From 4ac38f95e94fcd7dc1f4f3e6528609a7b23a639a Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Sat, 19 Nov 2022 04:47:32 +0100 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20new=20talos=20cluster?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/renovate.json5 | 25 +- .github/renovate/autoMerge.json5 | 9 + .sops.yaml | 33 +-- .taskfiles/kopia.yaml | 6 +- ansible/inventory/group_vars/all/calico.yml | 14 -- ansible/inventory/group_vars/all/k3s.yml | 79 ------- ansible/inventory/group_vars/master/k3s.yml | 73 ------ ansible/inventory/group_vars/worker/k3s.yml | 19 -- .../inventory/host_vars/k3s-master.sops.yaml | 23 -- .../inventory/host_vars/k3s-worker1.sops.yaml | 23 -- .../inventory/host_vars/k3s-worker2.sops.yaml | 23 -- .../inventory/host_vars/k3s-worker3.sops.yaml | 23 -- ansible/playbooks/cluster-installation.yml | 88 ------- ansible/playbooks/cluster-nuke.yml | 41 ---- ansible/playbooks/cluster-prepare.yml | 184 --------------- ansible/playbooks/cluster-reboot.yml | 15 -- ansible/playbooks/rook-nuke.yml | 36 --- .../calico/calico-bgpconfiguration.yaml.j2 | 9 - .../templates/calico/calico-bgppeer.yaml.j2 | 8 - .../calico/calico-installation.yaml.j2 | 18 -- .../system-upgrade/kustomization.yaml | 8 - .../kustomization.yaml | 22 -- .../plans/agent.yaml | 21 -- .../plans/server.yaml | 22 -- .../system-upgrade-patches.yaml | 9 - .../apps/logs/vector/agent/helm-release.yaml | 66 ------ .../logs/vector/aggregator/helm-release.yaml | 179 -------------- .../tigera-operator/helm-release.yaml | 47 ---- cluster/charts/jetstack-charts.yaml | 10 - cluster/charts/kustomization.yaml | 26 --- cluster/charts/project-calico-charts.yaml | 9 - .../rook-direct-mount/deployment.yaml | 67 ------ .../snapshot-controller/deployment.yaml | 30 --- .../rook-ceph/snapshot-controller/rbac.yaml | 75 ------ cluster/crds/kube-prometheus-stack/crds.yaml | 54 ----- cluster/flux/apps.yaml | 26 --- cluster/flux/charts.yaml | 13 -- cluster/flux/configuration.yaml | 17 -- cluster/flux/core.yaml | 28 --- cluster/flux/crds.yaml | 13 -- cluster/flux/flux-system/flux-cluster.yaml | 28 --- .../pxe_opnsense_services_dhcpv4_network.png | Bin 180055 -> 0 bytes docs/files/pxe_opnsense_services_dnsmasq.png | Bin 118065 -> 0 bytes ...xe_opnsense_services_nginx_http_server.png | Bin 50422 -> 0 bytes .../pxe_opnsense_services_nginx_location.png | Bin 48727 -> 0 bytes docs/flux.md | 49 ---- docs/post-install.md | 9 - docs/pxe.md | 27 --- .../ansible}/.ansible-lint | 0 {ansible => infrastructure/ansible}/.envrc | 0 .../ansible}/ansible.cfg | 0 .../inventory/group_vars/all/all.sops.yml | 0 .../group_vars/all/wireguard.sops.yml | 0 .../host_vars/truenas-remote.sops.yaml | 0 .../inventory/host_vars/truenas-remote.yaml | 0 .../inventory/host_vars/truenas.sops.yaml | 0 .../ansible}/inventory/host_vars/truenas.yaml | 0 .../ansible}/inventory/hosts.yml | 0 .../ansible}/playbooks/bootstrap_ansible.yml | 0 .../ansible}/playbooks/coreelec.yml | 0 .../ansible}/playbooks/truenas.yml | 0 .../ansible}/playbooks/workstation-work.yaml | 0 .../ansible}/playbooks/workstation.yml | 0 .../ansible}/requirements.yml | 0 .../ansible}/roles/coreelec/defaults/main.yml | 0 .../ansible}/roles/coreelec/files/backup.bash | 0 .../ansible}/roles/coreelec/tasks/backup.yml | 0 .../ansible}/roles/coreelec/tasks/main.yml | 0 .../ansible}/roles/coreelec/tasks/nfs.yml | 0 .../coreelec/templates/storage-nfs.mount | 0 .../ansible}/roles/truenas/defaults/main.yml | 0 .../roles/truenas/files/borgserver/rc.d | 0 .../truenas/files/borgserver/sshd_config | 0 .../files/scripts/certificates_deploy.py | 0 .../files/scripts/snapshots_clearempty.py | 0 .../truenas/files/scripts/snapshots_prune.py | 0 .../files/scripts/telegraf_hddtemp.bash | 0 .../ansible}/roles/truenas/handlers/main.yml | 0 .../roles/truenas/tasks/directories.yml | 0 .../truenas/tasks/jails/borgserver-init.yml | 0 .../roles/truenas/tasks/jails/init.yml | 0 .../roles/truenas/tasks/jails/main.yml | 0 .../truenas/tasks/jails/postgres-conf.yml | 0 .../truenas/tasks/jails/postgres-init.yml | 0 .../ansible}/roles/truenas/tasks/main.yml | 0 .../ansible}/roles/truenas/tasks/scripts.yml | 0 .../ansible}/roles/truenas/tasks/telegraf.yml | 0 .../roles/truenas/tasks/wireguard.yml | 0 .../truenas/templates/postgres/pg_hba.conf | 0 .../scripts/backupconfig_cloudsync_pre.bash | 0 .../scripts/certificates_deploy.bash | 0 .../scripts/certificates_deploy.conf | 0 .../truenas/templates/scripts/report_pools.sh | 0 .../truenas/templates/scripts/report_smart.sh | 0 .../truenas/templates/scripts/report_ups.sh | 0 .../templates/scripts/snapshots_prune.sh | 0 .../truenas/templates/telegraf/telegraf.conf | 0 .../truenas/templates/wireguard/ip-check.bash | 0 .../wireguard/truenas-remote.xpander.ovh.conf | 0 .../ansible}/roles/truenas/vars/main.yml | 0 .../roles/workstation/defaults/main.yml | 0 .../scripts/backup-local-usb-disk-one.bash | 0 .../scripts/backup-local-usb-disk-two.bash | 0 .../workstation/files/scripts/update-pip.bash | 0 .../files/throttled/throttled.conf | 0 .../roles/workstation/files/yum/vscodium.repo | 0 .../roles/workstation/files/yum/yum.conf | 0 .../roles/workstation/tasks/chezmoi.yml | 0 .../roles/workstation/tasks/gnome.yml | 0 .../ansible}/roles/workstation/tasks/gpg.yml | 0 .../ansible}/roles/workstation/tasks/main.yml | 0 .../ansible}/roles/workstation/tasks/nfs.yml | 0 .../tasks/packages-claude-fixe-fedora.yml | 0 .../tasks/packages-claude-thinkpad-fedora.yml | 0 .../workstation/tasks/packages-common.yml | 3 + .../roles/workstation/tasks/packages-post.yml | 0 .../tasks/packages-prerequisites.yml | 0 .../roles/workstation/tasks/repositories.yml | 25 +- .../roles/workstation/tasks/scripts.yml | 0 .../roles/workstation/tasks/shell.yml | 0 .../roles/workstation/tasks/system.yml | 0 .../roles/workstation/tasks/wireguard.yml | 0 .../workstation/templates/application.desktop | 0 .../workstation/templates/chezmoi.toml.j2 | 0 .../wireguard/claude-thinkpad-fedora.conf | 0 .../workstation/vars/claude-fixe-fedora.yml | 0 .../vars/claude-thinkpad-fedora.yml | 0 infrastructure/talos/.gitignore | 2 + {talos => infrastructure/talos}/README.md | 21 +- .../talos/cluster-0/cni/kustomization.yaml | 15 ++ .../talos/cluster-0/cni/values.yaml | 28 +++ .../flux}/github-deploy-key.sops.yaml | 0 .../talos/cluster-0/flux}/kustomization.yaml | 0 .../kubelet-csr-approver/kustomization.yaml | 18 ++ infrastructure/talos/cluster-0/talconfig.yaml | 89 +++++++ .../talos/cluster-0/talenv.sops.yaml | 23 ++ .../talos/cluster-0/talsecret.sops.yaml | 43 ++++ .../base/config}/cluster-secrets.sops.yaml | 5 +- .../base/config}/cluster-settings.yaml | 14 +- .../base/config}/kustomization.yaml | 0 .../base}/kustomization.yaml | 3 +- .../base/repositories/helm/bitnami.yaml | 4 +- .../base/repositories/helm/bjw-s.yaml | 2 +- .../helm}/cert-manager-webhook-ovh.yaml | 2 +- kubernetes/base/repositories/helm/cilium.yaml | 9 + .../repositories/helm/cloudnative-pg.yaml | 2 +- .../base/repositories/helm/descheduler.yaml | 2 +- .../base/repositories/helm/drone.yaml | 0 .../base/repositories/helm/dysnix.yaml | 2 +- .../base/repositories/helm/emxq.yaml | 4 +- .../base/repositories/helm/external-dns.yaml | 2 +- .../base/repositories/helm/gitea.yaml | 4 +- .../base/repositories/helm/grafana.yaml | 4 +- .../base/repositories/helm/ingress-nginx.yaml | 4 +- .../base/repositories/helm/jetstack.yaml | 10 + .../base/repositories/helm/k8s-gateway.yaml | 4 +- .../base/repositories/helm/kustomization.yaml | 27 +++ .../base/repositories/helm/kyverno.yaml | 2 +- .../repositories/helm/metrics-server.yaml | 2 +- .../helm}/node-feature-discovery.yaml | 4 +- .../helm/prometheus-community.yaml | 4 +- .../base/repositories/helm/rook-ceph.yaml | 4 +- .../base/repositories/helm/stakater.yaml | 4 +- .../base/repositories/helm/vector.yaml | 2 +- .../base/repositories/helm/weave-gitops.yaml | 10 + .../base/repositories}/kustomization.yaml | 2 +- .../authelia/config/configuration.yml | 0 .../authentication/authelia/helm-release.yaml | 2 +- .../authelia/kustomization.yaml | 0 .../authentication/authelia/patches/env.yaml | 0 .../authelia/patches/postgres.yaml | 0 .../authentication/authelia/secret.sops.yaml | 0 .../glauth/config/groups.sops.toml | 0 .../glauth/config/server.sops.toml | 0 .../glauth/config/users.sops.toml | 0 .../authentication/glauth/helm-release.yaml | 2 +- .../authentication/glauth/kustomization.yaml | 0 .../apps/authentication/kustomization.yaml | 0 .../cluster-0}/apps/authentication/readme.md | 0 .../crypto/celestia-app/helm-release.yaml | 2 +- .../crypto/celestia-app/kustomization.yaml | 0 .../apps/crypto/celestia-app/secret.sops.yaml | 0 .../apps/crypto/celestia-app/volume.yaml | 0 .../cluster-0}/apps/crypto/kustomization.yaml | 0 .../apps/databases/kustomization.yaml | 0 .../apps/databases/pgadmin/helm-release.yaml | 11 +- .../apps/databases/pgadmin/kustomization.yaml | 0 .../apps/databases/pgadmin/secret.sops.yaml | 0 .../apps/databases/pgadmin/volume.yaml | 0 .../postgres/cluster/helm-release.yaml | 38 +-- .../postgres/cluster/kustomization.yaml | 0 .../postgres/cluster/secret.sops.yaml | 0 .../external-backup/helm-release.yaml | 4 +- .../external-backup/kustomization.yaml | 0 .../apps/databases/postgres/helm-release.yaml | 2 +- .../databases/postgres/kustomization.yaml | 0 .../scheduled-backup/helm-release.yaml | 2 +- .../scheduled-backup/kustomization.yaml | 0 .../scheduled-backup/secret.sops.yaml | 0 .../cluster-0}/apps/databases/readme.md | 0 .../apps/databases/redis/helm-release.yaml | 2 +- .../apps/databases/redis/kustomization.yaml | 0 .../apps/databases/redis/secret.sops.yaml | 0 .../helm-release.yaml | 0 .../kustomization.yaml | 0 .../drone/drone-runner-kube/helm-release.yaml | 0 .../drone-runner-kube/kustomization.yaml | 0 .../apps/development/drone/helm-release.yaml | 0 .../apps/development/drone/kustomization.yaml | 0 .../apps/development/drone/secret.sops.yaml | 0 .../gitea/external-backup/helm-release.yaml | 4 +- .../gitea/external-backup/kustomization.yaml | 0 .../apps/development/gitea/helm-release.yaml | 6 +- .../apps/development/gitea/kustomization.yaml | 0 .../apps/development/gitea/secret.sops.yaml | 0 .../apps/development/gitea/volume.yaml | 0 .../apps/development/kustomization.yaml | 0 .../cluster-0}/apps/development/readme.md | 0 .../apps/documentation/kustomization.yaml | 0 .../documentation/outline/helm-release.yaml | 2 +- .../documentation/outline/kustomization.yaml | 0 .../documentation/outline/patches/env.yaml | 0 .../outline/patches/postgres.yaml | 0 .../documentation/outline/secret.sops.yaml | 8 +- .../cluster-0}/apps/documentation/readme.md | 0 .../apps/downloaders/flood/helm-release.yaml | 2 +- .../apps/downloaders/flood/kustomization.yaml | 0 .../apps/downloaders/flood/secret.sops.yaml | 0 .../apps/downloaders/flood/volume.yaml | 0 .../apps/downloaders/kustomization.yaml | 0 .../apps/downloaders/pyload/helm-release.yaml | 4 +- .../downloaders/pyload/kustomization.yaml | 0 .../apps/downloaders/pyload/volume.yaml | 0 .../downloaders/qbittorrent/helm-release.yaml | 6 +- .../qbittorrent/kustomization.yaml | 0 .../upgrade-p2pblocklist/helm-release.yaml | 4 +- .../upgrade-p2pblocklist/kustomization.yaml | 0 .../apps/downloaders/qbittorrent/volume.yaml | 0 .../downloaders/sabnzbd/helm-release.yaml | 2 +- .../downloaders/sabnzbd/kustomization.yaml | 0 .../apps/downloaders/sabnzbd/secret.sops.yaml | 0 .../apps/downloaders/sabnzbd/volume.yaml | 0 .../home-automation/emqx/helm-release.yaml | 5 +- .../home-automation/emqx/kustomization.yaml | 0 .../home-automation/emqx/secret.sops.yaml | 0 .../apps/home-automation/frigate/config.yaml | 0 .../home-automation/frigate/helm-release.yaml | 2 +- .../frigate/kustomization.yaml | 0 .../apps/home-automation/frigate/volume.yaml | 0 .../home-assistant-code/helm-release.yaml | 2 +- .../home-assistant-code/kustomization.yaml | 0 .../home-assistant/helm-release.yaml | 5 +- .../home-assistant/kustomization.yaml | 0 .../home-assistant/patches/postgres.yaml | 0 .../home-assistant/podmonitor.yaml | 0 .../home-assistant/secret.sops.yaml | 0 .../home-assistant/token.sops.yaml | 0 .../home-assistant/volume.yaml | 0 .../apps/home-automation/kustomization.yaml | 0 .../zigbee2mqtt/helm-release.yaml | 2 +- .../zigbee2mqtt/kustomization.yaml | 0 .../zigbee2mqtt/patches/env.yaml | 14 +- .../zigbee2mqtt/patches/exporter.yaml | 0 .../zigbee2mqtt/prometheus-rule.yaml | 0 .../home-automation/zigbee2mqtt/volume.yaml | 0 .../zwavejs2mqtt/helm-release.yaml | 2 +- .../zwavejs2mqtt/kustomization.yaml | 0 .../home-automation/zwavejs2mqtt/volume.yaml | 0 .../coredns-nodecache/configmap.yaml | 0 .../coredns-nodecache/daemonset.yaml | 0 .../coredns-nodecache/kustomization.yaml | 0 .../coredns-nodecache/service-account.yaml | 0 .../kube-tools/descheduler/helm-release.yaml | 2 +- .../kube-tools/descheduler/kustomization.yaml | 0 .../intel-gpu-exporter/helm-release.yaml | 2 +- .../intel-gpu-exporter/kustomization.yaml | 0 .../intel-gpu-plugin/helm-release.yaml | 2 +- .../intel-gpu-plugin/kustomization.yaml | 0 .../apps/kube-tools/kustomization.yaml | 1 - .../apps/kube-tools/kyverno/helm-release.yaml | 10 +- .../kube-tools/kyverno/kustomization.yaml | 0 .../kyverno/policies/helm-release.yaml | 4 +- .../kyverno/policies/kustomization.yaml | 0 .../metrics-server/helm-release.yaml | 2 +- .../metrics-server/kustomization.yaml | 0 .../node-feature-discovery/helm-release.yaml | 2 +- .../node-feature-discovery/kustomization.yaml | 0 .../cluster-0}/apps/kube-tools/rbac/jobs.yaml | 0 .../apps/kube-tools/rbac/kustomization.yaml | 0 .../kube-tools/reloader/helm-release.yaml | 2 +- .../kube-tools/reloader/kustomization.yaml | 0 .../cluster-0}/apps/kustomization.yaml | 4 +- .../cluster-0}/apps/logs/kustomization.yaml | 0 .../cluster-0}/apps/logs/loki/config-map.yaml | 0 .../apps/logs/loki/helm-release.yaml | 62 +++-- .../apps/logs/loki/kustomization.yaml | 0 .../apps/logs/loki/object-bucket-claim.yaml | 0 .../apps/logs/vector/agent/helm-release.yaml | 84 +++++++ .../apps/logs/vector/agent/kustomization.yaml | 0 .../vector/aggregator/filterlog-regex.txt | 0 .../logs/vector/aggregator/helm-release.yaml | 218 ++++++++++++++++++ .../logs/vector/aggregator/kustomization.yaml | 0 .../logs/vector/geoipupdate/cron-job.yaml | 0 .../vector/geoipupdate/kustomization.yaml | 0 .../logs/vector/geoipupdate/secret.sops.yaml | 0 .../apps/logs/vector/geoipupdate/volume.yaml | 0 .../apps/logs/vector/kustomization.yaml | 0 .../media-automation/bazarr/helm-release.yaml | 2 +- .../bazarr/kustomization.yaml | 0 .../media-automation/bazarr/secret.sops.yaml | 0 .../apps/media-automation/bazarr/volume.yaml | 0 .../jellyseerr/helm-release.yaml | 2 +- .../jellyseerr/kustomization.yaml | 0 .../media-automation/jellyseerr/volume.yaml | 0 .../apps/media-automation/kustomization.yaml | 1 + .../media-automation/lidarr/helm-release.yaml | 2 +- .../lidarr/kustomization.yaml | 0 .../media-automation/lidarr/secret.sops.yaml | 0 .../apps/media-automation/lidarr/volume.yaml | 0 .../music-transcode/cronjob.yaml | 6 +- .../music-transcode/kustomization.yaml | 0 .../prowlarr/helm-release.yaml | 2 +- .../prowlarr/kustomization.yaml | 0 .../prowlarr/secret.sops.yaml | 0 .../media-automation/prowlarr/volume.yaml | 0 .../media-automation/radarr/helm-release.yaml | 2 +- .../radarr/kustomization.yaml | 0 .../radarr/scripts/pushover-notify.sh | 0 .../media-automation/radarr/secret.sops.yaml | 0 .../apps/media-automation/radarr/volume.yaml | 0 .../readarr/helm-release.yaml | 2 +- .../readarr/kustomization.yaml | 0 .../media-automation/readarr/secret.sops.yaml | 0 .../apps/media-automation/readarr/volume.yaml | 0 .../recyclarr/config/recyclarr.yaml | 5 +- .../recyclarr/helm-release.yaml | 4 +- .../recyclarr/kustomization.yaml | 0 .../recyclarr/secret.sops.yaml | 0 .../media-automation/sonarr/helm-release.yaml | 2 +- .../sonarr/kustomization.yaml | 0 .../sonarr/scripts/pushover-notify.sh | 0 .../media-automation/sonarr/secret.sops.yaml | 0 .../apps/media-automation/sonarr/volume.yaml | 0 .../calibre-web/helm-release.yaml | 4 +- .../calibre-web/kustomization.yaml | 0 .../media-servers/calibre-web/volume.yaml | 0 .../media-servers/calibre/helm-release.yaml | 2 +- .../media-servers/calibre/kustomization.yaml | 0 .../apps/media-servers/calibre/volume.yaml | 0 .../media-servers/jellyfin/helm-release.yaml | 4 +- .../media-servers/jellyfin/kustomization.yaml | 0 .../apps/media-servers/jellyfin/volume.yaml | 0 .../media-servers/komga/helm-release.yaml | 2 +- .../media-servers/komga/kustomization.yaml | 0 .../apps/media-servers/komga/volume.yaml | 0 .../apps/media-servers/kustomization.yaml | 0 .../media-servers/lychee/helm-release.yaml | 2 +- .../media-servers/lychee/kustomization.yaml | 0 .../lychee/patches/postgres.yaml | 0 .../media-servers/lychee/secret.sops.yaml | 0 .../apps/media-servers/lychee/volume.yaml | 0 .../media-browser/helm-release.yaml | 2 +- .../media-browser/kustomization.yaml | 0 .../media-servers/media-browser/volume.yaml | 0 .../media-servers/navidrome/helm-release.yaml | 4 +- .../navidrome/kustomization.yaml | 0 .../apps/media-servers/navidrome/volume.yaml | 0 .../grafana/dashboards/home-assistant.json | 0 .../dashboards/homelab-temperatures.json | 0 .../grafana/dashboards/truenas.json | 0 .../apps/monitoring/grafana/helm-release.yaml | 2 +- .../monitoring/grafana/kustomization.yaml | 0 .../apps/monitoring/grafana/secrets.sops.yaml | 0 .../monitoring/healthchecks/helm-release.yaml | 2 +- .../healthchecks/kustomization.yaml | 0 .../monitoring/healthchecks/patches/env.yaml | 0 .../healthchecks/patches/postgres.yaml | 0 .../monitoring/healthchecks/secret.sops.yaml | 0 .../kube-prometheus-stack/helm-release.yaml | 2 +- .../kube-prometheus-stack/kustomization.yaml | 0 .../apps/monitoring/kustomization.yaml | 0 .../apps/monitoring/thanos/helm-release.yaml | 2 +- .../apps/monitoring/thanos/kustomization.yaml | 0 .../apps/monitoring/thanos/readme.md | 0 .../apps/monitoring/thanos/secret.sops.yaml | 0 .../monitoring/uptime-kuma/helm-release.yaml | 2 +- .../monitoring/uptime-kuma/kustomization.yaml | 0 .../apps/monitoring/uptime-kuma/volume.yaml | 0 .../cluster-0}/apps/namespaces.yaml | 21 -- .../certificates/helm-release.yaml | 2 +- .../certificates/kustomization.yaml | 0 .../networking/cert-manager/helm-release.yaml | 2 +- .../cert-manager/issuers/helm-release.yaml | 2 +- .../cert-manager/issuers/kustomization.yaml | 0 .../cert-manager/kustomization.yaml | 0 .../cert-manager/prometheus-rule.yaml | 0 .../apps/networking/cert-manager/rbac.yaml | 0 .../networking/cert-manager/secret.sops.yaml | 0 .../webhook-ovh/helm-release.yaml | 0 .../webhook-ovh/kustomization.yaml | 0 .../cert-manager/webhook-ovh/rbac.yaml | 0 .../networking/external-dns/helm-release.yaml | 2 +- .../external-dns/kustomization.yaml | 0 .../networking/external-dns/secret.sops.yaml | 0 .../ingress-nginx/helm-release.yaml | 5 +- .../ingress-nginx/kustomization.yaml | 0 .../networking/k8s-gateway/helm-release.yaml | 14 +- .../networking/k8s-gateway/kustomization.yaml | 0 .../apps/networking/kustomization.yaml | 1 - .../networking/smtp-relay/helm-release.yaml | 4 +- .../networking/smtp-relay/kustomization.yaml | 0 .../apps/networking/smtp-relay/maddy.conf | 0 .../networking/smtp-relay/secret.sops.yaml | 0 .../apps/networking/unifi/helm-release.yaml | 5 +- .../apps/networking/unifi/kustomization.yaml | 0 .../apps/networking/unifi/volume.yaml | 0 .../kopia-kube}/config/repository.config | 2 +- .../storage/kopia-kube}/helm-release.yaml | 2 +- .../storage/kopia-kube}/kustomization.yaml | 2 +- .../kopia/kopia-kube/config/repository.config | 20 ++ .../kopia/kopia-kube/helm-release.yaml | 109 +++++++++ .../kopia/kopia-kube/kustomization.yaml | 12 + .../config/repository.config | 20 ++ .../kopia-workstations/helm-release.yaml | 109 +++++++++ .../kopia-workstations/kustomization.yaml | 12 + .../apps/storage/kopia}/kustomization.yaml | 4 +- .../apps/storage/kustomization.yaml | 5 +- .../resilio-sync/claude}/config/sync.conf | 0 .../resilio-sync/claude}/helm-release.yaml | 14 +- .../resilio-sync/claude}/kustomization.yaml | 2 +- .../storage/resilio-sync/claude}/volume.yaml | 4 +- .../resilio-sync/helene}/config/sync.conf | 0 .../resilio-sync/helene}/helm-release.yaml | 10 +- .../resilio-sync/helene}/kustomization.yaml | 2 +- .../storage/resilio-sync/helene}/volume.yaml | 4 +- .../storage/resilio-sync}/kustomization.yaml | 3 +- .../smartctl-exporter/helm-release.yaml | 2 +- .../smartctl-exporter}/kustomization.yaml | 0 .../storage/truecommand/helm-release.yaml | 2 +- .../storage/truecommand/kustomization.yaml | 0 .../apps/storage/truecommand/volume.yaml | 0 .../apps/web-tools/freshrss/helm-release.yaml | 2 +- .../web-tools/freshrss/kustomization.yaml | 0 .../web-tools/freshrss/patches/postgres.yaml | 0 .../apps/web-tools/freshrss/secret.sops.yaml | 0 .../apps/web-tools/freshrss/volume.yaml | 0 .../web-tools/homer-code/helm-release.yaml | 2 +- .../web-tools/homer-code}/kustomization.yaml | 0 .../apps/web-tools/homer/helm-release.yaml | 2 +- .../apps/web-tools/homer/kustomization.yaml | 0 .../apps/web-tools/homer/volume.yaml | 0 .../web-tools/invidious/config/config.yml | 0 .../web-tools/invidious/helm-release.yaml | 2 +- .../web-tools/invidious/kustomization.yaml | 0 .../web-tools/invidious/patches/postgres.yaml | 0 .../apps/web-tools/joplin/helm-release.yaml | 2 +- .../apps/web-tools/joplin/kustomization.yaml | 0 .../web-tools/joplin/patches/postgres.yaml | 0 .../apps/web-tools/joplin/secret.sops.yaml | 0 .../apps/web-tools/kustomization.yaml | 1 - .../web-tools/libreddit/helm-release.yaml | 4 +- .../web-tools/libreddit/kustomization.yaml | 0 .../apps/web-tools/nitter/config/config.yml | 0 .../apps/web-tools/nitter/helm-release.yaml | 2 +- .../apps/web-tools/nitter/kustomization.yaml | 0 .../cluster-0}/apps/web-tools/readme.md | 0 .../apps/web-tools/sharry/config/sharry.conf | 0 .../apps/web-tools/sharry/helm-release.yaml | 2 +- .../apps/web-tools/sharry/kustomization.yaml | 0 .../web-tools/sharry/patches/postgres.yaml | 0 .../web-tools/tandoor/config/nginx-config | 0 .../apps/web-tools/tandoor/helm-release.yaml | 4 +- .../apps/web-tools/tandoor/kustomization.yaml | 0 .../apps/web-tools/tandoor/patches/env.yaml | 0 .../web-tools/tandoor/patches/postgres.yaml | 0 .../apps/web-tools/tandoor/secret.sops.yaml | 0 .../apps/web-tools/tandoor/volume.yaml | 0 .../web-tools/theme-park/helm-release.yaml | 2 +- .../web-tools/theme-park}/kustomization.yaml | 0 .../web-tools/vaultwarden/helm-release.yaml | 2 +- .../web-tools/vaultwarden/kustomization.yaml | 1 + .../vaultwarden/patches/postgres.yaml | 0 .../web-tools/vaultwarden/secret.sops.yaml | 0 .../apps/web-tools/vaultwarden/volume.yaml | 0 .../apps/web-tools/vikunja/config/Caddyfile | 0 .../apps/web-tools/vikunja/helm-release.yaml | 2 +- .../apps/web-tools/vikunja/kustomization.yaml | 0 .../web-tools/vikunja/patches/postgres.yaml | 0 .../apps/web-tools/vikunja/secret.sops.yaml | 0 .../apps/web-tools/vikunja/volume.yaml | 0 .../apps/web-tools/wallabag/helm-release.yaml | 2 +- .../web-tools/wallabag/kustomization.yaml | 0 .../apps/web-tools/wallabag/patches/env.yaml | 0 .../web-tools/wallabag/patches/postgres.yaml | 0 .../apps/web-tools/wallabag/secret.sops.yaml | 0 .../apps/web-tools/wallabag/volume.yaml | 0 .../apps/web-tools/whoogle/helm-release.yaml | 2 +- .../web-tools/whoogle}/kustomization.yaml | 0 .../cluster-0/core/cilium/configmap.yaml | 18 ++ .../cluster-0/core/cilium}/kustomization.yaml | 4 +- .../core/flux-system/kustomization.yaml | 1 + .../alert-manager/kustomization.yaml | 0 .../alert-manager/notification.yaml | 0 .../notifications/github/kustomization.yaml | 0 .../notifications/github/notification.yaml | 0 .../notifications/github/secret.sops.yaml | 0 .../notifications/kustomization.yaml | 0 .../core/flux-system/pod-monitor.yaml | 0 .../core/flux-system/prometheus-rule.yaml | 0 .../weave-gitops/helm-release.yaml | 39 ++++ .../weave-gitops/kustomization.yaml | 7 + .../flux-system/weave-gitops/secret.sops.yaml | 29 +++ .../flux-system/webhook/github/ingress.yaml | 0 .../webhook/github/kustomization.yaml | 0 .../flux-system/webhook/github/receiver.yaml | 0 .../webhook/github/secret.sops.yaml | 0 .../flux-system/webhook/kustomization.yaml | 0 .../cluster-0}/core/kustomization.yaml | 1 + .../core/rook-ceph/cluster/helm-release.yaml | 141 ++++++----- .../core/rook-ceph/cluster/kustomization.yaml | 0 .../core/rook-ceph/kustomization.yaml | 3 +- .../cluster-0}/core/rook-ceph/namespace.yaml | 0 .../core/rook-ceph/operator/helm-release.yaml | 4 +- .../rook-ceph/operator/kustomization.yaml | 0 .../rook-ceph/rook-toolbox/deployment.yaml | 73 ++++++ .../rook-toolbox}/kustomization.yaml | 0 kubernetes/flux/flux-cluster.yaml | 97 ++++++++ .../flux}/flux-installation.yaml | 0 .../flux}/flux-prereqs.yaml | 0 .../flux}/kustomization.yaml | 1 + {hack => kubernetes/tools}/kopia-restore.yaml | 0 kubernetes/tools/wipe-rook.yaml | 96 ++++++++ server/README.md | 3 - server/pxe/grub/grub.cfg | 13 -- server/pxe/nodes/1c:69:7a:01:28:ae.conf | 10 - server/pxe/nodes/1c:69:7a:0d:0e:e9.conf | 10 - server/pxe/nodes/1c:69:7a:0f:9f:ab.conf | 10 - server/pxe/nodes/f4:4d:30:69:76:2d.conf | 10 - server/pxe/nodes/k3s-server/meta-data | 1 - server/pxe/nodes/k3s-server/user-data | 89 ------- server/pxe/nodes/k3s-worker1/meta-data | 1 - server/pxe/nodes/k3s-worker1/user-data | 89 ------- server/pxe/nodes/k3s-worker2/meta-data | 1 - server/pxe/nodes/k3s-worker2/user-data | 89 ------- server/pxe/nodes/k3s-worker3/meta-data | 1 - server/pxe/nodes/k3s-worker3/user-data | 89 ------- server/pxe/pxe.conf | 12 - talos/talconfig.yaml | 0 548 files changed, 1642 insertions(+), 2331 deletions(-) delete mode 100644 ansible/inventory/group_vars/all/calico.yml delete mode 100644 ansible/inventory/group_vars/all/k3s.yml delete mode 100644 ansible/inventory/group_vars/master/k3s.yml delete mode 100644 ansible/inventory/group_vars/worker/k3s.yml delete mode 100644 ansible/inventory/host_vars/k3s-master.sops.yaml delete mode 100644 ansible/inventory/host_vars/k3s-worker1.sops.yaml delete mode 100644 ansible/inventory/host_vars/k3s-worker2.sops.yaml delete mode 100644 ansible/inventory/host_vars/k3s-worker3.sops.yaml delete mode 100644 ansible/playbooks/cluster-installation.yml delete mode 100644 ansible/playbooks/cluster-nuke.yml delete mode 100644 ansible/playbooks/cluster-prepare.yml delete mode 100644 ansible/playbooks/cluster-reboot.yml delete mode 100644 ansible/playbooks/rook-nuke.yml delete mode 100644 ansible/playbooks/templates/calico/calico-bgpconfiguration.yaml.j2 delete mode 100644 ansible/playbooks/templates/calico/calico-bgppeer.yaml.j2 delete mode 100644 ansible/playbooks/templates/calico/calico-installation.yaml.j2 delete mode 100644 cluster/apps/kube-tools/system-upgrade/kustomization.yaml delete mode 100644 cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/kustomization.yaml delete mode 100644 cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/agent.yaml delete mode 100644 cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/server.yaml delete mode 100644 cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/system-upgrade-patches.yaml delete mode 100644 cluster/apps/logs/vector/agent/helm-release.yaml delete mode 100644 cluster/apps/logs/vector/aggregator/helm-release.yaml delete mode 100644 cluster/apps/networking/tigera-operator/helm-release.yaml delete mode 100644 cluster/charts/jetstack-charts.yaml delete mode 100644 cluster/charts/kustomization.yaml delete mode 100644 cluster/charts/project-calico-charts.yaml delete mode 100644 cluster/core/rook-ceph/rook-direct-mount/deployment.yaml delete mode 100644 cluster/core/rook-ceph/snapshot-controller/deployment.yaml delete mode 100644 cluster/core/rook-ceph/snapshot-controller/rbac.yaml delete mode 100644 cluster/crds/kube-prometheus-stack/crds.yaml delete mode 100644 cluster/flux/apps.yaml delete mode 100644 cluster/flux/charts.yaml delete mode 100644 cluster/flux/configuration.yaml delete mode 100644 cluster/flux/core.yaml delete mode 100644 cluster/flux/crds.yaml delete mode 100644 cluster/flux/flux-system/flux-cluster.yaml delete mode 100644 docs/files/pxe_opnsense_services_dhcpv4_network.png delete mode 100644 docs/files/pxe_opnsense_services_dnsmasq.png delete mode 100644 docs/files/pxe_opnsense_services_nginx_http_server.png delete mode 100644 docs/files/pxe_opnsense_services_nginx_location.png delete mode 100644 docs/flux.md delete mode 100644 docs/post-install.md delete mode 100644 docs/pxe.md rename {ansible => infrastructure/ansible}/.ansible-lint (100%) rename {ansible => infrastructure/ansible}/.envrc (100%) rename {ansible => infrastructure/ansible}/ansible.cfg (100%) rename {ansible => infrastructure/ansible}/inventory/group_vars/all/all.sops.yml (100%) rename {ansible => infrastructure/ansible}/inventory/group_vars/all/wireguard.sops.yml (100%) rename {ansible => infrastructure/ansible}/inventory/host_vars/truenas-remote.sops.yaml (100%) rename {ansible => infrastructure/ansible}/inventory/host_vars/truenas-remote.yaml (100%) rename {ansible => infrastructure/ansible}/inventory/host_vars/truenas.sops.yaml (100%) rename {ansible => infrastructure/ansible}/inventory/host_vars/truenas.yaml (100%) rename {ansible => infrastructure/ansible}/inventory/hosts.yml (100%) rename {ansible => infrastructure/ansible}/playbooks/bootstrap_ansible.yml (100%) rename {ansible => infrastructure/ansible}/playbooks/coreelec.yml (100%) rename {ansible => infrastructure/ansible}/playbooks/truenas.yml (100%) rename {ansible => infrastructure/ansible}/playbooks/workstation-work.yaml (100%) rename {ansible => infrastructure/ansible}/playbooks/workstation.yml (100%) rename {ansible => infrastructure/ansible}/requirements.yml (100%) rename {ansible => infrastructure/ansible}/roles/coreelec/defaults/main.yml (100%) rename {ansible => infrastructure/ansible}/roles/coreelec/files/backup.bash (100%) rename {ansible => infrastructure/ansible}/roles/coreelec/tasks/backup.yml (100%) rename {ansible => infrastructure/ansible}/roles/coreelec/tasks/main.yml (100%) rename {ansible => infrastructure/ansible}/roles/coreelec/tasks/nfs.yml (100%) rename {ansible => infrastructure/ansible}/roles/coreelec/templates/storage-nfs.mount (100%) rename {ansible => infrastructure/ansible}/roles/truenas/defaults/main.yml (100%) rename {ansible => infrastructure/ansible}/roles/truenas/files/borgserver/rc.d (100%) rename {ansible => infrastructure/ansible}/roles/truenas/files/borgserver/sshd_config (100%) rename {ansible => infrastructure/ansible}/roles/truenas/files/scripts/certificates_deploy.py (100%) rename {ansible => infrastructure/ansible}/roles/truenas/files/scripts/snapshots_clearempty.py (100%) rename {ansible => infrastructure/ansible}/roles/truenas/files/scripts/snapshots_prune.py (100%) rename {ansible => infrastructure/ansible}/roles/truenas/files/scripts/telegraf_hddtemp.bash (100%) rename {ansible => infrastructure/ansible}/roles/truenas/handlers/main.yml (100%) rename {ansible => infrastructure/ansible}/roles/truenas/tasks/directories.yml (100%) rename {ansible => infrastructure/ansible}/roles/truenas/tasks/jails/borgserver-init.yml (100%) rename {ansible => infrastructure/ansible}/roles/truenas/tasks/jails/init.yml (100%) rename {ansible => infrastructure/ansible}/roles/truenas/tasks/jails/main.yml (100%) rename {ansible => infrastructure/ansible}/roles/truenas/tasks/jails/postgres-conf.yml (100%) rename {ansible => infrastructure/ansible}/roles/truenas/tasks/jails/postgres-init.yml (100%) rename {ansible => infrastructure/ansible}/roles/truenas/tasks/main.yml (100%) rename {ansible => infrastructure/ansible}/roles/truenas/tasks/scripts.yml (100%) rename {ansible => infrastructure/ansible}/roles/truenas/tasks/telegraf.yml (100%) rename {ansible => infrastructure/ansible}/roles/truenas/tasks/wireguard.yml (100%) rename {ansible => infrastructure/ansible}/roles/truenas/templates/postgres/pg_hba.conf (100%) rename {ansible => infrastructure/ansible}/roles/truenas/templates/scripts/backupconfig_cloudsync_pre.bash (100%) rename {ansible => infrastructure/ansible}/roles/truenas/templates/scripts/certificates_deploy.bash (100%) rename {ansible => infrastructure/ansible}/roles/truenas/templates/scripts/certificates_deploy.conf (100%) rename {ansible => infrastructure/ansible}/roles/truenas/templates/scripts/report_pools.sh (100%) rename {ansible => infrastructure/ansible}/roles/truenas/templates/scripts/report_smart.sh (100%) rename {ansible => infrastructure/ansible}/roles/truenas/templates/scripts/report_ups.sh (100%) rename {ansible => infrastructure/ansible}/roles/truenas/templates/scripts/snapshots_prune.sh (100%) rename {ansible => infrastructure/ansible}/roles/truenas/templates/telegraf/telegraf.conf (100%) rename {ansible => infrastructure/ansible}/roles/truenas/templates/wireguard/ip-check.bash (100%) rename {ansible => infrastructure/ansible}/roles/truenas/templates/wireguard/truenas-remote.xpander.ovh.conf (100%) rename {ansible => infrastructure/ansible}/roles/truenas/vars/main.yml (100%) rename {ansible => infrastructure/ansible}/roles/workstation/defaults/main.yml (100%) rename {ansible => infrastructure/ansible}/roles/workstation/files/scripts/backup-local-usb-disk-one.bash (100%) rename {ansible => infrastructure/ansible}/roles/workstation/files/scripts/backup-local-usb-disk-two.bash (100%) rename {ansible => infrastructure/ansible}/roles/workstation/files/scripts/update-pip.bash (100%) rename {ansible => infrastructure/ansible}/roles/workstation/files/throttled/throttled.conf (100%) rename {ansible => infrastructure/ansible}/roles/workstation/files/yum/vscodium.repo (100%) rename {ansible => infrastructure/ansible}/roles/workstation/files/yum/yum.conf (100%) rename {ansible => infrastructure/ansible}/roles/workstation/tasks/chezmoi.yml (100%) rename {ansible => infrastructure/ansible}/roles/workstation/tasks/gnome.yml (100%) rename {ansible => infrastructure/ansible}/roles/workstation/tasks/gpg.yml (100%) rename {ansible => infrastructure/ansible}/roles/workstation/tasks/main.yml (100%) rename {ansible => infrastructure/ansible}/roles/workstation/tasks/nfs.yml (100%) rename {ansible => infrastructure/ansible}/roles/workstation/tasks/packages-claude-fixe-fedora.yml (100%) rename {ansible => infrastructure/ansible}/roles/workstation/tasks/packages-claude-thinkpad-fedora.yml (100%) rename {ansible => infrastructure/ansible}/roles/workstation/tasks/packages-common.yml (98%) rename {ansible => infrastructure/ansible}/roles/workstation/tasks/packages-post.yml (100%) rename {ansible => infrastructure/ansible}/roles/workstation/tasks/packages-prerequisites.yml (100%) rename {ansible => infrastructure/ansible}/roles/workstation/tasks/repositories.yml (82%) rename {ansible => infrastructure/ansible}/roles/workstation/tasks/scripts.yml (100%) rename {ansible => infrastructure/ansible}/roles/workstation/tasks/shell.yml (100%) rename {ansible => infrastructure/ansible}/roles/workstation/tasks/system.yml (100%) rename {ansible => infrastructure/ansible}/roles/workstation/tasks/wireguard.yml (100%) rename {ansible => infrastructure/ansible}/roles/workstation/templates/application.desktop (100%) rename {ansible => infrastructure/ansible}/roles/workstation/templates/chezmoi.toml.j2 (100%) rename {ansible => infrastructure/ansible}/roles/workstation/templates/wireguard/claude-thinkpad-fedora.conf (100%) rename {ansible => infrastructure/ansible}/roles/workstation/vars/claude-fixe-fedora.yml (100%) rename {ansible => infrastructure/ansible}/roles/workstation/vars/claude-thinkpad-fedora.yml (100%) create mode 100644 infrastructure/talos/.gitignore rename {talos => infrastructure/talos}/README.md (54%) create mode 100644 infrastructure/talos/cluster-0/cni/kustomization.yaml create mode 100644 infrastructure/talos/cluster-0/cni/values.yaml rename {cluster/flux/flux-system => infrastructure/talos/cluster-0/flux}/github-deploy-key.sops.yaml (100%) rename {cluster/bootstrap => infrastructure/talos/cluster-0/flux}/kustomization.yaml (100%) create mode 100644 infrastructure/talos/cluster-0/kubelet-csr-approver/kustomization.yaml create mode 100644 infrastructure/talos/cluster-0/talconfig.yaml create mode 100644 infrastructure/talos/cluster-0/talenv.sops.yaml create mode 100644 infrastructure/talos/cluster-0/talsecret.sops.yaml rename {cluster/configuration => kubernetes/base/config}/cluster-secrets.sops.yaml (94%) rename {cluster/configuration => kubernetes/base/config}/cluster-settings.yaml (64%) rename {cluster/configuration => kubernetes/base/config}/kustomization.yaml (100%) rename {cluster/crds => kubernetes/base}/kustomization.yaml (72%) rename cluster/charts/bitnami-charts.yaml => kubernetes/base/repositories/helm/bitnami.yaml (66%) rename cluster/charts/bjw-s-charts.yaml => kubernetes/base/repositories/helm/bjw-s.yaml (89%) rename {cluster/charts => kubernetes/base/repositories/helm}/cert-manager-webhook-ovh.yaml (86%) create mode 100644 kubernetes/base/repositories/helm/cilium.yaml rename cluster/charts/cloudnative-pg-charts.yaml => kubernetes/base/repositories/helm/cloudnative-pg.yaml (85%) rename cluster/charts/descheduler-charts.yaml => kubernetes/base/repositories/helm/descheduler.yaml (86%) rename cluster/charts/drone-charts.yaml => kubernetes/base/repositories/helm/drone.yaml (100%) rename cluster/charts/dysnix-charts.yaml => kubernetes/base/repositories/helm/dysnix.yaml (88%) rename cluster/charts/emxq-charts.yaml => kubernetes/base/repositories/helm/emxq.yaml (66%) rename cluster/charts/external-dns-charts.yaml => kubernetes/base/repositories/helm/external-dns.yaml (86%) rename cluster/charts/gitea-charts.yaml => kubernetes/base/repositories/helm/gitea.yaml (66%) rename cluster/charts/grafana-charts.yaml => kubernetes/base/repositories/helm/grafana.yaml (67%) rename cluster/charts/ingress-nginx-charts.yaml => kubernetes/base/repositories/helm/ingress-nginx.yaml (66%) create mode 100644 kubernetes/base/repositories/helm/jetstack.yaml rename cluster/charts/k8s-gateway-charts.yaml => kubernetes/base/repositories/helm/k8s-gateway.yaml (66%) create mode 100644 kubernetes/base/repositories/helm/kustomization.yaml rename cluster/charts/kyverno-charts.yaml => kubernetes/base/repositories/helm/kyverno.yaml (87%) rename cluster/charts/metrics-server-charts.yaml => kubernetes/base/repositories/helm/metrics-server.yaml (85%) rename {cluster/charts => kubernetes/base/repositories/helm}/node-feature-discovery.yaml (66%) rename cluster/charts/prometheus-community-charts.yaml => kubernetes/base/repositories/helm/prometheus-community.yaml (65%) rename cluster/charts/rook-ceph-charts.yaml => kubernetes/base/repositories/helm/rook-ceph.yaml (65%) rename cluster/charts/stakater-charts.yaml => kubernetes/base/repositories/helm/stakater.yaml (67%) rename cluster/charts/vector-charts.yaml => kubernetes/base/repositories/helm/vector.yaml (87%) create mode 100644 kubernetes/base/repositories/helm/weave-gitops.yaml rename {cluster/crds/kube-prometheus-stack => kubernetes/base/repositories}/kustomization.yaml (84%) rename {cluster => kubernetes/cluster-0}/apps/authentication/authelia/config/configuration.yml (100%) rename {cluster => kubernetes/cluster-0}/apps/authentication/authelia/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/authentication/authelia/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/authentication/authelia/patches/env.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/authentication/authelia/patches/postgres.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/authentication/authelia/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/authentication/glauth/config/groups.sops.toml (100%) rename {cluster => kubernetes/cluster-0}/apps/authentication/glauth/config/server.sops.toml (100%) rename {cluster => kubernetes/cluster-0}/apps/authentication/glauth/config/users.sops.toml (100%) rename {cluster => kubernetes/cluster-0}/apps/authentication/glauth/helm-release.yaml (97%) rename {cluster => kubernetes/cluster-0}/apps/authentication/glauth/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/authentication/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/authentication/readme.md (100%) rename {cluster => kubernetes/cluster-0}/apps/crypto/celestia-app/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/crypto/celestia-app/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/crypto/celestia-app/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/crypto/celestia-app/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/crypto/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/databases/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/databases/pgadmin/helm-release.yaml (79%) rename {cluster => kubernetes/cluster-0}/apps/databases/pgadmin/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/databases/pgadmin/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/databases/pgadmin/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/databases/postgres/cluster/helm-release.yaml (69%) rename {cluster => kubernetes/cluster-0}/apps/databases/postgres/cluster/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/databases/postgres/cluster/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/databases/postgres/external-backup/helm-release.yaml (93%) rename {cluster => kubernetes/cluster-0}/apps/databases/postgres/external-backup/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/databases/postgres/helm-release.yaml (93%) rename {cluster => kubernetes/cluster-0}/apps/databases/postgres/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/databases/postgres/scheduled-backup/helm-release.yaml (96%) rename {cluster => kubernetes/cluster-0}/apps/databases/postgres/scheduled-backup/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/databases/postgres/scheduled-backup/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/databases/readme.md (100%) rename {cluster => kubernetes/cluster-0}/apps/databases/redis/helm-release.yaml (96%) rename {cluster => kubernetes/cluster-0}/apps/databases/redis/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/databases/redis/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/development/drone/drone-kubernetes-secrets/helm-release.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/development/drone/drone-kubernetes-secrets/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/development/drone/drone-runner-kube/helm-release.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/development/drone/drone-runner-kube/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/development/drone/helm-release.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/development/drone/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/development/drone/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/development/gitea/external-backup/helm-release.yaml (96%) rename {cluster => kubernetes/cluster-0}/apps/development/gitea/external-backup/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/development/gitea/helm-release.yaml (97%) rename {cluster => kubernetes/cluster-0}/apps/development/gitea/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/development/gitea/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/development/gitea/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/development/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/development/readme.md (100%) rename {cluster => kubernetes/cluster-0}/apps/documentation/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/documentation/outline/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/documentation/outline/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/documentation/outline/patches/env.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/documentation/outline/patches/postgres.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/documentation/outline/secret.sops.yaml (70%) rename {cluster => kubernetes/cluster-0}/apps/documentation/readme.md (100%) rename {cluster => kubernetes/cluster-0}/apps/downloaders/flood/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/downloaders/flood/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/downloaders/flood/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/downloaders/flood/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/downloaders/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/downloaders/pyload/helm-release.yaml (93%) rename {cluster => kubernetes/cluster-0}/apps/downloaders/pyload/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/downloaders/pyload/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/downloaders/qbittorrent/helm-release.yaml (96%) rename {cluster => kubernetes/cluster-0}/apps/downloaders/qbittorrent/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helm-release.yaml (93%) rename {cluster => kubernetes/cluster-0}/apps/downloaders/qbittorrent/upgrade-p2pblocklist/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/downloaders/qbittorrent/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/downloaders/sabnzbd/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/downloaders/sabnzbd/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/downloaders/sabnzbd/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/downloaders/sabnzbd/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/emqx/helm-release.yaml (96%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/emqx/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/emqx/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/frigate/config.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/frigate/helm-release.yaml (99%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/frigate/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/frigate/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/home-assistant-code/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/home-assistant-code/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/home-assistant/helm-release.yaml (97%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/home-assistant/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/home-assistant/patches/postgres.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/home-assistant/podmonitor.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/home-assistant/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/home-assistant/token.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/home-assistant/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/zigbee2mqtt/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/zigbee2mqtt/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/zigbee2mqtt/patches/env.yaml (80%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/zigbee2mqtt/patches/exporter.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/zigbee2mqtt/prometheus-rule.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/zigbee2mqtt/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/zwavejs2mqtt/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/zwavejs2mqtt/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/home-automation/zwavejs2mqtt/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/coredns-nodecache/configmap.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/coredns-nodecache/daemonset.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/coredns-nodecache/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/coredns-nodecache/service-account.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/descheduler/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/descheduler/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/intel-gpu-exporter/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/intel-gpu-exporter/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/intel-gpu-plugin/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/intel-gpu-plugin/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/kustomization.yaml (92%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/kyverno/helm-release.yaml (81%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/kyverno/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/kyverno/policies/helm-release.yaml (99%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/kyverno/policies/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/metrics-server/helm-release.yaml (94%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/metrics-server/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/node-feature-discovery/helm-release.yaml (97%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/node-feature-discovery/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/rbac/jobs.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/rbac/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/reloader/helm-release.yaml (94%) rename {cluster => kubernetes/cluster-0}/apps/kube-tools/reloader/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/kustomization.yaml (93%) rename {cluster => kubernetes/cluster-0}/apps/logs/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/logs/loki/config-map.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/logs/loki/helm-release.yaml (68%) rename {cluster => kubernetes/cluster-0}/apps/logs/loki/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/logs/loki/object-bucket-claim.yaml (100%) create mode 100644 kubernetes/cluster-0/apps/logs/vector/agent/helm-release.yaml rename {cluster => kubernetes/cluster-0}/apps/logs/vector/agent/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/logs/vector/aggregator/filterlog-regex.txt (100%) create mode 100644 kubernetes/cluster-0/apps/logs/vector/aggregator/helm-release.yaml rename {cluster => kubernetes/cluster-0}/apps/logs/vector/aggregator/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/logs/vector/geoipupdate/cron-job.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/logs/vector/geoipupdate/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/logs/vector/geoipupdate/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/logs/vector/geoipupdate/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/logs/vector/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/bazarr/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/bazarr/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/bazarr/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/bazarr/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/jellyseerr/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/jellyseerr/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/jellyseerr/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/kustomization.yaml (90%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/lidarr/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/lidarr/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/lidarr/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/lidarr/volume.yaml (100%) rename {cluster/apps/web-tools => kubernetes/cluster-0/apps/media-automation}/music-transcode/cronjob.yaml (90%) rename {cluster/apps/web-tools => kubernetes/cluster-0/apps/media-automation}/music-transcode/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/prowlarr/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/prowlarr/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/prowlarr/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/prowlarr/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/radarr/helm-release.yaml (99%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/radarr/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/radarr/scripts/pushover-notify.sh (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/radarr/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/radarr/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/readarr/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/readarr/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/readarr/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/readarr/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/recyclarr/config/recyclarr.yaml (97%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/recyclarr/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/recyclarr/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/recyclarr/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/sonarr/helm-release.yaml (99%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/sonarr/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/sonarr/scripts/pushover-notify.sh (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/sonarr/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-automation/sonarr/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/calibre-web/helm-release.yaml (92%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/calibre-web/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/calibre-web/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/calibre/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/calibre/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/calibre/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/jellyfin/helm-release.yaml (97%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/jellyfin/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/jellyfin/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/komga/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/komga/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/komga/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/lychee/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/lychee/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/lychee/patches/postgres.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/lychee/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/lychee/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/media-browser/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/media-browser/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/media-browser/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/navidrome/helm-release.yaml (96%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/navidrome/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/media-servers/navidrome/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/grafana/dashboards/home-assistant.json (100%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/grafana/dashboards/homelab-temperatures.json (100%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/grafana/dashboards/truenas.json (100%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/grafana/helm-release.yaml (99%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/grafana/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/grafana/secrets.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/healthchecks/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/healthchecks/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/healthchecks/patches/env.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/healthchecks/patches/postgres.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/healthchecks/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/kube-prometheus-stack/helm-release.yaml (99%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/kube-prometheus-stack/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/thanos/helm-release.yaml (99%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/thanos/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/thanos/readme.md (100%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/thanos/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/uptime-kuma/helm-release.yaml (97%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/uptime-kuma/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/monitoring/uptime-kuma/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/namespaces.yaml (61%) rename {cluster => kubernetes/cluster-0}/apps/networking/cert-manager/certificates/helm-release.yaml (97%) rename {cluster => kubernetes/cluster-0}/apps/networking/cert-manager/certificates/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/networking/cert-manager/helm-release.yaml (96%) rename {cluster => kubernetes/cluster-0}/apps/networking/cert-manager/issuers/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/networking/cert-manager/issuers/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/networking/cert-manager/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/networking/cert-manager/prometheus-rule.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/networking/cert-manager/rbac.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/networking/cert-manager/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/networking/cert-manager/webhook-ovh/helm-release.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/networking/cert-manager/webhook-ovh/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/networking/cert-manager/webhook-ovh/rbac.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/networking/external-dns/helm-release.yaml (97%) rename {cluster => kubernetes/cluster-0}/apps/networking/external-dns/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/networking/external-dns/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/networking/ingress-nginx/helm-release.yaml (96%) rename {cluster => kubernetes/cluster-0}/apps/networking/ingress-nginx/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/networking/k8s-gateway/helm-release.yaml (66%) rename {cluster => kubernetes/cluster-0}/apps/networking/k8s-gateway/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/networking/kustomization.yaml (89%) rename {cluster => kubernetes/cluster-0}/apps/networking/smtp-relay/helm-release.yaml (96%) rename {cluster => kubernetes/cluster-0}/apps/networking/smtp-relay/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/networking/smtp-relay/maddy.conf (100%) rename {cluster => kubernetes/cluster-0}/apps/networking/smtp-relay/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/networking/unifi/helm-release.yaml (96%) rename {cluster => kubernetes/cluster-0}/apps/networking/unifi/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/networking/unifi/volume.yaml (100%) rename {cluster/apps/storage/kopia-web => kubernetes/cluster-0/apps/storage/kopia-kube}/config/repository.config (99%) rename {cluster/apps/storage/kopia-web => kubernetes/cluster-0/apps/storage/kopia-kube}/helm-release.yaml (98%) rename {cluster/apps/storage/kopia-web => kubernetes/cluster-0/apps/storage/kopia-kube}/kustomization.yaml (88%) create mode 100644 kubernetes/cluster-0/apps/storage/kopia/kopia-kube/config/repository.config create mode 100644 kubernetes/cluster-0/apps/storage/kopia/kopia-kube/helm-release.yaml create mode 100644 kubernetes/cluster-0/apps/storage/kopia/kopia-kube/kustomization.yaml create mode 100644 kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/config/repository.config create mode 100644 kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/helm-release.yaml create mode 100644 kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/kustomization.yaml rename {cluster/core/rook-ceph/snapshot-controller => kubernetes/cluster-0/apps/storage/kopia}/kustomization.yaml (67%) rename {cluster => kubernetes/cluster-0}/apps/storage/kustomization.yaml (65%) rename {cluster/apps/storage/resilio-sync-claude => kubernetes/cluster-0/apps/storage/resilio-sync/claude}/config/sync.conf (100%) rename {cluster/apps/storage/resilio-sync-claude => kubernetes/cluster-0/apps/storage/resilio-sync/claude}/helm-release.yaml (86%) rename {cluster/apps/storage/resilio-sync-claude => kubernetes/cluster-0/apps/storage/resilio-sync/claude}/kustomization.yaml (85%) rename {cluster/apps/storage/resilio-sync-claude => kubernetes/cluster-0/apps/storage/resilio-sync/claude}/volume.yaml (76%) rename {cluster/apps/storage/resilio-sync-helene => kubernetes/cluster-0/apps/storage/resilio-sync/helene}/config/sync.conf (100%) rename {cluster/apps/storage/resilio-sync-helene => kubernetes/cluster-0/apps/storage/resilio-sync/helene}/helm-release.yaml (86%) rename {cluster/apps/storage/resilio-sync-helene => kubernetes/cluster-0/apps/storage/resilio-sync/helene}/kustomization.yaml (85%) rename {cluster/apps/storage/resilio-sync-helene => kubernetes/cluster-0/apps/storage/resilio-sync/helene}/volume.yaml (76%) rename {cluster/apps/web-tools/whoogle => kubernetes/cluster-0/apps/storage/resilio-sync}/kustomization.yaml (78%) rename {cluster => kubernetes/cluster-0}/apps/storage/smartctl-exporter/helm-release.yaml (93%) rename {cluster/apps/networking/tigera-operator => kubernetes/cluster-0/apps/storage/smartctl-exporter}/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/storage/truecommand/helm-release.yaml (97%) rename {cluster => kubernetes/cluster-0}/apps/storage/truecommand/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/storage/truecommand/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/freshrss/helm-release.yaml (97%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/freshrss/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/freshrss/patches/postgres.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/freshrss/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/freshrss/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/homer-code/helm-release.yaml (98%) rename {cluster/apps/storage/smartctl-exporter => kubernetes/cluster-0/apps/web-tools/homer-code}/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/homer/helm-release.yaml (97%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/homer/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/homer/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/invidious/config/config.yml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/invidious/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/invidious/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/invidious/patches/postgres.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/joplin/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/joplin/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/joplin/patches/postgres.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/joplin/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/kustomization.yaml (93%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/libreddit/helm-release.yaml (92%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/libreddit/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/nitter/config/config.yml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/nitter/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/nitter/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/readme.md (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/sharry/config/sharry.conf (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/sharry/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/sharry/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/sharry/patches/postgres.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/tandoor/config/nginx-config (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/tandoor/helm-release.yaml (97%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/tandoor/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/tandoor/patches/env.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/tandoor/patches/postgres.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/tandoor/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/tandoor/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/theme-park/helm-release.yaml (98%) rename {cluster/apps/web-tools/homer-code => kubernetes/cluster-0/apps/web-tools/theme-park}/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/vaultwarden/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/vaultwarden/kustomization.yaml (91%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/vaultwarden/patches/postgres.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/vaultwarden/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/vaultwarden/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/vikunja/config/Caddyfile (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/vikunja/helm-release.yaml (99%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/vikunja/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/vikunja/patches/postgres.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/vikunja/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/vikunja/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/wallabag/helm-release.yaml (98%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/wallabag/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/wallabag/patches/env.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/wallabag/patches/postgres.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/wallabag/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/wallabag/volume.yaml (100%) rename {cluster => kubernetes/cluster-0}/apps/web-tools/whoogle/helm-release.yaml (98%) rename {cluster/apps/web-tools/theme-park => kubernetes/cluster-0/apps/web-tools/whoogle}/kustomization.yaml (100%) create mode 100644 kubernetes/cluster-0/core/cilium/configmap.yaml rename {cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans => kubernetes/cluster-0/core/cilium}/kustomization.yaml (65%) rename {cluster => kubernetes/cluster-0}/core/flux-system/kustomization.yaml (89%) rename {cluster => kubernetes/cluster-0}/core/flux-system/notifications/alert-manager/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/core/flux-system/notifications/alert-manager/notification.yaml (100%) rename {cluster => kubernetes/cluster-0}/core/flux-system/notifications/github/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/core/flux-system/notifications/github/notification.yaml (100%) rename {cluster => kubernetes/cluster-0}/core/flux-system/notifications/github/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/core/flux-system/notifications/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/core/flux-system/pod-monitor.yaml (100%) rename {cluster => kubernetes/cluster-0}/core/flux-system/prometheus-rule.yaml (100%) create mode 100644 kubernetes/cluster-0/core/flux-system/weave-gitops/helm-release.yaml create mode 100644 kubernetes/cluster-0/core/flux-system/weave-gitops/kustomization.yaml create mode 100644 kubernetes/cluster-0/core/flux-system/weave-gitops/secret.sops.yaml rename {cluster => kubernetes/cluster-0}/core/flux-system/webhook/github/ingress.yaml (100%) rename {cluster => kubernetes/cluster-0}/core/flux-system/webhook/github/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/core/flux-system/webhook/github/receiver.yaml (100%) rename {cluster => kubernetes/cluster-0}/core/flux-system/webhook/github/secret.sops.yaml (100%) rename {cluster => kubernetes/cluster-0}/core/flux-system/webhook/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/core/kustomization.yaml (90%) rename {cluster => kubernetes/cluster-0}/core/rook-ceph/cluster/helm-release.yaml (59%) rename {cluster => kubernetes/cluster-0}/core/rook-ceph/cluster/kustomization.yaml (100%) rename {cluster => kubernetes/cluster-0}/core/rook-ceph/kustomization.yaml (72%) rename {cluster => kubernetes/cluster-0}/core/rook-ceph/namespace.yaml (100%) rename {cluster => kubernetes/cluster-0}/core/rook-ceph/operator/helm-release.yaml (90%) rename {cluster => kubernetes/cluster-0}/core/rook-ceph/operator/kustomization.yaml (100%) create mode 100644 kubernetes/cluster-0/core/rook-ceph/rook-toolbox/deployment.yaml rename {cluster/core/rook-ceph/rook-direct-mount => kubernetes/cluster-0/core/rook-ceph/rook-toolbox}/kustomization.yaml (100%) create mode 100644 kubernetes/flux/flux-cluster.yaml rename {cluster/flux/flux-system => kubernetes/flux}/flux-installation.yaml (100%) rename {cluster/flux/flux-system => kubernetes/flux}/flux-prereqs.yaml (100%) rename {cluster/flux/flux-system => kubernetes/flux}/kustomization.yaml (84%) rename {hack => kubernetes/tools}/kopia-restore.yaml (100%) create mode 100644 kubernetes/tools/wipe-rook.yaml delete mode 100644 server/README.md delete mode 100644 server/pxe/grub/grub.cfg delete mode 100644 server/pxe/nodes/1c:69:7a:01:28:ae.conf delete mode 100644 server/pxe/nodes/1c:69:7a:0d:0e:e9.conf delete mode 100644 server/pxe/nodes/1c:69:7a:0f:9f:ab.conf delete mode 100644 server/pxe/nodes/f4:4d:30:69:76:2d.conf delete mode 100644 server/pxe/nodes/k3s-server/meta-data delete mode 100644 server/pxe/nodes/k3s-server/user-data delete mode 100644 server/pxe/nodes/k3s-worker1/meta-data delete mode 100644 server/pxe/nodes/k3s-worker1/user-data delete mode 100644 server/pxe/nodes/k3s-worker2/meta-data delete mode 100644 server/pxe/nodes/k3s-worker2/user-data delete mode 100644 server/pxe/nodes/k3s-worker3/meta-data delete mode 100644 server/pxe/nodes/k3s-worker3/user-data delete mode 100644 server/pxe/pxe.conf delete mode 100644 talos/talconfig.yaml diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 963a4c51c..94d57b47a 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -32,18 +32,18 @@ "fileMatch": ["ansible/.+/docker-compose.*\\.ya?ml(\\.j2)?$"] }, "flux": { - "fileMatch": ["cluster/.+\\.ya?ml$"] + "fileMatch": ["kubernetes/.+\\.ya?ml$"] }, "helm-values": { - "fileMatch": ["cluster/.+\\.ya?ml$"] + "fileMatch": ["kubernetes/.+\\.ya?ml$"] }, "kubernetes": { - "fileMatch": ["cluster/.+\\.ya?ml$"] + "fileMatch": ["kubernetes/.+\\.ya?ml$"] }, "regexManagers": [ { "description": "Process CRD dependencies", - "fileMatch": ["cluster/.+\\.ya?ml$"], + "fileMatch": ["kubernetes/.+\\.ya?ml$"], "matchStrings": [ // GitRepository where 'Git release/tag' matches 'Helm' version "registryUrl=(?\\S+) chart=(?\\S+)\n.*?(?[^-\\s]*)\n", @@ -54,7 +54,10 @@ }, { "description": "Process various dependencies", - "fileMatch": ["ansible/.+\\.ya?ml$", "cluster/.+\\.ya?ml$"], + "fileMatch": [ + "infrastructure/ansible/.+\\.ya?ml$", + "kubernetes/.+\\.ya?ml$" + ], "matchStrings": [ "datasource=(?\\S+) depName=(?\\S+)( versioning=(?\\S+))?\n.*?\"(?.*)\"\n" ], @@ -63,7 +66,7 @@ }, { "description": "Process raw GitHub URLs", - "fileMatch": ["cluster/.+\\.ya?ml$"], + "fileMatch": ["kubernetes/.+\\.ya?ml$"], "matchStrings": [ "https:\\/\\/raw.githubusercontent.com\\/(?[\\w\\d\\-_]+\\/[\\w\\d\\-_]+)\\/(?[\\w\\d\\.\\-_]+)\\/.*" ], @@ -86,13 +89,15 @@ { "matchDatasources": ["docker"], "versioning": "loose", - "matchPackageNames": ["ghcr.io/onedr0p/qbittorrent", "docker.io/zedeus/nitter", "quay.io/invidious/invidious"] + "matchPackageNames": [ + "ghcr.io/onedr0p/qbittorrent", + "docker.io/zedeus/nitter", + "quay.io/invidious/invidious" + ] }, { "matchDatasources": ["docker"], - "matchPackageNames": [ - "ghcr.io/linuxserver/calibre" - ], + "matchPackageNames": ["ghcr.io/linuxserver/calibre"], "versioning": "regex:^version-v?(?\\d+)\\.(?\\d+)\\.(?\\d+)$" } ] diff --git a/.github/renovate/autoMerge.json5 b/.github/renovate/autoMerge.json5 index e897eb0b9..84bb93fcc 100644 --- a/.github/renovate/autoMerge.json5 +++ b/.github/renovate/autoMerge.json5 @@ -18,6 +18,15 @@ "matchUpdateTypes": ["minor", "patch"], "matchPackageNames": ["ghcr.io/onedr0p/prowlarr-nightly"] }, + { + "description": "Auto merge containers (patch only)", + "matchDatasources": ["docker"], + "automerge": true, + "automergeType": "branch", + "requiredStatusChecks": null, + "matchUpdateTypes": ["patch"], + "matchPackageNames": ["ghcr.io/auricom/kubectl"] + }, { "description": "Auto merge GitHub Actions", "matchDatasources": ["github-tags"], diff --git a/.sops.yaml b/.sops.yaml index 9ce925ea6..5cef33cc8 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,15 +1,20 @@ creation_rules: - - path_regex: cluster/.*\.sops\.ya?ml - encrypted_regex: "^(data|stringData)$" - key_groups: - - age: - - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - - path_regex: ansible/.*\.sops\.ya?ml - unencrypted_regex: "^(kind)$" - key_groups: - - age: - - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - - path_regex: cluster/.*\.sops\.toml - key_groups: - - age: - - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + - path_regex: kubernetes/.*\.sops\.ya?ml + encrypted_regex: ^(data|stringData)$ + key_groups: + - age: + - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + - path_regex: kubernetes/.*\.sops\.toml + key_groups: + - age: + - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + - path_regex: infrastructure/ansible/.*\.sops\.ya?ml + unencrypted_regex: ^(kind)$ + key_groups: + - age: + - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + - path_regex: .*\.sops\.ya?ml + key_groups: + - age: + - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + diff --git a/.taskfiles/kopia.yaml b/.taskfiles/kopia.yaml index 809fc8f7e..58f057887 100644 --- a/.taskfiles/kopia.yaml +++ b/.taskfiles/kopia.yaml @@ -12,8 +12,8 @@ x-preconditions: &preconditions msg: "Claim '{{.CLAIM}}' in namespace '{{.NAMESPACE}}' not found" sh: kubectl get pvc -n {{.NAMESPACE}} {{.CLAIM}} - &has-restore-job-file - msg: "File '{{.PROJECT_DIR}}/hack/kopia-restore.yaml' not found" - sh: "test -f {{.PROJECT_DIR}}/hack/kopia-restore.yaml" + msg: "File '{{.PROJECT_DIR}}/kubernetes/tools/kopia-restore.yaml' not found" + sh: "test -f {{.PROJECT_DIR}}/kubernetes/tools/kopia-restore.yaml" x-vars: &vars NAMESPACE: @@ -54,7 +54,7 @@ tasks: - flux -n {{.NAMESPACE}} suspend helmrelease {{.APP}} - kubectl -n {{.NAMESPACE}} scale {{.NAME}} --replicas 0 - kubectl -n {{.NAMESPACE}} wait pod --for delete --selector="app.kubernetes.io/name={{.APP}}" --timeout=2m - - envsubst < <(cat ./hack/kopia-restore.yaml) | kubectl apply -f - + - envsubst < <(cat ./kubernetes/tools/kopia-restore.yaml) | kubectl apply -f - - sleep 2 - kubectl -n {{.NAMESPACE}} wait job --for condition=complete {{.APP}}-{{.CLAIM}}-restore --timeout={{.TIMEOUT | default "60m"}} - flux -n {{.NAMESPACE}} resume helmrelease {{.APP}} diff --git a/ansible/inventory/group_vars/all/calico.yml b/ansible/inventory/group_vars/all/calico.yml deleted file mode 100644 index 32d1a7e75..000000000 --- a/ansible/inventory/group_vars/all/calico.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# -- Encapsulation type -calico_encapsulation: "None" -# -- BGP Peer IP -# -- (usually your router IP address) -calico_bgp_peer_ip: 192.168.8.1 -# -- BGP Autonomous System Number -# -- (must be the same across all BGP peers) -calico_bgp_as_number: 64512 -# -- BGP Network you want services to consume -# -- (this network should not exist or be defined anywhere in your network) -calico_bgp_external_ips: 192.168.169.0/24 -# -- CIDR of the host node interface Calico should use -calico_node_cidr: 10.69.0.0/16 diff --git a/ansible/inventory/group_vars/all/k3s.yml b/ansible/inventory/group_vars/all/k3s.yml deleted file mode 100644 index 79560c939..000000000 --- a/ansible/inventory/group_vars/all/k3s.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -# -# Below vars are for the xanmanning.k3s role -# ...see https://github.com/PyratLabs/ansible-role-k3s#globalcluster-variables -# - -# Use a specific version of k3s -# renovate: datasource=github-releases depName=k3s-io/k3s -k3s_release_version: "v1.25.3+k3s1" - -# -- Install using hard links rather than symbolic links. -# ...if you are using the system-upgrade-controller you will need to -# use hard links rather than symbolic links as the controller will -# not be able to follow symbolic links. -k3s_install_hard_links: true - -# -- Escalate user privileges for all tasks. -k3s_become: true - -# -- Enable debugging -k3s_debug: false - -# -- Enabled embedded etcd -# k3s_etcd_datastore: false - -# -- Enable for single or even number of masters -k3s_use_unsupported_config: false - -# -- /var/lib/rancher/k3s/server/manifests -k3s_server_manifests_templates: - - "calico/calico-installation.yaml.j2" - - "calico/calico-bgpconfiguration.yaml.j2" - - "calico/calico-bgppeer.yaml.j2" - -# -- /var/lib/rancher/k3s/server/manifests -k3s_server_manifests_urls: - - url: https://docs.projectcalico.org/archive/v3.24/manifests/tigera-operator.yaml - filename: tigera-operator.yaml - -# -- /etc/rancher/k3s/registries.yaml -# k3s_registries: -# mirrors: -# "docker.io": -# endpoint: -# - "https://mirror.{{ SECRET_PRIVATE_DOMAIN }}" -# "*": -# endpoint: -# - "https://mirror.{{ SECRET_PRIVATE_DOMAIN }}" -# config: -# "https://registry.{{ SECRET_PRIVATE_DOMAIN }}": -# auth: -# username: "{{ SECRET_NEXUS_USERNAME }}" -# password: "{{ SECRET_NEXUS_PASSWORD }}" - -timezone: Europe/Paris - -public_ssh_keys: - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora" - -packages: - - "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm" - - "https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-{{ ansible_distribution_major_version }}.noarch.rpm" - - dnf-automatic - - dnf-plugin-system-upgrade - - dnf-utils - - fish - - hdparm - - htop - - intel-gpu-tools - - ipvsadm - - lm_sensors - - nano - - nvme-cli - - python3-libselinux - - socat - - cockpit-pcp - -k3s_registration_address: 192.168.9.100 diff --git a/ansible/inventory/group_vars/master/k3s.yml b/ansible/inventory/group_vars/master/k3s.yml deleted file mode 100644 index 69c8d236e..000000000 --- a/ansible/inventory/group_vars/master/k3s.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- -# https://rancher.com/docs/k3s/latest/en/installation/install-options/server-config/ -# https://github.com/PyratLabs/ansible-role-k3s#server-control-plane-configuration - -# Define the host as control plane nodes -k3s_control_node: true - -k3s_etcd_datastore: false - -# k3s settings for all control-plane nodes -k3s_server: - node-ip: "{{ ansible_host }}" - tls-san: - # # kube-vip - # - "{{ kubevip_address }}" - # haproxy - - "{{ k3s_registration_address }}" - docker: false - flannel-backend: "none" # This needs to be in quotes - disable: - - flannel - - traefik - - servicelb - - metrics-server - - local-storage - disable-network-policy: true - disable-cloud-controller: true - # Network CIDR to use for pod IPs - cluster-cidr: "10.95.0.0/16" - # Network CIDR to use for service IPs - service-cidr: "10.96.0.0/16" - # Required to monitor component with kube-prometheus-stack - # etcd-expose-metrics: true - kubelet-arg: - # Enable Alpha/Beta features - - "feature-gates=EphemeralContainers=true,MixedProtocolLBService=true,ReadWriteOncePod=true" - # Allow pods to be rescheduled quicker in the case of a node failure - # https://github.com/k3s-io/k3s/issues/1264 - - "node-status-update-frequency=4s" - kube-controller-manager-arg: - # Enable Alpha/Beta features - - "feature-gates=EphemeralContainers=true,MixedProtocolLBService=true,ReadWriteOncePod=true" - # Required to monitor component with kube-prometheus-stack - - "bind-address=0.0.0.0" - # Allow pods to be rescheduled quicker in the case of a node failure - # https://github.com/k3s-io/k3s/issues/1264 - - "node-monitor-period=4s" - - "node-monitor-grace-period=16s" - - "pod-eviction-timeout=20s" - kube-proxy-arg: - # Enable Alpha/Beta features - - "feature-gates=EphemeralContainers=true,MixedProtocolLBService=true,ReadWriteOncePod=true" - # Required to monitor component with kube-prometheus-stack - - "metrics-bind-address=0.0.0.0" - kube-scheduler-arg: - # Enable Alpha/Beta features - - "feature-gates=EphemeralContainers=true,MixedProtocolLBService=true,ReadWriteOncePod=true" - # Required to monitor component with kube-prometheus-stack - - "bind-address=0.0.0.0" - kube-apiserver-arg: - # Enable Alpha/Beta features - - "feature-gates=EphemeralContainers=true,MixedProtocolLBService=true,ReadWriteOncePod=true" - # Required for HAProxy health-checks - - "anonymous-auth=true" - # Allow pods to be rescheduled quicker in the case of a node failure - # https://github.com/k3s-io/k3s/issues/1264 - - "default-not-ready-toleration-seconds=20" - - "default-unreachable-toleration-seconds=20" - # Stop k3s control plane having workloads scheduled on them - node-taint: - - "node-role.kubernetes.io/control-plane:NoSchedule" - node-label: - - "upgrade.cattle.io/plan=k3s-server" diff --git a/ansible/inventory/group_vars/worker/k3s.yml b/ansible/inventory/group_vars/worker/k3s.yml deleted file mode 100644 index 9b300015d..000000000 --- a/ansible/inventory/group_vars/worker/k3s.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# https://rancher.com/docs/k3s/latest/en/installation/install-options/agent-config/ -# https://github.com/PyratLabs/ansible-role-k3s#agent-worker-configuration - -# Don't define the host as control plane nodes -k3s_control_node: false - -# k3s settings for all worker nodes -k3s_agent: - node-ip: "{{ ansible_host }}" - kubelet-arg: - # Enable Alpha/Beta features - - "feature-gates=EphemeralContainers=true,MixedProtocolLBService=true,ReadWriteOncePod=true" - # Allow pods to be rescheduled quicker in the case of a node failure - # https://github.com/k3s-io/k3s/issues/1264 - - "node-status-update-frequency=4s" - - "max-pods=150" - node-label: - - "upgrade.cattle.io/plan=k3s-agent" diff --git a/ansible/inventory/host_vars/k3s-master.sops.yaml b/ansible/inventory/host_vars/k3s-master.sops.yaml deleted file mode 100644 index 4a22c00b2..000000000 --- a/ansible/inventory/host_vars/k3s-master.sops.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: Secret -ansible_password: ENC[AES256_GCM,data:NTaCi8mqE7kAQA==,iv:yfHBgrBCf2CqWPyuVTKSwH/WUy6bkgiSoyL4hWQHG7s=,tag:e3311IReXe0RHGgttNg3pg==,type:str] -ansible_become_pass: ENC[AES256_GCM,data:ChsZxKZ1qvICFA==,iv:vuc4eZG4Ls2CiSP/vLazCy/sZkiPjjpGPZr97CvIoX4=,tag:onYhcvFkmAMN6PTFSp0Ikg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5azdoWUV2SWdxaDl1NXVF - U1pvRjBncEpzM2E4TEs1MGlRbTRseG1zS0dNCnF6QmRmNU1iZ0J5K28rSlB4emFF - ODlnU1lXVFZrTHlyTEg5VlFXUERJNGcKLS0tIGhMQUhsa0xaUVU0RTRpbkx0Vk5r - NjJBcHVOSmUvNkt3b3I3dmJwTlJWS3MKw/hRA/oh1fiWts2aqbzTV3TTTcnSk3mi - fsw9jQF3QRL5PGbdT6iz7j58IokV32ilJubQHtfrxus29hd/qAn0yQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-07-03T14:40:36Z" - mac: ENC[AES256_GCM,data:c5yyBdFVs1wqDe8nsQOLeSzFv4QJ2n+VbrSf0dP5oW8593WBcdI8fXn9Q8fdY+wN2BOLn5vRdXBx7btlw0OrEIOOZ/Wz9tUxqIEUFZU6tT4TIB9g5jEqMgs2eKJmgLUoW/fcPC6QJ8ATApF6y8lI4RIV2LOItqK4AUpiVy4E2SU=,iv:kfrYGRaKY37OEl8ilrFFkRkItHpz/1VuAgWimjhujGA=,tag:STGaUOdwNlOAMcbU3Po1HQ==,type:str] - pgp: [] - unencrypted_regex: ^(kind)$ - version: 3.7.3 diff --git a/ansible/inventory/host_vars/k3s-worker1.sops.yaml b/ansible/inventory/host_vars/k3s-worker1.sops.yaml deleted file mode 100644 index 7c5c64e08..000000000 --- a/ansible/inventory/host_vars/k3s-worker1.sops.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: Secret -ansible_password: ENC[AES256_GCM,data:AihMvIUjgEpCjg==,iv:Bk9uFrbhOvlQvoYaJz+JhtMJTAiQ0u9TcaS8eKO0+fE=,tag:R2sLCjH/my9kcsu4Ddg9jg==,type:str] -ansible_become_pass: ENC[AES256_GCM,data:nR/Wkn8NqM3vaA==,iv:iV8c6Qg59qKtHoaQReUTX+KDB+iSboxpSM/K8+gcZvQ=,tag://89MQ4jmQPib/D595YTbA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlZSs4aVZ5VGdyVllEMXl3 - c2NGS2d0dkd4NVZlSVlBd2V3RVEzQ2FiaHlrCld0SkNKUjcvRHNEQ1dZZFUzM014 - ejd5QW5uUzJmMERLR2h4R2M3UmdKWU0KLS0tIFdYOStkVG40TXIzVjRkK0RzZStj - UmhGcmVidTVKbWQ5VVpHSklYN2NyWGMKsfv/KG02qk3EJoNJQ9HNl1iyfyic6Puf - 5owrc62PfohWnLVQby9SaVK80PJVaMRU/kcHIJvbt1Iv2f47qpKczg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-07-03T14:40:40Z" - mac: ENC[AES256_GCM,data:6BqgWJTOzQKwu6Mr7/2WemzOmFNnIilSLH9LPG01UtvaO7FnOQXV1ezgYntKdSXGJWza/pvvqDURaBT7O7Rwv5kR25B6Fo3XWdVSuTLf+N4fGnWKiINaa6UjZhosm5KLs7VB0I3eiBTcHrxqb9jupgPkUErwy0H0LT8yLYRGpe8=,iv:kXeAB7zUoZoZPgEntWV80DNKSEiFiH4xQtbYpStO36U=,tag:gWusG9MGl+bYcjYfQGMbWA==,type:str] - pgp: [] - unencrypted_regex: ^(kind)$ - version: 3.7.3 diff --git a/ansible/inventory/host_vars/k3s-worker2.sops.yaml b/ansible/inventory/host_vars/k3s-worker2.sops.yaml deleted file mode 100644 index 79d6996e4..000000000 --- a/ansible/inventory/host_vars/k3s-worker2.sops.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: Secret -ansible_password: ENC[AES256_GCM,data:495JSVNY5Rn0hg==,iv:ZvJb1M4Ys8FkQpekm5jnGWKE5q63Z44OUhhtYWsJUvQ=,tag:KxgvJbsEMsdYu59yCOCjMg==,type:str] -ansible_become_pass: ENC[AES256_GCM,data:O8lTma7A2n6+5g==,iv:ggmSecFPtTI9vy81of5I6AHnRX2YWOw0VtVldv4PZmo=,tag:IfIuN8xcKHBF6Ojlmki5Tw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0d21nNHZQRkloNnd1M2xF - RlJCUzBZK04rQ1RSa0hFSXUrVTlzK0V1dEdjCkg0ZnVJNGJOZjN3RlZ2RGRmRFdV - akRPQzhwN3NqNHJlK0o1VVFncDVnd1kKLS0tIDhhRGlhNXJmanM5amR6eHZERElj - RndiYkJFaWZuUmVIU3JwSWYzTFZlS3cKHFe4yce/091eEvtrSBYggNgyO88eHA4s - 3TvjHmS7tLv7BnBAT9LLcQVSIW0UOszzF3PvVWIqFqzB/wn0j370kw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-07-03T14:40:42Z" - mac: ENC[AES256_GCM,data:qFIsrbqI+c3fe88H40KkWhwOnZ2aePoorpfxeTjhBtPviT4jBMvIGYZKULCehcdULNMxe7QWuPWsdYY/o5ruqZC49/OrV9qI0XVU6gdiCsM1jcXXiyFkVFfMoMhj5c5yAIMoUKRWbZe2kFtJxaG7ng8VusMgCc9f7LofWiFToVo=,iv:BI2hEL/AsaZoZ4RL7QNy4vins877XgZwxCdJ0ciFEUo=,tag:7tOEfmkFEApTy5wIgJLEBA==,type:str] - pgp: [] - unencrypted_regex: ^(kind)$ - version: 3.7.3 diff --git a/ansible/inventory/host_vars/k3s-worker3.sops.yaml b/ansible/inventory/host_vars/k3s-worker3.sops.yaml deleted file mode 100644 index 800eee362..000000000 --- a/ansible/inventory/host_vars/k3s-worker3.sops.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: Secret -ansible_password: ENC[AES256_GCM,data:n0ASYgah4hAFvw==,iv:P0OPjAGh4AWkw0HUpBNEom6twa3sAXsh0Ei+2UDj/qo=,tag:GNcmaw2BQr5TV755NL/0vw==,type:str] -ansible_become_pass: ENC[AES256_GCM,data:a2wZnzPgf91HvQ==,iv:8wIjFmwSkYZIZmLLhvZTG1EnMmNffuSoPkpao6Kk9wI=,tag:gta1yPH1tRzBdViIO9WOAg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQL2pJWVRDU0lBVVgxNkd6 - MStqdFRFNGdwTEpUWUxEaVVMUVBkY2RXWFUwCmJmbGZnMzVPZjhQMWh0eWhybXdi - K1FIa1YrNDZjMnhONDBiSEFtTW80WlkKLS0tIHJJTFpINUowclNUZXVsa2I1Vjdw - NkhyZm5SVnlBYWxlajh6NjV0OVBCSE0Kl6ovgsGkzq4XetwG5b77mvztpa3bD5ej - mWlPbSV66yw4eENVuDtZRX5/lrnbW7EqkwjfGoEJ9YGA7ya0G6IVQw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-07-03T14:40:44Z" - mac: ENC[AES256_GCM,data:/AA8sbAxsYhGAad8/ymYq0YgzwmNvnnwK+p9J7+NUpFC9YGWwuR/dV8oxKzqOs/zEzFTwyBTvOrGeQ59xyJ/Id/xSt5Av0FTmrOXQxFwIOsMUsH5RP8khQpp9yO1c2cvxwNLi1oWGzLLE63Zl2JwutQdTVH0KgibPhtdL0sV8eQ=,iv:rTpWgrMAZrCymFqKGcEGOyQJdPAw/SmeW8vdVNX/Ptg=,tag:rlg3dcQhVwcXUKkEc4Jdww==,type:str] - pgp: [] - unencrypted_regex: ^(kind)$ - version: 3.7.3 diff --git a/ansible/playbooks/cluster-installation.yml b/ansible/playbooks/cluster-installation.yml deleted file mode 100644 index 7fe77ded1..000000000 --- a/ansible/playbooks/cluster-installation.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- -- hosts: - - master - - worker - become: true - gather_facts: true - any_errors_fatal: true - pre_tasks: - - name: Pausing for 5 seconds... - ansible.builtin.pause: - seconds: 5 - tasks: - - name: Check if cluster is installed - check_mode: false - ansible.builtin.stat: - path: "/etc/rancher/k3s/config.yaml" - register: k3s_check_installed - - - name: Set manifest facts - ansible.builtin.set_fact: - k3s_server_manifests_templates: [] - k3s_server_manifests_urls: [] - when: k3s_check_installed.stat.exists - - - name: Install Kubernetes - ansible.builtin.include_role: - name: xanmanning.k3s - public: true - vars: - k3s_state: installed - - - name: Get absolute path to this Git repository - delegate_to: localhost - become: false - run_once: true - check_mode: false - ansible.builtin.command: |- - git rev-parse --show-toplevel - register: repo_abs_path - changed_when: "repo_abs_path.rc != 2" - - - name: Copy kubeconfig to provision folder - run_once: true - ansible.builtin.fetch: - src: "/etc/rancher/k3s/k3s.yaml" - dest: "{{ repo_abs_path.stdout }}/provision/kubeconfig" - flat: true - when: - - k3s_control_node is defined - - k3s_control_node - - - name: Update kubeconfig with the correct IPv4 address - delegate_to: localhost - become: false - run_once: true - ansible.builtin.replace: - path: "{{ repo_abs_path.stdout }}/provision/kubeconfig" - regexp: "https://127.0.0.1:6443" - replace: "https://{{ k3s_registration_address }}:6443" - - # Cleaning up the manifests from the /var/lib/rancher/k3s/server/manifests - # directory is needed because k3s has an awesome - # "feature" to always deploy these on restarting - # the k3s systemd service. Removing them does - # not uninstall the manifests. - - # Removing them means we can manage the lifecycle - # of these components outside of the - # /var/lib/rancher/k3s/server/manifests directory - - # FIXME(ansible): Check for deployments to be happy rather than waiting - - name: Wait for k3s to finish installing the deployed manifests - ansible.builtin.wait_for: - timeout: 15 - when: k3s_server_manifests_templates | length > 0 - or k3s_server_manifests_dir | length > 0 - - - name: Remove deployed manifest templates - ansible.builtin.file: - path: "{{ k3s_server_manifests_dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}" - state: absent - loop: "{{ k3s_server_manifests_templates | default([]) }}" - - - name: Remove deployed manifest urls - ansible.builtin.file: - path: "{{ k3s_server_manifests_dir }}/{{ item.filename }}" - state: absent - loop: "{{ k3s_server_manifests_urls | default([]) }}" diff --git a/ansible/playbooks/cluster-nuke.yml b/ansible/playbooks/cluster-nuke.yml deleted file mode 100644 index eada19707..000000000 --- a/ansible/playbooks/cluster-nuke.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- hosts: - - master - - worker - become: true - gather_facts: true - any_errors_fatal: true - vars_prompt: - - name: nuke - prompt: |- - Are you sure you want to nuke this cluster? - Type YES I WANT TO DESTROY THIS CLUSTER to proceed - default: "n" - private: false - pre_tasks: - - name: Check for confirmation - ansible.builtin.fail: - msg: Aborted nuking the cluster - when: nuke != 'YES I WANT TO DESTROY THIS CLUSTER' - - - name: Pausing for 5 seconds... - ansible.builtin.pause: - seconds: 5 - tasks: - - name: Uninstall k3s - ansible.builtin.include_role: - name: xanmanning.k3s - public: true - vars: - k3s_state: uninstalled - - name: Gather list of CNI files - ansible.builtin.find: - paths: /etc/cni/net.d - patterns: "*" - hidden: true - register: directory_contents - - name: Delete CNI files - ansible.builtin.file: - path: "{{ item.path }}" - state: absent - loop: "{{ directory_contents.files }}" diff --git a/ansible/playbooks/cluster-prepare.yml b/ansible/playbooks/cluster-prepare.yml deleted file mode 100644 index 43e121f87..000000000 --- a/ansible/playbooks/cluster-prepare.yml +++ /dev/null @@ -1,184 +0,0 @@ ---- -- hosts: - - master - - worker - become: true - gather_facts: true - serial: 1 - any_errors_fatal: true - pre_tasks: - - name: Pausing for 5 seconds... - ansible.builtin.pause: - seconds: 5 - tasks: - - name: Locale - block: - - name: Locale | Set timezone - community.general.timezone: - name: "{{ timezone | default('Europe/Paris') }}" - - name: Networking - block: - - name: Networking | Set hostname to inventory hostname - ansible.builtin.hostname: - name: "{{ inventory_hostname }}" - - name: Networking | Update /etc/hosts to include inventory hostname - ansible.builtin.blockinfile: - path: /etc/hosts - block: | - 127.0.1.1 {{ inventory_hostname }} - - name: Packages - block: - - name: Packages | Improve dnf performance - ansible.builtin.blockinfile: - path: /etc/dnf/dnf.conf - block: | - defaultyes=True - deltarpm=True - install_weak_deps=False - max_parallel_downloads={{ ansible_processor_vcpus | default('8') }} - - name: Packages | Import rpmfusion keys - ansible.builtin.rpm_key: - state: present - key: "{{ item }}" - loop: - - https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-fedora-2020 - - https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020 - - name: Packages | Install required packages - ansible.builtin.dnf: - name: "{{ packages | default([]) }}" - state: present - update_cache: true - - name: Packages | Remove leaf packages - ansible.builtin.dnf: - autoremove: true - - name: Packages | Enable automatic download of updates - ansible.builtin.systemd: - service: dnf-automatic-download.timer - enabled: true - state: started - - name: Packages | Enable cockpit - ansible.builtin.systemd: - service: cockpit.socket - enabled: true - state: started - - name: User Configuration - block: - - name: User Configuration | Change shell to fish - ansible.builtin.user: - name: "{{ item }}" - shell: /usr/bin/fish - loop: - - root - - fedora - - name: User Configuration | Disable password sudo - ansible.builtin.lineinfile: - dest: /etc/sudoers - state: present - regexp: "^%wheel" - line: "%wheel ALL=(ALL) NOPASSWD: ALL" - validate: visudo -cf %s - become: true - - name: User Configuration | Add additional SSH public keys - ansible.posix.authorized_key: - user: "{{ ansible_user }}" - key: "{{ item }}" - loop: "{{ public_ssh_keys | default([]) }}" - - name: System Configuration (1) - block: - - name: System Configuration (1) | Configure smartd - ansible.builtin.copy: - dest: /etc/smartd.conf - mode: 0644 - content: DEVICESCAN -a -o on -S on -n standby,q -s (S/../.././02|L/../../6/03) -W 4,35,40 - notify: Restart smartd - - name: System Configuration (1) | Disable firewalld - ansible.builtin.systemd: - service: firewalld.service - enabled: false - masked: true - state: stopped - - name: System Configuration (1) | Enable fstrim - ansible.builtin.systemd: - service: fstrim.timer - enabled: true - - name: System Configuration (1) | Enable chronyd - ansible.builtin.systemd: - service: chronyd - enabled: true - - name: System Configuration (2) - block: - - name: System Configuration (2) | Enable kernel modules now - community.general.modprobe: - name: "{{ item }}" - state: present - loop: [br_netfilter, overlay, rbd] - - name: System Configuration (2) | Enable kernel modules on boot - ansible.builtin.copy: - mode: 0644 - content: "{{ item }}" - dest: "/etc/modules-load.d/{{ item }}.conf" - loop: [br_netfilter, overlay, rbd] - - name: System Configuration (2) | Set sysctls - ansible.posix.sysctl: - name: "{{ item.key }}" - value: "{{ item.value }}" - sysctl_file: /etc/sysctl.d/99-kubernetes.conf - reload: true - with_dict: "{{ sysctl_config }}" - vars: - sysctl_config: - net.ipv4.ip_forward: 1 - net.ipv4.conf.all.forwarding: 1 - net.ipv4.conf.all.rp_filter: 0 - net.ipv4.conf.default.rp_filter: 0 - net.ipv6.conf.all.forwarding: 1 - net.bridge.bridge-nf-call-iptables: 1 - net.bridge.bridge-nf-call-ip6tables: 1 - fs.inotify.max_user_watches: 524288 - fs.inotify.max_user_instances: 512 - - name: System Configuration (2) | Disable swap - ansible.builtin.dnf: - name: zram-generator-defaults - state: absent - - name: System Configuration (2) | Permissive SELinux - ansible.posix.selinux: - state: permissive - policy: targeted - - name: System Configuration (2) | Disable mitigations - ansible.builtin.replace: - path: /etc/default/grub - regexp: '^(GRUB_CMDLINE_LINUX=(?:(?![" ]{{ item.key | regex_escape }}=).)*)(?:[" ]{{ item.key | regex_escape }}=\S+)?(.*")$' - replace: '\1 {{ item.key }}={{ item.value }}\2' - with_dict: "{{ grub_config }}" - vars: - grub_config: - mitigations: "off" - register: grub_status - - name: System Configuration (2) | Reconfigure grub and initramfs - ansible.builtin.command: "{{ item }}" - loop: - - grub2-mkconfig -o /boot/grub2/grub.cfg - - dracut --force --regenerate-all -v - when: grub_status.changed - - name: System Configuration (3) | NetworkManager - Calico fix - ansible.builtin.blockinfile: - path: /etc/NetworkManager/conf.d/calico.conf - create: true - block: | - [keyfile] - unmanaged-devices=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico;interface-name:vxlan-v6.calico;interface-name:wireguard.cali;interface-name:wg-v6.cali - - name: System Configuration (3) | NetworkManager - RX Ring buffer size check - ansible.builtin.command: - cmd: "cat /etc/NetworkManager/system-connections/eno1.nmconnection" - register: rx_ring_cat - changed_when: false - - name: System Configuration (3) | NetworkManager - RX Ring buffer size - ansible.builtin.command: - cmd: "nmcli connection modify eno1 ethtool.ring-rx 1024" - when: rx_ring_cat.stdout.find("ring-rx=1024") == -1 - - # notify: Reboot - handlers: - - name: Reboot - ansible.builtin.reboot: - msg: Rebooting nodes diff --git a/ansible/playbooks/cluster-reboot.yml b/ansible/playbooks/cluster-reboot.yml deleted file mode 100644 index 4f109d3ac..000000000 --- a/ansible/playbooks/cluster-reboot.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- hosts: - - master - - worker - become: true - gather_facts: true - any_errors_fatal: true - pre_tasks: - - name: Pausing for 5 seconds... - ansible.builtin.pause: - seconds: 5 - tasks: - - name: Reboot - ansible.builtin.reboot: - msg: Rebooting nodes diff --git a/ansible/playbooks/rook-nuke.yml b/ansible/playbooks/rook-nuke.yml deleted file mode 100644 index 05f5fd7ce..000000000 --- a/ansible/playbooks/rook-nuke.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- hosts: - - worker - become: true - gather_facts: true - any_errors_fatal: true - pre_tasks: - - name: Pausing for 5 seconds... - ansible.builtin.pause: - seconds: 5 - tasks: - - name: Remove /var/lib/rook - ansible.builtin.file: - state: absent - path: "/var/lib/rook" - - name: Zap the drives - ansible.builtin.shell: "sgdisk --zap-all {{ item }} || true" - register: rc - changed_when: "rc.rc != 2" - loop: - - "{{ rook_devices | default([]) }}" - - name: Remove lvm partitions - ansible.builtin.shell: "{{ item }}" - loop: - - ls /dev/mapper/ceph--* | xargs -I% -- fuser --kill % - - ls /dev/mapper/ceph--* | xargs -I% -- dmsetup clear % - - ls /dev/mapper/ceph--* | xargs -I% -- dmsetup remove -f % - - ls /dev/mapper/ceph--* | xargs -I% -- rm -rf % - register: rc - changed_when: "rc.rc != 2" - - name: Wipe the block device - ansible.builtin.command: "wipefs -af {{ item }}" - register: rc - changed_when: "rc.rc != 2" - with_items: - - "{{ rook_devices | default([]) }}" diff --git a/ansible/playbooks/templates/calico/calico-bgpconfiguration.yaml.j2 b/ansible/playbooks/templates/calico/calico-bgpconfiguration.yaml.j2 deleted file mode 100644 index 538bcff55..000000000 --- a/ansible/playbooks/templates/calico/calico-bgpconfiguration.yaml.j2 +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: crd.projectcalico.org/v1 -kind: BGPConfiguration -metadata: - name: default -spec: - asNumber: {{ calico_bgp_as_number }} - serviceExternalIPs: - - cidr: "{{ calico_bgp_external_ips }}" diff --git a/ansible/playbooks/templates/calico/calico-bgppeer.yaml.j2 b/ansible/playbooks/templates/calico/calico-bgppeer.yaml.j2 deleted file mode 100644 index bfa7cb01e..000000000 --- a/ansible/playbooks/templates/calico/calico-bgppeer.yaml.j2 +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: crd.projectcalico.org/v1 -kind: BGPPeer -metadata: - name: global -spec: - peerIP: {{ calico_bgp_peer_ip }} - asNumber: {{ calico_bgp_as_number }} diff --git a/ansible/playbooks/templates/calico/calico-installation.yaml.j2 b/ansible/playbooks/templates/calico/calico-installation.yaml.j2 deleted file mode 100644 index 386a54dfc..000000000 --- a/ansible/playbooks/templates/calico/calico-installation.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: operator.tigera.io/v1 -kind: Installation -metadata: - name: default -spec: - registry: quay.io - imagePath: calico - calicoNetwork: - # Note: The ipPools section cannot be modified post-install. - ipPools: - - blockSize: 26 - cidr: "{{ k3s_server['cluster-cidr'] }}" - encapsulation: "{{ calico_encapsulation }}" - natOutgoing: Enabled - nodeSelector: all() - nodeMetricsPort: 9091 - typhaMetricsPort: 9093 diff --git a/cluster/apps/kube-tools/system-upgrade/kustomization.yaml b/cluster/apps/kube-tools/system-upgrade/kustomization.yaml deleted file mode 100644 index d8d3d0c17..000000000 --- a/cluster/apps/kube-tools/system-upgrade/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: system-upgrade -resources: - # renovate: datasource=docker image=rancher/system-upgrade-controller - - https://github.com/rancher/system-upgrade-controller/releases/download/v0.9.1/crd.yaml - - system-upgrade-controller diff --git a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/kustomization.yaml b/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/kustomization.yaml deleted file mode 100644 index 531d6c97d..000000000 --- a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/kustomization.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - github.com/rancher/system-upgrade-controller?ref=v0.9.1 - - plans -images: - - name: rancher/system-upgrade-controller - newTag: v0.9.1 -patchesStrategicMerge: - # Delete namespace resource - - ./system-upgrade-patches.yaml - # Add labels - - |- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: system-upgrade-controller - namespace: system-upgrade - labels: - app.kubernetes.io/name: system-upgrade-controller - app.kubernetes.io/instance: system-upgrade-controller diff --git a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/agent.yaml b/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/agent.yaml deleted file mode 100644 index c7212783d..000000000 --- a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/agent.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -apiVersion: upgrade.cattle.io/v1 -kind: Plan -metadata: - name: k3s-agent - namespace: system-upgrade - labels: - k3s-upgrade: agent -spec: - # renovate: datasource=github-releases depName=k3s-io/k3s - version: "v1.25.3+k3s1" - serviceAccountName: system-upgrade - concurrency: 1 - nodeSelector: - matchExpressions: - - { key: node-role.kubernetes.io/control-plane, operator: DoesNotExist } - prepare: - image: rancher/k3s-upgrade - args: ["prepare", "k3s-server"] - upgrade: - image: rancher/k3s-upgrade diff --git a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/server.yaml b/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/server.yaml deleted file mode 100644 index a00044f83..000000000 --- a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/server.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: upgrade.cattle.io/v1 -kind: Plan -metadata: - name: k3s-server - namespace: system-upgrade - labels: - k3s-upgrade: server -spec: - # renovate: datasource=github-releases depName=k3s-io/k3s - version: "v1.25.3+k3s1" - serviceAccountName: system-upgrade - concurrency: 1 - cordon: true - nodeSelector: - matchExpressions: - - { key: node-role.kubernetes.io/control-plane, operator: Exists } - tolerations: - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - upgrade: - image: rancher/k3s-upgrade diff --git a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/system-upgrade-patches.yaml b/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/system-upgrade-patches.yaml deleted file mode 100644 index 2161d7b0e..000000000 --- a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/system-upgrade-patches.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# Namespace should already exist -# Delete the system-upgrade namespace -# from the kustomization -$patch: delete -apiVersion: v1 -kind: Namespace -metadata: - name: system-upgrade diff --git a/cluster/apps/logs/vector/agent/helm-release.yaml b/cluster/apps/logs/vector/agent/helm-release.yaml deleted file mode 100644 index c7f5b8009..000000000 --- a/cluster/apps/logs/vector/agent/helm-release.yaml +++ /dev/null @@ -1,66 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: vector-agent - namespace: monitoring -spec: - interval: 15m - chart: - spec: - chart: vector - version: 0.17.0 - sourceRef: - kind: HelmRepository - name: vector-charts - namespace: flux-system - install: - createNamespace: true - remediation: - retries: 5 - upgrade: - remediation: - retries: 5 - dependsOn: - - name: loki - namespace: monitoring - - name: vector-aggregator - namespace: monitoring - values: - image: - repository: timberio/vector - tag: 0.25.1-debian - role: Agent - customConfig: - data_dir: /vector-data-dir - api: - enabled: false - sources: - journal_logs: - type: journald - journal_directory: /var/log/journal - kubernetes_logs: - type: kubernetes_logs - pod_annotation_fields: - container_image: container_image - container_name: container_name - pod_annotations: pod_annotations - pod_labels: pod_labels - pod_name: pod_name - sinks: - loki_journal_sink: - type: vector - inputs: - - journal_logs - address: vector-aggregator:6000 - version: "2" - loki_kubernetes_sink: - type: vector - inputs: - - kubernetes_logs - address: vector-aggregator:6010 - version: "2" - service: - enabled: false - securityContext: - privileged: true diff --git a/cluster/apps/logs/vector/aggregator/helm-release.yaml b/cluster/apps/logs/vector/aggregator/helm-release.yaml deleted file mode 100644 index df9655881..000000000 --- a/cluster/apps/logs/vector/aggregator/helm-release.yaml +++ /dev/null @@ -1,179 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: vector-aggregator - namespace: monitoring -spec: - interval: 15m - chart: - spec: - chart: vector - version: 0.17.0 - sourceRef: - kind: HelmRepository - name: vector-charts - namespace: flux-system - install: - createNamespace: true - remediation: - retries: 5 - upgrade: - remediation: - retries: 5 - dependsOn: - - name: loki - namespace: monitoring - values: - image: - repository: timberio/vector - tag: 0.25.1-debian - role: Stateless-Aggregator - replicas: 2 - customConfig: - data_dir: /vector-data-dir - api: - enabled: false - sources: - journal_logs: - type: vector - address: 0.0.0.0:6000 - version: "2" - kubernetes_logs: - type: vector - address: 0.0.0.0:6010 - version: "2" - opnsense_filterlog_logs: - type: syslog - address: 0.0.0.0:5140 - mode: udp - transforms: - kubernetes_logs_remap: - type: remap - inputs: - - kubernetes_logs - source: | - # Standardize 'app' index - .custom_app_name = .pod_labels."app.kubernetes.io/name" || .pod_labels.app || .pod_labels."k8s-app" || "unknown" - opnsense_filterlog_remap: - type: remap - inputs: - - opnsense_filterlog_logs - source: | - msg = parse_csv!(string!(.message)) - # Only parse IPv4 / IPv6 - if msg[8] == "4" || msg[8] == "6" { - .filter_interface = msg[4] - .filter_direction = msg[7] - .filter_action = msg[6] - .filter_ip_version = msg[8] - .filter_protocol = msg[16] - .filter_source_ip = msg[18] - .filter_destination_ip = msg[19] - if (msg[16] == "icmp" || msg[16] == "igmp" || msg[16] == "gre") { - .filter_data = msg[20] - } else { - .filter_source_port = msg[20] - .filter_destination_port = msg[21] - .filter_data_length = msg[22] - if msg[8] == "4" && msg[16] == "tcp" { - .filter_tcp_flags = msg[23] - } - } - } - opnsense_filterlog_route: - type: route - inputs: - - opnsense_filterlog_remap - route: - pass_action: >- - .filter_action == "pass" - opnsense_filterlog_geoip: - type: geoip - inputs: - - opnsense_filterlog_route.pass_action - database: /geoip/GeoLite2-City.mmdb - source: filter_source_ip - target: geoip - sinks: - loki_journal: - type: loki - inputs: - - journal_logs - endpoint: http://loki-gateway:80 - encoding: - codec: json - batch: - max_bytes: 2049000 - out_of_order_action: accept - remove_label_fields: true - remove_timestamp: true - labels: - hostname: >- - {{`{{ host }}`}} - loki_kubernetes: - type: loki - inputs: - - kubernetes_logs_remap - endpoint: http://loki-gateway:80 - encoding: - codec: json - batch: - max_bytes: 2049000 - out_of_order_action: accept - remove_label_fields: true - remove_timestamp: true - labels: - app: >- - {{`{{ custom_app_name }}`}} - namespace: >- - {{`{{ kubernetes.pod_namespace }}`}} - node: >- - {{`{{ kubernetes.pod_node_name }}`}} - loki_opnsense_filterlog: - type: loki - inputs: - - opnsense_filterlog_route._unmatched - - opnsense_filterlog_geoip - endpoint: http://loki-gateway:80 - encoding: - codec: json - batch: - max_bytes: 2049000 - out_of_order_action: accept - labels: - hostname: opnsense - extraVolumeMounts: - - name: geoip - mountPath: /geoip - extraVolumes: - - name: geoip - persistentVolumeClaim: - claimName: vector-geoipupdate-config - service: - enabled: true - type: LoadBalancer - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: In - values: ["Stateless-Aggregator"] - topologyKey: kubernetes.io/hostname - postRenderers: - - kustomize: - patchesJson6902: - - target: - kind: Service - name: vector-aggregator - patch: - - op: add - path: /spec/externalIPs - value: ["${CLUSTER_LB_SYSLOG}"] - - op: replace - path: /spec/externalTrafficPolicy - value: Local diff --git a/cluster/apps/networking/tigera-operator/helm-release.yaml b/cluster/apps/networking/tigera-operator/helm-release.yaml deleted file mode 100644 index a007e9ef7..000000000 --- a/cluster/apps/networking/tigera-operator/helm-release.yaml +++ /dev/null @@ -1,47 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: tigera-operator - namespace: tigera-operator -spec: - interval: 15m - chart: - spec: - chart: tigera-operator - version: v3.24.5 - sourceRef: - kind: HelmRepository - name: project-calico-charts - namespace: flux-system - install: - createNamespace: true - crds: CreateReplace - remediation: - retries: 5 - upgrade: - crds: CreateReplace - remediation: - retries: 5 - values: - installation: - enabled: true - registry: quay.io - imagePath: calico - calicoNetwork: - bgp: Enabled - hostPorts: Disabled - # Note: The ipPools section cannot be modified post-install. - ipPools: - - blockSize: 26 - cidr: "${NET_POD_CIDR}" - encapsulation: None - natOutgoing: Enabled - nodeSelector: all() - linuxDataplane: Iptables - multiInterfaceMode: None - nodeAddressAutodetectionV4: - cidrs: - - "${NET_NODE_CIDR}" - nodeMetricsPort: 9091 - typhaMetricsPort: 9093 diff --git a/cluster/charts/jetstack-charts.yaml b/cluster/charts/jetstack-charts.yaml deleted file mode 100644 index f0ab55f39..000000000 --- a/cluster/charts/jetstack-charts.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta1 -kind: HelmRepository -metadata: - name: jetstack-charts - namespace: flux-system -spec: - interval: 1h - url: https://charts.jetstack.io/ - timeout: 3m diff --git a/cluster/charts/kustomization.yaml b/cluster/charts/kustomization.yaml deleted file mode 100644 index 559e7c2ff..000000000 --- a/cluster/charts/kustomization.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - bitnami-charts.yaml - - bjw-s-charts.yaml - - cert-manager-webhook-ovh.yaml - - cloudnative-pg-charts.yaml - - descheduler-charts.yaml - - drone-charts.yaml - - dysnix-charts.yaml - - emxq-charts.yaml - - external-dns-charts.yaml - - gitea-charts.yaml - - grafana-charts.yaml - - ingress-nginx-charts.yaml - - jetstack-charts.yaml - - k8s-gateway-charts.yaml - - kyverno-charts.yaml - - metrics-server-charts.yaml - - node-feature-discovery.yaml - - project-calico-charts.yaml - - prometheus-community-charts.yaml - - rook-ceph-charts.yaml - - stakater-charts.yaml - - vector-charts.yaml diff --git a/cluster/charts/project-calico-charts.yaml b/cluster/charts/project-calico-charts.yaml deleted file mode 100644 index 4911c3bd8..000000000 --- a/cluster/charts/project-calico-charts.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: project-calico-charts - namespace: flux-system -spec: - interval: 1h - url: https://projectcalico.docs.tigera.io/charts diff --git a/cluster/core/rook-ceph/rook-direct-mount/deployment.yaml b/cluster/core/rook-ceph/rook-direct-mount/deployment.yaml deleted file mode 100644 index 34d25ba69..000000000 --- a/cluster/core/rook-ceph/rook-direct-mount/deployment.yaml +++ /dev/null @@ -1,67 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: rook-direct-mount - namespace: rook-ceph - labels: - app: rook-direct-mount -spec: - replicas: 1 - selector: - matchLabels: - app: rook-direct-mount - template: - metadata: - labels: - app: rook-direct-mount - spec: - dnsPolicy: ClusterFirstWithHostNet - containers: - - name: rook-direct-mount - image: rook/ceph:v1.10.5 - command: ["/usr/local/bin/toolbox.sh"] - imagePullPolicy: IfNotPresent - env: - - name: ROOK_CEPH_USERNAME - valueFrom: - secretKeyRef: - name: rook-ceph-mon - key: ceph-username - - name: ROOK_CEPH_SECRET - valueFrom: - secretKeyRef: - name: rook-ceph-mon - key: ceph-secret - securityContext: - privileged: true - volumeMounts: - - mountPath: /dev - name: dev - - mountPath: /sys/bus - name: sysbus - - mountPath: /lib/modules - name: libmodules - - name: mon-endpoint-volume - mountPath: /etc/rook - securityContext: - runAsUser: 0 - runAsGroup: 0 - # if hostNetwork: false, the "rbd map" command hangs, see https://github.com/rook/rook/issues/2021 - hostNetwork: true - volumes: - - name: dev - hostPath: - path: /dev - - name: sysbus - hostPath: - path: /sys/bus - - name: libmodules - hostPath: - path: /lib/modules - - name: mon-endpoint-volume - configMap: - name: rook-ceph-mon-endpoints - items: - - key: data - path: mon-endpoints diff --git a/cluster/core/rook-ceph/snapshot-controller/deployment.yaml b/cluster/core/rook-ceph/snapshot-controller/deployment.yaml deleted file mode 100644 index 66af9f63a..000000000 --- a/cluster/core/rook-ceph/snapshot-controller/deployment.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: snapshot-controller - namespace: rook-ceph -spec: - replicas: 2 - selector: - matchLabels: - app.kubernetes.io/name: snapshot-controller - minReadySeconds: 15 - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/name: snapshot-controller - spec: - serviceAccount: snapshot-controller - containers: - - name: snapshot-controller - image: k8s.gcr.io/sig-storage/snapshot-controller:v6.1.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--leader-election=true" diff --git a/cluster/core/rook-ceph/snapshot-controller/rbac.yaml b/cluster/core/rook-ceph/snapshot-controller/rbac.yaml deleted file mode 100644 index 8f8c65c4a..000000000 --- a/cluster/core/rook-ceph/snapshot-controller/rbac.yaml +++ /dev/null @@ -1,75 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: snapshot-controller - namespace: rook-ceph ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-runner -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-role -subjects: - - kind: ServiceAccount - name: snapshot-controller - namespace: rook-ceph -roleRef: - kind: ClusterRole - name: snapshot-controller-runner - apiGroup: rbac.authorization.k8s.io ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-leaderelection - namespace: rook-ceph -rules: - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-leaderelection - namespace: rook-ceph -subjects: - - kind: ServiceAccount - name: snapshot-controller -roleRef: - kind: Role - name: snapshot-controller-leaderelection - apiGroup: rbac.authorization.k8s.io diff --git a/cluster/crds/kube-prometheus-stack/crds.yaml b/cluster/crds/kube-prometheus-stack/crds.yaml deleted file mode 100644 index fe6fc7fb2..000000000 --- a/cluster/crds/kube-prometheus-stack/crds.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta1 -kind: GitRepository -metadata: - name: kube-prometheus-stack-source - namespace: flux-system -spec: - interval: 1h - url: https://github.com./prometheus-community/helm-charts.git - ref: - # renovate: registryUrl=https://prometheus-community.github.io/helm-charts - tag: kube-prometheus-stack-36.2.0 - ignore: | - # exclude all - /* - # include deploy crds dir - !/charts/kube-prometheus-stack/crds ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: kube-prometheus-stack-crds - namespace: flux-system -spec: - interval: 15m - prune: false - sourceRef: - kind: GitRepository - name: kube-prometheus-stack-source - healthChecks: - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: alertmanagerconfigs.monitoring.coreos.com - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: alertmanagers.monitoring.coreos.com - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: podmonitors.monitoring.coreos.com - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: probes.monitoring.coreos.com - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: prometheuses.monitoring.coreos.com - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: prometheusrules.monitoring.coreos.com - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: servicemonitors.monitoring.coreos.com - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: thanosrulers.monitoring.coreos.com diff --git a/cluster/flux/apps.yaml b/cluster/flux/apps.yaml deleted file mode 100644 index a780610ac..000000000 --- a/cluster/flux/apps.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: apps - namespace: flux-system -spec: - interval: 10m0s - dependsOn: - - name: core - path: ./cluster/apps - prune: true - sourceRef: - kind: GitRepository - name: flux-cluster - decryption: - provider: sops - secretRef: - name: sops-age - postBuild: - substitute: {} - substituteFrom: - - kind: ConfigMap - name: cluster-settings - - kind: Secret - name: cluster-secrets diff --git a/cluster/flux/charts.yaml b/cluster/flux/charts.yaml deleted file mode 100644 index 42a21b891..000000000 --- a/cluster/flux/charts.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: charts - namespace: flux-system -spec: - interval: 10m0s - path: ./cluster/charts - prune: true - sourceRef: - kind: GitRepository - name: flux-cluster diff --git a/cluster/flux/configuration.yaml b/cluster/flux/configuration.yaml deleted file mode 100644 index 3795a5061..000000000 --- a/cluster/flux/configuration.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: configuration - namespace: flux-system -spec: - interval: 10m0s - path: ./cluster/configuration - prune: true - sourceRef: - kind: GitRepository - name: flux-cluster - decryption: - provider: sops - secretRef: - name: sops-age diff --git a/cluster/flux/core.yaml b/cluster/flux/core.yaml deleted file mode 100644 index a4f823339..000000000 --- a/cluster/flux/core.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: core - namespace: flux-system -spec: - interval: 10m0s - dependsOn: - - name: charts - - name: configuration - - name: crds - path: ./cluster/core - prune: false - sourceRef: - kind: GitRepository - name: flux-cluster - decryption: - provider: sops - secretRef: - name: sops-age - postBuild: - substitute: {} - substituteFrom: - - kind: ConfigMap - name: cluster-settings - - kind: Secret - name: cluster-secrets diff --git a/cluster/flux/crds.yaml b/cluster/flux/crds.yaml deleted file mode 100644 index 0908934f3..000000000 --- a/cluster/flux/crds.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: crds - namespace: flux-system -spec: - interval: 10m0s - path: ./cluster/crds - prune: false - sourceRef: - kind: GitRepository - name: flux-cluster diff --git a/cluster/flux/flux-system/flux-cluster.yaml b/cluster/flux/flux-system/flux-cluster.yaml deleted file mode 100644 index aa5509322..000000000 --- a/cluster/flux/flux-system/flux-cluster.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: GitRepository -metadata: - name: flux-cluster - namespace: flux-system -spec: - interval: 30m - # https://github.com/k8s-at-home/template-cluster-k3s/issues/324 - url: ssh://git@github.com/auricom/home-ops - ref: - branch: main - secretRef: - name: github-deploy-key ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: flux-cluster - namespace: flux-system -spec: - interval: 30m - path: ./cluster/flux - prune: true - wait: false - sourceRef: - kind: GitRepository - name: flux-cluster diff --git a/docs/files/pxe_opnsense_services_dhcpv4_network.png b/docs/files/pxe_opnsense_services_dhcpv4_network.png deleted file mode 100644 index 87acb162630fcf0f927d0bb5696c4104e562492e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 180055 zcma%j2Urv9)-Iq}Xf_ZLDT;uCfYOUJ8zLY`l~5uey?1E|pooQ{poA(Yy@i(0VhD&7 zK?tFjKq%4)ASFOT!X5TG=l}1y*S(eJNit+6lg#(6Z>@K|>s|9w@4f~r(^)1uIyzR( zySMb|=nm)6(J}rwatL_GzuPF1j_x3v|_$Gn%vnBP=iF-sT|WVmt`E;ijWSS6EBOL^`^u$)DB9PN7l&sBNT7pVU%t?O`i z#j4nw1(ly$rn307UiIDGB>S19B^{ZJQ{ZGi8zm@VjQn|{6>5SM&N>dR^nu1s;#+k_ z;@jxcG3jTg_2T*BiRLO_ITEA4sWm(cSmL<)=+vz@{Kp)F%^qduGM$}s_&AsC@Nv6u ze2MVo@(zuz%Fv0{x;TfsdLw5~V705@%Zh`Mz-JanfJ32g*HJqUf!=GH5}I*Ox6fUO z|8bS;d?tUK@Hd0UQIBzo_t<1w5-xZ@Ua!IR2G9%Wr^~(m{Cdt`y_shJIB^_-ZMv5( zcYF{#h;?pzKj3Dm7~*E~8g<7w9o6qW?{m@qtdp2e>u_(H7k2Lpcy^!^JSzucp&f=C zfG&<0SII0&e>Y|dsdYE|sP0+)H4B1RjvyWuBgCg#LXN(h?eqjNm#S@PnYYA*1_OlX%%+WFCI_1 z2(RlNEdA{DnlEo>n~ZWyLm-nEUNwIEF=fqEA}Mm3Wx77&(qio#>KrbI4GD9YrYjAS zl>g$cNuzR(1Z3NKryr8v6;|2;RVo}CFFMdgacGwfwVy(-&=slVJR#{n5&mjTV36;7 z+Sp*Cdlp;Bx43Ec#7%IFZZH^axksS}hO8gxCD2u8>>bz>e8Svh)87s_2p8Ljnsz!m zbRxj^5xRr)XXzM$EqdUgLeKp_+jrV{9~mqrh# znj4Mo{Uo@^X8G$MIr{9)n>$kMVRz@yob;k93kPG|4>&e&_Adi$oXdM zh8DxoH^ARm&=3{7C1me4^F6In38f@OQK)MUT6WwT+gcJYF@bEQ##hgMdc6?+jE><5 zf9O9yshwi(mHxTS68q1G{k2!^qFQJ&-@${&)#&K|@hQyi1i#womG9;U|M|H6y&0AI zM-~=`L{R#5qRXd#cYLx5|J%FLD~#MvkV33_rwrZ3t8U2s<8S%vJC20uH`}F14qB|y z`CjJxe8fHZ!f(a}xZrnc^|3n%iVrQ~=#bE-f=?`;|L(eh@49q=UiGy3t4F?>4861t z>E;~6Dd`#Bx!1oPUc(ACn*-m);UkHjuh{fZuTPVk*hlKRJRKu{`%!+qYPIuaBR9ga zH2Da`)=Fs}@Pp4okE??3a$`a&gY%oe$*N5M-V~5b?A-ExY*wkV1bL_Ql4x$TmT-pN z37zc&m(ok>x@0G+Qw4rMZ0r(xcUcDbWX#?S@d<-dTsCRGYlrfv%w(ST?ha|H_u?ybeWAC1nv@z*eEck>rMk9Sa`T(lKVUBc#KtzQu4erMLe zGGJo76LXGB`8{87=jo_UW6M*u)fwJ!FXXp=@ue1pKUm0{N1pwhbSayvUPEy8da{1~ z0kdx}9L;->>BE2i_p@gBvVQyLRHm?JnYG+g(5z>`UKv$Z1e>T%lrtW)xM-rX)c7Yq z!k0-}=y@uW9_6XL5ax<_i6jQUIrZWXEZBkp58SD1T*edm+@uw^H6+iKJd$`5fxE3_|O9HbaT!OwmWo|w!gwN^+B zer9}ay=Z3hkzr%~^pz+TreVHX?1z4|^XK&S2At+aVP?5{cY~FL_NJ!iji$Y{(fknk zOho}T9=}zrRvh6fY9x@fWCf!xn+S5nss9@_WY`{DuA8MtQ9FaoW+u%!eqj?CkLbgD zYVz6hAQL^D#5cukF|KprJu=7?(@1fP;to3=$#Azap2BLquohou3GcImtQi7j4LCveGuSU=EJ?=V&Mg~qs^ADm_!Zs*`kyWcRT-|Y{)*|S9 zEAK!K!~8kDXV3j}h;7q-gmWV4h;Nvgp0kmG;^Oj937bMq%)M@iB#g&XBXiMnQ--qd zI3{6e|MdZOZecc?E=PK&JyPRyIDC+~7V?|(13*mybInh5UJBAY_e5{>^&ML|ND5QO_10S@*H)+{%H7v?r4<`*U=-F-HUTQU0Yc zGk0{K<&%ks)R6lsJC8@~(?hz4KmTmz_S>Uw<-Xrs9KhaJrEVa~om6X9>L^QZHF&@6 zBu4TE=JAAV;1ovmUjFS6t9c(ip5Z1w&xGle!d|y&Ip-Z!{IKl8=EVVX?`UPxppCIv zd+YiH4K(DfDo-4-f3dkqU}vfVSG&xm@xG5YBVDTAKB)7WzGqhcSQ8YWqZ7TkJgQV&lo(%ITk9}GbS^>L zRoHcu4^`Nk&32}_wu@CEtQwyWSw-^L5l5;d99paGS(KcRp&yikl9y9{6(Rl?ChAp( zTH{{cy0GvDh>oLE;eC*#c2p*z>fBm8OrlClyyh$X^IBU}MgbJcWXuQM{fWDBopJN- z5TgotE_1MLYb;2jGWAQ&iS0I%I_p>!vO{OXW_z((ad`k5WII%Jw5}$;Wp) zAwwcEqQ3Lp*^YfM%fS4QStWv|XuGc$b#oxa(reWKCT`(E+ueaYP~VAFr45RIUcC`C z9(LG^G_c*m8&qTw{IjXQ%AJsE)1qu+ei%*1ZxWr$Y2i2OYoat2C8e#UWpbnY-Vx{i zqHopvqd1(Q{#3Hf?9+H5m|DQ|WIW6fmf)>$5xu&x(W9F}TfSUEU>=&EwU6ZSD}BnQ zn3p9H$-eeIH`VK&k1K|#y0?Rkn#NKC*Zw|$NZ(PrX5EyDe_*o{Am?YEv|xRp7j7WP zyGN?R3}K-(?-V6}x3LiukELPf5*gye4h*x~6r;G1_c;XQe1P$hw1JGa(sH%U!><9% z%yTe{FsTss@6-Vdjf47DZ*^&@0$YjR8bd{_lv=^SNGGEWRB`t7dn{~Yw+ip|T6uT1 z(QhhR?v6S+IApD_#H^}QdIXg2KNcVinxq|rZa?J-`0yzWsVM1!{#h{FvdaAlT6b!x8pq{$?0R$Z)aaOIKJW0TM)6Pv1LN+&R&f zOwOyXR)Hj6wPK)m;(PWh|y9PIZRJ4_~Tl9oUFyY|)Y?tK_pl6&}(6aU%FesMIj z(02uYerG;0>PT`2xcthFsoOfIM8)lPS=S!W$JmE)BfOQHr)4E~E*p^_-H{Ypoe<7G z8{-+rV1zU#vdZC)ci3IIC{Kh^Kxem~ow|Ru18-LC@ezC*k{KE8;S;<#~7?Dh5U;l}SBRv8NrQ&C(}pEwnbi(Wt%yNK^6RO=vYh=a7J$5iGx z+=Xq!L!{gHjsS8(^1(ukQ8_@`9X$L!nVrJk9ZsV2&X*@F?3*i zE8@q(^sU(sL7j>|mk4sX><|0vMhtSaUs6>NC6x){d{TDW8>W>mNy?O^3ep#5i9yUB z)xD=iD>;Okgbi*^n^C5%Myeu!CBL5U$E5FsjL=o3_F4u^zjrvcbk!q2yQOb78)hkz zqMWt|tf;}_s*O!dO0h+TjjQm8^J}!r!`KPZ3|`KKw5Cv;mX$FJ*iQ*jHdqfd@}po( z)_&roS*^8^*Ga1{fqwJvQZM7L)%49iw{vwK8MMr-)LCpi$}laY$3egFEnc|gP$_$2 zKdltv6?Wx)N2-Dp(_PWh3_)|GuGrDAd#472*E=$&v!|AW@YS9q%pL_pB8|A)8#>FD zg*y!A)|kgbpy|Nk8yxA0+fC*`580(8h(2fpg4Av7Zo^@|K~3Q_cJ#YXoVszyQ&gx1yk;$oL zFdhsO40;UiySdibQa_CCrR-d+ZA3}JIZ-SxkB`t7M%}v?I!U1qV5Bg z{eD{FROQF*Dvr~s{CaQ(qq495__$h&TAwlkjZ~#D%Hh&AR^~tI3mXkuLHC#0c-`DN zB-EjAR3Egtu%XJtdQRL~&O$>+8;BxFhAs9a7ODA8N-U z+UoaB5cc?>moK+J-ZK&nK&Xx<8WCV8+^5@Rm`2x;N@Tk@>N^~@Tsvs*Wzw~@zzGh% z=0u?o_Qp71OL>@U17IkcSTp;9%Vx|QtITC9_P~R-Gdt3oZ(sm}7Zn9Pc{_d1P8;V6zw-u{_O!jHsDh4&Pgq5Uijx5f~rih}3$NDPb} z869ixk8tDwF&mU3>-uGKa6L0tMX~Za_#;Diazp+&DUuK3usBc>%U}nft778k z_0F7-6qz988^L#2#lme+gjTJU8N= zD@nkn-kVr*b?CFLXh?mO@veE(3qaHGk<*fvgLhO9kWG*59ST|dCY-~0b)%wqy1oQW z8b-inWMptx7ClJ*pv-7tGU`(we}9o_ym7H@4$@VqVDydw-$SHC)~Rn zUwTuuMei0SHAd{Zu9pzH1E}KZ-kl0LFuvX1Dt9ntvjmz(^4B1kCEkhU&c01OrhQH6s<_-X*m;Esn!s)@1fk|rZ8>qb*((>pC+x6A@Irqu)k>^hOP5&~h z3ww3??!zyYi*;$N%Zh_zX?t)qW;MhNTvhieJ>O7HHN#(b5&zM`soFpHd+ESfO0r^X zyMw~Z)V<`G0zC}oQnyrriXsz~4$v*43kHw{{HB01ObTi;x@+lCKEDFpLpf?bgs~eMhJqR{Gfn|Z6;o3%mp7g}vgZfDPQM-< zx$HjY65@>my)X+>t^>gmN=F$?+umP1x24K@ru;9N4sw>y3q=MSrW1AAMOu+*nPFDRxO()&OoKup$lGj*7Aw8PKD zgOcnFf0>Xv)>{zZovc%s{_U##*7(z7!>J11XE~~`Y{t*srbq9d5MsOqB~_$HG>HYm zIYlSqEYEUDJG^m4Z}#U9+_yeGbuQ%OVN>4F^H1K)8}~mm-d|l4-a|(H>~M!jx%x6N zE^<8U8^g0|)tx>pV7?Y6$8;dKmvO}MPIQIj*7k(hemET+X6H}Po zsk?ieJ9a1+M+wAKjFKHoUVW&YAWTurqPDk=gelj7PF3QUUamQl{%_Zie~Z z@j_*@*8p%Y@U#SX?Pe>ad*K4TIzlgq=kwicdE6tjH%cJ)e z3QLmhJg|w^1Tr-Zc0@Bu?EBjpBeE_V~=@2sgac+GjN&+Jewv-Cv!232hBKH6{L=*+@yqdQSzjrtAn=s4$#k!K} zNhW4+>w}%~hNr%FwRRx7U#8b0kMVuzC#d464ul1l21iWsT5Y9WG1#}y$ckh3mpO`I zgj&n+{YrrC8#@1#txP5DY~9JnGLMQh;fEALI>YDIoxEmzLOyJ-y)r6vZOdKP4>1Sx zs3t26*h#c1@8q2Q{^WVv$-Gx|$b{|~EplWqBM*o66(jQQtg8DS;JmCOneE4G?l2`d zlS&yBBZN9qdt4>~kSXQNxrI-s;AdTc#8lfkHv<>4H3~C6?Z4J_^O)@wo+8^yq`B+m zI6HHv=a0(N%T^#;C@yRk#gPfh7%St3chMjY71BMv@V0eaZ|HJvYTN@FkiIk>8jzt0 z#9oiX)hRF|uKSsHpIn}PhsX*s@7AB5PAC_fTEgZ;QxtG3mgncg4)eA;%7__$e5@$cWw9Rpb+9_&WTxLHOtlHPI+4pm( zO6YcwA%*x&psSm~=tM^UNz`G!V2`5g1h>AE2&Uu8d%Nppu1sQ|fqbQd0PfxF(Z>&~ z8cM0itedL0dNgN|qG{6-(D~XQ%1$%BXX?9Lu6HCDd)%wYm5~||B#Lq8R42hA5Z^d< znJBZ0CS3;YpccW7gS+#(P$z#vh(AICX?M~|*I96gx?qB7o9j2E9aG))KtxtU)fr#H z(WDYwTpcLKj8MoBL8A>aeQF_smr4Dk7VjN%U$~9|@8+aB_JgvN_(!gGU~V)55)s;g z+ZXN(<_LCj?6SnCQu#9>sz^R$`i3`0XZ7addy{$t$_Pc1f@~>1J29LJAopqSXcb|e^$xM;Qq zv~-La9tW`fZY~kX*>OcSjC&*kbnjAEMm;iJni~{0dn1md=u1f>&G)n{*UW-*O#S7? zp4cEb5#iP}-VQLi8z%WY1lS`P&JPjjcwwmaRaf$RWl1>!a2ItT{lQ~{d9kE^;|$BK zoTR?m1iKn%3Fi)NLl1LxF66p_0ohse=T%3$>HJ(shxAjBX2Tuy!Shf?-A$LFaI-+G z3nMOpRab(Zpl7ZVoC=F2#Z6q^Jdm2=_$slHNovYUlCrmxjzz6R-RUsTNH^^$V2!sU zkToU1O8}~dJa~rzh#sl7U4{;GHUs!H8o3Zo(%*`=!#hRL!4}qw8K=$$w%{@~g6vbu znQCLtT(dS%PnzDS0$Wb_9VU7qlUOUsU++^3v zAv+w@zC4<5%leD&fCa3wce_69KxTa{Z4B?zql42@@|5_RC4TSFFBhB0$-KgnikHkn z!vY3;_r=}Q>_Zks0^N8S!}>4i$7#M#rVZFPH9&5NNU-&Oe$Gp6m*iw`O)V&yMvmBX1{Jr84N ze90HIR90l;{JerW9Ce53iyiX@N;cvgGSvegH?vP}?T4q=JU6s1h#ue1P@>2=8w1!| ziO*TMP6BuenO<3^!TI^Vk;``np&wlKsV7cr(6_lrQKinxS%oc2Xh$sNE^pypA09^4 zcIj?^3Rg8YS8>bPksWb4HGpVpV>ed;$W9wD!%H(+#bv>`>S+}9@Tn3)#Z16&ajy2%kC%mx&&z!O0c=^kq|!$ z;-`Xo#<_z9LTX~)53tGegPMZ|ORWN2k%on&JYzFPRqu{G<3~F&O3Qb-4WxphTPQ;I z`v~EuhmXmM*%EU-V)ZfN;w5Sh=dqb}v@4o&#&FxZDLeOO;`_yBk&V2J>HT~gXRc1@ zxvwOac^#~7Kxtuo?p8fD$N&l3DOh#gW9O#a!%@zR)y%{O$h*5uf$Tq6V zWvD!=JmE^0WQ$ezih*|y0Q99mJnEts=Q7jhUrW@<2kxk8xupAaYXZsKMwA)3zp9R- zqm)%tnj#atb5la&YxKvuVM%@#xKm|$0y$PId6Q4PiQ1w{!?8bhb?I(D1JEkk>~sTh zJ;~>3RTyeVClE!O*+w5zH>(UpdABvCXfmSc#O%q<$*Az&{R~LeP^6@fAJ24fKL-T3 zh!q?YbN-=gN!2j14T8Ym5Cx`>mfLDbgNT-;8ZPX}n#}a3dw<6c+GnL3N8Xro8ddad z-QJkPIrE;IIvkSSJ1NmojmSqDs8gGnVjsk+Ej zNEG$b@R07hnqe@qY#yLS+K#+))b1!?gDs2y0O=4*riU7{GUD6z3Fp#+ac{;cJ|MTc zRO%0;uRyv?WLh41$2w)%?9jT^{ch__)#KNe!4921>m70_cFL$&yKf6YhL1>qBYutM zAg04H!k(H9xYaE!EZ5ej7v#l==c`FmmNy=liCrt^uT5vaMFZm90;h~f$#^Zp2FQ#2 zF_O2u8Y357t9DdracfIhbw_jf#c<?MFky*(5^J9 zVeyW)WUa+;E)e_RW|6aGHL*L(vBEq-fWcNk&rH@|{|onnQXMUK=uSKMS_gmKqidsSR6#FqW^!7hL_~!EvI@??J46!NY-z82S3+pU zIzKN@ml;mGz+n$N-QK_6BJ?|AhT zxvI|F#sg)JehDX;0BUsKk{?l(DD3*p1IT?Tw*%J8m1h!dv`5ZYXTf5mQ$Rr>E$H1$ zu3jL;eWpwv%#`)|dUrsKn3vsxJnXkU8K1y9z|2fG%jcxqSU=fWtIPf3)Gw7HA`c(w zjGhg$rzyz>G(7J4(36E{=$XBOn6Kb`?3$&im_Fi}=bB+C)#Kq&*{Ip?N%8&ng-brK-P`z< z*J_ZFkzzNwUor{+fu7oNi_%RU&htININt~W?iyBuvWApWj8g2nzFN&2E}|RD-WfT| z%T$>PBlV9!rAq*5SON_ZYo`Il4UuH!z}EATgG2V|uArG}eFO81s-Ugq+sd7Cbw61R z-V}HFOusi7-Y-VoNHGHdn%M4GBTSizx9BBz46m|cjbeR3z}CwF*K>h$ABCKuSof+M zp?lU*2{047UR{v!b+;r(;=GDYGYiIXqXP6@vfnXHbo&+*j9j>dcRG`7E53CD+K*g9 zTUrJH;oRUtp!)5G+2YFKwvFy401?^u_|Z)i93*o?$LSB>Az0y0vx*p~Qaf1fzlqLK zch|8Re8iu{{F@51sRq5}Kk~VSp8l!=sK&)~>5Q`D1ckJ``?J_9cK$g;&}@_Fs1Y;t z%`!>8Y37P~T&kKu`q={iE%8bNFVhuzbWm1XzmSPw$TIPm{_Nx9mxRL#%qEq%;dZB; zRrMLU_g$yGh1<>^ZDmg~T-gnZbFtwx`{4ZCw#+7iDAOaCn#LnOU919n-mhzc@{10) zhnU`6_nz(Sm@5eJ;I57G@!oa^l5r9MDN`7_hT_cX{L@27FG=TPMuZj22woz`>^m37 z+Qbrva&^;L%C8< z-+`yIM;Wj7>H;?Xpq@!NZMcqv+8>d1Z0RUSc;&HGx) zD4+71{)Dl*;MEU)8;NPeQf0r=coJbWX3)C@G45kgK4nmXv1f*f>n>sen)yPP6GJcC zXMpO?L8~BLe9Vt)R}>;!3ewp#M2z&i3N>PN+)Lj%najo4Z958;rVHsLKThUZ?k+N| zkhC-91Ik(t9R0GNQxe35M0t37;m-rY$4fQf26(+y|ji|SY!?=wvbFU6I6 zopLtD;{NQg2_6hr8bPBe%c#FtC8NDbPRv!;%;Q4T(JsOPs=uIiV3?Zd!^c`=vtptk z!r~Tw>B)euRtD&X~p2#wE`a|soZ zmVqs&CA0`9D};93o0U<1<#o!npcX&Zo)5O0!@eYKuaX7bS&4h1vj@YxPUbBL)_JQR z+b?bbl^~_@&;ydmj(1YirM<_C@jm=_-t!>_R4g9}w#~Q9zoi(@uS^*&y7} zi~$(=#)5KX%#S!N>lK}fFYTA-w-y1kzxtaGHN%xWfh7;+#*k7{`d28%$ z7EWx{Z7CaM?A0#9wKffA0NmJ`D6=Bhr6o1|)I1%iC0`+@WM)D`1}wE+0fA@v_DVL9 z{A(p>Mh#;^v4zvrOr2v7Oxt}~%VcTuw3x+P7IBHnmwZ@+BllKn-O7%fYs>iqE-eiQ z%5~vd%^}UYNscSQ@}v9mwK6RD6?aM1#+iqgn;%DYGa-iQkY|8w%H80&K&sdrR@N8= z;LQ0q2>`Ri!>wTb7-U+LnhKyvoQo3FuY|!85;}}AA#UxL!pXOz+w7UM9A|REMVoRG z)&|OJne@OwT^zSo%M{}jYopU!~imYt=H|6B}16uEm`g1_$oZ9w?E2FET5;7 zR0mXpiMgs&#|FxgNGynL78Jhs^^`865MC?ds{~>LsrO)mXQX7UCZ9#Q9-2(py6-C# zf4&QDp+uQg-Qy}|$>8dt(Wd!=SHt$z6r@G)o?>RYXjl7XNcR=T=p+dq0JL$@F90xF z6)yZ`bCvBp?J|+z-KD7^M%8 zaVFh+(Ow~5YaP{^J#h`QxkXR|DZGwSI$v+QK2!AHfdXFy_x()!mvq< zKzU;9wTbJd;&swwFt3oH861#d6x%*Q8ZH37&g5Md=^3j*b+428sxc+04lveAfO333 zYPM@Gl_;aN{XVzU}_bm&>MLNix7JQfIg%?qwMT z3h!$%{439MSIq|9$;?orm^mw~rTGnC9$v(k7_XXF6l(3rjqs)as;p1PkbV4#{g_hr zndjFS!hFAFEaD@yGIjNu@`bOul6HSAd55?0Y7W^JUQjEB7Mal9kedFBsig$?E#nm= zDrp~~wB7G~T^@U89Upq)#zA#`x~jVq$1?d#8SYLeAi%|Z8U4IDSk=8?_TD4*QTEIb znT@2%u|Q{o(AyPsRG-;2|2q|6TT^WjPH4vhkCLAYf~5qym#o9bnE?TS&8LtMj;?=z9m8Mj}C-5dsZhj{GO)_o*f%R{ZB0U3OSM}RxJ_ah;!I?Hq8ve36%K_(PURSZ!7 zj{&o%U;zJ~$!U&QduHsUM~B46kzVyP(}_FQK&UijphOLCH7>Dq&84n5;-FHKG{_1- zy3b&PKS+V0R?jfgj=I+=(-aheDsFRzF@S0Gn2GwA z8EwG*xgc(pLvYKq}DP?s}Z0-ZLOYSERSI7n$Y26^K=CzRhaHboBU(*NP9DfPD9 zw{i(!am3sRU`Eb8IWF_-i$xXMK}_~qptgWmWl|}S0km5N&I?ii_WW(J>rJ#Du~MRLUD{2_gk9MZe5ExfPo8iBI>7<;J_Am(yyeRDoX`E6qsol`8Y z@)zr#?oQ9J3&c}_->u?rQwCQD$wDUD>GTR12C@IncC}I|XD9iiGIh=n^c3wJL!g=?5(2z(n7cR z53-iqv90$jHmF%cunA^XCP|S*4hR9zZTKS2RTD7m0o2c;dU;r&i0DWFc!*Ea(STA& z3(y!%eM(CA9Kc1nbrgxuW~t4+I3Zx|{y;*~;U!h7Q(j=$%uLnHy>2IG6!3RBj|%Kg zQwn+UKmk)>izfzs_tfbHUTRi7%5IOW)#}VOd-V-*%Mrc{Xg%JXi0c1N`isJs!lx{L zn1si>KL2cYZE@>@_P&Hlr(yCcv1$*3^E(3BQKkKioueGJ2e`7TvB1K4|LfWy-v(VW zYPCrMg4?(e4mk`^!wAQoU7`HXG+D<@W>rVVS2swFB+8p#DoXyU>1U)K6oI^40aQJ< zn}+rG(r?7ueQ~OEuJi$N5e=yd&MOb!^xvw8(*TNeVna$UgI9Y#G{p<+#;DLvP9~2Q zPd`r)y?kU1s1GXnDiD)+a;i;#SfxDwuwPkuP;W}vBWntQ!c8g;R1G_c_AGgIIBdm- zYck1_>2q^dP58~V?w~FTp!G5YqmaQr=Wv;sNjsosGuOq%MT?%fJpN!n)z;mH5Jo0U zu*Q>}`a{aJBqOJu%`*8!G<25gJb?i9=Mg}s!+shz8bBctGwbv0G9xkmwWjFDpJEdj zBreXQF2l0arT`72>z8Lo^UZ2$4Q$*q>^g>H?r1B2->I4q~~xUxv>PRq|U(M2^g)xVtg&JEkvsd~@q4@NOt~Ij{>9 zQezmnhqtN}x+fy}co}s$p1ss!dhwN*c5a~ZyzOu#h!ATxPp-Hz`jBbRE+qgyog~AJ zBk~mzY3gTc8ehj7K@$JsB ze3%LXT5EiJb<0KE?@@=)z?A{7d&$a$w*3`?eXyHto8Bpf@N>(fqfcqg&V``>7VYD> z-2&)SFEJfooNd$v;nXE^o)zAAsH`wvZiQ`pG1%Tx-%C4EW$H2I5bNA$TWF$$KJGn} zWM3=(PY(QUSn{jSi{m*mK|X+r2B%-$bVy73^%fAetAN$fE}eM|tT_2X;8R9KOw+}V z0va$vAH1=6>t@lc;)JliljTEkA5i&E-z8t8b+=30mN@Yk6-r*sXA0N zjLe0sDz(d7@V98UH&O{+nlPR1>70)R29(1}!j;Mn!6q-22i zyoOfOyR2y@@31m^HDo1-(EeopE=C|(tT?3WHMItpaB%qk4Rudd$Jm>8vMx6r5{U3Yv{eX-@f1N<_W;e6O%lNAaDO?}Y-oZd0w3LqXRO6mb;K~}n;a^VXDVg@IU}UlFtFXs9oX$y*0iZxv@eZ)UBtj+)~w5Ot5+64sdX?=&s{1(pb>SXY84QlFMz<-g3cK zwVY zTxgRxaIzI{-U29(=kPrCovB|2uTKs&ve+mPyxMKog6pMX}M>b{H$4KE>& z&h;0k@Bq~t9HDlpn7I%aHD)%27r!Y$E?!)@xA5%S9Ggr$BKudSn7 znGzc_n^L;~J)*J4iX$;RjgwGu)Gl85$SL+p2NZULVvEYMrBc03EDNSax2`{`A_SCd z5_=jCkqDm+8ztF(!KSFaJQ(+Y4`tKMBY3vhm&LoyFE@+V(6da`y-rGTrQf~KP$5Y> ztf?YLkogp8)Ihf_@9VXv7c==`;5$>NFLhyTMdt~{GFJMh%6Bu@$PVSO_QH@v6H`y; z=>iQ#LFyFbe7m0<=`B!kvL?S_I;D5qerd1_ms`qPWA=U+`dX~=h27jtof8ejmRlRTb`E z5GvthUb0}F8Pl7^Kj^z<7g7tYy($d)rHJHzCF=WI()yuvz5?{~G5gG*o?;jPQw9*< z>-K7ZV5sFECc-@*rzNgg5jVnNV*bEZ_uJIpwnH1ns~N4RTj+q|~iyU_!u0g*+1qw<^+|fsFUk}i^KqZLU!tTG!@6pJbb1dJAfz$HI$N8JTEW`1`)VBOaT_*}6YLfM; z9%Ptxi)f>3{gDC8r-#TgqQ#XKEv3opS@pG9(fTF47MV8qy@@lqE0#j-k*w{!)2k3jR6$W|1c?=-|8|7#`q5q@f{9{E4_0{F|E_1>rrbkq)>H{-GX z?;b*UMqS@EeGul&Nj{rBOaYN98B8wI?o zbK(6}AK-s$a~(A40cs^5i~J`;`Ioyf25wYP%MmhkUF5evp(~EzV4j(Ny7TYb#ftA{ zR1T#hA&ndZC1&nYDm#cF2`uBke@%uDgI2;7(a}dyf7@82x5-dOzi{h<)#fI*z&Gxr zyOKbM>!)`oxj|TPX%}QQKAp4gee*xr<-bQyOgQ6AS)9`Iojl1re_O>IhF(@CS&9Hh zqC3G&YOx=gS!{}i*YisMyYVZ`>-62;i=Xx?Ve86X?tgoJG2!vU6$bPRGqpSx!E@tc zDT`j_hyQW4|0~bZKIqi;L#3Ma@3H@Xn%2TZI4_B)5p~gi;-0p@YlQskTGf1yd~JF@ z)#jz_`heaEnqe*RV@vQ4>`*U>A^Ii9fOL+xt(WJ(-(K?n?&uK981!joSqP?g#*AU* zwmQ6(|KNINI96@GLR6N;Cl`Q5GEbhy^6IcJvVU@u1fcWqrcE;|&|LM56#s`!{Uu^rhP_)v^SEg$sbT*Vx3wesgm(e@0{rYjh2=yKSh<^#>;b8r=`{iRYY4 zXi*O6mIvbY}FcO|Urn`f;u<9s=-kvQ_a~ zFkkc(8I=jn2~OPgv*P)+{P6#dz-rE?Jv{O92QZyLpZeO43dnav7mfzcthu@PFZ1;< z^g2Cs;2&gN7)E)sF1PJ6?`%Q>KJHjA7k6FzgWF;l)~eM#ECR2r(Qwl@55Gsn7BXWk z0xE6f{eaeZU;WIhtxKejey-+d)ko$@&fr&>&|>|lmNWlr6o0d&hGgFMG=^=(T3OD* zwPlyDo0-a^hBse&M>F)EZDoWt-dVn2g%&jlGMR-%OtE`?SX5z}*X90$$Q)#ZAC+RaVIj2BdaqIZH=~d6|BjH_~?}wr^VUP0Qoz3Cx&YAhpI^qzL@5)46fzOh6 zTFj>?#6M}vbvb#&rg#~z`aB?wlCG24G;0p+Bkz>@il`Oe@uauLnD4k$fZv~8l=!i!06gx! z0g7>EC{`$@)0 z>k>$N=~x;nb68}h)7Qt-3IiBSi(kM%XBx`JC3M(`tid`S-s!1<+#J~snObv;D(yUW z&mJ{jdhGXJk&YpWVaOT|sR2ypj%R>>l&H7wa$>;d_qa=H#cYsAgYGi}HJ_EpMDwrs zbWLKj57F1>+xr@C|BaDq$=}@A;IC=OKJnu9H?nOT%A4~rTglSG=z~p&iW#LB7$iUX z>FQ>9r~53pz7JJrW$^^=2T59-IQng3U|?9%?mAKK8x}m7_-nj;Uo8Y80qN?0T1YEm@LCCuaG0A|0H^{1GfgE zEx;%NO%STLzl=$ae977}zHe61j#bb3xT?p}npMrAW9?t~k;By~-T^!oA~Vk|`2J*Q zSUFdx5D-g&=UPFLn@&@0yAMmj@Zdxz^Dt&LlsC_4sMQ$qWud=qjoU-l-B|9}f4-T+ zzc5VCk?m_B&Vj!7yPrEPiU!`JY|KYWzq=PI3aXywVa%h3v+Bt1LMzv*)u|Bi6*qiZ z3r~fG09?%Wzt+sZvETpm9_y(~7iG=vMwyskPfKRR((%ke6nn461gn0V~v7a*u>y?duvZ{mXQv(8w1{B3Sf$7{RRF6d)YEH zMjnfuY!i=3l^7?g);Xsns}q@a?}*bC{~z|=GpxyMZ39)rK~&TM6;VMP1q5kQ1q`65 z^xiwtJ3i zU&EL;optA1iHFpzB*%ZN~Z+)v|xxU`8pu*N1TEhlri(EAor1q4a@i?KL(-h`-~j zNUZm-+4%IcY;9;Y3}oADg)_Z_;x7`expx1j)big9r2HDN;HPRY-|*oB0-qT2 zc6ead?0odnP(H*G(cGPocmAWC_s(_wji4o8HREK-XP`bLm(jkZD2Eadu`qvsgXyQ) zTyQXpR>x4(srk{UO9g2%$0^d9N3;q!1)m)Frs}r^^9=Z#DoSz^3k-Q{wt?owJP}M< zHC;<*Br`~(JotmTKNr)WsW7o#Sf6Tv^X-k!j9v35=>yO%v*UgjRfcJoNw$VdBSS&@RXvC>pM3-a*fbm`t4KO7V7@dzqj(7 zf{4O1UO--gi}~q`aQ&^1NLU7hR?QIm#iV6JKo_+iIe$Tkow9 zHepWtNv;vw#{|iOvt3euBihlc0$OgLg?~vqow1(x?(ZqweE;rz1x~}!>!yXqn(5;5 zMQyKbMtzNP0x$oKSf9kK<$C?aaiYxegI>Sn4j3J%-a+qlO+MNFTYh$c_e9gPvJdf7 z>9QU`tt`&+w8bdqZ&_z{y6oSXB(KPuKRaUB42U*A-_jz@jF;D@KvAnMWE(CwvDxBl z{nPu)fH8i%W-WICeZtU^#qbP1N#v(*0S4$S-#@bOTMU<8o9CWf{GaXpb0Y;_4I%yN zs8;wUcOPu@$>+BGa0Jhv61sn|Z6~7T&0Mb+^CJzk_mj*HX#Wj;#b9|sP$?Kb88B0&2V2IJ^0|p9d=PF3h=>(tXU&(MbX+ zc2Bd*3Ik_8zv7Vlm{Vj-lr@;Jdp=!)GVXqBU%~$DY^Kz?t9MhCF2CBzh3R?O?FPJ0 z$dd)iY(AI&#)Em{P@$>Q`s5TM5pqpm8`X9yJ%uC*rhKecO38aN_bzWD*={$^v&Q1YPcwOvd5 z0L4T%KP}_#9PcQtj*?E$=n4v~JC+<+6r~E%3IKnP$lqL@n@Ya_GfBaa)2EGa@Cq92 zVf}04aRSgTvI7Y1XG|P7hN`_6O;*z&fLiKJ9rG~_KgRC*Tp+ex+d~b&2P)6Gzj-^` znc~nG#`XBMluqR}uLr!qp?UH z(^r}z@?%&Jv8`d}5tCO6$IIMJlhz2Wg>K;ys=?jr$IKlD1Ljv%`}>=!ETx;7+Z|Gz z7EWtGiKOwkYu~1i95WfLiH;hn@fO5f63xw)|I;qO|2_#oaMHqm`OX%g7rzQ#1>6$X zs|JNiM+8|ZE%Sp#Wfd;?5dcN%t9H^UXwydt*`2#&S#M2(32nY@$re+$&t~qO|mttH6YuiY0P!)LcQalC$wz*QW|h zW;-6=fjeX7O~vv1gi5z|(jZJT0YO4` zJ#&}($c4o}@T#8+%i0W-@i=4C75bpU8eKXA@SNr8PyY&qBmqNd{|HQfV=+Obi zk`kc6)B>a^U*QsIDCsXcAV9AI{qQ?5lU+a1^{;rT5LX7rl|Njz?i(L~_^s2LqhkfU z=9TIx5+7wh0x&y5JxzK5!EbCGu(e)MV$*B_04&x*G%%I!mT{TAF%6@FE2j?GL|wT+ zxOl~X@(Js!fKpflP4R>VVWk15U<*SZ#Tw0Q=ITnb-jxkMhm)rTG#?CGH=c1Z zNG>vWAFR~vk}bvwq{O+R(=bKo59(627ti%s`zrGz_Y*6p@bO2*w{q)9uX9@vhWc4%> zw_=vDUBIY?-1B+Q{*!Igif;hM%mW|`F*H>4M}88GxKF}lxJqRaQ9-iFxPW(zJhw$F zPPq>9dmM}wFY{gf@-dH~HwLt4E&z=TR9*nS*gUfuh`12yfw)TU5&)EFR&*yA*LWAv zBt&Qr*RY1nqHRS*MGo5(O<9E3aj)$vW=M8xAoj4*|*A);3Y@!a+1F%Ea3rY3}{h-B2`dXBE)E?otB*oGcqCfZ%(lO-i?S zr~uBRw-w+u12Z>o-*_-T*co|ar6u?IBfQCJhy*qphYUDtYOXa|o$ztNsY1Pc;)G-O zu!qgo?M3_6;XVjdq9|Skv_@CdJyHK2lm1&?^gnsD-c$L#-JQ&t>Ye6~D^n^abp$Sf zgLPJK>CRohpMixNqNfn1?rdq!d0%hEA=Zw?EdkJ2MgJRnz2@xAuAR)!p{696V(s+O z&FpiJ2v0j>+kYpTj>||PTs+dYE_d?0FZps z4x}khfCn?X&D?%tWky@VRBO26>hw^yDyy!%nazhqr?jE#kE;XcTnj8E2+V0)r$t;% zQr;IzW>Pj~FZH#RrDcuyEFp`OKO~4guKrvn;{MltTc9*}@wL}X+n1Z5*H?Z6i?~9S zJIr?+c)M~n9~<3(fPkfoBjuv!qRql;>$-rSKEV$4Ipj>#5KEC6F3gD-pl+#Yu|ca# za0qJgh1aHPkK6dIe}UNrdW?$y!~im#)@m^1_0Xz(Yj{PynMO`In`?-%@CKYNqKB-Az=hGDWsmBDJ;1JgISbri%NxY{JwasFz6yJ_?o_G1 zQCCvVn<_R@`$WVMa?i`hP6pnCdb%z!0(;5J%{V;&^157M;M%Lg&dg^?7}L)Apt8*h zWqc7;Y(CAw*8>yqipW_OC^N%R|IV3F%W#ObY4In|dymons>|yjVsPC}?*=fVO2EF5 z^L}{n*_4iMSCc!TvS_iiT`(tO11RD+gKDNzRR-H97ksh$RVX#d&HGzCuWs)M#sW8z z?!VHS>k8r&&4TAL$`9DB)&QP6bzt-(i8a7l9AoaW{x;LTY@%{=1_W301|~c2rp0sQ zJf2p$YYal}0a3=JH8#Xit*FlPUSs*+)&mrccD`nc5)2Sh&?**9B~iTx&ibSA82L8{i6b zZq}R5c?=De*kl@i%xklqeae&md(#MbqB1|#HVqiT({F)R&DD?4+ySz5!$MIUPrkIqlqEDb(qW4C zX9)`DUHP&X!1;c;@~|Mg$TD!lE=4w=nkEI{4FH}F^f2*Iy6&+WpQuMYQ%w=75&2vt z497WKL8MxNPKWd9Tjam6*ACj5x2yszdc}}wuqY$DJLDij(B77%OJ5GqibJF(Eo4tN zhMUqn@V+%b)%-l*+QI>#OxjkPfcsYg{KNQZ0TWvi6oCFr+}wVp__@d=GRcgP@wW?2}kjpupk01hr z56f=5s*z{hZ?a;#rR&oDW?Q|z%aKW?ltl_zXZ_Nn?yrU_j7$&sh|nuh>X06ALv zvtIx%Rp$Xvg*jI?w*Q#p{_};l+Zo^~`Zzvp!kyahMYnKs%xm53r|(Ku{uHmP;goaL zGs%pumLpm2;387-@h1$wH2Y+QdQeVqmXji@eH*a=!++EOhoZMg82oxasL zEH!~&IQFq{Y|M*yk1{@`uPu0_mu(4sV^|o5jb#=q?&R|yX1?>tw$-=Avqeh!iqfnM zs=&ifBr|0s=WM|YO~9qzxuE5 z5EkCQf34w)!0&&(5A<;Gt$uS4BYtw(FWj6N9A~l*f}tvZwPo@``}f0y*fBr3tf2vH z|AEYM&c8Y$;0C{Nz4phjHgAo*y7RnA=J_1se>_j$SHnt)el>$5_JEt@UtcIZMt5NG zCazcIsycPoNbV=w+@ZA}lI!p#q{R5Impsu8?DMeq?ZxAN{ekwm!NKq_jx#BD{%R%n zg$#owPj^%7-~Gu=haEoj-=Fu#t@-cj{plh6@7en^7xDl7llywxmGJWELN`dC%xLQG z1E5+{aOe4HeUJJb?=`?X)^jN=xmy94=Z1h|VNn4H9)>_wWc~JO5039PQ8=feJt$pw ztor^F5>^sX0OaaBTDOv|upc^mBz8u52F6VTjND#tq60c@e)|trR5*!Ffn6&ID1QzB zv3UbfPYW2Z+}p%+rB1--i}>U~KI00g7e4waZk5IrfNpMZ&aM0-b07TCcW0oc$2qx* zt-@S?ZB^~6_-M(&!n_#1w05c>Zr$Hf$=vD&2)q8of;E&g9(9x70SwK&>TjQ)7Xa2| zz{%ayrmotZX);xTOMRMhMUC@-f?dBWb90T-EoTWR7l8vHTe#+2H@vRsT3Ro&@LB-| zia`-BRGLyTX%yOBMBD(XnC3;*r2MJmiTB`fKO+&cn#!SvnbYt#UN6!t)?%-3XGpVH zKmVr(|Impc-(D{M!s0$HBS!$b;5k0b6T>Ey)OSPt9ml*Ts}=G zOByJ-gAK~g*~yMGXC93yrWtAZAUd`| zztVOnMsru1+wTHD>d(C@A|PZ={U-V?84$Ep*8mOHJ?}t2pisZ6p36ze2L-5l46bFB z#*eh@%VDJgQM5sPIX5lL2(h!Y(!!yuMyxc}X50!$wKB3ryDLkM$eTqrt2#UX$)hy! z2K!PmJ{mmbv5y`#~25-jJ(dvS2O2|%SB0GXiet-Bq_Aw1w2m5KleGoAp%#;t%5MG7*_Pbye*DCN9rrFKVdW8T?X&c`F7#JYo zEVcWO1EzW@+FM7c8XuG8dVww_fcT(J#1%| z@~}&as5fJ9nt}a+R>j+2&b@F6WMSbHHVVlO&^+$tG7jplq-R%)b6JymDARG89Mhk9 zV8+-xAJcrsjf((ncOczw$+!rplEqcm&6zzs%V7z)P6IT~eD5J&AYxRkAvF{44EWvY zUFv1-e|Y#Z!fE#i1U$anyjFtTT}8|3gZlI88@RTnt9qZPVLhnmx~5gomQ*@YsGuviB3GBp65%aoA4$tqZc60t_5~8%G^-diaT$=?S^wq-YF7n7_vej8SJ*lCp)~|2c)r~e zqVwa0{3nmh;3K1)9#DZg#X!1eYo%R$;&zs&c}*7Dn(n1{D>Y259#lyN34`Ro3gi@d z@}$uSb(M2KRND}q#xM`g6iiO7O^zPJn`ZqkO_uttTdyOD=z=L5> zzd3-(r_pRPD=(rn-_2=X{^w@?%TbGJSUJ*>3@v=K+cc}ZfRPfqw(89nr!%(<@@=1# zqQG6S4N3jMoB0LB`Qhh;AQ+mm9jG6q=cfnlZom)K=xJTJ->~2Os4;! z;k-)fD!)=T1yqdtpl51zo+4ngvLiqN%zEtHrOEd|k=g`EuE8O0a9rXdc5ioUe%vEZ zsjam490c--ehN2DOG!e44lR@|raIRcG*2K|^#^8-$nG@X4%nuZL-iTuws=7m=;4?R z7UiT)kqmiqgw=p%QxXGTirgWAsrNp`Xp za~QFbn-`n2OQ_#54bR(M*Q+CL?^5eAy*A~>OF;Bvv%7E#2$B|grNrut13ieC86MgrOC4+$mDf6EoU2M|V-YNy^JPiW0b^a2e&b6&Hnk~(DE?}C~W2jtdrOFlNm$`FT zUhnjRA7thfFe%S%Qxc+$`561cuYl0Jg9V!H`R6=pJ+lnG(J=dz-rR+LUCqUzlbq487{Iue0asOv+Mz@a(R;KAzBtoc^rly(04^4s)cKe# z7j82R&EnNujTukBy3%Mp6?B#2l4Vt=1VPWG7;8WFT$*~QqbFppwc_L5b1-)6a(?ti z;##)Ijh7GkW_xS+_QUuVN^A8bvY9Cj2adaT&HB)6mgAwqnukhc8=`pnw=GP)(RmG_ zu7k+@Y3L5n3iZd^*-js``%G6*RB0j(WHR^^4mlVtniW77RSy&&ZBCi=rEGy#jo5O+ z>NSV6wc>s-qMzEMn?C%f?LmpAV z^q+u0mOvRSK<$Y}*vADuky?i^(vpGBT*`P?Cx;T7fzYXzxr^!J&5IdQ7$SCbs?=Cy z)E;iZ!>=&|^{W$ctK`KcrObDn$ePF02dyUwuHC=fI zCfh^&tU|f@lE3tDT&*(u;%)9&j6qGXXmBr_*Hpfqk{&jdgbBcNKn|Io5wteXbg5H_I51C;-v9={)TMx7DL7cWm&A=RoWKGed0luBU55*M2+FP zZ1eToL{y7kzAKdC`Dz}eBtI6YNffEZdU=C>SjQ()QI*tgOgcutgti+ z15CW#j!(|~DJ=&=pVougEi)m1y1nTety^e3q)JqMyqkqr)sKIKLZrNm*T}q=fKQHM z*-+!9RN*bt$*XV5Q3`2@IjJB0tZ)i_lcCLxl=a#QAvThH=F6wO{+dg|g@k|m*Xl2ZWUT9r#K(}E)yQg+a+R)f8 z!5J8C%;V|RXp&@xhDXfm*;Wb3#<@~;AV1_hCUXO#$y^&%^;->p^Ce)35U>z-i4!26?A}8h-J*-7ej2;|HJR3K!fr%BCiTKcaDBp~QrP6-a zOs>ZKh@XHchRe34ZhD<%ZZ0);9=6V-Kv+NQMS8lm%|l2E{n+rkzT&00M9GaEpQ z?^n}Vb`Xmk9bYElTQKmGiZcZn);%EX#qZs!$5Y9uK z+0%Agyd4fvLo-U$8cfGooEj2s2!fpft?Sv7_K}K}JOmUu85{n5f9L+G21OHb>%q~~AoXYQ!hrP!y4>S)#Z z*w<6orI~KZEc*EE2JUt#-3t2Fc;RkWRA|qJds=TTY74k`Lpj4;<*9gJR&!)II_KKv zeJy9VyJdL}bvc-J?X8~ZlHO!1;k|Te+Dy5Xx;7h4>ZDvHFFu_0zO}KZe70@6Op<8S z6*H@JcDR^dk_ctAEZYX-3mm3zIAX41h@YJXiT85E2VE$QOwV|??mbm7ifkJ0 zCla*l5$)FE$DOHVYYKH$ZS~{d>sD&@pVgJtb(9pf{bhA}5y@tgbwx%Gc0jdJlO~Uia5{-?A5hd~>?kI32#PBsr74 ztj|1Lr-BZH;~%D-5!yFQ^0&9h$zAu~SjV63rq4PQSRd+DN+$~#;u zAETd&axg;PSw!V5TYPWcMRVVx8#ytzZq?hjZp7UelVfz&1cJlbxOpD0)RllMZ(UU0 z)h`5vUF@bN>8R{8$!W(XIuW?;IVR-uq%+SWiNER{6##{X`m0%UH+Mh8}`FA!5sEC5~wJfk{h6I zFn@0$1rtT37V;2P`E{9xBN4p(vs|*r$gKjOmUTCM!#b#?#p#1g3>$5x&Cuss# z5mL^&9nU<^){Ci9w%Z(h&h9He*KIEY#Ox>Z*%ouf_*%DKZ(y|%Nf~eAy+5Vimn3RZ z0urW@QMD+R6GV&A&fd}WLeWdAw(+?-D|_i?EN#09#P(}l6HckWPKn)Wtw29SI+cyq z?gfIbpdl@KV)%#DMLHf4CxX3TXPAVIvi^O!lELDs8SIqy9Eb+`iQ2f14 znrrRR^av~D!`bUR6>rgbG}+sT#x3Z*%J$+;sLT7EFS`R-pK|Kn%vuSDYPQK>N?ThX zUzO?|3%GlBZ@zBpdQKLdItaEJUNhQ$TWa(4hB7ir zF(V#a<+`lgl45tc@XCBwX)&lfR4ckxZ4kP7dftGt#=KjX3u9t0W%7Jzpy%(t zbqZOE4$v>uo9EH~k}54`X9+V~YF!iln$Of96~?mUEyx2Qx@VDz{(>Nzi^_fb{^Ir^zw4}(`RFQkKC0#4!+FSgJ>C@&~ zlgB41#BQM!UAftvGkx*39=%qagy`;Y|MmC=3Xtnq7-FeUFNq2g#I5$md=hCEhg7F< zk*9i($X=WSvq#oq0yL~F>&hg%ksT=ca(^Dp$I1S)SIQ@KL zD%;Z;;yHy%&BPwdvK^N4@!EBefgYP4iCNTal``qdE)*iVj6e2;)I02z?iNathdWRc zWf2=@PP_G2e!(J6J?}uR*~|1<@uFPV%rh1|wjh%F_~-EE9fcojS_tj$;rlg7W4pp< z?^;bfpR-7^g{FSE8jEAVeV)NX%K8*4|1818h94rr^b`DYpMl-M~N;@5Y}D<-s9a>5yEKz zmC2S>+ojXomwQ^)tad;5Tv2G_zN{1+eX&9H`oOVVsGG_cBi7H`!r3T^{%r-{9utyJ?y3f+uI7wml4*;sq#Ro9!xEcn}R27A=(W?);A=LA*$n0>>TeYr+UE!(d zPK(KnKz;ZSag-*VujtJi@tev}q8+-*kyi>IM2nIqjp3Kj%htDEdn*ekL1h}J98BA! zhSG~Sd>#?JmS%SzfT0PIp(Bhly%fo2E}~Kw%EN!^96LS@PYGB|w25T%oyfvFo^{W9 zf0=+^dNMYOSTGC}xeX1}VRp1n+ljA5i5`Wm%b+gKol1{}WYZ(!|DsHcohP}%Iu zC*33lTd_Kkrd?a-tGtS5M0s$_DfjNn5u^vjq?$nVaK^!WIP7SG`PrCRoVKhF1-A_( zUF~*5he)3GabG;C zQ-!X5`1Z43+HU40*R2`Gy|n08^e&4}E^B?!XU-B2m(svgm_1gxA1|C?o=jDAt3%9O zo>q#&g-$Rcst@*KPgfm4hepgjNjh!MHne%P%D9p*@}$8STm8I_o|9BP<*#T%nU zCT?>;A?nu?W^!y%H3$0{52hZ8EZgC=#fsY(UeOHzC@FW1>@9D z-Zvr+LOc3$i_Vi>9c295HW^^4E4VB+PGo>;LrVIn-J7)q2a2C%nWSqMg}Hy`O@gnN z8cVvkD%^tmj9T~j>ep_ce0QSO7G%Io13jU7e7hDg8JEJu3w_Z`paKn2-+)N2U^Sz( zfCW9~6^Z&OF1=14tjKQ~Xetyvqc)8_A7|e^9Xhj7cx6A#*Ai(*G`m7h(V#MD>@$Xo z^DMXpS;Wt*!aJ5V9zTjVvj2V0D^h~k?i<}Bj>=5pA@_|kNXhXsI@UZX^@VKxO2`SA zWqZ&nh4d>z218I#kYF||$)~N^$w)8SVBD0+TVDPvbpjz?Ne-aNP>eS|D-};9L=6|y zuZ@kLTbv^V5%;_|_B3mz&vy~EyB^1jeG%XyH`^a58cog%7;_9d%|wFcx<01mtN+%6 z6h2C)z@kO8%83=EUYpnJjmy@ZG0Uq}x#PknTP_tuwBFaXh`y7~NCm2AHV>c1MA- zHVe(>fr0;!8A-h?B9k70$srFdT*BNsH>AzOSIi!L4CUfwF*_Z7fvNR`6V2+87-Rj zyCpZFAfo5Bp7)LCcBfC((V(%Tq&9flgAG5YC|&f+ns#_4kf4rvjn$Pm&v6Me$Tsx0 zP{rWwGlN9}Zk4W>^AWYsCj`A2owo$k<2vHpJdlMvZ_S;`liU_p*{@T?Cu;1Ze2eM( zZE&de8!WyH0YCZ)C^VCDoyt7ocIOf)~GOE3ywz z>ekulAQ6T-E50NCa6diWn?-_=a#V0;@kGukJI=*Aic4V6YKSE9i*9<__C;PzC!m~zlA&9 zd-`FvTha>jL_d`De702H#ZaCok=`R>rsps1pJc=A~}KgWKkGEvXKj z9G^SgR5eMxDb@UCJ3~c0URC7#iyQ3|ooll|%K4dyx^JDorfb;KPN(V}*}*L=!T<5Y zI_wfZCiDYiS_;#hF1fw!^n#QYKM93Q;t;aeg^lgEn$aMshzq?}rEp$QS)MOl4#r`I z-QJRl(MlN7i@^8*W%*Qc$409!DkeO+Q46`4_@bG9gDXR@Y06lWlG-LqL>snlOz{4` zv{tuJQ9J9h5o8H3ZmwU@rL1j_*H(%hAO)VCl$e0(2H+gY;q^blAR0<9)7n6Mre0AM zdSX?L!{vcw10CP~!f3ueyDvTK(Xg3{q_2r83Gu5V%3QW()H`sP7?}z0<_GoYWl~7nmcYfd45F( z5%a2dbGq!m5#y;xf&7w;$?GWbgk_(|u2S{e!&lSQj zT|VI})Q6Qa5Z~_WQ!h5hC$ZfwmDh+$XDhjmcHPHk8-_430ZIL+D zNFUzW6s%j}=0=!>Q*cG>Ul4OCOur;k;_=9e=JVlR{F}q;%jqe`-lF@urNK~^u+3UW ziASxJq@|n`_cjcyd(}%dB~?^Pli3V;@g>DCT~%{7p1zc(Z<iL|)_nJRSuUP} z<(0SM_7hI+x)fCmw!r&jF5@~Y3MgctkG*2KYdf45tcrQAwg*It%lf!| zBS8UHfv4wa9@K-x_~3GSi9P7&ZYf<)%izI(v2V=ws>eTFk}q>`#*DXg&JdIJREksf zHZgnBeE$3x^(Gt2?%O%-p`#FniaLJLc0t^EC~9f>MOd$s3^Tvvxm;Ls&IFOU?Skj~ zU)LZnS%g1azG;5;oLRuy0PG8r%%kg@N*io0ozW#5A6z|rRT?9y3MH%r%mW&TTV3sY z@?+_)&b6ki5r<{Oy&UU=5S5l7peeyLD)a!jJ!V7lJ-W(|x# z%=6okL{2Q^rR)ibsYXJVVChz3MS0NaCH9&oeHtLV}-S|Q((ZRu{~M_ipm%CU-pn!bn{{^a_fG) z{;@57m7cWLN3MJ!ZqBC+^yJ_0g?NU&RJ-F0&&`%phfB{?Xe1yyXL250Z*;S-7Y%y1 z7}}TjVgu+JYln|^&b5=V4z`1Fb1aV}RpCPKOv=G}3^zQWIBYAs~@d49oBGi55A!t;Ye9U|yV= zDyAL8`Zao62r&DbuX1>)RW``W-@13<Z_{HA31Z`(vLc5bi@+8rJn6}or<*ru*3=Rj zVOffy%yt%BjY&~>j#So}LuAOw&FQDxp&v;mJnvNL5W#)#EZB#9a0@<7J;v^L9GOFW zFnEncwJh93hF<+Z4n6%&yqO|1odo70m=#575rC}tmm#eYN$Jn*(mG!@P)y*mIg@%S zcMnJ{miHmvM0qi?Z!tnh2VomLgy@%n(Bn%wy@~E3e#%P#`>*d#)m}m+oBB-eR&{dn z6Jk%S_o@mN`MKr19kE4@UX`HA3*Eavh|G|lAgr)o&OTqZEvw(mOVk`p;3$;hVNpX^ zl>}JW)rc^wRZ2~Gs%R246hs{?H`(r9Z(pdgm1&ROz_NN(3Wa4)2WTIq_}?8$TIh8> zkwkS~8juO!`_En6HtKb--O4^WuI&8 z&E=Y?P;K??m6cmD?kftB4~x;1A36H4Y>6K_`R>V@b$iLx`9xAPeQ9UxORCKTzZ3&> zV$T2W?3zDfHegJUMe6jT-Gi+fUpJ@YjcL^TW!JQzY`)}Ke*rRiH5OoM>SalyycC{9 zAtGKc;Fx$-ANhxvS>DQ+^~^}HG()jes0ClN&T?Ga3%%eRA4NVZotrVwo|RXVtB3=qbX%a_eSRuv)&HgK4)HmM0W3qWvD1;mV`=T*%jgSb`K)F?~kU}Z>PC@69W0G zG`;c{gjEH-bP{)n>(cX4ekXZ-x}wkuUmU#xsQF-!F&zC^t`9)gl>(oR^5;<+iV5Zo z@q&M|AD-eJo(QemD2_3;n66QT%0YKJ7KORXvKXAgYCDT0dfSD!9xQ)g#p5?Z@A(Qc z(KEl!nfB9(R4gN|WmE~J)1V3o_r^q-RpEWjzY%Z2eUZHjMK_X~^9nIHa^A|*k>bU! zT*=l|ctk&fWoiQxqD?gs8(xLb;&`a+Tk}WLK=c?kU3<0NEV+60YlLyv*!g;Z%&6fQ zxlVpw%aaTVoT>tYrvy7mo5@u>?5jX8IzP&ju47fB+b_^bb*cM&_v-8J4gW!72YuSa z)r2OFjV@God1~YG1rM9&wU)`amwkssQEZF^7TejteqXt4SJ0ELaH8w*npjy4?IPND zO}Q$}sjzK$l&!gS5MdE|>+Xq-T zdGy+}S!+p$RC27__5dbOU-FkOS^L`&sSZ+6z4v*EO?rXHU?cYb$7g6;C4 zwakV((fW42dB+l%5Bby>erXAP9@P3^jwyBg?QK_dF2D4^bu)cI`yF6+El9u^BczPMz#XriEQto-^c~Dw*OOOuW^k5p9!&TrTeDi z9*m5t#|P;*h7mX87kus>P}-LqUEK#+V7bm+=$@`PW$rUh_C?VqFBdtePdy9mkz!?T zm^F}QHM@UvtmhI_;7Xt1#-5@(n;yK!Avu-DS7^HK>xL7OekX2NDU0Sec%nOr-csll ziz~QRsBFSM2(>2?#^$_50~vrfGcK@v15NByF!`m16ejO`ootwbp|*a` zfZjKawR4lD#=(b;o7MOk>1Ml8a?HK9=U8?xcSzH^4AEAFi(NZbeQ^RIO1DrtD}M08 zbgwpEcE6`NL>Ktmgx)3bx*3G2frDV3`d#>rI1-#|pLf%v%r-YB9~c{Qu&ib&TC9uj z?*wcnBkDrxv-{3%JYC7UXK!aA=fHsO-gLLTJq<_1R5G+6 zAaFL7HY0$2sX4dIO7G zyY*z3z$}Fd&#hE& zIYYq>v(%`e?4~PfyH%3%LAOKpkKGPq)-d>dVH_k2aq``lU#J-zq|)92ql0-eL1j|$!0`KCU&JM(7Rzhx)ICT*%WimE27 z(HTI36*G;L7fKQzM$YL;1b-wEC{p&-Pv@9X8Q^As=Cmz(@G6LwiV zK5U0?5Iw_^Ip!%vz8ntewG2(k=!r$P=?82~ztwGwDsiU9@K@tB+Z|LbG!KM`Nhdvv zb-7h}?b3y;n+>-IQ>YrUtk8fq*~p3)v&&bB4<(U#!mp40p`3IjL`22xu9j-!+ICRY zM&bk|PI`F7Z*XiE7pNf*$!)Zj`q7pC7<&O=X8_&fqq)eGfE(*SBRkl?0?>PIj#Gr& zfBcXiJEq200QCL|!+_wA!8k1t{Yd0DpXAgWBmcj>k#jcrz$Bxxnpb#4yjpH^6xHsnpD^X}Fe8)$%|6 z{~w^5|N9k3wE!qK*`!TZlceDC^W2=uG%B>+h{3E*W-&XtkWxoJR&B2*-=dTTQu)Gi8rTLu0 z{GYG+-&Lc%)Ub~RO?Y2^@$|M;C?9mc@7 zj=9y|`s3I9;bsq<1Z2n)eXst{`+r>Wj2b|Otcm#El>3WMvzu(&A1- z|3er8$-XH&fc*~ugukeBUDBrF`f`#(dY<=)6Pg6Z*rnv9IMw{+6LN;`I}vDz`;EX` zDCIgC)EEYU&WhAZKaGqugN_GdU9zf|s^`Cxf~1$x@=@@exe;9!JK z0T^Y59dXQzAfaeuT?2$NCm7{`OcY$M&-6QvK4e%RI!qs1IlX?eT}ZA@)gQ|}Q!U1# za#x~tQ3CKZis~eIw$hs%P&*3_1ptgxgz@Eec?IzL7>*<^LLI>NGueu7>@L%oR3>0} zHqYvq4d=Og7k_-(|9LXc1UGzh#xT5oH)ru43^pc`9vu<|RAHcgoSR zUBW$ZHfn)J&vz!-gtc{q_+YLE;I*V*!B(1kemFG%>N5J-H+61(6oa=pUZ63!@V>Ok z=p-N-ggIxuvxW&OLbr=wiKqZWJ~7#c4g1b4fK|^c6&ens;it{3GHbtr!Ip-!3eg%+ z2EyNSP48Zx9y}X<-b?A!b8lrwzX5$ieXu#U2^+f1rQIo#m=QpyYhv%OLZa%)HRL)H zpt|H*jsTw9yj>MqH6xu6Hodt>pcF0kZy8D@Wj)5(527(?g-M#n;wz(OgE>w7~ zDf{CvAOsn?fjiVk40}ABz&}&_(-a|um-$S7urw};Sp%u^O`~aUO;06<+}~bZ8wgtL zgZoJU1F*58hi@*Vq(Zy$faZmsp%L0ks_`jW1QO!Px59EVt7^S|yS@G>OeyWFT*5Yp zEUJR5=h>)KUVJucrme;G0LSrvNX49m}Mc)9M1KU)}liRaXmN-x}+=x`lA7r|~g-nU^$e z%j5XvxHuRa+NmM4)X;i$?SZNzQUJ>ALcJmBvoyN-Ci|WV-Ms5mD-X(yHapx7QO99P zWA6bStKulPNbS33tv+F)%ioznw8^7O+GF^4|6!TgegmD#H9(7aeVaV9?y2+v9=OSy zN3V&=p|N*5+Q{_9jA-3S8t+2z;}QN-pO9u=%Iq!2`~a0I_hYxGFca`<_Rkwsg>ZV| zF>_og={?zs_p5f=VOK6er=gT1mfvo{wwIfuR?leso-}WKi_9c3lraLJ@OMwgeU+Ge zP%Np)4$~X6%BP>46G*iKMe)1elr*Q8+*cNWTD$<(?YHO?D}WC$F^>XN#2~eJp!ia~*u-&JAYb+)}$zv(7jYac@ zc6c9SNSQkJg97iIls};L=%G`+R3LQ9zOrw>J{PJp+Vcf)@~F^0-`_6!EYB0qnj?k- z)#NWst>G=}m+p-RLV_H&tWg#u8aztz-CQkVv8A$Ea)OmPk!ork8!W>_ptZkZY~t@V zvV1}}KZLikJ`O~>NdKu<1J0~xHA4eae)RcpQ5Jr9o!}uynpxf4oYM?4G29mgf4Qdk zh+Go3k?!~AV31 zh754Epbxd&ArbEdzzlFf~b9dPQd6EgntYC z@-jRhFd)ioddv`b{|<-{3v%Oqt~-f6*kwJYXu`aLkmw;-IZ6C%pOp>{{Pd#=z0 z6|kPyIIA~=W?j=aG}osJ*3c-_03Gqhrn_Qj2WZ$~WPyn`p!vix7insPTKCd|ZXmOu zSh#JcEZ26|&Nb+T&d_7uDTwubp^P*d$z9HknqsL-R`dOM6vi zA+hfn*6zjVNtAAKruz2OK>dycu;EV!PILnZwW_CMuOL zb$Q?VA^toEvodA|Bn5ckvkihrJ+Amg*Zo`;##=0(*YjJt1Fj#J{*plgVMCFhv?a|V zUfBEA>^xrUyLN)WWt&(S$8%~ATjc~j)3e&9lDj>1VeiecA@EcUk^qg;+?qv4J3aUk zE-hv9X4suQz_he9e1&E;l*yq*?wA3Bj=bQ>8o|ICu5c9Z>lv&pYYasbZ>M)yhbCESfOuV zoSlA|smAL_q}L)p#TQJS`oD>FgW4%0_Z;^jJr6^^_a1=f4MtOx4&p$hH2|p<(Q{OR z*Ur?X$bEZzJfD7WCNMd!WOr1voJ|7>yL@H>P_apJeeKnzQj?)9cc1hn2_{T(#d{d! z5Gz*eu2QkGUmFfk`kDV9_TD?JskGf528<;mr~~6DsDMg9k!I)}L=kC0K#`6^la6!< zUB!m<4gnMa5eQAd1OuouKtKr6A|)VFLI@BwK;1gAqiz$yCunZF>5wFC&CZ)IeAgdB2is{vsdUd}^(kOQ zi>B0AE-zhehu+Cp*vA} zbn-ekRF$H5&mN3e(W2ZEt#}d`G(VDd>ZzA!=2bpJ@v1Lsc{+?~P-DU7DxE|(6%@%d z9ZV6#6WX1;DLIX*n7>e>{(G#XdSNj|d;NKT@U1?eQGZfln6Br@l5bk=RC;4jF%SAu zmtpVPR@!N%Mk)}Jc!W`oL^(%=Ueo6yhh|KpM$4m{7B@Wi_TdC>>AqVDh;OX+DlA@e zIM8G>Fa_;6HCF}e)7sjOz^^fywzt;O_Jg128J2zbZW=G)^poTsw$e}=mJd*+%fE#6 zoprHFv1v-ShJ?Q%hjG>yv6_QbYZJg+3u?P)HUOrRgF{oNX2*VKsi z7byFxs0bGC=sa^`g7@JBP&&UncB8O<88A_5G73cj)?^Uo(HVF*R`}V@37N(D__|)sk&`(^lygVG|XTXz-C)Dn8)_j^IVfgp*}Fy3RLd7ZnUiv{=tX zOP%LrPma-)Dn8f3`~Fx>_(L9dYT6N#tGfGgmx>YxfFY%H_0XGuzN?q}pZYFb!>k)X zdhaDVJReffh6K?^qEBi1*>udDfX7JBt$Kl$zO#V!Q~o_Yr^;}|>rxgEEz4`COlu-gvUQyFw zGRj;S3WFVGm+**g+E#o@^?glIv1M-dOXKJ-Wfhj6RYpC|9;V_VW^O#$r9?6FdqbC2 z1rb$@xnR^H5UyG9OiHUhy>+(mzE4G@5)-Ih56*@<6|-NfPn2%=*}DYD^z6RUIT9VD zMu#)ZSf%e^rKA2+LW8dHUM-V7F$<-7en7P_Q2#gB$Frvg&|vt*B9s zPH!cXM$jd5iIc#$-|@lM*r3FGCLK7GWZd**h#ws*oeDUJU|Wz0guCl~%5^~s1?kq0 zeuT95OJHB`S53$R&XS_4o#<4b(nli^N?LaU&+#suR`0aw>U8ma{CL0Qn@Zi8JjNj& z-XUf3#3Db56*uQw9Ah;#O2LGf$=A33g{1Mv({_RGd#{=%)Ove8u2t}G8~nkrBiTBz zJg?p8DX99IuE?W3Yi$KcV}%@zg9SLwu&k*R8{&kylX`F3W_u&&%T}vsT8e33J({^x zV^H)v{k8Cj&Vy`0>H4QLa!EQdY!M*ZrT-|?l;1y>?7Ve`2G6zI1Q~S&gFqR@a(8=G6NTr~Hw<<-AlRaK#lOa%*Kl5RI^Z+` zK`Ek#8}EogQAVro?6i{c!>tb6t?C18StR)g)Pr?^4)miOUkn)cXq7I;(EA$1SjP-@ zFJIIH%_{Gkw*x|+^2guA&f7*Oa3*I}p43W#yt)JAE8ru6p9^e z+q*y0Rw*S8+j>&g7rr8`ZO|ZUZqHk?zpw!vh;$V0=i>C>qI2Yz)d^NLTa4|kiV$Ex zS~{{e@jTgZmR`r(SxFE(7hf1<#W6dQ*I%VSCGcP98ZZniM>(UwYH z`~1i*y!l{GcmCo5y$9WMmoOU2spEt?f;%dtl>!7Y1q0bPwIZ0=V||Cmcu&c!OTS36 z+l<_G;Kh;jB?xKL6I0T9422SUDz+EyFU~DEkEPv+6oImWiyTm@5!N*2^k5Z44cCC- zW;o^R*_)olH;XE8(^-icD-TY`%_x}$WPgX;bQ-re8RQPHCb^GIz2_7WtV~aNJbu1z zc=n?Lw;GR7R0m( zXW##OpaTBVD=cNI6?$3m{VkE_YT%b>-|NEJI)tx@L;afl0qU_Vy9z=sE0&>Nb56d3 zIDXkp!~RP=#Xy&ogN2?1#GbRw%EhEjb+RgDttpB-qS@ zg(!BKeG@Wkxc{x>H3|_Hy$YM*MP38TyV?DxHs?i<*hp8q0k|Q_?N?}!;#Aau!FS>w z4cq~tzRp^qyjq;_WJnVFO!{~=KxbD%9xxJji)|rPOL;bmp5HXRumHeWe7o#P!sBej zNg9+uua(HW5Y^Ii4s$%=xCSwu+S~XGQ(CNX3#qH$EkfLi$$n=C7r^YO#{;OQ6!v+w z3^h?UBK#~?B8hI#Y$QQ^E-i|c-WDrjyM73Y=DZci^@|c+-Xn$1LCa55V4tUK2Ec6g zss({gO1ki3M)P`EP1j4^itmg0UA0QB6;{L9`ytN|x@FuX?zIEj1etZk_w_>0ivZD}e!+hW;9fPpf(Ms1Sl)^ezf@Fn>P-ppN0c`Gu)~ zr$ujPf?c!P0stIsel(gt5W)=HTy0CJDEN`{c=hb! z9_5+*J1?PF5&KzED}fr!z7%;N?l-WUCScsA(?i`7@YrlpdbfOU;cXPw8G@L?42a&{ zXK~jNA3jjgys6K^#~Is`N~XFO`d}1_u5@J=)nBc_cV6GVc=>@4PFuFVR!o|HOKt4z zYXJUm{)Wj{VfW>Ir?egff|_ff9lN8s)npOGI!b;y zK_cSc_1_@=fbeioF#fPQ%4#$VOcgy`6zsm8`)KleD8KZiKeGx}4v}p1M_RGNDeW{) zbxixX({I7`ymg;`dF;Bq$r5Pu&Y}^3+Dpr=_!+L3pgBC8sQdLpGJhMc$&uspL!dCE zC8j@`FN=7oEBdu&6DRM_5qEcvpc_(HC}Q(2<0w>OAPBP{N6i=uLDhg>UnKUzF1izZIxBLBuQs<5|RE+)8r0l;?C#rN2fq3iUW>X>#xyOF0Hbctt7)N{(JRi;@R&wa11s`l1L zROB6-j#OehTjCx8l}Hv<^a_K*dy>Tobv;Zmt=rBz{Z*pz+jTPAJG-3yv3J=m@8d+~ z=jJS2>&Wm=+Q0-1m28=}$Wf;M;bWOUX5>^Ure{*>pY90X{p z=ZE!E!Bt;AFW-4D|MSkYK)sazJ5Te%jx+OLSA7YrTTBohs(*fP#}`L^KnXb^k1gQ; zV6XPaEt?W>et1TC6)1^2d+e`QlQO;NhQCXP;C1>l6C-?<~>vdOu2s_U0^o&|In0+n%av4-nTz<`P@$XCl*1Cj>f@Rb3dv1 zf8d8WRX1y(jVfOC=t>9MdK~-TC)Pgwf=K?p-UnX&J5SI*CizieusWnpc&zLGb?E*z zt-yPuTmXjwb-MA|KWqdUU?X_%_iFy!|NiTWu7YX*WaavfInAFRjk*c;yo0?T>ni^D zd&tlR_aO7dQufbJ?)W0+3b?5L<>AJE*y8!X7W)6Sfva)onEb;F;LlC|_ZR;e#D5h==A;;!vKB2fla!3mqo!~J^&LXFC+TKM`wVaEn4 z+~O@(|_c@!-FF*Z-02bk4{r^Qj0evRQLAeX- zTGJ_4x(tLCt_4rzEdKA(PqrbWPGACidkI98@!Sxy_7dky9Uz4P)WJV!6R;S_5h5?b zw^pg8;8rSz?Bi9nJLOG4WbV`u2uf(P`F9RvLEMuqiLZcEUw_mdC{x?qn;@_=l&BK79XFr$xh!JpG(d!48rb%a}wDV+bctkMp z#GG|33S0)4weqNZyQd$}AZ|br_ol=%22Je`PD@jsg2mM-!k3%~V&O8vljA%k7dA+n3= zLnPmO2(G`{tMAu%b-&AIVvH>0|Cbtb17fqJ`aeHu_U|NO=VMFXjd@b+;y2)_ z@pQs%iU>KtDS`C10{}>#y|+QW6CZ-zYz3uWYoLNNoG)(JI>CaxoOE{qn_6_ar`Td9 zDYU4O|3v85xBXzs4c{Jp=&8r|q4u(`OT}kk`FA|3h;ntH9L{e;tFwm=$0vf z*U!fV2LEqc31G2HK=4xU<1^!aC5w!^Tj1(XR48+uO5YtO(m{4sFa!z&rQ-D?)!*Ey zwlyPwtJD+%%6z59A2F*v@5SCLsRJ^`wdjYY5AuSiGyAKD?6J(zc*fw}ZTMbfEIu+M zG@wXW!*1{=ok}z)HC)GGp9>j{IwTv+x@lvN@!}?+3WA{$?KvVqikzwD@j)n%eCZ&dgp@(Jf%#nF88-5@Lve()%005RqF$q+9ibzod`Bf5L+8M3hy| z@Ad+aL`ouU0IlgI@SG-C09B2)I16aneEnCa(#eGE7{#0ex;2T-XM`fa1F=i{VFc7% z{1q^xJ;2lIV(RESM;#j2vMLv>b7J%Xd}s^VbjKT?$;))vNZDhE(JglC0|WGGL&fYJ z?e0_H$LB4N7@q}}+GdWg5*CqNw@%L6v^iSJ0hZWo+v)f+s@rzWyC2TI%HzY?gwphE zUjp`B{jc=kQ$?F8oYXL2Tio|_0Rq-t0i4K-yDoB^v^A9`0F}J_TX>zt&btQ>g8e}+ zlL7jcVIhKCT=vjbSNH8_P3oBpVMwb)5TI4%4krRfxZ4T+v!6zo1H(9WmwU$I|$W=NVz0lTc{^LGun^E8)%5@##ltin}-i9(f3NA`zc z^pbbphb0R+=oHiwd>>f+V=q*W`t@rEn5y=w?bb%S^n?UjjH7O;;bE9X1ZJjt{A76(|f`1a%&1 zY#8HJ8)sA)NYlyhJs`SXfv~xM|26vO4PaGmPH9lmTyo0xkaNufi!l0I3fQ(Kmed>+ zd2LixdwK;IUKGUfxy&R?cmq`EIs|0W!#*6EbJ5S=VHJXD@NzdO)^~NMt z(7t9MPk9A(mb!f5-Xc=(6Hh#3U*34xwJXY#@U=SE9d+RuXI>WCQRIdWs`*1Ye;`Gd z(EpMh~qf@nwR_6fp zHE+zfB$RL*l{phi8Av=?z+)UJiqjVA?sT>*c5}sP#{~+shr$!~UacE)EfrPA=)T+D zm{dv)yR{dn4b$!p0o^F_MVOA{ddgz1r>$+z(USz`5ecgstd=82WYeu3A)H6M*HA4* zLGSkv@FU9AW;B_y0MWi|cGvn<9?!UI+&aP<2Ba$J#I%>3HSExt^1tvfWwDYDF-njI z?_$6t6z!6pbdK(Ey3(DMAg9${w`&cQOzMFx$R|!>*1C_}`^3Aoa7<0?M4U1f_bG9# zrjgUyCOSdE8O=;adpb8F``kia7k_C=8DUDR7dnh7%|`?iaDXpNG1vq5D1SL2pia zfG%P4?}O?Jk2k=Gm>8+N2mZWO2=ZG)1W6>HpN_s-9ISfzukjOV@E5=LEjQd zAk0;F%&yx8;z^Ekz+$sZsf^TJP9vr#K<&=T(2CAY++B4HOeVh*+?3}_QL%T31=S}1 zyw0ucO11GN0CZmGak$mLsM81>#%G^;)?k1oWA8px2zAM%ngC2b0|;1PdR4X{o|do7 z;xc%RhPbNhNtLRE>YCie1M!zcmw7I8dvE&{R5=~Wr0-$&eIFGckc0)>nbe_43 zezLX}P8fnYM!o$JHU@JBkMtW@S%JE3~m@zk*KG*NBZB9rdKrwYZpOE35*HscZ|Y%i>PlGDD2 z`rb`iZd}RU5gtlDE1194;JJ{U$%bUNFL~3cM-g2f-itUqfr-9@qzGrb8zb^RcvDIq zpl*afJZ#`FuD97+%F!rh@50~9T!CEB{F{idPPmCLs?+qA^U;L>(s-Hl;ZYiUI7E5; z;RheD4uQ>?%lw(rmlIoNka z3vIN{uGE0DC!N*qhXaGwfjpvPR_MU*_HxHA)>b(4U@FAWD)BD+u4#Xsd36wBN&pDH zHui+$>Z*!50Q9x7KW^s{*0++&UNT!FG=+4I`y7uE(u@||$EkBYscioq{ZhBkIn=^L zmHM3eXZ6arve>n&Zz~_b*b@&YXbS0SCkSf#97yU-C!3?fyvU~h{w!0JS)eLu;;PAb z44xHS${_fTQo{^4RU`mcBdNs*{-IuvPhe_D+MIN3eswRQ%li=gl*m`i9^H9luSZF% z;Cdb%#doql>9Zd;&*i6U6_5Qbny3NYicg+~q^fYQvR)Jk91R4GMg8xPQ(No=Zg`WvMJmX*{ix-sn_yT#akMF;b>nH=Q4hN zsm39mEH)pIkZ*|6woz8FRwwyd2XQnAmZ>1xoonEdHm`RC zC|Oukh=;D-dCGcVdI(0>8_5-aK;>&Q(w6Vlq!Luw$1et*FPp-XrBhihDXH`N1qC*| zef|R6FANx`K*K?CRl`Y@EfCwtsc+Iy*;d8Fh$o4zF}I@`wZ(A|H%jIUQFb0`CO4!x zy!^d47~>nnmr*EWXVp}XwJ#brW+{{JTiN%ZFE1SKc_FTvI{7Ite2r$(c*KR_#*(e{ zbmKCjhM~8VDAGG3J5H8%?#LIz<{xXKl=_!M^b|B_{Wf#-s~j8(xs@{OX)(&?Z%UeN zGZE~}*n2q|+I58uUsQ*CFu`W^6#;iJj>8D{dnt2XEdz7cT%{B;{ohLv>g3;knX_E3 zvfbko{gwEgKALAUoc?IjVQwnXE>t%#UoCT-_Jb;OYo%3PLNlFDg;v|OK&l>nEP;O! znv;)~rRS2+9I&5@H24S(3Xv%?WhGB+hS1rZv_+r9801n;4o#744O~?^K@wwym4`Od zyD_@b*4RyoNpKj5G-PN7r>JA$?|DMOV)6u4o;WAa{x;LQvkkWrE8TVGy^c`#7LF8# zwLkQj6gn+kXgN1$*)YlH2S@<^A!1kJ`OX<5#V&=Y6BUC%RBG;dO`4Ks#Xx~Xp@*%k z;Yix?`u!5G^Q~-snz|S6+2gn}#`nr7t`!ivO?S0P4?cG2 zU+yTIuWxinKzz>7r$D?G*r6oFG*4X<_B?EX+4U0kC#I(Az(K`vq^Bf2kZUo(%*T17 zI|YX5nR2f%PNyB1UCs);k>`l!c||i@n@3^Pqoy5XL_Q~ZQrt>3Hy8Yi-3DRWU7$G2 zy`o0V@zoVP#TyOxS>$6jV5P_Wmj|5#>*N_g%++#P&>X7JzDe?|f=Cs)%6WSf6^s4S zbJBZc1Ca5)xdv>nDakGR>GZ8!;%G5D%EKXf?z01&C5nq#9%_=|gL=kf32c1cTlf^k zH~;F`ZG@gm{6dnQS9PVd%7tZh-mXnPJ%7pJO*QHU6p9w!G>P$kL0w;1b;66!Z@N@S z^YeP1;u`dsE8@<_l9^>9te@uH!OBz`4ID)UaJ^)rh5vwD|0l58T)DfY=rO}DUD2}8 zEU?gI6AP0v8OLC=-M-4$YgT+ns*-l2nSHYaC)C zGwTB`<#IME*|;=0h8jjTzdO_xyb21lVqBIz&9irT3}=Rue{(?R8tBYBTZmY}c!Ba>M8~QC9En!0N=1)L1m`8DcE&a&@6A>(e=WSBZqJbQDj5PIKr{ zu%Kanz4LRI)xIa*Eb}oWe*+y9WQgI0`KKvggpq@qVJclp9VE^sk14DfV-n2EL{d^c~S-J5P-apMaw-J$3qMSRd7) zpWY#dSXX{aTii&XzXc9K@~H;%%BVU7{pH*KM(H|Xp>=#(3Foj8wVXuU+Jd6BuJu~- zVWj=M z4TkV!7+$F)V4kWDA`4W+C+;|_bL$x92VctRxyEQ!Tdpc{S}LZ0vO&ZUv-F)dfu-TK zTxkZNE0Em+@_rPo)PVJPPk}x(;?`HF$GaJ8(*2b3!S_pVRE9ec8CjqGs>6M)^-w(L zl1j4OzJN5|S`M9TAeT8iozAF`4vc45sWVu|YakE^j2(4u(XaYcA%9`HVq3H(EVEw<-?E!!oY2i=wx^= zJem%FiK_4To>fbBix64w8qB%gkUF1!b5ydlg7PV!5T;mkUiXUpYl1F^iR_DHwrd`C z-+)1EQEc&$8!s3jsixgMdhdV)!WMfD&@<+m_ZTVOCr8>>sFH$Z2$IkH#yP%+6m>Wb zrZ`BmM0x3oZ)q~2?Kl{9*>j;0;27}h3ZAFi^BtI48>;yAJc9gj!F@a@ zd)@I`G3(LxYTowQ!6BTp&Yt!B&tLWH5ai8luSOg#5c9xsS+&s2NSTZM`;3IkjdUMC zf=exSomEn^X+?4_@3i_-I|X6W>&W^B}?=) z=;3(@AhW}(dxCjJ_-@W|++?tR>blf^fj$r2L#H(FSp1Ui-U|G64=xqJNwjul^Pt*e zOG@XPN{%O|*hJkA9o;mV6#Ag>2_TaD_3Q?#9Xp|pRRN*|;WtbS)K4Me zqWc?{P&r%cP1_AnUo^@$Y_Ctafw$6dYAmzFA%f&*Dbcj?eHw@W&ydH5<^w2kBgqci z)v7p2h0l?@W}ko0$=`wiQ=j7yt_tt%>Aj2Y4+XZlZD6un~_APH_)QiI_g>PhizKrZnx|FIrAL>Pl$A@A3AU(@&TEf=B)D=KQ02taXg}I1Q7DEqy$=^7n{)PAfo5O^{Ab}h!a>2Hfmuqv zm-0#$4X(D;tG;PsBL``q6w{psWm2wuK2IHlsq`KdrLN>C#{s&R4_0!2d9x3EMEF)t zlCKT+Ce#ElI8VcO9xg;(mWga%JTrwE^oJ^m5H(Zf_w>S#bB@GX+gHH8TCF+8eGS5Dc zVU;!PNoL}evz7B|^(gmqE<_X@2Eb5w)v$ zttQZrQ1^3ffHfuII4t0TC@@sh>6zC7(@uM9WNpNhMjQ{V*H4-7Z=(hdLz8>p4gbuqzglTK@ync`Nv5V1rOcXu+hrb`wbF$?)J(vfpg?tw{^#plq6`QDQ zNlZNsqKV>VgFsx)Hn&DstrYw8%`_{Ko^tz<%CbGkb6?YIvJxjjGe-# zj4=+V$TS$$$5rf!^v|59zUexByK+rwzh9F?-V@(Q{28!Iiw^f5_Qi`E{N@u~55HIx ztvpyx(+&pS_+r+v1CA;?9-e<gjC zA0>9g*8g=|YWwyXk?t2b9NTGJ|CQKOvcX_4jx=k&+P_0=|3BimjDs8;ea!JQgW5YK z0snfV7#lnL>~8Nv^Bg$86@*a9)BKF(Q?!9=96`s@C|r>9wF_W~$E zxJZ1A2;lA8^w9sOt?uLx`-~3$*!%L&rMvTs{H91Y|A=EIJOA&$_N514AJO{tmFSMo z?_aBbMp96NGS>3bKfLYeGq8;uI$!=zUPo*D_ZhM3&;P?f!eY*VP57dI=|A~8ZGoHk z&(QsOC_yj&GjxBS`Tsweb){Ult(gJWAYU6_;K3pnICA?k)SfD(6-YvQ%76tzC!lnV zxr5%?oq$wBaR+)vW`KZ)!j4DRpTjh5VOO@R542>r@CBfrEF|h;0)CcQpjd9mY>99@ zXzEyu12xPngkG8qV2OAG+S#y}e8s^(zhUPWc0N&6Tt*^aApx8`Fp>BKdkWzpgYGq* z?ap3}t4>hIPFaYx1QNp~2q-)5({{2mYA?USP29cj)8NIe(dD{&S%A>2-n9nV`~9rE zjY*NI8mJdgCq$UIxu!q1(HgOFIXQ*{U`FmWpg?BmChH>e6|@@14%*$}%7UDodo2b& z{JBf-^r9>@s*2NS3^>#v6s&iVJeFCFEJ7#X8IV_J03Xil`->^yOmHh4=y~KoBM&>@ zo+~1juiH>6B|2k8$gsD`>)twVnHRRgc@T)Tpw6`u*(SD0m&7R!I)z&dN zJIInzvjnXG?hib06&)LP%Y~Q^iyx9aYym+8-HE)O_k_tn?p*^JusBO`RrSMS@^`-_i*yXb4DZle?y9M;*?DSzpW@rMNk#S-G;NJK}mrGL$A#VcQWRhMM z)R$?fGzc`D?vN8|&VrOHi8FF4>`aTH3c7PH6xG^I?Nb5XQJugh$~-1R=Q9M=)%g(xde@iTFGumpHJX{)2(;sRw{%4z{% zTw&xb`{XSI>jwy60s~LW?fMTJ#0Uunh3Z@^eNbU$sDuV-|mic5H<7^qmkm zYG_{!8v+_H#x$TQx)vRKQ8C;TZnz5z{Bd4|zVf5>R4*(qz5#Zt?_(eyfD1oxZsLBW z7cT^9lzc&RZuxBY>MN{MCgFMhkdo^6a?|oR0FBP&z{ZOkPE2ex=P7s(}4OZ(X_M{m=$x<!74!rC!=>uv_sZCG9 z*ON)W-f7ZjA-kN5v6$otJssVls(}0rl*T*Ds8W*va<(^obT1K zA}AAUPT0-eO#oP;^4r0(aHBn*F)tOC`b;`%#mT9_wxzvyU{p^hKzYgDb0xUir zqM?vzt^?h@jI5f={e_jD*(Hn#LBAn(n)^92`YeXD8K^s6-3bJEXPIzt>Zn zXZAz*Z{}rQ`{3%NM@uS2#>Sc(5cbyzpf#!Tb_T?#EZc&htklqwTY3Tgk4*DXj_AFe z$?cnS-E3%AM6}&sy~4C(|sGDadDW4y+YJ8D-!qO zXehHY+d5#du%;hADy)EEgAB#S+<_+@MkA;iS&`qz2E;FS(FJ_)@X(;l?FK4#k}-7C#FTbyHz ze4iY=k;{5hO!)N5#(Cy3tT;K9asW?Gby#-=R>%t>W9y@2xQdfRg1q}3X%EbOHx&i@a0{bhWd@U1Z6gna~|XMJSG!emKY7_T-W~1;IO== zw-7<}inq$a_is#jNq^nmqgD}8*V$(w&|6DgsYJoh=_=kmNB7E&IaGV$+&|-%j6PzLfwn!j~@aPbg{@TO}uPWyV<3MA1r9=WJJXotGhN4@5SOshM{K{t2Og z5%k7act9n)IL277nbMTfS zcPweEPLIoo+*G{$s-&?IbQRS-q(a!*_!b}W6Ofwatp4rHKP@aJ$3E*&s0#M$u+`+w zD(EcE$aODdgfY;CJ;CqpV&&nXC|M26ZCMkSdZ1BGx#U<~V|??|0U?KoWDG`k+wWl3qjwI>=g$;VV=0KY%dzPhNgpyy@u*^b*7^|L zu=}L7ObgN+Jva?BFdm2aiD_a@%Nr(PC+MJ~^-GxLFO`76m7@O+<}3#~hL>QA92ya) zfA8WvoXPqAcnvJb$2|a)!K<+j9aFCz*O@v_DC8FR(GXC#p)l8xUG7}&4%ytzFRUYr zkn*i!sUyV5IkTkxl+6zz+^>isc$TDnJwJ$Ec&;bTce1FA(-dFNS0A;1Q_)NdsC0gJ zVHDKekQ__+G|vE@k$DN?Oy?(}q5$Gn1~$foyRB=r%$8VtmVMSL@49vgIX6dS_$_TY zu>MZ(stUCtWpV4H+ZYc_kBIXSMo?K0V?t~#>R@PotR%%tm1sjMFf#|9m$+P2;K(y| z+&W&fBKSzVGdQR|oG)wYv}u|Oy7eGs5Za5xLEQ3xpn~R^90d^bS5xOi&f!=p*jQE?fMer3e`+s)^5fD?7MG ze`Q)$*!O4-szG%2o7q}(5Q#5coVklRq}iiG>qu(ri)F7+-7;_QoB9msGE7@+0h_}h zdc4-*M5cUiQb}6#Mf^pN^s>`q=}Gx+lF7>(OH2Aq6%u(=SbQ(SN%X7RDj?QaMAw!i zY|LC%x8SJtA2Q7~QOsKKs98uk-T`wlzMVUf5L+LhJ?=o)|M@1z4DEs(Z!lbtoU~Ll z+#frbb^b^CjR*ZIhx=V_B?x{6Cis>|=qk<@{4SFT3uC@2zGbdg9Q`=-c+s+&FBX#6 zbfZ6AW` zF}}y(=i6OjOG+QzMwgxE-L9@P2ZJzSZHni}BMz4gYbQ5SnAX_CiuL43KWnuKO3`9X z33CZ;D13{L7jY}s*GsjYl^sz{GAp7w3|CbbK~Y`Hs&dDY%9GZfZmjipbf>>O*E#N6 z7*F1*u_=cpChUbtkAjmZYk(rb+p1=bE`I)2XTjXHxdFWsn5%93`_ns+Tb`s_ud-*i zpEQc&Nl9}lSh`4&LzqYP`g%_O;=vfPWLTWZNArf&vR=@RjiisdM1>?Q!i7odlm{Yr z=Wn%iqnX=G^=%V;N@t^_&6}VLX4&u|h$w|PlpEQtx%Y(W26NM8B!Mkl^zHUH zf$gd?k~-M@i!@Xtrj)uXgdU$~pUu%Lws0-L5<@%zd2LUp*_}+Hm_c(eP<8h#p7H^d z8u`4nzG7k6Mo+hJ;j;I6%#zc{Y)(Y)jEL%^=dX?(FmSfUHIiG*Xf%i8?XR~bdRN3* z9yDG-7Vo^E|EBe{lDfG@J(=Oq7m>d7Ch?{_{@CmO7H=H6W6XF#t0z*DOUEaEh;kx` zwME@J7ok^GuF4NL3OpD5H}!LdI)^<^KELVtyoE#)UQE6{ej>;73R|errSRy7G#@4Q z35($Db|TCn8JCl9r>uc-DY>hsA$vHBz|kjrTA8lnErUo6gN`db!B^I+nUT)bzd+TK zblt`>rZppk>=)>dTfP4+tfbi>vi3xdj+8vb7;<(y$4*}9XPfgm_HjwGI)Nw0u+SSB zU#i6=SZpjqc_=cIT{csa<~NTKn{l@cR0Nqq$8!BKQK8p~?n{2dnEcxuXE!7ypd9^m>xw;+?LwnB;l@2Q>-dLVR$ z7d|?Owg#$gNciTZCB+<_N2h|aWuJ?8`g-?B0YsC0({lqm+A-h~+_mY-v4smX^wRpf zsI__H$PNE3#yjt2!NXsGJy9@G;Y1f-x~-ma#z?NkuE!<6E_CfFp?DWJOe+=Lw3a(O zT8pe~;82SiTxfqQmd>Wp>3XHv?}p>0CQ0^t0p55|vlh*A&4;sQ#Y^b8n|K4%m1#@K z`+SuK1$SvFFy)Zl#WiuDYpepr#>*qfsAguUcb4wp$g&8umRnEdqy}86uRA-4T`+Fg zMS9&wJYIp&%-hK27Ng161ykbqp1ps$~Piww{Xh~F@f3;&nF+wnNT)>#yK_CTT;bg_O z9lOpz-j{kJ;^Wc9P+$p-t+dGhjw2x0&_HR%I$q~kt))KO)G=b&*CIt|Dd|#mYX|x; ztB_a3F|FujoY}*x3vYXw2AB$qNv{_H^O!vmieo!ikut%~ihSX$v}eln;BBO%$T{Ni z5^I40>}&c4{GBjeoGGLiaQ{TWi)7vF0mww|PjjI2TL1&oj$cM%?rkrhN)02vGq@DN zUwiJ;LS!JzM>j-fZ@h@5miWZxa&IBFUod}CzcdJVy^Sf8S1X zS0e2D;6z?oY5_S z)3#=0a@8;E0H%ypng z`COmodew|B!p;vaRiU$cYP7NaF5Z4XOX!cvU0&xbPW1I#_%UQD8aaQsD|vUzW?*KE zAP@&h>N-X6g-&frJUPV7(f$EPKGsJ!TsMkeV<02yfv=6t;G|5(Tz_iV)&ZUj(wIN1 z(fMeKSYEDRl7DWqzc}x-P=pq3{0w3D4o_>p7IY5Y;b=SOqhRu5cB=z|!c)W{IcOvM z{<&&|=$vt8uGsiO`=TH7jr(Br6n+)U`x`un^@FGIq09vg&nIlAFWht>xJLE8Sj|$H z>&)o+un&rW6g3gv(1zl?6IH&KV>!)Mjw$s4o_nc5d zq)~JaO-bR&FG-3Rwr)tbR~^9f*?_mt=p6N3tU;ceR+l(@UwN$YozJVIoJ&UN!^A-6 zA&?u|Mt3Qar?Rd$Xm`mnfq+9?^`gVdBP(TTarRkQ4A0!!Dk)-ggEF>h?fhYgxGX}Q zJ35_%1{q43cOCP0Qr2#qr^8CjGA^`wKI4fCWT6-$*VgV;toq@-R1?}NA{}Q~{PALV z1kI<>iHFL{LgQrWbgqYCD|jE-8)Y7B>HyhX{mA3V@Oj9esX@=huBUX;DjA)&_(KYI z)h$w~g4u?1s|znC)V1zF5U-Jh(u=|4muqa(JlDU1(Z*YJ1-;wU?G$t~a{#-CD8=My z=3JF&LmPF*QQ2j! zki>G11;|?0IK)>QO%v+%mWZFQ{rRedO?*Jb=+*}}4wyDdkh+Qr{leq;zNh&)B||u> zDuu|=XDM;q4X`|TLyDs@Jg2J7O~dUSCzQWc z?8e`T<6RakTwfa)CBlMwN-uN?2&}eU-m}MdxC1*w=fou#?=m3_m^Cb6-!6YJK|h>P zYwe$cs4qQ{BARnnX1zvk)yDVjbVz(OzBjg4w5n9rc7N%~)*UzHA60sHExVKrl~GLzH7{Oe!N)j#bZtX znObbf!V7AW4Ra;-ujnCk9JdH-oLGh>CD-hSpbUlS)EIghKk2#mg|uz;b7}FY-(WA?mi;Oot%~I(F=lH~j$aOKXLd65 z0`$3l(g#U>vzsn*yhrfl6CS6AUjH3LgXo!b5LECY$oYT18wDbRYvMGTex~C&)TkR3;o`!-~8mg^_WTO`DKcwYB(FMj0t{>;DhMg@q76gNj{+^^Tm zoAWgFLQ;G1fk z*!?3KpE0CI{gE`DpHNfY_=BB6r9fRW&zsZ5Lg=K%eDia1KOs7R4ODo zaJS~W)ep3@+1U$sdi%XYLfc+<+~Kq8cXVrh-DsOgg=O?UzQXqbYCNoJ<`4KgDI^|m zLt4O{A(-}^i@6SlDT2G^S&KTeTPT%2M5#egKM0s*fn-)0eW;xp^ zq_+W#^d%x{6ze%>uPa9k<7{bx?vUsfX@eff`y3{|x%D%h>fe}i@Vj}1uhs8i|6gFg z=38(GlTGa)9-w1QyG~w7Z`;%r9SGU&&-2sqpZp9F;nD49dELCLjf<%buH-`hEqB1n zM6oC(eyDrsz#_|N&f4LRrhDr2szVG_m-?oG5uba6N+H>!#zB~jEMq`!)g2kR{)Aw| zDbEuTQkuyNo>FwV+WKONyt3Nk447&<4{%B* z<{MOa7D<;~RSsYr2+^JVd+Z&|nEt_8F@8(D;6CbR8;K;nsRH~Vr3oM1r zM_I4NM%p*7B5G#Yrz1`LoaW42gfd!%ybe`oIw3>)ZP>I$Zz}TV7kD*#HKVaQBHbnS#}2R1iDQL(Q*RzEYhxhE0}E)JyGi(1?U9^i z)yXrP5+cKC?(62xm}}9!E-R}5(vJ{a0>*7aIe7|PjsqPut{k?|#I4$97RW10xfMu*tvzYvt0 zhY0S`IdCPBT}n}17OOT?y*fW+v75G4(>EDuTaNe=*ygl+lX;_jrZrqVw(od|DB zvT`cbuL3id;t*4qbpCLXtlq7oW9g4JU?#|LJLIJC)m32Xak#-Dn)Q;c+}^ABM~yh^ z>iZ_R%p?!xx$>&~WKGPs_a;xX=2l_OH48U{bTEQ}^-NP0JoTX_zRlp08wVH7LY0mR ztPJi7?7MxoA>BHWwR!>q?h(6?Z&w_C8mOwUPqa_tEZ?~P9iQfh%D!DwV*t;$1;rJF z+u7EWO-(C8%>p&y=Hvd>pw4zQPJ`p6qHVwNv9afG+o19SIX)Y*jP7j{;)>_)>kJl- zAc0DQKit&$*4>bsXQ&XglW$})xZBGr|XstHX!g9t} zo=%SF&-5E6rim2T zo#)W@q=@=prq?G)r|J{u)&n!cx~lZ=yptJem#eRsKgSHr%=Zm90YS`|PdHT(3lK9e zS=Q;*V;w5_rqu(E!^RZu_)Pp_bP!@7uF zbKzW1hep@!^TaWut?Rw#t_HsESnv<|8`>gRDFthh(7^m(?7d}JlxrI{s)&lqKtus) zK|;Eu%K#Ka#Gp$lX_1l^Tn4Qoor08|N zzsyceoX$*|RL#4~J@@e0Tt4gIF_45v!5mGJ?bl?&BdiKFg$AypbU@u6A{~m8;`veC z0gkAja@BR@q>yksQR>(X>hy4rio999IuT2AvSwwn&^gX%k|koHJXl8WIu89w?Gud+ z`xm$GCg*s5n;#s1j}JMczGgYD+%1|@4~?CfvbUJ5HSxY0)E!S)`5 zT1L2bBVX_ZHjXp;vuzkDezXb_Zn?f^TJTM*ps8t>O@MWg;Nah(RJX^gF8!6s;DNn> z(>!hh09&E9h?Z@NVc~;3%N4dFF4Lin)8~LqEcn<$J@&UZoQcn*?fEr(m;-x5#(-g<|70TNU9Mu|eAU9BN|?p%g)GaE%og9tB)SD$ zjPkeHvgV`7)oM}Lcwkn)tpd)WmD{O)qs}S$Ia1}({;MJbue%)a`J@Xgo!XxkuFQ9v znheP=BzIeo<{~;S+y3jfouAFfu7oo#_~tw$o#zl<%PJlGk242iE(`Wo6^dZ{!lk5{ z%u#KzFnU$;L+wl`i`%?KI@M(?bNhhP0)4kD)H56T{oakc&p64@;RR_KS9gr_b;mn| z|5bFAo<2T|b1n7|HC4vAx%6E@7qHQ5*O;VG(eD{e2=Zg)p zBM;kaZNsES97jg0y4SD{yfxcLw!L_fE^;)xTv(=Go3dO-<{)g_ROW*SfNS+bHxl6+(eA?9me}75cSWa~uDA%JvH`%(irL~2 z$q5%rS!bw&@c~y>*#hKpHUTcSOeWe zxBxI8d3Av=MXK>x?S9|K+>TTl)?ljHEoL zv+EDvNAduWj~s`8gRA*5tI&koh2WdVxpw^Ns%HSEPU7Bt>YxAnmnXPmCvN=iLqY#G zm(f)p9E0b)Ph#}P;Qki=?&1PK${lW1zkTzkJAMbCcghD*R=;~{KmFe#aK0RIIji@l zt6m3eJpP$_!C!veKc}u%Bn+`Q&2M7Ff80kA2SDf_KEFxv&;R|)KyqAyA*OzE^iNkM zfiZb^DdRs(oPYY6U-uCbgjIc9w(n0@{r}0dQy}9n<`I9*h3Z=UyUfq~kZ+EiH|| zl0a-{=60?L&-dy6j~7X5E~rn~@AQeqA!Of(vUsNSAI>o)4cHZJ2_ycorT)h=L^sTW z_)Iu2ul>6u?A@YiSS*zxi+}(67615)-YK{&(WT_4|M=^#TeCkg(5<@OGyMA!rRLZR zm&M#Q{MXu%tQ35PIu0rh+NaGFEoJ7l1TI;4<{2Ur!kYjldVrwWKR}vx|&{ zuXFdmKQSdn9BtyrbpZCXtxg9NjvWmRuQ`VqN3*+KxW9G9Uq08rpchA1f%lyu zMAo?z=N-Gz@ly@L1NA}c0Nv%?6U>mf0=h%Spw8IM165G9VaYshU*bRfo^427p#UOQ znU)S;ir0`H>!+6!#_D>Gfb(N^dG?1Z<0C@bM;7uY9SNI#`4H?L0}aLjK<=BR-F!jl?U&2;8F zI7YCHA)`LasWnhAYW5MTtrgpFm?;%oPqPICeDDRig+4Nq4Efdx>(`&cc6Ql4VS9(6 zqFOB4T~P|2t@ak6Fd49Iu^qtuPh%X*jy>ctO3qZUPur791u~-`B${Fn4scL<^++?& zc&!FiaQZ3)Uq1<@?XWM(S$v(5$bMKBXX&W6kn$%~0KqJeB+3Q0kp1f>M^sSs5u#?@ z<8h{cHki>&jYT~UY}xkeFdmtCZ=GLI{>{;_6UZ+Ft!qI zr#UFMsk%-gzf}F8Wt#2dED=3Z62$6F9iZ%Bb=kHiy9J47&LD#IU_osA6mHxVq+O{u zp4r0I{UN^=u+cl3_P8P_Uf5JYUx@Z&K(lw$J0Kj(o4NEG8^3HOKktMbLgaQFSHhLVoAmSi4p6gc%6H`&)Q4`e)e5t1EIIi5|uG=m1{p}dPk zNIz16IOK~1>_z@#gDeqK$=wKf&)4l>p)A@R(z5`46QS!txEMm{A%M8?R5f^wD#bFy zJHmDSlZHTDCcPEDq(a#0lTK)aRkJeP-2$lN^X(?TC0<@vGrtZh4JHU^eJF3eDNghn z@zjN1Lhzp^U=azPXEg~l;+yuoUk52&BkZ6|?DSRXh1*w@V@2e!Z$$e%xuvr#(!G#Q zQO#%LcY7E@>p(|WlkrWLrEeH#Vq^0BO83V4MGm1;15R|E4#+F38ezMztrvMMHIO@^ z?h}ypsjXzSgB|2q?V-h#H^UB(dzJ{K$mL`Eg=R!Y6JxBI3jmh(%skU*;nN;>D&W@8 zWrt5RBTHHABYiZll(xI@Y?DqU{S}|{_3R?Ca!D(Xq_m_)0t@s$fRC5M%Q}$zR;-T; z=gwhGT`ap)x45jF7n4Tyiu0t2RXI?H)Q;84{PkHfx66PG(>DO&)1 zjoIL0eY8t)h*R%(WXtYxZI~%R2bzwOd*~Ih=_fw>lp1vY%Sz#}L37Mhf3arQ!qt`t zEz<@5y4G-=vxT7jVcfOSwP4K^#n4`Zi=_gx%k(*M{usr_IVsVa^mo#OuV^?-6$=^- z3Y?mD2otJ%bsnDaZhNGu_sTrYsbq=K>2GnlRFD~cr?cF1- zpEr!?52qDBAEgzHp@<)HcypK7s#PPXw>a28xgH8m^tP zb1>p_ph}a?6!__+fC3I|J@!^tL|AG)_lSIWD*hHs{~CitT!xW`7TrMy*dlllPeWg2 zMIt=~j+>4{kIT5qGipRl5T6T)o|V*^){1$yAmM~yBpbIGw;X>QZX#o?fjzC6Wvsm9 zj$Dr4Dt@>y1_0cA-xDI&9~9=F*RoGHt+Z$D<3|KAY%V^5)O` z8hy~Re?eN&=TpT`fF;_aZF6N*oMb-^TCHp}JGy|u6)eo9r=OaxQ~vbO*!aZD6~G57 z`cC8Iw*}F-v;*TfP$phMK z(Jfqv&T=l!TQ+CIws%0kxcSGKr$x8tbGX7!$(fMbQtU2+1j_rw0;(J=#NxV3-GH zZ!=mQW?(G+BbShBW%|t1w19~m!oO?ov|6zY&+{JV2z#0q@Aa_Fe+uQc?+6f`iXrJ{ za%OYz7pJ-qWDxbXZeQn&e)c0CSCuDINfzsJLBlY@E7veaHA_SsMt0RTuLlI5 z4sV{1&}i`QPcQH^a0Cplp9Z%e_r|zHiY)R=ugK*Ykfwcw7(F?labID_b?l7%i_0#_lx+(<#1Njks(ix<1Eb5Q^ml6fblP&TZ_=wSq!3=@f4)@j<8(FMuU(39`v)hw z4Rbr_rTT}2{xx^C3qSg^n8GGS667GCv1N)amCIQx^F@)cHp9e zvwt8y-#&wR31ZQ-0T_Dr8PSc^nQAyyR9#E0KEaV2S71B==QNk+d+?BKsnNH6QUbak zLSnPe@%^rIwQ=iYKU}8pAYwI~7D?d0AbEjxj}js`R)dOkE0@Uj`T1K%Sh5S346HPM zrrLPM7AftFx4^r6B7%A@NIzWQ*ia~Ec-)nz`~AhoUP-5a6&Zrug+197+45d2xvg@r zg{=r3D?Bn?BbR|ti0eHQDn1DhnlnjuIEi5;&~pN}W`?Q|x5CIK`RF}6*da|1J^QE| zpf0_40IQWgG)+}y+=#@}xeBaHHV`>e1Lw=0J37t?I_PiJ)W0b?QuG-o#1w1bYr5aJ zUrpwLLRpS2L;*=uvUh6cSdUho0KlVHC%8!%oR%GLiR;BnS}<{#TaC+4 zSMt{`;j3Y*MUj1?o(j_{VN#9t@uJ5QuL&8$lebv`bk}UpgNz+CCaJoW{wI+%mxqyP ztusp_9`#00RmOxaVcxlxZWaF5NAf{|u}I4WxfalAts>45_e`AVT*CR znzih{1JBdn_Gwty16gzg%J6w6T*w0fAVKxNw8|XQ7>R} zCXH-H*P!1~&`44+VLpM+4iV0BRx6z5(y;n@A})*_r+h*Dyy@ZRwX60{qe)GBe{7Su z0~fSdb~M%3WCsjO3Ux{#PHNbN)N=3ly~Q4tO7#g25vBrQ^Bf|)%a2e_IBk$+m|iHT zVmRxh%U#?!!n~Az&GmlGk;*-_NYb4?Z_>$kY|Kep26=VU@jHUiDc{jTq3sXa?i*tV zDzc8}3T~KRNE|?Nql5|(2q3r{3zqh=Y_(IoC;Xb!O_^ z!Kv`?vtbptp)B7Y5y}x8b+o+(e3Omt+F|qitQ2~8{**Xd(4cY*Q@HUf9lXKks}V&Y zpsubl`H4 zIp|+?reC`gtl17}clympfaUmwr|{;vfY?Sc%?8cX`5i zmto6|Hg+LF7k5Zk7IYgI0AV8EzO#LE^nLMO#64DNbLm}Hb~KeUV!smilm01(u?w;a z!BosTwIo_PPiSNYJpD=C5eO@jxvTXZ3aXihc4om@MDGJhapBS@eCLly4S>#wturi+ ztQlE6z$s!c-I5Gd2F+m{M>^B+R3x(Da^!H?Ql3BR)fI$(2~8TXZfVaU`fcRQ? z(&}8W)56Q6QOW*1FO&980+v&q7F^}yIjE%<3Wo=d|=?TxhvIQ+eU6O~P?Z~>*|H1jALV|Ri zOsI4ec8x_NFB{D@p~?IoJ2MBN%Y=Cp;oYyvgkfBmwV^+&YBMS;%8t;aKuKu;Dm`ZU z;fUU!gSNLxfI$t`7_tAz96(JP4V{>zMZx_&3SdYo*v~mgro97wLW>cnTn*&lv^OaW zx{hc)&LD&xNHwSjqax$^$)iZUKFHq|X)HWdV;{SBI2k5`6r7?C{NQrmG}x;G~lCN|~Syktj5S?bmVBg!MaUB5lZ zXJfvQAbI2d`0su+k9R%El$kuG8OZr^=F(4-GH?SYKP0ARV=es;C0uHb8)%tXiyI&K z{=L6_LG%(H-D#2Zd5^7K{P%?+T6*ZH-q`(q;QK`W?F+5v&{Ah_qBSb~>8^jQ%>rWq(f~)d-|5TsZx}WdMb@RmzfO72K7W6%f`scgf@A(~^NtE8v znLiJ}Z@#byi6L%1oBw`?P)7m)$^XgFX=QG2l>H`8FL|j)4qv#dV`GuK8dF=?ls7dH zLYsY`*KKQ)(<;DA!d5U<+Zm;{8s|?fSJ$YT z>gl_7FYtZ5Xg7Z~;m-Bt2Igu%=Vh6hSxwDQ{x?EfC&qRh?!)Kqm3C+jJdu37GMOif zsR>T3y=CIdt}vl*W-Cwtc3Jn6zfRA6@{zmZ zh?8@zF@y7}JgTM{PBU58ygqWCz42Xw%`>cM)GV)F_=|$pa%?V@ak$;Y{RZmkvV7~n zBM+H3h(f!*B(JoJbkx?kr}=$v4)0Uc((Pi$x2cq}F)_@LTKM>pYxCwgPEmJK(UU&xqj8c&WLvk8GP4tE0QMp>eleN z93d(b8K7)8QEv84DR`((8F))9x8jwendA3|f~$8;D{C@9->Of_xc}!vZiwMa)n0bL z^DtJY3YEbS;QQ0QkDJwYXDxjdQ@hcfKloR2lF{`Aj5>AK_c5swa%s)e47VX+e)R^Y ziTSR+{N@e4O2_ST81?9K;NIXh)0L~_J#p}dOB4xKd^};$tFY7l!02B1*)k1w-+%VN zWv#4D> z#{aM}4V;F3iLJ?z;rBzaHI5|+I<^lVtNvSSimfRCs?Z1|aUVPR2Mt*g2w;3ZoqApQ zW4?WVsz1F5+zZ=R&ZUL0fBzWC8Tc5d@Q`)T_Z#``3k!q^Bpxa7{q^0VjnXd1yE50p z_U_PNoOgBIFMm)Xjd{MysEH(rlk|Mri;nJ_rcFks;Px1JgNKvT%})E>$CGcoPtI!) z>~sBi0#yQo>b2Ze;p)vAE1i8og5LeyaWK;|yaMZ8q+O8%}L-{`rfFg;VAC9n%o5)DLHnQ1avUOZB5HP@#D^le`dJj;h( zc*Ea&2yfrAgG^Eyipn}|kRLTd-&fwMJx#kb7DVq@pjBiM(=!VS_<_8Dv&}O})yRKo z+TP}R-j_ZGYKq+5TBwNMh~(_r=!g4!#4dtkr}pwf;YL{Og`lS`KJ)v?`8mcRZ!xHs zAU08u!c8*+>A+b?2jh-%>wWIu%koNG1^TEBfK&+@fL@DUdxlL3bb_CPJcM&U1WLvj zH5*-u##mVyl%U!HNTU&2l)=3NhGX_ccefirqFFu|eLJLC6u~csfw)|4Mf7GF+U9)8 zkmDEtFaDf)=!c5W<-Uyo#0fy1#Mw^|sbZmk!2Vhnl2TdFs#40VzAW`RQRVs0uPZ^^ z=kP6&Q9Is(MT-3J{Glk1>63Fw>wQZgI~M4#bi++K`DuVU$m1<-B=)`o$IAeJ6~hFD z*J)dt$dN*@0BuS!BY~T%O?*EtvelghY6fpPxwqC#k~HpN)QKb4(zyBje#2kPNsnVM zh6S4qshJlaS#kuTi-|%pSQ0+F;VeG@O?`4)@9|!%nQFel5PpWjt-mNtV86SDJ7X&0D zlkiybsvi;1N{`y;(4_m*Zd-?zz+iQpTtrt=F#m3I!el%eDYCx2;#E8)_;;5|Xh@bn zR2#U~piEGPPkuJi9t!RtSUvY)Oh_e%DF;C@6Qp}8qMp4M4NiuD5) zQ;?;E0W>L6J6O8K$I7g$nYg}b1`eg+r0A>H5^1it=7c*!`F46E;ILKZtcGxCTSNMd zE^u}5L(Uex+7Io5nM{ngBHOxRIB;?o_cS?do+OvpUCOMzicEEKCHXo{a)u8b-JVv> zl$iAN0X|i@-NO3pWm?w^RGFx`G0|P0oCWDi2LYcp}@u&D1 z7^dzpp-JUd`|;dKn+ehWMzRc-(%mz+DVl-oo);B4AD@~w342L#~t zl!!J1oiH?p{L~0zJ;l7hV5o06Kr&{*@#Y0|p$i=_*0MgNCz*D~(W>SM4{2OIG|o(U zPzh+kjUbifN2ILtB#+;90<{B8r2^4Uj+wb)+}&WWlTn)EL2aYsEtUU7fP$`omSCSV zbi5kjOCxG+Z7B#M@hf|U2>i`W`-Bl4PC!+Z68BM$we9ebb-z{M)~S*m?kKRZ+z0f# z7R;2U{M4l(xZP{Z8?F@_Sd|g=1c$I}NzwaTyiT?WeHy|xX4Alp)?x+-p*cDt^> zGQB>I6p?8MiF?mY`wG+n6?}kqP)e~=ULUtE(eGv-EFoW?IS}+ezqUNboJ`8+```dY za5MNz7++?2*BP{r-SnbWo4x{$9SEI@;81->G-t{xt{r;-cj|E`Ylbu*%STBs7zP7%>!MfH$ zjQ>b-@&cLht5XH0-n&&F?k8*hOqv}tUiCGU$0fZIsnJsDWt$O^$z*rM^Uwlr-*Q|V z^8_7n<&Cw9;XuAoCqeD~Tk6PlyIh8{1f+2dW81AAx4V)gd==q?iXh9EL)-u4>Dj6vQq^Jxeh%s zKNM5emeQfgS-2|HSU=7*I=>a~)oE;R!9*Om*Jn46F}p|*={+gA&x!;;x`cywYMY^I zN;%pDS2uP6=uyS}*t4h%-P~Fgtu4v!I+2}rHns0=U;TEr>hGN$Z|9qwhK7L*a(BhB zg`ovB3%Jukt2WX|?+`vD!`h|SQ{-YL_99AMB6bF1l?Goq(I9RI+V*2OuQ-V;JZIFD ztwHF;A)3j10|E-UdRA*oqjl(f^b1CwB%1Kc;Cn26Ad&#(jSd^G*Y*|FYQU-lmvZI5RF=TbW14Wr}nIdGrKM zJ3*PTTtIvB2UQc>F=lDpc+}>$e6y4I1@yX(Q_1MaoPD(fHiYMp34+~bqq5S zoSW3~Jz%W-1WtldJGN5=hC z7CDii-(~)_#6`OItil8+lRl$~hnA*KtTSkaCTJEq29#lv0!pEddg%T`WLvtwj-u5o)zxJdQ5wu|^QNLd*o7u|x z$>PH`#ePE?Zeeh^RAu76+J<$6u-s^^`P(jR7yE6^uVy=mfl1W#JzqbOgT?ofq9wg5 zT2>*Pmh&|li!z!Vk~b)Oe9Z5|@>YH_GzG;q`&GqlUqko!FmYTagj$Jxb8q*c@h7|r zN#1D)hJ6cWW7uPc8{-DU=7t;f{e`@=zM#18-g|X==DTO_lgyI%)HGX$iB(~3WtHv@hDu=0X@l+a|<`;*Rjy&JZ@+cmb%CGp4{ zSRn)STlIO&v4cT72|T?IsrUNn=Mo*Q!2EToG`o?Y3dM*GH#}JV=ON&4y(zoG>$L`l z*TZWH$}z1a<}93IT*qnnRi6zB3c0@G+@)^oZ>e)cDpHWki}oCO=W6l(6qlOst9-V z%FIxk5YAA&m96ciocK6A{?b9bv#*=fZ3wcxC+ho-#6-9Ed#!DCzT;i)j<(j?tqqsA zU`&>niZj^fCuP5&1+{nZ_u(Vyvz{G?d z-rhv>k#h8GK##nFrsLeI#*&;4tIttx`rT>Ton=))*G`mN_r5R=;by|f%QTHVciw9$ zBz<}ab8y0S-6%ER+C42v|Ml6({2@C>NR^V?GHoWi@-3)EOGfu54!z7vKdkK}bvK`p zqBG@Vm(bQ3><@c_*oQGU^n)pnw4|ALQf?n+EIt!hpL;p)rC;xc!1DaKs>zX=t;Drc z0nWSjaFyL(c~_(|TC0mwCvcvE{;u-}mM+-HQl15o1vR2PHIDLZTH%Q+v7gCgQ1*yf zBjyW=8l7e|=Vo$!C9m?=+mhAnw4A2PGW}D-Q4`G-Aoi|=eevC=rQiPp@VN9j5b+Da&K?@87ArahA_X zLJN!MO6;Mn>?yCV5w-Wr(4pM6#InzBY}>WND#Yz9w>v?TqCX`wTD7F?EW2r--(=iv zLF^G9MH#x154pYW%(r>1L*Hdto>B6opj7U=uA*^6jFA398Ro%$GKGS8o`E~|uZ=Fd z;eS2Rx4Dq+%?@9iJyjWgTZF7-7(xC&n91v05QF{O*4A>b<}<^VFU6}j@_T~|Nk(D= zC&Ru~SLz6%FmC@=+1hjSn<9O2H}n1}e~*dr8?QMX!5r=doLsy%OL^t=Av{La&<$1k z3r{L`5(GY)jl=x)-Yb2G3%xCkoo$d&Rq1$ci;%fpY$ZW#IPnq^oRfeUtx@i&*R_^M zi2(zOQ!Z0um53&xvSM`Lbg68-%Z}atL=ppY2(Dy_u zSr9KnU7Wbv2n>saqmMddw17HfWsi9co&J4`%%pYP!B3K?rhFCBR_6zMg(Mn6@aAm-%-N3 z1~ADNw;mmOGeS~|{U}k zu`cV{nC95Q!DMD6uRj*;;Dq~@xe~6_pt@dFsuDv<7=k)A_Pn_lVtlA{5zGe! zcDF^3mPREO-iXN-AUZXk{rs8+O^6^DThx9(EC1A%=3)Mn+l3V=@AR+9SthK1d51q3 zV%)!dg+wtG?_%k^gt()El^?r@_9`lPVdQS8jop!OgDEZ~-$ikQHH$g*-M8Sa&H{Eo zY&dJd8WhUBj24iB&x!PrzGE%fHQu|mJr12&NB-&6DN`Q(U0d5d?#sQig6oTY7KWG2 z-|=-Z$MwbPaEf)&s>ZI0gp+!5>6ASlu}}X-@Edw1zN(~YUD{{6a?kqXt9Nsj%?}7} zv8LerLurZp@8r^gzTo3r4z%0IPxab8OSlp@aA6EDo((V&$rCgwPiTbrHPA6~;Jt!3 zfx5z~v-$lChDR{HwSFO4JvZiP*s?`Ylc-`{F*)t!TmikBsC#`kD&>z%El z_gAz*rxIM2EJE$!A4uAghYm)XzQ8>HL%({c1TNdT_*sx=Yovbvt9hP+{S|H4ev|K@ z=HG!I?uzpfLAX}J(DMA>ZMq_#z{y88Y<%+%{cmgprm)6 z(?6s7he7s271OD5tDC=m#m|4ac^u||q##+_Pe85T+<=QI3tZMqF6GR(4CudHU7U6g z-X*?<);gliLB1pr*;2KXZ&zG+qIz-BcXfj5$Jl2Q1x`(s=2YaYPqtwc=5oW6{a*ak zl6)bapAsaqp$tJyt7UJ7E+DhcG>>wu!`=&X^sl?LWxD;-fh1dAui6Glot_ zXxL{JNVK=y5^1+)HrmST@pwR#J2il8=Fw;))Ao_&?3aF8kT*sL!&`8-J z;Hja6$33WabI<1N3XCbL+b;8>m`H;XBo0$}N?1H|?XFTXW^f zV%5KXnYe|E*F(05iK7c0Rb&q*V^yh+c025}`0=!=9*7GcJlYaE$3&JYIAdo$X0h~K zrUf&1S>d}fig-Tmh-1E5sx_Yq=z4ouOJ+RW9H^?(TA!8%W!qCRmq{1i8VxT6_3bE_ zo0y%QV!%p;?hKOn{(F+~sy-wtx^u=wt4`YKTnv~L)vQe!wae;wzf}sjE3UoQa$xSZ zwoFrs6;4wo<|^Ulcn$HmWSc8ZhCB?j=CJ;X&x3of>%)ccJNwGS-R~z0-ZNa!Q|eJ1 zTM6iI*C^cf95jPd;!?0b{^M^qu}D}||NFL|HpKsp+mD@Ub6)>%hWy78`@d<145?RE zKm@N*InwketItlb`n2K`3_9?K=*ElXQscf6QO9MT=`=&KpH|-YUG%3H8COuF)ohUH zgJQrb_0Ez*|1mlLGk}T*M2*#c&TD_V*$)sTB(^L4``N!8=Oo%hkH!AcI1~$4wIY-G zaoYTTuSJNOlkczoDLlOjf*mQQ+FuXS|CoF~jZG7RfIJ9%`L(?A(;NT1xXTD!^@9n^ zzejaY;edvI%fTzx{_7WgeN>lF=LYNb1AO=U&tE#@(seQ^k^Wl#e2MC?*9o(h7i>S! z^*`>A5!Y@`IzcYte&gk}<-?e~twI7i{K|3m6Gw&%FICS@*iYJU-Rt}{;GD&E8EzCi z967Ovp^fu<=)#jE{%&Wy*pk>wg547l{=M}K|H726RG5SM)C=H*@T=SQ`x!L6IFDF`vZ$J~wz43%WA}jz zsIV*uIvb5Z0`1WCk$?B^Q5Z+uPCLuHcFVKF!+#TAJcq0R?bha6Lc%=u5YoT6(|Nm+ zbr>K=j%{|M$&HBcp8=YJJgP1GewuZ^+j{~t#eMc)5(9M;11P3m)GqNfpvma-7K#O& z5MONwr?%uWsK*3%0lsGz@KE-xjKfOb-x`Yw)rADTVnv zp@ASW+C#zmk4Lw)qy-u4Xm>O{A)t6Oj3=zh<^a`e!ZF9(T za>U7f8F~-_v!K0ByM~N_^fHGXq10+}C{lFzh3{n@4@G7uo@%v0akv3ls%C)bih^qO zCJyN4!=k2yD~-tg(Gm*CpNlNh(C-dpP*gR^v;+-}SfnGQ#G^V1HT#RSQr=bgl;fbC zWb(3dQY9pi)G)?7bnt=THm~2E36ZLMX5+Wb0qr}mcb9`qpDeMyRmHOt#X9cB!w9W6 zn{&GtsX4SkN4o(y*BUwTvpG=68%DCcj%@Tu`X%(auvXDscP1R9A@fbB?;a=LSB9~07Up~^hjT=upv$Sc=!)j(AX~|#@-WI&7JOkyN z!xr2=LR<|CAaFhlZU2+1rJF1MX0G_G6TzEd5f1`^ij4wp6t4@8+2CN`Dmd*Q009|62;6dr82S;@z=O*jE6GN+MJQsy;m|1@9+GoA@J0e3EQm?S!+zU-3E)Rk!anV~4& zk~Ak!dU$C{^=7hc(cAOQM?DyC8ITK7`(XYaFa%#LK{)C2GL7~sLRBCr5~=W=Tkb5& zFzYxR!F#ei6`@r}oRI!aUJdlPI`u~1+k6In6W!&GLD2wzO{XQ$(jbcg#Tb_2k4db4 zLkC3X1)NqF^Z2>wqH~v^fK{F+8vviLh9FR*4_<( z-Xvl3-uJ6~OzRhmM?u7@cE-LDJ_>Dew?(Vf=%vwW5?b5^SyoR;51+Z^S=lFET zF@l-L1yTRSHBW7~?yhEUIwwu%*=VX5xBq=*cKT4^bMt)O#D=cXN6H^`LFM|_*@a=R)5b2c zaW%et!U_fJY9fgTZLs0D89ViR!rF+tt>Cjr-dQIZdEAt|c7)!}WfSvB_JuRc=GjpC zDu`c{r4H>{1A&l>^>eniZXu(ft#Z?#;|t^uFMt*)QrP>zsYzKNd>-w8W(uWVE2)m- zMzHT)6G$r+c!i97ox{d+;t`x1-kv=ev;_nTTHg>=3kD(zcR2YWygymm(0_zQ3^ zdBnCMiHSJm+_n^JwnQwn!;&a^>Z`W)-7M`;8c{+%ISComQ>B9}pDQ@8_315vN=Ela}Z|wajgjZ#)9#8TqPPzG4AY6$zhzewYC|Cbo2c2+d zB*JfSZ3ge)&~+SwJdfQry)F@Df@{!T)3oD{JLx{ZZXyW23ZIL*VX&Vjq7!OnkcK)N zn@Pvd9r5_#FLt1_j(0zzQ z9WwzV0VgtA#?IGf-Q<>?AjEK4M;;F~>Om0Teu!#Be1*BGdfckv6yU~!YjRJpl4UAl> z3zG?MdE3gC_+D#wG}JJ`^|sx5Hl)I% zfnh@6t(v>;As-8us?8cuT&Jjc!;P*1plczTAQ*E=5T_?CBHLW^*+<^=ym09Ig1i-e zf26b}gNkzRE@#UpD!?!<5XL!0@W_p91foAv6@Zpk5XTLT@L>0;>jmlFUPvf@JA^%n zr3HfeoQ0&4PP>HLc;A4%j)g=(uQ{Pe0UU1WpXR%rH^?30)dm3LC8A2bPFZq`aEkB7 zNK?Ynq{ixgk0O2HGOonJsqwY;!+or!%;}cV@9zmoyuxzVo>p8}XSQ+g_CWRzOMG!8 zRKiZg8=$`U*|ebVSS(()q)n@Y+wQpDV=o!&S0tCR`=%%!bqC#9WajFlrKTwKlW^N+ z@@%L&dUe4JVaVRJ=iM3*qY$W_qE@o^p?i=>B4TG*aDd5)IC?*vp{5gQ$8lP&AAB>( z?l>$XF%z68rC_Nehfl_v#3Sa!t=*1i4Ablbx5!4Qr01fvfi3Pk?GO^tKEOzpZ6rS< zstFD39DOv6z3@|7{k_+8NyvrL_f#jTvgQ4yM9noOiO8J1!=2~+YeTLyJ~1J0JeAI@87XhNwpR$Yy_oy4(0Svqw!G9)K2tR(v*Cz4uM&m%DMsI)x$)^B zU5Z7;y++%CD(5IZUq-)z%xv$nBP(B<16z5|*PziQc<*fBz7fE*wUDRgy`4@PonFce z)zEU;c{?D4^+T)5E(@9V3|$Q!mg2-1E&xY%m>6_CGfjS9JzTc#!Inl_Hm$iar+Fg% zgGZ57|NIkk3f)FoKGx2TRJFKl1NEg#r_#D0;B_z8o8&AQ`10wUg9E9+#rfz+$+B_zL8vCRw$C1nQY=Al1Xl#*L^z#}00PJG7mKvPJ;p zo-FPPVr9H3sc3qRYR^$Zo<^6XvTDL~t+|{~eaR*{^kvL$fA{_=J~3>Mx1y~Z+so*) z4;(TN;WM30CFg9Cz@0%Hh&;o6A_Vw~#UE>?a;L$)h|vV{fDbPXT2{TuW%>_@LO1+y zXQ&i$d;OX<=U8zP&d7)P+|N&C21XKDH(R;WWvguLFtUuP-*J;am0GsrWCBVo#YGpF zMTmBYL|wHTa@dnM&D#?nIZ9FsN_UWZUxQmWqAB}Up&)pf#!!GIgmwurhXH8!7 zC$6k?)TV+lyJ@DH{Hx6h++jPe-G#e$NUAmD-0tR=*P1WywpL$|1%JsnO9%{_b;QiI z*8nV8#g{@$%i=m-FLFnRqcrdt*c)le@TGMF=r^yHq&+8dY$0m2Zl0G5yUj=3LPto7 zUge1dj8cBL)5^&NF07ExA-*>K53x6t^Ko!xN&7*ozf(gCqVO90x%b`Wi@8Ty*4Mp7Er{CF@!U*50(fcU{Fr3^7*=z8*>`Bhb z7?8^ZeH0yQ1O}gB3)s42!yD5kZ^}F)u@`i@68-u~pf}4D(h3gGHB+$BSCistPdNH( zEQ*VlaXzvXvaK_Grca5~MHNPn-h{2KF8vjqR#VVh5x7GdWW?%c<~SO{TFslf)1~ai zGK!=%5x&NPIEz^A)+s?axGl2GJ;%v)Ge0QEAb8Ivr)?bwy?P8`U^0lRa)MeMD$>Nd5nh0g`cCX7wqE_YLquqwy5dC%J+w3zr=$s0K zIZ@{jl~;zd%FOu60ulq0C>5r^7#hgis^d!(LSE^9d3D#3h(3|@F>QwtO~9`VyY7{Y z1@ECaTb2QU%n2qCDpvvW|p5L##4wK~!^qtdO;n zdl7ha#wpzC2_A>~u1UG={!0|sYu2l`DnLM#O^&kl?Ua z$iM%7nt-<8DH3sOO4Tgv$hV%|*Pt9TWP7~it?A!AmgF|@3oZTA*8aIOZ)PV$7jZR- zd0P#U^%EsQ-jOqiWQXL2^FpF>C#N0RGMg?7+@hF4LVeQ`h$_UHp~6Ux|uvpf9)>6`Ika=4mNUiZ8PwWX z)FBu-QNU2Y-&TgMjX?WSH>zB!b}uWOh}1|T>nti&YC{sRZM3%lYZ?btKR&V9!|$Zu zcUPf=`>KTHAVnvC>BqP7NP)2-J#c8KdlMgSM|1ZMnAY+pG(KGZ>ulB(SRsZWL|6tu z?FZ9}Jw!^Dyt`vb{-SjvMp$}ckJ|$dIwv*?Hx@R69i(pDkBe{;1g3(zZ71TWWyp%u zTI{nSC~TF7OfIQGRJ*sBSn~qx-i~%XF1v%PCOz@PY$@uGmTFV|W*fo!iu)YBhvhdg z=jJaF_MSRgS^7*AgwL+zwW;*#O(Tz~<`4F(cIJ(OrlH8SQQ-e!@2!KX-n#fh7_WH!iX2|;DIhqf}Av##cW;PWA1bHuB-UFkgAy_DiReD0*k7;WW zKa<1YYhq42(pSL!DActW+3)3jR?joEi=ZX=zJhfW_6j^gLW_upr_b(JKEvj@0G__j z9Oge#M-aqG9*RNc(NB!5Xt%Rv>3Luq_DeH*gEp|^%7K0WPr?F3mUHLpLRVivK@r<` z46mD;j_TnNK64!^tWe2uW`|_W_O*GhHJvMxl51S3VmJiygesC-#hrQ9Oz%G(KkX7& zN?|7BV?TdM+4;dirBlH`&((#yTy?&7&4amz>hsV^$J*4cC?5Muym) z5rj*CF5H6G%QOy&u{!eFxmJx9;@Xs6TW)Y>*x>7P^M(W0t)ax1xlw;e5O?Q3e@}zf zPe-q`(Cy`}0Xf8S3K+156EKIux*LK|mL`@X0o{cv&^jyM*L>tY+wo?pZgpj8Ah12D zV{H|?*1tPxFob{j2HY}Q8Xuq0XUgn-p1D*{ASZeHY)ouiNZwLAHUiwxnce{bcL>U_ z(x8ZtLP8V;^IUT7ZpYc=(6^{1P)k1|%Z5of4|emrcp;VLQ66KBsu%W9^)u~agK$kF zv%KP-@5=Bk^^v&gMg8b#tKdleKO+vx_(JOl4~9e zpq?kV)5-Whb4;fOF(z5Nzc8dcnX(efd{eo}@w9wX{-eLhKELxZ5v#p}oa|p0FH(F0 z+#r2fjhC{Shb_Uncu$Q#bH^K^(o;1LrbhkPdO~FDI_!jltv@(M9%Ha?nHd~yylJ=u z`i{s@I6HYsxz74(UDM1NI=ua?(FdcX;)BUb4ezhxz2>j`6ocWj(5s5@+-9NdvXYQ9 zDMj2NZrKSX)&P(pC0(Drx>j7X;~w6N?rgHczX-w+dKdLT#Z3-PJVl?B&B;7hl$CoT+$sS{xGA#%z^HuJfSQ4^(I7)9{%m zUi7YFC3E6Nihy|nJP$$Hh^`UOmz<2!eNrTq09 z5$Y|r!N-Q23?EuN5;NW0;mF(tz6d={>xR*yj%?S1rih51>U<#&$6KcQu}Z)FP{JTU zJC|iRcr?B9dMYo>rxTfCkT0~ShRb8qcMmfGDg*gko6dUub(+TcIFI0+%(u0VgSn*0 z-|?NQ6!r=oqMANn9Q9)!oSEraS3Y{x=H8}%o1BnO@8RfRy4YNS&nz#j*~x50adguF ziwx{K?3!hkJGQ~iFx9RPFE^%ALrj_Sw_1qv^{`~cSY`y=z-G2-T-v7pK(^~&IJpV@*%HR`R zXjox#6pCNAaN%lcUq;E7Y{1#K?X3;^u3&mXD+md{VZ4y1pyxNx92repD-s#3Go|+uk?ab_8g?796_05h#ps?FfYCK+eSPLBVV4*Q#dv z`J_#@!^+~@S7MJM^6Zx)pi+M}82Xy%mOMR@+?JO50Hrf6ARev*O;ISS;Wu8dE=QeB z%mIo;SBA)wem7oE3jyK`ew5YeH%bxi!N!>K<=n#I#W`%~K{)Nr+e}K4)HFRqR$1%3 zGU~qZ_SVOTeYZ14-f5GIO#JEMr2zvobblg`%(zF2H=+R7jpk2~HtHAW6D-`5su#NLe^QJ$(oo zTUa-vWQpHj(+P`COZ7-Ngl}DYT+|6BOXpBmybWo2Qz`U2ua;>NQHGQe{J>j+2}W8 zCKXAQ;2d7l`_IE%BjHm5!1s=~=sa>`< z55V_RpLiF^VOE;_b)OtJ`j89Yvu(Qw9e`i3e}Js3a#GfGn~+Q0zQkzKzf+uGR_Bm|~=>eiP>7(Rgt zw2&Ht@h(e1uH5gaCXg!IHFMtuK}hq#*dOj113?lLzTzTTIrp)4o#m>JCDSH>LgBZ) zws?}jni?F?7kc1ZDpwdy**(QkrT7R+sJe);;}@s`I%ISeuIi>-0ZUmS{2uoQi21TOB=3k3K3|Y0co#?(EUChtv}cpG)9c?
Yj zZH4d9T!Q3I^>p_S@%tC?E?5l}q3K}pE--HD^MGBL!glagX5c77ORcDUw=maO^lxU&Gg z2N6;l3W9NaYfdX?;|*G-D#B5or@3iZrSKSjqsPx>EM8XZx{Np_GW zZv4CWIr{3`Xj;R9??(4)#;d`#=<-w?xj^Ey@7 zD(taP&E*kP=0W!ELr@u!2QrcjTgdbg?d8 zwQ_nA*R82CaHCNP!8?n^EDqj^?jkeC-5G0J=#q1nVb7IYJUz;JM&i6VMK!YDLZ(J! zq633@OQ;ZILm~P0kecCoU z5V3$rG0f%nBMV%k->Z5)g^MC;i8R{@50OC;5s5h?r~J13|7oK99Bl zoS#0O0uLahT29FPu#4e^VU77&myghKL-NV)VS+o71?h?jYO;zkb&&)@lFh(nsXLU% zn$xU??9V88ymp}e8M+H>r4&AD0MnWSxo^Oz(0zwDuLE#&!V!OicW}ky-u*XZ;Vg|4 zzwbl8%Mb9Fm2m9|4D|nDLXdKNFHZa9Bq(Nky(DNd?%!lXD=rchWSD?Ab2_U9*`m2i zSU9SK|JamJi6^D9g*y0SsHj~x$ETux9ef#~!r&iJjV$EIZeNw$X_I8s$0xM)Ew?}$ zZmpp={eN(;`Dl!hamMc9!Si;=F(T<9Dx+OMfB^>PvlcN8kZ04urr4&6)J7!+ML}Tx z2=tpvFQNX1Q=^a^_0K^R;4fwkreneVfc3O?@%C1L}FSmC%EY^iah!OLi$OY4hldgv!*+OU;0$ZADXXG51 zl@jMa-!Yf>QjWLpg+SvpTE8)>cMpvm!ot3?8wM{kppoT1xtYAO3f62qO(u{pMZ$89 zzi5v#raEM(cTm;5Mj+liDe>!CI&ennuRNS~T$^(opfSfwhI(nMW-^Dxa6LsE6|08G zla+?oa1JV^NN?TpSjS5w0aCYBpRY7$!=B8Q4XvB`u?eer=PInKnY(3{9M$jT(;5i< zM}=!oNN|jS^!h+#{Z&9*y3Ce7)##J2FgLr}g)h9G9qI~0pjX3i87fs7sTm{{OHCn4 z+BB%g1spv)7oe{MrWaMhOigLYGJIET9)B}`E0=qS((lK z5zRu_pf3>@wfnY%@OVa#X~`Va_I*&&+Ga5ay~tm&D}6Bve2&T9-=azM-uWoMm2hFrA#gqe=SeaR53;_Qo7(6!%M@jS09yQk7q+`P3~L=urg=t6cBPw zRk~Ml%t1SX19 z<`937tljdEs+DBK6u86qBJ`Cmu!yY#Y$b;j^B1o<0OeIpq8a&9B2XX&oFK@OCzp^6 zetSzzNEsjP-u5d?w?CTB%~OmVd`o3<(8BIl8;#8yP(+&$jD{F>mp1Ak*YNn*U9+S} zTLk#uzoXUX39)U}dE;TaH?5L9{dVyul|0~r*FrJX+jcI#ddl2~PPQ!IE3&vkjH1|g z?li0O6Fqg{=5poEeaXFo?@MESkuQk_gKJYm>_eBdW*EGCP*s;;?>a^J6KM&1Knv3$YxNCbzImpw8c&`76PXbau1^=<% zirTGThZkj!|MM=s^{FWmrT|x8{s+x+|MEI`EUW)L*8eL;OT+>Sx{ixx0#GuINx1V{ zljXegp!M1t`GmW6pk3IWex+{Hoa^8rZ8;B7%lc9iRML2Gcd@T0-)c0RYOJg4*TpL< zUc`inUnd|>b&e(_==Z8~mIH70aWXCbja}TZBTdcjf|~X0%pBd#`i9`&N-iB4=ZuGf zOIdcNJx}yoOAMl~|0+a-e2M^46c6KrDeE_P+mr&FR$^(fos0n`!fSeqv(bklTdC}n z!m=bCX(+2fl`k z`ENY*DZ=IN1;Mow1L~o!^}+)BS9S9Uf8Q`vMQNxqmTM~XmHws-dXUIJsp>-Vpt*J!eqJYSys!)D8RDK3B-E-%c$%@Yru(K!e^_6^lL@YfIAl0RQzx0{e7Px|U!{zE^_oDnjFn=1XS8((Ut|`m zg35^Zp{Sv=0ck6hz&M_t z^Je6mpMU?yS9*E@NB@%7Cj+au2R4Q!OxPJ|jsV3n)dks=E>N>&8R9cE7eN3JBxwgU zr8>CJ2BV&L(R9gQ&Jn$ZCUy*n$Eq-s?D~h%Vy)c~Cn{K*zO6|e4Sm=M9+G6N+ux$f zAnKN_i>RiEKdN-s_gXDn6Ppf{quO8uqKC!Y4S=?Erm{W2VH0qa<1AnuVufOA3h09( zQI7*z_DYWR8Zn4e3{Wcq(-2@E3ZYWDF5LQMp){f#nu_}L)}q2Ev_bF?YF~NvhcP+z z>^Y8JI_}0A$rA5E#5t&Vsq-No`Cg8LBS~PUeff9HB(NgM_K}mgLZZbij`3AM!K?Z(-2f^>ZR)Pm8 zJEq2%5ab%a_~nt%)g$A;<4dRyilCc;%BXJy)VQP^^Zzk@zyG)XAghRKYl+ata@`$M zfG`(;w{padt$>IqA843%69YweGub|9hkm9VD%QN0r0Qys8+mKFCD>NJO>mfrb!#c8 z+!=MdA9^-Rwt%(zl)Ro@{`U_=L(pwOPEo}~B5Srqe;umx6keV8i=>_!>Ky>AsxHT% zoH1FZavNuA(?yO3)!lM+h9yU|ku`6H?0rDk+RhNwK_B_kC8oxD%p0h3K8l3ABNx3e`BnNam+{ zAj|=&gOxgliBS=DJO#vrigRW8^gsZcXaCa^?Bbwjl{ItaPx-NecmGv@ilhR~2d>|^ z71PBbsD;suKxN!WB9Io~)0`?G&o%Qw~kSZaiMXu>I45eJ>PhQIF@MrRNt1g4o%Rj;*?LK~kZ!g1;6dLSLtsZ?|>R7b@1G zf*&f0kNW0Md4wmLIV zk;~+B2rj9E8~6|aKvCvM_Qt>kvF7?o5m_pPJ!Nv)CFAH(?fnX6++==sjQwnL9a3$t zB?8BoeUkqZ1JSobe>i!<9^vUJejI+~YkqBG6AW59!+V|teX@!h%^+0KUh3C!Eqdzc zQBGCqxwO^~_W77BylG_Rj78FE4x7o|io`XXCHfAVTqO1DtdH-vT9%;6rc6cv0phvZ z?8mDruZ1NO;93Wz&fCOP!hp88VT$qI047`Es4|xG&i%{~^;{X1o0Q$E2>znjUK?RiFr3)z_9h|ngf~w?A z^Jl)CKg>3(0Un$P2Jg#uTtjEv;9X~gd?WtD5EQ?yZ2>VbE13O6>vf;oKU0hkY`FJh zBjSA#r}r(2_^2%mhys|SINW8E8}P10d*6rdC6S0$uEcPweDyDkP(v=j;Esx8B!XE+0NpJ&wp=|oKmv6olh9GO6%HGX6O ziRc_SX~dcP;l*Esg*kgwR5ObO`24!asaXHGh^oxkQ{|v44ab4@E)F|6v+jBW7U_C( zdQ||E?&gj~{Na$?ZHKeH{-Y3)>PFa7+aI=*MOH<@#}D&4xsprS7O3o#OV67iG^!9~ zW#pmqIr96MGDfx6B*ng^Zg-ZDhyX3jH29V(W?2lE1BWHFGoX?`V1d8qX&otNzVK8) z^$84BBo_zgtLOtNGH@JOtzO(Sq2y+AvEDY~^yr1Lr{r~qpU8LM%PE0PENLa?!mFI&x1yRi3 z&0X)bvxw(PXw)Qym#L178-Uai4hqyajT*96^k1@|Mbt}AN!bCwB6v{ea5pOh(y+H$ z^Qh&)OIPn3FO_t`$s%rAQxHJ2!nBfiG6s+Hz8e{@TRR|}xb|(>!oB^K?*sqz=zq^4 zr=J!uCRaSq18@kfg46E+bz7jU2KD%blOmP;VHfcnqED+bNaVvPM>o91l^(b9ypH zDeJ{_QMZjjXaB@1{Q8m>g_!TS;st6M|2K zSrsq+t#f9Bbbkn?8Ygzm6Ayd)kHjaV;8T!D_E_tcZu}Brt&AiBU#Pztx@B{6ziKyR zn1z&qeP0lr2k?~~<$!Ue3-s*rPSoFO`Q|JZ85RT+YDs!@Tb3{dmTFikgMa+wsLt?x za0_we)gO5KhuvZB0b>&XdDkIvv^_LV5RF238`4)_QfeAQtx*Vu87&bzWcZD?$lv=23!i*_CG<$H)g(S<-1to~Oh8{q_BnZQ&4? zS-_}QxMQWMDuaVu?pdHYVlPw|E~XdmBtL;M7!d6GcJ{`U<&WI(ch30ZCy{glxW)Jd z8S}2MyYq1cN3?^yA(9HOXCL;1V$@}o!f*nXA0WX@t#+=hbeba(yAfjczok}3+_Yul zVYnq6U)NIrxoD(r4TT~kgI+Z6k<7sla6*Cs{%dR3`E$T?dI+Gji_joTmG9eMq?327 z@6B@5EqC56MRqSK-~kZoz-+JYRki>c&!bvMgs!(YcmClPCsIuSYbE5fl;Xxj zW$ZG5=rt7e##2gtp-j<~y&ca0wZuWz@5^$!9mO)w0*Vq5t$!(QSc>7@i##yDi3ByB z@(}Wi;e!#W0~X$XSr-L@>0-3bcF}nn;^*B!}iTRtx%4!CoEYFqhr=7L0UyhEO*YS?dJAE;F^} zkxnZF@(dOIMHI568I#0K>g%gAWOU%lBP~2%NV1O0yG|p52yzpu1rLcE(E%OW4`o-o zf?KqMEw0DoAQp=-YVhWJdK9v`p_thCGJs?q*UXFdNrrGSWN84Hqw2S`<}*_%FbM9 zg*z9wgnE+cCn#hufhJK7PDjh;QOs}}5X-{hp2&BZ9HWFS-p0w9ArF{6%0*9N?$EPV zsfR;{CuXbCFTZZx|JYO0uM48A0^9CCI$$>tyzDI;o3B9h#Au?_?$`oVXnn|Wq-P@N#BE+qCKES+s!-!ttgX zktLHLxnhuYQP$Hf+q-{`6$+_s6%Y4r7)|weDD3N!mn7bBc?G~ zR~^1GyJm~I^>C>6NjY<4$qR~W>kql{q~7#<55!no(E2`&npRlu<#)VV>xMmb%`q~N zGwL$y#*ORCU0jIU+A;AHZG*?Ju-gKm%h3Eg1zu!?>ARM)J@Qc=IGtbt)i-x9{jA&d z(v!xW>fiHx`)*NCF#?;8X^Ap;?uuhCE%lHU5B{I(H?|TQ7`2=Gn$}m|uP?CWtHZLP z#$#o*nqmHj!0>x@Lx_Or7!YSJ@rP4+(@2cNCA__Tp{Mqb*UVoFMUWP1JlgMT4_yB5 zPYQp{QZ9h9{D7Bq<-UHUx%I6EG`gaP>GtIqrmeJc^KUE;>J75M$K*@k?_-la{y z)-4$lke$=9%vSn2@gnjBIYNDv<{xu?YE2HcKO1*6H|6Usa<8qyAN@i)(l7OE%HUrV z6cECB;hbzyw(-w7PKYFT)CbY=ti-NZT^NZ=3@;pd*h_KY*CT11f(JKkKk%}mDG^wE zOwzK$!fGbvmzbYVUEef4&bMeZoNN!@dF~#CX7)=fuA|LdaNP+#xoVAfLmgEHO>#fq za!?cpw;|i`?6HI+vi5(^6rF8hNJoag%CEoHS#+=U;AibA6}p_(xb%(k!p0xIonpNe zFc*Kfr^S*d-nBe#^I~#^b!lrH6zsmSDmZsQ*Wt0Y>XtfAx6$7PvoFx?_%&T|s^LqP zc=x|8OEIWj+7e6zr~d1zVttOc`;u39o2BZH(&MJ_`1xgjY+mPMP&^g#3Euqe{`R|qy-;?dI(J|D-5+1_^AAr?;B2p_J)N$q_=lwP_p@sd zKxiR3mY2MFe*g11(KkE)92Tqhi`Mwqe;=&B;A=hF+j*1W_qP1QPqY^cw#{59Gi=%v zqqqKivcu=#Yl%I^#{K&Yc%OiIJ<*po67zFRHt&nS{ciUw_*%z`tQ!9|+JAe=kAGWm zVL#04bJJFf^(w%Yq59{@KD-29Yi~Ed{=d(_2|}3Hi4}nY;f^}s99G^+JxaawwbaxByeAzLnC5`H z98d)c-DyaOWE!f8e?QOWpIFbrO7g0>Z}o0tdIpu8k?0r**wPCLw#SePJQB)7>>g0+ z4z?YRZpeK!g9SFFpdd6>)P>}S>iWn85Yh&6Y-bu2BbCOXSEisLC@fH6e+bMlgJK+6 zEHwl}9TtbwR5+V9g^1tl1-duF@kj86^hY#yF5GJk?ssRBPdg--QB7fLOS9yfBc`vN0h21_mebjC z=y3b$i6EDs`+}7R7kOf0OiGT_0XFawiqHv#0YfwueW*Ckp_&IJj_{f{b_0{6s9n<{ zWZA*jA-_(63nQ^hZ&!6U@BuHPf~BUaq{mU;5@@f3e7BIp0?1VG--5<~4(dR{N0)b) zd2XJBUn|HwS_J#T$?|lf`_D^XFsXItQpZbTf$s%XvWe0W=1|l>p?BmS+#poniwEC) z3b{59rRk?*!2vg3%Jm_cdEpS;#ZRMRrY~I!+|t^LmNFr!r;bD>s9=~FFWpp7yk)Ui z!+3{5x1DiraNw^o@m;^C=|4bqB>-Q!!*Ko?Umt2mtTHUmdxH-^ZLt@Zy`8je_%tll)#=miQ5EiuWvX+G7G|YUP*x} z$w}OJREt?vJ2KSHf)|gf>M2uI{E>hqCD+2FEh-Wlg+L(4B$qX37j_9oJ++Px+QBvW z`a>+X9J*&uO|nzS(jVHMm1G3k5orwU{5o*F_*}G13o;4?bn}yf8`qtXd*%Z^b31xI zOtYSrW@Hg90Yg_dfZ()jo=x0n5juo|2G|$ALSFO~CCI)He#DOQfMW+?oF9`WXqR*|By|yJb$r zC0Ahpyh;?K78^+uk{k45JpH>AINE3I?Tqrkb`f=B?+Cjjz3Qi7XqBRKK!8c6+ zP%~vHB2X)I-F*gty_g%9vlsb07vxq~fVNMID#yMKIl=*59EGYbEye3D9brtIkeUFZvQSh8Evzjg)M4bUMpWYf2ZS zrehsTsp}783axl)@l>2vI9wJBrr~oQgS&qu zPj(v_XWOia6e6q ztKoJ8%ivWL%djMVb#kfP9RfGb! zRT%b#slyh$f_Jw3q5jGI?+9s~%Gw`Ae_3o5+#!Do7vJOB;9fMRgBlwQEwSEpNc@XM9W&I zdUs>AbUgiA5*ysQCJyD#7q=|{*g87Zam%HgV?qFYEZQh$k$@4fsm|V8I#)1V25b^E zK64~>6($zPjip7FKp7A^Y+u{(k!vbYghf^{nYlOxyjsGc_{L^+d~fS#a4uarg`^!r z(1KbXITe|W^#EgEsOJ6*auUHLzqT>PIIhC6rDS&4Hs!fGUVlC^JsH}s;Q&}SASMyB zJT?-^_1*+ArKV`TEr_}d9tuVEt0_g7reK+mr}JZ)`1K^JVevHNp2>fsj+e|JxV&X? zr-0x9Bx~o`I~q0uT$tasN`6V?Cey9IssgnvGh-i29S9k}o&^Bm)MTO?I z4v5Q3<}9mWL&p2D;p10hh-D5%N+)-R%i$9dikD``0)HGE0k$FxP2oaN!ISQkr6@;8 z?f%jA+f_5JUK z(GS1b7jf*7tJL0)<)JfHmBDj@g405qo7FMNXYo9{J8kGW-NFW-lc8TeNw09DySP(s zotsuUM7oh>2SW_U0OePtTx)L*g1w4tUhe6)kMt?l+eS8zqt<~eM4UOgY1#fL6-7k7wPcwfW+7bo#q&^(EI%ia#Fg&v>7HabGS&Dt!vSmKjtOb84KAk=iX36mL z-Xw&J0LmvVAwc7pd5i0;jr+p8TeWy1u$rK3!roir;AfnBc}-FrUV?3;qFBwb?kE!# z{ahWbAg%g2aAQ_-<*3iiUq*%0{U4tZ+yGgxR?N_OhnoBRsnL;r+Bf3%uYKiEAar&?-WX{bRW47#=Cv+tiWE;9Eiw2WFI>P2+K(R{_-^B zcMm5_e}A@a)e;nf$Jj%`_`Saq>6o&h+`cqDQbH}}t$vqSAYAmrC?G5$dV4#@WSuaW zk�kV?qs1mRnxFH1N<>N;F_BX5%XL<#7S><`+1e8ZrQ}w(Jz%y*Z!@EiWOaOYLs< zif5hzlb_&_V1J90$HB%Q2z_rYOxAcgaICE&N&s+O9tf>ujg{gHeRs~e!12Hy+^uC( zt>aor`_(EaJ2SJa0RCTnk&T>FI8Pnl@(@h}e5@-Xn=4XgMQpSTP zdI+GuHbd0Y7Wu~lpb`}=W7zZAhkkAdnZoyX0?ZSa0xHCHXsmi1ptAV-*AdZXF5i)I z%xE>szy_{iPgP>k5|PClzX(rcxQIGwmhyrwxDNC}joMfB*n3uzyzJxT=ahsol`IC) z4ONrtkT@1cyQPuKiK?EQ8@8K8p@8JsuN9l^t4`2?bV5Wk`()brv}z#ZY>|+&ZOedX)+xI zV^;@a+fZ<>nj2{OP|vXfcvVnfE*)$3r{nG?^e7wwG4Z%Osm<{~#^V}pKhnvEu5O=j zJz9j^&_g(w5m?e<{BaLyp`xCLf*3~YeJm-qyW?Jd^*|NJM5Xz0B>v(}th9Shc#xFL z(;Vnby&B&^ghm-W?7$VME}&Adl!(v=r0G5Wpy23FFM!DE6hd)@krhZ@#z~El-BBHh z0-ecTxeydhF-6*FC4;lPM*aS`T+BFqkl#xtEMI)rirm{X8#xQx3Hob%06qTJ z4u{<2eEo@tX5Ehbish)AM>!L3zeXy2;>VsKEZ)b;(kSI|YiIWqTy^CT;uJC+e$mHN zwi_5JOx*4( zHDk3VM`|RgE3qH7_&CNYU2%(3peOW6sxvh9GqLJpb><6-d6T}&tc3^w8Cy)Q7UCah zLPAv6mUZk4guvH>REVo;gLrXTU}wh3=Q}U6-B{p+rS{f3om+HSGkGqKx^)djM5GVQ z$?{Jk`Ob<@!o8di#(H{*i_-!uV+fT`K;$URA&PH~*o7&lfnC~phsP7|6)-EDh zCvTC{I1MO>*f@9z&fds^_%xaAL#Rf4^>~3j+`#E^qwrq6R5ATbQ54H5?B~_Rh1Km} z`RwY8?wvV7cvzER^W$HoJ?^-a;yoUD`>KKkx2irUa_15NKhoQ$i|-CNE2^a+?~RvhmqlGo3+4e1df`@Vbv|lUF1_WX!8GTOe;^{iYwrbj z@w&?8J?6)C(!r{(H~)OU#5IsaF7#t%{!ngpesvHs?0Vj=<&75{7I%ia79-+y=t8b`q$rawcJE>63)7uYbH{=6 zOrPy4h!h)MiXb#F-18Jl%O9YU?ldx6kk( z0@7$(*|9$i=H>@)*$cSb&X70%UJu^I!3?;Z3B#kSKkLqad%n$YN~R+QxE#5)=f79P zPkqUNbMOB_18aT`06J{2=bB(&rJPKa?xyMp>mY8z+JF*Qydl0lPSC5()4Q7-=KLdF ztjZ-clg?@fZWyd)PR6u@))9v@<(0=HQ9UR;#2p&%r<7 zK9XIdDTQUapC9yJT(dSeZNYw5sJ&*j$}U0bCYX^G|9sN}5*Sx5zT{sGNVtV{oKv!l zwo1?y&Ri`Md~X^5@Yl;=`R;yEFzAd)tos2_IG60m%bhA2vZGfEa;@)NZZ9g4G~c|i zvqYS_rU9M|C-N(j*ql>48y$j0IL6yMxjq_C37jAFhtN`*6%Y^o6HTSsH!?2ud#&!4 zcdn_E^RXV_sI*l!v$gJjCB5lHD!2p%da7L(0~>ow5p@(Ip#1_>ijqY3AP}w{_qE$kH9A)s9V3mHyZC{q3zb4Mi9c0^e^%WL)^yT@DWm z=tHrJMev`u;m^A+GZI)l2l-$4o3?z@|JM!dd8-kZ%)gJT2sdF4DErnshawHvIvS=G zY|&_>B=AzgdEYUl;hP4FJo?#Er2eP`nGCIFuIfd!Eu603C^d@bh_Ug*PUE5OW!JSqBFz=K;U^m(+lMZmD6 z(4;piHgl!=bGI3bWi1ZJ)&b+u8;WFJ5havS&bRH;ptaz1A&G-=m==3@U0=y0f|SY= z;d?|%9K0D`J&Bz57PQQukdLjiPjpDhRu!j8doN4e$j292MS#5WhCs<6kK7j-Nbdw9 zlkz?*2K8Y>F?d8J#9CECL`x87)qd$6kxh6-$ny+W^~`s;p@qYjIt#{B7H-%RyBPAp zWGEa__oZJh<`(PSRUaQdVET=0@VGOoFRmNtx#dm2WwEGvo|<<`%-+6j@wvR9R&I}a zcGEY7YQyhYG9d!I!9bZ9g3*nwFh>eY67A~6II;4>==wIj^-*BhyKO+Q2XxlBe;0_|sw z`CU0sviBwWj#vX8RAZ;J7`X{|?+bGPjzF1h(^!f1(=}j))KeO<+LbI`B8q#dfHxh} zGzB=AJRloJYBS)3$;AZp7T2mTiHkq}&(YN`*~mKsqF?F=Z$ zKovSv3*DA5p@ZtsAqx|D>GPMFv}1aX;%m<@OY;|h7t56OWA>-CJ0E6UaXMS;m5BGP zC%W}fmvw>SQ1y=3c(7t=lafGrDIeV9(xM- z7Z|5#7S3`2^q9+RaK4+q>1EK8?MaJ|GbZ#*Ba~|`xy0CBQ!aLNkeHh1uv*4axo!a)fK%7V(W_PkJS&UyH{6aEVk?O4lk}pv)$4-AvvD(YXG1V26|BXW%5iDt)Ql? z+-#Cz>5FdNuhg@mUplokct7cU6Bz12NajVo;vs6dBDXUNI3J%8ODP;U$29g`+o=cd z&3;TnJ)v*}Lps(890S67g9#l~D6Sv#>;1q9eH)7dzcVvmVbeow)z zk?9tV(R9N2F~m?CGst=2QzOO|2RLFDv9*MYq!YCPzPRx1XxdGez=mjRS(Rlq!Jzy{ za!x&`3w3KFg=V5d@^%_Y1dPp&XJe}hKWZrp>fd!JHp!Y%dX@2%cE*mjN!oxv<%y^g zp!T)EYiNJu-qLV_s>mKn+Dmv*OS=b2c90$Bf|KTv?DfpBpT~!Yy)!s$3E>mjtTh`G zTvA|_40FNA_mp_V=9|tMUeExdNUSou3Gjjpboe}o#c|pJXZ2~kaoZz=Imo@AobUt5 zqZW)uf9EA)ZWufIc;eI`_Yyau1;hb>5AuMYeAZtP32N^|s_w47?K?tM( zlgrEYtG6vPDDZWul1EjfWlv0MqYf;xT3Wqp%M3&zHSYMqG3w2iDOhlerI}K%I;2V^ zQK#-^qn&v2*I}-Q(KEz~5ykwa7gHX7oGnT#%2wwkxtwhWjjoaoymp#SX4t{wheTit zuiU|~EtNxLY{o=UOEvU?Eo`C5d+~&J3pkZR4DCfE_nDzn#C^3R727Ph)fqSno046* zOmmA;)lx858nccjG`#i`AdxKP6s>m2)ZF!SFP!bPC*G*a{z!iY?QwS5KT>$@rr6P- zH5`OwZ#+>_<(vAqHD3=Q}HD0m9*fP2CB=#gpZ993wJ8KW8cw)bepDi z)j9fRfIEcf`41Cwbdpy#lFpAuaHyo+#m!m1Mo&dn;CB>RUfNnL7W?M z30~PJ)Ad*+>kSfSL}bU|F&DQ)S2V zv)7QKwaeZ1;Wf+5#2?GYN#xy8L0Z*E=Ms#h`>&<Fx5cs>(zs;-LH_NoAXI zpnf{muH8CEPqrlqb0DmQD1n@2Uz|}dWpS~6Vr$x%w<(1IS17)|wcZU0jTInN9gS<| z3uWFvn0EV|;8CwbGv*J~^S`Bx?THw_WH``%{~fFUYCB)T`84-WVsr0|DkWY@J693i zaLt;Ekh{E|l{t$Z>Y|jdr$K>lKb9z*Ygekw6YO^e=6Xb0)T#CU7XA4He~M1L_ffW- zkw?1Xug^>6l&`mzX0Kosn;xF}yhMle-W;HLMWnzed11Z&Ho#dHf?t4>a}{=%=8@Bv z48nD*g-Gq@@MZ1Z6Ck#)fov$kHw zWpekqr;SqIBpuU^qy=lfZX5N~nZ8jsvP(1Zdq-lg0rrUP6lvSZKl-{`fifppN%FTGxvxkLf>3Cz# zocoHC5`jQw6&ubY&2Ik!p%34~0re3cu-pBS2XGC$<%-Zsib%~?nr9MI-wxLXwF2bcqO)Ks= z4p>WhM54yR=I>#r-!$^{vuDHzFjFSFQugr3IXo90#Zr)bwTfy`YL7EAX&n8SRQbHR z_v8{)rDvnQoY#V}O22i%>PM4pv`SJM9hFoG-R;THszgFfU@}zeKDp{kttyM8)wu0i zqf;EhGTVG_<4zU7n4?B6z6bC<6;OxtCsul;T-hM&C_W)A9N0`PMSp4VtCYhv>=L8! z$ONQfefED%t%%U2iS433{kWIUb?WZBB3{qi=T1}+^%A;Wr+w0D%5bp3rfSkS=U6rG z+>}Gjdzaelo~}vi-4(NKok?7c0o8Kq(gz|1+ww~}aasun;+2|Wif2Z#*4HSw^2|I6 z(h9YMXn7-=^kM>TA8zGIt>mRjYJZP4lT8NNM&H;lvV?9G&ewmdY?OHt8yGi$n%rwA zY9+AoC1JVk-d)S}@|F+c=5;j9>&kjOWtyvh{`ygdlG|&?YKlgXmJcPS%h|q;qu6=V z;DUwV5vur_49Vy`W{;sq$C_3d`EAPhOl6DGN=?1x@1O5ha=&em6XP_F@}R!2A9%Tx z4m{DPd3ZWoD1zV3?7*C3-1buZh{8;KpZB+~%cKV{`CYGy#WET8tbHaLKYd|lTyR3m zkuiIYF;JP_FW5eGx&N!I=29@IsaE9_It@xkeLzrmcl^9;^?R^cGb^0A%howXu>E_2 z?^tTa;mV98>O}QYp|V*jA(`Y+KAtLfibKtkhw}q^&N1qzt1%Q!PJGUjVsA3&dEu5g zPGP2F_}56EmO}Pi!aIsJ%_D)C9eTaCZcBJ+*9bwY_mC@&pZ+Xr4&Q#nM-!~IK+Q3JgmVFaN@6Rq7^`d3EQ9Y?L&wQtI=?V4PBx_dk$UUcB8J0 z=u>nKW^dL&pB)alPUe*i$*z~WCT#MB_uqY>jgS`o4B(c#Po-!au*}#y|Eh6yAvY4p zIHs9}M@4X$(TBU&cl*u{ zl7`NUGmD3*pI9`br4&s-Nm;_ZY3+dSW83_qYs9H)RZiN7Y9#U%s00yFw8Jdg|>egW(IX2a&DRFsOW?lYTPF#sti0SlI z+G4IxmY)~jt4|UqukNRth`;*qE_tt)xafYzQ3VS8PpwKgdb9f&d9Uxj?u2on#KK=-cWW1E-uX&Ch+Ea~HcC6p6$E#QolaP40@Sv9l2^%{lP5zju4qU{>{!i*Y@ zPX^ih14)DD+g~~DY$UrR^eN{8d5KFVuNXW3rp}Q%UN!0hbFDj?Gj&9f=K9Iy@Z9qId8$`h|?HQTIB@A<&{26w#sJfr?Ws_nQA zAi-A+UG~sVvBipc*<5uzD@$ehE#$FX&;`crBNy}T0|QVNajB=N*!bUfE6U_&96ZmOw#esy`*e@VQ-l7Dy;F~? zjdHJREbv@68NDM&TgIb|Urki;f8TK;q|xhWLffc>rvE3B2w8_qQIev&cIc8h zoqu(XwvZp9*`5de24cNT++JjK-U9|K4G-Ls7+35kyLLP{ig)U!oL+K~f=}+VZ@OnfJcyYENt!-iT$a2=>i!Ac_l)n4q4Df zkelx_4!LI+b-6@2Q5@~K!5T71kGFX$X0jBy_rW9D!D^vL$`jwncI`QyY8v#!NB#+CVWV=<)5C64e!3xAJ{WQl0a3(qY*s8;a)!9o6 z5Bv6zlvbVhN`1r|5!E(Td|u!Stn0AMp^$XWb8uutu|HY zuCqhAnu&-%#g{A29nWis0f~XK@cGXEMA-Vzh+Vq9s9Rvsx*qlJEgmb;dWWaP)XXfe z>u%?1&v_=J4$a;}p;`h1Q$yjqLoW99rv!Lq-N;-+v*@n7y{Dbc!qjd!kq=-GVdTe) zOT}RP?Q=D1AqW*e#mh)`w*sy8t&L5AIxC=h*5zaK1_BJai0xz2u8F)(-Avotm}cKBVdCY}Y4 z62iV*QU3m7Lc>+10qbPlhwGL+S8_0T1Vbs^sUGz=GQbC z-nqMyji4|4k5b4AE0+sWVA&;_lZ48@$1FtH+Ldup#fctk^0GU!LwA4+2eFdxB}>PDqYA&PEqON`#DYZIvw60A{7u9yCuzoTL#CBN(rHCe zZHS%_VVBIv)q?ESfJr(O1t#a&-r{#delsNY`D}zNC0(rMvf{>NkckATazV3QL0R%N z@QD7@^i*0yDgGO*a&1XpT&0VLaDy(jgF6nvlW7g`*vFuG*rr*+SW4YjbriZOq$}3b#5JOvW=bjB& zMXF^*YVPvK?0yr%F-70pCK1#o6|(S+9liB*?vWRV3D4;Ph}S3S~Ne#z+XP<_%6y zyBXoyL(;FVrQ!Xh00EYryRiVj&!@gntgGFoADZUaoYvzHXkYJ4+M_1FbBy$V5QpP> zohLdql|(}cX45Vj6OX0n@C>*(ia%UUdBp{nfF!`LrL&c&M?O=e!P#@AX2QQ=BN&y) zXaB7l`k!SXGA|@`9a&Qy6!K_RX?E=F?seuVGk4wD-s4Uu-M2D=Vg0iqPx3^im9hBp z)E-|RKHw*1vWU*$K*Cbbk7F#%_jeV;qLEkE(b>`77Zt3qL=7PtbJ0|Ki`3#b&U_k8 zYg0k7(D7;?g~F}?<2CV>W&#<1TEl}K&Ue}qZ)v}OF$w-!bqm$rQOy-Xg*>)F9Pm8HG|Urk~ZQ36T$IJYVm zZhqfWEEZddws%hu5@fWfX>(l)*`9KxLS7aUpvvsTTL$m6)euCaSBQ0)+Pn~8DYA|v)D%`sV~ zZ0ku##vaPOyczMxH{^Ah_BQWw$BSn?O>avwx8Dv7RYXT=eHtct zaic?8`W}JP-DQ4LrJQZ%M)x>NQBFmo;gl@%2LkCHmIlAmZ6*F_uc(N=J0^ zlTQU(zPXC4JZ3vH-r0T}=bxqIO1)$nW9A~V_Ens^=J)f%MY-RsLA7oRV|%_eLU*^V z?vezxUE8r_oCdx&H4YiCmzLeRQpDG09CJz>%EFf>`(1O1VY#hZCjJ~SE#atx1e`bM zHW|;2PT+~zMJjHDqvT3jhNW*j8uB_+4on>GGdPSl`F*WhCTgw*t(yArYePPEsZhv( z9j12t_@J|sk1nSMQTm5iRf#J0&eN9yN*>WjqUl8r)wO;xum#2ed8r#94Ic6B3nz0J ziG^w%l}}c$6gyvPM(0l=Q+FNuPKR`!%IDhYzD0Toohg2zh@yUOB(8i^to4b5EpEx| zYE`i3y%58byITo!QM+{^V$_nGq0dIaSil75A{s#^_{ySX6DKO@hAL5LjY!j>>X&bc z-fJCD2_iFrOz3(aP6 zK#J2JIePSEIA3E6?koKg$NLbyo(Qdj<@%X^Pbb%)ta>dI3TQy2Id(8ewt}Pzg%+&Z zrW%7C*UzVzJFKP(=9ZdH^ghjHc;rpI|QA&T5b_!;qPy8i% zb99o^T6V-NyiP=w1bmi(_Ndwq1faUke)pyn@<@naD9UOYy>bs}A`&NVIam8G;%$eVOKIRQ8yb;IvcB>L15@|j6Ac_IY_bEcedNXUP zIX51=I&y0w%;J0FWMd~6h@WP&dO6%9dN-TY>%a0`3s0j`ozLsu8*}4GQ0V3?9}ERB zro!9PtLj{)qL5m=DLRy%Z^dc0$v80PXsvjD%Yg}pIx`8Px(uO|d#5!of(KM@i8J>1 zozGQ%ujfYAcXvcPzS+%L^fcNSvp<=*!+3d7jJ8$LxsvFD<6*zvp(%bPQP3Wy+^Qs zxlzIStWIy7$%|&tl5^NwD4?va1-C%oA^rzgdP?SP&S#CqK5R~2!Wah{lkFYy>M9)- z4A2Lwcta|64(EDjWlL&eDlg)Vx6eseYVCEz+d^-tdJdeLlF2ttye_fsk%A&%2YsP| z%D7+J7}@oyk;#WL zDm%d;t)H9mir;PWi{4Yt)^LyXJ$$Yf`>kKEhAbmXqT^Z6qQ(e=-OMtXGRtJTu~L=R zZlc}_|5#Q4B+Y#uQBm2hRyfS;TAeP(`<57c7L5nbJj1MEdxm(5)!`t}xndu6}k?L=~*((VUa0ja@B0YfU zd`j_9O0LDU|MF>wNczQEb63qXzJ0@%`3l2wWxO^1ZYd-C4-KR2lQoG`>4z+Dg%~E% zy$5+~L-jg7c*aNJZ}!~6-n=k~)2Xf8B)KB)VWy}}a|#bMTAfe0Qbh6-b0GV=QGezD ztttL$bZTYLWIC+}v*&E+Y8_n&q5&UJWfc!kzf)EviCZoC8?t}(aC>;x3#1K;Po8%_ zhYvZGz7hEBq&(*YIJx=DC51JMZ(vNY{?} zg>SBjE}&nvRyd5=PJqCM7P+$AGU>tecyZ1ebXGE0!Xzz+{CR^==6sO6LDyqbN4Z#U zfMhNoYQf7-3^&E3%(Ti>4Ok`=P9+(qh*1q2n;0{hpCIWz2Z%C7I5wgK@%wEu?@_p3 z{zUt0#?{X~(dp|%og_34MbvQ%hrjv8DT+F4hiLFrO=R1n_3q%x`=93V;w)8Ey<(k@ zv7E@+1G+Q9EU87#e=$nx>JGpAUGQV&MU$MEjT`8uu8GlcH3GY>dp{2g=PYUZ56xk5 z=29h=Z*I8*T!pZ@4%gzNp8Md3gbcvZ2Jx<0LBvw7^IiM9+1qc&w_p-qRq*(Yx%}tjn8V1e=0>=l1A!lp8jNW`FK$yNo8*7sIdxWQ z1>^px)aHC9co*jgt#3I^*U!8%Z!7&k^IbBsjNgEFuAz=mNO>_i>dSTuPhQ&QBt`NG zQxp72M#^CN!v6M;m(7}Z#;-u8G{Wik0*Gu>AiVL1{DP`ce_|Ix1yGqXUy~COneeCE zU?s>)r^|aiLVe~*zA>F( zlIc@Kng}xFw4$2MtMys{Y!IVJmyfpUMiaq{zS5!NU^8*JW3wj0z4uX7P^Afe{kLU? z$On639wgeUXp(U!Fx#=H)8*>uo6@ce{&*i9Q?Y5-<{=oGZ#b2O5%3 zV+1HeCwN+RX9j}!12da9x#Ji7_}gMS<2#no(<5lddUoYUB^hg)`#!{|Ffj+-1m-YD zb$bzsfq8yPSeJ>B`MuvYTI{g;$ruJbdz>kyv)=LgHFk=W5JRzgik{TUB|Fb(`)7Mo zBA!$lUv9Jmo@$=(Jdqq0jWw#%Qq8|SQ_Iq>SeHm_Ud**Ay}=BsFp6CpFyZt!AT=X{ zsnuB5-EhE+&|!`cWi$WH2~Q{90g9U2h7_upMZN(N-~O{@S4h^%f*N@xbqQ3+8syKP zAS=vV<)G+`J~>tVuc9xP2@;C2`~;KZ?=?ZBu8A0SR<>f|q}Ly4HxxBr7|b5u{=rRY z(Dpo@_pqQooZp7yC-DSF?}|KSOj0Ins+{4?W@&n{emi1w(NRP>JKyeDLe)}$4(#@& z>V?T+|MCg;=6gsM3KM&GcTLx>h=}**j47GkX?g`M{Y>#RB~K0yk9G8;v+mn#rfuyq z{SqmfSVpNssGG+~HkG3c|* zc%*NVAWoPO9&{a2h#Qgg6rYK&$+mtcm+=IH0Zk&8*@s)3-dln&wun!lZ-QcaQY|b| zzTny%(`=clcg5QC(dQ*%Pm25vRhe16mLyDkszzktwi~<3Y8X}nolyz;k-p}#D=|TG zLxm1=rFv^$?3L^-6a(8iWYG&+Y)l~$L1S^9Q;>QGL0T`a?~aR-jXt)_a6Tc=7s|3~ z#RIDV1R1S7j7Gp}0&UF)zWpaMC03p*KV!Go>vM{0Vt&lQQ7kV4f_*B2DLFT^yjqMX zYj^w&a*i9{S8hM3-LH3A{fb>%tnx8etgN(pOu?6!tK@7^uH=Mr$8tT0XRoinG=3&U zDBDBvQ%y_l3JJ`&>S|3Y{oaonq$`V^?P?75tPPqWC+#!)b#F@aPy5C&;oBN}GT76Z zpzp(tr-DvRQyQ}=Q;l95&hw|*QlYnCg!9b#7yiFyC_D-fR2K=z9u@__%eD|{SLue= z&~82MQQ{i>`sbfGem!jOy^6n7JlwNQ*ULYMp*R5jfbk2s68lP1_5uK;<@q=bm1bjp zU^$RPeZB?m#wm3?`i;!D1u)zvY@)d{ zzq$WopYQQ&X+)yXJRqlR%cXdPBzK=Fzr2L4s1=UkzJ`$CkF(>-9=twt;Z@D9gh!1l zL*?wexQtm~CI}sy^^cK%IF@t!yYPJGfDx4*4sUiEYr3>ba1^Pfn`czodP1!c;sz#& zeisYBMOA)U)wXyAcr`wsJZVSeKFyahW$J-}L3c?9A3V@$^TNe@36k~iK(*fc2fPz# z$(_553@^mvn0Ht$Yc}+SRce~@D#Y=XVjUxF-{-(P07HxRpN|U|WQY*Px1=4ac8ozk z@@2~ldkVA6jWhVfUdEGWm+C&ULGQpGfCf*vd-)l;sF%ZPC~43*Xzc?+?d&h6Hab&$ z{zCKM0%N+K{(ITePr?xpsYtv9jbeK)yT*IUlQQTlhewXb(eCSA)7M?xEu?YtWz zx6i>YtRDJHFUtH1U~WGYz0}FVFsRe-NZ)=j4;yw(H0PS4&oo{}>|PcF)iWlQ{F!}M zC#s!o0Jtz}I6`2)?Fu0s07ceo`aAwAiFbuD9l|1Zls$YtubGBJn-z+6=ma8{646KN zyFYu14^_PJE+o|y8e^xHVLIL4_s@J*&v6d;=CkV(@!OO!K00wx!h$mviMI?>E_Xu1 zHEu>F-t3y&w_oZ_X8qrz^X*bi4Sipha;?`}fa#v3jM6PIjH24jOga-%3<}k zCJPL0Mph`}Oq^)6tUUibrGawUz$v*^ln-rO*yjx1DFfO(%oryJuBbm1E1_Qr&VQ5z zz4X?CLwKE3GQ6K1&u+a1P-iop;H9B6*Lg z`f*V|pRNG(IU;g!_{~So2nCc==7Wze=76f+^@I6Fg`EP);@3miebg)>jYB8uRapQAPpxrn%5oG=+?=TA!706j@Z<~0#j$n^ zd)#k_@wOUOQIba=0z(4dUQ|%wH^)mkp1cA>!IT-(9JZ53aA*Wd!so*8#S3h#p*C?i zK-+CJe>Y7d6sNWlWiD~`8;!z2EscJgtVH{dBJUMu$Kpr_Pk>uYS&+AVaL?!ddwS<% zZ`=*Bt9HGUKtfpZOS=tQSP7j>A^J8heD{5&Bu;0|i>3j7${yzvpDz9fJ<`K-C@D7Y zBDbkZGlamvUT@6`fYr~CVD~(YYg0dFr^aH>V1flyO_5oS+g9r{me!DGX}by`m59*_ zff?a|mXRCWb$X=a%qihE0+%JR8Kp<6eX2(v{2!h2PQKe7#0X2IIXMcsxKF!&8E5|_ ztUL3{S14|kf%cngTWTtL4SoaE(qK5}3*MQLzGKZx*U_)0h0`yFZ~Hph zXC;qD*Popt`VEXyyW7r8x)<&?1Koxifb$cGd5!`30r<|o-wkM&@pMz}j z=a0M^7t{<{UD%dPN%oGXts9=1`J2#mTf%|hXE#Ho&Y#c9b}8?Ea#L<>7x?ugYLyk# z)2!b{Rq`B_rSW{WIv!slCM$*`{MjPUUH;7iC>GxL`y-+8C_#{(^b77nU0<^T!|?t5 zqD<4Ykms@DNC7CQ^_XBJl%FLZUw#H)V2+f%@u!-LH$(BaDEr*&k@%8FVPa7H z)Wt2h?~FYHKTio+WE6`RpnGI8R>Vv&n29qbe1x=;(V91V9lOldyMC}NXiowC-`64H z`wZ5i?21G}T=yc<-~(bg($frZH)DfEd4%*Z45UH_W0aE$7~lZ2gnG$!zjMrdVyaSA zJYPX~$uBzO*HP6>;Z$!b5viu88j>8CaS}bTxkooQ#BzWf-v(L zWVVuF*6w@=V;rZL!PkmZ#}6`|Yoz>)X6MV+Esn2cypuCz_P-XXj|dF-hD?%RuxPq~ z$M(MZ;?QAuU}Dfa9o4u#v1=LcqwFXk^2HP&mRH0JCtC_|^b?(>e^)pV7 zXgfQc49u&Pd-x4!JT@10_~qaU*j(qG}5b z%CdRyqa<{!`nAsY+rfKy_1P)pN>gleA)A)s-dGQo(voX2lrU@>iXn zyi?m^scQR(OUoW4{%0almg^$#>^Vz?$#U$ep#y=W{3D`iKmT>Nd4s#{7J%^zj;gc< z3_l=#YOSu?d6{T;&Ui*_u%1v)@+iKSwXurb-BFv>^V?^KpF>V%yY;SLR&U?k(eK_cTq76&A6=#5Ic|2Zt%{myc$0EmvKNl0H|5bTN_+bg6Rul0V_dK1R6x z6I&gMNVs^d^bkE%$;r>RGLzzUdK)KLxNlcHR=jHwYf-7iAPHZzZZ#5!rH!$wA94NM5>bz) zhxQO2)zr3GK~<@bxe#mK7JpEff8yS6IllRXnqbyi+)R=sL$!ipsvpJD)vCpw9y)M3 zl6dq>k#9*`Tnts$A%Efv6~~)q>kM<6p4b2u#V&Kz^V{IlJ!GX%TMmoo(p)So)2y$_ z^*iI#CBLYDpYBT6DSxbEmS@BE4x&z{up<}SLeXSm);6`S^Z({V$WThfgc@t6C;4r^!Y~r)7YiQuakkBW`!PwkkB1{a!)te z=7I%!+bliFluL?y@{^)&=aSmV@cnzO=3~}Y`gMth@gru#j0;N^-|8lHQkLw`=bp)$ zRDNube2e+O>l*iQ`IMe%mIu}M`skCNN1_oBMryIDSO?_F$*s}ki<$irw>EA4OZLRl zVwpS1{On8$zpf?kUf?c~vh7=xXozoSH${$hKx?73(ea|7o8QpUMcE1; z@&uR8KWNHAmywtkpPep)prscez5YTuWT}8mCCWiAlA|(-WAQ|<@q^+Ydcq_IwIPHW z!+;d4J&k{B5&lyZ2Xs*5&qD@1x-Xzy0SSKybb!uGB)Lh?@;_4m8Y3||(Ow%5e zzkr|6hFtwW`XEJF?e}V6)%t&n?)+Z@J(EvB_Eb#L`rozVL`85CGWl|&?Vl~}zlh-f z*FmL1i$VFLQ14s;@xQ(n5(!>v|9TtxSBdEVKHi^)fdc(}w%roze?6#FC^>j(>BG{D z|ATXo$^y_RpCZcsaS{E`f7rpL_L22Y|DD{e_J2<-(f>WMsQ-Vh*ipx=fqrA90JHzl~d?w|rNsg7uda=*TJG;-&|kt_2-2=h`@JnM zSMo2f{`lrT?q{`BeY#lT;HN%fq1({^9>4F8=vFMA|?k9S)8Y zm-(+(4q}MmVNY7q`(k%y+B8CjTRbr(;$(A$V?#(Q6&_ z=AuUkuWihHscijQ{WmS9flJ@ZCD7whaSr@z7!Jjy9lb@GxRc%fZe9xo=I^*tHpG8- z*|r{XY1Td1uFyaG55f~M#-Q5Q#?t@zcK>uy`oOYKgt|%p*YhkDssJA5+Ij1Z|8S_k zW+e0g*2Iz4kNS5X`hOl4fBXbEa#DtGvbX>ClKtnhOJW1-(t?Hb{{Yrh^aR`)^nRuP zhI##ed}g&uu-4ue8~lf{$p89~fBq9f09N~ljfT?ydKW{a{_lxZtCXsHpR&`59R&Oc zOo14C3D6XA;FgK0K&f;NDs=EF9gW|~7BMJ2Hk1R_{42P5DIu%RznFO^L_TgZQ!d|j z=Q_+eN61=lKZ)>fo`&OVU42h-neNVsca@^;e^yU;J%93VW$gV z{zc$PoSTq$gGM_#HT*{*0AB0>K35NLC9e<4L049(>I>n&uD8wS_EhNNZ?D3WFM1{- zKfrHzfhfiR3TmRELhc;sJIgl;@yI>qR-Bt)-zSB_)g8>`-6*8_6 ztwa#ee@DSlu-Tcwri%mZQyma*xPY$4gfqYTuaf z0Cqc0HHSUqmj2JHcKjveA#YLN>v`}F9f17LgL4Y@QKT3eg-3A9JaFm=Hy!WEQvuxi z5^$2Z2e&QW_*rA`WTeOmHzYd%Sckf5d8c_GfuMo&8)mQkn$N*6^YIL`QuHx?5?8W& zi*iT?qE@cQqCNPKtWcV(aAr7g(i2NTss%6v2Vmpy3Jw=N{iZf>)3Do(57FP(OX)HC zbR%IGc+cq%Bk8|OdLb*=d)PDkxRoPZmk;uqZlpsw23OP2xmx>t!RBE=sq z0Rp0<5xq$9lMOPb2jDBBBYgm?&Qb>;YAJN`j;Z|Y*OQkJFjO>w_gTv@`r`c`Pa%3U zcq&xrc{^x*_#5k&kxCMMwUrC3fMF7TYd67n~y*ZBp za8O>!`@=@qRcs5u!s|D9E_ea6vbG#x|9+`DowoXWH<>!3jo~h20*piG&Lv=5jv;u8 zib;NWQC#B=D>H5brU<03;C_YzUd0y1rJtqvQAv#XUa_8HnGQqC5(=ZD%Db2!ik)ci zpDot@eGr46#UcYpF46?paw(GmU`4cD+x03Za=b=Auq2>>d(TB6BBQ-}V8!Gpv=8_D z#-FbBa6qiIVb9WpB)N;am}tKJ^fc7#F_)&M+U5H@)WTvC=`HlAh|%?STi#-rdJStS z*1}h~uy%GB?$Z3et!+FG4t!0BtUL$gT_U(y2j9TD3d;eQN<@!z&xPv-L#drum}hn? zvcBg(OA)(Pq`%5C+J?st;G3ZGI`+uMqyhNSsg@Zw(frMA7plSr&bwVD^=Cske%uAL zY$M=$!4HXa1j`2#mM3{3vPpQJ8Nin+-elLe0AULgif#kklVq%qNu*?e0zo*0vK^ zM|o8mt>EkaZT!O~ae-3+aemo6bXpw>DwPj20noTY0Zx|I0sX)Z;3GJZ{mI7g@2-vr zM5+U&s4o-lY5g|)QP|Xl?mLge7Ql%|aSEw>0iYqx>1aiGLW?0%hTxZ9bYj)><+|== z0py8L+{+d)hVcq+$zclqoI_`bv-SK@g7_`)FP964+sBv!!V2EqS@0bxZ@V=xxDMOq z2J6f^=6IS>R}Rh~-I%GehC|oQp+B)$zo>c4O6f;e!CzIwn{=>SH8G;r6$2oT91?Er*L~H=`RL&@fG$5ba6tD1jSq0Beq?E#|$>Sk(!?Ae+w|SB=8}W1K=ruHq7pM11Qu4 zaNbLvuD*e6OomdRE?nGuZ`LClG>phZJZ#QqMuL)IK^3HcE2AU?+G{I2;kY79Y``ay(fc3ZL6^$8&+*71~!jKBnNHdQUhNjJx=+|+<+lIX2!AOW*dL&41P)38ma)<&GFMP8=Q#$1J z3_m)A&HNE>w`VQ>2K?z{5Lyg0|7WvG8H2muc{kIXaBenbo7nK=Tg z;9v6^#zuFF{Tb#Ri;mDx|*x{B?#`mj9X`uT<8G z%{1vYe@#4DtMYNj-9{C@fLQGX-vYDRCxqD4^B`yfv*HS);yTfy-~{+i)Oc}H9=Qno z3%qb}y8}dCw*7j)d6;=c{qM+96MB&9&_sK~=*{v#9(((j7;XgkpFNklABM7oC80d- zd(F`PJmG!&66lNaDHFq;Gj-~~1E`D5E^J0D4*05&A^0yvkbZ-^6b<>=B8BQ#24XG~ zd}MI(|M610ivdUN;l~2|%S*}7{-K?jg zc-<=+K4>XTMPsz%Xfw(y1@)mEEZNSTDoFnRn$P*7%btuaZ4HWh(?&OY&- z^21(l5cglfi?vpV?>Dol@{@L48`&8NKYa0sLI&lnq7^HWOL_PP1 zDlJk9LOk?RO2?bL_o*d7M1h)IwU}l&re7}H7(eV)jXVXjl|&Ro2icbeVT|h$@8>w? z_Mn5l4wc8#w{KZXi6#N;imaTWNTnk}CSq@dI}diOF<=@+MZ#Nn-bCw?6QF3=#y+J+ z-vdjAU&jJ!-hmHSX9^=oe7BI%knnDjVwW4ZTT|$czXWpct2(~O_I^pMrQ#H*_+(mR zl*@BX7r$ZXy2DIEvHpI=N|ol%(?;io*2AWJM|(lz=x%A0hJNO2@zH!KVRMvqJe=>z zH?>+l6D_XfjgXqvG*v5>csCrqp8^6C5ARa-^`d+WQj=gCUupuiL~^=aRt?Z2PPO}8 zN%hLu$1B%gfw>*8T|JNUSTorArS)8`5pMytbIFLOeyL`V=%Hx%zU9BG=zpyvNUamw zq~6<_R9S*QsHcaP&JR~I*cG@c(jzFGEs{w5Mq4};BOGcSAVTa-!1t^tCBli1hr=_- zMWjT~q&?*Py#sTYZ3LEXbHr(%Pd(gJ*&yP}yau*86~U{5;h9AbJ#g!<#~UiS$)VSb{;AHlZe;3Bf?4lD>>ulOZe8mUBzNh6;sHr(B!kF729 zPCc;92|Rss@ zju3ghQZ&#L%Q&#dxV>PfkP)ro+`U5!eJwBpi zw~AiGnPl)m?Hv6*R+<6(9)-=e{seB+6BG+ORZ?;bN8lIdDug+_0y1Bk?PTNi9lyTlK+SV8 z@uOZkb6K7sx>237BpFrinajFU7+aHaBBY#J)@3uznakejd zE>>rc;7R3*a}qH5ksN2skqmWznlDo7J4j+2aM-?2=C|0(d2N)}Lrk7kAXCP&nRzhi zsR~j&?R4dlyOz{h)&>>s!acshWrM@3DD#oYsHsfVzhAfb=Mq1v-6<8LpM8yO)gy62 zN!Gw1E98znPASY-OUBX_iop76){jmTpl0J$Ws9QM&@dS8`k8swWF74Y37c)yVP}*jdac-2N47yO+FX%Cv*@!~ zus=?q36TgEpXbfyotc4qI}Gk{R4e7$qVV*Ns?2#7T4G2M($Yed%0n`42pLo`K+YZ) z{n1@Uz@zr#7rVwa4lNrlDZzaUA9voS(F-N%9Wz+3O5x|tT-m5@BNU;LE^-lzDdscJ z3j3n>D>v`KURuI5~;&U_r(j02WRl#q)#=~b>vH-+ z)1LrUc~HB3cC-C^KUFXtdgmOJE+C!*27L)_bULl^5XJpAdrt+v>io92BYcu?s&dMk zu}CCtg%26#gz2&`ke7U=wUPXZ+m9WrP=YhBo8AYAK7 z`y65Owi&9DHy%~4Z;CZ*Lm#Y*^4plh_%tBzs6&V0_Vhs`&_Fkw@5sF%Gf!dYvL+up zgiPHJyZ()vc=sUVBu^SCcBJy_>W;8o?cpE=Imu`T=E4QhmSK^)j@1V%&P~rK6OSO- zNAt&vA|fC?&nW4jDCG@1)v>}pS^QcP3?{Vsx8Kn>QBK{!T|Yz_2QvUkv3alI^blG| z8x*c_?*ENP{~R`i_DvI6IY`i|ER;{YB*W8rz*E5-<+i&rR($%I2)eDL7~Cpqrmpp` z<<&oH%tRaQp!WIM3^gXHEVePXuIysQxw-L!5E&{vbu2^K50uXI+mp-ZSdLZG z3#?NZvAp$G^`>`VYmzs!JE>7#_qkl>VK z?0nCctvCW3%5Gggwnx!P2(ETSU9}hi&|HGIj&!0~_cSEXHRptqOKN|zc$Ew#kW*sA z7(XA+x);{sLZWYpG8t&=!QQ%O#A&PN_F@QZPIn}tTNpBgJPBKYiD1u{$=@wQXA?8Q z!lJl135GdRK6d!e!V!23v;n5=`~k1quio5;aZ^2i3W# zT)s3?J!;S|5=^}&#v~|gXId#IT;wctQNeh!((Q~Ebo_mqH82W1 z8)r=OW6@rDPNx0DV80VFH#ArS1w=BFwE+Cb^WF=_{FYDeT+){;Y}yZ_B(EQ8D+e)t z0dSTIQ?xeja;uGKVBI*?VES07Fw;J=?KzIfw6VZz<1Ku_1}ec8rZbU(?}#|K8ZPNE z`|$i74Ih{SsWg+!NQiT*36>iFLvXf9Mexk!aR2OyrP#2kTN3!8i7G75qop5bn22)S zicgw@C#JvUdG=gzt^Np+$G|Y>Z;`o=tI)vyU(D5%<9hu`thFk|<9%z25ix6%NOcim zEw(o@BNh{cgS0NHA**m>LJs{m9A(U6gdeRXR^BJ3$sy!4ezer#$cT^^@Tqw3`1qY+ z;q(!^GGkRd0;*tm-+3OkYS`Xvd#M$(2ae^o(H=Z2;E(@Y0?V^E4CC;?8T9O1VEl?5 zM()w3a1i%J3ar)hO6JAp(*r15&q5T}GtF`l;;;#3wJhl2VC5IhA(@1PFGDgBn_Ye{ zXj2Ez5WoJK%V^x8ANXK|gRuj3s>R&1YV*gK#s$f=07@Rknu9YE9C~(-O%v~QKmZ7D zvSog}mHt}2P>o>do~Wzv&_$lBW?}(3<{~?69OW8g3tEwYC;of%TzJU(v`9VQY-(*& zG&=C3+aPyO=g8gf>_x@}$r&k=^rRcCG zxF}wFnVvJbA`W{V!8YfBj1tEWQ;U)_E`EsM`73?dy;AL=kh0(uN>$YrQ?)~Sw}2*^ zFs#6SN5e1j`F5doBNQr__`5082%&ynGrx&YMW{kIBwYl$9n*$-d#cf%b1Y9M5;kjq z4Buv7v%d?wL@8|`(acRDMryK^NE^54JvJPum;-LR6|jA{IajF+>F#F0X!)z{n)e!e zp8X3RTc^Rmy%Oslt4wYR)i5Fs4ild|1O|l0|L9${GM0WKrehrTv`n2ugWWW>m=&LPHVg0+|ShdQA-U$aqFQwBEvhBog zLvBteDH^@6^6<-7t!x$JCw6U^VeH-ykb0S!l+Oy;e}wy@F!r-E_htgyvq<4JTM=o3 zo%%FYwJ2+ztX}FtFZ1Vyn#ds*MnxPJG6gbLFX$t7B)6VV5)1ZY7U5GCc|Gq*Y>8wM zo>!PGIjyL%^tYHguItCS0_ZW}AnJEGJvw#w5ZlT2DDw-Bv16$20vFSEHj?{?mESb6 z>F>&@lAwfRi))(COusi>rNe|P3&F5BBJyGJ!Cc?^3zh(eLRwL3TOYJF>o$Gck4fwS=+H%TFF*S- zQ2Dt!zscHa=LTky)dn}VnVAcH$;h@`pBg4a457Ws~CA*na8{EU6QWVf>Moth5kafhWd`^Nby!*1)8 z!@qNjm+AoX%BPrdCyCsf(R4?K3`bxIGVpBa@ z#w4a~KqfvZOV^<-qB6V+u_@`fp+g{2I=m9q0!fdvp*%WH?SO&M(E zA!?|)V(qiH6E(t34|)0ZosGtu6zq1s?Z4uymMi{|x4k>z5`UtZvIc6rHup4EvZ>5P z1HBVW2X2|aHS3bVf!8&07C|Y^VJ6VUyt*WUgZ05#f(+@qg5>I*7Uh}Fli}CTze@1Dtu&Oa z^J1GtV8B;c>h`LTad~ILEx7jp{e7tl*gNf7MHf~;A5| zh*v=3MHB+=gCL?X?wz{#GJ>Bi-l_L?Gw{CSw!jnFfC$8DgFwRmXXcgc=Y&nA$`9q9 zXO?DYJcqJQ0miXVT&RLGQUns-kLf~~%>q(a*o1kyh!WXYlDOgLZ#tC$QABORUze@V&tZs4FlLraV3 zDe?K325hffoK76H&Ygp=UJCyTNVsx?w{lv)!Z@ImfzF4&^B^r`L_g z+1%C40kynx-ogTdx`qgI-nb2!m{<$D$ABS~e zwN^Yb|11b!&K-(UpNZvp49HZgb`H~zEh}@r7cVK_@?7j!Ar4&oM$B7BS<;TD?BkMW zTJ&r&$R>@b@)#bsQD8e(y|-O;YGcPSsa&uw)=v7Jr4q?c&yS@vUX|lGgQkDo-FrKn z3d|I-sDlI&1yCEYIdqmgLHYTUu1V&PI6HEUhmsj}okPTiZ2k^xeA{0Zy!CThhR<)G z$1WTRCOIy?Gi3D7t`e9zIWDxG>f_LkpE8hzOA2QB+q!HzrS~85C76o&V)bO-iSiB~ z{B55OmwmKEcB&QU17q(qmt+U%jXsbGTua1JO(saI zyO^8M?uda5A1w8BBM?j>NgpM5dyMQ={ZanZ?`xcBnsCn$@3w1Mb6@?2%^8D(OBS8k zmd}^Xz8*4l z)SxqV&&0Y;eP{~hTocN^fDKofL}#d`4YG423G#~K@-L*I_-n5DZfRv%N3t(c9t5U0 zo>^(mEU}%>S_Nz-&54?Rn{ZE_bF}O1sOGbf_X^TCKAs!!r3OvIR54#SAz-Gs>^VKT zyIPh~B6yr^tqaF zf*&EGg2jr!-MR=Ct#U8jHy_f^iP8n$fa<<^mE0hmU1rpDMFrkhQL~o}97$pW@~Ovk z+s30FXuUL%4;S6l=*#M+>sXX|tUsM>Kl%5C;BKR|>dcfCW48C)mR7!U?biEmeQriz zmRzj?eVN(>o7M#JAID|Sw|rWyhL*dk)93w{-95x3bfHniK5(Izeiv-Hbbv|N%X)fe zP${3G^@QZ3QGQ=yTCCBL5b1`F<*J42pC;~*oAIfNzua@sIfg_~bNJE2$@jNCFZ3UX zT}w!-$#I%^RzVYax55g~%8Kjc)7x{>4QVU278M}|<^HO!E$$v6IrTAn2;HY* zqQ-`1tIidq$+7s>zSB1bPQRn+e2|9PnYNxoZNdgYJ$^bP=O=lK9}^PNA6f^dIJW1t zL7Uo3^F@2n z8QHg8Y_4=%!WC70rCNIZtS=}<=!m*5yiF-3yQ2_1XO$kUl~%YnF+4SWZ*^o+XUJd- zOCXO{mo|I$OzygL$5D=Z*Q}3)zdL`qlwI>uy#YsH2;*U_uW&oE9T@Fn&*kST!Y`es z30?-F>(iSTJ0qA*vHPS5K1jdz-KBJ?vhTdhPTaTd6<7R7&l4Day+2bRdwfxvjx|uX zlUtjIO)V`mLF@)m;8(`OY|8-p2Y7!GA#z-+FQH$7jwU=xotN}lh|azU>`+ogtxB@8 z!^f(`-yY9w`Y}Ul3?#xBt0UD)*41>)iWKAc8@wJe@Cy3h%`0*#6i6M^W%(dDWL;Qa zB{!m}OO4wV`v-?Fjdp?S)wNbGJNNafXnsE-5_0Z=Vf92}^ zr2PnvO8kz*bbYApPqX6^;`*O^)i-mpP?k_7^wmtGk9e9P}WMr7nMMc(KcJDd$+RZrT^F{pqmZw+g$hnO*Y*j0S zFn4wNg*7o$TGFwu79@TZGVP{pf+gKs{{FNi+ZOy@Q@T*{{EOouY~-Wm>fSU=WC->P5y}I_0HGnt3pV-WLtNWMy$=wq`#xb8-wo;Z- zk3Zl|EEah{VvtzTAdvpc7ag61VVuPINcxjT;X96ZDUqI?{aR!-*>u`=J(ddRD6X?G zYq5!OXhW{(`eJ^`{FQlnhf`V_^)7g$I_z?mP@Za?I-M)n<1ssQ{jpWRaVz zJ|-LAekQOo`LI^<^P7@1K~!7^Aj0k>IxeZBi0Awq3H%5+>z@pP1HazLz>0fk(lO~* zevfLEaD88M9TZgHmUfP`%_Po_dQYr+pI!12XI$-q#+h^2TdgkYt9_)?{9fOJ_TQ^l z7TKEw1wmRt=epTNN7}+PISoOF?0xfD;KooY%q#GgXi*1`XudLqC}BY9@*Qyea3AE& zHyUN%zi;aDW)*DZR`~(kf^)CVW*sLwf5Ul@f~(6=ezI}VjfT6BFYVE&yPof;`>1OV z39^@5-7hl0p&AwYA-k$=x9-y560}lrAN1MnYpbAA-?)S6j%Y&$SIfQ3I!DLSeI!Zv zNvfp|1CzunN~C0%m&M)bGP7FNuGm0_J*9sV|cJ|bOy zv?pwqlRYG;vx5@a{Mh{QX%ym#F5ijUwHGHx|LsxCES}<>TyCaJbw5p8ozjGAW=!AS zU5)r(qjzwq-g+?}oT`d{pZyX}z7r8QZR=&1%+(99gt^Y2OMTemu(6hn=g=@b$(ws% zh30H#^Eaq7coNf)K&UR~XRW0gZ3%i@C}-0MNi9j0`|m3tVzKt&S4Y}o6$H6n zZ2Vm9cOwJ5t9o=^t`XOrgs0(Dcufe`7aHH(sJdKBMf!I5xHhEOx1b|WZTR7`T;|3X z#o%qxqkq#maVfv@tB%-U;VGJ6N+aIf^QptS3Bq(n_uO9$9BS2BBywJFW9U0qs8oxo zm0uVGdY@EP5Hp8c_>MDkmDv4K`9~WUa*BP_ItLC2g4azw->@rd2pu=i*|(ENgD5iy;!)6ghtbgW|wBkp(ig#Z#Q zii-VOR8Y7t;QEDzjl`)IZHOr_EMw+FKwk@)4F`~J$8)K_D7FfVH;wNy!&Lw>!SGuh)K?9dCugE9hVPc zZD9OyP<{nrK@I72{+4|(gE&sxv7I$e&lKB<+EdGB?&wOWr)2KWdu~@25M*X5F`&Vi zo6eZ~D(Q!uKzJAKY=E$F(1lX7ln?4t~&2tG=;9 znfsTu?^eB!Q_kLi^QsE=mPtSF9G(i^(U5uGtsndIx5-e?ZOsrJ&wp=G9+wL;j+}7Z zAAVB53rDsRaNuXpxxz$0s_zoOM?Fl! z1jM&_CcpomhzY1XkJ|4|*g6K=UqIba_$YZlzm3oK?{B$Y;Vzg#Eo&r-zyH{_ta(<@ z@^F*|2s`D#l1o~lPyW}jiV)U>6=Uc=Gj?_B{Mh~;%}GJ_vmmeWuVW?b zREl(CM+e&?|6TVp!UPJTiP)ll9V;-{K_WNSnzXHZ*!GvYw^0>lVV8{4zm65ouKy?1dJM90Rkf3WsZRgMEr5Xc$FatMLOaO2(+Jcbcmhbf&_-o5^ z`_3k&%LRaPCzx@Rd{=vX5r93!Z+ieL;X|5)>Ngd0YoN5`2yV{MYheK<{o`Gv(2Suc z-)2F3#x8RELoO6WT7%r4RFBX(FMNt`HkG4uYHY?uG_0eB~Io}Mi z^Dp)k*fk_P3q$F?F~G@>P{&vT3hv}r1{r0(d@Iu#Vl(=o2Lu;;k-LX6hy8d~i3xQKBTU4@m~C)HU0$%!RA>k8dS&^6}t!MCOh2 z+ecP!P$)t6%<$so+fI9Tfhktz(U6$ne$?T4cWhelDsWyu5Q|X|yELw?EY#NAn;Atg ztbtkNAyR+dRi{Zp0tzhQEO z>b|PFBt4yPKf<=VL{3m7W}(vMj67#E1SLdMZqV~+F7$NeT#vPDgZI3;L}G2a;8z<$ zldEt(hpquJ>R4_cA95*h!3(MM*2% z7bKEbAc-IV_`m_^dWZYC3)+~TPiFUHje%U}3i4hCswJSi7lU@-g?uXrOpC$g&dWx9 zXxIDV!EgsbmKv50ZRJQ&kG+KaQ^Kf7q-fE0r+5++iOKciXAdh0NT1Cp(DyX3L#rV+ z)V{khe<`Oye+H&1A>>%1il)^Z#UTDun4Z34DXj1XIf{e4lN5LGDXVwIY8RwmA1>@; z^ie&x5ac+5BsgKv@Yr$kxdhWOBuO0N0K)b+KMCdops+)d)Q=GiZQr#%v(GO=L*oy1 zFE19eRWcj`d(M#TMbN=gp!VkJ_tFL*Q(2!@0ZrR2c#9xFOX796Zm1cSkmsw{6zEV{ zyuQg~b;$5fUxH+w@dL8|Ous7?1~YE1Xs+e~HApa9wO&ZwOQq)e2hDziLeY-7**OcN zAAv0i2@=p1LlK7*GOuW30B^F$Xli=O_1@+mLHXU$0PSv2z)|gdQr&|oLYC*jkjLx1Jv6{BP07Z0oe@0joQm;6Lc%GK-Er<7J}Xd=J`SzA=~uy^lK?nD z<{_7Q7re!&o_Ydxo?*8K;=`v~*~Z}Pc(12I-zbzg1KmRycR#@A*4g)ds8(o$zjqPo zvXXnQDTeQ0ZNO7&uyPc|Jo{hFIL+2JuppKh_!Olp$o4d0HwHP{W(L;-LPl6c>H`XTm zl~aovqZne1-Z z)J&Q|2j-<5#n}DMH(0IHs^4SUs^TtO;h2rPp6Xo{Z`_9XgjDfF%fb2WQymRneDD{N zuA313vD5is2EalR6*Eiqm2o3M=^L)O(24P@cw_k5{V3}RqU>lsgVbpJdbu2s3=Q!H zIW9n%=*SRR(1*o>O^iSJdl-RgcWl`SH--;ipML_qABi;2Hy>jVu)2bJ_cR00CRuI# z88r6ZY&QEG!uYM(-+cH8->#Up7U%@pPglWv%Ih7dyf(Fr((%pH0zg;#((fsBzy2CRbdppm`W;u)H4cZJ!?yKAjx&1OA(Vh9)u2PeG(^mE)4L_&5FShB_cg*! z>a>^m&z?I~DSm{tY%vxVJncTSukABzkM<#wG^t=LOboG`xr=1xS)5AX z+($LNnO8YYQ&S4!+3rq3m~mhWs-UEvnlUW63i@bwRb817Zr0s~DX%SV-g_PW0dYOJ zB>X#c!X9W>#W7`4vqjRozf)yUEP&0pFTWbMOAZff3 zp&U9tYWU}hir9sd(mgI97!oR>Hq68EZxGeaa~GIP#CQNw8$ zZi`^1mV2z^l+t+5`1XiT(JX0P7iHP71H;6h{l=wF31?2Burjmf)(VS8F-}VE7-+p7 zf`5uMucj=;!yBH^2=qVaPEXe%?WX z(~vunb5@%Hq)sJYK8sO%XtMP{>v5;)fLiW;ca3QE&!3{Q4Li%ko$=bUPEo#_F~U>h2fn^WbQwB=yVt;*>C&Jptw}( zs7p>rD(o4%siH}o+mMLQHV^h{6Mk*Bc(99YFXC=;50w1U%DqP`mEG@t;wKQ&lcUZR z!biAq?j=34nRs`~c>frLR@D~DuPxI&mVWHWe~(Y&oEvUF{lGw31TaJ0K^H8$ zUU!TEWwTV*Y$2pn7<;IFSje~0elOr9i6nPI?aM{#_a%5K$j12u;dwING8c>uVKju=r0H z=QVlQ2RJyo{C+GO0}>j(Whj^GvnF4mdH#XB*o;={R>IeF11xP#-+Un8VrLQr4ek9K z@ps$AM{FR}-&J}|4HQ$wNx2hbW%P8461~e@g-cS4Bk^y8ni9#%{K;_7br?4UBmX~X zFc|jiTkOdL?UFgJYN|}oIeKmGvR(J42+w~%d_(d0?&yjTh%bWs)#NOD+Ej1!g?3@L zE$=~)?Q{=L!6d(^jvqUFga~O;==@Svls4IGHQrk*q;{tLv zfx5IxLc`RTVpG+?Lq4&&lPD#$$PZ04i!LjBpi!m6<~vgfCdXu_yi>qPgT1U}rkYC~ zxf|G4v#ObW7Fmja#MNyTd8W%@63MAM%uWhI_QZnryPS2VYwdliclo5ZBW0pwHC#Wfn_SMm^i95^hLr55Ti)cD*l=&KgXkh2fU8vCgfEnpJg%j8Pc_2lk* zVmy{owi`DVN!$>zPVw%`M;}l-Z5HjSfb4aMRw)&Qe4TdgalKXSTJiw=P;OT3K&CRq zVAMc?BJp&^rtl8A9%Rd)O>n44rmgatJA*E6GYY^WDklvx+vs4Kv!&GdQuUx*xD-rf zvMLm7wBA@wb_*b1%UgXPpPEz+Li80ASPRO7V%Tda4Bvh8GcG^=_#uQwTuEZ3EAej& z$ijfYZe@r<^W-Ajedm<3Lb$XfsO@Gyqw-5irDQOGt1AwQC`JGZ`Du*YFQC6RTdV z##|Qy={icLO3hIW4^|*;S9s=5wo3T11b!-`cCby*oTtWJM$O-WWVQ!aHTsY+U9$S{ zv??k=@38%Vf9hi|5Yq}nI>sU5I>@cCDYI>`dLPh=lrq_nS8MKAg7r_xFL&Gu+%%|2 z$}^LqjHP*chC>dIbo1q|-Oo!KUHT_`$GA*k|Cr$To|Mm%1#U9aJR2OEd~A#YM?Jk; zhL?cO@@($5GiTJx8o%5kpDpAwDU zU4LCV4O2+x3wSK;2QLV0;5a4@Uo`7Rx7|XQ6;rvSI%Jj?J*fngl%oe`^u|?Zb{g;b zYu^_Z?R95o-YX-pqM{hp!vAt`tc%^$c1x|(5x0rt@>A~F&Njdw0{-x^8{iznf#s!ZvXW z=FF>sANZ#(^D3Vh3f-;GXrBcXm)V|7D-Zu<;t3qlb=2{xmKk584H`S;5W zy$UCS4u3q=i|r$+EjL$p0M6p9;up7lf2&pf{rE$HHnJpT54-MpWxKb3d+qLH+^+Up zp$X4_T)_Ub#>K_8j~}bq(n?w_L{80d^>8M*?DtXtoeV;*{ZHq59dc_7v8p}`7s z%lcXU{adpq@F#>3AdP)5zIpxUa*8^rB@dj!+S0h&thk8APA&fWH1Crg`_Gi+uk|ci z4V7>eAMZ#wd?X}ZY|rcbrmeLvCu?*7`RA=%->mJ?(0VyHNX!Q@k7Z8Z`%)&cfX`k# z)MDmZ?*Hqlk4yHt(W^f$Q?sX4;ayIdTK;GmOr|1uRC?)K%y@#|k6`?-N@062#0*(k z?6>VUN0&_6(J;RvgpS*;dA;LthX2aT_rtEad-;FX?jri}>mu%lesehLP|WmsR@qPg zo_&YXZ%@X_58&{usDAz*GbYAmho-cAc}Q4A!tgN71k?jUVLQsXp-92@W?DA=I83DBgT}!iizsUqQFK+C=?B>kU1KF6l(LVn?N$eR}41!N{LhN_fS6suSNg72iQ=} zML^T!zwO?G06rT5XL0QCF}*&ZpHWu=+{(5bbb z6#-J4C@)y9Spm4jyf;by)1?teMEoBDbDM{%xZImo;$~vWoqH+OM=XaV|KW&?AaF9g z!!Y{l&n>zRA0z61lo%n)Q$XbVij7gu@^d)I4>8Xzz?h%5)nfd?(XK1t0V*Z9s#>(2 zM1j83xW#b&$*gMRAxU99^zuv83+ZPK5ZV*({L)|Q;pWr}4i~P#Cw+{9&v)kHb}7XN z_#PswNH3hwPf+ggS36=yS6!9oLo;YwjkXDFjjmMNfUYWw39P)Azj*+j2WNaiZ}b zMnKq!ZC6zU)1j)8AG_Yr5U!`-@?C6=HmWMxIw03-l=XgaqVnM%b0SjrEmc1l5Df)zKW_;!OZjYYcIqj>6et zj*jE<0h)Iiv%|W2>4NnSx`41I&)C);kR^V~Yk&mJ9N6s{9BJ$Zd{*-aEBSGnP)0}>jmIv8 z=zpu`>|od()nJR;Ewr&z+uwm4Dx{c}0$C#(SQ8+_I+-Zu6(VVrb2L^uJ}Kv(p+IUb zm<<%VBAlcOFp+n|FX*K9f>K?p3M&Zd-)$DbY88}_0eV8&b1<1Xc6PLdS-}D8QZ*(n z!I*hdH&o@Hyf@29S%gEG`)vMvzIW+RLbqt2n9=;KpNT8DZB~1#_kBw67(l+97M`I4 zFGB5*>}AuS?B2X2C;PW={_2LD`8SNPyd!bhx+9fG>mP~Rb8>3Ry*OW!0-}40hJ*_( zJw6U=qv{P+rq2Hq78a$$Mjy*z^6bwKXkm_q2VSsjezf;k8FE?bPdF83^{Vc~uGr5d z3$tf7{bL@+B*AK@e~@LjGQWQxL$WZ1LlD!unMzdqJ2eMw2ORt+|M4{53n3koW8WWt z-g&?oVMo6Yi`6+Q*DIa(;uHH`xnHg3 zu5G)Is;OBnyZ3*Rp5IOmy}3gQ6GI3gq7m{JhSIYS*%D5dxDW~+Md^^PB4~rjlb~?O zo!__v(l!T5RC>&oeyw>~Cas^1&K;@*OrdO{D97X$oQJK0>V}eTbTT-TJO)pjl-?sS z6}~1z5u-GzJOy<|qoAw-8&(!D+7NCTM4a~b=Ar+%UDv5V#BNI1^Ji=?99C51w6hpx z^r(`W3@F7TSk-2;`Ib8Q0H*3EleeFxvx)FFanv)zf(ZMIem9DT2Mr(gAW& zsWKCd#f8F+E`0|~GUVgmxDU)F-zxq9;1m^|R1k^3PA)QR3TB)n|A&hehV~%4y9 zH*s8fOof3NFqFn%!Rj0NV=)#Z{G5*qs=Iq+my3iDAFl3K|E) zqu{paR;i#zciv*Js++oLb(2%VI64%iX@%{P8!|vS47SU|v0s=SmLx)IgfPj&&LITT z$X2w!WOJ*7g0<&)L+l_}oKz(C@B6=cxoo&*I*@BymL(P7vmA<|iwvk50lqXl(>pNX z(r&)H{=9bzo#W*ZbY4h$cr zcAOuM@Nv{Q|BS?igcySvrjfhgdqU)dl-CiW^Ut2hIXlmic^$d1UzH_&hfvRFz8XVq zt`}nyTH5mhwP{tM$~6Lm0%<0lllFs`+B97D*AD~}27hIOa!8fa4EI!{yo@h)vT$R4 z7^=RKpg5~-a3&2w?Ei4-!Qf?&@Rw@vdxs z5rl+c=!mvGk9nynFxdPJHe?fCIC$hRrpypZ9g)A2C789k2GE<*dgjFr*bv20-EA3Y z#Pv^4g(;>a1r+e3ebq}nl364pTu{%GKpI5lC%9P6_>2hs328J;!%NGukGd_Dl$6Fcdm_}IEN`PMKLkgA-9L8tQ8 zETOd(aNGuv?gq642|}#Z5ppJ%yU=Q_l&ioS{OrPkYU6fW;jua)-&nFr8DO{}$awb1 zT&VE}{Nb06sl@G;XDddK;BWb;MQc?JWg2RQwPYMbU|NIr+}F z?BWWIZO6vt_G~+{F_$9Bpw2M&K!xa-Y>D3JIPhG~QG2dUA8OBGkHHH?>U*SHRJQn+sJw!>UYMa&`c?bQu10t`gtb$t`)>==VeBvJs(4@0j-aoDFH46C8ufbCH8 z`Mv^JIj;cJ1fn%>34*C&{YvW-!BWe3JTn;9*=SAXyr~PXWmK=~42yF9wa!CnlAF6@ z2b7WowK}BZ5_8T-^Vw-x_kIzpFWNOAnO4nfYEH`I_G@QwqCa8<`|1n_g5sqwKPz-A z?YZXG(uxfaxRTb2-KS(!R-iUb{piR47^1>WiTRF>lPfy?x6;3_m9$ry+_wFa4FPQf z)M~?brlKCi1%l3b#CaY?!%&~*z7mScExPJjYNUkez7~E4K6?@dp#)2Ez6)(Ti4Ybr zIyabH!I)NdC|x_`)U!x0u4R?QguIfIY#^4u!fIg2YHq2;i+CQ1P{w9tdMenBb|_E; zEuC`io|gB4#DFo>tp3XIS@k9Hl(U6kn5ABgGk#ZQl$VxB_4S&`t#>wgo~CZ~hs}?e z+noG;OZ>4Cg%dGavMu86cAG;fOpcpT6=4{Oe|-|GKUz+PjqSd1^NugY!^Gu2dTv%W ze=$$0&}KM)8{-vP_+_}D=o9iZ|Lb#!n0wkzPigG=PcFjVV9#19QAja_9h=Vl1a>H) zwFZ=VhNG+Z<}F1+n>t%~{@eqc?!iwhM1H0CwP$+J)41fYmPy6qqYYfRcptJJr)PVR zn{#R4zCzEb)Pl2j?6aD(0)n*bBF-Bmd?2J z<~K&XDjJbs3|LS%ZVT0KtMM<8|?_}s*WzWMG^r}eevs23LN);S|dVhuxOWiclG zJy#A1ttH%QfBW+1<#owKDAW$iCGb!-SXYKj*!RCJ`}rOw=7zAN^}TN@Vw+=`BTTcN zJm_hox+7kE>(&2SDslU8^kiE~SngteUhcMk1gXPFE|n<~{v7#V&+*r{(a4hG;x?MI z5|Ew$^(=qg@Xv2{8X$!`UuSK;xcycA73VfSa@=9AO5h^8#dZ1^f36?Z3V5x1D4&Y5xDnF){nb?Z(doR%0)QPBOp?F|KC;+KWbAYvzU< zboM4$+{?!Ualolz$f&L$YLk+dw}>2&I7Xv&+qXMVg-P+tBPLELHvP!8Cm2v6Ckjb# zHadZ+A1XQxWX~8-zpyc;*Im$c+0S_yc{(1DMZOrJ7M}F4hk&PFZb!juHsqti*=9-& z9G>SrKm+D%n^6v*0&F4*wG+yRlrWL7sT$Fhco_>8`*eY`ECaNAT_xy1bU!%KX=AZW zs2-43?kmcCBWzb5S^Rx|6Vb?;;v8$_IA!_c(61{fLPkW05;cn`?>cyI)9b}`0eqD{ zn~;2A1c;L>q%9Snfuo;CLJ`V6{X$x=35qNM(gJghDm{=wy+9)HS#ax)1zw>=yFg6T zE9ia2vXGXx^F6AfElFLm>FX>%qYid)^SXQF-CwUg8Abc*aOHc^VMv>ho=ViehTCmB{exGT`AxWI(kSd-J9(1Nki% zC}1?00shV*Y%MF^O-zH`Lx8f>Aa0Q&K|zVDCtmP67XfydP>~;>UjY**w4(_chnN8= zGTo}E7m#@7>)raXayxeLY+Si?{+fJ&YP+t>-*#R=qFhnbIrOE$3az)hbWYSj5E_PB zmb8HN>}3h2cUnr8UFHqo4(c1ri=`O^`dA=nyYgpqd)AoDOMU7!OWm)a>X4F2$zk#n z!jysU5qLrM9WJ48!lmJJ9iYHWD1p}n^Ut`Oj@HolL(*T}{y`X%4UmH4b9>FQFJ+qf z;I(Jf*!RFZm7hJXy>GF5p}@a(hWc-t0K{)WVi0^jD3z1h4C9@4-OlgDlNO5^g=S^X zT^hc1J$)U8gfA3PRN(Ef^zwDLJs=>l%k8=*wRc z+mB>inz#3{B8oH*)Qt(OCv;dWZqCi$E|reB0;x!_7LEDlV3H~KBE*jJG+V6l0v(&U znEO%h*!3{L;gqPu-YfvMx%rx^LbZr0YqXh`ENS%F5$2JJs+Od46IB+?IZ29<{Ng%x zetKQ@3$)t=ml`7w$i{Zp_-;lK5e=9()!K&45u|#A;UK=FckV(B&Vry+Tn|M_fBV@; z>S#dI6B?V51ZE9-U{&jFl-3|&Q%U+Kkv1s))I-ZI`845^ou3^JPParRJnOao*(2)T#=4TrfpWV2N+AD)SGexM0dV5{6oDi z^^UuC`*dez5zDKh+9>^q`|ED#G;4|VY`h$O>0OW>R2POL z6-xuSf7er5c6uLyPCKi7$pGEQD8}-A0@AB5!q7?9r+GYk#*tT7xbo}uR)z6Gd;?V@ zp)KjnpP{Ey5>ec$LS|C-3*H~eniJ=)6D&5stB-UxRCn%s%|o$B8a4K52T9w^Fl(q4ai<3*>wfdj+|x*gd3~V}3U~K~nVn5Uo(hjJ zW_3PyF(;N}uC->WdD;RPE%TllL?+MUi!sM0wBuQ$=PQG{BpxU@+;WL1&o*ZaJO~rH zeULhaA_DlQ4xwpPZo`q9jFWNf&KtzSge^lW{sptq^%*I|YfnsX6P(!Jyy7oXSVQwQRW-S+G{QAFKPAr_Hijz5Y>=95?r1I&28+VmkiEJqfp(%qNM{=VIw zWaj2nF1N*OyZcXxOR7>kP2h!)hL_a-5_9WqKu_6yPBnqF z=|>pN2{*UUx{tU$>+@OiNHiN8ZXa|)j}6yUWXkw{7gqlhJUF&Jv50a^(fBN(4o`y; zm>fKn9M0avPuvc^|BQDb2}W`WdZaJ~^^_GXK24~t@GY0^zT>YdhlzzU?zF9HCv$2R zJn_kp_nkM4c}K82%rLREdJBMke=_hGrLE%vSyXH}lZWKzSMC%K)DAcvnT%8yv7wdc z7uO;Xqnm{;aQ>bmj!gFU({Acfv~xkBd9XvIH|?%bp6i2*lWdlI z4p0PiP^}#kur`}_8!cV|N_l+d8(TH4CD9v3wgpH@8B&6HDgz12ixeUebEta&{biMF zROi=Ea8oY0GpvD0DpMEKi0K6jiF@CYoMue&Y$?CNY}p0^NpYr!NPIdOJf7Cp+DV@Bz8l3!L@7b?=ByO*wmS`b~>l3+?nRxo7bJD|w z_$B6Q+W;z!7le14Gx~J>IKCxCX=38AG-LA}lU^OM+^hDw;u>WGwH1+hLQplLc|1a2aml$m09H`g-+`C*?7WY#>+Ae z%knj?*h7(_=qPW8@}!)W>y0zsJl3d&r*|TPRQ@#Sok$N(anu;G9a?6|Np?}rT{^~V zmN*M1AW3XANWxNIA0WCI*`n9o)>l=-> zNuNfa71^#H5GlR??#}AO$3b4I(kJv4sQFU;o$1^o;je-Fk|h#j>2B#Rg$btJDKzqA z!B-p;*smyQpzfn+BuFLrBw?jI!gGhYq@Mb!A^4TnJg|6(XYVgmepN*%8Wv*9gKZZg zM7bHV7C)Au>?2{!Eu+Hz`H=mT4X4D47;qn<_L5;?e5roQ{)#)faoet*IDH+H{HfNB zpz5@UW6El4qy7eL2WRg*6qU`!)9`C)Qlm4#L_}W7)O%o@lP#F)L90Q1tk#=Y)!?a~ z(w?~)chQ)TT8n`$>;W)aVyyfTcw4*#dP~|_uA`{{%TYqSiuq(suWI3A0QH(EcDwr zg**R9YH7U{l@a|cMPeQ(pN#2dCX^-}ELr|?^~AmnA9?A(ua-868Lk8UtkSGA7p}&X z!1T_~-%L$@KcwPBA)F&SIk=f4IFaFh%=zeDLe@YpHeiHt(4_nZ%Y;@ZP4vi}2T$q4 zX@!psCPHHH?Xh@=clEK+zS73x(5tu4jGy-2wF1Y7-LrUxW(p?fQr|OA=o2F^%?~&F z;Tejt2sFp6cTL*+$1ed7PeMLa#vp(0zA8pe^V#faRsm~{=%cwv;`4S%WjH8+%?{Fz zn#a#(`m0^Z4FX!eU^xOcJ!Z=bu##ie^r6%5-po3R%^D@W8~D`45L03FwzhcovRP_#AbroF`G7|H1_KlioG16zY^ z?7pXouqHGL(}ULJtzktj=c@R_mQ8bJ@u{XQh=`w%m}C z^dMS)vA#q#?{ialykarGxbo;5F_J84ifI+UkT+Ct%;=Q8zZ0U@Z;N~}9rMXVE|)hgu_ z8^8BFRGP2N|NH%tA>4erOqOsnbs@*QG=DFl%@!iTSQMp;urN4RBSuy}a^TGQ;z~|; zGdA<=-DhJR;-k~j6ZR;KJ|He8It=tjf0PbZsLC}>2h{MzkbCwnLAD%Q!G9GZepa2BEX(uW-m0&=@z%wNIPGt%0`qEh zkiJ=L19hXN<_!qa?di~y;3&%(fjhP-Bl(_EYQulpcqA$e$LY$q1;ogp{CW?b+)@YG}c;WPye_(8Vf8mLvp3jLHv-^WBmD487*vhuP z&tZ7{3i6QmzqV~hq>=nHsxt`V5TknV2Q_4Q8zJh$d97S#Lv<8WYLI?>HybHY>M;oI zxxSK%?rUBRTG!E2Wj>i}q}AwYw*LGgK9=26#?9dnZ`#_(iNB>}zv0IMZFgJDpw z70e<=Nc)-gyos+bq-zMze7rV_4Df>oeW}5I;w62|0+wJE+C=BC%IfktC#B3=Vw8~y zXZ?EL%O~~N4a1Mu>H)d2wqF36XNI6k+JfrzyC9W*x4AIQoMrLo{94uM89q&Qv302- z_m%ibGaI_?q*%!2|GKF}-23RM5)A_EIzS3y>ya=e}_Eh`A0RYYxxN zOcO;XZl=JRTuukcYG$j#`T#I6s`TbWOHC6FQ3e)$JIQ8+z>>Ufi>3AXOt*qdG>gEC zH8Q!Ubqz5O8RvZq>Di=>5V!3inm);TBK03Y&47!gX^DbFt7T5OMl48kEVn7K-a z$v#U9Nc^Mhbg@j?XYt{-bnqkXS_Y6aaea1o^UP@2hx zDLnw*QVq@^NILm-QcA6hO0Kn=Oc2^nxg6P#jp#l8nBsX0F3=eFefOyZ_SO9$z!d92 z*Y;v(rpX$GX_a^1@+;H^meO|W{ksW8F76n;FkqZF06Y~CdzPste%8A6*5hcr98oVG z+&I>fS!84qd(5-Q5M!sgcM8$9pH~7HF<=HqN(^4Qn1*fny^C_`T+8I6Nya0Zh1?c&kp6jVa?wi7a#KXjl^ef?|TU)bfq>2^Q&gBHZAwH+u~PqQ5U z$jNz||915>;`qGfqH4xnILEgHMrH0LlcOetsI&rzSvpw zxfy(L-dr=_XECYfXo&*;{eb>30!efx#9XI<3LeyV{4q?BM3PP>)z%7fRvTekY`^IO zvI3$stzvzU*T=cJtY)&>26A;ly16uS&{chHM8ULo6+(V#)^Yn)wUV9W8BFpkMi&x0 zhVB2%*S7=+UGfn4FHl(K)4@*U#Cxa}xV4+004H$d^F&Rxh=ssehsTuDxsvsfF~*#h zJX@|!(^H^+KUb&M&SK)cT-01707pJ02jHkNH`AJGoSJM-XEzZV&Sl~T zoid*RU-4O1=jSG?0O(X7_%`@R22&GBNu2CXW8{9NGcqU@a)4O0i#&KU4haXFkS)>s zVMR^8W`6AQ?X_?8^sKwAwfe>8Z6s%?2w5))u&SCj9-b3D;_%>xh3$>oc}TNMBL57v z_#TEhUBa7(;{EWDj;%#|(1^8oJJ&nY{`am{cr+^OfC!~?=cfrNFrIlkr9D)aQIFa^ zQja~+u*1YhN=?7Zh87EN?2BGqXrk=q;MkxuTZ}pLS3P>m0)@cdlQ~sW&~rv`gTL@= zOLNEc~l=q*_dH_fax2csf-U2r}Win zsnfdfCNbhB5o3}vSK<7ZoIdn^3~wNl>DDYHV_$dJYdsUAoAU8H+JdKFwsRM25^JK3 zjt^dG+0NaFp}fwd;9;j#T9(s8T!*b4{3@s!`nl#i?}?-QAphVmHP}_cH)9Itx_Ad` zmzBGbtt(2)SCcPB&%`tp(64dbQp#ws+e~+h8u3Cbmdj_0ian#8_EiOH2b&MPe*J-C z%Zj*moQR!8^l2a;?JXUEDfOnwR{Bn@7bxnNfvR^#5NAX~cAIER3ZkvgqLMa0lWMZ- z5$rn~V-^h?Wt=PyZSx#|9r+RO;gBQOFFNPH4Qjq+k$S*%=!&C_?b>p+TPDU|UwD@V zSOmMtS*o|m5&!xOT#s-hka)R9%5}N6{KPijOeP7p_I|gd>CapH`|ZOkb#Xwz@Zi1Q zzJ*M)&FwhtJ_KQSGERfa-{QF6F5}!A;kTj&**`|kNt-15f0-%Aa^qxvUai!Ly7)me zU7+(cj7aR4R6cMs=8APR`Oo(;cxD+u=up@fAHI1_*N#tpQr-}!747m4v-y^Irp99L z&tG@aWhNrLCb;k^cu8lrpE+tRQ;~LVvPGwzOLE_qJCDF@<4F9)5Hl`1W##9 zq_6FckJ=zl*9c0<+6bIr>VF&l=T$g~k}OWWcsd-$s@brMtLH_Sy~!#mp-Ok4bo+yT z(XnToTPBI@MMRDv>PX!DLE)250nL1Dv9#QFrJkAMdQ53?y=Es*ul&545pf!-IEtLH zS4(_jx7BU^J@iKw4db^?jR*m_+IcgIAJ{(!(G!l?$V&sW1gSB4G!sXDj#DT-k<-X{ zi~320WAb)qf4&TV+?9b@AVB#eu@c^oDfMtT)pN&}IcDz0&&$9&_p0cO#41QBvZsx> zZqH-{{+a+zWH8&d-qF)=dq2y{u%sx>pNXn4E#9Rg=01J72DIrn$+t|m08W@&4W(VG zTVC5{Mb#nhR&JNqD9g`>x$Pe@9zY*YH?dUsKc9kTd@yE)Twi%5x8dMyxiei_8esv0 z&Mx20*V2iGKKF%kZ5_KUmm0x?2t%eSbI*Q#!FJbZehLUfmKR^0|A+7S^NQ|D!zB(- zDCGY=f!Ok+j>28|F!)_wcZs(9tzSP8Bo7anr|kOMUypR_B>HO@WGxZbit7)uOMktx zWn1}mUrqxgu+(czn$G^8k8@)vEX}U{Poea@gVo%E8ARaM`J2o6%CMBdQ2i`01K}vwH7*os@vA|}V&#wVFm99EC@HVc zHtDD1(cYFP4;jPl^>=0-*KVekbD{c6QN@x;CWoO-HTIqbHX zUv=~_3qn7{9sKchBaYxg0Y+(<^IJ!B=>ELTSQe5Ojzo~-?eBE+lcI(|x_cTG&7rcD z`|UlQ4Qb#ca%4v}tIg74#Cex`h}nY@{Bth;eP%`UFjq}VvZW@I|tBmiyKIiaCSYt$@vUHGx zL=EYIH^yd>4!Kj!0%{ivBO{a#5$!N!bn$k@o!-A@^d>|A7#-H2Jv4cZ)_@W;x~|YeR@BPyg$02 z$zuxN_@z=e{E zdClG)=xKY3M_bHp-z8To9}p(zk%V9uy!TTd+qin-N#b^kd5Rhb=UzBw^C8xGU{1uF zLQPW&+603yF-fE1<4M`E74 z+<ly`H3u9q2HlfK4FuHZ~7TIHQq37OG|P(WY;@PPZ3AL00Pi6%&T$ZfyPO{_EY| zs1-tqjsrxAm0{n?ZrgN>XIAH;KtIZ)zcgc8<&cvhy~eXiL!L3-%{Zy+I*qd~l(kIM zXczpH*F%uxAR5rvgpaIHdNXUft`Lo<0+r&52U1ZSNDiEZDS~lwcXz$A7p`@1AC1f3A$yRS< znUN65R#_5JA{tw=){xVTea~dy31xl0H#zCe=Xsug-v3U2^@;BJ&HcN-`*mHn+w4@x z1|X2mzb&XhtfwJA0+s28?MMAs4U8*522M-5+j28Y11bjs#*BMEj(S{qpNYh2PXZUD zN2>LUn(s7c2Nba?Frrm*hAe)})o*r$tM4aol`76XAt%xgU-L&4ss@lA8zUg+0xDYW zd2@ikIj$(@2h%t1f?33RB}4D2uDMngBZFgXE!QNbLyD} zDwn(zuek(o;sY4V?tF5k0$`SC>>UFgp$4)Qa`Q6_hyXO2ZGhIvUWw8TD@3B^lTiAS zxNT+^)8%t)3QtE6IO)iHgl$-Bi#Qr$b?2}5+w~?U!~;wv)|8{Z+8gJf>*oH~k+pF^ zQp~mAS96NeW{)B9J~A|d3$47jr<2Qj$~IBt`vH6q?KVH%il9RAa8>m#;MNg4LhT); zSo;rZIhfu!XI=1955S9#V=+e1Ikj!Zip+s0m%1ALDCS~il*A?ORGZdrlhZsK-Jr?U zk%`3pqF!fWfxFy+6W?{-Dd$e8Bg+S9S*Zqc;8)FpzGz3`=~9Fe z0ePg*rfAfa?g%A1X1^~<$|)S#_yD{ z73)EqjcMTvL98^ih1?@Za=^RVUxTBx*{Y5-CF!I}<0ha3bPv&vud1mMa0T_F8W>@d z*$-izSwx>#mY8(Zs8+5Cy5c$*oD(2#rD}+CB?zIxT{z%y#!}dd94<(Jq9Pq)Mrahk zPVC*b-{Jnu@!dhud2Y_Is>Ff%g$P1!l2RNo}hbA zGOg4k*;v2#fr5JOr7obu(q?uZu}OAphF3Rw0h22AT!ikJF-QvJkO2l&y6hR}bK3>3 z)yJ*=n17Blha-Y!N(}CQS7_;x)3LUIQdsn>F91}#(IoQr@XcX%{3 zK-LKy$1@ySK@{QT{=g47hC^s5QeDm`6CXX4u?%5LJGN&6g4Vs-?N)s`?;6foF{`QP zZd5NsUiBVVRl<(l`1LDvDcCk1SN3Q~_?lZ?+BJ+O7(9*7Nkhu{{0eOntig(e8h*i+ zQgdvu-vG$eb$XC2GPR7I`;Q4>KM7U}3JOyidv#O~;Texmv)eLKqk8TQxfXC#(d`j@ z*ry0?vNthvTWVOIOhdCafx@8~mq|3@?T@C9Jg!RMkvIITC7B?;N8V7mRQ3m7>^aDH zpyym<_QPwkU)|4cPqws@@S@Xq&e|qIm}h#+&HU*MeSAi3-bBWy(EOR*INP#ag!ll8 zXn@~nhmiZr;2St|ZkUqAil3=XRXp!@nac^eZIqrUz8FQls<~lrx!ADRF2Evvq-$t; zzjU@i(rDztI;lqP)G`N3#zWrguHAp#?*Sew%{&0zh_=6`n_@Af(3ubijc5Qt0n_to8bl zqOxrp5vcg8==xNcoRCL@E1z}RI{75t^&5|)^$Ex&M7_8OI)P0QY~5-VpIVWco+Na* z?bPQ0BlFhWPU!}yAQ<>rjE%}7ne|Fd%Tx$>9oY$v*-e?_jyM3;5*l8N*BB%qbmXa4 z9K$JK+rbCLu0SDuIpc;Br-k`NGQL&SZ{+dEjqGL$KR<_{=6YMx*m8(XU8!?QhgRbd z{ZT<`DfM1%{JhBcMe3-FDAmVUarkM$ZKB;|CB9IpAjuNUc$~0v4 zrx21$657~yqA;~Hbw*G>E#!*hh($;Xls@O&{Ak?q#?j=Y7HSc-2kG=j{V@yZJu6r7 z*+Ei1Z5nYk>8rVeB1~5($vm&@f&N^@nzN(@k0H+{4S1X$0Iy#0ORfaD7d{vZYMVg> zmSBznYQfBtqdp7C^y`CS=2(W!fwWk5XeM86K@eahh(Z^|Vj_VsJ(dUL;y#oj@ZtQ( zWoIZBOi&rhtZM}n?u=}jleyL%NZ~{fLZ}f3;UjKeZ&`rN2+G7Qdg)t7(B1z8zbwB{b96Hm#>6PM25xip()0nO8_*TJBOqo9(3ysL0#=+%4)z08kE@(>@Gu5~_$O*0B~P-R+k4h zqny8sr3nhSyAnKpVrfVHG)$Q#XNmz}=KM@5f3E+c9IgH}()TqQ$`bz^C*(>%c%Vd( zeU~s07d}}FrKt1(5px0IxpQM;|f^c6SgOt=#!BJ-XH)lhMy_UzG+~*ov$2{gSHp6v#sOo00iT^ zf;LFQlk2Jn`+_Mt(q}jJ{aFbox(7gG=BG)R2fTf=P>Wh%t&IS|%m4su&>?CiWEtro z%$;!QoT?_CaSI^WP%)ePW;~~aWtkLU=* zbH-Iy(@mx6jAwJUO+vyde(U=m&;dCmyjB76-+9g(MTO``FgQ{X4p<*9V6&?>DWz20 zEkd#Z4C81}C6VxGoyt?x{sKO|!&lQO8c^KzBEm6%X>Ggeq{{2YIC(fuOIvUE+988l zy`I@%|5}8ruPvlF8($s*98nIs4upW`znKPGkP$|`iU6+coA>3V2Qt+iPEp#YWv0H8Fr>+0ksRy$U}lrmAbQR>>~4n~X8eEXQ(<*G;N z;Bh(!z4T@_6cuhCu`WbehS>9=Y`W4)o%mj@ukr;Vf@v83T}*`*aqto`B8swdH_nH;l-c|Ll5 z`@u$eOl%|n$Zr9Oxy%U1TfFhkItyVyp0r8Vd`Q!dlq&mCj{QpYgQ0{-Sz(#sVP3N~ zR=fE63z09kX4)@e(H2tUW{oyTH{Q)g!7zBVb)M%4@7xC6oDzqbqShkcfvlKuhko;E zAq$%`UrD~<8ar9d6nzr!F%yzhFat=-XGXIkmq*~R+hs$z?c`Q_LedG-#$$=;Q8osX z5nI9i{FIzgqi-o{c6%0^6S*}msZ?O93RJMqsLHe&?O+~)+fkA-Nxmk_!q-wqgqrI? z$jhEpV)+`s)m1!ExLn)9d;RP;((zIy1T7bN63j6MukfbiFRu1VWV2)U2X75kWt_R~ zcb)UUo0{De*7(nZl!qymOaBG?`6Kfb9rQE8^CokLP6kb96MnQ=_?LJXUW}*XS4}R? z??ksCU19pIT}SDlL1gZzlgW=+!;X(=PiQdCc^qPkUuh9C4>(so-nhtx50BZ5L7;;z zawp&(yVR0xd!MXCIgN3KF@%m)hw2Zh+V`K(?Eyv5+TpV+F;$i)MAg5r{j=Qi4S{#@ z|GIaQM}e_DKT|p49j)5$-&^&K%N5hfT1={kQA-7Po7dubTzD`Me|VLJ>qEQ{d{X}T zy7gh%R)Y;PCM9C#oa28>e#E@_$#*ENnAEsuC}nV2+y1XrkPU8Vdl|g2mc19S=YK7) zK5IQDlUOF*;bm2j^M=dXvYY7jWz9ggWrDQA#Z{vlbu;+qUe~31ird+^p5f` zlhM2~vw#(y7D_#yDL3jbPuxsSO<6MFaIKxJjFD#1yuuPv{bx1q|AIA72iAP2Tt7~D zl-kf#W%w<*wZAQoNnlDnSuP{t`36QPr_{=97ED2X^;gP#i?|`N_MsV?69Q#k4N>OT zkQ{#bW-ppR*YC0?)I?Csa{ou|ROJ1nWuK!2yEQ1@JGC%iA_{DDuNy1PrQ-0vu0+v+ zDdPrIN?i94T!}5TtYPli3v;j}JKL?_Tj}49Xz4HZ>M%k0XSt>ASgiX0*}El^T6R$X z>x1H~MbaOrl>9V|O;oDHXXHPV`VodL^1rV@P_$~}K-KYYc7mDP3-{0V-o4Nt+2Z1E z96tPE?Yw#1{$;EZ`ah0JTU2#0wA#|s)+}gMl_GS~n8nx_Qu92Eu@SVTt*JH7w8kJJh#{t$ zt0*Nz5wxfw=2?jR(sS>*_dNgaxzFG8Y#jsD2pWVIkK_SJcJTI5l*S@Bd0) z4Vs(qTA5&bS0iqcI3d6!&RYtc9sF6*`Kzr>-n$vm&yMH^ibW@gCI~WKnr>+tU0%J~ zF+tp^-lf@*OLbHkUz1*ql-&Jt?WYaH5m$S;SunH8!Dkktq7t za;%m2rM$oO8umzBxG3_dZS3`lx$8Sn<`Z6PW6=sSg=mp$-H*EN6sKxkA8dGWfUJ5% za%vlUp&e5ph2We#RY4Z>{7ja?%((Y!jD$l)`x%-|tpm&Ybq2G#`d6N;>q>1_ z27&dL=e%E#^+_p@J6`-AiJh5Lc&-Sf~_)5g|##zGxr8Xl}X3~8s3|P(C zA)pv$o_@;vvlRSro8n`Xk#h29tQ-#;Z=`^vA#VNtXQUBMDEADk${QK;bNsXBSlk!J ztfnm9S)DlkxMfqNHm>BTF6HKz{!3g^&(1%5ca_88xyiGf0#@F6`w#PZ_8<0!rj{mK zMD~vus`VX@K9lFaN!`z@jYFV{6xL$uM$ltyg-p^v|ew}a=ED4T%v3L1e+>F%4 zKXR_d3U%pOM_PZAS351!nRw01db9Q$!JqLuBuh4;K4RWirQ^uXI(e$HuU#!m_RL7% zNT1V}1fr|CJi^r|qVBO_R^71Ig7*zOUPqw!=TSn2XCJKvHb*Rj&B;Pf9i0d|h9r*} zR?CoY_ZYGw@NOn;s+)>h)=GIm180khoR3ds3@J?f-3*9Yzq*rl$4w4rcDq2aPF=gP z{DR2oi5aCIU%j$Cvpgn)KbuWSc)~nk9{gTes*VKz)!R-hm>ewYFNY-E@vQsM5uk#w z^()1e))s4Z?Rl=Smn;^N0Y0+D=c9Pc>W+7oxmgz@N`iS%UQ4be6~jM3`i~Qj3q8-D zUX?zk7Z)cZ8g-Y} z37!k(-KT#>I%HJhQWxL0cFjy%vSMzDa-W+0lr2og&(~f4mVX+TWIxML7I^D!iyQce z$}{GlXXBN1{O+O9y<}tz~LrpgA7)`*Bt=($4n{FVSZH&RTnwkuv^y`xh z%#6GY0Qwap{ZL}O^q=d;jKU1Z{=Cn`z!2`h!2ItvTJ-bpzjyTGcb|WqnX;MwY5@?= zKK7sM&%c{SO4j^AKe4z!dFsW$z%B6mU<5;MtT8YsGk_ne==(7)kysAL2ODVXaj(R! zV{Y8IcH{Fk%Lv4zgG-*8ZqaxZ-V|>i=yu>HQVnx-~6fMddg{T*zIaSbS-(;Lr zd3X-|@Z7b1+5}8#x+i5bWB;pL;$+XE`P};6Y+c6ce&(uIRgc}*f!U>sKJ(=#C$9!G zF#X?u$|p{GF9$n$f|<`KGcf+&e^<|5Rqi^^_z$1ZTgz(%GuVWG^RoEA{eC}--qY)! zp85aZbAG~^x!6d0!LLHmmca85FV7BQGQ)eLCfkeL^YF~VETV=#-hVv#kHffiQeT?e zDCU`6FH`)`%g<9<-2d3@OksI2|8%iIS$PqoT2qTbRrcL~Za1&Y2--2~eP(086dyDz zdb7w-E`bo@b@rdcXAciiI~K{^SzLKpuKJ#`L&9guvxGE|Q|-)ye-uo}26K7aVmUKE z)w6siW~khZQH|Duy^oVr&#d&KQinu4CF9`#I4t=H<-lX%7N({8a$jJg+CB9p3^vB7 zvQLoC1dw`WnQ7HOj!!uo!8F@3JrEihB$v05dnJaX@{1u47E+eI!?)QjVi=Yc^Utq4 zQ)qe>`1(S}g5|!r_ENHA{XDn>IW}GNF)-5FMvmNJH7;`n%hl83|6}-`A)eFj z+|H-^*mlRN9PRz72t%(c5%dmFZgw5$k0TZ+$L`opPl|MFiSzY;UH}m+k^CT~+Uuab zWbR0fF}E9LE&`^|e(XrlEV!E|v-6(^f3h-B`2xR21XuoY(&I{i%_z&!Q6-#9-lByW z_&?TK|9vKD+ny&Y9hNVKLm^{WIBl4!aCAiAjt>$;Gp_f(vS-*dAm-%J4Gq>g;eSLZ+=P+|j@fMGfW5ZVJW7UpBqD`j5|6`&b0mQir zN3z>b3?^PHv+DTaM(^n(MIMlR$hA>jk*M;&hN#5Y&IEjd8Z|n1NrV0_#-l3qfjTl{ z%6d~Vr10iH>SY3}@Z$d6|aeul}QFXyNR;7D*Cju_k(vWlqG>S{IseVxS~%c4crb&>*|Xb!?Pp zg+sE@vRzFU*&ORGJN7sG?4A5+z}K+med~$2BWaQa*N>LJK2(ll*~2Qc=`V6uPFA^) z5*?~XNRmCQZ)|op9Z0Eej-(^YIYgx!ynM8}Z*;|Ea_@_3-P6C>o9tuEjlLZ*V@KKt z%{1M6QyZq|{<5(4j*K9~!b@GFZy|F}8T95H>g?Inx^wd&em^*N5_jFIT}k7DX^|4E zH$4CIEl*z6v0;QifZ`UZJ$YYEr3M=gce-7_y?x|5v}lmh=ad&|R_6_;25fmh(;|LnZkLncqt;B>Idncl;K4aA;DP`!xYO;xWd5?^jZ<{NHr1S1{X^ zRGF@UBv@}+r|Ci=)z-Lk`tB~vDi6$d`5Nva+#!aJir3guK0kh3&U!xR!{-xYPpLoc zD*kk<*-)l-%TOQjWvIpFo07^GGdXRC*UJK{GtPHAbsAs$uf^<-Wa9OT)i+f(YZ#2h zONyapt)WS!m0tH+gXmB0Dmgr;LhS8}@}rYB4uplA{+tusnKi2rXf>$)bnDC>vA@}%L{1G}g!`KyYc&dkYnYC0sZYH&qK zFBl?3X1a5f3p4h!pj{yUP5=HDWA)>iES#l)Va6I)y@Jb)|B&Z4%-0W!{@b$ouW*Bv zy;$i%im`5Rc`BE~*YHs2KQ`;H1&BtS%|9-z&b7q9OT4$++D!WAhH}h@$=OYObqAK6 zUW{KXQ!HPVbNsc&|37hxeM~TaL=QlCOz+*-bv7rri|OJ2?1OrRbfQL{)iK3m**bS* z_(fzM|FemQFky|KIm1w%-t~cr8Z#S;VV`TtS zg$npJH^|8K5`SC1ZUS}94en-$ZJR%t$y2NS!V zqyyyPG=H5N@?dPGN4n2>K0r_IUwu*^O_kQIc!pp0d>uHK;p=J8I2Fn^4y+#kiT9mr za+BjU{BOt$y`MdWtXXz>`+c4_f*a_mt+bz;Cg){ao(@7bUb^F)d`anf&6pFWVSEH@ zb&1N&`!R@(N5b1K-Q%&uU55ln|Hft(?fFlK1LI-CsVLbAVZY0VVmtHSTDMmxCnwwG znSg(kdCsa8?5zRHtpO3f-_5^wpgjECMj&cSEu zQ(R+vq~Y`n&!gZcGro?)Ab^s0QR*bGK1FcE7prKw{4k?@`@f0DQ7n7JitcVUBp_$9 zw_-X%6ONQjs`HSpIVDY71L|~7KuN6omFo2NxYwOg`|G|NT|#ww+KRX($+uCSnC-&O z%|6iT1bv1=)zMJg7e(sUAhR%=wPUr_c#X%m;5W!exblUuYRsiu*00Ab!mo_G)-C_q zA^E}zf={x9*m5N+A@F1LduoPFc72&zAzyTJ9@l30PRLz+d;bAM*bn9^PdnTs`8IB5 zgboH#$*{Wf+6vfb$kFI+BCKiZ-Gq_V0o$#rW&2-!mA0jUOW4BgMjms&KLXwqWCn=h zvoij+(7ay;TZXdU8HK>th-fV=!bhX~BcmF~ssb$uYaFLeodCI0Ahpil%VUR#JdB9_ zL;CbANz~4qgX-tMcEK;?Yr!b9H>vloO>6Q)nUw9h$gZLVRvHpkWn0mN%4o&m`IVi~fOInU7q3C>*Sb}-x33bV z(ggqfk-?XoGk+S@VeZcplIX6>jcczYYqF?Ib}6B8M`*>vwN`Le;H*GNey@$4IWNzFvVbjdaxIOy;LNr83h za4j6<9RoV@tLwI(JwL={ey52tgc+9%T4&oGv5FBen>N|cG+CdRKbGEh$_drK?8`LiY&NQN2JGMY{_serH*!VKtfkfEZ&a(D49IYOBJ36OAb+2+mpa;V@a19HsGlv-JP>`bXw;N? zD!iYeTAAyNef6hDJZAHcqsOnZ)PU$})3s?1oXYh3`6f5b*SIW9c`t^x$02Lkc5)Y` zjSy8x_YYhc$Xf}VJjkqDYhjblij%RDM&`?Sk(Sp{x0UxtoiI;zm!YRGNL{@cn`0*A z1?fH+xmfqXq^a-8E+MpFyaymn3S8xh229+NHOag5v;wWZJ24jNdyF!3!e{d7dS;;4 zw{z7cF5jztwPnjzp<2yg_0|)+zLe|#5>K!)6`(|USW3e=dA6Il*5*BX-sVce*NT9JI-Q2YNLx+-{Cq0CgxT(L8p? zTjt(s9gU>4@!nE>?d`+@s3vZd_tx9e;fK%6wIt)F^srI_F1(dks~ty4eTzF^@2x(3 zq3KiqG|{oPXeE*NQYkOkY->Aj!0oI_l&66zF3e#V3m!@c?1;R$GMIJb9sdCMsbxy@ zwpCb$V@iH$6!zkzbUI(}M?*)+ro(a*?8iID&}0vT40wiT?1mA!mJIXliWTUheko4{ z$8;@yuON-NHJRZox064Yj$&#Z4RnC>eRroLtv{xtt452mjT@4R1Z-+iNLmc^`@9F` zmu%xx*RukfvMqMdF137X`@|@O|d^$IlJ08=Nj+~pQh*= zq~Z>dl?_~BlAUerBpsM*7vDfb{9_@d z3RC-w*LQz5sqWrtz4R`B5W6ep&6BDT%ZMAw`040-iQ?+83ylY))nBs*bZeQJW?)KF zAuEFcuUY0 zN_P((b12C0tdqdcU*nP2&Q$nL9c!YRNNA%Ho>tfjkp7?@?KTOKq=4^ayyyGdG)QD^ zh4r=`(&r%q7)h)^BPEvYGzK>eb!~ac;yREEcC9A)c(L{;#F+;ydRUfED%BlUEvI-_PPb> zNm-$1S@?Z%!-vDwjW*$NS4jXK(|7f!w*Ur=X?%(SHQ#bng)od!Wc(3@Jhzbq{l;U* zj?4BSZavqfE-5~dzPZ}4I{_|(H&J)gfucJB^2<&Iv(VZF|J_c|(anqM@LxSCTEOM_ z8E<+_iXUu(2S{L$XGxRVK^y0H=Rh<$o^<_;E%`xa?%8_ol5ynGX4VRxT&gbU>VLF9 z=XL)1_R{ykC|()S6vAv->uGh{$SSXLajx6-ha27FHc4ig-kV8p0E*kZ-<(Wl7Zo2q zfLUv@*3Tp67mG1k6A@b@g$ftvw~L4Imt1QsAn6@{5S$1DD|M?Y(Q>~ojFpUe4rq`@%DduwA;j8*fxIYT1P*7)A8m1|)8o z?|u=(+`t$GE{UR$4U2rk*w{X+2I4%t#{I|rf~ouoo|fF*yl#m)akuItS~kDzZ%NHG zn9m(xWV%a;nH?UdKL0 z7=N=mAI*uRp#Wo=QNNu{?Lx;TH+LShtxLOftXU8gG!paV*oo8Lly#%kC!q2WW(0U@rwYeP7>%%5fygKr})zhX}eYe-8xvO10X?Ew8 z*y7KIIYTS6>MG(fmVc)&MMBReCo2+1W=kr*s(p<1`Pg)dxD9xGu%u1%C*XlDQhUaq zY#)sw&*X#Ty4mL^`^@}~v@3=&OV25mC5Dzk14$N${gOumN!|b%xBB&tkL_f(mfs=i zjlDuiW`~6oyG)V2&=N^uUVcsDKF`M~gj z)@}xKznz%IZwxWp0`zOAKGipStuCM#&PmWI`_iPfR6o%WC}hjpzt{~EU+A8oKRksw zLVW&QcLCzW6>pt$>3VbkbRg-Dq9N-{f}?I>z!l`-dg(G;Uuvw#>_JF_+wC)bMm_-uC-O9kLu(;N+WzObN$J1#5fL+E17= zSp_G2ClR&eFfrECMdX#{6a4A-wvw6-1z0r5{;`SCN)-EoXXvkz30o5%=CqgKSMC|X z4L@NBo5piT^q}U6U>PgY`*lKbaC~TKKt{Y8tAfas+v+~{ke)eJ(LEOx<~#1uDZnVx z5Mw;x^cWMdldsB;Ah^&?2%rFTXBlg+EZ4L5g8%Rnm58Jo)!g%!G!mm2Qx>$5sr8b3 zom)9C!dTX`b^|zq=0Ai(gl_3NeU(~(&op&XI?3xPJ9Is)(SH8(d@Xw} zH->Unf~ZC7{?BI6`7WF5JI3LDoeh+wZst7vlZRxr$>+OTUtOs`oO%W17?<)Ju=hp2=US1QQT{;bahwmoH&!0yAsD8E%@g+6H zJc=<0ocl<$6M7UhyQe+NWu^_%JeB*syEtXVZw8gS?I_b7nUL^{r@Q-4R5auZKzyZ& z9!Cn$!Uud$Qej^bp~Ngpi>lJ%Fmjc4_tuk?=sOl~aY5gZnOtXzd>~{H?wvSSIswj= ztas*T@UhdMIlb4(MYMXcGdOZ-UH@$^{>-bTEAAjgm}eg~YRJ zEn1ryP0L1Kxp&7w<~(;{pwc!$&#M`H#mGqm;KDhwT9})i8A`H%uwB6E_r#XK`)LPA zTAzsW@(BmaIWfQNIpnCdqE9qaYd}v0vk*Kw6z!Nm>4qH*ycNc$%aHSKoGfNA!cOI~ ze)Cc``#Dsu1qLP&HZaESkbQz^g}#$>!^9Q^LT)c<1}C5yP)r~TcWCEfu6*&5cr!So zfcrb^vs`w@XY>i1@CUOsTQ-Ad4ay!{rHZZ@EZ(dxC*$;x@ScFsg{i3{ zP#k@lV}`P&4^GS7AT~(%Bn_)U&`boby7XM-cT9I!`SJwdSi=EkkOf5S7A{jb;b^D2 ziOc$1&)m=x-c8qClCN)!qTvLl-_h)>kG~Ouu&u>tf&jnGyNw)rfF9$NiWa~vLfBG` z7Y7Tp2VTkeXpl0jti~21KEPqSeSdzk%n7f( zPvq=puakqC!y|~1RoL9&Dr~TmIEL@MqAx-7o;oCBJI{>dPfsdo(q7M=5=DI2qfAf- zF4_=TQ=E^6IxmkNhBU&#=(t@>ObDuFjoY~b*RKaeZiuesbL$Pil2!m!AzImGt?xu+ zz#+y&AMzXRj^TR;E~kA>o?NF zOReSyxa7)>ri}#54BT#)od3*j^x>^VzS2+S6UBsB1NiWsS5&&CmH47!L;7&ZA}^YV zy!)#V+K|M$VU0s=+okdm*JSMA>VZMu*CE|dq8SmhGl%Wy8R9@t^w?&MA#1%GBLh%A zvg)O=g1!Z*1)OasH4mCZytbgKLS3^4_XXlshV2TK#w@|B@9B%xMMRvcihjekU)78~3{LnzehTVB| z5KMmc9TPimxc2#BV_uN!^ILqWP$!gFd}yv3<$j(k*2vW3l?@QT)kH_pa*x-_)fe5en37co z$Ykd6ou}<%=4wOxEM#?Y@4i`GIJm!ZLSY%7TBC~jLw%=)&!g=u*vL^)`|##9APkk4 zDNPAoB0fN)K?mRa1R3WlHxppzt@o^y7q@eQZ7$4%ol_I5D?#jV#~y_E#7Z5nXS|} zdC+>__R_({1MX7eWQ}y`-Q||uCBr7)mA^_1sYcmOn}&)FzgSJv>A~rv7txL)IW%j2 zpAn&0h7_og?Lt+dr1+1Q(vD}dgH!p_*PRNkzF3?Qf@kQ-qC8_8Z;MRnir+d1aRaA5>oIu;8-imK zl(2BrqQB&S?$=Ni6O4CK`uUMl3qbRsC3^GFi<({61Uhv{HXikQ*tumY>HC>EqhKxz z|BBKKUN%}&R*?rjdTLHJ>%!YsNy-jwNNd7%vlX6aINnOM1UcF?ghPiLu7hGKCXm->203z5 z`$bM^6}bjXL|?f1F*}tK87YtwuJU|)^vS_Zt&nj|S<-EcFxCEjVi9#B!6(Cz)Z{#S zZ{>)%>MPre?}86c&E#JyA)g+D7tc?gPK%P*@Aq{%_~AoazSEu2)Lhm=6G{+&dFtPo ze7{6U;wc@q`(}vktSNEQDK2r{h?7(btjOktVAGmO*F4k_c(&?te-H?T%gDODk_0M7 zBgLyquNFc|Fqz%vdHE2_g~ zao*51s38KWeu} zqBVo{wWdtbG|Oi8;yV2K4*WnqVn1rOSAIXrOqw2m31~WVsxRXCgFYB4;XK8CFj!?A zlQDPOTQl_o!hpOwM7>jLVgI5!HoFw+WwU=)&@dC)9EN_7plvqZO4RTRTB?Dr_;^Di z%8f;ZlvkUoQ3rt+){KJhJkRR7RS{TXj-zM{;s|O+z+bnci-UCZ#4K^Fr&omxG2#b~ z2D{M|g|D7{QL(DPyzP!`+a|?ETNvLMnVh-3d$Oi(S7e=^ zHI46Yj@hmY{sm_un4x!+MU*rxb7&`vUnSsE6V!NRHPD;4GmS@Yh+-wu4py6BsE--= z!7$Vaa-g+7^(j7mWf=QL!V-N0egz=ck`gooRR`LOYFdarN+?jyhBo4a+P~=S{)B)- zT0T4o|7F8=tj&>&hwZl0HWI%#7#c zvD$WtRDqFmfqcCw(n8QBdfmXd3^pCRxPSS0KHIHC?DadgxyS(L%VQ9UADi7@^dfS0 z1mSVSgO@?3C$li3(QUA^9_Vk#Xpclti`CQ7vcYu1|h!-i)(M5rzEph!y&c$qp? zp=8BbwjIX@0?Zu}GWl(n4x!KUpMK|MeE>Y*3LYrCJo|jY_+on^t}sv)!N*hA_xN6Z zU*kv&bC9Cds;>j%ml3kyGELnlYOSWKb%HgqdUVyy(6v~?sQS^htU$7yFNuv{6@uttqD4tqYVxD=;5J*Y%sVd7W)Tk1;S-a!8%T{WQhIy*-d7}r zlu_8jFJRWoFDsTEk9$PDxOg0D8Pe_Oy=sWCGI#uN-bbh>zzxeHe*2PVB8x~1ILh4b z13E$F9cPcy(cbjtPSH>be!DoL7<#Hmrlh08c~x&5V6 zm+J2LL<>5+5rCT!b`fI+!Af20j)C<%CYTOu9wI0M@HGUWU$h+I;!R9T+rfX=dfl}oi# zN;Epy5-^$8+6QWE*+79GIITDJMjA{QHF{5*J3!c2(jK-*in;9AgS1BjO1N_H`wN(H z&PykBLnJk&a^EDj@vIDaEW)!^H%EU3u(Kmq;s3Q)UOyQwg05xidDH{2d}}* zr)5F>f@F_}cEeU`pk4ckIKv`wzztbmr8bv}h2y1lvOxzGm>#%f6E<5hY5MZNi{kbL z%Id!B(J6)PeJUre#Cv<`JJpZWc=(u)$Y?WONqaM}p(667uyDUJ8Gv~1q|nieO@N4<8WM%&_w==b5CCJUVhBz9`sAe}97_J{sub7i?|6Qoxe33R`Vfb%OWOf)+Mt+3v%?EHhL#Z!~$`pUQujva* z5fRYF!foXdG(>tlnooKZ1RSK4eQ3Qk>*OYg_-;rR0aySXJY!R|zxMQAzWj9w%`inL z8rXgpgMLvbwYLU`gOp5ad0s~)I_iVm4sWoHH~qPi}`4&iwK>{|u9a&nH(N$!Ua&D5o3okl|G92C&% zfTO{ss#1-#hu2rzj+5x4h*V9!t>g;rUX*gfF1u8H7rZF=AjCqQ*Zctxy1d!8L$plU zmPT_EODlUy;BHlY(`shC3(w&!#K6}~?~VeK!&F$1%-dx2)yfWgppXG&!r&{87l;x3 z34%-hojZk`0?@a;&cNJyf6tAx2I1a__k7?VZ3f0qXH(j4);UMIO zY?rDPByJXgIQmFX$oLUVoUeRaeW0s8EXu8>`)5216jl!2Xgy&-V~GX`b7@p`vBw*z z6qh{;?zp92z5ZCE^RkzQc`yWC@9;$v91Kw@qJyYF%qX7d=%YeNT6e#e=>F-jo;7~t zHM~h*y>NZHBk67hHJqzbalP$)94P8~fuReXh4RciWRa;DdtN3VCY}2`HvpV3ES#XU zTy)YL|F)YuEKkv^HU&gloi`SF@?D%!4L)l~bOfQ`Ikw_7dM$o&wR91WZxd5S&7tre zVo$DU8GHXOKxWYn=f1k3OV$NjS$u!zT}8v_%vTOo%f`MGOVW>SbXEuF5QlQ(DhG0} z6;EY&M;HD0L6PdwzeFD}GDPO3e0YK`uDB8P6vcl|h6Q>T3`^WhC}>zUd)n=m`&@l2 z^t~j|zf18Z^7#3w%IOe)yh|jQy1&r-$gPgN;@?9jwG<3$kX}&Gvy`2c*$MN;7GS_Z zMpcu|N^f-{XJzG9_q;fnjk{?%Gi@`BjC~Amyw+H~fsplW{`s|~^ItHBzOYV)b{4Cc z?(*P}+7nXKTR1yACS@n3(K$eZR%a5W`;q31HqP_w zO%*PW%>gYf3~_=i_F=i)pLjvii3AzU`#3>k{8D-McrG|Dmc{cBzX-=j_72%I&Lx>d zz@xwys>BV+AEC#Es0Z_tO-*{Ty>!DPlybW}3v09uQCDj!Mmqm8Z$R4DggHhUk%{PG zazN(GRWLqZ(DhrJ(U2Ois`jkN8D}uMdvvqWsJriWu?ad6R}zQ@#S9+7&NTWAE)k}$ zX#~U!B-d{5)w5#E&@Q;fVH$8rm5qv2Z{@W&kuE0FE>Ujk#$_(7zP=t^ILeVV+vsaR z&LltmI^a9$v-`ESIx}hMHZdUZyJtbucNerc*drui72~<9aO8Y=HSk|Hst~JOmDS{A z`o@tPQyR#ts%f@;Tdx|*VhgUG3<^}agS#;}!xbdI_URb4*V>E`q`CO*H5gV#;BD9D zP*@ArQ@*w|fnI6g)yAfZq~A2PA$OB}n+`}mW{=VHE!;t@v4u8}hS*XJx3R@W9sX74 z?Nh;cQL+Legj|^GVZb#L1@9w0-|UUEx?)i6Sz7G+*+LzLd##?fmz!QreowUZ-obD+ z68AbQ`O@4)d-PVS1iilH8e0s^a0l^9+eS8}loZ=c(F^LPWs{R1b|>kHMEB&-2eK^5 zTkqCQs53-BbK}F5s!W{us-vPUn2(oSk*-gs%R3^Bc9$ORjq^0^J@Rb^@YJ}6d3GCp zEgyzsw&$<`3~iy2nEDM*!LX5+RspBmCXmuxBUe+luD=J3cY%d6;x)p&=oAY<8qdH@ z&Cdlab4t6leO&cMM$>o7>9a5mjSu+`DN~0(B#~8T(FoD|MUhSx%srTpZCq!sp34kO zJOx$Q8L|4tZR4nT@pKz<#3G!F8Mtj@G~Ka(elb_^Irh8z;D(_S@@`r+6PqL4k51qC zWp+QL7&olOpCu&e)e%Matpib)WJ|ABceHPraKE~^C7@-d%cZj!*C-|0&m)L9JD`}L z7Etn5bL9g=7&JlgzNv>9~UW4e>dryDu2fF1tT7Fc+L@>=b>LzWT04jFpT43 zj=*gZlGZ#sj~6=vK;jy(aTyN{RLZxZEAr1zaYh;y<7_okPYMAS*qWe<;UYkLRHsRt zzIDnE1#f~(%SD2W{=+OKL`(NQz>NVxlYs+l(AwIui-yY3hGjoo5^Jnuy77?EundBZ zH7_60=hTdAjqvVFkm%0Q^xR;8qSB!E6$iFZTACdaknTDdjY0&UQAd~Dei|YO?vIRRz0lrq{oZn=9y)m(0yCDN z^gaThMa_{^cmcP4(|)hpNA#VcFWMwW*>U$)``wmtfMeN54}n(6r*vMdfyz|&D5(xE zw&+^SBHMy3;tVD%b#EB)D7%QEoRULdIu7N%x&NEJcjJJHynWnauU%V(8<($}f@KJX z9z)@hLh~F*$=eqkOTai+JvLKCb8K)qQ$3bDJN3eK4cQ652P#q!;1e!}&!d`B;uRxR zc#`NIN}^;g-78wJSgQ9p`V$@Z*q{EfKWl$Dv|Kgzb<$uL-Vny6L3Gly!Y^)Lj^1@l z81TCKJbhb0Zg{lot3z%c-YcA5Wsq#x^7ZdyQ=}2jnPM!W;At{lsw!t1__k^m5mJeq zCr=+c2tbFO7x*1M4Zm`jsQ2%3G623r=gl1MZ<2PF)mlKT^cIeFDbOoABN0E6` z*5Qm$+^$X3hl{7#Er^me38>$%o_DeshRUrOyBJx6}V~rU1X#bAW^2&DG<`I zXdcsNg|H0=(|p&2lm|Qlj}H8~_I5fwaaOF%;plj)Ig_KuCSkO`0dgKTLaN1OQLm^~BZDf$v-ZjI(~ACWO+RO0b-#m(E|?5?_iJWcWaDwN_-Qs60V@ zqf?U`lOpSKxsxeOm|;J<93T>F*;9$OqU?2|2Q~&?W>#hk0j&K{*3NJG-C$fz(Ibda zN#FBd(kpa>XQr~w8o#Jb$tODIu9D7atZXrba2xyI4PTOK+Ob6*pwq1wmu-=?or) zQbT?q*J}f(Z&D<WvE34yg<}Jz7QgCM{Hhz5D^AJHSX>3ghTNor$BNfl^55M$Vg#aKzzy zCmZx_A|BAt=b&&`UGxFt*G9yFAbMuYbeQ~@@!ae-?18*05M_lH*iQWx!*0=U9>Rq? zGfcG~IEQ<-yV|{|8#7C1G%c4);biWp54mWCWr23bvbbGGF1+5Llh)}+%qN|2BOtNSeL>I))q6g8dN1Jk4SKR|~ z+~FicR9DF^Gk}uz2TGt3^f0o6VBqV6!w$^v8bF5 zLc$~r@}bSfkTY`JTafHW&Akxm7%^dV;#&*RJ7@1>tt{klBZg-d=~<~~)?S;Cqwe#k zHlj5pi51w~M6`UOkLjFn;c%w1+ET#wNI~{)mrzzZ^Jpu1VgC}DsR%5@sqvc|(W19e zHAEfY*cem6z0=DUI8`;`0pwCX`9j3UG=#HZf>17J*k~?>T^VFG9Emw*Xn0+G`-1S* z+ZHV^Q;k$HH*wZOdreRE8k7b(jfXk7u!M=-!hj*tqG>mMaF@ODn1iYa6P!>f$~688S)kjcaz*6lk=<^lv2QH)-{Dr7|(B)GQ@IPwYGm zyzAh%Kx$vwFlAF#o|&qnx0TL-9m)HW92=vkE2GQkj*}XRI9PM5^dzEojPo z>XrAL$@&N`Z=Q@VgU%V@&xxf<$FNCP7usHGHvsQfsuK*uV*TwSVJfcfj-fh48FO?p)s1+6ELKyc$2Wv1z=z?ugB@ zIT<`MW3+g!boj@Ha3W#s<5R)?0l!l0O^*mt7E~3`a ziV4imiPR3;E%{UieT#w@KpRCyin;w#x9i70;YoVvL{=$BV*tF1IE^yALtkp54wvr& z0CbMIzPQr^zQIk+xHx--fy$|N+ccNN%7J0#$6xrXzN*z>>3bKx|EBeJIX&q+unf7` z;Ceeg#P&nqtfMj>4iJ87 zp$?e{^Xn^TM_ypr%yl7Bq%~J9ES?3>@o!1LRkdOmmP)VGA(x>DzV7>3((OTe1gE=b zc*R8E(Aa%a`e3XQkDBJ!L?2hxC8CpB*3E<)2yUlP70}Q|LwD2ZzwJGW66((bUaf!* zm3w?Xw5cg|MU2`Z7Y7R9CZl`mSVIvp!}__ubK=ON9|DSb1PTF;v7pz)ZB z6Pn81;CsH-Y`wt`XEP+aX}-;w%Sps`vA*?~e-0lcCJ8IL=^u4migCCE^L9SBCCq(> zy?cmRIKWkS9(DCqCP(f7Q#sMe=xFi&T}MKp^>ZU!Dm}%i@&-C)Jy^|PHCznh>aSQI z-#XHbx&cz8aVqPo1L3p7chLc6pKk+|p>$ozFG|c{B{Lqs(aIS`2NIm9*D+5EB$(>T;6rCtI%^1f4Hb42lLM~Y8h;-H`Vlj6 z{r0c&iLt}sSVJVhRz_TFlosQ-Jz+y6Zp=?BP43WM?UIJ$I&zPay=JA2CFLKmE=>OForzW_?N#^1|4L`F%AVO2bmQZ-BV$j z<(Yb~XJgZbAO_8b0^2@1PRnHgS3gx&4cd|&NL`SdH3kJQ3QfO~a8k!mJCni2CeeZM z4paPh)4{{?3{8pOt}nzBKrh@bL0ttt$NZUt`eS?}#{7hj~aG*h*erIQXY4pBEv zMDL>N2$FM?hreWV9u$Z_EzjM*`nNr|%0mG9OETh_{@U^zGJLLo?Jloqr}nJIPW}(E zL`m36R;D-Li+q*q#2e@TZmz3LXJGu282F_2kH1`THlE25a50(-)pfEW|96Nl>zbF5 z)8#|oNadXNw~f;BSb9&b!zr)-tQ=)-#^&l6%jOuFM`rdse6RO?fA8*!{`ou} z-+z9;&p-F$+#Toje!XAg8qe#xo>zY6yJx$7g{CjrfJ-*2^W~j67{XFeh4Npym|!Y; zxxs#-N8ms6P{CE~0IC%=_xZGK7gxa~k4*)oVlE^$wi{=Dxn}bD#mQ>(`f+?28P}Or zs4a@HX@C^oDX_(wU;7OW%fJ70t%FmoH=&L37P;Ih!#EWC+sxJ&L&cnYV@)R1fn$#^ zrD&%fQhu_pMCP4YL9oVslcm3x<3a+w&oxKw_tgK+qzO&mxz&E>uKQdZO>si4Fq;sUnSw5`R~X-WagvE-CAoyo?n6>C3s6MSVM-728UNq~%6`BU)Sd=2zE~I32!} z(~dFZ>vfd5Pjt|%`rXBnl?tvNU#ErBNFhsrIFI?@Rh!ug>H=yFhc8o*S*;U+{Swll zVUPDoxl*p-tbOP$_gj(gD%slR&7SE4rm+o_aucFm%pn09#8{80)VVKqEG51c>F&tE zYZ@cWj5b=h{&WqAY2IcxTWnM0H=l}!+R{%%#hZ(%1uarS^}Xg*^hnW+Ul^aE0uRMV zq3!&uXJ$tW=>#ma=lBg;nR7t#UR0B5E}5C#T~!d&?-ZioFXEXa5{=u%pHk1vaXa!- z1B!oQ1S)y3^SFF<$F+PD!=>?s-Xcn+yS1Xk42sDP9s3zBl~%LfT6uDc(MWI6E2>`o z@2hg{=m~V!Q(sc6EB_Wt9#@Js#46cBnVrpCM`>FUrp@|T_S=G)#dso?-FJx3L6vgV zJ=1~F&4Q_~CdCuQXKv&@90+?tBe=>yeC~iguY{za^%18B!Z*!wf;GmU(fwV{sn1M6 z=)Zr_Oory)3$e@f+L5sWUB;aL&v>Nv#joApOM!hn^9WA=3Z1t=yh(2bMrzG>z@^x+ z=gZ!y35M`Z?dDL6O%<g1Qb{bjMj9;%GUh*i{>xh4pnO_EsI@Lj_MIY=4gD=5ik~F5 zBbIn5Ce# zy8_n59C$~}0lz3N;mVy^N+Q%s2d%mHZUqDBMKb(^%TQF=$vG-nr7N3W1&ZhexeZS= zacZs_t59b+Za%>eZEhw_jI?qXhU`pG6HQ4ZQPHiyugAo{5Y*}K{00s%tFV$2>7doaM<+59+CE>7(W$9UJNgGN| zOaC`V=f|A>S+>%>Kq*k4jR))Acq`RECL+~g)2`dLH=z0ei8~fbVKgQlBs0qg`cO+M z1eVA-C3-j)Pq8U5RQ+-ke;oW1oL{TD**!o~X-Q7aZ#^t7F`l?TadXNy#;hdUD?3_l z57{M5bkkB7aoLru{)RMR%o?uCTxD&w%xbIf`>~(NN`Bgu7n}#ZdRc68`?Iq$MQeky zr)F}F>qjv`A^OyTAo1P)_jM^p_p;&@{0E+FIIvb7xP}qP&YbuQyXmB&_is%3w~d*C z9eD%?wp&E)_QYmX+X=&oo3)Ibe!F5wvt8cstYF~~1ym9GP`x8>RAdnCTFq|E&XP-? zH^$C&HTz&M{(ZXL=Ea)bwDah)Pt4#`1nZp~8dvczkb z%fAyksXO1Idl? zH|iwEc2C&}3D&B1eBnTv=4#n|=O1VkYKS$>g`A_>jfJu^9i1j_mMB>F1PYF(dSLT_ z9qDQE#8pv!nrR?9O1L7CsF0j)RLw(vrCUJoy%p2e@oX-E?*pQn=FXx&?A%|^60%EK zt9j)^*~XG1ZTZHA56scdQ6uxU*;ciB*nxC?7oNH#V@mzYRh>L_N7%~y^>kL&GpF}5 zN%mfS#QCSK=Xyb<1hGdcs;gH|h^s1h$`} zZ**q4gK}a%XUa2M+8mXP&8BZmXQzpld+qeKsl6PZuawJ0F3ajG-`<{;*&0dv!BY7r zt^BiiTqoMd4KGP)E=%bhFds>CbeaUMOiFJZc_GFWFZ<=A3 zGOqsgs2{Qwc_@k2;{ofy0xl96Dz-CI!Ao)UwX*yEq`&4#j(Y8-@;XxKGXfcOG|wwU zbtkejg@1Bge-`4=miv^RHwEU~JEK}jeBl@6b!oIiKIRPc_b^ z|7q(ff#i&XLqXpr37>X!y2JVll|Snz(P|A}HJ3kaPag5cu{R}=vCXI{ba!>P>7hHx z>&_2!(ineUr~i%s=K2XLA-Ot)RV+m^h?AH`jtu4;FMihYb5!{i^2a^UqI@!sh#x)d@0K&tzL_+D;w&gG$w> zClIB2Z?%4R^878QzVE@=ZwYE-&#e-7Rp1?WJ}xe3L$V*7P9kdE&qfqV|HN^4P=CLx zrg>Rr=No4n5OUPeQ60rnEU!}Er~lI;q0>swGbkAdO-=I>Gh3x|-W!r$d-8;O$v5o} zK1MRz!OA@?nolc;c=j@TQNGc-uOl&nyR`G6x)6uB1K>3zD!&|cV1CcH6f5=Jw>FVhz-28ATNKEmz`Xw7j{ow>b%|sp?KAjGDB^E) zB_EaoKmNgIZE_%Nd%8cH4NX&EW~4FyQdVo{lfle%(2KZoDS-8Q6_zr(PWHU*FVFjL zeO+b2N0!`YPWRtG{rt(`tjxh^Bh$Nep=~eR{vcVHh(PU3S4^{8yCGh(auU0b6@{zq z{AeD_-PmE1CElpj=M&8_k|qVpiha&ojy4cr$?wY0D@fC-%7^5ySY^{Ec00%(`9m_d zWXu^=5@eivIS*s?sxsM+M=$VNyD!QoD&+C^JG2x*Syy$Gi^l=R$c@E`j#S=*at^+L zj-}WGa%4H;Z$~)Fb8)2x=pwwVX$@gN4_pAiYi^+k=9BoI+suAisW7bm5TEg%TG+pGMIw2aD5Trp0-*m(1>c zyv_1x>Ri_QGdr34a-2=ycKefFKoWANfkEbGXmsq$h6te!HH&Jd>F?zSY!C_o%*7@C z*QEe>4guWd%*3bRj9-L1x9`Z=+|_wpfq>;`F0fHudLWPeD@P(=`-Zr>9~oO9s418! z#v+72d3$xIvO26uuK~%6oe4mqw+LmSXeqO$(^D`Taxq8e(wmPHnwH?Lt7*UW6%}AD z8&Q&@r+05(85guIVT2$$p31!4LduBN=)>h^Z~Nq|_8Jxw1P`sEw|Pjaov?1&7>Tm1 zYF0=RGV4eo_Ino>A^X93q$WV>a+-x~Ob3TmJ;czs;_nunEn<<6V!x;iGEVzu;G3ET zzme`3Qh72Bly41p$53YFaYKLB&>dVlv>1s$HG$z%R>joA&RgsK5#CJi+hILzwJ$Jt zCadu0tWOtE7kzMh3=x?qdq8}{^B=SAXAr*hjiMNeodp91&fTuGgaS#Xg0oWLV+bRM z_FMo|tzQUX!CdCOU6%m_8+mHhT}*sv`D!alvxo~1UfBc0+57l_$k+vnIJY-djLr@` z?W3NQY_Hm5j=#OL*tQZ*>hR!sB>=HPZ3W#oJMNrUIzm~r*shWS*sw{2Rr^i1@&_IE zgU`-|_xLXXQv7Zjl1r?(3cp`zo|C_cPdlox_a7y7=zs(ALb=m#O zYHPOHN6Qy=aVdkjk(gY-WAXm98@l>9sYz4M6@vw_j?M=cw`> znK2+@3%h&1TAEaDT-vqdw9loo#cwU=Y?MBhD5~2sbupa3=W^F^6QY`ehQ#r^fon}d z*GIkBArA}01D3dMiI@)guhJhYf&WO5`n`M?etlV*P@6P&yxU23Lb$hOKY!1Q9@8Xs zr%j7?#z$WXY=8k_q)nU?IOL=@A+?lcInCFxZgIL-C{>AAs$SObI7>-CtE>*QQapYy zqr(R*)Vli3%SYpV251Mr1Q`?LYYQhp9S#QpSWl4e$73!knM4(B18d zldNRL(i!5kP2g=Ab@L;gHU@SQ6UY{^5OXKL=_yB6giyX@tdWh=;8xg)qSx=)+#^3dTHQy(i$X^8H;_9A-e-Om_K#^sp6?JcR8ubNosVXFHBBW$~U*9nt$XZ%Z>0=E}2uyK$^^EvjfZ|ZxG(xfB zrAqVOaAjq72!D4cv-`M2bP|>Se))M)wxJyVmSDdr`V46;C5$0Iaf^@O_>m4;&MeQ5bPyV^zDa#O5~`>e6X ze$fe{OQY~1DAT_OwyO92owpVp@?J>(T(^f+m+krGl8iJ=aZu+PEZb9O-wck zga!!VMst?3kd8TsxU-j)vq)OAv)t+;hLhi`%!{l~`jJgnPbVa%NVr8A?2A_jG~l*J zxGMA_fC4QqFwx);#w2LWpk1Sp*s4GgzZkBX|L{SxUK~(;Z${IL%u9)QXzq$SKq-aw- zl`#-*-6Zrk=uS9smmM8nCKrp5#>noHvgLc}`zn88EgsV$&nE7TJ$AOYYQTe$VOnZh zTI+HGTlTB`5XDg4hVT%gK{+2?seX{t7Eqw*_hd8DVeY2!*^gbByJ9f(?gV#lJH4yA z?0TDtSb#D*Ng+WOuVW8;Z=viKK2J59lO1Dup*_Sq%9EMAqV~p%c>cmo>EO&pc&nRw z@u3~P5Ex79Y>mlRGbF#7byWVI;?NmP^QDl0vxcq-78eZdjA9=W%W|N<32F4SjiplIdzzOKL z`;f_s(pq#1-Z}6JBcD*4{fh9)#afH>p>pSqQh&my<7=wyt4DH<*6LMloJbJO)#po{ z*jqB0pWVvdJzkbf^G53RO4eHWGWM#Y0$r!=S`1CzO6O8*3t2`L?xgBrQ5lgJB1B27R4$__~N- z`dO>uY{qE0QVGANl?*Y%NpU>Ow-sRFQjsY)+cV}y{*l5;Bjs8`l@*_>&sn28UMMD5 zzWtgeDww5((`3tk za4yd8#a{Am%k{8pEs;Y}M$4U$6(bzWOHxQ34^3^4?SP_)^)l*WnFNxbBOd=kB=o16 zvcyulcTvlKsE?vlQ448t(|XV*pQAN#Hc26Hd`}AZK`(qvfPBLyMniGvHtUC&chBrD ze0xrOt~Oq;z0j%Dsy#_Lk0uL0ALYEc+7s*MH?rp#zALr-YpjMs9tW>{yj`oP%{-IB z!XtXKQi5rqaH|K(fTagU#~vRRH$V2X)%%aF{N4+>-4co!iYhsV#Ie9O`AU^qS))HH zx)Ok!+ZVge7R*4H+f%8bXCn+&h#Tkds>Nj0yj!Cmq5i-r%j@Bl`!cyX zidwKmnA(X1%19uB}K?Y>WR3SyQjU<3`w#qp~*mmzItFAk#uz^EDrH_+`QmYsia_>7ga z0zLlS*D9)I*5 zVnHivQ+pZ2Zj};Q)#i8FcocU+DfsC7bYX)K>R4{AN+jih<=eEeS^$S{HsvsA=C=t{ z;hE`%R%*oGDTF4^$D!XvX@j-1erAYvt@jOH7^B$KF*B}~R1p)wc8=yjp``OgEBcN! z@Ho!+eu03#VcgXqgVpygX_)<(X1xB^vvZMSK+qEn8FU__R?ph=Lc5BTmYvu%Y7N@@ zxiVVq`imX?s!grCbb<;^#;qeUFP!H5qHbYIx_3em5h*SJiS`PKvKJeof%~g%L>{=m zIL0zfB(q%Z%ASu8@guxTC3iRIo@l51c(L~DcB65Fq-vv9d=4i0te0AWLWjJhtT#dY zy$%|+~pns%;5EBZuu1DEc5lVKakj+OOvO8|F8b*`|r z?rVZaK1wfS_93O3{LQ0B(yby6reH-lgdC|&PyTiDV>}S&J}KZep16GH zo}}~Qt*rbMLbWwE{%W(g-WOSyGgY0e$T~FgZn|QaP~X~a7lps0_91LuOT3Vkvl*b8 zBRemVQlGbj{I(|^8|+mVX!wZ>{wM6x)e}j_xpjkJ`!A8$L6bT})~5o7{t#JzujInb z%y#yjiw{-Pqu0kpWuHB}FSz#Q>)Q6wz%wLbuAM(+vzt`Eof-dfC!`@%+J&>PemVHg z&Ugjp8ie9&h5dU-cJMrR5!RnWyQHr&@EZKXyZCG9!v$SS0vJVz$1B<$W3|z%L?kj7 z`?aolZ+DkL=A=<7#0I425 z0%;WvzBGJ028E(^U}o8MV%6UNnUp_$0<4FKIc$deZRL(L%Y2R`P1!Q%9ojAi;TXV* z@6wrvb}Kt*Hker;^nvN(Il#ofV_pV&9!vwH;;QGzcfe)f?C`+MR7PJ9U)yP~59*7+ zlKy{kvzv;jY|{0=yulom4B2s0PBdvEIZSDL{jobA#ttL=Co(b12I z^e=Z^{;o>3)0rY53O|jm&iLt~|NK|~&pP=0&wKy;?=Sz~^;P=+%i4}nTrMu18>#JG z_}0=3mQv4Pg_ob`$QU-qbdKL)#f%@)5IX=e+Bnj+1A+rW$~7I7q0^0Q?drpS!_SaX z*xeelo7Yudz}Q;}@YYFbA>>^F$oijt=YW-BBHpXd_~M^nzhKyA1$| zc{;U$Bk{LGFH|p%eL39)$yucQkbn&3kN`aEhBE~~pT)fsP?1I+_+ z0IALgH{x9q)_!HcqZi1Jdm_<6TDiI#h?i_M%4ks5_@$)dC20HI+K@lG#@@lCk-uV4@fgUgBAT8l~E1 z*?=zsf*Q^{*qR_-uDD9kN6Xb#XMWWt3CK<^jjcH*{K#xH&>zN0RLL@s$GptLA31wV z|LHEBlq)|Kar~shWOQ7mXro(${l?qr4Fw)l8l3D(R7}<8o!m6G&6J~Il~fC^rSY@) z^z_ip4!sg~XSE}9FLqWb{|xlkr3yD6yC#6$H|l(gYGgxz+`)O&@&fG&kb?2x&Yj+2 z&7j-T*`};E6XsexyGF5aNV1S*pT(U19|oisp!e>3SVQFxfT~T! zSqFg;|GTOHZqG9uCT4J6Ow<^eBIB2ft%(%2wRrTN6&uQ@dbtUZl}>Yd@ZgPP@7(`yr~aZbIJ2baRNZtmU=Fxw|a8zLqi(gz4QZLHJ{*~JFbI_;qS zT`Q@^{0V9xT5!}+uI%eOo-OC4>D{+d()$=!Oz)DsX7c~kbW%1(;`+Or)bXA-?i?KH zzLRS=MZNfjnU$H;?NM@2;zq!!vVgvKr#&COY7+Bk5<8)@wJ!9iy{rBfPeGlwjkUk$AXj|oT3A$j^3V5ah0hts=Skz zoI}#K0isEtpq&LhjrCH@@OWRIzRVtfdrns5_E^+XqRv{TML?k~C*s?m5(fHUS}kDiU@j}3 z3nssi(J}P-M$ptJO*uFtDYqPf$rs*QWOE@-v;q)N%v4h-mb37C*&Ez&Ft?T_K*gSvimGWO%$83Udk_&K z-lq{Mee%CK|KG_Uvm+#|VQmERJT7nWAu6zdiL%<`isHElM!;=73?UAUwmlhphau-7 zVY*g^`|&4oQp-yZ165HDz|ZQ#+i>Zv(gtp}ijm8$DBX3EBd?0V{u7jyVR}^Z9G@`- zGP`}8gl;q0hue;ZRLnxW#*}-butzj?c`_@cJio!mB8m6t9~I`+VtX^`U^^3H1j@Yh$M6(18AYN(QT(q2v%tt{YB z(4$zacPxZJZ{}6iXwx(hD#acPjF{JIzngwtHxLn`Lg7imNJ*rZIF<6d;0Yd&biEhx zKc9ntrbW)-noZ7}QPtlfE!yjUF2uM)#p2jfdM&3)mR<6cvaNdJ1Kh#M@Vh)X_i&AB zL4j25Vg|>BFK_G^uu-oD^!NBXe!CpHm{FH#qwSv7rFFsML&tHuzNiT+^54&$OX=5x z2W2j<2rMu~*8v$TFfX{PUvA(FVWKXHSK#rl3#gpQ9rDra`pqa9%f8^#8|{k zsjdo%eGbpC0E!y6(ReyhCx;#gI+{aFba}nG7M)2hi0f#A?AH85?e{_@Lp7@`1qbF_ z|Gh6iw(s5z66E4ovLKuh;xdX;ETc^m2J`f~(Lt!S8Ua>&#;}tr*{EZZoNktVwzvw= z%bHMu&N=Fs)Ml6_+7XrbNRI|GeAGPjid4UzOU2R8Ji1>0dfJLF_VBjFLf4WO785Q|XEZbb-YSp+ryDhH7FGCtE3NT4Iq4=n{)EiQ*#3ov5C(j~>H z9%c5hR%9D-c+s|0Z;BnR_VW@qO7A;vn8aN&-n(AgRtyE;B~+-p1vV?c9dFo@ri+Be zv@*IfIZz=dKXvm`>W7r>Vmj6c<2KT*J>{wKs)gt5Wg9~I64zf@h}0mA?Ir-JO&e#4 zYykV#v+%0)bnTfcNzS}?ofqIfX-d`B;B|bP!FEtE;S@2=8wq@(92yBxi`hXhuBG>W zDBc;sWi%;g7=#>lkQqFL#sYhFRu>eMbpkX+Dgj;;SGPb2@%_?k9H1#fodA7Ca&aIT zXYPqPsGl!8kMv|o?se=ghNeYF?`ycbB8AW9MPOB6hI{;1i$Qi@U-~Otkp>DZ!eRX@ zg#Cspz1i$;>o(S9*6w;(FqIuP@tsmZ>2+sdqBV{Xg;0|}KQ_D8$caUILwV(K&kG{m za;PltjGmuGWIWOrVKzh8 z9#N%Bi)W#kte*%V`+OlGDR!9sW!kBBQSQc=td`%!5*6vht&*`$C2O9Tp=90E*&{^t6Qg*jN1zpGi z)Pf9X2o7=S`oad)56rkaxoww^$UPQa#a%_$5|X2^bRx-N1~1^TTXBy8P4vj}93H?= z4u2jagREEOUeF67^z%WE8B2Ah@_f~U=WyY4b>;bqy<$s&b@#Yu%mFL&o~-EXc-1Im z&p#?N3*cL8TP3J_+LqYcUI7Z2cwM{^zrD8ZOf~sM%R>>@QZDp$tjhs3@!PsZ$DsxA z{V;FE;fv+&`zK~2m8FV#MA=03$cjXRuyaMp9*@qUm3j2*1}X(^twQjE&0VAfVBnXj z>;iuYXw-6*I3$5Wer%mJJ?CUl#Fg1}r2^I3t(`1$<S7zqipJ*rl&C!&*%Nbv16=5ekQ(ME;wRQtATg@f>m4m?!>{_1^xoU9Od6B+Rs?3F12~_Wy3+A2;yycv4540kn=CyXzRR z(_z$?c8w+Szq#67*Tp^5*3o^pO${8*uTg~M9tV8IuXBBR{M&B4KiTB(Vu5JQy^N0R z>h@N;-YwnG%h`45kdkrRK5o1FCw10^&21!p*?q@D`V#06>hpR_lY@d6yB{yG(H6h>?P_Sf4K%}A&)JH0nl?AL+*c^CcXa9Oy0FxwRx49W-x+bLS$uisu9 zxsR@uAZ%!d-c#;$2-i-Yh@Sl42ks;*{&z|LXNRWrY2}3$yX1|jfq~fwGU{ivGskH% z)D7zveU+FsGqUt5aW)|gw8@tWxV;Uw`=TzT2dVUH8T@Iair4pQ4R$*Nzi3_mjXe=v zy4evpnVl|1a1L5!kAIhC`kkV)iL<&`TZ$cq-Q{XahS=)m`C)2Qp9Df34|GGw;lN(m_Sb08<1l8|(<*-RfTvrlIZwS6eR4;_ z4wv=jU)Es*($Dc<|kRFpN^+a)c!X4hCYIHq`aX(6_an~Nas&2$YAu8S5)J>=3}%;_YNgBO}0%5qHlvbz8yL)Br-q!blIrK zvcI3<`AS_pDyMCJDkBPSR0obvu{_eel)}@+qL|vn%}(rJE&#zBtl^N3Fk3X^m^$9Z z4(3!^87bSRIOw~0Y31wV#P+o9+WOu{WEt;8cnvyO_DAj&=0|B(Y1x@fOyq#i&x4rt zp&lbnF*Aff!19O=ki`mDY1E?Jt$`EpC;8L|u=Xm`su-|Z(o0HsXyHY9 zF3Q0|)p4;c4cyrZ$lW{m_L}$jokr^I!xNvr_cELmhhZ~cRzDgiJRF^JzjqlW<761M z?BnATSkx8nJO>RqeI`)?Mx7rX0RTF5U3BeEZJ#gMwxgSw@8U8SC2cm7QW0axG<`&b zXZdt;7ITAu8rcx})x5DcUW0EL@%kG`Ln8AvNDDj<4WMQ|0Vbr*PBfolQv-o;PU@84Ce>YnG!6tRdI~UWQf@IgZ`$e}3x*mgXNv((qN<7&vy%%f z%()QBqa%^F3T=#@Lo-RQS?INbYKNTOH&uo+Pad)QMnMXQ!#7C{Pe_^&v3U6wxVSh) zR;#5e!Ml}HPG0F*x9x+J+*zQF=CjauR@d8;ARt`C-es+>A%b%-S)a_1Rt56Hk?DjP z+hl}=(!AFePitCe&b=20o|j^llgVT)%HMnViUh*i09m9`V8Cv_Lplw*C;(cTX-Dro7M6Fz1UfOt(Xoj>v^HsepEUH%>`Bz@(3gmw< zK>n!C2C($9mDOtM1vr~P7NutJ!-f&1Kw(9S0EBJsC{P8?cs8Z?C^p)wZymZ$cL)~O zomO@BLnm_1`LmW5HhmZE^?)PI&2O<5f{nH ztX|(}+}dcI7GsUV0Rye4eLXsr9ckWyz+>i+L_*!T&^zN~BMc{EWO^_U;r21_eh_En zkuuT{Zpr(&8LnyW_qwT(`G$$Q@5_H3ks6Ck%n(jVU4Bv33*Av?p*>$o?pAsP#3TfH zdhq3pn=*Bawvep-2?53aO4OmB`AsyU?a4A757f{VJ2tP|Z<6r5tBdrn#~h8rb**i2 zlovjx5PUzzXA8o$0`k6(BW+!i^2Zaz-_i){NLSUoN>tJ#37J7?L5CWhH!ZpA1jMR= zROG|^(18(zcC@D4&SCT80VkQiOuGzuCv-}!f%dEFlo$J9NLuzj;Pm}5YP@5f>2Yge z)ZZ}XP`aXi@f@bohhAmj7{Hul6Au!m1@q3|X}B8_Gs)7m{&kWsWL`;^s{+aCd^uo* z;mRL-BVMXvob~;!k6^<0>OOC3RkO>7(sjQs!yWDyzY$bKnix>HHTeZ;i$l2_(Kuhw zk2hh5!Dj(GtT^dGcNmgvEzR}qaGT`9{R^@D;(Nl1aM(J})7N~M-P)fWIY-47hARxC zNl|xN9TDeh3-{wKZ|*DcEAA6p3cvNXuu(Of**->>*}hiP*NvtNFUnh^FpEiwIO2>ZnZ_?aW(te&?1gfxOlyztvXr+a?IS_nC5u^Q+Wp9Dku9uw^RZuHMB9`$mJd$w2oVhETYVC+M_}f%n4{q zZyRr2Z8V>UBd%!xGS_45HBO6Yp9q!eYWaYvR)6s=Y*{f-wTbz0F8P6sAe|+Vdi7_@ zbCv?n*FT^3eSVvN3bR&}sO{SX>01SlC}|Tm{2F;@cjmk#NEYvbu@>s@Y4v3 zET`Vd3b@uA6_&*;wREM<<$X7s{h4-Fnv@7oalHfD%3P15$vxAxP4oJga95Ma&#^7z z!k;M{5L@SQ?T)K4+E&8uWr)RVl2Tz;~*t-*4L} z!za1ao}|Dd2Sd~f#@t;(*PUF{sgC9;|I9vbXRU*;S$2p-?ub3nvpi>r&P=5Qel(|% z3Z$(yte$C$v}xd1-V-^(y&Bp0!9hI$bz|M`K$kslDw|}=4GkJ8D%yfgWrO$_gU!(z z!M@*oKi8$B`s)CBX>p0w^r2X4@o{RDUy{Vl0m3>^$LD+Bw$GctD|h2khkci!X$rj> zE%aW!OOCD2JBd@Yn69SF4=1?Sa5^Lg)5KR|ZQ;zB>qnM9Jl?q&NJkp31DIZd?Pm$L zWI6Uyzsnd3R}(p;1EyDOb0Q|5YEq}je5le&QM#n2^rDBLUTUW*-C24I^YFsW)c{PR z<;KcvuSXzCr-1*VDk0>VP}SxzhEjFE9j!1AJbM=;9d4Q5mGnyuX( z1Ul|7FQO++E?=|qh)+;>Um#pQOGys@zToA zVR%o}&yDhzfw;>-NWWD;RQ?&fTQct(~1Ru48>^2|5@ley_bWa5u*-^6@U3SmA zBmQJYEnpl_Be?IOTchLkQERPn`P7ddd=mG!6j0!7>9z-jJL>C)n*#&j8F)Q`#+ zy9T98(wqn9 zE4ZAvr9|=0o}(6`uAUw&)L4ElJTWQb;f`5wIZ8JApnIK9q z@^tMQV^yMBdBM8MIO@7Hc4o#r@4Q4Hos?R#wrR;`Akw~d7J8afdf>)876a96db8f! zfzGvRyskWxhK~=jJnu9n#>h%VSmUy!(!ZwQ92#$XYes;j))Racon_Mgn7etYG&2H! zInE7Ni?@LAnC7D1H}1Gu+#^OotDzgB<9RkcPCx6F*s5VfBE}KBZRrl_*Sc6_WUc4y zx~1VnMK(z1m=~FD(xt*}-(DZg{kBJy+-ehOz*NZhPWLGdl|xhZ#m~0vY_-6{N`D=i z=cTdWlpUaNy?UNd`d;-wi!5ACL|1_sz|kBE-$bDJXmB7NrMRo{#1u5?8dEpVpX;;} z#hp6eWjPCkjJ`-?=HSQNzWB~65h|p5t*E{(N4?=eh^5XbYhRIAaiK@y78v`T_a5&b z#kSKXzhHY2RG#cSAJ)I1&q;l=8%*23eX%rD$-*K-I`t&faVck70%^I;@+}V92KnCp zSs$CDjX6D|5x+aLGNhR!bpBEOI(CKYDcszNxU!0vYFekpK0jL@JIRLKwx14NZ%vA1 z(+WZ{8Y(1MRzb@MrKI6-Hoa5;xYK&Au@#`jj)JZdyA>sZvhH_Wp8lSq;Fou>212&S z1v2?@CUq4G7N0HlJnOnU16D`GL=!o2hVbgJUxg;O0GDQ-=A-POdEU`eJP^>81_Xli_k4t6Hom_n)oO}z2hkng(PbNYg-X}zM4ub;5Lt*akcUTFC;`0s!Z>agWgGYXYH zupGw?PUEiDb%0D#A+m032$|9y3n__%c#lsxc_${h4g!cInv6~>1E1yVd2{Pen4XZJ zz&7AeP%rjI5%=`aqE+N{BWk#2tV?A9c4cf9Tl3^8SgL#Kk&2GJZuecI=7Y7QpRP|k zGoMYFi&c8KP%6Am?9?LlYoI|4bFapqr2-FNgN69@Ox6C=Lhk}*Rs}RdM*O4ZUHYPG zjaSt*Bwq3boMid{v9+RsfW!>N!Pqd9?sGwO7HSj)DOUHg!z?dwKD9k=s3vwgTaP5T z=;AzI6BF(YJMQgdZPo&gf#cLW6s&Ta^yDhV7=Agu4NQ}PfQRHh@VG9> ze}$%(#s=%he^(HgyQK$b+8s<%LVp)ZXqVC#5cH>bRyB6^H))N$W@apa+3AXI~7*XtPdy^(L zKeAK5?)>B1(GLhlKHTpTu#{4@?rM8H6{&XM_Zxwn`^Q(2KP0W?py!fy<`Wd!TOE;4 z4x38uQhMdIN7b9R*Y}r(M7;X-2xPjWTL^15M29z}Z4Ea_RGGGq?CN?LqCf&r#Ne9G zh}-d2Jt0aO?7ecJHfDza=rIGr+utq=0IACB(P5{Zj(kxm zjrC8PqaTRY)B6<6MD?tKN;y|Ku8H%XcWN3XBomHy7*2~DTBVN75h%d^C;EVJhO2nR zA}MRlGuiTEivK@5qR-+=%plVc(y|zJub>8-(=A--s}dXYL6!Z-D!E!84!$_ml{=VV z_?EZe&c9ZO>)Czm-(AuReW!99Rgy~j1VbP$s*%#Ugo!LEVF0Tr8fVWOBr|pU&t2ko3t5nW}6*#`^KW_2gO5 zZ~wDbe11%GdEVVLZhqv!7xR(SH(JeBhonW0(o0KobWf`4K6yIJCXPFmuwy&!7JIxSIN6)Wze0JURIu5(! z*(>`~0+&%WpCwSN%ljKxMg&xJq5~PEvIs} zXUj$N5p@ei*G2mAl~w06YAAjPF|Jb{;5alft<-TJX>oDd{_5riPBc|08sWwA%tio* zN5D_fCxc#vcn}LjD~daTG-0o!X&rd2=R}s$eCt~lIZSOO@0=6s0m!g1!-Us5`;{K= zv_{zPXU>)XR8uj5PDi+3#fNED)H%tfhM>r2J{5tS#iO`Tz%2bJd%sj{9d>lZM?fi^7T^N3+Uu8(?`LXse+?P!zYYp% zK4_Jt=*iqU#Y4P$ZD&I9E!AJr#$-`TdhZ1``W0rMQseXN@}4D#SSKQ%2!m3NNh=M}2~_QO{Kl2ru+@Lb2x%bZ2_{Z`7_7+ZjLLalFm!)N9oa_|&OghFo@2jG0GXbLfI9+@ZCJRA1mx&`BA! zC~idD&0Jp~isz$(8QWYu8C`d8${BDjEodI^ z-A6ET=Q@2GYI*SKq0^opX5qwnI^Y37dInKkVc43q73jOtG4#sPUYRE|k(`-#%mIRv z)JXHGJ50+sKJ8t>mmj!W6?w=8bp+#%Lxy4@oa33};#*g2Js%-4C;*H&M}36nK3BTu z+V(5!){oN&<4y_fWq5S&(1+1YfG18F)lDIRroqRI8}|;Cai)Jhl~+(OoE5ta%cSvF z!px&8A@f>(E0J9haUo) z4+5y*sX7b6#u-k+vdLMnmmn2<5b^r2U-_q@lKYKs6)GoQ)%5M2M0p2&R2+>5-vj7=o)JJ^@O zZ@|gU0JpreqyZuDjS!}2W63#5UEnplIhPr9BK z=bWEc=j4ZS3h~aM@-)lKVb}c0uS$AMl6R-Cy>ygTPDAqw}6J0K&ucgioLwL#u|YMsWob4K3HftsXvGb@I0Rm zp#{9axl!PAS9PfW`XQCcBMj+Q%BBvbLgrtDEFtrjb@bKb3UHblFeP`~_X%zY=;anA@g<)O~5J`aAnxj7Wo zS0O1A38=k^7Z)165$!X}f_q(;Z5S|_wgO?&>q|X#O=*3vyl~pp>RyfYC8Lo2&fnn}=(Vo>B6QIpfQ~e31c+8R-MZ2}^mOoZ;Q?5O?H;-Qb0qO5!qA8Y zES~OTAJvn!u@F#E^+Afrx!>if`k(dCivnF*@#Z3;-zSRSsgj(Nq-bo2e3d1UX9|#5 zR>B2`bs$i}=DB^woC|?qf0`ixPA}(8+gbAjZ3BS>jhf9zk&M}p-f%nGQA$g#-{@k2 z6+5-rpL1HbA%V3suXeAexP{%!WDoA?({GL94R@5Y*e{$CEa;wopP!LOn{j;rX*D-! z1rTbLV#!)tE|jzkAtBY%)bFeFj!&@U%~=P6%*zE*kHm({%F;r+)#3_$C-;Sx_ajkM z`J#6q8KXNRi_lfRj2c-!-aG8tkz?(Jv3pHx>Ag59BUIWbCIv;!uC!4WTFTG#C?-BE zHctJVy*J+o;`xx9p!f-?TKW9C6VbNg#qS{hCiOjZDqhGP2~-&uG5H{`3LIwzT;JSj zO~y8R*2|I92O|uaC3Z7&+fZNhJ%YcB5>g^&LYEQ}(XoVsP5K;^TD{WEBX$jgL|h|~cnSr9wym~~ULyhdK?^=dO7?3h7f z>Iftqm<^xe%~GEyBhaw>76Wm!&4V;&bV>4Hzo^-47~zIjX!0OUO4G`gf*^Lr5M=%N zq{q>IE|9L8C&Q7Hnu;`mBq7Oct2*wgqbLsNrHrTw(7p^vf(;^`JOOi0R-#--vO>b4 zBc?e1z^qM*`S02PqlgLDJ|2_+z%P^5%NNg_3bP`-P)McvBt=N;cU zW1ROqzhs!Km9_4E&1=qi^__4!M+H(Ob|}$2QG3NA_ru0u^O_X3GxgRFaqK@q2jOIU zWbnkI`zmb;U<+wq2%x{Xa?fbXq~emt6;vn}J;S4c_Bna81TzqP&2+P|ducZ8-!u z3*0F1GB5C>fVaZ|v1iHoDu74_gDM#>1+724x} zuj4&r9bR>fQ~nxo`yL{HJ#Ctv+vn`O6wafbC&Z8mEz3s1QBhUv6zd>{~Xhc9@T&i;fCQfP$;mlv$J1KD?yXj;&bB<=dQ)mEp8av zH@iun(>S51)86N?k}im^x%F}!ZF05o)yzqx*EtEKkGFqJn}zm+Bh~88Ir$dO_K5dM zy4lpFeVe`2{Y;MFNh!U76fbmAJ~B@bVH3HJ*pk+Cxl)p)Z7NvR#39ufQ-#U|?gamy zD4^XT!NO3;)u>0{{NB;OgjR<=b;&)?gDC#EO^^;jNJZq6;!E7ygHIYDzE?Ku1~okX z{X0-2EJ3Wh8|q&XjekYW{;A-zxY~>x+gwI7eGq_8FJEngLjWlS_)PS^)=zZnf111t z;N@8g*VwnaXY5G;KJCr?Yg_P10f0}T&n13+1AvTQ1&GNX+E2CtOpdFC0*IUA%+G1w zFHLd#5%}zU*3oTIMh*bqNME1c2H82@{s;I>Lsw)QWXDfV8bS}lySC+xp9i0%=GlD3 zs{Y;Bo}iPK&ZTdI&-lsxw*&uE2i82WELsIDq+UB$XmP3nk}7WKEFQZw`$O}Zn(l!V zUSqrF9acQnpUCFvOwIl?kmNG=eYy-PPqr@svB1x<`)xD-)Wsw=VM`_D=Z%S;`F&zg zmIj=eZF&lSpd0)9GlTfX^3G034)O2X*WCRhTEfMqPBrbnaPxLE{{I=c8O&?^zX6|(zB;Pq$LZ6#2S;Isex`GUW?4DP({p%QSup*#)=hYm<>D7C~& zTfH7mrGCrH9ND$&RN#SNt+TxB*qmy8w!C$Npc?klJztws?oTXjc&OC6*IMrsOMSQk za$fTLKyE*@i^AEpKJ|UzTi~Z+>k3(AMqQ*JadSACihjj!xL{JPwt29p)7^ zu*K=Rn`522R=xXFwkCwY17K4h&nz~)Zn`%8;@B;87gzA+M;~+=`PiR2pT1FiyjgBH zi=Tt*x^3v-8Mss>ZdUhMR*LQ8qHbXC&}?l!HM zphoZ$3aT@2LWX%NqvkQa#ar`oK;!skU~9ESVYn|Al@?I`H9!iy3q?hx$5kTPda}PS z*0-N~F8+AMKjYBh7eSgSr z9d%m~3@-y2SFx|>k{`cf>IimWx<fyq#k+ z-1FlVU!MjASZ^rYEw|2XZu;L>qzT`>*q5dpcNo-+mm9K51cluOA!al{$GW{AKiaO% z%E7SMDU%FD(hU%P1(`40im`~C@)-ei=bO`A>2RZKR#sN=j}1&+_* zA!P5+CXSES1+nWm$#)Y$?lw0q1!91A0MBIZHSzU+3@n!+bLk@@Hkwj^6LV*=L!l8k z@BzlJ`ZkA^_6#t3_AE{SBixcVQ>k$`K?HwcI1%ikfB`5u1|-T4A&T~I=OEmem>C0X zM+Sj^2y}>NSxWR-oq7Z8yuaY|;AyBG9UTWDW)sACA8Oo2vo4p^4bDINK0X9BQ9S^K ze(hAGzD@c`yFoxiDZ`Y#JEZt-DlL&C%FyZBV>a;u1Qp7dKpgEs03YAb^93;I)m${h zHGYkN=vtiPySEwj+DyNz@%wQt7w39sUuuTDZJ{Jew{XZ2!J9b*z({N-+MGdXTY3O5 z!3+Xw8+RM58~qCZ6N?5&AUAf7|(Wph7D}>^A9s$;P@_hC=bWe<|AcXkTp{%-U#Org19- z@LigE6;?*ZNkx{vAOrMru(I`6{28!B&Y3=N3ro~r_Gx*};{lnYhjOlcq??-vQ*8iA z_;HAW4iyhI1_GWO%K6a8z%~8VbhjOFBghAyNA&>i<_zX7_*-hZ?^ZrA3#tbmEIP$i z+dx1x`cMck!6gC`|6>e=maUJ3+g6O&?z}sg-=(g|jD->jU(yhz?X3XGH)QC~aTSLK z<~RU7xIGOlFL^*LHWV57hReuM`!U**??ks*{`tTnZa066Tc^LR^dum=C6=~{0<-Ks z+uX`W1YqP6YwJteFYaK$|9Al;h>H4_0Bj*}Ruwr|9{Xc5d8?Q80pq2Aq7iag7-Imb zHn&#c?7Z5&^;J%n+*=Q2I1-T1h8eB~8C(d0a>08X zSyZ;$>;DnAYr`P@#}i1*BnXIaH$N>yD9ihLSfq&$<;};t`^pfik#wBCYjcpP0<*ul zee;Q-O=|V#F&!fptqQPO<^u^)1H|C(yZ!PBTE1eNo&2`A|3N;tdOokWKuYE~F$4a2 z45i0k7)R60gB7@m*R1r9d099DGOj2&$- zb{K2I^ntm{DU+p02!xzZ*&3ZcY(s!n6X<@Rm}`1lO3hPnsJ_n;skluXEzkv)b$PN5T%w6<#>3DKuBMP5P zaUWvd8hbTrf4r|YTX5*-#f_lk=VXSM{`sUGBr93fI6!c7s~Fce`B%<*CLMuo(`EH)J*TV5I>p1`)%nKn;E?Xe zU92jTBSl+G&!p}>1ENWWJ~4uKKtvNfV!T0qGv9N5u4WwbE~_7|zwS}yvo+BCPw+n7 zH#QL;CZ1)0X*#i%H1v-p$ZcVN)c$kL_;}ww%6LxK=Wn6Y_vpa%?H7jlzR14*A7<9K zjsNu-0F0fv^=sM%3{_=_&6Utc|KIDrHzyQ+{m=BM`@`#hyZ(p( zSmgaWBn7vYhaZ>aUDvC(`)?XrC9uGoE~;!r_22FW{_ykr;PCB{e)z+GC$zX9sbtz_ zcRhYQY4O;PH`#iK|BbJ7>Ao9v%M0MYJ@#dM9TD(9xZ8E|t>;*b@XdFp-2QBYhyK;L z$ntVLf+d)Tz*gz*%>QBOXt`mFzE8q~XZsHHNIDvAGs^Y4C$8ji+kKX}%$)rob}nyYk^8Aj^Jsm(h#-q{L!O7)6oX0ark`imJWVOe>! zj^hnsY29e&WL^*{or>_0@NXK$$ zW~vs^9msWnU4?4|N8W-|9=Z)!0W^Zdvd%2)qh-i-Yyl%%y}};CCN886ECyb1;UHJB zt956$cIK_MLT-U(Kw=J!3@Zk_$ENbT4R$Z#`6(dRoTJ%m)^E!f)WZ+N-jELJD(#=$ z*BQ$zKfTC7CKy=&{ufMFF6J#%bBqO$Mm%||R>rzjKtT$pKDh8KlW5`$fI74o(u{9C z5utsz3QRlB*ET^+IXc;ux4Q0T@C?TH_Z&g}x_>Qo#|K=QNgyga(qoi@Hz$)`*uIS? zs#8i4z=@16>Ae8fX+NxSpaE$AOoAcQChuOV#K+IB)BI)RsZUZau6El`=D0&z z5`-tP+xDjS2?KwN_d0=^Gr841yuew284*VnM0`HKn@ixxTC=S#NVn55*2esM=z&Gi zXcwXXUO}dqdA`2eJ>Ok*90`92E|}~KY00JR7wt>3efzop4)9WG%e9dwW1??#2p1*u z*=BM03$bOT*%wYvu)WrkkdTOV*-Q9-7W=yHP9K6?XijmIo+^9(HdZc|=;;3Ly)k^= z<$mk};YNS=}=X7lbC+6*QfNck_id8K*+IZD2-m_)BCs7i)O?T<#fsN6SJ>?!@(ODE>S68(z@C zJc0zFcRA(6vatb(-}Juz@w~VUuy1&VIf-9V+N>C!J!23FoP}i}D_VCbxK|cG@M#Z= zp&Bs+@Gc~^jZ5*5K8x?Kfv74)aZ6DEI;*vXd}6&UE1LnrsNUjGw$LWYvX2%rc&HbK zBd%pii+*a5Mz)57C6 zEjKWEff)k(1c-p;M)wG};ZbSzd-$jpN8$-JTFKH6Zv1z{av2gq=ZBtrkN%wid`@ON z3~6mFnvM(ZMoY=aXETV3VeJY_C%IbMxye?L{ZDW`0xdc(eXnOQao-NDz%Y+&j}3-v zJOJTI;>|r3+7B5!HdzYvGOp4;>K~j0ZLodP2H9d~k!DX=7l=kQB4ivVUBNrQq6# zmqm0GjLh*Ofnf0_I+*}YU`N8vx-3nvTQ$iE->YLtZhqbyoy*Jm)JiU9r!#GyM`Fa8 zYO6OfA&}d2cYT7;Y>RE1Z5A)<^rQ$rV-a#;A(Nzb6AUkA7-q}(`cf*Kp1oke2=9PE z5uP~ioJ~NR=J8o5J;kzm-e`URAWvkmKjg@lVlMo9?edfB+%q7Y6u)t^(^PV`-8C?f zRc-PSn)Q&yg^JmFZHFd-Nw8z^-+jTrQrM_RD+Nk9I36;Aza-sx@hY>Hctp4AuoV!K?s!nJragFtPMC*lrPf$)eExAk(#h@%#- zBa^KIZ&`Oec%F;}c(HMxJy;FyUoFE?(0-Q?G?5L*U`02+SZXe`t@oeGFCbej@8VUI zse`8bRb4W$6e|AoB<8YVV8B!aBP$I=B*dMN9v1%GcH9Z_W&)$3WaY^#oi>+PS0MVX zdj~v-p`Nj98o9ZAsTChCtqfc=)a)>h5^1O2TSZh?&MxWe%@1RMThB?umWZiBI^w&B zOu<%*pu#3g<0L6%wmYuT@3 z2s+1dkY+}-K9##kY#WKWYeN=Irg>x$bH{|yTeQ9rXYPFfRsf^sD(BmQ8e%w~LVdr3 z>P{X|IRW3Gg$Uj+JZYm@?IxF?TAlR{X@KI*);i)yJ3Xad zX5}7No$Yo0=Q(0azh-;4qNj|QYD~zZvkxBC*cj-7n~(P&<5gVtYDsSF-^YuPf}Ejm z(u(wJtxz4J)#CRMO^@?NwhbE&yEmoPxGr4JO{Dxq%6V=%8Tw9@*#uCX~OZ+Ltry#ySpT!YLl)+-X{ z4aG5*CW?U-;;I(I4uSW(ud_;7zSqf~5ayoI#LDKvSeKU=xtdpT4yO<%ma2_layG}F07ZcZcS`nEmi>iOS@pF7g8v(7| z2`^b32IM~}Vl8UIq#Mv5f%%Ui!x=^K*|LH9$jhdzN3=3E0+lQf-P4*_ZCYgiu^b^k z-nu-7t5JaPJJ!zdNAvTy`okKGXWIOVcr89gCtG9>C->Lo7`mral+3TpOV5Pw)GE#H zK?GKc|0#hGw>+oc&s5YSxZZCpZdeMwuz|pg>*}TT;29FBp;ikg0BW3n@VjQ zS*X?2^6D9n+XS}^?pn_cBpo?la3rAx9+Nz#$5)AJBbnEZ4A{Jm$48fnxOL4dO^?aO zlsIK1iH+XY=N7fqvPs?X_e%Wz2SQwysR#bvk#ORZOCo#12>$1nuRVAK(2c88S4sVi zLGyp0UXk=rE$LC>dxRCtG7ip+ovtjyR(Qb6#pO+fPrH@%l&+wisV+W|HjP;;@$G^; zEv^)5wscb%nbgi^Wh9%2WG|??>b&c=O~~*pK$f%x>&mB>d8g*;bxU2gnha{Oy@FzR zi4h?&WYfCMWkfu$%#pnO(GCd%gG9r&5Id~fbYLO<5BtZ z5x9=!NVDHO;gkwbxpY^HZwZX?z5S${PC^I&^UlikgmKLI;9>j2pKedSp6!pV;rGU% z&IB}hdFk0r08=;^%h78VdfAaPvtn;G1BcGK&xqvS!dDe~Bqop3pR@g>8|2j6UCMNY z9jNsQ_;h!r_u;)X%0rh;D|HqQ$1Ixj<~6USa*Jiwxdn!G8Yxsx&URv6DA5

&djZKVGCM+IIStlCR5(ZNjkvolQ^(Bmr!S>v*o@+jz%$O}*4J zT^YS<^3BWlV7^^uqx6H*S0ob>@!pe#N{XAp*{QY%W>-%6h}1l>GV(hIcj=+9OS*DW zuzjg1^SL_BY)B6k`an=yX41Hv0cNoOnXrr8t|_9n`~;Cee{W_?MDJmhPPYSDa0&4Y zFBE3BuCZiP9eQUbp0kiz;q!Bxc{sABk2c&Ol4vw6vGC!;D*>$Rvl1}z->lQMMj9uI zc)!YB6n_wDmZ^7H$K*|dQ28<@qc|WiVPE{K&;S*e64dSf2~_hlljWpg2|F2icsY-NB$%VScFwq@yLXix{dvxZM|LLP_@~I(pTcwm@S=Fg<#Zex z!!nfGf(ic_#W4NuRtrqx=J-1*dzJOB>cwYOwEc&=)@Q0WW{S-8cO`3%o>4--IGZlj zqK3_?iFXu+UrEg%1Os0BE5+t3C)1r2M(;|3`$l2eO z)Lg+Cdw<3ZD>;lg&9^_R3z_j2lK2_ zw@gL~X2}vqWFWLjTZXg`Dh68i`bodNRaF;*5n9llEPv)FbGUe~=spgd^ww7{Tz~AJ`$F@-tJ!c_?OJ?q24?jj2BZ3iwOPzhE z_$JDx`7$ctneR%FZy*27FtZQz8|s(iOa(FL63-aMXQa#vUv`_kue2i$aosP$gKuHI z>B`lFMk}oECTX)Wn^r}{;mQO^(!Z2GdtwTZbi@w=Z?4k7mM1YM*63{tfmxmEr5JRR zs`s=8taw(l*XrkdQ{HEq!``4ag1sW$Ooe?y?hr{sBm%a?<$q}q3qAB2f>(TQXs)He&)&O|(*FF3U0OwIMz7mXAz z#awR=FiXG9=G-UJUAo}i~XkKe^(XF`}88E zOFH+)jj4<`4Ujju9W|Pwx!?DDi3tTrYdxhmhdX#A$kFP(0IIcCh4wI7Dq|k zHWMH(k0wz4a;fvwhx;y3Ie|Z3_VxVezvn!-{IbkpmaE@p)VDuOr9ggid@g=yJI|Rt zz|P3-B~L z+>l$^a0l1-hMv?j?HH@a`7u+&yA?R~h7oA`1uqemEn9~pkD-I_jEQ&l+U)8`B#Vi$ z?2&7g-}CcF3gkBKd2X!7Cax(gEAmU_X7wQ`Pca#YuS-FV-|YGeQYscEQwyxe14Uo8R9nk>_bW`czm(rvaThKKM8bio zuiHi@ytb+GfK(B0KRm|KX`?zg=lh_i+eJArO)0V6*dOQH3@9&@lI*RDD}6D08ibNs z9HWagRWf1+W2&oiw%DNp$XygMyA8fL?M;{@@(}Usmea>f16^_Vk~M2j_V=06$GT^_ z+G3^}=GK64Z2j7l{=Yr8kkiwd(UzXNuybpw*R*k~ZSomx!paMWgJ!n&2k^zI{O$7c zc>)k6cwGF=-k%oIFG~fOvTV(b#MG?@`QC@W@iKrZTkFo4vyB5;jV_q7jq~~C*4x~4 zADFVG0?2!r+t2|7BEgi+_nNieW&^IN1yh#)G5#a>zfyny^uyy6FlBi;%j33Q`1^1< z{=e%LsXcMS-c9znyxrQ5^Zg7)V)iT>Rp~T^ZVkDuR-GN(rRYj*9$CuWc=htY1(M`c zbiqbetXfQZ&a`|=zGgNjoDIfvh00ayFhmQM*qunXQkp>ZgIpyqIbEkNyY6O;x66j z0%E;RK-kbFpG5WJBlT;%HdV4OZIYQXrv!BU8{{92p4af7H)SRrl<7Hjpuc(+<$lLwn!`mozUuFCUUQ}4=Me-0LcOKnf*|)-z8;RibE~{8?lVqa0R5uBb z!{RbZ?vb(OZ0%X?@iQLDde@}nT@l%g3CyolrClw=Z`Ti7R9kL7X%(sHW4Ph_vB@fy zj2%&Ei>iMRB0gI)KLNiGk#=mxJBp+QL=_*O@BQF5GNg|58I72KUxw!j8F?w*nBO`W zufX|%x1zw#+SXB37&8i2{;g+dquE+xyeMa46CeY8802DToA@ zu@#I|Wv|~-mRtL%fpK+{o+5k6s$80H?-9elmzG_xZN??1A>)cne5R^WkK`JA{4Ks# z!%UdVh55W(ZyQ?pG%!gm85(6ewmfWWy^n*&drq>wt03r%=q-gVjm1x`=XWAE^i zb8Y1$RHN*GRIgPmb4i*_X^&SZBdm6HoouXaY>jkS4kZ|LdWAY2t43JJi>HcPW!x2p z`Tw&h(4PN{91rETN_1SzDytwQb2S?sh$A7i-5I|M;2N%jQ&erE_bh63NL6~%3DJ{= z^iAKtTX>c_N#)?{H2-UNIXVDAfA5govW;R~&D^V(jJEQ%LA^32{F0=_0u!bqDY#Wp zm`|a1qU@m^#$CLNg<0Zf`A&=hqMlhh&h>i)Oejw@rqaY0l0Hf%*za@`T}d+u!YjpLwa)k*)wj?78;!?xBrOMQT4rCcy5yWKbxv) zJT&h;2g=3#RcjM9bFzmHyHig8P&y`#p8c1vIW44O#qZiCqh-H>k*a4Xv z#x@xjne5NjNam;WSA1L?kA+uvGsfjMx>TLjmCWuJBOZ{NQ}XZ_pRvHbrA92MO6F7| zvr>K9H>lxaaaMN-MhA-Vn02GRfY%7I?x$7>j$N)hEeO8#^A@=I1&m!FYqefZ<-%Lk z^aX$Ho;1#p<@LAZc(q~sz(vwXz};%t-QKj=j{@@R7-g_C$_(L&f?KnQ_jGL`I<9r$&FHYg z099{rrK+SfG+>k-O&YL*jSG|x2)xB9jJRDtCU^EzImN#*HfgoHAdA9(I!S6~~eL!mVZx(OL3Ph_`d(kt~#n0!X*bnaV5!q9R@lq0(7_sNXOcy z0Dk%tOcN<7NBR7<23~6~828Xzwl1E|T2E=@q@Pqzc5hX7D>>2EtZW(~SBzSSyIvX) z=q56X%Wl0ZyMz=KI{_Z_ebnecdQWo(E`hLi_TBaN7{^(<>e51X%Y@(UHQJm_{cs_NBQ5vARNyot||=2coDYd(`m>Wo57K=ISWcxQvX?pfA{0R!f`I zzS9gE-h9_H+N~h=_ETVLbwE1nO(Z7KV=lr8t`QUC`mqX8QkRBUO7P?JpXwHO9U`IF z%d4`dTQ<@;42Lz38?VQeV>8-m>PpE0G3k$5+-_QExD50Qg-b?+S#Nq!cjHDUV-KkS z0Ke6Hg4`Ktk{%(^%(Gti9U3}NOsy)heK0tc z8EOYi&M*gJXS|C9TiiY^rK*dOsu2Vju6WWzsn^(h{mJt9>JZZ2B=O5B-oJk@$UJ<0 z^YU!`;IpTgt&J87OejjkSkaM3-}`y<%v^xAdon{3c`7LR0!HW?>P ztncO!T^%)G(VvCPx)KhMH-c7UVQ?PHBXC&yu#$+;Kz3{1Bu&^5-{>tE>t3HvI}KQV zFRP@;(vZ#)rfu9rH?2;LYIA=MflWrucB^+p<>ga9S(&WnUaz7F6fw{Cmcj~J-JFbw z&sZ;GwP6o#>+zV)J|HD?-nrE$JzD9El|J_$lGul>?VqL67_rRPDf`&6eKiO58P_|uu5T7ZjS~v!-+QS zb|zRQ+owr__-i6}^aJe^eP$05sMJ`BiX>hXCMN3pP9!3`v-l{gm$d9mU48uJK-O~A zRN+L5qZ5Bw$XD#5K@V(PcheFnYeG?G0~**}O`ZcZdh{Xc^g6p=to92S+dfzrKzUG8 zB^5I05yk6q88ty5?-Rs2f8ju~;#ukOP~kp1-U|POrv`>@>;toL%x*zSbU%(rFxwrBn_pa34ss z>2@PAjJovt5IR#+ajY;Oy*mqnhf9?I`ymp=(t+nQJ{ zD6o$iRbvaM>IAR!pzzt->Z zTv>TXFaMt(vgYHH>+9@df(5d5mTrKwgA zZJ^H2pys|sCAJEJvQc~*t-(-Y?})8#iHWf6xYB@RrFv5iBLLnJ{jQQmi7K16wOAO% z0K+~qBx+Ya<^2IK65Za=|uzOa(5xa!PiN%t!^(pR>XmTOYQ$hDg`@4UccV%eRi={rtQ~d=^o5%OqX? zE_pTAY^-v51kvAvNbl{oO-!)Hu3FloEn3MRlPymqA~+GAr=vCoCSm(pTk=i{vqY7i zXA(-izEaX^n0P^SB-lqk!SZ+`p*tYLdb>en>LRxmjqz`0RR!1m5^-$7)iO2dmt+qR4%(N^^FkA}m zn;1@wCFPZe9#tb^Tco2sSP*=vA3T(dlC0|ID+fNK0y7h+ublWZ?b2MdZBfTuKgc?9 z(q|m7K76W-oZm6{t^vkl#wDea;*fjQDYfi*Ko~{E-2Q_hyc!hDl@waHWNcAp4?d*q zl4Fdul^dF&cG&v&sEdH7GPVh{dZ!YH5WpIMO~tdKKp=;b|uHv%;4V%JuNpp*KPzYN?8~UruGK8 zxU33mbBg3&cgtOuC`q|1wC{L|@{(6!jVAm2u!kLkK+6~;B2s+j23(WB>@jhPV1b;5%`3oZZa%cDQ?K>mA+Om&O z@rYAq;hmFX=u@G$IDa0Lb_nAbQe$TfJT<|)R#15l-q)M1knq5gd3D5hbIJo-IJEwL zz;dIh)k05$mHMnul|P21pfKfw$S5LVMkq05e!eXz(Z)?OmHw8hf%l)(s*PthZL0B` z$O11+lXo{}W<~~^%Jce!?GW*2L1CXb4Z|GA82tJkLk-@(7DO-kGuy;6-d^TT@^V0 zMy?#nXd2SCTAsq6fcTK%H1;eAg%RuAaoSJ$bwafy{mV2P3jeEhBCd=9qlp;UT70*# z3f@0=GKb51aWmDG$4xh->e>Yn9^#E{$l|H2sQ6@*^)VByA#xD4zH*Au`bwq+VVT`q zG+!fBEHp(Tmws8DSqvMAEnRM-Yrf#%o0J_dX*z;~y>Ye?{zG!7)|Cbmu|zkFa7;#N z;*gU`X|i6nl$mwLgtpiTs|-Fj+d!ug^1Cu8aBx*M)NWhIl?on}!{{7Oh?zMf7nm?rYE^DSgcL^3MCXqvlSq;7h;#uX zaxD*moZc&g`VQm%)1>SV%jRI*|lIYGG_?a>ngSw#c z&=HAQ*W}?@zT*T4rBA+>D-y8?nnE7>}4ejY}TqiQU_(6Zfd| ziL#3^XQ_j1RQ^Y@-moS=u~%xdrTaDiG$c_D=u~{-p~t<>E$^ z%+{ya#yIf}6@%geb9dBVrdCYuBzlD?oj99;mh@lhz)R*rKS?T#TZpi_imPv}y;v@i z>0wLbde)z}cEPLA6A}2->Qd=1NN)uI%@fG|trWD0;ie4*gXM^Z%Ss#Uzl<%Z@V~yY z3Iu@5c=HR}p#C(0Kmy3ND}#S4^7#?P{G=);*Pj?x`BPJVNojxw^>g~|b=kIVQnJ9( z$5&3V;G)FX{~(5Y3T%^2fWsCqey3_jUO;_xNHNHy^ic z$%&4H)acTN(`EIgb$j7kmFsSFe|H`9Ke2TI#kp*Y7{;J%%DWp4GG_gE?FZf@cWur~ zT{L6=p42&#C-)@2yWhag!N0R5HSwTeV{7L4DG@C*l+p zEq?G@?#OP>A*IQYoPQEizMYdJsDG5#pgFA$>lO%`tQqF4Ki`MpkuBdS!PQ6gM)ex| znDHBlM}8XzHShNvf`s4SFJw7_^>YHtPjlJ@>ffd78$sxosyTcYvPX1L6;xu|hLn-) zw+GjQaJ7*C zApDMo5YC9lgl#VTjll?f=6sXuhr#o0z?*UdJi3J({A;N(Rie>U3u(Hy<;n1EFhhSFeo>>weNHD!H~)81x5&@i1T>%o z==_Uqd)r1o4F_c;%@S^YpT|G+>?w$Fu%rL{zkc}Zi21~K{J+=zkg?sGEdOnn|1XRe zU7@@1S;I7UTaELo!$xRDTSX6;{P|olS?lIyJ`0Zpc+ImEHt)aAmy?QJ%4N6P|D%h+ z9)D~oQu!GAg-CBifvfU)QbnQkr&X5gO_(wT#nR1H^$@9aJMpO(1-En07IkemiJ~Kb zLyj4Ce(jb;2TYb1_oOxKpiW}9=5=DJ3)a9PeEt)=!3bB4*H~4-r+$Uz$U<4Y!|YD8 z6XStv*i_{>^gyv~bB6+_(efZ1yR@GYUrdE~$2g!vSap1>JNBrVRX3giN!ESe)DfN6Fb8_l+F?LKp$Ir4z7^4waypL zLrY(QgKX!}z^tv}V_lQy(9#lAn}c)XbI?pKwldYJATSK;eft+hzF!SL z7jyzCKdu7m+8Bkpb%btM-fU*H{X=*VpG$W%Gu(9aVS()oC0irl;!Xd%w9BC9Cu~bJ83QIyUpIL zVQCLyqo{kuYHpgu&6(xJn5s}oht>7f73ca#%mm{YctJUkP%Gm=jZ>rY+C{|h0`eMX zFNPm@ak=I+(!@iKjviwVxd!TC1$k|da{qbh@iZH~(`VNqS412ryJ1Idx+wxA**^Wi zPApZzZh#OYCcI!HGyne78Lj8Qqi({Liq|h(QQb8lfthrbbg^>>^?{p#9^DuTM1uup zb%CxONt%(C_vbY2RC)^zQNYj})J})E?!}m=6vJDxd=W{uJz3|0DpaXF>4ucXe#GFN z#wGY0?_b9|ivF>c9OVOJ#-Z}MCex*Xo*CQlD!Sj*&Uz_kMuaD%c>)E@b)SNHH#a#w zS;>u+am9>-U>z8^#uLc3!wb0DHA5mK& zJA2udc&7Uq{W4U&eR);#Kz3a@(;-lf;7J0fvS;Fbe|u2g$7y}3S4@1tch8&Bwn2l{ z(zW?!EOQMP`x`JZMN%?zd=-0zY4I@p1aFQ3Sj!}2=^Bfzs?WQj0=hzvAJ`ujcrHzg(kOi< zgQ~7hZ3|a=K3)XPMqUP!3-#7Qn@^SbCPS(XD8Xw>0dCuCQ;bF3GZoMT+ zyLP!XZlo_NzK)DE71Hubj~^_u){vy3LduV3Fh{X>{@irvRM=Gnoa=1Ik{B+lSWEzs za<8`OS>2gcMDJy5w_r2knc;Mq)+PFL2>OAa(ShIlj7_Cj zn)-*$<|7qI=PX*4!%Fs#mS~a!+X}`PV)R+hdvNr%bfMufp^+BHnD=A2o!p5)03mHlus2)29(&x?s7{kRAsz zkHrC36+S%h2FRMcsKk6TH*!ZdN>i~Xi4T4*wN{W%E2Pe*G$$Yp6uDJ2coL0ni6;Yp zQu`olPGDl$i7cZHxf93DD?Rs)3CrEyq8hVaxI;x>T6EvKd14F-*ek9k#MqyR=e7T% zS2F`btc0cSum5tMxy2=b+=-h%K^s0*j)^pDV2vCcQcsRDYlqAzB-6|?&NEH#e_^rW z3ZuVjn>lLWBMWM7PfsRSAn!D=!sKGES{zb48{hJj=tImm#ydxZusS6q&(YHt4tT(p z)}0%Byvt2AVEUN`P;C{Jqen+d9kSzF;v;vVRai;CJWb^uFxRC%zE|&&9xyP^G3X@k z&_9f7%EJe^rN5fxs)z#&r^=Yfy^Wej7z;rS4l@GVQ&ky?xdBX9=Uq-+d77kKpj#T@ z(@|R&i~S66rTs@{tonN#G8-*7HLs~?CF@gXvNW@?Ke6zjO~&p5)D9h1;ZB=NDSAjx z#4|g+Azt3Ft4?LuYorUf?6b$4*&-_SGnhKbe)^OCN^&ta6=o#?_SP=;Xo*FHF1}S@ z9;#vt`z@~YWGEU}od7LYC}q*v|Zjrco5(>9abCr-9pw^PU!cev8DV(zkF z_?0X1<1#Pc=0D8D+*Ubqf2fX#h;W*?reQM98ntNrRx;BQUzo1Hsx-3OCWb`_CMy5j z%9B0;{~9jRRumdD3#5&#kGz3zP9&&;Q5X;G1H9RN+Aq@;Q>DQq*C1{JYgQ#N#wc8c z@crkQ>|M3BRr+r<(y<;jdD4?(gq?d>^6RLEf6*--#5#SrnlfAJ%uj@JOYVUefQ& zWp7%6p^n&Sr#BID$t0v^9Uc}xVBQuLSq}#~B{ycf$?W)y1mKHIP=MS|{@fwaU9}CU zu?U@Va4#yC`3%}N%&pNYsIY|9fZ2Wm-@h2u4+O?(m-3a8dNTl6jS!xe0#tr z&uB>s^GR}qqLND0R#n!vd+!<6boO?QDuNP4L68n2Ql%@>t1yVtr3z973B7j+ zy(p+4y$6&cp$gKgAR;XwhzOxb4Lx*(5I8&YFVBqfT<6pK;XP-*c#Se4zqC;KzsPRWh_+suTAIJ>7~D-lI<6|Ki$HOC&Bv9 z#{D!OAy5b$q{>@*EBd5S%j>j`-DPXq5qSg7?5hLH{Pv|B@;{FE;m5U&pGYQ=?nCE4 zhr%1fUjV1vb~gF<<~aPwokeD!cJ%yr5*!j|`LfHHc?Rs7#(d3(o109>8%*|0Ci`7_ zqsx7V@nU(q8%=wSrL%M=REmrj@Fn|Zk#x1)2sW#Hp^7PS^V2+Il>6E%v+;s-m430P z#26l#%G^i+GyT>oeA<@9J?D9A1|4O}IcgA*wiyRM%)!SD*@u}T2rHx#qClQ~2P*qZ z$a&5|#|$kO_Pyk(set{Y0DUmBY4RSZ#a~s8p5!MPYTcC>uT?oEyiO2tXd!l(@CuF=Cmv~BWsD$Zf%em1> z-0x1XW#&N&cmrnCzz6O1Tz5d3^o_wrbOXv?JA;WiI`SQaA!;MH2Xpn2usvtgx7*yl zr7+W_p~hu4;SUB>Bc17SA;21{-soPb_qP=E%?sZx+LzdrsVoySFvbW8EnG757}({H z1+YBvab-eN7F_aBy0hpphzO{(9+LazO}pp8cygd?27g^s{zNGx$ZLSX2FmCbm$2C9 z>Gmj&M$1S3n#sEVVJ)aFm*TnUooz!tRY)6mSyLx%&W`6cyswHM7LMQa*@~+wf;1(H z$ed%)@A}d^_N>=t{7s?#m=EO5p`gj@2Rul@Vc#y3V8XbJLiarsluK8y*kA~=hFVQ> z<@nz7o9G*0Q4#2K6u19oTbcT zbu`GcDA?skj`;8B#x>b26Y!QcYyMZ^_1Ble^amiWg5s7=j6e4W)B#Ru>awqywPm+2wxnZ_Vi6-|Mp=j+{ZX;L=IgVF8etBc<`U-_||+A_8(={yD+_ zVAcP_3(5Zf{SGE>*UyyHOxC$CcWJ3h>EN+~O;FPy7pbWEjSWGlM6=7+2Z{*^+jxTi@%yeql8z<;*2|1v%;qQuYV z7~*NaWh6Rnf@J0tSJ9Lva;Ln~?G)XsI4)y!s@`ykH32#=o~e7R?g$GmqX$A^&nR{?-4V<&@+ zli81R8Mx2!V%F!^F|_A}V71DGAA-7F&!J)C(H@-} z)%|oQ#{f3M#vK6%@dWlibgKJig*uw|=hIf1A>HIx*d)`GeL*XLA_^ui`?fENUBv)I z{01ZnU$X-TYk-((NEC^iX$4n2sKz4`7dc!f@NkV_746Q>u4|LFG(L=Da4j`!AMb-A z1|H5Ttiuq-P}~c^8TqTwc&5C%@+#z>dz#)akDF;3*c?9iAm3JleAVhXye(1meXA+} zzqx>5&Ug|c<7x*ZY%22yri1Iu1nrc;}DgG`q+A02E4k@}h533CEHq85F+C9-3mm{W@}EwSG_?}NSX4}xQs)3aB7 zSH2iOk;7=~Nduq+fVKE|GG zcU}4x&o#HM8~JWWb=M{^0Mlc04fz!!Y_TG|Tg}yOwFb=>Q>L1_7Z`_V*QVdKp{2t% z9}ORm^8HM~lobzGezU)@GfKY17b^UeYbeZ#31=wJMOJZ2qqxWrEHN?>FD&5BK9^Wd zyOaNNqUV5+&b1}2I~#|r9j47WT=Q(^#wU_U*i~gpM0tOOmDi{hANu^9ia>>V-a=19 zIMOw4iOhod%rAU4vCPPnb2mG3TCwK%hel$nZ(C&tJz+k;*WEIu#Vf(^abe2kN# z_8WP%)git6Zr6`?Ej`hjJ^*~#dyL>$37xRYIoc;r4*@PQoaqa=D_d%QCHHBNl%(Ui zyng_)?vs2mjnz_oQG8Djf!pw9H3d`8?kfcQ(zC#)C5rV)WKgXNZ9nYgVJ7Aw7x&h< z7kCn?QEYue^N^V>65H;ji4?dHWj>xmkWgF(kw*G1@cpZKeTEnXYNOk$OOqSGh$#&P z)Y~`tQjkC152_XBkFHf_N-(jS_U<)St)Vku7_fZq*141zI%Y1q;n2SOX_JR}j0A9V z@*ndUhl?)DwYR>GaZT&A{T)SL=>l(|w@)2}b>J4-=wm&0fSi@xblDD~XrsKK zf2J$c79vPd!fJsacSylPPtZE!FH+}b~t2$8~WIVPPuUNjs{e@MF$1& zcd;8;DolUE~mn}^Fm`T9pU z{WixxLm}?-NVL}_iy_ovK?2z@`Oo1E{!pyIZ2d4 z66+rwy*%u0K2(-agdTk6Lf7Wi3FxAa_DL@Qr1SFMkxo-RP~Rd4<5Xo+5bdF~_!KPq zCRUOZhnKA@a0PqK++_0sa^%-C=l#t&)VON!M~oj@!d^Ckt5Q3IEqN)QjqG4vq($_HDvWerF>>d<8(I{zb z3y-4fDzPtgHe|Se_6yGSV*A+rSl(LS>20`lfkqMUo*VFNuDY{wvx7nFPxeQD_Pch( z(ZO)DL&&K1E#ybB;TYdO#4_YqvmjZi?>!wI`+^UiC@AB~)_qQ4$o2z>S%YhMZpZD@ zQLuYdG2s>z?Y}45L-NftF&c8x# z1AR;cE~jB zGuz-@?a6tW^RpErRer}?M#@9bBjY)YW$UbDX~R4Q4Yp&cMejMxxQ?FDP)XD~djQ-yazhp{^t$J=m92Pm zq6=JlDu>F%uL2|H@5 zMBR+l>}*9-Fb>7RDzfQt$q+ncl-ilAGAfd|f7H=jbv?X;3gU{5 zj=rIf&r(<&Mjvm;C?QS@ri%tC$wg}O9)bHR|7cO@X<@_mfHDU`sy|lw2{c3f7G;2t z%A#b`S!{wv<0ZpbcVG0fUHbAyZN4#D zmC}fy@;#Cnxi3ZOX$@J|Y#%Ok*L}urs_Kjrl=?1LAIlug$Yfqoo3A14s3fn#rf?Lg5j`0Nc=Om+J^U1mj~A4~GfZ$| z4qFq*QlYopDl&2XCU3_sqP5u7Y5w3B5EU3qadD#etvReZ``5H_PcFxV-lP3yfRbYTrxPVOe0gxk{c0 z-H2&VBnN=zGf>B~>PHsWfx$hX<|tbbBS{qW=VrB zYpT~W(sJN5^DilouJ(x&nvGU3O*9oP*0tCj?f4~Ot&AJ*rt?`#mFUSlQ_uQZ&#NTn z3W(RO6^W><90OZn`zkXUjH4Z2(-SNJ(Bw0D>Z?f#}9zeYuzMSTRbaa*rF7v4>8VOTh^nY*^x_DOk^p1REO!QbA-fs%e zESP;%Wv7o;L^WbWw#U|5uF~IvqCwe%3NL|-`4&5j&y?vqB7`A0YR&G+Nj#KZ9FG+2 z?cWKF_vX`I;XJ-`y-%Xh^B1StKL@riY+FP9J9?^r4wd>>GH#}s6}}k_>?BBy#l>*b;gWKv2LwYs@Dx*SZf(rlxfDy| zFM>$XH-^B0QDPKk3hxj^BO4M^noPg*wyh4Ix`T^n8 zvQKfk1)P6dR`O-Ae`!(iK$6iNykMAa#p2;yR$HJrN%f`fjP9fy*Uxr)PG4%bQGM@( z-gj$E_Q1Y-^Wqqq1y{AGvpd)4i^?UJn5$?9G7`B){98L$(lGYHHKB1rZauq;2AS5o z8H)s>gF7P_Xf5(RVPTtt5b!4znKEgn%xh~Z*@hR;lc!rw6=?f>VhgA)mqh}3%dJf( zzbkty41b3PO%(~uYa=}w5s&l=CN2-CNSDICxvIF^=}IAO#>X#MyR99A>Qeo1ls0v! zU3k+hL(l1P$LYpSKktHRm9Pmsaqn5WGg_yYzE&T?ypkM7~!bLY&k0JcHu2hgNO%uYnK*<-If22 z!&&m+(Tj@$YoI9gc-djFBWm9G^2~rDRqZ{v^$r7Ly-I_s!Ze8OoQcg^I6j&@enkGm zja0GM5Tp)&s*v6fWztHA31un?Zo7)HyRACthjKDo%1w>w89k_7ONwzqlohTCrVSfDVyt6A zBNH*5&7dBOcVGVI?vUvPC$hSgWYOe{&s0^~>q6~ITV5SJz)6FmaI{vH!p9hdv*O!} z^o7Ev`%YqS&vzTD&ws<4&X2AEf_e7YwVF&vno?RWqqaYZK1R)P@65yTx<8q|7qhS< z^FNyOD!IH_Ieu-U$|wLtLxw40O^>-|rbAG*7Gq!1$J^%S`Vv^qmg99KbH0;UV+oE) zQvdZ3k72^-g86PqSY`RGLaTsj3V8BY9k~`fcyclMmc@3^xvQM|583W~&6nOOxDUnz zleE3rX1ml8oD^AeP2}I$Zg)q1gVdI1DHk7s9MB4bJ`xk0%rW}-{RRJ7+&&s^vc&bt zwKi|$YMM8-D=8%G_@MN-F6Tht^e7y3vq?NYu0U~?7{%XIlM{T4+nVE}Ql&|2n>K3B z-*vKpOx0BKb0RQFO|%7m&)E8JHz?nVLFaP~D{XY>(>>sV3E2?cEvc?Xzd3Fb>*jO& z{uXb2F7mkY(@Lj%07$F~rB%6K3chl6tA}il5SfC$&27r@0}JZr?zKTxEcO^1aO^lO z5rZ+~Vz(7YJwx%*7-TyP?%w=Ny2V2gixzJJ9Awg%`H_D+Tfp8{!xj_K(qzS*OkYIP zrr~3HbdOBRp8I9QA+B?)XY%-AFM2Yepk(rw)Mf#mpm!vkAt^Q`Bn7JN4+%aP>$nTv zQQt8lh|yM4qgMMSP2q0@qE_bgnh$j7rP*S-+`lUPL2j51#8LK?=HUjO)iOUrWH^s^ z9glVK@-E@^dke43$os_lc7Feav+;-!QEL6B zp62a7J+4Uq%C!KJAye7L$hrEU1~@Go90kg0JDVe_dwb6*pm@5 zsJ{d9EhX2=7J$BLGjZ&mQE2W~B^K6NYF8)&+1YGr`j-8+;O(F#drUSQLNCZ8KBa^x z77uAQZfut}(?v{ajwEq)5k6|Ofn<|!vU({g7-S5;8{T(e8WGWnsD(e^c{#8wURTX# z(d#}p>PqVF<-X@%yCxYenY5x8@zfI|@_7>244A608D-A7H8mn1HOtrTY7?_-k3T4! zgwwHK;u@Ry;;p#v-4q3RO`-P5T`{0E+}-{iG6qMJ?;_H7gW2EUs9K1!lvL(${bS5_ zkGj}`&A8ckn*ZO<(bSJn^DrTipz$zZWtKXl)Ef>zJf1v|#(FlFqBiSb*2YyfEY$ZB zW>u)kIzv>~MG))!+1CCC){v1~B(UsC!WX#E7m$j(FdWVprJYx?f9c8jpu?3e-pO{I zUV;66hk`^kVjK`xRpon^+-$?)pSLPTpUg4?S+Pm=-u=HH%oVWB+(UAjW`qEAID^1F z*+0BdeMp=;OKbI)X|W(@ytuzj%OjeQxTjvW*sW>f6TPpoa$eWx!+iZ3j;#?SI=xtm zzyI#vJ0Jnp)A9`wgoTg5Kf9ebboxLv2SCWl?&9i+QNEV=TJc-O^5OGP|1O}CYc^`R zvGv;08G*FvLi#uSXDI03TX%gbKsWXNO!5Q{jZUB|t&W-jN|0u2Jxdedo!hByUyypZ zpeSR21a7)h7781GFaFK(!Rb*QE9?-mhr|T>UN>a)KS*4dw-DVcf6_gw;Hr85w^P2d ze*Cm!qo5v2Ksc{+t?(lnT1VtMzeA9b{$DWt&;NL?(Q;jk<)a7J-_QMDya_wttT=ps z{x04CWyobvsVY8Q)&BeL|F1n$1>`BK?XJ`RhTns)WC6)`^t(pCkQkzj|-|`vd{AEoYa1;uKmrxG&`qlP4VuO*Z&h=y$afj5GsV zEC42ILE3!cvB-g+5x>ib{QGtO^GOKm1jtn9RsR#n2U*il@UzR0CH|We`q$6L0b(&u z>hL%9Abwtn82s%2jvH8JL4!7E_Qwg-4RM_GXw)YID>|c-fJ0Fna#I zbo|%X26=<|OC$Q(S@!sU2U5HHj#(yzz^ zfe{j@J5B4Y7uaN?r4Ov|5prGkIWn~Q8rDH&4tAdE(u;pt&JT}Q#-F8K8EQPK3b20tR0mnZ_s_ap%V8fgCCFr5#)(r(+j;w^ZF2{35ZAh~osqSrQtuOJcJzkyyY}(ody1HbGbv zUy_8JBju~-4O$MrNZ$&D!>Ibq7y7fOvO+FJqIEp-tN5$zM#x1!<-`5ysvO4Y!bxb! z2b%C%P-`W*XKU#zVNW~D%-XtOjDY;A2ia~+q2ShqgMv)pQX`b+=;>va)|Q|%-D_y- zU(WB(zc$Ke<(^TJYjT;gsH~1Kjg#I5_8tiC8`L}x$?#DPWAbDgtfozR;uh4Ml8B)ozl`6cnI9)l;rmrC|)^r1iuU|5oRK;ESeAQ}1m- z+UPzwlN!jYxdg{X{p+Rs+XE$wAzwh%t3f-`FY1I4`Y4DTmduY~u< zAzEBk!5i_yeK52|XkujbR0=U0J_eM(X0;6c7qY}4Dfv)@S?t8e^g1^COsY#Rq97G?PXZf2Tn z-lcjDq=GbylRUAM2=2hksOLPM!7J)SU~n*CMp?bQ)D52Ib}`Olfcm#{^+7Ye*?ZE( z1U*IOGg+UrSXq4D!owZ)Mzy5N7q#_CI4YIeW+4Jmc7`lbXLeRmBA0?nzXs%DA|*Mn zn!n%3D{oD**tj{hhD^n(Ry5|{t4=@{>sM^`V9@H~?abO6gE98H!+gWUH2MnZiLLc6 zsCif>7YUGqQie1)*l$X|8Hl?p+Ue}6{Rou%l2?Y}ye}NByxm$C{mc3OcNJ_Wes3Y$ znI0uI6uIIHR*{X{ixq|m(_p=$M@Lwg(TB?jeyvYToVUukz6k&o*P>Io~cULVJ=gqunjC;Y1gxKDPTmluBo! z>bo&)*_%qKcM3Y>pnKJ%(Z@YqVhaF$(cC^sD1PkzK(4YpBC^LH>DxMZWndGV$ops% zJ)xOOPbYc-)cp!ufP>#`(Ti&GQ7;h9ZO)juVwtub62qM!-o39mGrdKTLmC9cadV9xAn?IUlU zmpfNE>jPD5#RMwkoAcE&=zvcOEg1d`DSO-==>*bJKFaG=JnR9hdn*|Jqit&i`k9Y5 z_gedahNgqE53k4{L)@d<76Z8})2*^RWPd2kQk(c)CZ<65q)_Zh0sRR9YEB4oyZhoW zAI=ZY)ngu`s_a)Wus0{Ir!@q;V&|T`Vt%|>%wO&p-1PNr%nIW2kIPg8Z^JG8l|})> zNp4cOAEB`xe1VS`uO$&(di#c8irwr7s4l3vE}EdflXT*H%T~9FupBb`_i4mjEXLxyl#u!L7ej7y zSPD0+IyA4Hw0)Fq5gOdeV*OaCt@F8T25dH-b=-cRJm=_O1D?RM5YrspR=LRiNbI}L zBw=WNhKIq}^L^(6;_LEQkVH9SD|Ad23FfN`oVCKUsfBW+^&5^3 zmWR^AQU850|MIeKyWpSDl)iTZ)4V{|ad++f1W#%k{(BSCxXZ_+=cEHb^&*eRvUrzb zK*#M`(b5BUObRM~6}b8_3WxE! zUG;KoRlviJw6;qUJSC#Y5_QRqKMZ5?4MhxxLA9g5W-Ft2!m_eJM8He0ajRn*)SA=R z1#h!<^Ur@EK^`2?1g;Axl0V+rB&)8 z`NZv7A4~BVw2i$Q$r7l)%)9_ZDAf4sL%?%wY#oSVI%IFzw~1|tal24>sHKbE^l$fz zO-F;_@HV`Ps^+mM%94KQ1-`mHd}@Py&855;v!396vp}E`2;B&R9E3wb_=fAl8Yi;` zzLM2${^p*{RLn`Qxz8)vW@9%#i9_w=N6rV^i_Y!KD`c~e92+Z_T$$5zNDmN|mw&u# z71D_;iqEj8U{@gqrJc{hWOKmoOzMPs$}KjH#fJ_-bivZd03iNxZt4bt%Cqw?EnYDq zBf_kRMXl{5EI!Bl%>1zpLZhBeu`y49RFG*jC?hZVbwF>FS?p|p1x&&pzDJ79!)-M| zlYio8Xs5V!>A(it-IgxqN?^ts#CLiLjEqwg$7o&agfi4id~l99bMnSMMZn9b@mkD! zAg2segdJtPrQ+qWqHT2r=|vprIVRx`^Y6B^TxfCPdvo_iq|9QykBRiT=bQ}+Tp zg2hQ#pkWSFA3m6ZKKCN=WKCT#Y#~3XL%}K^;I-_)A8Vc9%LDN#@zpS0sQA* zJ*rxkh6-nHkkAYBSjwohDPD>*_U0W38^oX;= zC)G4zB7ZAFlS7SKPavhG6wiMwDa*fqF2YAn55cNj$m2Q7cJsYoPx4KP&6umozg3M_ zG_p>eKGQ}12bHTB5b@2Zcj_G>PFQV0%|vwJ{R-Cvk;G`m3AG&f$X8}lS^aaV^(QT1 zoLRCr3C_m1i;kXD2>$co6Rzk#7wor-@_+3U)?fM(RyQ^W(2+G4dXW<c9N@-q9jbxk|eaZa<5l@B zKRzu3@s@7Oc|f;$dPRNt{pyA3~#G1%mA;yE>dl}Tb_qG@;3)(pG5YLxi_fNb;t{QNfOA=UT+-|L)Fq9R08 zz9YqM4GyjXVCy`S-};@1HV^?JvjVV;o7YxR)yu6@c1(&4&VRgpPrCJ@JlI!n?^$~a zn9Qe_#%&LJO-5W|r28obFgfmBbrN!!el1T>*P|)ze zE|`D#6Ta}@WbYtv(05v(? z3>G{(=MHkQE7xZ#bNk$#{)hru3SuQ=;5w(5!vxQjoiaV1#rL z6VsNcnd%qt8aIf7Y$r!2VbGMx_TQ5L4jHWrU*5C@o<8$fVH#|R^xRhfYJqeD5}5E; zEQ(d|^Ey$4q1td4UNCUuRAk6n#Cki&CC>E?-9~vgpY0?+76ilWLJ~5WkSwK*U@pMy z=x{&C$pe^ey?|-V-D_v-cmyVAuF=$kF0NJGe>1Ko5@sy3SW()1B;J!LC7~NgPCht{ zhkGj@tVW*cm`(LR7=(w9drnHNF4^D>{k3Wyo!wO z+Q|ZDa{Quk^WsDV?J0s#j~Y%cUAXsritJnY&%0ozLh9^eYv(tY=&NyZ*A(yVZ4at< zEHw>a>JKu=qMgbCX)qP5%=c`{!hObiXfpKT!3QzIac%Kr|UB z>eYKZMy8~uSefm3Ur;VEffm=xjzA45L7%0is&r4utE=J>lFwHqSexq><>!~E&MpUio| z^V<%1cV4)vl~3i|j}s4z^HckIuhPszMjGSb3)BqeqW3wy0dMjtrs};q*ACuT3lXiF ztVA#4?*~BMzC{cWkfV!>@190z+5h^w-7W{0|ICCG6|LEqEA#2}5*~I%D(1$rTm-aD zDnlq>`o`Fn<&snl+}1=LuU{xF`w7`%Eq_W<=&D7jS8#dr!G6bB5JMbJj6JGRfa7ta ze6|?-aJz;{IL?LPfR&YDT$rcs^Cyj^Hc}Z$)dr9%!Zv?-hIxUuGqo-=9w5ujaym5l8a2QJ^-;9~4v%Ov~JNk)IQz zMR=I_EarNt98Cy3k!c-u=@a@ORyeUGazBhGpwy5hfa&%;4{YXz$YXcMayBbyrWRet zwVzeL7Kr`C_}b7ZNeTHXCPX%tEO@HYb-w4>9fi^70wJfuhX>k?h^gQJ&Z6w*}^%R38l z_XJ@F+ctFwpENBsF}7V*jWFt7et^PLiqQ4kNu(aF)7)`CzQsBgGinRHqL{afZMt#X~olD8T6)&4%w(cFp za1(u_Z4R17H0#Z?vOVk*J~F>! zp*-bvHEik9~ae2l|LFi?>JDLAw);Xb8=YbI1ZB1^SA4u4nw7K-YC~LMxv5!8l$qvgeevPs!sc z{5R8a`+Wf~v-yRG#69*>wVs$E$Shx7m6P-H_9$>-5O=d0L72~@X7!o3&386e1pEBb z7gPFl6Ugn3z&zgbEnD)>n|pF|eA$BNHp91v#T)5cJ!qkZg*5azc?2IA?Ah*ktwe}T zr+?8Rh3lpA#%v!84X{twCKlg4s12cruEL5A2V@{6ZKmr&MN{~F8ms|*u4aY&= z(D)mxzA1m<6uVUmU=~#2vZ!9`HRKEc1*3J+6wbz{)1y^>%Ci|6vskh z#avXy5OCeJxSo8yh?V4x_$!1|_S4A@S?c8}!vre(~wFnIx4jvg&cnMMx^j#fF=yB}2 zawc8f`VAsQAvGBzs56siUlZV$L^s6>ANgC~05)r@+d)k)JX(9bntGx-1im#e=}Pkr zYgU?_=NRk=W+u0^d1jy8n^=A+$3?FZ zOg%Oet9+_=>pqJqG*h7@3}Mn*lW9Y^H{x`Q@tk?^V>)K1T69w?^y=VOF9*Ej^(S{i znYa8XL>|KE%+FYoaWIu|eD49Bnq~7|3qH_N^VfuE$IR)dJKM}jqw80kH2wR8 z5mm%~2*|+qaHnu4Du(PKdaBFPH{FDZj7D6!_A*zk6A&zr9^&_JO;y?+cJJtQqqT(w z%7=31cJou?n7@&{f=bH;%NyikV-BugOB1ryWe8U$V&e{>s2Ugsl?0(N?NnrX`A8efrKg!!zk=g|pc z^tf?a1KH>xm1u)$Qv8 zX1O6z2}OltWESdU;x!83?fC3FKWJDqrk=-sPbV=Kmj^4D=BZX)ls+o?r5%^8fV{UL zdV+9Mn$mtHB82ZEEhZJV+a&`+Zx)roz>bv2sA<&q?k$1xg(hwKZL&|f`xKBv5AC*V zIy|?|nHkjNrp{2XU%oUzlWNp^n2>P5mXkA;gxKJ+hc~f2RLj=o#pdF+j8iZ%zOAke zZ@6i-XbgOKJ4JNZ<}*A!rCHvq^AbfZ?v)se4R7~A_j=DxkaY4756CHuz`E_1(Z3aq zg|fy=CJMO}?oUcza&CsOoa!fHA-gu0Bd< z^W`JS%@BmDr8~yNI9j68V=9Hiy(wDB1)iKK8StM6!iYi^tuW)oy+fp&*zE&lS27p) z8t7vpheEZFa?dva!t9fD9hS6D!C)vg%ocR1kE)cZJk5?im(WcBEr@!NIBzwt^rB<_ zwt=QoN_DF+jQ>$pkzutCEHn6F@Y0oV-AZ%R-4SRek)x*hD})@e6fOKSM`Di+4C|^ zMVs_vP|8#3>8imKe4hkS&A;mrZp{VC99I87zQ-ETrjQnh=iq1dH-xaHTgK$iFTX7R zp_~eQ_2d&qyArr(G)A`di%SievYDa?-hEb0t#~yxBp*&vP+3oN9ldVmk63vIma2vSq zY^;KeHZL3XsPX|-OlVR%3XEnAUM)|Mkk-iyt-<>;H1KgoKYi zJr&Il%rM_bKLloMg*4N7uGdA;G$W@nms#FgUQ!QU0)?WG{lsDdR9Z@Ku^W^%=eL0z zOU0yJZ~hyrq(zNn0R4#V{1~(^lkpfxqf*gjnV-D#PbCS6`9AkKaAo>+vGoX-RYu;q ze@zHrL%Xs!!y*;NPaTx7ZKs0H>qovJOJEJ?PrG48gJ`_si3Ce*^XFb@_aN+U;74v9 z)7(2Mi>H%aH}G{y)CllZKK;%n_QzA8-qAFwQ$Nq6Uzw({03<`!rBpf1c-jd0q7%$1 zM+ZE2eLy}YKzdy#l2E)TwO2A>NEmU!v2o{HjaasUaD$oEHXf&0DmHwhwI+xabbM?~ zFXCV*`3cmUGeTubVnLK`-jGC58D!Mm_8Y^BGZIw1*EQbM#gfG^AvOg*#K1Q4relZ7 z1|M_33+a)OM1__o&=p!j(Ij*Jc=g1Fw6n}ZlBY~mXFIjUiw z?`E}{kJy?YnL4PYYL%lyB_6Fhksw${!V#MDH`oN`Qs_mUOly8lN11=uTVx=X#w%ao z_FVKEj~Cp*IhVa1SXyVm;HP=8J^5wgzLyM{3M(o4$rs4W%KIrgSaarN$eh%@ceN-j zJdSN9w?ul~fUNmYl_Jq4`p=Q<=65z&7m1T@*4cPj!J=e@6afuEteuxm--~OeS+Oqw z7#5gYc%=DV%b|WP^HG%vq5&y7^ITSe<_^T{GFojx{hyvpDI`-E@sW(!`xp2D1nDk37(7e5E zBU4#y&Hd*n|D?sS8ZN@j*Jd%8Qe|nN1P{`FEyNm)vif+d$H7{EWhrRk^o`=u^18)l@;z(Ft)p`O!LPM>j(A^{6Wfs zx4AY1SWIU|5s={;ha;pD%hT7Rub2+LKX`#=%MeKjAD0rQd?y)TD3k463uX3&NkS#5 zwT;LRa`(k6Q1MMrVkye!gz?&u170Pf!tf{DipqO)dw6HUjeYiOY-ID8upgy~Q0X0I z&M4+BL-IsD*CXpm8)FDZE#HyuLh~rJFtus??yvY5YfK*Q4QKcotcpWo0b_`=C?ovgypW+a^e4DNP z;bn^1jS4}!KIKJ*sBtk;MACji?&XEtFsRK)v^~U2%e*V}wxjt$QK6okE8X#o!LlIy zAWzf9Eyy)2&wr3xr~2^w39Uh*A#45@hgfvsFFX35f0eB`4>+LZjGek)Klvx8Wre4i z&(_?}eEsXK{d2$V<@&)8-|GWy>=8Viv72Zj5XKl&<*FBt5BR5dKp)k}%@YmP+UkA%+49Z?FEnn@E z7%15wE+P`ne?I)zOZU$O`}IlrKl_kmnQRz^ukQ?-?EO)_TX53*7f7JW4w}`taSi?x ziJqXldPYvB+W@)W`E(qYYyQzbsJy{_FWG0$Ds{gC!@v z=^9zW;LZH!!+*VW|6H(Ng$@5-eMlDcOig;f3{{(im8~U^NgFY>CaN;q*<-UW(p+h6 zse;24L!H(iFt5~gkixO0C+>ykzw(;O?l-%knn$l3G&FIB?vzHXV*)(S;-+WFevXu} zhbE{;2u!b+;nuCQ`>xt&=c@koS^J-ta)}%$KFm=^Q>g4dWmmcHyY4_B{L;QKe&x6g zI_Yr1tapHEg2J?^;`+9Cfa-Vu!~N{On464yTh)o=KLJ_O3Vc!9zj&XaWXU>u=xC97$;dykxwzlDA zhj*V_(R&zY7aP{z@&oBIX84g8fP5E~JwZL)Eq>I7ABOq#g8olA9+nA+dTFHnyc~Y+ zg5wXxQ<++Dyo~ibFgE$a+^Cz3RKlbiklt#5M<7*EVoWa9_e;DXtBq*O+ML7J-6`N3-3Ht;TLBX_ z{zP^kaK~Xl;THxdk=)0!`vAue4ZA>H^}-1w`7xubWvfp{h5@7xFsd!S5Sbtb)Wy=e z{w{Uv@J;hip%m(pHyMBz;7BP~Q>n$rm%u7fSrkljwSFzoY6B43qj#m5hveL?CUgn$ zgo%c(jjJHwDDnv3f9T5WTs;N~P!jEXE^tVa@}s)D(i}a%(L#XtAE&e$3A}|A>nvMS zVKcumziaOubS9R4S|Nh|g{m<<&BVh7}6;DD>f!&PM zcDUrCAQVZWU9jWE;^y-s=-gu+_6{YT6zxZvH}`;I;1gFTUNQ{O&G+vg^m?tlvzMPn z(J?c^G<81rqlIk0eS`x?1yPk`fo!+o$mVEz5kB3-^2^zL*)(d}UU-${yGb~11^UjQ z;<2LC_7gA@+DfTsc$s(?KSollak&~lS+FcQ6-rSzq}P~)H_U9u_6o*OYg__KOedz= za~%w>Dvc4&C&)IkjIy4b>8iP=wwNBb$|KXTD2NeRg}dofbU0y#QB-|m9=cd*qed|x zKW_W@j6%ZhlhY#5l*pWw1=CheBn2-4=6wlu1$Timk%TsX({c2@^+x_S4PF@mrV*C4 z@1#_{+1vt#b;`|E%?=~wY~gUnW}Jr?Xt!oGHX42u!Xjct2vc+K+O_s?0y12p{}_m6 zTY&|aPC5D|HlhC|e60!)*L8MJ>^-q19s$8~B?iUJu6nrr-=OaE@2g~OOPn_B9}&0N zj4M>{6v|~`9B$7)!;hZLlv&kz153;^A9U1(f~C1GTjM454x*i&+S?Bb9xh)O=#la6 zWJ?Og&;IxUS5@bS;yCx}2jh4H_)iW%dfoW2a%5cEbN6T{G(-yaQfj|wXS){F{M!O} zJ5SbDSEI!C!mP`@zFl(|8rNJkRKI6+EY!s8<+m`*D8r3=A-(9kGCSaCbC6-y78(ZZ z2Qf1-mh)Z~YF(LD_`m^@y@zgjg;TRT$l`l%I|*b-y7T02mtHT=w3S%M3Ym83Io+wT zJy6R@D-IU4z7CCTK-fNyS|&RM#MHTiRf|7CHkLg;W~dFQcqk&qF~B?4c|y&&;)U4t z#i&nZR#aCWuk{a1VMvto58}E=rqV778myMN$&QcN;N>kZd!Z;DU1A~;^`GkafM zmjp_S>G)I1NqiT1LjPbPv3z%x?px1gCF0&4K}U{B)l5mTvh@cxhFkasK4LCECf?TI z-D8EZQ1k|P997fK&7W&e>@ucO@3Jk_Esh-S5i8>z7Vz0#`1w3{nQNTCSE9=>|8~i< zF5`KFIR;TGow^}DR-Mu2-?cfim@8Jjft!On37EUqqMhHo;d483lj9_ui-}^VXqB)) zqTe2q$3dVJe4~|#&P=cN2d6`SZ@|GWF8g8i*tG198@%=QF0h_NC9`bc74;t&;1scW zlpT->;t$D!w@}IFw!y^Q^TIcSOhM38ire*!7zmA)Z0EYWf6XVLEfLrQfyZnmkx1$7 z`(f8RnEiagQqTrCE1=;a_+aM?CK*rxPbPY=Xxz%l5QuAu7LyU1ykh5a{7@`ok_oo` zMU>xiDHM}D6N}LW`WWzC4NgG#++GUtf;<8DM?rh-lfMa?z@QqqXfEA( zne`Wlc6%Gb3FAX0#*G-oF~JZ&P40`S189W?awUHtPk2{&Wr-4WEe)wPGQgbf zU260_hVUtuWZ6&ap}{d3C~vA zHa4==M*-b9dgdV)f1$m$KRHi1>Cns27KRX0XP}MQpu>A(t^?jy(%9Fy8L*v-Brf{d z849sANBFTKUs+R?GUcq_XRCtd$?#XrmiqJ@cl7&&`W;fU!|hRwiymyae+E1{jMaJM zjzC~ls{_@p!-3?cx8J!by}WtD!u>kPFqt;mTbENW8$5}i8upb8z8&sBq5Xx%A;X?9 z((Cd%-Zppj4in{b4!EC7QKZFpA+u}pi`JnYB#QG4{9wkIMr~8fjMa>h`&Gq7%BK;G z9yBKIBbx49^0g2aEf$g{Fm5wg>b$TIz&P47t=r7p4f%+{ZT(&Mt@+-dt`4C6;nUT! zYzE|QA1y)Oe*WE|IlSM}I8^F|HSc)&!VEf^2osAiplf@lH8cZ8LBE*= z5NNk9${bFSI-lljeYB=v%)*10u1WAnev~p5@>VH01^lk!wthn*=(Mtg&UBTm4W;JF z*ga5}9nqN-@`L|B?R{ljRa^J2A}S>!h#-HYiga$ek!~poNfA6CaikkWQc_A9 zK|nVt-Jx`Cx;Am=I_G!{_Wg9<5BGoX%cuQg!CrICIo6zGjAxAJL6dT(B5u8LO&YI7 zUNAVdnPYY<4W7pzyeNn!M4}RaZU*yI+HdZ%AR%-ry^snM$dHosr9YUd#+)VH{qjL;U%wlqem=ScCVj!GZThlcj>OnwOsjn~#886c)03 zZo3-4VGQ_s6;=4&O6yUxifv=7D5#tMDoJl`@y=UY5-pnJ-tCV2?0kB=a+Lidw< z!G!V3kG>>Siw{O!P!M);i&hkuu$|p&Bke+@)7>AzZI?x_C$RRoa@pi6zj0^iYTZv)F#7H`k2Y0;+V;@?( zo@$&^CPN>v>8chiC7r_qF!6Ps`w0eLw_3k)`Mn*>(_EorNSAtLu*UEyyuqfSu0*eb zrR?nz9GR5UeAU;K-b=c?-Ls_zj!i4QD_O^WHLAg5)+XM#0xyG+=bXG ziHY-^{!Tqvq;I(=-#XIaRLBOiltdNMu0-n&MH6NR*`T}KO?hK`P0N6A2{@$9sr?LL zz}3Hf%dgenV944fxmG&A?X2X3uTTrUC@aLJghSAi(>oeOCFbuKBmJ(Vvw9+%ggVP; zkoPT&z!MVt^P%csNNBX1PcnnGv&qv0S5U-SzOsw7)TbgP4YIm>CcU%U{gt5HPSvu| zkoD8k{dsxRU2$h;K0JJ0xM42!Z3D4G)pA@YA-7N-AdfjUVomjimrlAavmvM!+pI19 z6V`Z%eP8&PAWmO2EL~Bur6^FnKBH=`x9=EYR)lIOb2FX->iBb;geF=!Pv0noJvW12 zBI;NTA1@x}#;(D;38|(%P9+uPpxeRN!C+J-)Emx>Q=^m2eq)3ym(X()#7c9*jleID z;V(DiJc=6eub{-Fi9NRo`bdM{21JjPWp!d!^%UP9)Ui?7vr@6ERC|#4?C3{j`#+yV z9${@+xAm;fY9NNWCMI7rwmz}%joqhrDK^8Mh_u|2oH)-xx36@522z0(2~Dg@fvE?TiOf?UD>OJqF;lihc1@75 zdX9YX@^4j+ps8p83)s_;Gk+O{P@Xk|#c>0>(^y_vtzoj$%IISn(YG{7E;l`SY)0SX ziY4&d3>{6FfJWbdX|~HVVwVN4KC7wL&AvIEAa(9TwYB>Jdqd;BXBV2_^8V7MHyWpU z1paJ0Qn&tgfGL1UwU8Y4YOxW>@zEC+N;5{rEX2&rN*VFEVks5V7iKk6%J4}p)ziOlx*}IciB#*^BVg}Wwo*xsEw_#}}$j#Fp zGDiT^V(+m-e6@_i%hOCciEr%l%1D{>0fR>vQb&to>p}817u{|Qk=^QO#T3XzKg4mt zct=b!8Xnwal>ypyFMn8@tvj4y_Gwa4df!YR6gvv)o_$gqairxYwx?ZH7UP?YG4RY2 z*oB9<0Kpk?$zSvo@!ZTzXc0$A-Zr4SZz%L@*ke&Cw8opN<;@typc?nRGNpv^GE@p1 z+Ibk3o$kuIUo#Gu@`WYcAW?Zg)a*0{^zf)uSWW7_2_iFGC0wt?nxsUDH{C%N?{z`s z@jHDD3(w5aL9kUzZ0B$Sc%haxE1k7|PWS$u!Z-BslznQgqpO)r^++^^=a!#ZvXS}Z z&I+;(2?*x8xf8$2pmmf98S16qc(RT>+}}JG6pJ?=p;}s$g-M00Vl6n9MQl_n+VR}r z%Lyp3Ab3l6-B-HFNVCl^uo|1Wx-j3O;dOyejyN6p1PB-k^*{LXMDVJdkOBDzgW0xN zA1o==B2Q4Q_%-1L`V+rr=#DPRMF4~n#@RMal9-JJ8U&ZW9fnu8_=(%Kc%<+-EDsi~ z(0i&?W`LG!@m4@r_#AL~lrSrZojeuy=Cv9uWbr)Q+p*!f=pVT$*w`Lx8Ga^w?%8># z9P3=0j>CjplH-wyW3D6wa5C@<;w?!8-5e>a+bx%?%)Y#SkAV2v>;TvPN7G5b39)FO zdgmG`#IyMIrU0>nRsNry74o2xI9MgzZ?(8=IzM>X$=gst}QaafOaxr_% zsI2$PjKNa_e|ctP8dv>OI7>m%?Z?8;-lu}yev|7g zu~lN;V@NC!N$bNP?C0lKG%D7SrY!vD{+1540t9^wuRj*M_sDWL0j5v! z9UkBI66Js2PhKHTM#j(;etL%Sv-X7Ni>))1W=_^%NN}3dVNsvWq7B6>$y-t zdERo3r^^!XSB;MX?ID`5za7Du zOoO%|4~%uUZ*;g zeVXx7vi=Z%eC>g((ZwOP@lCPjSL4MV3&^eO1*!_KyZQ~gT$Xe3LK3bwRH}*YIeK7d zaXl|AT?ybyvG)AzV=asf!I+v%`)V=f;klQwa6IE<;PRw6_uVLdaf ze~3TtK-?jyU+?|i3^y_Y<+Fc1FQXI4UD|SiNWah4la4W_XEJ(z;Z*GCjaDOG|G?g@ zJ#X#)kId{(pUeaSTGC%Nr(1L?7Xo}!4UA&R-#_J$LMzY@HTBiFuM(oTF&1r? zCFm}3|L?7TnY#Z@_$eO~GP4vt`Gn7a4CD*J*l;FFQ^ewk^(Ksvbr!23J>?rf4g!f} z%0oKZi7pL*sLJs%HFZM7R*Rv4f)+-46Xvmsn*B5xBhQf~WK zW96qmZ#4owpvt~ze$+<<9Ym#)59nH|k9J0$kC~!%0E!KcW2@nkyDuq(YYS^vB!1aG z{{eD+Ob8)*82IO_au7MnOJdfW%b>w-tg__<==e55$RXflAwiOJn1w|~jNv<(qIlDN zRPoF{^U_}Lm%Wt$aekFIN*>&t1U;+&>4w#+#>!1{Kd8BNoXhifyz-xF3SkVWVRig) z_)K9XH>wwc1-+NBij%|9e(ao`631)sM(R z(5+SIf!vWZWdS}!A&{E$_t+VtSq89MV(r8i3cHZg@Z!Ak{Q5WR@oL^`z{x`v(o>*U zR|po>AL`*;2Gn$9we-8vm6_-jqjmNxpfK$&_`q{1WHMvNjK!XjR4`VtMd+k z7;9`XbNt)f$}R*I19>=F#M`~=spPwc%`dO}Ouo~W-rWLFW-hS;U;rvTav9KekR9@V zMd<)_VotJ;0EIe2FKUq*ATILAF5$>?{cDo}pavTX<*S|}2?1O_EUp{V#P!a5-Fl~1 zK*WcPRzb*o$cN_3VgLy!T6LGWuP^Dc4YBT7RH*5?QbSFuhs&nIL6Nrnje#snfD#7- z%zz0oXdo;XebCSj;eq-)egty!s(OOPkC%&Dngb<8HCE3F>v`@Qy8t?+h8wokSN@_P zvqEHl%k&gJm``JI-&q!Mk)jlMy0@mzDrr0m+E4MI=HfaeNNp1*U#1h39toooYoH1s z#TUMFRj#uiAb}Kso9vpd*U`3J<0bCp-ZRx(2}e4oUN=qYznU@-m;`tH{ve=n<|7cz zg3vxIfC#q5veRe-hW*5{Aw>#^J7%qCYzO$hYPlpUHYX33g{_B6?I@F22 z2CxCnQO6$Hl~nsHEetEqQb3bs+x|X;jNloW-Vn>r&cE%_hD|f%3_402UcFBxxLIm#{~q3b`bt&4TbZg`*d#?vxuxe z;;oBY;RKkh%FbS(7I=eILNoG;TH4U*_NKHh;O|NVDJEItC6KZpVtPO68z=u&gzwF1~Zag5=DGr9#1(JZO57bI<%Fc%g)6g{>0 zG?_#t)tpH>#0zvNWE6b0BvEZ|V1c^Jkxg`Rv(s%_k^+g3;)=tm7D&VGqEi#Dp$)tzz?d7<8OsE3N<% z(s5!LdwV};bOArvTs#lZ%iR)2bW!lZ@J`f%?Tc10yuYSX-gy&|=~huKyt=I+8YY^LV|#=j!H-P zZ7e~cn^UpVp7?U?bEf9*Ks*v`Fx7a%vwRp$8Wjl? zqS85XptTXPGlpSMVJk1V4a4aj3czDuX{@ORXxzC@4U61_j>DuO)36hauvvrv=%;Q3 zuU5}&E#2>CE|LhkVVxRQvc{C`B=%zR>~3`#Fnt7N8cpZ5Ac#-hKw^FqB7p^IBen}q zVG)-|d03K|sCpsFyT;E@Z3Yk^`X@DhA+Yo-c&zd_ zkMNK27ywJ#Bi8zFPw1F6%mUVe1389gqV>o_8;iColp=#wv&n?l00o>;YWYvXqm35npGs)iWd0VCqhkL)mE2AM1%QqjraqZ(m zws=gU?`K%H7NTg;l^hdepp0=#EK7Ef8{o^tFKoeyBy@}6t61qRm58Cuw3}RDwMU7zjzd=v)9BK6wb=VivK&My?>BQeefI*%$uyl6@F6Da6uF&Gk;m2wJh4|@V zxo3%_y?R-H=aTgujyDIE(K^nUM7k~pIQ8@4EcW1hd0c8&Mm5j7T-f+7fF79?C{7~w zXR*(v#sE+T0Z{Cisy`|6={f!T@%JLRe5rhkAsRo7mxIX)k!M0T8Mr^j!DTuE>Pu)e zvFfr4=?5^nFr->bVXQH`9#}#kv`N@?qDofWkE4^}#TARL>H#z6y2?~B{c2C!h@NQO z*haR&Du-?V#-|GrGO{AKWP}0oKP(^55}h;E-F#CSeTO3{dD&152b+cm;@*4o0w8e$ zrheZ@lf_-&n=;=JL8)`6Yp)ejh`~v0NLtm0O&FT3^h!Sji%pbn_G{Xe=_{|^G;?M9 zE(6M3tIIS!yVXj(5+bn;q(ZlP)2^H`roZ+r!1@HQp|Bks7+Ovuv9o!%@fcrUaZ#dr z*z`z~GOI+7ZV_XkKUbrN>Z73W0Ys4NUL=qcNM;&fo%5LNZn_gpmhvoCQ>a66Dd zDx8h!c&6~m!Q{PQ6VOfW7n+^o||&fg?3X7dr$5=8D9Y%1P*JbC>AwU{yNn6IZntk z8|+}SA0NHA+o%>xUr?fW_F-DX2BeU(FtAeBb8!SO>&jp-2`8QBLo>;&h&PRgz(O$I$Jayy{EGA=`-BN5QOqUkC#=M(cRKU{F5`97n}SzVK!IJ zMBy5wAB2cEsi%iAc(f>}kQflYRUo)R9 z3uiZGjTtr)dIaBYyH1l5gEL(geHuN;Z`-emL8ch^@#=SDpXB?koUBuvT$#%>de7I% z)OmyIYg<`lX|Y3DMxYwq3k{h}CFvcj#%&fg`g{C6EKtQ1>qnYTnTx=MWnKZjc#9*5 zQ?4qdUcEQlgmI=Pd^CumP?VFJ9-AG9dqj!lp|725hg zXI3wyRQ&@#u4ipJNin!Ba1AssE^ZbB07YFgRy7|YBqC2<(L_49pNi?`X}ik5738gJ z#l6iR)qXjqDB+RusJDkG(#VgAgRcDD=GXP>Q)Iyg+2&^>_U;j$6vnYS>|VKT|B}Nf zvM(4D|GMsIqWF7Ppm-T@!{&Xe;2{I|MZ@vO-KDHV#w75>^0AHs9ME<~wTZL6@<+3v zWGcm3CtKTvq`m_IC||6pR3trP#5iS?jY${@C|z{iOPM08v#DD-GK~+a`_*!oGv$-X zp)RlY^qpoTLb{fEHm9NF6B>x;h=ebJZt6HR4T(@nULfAyk#PB>?Sr0#6Wzh3Iw`k# zpKbS1X>i3M#y=pWK@Q~b>E8=;L%T`Gyh+mdS=lZ!ae$ezw^7J-3U`XMvFbWkTY^tb z`r|~u=YAHT0jZLNNgGk&KoN5i){Mps$~Wmo2vs~_I8hxv>dpb=d#}gmSQ%fy_)LxX znm8N6|(Sj_udkO+Kz* zqQ@#1matyDEjH<1`Pf7IqF4vS&?B;aJDGKqo4>_CKH;Ln!w?X-I=9>HL$cV7uXzP* z+f>{@w`faOY}mU@Ev)DsU$&udz!T0e_37e99@<+AD9>CgF`xytg%e{2_sBY)!~3^( zTS%j_rz9jk*F36~zNSxSE%0^-OZr#{)aOn#QH?D}Ta(^OwB6xBSuoIt4aNHmcK0M6 z){6~>i3TqY(b@6>9QyqW@tM5J<0uG-?5TF!iuVs8c*$Z*K^Ot}#_e&w0NNsQq6RA1 zNTGok&Lzyq?!d-2g3kisuo>2q+lXw{H;Sb#g~mBk7>?b66OkSEfI;-}3tpejKtg&$ z71PD!P7LS5j*iq%yb3eTyXcA{+QHt) zehg_2t;c>F-1;!VULdfU?jV~4+=0hA=t&f!PD#>qPcgNMjHvCC#(+ZAUGflxILfCW zW;Xx<`Z|w5l|Z?<=5ydrwbYd_@9&>3ps^qV86*5VqU^rpzAU~kRy&?Z=!-ufrox?i zsQ4YfG|Hltc2Mp*o{eD9JS4V zHWxUTWcr>X#mFE5M9jSY{;&bIbkR6f9|y`q6TRcI;$X^nURBJdp-?;y6&ZV({Gc^n z&RHVrGhQGzFgzLBoFt854__)h1)+)Too0vC~;)3|i0Ct*P|j;iWRjsm+}= z!f?yJe@p$QK-$e>?Qa!RPqWO@zA~yv%v#Ggkq?N!_*|;8$ZdOKvj5WkevGuY6ibZ1 zHe!D17R#F&J4R?9wtP;=q3nMxPu>q7GBR;9s(QKq+^f0ntTAS>NTe(%l)dStZa zA>u|Sr^>+LLyV*qsgdZVmd@X6M*u4W)=RUi#EK#hrsSa>$hDKi9``b4k7S{sf(sEW zCE}0NnIdgLD#thz4!Ffa}L(x$fg&~Kh%9hOTVeXW)+p1+s6Lnx7@O$uo&2fwv0W_#@HWSDaYq-nPxeXkpGt6Nnw zn7>C-AZ*P8jJ!i6yA?-t8m_Svs&dDG8ta?g>e+J_{GfECs#2Nl{Ebsb_+Pj72Dio) zSq%<=Xr?DKyM1|U)~f|+Q2epaEWX{J3A2^Sy1^(RpG(wW5DMk3;lFVqLAL>gLKVRO zi(m3|<3xqbVsS(O!Y;8fCVACU=?gGp;MM^B%ttQtp?G+Jeky=i@{&`PfCh?T14>gU zt5&g^sfLQ$K1D=@1?B%{Y zd|OQgan?mvf^rmnCIb`eg~Zj0w3~sxpUz@2^lmuAm#{nO>->}JpY&%dNoS*#z|aGO zUQoV3^YwO_qPzF%3|uzf$8UPe)?IbkvC^F_b|Fb{*;FN1aID51QJP#DVBxi2P;*M` zE9ef;SmtoMc;|1uzF)43h%Atxloa~{B*lWn5%oVwJ^iCoh>n3lt8)(3?-?Kk!!Pq> zF+Z!)egDI=>6YFoe(&=D2%a&K)SM$gF$~HS$4md-^`{SoWQJL@_(w^{+93)OPT=&o8o)|9kCtOKl>yIgCMXG!k+IimFHvd8?Ti~$r{WlR%kuGS`- zZ;gkB-A|4@nd`N820e^-X$GQXTTax5?CT9iJUR%_!tn;*8B6bjSXmd+eR>CRcYnp( z;iX&y$9~lI(m*t*bS;4(!E=ZZFNkq93V<|aZEbB4ww{~u-?(>}eqH(bLXo+1@G

mX#CD%Qt3Mx$kyUfVXk(uwNEf6M={|;Q*jgf+%l`MxgGw8IagD z^MtfYOitda6)^2<6d5+*CLhfSpJ+fe?_|22uAnDUXhzo7tw%0d`9$toLzb79t>1*# zdXQcORPAaEG8pubIy4+);0617+yI0I2U+QH?HkNBTS~kD4`|hzIOyLfE3dJhFJMkra5wL5{WTk}+=SxEjLi=L~&+;+L zBYFHqgI$Yj{9651g7b!{{JaVG+6akX;HkFC%lExDyXz=!U?r5mWe+E#a^*CE$ z*7gAL9u25}$sP#zSnVDwc_}42kOQI}t7Ao~f#Tl3+}Gg4O?bM$xtT22VuiP0NRkHMs#}a6x+k^W=4d1Zl(3i_rpSpK+bI= zw)1HQlxApmqEAS`s(SX*t}Ws%a`8Oh4F!{X2_M|$a6?YW2Tl-^(rL-N8Sczpd;RYg zV&q?rn@lF|R?i7i3m-Awn*{xkedtjGdR`t5CzT*)o9`8V{^SVYpiTsGcf9wz0)%>D znz-cCpaR;4ZvFy2?UFMlEkPD;8G0mdGI~CQPZQX+&m8|@%}OFr(Bwj1-Xq6vofFVe zvf&pVtD5A!1uO{R+%i#Ot_%@IwgNI%B_MwuVluoN$7xwMVscmb^VOY0v)>JO8a+zZ zW`J?rp@8I_MxMJ*)q5*3Tli9j+Fa?t=l}xJcrIJ$DhILNeZ-?^cZpfgP;-dlB)~u1 z6#)=xTD^nr=-FxoiHuyYjqqfKZ1Gmu6zow)x$KBp?U7DSvi!Vy3%&CDi;bTX)K;Yr zvgJK;s)5Y6tsMKnQlS<)gUYl0Ev=@Rr&~{>e%VkfZ+Cshg3m0u`;3Mm8Tx&^wsXNE z_O2cnGWRBwzJ6EUIkR*E#3siLc6ClZEsB5|VWKoxI>Z%h6_WV;d3UsoN=L*r z1bYpxwgLuO4g7JS+)lv&?TGPMT_EdRr}4nO?r4WT)-CDoN;au%>(wI${c!UQOhba# zCY25uqL(d)Wf7LQLgG#B5hTtvn~K5mWHi8W^!)+xdT%E-vX6a-Rld~_hPm~`qz~a& zQL$^;e0MZL%QiTy*7LQZNgbE3m+e{+d4NO>5wQOsg zs&Z=mR5@XM;K|EXPPQr7cH7!Yw*1txS=v1ZeNO`WSVh@r6>Ez` zpE+9lanu=RDovfOjN0fq2)A7w+JDac)F2?Th(MnjLpnx)SYcg$Z^L{Fj+X8_>K)FmdB=>f z0qweHXN?bD1%81RWke&>YhhErE6!uL+$wtMj)$bQdQu_ZJ*y7pAf;ezf8_4WlV5$p z!ie*g*MXi}!^dVTle4>t?i1;7rYWU{Fp@Y1*c<^)AJ>S~q*IlSYi`h)nc{3FtxsGX zw7cyx-Vsqv{z`pOg)Bi;Zw#3Yx}eQ}1IU1S1mG3zuo7lqa%}FyR*d0p4JFI`L77I6 zQ~eaPpUTii>ocghl-^|7H5ORPEnZxWYe84awrCRq-OZn@cX`^>=R8vu)I{47F)x&l zJVr>a*dD}r^J9}y%d{WK5bROs9szAa!M!4~BpQLY)~1LLF%I$~v2@MD_>0u_t;f)L zoX4^#%p&KNZ_?AFN;K03z5Cz-8T=BAn~>}w=|nJ8wW=V{y% z+HI0i=Tq;C5z=uUGM1e&L~CERG!@%=X?-bwVmtpySh=j@Ism6;M~VTC_I~gIX!+90stZ#JD@%*$UDV zZ9><=q_Xr*m}I3g%D6`JkrWV`Qpc+v zBC|WqS>;qLJJvxy#4|(F`H%>2b9L!Yf8tq<%IB2&my(F4)3NlJ&h_BG z&e$lBQSVS#Xc!}GMRCN9Sz|#%tU*N&mW>FX?NXZq#x+! zjQf|u#W93&NV@*8f)fY+P4|Nl3c3EyY4R}h zY+O=8^#SWm^|zFB_SU_W#TOQxyf|HQ?-_XrhE`lyqMJJEiM8B|4lDByKT4KvGNi+H zsG)vA+ONbLYv))Nb;gxx%4jDVk9R=r*aqM8a)?*ib=HDq~at?m+Gy;w4$ zh?uMOH^)rtZXteYfjQVcarovnGoy!8nEEdJV)3(r&_($b+cJ5l1uJBp&zN?8@Nr6^ zr%;Quh%4wuznnO$lljCn;ho8R|xj6<@ z3kse(bG3f(powVTYc}iM+E37Ges`hi8FKCS*XvK{^;+%2rcF*(5E&ZT6)iosGwcnl z&F&^qof?=3V2EL3NNL*|De3tmSRz!|Q#E zUBIFbVh>`@(0b(VKFlpZw0$d7DMJbmoE!rls^-;Z=@ma9aMH0j#6bg6hrJKwf20oaNm*%`v)ySZzxVE$%hvW#s(y^qBv*oeQZ~1({sXOh2?UB4BxA{kX40G+TVG{g^cr( zfJZ(;mTolJFUSM`m*jftnX_;|7GjIcNYcQs*y2l`=#sGLDdwvv` zU&D{cggr;upWuujs38?|cL6aecL5DUf@-AhB^h>WFZCJiOELk@E^ub($ZpR&Z!fD2 zsw8F8R|=Vod{Ql9Bi~;J0Ud2zMo}mI|n}=lObGMa7PB#t3a$Hp5I;57?82o z0K^63(*%JWNP5V^?qT zb8(2jns>QoTI^i zS1rlM&Yosfwg=n^6w#pOGEW;Yu&39SD_>Nv51uu21Vx(BGGua9pyFEE_sy|0C^L+L z1!q7}IzdH?>B;&cqLhs#}s-xmTzly(%mIY zRb^@o1hYo@f>)ad7dRhcssV{Z+|oSgg|^9X*tLzGQ0A-#Nf<6<`-E6xpk8?^XN(pl zgKD2`j`WhCRsj$aSy3I4n|Q~ff_9|10&*HQ9sIj9kTC0$y#SxwB;A5eMdTXauSpq~ zGz`ZL@(8E3GEzJBq3YR2<9&}B%2Xn{-m;eM6D_aAqaq?X6N;e$Z7ttFK-q9n#lZOF zO~%-rI3!{Pev{N;r3LhDcf%CNK?Sg^%N9U+3tf}kXQ;z+dfW+!XOjMCq&t~)YfBvS z6cS&T#*1-~c;Vc2?;@vi00B<_V%eh*-V9LDY+_o)j#yE;9uvmoqk9msI4IBwo0Z}1 zL;`*#GL1YQ1a8~oi8DB12$^` zpJ{-x>nL51<>INS@?beU7Ia7@c6-^=Ko$Qv&fO#npu$RG16S zCdESPv=y^)mT^n;N75=rxj+G_>#&{l@y9D8tF63)1=>MSGoIx68NuCAWk_pv_VC@L zeEtCX;=ZkDelSVN<<&-qU-$1d@hkI=BC+?L9u*R__Ir#gsg7<2De2x&=H<2e=-yMQ z%v(VZG;pHnvWM;EtNfTNgmviJH`v>qM<2Iv22J07BeNG?D+u&gWQmmSMw!3IG{TRO zDQ<6}HRx2U-H5!SEzPMZnye`q>j2-s%@S`Cq~}`={6NX21~$yS4j`DEAv^&R9OdV; zdX`7B9wh<=aM`^m7RCYboNJadhQ4t0$Jtx5Sv*>;7UP(-#b@NMHD2c~6`EQZsNE^e z$l;O8=4zAIL~DSOE?Up$tXdL3A}gHjkF&elrRFpu?lKOHftt}C8S|5!^12$vk7Ub@ zpjKTQ7bq*496ZhVO!Fp}k;*PdG4p7`$L(q8uNegWI5c*UI4h6q{=jEle)1R`*3vVj z2jO8;P67@Zmqg1}y7}0HB=gPvhk<+^PxFyQg1^2pF(o35g&Kfi zVe_P&{Sn&-qGz!|3xEfCP{E#&4lW66?PP*Z$ZT=Kb{n|31aP0qEnKWA#H6 zUs``35Ka@!l>TPwf8U`QoE%2uMiJIytJb z5D?-i$VCivpqM5+Vj9X6(#&syzrJ>VkL3;>Wl92VK_V(tg+)$8gjcS`9o1N5VBngf zE>RK;d2eVR$4r?mG@B$g&qtg|7FSM?bD{*C3^O(G4{m= z(I`yW@c|f0{NmMbFI&3g^*UO-$hNJGvUUf_8QGTZ`w2YJ~Z|Kejq(GP)4KZ1Xg4 z)cNGmOa+mi2F63=kJyRjvCrW%x7xZ{nv+k*AJQgtcQh)HA48YU{4)VQl30#hDY;YA z@w;PHr0yR_;EUsRqKLA#m%Ea>RzHpb7Ga-(a;v*b?jNRWLIre_Jf_lTDMmZ_jz8_M z^k#myzaWOL&-a;nDmM!{FljnHPU1E~o=q?$XisB*nfm@W=q5y;gtO+VENdHQtE_5! zW~=hPA4KYKv_u?QcCtH+k>NRaqBmyVBEApP25Xw%sEzzZ(#O3ji}l_AQ0z#|Zu%FyCG9CQcXfo1>Vq6+G}JJ|f-nMKKf_uqh;xI@6$VUjDmy z|I-%l=1Q~HnKKuUB=6sY{bXDJUC94w3;92B@qFYiM1W(LHSL0_sGet82Z07H462e3DeGv zWo+h1OHVJoeWY*_A*^hlu8;fsmgyr-`N62RY8E;*XZfvbM=bu?XnoQd3ZLG6;wj{D zGWo@pxqR$IeY0sbLs*C-S!bW&#{jaiZzr@p(fod_7WP7g2CK#PyY~I-52KI+!YcjS zs}J@MrEj!GXg`Dr<1~C`}6EKE(vtW{rxSDG9Z~|Og8tlXmcjt z!UcsJ$)e*UH~!4N@?*$%pWr9!@vf%@p$+Zz0u;vyCCg)Q?c*P0rw>c-Gd_yoxKw2O z$*cNzaYXdLf@^?|`t)%Eev<~ywlt$^lp)whC~l>3KJ$ITzdt~#I3K^f6J@=Jp}|rAZ|?mMI{?gAe-(|Z~3-<$mO0f%T$nB7Id_0sx%-!tGx@`2p_d{KSh{{_S1^&9{I diff --git a/docs/files/pxe_opnsense_services_nginx_http_server.png b/docs/files/pxe_opnsense_services_nginx_http_server.png deleted file mode 100644 index d3bd96154edc868ab841ae63f88b4976fb1ded78..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 50422 zcmeFZbyQSs8$JpMA|RlINC+562`Ca0Lx_N&bhjYg9YYB!h$tW_-5o>sfCxxQcXtgP zL&xtKzwg!eQ-6P-v(`DTg$y&Z_kN!J#C_e@b=})fR$3e%mjV|J4Gmx7=@WT0G)yQO z8V1Fsi{Krd6(&;f27!r)h^(22xQLaxm92uc?n?u414{#2lb7=1kI~Q`ef+4TWlW_+ zA`o3s#C)gYbzfRqFu@sTXtB9`_nVQWGlL?Fv3nur#lk@?tK+dIcOTB4q?j-YkO*I? z%a{t8I@hS9ziFDi=FgH;ESrS+n&F`9NIbEJ3}>a{VNq2`xf#4|>~JAw!((y6ZhZnT zsQjKr_yirsJ&HV*`QDkLriF$EUi&)tE`0Yc7UqC3rm(x{l(S!JN7goIzfBD8mF=G! zt>npyqrV$}JCyUN_1265+8JqMq1G!*;p1kULA?W<20rr`+8Lty5;T?TafF+Nospl| z-|2|nW61h&)-d`Gd-3+3IwrQ==4b#vXGSjLtv1mXuIwo3+r9AD$DXC4<7N$`uVn&@ z?z@vrUMSy-V6qLL_Pr9XG&g4d4#sLy)Oh9Gpuz-a>o%HJRrOn2+%18ImrAbHR7>`m zS=`-UnA7_rjjl|-c6O-aZ~eCZU=2^rgv>0 zRgAfsw%;9;FI+Rka9?LJGT|NU;z>1pFMMy^e|Gz-a=Ji+N@iTd<5L}$GLmm}5FhQB z%l6Ip9Zrx(jw-Q{mu7-_$nYpW(6K3(Y&~xFR4JiPxuR2Q?-@8V)+{v|(uy8m8&5GW z8$uJZrYX=s`uSsvP~97sRnq$}h@S+}5}LSayhu*RrC2gfTuL=gJm{ZVo&3spc!pM{ zXnNMXvebS5aoYLq&91Dk8^%hvt1o-F7-u_l;TT%q?t37?CK3Glfa+Gr+bpx>5{=k~AmUvd)uc4nmid8)XxQ8J$U%24M}r&(** zprtmiyQPYMm6&pT)qvfy{T(9;Qx^N?k-k{l&hxK2i-Y+(i`?p$&#*l%c&>~pmvOFe zd{@SGue8!=5Z{4F>kFi^D4FXPB`2wIDj#9cw4u3II9FXVx~Oq7x8EWdY}T?LOmo+B zc4AIoy2CEsHr{6PRkPL`Vb30gZ^8{ z*ZQye&t#TJecs^cvOyiWvxz^FX;ocp%D2+bcF%c5mT9+YnNu_{EvP6Kev#fSZFb|~ z1!>FKH@77O$#1>2sDi#(L#8=;JcEqDyuR6One$`mx#_rZ2#^SVwSG-L>0cway47d9 zT-Zi1^T8yxxFibkzP@E{Ru31(&UEea{FelVmCB_ms_ry`k_h8@w0u|gM_;WZ&Q8fj zT~ZC~;x9frq37FIFXbVe%DK>WY~056%4in8ftDkX=Da8GOy8h4iSelab$y+R3`J)) z%?eV(*^+JoZO9F-eSUljb>F$rH;GoBaDL&O&Ka-qI-{?S<0ORko;Pi6SjZh^ z7OSh1;3PscnuFhv7~nAu2fI&-IDU#}dHeXPghU}}rXq>t@cRRk0;OWLk>knE>F?(i zc1G*5k$n3TMwS~p$5K1ri((e}VT+Yc3w(=iG6Pyp<0Xv@muO$1Vf^+VIh!ogEbJAY z5E?q>mEZoe#=wLg2>QBjcXkKwdwzn%T|8b1aDXC5AI-Q#8zhXeyVQ~pEvj(!k1KjrW7_U6WolN~Y9ANk|JhI>+6Hhi&Q^P($zQI_ z4!RNCt*7&6Tft$N(8q3e#uUHb7SNs#ppW{+Lu7wm?ot8x=*lEjl+U02xN}=5fu5XY zPxR0G`S>3AsDaxz?dG4u&~oX@l7yJQ`(OHg1us-?H2k!5#N)`N!lLDj2J6oj3DLTE z-D@krghkxF^S3(#Vq-P3l z^(Efzx5@2fUmN`8?!U&mw5z|_p1k~*L6dzYB=i4-Y8{p zb>zxcZG#l&I9O`z35188o)>U`c0adV*9dZdzI&FXu_!B)nbG!v{Gs{rT3K0g0B=@? zOzhRgQC;5~F`WzT(GQd0TNEzmr~6eaZ(n6AsHuQ{xYg*a|ta#X@-RS_Z*k0mIva>deTm zIK#s6A6;lx_B#bsGF3V|CInsIUH|Laix4vPqHfPiZDCW= zKi9jFdCCK-eO;{rtoFQ(Nu}>+~nFltlz9lq%pOwy{gH_G0(ARce z!TUHmn3GJdrL~p%p_m`Dth}3Kt3v}^&iuEXa>x`@KFWdFtR?*%&7dUgEY%Q%ak6bUZ#q5H?+ z?HtFo5y#bnrjfJbjd-(30r#V!?fEvTPQLZ>mw9U&HOF}$sUaf)f@jWr3!h((?M-@~ zkH>kQxkPiCg}a{}F0yWIpkq_L;GT3VvZz`syj7 zHx&v^)HqFg8d$4V*+*XnLfn*i;?DPL&xdaZ^6Nb`>L|9IZym0~rZFGXwEL(beaBO7 zGpf{lSWiaaFa>_PH@X*pe$q5jW@WV)?^#nd5XP)B^01TtC9L+WlCf^*syLM{_k?qD z7$fm<({8_t4kx7MU~TT5#Q~Q*_?~(;h+VsR)ndPG!wITbdY;}L=@M#!9X759jD0)9 zkOjjV*=Ou(%$^@BAW#GS^HsY=(j__Tbd560Qs*r_W{uLE{%n;_lA(j$UKxwkp#m<8 z5e~Di1mOULRqd%`6}Z6`3VWAz`m>bmj+w9LAFo#}4#}{2oFY}oKFG>Gsr$6F{pAAT zP=g<_7Mk$rMSO}mZ&I^?oB~`@rgGX~3~U;=O)vOP2j5<|IL-Ve{pXSFjd31FCfvP) zxn&ckI}7c0=x@Po7#^#zv-tW3hs*QKO+{sM40n@(A!)7|S7?csgu`XMVo`Id1v}RM zM9nDHfLS>w-v^(vQYge*w%(V}$%_>$!&_9C3`@lAI9ml~8I>xDyc<_~AmdCEVLZU0KL_P|K;kz-sgDdb;5( zlU8Lhr)ghviPDO;$Dx7K`8F??Dq-92@rdNDkf})7`y>O#I1!p^(k0oAm`RW0_L`IJ zXBw6EnX!%|CamR&aqM+Tadb}O4iRB&Iuq_o=ZA~&YfUts_UPA<8Gfv|w=x-;uW0qz z86o;ISj&I=9N zGzqU`<&qf7-@mO&^0Z>+J@Xh7mS}M;#uI3a(}c@Fsf9+F6y%d44B8I{;mao|(rvqi zzGHR9pA8^@0nx1RXm5VRjTG8ogwmA3^w+nnLBXpZGzv$ZCf(PLH)^?g2&o=*Va=W$ zPo76XA2Fh(3k6Q5#qqn~>)xXJ-}9B3QW$zkhxTyM^?rSW5CATNo}fIvyX}c}u3fwt=g=LHJhlU*o-Z(W&+H z=%kOe4_?7h$W~_IR?If)jB{K{^sP*Euox+}fdq0COQV-gap9-$h{C<>r6{)3Cd53h zN3R!*WV>e2et;SuCJA*D%kWP_rI$ZL_Q!fH4`XKfI}Bn( zV`4Q2(@{_!61UoZV`4n_*<5^{R#hbxJ1!cgKVk5JwqTt_ok6S$+*6UG;hwS_AsH5% zcOxM&?nSZ_PUELx+go!=p@L6E(nzeqG=GxmhU{1QB!w%R$v`8+``(tCv7G20u2^OU zwqmtKtIS;6TuX>1ESca2?`I6@ZqYh&Fs@sokT{O9Y^^HCPhTP@uWhL9i^3xac$a7g zMVO(r7YO;gum-)gyN@?1euFGtN!J)cdT^Z1=+7kv#v&|sZgSH>b_T+cp6Z#M;*|X(-6-&qEhHj`-)#yv!1vaaDbhOlVQL8h0!POC)0z^2osfM^?zUhe zcII;8d#yal!K>&rNf!J0v=flsiK!34a_IF!`T**cr7|9zRERV0PT z-J;teTP4J>P+o5H?onbwtDN`^0~Ym@UX5p7% z#)8$Yzji_I3;-y3x`hV?%4d6{f{;8#mEtgM=E$OIgu$Xz((ica$~CV(=&pWPX*<1u zSt_;zZrgS)OHxo%NY`)mp$Tn6zEYfr;u zRs8~8_t)2KyXX2D1p6xq2j)twcDd*{mDjH$5#2nbOWm@}xrEoGX!26Nu~lz+$AYc$ zla%D8n1Gp`_PN2LCoVQ5-{qzryO<{VN{E(;)+cfFNx=h2IOJp!?vqSbHShDkw+tZ? zWgaeG&n1*SJmE!jhZ=7|eC%rgXt>>7KScQZ9MvOznkya{rTLO=w2!NbTV_vlF;#oX zP|ZqPpF)omW*oiOT@$X<$`yO`*fB5;GPAahc)uF&PT-WcYPX=mp;d-KQm0?N6|mKt z!%e*KEw0dD&sosl4%pNB!A#^VSv*E^VSp0%jnkpOCZkwuD_ z`W|kpF&FcVu+w5eNvY|TMi~smiSWgU-hw=cD*#={Gr9FF6JC7%K2k1 zi?NOe)4ro9aN3%ld?L`gn4GBEO|$;G$>i|+!%q7mzH#T-kE{_=yXMLW(xjWRl4IG+ zJ)FogpKB(itaN-G%r3UO728mEfO;zUpGXRgXDKl|v9^Cr9gM0u-EL!Zg2Zt29|L4- zi0jB;vI{P_NW@~c6a{_ENSmsb!U3;nO^whteSHzX5S1?&e(ynMM))HXy1UILvElkGQ){^+`&k+G_C~F$UUUP< zy}n)~bF{j@-|2q5$GMh0?IO8;j}IS5VS{nJ{;pJ1`AruO&p((521_q*EU4Q`(S--m zoza%1Q){a{ZAR(?!7?l>O{;4D137!HclI>@o0S{mI{e7U4(B)hvRuBrLT9B9@EJ2! zx5m0lz%zFRm7^e+dz;*a2&t1^y-K^PVnv0&)}0Jsx}{;3*9Gi_C}C#jRX_T;C1?}F z&BC$q|y&rUey1&j?Je+2;Z-J5^QH3|z|Uz;E99n+QS&Br?;!^lR?a?c_iGF3Ig zd_uCZeV{!IK_SMsbm>-Jnhf$ZNtl>b@M#l$q zTwMz0Nio-d+hEZ#OL@KWF`>BOA6&AlEHv-`@2OB>^olk*24ot}U3~eEW3N1w1Z0!E z=IUQ)$u}zCBj*i#7LngFH}GdL5p7op2^rsC=$>g(+AiV=SCO{gF_{pWR|@8(-8+qq z9lviKfFpGVgxH(?i7xivx7sU0w2Ywr5;g^Y;oAN`+qHz})*JI}5u-_>{@&TDzvtGd z0c#e2fkbdx27(-DI7=yed$?+ot2a4)(>#;>&uPFQ??nZHGAU-fP|8wd?73+Dw_)hT zYK>r9WK9HFv2u;upy#7arI57nYbL8ZgLu$%_qtnFLTU2~q|_ zM*cE&^oVJ}{NMe{{J-)P2F|z(m8bl3>dTq~mizt3IO4xd)MYSHL$qZ~|1!PbOM$6h z&~2ypm&pjnFzC^^QSu)mTech{In7hIw?B1pdP~NQpEo$+2~H@ZRx6?} zM=zJMzl0TgO(7|-UFWhFHCx?}=`56i<#Fa-f~17>pY88hC0f#d{MDXIuvawU1V>x!ck?7enR4N>!S)pNZd(pC6@x^zI?b%vbBs2Ou9;+2otvIZHJ z3w7^x#u+@-6BgN! zm^cw8B$Hu9_^*5TlO`l0dwOh7S9^X|g-^-#UEpL>M5EaF)9Jx%U>;|QX@6m*!^(&k zHnlO}0*kF)_Q&3B{ablH`C1q^9IsoXsYIdpPeAw;wPaiEDF|-4FGXe z1PC3*g$HfnEJe$`>Efjhh`tt<>|8*5K=s{|@WPms3hN04$I_lh>M<*yJiPEcsmZh! z5D){c;VdfzINBol0iZ*p9ef+BP~Ou;!E+o-Nn;*WD{Zd2RuCKw2qC*c8mTv(0P#}G z3CO$hXMQ>al~`=03H!HI$^K-YN`<^IAcz)Xw&oDydQyA28?I|5DqkV4tks*3HHr*B z@--^RKulu!ocvrWE9@540e%=Sl~0w7B-}M0D}PWZu;68*3|QT+dFo2Qxtn*y@Yw9V zuRW^TsPW&m#?=%XQNiNhoX3_;>u@L3A_MVlS+(H!QIW=;3mCyDFr>MW9@q+_WBfLNSW$d z=;O`duKT4Ruc@2>sHlXg>u|z(7T*C-O0BX%K__{E0-)b0G8F~CNg`2!|nN4cj1+-rt_1XPLBt-D6LQYbQPFK-f~Ngr&F;&eE4^&ZUwGnYGbE!wK)0e&tNurqipUBvuW zx7tvGiBg8_&Go#@i?;{zw9IgMQ`P%c!~!i!hwt_?joB=h)8LLU1}X~Y(T|8YAZj7F zKewF!k`r5)@)VVvKr-m{?Q$07dD8cg?qJhJbmm4fGU}t*QdgqOT4BGr!mWj(4qj$k zc;+1Dd#adD?=-j-SeA2%FC_9AzHEZqQKcwr+5{q|Aomc_iuwkSlG*J(ZG zwr4j>*%(pgKFC-0tHk1v4{aMsRmw5DKv*vU6Q?2}!sDA>*wx!&PY@{KVvH4V%w-DF zJdN`h@;4ASQWJD}pWWIQv6Phd*zFb{1**XewWPUwwC|e zuMgx#JFE_Mdmn~?JmyM)tQE%}eP%>1$rX-QOQI-ti+~c=LFr*;#eIVat!rkz%4MvN zqE&Zg3+(lBwBaKHX9u%S!!%0G{qC6wi}Y)|%!g5}geFT6&R^w4_9ge#+;Ms`XofpK1sm&Jjnz3<3B5 zX|^Q6E)L|UT+W*>$f#Nh3eecLD`{Fq?EwKFMJRCCYkWP9+N$O-4RSDbp@PU4dySJH zCj9y$YsTz_%=y-^hxmuRTiv3A8~%o>$-h%ELGlSk-ASTv@2Y%uAX87q%bWpwAg}xm zwd?9tHP%)vEL*oAabaxaEt84ricI?VJ{yd(iEp}@qIjgd;#_tXA_=c$?stOSVzHF@ z-E`Xwoj;&KsMB;`FiB$OX09m3ccjM&Km`t_UTaO&(~!9h=ZB5=z$HkLQ+z z2T{9i))ilb&Wsb52tzDS9I*^TyVUF2!L~fwllpAjLCaa!YSdwHd`4R991!LsW-#~y zw9VvTIIn6Q;q$=sy^|H?$;L}SeHG{A+!H6d{21%w??`c|5>p;`H-lbWd%l$!X5ag6 zf4P?)Hm+yc23ucx%~~VK%HxSDd z1EQaQ`v|1CWq>0e1`^Wr0Atgq)&Rcs>*RX7KyWG76tNVUiqFogW+IxC3rqxh*TX`k z!;sM15|CF%$dyH(cVUbn$Kp!p*D8$5b-*U4`DzYy!xsKZahOcUZ5l%i%s2nOSj1!P zeUbVS0D1Hp-*ef{JtbS}t_ZD?sL$^ckywN8_B@jkDbmvl9Lc^#h;O&kQd=Sok0#;Z z1v3%Z6DARIS8ce^;4e~t{#blm@2hQ8=v9};*}dZm6>Ojzp8Z;U{yp;ia`Z^Gi$9A- z>Gzr=1apL&8jru?uGe|>P6u=N-DB$8ycLGM^7&t}8G#g|-$Z5iyl3rby=r4DpXEkI z97EXz)GUCvI1gMrEl~pZ#6-0Zd>HqV2A-i)TSM8C5+}wa>6U}$=kw_>DN(!SA~YCI z1H%4xdXZfR4?WRbwe;-sKT0yT+ z5H%r*iF|M66rI>b>(yu4%~R9@Is8?I+CabzOWv2xhf`ckp=JiB60vsp#KJ65gh5a7 zo)cgzK0x!YdgHNL*O#0G<>*uH05M0LKu()tlJagLyQ{F*jri9KAbl zoD|?9P{3&gNHZP5EG=V%?cSvPzT2dtWLj+#t{WC-l}IYKuH?D?KbSOm(x;4F$&nv% znY)rJLl^ni(czA+5iP6b*5>x(&^CMdyP zmtP5Fd?mPoh9Y?0f1Au?0j63{_!=JUJ-87#|9d6~fMcj+DiM+wr{j!ROB}F_EXubG zb9+mjMHQT~EhU|?I6fYV5JKjlTL)+#g6YnI4Ess!SifDp0E*0NhSnxj^Vhh6IFqI+ znZ-O&zd`xU2*1B4pH+wBhP%C7Tn2z>V#@Tr$BeeJdynm{Zek4ss3d!Ufjh$_QB#xg zw3Ok1^80Mq(w3w;EH0#l1Yb$%zV_nt(iGbo{m#0xU&AH(W2B@M0Ny`yv<7BA@v9ZFANXcJPaiI7WptPpD(99f+^DE6f$oIR`aox#yib zLdpBR9|l6Un{Qi6?oYinZjO!@&Xo*fVoh|gc1>z)-66ggLN9|`qYrLX4@1JuEL>AF z)!g8-6{onf7T3gXul(LLcld6sIDLAYb z0q8qj1t_s&=Mi1bU<4a3?+SlZg{*~=M@h9uU>dZBpR!);CusB1BYSGH6t12-%^0Pu zZY7yaJOLyGE1UGNrnh_4;Cxx+iq`66x%E8G`_~p4yQ}NE4O&jOLN_qiM`h z!)S}bbgFaMv!q-?1)#?!EsxFtPHqGhRMKqX*$v)*y#C;;`xl&J*>nJ+MsW`ZKapeg<8F+wWLQ&Eyk~~ zxL1*1-ZOTVNfH&N#$T4#3f;wJa844>A)>M*F{>Idc{Gq7?}6Yld-UZa_r!I(!KG>E z*2Z1nj;L_&?-hr5?{<}a2Z5FfYD_s8BHm=G+VDN{;ds5p<&)%z`;tdg3rU1tfsnn= z(T>`a+iaTUU37T?mPLkgd~3zMNhgTzd&eLx{Rfg@0(>zk*xIp0*_l9x!suw>N zFa~JsA3qgdNEGo^2Z`JG8E(L3a`uM2nj_Qb2QPivl*mq9@Y#zL3vmwV{MDLVwu-N@$T*gZ}Kc5x12RqMP?)L7OY2h-SOefZQF356b= z2(`mrw{7U@*+7n;WWqVPzoU(0I#m4MBN0YyR8C96n{64S8pkfj!?3N!m0s2!G_QiirWb6yN5 zt{&zyU^dBh+L*9hdSdOa8o}viHnM9nkR}zaIk}mgK9a9nzY44xEY>@uPkKGsy0u-T zhP9_cX2f+_7;WjYI~kKlu5#A-GjuL`qo=%31FgjSmc1C{QF}lexYxb0 z0oL>QTHa()T`=O%+adoKg?dHXD`%COSfl3D!!K9$FdezxKd#PY6(w)hUo{0#k#)VB zn?SHL>2kC*owl+xwU1e&0`4T#{ZUufTVQw?TCd{%Kz@Q#sxA?}*dDzIEmwqTkK?<) z8w`0W_z?IyDk#s20fjDRdw{vp7HZ&5+gq|E^4Z4%)9za83I)JAgvY@Bpt<>+W{KpU zKlS6_JUcl;4Bab_wgPnX$U|t3=vC!oEadaW4_!%C2f7$_c8}%iGf3X`Z^D+)4r40p za!f+fShuQu3=XR`2>CZ(txRX!%tuI(X!Y%EftYJ6qVXEeK{_>V6z{HCQ>@DKde`-- zNJr9WB;qh>w9)LJJuKnQrQ(ViT_7 zfaKL-V?rx?yf6-|HC4zw6Gc>}P+&0Yit0I*-*)0!`D}n?I15%JP{+b&Rk5IoZbB_q zeHBWHw7!w5XnvZt z4J8v7b#a^_wNS`k0I5#E>P)&wAOY3k4g2TIJ*gJGX;Q3CQG~n3uIbXTWBM0c(f5EF z_Zcd4G()@|?=Ya|5$4L;d}yoKfcNY2vbb~4KM=Lv?P2)Od+)_xY|S*LJ!zG+&!PSZ z$Pk+fs5W#t^=TgUBs+}|4)Drzov*qU9VG+}uxVBHSp;x@SKx6DEqmU$AMC(Zc@Ry)Es*V3OLnOv~m0cCu~_Vb}#`GvxBxrw5J zmrYUI$2qD6Uy*73&%;|u2a-hb0J}42OJ~K_e0bvG@{3o#1Ve*Bzq(o(lcQ2_p$B-Y zfX8#}lM}Ddd`ZfrXf2W#`dYjZ5t%j?l)>W{`*yYbG@rSNk7^-lt;th^hPX|sg&*|zd-)fDv<3df zjYbF{xID-s8K2dsxS8~4h2d3Z?6pRvp0K_<99j~vvoin`hs zLH^KCwbtWwtPL0yJ7JEUt&w&Ba#zi>YE=%=c%EDxKI;-890p#-7Y41N1$Lbf?m}%m zuq!yi0LvVk+!QdmoEB|qixWvovJL-O%+kMe2>thBD-(*e<_`SN=+nyDW8iv&ouD4& zkE>j6wSps+N5MIBQTgl`AMTJb!ghWMH0c8vW>)c8R`{-bG>1tr{OoAOGHVBL*Oe!{ zD5D>WC?9~kI`IL4*p@1ptTo-P`KIrXijKPhaL7gj0<7cOJ=GV$!ODS;q~I_P>d({S zYqE)&(cgs&;@Q8wQA$nB0SuU$rH&-)<358TP$Jf`GzI%j_}h%g~h(JT0c2ARW_bqgYSn z8V4;)bK~b-h%(D70GUB0Z6Km&Rf9gp`tfceE4h8)Vw(~U^Djl=F{4mmob1Fkinl1} zBpZW)auTdWCNp*}cE(%Po^1QC$R%rXQ{aZF$mNT}jeRbY&p^?Z9RSGFx_=ioOR|a* z&{sYsF9HrlquvL9hqnQF57C<*X!1E6ik6uRtg0n|Q5ywYZ}4IPSPGrE!|#5fdOPt2R?pokF-N8?QH??+<)c?n3WA=U9OVw zGR3V8&e@GvH4RW9GjN(z0>1G@nXzj=!9C|py5GDmIMuQH_HB#S#mTFi!%Ut;%@Xlr z-TtU}k-d%~S)CKZPm!n81KoCJ!+>ae{{W0$AFg!K%mp8b^W3&X`}j*yyi|h51AXl7 zYD|T?F+bPjk5@tEAVf6e4iW!aEC0L#hk3=xPEu3&{_i2EHpR> zp~$H`l=hOVT5zlU{V!1Y^KdjTH%y?%Eba}J+av>*J6Aj$&*~urirX0;^_Mo@B5m$Y zP6twma+&4$EekaIKjct!Om?jV`PBF8L_nG}LWQZ)wnXv&yS|SJ?OBodU6KNKK&Sxc z$`T_NRQgw@_jBM9^!rQWcLBhYfYJZgP4M$f#AG{$LW%)e{fXJhR$ztJ$f5{bx8vKqsWgC_+I-9whKjHp2_&= zn$huEg?|`ZTYN!MEpg0G1m3LaRYJ)%^4$e*tzzq;1z7s){taFcu`v~7B+2u0OMYHo znNai3%NobHJiNw1E@*M4*dGh&kRbkdYrup`_KeS|qmCzH zO0XF+9Y4PQ@Be6RyozO1wgKHRJXQDF0+djcT2DXLDAe~elL8v8MTC}P0T5$` zI(QbTvXyhyXL9xbvMRx{!s@xUq*m=*Fz&X~4($Kej{%8q7kdD}H5UY+DvPR>ysFhV z#M1ewdL(d}5HlU+pWDR0wtzcqLE%Dy-rVC=PGz8~b!#cM!{a%{uJ zL`mYTOFKYOQ9IsSv!iPA|9%yqRyf{}J4iMMK+!JBeZZc+RZQ}0<^Oo)MRZqoN~ja` z$QV@*V=+<9L)QKZ{eo@Iju&;Ud>svPRgMs7NtLazj(ry(1eWU7Uo4wMc{f12?Y_SR zfZ7yS=m3ahWMvtpK(opAaQNB@)_o~Jqa&ctRv>$H{n~VR0}zA825sREY_A8W%2r%J z*&a8(UA9toxCNkw>ZBe-IIzq%1(pHUdgSDA#{%#~#o+!9gQ74iK+Gw8e>szTxs;J@ zaBAze*oS<;!Vcy}aalx_SdNcGaa&Q3r8cl(k9(6vufi`=x3T}ekTWllFmxry@o#za z`*DeR;r17F3LFmsIxDtI7vj2C4D9w*?tt!b;hPUt(4*c5eoM8%JgqxQyLEc%N24tpRdy~b{ec|5MLTwiJU5?6re z5DiAS(v1`C9;-20MDzfaDSv7Mf`y~L3-J1Ung`X8YJgh11v~XNEs29i?;k*T?qQj-jg%GaM=#-B~f zA_J;`Je>>FhIL+h7Hlf(SBz8XUu1HKiuVU|;tVKy(pThefF{@qe*sDcd+--chZ{Bx zSFid5NA|a@IER1jzo>~#&JZN85(sL*7F;rqUXg3*<@!&E!<6<*2DK?sP7G<0FK##l zq`lVnbVx9}u#q!S18(gIPE=vzAt-2O(YV#74xBo^D9xN_z{ENHhf^ZfWg(LFe)3c+ z;1NE(6hvxn)A6*QEHM!7%prY<%aq)mb z?~Y7eYgCP6Z{y;S>MOFX_0%jyYcVfYx)p+JSjoGxlwnjF!U->MMwlZHfo`)-6mWdg zy^;(upHeN}ZSd^_`6s0)-H-or0;14}EIZ1ha8I*5zbmii{t9cc7@2%y-Ec7lrzr`K zKQz|Zc?gK0GXo}{KV#5Pq@`*K>M~N`F23eRxcu;mXHM3h9hq^%Pl2oNR{a#JSe0z) z5RnbLRhIx@jL$Q?oA$@xqKMlY)bXrPl0?gmY~dh|?ns{sjO(uwM-Nq<2M2KB z`}LZeM@dORI@~%Kk&opG(mP`Lns_-<9Y9y}=7FdXpy`j1)Jm8-VSx)Z&4{+;YLRxx zaFWg0-fE&514cnRo0*wAfViwEcLHD*lz@X=6h?ODiBI|{XT6^ zCD8nygp+b~UzS9;B)xds3WDP-^${9OSK27nL3wPh^V54=7v1f-mQN2E?kC^$tYHXB zTAmIQQWx#b%4YBk+<+&WnNQZhHE2%61$6|PlN*MjQrpO|;3OpSH=M?7eC^(at%zB& zyC2R+hwfi5We=6(obRr;eGJ!!9t+dRZKuU%45?WtDu+A82L9f&AM~zk^B-w{6+LM|4YjqV?1Ixs`5mFEY%B3(x2}f1CGoPZAV$HGQ{N zF$LYozVW!lA`TM>TMMX1!g1z-GtnL$8~IpH&j1S++G_|rK6!^nU3pVt`3x>aL>%IT zehPut=b^(Oyw6<3@8NFm+QH5i^63UjDLEk#=G#NX4 zCD#mid^FOhbwQc8d%)V+TQ`pCXTsE^bgTi??B$>^xz_b-XUkX{(02!b9yInrPa7bFzOKxEUlL7zcuMw9h1onA~^^3D#xr zB0Q`>C3a(}QR=;IptVI)7reL4$r$wWF%^xN4dCk_Igss)ppSFD)fBoBr7KY%66!B@ zsKxOlGsAx*9n^iQApxyff%d@`CzC#yCOFJIS^$Ld=9{h0b^z5WrhWVtvNu%kMi2#> z{f&ale2H5$F3edCk_<#Jr{WH5g(SNL%>9pLG2h{rwf(&xN(NDBf%US0;l$q8S%l#N z7+3#^cKETn*Y(nR8IU`z$e&PNU45s@0BYC6PRgy@Y|R4Ol|vf-itvjd$I^ zI3vV%hhZvNEma+;YcD5Nv|SoejxMT|_lUQK-%*auTf%qoMSD0i$=b2VG^c#-(2a(p zOaugSopHb~%Qkr1d6JAxn`l_@)7z>0uqE;aA|8POfvxp*U%L}%_d@52jb(x;i?fkbB))4xflYkdyJN#Cj5&U)rz00h(c7t+8Y zJia@Na?5D@&W)s@y$wD>Yyr=e+Wz|Z?Ft=GN>0MfXp{H8r+UVR($c!+E$OBlH8t{i z_kF(hcd5fE9QG3ReMBtX5AEiiG*czRwnyo5fkh;u&dhI+S?VL+9>03g-No15`LP6m!VSidi3p zDDG}$J>;#h-W8}m6BmMHZA)IGdfpsuDiC9@!R!=Zi^I4yd*MC+b+L>lg=}?^2^?Bb zdz_2BK+j#+Ue3sK4qTe8-{l<&k+>Ko2C01h`Tk9IyvSe;>_EQ>ZrEU*w(y9IFcCh)v4kJ+$&h)5$_11I(*al6*r!01j#wbSxlYG_J<+EEYX{>Ln5NQh zTGeD2g$4(v%b%?3ovG3_r2!Vf4ITes|8r+-YUc!{Jk8<0Xj#wnUA`>f2~9f}*kM9F zGa~v_wxWoGM8#`e-zd57x$BXY3L#btF^eBnnPEG{{;|Sf>LfE%xr4hz;c&wK^w;|H z`c8r}jj$?N@yENa^9&Zz^LFLC9oqI@7AtsPDoWOVDYY_5@PpV!lbPLQc^ruLdG!8< zzCFb&lHYP(1fF%*5@RTgLPFsKngCIYnq%tYb3md>r;&!$F zO@K9#K9t8@T5RlGz;#`hPvylZ2nn#BZ*Syb(FeC#t>CC@O9zQ87~0~jczZ-ga9(kDwh z)hi?T5z~buMuLWc!Ue7Z& zQG&oYWo?=_Zr$7qh^u`d6j=y~2v%nbRmD%(Fm86BU)8i^3<*dQvBQ~&WH&0gz^7;yVXR;O(M)Nu+>)H@J zJww?`S3%8zV;%WvT=)HZSb`*9B7wVP-1GeO+_S6p+0llCF!gDk@P9!#E}836;Kos^ta z+7pjK@v`W_UxB}oO*TO&FbYPvi75HB8ZCDt`=xyjBH<2e0`+}pavt{#%A5J%vSbOv z7rP-{-wMK8Q61HfB!P|eIeHv;c8jXLwai-g<|`GQ8x}wZ>*(gkN<}@bWiW)kTzJwO zNa7rYl1QfV)I?2zr!(A4^q;)xS}r?mHeG8f^6@gxIskKT;SoIVS#Ogk$82)(9Yz&) z`_r;(Yosv?5b+DnUSE`%tbrZBDw2-$(cp%v4oAZ>%1(=JmaDK)x3rBinqJlQfu20ktAjZ=1CU1fuU>$+6Y{OCr+(EBjYk$x3z_eCKqR$-C z_pIm!68S5f`;FKhYeR~}>kRQFdRLgHkXJ%EEs-kSRFawxwQ7c693G;`IL%>+q&{=s zQ(p%J7J!{(l+jN)uX@5FqaI^^r5R{(ysUW-d87YuJZik{)Ps@aZVfu9teNWJH7U$+OUwB=@tb0szGu8S0V`6b*cPb@{S1}ct^i2ND{)T+j(XIE{SG{Fxyj%ik9QYC zZw!M(n~~{o2}4gwM!kGq>f?{G-c2`XT+!yT(-KD5J|*12Pz*MHz}1krDM`rwXw$mq zCGBQtr+@cMf>k7jxSjKcgJjtNE^RvLElq^Q5{xFyb1n8S84G4<6wSzGc8@=ohyIfW zy))5oM_9L@HvCcU5XzZn{O(Dg)9{KGr4i#0qn!K1R6ZUF+@7{qSz6a_Kdi-S?!}?o zye)U7?F&-r%MNw#&ld`MQWr~BZ7Dd)G*mSl2}7T4VtCja8hwMdnuUvq zZgOZNEa0@e8$e+N87N{*qXx?I8ab$dZD-W>4As#<4$|0n;Dv^CC+XBqOvCBV6AP~i z1C#HRzStaEt%9!+MlK+BKRq5K{>v*&}_=#qV=!8kqclz@Fq~Q4M1+mnuVAyJdv0uKSgOfEN!;`Cw`4& zq1x`+fR0~T`anq9QLMw#YUa9=)Mn|kuK>^OeRau@>ggs`m&v=x!A@-Ht4n|7^7!>Z z5wp>I|0(@Rdf)SLJP<2lb3U+TmydDdIo#hyfIALZ^=le{O1G6S0SaTZRIK0br3@L4 z@s#d606|M>dGPBapu8edN-ddDFNhF7p9yxz2wVx{9i?2YDv7#Y2+2X|tDgxrNY=9% zyLkB_oc@9tuH;EkiN@I#z$3~&DmG~*p6dV?HMynn(sllPVjn;}V^4oE${(M;01eZy z@HhlG0!C^-{UJ}ramRHZ_2e<`rW*={`jQUw*@y?dKNIG$tNUISfym->>&7N3F|s^X zl?_rFpEUo1M>d>8P2NjDnLe33Tl8}4MI&H*Cv|={09+7>H$cYNSo>&zz;)zX2EyAD zdt)c5rKuepn^~pxFg_@zy~YS0I-6k$1BQK%5)>qy@dlbsE_dR#@eg3!F2~>Ee!72> znxk_u^H2vG zOd&FbLOTqDa(Xiw3G#XylB|_(x_O!Y2e!ca{>oV`2Z!;z{f7IzbH@qa(e(vE_`~OJ zw6`rM1BAbsc(^e*U+x2%UO0oPpsH?Ww3b`F*Mt&IssQpi_lApBz-e68AE}tBRb_8h z2C_~|oMU`?O$X}+YTenFQca~dIbsX|HaX>fOTPZ~?k%u3l%*NNi`&QcOZARU>l8Q* z#Na7(+o}?hPtL!$5Axu%a@>F}lMMs|tO1`KMdr1Lmc8Ny1if@YnkP~X?3_CLoXF^( zTH2tn#+kwp2hQb9z|c4K3h|;ArhL2eXLS?)_fL7ne@$(ux)-H%JO$ptKL7X-e z{z%87HP8wOM+|{nhdJP5y@w4bfqdmt@mwcbHWy>H~?iwnE0g$|e6q4AD>lWJk^jCkhS3&>@rk zz3%;RFs-}^@X`A6b%dj!4kcH;pR&seWDEI`F6vKpl>lVN5DNJE&MlqVCy>}cPfw6c zNjDc9aWg6M{VUmkpjbB1y)oOp2r|0x{-kq#AW$}ob6oR)X`d0H_@}S7{Y5;U(*b*07VEQX5A04hEOd8fHNgOmx=794+-pl zg$aSF*+K~zH4K5~+e?8SR1B_qCY@Q+QYn#;BOvwMoqyO4W9KnOE znhyL=ZV~n7y1^(wR=FmG;PgtT&;Nl5JV-T``v0Wa!T-8?qa+Yy5nkWU%6X@6vI={KxZGg9rIDX_r0tBf5?c%G4^J>xig5WjT8SX3bwEMwUZ+ z$NeiCwpV^Z_ny$pnAaQSm;x-uHB%zk?bCbn>tFeW#?UY3bvC|o`e6Jb=tB^*3AMG6 zorvigyDOsIh8NF%bP;m~#q!SB*^azpd*@MKpW$x|PhZ*p?*A1QBa~%mkc7$G#>Luo|2yCjzy$t3i2Mk?vQ!Sz1Hk!~eTn}s_BG0$ zcP|4f=eNatkgo$ceMMe}TVwh__92#m^$f{*YWIS4{)xiUZ!z(+fG;9AbWZAQMo;$` z-Ew}w1sG)IO-&jzm`n8J zzsGtFoo%#Yq5Mj)!l4j$wfCBR!y$n8qIzq4xfg&@0uUiyDEO>cZ0)v7aDip2nSqxJ zQd+sOqC(@wpT#T#LEB4^S*DI_aGq(dOT|8_vmQ0G?2NAb(Du1v>Ym#)<-5u# zvkJC74`>vfFB#6x=yPbZIKLok@SZ#GxPY|GcgBv3s09xQGY1Q58`F(J9zJI~hUjm= z8t(gd_R0VhSq+6;|MzJiqCvh`Xm$w7|3FdT;XX)mnF0pY7RZW}_w{5bHqZ5C8>7;C zfScV4bhILE=?DJX3Nmuu- z5keY3c%2pk#Ti#K z@tpfOsimR~ff#Kvs=8eQs-G%AUjl_RHRJs5S+YjLceJCk4?rN%PXJmv8w|xGK_H4@ zj=~M=4g(=g0|39>5vGwN`wNu)dm>~Wx}rIWDND!NK8}4FmHf@o1XX0e8)%+?Y9;NtpRYm9&63; zI84jF5$FQD^mkM5*=p6_lF236%sWy1i+B)E?q}~U6$xp)yr#Prb4_`8voI-+_RwV3 z!28reahE-VE9{{Gu*K~vx}|vlw<*b=@l~)YQ2;UBiH`{wd*C03UVN znm`r!Oz$@U{C!GlD`*MFR_S|w0Pi#Gsw2q0z64@Obr*cHS9k6B=T zjUE&88VMJqeG~{9A6JOc(|mNV?G$8jqTP`PVbP3aK>wVD({zNv5Ga%VOtDq=jSrII zYP<>LT)6;DXmJ>UFwQCaW~!C<%oPOyNYN5UNz_77U~u!TB0th5vYWYvYIZf_AjAkT zMm*B_rUIg$EPy6ZN|hop?o4=#QW!Z=ycklJ@7phjYbylD@1gWl?W}uBo-R0jEtd*G zB~L-TG6gt)2Y^=}9{94k0Pr|-4vp$Qz9%(8Dde`;yY)}tSp$;tCo3QGj(FD!Ur@E^ z1^Ur34XcAiEQJv zz@&W{KPCXu{8iiwAeoalY*x{Vl0JUMYDV)3Kyr*xI8i-4Jyn1cq8Kiga{T}bgp>tR zR{;p+jYB1<88G5lPqc(skn z`|I@;=&c^a$6(tY1{`KxkcMc?ugDQ+Nz`;){W>TxuaCmo#OXM!5Z)XK%w3YsqxQ#j znIEGWNZe2Q?(k`y=1~!vVMg=#n+Z`6_d@4KD-a;&<0(+9H~tVwD#oA9FAK`r6vKbz zp?+tdy3yt4Iuo&b-zu(Ug1~#b?U7aayW6xJs{oBb*>it0RF+)W)f*%)^e!=Tl|B~} z%Swy?AT4wN%Fkc3mH{v2QR_^yZVz44`N>o(zKPctOaK%OK97G>?&aNb6ru~mu1Kp& z24H>g2L)X*$tKffKDuoJ(uP^-_lw+MqZ{QVWKMl1Sou*R&Ur6=J~_#_dqLGzpRXFj&|T++U|6Np0cnE{lNZ_h{a{z|*`d%20X;4T1bMhbYM z=Cqq_Yl10rv`Ji6q-B}x(s?xXL1^Ni3Tzu+7|g!m0U3EXv=CC63ktht%4OJOygatI z|K(unMx%6I$RH$JHqWzq2|2z$XN$j_YyF|gPUEQZJ6$`aFwhCt*3LZlJ4pe zMy8NH%pby;SE(@rd5@HRLy>F$?k^+&rn{PgHcjz!(C7a8troAi5kX1fX`fCyX(7c z$ylC2l!nsQe1ER?2)UXsrrjB#_Sa#}FM=!yW{LHwtJf?vn1vS)^rG&T2!{EKg`$oIQ>8Vkbc+-T6y=mc?QtKP=C z`wI=(jI)e&I6{ z!X!Xdi>R7E>PuJQl6#7`J=YMQz-e8SFx}Z1AQn0=vIZ4-z;}` zLZb6R0!7q90;hL$+tw&GFT9G9v>}l9B z1!&6;ueh^D8|Otgmw z2m9vb&kyu-)Ucb6JwSOZjzIoniB`L9y?oKsNVC&^tJ>GOE8Tv}sqV9<^xeYL$XQlv zei1~>Cn(9Fj^9$JWvm!X{t{HP?$K#@|J!eN6Rb^5S8r2{J2)h-E&|YStmv7*5w5*2 zoL@zhr@%?B_H~SDQC+xmM=rV>v5>AdvY8EJlSa8U8Bl{L15` z<)HCm*n=63Y5vyzMjOyxNy9|?Z``wQQ}2YyZOsswTZwV!h(=gN257?Rd^O?tbQL@x z39RqwC$+x1wQ2?TmOAY0{Zy0%K$PCsx@gt6jO4jK*GC8lUto`<|Hc^krd~a6qg2Wx z!#kn7o78Udh9y1L(^(oy14d#4GI%mmD`%2?Rnd$?AMMM?T+wmB3>=N=r8lhr2lJA{ zEW9RAV>6mX1X=Bmg^t5vgx+>MER;U{U3z!_4W;xWEPemL*pEq;pAIB8&KM8z3nwq7 z=10Y{r34|5Pvr0>vZXl9iJa3oe-jSGQKJak2nq2_Co)D_P2aDR52tPsdM33-# zA0lLRVpT#QX$OB`%u~CikuoYj?}`K+0pV1IqM12mYkr~i&xS9>yru(R<;3faBZ0IR zf_(}gGJ{x+`%1TCh>m8W3abiC_|{ukQX`xT{-r)g?(GpvzZp3s&=APky?Wq( zSKz7e;=p5EtPGB@>AsK>$g;O4#A6+_yr4r>h*Yg+fio5a^b_Pjk=S7AdH?!U1yIB3 z0uq9jvjBT}Z_8qlFg^n~gZWgfwye);&sp+NPzY?OLTc9lsKLYcX{UxjJ6-eJO_4b^;33$F#!Nl^b8tyx*G33@!n$W&dHx^iXfY;eTzS75yi z6}_mSQKHixglAWMCOTe=sd`RP?VfQOsdcYUP6&hzrvXf;zea3 z(-!ky@K`QaJZzqZh{S3QfO?{&KZ^DF`eJ4n$_S>K!+1%!&3(q|x{Db0$8^4VKjM4= z$@RbJ0N<1EOgAf6D4VW+B_&#ri#>@@GwNtm?=o!VPLi)&xWNaUhJcxRMnax$-PW-b z;D4a4LJd0_sc_Ol?T=9{HXJ?2#4i{F{sEJHxYNm7iV+M{@F4=18y5e(o@>XA6}zW? zlJSWz;KA-p-K86ZRZ7D&#+?UD;1b!YODNFtTcv?6Hb|}I4-e|d_%D*|qY7E7B;P-N ziUIWy0B|(5~g)^3XggEN_Eld&B;P)d@g>m-(F$> zz~EQOKvkh8Qb0tQ+m3!N$0N+^VjskA9iUrV($c{Kwy)rss3)_XIKPe*dLz3P%(b6l zluc2EDwgfzjDy9;FLITbbnd!)~M-7lL&l+d~miuUdc$K&rErUv_M9Js!o z?%?rim_2zyk8Wm-=1B(1cTJT9^f$e#a@gA-k0e%AE{No^%Fxx<4;^@ylast_0il+L zbr*}7G;l?Pg&8Q7r~%eV5v*GX7Y}dL&Q`2KseO60qThR^ld|0^`GI++SV%I1OaEY{ zU15Y2aOfyHdlRFZzwPg99hpd{w$1K$%*p_k&ALIiGfe#0ajtS*OKUjLpe~yH-#w9kLe053FV90_o~wTFKDthR_88jILCN;Aj?z zR8CFHrnj}`q0~?aJ(**^cIZI_t;<0OWu!!zI3O&qmaST>hhRl3jt)~o-#D2~vSLjg z3nBdNuCh!PiZ-tOWSR|(45c3B5^N0GrWOI7{m3Hz=*s5qcJgGSJkxS8=hZH~<}G5_ z-~%~(xJPJIjuA~gney<6ev|iwwYmjJruJ;XOV~R|+AZ3;i)421l{Hng+c+po48tmy z#%-6CemXs=;bQ(-xFtv5#Ol*uJ#pB+)$Frv7BIkdqrmL30ZfHygjey0&HKlfT6aNM z5vt-B^m`-5IY7huR=QWZ<#~v|wD6^|TX(HzIaxH312*z7=kwz35dYg0Gfwl2^HBgC zC%?5kZl1Ex633?v)B%2Ik%+g?Yo}ehPHY$|!_+*d*0xn;Ixm8YMKe<$mOu~3BIOwf z6TjdrIp3Ep$k&@a1Hi}<>Hft#rWj!=yCi40(!9A{bz zOw}HQ9lmJ{=wwt!7&J?-UyqD$xbprDQ=7Gu(-D^X^~P5QSpky@{lQtK1DAKZo9YU6 z?cQC{9X;NrV&40R9&zB5QMq2@w4}Zy-WITm7dW~<%H7YX9FO$rWYANW^L6B#e;sW# zWxu=RvPfB;lF8|$%|41yoa^z;i)GJmc}!|!FmPHPbW^A`cO~85g}k-|#pVbxjRLI`WBvAeG!YMGaj=U(Bxc9&*8L?pTNHe+$CNWyt1BXK2bSBaPaI&5f# zcpG2cCX<%U_=pN42ffy}${OM77(0Hhl1$26p23#G+cDfi6^P~n+3rXvboPz4MG5|7 zXMh?~t57S&IhaO1YhTM|n;;#ZgsPhlM(yMfI-d7nJN5c$#vLEc8GA$FtH8_OL_9Qx zl^IJ>ss?!`#wX5EeX?p0t3xITBbx+>ojrA}FFZSaxQALnT z!xh30nA6{E@N9|HK6yiI5KD+8g(Ym(Wp{GpjhRxkMm`mD)HFuEgbg#xjX9Ks9IQE{ zWDWY$nyZ|@G0J4#*w`3`h&5L=-0LsC)gOixh20p$v2_)2C&kHy7$IhB;+~j{2^1H(_o`ki^l{<)|27 zw0G%td?;S4Uz13`b4TB21x8H>KWk|6@&3!nejOSpe*3S4=4&#H>#7tM->MP)MYj8! zSfh_gkqkNId9mmLh|`tee`riea}PwgtcEpj}e||3G(h@>MMN z&zs6)k;PF3G4Gozoo4M~Ef20i2k{je8)^MD`)2M|C`|6MswfN-awh6Evt2E~^xSja zf0eMoQBrbH&Y^i-)ip=-=TMV})4alC^HRz`Q-z}f3d63O$yO&PEDnxJ8C$bhvi1 zkRZYv{1PccQokulM50Q|3~LXFmk^BAj;d+Fd;qgs86@f3$TKZS$3)}hQ!jh3l-taF zn5W<07}aN_ZkN;l!grPI*J=ZaIR#M7c5jNB#0jH0a?6io*`Df+FATy&d4`-O<9A*G3;LBkvBl&ua-VTCzrOxQj{cj@~|(FopW zDOMb)8mX1JE+lxwEy@KT``NUd3(BtePpPk$e)Aos_qcErD9@xut?eB2V*FnGIA04V z%`KpFGxD?9W=QOq*J`pkoz}vKwO1-N^fat-l>x5PS$KRL#J?pjHdv55Rzvpe=_TH z_g|U__h(3y_w43C$5O>jN9H06@XaYr%tmVQH)cmZv3d%pnwv_}sq^b><<45{W=Bad zM#y5b1~GVXMNQSSK6(`-lw(cboqMl+c_Ec?@Mu>(TW>f}XG)e{C7Is;@JP5k+G_Kn z0c(xvalu1@wrZm{#04p%K4imcZQO}DFm5&~34P~5EnjF#iD;}-^P&2owKU`@&eEDjIAn~{M}_GUCAjyDfg|$npmmK*UR3Sk~iN*P0y8wO7CUeJTLPITwJZq+d7p z;5`9CD5Ue(*?+gt!0u-rNz@)+%x6-!o(!*KvR@nN)&v19_eW88RUdIgoGr{I!s7FT z{LtgRu7n7r-HZL}(wA65=)UuThg^(B@NiIX`ULl+>O`;wf2F)64ov&_u zOwch2=cDpBGoFUAVu^d-nVT`UT8_A6H}0G!Gx%vxsF}Bj29}ee*N$MkGgSHYU1*{0 zyD@~eA?=MDtSxIJ>|+&*@IiQmp+B;vIh*!LA5F9lu5qIi1<`P7%QjJBlsFcB`|8|g zgvD4f5#?e$MR&fUPRqVStC7N%ps8AUAeReUBVm9AM|xpwa|yxc@=fjG$teWSrKln) z(e`+x6GJtxOIMBtjPGTL-M57Eao9B@)LbM|roQvey6NjB@8kHsHu)rV=hDf+%T+`L zFT7e*E2|XGsOS8%4aAqDhL_RY)A?k0(KRNLj&kB_ZTLw2>tn}NXPm3DX4R#~;>f>$ zXPq3C-V*g1qeuDEQza3Te&)Ifr59<#6dNSP2>lgZ;7I)coKBq=ruKV)e*~ z!pRBx}5^6DmV`kaX>Duv)A;<&1FH zjP|6-EPWJj_X#V{XZ-RQnH$i}q|S6}w5ag`gLW*h{Asgc4nlyQA@(tkF*vC=t#$|HhkRxqTe-Fs`@#yM-6oAU6jjMsu|*u{(JiO9<@QF2H^z}g(|Bq@s;dTpym7ys zH=KOjC6dO&)JT;cpz(ks&OE!XFj&DSEXBzy6xzZeq(%~(!8-Zn_MLr`s~$cc{!V?n z(%I3_ZWmti$bExP>?C>%X`x^D^vP%z?=09?JMOO?*l3K4I3JcIM)N!r+FEK30InY^ zMPTTIcK_S-ch=J`MKxObL6~}C!nvL^e~)3KdYRH(*&ZH46=`npPLKZ#j76gw-%!ID zsu5B6%L8^V;2#bRC@^Y!#EeA1gT5%I624VUd>Jh$jLeF4@D?4bSn<2&kxRq~t>_J% zVQx9PV=tGL6=mbSAl?`x*vy=y1P|XR3Ej<+uV|3WBJ!;)|ER&4Q2k(+UcMk(G0}G! zPd-iSlW%OBSs6my{v8>wG`xSk=%Xu@`Qp%~lid;TsF7;f%b}=QGZ02MrkD-}4seNa zQ3;6$BOy;MhD09~)TzZ7@6JgK7H#?$naRrAa|ON_KKxE}T9S^>1HhHfqzk|FMaT(T zXtE90##p3%7_uYl*URU6X5Wa_D21IT>#5nOwk;P`js4VZr3amEUKdu`^>rX6GUe4P zla{2v+*4u9uud!PG@+KYxNszPo#Z*ORde;<@y%=OEq$h%VnfKD2YFD}JQL z!N=DlHPRM)JOd?`R!BzMilg0cR|&Cx7j+7lAq6M9E&q2M)V26G32t+|jJJDjP*04z z&ote;?=j=_@bXL?9aSebJa!(>Z9f$H3H~L0< z;88>upZeZk1!(lda}@S&tJxjYCx;~F)fw$C$3O&3sg#89G+aRK|5qL+q;gd;?0Nos z+=9u0hzUBe)PKm%^ooK*&B|VV1OL>BPGNU6kHL3WIHFHaz(4tp^XM5tU?%1^N@nQ) zH524AZs0rImmDXuJUGN?te-Ux8yc?q9(DYssW->;?6{=J#aQW>+5&q1Y*ukTqcQxj zXzg}FP`Z-^3ZG#q(-h9{Ba#o*3+2p7Yol(=Tp?$aJekTJ;fd(J_Ywk$1fB!OYd_*b zVP^=)3B#Km0I!m|S0fOMdd16jt`1xVqRo3{1+cINQEd;20g+nj zNo_9dQ*ADEe*OzQd+Ks7@^j|mhd${wtODsz-Mi{m9-NrMNBWgEk4sbE${zI{`%_F# zn?Kp+v^#6rtnE#%|%Sm85_~*KQ+v^`AMp=oB2Us+8H=@-4VHg3~@@D7G@g0dieXQ{7p-e-+Tgs z$qYoCt*!H^nEP|_4~fI~3l|)ZkMBFL$cUCMS$mlD6sc%l|LfcWhnd7E=AXk%IDmg> zd0n@+HLUSyImQ0k+Rfw+e*eB+;|;aHfpH({fCVXxKWIm-0Qa=oSSG&U&Es;-H97gF zLw9>0txVIuI~89R1a|syN6C%~7%KTw3^=51>)1gsiF|yUx+tfYt&8AMLA}k>oWGRK zl)x`O?di|lI$3ac&$l)f!g>VoudWR+sC|lUmF9aeq#xfjRFNB^XMi2NkWF;K%8Sl; zyVh-Rda&dG`TdF0igl$7rS+c`b{-uK^~~{=kP~&P38wRsl?$+Pr8m#(lDkWDDa|_4 zznUf2Z$$Ues#(Yf=^;z=1+l|Q4X*Zy2OjkYzUZGa z&=+;qPq_*HSt3olfJD zv^_#=e%+Mc`&`7HN{l|Khc4=xsnJKpRcaTol?lzb*MAXn#lJ0jJTEM zXk@V{*)`{CaKBtp9q(D!e(!8o9p;vIn02C7SYD)TTXROQwX>9OQrn^G9DJGf74`K; zIkbhT%9#f7za41QqPQn9`a}BsiOqFfoxH!eGEm<$$QLoI)>i9#Q9D}j4G&kc_{n`s z=2MQC<*y&*tK5rX3!zdTF(G5z$WDB=As?IYIQT-%!TpFRHj!3$eca)S8VC;(cl$DB z1p^6XFqc6&tDs4`ZjL%-U=($y2T4+62tuUwo8+R=G`HnXwL$hN%XB^y_os+On#OVI zz+lzxtnX5+NsDRh_aA)TKipM5M%g7dh|Tfz2B!W#i=;RyO&;qoX%?O0c<~*m3d~xsZ04m2t%Kk z&LDRQ2y#X6dJ~c-7e?u4=|jam@k{48rUg8V#+pWBqLZ=6U%l+ zM27}s)^fi7nBvt1=~t3i&Fw)9OgvQksZJCXd`|r_hC_p8RoX5_Q~jbLeSSWnrFiec zZ$R7D1rh6(*F~Eu2jwzN6MBl=o~Zrs9st<7i4-)b~frF7!93xNlfp| zPF4`{jkH0?_Xeqe>=zzkB*?{Rs9L=`ZMta{mBYM}B}}0(bS#o)eN~_$NOzlBX>Iz; zR@cE&y|2V}L5e7)hD}8TX^G9}tVC!GJNrX(gA7hk=7rdl#v|UJXG4&BO1Y~*%f-AmgU?x z?L#FJQel(YV=@={Bsm1!m}b8wf*j`ZAUGQ8fT^kMAEU>RjUzu3K0QEd+(|htk8FRG z=vBa$8iW0+QYZ*Xl%D} z%pxAmExYBo6-zJd!@AjceT`VOazUiSWU98aT+k~gIN3Bz!KlPU4-NXh#5{y6rXozC zxX02CMhmugI+aL`GQ)Je?3CoVyqTft;ET`Mc%8#Qb3s?pFC))(1QT3oTW=MuWqc2` zAul$>n;PR=nQsq_i-6?}Gw(g}>rXv^#PItG-?@I0=|OF2pQvRHl=W9O14w@vA;nr7u!_O@f=x;{WG$Mk zRNkm~NDgOi(LkvHBqm6(H2M&`jS%_}$TS>r0P;*~llFO%6N8}fdQC-t zefuG$=mn0<93oko1|3AIeDOwfD!E@tvT3LiVXRG=>Mq^lwl<~H6mxFxIVs6(RmuImRF_;z>CG46- zYFWKWFZuq7dvYSq%Tu!enYmi_}Am+os&nPU6WWp@zsy;J}f#^LTWb629I2FRc-`3 zjuV!+@eI8yQS9q__9Y}Rrbuy1Dw2GDxk}K;X6{~b1svhV01K>kOrNos?#vzzPi|Rc zW9^svmVsa3(uC~VP&0-EvKk3xX*^+Awo?G|L{%mZdPPYL(dK(MlrnvFO;zakQzb*) zqn7+H)-gV8{j#-0&4pn)KO+o&QkN}UBGlKiFUqWx<-f9HTR0c$#HU@o2vY}V@Rq$@ zOso@SrIfdBme$?(S?)coQEXvqBwSH@vzeh$Pdgut`myYf`8t?Jlf_q@w#pALM$W3!zE3q5WHY>Pbt#&hv%*@{$-dDk z8}V}q)8x!KN7sn|2E@bV^Q`OGM5RQ-hK01~>o=F~tVCH{_!aWe(fJn|q%IJ%D+Rhl zGnR8HiV7|PZFc9YtN=$qmo1+!IV(@fck<}AM;I^BeL)qW6tzVfwQW73qj$E&UEWcA&F`np2|GbJ#TQ^eUMGr&gz1&7 zH7yZspJieA!B-8P@`FD{&XNzO;rTz-{Mpuo`Xn=m$~34)@Bbsy@GDR~kE&Xct3;lb zh0Y=lI(3i>(DSl96W=)V68KTs1$6PhT+ct|&98@w>`Y!Q{f9a;x(K-9>u0e4V40?w zpt1`LZHH&~|MSW99Pp^G;5=wOJrn-i>l|7L@TyV^zLt^wdYiK^K(YrVt#IBgS@l1% z3k9g`LJ7y;WBX?y(e493jXw|aAJkxl60of{5g?uazRmA=_BF_7qF)Zx|6^IFLv_xz zi2!65{?8_j-@S0u+xwcRl$15;i~q>F@W8m`O#UcAtL_?)hWj#jNI1Xa9$3E27k+|E%PHu80Y3*UQIj!oMF8U1_2i zyT(7A1=%pP8AVCW#Gc2Vcv1{MnMGHB+z;3M{I7dtPetFQZj9;IAeL*_=K~F_)!j}? zfUfZb1Ep5)N7fn)RrB?oWVVCa&K?In_w|v$$D`ODzoVbu)uoTche}KcDoM6J8lc-d z^8ds=iEWy0<-OryHU276rJsGj+zgt22e z$PnB8*JD5hn%@pajJj(r8Cs;Rs+Uy%8TR2a`2_Z_lyNti=|uq|bbGh&3>}wFUKST) zp||*UtNcAY>az)Ly8A079s08?K1VE`I!zlp=0EJNiE(0E5dn0isF$nvb6R4!mDvDD z8uTY)se%CnUy<3UniS9KNsGiJpkJ%EOv!q7k3Sm<;ELj}sK*-sI27Q8_%(d-z@ubg zDID+tvIDex5kS3|2cT0ej&_mF0J_NlcpMLu!Y=$7!oMwP>eh;Qyzm=#R3oZJ$xL%8_(_(pz>C%No@+>f6Vo$lsL zX8_Nb8;{=Nn~NWcd;sOK>5f6PY)UgqUySqR#Ow6TPrl-eWl0kKieX|X~$Km`Pr+2s*{-81DA_7`~h z_iMZizPv*`)A^-Y&~oi2D}8%#22h=8282#J(CmA!%|GXG=gP}NYnlNai-B+@Ju5IKhM|pCW~wTeDufaCRK9bInVDHEJ9jbN zoZNG)CPA>ZX}x7GDkMa)bJzmYJz8olUS7C;fLb7fu=<|EuJs9SQmj* zNZ|3&cFk8tNpbNYAUN9$^spJY(1exAGeIL&Vj!)RU}qbx2iT|$!>hp0aX00*Yh%dv&=aLOq;aP?xqy4BRLC(^tbdDxK`!>NN+GcS` zF^vIhYz7I4uFUkRFq|~QPQ_{ntZ2IZl`mRX{JV>i8|z?(8UYyl1)~#KrBi&zyMElT zqS0923={`tmC12{BH{h&6!Lpd9@2%`#N#``=BGE z=~~V4VLPvGHEXJ$Ghih#+KgI-@f>b+f3-M=QZpGXsrCaiILs4O_;Gg~*$i}Dm{7Vd zMMk|%PIOSH=HB))6KD=)Mb_;D5bojapjGd4Z?nqPZ%>eeXVvaM{-)>E9Y}((a2$FD zdWI>M_lyWJcSE8pHOXKCy;EaSF4 zImo7B|!nT_LaWNk|w#n{~EvYZ9x1 z3yNEhBuPy#*}*sbeA&8Q_XBYz8t{e?3P-s6U-`~Ir}P2SME8eSAO{vQfJY*l&>f6Y zR>YmR<5E={j?JNM&IcOWo-v6jfLxJ~=s?JBX2RH;+#=1r2pOz$KmZAQ0aE*!yLO=Y z*+?rRU>l(eE?htn;$|QjX=yZ;B5y>9*v)QY%?t>p^358CfmvJD=L&Vw5U$(+GC$}7 zaJ3$Q?Z2y2@5_4rwkFIN@Q_oOterGH9xyX^jWKj1d^cW6xpqJEwzTgD+vfcBm6Ex+c3UjN6;eit;uvt#LwyjAS@q*QrfS|Jx|{HDd{ou z-<5=4R=%TMn|cG9Y$fpK8kZHVis!}KsHTxNHYm8ajlVGV9L+7w)n-P(der*p2<2K6 zw7d@Myur?eTYr6R=21*}5~nf9&EDg}m#|#o@bVpbb&;7-mXhr%Nr-H>(9^ zZ;W4f0AfBiG9rFK8m!*X{(U1E;dSiUb;Hhy0U%7YkfRORmh&NG9YK2fw#{{Xd=t?( zl~a3`^7(Ue?I?nMN!p8m;b7>BfsU)8x^Uk>GH6s!^(nu~+(p}Iv-ia%T1Z;qi?5jb z!HwxU%Omh^$tlw3iK4LvfWRtrWp)$Q5+DkX1Z#2`P`nl_P>M%UOUoZVTxRjC=Z&Wb ztqcJmcmnRJ=qD*xQdwO9gC`?Q6JF#m)g1}ir#du6Ir*NVr~X(F&PvT|X?XmV}K-b;RutB{7X5UKeSjv42GShJ;RwHDo2e zT7apm^~ZjmtZeHp$w})4q!1QQ;Ws??F;w<_Np0no4)LB_y_}y@K<5Nf^C|d>L7u4a z)!ECjU^6%EOjon+ygvZ6|4SpvlM`S6-Ad!v@igIrBBPZ}|xs5u=fJPd#Q4ftxAy8RJbch1ntg|fa$)}aL*V3+}RaH`tyC{1O6+yC# z1xN709cwAVR_gVMH`t!O6Zu{_Je$id$HQazF}wt1WXofGK%#VH7}ci05fB@foE+-z zRKE1x>+FQK5wn4Xd4X(9tW&Sepe=efJEQ+6N?2|`S}L&%rrWj#6tbE?V}O>sSVo%g zPQkWr{GmQ;YUx;wEG%SjWmZhiH1<={qlltKpTa|;KqF00Ce)m$r|(O-INF^MH!iA77c*a z--FHpnTc-WLW7T1)QuB~UB)z)SZ;$$Gjwrb>MT6*!pXeCWe(Bz{U)Y<^ zW&e~0l!7A;p6q4qT?1O8p@3#13E#D?n2}osP1_4>=r^+Edl@Shm{}wjy;<7w9GQa0 zs`kTgD3m{~(nQgx%-8;1yLZ01!r77N!~s0-)|=TVWxI|vd;{O`uDy)Mq%ojP=&l^- zh(y1)ssO10WI)W$3)np5?a=M$+4+$&OF_Q2ge#uf_Op~QAlJU0=l=eEGdQ;CQS>fw zw$w#;%Rbrz1liam*H}C$j>kZzf_AH5iBRR$MdgctH=&f$1l(6Gvy$GQpqpi2J*h*> zg0a6as39M09^C$D@|ofDwjC^>-Q5({nC^rWdr`snWMvqkcXh z)aaC@y6UVs!FmS{7>R;muo@uy;Ypd$C(92yNkpj%X$<$)`ui^3dHC%0I$IZ@>)=i9 z0HXT+yLUf!a3X!FvX$@_!wNaVJZwm}i(OMPd`^-@@_)Q!{2ikhw_Ja04B5 z!7!tmwI=$n@>2ICo3cK|1NyA}9CQ8ut|$I@H#F9)P6&oEyGhVwFuZIzRz2BeoR^n1 zT|Sr;@V<9}Q3$Sg1uH-vzF=ZqYKCVA4l&M`p8EY!I_Pb|tvb&L-WP(k>dZ2EP^Cr96Z%eDJd-j%j#% zA?z`fyU}BmTO@ajVd`1m-Cg6K))5>w`B}r|&7*N#ow94&SKo>FoWAd)uw9Tb{SlRZ?-R|tjMH`pKW1)!NqKV@i?lQpE>)$ z>=bMk&xLug82y;pVyBVU>adlTuX$hIU>|O($~07D=$l?{dc>|*^~JcVy*m89wlk|> zBx|<0(?Lx~a6i#4&hMODvPp8P)~wGG?M&dF{!&C;Fxmg3x+{%`a{c=yLZwcNL_%fD zk|;DGM0R7%zEqa6tFbkcCFP`uVHmQEeP`?jLpVvc>@s#0{)|1wI+o|2al-$co;T0C z#|s}H*FAIH*Y?}K-{0@rVDfqna$(T5iDPaNPFBsJee8xQBzEN{%leZO`i2GZrNO-& zsIu7Xr!f13oMlPVysOSl$gujZl2(g;bB0?W{ZVM#scvkQ^A?%b;5)^ABVRQswmbQi z1Gt~ZOQJONY=s*yk&NN#&X1668==Q6;=Hc#JOV6CuiJ7kKAE+cZ z(W%I*XJ*fXsdNgkWh@le76=XXR*B!w zW#5Xcv|zYsR_zs;0xS?mL(fZE&vjkuMHslk2o`EvkrLmwq?;EmgQt{9mrg3cIhI$TQBwJ6( zkzmL9%6EHosRSc>n|#G1w^JEkN~Y4IyyIjv2nyX49e7)X=0AewJoeZbffZsVfmy_A zSj1(MSY>()9lttZwEpP(v9|&5LL@L+lBe};#ws3nmBT$80N^qq)P;yB z`YX>`NUXw3BCKJU@bMRiO;_5t^Q9CuY;y@rPh6`H)uRZEU=iO`|1d%E0EFmYtP`Wv z#J*KzL@1ZshHC_m^M%WpoUtZp0i$cx7=!s7?%5b|VN#%;GZwl!cK!}z-eDxnLCpA8 z7KHuBUJNt?OEpaCW>sY?F1g;vG?{Bx)xXq#=wpNmF|; zD@LXxmOLiXQD98?u%6v9ojKf+Z4p_y>G`~CYbYm?UmC%t1bWX!i#dJwzN&+opo>zZ z!-)0x{7*eGqii2cX@qh59{iDb5pJ3;-;Mvs77*0!(vi51|K||-?YaB;g z>@g(h+zwMo`od}zw?QH|X1n-y;}4gwwO=hrh2^$XtSHO=6{^^sX>!WcE7(wZx+D+M z)Wr@C-Q1)qZ!$t>>rDGyWyD|@BvzugavfugmunAxJFtz+ftdDM(q~c1aa1gkd4&@e z@qBp7Vj&D=*=N`)m5Fe*$D8yx3~+TZZC;zk&LM@Y1;g_JQMw>ndz{P34CfxG+|SCc z10)u9w)LI(n=?k4p*0}PUe6^ z)^RA$#@0j#44xb=n0&NyAOg6+D-+Cy5cqrHYq*}^@259DkfUuVTpmbq$3%AyMHfEE zwob8eiqm2TqktM@gSx9G@YkQZ1CUWYyzyMw;^heTFJF)o(rE5v=W->dyAzgCCC^X} z1!*aYqgz58Kle;O^IlYx~g@rDujzzCKE9C4O8=J#UpF)IM+KUPu zG^)9P$oMs7f0w`Ky2dY_sj*32VyrdLzbW&BM7f}zlQOb?1kD@cfrHLWzCCO@&}>`p z7CIAa0$XnWs2sVxsS&8(6f2EyQXaa~P^*6`GE^w|X1SMZcU$!c$;f-#0yPNxu1R

#W1`7PJS7O8sEzi>lO`m z)xzEZqvLo&1ZEAiF$~i9H=uBt%$Jil7uXMB?|o1)9=LZjxXPpTETxz5EBV$WaHiqS zj~}Sv*S>-d*rqa+>v^N~Wfdv%;N|^qv&uy;Q~8Mp!kfNO`WtT9CMLSSA?Us&Ux~R; zbrJp>ASPTDXe%$v`1h;RQRe|b(>E`1A_WlK^N%T#oi`F_gFe;z$K5UDhv>+6V*W*P znxtG2|I6Fo9k%9mpl$p|(!Xxt1Awwh0I+$vI@EsiU#^r)f(g*pRCoV3ca(BGBNJ-p zD-t39T9+3x<$&l24-9PjP18SlC-Scq-(y~Gda6;Tc=y*r;ESz+&TR}KQsGs?X(}n% zg)@_s^aq(ns!L~#V~!cpB2{x64nliPynh1-KMND`6cTtQ%}-z2-DQvl<)fEj_2&zA z#%UN24AGNupPr7#zMQ=SOx}vZB$+7wLPpqEBCp&4=c*Pi7e&iu`&GM9txvHg{r#C; z!Ybu8RnE2_LTpELQ%LSU7E{hGntZt_w24G{NlFb^8Kq;D%f#xj2t|eF0MThH{08IY z^>>ozb_F%LmvMTV5Jex0*G8Ay&)PYMPmrSz_jD5+o2^9vbZ6`zsFZwsMEwEQgx?Ep zvz}PVJEr^qp|aPE8ty>93v6fo`C|JNNOvdQM9}Qe0d6Fn-C-z^dU-l=SIYd?+Q{?) zs~J8N5dB~OrR*UY$`!a%c)5uKD@56gfGt@FpuN{B7=MGZ0H_!MEqCYn9{|Jlj-VAF zXms59?S2F4$^ww?{|^8Bp|z6Ly{oo4)~KP{I+pnGwy_%aKu&(!3d`AEr#s9;Ipy*^ zw<2*;B&D$Lkt&uZo(pbqyX>Le{=Y$hv*3L+m6BivBnmVPqd8+nJhfK7tbrGc3Im32 zdA0C$v{l7Jn*LL27N#KQuRI;Ps-ipU_t@>ABQKLdcf*ZecbKz{Y$&qcr)oUz9Z{!$ zvQ%Nwb5^)PC;Z+KStI?t4*R`~Jm4|EEa3cVdKF2Mslh-(!hkePF=E6mc`S`Hl0?5u zu3eF^H%-730l)#g_Y&R9wU9wv(GP@yxl+TG9hGQS0|HP zDP_5i9k&6;JwOZ_7jPhkQW$3pw;DbqIUdat_&|6ZL+gB{#rQomjtIpExb!X-XZ6lfp6#$)twN>(UCAcJR-bD zd_++DYGu0=P<69uzPh3Ht$Fly$o%lNW!g9sG)}{O-@p(!tUz3-r$}s$Ng8+cb+yH! z;|R76aA}!!3jN|F_NeQv{N%%IkPyW-TaJcqQ3=KE+J)b9@E(OVwn>~Z0mzXnN^BQZr)^9%>Wl|kaTm?J zo2a9WhKL@7wKY}k3b!PBHp159ij@eqdG!zrb8n50b_yV&Y`uYX5U6l|B1*edpWXIJ z6LV5m{z|LB-GD43sdMN(5=rnqfDL)+Pa(7-St$a>wO*$?!gQE4dg7*OGjngpx4^jn{~d@|QRT);df=9R-hMDB8&?Z^9y>8J zi|p^YL-L8T%@V61vd{;m)Oz7=6FpV?vrv1kpEO?+*Q@D+8-dT&cO#;IYHR` zC^1J$5i}RbX8)ilQtF6e(F;k_%kF{Nv^go0Trx99mbQda^#aA_sw^Ext|*&(3X}}E zg{0(3N1)Ap9;H40YS&Tti31^)UmuN4P2Ecm{h8ry+h}my}7rzTM8784_zTm zw4l&ocil#KvJ6$}5pPl8wkq!Wol3P0PchS@ttOo6t)P({8LZ>r#W`GSP)eJ0xL1*P zI5^o1{d1Sn| z5epE%N#8ErT+Z66R=5;3XT=rhq1$(K>;-q&6bqm0bzGv-Nk&?9T*onuWaxNKj6?)eqvm)Tvy|!3%AZ!>q>e|@WTKrO>U=D}Vx>@C&xP^3I zEG)9z88qaM)cDWm5@fk8x&m$~$1jdR3BcPD?alKUkcjaN6a=RC&eI^@5o1DOI(rGmrmT#{&> zXF3r&*nLj_Ipdo1;vhSh(AC=F{EeR^DQrqtDUhX_@||OEOS+P`~zNRRKwlYtJ+ds}>;%<}zQ48F^OK{^ruzg==M|uAGRYuo+zIQ5J?v)|eZN^OCv_ z6<`uLZOC-QlPjo=Rcpo*cCy-iQxRqpSy z{tWXFozaz81p2TOX~^}!C0;d7x_<13?UqN|RmVX_ufc}qrf{#GV$2(yTPlG@U&SQ; zaNXTy4Hf}y&4=nEe6aEB>=iXu`v#>qU=WT%G@~iJ9=dljx}($tVt1f*wBDcd4>8bG zN86ZGR6`lObMf_nTFJP_2rupS8m53LPZMV zb*imZUUQ`N!bchdc2AlJWJJ8YKHno21Dyv#pk@ z(owUE6V!V{elY?hvyOUbvrueox)hnEX6NwSysFWsEc&*qUkOHV3|1@d%z0*@p2#z! zJ3Ekf-A+Raoe_dzWNQf>#;pWa$zt?lzAW`wy|}f+MSS2%gQ2xbcd&+Z_z_j6a)kXA zK!kWff|5Xu$NIk@-Slc8%NDDRSj2D`ZV0D}2G`@JvDG`unFHCStR^M*dZc&49X#EN z{S zpe3wE`I86naEZBtNVrT5jUAce^$$n`85za!3{gf&pgKfl^~bJb09Rg7+v!o0<|CXj zHB~(;WDkxjRKxRS3QDEx1s6KMT+mu3(N4S8{5)n`sf0LXXHD&s0INs*dC<9D|-LS6u5wFSrlhZQI*^faxFa zC9GVvX%}$I-e_dwRz{(s<&@qp)}?O%olQ;JXmXqCfCM{MZ*=2J6S_#L5Q#PJ3dF`( zC&!3JPWt^vyA;A+Ki%k2p$UPV5FCMb?{D1wiH&4t;T>Df2l3c>l9|wb+dxK1+bLcHD z4`)HS^i#v_&XpYnT+K&%e(i+) zN5AUVuqbwM+{LPpoT;RQ-R$0aFD@-*7vCJD5Ht7f0?J=C9*2>_B&T}R{uliEOGXoj zq|s;LWg-9e@ehvx-rw5)1=y2T&6z rBX4b;7OBI!?_cblls_`SR6D2e5;8jYs}Cv;0YA$3!ScEH9=`k^t88YY diff --git a/docs/files/pxe_opnsense_services_nginx_location.png b/docs/files/pxe_opnsense_services_nginx_location.png deleted file mode 100644 index fdb2fcc8375e78ce34ef6579762521b0552fc277..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 48727 zcmd?RWmuHk`vwZ=fP$EWpa_a6jgkUVq9P5_jmpp=jl>X&sFXoSmkgal*ANOwZnvQ&;=WKGoh#--l)fu6D{mawnT%Y5O%2&D z4w1YrV$}*6Vjy6p&SaZFjUwtMKYkRjt8!~2b!%f|2?%BmzJh;ltQy(3utZlo)V*1_ zwQn?+sUU&>V$i!M{YJy3Q79gk{8O%u$6>ME`lH@bkJzbNJr*<~_#By$H z*c;9ldUseEQ~j_X`(F@E(Qj%VCbC`b54g#boWXRd@y=)7v~W3kRQc0g_kufvW*_^X z$_FB@xseSYD%uQXwh8&_b23I{e8BES7P|@J)5(2kvB}XDdOV%dGH)B=72%JMR9wo= zPur!W^0im8Bz1%tog9AZWM6f&p?2~1UjB8xNMd`~{m5gJCobTPj54!jJ8#in$d)x> ze$nW!X3Sf+`eM6ilERR{ZIR8$M4-EkKhf}&80(_%*y<_OB;k*0Dbb;~FnVl-WVH-J z&vhe@+0|dO-`hYts6~Yx8GXx7NkZ+%z@eJIa;x55E&u9=lX?Yq?t!BN^|Jl%8t`L~ zG1LdJ%ZcD9RGFG84I|h4VoMzv4)bKHV$8|{#$+u6p&tG~sevRs4 z0^QrIpOp;!4B7>xj`P%oT(UJ-D{k+2f=_=xhR?UmciK^`7Heeiek8B;lT-}f$)47p zR^6Efde*eIF%qU7PnNjN7PAs^h$l@#6$fH&Y4)() zWHj&=s;;Rvkd~h&fBx*~0}f{gzO*y`lsct^b=g)1X>RErlqt6Jmg$JDuOiBKLkO?B z!pD}l4#`=LJ)@Ttp}OR4QR@6`VFT^}lNRdB@~pL8F~13U=&I++Eleg-{rD->uy2Lp z{7Q$-Om5@xQ9qNYy!`OlS2dr<#~u=AaWYdJo2ZOsoGY0wJ>L#Lo*!yFftT&Vd867& z5{seif078bjUl|TcU5ppvw;7^Ncy3+UE@Yx52La2CA@TDxYOo+r>h?y4intyd|Feb zCQsd(Mmx8m@#6uWXL@CvUtqk z^AWtm_|$k1@ChIM5yn6F^YdMNM!ZAceolag=VO9*_^)T=z`wZvUV}fl?|lE4AeP|A z6NK2Rr{^@}S^DDpv*h68L|;*S_bXEJPtWg>zq!P$k{Ww2 zIKb}WXY7>Yj|fWLM$ z>6r8aqpRo-dI-G2;|$$$9VNkkybU7iQK^UT^kU$@9z2ZQrWVD+KYa4ff5qY*Il0Y( zcjArKpP%{m29HWwy+a4D@(39oK7l)A`|{d(7hvudTq%R(;p;oJkO^J9+ksl+ik_rgP-%dDms!iBBZo<PKZ+TX~ z*(!TfXQ{QiOD!!c=YR8~@V`a=I*kB-Nj`{0joC4Gzk@%7jh|DSizojTl= zHT?QWjsCG;j{mq8zSX2F@h@xn<(GdOjd4eyIy;!7oUmU8{+(cNg6CYR{{G@`KPliH zKC(yd;Zx7{+h6}}g+xaJvkp8pV2#8c;9L_dpDc#_$JCDOt?>N)>fe46#XrdynYMLO z=DHSVgZYLXN&4Prf;7Vji~jI(=@9luRn%;3>T72avvm=jA}H3^r8O->cqaY_YX9qN z1XZyRK92m#f=*p+Q-4T77Gfkis+U@KXP4GcqlT+_LgS;zWSPf?F z8NGy{u5%7^$rxZGRCTi|n3W)D+NnIGwKVHBC1P3i$Wlf=+afrW>1@{!$z=*^*SCpz z$j14P714Ha>r)C(4-(4d?8*=}E%WY79o0;2eiqeqb%H?dm}AY2tB7DFw&h&|5;$Bl z_B~&M!Ngs|#8jMq%GId9PCOWjxDa7MpgH_cz&#G z>TaHmG*Ct4Q^wrCacxB^4ka&A?!KK}u+#(9DqP5;r|v=|1e!ibxgb~25OkH*q$9yl zD#6^XIMHFhC%vlIko;T(IU8araiJthYxa7#rv8#9M>by_fp48wc1w<-RPZqlfvfT5 z8SgDT8HP2olSA)ol*&5IX%AzuyGt1w2t!`Wfg5w}2@;ul97vs5sbFT_$0MSpbD5=O zSvw#1;sZaezq}fqZQCl;?XWatkrZho#hTPc_|L7>7lH7a_ZXkKB3B@OoXMP=<$Os@ zxwXI#9ew?t;2f`ccAU6R-v`Ne=3VI;ytb1vW}T@j0m4eOBCs-2TH%3LlpL0wsS6~Q zGnrhefmc?$w5)pHUw<_Jf<7SoG=tP_vs^uUcg#j8W=do~rx#(=Z(T=IsOJWC&ZS&O z3|}eU4pI^Mk}j#n!JiSW@$!}KaSg?-F9pFu1L>)bH=&`SIlfz||v3$WsD>f!2 z-TX6sEGLVg#Tpkmgzb$pxED^W%iXHJq=ag;N z^A)u?_DsE>>lhY1P&8jCH!CuG(tYza13!PS!{We9{4&vM$jg(z z=cGRyjFTLmSrzC8UW-11&NQ_`C3&Gv%|c5HNlAW^Zbri#$0c29$rVHWV=PpiK0HS) zW?jp@8s0Z1#$#>Q)*NJ)OmyKfQrRYy2(*#2*oRA0!~OwJEVQ+jD&A4JnpQ=fdt{cS z+Q8hwb0&Lyo`tE;-$}{UR8~ZGiR$K88w7oeZx^$3RJZEXVaLUS4~{Kc(NZ?+4zP^j zp;FZ^SJhk=P%yFG=HJ=%zm4eWJEAYSSkyA}Zg~^;LPK>7uSP!hBH3eT*j}BuK~{tc zhlN*tX0x@%q9VhM_YB8qIwY%OX`5qcF3tMdxG`Yks2pwDgkziHpA{CW3>&ozz(v8oqF&N-gxnPdoh!k}KPI0=T}K5f+}@0jU$GuzVgZU#2x zgw_65{yzWvEiG%3t3;~Uyd_K1^AT&M=-q+Jz8wlBn-5@%98?#0+~<90Va7^u8EcYz zrm%j)=I~z3*05E+S$BZIq*cXEEn9ZVCmyq|bd#w_+W;+nu3T#*3?t)fJzH+tnfk`Z zV!kJ5bES?}D@iVDejd^4P{-rG)Nh5f;4*B=F1DT0?9GMhNG&1vF;;~~jGV4&zPBAH zvfiwx4|F1lqUY{AGSXkYRNBp^RnRk+g|v)u#}IfM_oER|DX89rW(aee5F*;{M1yr{%R=3GbPs6O*0k?Z^yv#fH%a3u{@Fi3t{ zW=VrTea)G&Ln3?2PhE~X!<-#TT67!-p*|NHM%TiMt&jcF()|okZm2`Z%+w3a!%8vD z5qzbsAM$&HD@}<y;H5BngtoXjz!8FG7(VcPTN<5kodHm*bhd?QgbJ-NJa;ak9b8Ew+7d)s~@SL=C2&LX3@UUOWqiEJ7@ zlN1AvgD~RryQ@jNcb_a*5iR7@U9cs2ID1ZJf&9E_TdY_~PKHit7bGd*#^@1BR$uew z@ptll+bd%_qLOvbk5P?!sr46FkhrZdzvedia(Nd$mu1nHXJSI2H4NL$z%04%Be+^_ z)Ld{H!PhE!9JfpOg>NL1-`2e8{q+Ll_DkJr+xg_nO0Q*X3FpqqZN<^`MOanL5WIn% zyg#)y-Cnc)6#k&*Is0;Q?0D%?#T-ElvHEjL$k)tOuSeKz;G2!*Z>~I>^$cP#9!N`}Eey+BD~CL?JC9g6saBm&OQ%#sgu77%>2pX-uE@w!U1BHZ_}i$1dN zuE-9kt87&f(H2dG_7;D|WdAYFdc1su@y+d(!{iLJO_BU43zkz7o+6M<*gnQ_i{H&) zME*K)K8J3ZQ;E~_xy#4*r~A%ak;z74(Txm~(>h1*&2?uLS`L;Z7JGTw1I)?N7ccpGy<#R7xI+QmblVzqWbc_K zicVF_vP9qQ;(J}2FwYHbaz$S+3n%d8HSdVq{h1aIg!C?xFMdZ3< z>ZJ<>{o27^2Bujaak@Z>%JZ#;hiH_@bTP~}S#)6pFB{M(J&O8yy?u1(?v<_GkO(gr zI_^VkJi3!F8b&vbB{OJ}d!w^9**wUX9jWI$!$28{X?4eranfyclc2@E(xM{kXx-M| zu<2FYY=&NNp1wHcKK@3cq+-41))xGj6yy{~#rCM(qjT5vJxJDP=ES!$XfFv!=v{5# z_EQadlCrB>Dc@=_+mW)UQ+3PDpK&hm&%lM~hst0z-5KFPwer)7+`iGe?S`lQZf=Rr zv+PJB2#0JM+1Nj)JgN&|cS<_z@sR54ouewm=$SRQPp8&3_M7>J=Y_k~3SwzHj)`1N zuz+C5$W&HQz-(HUJ8#%8p2J1v1Wr zJ$NydLl}}=?F-*lrijd3poF$D9a{eIPLB9a*#=~u$bat`H?n+xDBn!&-1UdI8Rryw zZP0h`zudc0G6Rp$zGek11$*VpR-DWY+4h-M+H`Y4=yB#YxSbA?aZSF?PJ}pb=ME~2 z86|(p0b0I;QBJx42_osHhjde2qSSSYYYa+LOn6R`s%zWK!=9+-&eoQxBN!T%oT5(t zm{bHFWQ?5ld9f&Y${kA2oShnPl)f@c#mty=Ob*HTczbvs+YMEnjlAn$R_tCLkG#@W zzLN=a+1C+SwxfY=&4levl&!TO)>=h|b@W7DF#a}+{1&`DBbnwhbMKRq^-j4>S^hAJ zf~zcRpr?yd8wA6zw1}n0loeWIzRFQK!4zf0j@}L@RgnHLb3xgT7Og!TQ_x{W+gQp; z9LPWUUO`Vv=KhG{ofR53NQmOmkkt9(kOH`Wt3ijbrknoUaLgPf8~MWH5&>kn`+^`;WhWl~6F<+u~1LYAjkPGJ42 zqE3^&c>MI1can#K)5=prn5zDE&a#D$TCXQ__*-txm%O1F`?8c5%vYDhhV3+4IS}z1 zM8Ujic-jVv`uFcBx*!?#Q{s`gUPzd9rUsJ~cyA?+e0arqg!}~w2ljd*HWyXlj}AJBE2&fT`{dc4LJP^jkJkgg1^Qhl=`HG^}T ze+GN*-S%8IpmcYIHipBY>jP)S!+HF?>?^suF)WN+?B z3KL(NMYwK+K48+Z7>--meG{~{rRi4nmYl0hCj1b#4~ET0op0)oa(mF@a->H$Q}+ez4T%h7@XK6^t$8W7kav!XOyXm%$ftmc89UWd5tJ+Z^s z<_$$uc<{I-yy6_%W6U4Ef^f`ulVrchJ!ljo?53^c9^Oj9rdfooZtWf@Y9MqS^XD7T ze5zGwNqT3a2I*Pd`m$iboom}uI)4SRAM`1tSIAgX&i#$doe6qhq;3r7tn%KDYw$#p ziKJ~>5Np^gI}@e7 z%ZLiE#I(|U48a_QX13}%D}l;Oy(P~R=kqI_m$aAC^(Q7Zvd)|x!Y-K^EqN993s?wr zVztw-8ix60GpG473P0rZ>P@kl_=Sp1MwyY9n^2#NjGDN2Yr(!5ZDiO7139w;i2O?Q z{V9CP7E9)2Y&)5GIs;XAX}0yUrRbaG6k`?U8olMWc0ON?DKZfbCOxa07ZT}Z)4-^_ zya2qZ-5j1=I5$(7MnEB^*nxhDEms^Wgg)g6S-Yf1oNFSdlh~cg_&SB@22W?A$R{I% zm?t?)MpDeHv>DSxPw)Fd7l`g*rXr(g1E3NEkNyEDcEzqajnM|8j+9?%9yxipLkFS2Dv?T-aFoA56mb}MseI45 zop(Vy-_*U8V=f;>ZB48|<1(LP;swjmr4Ml+R$v-Qc4^z-WI@+>jd%h5iE#_BN2R0Wx=~Wq$?oYJ^Zy_clY<1~Kx7=N)R_sf&(h=`|mB_fD zJWTdREE{;_ssgLwXgCREMow^n8^ynm-9n`CO1vqO3?*@5JRP9Vto{J=qU3 z1MAI2_MNGHMHW7w+cu(M=$Yk3o3af1{mcrqX}5cpZuu9?>o#g1w4q}0)P>e|mIehs zis|*bIqE0-#?JT2`Jd6Eg5p338Dr}}dVEAADF#+TW8b03-nKJf+nQLMn|mR~d6tRt z$i|WiX^Y^}O%}b1GN#5=kOj-z26QdE0CW7M!$g8AfN#htq0uSGY~E8L2dLtaq5Z}30W?w ze|O2~+8#(n%|VKsiAxx0dvBs)&0U5*G4oLPlQ<5JHI8M}ep86-wf^jSY1aN(-9FVQ z!O486BgOVhzS?lf^UUB_248+2+iRv)4f29B`>cr%jQ+w_*_NAqGZWk- zQ`>is`4#oAH{?2*p^ImP9@Vd}?V5IHMnyE_N(5eDf1HTtpId3z5;@bgjk@*j>jap2 z0S;f%b;sDFoLx0(73T0wXItv^<+q>oRqU-c4pNSlZw<}Gw}D-L5PqeBT8Z0rp)bD+ zgm!ZS#R#pv)u$(fuen{MWIrDx!3hw;!ho-Q!>*4&S{+%c`so$9>@K}TKpse=I)m_g zQU=g{c16uDrg6ugPOoweo|-$KWwAzp*}lMzBL1^K3(4R-Dg zUP>__Qn!r;H3v!C*5dL6T54((Q&QwZ$3gp0Ee^$2c_r71jV>)qi)vvvbP=nxJ1cR( zEY;wXsVMe)0;U~|ls7w0C?_6o;*oX|37O@7Ot})Ncoc25!pl zK>fmWPciJB&+iuSvXoMUQeJudQa*^OkJQ<-xMMEKDdlZKS^ew}?B9jTUH2KcV4@ur zNtdxnRe0Tdm96-ajq?0M2+c#+;`ghb5|#37aNl_}T;Zk@I}0-R0xB*;b$|_NS6C0praj~^VyCVy!N%S$#666 z*WEEgN+RRBZW}74qpw)L_}>weNhBHuNbu%j=~7APW-!JHyE9c!wu&ea4oE77S(hZt@Ew8)+vUy|w-*3XxinEA*w(FM#R*{;Gdv6ZKH z{i%!J`?||4p=ET% zom#3+xPSOK(}Sw}!Oc=?2z?VPsyrKeg!Z9pPcx4j+gCOolRndZBl)C*U^p>A8s>+zg2PP zQ9u~VZXLRkX3ccS?rXevf!P%M7UdC5+Up^2BO}ejDU_)Kh|x?vQer=GvTw>&UtHceb?+?>!4ivRslOu7 z(L`Nqe+4^hXrzsvH2zW~SzskDQZ^bK7q;MQ`$uYks3#etYWjPo8x&@WAv$?rzIA<8 z=?m)`Pgt$VAXheCsqTdlkx%rfp#8foqC=9L+-_Wwf4%bO!}=|3 z#g(AP8viNmzs=eAPa_^AK>#(C-4APbwkL8Gg^YL+by5Rb!4vBPX$7L5C#Q$XT|A2d zZ<(sO!zen!;qy51`9Y;LIuFrHVA|3jlB(4IY>L01n>bJ@Jzs52 z{iBlfhgkjPWialWXu?PTbMF3E6m&kI#BOt>&g9QQ*td-T@>?+OZD(pf$RE((zh3Nl zo*3-Y#q&vj4vN3c`1L(7?*G38DEc*>5aGJBnjZf6{J(|RW913z6eYs<@86$q71U2oDW{A~QgsQet0t{oy})ieJ5eNd1Ah*PB3zj6xy za*R*QdH5lpxm-SWFewDja~`LX6;wuluIGK<>c_aPUVL+n?w3J+cg%A+z?t1OjP(2u zU8%q)FkbhznkJHB%kBevXL^~zF6>M^E{uCGioz_HdSFay2_Jcp(Ae| zl09ai|LaUnmV#k>GK^n-6Q3xxCr?B{Uu+-}G2CS?qttr*hZJ7Z9$qJsMho5Lz?@PV zCh1epUxlvLv{BLjcmTI+26R9sht8&cAHQCz@&vjwOQSb){&5-2aB=`SOSOB3MzQse zgM3U`g0r{XtczQUAnP@ft?lk<-0^_;HytJKHCm|`|d8o>&UmWEmuLk@GSoi zp492vmHSb(`!rX@o`1Ub4>?5O&eGAlw*R3MrxjzDJf?E)zOyoh!1aXC`fIn9Pm~2_-I;by zplHciUh7Bo2t=#70W^YrxXLNZYcqB_tphMVZX*RmSM0=#Maj zYCi;ZMg%VK&T3i3q-9lbLdvV9f#u5pr7YEy`-#i51m!}m+mCVO*a0C^(@xb4&E7W> z7oLbN?X*i=$On%Vo3(`VG~((#cYG;?Vjqn>{8jb-*9livT{*c`8N-R;Bu0OFmF5wL zHU?R6Q}08*LA!S#RAZZEkP2nDAf@Kc2IV@zNo>4B&LU@%G*fLWqOKa%p}bSB|yL2`b47RSTwq3Gu?*vg03Lp4oC~7J(c#YI^^GQqMIf%Dzj(lDWyNBtRcj(#%&z zKk>Su?F2!ke79?BKar?~;;>;1cjoHKeX?e#6vI)zem^~_$U(?ubDco9uCF0DP5b0L z&?Ni0=9!UX#RPLeTHu8?1QGCKK6sgPHfH2HEcCIK3eRWPQ5%A^?Aw%ULu^uolz+CA_Q)?BlpEU@l=CT!ScXXkMEIslFAI|UsV^I#Y>?!cP>eLIF7#zYeSnB9FmZ6js5M}p8lKs&&*QUl$jzX5q zqUxw~6^5~k-N+WeD40Z}L~5Rsl5{p+Pgn(cYq3kW(A-c2pOs~(w#`cnun1I9r>Xa& z9EWE5jGcQc+;%lVYNKvd8Rh@j*{A8^h@)KrKE4RESN`XZb86nFJq$xy3nWoZ1FbX|{ajl6( z4M5RqAZJuW+_8HKqB4(4cP1lHky?pT**MU|FATu?^Jt*jN19NY6};tP>)8 zZCN%;nr9R^ghC@MOFl0m_p#h9rsIM8;5(1EvUnJvpc?5DaQ1q&>pze6Ip z*2LAxt<&zbXPc&)F`Ijur)!?fe-~IcThHszKBhAY8ji5An@@6ucIOe6g$AGBb`@Da za-`WW8sahRoKpd=Zdp9ck|mb%!n)vWa>79Q?wkm-`Zl1k^uN9+&N(j;25UI3+?FL1 z#<^HbNZ_g90+9lUA5EXpp`Q`&zwP5m#%TiU#%(3KD~R|MhQ<)KIe1c2x=!9BjSZTG zNWWQb(j<{!gK^~;#{rm6BVk8z!wr}1uRh{~#>}#iWbV$1Sh1(tZ7GkxR>RZz+}#9Z zgK@Q*XSq#eczf%pQ(eVtJ8`hQl?IlqBG$VWEVj!yAjea5A&pU5L9FP~omcZ|FSgaF zJOwgG)B!PsKA^TDO+N}gy^h!j!gt!42#v_SpaQ_;{oahip;FJunT;7CuH{CdBPH_|6%Vpx*(Zw6kA|ld=-W7epGni9q+g zL&03H>p19aTSLm8pP;SK6BF6kYT{~r<^}89I%LwP+MX8&2qS%kXOi4`WK+Eyn2B%P z9oqH4Ka}pgF}qlFv!?sFUGRhbo4_J3y1MtNK68>aR*BLvrGtNngu61vGyL^}=v#V0rVam^4xsWr3c9q%Lj^yKkNNG@+9T zo9W9>LsB`bQ6$1?HX1=PH*W=ZIYFD`uAmfy{?xj+w)NyU-T&OEJ(Mb5$7k1c#GI>k0ZK9+KwCrv#k9>-S7_ct1mM}2s{720mw z8I%HRUytf#0&x)u&lVSnIJx2;Qu&0(-$$8U(Ug>vJ5HK{GqDSp zL4^@{4kQ_iYR9n5nr_~-$VT|$y92kE?sdNC0D-%jw)GvxY4U~Kh8J_FB>58YR8)@N zD+2jh!3$8p>MHBjDB?cQt)lIEarwH>%v(c!I$KCfl>;u_+>BDpEm=r!BRlfAU!Qel#*$?C|v_`Ukuj)!sO3EwuSumNEmUW@hP)>S86%4}eaP-h{ zE(kWbySts;jAGmzlC?7Crb10n@ZM-47a6K2RONdGZD=gs3%l(OkpV?U%7RRx2d1uh-KvLd#$H^*fjI5 zxi|Ae^3aH;d#2 z@b(xuJD)?mP9flp#YxjR^gIBRXha(fSpQr7eeZ9qL~!rs%twMMZk(Z>+eUEn`|I?1 zS^lT!@AiP_v~}oCX0z**eBf{SndSat6+hM}YUk;GNv}Q7C`}cmbDWCvBaRs&Eh{T) zy9n@mag-jMe`H}=-9XVp#x13FKIEdfZUNBWYSk>=1^DIwF1cZ6NAB5}0h1jrkdePN zkJ!&4VV^dw(r*LYEg`KEyA&N9HOHgSu$g*yv)>9=_TvSmm^H5UZ`K^}zl`LCcRt`C z@~%`B7Qhvb^rzygy&@ldzNGf()yR{5u)USKLA1LjQqByE3(Dcwd8~#8bd)qa0A>7f z6%qv8J}tgmwZJeA+^}~O`W72Zw#Lww_yzb7Nq{%b=W<}^jP|i7oNLWw@T)+lnfkWS zbAgvVZFw1hy;`xO5gaAxSOB7|F7Cu+FORQt7j<1%J~;ro=H2y5_Jg7Z4^eK{CO(0M8fDyoV7MX4=myCh5W6Hq!%c3`y38w54)}J(TJ$@xqvVwWO)V+_ znYC2SpdU1}^?}%aVQ~pi`|W-BtcJ`%()r4Kc9Z<(u^6d5&3x0%4kh_s9GMFQ+MEzP zkOxiJO#$YaFWhWGRWaKZ$1o#*;tzOt{eUGK0oQDufJayo`vZ!O%4X%E6GgnZ(uRzu z2oDTYKQcguYdI)BSh`8?%X!UqZHPXr?l=8Ge;=9G!;n#d&ZI!=Mz+Etzv4)l-4xp( zizMOALL6=kZD*?gkbV=g8q^-DQM|iYYB65_X7MJZq*@yAX*1NabT@%pD>9|o2SLgL z;Lh-7=p=36)%bGm;}~@=fKXSRHn<5`iQ}9{g4-#gRg#_xECE6(7ew9`!PwIS+5)&k zZ>+b8>ukn*1++^6X3YTNW!}q3UhckPSQK1TrBV^UeR<=!y>{)^fNdbizIiiIwdn3i zn&0{KA3tMECcx)NV?GPBHS4m>B~Rj_~}stpj@RNty&0;O1O1nADP|DtYcs$l}DbV1)P&0HCd?K~``zXX61 z>+V$Gv!kqQsd`H+0b=nmx{nJH5X_KrB6}nLo0~RZjopCO`JbD@ir&^}2jtj$D0O$g zID2DYE>#MADTj=S8K#f(N1=%345>CogeEG7XoU8<6~Pk$U|+-qSTSbQY|=k z$AU1(N%x)1{Jm45Skz2oEm?N&Spmigt0Xj`K`nCTx58t4V+($ksCw z(s-c3P$X!6Dcu@!(TM=C#r47U7)_KsehtXUxMfAKa;?!qgOk(k2^i)-ME7){6lL#^ zJX|F5{N%-0p2&62EGduy(+A}G;^LFnF_69ji@C0@&W=d5hTeyJZ`u}&n{_gh1Z>9d z34#?4hL<*w%>y1wvOh15MX@O_Fmt(3SU>!!`x1`SW5K3V!rk}a4@?5OK+r5WamrO! zXS4R4Ra2U@tqu+z@zkbBR?P@6y=7{e3K|!h_VA*ZdG1UDtZ=?-O=&sn_RG_}PRk>9 z^x+^{Pea+oH(c^l9#N)Pbxyr&@25HT~5_|EDc3x^e%kvrG0>1}t>ghpO== zqR@l3hefxns1qFN}aq5nsq_2VKmCS^3y%t|KV!heW>@&FT9@~U$U6ekK-L z`4>E@JN^y+1kU_eXDEwW3wAALzsL=OKh+#TDbQ8wXr!j;l?jVh0P&jMd)h~gLGpr?#>J`g;j zN?^ooJQjVpGJqin>0!xPr|5-qaGn};8W;jFRy%oUxCoGz7V=PXwqai3Xs)xzO2iw8 z_qN9ZEkNNwwcOcWtIR0}h}dOwHZ7|!h)GF%M7|%0VXbuZ4^hKu(b&fXex4WqN&`jx z2s8ub#RMRDl&tFd;SOscGqzW9z3X6&-O;&KRaXB9i!HJq+iSL4B0e^o@35e`3y6g2 z0GH_kXHyV_GpPJOb-b?Xf`d6Ea_H{&7)-Q@;PdCtnHlgs^DiG>x_olAIeyM`P(+se ze`ypys?HxN^ix|u!i4?)U=w~M*PiczA^P<3_QC!0_=itxf%!ZXp}p(#kL>MV39+aQ zC}&ZgIphC*fO;)Ypb~wVI;H6#MtUN6GV>3&3LIqtdhvjk^w9SX?-5$hq-f{a7@C3~ z6a63k^<*TF*`R`WGyndW|1^NB5x9cb=Et)f2L|zY1d2cocf{g||7V>4`CreyD`1{T zq3gBZyu{xD^8bDkB?Eeh6pS!jx@x4lDu@6QUi4i2nqUHji#2QQOF|k$)g1J4!%?SXWCwYMi*} z0wHpy_xt@vn%hy$`y@LzFP#1>`~bn3&E?o(=(?c)t9?Pa0D;lV|CoaP*LoUHGO$e^aJGeLCv$-&kco=VO?5RQ1_gy&uk$`x6#_=qMJz>~nz0@C87x$~; zh+@eZBi(&k>c4wZpfeSec{yUV?o+~yrTh6Ds}9$+e_EuT6ZjC!dMW9TNc`J@SS`ez za?IXYA>1hkWnX0$z1rxC#q;NcCyXL)x)*1t7xunYy1(}Lw)VHhwhm<9|-~U>PhrHS=oG0m0EIixBJC1iHeakf{wus zE&4GIW|H9lFcIS%o~&G09Ay}}_@ez^_DQsYtS84-FGLSiV&_2#vpICDGWM5Et(V5< z#ID|tG5dWM^3yJzyb4Z)wbzGp|6a{cG2%qFiVM|rXKfFxBZB8faYQe<*LDZq)c}-4 z7stzzcFX)jO7cTEqLDZUdGxL2-)Hl;pTKf~RY+;g|3w79+vykYz`?#D_J#DfYV>1N zJc1`oU>O`6#k~LVob_qO^GUGj@3$>@K2;qlKgwk>8p%*FALt(v`PR8j;PKdBZ+(qC zOiU@2Ta&7q?Z7tM&yaK>7)jXr4>}ZGDwtg|>tC4d>-@@8QujXbCBFiOv@WB;_Y^nvv2!{Gn;5)qg{o2}RpUkDTJ-{`GLwO95MxdwTT7chM*w{ugD&cl0*- zUvj&g`Tsg&rkD2IAe*tX{Lc$$0D87JY_d0Oy}FCJ_UmOc$5nCGaPHky#kW(lDNV=E z&>1CPFbunH!}((YFFf`I{ed6yI_CS}A8vyeTp9#D<2U)M%zx4L9~yQ!Ui9ms>&YVl zvJ~&P;SdUW9<9Owf^(`Rjf5;++-chVUZh%D*@M9pj2c+cV?JiTj`8Cizx+&L?aC|GUWJ9NA-(h++4f$`fNv!mdqTR~-uUyNQ|_y6<&|5dXS&zf*~N zb-FDAciTGkFC)>0T7~dp=jEmgh71jhY5m2Y2=tKoR{bQ$2rH;8J*ghC=65$5Hn-lh zy&(7>%cgssBf5APdsoOv(n`dbLdN~8exT78<>v(MunbB@8RxRnMBPOwHmb8ft9jK8 zpbK%lfQXV0s?Xk=HGH5c(FoMuY*YZ-JD02VCf8mz$c~#qb{Gto69oBkZmLR}CP3o{ zN;eZgA)uhA$Xb_hY&a2seh&2)eYQ(`VS2d+FPo!<1P7noc}123sK^?CTAU6BuymcF zR{TSP_}8i)w;lN?vYaG?Jmv+vp5}}%zVSvA@lpe^sS%CKJON`sGIj@! z0NE1UZ1u0rc+E#3X`tYKu+9}D-k@?pl1LiTmbhMMNM+8e-y z1v2;+x-xIXgyC!k>`o+s`< zyg1&`k33@>*9O4Q4`q?{yNq_?HT9`}Tjdo5HAL#m=!;Z^pFhzP&*QS%MPgzbCYL49 zm{V}{%oV_wN^Oo3?1o}!l4I3C{cZuk>9%8v0ACgXU@d5S03cU^o;#+q#Bs^8!D(Rl zv_%Q3Uigv8nJ340|0RWgsADlbuJ!tH-4*HZJ(B?ms`s4L_c`2}2pCXuDO6h|cV-ln zJflHH$0T3?P+s6OqPP}_S@I({74Ddwz8f%A&~J$-9CB{VEL{}f^Lu&bYDqd0V5Jf? zA@B+1&!&T75OM@F*y5&C$>((dDT9I=C0duA42j5|u>m~MQ1(_G7Cpy-a(*Exxgu*x zs^dX=kZRJ29Ui41Ju2gh0#}YcFAQE?awR1}msLLETCLJN?<#4RY;wa=O+6o7K( z37R!NVe~ZpTwB~zl~m=={&C=}JAi8{ikj{q{r834tM(M!v&uKa(=Kos`q|I-v@@$^ znv*jtX9Jm(q6L@AQ2CuD0VR46LZV}5^}$6Txms%qTLYkZ9Ch}9{yPvifEen0);SW^ z=x`G?&$lyNZSkFV=5D(YwHCAW#obI{QH+1qNQbhEVJ5}`Fo8wBc2rNfDjRnJh>pm~ z9l-n10M!f7wg818+Df|?TtHQLKsgSFY-v~v+<5r$NPmT!OL7!1=o%*L8!mOs0vG?Z z-VHcUm5Qnb^#^mHA8{qi`GofKpum$05M~iO?Q`Mb%2_#&>iU3&ju6>(8R>P&x;>fdkIE_W)dSJRbvkVPrJIaNSgOd+u<#C{sW@j0cEZBZ&7F)Ykrx zrGG!)WM@5#AXxLk)dBI(%@v>tEhA-$2xEr^9c0l@bw?dvd097x?vD+F>R@*3|siK{24)~Pt&{qTxvdUIpX{9Ob0-I{@iQHM6Djf-*C1YgKDaqs2!OH|TG815s zbLN1jn5kRU_SlCL+EC<-vF+Az^!9==NQdNs3U!BRNAd&Q;Lg)Bxgw`q%0i zXiS+Epggm}LHNn>9+Th(lR1LuOfUD} zMs$CB=*Vmcrds1Nf1aT1q-Yz^cMUM^w~wg0CdQnRtCj&rJeODRQ3_g1sUe zK0Zqpt0by8;Z3QVjc5^QwAcj=j*1z!$s5O201j*3km}1y+_$4-Z`vRWg`mTnOWHDWS36mI4W`oCbMi+igHBh+Wjg?2sNl2X*s@%j^U*F zkK=s?)Z;l=-dA>86<^^$x(DrawER}L)2V%r9xk>`!l9J1b2EDK_(-7L1H;W5TY&RW z!gSsKqHIixKIm+9GYp^o!r?ez?c;4!Ed;P~Y#jH}KDrxu3tS3l+Qv;fnzsf3(^C7b zjwk|eK#=Ox0ryG7RmQ^i{6KBJRGPi`BOxjEhh`aHFV_bBbzivX0=UhKaT!-b-amO@ zfnL<}G;aRtIdF)>-dh&nz&Kvzep-K}+Lv!;gyY_-Wa$d^ebr9c9SanhUv1=Q&0ex? z;jaUyB=oDb>{3dK&=ly19>P2)HU+3v7q_=jnY5EaF7T`-nQ3MwQf+{$R5V`=7(Q$@ zjo?P08mbE&4utqR&*M0GKe68jb-mtU?Ay^;vn z4DgL5<-36wEWjl=cKyJzAgsq~dja6NxOt*Oq(R#SFslb9UXk&C3=&IHGth6OZ3PsA z!Lw7XF-xgrbQUPMe-t1ZEtUbY>5i=J1SSiKCC)f=wh;oX0l73+-!C!fKiukfqjdY! z3%!x7!C*t$n}!8^{0-11FQd(CEN_Hs*n1KS3q6J?*1GXz99J)TvrTW%+;gO}@FviQ zjmVn~LzMwUNg?pT_8}XMfL%7O2Np1MM&yeBANJldEXwqa8&-4-KyZ~*5DXLs1qBJE zZD|-n8if(*5>QfLO;RPKLAqh+1`*I9C5A4MPNn-fZ&+R3Kkhys-s5;byziGiUpHJ9egS8e1V#t_#xnE;k=9^v9{U1KC09mQ5W@@~XjP2^P}6j~P>>BHA-CZHWx~vk zR74;OP^G6!!&q%zZlp*1^B&nJ&5yS?Cwf~Glyu7MkDb}NJ`5EmK2bKBM8s67G8Hj{ zkyu*YZNslsLc%a*b$Jqj?ubskuZb#5Lj#m>AJ@alg89=-OibyM#>_h;Dpn5IyKDHi zE&~Mbl4Bu+!R%p9PW=$yiu=isj#^xn79NMyPKH{&L#w!O=)oFA^vglYGs@@XB3Z76 zdjo3zaa_^DXOh8aP2F@wS=o+4y35Vl2w0H$0};#u(vZW;V8Y2Zq~q{kMae(j#ru={ zn{SAv#8bCS6UtmvzAl;BmDk;d8Qf)&oc>B*mG!mNGqz{4zI@Tn1L$n0vfW71{o#5- zfz3RP^;+~zL?7(43p<%S|3Z)R21IA>psp5>Y6p^aVv04s9I^)q9+{}p*=BCJa2Od~ zH&lVSsPrmK#1G*1$y*;r7|Hh(9Wg?zoN|lv*Y1vTT+75VAdQ-0afhBT-DqSurxmAN zcx>xPFHB?_Fw$V^lYBe2Ks_^}qTrG8*)t|4%hyP};yg3IO$yM9DdsCNH2FTXE0;b0 zIKs&c6r+;#VHJ3^e|UL35q5)7P!0Wve|9zY!)@(H&-b-OLDB3U?s$$?EOp+5u@ zn_}o{$CB0xP3BLZ=C@(XzYP#ykj}~}a32%S z1KMRpSEfmw0iC7aToW|8d)l4<+XrcC0NLc;AKt*wLx8NP;hz>q)Ns^n#xuA9O8vU1 zYKGr>e!>t*rt}Yj;9c#;r~}SvBN%as#0YI-<~gYA+R~PC+H%axTj%`di)FUX3YqT_ zeciWmGkTHM$9i#x&&-^&u9L%KqkA-YK~DDS3?r<3S4DCF-0+x?5dh=KVM-+=m4{>C zy0(S*vT_OdrXoS+U~+$IK*}i=IsrY z?8JD0!}>XX!Xt8P08`K5i!dkwP+CpF{dL&8B?Q3BbYcTz!U$6hV%Vvk61J9@@n&_K z>Wh|R_W)mP${@?yLQ6Xp$f@IQqd?5N8J2NW3vd}7wO>itvKdFq)3>TgVHWFri7^Rd z_vC%eh+(W%QAnDuP{FW3XO22U>ltEEmZ|%oI&eK`E&-rxb8woq1L8apKy|I-f{kmz zHWR7Dlyg{iy|@gRs|(ye{gRtv&-kbCr^}ix42sVWFsTYlZ~#Z5<+yW@a`PmR4yFl=bVfT@FKKU#&6J33Aw4EQ zn&qn&gw;Cqk4^d4x5Xky_tWs2X!_s0(45ez&8m=?B{^uBqMuw?CGpx%>$yby>9e+v zP*JXDp^$&b^OPd9=XuaPkOBH;g8i)SW$HDd8{}U3>!ktYP64Xn1W6Xp3V3&h_?URP z*jLM*w^|>iQc1L5a9FbietUOEW6X7W3%Oj)(4{4aI^rdQiIFX#B0Kb3&i0W?NgRzU z)`Gk^@#gE3%anh*%?jQ_CQ9#BLRZzC)qD?z3?H0KN*kL5P#Yk|N9Gq7=SsJ%KeOyoPu0-_2V`qSK-8V?SR&1~XLzKCl=6Jg>#NiIjV zPR-5>B!6GS-(NX8v3TY=78O;i3Qq>MpB^fZtB;^rGF-DC-1pZH!Dc*^0EbAr&l%;r zU7q1vmy{;bd#}{);E&mp{nt?cn@2I6mwF`BZ0V4y^oNLW%5J@jc^RS8Oty!UdXops zC`hz+K140|{&T6PGe4g4uPX_44LYxm54}3}Akn|LgmDT^^$i(A7_Rcs82Q@#+}w6t zH=dO2N%UV5a$h$J-xXQnxl8Vqw&+#oSlRQQUeXWVg;%Wzd~mMPes-!s>p>L<)5|L# z_wPfCew2Gc!6E;u-gbR3Pj7tg!hE24w0YiO*R)b{^YB>Oe4BpqYL~B##=Mn7(dM*% zqsK@N9kj*bx2&57QyEJN;E4hR?Q$)K>&x(Pum@s#+qQm&o=@OO)K7(-W!ijFpZ5Yz zr5r?RHG!4jYW2qMH^0^kzs9jb@~C}d+{Ao=DEzty(nwLBpXd~;iST3D`iwN-gez@# z^(WbcGf0~_0c0{@W(2Bb1S1UU! zmqWYdo0df;su{tqn?!5jmwRHWbQBbPprsLiqg+RN%ir10ya+cZy2km1Y~!Hh5bi;$ z3m7*b%9NZvMmbl1^Lx*rZ|oFf`WKR;U0M@#g%Fq!$Ocz%=c9eMo`X8Rf^lkcguuCh zP0)=g5pp!-4Z_Yp+BXq&cZ$Z6?lv-tGc5E-UXj?+c z$aERj@y7>}RR@s0#&{W3xV~ny45uR0FGjTJV#BQ`6~gN9`1|Ew*l)fa3g=?rUvJ|@_ch_>&^Wm zVCEq6e2Hh@M=t-o{_l6^g}62_^&CC-oBi}7B{2hc3g3YJ6`M=_*>UNlu>s>SeS+~b zb1${;w=ewhz?4wKLWrp-Va)FrYlR2!G3ri#VS&CKO<88kP@SaJun+M_8~U+JBBCFy z`<1V|z79^)R`~umkt_XmH3-u=md@*s%?Vz({baGo)1$%d?+a)n8PcI$6%QY9D8IRU zlT+m9DDeylL~JB{o40U-&E(t5-O7Erd~MA_D|&;Sob_GnGlz*Def-G#{fcx?hCT|h zfAXo8W6AHDQ2US$-7o46UaF2}OjaXRn_O$h&y?9w8ajEV?|06-;Pj6iR>^)Yu$g)*IM{J-QO0|m z?Z&z+9erOyKbG9aKSV0Sf{(S&@1XnF1u7f` zfuPdsRJGl|2LdlWSU8bOU(L+_{bT)(!Mnu-pP%34*l&Gpdl;qTkP~dAqO$rgEZ=W_ zQ2PaJGx3M@9jE^NE@I(n|KB~lezUw!a4Pf@9&fQFg~L$LV5a6Nhem`U(0m>r@!0-7 zGC=^%bOHZZGaKK2D1t|{^4}T`x`>9u_>sK_w?27)Tp!~) zEU<6?t>F+61fQF3b3**TL@-v6!@20cMKCPkbL&9_Mv_nFYV**tDGGFxR-Nml)>J@q3(XOl3Ih7S=BFA8pJ1xLC)t+-v*G$QJh-(q138H zzLWjDMoR@*d)6N!MdIskd)78X74vPPC1<8p((n-M45yoY=BHZTU&Ch(5fv{8V#-mFK9+RW1rqo=G|B{D2CBr--?%gYm?tAeRQ zH@BQ@=souHhx~G*oB!a&?Rae83iizUN3?rEHM+{S6Gt%oa9h!GmPf(zE04n3>zfLu zRh^kh@;oZ-tHhN_srv4PV_WQnUt)vfd!nmU3#{{td2;mOy6>A zky#kRvMM?EABqb5Z=7;Gws%GT!JtU|d9xTL%NiB6hWX5xAi=3YE41{j{w~h3NkL~r zwWlKXR!Nh_`Cp$vqRrN9KVkx+|4Pu_GlcPoMpND9y^pOC^8awEujxjA}b&k1SxKG~R}41RGyGaJG@=u$7_S;eaDA zqZ>fnj!uR4wc4AZ_lO8y_%%1xVs<_o{rhI6PXhaI9CVYBTMl{fd2e37kBR|w;4iSr z#L6=HdOzrTIH&|-|7LXERD948x}XArfq9KE0K!6Rzmv-M3{Ia}({?e z3g`gJYGC?gCVw`RP6#ckgQ*?n7SK`e@bMi~{+DIud6$UA?TD^~koUZ+?=W@8d>pnU z>Ty=qL}xzb^9uQgGnX3PTy2_b(IU@-wss;s7esKkjaDa6M$Q-CkPUSD6ohAC>TG|g z2LR`pqe*!+?iU7VRDhQgTrO^Ls@fE3Zve+VN{&3lrw@_Hhh8SjXk+Ya(3Tf699V#^ zz^>Xm^$|C9IoVJCrkAjB3uVVW>s^apXcYd^qfJN*p==57| zFM{z4mCEo(MDRX4_Qlu|dNfuz#UCf+usqI_Ro;gfK@hL8go8X^A>wO6tx}F%7(jZE zQ`dhe3;j46|E>TSOHs1a3n~R2=&A<-{ehHs-7~mOsp=>^e9G_987ZbS+BEtn|GX5o z0vb0hmhFbVlSe_Lq*K%FQqX$67<<`XIoQ+_(ZsrpGdC%gLw`*))9 zW<<|BU>9Hpfp4j*3{_d8Xe`sXMC<;M(8@ZtkShs9ngrnMt-YF1^9u#?Q5x)$8t*4f zxt{nXj3&3t>(_(;@h@+N_=|*+=ikbP{1U7GxzdYCA`%*P%3^Dk2}|$wza(bsXC^){ zxjn;*W6$!*Fmjd;ym&0j2qkDgmRivUOonlF{1@~Mn|^OaRm~fbm%&xQcsKoh&mgfUXDNoPL$C7e) zBkT%9X>}aL8WezY+-{iFIp%qp>|CPXP^B`u#R8_`{t1L+jY+8t;4<#k5`-mNVqX*{ z>jlacR;|8=Kxtv#Qop|%8lzUvt>Z!d4rZZ>zSe3h=!-T`2;A@@_l`OP(nnr8)hez{3HT{_irWF*Sh_N zbFuLbTDXZ=Di`1|as9%Xqw{&pISwAn=;_aNEGtRSH_yqKK3@-bj%lt?ypX!t zM)^(6-kWw`7R-g-s1x5K1GYJIoP{9NsAjvguK}se$ybUGZJ@c?j{MBKuo(f-dp{|z>F6e{_w?e0?GuH*UDT;Mhw_h&s@@r1TTpw-7 z^9YEZoPu_3`?Eiej{)sE4e7s6N`AC~0Pk#ir%3XC0W#12!e9ibnT%nkyxXM{;%^>X z!v;a591dYK?vxP+T(pR@L1@1eQy}Kzb9fD;WK#eNbIO*5T9tG+OBWw$PpWF78~tbjCvGCWCIeHbum@N4(rR^mO%B)GYdjH zU(o*G+0(Yhzn+vaDtV!w0#he7dahi3J}y291g0+LhK39P(}>d{&PK6#3^-q|ZHjNm zl}Dwv^LKky4+aD$;*Q$YB?HYU={%q@J9MLiRI`NES2$mZJT$7S2#KEuK2lTS_|T4s zLwQmmf@~^v4g&cghl>Dcc1N?^I6ZB076*L1lC-+igoK1pp~L@npwMot*R+}Fh&$~C zCRa~fR466P&;+JyJO5?6IE`>~h}$WIV5$SE18CAJs6mc01U;l3jqHgg=D8788?BUP`TC^ zxae##QLBh7F(74f*oa>ZM+)~#@N|B0@*>U$^5Y#jj8BlL4^<|h;1n%OP}Dn>!ib+7 zv0vydNkLC8mQibD*ItZz2tyLQozG)YGszIaPLu-q4UadUNsSo;5ifhYZF<%QxVRItGQ1c8%cmfDl@W|p&mxX`?Rgy{cQgA3b$ogdI zQ*v^r4CM-$?I0%}A^%X83p21VdcrVrc(mw=36FcX}!-mXKs$ z6$0F5>dhAUMVU0Db9vE}@S(@tt2 zo${RHQ+AC*r(ObmN#}_>>KvHGyO|9lN=d`+TOk#!}#}c zW3&E1*an3Xsi@+3|KL=@zD8yH!dS0(ax*;*5MN#m>#+ki+j*?{(j25$OA;h17DII< z-U|E3j9T}2!1zz2{Kx?3zjaIY?|~D4FiLqgVeGT9lOrZ4EOoj;P9Y7tA{Qh-S)0e+ zLl@AH4LlapEUbP`YR0Mk)h+g9`F(%_^p?Fr`=7i>n4Si({vL)A~ zt>s2nSlVR}ldwXU$Cb8vgNRKJF{xxA@2A;^Fdmg)M>SFO$UYZKob?T%B6~J+WJa`+ z0(M~#j%2#tEWictycCr>-G0AttO-05X?M=1YmAQR7L=Hf?4Ixvpv|KSn~V<)BVS+{ zt<5rFl(PHGl{h#UFmQrh=z3AezpepcqS)tuUftE!l5O$w`GD0J$b9A2zd?J@+UwG% z%cVp9n`6=Z?V@oOhC(We<>}wE)Un&(`d9#tIY>-r(xeCDrVe?UzT7G(@s2Al8NR{v23QX+inX zGkW6%Ey!xuR0PnUGij~nppTo$Fk$M#?Rb+q4qN-NwW$le_68e8ZiL4pT*)awgB3cA zdOW_jWqdYZb@W255i$kJaFwSd8C7kxHB{OSrQMh71?j~aajagPZb6a~j`=1^Hxo;u zHI?4_I^BG%i>8gU*hzlji>D?HLko%J6>doo1?=eq2(d)udAnV~96MJpJ`#yObC}pY zF28^16MLR!h)|NbMdwO7kSup~X577f>|l|Q`psI+M|V16;E=9-FoUU6woe`1^+fD} zQACcQJ{YnL`~{h>*h>$@k8RYe{F-RmG>h; zTLM0?IX4Y3*Xe{rmkILlcjk2525&eU{j;`8eI2VPZz%QDqMK7J67!h6R2$~GRT{KR z-22*qj^CE6@bcVot!Nbz-`2+52lxfi8NB{;8EiM$UY_htB*dgPg+casVJYar=jSE4 zkCvEX@s>+mBVbJTI^1E*9p=9sfXy5hbzRazghaZlUVcIVEW0XJuJKOs*sm=7d9n*1 z;_E(%&zu=0)>|!_Vvpt0@SY>pF_(OE_GpFSX^p~;MDrnXBz3ZH0DKjdfmAU6g^9Ko zf?61Q`8kY|f8iq6iCHDAur74u9}+DUhOO5k1p>7CH4!QUmUSAZr;TNbjQQ zVQ=qww440JHs7QF+pl&!aKbYea5z!TmPPMym|M9rTDn!A^?DDurAFp@VS55ZvE`M; z4PUh#`5g+o02*V&2iRUDW&)cyed=hIfKCmaB6k&o^tDR{nEm)#u~7(W9p*_ca{%o5 zl-g+ssB$nF&8Ay!PuD#-Mp7$eNuPW3br;FfA|h!Lz%CW5Nr0ZkB>B~Xrxk7&J+Cp$ ztd!DvAP8TH5J3UGClz$&;!{c*yYV>EEO3Hrr8qB#>6rss(mt|LRpUqvC;c-OCL7j0 zvC+ZAma{{jj<*n=;B0Lngu`$_+vgE}KR_hg*|NQu!};j1sz23l4TYejh{L$s{MoB|!mjB>U4>@u3uos|j&1SO!#yc=vAOqE*W*DG_Bina24Z zHU+1(k1mFLbLpeLPd9$r)D(HbqB|T~xhyl9c038dmgOYNSAHJrz_E6vexNxdrbVTQ zIG~ygBlF%a2M5`yMVPpgh#I3Whk>+y6r%@j3}JhN4M~M~Ki6(DI-0=O_b$`!QpQM0 zFx64;V`x9DtuD8Nu!=VEH{Ak(ki9Zcbny*Gy#7pPRZgpuz1rH^8g(E-4*&qECi^kV zUQA(yK)j8c1<0Bl+XOuFEF`H!kfau-XXrHLhHALrWk3K*nqIwIB0d4=@ZAL$B2du`x1t`(%B+v?|2P^%8~PF(Q36?!>9C?CRt&) zK>S!X^cu#%LDr;p2x@Y2qpyf^&61u@LKEoO1vUZuqOZ`0B4O6=F#7AF0|-%-+-j@K zbuVPO5i@wfa_p83m;$UCb^Re6N~58!6uPwFye*EPLANjA>x7Dgn)p2B3;JG>pF1xCxCRV!D0 zI#+7>rHs4uM)rnA!>@Hms5Ftv=q@U~H;Jc=?-5GYCOBKrZghG+1r`poVk!o!p6v=J zhN91%S1`>qu_R=5+v`Jg5Rq%WhANO#$5hNzDxz#>h_j%wtU@)u!_t>lWF&s`z}Mt` zc_lUmDhXy!y?aB=f>I@v=!wxwnwT+D?^6wJ=DA76U-7nR{a(O-TdB!Oa;VDIheW%Q zqB!j^A7xQrR|FHqqBXSRhJ6F=_q_vKo{kGF2d_q6)3E(|b^cr5f)%Rb+X0%{RhK@s z`GgGOf?hCoQ={qwFOAPp;ThXzEkc)XW$1a6bXbQ>*)|EOrzj{OR&Xa`Rti~CXlmo& zIGyWpCP#!L-d)ZO9jCYI_(R)ch?-y>%d$VQJ`@5ma{&?YC2Y|99=C1VE@<4mA|i*y z=B%&#c;(3rq;t$eKD@v$rPMmGv~D89W4A7ESwN`t*3T}xYyQ+@(GY7CAM0fSDALu5 zo*?m}N5}MzvuDbjn%e&BQNXBZ0iZ=1=oa}C4AFZf>|wRvIxD|Q)aEG$YJqfS^0Ujri|qPR7{3Y zy%?L=Ke(*0)V~UO7p=EMtf2J(nkPD$#O_R4Cdhl_34`|2IF-eXq7(vqG8_fcxhSuj zi56dG*8N`9&#d#=Iq*TR1aq;!MOaN_m*Rlm+P35Bnd<6Jn2U;MKB<0AbW!nqIAAIH zc688E-ITu8#n80cZFGw*cBip=rCB8A z8mga4+14*W4TKDX?Bg}Ks54js z8c@+)+|h64d}7(4n7!UUe(!CFsw~M)ZV*ku{_zEy4-4b?P?SaQ9cP)f9!Q+;tb-e9 z=XLK`xhct3EJ)T_j(%FS@3q2m4B4;GCOh~M{%B+$OD6>4sI&q&I%Z_=hH>?i z?88xV?mGdvPVd>ou}nlS7Mq}-C|i^nPpE8I54UYkx$PWlkcle=s@8_k-XrXRUlbkrc(q`{3mMs^}kw0r* z0)4i-%JGsC{etq>_&U5+Cz><8y^9=Hin zBl>k>hK{`Zd70_%=~=F~#M=>Nl)TKfdpG2X0azL|B$uTz{}quJvv}m)nk=L)JB;zp zotu_CFKk~^?UHCe7q->F_lp!G>o>9ZYKOOl{rOBqr_;)W*6s@AT4ZwWo-ucfUfD+* zJwMW~U^!mW0ea(l0eVeoZf?g%3o_iiBokDR*L)nqdpr_-KJ05l zyf&P?b_!(U5@dWsOouiRMXEguheIssPj=eLd~?5QB8PRN+_|h>b1HM)emRd-)v^`K z_AElE>sE@UNJspL2ZrK<3?Xw(Qy6=m@|J9@?rQ3DoX@iqJT(oVB9!}U7S=9&Tfv6;L!XnphJB9*q zF^!ziKgG={P3v;#vV(BAS%Th3A1AFvC!FkPBT7f7zyRv@2dxuEcUCq?($d;QPc=9? z+ys{VhlK91;7H18AFMeU8w}CUD|zE76MKzTM6~FRS^o4Ydv@MA*u*dP(ranPdH3YY zM_p}_gRLVXQf(TF1%?h?vyW|bRhI9&hH8X*PwvD1!TkCT*tSggMhW&wVMT%6=Rf(C zcO#TD7N95sWvSG87s3;6X8?q;ZJ^3cV`3g?Bo=mF7SW+0{v5k0q0kVcHOC*4V-#;S zgw|S`ib%{Ai9!8pL97*PfC<7X64vA$iZ-_!NEfAv&Sl|S@3iXXDl&?5a)(68LdlFc zf@OzntN!yg5M)tRPz7jucrHH(dPQkH6z9v9lXUJ7NDlG4G>9mxF=ABEu!JJU*TwojfR*q#34;mWb8V$S&Kpx^gb@V0@IU`$tiAbOXCm zos@nNi&mA#V1-mu9-*IP_v%WvGRY*Ol*fR0JzHHbh>sXX{HLA%R37A}Z!31((dqvr z)m(-UOnzu7gFJS7!n+tW z{YQw-1D)lA>2rk8f=w!8oxcF&!e))ZrkIxxBs!t^^Cz-EUyjX~r8q0A0(w$59`hc! zPp`PJ(XnNf(qfkCXm^%M2|#q)b9Sm2V3cINKe$)Vxs3a=g?R6aiF%c=Xox7hn!Mn+ zZifK=+vT>&Q||c8wHnwvS`HhGZ%FoyxwA;i|Ez6D;cobCixk9MQ?lI=8>pBaq4>4> zPu7hF2u0*0LQ(^R6?1#-?l13}F`2&Lxira^*%8e?J)A~VI>-_}2{s5R2o+h5U=EOnaMof|VrK?2jW}c)?3iy6AXvw+EQCf7sW62tehX2a zXD^bVb+cB0d6tKA{3LJ=OfJWI>AsCR5QUyyg4W&@>Me=v)4ijj1R3&t4=idF3No@Z#fVKqieI0ONq~;dqOyf)`9Wo zhs#Yj3ab4k`k+LW3@BveMuxm@8gvrsg)E-5?dfx&gzc{T_LR?w`PQ!4e@5Ax2ZR%d z6g(Br7=*cA&j0{#-u#vI1p{GJs2yunjy)-qK7Y?Dzkel*0DvrfT>sp_S_!`-c0D4{ zhB5%!a`4neVBR1}WdPo;CV;1Q)~5F{b;mN~#{tJZqYwBZWK>7?pzxk!ewOxntTZaj;!ax>F->2PV ztICdtw4h2iyS$is&}}r0GyobL_gSiPN*K3P{)!L>01Td)b`xae`1YXm!*U=x`x7h@ zA?bcc0_x{Yww6Kcld<9=T#4IhjPL|mCFu<6>xK8g3S4EuL^LzwWEjW340~16bl~G; zSB`YaC2@4T2(OB+%_gZmp4@)X3XY2;M8$F1TDfi#22Fc1OH1-#pjk1#jts;4QV$b* zf_QG@co&rNPNk18@X-9Z6;s;L3xOQbGVRzr7^UwM85hj@#Gcl{afGamAXb#^wlI1! z00A{*O!tOhh4>^+e(ut#_U|VYvSOlKo01iUM&1ZApB-vms5CuG&IfH!UEpkGK;t1N zqyL+UsAwJ{SvCjhWbU~>EFGFzDPG|WBDY&V3d5oXdc}{8PU%p7o#P#cLSkR$bY7Uv zSEYyeu_|N49KC}DEE>~5Klmtbr>_Hu+$Mo>-O(0?u57U1?znD8PjB|&Xi3<+z<3d2 z{lns0-sg5$NgnJwHzShhqeoD9YMoKv#%j3)YK!S4_gFkR!7GG19}~)Ksg{lS*e#44oo;uEzz%j%bVX`0S`yAADRt2{*Rja4DxnLyyEPG<DhRXp3U)z%qom;8_1iT~i;pv!Xtr!FCITEOQ#s`? z`M@^fd|=qK?FaeSnyUPko2ibA9{?)cKGXzP50)NigcnwXEi9z6IVes*IxZ zjS)8wBIxzbHhaXmhLz`#pprSJI88CRuQadEX!%iqs2X@FClRuYH57Aapsak}F4QHd zan}O0IN4gbG>fjVQYQYjN8ObG&mR}xiiq}C((tNROyNgK&lGj?% zDJ;|)bF)wYWdW&TfOp+-_mQ)ShZlg|l%vxPS{RySzG{|!h8@|TykE#`p3Q{lDc4e7 z^R)JR(EJ-m!ES@5k5yxP<_e-D5dj(8OpLKjK~taG#rzh&U>e=z-(JhAwbl&T%Wj0H}N8hA9Qr7lf^ph5b0o6@;G3(dmZ)d z&IF%iYUxhsOLU~oU?sT_sEW9`4M=8=Ln|~B25tdFCd79T`PvIOD)YQdqNf)%%q6H! zyV745X@3|}omS>T)eh*99vrFG@`)wYI&;kJfP0c-8+3*bdBwfHq*g)KHO%$8q(n_? z7fA|J!>l@V~4`8p{c z|F}mX*KJ^E)_GT*aAIa~0T;ezF49H$rJhv@lOk1;4ugo3qdtAm`f3`3W4Sg}NQh4^ zjw{P7(LV7VBp1}YeX{0lSYI_&A5Hs#=t4AQ9#Tg(XI|u?%v=m&UH#vK*s-2jIJUNa zK`!UiM(Qbhd)w9FgGi~q9ijr`c>Z&R9R-DUG(?sM0{c>?zz8i*(zOr zB)s>J&_5K0t? z$ynTa$VG7l?o_0a_lIuljnra5pkVlqmHt$Q{=iyl`)|`sdG!oFd zvWvHJShmQo|NcQoafEiED;2oBsnq;Er}}4|#_WwCVf(fEqyG6Xzb0fH5^y(B0;Utx ze}BdnUxms+g3s#h;T`brpzROm0mte$_dZAC-|s>eG{lnS1Qm?_UDcAY0Z1_auRpvO z%0REE?!MHV&@J8Qd&lrm4CbK}$LhCAEb_1xlsZTTe#xU^+fT`bmx3b*Ym^mmajbpDrToNY+9EK)nqu#%t8jeC?)-T6AD8pbZz-bTHa<5F{)Wi>bLfQ6Tm0A16vTm+y~{`RBLNfp8lyF#oCa>3Iy^8jF)Q z&HpT)pTqk0oi7lbUeo_p`jkbKKCgO`{+H6HDRQd*UoAd-{2AUl0De1oWQkpGKZ+G zqFxN}yfE(4!UpGbo#q=nkCV#d)6*d=M86em4{=cTYnQ}HtRDAsxUNBCciJNan$&#I zD^jSlf$k9w2*T3a%SK>sU90A^|vZ>`x7tph~A(DncVEJl1++*A^kxe%o>S$j9_ z9c=3PErM$cTFsFl(eW|YjCA`>QO8Gk8!C%-s%GX98_gdn#;<#`#gZtNe1)ZfU8Ih^ zHj8pEjh?H-tiK=Eq}O1BZ3Tjf4z`<9TK|M7N+DR6sS8bq0Za9|(_wwps0DDl9T%-8 z0!PFm#ve!tt)|;SyM9&MQW(5#TKg7MS^|5ce%1g{DBXW2)7fw}lM)oz#4U#a-+4Ocxs~L53xuutT1;3ycQ1plH`@ptrt3=c43 z>^4mtmHyxK@Plu-W+^MxGx%%!3c;yHq#MD1w@6kLcf&hBqq>Xpje#KdeS0G1*IXMU4y{sV{hcByv{es~(Q$OjJ{C#oo)s54hxMB@L#Hnh6v0CMsxmSl7)HMUH zop!U<)krez+*Rp6b0w*>QDn3N@g1H8npIMUad+1tZi68~DL;-fA23%D=I{5yK);8~ zJh@q;+qRHTw^9gDSgIzru**xr5J^Nt(h|%wAEY4e!Q@MNRV|@`118WLZi5=ID18K#cIije~XB?goFW z^+hS|?Xf!zffayg6M^he0ADm>*bEh+ek(3gm%hkk8H{oe*I6h&ud9HAl1a?vr(`Ak zFmx`_TnBoA(<+$nN~Q=|YC-Fh0Ky3E;MgVJoUE3YNpC$AHU~_H_m*es1`$Ubqa!e! z_;XoVMp$n2z{sIop9w|%^GjSL2i3G^hCW5vG+nTU8^Y5d9okte?_2>^|Zb6;1uO2*oJ7)*T@HxQb<=KJB zvi8&(OkHxT5){=RmH{4NzlFP?Enu87O?oe7IedH-(rL300xhZ5rwsN(mXDpyfx;4u zv~@e0P{!}J2ab(>xbs-WUsNp^?2$kZwrD|ZLTx*HftU9JV#5`xnO%w(Qry*S+!*t6 zb!jx2O_Q=l`mm6Fe!=?M^2r_ailH}3_`B~r_-fdLaD3{!q=Gr+qV@uPyLZ4_J|i2+ zl`9^PTSKg`bb=p7aUKGt#ZmS?(BQb@7Dlct_9+V<;erIoa@np+O*czQFSyb z3lOIJ%Nw&pAbQppV@*;|90q(32_1~=4G_QO!#uY5blrvofDIz;@>`H>zI&?LBT-Tc z52pKFtp$i7)!Zl<&^822TvTziQ)zEhvQ)uI$-sL6EqP0FWds2*7~qwg%%w4P;6!)a zVtdwkl*?*!KP=}-r)O(4ARXvgNOV1&BQHmBW@YW!icZ&X)W5wq1aB|2Y$0Qx95lc7 zkd9AvU>ZgQmVFH7Rp&}95cZEj^qtGCe}XBJhkO#9(i>ed3{}Y7q9Q1*@V)Kv#kJbj zNv(RNHb;t4$IC{(807?&q%5iJ$yX4IGz3ML!{}A(I&CM2NKvFn&9as0`qT)R z=W(Gz-$@KEh9bD1ff~fZI}tQQM6%$m^X_@2TbNq}Gj0LiBsa+IQS$`=qPs>fHrET_ zIWrLfh8eIQbEgMt8>0WIg8{n}fRuIYDEgT6hmE)fHStNKtWHa443f-GEPv?UePLCw zKnUjHY`nuD*V*zq1GjUQ%d=hCgE)UFG=y}0vDP71Cw5GT%UeQTvxV=&Ix^X=nDHR8 z6O1>8fr?S}m2pMFZG*Fl%SddqC)#JlV{=!3Met2e7*9ZACtV-;+?E4dB&+QhNaIpHDR-e$I`TA$Ph>}I@W8`oekf)b&}mNJpV#X8ux zAyDizomxxB;|^Uwh#8pEEmHS)@y8o2RV4x^q}_`tYAgw1Bza*oL98gp9yzHIcQ4EK zuWO(D%|_x~GvJhN#G;>6dZ1Ho0dLBeK1ws(={a5+2q%IU{tUpi$l>JrFN4QR&p_li zfBalKU za{R4QUkEPY)BG1gVsVB1w>q5$7H6^1wpf;fqX7N0Y{wh8D88+yKmE>uLL5VTy?X+3 zHpaSWJK~7PoOu+C#J&`>gNs%uVi4CE7gPX|Uhk=yikYO@S&Bz;nEldzSUfR2;S!VA zFY&H=LD?o41!d3)bXFsFkIZEmiq?$s=h)+|bSw2vSq}#~E7mnvjwf+6rYEYFAa|Ba z^%|#Yl6PWx) z*0?vB66MYSmV@(j7OEu*^z)846DetvZ4((>fK34Tr2si+fNe%==MHoA`CgH`yUSMg zl^&lAC^+!&)89$^FJC#z?E$uluUeiudf=dyYrZReGH{qq(|PWlpRRCOQft*LjOEvU zN=Cm@(X$Gzel86vImZ+r8}Rc|<%P+<>5anq6HhH>f-d56b&o*4l#0 zK99OvUyhqhO@2ODWnFOsRlC$R_W4F8!*@}#U+x&mN4$#%E_%h%7)I}UdGRrc>^a$* zbLTDDB(O*AFrFt>**IZl1qp=~aWFH+NQKM$%M8$k7q-h{gJX9_)S>|`;7$*g$!qBm zlL!ru>8jm8AUWd`DPo;Zv8VM65K6B~(F71)$Otc8#{0y)%O}`}bWnss@DuO3pQv;z zPy#eeRa%B&aKDGF?CvOP_W?+CN=x#A8_OnATb(CA!IjwwD%xzUn0~?8*?43K#`neZ z@}0bIv`}G+2xIvtg}9d95wFD-Tx69E&T1YoT%Tl!KOPywqc|~}_uzMmO2lW7RLt@< zw-49!_$4Xku5E|-l$K#cI}UMqPwt7z5zLex#sGg$KvOetQJw{ue z=QF_>C_s}e^*{rTzEXzHOu`yTtq7m|z-ws84IfS6KJbC>JZ@%Sx1!(pe&tfB5+R0d zq_uK(7G%GDgOSCACC|rnT+34p$6Z30+>hV2x=@YtC^}mqpDtB#Ad|Si$}K3RbYQmm z6BF_eL~qDYPB| z6cTe3fIq3xcyaz+dMa&qVw1;WMpR{ooKSv>`Q{_d$qZxezAvfiT+_mqNqzqax?mnv z+4kBlUokr&hGC+^yw;-Ra^m8km`&IH1_`Q~yR&v+67Bf;j|I!#fu0cD;;Rh%m*0X% z#C~pl{+u++ZoDW3Z-1XoHq*VOV+|9TV_nSyZ;IxIZ@u;Doa1e1`KX*-H3)g7c>jJa z4TS%5_PvU60T%!68-h-s3Xmz`DKZCL7<t^9OlzpjsCJn*#>gyQ zun3szgo4Fsl%=#$C|*;C?J&r|?Xz};{9P`X>r>_Kxs|<0*au_ZQoFJ4q9R>^8(i2| zWOUhBk#kv3q3{aLMwyYU34AMTWqnEgyZ6jYjF5%S=ZqaZ<_J(NS)SStw~VSz9M@aT zhZjefmEKzpGROWL33oK`defszEO~}7PA!S)H8_pxd8g!nK77%3VJg%(-wozfyYfJ7 ze9-v5cfnxuT7w;j<0+-XAO?%m_KN_73fWRO zl%;bZ1%V1FJ#4+JH)>m^MzZYo0YEpk8Rhg-wL|HumW8PH^TyB%`hsi=^AX1@B}Gcz z0ctDKU#p&P;-UW8uX-eWcTdFmDIKoSwkUH3?n?Y~-__>&K)$T8=QgJ~o*ZW7xQnAA z%cO&{0};H;?xdX2haRfQ>3p)#nrR7I6GVFg@-(a^=vcHu*5RXXsrVo<12InD$Ura6 zlpIAFz}Qm+b20>U3kwFy6)Zau4O8NoYS37xZ{TOJzSq8bmpAY^GDF4OyotJsxcngz z>a-G7F#bMRAy-zbtdkz$Z|U@?@#BAJmLk+z4g$Y#afjvgW&nGZ3YEfp3PwH{XOAN} zY4FE#mJu!Dm5-%7c6KX$4C^MfBY+y=w%f-4Ddr}iIS!7SEF z@)+ign*XJo_|N0vgScbkt~KrKNtw)8hZEE6Cl?egH4m~jBrA0Ix?kl2YvgO%2_0>~ zJ#%Iw-p{1p+Xvzx*Y?-(K^mQC){ifVRema^WRDld)JgVVex1Qt!&|CH=umc-b4&(k z#wWJip=01OJlPRTOou3#lq?w#yRv9T6xV?G_`njgmW*RD%;Qhxsfv0aB&TtvHMR&s^RSjRH$ivjg{qh;7lH-o8<0z8->0_Zkm9AjTsm43s)Z5dIB+1p- z@uHbGTxq{{L%%;<$5*F4mx@EqyBF4RtNo#bNoK?f9Usg#Kd$wKkglN4TPeCdUi*x# zDuCk;yuvGEsMG=Z^$DJv`vsF&f_=`&F{QhBp;`DB5+WS@l8ereD_88u4j4?hkd zx(6+TO!8=lA&$~_6)&t+<`-e|2ol?*7d70Q=9_h}N8@(toAL-8Pt2eu^U{+`kx}4 z-o|p$DR;_VSV94i%e8mfBK6o%0%M#yQU!uy7_)|AUG8)IE$CDgSkJ01)?D#(`nXG> zSZtI`?+CFMOMD_@--*0yX!qeoV82~QQolUmAoAjVoiRYtalHu> zUg$?=)Up{LCQy#gLSK1#wRiTa%^%l(Bq;SadR*8C+dW5(v*P44)1qt$QsI8*D1U0Q z*NZXAsJ?|pvkECr@l0C6O(|u<%8k}?4QeIAq)_(p){IfV@y23YKziy}sZ>@1TBQ;j zMa_`*mqe^`XoW!kn6uJ3i^T9eilv6IGq~{#67$7Uze^gAe+Z^I&cHarn$MQF)w4TQt^{ow3lBQpfig&nK#Qd)K6U& z+I&8uuO1PZdwo8AQ_3~xFU-gWkm1LFfMx@utIk^Ayx%1nn~U)SVysI0Ei^~srw9MP z>(sFx8P47p(wO)Oy7G@@jC{*@8JWp{a30|PK84=mhoI3Zia7t(uiEDD{rks~A}{AC zxqthX^V%N`aOO@J<%rHt_fP!qrT=^Z90)w)3I9E#f1ewM-bZZm{y+5a`VVw=<<1^9 z=*Jf!-X+g-Q#MrSe>~rf(0;?O7yxq^ZmPe4qZ@-Y&*wyYcR2K&%Ga{~U8(uw1u(9n z%m8+nto#x0%c=tu&S4>&yZ@`48Y#wDnV_73jvNin{@GnG^QEwRu|^Zxd#rf%5X!eZ zT^Ey5{g)r`Z+Zf-9U`KI{bmBG(tg+D{JvluSN44Qu;3z)BTjqAIrXINf6YKUcRm}5 zY(IEg@b@3R5l|=)ZM^MuyuX>G{rLF%2z19t>d(c$!_byrNh1=hDB(Vef899Sch)1= zom_!G2L8_oO*1kAbF3&sZ!pXy@aRH|ebAA(FTc6W;3qIC%?dhWm%+r3z+|(+U6z0H X^F52|K2|+1VE_V8S3j3^P6

+ ### Talos Linux cluster @@ -27,18 +29,19 @@ Feel free to open a [Github issue](https://github.com/budimanjojo/home-cluster/i 5. Run `sops -e -i talsecret.sops.yaml` to encrypt your secrets (make sure you already have your own `.sops.yaml`) file. 6. Run `talhelper genconfig` and the files will be generated in `./clusterconfig` directory by default. 7. Copy the generated `./clusterconfig/talosconfig` to your `~/.talos/config`. -8. Run `talosctl -n apply-config --insecure ./clusterconfig/-.yaml` on each of your node. Don't forget to run `talosctl -n bootstrap` on one of your controlplane node. +8. Run `talosctl -n apply-config --insecure --file ./clusterconfig/-.yaml` on each of your node. Don't forget to run `talosctl -n bootstrap` on one of your controlplane node. 9. Push your current directory to your git repository of choice. :wink: --- ## :memo:  After bootstrap -After you're done with bootstrapping, you can now install your `Kubernetes CNI` of your choice. -If you want to use cilium, you can look at my [cni](./cni) directory. -You can do `kubectl kustomize --enable-helm ./cni | kubectl apply -f -` to do this. - -If you also want to deploy [kubelet-csr-approver](https://github.com/postfinance/kubelet-csr-approver) like I do, you can also do the above step to my [kubelet-csr-approver](./kubelet-csr-approver) directory. - -Now, you can continue to work on your cluster. -Check out my [cluster](../cluster) directory to see how I manage my cluster with [Flux](https://github.com/fluxcd/flux2). +1. Deploy [cilium](https://cilium.io/) : `kubectl kustomize --enable-helm ./cni | kubectl apply -f -` +2. Deploy [kubelet-csr-approver](https://github.com/postfinance/kubelet-csr-approver) `kubectl kustomize --enable-helm ./kubelet-csr-approver | kubectl apply -f -` to approve csr issued by talos nodes (that will allow to see pods logs). +3. Deploy [flux](https://github.com/fluxcd/flux2) `kubectl apply -k ./flux` +4. Create flux github secret `kubectl apply -f ./flux/.decrypted\~github-deploy-key.sops.yaml` +5. Create sops secret `cat ~/.config/sops/age/keys.txt | kubectl create secret generic sops-age --namespace=flux-system --from-file=age.agekey=/dev/stdin` +6. Apply flux cluster configuration `kubectl apply -k kubernetes/flux` +7. Apply flux base configuration `kubectl apply -f kubernetes/base/flux.yaml` +8. Apply flux core `kubectl apply -f kubernetes/cluster-0/core/flux.yaml` +9. Apply flux apps `kubectl apply -f kubernetes/cluster-0/apps/flux.yaml` diff --git a/infrastructure/talos/cluster-0/cni/kustomization.yaml b/infrastructure/talos/cluster-0/cni/kustomization.yaml new file mode 100644 index 000000000..5fb0f6284 --- /dev/null +++ b/infrastructure/talos/cluster-0/cni/kustomization.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +helmCharts: + - name: cilium + repo: https://helm.cilium.io/ + version: 1.12.4 + releaseName: cilium + namespace: kube-system + valuesFile: values.yaml +commonAnnotations: + meta.helm.sh/release-name: cilium + meta.helm.sh/release-namespace: kube-system +commonLabels: + app.kubernetes.io/managed-by: Helm diff --git a/infrastructure/talos/cluster-0/cni/values.yaml b/infrastructure/talos/cluster-0/cni/values.yaml new file mode 100644 index 000000000..a13b8439a --- /dev/null +++ b/infrastructure/talos/cluster-0/cni/values.yaml @@ -0,0 +1,28 @@ +--- +autoDirectNodeRoutes: true +bgp: + announce: + loadbalancerIP: true + enabled: false +containerRuntime: + integration: containerd +endpointRoutes: + enabled: true +hubble: + enabled: false +ipam: + mode: kubernetes +ipv4NativeRoutingCIDR: 10.244.0.0/16 +k8sServiceHost: 192.168.9.100 +k8sServicePort: 6443 +kubeProxyReplacement: strict +loadBalancer: + algorithm: maglev + mode: dsr +localRedirectPolicy: true +operator: + rollOutPods: true +rollOutCiliumPods: true +securityContext: + privileged: true +tunnel: disabled diff --git a/cluster/flux/flux-system/github-deploy-key.sops.yaml b/infrastructure/talos/cluster-0/flux/github-deploy-key.sops.yaml similarity index 100% rename from cluster/flux/flux-system/github-deploy-key.sops.yaml rename to infrastructure/talos/cluster-0/flux/github-deploy-key.sops.yaml diff --git a/cluster/bootstrap/kustomization.yaml b/infrastructure/talos/cluster-0/flux/kustomization.yaml similarity index 100% rename from cluster/bootstrap/kustomization.yaml rename to infrastructure/talos/cluster-0/flux/kustomization.yaml diff --git a/infrastructure/talos/cluster-0/kubelet-csr-approver/kustomization.yaml b/infrastructure/talos/cluster-0/kubelet-csr-approver/kustomization.yaml new file mode 100644 index 000000000..784f052cc --- /dev/null +++ b/infrastructure/talos/cluster-0/kubelet-csr-approver/kustomization.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +helmCharts: + - name: kubelet-csr-approver + repo: https://postfinance.github.io/kubelet-csr-approver + version: 0.2.4 + releaseName: kubelet-csr-approver + namespace: kube-system + valuesInline: + providerRegex: | + ^(talos-node)$ +commonAnnotations: + meta.helm.sh/release-name: kubelet-csr-approver + meta.helm.sh/release-namespace: kube-system +commonLabels: + app.kubernetes.io/managed-by: Helm diff --git a/infrastructure/talos/cluster-0/talconfig.yaml b/infrastructure/talos/cluster-0/talconfig.yaml new file mode 100644 index 000000000..420ba586a --- /dev/null +++ b/infrastructure/talos/cluster-0/talconfig.yaml @@ -0,0 +1,89 @@ +--- +clusterName: cluster-0 + +talosVersion: v1.2.5 +kubernetesVersion: v1.25.3 +endpoint: https://cluster-0.${domainName}:6443 + +cniConfig: + name: none + +additionalApiServerCertSans: + - ${clusterEndpointIP} + +additionalMachineCertSans: + - ${clusterEndpointIP} + - cluster-0.${domainName} + +nodes: + - hostname: talos-node-1 + ipAddress: 192.168.9.101 + controlPlane: true + installDisk: /dev/sda + - hostname: talos-node-2 + ipAddress: 192.168.9.102 + controlPlane: true + installDisk: /dev/sda + - hostname: talos-node-3 + ipAddress: 192.168.9.103 + controlPlane: true + installDisk: /dev/sda + - hostname: talos-node-4 + ipAddress: 192.168.9.104 + controlPlane: true + installDisk: /dev/sda + +controlPlane: + patches: + - |- + cluster: + allowSchedulingOnMasters: true + apiServer: + extraArgs: + feature-gates: MixedProtocolLBService=true,EphemeralContainers=True + controllerManager: + extraArgs: + feature-gates: MixedProtocolLBService=true,EphemeralContainers=True + discovery: + registries: + service: + disabled: true + proxy: + disabled: true + extraArgs: + feature-gates: MixedProtocolLBService=true,EphemeralContainers=True + scheduler: + extraArgs: + feature-gates: MixedProtocolLBService=true,EphemeralContainers=True + + machine: + files: + - content: | + [plugins."io.containerd.grpc.v1.cri"] + enable_unprivileged_ports = true + enable_unprivileged_icmp = true + path: /var/cri/conf.d/allow-unpriv-ports.toml + op: create + kubelet: + extraArgs: + feature-gates: GracefulNodeShutdown=true,MixedProtocolLBService=true + rotate-server-certificates: "true" + install: + extraKernelArgs: + - "talos.logging.kernel=udp://vector.${ingressDomain}:6050/" + logging: + destinations: + - endpoint: "udp://vector.${ingressDomain}:6051/" + format: json_lines + network: + extraHostEntries: + - ip: ${clusterEndpointIP} + aliases: + - cluster-0.${domainName} + sysctls: + fs.inotify.max_user_watches: "1048576" + fs.inotify.max_user_instances: "8192" + time: + disabled: false + servers: + - 192.168.8.1 diff --git a/infrastructure/talos/cluster-0/talenv.sops.yaml b/infrastructure/talos/cluster-0/talenv.sops.yaml new file mode 100644 index 000000000..409419d40 --- /dev/null +++ b/infrastructure/talos/cluster-0/talenv.sops.yaml @@ -0,0 +1,23 @@ +domainName: ENC[AES256_GCM,data:HjLGZvUsYQ99Bpg=,iv:JorYiGtHq4+CVz9eoP+/1lDTM+751/nENKkRavkQvS8=,tag:Bg9oP5phcGOv9h7/7BhFug==,type:str] +clusterEndpointIP: ENC[AES256_GCM,data:6Ual1ymP6c+F7FUCdw==,iv:h2n4l/oAN9tmUmJ7ZJVvalMyAwSVbIH+T9QehbRBmvk=,tag:zCjee63afjbyBGz3+qn22Q==,type:str] +ingressDomain: ENC[AES256_GCM,data:kmyjqYEGNdNJx+1+xIPe,iv:7l7jtcaOp4vnBgr6YCYy0DLxy3fF07bgr80CZ35+DmA=,tag:fMYpigoMF2msNtmbdwrdmQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTem5nM3JpRjVoVXhIakh4 + bE5sTHJtck9aUkpZUHpVVitHdmF3ckFuRlg0Ckttbm5rT3BSMzcwdkE0bkZPYlRT + MmFRNEptcGpyQ09YVkhKeUVsc2ZFeWcKLS0tIFZpcmJneUdYZlBSZ09GSHhiR2FW + QXZCejNUNG5IbnJUb2dzU1lvbFNiYUkKm2TnIcxEM14wKgvfa/rDb/mB4oJt++g6 + AortgmCcD6DvdNEvbNXeXUaYhnxF5Vpzi5+B1bEwB1WnBMSKSYhKkw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-11-19T01:07:57Z" + mac: ENC[AES256_GCM,data:/bwRU006Dp+lsuk/Ue8ALLueFN8E463jMuJToZgw4Kkw8heB8P1AYK0k2gN8/KDRKSKgvEVlRKPvhe5M0NF1X4PMA7vcTjP+4S9KSGJi2pYSjg9WQV+PsjxzrqEjt/jXUjy5T1ebpuVQxmYeLvy7eUPDtTMWLsuUgI8BhEuMA4E=,iv:ligX//kAuztu3410Gv/nlZyPjpLzrCMOlfLahshQf04=,tag:1jjDv78yUgaddVmiRmRN7A==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/infrastructure/talos/cluster-0/talsecret.sops.yaml b/infrastructure/talos/cluster-0/talsecret.sops.yaml new file mode 100644 index 000000000..2f00afd92 --- /dev/null +++ b/infrastructure/talos/cluster-0/talsecret.sops.yaml @@ -0,0 +1,43 @@ +cluster: + id: ENC[AES256_GCM,data:Uq/4zd6ZgohxVKeu+/MW+rOM/BaNuLYdGTIascu1ShtOHA6Bq2k/Tbn4Eqg=,iv:lg39LK/W0/iCFioktz8R29dXBAPYP9D+Kzm/qaJmd7k=,tag:G5cFpzfMRmNTVEfB32ksCA==,type:str] + secret: ENC[AES256_GCM,data:Cnpz7hd3qHv+qIXxjkqTJPvz5JDR3fNryq0li4VYNn4+cELQl4c05gzC1kE=,iv:NLxR+WWvzudE61MzGyNZsw/WIId1AtSSnvIBD0HpynU=,tag:NiuM5bEVQIAhhFa7/Fdb7g==,type:str] +secrets: + bootstraptoken: ENC[AES256_GCM,data:xwZ6A1yVdnYTdRzYhKhH/xGG12V535U=,iv:505Oqjd3BzACrdxHbYqr8i+pMfWe/euEkC4B2mzVxqo=,tag:d8QTmhtgMD53slTWOFn0fQ==,type:str] + aescbcencryptionsecret: ENC[AES256_GCM,data:R/5x7Q/oDrFqoToJj8TdfLa0c6jyQGsiwkbpxO0/iRSb1U/8IThH8VdCm/0=,iv:HSFB4sfcFcRLA4F8+zi4GXXibbF8jaLGWvFI8c335CQ=,tag:L8kvdfxBl7PLyzEA2bK3kQ==,type:str] +trustdinfo: + token: ENC[AES256_GCM,data:hKb7/Ir+WyrSO2dYvwNh4a+t7P+iavA=,iv:CvT9faK+wgifltM3ywwtEGr+G/2O5b1DGm/Fg5ShJFU=,tag:liOpi/Iq8NkWmPaJhrvPmA==,type:str] +certs: + etcd: + crt: ENC[AES256_GCM,data:4H4jRW5qblO2COHH3URB4cN0TruaykHq84q4/S9cDDcTGNBmLWQb0C+gIAz6q+967Y8L/6FxIxJcrgEqiD7upOHQujr9ZIDH1ShInnI0BGWIuGtK7jXQdDHdvf3BaIn991xOLIzwoki2JD2ZZL8CjQJtfwXn+XQ3xpmL5saRFBpV/LyDe8HDffZtSVkKoqNAvzX6aVKd+mh8IXPgMwDhAkIcubkJs1gWaVf74WRMXkPS1O4CJ+gi0wBBZCdYEX1LLcPXn3tEgeur7NfV7/dpEe24r58bocYaezZaXh2riQP3zJy7/5V8g/xMZWQZl+H7JDQTktZhK6S/QoDV9wx0uxHes7EyW8KDzwLd5ecibvLPqlUSaDRDh2AS79/19YJbQworja/KsnoEggZ3M1nbC3J2RHYPMm3DXEoEg9daRpfnCgpCoRl0zVN0qnTnGJbJwkzGuw3TbIJp0Z0269A+Yt5aAtFmnR3WjVuG0ecGY+O9X1K1K+Hho+ut1QXr+CSM1CCqa0pEoa7OuOMsczp23y+yLfEDea7RzeMbjhdShgZhdjG2wPrx2OuYlPdnEOGUmAVuEU/wIyMBCQmcmJrrqUnm2DKBgPomN9D3yPaq9r9S5N8dNVsxdmJZHXdmQ7DtU3mPvHjN/LxyrFzfGVxvVMfyPanWe20fZ4NZJu0jyDgPVx+8NbqMKu5ESnslG7An+xADQcdHmv5UGYlhuTvFQMtvz9d0W7T5o1iCgxBwXuFR3T5rf92R4MgeYVNi+gEERxipKZGsXoYfOr0/DzcPICOv6WQrH1Y89LTudWitCxk+xYE1JKEjHePsfPMAkzvHcRKXles/Jtaumj+l5evd9IlZAPReWjBHxE31sb1JMVQ+nMNaB0p48sD8djkRpSnPU6qec9xz2PQuOnk3HVNyl0aCx1FCXhQc0iWU0Mic6l9dNigXPoEuM/hD9tNkMwhe06QGGFlukpErhmvlbnlQPy0cNgckBXERU48oCpQvAPsF/hpv2qf6e/8KlosBRiNrKQvU5w==,iv:6AshvepkYAnqSkRKBcf3+HElMbeoEjm8gfrvmmH0KW4=,tag:/UKmIP7EOHGYaladg6Oicg==,type:str] + key: ENC[AES256_GCM,data:BUVz4RNz+G2tX6HHiHr0+rYIv7J4VcIR94Xfl5659SFR2pe3WXw0srWmFPorT6gjBbIKVyUHJl5TZ9Oc2Mlw3Q3Fr/ixxvmG56/xecbUIlHyUgekDvRoODK8f5jiN9mEAtfnwIqqZmvvCkIDLETMFan0M3nIlpjwAEGRvPmI+eR+3LQyaYuEJ6fxF1Vm5lHSu87lxWSIFqo4aCWYqYJpZltv2E1YgCZmwZM4KSMVU7AHr7JYiZIh5WfHfjEDQ/C/I/accQVm4Tchie115yQ2d2lvx3IngmYfr38j6UZdPh5VS7ztP8tHub6d1IbsAWiCgFLVaNX3fH1xDMvNl5w4AmsarPzuGovsgEqfsdWbsT3oNf3bqvk5isjz+ObxbnyEePcTb0DnYg0VBv/7NQCj8w==,iv:G93AM9v8y+v8Nqi59MPJ8i2+b3pOKGtcTo/z8vHHegc=,tag:B3qvhNgBd17HbiDAJtElHg==,type:str] + k8s: + crt: ENC[AES256_GCM,data:xOgwZLtbdXgDoLlPO0lClkLcV2Ipa2eAz00t20xzH8R98cc1bnuYGNreh6l5G44CFkbHR5sU3F948bM+CC0ebbnEM82lvdOoyKo7ZbsUnA74+gu3mVJJyvAj0ctaLw5FbL1nEEgHa8N6Jju8W//E7/cMNedy5joAOBKFEjtuXAWbEYdZWMfNgntmHM7cPDf+VI8Qd8KHZOShgJ2PyipFmMJ7Uil1K3cwvwTIPJemhIT0qosVxpnhacglliNQf1mPU9lEuBvJkNnrQ+bBO0xrHRxgWRarzaTK9066pNKx0QJGTU1mDTTZ5R1K+WP1E4IvzBYbEPZaXR56f8X95r+p1hMML4ydzjzbWRkkzQv76wd8Zz1qcf0J6Z03gj4Gxu19Gx4Q81LtbZdDHbMdvqdW7X83cUZFHB8DRbmMTMp77QEjV8T3aQ/qMCKPNDwgZPuDDowxsDCDNa0vtD5URCYAc5ouwqxR+X0iWfyRVehhEP7d/dYD5yW0wJNie+HCo7QMRxhGrIcrOgn/4c6LPZY15cKHF80suPnG4N9xlXjGRTu4siV0VdK0bcF68RJAVBYFH1CxNLZIp8RHhiOmf6sg2ponZKJGxgAFa/L3yTxZeMydfeTSEIWt937KYgC11winJxQcd+ybchpzM6CGAtKzAgjhqmm9sSLAZz9awmqIAQusjEdIU+qkqOwgUwHf9b0T9XhKhJbq/UENCywGXETpoVeorIHamOyfkv7PPZHSOkRRGtYUO/7gdXn5m93vxR+nzCTEnazkn2scdgvms1CXUPugPTAUe/ser3uxMjWd2wFfwb/9p5oi0WrfdsfDhJr1KXRMbCiVs4lIVuAtK7jF7nYvpRbMhLzc2cZjzQQ8YoOROOj5W2KBetF1VayHugBYYZQKY+nxusxclDL7AHSYZWlJqxsZNSubHYzonFOuHYTyj+V3aTptQWDH9Oh1o66nOimHvy46QNXoMy+W2Pewrl5a/Wx9o37XhFc+CKmsbrKBJSxpiexdVIkp/6iyuSwZ75vyPqX819EZ+fL5lkr71Hh1CwTsjGo0n2qleQ==,iv:PUhiCUBDV2kjN3br7+XmegfVs/vvb1o5ksCCFdAr2SA=,tag:h0yfZKXYGu87Lp77668a7Q==,type:str] + key: ENC[AES256_GCM,data:TEHwAYX3q7JvQ8xKnj1kGJ4jf8CfYwUT5TT+/MZsWPBtyqq3B9Rwi3MLZJjgG0S9mp4BQ58llutTpyyZDTBdKD9WTc4vnjVKKY9byGl2f3QIMrLo1O30OtvBTDFLFMD5t28qH2F6GzMe9IQlvibgx07bsbC3uYA5iS5JbR+hyx82aY0PcNsz3G5j+HK1+Vv8QiUCz1qdbns5E7rnwoVFKA1tcccxVP8QHjrloYYEGhJwgBrwqTyLBilM7moymT8QNSRrfFu0iyb0YoVxSy19kEnut67vYlkoR+3syp0hU3NZ67tLK5yJ5Mu3twULqeBQe3AKqzHmlPmDPmvOQhx3YIQxcMno+aWH7XH8DaWZrgII/U3JAvZ9HOSsjMrNi8+5XvER3P7ExYQC5Un3UszImw==,iv:T+IbfPD5BsGiTMskHpIhlK0KH7HzbyGHDHnGQsMHtGA=,tag:dfU6hTxEypLad6eOpGw+ug==,type:str] + k8saggregator: + crt: ENC[AES256_GCM,data:sG1z7weAoTUGV0kGOIkpXmmJD0pdlalkySmibRlg9kuwbW5kN3CqS2HAEV3ay/u1wlK7YVT2Hbdg6Ca66mbdAw8iml8OqnLa8BNYX7uS/apDShWVi3zwrWwpPgGGvSOlI3yUDiP3DqWlfFuHBpd5vfIGQJDA7zjcMaXWG+2L80u+yv0RB7GtjssrT5OZxP1+rDiXMfd194viqA7ZWR0ikWeRGDsNTYXQJ/R09APqr5XgBualkVK9iEb707LRnUGgFOfuNkwyHtNC4HTA5FipbTVNMFahBfpVvpxp3LCQd0IoNIVJX5tgqysalx762CriRzE5XrAK9ACNWHNv8s17Obj8OIV/IjRW7zBORJk2MEasvnM2wv6cIQwczknzNtqGcLFd8w+y/uTmU9sgyz2+J/LUHfhzROd1+D2L4+rCuInatpA/+6NqsrFcYQcrlXfbKtHdnbleQEHyQ0SppfKkNL2QyDeGaTaaoDXfJmX6WTcEBlzGARGzD19PtuPR/u7n9nptPGc7rZebX7Lel0AOG/TMcujiSFLHeSeX98UgsU5RbTMnCYbBipiRqOGCDyU29CM5CRqfQyhw8ee+fBql+mBgJ/s2eZbq4FGmp83OgmG6KyEYEKLyEStqX2w7oqSPktDWa1gAk+Er6LJlLnw1tNbj4HFhKPV2KeMsMGJ7WYhXdq1skagYNcNfLIBc9M0DXqzfAa45sq+TcUl8BZkuhLugMe17cB5pw/iRusr+I7YaeSEyCcv4/oF5fhbgV/qR+9/bt0APMijIGjnYZoGQqBSDPJ9FJGQV1XOztH2kb2UwzfSXN5YDW5Wq1cypIt5QftBSOH90EutpiWgTdnl4YljyI3jAmAQe5lqKMFRs2u5RifkeDtr4rcC9DQISaxMtK5Qy946idQjZnO7GunBECUsf+j7uGGTgGXpXyCCq/c8niPgOKOvmxlXo5w/ZZpsw,iv:KVUzCPzWNpbtTGtn75yfqgx6TjtUS/HMKudtZnlmPDE=,tag:1yVFLdgEKvarhm9VmHmJ/g==,type:str] + key: ENC[AES256_GCM,data:K1C5f9gJupGbKQU+RqlD/ENoJaMROR4zt+fwkgBI4PC5IVPxD1Akw0Mb35r0/bE2t0dLl6c980N0Pc5xioCh8BUH6SzAndI66OgFziOMHlh2VfPi4LldSxOChtSEKxuHndyDC96RcfKEcmkwURPhDUuTh4+/OxvZtc1ABqMeZWP33Cm1KQJTlx9HRPZVg72CirxSbEyK1ZvPMVlftwfVSminISus+xOIcii1BKsDjemuqdd0FAo/5WgP3SWGOs3W6pc164F5RZtMZOckI/Bx/aEUCtRRbmHd5BWn/7oQPQYFSZDUZ8fSRIUWR0GgcMWr3JJdUKRONcdKI/TeVwLZT2HEeWcEyIgYxSdQLWKiTm/ixFL9RwPVaYpXmMhql2+QTiIliBO//oq4/sYOobOA/Q==,iv:PK5kt/2kR7bwiIwSEOt0Ab4eOHN0mwzNFz8V8UloLDo=,tag:myy8IBNN93wQtIhjSHxabA==,type:str] + k8sserviceaccount: + key: ENC[AES256_GCM,data:Wt7/K5qeUP67Rlon/aSiJmZjqUhlQE6sGn+nzHkdOY/Efema5LS7ZIRODHidXN1PZAVcWRJ1x4UOOiuIPSOWAHonb/2jnWzeVQsuaTH1p7yAFcaf23rB/gKqhaw7DiTbzIFq+PUmygPxM7t0/Smr/lP1mSZu0SKwN/6XCAWXRPXwUKXE8ngwJSGK1N93bk55h+bjUuez/YzNb8/Df0fJw7JwWLM888Up1qIA0DnVuBXVLxc65iaCeAuoPfGodIbh8F1hZfp3xT5MPFUXOy/p1vaMtHLztikdr7JaQFaNleMwL8HulACuncGa9hC3CEbMYYMWXznvKn7j5jOMsNuyz7OnHkqtntr9ly1ZhZ57SuIZwJx4cDHncMCSz8lNhLfPYjhkrjJczSQYNPZm0I7ZbQ==,iv:f9QhL0zoEW5BakI1friltxddvo2j73LiQpcxuAd8+/I=,tag:A7clDRbG8cFfUPJ+rtyXpQ==,type:str] + os: + crt: ENC[AES256_GCM,data:k3kkvW5+oTntIVOfmAJxoIhnhvr5CGlvFRrAocfmWwNRzQU1dJQMTgxovcX1wlB52rn0JUeNPT0YDw1KJUliAd+BDM0LRqMauEIgBK64ThI6LU2smXek9F+Eax8TY9VrC0xU5WpcE7QGNiZKbSYniXuuirtqIb4qpEslUquwXfEYlHJbfDGtmXmaxRzbEX6NMAs7Ydxgh9v6DOFUocdPSKJN3/MkKyiQGOFTiuSfirGcjfENW+YwtI0JB+j62FrUYKVuAfuXqCyf21zmitdifTjsORoTtsW5ePWa2YcluNNS8F7seH9/FZ4enIETxE/5/N8yg+a0cxv2USfr2cqhte4zuh1Av07Y5cpsgTzWOcaPpkjxj59hWFaymB3UlS0LTHKh64S3dAODohXs+PDrhsB5qtwBPYN351KxJ3gP+ZrRqnX+4QsEnmRYCaneW0XA3sXrSENYJRLlhbHKmDfvgBa7PEaqZznd9IZ+T0cnM+LbrWm9K8vaz0HTKBRu9yVzuolR2J5q/Sd3iFojzp3HP04mutXiOXAg6fSk1TOyjdsWJe90L+hSXCBtaZyJIEFUGiRJlwE+KDQ1RD8kIGLPiLghKrSciCHIpjq3BofX56TDRDautS9CDrSxiMpwMgDm1h/HNwznbcjUBW6+goFMwrOubhnB6q7XfazOqiThEP7NOKbEXY0syXTwciQfFj3VNjKMmOKLzUV8sJmlsz/JW32YqIcoZXeE+VYVQmzcC1HtpSoIFzQoZQaxIjWeb4K0+ojzRSMzrbvFF3UM+mD6yrmygiB6s4tlUw1lAXG+wALMH1fjrAWLHkJCaqG1W1DJmmd7MM3ppKGFsePPLIbvsff3Fmp3QXfdbhsvUP11qHw83P6L,iv:80H0I73Cc45q7hCdoZGRB7gOQqt3MurolRpiKG+7bkU=,tag:+8EfvsonFqiwZu4A+ra86A==,type:str] + key: ENC[AES256_GCM,data:1x6MnJy/zK0UsrmjRTgQm4/cW0T705fZpd/E0jwYdqR3Bj5xcufrb4z9KL/QSCNECFnlXsuLbvjURqKB9Q+ulFJZ460L8AWtR7ajj/PxPq9MwdvuDPbWxfgYVl9uEmvQw+VWuxdTD7eOvDTjtPBm721SXQlMpi/7MEy/97kT3bNLoxpwOF0YGINqFbcEIJYeuwP8LVt+KRLL0cv0yw8Bks9T5QAFb/EZ/K72MAW/n3nhdqMf,iv:vOxsVa6NTwLnq7pWfCrO47y2Di+Skb5S8JzW9LKJSnQ=,tag:3OShY2ukuo6eyrB+yjkWMg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0NTNTeTZiN0VFbDkzTG16 + TEpab09RdlcreC9IY3J1dWduVi9Ca2JLY0NZCkdoVFFFRkJmRXBCZ2kyZ3ArMHdQ + Mzk0YnZHSVZkWVhwQ2daUVB6RGU5RmMKLS0tIGlZV3ovK2hFSysrMWh0OXd3RzJM + Y0dOWFo0dFVvMDhrT0h4bkZwakFhTXMKYZJh6hHHeCkUbxezOU4PntdMSzQraeFU + IFFGhAky3FRhKIPOUG+RylluBHBVYikp4ypbIG11AV/dx4DVdzf8TQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-11-19T00:07:02Z" + mac: ENC[AES256_GCM,data:2xqs5+poVcYcO21/8gYHdzkufRcci41NStg3QNHU1wfXDizGbt5DSzqXZwdjqtTvVOEP10STct6d7qzfFIi1Zati1j4EJrPy8x0xym+Huc/gFX5m3Hk5GF5FXgnvnak4nUdI4ub6FkzRCuJfPas8lojGtlCO+/4iXiwfXJwWkYg=,iv:HOsRrOzNH3i11nNfcIlgSoIeXYRaX1EFPNpYTD+Sj9o=,tag:A2WA6IoW0t23spUpgbFzTA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/cluster/configuration/cluster-secrets.sops.yaml b/kubernetes/base/config/cluster-secrets.sops.yaml similarity index 94% rename from cluster/configuration/cluster-secrets.sops.yaml rename to kubernetes/base/config/cluster-secrets.sops.yaml index 8796a410b..ddd4b5a3b 100644 --- a/cluster/configuration/cluster-secrets.sops.yaml +++ b/kubernetes/base/config/cluster-secrets.sops.yaml @@ -34,6 +34,7 @@ stringData: SECRET_SHARRY_DB_PASSWORD: ENC[AES256_GCM,data:Y0gk4bRcEws2b0SF4AY=,iv:3cQbD/uvWNGjEmz3z8uEbXWwJffIrTj3nSDsGBS0MEU=,tag:RsIBq9zI8+2temGj5r/Lqg==,type:str] SECRET_SHARRY_MINIO_S3_ACCESS_KEY: ENC[AES256_GCM,data:2qLE/cs=,iv:Ctrw213BgCC2jyEvFp38aOejzY/ZYiwAj9fsPzXgaY0=,tag:LBlIUm1LTAjUIKu4JeLw9A==,type:str] SECRET_SHARRY_MINIO_S3_SECRET_KEY: ENC[AES256_GCM,data:ewm/Pfjb0t3KY46o2+DsnOGUzrk=,iv:rf6K/qx24iMeHG/a/mCQgD132LsFt+wme4Udx50v6NA=,tag:OskpvWusk2B1P/OACWN2eA==,type:str] +type: Opaque sops: kms: [] gcp_kms: [] @@ -49,8 +50,8 @@ sops: WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-11-16T22:14:08Z" - mac: ENC[AES256_GCM,data:z/yPY1WKt2t3LIJiVQ36DdlQOW4BP0SGiyZIoG1u4B4kQ6EKQZ6IotPVOn3sUQBLJ6HGqaM8Ns9JRdi5id1pP089Rzm97FMh0ynofggtaVCHCpb5qqGf7n+LJ+naM198nWmgAnyw45+Xwg8z8DAWrSH32hZA4MXeY9XRS/cdclk=,iv:eYJylNzq8f4ZW6e1zHspmuga+toVN+2fhYAenRW0v44=,tag:XqT4o3qYEdcLtATsa4vh/g==,type:str] + lastmodified: "2022-11-19T03:54:00Z" + mac: ENC[AES256_GCM,data:OTGwsnmD9ZMe3WJ+g2OOtd9wV2U8VC/HAew9uQ3WGv/I8lChcYl+2Q8JOH3GNQXghnME5OVuXCXK2Ax75p1DO1eXcR3NfTT2/uEeu3Ttdc0PRKynxEkmVQSZE8LrBzBHl+uiNhjOqHeMnw7JTAyRBwBoXJqpbWVAvkpsZ1PQbDY=,iv:nOoyPOesi+/NEywQF25smTgisS+b9vFnfPL71P785hU=,tag:zbhrHCwFs3F77oXcyYXA9A==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3 diff --git a/cluster/configuration/cluster-settings.yaml b/kubernetes/base/config/cluster-settings.yaml similarity index 64% rename from cluster/configuration/cluster-settings.yaml rename to kubernetes/base/config/cluster-settings.yaml index 08a0aa29d..5026bb6f8 100644 --- a/cluster/configuration/cluster-settings.yaml +++ b/kubernetes/base/config/cluster-settings.yaml @@ -5,6 +5,8 @@ metadata: namespace: flux-system name: cluster-settings data: + CILIUM_BGP_SVC_RANGE: 192.168.169.0/24 + CILIUM_POD_CIDR: 10.69.0.0/16 CLUSTER_LB_K8SGATEWAY: 192.168.169.100 CLUSTER_LB_NGINX: 192.168.169.101 CLUSTER_LB_SMTP_RELAY: 192.168.169.102 @@ -13,7 +15,7 @@ data: CLUSTER_LB_QBITTORRENT: 192.168.169.105 CLUSTER_LB_RESILIOSYNC_CLAUDE: 192.168.169.106 CLUSTER_LB_HASS: 192.168.169.107 - CLUSTER_LB_SYSLOG: 192.168.169.108 + CLUSTER_LB_VECTOR: 192.168.169.108 CLUSTER_LB_EMQX: 192.168.169.109 CLUSTER_LB_JELLYFIN: 192.168.169.110 CLUSTER_LB_RESILIOSYNC_HELENE: 192.168.169.111 @@ -21,14 +23,4 @@ data: LOCAL_LAN_OPNSENSE: 192.168.8.1 LOCAL_LAN_TRUENAS: 192.168.9.10 LOCAL_LAN_TRUENAS_REMOTE: 10.10.0.2 - LOCAL_LAN_COREELEC: 192.168.9.60 - LOCAL_LAN_K3SSERVER: 192.168.9.100 - LOCAL_LAN_K3SWORKER1: 192.168.9.105 - LOCAL_LAN_K3SWORKER2: 192.168.9.106 - LOCAL_LAN_K3SWORKER3: 192.168.9.107 - LOCAL_LAN_OPENMEDIAVAULT: 192.168.9.13 - NET_NODE_CIDR: 10.69.0.0/16 - NET_POD_CIDR: 10.95.0.0/16 - NET_SVC_CIDR: 10.96.0.0/16 - NET_EIP_CIDR: 192.168.169.0/24 TIMEZONE: "Europe/Paris" diff --git a/cluster/configuration/kustomization.yaml b/kubernetes/base/config/kustomization.yaml similarity index 100% rename from cluster/configuration/kustomization.yaml rename to kubernetes/base/config/kustomization.yaml diff --git a/cluster/crds/kustomization.yaml b/kubernetes/base/kustomization.yaml similarity index 72% rename from cluster/crds/kustomization.yaml rename to kubernetes/base/kustomization.yaml index 36715e005..59bcbc6ac 100644 --- a/cluster/crds/kustomization.yaml +++ b/kubernetes/base/kustomization.yaml @@ -1,4 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - kube-prometheus-stack + - config + - repositories diff --git a/cluster/charts/bitnami-charts.yaml b/kubernetes/base/repositories/helm/bitnami.yaml similarity index 66% rename from cluster/charts/bitnami-charts.yaml rename to kubernetes/base/repositories/helm/bitnami.yaml index f1995a679..58edbe918 100644 --- a/cluster/charts/bitnami-charts.yaml +++ b/kubernetes/base/repositories/helm/bitnami.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: bitnami-charts + name: bitnami namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/bjw-s-charts.yaml b/kubernetes/base/repositories/helm/bjw-s.yaml similarity index 89% rename from cluster/charts/bjw-s-charts.yaml rename to kubernetes/base/repositories/helm/bjw-s.yaml index 64b916b4d..c9e6c2d48 100644 --- a/cluster/charts/bjw-s-charts.yaml +++ b/kubernetes/base/repositories/helm/bjw-s.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: bjw-s-charts + name: bjw-s namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/cert-manager-webhook-ovh.yaml b/kubernetes/base/repositories/helm/cert-manager-webhook-ovh.yaml similarity index 86% rename from cluster/charts/cert-manager-webhook-ovh.yaml rename to kubernetes/base/repositories/helm/cert-manager-webhook-ovh.yaml index 44741a6b1..1e8cd32ad 100644 --- a/cluster/charts/cert-manager-webhook-ovh.yaml +++ b/kubernetes/base/repositories/helm/cert-manager-webhook-ovh.yaml @@ -1,5 +1,5 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: GitRepository metadata: name: cert-manager-webhook-ovh diff --git a/kubernetes/base/repositories/helm/cilium.yaml b/kubernetes/base/repositories/helm/cilium.yaml new file mode 100644 index 000000000..51c65d691 --- /dev/null +++ b/kubernetes/base/repositories/helm/cilium.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: cilium + namespace: flux-system +spec: + interval: 1h + url: https://helm.cilium.io diff --git a/cluster/charts/cloudnative-pg-charts.yaml b/kubernetes/base/repositories/helm/cloudnative-pg.yaml similarity index 85% rename from cluster/charts/cloudnative-pg-charts.yaml rename to kubernetes/base/repositories/helm/cloudnative-pg.yaml index eb00d862b..6cd8394ff 100644 --- a/cluster/charts/cloudnative-pg-charts.yaml +++ b/kubernetes/base/repositories/helm/cloudnative-pg.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: cloudnative-pg-charts + name: cloudnative-pg namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/descheduler-charts.yaml b/kubernetes/base/repositories/helm/descheduler.yaml similarity index 86% rename from cluster/charts/descheduler-charts.yaml rename to kubernetes/base/repositories/helm/descheduler.yaml index 06788a095..64d63f6e2 100644 --- a/cluster/charts/descheduler-charts.yaml +++ b/kubernetes/base/repositories/helm/descheduler.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: descheduler-charts + name: descheduler namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/drone-charts.yaml b/kubernetes/base/repositories/helm/drone.yaml similarity index 100% rename from cluster/charts/drone-charts.yaml rename to kubernetes/base/repositories/helm/drone.yaml diff --git a/cluster/charts/dysnix-charts.yaml b/kubernetes/base/repositories/helm/dysnix.yaml similarity index 88% rename from cluster/charts/dysnix-charts.yaml rename to kubernetes/base/repositories/helm/dysnix.yaml index e2530a010..ce01a64bb 100644 --- a/cluster/charts/dysnix-charts.yaml +++ b/kubernetes/base/repositories/helm/dysnix.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: dysnix-charts + name: dysnix namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/emxq-charts.yaml b/kubernetes/base/repositories/helm/emxq.yaml similarity index 66% rename from cluster/charts/emxq-charts.yaml rename to kubernetes/base/repositories/helm/emxq.yaml index 83671f817..ce6d887a4 100644 --- a/cluster/charts/emxq-charts.yaml +++ b/kubernetes/base/repositories/helm/emxq.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: emqx-charts + name: emqx namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/external-dns-charts.yaml b/kubernetes/base/repositories/helm/external-dns.yaml similarity index 86% rename from cluster/charts/external-dns-charts.yaml rename to kubernetes/base/repositories/helm/external-dns.yaml index 2109d9e1e..b76b9662c 100644 --- a/cluster/charts/external-dns-charts.yaml +++ b/kubernetes/base/repositories/helm/external-dns.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: external-dns-charts + name: external-dns namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/gitea-charts.yaml b/kubernetes/base/repositories/helm/gitea.yaml similarity index 66% rename from cluster/charts/gitea-charts.yaml rename to kubernetes/base/repositories/helm/gitea.yaml index 31bd2106a..6e5342cc7 100644 --- a/cluster/charts/gitea-charts.yaml +++ b/kubernetes/base/repositories/helm/gitea.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: gitea-charts + name: gitea namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/grafana-charts.yaml b/kubernetes/base/repositories/helm/grafana.yaml similarity index 67% rename from cluster/charts/grafana-charts.yaml rename to kubernetes/base/repositories/helm/grafana.yaml index 28b2f3126..cee734c7a 100644 --- a/cluster/charts/grafana-charts.yaml +++ b/kubernetes/base/repositories/helm/grafana.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: grafana-charts + name: grafana namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/ingress-nginx-charts.yaml b/kubernetes/base/repositories/helm/ingress-nginx.yaml similarity index 66% rename from cluster/charts/ingress-nginx-charts.yaml rename to kubernetes/base/repositories/helm/ingress-nginx.yaml index eb15f7492..020bbbaa6 100644 --- a/cluster/charts/ingress-nginx-charts.yaml +++ b/kubernetes/base/repositories/helm/ingress-nginx.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: ingress-nginx-charts + name: ingress-nginx namespace: flux-system spec: interval: 1h diff --git a/kubernetes/base/repositories/helm/jetstack.yaml b/kubernetes/base/repositories/helm/jetstack.yaml new file mode 100644 index 000000000..d4a9ab37b --- /dev/null +++ b/kubernetes/base/repositories/helm/jetstack.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: jetstack + namespace: flux-system +spec: + interval: 1h + url: https://charts.jetstack.io/ + timeout: 3m diff --git a/cluster/charts/k8s-gateway-charts.yaml b/kubernetes/base/repositories/helm/k8s-gateway.yaml similarity index 66% rename from cluster/charts/k8s-gateway-charts.yaml rename to kubernetes/base/repositories/helm/k8s-gateway.yaml index e922d60d6..6a96f3f05 100644 --- a/cluster/charts/k8s-gateway-charts.yaml +++ b/kubernetes/base/repositories/helm/k8s-gateway.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: k8s-gateway-charts + name: k8s-gateway namespace: flux-system spec: interval: 1h diff --git a/kubernetes/base/repositories/helm/kustomization.yaml b/kubernetes/base/repositories/helm/kustomization.yaml new file mode 100644 index 000000000..ecb68863f --- /dev/null +++ b/kubernetes/base/repositories/helm/kustomization.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - bitnami.yaml + - bjw-s.yaml + - cert-manager-webhook-ovh.yaml + - cilium.yaml + - cloudnative-pg.yaml + - descheduler.yaml + - drone.yaml + - dysnix.yaml + - emxq.yaml + - external-dns.yaml + - gitea.yaml + - grafana.yaml + - ingress-nginx.yaml + - jetstack.yaml + - k8s-gateway.yaml + - kyverno.yaml + - metrics-server.yaml + - node-feature-discovery.yaml + - prometheus-community.yaml + - rook-ceph.yaml + - stakater.yaml + - vector.yaml + - weave-gitops.yaml diff --git a/cluster/charts/kyverno-charts.yaml b/kubernetes/base/repositories/helm/kyverno.yaml similarity index 87% rename from cluster/charts/kyverno-charts.yaml rename to kubernetes/base/repositories/helm/kyverno.yaml index 7257a920f..bc329137b 100644 --- a/cluster/charts/kyverno-charts.yaml +++ b/kubernetes/base/repositories/helm/kyverno.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: kyverno-charts + name: kyverno namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/metrics-server-charts.yaml b/kubernetes/base/repositories/helm/metrics-server.yaml similarity index 85% rename from cluster/charts/metrics-server-charts.yaml rename to kubernetes/base/repositories/helm/metrics-server.yaml index 50c80c1b5..57e7aa0c5 100644 --- a/cluster/charts/metrics-server-charts.yaml +++ b/kubernetes/base/repositories/helm/metrics-server.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: metrics-server-charts + name: metrics-server namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/node-feature-discovery.yaml b/kubernetes/base/repositories/helm/node-feature-discovery.yaml similarity index 66% rename from cluster/charts/node-feature-discovery.yaml rename to kubernetes/base/repositories/helm/node-feature-discovery.yaml index 28613b20c..9f8f522b2 100644 --- a/cluster/charts/node-feature-discovery.yaml +++ b/kubernetes/base/repositories/helm/node-feature-discovery.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: node-feature-discovery-charts + name: node-feature-discovery namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/prometheus-community-charts.yaml b/kubernetes/base/repositories/helm/prometheus-community.yaml similarity index 65% rename from cluster/charts/prometheus-community-charts.yaml rename to kubernetes/base/repositories/helm/prometheus-community.yaml index 30c264781..a43a5f2b8 100644 --- a/cluster/charts/prometheus-community-charts.yaml +++ b/kubernetes/base/repositories/helm/prometheus-community.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: prometheus-community-charts + name: prometheus-community namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/rook-ceph-charts.yaml b/kubernetes/base/repositories/helm/rook-ceph.yaml similarity index 65% rename from cluster/charts/rook-ceph-charts.yaml rename to kubernetes/base/repositories/helm/rook-ceph.yaml index 7457789c4..23c25530c 100644 --- a/cluster/charts/rook-ceph-charts.yaml +++ b/kubernetes/base/repositories/helm/rook-ceph.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: rook-ceph-charts + name: rook-ceph namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/stakater-charts.yaml b/kubernetes/base/repositories/helm/stakater.yaml similarity index 67% rename from cluster/charts/stakater-charts.yaml rename to kubernetes/base/repositories/helm/stakater.yaml index acbe36c80..a0d47cad0 100644 --- a/cluster/charts/stakater-charts.yaml +++ b/kubernetes/base/repositories/helm/stakater.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: stakater-charts + name: stakater namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/vector-charts.yaml b/kubernetes/base/repositories/helm/vector.yaml similarity index 87% rename from cluster/charts/vector-charts.yaml rename to kubernetes/base/repositories/helm/vector.yaml index 07d511e48..e5090d6b2 100644 --- a/cluster/charts/vector-charts.yaml +++ b/kubernetes/base/repositories/helm/vector.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: vector-charts + name: vector namespace: flux-system spec: interval: 1h diff --git a/kubernetes/base/repositories/helm/weave-gitops.yaml b/kubernetes/base/repositories/helm/weave-gitops.yaml new file mode 100644 index 000000000..97dc2e3cd --- /dev/null +++ b/kubernetes/base/repositories/helm/weave-gitops.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: weave-gitops + namespace: flux-system +spec: + interval: 30m + url: https://helm.gitops.weave.works + timeout: 3m diff --git a/cluster/crds/kube-prometheus-stack/kustomization.yaml b/kubernetes/base/repositories/kustomization.yaml similarity index 84% rename from cluster/crds/kube-prometheus-stack/kustomization.yaml rename to kubernetes/base/repositories/kustomization.yaml index 2ed3b3515..0a03f298e 100644 --- a/cluster/crds/kube-prometheus-stack/kustomization.yaml +++ b/kubernetes/base/repositories/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - crds.yaml + - helm diff --git a/cluster/apps/authentication/authelia/config/configuration.yml b/kubernetes/cluster-0/apps/authentication/authelia/config/configuration.yml similarity index 100% rename from cluster/apps/authentication/authelia/config/configuration.yml rename to kubernetes/cluster-0/apps/authentication/authelia/config/configuration.yml diff --git a/cluster/apps/authentication/authelia/helm-release.yaml b/kubernetes/cluster-0/apps/authentication/authelia/helm-release.yaml similarity index 98% rename from cluster/apps/authentication/authelia/helm-release.yaml rename to kubernetes/cluster-0/apps/authentication/authelia/helm-release.yaml index 91170ac3f..86f5a38d8 100644 --- a/cluster/apps/authentication/authelia/helm-release.yaml +++ b/kubernetes/cluster-0/apps/authentication/authelia/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/authentication/authelia/kustomization.yaml b/kubernetes/cluster-0/apps/authentication/authelia/kustomization.yaml similarity index 100% rename from cluster/apps/authentication/authelia/kustomization.yaml rename to kubernetes/cluster-0/apps/authentication/authelia/kustomization.yaml diff --git a/cluster/apps/authentication/authelia/patches/env.yaml b/kubernetes/cluster-0/apps/authentication/authelia/patches/env.yaml similarity index 100% rename from cluster/apps/authentication/authelia/patches/env.yaml rename to kubernetes/cluster-0/apps/authentication/authelia/patches/env.yaml diff --git a/cluster/apps/authentication/authelia/patches/postgres.yaml b/kubernetes/cluster-0/apps/authentication/authelia/patches/postgres.yaml similarity index 100% rename from cluster/apps/authentication/authelia/patches/postgres.yaml rename to kubernetes/cluster-0/apps/authentication/authelia/patches/postgres.yaml diff --git a/cluster/apps/authentication/authelia/secret.sops.yaml b/kubernetes/cluster-0/apps/authentication/authelia/secret.sops.yaml similarity index 100% rename from cluster/apps/authentication/authelia/secret.sops.yaml rename to kubernetes/cluster-0/apps/authentication/authelia/secret.sops.yaml diff --git a/cluster/apps/authentication/glauth/config/groups.sops.toml b/kubernetes/cluster-0/apps/authentication/glauth/config/groups.sops.toml similarity index 100% rename from cluster/apps/authentication/glauth/config/groups.sops.toml rename to kubernetes/cluster-0/apps/authentication/glauth/config/groups.sops.toml diff --git a/cluster/apps/authentication/glauth/config/server.sops.toml b/kubernetes/cluster-0/apps/authentication/glauth/config/server.sops.toml similarity index 100% rename from cluster/apps/authentication/glauth/config/server.sops.toml rename to kubernetes/cluster-0/apps/authentication/glauth/config/server.sops.toml diff --git a/cluster/apps/authentication/glauth/config/users.sops.toml b/kubernetes/cluster-0/apps/authentication/glauth/config/users.sops.toml similarity index 100% rename from cluster/apps/authentication/glauth/config/users.sops.toml rename to kubernetes/cluster-0/apps/authentication/glauth/config/users.sops.toml diff --git a/cluster/apps/authentication/glauth/helm-release.yaml b/kubernetes/cluster-0/apps/authentication/glauth/helm-release.yaml similarity index 97% rename from cluster/apps/authentication/glauth/helm-release.yaml rename to kubernetes/cluster-0/apps/authentication/glauth/helm-release.yaml index 956d3d9de..9f882b374 100644 --- a/cluster/apps/authentication/glauth/helm-release.yaml +++ b/kubernetes/cluster-0/apps/authentication/glauth/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/authentication/glauth/kustomization.yaml b/kubernetes/cluster-0/apps/authentication/glauth/kustomization.yaml similarity index 100% rename from cluster/apps/authentication/glauth/kustomization.yaml rename to kubernetes/cluster-0/apps/authentication/glauth/kustomization.yaml diff --git a/cluster/apps/authentication/kustomization.yaml b/kubernetes/cluster-0/apps/authentication/kustomization.yaml similarity index 100% rename from cluster/apps/authentication/kustomization.yaml rename to kubernetes/cluster-0/apps/authentication/kustomization.yaml diff --git a/cluster/apps/authentication/readme.md b/kubernetes/cluster-0/apps/authentication/readme.md similarity index 100% rename from cluster/apps/authentication/readme.md rename to kubernetes/cluster-0/apps/authentication/readme.md diff --git a/cluster/apps/crypto/celestia-app/helm-release.yaml b/kubernetes/cluster-0/apps/crypto/celestia-app/helm-release.yaml similarity index 98% rename from cluster/apps/crypto/celestia-app/helm-release.yaml rename to kubernetes/cluster-0/apps/crypto/celestia-app/helm-release.yaml index 4b22a2960..37f46d7da 100644 --- a/cluster/apps/crypto/celestia-app/helm-release.yaml +++ b/kubernetes/cluster-0/apps/crypto/celestia-app/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/crypto/celestia-app/kustomization.yaml b/kubernetes/cluster-0/apps/crypto/celestia-app/kustomization.yaml similarity index 100% rename from cluster/apps/crypto/celestia-app/kustomization.yaml rename to kubernetes/cluster-0/apps/crypto/celestia-app/kustomization.yaml diff --git a/cluster/apps/crypto/celestia-app/secret.sops.yaml b/kubernetes/cluster-0/apps/crypto/celestia-app/secret.sops.yaml similarity index 100% rename from cluster/apps/crypto/celestia-app/secret.sops.yaml rename to kubernetes/cluster-0/apps/crypto/celestia-app/secret.sops.yaml diff --git a/cluster/apps/crypto/celestia-app/volume.yaml b/kubernetes/cluster-0/apps/crypto/celestia-app/volume.yaml similarity index 100% rename from cluster/apps/crypto/celestia-app/volume.yaml rename to kubernetes/cluster-0/apps/crypto/celestia-app/volume.yaml diff --git a/cluster/apps/crypto/kustomization.yaml b/kubernetes/cluster-0/apps/crypto/kustomization.yaml similarity index 100% rename from cluster/apps/crypto/kustomization.yaml rename to kubernetes/cluster-0/apps/crypto/kustomization.yaml diff --git a/cluster/apps/databases/kustomization.yaml b/kubernetes/cluster-0/apps/databases/kustomization.yaml similarity index 100% rename from cluster/apps/databases/kustomization.yaml rename to kubernetes/cluster-0/apps/databases/kustomization.yaml diff --git a/cluster/apps/databases/pgadmin/helm-release.yaml b/kubernetes/cluster-0/apps/databases/pgadmin/helm-release.yaml similarity index 79% rename from cluster/apps/databases/pgadmin/helm-release.yaml rename to kubernetes/cluster-0/apps/databases/pgadmin/helm-release.yaml index 6d51ab449..83c210bdd 100644 --- a/cluster/apps/databases/pgadmin/helm-release.yaml +++ b/kubernetes/cluster-0/apps/databases/pgadmin/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -30,6 +30,15 @@ spec: envFrom: - secretRef: name: *app + initContainers: + volume-permissions: + image: dpage/pgadmin4:6.15 + command: ["/bin/chown", "-R", "5050:5050", "/var/lib/pgadmin"] + volumeMounts: + - name: config + mountPath: /var/lib/pgadmin + securityContext: + runAsUser: 0 service: main: ports: diff --git a/cluster/apps/databases/pgadmin/kustomization.yaml b/kubernetes/cluster-0/apps/databases/pgadmin/kustomization.yaml similarity index 100% rename from cluster/apps/databases/pgadmin/kustomization.yaml rename to kubernetes/cluster-0/apps/databases/pgadmin/kustomization.yaml diff --git a/cluster/apps/databases/pgadmin/secret.sops.yaml b/kubernetes/cluster-0/apps/databases/pgadmin/secret.sops.yaml similarity index 100% rename from cluster/apps/databases/pgadmin/secret.sops.yaml rename to kubernetes/cluster-0/apps/databases/pgadmin/secret.sops.yaml diff --git a/cluster/apps/databases/pgadmin/volume.yaml b/kubernetes/cluster-0/apps/databases/pgadmin/volume.yaml similarity index 100% rename from cluster/apps/databases/pgadmin/volume.yaml rename to kubernetes/cluster-0/apps/databases/pgadmin/volume.yaml diff --git a/cluster/apps/databases/postgres/cluster/helm-release.yaml b/kubernetes/cluster-0/apps/databases/postgres/cluster/helm-release.yaml similarity index 69% rename from cluster/apps/databases/postgres/cluster/helm-release.yaml rename to kubernetes/cluster-0/apps/databases/postgres/cluster/helm-release.yaml index fd9eed4fd..a8b04f1d0 100644 --- a/cluster/apps/databases/postgres/cluster/helm-release.yaml +++ b/kubernetes/cluster-0/apps/databases/postgres/cluster/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true @@ -53,7 +53,7 @@ spec: maxParallel: 8 destinationPath: s3://postgresql/ endpointURL: https://truenas.${SECRET_DOMAIN}:9000 - serverName: postgres-v2 + serverName: postgres-v3 s3Credentials: accessKeyId: name: postgres-minio @@ -61,20 +61,20 @@ spec: secretAccessKey: name: postgres-minio key: MINIO_SECRET_KEY - bootstrap: - recovery: - source: postgres - externalClusters: - - name: postgres - barmanObjectStore: - destinationPath: s3://postgresql/ - endpointURL: https://truenas.${SECRET_DOMAIN}:9000 - s3Credentials: - accessKeyId: - name: postgres-minio - key: MINIO_ACCESS_KEY - secretAccessKey: - name: postgres-minio - key: MINIO_SECRET_KEY - wal: - maxParallel: 8 + # bootstrap: + # recovery: + # source: postgres + # externalClusters: + # - name: postgres + # barmanObjectStore: + # destinationPath: s3://postgresql/ + # endpointURL: https://truenas.${SECRET_DOMAIN}:9000 + # s3Credentials: + # accessKeyId: + # name: postgres-minio + # key: MINIO_ACCESS_KEY + # secretAccessKey: + # name: postgres-minio + # key: MINIO_SECRET_KEY + # wal: + # maxParallel: 8 diff --git a/cluster/apps/databases/postgres/cluster/kustomization.yaml b/kubernetes/cluster-0/apps/databases/postgres/cluster/kustomization.yaml similarity index 100% rename from cluster/apps/databases/postgres/cluster/kustomization.yaml rename to kubernetes/cluster-0/apps/databases/postgres/cluster/kustomization.yaml diff --git a/cluster/apps/databases/postgres/cluster/secret.sops.yaml b/kubernetes/cluster-0/apps/databases/postgres/cluster/secret.sops.yaml similarity index 100% rename from cluster/apps/databases/postgres/cluster/secret.sops.yaml rename to kubernetes/cluster-0/apps/databases/postgres/cluster/secret.sops.yaml diff --git a/cluster/apps/databases/postgres/external-backup/helm-release.yaml b/kubernetes/cluster-0/apps/databases/postgres/external-backup/helm-release.yaml similarity index 93% rename from cluster/apps/databases/postgres/external-backup/helm-release.yaml rename to kubernetes/cluster-0/apps/databases/postgres/external-backup/helm-release.yaml index b22c7998e..8f2379ba3 100644 --- a/cluster/apps/databases/postgres/external-backup/helm-release.yaml +++ b/kubernetes/cluster-0/apps/databases/postgres/external-backup/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true @@ -47,7 +47,7 @@ spec: - name: POSTGRES_HOST value: postgres-rw.default.svc.cluster.local. - name: POSTGRES_DB - value: "authelia,freshrss,gitea,home_assistant,healthchecks,invidious,joplin,lychee,recipes,sharry,outline,vaultwarden,vikunja,wallabag" + value: "drone,freshrss,gitea,healthchecks,invidious,joplin,lychee,recipes,sharry,outline,vaultwarden,vikunja,wallabag" - name: POSTGRES_USER valueFrom: secretKeyRef: diff --git a/cluster/apps/databases/postgres/external-backup/kustomization.yaml b/kubernetes/cluster-0/apps/databases/postgres/external-backup/kustomization.yaml similarity index 100% rename from cluster/apps/databases/postgres/external-backup/kustomization.yaml rename to kubernetes/cluster-0/apps/databases/postgres/external-backup/kustomization.yaml diff --git a/cluster/apps/databases/postgres/helm-release.yaml b/kubernetes/cluster-0/apps/databases/postgres/helm-release.yaml similarity index 93% rename from cluster/apps/databases/postgres/helm-release.yaml rename to kubernetes/cluster-0/apps/databases/postgres/helm-release.yaml index 49c84c1b9..a052555ed 100644 --- a/cluster/apps/databases/postgres/helm-release.yaml +++ b/kubernetes/cluster-0/apps/databases/postgres/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 0.16.0 sourceRef: kind: HelmRepository - name: cloudnative-pg-charts + name: cloudnative-pg namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/databases/postgres/kustomization.yaml b/kubernetes/cluster-0/apps/databases/postgres/kustomization.yaml similarity index 100% rename from cluster/apps/databases/postgres/kustomization.yaml rename to kubernetes/cluster-0/apps/databases/postgres/kustomization.yaml diff --git a/cluster/apps/databases/postgres/scheduled-backup/helm-release.yaml b/kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/helm-release.yaml similarity index 96% rename from cluster/apps/databases/postgres/scheduled-backup/helm-release.yaml rename to kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/helm-release.yaml index 0ce50d2fd..15547807b 100644 --- a/cluster/apps/databases/postgres/scheduled-backup/helm-release.yaml +++ b/kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/databases/postgres/scheduled-backup/kustomization.yaml b/kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/kustomization.yaml similarity index 100% rename from cluster/apps/databases/postgres/scheduled-backup/kustomization.yaml rename to kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/kustomization.yaml diff --git a/cluster/apps/databases/postgres/scheduled-backup/secret.sops.yaml b/kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/secret.sops.yaml similarity index 100% rename from cluster/apps/databases/postgres/scheduled-backup/secret.sops.yaml rename to kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/secret.sops.yaml diff --git a/cluster/apps/databases/readme.md b/kubernetes/cluster-0/apps/databases/readme.md similarity index 100% rename from cluster/apps/databases/readme.md rename to kubernetes/cluster-0/apps/databases/readme.md diff --git a/cluster/apps/databases/redis/helm-release.yaml b/kubernetes/cluster-0/apps/databases/redis/helm-release.yaml similarity index 96% rename from cluster/apps/databases/redis/helm-release.yaml rename to kubernetes/cluster-0/apps/databases/redis/helm-release.yaml index aa6b76151..c27a7cbc5 100644 --- a/cluster/apps/databases/redis/helm-release.yaml +++ b/kubernetes/cluster-0/apps/databases/redis/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 17.3.11 sourceRef: kind: HelmRepository - name: bitnami-charts + name: bitnami namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/databases/redis/kustomization.yaml b/kubernetes/cluster-0/apps/databases/redis/kustomization.yaml similarity index 100% rename from cluster/apps/databases/redis/kustomization.yaml rename to kubernetes/cluster-0/apps/databases/redis/kustomization.yaml diff --git a/cluster/apps/databases/redis/secret.sops.yaml b/kubernetes/cluster-0/apps/databases/redis/secret.sops.yaml similarity index 100% rename from cluster/apps/databases/redis/secret.sops.yaml rename to kubernetes/cluster-0/apps/databases/redis/secret.sops.yaml diff --git a/cluster/apps/development/drone/drone-kubernetes-secrets/helm-release.yaml b/kubernetes/cluster-0/apps/development/drone/drone-kubernetes-secrets/helm-release.yaml similarity index 100% rename from cluster/apps/development/drone/drone-kubernetes-secrets/helm-release.yaml rename to kubernetes/cluster-0/apps/development/drone/drone-kubernetes-secrets/helm-release.yaml diff --git a/cluster/apps/development/drone/drone-kubernetes-secrets/kustomization.yaml b/kubernetes/cluster-0/apps/development/drone/drone-kubernetes-secrets/kustomization.yaml similarity index 100% rename from cluster/apps/development/drone/drone-kubernetes-secrets/kustomization.yaml rename to kubernetes/cluster-0/apps/development/drone/drone-kubernetes-secrets/kustomization.yaml diff --git a/cluster/apps/development/drone/drone-runner-kube/helm-release.yaml b/kubernetes/cluster-0/apps/development/drone/drone-runner-kube/helm-release.yaml similarity index 100% rename from cluster/apps/development/drone/drone-runner-kube/helm-release.yaml rename to kubernetes/cluster-0/apps/development/drone/drone-runner-kube/helm-release.yaml diff --git a/cluster/apps/development/drone/drone-runner-kube/kustomization.yaml b/kubernetes/cluster-0/apps/development/drone/drone-runner-kube/kustomization.yaml similarity index 100% rename from cluster/apps/development/drone/drone-runner-kube/kustomization.yaml rename to kubernetes/cluster-0/apps/development/drone/drone-runner-kube/kustomization.yaml diff --git a/cluster/apps/development/drone/helm-release.yaml b/kubernetes/cluster-0/apps/development/drone/helm-release.yaml similarity index 100% rename from cluster/apps/development/drone/helm-release.yaml rename to kubernetes/cluster-0/apps/development/drone/helm-release.yaml diff --git a/cluster/apps/development/drone/kustomization.yaml b/kubernetes/cluster-0/apps/development/drone/kustomization.yaml similarity index 100% rename from cluster/apps/development/drone/kustomization.yaml rename to kubernetes/cluster-0/apps/development/drone/kustomization.yaml diff --git a/cluster/apps/development/drone/secret.sops.yaml b/kubernetes/cluster-0/apps/development/drone/secret.sops.yaml similarity index 100% rename from cluster/apps/development/drone/secret.sops.yaml rename to kubernetes/cluster-0/apps/development/drone/secret.sops.yaml diff --git a/cluster/apps/development/gitea/external-backup/helm-release.yaml b/kubernetes/cluster-0/apps/development/gitea/external-backup/helm-release.yaml similarity index 96% rename from cluster/apps/development/gitea/external-backup/helm-release.yaml rename to kubernetes/cluster-0/apps/development/gitea/external-backup/helm-release.yaml index c6d8bb99b..53b228cfd 100644 --- a/cluster/apps/development/gitea/external-backup/helm-release.yaml +++ b/kubernetes/cluster-0/apps/development/gitea/external-backup/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true @@ -41,7 +41,7 @@ spec: spec: containers: - name: *app - image: ghcr.io/auricom/kubectl:v1.25.0@sha256:9386292eedb8bf26c34b44d1c8195813456ab3572f166814b8bda77ab917c7a8 + image: ghcr.io/auricom/kubectl:1.25.4@sha256:eef66c93cd48cacb338a8994632e0b75aafeac2fbdcc5c64314a9bf422d0380c imagePullPolicy: IfNotPresent command: - "/bin/bash" diff --git a/cluster/apps/development/gitea/external-backup/kustomization.yaml b/kubernetes/cluster-0/apps/development/gitea/external-backup/kustomization.yaml similarity index 100% rename from cluster/apps/development/gitea/external-backup/kustomization.yaml rename to kubernetes/cluster-0/apps/development/gitea/external-backup/kustomization.yaml diff --git a/cluster/apps/development/gitea/helm-release.yaml b/kubernetes/cluster-0/apps/development/gitea/helm-release.yaml similarity index 97% rename from cluster/apps/development/gitea/helm-release.yaml rename to kubernetes/cluster-0/apps/development/gitea/helm-release.yaml index fdacb9291..bc822317e 100644 --- a/cluster/apps/development/gitea/helm-release.yaml +++ b/kubernetes/cluster-0/apps/development/gitea/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 6.0.3 sourceRef: kind: HelmRepository - name: gitea-charts + name: gitea namespace: flux-system install: createNamespace: true @@ -109,9 +109,7 @@ spec: ssh: type: LoadBalancer port: 22 - externalTrafficPolicy: Local - externalIPs: - - ${CLUSTER_LB_GITEA} + loadBalancerIP: ${CLUSTER_LB_GITEA} ingress: enabled: true className: nginx diff --git a/cluster/apps/development/gitea/kustomization.yaml b/kubernetes/cluster-0/apps/development/gitea/kustomization.yaml similarity index 100% rename from cluster/apps/development/gitea/kustomization.yaml rename to kubernetes/cluster-0/apps/development/gitea/kustomization.yaml diff --git a/cluster/apps/development/gitea/secret.sops.yaml b/kubernetes/cluster-0/apps/development/gitea/secret.sops.yaml similarity index 100% rename from cluster/apps/development/gitea/secret.sops.yaml rename to kubernetes/cluster-0/apps/development/gitea/secret.sops.yaml diff --git a/cluster/apps/development/gitea/volume.yaml b/kubernetes/cluster-0/apps/development/gitea/volume.yaml similarity index 100% rename from cluster/apps/development/gitea/volume.yaml rename to kubernetes/cluster-0/apps/development/gitea/volume.yaml diff --git a/cluster/apps/development/kustomization.yaml b/kubernetes/cluster-0/apps/development/kustomization.yaml similarity index 100% rename from cluster/apps/development/kustomization.yaml rename to kubernetes/cluster-0/apps/development/kustomization.yaml diff --git a/cluster/apps/development/readme.md b/kubernetes/cluster-0/apps/development/readme.md similarity index 100% rename from cluster/apps/development/readme.md rename to kubernetes/cluster-0/apps/development/readme.md diff --git a/cluster/apps/documentation/kustomization.yaml b/kubernetes/cluster-0/apps/documentation/kustomization.yaml similarity index 100% rename from cluster/apps/documentation/kustomization.yaml rename to kubernetes/cluster-0/apps/documentation/kustomization.yaml diff --git a/cluster/apps/documentation/outline/helm-release.yaml b/kubernetes/cluster-0/apps/documentation/outline/helm-release.yaml similarity index 98% rename from cluster/apps/documentation/outline/helm-release.yaml rename to kubernetes/cluster-0/apps/documentation/outline/helm-release.yaml index be593ad5a..af1c38ae2 100644 --- a/cluster/apps/documentation/outline/helm-release.yaml +++ b/kubernetes/cluster-0/apps/documentation/outline/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/documentation/outline/kustomization.yaml b/kubernetes/cluster-0/apps/documentation/outline/kustomization.yaml similarity index 100% rename from cluster/apps/documentation/outline/kustomization.yaml rename to kubernetes/cluster-0/apps/documentation/outline/kustomization.yaml diff --git a/cluster/apps/documentation/outline/patches/env.yaml b/kubernetes/cluster-0/apps/documentation/outline/patches/env.yaml similarity index 100% rename from cluster/apps/documentation/outline/patches/env.yaml rename to kubernetes/cluster-0/apps/documentation/outline/patches/env.yaml diff --git a/cluster/apps/documentation/outline/patches/postgres.yaml b/kubernetes/cluster-0/apps/documentation/outline/patches/postgres.yaml similarity index 100% rename from cluster/apps/documentation/outline/patches/postgres.yaml rename to kubernetes/cluster-0/apps/documentation/outline/patches/postgres.yaml diff --git a/cluster/apps/documentation/outline/secret.sops.yaml b/kubernetes/cluster-0/apps/documentation/outline/secret.sops.yaml similarity index 70% rename from cluster/apps/documentation/outline/secret.sops.yaml rename to kubernetes/cluster-0/apps/documentation/outline/secret.sops.yaml index 7deba431a..2c31993a8 100644 --- a/cluster/apps/documentation/outline/secret.sops.yaml +++ b/kubernetes/cluster-0/apps/documentation/outline/secret.sops.yaml @@ -10,9 +10,9 @@ stringData: AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:2GGPneKPmFEtq3A9X7fskiv/FnKv5deoyzNx0/euYrTOJKrRiTgj8g==,iv:u1LLrjxP1GwWcM1FJLjB9OpUFTPI0D9IZEX86IHGpmU=,tag:7vq4QeQagU2B9+WShheDKg==,type:str] SECRET_KEY: ENC[AES256_GCM,data:RUjf4wghv9PnDdSNWeytoDRzH+A7wa8RNYDP+MYIf8KHjOGyVNzZwEuS8ah8wy8tvBWAE9kykOC1KhP+wFofIA==,iv:3z7NZ87ILlyrkx4YMWQ9uFL2W31bTmwZFkJxOHgSVvo=,tag:umplfrhjvCZX9Ucneo7Q+Q==,type:str] UTILS_SECRET: ENC[AES256_GCM,data:r5DADkQbM5fEBsWs7ddUx2PXnt+ePiQcJZgKMmHYpkddmPFeS5xpJGgbhun7v409aKJLQRm/tUIysBlxHlnSbA==,iv:cP2KQeUmgjoXuY7UnQ57M4tBUeO0hELGe+HrSB5RJ3Q=,tag:HD4lccnbZXjllmOLyEHY3Q==,type:str] - DATABASE_URL: ENC[AES256_GCM,data:PmbXB90u/mb/hpEgxxyyegCjaaQNadKcIIZ/QX/WZho0/jq/qsUu9lnX9j1D2TWiY2zsL8pfb0Fgdznki8/2U7bmezScEXlN660yB1F5fdnj5oktK+z8wmg8,iv:mDs74Ynp0xLJlgAh250PYSfGb50PuayHKGP9RyXlK88=,tag:hZYRJxrOToPOg1XNZtX6CQ==,type:str] + DATABASE_URL: ENC[AES256_GCM,data:NAAK6EBbngEf1uW7o8Qi2gZJ9z6VYP0btsbKrkf3O/ZmbcRCCUYXfKYg7zUZiyXmyUSqZboCIi7TDPBotrjhimTBelbx/WD0S/41kZBQWYHDIZ2+nYyCGRxP,iv:q1zxJ2oRN6okkOeqrzK0cKaD2dkEGzgC7cqv+kNjCy0=,tag:xltRDd+u16SCJJPh5UU3oQ==,type:str] POSTGRES_USER: ENC[AES256_GCM,data:4FlwiUkmmQ==,iv:f/mOMCV34bvseHAJ37AaUIZUYcBobtdIAYN/5ONhGbg=,tag:HFvPkQh2i/BtnynAjP0uhg==,type:str] - POSTGRES_PASS: ENC[AES256_GCM,data:HTbSg+yj1iKqlGmPPwql+GD+psM=,iv:fMHU+AYZ/NfgtCstuQIfnBmKRD2n3hMmFKSqC5akB/c=,tag:v16K+iZZVQZ9gpBIBWgyfQ==,type:str] + POSTGRES_PASS: ENC[AES256_GCM,data:/54bUXgZFUnxvB5kqqvU0gbedzc=,iv:sRVKl5qH9zY6pOrzYaIOmF5BG7qahOSb5WFWt8I+BNw=,tag:EkofX2OPX4VdvJNyX2t39Q==,type:str] sops: kms: [] gcp_kms: [] @@ -28,8 +28,8 @@ sops: eGsyL3NhNS8xdUp0VlNQbWRYbHFLYW8KeMc82BlegMJMtAF/WGMbXhpf2MVvUP5q ehHCSwpe3a8WwXEBNu1u5IPcnMO4Fo5HhjLbMx6H1Ynd6KdyDXUKEg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-09-16T12:43:00Z" - mac: ENC[AES256_GCM,data:6RfDQu9CTAOg1AwfKn05qvBv/K1II3nUpMsei3qQKbcUPztn+hpxjiByz1WoGN2u5WBvRJK+Jeo3Z0L1MkC78YjLydhXvnKpdcQFBFob+q9E3FdkqHgqh/SroyaZHSykDWSEGDwqb9/iYONTXPUxchQYKFH/5YTRU2Qms8hoeqI=,iv:ZnilmIpjCA10gV53FOV23iw0pOwrYoMCTX20nb5sDCc=,tag:VDfFckR0iC/tdv1ra2Qd2A==,type:str] + lastmodified: "2022-11-19T22:40:33Z" + mac: ENC[AES256_GCM,data:nrFpZ3+UBaW9n0uTIArIyPuMuQyh0IHqu5KmcUZHk2weKEQshkx3jfNmpsMieKRbdZjPbopqggeq5wN+6dD01M8+nTMBMNnBCIZMi0SIAVFybwzIR7op5CAAWsCmQuOy3GYCrLrMhujPsN2TBM9VEmlPA5xZRYslNlQShZWrGiQ=,iv:I/tKIbAGkBgh+ruQBCNQ7TxSp4fkknb/rDjAE3BdjIM=,tag:hNF1kscQEMgAElWlpSqzYg==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3 diff --git a/cluster/apps/documentation/readme.md b/kubernetes/cluster-0/apps/documentation/readme.md similarity index 100% rename from cluster/apps/documentation/readme.md rename to kubernetes/cluster-0/apps/documentation/readme.md diff --git a/cluster/apps/downloaders/flood/helm-release.yaml b/kubernetes/cluster-0/apps/downloaders/flood/helm-release.yaml similarity index 98% rename from cluster/apps/downloaders/flood/helm-release.yaml rename to kubernetes/cluster-0/apps/downloaders/flood/helm-release.yaml index 13f9840a6..0e02065e8 100644 --- a/cluster/apps/downloaders/flood/helm-release.yaml +++ b/kubernetes/cluster-0/apps/downloaders/flood/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/downloaders/flood/kustomization.yaml b/kubernetes/cluster-0/apps/downloaders/flood/kustomization.yaml similarity index 100% rename from cluster/apps/downloaders/flood/kustomization.yaml rename to kubernetes/cluster-0/apps/downloaders/flood/kustomization.yaml diff --git a/cluster/apps/downloaders/flood/secret.sops.yaml b/kubernetes/cluster-0/apps/downloaders/flood/secret.sops.yaml similarity index 100% rename from cluster/apps/downloaders/flood/secret.sops.yaml rename to kubernetes/cluster-0/apps/downloaders/flood/secret.sops.yaml diff --git a/cluster/apps/downloaders/flood/volume.yaml b/kubernetes/cluster-0/apps/downloaders/flood/volume.yaml similarity index 100% rename from cluster/apps/downloaders/flood/volume.yaml rename to kubernetes/cluster-0/apps/downloaders/flood/volume.yaml diff --git a/cluster/apps/downloaders/kustomization.yaml b/kubernetes/cluster-0/apps/downloaders/kustomization.yaml similarity index 100% rename from cluster/apps/downloaders/kustomization.yaml rename to kubernetes/cluster-0/apps/downloaders/kustomization.yaml diff --git a/cluster/apps/downloaders/pyload/helm-release.yaml b/kubernetes/cluster-0/apps/downloaders/pyload/helm-release.yaml similarity index 93% rename from cluster/apps/downloaders/pyload/helm-release.yaml rename to kubernetes/cluster-0/apps/downloaders/pyload/helm-release.yaml index 2f9e67b7b..62e20923e 100644 --- a/cluster/apps/downloaders/pyload/helm-release.yaml +++ b/kubernetes/cluster-0/apps/downloaders/pyload/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -24,7 +24,7 @@ spec: values: image: repository: ghcr.io/auricom/pyload-ng - tag: v0.5.0-b3.dev26@sha256:1d00ce0e0b66db1a0d5954be3b8ed9049be1c799483be032d055bec81b91a0da + tag: 0.5.0-b3.dev29@sha256:329021cd2c0534807d3e8be9af78dc43bbdbc8d50a66da2d58c2da70269c9534 env: TZ: "${TIMEZONE}" service: diff --git a/cluster/apps/downloaders/pyload/kustomization.yaml b/kubernetes/cluster-0/apps/downloaders/pyload/kustomization.yaml similarity index 100% rename from cluster/apps/downloaders/pyload/kustomization.yaml rename to kubernetes/cluster-0/apps/downloaders/pyload/kustomization.yaml diff --git a/cluster/apps/downloaders/pyload/volume.yaml b/kubernetes/cluster-0/apps/downloaders/pyload/volume.yaml similarity index 100% rename from cluster/apps/downloaders/pyload/volume.yaml rename to kubernetes/cluster-0/apps/downloaders/pyload/volume.yaml diff --git a/cluster/apps/downloaders/qbittorrent/helm-release.yaml b/kubernetes/cluster-0/apps/downloaders/qbittorrent/helm-release.yaml similarity index 96% rename from cluster/apps/downloaders/qbittorrent/helm-release.yaml rename to kubernetes/cluster-0/apps/downloaders/qbittorrent/helm-release.yaml index 60a53ef1c..62beec88f 100644 --- a/cluster/apps/downloaders/qbittorrent/helm-release.yaml +++ b/kubernetes/cluster-0/apps/downloaders/qbittorrent/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -34,10 +34,10 @@ spec: ports: http: port: *port - bittorrent: + bittorent: enabled: true type: LoadBalancer - externalIPs: ["${CLUSTER_LB_QBITTORRENT}"] + loadBalancerIP: "${CLUSTER_LB_QBITTORRENT}" ports: bittorrent: enabled: true diff --git a/cluster/apps/downloaders/qbittorrent/kustomization.yaml b/kubernetes/cluster-0/apps/downloaders/qbittorrent/kustomization.yaml similarity index 100% rename from cluster/apps/downloaders/qbittorrent/kustomization.yaml rename to kubernetes/cluster-0/apps/downloaders/qbittorrent/kustomization.yaml diff --git a/cluster/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helm-release.yaml b/kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helm-release.yaml similarity index 93% rename from cluster/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helm-release.yaml rename to kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helm-release.yaml index b857bb63a..b7ab75e44 100644 --- a/cluster/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helm-release.yaml +++ b/kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true @@ -42,7 +42,7 @@ spec: serviceAccountName: jobs containers: - name: *app - image: ghcr.io/auricom/kubectl:v1.25.0@sha256:9386292eedb8bf26c34b44d1c8195813456ab3572f166814b8bda77ab917c7a8 + image: ghcr.io/auricom/kubectl:1.25.4@sha256:eef66c93cd48cacb338a8994632e0b75aafeac2fbdcc5c64314a9bf422d0380c imagePullPolicy: IfNotPresent command: - "/bin/bash" diff --git a/cluster/apps/downloaders/qbittorrent/upgrade-p2pblocklist/kustomization.yaml b/kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/kustomization.yaml similarity index 100% rename from cluster/apps/downloaders/qbittorrent/upgrade-p2pblocklist/kustomization.yaml rename to kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/kustomization.yaml diff --git a/cluster/apps/downloaders/qbittorrent/volume.yaml b/kubernetes/cluster-0/apps/downloaders/qbittorrent/volume.yaml similarity index 100% rename from cluster/apps/downloaders/qbittorrent/volume.yaml rename to kubernetes/cluster-0/apps/downloaders/qbittorrent/volume.yaml diff --git a/cluster/apps/downloaders/sabnzbd/helm-release.yaml b/kubernetes/cluster-0/apps/downloaders/sabnzbd/helm-release.yaml similarity index 98% rename from cluster/apps/downloaders/sabnzbd/helm-release.yaml rename to kubernetes/cluster-0/apps/downloaders/sabnzbd/helm-release.yaml index c4d7c6b15..02d20f1f9 100644 --- a/cluster/apps/downloaders/sabnzbd/helm-release.yaml +++ b/kubernetes/cluster-0/apps/downloaders/sabnzbd/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/downloaders/sabnzbd/kustomization.yaml b/kubernetes/cluster-0/apps/downloaders/sabnzbd/kustomization.yaml similarity index 100% rename from cluster/apps/downloaders/sabnzbd/kustomization.yaml rename to kubernetes/cluster-0/apps/downloaders/sabnzbd/kustomization.yaml diff --git a/cluster/apps/downloaders/sabnzbd/secret.sops.yaml b/kubernetes/cluster-0/apps/downloaders/sabnzbd/secret.sops.yaml similarity index 100% rename from cluster/apps/downloaders/sabnzbd/secret.sops.yaml rename to kubernetes/cluster-0/apps/downloaders/sabnzbd/secret.sops.yaml diff --git a/cluster/apps/downloaders/sabnzbd/volume.yaml b/kubernetes/cluster-0/apps/downloaders/sabnzbd/volume.yaml similarity index 100% rename from cluster/apps/downloaders/sabnzbd/volume.yaml rename to kubernetes/cluster-0/apps/downloaders/sabnzbd/volume.yaml diff --git a/cluster/apps/home-automation/emqx/helm-release.yaml b/kubernetes/cluster-0/apps/home-automation/emqx/helm-release.yaml similarity index 96% rename from cluster/apps/home-automation/emqx/helm-release.yaml rename to kubernetes/cluster-0/apps/home-automation/emqx/helm-release.yaml index a88ba3a87..3c36f75a2 100644 --- a/cluster/apps/home-automation/emqx/helm-release.yaml +++ b/kubernetes/cluster-0/apps/home-automation/emqx/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 5.0.3 sourceRef: kind: HelmRepository - name: emqx-charts + name: emqx namespace: flux-system install: createNamespace: true @@ -33,8 +33,7 @@ spec: EMQX_AUTH__USER__1__PASSWORD: ${SECRET_MQTT_PASSWORD} service: type: LoadBalancer - externalIPs: - - ${CLUSTER_LB_EMQX} + loadBalancerIP: ${CLUSTER_LB_EMQX} externalTrafficPolicy: Local ingress: dashboard: diff --git a/cluster/apps/home-automation/emqx/kustomization.yaml b/kubernetes/cluster-0/apps/home-automation/emqx/kustomization.yaml similarity index 100% rename from cluster/apps/home-automation/emqx/kustomization.yaml rename to kubernetes/cluster-0/apps/home-automation/emqx/kustomization.yaml diff --git a/cluster/apps/home-automation/emqx/secret.sops.yaml b/kubernetes/cluster-0/apps/home-automation/emqx/secret.sops.yaml similarity index 100% rename from cluster/apps/home-automation/emqx/secret.sops.yaml rename to kubernetes/cluster-0/apps/home-automation/emqx/secret.sops.yaml diff --git a/cluster/apps/home-automation/frigate/config.yaml b/kubernetes/cluster-0/apps/home-automation/frigate/config.yaml similarity index 100% rename from cluster/apps/home-automation/frigate/config.yaml rename to kubernetes/cluster-0/apps/home-automation/frigate/config.yaml diff --git a/cluster/apps/home-automation/frigate/helm-release.yaml b/kubernetes/cluster-0/apps/home-automation/frigate/helm-release.yaml similarity index 99% rename from cluster/apps/home-automation/frigate/helm-release.yaml rename to kubernetes/cluster-0/apps/home-automation/frigate/helm-release.yaml index 2b0d47ba4..4abb550b8 100644 --- a/cluster/apps/home-automation/frigate/helm-release.yaml +++ b/kubernetes/cluster-0/apps/home-automation/frigate/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/home-automation/frigate/kustomization.yaml b/kubernetes/cluster-0/apps/home-automation/frigate/kustomization.yaml similarity index 100% rename from cluster/apps/home-automation/frigate/kustomization.yaml rename to kubernetes/cluster-0/apps/home-automation/frigate/kustomization.yaml diff --git a/cluster/apps/home-automation/frigate/volume.yaml b/kubernetes/cluster-0/apps/home-automation/frigate/volume.yaml similarity index 100% rename from cluster/apps/home-automation/frigate/volume.yaml rename to kubernetes/cluster-0/apps/home-automation/frigate/volume.yaml diff --git a/cluster/apps/home-automation/home-assistant-code/helm-release.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant-code/helm-release.yaml similarity index 98% rename from cluster/apps/home-automation/home-assistant-code/helm-release.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant-code/helm-release.yaml index bd19c8284..28aa2a8f9 100644 --- a/cluster/apps/home-automation/home-assistant-code/helm-release.yaml +++ b/kubernetes/cluster-0/apps/home-automation/home-assistant-code/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/home-automation/home-assistant-code/kustomization.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant-code/kustomization.yaml similarity index 100% rename from cluster/apps/home-automation/home-assistant-code/kustomization.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant-code/kustomization.yaml diff --git a/cluster/apps/home-automation/home-assistant/helm-release.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant/helm-release.yaml similarity index 97% rename from cluster/apps/home-automation/home-assistant/helm-release.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant/helm-release.yaml index 11f06f0a5..8b166523f 100644 --- a/cluster/apps/home-automation/home-assistant/helm-release.yaml +++ b/kubernetes/cluster-0/apps/home-automation/home-assistant/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -40,8 +40,7 @@ spec: service: main: type: LoadBalancer - externalIPs: - - ${CLUSTER_LB_HASS} + loadBalancerIP: ${CLUSTER_LB_HASS} externalTrafficPolicy: Local ports: http: diff --git a/cluster/apps/home-automation/home-assistant/kustomization.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant/kustomization.yaml similarity index 100% rename from cluster/apps/home-automation/home-assistant/kustomization.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant/kustomization.yaml diff --git a/cluster/apps/home-automation/home-assistant/patches/postgres.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant/patches/postgres.yaml similarity index 100% rename from cluster/apps/home-automation/home-assistant/patches/postgres.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant/patches/postgres.yaml diff --git a/cluster/apps/home-automation/home-assistant/podmonitor.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant/podmonitor.yaml similarity index 100% rename from cluster/apps/home-automation/home-assistant/podmonitor.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant/podmonitor.yaml diff --git a/cluster/apps/home-automation/home-assistant/secret.sops.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant/secret.sops.yaml similarity index 100% rename from cluster/apps/home-automation/home-assistant/secret.sops.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant/secret.sops.yaml diff --git a/cluster/apps/home-automation/home-assistant/token.sops.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant/token.sops.yaml similarity index 100% rename from cluster/apps/home-automation/home-assistant/token.sops.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant/token.sops.yaml diff --git a/cluster/apps/home-automation/home-assistant/volume.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant/volume.yaml similarity index 100% rename from cluster/apps/home-automation/home-assistant/volume.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant/volume.yaml diff --git a/cluster/apps/home-automation/kustomization.yaml b/kubernetes/cluster-0/apps/home-automation/kustomization.yaml similarity index 100% rename from cluster/apps/home-automation/kustomization.yaml rename to kubernetes/cluster-0/apps/home-automation/kustomization.yaml diff --git a/cluster/apps/home-automation/zigbee2mqtt/helm-release.yaml b/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/helm-release.yaml similarity index 98% rename from cluster/apps/home-automation/zigbee2mqtt/helm-release.yaml rename to kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/helm-release.yaml index eceb035d6..c08c9cec2 100644 --- a/cluster/apps/home-automation/zigbee2mqtt/helm-release.yaml +++ b/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/home-automation/zigbee2mqtt/kustomization.yaml b/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/kustomization.yaml similarity index 100% rename from cluster/apps/home-automation/zigbee2mqtt/kustomization.yaml rename to kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/kustomization.yaml diff --git a/cluster/apps/home-automation/zigbee2mqtt/patches/env.yaml b/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/patches/env.yaml similarity index 80% rename from cluster/apps/home-automation/zigbee2mqtt/patches/env.yaml rename to kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/patches/env.yaml index a18d6aabe..f1d7cffe4 100644 --- a/cluster/apps/home-automation/zigbee2mqtt/patches/env.yaml +++ b/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/patches/env.yaml @@ -16,18 +16,21 @@ spec: ZIGBEE2MQTT_CONFIG_ADVANCED_LAST_SEEN: ISO_8601 ZIGBEE2MQTT_CONFIG_ADVANCED_LEGACY_API: "false" ZIGBEE2MQTT_CONFIG_ADVANCED_LEGACY_AVAILABILITY_PAYLOAD: "false" - # ZIGBEE2MQTT_CONFIG_ADVANCED_LOG_LEVEL: info + ZIGBEE2MQTT_CONFIG_ADVANCED_LOG_LEVEL: warn + ZIGBEE2MQTT_CONFIG_ADVANCED_LOG_OUTPUT: '["console"]' + ZIGBEE2MQTT_CONFIG_ADVANCED_NETWORK_KEY: "[204, 61, 75, 23, 44, 230, 24, 203, 53, 5, 248, 32, 50, 84, 44, 159]" ZIGBEE2MQTT_CONFIG_AVAILABILITY_ACTIVE_TIMEOUT: 60 ZIGBEE2MQTT_CONFIG_AVAILABILITY_PASSIVE_TIMEOUT: 2000 ZIGBEE2MQTT_CONFIG_DEVICE_OPTIONS_LEGACY: "false" ZIGBEE2MQTT_CONFIG_DEVICE_OPTIONS_RETAIN: "true" ZIGBEE2MQTT_CONFIG_EXPERIMENTAL_NEW_API: "true" + ZIGBEE2MQTT_CONFIG_FRONTEND_PORT: 8080 ZIGBEE2MQTT_CONFIG_FRONTEND_URL: "https://zigbee.${SECRET_CLUSTER_DOMAIN}" ZIGBEE2MQTT_CONFIG_HOMEASSISTANT: "true" ZIGBEE2MQTT_CONFIG_MQTT_INCLUDE_DEVICE_INFORMATION: "true" ZIGBEE2MQTT_CONFIG_MQTT_KEEPALIVE: 60 ZIGBEE2MQTT_CONFIG_MQTT_REJECT_UNAUTHORIZED: "true" - ZIGBEE2MQTT_CONFIG_MQTT_SERVER: mqtt://emqx.default.svc.cluster.local. + ZIGBEE2MQTT_CONFIG_MQTT_SERVER: "mqtt://emqx.default.svc.cluster.local." ZIGBEE2MQTT_CONFIG_MQTT_VERSION: 5 ZIGBEE2MQTT_CONFIG_MQTT_USER: valueFrom: @@ -39,7 +42,8 @@ spec: secretKeyRef: name: emqx-config key: user_1_password + ZIGBEE2MQTT_CONFIG_PERMIT_JOIN: "false" ZIGBEE2MQTT_CONFIG_SERIAL_PORT: /dev/serial/by-id/usb-1a86_USB_Serial-if00-port0 - ZIGBEE2MQTT_CONFIG_ADVANCED_LOG_OUTPUT: '["console"]' - ZIGBEE2MQTT_CONFIG_DEVICES: devices.yaml - ZIGBEE2MQTT_CONFIG_GROUPS: groups.yaml + + # ZIGBEE2MQTT_CONFIG_DEVICES: devices.yaml + # ZIGBEE2MQTT_CONFIG_GROUPS: groups.yaml diff --git a/cluster/apps/home-automation/zigbee2mqtt/patches/exporter.yaml b/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/patches/exporter.yaml similarity index 100% rename from cluster/apps/home-automation/zigbee2mqtt/patches/exporter.yaml rename to kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/patches/exporter.yaml diff --git a/cluster/apps/home-automation/zigbee2mqtt/prometheus-rule.yaml b/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/prometheus-rule.yaml similarity index 100% rename from cluster/apps/home-automation/zigbee2mqtt/prometheus-rule.yaml rename to kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/prometheus-rule.yaml diff --git a/cluster/apps/home-automation/zigbee2mqtt/volume.yaml b/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/volume.yaml similarity index 100% rename from cluster/apps/home-automation/zigbee2mqtt/volume.yaml rename to kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/volume.yaml diff --git a/cluster/apps/home-automation/zwavejs2mqtt/helm-release.yaml b/kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/helm-release.yaml similarity index 98% rename from cluster/apps/home-automation/zwavejs2mqtt/helm-release.yaml rename to kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/helm-release.yaml index d24d4b928..379ece1ec 100644 --- a/cluster/apps/home-automation/zwavejs2mqtt/helm-release.yaml +++ b/kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/home-automation/zwavejs2mqtt/kustomization.yaml b/kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/kustomization.yaml similarity index 100% rename from cluster/apps/home-automation/zwavejs2mqtt/kustomization.yaml rename to kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/kustomization.yaml diff --git a/cluster/apps/home-automation/zwavejs2mqtt/volume.yaml b/kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/volume.yaml similarity index 100% rename from cluster/apps/home-automation/zwavejs2mqtt/volume.yaml rename to kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/volume.yaml diff --git a/cluster/apps/kube-tools/coredns-nodecache/configmap.yaml b/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/configmap.yaml similarity index 100% rename from cluster/apps/kube-tools/coredns-nodecache/configmap.yaml rename to kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/configmap.yaml diff --git a/cluster/apps/kube-tools/coredns-nodecache/daemonset.yaml b/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/daemonset.yaml similarity index 100% rename from cluster/apps/kube-tools/coredns-nodecache/daemonset.yaml rename to kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/daemonset.yaml diff --git a/cluster/apps/kube-tools/coredns-nodecache/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/coredns-nodecache/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/kustomization.yaml diff --git a/cluster/apps/kube-tools/coredns-nodecache/service-account.yaml b/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/service-account.yaml similarity index 100% rename from cluster/apps/kube-tools/coredns-nodecache/service-account.yaml rename to kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/service-account.yaml diff --git a/cluster/apps/kube-tools/descheduler/helm-release.yaml b/kubernetes/cluster-0/apps/kube-tools/descheduler/helm-release.yaml similarity index 98% rename from cluster/apps/kube-tools/descheduler/helm-release.yaml rename to kubernetes/cluster-0/apps/kube-tools/descheduler/helm-release.yaml index 60b705ca3..c3517f489 100644 --- a/cluster/apps/kube-tools/descheduler/helm-release.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/descheduler/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 0.25.2 sourceRef: kind: HelmRepository - name: descheduler-charts + name: descheduler namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/kube-tools/descheduler/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/descheduler/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/descheduler/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/descheduler/kustomization.yaml diff --git a/cluster/apps/kube-tools/intel-gpu-exporter/helm-release.yaml b/kubernetes/cluster-0/apps/kube-tools/intel-gpu-exporter/helm-release.yaml similarity index 98% rename from cluster/apps/kube-tools/intel-gpu-exporter/helm-release.yaml rename to kubernetes/cluster-0/apps/kube-tools/intel-gpu-exporter/helm-release.yaml index 1a7cbb441..761af36ca 100644 --- a/cluster/apps/kube-tools/intel-gpu-exporter/helm-release.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/intel-gpu-exporter/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/kube-tools/intel-gpu-exporter/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/intel-gpu-exporter/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/intel-gpu-exporter/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/intel-gpu-exporter/kustomization.yaml diff --git a/cluster/apps/kube-tools/intel-gpu-plugin/helm-release.yaml b/kubernetes/cluster-0/apps/kube-tools/intel-gpu-plugin/helm-release.yaml similarity index 98% rename from cluster/apps/kube-tools/intel-gpu-plugin/helm-release.yaml rename to kubernetes/cluster-0/apps/kube-tools/intel-gpu-plugin/helm-release.yaml index 88928a41c..47097b685 100644 --- a/cluster/apps/kube-tools/intel-gpu-plugin/helm-release.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/intel-gpu-plugin/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/kube-tools/intel-gpu-plugin/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/intel-gpu-plugin/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/intel-gpu-plugin/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/intel-gpu-plugin/kustomization.yaml diff --git a/cluster/apps/kube-tools/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/kustomization.yaml similarity index 92% rename from cluster/apps/kube-tools/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/kustomization.yaml index 76b0a87bb..f83ee248f 100644 --- a/cluster/apps/kube-tools/kustomization.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/kustomization.yaml @@ -11,4 +11,3 @@ resources: - node-feature-discovery - rbac - reloader - - system-upgrade diff --git a/cluster/apps/kube-tools/kyverno/helm-release.yaml b/kubernetes/cluster-0/apps/kube-tools/kyverno/helm-release.yaml similarity index 81% rename from cluster/apps/kube-tools/kyverno/helm-release.yaml rename to kubernetes/cluster-0/apps/kube-tools/kyverno/helm-release.yaml index 59410d926..5eddb9584 100644 --- a/cluster/apps/kube-tools/kyverno/helm-release.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/kyverno/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 2.6.1 sourceRef: kind: HelmRepository - name: kyverno-charts + name: kyverno namespace: flux-system install: createNamespace: true @@ -22,10 +22,16 @@ spec: remediation: retries: 5 values: - installCRDs: true + installCRDs: false replicaCount: 3 serviceMonitor: enabled: true + resources: + requests: + cpu: 247m + memory: 443M + limits: + memory: 1336M topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname diff --git a/cluster/apps/kube-tools/kyverno/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/kyverno/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/kyverno/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/kyverno/kustomization.yaml diff --git a/cluster/apps/kube-tools/kyverno/policies/helm-release.yaml b/kubernetes/cluster-0/apps/kube-tools/kyverno/policies/helm-release.yaml similarity index 99% rename from cluster/apps/kube-tools/kyverno/policies/helm-release.yaml rename to kubernetes/cluster-0/apps/kube-tools/kyverno/policies/helm-release.yaml index 65c3ee065..3f13d9b96 100644 --- a/cluster/apps/kube-tools/kyverno/policies/helm-release.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/kyverno/policies/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true @@ -256,7 +256,7 @@ spec: name: "{{ request.object.metadata.name }}" uid: "{{ request.object.metadata.uid }}" spec: - schedule: "0 22 * * *" + schedule: "0 7 * * *" suspend: false concurrencyPolicy: Forbid successfulJobsHistoryLimit: 1 diff --git a/cluster/apps/kube-tools/kyverno/policies/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/kyverno/policies/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/kyverno/policies/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/kyverno/policies/kustomization.yaml diff --git a/cluster/apps/kube-tools/metrics-server/helm-release.yaml b/kubernetes/cluster-0/apps/kube-tools/metrics-server/helm-release.yaml similarity index 94% rename from cluster/apps/kube-tools/metrics-server/helm-release.yaml rename to kubernetes/cluster-0/apps/kube-tools/metrics-server/helm-release.yaml index 41ba81cd1..381e080de 100644 --- a/cluster/apps/kube-tools/metrics-server/helm-release.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/metrics-server/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 3.8.2 sourceRef: kind: HelmRepository - name: metrics-server-charts + name: metrics-server namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/kube-tools/metrics-server/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/metrics-server/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/metrics-server/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/metrics-server/kustomization.yaml diff --git a/cluster/apps/kube-tools/node-feature-discovery/helm-release.yaml b/kubernetes/cluster-0/apps/kube-tools/node-feature-discovery/helm-release.yaml similarity index 97% rename from cluster/apps/kube-tools/node-feature-discovery/helm-release.yaml rename to kubernetes/cluster-0/apps/kube-tools/node-feature-discovery/helm-release.yaml index 49f2a5420..635c38e7e 100644 --- a/cluster/apps/kube-tools/node-feature-discovery/helm-release.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/node-feature-discovery/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 0.11.3 sourceRef: kind: HelmRepository - name: node-feature-discovery-charts + name: node-feature-discovery namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/kube-tools/node-feature-discovery/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/node-feature-discovery/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/node-feature-discovery/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/node-feature-discovery/kustomization.yaml diff --git a/cluster/apps/kube-tools/rbac/jobs.yaml b/kubernetes/cluster-0/apps/kube-tools/rbac/jobs.yaml similarity index 100% rename from cluster/apps/kube-tools/rbac/jobs.yaml rename to kubernetes/cluster-0/apps/kube-tools/rbac/jobs.yaml diff --git a/cluster/apps/kube-tools/rbac/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/rbac/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/rbac/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/rbac/kustomization.yaml diff --git a/cluster/apps/kube-tools/reloader/helm-release.yaml b/kubernetes/cluster-0/apps/kube-tools/reloader/helm-release.yaml similarity index 94% rename from cluster/apps/kube-tools/reloader/helm-release.yaml rename to kubernetes/cluster-0/apps/kube-tools/reloader/helm-release.yaml index 497f9d0cb..bb6b1998d 100644 --- a/cluster/apps/kube-tools/reloader/helm-release.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/reloader/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.0.124 sourceRef: kind: HelmRepository - name: stakater-charts + name: stakater namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/kube-tools/reloader/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/reloader/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/reloader/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/reloader/kustomization.yaml diff --git a/cluster/apps/kustomization.yaml b/kubernetes/cluster-0/apps/kustomization.yaml similarity index 93% rename from cluster/apps/kustomization.yaml rename to kubernetes/cluster-0/apps/kustomization.yaml index c5b7ccc0b..8dac35104 100644 --- a/cluster/apps/kustomization.yaml +++ b/kubernetes/cluster-0/apps/kustomization.yaml @@ -3,14 +3,14 @@ kind: Kustomization resources: - namespaces.yaml - authentication - #- crypto + # - crypto - databases - development - documentation - downloaders - home-automation - kube-tools - #- logs + - logs - media-automation - media-servers - monitoring diff --git a/cluster/apps/logs/kustomization.yaml b/kubernetes/cluster-0/apps/logs/kustomization.yaml similarity index 100% rename from cluster/apps/logs/kustomization.yaml rename to kubernetes/cluster-0/apps/logs/kustomization.yaml diff --git a/cluster/apps/logs/loki/config-map.yaml b/kubernetes/cluster-0/apps/logs/loki/config-map.yaml similarity index 100% rename from cluster/apps/logs/loki/config-map.yaml rename to kubernetes/cluster-0/apps/logs/loki/config-map.yaml diff --git a/cluster/apps/logs/loki/helm-release.yaml b/kubernetes/cluster-0/apps/logs/loki/helm-release.yaml similarity index 68% rename from cluster/apps/logs/loki/helm-release.yaml rename to kubernetes/cluster-0/apps/logs/loki/helm-release.yaml index ab547a95c..1d2dbd09b 100644 --- a/cluster/apps/logs/loki/helm-release.yaml +++ b/kubernetes/cluster-0/apps/logs/loki/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 3.3.4 sourceRef: kind: HelmRepository - name: grafana-charts + name: grafana namespace: flux-system install: createNamespace: true @@ -93,7 +93,16 @@ spec: reporting_enabled: false gateway: enabled: true - replicas: 2 + replicas: 3 + affinity: | + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchLabels: + {{- include "loki.gatewaySelectorLabels" . | nindent 12 }} + topologyKey: kubernetes.io/hostname ingress: enabled: true ingressClassName: "nginx" @@ -106,12 +115,30 @@ spec: - hosts: - *host write: - replicas: 2 + replicas: 3 + affinity: | + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchLabels: + {{- include "loki.writeSelectorLabels" . | nindent 12 }} + topologyKey: kubernetes.io/hostname persistence: size: 10Gi storageClass: rook-ceph-block read: - replicas: 2 + replicas: 3 + affinity: | + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchLabels: + {{- include "loki.readSelectorLabels" . | nindent 12 }} + topologyKey: kubernetes.io/hostname extraVolumeMounts: - name: loki-rules mountPath: /rules/fake @@ -121,8 +148,7 @@ spec: mountPath: /tmp/loki-tmp extraVolumes: - name: loki-rules - configMap: - name: loki-alerting-rules + emptyDir: {} - name: loki-rules-tmp emptyDir: {} - name: loki-tmp @@ -131,24 +157,32 @@ spec: size: 10Gi storageClass: rook-ceph-block monitoring: + serviceMonitor: + enabled: false + metricsInstance: + enabled: false selfMonitoring: enabled: false grafanaAgent: installOperator: false + lokiCanary: + enabled: false + test: + enabled: false valuesFrom: - - targetPath: loki.structuredConfig.common.storage.s3.bucketnames - kind: ConfigMap + - kind: ConfigMap name: loki-chunks-bucket valuesKey: BUCKET_NAME - - targetPath: loki.structuredConfig.common.storage.s3.endpoint - kind: ConfigMap + targetPath: loki.structuredConfig.common.storage.s3.bucketnames + - kind: ConfigMap name: loki-chunks-bucket valuesKey: BUCKET_HOST - - targetPath: loki.structuredConfig.common.storage.s3.access_key_id - kind: Secret + targetPath: loki.structuredConfig.common.storage.s3.endpoint + - kind: Secret name: loki-chunks-bucket valuesKey: AWS_ACCESS_KEY_ID - - targetPath: loki.structuredConfig.common.storage.s3.secret_access_key - kind: Secret + targetPath: loki.structuredConfig.common.storage.s3.access_key_id + - kind: Secret name: loki-chunks-bucket valuesKey: AWS_SECRET_ACCESS_KEY + targetPath: loki.structuredConfig.common.storage.s3.secret_access_key diff --git a/cluster/apps/logs/loki/kustomization.yaml b/kubernetes/cluster-0/apps/logs/loki/kustomization.yaml similarity index 100% rename from cluster/apps/logs/loki/kustomization.yaml rename to kubernetes/cluster-0/apps/logs/loki/kustomization.yaml diff --git a/cluster/apps/logs/loki/object-bucket-claim.yaml b/kubernetes/cluster-0/apps/logs/loki/object-bucket-claim.yaml similarity index 100% rename from cluster/apps/logs/loki/object-bucket-claim.yaml rename to kubernetes/cluster-0/apps/logs/loki/object-bucket-claim.yaml diff --git a/kubernetes/cluster-0/apps/logs/vector/agent/helm-release.yaml b/kubernetes/cluster-0/apps/logs/vector/agent/helm-release.yaml new file mode 100644 index 000000000..6a5d29c6b --- /dev/null +++ b/kubernetes/cluster-0/apps/logs/vector/agent/helm-release.yaml @@ -0,0 +1,84 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: vector-agent + namespace: monitoring +spec: + interval: 30m + chart: + spec: + chart: vector + version: 0.17.0 + sourceRef: + kind: HelmRepository + name: vector + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 5 + upgrade: + remediation: + retries: 5 + dependsOn: + - name: loki + namespace: monitoring + - name: vector-aggregator + namespace: monitoring + values: + image: + repository: timberio/vector + tag: 0.25.1-debian + role: "Agent" + podAnnotations: + configmap.reloader.stakater.com/reload: vector-agent + customConfig: + data_dir: /vector-data-dir + api: + enabled: false + # Sources + sources: + kubernetes_logs: + type: kubernetes_logs + talos_kernel_logs: + type: socket + mode: udp + address: 127.0.0.1:12000 + talos_service_logs: + type: socket + mode: udp + address: 127.0.0.1:12001 + # Sinks + sinks: + kubernetes_sink: + type: vector + inputs: + - kubernetes_logs + address: "vector-aggregator.monitoring:6000" + version: "2" + talos_kernel_sink: + type: vector + inputs: + - talos_kernel_logs + address: "vector-aggregator.monitoring:6050" + version: "2" + talos_service_sink: + type: vector + inputs: + - talos_service_logs + address: "vector-aggregator.monitoring:6051" + version: "2" + podMonitor: + enabled: true + resources: + requests: + cpu: 23m + memory: 249M + limits: + memory: 918M + service: + enabled: false + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule diff --git a/cluster/apps/logs/vector/agent/kustomization.yaml b/kubernetes/cluster-0/apps/logs/vector/agent/kustomization.yaml similarity index 100% rename from cluster/apps/logs/vector/agent/kustomization.yaml rename to kubernetes/cluster-0/apps/logs/vector/agent/kustomization.yaml diff --git a/cluster/apps/logs/vector/aggregator/filterlog-regex.txt b/kubernetes/cluster-0/apps/logs/vector/aggregator/filterlog-regex.txt similarity index 100% rename from cluster/apps/logs/vector/aggregator/filterlog-regex.txt rename to kubernetes/cluster-0/apps/logs/vector/aggregator/filterlog-regex.txt diff --git a/kubernetes/cluster-0/apps/logs/vector/aggregator/helm-release.yaml b/kubernetes/cluster-0/apps/logs/vector/aggregator/helm-release.yaml new file mode 100644 index 000000000..fba29cb1b --- /dev/null +++ b/kubernetes/cluster-0/apps/logs/vector/aggregator/helm-release.yaml @@ -0,0 +1,218 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: vector-aggregator + namespace: monitoring +spec: + interval: 15m + chart: + spec: + chart: vector + version: 0.17.0 + sourceRef: + kind: HelmRepository + name: vector + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 5 + upgrade: + remediation: + retries: 5 + dependsOn: + - name: loki + namespace: monitoring + values: + image: + repository: timberio/vector + tag: 0.25.1-debian + role: "Stateless-Aggregator" + podAnnotations: + configmap.reloader.stakater.com/reload: vector-aggregator + customConfig: + data_dir: /vector-data-dir + api: + enabled: false + # Sources + sources: + kubernetes_logs: + address: 0.0.0.0:6000 + type: vector + version: "2" + opnsense_logs: + address: 0.0.0.0:6001 + type: vector + version: "2" + journal_logs: + type: vector + address: 0.0.0.0:6002 + version: "2" + vector_metrics: + type: internal_metrics + talos_kernel_logs: + address: 0.0.0.0:6050 + type: socket + mode: udp + max_length: 102400 + decoding: + codec: json + host_key: __host + talos_service_logs: + address: 0.0.0.0:6051 + type: socket + mode: udp + max_length: 102400 + decoding: + codec: json + host_key: __host + # Transformations + transforms: + talos_kernel_logs_xform: + type: remap + inputs: + - talos_kernel_logs + source: |- + .__host = replace!(.__host, "192.168.9.101", "talos-node-1") + .__host = replace(.__host, "192.168.9.102", "talos-node-2") + .__host = replace(.__host, "192.168.9.103", "talos-node-3") + .__host = replace(.__host, "192.168.9.104", "talos-node-4") + talos_service_logs_xform: + type: remap + inputs: + - talos_service_logs + source: |- + .__host = replace!(.__host, "192.168.9.101", "talos-node-1") + .__host = replace(.__host, "192.168.9.102", "talos-node-2") + .__host = replace(.__host, "192.168.9.103", "talos-node-3") + .__host = replace(.__host, "192.168.9.104", "talos-node-4") + # Sinks + sinks: + loki_kubernetes: + type: loki + inputs: + - kubernetes_logs + endpoint: http://loki-gateway.monitoring:80 + encoding: + codec: json + batch: + max_bytes: 2049000 + out_of_order_action: rewrite_timestamp + remove_label_fields: true + remove_timestamp: true + labels: + k8s_app: >- + {{`{{ "kubernetes.pod_labels.app\.kubernetes\.io/name" }}`}} + k8s_container: >- + {{`{{ "kubernetes.container_name" }}`}} + k8s_filename: >- + {{`{{ "kubernetes.file" }}`}} + k8s_instance: >- + {{`{{ "kubernetes.pod_labels.app\.kubernetes\.io/instance" }}`}} + k8s_namespace: >- + {{`{{ "kubernetes.pod_namespace" }}`}} + k8s_node: >- + {{`{{ "kubernetes.pod_node_name" }}`}} + k8s_pod: >- + {{`{{ "kubernetes.pod_name" }}`}} + loki_opnsense: + type: loki + inputs: + - opnsense_logs + endpoint: http://loki-gateway.monitoring:80 + encoding: + codec: json + batch: + max_bytes: 400000 + out_of_order_action: rewrite_timestamp + labels: + hostname: >- + {{`{{ host }}`}} + syslog_identifier: >- + {{`{{ SYSLOG_IDENTIFIER }}`}} + loki_journal: + type: loki + inputs: + - journal_logs + endpoint: http://loki-gateway.monitoring:80 + encoding: + codec: json + batch: + max_bytes: 2049000 + out_of_order_action: accept + remove_label_fields: true + remove_timestamp: true + labels: + hostname: >- + {{`{{ host }}`}} + talos_kernel: + type: loki + inputs: + - talos_kernel_logs_xform + endpoint: http://loki-gateway.monitoring:80 + encoding: + codec: json + except_fields: + - __host + batch: + max_bytes: 1048576 + out_of_order_action: rewrite_timestamp + labels: + hostname: >- + {{`{{ __host }}`}} + service: >- + {{`{{ facility }}`}} + talos_service: + type: loki + inputs: + - talos_service_logs_xform + endpoint: http://loki-gateway.monitoring:80 + encoding: + codec: json + except_fields: + - __host + batch: + max_bytes: 524288 + out_of_order_action: rewrite_timestamp + labels: + hostname: >- + {{`{{ __host }}`}} + service: >- + {{`{{ "talos-service" }}`}} + namespace: "talos:service" + extraVolumeMounts: + - name: geoip + mountPath: /geoip + extraVolumes: + - name: geoip + persistentVolumeClaim: + claimName: vector-geoipupdate-config + podMonitor: + enabled: true + jobLabel: vector-aggregator + port: prometheus-sink + resources: + requests: + cpu: 35m + memory: 381M + limits: + memory: 726M + service: + enabled: true + type: LoadBalancer + annotations: + coredns.io/hostname: "vector.${SECRET_CLUSTER_DOMAIN}" + postRenderers: + - kustomize: + patchesJson6902: + - target: + kind: Service + name: vector-aggregator + patch: + - op: add + path: /spec/loadBalancerIP + value: ${CLUSTER_LB_VECTOR} + - op: replace + path: /spec/externalTrafficPolicy + value: Local diff --git a/cluster/apps/logs/vector/aggregator/kustomization.yaml b/kubernetes/cluster-0/apps/logs/vector/aggregator/kustomization.yaml similarity index 100% rename from cluster/apps/logs/vector/aggregator/kustomization.yaml rename to kubernetes/cluster-0/apps/logs/vector/aggregator/kustomization.yaml diff --git a/cluster/apps/logs/vector/geoipupdate/cron-job.yaml b/kubernetes/cluster-0/apps/logs/vector/geoipupdate/cron-job.yaml similarity index 100% rename from cluster/apps/logs/vector/geoipupdate/cron-job.yaml rename to kubernetes/cluster-0/apps/logs/vector/geoipupdate/cron-job.yaml diff --git a/cluster/apps/logs/vector/geoipupdate/kustomization.yaml b/kubernetes/cluster-0/apps/logs/vector/geoipupdate/kustomization.yaml similarity index 100% rename from cluster/apps/logs/vector/geoipupdate/kustomization.yaml rename to kubernetes/cluster-0/apps/logs/vector/geoipupdate/kustomization.yaml diff --git a/cluster/apps/logs/vector/geoipupdate/secret.sops.yaml b/kubernetes/cluster-0/apps/logs/vector/geoipupdate/secret.sops.yaml similarity index 100% rename from cluster/apps/logs/vector/geoipupdate/secret.sops.yaml rename to kubernetes/cluster-0/apps/logs/vector/geoipupdate/secret.sops.yaml diff --git a/cluster/apps/logs/vector/geoipupdate/volume.yaml b/kubernetes/cluster-0/apps/logs/vector/geoipupdate/volume.yaml similarity index 100% rename from cluster/apps/logs/vector/geoipupdate/volume.yaml rename to kubernetes/cluster-0/apps/logs/vector/geoipupdate/volume.yaml diff --git a/cluster/apps/logs/vector/kustomization.yaml b/kubernetes/cluster-0/apps/logs/vector/kustomization.yaml similarity index 100% rename from cluster/apps/logs/vector/kustomization.yaml rename to kubernetes/cluster-0/apps/logs/vector/kustomization.yaml diff --git a/cluster/apps/media-automation/bazarr/helm-release.yaml b/kubernetes/cluster-0/apps/media-automation/bazarr/helm-release.yaml similarity index 98% rename from cluster/apps/media-automation/bazarr/helm-release.yaml rename to kubernetes/cluster-0/apps/media-automation/bazarr/helm-release.yaml index 049972804..ae915a0b0 100644 --- a/cluster/apps/media-automation/bazarr/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-automation/bazarr/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-automation/bazarr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/bazarr/kustomization.yaml similarity index 100% rename from cluster/apps/media-automation/bazarr/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/bazarr/kustomization.yaml diff --git a/cluster/apps/media-automation/bazarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/bazarr/secret.sops.yaml similarity index 100% rename from cluster/apps/media-automation/bazarr/secret.sops.yaml rename to kubernetes/cluster-0/apps/media-automation/bazarr/secret.sops.yaml diff --git a/cluster/apps/media-automation/bazarr/volume.yaml b/kubernetes/cluster-0/apps/media-automation/bazarr/volume.yaml similarity index 100% rename from cluster/apps/media-automation/bazarr/volume.yaml rename to kubernetes/cluster-0/apps/media-automation/bazarr/volume.yaml diff --git a/cluster/apps/media-automation/jellyseerr/helm-release.yaml b/kubernetes/cluster-0/apps/media-automation/jellyseerr/helm-release.yaml similarity index 98% rename from cluster/apps/media-automation/jellyseerr/helm-release.yaml rename to kubernetes/cluster-0/apps/media-automation/jellyseerr/helm-release.yaml index a37c51942..6df99d03e 100644 --- a/cluster/apps/media-automation/jellyseerr/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-automation/jellyseerr/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-automation/jellyseerr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/jellyseerr/kustomization.yaml similarity index 100% rename from cluster/apps/media-automation/jellyseerr/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/jellyseerr/kustomization.yaml diff --git a/cluster/apps/media-automation/jellyseerr/volume.yaml b/kubernetes/cluster-0/apps/media-automation/jellyseerr/volume.yaml similarity index 100% rename from cluster/apps/media-automation/jellyseerr/volume.yaml rename to kubernetes/cluster-0/apps/media-automation/jellyseerr/volume.yaml diff --git a/cluster/apps/media-automation/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/kustomization.yaml similarity index 90% rename from cluster/apps/media-automation/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/kustomization.yaml index d910c3706..3666081c3 100644 --- a/cluster/apps/media-automation/kustomization.yaml +++ b/kubernetes/cluster-0/apps/media-automation/kustomization.yaml @@ -6,6 +6,7 @@ resources: - bazarr - jellyseerr - lidarr + - music-transcode - prowlarr - radarr - readarr diff --git a/cluster/apps/media-automation/lidarr/helm-release.yaml b/kubernetes/cluster-0/apps/media-automation/lidarr/helm-release.yaml similarity index 98% rename from cluster/apps/media-automation/lidarr/helm-release.yaml rename to kubernetes/cluster-0/apps/media-automation/lidarr/helm-release.yaml index 12442b4bc..297784f13 100644 --- a/cluster/apps/media-automation/lidarr/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-automation/lidarr/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-automation/lidarr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/lidarr/kustomization.yaml similarity index 100% rename from cluster/apps/media-automation/lidarr/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/lidarr/kustomization.yaml diff --git a/cluster/apps/media-automation/lidarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/lidarr/secret.sops.yaml similarity index 100% rename from cluster/apps/media-automation/lidarr/secret.sops.yaml rename to kubernetes/cluster-0/apps/media-automation/lidarr/secret.sops.yaml diff --git a/cluster/apps/media-automation/lidarr/volume.yaml b/kubernetes/cluster-0/apps/media-automation/lidarr/volume.yaml similarity index 100% rename from cluster/apps/media-automation/lidarr/volume.yaml rename to kubernetes/cluster-0/apps/media-automation/lidarr/volume.yaml diff --git a/cluster/apps/web-tools/music-transcode/cronjob.yaml b/kubernetes/cluster-0/apps/media-automation/music-transcode/cronjob.yaml similarity index 90% rename from cluster/apps/web-tools/music-transcode/cronjob.yaml rename to kubernetes/cluster-0/apps/media-automation/music-transcode/cronjob.yaml index 1255b60fe..4a2efaae1 100644 --- a/cluster/apps/web-tools/music-transcode/cronjob.yaml +++ b/kubernetes/cluster-0/apps/media-automation/music-transcode/cronjob.yaml @@ -21,7 +21,7 @@ spec: initContainers: containers: - name: transcode-incremental - image: ghcr.io/auricom/freac:v1.1.6@sha256:68274a3ed658479e862832bdff7176c9688f954916aed30f95aa52666e5a6481 + image: ghcr.io/auricom/freac:1.1.6@sha256:596e72016ca4fea9767a68377722694c5005a4eec6e1400a5d1119160481656b imagePullPolicy: IfNotPresent env: - name: TRANSCODE_INPUT_DIR @@ -56,8 +56,8 @@ spec: volumes: - name: music-transcoded nfs: - server: "${LOCAL_LAN_OPENMEDIAVAULT}" - path: /export/music_transcoded + server: "${LOCAL_LAN_TRUENAS}" + path: /mnt/music_transcoded - name: music nfs: server: "${LOCAL_LAN_TRUENAS}" diff --git a/cluster/apps/web-tools/music-transcode/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/music-transcode/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/music-transcode/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/music-transcode/kustomization.yaml diff --git a/cluster/apps/media-automation/prowlarr/helm-release.yaml b/kubernetes/cluster-0/apps/media-automation/prowlarr/helm-release.yaml similarity index 98% rename from cluster/apps/media-automation/prowlarr/helm-release.yaml rename to kubernetes/cluster-0/apps/media-automation/prowlarr/helm-release.yaml index 721222ea7..83e197832 100644 --- a/cluster/apps/media-automation/prowlarr/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-automation/prowlarr/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-automation/prowlarr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/prowlarr/kustomization.yaml similarity index 100% rename from cluster/apps/media-automation/prowlarr/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/prowlarr/kustomization.yaml diff --git a/cluster/apps/media-automation/prowlarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/prowlarr/secret.sops.yaml similarity index 100% rename from cluster/apps/media-automation/prowlarr/secret.sops.yaml rename to kubernetes/cluster-0/apps/media-automation/prowlarr/secret.sops.yaml diff --git a/cluster/apps/media-automation/prowlarr/volume.yaml b/kubernetes/cluster-0/apps/media-automation/prowlarr/volume.yaml similarity index 100% rename from cluster/apps/media-automation/prowlarr/volume.yaml rename to kubernetes/cluster-0/apps/media-automation/prowlarr/volume.yaml diff --git a/cluster/apps/media-automation/radarr/helm-release.yaml b/kubernetes/cluster-0/apps/media-automation/radarr/helm-release.yaml similarity index 99% rename from cluster/apps/media-automation/radarr/helm-release.yaml rename to kubernetes/cluster-0/apps/media-automation/radarr/helm-release.yaml index 46439623d..2a6341300 100644 --- a/cluster/apps/media-automation/radarr/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-automation/radarr/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-automation/radarr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/radarr/kustomization.yaml similarity index 100% rename from cluster/apps/media-automation/radarr/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/radarr/kustomization.yaml diff --git a/cluster/apps/media-automation/radarr/scripts/pushover-notify.sh b/kubernetes/cluster-0/apps/media-automation/radarr/scripts/pushover-notify.sh similarity index 100% rename from cluster/apps/media-automation/radarr/scripts/pushover-notify.sh rename to kubernetes/cluster-0/apps/media-automation/radarr/scripts/pushover-notify.sh diff --git a/cluster/apps/media-automation/radarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/radarr/secret.sops.yaml similarity index 100% rename from cluster/apps/media-automation/radarr/secret.sops.yaml rename to kubernetes/cluster-0/apps/media-automation/radarr/secret.sops.yaml diff --git a/cluster/apps/media-automation/radarr/volume.yaml b/kubernetes/cluster-0/apps/media-automation/radarr/volume.yaml similarity index 100% rename from cluster/apps/media-automation/radarr/volume.yaml rename to kubernetes/cluster-0/apps/media-automation/radarr/volume.yaml diff --git a/cluster/apps/media-automation/readarr/helm-release.yaml b/kubernetes/cluster-0/apps/media-automation/readarr/helm-release.yaml similarity index 98% rename from cluster/apps/media-automation/readarr/helm-release.yaml rename to kubernetes/cluster-0/apps/media-automation/readarr/helm-release.yaml index 150621a13..2b3eb33f7 100644 --- a/cluster/apps/media-automation/readarr/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-automation/readarr/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-automation/readarr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/readarr/kustomization.yaml similarity index 100% rename from cluster/apps/media-automation/readarr/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/readarr/kustomization.yaml diff --git a/cluster/apps/media-automation/readarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/readarr/secret.sops.yaml similarity index 100% rename from cluster/apps/media-automation/readarr/secret.sops.yaml rename to kubernetes/cluster-0/apps/media-automation/readarr/secret.sops.yaml diff --git a/cluster/apps/media-automation/readarr/volume.yaml b/kubernetes/cluster-0/apps/media-automation/readarr/volume.yaml similarity index 100% rename from cluster/apps/media-automation/readarr/volume.yaml rename to kubernetes/cluster-0/apps/media-automation/readarr/volume.yaml diff --git a/cluster/apps/media-automation/recyclarr/config/recyclarr.yaml b/kubernetes/cluster-0/apps/media-automation/recyclarr/config/recyclarr.yaml similarity index 97% rename from cluster/apps/media-automation/recyclarr/config/recyclarr.yaml rename to kubernetes/cluster-0/apps/media-automation/recyclarr/config/recyclarr.yaml index bd3453322..6ab5ada98 100644 --- a/cluster/apps/media-automation/recyclarr/config/recyclarr.yaml +++ b/kubernetes/cluster-0/apps/media-automation/recyclarr/config/recyclarr.yaml @@ -59,9 +59,6 @@ sonarr: - e1a997ddb54e3ecbfe06341ad323c458 # Obfuscated - 06d66ab109d4d2eddb2794d21526d140 # Retags - 47435ece6b99a0b477caf360e79ba0bb # x265 (HD) - # Anime - - d428eda85af1df8904b4bbe4fc2f537c # First release profile - - 6cd9e10bb5bb4c63d2d7cd3279924c7b # Second release profile quality_profiles: - name: Any reset_unmatched_scores: true @@ -85,7 +82,7 @@ radarr: score: 1 - name: HD score: 1 - - name: SD + - name: Remux score: 1 - trash_ids: - 496f355514737f7d83bf7aa4d24f8169 # TrueHD Atmos diff --git a/cluster/apps/media-automation/recyclarr/helm-release.yaml b/kubernetes/cluster-0/apps/media-automation/recyclarr/helm-release.yaml similarity index 98% rename from cluster/apps/media-automation/recyclarr/helm-release.yaml rename to kubernetes/cluster-0/apps/media-automation/recyclarr/helm-release.yaml index 28e9b6f58..1d2bbc4db 100644 --- a/cluster/apps/media-automation/recyclarr/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-automation/recyclarr/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true @@ -76,7 +76,7 @@ spec: mountPath: /config/recyclarr.yaml subPath: recyclarr.yaml readOnly: true - - name: radarrs + - name: radarr image: ghcr.io/onedr0p/recyclarr:2.6.1@sha256:365025bc338e6941c40f8e7cb545a6847181ff3864cadda50583b46ce9994c87 env: - name: TZ diff --git a/cluster/apps/media-automation/recyclarr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/recyclarr/kustomization.yaml similarity index 100% rename from cluster/apps/media-automation/recyclarr/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/recyclarr/kustomization.yaml diff --git a/cluster/apps/media-automation/recyclarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/recyclarr/secret.sops.yaml similarity index 100% rename from cluster/apps/media-automation/recyclarr/secret.sops.yaml rename to kubernetes/cluster-0/apps/media-automation/recyclarr/secret.sops.yaml diff --git a/cluster/apps/media-automation/sonarr/helm-release.yaml b/kubernetes/cluster-0/apps/media-automation/sonarr/helm-release.yaml similarity index 99% rename from cluster/apps/media-automation/sonarr/helm-release.yaml rename to kubernetes/cluster-0/apps/media-automation/sonarr/helm-release.yaml index d334f3e82..f7575fab7 100644 --- a/cluster/apps/media-automation/sonarr/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-automation/sonarr/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-automation/sonarr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/sonarr/kustomization.yaml similarity index 100% rename from cluster/apps/media-automation/sonarr/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/sonarr/kustomization.yaml diff --git a/cluster/apps/media-automation/sonarr/scripts/pushover-notify.sh b/kubernetes/cluster-0/apps/media-automation/sonarr/scripts/pushover-notify.sh similarity index 100% rename from cluster/apps/media-automation/sonarr/scripts/pushover-notify.sh rename to kubernetes/cluster-0/apps/media-automation/sonarr/scripts/pushover-notify.sh diff --git a/cluster/apps/media-automation/sonarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/sonarr/secret.sops.yaml similarity index 100% rename from cluster/apps/media-automation/sonarr/secret.sops.yaml rename to kubernetes/cluster-0/apps/media-automation/sonarr/secret.sops.yaml diff --git a/cluster/apps/media-automation/sonarr/volume.yaml b/kubernetes/cluster-0/apps/media-automation/sonarr/volume.yaml similarity index 100% rename from cluster/apps/media-automation/sonarr/volume.yaml rename to kubernetes/cluster-0/apps/media-automation/sonarr/volume.yaml diff --git a/cluster/apps/media-servers/calibre-web/helm-release.yaml b/kubernetes/cluster-0/apps/media-servers/calibre-web/helm-release.yaml similarity index 92% rename from cluster/apps/media-servers/calibre-web/helm-release.yaml rename to kubernetes/cluster-0/apps/media-servers/calibre-web/helm-release.yaml index 3a1ce1cf2..42553b1fc 100644 --- a/cluster/apps/media-servers/calibre-web/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-servers/calibre-web/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -24,7 +24,7 @@ spec: values: image: repository: ghcr.io/auricom/calibre-web - tag: v0.6.19@sha256:264245420306ec8dc0b842d7b83fda16ff3b0baefcaef1eec65dc6675a6570f9 + tag: 0.6.19@sha256:5485fa7bd07823253d94c603e4759ce0d2b5d109aa8f4b5c7a4b5d3f01e30c8f env: TZ: "${TIMEZONE}" service: diff --git a/cluster/apps/media-servers/calibre-web/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/calibre-web/kustomization.yaml similarity index 100% rename from cluster/apps/media-servers/calibre-web/kustomization.yaml rename to kubernetes/cluster-0/apps/media-servers/calibre-web/kustomization.yaml diff --git a/cluster/apps/media-servers/calibre-web/volume.yaml b/kubernetes/cluster-0/apps/media-servers/calibre-web/volume.yaml similarity index 100% rename from cluster/apps/media-servers/calibre-web/volume.yaml rename to kubernetes/cluster-0/apps/media-servers/calibre-web/volume.yaml diff --git a/cluster/apps/media-servers/calibre/helm-release.yaml b/kubernetes/cluster-0/apps/media-servers/calibre/helm-release.yaml similarity index 98% rename from cluster/apps/media-servers/calibre/helm-release.yaml rename to kubernetes/cluster-0/apps/media-servers/calibre/helm-release.yaml index bec9d985b..d43eed594 100644 --- a/cluster/apps/media-servers/calibre/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-servers/calibre/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-servers/calibre/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/calibre/kustomization.yaml similarity index 100% rename from cluster/apps/media-servers/calibre/kustomization.yaml rename to kubernetes/cluster-0/apps/media-servers/calibre/kustomization.yaml diff --git a/cluster/apps/media-servers/calibre/volume.yaml b/kubernetes/cluster-0/apps/media-servers/calibre/volume.yaml similarity index 100% rename from cluster/apps/media-servers/calibre/volume.yaml rename to kubernetes/cluster-0/apps/media-servers/calibre/volume.yaml diff --git a/cluster/apps/media-servers/jellyfin/helm-release.yaml b/kubernetes/cluster-0/apps/media-servers/jellyfin/helm-release.yaml similarity index 97% rename from cluster/apps/media-servers/jellyfin/helm-release.yaml rename to kubernetes/cluster-0/apps/media-servers/jellyfin/helm-release.yaml index 203a669d5..d6a3fa574 100644 --- a/cluster/apps/media-servers/jellyfin/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-servers/jellyfin/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -35,7 +35,7 @@ spec: service: main: type: LoadBalancer - externalIPs: ["${CLUSTER_LB_JELLYFIN}"] + loadBalancerIP: "${CLUSTER_LB_JELLYFIN}" externalTrafficPolicy: Local ports: http: diff --git a/cluster/apps/media-servers/jellyfin/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/jellyfin/kustomization.yaml similarity index 100% rename from cluster/apps/media-servers/jellyfin/kustomization.yaml rename to kubernetes/cluster-0/apps/media-servers/jellyfin/kustomization.yaml diff --git a/cluster/apps/media-servers/jellyfin/volume.yaml b/kubernetes/cluster-0/apps/media-servers/jellyfin/volume.yaml similarity index 100% rename from cluster/apps/media-servers/jellyfin/volume.yaml rename to kubernetes/cluster-0/apps/media-servers/jellyfin/volume.yaml diff --git a/cluster/apps/media-servers/komga/helm-release.yaml b/kubernetes/cluster-0/apps/media-servers/komga/helm-release.yaml similarity index 98% rename from cluster/apps/media-servers/komga/helm-release.yaml rename to kubernetes/cluster-0/apps/media-servers/komga/helm-release.yaml index 95364659b..de4279304 100644 --- a/cluster/apps/media-servers/komga/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-servers/komga/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-servers/komga/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/komga/kustomization.yaml similarity index 100% rename from cluster/apps/media-servers/komga/kustomization.yaml rename to kubernetes/cluster-0/apps/media-servers/komga/kustomization.yaml diff --git a/cluster/apps/media-servers/komga/volume.yaml b/kubernetes/cluster-0/apps/media-servers/komga/volume.yaml similarity index 100% rename from cluster/apps/media-servers/komga/volume.yaml rename to kubernetes/cluster-0/apps/media-servers/komga/volume.yaml diff --git a/cluster/apps/media-servers/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/kustomization.yaml similarity index 100% rename from cluster/apps/media-servers/kustomization.yaml rename to kubernetes/cluster-0/apps/media-servers/kustomization.yaml diff --git a/cluster/apps/media-servers/lychee/helm-release.yaml b/kubernetes/cluster-0/apps/media-servers/lychee/helm-release.yaml similarity index 98% rename from cluster/apps/media-servers/lychee/helm-release.yaml rename to kubernetes/cluster-0/apps/media-servers/lychee/helm-release.yaml index 0e8865094..9dbdf2a4a 100644 --- a/cluster/apps/media-servers/lychee/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-servers/lychee/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-servers/lychee/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/lychee/kustomization.yaml similarity index 100% rename from cluster/apps/media-servers/lychee/kustomization.yaml rename to kubernetes/cluster-0/apps/media-servers/lychee/kustomization.yaml diff --git a/cluster/apps/media-servers/lychee/patches/postgres.yaml b/kubernetes/cluster-0/apps/media-servers/lychee/patches/postgres.yaml similarity index 100% rename from cluster/apps/media-servers/lychee/patches/postgres.yaml rename to kubernetes/cluster-0/apps/media-servers/lychee/patches/postgres.yaml diff --git a/cluster/apps/media-servers/lychee/secret.sops.yaml b/kubernetes/cluster-0/apps/media-servers/lychee/secret.sops.yaml similarity index 100% rename from cluster/apps/media-servers/lychee/secret.sops.yaml rename to kubernetes/cluster-0/apps/media-servers/lychee/secret.sops.yaml diff --git a/cluster/apps/media-servers/lychee/volume.yaml b/kubernetes/cluster-0/apps/media-servers/lychee/volume.yaml similarity index 100% rename from cluster/apps/media-servers/lychee/volume.yaml rename to kubernetes/cluster-0/apps/media-servers/lychee/volume.yaml diff --git a/cluster/apps/media-servers/media-browser/helm-release.yaml b/kubernetes/cluster-0/apps/media-servers/media-browser/helm-release.yaml similarity index 98% rename from cluster/apps/media-servers/media-browser/helm-release.yaml rename to kubernetes/cluster-0/apps/media-servers/media-browser/helm-release.yaml index 05726d0cf..572a4418c 100644 --- a/cluster/apps/media-servers/media-browser/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-servers/media-browser/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-servers/media-browser/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/media-browser/kustomization.yaml similarity index 100% rename from cluster/apps/media-servers/media-browser/kustomization.yaml rename to kubernetes/cluster-0/apps/media-servers/media-browser/kustomization.yaml diff --git a/cluster/apps/media-servers/media-browser/volume.yaml b/kubernetes/cluster-0/apps/media-servers/media-browser/volume.yaml similarity index 100% rename from cluster/apps/media-servers/media-browser/volume.yaml rename to kubernetes/cluster-0/apps/media-servers/media-browser/volume.yaml diff --git a/cluster/apps/media-servers/navidrome/helm-release.yaml b/kubernetes/cluster-0/apps/media-servers/navidrome/helm-release.yaml similarity index 96% rename from cluster/apps/media-servers/navidrome/helm-release.yaml rename to kubernetes/cluster-0/apps/media-servers/navidrome/helm-release.yaml index f6423e677..f847e5bff 100644 --- a/cluster/apps/media-servers/navidrome/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-servers/navidrome/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -34,7 +34,7 @@ spec: ND_PORT: &port 80 ND_PROMETHEUS_ENABLED: "true" ND_REVERSEPROXYUSERHEADER: "Remote-User" - ND_REVERSEPROXYWHITELIST: "${NET_POD_CIDR}" + ND_REVERSEPROXYWHITELIST: "${CILIUM_BGP_SVC_RANGE}" ND_SCANSCHEDULE: "@every 1h" ND_SESSIONTIMEOUT: 24h service: diff --git a/cluster/apps/media-servers/navidrome/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/navidrome/kustomization.yaml similarity index 100% rename from cluster/apps/media-servers/navidrome/kustomization.yaml rename to kubernetes/cluster-0/apps/media-servers/navidrome/kustomization.yaml diff --git a/cluster/apps/media-servers/navidrome/volume.yaml b/kubernetes/cluster-0/apps/media-servers/navidrome/volume.yaml similarity index 100% rename from cluster/apps/media-servers/navidrome/volume.yaml rename to kubernetes/cluster-0/apps/media-servers/navidrome/volume.yaml diff --git a/cluster/apps/monitoring/grafana/dashboards/home-assistant.json b/kubernetes/cluster-0/apps/monitoring/grafana/dashboards/home-assistant.json similarity index 100% rename from cluster/apps/monitoring/grafana/dashboards/home-assistant.json rename to kubernetes/cluster-0/apps/monitoring/grafana/dashboards/home-assistant.json diff --git a/cluster/apps/monitoring/grafana/dashboards/homelab-temperatures.json b/kubernetes/cluster-0/apps/monitoring/grafana/dashboards/homelab-temperatures.json similarity index 100% rename from cluster/apps/monitoring/grafana/dashboards/homelab-temperatures.json rename to kubernetes/cluster-0/apps/monitoring/grafana/dashboards/homelab-temperatures.json diff --git a/cluster/apps/monitoring/grafana/dashboards/truenas.json b/kubernetes/cluster-0/apps/monitoring/grafana/dashboards/truenas.json similarity index 100% rename from cluster/apps/monitoring/grafana/dashboards/truenas.json rename to kubernetes/cluster-0/apps/monitoring/grafana/dashboards/truenas.json diff --git a/cluster/apps/monitoring/grafana/helm-release.yaml b/kubernetes/cluster-0/apps/monitoring/grafana/helm-release.yaml similarity index 99% rename from cluster/apps/monitoring/grafana/helm-release.yaml rename to kubernetes/cluster-0/apps/monitoring/grafana/helm-release.yaml index abd8fe68a..31843376e 100644 --- a/cluster/apps/monitoring/grafana/helm-release.yaml +++ b/kubernetes/cluster-0/apps/monitoring/grafana/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 6.44.2 sourceRef: kind: HelmRepository - name: grafana-charts + name: grafana namespace: flux-system interval: 15m install: diff --git a/cluster/apps/monitoring/grafana/kustomization.yaml b/kubernetes/cluster-0/apps/monitoring/grafana/kustomization.yaml similarity index 100% rename from cluster/apps/monitoring/grafana/kustomization.yaml rename to kubernetes/cluster-0/apps/monitoring/grafana/kustomization.yaml diff --git a/cluster/apps/monitoring/grafana/secrets.sops.yaml b/kubernetes/cluster-0/apps/monitoring/grafana/secrets.sops.yaml similarity index 100% rename from cluster/apps/monitoring/grafana/secrets.sops.yaml rename to kubernetes/cluster-0/apps/monitoring/grafana/secrets.sops.yaml diff --git a/cluster/apps/monitoring/healthchecks/helm-release.yaml b/kubernetes/cluster-0/apps/monitoring/healthchecks/helm-release.yaml similarity index 98% rename from cluster/apps/monitoring/healthchecks/helm-release.yaml rename to kubernetes/cluster-0/apps/monitoring/healthchecks/helm-release.yaml index 24b900fd0..ab10f48e0 100644 --- a/cluster/apps/monitoring/healthchecks/helm-release.yaml +++ b/kubernetes/cluster-0/apps/monitoring/healthchecks/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/monitoring/healthchecks/kustomization.yaml b/kubernetes/cluster-0/apps/monitoring/healthchecks/kustomization.yaml similarity index 100% rename from cluster/apps/monitoring/healthchecks/kustomization.yaml rename to kubernetes/cluster-0/apps/monitoring/healthchecks/kustomization.yaml diff --git a/cluster/apps/monitoring/healthchecks/patches/env.yaml b/kubernetes/cluster-0/apps/monitoring/healthchecks/patches/env.yaml similarity index 100% rename from cluster/apps/monitoring/healthchecks/patches/env.yaml rename to kubernetes/cluster-0/apps/monitoring/healthchecks/patches/env.yaml diff --git a/cluster/apps/monitoring/healthchecks/patches/postgres.yaml b/kubernetes/cluster-0/apps/monitoring/healthchecks/patches/postgres.yaml similarity index 100% rename from cluster/apps/monitoring/healthchecks/patches/postgres.yaml rename to kubernetes/cluster-0/apps/monitoring/healthchecks/patches/postgres.yaml diff --git a/cluster/apps/monitoring/healthchecks/secret.sops.yaml b/kubernetes/cluster-0/apps/monitoring/healthchecks/secret.sops.yaml similarity index 100% rename from cluster/apps/monitoring/healthchecks/secret.sops.yaml rename to kubernetes/cluster-0/apps/monitoring/healthchecks/secret.sops.yaml diff --git a/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml b/kubernetes/cluster-0/apps/monitoring/kube-prometheus-stack/helm-release.yaml similarity index 99% rename from cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml rename to kubernetes/cluster-0/apps/monitoring/kube-prometheus-stack/helm-release.yaml index 1f485c29c..296192078 100644 --- a/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml +++ b/kubernetes/cluster-0/apps/monitoring/kube-prometheus-stack/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 41.9.0 sourceRef: kind: HelmRepository - name: prometheus-community-charts + name: prometheus-community namespace: flux-system interval: 5m install: diff --git a/cluster/apps/monitoring/kube-prometheus-stack/kustomization.yaml b/kubernetes/cluster-0/apps/monitoring/kube-prometheus-stack/kustomization.yaml similarity index 100% rename from cluster/apps/monitoring/kube-prometheus-stack/kustomization.yaml rename to kubernetes/cluster-0/apps/monitoring/kube-prometheus-stack/kustomization.yaml diff --git a/cluster/apps/monitoring/kustomization.yaml b/kubernetes/cluster-0/apps/monitoring/kustomization.yaml similarity index 100% rename from cluster/apps/monitoring/kustomization.yaml rename to kubernetes/cluster-0/apps/monitoring/kustomization.yaml diff --git a/cluster/apps/monitoring/thanos/helm-release.yaml b/kubernetes/cluster-0/apps/monitoring/thanos/helm-release.yaml similarity index 99% rename from cluster/apps/monitoring/thanos/helm-release.yaml rename to kubernetes/cluster-0/apps/monitoring/thanos/helm-release.yaml index 89e4d329e..9d981add9 100644 --- a/cluster/apps/monitoring/thanos/helm-release.yaml +++ b/kubernetes/cluster-0/apps/monitoring/thanos/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 11.6.1 sourceRef: kind: HelmRepository - name: bitnami-charts + name: bitnami namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/monitoring/thanos/kustomization.yaml b/kubernetes/cluster-0/apps/monitoring/thanos/kustomization.yaml similarity index 100% rename from cluster/apps/monitoring/thanos/kustomization.yaml rename to kubernetes/cluster-0/apps/monitoring/thanos/kustomization.yaml diff --git a/cluster/apps/monitoring/thanos/readme.md b/kubernetes/cluster-0/apps/monitoring/thanos/readme.md similarity index 100% rename from cluster/apps/monitoring/thanos/readme.md rename to kubernetes/cluster-0/apps/monitoring/thanos/readme.md diff --git a/cluster/apps/monitoring/thanos/secret.sops.yaml b/kubernetes/cluster-0/apps/monitoring/thanos/secret.sops.yaml similarity index 100% rename from cluster/apps/monitoring/thanos/secret.sops.yaml rename to kubernetes/cluster-0/apps/monitoring/thanos/secret.sops.yaml diff --git a/cluster/apps/monitoring/uptime-kuma/helm-release.yaml b/kubernetes/cluster-0/apps/monitoring/uptime-kuma/helm-release.yaml similarity index 97% rename from cluster/apps/monitoring/uptime-kuma/helm-release.yaml rename to kubernetes/cluster-0/apps/monitoring/uptime-kuma/helm-release.yaml index ad9732190..53c41a51e 100644 --- a/cluster/apps/monitoring/uptime-kuma/helm-release.yaml +++ b/kubernetes/cluster-0/apps/monitoring/uptime-kuma/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/monitoring/uptime-kuma/kustomization.yaml b/kubernetes/cluster-0/apps/monitoring/uptime-kuma/kustomization.yaml similarity index 100% rename from cluster/apps/monitoring/uptime-kuma/kustomization.yaml rename to kubernetes/cluster-0/apps/monitoring/uptime-kuma/kustomization.yaml diff --git a/cluster/apps/monitoring/uptime-kuma/volume.yaml b/kubernetes/cluster-0/apps/monitoring/uptime-kuma/volume.yaml similarity index 100% rename from cluster/apps/monitoring/uptime-kuma/volume.yaml rename to kubernetes/cluster-0/apps/monitoring/uptime-kuma/volume.yaml diff --git a/cluster/apps/namespaces.yaml b/kubernetes/cluster-0/apps/namespaces.yaml similarity index 61% rename from cluster/apps/namespaces.yaml rename to kubernetes/cluster-0/apps/namespaces.yaml index dfdefca4f..bb5aea75b 100644 --- a/cluster/apps/namespaces.yaml +++ b/kubernetes/cluster-0/apps/namespaces.yaml @@ -1,13 +1,6 @@ --- apiVersion: v1 kind: Namespace -metadata: - name: calico-system - labels: - kustomize.toolkit.fluxcd.io/prune: disabled ---- -apiVersion: v1 -kind: Namespace metadata: name: default labels: @@ -40,17 +33,3 @@ metadata: name: monitoring labels: kustomize.toolkit.fluxcd.io/prune: disabled ---- -apiVersion: v1 -kind: Namespace -metadata: - name: system-upgrade - labels: - kustomize.toolkit.fluxcd.io/prune: disabled ---- -apiVersion: v1 -kind: Namespace -metadata: - name: tigera-operator - labels: - kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/cluster/apps/networking/cert-manager/certificates/helm-release.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/certificates/helm-release.yaml similarity index 97% rename from cluster/apps/networking/cert-manager/certificates/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/certificates/helm-release.yaml index 1554bdee2..74f3cec49 100644 --- a/cluster/apps/networking/cert-manager/certificates/helm-release.yaml +++ b/kubernetes/cluster-0/apps/networking/cert-manager/certificates/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/networking/cert-manager/certificates/kustomization.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/certificates/kustomization.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/certificates/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/certificates/kustomization.yaml diff --git a/cluster/apps/networking/cert-manager/helm-release.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/helm-release.yaml similarity index 96% rename from cluster/apps/networking/cert-manager/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/helm-release.yaml index 7e5cb2c56..61d403df4 100644 --- a/cluster/apps/networking/cert-manager/helm-release.yaml +++ b/kubernetes/cluster-0/apps/networking/cert-manager/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v1.10.0 sourceRef: kind: HelmRepository - name: jetstack-charts + name: jetstack namespace: flux-system interval: 15m install: diff --git a/cluster/apps/networking/cert-manager/issuers/helm-release.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/issuers/helm-release.yaml similarity index 98% rename from cluster/apps/networking/cert-manager/issuers/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/issuers/helm-release.yaml index 76e89a7e6..5a4760139 100644 --- a/cluster/apps/networking/cert-manager/issuers/helm-release.yaml +++ b/kubernetes/cluster-0/apps/networking/cert-manager/issuers/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/networking/cert-manager/issuers/kustomization.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/issuers/kustomization.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/issuers/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/issuers/kustomization.yaml diff --git a/cluster/apps/networking/cert-manager/kustomization.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/kustomization.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/kustomization.yaml diff --git a/cluster/apps/networking/cert-manager/prometheus-rule.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/prometheus-rule.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/prometheus-rule.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/prometheus-rule.yaml diff --git a/cluster/apps/networking/cert-manager/rbac.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/rbac.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/rbac.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/rbac.yaml diff --git a/cluster/apps/networking/cert-manager/secret.sops.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/secret.sops.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/secret.sops.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/secret.sops.yaml diff --git a/cluster/apps/networking/cert-manager/webhook-ovh/helm-release.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/helm-release.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/webhook-ovh/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/helm-release.yaml diff --git a/cluster/apps/networking/cert-manager/webhook-ovh/kustomization.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/kustomization.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/webhook-ovh/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/kustomization.yaml diff --git a/cluster/apps/networking/cert-manager/webhook-ovh/rbac.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/rbac.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/webhook-ovh/rbac.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/rbac.yaml diff --git a/cluster/apps/networking/external-dns/helm-release.yaml b/kubernetes/cluster-0/apps/networking/external-dns/helm-release.yaml similarity index 97% rename from cluster/apps/networking/external-dns/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/external-dns/helm-release.yaml index c29b69fcf..27f24ce21 100644 --- a/cluster/apps/networking/external-dns/helm-release.yaml +++ b/kubernetes/cluster-0/apps/networking/external-dns/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.11.0 sourceRef: kind: HelmRepository - name: external-dns-charts + name: external-dns namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/networking/external-dns/kustomization.yaml b/kubernetes/cluster-0/apps/networking/external-dns/kustomization.yaml similarity index 100% rename from cluster/apps/networking/external-dns/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/external-dns/kustomization.yaml diff --git a/cluster/apps/networking/external-dns/secret.sops.yaml b/kubernetes/cluster-0/apps/networking/external-dns/secret.sops.yaml similarity index 100% rename from cluster/apps/networking/external-dns/secret.sops.yaml rename to kubernetes/cluster-0/apps/networking/external-dns/secret.sops.yaml diff --git a/cluster/apps/networking/ingress-nginx/helm-release.yaml b/kubernetes/cluster-0/apps/networking/ingress-nginx/helm-release.yaml similarity index 96% rename from cluster/apps/networking/ingress-nginx/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/ingress-nginx/helm-release.yaml index 3434a4b08..dec3318e1 100644 --- a/cluster/apps/networking/ingress-nginx/helm-release.yaml +++ b/kubernetes/cluster-0/apps/networking/ingress-nginx/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 4.4.0 sourceRef: kind: HelmRepository - name: ingress-nginx-charts + name: ingress-nginx namespace: flux-system install: createNamespace: true @@ -29,8 +29,7 @@ spec: replicaCount: 1 service: type: LoadBalancer - externalIPs: - - ${CLUSTER_LB_NGINX} + loadBalancerIP: "${CLUSTER_LB_NGINX}" externalTrafficPolicy: Local publishService: enabled: true diff --git a/cluster/apps/networking/ingress-nginx/kustomization.yaml b/kubernetes/cluster-0/apps/networking/ingress-nginx/kustomization.yaml similarity index 100% rename from cluster/apps/networking/ingress-nginx/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/ingress-nginx/kustomization.yaml diff --git a/cluster/apps/networking/k8s-gateway/helm-release.yaml b/kubernetes/cluster-0/apps/networking/k8s-gateway/helm-release.yaml similarity index 66% rename from cluster/apps/networking/k8s-gateway/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/k8s-gateway/helm-release.yaml index 250f2e176..c8b816540 100644 --- a/cluster/apps/networking/k8s-gateway/helm-release.yaml +++ b/kubernetes/cluster-0/apps/networking/k8s-gateway/helm-release.yaml @@ -13,7 +13,7 @@ spec: version: 2.0.0 sourceRef: kind: HelmRepository - name: k8s-gateway-charts + name: k8s-gateway namespace: flux-system install: createNamespace: true @@ -29,14 +29,4 @@ spec: service: type: LoadBalancer externalTrafficPolicy: Local - postRenderers: - - kustomize: - patchesJson6902: - - target: - kind: Service - name: k8s-gateway - patch: - - op: add - path: /spec/externalIPs - value: - - "${CLUSTER_LB_K8SGATEWAY}" + loadBalancerIP: ${CLUSTER_LB_K8SGATEWAY} diff --git a/cluster/apps/networking/k8s-gateway/kustomization.yaml b/kubernetes/cluster-0/apps/networking/k8s-gateway/kustomization.yaml similarity index 100% rename from cluster/apps/networking/k8s-gateway/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/k8s-gateway/kustomization.yaml diff --git a/cluster/apps/networking/kustomization.yaml b/kubernetes/cluster-0/apps/networking/kustomization.yaml similarity index 89% rename from cluster/apps/networking/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/kustomization.yaml index bdc186bce..c72356672 100644 --- a/cluster/apps/networking/kustomization.yaml +++ b/kubernetes/cluster-0/apps/networking/kustomization.yaml @@ -7,5 +7,4 @@ resources: - ingress-nginx - k8s-gateway - smtp-relay - - tigera-operator - unifi diff --git a/cluster/apps/networking/smtp-relay/helm-release.yaml b/kubernetes/cluster-0/apps/networking/smtp-relay/helm-release.yaml similarity index 96% rename from cluster/apps/networking/smtp-relay/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/smtp-relay/helm-release.yaml index 0735cb151..1ddb305f6 100644 --- a/cluster/apps/networking/smtp-relay/helm-release.yaml +++ b/kubernetes/cluster-0/apps/networking/smtp-relay/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -40,7 +40,7 @@ spec: service: main: type: LoadBalancer - externalIPs: ["${CLUSTER_LB_SMTP_RELAY}"] + loadBalancerIP: "${CLUSTER_LB_SMTP_RELAY}" externalTrafficPolicy: Local ports: http: diff --git a/cluster/apps/networking/smtp-relay/kustomization.yaml b/kubernetes/cluster-0/apps/networking/smtp-relay/kustomization.yaml similarity index 100% rename from cluster/apps/networking/smtp-relay/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/smtp-relay/kustomization.yaml diff --git a/cluster/apps/networking/smtp-relay/maddy.conf b/kubernetes/cluster-0/apps/networking/smtp-relay/maddy.conf similarity index 100% rename from cluster/apps/networking/smtp-relay/maddy.conf rename to kubernetes/cluster-0/apps/networking/smtp-relay/maddy.conf diff --git a/cluster/apps/networking/smtp-relay/secret.sops.yaml b/kubernetes/cluster-0/apps/networking/smtp-relay/secret.sops.yaml similarity index 100% rename from cluster/apps/networking/smtp-relay/secret.sops.yaml rename to kubernetes/cluster-0/apps/networking/smtp-relay/secret.sops.yaml diff --git a/cluster/apps/networking/unifi/helm-release.yaml b/kubernetes/cluster-0/apps/networking/unifi/helm-release.yaml similarity index 96% rename from cluster/apps/networking/unifi/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/unifi/helm-release.yaml index 317a3dd56..7bf6c6ed6 100644 --- a/cluster/apps/networking/unifi/helm-release.yaml +++ b/kubernetes/cluster-0/apps/networking/unifi/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -37,8 +37,7 @@ spec: main: type: LoadBalancer externalTrafficPolicy: Local - externalIPs: - - ${CLUSTER_LB_UNIFI} + loadBalancerIP: ${CLUSTER_LB_UNIFI} ports: http: port: 8443 diff --git a/cluster/apps/networking/unifi/kustomization.yaml b/kubernetes/cluster-0/apps/networking/unifi/kustomization.yaml similarity index 100% rename from cluster/apps/networking/unifi/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/unifi/kustomization.yaml diff --git a/cluster/apps/networking/unifi/volume.yaml b/kubernetes/cluster-0/apps/networking/unifi/volume.yaml similarity index 100% rename from cluster/apps/networking/unifi/volume.yaml rename to kubernetes/cluster-0/apps/networking/unifi/volume.yaml diff --git a/cluster/apps/storage/kopia-web/config/repository.config b/kubernetes/cluster-0/apps/storage/kopia-kube/config/repository.config similarity index 99% rename from cluster/apps/storage/kopia-web/config/repository.config rename to kubernetes/cluster-0/apps/storage/kopia-kube/config/repository.config index 1a0674b4a..8eaef1041 100644 --- a/cluster/apps/storage/kopia-web/config/repository.config +++ b/kubernetes/cluster-0/apps/storage/kopia-kube/config/repository.config @@ -17,4 +17,4 @@ "description": "Cluster", "enableActions": false, "formatBlobCacheDuration": 900000000000 -} \ No newline at end of file +} diff --git a/cluster/apps/storage/kopia-web/helm-release.yaml b/kubernetes/cluster-0/apps/storage/kopia-kube/helm-release.yaml similarity index 98% rename from cluster/apps/storage/kopia-web/helm-release.yaml rename to kubernetes/cluster-0/apps/storage/kopia-kube/helm-release.yaml index e5c5c899b..e74a0188b 100644 --- a/cluster/apps/storage/kopia-web/helm-release.yaml +++ b/kubernetes/cluster-0/apps/storage/kopia-kube/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/storage/kopia-web/kustomization.yaml b/kubernetes/cluster-0/apps/storage/kopia-kube/kustomization.yaml similarity index 88% rename from cluster/apps/storage/kopia-web/kustomization.yaml rename to kubernetes/cluster-0/apps/storage/kopia-kube/kustomization.yaml index 8f49b2f77..3799f3af3 100644 --- a/cluster/apps/storage/kopia-web/kustomization.yaml +++ b/kubernetes/cluster-0/apps/storage/kopia-kube/kustomization.yaml @@ -9,4 +9,4 @@ configMapGenerator: files: - ./config/repository.config generatorOptions: - disableNameSuffixHash: true \ No newline at end of file + disableNameSuffixHash: true diff --git a/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/config/repository.config b/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/config/repository.config new file mode 100644 index 000000000..8eaef1041 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/config/repository.config @@ -0,0 +1,20 @@ +{ + "storage": { + "type": "filesystem", + "config": { + "path": "/snapshots", + "dirShards": null + } + }, + "caching": { + "cacheDirectory": "cache", + "maxCacheSize": 5242880000, + "maxMetadataCacheSize": 5242880000, + "maxListCacheDuration": 30 + }, + "hostname": "cluster", + "username": "root", + "description": "Cluster", + "enableActions": false, + "formatBlobCacheDuration": 900000000000 +} diff --git a/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/helm-release.yaml b/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/helm-release.yaml new file mode 100644 index 000000000..984e0fc30 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/helm-release.yaml @@ -0,0 +1,109 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: &app kopia-kube + namespace: default +spec: + interval: 15m + chart: + spec: + chart: app-template + version: 1.0.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 5 + upgrade: + remediation: + retries: 5 + values: + initContainers: + wait-for-repo: + image: ghcr.io/onedr0p/kopia:0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063 + command: + - /bin/bash + - -c + - |- + until [ -f /snapshots/kopia.repository.f ]; do + printf "\e[1;32m%-6s\e[m\n" "Waiting for the Kopia repo to become ready ..." + sleep 1 + done + volumeMounts: + - name: snapshots + mountPath: /snapshots + image: + repository: ghcr.io/onedr0p/kopia + tag: 0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063 + env: + TZ: "${TIMEZONE}" + KOPIA_PASSWORD: "none" + command: kopia + args: + - server + - --insecure + - --address + - 0.0.0.0:80 + - --metrics-listen-addr + - 0.0.0.0:8080 + - --without-password + - --log-level + - debug + service: + main: + ports: + http: + port: 80 + metrics: + enabled: true + port: 8080 + serviceMonitor: + main: + enabled: true + endpoints: + - port: metrics + scheme: http + path: /metrics + interval: 1m + scrapeTimeout: 10s + ingress: + main: + enabled: true + ingressClassName: "nginx" + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + podSecurityContext: + supplementalGroups: + - 100 + persistence: + config: + enabled: true + type: configMap + name: *app + subPath: repository.config + mountPath: /config/repository.config + readOnly: true + snapshots: + enabled: true + type: nfs + server: "${LOCAL_LAN_TRUENAS}" + path: /mnt/storage/backups/kubernetes + mountPath: /snapshots + podAnnotations: + configmap.reloader.stakater.com/reload: *app + resources: + requests: + cpu: 10m + memory: 100Mi + limits: + memory: 500Mi diff --git a/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/kustomization.yaml b/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/kustomization.yaml new file mode 100644 index 000000000..a3be0b2e2 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-release.yaml +namespace: default +configMapGenerator: + - name: kopia-kube + files: + - ./config/repository.config +generatorOptions: + disableNameSuffixHash: true diff --git a/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/config/repository.config b/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/config/repository.config new file mode 100644 index 000000000..8eaef1041 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/config/repository.config @@ -0,0 +1,20 @@ +{ + "storage": { + "type": "filesystem", + "config": { + "path": "/snapshots", + "dirShards": null + } + }, + "caching": { + "cacheDirectory": "cache", + "maxCacheSize": 5242880000, + "maxMetadataCacheSize": 5242880000, + "maxListCacheDuration": 30 + }, + "hostname": "cluster", + "username": "root", + "description": "Cluster", + "enableActions": false, + "formatBlobCacheDuration": 900000000000 +} diff --git a/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/helm-release.yaml b/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/helm-release.yaml new file mode 100644 index 000000000..f0a88f918 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/helm-release.yaml @@ -0,0 +1,109 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: &app kopia-workstations + namespace: default +spec: + interval: 15m + chart: + spec: + chart: app-template + version: 1.0.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 5 + upgrade: + remediation: + retries: 5 + values: + initContainers: + wait-for-repo: + image: ghcr.io/onedr0p/kopia:0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063 + command: + - /bin/bash + - -c + - |- + until [ -f /snapshots/kopia.repository.f ]; do + printf "\e[1;32m%-6s\e[m\n" "Waiting for the Kopia repo to become ready ..." + sleep 1 + done + volumeMounts: + - name: snapshots + mountPath: /snapshots + image: + repository: ghcr.io/onedr0p/kopia + tag: 0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063 + env: + TZ: "${TIMEZONE}" + KOPIA_PASSWORD: "none" + command: kopia + args: + - server + - --insecure + - --address + - 0.0.0.0:80 + - --metrics-listen-addr + - 0.0.0.0:8080 + - --without-password + - --log-level + - debug + service: + main: + ports: + http: + port: 80 + metrics: + enabled: true + port: 8080 + serviceMonitor: + main: + enabled: true + endpoints: + - port: metrics + scheme: http + path: /metrics + interval: 1m + scrapeTimeout: 10s + ingress: + main: + enabled: true + ingressClassName: "nginx" + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + podSecurityContext: + supplementalGroups: + - 100 + persistence: + config: + enabled: true + type: configMap + name: *app + subPath: repository.config + mountPath: /config/repository.config + readOnly: true + snapshots: + enabled: true + type: nfs + server: "${LOCAL_LAN_TRUENAS}" + path: /mnt/storage/backups/kopia-workstations + mountPath: /snapshots + podAnnotations: + configmap.reloader.stakater.com/reload: *app + resources: + requests: + cpu: 10m + memory: 100Mi + limits: + memory: 500Mi diff --git a/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/kustomization.yaml b/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/kustomization.yaml new file mode 100644 index 000000000..982329bb7 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-release.yaml +namespace: default +configMapGenerator: + - name: kopia-workstations + files: + - ./config/repository.config +generatorOptions: + disableNameSuffixHash: true diff --git a/cluster/core/rook-ceph/snapshot-controller/kustomization.yaml b/kubernetes/cluster-0/apps/storage/kopia/kustomization.yaml similarity index 67% rename from cluster/core/rook-ceph/snapshot-controller/kustomization.yaml rename to kubernetes/cluster-0/apps/storage/kopia/kustomization.yaml index 356a45c2b..1d07e04ef 100644 --- a/cluster/core/rook-ceph/snapshot-controller/kustomization.yaml +++ b/kubernetes/cluster-0/apps/storage/kopia/kustomization.yaml @@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - rbac.yaml - - deployment.yaml + - kopia-kube + - kopia-workstations diff --git a/cluster/apps/storage/kustomization.yaml b/kubernetes/cluster-0/apps/storage/kustomization.yaml similarity index 65% rename from cluster/apps/storage/kustomization.yaml rename to kubernetes/cluster-0/apps/storage/kustomization.yaml index 6e0eade90..7b31bd9c5 100644 --- a/cluster/apps/storage/kustomization.yaml +++ b/kubernetes/cluster-0/apps/storage/kustomization.yaml @@ -2,8 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - kopia-web - - resilio-sync-claude - - resilio-sync-helene + - kopia + - resilio-sync - smartctl-exporter - truecommand diff --git a/cluster/apps/storage/resilio-sync-claude/config/sync.conf b/kubernetes/cluster-0/apps/storage/resilio-sync/claude/config/sync.conf similarity index 100% rename from cluster/apps/storage/resilio-sync-claude/config/sync.conf rename to kubernetes/cluster-0/apps/storage/resilio-sync/claude/config/sync.conf diff --git a/cluster/apps/storage/resilio-sync-claude/helm-release.yaml b/kubernetes/cluster-0/apps/storage/resilio-sync/claude/helm-release.yaml similarity index 86% rename from cluster/apps/storage/resilio-sync-claude/helm-release.yaml rename to kubernetes/cluster-0/apps/storage/resilio-sync/claude/helm-release.yaml index 7fcfff1c8..bf7264446 100644 --- a/cluster/apps/storage/resilio-sync-claude/helm-release.yaml +++ b/kubernetes/cluster-0/apps/storage/resilio-sync/claude/helm-release.yaml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: &app resilio-sync-claude + name: &app resilio-claude namespace: default spec: interval: 15m @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -24,7 +24,7 @@ spec: values: image: repository: ghcr.io/auricom/resilio-sync - tag: v2.7.3.1381-1@sha256:0d166c1824637add7ce7c1a66bf3f267f69b85e12d0d49037f6d299d72c4032d + tag: 2.7.3.1381-1@sha256:ec9c45bc0d04f9622d00009b4c8f431ddbf83e53d1942e00282f7059f7dc5ae7 env: - name: TZ value: "${TIMEZONE}" @@ -50,12 +50,12 @@ spec: persistence: config: enabled: true - existingClaim: resilio-sync-claude-config + existingClaim: resilio-claude-config sync-conf: enabled: true type: configMap configMap: - name: resilio-sync-claude-sync-conf + name: resilio-claude-sync-conf mountPath: /config/sync.conf subPath: sync.conf backups: @@ -73,8 +73,8 @@ spec: music-transcoded: enabled: true type: nfs - server: "${LOCAL_LAN_OPENMEDIAVAULT}" - path: /export/music_transcoded + server: "${LOCAL_LAN_TRUENAS}" + path: /mnt/storage/music_transcoded mountPath: /sync/music_transcoded photo: enabled: true diff --git a/cluster/apps/storage/resilio-sync-claude/kustomization.yaml b/kubernetes/cluster-0/apps/storage/resilio-sync/claude/kustomization.yaml similarity index 85% rename from cluster/apps/storage/resilio-sync-claude/kustomization.yaml rename to kubernetes/cluster-0/apps/storage/resilio-sync/claude/kustomization.yaml index e09d0c7e1..36da871a1 100644 --- a/cluster/apps/storage/resilio-sync-claude/kustomization.yaml +++ b/kubernetes/cluster-0/apps/storage/resilio-sync/claude/kustomization.yaml @@ -5,7 +5,7 @@ resources: - helm-release.yaml - volume.yaml configMapGenerator: - - name: resilio-sync-claude-sync-conf + - name: resilio-claude-sync-conf namespace: default files: - config/sync.conf diff --git a/cluster/apps/storage/resilio-sync-claude/volume.yaml b/kubernetes/cluster-0/apps/storage/resilio-sync/claude/volume.yaml similarity index 76% rename from cluster/apps/storage/resilio-sync-claude/volume.yaml rename to kubernetes/cluster-0/apps/storage/resilio-sync/claude/volume.yaml index 72c7b3962..2c0ebe1fb 100644 --- a/cluster/apps/storage/resilio-sync-claude/volume.yaml +++ b/kubernetes/cluster-0/apps/storage/resilio-sync/claude/volume.yaml @@ -2,10 +2,10 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: resilio-sync-claude-config + name: resilio-claude-config namespace: default labels: - app.kubernetes.io/name: &name resilio-sync-claude + app.kubernetes.io/name: &name resilio-claude app.kubernetes.io/instance: *name snapshot.home.arpa/enabled: "true" spec: diff --git a/cluster/apps/storage/resilio-sync-helene/config/sync.conf b/kubernetes/cluster-0/apps/storage/resilio-sync/helene/config/sync.conf similarity index 100% rename from cluster/apps/storage/resilio-sync-helene/config/sync.conf rename to kubernetes/cluster-0/apps/storage/resilio-sync/helene/config/sync.conf diff --git a/cluster/apps/storage/resilio-sync-helene/helm-release.yaml b/kubernetes/cluster-0/apps/storage/resilio-sync/helene/helm-release.yaml similarity index 86% rename from cluster/apps/storage/resilio-sync-helene/helm-release.yaml rename to kubernetes/cluster-0/apps/storage/resilio-sync/helene/helm-release.yaml index 9fff238de..deb8013ce 100644 --- a/cluster/apps/storage/resilio-sync-helene/helm-release.yaml +++ b/kubernetes/cluster-0/apps/storage/resilio-sync/helene/helm-release.yaml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: &app resilio-sync-helene + name: &app resilio-helene namespace: default spec: interval: 15m @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -25,7 +25,7 @@ spec: values: image: repository: ghcr.io/auricom/resilio-sync - tag: v2.7.3.1381-1@sha256:0d166c1824637add7ce7c1a66bf3f267f69b85e12d0d49037f6d299d72c4032d + tag: 2.7.3.1381-1@sha256:ec9c45bc0d04f9622d00009b4c8f431ddbf83e53d1942e00282f7059f7dc5ae7 env: - name: TZ value: "${TIMEZONE}" @@ -51,12 +51,12 @@ spec: persistence: config: enabled: true - existingClaim: resilio-sync-helene-config + existingClaim: resilio-helene-config sync-conf: enabled: true type: configMap configMap: - name: resilio-sync-helene-sync-conf + name: resilio-helene-sync-conf mountPath: /config/sync.conf subPath: sync.conf backups: diff --git a/cluster/apps/storage/resilio-sync-helene/kustomization.yaml b/kubernetes/cluster-0/apps/storage/resilio-sync/helene/kustomization.yaml similarity index 85% rename from cluster/apps/storage/resilio-sync-helene/kustomization.yaml rename to kubernetes/cluster-0/apps/storage/resilio-sync/helene/kustomization.yaml index e5de57668..237372e50 100644 --- a/cluster/apps/storage/resilio-sync-helene/kustomization.yaml +++ b/kubernetes/cluster-0/apps/storage/resilio-sync/helene/kustomization.yaml @@ -5,7 +5,7 @@ resources: - helm-release.yaml - volume.yaml configMapGenerator: - - name: resilio-sync-helene-sync-conf + - name: resilio-helene-sync-conf namespace: default files: - config/sync.conf diff --git a/cluster/apps/storage/resilio-sync-helene/volume.yaml b/kubernetes/cluster-0/apps/storage/resilio-sync/helene/volume.yaml similarity index 76% rename from cluster/apps/storage/resilio-sync-helene/volume.yaml rename to kubernetes/cluster-0/apps/storage/resilio-sync/helene/volume.yaml index 162c2e324..bd04a3b15 100644 --- a/cluster/apps/storage/resilio-sync-helene/volume.yaml +++ b/kubernetes/cluster-0/apps/storage/resilio-sync/helene/volume.yaml @@ -2,10 +2,10 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: resilio-sync-helene-config + name: resilio-helene-config namespace: default labels: - app.kubernetes.io/name: &name resilio-sync-helene + app.kubernetes.io/name: &name resilio-helene app.kubernetes.io/instance: *name snapshot.home.arpa/enabled: "true" spec: diff --git a/cluster/apps/web-tools/whoogle/kustomization.yaml b/kubernetes/cluster-0/apps/storage/resilio-sync/kustomization.yaml similarity index 78% rename from cluster/apps/web-tools/whoogle/kustomization.yaml rename to kubernetes/cluster-0/apps/storage/resilio-sync/kustomization.yaml index 2fa2de20c..a4210bcc9 100644 --- a/cluster/apps/web-tools/whoogle/kustomization.yaml +++ b/kubernetes/cluster-0/apps/storage/resilio-sync/kustomization.yaml @@ -2,4 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - helm-release.yaml + - claude + - helene diff --git a/cluster/apps/storage/smartctl-exporter/helm-release.yaml b/kubernetes/cluster-0/apps/storage/smartctl-exporter/helm-release.yaml similarity index 93% rename from cluster/apps/storage/smartctl-exporter/helm-release.yaml rename to kubernetes/cluster-0/apps/storage/smartctl-exporter/helm-release.yaml index b98927e4b..116d6f996 100644 --- a/cluster/apps/storage/smartctl-exporter/helm-release.yaml +++ b/kubernetes/cluster-0/apps/storage/smartctl-exporter/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 0.3.1 sourceRef: kind: HelmRepository - name: prometheus-community-charts + name: prometheus-community namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/networking/tigera-operator/kustomization.yaml b/kubernetes/cluster-0/apps/storage/smartctl-exporter/kustomization.yaml similarity index 100% rename from cluster/apps/networking/tigera-operator/kustomization.yaml rename to kubernetes/cluster-0/apps/storage/smartctl-exporter/kustomization.yaml diff --git a/cluster/apps/storage/truecommand/helm-release.yaml b/kubernetes/cluster-0/apps/storage/truecommand/helm-release.yaml similarity index 97% rename from cluster/apps/storage/truecommand/helm-release.yaml rename to kubernetes/cluster-0/apps/storage/truecommand/helm-release.yaml index aa04ec443..5ad6f5e80 100644 --- a/cluster/apps/storage/truecommand/helm-release.yaml +++ b/kubernetes/cluster-0/apps/storage/truecommand/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/storage/truecommand/kustomization.yaml b/kubernetes/cluster-0/apps/storage/truecommand/kustomization.yaml similarity index 100% rename from cluster/apps/storage/truecommand/kustomization.yaml rename to kubernetes/cluster-0/apps/storage/truecommand/kustomization.yaml diff --git a/cluster/apps/storage/truecommand/volume.yaml b/kubernetes/cluster-0/apps/storage/truecommand/volume.yaml similarity index 100% rename from cluster/apps/storage/truecommand/volume.yaml rename to kubernetes/cluster-0/apps/storage/truecommand/volume.yaml diff --git a/cluster/apps/web-tools/freshrss/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/freshrss/helm-release.yaml similarity index 97% rename from cluster/apps/web-tools/freshrss/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/freshrss/helm-release.yaml index b84f63aea..4f62f23e2 100644 --- a/cluster/apps/web-tools/freshrss/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/freshrss/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/freshrss/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/freshrss/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/freshrss/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/freshrss/kustomization.yaml diff --git a/cluster/apps/web-tools/freshrss/patches/postgres.yaml b/kubernetes/cluster-0/apps/web-tools/freshrss/patches/postgres.yaml similarity index 100% rename from cluster/apps/web-tools/freshrss/patches/postgres.yaml rename to kubernetes/cluster-0/apps/web-tools/freshrss/patches/postgres.yaml diff --git a/cluster/apps/web-tools/freshrss/secret.sops.yaml b/kubernetes/cluster-0/apps/web-tools/freshrss/secret.sops.yaml similarity index 100% rename from cluster/apps/web-tools/freshrss/secret.sops.yaml rename to kubernetes/cluster-0/apps/web-tools/freshrss/secret.sops.yaml diff --git a/cluster/apps/web-tools/freshrss/volume.yaml b/kubernetes/cluster-0/apps/web-tools/freshrss/volume.yaml similarity index 100% rename from cluster/apps/web-tools/freshrss/volume.yaml rename to kubernetes/cluster-0/apps/web-tools/freshrss/volume.yaml diff --git a/cluster/apps/web-tools/homer-code/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/homer-code/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/homer-code/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/homer-code/helm-release.yaml index 489ae4d13..217c3614c 100644 --- a/cluster/apps/web-tools/homer-code/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/homer-code/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/storage/smartctl-exporter/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/homer-code/kustomization.yaml similarity index 100% rename from cluster/apps/storage/smartctl-exporter/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/homer-code/kustomization.yaml diff --git a/cluster/apps/web-tools/homer/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/homer/helm-release.yaml similarity index 97% rename from cluster/apps/web-tools/homer/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/homer/helm-release.yaml index 1dc1df223..2af3707fc 100644 --- a/cluster/apps/web-tools/homer/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/homer/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/homer/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/homer/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/homer/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/homer/kustomization.yaml diff --git a/cluster/apps/web-tools/homer/volume.yaml b/kubernetes/cluster-0/apps/web-tools/homer/volume.yaml similarity index 100% rename from cluster/apps/web-tools/homer/volume.yaml rename to kubernetes/cluster-0/apps/web-tools/homer/volume.yaml diff --git a/cluster/apps/web-tools/invidious/config/config.yml b/kubernetes/cluster-0/apps/web-tools/invidious/config/config.yml similarity index 100% rename from cluster/apps/web-tools/invidious/config/config.yml rename to kubernetes/cluster-0/apps/web-tools/invidious/config/config.yml diff --git a/cluster/apps/web-tools/invidious/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/invidious/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/invidious/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/invidious/helm-release.yaml index 828555c6f..375e27b9f 100644 --- a/cluster/apps/web-tools/invidious/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/invidious/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/invidious/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/invidious/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/invidious/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/invidious/kustomization.yaml diff --git a/cluster/apps/web-tools/invidious/patches/postgres.yaml b/kubernetes/cluster-0/apps/web-tools/invidious/patches/postgres.yaml similarity index 100% rename from cluster/apps/web-tools/invidious/patches/postgres.yaml rename to kubernetes/cluster-0/apps/web-tools/invidious/patches/postgres.yaml diff --git a/cluster/apps/web-tools/joplin/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/joplin/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/joplin/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/joplin/helm-release.yaml index 4990961d6..8017b29db 100644 --- a/cluster/apps/web-tools/joplin/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/joplin/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/joplin/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/joplin/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/joplin/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/joplin/kustomization.yaml diff --git a/cluster/apps/web-tools/joplin/patches/postgres.yaml b/kubernetes/cluster-0/apps/web-tools/joplin/patches/postgres.yaml similarity index 100% rename from cluster/apps/web-tools/joplin/patches/postgres.yaml rename to kubernetes/cluster-0/apps/web-tools/joplin/patches/postgres.yaml diff --git a/cluster/apps/web-tools/joplin/secret.sops.yaml b/kubernetes/cluster-0/apps/web-tools/joplin/secret.sops.yaml similarity index 100% rename from cluster/apps/web-tools/joplin/secret.sops.yaml rename to kubernetes/cluster-0/apps/web-tools/joplin/secret.sops.yaml diff --git a/cluster/apps/web-tools/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/kustomization.yaml similarity index 93% rename from cluster/apps/web-tools/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/kustomization.yaml index 597a72b77..0f85843fa 100644 --- a/cluster/apps/web-tools/kustomization.yaml +++ b/kubernetes/cluster-0/apps/web-tools/kustomization.yaml @@ -9,7 +9,6 @@ resources: - invidious - joplin - libreddit - - music-transcode - nitter - sharry - tandoor diff --git a/cluster/apps/web-tools/libreddit/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/libreddit/helm-release.yaml similarity index 92% rename from cluster/apps/web-tools/libreddit/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/libreddit/helm-release.yaml index c2bdb8ca1..bcf35e70b 100644 --- a/cluster/apps/web-tools/libreddit/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/libreddit/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -27,7 +27,7 @@ spec: values: image: repository: ghcr.io/auricom/libreddit - tag: v0.24.0@sha256:b816f7a87573aa67762b097b2206fb5e75493950deb6eda2415ee68501424093 + tag: 0.24.0@sha256:1455b0ed61a45c4670b11c6f4825168c622dfd90638a069bf02b5a21d1515236 service: main: ports: diff --git a/cluster/apps/web-tools/libreddit/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/libreddit/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/libreddit/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/libreddit/kustomization.yaml diff --git a/cluster/apps/web-tools/nitter/config/config.yml b/kubernetes/cluster-0/apps/web-tools/nitter/config/config.yml similarity index 100% rename from cluster/apps/web-tools/nitter/config/config.yml rename to kubernetes/cluster-0/apps/web-tools/nitter/config/config.yml diff --git a/cluster/apps/web-tools/nitter/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/nitter/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/nitter/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/nitter/helm-release.yaml index 142dbeff0..282ed4c6e 100644 --- a/cluster/apps/web-tools/nitter/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/nitter/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/nitter/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/nitter/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/nitter/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/nitter/kustomization.yaml diff --git a/cluster/apps/web-tools/readme.md b/kubernetes/cluster-0/apps/web-tools/readme.md similarity index 100% rename from cluster/apps/web-tools/readme.md rename to kubernetes/cluster-0/apps/web-tools/readme.md diff --git a/cluster/apps/web-tools/sharry/config/sharry.conf b/kubernetes/cluster-0/apps/web-tools/sharry/config/sharry.conf similarity index 100% rename from cluster/apps/web-tools/sharry/config/sharry.conf rename to kubernetes/cluster-0/apps/web-tools/sharry/config/sharry.conf diff --git a/cluster/apps/web-tools/sharry/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/sharry/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/sharry/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/sharry/helm-release.yaml index f832408f5..b1c55fe66 100644 --- a/cluster/apps/web-tools/sharry/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/sharry/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/sharry/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/sharry/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/sharry/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/sharry/kustomization.yaml diff --git a/cluster/apps/web-tools/sharry/patches/postgres.yaml b/kubernetes/cluster-0/apps/web-tools/sharry/patches/postgres.yaml similarity index 100% rename from cluster/apps/web-tools/sharry/patches/postgres.yaml rename to kubernetes/cluster-0/apps/web-tools/sharry/patches/postgres.yaml diff --git a/cluster/apps/web-tools/tandoor/config/nginx-config b/kubernetes/cluster-0/apps/web-tools/tandoor/config/nginx-config similarity index 100% rename from cluster/apps/web-tools/tandoor/config/nginx-config rename to kubernetes/cluster-0/apps/web-tools/tandoor/config/nginx-config diff --git a/cluster/apps/web-tools/tandoor/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/tandoor/helm-release.yaml similarity index 97% rename from cluster/apps/web-tools/tandoor/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/tandoor/helm-release.yaml index e823bdc43..106020056 100644 --- a/cluster/apps/web-tools/tandoor/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/tandoor/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -56,7 +56,7 @@ spec: persistence: files: enabled: true - existingClaim: recipes-files + existingClaim: tandoor-files mountPath: /opt/recipes/mediafiles nginx-config: enabled: "true" diff --git a/cluster/apps/web-tools/tandoor/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/tandoor/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/tandoor/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/tandoor/kustomization.yaml diff --git a/cluster/apps/web-tools/tandoor/patches/env.yaml b/kubernetes/cluster-0/apps/web-tools/tandoor/patches/env.yaml similarity index 100% rename from cluster/apps/web-tools/tandoor/patches/env.yaml rename to kubernetes/cluster-0/apps/web-tools/tandoor/patches/env.yaml diff --git a/cluster/apps/web-tools/tandoor/patches/postgres.yaml b/kubernetes/cluster-0/apps/web-tools/tandoor/patches/postgres.yaml similarity index 100% rename from cluster/apps/web-tools/tandoor/patches/postgres.yaml rename to kubernetes/cluster-0/apps/web-tools/tandoor/patches/postgres.yaml diff --git a/cluster/apps/web-tools/tandoor/secret.sops.yaml b/kubernetes/cluster-0/apps/web-tools/tandoor/secret.sops.yaml similarity index 100% rename from cluster/apps/web-tools/tandoor/secret.sops.yaml rename to kubernetes/cluster-0/apps/web-tools/tandoor/secret.sops.yaml diff --git a/cluster/apps/web-tools/tandoor/volume.yaml b/kubernetes/cluster-0/apps/web-tools/tandoor/volume.yaml similarity index 100% rename from cluster/apps/web-tools/tandoor/volume.yaml rename to kubernetes/cluster-0/apps/web-tools/tandoor/volume.yaml diff --git a/cluster/apps/web-tools/theme-park/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/theme-park/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/theme-park/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/theme-park/helm-release.yaml index efb489ca6..b563e3efa 100644 --- a/cluster/apps/web-tools/theme-park/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/theme-park/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/homer-code/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/theme-park/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/homer-code/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/theme-park/kustomization.yaml diff --git a/cluster/apps/web-tools/vaultwarden/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/vaultwarden/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/vaultwarden/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/vaultwarden/helm-release.yaml index 66fac5e45..6dc5369c0 100644 --- a/cluster/apps/web-tools/vaultwarden/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/vaultwarden/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/vaultwarden/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/vaultwarden/kustomization.yaml similarity index 91% rename from cluster/apps/web-tools/vaultwarden/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/vaultwarden/kustomization.yaml index 6e18e9f74..9d9eb5c3e 100644 --- a/cluster/apps/web-tools/vaultwarden/kustomization.yaml +++ b/kubernetes/cluster-0/apps/web-tools/vaultwarden/kustomization.yaml @@ -3,5 +3,6 @@ kind: Kustomization resources: - helm-release.yaml - secret.sops.yaml + - volume.yaml patchesStrategicMerge: - patches/postgres.yaml diff --git a/cluster/apps/web-tools/vaultwarden/patches/postgres.yaml b/kubernetes/cluster-0/apps/web-tools/vaultwarden/patches/postgres.yaml similarity index 100% rename from cluster/apps/web-tools/vaultwarden/patches/postgres.yaml rename to kubernetes/cluster-0/apps/web-tools/vaultwarden/patches/postgres.yaml diff --git a/cluster/apps/web-tools/vaultwarden/secret.sops.yaml b/kubernetes/cluster-0/apps/web-tools/vaultwarden/secret.sops.yaml similarity index 100% rename from cluster/apps/web-tools/vaultwarden/secret.sops.yaml rename to kubernetes/cluster-0/apps/web-tools/vaultwarden/secret.sops.yaml diff --git a/cluster/apps/web-tools/vaultwarden/volume.yaml b/kubernetes/cluster-0/apps/web-tools/vaultwarden/volume.yaml similarity index 100% rename from cluster/apps/web-tools/vaultwarden/volume.yaml rename to kubernetes/cluster-0/apps/web-tools/vaultwarden/volume.yaml diff --git a/cluster/apps/web-tools/vikunja/config/Caddyfile b/kubernetes/cluster-0/apps/web-tools/vikunja/config/Caddyfile similarity index 100% rename from cluster/apps/web-tools/vikunja/config/Caddyfile rename to kubernetes/cluster-0/apps/web-tools/vikunja/config/Caddyfile diff --git a/cluster/apps/web-tools/vikunja/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/vikunja/helm-release.yaml similarity index 99% rename from cluster/apps/web-tools/vikunja/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/vikunja/helm-release.yaml index 75e2beec9..b38f5d32b 100644 --- a/cluster/apps/web-tools/vikunja/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/vikunja/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/vikunja/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/vikunja/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/vikunja/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/vikunja/kustomization.yaml diff --git a/cluster/apps/web-tools/vikunja/patches/postgres.yaml b/kubernetes/cluster-0/apps/web-tools/vikunja/patches/postgres.yaml similarity index 100% rename from cluster/apps/web-tools/vikunja/patches/postgres.yaml rename to kubernetes/cluster-0/apps/web-tools/vikunja/patches/postgres.yaml diff --git a/cluster/apps/web-tools/vikunja/secret.sops.yaml b/kubernetes/cluster-0/apps/web-tools/vikunja/secret.sops.yaml similarity index 100% rename from cluster/apps/web-tools/vikunja/secret.sops.yaml rename to kubernetes/cluster-0/apps/web-tools/vikunja/secret.sops.yaml diff --git a/cluster/apps/web-tools/vikunja/volume.yaml b/kubernetes/cluster-0/apps/web-tools/vikunja/volume.yaml similarity index 100% rename from cluster/apps/web-tools/vikunja/volume.yaml rename to kubernetes/cluster-0/apps/web-tools/vikunja/volume.yaml diff --git a/cluster/apps/web-tools/wallabag/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/wallabag/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/wallabag/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/wallabag/helm-release.yaml index 47ec9ba70..93566e794 100644 --- a/cluster/apps/web-tools/wallabag/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/wallabag/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/wallabag/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/wallabag/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/wallabag/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/wallabag/kustomization.yaml diff --git a/cluster/apps/web-tools/wallabag/patches/env.yaml b/kubernetes/cluster-0/apps/web-tools/wallabag/patches/env.yaml similarity index 100% rename from cluster/apps/web-tools/wallabag/patches/env.yaml rename to kubernetes/cluster-0/apps/web-tools/wallabag/patches/env.yaml diff --git a/cluster/apps/web-tools/wallabag/patches/postgres.yaml b/kubernetes/cluster-0/apps/web-tools/wallabag/patches/postgres.yaml similarity index 100% rename from cluster/apps/web-tools/wallabag/patches/postgres.yaml rename to kubernetes/cluster-0/apps/web-tools/wallabag/patches/postgres.yaml diff --git a/cluster/apps/web-tools/wallabag/secret.sops.yaml b/kubernetes/cluster-0/apps/web-tools/wallabag/secret.sops.yaml similarity index 100% rename from cluster/apps/web-tools/wallabag/secret.sops.yaml rename to kubernetes/cluster-0/apps/web-tools/wallabag/secret.sops.yaml diff --git a/cluster/apps/web-tools/wallabag/volume.yaml b/kubernetes/cluster-0/apps/web-tools/wallabag/volume.yaml similarity index 100% rename from cluster/apps/web-tools/wallabag/volume.yaml rename to kubernetes/cluster-0/apps/web-tools/wallabag/volume.yaml diff --git a/cluster/apps/web-tools/whoogle/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/whoogle/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/whoogle/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/whoogle/helm-release.yaml index de0b56178..04585734a 100644 --- a/cluster/apps/web-tools/whoogle/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/whoogle/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/theme-park/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/whoogle/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/theme-park/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/whoogle/kustomization.yaml diff --git a/kubernetes/cluster-0/core/cilium/configmap.yaml b/kubernetes/cluster-0/core/cilium/configmap.yaml new file mode 100644 index 000000000..046d2e372 --- /dev/null +++ b/kubernetes/cluster-0/core/cilium/configmap.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: bgp-config + namespace: kube-system +data: + config.yaml: | + peers: + - peer-address: ${LOCAL_LAN_OPNSENSE} + peer-asn: 64512 + my-asn: 64512 + address-pools: + - name: default + protocol: bgp + addresses: + - ${CILIUM_BGP_SVC_RANGE} + avoid-buggy-ips: true diff --git a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/kustomization.yaml b/kubernetes/cluster-0/core/cilium/kustomization.yaml similarity index 65% rename from cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/kustomization.yaml rename to kubernetes/cluster-0/core/cilium/kustomization.yaml index d2f0a0394..dd00d2b73 100644 --- a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/kustomization.yaml +++ b/kubernetes/cluster-0/core/cilium/kustomization.yaml @@ -1,6 +1,6 @@ --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: kube-system resources: - - server.yaml - - agent.yaml + - configmap.yaml diff --git a/cluster/core/flux-system/kustomization.yaml b/kubernetes/cluster-0/core/flux-system/kustomization.yaml similarity index 89% rename from cluster/core/flux-system/kustomization.yaml rename to kubernetes/cluster-0/core/flux-system/kustomization.yaml index f69a08e4a..a108e43ba 100644 --- a/cluster/core/flux-system/kustomization.yaml +++ b/kubernetes/cluster-0/core/flux-system/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - notifications + - weave-gitops - webhook - pod-monitor.yaml - prometheus-rule.yaml diff --git a/cluster/core/flux-system/notifications/alert-manager/kustomization.yaml b/kubernetes/cluster-0/core/flux-system/notifications/alert-manager/kustomization.yaml similarity index 100% rename from cluster/core/flux-system/notifications/alert-manager/kustomization.yaml rename to kubernetes/cluster-0/core/flux-system/notifications/alert-manager/kustomization.yaml diff --git a/cluster/core/flux-system/notifications/alert-manager/notification.yaml b/kubernetes/cluster-0/core/flux-system/notifications/alert-manager/notification.yaml similarity index 100% rename from cluster/core/flux-system/notifications/alert-manager/notification.yaml rename to kubernetes/cluster-0/core/flux-system/notifications/alert-manager/notification.yaml diff --git a/cluster/core/flux-system/notifications/github/kustomization.yaml b/kubernetes/cluster-0/core/flux-system/notifications/github/kustomization.yaml similarity index 100% rename from cluster/core/flux-system/notifications/github/kustomization.yaml rename to kubernetes/cluster-0/core/flux-system/notifications/github/kustomization.yaml diff --git a/cluster/core/flux-system/notifications/github/notification.yaml b/kubernetes/cluster-0/core/flux-system/notifications/github/notification.yaml similarity index 100% rename from cluster/core/flux-system/notifications/github/notification.yaml rename to kubernetes/cluster-0/core/flux-system/notifications/github/notification.yaml diff --git a/cluster/core/flux-system/notifications/github/secret.sops.yaml b/kubernetes/cluster-0/core/flux-system/notifications/github/secret.sops.yaml similarity index 100% rename from cluster/core/flux-system/notifications/github/secret.sops.yaml rename to kubernetes/cluster-0/core/flux-system/notifications/github/secret.sops.yaml diff --git a/cluster/core/flux-system/notifications/kustomization.yaml b/kubernetes/cluster-0/core/flux-system/notifications/kustomization.yaml similarity index 100% rename from cluster/core/flux-system/notifications/kustomization.yaml rename to kubernetes/cluster-0/core/flux-system/notifications/kustomization.yaml diff --git a/cluster/core/flux-system/pod-monitor.yaml b/kubernetes/cluster-0/core/flux-system/pod-monitor.yaml similarity index 100% rename from cluster/core/flux-system/pod-monitor.yaml rename to kubernetes/cluster-0/core/flux-system/pod-monitor.yaml diff --git a/cluster/core/flux-system/prometheus-rule.yaml b/kubernetes/cluster-0/core/flux-system/prometheus-rule.yaml similarity index 100% rename from cluster/core/flux-system/prometheus-rule.yaml rename to kubernetes/cluster-0/core/flux-system/prometheus-rule.yaml diff --git a/kubernetes/cluster-0/core/flux-system/weave-gitops/helm-release.yaml b/kubernetes/cluster-0/core/flux-system/weave-gitops/helm-release.yaml new file mode 100644 index 000000000..92bda3ce3 --- /dev/null +++ b/kubernetes/cluster-0/core/flux-system/weave-gitops/helm-release.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: weave-gitops + namespace: flux-system +spec: + interval: 30m + chart: + spec: + chart: weave-gitops + version: 4.0.7 + interval: 30m + sourceRef: + kind: HelmRepository + name: weave-gitops + values: + adminUser: + create: true + username: admin + # passwordHash: from valuesFrom + + ingress: + enabled: true + className: nginx + hosts: + - host: &host "gitops.${SECRET_CLUSTER_DOMAIN}" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + + valuesFrom: + - kind: Secret + name: weave-gitops + valuesKey: adminPassword + targetPath: adminUser.passwordHash diff --git a/kubernetes/cluster-0/core/flux-system/weave-gitops/kustomization.yaml b/kubernetes/cluster-0/core/flux-system/weave-gitops/kustomization.yaml new file mode 100644 index 000000000..8f91b5e91 --- /dev/null +++ b/kubernetes/cluster-0/core/flux-system/weave-gitops/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: flux-system +resources: + - helm-release.yaml + - secret.sops.yaml diff --git a/kubernetes/cluster-0/core/flux-system/weave-gitops/secret.sops.yaml b/kubernetes/cluster-0/core/flux-system/weave-gitops/secret.sops.yaml new file mode 100644 index 000000000..f7c88fe7f --- /dev/null +++ b/kubernetes/cluster-0/core/flux-system/weave-gitops/secret.sops.yaml @@ -0,0 +1,29 @@ +# yamllint disable +apiVersion: v1 +kind: Secret +metadata: + name: weave-gitops + namespace: flux-system +stringData: + adminPassword: ENC[AES256_GCM,data:StBu3tl/3/54rmGudER6nID4XEYLjumoMDptFBggSrrO/NJFrDAeUJilYY8AEuUBO6JHASPXS18hAlSx,iv:p8J+v7E7tktWquc1v/TotXxBZ9Fvx6UUV7+UunFZgSw=,tag:SXiYy43RvwmM2r6C+rztgQ==,type:str] +type: Opaque +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTTE0aWVrY0cva0lzNEl0 + T2d3aEs5clE2TWZZTXE4Ly8wcmpZVms5aDN3CjZoK0ptTjJXSmZiQ1RGMmk3ckJZ + RlA1YURROG9PRXNFd0UyUzlST1RydzAKLS0tIGJiVyt2elc0Q0FWaEVGN1A0bS9Z + WUlSN1lLaHh0cTVOaHBGblU3Tmh6ZUEK0jJjreF4xiwHMqhLaQKZFgeeikjeRRqg + KzsMDy93tQKSByzwSD3UFcKHW48iiQAy/J1Q12bEaXSFBkOd5mILZw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-11-19T10:51:30Z" + mac: ENC[AES256_GCM,data:1b3WHgY9H5yAxwxbHvjPKGFZWmJ1iu945G5illQs6mEfmSrR1ZPvlBKn8eMNuSv1VN18ZhGWicFPpiwwe3MVFRr1G5Vn4F2VtS9F2Ap5IvWDW+F0vJfOAp6OdpT/TOOinp1Es9Pspd4JTpkr+Pk8tGDvVtnZ0aLer+qLv4SYZKA=,iv:zr2ZuwaqNaihfcX3KUKz0yXuGqX6o9o0zXfrhIY5vv4=,tag:kNIuKQ7Z7CbwhSBqgv5F+Q==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/cluster/core/flux-system/webhook/github/ingress.yaml b/kubernetes/cluster-0/core/flux-system/webhook/github/ingress.yaml similarity index 100% rename from cluster/core/flux-system/webhook/github/ingress.yaml rename to kubernetes/cluster-0/core/flux-system/webhook/github/ingress.yaml diff --git a/cluster/core/flux-system/webhook/github/kustomization.yaml b/kubernetes/cluster-0/core/flux-system/webhook/github/kustomization.yaml similarity index 100% rename from cluster/core/flux-system/webhook/github/kustomization.yaml rename to kubernetes/cluster-0/core/flux-system/webhook/github/kustomization.yaml diff --git a/cluster/core/flux-system/webhook/github/receiver.yaml b/kubernetes/cluster-0/core/flux-system/webhook/github/receiver.yaml similarity index 100% rename from cluster/core/flux-system/webhook/github/receiver.yaml rename to kubernetes/cluster-0/core/flux-system/webhook/github/receiver.yaml diff --git a/cluster/core/flux-system/webhook/github/secret.sops.yaml b/kubernetes/cluster-0/core/flux-system/webhook/github/secret.sops.yaml similarity index 100% rename from cluster/core/flux-system/webhook/github/secret.sops.yaml rename to kubernetes/cluster-0/core/flux-system/webhook/github/secret.sops.yaml diff --git a/cluster/core/flux-system/webhook/kustomization.yaml b/kubernetes/cluster-0/core/flux-system/webhook/kustomization.yaml similarity index 100% rename from cluster/core/flux-system/webhook/kustomization.yaml rename to kubernetes/cluster-0/core/flux-system/webhook/kustomization.yaml diff --git a/cluster/core/kustomization.yaml b/kubernetes/cluster-0/core/kustomization.yaml similarity index 90% rename from cluster/core/kustomization.yaml rename to kubernetes/cluster-0/core/kustomization.yaml index db4a8dd0e..9a8596597 100644 --- a/cluster/core/kustomization.yaml +++ b/kubernetes/cluster-0/core/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - cilium - flux-system - rook-ceph diff --git a/cluster/core/rook-ceph/cluster/helm-release.yaml b/kubernetes/cluster-0/core/rook-ceph/cluster/helm-release.yaml similarity index 59% rename from cluster/core/rook-ceph/cluster/helm-release.yaml rename to kubernetes/cluster-0/core/rook-ceph/cluster/helm-release.yaml index a2d375411..ee9cb639b 100644 --- a/cluster/core/rook-ceph/cluster/helm-release.yaml +++ b/kubernetes/cluster-0/core/rook-ceph/cluster/helm-release.yaml @@ -9,10 +9,10 @@ spec: chart: spec: chart: rook-ceph-cluster - version: v1.10.5 + version: v1.10.6 sourceRef: kind: HelmRepository - name: rook-ceph-charts + name: rook-ceph namespace: flux-system install: createNamespace: true @@ -54,13 +54,13 @@ spec: config: osdsPerDevice: "1" nodes: - - name: "k3s-worker1" + - name: "talos-node-2" devices: - name: "nvme0n1" - - name: "k3s-worker2" + - name: "talos-node-3" devices: - name: "nvme0n1" - - name: "k3s-worker3" + - name: "talos-node-4" devices: - name: "nvme0n1" resources: @@ -105,7 +105,7 @@ spec: cpu: "250m" memory: "50Mi" limits: - memory: "200Mi" + memory: "2Gi" cleanup: requests: cpu: "250m" @@ -137,70 +137,67 @@ spec: csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph csi.storage.k8s.io/fstype: ext4 cephFileSystems: - [] - # - name: rook-ceph-filesystem - # spec: - # metadataPool: - # replicated: - # size: 3 - # dataPools: - # - failureDomain: host - # replicated: - # size: 3 - # name: data0 - # metadataServer: - # activeCount: 1 - # activeStandby: true - # resources: - # requests: - # cpu: 1000m - # memory: 4Gi - # limits: - # memory: 4Gi - # storageClass: - # enabled: true - # isDefault: false - # name: ceph-filesystem - # pool: data0 - # reclaimPolicy: Delete - # allowVolumeExpansion: true - # parameters: - # csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner - # csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph - # csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner - # csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph - # csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node - # csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph - # csi.storage.k8s.io/fstype: ext4 + - name: rook-ceph-filesystem + spec: + metadataPool: + replicated: + size: 3 + dataPools: + - failureDomain: host + replicated: + size: 3 + metadataServer: + activeCount: 1 + activeStandby: true + resources: + requests: + cpu: "35m" + memory: "64M" + limits: + memory: "600M" + storageClass: + enabled: true + isDefault: false + name: rook-ceph-filesystem + reclaimPolicy: Delete + allowVolumeExpansion: true + mountOptions: [] + parameters: + csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner + csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph + csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner + csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph + csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node + csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph + csi.storage.k8s.io/fstype: ext4 cephObjectStores: - [] - # - name: rook-ceph-objectstore - # spec: - # metadataPool: - # failureDomain: host - # replicated: - # size: 3 - # dataPool: - # failureDomain: host - # erasureCoded: - # dataChunks: 2 - # codingChunks: 1 - # preservePoolsOnDelete: true - # gateway: - # port: 80 - # resources: - # requests: - # cpu: 1000m - # memory: 1Gi - # limits: - # memory: 2Gi - # instances: 1 - # healthCheck: - # bucket: - # interval: 60s - # storageClass: - # enabled: true - # name: rook-ceph-bucket - # reclaimPolicy: Delete - # parameters: - # region: us-east-1 + - name: rook-ceph-objectstore + spec: + metadataPool: + failureDomain: host + replicated: + size: 3 + dataPool: + failureDomain: host + erasureCoded: + dataChunks: 2 + codingChunks: 1 + preservePoolsOnDelete: true + gateway: + port: 80 + resources: + requests: + cpu: 100m + memory: 128M + limits: + memory: 2Gi + instances: 1 + healthCheck: + bucket: + interval: 60s + storageClass: + enabled: true + name: rook-ceph-bucket + reclaimPolicy: Delete + parameters: + region: us-east-1 diff --git a/cluster/core/rook-ceph/cluster/kustomization.yaml b/kubernetes/cluster-0/core/rook-ceph/cluster/kustomization.yaml similarity index 100% rename from cluster/core/rook-ceph/cluster/kustomization.yaml rename to kubernetes/cluster-0/core/rook-ceph/cluster/kustomization.yaml diff --git a/cluster/core/rook-ceph/kustomization.yaml b/kubernetes/cluster-0/core/rook-ceph/kustomization.yaml similarity index 72% rename from cluster/core/rook-ceph/kustomization.yaml rename to kubernetes/cluster-0/core/rook-ceph/kustomization.yaml index 5250fc112..91c48feed 100644 --- a/cluster/core/rook-ceph/kustomization.yaml +++ b/kubernetes/cluster-0/core/rook-ceph/kustomization.yaml @@ -4,5 +4,4 @@ resources: - namespace.yaml - operator - cluster - - rook-direct-mount - - snapshot-controller + - rook-toolbox diff --git a/cluster/core/rook-ceph/namespace.yaml b/kubernetes/cluster-0/core/rook-ceph/namespace.yaml similarity index 100% rename from cluster/core/rook-ceph/namespace.yaml rename to kubernetes/cluster-0/core/rook-ceph/namespace.yaml diff --git a/cluster/core/rook-ceph/operator/helm-release.yaml b/kubernetes/cluster-0/core/rook-ceph/operator/helm-release.yaml similarity index 90% rename from cluster/core/rook-ceph/operator/helm-release.yaml rename to kubernetes/cluster-0/core/rook-ceph/operator/helm-release.yaml index 39988a17d..c1031e787 100644 --- a/cluster/core/rook-ceph/operator/helm-release.yaml +++ b/kubernetes/cluster-0/core/rook-ceph/operator/helm-release.yaml @@ -9,10 +9,10 @@ spec: chart: spec: chart: rook-ceph - version: v1.10.5 + version: v1.10.6 sourceRef: kind: HelmRepository - name: rook-ceph-charts + name: rook-ceph namespace: flux-system values: crds: diff --git a/cluster/core/rook-ceph/operator/kustomization.yaml b/kubernetes/cluster-0/core/rook-ceph/operator/kustomization.yaml similarity index 100% rename from cluster/core/rook-ceph/operator/kustomization.yaml rename to kubernetes/cluster-0/core/rook-ceph/operator/kustomization.yaml diff --git a/kubernetes/cluster-0/core/rook-ceph/rook-toolbox/deployment.yaml b/kubernetes/cluster-0/core/rook-ceph/rook-toolbox/deployment.yaml new file mode 100644 index 000000000..863ac094e --- /dev/null +++ b/kubernetes/cluster-0/core/rook-ceph/rook-toolbox/deployment.yaml @@ -0,0 +1,73 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: &app rook-toolbox + namespace: rook-ceph +spec: + interval: 15m + chart: + spec: + chart: app-template + version: 1.0.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 5 + upgrade: + remediation: + retries: 5 + values: + global: + nameOverride: *app + image: + repository: rook/ceph + tag: v1.10.6 + command: ["/usr/local/bin/toolbox.sh"] + env: + ROOK_CEPH_USERNAME: + valueFrom: + secretKeyRef: + name: rook-ceph-mon + key: ceph-username + ROOK_CEPH_SECRET: + valueFrom: + secretKeyRef: + name: rook-ceph-mon + key: ceph-secret + hostNetwork: true + podSecurityContext: + runAsUser: 0 + runAsGroup: 0 + securityContext: + privileged: true + persistence: + dev: + enabled: true + type: hostPath + hostPath: /dev + mountPath: /dev + libmodules: + enabled: true + type: hostPath + hostPath: /lib/modules + mountPath: /lib/modules + mon-endpoint-volume: + enabled: true + type: configMap + name: rook-ceph-mon-endpoints + subPath: data + mountPath: /etc/rook/mon-endpoints + readOnly: true + sysbus: + enabled: true + type: hostPath + hostPath: /sys/bus + mountPath: /sys/bus + service: + main: + enabled: false diff --git a/cluster/core/rook-ceph/rook-direct-mount/kustomization.yaml b/kubernetes/cluster-0/core/rook-ceph/rook-toolbox/kustomization.yaml similarity index 100% rename from cluster/core/rook-ceph/rook-direct-mount/kustomization.yaml rename to kubernetes/cluster-0/core/rook-ceph/rook-toolbox/kustomization.yaml diff --git a/kubernetes/flux/flux-cluster.yaml b/kubernetes/flux/flux-cluster.yaml new file mode 100644 index 000000000..a0e3e9faf --- /dev/null +++ b/kubernetes/flux/flux-cluster.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: GitRepository +metadata: + name: home-ops + namespace: flux-system +spec: + interval: 30m + # https://github.com/k8s-at-home/template-cluster-k3s/issues/324 + url: ssh://git@github.com/auricom/home-ops + ref: + branch: main + secretRef: + name: github-deploy-key +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: flux-cluster + namespace: flux-system +spec: + interval: 30m + path: ./kubernetes/flux + prune: true + wait: false + sourceRef: + kind: GitRepository + name: home-ops +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: base + namespace: flux-system +spec: + interval: 10m0s + path: ./kubernetes/base + prune: true + sourceRef: + kind: GitRepository + name: home-ops + decryption: + provider: sops + secretRef: + name: sops-age +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: core + namespace: flux-system +spec: + interval: 10m0s + dependsOn: + - name: base + path: ./kubernetes/cluster-0/core + prune: false + sourceRef: + kind: GitRepository + name: home-ops + decryption: + provider: sops + secretRef: + name: sops-age + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: apps + namespace: flux-system +spec: + interval: 10m0s + dependsOn: + - name: core + path: ./kubernetes/cluster-0/apps + prune: true + sourceRef: + kind: GitRepository + name: home-ops + decryption: + provider: sops + secretRef: + name: sops-age + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets diff --git a/cluster/flux/flux-system/flux-installation.yaml b/kubernetes/flux/flux-installation.yaml similarity index 100% rename from cluster/flux/flux-system/flux-installation.yaml rename to kubernetes/flux/flux-installation.yaml diff --git a/cluster/flux/flux-system/flux-prereqs.yaml b/kubernetes/flux/flux-prereqs.yaml similarity index 100% rename from cluster/flux/flux-system/flux-prereqs.yaml rename to kubernetes/flux/flux-prereqs.yaml diff --git a/cluster/flux/flux-system/kustomization.yaml b/kubernetes/flux/kustomization.yaml similarity index 84% rename from cluster/flux/flux-system/kustomization.yaml rename to kubernetes/flux/kustomization.yaml index 599a45f22..ccf465431 100644 --- a/cluster/flux/flux-system/kustomization.yaml +++ b/kubernetes/flux/kustomization.yaml @@ -3,3 +3,4 @@ kind: Kustomization resources: - flux-installation.yaml - flux-cluster.yaml + - flux-prereqs.yaml diff --git a/hack/kopia-restore.yaml b/kubernetes/tools/kopia-restore.yaml similarity index 100% rename from hack/kopia-restore.yaml rename to kubernetes/tools/kopia-restore.yaml diff --git a/kubernetes/tools/wipe-rook.yaml b/kubernetes/tools/wipe-rook.yaml new file mode 100644 index 000000000..4b4ae619d --- /dev/null +++ b/kubernetes/tools/wipe-rook.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: disk-wipe-talos-node-2 +spec: + restartPolicy: Never + nodeName: talos-node-2 + containers: + - name: disk-wipe + image: rook/ceph:v1.10.6 + securityContext: + privileged: true + command: + [ + "/bin/sh", + "-c", + "sgdisk --zap-all /dev/nvme0n1", + "dd if=/dev/zero bs=1M count=10000 oflag=direct of=/dev/nvme0n1", + "blkdiscard /dev/nvme0n1", + "partprobe /dev/nvme0n1", + ] + volumeMounts: + - mountPath: /dev + name: dev + securityContext: + runAsUser: 0 + runAsGroup: 0 + volumes: + - name: dev + hostPath: + path: /dev +--- +apiVersion: v1 +kind: Pod +metadata: + name: disk-wipe-talos-node-3 +spec: + restartPolicy: Never + nodeName: talos-node-3 + containers: + - name: disk-wipe + image: rook/ceph:v1.10.6 + securityContext: + privileged: true + command: + [ + "/bin/sh", + "-c", + "sgdisk --zap-all /dev/nvme0n1", + "dd if=/dev/zero bs=1M count=10000 oflag=direct of=/dev/nvme0n1", + "blkdiscard /dev/nvme0n1", + "partprobe /dev/nvme0n1", + ] + volumeMounts: + - mountPath: /dev + name: dev + securityContext: + runAsUser: 0 + runAsGroup: 0 + volumes: + - name: dev + hostPath: + path: /dev +--- +apiVersion: v1 +kind: Pod +metadata: + name: disk-wipe-talos-node-4 +spec: + restartPolicy: Never + nodeName: talos-node-4 + containers: + - name: disk-wipe + image: rook/ceph:v1.10.6 + securityContext: + privileged: true + command: + [ + "/bin/sh", + "-c", + "sgdisk --zap-all /dev/nvme0n1", + "dd if=/dev/zero bs=1M count=10000 oflag=direct of=/dev/nvme0n1", + "blkdiscard /dev/nvme0n1", + "partprobe /dev/nvme0n1", + ] + volumeMounts: + - mountPath: /dev + name: dev + securityContext: + runAsUser: 0 + runAsGroup: 0 + volumes: + - name: dev + hostPath: + path: /dev diff --git a/server/README.md b/server/README.md deleted file mode 100644 index 66ec9a734..000000000 --- a/server/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Server infrastructure - -These Ansible Playbooks and Roles are for preparing an Ubuntu 20.10.x OS to play nicely with Kubernetes and standing up k3s ontop of the nodes. diff --git a/server/pxe/grub/grub.cfg b/server/pxe/grub/grub.cfg deleted file mode 100644 index fe2242d28..000000000 --- a/server/pxe/grub/grub.cfg +++ /dev/null @@ -1,13 +0,0 @@ -default=autoinstall -timeout=5 -timeout_style=menu - -menuentry "Focal Live Installer - automated" --id=autoinstall { - configfile /nodes/$net_default_mac.conf -} -menuentry "Focal Live Installer" --id=install { - echo "Loading Kernel..." - linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso - echo "Loading Ram Disk..." - initrd /pxelinux/initrd -} \ No newline at end of file diff --git a/server/pxe/nodes/1c:69:7a:01:28:ae.conf b/server/pxe/nodes/1c:69:7a:01:28:ae.conf deleted file mode 100644 index 27b4470c5..000000000 --- a/server/pxe/nodes/1c:69:7a:01:28:ae.conf +++ /dev/null @@ -1,10 +0,0 @@ -default=autoinstall -timeout=5 -timeout_style=menu -menuentry "k3s-worker3 Autoinstall" --id=autoinstall { - echo "Loading Kernel..." - # make sure to escape the ';' - linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso autoinstall ds=nocloud-net\;s=http://192.168.8.1:30080/nodes/k3s-worker3/ - echo "Loading Ram Disk..." - initrd /pxelinux/initrd -} \ No newline at end of file diff --git a/server/pxe/nodes/1c:69:7a:0d:0e:e9.conf b/server/pxe/nodes/1c:69:7a:0d:0e:e9.conf deleted file mode 100644 index 6a6163530..000000000 --- a/server/pxe/nodes/1c:69:7a:0d:0e:e9.conf +++ /dev/null @@ -1,10 +0,0 @@ -default=autoinstall -timeout=5 -timeout_style=menu -menuentry "k3s-worker1 Autoinstall" --id=autoinstall { - echo "Loading Kernel..." - # make sure to escape the ';' - linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso autoinstall ds=nocloud-net\;s=http://192.168.8.1:30080/nodes/k3s-worker1/ - echo "Loading Ram Disk..." - initrd /pxelinux/initrd -} \ No newline at end of file diff --git a/server/pxe/nodes/1c:69:7a:0f:9f:ab.conf b/server/pxe/nodes/1c:69:7a:0f:9f:ab.conf deleted file mode 100644 index 0749ac1d0..000000000 --- a/server/pxe/nodes/1c:69:7a:0f:9f:ab.conf +++ /dev/null @@ -1,10 +0,0 @@ -default=autoinstall -timeout=5 -timeout_style=menu -menuentry "k3s-worker2 Autoinstall" --id=autoinstall { - echo "Loading Kernel..." - # make sure to escape the ';' - linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso autoinstall ds=nocloud-net\;s=http://192.168.8.1:30080/nodes/k3s-worker2/ - echo "Loading Ram Disk..." - initrd /pxelinux/initrd -} \ No newline at end of file diff --git a/server/pxe/nodes/f4:4d:30:69:76:2d.conf b/server/pxe/nodes/f4:4d:30:69:76:2d.conf deleted file mode 100644 index 5944ba9e3..000000000 --- a/server/pxe/nodes/f4:4d:30:69:76:2d.conf +++ /dev/null @@ -1,10 +0,0 @@ -default=autoinstall -timeout=5 -timeout_style=menu -menuentry "k3s-server Autoinstall" --id=autoinstall { - echo "Loading Kernel..." - # make sure to escape the ';' - linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso autoinstall ds=nocloud-net\;s=http://192.168.8.1:30080/nodes/k3s-server/ - echo "Loading Ram Disk..." - initrd /pxelinux/initrd -} \ No newline at end of file diff --git a/server/pxe/nodes/k3s-server/meta-data b/server/pxe/nodes/k3s-server/meta-data deleted file mode 100644 index 49d3dd102..000000000 --- a/server/pxe/nodes/k3s-server/meta-data +++ /dev/null @@ -1 +0,0 @@ -instance-id: focal-autoinstall \ No newline at end of file diff --git a/server/pxe/nodes/k3s-server/user-data b/server/pxe/nodes/k3s-server/user-data deleted file mode 100644 index 85fa3078a..000000000 --- a/server/pxe/nodes/k3s-server/user-data +++ /dev/null @@ -1,89 +0,0 @@ -#cloud-config -autoinstall: - version: 1 - refresh-installer: - update: true - apt: - geoip: true - preserve_sources_list: false - primary: - - arches: [amd64, i386] - uri: http://archive.ubuntu.com/ubuntu - - arches: [default] - uri: http://ports.ubuntu.com/ubuntu-ports - identity: - hostname: k3s-server - # mkpasswd --method=SHA-512 ubuntu - # python3 -c 'import crypt; print(crypt.crypt("ubuntu", crypt.mksalt(crypt.METHOD_SHA512)))' - password: $6$UKxMOUUjgoIasmuo$dgSyUpYzokiWNV7wZASBVfRXVrTQT5xmtxItqdQxfi86MI8Th/63iAcFLR97JAQXdBi0nV.pmZR.8uryF1SfG1 - realname: Ubuntu - username: ubuntu - keyboard: - layout: fr - toggle: null - variant: "" - locale: en_US.UTF-8 - network: - version: 2 - ethernets: - eno1: - dhcp4: true - critical: true - dhcp-identifier: mac - ssh: - allow-pw: false - install-server: true - authorized-keys: - # claude-fixe-fedora - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora" - # claude-thinkpad-fedora - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora" - storage: - grub: - reorder_uefi: false - swap: - size: 0 - config: - - id: root-disk-0 - type: disk - path: /dev/sda - wipe: superblock-recursive - preserve: false - grub_device: false - name: "" - ptable: gpt - - id: root-partition-0 - type: partition - device: root-disk-0 - size: 512M - wipe: superblock - flag: boot - number: 1 - preserve: false - grub_device: true - - id: root-format-0 - type: format - fstype: fat32 - volume: root-partition-0 - preserve: false - - id: root-partition-1 - type: partition - device: root-disk-0 - size: -1 - wipe: superblock - flag: "" - number: 2 - preserve: false - - id: root-format-1 - type: format - fstype: ext4 - volume: root-partition-1 - preserve: false - - id: root-mount-0 - type: mount - device: root-format-0 - path: /boot/efi - - id: root-mount-1 - type: mount - device: root-format-1 - path: / diff --git a/server/pxe/nodes/k3s-worker1/meta-data b/server/pxe/nodes/k3s-worker1/meta-data deleted file mode 100644 index 49d3dd102..000000000 --- a/server/pxe/nodes/k3s-worker1/meta-data +++ /dev/null @@ -1 +0,0 @@ -instance-id: focal-autoinstall \ No newline at end of file diff --git a/server/pxe/nodes/k3s-worker1/user-data b/server/pxe/nodes/k3s-worker1/user-data deleted file mode 100644 index 579b5950b..000000000 --- a/server/pxe/nodes/k3s-worker1/user-data +++ /dev/null @@ -1,89 +0,0 @@ -#cloud-config -autoinstall: - version: 1 - refresh-installer: - update: true - apt: - geoip: true - preserve_sources_list: false - primary: - - arches: [amd64, i386] - uri: http://archive.ubuntu.com/ubuntu - - arches: [default] - uri: http://ports.ubuntu.com/ubuntu-ports - identity: - hostname: k3s-worker1 - # mkpasswd --method=SHA-512 ubuntu - # python3 -c 'import crypt; print(crypt.crypt("ubuntu", crypt.mksalt(crypt.METHOD_SHA512)))' - password: $6$UKxMOUUjgoIasmuo$dgSyUpYzokiWNV7wZASBVfRXVrTQT5xmtxItqdQxfi86MI8Th/63iAcFLR97JAQXdBi0nV.pmZR.8uryF1SfG1 - realname: Ubuntu - username: ubuntu - keyboard: - layout: fr - toggle: null - variant: "" - locale: en_US.UTF-8 - network: - version: 2 - ethernets: - eno1: - dhcp4: true - critical: true - dhcp-identifier: mac - ssh: - allow-pw: false - install-server: true - authorized-keys: - # claude-fixe-fedora - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora" - # claude-thinkpad-fedora - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora" - storage: - grub: - reorder_uefi: false - swap: - size: 0 - config: - - id: root-disk-0 - type: disk - path: /dev/sda - wipe: superblock-recursive - preserve: false - grub_device: false - name: "" - ptable: gpt - - id: root-partition-0 - type: partition - device: root-disk-0 - size: 512M - wipe: superblock - flag: boot - number: 1 - preserve: false - grub_device: true - - id: root-format-0 - type: format - fstype: fat32 - volume: root-partition-0 - preserve: false - - id: root-partition-1 - type: partition - device: root-disk-0 - size: -1 - wipe: superblock - flag: "" - number: 2 - preserve: false - - id: root-format-1 - type: format - fstype: ext4 - volume: root-partition-1 - preserve: false - - id: root-mount-0 - type: mount - device: root-format-0 - path: /boot/efi - - id: root-mount-1 - type: mount - device: root-format-1 - path: / diff --git a/server/pxe/nodes/k3s-worker2/meta-data b/server/pxe/nodes/k3s-worker2/meta-data deleted file mode 100644 index 49d3dd102..000000000 --- a/server/pxe/nodes/k3s-worker2/meta-data +++ /dev/null @@ -1 +0,0 @@ -instance-id: focal-autoinstall \ No newline at end of file diff --git a/server/pxe/nodes/k3s-worker2/user-data b/server/pxe/nodes/k3s-worker2/user-data deleted file mode 100644 index db326dea8..000000000 --- a/server/pxe/nodes/k3s-worker2/user-data +++ /dev/null @@ -1,89 +0,0 @@ -#cloud-config -autoinstall: - version: 1 - refresh-installer: - update: true - apt: - geoip: true - preserve_sources_list: false - primary: - - arches: [amd64, i386] - uri: http://archive.ubuntu.com/ubuntu - - arches: [default] - uri: http://ports.ubuntu.com/ubuntu-ports - identity: - hostname: k3s-worker2 - # mkpasswd --method=SHA-512 ubuntu - # python3 -c 'import crypt; print(crypt.crypt("ubuntu", crypt.mksalt(crypt.METHOD_SHA512)))' - password: $6$UKxMOUUjgoIasmuo$dgSyUpYzokiWNV7wZASBVfRXVrTQT5xmtxItqdQxfi86MI8Th/63iAcFLR97JAQXdBi0nV.pmZR.8uryF1SfG1 - realname: Ubuntu - username: ubuntu - keyboard: - layout: fr - toggle: null - variant: "" - locale: en_US.UTF-8 - network: - version: 2 - ethernets: - eno1: - dhcp4: true - critical: true - dhcp-identifier: mac - ssh: - allow-pw: false - install-server: true - authorized-keys: - # claude-fixe-fedora - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora" - # claude-thinkpad-fedora - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora" - storage: - grub: - reorder_uefi: false - swap: - size: 0 - config: - - id: root-disk-0 - type: disk - path: /dev/sda - wipe: superblock-recursive - preserve: false - grub_device: false - name: "" - ptable: gpt - - id: root-partition-0 - type: partition - device: root-disk-0 - size: 512M - wipe: superblock - flag: boot - number: 1 - preserve: false - grub_device: true - - id: root-format-0 - type: format - fstype: fat32 - volume: root-partition-0 - preserve: false - - id: root-partition-1 - type: partition - device: root-disk-0 - size: -1 - wipe: superblock - flag: "" - number: 2 - preserve: false - - id: root-format-1 - type: format - fstype: ext4 - volume: root-partition-1 - preserve: false - - id: root-mount-0 - type: mount - device: root-format-0 - path: /boot/efi - - id: root-mount-1 - type: mount - device: root-format-1 - path: / diff --git a/server/pxe/nodes/k3s-worker3/meta-data b/server/pxe/nodes/k3s-worker3/meta-data deleted file mode 100644 index 49d3dd102..000000000 --- a/server/pxe/nodes/k3s-worker3/meta-data +++ /dev/null @@ -1 +0,0 @@ -instance-id: focal-autoinstall \ No newline at end of file diff --git a/server/pxe/nodes/k3s-worker3/user-data b/server/pxe/nodes/k3s-worker3/user-data deleted file mode 100644 index d43caa009..000000000 --- a/server/pxe/nodes/k3s-worker3/user-data +++ /dev/null @@ -1,89 +0,0 @@ -#cloud-config -autoinstall: - version: 1 - refresh-installer: - update: true - apt: - geoip: true - preserve_sources_list: false - primary: - - arches: [amd64, i386] - uri: http://archive.ubuntu.com/ubuntu - - arches: [default] - uri: http://ports.ubuntu.com/ubuntu-ports - identity: - hostname: k3s-worker3 - # mkpasswd --method=SHA-512 ubuntu - # python3 -c 'import crypt; print(crypt.crypt("ubuntu", crypt.mksalt(crypt.METHOD_SHA512)))' - password: $6$UKxMOUUjgoIasmuo$dgSyUpYzokiWNV7wZASBVfRXVrTQT5xmtxItqdQxfi86MI8Th/63iAcFLR97JAQXdBi0nV.pmZR.8uryF1SfG1 - realname: Ubuntu - username: ubuntu - keyboard: - layout: fr - toggle: null - variant: "" - locale: en_US.UTF-8 - network: - version: 2 - ethernets: - eno1: - dhcp4: true - critical: true - dhcp-identifier: mac - ssh: - allow-pw: false - install-server: true - authorized-keys: - # claude-fixe-fedora - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora" - # claude-thinkpad-fedora - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora" - storage: - grub: - reorder_uefi: false - swap: - size: 0 - config: - - id: root-disk-0 - type: disk - path: /dev/sda - wipe: superblock-recursive - preserve: false - grub_device: false - name: "" - ptable: gpt - - id: root-partition-0 - type: partition - device: root-disk-0 - size: 512M - wipe: superblock - flag: boot - number: 1 - preserve: false - grub_device: true - - id: root-format-0 - type: format - fstype: fat32 - volume: root-partition-0 - preserve: false - - id: root-partition-1 - type: partition - device: root-disk-0 - size: -1 - wipe: superblock - flag: "" - number: 2 - preserve: false - - id: root-format-1 - type: format - fstype: ext4 - volume: root-partition-1 - preserve: false - - id: root-mount-0 - type: mount - device: root-format-0 - path: /boot/efi - - id: root-mount-1 - type: mount - device: root-format-1 - path: / diff --git a/server/pxe/pxe.conf b/server/pxe/pxe.conf deleted file mode 100644 index 59b432a58..000000000 --- a/server/pxe/pxe.conf +++ /dev/null @@ -1,12 +0,0 @@ -# enable tftp -enable-tftp -# set tftp root path -tftp-root=/var/lib/tftpboot -# disable dnsmasq dns -port=0 -# set dns server -dhcp-option=6,192.168.8.1 -# set router -dhcp-option=3,192.168.8.1 -# set pxelinux boot image -dhcp-boot=pxelinux/pxelinux.0 \ No newline at end of file diff --git a/talos/talconfig.yaml b/talos/talconfig.yaml deleted file mode 100644 index e69de29bb..000000000