] - key_name = "${aws_key_pair.deployer.key_name}" - source_dest_check = false - user_data = "${file(\"cloud-config/app.yml\")}" - tags = { - Name = "airpair-example-app-${count.index}" - } -} - -/* Load balancer */ -resource "aws_elb" "app" { - name = "airpair-example-elb" - subnets = ["${aws_subnet.public.id}"] - security_groups = ["${aws_security_group.default.id}", "${aws_security_group.web.id}"] - listener { - instance_port = 80 - instance_protocol = "http" - lb_port = 80 - lb_protocol = "http" - } - instances = ["${aws_instance.app.*.id}"] -} -``` - -`count` parameter indicates the number of identical resources to create and `${count.index}` interpolation in the name tag provides the current index. - -You read more about using count in resources at [terraform variable documentation](https://www.terraform.io/docs/configuration/resources.html#using-variables-with-count) - -Run ```terraform plan``` and ```terraform apply``` - -Allowing generated configuration to be easily accessable to other programs --------------------------------------------------------------------------- - -Terraform allows for defining output to templates, output variables can be accessed by running ```terraform output VARIABLE```. - -Create `outputs.tf` file with the below configuration: - -``` -output "app.0.ip" { - value = "${aws_instance.app.0.private_ip}" -} - -output "app.1.ip" { - value = "${aws_instance.app.1.private_ip}" -} - -output "nat.ip" { - value = "${aws_instance.nat.public_ip}" -} - -output "elb.hostname" { - value = "${aws_elb.app.dns_name}" -} -``` - -Since we are not changing any values, run `terraform apply` to populate outputs in the state file. Inspect the `elb.hostname` by running: - -$ open "http://$(terraform output elb.hostname)" - -The above command will open a web browser. If you get an connection error, it is likely the DNS has not propogated in time and you should try again after a few minutes. - -Configure OpenVPN server and generate client config ---------------------------------------------------- - -The below steps configure the VPN servers and generate a client configuration with embedded keys to connect with your openvpn client on your workstation. - -Considering the commands are fairly long, we will be creating command wrappers to be able to easily run them again. A big part of operatinaly effiency comes from our ability to simply complicated commands which are unlikely to be easily recalled. After each successful step, we will save the command under `bin` in an executable file. - -1. Initialize PKI and save the command under bin/ovpn-init - - ```sh - $ cat > bin/ovpn-init < bin/ovpn-start < bin/ovpn-new-client < bin/ovpn-client-config < "\${1}-airpair-example.ovpn" - EOF - - $ chmod +x bin/ovpn-client-config - $ bin/ovpn-client-config $USER - ``` - -5. The above command creates `$USER-airpair-example.ovpn` client configuration file in the current directory, double click on the file to import the configuration to your VPN client. You can also connection using iPhone/Android device, check out [OpenVPN Connect for iPhone](https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8) and [OpenVPN Connect on Play Store](https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en) - -Test your private connection ----------------------------- - -After successfully connecting using the VPN client, connect to one of app servers using a private IP address to validate that you have a connection: - -```sh -$ open "http://$(terraform output app.1.ip)" - -``` - -Alternatively, you can also ssh into the private instance - -```sh -$ ssh -t -i ssh/insecure-deployer "ubuntu@$(terraform output app.1.ip)" -``` - -Teardown infrastructure ------------------------ - -Destroy our infructure by running `destroy` command and answering with `yes` for confimation, make sure to disconnect from the VPN to be retain internet connection: - -```sh -$ terraform destroy - -Do you really want to destroy? - Terraform will delete all your managed infrastructure. - There is no undo. Only 'yes' will be accepted to confirm. - - Enter a value: yes - -... - -Apply complete! Resources: 0 added, 0 changed, 16 destroyed. -``` - -Conclusion ----------- - -There is a lot more to Terraform than what was convered in this post, checkout [terraform.io](https://terraform.io) and the [github project](http://github.com/hashicorp/terraform) to see more this amazing tool. - -I hope you found this guide useful, I gave my best to keep the guide accurate and updated, if there is any part of the guide that you felt could use imporovement, please leave a comment and I will attend to it promptly. - -I hope to continue to write more guides on various topics that I think will be useful to improve operational efficienty and readiness. You can reach me [Twitter at @kn0tch](https://twitter.com/kn0tch) if you have a recomendation for topic or want simply want stay connected, I'm usually active and always looking foward to a good conversation, come say hi! +This repo contains [Terraform](https://terraform.io) configuration files and related source code used in [Guide to automating a multi-tiered application securely on AWS with Docker and Terraform.](https://www.airpair.com/aws/posts/ntiered-aws-docker-terraform-guide) examples. From fba6ac1388cd678ad4f03eea1ccc0d85c4b5673e Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Wed, 4 Mar 2015 01:29:11 -0800 Subject: [PATCH 22/30] Update README.md --- terraform/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/README.md b/terraform/README.md index d058e56..a7551fa 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -1 +1 @@ -This repo contains [Terraform](https://terraform.io) configuration files and related source code used in [Guide to automating a multi-tiered application securely on AWS with Docker and Terraform.](https://www.airpair.com/aws/posts/ntiered-aws-docker-terraform-guide) examples. +This repo contains [Terraform](https://terraform.io) configuration files and related source code used in [Guide to automating a multi-tiered application securely on AWS with Docker and Terraform](https://www.airpair.com/aws/posts/ntiered-aws-docker-terraform-guide) examples. From 6d2b082bd13c7c59a82c1e60ced1b5748bbd39c2 Mon Sep 17 00:00:00 2001 From: Greg Osuri Date: Fri, 6 Mar 2015 23:54:17 -0800 Subject: [PATCH 23/30] Added version file --- VERSION | 1 + 1 file changed, 1 insertion(+) create mode 100644 VERSION diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..3eefcb9 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +1.0.0 From 98a10a92a4e46e84ad4e723672dfa297876af79e Mon Sep 17 00:00:00 2001 From: Saul Shanabrook Date: Wed, 6 May 2015 10:12:19 -0400 Subject: [PATCH 24/30] Forgot letter is ssh-keygen command --- post.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/post.md b/post.md index 2617acc..25a9c8f 100644 --- a/post.md +++ b/post.md @@ -442,7 +442,7 @@ Create SSH Key Pair We will need an SSH key to be bootstrapped on the newly created instances to be able to login. Make sure you have the `ssh` directory and generate a new key by running: ```sh -$ sh-keygen -t rsa -C "insecure-deployer" -P '' -f ssh/insecure-deployer +$ ssh-keygen -t rsa -C "insecure-deployer" -P '' -f ssh/insecure-deployer ``` The above command will create a public-private key pair in the `ssh` directory. This is an insecure key and should be replaced after the instance is bootstrapped. From 1a7056b80cf8b26e07310f4217b17293a762e903 Mon Sep 17 00:00:00 2001 From: Saul Shanabrook Date: Wed, 6 May 2015 10:13:54 -0400 Subject: [PATCH 25/30] fixed name of ke-pairs file --- post.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/post.md b/post.md index 25a9c8f..33e29fb 100644 --- a/post.md +++ b/post.md @@ -447,7 +447,7 @@ $ ssh-keygen -t rsa -C "insecure-deployer" -P '' -f ssh/insecure-deployer The above command will create a public-private key pair in the `ssh` directory. This is an insecure key and should be replaced after the instance is bootstrapped. -Create a new file `key-pairs.sh` with the below configuration and register the newly generated SSH key pair by running`terraform plan` and `terraform apply`. +Create a new file `key-pairs.tf` with the below configuration and register the newly generated SSH key pair by running`terraform plan` and `terraform apply`. ``` resource "aws_key_pair" "deployer" { From 135c0f8ccd9659f1d09492d6c9098db98e1d9a4a Mon Sep 17 00:00:00 2001 From: Saul Shanabrook Date: Wed, 6 May 2015 13:17:31 -0400 Subject: [PATCH 26/30] fix echo so it works with sudo --- post.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/post.md b/post.md index 33e29fb..5b341a3 100644 --- a/post.md +++ b/post.md @@ -484,7 +484,7 @@ resource "aws_instance" "nat" { provisioner "remote-exec" { inline = [ "sudo iptables -t nat -A POSTROUTING -j MASQUERADE", - "echo 1 > /proc/sys/net/ipv4/conf/all/forwarding", + "echo 1 | sudo tee /proc/sys/net/ipv4/conf/all/forwarding > /dev/null", /* Install docker */ "curl -sSL https://get.docker.com/ubuntu/ | sudo sh", /* Initialize open vpn data container */ From 02183d22372b929d01ab4824679b413ffe2832b0 Mon Sep 17 00:00:00 2001 From: Saul Shanabrook Date: Wed, 6 May 2015 13:33:37 -0400 Subject: [PATCH 27/30] Allow nat to outbound HTTP[S] so it can download docker --- post.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/post.md b/post.md index 5b341a3..4909c6b 100644 --- a/post.md +++ b/post.md @@ -378,7 +378,7 @@ resource "aws_security_group" "default" { /* Security group for the nat server */ resource "aws_security_group" "nat" { name = "nat-airpair-example" - description = "Security group for nat instances that allows SSH and VPN traffic from internet" + description = "Security group for nat instances that allows SSH and VPN traffic from internet. Also allows outbound HTTP[S]" vpc_id = "${aws_vpc.default.id}" ingress { @@ -394,7 +394,22 @@ resource "aws_security_group" "nat" { protocol = "udp" cidr_blocks = ["0.0.0.0/0"] } - + + egress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + tags { Name = "nat-airpair-example" } From a9655b27a1b82f89dec22fd5848288438c37f17c Mon Sep 17 00:00:00 2001 From: Saul Shanabrook Date: Wed, 6 May 2015 14:06:39 -0400 Subject: [PATCH 28/30] default security group should allow outbound connections within private network --- post.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/post.md b/post.md index 4909c6b..041f306 100644 --- a/post.md +++ b/post.md @@ -370,6 +370,13 @@ resource "aws_security_group" "default" { self = true } + egress { + from_port = "0" + to_port = "0" + protocol = "-1" + self = true + } + tags { Name = "airpair-example-default-vpc" } From 76e0c0cdb8974b4d62bc825c8bf5d1b2b862e7d0 Mon Sep 17 00:00:00 2001 From: Saul Shanabrook Date: Wed, 6 May 2015 14:26:37 -0400 Subject: [PATCH 29/30] switch to official nginx image, other wasnt loading --- post.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/post.md b/post.md index 041f306..7d44585 100644 --- a/post.md +++ b/post.md @@ -582,7 +582,7 @@ runcmd: # Install docker - curl -sSL https://get.docker.com/ubuntu/ | sudo sh # Run nginx - - docker run -d -p 80:80 dockerfile/nginx + - docker run -d -p 80:80 nginx ``` From 2533b60fcb4460f61a890ffc3a3ad0977f9914eb Mon Sep 17 00:00:00 2001 From: Nilesh Londhe Date: Fri, 11 Mar 2016 14:25:17 -0800 Subject: [PATCH 30/30] Update nat-server.tf --- terraform/nat-server.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/nat-server.tf b/terraform/nat-server.tf index dfffec9..e789c99 100644 --- a/terraform/nat-server.tf +++ b/terraform/nat-server.tf @@ -18,7 +18,7 @@ resource "aws_instance" "nat" { "sudo iptables -t nat -A POSTROUTING -j MASQUERADE", "echo 1 > /proc/sys/net/ipv4/conf/all/forwarding", /* Install docker */ - "curl -sSL https://get.docker.com/ubuntu/ | sudo sh", + "curl -sSL https://get.docker.com | sudo sh", /* Initialize open vpn data container */ "sudo mkdir -p /etc/openvpn", "sudo docker run --name ovpn-data -v /etc/openvpn busybox",