From 154a216b91a9e724b2da51df741ba5d353348244 Mon Sep 17 00:00:00 2001 From: David Lehuby Date: Tue, 23 Jul 2024 16:39:52 +1000 Subject: [PATCH] PM-1888 - Add kyc-management-app helm chart --- .pre-commit-config.yaml | 2 +- kyc-management-app/.helmignore | 23 ++ kyc-management-app/Chart.lock | 6 + kyc-management-app/Chart.yaml | 30 +++ kyc-management-app/README.md | 101 +++++++++ .../charts/postgresql-15.5.20.tgz | Bin 0 -> 75723 bytes kyc-management-app/templates/_helpers.tpl | 66 ++++++ kyc-management-app/templates/deployment.yaml | 112 ++++++++++ kyc-management-app/templates/ingress.yaml | 61 ++++++ kyc-management-app/templates/secret.yaml | 9 + kyc-management-app/templates/service.yaml | 19 ++ .../templates/serviceaccount.yaml | 13 ++ kyc-management-app/values.yaml | 199 ++++++++++++++++++ 13 files changed, 640 insertions(+), 1 deletion(-) create mode 100644 kyc-management-app/.helmignore create mode 100644 kyc-management-app/Chart.lock create mode 100644 kyc-management-app/Chart.yaml create mode 100644 kyc-management-app/README.md create mode 100644 kyc-management-app/charts/postgresql-15.5.20.tgz create mode 100644 kyc-management-app/templates/_helpers.tpl create mode 100644 kyc-management-app/templates/deployment.yaml create mode 100644 kyc-management-app/templates/ingress.yaml create mode 100644 kyc-management-app/templates/secret.yaml create mode 100644 kyc-management-app/templates/service.yaml create mode 100644 kyc-management-app/templates/serviceaccount.yaml create mode 100644 kyc-management-app/values.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 95ee8048..2a104bc2 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -7,7 +7,7 @@ repos: - id: helm-docs-built args: # Comma separated list, no space - - --chart-to-generate=gpt-survey-summarizer,submission-report,mina-transactions-generator,mina-payouts-data-provider,mina-archive,redisinsight,uptime-service-backend,liminal-manual,delegation-program-leaderboard,matterbridge-bot,mina-staking-ledgers-exporter,mina-payout-reports + - --chart-to-generate=gpt-survey-summarizer,submission-report,mina-transactions-generator,mina-payouts-data-provider,mina-archive,redisinsight,uptime-service-backend,liminal-manual,delegation-program-leaderboard,matterbridge-bot,mina-staking-ledgers-exporter,mina-payout-reports,kyc-management-app # The `./` makes it relative to the chart-search-root - --template-files=./README.md.gotmpl diff --git a/kyc-management-app/.helmignore b/kyc-management-app/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/kyc-management-app/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kyc-management-app/Chart.lock b/kyc-management-app/Chart.lock new file mode 100644 index 00000000..629dd1ce --- /dev/null +++ b/kyc-management-app/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 15.5.20 +digest: sha256:363767f938fc92c495d11c0bf1e65e662b0fe257703a6ce77e3a6adcbf0933a3 +generated: "2024-07-30T16:50:31.242761-04:00" diff --git a/kyc-management-app/Chart.yaml b/kyc-management-app/Chart.yaml new file mode 100644 index 00000000..0d3a5742 --- /dev/null +++ b/kyc-management-app/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +name: kyc-management-app +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" + +dependencies: + - name: postgresql + version: "*" + repository: "https://charts.bitnami.com/bitnami" + condition: postgresql.enabled diff --git a/kyc-management-app/README.md b/kyc-management-app/README.md new file mode 100644 index 00000000..7af4b741 --- /dev/null +++ b/kyc-management-app/README.md @@ -0,0 +1,101 @@ +# kyc-management-app + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) + +A Helm chart for Kubernetes + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | postgresql | * | + +## Prerequisites + +Before using this Helm chart, you should have the following prerequisites: + +- Access to Kubernetes cluster (If needed contact your friendly neighbourhood DevOps engineer) +- Helm >= v3.14.3 +- (**Optional**) helmfile >= v0.162.0 to install this chart + +## Installation + +> Note: **examples** can be found in the repository + +To install this Helm chart, the easiest is to create a helmfile.yaml with needed values and run: + +``` +helmfile template +helmfile apply +``` + +Or use helmfile only to generate resources and apply them with kubectl like so: + +``` +helmfile template | kubectl -f - +``` + +Verify that the chart is deployed successfully: + +> Note: `kubectl` is a better suited tool for this + +``` +helmfile status +``` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Affinity rules | +| databaseName | string | `"kyc"` | | +| deploymentAnnotations | object | `{}` | Annotations to add to deployments | +| fullnameOverride | string | `""` | The full release name override | +| image.pullPolicy | string | `"IfNotPresent"` | The pullPolicy used when pulling the image | +| image.repository | string | `"673156464838.dkr.ecr.us-west-2.amazonaws.com/kyc-management-app"` | The repository of the image | +| image.tag | string | `"0.1.4"` | The tag of the image. Overrides the image tag whose default is the chart appVersion. | +| imagePullSecrets | list | `[]` | The secrets used to pull the image | +| ingress.annotations | object | `{}` | The Ingress Annotations | +| ingress.className | string | `""` | The Ingress Class Name to use | +| ingress.enabled | bool | `false` | Whether to create an Ingress | +| ingress.hosts | list | `[]` | The Ingress Hosts | +| ingress.tls | list | `[]` | The TLS configuration | +| kyc.api.authUrl | string | `"https://auth-sandbox.hakata.io"` | | +| kyc.api.baseUrl | string | `"https://api-sandbox.hakata.io"` | | +| kyc.api.clientId | string | `""` | | +| kyc.api.clientSecret | string | `""` | | +| kycManagementApp.app.envVars | object | `{}` | The ENV vars to set on the app container | +| kycManagementApp.app.port | int | `3000` | The port of the app service | +| kycManagementApp.dex.configBase64 | string | `""` | The configuration file for dex in base64 format | +| kycManagementApp.dex.envVars | object | `{}` | The ENV vars to set on the dex container | +| kycManagementApp.dex.port | int | `5556` | The port of the dex service | +| livenessProbe | string | `nil` | The Liveness Probe | +| nameOverride | string | `""` | The release name override | +| nodeSelector | object | `{}` | Node selector labels | +| podAnnotations | object | `{}` | Annotations to add to the pods | +| podLabels | object | `{}` | The labels to add to the pods | +| podSecurityContext | object | `{}` | The Pod Security Context | +| postgresql.auth.database | string | `"kyc"` | Database name | +| postgresql.auth.enablePostgresUser | bool | `false` | Enable the default postgres user | +| postgresql.auth.password | string | `"password"` | Password for the database | +| postgresql.auth.username | string | `"username"` | Username for the database | +| postgresql.enabled | bool | `true` | Enable local postgresql database server | +| postgresql.primary.persistence | object | `{"enabled":false,"size":"8Gi","storageClass":""}` | Extended configuration to configure postgresql server extendedConfiguration: | max_connections=500 max_locks_per_transaction=100 max_pred_locks_per_relation=100 max_pred_locks_per_transaction=5000 max_wal_size=2048 | +| postgresql.primary.persistence.enabled | bool | `false` | Enable the persistence for the postgresql server | +| postgresql.primary.persistence.size | string | `"8Gi"` | Size of the postgresql server volume | +| postgresql.primary.persistence.storageClass | string | `""` | Storage class for the postgresql server volume | +| postgresql.primary.resourcesPreset | string | `"nano"` | Resources preset to set resource requests and limits | +| readinessProbe | string | `nil` | The Readiness Probe | +| replicaCount | int | `1` | The number of replicas | +| resources | object | `{}` | Resource limitations for the pods | +| securityContext | object | `{}` | The Security Context | +| service.port | int | `3000` | The port of the service | +| service.type | string | `"ClusterIP"` | The type of service to create | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template | +| tolerations | list | `[]` | Tolerations | +| volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. | +| volumes | list | `[]` | Additional volumes on the output Deployment definition. | + diff --git a/kyc-management-app/charts/postgresql-15.5.20.tgz b/kyc-management-app/charts/postgresql-15.5.20.tgz new file mode 100644 index 0000000000000000000000000000000000000000..9c1b593d8890e5ff16314b36933d59aa4a0dc24a GIT binary patch literal 75723 zcmV)yK$5>7iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYeS0gvFFus5DDfBbhXJ9XF1H;T@eQxe~2#^Uky!c`!x%=$y z0l8bY722(iq=xZM=DYun-nylJ_Y2IB#U~l;ZmFtNDwRs5QYj{kPbgx)g}tLGq`W(a zv+z&r{p{}U?!G-Zkbie~ck_Su_x29{w0H3K&F;be?*7~TKke?le*NzCpTO>#=_vgq zj6?dT-Ia0W8~02;Fp3C=9FvIkHvsSiAgMLtHXzhMaT$!tcV4FD*L3Bz1=0P%6Z*Q02H8K-k^ zuUjC~7Xy}U0Knly_MQjy8!v@;ZwT1$e(ZkS2oUorj=6j^P^}#P&l%X#-`O_648RDG z7)5}Qg!%}O(XYto9z~%P6c~a)3kSH1$b&#LCKONm36^m}Q2=5} zd=w-UvF^r{2rf=Jk6FKGxYPB?Yy1L_?`afp4%zYP!gVZwxr&mfLC#1W#FG<;79 z416-%0jH7Q1&3h>uJB~a8Ms0W(R&nhHvmXzm^EyI`7{~Hb{P@Y!cmZX)u$3&W9=TN z2=xS!B_m@a6|KED-8bF+-Hk7;%U(W&^) zvSywA-R_%>08bF(eZZ!0|IOR}o6%ptefQVBcL(p_-odw{zXk_?ee-to?cQkg?c3LH z#s`0eyAXZ*dhgq}e+}O4?gnr6(VM-4(YNDZ5AGivyxEwb2vNvU&zxTHP`c3!U>vwP7zW$Hh{r>K5=S45oe5~<*55okpM_2&Vj{p6GgWdi8{P=(S z`rXU;e~Qm0I3n?!3j3m!;jsyZgX918&XoD6_1pk*I zUzj`KeMm+y1Tmy=hB%^3yd8uHGPDCC!V%z8$N`^X1|D!20&>=%ZMxkx21q?x7!gQpb0SmqVptD2>gU`GE;~+ z0X{{LqasREwJoZ+vW+bf#tXJBT{ITkmcFV%XUeoihdyG)aWqj9uaJ^4Fptfk(+Wch za<(4!DUzBEhO9`53;A}t+m0ZG@Fz59T`4+-??0h=O5Gir101b`$Qo?7+g)%Og>wNj z01s0Xf!kJ0yakv6hWO$Q7P9nY?ad+k0?oBn`%l*Da-3^xy!<1|^|kXXui~`M6(6ID ztVeONlo`<0BbNm0Mb=J(9)P@9Tg4R#Rqx6F%GgY~)o5!W?dl}Owys&SA8*v2-t#g9L@nY zt>8#dB=AN;BWMSq7=tP0+dG2)J_1`Yq7t*HnspC=;RBqr?Hv$c21g+Zz*azng$+!F ztnhZ)Pa9@575hQa>KOA!(lg*1^Bb16cbANic6x(LW5-(}s67LsmQ_^Bat1``jzbOw4A%+Bn+kT#L-Oj4gy18l3x_bm50P3%+w7VS&j|^ zu!I)zsx=(~O&(SbmG1CkB8asacBCaiy%CU{qJ2}d8xkLe7DV)sQ+O!L^vzzXVVa^Pw- zeK3Y0Lv;ihU`P5dCz-oRy z37`+IPTrpmudn`gb8&cn^3Ng>sav54%Q#*gXoJh)>Gh?CXHirN+CWe|yTh@D&Ece2 zTs+*uvsuEW#EKRINCgKT-bp&K6PUS8lqt4>`{zSuaA`w z$)Wh_P+AJFL<6$k#|*p@DxUFII{<}Dwn7#^9bXVWpopP}zf$0wA#;~bS6xhc0r6SS zCy|e0F2CrJ-cxY|z0H^+PjDFpo_b^keAbzLVB=IMFJra)9L@nVZPku4F}3AgT-s-5 zI(e2bE_!ALqeQ|`eulsZshqlF=%a4C26D*mWb2gY(ThporETqrmZ-*gF~#?gBhQFH zPr*O=2xoCf<1|5{d*>tp4^k>ad?)=Y3?Xd>;7AyS%623X2+4$H zZnjY}G1JQCCOAy^R4hW(swwBoby!ulnVgA0-G=feLtHHWJU&GpC4_rs(dd!L8)M42 zN0Xw$UIC+&0f7>FW;ObxxWp9}@%E;*2vW8{OwFTL2d z-aC>}Qm-!`-lV0f@KlRP9@%m{EJ0P?_I0_7yHz^?J9)SHj^>xr%^ z(;eX`xQW})lP5;as+a*EGCiYiRJiwY{qUGx@}euW!SPv5+qxavYb5QFoX<;8xKVW6 z7M-?fAg2+ujZ*)u^R~)^YdyEY73Ts|>jxYn2F^(mamUdveI8@^Qg1*C)+J0Z3`PJ& z_n4AMx*hK!#bVT06NdxcvZ4$T)SqIGe4bEbGuwH-b;~%60vM7A-2y_vt<|_&>4ve( z_d!-%pt`cOr!i7h^x@{Ft4J*%viEGf0*i&#wMwiPT{e&WDJ2m}*b$k{Fqd|y^;9m< zF_-QS8CoD6rN$+COCq5kl~HmdU8C0T2Z}iozom=oR;f)g9^Y1y6D6}@hFkN3fs14| zLR9o5HIHQIfmCc$c#j;4ZGhl{aMTA!((5F2;6zTVVy1$TAQT1$iy41MLa1)bRuc~o z5B8n{p%cAkN+?AU@6jaUc!oUHZ{7n8yHh?3H{X9a@`iuAIQsGG^5XKt&^x+3KR>-r zM_RrM`k+I`W1(Wp+0h5Pl?)VJpubDKVZ4ymbGc&bf)5OhlTg_o!99$8>3hpcX`?<} zS>z!1!EAnGJ#+ki+OQtfY__C@ZWsV~bMSg!EocJFGvYQk*J0vA0Tf5J zmqI@3hGg<1VO$ziXJi8W5DV2Y)z4U2g(DJ0X0zik2uz)jOgt>(vuWo26jOUhCQ@US z!8*pwuLegF&K3a}PbBw5Lj)wZrl_U#q}(J?Ma6;>Ma=ErJg_6kp{Okxq`xajx=f+2 zYQs5>&Jkm9A~d=BBB=<`JqqQDcM2)WT-?$oEn(6bj?jRjG5!dy%?5%HYY7WS2*m2; zmf7CHW4XD)5Z^9?ca3N0UnD{x{bEd80a1)_#^EexYRwm5xp!tsO6JvdrNMdb_H6bl zW2=dU$@4i=4+S>%0iu*pg&|{$hGaF(Y+^|Ju`tbOhDcK~=Ma|_bo9R{ngs-@;t37G zsaDKtcTPHLAQ&fNqS^tm@*oP6<(001U!}o9Ipi{Uje^qwfI&dTf|pRKzRbc#kt0iW z^OfZ`uFxeyjmqgG%GZ(WEY%A@@0ZyCl-OANSX4%@nQ>R*earnc;JMAqojI zywId%>;i@HQZVz37mLH=iv@WvDg}|l{sLSa1&hPQQP2WzxVs+;GABI^cnP8Z~bs(Hvc z#iN9yTAphxV;l;TU>Q6=$f`Bt)gcCC-{c-Y_oo0(#G01pgx%?#a;OTmUMs6kR8RB* zNRF3)sFjg;{~wa+&~bnkK>JfPL&ofFVl#z?|rnJ-9v_0u=dl9_waohk>slW!9%@*tl9H46M@prAFj^Sh?Nl)S~O%BgzTWdvw!w` zJz;|Vy)T;g&z_?HwhKah?5 z@f?Kdi!Hf5>@g$&aU@TD{;B-mox(t;xi2O*wev-K}l z7}FV;p&6lbId^|QPvdXYUYlGmrY3vOh^);rjHTUR@y(*COJzJB}WKyZ^yXDZIxU5=-Z^R^b6 z#e6Qr&@9#UDN9~4-Qfyy8YZt9l9JR1d+%|&KF*%1VI_27-e%pw7eef7%}NrAV{Nhn4CiYa8W98gtJG!u@pI&y^@S(~bM!AeL!p?N8= zJ2Wo^XqB&od32b8Jgg?sot&(pD`z6hOp$Wh8xGHOhcPgk1B!l2km9lolY}<^7I0Pl zwfk1hTQkI`Bw)_e<+i50!8A-;E54Y1mi|?z@mJ`cXjjr1W?3jw1|Xd#OTvN%6we@? z=i-85_0%2c`eC=Q>!n|0yJ}l#Vjk{*8DuhSB}6a~f4kjosz3GNYgM!qnWKNo2$$i2 zZYjAC0XX_qg^WT5j^z7u7%$;$WMU@ub3RA6J8kTR-ZU+VCqIthQB!lY*U7b}b6R-m zHb{YtC*E`fWjnG~$jM<-hguW}?StPv6LcY6%+ltQb{|c&$N?a|b?F;fPChA?naxvC zna!D8o$UQ}zq|ML+wN|6x3_-)X2F|OdzO$>!D6EzRp}XwOSNYz49eqG)(J&+UtC_F z^ucYZSZarRbw?L=2J`!UDZw>O<1)m|6`&LSw6PH~oLUu?D?}UtLQ^x)DY{)EU#qx$ z!;n09#*gfA;*F3ej9V0VV@hV8+(h!EmFbBoR7SUG%DfDapfO`x2{Rg{;>4-7ymT1s zEySdh&_-z}5SlgZG{QU>HR^*^VvJPe7>*_$mdHFvC&^6AkLg)S`8wh7?O#NJ`cE= z6qPB4fnzKI3fUlI(@_1=KrmDWPFVv%%~&*v0OUZ%I)M=(<^YMY+?DOFs-(XGn9Xkl z&Kvcn%cdp~k$fxu{(rp@j(TkBJVpMLfX*=ij0hVAN0V;HIcB2~flr@Xu^}5cxgpfD zk!t8%7Y{k#mgBoEAvVR_y7RP^t^c&47i1ZFBvBU0>M;)G@;0VOXy@Zf#h4bTP#m!#y`AcqqA)Cx)e#yK zia;=0OoPM}tyhaQtB(RdDm6%+Gg))nD~|%U+eH;e0YZuHScuXpRZt|=(FWCgyRFm& z^3bA=#0Gj*U=BvTV(AJl+pQZRbLb=rM(GP-HY#_ZK2xPYXMC5|9`Gq)EIp!U2Rlg5 zqFS8iN=@-(3gA7&p-z#eVgHRJ3Uq{&@tQ`Im#hrZfNrRcJ8CbRbh?cZlyO6{pVTU* zj6xIPS87UXcBK9;%UPsRRr6MEWH{WEmZ!r{x$R1LEpGk$N3oE)o+2Q>WDz?m{9NPI zK79vA8{l#`_gZRax;Su|YeK@S*pL9gYD7BXEZlX=APP^S`=23Y`p};2Pi0n?MV+a` zZ-Eq@5@S9hfp(Qy{!tr?b=p9AD}K1V+(`AGjL+(W&Ir^H% z7+~>Lr+S2xC$T;$xsG!=*>i)_OHq0nou|Gei<@AYQAV zD}fwC93~W9Pbp$k5(eN0^#Jhn$ueMBB2U6(V2A2KBUqUW)_Rzm6ZAfa@+#zdt`A=C zs;R-|dmrqnr!MpQ;EjBmZ+{=CM7sF~^ub zwh-IJfwmOf#R0bz-4ej^e2o2cA>n=V({*s8QpuckdP`{>CBn=kF@L7c_{a{v-ChJdxf&d zNR(|K7r|+#Llx>PSBGodInBNZau;9&_MtrvHEw5YE`r$xR*5&nW8}~M5dBEV9V>H- z7ZiY8G^wBql-o(t4kkhY9E&BZrahbMZDbiuCD=>`60_;9Y+4zy($bc-57B2N_GU1G z6C_iqC-Pvq&U9kgxfSzoD~&<==T zM0UUo`;_beHiKcf17;||$!rINkWSDJ_^AKxt1sJKs5dN(N`btzdc5l@mZVpxoT5 z<_J*#o*t*VJSNt0|9rJ7qqT&;eV{U*s0m$hNP92$?<$qpPLzb9K=n^42E!9sD0Km;5GDn1F?4B4K36@K zG$YI2w*&?yaP3gYvPh(J)EQikq)K19Lp$BsOvhEK{eU$P@(;D#T3|Cl zvzKe-;$T&)>M0Q2lrVl6V#tsaab)(XViGVDn=3p)^rSF&73SW3ECXrjQ1=3%UxJKSe*iBH3U+QCGIe?{_k_yxVVRA9?U!UIb^z2}->yO+#PP2%UJez8$)d zX-Z4>m$gOrL>40F0o9bf;-h`LVWtbK;u4IMnC8{ZPC&`@EKLl$q#Ly`G#UoBKB`zb zFYMGS!W|tQR@Ik<^lCEx0`ph0JJKmx*QuPY1mGbGk1u_Rb>w=T=Z0(B7tG4_|eZxJ$SMiT$+TX!%rkKdpY6uyVQCb821gIOKtW0$X`qM^hya2G$fYH*7 zs6_jLA(>z}t?Y#q(}ktM&;}?ap-^uh63^H z96~TGyuD3@(9^BMSwN!On!aT#UD*v&J{kK-rG}P{eRcT%T%FG^NzARh|DpDd!63l; z=IDF7VwV(YjDLF5)6lTF30y1%E(XL)PkACLeXV@4Axwcz_Cn4sq4K9%zgO(M@quV`;L1*7u$HyCyG z9eis0sHblx0kDcVnc2L;nJ&Q1aCE4SK7U6Dab}$ZIsVdCG z)86DPb3yB`UaUc8D+u*MYo)4HvRx?4h9%pM5fjTQd87jx()HGR=JnM#L)h!r;%-S3 zV!3~D@=@B3Avh+{D=uRxFf|!h^y*yj-%8RIXJU~x5n?TF9Jw?r1!pa#Wp0imJcM+f4o`CpmLRhk8R3ebz^i>OsaPl!0ZIjFK zDm2oWCUBJ(06K9kp?z=~Rh21tyz(EdR!r|QVv8Xjkf0Q|F#Ez)@aqWe zV*Ao4g9;jI18mJjt3~5@BX^Bz$&yUp#VUOU)^&?!BVW4*a{CK94f^Sz0czXpVQmb~ zMX!aFq+Jt6@r zBwSC?=KQb*R(pSOiMgkr^)>~MrOPdU<0&dk&MT*waepkhV~-mA=+%3mwC(^Rnp!3#S9MT}$tcN;OSu;oz2bwC!`q z9NltVF89yXR;OQh1)Ei@p9$*;uHqE`&o(3}}RB|vKK_yyZa}!jx zHdSdJ*xT)@|8{%(2URlW)U7sYENP=q>TGZ#t=Qb8Wzs9O({>rO7O0sr4AZUTq5AFa zEn8E*uD2r-mW&YS2+iIRb3^Ay%HZiB9b2bk>*0>DJQ(s5nHWhAq4eNJcCRm0i5g8< zm)z1K!Fma7!4l9um-jv%Qry^-BGlb14tcvhMwaq#nz-e-2zkX5fPm6C-^ zM*I#SpGuEj47JBg=i)X>LY6`SfLXpc8EjISiX(s7u_MSS&eDwUEr@2xC?%OCBc;NK z%FJa^FBXG3+}Qxt*FoV31nAz*Sffs|31fTkvm6X&vpa8Zt0AojXvt&73564+EL+ia zL-jxh3{+$wkpk>Ulu+*h8si8BJHQ62Fj`qDfXx4igyNr zx#$yL<%$xz%W|!rjzJP>D!`U?Ja$`5Ng7p@gy9Z|NCBO6@&n8=^(jM-SO)3+PbWL#HTXZ^GDgvmL;r5u={1X(mR+ZenR5~# z)pLi+4J#hx`>i$gmw)8C#tNeVPfDbbJiSC7u_$_fwMs&|73-0=iee1)Z}u7 z#50u*J3GF)&d`svWn4+9FYtQQ;4RGmT+t`VOR1~hQfpJUU@>G2(X&NLl0M0*2AJmG zFl$n&`H&s@S&}?4g${ivDEv83&j?N7JtkDmv)1Lq>IMok>lqq{h^v$5LE^jHgc*{) z=y`~vRY^WZA>y?(tF@|FQ>x9)sEpP?fyvXVp{K-dmS@qI(TH-3(eNdUWdd6ye=ThO zMo~Ry6)!Ngug%QgEoxn;S#l3G46-XcoxJ=i>xsQ$`bO6>ebln>pQI*L+jYV zveWBX-F$u!2TA*U=S5^Msn7GQTu;u#jMGn@HLY zI;1^iB1H%BSCCCHW8rhpr|58Y>75#u^Peh z2^yDTiZ;zIfCuj`q6y zE6L-Sn{=K-GRJa~(~OSQub*jJ$BG8M>!z%B+d)a#q&Cu1s86j^vM= zy0RF_`e^wpOSY*O%3xVV>e|v+I-{s2Qtdh;L6#c(NK1+v(t0uK9XX8s+%VJtf zck*6OZp#A9$4YQnMD#>iE^Aw;Q(ZO?_xSlPi@I`^q?fgd@#{@{=`OgQI`?G__Ll^h zUmyWy+y3}+SupG5^(7VNA1M`LLn_QBL3qiB`9~0fR{1b%MBxdNVz$BlOfq9yOZz2q zW4f!nwI;|c1^tY&WR}wZ{8MF?HtQ?Mmsv{J!qEo{r_C%y`$x^4+1S{B_XL`y4Endt zqS+`eFR3)wluENo?iS6bS*r+ZGisJn@RC+@^|YF882j&*TeFlWYfP|NJ`6zn6q}Y~ zaD^nBuD7&Rrp*lT>bW+n(LYiy%u0k`eL~Di%D>{QnAJ2dlo~T9aWBa+pDsCOWe+}W zhRkX~T6>zz>K3mvS7s%a)e>e_^XZR}HM6pH>r9<_l`5M*Wb({%9+ksSai&Mrrs}gvo40#6{L ztc1)xKpON$(7zL3WU7XHMCV{6+bF@TI7UTFyP}O+fW}F<02$Slv@u@wTBX9MBZosOtbk*&T*VQ}f?g|WDX*ao z%hGqv0>OEx%N~w7qCemWv#CBPULkqqHIyKhziTFgBH4mQnRLoYkj|4nxQul6t9pFR z2|osf5^|tn64%LNK@{Say4F& zf22GENktBl$}A*Rc}QAhB59Y4q&yo*Sw51gj3hNVNoxC2Wk46*R5C@G*PIB>=)O_W z{;AurH^NbmP1E0=pMLGclN+(*f?)_e&kqrdfal?{C;eRvcxspW9z!n{#;V+~r9vrr z-fs!v$b(_%;Xtg$#~4vjBO+c58G9f!0G_-{;Ja@=4c;GrI3L^`pI&|LWjMWWw&bCu zSO4+nzj=S2d4CSPKmX|c`TW&(H=c+x4b0K5z`W_H9@qN;bC7J;WgeXMu7%$+2e|D~ zTHUwWO3EGIT#w8Sa`vgJh*Gyc6)$}HPHm2c zBto~_85#E8@!;npFiRM>cnoGRO5|}Zowzv{4KN}}RP2b-2!s}`HX@z*U}RIV+NZul zDDKE0?t6me`8;y3!yp(45~@0Dio%)R2hefzm_%K0hTy%1B~QMo7U*&kg33oN?E;}z zoV^6AaW0LEw64XDzrbD;sq)@xwbQ@;z5aFY_Uk>M`jK#Z zYB|uFmpb5Q*do}+Lf;tEQxvgWV2_0I1C9{jiM&WlfVt1~@3pZw@_@?9WFpnr;Iisj zM8lyzJo#IK1Rw4ZO%n}pqBa@>L?x{w97*GGOQs;PqP0TeXZZ=XZOR@O`VgTybDJV* zH2J7EL6OkrD6oooFvh+6z3%>QZ&NM1G)uhuJ#U6MRNX8lt^jd}LuR2)zt+TC(eA^hY^9<(9bXVG z9Risnt3;u~2*`ubVi2e4Y;?m@uZCfSSzV>8DznVea*&=v?XJfoDB7cQ^28M1L+P1P zOzf3<8a6k9)p5>w?AiQESN#diRe=lW29(-W(*!fQ&i`sI?I{ZG^Kik{(4BhW8p=G= zJACR|^>UF<#YH~u@TZM-O>`C5$K z?1A2oww|P0(b-mU-GvnH-mkMTx|DA1L18VV*`|FE->W5bwx&2zY0;Efq^@?<2l~?0 z_Q}T>QLKWYwm0(Wu5@u-T1=zXVM%!cwPNTI7G;Vu+ zwV_pGv`N)>Z@7yy_nn(mE=?LI^qYHuN6A$Xsd%|5(JE01<4qnxi}YDN8KCZBF$^+Z zRG}Tkj4d>!CKWTCx(X^ln1R&wVZ{lmxm6-%-Ek6zvaplIcLV5bg1Pi;Il60aMv-B} zOkR7U{b>c(se&ZZCt#iSW?MCzo8U;DH@5SG34=y%8k>e;mIo0K$)yOXBgF|r;HPgH zI2@d&Ij02UOa!-lCqY^afb3#|&A0A~Xo6;Kxbg~dJlEphKLnVx{ zj<|I5avCWE&W@#9Ce7BXoT7-1@+BsQ0P`TkEM>7GMSGl_D++b+@gmCywV0JDtJAoOgK`PraMBLg!fq!QkMn?e4wl?%E!s*WbQ)jGo40loJS_ zgld0=$u%n_VS0a8_Nv5nWO*twHRg%&l|-1&)84-^y}vmQ;e?ef>@z&+Z1n&`>x5eN zKA++|ZH1g|jY>Y2d*}B4i#9iO@wGHZK#wL~gdRK%Rt9>?0|#R~k)fMjHXrGx+H|I^ zjVCwew4OCz%N@Z!=nPNJPL8fY&<&u>$qf#NQZRSG(c$m}{PN?;g@E8g4ns2OP9aO7 z-K1f?TWR$j@apLD;^O4!`qehL&Q-Q3xncNUR<&(#ayC2xyWr&FSWqC|-i+pAZvElv z^1K2Fkcp3|^mRzug|Uevu=UE=(z~yAK>A}({4lJ3wcW8jGA_$Nmd@MFQ4T=DWFGI% z+2QvmXPx}p05PB9Sh?Lg7uI6J(A;rxWDTvv^#1U}`;!JtL;SA-Ccy~_xs$Gj9Qmk{ zc9m8#y8jtclNZTKt^w{L#VXDuyTPq|@^GvUzz|wxKv*PrDG61H?t$F~^UUODAH2Ug z`QO3i)%D5M&GG5*@cXlqo8yxo4nLe--<+RZU!5KeQ)Wvya36HUs;=WCuQtG~WbAc3 zXmMxo7d*LCrnuLA7jh%y_4@o8(XD&~aytyGU4GmS$LjYUH{w~tmB-C(dA!?>8*xAK zMaPZ!SH9!8#qfH$-uTO3Z+v9bw~pp9dMxL{Y??tre2*f;*p6&1j#Pg6Kpk68WPgoN z%RSk)-duyzOHq0nou|n+A-=W( zt2`HHj&Y#(z+8(##_JjnICGApsN_zTBg6sM;QYICb-Tu$)A)-ZcL6qFAKGJ5<95dB zBA9Jp)p+g8_*i#lwxjBmfhm?nbLp!T+*N~hmxA%Ufxqs3`>vHE<*Nxo%x0125PDdk zHVrr|ee+Di42x}f2`;P%E*vg#nN2zgIhW1UD~EIovDNJ}d3{iaebqZv)|1WN9DVfU zC8^{g@^I`ybyb7i%(|;t@-53>3t;xn)NV&Ud;f&&I0^e>5(oxRl0<<=$tcV7`Lk9n z=2`&5r?qm#ZgiXc{rSe*Q9J3KP=&i`G6Ca6MiF@dW-@1{WQ37P6b14Gkxi5x?4!jl z+k}uYc0Pr%?e;GgQFobjK79gR#nf*7*!cWeD=LfdOMNw%8H(p5!d%_kSUDnfnTCO> zOXcGbb9k=IOe$?e(Pl9@8H#l_{35x|X|lRBxD`aD+ukxUzWSDn&MHv26iEQ^5>kf40u-kSb=LJ?v17MHmW&P;{! zc9mn|Co%$5+95E;-C3|%Cb@>l_RUh1n&pf6tIo@-)=9M?OUVq`V#a^!W;sN*Z<|im zW5xZMTjS)RJr%K-Fcbhr@{*O^c%qaB3czS?NxMy6WuBrco}071*5JVr<1q43dSKN~ zgjB=ooB_otLaqT-(g~Z+ma3~uK#N4>70seZk}PvxUa9ZOo6XW&WMvehG<=vzI$`vR zjoX4$aw@h0y?T6Q5pixmX+a8(CWz(vPypMWqA7_8)v4}HoRj^`O7W_9%Cn(XHVmw~ z3n|oJ$w<~J1Td?!-#WUNi?spIt_xG)xKJ$?ecAMu4>wKOXa6sm}gPWfLVHC&7rNESaTFS=ERz#Y9TG1BXg}@Ze0#(23uw)m~d>624sgw7?M9G6Qncm z3*={Tk`)2~eT-=z#FHDE6}buF&C=fp5sZIe>_ z=@V$A9(?}n1ky4P!pTI~t)saBAo%i)QX!u|cSPwaN$3{Ka+c`^B(oV5t7hlgo{XNw z0qbpR6Y~D2m(Rb^C({5u<;;^89L!+%S4N^W;n>~X-F}?&kjP?Y?{c`cHcY zZ{O@5?C-kZJMH-7@VYr8|i&p5@=MAlc&F%RVn zOSL&L(vo9BXC1XynLe{Lw19D#b5Y+~iRpwjc55lkTV)@7-qCa?d|F1Y)n1q0!-P*! z#ElAe7Bcljm#|GfS2mUAgN!?J-djYC2ni9)(72T8jnaQ~%sBr?2f$#4BVoo+w^E*g zGQTQ-AkD(7jfVHwfl*|ytK2QV!oF2wptleo$ z_EPQ5#*>c!Pr=o-(2fbu)zeESb4o;~MHB`1S=TjU6D9SYefR3EPR2$3`<^Yu4E~hMa%C(AoZerj1^y#v^ zd^E}V0zBTZ{~EKxx<|2%bx~y+F#NA2g}iXf;!uEU#WsqfK-wT37UCe^lj_+y7JS_+ zdjmgqWQcUhyAKiO0`7a?n=Ltu+h^DOue-rX~|}mV#AS z5Lfy1t4*_uaYR2c!!mV}PCjWoh>k{TA@XjEHpKs*+c|PA|6dl^c5!)qGVJn?d_6v< z2LIo?cYAw9|KHme|KC%5j($A6x&{}A=O=ye>66~0?8MhL`^%doJADc1M)s=E*{10y7?`T)ftnWF&w zpFVlQ%s0VH0fv)^Fpm9m5@Z{gpFeM0r+~yFdxTJw0m2c;DuS7)2@bsN$wGSpqO(M$!nJT8yneeSwK>o+YI7ysGaNDz5rVR_PLo7s+wjn zcl2rK4)|sp{0<@<1%i7AqRjw6I$>)?D*)Ew+<32Vwlev>WooU_9H5WLPdJVyk|lS^ z2>Cn&6U0>s&&#%bg`nvD+itc6{P{ERLIC5q>qhjMkd*K8)g(EG<{*KJC!CW6JU}%K z1Zb2@9MWvc#KV?UaSZ-bj1qA91GxV21Pm^Z{|k5?=#iMG0WNCVVm(W#qKMPEoRzw4 zs;*EQK{nmkIE?_If%2;uBMq4wyLAY#IU=dy>PG0CI_dpvQt2;9M?-0vL|s9okSY{1 z#b)v28|4v_XVLrLWfGUw?cVQoQ?H%e_EZ(~j$5a?7FeBbryCM-m&B>Ks>kiNh&y*^ zo=G-L_*6sv3C&qox^@i(KcTs>HKfu5r-M8i`*h0TK3`)7u+1_>s zlxMgiAei(7{qLmC*@_4UTZE=qCLtNYuxqhc;x*UbsJu2VP42txZ3(Z~1#X?fmIK(z z=ux-XSgjL4BUIVmZPW4EOub`pCSBWx8)sr$lZkCx6Wg{mu`#i2+qRvFZ98{t>)v_Z z`gZNzf4ZuFbanNrwYuv%&g)o02TdvxiOD^*k66Xj?0i{x5(qR0AlZB=1Z+?bVvkD{ zAQ#R*t11tj)iVyQBDjU>H*tKL~6k#4W?erI7i<)oA^tmUT?Yd%uagmLg&m%T!*Se^orFen* zjSdamdTFl)pKS1qsyRiAM!Ayr$iql>#Bv}tMOK#z6F#JM z*EwBk2f}sX`=+AEQ;Wj$ohrBoAifYp{S>iB^2f5_*{n4gDV0YYgp9N5@gBxUNmQo^ zIq`5HD0nzk_Jo>7tpp6q85~dBAdP3#;}zTCRWWb*YvoUk)vD1B+$D^2ZY>r`>IL(p z?w;k)%b4zGe|K-pG2>4zgc|e4PWuBK_@N0gd*hnkd%Rr!e$S7kc|p~+2dfUn9uB^f z{FATF>0KXkPDsr&e?N=X06=;05f<>2Xt#ZDE>>+>xCU$mYrs}%D1{sLe*4D*;8n{reBRXKCn_fM( zs7X>EvH{viyX^|wUS*tOkxhmbLf~H=oZk_kgzQh5%ntodcX4h#eOS`SNZo(RR43<_ z?rRw@cX1Dx`T0{qbIx&YwtOXSK8_5=oZPaKeW$9}GW^ZtbJ1!+lxep8Cn#>&*C>je zr}VK8vrl1ZSLDP&V&;O7T|wfCLMuMu)nPDKMt$$~SK|cdVYmkI_(Gfn|AGL&TMHa1 zJbi7AlPGOq&hV)E$TdWdMB||o1s_Pq&C5njX2lSV^r_o;QxD%u@7x7c4n^jd?D|u! zPBNBCZUfl{yAm!HI*u{fHump^I^KAl+rI>!gDenh3nIuJ5|4a@#cXW&-Ppqd90t zx>C&qVp#i=II;I0by-3MTjX$%KY-5XZH*c{``Yi#)&IzShjSSRY63vkHvCq$F0Wjl zdmI(@JtPx|aMcELH3MO#JvKb$yT?|PO}t{2IU-?%I4sR1AbvgMO>>8G`%%aEGeqfl z1@NJO(#8-gfOPO(I2OBN><8Yo6MGERE;l7@bA@Y54Q{UrNyEK5C_RxB1tN)uh)Njz=#f!??jKr8WK%e-4(2+xmvmbiov5Jaar%)cva(9q z+dIUzP-4WN;!=%a^o-gVuPzthMe$vN5ebY#bBDNc%+W<^dD5!YZ6|1~15$(URkkD^ z3ANxYhrdm6_d&U}JX{=6giS$N+p{ytnaxQ1jH3dSg`9uGu?vuq(Pw68<;<)T=VFd( zIRblGzYfeIgo#zYPPc2leSw_)`%~p>20U@n9A(~g#~VH} z#+&a%bJp*kh`2UX2JALrVXnfwP9}VOV69t-4?5G~e{KfheM=&IM8sHM-rN67AbzLi z*%{mVeSA5OrcX6Yi1CcFJ((~$@5+nNn)T5SARXxu!G=uGy=06@;IMt1YJe}e*U%#k zC~B!l+m8T{Qc2R*1!8D>{fRVWsNbWZFe3i(I1LPAMWp}S+^&MW*S_fM9Qre*M;t#{qP#w7EFI!~H%6M}|McUo$c;nMvSIzt+V zDx*?goElx?9EE1{k^rMfw_unPS=j|VR9JDL70Qh<^ag|q8e#YClZ&!H>2mbmW_YyQ zAZTG5J;X8LEslZs7Bn2R){v{zy(cYq|2{5DT-DQRXq@uKN%fMkM((EBe?~hS*dZ;X z=9fD&SBoxpC{~x3Q-dv(*Y(Z!B?m!WCDm$BYbH#$)qS*?qfs;%2-IRDD57+lopG}N z`{g1PjZOhksL?ggSZ*5Pv)@i2!t5sD6;h-zPS=CDy6>=x8-`(Mfggrwk2$D@(3wzp zeXmGQ9a7{F(Hp;T@{1aa``8&9NmT~lU6SO5HJ`Nfv8;>FzXh;T|nlCQxG(p_Z zH_B*6Cu6_Mvw8hahPr^Kk}~JPDs?nrB;6RLaomYIC>}4wrBBT^*1G1i@cJ+xl78A9`bl9=_E$?AR3x!l+qj}+=m?dfEy%)<89rx zoHBT^?v{%w$>E)Z0TIc5(A%rBx2EE+Gy8fR*=PzNUogHvU3Ds|@0>+qYGgiXBX;PI zK1PURL5RNiNx;+}Rv45t;(xmk<&E?`l$;@)Hd#J*BTDl^HG51U0`B+XgI7}+HJWPe#Cs~{C8_pS2C!PTDXln?zWUugPKPCiJ^G{pF5jFq&OCm^G~ zNZwv=E(X8TwBGKnp5E?0o*r{RaZ$4ei@_a?yQ!jRq@K5gxqE2v^TZ z%lqe+i?SxKSqEMf;0X4KC+W{{O`I4?{yRv%znaRI2By3DY!hs>@jQtu=d^I0d(BK{ zj1Ljn|7ZA(Jq#GqpBjeHg*CI_{DO+2)*`sLW4nRSQ0R>rnG;d{+A6!a^Zp=tKFOJ+ znSmu!V@CYdlEtOxQ1RuvG2Y`KT1p7VAk|ko4I8!Gn8bjXyjp#9FUHEI?(v5BvKW0u>=e-+-G4sEE)+;e019_d$^ zzQ|?$oM8H(VD;0=AtIos+zpMT-siW8yLqA=YkWFkJi55s?BKSZDX(mlVt-|&MQ${i zkorlt+k|#^qD(5!HV{`$VRp=I@>-X^iLQcR1nzfQ*d^^FHRBhX=a)Lfmz!{+ z&U`k#XH#svi|`8E>009%%?A3m`qe!0wZEE&jf?#08=smPvIp>{9cSSr;Ql#QLKS?}{c=Ut!?GYU^*nMP zGqiiGsjMlEx722%tI$VZm0QQ98A3|h6bF&Idww^;O#C6Hqlb`Fufjam;rx!mX)5Bj z=3>!Jb(HRqx%zW48E%ZKWO@k>aq{h*fHoB`GM*tQ{Z$#AG#^!z%n75KgDe|L zHR;GbUyATyT5Fn$;n5zMtFj#*zbSn|8O>x!nWn)m_h4J%=?uRbRg8Qi&8RZlk#@ltRQV7-7l+FTi!W> z-Itevn~MHVp7d^d1!am#aqva1SDeYkp7Gc7NPQqKB zPnknl&t{9C+{o0{o$v#E!OG1r~YFIR|do<~~ zi&q+1J76F|1wt5n znqpo9aa^3Y;D{(R%gh(ET$p~Gd_3j(bz=^NGY=1#{E=$glS(nB1Qw`*DQF+yWR2c{ zNO@1;6WHj9ZH`*XyA|>zuy&DqZfr6gjl5bG!Vh<@uA0-j;NO4P3K?os1QX<6HK^us z3J#C}ftd#jA9YRfs_U{ru-QLJPN3rC@u0)-#1;5xLk1fwCnnAd6Hy6S-~LsMbZ*wP z^7R+@WhVdTCS`F)px;CN(=1hdIIMLwL_>>Wbv?AfGm4g_)S1VQ&tG+qqQVMgqwf4>^47T0KuKw~cZmS|Vj#%_kaI~p3U+;@OMc37m^?4Dgj*-p%3)}bVs8H`R9RBA| zek4QRORh4C3C#uA%Jp|Cyw^8%1Gu&0)A;NNd{6YwF$1n3x{O_ds(Y9wUr+`1;!EFR|IC zsgYP%$c#OmQY3p*a(Y#5y~4Y`BY0XGoLwTUL9>j0o@zEiXdF?uwlD`&v^}zC?ytM` zWZ={Q>g#R!{`?9Ft&@rWFe01?`j!4zK={y~8MyMkJcO$}5H3H!-^P!N4%e&Kd=h%l z@044+@>!kc37Y~VeOI0b&ol(39g)Ov~# zE)hGWwpO=jBwwTj6GvyiQoSC6l1Z0d3&VJeK0Am89+jHR!wMc$>tTe~U*y&RxBP75 zvZ_-5F8b<;625!2Tz{)Z<#_P4jROH$&6OR_wsgd>505Mbil7S-;!!przMNP`s(Ml(>0X~^mu-H{GUy5p$eEW&w$|=QK8#3zoeZ3Q{g?_QW8`( zkE&&Z@SN;vt$Lo5Ub*aiUU~;%Y{$-XDIoi<()F!dNY(FHEVSN1b z_63!+`+X@j{SoP-JR9hQW1q?ffqM+>=J4`r|J>>3ut(H829~~f%ijA*@^3b;f?7)& zd>SEpV?cqnizn@aq;t({?~rQdXt$>f0R-5V&-^%CF6J8r6TbvjH)c+O-z^ag=e-oK zyq{nC9=uTG{wqvWRdGZwuQHG`a)Y(bbp^r=RdjTj0iOaPVEVVpmB7d51)2UX4b@Oi8XM# zRaNMa(v|=>DzB3TsviWj>5%Izfq+XPJ>WML@^~%)=I-CKzV%8yt6M(jOTpgQ*KXkH zaCN*E=Q}Jp*q5Nm90vBHSw;`*h(0NNMw3cNhuYJGhLZk>M@ z?!Tw8>la7h<7>{Vq1!R;nDDf*DA##%z1KCt}v@&8ODkW3Grc>n|Ni5$jOWr z*UEaCY8ovEAYv)F9W2zinY zx~6=ZI=V4x(lx0@$V?|5Un0CKNKTkElD#yzJ1S>ZmdYe; zfAF@jvs+*)jxbCE*}Sb*fDUzUM+~+fK(E?+K<{>!PdLy!VJ1}*2-iQ)L4Vu=l7ac+ zFg&i8dqL69WX2jEod4y6Due77#Rf#nJ?2p1J23v3+3r>#9%8{K*cQQuJyFUPG#Damrf1ISBnx^4KaB{RD{eA19IlqIG+hjqu)1Cu6(wT_rjf8EzDfxjkq@J@KuLMDea+_1W9q!gFSl5* z`*Y@hUPOyxQUB&A;P&>njP-js-SqDS1m*xR7r^A&XZv-uhT$e7V~es#czyPu9$4d^ zI^xB%!wAdg#4HUek*7(yiZqa6{?){D5U#?OZrX^g_bsXbp)hRe;T|Iz+HmmExj5y~ zIni88humbnOm)R>uHy9xy#>eko-5P0*T{!dwGabYjvEe+S8bm0a?`@UiM2lIDoK?^ zwbUpL3Gg>$RL67;sWQ2ic`wR`JM|{ZPIvm{)yNk+rn{|&(?4EHysD3i-uX-<^tRW_ zC15w!QlRnwB~1>^ZbK0eD-zsv;+*$_vj@N1Z#S5z;pMj&7}GcfW8muMd|Iz9s}~Jv z3*fDfPjxVhcI;|L_m)tKuplfoNkIV-Bp9RObG6lK+MW*t^^7bl%_l^5C?pr%z0B&H z3h}d{+SzX5~@g5QBorulvOIU2XQ2q2Hg%Ki-csc zdA0>3%1+ZF6c-yPM`t@8n*h`bZ(=aq}xFDjJl4@78*A#=!W(tc#fN zx{R;tPp1i7u&f8??$9XRIy?`Wzg`d2r-qMNk!^>(V=9l8@YhPDhvk^F16K)h6BC;K z{u5OzzMkb}QP56O7pv4-buIhR_fJ0sqb0Y-e3a9DnPZ*{24!j{Y}&_eN@kHx<0t^|*rCxc}?3 z|8=J3Mwq(qN`on9+H_?pYR;Je_K+h?gn&GJ$L)X$>1w}%K~r2yw!7@Jv`_!|!FN_1 zK*`E}sKI@5tcC3qr@Uq|Do@0Q)-?Ho_B(`MQEy!Ayj%P9+ZmwwpEzK*R6}9J6c0lY+E zCm5-%8HN!c=*q)Lv{Rx&w}!!#4E;-_$|k*}L@j8nuZ6FZ=X3q3{r&naXik1;d*!lvLE z1JLE+H`woSBxjH!8~F>EkJeiw%X{AdW9GkFF?_O1NE! zlLH-HP^*R3kH0tdwHQ>>8_4c1;tZF>djHb(jm0VB%l4_sZqNXbGekpW?Ecu>2O`RF zo}$maD&Hah)y4;5Xuq83z3#v6ljpnvn*}A@I&AqX?ValcKkS)uz~>L7v?tXEA$NVRF8hke@tTl|1!bNyDY2mF+6roRQpcXD!s3xDQnKZ{EBd0v8(<%_%);h2WVSq+xvans2r215x_SFt8oTkEwu4GlU*W(an(h^7 zuOOv|3#*YbTqoR_Ni`>$mbZ(M&zxJ*=Eb1YUgb+xQ`L4pgWM_H~k*D?(E@$Fq@yTlVeV>O)SuDNjlK8&bHU7u}2+ z0u@&eEgVSnC+#^L%j@0j4=4VYqlb(4{ov`EBpHvaa0<0oX!-2ucCIyQ(|-XVku0tJ zWaa{!H7!Y3oM8dZaJwn-_!qPc{d|X8TPK_D3jH7W%>r%~deHenpmfD`;dG(q=Bd4# zSy@OmK(&c<;hqhQKP9@ih8l$_7eaG#c;1&rS&X8T(<$Hrs3@IvX>htE1Qr&FIP`*GfSUP{hqivT=U0uup)0@6r6HTcuUH1nTX`2 z%z?#^NO_`%`XljdUmNONxe<+OozxO4>rp2q_GDU38)U710?Z-$O!2RzgfP;Jut~GD zKt!BaxK3`!8bqM0!^6SS(eP2|-qhUD>+7k@XPH%K=OuE-%bzQSym$9DY2PaAsvD^!!(}z3zHUy=oc~m( zkW`D7LlzvR)jm!OtE|+nTe;iERR;s2p@tMN%IsHO^YIr1^bl*cIYtbYd;LhGIPT;R zG>3T9{@Mvz6mwTQ!)Fr^A!hJeQecJd zrOBNJg}g$y1*a;oo*fS^X_^jtgNY1PIY(C4H?yh3V+*8%SDp8HIFN*sEk1cFJpr0u>vrOf#f#0oUg+l^oV6qHtqSrz@8zt&cOd8v6Xba_ zsT+h=ezczjN4>UDo~|>MFTUJF zTSgyB#L`yT2>W}P*IDVOYQV$YVd_FJ4_I;m%2x}ch5&GX6FgE}`r+qv$jS&7TtN>f zHlaRx?rXkNZz#1OnYk1K8uTR16yNS~^RfNYXf{7o{ z_{lNHSdV68$L(zlWoJAUio!sZr5pIs;|Lp)qP z9rmeBk{=u9C7CU6VCCoRNu7f)mrh^DfUnN=Ak(A-Rfb)28o!=#a5~+My-&RP`MXgE zUGb}zKCIpvY_3lJ`AKtT(C~7i= zP4)Rk_PC7TW9EMG)C23CJRE6}KQ5F3FK-tQfQjj&a*-7(%?tUTV!p8j{(?YwB&wn| zPk4+D)Z{|Wu1_#aA>%eg`%;` zj0*LLI=9UVM`zlb^|tdc zgC^sr#&Ow`DS~z|hbe;mBw!xld9gH9JCDNCvN9!lkGKX z?J7^Y_H~`Cx-MerL4_6chUjBAuSj$DQ!-+$rj6Ch`l^7O9H3=#jUvjM_x@={_}fsY zP*bq5oH_GzUimrF#@83@TiHNdWs;H$xII<$()_=aQnRBg%Irx*tvDm-TT^I{z`wr^NY*^8~M$`iRFEsZd zPtZ}lcP7H|8bNfL9C%--JArn^SnHAnwu;(;s0(gn|)F)V^ z_*tu`cUk|CnW2XmL--=|cq4rnC>)-2-|H-KLc%DNY!NB3!iBrnaLZM+`T=!aTDu@S znPDd!02NMKz=zicFUQZ*mM z1;zq1Y!9JdDs81ZykBYtp?aMfsU(nSYp1vhP<(;D8TsG9^UA~h3Ma?-arCR)ROpK{ z<-LP{rEYp>&{2Q=SxK61`A%d^n8s&dkRE8fMrQ4$3l8N?)M?^zEsp_{6T)PXn4A?O zULN(UJL`PofVSS2u41YR8=&-W+vq4bx;vPhaC23A?jS%b`n95RC>P^>G!O}Si__A* zz3rcsbm|Zz{l?hc8dHh*?(;wpk?!qTfwOGaRpX-7_8cY8U#ci6ImsnyVBJ$$u#F@s12TRVRSRCTnh7UQ`~!UFqNH0sn@%dz_8M~U!~W5TN6$?Hok4;ABJXuw6fd`rA>c%)!JMa^B<;hkc_HW;h^X@SZ(sZv87geSC=t3IYAM19Fg6xEt1n zS+gAo20aK2zX>^`7=KKu_%6OIO!g81%{)KO7ecn7!_XuFbpjR+LcYkbhmzfxQYYyx z?dQKRH_)L4<~q7lK%DpBl8NcNriRzPBHv&+{s|J*&xAsFsyD(JNznFvd?!*eYqK;! zuHoPjYB+RS(0EWbL4`B|EY+cr|~v|p&x;AuKj18J?r z*14mN>NRd-I034*Yp!p_e-UxI@Cd$o=AaoQsVacuGh54K6(We^O1vVBlk3 znra?K5skhLxRJgsGlt65=%8iDSXW?*cSvROHj8Q08Ry|DG9F6ql+Cw15)$|BhFJ+4 zuq-Uz=tfsPKSGk#Es66&6OkH+iDD~!j7z3|6Nm-Y_B|yse=}h|_fPT(Akt0`pLgRC zFjkR08mJvH02qCbtm+vhsnoC)Lb%2L@PTaUiSjkEMARSKnHYFJZx2UehV9n5E1JK~ zG>3Q-7z7C+ESN9!)C-2&C+XkJz@Izzl@`~8%Sci)5AIF2isSx09I zcTw5E6y#tKIIrX|Eu?FCoFbxgBXb>;p>__3|Iivbf`Jsf(QsS5{~=!zCa*AQfuEPG z3UdDdgtpf^o(5j)5%p~60Er5DZ(jXiMvBm1=^^hlzmQv)4W)!9VTSkGE>R-FifZ4( zBl1%%O=3!f&@{>=(@G5(-N>ZT5uC_TQ>;lz;b52l`B8HtVIGNDD2m%lN;!d8D)deRB@zoa2Wxnmb`K1;pWz=}%DX_j(9*frRffv+EKA?B()yY5Q-S31flR=mkf8KgJcfG_o=^7R?+;F7AuS?=5d)D@-17wZVsTP)D-D&4vF))L zhNuu@`waJ0*n@Xs`ZhT1^|~!V7>ydbUD(X8n)FZyjyzPg#HfydMn}(1 zt+=IsEYl4Tfdbz5%p*X3LPC5(n^&N5(#RfAb;S>&K(~OhkI*Dz42ymzgGQ*h24bwa z-;v&4S8P1Lu?Jkohh+>`YwWTpIu7nQt7;gYL&lR4PR0(USmQSuytw#oPjgpl9*!Cm z#>92xN{o}pt0CLxid5jz7*OX8cy^iD1$^FU-MHT=Oe!q}PU*=sN7ux8qD{t+7)J;u zR!mWszi?v@ZFW}7_>+W!%!Nb;6%JR6>m)!I}$*jo{XZD(NXOisb%L!4JoWR#`bx*{U zVFkKpXIi(|EM?1_cRfkb!7^&jCoK*$+bJ+n~j1YHR*%1 zVcfFURMG-Q?nOpE z2zg)%M7ZNZjwr;77}d7#IT z@XcmD>Dm;sGYV;8wTip=1tP_WN2jibi!f`n`D{&+##-(;M=u2N8YwS0tMJEHbSx_{ z@wN2)k8&&=aSP3seyxCLk*tXUc?q;!nZpTnasZG|Q=5E3sL4HhEXF0A}g>HL_v z_Hoq~FXsn}fBlh_>$`shUf9set+c4ecVSuS@*yuf$kjZfvo>Q5W&Dgf8iZA1Yqt9h8!nEugWtkwTtMo zfW*ORDs4f0JaGj{lJG1Ac;$;kldfSN!*gzI_&6qC)mgpB%Ww^{i?K9@g(*z|o4bGO zH|dC>rws!2dp%z1Yk_``j(EUx#qsA>p!zDz4BK|~2{|Jm=a0a`nh4VuBs~Ja4A_<$ z;*@P)GpTTOQa9EhGK~5e2~T#Y!g8#h{n_1RcKniK>WsRwTHVSor^8f0I?%#1P@RfU zny8bE0JuR4_7(jz%Hp}LbPdz0IzlY|u&kDmK|xQWU!_|-n%!zZ7>v>}pe$-c6DxUK zKjBZkuIZ?PK1MdOx2hDWiL~OJ+EcOu3&?Awk(cG`q0KbdTN;#U~biwX^;TVL6+ffLmz;Ayqxaoso&q!ZobWbK)<9r zh)+LX1)EnE5mpjgli}+$Vyp1YNJHWCO!N9}5dsLovykgc;@$4(s81GTV+;1|c;U!|8n@m1lV_nGac&dii z9+8`dLi?cLw6>=9tK2~DH?#UWtKW1wdKP^nRQe4({6KltW0llkjOq)LqR zuLDZ@3QOQY=sDi_4A5TgrnE8Tt+O$XHO#2}JLGzUbciO7e5Uy75_gxT0G)Bj20l}cO>k3S+#s{t+YDfUVKH!Xjg9+YE(&csxIoO&A1VMmuT8%FzIT_ zt#J@A<<@2q+9efaozboiwayCJT3R{eI!w-i(%}L;nDC4^ z!W2RZ^^Ki=(MOF>X=E8odyG}kOg&%X)(B+6S0Sb@;6o&)Sj)B~o_)nJU=ZG8jATTS zF0em6FGf|cnSXpaDW2%uD*LGe5<9Xn`*OPvoTlmTr9yFm_R~KzaS9L@@o_-WefArW< zC|HlAN#;Z-fr}d8Cuvq4!M?6|=h1%cy%i$eU}j!fG}Z(-tC+{671}p-fFK`}4m)l# zCT)ugD%0et`Y4gtYb99=i3CYGcXivQy?aJ7Nl?uV5^zkn!B>XJ!w|$ILgt92_1|8AWO$hB@7Hi~|2bv>R0O*qt4I%!RpMbyD?l69n_bi0$EN(Zx3Q=hl6xp5&x;pc6$b;m z!MDO5Kg{zW!C8?LW)yjiuDyAZ9`)yhVUyfK7Lp+R1p+@{8Qqt~516yfq;Ffbs5o@undI9q2gdFE_qF$B1(6 zYAZig+9hT@i-w^RsM_F*8j>R}nnv33d@jQYpWR}+7|{GafLT6I)^W>4`&5VzMekb zclQ7!u9~0XMM~s9afP`T;)ev4%^a=GoO>d0UoEg>0aX`vs_0ZKCEKN6OQ92qUqJrO zE1!<8j-D6qulq66qg|yHK*bNYt52U-=cm_?!?zb_UpK@6C9&R`eWl`|WcZK4?_wH@ zTM-p$3~}g4+A>0wsJ90wH&bq2+&LVFX(F+TUQ=uBE-8FXJDh8gg>~Ze+oHL<+S3e$2-}*hyeYegZ-u>R4J-k1^Nr5C8r>vAeHH_p@n#sFgjU)!h zCl%t^h>G?qp0#C@^?)x)k4LaXQxJ1TG%N&R%<#l0=!71=Fp{1Yp110^^6SZ3? z-y$cOj4+vby@mUet`}7u3OJIyzG&KL=l*nd@cBAz14GN8^>5`e(%ev?Bbzj+a|wQK z>`8pjJDejtI=BS2PB~wPF-2P|no@v46(?l?De`)1_j7Ud*gAczVc-TV!DU2jj{R6? zl=_cA?LME55Reeg6#M{fx&-Sa*MJmTd4WhdR>P7`~?`H>QL&pu|5m#3REo)qwKeP!I_sVRe^ z%yvP;E7lu7i_xN93ZMW27KXt%6P@cqZhsqxZf89XcF-|g_J*M1qMZ6scHyCvaM81!;-szFC&KSR!p-S#dQqV^gQHvaAr!zuY{DJcQ#!p=ufn9b4Z4>P@mlt zPQhxoo4N)Dxu$!*m--(#)XM5*?8Cc)tUdo^WIUm?axdG4%V9><0!o|oJAkhu^{U(I z(o4&fNvRH(kNxY7um-fqNYa6?K1F5=$#Rub=B7I zMA_3qR`+skb%PG~vdd_@UbB22RF3A7D^E9bLkEjuOm@gzr(d0|XU3z4)jt{4o@G>H zsKrLgGAd^+&C-bHD$Pn1W?^S}d@wgD4dJ6B#AW*((`WVm?^oU0KW(hKM_uv*imIuM5hiVup(m|oB?TJ|Yc)n^t@J#iZ|}n+Hc@ZZ zvwE6L3XeWYq45BtG&OmH@{N`|KU=@_HLg`7qMMfR{p{QU16K&n=s8rh7eo%fmX+FL zYxiCa(MQ9_xAYt}#Vep*PFNAEe21{VO$*_!Bgtq}$IDcn%#@h@4~+RXf$RyP|KLU! z*25wFKT>PbSS`TtA<%46U#PJ-UHAWZhWGp?xa?G!2{`#wa>N0`7neN-4MPXMTMhTh zr+h9$C&fxGgFFpg+CKmT7bDT>GFTzf&Wh;n+akmI8BDrF@yrkH0tAV!FWN01HI`F zN;SPzCwxISQKqy^_~qF><4C zKg1bHCkWWlqp*^LTf zs}#7%?b0VXM;UtdCjT7$_h%)>P#N?s+KaZ|r^*~F)Kt34nwIRZXJ?z&qHQPOAJ)K2d2>=JZ-o@Uuf#yL55NF%)|`q9oD6PSq) z+R~YX5Si8rkv)!DEytsfIF>ey{&ezn=1;tSCi&b5qeu{EY3FVcRfg4dPbYaTM-Gu! zN2cl9JzC2?t{2U68m<;CdL3~=fKO|!!Gs?o0>b@I50CrHxnfxDP7k;H*ZuC%Mw%ZF zm-ox_(q3L)zmA!Xve7W{*Fyie&k{n-n*Im13ttvJ`0*1aXB0N(X#kHH({yI=Uw$L1w}Ej0n^jZQ=|A9paC)N|b`+^OXI1L{{i z61%fTCoh&GP!N#Vpc#!1{{Ig$AaL~mB?AiQtPz>$xLVz*HdMDzn8bv#p@#DCAUO98 zz`7%B3B&xA2$i2oBuhKmTe$cunDvo-sR>*rcTr7yj;NHp=6F~LfElv*F)65#UAg`v z1Du2lFe4T%TFzaHoYx(x(W%6@JlB*_bEpru2bIztJ5+Ony|gVGQ|59t%Tsus@fPUcbc zOT0BR4D=P1yi?}JFHX-NXxV3=9{oar;rPW&H(knfFb5??`YbG&3hY>zjO@kt%!9iV zX(38tQZy#6BWO0J6Bm-!KGm$>*4G2n70Zzse{)GpwwY*l=Lw!vWGepY*aB*p_ZY{F zl2_93U}5FGN|Be%PR7Vsu&DJFX@(~+V_or}l;mw(s(RS!QZCC;M`&vi5M^opKV*QD z&M05DVC1}p27Z*I3N?O$XS0O3`xjES^t&ogNMIG?Xe@7U9o3HtuUkMh?s?5673y;e z)`PDAOlos-i?Qx3=2o(45%fV{XuYYrqp{p#GiV3C$Ni2{h!8?5Iz;AD-0%`U7o5_<3Z_te98ehEDQ}DaFffk_ zx|$B^ozS>m%cyGSEppU4U2L#Yi1(S9W(XZ7{c*W zhS4RD20L(iE68=Z--JDU?p{iDKLpnQ12PAE|1c3pn=Ps+oGmu#L@le+D>sf?Y9yze zkJnFYq+coe{Jxe>wOE+EhJtF3AmyD$Pg!x)vlY4yJciF??~j!<^iL0SjGa%FP}|y) z+dr-oK^ea!pUFgY6IKl?ek+vvj2+85=7V#hWZN*?vrxa{b8f6Y+`eXDsuIUd&3rOq zxX9dG=?uYw$lfnsC7AMK%i1M?+v#~uFk>3aHWM9)(rV7aH}E)Kb@cW|1OO5WNbAyTkXMR?LSVs1lJM#usiij`)-*Ag8O|+WT*V8~tvN z_N5;|36EbNcFS#lv;!}$eXuXKNLG3+tK755aJ4Ag@J=z>8h(&4J5q6`k~+r8rw>?O ztuZG4!#o>-e;ie-%Uc7w8j`;s{F|4}L31&Gj<)(I0)J-upTBR4l1B=Dp2qiRQLWjD zVG~VC&fSIUtLlmgrl{^JW5X=?m(fmJ8mFJcwd#f=c(ckTxF~DiVoJGZa88a$ID}JC=_lG*(g4= z9qq7tU=K%fy4A;QbTtfX&)yGrO3MXT2Mq(l1UNa3PGoc8-2g{|jNZ{FQtMWoFg@Zj z3WX2Tlnp2VihMs&fi{5r^n1h>*Bd4Xo2a0QIuwjVOxRy^(Y7h>W5q{-%CZYcuYIg9 z&6e;ry+Oh&`mN`)7st1V|1;)#;wK9->8|HB?`_QX-&a!s@uTfNRJ6Un)ZWCs0f&3P?AARnlmvFO2w2vGy7R#_sh8Ecm3P(YFV@6M| zzI$4zM)IG-CnB}-{MpQ~C&0hD+1c7!yVeYjb;FIJh4Envc?`w37?%QMJgJby2?n|v z{nsI)OvfCy-RujtDsayZ?A#|pp2XMc-`228@{;ejIF@eeKxWRP%?gT!b| zIvS;89R|vtQdKmemy!Dqc+DxC_m?9>fhYLC9i!O@6a&235IhKzs?-Slt1SJH*UmVR zSaUIE(M~TELlHjF#eYmdqa&8@G+L#?j*87?efBu_CPXozzYMu?naF}!6@Cu_ff+ok zl7uo3d!ry8QOO-wlX;PEoS+r>IK}zPt>OqNf&x@;)+ZKoc+am9ezBC|$_x z+mav!uB`&%!wMuufvs)t%_fO1+yom+YKgObaU*xA10s$8H6_$<0XFCi-iUs6Fbfo1 zo^q)yHdo91C!KWJyh#W~#eUWI?VK?t)pA$;LvS5(U-Kr4#U#p!x-fJ!ogX`@NRugv zmk&>Qlq;s>qiGnoU2#%oRG1w{lWa{01(Td&Y^}1pDxYy?Jjgi=J{Ds&ERB*-;X^a+ z$H!-mTX3zH@66{M5U9b@`=EO(*blyU3iZhuAsimh_)HQN7Hv%6gbjru2K+cHHqHtM z$1;U@hy&-C1GgAWly4sV7Y=*|Iz1ts=Cwi_*ONF4No$yi(s>yI1bvQ^D+Z*=%V7j>A62W|Bf)EM`=Mpz-EWOMcj3MuD*O z@7D@Jv3(?%!nf0jc=G2eIGi*LsRx9rq2e}(K)~iD<^s)q0HJD#Hwvm6r;)hd`x%U+ z;FmMlG?QvT2zw}#JPrg(keDWDMCF>8nbEduR-Yu^zJG+GfxoQJ8vj@eQ7_^xnv=%r z0Ta|HzG1kmfRt6mcsG4$riv6Z)Fr7^QL&dnU=r~dLiG&5hx9u@rXS7~KttK87=j># z0k7Kx`La;)V@v`W$ua3;jm{OrL2V*?q9UDEB0H_IXT@{fnwpppO8hD)6m#s4zk~8Z zVFo{LIU3Fzz-5*phKDK$V)iHc7k;hHy4YyezV`Ri$5X)?aZ|pIGhw?}b+jHb$dDpG zyOu+07RHmHpy#+*fMCpLEMS~ubUmN8pqQeR5XSkNW?j}JjgNXPpu;}+w@|2dY`#vN zwcLt@h$sO#<21s~WlO)LW0)t7q!A4{{b;ZuR|qThOSBO% zX}ijh3rcWsb3daN6B>!KrP!(3gv9U2Bx)F4Z%Mn4S`)Sbm8v?aAjK|s%K6%a*0oPfuyIqPKa-vIUDt^}n`UEnMZNMLxXfD9IR6 z&nbLMiT7#~iDf!Exhw=k)_Eh@N^qbpfP}3x2U!+@asnIWB_~n*BSqq9C;|b?%#x})h zLn>pwF3GzU5{n>=#m3NFV(K|q=vtX>1m5<5NQ|xh9>Ju7x%*MCJaM>J8a<|g%iI^n z=U~j1@0sma3?}b=BVNVasXe!l0tr&SE}GN;nQKtIy$k6(SQ&MEoCKFxBv8< z0Wb7QRdqO}QIgi8NY}RRJWZc(IVF(ZHg92H~t4yygD7RXIJ4ICG8syw{I7 z@E)pzc!F%>8M3Gl28#vGfBqyq64$!ISv%a@27-bWujy5w!D*|?@{<^iQ03UEkfXcO zy{VGGMGO*;ib0_8|ADZItD#5G6Z|sSQAAcbkEpQJv+y@}OJ@}E$w1O=tu{v1))c>VQgRKs+)Uj?WVps5{7p-ur$giYI-Pht zQDc#{oTRV{9wHg32eYB?!G?-8PK=rkD{wIj=&i28ilELa()S7JNV>bSQ9wzA3;HM) zLu^MTCCjSvH~!CJeOi%S*Kg9P4~jBoOAa`iF1yIy*yoqBMytD(=5ujBBBJM>Gp`$$ zqMy}=?w8=$DXaF-n=JiTef^ZQ+DgHg>ut^>x8n@`{1eC>F~$-C|0kUI@@#@Ktk_ z{F_Rh94BH9`9W!^2xv!a^onAbphvPw`n*C@59>dMIIIlPXb*V6$bMRr0dcsm{xk5Wa?Bx{rsrnOq3Dk0r#_`qx=n5Eo%Ny z<1~FhJ|$Se!Y=etT!9ouZDh1f-~-+Dx%aL4i1x;^8wL|eRuRQf4qzWMUsPP z^bnCI#A%ZeWkijJQ$5(tIdR4o!GVrG*-u$yl~^XsKOLYdC3bAt6#juF<4|IQkR|3q z$;e4}pp(GBB^f^HkUJod(r4g?X#YM+Pkk6Xiwl-=6!K}BsSa0|wNm-JA)3NvQ_NQd zo*Z2@dXwx-2Ji0)gX5$qI>`(NmMhFu7%rduPWBkDLgB-17VbhDk;0akVsA{&fzyw} z6t^#R1^J7AmV>L=k*mONlyzNDPf(A6l>BI&Q5bP9Ptf{;kp(0%WCfc|8-X@4g1TuI zpNB-kHCYtVEo5{ODhe6cywpwWcFn_-|4oJ)co2;wBDw8cL$- z-DVd*c9g`W5k@W{kqUgg09zg5dGWipj(tE)QFslXslGG=h{(EyEseeb_6ZWD20rvg zi3$x%)TXlZS&V01q_YZr^*}{T7y(^Kv=!G+9?^%us9vPUZ_)t>Wa#IvKc0IY=kLwW zjG48`8$>D!nghjNK9Es8hM2P?|hyQ8%dto9DyC`8;;2(rs8( z$LMn3e|5x|ZtGrD3IfC@e|YqOlJO{+buRB1-?UA-fQq-GNhs1p;;X2>lp>x&1F3~= zD2es8CyhE)@cUD?tKegeEpP&fiGEwjfwlD-4I8PA69THqud>hFD}eWhph3?%I9g1B zigQ_>i9{v(>oAXiRJx4;zu4%1Y)Z)*FwL3Xa4=B<@!qPIO zNN&N~Qp^ZGQ2j`!B-c=`2|h4(+)(~3CpKTkbt&B-r9ZNLQ~}A59HL$R*xxDGkMR(p^6#d<38y2h zuAyBSbZ;_B-z|I_Q@d>DUGeXI+0iu~+M+*Ri$HzRGT?4%H8h1ksmVdbH<5$(ZwtOD z0#`%AhAc!bfxKMC@JUOgXE|p-m5yD<2WtFKVXoI<^FwxP9cQr zm((7Oi3Y{PzhJx_I|sm$;NGQTE?2@6srOOQbcaJ9wQ-a5hH8@53kZ?%9P3E2Z+`eb zNLAoL%`9~!tvf>MPj znbx2?&NHDa^;lv+dXBLLk3tk}-W4TFl&H4;ES54cXMaUYn;X2C`fW8-i8fl)RSq?S zUFvLOLjD?JXeP5IBK`ea87LsNcR1XLSo#rJ<_p=^#4sO!Y)Ar+iqzWNz3Ufb|M_5m zil{_P!F-*m@P2F}Ry`8T_1h1)~pG|4D!9x8BS;q@Nof>irgweo9H}>dBdsBrCxSj@jHR|J`;hb7Mtm! zLVnd}NeZo_*yq|lQJM1^(S7Zg)6rbz4Smhz#5jwVrfz_PF$ zt0S4Dps0vZTg^1NpeA+(mNN45-9ST!1xo;%awkzwl?ZTFNRH*oDX^eJf{0SxE5FH! zCA{DLaz)qUKX z?Cwz!?eLoqpTrW?j$yXw2pdwUpAg%~YdB}@FAiNRudG}CB07s#drf3XZ(y7x>E#fx zU62BlVMPeI8-xWNZe?|ia-w9eGW4UystKu*xbw)q=L|Gx27}^ISP4=}W&^K4+qbq}v66)4nTgHK$fA0XH0>3VCnwR1hqA6^C%g_l z6ijk1V}n3I>2K)*B-3;Ui|LdT4tmnDJzBTiY)$GzJWtdk9{TCB`M7`Y67-iVj8sC4 z_p#k6y&LI(&g6z)2w z>aCAB^ao)ui(2q=%L^I|vC#)gXLzb%YpH0B&Lwz!UeJ8K=JwZ*J#~7fsw=i<+CQe1 zvRmTyVPG7nWL~1aw6Q`ru&nUOaB5BS>LT{PV=Aml#Po8DnxA$mXgD_Y|6oE1W$Z?^ zxJbMotMUyK!!`AAbHa6}j&fa8T0t7=6i!9l$2RLE(5~3BG0aKb@gMDxff*hK)efV> zp7P3qAhJ>s6C~TUUAlT;t<+HysE#Vj$`uY3tf=S?JVVM3dCG27M~r~)172!>MQg~A zboNjxFonqN#`OfHPkCQqrqU9XA?uq$Ba28eBtgJKvvo)o%GBf+-_IOIZC88PfTQ>U zh8pG1K8N5S=AJd58AJ43xJB!tgw5S@%(F@aG8VAlo5q)LF0X!n zz`ynm3fj?ECpV?srpuTOU3xoeAXYaDNbJ#dGu!BK*;-xLS{@4-CGeSue&ay&vxkT0 zy(*NX)w0H(OH@~GwD!neCQl*VJtH}!%WkBH?0@Y1%ncUo8eI}jk=_L%A7y{W9nT47 zE?0feeZKTIi+|b~rI{5J2zRAvF~GScDU3!seaZ@{ol|Ug`97&I1`Mu*lOVE!Ms_!_ zC!0N>+SGW~ercfTDM=JDrCZdRL-z)wWaQWNFpo{>o~DpE>N;3IC1eE0X`}UJxL8pg zE7LJb2=y7wh(^ck_g!LipTsuDB~q@U?YlvRn9^x&;D{1>^QRI#?Iu0DHD9L&f|HEzpoy3_@mDW;ePU3K7;mk3g`RuFgN!?Cj z+MGyRL#;Xyr~6MVoGb5LlaN92eI@UMGR^C3<{+<{5WvO%v?`{JEEfSf*((q7YI)NL z--pWlF0%3S^kvdt1pcG>X;7j7VKd<+|5V>*OF&B;?3OE5E5vOs)XRT4m*>FhCL>w2 zF6e3&xftQZn`l(Q#ys`Mn~#hDPgE?Ys4IJHvyc{)9D|W-(n!m1c!)Cf5g+Rnjp8*4 zOX^gFQi+jHs*_JTegmg#=VlFZs&FzL0E?16^MnwjEZO z*=FvMfr_p2n6JJKr|Qj`NyXsACY z%pOTAn1pSK)>a=|%RESa)CF}YmL#=xGtJHnsC?X`4;G{_$bRAt);$2)^GufVqX2YH zeEDaRFg@xr9k!X~Ubf)I#CE~i zmMbqU^@wUlc ztZg#Q$(gYePf_7JbE5NZDbMqm#3LbT!4)q?9PMe#Z>l?%>|uA3_Z&%(TB$3Itm*ROUefwqtqXJoQEpLtk5IRCC@sVP-z9> zr~-RhM9=CVfHpKaB#>mw^QJ@;KV*Wx?J1BqddRqQjHaKXP35jhEZHC&5pq|d9XU%h z7caf6kH`CU>`4>Gu4vo6Mba}(9jiA4G?eg9!O8Qd%$ensERJqN;0w{1KifP)o<;?Q z1$1KTL0@b;%0OR!*WFcYC7nX0X&15Oa|XuGk@Ogq#^HJKcVdW(Oy*WioUy}(?vfXc zO<7$l-U{9NHTB7Ulg==sd4G4xpk0-AW%1dS4mVoa5)0?(tsyhfD3C${+Oq- z$)_HSZ2E;=>({HjN9K@4v*rCAVxsG$ zP1>|La_iD3Do<)& zP!Lh&1I{>RzXkH-Mk1WR?{!-lg?l&nLD1yKs*h$0whWsD!>%@v-{&!dE3sOB4F}KX zwxv_-Aw~~hKBhN=A2V|!xX@oq@r3*1V~Jb53K2TEoW&2*9IK)Hq?C~EY=Ms3IZ}$K zJ=1~iKq*o#+cxIw)x<2}fOM5}tk~TK%^^0`)gZKo;U7!mV;!RI|v$GWN!&BNpQ2?POG_a*u%mHSo=cS|fe=Oo?1!1-av)2K@6 z8a9Kuq4ug-y68)zS-pWn`gPYvyJ-_M(br^Csk-^@4y)eL#&cfdt|76?1nUSt8<-=2 zai@zvux`t?RajAWmnJk{4x&VRE0;@!W$7&EJF1q6Wm*qYAxK_|m3(tKfyub9J=E1(fdGI1c z-YeJ~@8oQ*T8blBe%D)8wqY3Xoo&2BTc2FJ&ZqErcaM(26OVQlJ5OkHe|cJq+CHGa~iG~f@8EeN}h353h6%h%yKf#>g0?41ckdnxu&9)X<&}Q z0zdrrXiC9!Hs#F8p4~2vxcz6X#|BRc0d?3kFD9n8bwDbG%*ydzHeRchF=jmn`@F;1 zI$yTzfve4Bp(!xx2~)2^Mq`JvWrg}{V)H>xMv@4k~CSu3f z5)|R=L_??sZe*A48lwClvq_ih{@r{9_#^{d+ORuueRlgichU8XSap!v8Mv5zp);pX zT`bSh89ce9I=_v?WG|-l=^A>iKbSI|0y^9-mbR>$CoJLTud??%|61tu0gFvtXfmFx z+IdfI0Au?tO6Sqq%$u25?_Xtt&28k=IXg6Zoj0FV)D5Su*w<9Y<_(Kb9AF>-Mu#i&T zlE{31A}(vW8M8!&+Cy9D z*=m@c8H)JAN0OQ4>0_PiejsI;@k`76KD%lAa8I4YvjX~OESF2wjQ|l~NrDsf`APQPq@iHA2o3dy1C?HnUi$914qC z1``BcyzjX!OBlezrNyUXVq@5(m#H50untEo>dR$j!vMVpv2Jc%<3cLcEltuf=Axs> z6=J5pxdIXPz1hs&qqGea**ZGa7h%M`(O?g_`GuX_R;srbn+yvuLpeKA~(q zK8T4cG`VOm6hN`W2-q|AIdttCsq+oH>z{$3`X1x$E8mro-J^^#vYBYW-i6*vgCD)4 zIbg;D!o-}RXEtMKFU@xpf1m#(-!<-uEg6C~G6lvz5gOgjbaBF073rPbk;otG*wOG7|GmZw05cO$G(l<~5&ZioU*}e}7&m zi&6cY^kB@G0>U}FjTs}tO6DUcQmZ%jxopHXNH6o93aA9jemIJg{ ziPeqF)l^0X$4o6;ET?uqemiUR9MXb25L0z;+S~+PAZ$L)i#fP$i;>v zBcO%R#zYTK9*O>;@ofW4I)ZZyC8|mLO0pC~d>O2Q8O<{s7)Ct?deOtWgm)%xgWc(X z)5ykJt+s1E-vZPd)jm?kuzxt_aC^Pjr5=$iQewxBsvTycOGkpQ!t_;&C#-4b~R`8tk$ z=$b}VuI6!#yuhPp+&*=2<5S7Zk7%%QElfg>4$Ft2SleR-x1~>^$jEc{tnZPPQP}W2 zd`ZBB>+CAuCaCJD$>kA{u)*hsZ7ZipT8hZuLxGBb9LWJ>f{~`fZA+ISJuB zcws;YKP3%>!Vn$zU)<3I=EE1X>cz~Uo&Vwfov^@lXs+*neog1+fFDDkQ?6zl6oTxa zNjx~zezs-oCwIB1LTtl>6q8{tN5@e)7o*e)e zmQgpVp{76Y9_*JWh3au`-0OexOTl<>!hjr^29h0^$V^CQ)?|0}85d4RZ>{dSSIhPk#Z!174q=P^uS!v3mj?J*&i7s*W_MZEtbAR`ObQIg|phqG566Q zNQ-o@H2S6$K<*^{^~B~Z!r$&dE=gu+Ng{PX_;A6qxrZV&(F{5B^w8YJf!(REHWnN3 zwx`T6we|1dfKOm}v5_3PobHRH*PAy%n#z(eRU<`g=dFH5QMw6CgkFBz9*+OZzAt89 zYlBXiBg$1McPyd`$@%_DSS%|79aD$BD?!gzCcuU3YKn8j5WrQ(7~uWt384114={{T_egb8jPzCmFAGb{S3Kls zfybm^KB=X%RM#eAgXaN6ISaXZVrLmmx}dys+ohn>=&ry$;>1Q(l4JJUUxCGXR}4Aj zuu@vTdzjWvILp=Ajh6cq@Q|3`VwHi+d=3+48HLBa>?;I7dtMQko(dvEQh`s7Q@xnn z)iDq|AzYCQ(_d4RSg)QB&1O){I{@dpy}-Hy_eiP9i-0nb&V+P9!J$Wi4RFq`Y9=}|M^kn>m_T@mbbtJS215K2G?|{_j1igRa;eOH%Um&fCRO;<;Zt=c`=CYvG8+db8)-XF2Xc9zIcJ%xNPg+5&%S0AfR?o}-I zOO~uhZsBQUSK$B8qpYT9oqYQe{I`}T_}^1HDz_q|aEV|NAu4~;SQL>rAR?^}uKrjO z38Qo3<)UzItd;=iw`34%3lO0h(#4gzCGZvx6P^@bnnIg8P^UEqQItY{q=ER$0P1I| zHBf7qAVWmCgt&t<0w^N$d5`{ng)`j9!P7+> z>;O1qa$hYq{`HRYSEG-osD+ z)2<$swA}{gO8Oj-$aSt@$R)v#V#w$Pthtvnc_mDyIt4!xIP2ER6pr zWMqgC4c?_HposFpA-ANaof?v}-N^1vxf8T-Af^>D$~qxL@s zW@p~|8%oY+)(0W_UxcRGKx_dk-tdlqc*tkF<;=6>?tkJ|UW-F^U`lUIZ z>*`5^)gSJ+8n~0h@i?}n=Cq~fs%&5CJ*SYI!pJP`WuQ)26o5m?#H+Q+oumdZuihJT zSyxK~PInYl&k!&U=2{5o<@|UY=Tt0uuHqgFY!Cm zrg~j=>iu7Hm)SY&KiY({l`=gK|AXCyFKA}XkTgOexR=oeNiBT~JQ$P!9%@rOM?Ucp znKzr`+;#(GCl+#t(U0(LBSaTI#m^2B&c8HGbNpPGc|dxgr!@XiJR%al5R`0X{Jg}` zZXj?OozJYOX(PY%qQhtW&EbTW)CPSOV2SM}Qi{ z^ZVd1NCyME&SMEd+$-MX#<6Y#+Sa4CC@211H?8%a37kZL5`0$5a-jNQR)E!EV_ORYpU$nQdX<=F=Tz)*g7;nWz&ayKDko{w6sH& zMbTdJz!vI*@WPtq;R5CS=ET`UddR4B>6DQGR^lwSS+lXv#K~19DG= zCM6XB3J&ZC>j=@-@p6cwC%uh55Z~2=?~FfKegN9-#uobapx|J;Q^v4=zN;+ULRpP) zy$^>Jlg)zWqwJy$*n-cTYFE?%=N;oSX^0|wYQWvi{iTiJYI#)I&xz<-;R_<5Iq0P_ zM87P;5(d7`-dBTuO=Rp|H85qZ@37wpV(?BSL_k>+fO*p|9%%B^aCaOy1MQj(7S7;V z(i%W!Q%d4=zAfeF?ls&?=ndAYzxP z812EJlx;YIoU^YqUxSF|`IqxYCL>y#`bI=On^7d#J0hmk0c^PNN*NCfcYo;=tdr}W zSkgxU;BCLQ$qGI?;Wpg6rLn=hmC2{cw|Gg=0@#-1&>(oRg0eu^>5Kibsp?csypXOP z$ocEjdPsHmhk|?iWJOYW@+t5-I=$KZxU?fIDf1eYJ1IA2`S7i?FZJ(YWe*xQyn2)F zC>h;b2Mjc;?ITsc@LZb>y#mW;a|}o7;`m;)@+!7sZ#H)4Y*sNhn-QE@fz(y94JoHf zwoImDJrD3MP0UZtz_`rTRta19BP+N?wL8am+;>Lg%KC1Q3Gs|2j8n{RPgV&@5llL> z4*QcZT05z~>-hh-r3%mhaNx@>UYI+MqA-?XSopPMxF^-2Jss%Z@uaG*rN8nmXk%c? z6299|ez2T5o&Na$8Lmvvc0!)qX2D*T+Czjw$rZ#2WxLKotP4t9U-$0;?IL5L2$bt8 zW4%8Gg`xqo#k^Y6hhe{9b@T7PkRDb~o4JVM4y(yVW_>HPC;qiEuBlf^Q3RKO+dTXG ziu7w0UYh_TGTnAiqB#<^dtyN0-742RN%AwFXLy7e+VAlGnzD4X7*YwwEx>^QTJ(_m zX*)Dk{kI!SX?V(TMhZvuAqyHMP(>R$Q#LS-9ji=-WILHE6O?}()(Q<|3-o#lxgllw zvV|6KQ?VZL4mC*FQmg+k&ucf3x$B3mi9_OzjG<Fp?0@WE>AgixN@>Aw^Yr>DN`HH{0jU=1|29CC40R~<@RH6#ihi-*76;(Qp}0%; z1Yl!jYsdIvzD$)&h`5{mvz;EE0=(j0CV^V1F5?9T^{LOQ$nfHpYGN%8!L>TFMzs_{ zg6FrAwrwjKR%yzkRh;7L;cnhhu+sLG3@ zeUA43P|DuLiclAGoyI60YHLIW(b1`(dQF98znue+`@!@r6TsG2OYEcZT&cHiq)1IwZal&9 zjE)cx(w357MyU?UPYcMIUW0H#F(4tbJ4JBqTnVE37hN>#1Rs)jzlI_ki^vV8k;T)b zdn5Y-$cGpD-Z!u@LzXv~7;2+>2?I z(1>7wdb<@}Hl@z^&R*aU?ox~IkvZjs!d+ zflrm*7Omrh%yNB1vHkB=YT66#yNfL>^h=&`GTNSLQCrl26j~OB8S=pI9jfC~)l*{h zf-;<&TRU4{C5~;qiqY8_I9~vRK}cvHq1TIYv-y}OzE#FIY?}$Csf&>sgMZ*d_Plli z&7qAEitp4p$JP_AicDC$} z2$2>pnjL4{igy{S?B52akAInrAP@<1g@%*bKdCA2!`RlAY`My=-{t-r*7)9%2|7qS zkYTyH7XOXp&oCCV|6-P5EFXcYi3qt=t(Bg(1o)N>Thp{*Gc_LRu`-@b&(mnZW)Ndy z4n{8LwXoF?h=!d}kj#=b`WDiuZ@GO+v*=0Z%rXzQX?kJZEayk4^tWIzTmU}Xayue% z&J{35pKcT6`qi^4O2n^72(5M*W>6XU;2J~r>pRv%A4K3up1`IA1eOq$tae6Fna7xk zXa&6whHF0dgNPb7$i%geZeFHHHF|1*i!M^8iOz)gdofb0#$6I5c?jj+73K?W`b)kj zb#?&nB;~p`PDpDy3cBn8h6-J<1}}~t^{D8+oxhc4wNE=r@|M%cM0%(Og_(57!U+?L z8_Uo?uyK$MaQ>rGe`oHhOVT(VuqRsJl8U#_-8LjDewLg8`vNNam))dkI*TNp95jhm zNLM2YFkkW~8r_N(jRR`DqB1{=X|xx3gfsX0whkvD>UA#x`(IGW8Dt$bX~@kiWLf^4 zS!V)U16i3D`e{0>e(+Q|C_5`h-7_LD+{x>3uk88G<3R?Q5I=AIN@?rC|6R*O8RVk> zv=7`9z>TYP&48DvrhZnCz0IJe1NNyawh|BdRPA`ikG1fbJH$+>qnptlG~`T4fL|`% zW=_zF(AmJi1(!QQ$4q|P!Z;q4o|Zc`q@OR-;?Vz@oZx-7PwloxU) zU_K;7)8W<(Rz?zG`hS;Tfx2UF)g3d*elrg8e<4a1kh@ZY%<@0zB0sSCKxN8E-MRno zs%AoG&S15>yEEvivh)AVkVE?A_Mzp|C50aQ&!0i*kM-vxpI2q(5#lJ;R{bGFV&Tv&sqqvMHcXU_^0}xrOgN1{{@@o~ygh47--{CofM= zphv}puy>K~|LFS*pg11j?6i|*TSUk)bh8>Mln&)T|0m}F76Ha{NRD5F^dB4_!cRt{ z?sYoOBttq>H4iF=2I7xXA`CMI77vIb$WV|rZ)m;h`z6y7A8d{o%tYp87|Ad543srM zv15Vf=AYV6@oNgoIQn|J))LSPxgA1%}V<*>V-q$nrZB}!#Lfl4#R1rnj zV4=opDEX4VkDwsKr?4bdnK1G|6@Bd(H2AUre~mf22-Ei)%h1Wz!+iQqQ*r_KfO1Ql zSTI>I3htfw0u;|tOwxX#_NR@vBRPO2wh%~OdGt5YT_X}aTUg4tmHhs3sO7xnxJ>>c zZWjdYk(a$^wv;%s$NY+l2DJ*Svl1U~DmS>L#O1U%+{PV!^L1R`BIMS|P|)U@0yz~n z&%fWF@}`8N)(*}6AC&j}MCYLXqOt;>5~cw`#^_WQfQrjZ14WsMQZx0piOO5T@rS=D zJnk=%qGa=qKo#XhdBzKnBXDR&=siKYq{KzP&NJ(nvYIZ)h$S zW^`}i@;5t0*n?bhh-gjv=QMi6sY*5T_}{y-z%#6|Cih>?I6jHs+fo zE7?T0p{|h<1D6UYM5LfX>3;!^KykmQLMzUprLI@fC!u+1)&iAHjlT>wE>*68Dt!`@ z0Sj5esPqEC^V8=7UYm4>ZXHNC3@E6Y@g3OLS;446d#_)2ODfM&a;5L{Nqi`{QW4!$ z2`#A7G=^BW{xV3onsNcBM`@I>2{p;hEEcNocG84n7&Ma}V$a8T4=4PLHoY3X0L)XG zC6q8tAW?0UsD7u^$o3n2%w@6{G9ud>e=q7UA~0#40tZCHyM}pvfzsZbq2_M#3AIP% zu}NUZh8lM!*^HBg&1mqI%m6%qwYr74x$n!CqsoKB{pH>`mQi_dxZe_uw=em9dsMcJ zCRPOghQ#Us&l4D#XWwY}bz%|SG6JkE?adiWB=yLF&q?l4;+?m@EOkxRkalbi@Oe~; z7`zMQXv$Kk+*^_`GgP{9$nPvZmqVoqV&B%Opjj9KV&ma!Cjt)+@*Dpwm>0=17wFr5 zPiM+>Tn$boA10^31)PqFSnA#Xm6!HW3Xm!jwhTJwp)yKX?{4Aq!VaYTdo^Se4`>mO z3)AT}pi)69lO<;Qx!t&IPn9*OJfm~7hRj8!&i#8vXL%ISc6hw8v90TiT!Cik6Ps#Q@HMzs(46k%)f#vDqG# z2@k1QR@*tr8+{F^Y`MV`9`lfoX2-Gmd7noz5rjqa5`HOE>PDbjfzwR;NGiD~N21iV zh%dO5FypDP$vA;bcr*g@$fXzX31N}+;8lGL>+3~Y(`;M&3<<{3cpefd7v{h*zzAQ(ALre}YSYOoKF}q8%DF@Si0G5&;P@S7JgTgR%kC8+p)`2^VMG z8+s@&RobI6p<==!M?4H!H2N7)WwEmmm7=ay1^7Z#8Ze-tmtLAU zfwXTyX)g?+$F7c{j`xTyM4}7Oo`OVeR%z}gwC8VVF33rq7;x&qZu#J6?Iwj1Tr#Sv zMrHc|wacS&0TyE(+$j7xr9CPo3#i{d&aVc(7X&W03=B86gE0Z$HoVo8_NY|4^nQkd zmR9r^7QlvT=!gpyfq6r|}+v#+b zmnEJ+1p{xwqP;0$p~6cGgkHcK7O_b>fe1s*_hTx28YN_ev6NBw#&@{pYFto^f^Nn5 zTjm6_#D#=HCHeSsL|P;B0^X31ZBRKOGt6yC0t#u~fd|Hs30cAE)+w+d40tkLxXL67 zS`42E3Um@Dvnx@ymJH^7$b;jU`j z^VXLuLFKEFpmk|jFZA7D_98FgpmUD`iDn@1{VnoLksx;?VF&@0iLsi<+hs3W6_v>G z4x$DeX26wPshK0wbwQ*i|AxYEaj)O<(q68tL1hy)=D_b!xfqoOGjEUIki;K1_+@43 zMzgDKwZ-+G7i2hOJ`4q)0LKFcO;@?&;;8joX43&pGXvF3PDmUR*g3k7+l-f7H zmCZK;{!==jBBBYEnQ#B?xA8WV3pm}^cX|hhh4;ses8r{z^xPEnbAUUNw`s4>>$_Mk z;PmN}o$VGUxJ6~e1A5pFoyMgAkyp9}zk_9o8%KjmzmABTfFCC$VLoJSfD3rbBYl56 zrX&c}sct~uLjLHM7sJME-$0<;PB4kaV1nzqj;Zasjw#Kl>^)a67xfb zE(fij?feg?M@JR#%3SA{Bb(P4}-AATyaM-=h>0f2JfKxU4B}DWRDs|@7CSJMc z+=1KhcJ>aU1n6_j_FBvG!jKiLTL_p1RGL(mq$Fu(a{8^`?n}HTqe3#7(8zC_jUzw7 zYta;tgn$FpL}NUBzkgkmz236KJ-CZXlMQ%3By2KIM7QaKNt9<0R=6_mzjvxEaS!gG z5@To_l4QK-#_?oKAtuQfnWOfvf^!yzcqe_`@K}K|e3Jw>znU8g4sG_6Jtu4KSZ7+u1Cu_Da+jZ>zMkpsXfWwv6tQUEbbxEMi#=m9pKlQKf_H ziuu)TLBg~k6VOiXu$GLO)K8m%Nuc%5?rx@Y+iIv(r>!=yEinC>Br%E_@q{)O%R5qnQvasAUS7cI5lsjy$4$HhDqqr& zCWy;VI1Y^;YgC8AK!f^H$XTv5qq6hh!2|e?_-ASCypZd3jE&;5-M*yK7c9O@ zmpgOI1-!?@^p+L1rFxexa1}sqRk@`z)+}^@yS}acx0Y<|(XRMo$Vbd4Aq43pw#SZ= zoCZWv=n6VYLn6Z2t-0f=EltP!4KMC``+`Tm^FbD4VW}6I>hMzwYk=fOM)peUI;ZjZ z%LSbN&w#LSnE*&Ppwz8*!Y1^;>n<(lfSI%27Tk4Cj6{udv}ADK+Jn7w8bHb1WAy!EaJ_xYxH zJ*6q%^$jnz=eJH%K1{>bYd-hxfH@vi6@B8fQrE<5|dxaG7=E(lM)A@X*DfRIUFAet8`#koG z${mu|?vw4eC{3PYH@qyh-dR%rn!rQt(%7rUUuL3LUA_i>j!Ra1khfiLeahd3^3|;O zTOJ*8p47?b^Rw7HjlbA*udaLz=XY!qE4+hjyR7l0FIXq1I`e^=@kXr7^H#`5N}OPhv7)AxjvQ zULbfbwq3w$lY_&p0||!#1ywV?BWye?_<(fp_3Q5KGO{hHfBQb4#D{_pSy%|k*?BTml3B6v(Nzj`z(u;{mFd9xzD0QXR z`y=HE?U69-v4BPi8!{?Xi-`APBIP+30rYxmqr7L^xJx85z^2N!2w_IEImitlW>L-w^L!hvRB zD(meAZ@P=+4z2f9=Q}oR-d>oMa?IY+a);LYs*^HT*ZU4+X1+uB--7Cp2vVomZ!@Wq zd=421AimEqEK??S{Qx&aZ1_y$avFZc$?2?@gun9zWw zlMM)o7|{**X#Tsc|FQ1D$(Tt{|Ci_QZr12!B|p>}nS*^r%4*gyOkxPS?raB(X<-R=-S zzt8{GqTC^Ss)=p4%zN<6A6dI75;#4qi^OpXMB3y0mPfn0i|gGkXesCja)M7;Knr1| znihQxgZN`8Ako= zo>3ZiF&)&DGfdFRrzUo-gdi1~3yf(vG4XML$40*Q;58*v0}E4w>M*UQ9zq~Pe5s`L z{V@^A7l^TQ2iLo0%u=XCh|J@bsuj5#{JUK4;Cidc(`y{oOA5 zD^&Kk8v*vN?(n84us6KS-QUZk)l%zy*KOu*xkLK5UGJ8W@IkLPM#9emwdcXx?@9># zQo)G$h_}AJZM+?8KbN1k3)c@?K5r4O|1K^49hBFmxz2oI0xrvjh|d?WXEMP5ky5qb zQ!31IqgRv9Bgq0P@JJu92o36M)EjwP4cBIxkozRG&2G2?euwxuzU|Zok~eB!wy>jL zfPQ2|!f*x>O{+8WMl>{zZ6wccG<9H?g}U4F0O=0hk2&kz_R3_H^}e-Bjpf#^H^xmi zA*2tfm@v%BCa*e%^4AwZS(mwSl&>OM@hy$qd+9QF-kOhTzTyz|k|Bb#TOk%P_x2aV zs_WP#5*ZdhS3i>|FmX+c{2EvC1l*1?*Vn!QvuvVG@*^e_u`ue>1soJnssZ+5hXEl( zun@0jrk}f9!0FMe9}bRBj{f=K?cSSL#UMHJF&lHqly`R+NHfgF?Vr_Xi?@jTCi!;lh5A>s)I z%v+P4wHrDwce0_cl$2T|SfIm_CuH~d~^H`N1h&b%@wzy)c;BVlPWaL&b9$VqTROhcy6G$qi%%|V!%eMulvkTZqA9$ldAgvn! z`Ssnak1-WY2NAtikt^Tf?o9T4OeE=PZ~aDbz}ozSjXHgyS85afm1UjAFDCOl>1URWrT- zl~uvIz_rb#2>xmxXw0Xs`A$t2u$NzZ`8qK#sY$?HTB&O)xm>I>kq(HzV0XA}&5l3f zAw|_p{o^~k*Ok)7gi#<5j}H~GDShjj_I+tha3&%RTWOqGhUBB~_Vxi=snLF+T)nyF z0%sD-xb>321^i;(Dka>|JPDk()T;5Z>70Rpk$6SW;v3G`#kMRI4P{dU2)3Yc8(e$e#d2w8_Y zGGAF_-hms!xfghGHz5g@4IGDVPw|%W$ zQ)@8U_P)>b(uyW;^^M=$3%v8)y4;L6+ zPw)_EmhQj;x%3onNNMMYT*M^mM@D>ao6zkg9kPhJZk|TpHBhf&E?>5+fJtD5z1!wd*`17}$%<6alJ=c%fZH?(HoXaQd``eX$vnF%=B2kn3@1dpX2v zcM^rBpk%(BwphfZVhlV@=A-fgPIR?9jLJ*X@K#wQ-}8oXLkvcZ4U2wXLkv? zx3;XnCrg-Yb9mRD-FF3rrmS#wmoVAp@UB0*?-nXAPm^s9@20c+F5z;8v%7@JHivi9 z*?q?_x$N036C#o{UPA58&u+KvojSQ!vZ@s@*-Gu6dv+I)dyC5oCr$yAt<>)Nv-_@~ z(3Hz!vX$E1aCYAeZ4`yQRl8Xc)tHhXRMMsaeGBXr)w06NCW}c)F%-<+aL6K-%zfaLzalvwQ$fKG zncl)?laKg@;*%JsfJ`XHkKh6XPotnG_<-F4N2?1sRiv>BO)i!8Wv>(*!P(*o$9NFE zfJqW0RE{{n}II~cmbOQ9~1}5A)i4--ak_I4odB@}X?EwXQ7SR9(GnaARq;mNa zr#`7qxff^pERqR{d00|d8nTg=eBwBqVVEK^i9;%3 zK!;q={0P5gWrY`@B~0p{kLKd@!o(nIk53kjsJv}&A1;Z>F^{--J)c?TF$bL5d1Q<1 zU2=W|-5!bDmdneNzw-fNWBm3vSPJxI~ zih)ED4yR)pPPBj?hNm8U&jrwrC>j%5yG)7djSEZ2rXR+-JM}ej)T(zbSmzAE6pXr}GbZ%M-c_|Kuq|lw#BqnGR&a zk~Gm#v*M8Wbj-tm3R#J)Mxvk+BkUB;SuzF!g5ph!K4ND)74V~)uRkUt$wSO35P6ie zBC>1*Fkc~s58*qOL}bD?6trx->hLa(>xBj0+wubLpHbm4UO(6u0}T=fB~QIhM~Mz( zz^D4gO|_9U(XxSaFLG)zd5Sl6X_SCn45WbK`Y5>nfVb~XUhTp=M97#)g9sfRG~_cH zYyiW*Bc4FarDTH;ai{a5;SiKi&3v@pKEg{vDkb=W2Kur}Zh%bvu@YudNd+EEz(qDT zxnT%et%L_BE^JwV?gBL?5IsyqNmx64FV{6A9?bL#;#~Dw_cS12 z$%Y!6TEFVl1}O`Z9*ckk6Ben}Bng`;bns9D8$uQ*)$9BN9zXtth=@g_$B*HdCW)FN z$ydbketW~oBZ%m^-FbSxEYf6#$#7#qr;Ml4U2?lQ&xthCSHig9=}6m!a5Ed4@!%k` zhmxclz{3F3t>Zw(WU4TSKiVN~fT1)TI!iLh2=$ytj}l1883j5VQa|zFr5b^%+lYSb zOY(54(aWSvsRu`DQ!1kR6@P&3&1YNxS{o-xEO-0;5lhDD!1MW}Z#G6>?~FdymVH%y z9R-+)(&Yl05EjZ#XD>_?xv3=zXB$A^pL=g!13oK8H0Xq-%y?MnOY2My%JX8{Gdvc2 z$^sg|`IuoOTwEy2iE&6Pu+`qs^z6;ZB)n&sSHdvW<~w2Wk5e4chzb(+ z$NapP@V?u;r|7kZ9rW}zTla8gKgT0M0-VzWHBk;*PrXfVQyo%F!i4eGEk-8o*HS31&!9=NHDr!O9KsLySL&s*A7Bbls8z zOa*#`7o0|`QG9)pPC&9hDY{i4>x)1UenMpeGG&QkXZql*1+R|E2_+_jfa9i-N;0Aw zFh~=p;VF=S#AbnUgDFx~n`PZo6BvbjKti=%F-aJPpO|?(rjZ=8Vd7!qQV52cNd`#7qj z6|?fyfn@d&$b>`z5rOpJt=fQihtDJskW?}Mgc>Ngil?z)6C!4s0pTx-3Xdqt2l8|S z2Gr)NHxbp7F=YaLE(Db^*8%e-MM{t!9H3N1Ldmlrl!I(jAjM@7-uWaBXPPr$+H534 zyN&W`bUOQE>Yo))FWX~wt|=J<(GD^Zsh^~RI;h@hM76t{?IEUUlute;x0tqo&g59w{+J~cY1(aq!k$t~ zkXM}Z%s=si-aH|X=m(sp+xZ8tJQ_9mkeVyOY6CBg*dM9=ErYlt8bw z9tXmPR`g{;5;{yn^ldbJ$4FQt=1+`tA?<>l+dmSMJrv1ly5%TtM6f>#7kP zE5R+#r)elzg}QO+CAU^CU;o;E#S1N~J(dCM?jl#iDRqcC0!=8M=tJTsT+qPKlMz>z z8lWr*InLl*fO=qce*F&l*K(rTw*WaqDrH;CON>m z{Q>-_Z8we_ZzXao!Jibqe$YRE&|1catxfOa2Q;zgo{#~Ll-Q78@*KY3U$ds`gabYS zEt&oUk`UlV6VLQ$Bj%$`J>Z~}fMKr5xcUnWsQP)WXsa<6JSD%Q4HpGzE!dl6C+L(Q zUC#PpeK)^X&^b{y@+4&g;-96lS_y44FruDy!x3o|p_x3I87~P*ff$v!)7kRi-9T{_ zZB=kD10szQbGb0Ic$4k1=BL6u!NEcA7Oc1W6&W19J3jg0=+*K6e*NKa@A&wacSkQ@ zJX||V2h>kO&<-4!7_-;Q?%y*-GshA1IQ%Yo6q989qWhPp#^ET9JuB6I>cRym{5*RC zyjMC6pLMQUq&3}0l znh+ePn%JlAx;8y;8KXZfqqd;KL_9&KmN7L!?2`=Is6xXaksnZH*y>|0~Wb^*nY-%JPyCL#Ti%&irgc!C^oZJ4-M@O&T zo_u)!>gf33-CJi7=|}3<&#bozy`G|qG4yy z*1@tLXJSSYK`!o-U~#XQ-qI z!)aL|WK8}iniz1P+|p-Xp}6^9z4(MIMlWI z?e6B&-K}l!>EGet?f35hUcC4RyhNLEY3a~>WXUK%Car*}|8K9m@NlV|Vfuz#ot$*u z7R04Fr^4=5YrwWwTIS5e4A$pN9bYp`d_xu~veGv**{wG6wTPOP#k<~5 z(|weT*rDWTyOT}UJv_jb>_^ZbV{Pj)rNuimv(N3Rx{=!;%>8Q7fa#uu+(%Cl>~^s+ z)0~wRi)MBQTfO8`WA+NW>-N$%06>+#w>EdTo_No<9r}L!SZ9eWQTXG>o$bx-?cU~g zZ*$9Oy7L5ncyj{3Zv6|s-#giRy$iX7G-M&wiYbfiT~KIjtx9mEVj;|zuTJ(36ws5g zCK3pkKsWsv+K)}(CibUsL#ytbt*s67=)_!el}A#rRc}48)O=zh@%FDbQFd&wfC4D)1daUR-JR^ruKni^{MRfVJ{ie zUM%?U)KAt6_HR2vb3Y}h#MlZ$^OwnKY;Oy2N9rx6zT+tOaU*N9H!&_TYGFjo@#+X~ z7_w*G)?yAM2((6`r@EuhD1@T6h4Gol4Cq+P%m7#-X*g8s6fuwRZH?(Ryn6Q<&F6t_30i+fvjRSi$M6r<6X?+?^Ul9-uE^@faw!8$TOpG2B1H}ajr zTu%YpDkbxcIxPYk(kKP$9F?FI?o4mJU834)kxG9_*n%lGR{7pycI1 z*J%2%0mL>8xqtRSyQ3(H1n=ULJZn`!kj(DtvOCwpg=uk=2)NVJ+dQX1HE*e7HAGn+ zOLr1_EScVpH#;-{62@aPpb7JFAF>DtjQNDC5v$J6$qX4k3B$tuPEIGD8B9XO1U^iN zOsFUr2+%zx&~$HY5LPJ<$&`LDpIk%42YY2ZL{L0bXw-lIM*Y=0A<>^{Z!ee3dix|HAs_W^n1p^}z{&m(KOem835s5B z=ti@R|GR?cB|>JD4-v;{G^6w@geI*vH&t}HDN{iG=2BYeY{z7X}TPsoBqAY9g zLDju%=$X4Zciqyn+Wxpcla5gj|K9BL?wdNBtLsN&o*kMu| zs^~|b#)(cxK8ZtyfoC$)sR7}2{%HVk&E*NG$y#=9Y5_?)o&QwAg1Ph{I7Gbg2z3?N ze|@n3>h1BX-nO^-k51?32wiS7WAR{SZ*DLxBRK~yfQ*E>n_&^03#Rtc21q_k&WWI% zfXPI#L7EiMW5>iKxD|K=B!ceVF&rFs;k&)#gX4|PF9#<-zWezEe%U)Z+IxF)@ah=e z9l`#)w=WM)4&J>zhIik?-rIk|PX}*bZUANYrhtBog&MnBunC&Bz0R@OPquUWT)@1M z^C2YBC?z8bBR-}0tWnV!x`gB1TNHFKqN%ZxRi@+p+kLrYaUPr*ySRQR*3WIYm+oV8 zb93|AlPCD!&CSj7f48VCr|zjHm_uc3rZ>zBK~dj z(tVXDcT0*BQFFHg;FE-oxR~w2K{OO3yCUcSSe~_Oc&*}Do#N$8hs1IA=eD=K={@Z@ zp6I)<2d~*cCx}t??t<0WoOg;H=BokKeCY@LJi@@o{g98iwBLFYBF?-x8gB;u5`P9(BFS)LR~2RFBaUVQYs<;!2|f8@{GmSxbt4oW9Pwxj{CRebNW&F zJttbeH12|zK7rC=*b;>ASa+#l0j$g6dZXp#!0N-IqkA|6m1FW-sQ)%oi$ zV38lD0fnw6RL`MK)k=B_Ko`~m<|oiSqq8n_zkm0x3tfGrbzv=JGJ)=Qdq-XMzyIA` zUx(hOPkPXQ{ngVQF6==yiP3l=Xz(%>EE*mAV;ZC(i$(`J0+0Ur)ko^5C;@i>dJt#v zPj)*xEZ2l2{`i$vp{*#cOApTIY#09e3%oNrgHNA2c`z?-Vi77~-TB$PMDDn8ztpS* zhDz|vd+Y)v)sN}|F5r)pC$#)kHK$Qve?F&*CU#+~V?Xq&>o_JNxYRl-0N1;Yx(C(7 z9!l+(Q9(F15s6Qzm>7ijZqr)MS-ndvT()Lvvv;AZcgwY`pk6#ZCpHB72Y9Me+ozd1 zer?A!JO>~RB`reL^s)?8-J$^1;Cl}46CU%Bk7hs7B~b4)$``=>4YAxBy@jTFyx{%_ z7ukhIw`i>%bEyPB+FdkFWb`o)ESdGyzoUdLPj)d6N^C!K#Lh_0B=^IM(=K@LwR#it zz{DT!;xpVgYV(#WmA}*>*0ev&r-MwP1f={~4HRFncHv>`rEz9!G5j!_FYLa^7p4nd z{vogHV8X4As9OiG@I7l)K|)Q-N}Xcs%IsYbiW686m5Qq$wM9slk>dTi<=#1Wo#aE` z#m%}_COUob?oC`WSp!3J1qv&oIbUbb{0r9C;Q}HSDFF($Hj8Z9Ftms#utq0wGIN%A zy<8Py!J=dc-8l~ucHtWwR7MV!?ws?ze9k;Pqq7Zos6+hhzNjIF@`xVl0}c;6)2{Y7 zs&wq^ENpxkj_1}`ugWfk8P?Mswz-K^^zbf_QI%iZJ~C3rqW-sYB5o~r-lL>^bq8TV zZocyeVJ^deEeGN9x=OE}ReibR?pt^Jwq{b7XHhi_YQ7x3ndo}a|zA-!`pY;{FJxx ztm~i^SRHulu(oD@)-jaVi=XGRSrdst@K`YPX3d;ubWmp=1Wbw)ePsq|FrtaqZpJZ& z@A7hZjzH`TPn}_9w$+R|FN48`csaY~9?0&j*I`Z4$&`wHK8cB-(EZOXZ+ok^*)7(~ z0OFwyT|MmnbZbBpvgOzd758nbTQw`Lif$X*iJ&hwC#*mhgoHgp^GeF;RfNa+T$C6aCJYeaA+eVM-2 zozAj)r8;$0tb+Gt_Qz@+|9xS{bqDs9ob#6;p`-8i_9075(vp(IfcQ6TpDq@!^q|vZ z%!NsAveYWfYkqY*djIHU+ePq2aKqMM@eUv{%Xi;W=x=Cwb(r5fJTO6jTjHO@%r>}L z%dpvI8BC_F<@Z5j+pAlOAJrD)QG)Rb1K3LwE`1VG(Q;+RF}dm`u~zZR=_5PME5nB1 zDeP}o@NH(#qEUakja3#bP^CfB(kyIzbxZo53JfN;+Ja8+7xZ&4sDwnMC<-0s!T(LB zEhh6IWi2gWGWN12SI#53s9mz!6?6qlwg(P|j&1crvjS9iP|77~;! zO)YU#^V>!*F%Nn+n@qk3zAW*y98;@HhE|YPIph?5VTd0cP?Bb`f_J=~zj>WKjChJE zux+}At3#-JoyU()F#55;TugzEuBvl}Vt~y@ z(xhaK>Q>|NO+c44i69=L#n zA16X#!g1YLc;H?3{>zd+Wi9;?XYKy+JX^J~POERLndcT#=$O6eSnKiP9WaAcZZs;mr1%~Z1RUA%ITvTZ(=7V^fPX9|a1~4~Yj3&*$NT&3 z*HIukO3B|ck26XA>?eB#(3CN*y}xm*5oDs92_$KI*?j?CJ}kSi`X*y-&Dsdc9wmh? z*K;CrH6g28{Q>n*mdfo7-60n~?XJTbN@!OFm81z*K$qE_rr%8MQ`7A~2Ax;2n5Uuz z5wgf3;}S*Uid%QS^2)scK4D4a=k8D^lQq5({JKq1?*Y*-$! z=hV%I)^@V4oY$?NdwHhyfJ~0TE=qU*B$M#U<+sb0Hu4{e)hot+__r4F-}duoCHZgj z$@YExm(Nmefc%F;I5DZhbr!5rJ`5cNRdYleb5<63z5oZo z&z#D=K@W^h-2>awgV$;ReCQsH5^G75Hc6l=vZ2lueI9GlV@jxq9wnG0=GL2154NiAoK=-%E#s@xzS4T(hj&?DvBJRgn@F}wqjcwTKeE*h{-sJJRy>4@-FO0FS z@MHJ42+HLx$AH5m0Xn4-5S>bi+U!v}r#=sZLVWHCnJEH@C=G0W96GbVo|(|FS@`1w zraVk16#S5|iM*0wf1e6e#@x(NK8aNSI@+unR|19nGH&!jo%1Q|kNJ5o;r&GLbP!TG z<~-3!S@4)QiDLQ>^2zr!`Ss4nETp|`T}*wmGIE6}ep6~>o@^DWRSEI}hJ=L+M%fRo%msB691FG zLB&6hICm^SR{lxGRM&>Cwq@j1^xxX--gGt>`^%&@GPuqCm|#Ew!t+@Ikf^dqB3z` zJUX4dfbRb+odj-wFKPgldMtBvrNS4GSv@ei-^l(qQvJVfscso>&PWU6s@(lmd(hyQ zhuG$R*%08GZ-P`({ ztrF+eOB*H=${Y90)<*NU?e(S|)n-E#M&$^&&hLtRad--+?)&WWhH?u_!o@ z(4CMtf0dgNuiM)TAaShLu<$G9Q7BryTq0@@r(!v)2sni~8ax$RnJ+Hb;yC8bcf}dk z&UuAdmo0|#EQqpc8N!MPmb8E)4c>kKOzH>if|6SeP4;$`Bu6?stE-aEbH0BmP z>!P8hYxatRz`9$ERawUJqiHdcc^mFabDrx!|K<4CRWHHa=7L(xwq7-BEE;h^rTJOV zDO11qV?k|}D;5no{5uRu7!HVkCbc6J5eei8CFY4XQ|o@SoF0H(bivbUDBAG6X~kC$ zKb(-!Vi_BiA#@6g^$lK4LWVb()M>(^K=!pSTz?SqL4SK^_;f3vJKvJcZ=XH$pVHyx zVCX;D9_$RC?>zON?`&;8A3WdO?3)34BmUs^ldazCCr=8uWR6eL>Hk?nm!!X~ul?qk zfBg^lpFRA(*ZXhM`}4Qnzy4;vH2^KJ|2%oNUAg~z z`s_ac&u1w&!2Y9;ksr`*ols1@srDI-l`D*?$-wwGtE$lb*SNVSG(7BCrU}hIl9;yMrhv?&BQz4p~cJ6L# z)lb&Ce-I@e;7=&>tZ@NRIvG&0ZarH}GY<|->cjzsM36|T&5UW|0yf0(^9jtzBy{}8 zvg8x%XTr#$iK!w%)v!jbwVyJfHc>;^cl+xjX*uiyDWb zMbFSPx1!49ls^i<>)vj!S8FvtwALLsE3d^WmlX2vY9R~Xab?Q~mHCE2=bHcm#0r+H z1gWj23S7kDdRbK_h3i=L%+O`yr7Mxy_~Uc~FA3Bwnk{9sFJidaoV38FGCplHPdqD5gq24;@sX8r^0mQ zsam(bL2~~=wxB&1%;LpWu-|CV>KLFh$#pOXQiB#|`Lr|f`AXQFUagmkW>sS%f1)!e zfbNzN;fJZxw)9oFP;9@d7 z``@RV_wxVeC^ts_cZ7MFkSHJ`&{2wOZQ_O`ZOuH~d2MiW-KZLic)sU?UrcAtC9l0B-hE*?Wo^dqn&S(T$$RGX%p}_Gn1&Nij{C-*)zHjZyYhC;`N+Ff ze=w9ZYno`z81x3SnnosmNj7)=G||@DZ!)<&{GhEtNsg?Vo~PAkuQ@Nx6_2XPc0vU@ z4LBCt{PLs_x7v2UUK7!Ly&|aBuVZag=fX-VK!r7&)5NYK)b?lBPm9=vrK_!Ut56TUz|H}=aiSKoOg82TfOl+* zY{;J5s^+^X6@mp+aYvCxK0MpOf3nGOIvlc((Csy)F5DMXNtF6(8i%RIY%eg05m^Sa zeCYZ#T{HnB)D^5t=#AL>Ms|x6(f_s**aZk0hs3AQ{aY8hAG)hgie!izreQdPKT;B^ zbq$o9f|K=>XoJwPexmwNBbV8$Q^_aPy_LzWhT3cuvI#Sn5XqQHSTm@4`Sw`V#hZ|r z`s-fjU})chXdqd%5(oDzzu-W;V>}Wycr)7hI9C-bhD1vz_G3mXwoYS(R(N+!h!3N( z%kUz4b;g;YLqjQ^x!G6?zb-w%G8Gn}>3)|Xw)rCeLL$_+R5bEuw~`i{O{tn1^XWN+ zX;l!_jk$`<>zQ{sMgqk@-WyHUQct;ZYY)FUV{$i()9IWYGq=_iY?}-{#je_Jom$a3 zAAH@{OK+uGs8_wE_QH^#yRYhy6lJVV3;oQIYxD$E$2gm$VZwTOB}c6U7J<(v1AKj^ z<-|6JGQz1jncaEozFdZfzg+&5CXELf#=9~v4&CQ~k7SObw#P@^JWI>npyB0v%Bu;H zQ9+`&z7#6j%71O-|2%s4YC6E8_y1M-e`{;&KL68aDK|j=FQuZh)P^^sR3?2qsZAsl z7!YF>BrsxA8bK^5rhzyaQ%TKV`h-_JZ9pXRA)(sMMoH@tPhdig3CteX7+i!0so#|4 zF5d#WhjN;`h(vrra`h^R%q#R{Y~&F=aLu!E@{05Nf)b-wJl*^T*62r{#tG1POea*3 zuqP8P$Ve+AA44KWw7;$Y3zGdw<$5-xhZaBf?x6!_>}Ed3JGpDS&xMdU?Lv2Jb92&# z?u1Ubn5ndd~!Lm_MR39Wb=7jvi^99QP1tB4P6((J==QH zmaezIC;m#^24oC3o6V^~~y4gP;QF7iIf{F?3biEooY@ejsJ4&ks_3 zpIGrbUoW};M6QL+j=9cSk)b9jsZLUdQ(xE>zvV9E2eYiWME%~=je3kXB2}= zbnh9<=U^;K{HhHH_tv>@RFy2hz^040H?CzyqYA+83-GWvciYzNnnH}&>b@zqs628n zeOEocA#rSz2C)mUB_Id)E~huNT;A0#i_Y!<}gy_N;=;{pUt1fx@`C=308LP1F| z10PMfL90EPhs)DmZEjp>H`t-QGAZss=$dGC!TW+gU?qOyR!vOB?e02sLmG{eaTm5W zaSgdzLwrL}yum5_djWnVf!prmF|+k66broq$v)C6`6xG>osX%pB4s#c5|kFCP&sEW zlpxn^2GzKTDCl84#sAd6{!xThW=b~7n+<+Z!<06FdZS$>g2_L^48vUyeqmt<=;t+L zLMA%yBTc9<4+72pG}@FNs$LW5;rpVTTdFbZFJ`7ALz@8z5(RvcAx?wQ%LzUBj`NU` zs0iwpF~x{|2?r7cAZL>S52c;*0?_&GRgIWaS`U4Rhm09xCrZN1ZH!u9E!x<-N0|pBsuZ&eWIi``V_VXFBu&eFtJ&M~Y^>U8ha@%K-6S@Ji)I_RA($+aP|ok{B4||7V7&vd?ZIIdG}caa%1D_5<;YW~ zQO*mc9kfMHkrB=vKR&8O?w9dH;__ElDpM#O6VpJ^R%zbUFu)9{ref`+cRV;kz7x(I zR#ZZlneiTOPs66F7&Xghc&d!4udh|j6dvghj|z-g4=C?g%`G3^LfNW%re{*e!)#=` zFQD6nEFzv^e5IdrKI`}nbi1zmKz2uB0GlJislT-eo|%4rp`vNPQr1se{woV9X~IJ3 zjcD={oqaF(L>-x#fTC!t3ts75b)gP*k*3WSVMLFlcT$!3{*RZxxMS`h~lfn}Q`hw6AIp z9VSr@jb2apR$H*kVWXnsvUKe*y3UAdwu-ZGm7!pK_t4uSH6`oN1v^WaNxv}UF zhy|T8p3183L|i3Yw%P2u=AzC1#dhzK)V+wf?QBbQe6=)O)fGNt>eM??TKRuy|C#HG z|F^ZhQ;q+3AOGX?lpEmxQSkqDsY5k9=m@2 zlbBLhIakxa;}DUzWl^dNUoP^;4^HPzb#fr)m*e_+-NJjE;#dk7jBE4{ywxvMDTgDr zN2XgxN3i>?`&+kLHb%5mY0~F$7Ol|yA@viGD4F->vL-GF6a$0Q92ynv8jSdP zUEsSor7k=qaXddTUbVxjN?CC)nOY5tiin7r{b4Qtz;)b{nzxhPzy9jNTEhRAX0urtfA~nEvC=8yqFkc1oRMGRsj~rDmIxP_3Db1LPSP zv7kN;P(;D-$B|7rh=>~}Nxa+dPx5&2p7D}myf0(HMty}T>5Y>~_yBR&Q`-*z)oN$h zAX!iwC98>mx0*i{GmNw)XfuqAo&%W&PP0FntP}>dJ5DBNv`LFK~uPy$|)6HuB=k2H4_vioTC^zN&*TI}wBom=uVWNxB zh$gugjIqQvGcQf2#;81^iP_Qf?QJ&cvH2C-^z4r<<0Uk7>>R?vdVSZA8T&ioucGOD zB5XiI`Z4Ar0mVTqfKQ)ZJX||V2h>kOM2@uxI?wj!#_%dx(wz8wCMdVDp+S$s?~+G~ zi@)gpg|=c()zC4ZKdE#2!g^EnFz;OXDEuyEVE{Cm!juT@^rQWai4McDa3M=b(W_`z zW-{w#*8IgwQv&7Ko$(9$#K$4SqeZHJV2Ws^F`EfHE$~`#pGf+Br750`y>cR@av!dT zZ6mZi4^dN%HP9EF9<0}B)c9w9*VzcA!BscOC2_nAGpD*c=xnPk) zEF~8DD?b1*(?_?#?3evifVa1HQSJHR~7@3GeQc{F6BHzeM$?;?g=V2)H4 zLCgzr^f!QhRCuz%UToA-Sd)~(gRO6OoyL}(WG$AqGIWNo9 zs^Bw%;hH7cVXfI*Rfa*?7T$M6(nG~XQ0-cG&-YACG1>^9utWpyx(QOcXDq^V)u5=G zYb+Na$7K8IGqq$lOnbR6mo07dzjGqgeq31vT=4#TYiqj_|Nr^+z5VyIl$)ae{i10M z$bhE_q>Ar@;9-cYn~df$>5M#0{Sz{pllJk5^JE@Ru7&2lMZAhywJ{q-?J!yZcqI7TkyAs7n-~7cGvN&_+{_t?ZMk0cHt#QjUG z9_feE_&hUvof&Xndeg}{5fq#NWnOY{CP4@^E1DEiaXRSy5hlF|)DLOgJFJArgiDP|!cMBc>7--cYILg(4{_yr#A@ z&zqMMGvtDln+y1_h77@4olZjy&_1;=Lg88=hyN}{Ik74H3k0o5dA;U!Y#z3;*hOg? z1rPl)hH{;{^kJpZS&v#5%P(@TqxrJ3cCL3?D!Tpu{-6IBj$iHnd~|T~PssSdJ2OGZ zH-V0GFrYNj{=_Uv6CJXEN%)b56Z0zY9FrvIBvKm~1x@`IV-{=INgYZJ13$(g1$E#L zxtK`95{P}}<0Av-L-Yf2C(~U3Lp?*{$>~khz5@_N-raVk1^pFZ%CT!WQQN2$x zLqKF=8Q}PUNSRLTbs9c|<6+3pom~28J<-mRbz{lrkfqqH{8$-d>3jayVi6+8SkVAg zWVa8_SeIK{rQFiKkYkSmoT=r)~+!Ef{lcaD!r6=qgf( zpgE(gU`WE+gkwz-!IIc{cxLQDXj#-Y%i>Uep@5G{P^c3;9qE^tc_P=4PBCLnl&}zp z5NwJph8MYv8LJ0&zXS0Go}ZIxX{<|5E=%FM*&M4YfKUB7Vr!E0E8S~{_f zY6-=l=D=pX)m6ttf_XmnLT?+4E`dkXK2M|M#pVVC9J{fMjwSiLvvIf?Y4U*>(1l@S zP0FLTl?!#vuQfjLBf5wd>5Vu&FqWTAM@%{=irUk*+z*+#U<~vL243TDoz@rL)Yg!)6sN{l^6w zfq%f}tyz=`u5GLWpGdla5h-+d9%N!>lsVg~;PM(K*3ZMr)2kPAmm_Tc-%--YPnGSkj6a73N-LVTZ#z-*5h zPX(NFaTanC;P#QV5^A;>%`$3HVJ{|c!gR1ck9-=V@h=*(Q7Ul6COup)LxiJ;_wRjn z??h=~|8?Fa_dobVN)iQvEMW{@g9)XXn|y|IcSBH^u&Io{Cc?c54F5Gh=5j z&ykTU7K|^@=f1G5c}$;^ZU(T)ImkS;&0qW5Kwd>XwcXpiVuU#xln4)|e6mgmVEri1 zzFf^lo%y@So*Av~*M=de3ti-8!Kw0|Y}ia9^R`?lw0c%{*wyoGRB+oO*D(y1!r#?g zVdoGG$Vy}W8-tMA- z<31FQyLieX{l*2LJT&kO3T-JA?O=|>haB4$n;EA7*WYB@4o<734| zDdy)~=C*LF*a+!!*wq(c8w-csD?TB}hUidCIaW*#Q}3;EoJ}_hM6IQ#3bHkzt6F%o zbMvVzxAvC1)h~Mc#VDF9=B|S48`iucc4BjIUvM(Rh$8i|fa+WvFN=2@j6$#XQaE>y z0xLmevV!KoH-GoJlUT6kQ>StVX z)^Dn2>Z_^Wf(Y|g*MO$FG0n%=*J8+Na{^wOE$0e_fi~k_!I)#g*1%iEkkb;(6`OJF zB$inB6-_uzP%de}v0!hw`Nn0Z%j~g&P=?CbAMlGhFjYH!=n+uQv1)==F{ip_+LAlPwwA;eU@_b>_3XY zUViuQf{y;<>Wx5#dT)*q$enGoB}fnZlC~hXt7|d{RnfbgLCCbf5`$0?R)axkz8R+o zqQQ)_(5O_JRI^d(rWu4@l7tM1EVmEL&!5YnbWCkvkE$t2e_IG?FHOd;a$0fVWOUJB zhQgm;HIvyg_7Zm#3v|(IuzqP9ggb;AX%;iA?kg~h=?3m5yG*YcoW;gC4D?@|a%n8r zZ<8yXXgA6xCu!2cB$uyQp2V>$i)3X}gatOWXf2k=Am7pceUmJ$qjE|H702_x8WfP;Q?6 zZ+85@Uthi9uaN)k%bWdhlGp0_g*{x8nXin@<&1pT`btcEE~FJbz6yg`+26~Ba_{YR z@9kC9@Nq|f1xBqe?dw(GoHxp<^o2dWGy&fGd3_mM)50_F>MTuHb?`49^C}t^0=?Zf zCY(a+)n3)UR14#>)+Gdb!);5gjTp_M+jW{Su4j8)+H#@y)h+kusu!bg-DY*Qf|s%mIUp_>2Brp5t%)epF0=Zs`n4FU;`a7enHxG5^x^1AbG(b{d#g39 zc*Vo!3tCgE)oL-@tmap%H|w=Ed*g~i%v48FG_M#8ISaWI6}qd~EyYE(c7&QP%Ih%) z*~=Of<`QSC6}VpW!u*-tBtye$;&VWK7GTI>+xaFew%l$VJfG(Lk&~OsgVz8HrfEwe6h%k+8$vgCf<0c%%4F~oGvLb22G`X zRA0;K$01KmDFOZ1qLsT0Z{DDK{3Dz2T+)p0i$(Mxi=GSmg2u9)Asy~V4uyjtD%7L!ZkoEDHw z14+cCZSK;;yn2oH<7Mr?f(C5aM34*o|DHYBd0O`Wd%E-V-v0YJ%C*{mS26$}DGIxu z=f9eGZ;b61htq8K#m|?s`05_6$JkpzW;?U2Zr08s+vspt0CGlW(u=Wf2@qzIB!c}( z1C!`@Auy+jH?_%;F`q`W4Lea1rkJ_eP%sB}X&&7=CyMojt*Q;^AGK4nrokq2d!t<4 z#t*D)EUxzgt2zk=OuEL$rBIcb5EmoKt=bwrg;D-2>0X+QmtW5;CDfwosicQX4f94= z^YeOXj-ktV5*D!CY(dTDuEuY>HgaFlWas#wm8flw@0?q+*|uF|!Hpd+?I-8kozHj8FA2E~%Mmpf}Rwq)$AENixn9F+Ka%m`00?IXJIT$GS2pr1{uy zUS{3KU9o5=PUy!CLx-U8Q>o;VC%_x>y@Y#J1#;0 zweTEcmwWP9rd~Y0)|QaD*7aG~ZIHcG2PVhqif2c8wDZLeHf-wN-LWk)HGgU4>@$>Q z^?&yOYHI~pp#ML4{;aJ3?>v8c|Nif@lpE*&Wz=C+2NnGRt?K$(cE|d-vG;j2+}u>m zWvwjob!{4c{Hfcd>u1gkMnvjuZW=MUp|`E8?QJXTt&PanBS{HQVszBB7sL19`FzYKAdtAVY7NOGT!(>^TwV5c6;0Z^zeT@A)*JB~`CC+@>FCb&$koaj40!7ej$TCzfCm5Q z8~Lcp*0L1PBnaS9ucyQ!rEa}=sHz(-phiKWz*AaSP8#{@JHJ^3Rxr_8uW6M3y)g|Z zY!q=pFDqj%kpDNIZEh9i|E*^`Pj~L+|Ibk#z#&N#Gm)5*AJmIy|!Wr-gTdE;JOa+82qF%>)dHms6okN`mu#W@^@Ar=(U_y4h5li~`zk2u` zZ}6w+e$w$+KuKTM6a4p%HvunRli*9+7#jEg(W||eZ(ezm;PQPec>ncmYpeABYwPLL%_sN!|8tZF@EuDc zGGTT%yk-NT1dDw|4V}&&{Q4seC&i!twKh(YSnl@w>X7i{xF2v|_7fg6U-m;?^@E|O z2dd6Gny5#Dr?Fxwn#LgHBj&?^Cg+q!*+6tVuhV((08U>2$IGKm=k)Yc3BR3y#xx3O zmjQ0n+ zf8D+668rUeBzZ_XY8H_7KZ7(@5@l8mheu-e-gZCT>YTAC*af9)v(Xz8cP2C;O3qay z*W<2HZqx_q4bw2xUW<75Y+FrcT8M$}k2DN9{K7>TboC%!bAG09n{Y@a1)d5Zapn;u zmAoAb9;A4k@IT;0%;4AeZ_bIJa6+O#Q`pOE!#+t!$Vd4?8{~LCpY&;zP!S6z>H0<{ zu~6YN5&{hv0x+_8wx$}MUetpq$p+Ht;E|#wn^^EE3#bHQDa2YKVNAoA3JK?9=8wTA zk&>zKJ^^1&Olinti0HYY9!Qm>u4%VIt?Twkg9(YqhzhUMDH30y13aI8{V5$#62~%! zc4mI@0y^z$0uN{$^4Ua5n@alC;PFpB1l&ja8a|7_4^x>?VF>+DP}JuoOQ`I0dZ79f z5lyIsEpL10Z=Ie7u;YE}ZT?NSQHmy2F!0agnBo$!C{7cQ{+Lb(et7@~6EdPloF_T0 z+AW~SDw)M}7bNOc9e{vJUocdzcHt%N53to8t&u69N|6e=uav6}0R2cNaY%O|+f|*8 zv-=iwb(Gaa>}mLF7r2lOA@-vYi#~Qb2^lQ{tKlSMQP;F+IKT@kDhcl3N(2)kBs4^SA=?B*Gr#wVv z8&Ix$olZapse|r;zVoY~M$ZNBSJ)6{JcV}^jH)k^QlK9bL4ZX=E+(4g=<`6j zi==M@6>aZDz#^HD$fpL_fbMo4WMt`5+=BwcFVf2ch5v@te*n(%gS!%)2cV~JMuhxU z?W;q@?PWqEpXNKu-1IKQlf53*^_8$|VRP&n3r03mI_!O+rPx7XbOx0|*{s8nvEUUZJDC~iXLR<4#7gGdEyFUuXX2lR8B41W6;w zP!-0#h{0`K5rIWO%)mE5@(G26O{i1=&Pjxua->>oiB4#bgP2Rn1}tRBOm~Yi-GaFyNKyz}U#&ds%+0!Rj#Lbz^>+4{P>7>jy97j>)aYQVZ z&zjT8bvp6(Xga-^oE|q1z=4Oaw922gZh{vy?1uK zY!CSf*SC)NsRcdXbwGchYO{0k`kLhz?6vC>EY=;1+BW`gSrh!$u26ad8&A$orjfm} zTe;W|RDgTEf42tQ>wiZT_^uzd{npOEAFc=U+>BE4NU72>t(?jUd zqLvn3cgVd7gHNA8nCu5%6G8vGM9^=Gp#S%Xp#KkupuZ~u?=;}NoNJL#q{1%bOhG^D zMZF++KPh0WmYB~_Lw|SxgWjNb;8N)2poXwvB@A#1Lg`T|3uzXZY*PHWw2NxSpa&_h zhe-E~6}B>=N<+KA(4)bOg-8Rr_^5OZLs6>dwh$U(*at98bWm_{>{=K!QNn5C3d z37z=3q7m82C1p!sT{E zatV*T*I+r!)-Y3c;a(arf5Te%t&V7F9Z1LgZ}&O4*{4HSKo!|~KZ5tKQRD46XN_-? z4v12Erb2e>`<(X1q9CP8AXhA-O|mOys&aPKqU+LC#-kvFbCQA!gFKvid4s0qFxnz3 z6`#9%zIDjNghk??izjd(vm<7wr{bMedz(N?9QSh#Gf~3$QD;Hvh zR>o{m9N{ihuI5-E&HPHNT^vj+KnoviVPjs$UXrpVs6BegC8?^mc4sKE(InEYk%t<5 zo*1g7btOV{5bKjE2ZIx6!>V48N9W zOi|a4>b*)+$)F=QOH^D@X2WxKyYVasAC|)pxtzNR?(Q`|!^&V73xj6gn~8r^%-!VG zJXi(Gq1TpkgK3pPCW}vup8mfco5qZm`ATT?*mc)|-XVkDVGHyQJ?PyvsFyNE)3udV zT8hkce>oo=hZ>E_mKYL01O7VC>U(YRv>H;uuz|MyQ|eI5=>&G z^t_w7CZ_vl^zvjp$g9bB%6wkp--@v|Q*mDz&6x zK_ZRSa#qfuE12qv=6#F*F=F)n1e1o0nzb<6oU-#Gjb${Jof9d)o00960h4Fv+0Hg>2 DE^rMg literal 0 HcmV?d00001 diff --git a/kyc-management-app/templates/_helpers.tpl b/kyc-management-app/templates/_helpers.tpl new file mode 100644 index 00000000..bf06b96a --- /dev/null +++ b/kyc-management-app/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "kyc-management-app.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kyc-management-app.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kyc-management-app.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kyc-management-app.labels" -}} +helm.sh/chart: {{ include "kyc-management-app.chart" . }} +{{ include "kyc-management-app.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kyc-management-app.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kyc-management-app.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kyc-management-app.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "kyc-management-app.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "postgresUri" -}} + postgres://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password}}@{{ include "postgresql.v1.primary.fullname" .Subcharts.postgresql }}:{{- .Values.postgresql.primary.service.ports.postgresql -}}/{{.Values.databaseName}} +{{- end }} diff --git a/kyc-management-app/templates/deployment.yaml b/kyc-management-app/templates/deployment.yaml new file mode 100644 index 00000000..35e58c1c --- /dev/null +++ b/kyc-management-app/templates/deployment.yaml @@ -0,0 +1,112 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kyc-management-app.fullname" . }} + {{- with .Values.deploymentAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "kyc-management-app.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "kyc-management-app.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "kyc-management-app.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kyc-management-app.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + - name: init-db + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: DATABASE_URL + value: {{ include "postgresUri" . | quote }} + securityContext: + allowPrivilegeEscalation: false + runAsUser: 0 + #NOTE: This is a temporary solution until the application manages the DB population and migrations + command: + - sh + - -c + - | + apk --update add postgresql-client + psql $DATABASE_URL -f /db/prisma/migrations/0_init/migration.sql --set=ON_ERROR_STOP=1 + psql $DATABASE_URL -f /db/seed.sql --set=ON_ERROR_STOP=1 + echo DB migration done. + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: DATABASE_URL + value: {{ include "postgresUri" . | quote }} + - name: KYC_API_BASE_URL + value: {{.Values.kyc.api.baseUrl}} + - name: KYC_API_AUTH_URL + value: {{.Values.kyc.api.authUrl}} + - name: KYC_API_CLIENT_ID + value: {{.Values.kyc.api.clientId}} + - name: KYC_API_CLIENT_SECRET + value: {{.Values.kyc.api.clientSecret}} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + # - name: dex + # mountPath: "/etc/dex" + # readOnly: true + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + volumes: + - name: dex + secret: + secretName: {{ include "kyc-management-app.fullname" . }} + optional: false + items: + - key: dex.yaml + path: config.yaml + {{- with .Values.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/kyc-management-app/templates/ingress.yaml b/kyc-management-app/templates/ingress.yaml new file mode 100644 index 00000000..bad92607 --- /dev/null +++ b/kyc-management-app/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "kyc-management-app.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "kyc-management-app.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/kyc-management-app/templates/secret.yaml b/kyc-management-app/templates/secret.yaml new file mode 100644 index 00000000..8cb1c0bd --- /dev/null +++ b/kyc-management-app/templates/secret.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "kyc-management-app.fullname" . }} + labels: + {{- include "kyc-management-app.labels" . | nindent 4 }} +data: + dex.yaml: {{ .Values.kycManagementApp.dex.configBase64 | toString }} diff --git a/kyc-management-app/templates/service.yaml b/kyc-management-app/templates/service.yaml new file mode 100644 index 00000000..c715b8dd --- /dev/null +++ b/kyc-management-app/templates/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kyc-management-app.fullname" . }} + labels: + {{- include "kyc-management-app.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.kycManagementApp.app.port }} + targetPort: http + protocol: TCP + name: app + - port: {{ .Values.kycManagementApp.dex.port }} + targetPort: http + protocol: TCP + name: dex + selector: + {{- include "kyc-management-app.selectorLabels" . | nindent 4 }} diff --git a/kyc-management-app/templates/serviceaccount.yaml b/kyc-management-app/templates/serviceaccount.yaml new file mode 100644 index 00000000..a3411ddc --- /dev/null +++ b/kyc-management-app/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kyc-management-app.serviceAccountName" . }} + labels: + {{- include "kyc-management-app.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/kyc-management-app/values.yaml b/kyc-management-app/values.yaml new file mode 100644 index 00000000..6c36b486 --- /dev/null +++ b/kyc-management-app/values.yaml @@ -0,0 +1,199 @@ +# Default values for kyc-management-app. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# -- The number of replicas +replicaCount: 1 + +image: + # -- The repository of the image + repository: 673156464838.dkr.ecr.us-west-2.amazonaws.com/kyc-management-app + # -- The pullPolicy used when pulling the image + pullPolicy: IfNotPresent + # -- The tag of the image. Overrides the image tag whose default is the chart appVersion. + tag: "0.1.4" + +# -- The secrets used to pull the image +imagePullSecrets: [] +# -- The release name override +nameOverride: "" +# -- The full release name override +fullnameOverride: "" + +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Automatically mount a ServiceAccount's API credentials? + automount: true + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use. + # -- If not set and create is true, a name is generated using the fullname template + name: "" + +# -- Annotations to add to deployments +deploymentAnnotations: {} +# -- Annotations to add to the pods +podAnnotations: {} +# -- The labels to add to the pods +podLabels: {} + +# -- The Pod Security Context +podSecurityContext: + {} + # fsGroup: 2000 + +# -- The Security Context +securityContext: + {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + # -- The type of service to create + type: ClusterIP + # -- The port of the service + port: 3000 + +ingress: + # -- Whether to create an Ingress + enabled: false + # -- The Ingress Class Name to use + className: "" + # -- The Ingress Annotations + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # -- The Ingress Hosts + hosts: + [] + # - host: chart-example.local + # paths: + # - path: / + # pathType: ImplementationSpecific + # -- The TLS configuration + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +# -- Resource limitations for the pods +resources: + {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +kyc: + api: + baseUrl: "https://api-sandbox.hakata.io" + authUrl: "https://auth-sandbox.hakata.io" + clientId: "" + clientSecret: "" + +kycManagementApp: + app: + # -- The port of the app service + port: 3000 + # -- The ENV vars to set on the app container + envVars: + {} + # - name: FOO + # value: FOO + # - name: BAR + # valueFrom: + # secretKeyRef: + # name: mySecret + # key: bar offline: + dex: + # -- The port of the dex service + port: 5556 + # -- The ENV vars to set on the dex container + envVars: + {} + # - name: FOO + # value: FOO + # - name: BAR + # valueFrom: + # secretKeyRef: + # name: mySecret + # key: bar offline: + # -- The configuration file for dex in base64 format + configBase64: "" + +# -- The Liveness Probe +livenessProbe: + # httpGet: + # path: /health + # port: http +# -- The Readiness Probe +readinessProbe: + # httpGet: + # path: /health + # port: http + +# -- Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# -- Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +# -- Node selector labels +nodeSelector: {} + +# -- Tolerations +tolerations: [] + +# -- Affinity rules +affinity: {} + +databaseName: kyc + +postgresql: + # -- Enable local postgresql database server + enabled: true + primary: + # -- Resources preset to set resource requests and limits + resourcesPreset: "nano" + # -- Extended configuration to configure postgresql server + # extendedConfiguration: | + # max_connections=500 + # max_locks_per_transaction=100 + # max_pred_locks_per_relation=100 + # max_pred_locks_per_transaction=5000 + # max_wal_size=2048 + persistence: + # -- Enable the persistence for the postgresql server + enabled: false + # -- Storage class for the postgresql server volume + storageClass: "" + # -- Size of the postgresql server volume + size: 8Gi + auth: + # -- Username for the database + username: username + # -- Password for the database + password: password + # -- Enable the default postgres user + enablePostgresUser: false + # -- Database name + database: kyc