From 22a97a6476be7243a69c3a8dab06cd42a01ec09f Mon Sep 17 00:00:00 2001 From: Pavel Mineev Date: Sat, 24 Apr 2021 23:01:25 +0300 Subject: [PATCH] make header thiner and remove build from repo --- site/.gitignore | 1 + site/public/favicon.ico | Bin 15086 -> 0 bytes site/public/favicon.svg | 1 - site/public/index.html | 112 ----------------------------------- site/public/manifest.json | 13 ---- site/public/sharing.png | Bin 18018 -> 0 bytes site/public/touch-icon.png | Bin 10480 -> 0 bytes site/src/layouts/default.njk | 19 +++--- 8 files changed, 13 insertions(+), 133 deletions(-) delete mode 100644 site/public/favicon.ico delete mode 100644 site/public/favicon.svg delete mode 100644 site/public/index.html delete mode 100644 site/public/manifest.json delete mode 100644 site/public/sharing.png delete mode 100644 site/public/touch-icon.png diff --git a/site/.gitignore b/site/.gitignore index 4488b8e..3c27746 100644 --- a/site/.gitignore +++ b/site/.gitignore @@ -2,3 +2,4 @@ _tmp node_modules yarn-* package-lock.json +public diff --git a/site/public/favicon.ico b/site/public/favicon.ico deleted file mode 100644 index d356715c140a5329fa7d2f7ecd7e53a319d84b9e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 15086 zcmdU$ZD<@t7{@0~ZM43mAC%&2V%2JmLh+^agLoCHSP)b&ZSzuF6hqMueo&fbFC{0U z4GLC2R8i1^3QDQgTlfs_J5`CyfTOAEiyisvCt^24{;j_LCin*< zK=u=fjRvGN;RbP6kI> zvpCw?kKT2ISQ-gK*h*%`l=8mNGQ|(JL0XQS`sXZ}&$c|DL#yDJ#WqwI!NsQW#VIVZR@Oe%82u zEM_ks?wXVyQ&zhFUE9)@#n&x^xLfP_(}f*D``WF11pRMs%RepsX!7OvA5)%*{?C(r ztuMPQV4#!sn_GVdJr-I258!z%cB@bZ3z!3G7F`%2^XZ`6R{4ndKUp=(-*{oSZd^s4 zUbg2?i%Zu>z<;>?LtGpdeO6ot&I)=>%H%)UlErPa7^2$QiX}SNq#S-eFE>Yp>sgP_ zH7SGtZBNZgo#@7u<~1>J*!q5i;paW`eMc4xD~0J>ukD(Ue?pD@?eC#dpO5kP!4hAM zm}xzJqhd{ z{EsJv-G%?1B(dB1Ii~z!!!XWGDF5+w16YHrh3c*=} zJa>z}UhUHt%Z>AViu*bG9(vYc)*}V@8C)VzV|oxk?qjS@`Fe*pd3Zjhj`ujctef$l zD!)(puN?k6wg0Q~3@NPBY9!h!T5+9LB}ReWxR!Z~m6VBpv*t;+;;#6`&3Vo}=5OgU zp>H5<{f-xL>pSNewLSW{_&Fcoz?DAes-S}=M6RV^PI1Fpj6d?&voJo zb)Ova)$hkMf$P@}Kn1z zra0=EQ)yuOBgFzK2FM@)Ptl%Mww-lWB=YS}{)%bTx>4FBxcO72!4m z&+%RVW~ksa?xl74xy~+ZvB%2KO)ukf##`^aan{qx=l>;hm<-&(@~3>_t$O5I#o<|NtP8(MrZnTh z=i&A_3^U`Y;uzDxZ|Q$r^4)D44>j$?K3n@`{6U#touln>fX}Xtw)iQ|_224I)b+4@ z1{C8%y!(pr{2l8m;B!#Le-rlIBk#LXYpG;TGv8CN9Q`zHGDTx diff --git a/site/public/index.html b/site/public/index.html deleted file mode 100644 index 4322000..0000000 --- a/site/public/index.html +++ /dev/null @@ -1,112 +0,0 @@ -Reproxy

Reproxy is a simple edge HTTP(s) server / reverse proxy supporting various providers (docker, static, file). One or more providers supply information about the requested server, requested URL, destination URL, and health check URL. It is distributed as a single binary or as a docker container.

  • Automatic SSL termination with Let's Encrypt
  • Support of user-provided SSL certificates
  • Simple but flexible proxy rules
  • Static, command-line proxy rules provider
  • Dynamic, file-based proxy rules provider
  • Docker provider with an automatic discovery
  • Support of multiple (virtual) hosts
  • Optional traffic compression
  • User-defined limits and timeouts
  • Single binary distribution
  • Docker container distribution
  • Built-in static assets server
  • Management server with routes info and prometheus metrics

build Coverage Status Go Report Card Docker Automated build

Server (host) can be set as FQDN, i.e. s.example.com or * (catch all). Requested url can be regex, for example ^/api/(.*) and destination url may have regex matched groups in, i.e. http://d.example.com:8080/$1. For the example above http://s.example.com/api/something?foo=bar will be proxied to http://d.example.com:8080/something?foo=bar.

For convenience, requests with the trailing / and without regex groups expanded to /(.*), and destinations in those cases expanded to /$1. I.e. /api/ -> http://127.0.0.1/service will be translated to ^/api/(.*) -> http://127.0.0.1/service/$1

Both HTTP and HTTPS supported. For HTTPS, static certificate can be used as well as automated ACME (Let's Encrypt) certificates. Optional assets server can be used to serve static files. Starting reproxy requires at least one provider defined. The rest of parameters are strictly optional and have sane default.

Example with a static provider:
reproxy --static.enabled --static.rule="example.com/api/(.*),https://api.example.com/$1"
Example with an automatic docker discovery:
reproxy --docker.enabled --docker.auto

Install

Latest stable version has :vX.Y.Z tag (with :latest alias) and the current master has :master tag.

Providers

Proxy rules supplied by various providers. Currently included file, docker and static. Each provider may define multiple routing rules for both proxied request and static (assets). User can sets multiple providers at the same time.

See examples of various providers in examples

Static

This is the simplest provider defining all mapping rules directly in the command line (or environment). Multiple rules supported. Each rule is 3 or 4 comma-separated elements server,sourceurl,destination,[ping-url]. For example:

  • *,^/api/(.*),https://api.example.com/$1, - proxy all request to any host/server with /api prefix to https://api.example.com
  • example.com,/foo/bar,https://api.example.com/zzz,https://api.example.com/ping - proxy all requests to example.com and with /foo/bar url to https://api.example.com/zzz. Uses https://api.example.com/ping for the health check

The last (4th) element defines an optional ping url used for health reporting. I.e.*,^/api/(.*),https://api.example.com/$1,https://api.example.com/ping. See Health check section for more details.

File

reproxy --file.enabled --file.name=config.yml

Example of config.yml:

default: # the same as * (catch-all) server
-  - { route: "^/api/svc1/(.*)", dest: "http://127.0.0.1:8080/blah1/$1" }
-  - {
-      route: "/api/svc3/xyz",
-      dest: "http://127.0.0.3:8080/blah3/xyz",
-      "ping": "http://127.0.0.3:8080/ping",
-    }
-srv.example.com:
-  - { route: "^/api/svc2/(.*)", dest: "http://127.0.0.2:8080/blah2/$1/abc" }
-

This is a dynamic provider and file change will be applied automatically.

Docker

Docker provider supports a fully automatic discovery (with --docker.auto) with no extra configuration and by default redirects all requests like https://server/<container_name>/(.*) to the internal IP of the given container and the exposed port. Only active (running) containers will be detected.

This default can be changed with labels:

  • reproxy.server - server (hostname) to match. Also can be a list of comma-separated servers.
  • reproxy.route - source route (location)
  • reproxy.dest - destination path. Note: this is not full url, but just the path which will be appended to container's ip:port
  • reproxy.port - destination port for the discovered container
  • reproxy.ping - ping path for the destination container.
  • reproxy.enabled - enable (yes, true, 1) or disable (no, false, 0) container from reproxy destinations.

Pls note: without --docker.auto the destination container has to have at least one of reproxy.* labels to be considered as a potential destination.

With --docker.auto, all containers with exposed port will be considered as routing destinations. There are 3 ways to restrict it:

  • Exclude some containers explicitly with --docker.exclude, i.e. --docker.exclude=c1 --docker.exclude=c2 ...
  • Allow only a particular docker network with --docker.network
  • Set the label reproxy.enabled=false or reproxy.enabled=no or reproxy.enabled=0

This is a dynamic provider and any change in container's status will be applied automatically.

SSL support

SSL mode (by default none) can be set to auto (ACME/LE certificates), static (existing certificate) or none. If auto turned on SSL certificate will be issued automatically for all discovered server names. User can override it by setting --ssl.fqdn value(s)

Logging

By default no request log generated. This can be turned on by setting --logger.enabled. The log (auto-rotated) has Apache Combined Log Format

User can also turn stdout log on with --logger.stdout. It won't affect the file logging but will output some minimal info about processed requests, something like this:

2021/04/16 01:17:25.601 [INFO]  GET - /echo/image.png - xxx.xxx.xxx.xxx - 200 (155400) - 371.661251ms
-2021/04/16 01:18:18.959 [INFO]  GET - /api/v1/params - xxx.xxx.xxx.xxx - 200 (74) - 1.217669m
-

Assets Server

Users may turn the assets server on (off by default) to serve static files. As long as --assets.location set it treats every non-proxied request under assets.root as a request for static files. The assets server can be used without any proxy providers; in this mode, reproxy acts as a simple web server for the static content.

In addition to the common assets server, multiple custom static servers are supported. Each provider has a different way to define such a static rule, and some providers may not support it at all. For example, multiple static servers make sense in static (command line provider), file provider, and even useful with docker providers.

  1. static provider - if source element prefixed by assets: it will be treated as file-server. For example *,assets:/web,/var/www, will serve all /web/* request with a file server on top of /var/www directory.
  2. file provider - setting optional field assets: true
  3. docker provider - reproxy.assets=web-root:location, i.e. reproxy.assets=/web:/var/www.

Assets server supports caching control with the --assets.cache=<duration> parameter. 0s duration (default) turns caching control off.

More options

  • --gzip enables gzip compression for responses.
  • --max=N allows to set the maximum size of request (default 64k)
  • --header sets extra header(s) added to each proxied request
  • --timeout.* various timeouts for both server and proxy transport. See timeout section in All Application Options

Ping and health checks

reproxy provides 2 endpoints for this purpose:

  • /ping responds with pong and indicates what reproxy up and running
  • /health returns 200 OK status if all destination servers responded to their ping request with 200 or 417 Expectation Failed if any of servers responded with non-200 code. It also returns json body with details about passed/failed services.

Management API

Optional, can be turned on with --mgmt.enabled. Exposes 2 endpoints on mgmt.listen (address:port):

  • GET /routes - list of all discovered routes
  • GET /metrics - returns prometheus metrics (http_requests_total, response_status and http_response_time_seconds)

see also examples/metrics

All Application Options 

  -l, --listen=                     listen on host:port (default: 127.0.0.1:8080) [$LISTEN]
-  -m, --max=                        max request size (default: 64000) [$MAX_SIZE]
-  -g, --gzip                        enable gz compression [$GZIP]
-  -x, --header=                     proxy headers [$HEADER]
-      --signature                   enable reproxy signature headers [$SIGNATURE]
-      --dbg                         debug mode [$DEBUG]
-
-ssl:
-      --ssl.type=[none|static|auto] ssl (auto) support (default: none) [$SSL_TYPE]
-      --ssl.cert=                   path to cert.pem file [$SSL_CERT]
-      --ssl.key=                    path to key.pem file [$SSL_KEY]
-      --ssl.acme-location=          dir where certificates will be stored by autocert manager (default: ./var/acme) [$SSL_ACME_LOCATION]
-      --ssl.acme-email=             admin email for certificate notifications [$SSL_ACME_EMAIL]
-      --ssl.http-port=              http port for redirect to https and acme challenge test (default: 80) [$SSL_HTTP_PORT]
-      --ssl.fqdn=                   FQDN(s) for ACME certificates [$SSL_ACME_FQDN]
-
-assets:
-  -a, --assets.location=            assets location [$ASSETS_LOCATION]
-      --assets.root=                assets web root (default: /) [$ASSETS_ROOT]
-      --assets.cache=               cache duration for assets (default: 0s) [$ASSETS_CACHE]
-
-logger:
-      --logger.stdout               enable stdout logging [$LOGGER_STDOUT]
-      --logger.enabled              enable access and error rotated logs [$LOGGER_ENABLED]
-      --logger.file=                location of access log (default: access.log) [$LOGGER_FILE]
-      --logger.max-size=            maximum size in megabytes before it gets rotated (default: 100) [$LOGGER_MAX_SIZE]
-      --logger.max-backups=         maximum number of old log files to retain (default: 10) [$LOGGER_MAX_BACKUPS]
-
-docker:
-      --docker.enabled              enable docker provider [$DOCKER_ENABLED]
-      --docker.host=                docker host (default: unix:///var/run/docker.sock) [$DOCKER_HOST]
-      --docker.network=             docker network [$DOCKER_NETWORK]
-      --docker.exclude=             excluded containers [$DOCKER_EXCLUDE]
-      --docker.auto                 enable automatic routing (without labels) [$DOCKER_AUTO]
-
-file:
-      --file.enabled                enable file provider [$FILE_ENABLED]
-      --file.name=                  file name (default: reproxy.yml) [$FILE_NAME]
-      --file.interval=              file check interval (default: 3s) [$FILE_INTERVAL]
-      --file.delay=                 file event delay (default: 500ms) [$FILE_DELAY]
-
-static:
-      --static.enabled              enable static provider [$STATIC_ENABLED]
-      --static.rule=                routing rules [$STATIC_RULES]
-
-timeout:
-      --timeout.read-header=        read header server timeout (default: 5s) [$TIMEOUT_READ_HEADER]
-      --timeout.write=              write server timeout (default: 30s) [$TIMEOUT_WRITE]
-      --timeout.idle=               idle server timeout (default: 30s) [$TIMEOUT_IDLE]
-      --timeout.dial=               dial transport timeout (default: 30s) [$TIMEOUT_DIAL]
-      --timeout.keep-alive=         keep-alive transport timeout (default: 30s) [$TIMEOUT_KEEP_ALIVE]
-      --timeout.resp-header=        response header transport timeout (default: 5s) [$TIMEOUT_RESP_HEADER]
-      --timeout.idle-conn=          idle connection transport timeout (default: 90s) [$TIMEOUT_IDLE_CONN]
-      --timeout.tls=                TLS hanshake transport timeout (default: 10s) [$TIMEOUT_TLS]
-      --timeout.continue=           expect continue transport timeout (default: 1s) [$TIMEOUT_CONTINUE]
-
-mgmt:
-      --mgmt.enabled                enable management API [$MGMT_ENABLED]
-      --mgmt.listen=                listen on host:port (default: 0.0.0.0:8081) [$MGMT_LISTEN]
-
-Help Options:
-  -h, --help                        Show this help message
-
-

Status

The project is under active development and may have breaking changes till v1 released.

Updated  Edit
\ No newline at end of file diff --git a/site/public/manifest.json b/site/public/manifest.json deleted file mode 100644 index fdd4a77..0000000 --- a/site/public/manifest.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "name": "Reproxy", - "short_name": "Reproxy", - "icons": [ - { - "src": "touch-icon.png", - "sizes": "512x512" - } - ], - "background_color": "#ffffff", - "theme_color": "#FF7A00", - "display": "fullscreen" -} diff --git a/site/public/sharing.png b/site/public/sharing.png deleted file mode 100644 index c8a31d2a405095e5139841294817bdc4ed4ce9be..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 18018 zcmeIaXH-+$7BCu$ph)qkh(Z88DhLQj?*v6e=}PZ-=)Fr#08uy=K&97!NPvV60jWVy zLI-I9fdr-3D1l%IN#4eL-}`>QUvIoI?hnS!-fQi(=A3Kp*(WbdjC8p;_&Goz5Z8nI zcOQX3tjZt|Gw386@Wg$6E)=+&3b=0_3<8}#cl^f$%E`M3JY))fqf=^Q+`d)q9WX?xzd%oPWf{#}xoI~|w&AzAy!CvD`JUH?b#&i(7W zcE65|+|8t4dxfdBmX(c1KQfh5_3|l$oY6w@x19fcyL>u~?b0-o|3f*a!?hFth~D)p zXKOsiWhXVJj-9^uuIM_uz|qcuMMiK)+eq{3h{Nhu=xv#Dr-h}PG6C1MyjYgwOTqsx|0BWwOD+KTsQp|3z&)V(|6Tq+B!LoibD*S+lFtkR zjb3G94;bg6Gafla*QE(}JOmCW^6CPJ-o2@$7qLtNgi)aqGxtJe2MnFIX?YqD1jel3 zPGdb@?1A5T5GdB+q;f2LFCLiu>pct%3@ZV{HA)@!{SZy-vFBrrNN7P6-g9}59i&$`LPUXvp)Nb6q(c&GFH zDdpHn+5jOVh~@>zqAY%3w7@LTC6pIf>eOEWpv_jYr=czrDE7hejXor~q5{D2)?dur zPIB3ZUGqOv$}pT|>QFFIoE`XwB10JEt8YCWX>RsX6gV3!(aU>7@S&GL0%tS0#Q##1%tjrKS| zQl~^3uOz~Gi+Jdy#LDgHkM?UVv;pLFatKk5i829|9AfcO^qUupvD6juHpYTBF) z0Bu7Lyi20@g8_&Nc>xLtc&Z-$hng3FU3S`zR{wjpw-kX-jd9ec9gQI^N6%?j>vsR>1{U3tt7>U{e(9+t~{jz0QD-CC97a>@%|`N z(&U>(G|oW+1llv~WHK0kWt_3Q62{Sx@n-Q8yYS8b`?2TvS5XB)SJ8qPI%Rjl)EHpc zLx7%$&3yr-QdB3mI{o+J@tK4GEM_o^t3KxNxT&$k#qWv2Qote)fX4(&P0N1Zqw|n7 zHQzk}(u!dPYY98Fm95`U`}O&pF+lZ0;KM!q+0&#SK^ZySkio${(8CPcTlGCr$VZ^r zh&j^i#4vOW?;)v^g(q#+uhn<`;F?vLqcr9yXeP6wYi`RQeR6w!WF*GM~=&mp|Xt|i2?R3h)gOYKf3&?p}h`zYKju#JS%kHD&(PTW3b z2%4VqF?*03AU#q~lT{6uD_*AB_daQ(A8wWsTP>OfTS&udF-NO{VRH|yDs~1~-Rr3` zR4J?~)t>_!?O12*H}~<^VzA@}C6s++epLJ=R-NrQ4FXbH=zw3L{mMb}K(0R1m|%o&_3vS%EXMju>G zyX}c|-A#{M*L0b!=dtY#EN3CsyTmwjL{mcGRkGXV30^8V&AlR?bo*Wzzd$4RLU=$x zc3v=Lenyw{X{4>i(Z)h4DUfRkid(d*jx!(0^hJ9;%G(y+B;BAYQa?VQ3BI~If%eAf zNk|TNv#y__*gU*+a(jNa_}qyF26Z;|uf9@!OIgF^Bhk}~5x>7D8vFmW3Eyd6oho== z*9$$E$3?5)SjG6H9d1?*ao@6SE9HN3?Q+X%K~#U$l6pU7qDy@B5iBOM+-H2?I?J+Z zp}&gOuv2h_x3fhf<#2!VG$U%bSyvbuQVF^;n@xit>{wJRBr`p$9_up0GqAE$InxcB z-deEp>`1;E?!#FrxQsD`wwJ<)N%qv#wT)OW$uvsY%<^kq&KT2cRG8&#aOLGKbYujb z?YG0&C~G#q@Uu_AM~WM;p?NfaJ2lhDv&QU9m26KUgfDHm2V}+#Ng*A{V$}VeR-z`C zWuvcIZd@4Io^0#jp9yuc>8JKn`zTE#2WigfHL|$Q#S{o$zG1NW&B7I|?5Zwm^YUXW z)Chu=ZML5>w~;ksDcVpKE6~bOVs5UV4m#;!+{v`JEdg(BZsE|qZY*O!foYZ?R2gA?$EggBAm!n_Kco&9VpL&xgTv-+W zOrR2ZA!xACzN=;Oe9qPgW#iq}s|)E5CZ}-`o56vWruc*)n%AszaJOpEDC&f2ge`pufDFpJ}&1?PjP33 zT-3OT&Cn3Rj7{y*96A!&Dj^w#U3qnr35f4D zsLg2WaYDwp*#;8g?0M-ZyMVbB5DnabPWO`%9(cI^Sf!V9>uirf#I3ykM0IOoZO+yB zMyNqk+2qOgt$H8#O^(bfp?U^vN2b-0ee_GHoMLmiaYK}{jfMYBwQ3t<(@PS!^iR(3 z9?iMNyDL8d?1O-48WK^g>$Y(nll^Wih&N8gwQ$t7_wDUIO}1@wvN?Y!`Ii0l+oM%Y za#VMuxxlN}ymqcm1g{69hDc=_bN`AU8afXlJJmc{7umgcep(VRORO9y(P9MerUZ=& z@o^D^;`Qa5?dI1Fini2Pidn5qEiA`o_K90)@iISZV>~_&E{Wuus{G+$-Co;&J`KRW zheO#WAplX@=?5HO_wFAXr9OsNh6VLtVzh@vqLKkqZCX`nRJi zB;sE{jdCw)vvHMcW!IG}+#8aCd);W*tnq#AqX+M+g+3?pAPPO!LJeUX-zNp8$ z5o7Zl8_N=K zi9P>Jlw5_WQ9DW$cgboAp< zv7@-KjU7rGw>p7T`kM%yFONaBJlVFH`HX-xag3WfL0G{7gJ->tCi~8nGe~w~j&vUt z55{hjDDl9n$QXS@17sk6#`K4|zmctRW?$ju_?MQBP_!Ke)~-(58!u%*9L1ty0NHQE zn5`etob^d=6;Iv=dnt_k-OBkp2*0ZO`)dj;RjYq$>$OW8NrO>QJRrdvA%($3%<)MF80W+1<$P7+2^N!wM64_(WwtlhlYdf@A_4_j( ziV?%zA2&Vus^okVh0klO!1tyO8#=Ta+4j+emQJ(%;jIN9{y8AhUr(lqt<<$U*FOo!;C(YkNSoOusdG z3;+{5`27r?pD}V(l)<2My(Ypc)2h8x`)fiiPI)MN9B>M@jSzOWJhSzWc$aEW-jtxv z)SKea>;2a0JXCqLdFOOdJi6;D3u&h2N;$BOC@$#5Ybr5obQ}47Y`QUDv%YtF zQp7YHF}5)`zZ{~xAbLu9!K7@;Y6Mq}_fh8vwh#<&*r=}=l6_6;5xQ&WduqZk{^hrd zI<&st35f8KsM7_EY zi!Yy=wnHl8kBs8H^39oTB&C&C#xWQ4dyQO2JABWiF}ZDuCuiuJ`2GE#;mEmv`i8Adkqf<1f>c^#bd2+}bCN8{GRSP%iv>Yf zzxmjrV3*1lJpN*>;J4X3W5SYK`;uetv)+wGl%Z}633DOY7NJ&AJh>pHgm=bAr)d1! z3;MhLB3Z0x=psuuC*DS*D7l;!JmcsrT+g{;{fqLb? zThh5J*{Yq5u6R7=h$q(;MB=Wy*m6yjj#XcyqMGyyNUMMaIw@vTnXFCz)X1cpuP29o z<2>k~^~$H^JXyB9!q#=e7)5^oC_{SoduG#;rXIicT}mzr6%ew^8ah8lZ{o*&=%%>>V&4^hR?^b6Tf+Hgx-+TpI(^K82=!ce7U{+}`;t zHYRq17kGZ^{*Tn0WTEW2&;GJHkHuMVP^;3njuOsfG0)nZ?g}Uo#re~=4V!Trmo+=P z`#TxUbGFXVGobC&Mp7A|tjS%crSm8RtY!?!0Z_Amm)?0knzZzwi=bX)<4hO}k-w4% zSQuAa2Xo1e;k13+X{y}H!se8%zhq*?q!!w>S82tRmcg$0XP%&ygQZYZda1;z?36&f3geqTH~VX9!IiJQpD>h)sFJK zY4_BA=<}P-N)|?)wKty$sV&^nIDydVWNIz6DTW-2YuM_rT!H#^gPOOp0rorD%h68a zK~g*QFRz-C$$=WL1-Y-yS($wawD?_nYEs~qBr~_i1N1$N5jD_mB4rV@lt7zthx_6U z-f0R_L#`rR;asl|_FHWMecAB3mM#$Rn-zRZagslAG08u3H^unEVFuIIIb-#QPX8v< z8t7OY{N8eh*pjdFf~g!TJq3s$%I@+f3?^t35qt?#zADh5)=&BnRyF1|c5gxn7uR$PiqRsl7 zPxcbdny&uVyfRao;VaqhA`1KB@K44X`xBlw+V!&$vTmI+F}|z8&IVmvSt3mAc{*q| z^PFVZa&So=!=)$*D->1X+4&Y{RMOjMPn4^*gp{e z*U(#&yahq_A6`1+dVCskewM)sR$@{v1st=^^@Uh#i#v~b%YXE4h|9kPM1N4RT2B(y z%JkaG{w*C>g6wa8=bzsq9}HWp_MV>*M_BZnR7Sv}587{TS(9rIC#F&56XMCFG~4X`PYM}4aEjzG$c>F(d~XvkyzH^H&Pr-*zGr*TIK9%|WOJc$vZ2WS z;MAphRVixZ7F_^f5+Fc^y^Ut8jHYc2^%TFBYFD-y{$DQ`0DfU zFWGc~qpf1zHBA1q6IF^RAI7|1p~49CAv@#xn4OL3FOyGYjJyx!(_#zcf~V z{U@0*!L}0tKczCvA3LcfL6{9%PV?fs(to}|Q#c4(HO~Gw_Tw?>+Ey(Fx~6!`r0hP9 zUb{G~Nc_=Kj`#-u44j506MLdAnyr=meu3w04W!l@g`S~zH`>*q_ zLnQ<(6u!hoaRu*wP>lZ$goN^T;-jzs?jX zvlV+2UM;%YwiDtPg}nF6&Cy;z+9bcT8Ng%Xy8#x1j)ye7ur~|5c7Gc2vUoYQ$Ds6n z@7uUp@y9w`ib3b_$h$H9EC+3?oC)W;CPcphzGFpBeeyGh#Ez$W>E0oH#h;MRC|3F7v>nX%6e=E3Hi*nNoo0kY91BV{;L{;oW2NnJOQGNFDT&-S&?j zNPJey>wo;{BsEexG}S?%vgvU?Esf-nNhGZiUefjh``9R$=V(j3=cK0+m;(%2fWW#wOl1!>6ySF(&$PyXHHlUS*NJ_2Zs8ub^`kTTNB@@GJN`&Zo()k$UEq8sBtI ze9>G!BFN8qpl|v#dX|k{iGhza)LN<|zt2k{ybOGE`fK+l}$P^ zm#iwpSsDx_E}!iLAErHPgP_>+DlMkLxl<@1!%v8IB^$}p0t1bnxeiwbw!CJhRfl}U zqv^MWS-}Rmc>cW`hPvm1JXBSY7D}7ufPT(d+eZ3CITk?4GhIQa;%wlhrsfir+>?q| z+)%EM`ON*zDw&^}J#VmrMfRF8CvUAI;dndINw`4hywm1D0yG>drQ&{!F& zJps-3|EIS`{kulS%6sh~y6_Lvojhu;(QR)4%Zjr%&>Z<=)1iFOL`0A#5S^i&3AiPQ zR8W?8#6+GQwwHYE&SwsuO>=ZF@6kTZEbCOQZ({W2e3XU@#IXFzkB+5j@T1<;gF3_g zN2qnM`!RG+zuQX+ppB}a>?&jTBPuQ**K za`tBRG!^9k`jfr4si#-A?=6L8(fw$y*MW3E0zDbO*I3E?$t@!oo>w*fEM z@acCMO^K1Z>dV1i?XcK-fOQar_7B4BiR;S{>Ek#`BW}YDI;GgI?6xe%NE_I%7dGXU z`;zb;)%%3Fd&-|YIbo5J-D1b${ES_4LNAroVzz(*Kt8nTSI@9v>vo1(NWJqVVC8v% z^M?TEzrHQ1bP*oDvjPve|KE&S2y1KEkBh-#pXc%%F)&)ggAFsb2y}{0BWm?tWGMR8 zlsPlHOK1Gk(1$TMJ)D*XBiI1TuiliC^Nyx)k5?Pz6wWu$vlE%~a$Rgxl!<*j9Z@Vi z6_Uo1hA4KV*gcK{R_`?(m&v?i&`0WEkEs825AT>_E}*^Zuv^emQ1_0OT1wR*n`OU; zIXlm%2%-f`v0ZqTZtKkCVqYfaRvS0W#$r`$u}FNG&GzQhA0+yZO@df@TV?0OJmYtt*3aju)vEw=n*|;X0*Q~U z>h$tn!w^(%i$#2Q<|sY zIFsTT`x|g%j=~w-*#vjWjQt6%)e$(P(#@kNaS{K6zfAwt)Z$Fbu1Gx9!t{fUPt?SlA++FVF6%!SEq#cIEWfu%LA z`x%GW6A2eN%O4m$(hPhb9OD3r{UU3=zPmh7QewXs%KYuGfaBazG|AOa zcO5qiYe{oF(h^&x>x(hQjrl;z7M|By^{!6t5k3+-sCwRrQY`{2cyGPin6QN{TEC(3 zu#ySn|7#(hryzkZR3ZPFptW_GkxnxZ-twI60djjr63R9}#PU#dq0qRA5K+Ir2A{Wg z8Z+|-br!bVF}n8ILxZ+-6Ihl3EQ?YUq@i?A8zg&ifvh(A(RGm$i+Bz zq5sa=Zc5+%8bieXqTx8Uo&kGIPn&fmg&+OGD)2pLxw5cuYXVUW_ryeB)HOo0fqZ<$ zX-a$e*zUg<76S5Go6-(6Ecyw6Yi5R206CeNu48`91&{D91e{b>zIgy~=vS&v-$k#> zSH5>Xo)BVMj{g|`>wURcfD-Q$yr~y1a(CEZ@q>@n7RxMzarkr1> z0aj55GRZGiV`OpZ1kq{3OBBWa8uP$IQ8s##ikZTgnv z32wmn?amNS_6GpkUp@T?->rE~=4AP^fC_dWun(IzkL?y&SojJ3z5Ylu7>+2$>H#z{ z=o*m5w2iNeHO)VB#cQh`n)&K*4hSR=It6>v43 zU-)n|(Wtce+7c)^5wN;{R<-IiGio2vH@7#o_7(EYa0#kq!$;x6E3NHjgv$PQ2 zbU;46w)y%{J1L6Tez131*@&4t85<=mwmc~S#5r-m((>9uFAm85!HzJFQQK(Y7%o~gExHd!A*~vBbHPt*%^fEKlXVbfE=WE8lwFJe znsjc=Z#ou0n%tVH*G#`7Rt+t#(fu=5@|3c& z-+zyMo)2INQ0IMC@Ebs=1D_!#yrzcb&onkx@EHtUONotEebfaA1OlC0S9KhwmY*xz zRTXCZ#wtZtI-93pE1v0S@JC9c*7j+4q8U^Igl3aT5?X+i0Zt`=Q?0u`We}Q^TqQBd zPdq}Wnk)jya2xo2WPBH<7ah?E44R%20dt7L*uXZMV5m8u(!rG%$b|3Ob|u~a_Z=bP zxRAku1mx=5ml^J(!QZ={j};GON@ofv`K1|76mB0;ND}b)TPG~59VCxSCUOJtEOXZu zVk3wxs5Gju#B#NeWQ7*G=eB;?FF+$y?3?|9)7Rlf7}=p~Okb>x`S>&{WA-O4PgkHU zE?rk1XwD2CO%vswKZ;-g0aKu~0DPT^oil=XRkRqDTAB!m(TjyPiwoCBe*+3}0A5yM zrCT}JYnJMIMYlkeJ1}^-@oa&8b5O}~h8-EF%&$U}+a>~8`%pZK?ka@WX_{RcU$L?P zxi;H$jgnn7JgyD(NpQ7}LKy2Cl2lk&-T#HD4wxHvq0&HC3Vp%n?)vrgB} z^bPGrXFY_!FMa3ymM40FrS!ILhf;NAWPAiMhC$`Cpx%}IYD`Qn(vpmCXLTQzjC?mT z7p*Auqm4aWf{FcRFg3pg6h=lDQS??{W#;mFri=qk+vMsElM23R#EZEQIc>xMX`5RfPTqvLV zz0II4y**@@_e;lEeGGH~B1nw$KPv*9Es*MCb5h2ft27dX5gcc4H4#1TYf{=XH7);@fY#$Jr#2v)w|zD^@cwckrbDY0?IDr zA27QuSY^FuMjg)Ui-z^!^e8I>%a>_;Bjr;IA?OzoxoL`}6_Iq2C~LVffVmi-2^v2; zS>g$~g)T6T!7W3m9-2f5)`okfeZyUK1S|>1Z*2`7Pgd%2C4r>i2nc1y{6NS4w%b?5 zg8f$5vL(!Qy^U(I(J`QS{bbgBRkUks9nTb38~Hlcr^5w8rD+f&Mv&5hhqTZbpL*jU zA-9dewmrD@6W`Y~)d)zl;;uV>U~B*3NPB2Cg|ewsE!Ub7Y-Hd1WLuIdtzkZ_%01I) zmOcbeLHGSa%&Pf+jc|-HZWoHuB=Vhz3biI$*TcQ}>5ow(sQMKSI{+*5eXnH~dDcGDW+eP~nYytm-=>sS_xee$dypor^R zjdv0pBs%|Te$g86y{n%9&s~Ukm&bR zIZ*#lIGdaMyvb_l1>Z#^MuL#LuGyNU29Lv<5Ys5zNS30u%(O0JXs1#GRQn44jVo4c z<)F`6KgiAY?9GYW4(ZV5VHqLSCRr^t?}apHwFy>bx9SwmpLLZH(x@sId5p#k_L8#H zY$A#J7#5YWP30dP^dln2*H#=w;}6<;M#+Qp0z2XMyaVl_aK1{H^x*KX?&f5D{6U*5 zwu)X=UzKm=j+q)6er8gCTwXCg(pNw6#+R<(&d9&C$v@=YC4#$gi`&%9N$`&tI}Jv{ z56j_)FE9ce!iXD6L++9f1W5Y0l@a5Z!*L12qP`?=7`Z~=s2+A8jzPivH(iD5C67af zT>;MbJCtS>_t%BASrF#Q_H0j31?S8QrrjV?YK&bMD89v%Jt2AgNOqup7bZ6i=Ad6F zXPNLFZa>1CkL+7V#BAh$0>eUusZIppwpGjx!j=KeUz~p0KhGA9y zVMNdr%1p_3gmx0Pj1atE=NIniUSC)`7? z_dIRck-pqduw@SjJ<~Wm#CV^(Y+fPPTOm7oQ9M_uTQSa%%LxGv;%u+3FX+I<%_~w} zzRC#YJZTt4E9|kVWoXzBlYJs-eyY7mdG(tGoAtP5kqmRLK}Laj*XWg*#^|XEfw`?Q z1hx9xo}AyTwR zOTrVIBYeu&#J&s-{W#+CV&fK5bF_GhF|IE;K;!Pw2dQNm>?=dY?&ZcruU^yAE>5ne zvf%?AR;5eIv&w2W^hi@PlvT7@^xA>z=o^8hB9ND9=q;5GWP$8?K5bWAXw5;NF)Zla zGHx?LI+SC)Ez)lS`lvL-1wIJ34aKtXZ)=Bvmv^cs`BRTEW-UcgD zW4^lEBc2Y$7)jYCs1uZg&$z24@ITgdxVk#M6;&~wW@A^}3FHrI$_>mZQws5W(X(hUL{EDG{d*r?-8T;OWZ3YrbU4cjAM4p*)ViMR8+WHqQwd0IC z7(Da^9{kyb30mrH+u?Xh=@fdyvn=t82}>{Mp2a0~F0PY_dK*_)$tKGqCe?4+;79bl z5$#n+dJKL5d1Y#g@)l=zopVsrHuS}YDri`dCqHF?tysIL_q}(}Oay!}A7@j-=&s^2 z2UpDYDo(Al$cJp-q*8QnM%(NSTlG@aD#8hp9E}N@`Xv9ky3Q*&GtF_g5^?8r+AXuV zx;6e2-)`xgPy}4$|M=iqL2?+6Ggj~f*W}QZwpE0zQb=xEWQwHHThjM?>2dw<)~ zBz7fveWg#kc->>W)Ewyeq&SbDw5PdY+AqUtj;A??$1cQo35|GycaKVVT2o|{kKj$5n5&(o5=PX{pfM;=m8H`N5YcADtt_e|HDuQb;OTk{e5zjK6KfCEo)K? zTwe!8SosaptA+3!KpY#s8VerE6DLmss zWm^5t<)|CIc4W2HWjUX8TF#c^MVNrZDR5MFQbpC+YWo_FOvY>4=;#$l~X6hAFw(n=ym7g za2uuQ_WpZuc+sboV?<*d<=+T%T(z*@RY!-yWF^%RFBFi^LNgLU2gTFH&z^U zztI`m*+ma2@^H1_BppYdxWY#|rjV;Wh(`MdB5_~ef7%+o96HZ*IQpx9lbZ{_`;CN3 zT{^Up|AOq8s>ow`#b!*x{ymE}isgM}VP+GGdHsue*2Z;xBlPJfodmWYxtyA$4!8K8 zDb&gQQ2R;Gzg|7f08{Icvn!RP2-Q70$+~IS9oC@)kz+WJ3Ni$X^Y~5)x;0&apVNl= zU8wA=yYKr^1EcZk&RCInqbu&lXmTt|&+hlq|2PFfZ@fky>aPc1&CLB;U$Evjnn8r1 zn!07I!aDiNm9sJHBSS~iOjr@7hmF2uG-5Q-^=*BmG3R!wA^BHyXRQbS_-L%(jF)&b zeg*C(eR^<(Fd~8tdyOm!b-AqE@Y#bdWxTv8u9$15D-#0aHV?_aF3~^OPxcc~l``#K zHoPux8#X&dp%;0(r#hzvhpg4_RK#8;`Zs>}NY+K@55sj)Mmoq1v$`2yWKuw)gL_$v z-@J*y#Y6yycQCNE_43G$R6v>RtpP6g_Vq!oHJ=3;mzlb3tV=4B3Csv1X|%g1#%4nzeaSarWY{@T?B1yh2XHb*+7gANu2kXn&(czHHr# z=th?_s*W>f(Qz)&_YRqxL%#%b6lGmJE*FfH=;&XscJ@lTca?fAo)IeXc1pp*Np(*S z^$dY#3~lYbr7XVXKpT>^>G`>sdnEsP6P>TB0O>P?z_$=#^CjyybgwIwG|vp^o%7sj zDq~eZAtbW_>)B4>unCV0_U(k^I1KE$C|YZ9Q@36?n(;`sT&p^_2Nq*7Kyg zM?LRFyCYuaecGvL=^qh~Z-Z`)bN24KM3DP}8zW#j{U-HaTuX@UaN+WgeeQklC$$nL zJi!W=RS@P9yAGuEbww5bpbjFHmayD;|G#EGmp69F`{@WoSSCwO6>9_j})03o+>r{-qMjo zZPN19_$8eImJtlOt;qa*PsZ)hqkhf^o_Z$iXg}A$)2tW!kA8%ZuV%eRXiH#kuesET@*Ulm2=E(!*y z1f=SdUlb-zpt|O?KcxB7(HiDp@i#q0fOuQt6Lj`t*}q3VWpH7sU42n1Z8` zgR^~w?&+TlhjA1KX7szllA?4=+3=isJZ0>_4zlT>9U;u4{!?pxDBASv)~jy^qHsxV zoEhErX(h$EZIWkE)buxU)Uc8Cl3znI5&e5Sg0IYx-U$d$wVQzCIot*&AHb(oF0P zAv^d-_yemrp$SoVz2odnV`cd=RYdbI(glS#b}ml})x2jpvWh&}v~TOBBp}awy*QNB zriP^6{w9(j?!M8GRcj(2k8J!FE>v?fA-P)| z^@dYY%r1A(?d42cG{P@vD*^A!rMNCMXM^K1sYe_-ET1?7a-Cny+otZ7LZFA3b6HCX zno4BTHTO4hL(xvA1V@BC=Or7-D@2)3y+{ehQuyR%=}s!R+B`CMiRzZ3%VrqSPPt7$ zVjr$TEFwNOFP*W;wsm)U+T;Jo(0Yt!ON!1!{y@rgRYFml^nd98JLA<0& z490^=8z%eTvi%#HH{9(x4TV)uVtxpdVMk#Vk$t%v7`4?+pPHt1jQd+}cQQJt3h~kz zCJ;$9uC**4?|k{WuW?BAlz+8hiXNmwJgM z@*xI%+XF`hzQfd_xY`jkqbwt<$p_=+IOXk)x0blbMH@5;9ecmn{-FD7QMn1}Q_dM- z#3#V*D+z;`{Ry7~iUCo^9i7O=g?5Qaz2_S-Moj++c?@qmR1Wv*CJ*#`|mr@f_UK=s(?aS!Hu)l2x*X zFApRU0`5QTPIgT?O$tVlPg+?zgniXJfo6pa?PVA?^>+UAQsd+WbMQ@p!X;|G@dYlM z;0lX*(M=;!nD>o2CnNxhkPh_p`$t7PAC?4%sTHBdIk&t+MKknWgn;m?F!U za_-#=hPf)JCT+n{|FKateMF7wCB1^%{rE{pbIR* z%7RWV{5{tCJyQ#XuEq(qE&`-$Fc`$$DK$9iEf{W)-Af-y#Z!3yURe%bjwU>TFCB2% zyU!M|*W-flBXtQi)Q$wx@^^3ko;;U57CL20_N_{9!yefUQ@0LWF+c#+ncSsvchgQy zVPYUOc&gc=^!~6dxVM9LspFYDt2m5TZP(-WbRLTyFcN_n~k8&CsxYp zcQqeru>N7l(gV#${U{}Q!IIOVTA#u5zyUePw1(V*Z zCRK3Cf-0in>G?u-_AN&szNF7`59lcs*dSazli>N+aRI3r(DxWyu2-EwSn1SE<&CrV~K?f~gApyl<#*#Ipbe5j?^0mK3ry$Ja2 z4s8c-a~*-3BUUE%y`^|Qe+%Fr7Jz@#2U>QZvjuyZ>pvKC1F$B4p{2}MtN^ELMM->8EK|zTCEZ8+VR==6Lc#N3IN#zAA+D^$Mzt;L= zw3z|4QSt(`&%yuM^)@j5rlBq*ycQVU+wnc2>_>!^rTIHZEK{qGo0}cV7eIa%fqAW^ z#}hV=KUd%fNYL~XfE*|Ufck%z|B>K-T=4(v4}lm1a%52WWu&=C4*#(tV59{Tf*;rJm2s4`ThR*y`IQZDzMylQ()y_5~dOItS%&4qBaqUwB zT%I7MeGrLnavSmvW?wi)zrywoM95xcNp&9;I`_oY#TTE!Bb56OrBv@%wa|@KNEX~1 z1_<$K^|6j^lRasa26^UaJw~qJ3itJq&dE9;H-nNpl=9l>^CXwIhB7k%LoXq%&6AaH zlr192B@tLNs-e+eI$^Y9LEU!f{vKGNQSaI~nrCfIE{TTk^TgPX3dSF-JjnsT%(DvX ziMF|UOHc9{l(vsyE zRAKa4TaUD}PyxqalOt=c1Q*ZCW}CB1{1I~0G(vtmm$*9UI*_RV5mshYy^jpcR$!Ch ztJ>AHmy;*!rE;{{C4Mku?wf2jUXmurH(vz)66jlB`yDe}+S?#cZ3Z|*YZXrFXw<(w znhp~zbfRJPmta75WkIzx!i-YQ)f;Tc$jR1b7lJ@)kF_Viyz#WKCOh^a@eXb;nIBsE zHphke(XTn^0@{`{ZXQ0*^*yODR)n$p)`+_o#4KSsAmxBhNt|r%)Qql+FMI=BZ;{;1 z77cd$CIVuqp`0d0#J_Lp`}W`wuxg*AH2a^W|K)HNrB%E&Zn}&_+Nq`ukT9z~ z`x3qmS~-#30WOFAh6xj*!AD!(0xd0+(I+3YzWUQ-MpM@lHnFaQ;H?X*pLk>d49g>a zw#Wo|=39d(H3gt|+_5Ql^~9HiJpgDm%9@&tS%$y+v6gubZ(YF}z@e~DHD=JgVLep> zU0$0I%pO#SQ3G)4xTj|!m_2XVAVEz)hYh=_C0pWTrg*S5AKf~<{^8JsQAe``VUuVA zaKbXqOgG$fJvKh75{_!4hMCI@8IVZkYLXz=uuU4vTKtDdy1Zy4tR?)|o%(!Jk-_k7 zz+^9+-E2NEPCs3;b!KLMFyk*+@v6q7TsCbZL0%NS-dAqFC&@oA0xvp1tb`Un5e3>@ z!CR-wM5&F~)t#E)`M(5h-V3aGsToIyd~XF5Ho)rNyMlMf44Iga%%i#iQeV~dgqG>W zee|nMJ^=rjmK_R3)u+Tvj7Sz<$~Xq`wd>HvavkTFOEnOUhpzUx-3&l6n_}qUV=>#z5&6Z;2@b>OB1}6v=Wqnu~0xSvvjml*)oFM zxct36eO%(ypMEnITsZS=&DV#EX|T8u78m!P2hBT`qrffzou_KEe|g@a3#iVdRNX<)5jh}#YX zOL>B{!zckk)%0ZRl1!O&d2djA<{?)->Y>D#hM!mSQW6e zBK*$O8-i%_AUpN0yTIhhpG#n*+reeAKc6x?mQs|qG|O8zRD{x(S?li6`?z$Jlb&r( zL?tjZj*E;)6C=oj{xRD&5B5$T__?h?0`!g9ral-q@N{w}y3YO;dep+%I}Oh_#hv}R zo{;?;JuId?qF8NhQ0+DRUSn9GS{I$tJpPrpvN;iUpGZ&oaDKqbIzJ4~-LN^qK(pxR zLr?m(;ddB0%DBvK*AupjeQ%EDm^;XVTxwT6AN%(J%FW=WnNgbtM~yx&T;;84zKjlu zd29O~@h|C-%$rfEP7KKnek(n@n3HYp;Eirh1C%9`2fsb2;|V(^qdSK9e{dfWNjsat zy|A;ZOBLg$rA5BM9W}*Nedr@NTETb|d=f^X?6zg#us~EbGgW#hc=`gzThWtA^)@(m%0|JDY0M zp}U!6(GM>Wdm?!I6OvtAto;iV!n9*7>zB@=gxeD+BedMOf4pFR8cO=uzh2P61QqKU zc)>^i0r&-~EPobR>4sm$3AY1KO%f%F^(TzJ&Czy{fz^dqEq00bJyOV&BxDDmH+#m2 zVdQH2j~5ip1VIY>WjEG;%vNv+L6>JJz)j!EQE)hojNdz+cD0)*nL3E2>o29H}L4I6JT@z6$EFH$pRy= zqhF1B3z$r8jka>tcMkq_8K|v6m&X~Wy!giK==zztfZ|YF>{|AL z>!Z-C`~9yEe22Z0)9Fa4Z#f zy;QB}`}qU(Yi%EZFTQhIdI`z>r)DxG2-(vB8FO(M@d<9~;jMg%UOYXn!VrvUeS?IT zG2AsRaMc9=T;bO|%ZU7^ASQdh?Yczpe*k_O3mb|R_Z&BJPSRE-S=+efEfFP+kIRlQdjMcy{yq3DX0SQ9^P(Y~5R9Hsbp)2~`gLk2E7yFBZ3-q@M{cM3AVHrU)^8F6yB6cewb z8g4k^+uh<;SJri_d^jJorT%+t2m}##d_3q3c2C;?&AH^`XiWWqMC-Ta!+R4EUP>{*XQMZO2~)-y1CF{$P2+Q2~F}FdPC+ z+MOER>^|mnhOI0n!r@+(jb(?}Sgzk<#ih{3k2jXKldRgo@VqKK=e;glKlTrCFFU)G z%*L8LQzcm)2DMPDYbf{Auxlw+IKSaT?16z5aE}qxDiq0o!QgE^)f2E;c$~;9*i_!?uzL zJ%n0yuFYx44S)Pz%i0xUF)*3F`&%eJA5`yy<<$>Jix6il#tS-@g% zj`{N3rE!?MprS36+-0#y&z+V;_$Q?I6V zrCVQE8(o(#1riWos_poyiMimBOTM}0H9`Nl!gZ!Cq zLJS>#IOoQBB`M`P%=v8dVU83+6E+&L@n!}F$&3Vt(ya*RuyWp4@aFbsy`LbI- zE@_k4)j)9cZDZMn2ba?#CfnxXqVNS;z6cSvzDrz+eIL^t{QNsZ$9L)~FI6o7$^RT6 zJCA&La?z(7(_qZpp1id7C4CF#tK?CtB_3&x%?mBC(DJQPFm|@V6_pZ6xn7`OUJ98N z`vPTU-LR&Utz{0IBIEj=uFeon->dr-$>)xqY0DfFa#kzAac^#{g{(yHmD^Nijw{5& zS-U1+y}_P=*c9=>n%k-gFw4PYRgb~!nIV_==l3u~%^MUQyFC$y^NX)S3+yI(mJ^jI zwJ`y+T)?mJzCa2K;_0xVZksSk!aff;(E()Rli4ZhoCtPn8IhEtho~9tnP>jp-CC0x zEa`WIPCgin&3ZFYtVwI<-kl`ZKWY$l?-ybSzH2OFt5QOUalgW}38g)E8&utUVfr;p z)7ny!H0yIZFIYq*UDrbdduh(p#6QMtn@PVGo5s@S-iB@N-w^xuIrUKHp>F5a+{vzs ziP`25S!ew{R;*djA214Lf}&QkiIlqrP&-uZInQiUN#ODa|ESEfib%Sshj@{IPd;Nt z$HuzMBeQ>gacz9A$Es@K7^&}Jag@CAWue|dzRm_k%K_vQejMm#4M3`*nP;$hPc&Xt z%@mtO8*eRR3+wATcTUzfthWTQlxl&0W=hqHx52;iLmShg!wH0aI$x2KF99gEN7kG> zpaXY7S5B5svOER<;@7DLRm*N6v+L+q?I$O7u1>P7P4!9amC}fA;(V)mW~Kj}#RKdETPyY-z;meN<;hX1n>w|$ZZ`PW0Ij>k_5n-{b0ppea$402Jyz^%_@WXYvy#jc7bg*%WKP$)r7*EmoD5VSOP(JiWp0E3zRCQ1OaRXMCJ2 zc@WyTvp3(#d#zx?m< zjNd;lkR^mNt7?2@JY;WOjcuefq46}HAvTfthv{%WLhJK_*nz3nym*g5L?;EfEle%e ziK9Db;*U+u@t7VH+K6q>6PUi2!loaTF&=Jckgr`x<`$zTwVhjWy2NO0&?}YN!>{B? zcOYqK>_!*o4r<@+#d4&w%~M}vwo*V9D4g$LLsLWDEOD!dA1bEUhXg>2*lE*q&D zlNUqi7vhM4SVZr)b?nH^6RA1VHi4RD+ejWIrI;@>o9fIn!a6kPGBP zePDEVM2?**$TW>N;CrrJVhLYfYMZ#)${713^WqEg7Z8MO{zorG&oYS2+;z(LK=~HZ z2{maX$i_U)wx^Vbr%-8A1CKIVEUb6mz`6tyN@Zrf=vRpaY^}WhhEZ`V&)rwCF4_f| zh8qW0cE>fSGuhN(hEAI4qwa(T`SxDqd0cUl^CuURtumdPC~CRznx3$P*K}uiODxu9 zHTQ&x%>aA(6aweB^;#?I)6rO$Q&$fN-ixh^C$b#FF35ZzihA%x635w3tPBdLdOt}~Sz7nHMp z2J+D~l_uU904R{z-26+2bEtcvfxv`Pg7ljMGwnIr==421J3bTHba{%}T^)P2=BfZ> zH+9%kB)x_|OmbNSJlU!5%&WLaJO;-}Vu$(g4e&i%rats<5{hT2?z$Y3UNer8e_Xv( zIXfyF^}r9=Z7$g(-2G!&;8#jRE4kG_fG*tWuz*%*a=To_7SqP)=y#u;ee~RyGR7FMaZIrh2ygA=U+#`z{2pFJA&G za7fc5xo)O--jaaW#tY0LDIcMLMp0x&X(T9W<_#Ogpobux2|6X!}HDWz_#(7c!rXVc?<@N zipw3Ya$Sx0nTpm&4&6=+6aJp94O|8&q~ykDrg~_~(x#$oV-}y?&u*%>FuBODGpjbn z=E+c~w?k7aw9bx5+v1L#vwnH33G-#dBMeLp3*X zFrRkP;(Z59jtSkn=954a-C0Qsw~N%VI?Ij)P< zm``}UiT%?qzTKHQ`-l|pNmF8-N64V#Q2eBCWb6w~oS78c{d7%e4R~l7LZ<@7D`m=U zKiB18>Z^(0yqn(sNHImSZzg#CQKAWsZZ$(@rVgJXnpi0uO~oG?Pv+gM@%t^879w~P7hkKA~pQ=uM;e6$o zG^jG!l-3``<%RUT1$BR91$m((VUL?e%6Eow_5~v4@RY5vtb5+| zN6#e34nj5uds9XK?X+IYq5iw!;)H$M;i+?x;|8i0uidWg)VP0#Fxmu;#x{Cp`! z<)IGe!$jl{>wzzDf*@;FVr-kob`3kt!;9^_G$>JSIEpLs#MbjoN82T^x3{l2LOCJP zGBVZL)MdJ!00mFRB^$V{u6N&Rx=G!~fq^CgQ)Pd#UXf(BxyFJmeYfMB1Vfl?Gspi) zCm%Y5#;k7LhBLSru9;wK2vgfvxnLKT^9&J2}rle2GN5V<(Nc zYgG#W2KCuQvSgm+=s&z#q2<$l&O7y4TYD{nX9!c`1C@*1uzRo>VxYSFer*<(y`8Y1 zeR=<^yXR|ZL^1LA!OT4;G(8n4FWi39Sxuz(1u=B?%#)%rSJ_!!+&~C28*srHu zvk8#ZToD@$a}s(?gXE6qa)if!<{P$oY2eIQ9h~p2m-Dbo8`3uwG?|Rh%27hh8;`cl zH1Ho;Yot|TO)WrO3bkx&?ZK&X*kz0}d&k}pc59x;Z*pZRRMETZXx_q6L+eJ2_}BG> zoau3)>`P!!115He-E}yWte1Gu%JomS&ivz_mLH&;kd@7qldX(CrxB?D@06%TPdTH} zXk@iC()@RV>rmeiM>~5T@yfwH9*ROYa$7eS#l`OR*GJU0q*vd+wGhyKIp+fLY4cLN z{;lzJr(E;8az&EWyIv&!dGSrzuL~b9I$^GZt5ol&IVTQC?G$2TtSD=&g2-MeMTzZpC@pm}55u?&8ko z@XJYc>;w&4-2GV_`t|CM7<&b9yIpXYGvC?B(F7gZvxI|TEwpe}Ua0OBY?cRCuB#@r zbd|nxi6!^!!ioul-F`brZp}Y)TpiT$49Q)W({9b5+dftT7BusumDUAGGy!LJw3BoA z%jH)Wm!#4+t&$7Bl~m{QUx(6?5BH+Wf_o{y98C8!9?R#+6x;!C6j?tl`Wj>JI;-q4p*rzw@KL z2AqZlbt?bD%?g8sj0{(XA*XXZ6LbMzxd z4&g>TH_qgI(|L|Rcak3GKsA+r6jMB&{cEDRJUTYv?{~6TZWmke&l;Y<`<%mU;ntP+ zl*WZ0bbYU)O;_iZ&D~uCslzMwjt5ntX={FgmGjT+6ZX`8;_rXHb)w7a19>0hA)~(W zGZ-i667d&DUa*_LaHn;1^6!D7#}fi(Gl_D8cCp8?^(&@hMiT_P2Z?njLVB3=%G~nE z*o4&AQi%87;lVvME*gHP=+PV8CL0$;8h@~CLMNSA=dfA#cPUTa@Az<+;Rv!zEnKQd z$(VM8a>U77T)AZCoF6@+=|pcwU|aa5ywGMyv)ani&*7xb;m5Lh8w#qzC_OoSDIfny zj1-eGY$x~o0_IVW7OGOr z(^&Ig*6J&jShig?jeo)D(ANV~wr+)R!uTMM}Uux6WuY&|CSn%!P^ z$O8^RI!<7sPvhI&83IP?CDtqmYXT{AZ*)AHm*8R@dm$0E`8jwaL^v>|dou@{bHU+! zrqZLB|G5waM;6x1HbHE1q4b(l`~fUPKCC)hx4PTg!uF;FQc1bTSbp~LE|J#G>yPS!#Bwi&-V+>K7xvuX}b$wHALkm!9BnzEuZ;$M*v zMUuJqL~l`;Dxq|EvTV-g9h_~GtNlE&V!hkqI*1t27OHx(z^r2A9On*r2rhJryrOj~ zpSp>m83?>U_Va7TF)sR$#PlKdQi_%IfGsIME#Rr_G(ej67i3P=bZ_mhheX4{6OTMS zdZ=bCWy^}C!ka`(e?-MX(q+TOm{F+P1|TYS%0DqC&<3HL0ZKQU>Q{*T;xmnecNJQw zDh`L<)W&FwKUarG3|gpJel*oCIsYRNCpAOc?Ml4B0Zf`iC+vkfhJOd=*2SfmI;ai< zR$IAR+aD(cb9~VtW>^|gOQH*wD>U$*h9H!!7Kr5gfv&Ikif(osK z)xSF2u9pU{A%k2sv8#h+rlgQyy9 zrn1bHe_|g%Uc@d0Ha5V0(;p+Vdm%=5gw9KD!tXf|?VGDR&@9Cra4%pd&WT0Bm66e2 zsso9}aOBWXQXW8RpRzA*Im?0Osl94$*!Bb-f0!(~6R@J?V!~{D?7QpGFiQ%@*rhHs z<}U1e9dLc@kL3U2BA$GMC|zisItYPfR!l(-;UI=b9Cr>6;=BF2ucAA#IEI>n&{&|0 z$znhj(Hoj7ET+KRnv@v}*b0qP2V?U!m}F~DGTJtEFj%E^OJ88t2gDHtpjb&?>(zB` zuKuG4&_JIwt9n=ToJookVt|eTs$DkbNBGku0cFcx#C~ca-jZk{3YTpOD%79b9HYHs z?N}qqh9HjNB`@T!AR>+LK$B3*Zp7Z3tr&8><`yJG1@KrDvUDm8I4=O34Yio8-!HDT zV4WiYW-=7{>`0dlDbkof=nZ9qxHdF~GoLjdntG{T!kRs03A_;FMFTP`VR5@$9^YGl z0_~SJAG)+#`2%y#4g^Bo=+ori2iMl{FG>RoBhUlBDr zQHBUG8X%q18ykn8Ab9EG7{w`|yXjkyFk#qwAKICt3R8h1y*2zk5cjb6Lr>#y{EZ2r z?pa7Hy+mQXC@sF9a}dO762v34!#>@%oN#z)s80+Kwm13XmrAPvOgU-@9?&yrPq6zI zL@Z$lfk`!Of%U?mzQpkdC^0b{Lx)0RtWA8b0^u^0IOJ^Kd6!*Z^pqpl!<(_$md;cMFQ= zBU>xw{4Aj=vH*(fb$LaKZK?3=F}QayORrnM!hCMOKF)ClA*(QQPxl_GnW-w}s{~TR zwJ<&?*`uZO`QJ4iada~8O%j6e!q6z3S&+^Y(*QQg3PPW6Dkro>F8c) zKk@IvhFqzT0yvuE;Oh;60|Hy(fRH90DOlz=Syy^A`#c~I zdD^U^&;S-yV@GK0sl^xHtY;c*D>0`|!L?>f^lU&~F!d=6E>Yr#`VMGyfxGz8-IGGUNIs#K_`Tr_1KOlKASKf-D2+CIo9Eu)QR!*3;pkHNs0p|S4zf-al;X@v(N$yMDN#T`K8sev+jzs1tUu11{O96ShNPMMo77mGf!D!U(#e z1wXcr9a=7XR6`?~bp(nXDe$K30j{cnD@U_KZ{jMqtWW}MSkOBzyrxsJF%osc)nEXQ z6x2CV!VXiq=^{VY3v9fDmXVs0`Zte%;xcv*7?)_0z?{;u4_4CvuJ?iu zcC$mT2s)w#)n|LWIpL^8GVtwqL8dLosJjKYhyu18k3f|H{N{2`UN>G~Rx9!uypU>m zSSmte#Kk|C1DLh}Or)Xir^E;FbEgf^J#Hrd>wq5tgSAi^u)FNzVpL*Dm4>b6ptwqn zvYqm(&}}TdD=)y<49fNnR6>^}_axGZuM2!iQy6gfo;&~IO3jgOO<<@E47vG;WKTFn zTBr|19Rc&QknG;oeHlz2)wjSI2H%NxJd2O6(t@IBh#qhf2u)|( zUBjNnDQ_935SF+311E_$uFhg2olq~43!Ob3MH=HN@do5nZQJ1MzLwXKM3eRD@-#?M zn0K~JY45=t!?UC zb=0@%I&9lY(lsFIXl>rAMcTUc&f|QA|7U}@uN%!H`2WA5<>$Ig*dT$Pu+P_n9&|jw z9SI5w(xCaA3Uod0=dR%!;CXA*ND>w~op(4urydWI^9%6xpq+M?qX+xB%hCMkt_X52 zt#@M0O8@;TD%E>F)=>JX2v%XWhU;n(1reLX4OkI53x>{HH>|=F2f2@5nkp-5Dx@oL f9~tDVT^h)+_ -
-