From aca0bf8048025dac2f4e42706a769462eaf2c418 Mon Sep 17 00:00:00 2001
From: TrueCharts-Bot <bot@truecharts.org>
Date: Wed, 28 Jun 2023 08:14:41 +0000
Subject: [PATCH] Commit new Chart releases for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
---
 enterprise/traefik/18.0.18/CHANGELOG.md       |   99 +
 enterprise/traefik/18.0.18/Chart.yaml         |   31 +
 enterprise/traefik/18.0.18/LICENSE            |  106 +
 enterprise/traefik/18.0.18/README.md          |   27 +
 enterprise/traefik/18.0.18/app-changelog.md   |    9 +
 enterprise/traefik/18.0.18/app-readme.md      |    8 +
 .../traefik/18.0.18/charts/common-12.14.6.tgz |  Bin 0 -> 130722 bytes
 .../traefik.containo.us_ingressroutes.yaml    |  267 ++
 .../traefik.containo.us_ingressroutetcps.yaml |  211 ++
 .../traefik.containo.us_ingressrouteudps.yaml |   98 +
 .../crds/traefik.containo.us_middlewares.yaml |  917 ++++++
 .../traefik.containo.us_middlewaretcps.yaml   |   72 +
 ...traefik.containo.us_serverstransports.yaml |  128 +
 .../crds/traefik.containo.us_tlsoptions.yaml  |  113 +
 .../crds/traefik.containo.us_tlsstores.yaml   |   99 +
 .../traefik.containo.us_traefikservices.yaml  |  381 +++
 .../crds/traefik.io_ingressroutes.yaml        |  275 ++
 .../crds/traefik.io_ingressroutetcps.yaml     |  218 ++
 .../crds/traefik.io_ingressrouteudps.yaml     |  105 +
 .../18.0.18/crds/traefik.io_middlewares.yaml  |  924 ++++++
 .../crds/traefik.io_middlewaretcps.yaml       |   72 +
 .../crds/traefik.io_serverstransports.yaml    |  128 +
 .../18.0.18/crds/traefik.io_tlsoptions.yaml   |  113 +
 .../18.0.18/crds/traefik.io_tlsstores.yaml    |   99 +
 .../crds/traefik.io_traefikservices.yaml      |  402 +++
 enterprise/traefik/18.0.18/ix_values.yaml     |  416 +++
 enterprise/traefik/18.0.18/questions.yaml     | 2652 +++++++++++++++++
 .../traefik/18.0.18/templates/NOTES.txt       |    1 +
 .../traefik/18.0.18/templates/_args.tpl       |  182 ++
 .../traefik/18.0.18/templates/_helpers.tpl    |   22 +
 .../18.0.18/templates/_ingressclass.tpl       |   24 +
 .../18.0.18/templates/_ingressroute.tpl       |   34 +
 .../traefik/18.0.18/templates/_portalhook.tpl |   25 +
 .../traefik/18.0.18/templates/_tlsoptions.tpl |   12 +
 .../traefik/18.0.18/templates/common.yaml     |   23 +
 .../templates/middlewares/addPrefix.yaml      |   14 +
 .../middlewares/basic-middleware.yaml         |   58 +
 .../templates/middlewares/basicauth.yaml      |   31 +
 .../18.0.18/templates/middlewares/chain.yaml  |   21 +
 .../templates/middlewares/forwardauth.yaml    |   31 +
 .../templates/middlewares/geoblock.yaml       |   32 +
 .../templates/middlewares/ipwhitelist.yaml    |   30 +
 .../templates/middlewares/ratelimit.yaml      |   16 +
 .../templates/middlewares/real-ip.yaml        |   18 +
 .../templates/middlewares/redirectScheme.yaml |   16 +
 .../templates/middlewares/redirectregex.yaml  |   17 +
 .../middlewares/stripPrefixRegex.yaml         |   17 +
 .../templates/middlewares/tc-chains.yaml      |   26 +
 .../templates/middlewares/tc-headers.yaml     |   59 +
 .../templates/middlewares/tc-nextcloud.yaml   |   22 +
 .../templates/middlewares/theme-park.yaml     |   23 +
 enterprise/traefik/18.0.18/values.yaml        |    0
 52 files changed, 8724 insertions(+)
 create mode 100644 enterprise/traefik/18.0.18/CHANGELOG.md
 create mode 100644 enterprise/traefik/18.0.18/Chart.yaml
 create mode 100644 enterprise/traefik/18.0.18/LICENSE
 create mode 100644 enterprise/traefik/18.0.18/README.md
 create mode 100644 enterprise/traefik/18.0.18/app-changelog.md
 create mode 100644 enterprise/traefik/18.0.18/app-readme.md
 create mode 100644 enterprise/traefik/18.0.18/charts/common-12.14.6.tgz
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.containo.us_ingressroutes.yaml
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.containo.us_ingressroutetcps.yaml
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.containo.us_ingressrouteudps.yaml
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.containo.us_middlewares.yaml
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.containo.us_middlewaretcps.yaml
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.containo.us_serverstransports.yaml
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.containo.us_tlsoptions.yaml
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.containo.us_tlsstores.yaml
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.containo.us_traefikservices.yaml
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.io_ingressroutes.yaml
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.io_ingressroutetcps.yaml
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.io_ingressrouteudps.yaml
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.io_middlewares.yaml
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.io_middlewaretcps.yaml
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.io_serverstransports.yaml
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.io_tlsoptions.yaml
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.io_tlsstores.yaml
 create mode 100644 enterprise/traefik/18.0.18/crds/traefik.io_traefikservices.yaml
 create mode 100644 enterprise/traefik/18.0.18/ix_values.yaml
 create mode 100644 enterprise/traefik/18.0.18/questions.yaml
 create mode 100644 enterprise/traefik/18.0.18/templates/NOTES.txt
 create mode 100644 enterprise/traefik/18.0.18/templates/_args.tpl
 create mode 100644 enterprise/traefik/18.0.18/templates/_helpers.tpl
 create mode 100644 enterprise/traefik/18.0.18/templates/_ingressclass.tpl
 create mode 100644 enterprise/traefik/18.0.18/templates/_ingressroute.tpl
 create mode 100644 enterprise/traefik/18.0.18/templates/_portalhook.tpl
 create mode 100644 enterprise/traefik/18.0.18/templates/_tlsoptions.tpl
 create mode 100644 enterprise/traefik/18.0.18/templates/common.yaml
 create mode 100644 enterprise/traefik/18.0.18/templates/middlewares/addPrefix.yaml
 create mode 100644 enterprise/traefik/18.0.18/templates/middlewares/basic-middleware.yaml
 create mode 100644 enterprise/traefik/18.0.18/templates/middlewares/basicauth.yaml
 create mode 100644 enterprise/traefik/18.0.18/templates/middlewares/chain.yaml
 create mode 100644 enterprise/traefik/18.0.18/templates/middlewares/forwardauth.yaml
 create mode 100644 enterprise/traefik/18.0.18/templates/middlewares/geoblock.yaml
 create mode 100644 enterprise/traefik/18.0.18/templates/middlewares/ipwhitelist.yaml
 create mode 100644 enterprise/traefik/18.0.18/templates/middlewares/ratelimit.yaml
 create mode 100644 enterprise/traefik/18.0.18/templates/middlewares/real-ip.yaml
 create mode 100644 enterprise/traefik/18.0.18/templates/middlewares/redirectScheme.yaml
 create mode 100644 enterprise/traefik/18.0.18/templates/middlewares/redirectregex.yaml
 create mode 100644 enterprise/traefik/18.0.18/templates/middlewares/stripPrefixRegex.yaml
 create mode 100644 enterprise/traefik/18.0.18/templates/middlewares/tc-chains.yaml
 create mode 100644 enterprise/traefik/18.0.18/templates/middlewares/tc-headers.yaml
 create mode 100644 enterprise/traefik/18.0.18/templates/middlewares/tc-nextcloud.yaml
 create mode 100644 enterprise/traefik/18.0.18/templates/middlewares/theme-park.yaml
 create mode 100644 enterprise/traefik/18.0.18/values.yaml

diff --git a/enterprise/traefik/18.0.18/CHANGELOG.md b/enterprise/traefik/18.0.18/CHANGELOG.md
new file mode 100644
index 00000000000..127b60fd3f5
--- /dev/null
+++ b/enterprise/traefik/18.0.18/CHANGELOG.md
@@ -0,0 +1,99 @@
+**Important:**
+*for the complete changelog, please refer to the website*
+
+
+
+
+## [traefik-18.0.18](https://github.com/truecharts/charts/compare/traefik-18.0.17...traefik-18.0.18) (2023-06-28)
+
+### Chore
+
+- update helm general non-major ([#10000](https://github.com/truecharts/charts/issues/10000))
+  
+  
+
+
+## [traefik-18.0.17](https://github.com/truecharts/charts/compare/traefik-18.0.16...traefik-18.0.17) (2023-06-28)
+
+### Docs
+
+- fix title for install guide title ([#9874](https://github.com/truecharts/charts/issues/9874))
+  
+  ### Fix
+
+- fix portalhook name ([#9958](https://github.com/truecharts/charts/issues/9958))
+  
+  
+
+
+## [traefik-18.0.16](https://github.com/truecharts/charts/compare/traefik-18.0.15...traefik-18.0.16) (2023-06-16)
+
+### Fix
+
+- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647))
+  - add missing `additional_attrs: true` ([#9581](https://github.com/truecharts/charts/issues/9581))
+  
+  
+
+
+## [traefik-18.0.16](https://github.com/truecharts/charts/compare/traefik-18.0.15...traefik-18.0.16) (2023-06-16)
+
+### Fix
+
+- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647))
+  - add missing `additional_attrs: true` ([#9581](https://github.com/truecharts/charts/issues/9581))
+  
+  
+
+
+## [traefik-18.0.16](https://github.com/truecharts/charts/compare/traefik-18.0.15...traefik-18.0.16) (2023-06-16)
+
+### Fix
+
+- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647))
+  - add missing `additional_attrs: true` ([#9581](https://github.com/truecharts/charts/issues/9581))
+  
+  
+
+
+## [traefik-18.0.16](https://github.com/truecharts/charts/compare/traefik-18.0.15...traefik-18.0.16) (2023-06-16)
+
+### Fix
+
+- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647))
+  - add missing `additional_attrs: true` ([#9581](https://github.com/truecharts/charts/issues/9581))
+  
+  
+
+
+## [traefik-18.0.16](https://github.com/truecharts/charts/compare/traefik-18.0.15...traefik-18.0.16) (2023-06-16)
+
+### Fix
+
+- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647))
+  - add missing `additional_attrs: true` ([#9581](https://github.com/truecharts/charts/issues/9581))
+  
+  
+
+
+## [traefik-18.0.15](https://github.com/truecharts/charts/compare/traefik-18.0.14...traefik-18.0.15) (2023-06-13)
+
+### Chore
+
+- update helm chart common to 12.14.2 ([#9599](https://github.com/truecharts/charts/issues/9599))
+  
+  ### Docs
+
+- Guide for Authelia+LLDAP+Traefik ([#9577](https://github.com/truecharts/charts/issues/9577))
+  
+  
+
+
+## [traefik-18.0.14](https://github.com/truecharts/charts/compare/traefik-18.0.13...traefik-18.0.14) (2023-06-11)
+
+### Chore
+
+- update helm general non-major ([#9558](https://github.com/truecharts/charts/issues/9558))
+  
+  
+
diff --git a/enterprise/traefik/18.0.18/Chart.yaml b/enterprise/traefik/18.0.18/Chart.yaml
new file mode 100644
index 00000000000..7b765a42dab
--- /dev/null
+++ b/enterprise/traefik/18.0.18/Chart.yaml
@@ -0,0 +1,31 @@
+apiVersion: v2
+appVersion: "2.10.1"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 12.14.6
+deprecated: false
+description: Traefik is a flexible reverse proxy and Ingress Provider.
+home: https://truecharts.org/charts/enterprise/traefik
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png
+keywords:
+  - traefik
+  - ingress
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: traefik
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/enterprise/traefik
+  - https://github.com/traefik/traefik
+  - https://github.com/traefik/traefik-helm-chart
+  - https://traefik.io/
+type: application
+version: 18.0.18
+annotations:
+  truecharts.org/catagories: |
+    - network
+  truecharts.org/SCALE-support: "true"
+  truecharts.org/grade: U
diff --git a/enterprise/traefik/18.0.18/LICENSE b/enterprise/traefik/18.0.18/LICENSE
new file mode 100644
index 00000000000..4139714f204
--- /dev/null
+++ b/enterprise/traefik/18.0.18/LICENSE
@@ -0,0 +1,106 @@
+Business Source License 1.1
+
+Parameters
+
+Licensor:             The TrueCharts Project, it's owner and it's contributors
+Licensed Work:        The TrueCharts "Traefik" Helm Chart
+Additional Use Grant: You may use the licensed work in production, as long
+                      as it is directly sourced from a TrueCharts provided
+                      official repository, catalog or source. You may also make private
+                      modification to the directly sourced licenced work,
+                      when used in production.
+
+                      The following cases are, due to their nature, also
+                      defined as 'production use' and explicitly prohibited:
+                      - Bundling, including or displaying the licensed work
+                      with(in) another work intended for production use,
+                      with the apparent intend of facilitating and/or
+                      promoting production use by third parties in
+                      violation of this license.
+
+Change Date:          2050-01-01
+
+Change License:       3-clause BSD license
+
+For information about alternative licensing arrangements for the Software,
+please contact: legal@truecharts.org
+
+Notice
+
+The Business Source License (this document, or the “License”) is not an Open
+Source license. However, the Licensed Work will eventually be made available
+under an Open Source License, as stated in this License.
+
+License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
+“Business Source License” is a trademark of MariaDB Corporation Ab.
+
+-----------------------------------------------------------------------------
+
+Business Source License 1.1
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited
+production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.
+
+MariaDB hereby grants you permission to use this License’s text to license
+your works, and to refer to it using the trademark “Business Source License”,
+as long as you comply with the Covenants of Licensor below.
+
+Covenants of Licensor
+
+In consideration of the right to use this License’s text and the “Business
+Source License” name and trademark, Licensor covenants to MariaDB, and to all
+other recipients of the licensed work to be provided by Licensor:
+
+1. To specify as the Change License the GPL Version 2.0 or any later version,
+   or a license that is compatible with GPL Version 2.0 or a later version,
+   where “compatible” means that software provided under the Change License can
+   be included in a program with software provided under GPL Version 2.0 or a
+   later version. Licensor may specify additional Change Licenses without
+   limitation.
+
+2. To either: (a) specify an additional grant of rights to use that does not
+   impose any additional restriction on the right granted in this License, as
+   the Additional Use Grant; or (b) insert the text “None”.
+
+3. To specify a Change Date.
+
+4. Not to modify this License in any other way.
diff --git a/enterprise/traefik/18.0.18/README.md b/enterprise/traefik/18.0.18/README.md
new file mode 100644
index 00000000000..f8a41e479fe
--- /dev/null
+++ b/enterprise/traefik/18.0.18/README.md
@@ -0,0 +1,27 @@
+# README
+
+## General Info
+
+TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
+However only installations using the TrueNAS SCALE Apps system are supported.
+
+For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/)
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
+
+
+## Support
+
+- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
+- See the [Website](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
+
+---
+
+## Sponsor TrueCharts
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
+
+*All Rights Reserved - The TrueCharts Project*
diff --git a/enterprise/traefik/18.0.18/app-changelog.md b/enterprise/traefik/18.0.18/app-changelog.md
new file mode 100644
index 00000000000..ffa5e9fb1ec
--- /dev/null
+++ b/enterprise/traefik/18.0.18/app-changelog.md
@@ -0,0 +1,9 @@
+
+
+## [traefik-18.0.18](https://github.com/truecharts/charts/compare/traefik-18.0.17...traefik-18.0.18) (2023-06-28)
+
+### Chore
+
+- update helm general non-major ([#10000](https://github.com/truecharts/charts/issues/10000))
+  
+  
\ No newline at end of file
diff --git a/enterprise/traefik/18.0.18/app-readme.md b/enterprise/traefik/18.0.18/app-readme.md
new file mode 100644
index 00000000000..02206fafcf4
--- /dev/null
+++ b/enterprise/traefik/18.0.18/app-readme.md
@@ -0,0 +1,8 @@
+Traefik is a flexible reverse proxy and Ingress Provider.
+
+This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/traefik](https://truecharts.org/charts/enterprise/traefik)
+
+---
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
diff --git a/enterprise/traefik/18.0.18/charts/common-12.14.6.tgz b/enterprise/traefik/18.0.18/charts/common-12.14.6.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..3ba864cf35fe8b26ccecdfe2b5395cadd16451f7
GIT binary patch
literal 130722
zcmV)}KzqL*iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMZ{bK5x5D7ruEuRt-GyYb#g)?2o}lR2Nq_GEk}iB-0f+5PtH
zbwMN~aZM2n0m|{t<bS_~Cjq`h*|PE&v1Te32{amwMx(pYXt;Q>z~TPM9LBVD4;R5-
zHvhES?e?(W=l{0b?d-qpVXym_PQTwD_6D6{r~Q|9r`sP6{{q@ifJ^R42!-)q+K+B4
z+qrM#fsy|K#l*+q5m<H`FpBig08&I~!$ZW4{fP2+KPREf{sMtNiD7&XrZ@)Iae_Dl
zk;WV^&=HtZ8j+*@{h3ea$)x4t#XgM_<nl86Fp9`NjS<>kKtfTxFW(DRZ1^r~NP&P$
zNMTG`0#rg!?BbB3kaDQW{%F{5w?~6P;}+fD;n*WbjV4GNYcv(6P5z?M1hSdiWP)^8
z|N7&rPOCF)wVUm~HWttiDfB}Wb6{uz{on}r;S~RO3b=*iSp$F&vi=$b03eBj6#YyE
zQCwm`?;~`i&}%FeE}d?x({BwM+Zlg3|CcaG5P2d2P(A+#!(Kl(|3|&SZvJoMc?OzI
z@H)T~7y!WpjT!%S)Bu2gyh0Q}&-2-|hXD{@K>#NxVC*jbI0C<auC4&X5L3wBv0BD2
zv+A+u5wJiM25){c%K(Z2LGjXe5wGoeZ$+VF6Aqhf79<)&H1%(*Azh0?rI6nGp}$BL
zAjBRT<CqFEH2_%n;XC>62pqQCZB^qegp&aAmMD(E0uu@%>=6J%4>0j1gbVOPH%L4`
zoB=nCX1unC5dk5l@*4t#!q98N0EdXfXaElMI0%lw6b1w}8dDeq6X@QaqA5%QO7zH`
zqNyJu09lO~&d^B!33&$>2+%pC;LZ;MFhL+8$m4Px1_2m<I3c|L2@KgsyhL%F1jqvs
zirH6zfCgta###qaj3)>%+13E!$2FI8Od@8>UWtJK;}}!y;();xuhg3(K;6=6*P;<w
zMKp5~By3GNALsC5@|92&x+!+)D^WRGy4h-%h>e!)c(ioIZ$<k|;qiwPaOM98iK6VU
zBhYELU;EjDA5N}S!KF(p3XVUV?6bnhu8Rl(Z?PxXmjC3x*Z=^~1eXYUzr{X97onR&
zOb&{_Kse!xlo%NKTYw1sB?=LdzX0$<pZYL3MFG6OLM{$H!jP0-BNY4C%fFXx=nn(=
zehU2{iP7~uMr4iyFa1Ii-WlUdhkuC?^!%>_p)UWz77Cg~4?<^9f=#y+n_;_xK8*$+
z-tz^VAtknb_Crrc@hL_TCO*aSeFGRj*sOBnmXA%f>~4<X!nf;F$ixzbvm?-H9k$y4
zP3EvW7#>Zh2i|l#?YZ6I5Kf1E2uE-@9Q54wWHjx%gU-|&y6s{6pw}B59**F&<Mn!d
z2;Cm)9F7hT>{g;A2tb4b-(_gBUt|8`2%JyfVLFZxK_P84IHD&^{rf~&M~}zj_m^*u
zfa9=g*gH8ty_CPm($&8ja#eDZ*r)eE0%#EV!T`t%o+tqgR0%G#(I={fWGchUMWrs&
z0O{X?cj6>GChrM~kHBDfkiL2y<0LZPA?RI%!Tlx1^k+Xn<epHp(2EmbsNlPC>@WQQ
z&CnTfVE~1iuA~#2=<>5?z9q<Y@gf?>c<Kj8akNlKFO!gQsT3XjlM5p_@dKawNY6&-
zc}L)%|B}DF80(3_q|x!4H}cmr@Y@`PfFQ~iM2^Bs;LFtqCKN9q^<5YQ_qqb~JaF>M
z#c%Ikf~&LZ_vfel-`DKlpD%uUcXs&_oF1RtTzojYygWZW)AdX=!Nt2b{{VNaX-$1b
zWda}pmlqe;3UQyX#rkS^0wZFQi1Whu{rPF}sMi{IzyYKq%3;2LdwlilqkwV<N5E;f
zyIn`I?HGII3@bH<66g{3!~_x}IL$Jmd~q^|;S8y%c@Z+ceCv}1r0!gBRT4!3TA+}^
zfY%_JL&!aGX&`=!`FM#4PGY8ot?YBGiZc8Hf8nbo%Z-vF&~LZf3;uI~7F@U;@O3ms
z9}`5ZqMb~^LHn)WXy}G6BBA~@0C@M|{Pg_z=Hz&Mr50Ei1QK;w&Zce!Z6oX%pb^&&
zr4IAP4{r^&n`1)XA$o`7Tl?jhv5|T~<}hX&5?dCSI!7YtqV#i&_)4V)>NvQA_iXgN
zkf?W3OZwT52^C*Xa5(j6qOUkbR&-sMt)Yi0(Q}-yI!D0iI1<I<z=s5>A!pk16$+3`
zaV#}_iUSlY4VxDt?i_hZfZ}(&0U^g@A9Jy+lvVjY7Gf#;noAIzgj5pr*mc>jYkZ3g
zIY?2w@I&7A>lnIdY_HD4wj9|P9(Kt-BY%LQw|{wdeERmRwea>D>K!A>f@y%95MnGn
zLncSDzkqy&Rd0k;Jw;J~@7dhoFTKfc(5GfS>|I63RWwh<LMm0$X2p|lT&f;96r{q!
z7Ta`8_)n`Eo*-g2kk<)UHJ$d?`Tcj$`XIatQbBLA4zwa1QzHMAN<R4f*~tKjxKYJ`
zJYNNc!gz)#x6J+ko>X{OHqDA>o6TvQ-*<O2`s^B=rEc`adLSk$GhP0}Y+`P_q9uy&
z@8&2*07g;ZyQ~L|>;E|d@2^j+sV%{qGh4n|e`0g&6!q-MSxm#?i5Y2Amz&56pEo|C
z#&RjpH!N1O3&!gswLW-d9T8)Q77@Ka^@T#g1?U*k`4QL`l|@NDP(osGhl7N%gmHjp
z<be$=VZ6_(uWBMrO2?u`3vm+4rQY+C#SwVRm;A~$=^}bygLDy9LiW&-%oh&??xE#A
znJ?DsjmZ)zCwZuVv(CeRBbOo%Ok=zNS0~4B&cMR=ya3(77&V>&W`l5DCq`2ga|a5W
zY7PI>*(ZwP5C-QVMe!86NU9M@EbWkg{_CmR;QG%-8ahES^{2iI>4pG)z(JyrGbb@$
zc*jW)Tp>3`Ou%`2jm*njC6{-40V7^o|Kh5ZE#O#nDcA(0TnSTAGDV<#m8%g?pv%j#
zKXPA}yqhNh^cUA?5%FE4J@Dd+LW-tIaD^zqVQ|0KC@Pr8&V>QWjk&<G@KcUbyqGbV
zX<g%Gal5a_@6*z+$L|&FcNf=ZS1tO9HbP8=jx<NmV+Q;m(ro(;1ukB2r*A_1a0dPt
z(+I@2DtEbl{`_N$m%X0D@D|+TgmaA_5(<NW)u7e~caAX!WNj`z18zbnUWlcZ;(x$J
zpjTYE!mAPzwP)ac8A80k@4q*JKh+Dc|97@B!+?P1=g$hl2@XT#QU(Ue0g(3kKX3wE
z7_xO3(78_lZvjm10gh0}DzH@=PXV1HFvUTD@7T+L**(AyS$AVFiSZp#-VugR%q-0c
zl$wBb2FPEm1`0j>)&4!jm>MJX44h&&;YKQxAHqrx5F`k=bL8FvoKTKzN_XIyH2{|D
zQo$adix&<4?IJ?q6*pQrb=U*|=#x(<xbx{;^m>kh=p~3`+c+e?hhlC-<CxkbU)ms!
zXZs|=A;Gb73i^K+jv^v73%0rdV|x!wAXAwlLD7b$t>pD*&z?2-e`f!gWx^&7U?xAf
zm@tt@M6qYjWV2$kfpF4E;GB=|=Ds@zLSTUqA&+mtOc0o%keP#s*~hFn>m%ct%rcpJ
zWVm7Nd)i&46({+d8KL?cQ%8lC##d3t$t{*RPCdD^m}&j0l-^P>-bnp6^(Jy2cNoHs
z?C;BTCxtLkAXQP}EAT@#ZCVY(Zz-U?XZ0usK3{AAV-9>5GHS$-;utJo=uZ)$91Iq#
zP(!_Z3qv>)lP9ZN5DI60I7^8rrHwAYIo?oH0z|bVp)m^*M3eAb`IT4rk7aS?FJAUq
zy?(2wJjTPW+a30XqhWV&c+l^4hHcbwhp6iwOhyCb9SjEtUH7neI2m@}f!pqMr(O@a
z1NWdiK@c5IDjmZiqGXOSt&6HEuW@a+I-S(JjfSv0>>l(7z0RcDZyyW?us!K@ypDTt
z&>NrwggOVq?&$E)J?ISEoj&TjgG0B|Z+GAXb=*NEt`zzKUtj7Xt1D=1JFR{{#kSM!
zPkXM{8FnVUc5moTMx)NK>yD=F1Fzpb?DTtG<aN=g-5(-vG=M#~-=2EjXyA1wZpZ6Y
zyWFvd*knL)U36KErl_J3?zcJy!o$&^eK6=xCx-`z?Owm%8Fc#H>8S1Y+U~?19(Zun
zYj?cf6dsIv18?dcxV@g&?ez{ugC6SlD-ni4<cGCsD@q$I+c{`;6`pW7><kV^ox=e<
zJnVD^?ZH8N+CS_J+MR>pu;+Q5gNfT4P6tyo?Vy7L)NZ>Y*h8bqVGnh>qe?u98$;^O
z>mn+PD@;XbjwWauO}&Hm@ZhjNh5f_9;i!E8C)2@nI_ez^C+=`Gow_3zwiz1?VSnll
zx}EOeuruvWdLvZL0k_EnxiqMYs4Q;qYIm3peXrYtlM!S@a?wHGZFl?Lbad#or@djn
zd(d?|o!+2-c-TEWm=5|A)P)}E4+rf7*y#-2ezg?1o1xkgfR#;mw%W#Q8V&oC&SWw=
zoD95P4|!-Z98B61Z_pofCvA8*>~^OI!*+K%=)utl4dI|O><&Bb6tRAJl^8~tP`1>Z
z1U?FD<LXVCchILzRXfGokXf)Z?75?Z-q0IOCjH(J_PYnufj1aTCKK33lTmNtdXvM6
z+iiE-{SoR8y1mI{GUy#LnxkPQ-U}G}(3?CAZCSYx>;7RE9u5bGgHFfmbq@|E@NhC5
z^oG+(XXJI<NxL_iPI?EU;k4iGdebQ!coTQh?zf>knH&sYCDt+W{0EYnS1rW&08Xc{
zeK7Rehoi}1|6n@oPTKum&l|O;{ch(FcDu;!vLy~No*5nX4m$_K!(P8L@g~FGK{cIm
zIKvO7v#4B%^`OlJEF2Dc@UT6AUbi<G4N<p!;I+}9+wY)5*FAs;dBfgha@g&mp$88J
z!`{Smdu|6+i!!+<g2E5ucYr8W(KW5~#xwBW%G1ZSCj=%az;_L%KP{tF#}LXDhjGtU
zNm&56oF>|7y@DpPR#Vif3)kH4wk2$5deHNb>rIE9zB`%r4^X$?Jv{7oCc|kPO<@}y
zbO+OZe>5GqgHD@?4EL}-9S+;w?r3;$P#c4~Tj3nqZ+?tkCouNbrTU#8qZzAMPWKdc
zO_FPvHK3V<UNZ69ZFf8E!%kn(`*1oKqQP+3MhD*X!0UUxgF&~0yipJKUAKEUh28#S
zIv5?a+oQ>Jf`+{wYPUNFebhyh>BOyrLtRogR8#;bEaI@F#ejr~!`^TzaL-Sx@eCZN
z;csbCSL_c$&qE$F9-zl#zaa2@9#aeBdvJ^H0r3}p0ApqlFvx#hKtKGeg3~G;RAt3j
zerzKijQ||0?QUZBqR8G#E5C)e(z554op52Rs^A4TdHhiB9=!zILGltH>b6>~y_SS?
z&h7sg0iS>c=0t=c=qNBR!Gg6y1bLxw7^R<iEg0V-4?v<&Xcc(n%`Qt|J~5#{z89)G
z+mc}x9}_<=>iUH=IC;-QxL_Dgr~W5_qfb(M&um9PWyLSF!J5K6PACri@YWmvHqubp
zoIFU78I&)<1k<_j7qG&FA;7VK*6@k;U_$X5KfKNNLJm2%FJ~bmJ`C^mz6<wd-a(;O
zC^q=n|Af4^+RI6D<mJ&Ea|BLMOq<dG1+Lgs_6bQ)oFj|ag_qHJyofM>HOx0Yp#V<}
z?<#i?v1Vi(r}^dffN)~)y>CuH&npNgc?M2m#6&rOp%Dg}Qq_dXC=a6ug`R-Veyb2t
z-4;>vGOZ~-%J#;bBmLk$<&Nt(LGO;Qr1x0inu>@Q1aV6r?OEtB9C1Pc`V<LIAf2Oy
zY8{1MGa)h{WSSi>y>su*p&vFUkod02glXH~1=SZOtICKIBj#6cct`@scm{$Oi2WsB
z>yQTaUd8yT;F=gOnIJF*&5S7)KCT74XYyUilU5cD83rMMGCL^_5k-WpqiQO<Jfs$c
zGe7)PQj`Xy30)rlz$T@fK_UwK@g2QFRKfySaDk@-7xsyC=@UfvJ%|=KB#2fLNrI}N
z&%<jPf#){<hHT`~B6Y;|GjJ(@6Y#4hH{hp24jYD#&<H;P&w#@RN(r%N86{zk2~8CQ
zQw;Ji=_D1X|AGmRo99S@Ur?|BRBn?f)ggj}sP1czr%*kb=o4H-0cr)<g@G=SLn?xF
zo+8Bnq#M!flNk-5FdIWUZ-II!r7qWf>z&w4<Li$H{3(xdH;&+dA73$xrQdAlAc@fI
zag3(^Cp&&2-MG)Sq?TT>QmUnuub$~Xon{5rOa=;{IrSm)@PvAhg=;!x*>rra-&|$c
zr3HRsN`TnP<J&e&JPOWYBM^xwFaYh*QB3_BQ6g7;PX<GpD=?cBQ$GmQet$p==>eKX
zvl%XH(tv1bBEkyUfKCu_@nYhKtTiU<^|o7DIIjZKfMZokD`@aG9AkPtQ=D8hNrYzq
z)7ka$QD&CRAVqiZ9>h4Ib(DNr?r|DE2f_f$?I;F`FLYdf37N%LR0QLI2}BCT#u^(%
z1ZfhZm-eoeJWImNG8j@M^<n7Jge}$J4#&6Lp!f+fG#Md82^WU@JU-XuA)iVim?o?Z
zt(SzD`YzHtSRUq$B?N&a3>Z`1;{@EnkO%%!VMag-VxQbLo`HY<Ge*;Y{p*E3D=0|b
zgpuDO{*1J45BPegCl%ReR_^{YS+Es~I7vU8$)Z1Wr^^luqB-pDm0C%h$ZOb0ynNY?
zl(ppWlHk@4J^Aee417-oQvx=SuP?_Zm#o-J@XPh}SpIo^qW^kxCI5PVD&BEW4CYZ<
z<Ehk=jV#3lVvQ3=hVUAcf|Npc&NVw}%fT3h^b$?=nHDC&Vw^;3|5)+@)!@{+GZO*J
zrL3WKsbBrjTM13j`?Ub3t8(dER<)5|HAD@eDc7hbf_MvCBgob2v(nA^MrICkS@NAm
zBd1xQR09ch=uE+&#YrFq9~&)3Np+Y=tK!NRphEV9HO=Z}Rhty-1iH6e(-+ZtJa(MP
z9u=$&$Q&nu$5@P@kfwTtteA3#fG-E$F~bqX@X2`KM){JSqdKrQj>U6_{MnqUGf5z;
zQn@%3^Tg0Db*KE$#S61{tu$Il&*n6un%6@a4UFqj84W@Nj4`dOKr7PP{eGjdKs5GU
zQWDx|9TLd|CO*?a;A(gmIP@uwUxEmG^6y59jANHli?L_043WF;Z`8?ApkHapfkH3B
zeyEk>rrdXD*sEUho%AIPj=(_Ej<_+5)Oj}ZLq-*y<4_@B_a841ouh<YCh2jQ0zyei
zW14cTo6L|BoM^mc{|C~#=Ci{3Cgw?cfX1r9s3pQclnNoH<I;zG<_Sl_>-Xn+Eyha}
z-^E-$%!H`PwU|ouY}?O-7a-rN=&THAvKp2(Q<#!2X^TyDINs6JalSF?G|cm0Bz3YA
zM43bs;&IOOZs7x0QTsgVDVAhYK^&x^{yMVGC_|uw`IKPQaUT?e7|nd9`bx!&E1-~T
zfvOaD&5J^rW2qld>`#5BLo?=%^`f2Plo~1$a*R^-PzH-2kJ}uo4Q?we8RYx2fL84{
zX6k3yoZ=)j+nmGLYfhmb_~A@h&es>G7f0%lm<GfOU4&<GjN_cz1vUGiPc()Ge2Qfx
z*HntAbZjqFA<0|MI4CZ;8Bu`;DI^p#C6^gXP@F{%Ch3qcU7Pi%#fdCGt0U~IpeeUj
z2{ie+F0@o?l>tmk)P?B=IPpSA{UvHfvog4LsoJnnOq&boEG~m=lrds7ujfc+&5(>L
z1pomAEm6$$Ue9adkhEA)qP-JpI}CXs2|YE7Zqa@DHVX7SdG={V%i6g6Fn%YSZ-H}K
zqiF^@+qe;-$L3dL+9u{M7Hf<xxvc{8LK-gKOCV#hUaC#Tmq2gNG09|x6tOnc<}I7&
zzv+T7PQwzB2RszT$mIch>AJ6)H2fLY3V7MBq$pWTeesR`=G#PmIK`>;T>zyh(~N50
z_-hj2$v#se_Ia@H?E%@3ldwgEZ$_6()o-y=Gw0SilP4nnRS9TDD_g&W37y}fdqWd_
z29DV*VAOMA%#XZE-Ii}|g-C?_#YxD_>x7_~>!Px@{%su=VXfTYF#FbZQABUNkl3n<
za7q{`d5F*(-&B_gc5eqaB3jFM%_Zs$jAvGD?(w}T{Du=cVUzfVjmJ$C<4^ZD0Y83V
zQG`*|uurEZD=JE<PGt<#l)qL)8m!_jIU}s0K8cZsLh8eSRFAgY@8mwICfw67xLPmP
z`v?+phhvWkHWcDyHaCVeOb;#suAPdqnVqoXAOK4k`@#z$`-wd6c+y!rgp*04xQs$Y
zzsy--F`2j{-wtA)>b{BXaN|Jo)Ss!O0%Cz*T3Z+TT-8^Mu(cDC-3vkCQoqmdg&6(1
zm%;6xA0w9r_p)pEhByLKKaeLrfH=1~^=IjLiqu)e;<ietNhGSIAOWx}Tw!fUz>V5)
zJ$x7DA+xvDux+Q1JX_%Z2YGx5t*IwS5nvJWETg>ne3|IAt7TB>XFot0&ac}L4%mvC
zY06?S#wS_Ey3UN68I8_QTp<srtysO2X$=ZnAPq_?AwCgX3*M0~*&_2yVfH3QY)F{e
zB*9BU@a~k6A`}M)m~0XLc+UALQB*n}!TPeOIz?oG6y~-_MZ~c7LqS}w@&Jlu$z#t0
zP8#^@@O|EZh|ONX`RW^k#Xf%+zmqFzQG9(<*zZc$*FF$K)d)Q$*QLiZ2(IpY>duXo
z4t?S&kvw@op4^;|mwi3Si@pwp8CRgosq}SuZO({amRcR}zsSGC*oJIO%S-8)b3`+}
zAj~6_rm~QJK#{tkB7BD@;|lMYO!Q+MGI?r<YJSkjfUiY^lKGF3@dlebNYoqkpH|{q
z#4=iCyuvs$;90cd8AnlX7@z19JHj0Rnmiz*$?Tq{=f@(dN1wx_mbi*y(TGKT1xW0=
zh@NppOV6Wblc|9EXNW^&^f!Zm@x_tn2lrb`!df(?f@xhyuQ}l8n>oUm)}*%(O_ZrT
zm?opV_;!=OMBz&g4@Qvyq2_^#;$YG?f^&T^%#R5*m`WTKe9KC4*b=W(pGnDmwYJ*(
zzvk>oqp4EkAv>*GSvQ}dQqx>6G0CsyimGyJ;h1tmC0?W&Xy$Zyey*3d4JuMNWX_5k
zAGn*e)9rOTf;dJrV2(JU4m?|fI;Le&9MrN_SW9NhC=(OGm|F%nU=OvbA{+|h7PQ|y
z6NA8cblnhy(jWw#&c>jySowrcPYP<9uAA06n_DdTTHOFZ9ZsrR6I7WeSr9bv{A$3@
z{DEt>#;HvySGz~?0yU!;DGdw9V9GZ>LaKt{JQShOL!s*<etfXuhSBUnyAw=7N~qYP
zWk6Jf03*ZPXFMoG?E-tEih7B1j>IroOi;`u5qEfot|SAGzEo!}L{#RC8M&@py>w}n
z#f{0`2_#IXg^_f2Cp^nn`ukaG^U2>NiBSBWpm?15&}^#hcj5460!^M1R3V*7XuMA%
z4^kb5cqS$bcduh{zE~6hgfjhhcCXv9z#OS?J`GXHXtmvkLl^O6NFa@`FrFCkQ;!79
z;gZ?iC<I9~iy>1CUPzg_r<*n#j#UKK0)`0;^f$F+qL|6p!e;p{Dc2YAQjDd6vB^a5
zd6%vf39PQCbVoXYr_19QrHfgQzdY{`J?_d8x}jLDxhv-KBFAJ>M+e0JPr4@2I}D<w
z`&Ys<MJav~Ynv#qq#EHFBAxDF_}W*-+8qq?uX$rU>W4d3IJdN!urnuxPs}7HI6%fp
z*bGmn(Y{zw#c(^z{Y73<?)>@T%-%m6WACl_l%2p@a=3>3h0U`h4hX;rjS_yyRvr|V
z&U{ul6KbFVsoDB5(0eqpRE(x+QfAwI%@!(4|J?7iI*0oytQ#iL_Mg!?YNjunQvOLI
zs@I0k`Vx6QNk!g$&9fQ&=#h1p*V@yOc1I#50gs#KAwfhjA|Ip>QzRoc-e11C5@`vL
zVaYK5JN=2R@+LtG&J-6QA`?sK;gDljvTrJ=Ay0v=PY+qKkRmy2R~F`7a=sptNfL+y
zS`Q$Bs92K(qVU&A0yps8+c{=H*QP>Rw;mzV@?R${2oB=)slaL#_Md$?!8`)KBYz6D
z@i?J#HbY&RlgA0MQ$#OT<Lji<8+)Tyq@Un=5RXkyj}^p-haxt3!RsjC`uUg6u>N&F
zGXK8{947l>|I<9izkib&uPqv_e?h>C`#<{KZqLsD-|ck!yZb-3^8Eh${@)rZ9g_$+
z;eO1FM*xS7bLkCInd$dcx)L$-WN3+IB$;PMo+9BsA?5yT{B8g9=f>~9H-RTI)H~E|
zEjum2i!I(<%XC0DW%1{>$qbHOu_fOR(-QtP%|9qOxn(l1U0vh{Dgyj!O(<r@p-eud
ze0?e7bo2Xv1IPUQQ_dA*c@dO<F2K+ufRj)npB6iMrH7}QrY&8^0WI(c&u+$ZNu@Ml
zq)Z{3xs{$PG+28xL{nnv4_Sg*)o)lmW>jcEEt&qbW!#QnZ9(KPF)6O-Fo#5(zPnf3
zwMVbSLSj@BsimHirTY#p&`bW8OrLf1Dw~GV!kZC97tV}gaT#SYr)5epeZ`HV47Bp3
zR=MsoCi3zer21j7OC@irSl(>!IM(uGo?4}F%EsM><k-yORC14W+!c_}rd@e!a#S3f
z;zjgMVPyHjW=^|-^+rg!V(X5O@~IY%ko;I@gjBmFBV<Ez%;U_C-Fw+V*~L>NaxEh>
zOx-$v_5TQux$LiEEioNg^HJ=FbPAjwmQAyn7sY~&2XVKiNf5BV9MIa!@a)p%nP%&7
ztIRiReBhXx@TBy(c?q7+G2visQnkd{tTJAF;fEgjBr3PWS-ke1j-GbF3(t3{Ah(lJ
z#bJ0jx-)w<nf5twM6Nc0nuabBb~32jV2jDkJ^8H^Ktan%SlD)cR+RnyrB$Lo)l*ad
zmy7R%)c;lbf4AQoX7&H}sJGMqxA6%5KdUulx9eq)iysmcQ{=6y!JFD9o8k7hXPS84
zPB&kWgPZSi8mZRT73ES`$()e;{9XY&>HBsXwNkHdqsdI}e<zdI&q?zSt0Xu^>zTr>
zG*=F5sNfzQ<AR%Z!@k@`|9*%01tR9P6~))xi0>#|9yN>=SVnwQuj{IiWz@jX)7829
zkpANKDUgLTg+6~ivR;a^e}In(rn*iOAZBeCYvL680dVArUKNnX0E#OYbp(!_c}2Uj
zb=FSq0;?p1E-DFl`w~1~a`L4ezSX^4nmsFO`19w62u;bS>&-XMO0pU<ZEpc+{?TbR
zxuV1Vd=&FLvZYc0X*`K>1%b2gWPAIirSsE2W$V8R0(kV|zk2=e3`g1Zzdh*g?*H7%
z^MvcaVxj8QUk2H+Wupo9Cw{okPh~Vg)8+q=0HFx@;nWX(dcRs(Fqe~}bzSe56fVKy
zYj(A?@(Vj#TJegmU4x#N1_Qo3yS_O-eS7}SdUJXFTh(Hj^=s-u`bO4D9h~&2m9mNo
zPrp!>wq9$U-0b?aTK;S79xDD<%KuJhkd^<vQFkZ*xAA<n`#*~9*4+ImpV(h&)1_z`
z{93nMQleLGxa>T4-_27d|Cdq7ReyQu(1T_FUslWi_Mn};|9{l)b$0T98;{oi<$<}W
zKjT`TJh-S8e{r~~p6FgiVN0`4k<RZy3Xe+t7Oc8#zLi8m=}Mv&nIC~anp&hW5gPiT
z$MnB`Rxhdr+rxLEfX@C}3;y>b^eX4SOe1jeNDsh@`QK~j?Eg-CXa8^K(eq!9^@ePJ
zHqRu)YV$v1YMXZsX<NS}u!pswoB(51R7_^mFTiTbOVZ5w+|~10TcDNR1jG7zoMWM;
z=U{D5LH_#q2m21x@3+6cyExUquKsa#^Y-HO{hPCf@Gbyw`tIuH*R!+n&Aa2bXIE#J
zAI>h1fP+JaeY?13e@~}Q)!?P4eARe7SEqPo20tFd@WKcQc=^N9Nn!DGVUm_ipFKH0
zy)5}kmM;Igmo@JT@G3lLY(|Uauq;9{SEyw)ZrJkc;W4bjV>x^<CII|=etGuW@tZe#
z5Y>yDi}%+*UA%vHdUN&ur*~)9SJJtYg_?C&=(%M=RxBZ#EqBRq0))%dTf`=?oXbTs
z*<AToyS*gzFXHiPuIch(n%P6VUDdQzz9x0RxE_hWE8S=JtkC~tuAHaV|3-sc{C9h2
z|83`aLj6y2&szGQc^}lDSN}71j-FbN+vNJ2TSp5(DyC4`uqq4bTv{CRhw;0c<M-FU
z@RjyOs^t8ar4v53tvyh<sMc3u{b<<_s??4`?NY7RW;=!IZLXPD^7a(tRV@g{a$ee~
z(wZOMXa<5(`z)pK;+<m$=kp-hm*Bb3fq0CqYK0HZ<;DB!vzy<4=b05mY0ycx<Vtj}
z;{LAGw=31{qgTLj@}~>dG%D(<^Z!+-&M${rp|^Uvf~4yafRlXq2$~mYk2_ucNp<yF
zj><~?PaO1qob$hi|G(GH=zpEzXt3M=-O8i&Kb2NfC6yDY<{s+)7uCys|2)Ml-z2b|
z?s?vq_*6LKzcdNI>8Eo3>*TDDvjA7j|NdZ<jsNKMI_=&3-^Qco|8+JI?*=SD%|C0|
zfR24dzVjX0fp*YiLgIa%)QpEeYEn%wrbQNG1sPI;>jcsg+0@GHwA)!j(|lEX??Ikc
zu*tVp9HfM>YIDP)`h)G^2IurEM8U7`e>%IlIy<>MyXI+)77@J%gvR`G2%c`-MMjEr
zmCk~vDOA{TWsl#72xtsle$`OpH(y`XR`6Zr=lv^{*U&a@Lwv_ZQe{fy85a}6Z=Ujr
znui__yJ|2TR9ak>j{4YjaT1EOv^+K|K#-^En8F~5k({V<zvlYt#^|}s`g?tKb9Hg@
zEBn2_gz<iyghdI|y%xdltt@|ie0_FvdVVRZ1pdUR!uu==GF$!T;@!!aP`4}DRcAK0
z_3-PfoA*~|msjKCT2NA^&q6sqIXN3&-<-a?s)LM9sGhe9N_F(KdU-N*jgH<?`Q`e0
zd^5hh`1?O@-ke`upS=?YZ}L8f+O5m0=u}JGZo7IkRGB(ngFQXFy1qFdKN_x?fL;S<
z9C<akQG1GyY$8oquNye~`}O7V&GF@HMVLavbv*)Qv*YW=u8+^(@GEIfpQ2rP@j%Mx
zY|{OD_Kza6?M&|aCbtR%x11<zgn}2h`}J8amHNL(!~4|s|De|$W#j+a?a@yE-^Qc$
ze=*kJg}QH(X)OGj4G}H3moWl>ABvouBD=MV>RSbpt0Z6}zIy@*8bdngK_68i)dmz*
zhi87sSr#IXvyMe<h}>b~Lfd5|GxL)M`V_&?yD&Zq-BX?ne2YDF1f2G0G;$g~MT^uH
zSsA+61pHbU9>3U7CvwHFf-Qy`(TWnF3|Z75)o(-6<dgCLUUpVftSMIbxDs$o)Cv9C
zxHX06?;i7pndH+0w@Toy;59K&n`bovcf*{<0ck?;Rn(+Ih7;ug<G8}dRp^m7v-I&%
z<t#0%j4B3Ywh!kN)qrs#T)!%3yL`ju+{quVEv{2Gu}q^eGbaTt3TkRHTD&EJWCr7v
zu|LSyGTvP$9ihFHlygjYrH1;Wtb6ILCDx(gWfbyr!>YPS74EQdP6H+sk5Rnv3GwB%
zV(y$@x+0BVksw;c?9I{uzArM3Q~GUW9?NT5Hb0#O+$}5|>#~Npmd4NmA3FSBo#;--
zT)0cpYrDi?tUH9devv;=5T7@6>c<-=M((;dgCu#6#wrV<UVl?=Gr~7bwv}?E`T4Ur
zoc0s5c=$(V<6N*=WoHOO9}7EwA0goA%l;gDgIPDo+C$Xcw+j}voZiu6G|#2(3LIoS
zQ56Pek)pO=%aA0qWy?NJ!F^wcGPd|s+kb2{A8Gupw*N+>?jXDW+uPZH+j+{)|H?~E
zw}0+ei9w~CvSR9%QKwYg7->L@^;xNsq{7HP0Bl~Trgy&O-TN`3B%7{Klv#1|*W3s%
zIPq&_3>DzYk_M*9CwVbPYspToYF<XB5m%Kah+(y^GD53pm_+-$jB$K0y(@76qbwoQ
zyRU1|(l}FCNzN4LDvG8hozxxR6hU|}VGXO{F_vEq#+9@-H0wfQN2`yl7nsg92p$<{
z*2@TPB4_b&9z-$4o7>~%3=fynRTf;2u$tMbB|{2&UDBr9TmYmFaaY+nRkV{gbgm?w
zD7PNvl=)XlxD@cZbW`99K&+tJ{@=h^NRn9Rz12pD^cE0tje;NYdovMR8vUtEm}=&h
z$S1nsv9Ct9i_$27RoTvqTUa;Wd2#3SV#!XVVPu*xdMo!<s#89rkA_82xFe>t0Ar|Y
zr|2j-t@^x(!KyNKtdXswm9JDYM+aAs3LF2uC}ntRsyT+yU5kYKe*-_C|NZURQQd3S
zeL@mM_76G-2kAV|^-fPb>|My)>m7dS7&F7|$cAfti$bR;HTrskTNsG+bq=pNNDmog
zd7j~kW=X-Bp0AUP51%E5Pvl8RsNsKiL|maytSf@DYf7=_akY+-Mlt#8s2K*Tm70bH
zel2A~*W^J{P6?<A(v~?U*RcO9{Xd#jpEUlr*Uz8-?Dcl>|66&U@cd_?pj#RJt84u^
z&wz@ppnN`$RY9^a2=LuF_LqKuX6TGb5qaO6+-X`7ID7p5^!)nfx6AYEvx;EatF!C(
z=cne+*XP?jTzYjjKE6D@zPLOB&VM-#0M5tP$3ML}ySn-5_~h5Kcc(|d38!?8tRn#Y
zdj96k)o<t5C%+s4hY`yuJ@41grX%^U&7>m%PjGgyU+?T-zwGQ_N|u|mzn{E$e|mQM
z?(F)vi_2fHZqCOa`o&2=mi=rRkhRWQ8e2Qx++oWV1RItH9v72hMOxY2`N^;2{N%U(
z<n%v&!_WSWi(=|eeHYRvkN@oShQnO^XJ>c+%T^w#|M^7k;PKnK5CM<?2qr;-xJcx)
z69xe|K{0L0J6rh=$tCH%taC^KjFG%M-D|LE>4(w-$hZvz{v?L+{VG*bTsCEJq7m{F
zV=ONJ;D6}Xp}a&)NGknWT*}4Xr`K}{%RL2tPDmmw_*VYy=g*C1v)O==|AAR>Ot1R=
z_p&>(3{8uJYAyu1Ot`HS6tn(6e{S6Rp?73bw6Q=Gs^hYuio1I*WpIN@&?9{t_q*J8
z0KAZ}*TfE)k;LF7c%pF{G0j*|wCn^wzd(NpDf$)NOYJe3;n=71#Su6=IlVgOFU5uQ
z-NBImim|v*U0o@2ERH<^!2N{rC7KFQx^E1Vf*~nD4FE~5AR!dRq9A`Sqo^#p`?%5g
z{zdtNo>KWAMl(s=Cy)Q{XY;>zM(yq{|I=2URl+xnW-V9nffc(ZLORUrmsrt^$8QeF
zujn4Mithq6&N#Kq?<pk1lP24HWq32o9b?KZoAR)_TvEbGmxp}OH*kUiVipd>o8scf
zVJO9%RR<ccjf!)Bg5r?B=jIHaPBR;NIMy&!VZ+9m1$Y937NIyg4s2hf1^X3G;+Qv6
z9=M1ZTu{1jiO(gAR(2>-iUgY6FBS=*Z&5r$;6=fJq%qf?@6x@pK;OWhv=k047zCoW
z?P1@ONuEU8ViDqf^znX-0t`K!1XHtUo#sUBl)h(^En6q_6KmTE6dK}>J!XBx{$dXp
zBbZA$omql8y`ar+WkfUC@`02yKopbDK*gq^!HHt{P1Y<vQu|2qLJL>p*8>Qx6e~X@
z6oxJ$Mv5cS(r*p2c4Z*Y1Y=5Q45j1G4}I!Ql#h*dVFC%VpsAPUi2@i!4$#sM--Rf)
z>Ldik<>iGsc%=7xs^(ymfocflZUN)__mKxFx}q_pXm)QkT3EuwA_++np?K*N<T;Wa
zgyI;^WSn)hbXA<;ks;YvjlP7T{ykyK(mQ@V?hBCT17U=mLJA#?x~vKI6fYRW$^bP_
z&6-P$egRz<5%Ly$%84pGpO*-Fzr{X97om&f`xp_N#I9K|MjsPIsPQJHk<x!(WYBKi
z!GNjN2CemKFoi)df$r_83@>RdU3%sJ2kr6cs;5~4fIApm?FQp38H@!EeTrj0oS7R0
zW9+>ZAFPR&7H(zB8CdWL2?0IC9(oJ?kfM;uso(t2!*@y`jbqHOZcaB27$FjZ#ve}P
zRzXdvoL&p4X<I0n3z#4ylQUzpT0k>_g$ZRH`52^?_<*GXOP5F;ePSpqz<+kLu*&`$
zV;pS2{9Eb&8;#o8`2S&lm;Y%iPaXR&;(YMEn}69d`dy}+m=)R5QTp}^n3btgnnS5X
zVcn3;nF4<W+8Z@DCH5uOrWk}`V>8{tYw|6;EFWa(!()yNwO`t~8P{a71)DJuQflz8
z;vA!?MB6O_5X~ky30>71`!3FM6U0x9$}`(BTp)^Kt*R{GryDo$QAlrG9EL~0>9pHz
zM;RJokZ%~Y8{v_4I&G(TsVkNLo4NXnKP%*aci7A2|LpJXf85T)gX~W9aTl(91Gz23
zzQ7<5*~q9i7s@BGSTfR6I;+&d^aoc38?xXLxSk`xo&K(fmjGB~N#ijTtwvfeo%pN@
z7wf91X5iG(!wX5VTU5++Xz;S8xGk!{We+dO{wgfOaN;@1QWQmsvRq;CLWD!ZU{7p}
zt=t*2?^sidfuy3|9b<nRYeh;tUc&fUAh4Gm<=*3My@gSUgD(Zs3Trv|j0(YK9DJ&;
zmZPe<K{u0XV1+Z!^eV0}W}5Z<dIqiFru}-`qgq`bUCymon}{L+B*ThE7EEI<+WVdi
zzpU<}cwC#7(ug$Sdt7uGG_(RqWC%0gU1ua?AAADlDCQ?^q2~bzLUacLHpBH^_*Sja
z()B;a;lJ@@6UV<-@Ba-t+4a9O?C;k9Z9HO?k8${a@MI&azu=p#to^*G_$}675viOI
z<QXT~SzXz|R?T%)^<g8cs$prBN>P0ZLpJ>Z2ENBdpeAG$@v^J-1X6dtpRV1a_q&yQ
zw{m}7E4N{FuQxxgBIH&fTsm3)0QLgS9-7$*0l=In=~Ht~sDo6+bHjpI{%l|dZLp;X
zds}LW$a5g7xm81aeIFqQI1%<7^-AnVnIl5xIOebSisp(vz+00w>M>=GiHJFEI$cnJ
zs(Jp-d|y`}DMqajOf^Tg{`l4rVjFK1eWEB1VQ?N&6i=ax#@Ms4c#t4@I((xHdR3A>
zeZG*)S5Hp%n|Re@X5+P57R(|wmIp2e9yFSKE80M^{T1eFeu}5e{uBAk$p&tJT5bQa
zZyEb<u#5lS&cp4zQ$E;Nh;G6H^iUMw`vnT=S7rq2Ue+`N^%VFLhM;czk)|MwB9dBy
znglyraAymC>$aetA{(;?iIHO#fCZ%P{EelaS7WwCD<-3^$V)nHOEz!CZp(t*j`g}7
z%k`_aTDNYoX06riq&@%{?6OAcmoiYdZk&EghUwE7rC-n>Ei^`J@v3}f+MnCDJ%`&g
zJxlFBt;Iii{O4de=;rSK-PwQJd4&C^2mAXr08^f>X#pBN`2r@OZhf;hpa#1$0(VB>
zH*W-LZr)jeJ1cN!1@5fC4Y1_S3fx(N;Ll+Nmf3$O^djtU!unf%{$r3o|IzCYclO^l
z9(ikl80<}0e~NLoXZsP6GM*cMFGcz>eqm9u5hxSPON+6lA((c`Q1hSUoP`<+vNO(h
z#@W|roFx;2sJvYkdR~kOK{f3ny`t!P8(b&>KRp@Kb#dW!zNrO!!_TVq|0?j^$7TRs
zvHthE?QHzdsMp<{|J=%Bt^a(mH>m`0fZwGiAbYkkudrU8gmApRk3@O_b4fBj8Htz9
z$IE{9QmB$z*3o_Q!z+<`(|q+j-vyO^C9Ax6K5_99#rLh-1Jd&GeomX=)cR&M8soYY
z*`RZqOi&ymig<q|-!;RW`zDiUVy7E@zq*kzc?4sdv+48ahEz}LDJFz3yBpL_xNloS
zUk?raYlEnKbBfY;`jqK^a~%8s!6Ajg7<<PF#r$5PC%ONp-_81ex}AP|cm8)P&szE4
zQ>Ne-SVGMf<;mX@;)k;b=YF3@&~mwmOCnY7rHbTqTtDQ;{ae!{2*kqNGC{G|8v!(r
zpiTy*fmWu<nn!RmnX(k1)Z~3oqO5rY>tv^zN3dpAD*K9&7qWK>H-{1NVu|9|_mHz^
zCFN4DGntJgiC^V%JE<=fFn)h*I;wdD%hFK&QY<A)G+l-4N)0z1kj*AN-lR&keGN3j
ze@~Frc(e3*%6upK@(0Fm*IX*<>lBJYe}KL*!AM6Yr0K7I=o!R(Q8Fcj3}kkAjDrBh
zV)wcQ^nP2)=N5P~RjMJrd8LIPUZN=QU1;Z6Hr^Z6JF*h|R9q>2Z&d2ZN{Gh3YtWZj
z$rhd`<M;2WANc<fS5~0dMInVVecwb=rgOWL*-A5sWwQyF-6+v-L<7f56vG)Z8Y!UG
zDlD>_>4jZ+ixxP(-(+tV9O6SdR0Ega|4jESeQi&f{_lr8Pw*D<|8#o2PVW3?XEfUB
z|J!)hzW?c5FvgQz_aqt5c@kY+0$)>Km$f#dvzx#kskci|b#!-GbUppuB3D83T$SML
zHKKgD&Gd`%z5wNte<_TCd-LM|=dz6S!>d85(7F=p2Q3Lv-AJHSFZrH0dfe1@0N2VK
z&@wbUiM1*rssCWy)#cmSmW#S*jEYoJG6b->vc#6kw4bx7?C%w}RRIopGpnFbjTQ=6
z)&?}jG1d2$XW(()XMJX1rSmMYbk(fP5sWNd8EsiGMv_w$)(g+O<5_=2F2SQ$44tO9
zf;YSMqF4Y&D25crEgC~K^>1@3TUkLPX<<f2WYBoE7L0Of(#WZia^CBk7&MT=4#@n_
z{-+b;hTE06zfe5pe`@|foYJ=U>>ikxik6aPRX0}B;`!A7guJ)D=LP5v#$q{evO_JK
z5!W*OoUM_TmG|y3Ywpv_9Bfk%=bE*<${OWR^1-yZn)YS3F9Dy*|IKG}u56ZsITVfk
zE;sfZu$MtBGc5IR()c{O^@>F@JFtt2G0lwAqHu^74;h_By@6R&jmhG%!%>bz=}4^8
zra^Y&q7HNID&UAc_I6>tuvVvP!WHv!0W?h%Hb$kBthz-~)LOw!&<}GmDtoKM(I~a<
z633#cr>%4@+FIkz!I-1W7q~i2Q%qkzQFH?>>uKg*(|vhcK~r3*nqFL_uDogSOK(al
z%R610x9Gm9E^BQ@+1pw(LGg~#F%-+%u@Es%D2iJsr18DnHMZPB=?622<qk~<a+4T2
z>osG{R@sa>f4`Zl=2q!nyk7Qg=32U<D)|Xuv{J%j)SOhAC6Qkp{6QPY`qGf}MqvP&
zfd5o3M194uS((?c@5K_OGnW}>7Aawjn9|OnTtJ9rcdyt>Y6*YkoD9h7-qOJ6Yrd-5
zlMJ*!;YHSPDn>6uA**fOrcG3flC2`j<$c5HfTuu9<w}n9SrgEty6$sc>+q*QEcQmD
ze3Rk?#Y}!yTMhZ6L;N~uMq54+vmevIEMCm<JqHvuyt1NYJ{R<_j5wr81HuVZbyZrS
zW9s>yVvIs6w$dg`(csKrlq+D1q78$*hRlD&NszlMynKSE2$ap`Ii*p`;}N8Dl1=F-
zT50ib#kovL>R>7ILKN1Cq+6lD+rS+Kg|!69MPu3T8C+haJ6h_Mc0`0lSebYkmHBVW
zg;9uECN(A-07kHM0NAf$k)Q~#gVOYZJC4!R|Ky0u*ZM-D^qD~S7KPqXrXv#D>}yjS
zRW!*FL4@e%s{#-vi;24Bl+(egTVd7hHjEzml<og)>h6cX)X4wR9cA;s40`Qd{+F#h
z+!el|yC1&3dmrlG`S6AAd)WA054(FFcG2-)V|4tQX<asX$HOik$}S(uE+5KcSaO#S
zWtR^H{5kTW{Mnu|`!7V4jo~q+(48+(NKcvW>@((B+b&#{|E1p>X3qa~yZxR0x0Q$6
zdhf(wgLJe(I^3JE3@f<l%ia=P+4Jg~gI89qbDQu=AmWZ+QD6M6s`_eqtY_d>4#7qY
z-vZ<G_JFk9&~Le+JGBmmzbnV)G3M*zHSCNk_3c`x8`A8yLXR!jooXIsSV>N)KLF9b
z^FNo4v10un^I(7{&HvKr4cgiKZ=>F5m;Y@m50C%<$%^tf)+I6g($`umd|&d72qJl!
zAbyKA*9_&i>TV{WKMyiBkRBA)Z;`N0aKBaI3mwtT4@y3YJYS~%v0Y1T5D*>^WoJ<;
zA8S{vdF0Vv={heO!d;|Y34L~ldTmuD!rqmUf;<zoWqeH`@Q^<l@mElAkJF^6<!o3K
zKeK7WFVy=5VeH~g9WcTvjJz@S7#uZDrN@rhxXe)yp_sHZOkQ1y=QYg7y)snvDq_4#
zUCpZ26Q+V+?E}wXYix5IWX5yr*k(|5oD$@+LE$N<GBJ<_p~%nZV^Il59}wha(=X%*
z{L_(f($2p!3|;~YRe(BEkm`YwXf>-qD(qf@6nc$A3+7o9ad?oI6n_^7Y?<YnfZ}Y7
zV~gU<`c1f$o<j5J0RQ4gll+%7X3CF#3b1=y{-x#mUYym77|>UM#))wvU6xN>)2t$2
zf^ATx4WUmiimccn@un!yvZ4}?vuv%7tX$`fjj=clksi|0l5!8c03oJ=KG_o%{uJQ2
zuwKiU>l{W|k+V+`;|spjX2Ek7$c{-4j!jEO{c3E?K&}Fbq*umjD1WGM_OffF%Qn?2
z5Hx9#!_xRz7gZD91MqzS|Cp*kJ<c&|<as9dv5H%mObUrXxs28VKz>DPmKG`*xiWO?
zGF4gqN3l~Snbu;YN=O@Lp#qjlEn0EfR+cgnDJ!iths&@`?_cwbsdcoWcrCL^Ho3}}
zTh7?a-Ga7T&~^*jZbAD>7PQ@Z_8qTh-_0gb+5S(2y|*~@c}|HZzW=p1>gDo34Trn@
zuUmOmZ0AJSTL?CIn!TJ9{+b&(X~oU#;>ZMno7lfeQLD3gla~HMJ2#mj$Zy+Z3Or@1
z)wHRyL<nOomr8bPGT5%%s>zMkpJJb;-Zo7!Z|?SJ0Qfha@B!x;Rx_yy7%%3ok<D1Y
zq+oBPXcLE2?cn4U(%nwYSG`j+%qA$1n*`olvHF~)_cK&6g}#rWfGgHjOiT5@7%vc=
zql8>0!6Pq#T9yC5(;Z~ve+Gm0PXF7+vr7NdY!D{_dLkXrYGYkJ(5n3P>4Fw|we&%&
z#+T9w^Fvag7v>8+scvXBSE?Uca;r>7%wxV<Pb?bAovv6ypPjyF>x;7(Cs97r5M#-g
z;5q-ArW$IA(zesOf^(ZZO3g|XqjR~W@=N3wGn#7gLito1I&)aPLt*9cq37|4ei&?~
zrGlR-W0O}v#kBbc(39!vW?v+ES)Jn7QVr+n_&oW_B+~ajBHxWi^w0H_>i<i3Tlrsl
zqhVJ6AN0Dr`2Vdu{6ydQ!^tL2`9;g3gbiCf%{TsVQhjDm7N~PFj~A_VvW|CqW2s}b
z9k6sS5ruxp^?nIPSv^x21QY1qo(jc^;~+~L>1U?k1yhR832-JD2X-Qbm>18a+fBi|
zDkxkY*TE`Y`Ts$6aph$*N}QGDA^o0d;FZdNSb9Be>DBsU_J&Xt(hoRD7U(2^{$iIb
z=TDU^hpBbhxgs%6Q$m_ZIsez0qhQe@^L=$WlFX3%e;o%nw+KZ}srmnH9g&2tiwJp(
zJ!IaKRf;^*5R57h$npRj7X|_Aw=@25;uIu(kjN^^OT1$AF+oNGRYGwLXG)`&f}&iw
zEcxtDt^V})k&$6lA^*Ukl{l$?bza`hkx34Cwt*uf*sDgwLYe*-PvFKBz*YJG`t6+l
z*YEB0zpXr6*Sq}bcq0lRW126k0dlsjQ~_0qIy#^#E0e7M=6mP}{5D5)F7per0>CG#
z0J!r#1aJ&OOj|mmuILxHw=-}_A}-MqMbt05R4o-$5dNvMIB-M&pg>>0U_$xzznnt3
zi~gD1L~#h?d*GZ1VqD??IlvMBSZD52YL*|mELFh#sR#=!2ME$2PXS9Qq?af_kf2t2
z!9|ImbEo5d%R1h-p><i=w#$*_bB~wZ;N|<9o8UkBq34G)InVX4-E`kg_uX{2raKOh
zyrCIJ{_7YgQN_G#7`HV)bX{FBy|nI8PXx)N?#Hf+laOvu7S(HABD=wMcl#CmDYgG_
zLLV9Sqn{P_-*D8+*?+^)F8+Hf&)WC@UNXjbvfF<-+d0}{Q4sLMOXvbCgM3Otd{QXo
z;XStZB<J$xAnHW)@Pc&%c{UVUwV7xj8<~6rkp5H(!=PJAi(mcFGl{^KI`cBHU#_pm
zmnkDO9(Kv_?_cnW;m2GsT!8nw*9-q%`*PtTK6(7r!e#Am=3?QjSMyuDR5)vW%^*d0
z@LnaS^21qbeZe4_!>%<<Au^|t^ZIgpA|}gT?pr#M^53pc%0IoiD*N>QRM*lYJ%xUd
zUg!G`Qveyi`yLQdmQU{&Kaf4g0JUf8U^;qFm~X1JQfpE3@Jbub6w-f+V7;35T5e6+
z_C=Rp;U$a_j8RB0(X=EFLHa$7B%29C&b(QxbUHgSurH0L(oC-_zZR7pAQnYkQuBU{
zJ|=#QymZ28w8YZrle7%e*?w4xi*nOxrKisxXxUMNwj*U#Q^KdRetU*51{mj%33Ay8
z<}SQbFU7`|S*rB1yJA02i2$t-god;;Z^Gl95ODR+!dqN3g-b*1$^vfdT+L?$@-@|^
zZHkA@@-5?ACI4zRmE^79R=K*BbF04Uu3(+7<UL)nz>8PJMEqj8iWbwm|62C_a(Bp|
z&F!ik&=PMe;!gc3c!55aF18j&3iE>>NlH0E{<H%^3s_@V!rkTEV*FXd{wuTp#jTQ?
zaR973|I;02?|&P%J3IS-D-X9+uJ~YYVh32T&6nK+maJR33!Ijzvk#n>ru-sJR*e0X
z|L*Dg>G;KTx$lOQQ)mlGW|ssnE+P@9y;pAoSkZlBVTk(VC4<W|93H&_&P4=2CdkR0
zIbwp)@Gx`AIL1xG_JJ!C<}2XXXJ`3+$%gyI$hnwn!C$}`8Ye+;Wput)D;{=lQ7m%5
z|C^`_5bP#%?Uh3>DOx8cQJ~(S>V8%e@cNr&yPd4vPS(@zWL3oMX0$R}pQ{&C$FwRo
z7QaA}pHwdbpU{k4$;kj=cBc3H)s|2k2O5x;D-}tzJSVzQJl#^74Erc_)7rP_zPNT2
z`%6gCExIqR{1AD^E4H%2tg!vcM)No2Gpm@!emFa|C}|x=&$O^-vUg^OkJaA)8{pdv
zjGx&jpMW`v5ug}A&jS#I=ne#Ied7yWt>DGo^XR8s{}(>cO&9>x`hTa}Z;!J2e`h$_
z>Hph!r2a4b*Bdbaq)T91_du(?5GI3Oiv7qtKL|=LgjPKjP-;e3>OO7!kPlh9O1I9*
z`&8ptd7?%lc&&8Lh7`Exp-;gQ#y*?`h?s))`5cm8uCK>eYPZD9hN=r-Ld(BnLe=eM
zMc*Tp_eCe6F*+_?SdmQI@>1UVpCN<Tt!dhB7hbZ3Le`~hYCy4azTnH0C>O<;ViyPI
z_M($6ReQjhQyLj5A+&~X5lChct)0qJZ>6!y&Ro)wZ=Nx%)QjR))yK+4OBV0U9yN)O
z>%)L2py!&d(4o%c4XZL=zxsJTc2ae8|8GFO2i#w`pZ-1{0}ms@BlBVu+yfl){mTe@
zYNylSH5tN}YIch2E%eNjXmay(j6EQEXad<>#-TKlWxApl^0p#4At)3^v`_a`+c`!Q
zNsRsv!C{q_y=D%hHBN6Rcd6P4w7FVgX^yu+2y?y(WiN@j;+}T5U}jdu4@B5&8D(qt
zO{2P(#r3y23N1u^!cSDmaf`6`5=?Q-R~jCxc0PUy2v#zjfIA#gK;wIUqrV?|Vz?Ri
z30WWku_m(JmMLNR^vj%jG%(uB{Ibgnoi|&9J9^DtIc#1!1^4=D&VHq%_0Gpm%^BRt
zlaY%7pUAZ-Pdot09SQ=Q;TboXVkDErrW(a^kpi-(<V+T)JQ<dT4T`q84W9=e?QhDt
zVWdgOKTmiWx>h|Ncp>`E8S{vfqJ>uY8w|alU;slG#rC|ZI1DI_DTYk&=BLM9W?t#s
zDVw)SC}@plJ;Z4Y(bT`KiTDHX`vzQJMx;O$f0PK-)ih?nRSY+)y_rbon!fbMa5YCf
zumEfo_jlOi`@0XqJJgl8inFbOKLBrJ0r(=gKaj<dQGMfhuXje<jPrX0GE$%vq?up2
z`sHk+EVVN>60caCS=Q7EEM>zAK4GRYC~)E0RSKQCm04$>P6aB+u&ON(Tl>i+56Eh@
z<%6&mqd!jwx(Z}mu4SW3XysW~bj^%buHV0^E?!_Th|w<rT;-}$X=Hi5&CJDijz!i-
z=P5AxzVC2&%(KG(FVA~DY5w1Cf0VudVKiv({Qp~dEdRe8?G5e&l%E&eYCw?1%PRtd
zvSsT92<2)e6u)IZuJJ7jjjRzEEI5sg-3Uc?%8Kgr5$kMCXfi)l3W%)pMmG3O`EYhV
zkv~Cz%ID7wHud-%vw2lc#0-B{6*g!pwzs}RrD4VTzmYqjR>l9ed)fHk(V*Aet^eD2
z>a8zNdIyx<#+v#6?aG<J)Gwd^-$t*_X<@s@7s~%%FeLf2n+1iQGXKBbTv`7AD@$&b
z=qCl3uT)VANAgc`q_Cb^QqH%#{QrNd`=X39>kqv%N`lzfy;0dS@R|2t^8Toj4c-FG
zSKcFqwtsun?)lcAQvIJoil#|GHgE`VRsNsOu$|Ta+oR4-|KG+V{C{$=uQqcC&_hvx
z?-yuGem`DR{1&I~C@zcsP5W8bzm`sejUTQnUrp|Cd>dfsnazKIf$wqULld=%kXaoY
zMiEJ~IU0o6x$t%_ysyrMX9e1<HBGJ}RFs0c&JLn|X318^pHLyJz3W{T^q1NBl*(Z$
ztvUY2BsW|dtLJiry(=EyQ#hw9!y@YkM?NO_vVJQO_O{T<(~oy<UZ(@PHJQksz?u&E
zX<c}6ST1C`rkqrKSRpTK4B%QUxl*ofv_Tyf6;c#Wp^L`Ydt9LC-jm@PWl*bHbkd>z
z0!t5ja?1~>%d7I0T8zL-p|2MtKASfY#xex;quJz*Bg^!1qibc=JwCXt2x{HceCJj8
zdY_#AFWqtbHz-`5CJ{QBBlq@6_y0P>Zf^gt-yQ7i|7|?N#%E&;&cY?n;C7ls0Z()A
zU^jr^p%$~;p&z2SW%ANGJ^|o}i=Q0uT>Jr?TXgS$=eOv7Po!0ULU%!m|BBqjEBb3#
zg_}7wEJ(ph$UhAbRGuf!W};yv<L}wOCNwXJ5F2`?e9i2GU8*0F-u6zTu4wKY+POea
z6hT0fahD(Ckmr8*Ade)2fBr!J1^iI_OJiRQ0aiPQY!C|T@nhaT0WgRW^zPLGIR#2E
zh$fW6R8p(x6iU_cHj4^63#`qTk~kJfk@Mo>^x_DB_n}Y0H6oM%IHf2CC|vHNaQVh3
zbbso9LLQ?e=d$h2|8n_1L;U>UB@AbeOark({`ZEt{O_awsJ)Z_+jzwNUx+4gNWdF>
zhX~~{1i$#RIs03jyM=`Kvrx=Ve&9O1Po*R9_3_?^E*R!MAVF>t`}F=q2=bQ6him(j
zpLBf~V{g^UP`_gvT_i-F0S=kVbwRYbKbt$C4V(bqIiM{Z?gFTNA3aI8aI?85)Td_A
zK5I4+1dwScraDW9Pk>C_&}y~v=a$up95cOxdBFUf4_eIOz%&m){wTPHl-aO007{U@
zp~pFwA61v#FyL7yL`r}bdTK25H%q5nYKMZ89fgM|QaXe<?SFbi9840bx}&np7xl(+
zt;lj4Lb&>PyBZw{*AB6=xsb7NnnL8cby_QjiOLM}L2Yv97zm^ZA!2%sh0e<+hgnaI
zEI%P@<X<rgus`<-NM)S*(OCq{hU^*zn7k5sORRTknvy?&AJT$mGXntZWC;A`EG-FI
z0lwP<F9IsNtXko)_vA}mQohdiHK!+~f<}myie9gcFcVmN;Ki&4#;oWAP!=L_U7YjI
z%oUtpq-v&E`~fKDSxLUYsiaE%&&YrB7!7ch{?{Aj^uN)tx6}W&@mS}7nmpT#8g-s_
zW&;Y{h7#$BX<enL*@tmz>wYT&0akZqQ>vRRB=QCE0`gB=Y!v0yGF-&gIo7=P1B&t@
zEfPXc5sFT5bT7RC8NE-rwm~bOyhuvzq69`+kH8NEG*bp+ii&Unh+I-qiE%UyT6-&X
z3A^!<#9-?nAtBU7g6He;0|f36xDD~0U_q?~PGh_P_AtBz0iu5unUQ=7(5EQyU7rT`
z9O9KuhXh<0f*4Iv%#&O3spt7Ia%ph?k{=|4)SdJ8CTI?qK2BoB+EC8`29NOsPG|-P
ztuMZSgd__@fRhk?F_Dwap=GX}YM33}NjsijYpj+55aKKbW?rK^1Oy)D1ZE`?;)gTq
z&LnMRYUsxS!3=(ggoWnvWqgWbut);xM}eyBBaw6TCGZ*jwetvvNM)ANY`)atHa01A
z<~mO&uJelQBn_yUGfg7w6|kxOy+S81owpp7Yy~deX@)6@&0}ojId|c((59-*28t}D
zcEZDyCGDY5$>sbIFnx(nf+$A(!aAOi-N-v<;;0p@-DXtwsips2JuVsSD*bQJ$?X4h
z+r!=YukAcl`k#8eSsidyaQ`=^2WGmnRb7ynZ9i5Yw1L&p3Dp`>rV`o^>uY2R?nYEY
z3yBA)hegQjRKzM3(H{0Mq$Uzmc0GxzXk6`Cr74p11kZY&^=hwpR%y&!Sz7GOt(f4?
z^UXi00$I)^CdIxEMbgIg`%)%z`d{Er_HU?rW1YQy+zFsn`d_z`&Hq2@wTC<XZyS#}
zDfrHA6va4-eMs5g>ih^7kz?%1W7S~ARo*7+MA$1jvYjpj;(BpM7V^Vc%f&ImghAV1
zcAT77ys-w(_Hpoa@UA#+z9rnpF<u}#M+v!10<;#*b<H>l(3imdJe<WSJx5jtX<t;S
z#<u8=<i}wulX{PF;Jf#0per$nc)e{S{R@u$|KO0qV2r)vgks`Cria2?2!0tKuhETp
z1gnvU61pGG_Ltqqp?!j4+I$N`I72Zo?o(QePguR?LI5!@WvcFmRciwyu$iue(M+ZM
ztwuk>gtF=JF%Xr$svblb2OH|ZmtGG4bWfrF#~mX3HzI4#<8Odkq5pM9o$UVaus7Pp
ze{baxZaopoN5C`*U2(RGNr)K=Q4A?Ft;H?Y%0p&^4AM-l#S_LlD<nuZFI1?LU`v_N
z;!s-hlJ5ZDp_rdWNkSJ4d-7n)RWhCWpMcYJ%3^O#998bA$KaXfuQHu*;aWMc%=}kr
zEVZi!KtQuDy|%q{p~%HlR3aBHW>!d@Tg@Mclc_HXl}AN~n;eLbUihd%_~?b!0Hi%@
zv7S|&kSZ95Jy3AL_#YrfQNaFk{$B?;H_k))EYIsBV$Pk~y<8fn{fn5brAMqFk@zK=
zp-*qQ=g;~7{t27^X*Uo5^+Ns8{NH~x|F`<F_j~*0u=82{eC~)QY<H&Z9_1WkdP6y`
zE$}uW6fj{b0*Dzkxc?c300z+<hRFiOzAL!Mg+%z>q04k1a89`+NzMcC*XCbaJTjAY
z2TTxv6f7{IYyfmE(#l|)8HDVJoWzK!L7dD&W-&aMQYC^!g!oSG(>(!k#C6S~<A0ZM
zsF-_(bd!H8z3h>k_W=1{x&C9ijrG6N?su~5f4{TK|FV^*4qIcYcD7cgWDqsx2=W8G
zt#vB7388qgW~C{{)MzOu0akQPA)3k$9)qh~@?rvrLRPY@cGme@r!m#R%Em;Y$2X=3
zQ`wj(RNdH@X3*X9q))N@52M-sjWFxqie#uy82{VuwR8EuM!jA9?^d2_Q4&Tol?_*V
zd4xofJCR5HR7iu~N9c&BFj0Ae8)o*LT<#p@01^=2shm@-^f%yb=yZlnehlphNK~|Z
z+KHz}KNa&oi31|8nt$5;zjl9^i~sKqcJqHL&+7S41Pd^3Nd2|X3H8JQbgEN)JP$D;
zfv`^bU+O)Zy!^^m_DTOxU-cL3?Z3T=%ir=paw13NvLe)zDV?dz*TS0??=%+TZY~D@
zNFR<=tpSj}Pv5at#XHshcd8Rr&3}U8t<3*kKezsOd;Q(~-^Npa{u8zM^ZDsb#*m0i
z{PIur#mLdWOe6n_GzL2j_5>2&ZNh}k_3UPCrYR|9{$lo0PHITV9gd|0u+jJqr|OeD
z#q*!vFTQ}${!QwLe7F!;<^SpSbMfEZ;V%EfRvxwgBgPwi$OJP!Eb3eHkLAZ+m9;h#
z)?Il`SK30&8@j9to(>x~<He04HA2CQ`&c`^+jiTVG1^`l0&ck99Wh34VFa4s>{BFy
zlS3Rf(ITSv;D51dKRV@`IBJ7Hol;-G$jP-^<@YZ{Kr|~;WI!H&?&A=~_b+)Sf*GdZ
zpFb@B<%o7Krui0EI`6;q4EesFGWjo3yX@b<c=qTmfK~Fp*UrU%cG^4pZ!3?rKg$Li
z1U{jU6#g;`8Uy!rW$dY)(XFT>n>yNKr`(Zg*<Nt6JEA2AeWEcuW`ElfS>yoCWN9<9
zvsq^XviV3_JTE-cm1z`!mYKEnV}dCHc3i!@0$f88w*<FxA^EZ&FrM+wT8;3x<?XB+
z({KOUEfO1eR>^<%9fpre|FK&CZ)f*^M}xsG{(mcvCI97MZ*U2a5WkC6K=)<C3qeup
zC__tDgJQ|mg73v*wnCH_0cqwBu&qF)d>z?I?r-2(CI3;leCqq3M#FwC{&zIko&Vp;
zW66J=gZ8mvABD^BLge#)Jdxi25<KTgmou4$EfKt#^xCU3Dx}$r9o}J;V_RG#Wn2n%
zTO{I(9ZSosK_cAutiz6zw^b|%e#l*F8j3i%dl3fre8owfUUGjSm*7&i^-A4;c*U1h
z4(_=<Y#@8x1Fvc9Hxw>vne|lm*Z}Zzj2GsW5zk{ZC5D;jDqq^K=>8H-`8|+sjHv!O
z^-<ulKMU+So+uH47Xb>vi|0%52e?J|WN#02_Cy9n9t8XgB*s_p2blUXp?d<Ag4;PN
zGIwid9}1U0%Aj5lqbZwXbGSr+pNgOIpkUMQNB-r27yrh72%ML|ku95VEc^(L>2VOv
z;oe@h(*<cpbtJUprba%EsBKxVAbFl3>HX2qmjak(0rm4Jd%hh{{>_@?2D+@2KZtMm
zd|P2YQ*7<wFr2?^mHt5lwg2ek`~f9oEW#&`@gvZ=MfWSP(Jyb&y}oyjBVkOtERp4j
z2BilJ8d~!@TLXQHVCbpqUvrskH5v59*=!sgQR^bTlBqbcXu0%a$Yp`#VdQaqRa~{O
z^;~}7wZ@DsjVjFtqxwIyZSw5=ay+@4pLKPD03T?vMigQd<};C1@n6pVF{n`l-=-Gl
z1mjH^FQ_CSJOMwe<g>oGc!78}Y2Nlr-a`l`7zf!D7NTvH4BBYWVJzj;8rcHovlo>t
zXr52I9&9`H_G89lCH;Mh79x4Fn5^c>1SMeQfuX&kVQ7Nqo>Y^HQVWR&N)q|<imD#}
zVVnXfo1V|DZ8f_{jfo;>!H;~#=!82S_<_i~E4bpRlN7yh;Q|Hxkc;d|=2*>&VURtY
z;v_6cs&1CaX_H=V4>3m%#$vbS@;=ji3D1@>)`~u<;SjJlJ|0|%$xB5_#zyyhLxUuj
zqZgS|J~hvwrDqD$WZ#8o<d)1-Etkjh)^x7hN@c3*q`IeqrCuCm^&>u#%a-~s{uo0#
zFTh>zVz1O3^5A}Sa@v_i3SCet?nM}t(1+i#pO!by$m@dUHM$w_M)5~)ZhRRZSq=XW
zGiILB|3Ao|{~irSJO9sCo}B-OjrPWzKn&RT;s_Fb*|0OH)G=V1sHS~ttoahB0v{58
z-L!o)F!bd83TjGg;Cq=5CK6dwyr!Fg!TAxOkjD2#UV;L@!0L34e3K)Gd@<Ua#5%Yy
zc5qBEov+^!Ie0OeiX?z+{B2~7O@1|&tXQFkf{j~|6X8KNJEx-IMks8w@G^|&>BYs|
z!j1w^WtP`5$}=W;tA;&ZX^q#g#Pb%_DjU4i0^hj(Eyt$F2G0#sv1(pAcx&0;54XM_
zXM3+_dDpVLA7FLYv$@x${t9Z#b<IxiYn4bZgmkhv8zvtUIhh5fuz#|>V#_>@do?G0
z$y}0ny)uGFi|{iCfg_nNdk?`-)Lsicam=L<w^fF$#O1-3tg=##D=gEch+=>~`GltT
zpRVjxv8$(K)2Y}|@FjMh?Ci_TfG+HDx;0hXon@{~n>EwRhQhE<d6)!eYPDOCn(YQ&
z#SwVhh=QwO|Gn|a<4%CBivQ}5hFSY>*xuQHTX}N!-<yraeo5B(UhF^7m!}B^Kw(iR
z03V8Geyg1o&no?Ex!CxOmRf#+gb}LRS-Qmzd?K<uWp3>J0?`R#6y!3X=#UFk&;+ss
zYr40ei3?!G`NzGgD7x=5cx{#ZS9eoCVg8TNpqGpP9d&o-f4A~j^8aTx*qe(2Q@rzC
ztN>|eHo62bn|O(R4}^XIc)k-98<!8H4h<tTK?_EWlkIaVyv5!qoxLU|m+o=tdp<mY
z5h=Q-LX+eo;wLOy?>?NLo*&<w9FMO|FqvD1wIInB*H|0PzN%Zb0DVO;525JnV*&#U
zGLMaVANn87w|gtjJr;Nii*WkUb{Zz3|1m)_NUbU^ssNFqVR7YvsG~wb;4piB5hau@
zjtTVxpWZvbnZ+=g`z~>Sv-CZLi=4+UjQHRhq$$uebR-!s&oOw2L%5h&+Rr+v9YH1#
zVE+_*S&IorkSp(8=X>cfUhw-ns!TsU?X#D*yD)GQCIugIbJd=O7N-isC`k1@{^9z6
zvdW+);PwBQ_fltO=Jo%WP~N{izWTKkkoZ~-E7xyL5mD1<X#D>Cw6q=m@gdFdicM1t
z>K%;YP^-eG_x8XG^pOoUttbTA83D>0uj)~r*`zSn{Neq4^*Y8$#BXAUgsns3qNh1B
z@30ijz0OlG4=B$&;trqVC}K#+cake_9pGI550d~6V<=Ms)T_*gS=Q%&KM=&t)!B71
znEk(j>x<KiBXBXDq8QAg1Q5i}j{`phF%oLONJSk&>Ms$PqhP`L0DAvU2o-vXoW?I1
zX+v<QF2!2lrMM@`@u$EKiSHrcf8zO8CAT@5byhISYMG!>Yt5qMK^9HS6|SE!4jk^8
z-rLK1vg=b>%GA@#^ABg2Otc>VbpGc2`uyxlkX^~oiiJkHu#GtDJ4Q-B1Xm}=Z_YAS
zUm7funar~QPhbF?ES2pAW366&IKMjo>CM^A>Dh<#6V)S!DNIhC6#(dq#o{CknXLzj
zP$(G_@tN$4Th?B*0gl0prwESsUh;P_;`0xnaG6!fxGci4Azac$rWGgQF?ml=%mqt%
z5k9S1nLY4ghGd~)fmDlTtg4)90?PUz-d~+v-aH=4qaiSfs6f1a7>L)G7w^Y6j|Wo-
zp@hjWraxaXmWmPd_(Zz61Rh2rQMTkgez_kY!_*QXObe1X140U>M1kOXq|JFawi!t_
zbjh0b14Ql#MT<PIy~80Z@&E!{4R0>bj!$nc-o5$9&E>^~l;%#ysZdrkek}pC`6Ycv
zsr6$xkMc)c_}enKk#H1!SFWK|{vUq<XGmSf_&_Jn3ja@c)a_^UKaG03^WR%}a`!Xv
z0XGu)Y{nI2vC((o56bjt({W)O{DnA9q}?^CK`ZarJbDEjUeZJ$ck8c(s=WeeNUySo
zxvTsu#rmHC&1yq;MIMY=Q7acyQ`gI&)KD2Eqc_ea_=?p^?W-tETQQ0-@hLVgQe8iy
zD#gcu_u~UGqHwkuR4AN16o)7Y0&!1XnY&RBwUd^0fO9^5hv_&*1ckIBMcH$HnVyeK
zFPB}_IS%gNJz@3%TB6v}KyogtBD{4I>wEkR8m0h$T<yO~`P=klrFazKS>*=QG}af<
zK1TIewf+bG6uI|q@Zih;Yux|Z9*wf=f2XtC|Jll8t^azkH?!z#aNos(Z}eu<i~Stq
zTT|#oF}k8Sa>TWXR}{w75_QkT71e14^a;5RaORXo@*iSV$f*SBNSk6%T5SxSm*Srf
zX)@o88z(1jS#jBwhn+6hIQ<Cz7Xwp6wwe-Ew#@&nae!Q{ZfP%DjH<<$uUueF+!>f3
zvtF-q3~UOTsEA>HJTW;!>k(77oJFaKu6zc`;ZKjm8*!)EZb@#<_NrD!L2)}_OF*dU
z4lwxGabdtOv2fDayeE&Z8kgX7v)z;ds-+_(r(xmzdsq({jMu0rc<RYInLVjcvZ?kh
zdO3Da*|SRji*QVz`2PQ4ci79_|G$g>+0J9>e|)evnEj8#`!19}*^{S<{v;?~`Yw70
z7wDz_m1<u3J#${bw!tIp2@ek{NEo2@Csa+J0C^untJTWw?%5c$WJz0l5%B07#T*(0
z+Q>D|?G(eKFrFc5xuc9#a{q7q-p>eoVrNcvDVO3&>K2utO@)`yXO82tLtGa9N=~B{
zsBpQnUy3pzPATFOeYk@uT(WCX>@T!?HPf>U;$vBKb7+?zK~HfoLED;wWZOuR^QHLH
zU|4%pgjC6*^;}P`V!q9hbOrO;s4H|V?loywi-AjER&lV!#kz~-yqw|Z@>WcqASIk!
zLEEa#GsWj-O3pQ|<Zr9fg<M|7>4j{***?`fm8Y4bWCZ1U!Un6D0rR*P%w1h*%;2zj
zlN){h#fY9V3h>7BP>T+8+6@(vD^uhZc)?F~+Hcd7Px)rc&R$VB8poJo7YC-lg1S+e
zyTYm-$-3%L@e7Lr>SK9$*%SuB1iH7U;=5iu6;6fu01Z-VgHN|*_o$GTy6h|2(PDCC
zHlCF<6}!q7<wXH|FnB4|l7x`bBZ(q)Ns`&Da03}6oMS>$aO#)1jWJ)HON30xFbRV7
zCt1}Zl&SFlv-juSZR1FzF#i0VPl3aq`xz_OTD;Hr>12Lx$DQ__#P(~ayU%?yxj8fm
zNgPuILr`)&iNE`Muo4>=NwgAY#6J>?1PX<%P*tc!zhCb^2k)jCwd5f<oWuMMWw!t&
zTOi6oK+SisL=X7W98LT@A`<aEHQLE}?I;IiVE{B776uxH(b%L1u3?^wb|^6TIgO(r
z%42G@N;(eiqBz!S(cZkHr;49JfOAqH@G->9v_k@m)E2`nYUBn#`;#<=TV&<kqbV~b
z_QAW8ON#pMuPzzMq0>mH6DI2=nNDtC*5mOp$B>j)hJd1Y14T;=!{ZoJH*(0Z!e&=R
z|9pDgLdTZEIlp)Z{Na$W*~;*50UygEyvr=tIzdMO#jNSGoLNVYVVq*doXg>3W@qZe
z5~*XFk)s6-hn!{q)*{mn_0-D$>`?w=nKWQ^_8+^uhX3cz_QC!-|JO<$k^f5=qW$9I
zC}=MYm=K@MRkVopJUs&D658!n8%yXlQoc0$OQJmT<LKYe2u95Ab$l#jH$x^DpHI1X
zVv0T#_-h2vOw(JyM0XD2l32o|u!31NY{`izm%^Z@7#u3%9^-a3PFF}xmTEw?%rgZm
zvrh_puIdde!N?&as8+VZ*rcfA@fuzSY;IW7-Ena9zxq*302cCIoIyXl2fl2*0Pp1J
zm8rDZIs1<2LPQNJzy^Lo&SB9WVbI7C7b8D(hqvomA#)TYT!Y&<wwzdCSMbv`BCJXd
zV(8<XVr&h_7MqHDb5$slq)t1FB~_s6u(Z&I>R4@DG*Jv2VZrOht(0N>*3|X;f9lVF
zbOV>X0H{9yw+B1hd#3(>Z*Bj%nn%<BU((5L>&PdtehlS5?@HTd9~3T;`Bl|O9L-<?
zG4_B*j;M(LO;%|>O?5L63gDe#3!-UNgsNqfrGdw9-a9TMKTQuuS3xz^b{Rpiid9KS
z^~n6{0CaUmgBnH{dF}*au5@=zOd>cb<L04SNMH?Og)&0de+%rl_}>=WRSaagW37au
z4#xuBV;Ib3<e|1#{HTdvxDlyLtEPZ8^p7{xy^R4bV;3WZTP!JAdO=atHMpQ+U%0N%
zES+Fc+JM8=WfUu?ZIIGXiT!ki{>!}*C@^JXFJ%40*8%}G|AOGn7C$PCeu~BW@IVg_
z!~Dn9Ij616YK>*s_!M?BoWRdv2}JK|WS49;@4P+8gY+5&x8Jf4?1)&V6AZ$)!hgk9
zWlP}ipao4Cs&~-@qN&rUq7qHHQ9X^)m*84+3>xB=$v^^uWQ&YsMZcdYKUwssEw<9+
zDruSGm&$qOVup^G^XDrF(-V~5y8~*LoR|WJ$vU{>zu*)Gpl~vu!R#)Ja>x!@aetg^
zD@Pu)@-@TuEzCx+fKYsPwO8UrL6c4uOmoEac&}jW-(SN3B_ZLR$x%Da;Ja}K@fgJ+
z;lrmv05Miy@#c$aDa;}iir<dlD}w)}NN8p}>@r8@kScnnChBl;4>G?#gU}Hj8^*}b
z5B5CL#hm?nu;*DBwwm+LFTu|R2krCQCo|hWMOUKIn6Wl)T=~Ma1tU`!DuzUO(TjoW
zne){F+sky_1SbY!8=!>6aivAQT7Ft%r5vk|UFphhI7*O;<^nZpnV(4&vj;{M^E0WU
zFL0xR{*e^dmcLP2`v#t-%k&TR)an0<SSOF=|FyldyT4=ke;w?u^?$2)H1_RE#@uOz
zbCYZ5hv3?j-n6X<EMgs*{Fup#6(!3#Exn9nEsED}E~@xm1<ZA7&lNIh=C}hcMz+9$
z^O70-G=(_FN6!EV(&-V8r!Am~&%Gd>GSj39oS^K!v>f{k)C(-7SR75FoSsYUucK$W
zF32p&n`J!hrH^rxjKE-vS;8>;9=hzJd<#sVPc4t839Vb)qls?y+=<gG+n3#04h3b<
zDzR8abgT*qx|tCA`to-fJ*;Iyws4oecbdjJ)|PdIq&OnV87oozREggxor-fu3x=qR
zOs_A0ukeTn{1}pHcSuM@P0~jf?_YbbA;1#=?uglndK{Nqv-2&QVW=2S52f&H8Cw*X
zJ1owNPDpe7@Z7KiVT08Gj6Pz9nFs)u`nhh%=p;_Lku=L`AqP=Mq9nDSW&0qkL70&|
z&ooow-_cR@&Q7a&rH4+lW8BcC!u`f!BfrJ}Dy$e#*mqc*sOn8>SK)R9skWN0>_X{n
z3U>Q?Xxmed6sCSD*=0>6e!Aog+F&eg0+Os`wMFM1DDs==dtEk$vXV6OG)kYADc*CM
zq|Zk&UV@*gSy=fhXRGBEO8$}q9u5}=V;D|j2nOURbELPAhG3L)MaQfI2I4k``d_mY
zmCL82R2HK_RV${!5yY~ASvNbMxtSisO6boVfr+07W8j0-&vTfyWRJKAJ37Y^E^G0U
zvOjF!E_g)G+;)tb@ZjLr$w*!Pegx=E+fl!t!4dqtJ)q6?v;M2S-_Z1|zg<{$^`C>c
zr*BIuoS$F*vGYo;K#>?h$_LOfG~9Op@B+eKc>i~E@Xvqt-fwsR_Tel2_x+&zw-3)d
zo8&F|^XugAoej^f&iGRTL8-R+{`B(Q>$m^-5dHltq_6&0=kFW3g#^qpl)c5Ha?}*`
zHZNm8O2Ao?!x7!uaMT0aoh`8WYmEGyzZmrP$*Z?f91-rHz1$xRCLJ4b9r;a`AsdE_
zn?LPe_TTki_uuyaA=-LPARDEk{$<pE7xiC9{kKv7ACW8@k-|F4Q37u6$rj>e20MGC
z(COzCC4`aYuXp$0K}WX(k;}+5Ct*Xw`_OT4W`Uo>5n?8;ypE8zSb4Uj{$z1^{TL(Q
zhavEo1mgi_k~su-5Zw7m&KO%}mq>jAOtz>n4N)Xkfy4rOZG~(Xd+jIu(sMy|9-n+5
za%pg&4Q1D~YLy+R=*5N^ZDZN)7(KEZXmA!(+47h(FXy-8)<T@9tHvA$%N$3Q(q&EK
z4z=kl7>H1=#m3^Kbf9dE7zjOpGC#}N=_NRP-9+2~C$Dp^2rYd}D+-(lapj08Op4Zi
z$DIzY$?b-@PRxw0<YXJ7I7WA**&)g%evaL-&gi`l3yH!Km<syKu{UsbFj!UIWA>Xl
zZmPevruF-L>h%9+fc`~p0c!OBhdcXb{I~7h!?peIN*+yfR*;8lKJ7px&S-`0HWt$l
zaV=o=snyE?-Ni^IknmWjeGed(gGb}VzoT>~WX_c6<4ia$3r#Kx|BhkiE=j(~Vl;Zb
zyBy1xK?*vfquZ6-LDU}}p84d|yUe0l6vGibC2~ELz$_4D1?h#jcpX~Ricj=z9tHuL
zq?Z{QMlrReB&ViTNiW7sQ`HL%78s?nxc3GHemq7v_gK|f{1%PZG@7#ifoaMR_^E#r
z#ZewXdV5l+mx5wV6-9bP6reEtFg!9j>e@;GbSv&GzGyz{qyg~$gClr<HHKk^QU-zi
z)fmU3+B`_oCTuKiZOMt)m@B8+l{DeW({HtRZC~>e=KiwS@D7(yp~{CDj&KeW85Bx+
zQ+^Gi6tbiz3qXlQzObvciZiki!dVnRTbsEtL-CZE9B$5c;;@Qu(KN|>5f<@M<kB*R
z!m|cPE5dN~T;o-qB7&xaP@#Aomp%GWc2Y`uXG7ov{*q?wV6h5lyo3q#6CU(I4<s}8
zG4K=MV;qf$P{@YVB@~(qX2IKtrYiV`nYlE`&D7zwFw1?0mS=z}?J25zDKNO0!7PhH
zZmg<Yk2zYmLhTw&=;{y!Rku}!QlM8cMum?%rqMX=Aecm>aZU<OQ-&0c=)qMG{xF9b
zn2^RC{^W*EN3dQV|C_Q`rebHN>roWEo$4I7@hVTk+rI6pInRX&>-#9lKj`+W^fV&m
zPE~5K{u!9gXWQCZz9@a<i}3r(pnEE7?O6wnb+6M1ib8(eJuG2u3nlOvCP4W>*pX}s
zw?HZTOvx(M1{)XTB?y-RYJ$8$ZW|0w(G}0WW?cru1*f*Y8r#Q%#^u>wmlc}ofz^Sj
z=&{ii&n<|xL23-A#F?pnY=Mvv(1u3zu_y^WuuFxrrYE%386Aw}CR>Wp2A2lad!wsq
zl1CHBeMUS@;`Dw`0+cYQl_@-Gq*&SR{MkI3b-lUYBuAqL<LYcHbIR>5W2bt7y|DpQ
z%@7HI#wr0Q;VWKZ`k|3QKxsczse0j+tpb^2T@zXPLX+*dSR!qSyz(fsGE7a08ISJD
zkFxxVQqqPxJC-WX=3sf$ND8a5(oXMZ$Jmq95=kQ1i_sm}jD@F-_P)ceoDB)7V5;x@
zB&Sv#H&GG-pM|sg`30>-Z-viK-+lb$?EKZo>(i@0&Q6TfqZ@u0p76xgRl1=nUei;X
zIQ!$|)DvLM<3O~gTRriYo{4GMBCj}N^`-6kVJLAaXZ0z_w+QE2`bZ*XX49ldF&SZS
z0|S4GArVH2%$Xw)jL}^}0WfNP1BWPs0N+J<FpiQDDdQ(7AHxhxG0a%RzBe$(baM1)
zibM=M`R(G*a}f9`Dd|e4Th8bL(*n(POqVLxBJAJ9@cQ6n!Hncp^g)L{&+*;}-QwhL
z*1NiR40G&>s^g*p;d!<NT@hBw-^wc2r|)RO*g5OGp101g7k{3gUd>nM)$z&4i$6}U
zuFhVS?C{pNcnL>Mt9oIEEXg~{;l#xa>uuMw#yF;`JqoY&J*Du;q(5%U0l70M3eBu;
zXz$%NHfA8?-a-a7qybEJdgBhV_Nu$sv(y+(g0j<Yg%GBvpQe5cHm6DSNle(H^EP+?
zNTWn%clAzTiYw;O&1@-hTq~*V)=z_{&i*5Z*(6F9jr_`<y7;f#+xw>f=ib`>V>OSS
z|F@XzcCHQ;fIq}#q1K<auLsr9FC@(g#MmFfOFtib!1Ib1BDtz=lxtl-s8Cf}ObhlD
z=q6uOurn$M9iL4-=vB>$tv6XDl2uzx+3TYhZrD~)JzMOrQ4Brc{mKKDyhCr$2wx<p
zS%xytJR9u*T%|c;=V60XimCN=UZqlzAvV>L!aB#d*`)C`BYIjgTW(EA0d9Rd|2R+G
z`LA5hFB}4*#{P4Ee_);e2Z!71^M4hOcK$1q-C`Cv1?msM1Ze$fn+ceqm~A$fFZ4!$
zLU;|c8O+W`3Cdt-dF!BL7>y==>H!bKAcIEYU?c36X7r*fec>llZOy{$UFUudhtv2P
z8dneuwys8@uRJzjC$S$*-U&L>JV>k+Bx^n+DOW@@X9(G*R#HH^Y)X&K3EeSr?E4sI
z0i>QxWWq3=FsB<Q<v*lfv(s1ED?oUvV{?gxR>=~vyhF6b_H@m*=tMd@$L+OP|GEy(
z7-g&Ji?(=Q2Eewua=n||5{oZvbygH)3NZcWgxw^|#&jq$ct8osqbpS5+2yC6{8GZj
zJHg@UjT0DuKMyF@euh$iB;-UFf<*zBM4;-l9X+ekiT#92jMilJmmb&*{0WQ$A1l+-
zqf4)u%8q73fWzoB@cNz$#cI8sj-!GZbr;WlkrT=XLzLb5SqO0K<1u*O|FAgj8)-4-
z<}q`Q5+Y~)hH(B4NioO+-Y-!YWst^G^<z6epRevOduBIvd8}dyn7Gv#g*gYX0MSG;
zD;q`A5I{$(q7x05j%m0ezzI{CxjHT?X_s2iPv+^av|F(-v3q3XxRX^9ndnZgWuru~
zd1*1xhEYnq2HFrX9f(DgXc_*)OmXL?-Uc9R87e&}-d2PDQV|4UUhY#ncvV{h<EW)^
zV2yX~;sx8(v)?x6Wea|geiflhtL%A20!K#@CG|L@%!Sf~>p)4|{6<YJ$xYZ?a06R-
z;rPpqxiOJ8isW}>@%dQxF&eTplalv551=y!Q0+<XK&{v}YT8h%n8d3n<!KT?m4WC|
z$QaFN8>5ETaI_%yb{TvpL_sy&ASF#HU{VvyTCfgIrgTgcB4VSi$Ir6;M0k2yC63Z@
z9J2(qJjfdcL|ji%i2I6_2w7aLx>;9dz?}HE5MY>KNHbE-g4~tu$+060fSU=I;M~HW
z6%>GW)CyJ9e-5r;4uUDp(FD-_f)Z+mlEQ2fVN8whOX4W05u@Cal>x}>xOzqkT`H|v
zLL<r=RO?aGn`Q+k$d)WhhN$u86#PJ+zQp~XW;ThO<3hSLMKXDz539O<L};tI=EPtj
z*Hbjd6rJ(`cjfAK%uCJ2Mwz}h&xYlB`o9?AyvvLvT_n<I^DDT8_m-8{hUk;2>ZyfS
z9yYGpjD%{{jArYuhz$N)$E2qQQh!f)n@T>Mvft$cSy+{62sXGiDy+e@5uK-Jirj4X
zagJ`(V(Um&=}N3$Z2X!~fSYEo`D*JlR>@hKLF&TAWCza9Qu9pak97kn4Iqar&ETBE
zAR0zNRr<+|A<Tm@46jQTywL$C&Q5>ExfG9dg*Y*BsutZim!MoS3E(RjMj6f>-k2`!
zTR~Udu5|Kq3381IdK1bU4MCJ+en6T!;D%?RbD5Q3W>S1IT}AXsLR1K;_G@ylepx>L
zWa-E`6rL=I5-qA)j7Rxjie0_M-D>Gjsuxtcs3a#>yPVc#8D)exOg{mPYEi*bgGk@F
zfc;pZg=+49X%>ra91US`AH=ZBQzi93!p|^hdLLY4|Fyllw{6`2?(QG1<NvSZ(e8iA
zqyjd@?OgrVWY(&<-4S`UHrOBE?Paju!?tdN#dR<3J1xNf>{e#(BpCX}!8BjUK*Ev!
z%)z{*Ic-SCK2R?QWioVf`0((Il%gT}S=Ay+N|RN>E433Ve(%Sj&8v78rT?QWZIAx%
z@0#@gV6eZY|EqX3`cEeHQRshFddnZ^5KvQSKK>z4b_!6Z$|a8g0)x?i(x)2wuj;I6
z<7OUYflzUBnXWk-7SikuORLNN-mpiIpFRXfa^#R=?1qq5Sf2#-&!Y67r`&CH1k}*~
z-NB)m|7&k&ZU4ENN2C9IQXl0AD9_RS104XeliyenX!i&py=v<S5M}&)Ov-qDZLDxG
zhRk4r=LdhZQ=?nqGLxz{V+Fb;Dc;?BEtlC>su_AUoEAPA&8)r1bp1?5?q%cYvK@xh
zO!w-n)b#)1;Td24M`fVL2<OZ&hWtfOY6GMR(RHQ+dK1jw6^1<&NglS8A^a6g)09Pw
zEkh{J)8C*U!VGh~iWgR-&xBbS%jiRfjgPcH6w%=A%ahuT$CAa!S>%|!G=0|P-~gbS
zR~1%O<e{+S7^}H$SnMM?=4P&#h6YRD`s7+aZ9I$ee^R1rzya3E|A(gjckf_(&Ht_B
z(fxnLq^^|!i}Qd=H-9WmKpwQl1wNJ{K#u)d8_@7^(*F>qWIH551abdk5J$o77)>!e
zOa8@-I_7f(t)c&W2M4D7zq7Z$rvEE>cu28#DrE;Fn81w2miGzs8&cy-jPFp!ObB3t
zry0Z`$^o~w!oUwQgfW<=G>2awh7pVOCaG}^F;&-GuUK+D?!{Q}pV1JA=*>zo-A~W7
zGoSfcM84~m<<tx$;TH0RT~oIJ8)PuV9_U@c82T9YOiS|cCe7e1LR03hiO}sd1>S7i
z1Ku^qTdRvxKY(h(PFN@o=K<$g_-arueN3?<6L}n`WB+_Q0s8}oDQ5<OpFtqI#D*Sk
z0gA5-9i4<Agh6(n=30U_VbGzBiAKgbCNIEdl!WlJTCf+glV0|tE0&wr0bjw*!CnXh
z)1X6di;P**=1?5Y-J)UMbD6=Ej1>i=uBq_mHzMS!3u@N=X=bh=rDff917*1l;OMX0
zJG-6)u9hbfol=%ajYs|dPqThn9H(ZbX%;){9Q`!=|Nk_jhNq4lR{Z%ph8bPGVvvhg
zD(ev*;KtYDP;dMzya`lf$nT?I%=*AgVAURo@#nsp7)_uwvO_>^mF$EqfD!Q16oV;E
zi_Sbv(k+^akh^GT>$fn{b#;V*1YR2Z5w-2-v%#fjw|hVh7#7HNSy08BOR<P4OgcBq
zpht$DdNGJ8SQeP*@6rJ2;@)J-f6-AxlQf1jiwWHk3xXjFmVlrOS%bj^rwo!Kl^T0e
zdI~mA&}0IWoaMqyWB;C>vnYmy%??nO5gCQ0*~_D3)L|=>pKwRirtTS}4!|sC>p9f`
zQ6G_KgdkBv44bksUYIWnrbiQNP<;ALD(JK+E4XN-K$ML5dol_1-875YD>9z+4c*T4
z6&;^SE4ul4gNXB^x(=C*^3jVD;k1s?=z*`)FYW*MlURYvquUeE+Bst_5i!duNAZ)z
zMA(OR$AG^YW5Wjge|Yn!A1#*ok3H4=|IY6IzN!Bi40d<c{QoMRO65ifQ{21rBTbc|
z@ZT8>BRfO}(^W{_Lg_}-T41m|uwn1MV*lAWXjBEg!0HZVw=wc<199bA<{$7LP{)H5
z2EdDwD3{6*?9BVF?DMi}s&{IcrMeqbPlp6NIv8Cx@}<3=H_MM0p9v9$!kd=njYC_{
z9Gf{l9FI14C>f#l=8i#I&mEsTHXM&Ncct2jMW;`dA%E~0Y&?ew-}^|@h*6xiG=T)v
z4?lGcCytCot5dd-K|GD~@-&NbUnc3u9QTs!hyteNsb0T)MAap?e3FiqS}_|>VaYV#
z?MXUnXVEkhM4c>a*AmWI)?Svp>RB}LM^LyL9syeEB#vN`pOG)mjHv5GcvsRO?;reC
zyx<9s`J0l=#<YE2L1ta%FUyk|Gu;6IYNlfG&Q3}!(h}<_o}K|<CjV8F?yBi?0qBC`
zH*cQ7WJX?GoxVD|{`lL)^*i>NiNXJX_g8QzDwOFv*jHu)^OrAQYJ_e&_*~w8c=!vi
zeGBi83SEdq=<@jb`p=82SKkmRCI<)wPJ!9Q)w?6$9qb<d&3mS}+;oB0zloAQ9((Lp
zH(-B!r9kPo8y}Cs&p-d=^x{|66b!})c&DFXFwLW61YZ3D$m+(uUeBWi-oFRk1b7?z
zsCeMR2k_tjO~wFaIYaE^&DqD}-{1ZA!Ycef&-i$evTx4*IDJ7!ioGVwC<fjJdCyCR
zhz~;saf%WQUu<kDw1zA@G|fR5gI%x#{;7OoLl(r5_7;HdSayM|G|&8;7CpSUvOcF#
zGLkPk{I6&T-UDw#py+`YFMxM>asJu^AHdhIj*o9Hj$fUfzXn$XNf2Q`D6rH_`?*i3
zU6g<coS^L910Vi}d`V=>bmaJM=1Y*yUeS#4fi-kRzlJc}A~cS)M+j*_F#RNChK1zQ
z#E+7~24WL;<U#=S;$^<3$x*^ekal~$9=MJnq$<N9%E0!3Y%HY(05JIuwg>#hFcK>w
zVNIW2{JIdemV)Yh^qN;&Q*27HGl<bN3s~U{ewsp@^NK+_Jp$W<3H`wq@DbP_yp5g#
z5J!_pE4Mco7$yJuIuhr>+vBUV<5$0|<V4`pTYn}9q^>S5-mUCtsKidF8Zw0P;*5Co
z<A73Yj>qI4e~SHZ5+$HJrFK}|vA6L>oxleVbW`P>HhvEtrL2<J{`Y^k0TSnaKE?mT
zVTOp4l%2K+iO`zNNk~|=H6d9cA-OnzeX%M+!lt(YA>l~9I(~Qj%klN;5%9izu@rp#
ze|cs8@UQ|-Pu<$TUA#Sg(PuHODW69xhc~@!nw&61HvdU4V*lxNJn)sRZ#)LwE;aMt
z_@a*f1L$@s@3(U}*gjM~icug1K20N-Kial6EiRhxTt7~u1g^L2Dz@y&o3oRD{C4sC
z_36jUv-8)Fy=$#oSaahNzJE3Q4&04kE_MOvcJnNP_{BEpc5xboFazGk7h`lDy#FaA
zCDzIb>CkVaL!b*1B;_ZC@7^KfiINa2Y&YL(`c88|^n(DVv=aeJ5*FwgdrR$0rUadD
zN0Omh@5fc_$LotXS1UO`$ug)vJSjRS7gwj(`msrs^5mZrltD~SOJ4Z&{P>qQr&KL*
zdj9V0<oMm$#d%5PQ@Q|;r$pw?qd)|CmavXry*)es`1|$g)%o$;(-I)kI?k%NDygA-
zD5;WNiVBZU*tmwId?J`y<Q`&E*TG0)FwJ7n?NYaeZg+|q6?DwSgLkBVP{aZ8fr$=B
zfBoBEcl%@@`r-p!PY+(7N*&a2QX#9Nm)9uHK(#`{MObyxsuI^?UhTeqpC}7e%)%TP
zy}X!@(x(XLqYSP!=BuFjbJ7EY8hrU;c*@d?wWAmMMVq{dVV6}&I+Ay7{8KGe`SOKT
z6v6E)oY1Hn7(oa3hSNCavEdaY3P760HoaJ)=Ew58=3dKid<ApnG<EeSND+!*wgqyC
zDc158@MnG$vsu1(idqcVJ6<sqA|FbaL8Xr7!$UW_6I(SMeT*<!*!Q6OJIy;lY2?EL
z=!W!XSjdl{J9a=arLBFP1yrYr@qSkqWn*w*kHN*`jR9(H3{d?TC=S<Eztrj`k^I(%
zekD%>`%kWCT+sQe-v8@hcmKe!|J**@S^Iyj<e~mw-<kK9Fi@;={c;;IF6Z~9Yumqb
zr!O7Z#vWgaJMz<U3==mU<vv<ww;BM`u1y}<&#ave*zlV4p}FVUxRK|Yc8^-^wzj)F
zIPfH7rM&RHQOn~`ahVsI*zElO2L5M84VUNHG>a32aa@VR-!YCSD1<M<2opl`$T&H@
z;qa%JMFDp?#mx!)?fv!t^Tuj{-nq2_oqT@viw&PuTeO90r$14%EssA9o?PyWde*t2
zUGZ%$Aj)mO2u#HxaopIa&IP0JMqCcgVs3+FkQVb9G@z-@ev<es0!UB|?ls6L$RdEs
z{RZa%KsT;{!uIyUpafap)VA{X<I!lIp|(4t^HgNT<Ob9I6y;J7ujzbBA4WF24gDca
zU&<obnac^1{MBW2SAJm=sC?#RvnaqPr42Vqu>_X)p)}d`wj3zuFpc>(zLP(~(?tGf
zrU;KF|L^bbnfd>>5BCn%^8YHH?^6EfHZYa)zta(JN%>zh;rZU>e+}6mT>j^ddF{ym
z9N0?b|5iF+!}})kziR$iE&o$vFQ)>)Dd=*@m11Ivd7LiStB_ToF4ck#u!$Jo2n9p2
zY`tYr9BtQyi@OAO2=4Cg4#Az^t^tAs8weIWxVyVca0w9HJy>vehv_rV`&FIu=T!A{
z&CHLPs;;{G?!ET4)`r+47QSv-GMo(E5|Th(SwoI{W^sCs?)4~Yak~TV^*C#Z?)4ZR
zoPsORmXwf_t)yT(+}wA_cg_X*{0L~R9fF|;|LWjr;yDqebO9=fp7|AFx)yJRO178J
zj1^-)gq$Y!l^OFJ&66)jf2N}3;WawcWOr7tjM~=2H_UHi>(O{sIxS;<^y2#ol*@1Y
zn==h~n?COr)dH^@Z2`3h&*b~!_`2mvFCOsZhMyj^a=z%%JoA2-AIRcnf@6@=u0Fjp
z9rX>Q4LMQUCG~;56i(jy%71_-yQ1B7TUCO4B6p5bYp;NfYnDM;prRaxMoF)2A4b}2
z!N{OLOGiAQr(TzeMVQ=50|!q`kt16Ii#{g>&F731{d=jofMs~FbBATPztc~S4=0#b
zZ~Cpi)Zh#kwukYuIw>mgXNp(5QkL41TvR}kWy^N#Cr1^ItnhsUv-f;sbl7UrWO1n1
zR|<e<8{mv;vR(n!-av?mut~s{;9sL#NLAM(56=6gsZ$TceQ+9g1ENN>8E@6bnn%D@
zGY8!-8uh#%YhRS)NpQ};CamCE1RJKKB4mmiPLjn4THNyJ{mtgFZ*W#DzWP#wF9UvQ
z>+L9dTZTK!vuU7<Ua9>t^tAFw6n<*e{XvqsnN}LNZ$+R2J5;6v%e6|%P$9G)iiJwj
zPU1;@diu6Xy+@hv^SYeKabbFmP<WT8S7zMO&EICPv+D2+HiqZ6e<e9@6e<I_vWlC)
zQG_`HXSh$~)n&^w@bG}?33h$Gy82Ro0O($;Q@M{Fl6(!$zOr@)BJbyuW=I(U8SJ*k
z2~f;fOTuw{+Ha05S!k<lyO!z3D%kM*iGk5K6eWw&(~vw5cass@G-5Y%@*Rt~+Fgbq
zTI5$0DE4ly@KU5JhmuW?LaDOg23P_`f6PCU6w+V3kg3qFcxVwx&?Gq~xzhKpMFp*n
z3?qw3-0qm)f5J61i#xFUB+5~A*(wCC!0^wL#;9X#0-@qQ)i?x$Tz@Cw!tUe=WGW`2
zjkv%LQvWCnQ#7Q3(K9yLSD-2ve0g>bDZfE}z!z0O?>hYsNL2A*Zq8%NDN}kBykVVx
zixp8|=T0ty;`FPV6c`Zfr@ogN_IokK`urN50?N)GPFK<M)%lD@f99ak!&3fjOr!A1
zXA6!(_-^-U7}Mq3AC!TWxmnx|hEIql-+wx3AS3-TI-5!89bN6Gqhy&vk`*XTXZUd#
z$oE~)AZzS%nW4la%lO9xYt=Bqd~Lq9sPH(gpFwk$Sp;_7P+4BYYjK>paaWIBT&or&
ze3ew3-D?!qKIkI932cP|Yn*uCk{G8zw+))ArXfr|ozSfus<>z1>!QV+=*^72yte+W
zX#AGY_Y%w9vPRhI;v1>l)3J7cc+L*)0zMVmE9ty<K*t-bwOI{lycs8Bl_voYh!Hm6
zy1_wDa9xVX+B3V4o8XQ!2TVE?YoMq`T;Iu%A?X|CZ%NtR{sEKsh|w_BBcM^rtme(z
z?f^vLbXju`V*ZwW*UL-!Q)9A>1=&GVKRU$G?F%bL?NEPNz@B6L>l*=@TH>J75e~W8
z!H9-}WnSwA(A(DJI06Xkze0qVo#cc`{+~D);GehMxD;k=#U>4LG}7wdUi5NK1Yt-?
z;htBfWtW&#F#TrvD4V*pSh9wAsLzXvmw#ZEpY_9Nk_&!c(8?r}r`qORS+M3D2=Kw%
z7bY{}W3giLGt}u<iYP|X3q`f3F-+OkWV5PFfv6QI7OkO1k=;}W4nf2U9Zc97Cu*to
zSqrB5qb7lQY>T$Y#g*6SniAG5gPi*;ZWo6d`Pa!($RCN|=m*fYv6X8jvg-JfB?hvS
zXl+>AK?MxZoA_5&ou8^J^~hFTvKX4G8YKlfMKtWB{v8Q0dxw<@_M34B(^^`_Io#Uo
zlr6+ADzC-nvHF{Q@8nczHs9ab+-kC*s7#}K)1D{N^8He~pO~=lZ9sO(d)2I6$k}V<
zq;X7Ccd{XvUk%U6t=pf&moip=5<@A=FSltKr9SPWk}<c*6i9fM<XN!m_A*UA7B-Wj
zhByBGv-l@)-ho+r_AqCY)FlWF(qt08HF^X#SJ&71o*{A(q@6&ExqHeOobzO_?9|&3
z=sR>%Vfm8bJHwsKh*}Pn2hBuX&s2#q^SdVUgZg6LFqK5?KlQ+fBBaCB_ZFVdsmSvs
z24EhFB<{-tGfX;Y6w2H2(a{El4j+EG1|G!a@ru?bG3cV_e$w|)(b_r9I0Y_Wo-!B@
z+MnFJYz&{nqQ097B1{E3h_VP44_cs2uCf3Aj*WDK(f;9KZs1o?YJ-~&hT`k>_V0KL
zjSR4QLDKczO1<t?aacvW;395NA^o9gccGd5XM|~}{6Hh0m{K<+t{-Kbs^qb=a0j~#
zM8N_bVPAI}C)iDWE`6lsZ{YLov%h(qIOfNkVqNj=#k02jAl22B0nbF$Cs1##ny$$U
zeUa~5Priz$Nyliv<`h|BPQ*b@{kO9UyVdD$WZdtc*+6C%Qyt$A41X{F^|-3{liKj0
z0sW%4sciMRH|C*k6TG|K7X|!k>+TeT+;6J)-b|&AAJKwVdV@J_=mlRp?^qD~)UcDe
zB@-6aO|-TBL`=*TJqsA!jN~bkcI_;9Br@T%^HUVk123j6(YUU)rX6~fptU2B98H*r
zA$geU|7;&CFKl%Sor+oYNUPrr@9;O7iR->It7Cxn?e-D1MoNxWNF^cNJ%kD79>H*l
zjOe@{E7c)J-TG(608aXAanpNzASnd_$&uR`fbhC*^H$ftbFl_?rNzWyz$I2>*L*{R
z5vPHXj)N)yI}xy0<51!2sF`YskePb=1dY9HP(k%Y@(5e{#i*zBsVSI3Npf1IB7RUZ
z_;K;*n=Q}TaeZ&&w=F-TyLbuk-~9<t0j6_8MCXA+GuLiF?`Fn%u+)dwD6geurj|fw
z)P!WvXKrv;Z1GK<JKn}X;&{vd7MpMbZHh`ot0VAPv)$J8x@}-T7x!_#*;^PA2MOcx
z!w>63`8CzXnOm;-FdUCo;4um6#OI18CGLhh9nUUrMmKK$4)dXv_&hT2iJH*M_2PcG
zHiMO*u6aA(1}(jl#6!b~bEBJLc;!LZ-{Gj&8eEUWukQ$ObL@(rlUMKd)*kGb%aA?>
zEvlGD4V>a4)MTS9QFY1`3_BR44)#%>$7{%iB&jn`{<B5I)kFAbF)UG%h7eU7oV<S^
z`}e29aI?l&7)F#s!B&UYrH6M(8R7y-xr}4Pln`gm3<Slse?y;Bdjzg5eH<+66e>lM
zlPzGrl4>cNpm}UJ{gKp;lp5r;uces%a5oVZ9$CE<OR(@IMV@+2ydmz$E@zl9v%Ns2
zFg4T)dv!WpaewhB>VtN1sde3cV|u>@W9E?RkR<blN;?*M|7Ncw_n&6Qu6TQV)wi=A
za{}I1H<KpTWMv%^CNts#6{EJW<BkTYqUoiZ-<cIZmiRigGYR0NN35|m^Of5Q&4C#Z
zhRL8Y(Rr3%(7Zq)R@%y`sqFpak;mi7-Q@B0z5V0c)49F(j0Wrc(9sWx8Qcky%8e6W
zCSrVq5vvmUepYAp2RDpD(ogB~_*SsSOBh+p{Kaux@j_2c1#`VfAqv6K;b)@JgkFP~
zajc$rbK`<l0YeG_Noylo9AuWxf@cdUi@W;CXVS-J2D&_-{89)9hpID+Bh$M7o-IDi
zIS=fua64gKd?bA3ZuFBCZ(Gr+r)Uh;<=qycp)NoVrWkSJtn8<Vg#wLji;9SJzB88|
z8e`vory<nDLOSqf=(NW2!iyH|E{uE2OalUQiNRZQexd{KTV~5sKwDc=9MF*{|4Yy|
zn=8vL)^4KzLg=pe<Xp3x<!3)lXhzchBkwu0c)vl2=)RGyvz)-lydA(^0aLpH2$w>B
z!`n6h=uIqh0&b%pezo;f7CBolk4T}GyZSu%b}y#|I6QzV?U~7s!QRVVz$y{xMa?-#
z?}n!xaMoH(BVMcf<{CWlG9e@o_beJi{%G6{Z;*uasMQNlyo0^#9Z!Je$6jW?%1e;Z
z=1cS@WYWR%ONduq=KC~Z6D@4t(ixD`U(f=0do8_!XfY3gQ5H*=MC6$nGazm45#8q%
zy?=6kX-yl)$u0_7(vvumZ1#uy>+s0_5&Smxj~9)_jGx#imx3-=9HFBmt8s3aQoZD-
z=oxzcXO+@}YWxWsFeKc!OH$}+UzB^&e7f)nOxl<#EiU+6`Uj=4KKqppe@>W4ul=R>
zQssD&f=SYLE|^{!Vx=}q9k<ZXfKNcd<_W!GSsLi<vAuM75&yW54WyeIv(v&s-mG`R
zGK05v%xVCm(cL|uj4&LER$?MhI3}nk^<)>ir&BF@h5yn{AB6@7dlYl-AH6JP_v${r
zI62!y2+Dj8IVx4M#FzNe@9^6M%Tj|r5smAF&mI}i=>d*k{yNHuH~WRnPIpp?#AqrI
zlQ4*<ocSnOQ5u4z*&p_!{~eDzYb^eIBW-jT^>JZc?X9HLcAPLP`4v7M_cZ{!<r>mp
z*(Vi$){+MvAJ3oaLR#JrmB^Lmw{D(YM&GqGhYkYs`cU5l=mwS$UM<DsXCwsb`8=T)
znc8#2Q>bo{Vo{&{ZltPDo1uVt44V?eqie~PYOmG30ne1>12uh*c`M#b0SA=i&lp*9
zoi46gP0A<6i+9R+=Z8nxn$D}_9UMLu*hxv?GKMqIU74V7bgAOhhE!Zg(3@|B%T9KL
zB-y+83hz1Kje&6bw8i|b`4z;qpOnaGdLZ#J#v9M6jJ%FVN<x{le|4#>@KYSr{QYc4
z8p9dy_WP+YZ`}uV0yg7TIh0xd>JC=Bgm>Tc0_3Fc>Ayk|)eW;x5}%aTd_&aF43=gY
zQP?%Tu1yy;avqrU*FM3cQ|c0SnM|0a%2HarbmE4A`X^sX;pNKO3{kxuKB?o;UBa)p
zde-TD0)Amm%(aQP{MQO|-ULWVFV5<Y0VeWTaNZ9_)6|vmmRl>v&bg4*QGwVG9&Wen
zN<-W{1?FXZ%-Rg@)N`2wX?6*r#D+`Pq&7HM9ba9vlgFYdEohL`?Hm%AgCLVo_$?Mj
zInS&)WCg}Fyz06p-V<Q9-HAui7~)_KE{t)N_Yrl4rY~8oZr)5rIr}j_8xkIxC+iO#
z8+pTjJ6^E!A5|7dCK$`S!P_(7Ij*-6%%}dAdf%t_Q$`UfiS%q0lITQrVp}xi-f5?g
z%@Cbm&h~E;&O+s2eR{-SDmvaZ+I50AAh7;KsR5b*wVL>Akz{NUCE7&@A)9z3_Cirj
z(9ry=-49KU`0zcnp?T!uo3op8roMxr_F2dX7n}a%V>DIxgq$!r<`6>FCNoBwCw)cr
zScIqqT|$*6hF)=VdSI4R+E&}y77dRSSz0Ef7sV)patvxp1D}=}Drwb}qYp`j<zxnZ
zN7w8Ns<a_Xb}3Iyk1qm2zl6?b1{IsSQpUUNU=0%0k1963Hg=6~cWx4s^q6!_g<o*A
zBW7(0bLpB|50s+!mYm9a%;#OH{;o0cE-&&hni@C?kKNyzPVNDx3%y24=<2q>w|3WO
z&^c-CK9C|p1!m4VDM1tEX~<yDEMo`8<C?1x?1qu%kVru*%jLIpvkM`;fAFUaFchC5
z&RrTUcZ4A>&ViE54`Z6jV-`Fzr&dw7dLK&Z8M@mf^b0hxUEb#=maGI~EeAJ$H*Oa<
zc-G9ep3xeNJ7mAHElSoO-K^<<#~xH_p@1LPiwPgmP`#VM-QUOCrGpKjYl+=fochCy
zzGK`dd7CK{#~4yT<jYwTok<?;2qxMh!}lh!$|8OP<FDWIKT3Q_(G}C6#}1}I)ROu)
zU|MHtYnR!<j#h1PkZGvTc(OUv7#^}g!c)KE+_#;Q2kZ=ha}TsUApKnQiKo2R*G>r7
zLK|NSfII`y+cU@2q{#6D4N^a{L~cLewg+*13$31JB-tq<=o5}C6Np%?(}3i9En@#b
z?`D1-&tC4DYS$YRbxJoA+g}T#mv6lCXYed2hnr0MiIDkN1M_v)&xBbkCVxTsaSYvK
z=i=(`d{+Q3W~7W_abl_X{hPc}a~bErvtaZuI4U%Oydi2aRZh5*#24<dk=_Or!z@w-
zUVho7-nq4b>N2Y~bp$?pAvxv|KG#xMzMV1{VfN|LnbWT^hHqk~ON?N5wH7@tDxFAf
z`+bG+oC?=P_k40S{|o3#Qrdc<@zQkXSrbnO)eKolmJ7iqJN%lfaAnoom+AgID@nIE
zpS|Ct&~voJcrW;ymM6?V`_<+d=Czcs7ZSVpNFu&tf;CgCgWWGUvii~d`UYpFzjM-n
z8e`){wdiKBd9MQO4s6Rwm3X<sS2nuyu9W5A7J?7nL255I1-1vy<z7W|I>p%Kf4-X-
zGvkqjJ(iZCMf#7(OM~%Yhk~0-NQr_m$*!s!NcYXS!;z0X`&@3Z;Bb;>-^P)BdS4~U
z6iOP>bi*;1emWu@qn2DGP?OQK&U;#Uy9!apH6-ln^Ku|YqfZ3$aTJ#Pl9$ysUi|r^
zM2`82qQp6AX+KPCNOHUvA;zr;{oW?jkwI)W@1puWRk(OHXE^Ii%`023`*VB){@>hl
z)#SfyEEr2KAky?_0P$7$^bOKI=6RmZy|E4xC;69@0{{85y%En>mA*060B2IPskLCM
zl9IZjH-|Gnf-^;G1-t=i#huIB-;8B|OtnxPHN~LyeURrPC?w>wFnBx@4B-`y#IY=(
z^KPvfdmH_8Sw@#%W;*y0DQua8lwXC!N+`mOU_sC29qrbJX_+uv&_U5a_n)qainNEK
zJK7{(D5bt>lyG*xTw$`JMW%{mfjQU({!b2b3YQ|ffv{-hEnk!I6E%{Fzo*C?{!wpa
z_^}lELwSRyCa>&CI}b2^d~H7j9yTxHATq%@NcVQ-u($oQ-Od|(uaJ+>Vegsr`eCm-
za+4vn+HndcCUP><kl;On1FyR=b!gS8&JRbJVbB4mo+>01&ZNZ*R#P7E#(Y%$uP|tN
zYfBs{1=4Km*7DyW=UkqRvL|tbN&4MaRXgzhDl_6U&C$Y~pQas#VJ~S#-S4KZPw0^Z
zwBTC>|9vf0AaX?kBWNEZSm>pfyZ#Q;`Re%6n>f-BjCc8ulR-@sKO^TsRl~-+!69jR
zO*>lo&{gTnBp8*FtYvFT5u&F!Y}iaWM5%UDXOpxU5lApw1RSH+Ra|-BB+rA0gm;J$
zh$bl5!MkzP;9WEC9Ke<~UJjW4lMKss7^EuXL!I=SEs&59^>{QFSyy~bjJR;L9LhAM
zOW54SsH=<FuPwOBoLD&45=+@<{>q{9hOO>v-3dpt(2{ke#QZUiZl;U~WEI|RXauK}
zVR~bhCgA7;`Y{T6o=ez*t<-u<Zd*$EZ?dCBpH~D%G@wNJH+{vfq*N+DF>WF)%!O=o
zHFDdqO8(;YVBijqG7z{)|2x3WB5S_dr_-6xvcP)SZDQSulyGYlQ8U8f{yX3qyqX;a
z$wIkF()I6ioB{?nAXS;4pPwxm@QpTpL8Rpf?!r(|?Qy}|tMtCe)H&=|&dd%BdC!Po
zw$EL&#-GmDYozQ0YqyILxA}kbUz49Ht%i8(ZeriW7X7W^rbu%NX^~~>#DiCn!hM0y
z-|IP*_yS!1t+?=(=D?7ASEiIb?OJ;dc7Eng@#&3TRxwKx=Z~RLzljkgKd|a9<^16e
z!9jU~LodxHon~*B5&4mZ4$PTIzsR6YB#nv5<Aox1E_&wvA^up|QX8s$)N<a`dUr;P
z*ehg*K|$fj^{0^8?e2PNA*@gi(5?QW@SbLZr`PvNM}n^?baeJ>rXrG8ox@8=p%rwJ
zovQTu+m|bknb1{3zIY<9;v5Mh^G`$bf_Y2{8M--{zj^;QDidqRcO0IOiSzgaWE3oF
z347u#*kmZFEJ?Gg51!}DZWt-*w!8wjM?Sh?V2`UfZbqoN$zW*aiLpjYF}N=XI7%x5
z{q{kOn4|I^a{J-_4HT!qUK4IKrTXJlqrI3f;ByQN9n3dlFC_gaEg%b0DIUk-PbRHI
zJsUnWs66uJ#iBl|>{r)d*9ZwKrwdYgWIE-PVt`XGvgeJ8IQ_t~xR5m(KXpa4Tg1ab
zcc`_dGa6=K(i~6FVl@f|Pqh!hzgFF5Zs~!t9>3qt<%B=-vU-{`CNnMrtXN?1A{%5>
zZY`jw&R`iUe)0}XnXNYh8>0GKK=prA)RYENu(msU1-$0+bkZXDD96s|RBLb9STdiY
zh502wJ$N`fP{QLEH0x?$0_(&P6-fg5l!h<q2uo-T<D^fWzkuW@FU{fH;2?MW3AC8J
zKzw3?_isF!X0p=9dLoPr6hp~n#(iOIspSqhyjq15hVJ6;!U@0Z`Vtb$KcpBGD?cR^
zUcBVLO$UxmgBo2uzg@Zg6L)gGOb3e#hlJ#G-#_<8$qNJQ8c4shVa1Ne8=>#9p7Rjs
z&F+h=Z6vbEhmUP|l+|Z3)JiYua1NK;_4>XU5JNi$9$3N-O0c9;dr_Dkg^_qwkns%$
zxwsQ!D~InHrN@4>zk=AX%JIs#W%%Td?*!0RSrdGB3a(Hg?j1e0oC!*Zf2XJC?Q?&e
z(LjtjLdLg9Gj1qUQo=?CC(bPMiVN&9oYib|e2ZI##U<LT{hvLW=XC+98ZqIo<cghd
zoE@VV_4PI^1FuYXD~5Vm8Ijr+I#pS#NINVjA9WO&+A?3w{GhxL%xu-h3x`maYr=7D
zAX2mn%%3{C6#o5F8AdA;p*1L_?=I11{<?0%MBH!Z%%a{nIyQQ7&<*&ZoY9Nuc2(YS
zc*dxUEs0tGT-i^?S{T{w@yRNOp{JDYE8VH>itE*#nR%uM=Xqjx;OKr)G@)+?PeRcK
z*WsP5?mw}uuEVZ}3_{#Jh9eXN%+B0;8D-*gK4%nfE%R>Kw^@{-$H!$A6w3pY<L{3&
zFWOr5T!^jxAK#qx$_V~gg5-YBJdvv;9nIr%_2cSo(C`nA^8RBSyJ1!$C$XU*9ZYv}
zjt(a5f79$UWMifh&UyQni45_k#4*AW(NbR7r*d80qSlM9tWsCgOXgk4&C^W&&v=0*
zo+w3e9GkrZEq_nYxYbR#5j;tlD0Vpf3h7xD<z-(E2Vz`_V%+GH=2}f?$Q|6dpy6PV
z>m#E(HJ~6@6Yt^|g1wylk}ApMI;C4vd?QM0nRF!{1+KBv9}B;>E=SMB(^_6a$FrHL
zak}SzI}q?b=q!;kFkdI3U7(iRf|FKB6N|R)$|!PlsM%%v_bpD;sDI)%DkbLi@@)))
zbAEGX-s6q6_TDGQacX|WUcLxX{@$RRGZXL+>CZ;}pu_vkROc=q#fUdp^dZPQ!I(0+
zH}>lHbcma$@j)gVPt>wgqOqPSe%zLEY`&r=#By@2$#PI{Nghqbl;8Mo&5n@E;NJe>
z>S`j;F^ol%3h$ojJC2)b4eUoBU?-z0Dwe8@4G!(K3699Q<c_pe%F{7J`x|m0+}i|+
zX3Vs)e~w+$armKQ^iqXmOuU=U9~0`6TCAKjb6wqbi=HQm^`zz{`MQ^i8Ndds&{+4(
z(tnDqpTMC=3>=XHIJ?@`F9EgxX779b$Dng=bw&DXbndM1`r>k%11Lz5W=cJLUfcS0
zUB3!;^%YlmKi{}f8ObYFHH(>Ks|mhOe@rPPOlnJpR?m5#zNp0mcFp{}|Lecl-2qXm
zzy3hC(i|`2&m_^l%CWD}Ju7i>P*yByzW=l)9M}|rGd+#?WMExc{LI+xAjXywHmkn2
z#$WJyZho)?l|4u_A)<<NRYfs0f2NVhecau!_o_R`EogjU($6FJD1-2z?MT1<f0TIo
zs+gy$^B$eSlZ6#TpC`EcyI;j~sorJl9FR|RO$KYhuP=^o-{8JP|CX&b^enD=V+WH)
z0Gvz#8-wQo%)p}%7;qqef3wxvEPS$MD=ZsF&?mFc!r5l!!F$KIgo!aZDy!++&f<ir
zv5=2%Z-@t=opEUB_+i;!{H0Rk&F6LgYIUl{-W!UFqfOgt5I*anfMGB{rx`mU7V~V9
zlxW@LqTd+-_%I@qAAh*dF>g0%T-^IsUS`?6e|O_iQfb01%D3NOF>E=b`txPN_=$s+
zqc`pjfn0*fpbtUw)9>s9JQrA0$M33twcBZ*#-lqU^L+CmZYoX*MwH2PnB@0LKK<ED
zezf_NA7Z3FoE;M~m48phIctX=>{=ag97hcsK$V9@7N0U#9SrKL<D%z6HB^66Bh52p
z_FJJoef@{*))q5N?wWjH+_-;vz;}|+Z5O=DdI&(M(H$O}-1GPfV0CkY`?i<j;<Ea^
zSNF#5ZL1~yM%PE&8Cuj}c=||o-8c^pcwz$8&<nZhm^BD_f~t<}QkJ5E4%Fb^ZIRL9
zL!eZX{4=EUKY_P4Hk)pHYj6MCg^tCu-1`o@a<uvk<<uS-zI-jYzwJwV>@^-(UNg&6
zJ31rnhJtOWB`4LDUpfvgOq*fg$S@23Q`nG!!e-Ehp>4$KvHA0S9m^rwmBitXTLcG{
zjC9ec?!Osg4#&aSn{NRH`KFrTsu!r+5j(Bm+E@L4duE{~vzRr(k9;Kgg5l*-0`Ct6
zj_Zbqw4bX}$ciWl_l4Te>CyxPG3bzz29||Z%|aImDhZO+sh=S!^>=;j^Q2vX{R8yh
z{%Qst{09};s*`~T%zv5FM&OEVNJ<t0J2$RG>0Mt11<NqZ(kOt~3Cj(>oLU3?c;lyl
z1V%*vso?Cp5(9~4CEpI?{7(KF?(elWx_JT<k>Lrs<FO9bnw;J#f?v_2%Lt7s<yCid
z$V^K1dxs2kKLH-;s)eDYuitW>p}Rs2WTe06)BN_xfo-`1ZPf$otAc+&uY>-pAAn8^
z$Wr#`qa(XAFn#z~Zmg;H012beSw|c!x7)q;98L+Cw=a!a&UX8KphYT<@~JFOOB}hP
z_1B(E!t4fKeop0q9ShsN4lHe}p+Bv>6#Tn9=Y)R`8aX%c3N|y_0M1<?f{qe-4wyiz
zho^#FLiF=M?L&bxS1nW<cYr7irC#PdZ}(V4xK(E#y{x$)7u#Gn4Zh~+IfC|#n@w=(
zh}en*V?~Jmo`qBnzu(QGUf<&R0%NZNd%pQM)XS8PJ-s4_38~8RKY{#}C=t?)#nBya
zvPENpQ9~69tSNix6}Ba!B9#Wu$A?IVE3o9~Iu;0?e5?oicKG!Z`6<?||4!_wnS}rD
zGEW?)(Cu&Cr@<~D<Qm!_|FzcR*FfMq&KY9uy1WuU{_C0D?GFF2@ZyPjX*!3{()L#`
z>mno3yzl3U!Isv9So_BCsn8HzBekw&k%8NtIk}U4lCBJ_Sm<KTHma$|uEhW7y#jeK
zekl|A6&treXvWQ$VF}L}%9dc(OX9w(tlvdOjX_=YMRq@_Ovt~waOD&WSHzEut-fWJ
zUlUS$2pz0{r^_KLPbX8Hed~i5w&_8h_{8whT|c0&CAo6`_NkD?t|F4zSKaco<mzj&
zpoJMvC~0`jeNa*{-IOA4l<INIT5fRgzc}`L;IFFgsjHm!!VdT>BgYV_XTFuq%EgY>
z$~%YV9QL<UZ!XQVIPBh1WdCOCKUK<D_u;k9_xaMycKQwwU0F9;|8F_&^@^_~vopV5
zr`%fYi$#LQx$<1{n;N0=9VF$K_)t}3@oDf9QxRC*XpNErQP~i2&7=B%4T)q8uyV3G
z!5G`{qrjj$xyZam<we?GYYCA26o0q>)E=W4+CVjz8BSgjN1AIwu`H)^o`8}j3m-9x
z8ZD@&Q$YZ+glXzoeg7NCIi)cdt^JEbTVI`1iw5nM^+SyL7v&Dko!Ofb8V;wF2vu&!
zV%5x+S{R!V=LBs|j+9o}3k?qRn7G{)a>58;?2S&Y#7ECeb&Wj>&*pNt_jnRw7uIu{
zPCOrcbhfwQD@fb^#>0QlNa>2&9j=HR5lFiA1mU+X9?KJlsl2m(ac$FYmox?0c71iO
zL!dW^m$D;7(vqx#?fEVeO}EXgP)HN1IEBvFqNDu*kNsuh(>CoaYhN|gAw-}l$%C*G
zzo436vN<QWdT54W{-9i;t8>N3EjYR{CgTY(_hmZ7o5-#vDiE0I26=G(RxVVgtcKFU
zY71brg8w-(u>9%c-x)*Cnq2)^EhfN&vK-LBjva{t+Izcg*FYE#5VhCzKd}J_{d8|6
z4w-S}g$tcBGR40DF$*1NqLc^N8wh_SwZg^Ed$)g<zd7oybm$|3Z!ZTY9;7C<_ZDY=
z)A{IJVx4fc8Jjj(Y7ILltZ(q^r=$=6xHFHzB&v6tPCI+1w#V0)A6zJe=pv>(Ts1Y6
zL4Rho<VU_i=KD-o%D)cD#c!s)y4}+%kKW<y&z!1bnb0cT9ZzB9AES4>Tb&E@TN^sJ
zRatA^tuqKLLz<6z#ALL|(T#p08beWk3qL2Vo;p=9J{c_F6Bu7A!ai8%wQsq#7^Qyg
zBaI@MI>8Ge9N00!t<(rbVMXpn(CKs2$Vy#i$1kbL>TJ&7DOjy%gxdSl5KbJMvlRG@
zq~A*Kz}_N>FKs=~-=b8+A^p_~zU$x1Jxbj6VOt=1Oz<OU3$p|CdS!iSKA0qHL?oBl
zw2y#|%^|b;yUcd?733Q-I5-IMU7HDf$!~W4`opAsO#jM7mbm5v5?wI-7=INm{NnQm
z%RzC5fG?(*H+dHQ(WquUZ>(1+tr{5gH!#Uy0ZqPkq~l9<syVaQwwaXjisNAAtRfro
z)`R5|8N8a(KrxdJ1DN9C&)`bt%Mp9^Fe6$H{GTmI>4j)R6Ks2QMvgn@$D;Q)6!Tat
z9_Ypdz)s&35Gb%>GX7su!gIVT?+WhN%BN0uvx?T^3glqlsozU9edwGQmrwAKqx}_!
z*}A&Bj?L_R9z_8zzc<ohVuI>_sxvWhCnU#O{StBbI!YTe=4$g7SqGQ!^@%Iwf1WcF
z=;@5Ws?bZO57Ss?ZgY&cJ2<VUQ`1sGmJmGo6&xY=If)TvIPf7VRi}pR_H7d{$G7O~
z+AlZgU^#ST?fTERLUn`~qb?890;ltDcEvXGL>{N#XZ6iCBb~-3p7~7mJF^Jk+aA=n
zXJ9we-;yTirqVZBiliv#&1curU5)J)e<2*C6*lb44M#nYS>HK4gQ<i^^VOU!_JuKh
zdgVB^#S-$!uWB{EC|iE7!YQRZM*2|eJyxH)XpfAF-t$AHXdq)gE_H-@S=~Ut6-y%h
z&qsqDi!s(wX%c8~N`CROR&Stbw!0`mf3Zc*4t_K<djT-Kyq4d#l*nTN9IXwubv?J>
z*9F4fLT2ZtKpaB3`N*L==k22{K4v>cQ6J}6^u0@B8FdzDrK}~1Iew3!txb-gyS$Lo
zqpd5Xm|Kw{`S(Bs`K#N9APgVz)4c!X5LEU$+tzrVF0^)nUM27xr}?+?OnUs@A1Eja
zdqH7$i@?cSz~H=Qy&TZ`*_$tYE+)5j^WgrgLQ-kttib;l7y#V?73XXA>S>Fb{{NR6
zkk&v!yUjAXgJknjsc$milMkk@O?{I*N>1P>4VWb3uFZ`QM6x7X265$--&3=_1({<+
zQQcfJZZQ{s1b$$2e$o{rcB;>8V)$;fUFE_ZeB*k_n*E{G3VL{36!yB`3>kd<KEDow
zRy_+p<{RzIl<pd*h{!TV;LnK0`K@eapp-(^Q9jd?jeW##BCx^cj-Aa$-Gvk!_x4Vg
zDf3rc_I)p%FxOg363yRWU9XzrP-_}MCV!ZH>dkqFfW70JYXC$>9|jaT%XGkX1I@P;
z*C1KFrOIAw9Z;0m`G^*H(c7hF&7jJwC!`GgMz9G7F_T`NqhnOxf<R<|2QB1dbcM^~
zTiqA=Zw`l`*%V;rHZO)TJUXkG>7Iz-qg-<;s=ARE2h7PKib)^O3GU=>m@l<sFPsLI
z1qSbFO7yQ;UXV18s#F>)P49fvz_gJWwd883TqFue>m%<eowv14gv;&l$P9dot%oXc
z?kCg1LT`2^^QjV>!udbMI=3Yok{nV{lTQz9zA6Ga!bnodduD`?!nPk$>|Nt$*@(*E
zQlN^`q`7723%Al$69j$H8L>yH$jJAZ9A4wBXG>9+UYGFn)9_5^fLltX4OA2!@nK(6
zO;})KNwzy6URsVED2>F>F|ckOi6R*P!R5w6n6cJmgXVin)?qWVjP?@$x^N4OUM1{;
zTqw>cG9N&~ou_XQGK&Wcye*%48Gzcj&$M=5?AZ-%p2)g9JIYO1Q-oTqew<=9H_N1@
z8u~VmH3{cvg{4jvh&j$-jv!g2PnxyP5H?ow7Ogz7D2K0z3~TNqS;i_d`^gh%C%wvx
zmY*Dhgiy&LV^q&B*Y7~*Kxd+S5s(JTZdL|1g0*sq-^;q~jCPWyU<$_VwiY$Z6myuE
zDVWIQMvrJ7s0Y6*<m+2r&!;nuU113tSv4!l(Zk*x{tBfuG-*1He_xmf;U6Agy@MXS
zF<M!HJV>wAft(s(&N%Uk51QjpR6EE0K=#dFGJn4w6Ybh_A_Cq*tiFIbzMvkfkEORf
z80(2sB-nr)y{K<`M{0*U%4-dSp}(^|j;`VVJx=VfW8O&JT9BS!{mIlVAV+{sQ{f0B
zV9g&m11M1ARsHHA=tiu(1%&^K@tpT!EMEh<w}dwoIW8aFJ9{I)e2RmX!2iv4^RYrr
zXMM=xrH5vq$}~=`SY!o+!S;?OjV3VGcSvFuojb{6$4~b=Roha&G$#I>{*kl*xjc<M
z2X?--QX}G0f#0^2ZicxXEh+|^nErRuEk$>^{)a`C9yZ1Lt6c{_!@>~TrEA+%w)o@=
z@$Wu~c8v+rLNIeSqw$s@19LKPGCp3RW_mu@^0J*Ca?l$nqi;;Z1HW&QBS`ti<q4mh
z@KQo6+1r8iAxLQ7FI+P+0tzj{j+wvMu~qCFegx7M6C?&!xuS@WqVfuD1p=~h#>pX%
z^Y*6|O6oK4Ch{ziPn0ruNJa(86XhjhIXX?*w%S&8GnDAG>xd(A-c@`i;lVFc5SEiC
z3m5$|F`Sp2{SU%jJ;uE^DgJgjqR(M<tkD{*n~Ff$AfnH+k!6BU2>1ebcaY2IcH3T_
z_(S_jg$L{I0VUC8z$AfjbHJSOqWwECUh2ktoagWkU|?cQys0??y?CO;fVZqomuPrA
zTRv}|ZQRJN>BpIH;tv|Kd+Z<l4b%>qvap4a#A8h$J-ke>S&w|pKA+=Hz7DM!k};(j
zWNY@he6%s)&QoSyO)7rPfr>`{E3ea%oS9!6JfjKZ!vi|Fu5c~%PE4ZiAMpG$3%jU(
zNC1Ki!-?FqH(`qwtM$>8jZfhn*TIUp8}p7oG9x*)HPK%T=ZyHGyUOk&7L}J}+Sa8#
z7$>$mQR2oY>9n%}AEmbE8y1P2_vOt3PcX$r^{sgA-t4`&|FF@*^OqlvY<-+GtlTgU
zJ1m)+@K~Ru__&|!iLE)R#Y<_(K0=xJ27$L2DJ3<l4VtlFf_MfN7%t>~Be!Ww!ywtK
zynSBUj`t(dkOb^q+%j!m63#)G-Yl<mIXNM`@1{e8N8+p8X~qV35!nwV72?a{cps2g
z>0iTPTqKyuplJF}#Sv{4ljRqP)CIQO5#q2_PwM(!_UfT2A*pA?s}pLDj=zu16%^Q)
zLGxQtxzWe)$LmP21-X17D;gZu2EKUyN;iw-^aW0ZG#cd`l-LKX&Fv$oeq{B(3gW6#
zxSIgdHzmU5ALRB##SWVSA%Q-a{;Q=G6)Z1hXx~=Pxyz;@?5`THJFfmV{a!h~&(g8^
zIkH#mivO6x7{aWy%ra|b&Zfn#pX;Z3hqeM0YVHN5`mf){uXY4<vv6mQXH-fBykk^h
zmwIM*i-FQn;%?MZ(jh5C$sF+IcHbD_<<s5+d>)l106V6`E=nc1rz(E{dA#2}-PmW_
zY2qPtuqwh9S_SLEzHZ&*@*GS#3cT4y(H^fdJIET!u;@(w9Eg*v-h65Mux(#@|0BcR
zB7|*pP@;1X-sH~Un8?debgds_f$39CTF1|^0h@A(F&)#6_mWNmIyryRDpgKpb#27N
z%;0y@F!qW9BP=;eCDJFO*d-JH*?eTH#^7<Ql?{4CZ?2g41nkU@A>3b4r7?Z3Jd}P@
zPIGbC(2X^F8u}FkQ+Yh&)Dp7C7x4joS8*EyekG<#(&YO#Hh~zf1w@*<)wm_mZC8Oi
z<c*6;=tV`v4sPwsa4q3kMZntF6N>v?FQ*du=YLK<V0K#6rBRTuunh#oe}BJ!hdk_f
z^)Wkkl3h;=@!LirjbsFk;edLQx|U@MtAAI78MXbvYA74EC)C|&M{ba^r+?&j$RwKo
z$sJxJs*G)F*fA&91-G2%`C(vf6Y-KhaP7}Z4_rj6Rr-C?({3rS@S&F%-HhygtL<GJ
z6T$Jnze`OFehp}qe#z*)!iEEgpc+81mJ<r%uSV(t7+@l(z{LFQ);?4w_OrPH5v2ug
z8Gl!I|CM*c?V0>FL0f&<88?43a@D#O+t;r<IC|uc*R&EuPrrh=4mG5&D+SFIGR7>2
z<PwYMrmz}?sFI&nyM5Cq#zfi{9>zKwj&H7t*y=Gb$BZF`?P{2*{onpP4`SwXeD~0z
zH+GS4agPgAt=KPW>{723?;J7d(F<-3Z3kkg4oASn_RJpO-TJtE4Ux6JyiBw8bZ)aw
zygyB{OJrQ^Pr;zH^P8LDm7|u!1Rqx2^Cz3uI3f%Fn`W9$&&ZPntD;FFL~w*CLbV~O
z-ezF&LQ{upRV<#BGg7p+#vu4mwul!ezZfm*?KI@|Us0&AHdUJ<c22_d;~v_<5ZXzp
z4vGG}l2$XPi{;uzOLToE3q?*>*%eW;6f4T?ng3)-%X#Tw!gO=*k6eSMv%w(8ANcon
z@T!K_z&C_q^pAP^spZA2V4SP(JWXal+MtQp*(>BxuLEt+MP|yV3C9`%c{=9(jqP@a
zqr=%x{1DA)@cr*x>t}cNr~>^j>>V9{{n`2c+N7YK<%CHV!4G3y%8oLG5I(w;@pCAf
zVYsnN{VP9oJLJF^{&}V!e_-pu8NJ2H-V}HMs(kLnwT^d%(661`^=IOk5J&136Zvje
zyUdNi=ZnyM=0m^sOT6sAq{X?rn~mQN<j5fjN@E&97OeB$Kiz$qM{Aj6PP`Q0cmo6c
zisd~D6tb4hm7ckpijs@=Zf?l1r+#C)m^K^{&z<Xih5ZBd)&(c%E=&9IqbsNNuQzlm
z7D16g|HyyJoEjg>F43wp<euj=44*9)6xESF^X~c0Z=NJ0#KJTOtWS+$xJsj}^;B1@
zvG>u%qDq5sHwRivdId$R-IMp;F0pA+T=*qh7%n9AgNKS%8C=oWe!+O6qn!tF^2fRS
z`DHhUtg$i+j~wAG0d|S&f%#5#X+kHpt-f5<C>)dWu}44_V?Ohfki@uy5OM?S*#ZLL
zXGZSg`7Od(-$W`4`Z1p=jgE&E;Y|b(yWty3DPzL2U4})W0i*T5-Y9)h?9zX_HQIj@
z_uaKS;CJYiV-dSN#58i}>#{4s&A%2#)ERV#B9G>(qfU5wa_v4TRXSvg`t9B0aYiP3
zgt5$q9pFPPB*wWo4?DDJx3fL^Xm#3q>K;?g&&3tZru(WrAump5W*XMe;|XgCaYs`5
zk49FObT$sSTd*dwfVFRdb7LsoTVOq8qx&;6_|y>S%#_~+);plAobKHDgH&aqpj0R&
zX3QUYb~bWj-N(;>u5i-Y{78=#_jbFE^*GDi@<>%Q!O%cY{4Q=T`kdcd*@I_ibFiBv
zdl9`)4S8@Jx5?Zj5R0ovI&Gl;C!LX-!_^XQ>BMg@B#Ma>)7Ul7h|@Xb6;#5BPL+3+
zv%D^0K#&;<>8vu&(YD`Ru$G_g_|L_;A~ta$8hQTOR-AA#JzV`J*-M5sgO~(235Twm
z(*}n9Gq^HE$zr@}8@wBbI0ERyl8_qD+tly8{B4w40xE-=Eg_c30@lPEC%R|9q^4LM
z7<U?YswWt895vyKpS?<Ed*aF+Ap;1V4BZOGzUhn?Zm#fP>{{ui4Us2HAz&_6zA|Z`
z2+@yJn-aC0!ZYwXC=0;o_8kS{m`ZTMM+xWqEb@xN3`H=NNzC?_yuqY|6L%m)5odbm
zbFR?I+8t0Zd}KeN(q{o3(=teieJ}bbU*m#q$|Yo8BS~Oe#h55;om_}sC$l+6EkK8#
zw0)<Fi^EmtS19R>1aC|<T7fS`%7v6bM`&AYN;g5Rm0XkcycdyzEr1x(PH4@%Lr#%W
zt+B_OnaadnpFh%60Wwa_*6^wH9LM<*1hy#-$Iwk?QE~5SiQ4ZBWV#2vfd-iJ{tMlC
zp@5|u1jWo95cg-k0{uIEF#sepV+v@_9BBtIL!(M#sRbDBM44M*XLN!V$j!(#q$Ru1
zS<PgH5-hqP?W<7=`8WyJc$wXU4M4qeH*+0+@d9`!^8hYg>)t`SH-xXI8Jm0zK`<8;
zvry>wsh2RMiUQH*ZFp^>UXrF#IF*E*zSs>%U{KogpgFE_p#aK-BZDMlu*PQXF9>r9
zxffID-6WrZoPF1e;fS}(lyG7`iEzbl=i)5h2wT_1DTxp*XeOM>#chtj2cCImGoAhu
zish$~)EQa&Vt<j7<7RhNBTS?d#%^?ow0g};PM#}hggvY>^Z^_Z9eX<mFuX73$+(e?
zF6R=z^fvXn4g+hDaLQd!^&aO@Z~7*mLQl~BLb-qNqh(V-A?>F*UI)=T`ZOJ@&(~Jt
z@7ua1C(9aKQ9Hcf&Y>?8ePy~cUmAP{7yXBry$NX*?@_gVjBb+xy30J~{ATTfe<W?6
zI&&zQ=8Huv3nR+JDGiGBf3nt2&RH)kE;no+NJ3@_AE@IPa^pEW`n;M*9l#vU;{N+?
znU#~@ZnUyQzm;&B&DM|n{j!gHIksg^pE*va^(lR-bC>}x&0H)%vV<ef26b+^4Rjz1
z%pa?g?pzCw)#X!cQv7H7s-42orU#sjUh+b6Jl}vtk>O`kzV4d8e^UDb9o{6riLc?o
z@%u;@Lm$@EoZwp8(y~j>|1qoMyD7v9LfMtYThS^A0#>KH?kJ>VsFO)CBQ&u0Cx7=r
zu9~m_$1$+Ed9em~)5c2zb*pzUoW0I70hXg8yzZ_Az=~$UZ2qU(fa_Md)sgXxlO7~G
z!IoZedF1M(S1Tiw=4V;)B4Ll4eTQ*u%CaZh=D|JjRd@&%mUN>?gx~Gz$vtRSNLw=F
z&>aN3IO+9twg(AhW#nx<x$dnq4@#WbUnD{gKJOieZl5UImxtu#fP{=ql_#TF6ed8+
ztCdW$(b!?U?H@irr^V?<4-!5<Lt~*A$$&2n<iOY>W9jilcIGqCS=9TFrkD>1u$>Rz
ztCCe~vSln2e-q>H{Mf{lNTW1+l^qN0eAzeYsCJ`Dh<?cUT1(w8>iF&Pkju!s*WQjD
zT%%TfKYuWv40L`n4=Q;kSj9R&h7jefuXX*9>jIH0`T<1(Q3<*(ybJcQ{`nR-?gm%o
zf$2*vAMKcjCN6_4>}R|x-Tz6;VFTGW+*$FiXM=0!<=$<!X;Bs(h&|tFl%&%4%tn?D
z`R{h^WJ!0VwYRyUJk09<y6D%Qm$2>sRjtbip?{nB1|}f!z(C0V1c2I`9CHETkQOk6
zVR8c#Y(AWGK@D|$OC$}73N&Krd-(%k3f-)8gPfkxOn!p%UU61ZA!NvAf3P*s8wWIH
zmW6_oo&&ORf@JBx4cG<|o0Qa4naJ}ow)|4cQ`Bqz(87hTSvFZkTwZJ2p@u(KVR)E<
zqR~O0@~_I5p?dmP$<!};&xru#(T7e^i{4Y)satW~0k0NM@FfQ6Az<bVbSI7o0E_ib
z=ea-w{?$2hF5ru}rUO?s2%d<y#C;OfHjR4nd0SEw^k!COp7qMOUwIL6QM+iKfL*{F
z5b3z*pZwcF0@W)w&l02;$Yo*k*Lq7Srh~wpHUNdCkD8&am*8S|{WeIP4!F$&PmBVQ
z0vjG-A+__snc)kNGwAsiu_%H7&`Y<sjlI%xbzI`?y`t=`??3-muOn&%ilc*g{hD>B
z{MFPJpFyN>c9|@Bh&@Z-%b7c1WmC}j^}pbmDUjGsJWfIitSdGCSNL*Q98R5)aV#Q3
ze@678lUo>c7}@B}Hf((zd+(n1*+Ti+tJ&c<7Q(NKGH$C+RqhyP^>c-hWjNtF`ENgV
z^rNpUW1v`vUC2`J8O1Jc#pN@^ze9{WA0%S73hUSUdk-pvf%DhA{%x}W2pm`dcX$(z
z(>Q)?1uL{Zp8a^ta>R&w=%)aaHT9kDEG+DsQEhIQ`t}HCanGA5xa>rvuGy*dP(%C}
z8j59FqN!Y@WC3%4T06i1OI9wuj3@MSmfTYKE()DQNt|VXdi(7*-rb;h6GH@nB9!Pu
z7U_xW``)IOSXQs%wK6Wg+Xb#}ZL<ds?f|j3(YR;oQiHGhxyUQdk_a}QzX?qG-fBSi
zVYR+_C1Oo1+|bmq^!UKK`d*$DPu4y6rB(p=R{WC%#qKW^v6ixfx2^RJ&S~Jhf9F4I
zT0CT$TGJ@P*H-A3T_d>@+Zo>j?3db=U<Yeyd&~pTM@OFsl-7J8JMpNAQoTW)ySymW
zOYxXj+$<M%+f(!>#H~e3=(CC6P9on=sFI&&20>G`e%vw;K~ormC3)ZNGDCuR@`KvN
z1Oq+R-a(*lHi?9Xaw&K-1uLn1Tc$X%yq_5Y=1rF96cOFeUDO4pz3<lMM@d<ZMbP!%
zURLvpIpL&}HNFhmi%pu99pMSYa_+G<?u-{|BtJEf>f$-lwaqile)uc7ZTmq6`3fiB
zvI+j}X{vXG$*Sq~;P>%|yHb?>A7bw?GBk)IQww#;TTEAxKDJZXl{^x~@E@KC$GDKk
zMl`s55mpY;9JT*}?qGaQ@PFL3hY}YOQ<MY<Vk2LVSDpyo#BP&WnY#)YHO>S;cY%C?
zyO?Gl{~%-r>tMZLT#@?zbv~n8-UKwyDYb@O7la%`pWd|hr+ilYQQQs-V%-?xoa`Z?
zQ>z5?0#jDk>0dC}&`i0<IIBon1mit-{;lF!aYP<rCqBuml|)NQTt%)6hIf_bf(=}7
zza_HbTKpUTXiWljRKTm*;r5rUF(9zL?Epf0D1du&I(z<)W9l&nKYqoZNP6u?+fN<r
za^908KKP37(^n)vSjBJ~l!n%T*!6#{GSO|>JV4?)*+z1N<B!<|G<$wS!GBqR?4eBz
zK{keWnQ%wHa=ll@df1|`?GmB7nS6}IykBm=HSNs@>vPBk+RJZ@4veC>uquKHm}yTa
z=r0Y|LYh7THh!-7d$(tzIE&x-7n#yf*Q2*-9*U5C=%>bAJKPQP0p3ILbMEuTv+K8P
ziOJ_)agJ#q=X`K*<3HRif`pV~QF#>GRTA~cPys{L3_is{5%y2(9`4}Jw+x6KNJai@
z<iIAWlB9Qp;Q`TC>LP=m+_RCJ7{qhQs1(W`nn4WQ<WzTA^$ejPA9!=$?{j`7nJMG`
zuv!+@#EOjYVu|d82WYJkBMjpi_$d$LaP5B^_)y)MM`Rc!S`Cq~SKtNA6%uV|A%vlt
z*+mlkGMx1`=eI3pVXLk<>p@RGxM4*CbFK-akA#EUsS{pNQV)sKKb@Clg>8d4d39!I
zCRN8cp|jeq$UDsp`i<}LidK|#R`eq`>Hch(2XUPbx{<D1s#~nt92IB3Of)Y*Ha0bf
zSGoG?OuFYur(m=f&pX$nLZs9{*<{{e4n66PsmW<M<`VDizAicZ@x0G+G*ot>Jz349
zUjLQ$a%&2d;HE3n5+nKjsS{(IJq#<Eo|DZ;-UDPB9&flgQon%WiKvtKFWX+ZxTRQ%
z-`zWa=&6cJ-FfK}S+&8@ld78<w}@l4?1Ala&I@HzOuphQxyy-zqslYESJ)tnV7G-I
zN9+#IJbI?aI0=#}8-cXBZ(eHPRME8cpDsspsKM^ki!GV=5x&_sTRidq!1AEXB3zp!
zYZdWhEmjEFba{@Z@_zXM{%<SB#5q+@e8uYZqo3cTy(QN$6+{Dvxkz-I$t<a;u@Tj&
z>pJ};7=aYeW=~Ty!AxVHl(Cpv^8OzH&_FN09Zq)`uXK;5M9w3E5fwyJKOb+=x6}Zg
ze~NN2rJ@~IVZ24tB&Q1*<Os>$Y~1)55(Mb2c7H-kd5Tu<EQxa9CxG4HQEHweFh+66
z#K{5@t4rX>bDV*AjR2a#3@CbLs<ayU^zuD{FoY&FUGSTjP9-X+u4V2&(Y!<WPck!?
z%A^*Ao(-${z3@Zn^?If!3d%~r_JT3GOUge^kR@?atu$ebO8Hi$w`Bd;_wu~CT>q%T
ze^FA#$&)*@=uCBPF66odg~!tz0d3F$uU;&M9I$(VA<F0+0Cng28Kh|>^rRB>wx1@K
z(2^os$Z@O_hurG!GasXj8`I9;yZ=M>CS@SSK2&<sM|TO#@Hk3oM<;$B5tip(bceBw
zvT?rpyoMd<KL^KQ2r!yJwwE$E^0P2XM&NGj=fDpbyUj*;h_Z<(XepWszL%MTqILr{
z;gp_fLrjCV@D3hP*^&E%|8I2j%wWL1F^nfYJnoMXy7i7gn!#?A;M^y2F8MJ{N0}c&
zvuO7YMx$}=9RY9Gvp$9}hB@rAMA+UDpfB+>2q-n$x`9KK!7hCpWRPOBMSqbs0K;b~
z3a>f8pFwhh<|6CrIh?`l8K9~;KO!^Ec+mf!i+D2v*PM7Wwwxa_d?o~otB)sp$Ax$8
zT{Q7WP$&_OfFGw(0?)`xUI4>jnz1x2IsBX#EOa(aj`2B4t`N$Pn6^v*_B)2z5g5pq
zfuH&}QB2bp9VtR}7-53z^}&gsVhuUkzc5q_1JDI0zg_%!ZoGSSeDd+)kJGEGvsb6a
zr(ZArJU_jXqJSYA01!u$DAzCw(&-V{84Ly!<>drU5E;Ck*O44gbfW{B!31Ir6kEyg
zGYnMtXfp8=t6zbi8*lpgB<+u(ALrxyVsN1!Mk{ECF63$YsI6FayP$s)C4D?r-gHH4
zem25t(XUDaFc>4?T@#$C6{mT6{0rUmdOc6=44MXG9VrXmu|}H%lw~lW@D=i%gla>y
z5kqBUXs%IAkNAT4sl!yTPl6LGOsQu5pJtxIrYVPk4P%O#6|LtPN-Ra;iQ*nDW)@IE
zyr?MWIDC}qqYO<`jhiuuNiRiVZ-`&ha#cu<oF%koUR0H=#<R&VWdw5^%}kA;0^|ko
zx*KjNC2jYgYb=B2(rY5X*hQ=Dnq{i)0K!x;hZeE89v+M>K^}J6z1Y~qxu1h>0KA`k
z&#KrlYBBUksSG?kFtv(;wN)Q{{mOCwm7bx5)vz$0V)BN<a3IR6s{`l{b8_Uo-(Y?C
zFh`A=-j;y!=9uXVNik~XnaB+D&T~PI7N6zm(NClLi7v1eo7yldeR!bVeRuKd;)rsg
zlyXqp?Hr-M+r4K`e~Pm{CbT~p;=Rvd_VF%C{2&HhAFwg$zNW~r9nP0j2EGEq<<mt+
zdSRmPfo|%0Tekd)fn<x1A>kN6<<7*}ABMBs5ZxjDn~uf9!;#gIMtj3Vj<!*b8;@V@
zT1drWWDB8o(-ak4Tc%{`%)M)z9Wbl^8YK}P!?65}uar9)>TG)dLO0qK_P@{#J&ns1
z-lo!LqXWKzVTLCE$DhQ8j{t!tdc1@%P{;v>&?YwL9m;NF<cGjB1O-pUVXe|;Plf)M
z-j8z&i=|Y+HTvJd&i<~c|2^1W`~R)v(d>VyZydkx{!?rtZavdb1FSBZf|&H5gOd#U
zITV+jdMKVWLpchVkl>B;Jk?EU#t2jOr?<Ux*c<c)y>0DtiZb?jZ*N!oFwJ7iTWKRj
z;mO&nD+cdyr?-7TK=!u}v{HB$=%o&|Qle9Y@Q|&8G8&qNJ5UmaBuYjZ#Ehshfr((L
zcA6P2obhrNp5o5mE+86z4RaBMWlLTnlk-70cF>@S*e*ve3Nl?m-^VacVTOCsx<W!=
z#MWiP)#+$h64@P)g>)mril1FF&U^xMKaOvVh&Aw&g)P(CdT$&7xK#@Vvz8H#+0Z-F
zMfC#Y=$b}O0KGCdquQyaGwYmZZKf~9GSzXHXgk06pMzgv9*h}SJ&KhL{YAyyG~Jyt
zW+cjT+>?=d_$1<4z%8@Pp)5=`NFg!zX0c91$6kODIiyX%6cMctTHnbqLq5RM$qmem
zzNZYd))a+VW??SJQ|wPiU@(1S){ZHMRE*|E)i&niASDU@+GtdxF?0;*awS`~pe)*e
zn5IH1B;YV5;@?Z`0EP8N2tV6Z2r3wuxwh3!MT?YZ?8O^S!03@fCQSJ1itf>f7b%KF
z;4gLWQk%WhXLQWVgD$?uIh>gJ+f|W`FoJ%LvR<C~a2VY>&A!SC_lgD`)=|aB7juJX
zXeQ>KJ3dt9UZ!fFsy!l0x+4{F(dX_@>W(i%!M+l+Z0ua4Hh0fV@u_<7Huxlvh33a&
zgl@^gi4nS;rofwRd%$Bk*WXhAfC4qIs9`Ry4P}9nRd@$)sICvXR-wJ?WL@jRQu*c>
z8D~xRDk2Tr9e3Gx@{Mj4?$Mhx1tX_HCnv&-LaE*Y_HT=(7bwWXd_$fAl8X9Clt&mk
zxD8rXWgbng)WwwAeoF<YzYc03RRcm9*rX8`DMV3~qtM~6CC;5rX=%OiUk9Gy-y(+1
zE5(P|hTuG#208fs>Wy*Or22u)S?(90@Pt0<_kY4ilypek*eS7L9@8qFD2HVODo6cY
zHihTM*MNG)Q~Shd7zH3ep}7poG<)Xh=`Pm0{r}ke_vJ=zt5Fo+fAcBuqsO15`H9qR
zq{&t?`L--+Y$Y=ql_cA7Z0`)%4U({$jShg8hIVr5dyP}|?W*%E=TY(`r?7Bopf6;T
zx_CTcS1KN{8w<b!ux?nFd_Z_gBoTkp@p)xhVU><o?LpW~(SM6*%**hsda?*SBm0H$
zYK~U84$iLmnx-*=<Q9@4I>{0;A*n<#jF?Cg6=7>l8{3UFYJ+3{qyEvw#n+c_%4pC#
zq*aR=p?*epcD?2=<IHA@b!r!N{#ws$HlJEnZDzrObT#U_8o!<_JFlIYez!o>0*%cy
zy2XV5-A!{(^31URO>jzwL`d}yJX)aMTltw||J&c$Dd+#*e(_>wW&eAMXTC+xZiBww
z23>b9>CibO+Hc;Ponp00>l``Elf)(uY8Q~DTIdKY@Xqh`dL5k6ZwMEZrH5#MWi;Np
z-Ra!WG}eAoe#l7?aN>IY=RbRPl)`)gGQN%gxFiX|g7nXw=ns^u5)83`H&(MhR_~x&
z^ZvdrSvLNnh|E-d6j2%4aSCp$u7Wh(*X)L*ffrJk#`}COGSw5OLhDe4y9&#KFcJhF
zEP83un7Nkv0Yl6o>h5%%qfF>P<~N@=7-apt^y->js$`-_CgAJU=Okl-O2((=cCz*>
ziAUjuT%&Us3Z20A4}MpD1#TZT?~KpmC1dh6O^CK;RQ$rq4rrCvI7!&u1*f+(AtQ1s
zBAmcBDf_A+?HQ*(i|gJB5=Cs1U2ry}2{|m?X=<OS%RH5ILX4Yk@JW;38#3N)==&c_
zzs8(p<uBE8AH8|g@ex&VWka>WE@l{6eu#Dgmp0_Nwe4@erNOJJTbzUPqU0Lq!};Bp
zJ{ao~cfr}9ggNq|IExN?ohw<LGg+h4ntG_NbZ|lvJiQ_jOJkvC9(<$7M9#_em=iH(
zNqmS7!ViGf2;qIO6TDZe&2s7B?}r<TaLVHP&Yl0>r+}2*2SSQ*HvAM&GJBuw&O(Wg
zuLifuuJMoTmVfU><)8jhLWOCG{_uyj(|51e%5<#i4jF!+y)Vu*f2ZjPIX+Y4f&zlh
zfa5gM(IoEMs)L-hmg6)|$SK#}c-94G?N4lg9N+Kv`)f@AW(Z(H;*lC~wP85WSEy?~
zt?Q&R&R3}WAOGPEQ;Qz6##rx?GiUThqN=(X8QzR=mL*fv>nTBn@SdPCLA~CP@rd*y
zmJSmdNr8I35yuhf=`Dx$wo$Kl`|1Vi-5@Zg9d2!ns2t}5C4_D%b_x=x*m6s^r34Lw
zD($88!$Xf~*|Dg<iiK(NdNO+#4UGp;!@gZ=m2{AOgWsNWOTNQY3b+}C@9R#E#i5pf
zAsW8d8&Z<QJz@OxUkQn2F8bLR3-apKl|3G)m!c@mM&<^n@FP3Xu-FhCvq`4@9is~t
zi(<>(e-y@7ZT=9<hwb`T2t&PIaS7oAhb{F=(N3x)yH~nqjvlKUCC)O>{@15$O96Wo
zB`l9qEa@%jWh2z<8AAQ)U|STUHn;M&Ll})W=7(LnQfI%?>dha;{T8qUzwH{nvJMg-
z!%9Vj%bqa={c5Ld&KT}_%zWreo-<%vX+&O?fYq*F@XegnizaH!n&RS&qFzrmc(vp0
zR{hBwIQr9Lpu~^D6wJC-g#mA|=1EeeJ@OEI+<^Lz|0n~0IM_3U1J@VG1NV~x46F+K
zZ^kxDTds8Y;`H5X?-xH3uPmU?vB~r#nPg?%**Z-hg8aQ8z%iSU835JmEu3Xy%Y4)j
zqFBsp5ff8+IyP|q5dHGc1)!AX5I`wgJNW=deVofN<Md~pj`!wwKyaJ|^jO~(Ub2KN
zXbF8J8|TZ%uyOJ{(QDOHR1nN*;t-+lyU)AYqEuLj{9kVg9~8gb54&H`G^Xk3Q${jN
z$R!!7aattLKvD;x>JFTb5|M*ju~|$FAv8<F%-WcH+nDmpYwlLI)aP&L65&zSe)biC
zHWYgtV|6|ITYqNU{~CwZzbXCm5#v9$cXke{@gIAu{O?clc<~?LehYr=woH-<Bv2b*
z(J&CTXKE_JK2tA*pUVb-``#($?pXa!!hAZYCbS%yAHK4H%g#hFj)q*Pg-1%*rB3@%
z9}iIPP{WDH6IqGjXc%eOTWQ2Wsby&56<B`eqqRI8Gl*ASUe#8kcZE=N`@jXy!PF@}
z!;$|34Jog6zzbWi{CGa%rv?4D0S-&EfO+(P_r-SE|7UN1mH+!mo;LK~hGZ<p0xEGa
z9%V4^Oe*VgFiZ_MIP)9KWC*l~m-D(Q^94FH{H4koivAyoJNUz{^f`-1*oHovD53t>
z;}pddR?On#d|J@|36Y#ek4XOywqLC1|F874q5ozBEJ*+DwyC547NVyI*q>^M|J&m0
znWW!?`pgIC6Mj3YwuImIZF2$EfPDb!?~lCHacKgM?%O6F-LHm!mDZp(K(Iv3i<gk@
zvHO;Bg5(&dQ1r?6in%V&id}B~KDr)L$Q!D7gvhguaY^EScW&(7ES|JPFxU((rK7ag
z6OxwEyn%Kaxn#i6?6Uj=l9asmc-pL?eY`xb1^rhG`Iz>f-4`!kRO~-5U#{r?Q#?9z
zs-~;P;~KIdn7DW)YTC##uz*9xWg$q6?#4t{6h^~5)zM#6Ajo1LdnJQB-eReci}%K8
zL~luIjqtW|SX&O$kj=n5a3-Sx@EQB>@O4p9r(gV4!-Fm$Q9+R1xsH(ATqFf(lj5Mv
zhu~1PWkR}h!-6V7m#wH_0LgD1CiOjMNRL+$cso2Bns4xZh}J(B8(oLp8Rh)iaX*K&
z#zFdwPe-%P;(CDF<yoFXM#%aKyo8JoQN6nrQY?y^nW5W~^Mas%Wxfb&(3&gi6>H>)
z)v{1(6>3+zekG11N(dIxErd=HHmF+*vjh#BbTQO@ynOqio)-L{vs{u#tpB^STh;%z
z_g4J>NuD<PA8ddHwLiUS>Uc7|DOvt>4>fGp`*^16rvd0HSh_`-;pzdk<+v8gBU$^3
z;g<TFW$Dw6d^=x&<X_LqX9vHs@%{Fm7WCiBG>>Kf+uhl(+W%gx>i;~+)0qEJ1UlKm
zDp{Q}rr#N5%l=VA^sl@RXHtDpWHWpg07OCVB|W6Jq~G;!^ex-T1G4~s?B$-DR3F=B
zruI`>g8SS29A-Zmqn|}|YyHNp%yKGDWnn{f2ilFbh14rJ<>X?EA}K^rnJHK1QjGDu
z$SbOZ5__2JjvTT)jqB1#t@!-M{j}i!Hlg+-<$u}U-QGPY^Z)(b75{&d=b`gIyUkK3
z0a%z?1aOJkYeazH%b7BO8>eEVMYFOLVBfSB0}4<^4*1p|?gI(}!2~LuH;DqS)l6C7
z+tO;>Ul=Gx_Q^;CZc44ifdUE3$ph8pogomom3{<?V5O1&yFWAdKPMv!87PZf#>)u+
z^Z5T>+5dlc`{nk^|Nlvz`5fJ?zTFQ#EAt|OE8kf{gItkWDiw3UDY6MZY#S5VtmF^(
zQ_P5FB;*4XK}!9t=jdC4Vg_&Ta0*oqfO4`Fnb;|@sc2*X@Qx-4!U^Os9VkJE2$Gg^
z^+R$_8^?7fZ2F86S76zx8k3lv&Mw5>E#Y)Htt*(&WtmC4--i^g{px*{Mqe-+z>3(^
z^Og)Q?`fKoa#>T8nb-}vD|t?;967viduMxr!mMh|5*-0=7LLSybPN(fGF7;AKO>e#
zGiTDwpo+!Sr9!s8&SESH%-Ut=F6I9(s^~+ZB0w$by3(<g3~AM;8$$_xyDT#5Sq%4d
z`ay((*~|e~0`7ym)v<>Ka!fE{kd%4rIaIIhm&c*u_0YAwq6zjwcs42kOwSI0{o7pg
zc#9VREH4PcNT(8>;7nHtfO6pjc1yhS)vgiTa>JP$5JWy?IE_iHc50XF^92*@L4dpd
zr;K`fHNr)%$sFs3(RFS7y|6Mvw0>sre@(IO&Hd-s|KB~>uh{<&_E-G>DV_!Rzupf=
zNit6W&>vPb?VuXI&;1pj#u6&wEBY`13Pp$1`jL5jS2uV=MNkjF+%t}K+7_I=b6xcO
z9NaD#4<ecac4U-u&68^b6$9Q{V^1h`p_ou>9j%Z;YPt*O{|XesqbyUc!&luf)l+vC
zzwHIFCkx<%mMYA&K#AAUl31zlv^`=>af*2u@%*tDz)0CSyah(Qj+VqoeW&d)l5sX6
za!hjJ1co`-smwowSQ^NX$Y@OBcbS#a9#UY|{|M?q*9yybSgR6nP0=7BhXd`xx|ikT
zt>=(rO3S^f-G?lp5tYdlVR1v^u+-}>O=X1)nNl+MyY!TER<1KWQz92XqA|WDhEx{P
z8#rH-km3WZslaqLEYI5*?_l<u=#C&UW_c3p9{+Up?z|-G)tbB99(0m<sTW-&^iP7N
z)nV4idu|==rn8`Xets%lU7C{&b1fgkNUif~grj;zq9EAn3kCLDPPKQA*?NIKVKoLb
zg!1@js4q%h?Rg_e8wKQNHv4%Y!#}fozB=w%^0C`L4iJ=3v0J1(=VeTZzbsa6wsOAx
zt4Mvufu`Djd#^o;YyRn*GJU1oC)%a0Sh`GbsGd{lwmvt#9kK5Mt#JzA8Y@hhW;GdO
zywdl@;zJF5H&DBJ8|WXd>|@z09V7@f4qbdH5W#c-Jop{tu7FZfDM&KZMdxDc+H908
zPyGw!vRjIe=TEvAk5>%MpKqbd*}2xw(WkAh>k89_8vy${M8g~s+e4=xGN`(RzBgm~
z(L1-2X=<3Vv<GRs(D(WiMQWIDIjJSa6`pF4=r$n~2n+{awM&#CKC?=F8wl1EQOh_D
zrPk!h8Q~^a{i-c$T}zDm{eBHIO^LlS^G<0iv==xo@a{%nqEo`{3ic`0Ssz`290Mt5
zNh;ADXX&Wleg*X8?KGV=4W}`hV183{iAB8_Q4pXSS+0&VRoerNa%{(tm~^()sq4;C
z*IRR&$ErAKvp^K4Df6$5wpU0cjm{AWQ7W(nhtVOZMw*7=ahvE_G?__6y6S%$eJaVM
zM$Uc~P3jK1UfLSlUdhA^yqIfW=x!aS4UeepZ1&-7I-a$yYY%3_(QI=f0|B@3Ocwa7
ztWfi@eGO+I&XoYH<Q#A5OLS1w)4_(5=;r&j_S6NFn|tu?dA2I&E1E2JvSyvGnX>s3
zo?ZUhxg8T|K!CtayThpznhs&11^cqC#YpOsDLLKm+sIb+oj5hibtIrBqqgU0!K~bq
z8Tdbn0*)&S?h`$=_FwCnv-P)#v-Br6xXMWMX#U@OJ1=+2_TSz8Rs7GBJVs+>>7UpD
zsb%&;caIfIhX~)IrqnOL%rM|M=Pz&D)EIEAYS%5UY=Zk6O&`ryhj3-3{s5tje316u
zN~>g@qTOK!A)y##o)F#4{-qQdHA%&qCRlDFL5Rz^Ow#@xy`dS2Def~q+ERaQsn7cz
zC_@$HoRc(~+Wf&sNy6?n(QC#BG~Psvqf3${I3j&ysv$v<O!!QJ(784L#0KIksuZi~
z8#<v<kI+={W<&FpOVx~iVgmrfi4uE5&^rpOslzhNlX;+vFWZ6N1MsGT!wJE0LQ~>O
zw!F)<Z5_qtjgGp6x4`>tOIW3!*g&x-D$#^OCLp^eF%*i?ap36`ae@UajU%Or8j1Su
zXO@~ZwSO70-~Zm)Kd%4ULFoT)HXty$&V2X9`pxUx5Q59*e(inZJQIe<1sGw$YU%*=
z?azg>Tee{65H@W!2rGIE$+9EQM<M7ZkcfUM61OTO{uNOA%P(kMW(ivN$K!BZ45-}u
z^<OtU^T$8X-*YA*;camOE$CpT_C(gUtvPJJ{1UXUeBlkTt50NCL25d4C2;khc`$ci
zN;6Jc31IW59?(4i+H}6k5bMA5z#VLF>ruj*YXEiw{PUlkpV;8qs|i?C1cZGxpP1i=
zkpBZI#V(cT#VTF!NBPW=|6)ugEEPoFM*^Jd|F`q9EdL#BukwFA$peDk39RxJkq;*U
z1{>#zWk61DsnWA&i9{@kL29EBz9Q0-gw(&FkS5|RNd`E&(ZUeNl8mMrjGLVMUA4*u
z(O^Ip)HWq01!XK2+FvRqcZj7#^cN9FN|=0Tfy7RrERopXJ@$IZpbDP8*a9wFkLeNv
ztNW<T40C{aWwG3`MMi;@*`fHt5Jbj<V`I&jOC#L~hvUEVq$UWjV7v&iXl&D+;16G?
z_!iRy4-y5xU7M?%k4Sf8Lr)}le;67v7aoEw-xB^@T?!vaKl~Uqnx7UMmY$_IAoyYa
zP~fxXLA1Mo{I$vHZ|<4L|4Ejx>4c>B5dh}#|Cf7Z`_Iny%K!gq9?k#VDnFnA5bT^M
zmjHmXi!#@@zxSU+N+_`U6k<XN-@m4uK%lk^34J>Z>J@;U(6CWuE2wKf4}H-JD6dK)
zhWWY59hNemc-?GQjVHzKQasIl`;hXGSV=-FN$4pgp*j5j-giI$V?O_XvAe%p&i}gi
zauxsoBoA=;2fh3Gb?$u>3ueP%Ef?oRa!Lf!)z844N8e6R0oN0zTxxKYaG>vgpr|cW
zZZj-hP)_37tCeJ0T&@5wx3?e0gLXg=&r{&=HJ3RV<~T`6Ld8UPHNhX~B%joDSqEG}
z#u6@4bV^-G%a<e24UQzeB^8siS};1K#+xM0IoA1ni+deT5(p<ykRTVV#9Ureh(t3!
zglaew4Do=v8;fxGUKc6W3!z{TKB1|ilvMs6LAGHR;GQu-p*>9{84=z`XG3ss)mK8B
z#l4b1DY+%QfEJ@T*JIQbcj5X-CT5~XLrM5+vq*>N`ua`X3zVo$q*0O3A%SZuHbfZC
z2~2m4i|V<Ed>~N{_*y4ajtO_gkP+jiDDg&L`=nFVjwG=fx*&41X>bUuzhDSZXJ7v;
zHcbdEN$7|wPNjXop=uwNG{R~Z>KcG?AAPGcG;0u4?SHlH&Ff8Y08#UcrcpxBD90S9
zkjHPG^hbTwCr;?kgo_R5r95US;|g?TGI^?}V|u$|>6)A|v^r#{$^1+>E1(QW#3rON
zT>}Nt$%ModOOi|tzNmDlGRY`h2RO;bxR;Pyl7PrWh4$h%Q$hos@{HJMB<=JKL%F_w
z6E4n>V3~6gl8Cn~CWm(E&EIg@q7T-X-JuH>`!oeoXh@Eu8$gLf5l+?o-k-DdERD$r
z62C|5MlRe?o9Vs%c_G!{u`V+`n$=RO_ga($dmmOP+xu@GNW2d_tC8?SZc>uh{Fk2G
zzOOGZ!|hPHy$p7Tr!y5x-VNbYF9iJ^R6s~+q8bK#L^bs1`p<uM8i`@4lP0?4-Hh&T
z7kUWjt$zDjMx(xO;6T6pg8FD>+I#Y6j{Kjo<<ow-XO8@TaIjml|Lq*?zg)%tKFOn9
z(^>p*@_)wS`k=igp?^7<A3im?$#g6W$OgI4F;twSu@RsySiBIsgb6GVmDI>d|M}03
z2+Am*+ltc7XjBKT+Gr_dN)g+c<(%gZWLEQKhs5(#3Dn047NR9S%1xH-+GABSBE3|P
zbb?3ZB2N?#<U}s%`XV`<K*uF;qHw=Kee@5M8XuWmRF*@=OvrO0)z)l*C-3WJQKUdz
zoSn4n?BeWX*^a~*b8^9%Ql8I)GU{{AMqRsQ2cczrv$@~U^hUH8LABA+M}dGA?RmP*
zIS2mtkADcPs~%tW%x(DYfZQGS8ac21pfXMwr*e8PVgLiHK)V0nQWlddl8^|3=<i1}
zd{_m&m_aTU8>%|KM+wD(EVq5Vk$RvWX`tzS*4YA>y}Yvr5vR*xX|btVD;8zxmmEjr
zf^f=WqarOm|Cvzlzvm@Oh&C7Adn0+ET5Tkduc90du@)B(TdiiP(LIJ;KQ@TQ@(dU(
zhC37!z)H9<uFmGKHqN+e*sjG@hVN2x9|{wUdzMk9W*Ri5@;I1E_)FXA1g)NEN^Lgu
zElcvr{i&h>V|Qd_8-FBbjyd|jkXVvop4`g=cwYS1c3J=5-Pt+VUg`f&@qn^_Wmfq?
zJ%CGF=iku-$V0(XxByi!{_*$<uN;Avbp$GEuU6VaK>x?#Jl%U_pP>wM2`T+PZKt7P
zniib<WzJyScPkI-)w94eTmHMn35`J`bEyEnaX+;d2Iu*I@9dZ3zxEDxR{q~l@&xh!
z#o9h(7Jve(lK~$=;49y}tH!14cGFz9tM%{luhuJHS6sCGtM$^?i-(*0SZXb|)obe2
z80kQ!slG1BbM@^#_X+hQ)%E$-6UZV8xemHT1a{YCMCfjmg@lwzv_8p&{0fV@u{h}E
zj9p>+A-iS0Ty1}-0Q;l46l5tZ{`a4YA2-n;muSSKNzk_b6Qe2WZlbQ=b9G$x8L?)U
zpYf$D8}{x)(ZybBW>RF9`-5%x$GYNbHU*ajVJt)fVeKB53L2A5BpA9Q$k1}_IcLiI
zOU8mkU9G%37d_7_>Ea`P+Vg)Ghq|x?FpvLlzbM;(UhM3y^8Y-^Q;Pq7U<sgR&pf6K
zP`17pjkdzcL*3Ez;VWXxbMx96-;<xaiG(R$=2>Gxrfq%>+4j5i1bk_`Rjq#}+jf0;
zU}y8|VvG44+rn9pQTv^`u`I};+gUZ9saIcTWgJ%<__)Gp>>92E;%;afp9$2RnC!pm
z)y6Ui3p%z~!;l)6vJ~@a1#PP9cf*=aXJBc?vHxwJ1^B-UFkMstn9u*q^<Q7??XCPj
zpX4dWe?PPUP_t=1bqSz$${(!=Py}l~x(HD0vXu<bP6nvQ*h&akJrDJ?=l{#u{{Ke{
z{=d7oUE=?{FL!rW{QoH)7ytdhjDKbKZxNOGpf>+t$|Zw;@UCL*ue6+HuMa*pGK7m<
z^urkE@V2V)-iKTk1`N<mRCG|04oZV-WO8n5<nNUU6;r9)-j_}K{+=m5_AUF(QxtZ7
zf=F~XCTVs4MNG7v{Etng-e-@q8b3R4oL-9u9p^l`Y$b6#{nMWR8}G6uE&%50|NG_o
z?=SXVtoZ+vJQe@X2bKdopTvI~3qZr1KUx#O)7=928*OC+Xk`OvLfOg)uzDWgY0v-d
zkBb`t=JEd*yD!TAe=lFI?*E_U0rvi_Sz7c37BqTj5g_Aqg89^Eh0lPXERvI<3d47R
zI!mdfkgdvkHhEr6&&F6>==Qa>VaHgUn)=+q>vDlZI~X6fsa}}k3E4!?+!tO^aQB<X
z9dy|=_l62&3xo%i(G+)b81PGo`&A?5Gz*w{VKeRq%%kgFDR)8V>pI`FN;T06t9Qdt
z-I-3SRSrYW<#v_Nwp7bGTwav8yy+|)Lz{}K-okoyaQvE_M`;`^gV|;^MNOZTw_<7X
zwlX*csgV<%a*PukPZ4%-%UdYy!rP}la9>sTaQZGyrhq~R)T9qHot0~s*Hl_8pN={#
zwO8K_8ZOD-bIJ+A5=K{^`lgnQrsXZ~%S_(Ff!yScaihkAGC&G(fE`|3UcnGCE89aY
z|7SQReCuyGN$#KdNk4P=|MuQ?IseoCi``ZJ*C%;Qsa2XHl1e_!7)_<CnV--BcjT~{
zQNxbu<0R<@x>dbopg*Q5m0i?t{XNdIWa=9HyB^j@c$&|@!uZ2bfH~*?#qNv!a{jmN
zoz?k&k_XQJ8-`;61-ymM!ysB7d3`EFNgOh=MY)h{f@GGUAx((bL|7P5F`}uF()&|9
zN#+M2m_hZ)2g&humUM$`3fn>dr>V%fmv$Cqgiojta82W7;J`{mgRz!GkVbtbmo$Nl
zXbPg}|D*)yXF=a@@eM)Hy%qsgA4+^t($05BZ{HxoIpbn}cLqB)Vxw!7iISWJ8SY$h
z^mVb(9+j?I_bgo69tf9o2vxop>O(|0AztGaUFrO2i}hkMw9SQmHo+r;F7hNX-H3(y
zsicH!F&PNmMkZ_CV%>!~09*8S`Nh%kLOt*Sj#|Jy{U8ZXae~fLN%#;)i){j8n!DC5
zy0r5ALLFIYzx~22wID6PUwpIJLS(mX)`6xYPQ-$HR<~&Z{Yxy#9iF12i!*e|@&!*i
zS1sCf^A+RtXGMe)$T@nHO9oVeFE+1nhFf%IQXxWA-*h4Pso%2AigPw0a!hi8-V(`a
zwAgeex=l+`+<S{tJPPUZV*N#n(B!QvB2mV;S~JHrHl2Bk{^bJR3DDe+E-t>le6zsT
zhqkqYSjqTL@-)i-N<(`f1He4_U;VqJ{~zq`tmOZvcmne|F6`(26?;2nK&$kDJWTk=
zf-qnek&xQqZo*RYF1A%l+6u-M>%rD@bb+}bD4{~?UT_BWuO+Lw5twOe01##9My<H!
zIXPBi7G~(yBY~zv#wVs~ia<qHnD(j#0E}!(!m#_JI7Snk(jgI2{R8NK#z~K+LMpvY
z%~<`dQvpGUcl(|#<i3VHizg_KJt8ULs+WujsRWF_Cn&>0+%X;txH=#tZlhH>ew1dT
zuFgVP+Ycu(70Y!I6SWIS8c`zp0H?3DKE`MDIKiCac<=yy8c6MWW$B1LOs^VJt6rmo
zMmJ-Y3-SOR7r<KeEm*=IpjQQ^slQ7yqCygm-esy!#uw?u9T8?4_qhRA>g5~4>2Rt*
zbAA00BilsV8Zu6VI!;S;c?+<QlBCq9z9K;pi%CzHu0c4Cdx`>i!w9cetk{O*n5Ckx
z+Uln6e$l^wtQ{aU^;&l8^2e6O_|3)n{IMy<5>o-g=$1!%o2B~hvDb2dw^`a|WGRti
z%$Qslb++N6h_mfx4(>=ZuNX@_z=EJVOr>wVl1%3cY_*$Wl8L^8&_&NsS+s7H|9}lX
ziT!tb??qYuJJ{Y?`F}jgGf%2B($L&{8Y7uygbPI<(}=vGqTLmbX&MuqP=B#j!sg-k
znypmF_D|*f8=-9LZ=RLlo@8Lo`QJI%-mBFA++UslCwV+ekFI#=ExYl376nHfOj~P(
zwZ<mvc(L^yeQ9OD6i-MD-3o+7E%yz*tkkEzhZX!?a#V(o0-q_*<3+tQ7b=IZ47{38
z&hZ3-rJ6abc0gCd68&MGB)U$)vx=LMAXO!|<R`5CT#Ata)OWXpa~hKkw4R#z&&pn|
z)krmQ=jrlnqw1yg>~CsTYD_*Rx_*aU(^;E%qozSu`*lctg{+U*=eNDjZ@b>B7SNi8
zQj3=;!9s+a(91&&g{jP{xgm7Dug`?Ym58hNQ{@Hfjv4Sr{T}{6^^VmasbBRB`k!W_
zr;z`4w)gkS^#5Rc<^S_EPnG_s+2~;iKUj5UQ2aC-k+vjX4NB2!NAuMWL1YW5bKynR
z<jc^qYrbv>^K@|<G=)3(u5M=eNexLQ&d)UXvP`x7an(D`!tgwYS*XWs{3dS56n$?X
z|A=Uc{s4V_uA@oSzy}0D-bh2go1A28si>L1ow|^mrlW2#wGxLcW-PO$__NCVj&vpC
zEJ0MdioO_W_?y~60u2~T%AC=L=vvTS$#YWmYV}8Ay;n;pF9U)NG80m`h2~%{5FFBM
z<jWRjpO(H@UbF~dd7QlHw=2eso3eq=Y>xQ0;z$F?P&ime{&v+I96H)SB^PXevK5|h
z-+4WSJii32d1yYg(td8*zXdSVeFx-D19b9%re9uH8zJ&%${XrjMoF$Mh0oedq@OXC
zD2YN&Gtxy}e%D2{A?RKc97QCPm+uxFnC_{vo8YKC2&8rsWaSAiJ8oT!p;P|5;0^KM
z0t+~h-L7w^dlnBePHrj7;bp?uO`f6d?M@eUt((uY{v}BW7NqaW4SM_kbJ5F%77)Wd
zj5bine;D_Oq}Q*%EeroSMfM$A)GkiusFs9p4^o+$nOVO=>xiZ?`QU%tk4-&pZF=vb
z4fGE*ICv40Xx64ELk^bL!15|stSdGiA0^ospXU>Fu!}aDm(IWz5_tH!hved(>2Pc7
z^V`GEZ~xclw>^G$xc_2rcgxWdGY+*LZitm-@qcjURha$Xb0$f7fX`AUM6&3B{!@r#
z!ea8un6n>qfEnXb=^f=UelF~QYBy&SxJFP5LHQ{jL}e)Ix5E<V8W*uWD*SF0X7#z9
z!(0_L(Wk1fkFTNmw}u4-3`Vb1*DaYEz>u@acX*OiNVGqOX1&{rv3d*@ep*LV98*Ud
z^_?`Fr<^AXql6~~8x%6`>QmW;v(U9?qHA|v*V}|$^Mn3FEqPb(hB-)cgS-#UVA#z#
ztM<`=vRdvHaS{ukVy?Rl(R2!C!70$%zD<b#_U-Bxs(ovJMccRXmLAoZjEe6kETxhu
zU7)=7jUO8A>Vm~@^>3&WE%!{z3dXZejdR}KH=jBo!)$;3rztc$k0NeVXhV5e)$MGD
zSl!R%9)jH*&aX2667H&kViT$^-#rSlSQ}(jMz#>PSX*qB(cn>m#-C=$nZX|)ja{$p
zGsFI8ojvbu1e|mKvv=_FpnU(cy}zpe^CXXs?YB#ft}=Y5mVep6|C;y`FV??>(XeRe
z-2j)2fo`<^C6N2Ex13qfwO_(E=uS#I17Z2|#jS)c=w|^_q3iVl?1d|X;k^uosKGqt
zW8oOGG9!#4mbvs*#V#$I?ZS*wkhtN5knC7BE_U2TB}am8XH9hL9?$+<=>Q8GC^zbN
zQbTc1@*%@%{LYP`isG7thUG>z$rAi&y{g=0R#&ItQgQ1!x*&YW_yiT1aH==Bt#EW(
z&3<N3R*bcRwPwifG}pkLQ;vQ<^a+tzDclPHN8Jb~APW}6sk>1@=M~YmEm)Dco4Szy
z{EjMUYc}or%_>&$%865q4$O^;JnF3IUJAH&%Wlk-1skhWJ)W~ZbJJ`*tcckx|5YOQ
zmX-tO$bY-LySt_QPuu%@tNY(4d9*KVCC2l?1i_m4&xHiSn)X$}kiw8XX%K=6Ps>eP
z_zo-TSKavY$RPB;QI}T6kd||Hhwca(<J+PRUyP{jKx`te1N;hdQ<(exiKa36u&MrQ
zr{qnVeyGe?Xj+_e9hnk}#-Ydn(<%_uB!Lt?L&!-km5@eL6qb)1(ovYos(~i!PrGG#
z#dWe#JLHPALO=ABz;au@tuYAO2<J7Er9TEk@62R>hPz0H%B8*AV6dJUb{1!9^H`dR
zi9M1MN8<@e<%v4BG?@P)OzshR+UjZl%;f)&ZR7qvVDtR{_g_~0|6gve@;^Vx(}n??
zq$|C$a~73k;xi!oY3b%0^f&l6l+$(cwo}yzwEg-5xEAOikpj`JDAfP_XQ$We%``|r
z-$B=4fq<W%1)+{U?20#pYP7Cf{R2t%9iAi`GuqFv4u3>cuKE0rU9N@;78jWsmLLc7
z{Qq|<`QLY5uI#^0^C%&q6Zn5R)8b4g(0K{bgH#<eoIq`FEgeC}8TKho!yc_f1B^4=
z6bvxVu;;I*;MaNY8`~;)wFE9|lEFLGE|l3q^5=S)<04-OdBwPv^UR;`;08-m^wZ8f
zq=iA<^ta^azIy7PX8K=Bcy$jkaGw3=<%^eP`_InH75#sbM>`!>Qlo+W=K;(=m8@wC
z8GkCR8}9_^WK?_?7)3%5)%%yAWqp?I2fmF7dVJy=ncu+GMw#w>d>0&*<5J0={wy|2
z-+r3fG^4v+>dwHds;NZ+0*e|%yE~Ow1CG5CG!>&2q+gJ%N-bLUVf?<E4)shU88kwf
z>QgMz=WpPy$R@D-buNl#@PC~=@Bu;q=kWjigO|Hy`_KNtD*xA$JeByrGrjB&5(4P*
zPc|!n=99L8faddn!<(PVI-lLY4SJt>?dg7HK;ehKLNs_V#H9nmEgss&golV(J}kU>
z^wr*d99ILy{I~7E&ew@+W?AZKVSU=|_7M0YdUXM!>OTYfqC9_@2(*FLQO$la;b$gL
zy*!H2g`!NnlTg=5WyxgXj>LL-#kw-lXo$%NRNZW9ceoB~g6gaOJok+4uM9BUQg$jE
z^`ZZ>hU((~i;v1l08q)X%&cS4z~#w?m2|Goql67`(x)FF;oz}JG#ChcW%Z<*y90X5
zRmX6{7_n4Ho~z$$<S5kQW_YgXMB^^<rc@d2<7hZ$2{$U^oUiB1-edRGb>>4ar%7K@
z;hEpjJ-xcTV^+TjFF46Cuc{rWtP~A7oBT<zbk<T=ureZYVdba}KZ_|qs7VR(k6PVa
zXR1JzoH$Lr1#WUn^*Bobn$vWa5`>megl6y12T+F4T+hz>UwrE9#6~BJ)?8XTl4XVE
z9{PiA_qp(EVh;%V-a`5jh;f8d<9S`=IxM-&KBYOmS^u*!K98>d?QXv)$A28`zt~^t
ze^2o|s{ZE^+c)cf=99MipBK<q4hbvke|G;i=zr$5r~mnYmeSV(kW1@pF1D_vz7|g8
zu`UbUQilE2`1zB+moWi6vzxKlgmBh)`Ojbpe!H?-<Ogfi^=Yz0F4b?jZEfEnz^&)#
z`rXO9L&(<+<sc(0DtE#S`f@n_qNK!So>VpFnFw=Dd7hA(ftSNjR#&(GzE3m%Hx8c{
zPz2>(Qoua_pS|5m{O8O4?G^ujil^fL6D<3~_yCp4=`;%i!H4Yxf^fK=SP;G_3kTum
zZV(ZIk32!43VKm@p>U$J9EWPg(AtHlZv2lW9|V1MYx`cr5L((YD_5h(dYb9KuFdoi
z89-;#|D6}RyA}WMy_YNf?@1nQxzpvn9xCR`R`puQ*T**U4|+)IO%XDW#+zR%Dv0^C
z&YNeJKaT-dsm(syokzE-QPG$s(TZnyu|2GjbW6-fL|%~u3YnDKmEJZ^s!mrm9b}wI
z7BN6#cPwRA6Vq-pfOVgxEGB=Wb>FBt!#6Kp?A5)-a$Fug{8prf>u%Mw%Xwmw^!2>F
znod@b$mnF74vb`VHTw-X^L22K(G9WKEhF8kebvDU_=3c?tfw(#L-LyS8D{q}NixDk
z-*w_Zlvrq^vD2H!#s;b^J100s3B&OKCpe7=M`srTYIskG#7Q!!qQ<Dqr70Pu`3=MI
z7Y0<f#$0?y<+$25@mif-l$!Zl>lKph3PLkXy@v3klJwyVRb-Mes7Ed&<9I}1j<6L$
zih+Pc#%0Y;&})2QcWuqqv(qVk6OQ6Fk<nQ95f&8-sZVJ~!S@Yk9lCqfu1RfPkPyxs
z(~{Xp0Nyh&*-US@k+Jrd*S5%|q&~9SwsInB?mSB=a_f-&3XPOpS?&|Y7)-BbS4hT*
z*#Y@vU^!QnRJ{uOY`|~LU}tVU>oC%8_nj54E3-CW^|QJ?XuDou8&=(0YKK?dj7<$^
z?Z*PzEYjHEpE7GB&BU46N@dTW(wLg|5l|;Z(u;*{*i;I;<-Y5j97^BR=$RfxT{lTu
z%Z;=@!S+TeLz+)e;hS2VRi^r-(N1Bjs!gney7e4LD)}^H)Yd60p<8lHhV-V$gRAza
zjCx`!g3vr41$Hf5H8TUG?&f;N=lb?N!%_MEa>mdW2Ufi*Z2qloeGMLul?rQfQ8&-A
z-oc~Y^vc2S-T8y5y9}=!;aNS-pYCGVtleB%njSNDQ_09&<dvxzUbkr2MHS%Q##Vdw
zjtm5ea!$IHe4|c6HUhG!-`3TW?K-GluX`_Ruvp);{s0@oUO`peK66>0E1&D+&;GE=
z#3f*z_W<<E%+!i?ztw$K%h1;gF;f3jaRktH^pYvE3ReT4w6FVa?Q2{lynQjJLE{z=
z`l?XukfP7{upRu0gi{iSnm?Q&gyWP-DoCR~0kEn%Vf&-iG_L~q@3vdPZUx$1*Ig3L
znbF;tq=^0n4e19W&>$ZP6mcxZYL|Wa^%-KR&X-p!>1{nP51VncZv6dV26m8k`Wwi;
zDG;{-UVu%FDs2=#Hc+jjlUeE-VY5t?{lxNN<I)+cu{k)8!mlsi)E=*T^+&1to~N%k
z+}iqF9DXi<mAN_V<Dfxkt3o>=v=(|j=vtt)d&M|66;WS6_v$qcoP<^f+if>kP(N3;
zYSp!?sz%i{gX`v8HB(cn8<fL;Z8Tb7z^eM|%194ZOAschdj*?CNVuDi%aI8g6l=W9
z0`D>ZcjIX1A*nj4xgML%*9Z6a*PH{pb>cmTwMD?U_R%cXWNzZUs^mFC<XqgTZ{AhT
z0=e)?C<_Ng|DyLyon12*<ebIi?4p|I6@^?xAGR5$%>q;<J?Jd)mHy?T?%2a`z7J*B
z!SDKgJtTps9TylBOilb^AGnv{_-EWH_U%2QYuoiZDcu`3Wk5x%o4b$XnQ{Mj8$C?<
zzxnb1+hzX`2nk%>|2@H@`RzBy4|n-@8!dYCr&{!yBKy6H(!tfA_j9it)9<}pETZ3s
zx=>8N*RUGVKPwhsJ-FeUX2iQAb98!$lVpISn-g=h=g<Cnn$3vqAAy5SvRsV6kH#8#
zq_uPYg9<*i!6_HTNNbV~ze|%Tg53r?oemL|YXaGwp>!?4JR71eY{mvBU-EbJzPx4|
z#sN4;QcZ=V>F7AYbW$UZJw@W}UsIY6hfo*KQWt+V<G9QYWSP-$b{NaU%e$~cmd@ZX
zGi&@W51%u$ng8<vejov09{)dhQHlTG-dXv7KFOowKfX9ReyEH;YTGO*0O%$?FJJP7
z@#!e&4ct{(ime)mzV8&;Ouk?no4dttJo5FdS>#Ynd|3njt_T?b_$l%QsgCBQ30f{I
zLBQh59L)OFRQ;O#+6s?WG2%B=jNyK=i#mKQD<!~2{B;xGoDGpqEbuLj36z<M84<8~
zK;+p(ScrT=j1{Kdt9iYy7Kq7Lpx}0A20S%2npuOTvmCph$Luxf`p9cM%z9?<f0oPT
zYd-kT-1v{}{WAaG-CODZPx4gaKQGm?KS=Z^Y#`z1jjl#~=x<7)9$t$QV}`N$oEd&7
z#dhe8+Yr+MFTGd}4WUdST8Dgk;Fb>f)Z=X%?&(k9v4T0Ek8aS{BEcKBd5{{rj{W4R
zwki9AaJ`pxpulYWaVFFL4L;5EzmkDtX;v`T{#%a!*xlaSTj_sK@@Rp`OD*zHcHr{%
zSx_geHg8nd{KP2b8bJQcDjJ;Ea6v_`J{8M+RnBYpE0yB=c(tep%7gTns#;?Xq?!4T
ze)-jNAI(sp7D@a%YuhiC?`Y9nN56u;`^hAFZFpwz|NEwWch4ODzjv@x(f{@iUat86
zQ#|Gf!d1+JvHoRpy^DD%-bE$1yQoR&-n!tkX}ox~XAxwIpIz!%RI|!^s@eQH&o*g&
z+ak}VzXz!B?BQWm;Q8qaJU1japD9#|U!#yfa8g#KogY#T{#eT%1ho$4NpPzy{U4pF
zzxJ6W|Cylh$Ik!wVy9gHdFNn%Z&m;2Ngi{6bpZDRxd51*v#<bYS}ouRVE1S{R{$6O
zzK}P7DDpiNf@hH<BH;D5ho^80Fnv|Y@mWfxrEqnrrAmT9J?S*AhDdW{_*OD4PL;uV
zpB&aoTy$7}<699CYE#8Gh~YD&hT3Q-Z<McUTGx7%)r7~^$>?S?%o5T|BV0mSZ!Osv
zsk3QTQ0_egpT`Qz))P^(anYI+!IE1d>XyGwBD=3AO8tD)c>Ot5{4LFyu5o`nE6q+j
zD_HLq6B0qCN#h_HvSXV!)0OMX{Uu6G@)r?~HG#d4JMw(dRqqrWMJ!K0DH+yq*iTJ}
zT|G-bbLIadeG2ZQ2F$zv-QU|S-~Vo}>OVit6UhH&tshtqFi@9M2VCRDwE|1P+j<I@
zHvCdrg2iA}S+H-KbOzh)6RHlT%aw2Or!HXGgWcM8_h}12j;5^Spc(xCj`5p>;rRXr
zz<Kt+y_b7s``^pmgBAaOiU*F^w`Qpyit*d6vmnbank~TW-8OB<<lX0sv3J|dXYB5`
z3QKpLEX2$myoGqVZB-@h&egh1-{*AntMmPbV*CHDT;Cq&mh8T9J1oNIgHFaSCok1O
z1uRv&5KCtjWoZ#ku!(Y^e-b9;Xk`tSl^w2Jw#)b`BM}k|Q3(-C>6+AbT$ZAgCJ55k
zg}FX|nG>*NfYw;80kB&J-!l9M)98<27nV#1O_iNb9wKN-J2;e+3v^FNmayrBq;j!p
zNU_&$`S^d|_o6biD~Tl;=E)UVaBRXf6w6%DwjA6ECKHw}JhT{^J?6mv#0HBE=_l3T
zkp^?jS-S9mBF@tL4yvi7)o))wf8?hk|Lcs>TYsY|eGuo*7V&@Edu925|6qSr|Kmv>
z;4N<nAKBPGlTqAW5bFJ5-i0A?I)UbxpsqR3UCZu$=^~*6?#eSPu2S6ERNfQ}i1U?+
zph2(D2!>8>H&gN*_nztBinzc)#-7<wA*P|-I-5|5T*fqmq_EEGvx&le972Hgcy~+q
z9jB6%Mi+D$fO0}oA9Y<sU#Knky={2tS*2q8H+>rEztKFN!2fG!fB!|r|7&M&MgO1T
z0g7ylAVBtQ%|ETL8Epxapopas(-e(KGC_oMr>7Z4Kn2Q0j+11HBAlWzxK<zx&fbdd
z&~#+E3shOasiXN?H>5H2!yy_SMT~P2B|hgkDn@rllLQS2%CJz%qhzQn*>`x7bnnS&
z?7r`!zT-CYm`%~9ps3Gqk`z>ZT@McRH+->_4lPmz>H<d9-?xNIg{$w5-o8;2`_t9C
z^R5rCAo|)omO8F284_c5Xa9t{5{e0H*k;~^smyxF!~|CDj-Wf1Co#Iisnp7;<T#QZ
z2$m+(O*F{CZy)DM6_CZMySW^8H=X!@CeesUfile1N@1aMqhj#7Q9DJg_=tQ!6D*@K
zfnQ<M++iLIFE@47^$N1sq8>7Mu^SYpX0))aCU~kg3PzlWJdsK+F}tx}YN(Lzrh15e
zNPkGt=ePR5SHz+K57;d+81DP)QpZm}dWPCW{}U>t*!o*cZfQi`P;nn!U>^P7+ubkU
z|L?q5#eY4?Gmo?t8z3NVMn?y8c#YMZ#veA(Gu<{wwgIiIJYB#p2WgSNhpmlyLH|^?
zmTA+UAL63F)5hZ>gFTHuY*g;LbuqJ`uiB6j-N~z<WLdMjVqh~2XN|g9C0S+Ak)P_L
zxuGVabH~yMEl8lMCl{_)5Z6=<eF_Qj3A99dDRsWh?=`d^b@Z?j2nK~yEKO0d_?n-L
zm_*-yE`IFRto%l8l+{Xed4OjQ{r7gs@=Rbp{eM}a|2w;TtNY(4dFIjo(gs+Z33vdS
zIYFtHGCN2~4V(pef@$AV8+!rHQ0?~LmOWHgvJH>$b2D280W0SigcyU;(Zn7==cuNG
zT5*5}dFIi7#^pVw|M~R)V6UA2;pNNiRsN?ZdFIl8vjJuke)GF44hwIJzdYXXY>b8R
z=&_}C{m6QcePrft-&Fqgn1=&wio}+<h4*<w=7rKnjb16GvDT*(XjS5*I<+&+9cRw0
z!V4WzLe|E3Jzq2ZY;06qlxzX9v-m?LH=p&}Db0QcC-P>|b$JXIz*VQjbBm>^apNg)
z;IrFWaAj6o>`1_ws01E)bE<qBveerC>YCd^#%|O;0I5J$zqWpTgV7xNZ#-u2#{%Zi
z|J|LJ75mTLD*oeXo_X}&+W@U(e~)U+pzWsA_-2V^l!ef8Eq)g=;SN_befJLFeDXe%
zv>X4cF^O&z<gN>&8)Jbmaw1YY$H59;t$4jy)P}Xz?Z4aDLMq7C%%%;lt1QQ?Rlsq?
zZB)x}bXN`hM!#&qZf3C>pDf>>(-fPej?vheFU)7knwe;bbDg2gxlJ~o>pbQ@t7B~q
zht#3#S*_r=($YT4$MFCDm?RTAN*N~)-^U#OzrA14|8@^vuKd5A<oOI;U?~Yt;qqAT
z09^)okkceqR6WDd4IUBE?|i0j`9+>-p;nAZlAuw-2Kw?A(zkJvU`cNYg5s3L?>LP+
zpP`hDbPUIO#>tR=Ah9OJ|G$mCzBgbgv{XYv8R00QDd~6mCs%*Fl8lqiXXseFVSRIa
zg<{G@r$3@{3;tgZztbQ5%(vkG?GNM8mij;Yr?^eG3P1xK-Q*b>(u9c4^S-#tI?ww9
zeA9W}mlO4G#_6c@{Qv5FhQ7g^vRt6ElT*>@XPo^+BH8KFnBXn_IcGn0`nMutG1>Yp
z&^L4b-<%zvo?o3lP9L++|IW^SCI8dT{)?6U|4E)NazRrf1iE552McXPQbEv8f2Y&A
zz#LDABwTbl`UT^M$bYWK1YPr-fG37P7y3kO>H>QVV#&0l$C~!C;B=5n#)Sb#Vu(FE
zYyj6iHh!gFkz|74$Iek4Q$;{<g1#06eaUeu57Bol2S<-w5aV@fz~3=`gJ_B}&f+{$
z4L1=MC}HWSgK8fv5S54uMO;WElPMB_n%H<P`2);2yQMLS8$hw)kVX_Ih?9&7DjA<{
zq6kZzun}V10Pefd<3unt!8ZhDoZezd8sJV?tg|C4LMoZgH&h-ipdd0R*ld6Vlpexw
z0vz=_4d1H;8nPr|cZxGaSP+3QCz~kFi5UsyD8({YKdSjO0J5fjEYMofuNul4>=^PP
zOK3#Zgfh;?bU-DE4;z5>&=+|cC%|U3G^|F)IEtyr5<InzJ;APM!U&b)b((G<oH98k
z-0mPr(pc>Q#!)!lM$}s8E1YGRlT;cYhz-#YM>L@lgP#{p<1NM;pk$m)7<?A?stdAE
z9-|C%Nr^x-Z2)mgS)#WJxMWjd@zC#dj>n)Qo?uD5gT1@Gzunv3>22@0FU)zhAMN#`
z1l+&AxH_@mI-S?xWHw}cqWi-GmP>>a#mu!#pg)CKb5KtwB$WcNs!(;shVoABr%sj-
zEQt2ZisT_m$OtF@OKE!G{w(^8k2;-mCTT=E9knf+DA_tpIc8C=`r1UMtAG91f15A<
z^<V#I!={D8DSDTYv}0gcM4_+P9l0fZ6PgCJOM4=cTarrc1vemQf@6a4Ev5+`B&3sr
zKcfL%8Xiz12w;LE2xEQYmdDNk%Ctu;n{qlDOSB$spxy1Am*_3#6rX&7jv3Dw*GNAa
zY@(wiL6_=Nfi8(s&`8|x{OiB|y8%c4`mg_^5P*^7I3^R!Z`4+)2j1^=dJp+@Ix|_&
zHQ^JX7ua$jG$x!3rf8%{zd%!#>*8pD8p!}po0>){a;qcdVgeME-ja?w&_c<nF%_C2
z5s*$b<xN@ID;+fx$q+1iUy(w`6oGm}bDW|&4z;P>1~-*RJE0N|bV4VJsCB~L`kl_{
za7ZFJE+$OUJEd;_4q49S7~wRfw}cDKT^#X{av@Qc4-y(B(~jGR$j#T#0*pjPBE?CN
z0^uk`d57!$tF~sx?b^FBjmGLoAf3J$I`xl7?K*M2CjnpwN(-pvwY`R<X4A!>m{tJC
z9uuV`a6IBT8+WuvrUFG%EENXNhN?T>xO%=*^CU~A1+g||sDLbWqMR$jolI4q1Xcz7
zSBZ!?9aK;3CQNdY1NwP1Rul|(l!#3@$N`3)Xi37y)h1-1!^0s>D9{3uN~*{@tT)c(
zm~r|ui94JKk|c!d7p^-_h8)vW1I~qIc;S}qbQE2PSf<#8L5tFDsM@M<06?xFaoA2T
zL~($CBZ^KPUN@C6fJAOQ$XQ6wwDxF^H_ozz644Pvt)wK$RLAw>Xgqs6+HK*T3OIka
zm`^+HKyU)=1<IP)CFplL-&u4<EEO4za+Zr^YNd!^GU{kTKMsM43RwIp5>$(zKGItg
zaS{=Q%j(!@>ci|fm=LFKM9_lsPxYD8=SX2DVyPxS0<3jIrl^G3ryU>n5Plq<5-eeD
z)kaCD&4-7kH8O<-4eSu-k|`M=QXH}4PNwe8CjwzxD+ZWz2lK&6f<O@Km=zWE^jPr-
z50pFLKs5m6IGq|M0Y2hWpWAViun|LSSderj%lKzfpmi(mYgA1=odeGShJ})7IT30<
zg+=v>L2sx@yhGPtoubpfT%Vp_ql?qaw`bSarzhx(@6gf3#hbI^qc7f^qBlq1Zo+p)
zZ$ClbzPtQ0I=ey_m+!tgJ2^c;@6J0%=Ss>sx<Y4Hio<_#bai&sH%;DMqOVRbPrvvM
zot#}Azd1U4dxehPyg}a{U0xoYU!R>`p`-H?bo}o8<m~$F-TBpK=kzZZm#0@(=-nkc
zdwcQb?DS+4ot+=Q`TFGS{7ba{?b-EL@4mi9Z_eJHT_3478$PsmuRCu~FOR=EI=?>p
z;_S`Y^>>@-_1X2gg82H~B|1VEN0--U$6voWx<nUWUtYYsI^9I)@6LN?=dUl%&c8f;
zdwPDosYcbgKD&N%+V6C%gi>WRz-EOo`jOTO3q=3xzy5EbWh%*>^a^{^$Ob@Sn4+p`
zi!vSLV2Nt6(laHh&5qGC)#9r$m08U(yCo@%m<<c2IUotUQ<8bz+fL^!1>!_w!oBn7
zNk7eVwRF=Pb*Cx^!bJ#tYNxqb3@&nmlFZ774qG@$I$CAoB%&E5X7E*gTrvpVv8Tx+
z!iSyCP9I$}BbiJU?y8~z{Pg9;8}yAK^1J<Q;FIYTC0G(}sXypu>V@OHI;u&)Vqi&?
zSOg1F2dxIyo!V*&gGGCVv<bnf(6EJ3VT$QlLRXnZgh6E+5Eq#Plu5N5aXirjYl2rd
zU<EB0a~}l~szYiap@u`!Aww*e07=QG*q8%$VO0oK>wAdS@kRkG_2Fr9%Z8T9yB&#(
zNHPVSPBNzGW*Ur!6D6T)S=h+FdSeH&pD%D>p`fV`>%{KgE3~W+HV{n(;ij6EIt%~$
zum3)0sam^!r?VICIA5^ncRDZn=$ygP(keyBvJ5LRrUE?e{}znC-ec^)m#0T3Z%_M^
z_%ZsJ=l{2J@UndWv%S0W|9Fze-GaQ)ar&LkXP=>SJW<T<DjJgs>2!KFL8wWbci2Iw
zXY+C$qW8~U=SgyoC*(c6c&E;S@PF?;3jyeFd+73uqvIujsb&_00lfT>ET9V(izT33
zu-HO4)=`A!6Ze<*dPqlaaTWq_KNmBKIFaSCs^8of5l)C-w6g?}@Y1KJAHV{aptDpG
zKE#n~K|l1KU1~i@x1(uHKD_UA{)iMTEeQ1fh~9@^f#q9+|04wC>a^*KzLO6TA+bOQ
zdyp>zM-uc@&<Nz1vpW}=`5PmWpYUVof5c<46%j6b6P)4^;eGW>e~Kp$kN{>D{omO;
zIM}V^f81aBe?QTq=)W~9?{4qz!VQnV5zrABpG3d&S?9At=PrcWqYOu5&uZrjrR(a0
zu6fnn_<iRyr!_0x-03Pqnh+o#87SwVDN&q8q|la}QT#J^UB(7F+&jpk=u8|E2CSa3
zl-c3d*4^D*AH!h#jE}aAMj-6ncW<}94NbmI6Q$7kS~}ROA~2#R_zq<45hptD08P;y
zrxGrotgznstT46)$Z}$%2tHsCwB7|(y{i@V&CX}Ys?@$3ed+1s=-q2{bp9Rs^V#{y
zrV-AqodN6@3XLRIIJ+W&t;v~MoCP?+=_tn|f=29?aEOI3lxShRHwu+NR43K%sD419
zJPfvw=UwcmN(X1u?36=<GfF;4l0sMgo8O5(Wm~s9og13Qhv+yLl1(m&zSuk=Lz;r1
z-?3Q|728%^=nzFoE+pYph@5cI4+t7%9i<%&NFww-BF?fywB~=aW`FPB<O9M}A_)vd
z18?;yO@&k&xAybTTu#o|jHCg|t;J0DcBj9y)8FoP)IzCok2uS-5WjkAkcU#w%-~HU
z;|!1izb914KUd$qp#pR=lqEUGNg0jsO3-waCzzLB!aF5`j2Nf3dnGIR<Le+KB9;-?
zZ3kHe)wJlD^}F3M07O3EX2C^q>nkLdxj00>SSQLtb%Zn+gdejcpQK)s9{NeJ^a9KA
zA?oY){lY~0{eQ0iFNh<2^{RVGa6Ij9{Aj-NE>rc`;Jx>&YIbOfR^F$(2@wL1NTt84
z@-Q+^8K-i3h;|klhD#<2S7DT;*K|UJ#FNYeqwh2_3A^sN{GquWbboT9XbefEwTZzU
zBZn`vPXUm1o2vy2a}5{w(V4V&t)m=+R<FtEfPlT4+Qc!UHy}gC31S>>Pb1ERK=!f#
zvCJ62L?0a|+SX**ih!)2ROlofwo5l=ZAQ3!eZ04~_dm5+9eh-T`uXeY<9=l+j)LXU
z7>^70459QST<kfPk@V=|?3=x-(u)$BkHTYEj8GxlFM+Mj8r+%ddmuU0*Kane9?X>5
z*8@YI6)?cO*C+In4Bw+6B}ptSCIp?(1cPA{r$~3ciN^Yh+c>|NQ{IDv8(Z5U*Gp3E
zcQ8fnyjo>|3RuqPIGsM%)G5Oe(e+(_%7wPZ2&Fx^m)6{8Aj^IQ?RrajKU+2(`iAs?
zu?2@m?HEaYasm{jU_&MMiD0SL)Os4hM!T-)ff_PKVzUX{b%<L_XQjod8GIj<R>Fmi
zd^I_L5GN5ErSxY9O<3n1V4m861oSxA*!I#|p&rgzo_Y|B|2KN87L2Atb_jBiINaJA
zQE8d1694m*%ITKxowXH{Tas)EI_hB_jj1G&%sJV@8STMfQ+@I#@n>$;*GlNCrAx>%
zr<u4`EJ{-x-CWP5N^~wyuddy;3n)%;k_u!iMA39;@0{EfEJ<TX{;O}EfRrfqGoez;
zfJA^9vyYB(YHGCQS!{?|ijMJwB*$2gM@O~7sOTy5wMVuuB2^ny4iiFF%xGMl6Cyw=
z2A>sob6=uk#<8t!r_IL`j%YL?b)H`#Ej@mFYRaMH91f?V=XyNg69UKwY6>a^Rt(^G
z`}_N7T{Ycs9E@4DLeP;q*B|z`|EEukMR`_pW`-JRlzn>E+wae0strAtWZ3Yf9%aqT
zSqMZRqk)TDEg~z(`~nMd@S;c3h{62~v{Y+-arzb=ABm9t<R$@|&4Q*6lE=QHF$V8K
z%YEV6ljtSW6Y8V4xpAK&9~A2WHv_d!S2r}feslE=;dD6ty#k_6u)d5tKGJhioo5_e
zu+XjX(1v58hAc>w1IxV46D4~OXabHEa1-w!C`uZ11&$1PDu{7v5mO<_B$$>#3x(S_
zTaHKD{1D{At3k{4n=AEIN{pLj{bDp8=i<>$c86#%ZSWF}sZjc=vAF)3OpWSM!|7`G
zz$rx53FAen|2;AwlqiBya;KNjmWjC`Q$VWZiZ`j*mgs@D1U^rhd~PYLfnz}oa+BGQ
zK*DtGK3Raba$*jyBQd(A7)**v)KG&m1vS+mAn<V0ZAE9zFzX1NjBJ5~`pGyQSx=*H
zYoY>I2KckrZ@^eWaJ^S1nP8f<TL<-}O{@#el-2_pzQzU?f<@YC$QeugsTj8#5CIh&
zmT8Sir(M$0o{*fSBXCUsZzXVbbwWAFjW*$;-PXo46YM!O1y^8o+<@eo%!6>FZV}3O
zKt+8=UGgEL97OlRs~Ki0g0Y)Keunv)#FG9F0STT;3Uq{%5mh{i#7mzt9b9^n>r?ZZ
zfLHTEhsW%4ePGU+L`N`aAO|cB5Mq-R%4lq4%Qz3O_`R<UUW_7T;&F_rDoK3GDo{di
z2zo>0nn0&%#HX1)AfP0flCDN$3rKR|L1VzfRx$g)I90kti{`HOol?~v_MDiT3q!`f
zpsCt1?be{Ssg^69<^nnpIzDn875jBqWl|b#n<&p%YBrczqJYL|7bq#oBm*3~6ABPV
z^p>R6{vu9dCG6ou_}++i6Ng87CO#X*5Hwd5K_Fz@km=dU?Dw<fl=<R_dTz+{C>bez
zc06hRs;nHGDA8V>f%q_hV2A|p0_{*frb04KBb+#I55@ZxX~4qRG_49|1$&{S`fEi~
z99%eLcW8`xti>V8&{tQx`v;2bjaY)y(bk78I9O~;$*TRbbnZVbSUUpJlh4G7S_T-z
z+;8@N_hRlh`#Za{R_W}d_42^imRp^jIQ`&Avu{P>)Zgwx@~9x)1D1myQPbu|ZL#NX
z&qW6A8fhA#|3rT#Q*>qO(m1-I3A$3O5LMy?+(P`>nQ(1eEhdjy5(^_lP9{Wh8lksG
z$AA%op9($<wbFa>{SBGEw@8IsTB{gaZ>9``PUh%_0<A}<39}hbb;B!-2{?L9Qz=L?
z1UF;Vr~ggUaLw|AKeisamdF68I*f()wi(g$=aXE>=g;BrrM(QtF^M<P02C1P_2nC6
zl@PFC&fOX_X&-7u|B$ms&-kPbeM5RL&i<gZ4X@1#n0-M~$)_chS!sGrp!W(X#=2+3
zHBG^;*aQ?4xQY<YC>6+2rkI05H%+wz6GXn5*A`K;aE{s&G-FC#1Q%=PUKt6eLkx)8
zXmAiY5aU|AOL(0Uvq)@3ER9Ge#TL6I{FaittvkkVXgcbtecjVLN5EZ=*!m3qGmDV7
zntNu)d8}06R$|NAMbO3`d#ytoZ#r6$O%TgvmP>&qc_L|+kUpxyNm*fYx3pL(1S!!O
zx?_^iTf$2ky0wq>(QC#L`G6-`LN<ZJDygy%E7d<wuC5VS>IEI8pd09n;<+G)sH@&y
zGA0#2_{&~bk(Tb+)#aD^$G_}!oywJxJ5q*^xNd5MUu_i3XmlgIu$Ni|-P4J@STsPX
zk-K#&7r(I~cCI4`3$-RCHLBzDrtQ(<NKEjDHzXa&@gX{>=g&1Zp;r6n!nG?`W2xg%
zp7j)0bvz*1TE+4m`kmq&N~Lzl+7R&0sF}%h6Jf)`3~4cU&ZZCGt$r+$CVC40X64ib
z;_`?=8h4x#^b`wLb!ey?T!hF(^x;E)evd3e&)^>|W#iVO%WsQkwBi@@c*SpsPt2XK
zCgAOOgTBkK2V03p_Nd}00+Ue478IRYThpQ8j8E6r7Nh1uVyN0-8*Nr7y2Yc?dwS;c
z-tG2oA7`|m5GjZ;IWRuja^vWlTpuvf+g%4=pmo|OeRTQy82xU4e}BV-lNs|yqhd85
z$G&N|9jedHuTGD@zC5kBgnGqjtA+w?<@K#K&MN9%C{<bkby9?EjBh<_amA2s4a#w|
z)!f>(AJ$+FYo?82MsfgTnRLA*VcA4MB<U^XES>1<w~xTeUSp7&y_05Hqy$TD32!9b
zrSqyk)(T|;$&80;6_bRdBVu7SFkki3+-unuMWnpVtAk=TQDTgu--!;#)puaVOAEpo
z{a_miFN}kmuD}dwOY;PVuh$UVXsD-&?%za$kb;ty9FiO@Ed~QbVrw?$G3R*N@P*Q}
zXRyrhI#5sG*dop#$42f7G-h}6k!<b{snM~)ucD8RT%B6W_lmecEuY79sQniJKHN-5
zB`=Mr0bYD?a(<=VAH4KOY>2+PzP{MrQ6%T&{AzorvW(3fwv`^-PJNA2vAr`}WeeSg
zitE?F9;(<=VGRZ6P9lkmYBoD{Fh!ZJ#%%BR_0)^wGK9#uS;J{*1Zc0n>)Yp(^Q(EE
zl~D1u2~t~wt#xvKwT9L`pMY^b=tpd_^%G-bMm6`0Q?Y@LF3up*2rySc04EXSaqSKC
zl6XL^O(Oc~Sz&*k0XS?lW@7$0+OG+MbqUAOrcK5Fs&o(FRFJhBGF`JO2(D2*QX~R#
zd9zSOaN#)&vh)1aLW`~#T5#1+8<SS?EVdA+otdk6e#6R3__Q{C6;B%@SOca$ZZ+p#
zm{H`R9aa_qjBoG+(<SNl5i|zw{Ig=onjnLC`<o!qM2Ks4L(;{_wDx|}ZI)@dM3*Le
z>@iD4J|X-Bq}hjO6%~A}*v0H;#V%It;$vkOwPb2_pl3g;1HC%XANPS?G3eEKUY+Mp
z;XKz0^$)M${hafAnC9Nnh%>>45*;Z(pzD47x}Du9Uvid1%8+(iRz7eTnBm%KpT!7<
zrrxui1dAtF3pzvtX8kO18k<l~>#oKLO2|;^8zS`f>MXb<dFcIw9#FJwnAq9L15Rqi
zTvp7b2~(dibMda1mpGWIhZjxvJ$Pu{x(&gr3rL}SoUlCJcno6G#?8BUdX+&f*6?^t
zQ@ljGFA1OEbcu#vUwsLwL=<M*HXkz~N&HuqLbj=UuCKG+>cot$%<y9|4=pytXAs9B
zTN1fo^acW=21Iz9zX=hSUZ?`XUJyOxUckb!<IQ?z2KmDwiDwHz04>987Uu|yNf4-v
zH50U5gd3F6*bZ@)Ot!=eT8^j}y(~FfN6qg$UyJp}nr%f?UE)Bv$wJzj@KjTQ5*C@t
z36F7}L#cU*(HASES&a|yF$QeU^%6sc5I~ax6<o!fyjqsZrAzPPLQ0`-O-e{}C7h+F
z6)DECyps1NW21y1U_ZYR4bN5;oA>2nWcJ>S^{W5?ta|EViLH<gF$E+^N)A9YHK9<&
zIvBo8D#!;{d@ZdPIfI5;Wg?SI@x*GZW#FA2jTxjChCUXt*0nxoW{Do$qJawA$<fNa
zWu>vMG}hm|#tQsvnBeBb0S)-D9PHQu_*Hn<f}R!`Z4<CGW7=zKk|xy$qz7f-C#vMy
zA}p)G3FKxchsM7hrv^tiB(1bGaol=)6<IDOM2=Z(s{Y|5VRr(Jfbno$v5+NdS9-ZH
zXU2CgiDtASc`K6liI6;`3BmoZbKOyPK~A$M!Rk<k&+1Svg{e>YP|i#`H3KC&1(iXG
z@w?wdEcHuSnL@G(OO}HVpu(DWW@ltPTY6rRLfMs$u4!>N!g!VQqqnEFt)Dz_Y~%zj
zVwsp5ZY{`T3=wJ2+Dct|{zFJ%LQ|*VwwA_Pu3_8zf*v|&X}hc8*HF!O&ZjXQQHc{4
z5!~V)zgCVt(IDO_5Wf*ij9ko}c`<q}SKdx5wz^`gzj3z8htclN-oX+y@$&VtYKhjn
zC({&9XoS9o#D>D|AMG`T0B=_i7v0?`f(X@Ck{m}jg!d_tLmgnxqAfF`t&NYIxWbw=
zWwQ;R#ZGhqcnPAa4)ocD%dp8f7|vY=mDHtR*C}KaA2ZSWCQE_Z&vt3eLPCal2ys#$
z=wtw60>2nD`q{<pf$LM9X%p>B(kNl3IKTLNjyXXCSaT`RI_Zzl_q*HMJBRV$cZY{N
zKW_ZL|IhD{&eT|B`7CGuT#QaEdjBNos8ve82JEjX^j}|{eTj;+eoicNslx#26>Rs_
zsfx8!3c}d?_i8w$+wb@9;X+Hl`!ktBA*=V`l%><UD{Ac0Y3dy6@OC}Ig7j!ANGhmW
z`;9~N{{2^PkB;A-?7x5SJV!P*&Cgd~9qqh-@BOvAfAIdj+EMP8{hi(S?-#NrEwmD5
zdP|-HScX3nQ{St06?6)o1~gM)F}hj0EqwGXcz^f3YcFk*EYjGS%o8>~9Z+OzObjcV
z>R~ak60TOlRTHK@RpE-|lI-s-8^ZhT6}r?AegnEDC!;n_A<G25{&`*o*W#&i<D&wE
zOSdy*ylmF-iem^!d`ePtMoR#M$<LmeYGu;(p_vWi@L%I74T*v72pZxf=?!pnqpyW@
zPO4jUi@DfDVvN=P_7f;WJvqi<51g5!?`mO`64$6L-^X{Nk0<zNmO@?*5#RKNjQ2)t
z>vm_$BsU_wH_B;DTvi)(B1C-CAInMdS>Zd=^G5P0%-vhodtJ3%J3{IfY33T+^w(Jq
z1wHi<Gl|D;^rGqPLGYKeKUA^~*6x<oK54s8R+7L<5@^EICn^b`z=Lf$Ura;16k?o3
zAH2tmQ~;VIYzXaLnmXx0X^bv8UkpXl62@-w%#awswUJfcP$3IfIq?N30|;jnML0<w
zMdi_=!!j1+<PJ}TDVIkKoZu$MqsfrFFJu;vG8xufqiDudE?J^|67|21F3*j}A=C*o
z>liLO79yVz%OwgfLq22)jc8br!NbH>nPu8!aj7|80fSNe(2p>=#hgM4$;J86<9Hhe
zb9riUV#VDnOSj_gEAHNesZW%<-;u$Xv71G2@2yEvmjE*rDGV&*d{EZ(b;8w;+!Qcc
zEVLV@)avsE!@2>#%ZL@OD03LTRu03<urPjIYCGG7!x^>tkd+|fWo1>YAmdDN30<X!
z3W#$uR#}AkfJ%<}6#ePy-MKCpVhM<`<cGyiiahkxM6@X4@iR7>uHR7gtpi-(;-w$*
z8O7Y(T@a1PhE9}iddndgK@S9YtVtd#nRkO<b4~x6aTF7YX(DWatx}O$plzE90U}Ri
zfJP_l&`Fj+;yPG^HGyIl<?ioxl<q^XpdLM_<H&DGFHdh$c9-^aap6PAaNPpj=pNx<
zV3E2wGtppRp|6SU)H~<m-PJWjGT9w;fu{+>v0tdTVe6UARX}yIbEZDA3u!Cwp}7n2
zC>lUP10Le8!_mlGkWDpXbBob-h8lSwW6Nn~f^rNJ{f=z=O#~-ut#FlJdr&MX4*09)
zF*eDZONorVO6VCAf(~?E_S&4>40M(_!aOz!zx6e@Ax7_?_e~~$CAYrc@buD3-xCsz
zaZ1JH$ulXBuq1bQszwAF*@FCD?b9zc2%rJFKr|ioQX-Yyf?R=RZSIG1iYz9Huw)sT
zFQE)z>f0rY+|0Uz9?ocA(2=mkn>YGF|K^PNwGiF3yz+eoaY*n$4aA(F`l9D<jV$@m
zolpVQP&tJYmguVAn&zS{G$3PqOIfaSk*lR0xr#T#T;^>YqaQIKM9+H(s&t$S$tD(W
zL4tg2s=rF+Bi#fGs^b?12#%E&X!EeE20i~gv=H?cMv;236M`-lR;3n=M#P+?N@-sP
z&uia8;IBasPOBK&4DqS)EbOO%{eJj~5|n_sD*3?JVTwW4GHZb9(<}q`Ymw^`LclOA
zj6!ZwG{786CF^+#ebY(C8SOzO^)2-!nC-Sc!%|`>r_htEXId_#wa=<s5I%FN7|d9z
z?uDJdkr{Qk|B&j{P(;s^zhBQa+6v@s=p$q*b}NBVab6N5Y_RHNN~czOKmbdI1cI6L
zhNdw@Md`L)foC~JKXi{7CqHzH!m*-QBcN<*s7B>hidz~N!iA<;P@2KCE>2QWqomZY
z*hC_a#)^=7d*_GL$%_Ur)~^bRh1eb=UAzAGg<uC1_RngHwt-iNHEd-{MF8GBXI$Gy
zzq`<pUx2<WZv9!v{<Dk)$cXmsKQHfZjeJwwNQ?N+)}hN~^bwG&JoRdQ{m?ZBwqLM!
zbJ&0A>YC8nGSWxa%o)2Q#(h;{-R>W)%l**3(jvnTUA@=s05&$w7I7|m##)?AZAIlD
zx<7Q$x(-#>G<*a0qH!xz;w2|-_XS$c#-wozwys0eh@J(2dG+dc_xBcPm??>wr-$f&
zKl{i3{vP*!-tPU+AJ@O{nSVXEKW+Ty`Vak??>C-5Yu&F}v*q_89DOPrl?!)Zc`4Dl
zqp|+0vp^~8Ip_TKcVO|pw4`g}DYt?d>2eEyu*kYkXlmQ-EVW(K!XNeiYWBiW@2_q<
zn165lXZ!uIn9a4kA8f*lvI5(@C!SzUmp+k8t&CGv?uSLK?|7)xKeV9o1&?)Rn}kI;
zsX{5Z|2dPc&MDzU-zC{|$n(T#))$3ns%2FuVCn&e%G8)c4YXtRu2;PCB~fmqBO_kG
zaCC_?k4r#^xz<wzn-DoR+GvOo*HWAHK{94R%|3USb;1-S=xE4BA2PN<CCWI7@k@@O
zOefe~l;{kFJZXd!7|CpHH=IuO-H4-rQPZq{?XCaxG^vq4wWmgatfkM<g%PQBnOtr9
z06`g!2&_Jmn2!il-*YlQO(o$OCrU?l<;M~mrD^QTYC&q`YgpxPb>1gZ5&Eg8gqeeC
z`d6DB%HFAMCd|LoUbg0JXCE;Wz*6Uuva&w_vzrj6whlGSb<Nmf!W(L)YucFRCwGuq
z;Crud_8#SFVryi2mLOw6;Ucu<VuMN$^l+9X(^8b3R!#(BS;lO9x|{5}*g$t<CJ20{
z{xbTGw$Q|e#6gZ&SWx3$q1IS?jBtVi@@H6&`VM+_p6Ln|Bz8UP0YiB}4ZfI_zRQ5c
z45br+-X48t^Co$!mnH&bWvgFl?L}kgCZJ%~DQf8L*H_mlN(ko3)LliOF}vHMLu9wM
zw^w1buZ@dEmUD$`s8T7h%*7^z<bd)HaH#NgTaklH!7xwMIwdR}SyNki3*!hbLJ^fv
z=8r19w^Sk3QrluXtAoXfqF#|L^>1xaZd8U>O%%D;`$_HQ&4SWz`Y}du@wB6+w_DSn
z9;82A@GkK<X9V#us+-M%6>5}+T7Q8V#gPD@$+MNRMS8a9Z%%hH(LEFccJ=_DeVkfb
zzz-?<gV9<JecR_B7iTVND~(#jm=%vMa0xB<b{FGHbdpaF(ZT-y-u_~2NjGfIlte)(
zmS-eBxv7*2H$C`exHVA^<A`;9n-V;<4}!DDlz{u($DBde>`<-ubGs!D(Hl$2&f!Ru
z2<5uJAvQivy6Mb`mLN!G2%}F#hnnFT)JIt8V>E51ku$JbuxL+gE}0<=a|S!QXRgvd
zH<Xjo-Shn@E*&B)Q9`hgP}J0JC|WN>6cl(xcb}T>ev%q%Yq|Yl>`vy2@mir~@mrX8
zHjk#gsRTh>DW~2grMV9@pESg&p0k($on#yxYa8|11?(_WW;^z3VcU-%+$n*kBThsM
z%W>s~*R(WhN#*w1zj)QPn>`1i!L+zXf`ZktNoIRyfEHq?Uj-X(H;T&a3hQfI{X3E*
zJ#cW*<#}B{TYvfPuWPE^T6tJ&C}Xj?tTfI_w^UG;)?7=fUWg)8&OOB@JvD9xEu0V^
z@!mE{aGT|uxr6}2=J5+}`Kk-jSc@C537G)F->Zc3uxj=ibh)M$e@)T#HLG<wj`%3<
zH)g`uWRfMgjbB3rZSMSA+(`q=r9N{3*xJ++Ajx?On8wcIx_o>d>#}?CyCUm_y`&@T
zI~dzrA~9mOgmW-wxvK3x8r;6B;zDm7)nZM%8LWYnxCXIlTE1Jejuv(wnW!}5mcTgj
zK8B$rIMcVFH0=#?nph7)&8ZEc25ThHFgtoP@Sw?}UdRjG9xivmhy3|2(yUURzrb3_
zfe*)V;S_3}I$*z>6%03fdnBP{5ryvQ&JlLLu-LSS3ypmOWWVuzXjXWxJnip>X1Yz%
z5=#s4J;oKz=6r6r)?H{S2-md?BtujNB1$6(19u9gK{`jv+~kXiSo%|*7D{}<mUU9w
zL|bHU+{k+)r4?y?YJw^FR11XB&fyN4;4IU&Qh7&+=Wc&?q03v9XTK1qY47R8;)h_e
z8H<-=upr+3n{!u%ycK7i`TTY`YaPK?oBY$I_V)Rex$38nWTkQ~Nq;U_e3g;N#2ttl
zBGhCT$XM(XpNvz+shl1wweVaigqvtBWihcaIO=aa9MY7^srq+Vd;?l&$|YGsc!_d>
zsoB|JqMYj+)jm2><Oj^X=1c3jOh+kOBE0Zv$d5t8J&wfLuxxtISiB}6YAMbWB|t<h
z6_P9ILOjjxUk(}SQTya*DWsq>Vou<X0TBSyq1s1G;f`YPwitCl_rVdm7oK!$6McFD
z@z7UpUT1p8>z_|QkSLd}a}|`Iiui5NXYGM{5FnSB7sejP0PU7mV@btO69~5u<U^*!
zSACi7Zchf&Ak1!%OB*ZfN({kz0^D255^#(MTNFnV#+`29f!9vdMKdbUgb7(-(B20r
zFfNcp7o-ppiF~4f-Vr()OR<S)pY#h`VgYtStowz%@A9^qb{w9NR0_22^c7<O-E@w{
z<+ZFu*Crw|>Thg<-7=R7Cu)p?DWVc6CiwJomXGvINMbq;<Fgf!Rg5Yfp{|}>*K$z>
zPWw{n`N0((5!Q>B6OpkLTEd&tVr;*6jldnlB6CbfV~a~{<o$3B7C(DviAaF*vruF}
z`6&s3rc_q3tGxA>gijn6VT<TMZzEk#O!^DG3}_pz!zQD0O~8ilv23G{j!>GrGdHV)
zlsWhYkf|5vU@bZ0dyzZ+Ebc;IetHH2B#qiS*4F{ixLy*#{YbZkVP~;Cj7olTIIhBl
zI}<+HL|6zGQ4ovWfecTv#>KL`0zJ&mKo5jh1oxi*AA9e*9J!4o3jg<0AmoiG$)PH>
z>}|(P&z#v$BegwRcgu>F?3wlS?h%SaRbj*eI0PtldC$Jfd6x5JUm!C9f~*_sqPE&5
z{<y6oK_HRH`=w5ncAISu%9%6})li3ajmQsY@N3VI+OrFA*&ZleHFlzT)mVvm5hy5W
zG@vBpL}@a0d2<4kufxb$XmRM+n18qs$mA{6EO8HQYExJ?_Jp=Lb|-Ds=)0}%WgZXA
zohRGZ-Ndm`?V43%PDF+KhW*SYz6Y<zKFniv^6Bol!?w4CEF1o;o&YlM1Qd~QqzNut
z&)~&!)Nvwn3bYkK)_m~Qj}TPv7lqpQr8;I;+PeR|{veGLh%dA-SK7k=4%oLA@9~?R
z_(?VP3}W2d69D*3A$7*MEl3~maHQ(<fvicxE|pVQ2#}F66{ql-Zc3{@NR<ocK=`|P
z;uBag-SVlvh2WJpOJ4?O3TH;DaTXK`@3{!3mU_S;S3VMyd?q*_<dozYPejU6P<PzK
z*bzu3Y$}SeV7cSp`^2ApFisqMVxKtnhTI_Ve1lbCenD9Wjc=W-)5$s;j84{RJ33is
z+2~}Q1*4O7I$39@@f>BHT4B5?&-=7#tEV#AdS0}E?adJPS2W}{EpH&D`I0+z6I|>f
zy#=!!Wo;BtUh1@e`r^gz2D;5tvzlYuR4qT2c{-lVYef_wI8tho>k`Kk)}GXsO@(FL
z)(q`(DuSc6Dp5YHTw^KIiu@?<PzT$sAQ9a7_;kMtJ#}A|%6ekrmLNQ=s4!hxVsA>t
zN@#9(gsU~s&JH|j8Vi@XW!nOi&>w`dSb0c1$i#;IK@y9!=tSMcMYDt0xvQwzpSxR|
z`N93zT_&7c$M*E5A@5KP<)!MHbzeh2DEt!;{QGy?y4~2Gc+JlIrKy;eS?16iJ#q6O
zSl}T;pwzA;x^K}@d3JSyg>MDB)w#~}cov@^CJlvRoS^-cLlQ0BCAw-HdFNwUIyxWA
z-018M&C%H%HW;1VVZrF^4)de4J9Ku3UB++0?$G&ImW)o;sYWO3v>%<UGe0_6r;~L$
zS*MeAwjIyb$Fk2EbDi!zNhsIpiX0*8Kc)MbPPnDIDDIV7a}k}2V`yZG2^tP(!DLS*
z9d&wWj<yKB?{bW~9HZYrj?si0JXc>1VOh#ibp3BdG5yVE9Nj`+FhCfnA6X#<!Y(B*
zv`DY(5Q~#(F?l){MIVt&vyoKk0%&;%f8v=#bx3^D=|lCc?9Gc7I}>YM@smp?+K>L+
zXO<j)ZQE}z9{W;vK^^rj#eLhMK-K+cDT*0X0H{>BsLZTy+?jAAwkWDFKlW%e*{4lm
z-~LV3gm?1;XxZ|%Ks<|u#=r$W>&jQXhgI%Z#o42Rvk+ZBIU^z4x1o^j*;vT-XfR~^
zH5#(L8xGk%jfbp>r1#j6-+p8}BHO>Ai|yT>$eO?kSFm_0<09PSntky(gL|L0Mb-p1
z8RaAx);<wS<1c9TV^3iEWBWG$v3=tqh$wHisN1!8%!@x%(hJ!2ltc5u|8`s%u;71K
z&ShboCPJ3t_&2h>#nZSMq+yN~KJd)R0T>BO)(JOzQ|LOTo-vLtqs>AZc5p9d2gh@0
zdvK`^P+pir)F50yH>v~p?cn3cX?qhQ_EEKL)k61zlTQ==&*FY-A4|DH2>>1c{@bP!
z4j^DP5)4B0F5H%?A+vk7R8lK%{)r|FEjJqB?S#Tw32G6Q&h<m1X9pNmTS+P^ZHC!a
zZ-DMH6<is1;BDl+sIA+<psJG-W<31w|2eAF#;GRkG|Seb(=2xyoo2aobeiQ3qth(g
zjZU*%K03{^(=4|boo3l-mfMa_vwRZGa=&rov7Sf4Eg+j(Ze>!%l!p$|@UQ*qm$B}+
zSi6ih&^Zlzutt>(%I4ggtF_EuTWtK^usm{Q?-dnqeL!4QmOn(xrR>nh5FELqR@&Bo
zR95z@Cqh&K1OwG7Ce&QtA@(lBbye8oNUtbrYmkO&+e0jAQ7YdQn}WTNRs(hQc#dK<
ztOsQ43U*O+5{FC16{Q<%Me$3}(7n<36m}%T*9Yu1V0}EX#D?0`v3@^@yd&Q1xirS(
z#-%YDkuF_jjIJ`qPL(m>N4(s7FOd;i_7~U}d0J*x=2eV4wa&><OBqoFYaQR+*LX5%
z;yug<G4Te-2}OzWETftZUZufM*w&pFo8$RJI9^aQlAw_T0X=kd9@>pKioJqCpkn_Z
zybv>%4?<O3;?Nu&d1+{`-0MlW&mSW$@uxQY2R0NqPzAn<|9sk^oV!Qm?Zeu)w`jay
zJQDA>R9)m*`bVCf*757`iF7Hs?Z>B(lKTt!JwBbx+)vim@u_6ycK(fx#&02EcCY@7
z&X=)gnQAZ0|7m;}&o*J3?K>i_i-!9pqv1O3uG8-7qtou@MyK6vFgopS`RKH}`O#^2
zop#q^blP2~-L)N^cDEPpZhsZ{yNI+Wh)CNHh1~;P-3vDFDFUsFK6~ELXFK3ZuG2GR
z<<pe-i%)x5oj?AdWy<o>QkAo=*57lk^;bL5uHav*f`7|k)>ZvmGM-ONTvzpP)6rG^
zTRgg|e=9~;^{=b?*VSg&VRW?_7L2Yo!}g=A&CqIewHdnF4E51@w{{y{ZH663=ke-l
zGwe8FSM{%pb8J02&9c)h+l@}MTsk_<a);4rmhDETSuP))X4z?$TZ~S#>@>@5N2ghK
zRsVjQF_!E(W@vR)|GK!#t&Y2^`nP`k=BxhIVgP@+(tn#TqpSbd)&J}2|8@2My83@z
z{lE6(`Fl#9o&NFb@Q!p9BHE9xLd4S1Rfy;+M0B2xZAMoiV#CpSHM$BB8;-92Ul$j*
za&+2Vr`^>@r`^qsPP^M+blTnW(P?+{qtos>?XJb>w7X8bYdbpauB-p|>yJ(A>i;bm
zT^!o;jzilLSKKbPGd9%_qIVU|)6ie3&=?6&wkQSEUGw2QPz%deM>AkI3*LkipeK4g
zgNJ3B6E)(W@Vs!+w;F<ZM*0<-Seu(yCnpt+A4q+Y>cpHRS|uX4@Q;xkmj#ITC)^l0
zR{dP3P`~S>w-Kba=9>H9kz3+LUPxU?J3G&~F;{#lc0i8HQFUuW&|1&Te`7QJ-*RV0
z6b~{HXGx+<WuItk^byAKD<5NDR%ZgybweC!wV`PCZBA)(X1W#ooGaW1bipyJ+pvD1
zPS$cL-REQ*{Kd&lYQ~&AZK)DuR2tD15L5Wapa~p{(MTlrPpmYaT?O71r1wAifBk7w
z%D#i3y^GNaH?@tJP=owyn1)G}$|M*f5wiFN2X_FM=ZPrF5s}Zb+QWuoJR`g$epzWl
zf?a6}<rT;58mcK)e*q!#N@Gy(hExW}PLkM`hPxU_zpKo22%DOjuDYEyX?_)K@5QV#
ztB?^8B=F-3e?8AeE6E=y_DxTRQsKvNYJZq8yFU_@!vDf&J~qI2u?E(l{{05Fzo4Bj
zw)#b;zSsXOc{X4dV#LeL0{rMt^w69&;ZbI3!iyB-9i%_ZXgq(6J59I>l&m^stXRr&
zURarw884W-k7HfTKKhwdD0(9jt<tSjqdI+W&KRE(a4u0u3dxmI(Yz>!b-7fJJZ%bu
z;uwodKT0EF-BubVF<0OyVjkgU4%nY(PWNzUd(5QuGQJV^*h{o@ZRohFOFhzscn}3U
zOf|d%f$v8H_LC?yYQkcS5!Q6gAo3riY5{5wH|zyF#CUl*or+X)E3(-UI$(Xo{q~2y
zefma}w(<49Zu~xMcV~?G5!AgJ8AT1Sff|AH>lH@h$VeQi!JdQ$#QBHAFU|@vhWm%N
z=Of%cl0a|WTdls<AbhBI1VPq)9jMQDL1|(}XAW8Ekpa6Y^IR9U$(K`ctqaR^!OpYN
zSW#SF16WH1S0atbpntd>d|E=pv{G+t+YcHjz8fV(TwL8;felTgIpW-jS|bp1LZCR+
zOb<8#a7u%u=y>RaXPHoA`mF$X0FkK6-UQ(Vx7_{OBhdA#=g5}gq$8**jS3beu1GXo
zV8wiTWx~M-?v!Ktc7o^+q|1M}G+^N~R`4}Oiq?W_doeXtpd7Yf7_~EeL&nc=VpZlz
z1FWz+tMSi+nhJz+42d_61L#sY`7<mkGIL1ay7z+Rg-ApyR3dyPL8{D8kttN;frnHj
zT#uL0!YM-IgYY3@`!%$n2cd*`P(R2tB2~>x;Wz88Q;2dx0x~!(030C7SNn{&qX}MQ
zQUpUBSZC*EU3*5G=!30wzzt}lKZ@<K2~V;uHr@L33D@i5>INEF&~aC|1~$y)XoUB+
z{<b?R1Ab?s#W2~-p@Es1f%w3uc_s#lp3WT=O{zrvQv8Cqt)+U(rDBhdkAudX8(}em
zt;6DVleWU*johQF1CM+&4Ue}404k0SOe!ANixI!c#So580iCsq6WPefv8^q1B~TN-
zXo?!V&d->)1;ed((!Vh!^-Pgt6@$kRljrb@``7uIQx|hCo#>|vbd+&+Ba%YcATdxt
zL39ekQaV*bSy4DK?E1S)f;{B7a>d8!Pjesd<Np_nAif61s{^q5%)mMw16uIFIu@Q3
z*@bkFA3{>_wRRfmvNM}A-JQRC!_w$=OgHv%B7YmaeDQns@Kp?bCO%l9j0{d0nF?jm
zCyG*0g7Q5%YTOqfnHZmjTzBzMd&psV^Z}=34+TpmBDwd($E$WVH1HG!Pz6)(b!ivw
z$B3ok?s_V-hPJGwC^|9ujVK)5ZhbJ{pWj@A&@T!kpN$i#P5}@$4LQZ$9sR?*H(;26
zi6{+Q6ch~F_@f8;KTA<K9_g7<bWp}}TcV{yd4NZUQ9mUpdk~%If`ej8$9u#RV&CY(
zbH`)%p%@B3ynDkEFYO;ptj%AYoH)=9q_X`FUkx&0jZjH3%k4lH<E7r|r$6xOLbp2a
zoA9_-o0a=_@N@zd3lfi`hUf7$AgKE2?@J(@t2e)7?M7sy8#z{sNmWyMqeoXz?w*?v
zR@_@ez`=Y}$Onfa_hJ^dn1BY>)coFI11KW1Tae+7l2&(g-Su>I^!(y_fYux|G9c0{
zH8el%wR&(m_*$&|(LJ@5DDf9=Ch}YtIn8nX-6b3H<X)(Sg6fVOpO<#B<foi3{Rs)-
z7MSfm*9wu(N;`?cH_?wZ;Rj}NNa`6dX%z@FT;FQ^SSg6MF<0<Bf2XsR=C=Bl@cBh6
z$5mIf=q%4!c$Q5?GT};^>2bBsLX)41h;l4#MmD>q;JIS0EyeS8G5jmAr+UQg;WAzG
z5bp1t7_E4&t#Qe%X|4IG7Uy!!?S!I@=FWxA(2+d4pV*|ZR1_fhBl-lyVEl?5@H}_>
zJy;h@(poD-=xwwexAe=4>RN>~tabZ(1c$7^hMi@Om4%jofcCvkA8ftPfB>6qRg6Rd
z#uSLt2aji@iPe*AY9MGxIq_|cE-Ol}clTm;M}DGE9jInZOoh^L&4E)2Ws4ciLV$1F
z&!7^L$(QFj-gI14JD9f8u-m8N^g#w(^VlX)2rd2Nb8?M4L*FM9;J6ruJ;Ux&Zn-}f
zj1zNE9k3hiBwJ-HSBYqL)tvH~dy=f|Q2$Ax70&o}ro#|v-70u*BOi`x8Jg4x#Eazf
zfJH-r?Mtc0q}3b8!|4Z6JV^0)@~De@sm6VWvwg%Ya{{55C!fQA+Qi1Sf<v{O)*Llr
zbW54)aK>_O0%yIcg@ZAx?;T|e%+sqp>D<jEmwy}ig6*H1IwJ5986_~W>rJ`kZGcaB
zAC26kOTu4)2|H+(Mj&5_8HpO#XlzXj_xy)@FRo^HCl9A5?){UI)_2FKKa>WUHGHV{
z#7U;dQr)d2>*%Sh`{jrv(032QloiSz)cgT^<9)>%`Eu?E&H_gHVt&ZuJo@AD0H1R}
zFs7V}0XxIL45dm<Q+}*n7XVanj^bpw&SWCj=bAn-!;i9H!sVR<!K%Ie`(JO7_l|V2
z3MYRsKyZ6}I+Q|LmJ|ZCWuBQ{2>$S{@s4A69Q#+xv4MHsw7IQ~K(6?;)tnpSyYTA5
z=RP9OU2}=rUZ572=M%p;tuIZR3-gIxmbH6N_@7IaE@$Jl{r;I7@%6v<g-UcPQZ|G)
z-Ttp%zh&oVUX5(V9z5_&rruCpGrLZ>RQ?vBWuCa$_bMYZw;Yk-=`Xjp*EeAG)=E*-
zHr_<1$Wja>a7Xu~e+p6r*xS<A?){KtrI8OLRGpvU?!$GjdGP(OOzC3&Q84wAAAjDH
zL$INXQ8NuXhF|C`qknR#L=ih%Yv8(la}#Z4D`y1`AMrSx*~MhTW5QaBxyq116rd*4
z)X*d#k3*MO%zh9BMSZlz5_~U0j`ipK+>aL>515Eeu0?{VG;uUu?SpXLybfSB>m_`U
z6t=g6eR(|(TFHOf@SZh%=M&~Rt@zD4Uh@g@nYH^3sj;mnN^P^?&8j9Cu&XK|TSkGf
zBf%{=V#s)j1md-_qR0!3nCFz(YUoFy9%P{v)+DgnD@6{W%0jTWWoBjH3dL128<3S;
znbQLVG9T*F#_8eYLWGb^G%NTMczk>uz&`RqgGbh%g9ytzsU}(m>9tT^<vm#7HJCSg
z5Xk4;dOdfij2x>wCR7UETJJTO&i;3PFaI}8a^fC2na=u!&P3mB=wPt*X3&DwZaWw;
z;x|-LQ^wP@5T;7Yjg4b|2mX-YfZ}MvSHJu6#fvR>@E{Z)$@NZHcx)>#EWLVrea&>?
z|L;80Wr_xm8AN41fkW0!yG_V|TUx8*#7$J?BjDf&Q1DYN7us9h42g_d0qG#P;9Nwy
z1N(epzQ}V~S0Q)u;Wp-K@6ElwY$&osE`eJ*W*R~+!}W-<=<NEk(`cWgbiq1}cKzPV
zB5Qq9et7rB^Nt}m0{(y0AgcBB$iOssE(b{K2SA%n9!^)5dRe=6o9FG~sIIRg5_wyc
z#<J@|TVj0I8MjW~d-k+4GET4Z4E5cC?m$M@89CT5VCVqt@7f1#F1L96Va~KcPM{~(
zO<~bHD>^MK4{$^^OlW;j=e5_6#}(^L5>P+NhysE~xk|wU`>2a5o;N<2+bXmaVkl@L
zW*<ROH^;2!C+op%JwM%24V*n&-q|sX7F%A%F+gDzsY&mHq7;;>N?!LO!ZEx<8b_pw
z*gTK*kQ1D7xhB$Tk4|iF#aVuGTtU{v?rT&i;1{yk;ckPjGGJ#}2B<2GHEhb$Dj)&p
z$UR5$B(o51wMj$_F|GlU$xwx%G?b9$zD_z?3Iq(vZ*IRHr5&R7A%K`NgK2X<8^#E<
zHT#4YURpinRwg{l=1Lf>xZkTTBTp7zz`AgM{`Pg1!RIp$ax!*DP@}A0D9AX(3@V9R
z#Jw@7pb^6D=ybWFFQ8&=H6C+K6McfP@{Ak%PK>1ky+~hAxm<cD>&cMw?|BRs@ITG2
zlUQEO3gZNO{~m6cDkPzJUZl8tTkz!Gu|qW$6?R9j(pw8ZM3COr5K<Nk?Fe%~_~G59
z-*l<uKg&?;sS1`ae8Go=E5<XUW6`A$wvghXdMy=}%gkUPJzR>jZT668g_&{-4}D=$
zE8%nXCSV{{@4-xuD#vC);=_P_r}U$$CV&-UX#U+h!PD8@a_n6emcJq-zh1ElPWwE3
zIs{C;b8ux%)Gr(-6FZsMwr$&XCYso`ZQHhOJDJ$F?R(zm{l2>QkF~2;pW1s@b?-XW
zz4`}xwMu)LIZ2W09mJ`8wUUA=G}PsADDQxk1%NjsdM4_M6dVA?g|72^b-h}Lly^#Z
z{XH@tIV20(_>CpkHZmMzWz~<!j<hlg9%28;L7m#L52i{E`MUFn#@&G`YVV+h+b2@K
zFp7(^RHt6(HVJ_liT~6+uGcpor>H&#5veamvmiT&q4+jX$gc6A=LzxD`@LF0#l7fg
zgif3<U3Lbo`?pN+5oN0v1N@>|a6tw4-B^4#mphe-Ne!CVis}FW6q_@Z?Wu_>v}QFT
z*UMu%h)j-8kN`U%{{6kj5BZSkg!1{_R*z$mM(2-NOb9faPt=~hXZT5xXN2gdUYgWQ
ztG!sl0f*-{iQ)l?Kzs}bLn&r8kr=L0Fd%S8INMecrUZwlu-6dc%Wb%B<Zd;-evzQ5
zu~5&hkF&jnUfjlQ>bi3~)yMCn@Dc;OiF+jh8AMfD*%ZLXZMVax@dZU=`NZ6`tNPiD
zTW4d|t^q`q#!DCIDB)%23AOZB$!tM`Lgwmm&m<?1RL9hZ=<`15<dJ22Rb8QS>1X_W
zKvC~gyLad3($NL9;-oU8|6nM>0={5dQmM$4;b8HSIcE}I)DXykCzY^$4))p?GUIgc
z%<M&}xOUauqAI6{xEg&O2~>ptA!zIhP35@a-S0OCl8?e<Q0hDLUo`2tJ@@a3r+qVz
z@0-95wW!8ckAI63!LhzGVTZrYy{%KG?so+pZ|%4^cyYTpUZ>`HTd(c&CqL1&8~9aK
zhY11m*tfGe@1y?HiSoMJ%0ms4Gb|9qk6oT8qxuN?nO!j=Y9!g~at`ye>N@!y#h7Rw
zs@ETz<uihLm0ohOQo$`SALy8!yr>a$)#!^^O#sHrfVB&T6ml@X#q!;8tG84-Daw>5
z#O=7KEAW;$eLQ$XIGUDutNSq9BeO{D((%nKYmD=<fFotsXHVr%2L-teeZne3{>^K2
z;xy_ZxD1{S#GJJV+zFd}F+xh;)*uvwH3@K6uo`&Kp;*L^h^GUyu;rm_vM&&w$#26&
zmlNiF<4GhaeU-ZrQy@jE$PCMcwH$$sa^1=DeOglQg~W^YH&Z}64&8W2OA?zyV3J-4
zn%Pv$iatRit*(Q__qZ(u$f~D_p$R+D{abrFiq+p@@iEVk5za>C!5w81050<8%BJEG
zV#AH7s$By=PT?vopiz@~p9(CxGYfrT<<Y6~5;^ot7A-w7@ShDXKrqh>><v!>!fXl!
z@{1#zNuJF&WAAwd!BRo4#uG8rBt+&_yFX#bEdPgEM<0|xsbT>&EzYb4C2*%C%KUoF
z1VdA7Y{Ba&_2{HUWno5cFqJyEa6XV#v@iIFTrB3JOM+|xpo|jCvDbb%XoN=e#q!0&
zf@q6{n(E+1a6)Z(1;x#oRw%~#@ba~Fk-5>vpzFLw4Im@7fF`LB3$~0HghP#}B0BD(
zGb_WFE@VtVSv>h=J08(JE7UQ`hsRL3%#;#wpP1VJe)bN)x`g+J?0N2s5siGqKu-ha
zakY86rLqJz-MA3?hGpLkb+tw3VVX_-q&J7wI~>v8gsGNy&OrYJ@`sH4?vV)6ImFSi
zFtoOEsMbAq2_W<7SQ7x5-Iv5FM#o+%+toVkvO7O?=v+h=%<SuSiGIv#%~xUTHIc@$
zfc3|!GX-bm{`E({s7H_Ry5NNR=Q-wJH>8z+bJIgiMnFmHNjTkrW=$;DapGtTqdxQi
zK7#xG^RV+ZHF^&%&W?6SXqO2GVON?hGJ5YiOAzC(#epS9Etut`qE15Deg;U&gL4UF
z7{i~o`(B6~<bjVmHH?--6~8?5G@mlmh_|%}?+bV0JFH+%lt)mLLh-4y{I$*Z&qSo>
z)DE6~I_-1uB_?6Z5K8+@O4x)bw(?8s^*B1+sI}~M<m%QyFwlx;hjZ2a@bdEf0(j>%
zSIUsmQu|MJX#`quInk<R&<QrQp_@I{naAjMGG;QvND8C~vey^wjq3cLPZC=JM<M*T
z-Dz`I-zZCRz?!z#*hNV$v|ah?o8^_5W+@z9PVf;cT-!74Rvthq>T2uItiL53iekWL
zc6dl_q}TVEmf?I7Zwz&2pypfUvg@M^r*8Y&pp_^BCrgGl!QhHkS8oBy>FR+u)X5Bx
za_CUUommQu!CDHne3HmKt*?NeikTT!NyjL?0#T^6+tj*@T8h%9E@`heG?2|=h(n`*
z4)xGGwl;vnHhI4*m;ND9wzqd)<O7RQTJZ001AkdHBtej$AQU0`6ut;gA-8$<shC0n
z4^QCtvMCIUphl^E!2uKQnRJeC{k{ultL#~4Gc9>rie}!o+>`3B-s!|>%$YUQP$+y@
z*lOcAd`vs<RzOtAGTS+F_vPyEu9|$<#(}@4stpvZ9Dn7_y)P!ja5Q*KdVtl7oHXQ4
zfPz!cC5%TMX_8XBt<8%D&)vSvj^-1t#-3?rI#NM(EV({j^%I!AY9n6Y;3C>WI*S!8
z!bpg}CfYxxGjc`ZzZSj3+%K5l8ob8ysq$=7*xic7dT`XVG6C_RP87oCZMdA01;(0o
zTr~LX4<t5_WRH7wSB4*yqo;q)Qy}>2>RJsmoj}6=D*+w1>h{2c97;e%k3t;jeY(1l
zIjQBc$7dICB?_k95Iq^$ZIw@ajLY~V67H@dZ(0b0*2*B5fjvD0?`=r_de(ts%H*$d
zRp=cb^khH7@$M*X{xR_;Le(>my%S+Hu_RXeY4=dg?dG@sjzPYz5&vD3Y`*B=d*%-A
zxdTGK(lZm<07p+)G-#u?K43;A<<Wkf$sHoYfKLeSyv0}oopC6rK*sLBhD&dXCxZc7
zL9&)ym254x&z?VS-F}DTMB#LKKY(wBqH_gwD7mu!)hIjum-S)96XwxrWy}5a+R@e#
zWK&E6w*`Wb_{oz3&IL5UV9R@}uj8|AUW@va*dn%cedYf1YQx-cm8tM=v!<lI?D)Ts
zw#&G1xbZ@%FeiQ$cz|<zVU<_q69<Y)$06rmDwR8H1gcSZ*bDk*_43)2XWC}TxgZL`
zc$4Tn$TMvlRR%I2@?#(vTzN&K>VaqRGGqbbdvFtKOUg%@baQL41L?@r;lih{JmJ+y
zy=kiIuPVn6dYtT;r86CT;S-P=#tFCio~pzX?32Bv*bzppj|#`P>@;g}6%QL`_>1zG
z(E&c9rESPdDeb$7l_V9_>E3pBLWsBcII{W0azDGN@;Vf_`5`7$bzIOhgyIsMnxld=
zsX)q<tBNNll5%3nTmng>%#_P4P%&rlRCc#W8#~wZj>$*M9vLH5q_SY3zI%BvKZWUE
z&<5aZ9Ou}(oMg+m<u6g2kst{id7G;N+Ke{(x8I-VmsgfQYK^m2Xev1v?}8--w<)8)
zLMLKxTT*rHS~XI1D)Rc9<1ChQW<5IXb9HHJFmU<rqg@gP7ebXdQ&P;hki3d*o$`xZ
z{po#g^n6m#K{nU~8fZnWcb>wWr7XOiWGv@T)0QFZD8$B7OZC0Gk+MBrrrSM3aq)Df
zP;)1OzJS)wM-CuHf(<furl&L*c{wVOop3S)f`t@ei|Pvf=|<oY$(vFV3(Z7tfwm{#
z8$aqL+t-(>i9XXh!%|oB`Ge^Cy3TPub>52TCab*!Za|I>6cZ6c)4x{>tb}ER?GS=U
z^j<KS+V%AKy>NSeoAAIS|5-P1M|zk|zzBfb<Eb_bHDWOJ{Q+#!7S+#gU2FBSzfb0W
zK6-r(=E_7e42HLwR4VYVykW&+W*h1Q$NyB<y76&8J|Ev}qi^fa?O_Y>Kx&_wN*+lI
zMzwc3!dSQw++6or`1g8~n_lO%^{RelLR^lxc2%kNOSK_+mq+<km?G?-qIGtDOl~wj
zv|`ZTTnF5Iou++z0sc`JJ3CK*dc5AAwz3CvZ&Lw7w!PKd<j@qvZEax;3z_FjZhBg;
z2iO8Eng}G5UHd*Ao;FJ>EYL0?Jj)ExRK39g-3@z-IYKqoez_D#lXrMU6hzWhyS*(P
zm)rVw8{XV*nU(6I8Fj7C_h>?|xf-?PXX08CtI&s<!c5c6Xbm4lMCDzFxV2)TU>aIR
z!&<*WBzWrf`BIXg{B7ieX4}_X#=k$r+X96b4)!oW=wcY1l4%?KR|W%$Jubtsd_41#
zP-9gl=QI_Ch(^VIh<hu}ysP}(s1`?Sv+(gPf$>$(=gu))APK+xWlyPWzrPkgXq~u?
zK<1L+tv5{kc+j%+vClM5Xme)J4tGe0Gd_XxRBZpiG&x|>Zvw>G-IbSsaO*4BTjLDu
zs;?b}jjL8Q8WDrx+VzTZI9!E(*Jv>Xa73Y{f?*WdK-7ouhK9#BK33V?k&6u=$E}uZ
zUesc)zM0ID02N3%3}RncrD_`c{5@no;y8|+W8$d{7Z+@6Iy!~-Hl@HTFUb6_>Kp0E
zN!upwv71)6)`pX{_12ZEP|EVQw$W7`)f>DS<t*x4d?K2%bU^t!;yx0=oeagoa)^8V
zMKUp3aoV=5l|%dyH#VYh0pE@AjR8gbHtb8(aB2DH4%1^)zcBFp)pAsyU-0{#A_S%S
zX5+)S`wljO&L=OUhXsZ+Hgla$P03U3{I<<{fP}_-I<PvC6xbz`@m9gt+nKRF3p*mg
zp5iPv@Fbz?sqenh!&@M&{I;Ys-+)=(&3s|djWMZZcR1?nWBNrMcEaU@THeL@y=`UK
zD_5onK@O%-=W9yxAyVIIXC%&@;T+*yWv4!4*DNlagUggz_q|q7nNADpmg{^I#-y`*
z)Wu)>8CzGy`%j!7YlI#sE0+rpgNdo70jxvFW3(y96Nsd<Qpk_Kc;??P+`JLTJA!vo
zm#)*n7uo98!F|SUDpjy5`jylqN)YsY(I+Ti`I_F|_Fx&PSo#&O6pI`Pw~XR2u`-ou
ztOoNkCSwUF3!^D5yBpb<n(IfKlqZ2DDdL!|?=jPD7k((JINd9n(mr1h%}>G~zGS#-
z)x93-jlV4c;RjN^3an%8M#T#7On+_TER7Et0-<1e!5UO9fcOUjdhJb2oC1+GE&i$T
zMX<EC+sglMr59zT5XX@kFy-F(O=-(sD~3C*uS}c9G>r74-lSED=o%FBF(qacQ5DMZ
zzvU%<^PT~=&sLh1R66^R?>woX#H0CeQ}cPx-UD8JI#h2sY=0_ze3!sS*{HwufH)O;
zF2cxRB~|IMB%ypnuuA*Fg$BCE>uiA*q+A9<j0W(F=wRYd%710J3a7T{;9_>1_&v2%
z%T6i}w{YR{*_rn!0L?zg5J|`SNuP;ab1f-{k;!S_JDY96d};Y_^S)o~r!ZVC#XfUN
zbs<ia*JcVfyr@eY5Chq<A_N|Yftvdj-Nk}<K|YCR#er1K*qb--t4wN-an%EAASUM9
z_%df>-020MILTA{Hq5&8<YuB3R}I|bj=xyfro%mvWfaMC9WC>-*V=5IbGNO^d+97+
zFk{iG@l)}p`kQxXCC&1QdhgQF|Gn<li4dsfaSTxJfh`igUPT`S5)HF~46vi6s2<z%
z{OSvmz`%UJE|=o$#@+^wc>3Pe!Px)uN9eIjBF}<SAZb-m63<sw)2jC<VpW(<->$Lw
z<+V)nTEl5tB10AfB$jrs2d){tyI*LWN9t~F8WZjQqwq^r;CDWvrz$Paqe*qIDjG>`
zFz351tlE=#q<slm_v+C3{K9p8`jN4$=+}GM0Ub!nL`Lkz(lfA~OP}9u5|v%2@$<J|
z&32wqyOZ?}zCk8Q6B6udHT=k$2u6LF&#65qYrzX7``E}1J^|hbI1cXO9bk3U;A+ae
z6SDu+{{iX}7G5gh9}6@~fjSoMGCa}awX{0c5^xLFIYZroN>W{teve=qgtakF{d_c8
ztJR&rUEZWnyXyNj`SVuW`|v$W{|?}j4fejA>FdAp<9==Iee_T4#P+<VqU-A{(d6@;
za~yL+Y^``uxLy9mL*a&PV*Ea9DA9TpZoA)mG01<4{+OCq#%Hd!Srq>20GI+6-`i%{
zgn?ai%)ax_|H^&xg$|YZ;d^goE8SeyTje=wBag1oL`cnkM9Kb#&Tb)G208De&5^H%
z2n_Qx7jUn}Q~j5}1SMyBR>^*Y+FH1iND=B$^YueH>9<A3O7gCF_h5dm9_yV#D%DXi
zs%hWMmhIPhtHunq1QwwS{A7B6F7X5$Wf8>*HZPiskd`(s(Vi>|m$9umi%a}5HXTU{
ziCqBrjLbWjW_Q*pB1w}iOifiQ7e_y;2kc}}yG50$kYKJ(jj4GlLK3xR%Y{BjJ3qXr
z<^=Ql95T=-y6a)akg@=T(vRRN*kfp-NeYIsA>696gii>(mpftBciIHfcEOaHSG?*!
zrJc=?DroXo^(tSYV=(jI<@8R!&OYGd^Y_Yy359<g+|Hxx`o#pWchM~?+&Hnw9-tt!
zxt+%T_T6Gzzm8osg@zPzFm4q1IiDD~j7lZ{QU=Y^hS5ZVR&JGa03n4^lf%trb?{f1
zW0yH;f99+(Yz#dP<CSYdx=s7wU%;J{ibsA6fDW+BJM;k@N8f>pg5?}U*tebRP7)5R
z_zM;7O}6b)wvL09*18;FQ}?LDh4<IBn*Hom#)$ld)w?a(XG-(rj?frY7hu&bdNhb_
zB0=dIGwt`AA$z|QiAfW`f>JkZ-icG@qlbaCWM^b^3_jK`dmi9f{oK9?F9B<PESuWo
zG|`IgZZ8iX-~q<KNkr%RCs``IOmSwPSA@nzKG(iIUpj=We(RD^N3}1kEIxshi^GPm
zuJXw-(*fi<UcRxN3eyuB8P$r-CFr3A!wGuLJc^bHV||7$G-8jP7FY3)qI*2`>r4Bg
zU1b-e0vvLS%M`A*TklJ+o<Cvama66F%K~MjzNXWQr$FvO-+L`(Wz2%pd$`Bv?Y=VA
zIvuWOA!I2n0^Mqm#7Jo&j=Mc~V^kAl4>CY^_Ro+N9yvpv8TTqJR^n(@@U^<zRWkP^
z{il7eku6Vh2Z)m`V*lW4U2G1yEUXxt?^-ok0S3w#5)(6s_W+z;{F=jiD@X;}NA%EE
zh?IO3#^q?dCgcIzA406{xvjEt97Y>WvbK5|Y9vG{I&?&;^Y!_Ev9iki7P<}1UEP&%
zp;>=g;lVOraeH2t4!Tm|z|2b-#NgTPP3DQE9d2u!sQe(#1F{RVpYO5iAS)#BJ+Wct
zuzzm#vi6mtVGPx@luo?jAK@tx9KZjqiiW|#7w#tRRoy3^2FN-~6=Tp_EJ$f2MXaxA
zM?Zg7R5u6O-~73yXsALUL|u)c_c}SW{kc<~?Ow5@s~mO6PUwsVF~lQj7P949-c%1F
z=2V5$q`DN3xlSgu@O)+<`>pRSLmdmf{ft(BzFpzo7dn#k<Wd60T2`)lqY<8mTX&<%
z2AYy5UIm$Z*)Dv|DYf~)rLb%033Hw&yB%SXbGPL4#7Pj$eMx9yky24_ALh~cfUDPC
zngO6;HacGEzMKYa4gJ(t#lCyA^+|0*Pp11IiUJ?!DMH1@v|!hn_{@eOUPt3~w0ja%
zKM_Pi9#!SIo_b#9ed0PqUId6D3@S0@6t2iseAgwV$I=SNNQ$6UxeNGzo?GlStFMbE
zwLH35pJy4}U9We~!6HZHEkd2|TWAG?zwZL~>2sBH-M0WkY~T=BUDWx%L$V{vu7exD
zDuSM5QeYjh!;Z7%#3TbdH1w<dMa;hC+(s^7hfaDaW-91=Us7YXupH=9a&WxBRt$~n
zNT8A;(fTS>N#56H6r-6-%MZTitLox+$pAYiP^K%NWi~6Vm0L?X;arEmDnwMIcsycd
z1GTvBA$_t%AuL?nTGgppywbo4lkG+NKKA=}*OCn%;_bBE5=OvX^z~R?kKc=_|MBEE
zPl=Dc7-5;ceMpp#Y1`;$K(pxYm^~6iL|;T#l%37JbUHyPI$BlgMCC;n_~FZkB}sZU
z_0_5O2X|Y5%GjAK0wNh0)S`}##KfPk2bkNj2qY@$u_%@~*|?Zps>*{)NicI8x}9EJ
zcF?Y7F~^@KwrL8dQm%=q#m;M!2N%z_!-9SDEZ4fteHp9|{Bu?TGmQ?28A1SUO5oPQ
zGk49U&Omzrbf=J~17>W#>sM!+h}STG?>9lhLd#f$O$=v$a^In~+N=BS*CXg!6pP=A
zvZ77#@4aDoAPjs5^4ENAmeupnMy-tbx+cC(#wHIx$3S=dq8S2?-<K5Nndd|jOY@JI
z>ssApaG8INsaM@^0yD{ij*K-OjMFJgZ5G4{M^P+e(s9BBO>QbmvY~IrUbd5=iW!<5
zsghVP86@8S6mi4n=T0l@K-CzNSut^NL2PJQ;L2=bg))=TDsY8W(m8RCWQRrZ>C93%
z56#!3u$n@)wS&&?Y&v1u2Y!Ht#xd}HHz1O&KyL>D`~)pOgx!AOeBh;_aOSvaI3#3W
znAMHr8e@wZvx`rjULKo=Y5&VB8puCws-`FbHuXbH%aFQ1PeQ&zIt9Rtz>*SL%z(N-
zxcIT^m`f(?2GzU;&KUS*MZR1Hbg*xnrHMj}6B&+=PZxcHrIsPt={;}_JMJns67+vs
z^dH!4XP5p3Q=17*lu(q6MqwAC{1P&2Q+dh^<KFqKTB|vkb_u};#n;S^v*Mn`VPUrD
z+tCgE8%^;4LGJ5t5!d8Y%CWQ;O8-`gl$swT;b0)bIY_Xi+jcR*1(z_~BV`D1LLA`J
zfi>t$KOt-iU$LH>7@PeWs)zYqA+}>}HTs)p&Lz$C<s-Pz#5odxxF-qX4%Gca)`Oon
zN;x&-c)v@B+22wR1VG%gJVS@Nf*>#9GWx?TGP`l&kY<i$fe?Ws65&fc5QDLO9OcP*
zl*g<kw_Nkr@=F{HO~cSmCAZx6f<9LdcfOiROX){<1Ean)s@vsI7Ug5wg92~h{Z%35
zL?p6UEp`~-_orq0-b3Zv5w}=^Ot;>{fwE?ohrK~tq|H6ohLUw_d^BM=b2Kf&G85!@
zd44dkDGQCTKPr42bBKKqMD@+N6DgtrU+R~Q(k1vaP*Q*ilfpgIfp4`IUB9=Q-aQPn
z{>xkN@D<`h@{?!*A|s8<qA-!o+-X6~(P;r9Ms7WCUJ^UIslMNhZb7WNY$@r)d%a*u
zIo*npSj+R-z~-GAi!k$<G%gyTpxcp8=`yetU>{Mi217yZxX$l=XN1B0kL-+My58L*
z0)LX`R(@AJUmHi}gZ0cVoEogM-(s?4fXT*k#DEj6KUp2^09S1$BgsNE#oN^_@JcNX
z%En8jRzEnWqgKj<SI|xx5l>3RfQq)BJI#o+iIQtz3CmmttOqwbIDE6g+JC$eK}fSo
zfe7!9(cm{hn7)?Nj`a!4s?_R+Uf;#+R$7aXD!)to=y6Xs+_bp_zKXF^d57_q>)Zvz
z57^<?_tvo-UJEn*s{c1TS|-yZPC>zrna?21CnHqA`jOBI0ayP_4P9MXkwGihN;=-`
ze&PUXxB@IfQ>lZ5QFbT1dUWBH)lc>nKp0-LG@2eSn{C_TfQ8GtYjI>FRzH_*d+pm0
zFs$U(EaK$W|26)*{KI&ZvHJN)r(QY3L!orYt{E%L+a~SEJqyyV2;J2yPi|i+=Lk7=
zz}&oMK#H1F(U2_-JvJ{CIHp4=oE&^zIx>`L>vwz_U!GiGDuD5!jySU=p*}$G7zgqY
z_-cU$M^vJ8=N9$Q4VBMA4-3y}r+5!j%7`wK!sr_rd`O(ADZBYVk*Y7F_d>wSUX4~g
zFvt}d7_Q+m%hhz?thUwfaJ#Ib2;e%w)%a)}@Jo1|RYGMR<E#0XU&c^q+mm8P%qF##
zgYU^mbSZwZor@pMy0@N%Ma#9lAIzX{ey_C)TJ4p~4R}t(fZo5LV2RgX=>x0ZQ-)Ty
zWQ;8sjhGv$7ExF8JR{G>M8>lJI!9fGo(nZ6SNY(0tYX!em%(J)#D<mA=XU9qtITKN
z+CJ*@>dDN<A4&SX9>Z4`eUJ{&H!A%juV%-FpF=GOsJhn5zGwCs>HQQe@C@>m;blv{
zH|(W2PJRqIQ-kgAc{F(rcE;9G<qu5bLO9i)`j|&E8KvSMod6K~OU@EK@R*8%XF53U
zHjKu=1I{6yHWkRR!4m~W2Cq{)2cTYDp5~$^$dMlHr+n4O4Wx@_T)pZ2Zyx#D0s>pH
zllq^E@>RAV3^5vR5w!u?GAx4*GilQ1d(&9+28Hu(BsH1S^5nc0;xnBe91j;i!nkDE
z`~_2mKTi<m5X$|@hLGF)8<FckxUdyiScW5mKi|29T3b<n2juuOv9o<z`cEGl*8zcE
zxHyX*EyrIOE60EF*oX#5xxTEn0KZs^72{k=GDbF&LI(k9&N)ygQgyIDUIqDHsY^$)
z)(vxMRgF$tlm)UvYbvZAZ|hW7dao-^c=qj%X?BqR>3lL&Pz^srBu;J+zKP~@2rX}_
z{wb@vRF?<)VF?QP$JA;`w~T0yR^UbTX&0o7+RQ2;teQngS4WX-D<PH7FJa-&<{={%
zkG>4*U=7|(p%y&Ix*w51(Oh7TZl1JpDh<h<uy+CajCISEqhZ9Xd=Az{U11YV>M1?u
zyU9V=i-bLYbWn@0%h$7*zZvUh@{*H=pFyBpdTWucnXaxl_OFCcc*{UUF~YgaMgL&D
zD13(jUxXH$02%eySYuSfbT^UzUJPxA8S5xL_OOd!@k3w?jL7ZW{9lTgo3d+YqS%W2
zz}tcm4L&GU#dl#xr$dvJZihVbJp$h-im%-DTf|j`T_UtsD!hBj;EOBd!sbj;D};K@
zUIU%w+SZbO=Eetpn741`)+<+wu!n>85<(xRkFSRru}?7T=UGnd`o_gpoZcRie%`es
z?#$2aq72;M_dV8kvs7@&SM+=pk<sraMul9s<%{uLxE7W3XA;wZXa)q!f1Ow`=T1d(
z;`axwg~V5d5Y8C6O)IZOx@QM+D)!<sTby|1k)j?o^%B~KV*erQdm=rC%{r?ZFns5j
zOx!KXw-wd5E;v<QDzbId_bXMyYfTs~&b_9iYi86V=a=5rKO1$kYu``Ly@CPRec>eW
zj;WLTAxj6qoe7ZWGXNTNv0V?{O}M&v?vwLx#(<8L!peuG;Rf2@**?o>W`GMOAdH;e
z*9rg<|4)Dbe3pPzvoyE*f4<OZz|(neIJlm59CSLk^mVOtBZ;riy;w(Wt7g<`XD(8y
zpPS#9IwJIShihy0)z$AT$4{wzoYyXO**;1Qj&2&(PQ+8E<q9WF0Zr~mZ%3!KOKCB)
zY(SP81-Jo&6fIg#{J&vZ|Ler1<Om3BCobgw?HmdCZyY~guTCWZFEGO>|EKzSUXYMu
zsIoAUwx`xp{;S00v%AtfB;;G1G*lw1UX(HqBoX1=kBhT~D-5_(^OmeHGw1XP7BAXD
z?q66!|6;%7&R?iE%rkW>BWoMI>?{>04}vGj3KYi#^W?D20e&$D9drV%Tsz}KjVH%!
zA?w^kJ!wqq{ymoiGwfWi{})K#!u1UR(!&Vf0(56*x6yOiw?mPJ17(IZ6Hb-Zx^06>
z%y3S8D|9uoe~Gj&n{EGnoA1iZ?jx(R7B*#5_k+2vGbU~|Y!;BLI#LLj97lVNOw{}r
z#mTv(^wm<9mrhF{br~x-z=vKKFL9ZxVZlTEONUfq*!S`0UD-3EGa0BedmOyA?ss90
z;47<4Uy+mva+D>MVAe)IM&Eura)h*qTVvI8UH)ko)JB-G>UxlYdd2|#Fk@%Px!IDw
zfI{a2X4qN=-R`Q={o1O8D(J3jvLrO2BD16_dleaeZNOo7nyM)TlbgScr;cIqNrpM=
zE2t>j*_i^>C#Kw0EWGIpWS-Ki{_E5z(2Yw<Eml<TPTvd~%gQi%%~;jbdoJlL#HCP_
zTe_wn`d2t!#$pq`NeWq)gkX;V)<D$A;>c@XP^Cb01@rK^Kg~&SvSj*QKzk?K^6+J0
zmOyY2JJCGVmO^ux^5L=0T{@5%QgD%gBq!Rmw4Fxk`{S5$y4_K1y~af$3(+!Iu^}>X
zb1abqzRi~3m;3Rdn`^?Tj21mTwqa~{mxOu%d}&7=v2GZoV%?z1AUC3y7mERZxKQCX
z#R%q$lsZ&Ft)MAdo{-(3UY&51X3Ao@1ZgW#CT{-XtT?Z&<G+od330-E{htd6+ks=3
zz9@V_(TaGXe;HU5h;9vfhEUP4x$)<x;|2n8z8pOJRfxuIs&33Vr*iRCt`|A_55W+3
zLhZazk=Ky|f;})15X@YT6cVwptFq}Q9d)uj=@FK?8l^P3X2tadZCwxqDbR?#(Guyt
zZn!MV*E>~;K$e+sTv$D5!5RAh1EXJ(DD?2T4$4M?!X=bRJ%<T>fG8^x<a6Y)8EBL#
zWBgL<yWT5UInoX|3CKM6xkAeGSaSTMZPx((?~f>WFftGc)xCyjhF-cI!x`68d`~vP
zU(mNZd^)(*rYJP8@`Y_79V=p-5@?n3<e_dCHQTW&47rksEn7bX7em%>cLil~g&YFL
zK}AblD)Oh`BN6CcFdsL14ZSdtA|cX&QOnYaPt@OUEO=HDSA9=znv_}Ss9*5-L?Jrd
zJ|2kBR}gzSQD90-Ru?{v+f;#Nq$D^U+}0eH1$xc1ZXfZxqGX~B0{&a}Hp^(Gi*l`h
z^W~chEbtCDc42Z<wY}P($Pwu#hL_-yEJ{JE>wZ-^P9lNZ8hly1VnTdoiU=Dvq;s1y
zGlSmw%Rk7#BJ*Z*!)B<2zZSoO+los)B}otC;p0O_bFvR8gK3ABV((c<k8Ykbpz4!s
z8=C^>g%S59MBqOe{j+hv2})8vHnrS`(aHd3YrU)n%UpUfGJN09GCaEcyt**=yd^U9
z>ax9OOf*ox6-S<gHk=&DM=3hd<j+Sj6sd=zt4!?{smjo1m5}#fX?_3I)+>zUQ=168
z`U0H;5T3lca{d`U^H0oyr>n8q>}A&@GZspgt_Xhl?QJw(`#Rl@4?rb0-{Eg}-^GBg
zez>oC0tAZ(9sgR0r2cnCQ#|01{(B^}qX-IX(pvKgrL1HPRZdS?ud^{vNxdLrkthR3
zV17UndJjAu`pBk=BBtIM6xn3?gQ#S-`$!u9Z}zX6zrDmj8I^kWiRzN3L4lFR1Ai5u
z<i(sYY2eXVM8IGdejUeR{|hRjfzG#LGwx=vjYZsxRDqd`>NRkHCV~A@AWo4Hak%Nr
zay0Jy_0&B<B#rLvIDij^4V|wsn>1M7WOLs~?tZ<i$nnLl^-qNarKTvoK^U=gD-lDT
zonCJ3YR3iuz|k%0Yd6@gJ2n<;?67>=Pg?S#Ujh_=iF8-jOx`pX??^$OJD;O`@+K3Z
zi>nP{QGjt;$4LV2g_OA|LA^4aK+I?Sj6)P6Ml=)0^VExdUh;6m)P&Z6JDXtiaqp&7
zZUB`uydi5;uE|Z>Jz{Ca*(DELOc?(Zrx`J1RMm@_Szvv+t$S(d3=ga5@LsRYw5E6S
z<Z}4?ti=KWp1p9;^Wzg$C>wOMla-nCP4P;Z2}<?rY5)Y!=@Cs?gy43JXlTZmNmvPK
ziwJCF<Pl-}Z|~G=Ag^2NiG{bwM0W)>1zprkxg>5@TH$rFj}Guo_38%b?4OQ9cF6tV
z1%uopkOqKK8CK110%Vcali?j<YOuz;rQ+$idYtTny4~VuZWZ0D#=jpmc;S6Ja2O-F
z%if=pMxWlFwUbMT95?U;W8Voh{K)<P!L%t(kW0pA^he1z&brb0q6YgDpR}XmS1GIx
zpMJaU8vAg3UFualqH)tlFD<%0+DoiJuH814*YO;sbRJRg71t(oNzsN*5$KHzoX=9M
zWw7->e4<?p&pv+cKsx8L`{XYbD*c{RZFs$#U27HcZ%?ieOe1aNal6Ig$%2=Yhopz+
zbHqy5ercOC(Su~NkyRam2hjtMcZEWFoiAtKp>^*oZ@N{;Nd})q7ee!4N6}r)a4()s
zAbKa~B}3C7!jJ_+h}+U%J`Qhr{%uS)e;uOtmWLMF1%~fYE>Cf5w~lUjhfrSvtV%cI
ztR`oi>yZ03Xzo0Hb%=(&`w=KY?KS=RwFCdt>tBffbK#4d#VPkgun<`IQv_Lv9X9z8
zE5c7h!gs~*L71fTCh2A1i|=((wjOcQZK=?Wo(llU#f>BtxRHy2vQKYTrQSXqFQ$m0
z!jO|#tzgfrK{F{E!s5^RK9u}ov{m*VmSfinA@>d}LhNg|JyOA(EOlp*&8}v{9~vXZ
z{$?)=-M)#HqV}l5tM7_pA-Qc7x6ufI_=DIt*33fZ-k*#{6omQfA}I9NtYf~6FNN4#
zXN`ntznhZzK~PCn;L9&wyw&k*p2S_=ha)?I28SJTb}}EPs^5VmJKm1pOX~VxcwM{(
zfuiF_02E#Sr)U)}f)LLUTV3ZLqLMBm5H5`K%lG@yS{p2WmOd}L7Qce!Xqs2@nJ66U
z_z@ALY6vaWduhaj-+Bnl1~+KjlT14@SBmT5S&n#fuAU)V?b3FktX?IH3jsr+Ots?K
zz}ju5h)UxDrV}Jc6iu;hQ!&5UN$yKm!)LvrY$3+<UHN2ZX<dE^v~8I0$TY!qyfeNM
z<9<tOyILxfa4c&%d^k&-35Ijo!HT;+|58_htw8jK{Oa%D^q;k;jYLU#H-N6z-57?p
zA^FGhr`7{3Z;-?*<}#Mz3RxV5GGD)r6HFs6i7$YMLF3bJtB;peZ&Iqs12GsJ&7taW
z){yOh7?|nu1!{Aqob8XNvw-7DHKN_1G}`no3NN|{L`?A$k#<4pqLL&xH?WB~ymTdu
zV?qREd^RTM^#f751U0fY`hL(!145*#+ezu!iN7IxAVezkDZx=yP&0}n#RQX-Ryw)s
zjo!}Yh+J#L@^A<<f)yl1xtQJx+%aFil891UkH8S-I#|@G`r~~L<l~T$K};0Y|Bu>3
zJmwR;BKZ3b?{(#m3$yt^Ps0H2?(TecrUP|QqpfSHEkOU-&XU}UCRTRT9_o$$CmOtW
zIKhHdExk#Jskf;?W8sm=g!e};Rz@Hl=a=|u3_4H%EGbv19WaBF!tH1{pxjKjs6rtg
zolk{(jkw#$P+(C!0zjD=UB{icJgoDo9`*G}M`??Q8Ge#w0g1U+AKK}8jexpTKQJ8-
zGV1(G0($=MU_D*U-;pr(#mf4PEwuxCz4P~SyQ><Piy8>FQ+sgja^4p$kD5QWp0P3`
zZUo3cR}Mm3s-OjU)H0^QUw0unSKVw1lIgcKEkC`C2WC`<E*#)^|6y-G(Ks?#Eq8&r
zFkd@l92UypTe+rBB~np#$Zf%n_ESRY>Kq4Z6pGU^Wu7c<c5)fONm400n3(L$5%+6l
z`^F}~0A3fyZZ2_*nh*rdYpQu#<@iYy^GG=L8b`ama;l(T0Fsdb=#=|&I~#@jbOY_7
z+Cw?iDB>yQnD8XRNIfOI_HbLXhp86}pA!{*_^)sHy%qEqf$~JIh1XF03-`;*E$~8m
z)X}+F3^WWA=?JZu5Z4pT&JavAJ;-BVmy3(HWbXoQX=5K^4@b{gjUiHpv4e<YeJ0B2
z()fqDt>*1wM;%U+E^U6&1Ig?SC&8$KL81LQLigrY*K&N1go{oaA|hd~4eno22r+A1
zb@-DUQ(O^H?Qn*b+8qF6rKuAFU$5u&ODF>qX(`{JpZ3`P{S#K=7jJj4?6$ZQyqOCg
zjCA{U_v_%1=&-E6<HX}{#(7d~ak;qx`V+i|yI-i&z-GZH3T`e)lZD&*=|f5<M`OKv
zcw*F10R6*Wub;t87$|;Hk+_L5)IjkW+im|t{Yau-=_3uToc?&n(&SBGitFp)DOsY2
zaEcNk%{<NK)8TF@EN9DUS0jkL2qv%iC1QM+S3*9GM=E3ZfoQ~JA=BoWDFJA1tWzT|
zruxOpB1}^H-p{Sb*=QhFy&ru@eRw%Yee1iKv((G(0>7`iIf}>RPG^&JAC}tH56}*&
z8-$p(k3dd?gIq)Y38qqBsf)a5U)vnPCv`r$ptA47re1J)2;h+K*0F-0huA>hloBLI
z-~EVhK~r(P^<UE=T27CU*$`a9xoHmRoHNEqek_aQDsmPlOzcGV>zv>@qrT0>N<@)A
z``7&6zICx7wr4|!Pqp$UO6G;)De3kBzDffbK_?(T4t3E}ofB73WRyAs3p*zY24{&6
z8ugF!WCc}T47)S;tZefZZ&<t`w7vmxHfNv!NO2Fz{4r%s$`3l>?ftMCNB6!46^njP
zIm9u&KAKKQF+cmwXa?lnM3wv4RzY#>5QgQM@SU#qyTa8wtv6LqJWLxESNQr+XJ4T6
zxS*)R+5;*sdZ^t}BWeLd>oCkSVXPdqfN{Mxz}EIJJHQKJ0X5<2nH*VkO-b>eI%=FT
zcsyVFJgksFz`ENA{6SJ=<APituB*xp%^`rAU+>L`bvDpI$iC2KEPVv^_(%KAECZPG
z#4Jw{TUjnpJxWMXF3+PMG<8j_VHb;#17!HRjwXnbnZX83`31V%7Z~-J_3;<`c5e{C
z-bFj}IKA%luLD9<+f<efZq=S*QNl+xO%TFi5Dkng1!D8b^t)?v<+5k-Gu+9of3v~!
z8VIVAR`=QMKq)qRfZW?a=PT~6eHsv4Hv!tVKSoB-g)}Tm!HODYoJ(@i$%-4^GP=1*
z^X4nbymzZXB6U#-8t~!8U-;)WolT)HvzOpt{u+6XiMIMyaCI>c^^b^uMOa2t-Ixgw
zfq_0X+A#0;QE;a${(2&W3Twii?mRw~I-s$il&uA}sW3>Wk8=*Aws#gyY-~ixg^;{R
zFNSOR>rwSn5PrBQdua*$2*gCL>o50t6X2QdkO&8QA;GA`Y)9iFREk%UUSrHPR8izF
zd^w1y7UfswrOoum&(h0!Cm)8AqkQmtx7RHc!&{7<A0cKC-*=!5wVlEB!`15TTK$H0
z7zmrK7?tvSNE*xMX6F5su*O$@&eGxNa0>Y<Nae?&BEhjI61R+<4~z!aJD6F`pd=@{
z#L77@H^WxrZ}i2slU_8+IkUX7S+2kREB!As&o!ZF(9m=vnIh1~AakBPC8xyaBv>b;
z>|~?d8AX_7Q}W+Ib!^8HKYH+@T?`&&wOZLEo;gK&J&+z-aqqCeq16;?UPs%<)B-R+
ztD%*XmtcD{=KhgGtzQxmc1nz)#mAY&>$683MmCGN&gT);u5^wUOG4}33JOODWMQ1b
zBJf!+oJ55JZw@7$a~by;98#*OgqadSgYXu^i01yDskk<`H#gb3;7J2j#}Ho~Msl$a
znx&1YLsDxXpCpmjg6d8SyDDsj!>frMUyRCw7eN$~ZYx~v^?bW0<#wvY15YVT$J3%q
zjzzb{I#vUFvBq7E$GG>`zROPA3M)c%QOqKV)WL=E(J`Zv{2!{H>D2(<_f+)jyT0&P
zKjOAisMps!EjK^2bIslo*jz^!C+#uU_)veNQR*M>Sd^!=jRp3t|7Gww$+5pM^?Ex#
z6jB_TKSQ#IcXnt*o_xZ-9P;I0%(bQR-U^*B0J#I>ZiE$q$-O9;%8}ts$Z#?E53@||
zN|;|M=cy<O7FKwuS!;u(j3LOouqzI&E5p&W+S+U?OVLd8m|Qu%B||82C|JBQJg|!Q
zqA)A{Qfo@Cfy|_O;d%tgD~H8iL{(VS4;SYVqT-&o24_X1@G^{lV`!u?))&}zO-|lB
zzEg&k&V{%m#Q5jQnZY;IqQH0qIi7$0329-V2w{UjLo@>w)6L@)bBnYdqtTFVz}it%
zH^9*Wa;)#|GbseN1w?Pu=?LUYyhb+vHU=QqjUcjQ&@K%w6;%IY>Jb)Uo{a%s*C?7<
z6{@sn16?!bLZgZ<KBd~@?zr;12sdHY<r2ieT0cih&_O-glotgu=S@J-+9T6UH>%DA
z)W0kbYUPvyvNP7#DIqf3Y?8#U`GJXAn~+Z>2uA>fe;RtCMIxNO{4a3uXkX&K^4|F)
zLYh$+$6{LUKv7W6xeAE5H>G+$E#9==<A6o)A~T9bwk*LoV-Zcb$-`~~+n}r8&swCz
zfLoADKN2HUiN~i_%x@P#D-iMW-oagKDV+8y%e`-$D!;Z95h%`)e}6QBX?t}tYrLKZ
z7--MT%npQ7dErhoQ-W<UQae^d^`C~F=lludX;G7Lw2I!dHAgk#e(5ekRFDcXE9n?T
zLtd$Ulya-7dTQ(uL=8&N(X0CQZq8b$QQ7QH%Qi7C4UtpBD!$O_4^BMGH~+3&hZP|K
zLzi_f@+6903YKw$n1Qw-z5V{}j#c+bb*86RfM7VxGX;}+887P=U%>H)^<#26mA=>I
zk8Krm%?LTZ+^*3X3V9{G8k&Kv=Ba&lKHm9fn`o8yapg`mUGG_ryZif5g>pxixi`;k
z(}`Lt24UM?m0sNHj;xDX{57Fl;s$D?7HBsnFT19j+b;{SZ+aC#rSpA^a7!QnzF%b_
z97Tx{4`ZRoRZ%AAl%}|DZq13xiV)@b`4Wdf=r%nNQjr?kz89mB8$qR9>8{^$s3%Wj
zM({U`)1Yj0rSO2vMY_0KDI>7B{%r*-5w;+-|A*=4RKwB2-9!E}_=^HjpkzN<Je%6%
zFvjA-Dt%8MX0*@DqDs-I6%;fSYUaHZR2t4o!N@w7*%j6yZFKWXp>_5nx@z~yfDjP?
zZin6oG1kSh#e6vfJbc2ZkO!kshdm}ij3KBhSxF|Yh!qIhs-m$t#{nVF?<sJl)4mj|
zD)<6pIB)seyVv3c_KP3_k`hlI&)J@SsqN;rBR0*r57JnUFZ8GCqNv{Grd|J}UD;nd
zoVNR7o%?&e5Z=0(+dw~pI%V0(;$a~}0nDNA_(ZXTDM36(pc)Jt#!`cd=?!Q=tSaAg
zaMjOSd5L|{$V{%HYDns3HZoHiqQsea6xu0JoPfO;sdm-><0*T2`7W^6JDByB&UV{7
z()V-YOi-ac$qjY-P1C<N;Wl!)PlxOUDnFhkO1COcoJ$cR3Fh1!R6_E4gsbCjQsi<V
zw9UWDlZCQfHCvxnI2K*qXo9~B>8}-e?P|jPDvXs-_3a5)*NNgNq%_^W!c)emW3n>t
zxENYxia0y`_Hf3GjI@}rA3aC*bj)vZbg`mhs;2WE;I8Dm3L0wU?y=vyY;kPrunTUx
zQPKO8o679B`m0m0yZu_vtBVtJ)UV>wYi-S^_ZD|iYM(~9wXZ?1B9RlvF@CKFaHm7J
z7#rc@-xc>Hz=;akv>aSZ7sU-gch1Wf)?(AqN5%|ubJC-Zs9S^cXT07XT|c+`lfbh_
z1Src;Oq_uAAM&!jfC;W)F@k=`8{E-R@5gc0*Y(k4s(2dc(KNO+TICZ%jBMwXfVaEz
z!~18bYb}Ph(0CcPrkRl`tlGAi5{8y2vHZfOcD@9mN-OO0KBsU8J4NYa_3?I1w|*dJ
z)^Ds~35PMtmL&fVsgt>H<uXW3b5Y#UT>oTmf5E@3WYrB4iuPA2FUeH)D_BkJmYkWS
zQ!8Jq6bw2~Niaw4^%QOPkJ!+{E9Z$Ba|a|virgJ=gow$dm8KzJp%m)QgQ<mRi(&$=
zjLi0?dc+D8a|>;Xx=gy;**4ysH>|~7ne~V^p!r3|(Y3tSIlrL?$=>aG<Hmg{Bu7K+
zpv)7oGhB#vVERbkx}=os9s<n*um~0pmp}nUEzA>vl}ICj^3^K3G7;+s%oS1kn)$$u
z^4fAHdO7t<t7)Nv?JupyP_AbcO=0g5e*~eobOvV*<8}%h5BE_%o9+&}LK*%VHF511
z9?PARDZ;DarRnz+mgy$aRUrfgfObg9D14!TpCl&^iHFBMLN&P-(ThwnXTSug0@|RU
z4Lp!WQJd&sRkTNMGjsUvsi&cDHgMbbg2?RBOFDk$Q;ua#q3&#+nD=)GK0z5lw<qI;
zJ6aIE0xv4s*WLcTeR0HX#qrR>W$IhKeQS@bTy!&|g{tubnIAT5?MF~@>icQ|k`^}c
zDzXHxEvp&%7{~n_JQcRg)XiJcB<<Pr?=GAdH+!((LmTn|A~41_Pu&Wc@fNV2gRU*^
zj*;?8we^nGGMs3`;1Z1=W@wJLr>n!~^YxK2x;*MG^>H%J7#>fjbWX1Mxi7)jm`<*_
zogbf;ZL=`J?_bnz{Heq6CGD;G5%cMpP)^+^wHxjt{z}>ER}=!d=?<6#bwo{zvC~ix
zN;gY_0ZV1s!8rB#&-Um##YvuLgG<o;OpFbughsZube3`n-Ulcfh34&lj8ic@H&sS;
zxQ-iOm3obik=s*S+tTchIEp^zy)NfM;riuQju;Zh-Ag7PPbtG>GZ}9FKAxaAuSK4q
zl)s|icvDAEs%v+>4o<hi>jE`c>*tyqi@qnS?N_kg)AQ~abX&7L`cfSW9=*{K#tycS
zI5aPPfcPeqlzBeH5*{!~sT!clA*|gi(D-Ne#l&JTGoO}GqPoWNz%{OA5nGW7){*_A
z(C(CCHxH=C-Q`KQ`i0Sgt61C9aAX6@y5ro7cP`(&!KvsR34_EIdGu=8s)dzeF$QKt
zs{^5Jl}E>FTmOC@6t^^l!Z#f7)xB+0zN!d%Ny-d`26O*cnW{A(Pg;U9SST03{`qlY
zwU09PB)!qD9!)ps^Wj5+qo;SO)MO`a<Yr#({YU1ftWKD^3bPicOwdq;1Vn;XETnoO
z;H5bQj4yPjs8t*B8KqznFoG57Kx;XFHZEdGj2UWcWmIkHJ$oAVY%_0=e05j_V|&K3
zENA?6$f~xhUl>JCk5dPRmlK#B`pXAtyV<Zvlx~BBrh3(7);dATI|<^K`k4qkcCm>n
z!|yt3>tX5$+mi?bC;ESznMtG3r>d&$Y0%vBlqIf=@YB4jn3xDdN*h9E@YIfqGR6H7
z@mGk&#O}D`+HmFil;g${P%f?~A(c1@S!#*_*GkLct^k$qf3>elH8fn!AS4<A5duQ?
zFQXdM%%>m*`~q~BoUd`%m#X_WmlISM+Sk<f1fBht8R)5nIkgVX&(F=i>~we>gq*;l
zG!yNVUEuBmgv4;$&q^5A_}E4gXe^t{3mTKmRu}ZAjnvia?IFGXA*Pmi#mj13NL|7B
z0N%Ezzp~d&$*Twrqf4XR@$_l?RY5ja%X<Bid{#Aj;o;<BZO?W9S<lDuX7@Ne0-b4u
zyvcx%-$2O70fLyUA<R1VSR@}uMFJEq)mi}gOF@~Ib_o|}K3X;ouj4+nSwmHZwYQZ^
zVP$wLK?OifRWB4evjb?*y)3Ul=*WqN@Zc5G<VHCeBy{%M{EQ%<gr|t39TK94x#a^U
zeV)D+zXyKD$u*<FJ6MXzn!#e@v+*$4K$yePay1__YHg?2>u&#1mFsh>QoZ!Y{qg7f
z1|L)HZ&igCTcxj!7&+S$|8Gtk)dkyMkDl<Kt?a2g4HZ@Th?7ER3_$NVO_0}W#T3Z_
z41oDaS-kbxQOu-!z2atcY@Ph7MpT*IQan(QW4@+Ov?G33`VIUQfHyQx?c(~9+G=)U
zORu-R6+9MSX#D;#tv@4ob6xQBaeuVp>Iz>tps$zX<L=rT&k8^|<y~33!|Y=ApfDeI
z($D0Ar0i;fm|F0N#A0s`kc;<k4Zhf5^OBWE;i~4`zMTOP?VuX5gsOZ53y|voj3SsM
zzO;g=b+zv9E3K8?emn-Z_h57VYBa;_GxOrCk@b7E)%%;V9yVXAGKi8k{J-O!8|D6?
z4GQcj=by%~kuj*`>M9Z|VfXk?iDBI8Lnnm{2*d_NyQMsZ^0bS$A}$yGUtZ8no8P^J
z=|H_!C}^tFlQ2q@*dA8sJ?OVNgx7@cGW5Aa+G7v@f~aqmJf56<SzA2C`+-skkxH{Y
z`#{l4V0gA^u6jN5mpQ5Yz-FQG*7%YOHk1WNQL@?Pr2dIXN-(up@aXm3T%8Bvr+yv(
zlq#-H7%gs2({Q33@+pbGN!)v~6i5|%e~T{7aoKq^F3me4ub2|Bd5j+-rfx;R<1WjH
zLKgj!obhZ^54|H1Bamf+>b8V&r2^-JnF0jnEUC0x3UByCV8I|8`r&2#EbLP&3XA-7
zBFg-qvMqHp^#4QFImYM`bc=dy+q1{EZQHhO&mP;hZQHiJ$F}Xc^PO{Yk=sAss;;Ed
z$$Bg4Ro(ThN3H?0yGv|7qPlAl(}gv}H@myDAWX;{LG(nO&(#{?rd@d0WGIw7F}%vn
zIP8zZf^m9}dRD=OiV=Mb{s<;1d{>;jprez|BlCPnbGNs(L&3qdlh~@mOH3zS;8JZ;
zCtt*#@WqEr_sceMI89#}5$Lo?Ke&txK6DMQlTx31<C5)~V&y2C^aa?fEs<&v?Zne#
zvniJD4D7HAhx7Aqna#5c0xkjKiivY|0bTP^62a8_AS%0LlP(NNty{y9@2}$zDr<~=
zNC=Jli)pzE&c_5sO`N;e^u!YE-qW6FNZMU@%%!&|Binv-Vq}M);D$3R5@MoVLBCPO
zJM~H;_-`P#FSZW-@;YtP5w<l;=Ty*j*GmBXiK&%73}al5X(n=QaI-lk>SYPc?_S*E
zN|%aI-k9OQ)6}(t-dG-gtLk;N=sUQx|42T1imd7D=IF+*gs0lSzmL%v)49QP9yCfk
zuvl<(Lp+1Dm#YZeVvNF{;ucnh@|(eLiLv-afS>m+AebAN_t&n{x-e|q!uo(QH)b3q
zCkXzG;NRciGqovnQ!4kgs*!WRy+*Dulo-xL3yvsU+-qYKg{r6iHIT7|<&?^}B`glu
zIXxydbbcB3qkQ9Pf4U}LkUHt%K^+gGvM9mtPPk9gx*IdI70HXY8N0#F@rhIdfbE-^
zbKF!L;A{^Lo|!Pe4t0&-L`}alPM=Sl1Ct+i9j{<z^2wWZ;-Gi5_Fg?M6uA0u7Tebi
zGtg4_=!sxA_C7^xsOxMequh()e(R4F2i}s0hGe52blnkm`Ui;}0qGmpF{F8TZ9bZR
zFkRMUlG%4kCJoX5*G?dLM#|`EX|P)LPp;C7TBT8*QbS&+&l5<0_#)6>T-O&tz8-iQ
z;qGXGLoj&3xu=nerILSPzsnVhtBt<)UpnZM<o1^i%0J-bMw}VpgPOx%!gmNjqE{os
zkHam|JQOsAZ5&~aJpSrWS`&o82+1u>$i#uolR7i*7SGpnP4uAsm=pXO;(;{nOq^|R
z##yI$tiE2%#J0Gqd`DXv&7cLNiaFn1zsWTgm43mO;D!}@EW7zK2-mOla|%)m<8<Zn
zpLfuWXOxwPWi*keDwF__6b9;-_M}sR(olG{UE2L8yY><2q!ac6u5zHRl#M9Q`b!73
zXYZFRNVf53fL3FkUY(Pw@JM3qu#8S6jSnF%K)7vJ{-HzC_SQyahQ8C2Zuniff94}y
z`VIJ;w4CaNz1OYm6sRHsw31`2`Wo5S%_r~p^;p|}{rgpXM1zJ2e>}&s-C_I7O-IWQ
z!MDI!r!wgC*GQs1y?grdqr1x2yLDXNz}Jy6Yl?zhs)8H26-25hvp>EDc5HqGVxwSg
z<NvAo4<Cda5rn|gfM&+Dqwx0Md{Fth_+TsmIz`n~cxteDB)T;hHu3<PwNCAt;;l8k
z#!~I|WU8Lct>HECv0%61&lBCxN$>Z}2Vd{$&o>|Z&vvQr-@PB_N4wA)a4KKE_kBH0
z-_`7Y&+ZUvdKvsj=NN0;lCBu$)}M<eG8E^byPtzM{rg`ti8Y0>;ZRKrS8(4KGBbZE
zlYMWTshl0aeOG?M?f0sFl=#8lU*>z8M?<HrYh=7{LFqD}E*-O8A<R0SqBqZt0~#8z
zQ51H<`NMt91&*lju%}qlW!+i%q=vt0n_&OSiV)1D9^M!zm=<a1sTEL6RLu1;XJBwD
zJpg&;Wq0npFWc1<YsNVX?}Ji<Yh{UO11U}^$T4_QUIsPIa|#b+ny-M5tFL-K2Tw+U
zDrMybG9~f~w+N6;fP~*|1PEoy)^)PaV`6zs{D%p8?%rz4$hRYw?=${a<7=_>^U7>N
z;cF=u4WO>IQ)q=$UN1wN!OJfnLIqShOHDTd)Nuovu184~(S;x@26r{em|HCIY~uC@
z`p}B~sMm0djDhTNQXH}{QgX*_49?~TCj;|6b<o6a2JRVg9iUZRYGU%6K3z<3ZJpqe
zel(|kIV5&d*2`QvGLlOj<@Fk8>RP>=afgVh0VE!@nBGN;mP|e%Z}fpXlcnKOo`c~(
zK+xOS{|f}U%?TzVg$H8Q+vlO^?#*Bji9+>T9>%K2dcpPJ5H8}93uE;}L5Dp1vHxwR
zdNk=XSSdyx+|Kz5t<6L!*A)lJm{`%jz9Pp4)&m6fiZ2-1{<e3TOpv}M%mh^f$vhoJ
z<}k!-CejXG_7NgL^Uz>d7fO|!w6TaGAOTNuOB2gbZ)G6~LW!D~%2p~_Udvq1AfH0E
z4`Q^)pU!pmv?~;<C~ZOI?2J@_5bH+TIp5hR7^nzSlfi8l^LAYG)>e2wU>}9Rkt?<J
z(xZLFqh;Kt6;2h-V)FOKcu7BqKqVZz(DVhx9F5l(tY|ELB-ML<v70_o^w%px!?^@x
z_;A0n0lY!|AhMvTHQYGKWi_LPOCF(doT~7LrQMsZ?b(c?8vj3NP-Z=ecRi01BWm$l
zPW;fJX^jf|Ujo~~XyNW0v8Xp2+1oyhApKYiX*?(Vj=*1v<hrZ(mi#WF`!4Acszx|a
z9&ZG~;gS2yl%C8pK%WJ1BrPl^Zto53XLFY&gQhf|Do?ZiRNUG&jUbF85SNEh&0s2;
zT6plK3wt=3XoO}Ggbght!!sx$GB_*($j$l1XmLxgcw}AEb|-c#Tsx{2jycoIpy$Pf
zxw{kz#Gy1xR95mHe1S;nUb*&{43hm185I3~k3}D~Ze6NCXZ>@#9f(x)D<*2H!<qGP
zKa)|EI__GnKS1?j69W_+)Ho6g2wA2;ZR{?RpkiRY4uIYM-6qx<==ncT5FqVZ4%`0+
z1vMrFB;ysuYtq<Db<{$Ll?l2>(0NK4fYJmY<j&b;8h1_KRdWlb4X)l*dc7UP8(YxX
z`jILF1-aLPja}$8dfkraaDC<!UhveqfX2KM@3A%QX)#PQZIjj*z*+Bod#!0?P$ls~
zL#~;hmjhA=L(NSR?00zl&6)Vu-CjE;W?+X2@xfDdRb7|$Tka1<e+Eit!-yWFD<c%N
zAjYdO)Bubp4#_JnGvr=p7F^SvyP%30N@@-?5-+6Km|KjlO!>=zf(c(BEGq+oMV-h$
z<ZXFzz^c|7E4VBE#hwcsKk}t>+{)?djjD_V=+!+#RUn_Y4EQ!%wl3!K%73T@6lH@U
ztML0SdbmVJ(EPIu@IwYgXtCeJw&?}78YVLdHbph?C1}>61;I%v@0u_f5%ig{E<-{K
zSs^8X9-`D9%NU}Gx?ESfV3|)+h2joXYowqBQ`7inaN@(L6g8ih<p{~J0`}nYahW3X
zo?A?-{4WY2RBLb7$g}G7mfeuWx)|q~GrlzI>X|DH+EC{XyPHej1^dOs-I@K02*?h>
zTW#w4#~rlOvL0Vt_CzzuSNqDD3@y?G7d>>?9AhVc&0^Z?VenFLQ=?NUnl4B1ZQ4_k
zZ18Nq!_TZ3QF&2zyYFhIT_3i1d)18ae4e(xB^+y75%pXlr@mRtr(b(&&SU(fW7Q+t
zSulR+Cjy3R8&Yav$r;b8#Vr4dqNb^=pZI@(poQQ!_O)JI`b~Rx#}-t1b!2+<TRtHJ
z{RMz?40;uIsD2x!^FCL9#0^N<S5}i;U4Gt2nYC3CL+<alC-C^B7MJRP<22-6NbhaD
zut<RRAfG>8SzvWun$y+HM8pVte}+Og!)s5c;I@C^wiHt~>grikIGT`MZi8*`awdph
zvxjnjNe4uS05cDmf?BP_V9EL#RKPa=VF_e7@mkz~y6HrD=A**c-B5-RDY&8hKcq^F
z(t%JtcVD$2OAK~y)CnwCj7L;PKfKVs{bLPUkW~g`R!kh+z^#TRI8xi_LCi!na?+tk
z^bVW@Sz%H9niDfF!V8RKtVZC?P5+YuTh6HBfiM3^Sq%JPEr>)bP`d%T+RElHf-aCf
zjQ>ppz5EhEZ(BxM#z4%YqUnIs^9VrYDyqRM^KV)T(!eNyBJ}f_MHdvwy?sXdbZZ2E
z(wlgIA$C^Z=KZo6R6@8~&w(XF-z*5v(b13B9Y?w1xo|Q==h(z@|NK#2V6F3+Cx*D7
zAzO=f{^0neZOJvN;pNa)Lte-hVc;>{#K;y$h#U;A+A$0oZc*=l4#c#Uvp3m&sY)!~
zGR+KhB!v}bS<2TTx*x>+TxTkJz68>40hd&Z&NkO&Q6<y`fs(|6C5Plt$dK0A&H^~P
zpm#*m#NlK;{zZZqJ)~HqHia_RQBtCL@@ZnWB(zxGZ7aRfM}eJA#-Cl-9ITZ)O_$S<
z74~`z_!`4+`Y-C?AJntGJGidvu4o7*L-;Dm{HC}7MTl`M0w!0O-0N{%vVNH$8_+lw
zeD5bBkmV1N{O7;_7ZU`s|9>$-UZ199K8n#iffz5(AOO5d;@J$g&<o()IOXr&f2<bj
zq>fO~fQ*f$hbg>EG8Zb~6^{lu5Wa15UO`l)TfHmn2;7gR7gGDv2h!s$vp|Cfyl4Z;
zi}CEol4C(gav^8HIY>N4kmDOrmT=h^TtN~bGb0SC)vsS)c<;>cqmV~)*2rSI3D_XG
zcl1@#^yF6r4z$QFoEv7qe#IN>F|sQftiSq={$CS^?8-k2ZZVBgRSdg{2VR@?^K$8y
z9CR9eFQ%a{RM>WzNo;Y8o<rF!5cE!QyMAji4Q$Y)RL-m19{2iAf7^$ps^c|QmC0C>
zoEWkPO+-+Ln52xuj-k7tX0m1zB?HV>7NO3ph+Xq)$s~BHRrQG`LcR#DrG8f`aS%3M
z-mO|exh=KghMcrE5(s!IO6k;;wM@l&q>K&RJxkc8Mqs&&kpUCie=U8)kKp;#s(487
zjP(Y-aYKYOoC<CZ^Ot{IuPH5`e|(>}o4IVUrBJSB-%!<`HN{-%RFaJ+uVs&?+Qs6t
z!%16|)JRG{rXDxZ{>uYHxCTJc&S>`ip|ge!(9d>3pd~v7AFcwzuMfO-BX(qKV+P(j
z`^{}&g4cPFiPUT4NX`~vRsM~&F0hwt-{;%2zI-VPCv5dxLTA!X9ZC4NYaU4rR3JJS
z#$T~5!MsOA=;$q!E$uZW-YPy!oSN+$&TuYHY6NmYkCm;exJMXYQj2#@9V@qgM9~AR
zTj&k*5l)Lca6A9_x3g?E#|7gV`Zs4MaND4+o|zlCHjxjwcJT+(J^P&LmJ_)4zkV7o
z9?Wg1Lva`o_xb~akPusjAkyEJ3{k@UN=WG<t`*5?2?bqYf~6Vwg>rvEk<6qRLhq8C
zn_W-7Aq-ds(cVCeLR6KuT2@>^rLlOouiA9&A6ufBntWOe9E>sibbP2F9rLO=>MS&Z
zWAH`8Tjzm82>A3r(0HLNa}5aJ6GWjAajzAFp%GFXX{gg|q-bToJNu=bG2T3c6^&jm
zw0t_hIg;9-_sdu)@HF8;3$FPXN!j86|Df-6F*ml@oAIM=5R?l(apWx=#&HG<ZLmpT
zZXdztnNFSqInY@q`?IiKY^whC)4)?5;>hz;^3v|*Bq88vDu}~T*ARy*qbCkk!Ac0E
zf*U7D4lVK)x2yl-`=0(3c6b{>>uCR%kOFv8N8n9<LZodJ^lRS;?1jK3vIxeyFzFyq
z{X>#DT2KB;43Gaw46gc{D3mv}ub^v#z)tN;$;4M$lJ3u{71S{JkCc)LJLr!L(nRq>
zLfAaY$4%7rG`?tTAL@M3ZH#CJJinZJVfI{MYI=>45|ikG$&!Y>NX}-%bmGB8{a;5+
zJ^`P6M|oT)z~!=>zD}~-P&qCPWQVXS6B}fnvGm`p(RY7U>qC10)e*q_wRK08!wCSc
z63=M2%Wbda5H#IogZh}T<s9FRUd^%aaN9PfE-ak_5mog(KfT4sxni0lnVq`x-!Tur
zs|FJm)&0=<SZr5=t=x!54i4LX<InreN$@87n_r;uzYk2}$?hD125WDyamQG*IO-3c
z-_cK)grh$i*SG)Oy#F?V;whm|*e^%i2b(}$7LrPMhrCBM0nDElb@#<|Tq{zkJs_I#
zb)&ciMaZmFJR8MRI~jJL{j%+56TGJiT`h199-2NUH0TLtE1|pX+vn;<!>JAvVjj>Z
zDgZP5!BLQ)i>(jcPChzsXY*yL;{!NtjO|zbsmiAHG!Zsg-3V&HuFWSn|18tsZ&x@j
zxo?P}QlmylH`Rwmd?BGaQqOY+BHBLQ)4GC{Zs4ct^IFQ)ebWNFPTD!_Eu%iFm5h?O
zbwZ{vgiNEl8IAg+x;DY(;`bz<rK%#kW(tzX+G9H@vXS$X8tCz=h97ErMFUmdHV55z
zk!u06G3XSqL`X{mQ7z_BTilL@?;qT`ady%SiDe1FLEfbgJjmG!7+j(K`TM_PG)PUy
zZ`8At!p+X#oF-v$lRSAKp5Aitl3(@yp2Aa)DdgdJb9}vZ=y1HeOmGFY+~{w+>un<6
zyd>!yDy)m)WiQ=r)P=(kw14H+5)i*Y|KsV&8QZM={Q}u6d<^#-U7fQd)ORUxg&9b5
z(8s+j5cV^;MvrIH$I8(pwz&)YLejklc4ixQ9Wnc7OC?93V`Cq)sPot??z-Z40Cqv=
z_y4^HJFB^25_bcSzlKZo_q`SO0*GxI)L#SMT@K7T2KLB<-8PHe_^^&`ObEN>mVFy6
zdVO%~q?pC;M&>4#NXei!6RPPQ&AO<qD-;^&)rI`Y&}TLNvU10ZmD`MavfD5ldsq8`
z(fHBKA-LH29T=Og8)Z5)E%ON3gz4lHvJKIljmtC`o0j(myIAr0Pk+{|&K<TL^BKo}
z?49kE<JsqTBL2@beEpqxc(Z>rp1r`v8{U3rszAf$-hVewzs>I*ZWc!qxJMwWf4jSG
z?TfDP8b2MmJAYSt1K@X4rM_Cfm_t5&g}!?Ues<!1?8biB4u39wxP7F?3lsT#uvg*<
zgoJ<0#t`OTVK50pU=Ra~jZ%M4>yMb!S$<Eocz-YLr>lAT4WmE@6>p%kn#XT|BY(q~
zkt@(q`8&WS?#A;QY3!oTp8v%7?Z@Y%$Kv;@46|DyuT39wt{l|vh^-`<U|@&Ge(X}>
z-V9-*5PwONkv}&XE+_ul>J~jLMvRqbkX-tjIJgv>)GByohd)6d!GS&KyHkw_JMk(R
zr01RE#G`jcw50hEOT-8ceF-Sv^}CbOKwf<Ll6NNDlEM&goupz~0+wbK9uQdV2kqj-
z=n18nkztfi{x$#bLJu6{cQj9$T#G7p)~-Kq+8BoqapBiI5W=Ws@y#uciGudkct<-F
z5gE8^v~uEgq3=a^Oj29OO1OT@!|(I<L1(DzbiM(*N-9B>e=yqx+A;5-*o7UJDkVZL
zNJXbf-co$#$|A9wMuI{w{D?4`j3*cB#CZMWKI{EhX-)Nj7k0-kK%zH8XUhA1YGH)j
zvLE^@2@@LML1SG5&`Kf4Co_rjMnFX;-`zdV6z8Y5GY^e{8)$p{V@MZd9sWeuC**^0
zKHox`+-*cBYbo5X0a(a&WWgOM$t#((GxN{13%sJ)IJ8791Ob8jWasNmF)d6v%#FIq
zRG;;T!XM1PG95T|mD)%64x070^}8vArRM)Sp>g(=<*Z$O_o(P;{TVZ7Cbe4&FjauM
zW#UU0MYS2=i5>8pKzPL+;uD74^nK)lHNT|S=$TBbPa;+>;T|KT4DX4RB4Eq?D|b)C
zY2+U^m@QmL=tCEKdV?fSOWN)*eq^QELp~efU9PUad5AE~K$_Zf67kkRqZVXT)#nuJ
z-j>Nhx?|ULng8;fcDr={8c{r&QpmD8Vy)&=jxN~1MLOOn&yR2K?aNF0Gx7^NrP0g}
zu4^;heuCFz_^%0}auCeU>E+a}QXev#%pY@L=~s__U1#=sy@sH-+`U_0eAjJu%T3Y!
zxkjBMm-H(x+#~NbSHSX;G?asBAz#AH`dK=OL>f=A|G9nk4%skcpR?MkTwRq6gFk{B
z9XqcDetsK=lo1XW$5&l6mNwN$fJjd{a~vxXED;uWL^Po^xp#!ppEhhm$`1vzIq<nX
zgG5}G>Y}0Ek;q$Hg${FnFn9)ZHV0ZpM9)~(1jszV8J3xGb|VFl%|Ae4fz_EOH@sWu
zN(6xCM-tiI;BPxlxo8ywa~AX9DwLYvL^Mto1)Kz_u~*jCAMsu^5fOl_2{wAT0*K|y
zqy5;E_79OOj&dcZ@MNm_`nN<6wpRz<Pky<_Rru-5l_Hjt)CW~51^UfR8^%92it#L}
z1Q0)*@#CC$zl4KRc1=SRZVU*mfkTfifiQBu!>v-*2kVwE$&No+*sc>a0DdhLa)}-j
zYym+rl>KU;OvFvAPH|~i?Fto(b6}70Na4q%Pp|i@8HpV!i(+?*V4s^&6}{Rlv^nhG
zX52+<o3|alE`@Y!xUuMH`8cRq&4gznH#TVD;<L&dwB{9cw~Oq4Ql+Tl!q$cfw0UHZ
z$7V6jJ>?8vV@J4{P)!#wI(EC~Qs2@fUr8E0{QmaQ#&W7uiqglHby&^omc3Iwo_8H3
z(vlv`(Sr25?*<Oc8o_-7@0I=)eP{w~J>Db#lN_(Fq-{bi1FXg_0Qj{f8M^e_U$DH?
zDw|rC+?relieVDU?L~jD4!5JBBTukgkP%}|kf+!4H!L~8jO6!i1bd7$mm!u)Te4ce
zFBbcA54A0%(az_T@bM1xn&1v`>2F^9u@FKXmqW_S1kxhmjh(`-#^nmh-zuAjH(AV5
zR&+*Ix)DEi7`4?uA-`R`E|0e!UKhjv9pEjdR^7xjaUa`9u_+is1s&VL7K;7`0zo#i
z3Ue`Y3l@D(^1`1}e9ns39}dup^sX{jV+TVk>{IBU^NKHSzEG%&-?|!M#BD1^E)3%*
zVIpPOzV2q=)0-;kdt?efZEPZXqwVvD)se1e5%cZx1do8k7z;9Bvd9vU;?s=#Au>{2
z6qicsidLkMVOnw?LfhRoMR9{%z;ox)Y*Zjd`^Itz9fKFtJa@0+I~3YGSmr`fxBVHX
zlu5iHMTT8xh+Uj7O+5%Jju`geBtBCgGbwa=-(%zMo$G$~I?m9l=UDl1O_A+0j5(NJ
zyB+8S1FKm1_&`E1``E`mu2FAFyED;_t(X|dv{(;lkA3u`KPcn`fjcJ}zj;J#H^FWl
z0wAtyICKjJ&4bC<0)&N6W9}`~Syeiik7Qe9uym3i_X{minE$L>J(r!_%`Ux1-?AiA
z-50A+{S+J<iemUWOPI2-pWN3Jb&-pZYjj?|rOc16ML@i^Z+JTK#65hV)_L323jY9l
z046#UvV^RQr$jJi?|pulp9p(aP@5xeM^dQlsBR;+)?;(Za*2tYNepUhG5$3ZN4IO@
zpIjsjthK`^KDW!rnW>p_YaOpA^4y#Z?l^khlX}9Y8i)~T@1SZmHC<F{FF2hm^Pzrf
zmoV#K+7(Xpr130~&u+?5E2a&P2wbB#LDt>fbKM7#hU?xW(&{B_D-sCWRUVy|>-CJ+
zCPNRNYp(KO7-OPcP9aTEF985GUekKiy>M;;uGyAb_Y;#V^~vE==j0Hp!Zc9$<qaLZ
zwk~&8jdgGTX4cX5$nBT>peBZ6hJdR$<Rp<w?fwcdyHYQU;X$HDQi&jToU#@8(q0m4
zUqTL|eZa2F8za#9rGL8yR!@1FTm%7Qp6Iz14@rwCnm+=346!PV7?Cp?qg5mi{E{mz
zYtBSlnKfO<eozY0WdAvqIGtE*O?uc-VaskVvXmc&o!p&VqfBF_(6O+PD%CghWwjaI
z$25M7cgMAI>&85$<L-?sBHIsVaR>iA-9=x3hI(^$Q&fnZVuhc33n5kfiY`$%`^713
zSxlXV79+R~j!dx<eeu5oaB?y%iEl9>Nf7GKT9)qD`$wO|NLu4b_SF6iU}dBmimQ1G
zBGEy!xBLm#dKaojRg23U-#Qb1$)yfz;}Cr#P!g}&6ADI46sPv^UW{0oSJY^l#7xrf
z`51yt$NxtL>ebh8o_o1VN2O(dEt@2B9LhX{=evoQ=Y$0zX=24ndh$A%HJVTP5F2~}
z<mWh|fJ2Rl2=DGzbq0*=O$Rlivke8YzVck_+b+7^iO_H*?W62xAA9OKqmh-s&ls0t
zQ52K)5Xuq_kK&cL)~gW#JLI%-(vpJH{%L!ag#Gp3k`JQkt2W`kbn>y256OC2+o>h9
z!EY0^QYY)c?|;!kr;WSnwr|P}YiC8N;e^Ko8AEeCzZP3>#)sQci6(o%-I(|DRg}?}
zYN#fRydve9?8??=9gLSYy$w+0_;mH;%<`Vl9IU%q?no^KR$lpmT$X5Ts2~vk+%RQ!
zz9=D>MC@ReobThP-PCyX2iWZ-sE=7H$v<In`79?G=^N3C3b2$x_Mj*je@l2w71>$S
z_+7kjO=(TYjzD==jUIR>t`x$0A#pO8W)cqS`vJ)*v6Eiko*wKs{&SPYs*UX_1^Ms@
zE%eI8|9CFg0|c&*wwUKnqT0c(y%lJ)RRt3V<$yY6k2{;kdq1+pT9WjApUZ*kctBmu
z(tRw6T=5ohE^+FnWo|(irJzQu(s%<fx+j1iJI*1x446lOVG#8QhuF8tVoVo*Oe-a=
zQ%O&y?m18#N=y8Ms!F~9PMH|hHCvDrtBAJ9z7`do!mU~=hcM<$+pq)=&qgY2KQ7!H
zu;u^p@xf3<6c0q*;EJD?xlN2;2Dy+eZ`+8sqz+pl2@iZ9p>ZR=Lou9s2W#K}v7%|k
zqHgz{vw7b;_y>8*xM4f0C~Qrf?sVM!WH=A3a>sGbXo!}4v?M4b-<T49@+sNK71T9R
zKhWE5;O6^t|Im08b+bN=*1Z)GE#t~Km_?_yREe<Y>w*wTBMd4Q*4>2HPe2vEGjh@|
zN3-^7NaXO0NdEvPZ&!r?ZQXJ!$pBLXrfjeebd<4dBYqaVB$9bg1ksTW+t#A$du8*?
zL?Vvm6sfG3v}ERJK?nW^C0mXTJp7r#5#2b>ymK{YyzE8h&HZU+A%;T*=36%@&XR$9
z0TDLimSO*$VYg&_%fhN6b*8;kVqrGclJiOauz5;ZvP7{c<W`0#!_wns{y<WWW6Km1
z>kM`aINFthV+>v1+3%69SvGSTE7rH7j5P}JwBJN2?QuIm7JeGoT49g)al0&1kgdp}
zL5c+Mtq>(~ms|1xfx7NR@c6sydqn%Brg&G#0F3aA2jcuZ4d-8fjD8almv$kDEFR4j
z4uohd37Y~8g1Sc8fEF1!M?U4rDovz4%-^V?JqbdKgjdHg5Haf%Vb5xX#;b1f$zF?!
zK4|L~6i_I4BWBk&O|r_UaSxP!1rtgYW0}EC0>DvmYLNzVB}Sf&KB17)Re*kD@_{sZ
z6!hcmVO$m<K%M)^NjgspuG+sms0WzW1NtaJB#qI|`5Kff%twIH1(MeRDUn;Q&=&H(
z4-wj5!ym04r#Y}J;!!CZz^RZg!O~GqFxmUx>kvgV_CBtrS{Bwlen>8q_P)@Br@*g?
zV#>v8*5fJ@#Lzo66n0%v!{lR@d|u9&p9-{W;U3G1CCp-WAA1Qhmc)mXCSjFwB(SzD
zxKXLpd@H(Yi<QqpU<;j={EQlv{AB>YPw8SEXS4@jW7<ijYZ5w}l2E^qAW_Lz?nvYE
z!%Ny5w1%X6@qBQew#D3=hLB%Ik5H}ita-lbnEQlh4<w_B2V*}Te052fJ8E36zAg3v
zP(S1}(bs9%ysh1Ww_E1>m8R!)SXrfR1O0k&#)~O8y2K{~b>Rn$E~bqItT<8VbRSj}
zOgFmr3H{t9Jo_@Br*So51S-XKdSfkQqL{|jnS%Z`qdci5(UM2HtBuk{45Y>wZ^A%e
zbISf{ABeiNLSr{RM^<Q(MJa;zqvn;TMfBJ?x!OXSxR4-QY|73&Jht1H7QRT5g^&?|
zi`0Lvs(<|zS6p;C=K{^C?`5yIZmkICti5hBINI<a*_!QuMan{4iBq@3-~mSAExWB$
zT$hCiHGvwDp=0?-8%b{ozT|}`F=5!EiJ+7&W}JJlf7D%k<eKQ``;2d7S>znBhlf@s
zl!}m%Uo`)rYf)@|Ei<3N2PKA($^iy<V=lS2L{1fJ^EQXe88rItaGJynx}l^$Vw9TC
z|56EQo?T25)ScgQa^P*_qG*}P5Y~yV!Pr)ERMqb8@>tXK@;Ghtlb;Cm=M`he63G6+
zTaLSL-+GG_E@}+<>x%43Mql&FW-4go)QV4E#|}vqm=a^_7qy+5>)#?!78k{JNEQ^e
zq=8^dhrue7cKP#ppFvu}vb}cmN22nJ0#(sS_tS<M>+eI-6#wyOP2O2rk##meB^#u1
z*$8$=Oiw=KPp||iKp~`?La?RxhZ%yvjcjlGk;5x)`<OE2ikfIvFy|1!yd5>+f)%Jn
z`xrL*{!aVruTzXAFJIywm*ai|=ikn#hz3UJ_3{$o#QL#Zc)#0}a+fM>;ig6#cRLqu
zZcdC`j(1^vPR@&B1T}>qdMet9g+0uYqkLbjr;;ya@B9>AmrQ~5LKy_Vd%mh*NiYr<
zk-75gAoCFeaRX%(ke#$Chc4a_?H;zE@}EZ!C$ytmY(W?t>C*Ur2c1e@pAGGmy_xuK
zfh%LaU#)NBvv7bC$h5*q)qiE(g};@;F|^kzA0@v&ejYA;W1nnZPkeoVUY^DuelXPB
zIkK?3eo7AB(fCs9^tCf30mX!a|2+#8(C$Xij5uu7p*oBm2foK-*}l~4?lN*~y11Co
zUvt8aCi0`S?3wucK7~+FQANVW)1P?P9^_Z0EI{pNNcD_P+-C>@#sjF6MFGH%9xj+X
zYndu9u$xRB<*f|(N~<zUs8@+PwIC#55~PADl27}Spd|bl7;-3+X$#}5acDv6F(g_H
zA0`jUb#NF3O)SHs)9LkmqN!s#PX$(S;MdZPBv-T3S^r|qMY0lA0jOGD6bixv`wwSF
zbaZCL=p^)f9JRB7$0ng{>63~A>Q#)88L=?;ra&9u{*@SwKWD#756~-4wPN?IV|&%Y
zg?)y0immochBvLK3=^D6+6nE3v@IqcgEjgbOWkOxk})RDx$P;oW8k?1FLR#<@6RHj
z%?N4@I)NDeVdXZ$r~N!J`HdtiG0)Yy?8#pL4#n5#VAINM?vt6M$hFdX88d!UR(LR5
zvp@S>q%3p5^-*uNw#>=UF?n|m|E#1J$dpfQ!i?=R8`iM<SKi7MH0eAn{{{0`t!hjy
zPJ>)hdgl}iR!EFpt1~Nja}+SD-z9-skp2rI^#)0dzVoRbER9J?a_Nlb#z0tCRksST
zvi{PYE}*n*_vGq)b^<weCrLeY)VJclbMKE@Up))S%E88v<HyJlukomG{A*7+a`?M1
zH*^YfJYg=cDouNiC6czRVm8cITt1N0yr_Q_e~q_M?Ml8dt)5!x;JV8I3dj$t!3eiu
zU9fz!3KR=bEWv8~H?y@|R^*yFKB1Orcm$7A?^N+VdHTZP)X!CvXg<w0E=LT^K0Ptx
zy`y(p?uj_O*1cyoVc7Pm@xH~QNKkAyF7IDz56K-l<d#%T`t*wlN^$lF${yBKd{*vc
zD~xww$Dv_yd^_>>*j|OA`ZA-b+r-e}L1ajWW=b<lT*mJ<dq_rT%{xY9*c<>~)bLEK
z-pS+EQM|PI>yS&iz9xvrP?FY|Rzb~>K}E@yv9NHj%4SQWX|Z?hKDyWcSmH%4+KRev
zg@lROCYZ3Hc)v2RXIgFck+1T{Zd<pxr`K=lk~*vBubvT(dacN2(o4Dc9Idt%vDF$n
zV9JNyvT>itV)yEnpM%H^Mn19O9a6WhUhbI^sYRTnA{ntpofk8}JXgPvVRFn}!Yzh2
z@!0U?1lH!YHI~^$DZ@^lR<A)WLm2zEc?ZN}GFGgqk;YU!!fl3AOM#oVF=J_9IYK;^
zQwr^fAT3#?Gp@`bq5I$W{bi+KTE4>7gT_0J?C>_1){TUJXppHgT3ThrAIF1JHRs%t
zGP+u1PD__#1PmG<0}ZA!t~T1Vfei*?Ejx%FU=k5TJ^GsOp1ML+(<7Kkw%nyt1OPvv
z<AZU-@7(0Ku*^Q)8OY;GvPALsi?Y66f`T3MK<bh5`iAPd(z*%GBqA-^h|^C0-Y%59
z4<dnCzq*h~Q6!PEjj)YJf;E{Y9i_J)(rO!7@&$h1NLop7R=-hbgiB{6snOO$#D*Ww
zDQ}zg5d0AGyW`50D_=(A4l=kC7Th7hxj1%aou(v~2A6E$nb&>f6z;gi8hy3Qb-B0A
z2Ys@~vT>IDRdya<GO?b@-Kwm<FnNRLSGF&qAI!2nM8qRPQqOO-^tRFd&<+cmKbO5P
z`r*})#b!NoJn#C%Kaq8CaoFzWc5#Sd^OiZX3AQ0o&NsuuF!w$lJ9J@5gFxPX@1ekA
zAFDst1qo!=x68J-2Ji^v+BW=Sw<$(t^r&89p>a@JdSZxB<U~tZIvo^jj(AP#2IW}J
zOu)m7ab|nV#WvdR&x7ua3*UR_Hf4|4l9K!Frkk~J$X+2daC*B%Ps9bSrQ0VHg5q;0
z2`lL^Dx@S>_Xs<-U*zkCPtVDpyzr`a-YJ3zV=w5k4=n7%?2h5;Fl5eazKa4qdZ6b#
ziB}V36Xk}jrB%vRo()kZk7tW#!<!Q9@#tK=X@b{k4V*D*yY!K0b2duh(U6B*PThr`
zT*Q`h-6*%x%fmDA{m`PvyYTB*KBk*=UjPJKco<cu+8X;65tkOtU1d((+Q&RJ4QF~D
zYG=SB1_$A9jF4d`v;?dOqxPHGkjyOa7DOG8oSKdYh^hMe7<tA1Jg9E5gIFZLnu<XU
z)NX_r86x3&p~|WMiaqfcGNJlxM_3slO5vCs*D#aQd{hb<IOwK0lhY+9A6mBE;CbH~
zdOJ(1;{dmb%uX~qfELvzXId70+#)7+ZvLv59OX3geja^>!C|MUp6MHPW5WXM75gIe
z^3Hw|R7~^qj{XTgWR)+a^F(YulS6M@MBj3rZo(Gdm?^4;>HjLza(v&fEV6y;0zZE~
zD$_cnh6AzvW3LD6AL%|p9Bo?Ge}PE1&&GDV;bu2eD*7tjKR|o8KG$@a@qMFiG~gPV
z{T*wDhV!1qzX_k%K2Cz-&(zuFd3S<r=E{Mc8>1Jc$2Z!QY47-LPKo?Ie=W8r6ht>B
zYD{bj`a{GFB2~WOZ-%CPJ@Tz)$BQuh9nWANs-{s#xRjPmy$u{Ip2rCgVtD<)kj`+-
zrBc<vA&iEGV+!r-M=C3$+r#eR(WNxo*oba+^vVMT_8hiVU#73?_D_5gwdht;w4|<n
z+{uo0XYdiOXT-Ue*;aGK+AjJ^CVnnwxmyEu-rg~q;l0#zQ$=Y=IUUCJ{h)_J>u6lZ
z>!QL<HFnOtoZ_Hjen9JStFF4bx??wPPnYw?iO+S^ZoO=^8ES4_@_b~@#fgQhm!ro6
zyT|?M{BZ-j&aS)Lor$Y=o@lepViSe2xPN<_{F|z?eq#UAC=Mj}2g?0nxN>#a{5$x?
zf1mRyF1Uuw%(v#uOXZAXrqg4^kS-k8e#bU=xTlj6yOa8j$dSb=;%3nf5X9!jp`)3m
zPjdLcq&EqzI1n@|T3s@uiZ$;Ft{eu{qvS2?#P)Pu$fXF1h@iQ(9mjq1@3F04dPo0a
z;m_9zc2>Yw!S~e}MOUcr_uHB%<Q<oO%9k^NE3+<T#fP64l-{NL&xz*_hQDko#^V+p
zsBylOt(<oF2Vux$b$9}ejyBM{7{a({hO0TPv>yDS4iW`WNmcW(x+*XI*p3KvCJg#q
z2-ivA185L*aKPSGX}mG>Cc-nM<S^=CA{N<}R4vz_<?93Wa#b!iVwZ&X{gr_*WUG$c
zQ_chilM6Nz?@^22D9@4nj8H*ng@fiJx;Ng|Vl-v#+A=BVM)IJ02<C8;>$8)HITJPT
zrI0p=0BJH;t0#C2z>Jvv_6c)acPS%CEpx^_N38q0dh-teI7ZLbJ)VH#27h4JYI`=O
zbQYF?;fzw~l3S6n38%5NKYwQw<f<4`hVv#)VrFBaogR_I$HQ4Go$VZ3d)5lFmRh~|
zq+7htvd`PH)z@CCFYn+@kEg@>>p!*H*3XK3{ZY7qkd^3haD#I&FDHiA)-QS%5m`@K
z+H9D$*!>(~LS0RK47xO?^`#_B?gm;$k(qgYhF3?97dT3lfls9Fw63Pn@@L?c>XMOz
zk+<Y-LMuEoO<u1kJhp@_hhdRVBDM0kOgHc8PLj3`Sz02JFA%@5#-}U^*zSz=5LZ7z
zOwAa~=m9LUWFisO*J=h2sla6HK6E&Wp+u3WP32zqgCxxs@1oV?HOF%DBve7CnCeNi
zHu5PXv|X(*{oh1$qMF$4PBW70GcHW9dmS`&g5-8=F9F#9FBAr}%(u8Tz3bk;=DrrQ
zF;yx=Xh$cgHhsv4l$_A@#>_M^w%OQj_yO%`p`U~a4joHx%zun)c2KAiZG`lKjl_#M
z7+1l<z1|8QJGy+%AM5$L+#u7?4(K|TmmIgq14~(uv(WF1_>_neXh$A`=ELngw{po2
zp{$UOb*gISPS@663J&3`q_iz$UDi&sh}^7~IRS4O1E*s~;Dmc)%gVL6Pi<_)i!OS;
z)C%&O95n3PNC%OP1k4f`$-^VI5o6*Z8RO^++XW8oDh7ZVpF!lP<~>h*jTp$MXVU_X
z82XzLzi$<F@0U;_L!0DCpX&JZ<K^p=mtS*^>f8bPd2^-s=C?Ds%uAjahNL=6B(7?(
zOxuy3T0&LKI}OjXH%*o_!+MgUKqlXR&{AqVE#-X23c^00e)Hro02@|{L*yJ5dMNT}
zIo@v0H`j#Cd%46?ti%;l#I@G8y0Lxb7QcM+xW;NOK|oEn-^wl8VuX2!b{i}Eo_S|R
zI#F>_SPyy>Icu>QFPF^~xzJw_&YxH-ZC~ejR}Dz{idZ^fbteK@f?i0caIvm3iko-r
zr|ktAl1i-U>%6fp3K0^rh46iYFIwo%b%y<Tm6n;xl$cUlUr&_}0lX_bKMp|LiCr7O
z&j-sU6z97K%SS}8Z2WZJ*CYn+p@=~+M9_O?q_=|-%O2KAQgBC=Tu`3ZadhpXSen*=
zN?G%HRx=U9fO4wRH5ysZO2PP~Lr>#!*1(ld_a=p$FoS=95KAu;8FIE8V28RIXVy9s
z5MPI1oj)Bzc}wZWb`0;Kr$%L#R-?~61m+WN#&&Yj%wv0bI7ofH6aiVkVJ^az!V(V4
zLs-9cw*x=bI+CJ}_yp8#n~Njy8GI+kJ|<bgLAx+RRD25R-$KVN1sk1BL<ffex8Vt$
ze@ng~BSa^+;hdNjjc3$OPk0ol^Q+?^H7ihPee{-S;53f?kSIy-@6dile561qD}KIb
zfGd*Mi-&81y(&#9qRs{F(LGu8aNb#FVtE^v&b{_Hf?#Q>%83{)-V0dRoX*HT;7pE|
zd&E2kv9!{M*3=8^;jqeuKUs(z9J_4;+U8jMlxVe(@EuP_Qf7Z1YxJ9#d+YSz<HFue
zI5RJ_meq&*)?;D6xmDLI?7g$J+}j!F&#%1YRtogwQb0ZelTFhcR$R!YL@s?G{f)w-
zcc}rtws|;lb&L~2+9C+QjuU>l5HHve!oguY+h;OfplN<HOm~iTf_hUSUY^bcJwk-0
zi-w-_$Y^j`AWB|!=?AMGXO3lxr(nW!;1yYlf=EZ5*Y(!Bh16vnLkeBFHp4;Kb0Rbp
z44(+_qi7x@wCh@PW{4pzm8YO+@y3jPD50_}1vb5WR~rpc6m|}L04}8eNIH(r#!V3Q
zuiq%BEE%EG2x{jV<%^I`;7dS1{2`h>_m>nsY#LTy2%2UddG)_1Ppk^(D60e2^~xpt
zqbv|1jCl-ZvZHzRCX_kYi?(ZqXwKZ-Cou1(p)`}Utg1i8Q;0>q7qX^ufj%neYi+zF
z6Et#4b_kz1Oc5)6kGUp_HV^V?!+@QyTfH44O3$X-Ynvj1A6fqJl=I}q)ke#K<sAH~
z{HY3UyJyb{{ZCxU6gNzoTRJ+>OGXzV)qM<<#P6Yg*jU8S7Pr$+^6(mF7_r+}l)YqJ
zEwcTNK)fG+ku(W40l;;~bJZ|Dhi<_W*TV$7FLts{j(aCckTO}Y2j~Dkpx<_-bI?Z9
zMsyXN!<F#rY}57Xx*aT{{H5UpOG=7(vrHD>xO|sHq)^xWn$k{d$iZT8fCex0!|1bK
zy51#`mlTay3aDPx0U#u_5Wh-2O~eN4yn7|;TR9ur$MNcJN~~o=VT+@rgj@}RBIGAv
zX1N*9*|m^Ijm5U6#mTaVqWEvFdoI>Lk4<%${5OdM-jd;@w!U*NzD69eJ`_GuLbBOW
zP#8nk>8PBVG`_H#2_++^@~TBJ8AFN62$BOkhIGdAHb+dy>DCT0R+C{VAxeDEQXqEm
zRHI1E!3Z#4K@-bF95FoLVv;t{y<paNB0^m#?$TqNvaVTgp#W59TLO*zXmIA5m=SC`
zTHx5q`<iyx3Zsq-_mtWKWnhq%at7Fy%U133e1pHqj<9@I_I*1Z`CzZriUojx;Cx4@
z=s_3Tg)4$jqwzV%L{$R-SdceMCn~@d<LCHV5+F<F%Dhf0-yY;1x7bu30IMs0XboVI
z-U%61yI#&5v`g+)(j{);0A6U4eDKM@ArpW?M}C3IaPEFtKMkyER-GaZZY9@-1-47M
z$K@U6_$fAN=WKSh+S=E{mrzeaE%WuE9t_&UC8>9g^V@4MD;OikM@iijWmx%q!qO{2
z&jyJh95z%hxPOXWqu@-2r*6363aE$FA@nf#mu#V0t+IZ3dwkC~J!+#DY&v8Xa{H?t
zSqW0bLQuem#4nB)W2&*g<!0OHEzh-5heiI;0|ivwT~Fcc_5}w!JM(KKgLP8%MSsR5
ziQ3E$&}9}rAV&~02{Bm2IFze<0N!M{$p92m-&UQS^LG&le5~`eAznfVCk@(54fHIe
zV;-Gjrf%Ze(j+K~`1nbUkX=%4s{eME+@rnhsPkaGn2P^waK!HjyzBjAGWrx@S#49&
zo@S!}78u<NRwQ-w3gwT`x=j=PRGSon>Jm5MR({MI5$&YXeS(S9R;^z47Sp4NcstT0
z6p6@p4L)x7LS`55xVTy~>V@kK8|Qg7LJzG&XhdtTlkeQl`%A3Lp{B6c?_&#o-_xVx
zi5pyO*Xf9bz8XDLYjS0~w?wlM1x!S=Z#`?`0Z>{mz49UJ$`uSsg(X65YkyD+co%%J
z`_=|b(@Ga*m8))^aXQtDmp6KNvbK+<a+OB4&(Mcm+hjsLmF(KbI^v#j+ALYqIv_JI
zH>4-+oDP*h56Owb*6xj$;$#sd?v^EPRwRzB&QqpnCpkUWG!q`8#eNec!hZl9u)hn5
zr{pl1(P)(5N;lRev6$RfYL_9NHsu;l=mKv>7Q_d|PONr(<e@{|<n*F93K!v$fZ62f
zJjp7ytxp2@<cCSHftz-YcD0Nq6)mOY6A~9mPxhKtcjqV_qiT^6B`X^nGp>L^^-#;K
zNQCP28Cfg<hoCQY+P#Qm0rye^7;p87WOFYE5L2fI=vFa8>^C|b#einBmc$qeWKUXH
zz58)@o(&rCUFuXY4L@UIdDG0pi6-jv22x2u=u8`RVG{GlQlR}O!eh*EdW8iXBW0L!
zwZG;cf!9*2R)!XmKr_h2;x*jm7VlZwFB_sCcE)8>8=2jPS#s(QwM*lO8Df!4Ndlb$
zRyh(FeQhFw2A-f}SWr&{Fg;&S)|AZS)C6H3B&{iiTLn}|FOWMQa;U>@lvvs<yBzC2
zQBuRZQ1~TDJc+_ZIBTss??%m|ct~@M8p7>KI7LquqO!*Of=hNwcmjStR;C!Ea|qaB
zO_f}o?Lul$rUM|_ujLR<;%>jHw3e}g)}XB2y*^M?+#Rh1(ZtHs463!E5BiJtDn=Z$
zR)^If57#e9)S8XF{A=^V3kFQ4k(Mw>@MW0Z+LJIDnS02O`uk|;$K<qQZ$3qC3S$sR
zeC0>&*mV-3$8bNYK19Sdf?v%r0Yr}f08Rk;A<QD*2mEsyYxHpPyAh-iidLlJ(%zz)
zZYn-!D_#j0wMMtR_@}z2b14aEODWm5n3_JB6FD`<>;1V~3Ge+{GUn*Ly#TT7SX!{U
zMhVsr`82D3%?Uk*Rdsn6{qkvUw?0sZSM)k5m&}VH4BKIiAQ@q(P4~s+{0Y}nhJ^Iw
z*3?j-jWM#Gch;mNc{CE@UMw}y#Xp7%j-dZQoEi;&|Jao6@L;*~dimG}+Vb)|V+bb#
z3Z1)V(?ZZ5LYy??_+-eSta|ky4z(gWX#gl&AKeOZhKjMxbP{V2EC;XTwHo#fcfkWc
ziKyv^vz|<pA`69RO~S8axqfx=;V>j70w+DwjNMZxC$5+;;O|ZcsSWm#ZQ(zgrH*V_
zH^o!e^-bC2%rggIlA5{Q3@d=L`MQR*`;_WL=fn@~kL~QSVb0d{3sKP}!gWnL+Y`fp
zL639~D|uGE+D4Rs0tAyncq3ke<&>`~ds<Fh=pTCS4?goU@SjNuN(!yp4F+`IlRHJm
z;v&Dx!rxB?&#xonzsE%*)9cUpxWw5H-K=hx_gCm*V`JkgonCeiFVEZH_*w3Ztlp1*
z7LI*(v|NcI<&S;COY21Bha{f;EKl964GFqIjIF2?TA<bi_kluK%+XBk)3x!Z=jT4Q
zAf;@`PCR=g;mM2^clKL7&Bvgpon@CkokJ2857cKC*Wi0CC2xIj?O^66%Zl&n;4q7u
zeJ~Q{X`+TRsI@Z)H3j!Qq}JK~{yFR(>l(*P1kox4>ixmfQxZSCT(fd*l#Sy$SJ9+y
zI3>=Ie=YOz>cPxvADIfxzfi|RDxsf0wttHSdTGgeLuks}ZmsG%m9syv>}U={pKE2t
zP*B`lH`{hP#)Me3<nvfpl<lOV9g5vuw~u9@AM91`@~6;j>+h71S+X{@@ddi;?H-;d
zf>6_^DrS&JLkcZG5Zch2C`5aXiGv7lZ+nmQN!{p1O39F;gFU*k`lcKR6Eh5CNE>e;
zq6-{U%q^O5TP7H%RV9kBaXSGswR_=1&YyD4T=W}|6v7ID5d8=`_jXLmHfCl=^fsz*
z+<&D;+9vVE#?e?+iii|El8GIaJUc1h>VuQA!zAu=Pnys3UiK{y=x~wAVqy_v)D>c`
z-7)Mjg`{#%^fIXbI#LG)=?!0+@;Tk71McCT%vfHAD@D*=4-45dl;zyL{0GW(itf)h
zqJc1FbIu<aCRW!#O5n`=4IQ!AG?l_fyF@B^db;~8^@u#&-ufzX(|he4`tPQyh%Q@0
zd@lZc$u!m<WwdG|K9*BM`&L&~8ws$8Jpfo;D8aNgx0u4S#nQH7phK=)6v)Y3fE}8E
z4{B|&U;RbM{1WDJw3>t~O6xl4b^^;BX*Qqka!&Cn6tU4}i)JH6xZsG*#xM<{XG%yB
zCYA5V^W(breux&@D8~Uv{nvg7iZ7m0rp(wO%GwWr(3Mp5x}>SAwlEw3PNQ4#S3wh7
zNue=Jb)^7U{nc3`_UVWj*rkc``YvC7A9(i#?*s<lOE`#{W+sVme^(8q6leA=tN5jA
z&_60q=0X=`k_~GfpamIt!Iz4-SYEgQGAmTWdg5lS^QKjk%GIIxGiDyf4~nCZI}8L?
z%n56rUH`t#sG0T3|N8a%gGeL*HCAxkkRByiyWvmt98^k}eEg)vD(288L>er?`mVd`
zkqYp}p9$rO!=t9jzvmr2d~&FfXc*^vwVUJ_oM6jVScx}mEsSdpaE3Kw1r$Fr-;b3_
zG079YD3o9E^L5jmkxQtQvs@ia*S{4@7)w7-8OET%1>7RNpeRbC1ZUzCY~p1Qy@y>i
zOQV7N<;T|h!anowj!#ywZdV9exa9J8T0&C|%Y_4_q1VJ`agsZikvIQdw>Nx8pq_y$
zft>Aagi;vi9yo9!IR;fyV%(nN!Eh>Ff^##_s2ExOaZowC+-*R5kzKZtHChd4dRD?<
zP_tgi(hkMdEL!&#@8Y`xxV!+786%unI!A&ES&*GwX2kyq+-bKDYJ01P&PU!o7|#$x
z{9gfNIGe{;ED&+1pf<jt^*BA|^zglK2LVFCBPhGHv2@1m#9V}%F*zqOTLSV#t#*$w
z*NkFTWSA7;>op5GO<A-t)@eqA6@ltr{m{97%x;={<Lk^S#htI%9g~VpJD6qrIO_wd
z5zOkTQRg#iQdHsZ|D+Ffk3qq|({|GIT(1@rS>jfOTW^&I$8oMbJv}*DSK{QW&vuUQ
z-JuL%_t}P@13OxgnZq$O95Us+ZaY;S7!21;-U?!(Az+;tNT7I(=cfkY0H)`PoSm8a
z{OBZq&-*bFop482IRz=EyXj#?e)PN6N*?7#Jrzo3Zvd1w>6XY%2`EGK9MfVdOB`q%
zl8wluT|3yMTt#V9wWedt?Fnz+{YZIm+o+_$r-<Tb(4%<1@h8QUvLT4=ntuP;RS#>`
zEt9AC`H}s6JC5j22m>K*d1q`)B~^v)R0ka#Zadg)GhO{?0R9|D9s5~3@gJ|Rrw~e0
z%b~;Edksn)uNR;j7lhpa>K`c{GIBn>RL8`G1@s*9U+Ep4!Cbo`Mz-L{?bEIIuur@G
z!|XmdX>T#n9@GjSMb~V`+rm^D=Xx|VeT!!k3N`9q6R5G@Z`Spfmff*PAJ*|&{K}(<
zLWv?4k3P=yg;tZlu=zxvvI)voYBFQ#2q8AHlk2AMWCy6RAgfPwT7AluYBlmd$c?c0
z9;nEgr>RE!Q0pZo45MNgIG)6<#aPPEGd^ZxxV*ELB;o$E-QDQPCG}^gQb|*`+=k-J
zOqZgnT+oo9szh_GcG#YzIZp?t#^g$5ad;)>+=X%$?Y<pjq6>_voUj(_PEoAq>Ah!s
zx!Q(5`U`X@KnceH4#apiwNxg`f#m5)flmZHSIB!(GB5NvAA~%E@CX~m8gRw1P5?%a
zt>-M%BjYMqh}+UJB<xzpx$mbg`SK>Swi%4T%uxFR+yiRfw9cn_CTU%L<02usem5%|
zGW~avtJ&YpAdPC+xOQGBU^2a8N<?=}`pM!lF1+@QMhq_oq+wH~9l}Zw7w9;MzqWfO
zH4Itnue3Exq0xi}Yc_dW%&lyuR!?g?uu~}3lsA>HEduxrHm$XAnqdmn@Ef2}%&uH4
zG`06RGxMkiMXPbMm^loFF>X)PtPT$nM2gMMKQyLQ=)>Xb;d-Z+c(1?h105#g&8a)V
zLkDqEw7GzBWjcE8MV=Gun-Us<w=8JfaCWVD94umOQ}0Z|(VO&kr~K%|_U%Jp6j!fX
z^fNXsIz|+g=-2ON*y<SWQxjGxWN=BSq-&-xfkkx&jT`pUg<|7(!zQ(@?s;RBPdE8Y
zY&hMnXe*772#gG*>Mv;b)oB;(ijeMW&321yJB$zHU6w`)A<`@;^*G}_%+yuT9Lh$W
zgYPi|X~(2>otQzj7I>-3pI(KGeH<)IahOyXG_WaiH@2=_TiU8da6#~JpY`Z=&6vz!
zA!yZ#$_h!~^qOGYB5N>>7*&w6(?}Q~)HzhuFtYu;pJ1gPBwq~o!2G@p>H#=^)tCo?
z_lQCCFnFi&Wm67zFZir=jB5Xy{OzUO?UjKlk+{V;+&s4;4FZ;=Ec{RowKG++Z3G?s
z=~cWX|NbA}7%Ub3V#DL~k6$`E^0)u=i2qH4WWNyL_W0iyXJ@ZZi}AlNPEKE(4e`I9
z<N502f8lf<A_VyQVhV5Sqkyk3rmca%dK!ouYh!`aAo)_^z}FYkz7fH?=@1Y+1OyKO
z!H*yy`1)eHT}<%x#dHV@9>RkA&a*nOM*n$au>R{nfx(Y2ME38epDjpss~B0YwdF_Z
zo;*ypp~*IJUq1tqx^kKxAQwv(Gs%OBDjPxDBE&!PP}c4R^jie^x`K`@hc^VVK8hgL
zF7)$x!dNwix1${}fK(4#7enfOu03u7f=dq=Li$LeCVw-?<bhnBhj_)`Q@r93Yxf0W
z?Ete*rAS2}I%3Dlq|@tI0LS#|=fD0RJutlLSpR|C(DKj%SkTCR{ZNqwcl8BoJAhQD
z>O$x^z?p$N$0gQVt+QqS3((U6IAwBe@>ING5#7cS_`1}!q`IJC#Em;?$Fks>0TZBD
zs*X*tp1?vyJXO{YMqd}kq#`^H(XQMvu*nD=L;@_+D+b|knotBZp>rN-?y&d`F5)hl
zkqR8qP*EC|2BeDIvnV<yE4b{CtGsJS3ra)73XVT1ifFF<WjP$PV{C)kVQ4{4Pfn__
zl_qkM>ajt^-$ggv?xMeY10c8}F}q{ZY`{SrgAeM6omZ`MuIrtWqETI1*Y&jqZ4%Yd
z=11WNJtD0kau4h#{Rq9Gp+p>s=!QvhMkb_Q?}Awu58^moC;Sbr(}U~u;5ywonZb2>
zzts({)4xmC>BA|<yY<Hp;AD7EAH&{?@Gs_qoKU6Gl@!^s!Dd#;-(*@>0%76)7!5a)
zA}d!kX1lH4mX;+nt9b@D>cNe=3YY;8x#!X2p}{5jcj1!U!~Zu6AJqT%^yJmq%c}qH
zi^2c*b39+Y|1X@*L-_xGeADLt`|(Y?|F50~BBEOV-z@xM{=XmJOi^Fl<^8K04&J|m
z_wV5S`v|;$KfdYV{Y%ST2LIo||F`cvs{?BSko*7YzYgU8dpMUhJ*fw9S<}PTxvY7g
z8(h{Z&)~8)xU3B>Yu+=stTjA)xU3D{9fju$dw1;Qr!i;@AMewk|MP;J_O1Tiq5nHQ
zd->|@tX%*5<mA<$|N9)zSE>K=Pv@?xzfw)ZT<e#=s3`or@0N6ZYk#!QrsnhNZ}tuG
z&wKdvYFiQ70|a<AOvIfgg6w{BG^h>-)nNhpgX-`zs1EaM-A8L!j|AFu6EqB`k}deB
zE_LC#ZRlx|Xc&?Nf6Ng_w^j)x53d96s`c?oSGX2ihh@$ddV3eH5LC^GJl)=DtAgri
z7~*0k+q&^44G^qA(Lj*f`V`Xm>T5unb;8xiq-1dlz-ZEi#YRs8Kw=^Jc=Zk<2n_n;
zaS&ypmh2+quCF4hR^-{F!8yN&cC%JGm{Y}r^DM1#X(}F|?`=cx06}L$^^f};Aj$N+
zgH)N?7aF9l@C!Eq__wjRkF}^MYZZ)pA0JqYUdq<T2aD_dz**EF9~J@mW8OU1ZQ2Tb
zP*OAZDQecT=$UF97ifeEU^&1Q%3<&n=L6H($!S|M8a0$_ErR1pH*~dwFu*9q7$QeG
zF%$p`4>XC#m>-|Y6!>1SR)8u*F;KCXQ8niRyq`KYMaFpZ9ZeO{XU+pPbcdo;UV$wO
z-yPw!7I&<zI%FAKd3%V$GI+%M75!I%O=?!*q{4JUN|2>1A^ESkLUR@?nA=BL&BOXP
z*Mkx&{MumD<+a$`W3jilqG{i-7E?W1FI?X*E&YU0Lw6@P#WozAEf!4H7FaCdVB65g
z!S1*HP;e@_zG#v}99TG@aQs(>sZcCCx1vy4yUvivinT@OG`MAPxI@H56)o8%PM)sm
zCo`G32siUhT4t+BC%RtKPggj^_afYUzp1tERbl_W+N~7v@QJT8gUK509(vXYR#VN+
z@k!5kOkh3F!4KYl#Xbd$H5SQ)`->lik&g+78=!gaO0`#WFHtaRrY^|blcmNll$@Qu
zB+ty^$=f*P>4sbjLEcfhWY1j@!~C*0jCw+z#liyWc>^w32)U*ysAONCwOq4il`U*A
zPHFocF7?}Ci(P?8+-560S#xFWKARo~+~~X-W=8=@v&XMaPRO%MD?OtmNZv{*WWK?K
z$0}tsd^8)));rzgYPZ5Rrz^>nMzG#qH7pc%_kP8LRpG)~2XRDPP^XZDT-{m#LMU^S
zNo&p4LKX{np8fgNpI(z^r|<a#19O*KQ`7HY;56s12RxhQtS<ylO;I;*KP3{YEB52<
z3SCN(3aQ+9W(_SYHmzCT=SVDhKqC@}_1wh%>r=PL;sArYAV^TtNtz0&$oYpi<k|oD
zA5A->$;HoC<k|oIzt0a#&|zK7t$7C?x`nX{R<%KlrJ&qZ9!F_H`u!ke6O;>$)(!d@
ze9Al(i|IT<;T3n1NR}!6o4+d%3<tGh>ogObf%voVKfOQvVKrOJxt$628q@3XqO(x`
z>WVGQeGkMs5vtMu#qB{o=iNVSw)kzXs<!j@1;s>b5J(@Np)QZ1o&1GLMv|tdPgc2J
zt_;0gg&xpRXp24Rxu!0QeycryuTb1Je8pvu@$`Gi=xv=kpja`t(AY;{_=3#Mn+{>H
zBgMgr1-DZsxo7}Yi*HRIpPC-NG{sft^RZ~fR>*hGASwejBEMre{U)ShaeEbBNMy+~
za7y7ZQ7MhX`380M4I0=Td}-J=?19G^a7U@kL_sc3C0{O?G+dYDNz!<$U>!TfS}tf5
zY0>_TIZuz`Q2bDulm(E>#G{4noUb$+-Xx-%V*pI&J>|}Xk;;wH_e&N)3EF4Cuu==`
zLmv<Gna!hu^;Kz7hl90daDCuXMU)URp~?ulJhm^J@%llxpbb@vHC)F|?$Wd?Fqr12
zeH3<f5T=}%r0hXeEVk;}b+fM~Y6Xr-rgYoouRL*s?v(tc%4M3-wq`WhCoq167a~qs
zoL+B|UL5D!nr^ku>H#)rA@0Dm>-ke-(lcX@^q^KhZpa6Z1F_a1v|7>@5vsCP4&w20
z2hO(h=C(Txu6ewh$Y0a1s3_wxD$3R(YlO2{pfUhBa3ko0dUTzsv>1V6j(WG^>Gb5q
zS*wkq2@|&7ba$M(II_HDQJ#dOqd&3Nm1mzgx>Oj+(u^)83p9;d(K{|A$>Nkpgr+27
zwAM_6z6StCNZn_Ah=Uc4ml)(j$s$WL>HK=O<r!&~iZ?7}K_8RNxohmDi*c^=f<z4c
zO>X=v*pxp3Z{{)K3!739Jx?@K$Wk)j7_&8)CXT^%I!ncxraYj{$^R6luAs)(CS;P|
zu`pNdnjKcTP-7M1=Z(k!BU6qGyW#fGI04KV0)QGT9j>lv#7M;Km`JvyGK@5N5n8r3
z_0`RiNytOg{P1*4eiZlYt~rhYKFL)oBoEvi@6iE^M)!210D7YkcMpoCo6TySDQ=D)
zDCQAbB9Oi>h2gK}jNGy$HL1G58;J<nJYp(r)p>LfupSuEhDa6x*QObj250zo>thRM
z2>Ft!w2$+|8`si94A}iQ;y!_k8T=;({|WazM*oR|`$Rb{Q;SbTE4^v=l&}^#gM#<T
z+w`0DfM8Mz*&Xt%TTSV*z+HjkI}Wg~2Sg@gjY`ariT)6eNyJ%ZVdz5HXb^}dZ$=Ou
zT+p=CY!wjWAFr>cWCrmpBoN^)$s{Wn2iC1;y1kV3kBrHNEYbzA|G&CjfxZ8D_0G93
zAm9O3&sIXE&7Kb%OOKwTRr<d$wCBIc9hDrdB6-p)NAV#IXRKIb@RW^6H$b(Xl^?I(
z?UqXn=hz4H+AztMG>O${w8mA~q@;kQOQ1dML3wJ{xNCyLs*8FfjKEvnhmY=SFH>iH
z9*eUE5=cOC)echK!bDeeHSC#_?7-R7dIf#kLndTtF?fkW4i<5ZlYzKe6?l7iZh9{?
zg|PCL%j^K#1w6}Fo4>6ljJXQB{TA01TK<4x<vWCwW6*fpVc0&LTpzvd_Mjt_9D~JM
zhTJiXyiW*uLY4YasI-lTBz4(6^G;Px(s^AG-Ku3_hJ(~gDZ6mFY!}<bH2a_`t_}89
zX8XdcHQc@<)V^<+ea{g4hY7FWJG6esuzIUE`oYN&Jx}9RrK5wxO5D2`LvzB~$W6iR
z$|<;7PGWa12;+&^*rH$Jl|_`P)uplYZjp81=m)=J;dofP@$t5WI(SZJVOmTTy)Mc9
zii49+vdLvZglWgfa}jPDtA3;cKS%g_%|cF77HzNuOUI}vs7s!*s&^<?C5I=j2w%oR
zcBXCtGIqu8m{bhP5aqF&1)V-M!HSHo`y_V2UjGCFhRT9fZZkQ?H7KBU2>7r)`wy|6
zL%1y-+zRf1C+mh}-)@XPxTr@C2ULCZO@RcBi)rlfCoKC=_8@P&)!hVzT&9+6z)1rs
zqn#6p>(Bw<T&~F3*~?=X1by4?c{iDEg)b_v)U~9sYNtSzJW_tQTE4v8sAbuCM6D^k
zahW>Zn<w@g7YzGRgDu)fjzQ5h4s+ctlM13|kv+4LG3fHPksbDfd&+~`mSR&Skr-MR
z&n*6=(5$Sw6*KnPzX%zAdSpM{e8>Bdpg@RQzD=^M3+PY>4IHXJEVe0<rh)Zy9CZ{3
zt4#LC>+7lRR?o|t`L^a^vXADPz!1SgGT#{FJ5oGk<a~OmjuEX>MgEoE(HYF3Z#}i{
zWKg76lD5j~D>A#;yRO<L{^WY3gCa!HHJkBt+xZ>MOuyo3(z90j*F;1-*mTdd{#vm+
z7U|<PUW;FO6w$Ge%L$7|A7}c?smWj1e4@|C1my@dnXz<)5SrMDwNub-p~Ql$DW!iS
zjAqbj|MP3HE#U7pPg9L_@0cVsCM*u*Cegp-l^A*qiPhIM2xlF|)yP(7y;tqPK8#5!
zY08#;@%+p*FM8Jq8s-VS+>kBv_movRy}J@w9A1ezcb;XiAI83G({{9sYAoJsv2GPR
zdYs0t6lXotn}J~*E&AqYwah-($pME2c*(0oPfMySo5tfAjobKjW8IT1;EElC+XrZz
z*?P{Pd=$=}g$RBE@NYS(-9r3B6=BKqfmNT<83mg_jtzLQvW5a7(JZ5xKm4hYk1`u4
znaZLRoMYmGV*WC<ngYg6Z5PiP(J&~8L~*vBGfAGkIyrfMtbcMj>;kb~(~)8cm0+F5
zmI|64zdCvGyh%W%%9@+N+5-JS0=*Y#aYEk@N<zpb@#^Gc^y=GhpC1#^=v7h<AOgnr
zUXW*JCuhfJr++@SgM4oHwU%>Y^c;O0Gk(aMdPYSv!2YfoA&aym?~Fre5H1<SL9Nun
ztM6_5G0WM>IfI5_y_;(Vmgm^AfC0;<e+(-%WA0?1(<7SbO~Z`z^D!%Rs`U%aJ(n88
zkOXLTa?M!D#$UT$Ti2{nvQ0HYV(TOY&3&u|N;j~X59mA+sv7G7J*1x~!W^|Q+XB7N
zs}|~Zg^ik=BE;*DRIY6@UTElujtccgbt{1Qm`IjH6qptoZ_v#W3gn7-5%B>2Z6^6B
zV1LDytWUP0qnaInz9oyb{v{QSC18oOQmE?r@7|5JQ}69jz8hFnT0u+&>`4^m-`7k_
z+eF=p4q!6((dJYAU%M<b8~DynPD{1raVz^*u8>>Q)4JkgDD|}Da&Ur5JC>^L-mP{B
zD3)Jr)5`Y|XaYKG@o}mE=i+=zPp4Kr8I0t4JAnq^T*K>*Mm(e`^Mn+?(p$S32?p`2
z+;K(Nr&LmK&x1>J%QoaDjnp`xH<}FG1aut8^ky%?MSpTTXu1v$2T!Af_krhSr|41k
zm|$#s34q{L!Zyl4QKmOQ1K_V)w%HGmJjUxayXDC*O!7rv3Hh?pu~sk9>XJ#!PTHb^
zo?Ey*m7RVXZFjCi(n@8fQo|qj&rfw-=~d@u31gFI&DvChd!GaL|Lf=nOD0BtbfkEf
zR8lQVUNtc`b>7E*IG3eO`^X7v8q;M_N>HVMA-im#Yc)geL+Q-elc(tVXl7u3-CAM*
z-R}juyPQXnxWCBVM*HxMZT;(RQ9FAF;<-(yxQ!QU^VO-Ya0{-usc(VQW2=#AHZroy
z=*L#!1oPPv1*XmzvRX!<fO7FDpPzfJtoA)iS0daEQl@VoNMX~j8Bjk<zU1*cu6hMg
zwRAW6V2rc{#!5Pmnr@ANe#Y)dBPGxY=AK7kKxJs&lP7<C^0<K1S14+O6beVXfD1em
zQl{k@-N7YcW{`&558YRrIHjM+GneRCL^NK4!6ms}PC%wenv%SJHsHSfl!&cl{l?C1
zmlYd+<yh@K{dB(U<1c<*?N!W^#n(nFPxDoF(6%)NOI1LFRTD3`e<mv$hQCm`>CFS4
z`|WGlUi~`vd~8xZ`;nP?5-gmU1mb8L$xl@Mb#CJ6^<mm66p+~Tdp`<QSD>#739or!
zuNRqK(?2pAp{>WDn<hw@q<^7UQy!yZ^yfeIb1Ci>lYdp}2Og!pPQv%5%WQ^S>O=t=
zLLy4?*U?{Rv(eOrnYC)7(2k+Ip@ZD%KasTv*+0)C5!~*!wI+xcjL1CQOu?YuV~rPe
z{YtI`7`SYkjId4n0%2V{X~?~J^$$YDe9_>J+Z4KPI<@bWAB;Uh1yIvHF7H@u#_wEV
z%U*$)lAo?$^iX|PS=X<ySKFOJTmnjS;*LqlLo?3zrORTHGVivbFzX*AT{8pe?bciA
zSz0l?@3)D~3x+}7uz0ioO8c01Xo#7QXf*BAP;QxEs%8!afEiF=P1R-vx8Ym#tx1w-
zV|A~Fa<_q}Q6po))58+;@bGCi?CcAmHny$<LJLOIOtRj{`{)fzB!d|6@4%;a%H*1(
zyP(13Hs|e5ivER=0h?XVdh<>{6gsrw;Mw)8J<S5UV{y(Xc~$_fz!PaV)Vr|vyw74B
zPH3eiTi_o@MBcpp@PGE9AS=z1f!BI}A?L?(pSn{Is%T@TY9#R@3QYzO&HU-PfVv%d
znUY)g=V$b|dV>yuYZmuWK3w|k>$ZB$Q@*q|lq|ldadVh3TP#?Rr&94b=wmXQy~BJV
z`tT#2QFz3S3u9v%B|<)`3<Qakp>;Q<w@i^Fq5(50u=J%khJ-QTsE1z?F^NP#BfUvY
zZa2CMIBh3Vgc)8k<ki9SzY!U^2hDxNZyB}>bBHwoBEI8N!~j!(;hG2j2jD6MVx2@R
zWpFkLaKAiWHqCQ3dq*V0C_$A2(&%}QU8WhX2yG3m>$+V@8H@I*ty96g{_XPKZoxhy
zqhkE?6~vC9m%f%3tw3Xm#%}&7Nj8so@DuB`MBCOH*|0O%00CvV0&$A`IQ?nbbiD;h
zq{i+kd4GBRp3pR<!L9M_S_rvhVZm;+)4IUsCz<TMe^-SLh0U|C%+9rwtv)+vaf{hO
z7dzPmFgph(?fFOr#--rcyJZSc5m0M=^>$%3uFOp|TE`x2MoW4S6@9*Gv_Yhsq&^&H
zdNiB8>qVZ?2~sH$aN10XEPo1_8B9^G5Y6}$4X{Wj9HGvAK^sQQ6kB8w5-cP+cm|OX
zP~;i=L^THZjy&;Ao?03ePnux#1T@J{niAP}xzno19)MjA&)Yban<>-;w1frxM5Q}c
z7{%74ire?lU$b>0B$b=5cM++&MC0Tvn<LZE%e(n{R_Ru&YUQrg8*J6E3bXDz@KK>j
z!eTEHeFpi(MlL|ksj|$q+A*h*=B8OBXrHuSv+J2@T)WJ~yjw(c>93%fgg)rHW*A7^
zZ(XKwxzx;vE}aKX<3wAzAmBbt^1_p29}SwSF^zigeT@b!Sck_yfMw%~{iDm*;xcdQ
z`CIUK<SanO3bKdig;(v$IOO~FuI5Z*=|l<>&Q`C@z!K*A+b-|m0o)IHjLVelAKQCv
zL*msw77A!sU*!m2StBSE9a?8mN@FInCNxsn9Q5%jW-CnKxC0f2oLFZsz9rY9$^G{|
zjW^`V?g)nqAsIMC(?~KJZtPUuwt<~cEG1J-^L#d^CYCmjql3WS3&~R^!BT4im>O)c
z``gt@AMBNKsx-$O71ERh?q{y7duYS*p%S;}X{3xH8^c9RR&y*tZ>DK*$sLn4Y8cc2
zjGG93oLgw)u>i&?UqkIN6GCI_`bf$f9oq?d&&RmqilxPzsa)A`cu!}ddErJ!DYB=t
zlz%UuB5)k!cTK6qli79=ct@907lfCi#>=TYwM9(WI4Hq`GT*oebf{L7YH>SezTf8M
z^bj~LxnJ>=MO>wmr#!Kf-8V8jWJz79Pb2i+==LOKQKbBJ+f(E--#;{lM%l-ZR4AxN
zZ<*bQNMLGFbNpe7BoT`D2pN5*QY!PS2q#+~xsKS;eyMfx{OXs}j$rcI^y-(>Jcyqa
z;HR|o)1C}QKPB+`08}hu0Rn8nrP8Mk7?s9iX>REzprjo@ty)tzRNpY=b}g#krZx6f
z`lhB2{nN}{mHRd3oNLv$5Q_s+VaP%yq5WPi)E-LSa$!Q%YLf#ID;~1GxldpiYU1TP
zDhKW9Gu_7ZCV$b0uil-njM-h&B5HT2b1#OM1_4V_MJ7bDMTYewEVt|PL^;~88T6op
zU|Z(4i&*YMDB&tJoR3FIB)bV@2XTBD!ng}j%*kHMz`Y4#A7a>x5bj6>cLP>40qjBI
zI?3A>d90erT9-x<aO@S0dpSkU^47)7CafTNYH&ZZQTr|By!`g_jZv~*T)w%|K!gka
znBvqEs?_zn*#+Q^3s#rZs));`<qjT7(}O|CpchZ&;r*I<7fDBzP=uk~iwN_{hcu=6
z1;l9Nx^Zy=Fc&ZO4Z_^5Vrp+BslT2^3csa4vppHnU++Glm+?Xv5EyV^hK`^na7_~h
z%A=+O3Wi{c_FQm(5EVpm9jOs+??~_O2)^E?jO-y>DwXxlYkCQdi(#kLW#W*n0vW*J
zkPGd%Sc0Xw)*^1_q$>-*aGlzmRfJs9*pvjI(Z{&4u$g`IA(Ly9Sur+nK=AdE<+^hK
z1tN>nrabNqD}^3y%QS<2>9wI<<3g+x5jVP`)UNSOv1iL#JJwj5!o#l_oK1MT&4#`+
zUD|fk4*R9I)W1MmEb(WrTi^TnrI(sWamVBKlDTCE5!0n@iFVj8y*$Mvr_l$nnQXDd
znb)mtnf~x!cBws7II&327mXni6&QRl&D+-hL8RooBe$==aL1PYLL(k(Y>?2l6xDs!
z9*gvQsBF`JUD&>BVc6;mu1wJ;D|=;8Gg@a^_xx}(%)oXYrA%URfR=>;gHgM>nsKo8
z0an}Vs_t}6kvZ&%Cj5o(xgrEs-^Ccvc5t<3(1ESpk*ziG`)%^I2VLCP!q^^k(T|X`
zJ?Q!#Icxi1Yej^y<BG9!!@7Ie{HhcA46A>Hoc%%9_sCiM1Fp4`x9@0>us$_9r*GdA
z#ZuM9E%;GRO{!>3#k$gu?VJNCiLxcHL0)}*whMJ{63M_ZZj{APe0Btd#Z*HDoRXp&
zCQ_;??ljXl&2H0Ye<d@HSXV=_1zM7(>>Xd%;l5IdR@=~1*Xz#ceAuCfuUQw16<D3X
zHQg2Y1!pSB0;VMgN*0t$&xg+%d5;@>7)_`JWQG<7@aR?s1Mx!?tJG_TC2#M~c*i8|
zmt_N6+6Wu#%&0$oOy-;1Z!C5onKTysvF0QjlDFh{%yWn<R!liLHc6(TT2G@$?d?2|
zm*^fTO>RIMq!^@TedqLq`5lLfPG)5d1J5^P$|M)zn9KxBnBuT=7KwXuD%n3K3NwGl
zjD^bEW!f+#jz=OYm*8zdv50UWnu^%&?-DuBWUnZe?{&NK9@qHq+6`=Ugrrh}&%5Ub
zO68oVl1d(Jh+5MqA_)RQEWm%Uu<=c3T9DI+f)UQ9A-JZw`dXjLYdxy2mGCso1qx{S
zdBVZ9*PPd5AB#8b0-XEOWi?eoz9W+Sv%A(4cglNhf;+GE&J#P-Y1`gucktQm<+FRF
zp!jxU_D_>E+*EjfMwOmY?h4dk*B@MO2iM!d_0~Ou>uuo~TyK8|uD8+;aPAb<3enJ>
zxMqGg>GJn+z;ziIphzZ0u%V-x8JniT3X2hhrZfR-DrL04NM<GjpPoEzNNL|r3KAyQ
zv{{c`$?`z!HP;@L4L{@tZa6j1UY?vb;N`C4BzvX{ZK{`GuPtmA>{LLLG;1_!GMm?-
zQaR+~)w>-NG`N$|YaOn2p){~wf(ZEnYleTkdIz;XX`>Aj@Ef})sTK-%oqUhWI%}wu
zT7O$jsnnY5YAUAg;|H1FSI2uBW*Y~eG?Wb0;ztYt{)bSV*h%0ge-Br*xyoz5s^9jg
z?s~!6iuLv^)VudAT5k&6=qc?ka&?tAE!+`Iew5HXi(Hw3tQ&H=%Iiir6o)KkDjF-5
z7+E&L0kF>6Uq@!<;Rxq`DCc1_WBsY^uTm|*D?o<{7mlU=!ALq(`RLndpW2zY2R%SN
zS)*e6rlVBmkaoeiH3y2qF#<-ZiJmvJP6s_Q$SZAoZua6hAd5K5vxpbik0yml&XnYU
zd_?SrcW~f$oFAx1oAmLhU-t_-m<5L9j!I7F(N4LXS}#eh6H57Jq;gZZ4*Ks#lnUp)
zW|oB;0RD>}%R!CtAy;yzd~MQak~s}-S#xR%iCGhjv4}|$3Wf<lH2gPXa;}IHB6hNx
zDbp9LdnRj*BPD~JN=2e@**snz>k~_57%`=CQeY~AVR6g{l4Vl4+1|92rfi+`OXqEx
z7C7iNjW>2LynBVUdYX(ict&`W{<KS*#ABXv8ePUIlXp#pw?4Bi;IcTUV!CrsDBV+@
zVwU?>g2z6gOA@CM9Bi>zfXe_=CYOk@5^(z^u1G+mAd6a(dFhjV&jZASCGdfoJd0iB
z-Q)b$-SenPbDr-Z;p;UEIZc_qOV=(bxmc9H)Ojkv1tio%#>R31#cH8mET$X_ZJ?^b
zlteM+?n`pJ952N<WOow{=ciLD6?@ZKUw&&7NDH!rntfBr7QB<0nB`49#0djH@dLiE
zj%6+GSRr1Eg=S#p3E`Th&~)cP@DY|Ugl}$*l`wH|L{%SN^XLcHy678VFmD#6rXn{_
z5)B91=wD(IL+OrKkQC1Xn9lPunLI@k-vo2n#VlY-QQ263{tX&_@I>vHD9vtOAKu&U
zbAkW1Kc>Q*vobH#F!@Ff>5IgSdUvcB*FGz?Z@O)V;M(&$=NR$Am1|%m+$B8dm3stS
zy3-Ff6FXpf%@*|M&A-6Ot9?-|@;)MKmeP=>)cZ+e;BOiS!t7}twNa@6XCM3}FZhm`
zD_Hn}uI=XC@;LmCJb40tBvB@5Wd78&6YPEJJM!=U@ePj3!e5wF?#Dko;s*`+lR$=Q
zlAr&-=O;c55;fk?b+r38PEJlvUZ0)8|4&X%%Kv}$^5o?oPS4KHUcY>G`ug<b4=1O8
zdUf*R59H*K3vGHbl~VbKlfA!HUffsmd@~x2zM%;>2lhKc6V5)REQaGdzWuY(=<x3J
z8@vLpDg&6=-e|mp)^2+p;R3}r3xc^mCZBS|<Y>v_vE~Hl8IM9HVQ~BDyOZ(j@e6&a
zB!lkPTHHzLI{A*o8F0ukU9;~<>2&7j_8W}?^f$rGsc*J>gMAD4`Mn$F`T~<+M_i>p
zRo}TPPxk5;CxF<5$AFkiFEvI8ghoYxP7)e`>~LrC!#5gn;i~RVX_Tz!DGnE`*qT~|
zClVH)PcMIYIV=2JCc=eDTer1~t2cSVZ{+Dg&1J3nx@kUTpAhUrCdD0-cbwgOl(C*7
zdS|ad2udZ!r<bNxffyPvve3W_)c_pSo{}lM;1c=K%a09d7?T-jAzanlK*V=UrbMzp
zEMxww8(Y~pEG_?4xHym!V;Z4MhDq<&R5P;>5|+i@c$o3ImJM0*)ZRIbnX{Oun+aSW
zKF?Ai)dVv7PZVE{s0>y-WkH%rHlYb0!PH~8cjI;VRGM2_s;t^Tx8X{(?0~)&ShEnj
z8sXCc+SMX_JG&<K)36z3=wpza>!|WA&;aA{0!%>M6Q5WdCXhF|F%(c`bI7miB<fT^
zX-O?)%o#ED+{WZGCKq(gq6@0ngKvO_v>Iu^_S*s<hn5>xSS5?;8uqJz3T6ol3il>t
zO7l~oC1Z#V3LT2<U^6Rglk8rIxW+}Xq_@eN7UoiT(O(#Uq={+s`ZubQk~WBh%4_Vq
zGC5wR*(R-0G5@Uh4WJAURg&=_dFK2ybA@g9em~T%A0{VMeKM%-vWZ_qGN?hk8lJ+_
zApfChMx{0p{9YnpyZm?h;`Qn4qWt&b<mJoLLH_$3&sQn`RZr)xBB0?sUBQEr6j**;
z5d<qUDanH6_n%c9EYH46A}qJ}sTKrU*yR*P^z2z)@Wuaj0+9{m$Vy=x*L98SJ^-hI
zg}FGOX$cRSS%q!oRw*(qzD#V0<K$_1+x~t!h_QnhTZH}~#(oAdwv3YcNV08ctWARO
zYuU|MAX%NWMllskwTGJ=wZ+znf;YgqHk2c-<OqUFb7Xz}ZdR2X8l{FFzDIS^LdX@J
zN9@Pz>*<S*^}g|%+J0E%b@Bpc>`SI#x$W{8s`1ciGtip)dpurh)<9&PJM=@PL*ewK
z_D4N=d+F-U<QUClk*8T#^D5c})sWN3Oz2TK)x62)W0{0p`vI;rsX)J)EKYgU7|QLb
zHGGFL>*<A6>xky*<`Gw`CdI`L@v=OO*oBDW#{|{O;+)EH<R;u(A3bz9Y)l}c7l$Q`
zZW&8PG~#y!6_QEGu%<i)-jK{OJzfxr20vC9HB~HH9Bc=Y{E|Hi=uh+cSjd~}PAFtW
zM4;>65rcJ~Y0JujA}=I-0ijjK<1iHf0_)mhGGrX?giA(4eWD%{jIWAwYJ)T6<c=C0
zf`SzbZjJ6N!LV4mW;w*E1Q$5?2#6y19(ZH~bi=@=%!DCQ`DPw)U;GmFk85{oX4a11
z8-R#;J`jsT0KGZ$rlhmk=tUMq8*(qX<D%O=o}Qt1HF|m}G8f_I7%o-Z6lQ-&FG3zG
z7G#pmZh7(xlYG(Te|=f$kn=#Z*}FoH$2<LA|Fia_wXryB`pMD_HD$6ssJ3Y8srIlM
zmm<LdGV&}ZA<yfWNC7lP6Q|Ki)J0pjozsLdshQ%BSC<`=p5`r!?sH7@30iX1Z%W~h
zOUmQg(=<E(0PVv}+N0+N+Ga~?Z<Z7yy*TeF5?mD;*GK~w=T;!Fivx#STAPqU6X=oR
z%eYu-`{9KGyz2F#>NNsdB{tnKd=R2;*Qw7W#nAsod0>l;8B7_6cpCKoX{1Dg8i4(L
zzy8pz|37_oTK4~X{ioAG|NmK@uTuZ-oz7hq|JUzkKPOJ9nrr;s?-f;l{?U?--@W*(
z%6&J{-hN*1W(0fqkyc>52AV1IlrKaHObAZbEY<v-iLQcDJ2?mKDIUEMd#T)^(Ik!3
z<Y^kIkpb+WWFM65Md%Mo_RpYXcc`R~cHK4Zt5&B`5>KT_MIfRs?)m8a-SmTNT$qZ}
zre{eaB&6L+lF0D$HT-0xL9eG}#<ICJH4a<RI8-Zo%OInmkRe98CXy|fWO2Y6i#l&%
zRrFAt2EoWpr5Y=8Xzo4W$%@HY#?w0Wa}nYfUfT|U<FG_Q+j=cIfY%Z{k|i1s>Yq->
zFSZZ6@gRtw9^t1y0{{VUoM)XmFD_ie8u8~ykwip1*f_{sG?lT?BWP^UB%ZdL6Y}X^
z>m_w-hAs*n>IzoS!h{+WI2wSU=ueWUAt;Z<SwrgT5&0nU3WE(zOro$}?YLy;@ussW
zs&4XTmy3VlcdUMi-oRnGUu}o3TrVK`d*WjGDaqEZbtUne7x8XzR!Dwwy0M1+niVXO
zbrl64jiVwVK_>6m)Ge<Yk(Jt4qB5D(q>M$8?h@emb&%qaf7n)E1nRIK?$RF`<;3MP
z;IB3PRLdw=q4wUjto4ER&^d<s8fl_ts-UVzjmVfxg;IPTnGkjL9Wfudem6TkIrjfL
zE&TPOE(?VB{^d9i^8Fy<x**>ckga*#7c8!2DLH)n=)vL-xgB`$h$4f1u>}h;ZRl5<
z*b7Nx9T8gzaF3@2K7-J;h?hjO_~Je$JXR^AkRuyk<Rt6ps1|!&g2jWybRKD*F-ygo
zYO)5ViWQ5!LqUY}ZVvdivD$QqZ?rrDxnB#yz$%-M1F@bgMMUG}WGN<?U1f6i>g?r7
z(^k}*0aVOqspNIFr;0SfwyOZ!%KawezUP`z$GU0p3E^01il;jiVA4dKxN(-Czk_<$
zX^Xb8a}3JcNAfi5e_@4(Q2%zt|NiMurzd6o@2j&x|NB{<uT}qRPUjx#-&tx!{DSru
zey&sg;uovBUuDMmtg2s_<u;mM=rAV5T<6wTgUlHuUlDP%u}TvBf}V2dC)9V^0GpVj
zRD=ZR#YSW#K!w_h-Z7Hi3q+WPp3v&ZF$wts8055Gj)^T?cc>8KGvl6<<p}3AXq^YG
za}oN3*7@^jodL)6R5~L9>#1}0Z}}EJ+<1CQe%pX}jtQf|%Ko$xQCP3-pyZZqCca`N
zp<I><xvJ_?NShL%X}%`M67^^5>$wqy+ml`=$aK}-$n{lC+Mfo6l_gDnje>17RZdrx
z3MY1?#hP^ODytreMa#lQ{*1hZH!5XXD+JU!+9R#=Hn7XxzS5y|Pmp%{FxfABx?{H=
zXs`F&>DGO2-sRRkZrNc2^?zY8lNw{|-RZZFg)X%_xwI|()z_&?_St2u$lGIwu?Dc+
zUF?R_<~B1Vyr~}3U27yYPpmSz_q1HM5q`i)>XW!vMU!pnwx53}s+vvNP(r-|>)yOt
zO09I(uIW{`rmJR6N4*+NE~2}pf~;l#VrW{A0L(jJ_>CKP!<?;yAZW|BI#Ro(TOO28
z`O~ET!GGF_*!{FX?fRcrFJHcTQO^JN`cE$h{m<ukzE1s5>2&U_1;V#89H*=cD!i;}
zgo<-0>xBw$Kd*MEFz>!PBGbGOpkEwFSh5D@gj9S-M&vw6q7Auce7OP!Zf1)Fi<m@$
zhNC%+XdD!=^N76XP~tI_bO9#TIIk|eYwW(sXf4&mix3H9IC-kKdQ{wxLE|%Me2UN?
zG(Mk0<5NH=z4ShX9(}bxYd|kNUUmge*>;6#<i8qhv7fkAJ;SwgfurnCL-(`HbnW`>
z)8=92Q?}~c8uC|uIwX!Y{q(&EH#7cgAC<xTymhU!iPA5;TIfxRofU&v!BY7rD6in&
zab*gMANL4EG$FfqZuFHj@`u4ET#?afq3SxxVyLX%7<H<b@=%4jahiP`$nYrFyLFmT
z$UWp9Z1!Iv)`um`(A^d#G()?0@E5C@p=B}hobfoj?t%=YX93~nTUaxx-R~kk%{LOC
z_IqjD^the)^wJ8%tyO1B0B9{WyPX=BfP&9(kg|->F$t74{Bh(<=PbQv4Gx)Z%`3Dj
z`uV49b$!@ADBs<-Nxh*4?D|%qgC13nP589}#MWiz0B!-|{)<fc9eelv7Hh-~F3R{A
zJ*iM^Gd!2a{xjKBXbT_TJ?!20M~Vb19)*&{SSudtKpMkzB0>d;Halu|V^UQ#Xv1h$
z4yu7@5M?T5@^ac<S^B!ZH)hemQdj<(4QJjuq+ZRKe7~^@;Nu*$n$@I{>an|RwT$5-
zRH+|@ts>oflc$AlwXS@|Rb01fU8br2%~dszPL`-tGP<sTZ2NBbKr5~gc3NhKfE<%S
zW8JwLkR462L#ZBPUMAEEys2ni8xp@UnYqXd>n?ht;dXjb=hs<YTvv_w=CY^wwB)M5
zr%%R;V$05g>-`F@(yb2*c&eD>Lo~;|n4<_CQL2f;iq8&-LGZD;GV)ARz0cECrE8%g
zoK@YJOVv(;Q@=Q#6JlGgUmyI12%rsYeRwndETT-U+Uv|U0O{xlziZ*Z*vf6kgtv1O
z1TI|^aZ?Ko!omz2f>UEo(_)a`{fbBJz#*XcOg4Eg6a#%NpNz>liP;jZLnvjGJ*n!S
zRN#dCVsIw?3V0~oOP;dgT-)ykareXLwKWpu%UDZ8NZYU29g~VprTDbT^-$gO^%5je
zqo`qYjaBIJ_kRLIqRN7m`>D1TWbuJ@Dqs+BgTm4V6^i9q=lITHPft$PHSrn6rzbY+
zFtp**R{a^Do;9FN$zN-fZ5MdW1iNW4xlApcg&P1WsV-(Nu0tm_o9o%x%VQXZK+W=d
z-iOEOfOR=*Y=3Z;)6LciJ+(Q4o1R?D2>Ss5bSiT%!rrh0Jw~*6$occfA=!vby4-{0
zg2u?{nk>7dF<=j$Z3$?<JxF<QTa!X5f64{pbo=5-#-9|HHB<ehe|!#*@)tfnvLA25
z0ey*DAjB<iz1tPATtJsPsNi7Rz@+~~iAme=a~!qqVC|HDyuP05j`bn}%(};r#PMfA
zz?443^Nm5}BgI2T&Zn2^7|8@x<X`C>oxvQssas!m-#%Tcl3FNKR3>I8+g(x0Q|zQE
z_$az&GhXLE)-lVYndw<PVS4UL|BB(tedb$#<=7pI^pP8{#jiYy=ve&!?48YSqc9N1
zU&Y5Bn(!_~tDci$RXG4vV71z}Uokf3qs*5H(Mp}U$1%fTkAMDqeE%$bbNW>dpJP|N
z`)dJ}_`*`HD@xy=f~ShHYuxOs_ZC!bQ~RofpAk_#M6AeD<Jb)2eSPbP6<r%{zIML(
zxc~hE$yYjcC2I8LcJ^oZ_)4T$-qJMRfGBg3COG~5()&;O%uvQ3EU9&Ssa)DjPK}Bt
z&gs-)cXn^>@1}ZduamG1-cCB!K(-hX^?2cJ-PTNUEsD~xc`o+Od)RBA`zCI`4|ze{
zFOC66KFfqnA!CE_Yj${gz4yjPgL5xK7y33_Fzr8Xoqu(0<AVgu*H;f><?sZ)3a`S!
zyC5T2f*B|^uXCfk0^3mH;+U4y;q%2YP(2T)kH{R~0#k!@CcYVXeh4<t2j=X<P>}o}
zJe~)}Bm73%R3h;e_GUtof#C%3#>0}p;Ot%A0`$EDdPlHLbX|kH=WfAvIu)Rs^$ogC
zes-O173T$3g}5h|@a`!3%u(GvJeT;0b4V^p1NoJrkkIC^*(G}=G65Nt-K4HWs}zqV
zcq`E&N@8i!O0-BZSP5e#n%<zVI=V`<or;n$Tvb>@2u;x_ih2Y;%_XPs9_6WvnwhfY
zrzD*8FhZKeMj1JXii#@8C+A6mb{@kypF}wMiGZV;hww}p$&@inExn9+1;b1p%Ppm}
zhG&%zqLf17CL@zMOcJZeIk%_NNU2u@1X9l)VRU0WqM(inq9}__Ay&aBb&?!rGec%V
zQPDy<5o98TqJY`_Zz4K4Ul5bOExLyyh8@h0USLw^xi<+P5o3R1r<hX$sqb^2Z#~f7
z!}npH7UpEPb%o1O*S(QOUYe>v^^&WX-M0&H^BS)43$EHL_8$KuU5e6788qB()=i!G
z8WuVD(2|67CJNs+6NQ^7eBVQwDBMKhCJO)VInzy>ZrXIy$xJtGx@pr*n{L{4)8EW=
z(@QhmwCSczH*LCU(@mRh+H}*C{ZQR>wuWLHQr3CTu&9X_{XAMlftQzqP7K}ZPM4-S
qEvw#{#=<lfrm--M#eb@?unNg$W@ctT*8T+m0RR6_f@z)rLJ$Cu-*dqL

literal 0
HcmV?d00001

diff --git a/enterprise/traefik/18.0.18/crds/traefik.containo.us_ingressroutes.yaml b/enterprise/traefik/18.0.18/crds/traefik.containo.us_ingressroutes.yaml
new file mode 100644
index 00000000000..a13de5922e4
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.containo.us_ingressroutes.yaml
@@ -0,0 +1,267 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressroutes.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: IngressRoute
+    listKind: IngressRouteList
+    plural: ingressroutes
+    singular: ingressroute
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteSpec defines the desired state of IngressRoute.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: Route holds the HTTP route configuration.
+                  properties:
+                    kind:
+                      description: Kind defines the kind of the route. Rule is the
+                        only supported kind.
+                      enum:
+                      - Rule
+                      type: string
+                    match:
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule'
+                      type: string
+                    middlewares:
+                      description: 'Middlewares defines the list of references to
+                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-middleware'
+                      items:
+                        description: MiddlewareRef is a reference to a Middleware
+                          resource.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Middleware
+                              resource.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Middleware resource.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type: array
+                    priority:
+                      description: 'Priority defines the router''s priority. More
+                        info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority'
+                      type: integer
+                    services:
+                      description: Services defines the list of Service. It can contain
+                        any combination of TraefikService and/or reference to a Kubernetes
+                        Service.
+                      items:
+                        description: Service defines an upstream HTTP service to proxy
+                          traffic to.
+                        properties:
+                          kind:
+                            description: Kind defines the kind of the Service.
+                            enum:
+                            - Service
+                            - TraefikService
+                            type: string
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service or TraefikService. The differentiation between
+                              the two is specified in the Kind field.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service or TraefikService.
+                            type: string
+                          passHostHeader:
+                            description: PassHostHeader defines whether the client
+                              Host header is forwarded to the upstream Kubernetes
+                              Service. By default, passHostHeader is true.
+                            type: boolean
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          responseForwarding:
+                            description: ResponseForwarding defines how Traefik forwards
+                              the response from the upstream Kubernetes Service to
+                              the client.
+                            properties:
+                              flushInterval:
+                                description: 'FlushInterval defines the interval,
+                                  in milliseconds, in between flushes to the client
+                                  while copying the response body. A negative value
+                                  means to flush immediately after each write to the
+                                  client. This configuration is ignored when ReverseProxy
+                                  recognizes a response as a streaming response; for
+                                  such responses, writes are flushed to the client
+                                  immediately. Default: 100ms'
+                                type: string
+                            type: object
+                          scheme:
+                            description: Scheme defines the scheme to use for the
+                              request to the upstream Kubernetes Service. It defaults
+                              to https when Kubernetes Service port is 443, http otherwise.
+                            type: string
+                          serversTransport:
+                            description: ServersTransport defines the name of ServersTransport
+                              resource to use. It allows to configure the transport
+                              between Traefik and your servers. Can only be used on
+                              a Kubernetes Service.
+                            type: string
+                          sticky:
+                            description: 'Sticky defines the sticky sessions configuration.
+                              More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+                            properties:
+                              cookie:
+                                description: Cookie defines the sticky cookie configuration.
+                                properties:
+                                  httpOnly:
+                                    description: HTTPOnly defines whether the cookie
+                                      can be accessed by client-side APIs, such as
+                                      JavaScript.
+                                    type: boolean
+                                  name:
+                                    description: Name defines the Cookie name.
+                                    type: string
+                                  sameSite:
+                                    description: 'SameSite defines the same site policy.
+                                      More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                    type: string
+                                  secure:
+                                    description: Secure defines whether the cookie
+                                      can only be transmitted over an encrypted connection
+                                      (i.e. HTTPS).
+                                    type: boolean
+                                type: object
+                            type: object
+                          strategy:
+                            description: Strategy defines the load balancing strategy
+                              between the servers. RoundRobin is the only supported
+                              value at the moment.
+                            type: string
+                          weight:
+                            description: Weight defines the weight and should only
+                              be specified when Name references a TraefikService object
+                              (and to be precise, one that embeds a Weighted Round
+                              Robin).
+                            type: integer
+                        required:
+                        - name
+                        type: object
+                      type: array
+                  required:
+                  - kind
+                  - match
+                  type: object
+                type: array
+              tls:
+                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls'
+                properties:
+                  certResolver:
+                    description: 'CertResolver defines the name of the certificate
+                      resolver to use. Cert resolvers have to be configured in the
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers'
+                    type: string
+                  domains:
+                    description: 'Domains defines the list of domains that will be
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains'
+                    items:
+                      description: Domain holds a domain name with SANs.
+                      properties:
+                        main:
+                          description: Main defines the main domain name.
+                          type: string
+                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  options:
+                    description: 'Options defines the reference to a TLSOption, that
+                      specifies the parameters of the TLS connection. If not defined,
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
+                    properties:
+                      name:
+                        description: 'Name defines the name of the referenced TLSOption.
+                          More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        type: string
+                      namespace:
+                        description: 'Namespace defines the namespace of the referenced
+                          TLSOption. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                  store:
+                    description: Store defines the reference to the TLSStore, that
+                      will be used to store certificates. Please note that only `default`
+                      TLSStore can be used.
+                    properties:
+                      name:
+                        description: 'Name defines the name of the referenced TLSStore.
+                          More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        type: string
+                      namespace:
+                        description: 'Namespace defines the namespace of the referenced
+                          TLSStore. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/crds/traefik.containo.us_ingressroutetcps.yaml b/enterprise/traefik/18.0.18/crds/traefik.containo.us_ingressroutetcps.yaml
new file mode 100644
index 00000000000..37da83b3441
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.containo.us_ingressroutetcps.yaml
@@ -0,0 +1,211 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressroutetcps.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: IngressRouteTCP
+    listKind: IngressRouteTCPList
+    plural: ingressroutetcps
+    singular: ingressroutetcp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: RouteTCP holds the TCP route configuration.
+                  properties:
+                    match:
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule_1'
+                      type: string
+                    middlewares:
+                      description: Middlewares defines the list of references to MiddlewareTCP
+                        resources.
+                      items:
+                        description: ObjectReference is a generic reference to a Traefik
+                          resource.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Traefik
+                              resource.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Traefik resource.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type: array
+                    priority:
+                      description: 'Priority defines the router''s priority. More
+                        info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority_1'
+                      type: integer
+                    services:
+                      description: Services defines the list of TCP services.
+                      items:
+                        description: ServiceTCP defines an upstream TCP service to
+                          proxy traffic to.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service.
+                            type: string
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          proxyProtocol:
+                            description: 'ProxyProtocol defines the PROXY protocol
+                              configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#proxy-protocol'
+                            properties:
+                              version:
+                                description: Version defines the PROXY Protocol version
+                                  to use.
+                                type: integer
+                            type: object
+                          terminationDelay:
+                            description: TerminationDelay defines the deadline that
+                              the proxy sets, after one of its connected peers indicates
+                              it has closed the writing capability of its connection,
+                              to close the reading capability as well, hence fully
+                              terminating the connection. It is a duration in milliseconds,
+                              defaulting to 100. A negative value means an infinite
+                              deadline (i.e. the reading capability is never closed).
+                            type: integer
+                          weight:
+                            description: Weight defines the weight used when balancing
+                              requests between multiple Kubernetes Service.
+                            type: integer
+                        required:
+                        - name
+                        - port
+                        type: object
+                      type: array
+                  required:
+                  - match
+                  type: object
+                type: array
+              tls:
+                description: 'TLS defines the TLS configuration on a layer 4 / TCP
+                  Route. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls_1'
+                properties:
+                  certResolver:
+                    description: 'CertResolver defines the name of the certificate
+                      resolver to use. Cert resolvers have to be configured in the
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers'
+                    type: string
+                  domains:
+                    description: 'Domains defines the list of domains that will be
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains'
+                    items:
+                      description: Domain holds a domain name with SANs.
+                      properties:
+                        main:
+                          description: Main defines the main domain name.
+                          type: string
+                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  options:
+                    description: 'Options defines the reference to a TLSOption, that
+                      specifies the parameters of the TLS connection. If not defined,
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
+                    properties:
+                      name:
+                        description: Name defines the name of the referenced Traefik
+                          resource.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Traefik resource.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  passthrough:
+                    description: Passthrough defines whether a TLS router will terminate
+                      the TLS connection.
+                    type: boolean
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                  store:
+                    description: Store defines the reference to the TLSStore, that
+                      will be used to store certificates. Please note that only `default`
+                      TLSStore can be used.
+                    properties:
+                      name:
+                        description: Name defines the name of the referenced Traefik
+                          resource.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Traefik resource.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/crds/traefik.containo.us_ingressrouteudps.yaml b/enterprise/traefik/18.0.18/crds/traefik.containo.us_ingressrouteudps.yaml
new file mode 100644
index 00000000000..2ba4dade6b7
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.containo.us_ingressrouteudps.yaml
@@ -0,0 +1,98 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressrouteudps.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: IngressRouteUDP
+    listKind: IngressRouteUDPList
+    plural: ingressrouteudps
+    singular: ingressrouteudp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: RouteUDP holds the UDP route configuration.
+                  properties:
+                    services:
+                      description: Services defines the list of UDP services.
+                      items:
+                        description: ServiceUDP defines an upstream UDP service to
+                          proxy traffic to.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service.
+                            type: string
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          weight:
+                            description: Weight defines the weight used when balancing
+                              requests between multiple Kubernetes Service.
+                            type: integer
+                        required:
+                        - name
+                        - port
+                        type: object
+                      type: array
+                  type: object
+                type: array
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/crds/traefik.containo.us_middlewares.yaml b/enterprise/traefik/18.0.18/crds/traefik.containo.us_middlewares.yaml
new file mode 100644
index 00000000000..26cb51d2e6b
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.containo.us_middlewares.yaml
@@ -0,0 +1,917 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: middlewares.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: Middleware
+    listKind: MiddlewareList
+    plural: middlewares
+    singular: middleware
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'Middleware is the CRD implementation of a Traefik Middleware.
+          More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/overview/'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MiddlewareSpec defines the desired state of a Middleware.
+            properties:
+              addPrefix:
+                description: 'AddPrefix holds the add prefix middleware configuration.
+                  This middleware updates the path of a request before forwarding
+                  it. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/addprefix/'
+                properties:
+                  prefix:
+                    description: Prefix is the string to add before the current path
+                      in the requested URL. It should include a leading slash (/).
+                    type: string
+                type: object
+              basicAuth:
+                description: 'BasicAuth holds the basic auth middleware configuration.
+                  This middleware restricts access to your services to known users.
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/'
+                properties:
+                  headerField:
+                    description: 'HeaderField defines a header field to store the
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield'
+                    type: string
+                  realm:
+                    description: 'Realm allows the protected resources on a server
+                      to be partitioned into a set of protection spaces, each with
+                      its own authentication scheme. Default: traefik.'
+                    type: string
+                  removeHeader:
+                    description: 'RemoveHeader sets the removeHeader option to true
+                      to remove the authorization header before forwarding the request
+                      to your service. Default: false.'
+                    type: boolean
+                  secret:
+                    description: Secret is the name of the referenced Kubernetes Secret
+                      containing user credentials.
+                    type: string
+                type: object
+              buffering:
+                description: 'Buffering holds the buffering middleware configuration.
+                  This middleware retries or limits the size of requests that can
+                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#maxrequestbodybytes'
+                properties:
+                  maxRequestBodyBytes:
+                    description: 'MaxRequestBodyBytes defines the maximum allowed
+                      body size for the request (in bytes). If the request exceeds
+                      the allowed size, it is not forwarded to the service, and the
+                      client gets a 413 (Request Entity Too Large) response. Default:
+                      0 (no maximum).'
+                    format: int64
+                    type: integer
+                  maxResponseBodyBytes:
+                    description: 'MaxResponseBodyBytes defines the maximum allowed
+                      response size from the service (in bytes). If the response exceeds
+                      the allowed size, it is not forwarded to the client. The client
+                      gets a 500 (Internal Server Error) response instead. Default:
+                      0 (no maximum).'
+                    format: int64
+                    type: integer
+                  memRequestBodyBytes:
+                    description: 'MemRequestBodyBytes defines the threshold (in bytes)
+                      from which the request will be buffered on disk instead of in
+                      memory. Default: 1048576 (1Mi).'
+                    format: int64
+                    type: integer
+                  memResponseBodyBytes:
+                    description: 'MemResponseBodyBytes defines the threshold (in bytes)
+                      from which the response will be buffered on disk instead of
+                      in memory. Default: 1048576 (1Mi).'
+                    format: int64
+                    type: integer
+                  retryExpression:
+                    description: 'RetryExpression defines the retry conditions. It
+                      is a logical combination of functions with operators AND (&&)
+                      and OR (||). More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#retryexpression'
+                    type: string
+                type: object
+              chain:
+                description: 'Chain holds the configuration of the chain middleware.
+                  This middleware enables to define reusable combinations of other
+                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/chain/'
+                properties:
+                  middlewares:
+                    description: Middlewares is the list of MiddlewareRef which composes
+                      the chain.
+                    items:
+                      description: MiddlewareRef is a reference to a Middleware resource.
+                      properties:
+                        name:
+                          description: Name defines the name of the referenced Middleware
+                            resource.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Middleware resource.
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              circuitBreaker:
+                description: CircuitBreaker holds the circuit breaker configuration.
+                properties:
+                  checkPeriod:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: CheckPeriod is the interval between successive checks
+                      of the circuit breaker condition (when in standby state).
+                    x-kubernetes-int-or-string: true
+                  expression:
+                    description: Expression is the condition that triggers the tripped
+                      state.
+                    type: string
+                  fallbackDuration:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: FallbackDuration is the duration for which the circuit
+                      breaker will wait before trying to recover (from a tripped state).
+                    x-kubernetes-int-or-string: true
+                  recoveryDuration:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: RecoveryDuration is the duration for which the circuit
+                      breaker will try to recover (as soon as it is in recovering
+                      state).
+                    x-kubernetes-int-or-string: true
+                type: object
+              compress:
+                description: 'Compress holds the compress middleware configuration.
+                  This middleware compresses responses before sending them to the
+                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/compress/'
+                properties:
+                  excludedContentTypes:
+                    description: ExcludedContentTypes defines the list of content
+                      types to compare the Content-Type header of the incoming requests
+                      and responses before compressing.
+                    items:
+                      type: string
+                    type: array
+                  minResponseBodyBytes:
+                    description: 'MinResponseBodyBytes defines the minimum amount
+                      of bytes a response body must have to be compressed. Default:
+                      1024.'
+                    type: integer
+                type: object
+              contentType:
+                description: ContentType holds the content-type middleware configuration.
+                  This middleware exists to enable the correct behavior until at least
+                  the default one can be changed in a future version.
+                properties:
+                  autoDetect:
+                    description: AutoDetect specifies whether to let the `Content-Type`
+                      header, if it has not been set by the backend, be automatically
+                      set to a value derived from the contents of the response. As
+                      a proxy, the default behavior should be to leave the header
+                      alone, regardless of what the backend did with it. However,
+                      the historic default was to always auto-detect and set the header
+                      if it was nil, and it is going to be kept that way in order
+                      to support users currently relying on it.
+                    type: boolean
+                type: object
+              digestAuth:
+                description: 'DigestAuth holds the digest auth middleware configuration.
+                  This middleware restricts access to your services to known users.
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/digestauth/'
+                properties:
+                  headerField:
+                    description: 'HeaderField defines a header field to store the
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield'
+                    type: string
+                  realm:
+                    description: 'Realm allows the protected resources on a server
+                      to be partitioned into a set of protection spaces, each with
+                      its own authentication scheme. Default: traefik.'
+                    type: string
+                  removeHeader:
+                    description: RemoveHeader defines whether to remove the authorization
+                      header before forwarding the request to the backend.
+                    type: boolean
+                  secret:
+                    description: Secret is the name of the referenced Kubernetes Secret
+                      containing user credentials.
+                    type: string
+                type: object
+              errors:
+                description: 'ErrorPage holds the custom error middleware configuration.
+                  This middleware returns a custom page in lieu of the default, according
+                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/'
+                properties:
+                  query:
+                    description: Query defines the URL for the error page (hosted
+                      by service). The {status} variable can be used in order to insert
+                      the status code in the URL.
+                    type: string
+                  service:
+                    description: 'Service defines the reference to a Kubernetes Service
+                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/#service'
+                    properties:
+                      kind:
+                        description: Kind defines the kind of the Service.
+                        enum:
+                        - Service
+                        - TraefikService
+                        type: string
+                      name:
+                        description: Name defines the name of the referenced Kubernetes
+                          Service or TraefikService. The differentiation between the
+                          two is specified in the Kind field.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Kubernetes Service or TraefikService.
+                        type: string
+                      passHostHeader:
+                        description: PassHostHeader defines whether the client Host
+                          header is forwarded to the upstream Kubernetes Service.
+                          By default, passHostHeader is true.
+                        type: boolean
+                      port:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: Port defines the port of a Kubernetes Service.
+                          This can be a reference to a named port.
+                        x-kubernetes-int-or-string: true
+                      responseForwarding:
+                        description: ResponseForwarding defines how Traefik forwards
+                          the response from the upstream Kubernetes Service to the
+                          client.
+                        properties:
+                          flushInterval:
+                            description: 'FlushInterval defines the interval, in milliseconds,
+                              in between flushes to the client while copying the response
+                              body. A negative value means to flush immediately after
+                              each write to the client. This configuration is ignored
+                              when ReverseProxy recognizes a response as a streaming
+                              response; for such responses, writes are flushed to
+                              the client immediately. Default: 100ms'
+                            type: string
+                        type: object
+                      scheme:
+                        description: Scheme defines the scheme to use for the request
+                          to the upstream Kubernetes Service. It defaults to https
+                          when Kubernetes Service port is 443, http otherwise.
+                        type: string
+                      serversTransport:
+                        description: ServersTransport defines the name of ServersTransport
+                          resource to use. It allows to configure the transport between
+                          Traefik and your servers. Can only be used on a Kubernetes
+                          Service.
+                        type: string
+                      sticky:
+                        description: 'Sticky defines the sticky sessions configuration.
+                          More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+                        properties:
+                          cookie:
+                            description: Cookie defines the sticky cookie configuration.
+                            properties:
+                              httpOnly:
+                                description: HTTPOnly defines whether the cookie can
+                                  be accessed by client-side APIs, such as JavaScript.
+                                type: boolean
+                              name:
+                                description: Name defines the Cookie name.
+                                type: string
+                              sameSite:
+                                description: 'SameSite defines the same site policy.
+                                  More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                type: string
+                              secure:
+                                description: Secure defines whether the cookie can
+                                  only be transmitted over an encrypted connection
+                                  (i.e. HTTPS).
+                                type: boolean
+                            type: object
+                        type: object
+                      strategy:
+                        description: Strategy defines the load balancing strategy
+                          between the servers. RoundRobin is the only supported value
+                          at the moment.
+                        type: string
+                      weight:
+                        description: Weight defines the weight and should only be
+                          specified when Name references a TraefikService object (and
+                          to be precise, one that embeds a Weighted Round Robin).
+                        type: integer
+                    required:
+                    - name
+                    type: object
+                  status:
+                    description: Status defines which status or range of statuses
+                      should result in an error page. It can be either a status code
+                      as a number (500), as multiple comma-separated numbers (500,502),
+                      as ranges by separating two codes with a dash (500-599), or
+                      a combination of the two (404,418,500-599).
+                    items:
+                      type: string
+                    type: array
+                type: object
+              forwardAuth:
+                description: 'ForwardAuth holds the forward auth middleware configuration.
+                  This middleware delegates the request authentication to a Service.
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/'
+                properties:
+                  address:
+                    description: Address defines the authentication server address.
+                    type: string
+                  authRequestHeaders:
+                    description: AuthRequestHeaders defines the list of the headers
+                      to copy from the request to the authentication server. If not
+                      set or empty then all request headers are passed.
+                    items:
+                      type: string
+                    type: array
+                  authResponseHeaders:
+                    description: AuthResponseHeaders defines the list of headers to
+                      copy from the authentication server response and set on forwarded
+                      request, replacing any existing conflicting headers.
+                    items:
+                      type: string
+                    type: array
+                  authResponseHeadersRegex:
+                    description: 'AuthResponseHeadersRegex defines the regex to match
+                      headers to copy from the authentication server response and
+                      set on forwarded request, after stripping all headers that match
+                      the regex. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/#authresponseheadersregex'
+                    type: string
+                  tls:
+                    description: TLS defines the configuration used to secure the
+                      connection to the authentication server.
+                    properties:
+                      caOptional:
+                        type: boolean
+                      caSecret:
+                        description: CASecret is the name of the referenced Kubernetes
+                          Secret containing the CA to validate the server certificate.
+                          The CA certificate is extracted from key `tls.ca` or `ca.crt`.
+                        type: string
+                      certSecret:
+                        description: CertSecret is the name of the referenced Kubernetes
+                          Secret containing the client certificate. The client certificate
+                          is extracted from the keys `tls.crt` and `tls.key`.
+                        type: string
+                      insecureSkipVerify:
+                        description: InsecureSkipVerify defines whether the server
+                          certificates should be validated.
+                        type: boolean
+                    type: object
+                  trustForwardHeader:
+                    description: 'TrustForwardHeader defines whether to trust (ie:
+                      forward) all X-Forwarded-* headers.'
+                    type: boolean
+                type: object
+              headers:
+                description: 'Headers holds the headers middleware configuration.
+                  This middleware manages the requests and responses headers. More
+                  info: https://doc.traefik.io/traefik/v2.9/middlewares/http/headers/#customrequestheaders'
+                properties:
+                  accessControlAllowCredentials:
+                    description: AccessControlAllowCredentials defines whether the
+                      request can include user credentials.
+                    type: boolean
+                  accessControlAllowHeaders:
+                    description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowMethods:
+                    description: AccessControlAllowMethods defines the Access-Control-Request-Method
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowOriginList:
+                    description: AccessControlAllowOriginList is a list of allowable
+                      origins. Can also be a wildcard origin "*".
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowOriginListRegex:
+                    description: AccessControlAllowOriginListRegex is a list of allowable
+                      origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
+                    items:
+                      type: string
+                    type: array
+                  accessControlExposeHeaders:
+                    description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlMaxAge:
+                    description: AccessControlMaxAge defines the time that a preflight
+                      request may be cached.
+                    format: int64
+                    type: integer
+                  addVaryHeader:
+                    description: AddVaryHeader defines whether the Vary header is
+                      automatically added/updated when the AccessControlAllowOriginList
+                      is set.
+                    type: boolean
+                  allowedHosts:
+                    description: AllowedHosts defines the fully qualified list of
+                      allowed domain names.
+                    items:
+                      type: string
+                    type: array
+                  browserXssFilter:
+                    description: BrowserXSSFilter defines whether to add the X-XSS-Protection
+                      header with the value 1; mode=block.
+                    type: boolean
+                  contentSecurityPolicy:
+                    description: ContentSecurityPolicy defines the Content-Security-Policy
+                      header value.
+                    type: string
+                  contentTypeNosniff:
+                    description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
+                      header with the nosniff value.
+                    type: boolean
+                  customBrowserXSSValue:
+                    description: CustomBrowserXSSValue defines the X-XSS-Protection
+                      header value. This overrides the BrowserXssFilter option.
+                    type: string
+                  customFrameOptionsValue:
+                    description: CustomFrameOptionsValue defines the X-Frame-Options
+                      header value. This overrides the FrameDeny option.
+                    type: string
+                  customRequestHeaders:
+                    additionalProperties:
+                      type: string
+                    description: CustomRequestHeaders defines the header names and
+                      values to apply to the request.
+                    type: object
+                  customResponseHeaders:
+                    additionalProperties:
+                      type: string
+                    description: CustomResponseHeaders defines the header names and
+                      values to apply to the response.
+                    type: object
+                  featurePolicy:
+                    description: 'Deprecated: use PermissionsPolicy instead.'
+                    type: string
+                  forceSTSHeader:
+                    description: ForceSTSHeader defines whether to add the STS header
+                      even when the connection is HTTP.
+                    type: boolean
+                  frameDeny:
+                    description: FrameDeny defines whether to add the X-Frame-Options
+                      header with the DENY value.
+                    type: boolean
+                  hostsProxyHeaders:
+                    description: HostsProxyHeaders defines the header keys that may
+                      hold a proxied hostname value for the request.
+                    items:
+                      type: string
+                    type: array
+                  isDevelopment:
+                    description: IsDevelopment defines whether to mitigate the unwanted
+                      effects of the AllowedHosts, SSL, and STS options when developing.
+                      Usually testing takes place using HTTP, not HTTPS, and on localhost,
+                      not your production domain. If you would like your development
+                      environment to mimic production with complete Host blocking,
+                      SSL redirects, and STS headers, leave this as false.
+                    type: boolean
+                  permissionsPolicy:
+                    description: PermissionsPolicy defines the Permissions-Policy
+                      header value. This allows sites to control browser features.
+                    type: string
+                  publicKey:
+                    description: PublicKey is the public key that implements HPKP
+                      to prevent MITM attacks with forged certificates.
+                    type: string
+                  referrerPolicy:
+                    description: ReferrerPolicy defines the Referrer-Policy header
+                      value. This allows sites to control whether browsers forward
+                      the Referer header to other sites.
+                    type: string
+                  sslForceHost:
+                    description: 'Deprecated: use RedirectRegex instead.'
+                    type: boolean
+                  sslHost:
+                    description: 'Deprecated: use RedirectRegex instead.'
+                    type: string
+                  sslProxyHeaders:
+                    additionalProperties:
+                      type: string
+                    description: 'SSLProxyHeaders defines the header keys with associated
+                      values that would indicate a valid HTTPS request. It can be
+                      useful when using other proxies (example: "X-Forwarded-Proto":
+                      "https").'
+                    type: object
+                  sslRedirect:
+                    description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+                      instead.'
+                    type: boolean
+                  sslTemporaryRedirect:
+                    description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+                      instead.'
+                    type: boolean
+                  stsIncludeSubdomains:
+                    description: STSIncludeSubdomains defines whether the includeSubDomains
+                      directive is appended to the Strict-Transport-Security header.
+                    type: boolean
+                  stsPreload:
+                    description: STSPreload defines whether the preload flag is appended
+                      to the Strict-Transport-Security header.
+                    type: boolean
+                  stsSeconds:
+                    description: STSSeconds defines the max-age of the Strict-Transport-Security
+                      header. If set to 0, the header is not set.
+                    format: int64
+                    type: integer
+                type: object
+              inFlightReq:
+                description: 'InFlightReq holds the in-flight request middleware configuration.
+                  This middleware limits the number of requests being processed and
+                  served concurrently. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/'
+                properties:
+                  amount:
+                    description: Amount defines the maximum amount of allowed simultaneous
+                      in-flight request. The middleware responds with HTTP 429 Too
+                      Many Requests if there are already amount requests in progress
+                      (based on the same sourceCriterion strategy).
+                    format: int64
+                    type: integer
+                  sourceCriterion:
+                    description: 'SourceCriterion defines what criterion is used to
+                      group requests as originating from a common source. If several
+                      strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the requestHost. More
+                      info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/#sourcecriterion'
+                    properties:
+                      ipStrategy:
+                        description: 'IPStrategy holds the IP strategy configuration
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                        properties:
+                          depth:
+                            description: Depth tells Traefik to use the X-Forwarded-For
+                              header and take the IP located at the depth position
+                              (starting from the right).
+                            type: integer
+                          excludedIPs:
+                            description: ExcludedIPs configures Traefik to scan the
+                              X-Forwarded-For header and select the first IP not in
+                              the list.
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      requestHeaderName:
+                        description: RequestHeaderName defines the name of the header
+                          used to group incoming requests.
+                        type: string
+                      requestHost:
+                        description: RequestHost defines whether to consider the request
+                          Host as the source.
+                        type: boolean
+                    type: object
+                type: object
+              ipWhiteList:
+                description: 'IPWhiteList holds the IP whitelist middleware configuration.
+                  This middleware accepts / refuses requests based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/'
+                properties:
+                  ipStrategy:
+                    description: 'IPStrategy holds the IP strategy configuration used
+                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                    properties:
+                      depth:
+                        description: Depth tells Traefik to use the X-Forwarded-For
+                          header and take the IP located at the depth position (starting
+                          from the right).
+                        type: integer
+                      excludedIPs:
+                        description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
+                          header and select the first IP not in the list.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  sourceRange:
+                    description: SourceRange defines the set of allowed IPs (or ranges
+                      of allowed IPs by using CIDR notation).
+                    items:
+                      type: string
+                    type: array
+                type: object
+              passTLSClientCert:
+                description: 'PassTLSClientCert holds the pass TLS client cert middleware
+                  configuration. This middleware adds the selected data from the passed
+                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/passtlsclientcert/'
+                properties:
+                  info:
+                    description: Info selects the specific client certificate details
+                      you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                    properties:
+                      issuer:
+                        description: Issuer defines the client certificate issuer
+                          details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                        properties:
+                          commonName:
+                            description: CommonName defines whether to add the organizationalUnit
+                              information into the issuer.
+                            type: boolean
+                          country:
+                            description: Country defines whether to add the country
+                              information into the issuer.
+                            type: boolean
+                          domainComponent:
+                            description: DomainComponent defines whether to add the
+                              domainComponent information into the issuer.
+                            type: boolean
+                          locality:
+                            description: Locality defines whether to add the locality
+                              information into the issuer.
+                            type: boolean
+                          organization:
+                            description: Organization defines whether to add the organization
+                              information into the issuer.
+                            type: boolean
+                          province:
+                            description: Province defines whether to add the province
+                              information into the issuer.
+                            type: boolean
+                          serialNumber:
+                            description: SerialNumber defines whether to add the serialNumber
+                              information into the issuer.
+                            type: boolean
+                        type: object
+                      notAfter:
+                        description: NotAfter defines whether to add the Not After
+                          information from the Validity part.
+                        type: boolean
+                      notBefore:
+                        description: NotBefore defines whether to add the Not Before
+                          information from the Validity part.
+                        type: boolean
+                      sans:
+                        description: Sans defines whether to add the Subject Alternative
+                          Name information from the Subject Alternative Name part.
+                        type: boolean
+                      serialNumber:
+                        description: SerialNumber defines whether to add the client
+                          serialNumber information.
+                        type: boolean
+                      subject:
+                        description: Subject defines the client certificate subject
+                          details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                        properties:
+                          commonName:
+                            description: CommonName defines whether to add the organizationalUnit
+                              information into the subject.
+                            type: boolean
+                          country:
+                            description: Country defines whether to add the country
+                              information into the subject.
+                            type: boolean
+                          domainComponent:
+                            description: DomainComponent defines whether to add the
+                              domainComponent information into the subject.
+                            type: boolean
+                          locality:
+                            description: Locality defines whether to add the locality
+                              information into the subject.
+                            type: boolean
+                          organization:
+                            description: Organization defines whether to add the organization
+                              information into the subject.
+                            type: boolean
+                          organizationalUnit:
+                            description: OrganizationalUnit defines whether to add
+                              the organizationalUnit information into the subject.
+                            type: boolean
+                          province:
+                            description: Province defines whether to add the province
+                              information into the subject.
+                            type: boolean
+                          serialNumber:
+                            description: SerialNumber defines whether to add the serialNumber
+                              information into the subject.
+                            type: boolean
+                        type: object
+                    type: object
+                  pem:
+                    description: PEM sets the X-Forwarded-Tls-Client-Cert header with
+                      the escaped certificate.
+                    type: boolean
+                type: object
+              plugin:
+                additionalProperties:
+                  x-kubernetes-preserve-unknown-fields: true
+                description: 'Plugin defines the middleware plugin configuration.
+                  More info: https://doc.traefik.io/traefik/plugins/'
+                type: object
+              rateLimit:
+                description: 'RateLimit holds the rate limit configuration. This middleware
+                  ensures that services will receive a fair amount of requests, and
+                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ratelimit/'
+                properties:
+                  average:
+                    description: Average is the maximum rate, by default in requests/s,
+                      allowed for the given source. It defaults to 0, which means
+                      no rate limiting. The rate is actually defined by dividing Average
+                      by Period. So for a rate below 1req/s, one needs to define a
+                      Period larger than a second.
+                    format: int64
+                    type: integer
+                  burst:
+                    description: Burst is the maximum number of requests allowed to
+                      arrive in the same arbitrarily small period of time. It defaults
+                      to 1.
+                    format: int64
+                    type: integer
+                  period:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: 'Period, in combination with Average, defines the
+                      actual maximum rate, such as: r = Average / Period. It defaults
+                      to a second.'
+                    x-kubernetes-int-or-string: true
+                  sourceCriterion:
+                    description: SourceCriterion defines what criterion is used to
+                      group requests as originating from a common source. If several
+                      strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the request's remote
+                      address field (as an ipStrategy).
+                    properties:
+                      ipStrategy:
+                        description: 'IPStrategy holds the IP strategy configuration
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                        properties:
+                          depth:
+                            description: Depth tells Traefik to use the X-Forwarded-For
+                              header and take the IP located at the depth position
+                              (starting from the right).
+                            type: integer
+                          excludedIPs:
+                            description: ExcludedIPs configures Traefik to scan the
+                              X-Forwarded-For header and select the first IP not in
+                              the list.
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      requestHeaderName:
+                        description: RequestHeaderName defines the name of the header
+                          used to group incoming requests.
+                        type: string
+                      requestHost:
+                        description: RequestHost defines whether to consider the request
+                          Host as the source.
+                        type: boolean
+                    type: object
+                type: object
+              redirectRegex:
+                description: 'RedirectRegex holds the redirect regex middleware configuration.
+                  This middleware redirects a request using regex matching and replacement.
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectregex/#regex'
+                properties:
+                  permanent:
+                    description: Permanent defines whether the redirection is permanent
+                      (301).
+                    type: boolean
+                  regex:
+                    description: Regex defines the regex used to match and capture
+                      elements from the request URL.
+                    type: string
+                  replacement:
+                    description: Replacement defines how to modify the URL to have
+                      the new target URL.
+                    type: string
+                type: object
+              redirectScheme:
+                description: 'RedirectScheme holds the redirect scheme middleware
+                  configuration. This middleware redirects requests from a scheme/port
+                  to another. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectscheme/'
+                properties:
+                  permanent:
+                    description: Permanent defines whether the redirection is permanent
+                      (301).
+                    type: boolean
+                  port:
+                    description: Port defines the port of the new URL.
+                    type: string
+                  scheme:
+                    description: Scheme defines the scheme of the new URL.
+                    type: string
+                type: object
+              replacePath:
+                description: 'ReplacePath holds the replace path middleware configuration.
+                  This middleware replaces the path of the request URL and store the
+                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepath/'
+                properties:
+                  path:
+                    description: Path defines the path to use as replacement in the
+                      request URL.
+                    type: string
+                type: object
+              replacePathRegex:
+                description: 'ReplacePathRegex holds the replace path regex middleware
+                  configuration. This middleware replaces the path of a URL using
+                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepathregex/'
+                properties:
+                  regex:
+                    description: Regex defines the regular expression used to match
+                      and capture the path from the request URL.
+                    type: string
+                  replacement:
+                    description: Replacement defines the replacement path format,
+                      which can include captured variables.
+                    type: string
+                type: object
+              retry:
+                description: 'Retry holds the retry middleware configuration. This
+                  middleware reissues requests a given number of times to a backend
+                  server if that server does not reply. As soon as the server answers,
+                  the middleware stops retrying, regardless of the response status.
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/retry/'
+                properties:
+                  attempts:
+                    description: Attempts defines how many times the request should
+                      be retried.
+                    type: integer
+                  initialInterval:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: InitialInterval defines the first wait time in the
+                      exponential backoff series. The maximum interval is calculated
+                      as twice the initialInterval. If unspecified, requests will
+                      be retried immediately. The value of initialInterval should
+                      be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
+                    x-kubernetes-int-or-string: true
+                type: object
+              stripPrefix:
+                description: 'StripPrefix holds the strip prefix middleware configuration.
+                  This middleware removes the specified prefixes from the URL path.
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
+                properties:
+                  forceSlash:
+                    description: 'ForceSlash ensures that the resulting stripped path
+                      is not the empty string, by replacing it with / when necessary.
+                      Default: true.'
+                    type: boolean
+                  prefixes:
+                    description: Prefixes defines the prefixes to strip from the request
+                      URL.
+                    items:
+                      type: string
+                    type: array
+                type: object
+              stripPrefixRegex:
+                description: 'StripPrefixRegex holds the strip prefix regex middleware
+                  configuration. This middleware removes the matching prefixes from
+                  the URL path. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefixregex/'
+                properties:
+                  regex:
+                    description: Regex defines the regular expression to match the
+                      path prefix from the request URL.
+                    items:
+                      type: string
+                    type: array
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/crds/traefik.containo.us_middlewaretcps.yaml b/enterprise/traefik/18.0.18/crds/traefik.containo.us_middlewaretcps.yaml
new file mode 100644
index 00000000000..1f6eec94044
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.containo.us_middlewaretcps.yaml
@@ -0,0 +1,72 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: middlewaretcps.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: MiddlewareTCP
+    listKind: MiddlewareTCPList
+    plural: middlewaretcps
+    singular: middlewaretcp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
+          More info: https://doc.traefik.io/traefik/v2.9/middlewares/overview/'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
+            properties:
+              inFlightConn:
+                description: InFlightConn defines the InFlightConn middleware configuration.
+                properties:
+                  amount:
+                    description: Amount defines the maximum amount of allowed simultaneous
+                      connections. The middleware closes the connection if there are
+                      already amount connections opened.
+                    format: int64
+                    type: integer
+                type: object
+              ipWhiteList:
+                description: IPWhiteList defines the IPWhiteList middleware configuration.
+                properties:
+                  sourceRange:
+                    description: SourceRange defines the allowed IPs (or ranges of
+                      allowed IPs by using CIDR notation).
+                    items:
+                      type: string
+                    type: array
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/crds/traefik.containo.us_serverstransports.yaml b/enterprise/traefik/18.0.18/crds/traefik.containo.us_serverstransports.yaml
new file mode 100644
index 00000000000..afc03849651
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.containo.us_serverstransports.yaml
@@ -0,0 +1,128 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: serverstransports.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: ServersTransport
+    listKind: ServersTransportList
+    plural: serverstransports
+    singular: serverstransport
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'ServersTransport is the CRD implementation of a ServersTransport.
+          If no serversTransport is specified, the default@internal will be used.
+          The default@internal serversTransport is created from the static configuration.
+          More info: https://doc.traefik.io/traefik/v2.9/routing/services/#serverstransport_1'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ServersTransportSpec defines the desired state of a ServersTransport.
+            properties:
+              certificatesSecrets:
+                description: CertificatesSecrets defines a list of secret storing
+                  client certificates for mTLS.
+                items:
+                  type: string
+                type: array
+              disableHTTP2:
+                description: DisableHTTP2 disables HTTP/2 for connections with backend
+                  servers.
+                type: boolean
+              forwardingTimeouts:
+                description: ForwardingTimeouts defines the timeouts for requests
+                  forwarded to the backend servers.
+                properties:
+                  dialTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: DialTimeout is the amount of time to wait until a
+                      connection to a backend server can be established.
+                    x-kubernetes-int-or-string: true
+                  idleConnTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: IdleConnTimeout is the maximum period for which an
+                      idle HTTP keep-alive connection will remain open before closing
+                      itself.
+                    x-kubernetes-int-or-string: true
+                  pingTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: PingTimeout is the timeout after which the HTTP/2
+                      connection will be closed if a response to ping is not received.
+                    x-kubernetes-int-or-string: true
+                  readIdleTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: ReadIdleTimeout is the timeout after which a health
+                      check using ping frame will be carried out if no frame is received
+                      on the HTTP/2 connection.
+                    x-kubernetes-int-or-string: true
+                  responseHeaderTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: ResponseHeaderTimeout is the amount of time to wait
+                      for a server's response headers after fully writing the request
+                      (including its body, if any).
+                    x-kubernetes-int-or-string: true
+                type: object
+              insecureSkipVerify:
+                description: InsecureSkipVerify disables SSL certificate verification.
+                type: boolean
+              maxIdleConnsPerHost:
+                description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
+                  to keep per-host.
+                type: integer
+              peerCertURI:
+                description: PeerCertURI defines the peer cert URI used to match against
+                  SAN URI during the peer certificate verification.
+                type: string
+              rootCAsSecrets:
+                description: RootCAsSecrets defines a list of CA secret used to validate
+                  self-signed certificate.
+                items:
+                  type: string
+                type: array
+              serverName:
+                description: ServerName defines the server name used to contact the
+                  server.
+                type: string
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/crds/traefik.containo.us_tlsoptions.yaml b/enterprise/traefik/18.0.18/crds/traefik.containo.us_tlsoptions.yaml
new file mode 100644
index 00000000000..16ea46008ba
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.containo.us_tlsoptions.yaml
@@ -0,0 +1,113 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: tlsoptions.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: TLSOption
+    listKind: TLSOptionList
+    plural: tlsoptions
+    singular: tlsoption
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
+          allowing to configure some parameters of the TLS connection. More info:
+          https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TLSOptionSpec defines the desired state of a TLSOption.
+            properties:
+              alpnProtocols:
+                description: 'ALPNProtocols defines the list of supported application
+                  level protocols for the TLS handshake, in order of preference. More
+                  info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols'
+                items:
+                  type: string
+                type: array
+              cipherSuites:
+                description: 'CipherSuites defines the list of supported cipher suites
+                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#cipher-suites'
+                items:
+                  type: string
+                type: array
+              clientAuth:
+                description: ClientAuth defines the server's policy for TLS Client
+                  Authentication.
+                properties:
+                  clientAuthType:
+                    description: ClientAuthType defines the client authentication
+                      type to apply.
+                    enum:
+                    - NoClientCert
+                    - RequestClientCert
+                    - RequireAnyClientCert
+                    - VerifyClientCertIfGiven
+                    - RequireAndVerifyClientCert
+                    type: string
+                  secretNames:
+                    description: SecretNames defines the names of the referenced Kubernetes
+                      Secret storing certificate details.
+                    items:
+                      type: string
+                    type: array
+                type: object
+              curvePreferences:
+                description: 'CurvePreferences defines the preferred elliptic curves
+                  in a specific order. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#curve-preferences'
+                items:
+                  type: string
+                type: array
+              maxVersion:
+                description: 'MaxVersion defines the maximum TLS version that Traefik
+                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+                  VersionTLS13. Default: None.'
+                type: string
+              minVersion:
+                description: 'MinVersion defines the minimum TLS version that Traefik
+                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+                  VersionTLS13. Default: VersionTLS10.'
+                type: string
+              preferServerCipherSuites:
+                description: 'PreferServerCipherSuites defines whether the server
+                  chooses a cipher suite among his own instead of among the client''s.
+                  It is enabled automatically when minVersion or maxVersion is set.
+                  Deprecated: https://github.com/golang/go/issues/45430'
+                type: boolean
+              sniStrict:
+                description: SniStrict defines whether Traefik allows connections
+                  from clients connections that do not specify a server_name extension.
+                type: boolean
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/crds/traefik.containo.us_tlsstores.yaml b/enterprise/traefik/18.0.18/crds/traefik.containo.us_tlsstores.yaml
new file mode 100644
index 00000000000..f6dfc6c8fb0
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.containo.us_tlsstores.yaml
@@ -0,0 +1,99 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: tlsstores.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: TLSStore
+    listKind: TLSStoreList
+    plural: tlsstores
+    singular: tlsstore
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
+          the time being, only the TLSStore named default is supported. This means
+          that you cannot have two stores that are named default in different Kubernetes
+          namespaces. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#certificates-stores'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TLSStoreSpec defines the desired state of a TLSStore.
+            properties:
+              certificates:
+                description: Certificates is a list of secret names, each secret holding
+                  a key/certificate pair to add to the store.
+                items:
+                  description: Certificate holds a secret name for the TLSStore resource.
+                  properties:
+                    secretName:
+                      description: SecretName is the name of the referenced Kubernetes
+                        Secret to specify the certificate details.
+                      type: string
+                  required:
+                  - secretName
+                  type: object
+                type: array
+              defaultCertificate:
+                description: DefaultCertificate defines the default certificate configuration.
+                properties:
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                required:
+                - secretName
+                type: object
+              defaultGeneratedCert:
+                description: DefaultGeneratedCert defines the default generated certificate
+                  configuration.
+                properties:
+                  domain:
+                    description: Domain is the domain definition for the DefaultCertificate.
+                    properties:
+                      main:
+                        description: Main defines the main domain name.
+                        type: string
+                      sans:
+                        description: SANs defines the subject alternative domain names.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  resolver:
+                    description: Resolver is the name of the resolver that will be
+                      used to issue the DefaultCertificate.
+                    type: string
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/crds/traefik.containo.us_traefikservices.yaml b/enterprise/traefik/18.0.18/crds/traefik.containo.us_traefikservices.yaml
new file mode 100644
index 00000000000..358fdc1eab5
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.containo.us_traefikservices.yaml
@@ -0,0 +1,381 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: traefikservices.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: TraefikService
+    listKind: TraefikServiceList
+    plural: traefikservices
+    singular: traefikservice
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TraefikService is the CRD implementation of a Traefik Service.
+          TraefikService object allows to: - Apply weight to Services on load-balancing
+          - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-traefikservice'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TraefikServiceSpec defines the desired state of a TraefikService.
+            properties:
+              mirroring:
+                description: Mirroring defines the Mirroring service configuration.
+                properties:
+                  kind:
+                    description: Kind defines the kind of the Service.
+                    enum:
+                    - Service
+                    - TraefikService
+                    type: string
+                  maxBodySize:
+                    description: MaxBodySize defines the maximum size allowed for
+                      the body of the request. If the body is larger, the request
+                      is not mirrored. Default value is -1, which means unlimited
+                      size.
+                    format: int64
+                    type: integer
+                  mirrors:
+                    description: Mirrors defines the list of mirrors where Traefik
+                      will duplicate the traffic.
+                    items:
+                      description: MirrorService holds the mirror configuration.
+                      properties:
+                        kind:
+                          description: Kind defines the kind of the Service.
+                          enum:
+                          - Service
+                          - TraefikService
+                          type: string
+                        name:
+                          description: Name defines the name of the referenced Kubernetes
+                            Service or TraefikService. The differentiation between
+                            the two is specified in the Kind field.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Kubernetes Service or TraefikService.
+                          type: string
+                        passHostHeader:
+                          description: PassHostHeader defines whether the client Host
+                            header is forwarded to the upstream Kubernetes Service.
+                            By default, passHostHeader is true.
+                          type: boolean
+                        percent:
+                          description: 'Percent defines the part of the traffic to
+                            mirror. Supported values: 0 to 100.'
+                          type: integer
+                        port:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          description: Port defines the port of a Kubernetes Service.
+                            This can be a reference to a named port.
+                          x-kubernetes-int-or-string: true
+                        responseForwarding:
+                          description: ResponseForwarding defines how Traefik forwards
+                            the response from the upstream Kubernetes Service to the
+                            client.
+                          properties:
+                            flushInterval:
+                              description: 'FlushInterval defines the interval, in
+                                milliseconds, in between flushes to the client while
+                                copying the response body. A negative value means
+                                to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes
+                                a response as a streaming response; for such responses,
+                                writes are flushed to the client immediately. Default:
+                                100ms'
+                              type: string
+                          type: object
+                        scheme:
+                          description: Scheme defines the scheme to use for the request
+                            to the upstream Kubernetes Service. It defaults to https
+                            when Kubernetes Service port is 443, http otherwise.
+                          type: string
+                        serversTransport:
+                          description: ServersTransport defines the name of ServersTransport
+                            resource to use. It allows to configure the transport
+                            between Traefik and your servers. Can only be used on
+                            a Kubernetes Service.
+                          type: string
+                        sticky:
+                          description: 'Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+                          properties:
+                            cookie:
+                              description: Cookie defines the sticky cookie configuration.
+                              properties:
+                                httpOnly:
+                                  description: HTTPOnly defines whether the cookie
+                                    can be accessed by client-side APIs, such as JavaScript.
+                                  type: boolean
+                                name:
+                                  description: Name defines the Cookie name.
+                                  type: string
+                                sameSite:
+                                  description: 'SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  type: string
+                                secure:
+                                  description: Secure defines whether the cookie can
+                                    only be transmitted over an encrypted connection
+                                    (i.e. HTTPS).
+                                  type: boolean
+                              type: object
+                          type: object
+                        strategy:
+                          description: Strategy defines the load balancing strategy
+                            between the servers. RoundRobin is the only supported
+                            value at the moment.
+                          type: string
+                        weight:
+                          description: Weight defines the weight and should only be
+                            specified when Name references a TraefikService object
+                            (and to be precise, one that embeds a Weighted Round Robin).
+                          type: integer
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  name:
+                    description: Name defines the name of the referenced Kubernetes
+                      Service or TraefikService. The differentiation between the two
+                      is specified in the Kind field.
+                    type: string
+                  namespace:
+                    description: Namespace defines the namespace of the referenced
+                      Kubernetes Service or TraefikService.
+                    type: string
+                  passHostHeader:
+                    description: PassHostHeader defines whether the client Host header
+                      is forwarded to the upstream Kubernetes Service. By default,
+                      passHostHeader is true.
+                    type: boolean
+                  port:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: Port defines the port of a Kubernetes Service. This
+                      can be a reference to a named port.
+                    x-kubernetes-int-or-string: true
+                  responseForwarding:
+                    description: ResponseForwarding defines how Traefik forwards the
+                      response from the upstream Kubernetes Service to the client.
+                    properties:
+                      flushInterval:
+                        description: 'FlushInterval defines the interval, in milliseconds,
+                          in between flushes to the client while copying the response
+                          body. A negative value means to flush immediately after
+                          each write to the client. This configuration is ignored
+                          when ReverseProxy recognizes a response as a streaming response;
+                          for such responses, writes are flushed to the client immediately.
+                          Default: 100ms'
+                        type: string
+                    type: object
+                  scheme:
+                    description: Scheme defines the scheme to use for the request
+                      to the upstream Kubernetes Service. It defaults to https when
+                      Kubernetes Service port is 443, http otherwise.
+                    type: string
+                  serversTransport:
+                    description: ServersTransport defines the name of ServersTransport
+                      resource to use. It allows to configure the transport between
+                      Traefik and your servers. Can only be used on a Kubernetes Service.
+                    type: string
+                  sticky:
+                    description: 'Sticky defines the sticky sessions configuration.
+                      More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+                    properties:
+                      cookie:
+                        description: Cookie defines the sticky cookie configuration.
+                        properties:
+                          httpOnly:
+                            description: HTTPOnly defines whether the cookie can be
+                              accessed by client-side APIs, such as JavaScript.
+                            type: boolean
+                          name:
+                            description: Name defines the Cookie name.
+                            type: string
+                          sameSite:
+                            description: 'SameSite defines the same site policy. More
+                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            type: string
+                          secure:
+                            description: Secure defines whether the cookie can only
+                              be transmitted over an encrypted connection (i.e. HTTPS).
+                            type: boolean
+                        type: object
+                    type: object
+                  strategy:
+                    description: Strategy defines the load balancing strategy between
+                      the servers. RoundRobin is the only supported value at the moment.
+                    type: string
+                  weight:
+                    description: Weight defines the weight and should only be specified
+                      when Name references a TraefikService object (and to be precise,
+                      one that embeds a Weighted Round Robin).
+                    type: integer
+                required:
+                - name
+                type: object
+              weighted:
+                description: Weighted defines the Weighted Round Robin configuration.
+                properties:
+                  services:
+                    description: Services defines the list of Kubernetes Service and/or
+                      TraefikService to load-balance, with weight.
+                    items:
+                      description: Service defines an upstream HTTP service to proxy
+                        traffic to.
+                      properties:
+                        kind:
+                          description: Kind defines the kind of the Service.
+                          enum:
+                          - Service
+                          - TraefikService
+                          type: string
+                        name:
+                          description: Name defines the name of the referenced Kubernetes
+                            Service or TraefikService. The differentiation between
+                            the two is specified in the Kind field.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Kubernetes Service or TraefikService.
+                          type: string
+                        passHostHeader:
+                          description: PassHostHeader defines whether the client Host
+                            header is forwarded to the upstream Kubernetes Service.
+                            By default, passHostHeader is true.
+                          type: boolean
+                        port:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          description: Port defines the port of a Kubernetes Service.
+                            This can be a reference to a named port.
+                          x-kubernetes-int-or-string: true
+                        responseForwarding:
+                          description: ResponseForwarding defines how Traefik forwards
+                            the response from the upstream Kubernetes Service to the
+                            client.
+                          properties:
+                            flushInterval:
+                              description: 'FlushInterval defines the interval, in
+                                milliseconds, in between flushes to the client while
+                                copying the response body. A negative value means
+                                to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes
+                                a response as a streaming response; for such responses,
+                                writes are flushed to the client immediately. Default:
+                                100ms'
+                              type: string
+                          type: object
+                        scheme:
+                          description: Scheme defines the scheme to use for the request
+                            to the upstream Kubernetes Service. It defaults to https
+                            when Kubernetes Service port is 443, http otherwise.
+                          type: string
+                        serversTransport:
+                          description: ServersTransport defines the name of ServersTransport
+                            resource to use. It allows to configure the transport
+                            between Traefik and your servers. Can only be used on
+                            a Kubernetes Service.
+                          type: string
+                        sticky:
+                          description: 'Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+                          properties:
+                            cookie:
+                              description: Cookie defines the sticky cookie configuration.
+                              properties:
+                                httpOnly:
+                                  description: HTTPOnly defines whether the cookie
+                                    can be accessed by client-side APIs, such as JavaScript.
+                                  type: boolean
+                                name:
+                                  description: Name defines the Cookie name.
+                                  type: string
+                                sameSite:
+                                  description: 'SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  type: string
+                                secure:
+                                  description: Secure defines whether the cookie can
+                                    only be transmitted over an encrypted connection
+                                    (i.e. HTTPS).
+                                  type: boolean
+                              type: object
+                          type: object
+                        strategy:
+                          description: Strategy defines the load balancing strategy
+                            between the servers. RoundRobin is the only supported
+                            value at the moment.
+                          type: string
+                        weight:
+                          description: Weight defines the weight and should only be
+                            specified when Name references a TraefikService object
+                            (and to be precise, one that embeds a Weighted Round Robin).
+                          type: integer
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  sticky:
+                    description: 'Sticky defines whether sticky sessions are enabled.
+                      More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
+                    properties:
+                      cookie:
+                        description: Cookie defines the sticky cookie configuration.
+                        properties:
+                          httpOnly:
+                            description: HTTPOnly defines whether the cookie can be
+                              accessed by client-side APIs, such as JavaScript.
+                            type: boolean
+                          name:
+                            description: Name defines the Cookie name.
+                            type: string
+                          sameSite:
+                            description: 'SameSite defines the same site policy. More
+                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            type: string
+                          secure:
+                            description: Secure defines whether the cookie can only
+                              be transmitted over an encrypted connection (i.e. HTTPS).
+                            type: boolean
+                        type: object
+                    type: object
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/crds/traefik.io_ingressroutes.yaml b/enterprise/traefik/18.0.18/crds/traefik.io_ingressroutes.yaml
new file mode 100644
index 00000000000..89aaee75952
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.io_ingressroutes.yaml
@@ -0,0 +1,275 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressroutes.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: IngressRoute
+    listKind: IngressRouteList
+    plural: ingressroutes
+    singular: ingressroute
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteSpec defines the desired state of IngressRoute.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: Route holds the HTTP route configuration.
+                  properties:
+                    kind:
+                      description: Kind defines the kind of the route. Rule is the
+                        only supported kind.
+                      enum:
+                      - Rule
+                      type: string
+                    match:
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule'
+                      type: string
+                    middlewares:
+                      description: 'Middlewares defines the list of references to
+                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware'
+                      items:
+                        description: MiddlewareRef is a reference to a Middleware
+                          resource.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Middleware
+                              resource.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Middleware resource.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type: array
+                    priority:
+                      description: 'Priority defines the router''s priority. More
+                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority'
+                      type: integer
+                    services:
+                      description: Services defines the list of Service. It can contain
+                        any combination of TraefikService and/or reference to a Kubernetes
+                        Service.
+                      items:
+                        description: Service defines an upstream HTTP service to proxy
+                          traffic to.
+                        properties:
+                          kind:
+                            description: Kind defines the kind of the Service.
+                            enum:
+                            - Service
+                            - TraefikService
+                            type: string
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service or TraefikService. The differentiation between
+                              the two is specified in the Kind field.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service or TraefikService.
+                            type: string
+                          nativeLB:
+                            description: NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs
+                              or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the
+                              pods. By default, NativeLB is false.
+                            type: boolean
+                          passHostHeader:
+                            description: PassHostHeader defines whether the client
+                              Host header is forwarded to the upstream Kubernetes
+                              Service. By default, passHostHeader is true.
+                            type: boolean
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          responseForwarding:
+                            description: ResponseForwarding defines how Traefik forwards
+                              the response from the upstream Kubernetes Service to
+                              the client.
+                            properties:
+                              flushInterval:
+                                description: 'FlushInterval defines the interval,
+                                  in milliseconds, in between flushes to the client
+                                  while copying the response body. A negative value
+                                  means to flush immediately after each write to the
+                                  client. This configuration is ignored when ReverseProxy
+                                  recognizes a response as a streaming response; for
+                                  such responses, writes are flushed to the client
+                                  immediately. Default: 100ms'
+                                type: string
+                            type: object
+                          scheme:
+                            description: Scheme defines the scheme to use for the
+                              request to the upstream Kubernetes Service. It defaults
+                              to https when Kubernetes Service port is 443, http otherwise.
+                            type: string
+                          serversTransport:
+                            description: ServersTransport defines the name of ServersTransport
+                              resource to use. It allows to configure the transport
+                              between Traefik and your servers. Can only be used on
+                              a Kubernetes Service.
+                            type: string
+                          sticky:
+                            description: 'Sticky defines the sticky sessions configuration.
+                              More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                            properties:
+                              cookie:
+                                description: Cookie defines the sticky cookie configuration.
+                                properties:
+                                  httpOnly:
+                                    description: HTTPOnly defines whether the cookie
+                                      can be accessed by client-side APIs, such as
+                                      JavaScript.
+                                    type: boolean
+                                  name:
+                                    description: Name defines the Cookie name.
+                                    type: string
+                                  sameSite:
+                                    description: 'SameSite defines the same site policy.
+                                      More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                    type: string
+                                  secure:
+                                    description: Secure defines whether the cookie
+                                      can only be transmitted over an encrypted connection
+                                      (i.e. HTTPS).
+                                    type: boolean
+                                type: object
+                            type: object
+                          strategy:
+                            description: Strategy defines the load balancing strategy
+                              between the servers. RoundRobin is the only supported
+                              value at the moment.
+                            type: string
+                          weight:
+                            description: Weight defines the weight and should only
+                              be specified when Name references a TraefikService object
+                              (and to be precise, one that embeds a Weighted Round
+                              Robin).
+                            type: integer
+                        required:
+                        - name
+                        type: object
+                      type: array
+                  required:
+                  - kind
+                  - match
+                  type: object
+                type: array
+              tls:
+                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls'
+                properties:
+                  certResolver:
+                    description: 'CertResolver defines the name of the certificate
+                      resolver to use. Cert resolvers have to be configured in the
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    type: string
+                  domains:
+                    description: 'Domains defines the list of domains that will be
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    items:
+                      description: Domain holds a domain name with SANs.
+                      properties:
+                        main:
+                          description: Main defines the main domain name.
+                          type: string
+                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  options:
+                    description: 'Options defines the reference to a TLSOption, that
+                      specifies the parameters of the TLS connection. If not defined,
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    properties:
+                      name:
+                        description: 'Name defines the name of the referenced TLSOption.
+                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        type: string
+                      namespace:
+                        description: 'Namespace defines the namespace of the referenced
+                          TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                  store:
+                    description: Store defines the reference to the TLSStore, that
+                      will be used to store certificates. Please note that only `default`
+                      TLSStore can be used.
+                    properties:
+                      name:
+                        description: 'Name defines the name of the referenced TLSStore.
+                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        type: string
+                      namespace:
+                        description: 'Namespace defines the namespace of the referenced
+                          TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/crds/traefik.io_ingressroutetcps.yaml b/enterprise/traefik/18.0.18/crds/traefik.io_ingressroutetcps.yaml
new file mode 100644
index 00000000000..82f61ac24f1
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.io_ingressroutetcps.yaml
@@ -0,0 +1,218 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressroutetcps.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: IngressRouteTCP
+    listKind: IngressRouteTCPList
+    plural: ingressroutetcps
+    singular: ingressroutetcp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: RouteTCP holds the TCP route configuration.
+                  properties:
+                    match:
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1'
+                      type: string
+                    middlewares:
+                      description: Middlewares defines the list of references to MiddlewareTCP
+                        resources.
+                      items:
+                        description: ObjectReference is a generic reference to a Traefik
+                          resource.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Traefik
+                              resource.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Traefik resource.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type: array
+                    priority:
+                      description: 'Priority defines the router''s priority. More
+                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1'
+                      type: integer
+                    services:
+                      description: Services defines the list of TCP services.
+                      items:
+                        description: ServiceTCP defines an upstream TCP service to
+                          proxy traffic to.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service.
+                            type: string
+                          nativeLB:
+                            description: NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs
+                              or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the
+                              pods. By default, NativeLB is false.
+                            type: boolean
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          proxyProtocol:
+                            description: 'ProxyProtocol defines the PROXY protocol
+                              configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol'
+                            properties:
+                              version:
+                                description: Version defines the PROXY Protocol version
+                                  to use.
+                                type: integer
+                            type: object
+                          terminationDelay:
+                            description: TerminationDelay defines the deadline that
+                              the proxy sets, after one of its connected peers indicates
+                              it has closed the writing capability of its connection,
+                              to close the reading capability as well, hence fully
+                              terminating the connection. It is a duration in milliseconds,
+                              defaulting to 100. A negative value means an infinite
+                              deadline (i.e. the reading capability is never closed).
+                            type: integer
+                          weight:
+                            description: Weight defines the weight used when balancing
+                              requests between multiple Kubernetes Service.
+                            type: integer
+                        required:
+                        - name
+                        - port
+                        type: object
+                      type: array
+                  required:
+                  - match
+                  type: object
+                type: array
+              tls:
+                description: 'TLS defines the TLS configuration on a layer 4 / TCP
+                  Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1'
+                properties:
+                  certResolver:
+                    description: 'CertResolver defines the name of the certificate
+                      resolver to use. Cert resolvers have to be configured in the
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    type: string
+                  domains:
+                    description: 'Domains defines the list of domains that will be
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    items:
+                      description: Domain holds a domain name with SANs.
+                      properties:
+                        main:
+                          description: Main defines the main domain name.
+                          type: string
+                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  options:
+                    description: 'Options defines the reference to a TLSOption, that
+                      specifies the parameters of the TLS connection. If not defined,
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    properties:
+                      name:
+                        description: Name defines the name of the referenced Traefik
+                          resource.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Traefik resource.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  passthrough:
+                    description: Passthrough defines whether a TLS router will terminate
+                      the TLS connection.
+                    type: boolean
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                  store:
+                    description: Store defines the reference to the TLSStore, that
+                      will be used to store certificates. Please note that only `default`
+                      TLSStore can be used.
+                    properties:
+                      name:
+                        description: Name defines the name of the referenced Traefik
+                          resource.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Traefik resource.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/crds/traefik.io_ingressrouteudps.yaml b/enterprise/traefik/18.0.18/crds/traefik.io_ingressrouteudps.yaml
new file mode 100644
index 00000000000..27c50185d08
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.io_ingressrouteudps.yaml
@@ -0,0 +1,105 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressrouteudps.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: IngressRouteUDP
+    listKind: IngressRouteUDPList
+    plural: ingressrouteudps
+    singular: ingressrouteudp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: RouteUDP holds the UDP route configuration.
+                  properties:
+                    services:
+                      description: Services defines the list of UDP services.
+                      items:
+                        description: ServiceUDP defines an upstream UDP service to
+                          proxy traffic to.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service.
+                            type: string
+                          nativeLB:
+                            description: NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs
+                              or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the
+                              pods. By default, NativeLB is false.
+                            type: boolean
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          weight:
+                            description: Weight defines the weight used when balancing
+                              requests between multiple Kubernetes Service.
+                            type: integer
+                        required:
+                        - name
+                        - port
+                        type: object
+                      type: array
+                  type: object
+                type: array
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/crds/traefik.io_middlewares.yaml b/enterprise/traefik/18.0.18/crds/traefik.io_middlewares.yaml
new file mode 100644
index 00000000000..5a4dc3640fa
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.io_middlewares.yaml
@@ -0,0 +1,924 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: middlewares.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: Middleware
+    listKind: MiddlewareList
+    plural: middlewares
+    singular: middleware
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'Middleware is the CRD implementation of a Traefik Middleware.
+          More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MiddlewareSpec defines the desired state of a Middleware.
+            properties:
+              addPrefix:
+                description: 'AddPrefix holds the add prefix middleware configuration.
+                  This middleware updates the path of a request before forwarding
+                  it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/'
+                properties:
+                  prefix:
+                    description: Prefix is the string to add before the current path
+                      in the requested URL. It should include a leading slash (/).
+                    type: string
+                type: object
+              basicAuth:
+                description: 'BasicAuth holds the basic auth middleware configuration.
+                  This middleware restricts access to your services to known users.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/'
+                properties:
+                  headerField:
+                    description: 'HeaderField defines a header field to store the
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                    type: string
+                  realm:
+                    description: 'Realm allows the protected resources on a server
+                      to be partitioned into a set of protection spaces, each with
+                      its own authentication scheme. Default: traefik.'
+                    type: string
+                  removeHeader:
+                    description: 'RemoveHeader sets the removeHeader option to true
+                      to remove the authorization header before forwarding the request
+                      to your service. Default: false.'
+                    type: boolean
+                  secret:
+                    description: Secret is the name of the referenced Kubernetes Secret
+                      containing user credentials.
+                    type: string
+                type: object
+              buffering:
+                description: 'Buffering holds the buffering middleware configuration.
+                  This middleware retries or limits the size of requests that can
+                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes'
+                properties:
+                  maxRequestBodyBytes:
+                    description: 'MaxRequestBodyBytes defines the maximum allowed
+                      body size for the request (in bytes). If the request exceeds
+                      the allowed size, it is not forwarded to the service, and the
+                      client gets a 413 (Request Entity Too Large) response. Default:
+                      0 (no maximum).'
+                    format: int64
+                    type: integer
+                  maxResponseBodyBytes:
+                    description: 'MaxResponseBodyBytes defines the maximum allowed
+                      response size from the service (in bytes). If the response exceeds
+                      the allowed size, it is not forwarded to the client. The client
+                      gets a 500 (Internal Server Error) response instead. Default:
+                      0 (no maximum).'
+                    format: int64
+                    type: integer
+                  memRequestBodyBytes:
+                    description: 'MemRequestBodyBytes defines the threshold (in bytes)
+                      from which the request will be buffered on disk instead of in
+                      memory. Default: 1048576 (1Mi).'
+                    format: int64
+                    type: integer
+                  memResponseBodyBytes:
+                    description: 'MemResponseBodyBytes defines the threshold (in bytes)
+                      from which the response will be buffered on disk instead of
+                      in memory. Default: 1048576 (1Mi).'
+                    format: int64
+                    type: integer
+                  retryExpression:
+                    description: 'RetryExpression defines the retry conditions. It
+                      is a logical combination of functions with operators AND (&&)
+                      and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression'
+                    type: string
+                type: object
+              chain:
+                description: 'Chain holds the configuration of the chain middleware.
+                  This middleware enables to define reusable combinations of other
+                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/'
+                properties:
+                  middlewares:
+                    description: Middlewares is the list of MiddlewareRef which composes
+                      the chain.
+                    items:
+                      description: MiddlewareRef is a reference to a Middleware resource.
+                      properties:
+                        name:
+                          description: Name defines the name of the referenced Middleware
+                            resource.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Middleware resource.
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              circuitBreaker:
+                description: CircuitBreaker holds the circuit breaker configuration.
+                properties:
+                  checkPeriod:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: CheckPeriod is the interval between successive checks
+                      of the circuit breaker condition (when in standby state).
+                    x-kubernetes-int-or-string: true
+                  expression:
+                    description: Expression is the condition that triggers the tripped
+                      state.
+                    type: string
+                  fallbackDuration:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: FallbackDuration is the duration for which the circuit
+                      breaker will wait before trying to recover (from a tripped state).
+                    x-kubernetes-int-or-string: true
+                  recoveryDuration:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: RecoveryDuration is the duration for which the circuit
+                      breaker will try to recover (as soon as it is in recovering
+                      state).
+                    x-kubernetes-int-or-string: true
+                type: object
+              compress:
+                description: 'Compress holds the compress middleware configuration.
+                  This middleware compresses responses before sending them to the
+                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/'
+                properties:
+                  excludedContentTypes:
+                    description: ExcludedContentTypes defines the list of content
+                      types to compare the Content-Type header of the incoming requests
+                      and responses before compressing.
+                    items:
+                      type: string
+                    type: array
+                  minResponseBodyBytes:
+                    description: 'MinResponseBodyBytes defines the minimum amount
+                      of bytes a response body must have to be compressed. Default:
+                      1024.'
+                    type: integer
+                type: object
+              contentType:
+                description: ContentType holds the content-type middleware configuration.
+                  This middleware exists to enable the correct behavior until at least
+                  the default one can be changed in a future version.
+                properties:
+                  autoDetect:
+                    description: AutoDetect specifies whether to let the `Content-Type`
+                      header, if it has not been set by the backend, be automatically
+                      set to a value derived from the contents of the response. As
+                      a proxy, the default behavior should be to leave the header
+                      alone, regardless of what the backend did with it. However,
+                      the historic default was to always auto-detect and set the header
+                      if it was nil, and it is going to be kept that way in order
+                      to support users currently relying on it.
+                    type: boolean
+                type: object
+              digestAuth:
+                description: 'DigestAuth holds the digest auth middleware configuration.
+                  This middleware restricts access to your services to known users.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/'
+                properties:
+                  headerField:
+                    description: 'HeaderField defines a header field to store the
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                    type: string
+                  realm:
+                    description: 'Realm allows the protected resources on a server
+                      to be partitioned into a set of protection spaces, each with
+                      its own authentication scheme. Default: traefik.'
+                    type: string
+                  removeHeader:
+                    description: RemoveHeader defines whether to remove the authorization
+                      header before forwarding the request to the backend.
+                    type: boolean
+                  secret:
+                    description: Secret is the name of the referenced Kubernetes Secret
+                      containing user credentials.
+                    type: string
+                type: object
+              errors:
+                description: 'ErrorPage holds the custom error middleware configuration.
+                  This middleware returns a custom page in lieu of the default, according
+                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/'
+                properties:
+                  query:
+                    description: Query defines the URL for the error page (hosted
+                      by service). The {status} variable can be used in order to insert
+                      the status code in the URL.
+                    type: string
+                  service:
+                    description: 'Service defines the reference to a Kubernetes Service
+                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service'
+                    properties:
+                      kind:
+                        description: Kind defines the kind of the Service.
+                        enum:
+                        - Service
+                        - TraefikService
+                        type: string
+                      name:
+                        description: Name defines the name of the referenced Kubernetes
+                          Service or TraefikService. The differentiation between the
+                          two is specified in the Kind field.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Kubernetes Service or TraefikService.
+                        type: string
+                      nativeLB:
+                        description: NativeLB controls, when creating the load-balancer,
+                          whether the LB's children are directly the pods IPs or if
+                          the only child is the Kubernetes Service clusterIP. The
+                          Kubernetes Service itself does load-balance to the pods.
+                          By default, NativeLB is false.
+                        type: boolean
+                      passHostHeader:
+                        description: PassHostHeader defines whether the client Host
+                          header is forwarded to the upstream Kubernetes Service.
+                          By default, passHostHeader is true.
+                        type: boolean
+                      port:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: Port defines the port of a Kubernetes Service.
+                          This can be a reference to a named port.
+                        x-kubernetes-int-or-string: true
+                      responseForwarding:
+                        description: ResponseForwarding defines how Traefik forwards
+                          the response from the upstream Kubernetes Service to the
+                          client.
+                        properties:
+                          flushInterval:
+                            description: 'FlushInterval defines the interval, in milliseconds,
+                              in between flushes to the client while copying the response
+                              body. A negative value means to flush immediately after
+                              each write to the client. This configuration is ignored
+                              when ReverseProxy recognizes a response as a streaming
+                              response; for such responses, writes are flushed to
+                              the client immediately. Default: 100ms'
+                            type: string
+                        type: object
+                      scheme:
+                        description: Scheme defines the scheme to use for the request
+                          to the upstream Kubernetes Service. It defaults to https
+                          when Kubernetes Service port is 443, http otherwise.
+                        type: string
+                      serversTransport:
+                        description: ServersTransport defines the name of ServersTransport
+                          resource to use. It allows to configure the transport between
+                          Traefik and your servers. Can only be used on a Kubernetes
+                          Service.
+                        type: string
+                      sticky:
+                        description: 'Sticky defines the sticky sessions configuration.
+                          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                        properties:
+                          cookie:
+                            description: Cookie defines the sticky cookie configuration.
+                            properties:
+                              httpOnly:
+                                description: HTTPOnly defines whether the cookie can
+                                  be accessed by client-side APIs, such as JavaScript.
+                                type: boolean
+                              name:
+                                description: Name defines the Cookie name.
+                                type: string
+                              sameSite:
+                                description: 'SameSite defines the same site policy.
+                                  More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                type: string
+                              secure:
+                                description: Secure defines whether the cookie can
+                                  only be transmitted over an encrypted connection
+                                  (i.e. HTTPS).
+                                type: boolean
+                            type: object
+                        type: object
+                      strategy:
+                        description: Strategy defines the load balancing strategy
+                          between the servers. RoundRobin is the only supported value
+                          at the moment.
+                        type: string
+                      weight:
+                        description: Weight defines the weight and should only be
+                          specified when Name references a TraefikService object (and
+                          to be precise, one that embeds a Weighted Round Robin).
+                        type: integer
+                    required:
+                    - name
+                    type: object
+                  status:
+                    description: Status defines which status or range of statuses
+                      should result in an error page. It can be either a status code
+                      as a number (500), as multiple comma-separated numbers (500,502),
+                      as ranges by separating two codes with a dash (500-599), or
+                      a combination of the two (404,418,500-599).
+                    items:
+                      type: string
+                    type: array
+                type: object
+              forwardAuth:
+                description: 'ForwardAuth holds the forward auth middleware configuration.
+                  This middleware delegates the request authentication to a Service.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/'
+                properties:
+                  address:
+                    description: Address defines the authentication server address.
+                    type: string
+                  authRequestHeaders:
+                    description: AuthRequestHeaders defines the list of the headers
+                      to copy from the request to the authentication server. If not
+                      set or empty then all request headers are passed.
+                    items:
+                      type: string
+                    type: array
+                  authResponseHeaders:
+                    description: AuthResponseHeaders defines the list of headers to
+                      copy from the authentication server response and set on forwarded
+                      request, replacing any existing conflicting headers.
+                    items:
+                      type: string
+                    type: array
+                  authResponseHeadersRegex:
+                    description: 'AuthResponseHeadersRegex defines the regex to match
+                      headers to copy from the authentication server response and
+                      set on forwarded request, after stripping all headers that match
+                      the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex'
+                    type: string
+                  tls:
+                    description: TLS defines the configuration used to secure the
+                      connection to the authentication server.
+                    properties:
+                      caOptional:
+                        type: boolean
+                      caSecret:
+                        description: CASecret is the name of the referenced Kubernetes
+                          Secret containing the CA to validate the server certificate.
+                          The CA certificate is extracted from key `tls.ca` or `ca.crt`.
+                        type: string
+                      certSecret:
+                        description: CertSecret is the name of the referenced Kubernetes
+                          Secret containing the client certificate. The client certificate
+                          is extracted from the keys `tls.crt` and `tls.key`.
+                        type: string
+                      insecureSkipVerify:
+                        description: InsecureSkipVerify defines whether the server
+                          certificates should be validated.
+                        type: boolean
+                    type: object
+                  trustForwardHeader:
+                    description: 'TrustForwardHeader defines whether to trust (ie:
+                      forward) all X-Forwarded-* headers.'
+                    type: boolean
+                type: object
+              headers:
+                description: 'Headers holds the headers middleware configuration.
+                  This middleware manages the requests and responses headers. More
+                  info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders'
+                properties:
+                  accessControlAllowCredentials:
+                    description: AccessControlAllowCredentials defines whether the
+                      request can include user credentials.
+                    type: boolean
+                  accessControlAllowHeaders:
+                    description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowMethods:
+                    description: AccessControlAllowMethods defines the Access-Control-Request-Method
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowOriginList:
+                    description: AccessControlAllowOriginList is a list of allowable
+                      origins. Can also be a wildcard origin "*".
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowOriginListRegex:
+                    description: AccessControlAllowOriginListRegex is a list of allowable
+                      origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
+                    items:
+                      type: string
+                    type: array
+                  accessControlExposeHeaders:
+                    description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlMaxAge:
+                    description: AccessControlMaxAge defines the time that a preflight
+                      request may be cached.
+                    format: int64
+                    type: integer
+                  addVaryHeader:
+                    description: AddVaryHeader defines whether the Vary header is
+                      automatically added/updated when the AccessControlAllowOriginList
+                      is set.
+                    type: boolean
+                  allowedHosts:
+                    description: AllowedHosts defines the fully qualified list of
+                      allowed domain names.
+                    items:
+                      type: string
+                    type: array
+                  browserXssFilter:
+                    description: BrowserXSSFilter defines whether to add the X-XSS-Protection
+                      header with the value 1; mode=block.
+                    type: boolean
+                  contentSecurityPolicy:
+                    description: ContentSecurityPolicy defines the Content-Security-Policy
+                      header value.
+                    type: string
+                  contentTypeNosniff:
+                    description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
+                      header with the nosniff value.
+                    type: boolean
+                  customBrowserXSSValue:
+                    description: CustomBrowserXSSValue defines the X-XSS-Protection
+                      header value. This overrides the BrowserXssFilter option.
+                    type: string
+                  customFrameOptionsValue:
+                    description: CustomFrameOptionsValue defines the X-Frame-Options
+                      header value. This overrides the FrameDeny option.
+                    type: string
+                  customRequestHeaders:
+                    additionalProperties:
+                      type: string
+                    description: CustomRequestHeaders defines the header names and
+                      values to apply to the request.
+                    type: object
+                  customResponseHeaders:
+                    additionalProperties:
+                      type: string
+                    description: CustomResponseHeaders defines the header names and
+                      values to apply to the response.
+                    type: object
+                  featurePolicy:
+                    description: 'Deprecated: use PermissionsPolicy instead.'
+                    type: string
+                  forceSTSHeader:
+                    description: ForceSTSHeader defines whether to add the STS header
+                      even when the connection is HTTP.
+                    type: boolean
+                  frameDeny:
+                    description: FrameDeny defines whether to add the X-Frame-Options
+                      header with the DENY value.
+                    type: boolean
+                  hostsProxyHeaders:
+                    description: HostsProxyHeaders defines the header keys that may
+                      hold a proxied hostname value for the request.
+                    items:
+                      type: string
+                    type: array
+                  isDevelopment:
+                    description: IsDevelopment defines whether to mitigate the unwanted
+                      effects of the AllowedHosts, SSL, and STS options when developing.
+                      Usually testing takes place using HTTP, not HTTPS, and on localhost,
+                      not your production domain. If you would like your development
+                      environment to mimic production with complete Host blocking,
+                      SSL redirects, and STS headers, leave this as false.
+                    type: boolean
+                  permissionsPolicy:
+                    description: PermissionsPolicy defines the Permissions-Policy
+                      header value. This allows sites to control browser features.
+                    type: string
+                  publicKey:
+                    description: PublicKey is the public key that implements HPKP
+                      to prevent MITM attacks with forged certificates.
+                    type: string
+                  referrerPolicy:
+                    description: ReferrerPolicy defines the Referrer-Policy header
+                      value. This allows sites to control whether browsers forward
+                      the Referer header to other sites.
+                    type: string
+                  sslForceHost:
+                    description: 'Deprecated: use RedirectRegex instead.'
+                    type: boolean
+                  sslHost:
+                    description: 'Deprecated: use RedirectRegex instead.'
+                    type: string
+                  sslProxyHeaders:
+                    additionalProperties:
+                      type: string
+                    description: 'SSLProxyHeaders defines the header keys with associated
+                      values that would indicate a valid HTTPS request. It can be
+                      useful when using other proxies (example: "X-Forwarded-Proto":
+                      "https").'
+                    type: object
+                  sslRedirect:
+                    description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+                      instead.'
+                    type: boolean
+                  sslTemporaryRedirect:
+                    description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+                      instead.'
+                    type: boolean
+                  stsIncludeSubdomains:
+                    description: STSIncludeSubdomains defines whether the includeSubDomains
+                      directive is appended to the Strict-Transport-Security header.
+                    type: boolean
+                  stsPreload:
+                    description: STSPreload defines whether the preload flag is appended
+                      to the Strict-Transport-Security header.
+                    type: boolean
+                  stsSeconds:
+                    description: STSSeconds defines the max-age of the Strict-Transport-Security
+                      header. If set to 0, the header is not set.
+                    format: int64
+                    type: integer
+                type: object
+              inFlightReq:
+                description: 'InFlightReq holds the in-flight request middleware configuration.
+                  This middleware limits the number of requests being processed and
+                  served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/'
+                properties:
+                  amount:
+                    description: Amount defines the maximum amount of allowed simultaneous
+                      in-flight request. The middleware responds with HTTP 429 Too
+                      Many Requests if there are already amount requests in progress
+                      (based on the same sourceCriterion strategy).
+                    format: int64
+                    type: integer
+                  sourceCriterion:
+                    description: 'SourceCriterion defines what criterion is used to
+                      group requests as originating from a common source. If several
+                      strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the requestHost. More
+                      info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion'
+                    properties:
+                      ipStrategy:
+                        description: 'IPStrategy holds the IP strategy configuration
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                        properties:
+                          depth:
+                            description: Depth tells Traefik to use the X-Forwarded-For
+                              header and take the IP located at the depth position
+                              (starting from the right).
+                            type: integer
+                          excludedIPs:
+                            description: ExcludedIPs configures Traefik to scan the
+                              X-Forwarded-For header and select the first IP not in
+                              the list.
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      requestHeaderName:
+                        description: RequestHeaderName defines the name of the header
+                          used to group incoming requests.
+                        type: string
+                      requestHost:
+                        description: RequestHost defines whether to consider the request
+                          Host as the source.
+                        type: boolean
+                    type: object
+                type: object
+              ipWhiteList:
+                description: 'IPWhiteList holds the IP whitelist middleware configuration.
+                  This middleware accepts / refuses requests based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/'
+                properties:
+                  ipStrategy:
+                    description: 'IPStrategy holds the IP strategy configuration used
+                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                    properties:
+                      depth:
+                        description: Depth tells Traefik to use the X-Forwarded-For
+                          header and take the IP located at the depth position (starting
+                          from the right).
+                        type: integer
+                      excludedIPs:
+                        description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
+                          header and select the first IP not in the list.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  sourceRange:
+                    description: SourceRange defines the set of allowed IPs (or ranges
+                      of allowed IPs by using CIDR notation).
+                    items:
+                      type: string
+                    type: array
+                type: object
+              passTLSClientCert:
+                description: 'PassTLSClientCert holds the pass TLS client cert middleware
+                  configuration. This middleware adds the selected data from the passed
+                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/'
+                properties:
+                  info:
+                    description: Info selects the specific client certificate details
+                      you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                    properties:
+                      issuer:
+                        description: Issuer defines the client certificate issuer
+                          details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                        properties:
+                          commonName:
+                            description: CommonName defines whether to add the organizationalUnit
+                              information into the issuer.
+                            type: boolean
+                          country:
+                            description: Country defines whether to add the country
+                              information into the issuer.
+                            type: boolean
+                          domainComponent:
+                            description: DomainComponent defines whether to add the
+                              domainComponent information into the issuer.
+                            type: boolean
+                          locality:
+                            description: Locality defines whether to add the locality
+                              information into the issuer.
+                            type: boolean
+                          organization:
+                            description: Organization defines whether to add the organization
+                              information into the issuer.
+                            type: boolean
+                          province:
+                            description: Province defines whether to add the province
+                              information into the issuer.
+                            type: boolean
+                          serialNumber:
+                            description: SerialNumber defines whether to add the serialNumber
+                              information into the issuer.
+                            type: boolean
+                        type: object
+                      notAfter:
+                        description: NotAfter defines whether to add the Not After
+                          information from the Validity part.
+                        type: boolean
+                      notBefore:
+                        description: NotBefore defines whether to add the Not Before
+                          information from the Validity part.
+                        type: boolean
+                      sans:
+                        description: Sans defines whether to add the Subject Alternative
+                          Name information from the Subject Alternative Name part.
+                        type: boolean
+                      serialNumber:
+                        description: SerialNumber defines whether to add the client
+                          serialNumber information.
+                        type: boolean
+                      subject:
+                        description: Subject defines the client certificate subject
+                          details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                        properties:
+                          commonName:
+                            description: CommonName defines whether to add the organizationalUnit
+                              information into the subject.
+                            type: boolean
+                          country:
+                            description: Country defines whether to add the country
+                              information into the subject.
+                            type: boolean
+                          domainComponent:
+                            description: DomainComponent defines whether to add the
+                              domainComponent information into the subject.
+                            type: boolean
+                          locality:
+                            description: Locality defines whether to add the locality
+                              information into the subject.
+                            type: boolean
+                          organization:
+                            description: Organization defines whether to add the organization
+                              information into the subject.
+                            type: boolean
+                          organizationalUnit:
+                            description: OrganizationalUnit defines whether to add
+                              the organizationalUnit information into the subject.
+                            type: boolean
+                          province:
+                            description: Province defines whether to add the province
+                              information into the subject.
+                            type: boolean
+                          serialNumber:
+                            description: SerialNumber defines whether to add the serialNumber
+                              information into the subject.
+                            type: boolean
+                        type: object
+                    type: object
+                  pem:
+                    description: PEM sets the X-Forwarded-Tls-Client-Cert header with
+                      the certificate.
+                    type: boolean
+                type: object
+              plugin:
+                additionalProperties:
+                  x-kubernetes-preserve-unknown-fields: true
+                description: 'Plugin defines the middleware plugin configuration.
+                  More info: https://doc.traefik.io/traefik/plugins/'
+                type: object
+              rateLimit:
+                description: 'RateLimit holds the rate limit configuration. This middleware
+                  ensures that services will receive a fair amount of requests, and
+                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/'
+                properties:
+                  average:
+                    description: Average is the maximum rate, by default in requests/s,
+                      allowed for the given source. It defaults to 0, which means
+                      no rate limiting. The rate is actually defined by dividing Average
+                      by Period. So for a rate below 1req/s, one needs to define a
+                      Period larger than a second.
+                    format: int64
+                    type: integer
+                  burst:
+                    description: Burst is the maximum number of requests allowed to
+                      arrive in the same arbitrarily small period of time. It defaults
+                      to 1.
+                    format: int64
+                    type: integer
+                  period:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: 'Period, in combination with Average, defines the
+                      actual maximum rate, such as: r = Average / Period. It defaults
+                      to a second.'
+                    x-kubernetes-int-or-string: true
+                  sourceCriterion:
+                    description: SourceCriterion defines what criterion is used to
+                      group requests as originating from a common source. If several
+                      strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the request's remote
+                      address field (as an ipStrategy).
+                    properties:
+                      ipStrategy:
+                        description: 'IPStrategy holds the IP strategy configuration
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                        properties:
+                          depth:
+                            description: Depth tells Traefik to use the X-Forwarded-For
+                              header and take the IP located at the depth position
+                              (starting from the right).
+                            type: integer
+                          excludedIPs:
+                            description: ExcludedIPs configures Traefik to scan the
+                              X-Forwarded-For header and select the first IP not in
+                              the list.
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      requestHeaderName:
+                        description: RequestHeaderName defines the name of the header
+                          used to group incoming requests.
+                        type: string
+                      requestHost:
+                        description: RequestHost defines whether to consider the request
+                          Host as the source.
+                        type: boolean
+                    type: object
+                type: object
+              redirectRegex:
+                description: 'RedirectRegex holds the redirect regex middleware configuration.
+                  This middleware redirects a request using regex matching and replacement.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex'
+                properties:
+                  permanent:
+                    description: Permanent defines whether the redirection is permanent
+                      (301).
+                    type: boolean
+                  regex:
+                    description: Regex defines the regex used to match and capture
+                      elements from the request URL.
+                    type: string
+                  replacement:
+                    description: Replacement defines how to modify the URL to have
+                      the new target URL.
+                    type: string
+                type: object
+              redirectScheme:
+                description: 'RedirectScheme holds the redirect scheme middleware
+                  configuration. This middleware redirects requests from a scheme/port
+                  to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/'
+                properties:
+                  permanent:
+                    description: Permanent defines whether the redirection is permanent
+                      (301).
+                    type: boolean
+                  port:
+                    description: Port defines the port of the new URL.
+                    type: string
+                  scheme:
+                    description: Scheme defines the scheme of the new URL.
+                    type: string
+                type: object
+              replacePath:
+                description: 'ReplacePath holds the replace path middleware configuration.
+                  This middleware replaces the path of the request URL and store the
+                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/'
+                properties:
+                  path:
+                    description: Path defines the path to use as replacement in the
+                      request URL.
+                    type: string
+                type: object
+              replacePathRegex:
+                description: 'ReplacePathRegex holds the replace path regex middleware
+                  configuration. This middleware replaces the path of a URL using
+                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/'
+                properties:
+                  regex:
+                    description: Regex defines the regular expression used to match
+                      and capture the path from the request URL.
+                    type: string
+                  replacement:
+                    description: Replacement defines the replacement path format,
+                      which can include captured variables.
+                    type: string
+                type: object
+              retry:
+                description: 'Retry holds the retry middleware configuration. This
+                  middleware reissues requests a given number of times to a backend
+                  server if that server does not reply. As soon as the server answers,
+                  the middleware stops retrying, regardless of the response status.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/'
+                properties:
+                  attempts:
+                    description: Attempts defines how many times the request should
+                      be retried.
+                    type: integer
+                  initialInterval:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: InitialInterval defines the first wait time in the
+                      exponential backoff series. The maximum interval is calculated
+                      as twice the initialInterval. If unspecified, requests will
+                      be retried immediately. The value of initialInterval should
+                      be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
+                    x-kubernetes-int-or-string: true
+                type: object
+              stripPrefix:
+                description: 'StripPrefix holds the strip prefix middleware configuration.
+                  This middleware removes the specified prefixes from the URL path.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/'
+                properties:
+                  forceSlash:
+                    description: 'ForceSlash ensures that the resulting stripped path
+                      is not the empty string, by replacing it with / when necessary.
+                      Default: true.'
+                    type: boolean
+                  prefixes:
+                    description: Prefixes defines the prefixes to strip from the request
+                      URL.
+                    items:
+                      type: string
+                    type: array
+                type: object
+              stripPrefixRegex:
+                description: 'StripPrefixRegex holds the strip prefix regex middleware
+                  configuration. This middleware removes the matching prefixes from
+                  the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/'
+                properties:
+                  regex:
+                    description: Regex defines the regular expression to match the
+                      path prefix from the request URL.
+                    items:
+                      type: string
+                    type: array
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/crds/traefik.io_middlewaretcps.yaml b/enterprise/traefik/18.0.18/crds/traefik.io_middlewaretcps.yaml
new file mode 100644
index 00000000000..8623568f5b3
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.io_middlewaretcps.yaml
@@ -0,0 +1,72 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: middlewaretcps.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: MiddlewareTCP
+    listKind: MiddlewareTCPList
+    plural: middlewaretcps
+    singular: middlewaretcp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
+          More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
+            properties:
+              inFlightConn:
+                description: InFlightConn defines the InFlightConn middleware configuration.
+                properties:
+                  amount:
+                    description: Amount defines the maximum amount of allowed simultaneous
+                      connections. The middleware closes the connection if there are
+                      already amount connections opened.
+                    format: int64
+                    type: integer
+                type: object
+              ipWhiteList:
+                description: IPWhiteList defines the IPWhiteList middleware configuration.
+                properties:
+                  sourceRange:
+                    description: SourceRange defines the allowed IPs (or ranges of
+                      allowed IPs by using CIDR notation).
+                    items:
+                      type: string
+                    type: array
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/crds/traefik.io_serverstransports.yaml b/enterprise/traefik/18.0.18/crds/traefik.io_serverstransports.yaml
new file mode 100644
index 00000000000..803b56395a4
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.io_serverstransports.yaml
@@ -0,0 +1,128 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: serverstransports.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: ServersTransport
+    listKind: ServersTransportList
+    plural: serverstransports
+    singular: serverstransport
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'ServersTransport is the CRD implementation of a ServersTransport.
+          If no serversTransport is specified, the default@internal will be used.
+          The default@internal serversTransport is created from the static configuration.
+          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ServersTransportSpec defines the desired state of a ServersTransport.
+            properties:
+              certificatesSecrets:
+                description: CertificatesSecrets defines a list of secret storing
+                  client certificates for mTLS.
+                items:
+                  type: string
+                type: array
+              disableHTTP2:
+                description: DisableHTTP2 disables HTTP/2 for connections with backend
+                  servers.
+                type: boolean
+              forwardingTimeouts:
+                description: ForwardingTimeouts defines the timeouts for requests
+                  forwarded to the backend servers.
+                properties:
+                  dialTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: DialTimeout is the amount of time to wait until a
+                      connection to a backend server can be established.
+                    x-kubernetes-int-or-string: true
+                  idleConnTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: IdleConnTimeout is the maximum period for which an
+                      idle HTTP keep-alive connection will remain open before closing
+                      itself.
+                    x-kubernetes-int-or-string: true
+                  pingTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: PingTimeout is the timeout after which the HTTP/2
+                      connection will be closed if a response to ping is not received.
+                    x-kubernetes-int-or-string: true
+                  readIdleTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: ReadIdleTimeout is the timeout after which a health
+                      check using ping frame will be carried out if no frame is received
+                      on the HTTP/2 connection.
+                    x-kubernetes-int-or-string: true
+                  responseHeaderTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: ResponseHeaderTimeout is the amount of time to wait
+                      for a server's response headers after fully writing the request
+                      (including its body, if any).
+                    x-kubernetes-int-or-string: true
+                type: object
+              insecureSkipVerify:
+                description: InsecureSkipVerify disables SSL certificate verification.
+                type: boolean
+              maxIdleConnsPerHost:
+                description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
+                  to keep per-host.
+                type: integer
+              peerCertURI:
+                description: PeerCertURI defines the peer cert URI used to match against
+                  SAN URI during the peer certificate verification.
+                type: string
+              rootCAsSecrets:
+                description: RootCAsSecrets defines a list of CA secret used to validate
+                  self-signed certificate.
+                items:
+                  type: string
+                type: array
+              serverName:
+                description: ServerName defines the server name used to contact the
+                  server.
+                type: string
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/crds/traefik.io_tlsoptions.yaml b/enterprise/traefik/18.0.18/crds/traefik.io_tlsoptions.yaml
new file mode 100644
index 00000000000..b86fefe0e95
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.io_tlsoptions.yaml
@@ -0,0 +1,113 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: tlsoptions.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: TLSOption
+    listKind: TLSOptionList
+    plural: tlsoptions
+    singular: tlsoption
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
+          allowing to configure some parameters of the TLS connection. More info:
+          https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TLSOptionSpec defines the desired state of a TLSOption.
+            properties:
+              alpnProtocols:
+                description: 'ALPNProtocols defines the list of supported application
+                  level protocols for the TLS handshake, in order of preference. More
+                  info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols'
+                items:
+                  type: string
+                type: array
+              cipherSuites:
+                description: 'CipherSuites defines the list of supported cipher suites
+                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites'
+                items:
+                  type: string
+                type: array
+              clientAuth:
+                description: ClientAuth defines the server's policy for TLS Client
+                  Authentication.
+                properties:
+                  clientAuthType:
+                    description: ClientAuthType defines the client authentication
+                      type to apply.
+                    enum:
+                    - NoClientCert
+                    - RequestClientCert
+                    - RequireAnyClientCert
+                    - VerifyClientCertIfGiven
+                    - RequireAndVerifyClientCert
+                    type: string
+                  secretNames:
+                    description: SecretNames defines the names of the referenced Kubernetes
+                      Secret storing certificate details.
+                    items:
+                      type: string
+                    type: array
+                type: object
+              curvePreferences:
+                description: 'CurvePreferences defines the preferred elliptic curves
+                  in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences'
+                items:
+                  type: string
+                type: array
+              maxVersion:
+                description: 'MaxVersion defines the maximum TLS version that Traefik
+                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+                  VersionTLS13. Default: None.'
+                type: string
+              minVersion:
+                description: 'MinVersion defines the minimum TLS version that Traefik
+                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+                  VersionTLS13. Default: VersionTLS10.'
+                type: string
+              preferServerCipherSuites:
+                description: 'PreferServerCipherSuites defines whether the server
+                  chooses a cipher suite among his own instead of among the client''s.
+                  It is enabled automatically when minVersion or maxVersion is set.
+                  Deprecated: https://github.com/golang/go/issues/45430'
+                type: boolean
+              sniStrict:
+                description: SniStrict defines whether Traefik allows connections
+                  from clients connections that do not specify a server_name extension.
+                type: boolean
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/crds/traefik.io_tlsstores.yaml b/enterprise/traefik/18.0.18/crds/traefik.io_tlsstores.yaml
new file mode 100644
index 00000000000..47b46854c8b
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.io_tlsstores.yaml
@@ -0,0 +1,99 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: tlsstores.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: TLSStore
+    listKind: TLSStoreList
+    plural: tlsstores
+    singular: tlsstore
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
+          the time being, only the TLSStore named default is supported. This means
+          that you cannot have two stores that are named default in different Kubernetes
+          namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TLSStoreSpec defines the desired state of a TLSStore.
+            properties:
+              certificates:
+                description: Certificates is a list of secret names, each secret holding
+                  a key/certificate pair to add to the store.
+                items:
+                  description: Certificate holds a secret name for the TLSStore resource.
+                  properties:
+                    secretName:
+                      description: SecretName is the name of the referenced Kubernetes
+                        Secret to specify the certificate details.
+                      type: string
+                  required:
+                  - secretName
+                  type: object
+                type: array
+              defaultCertificate:
+                description: DefaultCertificate defines the default certificate configuration.
+                properties:
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                required:
+                - secretName
+                type: object
+              defaultGeneratedCert:
+                description: DefaultGeneratedCert defines the default generated certificate
+                  configuration.
+                properties:
+                  domain:
+                    description: Domain is the domain definition for the DefaultCertificate.
+                    properties:
+                      main:
+                        description: Main defines the main domain name.
+                        type: string
+                      sans:
+                        description: SANs defines the subject alternative domain names.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  resolver:
+                    description: Resolver is the name of the resolver that will be
+                      used to issue the DefaultCertificate.
+                    type: string
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/crds/traefik.io_traefikservices.yaml b/enterprise/traefik/18.0.18/crds/traefik.io_traefikservices.yaml
new file mode 100644
index 00000000000..0f3475bda46
--- /dev/null
+++ b/enterprise/traefik/18.0.18/crds/traefik.io_traefikservices.yaml
@@ -0,0 +1,402 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: traefikservices.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: TraefikService
+    listKind: TraefikServiceList
+    plural: traefikservices
+    singular: traefikservice
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TraefikService is the CRD implementation of a Traefik Service.
+          TraefikService object allows to: - Apply weight to Services on load-balancing
+          - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TraefikServiceSpec defines the desired state of a TraefikService.
+            properties:
+              mirroring:
+                description: Mirroring defines the Mirroring service configuration.
+                properties:
+                  kind:
+                    description: Kind defines the kind of the Service.
+                    enum:
+                    - Service
+                    - TraefikService
+                    type: string
+                  maxBodySize:
+                    description: MaxBodySize defines the maximum size allowed for
+                      the body of the request. If the body is larger, the request
+                      is not mirrored. Default value is -1, which means unlimited
+                      size.
+                    format: int64
+                    type: integer
+                  mirrors:
+                    description: Mirrors defines the list of mirrors where Traefik
+                      will duplicate the traffic.
+                    items:
+                      description: MirrorService holds the mirror configuration.
+                      properties:
+                        kind:
+                          description: Kind defines the kind of the Service.
+                          enum:
+                          - Service
+                          - TraefikService
+                          type: string
+                        name:
+                          description: Name defines the name of the referenced Kubernetes
+                            Service or TraefikService. The differentiation between
+                            the two is specified in the Kind field.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Kubernetes Service or TraefikService.
+                          type: string
+                        nativeLB:
+                          description: NativeLB controls, when creating the load-balancer,
+                            whether the LB's children are directly the pods IPs or
+                            if the only child is the Kubernetes Service clusterIP.
+                            The Kubernetes Service itself does load-balance to the
+                            pods. By default, NativeLB is false.
+                          type: boolean
+                        passHostHeader:
+                          description: PassHostHeader defines whether the client Host
+                            header is forwarded to the upstream Kubernetes Service.
+                            By default, passHostHeader is true.
+                          type: boolean
+                        percent:
+                          description: 'Percent defines the part of the traffic to
+                            mirror. Supported values: 0 to 100.'
+                          type: integer
+                        port:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          description: Port defines the port of a Kubernetes Service.
+                            This can be a reference to a named port.
+                          x-kubernetes-int-or-string: true
+                        responseForwarding:
+                          description: ResponseForwarding defines how Traefik forwards
+                            the response from the upstream Kubernetes Service to the
+                            client.
+                          properties:
+                            flushInterval:
+                              description: 'FlushInterval defines the interval, in
+                                milliseconds, in between flushes to the client while
+                                copying the response body. A negative value means
+                                to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes
+                                a response as a streaming response; for such responses,
+                                writes are flushed to the client immediately. Default:
+                                100ms'
+                              type: string
+                          type: object
+                        scheme:
+                          description: Scheme defines the scheme to use for the request
+                            to the upstream Kubernetes Service. It defaults to https
+                            when Kubernetes Service port is 443, http otherwise.
+                          type: string
+                        serversTransport:
+                          description: ServersTransport defines the name of ServersTransport
+                            resource to use. It allows to configure the transport
+                            between Traefik and your servers. Can only be used on
+                            a Kubernetes Service.
+                          type: string
+                        sticky:
+                          description: 'Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                          properties:
+                            cookie:
+                              description: Cookie defines the sticky cookie configuration.
+                              properties:
+                                httpOnly:
+                                  description: HTTPOnly defines whether the cookie
+                                    can be accessed by client-side APIs, such as JavaScript.
+                                  type: boolean
+                                name:
+                                  description: Name defines the Cookie name.
+                                  type: string
+                                sameSite:
+                                  description: 'SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  type: string
+                                secure:
+                                  description: Secure defines whether the cookie can
+                                    only be transmitted over an encrypted connection
+                                    (i.e. HTTPS).
+                                  type: boolean
+                              type: object
+                          type: object
+                        strategy:
+                          description: Strategy defines the load balancing strategy
+                            between the servers. RoundRobin is the only supported
+                            value at the moment.
+                          type: string
+                        weight:
+                          description: Weight defines the weight and should only be
+                            specified when Name references a TraefikService object
+                            (and to be precise, one that embeds a Weighted Round Robin).
+                          type: integer
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  name:
+                    description: Name defines the name of the referenced Kubernetes
+                      Service or TraefikService. The differentiation between the two
+                      is specified in the Kind field.
+                    type: string
+                  namespace:
+                    description: Namespace defines the namespace of the referenced
+                      Kubernetes Service or TraefikService.
+                    type: string
+                  nativeLB:
+                    description: NativeLB controls, when creating the load-balancer,
+                      whether the LB's children are directly the pods IPs or if the
+                      only child is the Kubernetes Service clusterIP. The Kubernetes
+                      Service itself does load-balance to the pods. By default, NativeLB
+                      is false.
+                    type: boolean
+                  passHostHeader:
+                    description: PassHostHeader defines whether the client Host header
+                      is forwarded to the upstream Kubernetes Service. By default,
+                      passHostHeader is true.
+                    type: boolean
+                  port:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: Port defines the port of a Kubernetes Service. This
+                      can be a reference to a named port.
+                    x-kubernetes-int-or-string: true
+                  responseForwarding:
+                    description: ResponseForwarding defines how Traefik forwards the
+                      response from the upstream Kubernetes Service to the client.
+                    properties:
+                      flushInterval:
+                        description: 'FlushInterval defines the interval, in milliseconds,
+                          in between flushes to the client while copying the response
+                          body. A negative value means to flush immediately after
+                          each write to the client. This configuration is ignored
+                          when ReverseProxy recognizes a response as a streaming response;
+                          for such responses, writes are flushed to the client immediately.
+                          Default: 100ms'
+                        type: string
+                    type: object
+                  scheme:
+                    description: Scheme defines the scheme to use for the request
+                      to the upstream Kubernetes Service. It defaults to https when
+                      Kubernetes Service port is 443, http otherwise.
+                    type: string
+                  serversTransport:
+                    description: ServersTransport defines the name of ServersTransport
+                      resource to use. It allows to configure the transport between
+                      Traefik and your servers. Can only be used on a Kubernetes Service.
+                    type: string
+                  sticky:
+                    description: 'Sticky defines the sticky sessions configuration.
+                      More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                    properties:
+                      cookie:
+                        description: Cookie defines the sticky cookie configuration.
+                        properties:
+                          httpOnly:
+                            description: HTTPOnly defines whether the cookie can be
+                              accessed by client-side APIs, such as JavaScript.
+                            type: boolean
+                          name:
+                            description: Name defines the Cookie name.
+                            type: string
+                          sameSite:
+                            description: 'SameSite defines the same site policy. More
+                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            type: string
+                          secure:
+                            description: Secure defines whether the cookie can only
+                              be transmitted over an encrypted connection (i.e. HTTPS).
+                            type: boolean
+                        type: object
+                    type: object
+                  strategy:
+                    description: Strategy defines the load balancing strategy between
+                      the servers. RoundRobin is the only supported value at the moment.
+                    type: string
+                  weight:
+                    description: Weight defines the weight and should only be specified
+                      when Name references a TraefikService object (and to be precise,
+                      one that embeds a Weighted Round Robin).
+                    type: integer
+                required:
+                - name
+                type: object
+              weighted:
+                description: Weighted defines the Weighted Round Robin configuration.
+                properties:
+                  services:
+                    description: Services defines the list of Kubernetes Service and/or
+                      TraefikService to load-balance, with weight.
+                    items:
+                      description: Service defines an upstream HTTP service to proxy
+                        traffic to.
+                      properties:
+                        kind:
+                          description: Kind defines the kind of the Service.
+                          enum:
+                          - Service
+                          - TraefikService
+                          type: string
+                        name:
+                          description: Name defines the name of the referenced Kubernetes
+                            Service or TraefikService. The differentiation between
+                            the two is specified in the Kind field.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Kubernetes Service or TraefikService.
+                          type: string
+                        nativeLB:
+                          description: NativeLB controls, when creating the load-balancer,
+                            whether the LB's children are directly the pods IPs or
+                            if the only child is the Kubernetes Service clusterIP.
+                            The Kubernetes Service itself does load-balance to the
+                            pods. By default, NativeLB is false.
+                          type: boolean
+                        passHostHeader:
+                          description: PassHostHeader defines whether the client Host
+                            header is forwarded to the upstream Kubernetes Service.
+                            By default, passHostHeader is true.
+                          type: boolean
+                        port:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          description: Port defines the port of a Kubernetes Service.
+                            This can be a reference to a named port.
+                          x-kubernetes-int-or-string: true
+                        responseForwarding:
+                          description: ResponseForwarding defines how Traefik forwards
+                            the response from the upstream Kubernetes Service to the
+                            client.
+                          properties:
+                            flushInterval:
+                              description: 'FlushInterval defines the interval, in
+                                milliseconds, in between flushes to the client while
+                                copying the response body. A negative value means
+                                to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes
+                                a response as a streaming response; for such responses,
+                                writes are flushed to the client immediately. Default:
+                                100ms'
+                              type: string
+                          type: object
+                        scheme:
+                          description: Scheme defines the scheme to use for the request
+                            to the upstream Kubernetes Service. It defaults to https
+                            when Kubernetes Service port is 443, http otherwise.
+                          type: string
+                        serversTransport:
+                          description: ServersTransport defines the name of ServersTransport
+                            resource to use. It allows to configure the transport
+                            between Traefik and your servers. Can only be used on
+                            a Kubernetes Service.
+                          type: string
+                        sticky:
+                          description: 'Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                          properties:
+                            cookie:
+                              description: Cookie defines the sticky cookie configuration.
+                              properties:
+                                httpOnly:
+                                  description: HTTPOnly defines whether the cookie
+                                    can be accessed by client-side APIs, such as JavaScript.
+                                  type: boolean
+                                name:
+                                  description: Name defines the Cookie name.
+                                  type: string
+                                sameSite:
+                                  description: 'SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  type: string
+                                secure:
+                                  description: Secure defines whether the cookie can
+                                    only be transmitted over an encrypted connection
+                                    (i.e. HTTPS).
+                                  type: boolean
+                              type: object
+                          type: object
+                        strategy:
+                          description: Strategy defines the load balancing strategy
+                            between the servers. RoundRobin is the only supported
+                            value at the moment.
+                          type: string
+                        weight:
+                          description: Weight defines the weight and should only be
+                            specified when Name references a TraefikService object
+                            (and to be precise, one that embeds a Weighted Round Robin).
+                          type: integer
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  sticky:
+                    description: 'Sticky defines whether sticky sessions are enabled.
+                      More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
+                    properties:
+                      cookie:
+                        description: Cookie defines the sticky cookie configuration.
+                        properties:
+                          httpOnly:
+                            description: HTTPOnly defines whether the cookie can be
+                              accessed by client-side APIs, such as JavaScript.
+                            type: boolean
+                          name:
+                            description: Name defines the Cookie name.
+                            type: string
+                          sameSite:
+                            description: 'SameSite defines the same site policy. More
+                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            type: string
+                          secure:
+                            description: Secure defines whether the cookie can only
+                              be transmitted over an encrypted connection (i.e. HTTPS).
+                            type: boolean
+                        type: object
+                    type: object
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/enterprise/traefik/18.0.18/ix_values.yaml b/enterprise/traefik/18.0.18/ix_values.yaml
new file mode 100644
index 00000000000..1a294f81ce2
--- /dev/null
+++ b/enterprise/traefik/18.0.18/ix_values.yaml
@@ -0,0 +1,416 @@
+image:
+  repository: tccr.io/truecharts/traefik
+  tag: 2.10.1@sha256:049aece2d3e7eddabed1e2e4c4bd03ceba372d3b9f461386b262b6cb69369fcf
+  pullPolicy: IfNotPresent
+manifestManager:
+  enabled: true
+workload:
+  main:
+    replicas: 2
+    strategy: RollingUpdate
+    podSpec:
+      containers:
+        main:
+          args: []
+          probes:
+            # -- Liveness probe configuration
+            # @default -- See below
+            liveness:
+              # -- sets the probe type when not using a custom probe
+              # @default -- "TCP"
+              type: tcp
+              # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
+              # @default -- "/"
+              # path: "/ping"
+
+            # -- Redainess probe configuration
+            # @default -- See below
+            readiness:
+              # -- sets the probe type when not using a custom probe
+              # @default -- "TCP"
+              type: tcp
+              # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
+              # @default -- "/"
+              # path: "/ping"
+
+            # -- Startup probe configuration
+            # @default -- See below
+            startup:
+              # -- sets the probe type when not using a custom probe
+              # @default -- "TCP"
+              type: tcp
+              # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
+              # @default -- "/"
+              # path: "/ping"
+
+# -- Options for all pods
+# Can be overruled per pod
+podOptions:
+  automountServiceAccountToken: true
+
+# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
+ingressClass:
+  # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
+  enabled: false
+  isDefaultClass: false
+  # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
+  fallbackApiVersion: ""
+
+# -- Create an IngressRoute for the dashboard
+ingressRoute:
+  dashboard:
+    enabled: true
+    # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
+    annotations: {}
+    # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
+    labels: {}
+#
+# -- Configure providers
+providers:
+  kubernetesCRD:
+    enabled: true
+    namespaces:
+      []
+      # - "default"
+  kubernetesIngress:
+    enabled: true
+    # labelSelector: environment=production,method=traefik
+    namespaces:
+      []
+      # - "default"
+    # IP used for Kubernetes Ingress endpoints
+    publishedService:
+      enabled: true
+      # Published Kubernetes Service to copy status from. Format: namespace/servicename
+      # By default this Traefik service
+      # pathOverride: ""
+
+# -- Logs
+# https://docs.traefik.io/observability/logs/
+logs:
+  # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
+  general:
+    # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
+    level: ERROR
+    # -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format
+    format: common
+  access:
+    # To enable access logs
+    enabled: false
+    # To write the logs in an asynchronous fashion, specify a bufferingSize option.
+    # This option represents the number of log lines Traefik will keep in memory before writing
+    # them to the selected output. In some cases, this option can greatly help performances.
+    # bufferingSize: 100
+    # Filtering https://docs.traefik.io/observability/access-logs/#filtering
+    filters:
+      {}
+      # statuscodes: "200,300-302"
+      # retryattempts: true
+      # minduration: 10ms
+    # Fields
+    # https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
+    fields:
+      general:
+        defaultmode: keep
+        names:
+          {}
+          # Examples:
+          # ClientUsername: drop
+      headers:
+        defaultmode: drop
+        names:
+          {}
+          # Examples:
+          # User-Agent: redact
+          # Authorization: drop
+          # Content-Type: keep
+    # -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format
+    format: common
+
+metrics:
+  main:
+    enabled: false
+    type: servicemonitor
+    endpoints:
+      - port: metrics
+        path: /metrics
+    targetSelector: metrics
+
+globalArguments:
+  - "--global.checknewversion"
+
+##
+# -- Additional arguments to be passed at Traefik's binary
+# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
+## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
+additionalArguments:
+  - "--serverstransport.insecureskipverify=true"
+  - "--providers.kubernetesingress.allowexternalnameservices=true"
+
+# -- TLS Options to be created as TLSOption CRDs
+# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options
+# Example:
+tlsOptions:
+  default:
+    sniStrict: false
+    minVersion: VersionTLS12
+    curvePreferences:
+      - CurveP521
+      - CurveP384
+    cipherSuites:
+      - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+      - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+      - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+      - TLS_AES_128_GCM_SHA256
+      - TLS_AES_256_GCM_SHA384
+      - TLS_CHACHA20_POLY1305_SHA256
+
+# -- Options for the main traefik service, where the entrypoints traffic comes from
+# from.
+service:
+  main:
+    type: LoadBalancer
+    ports:
+      main:
+        port: 9000
+        targetPort: 9000
+        protocol: http
+        # -- Forwarded Headers should never be enabled on Main entrypoint
+        forwardedHeaders:
+          enabled: false
+        # -- Proxy Protocol should never be enabled on Main entrypoint
+        proxyProtocol:
+          enabled: false
+  tcp:
+    enabled: true
+    type: LoadBalancer
+    ports:
+      web:
+        enabled: true
+        port: 9080
+        protocol: http
+        redirectTo: websecure
+        # Options: Empty, 0 (ingore), or positive int
+        # redirectPort:
+        # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
+        forwardedHeaders:
+          enabled: false
+          # -- List of trusted IP and CIDR references
+          trustedIPs: []
+          # -- Trust all forwarded headers
+          insecureMode: false
+        # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
+        proxyProtocol:
+          enabled: false
+          # -- Only IPs in trustedIPs will lead to remote client address replacement
+          trustedIPs: []
+          # -- Trust every incoming connection
+          insecureMode: false
+      websecure:
+        enabled: true
+        port: 9443
+        protocol: https
+        # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
+        forwardedHeaders:
+          enabled: false
+          # -- List of trusted IP and CIDR references
+          trustedIPs: []
+          # -- Trust all forwarded headers
+          insecureMode: false
+        # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
+        proxyProtocol:
+          enabled: false
+          # -- Only IPs in trustedIPs will lead to remote client address replacement
+          trustedIPs: []
+          # -- Trust every incoming connection
+          insecureMode: false
+  #      tcpexample:
+  #        enabled: true
+  #        targetPort: 9443
+  #        protocol: tcp
+  #        tls:
+  #          enabled: false
+  #          # this is the name of a TLSOption definition
+  #          options: ""
+  #          certResolver: ""
+  #          domains: []
+  #          # - main: example.com
+  #          #   sans:
+  #          #     - foo.example.com
+  #          #     - bar.example.com
+  metrics:
+    enabled: true
+    type: ClusterIP
+    ports:
+      metrics:
+        enabled: true
+        port: 9180
+        targetPort: 9180
+        protocol: http
+        # -- Forwarded Headers should never be enabled on Metrics entrypoint
+        forwardedHeaders:
+          enabled: false
+        # -- Proxy Protocol should never be enabled on Metrics entrypoint
+        proxyProtocol:
+          enabled: false
+  # udp:
+  #   enabled: false
+
+# -- Whether Role Based Access Control objects like roles and rolebindings should be created
+rbac:
+  main:
+    enabled: true
+    primary: true
+    clusterWide: true
+    rules:
+      - apiGroups:
+          - ""
+        resources:
+          - services
+          - endpoints
+          - secrets
+        verbs:
+          - get
+          - list
+          - watch
+      - apiGroups:
+          - extensions
+          - networking.k8s.io
+        resources:
+          - ingresses
+          - ingressclasses
+        verbs:
+          - get
+          - list
+          - watch
+      - apiGroups:
+          - extensions
+          - networking.k8s.io
+        resources:
+          - ingresses/status
+        verbs:
+          - update
+      - apiGroups:
+          - traefik.containo.us
+          - traefik.io
+        resources:
+          - middlewares
+          - middlewaretcps
+          - ingressroutes
+          - traefikservices
+          - ingressroutetcps
+          - ingressrouteudps
+          - tlsoptions
+          - tlsstores
+          - serverstransports
+        verbs:
+          - get
+          - list
+          - watch
+
+# -- The service account the pods will use to interact with the Kubernetes API
+serviceAccount:
+  main:
+    enabled: true
+    primary: true
+
+# -- SCALE Middleware Handlers
+middlewares:
+  basicAuth: []
+  # - name: basicauthexample
+  #   users:
+  #     - username: testuser
+  #       password: testpassword
+  forwardAuth: []
+  # - name: forwardAuthexample
+  #   address: https://auth.example.com/
+  #   authResponseHeaders:
+  #     - X-Secret
+  #     - X-Auth-User
+  #   authRequestHeaders:
+  #     - "Accept"
+  #     - "X-CustomHeader"
+  #   authResponseHeadersRegex: "^X-"
+  #   trustForwardHeader: true
+  chain: []
+  # - name: chainname
+  #   middlewares:
+  #    - name: compress
+  redirectScheme: []
+  # - name: redirectSchemeName
+  #   scheme: https
+  #   permanent: true
+  rateLimit: []
+  # - name: rateLimitName
+  #   average: 300
+  #   burst: 200
+  redirectRegex: []
+  # - name: redirectRegexName
+  #   regex: putregexhere
+  #   replacement: replacementurlhere
+  #   permanent: false
+  stripPrefixRegex: []
+  # - name: stripPrefixRegexName
+  #   regex: []
+  ipWhiteList: []
+  # - name: ipWhiteListName
+  #   sourceRange: []
+  #   ipStrategy:
+  #     depth: 2
+  #     excludedIPs: []
+  themeParkVersion: v1.3.0
+  themePark: []
+  # - name: themeParkName
+  # -- Supported apps, lower case name
+  # -- https://docs.theme-park.dev/themes
+  #   app: appnamehere
+  # -- Supported themes, lower case name
+  # -- https://docs.theme-park.dev/themes/APPNAMEHERE
+  # -- https://docs.theme-park.dev/community-themes
+  #   theme: themenamehere
+  # -- https://theme-park.dev or a self hosted url
+  #   baseUrl: https://theme-park.dev
+  realIPVersion: v1.0.3
+  # Sets X-Real-Ip with an IP from the X-Forwarded-For or
+  # Cf-Connecting-Ip (If from Cloudflare)
+  # Evaluation of those headers will go from last to first
+  realIP: []
+  # - name: realIPName
+  # -- The real IP will be the first one that is
+  # -- not included in any of the CIDRs passed here
+  #   excludedNetworks:
+  #     - 1.1.1.1/24
+  addPrefix: []
+  # - name: addPrefixName
+  #   prefix: "/foo"
+  geoBlockVersion: v0.2.4
+  geoBlock: []
+  # -- https://github.com/PascalMinder/geoblock
+  # - name: geoBlockName
+  #   allowLocalRequests: true
+  #   logLocalRequests: false
+  #   logAllowedRequests: false
+  #   logApiRequests: false
+  #   api: https://get.geojs.io/v1/ip/country/{ip}
+  #   apiTimeoutMs: 500
+  #   cacheSize: 25
+  #   forceMonthlyUpdate: true
+  #   allowUnknownCountries: false
+  #   unknownCountryApiResponse: nil
+  #   blackListMode: false
+  #   countries:
+  #     - RU
+
+portalhook:
+  enabled: true
+
+persistence:
+  plugins:
+    enabled: true
+    mountPath: "/plugins-storage"
+    type: emptyDir
+
+portal:
+  open:
+    enabled: true
+    path: /dashboard/
diff --git a/enterprise/traefik/18.0.18/questions.yaml b/enterprise/traefik/18.0.18/questions.yaml
new file mode 100644
index 00000000000..04d93e73fce
--- /dev/null
+++ b/enterprise/traefik/18.0.18/questions.yaml
@@ -0,0 +1,2652 @@
+groups:
+  - name: Container Image
+    description: Image to be used for container
+  - name: General Settings
+    description: General Deployment Settings
+  - name: Workload Settings
+    description: Workload Settings
+  - name: App Configuration
+    description: App Specific Config Options
+  - name: Networking and Services
+    description: Configure Network and Services for Container
+  - name: Storage and Persistence
+    description: Persist and Share Data that is Separate from the Container
+  - name: Ingress
+    description: Ingress Configuration
+  - name: Security and Permissions
+    description: Configure Security Context and Permissions
+  - name: Resources and Devices
+    description: "Specify Resources/Devices to be Allocated to Workload"
+  - name: Middlewares
+    description: Traefik Middlewares
+  - name: Metrics
+    description: Metrics
+  - name: Addons
+    description: Addon Configuration
+  - name: Advanced
+    description: Advanced Configuration
+  - name: Postgresql
+    description: Postgresql
+  - name: Documentation
+    description: Documentation
+portals:
+  open:
+    protocols:
+      - "$kubernetes-resource_configmap_tcportal-open_protocol"
+    host:
+      - "$kubernetes-resource_configmap_tcportal-open_host"
+    ports:
+      - "$kubernetes-resource_configmap_tcportal-open_port"
+    path: "$kubernetes-resource_configmap_tcportal-open_path"
+questions:
+  - variable: global
+    group: General Settings
+    label: "Global Settings"
+    schema:
+      additional_attrs: true
+      type: dict
+      attrs:
+        - variable: stopAll
+          label: Stop All
+          description: "Stops All Running pods and hibernates cnpg"
+          schema:
+            type: boolean
+            default: false
+  - variable: workload
+    group: "Workload Settings"
+    label: ""
+    schema:
+      additional_attrs: true
+      type: dict
+      attrs:
+        - variable: main
+          label: ""
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              - variable: type
+                label: Type (Advanced)
+                schema:
+                  type: string
+                  default: Deployment
+                  enum:
+                    - value: Deployment
+                      description: Deployment
+                    - value: DaemonSet
+                      description: DaemonSet
+
+              - variable: replicas
+                label: Replicas (Advanced)
+                description: Set the number of Replicas
+                schema:
+                  type: int
+                  show_if: [["type", "!=", "DaemonSet"]]
+                  default: 1
+              - variable: podSpec
+                label: ""
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  attrs:
+                    - variable: containers
+                      label: Containers
+                      schema:
+                        additional_attrs: true
+                        type: dict
+                        attrs:
+                          - variable: main
+                            label: Main Container
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              attrs:
+                                - variable: envList
+                                  label: Extra Environment Variables
+                                  description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
+                                  schema:
+                                    type: list
+                                    default: []
+                                    items:
+                                      - variable: envItem
+                                        label: Environment Variable
+                                        schema:
+                                          additional_attrs: true
+                                          type: dict
+                                          attrs:
+                                            - variable: name
+                                              label: Name
+                                              schema:
+                                                type: string
+                                            - variable: value
+                                              label: Value
+                                              schema:
+                                                type: string
+                                - variable: extraArgs
+                                  label: Extra Args
+                                  schema:
+                                    type: list
+                                    default: []
+                                    items:
+                                      - variable: arg
+                                        label: Arg
+                                        schema:
+                                          type: string
+                                - variable: advanced
+                                  label: Show Advanced Settings
+                                  description: Advanced settings are not covered by TrueCharts Support
+                                  schema:
+                                    type: boolean
+                                    default: false
+                                    show_subquestions_if: true
+                                    subquestions:
+                                      - variable: command
+                                        label: Command
+                                        schema:
+                                          type: list
+                                          default: []
+                                          items:
+                                            - variable: param
+                                              label: Param
+                                              schema:
+                                                type: string
+
+  - variable: TZ
+    label: Timezone
+    group: "General Settings"
+    schema:
+      type: string
+      default: "Etc/UTC"
+      $ref:
+        - "definitions/timezone"
+  - variable: podOptions
+    group: "General Settings"
+    label: "Global Pod Options (Advanced)"
+    schema:
+      additional_attrs: true
+      type: dict
+      attrs:
+        - variable: expertPodOpts
+          label: "Expert - Pod Options"
+          schema:
+            type: boolean
+            default: false
+            show_subquestions_if: true
+            subquestions:
+              - variable: hostNetwork
+                label: "Host Networking"
+                schema:
+                  type: boolean
+                  default: false
+              - variable: dnsConfig
+                label: "DNS Configuration"
+                schema:
+                  type: dict
+                  additional_attrs: true
+                  attrs:
+                    - variable: options
+                      label: "Options"
+                      schema:
+                        type: list
+                        default: [{"name": "ndots", "value": "1"}]
+                        items:
+                          - variable: optionsEntry
+                            label: "Option Entry"
+                            schema:
+                              type: dict
+                              additional_attrs: true
+                              attrs:
+                                - variable: name
+                                  label: "Name"
+                                  schema:
+                                    type: string
+                                    required: true
+                                - variable: value
+                                  label: "Value"
+                                  schema:
+                                    type: string
+                    - variable: nameservers
+                      label: "Nameservers"
+                      schema:
+                        type: list
+                        default: []
+                        items:
+                          - variable: nsEntry
+                            label: "Nameserver Entry"
+                            schema:
+                              type: string
+                              required: true
+                    - variable: searches
+                      label: "Searches"
+                      schema:
+                        type: list
+                        default: []
+                        items:
+                          - variable: searchEntry
+                            label: "Search Entry"
+                            schema:
+                              type: string
+                              required: true
+  - variable: expertIngressClass
+    label: Expert Mode
+    group: App Configuration
+    description: |
+      Expert Mode contains settings like: </br>
+      - IngressClass </br>
+    schema:
+      type: boolean
+      default: false
+      show_subquestions_if: true
+      subquestions:
+        - variable: ingressClass
+          label: "ingressClass"
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              - variable: enabled
+                label: "Enable"
+                description: "When enabled, ingressClass will match the entered name of this app"
+                schema:
+                  type: boolean
+                  default: false
+              - variable: isDefaultClass
+                label: "isDefaultClass"
+                schema:
+                  type: boolean
+                  show_if: [["enabled", "=", true]]
+                  default: false
+  - variable: logs
+    label: "Logs"
+    group: "App Configuration"
+    schema:
+      additional_attrs: true
+      type: dict
+      attrs:
+        - variable: general
+          label: "General Logs"
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              - variable: level
+                label: "Log Level"
+                schema:
+                  type: string
+                  default: "ERROR"
+                  enum:
+                    - value: "INFO"
+                      description: "Info"
+                    - value: "WARN"
+                      description: "Warnings"
+                    - value: "ERROR"
+                      description: "Errors"
+                    - value: "FATAL"
+                      description: "Fatal Errors"
+                    - value: "PANIC"
+                      description: "Panics"
+                    - value: "DEBUG"
+                      description: "Debug"
+              - variable: format
+                label: "General Log format"
+                schema:
+                  type: string
+                  default: "common"
+                  enum:
+                    - value: "common"
+                      description: "Common Log Format"
+                    - value: "json"
+                      description: "JSON"
+        - variable: access
+          label: "Access Logs"
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              - variable: enabled
+                label: "Enable"
+                schema:
+                  type: boolean
+                  default: false
+                  show_subquestions_if: true
+                  subquestions:
+                    - variable: enabledFilters
+                      label: "Enable Filters"
+                      schema:
+                        type: boolean
+                        default: false
+                        show_subquestions_if: true
+                        subquestions:
+                          - variable: filters
+                            label: "Filters"
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              attrs:
+                              - variable: statuscodes
+                                label: "Status codes"
+                                schema:
+                                  type: string
+                                  default: "200,300-302"
+                              - variable: retryattempts
+                                label: "retryattempts"
+                                schema:
+                                  type: boolean
+                                  default: true
+                              - variable: minduration
+                                label: "minduration"
+                                schema:
+                                  type: string
+                                  default: "10ms"
+                    - variable: fields
+                      label: "Fields"
+                      schema:
+                        additional_attrs: true
+                        type: dict
+                        attrs:
+                          - variable: general
+                            label: "General"
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              attrs:
+                                - variable: defaultmode
+                                  label: "Default Mode"
+                                  schema:
+                                    type: string
+                                    default: "keep"
+                                    enum:
+                                      - value: "keep"
+                                        description: "Keep"
+                                      - value: "drop"
+                                        description: "Drop"
+                          - variable: headers
+                            label: "Headers"
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              attrs:
+                                - variable: defaultmode
+                                  label: "Default Mode"
+                                  schema:
+                                    type: string
+                                    default: "drop"
+                                    enum:
+                                      - value: "keep"
+                                        description: "Keep"
+                                      - value: "drop"
+                                        description: "Drop"
+                    - variable: format
+                      label: "Access Log format"
+                      schema:
+                        type: string
+                        default: "common"
+                        enum:
+                          - value: "common"
+                            description: "Common Log Format"
+                          - value: "json"
+                            description: "JSON"
+  - variable: middlewares
+    label: ""
+    group: "Middlewares"
+    schema:
+      additional_attrs: true
+      type: dict
+      attrs:
+        - variable: basicAuth
+          label: basicAuth
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: basicAuthEntry
+                label: ""
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      schema:
+                        type: string
+                        required: true
+                        default: ""
+                    - variable: users
+                      label: Users
+                      schema:
+                        type: list
+                        default: []
+                        items:
+                          - variable: usersEntry
+                            label: ""
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              attrs:
+                                - variable: username
+                                  label: Username
+                                  schema:
+                                    type: string
+                                    required: true
+                                    default: ""
+                                - variable: password
+                                  label: Password
+                                  schema:
+                                    type: string
+                                    required: true
+                                    default: ""
+        - variable: forwardAuth
+          label: forwardAuth
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: basicAuthEntry
+                label: ""
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      schema:
+                        type: string
+                        required: true
+                        default: ""
+                    - variable: address
+                      label: Address
+                      schema:
+                        type: string
+                        required: true
+                        default: ""
+                    - variable: trustForwardHeader
+                      label: trustForwardHeader
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: tls
+                      label: TLS
+                      schema:
+                        additional_attrs: true
+                        type: dict
+                        attrs:
+                          - variable: insecureSkipVerify
+                            label: insecureSkipVerify (expert)
+                            description: >-
+                              This disables all TLS certificate validation on communications with the authentication endpoint.
+                              This could be a security risk and should only be used if you know what you are doing.
+                            schema:
+                              type: boolean
+                              default: false
+                    - variable: authResponseHeadersRegex
+                      label: authResponseHeadersRegex
+                      schema:
+                        type: string
+                        default: ""
+                    - variable: authResponseHeaders
+                      label: authResponseHeaders
+                      schema:
+                        type: list
+                        default: []
+                        items:
+                          - variable: authResponseHeadersEntry
+                            label: ""
+                            schema:
+                              type: string
+                              default: ""
+                    - variable: authRequestHeaders
+                      label: authRequestHeaders
+                      schema:
+                        type: list
+                        default: []
+                        items:
+                          - variable: authRequestHeadersEntry
+                            label: ""
+                            schema:
+                              type: string
+                              default: ""
+        - variable: chain
+          label: Chain
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: chainEntry
+                label: ""
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      schema:
+                        type: string
+                        required: true
+                    - variable: middlewares
+                      label: Middlewares to Chain
+                      schema:
+                        type: list
+                        default: []
+                        items:
+                          - variable: name
+                            label: Name
+                            schema:
+                              type: string
+                              required: true
+                              default: ""
+        - variable: redirectScheme
+          label: redirectScheme
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: redirectSchemeEntry
+                label: ""
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      schema:
+                        type: string
+                        required: true
+                    - variable: scheme
+                      label: Scheme
+                      schema:
+                        type: string
+                        required: true
+                        default: https
+                        enum:
+                          - value: https
+                            description: https
+                          - value: http
+                            description: http
+                    - variable: permanent
+                      label: Permanent
+                      schema:
+                        type: boolean
+                        default: false
+        - variable: rateLimit
+          label: rateLimit
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: rateLimitEntry
+                label: ""
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      schema:
+                        type: string
+                        required: true
+                    - variable: average
+                      label: Average
+                      schema:
+                        type: int
+                        required: true
+                        default: 300
+                    - variable: burst
+                      label: Burst
+                      schema:
+                        type: int
+                        required: true
+                        default: 200
+        - variable: redirectRegex
+          label: redirectRegex
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: redirectRegexEntry
+                label: ""
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      schema:
+                        type: string
+                        required: true
+                    - variable: regex
+                      label: Regex
+                      schema:
+                        type: string
+                        required: true
+                        default: ""
+                    - variable: replacement
+                      label: Replacement
+                      schema:
+                        type: string
+                        required: true
+                        default: ""
+                    - variable: permanent
+                      label: Permanent
+                      schema:
+                        type: boolean
+                        default: false
+        - variable: stripPrefixRegex
+          label: stripPrefixRegex
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: stripPrefixRegexEntry
+                label: ""
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      schema:
+                        type: string
+                        required: true
+                    - variable: regex
+                      label: Regex
+                      schema:
+                        type: list
+                        default: []
+                        items:
+                          - variable: regexEntry
+                            label: Regex
+                            schema:
+                              type: string
+                              required: true
+                              default: ""
+        - variable: ipWhiteList
+          label: ipWhiteList
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: ipWhiteListEntry
+                label: ""
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      schema:
+                        type: string
+                        required: true
+                        default: ""
+                    - variable: sourceRange
+                      label: Source Range
+                      schema:
+                        type: list
+                        default: []
+                        items:
+                          - variable: sourceRangeEntry
+                            label: ""
+                            schema:
+                              type: string
+                              required: true
+                              default: ""
+                    - variable: ipStrategy
+                      label: IP Strategy
+                      schema:
+                        additional_attrs: true
+                        type: dict
+                        attrs:
+                          - variable: depth
+                            label: Depth
+                            schema:
+                              type: int
+                              required: true
+                          - variable: excludedIPs
+                            label: Excluded IPs
+                            schema:
+                              type: list
+                              default: []
+                              items:
+                                - variable: excludedIPsEntry
+                                  label: ""
+                                  schema:
+                                    type: string
+                                    required: true
+                                    default: ""
+        - variable: themePark
+          label: theme.park
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: themeParkEntry
+                label: ""
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      description: This is a 3rd party plugin and not maintained by TrueCharts,
+                        for more information go to <a href="https://github.com/packruler/traefik-themepark">traefik-themepark</a>
+                      schema:
+                        type: string
+                        required: true
+                        default: ""
+                    - variable: appName
+                      label: App Name
+                      description: Lower case, name of the app to be themed.
+                        <br />Go to <a href="https://docs.theme-park.dev/themes/">https://docs.theme-park.dev/themes/</a> to see supported apps.
+                      schema:
+                        type: string
+                        required: true
+                        default: ""
+                    - variable: themeName
+                      label: Theme Name
+                      description: Lower case, name of the theme to be applied.
+                        <br />Go to <a href="https://docs.theme-park.dev/theme-options/">https://docs.theme-park.dev/theme-options/</a> to see supported themes.
+                      schema:
+                        type: string
+                        required: true
+                        default: ""
+                    - variable: baseUrl
+                      label: Base URL
+                      description: Replace `https://theme-park.dev` URL for self-hosting reference.
+                      schema:
+                        type: string
+                        required: true
+                        default: https://theme-park.dev
+                    - variable: addons
+                      label: Addons
+                      schema:
+                        type: list
+                        default: []
+                        items:
+                          - variable: addonEntry
+                            label: Addon
+                            description: Currently only supports 'darker' and '4k-logo' for *arr apps.
+                              <br />Go to <a href="https://docs.theme-park.dev/themes/addons/">https://docs.theme-park.dev/themes/addons/</a> for Addon information.
+                              <br />Go to <a href="https://github.com/packruler/traefik-themepark">https://github.com/packruler/traefik-themepark</a> for more context on plugin
+                            schema:
+                              type: string
+                              required: true
+                              default: ""
+        - variable: realIP
+          label: Real IP
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: realIPEntry
+                label: ""
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      schema:
+                        type: string
+                        required: true
+                        default: ""
+                    - variable: excludedNetworks
+                      label: Excluded Networks
+                      schema:
+                        type: list
+                        default: []
+                        items:
+                          - variable: excludedNetEntry
+                            label: Excluded Network Entry
+                            description: Network to exclude setting it to X-Real-Ip
+                            schema:
+                              type: string
+                              required: true
+                              default: ""
+        - variable: geoBlock
+          label: GeoBlock
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: geoBlockEntry
+                label: ""
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      description: This is a 3rd party plugin and not maintained by TrueCharts,
+                        for more information go to <a href="https://github.com/PascalMinder/geoblock">geoblock</a>
+                      schema:
+                        type: string
+                        required: true
+                        default: ""
+                    - variable: allowLocalRequests
+                      label: Allow Local Requests
+                      description: If set to true, will not block request from Private IP Ranges
+                      schema:
+                        type: boolean
+                        default: true
+                    - variable: logLocalRequests
+                      label: Log Local Requests
+                      description: If set to true, will log every connection from any IP in the private IP range
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: logAllowedRequests
+                      label: Log Allowed Requests
+                      description: If set to true, will show a log message with the IP and the country of origin if a request is allowed.
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: logApiRequests
+                      label: Log API Requests
+                      description: If set to true, will show a log message for every API hit.
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: api
+                      label: API
+                      description: Defines the API URL for the IP to Country resolution. The IP to fetch can be added with {ip} to the URL.
+                      schema:
+                        type: string
+                        required: true
+                        default: https://get.geojs.io/v1/ip/country/{ip}
+                    - variable: apiTimeoutMs
+                      label: API Timeout in ms
+                      description: Timeout for the call to the api uri.
+                      schema:
+                        type: int
+                        required: true
+                        default: 500
+                    - variable: cacheSize
+                      label: Cache Size
+                      description: Defines the max size of the LRU (least recently used) cache.
+                      schema:
+                        type: int
+                        required: true
+                        default: 25
+                    - variable: forceMonthlyUpdate
+                      label: Force Monthly Update
+                      description: Even if an IP stays in the cache for a period of a month (about 30 x 24 hours), it must be fetch again after a month.
+                      schema:
+                        type: boolean
+                        default: true
+                    - variable: allowUnknownCountries
+                      label: Allow Unknown Countries
+                      description: Some IP addresses have no country associated with them. If this option is set to true, all IPs with no associated country are also allowed.
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: unknownCountryApiResponse
+                      label: Unknown Countries API Response
+                      description: The API uri can be customized. This options allows to customize the response string of the API when a IP with no associated country is requested.
+                      schema:
+                        type: string
+                        required: true
+                        default: nil
+                    - variable: blackListMode
+                      label: Blacklist Mode
+                      description: When set to true the filter logic is inverted, i.e. requests originating from countries listed in the countries list are blocked.
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: countries
+                      description: Country codes (2 characters) from which connections to the service should be allowed or blocked, based on the mode.
+                      label: Countries
+                      schema:
+                        type: list
+                        default: []
+                        items:
+                          - variable: countryEntry
+                            label: Country
+                            description: Country codes (2 characters) from which connections to the service should be allowed or blocked, based on the mode.
+                            schema:
+                              type: string
+                              required: true
+                              # Allow only 2 Characters
+                              valid_chars: '^[a-zA-Z]{2}$'
+                              default: ""
+        - variable: addPrefix
+          label: Add Prefix
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: addPrefixEntry
+                label: ""
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      schema:
+                        type: string
+                        required: true
+                        default: ""
+                    - variable: prefix
+                      label: Prefix
+                      schema:
+                        type: string
+                        required: true
+                        default: ""
+  - variable: service
+    group: "Networking and Services"
+    label: "Configure Service Entrypoint"
+    schema:
+      additional_attrs: true
+      type: dict
+      attrs:
+        - variable: main
+          label: "Main Service"
+          description: "The Primary service on which the healthcheck runs, often the webUI"
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              - variable: enabled
+                label: Enable the Service
+                schema:
+                  type: boolean
+                  default: true
+                  hidden: true
+              - variable: type
+                label: Service Type
+                description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+                schema:
+                  type: string
+                  default: LoadBalancer
+                  enum:
+                    - value: LoadBalancer
+                      description: LoadBalancer (Expose Ports)
+                    - value: ClusterIP
+                      description: ClusterIP (Do Not Expose Ports)
+              - variable: loadBalancerIP
+                label: LoadBalancer IP
+                description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+                schema:
+                  show_if: [["type", "=", "LoadBalancer"]]
+                  type: string
+                  default: ""
+              - variable: ports
+                label: "Service's Port(s) Configuration"
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  attrs:
+                    - variable: main
+                      label: "Main Entrypoint Configuration"
+                      schema:
+                        additional_attrs: true
+                        type: dict
+                        attrs:
+                          - variable: port
+                            label: "Entrypoints Port"
+                            schema:
+                              type: int
+                              default: 9000
+                              required: true
+        - variable: tcp
+          label: "TCP Service"
+          description: "The tcp Entrypoint service"
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              - variable: enabled
+                label: Enable the Service
+                schema:
+                  type: boolean
+                  default: true
+                  hidden: true
+              - variable: type
+                label: Service Type
+                description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+                schema:
+                  type: string
+                  default: LoadBalancer
+                  enum:
+                    - value: LoadBalancer
+                      description: LoadBalancer (Expose Ports)
+                    - value: ClusterIP
+                      description: ClusterIP (Do Not Expose Ports)
+              - variable: loadBalancerIP
+                label: LoadBalancer IP
+                description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+                schema:
+                  show_if: [["type", "=", "LoadBalancer"]]
+                  type: string
+                  default: ""
+              - variable: ports
+                label: "Service's Port(s) Configuration"
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  attrs:
+                    - variable: web
+                      label: "web Entrypoint Configuration"
+                      schema:
+                        additional_attrs: true
+                        type: dict
+                        attrs:
+                          - variable: port
+                            label: "Entrypoints Port"
+                            schema:
+                              type: int
+                              default: 9080
+                              required: true
+                          - variable: advanced
+                            label: Show Advanced Settings
+                            schema:
+                              type: boolean
+                              default: false
+                              show_subquestions_if: true
+                              subquestions:
+                                - variable: redirectPort
+                                  label: "Redirect to Port"
+                                  schema:
+                                    type: int
+                                - variable: redirectTo
+                                  label: "Redirect to Entrypoint"
+                                  schema:
+                                    type: string
+                                    default: "websecure"
+                          - variable: forwardedHeaders
+                            label: Accept Forwarded Headers
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              attrs:
+                                - variable: enabled
+                                  label: Enable
+                                  schema:
+                                    type: boolean
+                                    default: false
+                                    show_subquestions_if: true
+                                    subquestions:
+                                      - variable: trustedIPs
+                                        label: Trusted IPs
+                                        description: Trust Forwarded Headers from specific IPs.
+                                        schema:
+                                          type: list
+                                          default: []
+                                          items:
+                                            - variable: trustedIPsEntry
+                                              label: ""
+                                              schema:
+                                                type: string
+                                                required: true
+                                                default: ""
+                                      - variable: insecureMode
+                                        label: Insecure Mode
+                                        description: Always Trust Forwarded Headers
+                                        schema:
+                                          type: boolean
+                                          default: false
+                          - variable: proxyProtocol
+                            label: Accept Proxy Protocol connections
+                            description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers.
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              attrs:
+                                - variable: enabled
+                                  label: Enable
+                                  schema:
+                                    type: boolean
+                                    default: false
+                                    show_subquestions_if: true
+                                    subquestions:
+                                      - variable: trustedIPs
+                                        label: Trusted IPs
+                                        description: Only IPs in trustedIPs will lead to remote client address replacement
+                                        schema:
+                                          type: list
+                                          default: []
+                                          items:
+                                            - variable: trustedIPsEntry
+                                              label: ""
+                                              schema:
+                                                type: string
+                                                required: true
+                                                default: ""
+                                      - variable: insecureMode
+                                        label: Insecure Mode
+                                        description: Trust every incoming connection
+                                        schema:
+                                          type: boolean
+                                          default: false
+                    - variable: websecure
+                      label: "websecure Entrypoints Configuration"
+                      schema:
+                        additional_attrs: true
+                        type: dict
+                        attrs:
+                          - variable: port
+                            label: "Entrypoints Port"
+                            schema:
+                              type: int
+                              default: 9443
+                              required: true
+                          - variable: advanced
+                            label: Show Advanced Settings
+                            schema:
+                              type: boolean
+                              default: false
+                              show_subquestions_if: true
+                              subquestions:
+                                - variable: redirectPort
+                                  label: "Redirect to Port"
+                                  schema:
+                                    type: int
+                                - variable: redirectTo
+                                  label: "Redirect to Entrypoint"
+                                  schema:
+                                    type: string
+                          - variable: forwardedHeaders
+                            label: Accept Forwarded Headers
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              attrs:
+                                - variable: enabled
+                                  label: Enable
+                                  schema:
+                                    type: boolean
+                                    default: false
+                                    show_subquestions_if: true
+                                    subquestions:
+                                      - variable: trustedIPs
+                                        label: Trusted IPs
+                                        description: Trust Forwarded Headers from specific IPs.
+                                        schema:
+                                          type: list
+                                          default: []
+                                          items:
+                                            - variable: trustedIPsEntry
+                                              label: ""
+                                              schema:
+                                                type: string
+                                                required: true
+                                                default: ""
+                                      - variable: insecureMode
+                                        label: Insecure Mode
+                                        description: Always Trust Forwarded Headers
+                                        schema:
+                                          type: boolean
+                                          default: false
+                          - variable: proxyProtocol
+                            label: Accept Proxy Protocol connections
+                            description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers.
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              attrs:
+                                - variable: enabled
+                                  label: Enable
+                                  schema:
+                                    type: boolean
+                                    default: false
+                                    show_subquestions_if: true
+                                    subquestions:
+                                      - variable: trustedIPs
+                                        label: Trusted IPs
+                                        description: Only IPs in trustedIPs will lead to remote client address replacement
+                                        schema:
+                                          type: list
+                                          default: []
+                                          items:
+                                            - variable: trustedIPsEntry
+                                              label: ""
+                                              schema:
+                                                type: string
+                                                required: true
+                                                default: ""
+                                      - variable: insecureMode
+                                        label: Insecure Mode
+                                        description: Trust every incoming connection
+                                        schema:
+                                          type: boolean
+                                          default: false
+                          - variable: tls
+                            label: "websecure Entrypoints Configuration"
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              hidden: true
+                              attrs:
+                                - variable: enabled
+                                  label: "Enabled"
+                                  schema:
+                                    type: boolean
+                                    default: true
+                                    hidden: true
+              - variable: portsList
+                label: "Additional TCP Entrypoints"
+                schema:
+                  type: list
+                  default: []
+                  items:
+                    - variable: portsListEntry
+                      label: "Custom Entrypoints"
+                      schema:
+                        additional_attrs: true
+                        type: dict
+                        attrs:
+                          - variable: enabled
+                            label: "Enable the port"
+                            schema:
+                              type: boolean
+                              default: true
+                              hidden: true
+                          - variable: name
+                            label: "Entrypoints Name"
+                            schema:
+                              type: string
+                              default: ""
+                          - variable: protocol
+                            label: "Entrypoints Type"
+                            schema:
+                              type: string
+                              default: "tcp"
+                              enum:
+                                - value: http
+                                  description: "HTTP"
+                                - value: "https"
+                                  description: "HTTPS"
+                                - value: tcp
+                                  description: "TCP"
+                          - variable: port
+                            label: "Port"
+                            description: "This port exposes the container port on the service"
+                            schema:
+                              type: int
+                              required: true
+                          - variable: tls
+                            label: "websecure Entrypoints Configuration"
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              attrs:
+                                - variable: enabled
+                                  label: "Enabled"
+                                  schema:
+                                    type: boolean
+                                    default: true
+                                - variable: redirectPort
+                                  label: "Redirect to Port"
+                                  schema:
+                                    type: int
+                                - variable: redirectTo
+                                  label: "Redirect to Entrypoint"
+                                  schema:
+                                    type: string
+                          - variable: forwardedHeaders
+                            label: Accept Forwarded Headers
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              attrs:
+                                - variable: enabled
+                                  label: Enable
+                                  schema:
+                                    type: boolean
+                                    default: false
+                                    show_subquestions_if: true
+                                    subquestions:
+                                      - variable: trustedIPs
+                                        label: Trusted IPs
+                                        description: Trust Forwarded Headers from specific IPs.
+                                        schema:
+                                          type: list
+                                          default: []
+                                          items:
+                                            - variable: trustedIPsEntry
+                                              label: ""
+                                              schema:
+                                                type: string
+                                                required: true
+                                                default: ""
+                                      - variable: insecureMode
+                                        label: Insecure Mode
+                                        description: Always Trust Forwarded Headers
+                                        schema:
+                                          type: boolean
+                                          default: false
+                          - variable: proxyProtocol
+                            label: Accept Proxy Protocol connections
+                            description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers.
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              attrs:
+                                - variable: enabled
+                                  label: Enable
+                                  schema:
+                                    type: boolean
+                                    default: false
+                                    show_subquestions_if: true
+                                    subquestions:
+                                      - variable: trustedIPs
+                                        label: Trusted IPs
+                                        description: Only IPs in trustedIPs will lead to remote client address replacement
+                                        schema:
+                                          type: list
+                                          default: []
+                                          items:
+                                            - variable: trustedIPsEntry
+                                              label: ""
+                                              schema:
+                                                type: string
+                                                required: true
+                                                default: ""
+                                      - variable: insecureMode
+                                        label: Insecure Mode
+                                        description: Trust every incoming connection
+                                        schema:
+                                          type: boolean
+                                          default: false
+  - variable: ingress
+    label: ""
+    group: Ingress
+    schema:
+      additional_attrs: true
+      type: dict
+      attrs:
+        - variable: main
+          label: "Main Ingress"
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              - variable: enabled
+                label: Enable Ingress
+                schema:
+                  type: boolean
+                  default: false
+                  show_subquestions_if: true
+                  subquestions:
+                    - variable: hosts
+                      label: Hosts
+                      schema:
+                        type: list
+                        default: []
+                        items:
+                          - variable: hostEntry
+                            label: Host
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              attrs:
+                                - variable: host
+                                  label: HostName
+                                  schema:
+                                    type: string
+                                    default: ""
+                                    required: true
+                                - variable: paths
+                                  label: Paths
+                                  schema:
+                                    type: list
+                                    default: []
+                                    items:
+                                      - variable: pathEntry
+                                        label: Host
+                                        schema:
+                                          additional_attrs: true
+                                          type: dict
+                                          attrs:
+                                            - variable: path
+                                              label: Path
+                                              schema:
+                                                type: string
+                                                required: true
+                                                default: "/"
+                                            - variable: pathType
+                                              label: Path Type
+                                              schema:
+                                                type: string
+                                                required: true
+                                                default: Prefix
+                    - variable: certificateIssuer
+                      label: Cert-Manager clusterIssuer
+                      description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+                      schema:
+                        type: string
+                        default: ""
+                    - variable: middlewares
+                      label: Traefik Middlewares
+                      description: Add previously created Traefik Middlewares to this Ingress
+                      schema:
+                        type: list
+                        default: []
+                        items:
+                          - variable: name
+                            label: Name
+                            schema:
+                              type: string
+                              default: ""
+                              required: true
+                    - variable: advanced
+                      label: Show Advanced Settings
+                      description: Advanced settings are not covered by TrueCharts Support
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: entrypoint
+                      label: (Advanced) Traefik Entrypoint
+                      description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+                      schema:
+                        type: string
+                        default: websecure
+                        show_if: [["advanced", "=", true]]
+                        required: true
+                    - variable: ingressClassName
+                      label: (Advanced/Optional) IngressClass Name
+                      schema:
+                        type: string
+                        show_if: [["advanced", "=", true]]
+                        default: ""
+                    - variable: tls
+                      label: TLS-Settings
+                      schema:
+                        type: list
+                        show_if: [["advanced", "=", true]]
+                        default: []
+                        items:
+                          - variable: tlsEntry
+                            label: Host
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              attrs:
+                                - variable: hosts
+                                  label: Certificate Hosts
+                                  schema:
+                                    type: list
+                                    default: []
+                                    items:
+                                      - variable: host
+                                        label: Host
+                                        schema:
+                                          type: string
+                                          default: ""
+                                          required: true
+
+                                - variable: certificateIssuer
+                                  label: Use Cert-Manager clusterIssuer
+                                  description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
+                                  schema:
+                                    type: string
+                                    default: ""
+                                - variable: scaleCert
+                                  label: Use TrueNAS SCALE Certificate (Deprecated)
+                                  schema:
+                                    show_if: [["certificateIssuer", "=", ""]]
+                                    type: int
+                                    $ref:
+                                      - "definitions/certificate"
+                                - variable: secretName
+                                  label: Use Custom Secret (Advanced)
+                                  schema:
+                                    show_if: [["certificateIssuer", "=", ""]]
+                                    type: string
+                                    default: ""
+  - variable: ingressList
+    label: Add Manual Custom Ingresses
+    group: Ingress
+    schema:
+      type: list
+      default: []
+      items:
+        - variable: ingressListEntry
+          label: Custom Ingress
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              - variable: enabled
+                label: Enable Ingress
+                schema:
+                  type: boolean
+                  default: true
+                  hidden: true
+              - variable: name
+                label: Name
+                schema:
+                  type: string
+                  default: ""
+              - variable: ingressClassName
+                label: IngressClass Name
+                schema:
+                  type: string
+                  default: ""
+              - variable: hosts
+                label: Hosts
+                schema:
+                  type: list
+                  default: []
+                  items:
+                    - variable: hostEntry
+                      label: Host
+                      schema:
+                        additional_attrs: true
+                        type: dict
+                        attrs:
+                          - variable: host
+                            label: HostName
+                            schema:
+                              type: string
+                              default: ""
+                              required: true
+                          - variable: paths
+                            label: Paths
+                            schema:
+                              type: list
+                              default: []
+                              items:
+                                - variable: pathEntry
+                                  label: Host
+                                  schema:
+                                    additional_attrs: true
+                                    type: dict
+                                    attrs:
+                                      - variable: path
+                                        label: Path
+                                        schema:
+                                          type: string
+                                          required: true
+                                          default: "/"
+                                      - variable: pathType
+                                        label: Path Type
+                                        schema:
+                                          type: string
+                                          required: true
+                                          default: Prefix
+                                      - variable: service
+                                        label: Linked Service
+                                        schema:
+                                          additional_attrs: true
+                                          type: dict
+                                          attrs:
+                                            - variable: name
+                                              label: Service Name
+                                              schema:
+                                                type: string
+                                                default: ""
+                                            - variable: port
+                                              label: Service Port
+                                              schema:
+                                                type: int
+              - variable: clusterIssuer
+                label: clusterIssuer
+                description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+                schema:
+                  type: string
+                  default: ""
+              - variable: tls
+                label: TLS-Settings
+                schema:
+                  type: list
+                  default: []
+                  show_if: [["clusterIssuer", "=", ""]]
+                  items:
+                    - variable: tlsEntry
+                      label: Host
+                      schema:
+                        additional_attrs: true
+                        type: dict
+                        attrs:
+                          - variable: hosts
+                            label: Certificate Hosts
+                            schema:
+                              type: list
+                              default: []
+                              items:
+                                - variable: host
+                                  label: Host
+                                  schema:
+                                    type: string
+                                    default: ""
+                                    required: true
+                          - variable: clusterIssuer
+                            label: Use Cert-Manager clusterIssuer
+                            description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.'
+                            schema:
+                              type: string
+                              default: ""
+                          - variable: scaleCert
+                            label: Use TrueNAS SCALE Certificate (Deprecated)
+                            schema:
+                              show_if: [["clusterIssuer", "=", ""]]
+                              type: int
+                              $ref:
+                                - "definitions/certificate"
+                          - variable: secretName
+                            label: Use Custom Secret (Advanced)
+                            schema:
+                              type: string
+                              show_if: [["clusterIssuer", "=", ""]]
+                              default: ""
+              - variable: entrypoint
+                label: Traefik Entrypoint
+                description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+                schema:
+                  type: string
+                  default: websecure
+                  required: true
+              - variable: middlewares
+                label: Traefik Middlewares
+                description: Add previously created Traefik Middlewares to this Ingress
+                schema:
+                  type: list
+                  default: []
+                  items:
+                    - variable: name
+                      label: Name
+                      schema:
+                        type: string
+                        default: ""
+                        required: true
+  - variable: securityContext
+    group: Security and Permissions
+    label: Security Context
+    schema:
+      additional_attrs: true
+      type: dict
+      attrs:
+        - variable: container
+          label: Container
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              # Settings from questions.yaml get appended here on a per-app basis
+              - variable: runAsUser
+                label: "runAsUser"
+                description: "The UserID of the user running the application"
+                schema:
+                  type: int
+                  default: 568
+              - variable: runAsGroup
+                label: "runAsGroup"
+                description: "The groupID of the user running the application"
+                schema:
+                  type: int
+                  default: 568
+              # Settings from questions.yaml get appended here on a per-app basis
+              - variable: PUID
+                label: Process User ID - PUID
+                description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps
+                schema:
+                  type: int
+                  show_if: [["runAsUser", "=", 0]]
+                  default: 568
+              - variable: UMASK
+                label: UMASK
+                description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps
+                schema:
+                  type: string
+                  default: "0022"
+              - variable: advanced
+                label: Show Advanced Settings
+                description: Advanced settings are not covered by TrueCharts Support
+                schema:
+                  type: boolean
+                  default: false
+                  show_subquestions_if: true
+                  subquestions:
+                    - variable: privileged
+                      label: "Privileged mode"
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: readOnlyRootFilesystem
+                      label: "ReadOnly Root Filesystem"
+                      schema:
+                        type: boolean
+                        default: true
+        - variable: pod
+          label: Pod
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              - variable: fsGroupChangePolicy
+                label: "When should we take ownership?"
+                schema:
+                  type: string
+                  default: OnRootMismatch
+                  enum:
+                    - value: OnRootMismatch
+                      description: OnRootMismatch
+                    - value: Always
+                      description: Always
+              - variable: supplementalGroups
+                label: Supplemental Groups
+                schema:
+                  type: list
+                  default: []
+                  items:
+                    - variable: supplementalGroupsEntry
+                      label: Supplemental Group
+                      schema:
+                        type: int
+              # Settings from questions.yaml get appended here on a per-app basis
+              - variable: fsGroup
+                label: "fsGroup"
+                description: "The group that should own ALL storage."
+                schema:
+                  type: int
+                  default: 568
+
+  - variable: resources
+    group: Resources and Devices
+    label: "Resource Limits"
+    schema:
+      additional_attrs: true
+      type: dict
+      attrs:
+        - variable: limits
+          label: Advanced Limit Resource Consumption
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              - variable: cpu
+                label: CPU
+                description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
+                schema:
+                  type: string
+                  default: 4000m
+                  valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+              - variable: memory
+                label: RAM
+                description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
+                schema:
+                  type: string
+                  default: 8Gi
+                  valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+        - variable: requests
+          label: "Minimum Resources Required (request)"
+          schema:
+            additional_attrs: true
+            type: dict
+            hidden: true
+            attrs:
+              - variable: cpu
+                label: CPU
+                description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
+                schema:
+                  type: string
+                  default: 10m
+                  hidden: true
+                  valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+              - variable: memory
+                label: "RAM"
+                description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
+                schema:
+                  type: string
+                  default: 50Mi
+                  hidden: true
+                  valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+  - variable: deviceList
+    label: Mount USB Devices
+    group: Resources and Devices
+    schema:
+      type: list
+      default: []
+      items:
+        - variable: deviceListEntry
+          label: Device
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              - variable: enabled
+                label: Enable the Storage
+                schema:
+                  type: boolean
+                  default: true
+              - variable: type
+                label: (Advanced) Type of Storage
+                description: Sets the persistence type
+                schema:
+                  type: string
+                  default: device
+                  hidden: true
+              - variable: readOnly
+                label: readOnly
+                schema:
+                  type: boolean
+                  default: false
+              - variable: hostPath
+                label: Host Device Path
+                description: Path to the device on the host system
+                schema:
+                  type: path
+              - variable: mountPath
+                label: Container Device Path
+                description: Path inside the container the device is mounted
+                schema:
+                  type: string
+                  default: "/dev/ttyACM0"
+  - variable: scaleGPU
+    label: GPU Configuration
+    group: Resources and Devices
+    schema:
+      type: list
+      default: []
+      items:
+        - variable: scaleGPUEntry
+          label: GPU
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              # Specify GPU configuration
+              - variable: gpu
+                label: Select GPU
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  $ref:
+                    - "definitions/gpuConfiguration"
+                  attrs: []
+              - variable: workaround
+                label: "Workaround"
+                schema:
+                  type: string
+                  default: workaround
+                  hidden: true
+  - variable: metrics
+    group: Metrics
+    label: Prometheus Metrics
+    schema:
+      additional_attrs: true
+      type: dict
+      attrs:
+        - variable: main
+          label: Main Metrics
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              - variable: enabled
+                label: Enabled
+                description: Enable Prometheus Metrics
+                schema:
+                  type: boolean
+                  default: false
+                  show_subquestions_if: true
+                  subquestions:
+                    - variable: prometheusRule
+                      label: PrometheusRule
+                      description: Enable and configure Prometheus Rules for the App.
+                      schema:
+                        additional_attrs: true
+                        type: dict
+                        attrs:
+                          - variable: enabled
+                            label: Enabled
+                            description: Enable Prometheus Metrics
+                            schema:
+                              type: boolean
+                              default: false
+                          # TODO: Rule List section
+#  - variable: horizontalPodAutoscaler
+#    group: Advanced
+#    label: (Advanced) Horizontal Pod Autoscaler
+#    schema:
+#      type: list
+#      default: []
+#      items:
+#      - variable: hpaEntry
+#        label: HPA Entry
+#        schema:
+#          additional_attrs: true
+#          type: dict
+#          attrs:
+#            - variable: name
+#              label: Name
+#              schema:
+#                type: string
+#                required: true
+#                default: ""
+#            - variable: enabled
+#              label: Enabled
+#              schema:
+#                type: boolean
+#                default: false
+#                show_subquestions_if: true
+#                subquestions:
+#                  - variable: target
+#                    label: Target
+#                    description: Deployment name, Defaults to Main Deployment
+#                    schema:
+#                      type: string
+#                      default: ""
+#                  - variable: minReplicas
+#                    label: Minimum Replicas
+#                    schema:
+#                      type: int
+#                      default: 1
+#                  - variable: maxReplicas
+#                    label: Maximum Replicas
+#                    schema:
+#                      type: int
+#                      default: 5
+#                  - variable: targetCPUUtilizationPercentage
+#                    label: Target CPU Utilization Percentage
+#                    schema:
+#                      type: int
+#                      default: 80
+#                  - variable: targetMemoryUtilizationPercentage
+#                    label: Target Memory Utilization Percentage
+#                    schema:
+#                      type: int
+#                      default: 80
+  - variable: networkPolicy
+    group: Advanced
+    label: (Advanced) Network Policy
+    schema:
+      type: list
+      default: []
+      items:
+      - variable: netPolicyEntry
+        label: Network Policy Entry
+        schema:
+          additional_attrs: true
+          type: dict
+          attrs:
+            - variable: name
+              label: Name
+              schema:
+                type: string
+                required: true
+                default: ""
+            - variable: enabled
+              label: Enabled
+              schema:
+                type: boolean
+                default: false
+                show_subquestions_if: true
+                subquestions:
+                  - variable: policyType
+                    label: Policy Type
+                    schema:
+                      type: string
+                      default: ""
+                      enum:
+                        - value: ""
+                          description: Default
+                        - value: ingress
+                          description: Ingress
+                        - value: egress
+                          description: Egress
+                        - value: ingress-egress
+                          description: Ingress and Egress
+                  - variable: egress
+                    label: Egress
+                    schema:
+                      type: list
+                      default: []
+                      items:
+                        - variable: egressEntry
+                          label: ""
+                          schema:
+                            additional_attrs: true
+                            type: dict
+                            attrs:
+                              - variable: to
+                                label: To
+                                schema:
+                                  type: list
+                                  default: []
+                                  items:
+                                    - variable: toEntry
+                                      label: ""
+                                      schema:
+                                        additional_attrs: true
+                                        type: dict
+                                        attrs:
+                                          - variable: ipBlock
+                                            label: IP Block
+                                            schema:
+                                              additional_attrs: true
+                                              type: dict
+                                              attrs:
+                                                - variable: cidr
+                                                  label: CIDR
+                                                  schema:
+                                                    type: string
+                                                    default: ""
+                                                - variable: except
+                                                  label: Except
+                                                  schema:
+                                                    type: list
+                                                    default: []
+                                                    items:
+                                                      - variable: exceptint
+                                                        label: ""
+                                                        schema:
+                                                          type: string
+                                          - variable: namespaceSelector
+                                            label: Namespace Selector
+                                            schema:
+                                              additional_attrs: true
+                                              type: dict
+                                              attrs:
+                                                - variable: matchExpressions
+                                                  label: Match Expressions
+                                                  schema:
+                                                    type: list
+                                                    default: []
+                                                    items:
+                                                      - variable: expressionEntry
+                                                        label: ""
+                                                        schema:
+                                                          additional_attrs: true
+                                                          type: dict
+                                                          attrs:
+                                                            - variable: key
+                                                              label: Key
+                                                              schema:
+                                                                type: string
+                                                            - variable: operator
+                                                              label: Operator
+                                                              schema:
+                                                                type: string
+                                                                default: TCP
+                                                                enum:
+                                                                  - value: In
+                                                                    description: In
+                                                                  - value: NotIn
+                                                                    description: NotIn
+                                                                  - value: Exists
+                                                                    description: Exists
+                                                                  - value: DoesNotExist
+                                                                    description: DoesNotExist
+                                                            - variable: values
+                                                              label: Values
+                                                              schema:
+                                                                type: list
+                                                                default: []
+                                                                items:
+                                                                  - variable: value
+                                                                    label: ""
+                                                                    schema:
+                                                                      type: string
+                                          - variable: podSelector
+                                            label: ""
+                                            schema:
+                                              additional_attrs: true
+                                              type: dict
+                                              attrs:
+                                                - variable: matchExpressions
+                                                  label: Match Expressions
+                                                  schema:
+                                                    type: list
+                                                    default: []
+                                                    items:
+                                                      - variable: expressionEntry
+                                                        label: ""
+                                                        schema:
+                                                          additional_attrs: true
+                                                          type: dict
+                                                          attrs:
+                                                            - variable: key
+                                                              label: Key
+                                                              schema:
+                                                                type: string
+                                                            - variable: operator
+                                                              label: Operator
+                                                              schema:
+                                                                type: string
+                                                                default: TCP
+                                                                enum:
+                                                                  - value: In
+                                                                    description: In
+                                                                  - value: NotIn
+                                                                    description: NotIn
+                                                                  - value: Exists
+                                                                    description: Exists
+                                                                  - value: DoesNotExist
+                                                                    description: DoesNotExist
+                                                            - variable: values
+                                                              label: Values
+                                                              schema:
+                                                                type: list
+                                                                default: []
+                                                                items:
+                                                                  - variable: value
+                                                                    label: ""
+                                                                    schema:
+                                                                      type: string
+                              - variable: ports
+                                label: Ports
+                                schema:
+                                  type: list
+                                  default: []
+                                  items:
+                                    - variable: portsEntry
+                                      label: ""
+                                      schema:
+                                        additional_attrs: true
+                                        type: dict
+                                        attrs:
+                                          - variable: port
+                                            label: Port
+                                            schema:
+                                              type: int
+                                          - variable: endPort
+                                            label: End Port
+                                            schema:
+                                              type: int
+                                          - variable: protocol
+                                            label: Protocol
+                                            schema:
+                                              type: string
+                                              default: TCP
+                                              enum:
+                                                - value: TCP
+                                                  description: TCP
+                                                - value: UDP
+                                                  description: UDP
+                                                - value: SCTP
+                                                  description: SCTP
+                  - variable: ingress
+                    label: Ingress
+                    schema:
+                      type: list
+                      default: []
+                      items:
+                        - variable: ingressEntry
+                          label: ""
+                          schema:
+                            additional_attrs: true
+                            type: dict
+                            attrs:
+                              - variable: from
+                                label: From
+                                schema:
+                                  type: list
+                                  default: []
+                                  items:
+                                    - variable: fromEntry
+                                      label: ""
+                                      schema:
+                                        additional_attrs: true
+                                        type: dict
+                                        attrs:
+                                          - variable: ipBlock
+                                            label: IP Block
+                                            schema:
+                                              additional_attrs: true
+                                              type: dict
+                                              attrs:
+                                                - variable: cidr
+                                                  label: CIDR
+                                                  schema:
+                                                    type: string
+                                                    default: ""
+                                                - variable: except
+                                                  label: Except
+                                                  schema:
+                                                    type: list
+                                                    default: []
+                                                    items:
+                                                      - variable: exceptint
+                                                        label: ""
+                                                        schema:
+                                                          type: string
+                                          - variable: namespaceSelector
+                                            label: Namespace Selector
+                                            schema:
+                                              additional_attrs: true
+                                              type: dict
+                                              attrs:
+                                                - variable: matchExpressions
+                                                  label: Match Expressions
+                                                  schema:
+                                                    type: list
+                                                    default: []
+                                                    items:
+                                                      - variable: expressionEntry
+                                                        label: ""
+                                                        schema:
+                                                          additional_attrs: true
+                                                          type: dict
+                                                          attrs:
+                                                            - variable: key
+                                                              label: Key
+                                                              schema:
+                                                                type: string
+                                                            - variable: operator
+                                                              label: Operator
+                                                              schema:
+                                                                type: string
+                                                                default: TCP
+                                                                enum:
+                                                                  - value: In
+                                                                    description: In
+                                                                  - value: NotIn
+                                                                    description: NotIn
+                                                                  - value: Exists
+                                                                    description: Exists
+                                                                  - value: DoesNotExist
+                                                                    description: DoesNotExist
+                                                            - variable: values
+                                                              label: Values
+                                                              schema:
+                                                                type: list
+                                                                default: []
+                                                                items:
+                                                                  - variable: value
+                                                                    label: ""
+                                                                    schema:
+                                                                      type: string
+                                          - variable: podSelector
+                                            label: ""
+                                            schema:
+                                              additional_attrs: true
+                                              type: dict
+                                              attrs:
+                                                - variable: matchExpressions
+                                                  label: Match Expressions
+                                                  schema:
+                                                    type: list
+                                                    default: []
+                                                    items:
+                                                      - variable: expressionEntry
+                                                        label: ""
+                                                        schema:
+                                                          additional_attrs: true
+                                                          type: dict
+                                                          attrs:
+                                                            - variable: key
+                                                              label: Key
+                                                              schema:
+                                                                type: string
+                                                            - variable: operator
+                                                              label: Operator
+                                                              schema:
+                                                                type: string
+                                                                default: TCP
+                                                                enum:
+                                                                  - value: In
+                                                                    description: In
+                                                                  - value: NotIn
+                                                                    description: NotIn
+                                                                  - value: Exists
+                                                                    description: Exists
+                                                                  - value: DoesNotExist
+                                                                    description: DoesNotExist
+                                                            - variable: values
+                                                              label: Values
+                                                              schema:
+                                                                type: list
+                                                                default: []
+                                                                items:
+                                                                  - variable: value
+                                                                    label: ""
+                                                                    schema:
+                                                                      type: string
+                              - variable: ports
+                                label: Ports
+                                schema:
+                                  type: list
+                                  default: []
+                                  items:
+                                    - variable: portsEntry
+                                      label: ""
+                                      schema:
+                                        additional_attrs: true
+                                        type: dict
+                                        attrs:
+                                          - variable: port
+                                            label: Port
+                                            schema:
+                                              type: int
+                                          - variable: endPort
+                                            label: End Port
+                                            schema:
+                                              type: int
+                                          - variable: protocol
+                                            label: Protocol
+                                            schema:
+                                              type: string
+                                              default: TCP
+                                              enum:
+                                                - value: TCP
+                                                  description: TCP
+                                                - value: UDP
+                                                  description: UDP
+                                                - value: SCTP
+                                                  description: SCTP
+  - variable: addons
+    group: Addons
+    label: ""
+    schema:
+      additional_attrs: true
+      type: dict
+      attrs:
+        - variable: codeserver
+          label: Codeserver
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              - variable: enabled
+                label: Enabled
+                schema:
+                  type: boolean
+                  default: false
+                  show_subquestions_if: true
+                  subquestions:
+                    - variable: service
+                      label: ""
+                      schema:
+                        additional_attrs: true
+                        type: dict
+                        attrs:
+                          - variable: type
+                            label: Service Type
+                            description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+                            schema:
+                              type: string
+                              default: LoadBalancer
+                              enum:
+                                - value: NodePort
+                                  description: Deprecated CHANGE THIS
+                                - value: ClusterIP
+                                  description: ClusterIP
+                                - value: LoadBalancer
+                                  description: LoadBalancer
+                          - variable: loadBalancerIP
+                            label: LoadBalancer IP
+                            description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+                            schema:
+                              show_if: [["type", "=", "LoadBalancer"]]
+                              type: string
+                              default: ""
+                          - variable: ports
+                            label: ""
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              attrs:
+                                - variable: codeserver
+                                  label: ""
+                                  schema:
+                                    additional_attrs: true
+                                    type: dict
+                                    attrs:
+                                      - variable: port
+                                        label: Port
+                                        schema:
+                                          type: int
+                                          default: 36107
+                    - variable: envList
+                      label: Codeserver Environment Variables
+                      schema:
+                        type: list
+                        show_if: [["type", "!=", "disabled"]]
+                        default: []
+                        items:
+                          - variable: envItem
+                            label: Environment Variable
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              attrs:
+                                - variable: name
+                                  label: Name
+                                  schema:
+                                    type: string
+                                    required: true
+                                - variable: value
+                                  label: Value
+                                  schema:
+                                    type: string
+                                    required: true
+        - variable: netshoot
+          label: Netshoot
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              - variable: enabled
+                label: Enabled
+                schema:
+                  type: boolean
+                  default: false
+                  show_subquestions_if: true
+                  subquestions:
+                    - variable: envList
+                      label: Netshoot Environment Variables
+                      schema:
+                        type: list
+                        show_if: [["type", "!=", "disabled"]]
+                        default: []
+                        items:
+                          - variable: envItem
+                            label: Environment Variable
+                            schema:
+                              additional_attrs: true
+                              type: dict
+                              attrs:
+                                - variable: name
+                                  label: Name
+                                  schema:
+                                    type: string
+                                    required: true
+                                - variable: value
+                                  label: Value
+                                  schema:
+                                    type: string
+                                    required: true
+        - variable: vpn
+          label: VPN
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              - variable: type
+                label: Type
+                schema:
+                  type: string
+                  default: disabled
+                  enum:
+                    - value: disabled
+                      description: disabled
+                    - value: gluetun
+                      description: Gluetun
+                    - value: tailscale
+                      description: Tailscale
+                    - value: openvpn
+                      description: OpenVPN (Deprecated)
+                    - value: wireguard
+                      description: Wireguard (Deprecated)
+              - variable: openvpn
+                label: OpenVPN Settings
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  show_if: [["type", "=", "openvpn"]]
+                  attrs:
+                    - variable: username
+                      label: Authentication Username (Optional)
+                      description: Authentication Username, Optional
+                      schema:
+                        type: string
+                        default: ""
+                    - variable: password
+                      label: Authentication Password
+                      description: Authentication Credentials
+                      schema:
+                        type: string
+                        show_if: [["username", "!=", ""]]
+                        default: ""
+                        required: true
+              - variable: tailscale
+                label: Tailscale Settings
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  show_if: [["type", "=", "tailscale"]]
+                  attrs:
+                    - variable: authkey
+                      label: Authentication Key
+                      description: Provide an auth key to automatically authenticate the node as your user account.
+                      schema:
+                        type: string
+                        private: true
+                        default: ""
+                    - variable: auth_once
+                      label: Auth Once
+                      description: Only attempt to log in if not already logged in.
+                      schema:
+                        type: boolean
+                        default: true
+                    - variable: accept_dns
+                      label: Accept DNS
+                      description: Accept DNS configuration from the admin console.
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: userspace
+                      label: Userspace
+                      description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device.
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: routes
+                      label: Routes
+                      description: Expose physical subnet routes to your entire Tailscale network.
+                      schema:
+                        type: string
+                        default: ""
+                    - variable: dest_ip
+                      label: Destination IP
+                      description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched.
+                      schema:
+                        type: string
+                        default: ""
+                    - variable: sock5_server
+                      label: Sock5 Server
+                      description: The address on which to listen for SOCKS5 proxying into the tailscale net.
+                      schema:
+                        type: string
+                        default: ""
+                    - variable: outbound_http_proxy_listen
+                      label: Outbound HTTP Proxy Listen
+                      description: The address on which to listen for HTTP proxying into the tailscale net.
+                      schema:
+                        type: string
+                        default: ""
+                    - variable: extra_args
+                      label: Extra Args
+                      description: Extra Args
+                      schema:
+                        type: string
+                        default: ""
+                    - variable: daemon_extra_args
+                      label: Tailscale Daemon Extra Args
+                      description: Tailscale Daemon Extra Args
+                      schema:
+                        type: string
+                        default: ""
+              - variable: killSwitch
+                label: Enable Killswitch
+                schema:
+                  type: boolean
+                  show_if: [["type", "!=", "disabled"]]
+                  default: true
+              - variable: excludedNetworks_IPv4
+                label: Killswitch Excluded IPv4 networks
+                description: List of Killswitch Excluded IPv4 Addresses
+                schema:
+                  type: list
+                  show_if: [["type", "!=", "disabled"]]
+                  default: []
+                  items:
+                    - variable: networkv4
+                      label: IPv4 Network
+                      schema:
+                        type: string
+                        required: true
+              - variable: excludedNetworks_IPv6
+                label: Killswitch Excluded IPv6 networks
+                description: "List of Killswitch Excluded IPv6 Addresses"
+                schema:
+                  type: list
+                  show_if: [["type", "!=", "disabled"]]
+                  default: []
+                  items:
+                    - variable: networkv6
+                      label: IPv6 Network
+                      schema:
+                        type: string
+                        required: true
+              - variable: configFile
+                label: VPN Config File Location
+                schema:
+                  type: string
+                  show_if: [["type", "!=", "disabled"]]
+                  default: ""
+
+              - variable: envList
+                label: VPN Environment Variables
+                schema:
+                  type: list
+                  show_if: [["type", "!=", "disabled"]]
+                  default: []
+                  items:
+                    - variable: envItem
+                      label: Environment Variable
+                      schema:
+                        additional_attrs: true
+                        type: dict
+                        attrs:
+                          - variable: name
+                            label: Name
+                            schema:
+                              type: string
+                              required: true
+                          - variable: value
+                            label: Value
+                            schema:
+                              type: string
+                              required: true
+                              max_length: 10240
+  - variable: docs
+    group: Documentation
+    label: Please read the documentation at https://truecharts.org
+    description: Please read the documentation at
+      <br /><a href="https://truecharts.org">https://truecharts.org</a>
+    schema:
+      additional_attrs: true
+      type: dict
+      attrs:
+        - variable: confirmDocs
+          label: I have checked the documentation
+          schema:
+            type: boolean
+            default: true
+  - variable: donateNag
+    group: Documentation
+    label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
+    description: Please consider supporting TrueCharts, see
+      <br /><a href="https://truecharts.org/sponsor">https://truecharts.org/sponsor</a>
+    schema:
+      additional_attrs: true
+      type: dict
+      attrs:
+        - variable: confirmDonate
+          label: I have considered donating
+          schema:
+            type: boolean
+            default: true
+            hidden: true
diff --git a/enterprise/traefik/18.0.18/templates/NOTES.txt b/enterprise/traefik/18.0.18/templates/NOTES.txt
new file mode 100644
index 00000000000..efcb74cb772
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/NOTES.txt
@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}
diff --git a/enterprise/traefik/18.0.18/templates/_args.tpl b/enterprise/traefik/18.0.18/templates/_args.tpl
new file mode 100644
index 00000000000..4478375d842
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/_args.tpl
@@ -0,0 +1,182 @@
+{{/* Define the args */}}
+{{- define "traefik.args" -}}
+args:
+  {{/* merge all ports */}}
+  {{- $ports := dict }}
+  {{- range $.Values.service }}
+  {{- range $name, $value := .ports }}
+  {{- $_ := set $ports $name $value }}
+  {{- end }}
+  {{- end }}
+  {{/* start of actual arguments */}}
+  {{- with .Values.globalArguments }}
+  {{- range . }}
+  - {{ . | quote }}
+  {{- end }}
+  {{- end }}
+  {{- range $name, $config := $ports }}
+  {{- if $config }}
+  {{- if or ( eq $config.protocol "http" ) ( eq $config.protocol "https" ) ( eq $config.protocol "tcp" ) }}
+  {{- $_ := set $config "protocol" "tcp" }}
+  {{- end }}
+  - "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
+  {{- end }}
+  {{- end }}
+  - "--api.dashboard=true"
+  - "--ping=true"
+  {{- if .Values.traefikMetrics }}
+  {{- if .Values.traefikMetrics.datadog }}
+  - "--metrics.datadog=true"
+  - "--metrics.datadog.address={{ .Values.traefikMetrics.datadog.address }}"
+  {{- end }}
+  {{- if .Values.traefikMetrics.influxdb }}
+  - "--metrics.influxdb=true"
+  - "--metrics.influxdb.address={{ .Values.traefikMetrics.influxdb.address }}"
+  - "--metrics.influxdb.protocol={{ .Values.traefikMetrics.influxdb.protocol }}"
+  {{- end }}
+  {{- if .Values.traefikMetrics.statsd }}
+  - "--metrics.statsd=true"
+  - "--metrics.statsd.address={{ .Values.traefikMetrics.statsd.address }}"
+  {{- if or .Values.traefikMetrics.prometheus }}
+  - "--metrics.prometheus=true"
+  - "--metrics.prometheus.entrypoint=metrics"
+  {{- end }}
+  {{- end }}
+  {{- end }}
+  {{- if or .Values.metrics.main.enabled }}
+  - "--metrics.prometheus=true"
+  - "--metrics.prometheus.entrypoint=metrics"
+  {{- end }}
+  {{- if .Values.providers.kubernetesCRD.enabled }}
+  - "--providers.kubernetescrd"
+  {{- end }}
+  {{- if .Values.providers.kubernetesIngress.enabled }}
+  - "--providers.kubernetesingress"
+  {{- if .Values.providers.kubernetesIngress.publishedService.enabled }}
+  - "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"
+  {{- end }}
+  {{- if .Values.providers.kubernetesIngress.labelSelector }}
+  - "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}"
+  {{- end }}
+  {{- end }}
+  {{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
+  {{- if .Values.providers.kubernetesCRD.enabled }}
+  - "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}"
+  {{- end }}
+  {{- if .Values.providers.kubernetesIngress.enabled }}
+  - "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}"
+  {{- end }}
+  {{- end }}
+  {{- if $.Values.ingressClass.enabled }}
+  - "--providers.kubernetesingress.ingressclass={{ .Release.Name }}"
+  {{- end }}
+  {{- range $entrypoint, $config := $ports }}
+  {{/* add args for proxyProtocol support */}}
+  {{- if $config.proxyProtocol }}
+  {{- if $config.proxyProtocol.enabled }}
+  {{- if $config.proxyProtocol.insecureMode }}
+  - "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure"
+  {{- end }}
+  {{- if not ( empty $config.proxyProtocol.trustedIPs ) }}
+  - "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}"
+  {{- end }}
+  {{- end }}
+  {{- end }}
+  {{/* add args for forwardedHeaders support */}}
+  {{- if $config.forwardedHeaders.enabled }}
+  {{- if not ( empty $config.forwardedHeaders.trustedIPs ) }}
+  - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}"
+  {{- end }}
+  {{- if $config.forwardedHeaders.insecureMode }}
+  - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure"
+  {{- end }}
+  {{- end }}
+  {{/* end forwardedHeaders configuration */}}
+  {{- if $config.redirectTo }}
+  {{- $toPort := index $ports $config.redirectTo }}
+  - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}"
+  - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
+  {{- else if $config.redirectPort }}
+  {{ if gt $config.redirectPort 0.0 }}
+  - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $config.redirectPort }}"
+  - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
+  {{- end }}
+  {{- end }}
+  {{- if or ( $config.tls ) ( eq $config.protocol "https" ) }}
+  {{- if or ( $config.tls.enabled ) ( eq $config.protocol "https" ) }}
+  - "--entrypoints.{{ $entrypoint }}.http.tls=true"
+  {{- if $config.tls.options }}
+  - "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
+  {{- end }}
+  {{- if $config.tls.certResolver }}
+  - "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
+  {{- end }}
+  {{- if $config.tls.domains }}
+  {{- range $index, $domain := $config.tls.domains }}
+  {{- if $domain.main }}
+  - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
+  {{- end }}
+  {{- if $domain.sans }}
+  - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
+  {{- end }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+  {{- with .Values.logs }}
+  - "--log.format={{ .general.format }}"
+  {{- if ne .general.level "ERROR" }}
+  - "--log.level={{ .general.level | upper }}"
+  {{- end }}
+  {{- if .access.enabled }}
+  - "--accesslog=true"
+  - "--accesslog.format={{ .access.format }}"
+  {{- if .access.bufferingsize }}
+  - "--accesslog.bufferingsize={{ .access.bufferingsize }}"
+  {{- end }}
+  {{- if .access.filters }}
+  {{- if .access.filters.statuscodes }}
+  - "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}"
+  {{- end }}
+  {{- if .access.filters.retryattempts }}
+  - "--accesslog.filters.retryattempts"
+  {{- end }}
+  {{- if .access.filters.minduration }}
+  - "--accesslog.filters.minduration={{ .access.filters.minduration }}"
+  {{- end }}
+  {{- end }}
+  - "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
+  {{- range $fieldname, $fieldaction := .access.fields.general.names }}
+  - "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}"
+  {{- end }}
+  - "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}"
+  {{- range $fieldname, $fieldaction := .access.fields.headers.names }}
+  - "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}"
+  {{- end }}
+  {{- end }}
+  {{- end }}
+  {{/* theme.park */}}
+  {{- if .Values.middlewares.themePark }}
+  - "--experimental.plugins.traefik-themepark.modulename=github.com/packruler/traefik-themepark"
+  - "--experimental.plugins.traefik-themepark.version={{ .Values.middlewares.themeParkVersion }}"
+  {{- end }}
+  {{/* End of theme.park */}}
+  {{/* GeoBlock */}}
+  {{- if .Values.middlewares.geoBlock }}
+  - "--experimental.plugins.GeoBlock.modulename=github.com/PascalMinder/geoblock"
+  - "--experimental.plugins.GeoBlock.version={{ .Values.middlewares.geoBlockVersion }}"
+  {{- end }}
+  {{/* End of GeoBlock */}}
+  {{/* RealIP */}}
+  {{- if .Values.middlewares.realIP }}
+  - "--experimental.plugins.traefik-real-ip.modulename=github.com/soulbalz/traefik-real-ip"
+  - "--experimental.plugins.traefik-real-ip.version={{ .Values.middlewares.realIPVersion }}"
+  {{- end }}
+  {{/* End of RealIP */}}
+  {{- with .Values.additionalArguments }}
+  {{- range . }}
+  - {{ . | quote }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
diff --git a/enterprise/traefik/18.0.18/templates/_helpers.tpl b/enterprise/traefik/18.0.18/templates/_helpers.tpl
new file mode 100644
index 00000000000..1345dcea39a
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{/*
+Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice.
+By convention this will simply use the <namespace>/<service-name> to match the name of the
+service generated.
+Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride`
+*/}}
+{{- define "providers.kubernetesIngress.publishedServicePath" -}}
+{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
+{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}}
+{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }}
+{{- print $servicePath | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Construct a comma-separated list of whitelisted namespaces
+*/}}
+{{- define "providers.kubernetesIngress.namespaces" -}}
+{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }}
+{{- end -}}
+{{- define "providers.kubernetesCRD.namespaces" -}}
+{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }}
+{{- end -}}
diff --git a/enterprise/traefik/18.0.18/templates/_ingressclass.tpl b/enterprise/traefik/18.0.18/templates/_ingressclass.tpl
new file mode 100644
index 00000000000..4213783865c
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/_ingressclass.tpl
@@ -0,0 +1,24 @@
+{{/* Define the ingressClass */}}
+{{- define "traefik.ingressClass" -}}
+---
+{{ if $.Values.ingressClass.enabled }}
+  {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }}
+apiVersion: networking.k8s.io/v1
+  {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }}
+apiVersion: networking.k8s.io/v1beta1
+  {{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }}
+apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }}
+  {{- else }}
+  {{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }}
+  {{- end }}
+kind: IngressClass
+metadata:
+  annotations:
+    ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }}
+  labels:
+    {{- include "tc.v1.common.lib.metadata.allLabels" . | nindent 4 }}
+  name: {{ .Release.Name }}
+spec:
+  controller: traefik.io/ingress-controller
+{{- end }}
+{{- end }}
diff --git a/enterprise/traefik/18.0.18/templates/_ingressroute.tpl b/enterprise/traefik/18.0.18/templates/_ingressroute.tpl
new file mode 100644
index 00000000000..bf235761f80
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/_ingressroute.tpl
@@ -0,0 +1,34 @@
+{{/* Define the ingressRoute */}}
+{{- define "traefik.ingressRoute" -}}
+{{ if .Values.ingressRoute.dashboard.enabled }}
+
+{{- $ingressRouteLabels := .Values.ingressRoute.dashboard.labels -}}
+{{- $ingressRouteAnnotations := .Values.ingressRoute.dashboard.annotations -}}
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: {{ include "tc.v1.common.lib.chart.names.fullname" . }}-dashboard
+  {{- $labels := (mustMerge ($ingressRouteLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
+  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
+  labels:
+    {{- . | nindent 4 }}
+  {{- end }}
+  {{- $annotations := (mustMerge ($ingressRouteAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
+  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
+  annotations:
+    {{- . | nindent 4 }}
+  {{- end }}
+
+spec:
+  entryPoints:
+    - main
+  routes:
+  - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
+    kind: Rule
+    services:
+    - name: api@internal
+      kind: TraefikService
+{{ end }}
+{{- end -}}
diff --git a/enterprise/traefik/18.0.18/templates/_portalhook.tpl b/enterprise/traefik/18.0.18/templates/_portalhook.tpl
new file mode 100644
index 00000000000..242555bdc92
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/_portalhook.tpl
@@ -0,0 +1,25 @@
+{{/* Define the portalHook */}}
+{{- define "traefik.portalhook" -}}
+{{- if .Values.portalhook.enabled -}}
+  {{- $name := "portalhook" -}}
+  {{- if $.Values.ingressClass.enabled -}}
+    {{- $name = printf "portalhook-%v" .Release.Name -}}
+  {{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $name }}
+  namespace: tc-system
+data:
+  {{- $ports := dict }}
+  {{- range $.Values.service }}
+  {{- range $name, $value := .ports }}
+  {{- $_ := set $ports $name $value }}
+  {{- end }}
+  {{- end }}
+  {{- range $name, $value := $ports }}
+  {{ $name }}: {{ $value.port | quote }}
+  {{- end }}
+{{- end }}
+{{- end -}}
diff --git a/enterprise/traefik/18.0.18/templates/_tlsoptions.tpl b/enterprise/traefik/18.0.18/templates/_tlsoptions.tpl
new file mode 100644
index 00000000000..4194e513cd3
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/_tlsoptions.tpl
@@ -0,0 +1,12 @@
+{{/* Define the tlsOptions */}}
+{{- define "traefik.tlsOptions" -}}
+{{- range $name, $config := .Values.tlsOptions }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: TLSOption
+metadata:
+  name: {{ $name }}
+spec:
+  {{- toYaml $config | nindent 2 }}
+{{- end }}
+{{- end -}}
diff --git a/enterprise/traefik/18.0.18/templates/common.yaml b/enterprise/traefik/18.0.18/templates/common.yaml
new file mode 100644
index 00000000000..d70a9887a47
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/common.yaml
@@ -0,0 +1,23 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.v1.common.loader.init" . }}
+
+{{- $newArgs :=  (include "traefik.args" . | fromYaml) }}
+{{- $_ := set .Values "newArgs" $newArgs -}}
+{{- $mergedargs := concat $.Values.workload.main.podSpec.containers.main.args .Values.newArgs.args }}
+{{- $_ := set $.Values.workload.main.podSpec.containers.main "args" $mergedargs -}}
+
+{{- include "traefik.portalhook" . }}
+{{- include "traefik.tlsOptions" . }}
+{{- include "traefik.ingressRoute" . }}
+{{- include "traefik.ingressClass" . }}
+
+{{- with .Values.ingress -}}
+  {{- with .main -}}
+    {{- if .enabled  -}}
+      {{- $_ := set $.Values.portal.open.override "protocol" "https" -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
+
+{{/* Render the templates */}}
+{{ include "tc.v1.common.loader.apply" . }}
diff --git a/enterprise/traefik/18.0.18/templates/middlewares/addPrefix.yaml b/enterprise/traefik/18.0.18/templates/middlewares/addPrefix.yaml
new file mode 100644
index 00000000000..473f703eec9
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/middlewares/addPrefix.yaml
@@ -0,0 +1,14 @@
+{{- $values := .Values }}
+
+{{- range $index, $middlewareData := .Values.middlewares.addPrefix }}
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  addPrefix:
+    prefix: {{ $middlewareData.prefix }}
+{{- end }}
diff --git a/enterprise/traefik/18.0.18/templates/middlewares/basic-middleware.yaml b/enterprise/traefik/18.0.18/templates/middlewares/basic-middleware.yaml
new file mode 100644
index 00000000000..ead5bdf724e
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/middlewares/basic-middleware.yaml
@@ -0,0 +1,58 @@
+{{- $values := .Values }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  compress: {}
+---
+# Here, an average of 300 requests per second is allowed.
+# In addition, a burst of 200 requests is allowed.
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  rateLimit:
+    average: 600
+    burst: 400
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  headers:
+    accessControlAllowMethods:
+      - GET
+      - OPTIONS
+      - HEAD
+      - PUT
+    accessControlMaxAge: 100
+    stsSeconds: 63072000
+    # stsIncludeSubdomains: false
+    # stsPreload: false
+    forceSTSHeader: true
+    contentTypeNosniff: true
+    browserXssFilter: true
+    referrerPolicy: same-origin
+    customRequestHeaders:
+      X-Forwarded-Proto: "https"
+    customResponseHeaders:
+      server: ''
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-chain-basic" $.Release.Name) "chain-basic" $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  chain:
+    middlewares:
+    - name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }}
+    - name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }}
+    - name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }}
diff --git a/enterprise/traefik/18.0.18/templates/middlewares/basicauth.yaml b/enterprise/traefik/18.0.18/templates/middlewares/basicauth.yaml
new file mode 100644
index 00000000000..f2a990a57e0
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/middlewares/basicauth.yaml
@@ -0,0 +1,31 @@
+{{- $values := .Values }}
+
+{{ range $index, $middlewareData := .Values.middlewares.basicAuth }}
+---
+{{- $users := list }}
+{{- range $index, $userdata := $middlewareData.users }}
+  {{- $users = append $users (htpasswd $userdata.username $userdata.password) }}
+{{- end }}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{printf "%v-%v" $middlewareData.name "secret" }}
+  namespace: tc-system
+type: Opaque
+stringData:
+  users: |
+    {{- range $index, $user := $users }}
+    {{ printf "%s" $user }}
+    {{- end }}
+---
+# Declaring the user list
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  basicAuth:
+    secret: {{ printf "%v-%v" $middlewareData.name "secret" }}
+{{ end }}
diff --git a/enterprise/traefik/18.0.18/templates/middlewares/chain.yaml b/enterprise/traefik/18.0.18/templates/middlewares/chain.yaml
new file mode 100644
index 00000000000..bb4920caab7
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/middlewares/chain.yaml
@@ -0,0 +1,21 @@
+{{- $values := .Values }}
+{{- $namespace := "tc-system" }}
+{{- if $.Values.ingressClass.enabled }}
+{{- $namespace := ( printf "tc-system-%s" .Release.Name ) }}
+{{- end }}
+{{ range $index, $middlewareData := .Values.middlewares.chain }}
+
+---
+# Declaring the user list
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  chain:
+    middlewares:
+      {{ range $index, $middleware := .middlewares }}
+      - name: {{ printf "%v-%v@%v" $namespace $middleware "kubernetescrd" }}
+      {{ end }}
+{{ end }}
diff --git a/enterprise/traefik/18.0.18/templates/middlewares/forwardauth.yaml b/enterprise/traefik/18.0.18/templates/middlewares/forwardauth.yaml
new file mode 100644
index 00000000000..a0336c6719d
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/middlewares/forwardauth.yaml
@@ -0,0 +1,31 @@
+{{- $values := .Values }}
+
+{{ range $index, $middlewareData := .Values.middlewares.forwardAuth }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  forwardAuth:
+    address: {{ $middlewareData.address }}
+    {{- with $middlewareData.authResponseHeaders }}
+    authResponseHeaders:
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with $middlewareData.authRequestHeaders }}
+    authRequestHeaders:
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- if $middlewareData.authResponseHeadersRegex }}
+    authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }}
+    {{- end }}
+    {{- if $middlewareData.trustForwardHeader }}
+    trustForwardHeader: true
+    {{- end }}
+    {{- with $middlewareData.tls }}
+    tls:
+      insecureSkipVerify: {{ .insecureSkipVerify | default false }}
+    {{- end }}
+{{ end }}
diff --git a/enterprise/traefik/18.0.18/templates/middlewares/geoblock.yaml b/enterprise/traefik/18.0.18/templates/middlewares/geoblock.yaml
new file mode 100644
index 00000000000..c1a2dcd0aeb
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/middlewares/geoblock.yaml
@@ -0,0 +1,32 @@
+{{- $values := .Values }}
+
+{{- range $index, $middlewareData := .Values.middlewares.geoBlock }}
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  plugin:
+    GeoBlock:
+      allowLocalRequests: {{ $middlewareData.allowLocalRequests }}
+      logLocalRequests: {{ $middlewareData.logLocalRequests }}
+      logAllowedRequests: {{ $middlewareData.logAllowedRequests }}
+      logApiRequests: {{ $middlewareData.logApiRequests }}
+      api: {{ $middlewareData.api }}
+      apiTimeoutMs: {{ $middlewareData.apiTimeoutMs }}
+      cacheSize: {{ $middlewareData.cacheSize }}
+      forceMonthlyUpdate: {{ $middlewareData.forceMonthlyUpdate }}
+      allowUnknownCountries: {{ $middlewareData.allowUnknownCountries }}
+      unknownCountryApiResponse: {{ $middlewareData.unknownCountryApiResponse }}
+      blackListMode: {{ $middlewareData.blackListMode }}
+      {{- if not $middlewareData.countries }}
+        {{- fail "You have to define at least one country..." }}
+      {{- end }}
+      countries:
+        {{- range $middlewareData.countries }}
+        - {{ . }}
+        {{- end }}
+{{- end }}
diff --git a/enterprise/traefik/18.0.18/templates/middlewares/ipwhitelist.yaml b/enterprise/traefik/18.0.18/templates/middlewares/ipwhitelist.yaml
new file mode 100644
index 00000000000..cec46d5102a
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/middlewares/ipwhitelist.yaml
@@ -0,0 +1,30 @@
+{{- $values := .Values }}
+
+{{ range $index, $middlewareData := .Values.middlewares.ipWhiteList }}
+
+---
+# Declaring the user list
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  ipWhiteList:
+    sourceRange:
+      {{- range $middlewareData.sourceRange }}
+      - {{ . }}
+      {{- end }}
+    {{- if $middlewareData.ipStrategy }}
+    ipStrategy:
+      {{- if $middlewareData.ipStrategy.depth }}
+      depth: {{ $middlewareData.ipStrategy.depth }}
+      {{- end }}
+      {{- if $middlewareData.ipStrategy.excludedIPs }}
+      excludedIPs:
+        {{- range $middlewareData.ipStrategy.excludedIPs }}
+        - {{ . }}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+{{ end }}
diff --git a/enterprise/traefik/18.0.18/templates/middlewares/ratelimit.yaml b/enterprise/traefik/18.0.18/templates/middlewares/ratelimit.yaml
new file mode 100644
index 00000000000..a2ae79af66e
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/middlewares/ratelimit.yaml
@@ -0,0 +1,16 @@
+{{- $values := .Values }}
+
+{{ range $index, $middlewareData := .Values.middlewares.rateLimit }}
+
+---
+# Declaring the user list
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  rateLimit:
+    average: {{ $middlewareData.average }}
+    burst: {{ $middlewareData.burst }}
+{{ end }}
diff --git a/enterprise/traefik/18.0.18/templates/middlewares/real-ip.yaml b/enterprise/traefik/18.0.18/templates/middlewares/real-ip.yaml
new file mode 100644
index 00000000000..1e7d6e148e0
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/middlewares/real-ip.yaml
@@ -0,0 +1,18 @@
+{{- $values := .Values }}
+
+{{- range $index, $middlewareData := .Values.middlewares.realIP }}
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  plugin:
+    traefik-real-ip:
+      excludednets:
+        {{- range $middlewareData.excludedNetworks }}
+        - {{ . | quote }}
+        {{- end }}
+{{- end }}
diff --git a/enterprise/traefik/18.0.18/templates/middlewares/redirectScheme.yaml b/enterprise/traefik/18.0.18/templates/middlewares/redirectScheme.yaml
new file mode 100644
index 00000000000..0913fd132a5
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/middlewares/redirectScheme.yaml
@@ -0,0 +1,16 @@
+{{- $values := .Values }}
+
+{{ range $index, $middlewareData := .Values.middlewares.redirectScheme }}
+
+---
+# Declaring the user list
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  redirectScheme:
+    scheme: {{ $middlewareData.scheme }}
+    permanent: {{ $middlewareData.permanent }}
+{{ end }}
diff --git a/enterprise/traefik/18.0.18/templates/middlewares/redirectregex.yaml b/enterprise/traefik/18.0.18/templates/middlewares/redirectregex.yaml
new file mode 100644
index 00000000000..9dbd602a166
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/middlewares/redirectregex.yaml
@@ -0,0 +1,17 @@
+{{- $values := .Values }}
+
+{{ range $index, $middlewareData := .Values.middlewares.redirectRegex }}
+
+---
+# Declaring the user list
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  redirectRegex:
+    regex: {{ $middlewareData.regex | quote }}
+    replacement: {{ $middlewareData.replacement | quote }}
+    permanent: {{ $middlewareData.permanent }}
+{{ end }}
diff --git a/enterprise/traefik/18.0.18/templates/middlewares/stripPrefixRegex.yaml b/enterprise/traefik/18.0.18/templates/middlewares/stripPrefixRegex.yaml
new file mode 100644
index 00000000000..a409bfa85a1
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/middlewares/stripPrefixRegex.yaml
@@ -0,0 +1,17 @@
+{{- $values := .Values }}
+
+
+{{ range $index, $middlewareData := .Values.middlewares.stripPrefixRegex }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  stripPrefixRegex:
+    regex:
+     {{- range $middlewareData.regex }}
+      - {{ . | quote }}
+     {{- end }}
+{{ end }}
diff --git a/enterprise/traefik/18.0.18/templates/middlewares/tc-chains.yaml b/enterprise/traefik/18.0.18/templates/middlewares/tc-chains.yaml
new file mode 100644
index 00000000000..0b21a01f3bc
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/middlewares/tc-chains.yaml
@@ -0,0 +1,26 @@
+{{- $values := .Values }}
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-chain") "tc-opencors-chain" $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  chain:
+    middlewares:
+    - name: {{ ternary (printf "%v-%v" $.Release.Name "basic-ratelimit") "basic-ratelimit" $.Values.ingressClass.enabled }}
+    - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }}
+    - name: {{ ternary (printf "%v-%v" $.Release.Name "compress") "compress" $.Values.ingressClass.enabled }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-chain") "tc-closedcors-chain" $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  chain:
+    middlewares:
+    - name: {{ ternary (printf "%v-%v" $.Release.Name "basic-ratelimit") "basic-ratelimit" $.Values.ingressClass.enabled }}
+    - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }}
+    - name: {{ ternary (printf "%v-%v" $.Release.Name "compress") "compress" $.Values.ingressClass.enabled }}
diff --git a/enterprise/traefik/18.0.18/templates/middlewares/tc-headers.yaml b/enterprise/traefik/18.0.18/templates/middlewares/tc-headers.yaml
new file mode 100644
index 00000000000..859a5c8e043
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/middlewares/tc-headers.yaml
@@ -0,0 +1,59 @@
+{{- $values := .Values }}
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  headers:
+    accessControlAllowHeaders:
+    - '*'
+    accessControlAllowMethods:
+    - GET
+    - OPTIONS
+    - HEAD
+    - PUT
+    - POST
+    accessControlAllowOriginList:
+    - '*'
+    accessControlMaxAge: 100
+    browserXssFilter: true
+    contentTypeNosniff: true
+    customRequestHeaders:
+      X-Forwarded-Proto: https
+    customResponseHeaders:
+      server: ""
+    forceSTSHeader: true
+    referrerPolicy: same-origin
+    sslForceHost: true
+    sslRedirect: true
+    stsSeconds: 63072000
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  headers:
+    accessControlAllowMethods:
+      - GET
+      - OPTIONS
+      - HEAD
+      - PUT
+    accessControlMaxAge: 100
+    sslRedirect: true
+    stsSeconds: 63072000
+    # stsIncludeSubdomains: false
+    # stsPreload: false
+    forceSTSHeader: true
+    contentTypeNosniff: true
+    browserXssFilter: true
+    sslForceHost: true
+    referrerPolicy: same-origin
+    customRequestHeaders:
+      X-Forwarded-Proto: "https"
+    customResponseHeaders:
+      server: ''
diff --git a/enterprise/traefik/18.0.18/templates/middlewares/tc-nextcloud.yaml b/enterprise/traefik/18.0.18/templates/middlewares/tc-nextcloud.yaml
new file mode 100644
index 00000000000..3186bf4e2ca
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/middlewares/tc-nextcloud.yaml
@@ -0,0 +1,22 @@
+{{- $values := .Values }}
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-redirectregex-dav") "tc-nextcloud-redirectregex-dav" $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  redirectRegex:
+    regex: "https://(.*)/.well-known/(card|cal)dav"
+    replacement: "https://${1}/remote.php/dav/"
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-chain") "tc-nextcloud-chain" $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  chain:
+    middlewares:
+    - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-redirectregex-dav") "tc-nextcloud-redirectregex-dav" $.Values.ingressClass.enabled }}
diff --git a/enterprise/traefik/18.0.18/templates/middlewares/theme-park.yaml b/enterprise/traefik/18.0.18/templates/middlewares/theme-park.yaml
new file mode 100644
index 00000000000..5f6c9d8159e
--- /dev/null
+++ b/enterprise/traefik/18.0.18/templates/middlewares/theme-park.yaml
@@ -0,0 +1,23 @@
+{{- $values := .Values }}
+
+{{- range $index, $middlewareData := .Values.middlewares.themePark }}
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+  namespace: tc-system
+spec:
+  plugin:
+    traefik-themepark:
+      app: {{ $middlewareData.appName }}
+      theme: {{ $middlewareData.themeName }}
+      baseUrl: {{ $middlewareData.baseUrl }}
+      {{- if $middlewareData.addons }}
+      addons:
+        {{- range $middlewareData.addons }}
+        - {{ . | quote }}
+        {{- end }}
+      {{- end }}
+{{- end }}
diff --git a/enterprise/traefik/18.0.18/values.yaml b/enterprise/traefik/18.0.18/values.yaml
new file mode 100644
index 00000000000..e69de29bb2d