From 197cef7f3f0b2e811c879b2db398aa50291a972f Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Fri, 6 Mar 2026 23:55:57 +0000 Subject: [PATCH] [ci skip] add auto-generated tiers.tf, planning docs, and helm chart cache - tiers.tf: Terragrunt-generated tier locals for all standalone stacks - .planning/: resource audit research and plans - docs/plans/: cluster hardening design doc - redis-25.3.2.tgz: Bitnami Redis Helm chart cache --- .../1-PLAN.md | 47 + .../quick/resource-audit-live-metrics.md | 614 ++++++ .../resource-audit-terraform-definitions.md | 273 +++ .../resource-audit-vpa-recommendations.md | 1708 +++++++++++++++++ .planning/quick/resource-plan.md | 285 +++ .../2026-03-03-cluster-hardening-design.md | 73 + stacks/affine/tiers.tf | 10 + stacks/audiobookshelf/tiers.tf | 10 + stacks/blog/tiers.tf | 10 + stacks/calibre/tiers.tf | 10 + stacks/changedetection/tiers.tf | 10 + stacks/city-guesser/tiers.tf | 10 + stacks/coturn/tiers.tf | 10 + stacks/cyberchef/tiers.tf | 10 + stacks/dashy/tiers.tf | 10 + stacks/dawarich/tiers.tf | 10 + stacks/descheduler/tiers.tf | 10 + stacks/diun/tiers.tf | 10 + stacks/echo/tiers.tf | 10 + stacks/excalidraw/tiers.tf | 10 + stacks/forgejo/tiers.tf | 10 + stacks/freedify/tiers.tf | 10 + stacks/freshrss/tiers.tf | 10 + stacks/frigate/tiers.tf | 10 + stacks/grampsweb/tiers.tf | 10 + stacks/hackmd/tiers.tf | 10 + stacks/health/tiers.tf | 10 + stacks/homepage/tiers.tf | 10 + stacks/immich/tiers.tf | 10 + stacks/isponsorblocktv/tiers.tf | 10 + stacks/jsoncrack/tiers.tf | 10 + stacks/k8s-dashboard/tiers.tf | 10 + stacks/kms/tiers.tf | 10 + stacks/linkwarden/tiers.tf | 10 + stacks/matrix/tiers.tf | 10 + stacks/meshcentral/tiers.tf | 10 + stacks/n8n/tiers.tf | 10 + stacks/navidrome/tiers.tf | 10 + stacks/netbox/tiers.tf | 10 + stacks/networking-toolbox/tiers.tf | 10 + stacks/ntfy/tiers.tf | 10 + stacks/onlyoffice/tiers.tf | 10 + stacks/openclaw/tiers.tf | 10 + stacks/owntracks/tiers.tf | 10 + stacks/platform/redis-25.3.2.tgz | Bin 0 -> 118242 bytes stacks/privatebin/tiers.tf | 10 + stacks/real-estate-crawler/tiers.tf | 10 + stacks/reloader/tiers.tf | 10 + stacks/resume/tiers.tf | 10 + stacks/send/tiers.tf | 10 + stacks/shadowsocks/tiers.tf | 10 + stacks/speedtest/tiers.tf | 10 + stacks/tandoor/tiers.tf | 10 + stacks/tor-proxy/tiers.tf | 10 + stacks/travel_blog/tiers.tf | 10 + stacks/tuya-bridge/tiers.tf | 10 + stacks/url/tiers.tf | 10 + stacks/wealthfolio/tiers.tf | 10 + stacks/webhook_handler/tiers.tf | 10 + stacks/whisper/tiers.tf | 10 + 60 files changed, 3530 insertions(+) create mode 100644 .planning/quick/1-fix-broken-demo-streams-and-improve-heal/1-PLAN.md create mode 100644 .planning/quick/resource-audit-live-metrics.md create mode 100644 .planning/quick/resource-audit-terraform-definitions.md create mode 100644 .planning/quick/resource-audit-vpa-recommendations.md create mode 100644 .planning/quick/resource-plan.md create mode 100644 docs/plans/2026-03-03-cluster-hardening-design.md create mode 100644 stacks/affine/tiers.tf create mode 100644 stacks/audiobookshelf/tiers.tf create mode 100644 stacks/blog/tiers.tf create mode 100644 stacks/calibre/tiers.tf create mode 100644 stacks/changedetection/tiers.tf create mode 100644 stacks/city-guesser/tiers.tf create mode 100644 stacks/coturn/tiers.tf create mode 100644 stacks/cyberchef/tiers.tf create mode 100644 stacks/dashy/tiers.tf create mode 100644 stacks/dawarich/tiers.tf create mode 100644 stacks/descheduler/tiers.tf create mode 100644 stacks/diun/tiers.tf create mode 100644 stacks/echo/tiers.tf create mode 100644 stacks/excalidraw/tiers.tf create mode 100644 stacks/forgejo/tiers.tf create mode 100644 stacks/freedify/tiers.tf create mode 100644 stacks/freshrss/tiers.tf create mode 100644 stacks/frigate/tiers.tf create mode 100644 stacks/grampsweb/tiers.tf create mode 100644 stacks/hackmd/tiers.tf create mode 100644 stacks/health/tiers.tf create mode 100644 stacks/homepage/tiers.tf create mode 100644 stacks/immich/tiers.tf create mode 100644 stacks/isponsorblocktv/tiers.tf create mode 100644 stacks/jsoncrack/tiers.tf create mode 100644 stacks/k8s-dashboard/tiers.tf create mode 100644 stacks/kms/tiers.tf create mode 100644 stacks/linkwarden/tiers.tf create mode 100644 stacks/matrix/tiers.tf create mode 100644 stacks/meshcentral/tiers.tf create mode 100644 stacks/n8n/tiers.tf create mode 100644 stacks/navidrome/tiers.tf create mode 100644 stacks/netbox/tiers.tf create mode 100644 stacks/networking-toolbox/tiers.tf create mode 100644 stacks/ntfy/tiers.tf create mode 100644 stacks/onlyoffice/tiers.tf create mode 100644 stacks/openclaw/tiers.tf create mode 100644 stacks/owntracks/tiers.tf create mode 100644 stacks/platform/redis-25.3.2.tgz create mode 100644 stacks/privatebin/tiers.tf create mode 100644 stacks/real-estate-crawler/tiers.tf create mode 100644 stacks/reloader/tiers.tf create mode 100644 stacks/resume/tiers.tf create mode 100644 stacks/send/tiers.tf create mode 100644 stacks/shadowsocks/tiers.tf create mode 100644 stacks/speedtest/tiers.tf create mode 100644 stacks/tandoor/tiers.tf create mode 100644 stacks/tor-proxy/tiers.tf create mode 100644 stacks/travel_blog/tiers.tf create mode 100644 stacks/tuya-bridge/tiers.tf create mode 100644 stacks/url/tiers.tf create mode 100644 stacks/wealthfolio/tiers.tf create mode 100644 stacks/webhook_handler/tiers.tf create mode 100644 stacks/whisper/tiers.tf diff --git a/.planning/quick/1-fix-broken-demo-streams-and-improve-heal/1-PLAN.md b/.planning/quick/1-fix-broken-demo-streams-and-improve-heal/1-PLAN.md new file mode 100644 index 00000000..fe1b0995 --- /dev/null +++ b/.planning/quick/1-fix-broken-demo-streams-and-improve-heal/1-PLAN.md @@ -0,0 +1,47 @@ +# Quick Task 1: Fix Broken Demo Streams and Improve Health Checking + +## Objective + +Replace the broken Akamai live test stream (whose variant playlists return 404 despite master playlist returning 200) with a working test stream, and improve the health checker to validate variant playlists so broken streams are caught before being displayed to users. Rebuild and deploy the updated image. + +## Context + +- The F1 streaming site at f1.viktorbarzin.me has 3 demo streams +- Akamai live test stream (`cph-p2p-msl.akamaized.net/hls/live/2000341/test/master.m3u8`) has a working master playlist but all variant playlists return 404 +- Current health check only validates the master playlist URL (checks for `#EXTM3U`), missing the broken variants +- When hls.js tries to load the variant through the proxy, it gets 502 errors +- The other 2 streams (Big Buck Bunny, Apple Bipbop) work correctly end-to-end +- Confirmed working replacement: Tears of Steel (`demo.unified-streaming.com/k8s/features/stable/video/tears-of-steel/tears-of-steel.ism/.m3u8`) - all variants return 200 + +## Tasks + +### Task 1: Replace broken Akamai stream URL in demo extractor + +**files:** `stacks/f1-stream/files/backend/extractors/demo.py` +**action:** Replace the Akamai live test stream URL with Tears of Steel. Update the title, quality, and any other metadata. +**verify:** Run the demo extractor's URL through curl to confirm master and variant playlists both return 200. +**done:** Demo extractor returns 3 working stream URLs, none of which have broken variants. + +Replace: +- URL: `https://cph-p2p-msl.akamaized.net/hls/live/2000341/test/master.m3u8` +- Title: "Akamai Live Test Stream" +- Quality: "" (empty) + +With: +- URL: `https://demo.unified-streaming.com/k8s/features/stable/video/tears-of-steel/tears-of-steel.ism/.m3u8` +- Title: "Tears of Steel (Test Stream)" +- Quality: "1080p" + +### Task 2: Improve health checker to validate variant playlists + +**files:** `stacks/f1-stream/files/backend/health.py` +**action:** After the existing health check passes (master playlist has `#EXTM3U`), if the playlist is a master playlist (contains `#EXT-X-STREAM-INF:`), extract the first variant URI and do a HEAD/GET check on it. Mark the stream as unhealthy if the variant returns non-200. +**verify:** A stream with a broken variant (like the old Akamai one) would be marked `is_live=False`. +**done:** Health checker validates at least one variant playlist when the stream is a master playlist. + +### Task 3: Rebuild Docker image and deploy + +**files:** `stacks/f1-stream/main.tf` +**action:** Build new Docker image with tag v5.1.0, push to registry, update Terraform deployment image tag, apply the stack. +**verify:** `curl https://f1.viktorbarzin.me/streams` returns 3 streams all with `is_live: true`. Visit f1.viktorbarzin.me/watch in browser and confirm all 3 streams play. +**done:** All 3 demo streams are playable in the browser at f1.viktorbarzin.me/watch. diff --git a/.planning/quick/resource-audit-live-metrics.md b/.planning/quick/resource-audit-live-metrics.md new file mode 100644 index 00000000..7a0eff9d --- /dev/null +++ b/.planning/quick/resource-audit-live-metrics.md @@ -0,0 +1,614 @@ +# Kubernetes Cluster Resource Audit - Live Metrics + +**Collected**: 2026-03-01 +**Cluster**: 5 nodes (k8s-master + k8s-node1-4), Kubernetes v1.34.2 + +--- + +## EXECUTIVE SUMMARY + +### Critical Issues + +#### OOMKilled Pods +| Namespace | Pod | Status | +|-----------|-----|--------| +| dbaas | mysql-cluster-0 | OOMKilled (last state) | + +#### CrashLoopBackOff / ImagePullBackOff Pods +| Namespace | Pod | Status | +|-----------|-----|--------| +| vpa | vpa-admission-certgen-kdvqj | ImagePullBackOff | + +#### Pods with NO Resource Limits (unbounded) +These pods have `` for CPU and/or memory limits -- they can consume unlimited node resources: + +| Namespace | Pod | Container | CPU Limit | Mem Limit | +|-----------|-----|-----------|-----------|-----------| +| calico-apiserver | calico-apiserver-*-bq6zp | calico-apiserver | | | +| calico-apiserver | calico-apiserver-*-q794h | calico-apiserver | | | +| calico-system | calico-kube-controllers-* | calico-kube-controllers | | | +| calico-system | calico-node-* (5 pods) | calico-node | | | +| calico-system | calico-typha-*-9wr7z | calico-typha | | | +| calico-system | calico-typha-*-hw8wt | calico-typha | | | +| calico-system | calico-typha-*-z69vx | calico-typha | | | +| calico-system | csi-node-driver-* (5 pods) | calico-csi, csi-node-driver-registrar | | | +| kube-system | etcd-k8s-master | etcd | | | +| kube-system | kube-apiserver-k8s-master | kube-apiserver | | | +| kube-system | kube-controller-manager-k8s-master | kube-controller-manager | | | +| kube-system | kube-proxy-* (5 pods) | kube-proxy | | | +| kube-system | kube-scheduler-k8s-master | kube-scheduler | | | +| kyverno | kyverno-admission-controller-* (2 pods) | kyverno | (CPU) | 768Mi | +| kyverno | kyverno-background-controller-* | controller | (CPU) | 128Mi | +| kyverno | kyverno-cleanup-controller-* | controller | (CPU) | 128Mi | +| kyverno | kyverno-reports-controller-* | controller | (CPU) | 128Mi | +| metallb-system | controller-* | controller | | | +| metallb-system | speaker-dn9bk | speaker | | | +| metallb-system | speaker-mnpsl | speaker | | | +| metallb-system | speaker-pl8dz | speaker | | | +| nvidia | nvidia-driver-daemonset-x2r6b | nvidia-driver-ctr | | | + +**Note**: kube-system and calico-system pods without limits are standard for control-plane components. The NVIDIA driver daemonset is also expected. MetalLB pods without limits should be monitored. + +#### Pods Near or Exceeding Memory Limits (>75% utilization) + +| Namespace | Pod | Current Usage | Memory Limit | % Used | +|-----------|-----|--------------|--------------|--------| +| dbaas | mysql-cluster-0 | 1845Mi | 2Gi (sidecar:512Mi + mysql:2Gi) | ~90% of mysql container | +| dbaas | mysql-cluster-2 | 1212Mi | 2Gi (sidecar:512Mi + mysql:2Gi) | ~59% combined | +| dbaas | mysql-cluster-1 | 1083Mi | 2Gi (sidecar:512Mi + mysql:2Gi) | ~53% combined | +| dashy | dashy-* | 1048Mi | 4Gi | 26% but NOTE: 490m CPU near 500m limit (98%) | +| onlyoffice | onlyoffice-document-server-* | 1007Mi | 4Gi | 25% | +| stirling-pdf | stirling-pdf-* | 902Mi | 4Gi | 23% | +| trading-bot | trading-bot-workers-* | 1901Mi | 2Gi (sentiment-analyzer) | ~95% of largest container | +| authentik | goauthentik-server-*-x68p7 | 593Mi | 1Gi | 58% | +| authentik | goauthentik-server-*-4bjll | 583Mi | 1Gi | 57% | +| authentik | goauthentik-server-*-z68g8 | 548Mi | 1Gi | 54% | +| authentik | goauthentik-worker-*-klk6z | 551Mi | 1Gi | 54% | +| servarr | flaresolverr-* | 148Mi | 256Mi | 58% | +| speedtest | speedtest-* | 147Mi | ~1.2Gi | 12% | +| cnpg-system | cnpg-cloudnative-pg-* | 72Mi | 256Mi | 28% | +| mailserver | mailserver-* | 183Mi | 256Mi+256Mi | 36% per container | +| vpa | vpa-recommender-* | 74Mi | 512Mi | 14% (but 500Mi req = nearly full request!) | + +#### Pods with CPU Near Limit (potential throttling) + +| Namespace | Pod | Current CPU | CPU Limit | % Used | +|-----------|-----|------------|-----------|--------| +| dashy | dashy-* | 490m | 500m | **98%** -- actively throttling | +| stirling-pdf | stirling-pdf-* | 299m | 300m | **99.7%** -- actively throttling | +| frigate | frigate-* | 860m | 8000m | 11% | +| crowdsec | crowdsec-agent-rkvf2 | 13m | 500m | 3% (but req=limit=500m) | +| redis | redis-node-0 | 44m | 500m (redis) + 200m (sentinel) | 6% | +| redis | redis-node-1 | 43m | 1260m (redis) + 140m (sentinel) | 3% | + +--- + +## NODE-LEVEL RESOURCE USAGE + +| Node | CPU (cores) | CPU % | Memory | Memory % | +|------|-------------|-------|--------|----------| +| k8s-master | 805m | 10% | 5132Mi | 65% | +| k8s-node1 | 1002m | 6% | 9192Mi | 57% | +| k8s-node2 | 894m | 11% | 11517Mi | 48% | +| k8s-node3 | 781m | 9% | 13103Mi | 54% | +| k8s-node4 | 1333m | 16% | 13122Mi | 54% | +| **TOTAL** | **4815m** | **~10%** | **52066Mi** | **~55%** | + +**Observations**: +- Memory is the tighter resource (~55% cluster-wide), CPU is abundant (~10%) +- k8s-master at 65% memory -- highest, but still has headroom +- k8s-node3 and k8s-node4 carry the most memory workloads (~13Gi each) + +--- + +## POD RESOURCE USAGE BY NAMESPACE (sorted by total memory) + +### Top 20 Memory Consumers + +| Rank | Namespace/Pod | CPU | Memory | Mem Limit | +|------|--------------|-----|--------|-----------| +| 1 | frigate/frigate | 860m | 3835Mi | 16Gi | +| 2 | kube-system/kube-apiserver | 376m | 2531Mi | | +| 3 | monitoring/prometheus-server | 36m | 1912Mi | 4Gi | +| 4 | trading-bot/trading-bot-workers | 7m | 1901Mi | 2Gi (largest) | +| 5 | dbaas/mysql-cluster-0 | 62m | 1845Mi | 2Gi (mysql) | +| 6 | monitoring/loki-0 | 95m | 1335Mi | ~2.9Gi | +| 7 | immich/immich-machine-learning | 8m | 1215Mi | 16Gi | +| 8 | dbaas/mysql-cluster-2 | 32m | 1212Mi | 2Gi (mysql) | +| 9 | nvidia/nvidia-driver-daemonset | 0m | 1168Mi | | +| 10 | dbaas/mysql-cluster-1 | 40m | 1083Mi | 2Gi (mysql) | +| 11 | dashy/dashy | 490m | 1048Mi | 4Gi | +| 12 | onlyoffice/onlyoffice-document-server | 3m | 1007Mi | 4Gi | +| 13 | stirling-pdf/stirling-pdf | 299m | 902Mi | 4Gi | +| 14 | tandoor/tandoor | 1m | 754Mi | ~3.1Gi | +| 15 | paperless-ngx/paperless-ngx | 4m | 691Mi | ~3.7Gi | +| 16 | linkwarden/linkwarden | 8m | 682Mi | ~3.3Gi | +| 17 | ollama/ollama-ui | 2m | 658Mi | ~5.8Gi | +| 18 | whisper/whisper | 1m | 628Mi | ~5.8Gi | +| 19 | realestate-crawler/celery | 2m | 608Mi | 2Gi | +| 20 | authentik/goauthentik-server (x3) | ~17m each | ~575Mi each | 1Gi | + +### Top 10 CPU Consumers + +| Rank | Namespace/Pod | CPU | CPU Limit | +|------|--------------|-----|-----------| +| 1 | frigate/frigate | 860m | 8000m | +| 2 | dashy/dashy | 490m | 500m | +| 3 | kube-system/kube-apiserver | 376m | | +| 4 | stirling-pdf/stirling-pdf | 299m | 300m | +| 5 | kube-system/etcd | 216m | | +| 6 | monitoring/loki-0 | 95m | 504m | +| 7 | authentik/goauthentik-worker-c5zfs | 81m | 2000m | +| 8 | authentik/goauthentik-worker-b5wzk | 62m | 2000m | +| 9 | dbaas/mysql-cluster-0 | 62m | 2000m | +| 10 | calico-system/calico-node-wllsb | 49m | | + +--- + +## DETAILED NAMESPACE BREAKDOWN + +### actualbudget +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| actualbudget-anca | 1m | 42Mi | 25m/250m | 64Mi/256Mi | +| actualbudget-emo | 1m | 40Mi | 25m/250m | 64Mi/256Mi | +| actualbudget-http-api-anca | 1m | 26Mi | 25m/250m | 64Mi/256Mi | +| actualbudget-http-api-emo | 0m | 26Mi | 25m/250m | 64Mi/256Mi | +| actualbudget-http-api-viktor | 1m | 29Mi | 25m/250m | 64Mi/256Mi | +| actualbudget-viktor | 1m | 56Mi | 25m/250m | 64Mi/256Mi | +**Quota**: 150m/4000m CPU used, 384Mi/4Gi mem used, 6/30 pods + +### affine +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| affine | 4m | 174Mi | 35m/700m | ~237Mi/~1.9Gi | +**Quota**: 35m/2000m CPU, ~237Mi/2Gi mem, 1/20 pods + +### aiostreams +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| aiostreams | 1m | 215Mi | 50m/500m | 256Mi/768Mi | + +### atuin +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| atuin | 1m | 2Mi | 50m/500m | 64Mi/256Mi | + +### audiobookshelf +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| audiobookshelf | 1m | 55Mi | 15m/150m | ~100Mi/400Mi | + +### authentik +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| ak-outpost-embedded | 6m | 18Mi | 50m/500m | 64Mi/512Mi | +| goauthentik-server (x3) | 14-21m | 548-593Mi | 100m/2000m | 512Mi/1Gi | +| goauthentik-worker (x3) | 40-81m | 420-551Mi | 50-100m/1-2000m | 384Mi-600Mi/1-1.6Gi | +| pgbouncer (x3) | 1-2m | 2Mi | 15-50m/150-500m | ~100Mi/512-800Mi | +**Quota**: 680m/16000m CPU, ~3.3Gi/16Gi mem, 10/50 pods + +### calibre +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| annas-archive-stacks | 1m | 60Mi | 25m/250m | 64Mi/256Mi | +| calibre-web-automated | 1m | 196Mi | 23m/460m | ~640Mi/~2.6Gi | + +### changedetection +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| changedetection (2 containers) | 6m | 111Mi | 25m+25m/250m+250m | 64Mi+64Mi/256Mi+256Mi | + +### cloudflared +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| cloudflared (x3) | 3-9m | 31-59Mi | 50m/500m | 64Mi/512Mi | + +### crowdsec +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| crowdsec-agent (x3) | 3-13m | 43-48Mi | 500m/500m | 250Mi/250Mi | +| crowdsec-lapi (x3) | 1m | 30-34Mi | 23m/23m | ~121Mi/~121Mi | +| crowdsec-web | 2m | 46Mi | 50m/500m | 64Mi/512Mi | +**Note**: crowdsec-agent has CPU req=limit=500m (Guaranteed QoS). Same for memory at 250Mi. + +### dashy +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| dashy | **490m** | 1048Mi | 15m/**500m** | 512Mi/4Gi | +**WARNING**: CPU at 98% of limit -- actively being throttled! + +### dawarich +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| dawarich | 1m | 438Mi | 15m/150m | ~600Mi/~2.4Gi | + +### dbaas +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| mysql-cluster-0 | 62m | 1845Mi | 50m+250m/500m+2000m | 64Mi+1Gi/512Mi+2Gi | +| mysql-cluster-1 | 40m | 1083Mi | 50m+250m/500m+2000m | 64Mi+1Gi/512Mi+2Gi | +| mysql-cluster-2 | 32m | 1212Mi | 50m+250m/500m+2000m | 64Mi+1Gi/512Mi+2Gi | +| pg-cluster-1 | 22m | 335Mi | 250m/2000m | 512Mi/4Gi | +| pg-cluster-2 | 11m | 155Mi | 250m/2000m | 512Mi/4Gi | +| pgadmin | 1m | 265Mi | 50m/500m | 64Mi/512Mi | +| phpmyadmin | 1m | 46Mi | 50m/500m | 64Mi/512Mi | +**WARNING**: mysql-cluster-0 was OOMKilled previously. Currently at 1845Mi with 2Gi limit on mysql container (~90%). +**Quota**: 1500m/8000m CPU, 4416Mi/12Gi mem, 7/30 pods + +### echo +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| echo (x5) | 0-1m | 19-30Mi | 15-25m/150-250m | 64Mi-100Mi/256-400Mi | + +### forgejo +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| forgejo | 1m | 170Mi | 15m/500m | ~215Mi/~1.7Gi | + +### freedify +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| music-emo | 2m | 68Mi | 100m/500m | 256Mi/512Mi | +| music-viktor | 2m | 57Mi | 100m/500m | 256Mi/512Mi | + +### frigate +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| frigate | 860m | 3835Mi | 800m/8000m | 2Gi/16Gi | +**Note**: Highest memory consumer in the cluster. GPU tier (2-gpu). + +### headscale +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| headscale (2 containers) | 1m | 65Mi | 50m+25m/200m+100m | 64Mi+32Mi/256Mi+128Mi | + +### homepage +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| homepage | 1m | 86Mi | 15m/150m | ~121Mi/~484Mi | + +### immich +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| immich-frame | 1m | 30Mi | 15m/150m | ~105Mi/~838Mi | +| immich-machine-learning | 8m | 1215Mi | 15m/150m | 2Gi/16Gi | +| immich-postgresql | 1m | 268Mi | 15m/150m | ~990Mi/~7.9Gi | +| immich-server | 3m | 404Mi | 800m/8000m | ~990Mi/~7.9Gi | +**Quota**: 845m/8000m CPU, ~4.1Gi/8Gi mem, 4/40 pods. Note: mem at ~51% of quota. + +### kms +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| kms | 0m | 0Mi | 15m/15m | ~100Mi/1Gi | +| kms-web-page | 0m | 10Mi | 500m/500m | 512Mi/512Mi | +**Note**: kms-web-page has req=limit (Guaranteed QoS) at 500m CPU and 512Mi, but uses 0m/10Mi. + +### linkwarden +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| linkwarden | 8m | 682Mi | 15m/150m | ~826Mi/~3.3Gi | + +### mailserver +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| mailserver (2 containers) | 9m | 183Mi | 25m+25m/250m+250m | 64Mi+64Mi/256Mi+256Mi | +| roundcubemail | 1m | 44Mi | 25m/250m | 64Mi/256Mi | + +### meshcentral +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| meshcentral | 1m | 127Mi | 15m/300m | ~283Mi/~850Mi | + +### monitoring +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| alloy (x3, DaemonSet) | 44-47m | 182-201Mi | 63m+11m/252m+550m | ~422Mi+50Mi/~845Mi+512Mi | +| caretta (x4, DaemonSet) | 2-4m | 250-267Mi | 15m/225m | ~422Mi/~2.5Gi | +| goflow2 | 11m | 28Mi | 15m/60m | ~100Mi/400Mi | +| grafana (x3) | 18m | 232-235Mi | 11m+11m+35m/110m+110m+350m | multi-container | +| idrac-redfish-exporter | 3m | 9Mi | 15m/150m | ~100Mi/800Mi | +| loki-0 (2 containers) | 95m | 1335Mi | 126m+11m/504m+110m | ~1.9Gi+~121Mi/~2.9Gi+~968Mi | +| node-exporter (x5) | 1m | 9-24Mi | 15m/150m | ~100Mi/800Mi | +| prometheus-alertmanager | 2m | 24Mi | 15m/150m | ~100Mi/800Mi | +| prometheus-kube-state-metrics | 3m | 33Mi | 15m/150m | ~100Mi/800Mi | +| prometheus-pushgateway | 1m | 18Mi | 15m/150m | ~100Mi/800Mi | +| prometheus-server (2 containers) | 36m | 1912Mi | 11m+93m/110m+930m | 50Mi+512Mi/400Mi+4Gi | +| proxmox-exporter | 1m | 41Mi | 23m/230m | ~100Mi/800Mi | +| snmp-exporter | 2m | 14Mi | 15m/150m | ~100Mi/800Mi | +| sysctl-inotify (x5) | 0m | 0Mi | 15m/15m | ~100Mi/~100Mi | +**Quota**: 1177m/16000m CPU, ~9Gi/16Gi mem, 32/100 pods + +### mysql-operator +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| mysql-operator | 4m | 254Mi | 23m/230m | ~309Mi/~1.2Gi | + +### n8n +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| n8n | 2m | 425Mi | 15m/150m | ~524Mi/~2.1Gi | + +### netbox +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| netbox | 1m | 480Mi | 50m/2000m | 512Mi/4Gi | + +### nextcloud +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| nextcloud (2 containers) | 9m | 234Mi | 100m+11m/16000m+110m | ~1.3Gi+~121Mi/~8Gi+~484Mi | +| whiteboard | 1m | 62Mi | 25m/250m | 64Mi/256Mi | +**Quota**: 136m/4000m CPU, ~1.5Gi/8Gi mem, 2/10 pods + +### nvidia +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| gpu-feature-discovery | 1m | 76Mi | 100m+100m/1+1 | 256Mi+256Mi/2Gi+2Gi | +| gpu-operator | 14m | 63Mi | 200m/500m | 100Mi/350Mi | +| gpu-pod-exporter | 2m | 50Mi | 50m/200m | 128Mi/256Mi | +| nvidia-container-toolkit | 1m | 27Mi | 100m/1000m | 256Mi/2Gi | +| nvidia-dcgm-exporter | 17m | 538Mi | 100m/1000m | 256Mi/2Gi | +| nvidia-device-plugin | 1m | 47Mi | 100m+100m/1+1 | 256Mi+256Mi/2Gi+2Gi | +| nvidia-driver-daemonset | 0m | 1168Mi | | | +| nvidia-exporter | 1m | 138Mi | 15m/150m | ~121Mi/~968Mi | +| nfd-gc | 1m | 9Mi | 15m/1500m | ~100Mi/800Mi | +| nfd-master | 1m | 27Mi | 100m/4000m | 128Mi/4Gi | +| nfd-worker (x5) | 1m | 14-18Mi | 15m/3000m | ~100Mi/800Mi | +| nvidia-operator-validator | 0m | 1Mi | 100m/1000m | 256Mi/2Gi | + +### ollama +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| ollama | 1m | 11Mi | 500m/4000m | 4Gi/12Gi | +| ollama-ui | 2m | 658Mi | 15m/150m | ~729Mi/~5.8Gi | +**Note**: ollama pod at only 11Mi but reserves 4Gi -- GPU workload likely using VRAM instead. + +### onlyoffice +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| onlyoffice-document-server | 3m | 1007Mi | 250m/8000m | 512Mi/4Gi | +**Quota**: 250m/4000m CPU, 512Mi/4Gi mem, 1/10 pods + +### openclaw +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| openclaw (2 containers) | 2m | 447Mi | 100m+25m/2000m+500m | 512Mi+64Mi/2Gi+256Mi | + +### osm-routing +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| osrm-bicycle | 0m | 366Mi | 15m/250m | ~454Mi/~909Mi | +| osrm-foot | 0m | 359Mi | 15m/150m | ~454Mi/~1.8Gi | + +### paperless-ngx +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| paperless-ngx | 4m | 691Mi | 49m/980m | ~933Mi/~3.7Gi | + +### realestate-crawler +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| realestate-crawler-api (x2) | 2m | 133-134Mi | 15m/600m | ~194Mi/~1.6Gi | +| realestate-crawler-celery | 2m | 608Mi | 100m/2000m | 512Mi/2Gi | +| realestate-crawler-celery-beat | 0m | 107Mi | 15m/300m | ~175Mi/~699Mi | +| realestate-crawler-ui (x2) | 0m | 7-8Mi | 15-25m/150-250m | 64-100Mi/256-400Mi | + +### redis +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| redis-node-0 (redis+sentinel) | 44m | 47Mi | 50m+50m/500m+200m | 64Mi+64Mi/256Mi+128Mi | +| redis-node-1 (redis+sentinel) | 43m | 25Mi | 126m+35m/1260m+140m | ~50Mi+~50Mi/200Mi+100Mi | + +### resume +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| printer | 3m | 109Mi | 15m/300m | 1Gi/4Gi | +| resume | 1m | 116Mi | 15m/300m | ~215Mi/~645Mi | + +### rybbit +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| rybbit | 2m | 185Mi | 15m/150m | ~215Mi/~860Mi | +| rybbit-client | 1m | 89Mi | 25m/250m | 64Mi/256Mi | +**Note**: rybbit-client at 89Mi with 256Mi limit (35%). + +### servarr +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| flaresolverr | 1m | 148Mi | 25m/250m | 64Mi/256Mi | +| listenarr | 2m | 383Mi | 15m/600m | ~640Mi/~2.6Gi | +| prowlarr | 1m | 149Mi | 15m/150m | ~260Mi/~1Gi | +| qbittorrent | 1m | 29Mi | 25m/250m | 64Mi/256Mi | +**WARNING**: flaresolverr at 148Mi / 256Mi = 58% of mem limit. + +### speedtest +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| speedtest | 1m | 147Mi | 200m/2000m | ~309Mi/~1.2Gi | + +### stirling-pdf +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| stirling-pdf | **299m** | 902Mi | 15m/**300m** | 1Gi/4Gi | +**WARNING**: CPU at 99.7% of limit -- actively being throttled! + +### tandoor +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| tandoor | 1m | 754Mi | 15m/150m | ~776Mi/~3.1Gi | + +### technitium +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| technitium | 1m | 184Mi | 100m/500m | 128Mi/512Mi | +| technitium-secondary | 9m | 123Mi | 100m/500m | 128Mi/512Mi | + +### trading-bot +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| trading-bot-frontend (2 containers) | 2m | 174Mi | 10m+50m/200m+1000m | 32Mi+128Mi/128Mi+512Mi | +| trading-bot-workers (6 containers) | 7m | 1901Mi | 10m+100m+10m+10m+10m+10m/500m+2000m+500m+500m+500m+500m | 64Mi*5+512Mi/256Mi*5+2Gi | +**WARNING**: trading-bot-workers at 1901Mi. The sentiment-analyzer container has 2Gi limit, possibly near OOM. + +### traefik +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| auth-proxy (x2) | 1m | 7Mi | 5m/50m | 16Mi/32Mi | +| bot-block-proxy (x2) | 1m | 7Mi | 5m/50m | 16Mi/32Mi | +| traefik (x3) | 4-14m | 81-120Mi | 100m/500m | 128Mi/512Mi | + +### uptime-kuma +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| uptime-kuma | 23m | 163Mi | 49m/196m | ~237Mi/~947Mi | + +### vpa +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| goldilocks-controller | 7m | 30Mi | 49m/980m | ~105Mi/~209Mi | +| goldilocks-dashboard | 1m | 8Mi | 15m/300m | ~105Mi/~209Mi | +| vpa-admission-certgen | N/A | N/A | 50m/500m | 64Mi/512Mi | +| vpa-admission-controller | 3m | 48Mi | 50m/500m | 200Mi/512Mi | +| vpa-recommender | 13m | 74Mi | 50m/500m | 500Mi/512Mi | +| vpa-updater | 2m | 68Mi | 50m/500m | 500Mi/512Mi | +**WARNING**: vpa-admission-certgen in ImagePullBackOff. + +### whisper +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| piper | 0m | 32Mi | 100m/1000m | 256Mi/2Gi | +| whisper | 1m | 628Mi | 15m/150m | ~729Mi/~5.8Gi | + +### wireguard +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| wireguard (2 containers) | 1m | 2Mi | 50m+50m/500m+500m | 64Mi+64Mi/512Mi+512Mi | + +### woodpecker +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| woodpecker-agent-0 | 1m | 17Mi | 15m/150m | ~100Mi/400Mi | +| woodpecker-agent-1 | 1m | 28Mi | 25m/250m | 64Mi/256Mi | +| woodpecker-server-0 | 4m | 32Mi | 25m/250m | 64Mi/256Mi | + +### website +| Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----|----------|----------|-------------|-------------| +| blog (x3, 2 containers each) | 0-1m | 17-19Mi | 11m+11m/22m+110m | ~50Mi+~50Mi/512Mi+200Mi | + +### Other Small Namespaces +| Namespace | Pod | CPU Used | Mem Used | CPU Req/Lim | Mem Req/Lim | +|-----------|-----|----------|----------|-------------|-------------| +| city-guesser | city-guesser | 1m | 23Mi | 250m/500m | 50Mi/512Mi | +| coturn | coturn | 1m | 7Mi | 15m/150m | ~100Mi/400Mi | +| cyberchef | cyberchef | 0m | 8Mi | 15m/150m | ~100Mi/400Mi | +| diun | diun | 1m | 24Mi | 15m/150m | ~100Mi/400Mi | +| excalidraw | excalidraw | 0m | 2Mi | 15m/150m | ~100Mi/400Mi | +| f1-stream | f1-stream | 7m | 53Mi | 50m/500m | 64Mi/256Mi | +| freshrss | freshrss | 1m | 56Mi | 25m/250m | 64Mi/256Mi | +| hackmd | hackmd | 2m | 82Mi | 15m/150m | ~138Mi/~552Mi | +| health | health | 2m | 101Mi | 100m/1000m | 256Mi/1Gi | +| isponsorblocktv | isponsorblocktv-vermont | 1m | 42Mi | 15m/150m | ~100Mi/400Mi | +| jsoncrack | jsoncrack | 0m | 7Mi | 15m/150m | ~100Mi/400Mi | +| k8s-portal | k8s-portal | 0m | 14Mi | 25m/250m | 64Mi/256Mi | +| navidrome | navidrome | 1m | 62Mi | 15m/150m | ~156Mi/~623Mi | +| ntfy | ntfy | 1m | 20Mi | 25m/250m | 64Mi/256Mi | +| owntracks | owntracks | 1m | 1Mi | 15m/150m | ~100Mi/400Mi | +| plotting-book | plotting-book | 0m | 22Mi | 50m/500m | 128Mi/512Mi | +| privatebin | privatebin | 1m | 46Mi | 15m/150m | ~100Mi/400Mi | +| send | send | 0m | 53Mi | 15m/150m | ~100Mi/400Mi | +| shadowsocks | shadowsocks | 1m | 0Mi | 15m/150m | ~100Mi/400Mi | +| tor-proxy | tor-proxy | 1m | 61Mi | 15m/150m | ~105Mi/~419Mi | +| vaultwarden | vaultwarden | 1m | 49Mi | 50m/200m | 64Mi/256Mi | +| wealthfolio | wealthfolio | 0m | 8Mi | 15m/150m | ~100Mi/400Mi | +| webhook-handler | webhook-handler | 1m | 8Mi | 15m/30m | ~100Mi/1Gi | +| xray | xray | 0m | 11Mi | 50m/500m | 64Mi/512Mi | + +--- + +## LIMITRANGE DEFAULTS BY NAMESPACE + +| Namespace | Default CPU | Default Mem | Max CPU | Max Mem | Tier | +|-----------|-------------|-------------|---------|---------|------| +| **GPU tier (2-gpu)** | | | | | | +| ebook2audiobook | 1 | 2Gi | 8 | 16Gi | 2-gpu | +| frigate | 1 | 2Gi | 8 | 16Gi | 2-gpu | +| immich | 1 | 2Gi | 8 | 16Gi | 2-gpu | +| nvidia | 1 | 2Gi | 8 | 16Gi | 2-gpu | +| ollama | 1 | 2Gi | 8 | 16Gi | 2-gpu | +| whisper | 1 | 2Gi | 8 | 16Gi | 2-gpu | +| **Core tier (0-core)** | | | | | | +| cloudflared | 500m | 512Mi | 4 | 8Gi | 0-core | +| headscale | 500m | 512Mi | 4 | 8Gi | 0-core | +| technitium | 500m | 512Mi | 4 | 8Gi | 0-core | +| traefik | 500m | 512Mi | 4 | 8Gi | 0-core | +| wireguard | 500m | 512Mi | 4 | 8Gi | 0-core | +| xray | 500m | 512Mi | 4 | 8Gi | 0-core | +| **Cluster tier (1-cluster)** | | | | | | +| authentik | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| cnpg-system | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| crowdsec | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| dbaas | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| metrics-server | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| monitoring | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| poison-fountain | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| redis | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| tuya-bridge | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| uptime-kuma | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| vpa | 500m | 512Mi | 2 | 4Gi | 1-cluster | +| **Edge tier (3-edge)** | | | | | | +| Most app namespaces | 250m | 256Mi | 2 | 4Gi | 3-edge | +| **Aux tier (4-aux)** | | | | | | +| Some app namespaces | 250m | 256Mi | 2 | 4Gi | 4-aux | +| **Custom LimitRanges** | | | | | | +| nextcloud | 250m | 256Mi | 16 | 8Gi | Custom | +| onlyoffice | 250m | 256Mi | 8 | 8Gi | Custom | +| **No tier** | | | | | | +| aiostreams | 250m | 256Mi | 1 | 2Gi | None | +| default | 250m | 256Mi | 1 | 2Gi | None | +| descheduler | 250m | 256Mi | 1 | 2Gi | None | +| gadget | 250m | 256Mi | 1 | 2Gi | None | +| kured | 250m | 256Mi | 1 | 2Gi | None | +| local-path-storage | 250m | 256Mi | 1 | 2Gi | None | +| mysql-operator | 250m | 256Mi | 1 | 2Gi | None | +| reverse-proxy | 250m | 256Mi | 1 | 2Gi | None | +| tigera-operator | 250m | 256Mi | 1 | 2Gi | None | + +--- + +## RESOURCEQUOTA UTILIZATION (top consumers) + +| Namespace | CPU Req Used/Hard | Mem Req Used/Hard | Pods Used/Hard | % Mem Req | +|-----------|-------------------|-------------------|----------------|-----------| +| monitoring | 1177m/16000m | ~9Gi/16Gi | 32/100 | ~56% | +| authentik | 680m/16000m | ~3.3Gi/16Gi | 10/50 | ~21% | +| crowdsec | 1619m/8000m | ~1.1Gi/8Gi | 7/30 | ~14% | +| dbaas | 1500m/8000m | 4416Mi/12Gi | 7/30 | ~36% | +| immich | 845m/8000m | ~4.1Gi/8Gi | 4/40 | ~51% | +| ollama | 515m/8000m | ~4.7Gi/8Gi | 2/40 | ~59% | +| nextcloud | 136m/4000m | ~1.5Gi/8Gi | 2/10 | ~19% | +| rybbit | 140m/2000m | ~791Mi/2Gi | 3/20 | ~39% | + +--- + +## ACTION ITEMS + +### Immediate (potential service impact) +1. **dashy** -- CPU throttled at 98% (490m/500m). Increase CPU limit or investigate high CPU usage. +2. **stirling-pdf** -- CPU throttled at 99.7% (299m/300m). Increase CPU limit. +3. **dbaas/mysql-cluster-0** -- Previously OOMKilled. Currently at ~1845Mi with 2Gi limit on mysql container (~90%). Monitor closely or increase limit. +4. **vpa/vpa-admission-certgen** -- ImagePullBackOff. Fix image reference. +5. **trading-bot-workers** -- 1901Mi across 6 containers, sentiment-analyzer at 2Gi limit. Verify not OOMing. + +### Medium Priority (resource waste or risk) +6. **kms/kms-web-page** -- Guaranteed QoS at 500m CPU / 512Mi, but only uses 0m/10Mi. Massive overprovisioning. +7. **ollama/ollama** -- Requests 4Gi memory but uses 11Mi (GPU model in VRAM). If not using CPU memory, reduce request. +8. **resume/printer** -- Requests 1Gi memory but uses 109Mi. Consider reducing. +9. **nvidia-driver-daemonset** -- No limits set, using 1168Mi. Standard for driver but worth noting. +10. **servarr/flaresolverr** -- At 58% memory (148Mi/256Mi). Trending toward limit. + +### Low Priority (optimization opportunities) +11. Multiple pods in the monitoring namespace have generous limits but low actual usage (node-exporters at 9-24Mi with 800Mi limits). +12. crowdsec-agent pods have Guaranteed QoS (req=limit) at 500m/250Mi but use only 3-13m CPU and 43-48Mi memory. +13. Many edge-tier pods using <10% of their memory limits -- VPA recommendations could help right-size. diff --git a/.planning/quick/resource-audit-terraform-definitions.md b/.planning/quick/resource-audit-terraform-definitions.md new file mode 100644 index 00000000..d5811811 --- /dev/null +++ b/.planning/quick/resource-audit-terraform-definitions.md @@ -0,0 +1,273 @@ +# Terraform Container Resource Audit + +Generated: 2026-03-01 + +## Tier Defaults (Kyverno LimitRange) + +For reference, containers WITHOUT explicit `resources {}` blocks receive these defaults from Kyverno-generated LimitRanges: + +| Tier | Default CPU | Default Mem | Request CPU | Request Mem | Max CPU | Max Mem | +|------|-------------|-------------|-------------|-------------|---------|---------| +| 0-core | 500m | 512Mi | 50m | 64Mi | 4 | 8Gi | +| 1-cluster | 500m | 512Mi | 50m | 64Mi | 2 | 4Gi | +| 2-gpu | 1 | 2Gi | 100m | 256Mi | 8 | 16Gi | +| 3-edge | 250m | 256Mi | 25m | 64Mi | 2 | 4Gi | +| 4-aux | 250m | 256Mi | 25m | 64Mi | 2 | 4Gi | + +Namespaces with custom LimitRange (opt-out): `nextcloud`, `onlyoffice` + +--- + +## Section 1: Containers WITHOUT Explicit Resources (Relying on LimitRange Defaults) + +These are the highest-risk containers -- they receive LimitRange defaults which may be too low or too high. + +| Stack | Namespace | Deployment/Resource | Container | Tier | Default CPU Lim | Default Mem Lim | Risk Notes | +|-------|-----------|-------------------|-----------|------|-----------------|-----------------|------------| +| blog | website | blog | nginx-exporter | 4-aux | 250m | 256Mi | Sidecar; likely fine | +| cyberchef | cyberchef | cyberchef | cyberchef | 4-aux | 250m | 256Mi | | +| echo | echo | echo | echo | 3-edge | 250m | 256Mi | 5 replicas, no resources | +| networking-toolbox | networking-toolbox | networking-toolbox | networking-toolbox | 4-aux | 250m | 256Mi | 3 replicas | +| shadowsocks | shadowsocks | shadowsocks | shadowsocks | 3-edge | 250m | 256Mi | | +| tor-proxy | tor-proxy | tor-proxy | tor-proxy | 4-aux | 250m | 256Mi | | +| tuya-bridge | tuya-bridge | tuya-bridge | tuya-bridge | 1-cluster | 500m | 512Mi | 3 replicas in cluster tier | +| audiobookshelf | audiobookshelf | audiobookshelf | audiobookshelf | 4-aux | 250m | 256Mi | May need more for transcoding | +| changedetection | changedetection | changedetection | sockpuppetbrowser | 4-aux | 250m | 256Mi | Chromium browser; likely needs more | +| changedetection | changedetection | changedetection | changedetection | 4-aux | 250m | 256Mi | | +| diun | diun | diun | diun | 4-aux | 250m | 256Mi | | +| excalidraw | excalidraw | excalidraw | excalidraw | 4-aux | 250m | 256Mi | | +| freshrss | freshrss | freshrss | freshrss | 4-aux | 250m | 256Mi | | +| isponsorblocktv | isponsorblocktv | isponsorblocktv-vermont | isponsorblocktv-vermont | 3-edge | 250m | 256Mi | | +| matrix | matrix | matrix | matrix | 4-aux | 250m | 256Mi | 0 replicas (disabled) | +| navidrome | navidrome | navidrome | navidrome | 4-aux | 250m | 256Mi | Music streaming | +| ntfy | ntfy | ntfy | ntfy | 4-aux | 250m | 256Mi | | +| owntracks | owntracks | owntracks | owntracks | 4-aux | 250m | 256Mi | | +| privatebin | privatebin | privatebin | privatebin | 3-edge | 250m | 256Mi | | +| wealthfolio | wealthfolio | wealthfolio | wealthfolio | 4-aux | 250m | 256Mi | | +| whisper | whisper | whisper | whisper | 2-gpu | 1 | 2Gi | No GPU resource claim; GPU tier | +| whisper | whisper | piper | piper | 2-gpu | 1 | 2Gi | No GPU resource claim; GPU tier | +| send | send | send | send | 4-aux | 250m | 256Mi | | +| n8n | n8n | n8n | n8n | 4-aux | 250m | 256Mi | Workflow automation; may need more | +| linkwarden | linkwarden | linkwarden | linkwarden | 4-aux | 250m | 256Mi | Next.js app; may OOM | +| dawarich | dawarich | dawarich | dawarich | 3-edge | 250m | 256Mi | Rails app; may OOM | +| hackmd | hackmd | hackmd | codimd | 3-edge | 250m | 256Mi | Node.js; may need more | +| tandoor | tandoor | tandoor | recipes | 4-aux | 250m | 256Mi | Django app | +| grampsweb | grampsweb | grampsweb | grampsweb | 4-aux | 250m | 256Mi | Flask app | +| grampsweb | grampsweb | grampsweb | grampsweb-celery | 4-aux | 250m | 256Mi | Celery worker | +| affine | affine | affine | migration (init) | 4-aux | 250m | 256Mi | Init container; runs prisma migrate | +| actualbudget (factory) | actualbudget | actualbudget-{name} | actualbudget | 3-edge | 250m | 256Mi | 3 instances (viktor, anca, emo) | +| actualbudget (factory) | actualbudget | actualbudget-http-api-{name} | actualbudget | 3-edge | 250m | 256Mi | Conditional (budget_encryption_password) | +| actualbudget (factory) | actualbudget | bank-sync-{name} (CronJob) | bank-sync | 3-edge | 250m | 256Mi | Curl container | +| osm_routing | osm-routing | osrm-foot | osrm-foot | 4-aux | 250m | 256Mi | OSRM needs ~1GB RAM for routing data | +| osm_routing | osm-routing | otp | otp | 4-aux | 250m | 256Mi | 0 replicas (disabled); OTP needs 2Gi+ | +| servarr/prowlarr | servarr | prowlarr | prowlarr | 4-aux | 250m | 256Mi | | +| servarr/qbittorrent | servarr | qbittorrent | qbittorrent | 4-aux | 250m | 256Mi | | +| servarr/flaresolverr | servarr | flaresolverr | flaresolverr | 4-aux | 250m | 256Mi | Chromium-based; likely needs more | +| real-estate-crawler | realestate-crawler | realestate-crawler-ui | realestate-crawler-ui | 4-aux | 250m | 256Mi | 2 replicas | +| real-estate-crawler | realestate-crawler | realestate-crawler-celery | celery-worker | 4-aux | 250m | 256Mi | | +| nextcloud | nextcloud | whiteboard | whiteboard | custom (3-edge) | 250m | 256Mi | Custom LimitRange: max 16 CPU/8Gi | +| nextcloud | nextcloud | nextcloud-backup (CronJob) | backup | custom (3-edge) | 250m | 256Mi | rsync container | +| calibre | calibre | annas-archive-stacks | annas-archive-stacks | 3-edge | 250m | 256Mi | | +| ollama | ollama | ollama-ui | ollama-ui | 2-gpu | 1 | 2Gi | Open WebUI; needs significant mem | +| immich | immich | immich-server | immich-server | 2-gpu | 1 | 2Gi | Photo server; needs resources | +| immich | immich | immich-postgresql | immich-postgresql | 2-gpu | 1 | 2Gi | PostgreSQL; needs resources | +| immich | immich | postgresql-backup (CronJob) | postgresql-backup | 2-gpu | 1 | 2Gi | | +| rybbit | rybbit | rybbit | rybbit | 4-aux | 250m | 256Mi | Node.js backend | +| rybbit | rybbit | rybbit-client | rybbit-client | 4-aux | 250m | 256Mi | | +| poison-fountain | poison-fountain | poison-fetcher (CronJob) | fetcher | 1-cluster | 500m | 512Mi | curl container | +| platform/dbaas | dbaas | mysql-backup (CronJob) | mysql-backup | 1-cluster | 500m | 512Mi | | +| platform/dbaas | dbaas | phpmyadmin | phpmyadmin | 1-cluster | 500m | 512Mi | | +| platform/dbaas | dbaas | pgadmin | pgadmin | 1-cluster | 500m | 512Mi | | +| platform/dbaas | dbaas | postgresql-backup (CronJob) | postgresql-backup | 1-cluster | 500m | 512Mi | | +| platform/xray | xray | xray | xray | 0-core | 500m | 512Mi | | +| platform/wireguard | wireguard | wireguard | sysctl-setup (init) | 0-core | 500m | 512Mi | | +| platform/wireguard | wireguard | wireguard | wireguard | 0-core | 500m | 512Mi | | +| platform/wireguard | wireguard | wireguard | prometheus-exporter | 0-core | 500m | 512Mi | | +| platform/cloudflared | cloudflared | cloudflared | cloudflared | 0-core | 500m | 512Mi | | +| platform/mailserver | mailserver | mailserver | docker-mailserver | 0-core | 500m | 512Mi | Mail server needs more RAM | +| platform/mailserver | mailserver | dovecot-exporter | dovecot-exporter | 0-core | 500m | 512Mi | | +| platform/crowdsec | crowdsec | crowdsec-web | crowdsec-web | 1-cluster | 500m | 512Mi | | +| platform/crowdsec | crowdsec | blocklist-import (CronJob) | blocklist-import | 1-cluster | 500m | 512Mi | | +| platform/k8s-portal | k8s-portal | k8s-portal | portal | 0-core | 500m | 512Mi | | +| platform/monitoring | monitoring | monitor-prometheus (CronJob) | monitor-prometheus | opted-out | N/A | N/A | No LimitRange in monitoring ns | +| platform/redis | redis | redis-backup (CronJob) | redis-backup | 1-cluster | 500m | 512Mi | | +| platform/infra-maint | kube-system | backup-etcd (CronJob) | backup-etcd | N/A | N/A | N/A | kube-system; no Kyverno LimitRange | +| platform/infra-maint | kube-system | backup-purge (CronJob) | backup-purge | N/A | N/A | N/A | | +| platform/infra-maint | kube-system | cleanup-failed (CronJob) | cleanup | N/A | N/A | N/A | | + +--- + +## Section 2: Containers WITH Explicit Resources + +| Stack | Namespace | Deployment/Resource | Container | CPU Req | CPU Lim | Mem Req | Mem Lim | Tier | Notes | +|-------|-----------|-------------------|-----------|---------|---------|---------|---------|------|-------| +| blog | website | blog | blog | 250m | 500m | 50Mi | 512Mi | 4-aux | | +| city-guesser | city-guesser | city-guesser | city-guesser | 250m | 500m | 50Mi | 512Mi | 4-aux | | +| coturn | coturn | coturn | coturn | 100m | 1 | 128Mi | 512Mi | 3-edge | | +| kms | kms | kms-web-page | kms-web-page | 500m | 500m | 512Mi | 512Mi | 4-aux | Req==Lim, high for nginx | +| kms | kms | kms (windows) | windows-kms | 1 | 1 | 50Mi | 512Mi | 4-aux | 1 CPU req seems high | +| travel_blog | travel-blog | travel-blog | travel-blog | 250m | 500m | 50Mi | 512Mi | 4-aux | | +| webhook_handler | webhook-handler | webhook-handler | webhook-handler | 250m | 500m | 50Mi | 512Mi | 4-aux | | +| freedify (factory) | freedify | music-{name} | freedify | 100m | 500m | 256Mi | 512Mi | 4-aux | Parameterized; 2 instances | +| health | health | health | health | 100m | 1 | 256Mi | 1Gi | 4-aux | | +| plotting-book | plotting-book | plotting-book | plotting-book | 50m | 500m | 128Mi | 512Mi | 4-aux | | +| frigate | frigate | frigate | frigate | -- | GPU:1 | -- | -- | 2-gpu | Only nvidia.com/gpu limit | +| ebook2audiobook | ebook2audiobook | ebook2audiobook | ebook2audiobook | -- | GPU:1 | -- | -- | 2-gpu | Only nvidia.com/gpu limit | +| ebook2audiobook | ebook2audiobook | audiblez | audiblez | -- | GPU:1 | -- | -- | 2-gpu | Only nvidia.com/gpu; 0 replicas | +| ebook2audiobook | ebook2audiobook | audiblez-web | audiblez-web | -- | GPU:1 | -- | -- | 2-gpu | Only nvidia.com/gpu limit | +| ytdlp | ytdlp | ytdlp | ytdlp | 25m | 500m | 128Mi | 512Mi | 4-aux | | +| ytdlp | ytdlp | yt-highlights | yt-highlights | -- | GPU:1 | -- | -- | 4-aux | GPU workload in aux-tier ns | +| real-estate-crawler | realestate-crawler | realestate-crawler-api | realestate-crawler-api | 50m | 2000m | 128Mi | 1Gi | 4-aux | | +| real-estate-crawler | realestate-crawler | realestate-crawler-celery-beat | celery-beat | 10m | 200m | 64Mi | 256Mi | 4-aux | | +| affine | affine | affine | affine | 100m | 2 | 512Mi | 4Gi | 4-aux | | +| atuin | atuin | atuin | atuin | 50m | 500m | 64Mi | 256Mi | 4-aux | | +| osm_routing | osm-routing | osrm-bicycle | osrm-bicycle | 15m | 250m | 512Mi | 1Gi | 4-aux | | +| paperless-ngx | paperless-ngx | paperless-ngx | paperless-ngx | 100m | 2 | 256Mi | 1Gi | 3-edge | | +| stirling-pdf | stirling-pdf | stirling-pdf | stirling-pdf | 100m | 2 | 256Mi | 1Gi | 4-aux | | +| netbox | netbox | netbox | netbox | 25m | 1 | 64Mi | 512Mi | 4-aux | | +| speedtest | speedtest | speedtest | speedtest | 25m | 500m | 64Mi | 512Mi | 4-aux | | +| meshcentral | meshcentral | meshcentral | meshcentral | 15m | 500m | 64Mi | 384Mi | 4-aux | | +| forgejo | forgejo | forgejo | forgejo | 15m | 500m | 64Mi | 512Mi | 3-edge | | +| dashy | dashy | dashy | dashy | 15m | 500m | 64Mi | 512Mi | 4-aux | | +| url | url | shlink | shlink | 25m | -- | 128Mi | 512Mi | 4-aux | No CPU limit | +| url | url | shlink-web | shlink-web | 250m | 500m | 50Mi | 512Mi | 4-aux | | +| f1-stream | f1-stream | f1-stream | f1-stream | 50m | 500m | 64Mi | 256Mi | 4-aux | | +| calibre | calibre | calibre-web-automated | calibre-web-automated | 50m | 1 | 256Mi | 1Gi | 3-edge | | +| poison-fountain | poison-fountain | poison-fountain | poison-fountain | 10m | 100m | 32Mi | 128Mi | 1-cluster | | +| ollama | ollama | ollama | ollama | 500m | 4 | 4Gi | 12Gi + GPU:1 | 2-gpu | | +| onlyoffice | onlyoffice | onlyoffice-document-server | onlyoffice-document-server | 250m | 8 | 512Mi | 4Gi | 3-edge | Custom LimitRange | +| openclaw | openclaw | openclaw | openclaw | 100m | 2 | 512Mi | 2Gi | 4-aux | | +| openclaw | openclaw | openclaw | modelrelay (sidecar) | 25m | 500m | 64Mi | 256Mi | 4-aux | | +| openclaw | openclaw | cluster-healthcheck (CronJob) | healthcheck | 50m | -- | 64Mi | 128Mi | 4-aux | No CPU limit | +| resume | resume | printer | printer | 50m | 1 | 128Mi | 512Mi | 4-aux | Chromium | +| resume | resume | resume | resume | 25m | 500m | 128Mi | 384Mi | 4-aux | | +| rybbit | rybbit | clickhouse | clickhouse | 100m | 2 | 512Mi | 4Gi | 4-aux | | +| immich | immich | immich-machine-learning | immich-machine-learning | -- | GPU:1 | -- | -- | 2-gpu | Only nvidia.com/gpu limit | +| trading-bot | trading-bot | trading-bot-frontend | dashboard | 10m | 200m | 32Mi | 128Mi | 3-edge | | +| trading-bot | trading-bot | trading-bot-frontend | api-gateway | 50m | 1000m | 128Mi | 512Mi | 3-edge | | +| trading-bot | trading-bot | trading-bot-workers | news-fetcher | 10m | 500m | 64Mi | 256Mi | 3-edge | | +| trading-bot | trading-bot | trading-bot-workers | sentiment-analyzer | 100m | 2000m | 512Mi | 2Gi | 3-edge | | +| trading-bot | trading-bot | trading-bot-workers | signal-generator | 10m | 500m | 64Mi | 256Mi | 3-edge | | +| trading-bot | trading-bot | trading-bot-workers | trade-executor | 10m | 500m | 64Mi | 256Mi | 3-edge | | +| trading-bot | trading-bot | trading-bot-workers | learning-engine | 10m | 500m | 64Mi | 256Mi | 3-edge | | +| trading-bot | trading-bot | trading-bot-workers | market-data | 10m | 500m | 64Mi | 256Mi | 3-edge | | +| platform/technitium | technitium | technitium | technitium | YES | YES | YES | YES | 0-core | Has resources block | +| platform/vaultwarden | vaultwarden | vaultwarden | vaultwarden | YES | YES | YES | YES | 0-core | Has resources block | +| platform/uptime-kuma | uptime-kuma | uptime-kuma | uptime-kuma | YES | YES | YES | YES | 0-core | Has resources block | +| platform/headscale | headscale | headscale | headscale | YES | YES | YES | YES | 0-core | Has resources block | +| platform/headscale | headscale | headscale | headscale-ui | YES | YES | YES | YES | 0-core | Has resources block | +| platform/traefik | traefik | traefik-default-backend | nginx | YES | YES | YES | YES | 0-core | Has resources block | +| platform/traefik | traefik | traefik-local-backend | nginx | YES | YES | YES | YES | 0-core | Has resources block | +| platform/nvidia | nvidia | nvidia-exporter | nvidia-exporter | YES | YES | YES | YES | 2-gpu | Has resources block | +| platform/nvidia | nvidia | nvidia-power-exporter | exporter | YES | YES | YES | YES | 2-gpu | Has resources block | +| platform/monitoring | monitoring | goflow2 | goflow2 | YES | YES | YES | YES | 1-cluster | Has resources block | + +--- + +## Section 3: Helm Chart Deployments (Resources via values.yaml) + +These services are deployed via Helm charts. Resource configuration is in the chart's values files, not directly visible in main.tf. + +| Stack | Namespace | Chart | Values File | Tier | Notes | +|-------|-----------|-------|-------------|------|-------| +| homepage | homepage | jameswynn/homepage | values.yaml | 4-aux | Check values for resources | +| k8s-dashboard | kubernetes-dashboard | kubernetes-dashboard v7.12.0 | -- | 1-cluster | No custom values for resources | +| reloader | reloader | stakater/reloader | -- | 4-aux | No custom values | +| descheduler | descheduler | descheduler | values.yaml | -- | No tier label | +| woodpecker | woodpecker | woodpecker v3.5.1 | values.yaml | 3-edge | Custom quota; check values | +| nextcloud | nextcloud | nextcloud/nextcloud v8.8.1 | chart_values.yaml | 3-edge | Custom LimitRange/Quota | +| platform/traefik | traefik | traefik | chart values | 0-core | | +| platform/metallb | metallb | metallb | -- | 0-core | | +| platform/redis | redis | bitnami/redis | chart values | 1-cluster | | +| platform/monitoring | monitoring | prometheus, grafana, loki | various | 1-cluster | Opted out of Kyverno quota | +| platform/kyverno | kyverno | kyverno | chart values | 1-cluster | | +| platform/cnpg | cnpg | cnpg-operator | -- | 1-cluster | | +| platform/metrics-server | metrics-server | metrics-server | -- | 1-cluster | | +| platform/vpa | vpa | fairwinds/vpa | -- | 1-cluster | | +| platform/crowdsec | crowdsec | crowdsec | chart values | 1-cluster | | +| platform/nvidia | nvidia | nvidia gpu-operator | chart values | 2-gpu | Opted out of Kyverno quota | +| platform/authentik | authentik | authentik | chart values | 0-core | Custom quota | +| platform/dbaas | dbaas | mysql-operator/innodbcluster | chart values | 1-cluster | Custom quota | + +--- + +## Section 4: High-Risk Findings Summary + +### OOM-Kill Risk (containers likely needing more than 256Mi default) + +| Container | Namespace | Tier Default Mem | Why It's Risky | +|-----------|-----------|-----------------|----------------| +| sockpuppetbrowser | changedetection | 256Mi | Headless Chromium browser | +| flaresolverr | servarr | 256Mi | Chromium-based solver | +| osrm-foot | osm-routing | 256Mi | OSRM loads routing graph into memory (~500MB+) | +| navidrome | navidrome | 256Mi | Music library indexing | +| linkwarden | linkwarden | 256Mi | Next.js app with screenshot capture | +| n8n | n8n | 256Mi | Workflow automation with many nodes | +| dawarich | dawarich | 256Mi | Rails app | +| hackmd (codimd) | hackmd | 256Mi | Node.js collaborative editor | +| ollama-ui | ollama | 2Gi | Open WebUI; may be fine in GPU tier | +| immich-server | immich | 2Gi | Photo processing server | +| immich-postgresql | immich | 2Gi | PostgreSQL with pgvector | +| docker-mailserver | mailserver | 512Mi | ClamAV, SpamAssassin, etc. | +| audiobookshelf | audiobookshelf | 256Mi | Media server with transcoding | + +### GPU Containers with Only nvidia.com/gpu Limit (no CPU/Mem specified) + +These get LimitRange defaults for CPU/Mem but only have GPU limits set: + +| Container | Namespace | Tier | Gets Default | +|-----------|-----------|------|-------------| +| frigate | frigate | 2-gpu | 1 CPU / 2Gi | +| ebook2audiobook | ebook2audiobook | 2-gpu | 1 CPU / 2Gi | +| audiblez | ebook2audiobook | 2-gpu | 1 CPU / 2Gi | +| audiblez-web | ebook2audiobook | 2-gpu | 1 CPU / 2Gi | +| yt-highlights | ytdlp | 4-aux | 250m / 256Mi (!) | +| immich-machine-learning | immich | 2-gpu | 1 CPU / 2Gi | + +**Note**: `yt-highlights` is in the `ytdlp` namespace (4-aux tier) but runs on GPU node. Its default of 256Mi is very low for a Whisper ASR model. + +### Containers with No Resources in Core/Cluster Tier (higher defaults but still worth checking) + +| Container | Namespace | Tier | Default | +|-----------|-----------|------|---------| +| xray | xray | 0-core | 500m / 512Mi | +| wireguard | wireguard | 0-core | 500m / 512Mi | +| wireguard prometheus-exporter | wireguard | 0-core | 500m / 512Mi | +| cloudflared | cloudflared | 0-core | 500m / 512Mi | +| docker-mailserver | mailserver | 0-core | 500m / 512Mi | +| dovecot-exporter | mailserver | 0-core | 500m / 512Mi | +| k8s-portal | k8s-portal | 0-core | 500m / 512Mi | +| tuya-bridge | tuya-bridge | 1-cluster | 500m / 512Mi | +| phpmyadmin | dbaas | 1-cluster | 500m / 512Mi | +| pgadmin | dbaas | 1-cluster | 500m / 512Mi | +| crowdsec-web | crowdsec | 1-cluster | 500m / 512Mi | + +--- + +## Section 5: Statistics + +### Totals + +- **Total unique containers audited**: ~120+ +- **Containers WITH explicit resources**: ~55 +- **Containers WITHOUT explicit resources**: ~65 +- **Helm-managed (resources in values)**: ~18 charts + +### By Tier (containers without resources) + +| Tier | Count | Risk Level | +|------|-------|------------| +| 0-core | 7 | Medium (512Mi default is usually OK) | +| 1-cluster | 7 | Medium | +| 2-gpu | 5 | Low (2Gi default is generous) | +| 3-edge | 8 | High (256Mi can OOM Node/Rails/Java apps) | +| 4-aux | 25+ | High (256Mi is tight for many services) | +| monitoring (opted-out) | 1 | Low (no LimitRange at all) | +| kube-system | 3 | Low (no Kyverno) | + +### Recommendations + +1. **Immediate action**: Add explicit resources to `sockpuppetbrowser`, `flaresolverr`, `osrm-foot`, `docker-mailserver`, `immich-server`, `immich-postgresql`, `linkwarden`, `n8n` +2. **GPU containers**: Add explicit CPU/Mem alongside nvidia.com/gpu for `frigate`, `ebook2audiobook`, `audiblez-web`, `immich-machine-learning`, `yt-highlights` +3. **Review**: `kms-web-page` has 500m/512Mi request==limit for nginx (wasteful) +4. **CronJobs**: Most CronJob containers lack resources -- acceptable for short-lived jobs but adds to ResourceQuota consumption diff --git a/.planning/quick/resource-audit-vpa-recommendations.md b/.planning/quick/resource-audit-vpa-recommendations.md new file mode 100644 index 00000000..78d194b1 --- /dev/null +++ b/.planning/quick/resource-audit-vpa-recommendations.md @@ -0,0 +1,1708 @@ +# Goldilocks VPA Recommendations Audit + +**Generated**: 2026-03-01 + +**Cluster**: k8s-master (v1.34.2) + +## Executive Summary + +- **Total namespaces**: 101 +- **Namespaces with VPA recommendations**: 97 +- **Namespaces without VPA**: 4 (gadget, kube-node-lease, kube-public, reverse-proxy) +- **Total VPA objects**: 195 +- **Total containers with recommendations**: 200 +- **VPA objects without recommendations**: 18 + +### Top 10 Containers by Recommended Memory (target) + +| Rank | Namespace | Deployment | Container | Target Mem | Upper Bound | Current Limit | +|------|-----------|------------|-----------|------------|-------------|---------------| +| 1 | nextcloud | nextcloud | nextcloud | 5.70Gi | 7.39Gi | 6.00Gi | +| 2 | frigate | frigate | frigate | 5.15Gi | 6.65Gi | N/A | +| 3 | monitoring | prometheus-server | prometheus-server | 4.20Gi | 5.43Gi | N/A | +| 4 | monitoring | loki | loki | 3.08Gi | 3.98Gi | 6.00Gi | +| 5 | dbaas | mysql-cluster | mysql | 2.77Gi | 6.90Gi | 2.00Gi | +| 6 | dashy | dashy | dashy | 2.36Gi | 3.23Gi | 512Mi | +| 7 | immich | immich-machine-learning | immich-machine-learning | 2.24Gi | 2.90Gi | N/A | +| 8 | rybbit | clickhouse | clickhouse | 1.91Gi | 2.47Gi | 4.00Gi | +| 9 | trading-bot | trading-bot-workers | sentiment-analyzer | 1.81Gi | 2.35Gi | 2.00Gi | +| 10 | openclaw | openclaw | openclaw | 1.53Gi | 2.11Gi | 2.00Gi | + +### Top 10 Containers by Recommended CPU (target) + +| Rank | Namespace | Deployment | Container | Target CPU | Upper Bound | Current Limit | +|------|-----------|------------|-----------|------------|-------------|---------------| +| 1 | nextcloud | nextcloud | nextcloud | 2.4 | 3.1 | 16.0 | +| 2 | frigate | frigate | frigate | 1.2 | 1.8 | N/A | +| 3 | rybbit | clickhouse | clickhouse | 1.2 | 1.6 | 2.0 | +| 4 | dbaas | mysql-cluster | mysql | 1.1 | 3.3 | 2.0 | +| 5 | immich | immich-server | immich-server | 920m | 1.2 | N/A | +| 6 | monitoring | loki | loki | 476m | 660m | 1.0 | +| 7 | redis | redis-node | redis | 410m | 900m | 500m | +| 8 | monitoring | alloy | alloy | 296m | 372m | N/A | +| 9 | netbox | netbox | netbox | 203m | 383m | 1.0 | +| 10 | speedtest | speedtest | speedtest | 182m | 418m | 500m | + +### Containers Where VPA Recommendation Exceeds Current Limits (>2x) + +These containers may be at risk of OOMKill or CPU throttling. + +| Namespace | Deployment | Container | VPA Target CPU | Current CPU Limit | Ratio | VPA Target Mem | Current Mem Limit | Ratio | +|-----------|------------|-----------|----------------|-------------------|-------|----------------|-------------------|-------| +| dashy | dashy | dashy | 15m | 500m | 0.0x | 2.36Gi | 512Mi | 4.7x | +| traefik | auth-proxy | nginx | 15m | 50m | 0.3x | 100Mi | 32Mi | 3.1x | +| traefik | bot-block-proxy | nginx | 15m | 50m | 0.3x | 100Mi | 32Mi | 3.1x | +| resume | printer | printer | 15m | 1.0 | 0.0x | 1.29Gi | 512Mi | 2.6x | + +### Over-Provisioned Containers (Current Limits > 3x VPA Upper Bound) + +These containers have much more resources allocated than VPA observes them needing. + +| Namespace | Deployment | Container | VPA Upper CPU | Current CPU Limit | Waste | VPA Upper Mem | Current Mem Limit | Waste | +|-----------|------------|-----------|---------------|-------------------|-------|---------------|-------------------|-------| +| ollama | ollama | ollama | 15m | 4.0 | 266.7x | 335Mi | 12.00Gi | 36.6x | +| onlyoffice | onlyoffice-document-server | onlyoffice-document-server | 45m | 8.0 | 177.8x | 2.10Gi | 4.00Gi | 1.9x | +| trading-bot | trading-bot-workers | sentiment-analyzer | 14m | 2.0 | 142.9x | 2.35Gi | 2.00Gi | 0.9x | +| realestate-crawler | realestate-crawler-api | realestate-crawler-api | 15m | 2.0 | 133.3x | 244Mi | 1.00Gi | 4.2x | +| realestate-crawler | realestate-crawler-celery | celery-worker | 15m | 2.0 | 133.3x | 2.76Gi | 2.00Gi | 0.7x | +| stirling-pdf | stirling-pdf | stirling-pdf | 29m | 2.0 | 69.0x | 1.41Gi | 1.00Gi | 0.7x | +| coturn | coturn | coturn | 15m | 1.0 | 66.7x | 100Mi | 512Mi | 5.1x | +| health | health | health | 15m | 1.0 | 66.7x | 226Mi | 1.00Gi | 4.5x | +| kms | kms | windows-kms | 15m | 1.0 | 66.7x | 100Mi | 512Mi | 5.1x | +| resume | printer | printer | 15m | 1.0 | 66.7x | 1.67Gi | 512Mi | 0.3x | +| servarr | listenarr | listenarr | 15m | 1.0 | 66.7x | 944Mi | 1.00Gi | 1.1x | +| authentik | goauthentik-server | server | 43m | 2.0 | 46.5x | 859Mi | 1.00Gi | 1.2x | +| trading-bot | trading-bot-frontend | api-gateway | 23m | 1.0 | 43.5x | 511Mi | 512Mi | 1.0x | +| nvidia | nvidia-gpu-operator-node-feature-discovery-master | master | 15m | N/A | N/A | 100Mi | 4.00Gi | 41.0x | +| website | blog | blog | 13m | 500m | 38.5x | 50Mi | 512Mi | 10.2x | +| trading-bot | trading-bot-workers | learning-engine | 14m | 500m | 35.7x | 116Mi | 256Mi | 2.2x | +| trading-bot | trading-bot-workers | market-data | 14m | 500m | 35.7x | 180Mi | 256Mi | 1.4x | +| trading-bot | trading-bot-workers | news-fetcher | 14m | 500m | 35.7x | 137Mi | 256Mi | 1.9x | +| trading-bot | trading-bot-workers | signal-generator | 14m | 500m | 35.7x | 228Mi | 256Mi | 1.1x | +| trading-bot | trading-bot-workers | trade-executor | 14m | 500m | 35.7x | 180Mi | 256Mi | 1.4x | +| aiostreams | aiostreams | aiostreams | 15m | 500m | 33.3x | 835Mi | 768Mi | 0.9x | +| city-guesser | city-guesser | city-guesser | 15m | 500m | 33.3x | 100Mi | 512Mi | 5.1x | +| dashy | dashy | dashy | 15m | 500m | 33.3x | 3.23Gi | 512Mi | 0.2x | +| forgejo | forgejo | forgejo | 15m | 500m | 33.3x | 284Mi | 512Mi | 1.8x | +| freedify | music-emo | freedify | 15m | 500m | 33.3x | 135Mi | 512Mi | 3.8x | +| freedify | music-viktor | freedify | 15m | 500m | 33.3x | 116Mi | 512Mi | 4.4x | +| kms | kms-web-page | kms-web-page | 15m | 500m | 33.3x | 100Mi | 512Mi | 5.1x | +| meshcentral | meshcentral | meshcentral | 15m | 500m | 33.3x | 367Mi | 384Mi | 1.0x | +| plotting-book | plotting-book | plotting-book | 15m | 500m | 33.3x | 115Mi | 512Mi | 4.4x | +| resume | resume | resume | 15m | 500m | 33.3x | 279Mi | 384Mi | 1.4x | +| technitium | technitium | technitium | 15m | 500m | 33.3x | 367Mi | 512Mi | 1.4x | +| travel-blog | travel-blog | travel-blog | 15m | 500m | 33.3x | 100Mi | 512Mi | 5.1x | +| url | shlink-web | shlink-web | 15m | 500m | 33.3x | 100Mi | 512Mi | 5.1x | +| webhook-handler | webhook-handler | webhook-handler | 15m | 500m | 33.3x | 100Mi | 512Mi | 5.1x | +| ytdlp | ytdlp | ytdlp | 15m | 500m | 33.3x | 367Mi | 512Mi | 1.4x | +| affine | affine | affine | 63m | 2.0 | 31.7x | 307Mi | 4.00Gi | 13.4x | +| atuin | atuin | atuin | 25m | 500m | 20.0x | 100Mi | 256Mi | 2.6x | +| crowdsec | crowdsec-lapi | crowdsec-lapi | 28m | 500m | 17.9x | 152Mi | 500Mi | 3.3x | +| osm-routing | osrm-bicycle | osrm-bicycle | 15m | 250m | 16.7x | 679Mi | 1.00Gi | 1.5x | +| calibre | calibre-web-automated | calibre-web-automated | 63m | 1.0 | 15.9x | 829Mi | 1.00Gi | 1.2x | +| trading-bot | trading-bot-frontend | dashboard | 14m | 200m | 14.3x | 50Mi | 128Mi | 2.6x | +| realestate-crawler | realestate-crawler-celery-beat | celery-beat | 15m | 200m | 13.3x | 226Mi | 256Mi | 1.1x | +| vaultwarden | vaultwarden | vaultwarden | 15m | 200m | 13.3x | 156Mi | 256Mi | 1.6x | +| monitoring | grafana | grafana | 43m | 500m | 11.6x | 298Mi | 512Mi | 1.7x | +| nvidia | gpu-operator | gpu-operator | 45m | 500m | 11.1x | 100Mi | 350Mi | 3.5x | +| nvidia | nvidia-gpu-operator-node-feature-discovery-gc | gc | 15m | N/A | N/A | 100Mi | 1.00Gi | 10.2x | +| technitium | technitium-secondary | technitium | 49m | 500m | 10.2x | 376Mi | 512Mi | 1.4x | +| cnpg-system | cnpg-cloudnative-pg | manager | 54m | 500m | 9.3x | 286Mi | 256Mi | 0.9x | +| f1-stream | f1-stream | f1-stream | 63m | 500m | 7.9x | 136Mi | 256Mi | 1.9x | +| headscale | headscale | headscale-ui | 14m | 100m | 7.1x | 97Mi | 128Mi | 1.3x | +| headscale | headscale | headscale | 29m | 200m | 6.9x | 136Mi | 256Mi | 1.9x | +| poison-fountain | poison-fountain | poison-fountain | 15m | 100m | 6.7x | 100Mi | 128Mi | 1.3x | +| authentik | goauthentik-worker | worker | 158m | 1.0 | 6.3x | 859Mi | 1.00Gi | 1.2x | +| openclaw | openclaw | openclaw | 385m | 2.0 | 5.2x | 2.11Gi | 2.00Gi | 0.9x | +| paperless-ngx | paperless-ngx | paperless-ngx | 389m | 2.0 | 5.1x | 1.70Gi | 1.00Gi | 0.6x | +| nextcloud | nextcloud | nextcloud | 3.1 | 16.0 | 5.1x | 7.39Gi | 6.00Gi | 0.8x | +| openclaw | openclaw | modelrelay | 99m | 500m | 5.1x | 1.22Gi | 256Mi | 0.2x | + +--- + +## Detailed Per-Namespace VPA Recommendations + +### actualbudget + +**Deployment: `actualbudget-anca`** (VPA: `goldilocks-actualbudget-anca`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| actualbudget | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| actualbudget | Memory | 121Mi | 100Mi | 156Mi | 121Mi | N/A | N/A | + +**Deployment: `actualbudget-emo`** (VPA: `goldilocks-actualbudget-emo`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| actualbudget | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| actualbudget | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `actualbudget-http-api-anca`** (VPA: `goldilocks-actualbudget-http-api-anca`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| actualbudget | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| actualbudget | Memory | 175Mi | 100Mi | 278Mi | 175Mi | N/A | N/A | + +**Deployment: `actualbudget-http-api-emo`** (VPA: `goldilocks-actualbudget-http-api-emo`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| actualbudget | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| actualbudget | Memory | 100Mi | 100Mi | 135Mi | 100Mi | N/A | N/A | + +**Deployment: `actualbudget-http-api-viktor`** (VPA: `goldilocks-actualbudget-http-api-viktor`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| actualbudget | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| actualbudget | Memory | 259Mi | 100Mi | 335Mi | 259Mi | N/A | N/A | + +**Deployment: `actualbudget-viktor`** (VPA: `goldilocks-actualbudget-viktor`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| actualbudget | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| actualbudget | Memory | 138Mi | 105Mi | 178Mi | 138Mi | N/A | N/A | + +**CronJob: `bank-sync-anca`** (VPA: `goldilocks-bank-sync-anca`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**CronJob: `bank-sync-emo`** (VPA: `goldilocks-bank-sync-emo`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**CronJob: `bank-sync-viktor`** (VPA: `goldilocks-bank-sync-viktor`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### affine + +**Deployment: `affine`** (VPA: `goldilocks-affine`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| affine | CPU | 35m | 15m | 63m | 35m | 100m | 2.0 | +| affine | Memory | 237Mi | 237Mi | 307Mi | 237Mi | 512Mi | 4.00Gi | + +### aiostreams + +**Deployment: `aiostreams`** (VPA: `goldilocks-aiostreams`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| aiostreams | CPU | 15m | 15m | 15m | 15m | 50m | 500m | +| aiostreams | Memory | 641Mi | 308Mi | 835Mi | 641Mi | 256Mi | 768Mi | + +### atuin + +**Deployment: `atuin`** (VPA: `goldilocks-atuin`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| atuin | CPU | 15m | 15m | 25m | 15m | 50m | 500m | +| atuin | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 64Mi | 256Mi | + +### audiobookshelf + +**Deployment: `audiobookshelf`** (VPA: `goldilocks-audiobookshelf`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| audiobookshelf | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| audiobookshelf | Memory | 121Mi | 100Mi | 157Mi | 121Mi | N/A | N/A | + +### authentik + +**Deployment: `ak-outpost-authentik-embedded-outpost`** (VPA: `goldilocks-ak-outpost-authentik-embedded-outpost`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| proxy | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| proxy | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `goauthentik-server`** (VPA: `goldilocks-goauthentik-server`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| server | CPU | 35m | 22m | 43m | 35m | 100m | 2.0 | +| server | Memory | 684Mi | 640Mi | 859Mi | 684Mi | 512Mi | 1.00Gi | + +**Deployment: `goauthentik-worker`** (VPA: `goldilocks-goauthentik-worker`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| worker | CPU | 126m | 92m | 158m | 126m | 50m | 1.0 | +| worker | Memory | 600Mi | 422Mi | 859Mi | 600Mi | 384Mi | 1.00Gi | + +**Deployment: `pgbouncer`** (VPA: `goldilocks-pgbouncer`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| pgbouncer | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| pgbouncer | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### calibre + +**Deployment: `annas-archive-stacks`** (VPA: `goldilocks-annas-archive-stacks`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| annas-archive-stacks | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| annas-archive-stacks | Memory | 100Mi | 100Mi | 115Mi | 100Mi | N/A | N/A | + +**Deployment: `calibre-web-automated`** (VPA: `goldilocks-calibre-web-automated`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| calibre-web-automated | CPU | 35m | 15m | 63m | 35m | 50m | 1.0 | +| calibre-web-automated | Memory | 641Mi | 335Mi | 829Mi | 641Mi | 256Mi | 1.00Gi | + +### calico-apiserver + +**Deployment: `calico-apiserver`** (VPA: `goldilocks-calico-apiserver`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| calico-apiserver | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| calico-apiserver | Memory | 105Mi | 100Mi | 132Mi | 105Mi | N/A | N/A | + +### calico-system + +**Deployment: `calico-kube-controllers`** (VPA: `goldilocks-calico-kube-controllers`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| calico-kube-controllers | CPU | 23m | 15m | 29m | 23m | N/A | N/A | +| calico-kube-controllers | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**DaemonSet: `calico-node`** (VPA: `goldilocks-calico-node`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| calico-node | CPU | 63m | 34m | 79m | 63m | N/A | N/A | +| calico-node | Memory | 215Mi | 156Mi | 270Mi | 215Mi | N/A | N/A | + +**Deployment: `calico-typha`** (VPA: `goldilocks-calico-typha`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| calico-typha | CPU | 15m | 15m | 26m | 15m | N/A | N/A | +| calico-typha | Memory | 100Mi | 100Mi | 182Mi | 100Mi | N/A | N/A | + +**DaemonSet: `csi-node-driver`** (VPA: `goldilocks-csi-node-driver`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| calico-csi | CPU | 11m | 10m | 13m | 11m | N/A | N/A | +| calico-csi | Memory | 50Mi | 50Mi | 50Mi | 50Mi | N/A | N/A | +| csi-node-driver-registrar | CPU | 11m | 10m | 13m | 11m | N/A | N/A | +| csi-node-driver-registrar | Memory | 50Mi | 50Mi | 50Mi | 50Mi | N/A | N/A | + +### changedetection + +**Deployment: `changedetection`** (VPA: `goldilocks-changedetection`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| changedetection | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| changedetection | Memory | 105Mi | 105Mi | 135Mi | 105Mi | N/A | N/A | +| sockpuppetbrowser | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| sockpuppetbrowser | Memory | 61Mi | 61Mi | 78Mi | 61Mi | N/A | N/A | + +### city-guesser + +**Deployment: `city-guesser`** (VPA: `goldilocks-city-guesser`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| city-guesser | CPU | 15m | 15m | 15m | 15m | 250m | 500m | +| city-guesser | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 50Mi | 512Mi | + +### cloudflared + +**Deployment: `cloudflared`** (VPA: `goldilocks-cloudflared`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| cloudflared | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| cloudflared | Memory | 100Mi | 100Mi | 112Mi | 100Mi | N/A | N/A | + +### cnpg-system + +**Deployment: `cnpg-cloudnative-pg`** (VPA: `goldilocks-cnpg-cloudnative-pg`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| manager | CPU | 23m | 15m | 54m | 23m | 100m | 500m | +| manager | Memory | 121Mi | 121Mi | 286Mi | 121Mi | 128Mi | 256Mi | + +### coturn + +**Deployment: `coturn`** (VPA: `goldilocks-coturn`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| coturn | CPU | 15m | 15m | 15m | 15m | 100m | 1.0 | +| coturn | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 128Mi | 512Mi | + +### crowdsec + +**DaemonSet: `crowdsec-agent`** (VPA: `goldilocks-crowdsec-agent`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| crowdsec-agent | CPU | 23m | 15m | 28m | 23m | N/A | N/A | +| crowdsec-agent | Memory | 105Mi | 100Mi | 152Mi | 105Mi | N/A | N/A | + +**CronJob: `crowdsec-blocklist-import`** (VPA: `goldilocks-crowdsec-blocklist-import`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| blocklist-import | CPU | 35m | 15m | 15.5 | 35m | N/A | N/A | +| blocklist-import | Memory | 100Mi | 100Mi | 32.19Gi | 100Mi | N/A | N/A | + +**Deployment: `crowdsec-lapi`** (VPA: `goldilocks-crowdsec-lapi`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| crowdsec-lapi | CPU | 23m | 15m | 28m | 23m | 500m | 500m | +| crowdsec-lapi | Memory | 121Mi | 100Mi | 152Mi | 121Mi | 500Mi | 500Mi | + +**Deployment: `crowdsec-web`** (VPA: `goldilocks-crowdsec-web`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| crowdsec-web | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| crowdsec-web | Memory | 100Mi | 100Mi | 631Mi | 100Mi | N/A | N/A | + +### cyberchef + +**Deployment: `cyberchef`** (VPA: `goldilocks-cyberchef`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| cyberchef | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| cyberchef | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### dashy + +**Deployment: `dashy`** (VPA: `goldilocks-dashy`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| dashy | CPU | 15m | 15m | 15m | 15m | 15m | 500m | +| dashy | Memory | 2.36Gi | 1.29Gi | 3.23Gi | 2.36Gi | 64Mi | 512Mi | + +### dawarich + +**Deployment: `dawarich`** (VPA: `goldilocks-dawarich`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| dawarich | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| dawarich | Memory | 600Mi | 560Mi | 775Mi | 600Mi | N/A | N/A | + +### dbaas + +**CronJob: `mysql-backup`** (VPA: `goldilocks-mysql-backup`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**StatefulSet: `mysql-cluster`** (VPA: `goldilocks-mysql-cluster`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| mysql | CPU | 1.1 | 77m | 3.3 | 1.1 | 250m | 2.0 | +| mysql | Memory | 2.77Gi | 1.22Gi | 6.90Gi | 2.77Gi | 1.00Gi | 2.00Gi | +| sidecar | CPU | 11m | 10m | 27m | 11m | N/A | N/A | +| sidecar | Memory | 215Mi | 214Mi | 535Mi | 215Mi | N/A | N/A | + +**Deployment: `pgadmin`** (VPA: `goldilocks-pgadmin`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| pgadmin | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| pgadmin | Memory | 392Mi | 362Mi | 507Mi | 392Mi | N/A | N/A | + +**Deployment: `phpmyadmin`** (VPA: `goldilocks-phpmyadmin`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| phpmyadmin | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| phpmyadmin | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**CronJob: `postgresql-backup`** (VPA: `goldilocks-postgresql-backup`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### default + +**CronJob: `backup-etcd`** (VPA: `goldilocks-backup-etcd`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**CronJob: `cleanup-failed-pods`** (VPA: `goldilocks-cleanup-failed-pods`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**CronJob: `monitor-prometheus`** (VPA: `goldilocks-monitor-prometheus`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### descheduler + +**CronJob: `descheduler`** (VPA: `goldilocks-descheduler`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| descheduler | CPU | 126m | 51m | 14.1 | 126m | N/A | N/A | +| descheduler | Memory | 100Mi | 100Mi | 8.14Gi | 100Mi | N/A | N/A | + +### diun + +**Deployment: `diun`** (VPA: `goldilocks-diun`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| diun | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| diun | Memory | 100Mi | 100Mi | 116Mi | 100Mi | N/A | N/A | + +### ebook2audiobook + +**Deployment: `audiblez`** (VPA: `goldilocks-audiblez`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**Deployment: `audiblez-web`** (VPA: `goldilocks-audiblez-web`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| audiblez-web | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| audiblez-web | Memory | 138Mi | 121Mi | 178Mi | 138Mi | N/A | N/A | + +**Deployment: `ebook2audiobook`** (VPA: `goldilocks-ebook2audiobook`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### echo + +**Deployment: `echo`** (VPA: `goldilocks-echo`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| echo | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| echo | Memory | 105Mi | 100Mi | 132Mi | 105Mi | N/A | N/A | + +### excalidraw + +**Deployment: `excalidraw`** (VPA: `goldilocks-excalidraw`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| excalidraw | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| excalidraw | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### f1-stream + +**Deployment: `f1-stream`** (VPA: `goldilocks-f1-stream`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| f1-stream | CPU | 15m | 15m | 63m | 15m | 50m | 500m | +| f1-stream | Memory | 105Mi | 100Mi | 136Mi | 105Mi | 64Mi | 256Mi | + +### forgejo + +**Deployment: `forgejo`** (VPA: `goldilocks-forgejo`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| forgejo | CPU | 15m | 15m | 15m | 15m | 15m | 500m | +| forgejo | Memory | 215Mi | 121Mi | 284Mi | 215Mi | 64Mi | 512Mi | + +### freedify + +**Deployment: `music-emo`** (VPA: `goldilocks-music-emo`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| freedify | CPU | 15m | 15m | 15m | 15m | 100m | 500m | +| freedify | Memory | 105Mi | 105Mi | 135Mi | 105Mi | 256Mi | 512Mi | + +**Deployment: `music-viktor`** (VPA: `goldilocks-music-viktor`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| freedify | CPU | 15m | 15m | 15m | 15m | 100m | 500m | +| freedify | Memory | 100Mi | 100Mi | 116Mi | 100Mi | 256Mi | 512Mi | + +### freshrss + +**Deployment: `freshrss`** (VPA: `goldilocks-freshrss`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| freshrss | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| freshrss | Memory | 100Mi | 100Mi | 116Mi | 100Mi | N/A | N/A | + +### frigate + +**Deployment: `frigate`** (VPA: `goldilocks-frigate`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| frigate | CPU | 1.2 | 1.0 | 1.8 | 1.2 | N/A | N/A | +| frigate | Memory | 5.15Gi | 4.42Gi | 6.65Gi | 5.15Gi | N/A | N/A | + +### hackmd + +**Deployment: `hackmd`** (VPA: `goldilocks-hackmd`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| codimd | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| codimd | Memory | 138Mi | 138Mi | 181Mi | 138Mi | N/A | N/A | + +### headscale + +**Deployment: `headscale`** (VPA: `goldilocks-headscale`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| headscale | CPU | 11m | 10m | 29m | 11m | 50m | 200m | +| headscale | Memory | 105Mi | 89Mi | 136Mi | 105Mi | 64Mi | 256Mi | +| headscale-ui | CPU | 11m | 10m | 14m | 11m | 25m | 100m | +| headscale-ui | Memory | 75Mi | 75Mi | 97Mi | 75Mi | 32Mi | 128Mi | + +### health + +**Deployment: `health`** (VPA: `goldilocks-health`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| health | CPU | 15m | 15m | 15m | 15m | 100m | 1.0 | +| health | Memory | 175Mi | 174Mi | 226Mi | 175Mi | 256Mi | 1.00Gi | + +### homepage + +**Deployment: `homepage`** (VPA: `goldilocks-homepage`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| homepage | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| homepage | Memory | 121Mi | 105Mi | 156Mi | 121Mi | N/A | N/A | + +### immich + +**Deployment: `immich-frame`** (VPA: `goldilocks-immich-frame`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| immich-frame | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| immich-frame | Memory | 121Mi | 121Mi | 158Mi | 121Mi | N/A | N/A | + +**Deployment: `immich-machine-learning`** (VPA: `goldilocks-immich-machine-learning`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| immich-machine-learning | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| immich-machine-learning | Memory | 2.24Gi | 1.37Gi | 2.90Gi | 2.24Gi | N/A | N/A | + +**Deployment: `immich-postgresql`** (VPA: `goldilocks-immich-postgresql`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| immich-postgresql | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| immich-postgresql | Memory | 776Mi | 362Mi | 1.27Gi | 776Mi | N/A | N/A | + +**Deployment: `immich-server`** (VPA: `goldilocks-immich-server`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| immich-server | CPU | 920m | 15m | 1.2 | 920m | N/A | N/A | +| immich-server | Memory | 991Mi | 825Mi | 1.27Gi | 991Mi | N/A | N/A | + +**CronJob: `postgresql-backup`** (VPA: `goldilocks-postgresql-backup`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### isponsorblocktv + +**Deployment: `isponsorblocktv-vermont`** (VPA: `goldilocks-isponsorblocktv-vermont`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| isponsorblocktv-vermont | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| isponsorblocktv-vermont | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### jsoncrack + +**Deployment: `jsoncrack`** (VPA: `goldilocks-jsoncrack`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| jsoncrack | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| jsoncrack | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### k8s-portal + +**Deployment: `k8s-portal`** (VPA: `goldilocks-k8s-portal`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| portal | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| portal | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### kms + +**Deployment: `kms`** (VPA: `goldilocks-kms`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| windows-kms | CPU | 15m | 15m | 15m | 15m | 1.0 | 1.0 | +| windows-kms | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 50Mi | 512Mi | + +**Deployment: `kms-web-page`** (VPA: `goldilocks-kms-web-page`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| kms-web-page | CPU | 15m | 15m | 15m | 15m | 500m | 500m | +| kms-web-page | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 512Mi | 512Mi | + +### kube-system + +**Deployment: `coredns`** (VPA: `goldilocks-coredns`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| coredns | CPU | 15m | 15m | 15m | 15m | 100m | N/A | +| coredns | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 70Mi | 170Mi | + +**DaemonSet: `kube-proxy`** (VPA: `goldilocks-kube-proxy`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| kube-proxy | CPU | 23m | 15m | 43m | 23m | N/A | N/A | +| kube-proxy | Memory | 105Mi | 100Mi | 132Mi | 105Mi | N/A | N/A | + +### kured + +**DaemonSet: `kured`** (VPA: `goldilocks-kured`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| kured | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| kured | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### kyverno + +**Deployment: `kyverno-admission-controller`** (VPA: `goldilocks-kyverno-admission-controller`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| kyverno | CPU | 23m | 15m | 43m | 23m | 100m | N/A | +| kyverno | Memory | 215Mi | 105Mi | 270Mi | 215Mi | 128Mi | 768Mi | + +**Deployment: `kyverno-background-controller`** (VPA: `goldilocks-kyverno-background-controller`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| controller | CPU | 15m | 15m | 15m | 15m | 100m | N/A | +| controller | Memory | 156Mi | 121Mi | 202Mi | 156Mi | 64Mi | 128Mi | + +**Deployment: `kyverno-cleanup-controller`** (VPA: `goldilocks-kyverno-cleanup-controller`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| controller | CPU | 23m | 15m | 29m | 23m | 100m | N/A | +| controller | Memory | 138Mi | 100Mi | 179Mi | 138Mi | 64Mi | 128Mi | + +**Job: `kyverno-migrate-resources`** (VPA: `goldilocks-kyverno-migrate-resources`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| kubectl | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| kubectl | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `kyverno-reports-controller`** (VPA: `goldilocks-kyverno-reports-controller`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| controller | CPU | 63m | 15m | 163m | 63m | 100m | N/A | +| controller | Memory | 156Mi | 100Mi | 202Mi | 156Mi | 64Mi | 128Mi | + +### linkwarden + +**Deployment: `linkwarden`** (VPA: `goldilocks-linkwarden`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| linkwarden | CPU | 15m | 15m | 45m | 15m | N/A | N/A | +| linkwarden | Memory | 878Mi | 776Mi | 1.11Gi | 878Mi | N/A | N/A | + +### local-path-storage + +**Deployment: `local-path-provisioner`** (VPA: `goldilocks-local-path-provisioner`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| local-path-provisioner | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| local-path-provisioner | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### mailserver + +**Deployment: `mailserver`** (VPA: `goldilocks-mailserver`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| docker-mailserver | CPU | 23m | 10m | 45m | 23m | N/A | N/A | +| docker-mailserver | Memory | 309Mi | 215Mi | 399Mi | 309Mi | N/A | N/A | +| dovecot-exporter | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| dovecot-exporter | Memory | 50Mi | 50Mi | 50Mi | 50Mi | N/A | N/A | + +**Deployment: `roundcubemail`** (VPA: `goldilocks-roundcubemail`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| roundcube | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| roundcube | Memory | 105Mi | 100Mi | 135Mi | 105Mi | N/A | N/A | + +### matrix + +**Deployment: `matrix`** (VPA: `goldilocks-matrix`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### meshcentral + +**Deployment: `meshcentral`** (VPA: `goldilocks-meshcentral`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| meshcentral | CPU | 15m | 15m | 15m | 15m | 25m | 500m | +| meshcentral | Memory | 259Mi | 215Mi | 367Mi | 259Mi | 128Mi | 384Mi | + +### metallb-system + +**Deployment: `controller`** (VPA: `goldilocks-controller`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| controller | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| controller | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**DaemonSet: `speaker`** (VPA: `goldilocks-speaker`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| speaker | CPU | 23m | 15m | 28m | 23m | N/A | N/A | +| speaker | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### metrics-server + +**Deployment: `metrics-server`** (VPA: `goldilocks-metrics-server`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| metrics-server | CPU | 15m | 15m | 15m | 15m | 100m | N/A | +| metrics-server | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 200Mi | N/A | + +### monitoring + +**DaemonSet: `alloy`** (VPA: `goldilocks-alloy`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| alloy | CPU | 296m | 48m | 372m | 296m | N/A | N/A | +| alloy | Memory | 561Mi | 237Mi | 705Mi | 561Mi | N/A | N/A | +| config-reloader | CPU | 11m | 10m | 13m | 11m | N/A | N/A | +| config-reloader | Memory | 61Mi | 50Mi | 76Mi | 61Mi | N/A | N/A | + +**DaemonSet: `caretta`** (VPA: `goldilocks-caretta`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| caretta | CPU | 15m | 15m | 45m | 15m | N/A | N/A | +| caretta | Memory | 422Mi | 391Mi | 899Mi | 422Mi | N/A | N/A | + +**Deployment: `goflow2`** (VPA: `goldilocks-goflow2`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| goflow2 | CPU | 23m | 15m | 87m | 23m | 50m | 200m | +| goflow2 | Memory | 100Mi | 100Mi | 118Mi | 100Mi | 64Mi | 256Mi | + +**Deployment: `grafana`** (VPA: `goldilocks-grafana`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| grafana | CPU | 35m | 22m | 43m | 35m | 50m | 500m | +| grafana | Memory | 215Mi | 138Mi | 298Mi | 215Mi | 128Mi | 512Mi | +| grafana-sc-dashboard | CPU | 11m | 10m | 13m | 11m | N/A | N/A | +| grafana-sc-dashboard | Memory | 105Mi | 89Mi | 132Mi | 105Mi | N/A | N/A | +| grafana-sc-datasources | CPU | 11m | 10m | 13m | 11m | N/A | N/A | +| grafana-sc-datasources | Memory | 89Mi | 89Mi | 132Mi | 89Mi | N/A | N/A | + +**Deployment: `idrac-redfish-exporter`** (VPA: `goldilocks-idrac-redfish-exporter`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| redfish-exporter | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| redfish-exporter | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**StatefulSet: `loki`** (VPA: `goldilocks-loki`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| loki | CPU | 476m | 62m | 660m | 476m | 250m | 1.0 | +| loki | Memory | 3.08Gi | 1.91Gi | 3.98Gi | 3.08Gi | 4.00Gi | 6.00Gi | +| loki-sc-rules | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| loki-sc-rules | Memory | 121Mi | 121Mi | 156Mi | 121Mi | N/A | N/A | + +**DaemonSet: `loki-canary`** (VPA: `goldilocks-loki-canary`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| loki-canary | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| loki-canary | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**StatefulSet: `prometheus-alertmanager`** (VPA: `goldilocks-prometheus-alertmanager`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| alertmanager | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| alertmanager | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `prometheus-kube-state-metrics`** (VPA: `goldilocks-prometheus-kube-state-metrics`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| kube-state-metrics | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| kube-state-metrics | Memory | 156Mi | 100Mi | 201Mi | 156Mi | N/A | N/A | + +**DaemonSet: `prometheus-prometheus-node-exporter`** (VPA: `goldilocks-prometheus-prometheus-node-exporter`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| node-exporter | CPU | 23m | 15m | 28m | 23m | N/A | N/A | +| node-exporter | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `prometheus-prometheus-pushgateway`** (VPA: `goldilocks-prometheus-prometheus-pushgateway`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| pushgateway | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| pushgateway | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `prometheus-server`** (VPA: `goldilocks-prometheus-server`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| prometheus-server | CPU | 93m | 34m | 163m | 93m | N/A | N/A | +| prometheus-server | Memory | 4.20Gi | 4.19Gi | 5.43Gi | 4.20Gi | N/A | N/A | +| prometheus-server-configmap-reload | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| prometheus-server-configmap-reload | Memory | 61Mi | 61Mi | 78Mi | 61Mi | N/A | N/A | + +**Deployment: `proxmox-exporter`** (VPA: `goldilocks-proxmox-exporter`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| proxmox-exporter | CPU | 35m | 15m | 45m | 35m | N/A | N/A | +| proxmox-exporter | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `snmp-exporter`** (VPA: `goldilocks-snmp-exporter`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| snmp-exporter | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| snmp-exporter | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**DaemonSet: `sysctl-inotify`** (VPA: `goldilocks-sysctl-inotify`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| pause | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| pause | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### mysql-operator + +**Deployment: `mysql-operator`** (VPA: `goldilocks-mysql-operator`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| mysql-operator | CPU | 35m | 15m | 147m | 35m | N/A | N/A | +| mysql-operator | Memory | 309Mi | 307Mi | 926Mi | 309Mi | N/A | N/A | + +### n8n + +**Deployment: `n8n`** (VPA: `goldilocks-n8n`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| n8n | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| n8n | Memory | 641Mi | 422Mi | 830Mi | 641Mi | N/A | N/A | + +### navidrome + +**Deployment: `navidrome`** (VPA: `goldilocks-navidrome`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| navidrome | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| navidrome | Memory | 156Mi | 100Mi | 202Mi | 156Mi | N/A | N/A | + +### netbox + +**Deployment: `netbox`** (VPA: `goldilocks-netbox`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| netbox | CPU | 203m | 15m | 383m | 203m | 25m | 1.0 | +| netbox | Memory | 641Mi | 560Mi | 829Mi | 641Mi | 64Mi | 512Mi | + +### networking-toolbox + +**Deployment: `networking-toolbox`** (VPA: `goldilocks-networking-toolbox`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| networking-toolbox | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| networking-toolbox | Memory | 105Mi | 100Mi | 152Mi | 105Mi | N/A | N/A | + +### nextcloud + +**Deployment: `nextcloud`** (VPA: `goldilocks-nextcloud`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| nextcloud | CPU | 2.4 | 34m | 3.1 | 2.4 | 100m | 16.0 | +| nextcloud | Memory | 5.70Gi | 1.37Gi | 7.39Gi | 5.70Gi | 1.00Gi | 6.00Gi | +| nextcloud-cron | CPU | 11m | 10m | 101m | 11m | N/A | N/A | +| nextcloud-cron | Memory | 121Mi | 61Mi | 157Mi | 121Mi | N/A | N/A | + +**CronJob: `nextcloud-backup`** (VPA: `goldilocks-nextcloud-backup`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**Deployment: `whiteboard`** (VPA: `goldilocks-whiteboard`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| whiteboard | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| whiteboard | Memory | 156Mi | 156Mi | 201Mi | 156Mi | N/A | N/A | + +### ntfy + +**Deployment: `ntfy`** (VPA: `goldilocks-ntfy`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| ntfy | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| ntfy | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### nvidia + +**DaemonSet: `gpu-feature-discovery`** (VPA: `goldilocks-gpu-feature-discovery`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| config-manager | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| config-manager | Memory | 50Mi | 50Mi | 50Mi | 50Mi | N/A | N/A | +| gpu-feature-discovery | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| gpu-feature-discovery | Memory | 89Mi | 89Mi | 115Mi | 89Mi | N/A | N/A | + +**Deployment: `gpu-operator`** (VPA: `goldilocks-gpu-operator`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| gpu-operator | CPU | 23m | 22m | 45m | 23m | 200m | 500m | +| gpu-operator | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 100Mi | 350Mi | + +**DaemonSet: `gpu-pod-exporter`** (VPA: `goldilocks-gpu-pod-exporter`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| exporter | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| exporter | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**DaemonSet: `nvidia-container-toolkit-daemonset`** (VPA: `goldilocks-nvidia-container-toolkit-daemonset`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| nvidia-container-toolkit-ctr | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| nvidia-container-toolkit-ctr | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**DaemonSet: `nvidia-dcgm-exporter`** (VPA: `goldilocks-nvidia-dcgm-exporter`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| nvidia-dcgm-exporter | CPU | 23m | 22m | 29m | 23m | N/A | N/A | +| nvidia-dcgm-exporter | Memory | 641Mi | 640Mi | 828Mi | 641Mi | N/A | N/A | + +**DaemonSet: `nvidia-device-plugin-daemonset`** (VPA: `goldilocks-nvidia-device-plugin-daemonset`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| config-manager | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| config-manager | Memory | 50Mi | 50Mi | 50Mi | 50Mi | N/A | N/A | +| nvidia-device-plugin | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| nvidia-device-plugin | Memory | 50Mi | 50Mi | 61Mi | 50Mi | N/A | N/A | + +**DaemonSet: `nvidia-driver-daemonset`** (VPA: `goldilocks-nvidia-driver-daemonset`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| nvidia-driver-ctr | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| nvidia-driver-ctr | Memory | 1.37Gi | 1.37Gi | 1.77Gi | 1.37Gi | N/A | N/A | + +**Deployment: `nvidia-exporter`** (VPA: `goldilocks-nvidia-exporter`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| nvidia-exporter | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| nvidia-exporter | Memory | 175Mi | 121Mi | 226Mi | 175Mi | N/A | N/A | + +**Deployment: `nvidia-gpu-operator-node-feature-discovery-gc`** (VPA: `goldilocks-nvidia-gpu-operator-node-feature-discovery-gc`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| gc | CPU | 15m | 15m | 15m | 15m | 10m | N/A | +| gc | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 128Mi | 1.00Gi | + +**Deployment: `nvidia-gpu-operator-node-feature-discovery-master`** (VPA: `goldilocks-nvidia-gpu-operator-node-feature-discovery-master`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| master | CPU | 15m | 15m | 15m | 15m | 100m | N/A | +| master | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 128Mi | 4.00Gi | + +**DaemonSet: `nvidia-gpu-operator-node-feature-discovery-worker`** (VPA: `goldilocks-nvidia-gpu-operator-node-feature-discovery-worker`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| worker | CPU | 15m | 15m | 28m | 15m | N/A | N/A | +| worker | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**DaemonSet: `nvidia-operator-validator`** (VPA: `goldilocks-nvidia-operator-validator`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| nvidia-operator-validator | CPU | 15m | 15m | 33m | 15m | N/A | N/A | +| nvidia-operator-validator | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### ollama + +**Deployment: `ollama`** (VPA: `goldilocks-ollama`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| ollama | CPU | 15m | 15m | 15m | 15m | 500m | 4.0 | +| ollama | Memory | 259Mi | 100Mi | 335Mi | 259Mi | 4.00Gi | 12.00Gi | + +**Deployment: `ollama-ui`** (VPA: `goldilocks-ollama-ui`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| ollama-ui | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| ollama-ui | Memory | 1.15Gi | 1.15Gi | 1.49Gi | 1.15Gi | N/A | N/A | + +### onlyoffice + +**Deployment: `onlyoffice-document-server`** (VPA: `goldilocks-onlyoffice-document-server`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| onlyoffice-document-server | CPU | 35m | 15m | 45m | 35m | 250m | 8.0 | +| onlyoffice-document-server | Memory | 1.29Gi | 1.22Gi | 2.10Gi | 1.29Gi | 512Mi | 4.00Gi | + +### openclaw + +**CronJob: `cluster-healthcheck`** (VPA: `goldilocks-cluster-healthcheck`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| healthcheck | CPU | 35m | 15m | 5.1 | 35m | N/A | N/A | +| healthcheck | Memory | 100Mi | 100Mi | 10.56Gi | 100Mi | N/A | N/A | + +**Deployment: `openclaw`** (VPA: `goldilocks-openclaw`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| modelrelay | CPU | 11m | 10m | 99m | 11m | 25m | 500m | +| modelrelay | Memory | 89Mi | 73Mi | 1.22Gi | 89Mi | 64Mi | 256Mi | +| openclaw | CPU | 109m | 10m | 385m | 109m | 100m | 2.0 | +| openclaw | Memory | 1.53Gi | 990Mi | 2.11Gi | 1.53Gi | 512Mi | 2.00Gi | + +### osm-routing + +**Deployment: `osrm-bicycle`** (VPA: `goldilocks-osrm-bicycle`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| osrm-bicycle | CPU | 15m | 15m | 15m | 15m | 15m | 250m | +| osrm-bicycle | Memory | 454Mi | 454Mi | 679Mi | 454Mi | 512Mi | 1.00Gi | + +**Deployment: `osrm-foot`** (VPA: `goldilocks-osrm-foot`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| osrm-foot | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| osrm-foot | Memory | 454Mi | 422Mi | 590Mi | 454Mi | N/A | N/A | + +**Deployment: `otp`** (VPA: `goldilocks-otp`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### owntracks + +**Deployment: `owntracks`** (VPA: `goldilocks-owntracks`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| owntracks | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| owntracks | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### paperless-ngx + +**Deployment: `paperless-ngx`** (VPA: `goldilocks-paperless-ngx`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| paperless-ngx | CPU | 35m | 15m | 389m | 35m | 100m | 2.0 | +| paperless-ngx | Memory | 1.22Gi | 121Mi | 1.70Gi | 1.22Gi | 256Mi | 1.00Gi | + +### plotting-book + +**Deployment: `plotting-book`** (VPA: `goldilocks-plotting-book`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| plotting-book | CPU | 15m | 15m | 15m | 15m | 50m | 500m | +| plotting-book | Memory | 100Mi | 100Mi | 115Mi | 100Mi | 128Mi | 512Mi | + +### poison-fountain + +**Deployment: `poison-fountain`** (VPA: `goldilocks-poison-fountain`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| poison-fountain | CPU | 15m | 15m | 15m | 15m | 10m | 100m | +| poison-fountain | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 32Mi | 128Mi | + +**CronJob: `poison-fountain-fetcher`** (VPA: `goldilocks-poison-fountain-fetcher`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### privatebin + +**Deployment: `privatebin`** (VPA: `goldilocks-privatebin`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| privatebin | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| privatebin | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### realestate-crawler + +**Deployment: `realestate-crawler-api`** (VPA: `goldilocks-realestate-crawler-api`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| realestate-crawler-api | CPU | 15m | 15m | 15m | 15m | 50m | 2.0 | +| realestate-crawler-api | Memory | 175Mi | 156Mi | 244Mi | 175Mi | 128Mi | 1.00Gi | + +**Deployment: `realestate-crawler-celery`** (VPA: `goldilocks-realestate-crawler-celery`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| celery-worker | CPU | 15m | 15m | 15m | 15m | 100m | 2.0 | +| celery-worker | Memory | 933Mi | 728Mi | 2.76Gi | 933Mi | 512Mi | 2.00Gi | + +**Deployment: `realestate-crawler-celery-beat`** (VPA: `goldilocks-realestate-crawler-celery-beat`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| celery-beat | CPU | 15m | 15m | 15m | 15m | 10m | 200m | +| celery-beat | Memory | 175Mi | 174Mi | 226Mi | 175Mi | 64Mi | 256Mi | + +**Deployment: `realestate-crawler-ui`** (VPA: `goldilocks-realestate-crawler-ui`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| realestate-crawler-ui | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| realestate-crawler-ui | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### redis + +**CronJob: `redis-backup`** (VPA: `goldilocks-redis-backup`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**StatefulSet: `redis-node`** (VPA: `goldilocks-redis-node`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| redis | CPU | 410m | 48m | 900m | 410m | 50m | 500m | +| redis | Memory | 61Mi | 50Mi | 123Mi | 61Mi | 64Mi | 256Mi | +| sentinel | CPU | 35m | 34m | 71m | 35m | 50m | 200m | +| sentinel | Memory | 50Mi | 50Mi | 70Mi | 50Mi | 64Mi | 128Mi | + +### reloader + +**Deployment: `reloader-reloader`** (VPA: `goldilocks-reloader-reloader`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +### resume + +**Deployment: `printer`** (VPA: `goldilocks-printer`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| printer | CPU | 15m | 15m | 15m | 15m | 50m | 1.0 | +| printer | Memory | 1.29Gi | 392Mi | 1.67Gi | 1.29Gi | 128Mi | 512Mi | + +**Deployment: `resume`** (VPA: `goldilocks-resume`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| resume | CPU | 15m | 15m | 15m | 15m | 25m | 500m | +| resume | Memory | 215Mi | 156Mi | 279Mi | 215Mi | 128Mi | 384Mi | + +### rybbit + +**Deployment: `clickhouse`** (VPA: `goldilocks-clickhouse`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| clickhouse | CPU | 1.2 | 1.0 | 1.6 | 1.2 | 100m | 2.0 | +| clickhouse | Memory | 1.91Gi | 1.22Gi | 2.47Gi | 1.91Gi | 512Mi | 4.00Gi | + +**Deployment: `rybbit`** (VPA: `goldilocks-rybbit`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| rybbit | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| rybbit | Memory | 309Mi | 215Mi | 400Mi | 309Mi | N/A | N/A | + +**Deployment: `rybbit-client`** (VPA: `goldilocks-rybbit-client`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| rybbit-client | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| rybbit-client | Memory | 175Mi | 174Mi | 226Mi | 175Mi | N/A | N/A | + +### send + +**Deployment: `send`** (VPA: `goldilocks-send`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| send | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| send | Memory | 100Mi | 100Mi | 116Mi | 100Mi | N/A | N/A | + +### servarr + +**Deployment: `flaresolverr`** (VPA: `goldilocks-flaresolverr`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| flaresolverr | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| flaresolverr | Memory | 641Mi | 308Mi | 830Mi | 641Mi | N/A | N/A | + +**Deployment: `listenarr`** (VPA: `goldilocks-listenarr`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| listenarr | CPU | 15m | 15m | 15m | 15m | 25m | 1.0 | +| listenarr | Memory | 729Mi | 523Mi | 944Mi | 729Mi | 256Mi | 1.00Gi | + +**Deployment: `prowlarr`** (VPA: `goldilocks-prowlarr`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| prowlarr | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| prowlarr | Memory | 259Mi | 259Mi | 336Mi | 259Mi | N/A | N/A | + +**Deployment: `qbittorrent`** (VPA: `goldilocks-qbittorrent`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| qbittorrent | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| qbittorrent | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### shadowsocks + +**Deployment: `shadowsocks`** (VPA: `goldilocks-shadowsocks`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| shadowsocks | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| shadowsocks | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### speedtest + +**Deployment: `speedtest`** (VPA: `goldilocks-speedtest`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| speedtest | CPU | 182m | 22m | 418m | 182m | 50m | 500m | +| speedtest | Memory | 309Mi | 259Mi | 547Mi | 309Mi | 128Mi | 512Mi | + +### stirling-pdf + +**Deployment: `stirling-pdf`** (VPA: `goldilocks-stirling-pdf`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| stirling-pdf | CPU | 15m | 15m | 29m | 15m | 100m | 2.0 | +| stirling-pdf | Memory | 1.09Gi | 728Mi | 1.41Gi | 1.09Gi | 256Mi | 1.00Gi | + +### tandoor + +**Deployment: `tandoor`** (VPA: `goldilocks-tandoor`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| recipes | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| recipes | Memory | 991Mi | 308Mi | 1.25Gi | 991Mi | N/A | N/A | + +### technitium + +**Deployment: `technitium`** (VPA: `goldilocks-technitium`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| technitium | CPU | 15m | 15m | 15m | 15m | 100m | 500m | +| technitium | Memory | 283Mi | 259Mi | 367Mi | 283Mi | 128Mi | 512Mi | + +**Deployment: `technitium-secondary`** (VPA: `goldilocks-technitium-secondary`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| technitium | CPU | 15m | 15m | 49m | 15m | 100m | 500m | +| technitium | Memory | 175Mi | 104Mi | 376Mi | 175Mi | 128Mi | 512Mi | + +**Job: `technitium-secondary-setup`** (VPA: `goldilocks-technitium-secondary-setup`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| setup | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| setup | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### tigera-operator + +**Deployment: `tigera-operator`** (VPA: `goldilocks-tigera-operator`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| tigera-operator | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| tigera-operator | Memory | 175Mi | 174Mi | 226Mi | 175Mi | N/A | N/A | + +### tor-proxy + +**Deployment: `tor-proxy`** (VPA: `goldilocks-tor-proxy`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| tor-proxy | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| tor-proxy | Memory | 121Mi | 100Mi | 157Mi | 121Mi | N/A | N/A | + +### trading-bot + +**Job: `trading-bot-db-init`** (VPA: `goldilocks-trading-bot-db-init`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| db-init | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| db-init | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `trading-bot-frontend`** (VPA: `goldilocks-trading-bot-frontend`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| api-gateway | CPU | 11m | 10m | 23m | 11m | 50m | 1.0 | +| api-gateway | Memory | 237Mi | 194Mi | 511Mi | 237Mi | 128Mi | 512Mi | +| dashboard | CPU | 11m | 10m | 14m | 11m | 10m | 200m | +| dashboard | Memory | 50Mi | 50Mi | 50Mi | 50Mi | 32Mi | 128Mi | + +**Job: `trading-bot-migrations`** (VPA: `goldilocks-trading-bot-migrations`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| migrations | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| migrations | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `trading-bot-workers`** (VPA: `goldilocks-trading-bot-workers`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| learning-engine | CPU | 11m | 10m | 14m | 11m | 10m | 500m | +| learning-engine | Memory | 89Mi | 89Mi | 116Mi | 89Mi | 64Mi | 256Mi | +| market-data | CPU | 11m | 10m | 14m | 11m | 10m | 500m | +| market-data | Memory | 138Mi | 105Mi | 180Mi | 138Mi | 64Mi | 256Mi | +| news-fetcher | CPU | 11m | 10m | 14m | 11m | 10m | 500m | +| news-fetcher | Memory | 105Mi | 75Mi | 137Mi | 105Mi | 64Mi | 256Mi | +| sentiment-analyzer | CPU | 11m | 10m | 14m | 11m | 100m | 2.0 | +| sentiment-analyzer | Memory | 1.81Gi | 1.71Gi | 2.35Gi | 1.81Gi | 512Mi | 2.00Gi | +| signal-generator | CPU | 11m | 10m | 14m | 11m | 10m | 500m | +| signal-generator | Memory | 175Mi | 89Mi | 228Mi | 175Mi | 64Mi | 256Mi | +| trade-executor | CPU | 11m | 10m | 14m | 11m | 10m | 500m | +| trade-executor | Memory | 138Mi | 138Mi | 180Mi | 138Mi | 64Mi | 256Mi | + +### traefik + +**Deployment: `auth-proxy`** (VPA: `goldilocks-auth-proxy`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| nginx | CPU | 15m | 15m | 64m | 15m | 5m | 50m | +| nginx | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 16Mi | 32Mi | + +**Deployment: `bot-block-proxy`** (VPA: `goldilocks-bot-block-proxy`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| nginx | CPU | 15m | 15m | 63m | 15m | 5m | 50m | +| nginx | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 16Mi | 32Mi | + +**Deployment: `traefik`** (VPA: `goldilocks-traefik`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| traefik | CPU | 49m | 15m | 98m | 49m | 100m | N/A | +| traefik | Memory | 194Mi | 105Mi | 298Mi | 194Mi | 128Mi | N/A | + +### travel-blog + +**Deployment: `travel-blog`** (VPA: `goldilocks-travel-blog`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| travel-blog | CPU | 15m | 15m | 15m | 15m | 250m | 500m | +| travel-blog | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 50Mi | 512Mi | + +### tuya-bridge + +**Deployment: `tuya-bridge`** (VPA: `goldilocks-tuya-bridge`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| tuya-bridge | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| tuya-bridge | Memory | 156Mi | 138Mi | 196Mi | 156Mi | N/A | N/A | + +### uptime-kuma + +**Deployment: `uptime-kuma`** (VPA: `goldilocks-uptime-kuma`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| uptime-kuma | CPU | 49m | 34m | 82m | 49m | 50m | 200m | +| uptime-kuma | Memory | 237Mi | 121Mi | 341Mi | 237Mi | 64Mi | 256Mi | + +### url + +**Deployment: `shlink`** (VPA: `goldilocks-shlink`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| shlink | CPU | 15m | 15m | 15m | 15m | 25m | N/A | +| shlink | Memory | 454Mi | 422Mi | 597Mi | 454Mi | 128Mi | 512Mi | + +**Deployment: `shlink-web`** (VPA: `goldilocks-shlink-web`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| shlink-web | CPU | 15m | 15m | 15m | 15m | 250m | 500m | +| shlink-web | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 50Mi | 512Mi | + +### vaultwarden + +**Deployment: `vaultwarden`** (VPA: `goldilocks-vaultwarden`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| vaultwarden | CPU | 15m | 15m | 15m | 15m | 50m | 200m | +| vaultwarden | Memory | 105Mi | 105Mi | 156Mi | 105Mi | 64Mi | 256Mi | + +### vpa + +**Deployment: `goldilocks-controller`** (VPA: `goldilocks-goldilocks-controller`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| goldilocks | CPU | 63m | 15m | 141m | 63m | 25m | N/A | +| goldilocks | Memory | 105Mi | 100Mi | 135Mi | 105Mi | 256Mi | N/A | + +**Deployment: `goldilocks-dashboard`** (VPA: `goldilocks-goldilocks-dashboard`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| goldilocks | CPU | 15m | 15m | 15m | 15m | 25m | N/A | +| goldilocks | Memory | 100Mi | 100Mi | 135Mi | 100Mi | 256Mi | N/A | + +**Job: `vpa-admission-certgen`** (VPA: `goldilocks-vpa-admission-certgen`, mode: `Off`) + +_No recommendations available (insufficient data)_ + +**Deployment: `vpa-admission-controller`** (VPA: `goldilocks-vpa-admission-controller`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| vpa | CPU | 15m | 15m | 15m | 15m | 50m | N/A | +| vpa | Memory | 100Mi | 100Mi | 115Mi | 100Mi | 200Mi | N/A | + +**Deployment: `vpa-recommender`** (VPA: `goldilocks-vpa-recommender`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| vpa | CPU | 23m | 22m | 29m | 23m | 50m | N/A | +| vpa | Memory | 121Mi | 121Mi | 156Mi | 121Mi | 500Mi | N/A | + +**Deployment: `vpa-updater`** (VPA: `goldilocks-vpa-updater`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| vpa | CPU | 15m | 15m | 15m | 15m | 50m | N/A | +| vpa | Memory | 105Mi | 100Mi | 135Mi | 105Mi | 500Mi | N/A | + +### wealthfolio + +**Deployment: `wealthfolio`** (VPA: `goldilocks-wealthfolio`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| wealthfolio | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| wealthfolio | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### webhook-handler + +**Deployment: `webhook-handler`** (VPA: `goldilocks-webhook-handler`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| webhook-handler | CPU | 15m | 15m | 15m | 15m | 250m | 500m | +| webhook-handler | Memory | 100Mi | 100Mi | 100Mi | 100Mi | 50Mi | 512Mi | + +### website + +**Deployment: `blog`** (VPA: `goldilocks-blog`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| blog | CPU | 11m | 10m | 13m | 11m | 250m | 500m | +| blog | Memory | 50Mi | 50Mi | 50Mi | 50Mi | 50Mi | 512Mi | +| nginx-exporter | CPU | 11m | 10m | 13m | 11m | N/A | N/A | +| nginx-exporter | Memory | 50Mi | 50Mi | 50Mi | 50Mi | N/A | N/A | + +### whisper + +**Deployment: `piper`** (VPA: `goldilocks-piper`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| piper | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| piper | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Deployment: `whisper`** (VPA: `goldilocks-whisper`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| whisper | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| whisper | Memory | 729Mi | 728Mi | 942Mi | 729Mi | N/A | N/A | + +### wireguard + +**Deployment: `wireguard`** (VPA: `goldilocks-wireguard`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| prometheus-exporter | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| prometheus-exporter | Memory | 50Mi | 50Mi | 50Mi | 50Mi | N/A | N/A | +| wireguard | CPU | 11m | 10m | 14m | 11m | N/A | N/A | +| wireguard | Memory | 50Mi | 50Mi | 50Mi | 50Mi | N/A | N/A | + +### woodpecker + +**StatefulSet: `woodpecker-agent`** (VPA: `goldilocks-woodpecker-agent`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| agent | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| agent | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**Job: `woodpecker-db-init`** (VPA: `goldilocks-woodpecker-db-init`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| db-init | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| db-init | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +**StatefulSet: `woodpecker-server`** (VPA: `goldilocks-woodpecker-server`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| server | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| server | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### xray + +**Deployment: `xray`** (VPA: `goldilocks-xray`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| xray | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| xray | Memory | 100Mi | 100Mi | 100Mi | 100Mi | N/A | N/A | + +### ytdlp + +**Deployment: `yt-highlights`** (VPA: `goldilocks-yt-highlights`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| yt-highlights | CPU | 15m | 15m | 15m | 15m | N/A | N/A | +| yt-highlights | Memory | 237Mi | 237Mi | 306Mi | 237Mi | N/A | N/A | + +**Deployment: `ytdlp`** (VPA: `goldilocks-ytdlp`, mode: `Off`) + +| Container | Metric | Target | Lower Bound | Upper Bound | Uncapped Target | Current Request | Current Limit | +|-----------|--------|--------|-------------|-------------|-----------------|-----------------|---------------| +| ytdlp | CPU | 15m | 15m | 15m | 15m | 25m | 500m | +| ytdlp | Memory | 283Mi | 215Mi | 367Mi | 283Mi | 128Mi | 512Mi | + +--- + +## Namespaces Without VPA Objects + +These namespaces have no Goldilocks VPA objects: + +- `gadget` +- `kube-node-lease` +- `kube-public` +- `reverse-proxy` + +## VPA Objects Without Recommendations + +These VPA objects exist but have no container recommendations (likely insufficient usage data): + +- `actualbudget/goldilocks-bank-sync-anca` +- `actualbudget/goldilocks-bank-sync-emo` +- `actualbudget/goldilocks-bank-sync-viktor` +- `dbaas/goldilocks-mysql-backup` +- `dbaas/goldilocks-postgresql-backup` +- `default/goldilocks-backup-etcd` +- `default/goldilocks-cleanup-failed-pods` +- `default/goldilocks-monitor-prometheus` +- `ebook2audiobook/goldilocks-audiblez` +- `ebook2audiobook/goldilocks-ebook2audiobook` +- `immich/goldilocks-postgresql-backup` +- `matrix/goldilocks-matrix` +- `nextcloud/goldilocks-nextcloud-backup` +- `osm-routing/goldilocks-otp` +- `poison-fountain/goldilocks-poison-fountain-fetcher` +- `redis/goldilocks-redis-backup` +- `reloader/goldilocks-reloader-reloader` +- `vpa/goldilocks-vpa-admission-certgen` diff --git a/.planning/quick/resource-plan.md b/.planning/quick/resource-plan.md new file mode 100644 index 00000000..bb406daa --- /dev/null +++ b/.planning/quick/resource-plan.md @@ -0,0 +1,285 @@ +# Resource Right-Sizing Plan + +## Methodology +- **Conservative**: limits = max(VPA upper bound * 2, current live usage * 2, minimum sane value) +- **Requests**: VPA target or current usage, whichever is higher +- **Floor values**: 10m CPU req, 25m CPU lim, 32Mi mem req, 64Mi mem lim (nothing goes below these) +- **GPU containers**: keep nvidia.com/gpu, add CPU/mem based on VPA data +- **Ollama special case**: remove CPU/mem limits entirely (keep only GPU + minimal requests) + +## Wave 1: CRITICAL FIXES (actively broken) + +### dashy — CPU throttled at 98% (490m/500m), mem needs 2.36Gi +- File: stacks/dashy/main.tf +- VPA target: 15m CPU, 2.36Gi mem | Upper: 15m CPU, 3.23Gi mem +- Live: 490m CPU, 1048Mi mem +- **New**: req 50m/512Mi, lim 2/4Gi + +### stirling-pdf — CPU throttled at 99.7% (299m/300m) +- File: stacks/stirling-pdf/main.tf +- VPA target: 29m CPU, 1.41Gi mem | Upper: 29m CPU, 1.41Gi mem +- Live: 299m CPU, 902Mi mem +- **New**: req 100m/512Mi, lim 2/2Gi + +### MySQL cluster — OOMKilled, 1845Mi with 2Gi limit +- File: stacks/platform/modules/dbaas/main.tf +- Already bumped to 3Gi in previous session, but pods show 512Mi (VPA override legacy) +- VPA target: 2.77Gi | Upper: 6.90Gi +- **New**: top-level resources: req 250m/2Gi, lim 2/4Gi; podSpec.containers mysql: same + +### traefik auth-proxy & bot-block-proxy — VPA says need 100Mi, limit is 32Mi +- File: stacks/platform/modules/traefik/main.tf +- **New**: req 5m/32Mi, lim 50m/128Mi + +## Wave 2: STANDALONE STACKS — containers without explicit resources + +### affine — over-provisioned (2 CPU / 4Gi, uses 4m/174Mi) +- VPA upper: 63m/307Mi +- **New**: req 25m/128Mi, lim 250m/512Mi + +### aiostreams — mem at 215Mi with 768Mi limit, VPA says 641Mi target +- **New**: req 25m/256Mi, lim 500m/1Gi + +### audiobookshelf — no resources, 55Mi usage +- VPA upper: 15m/170Mi +- **New**: req 15m/64Mi, lim 250m/512Mi + +### changedetection — sockpuppetbrowser (Chromium) + changedetection +- changedetection: VPA 15m/100Mi | **New**: req 15m/64Mi, lim 250m/256Mi +- sockpuppetbrowser: Chromium needs more | **New**: req 25m/128Mi, lim 500m/512Mi + +### cyberchef — tiny (8Mi), no resources +- **New**: req 10m/32Mi, lim 100m/128Mi + +### dawarich — Rails app at 438Mi +- VPA upper: 15m/838Mi +- **New**: req 15m/256Mi, lim 250m/1Gi + +### diun — tiny (24Mi) +- **New**: req 10m/32Mi, lim 100m/128Mi + +### echo — 5 replicas, tiny (19-30Mi each) +- **New**: req 10m/32Mi, lim 100m/128Mi + +### excalidraw — tiny (2Mi) +- **New**: req 10m/16Mi, lim 100m/64Mi + +### flaresolverr — Chromium at 148Mi/256Mi (58%) +- VPA upper: 15m/348Mi +- **New**: req 25m/128Mi, lim 500m/512Mi + +### freshrss — 56Mi +- VPA upper: 15m/167Mi +- **New**: req 15m/64Mi, lim 250m/256Mi + +### hackmd — Node.js at 82Mi +- VPA upper: 15m/256Mi +- **New**: req 15m/64Mi, lim 250m/512Mi + +### isponsorblocktv — 42Mi +- **New**: req 10m/32Mi, lim 150m/256Mi + +### linkwarden — Next.js at 682Mi +- VPA upper: 15m/1.04Gi +- **New**: req 25m/256Mi, lim 500m/1.5Gi + +### n8n — workflow automation at 425Mi +- VPA upper: 15m/766Mi +- **New**: req 25m/256Mi, lim 500m/1Gi + +### navidrome — music at 62Mi +- VPA upper: 15m/179Mi +- **New**: req 15m/64Mi, lim 250m/384Mi + +### ntfy — 20Mi +- **New**: req 10m/32Mi, lim 100m/128Mi + +### owntracks — tiny (1Mi) +- **New**: req 10m/16Mi, lim 100m/64Mi + +### privatebin — 46Mi +- **New**: req 10m/32Mi, lim 150m/256Mi + +### send — 53Mi +- **New**: req 10m/32Mi, lim 150m/256Mi + +### shadowsocks — tiny (0Mi) +- **New**: req 10m/16Mi, lim 100m/64Mi + +### tandoor — Django at 754Mi +- VPA upper: 15m/1.14Gi +- **New**: req 25m/256Mi, lim 250m/1.5Gi + +### tor-proxy — 61Mi +- VPA upper: 15m/167Mi +- **New**: req 10m/64Mi, lim 150m/256Mi + +### wealthfolio — tiny (8Mi) +- **New**: req 10m/32Mi, lim 100m/128Mi + +### networking-toolbox — tiny, 3 replicas +- **New**: req 10m/32Mi, lim 100m/128Mi + +### tuya-bridge — IoT bridge, 3 replicas +- VPA upper: 15m/100Mi +- **New**: req 10m/32Mi, lim 150m/256Mi + +### rybbit — Node.js backend at 185Mi +- **New**: req 25m/128Mi, lim 250m/512Mi +### rybbit-client — 89Mi +- **New**: req 10m/64Mi, lim 150m/256Mi + +## Wave 3: PLATFORM MODULES — containers without explicit resources + +### mailserver — docker-mailserver at 183Mi (needs more for ClamAV) +- VPA upper: 15m/317Mi +- **New**: req 25m/128Mi, lim 500m/512Mi +### dovecot-exporter +- **New**: req 10m/16Mi, lim 100m/64Mi + +### cloudflared — 31-59Mi each, 3 replicas +- VPA upper: 15m/110Mi +- **New**: req 15m/32Mi, lim 200m/256Mi + +### pgadmin — 265Mi +- VPA upper: 15m/413Mi +- **New**: req 25m/128Mi, lim 500m/512Mi + +### phpmyadmin — 46Mi +- VPA upper: 15m/100Mi +- **New**: req 15m/32Mi, lim 250m/256Mi + +### crowdsec-web — 46Mi +- **New**: req 15m/32Mi, lim 250m/256Mi + +### xray — 11Mi +- **New**: req 10m/32Mi, lim 100m/128Mi + +### wireguard — tiny (2Mi) +- **New**: req 10m/16Mi, lim 100m/128Mi +### wireguard prometheus-exporter +- **New**: req 10m/16Mi, lim 50m/64Mi + +### k8s-portal — 14Mi +- **New**: req 10m/32Mi, lim 100m/128Mi + +## Wave 4: GPU CONTAINERS — add CPU/mem to GPU-only containers + +### ollama — SPECIAL: remove limits, keep minimal requests + GPU +- **New**: req 100m/256Mi, lim nvidia.com/gpu=1 ONLY (no CPU/mem limits) + +### frigate — highest mem (3835Mi), CPU (860m) +- VPA upper: 1.8 CPU, 6.65Gi mem +- **New**: req 500m/2Gi, lim 4/8Gi + GPU:1 + +### immich-machine-learning — 1215Mi +- VPA upper: 15m/2.90Gi +- **New**: req 100m/1Gi, lim 2/4Gi + GPU:1 + +### immich-server — no resources, 404Mi, VPA 920m CPU +- **New**: req 100m/256Mi, lim 2/2Gi + +### immich-postgresql — no resources, 268Mi +- **New**: req 50m/256Mi, lim 1/1Gi + +### ollama-ui — 658Mi, no resources +- VPA upper: 15m/969Mi +- **New**: req 25m/256Mi, lim 500m/1.5Gi + +### whisper — 628Mi, no resources +- VPA upper: 15m/969Mi +- **New**: req 25m/256Mi, lim 500m/1.5Gi + +### piper — 32Mi +- **New**: req 25m/64Mi, lim 250m/512Mi + +## Wave 5: RIGHT-SIZE OVER-PROVISIONED + +### kms-web-page — uses 0m/10Mi but has 500m/512Mi Guaranteed QoS +- **New**: req 10m/16Mi, lim 50m/64Mi + +### kms (windows) — uses 0m/0Mi but has 1/512Mi +- **New**: req 10m/32Mi, lim 100m/128Mi + +### city-guesser — uses 1m/23Mi but has 250m/500m CPU req +- **New**: req 10m/32Mi, lim 100m/256Mi + +### blog — uses 0m/17Mi but has 250m/500m +- **New**: req 10m/32Mi, lim 100m/256Mi + +### travel-blog — uses 0m/9Mi, has 250m/500m +- **New**: req 10m/32Mi, lim 100m/256Mi + +### webhook-handler — uses 1m/8Mi, has 250m/500m +- **New**: req 10m/32Mi, lim 100m/256Mi + +### coturn — uses 1m/7Mi, has 100m/1 CPU +- **New**: req 10m/32Mi, lim 100m/128Mi + +### health — uses 2m/101Mi, has 100m/1 +- **New**: req 15m/64Mi, lim 250m/256Mi + +### plotting-book — uses 0m/22Mi, has 50m/500m +- **New**: req 10m/32Mi, lim 100m/256Mi + +### resume/printer — uses 3m/109Mi, VPA says 1.29Gi mem (Chromium!) +- **New**: req 25m/128Mi, lim 500m/1.5Gi (Chromium headless) + +### resume — uses 1m/116Mi, has 25m/500m +- **New**: req 15m/64Mi, lim 250m/384Mi + +### openclaw/modelrelay — uses low, VPA upper 1.22Gi mem +- **New**: req 25m/64Mi, lim 500m/512Mi + +### atuin — uses 1m/2Mi +- **New**: req 10m/16Mi, lim 100m/128Mi + +### vaultwarden — uses 1m/49Mi +- **New**: req 10m/32Mi, lim 100m/256Mi + +### f1-stream — uses 7m/53Mi +- **New**: req 25m/64Mi, lim 250m/256Mi + +### speedtest — uses 1m/147Mi, has 25m/500m +- VPA upper: 418m CPU (spikes during tests!) +- **New**: req 25m/128Mi, lim 1/512Mi + +### netbox — uses 1m/480Mi +- VPA upper: 383m CPU, 605Mi mem +- **New**: req 25m/256Mi, lim 500m/1Gi + +### meshcentral — uses 1m/127Mi +- VPA upper: 15m/367Mi +- **New**: req 15m/64Mi, lim 250m/512Mi + +### forgejo — uses 1m/170Mi +- VPA upper: 15m/284Mi +- **New**: req 15m/64Mi, lim 250m/512Mi + +### calibre-web-automated — uses 1m/196Mi +- VPA upper: 63m/829Mi +- **New**: req 25m/256Mi, lim 500m/1Gi + +### paperless-ngx — uses 4m/691Mi, VPA upper 1.70Gi +- **New**: req 50m/512Mi, lim 1/2Gi + +### realestate-crawler-api — uses 2m/133Mi, has 50m/2000m CPU lim +- **New**: req 15m/64Mi, lim 250m/512Mi + +### realestate-crawler-celery-beat — uses 0m/107Mi +- **New**: req 10m/64Mi, lim 100m/256Mi + +### osrm-bicycle — uses 0m/366Mi +- VPA upper: 15m/679Mi +- **New**: req 15m/256Mi, lim 100m/1Gi + +### osrm-foot — no resources, uses 0m/359Mi +- VPA upper similar to bicycle +- **New**: req 15m/256Mi, lim 100m/1Gi + +### freedify — uses 2m/57-68Mi, has 100m/500m +- **New**: req 15m/64Mi, lim 250m/256Mi + +### onlyoffice — uses 3m/1007Mi, has 250m/8 CPU (177x waste on CPU) +- Keep memory at 4Gi (needs it), reduce CPU +- **New**: req 100m/512Mi, lim 2/4Gi diff --git a/docs/plans/2026-03-03-cluster-hardening-design.md b/docs/plans/2026-03-03-cluster-hardening-design.md new file mode 100644 index 00000000..d8625e5c --- /dev/null +++ b/docs/plans/2026-03-03-cluster-hardening-design.md @@ -0,0 +1,73 @@ +# Cluster Hardening Design + +**Date**: 2026-03-03 +**Status**: Approved +**Scope**: Service availability, failure detection, DNS HA + +## Context + +Reliability audit identified gaps in failure detection (most services lack health probes), NFS monitoring (backbone for 70+ services has no dedicated alerting), and DNS high availability (AXFR-based secondary doesn't sync settings/blocklists). + +## Decisions + +- No PDBs for now — revisit when adding more replicas +- No NetworkPolicies in this phase — covered by security observability design +- Replicate only critical infra (DNS); apps stay at 1 replica +- Keep databases on NFS; harden via monitoring, not migration +- Backup/DR items (MinIO, rsync, PBS, runbooks) deferred to a separate effort + +## Items + +### 1. etcd Backup Alerts — DONE + +- `EtcdBackupStale`: fires critical if last successful backup > 36h +- `EtcdBackupNeverSucceeded`: fires critical if backup has never completed +- etcd backup image updated to `registry.k8s.io/etcd:3.6.5-0` (matches cluster) +- Applied 2026-03-03 + +### 2. Liveness & Readiness Probes + +Add HTTP probes to Terraform-managed deployments. Conservative timing to avoid spamming: +- `periodSeconds: 30` +- `failureThreshold: 5` (150s before restart) +- `initialDelaySeconds: 15` +- `timeoutSeconds: 5` + +Use known health endpoints where available, fall back to `GET /` on container port. +Start with tier-0/tier-1 services, then extend to tier-3/tier-4. + +### 3. NFS Health Monitoring + +- **Prometheus alert**: `NFSServerDown` via blackbox exporter TCP probe on `10.0.10.15:2049`, fires critical after 2 minutes +- **Uptime Kuma**: TCP monitor on `10.0.10.15:2049` + +### 4. Technitium DNS Clustering + +Migrate from AXFR zone transfers to Technitium's built-in clustering: + +**Architecture change**: +- Convert primary + secondary Deployments → single StatefulSet with 2 replicas +- Add headless Service for stable pod DNS names +- Separate NFS volumes per replica (existing pattern preserved) + +**Clustering setup**: +- Cluster domain: `dns.viktorbarzin.lan` (permanent) +- Pod-0: primary (`/api/admin/cluster/init`) +- Pod-1: secondary (`/api/admin/cluster/initJoin`) +- HTTPS auto-enabled with self-signed certs (internal only) +- One-shot setup Job after StatefulSet is running + +**What clustering syncs** (vs AXFR which only syncs zone records): +- Zones (via catalog zone — auto-syncs new zones) +- Blocklists and allowed lists +- DNS applications and their configs +- Users, groups, permissions, API tokens +- Settings + +**Requires maintenance window**: brief DNS outage during StatefulSet migration. + +## Implementation Order + +1. NFS health monitoring (low effort, no disruption) +2. Health probes (medium effort, rolling restarts) +3. Technitium clustering (high effort, requires maintenance window) diff --git a/stacks/affine/tiers.tf b/stacks/affine/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/affine/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/audiobookshelf/tiers.tf b/stacks/audiobookshelf/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/audiobookshelf/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/blog/tiers.tf b/stacks/blog/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/blog/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/calibre/tiers.tf b/stacks/calibre/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/calibre/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/changedetection/tiers.tf b/stacks/changedetection/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/changedetection/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/city-guesser/tiers.tf b/stacks/city-guesser/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/city-guesser/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/coturn/tiers.tf b/stacks/coturn/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/coturn/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/cyberchef/tiers.tf b/stacks/cyberchef/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/cyberchef/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/dashy/tiers.tf b/stacks/dashy/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/dashy/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/dawarich/tiers.tf b/stacks/dawarich/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/dawarich/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/descheduler/tiers.tf b/stacks/descheduler/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/descheduler/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/diun/tiers.tf b/stacks/diun/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/diun/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/echo/tiers.tf b/stacks/echo/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/echo/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/excalidraw/tiers.tf b/stacks/excalidraw/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/excalidraw/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/forgejo/tiers.tf b/stacks/forgejo/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/forgejo/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/freedify/tiers.tf b/stacks/freedify/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/freedify/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/freshrss/tiers.tf b/stacks/freshrss/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/freshrss/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/frigate/tiers.tf b/stacks/frigate/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/frigate/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/grampsweb/tiers.tf b/stacks/grampsweb/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/grampsweb/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/hackmd/tiers.tf b/stacks/hackmd/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/hackmd/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/health/tiers.tf b/stacks/health/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/health/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/homepage/tiers.tf b/stacks/homepage/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/homepage/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/immich/tiers.tf b/stacks/immich/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/immich/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/isponsorblocktv/tiers.tf b/stacks/isponsorblocktv/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/isponsorblocktv/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/jsoncrack/tiers.tf b/stacks/jsoncrack/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/jsoncrack/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/k8s-dashboard/tiers.tf b/stacks/k8s-dashboard/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/k8s-dashboard/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/kms/tiers.tf b/stacks/kms/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/kms/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/linkwarden/tiers.tf b/stacks/linkwarden/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/linkwarden/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/matrix/tiers.tf b/stacks/matrix/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/matrix/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/meshcentral/tiers.tf b/stacks/meshcentral/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/meshcentral/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/n8n/tiers.tf b/stacks/n8n/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/n8n/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/navidrome/tiers.tf b/stacks/navidrome/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/navidrome/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/netbox/tiers.tf b/stacks/netbox/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/netbox/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/networking-toolbox/tiers.tf b/stacks/networking-toolbox/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/networking-toolbox/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/ntfy/tiers.tf b/stacks/ntfy/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/ntfy/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/onlyoffice/tiers.tf b/stacks/onlyoffice/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/onlyoffice/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/openclaw/tiers.tf b/stacks/openclaw/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/openclaw/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/owntracks/tiers.tf b/stacks/owntracks/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/owntracks/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/platform/redis-25.3.2.tgz b/stacks/platform/redis-25.3.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4e34e7a1716c542104d91b4fbd3110420db9b425 GIT binary patch literal 118242 zcmV)OK(@ahiwFP!00000|Lnc%cH>5tE_iW%lIR2h769r}rJ6ObF|RjIGW!w{2!H?>peUutQgp9!iiqnMmwkyHd&jcx zC%gaSQPbXKm^UePd?;f{X zoTf?Y#n8n!@c(uBdf`=VJ$fMezsv07Bc_<if4Tb`?W@1VyY#>MhtY5s|409sT!*_^MOQGs=|l|t zKqebsx09O*{O^_b8U8mN!@vJ;$ok2P{b-tqlcQs3a1uxVEqm!k+wV(nm-E3-kk20v z#UKj$GTwlHQX?ZT9LgXXZXEt}aQ5Tz>Bk@2tJ8v8; zuZ=nT|IIh=zAfy3p#N`Q_Wx6)uY{U3S8B3 zN=18K>RmyOt20?WPA-7H@u1eN%!D-5B{8d%6F(QCo=5Iu;)XS8+s^w3jx(; zhcYaPo(~K}U8ngDgL*ThwcHZwOUu+~0NHE5{T903mq{=7Cn>M33mo;<#kK&Z!V5(N zofAnkje8QLm;SXE_CQ+sEbm&^UNDs+L3yMtPEyPt4N}MrB8`jzJd~w8s6_OEJA#by zw3kkS5kh2uA|^gmg*5>$0}b_}F!lTp^MRz4?1+&E%NG6{z+mA&z#L(R`p_Ae{yzQP z-rN{Ph?eH9)L4k3-v$5nZ*Om|+r1!~_6IRE*#^FfS+8Ul4#D2% zgy(%1B^R{<@aNXv-s{`Fx8JlU;cx>weG|ofnl9c#EgT3T0{_JEUU`Y!7{h>YPyl!~ zvztG}k=KVF?ue7H*A@rBr(F2M5e)A_5;pxd?(bj;wl^}*6SXzB;BFdA zxr;r_FZhjYdAw`CZSSoixt~cq;}^#VM<0$sE`5|XYU%&C-+lMy+wThU-`l-!U%$}* zr%3&vkh ze>Rng)3gs~T?hg)pLHn;#n4RVls_^Lc(lB zs5!%d^&|KTI64r%`#uQM5`MiC$pqNDC{9NHWJdtSg@4L1)UhL=LT>;PzRyazE1BL% zfIsUAtbnh?<>|j4U2JT0yWJjE6vz$K7egDcci;#g-=XX-;n-JX`oo`F9}iDj7so%I zbS^LctWH-bzOnHqap_O?#gX3^chOXQ4x<~u!%JDW0PBzd4HB64YtIizwLlBtXQK%K z-eUqIMi|Ax-*7d20Jvp33A~>C&qBt8P{yp#KVUObapT<~*uZ-PQHCzmckpwkEe?Uj z`7D0J8RGdzO5$NFxdUY=??tQjg89@Og@bd_93uQvcDt7eh3U+APzqrEAE{Xxhbs^;yW4FVac>miuzu*Ar~$x8TjD3(M8cg^V}m_5i6+y)i|tcJ;M8Cv ztXn>lUflXWWgLl5(*QUU?+O-t3X1{iwST!2m$8pZu>UE}V?TnS`G4bmLDhUZ{x8u1 zS&6m|oF+dXeA@L>6&^<832Y}kmj+R9nsC|oC+D3V(YZYNkrd&=^W)ag zgJn#-CsYOpSuiDayBZ+$D8S*3p+V?Xkch3$4HD+QRL_w^Jv=^>>6Kys>G}iK zT-L0`P{Y#P*!Y*<4qzLl@;1%#l(CqR=6iRqg6N9bOsMz|d#``N|9OLK^nb?Q&G#r| zi%mGA@WP$ust>sML9)5Mtj6{Vjh)j~4z4nkt>P3~+Bg}|NsQ|$h@#K<5my6EODwPH z+G8kjlTaUFN$PV&9}Y+I3Kl$X^Bpl^N}!Lq-}LEnDu-V0&d8nFxNuNPn!~Y8_2>dB zu+3-TNtnh_AE-a{0Z%@y1{POQltO(Tp7i3kBK4k+TZJsJtq26}bsQtqoe`F-?o2<8 z`~hsLDY5}@Y9ov^eB3+MSmCdBGTPRcYOuXS_)koO#LFT&`*LKMIVnr)j^~H<uF6R3P_KA_33@*0j7EQo~Cz`+by`H`?4-IN%tG~tp(G<1!pRPad-3$_jnqlKAdPqv60k|-xQ4W zUA8U=Y?e&vI)u;Lk#`Ln6Uh9KvVbU($3b*p5|C;U1)fAenZ;JZzwrjyuIR%D-Dj&P za1UlETskQ)p6|oI*lYSyt*yUoWeOs_-jL30i$Vdt0?G=iC0(q5&ieBh=>K1*e&XZ3 zA8;%dOaG?5_x4|rAHY-#=5qX!?Pp2twTap?^WO$H>Zm#Ao5sYr3{w@#3)AA&6jZo_yQhiIb*TkBt z$kefI@g8V}y!C+9l{*^d9t~}v#fcqS=DNQq$K?ChvoFOMiGB2Hn ziGB7ciN#tsnlh`t_T|8X{UCDZep_I*znz=Y|1Vo#*`xqiTVjDoo4~M}uPnqO&ApPQ zRv3DJ8uPlNMZnGAjDGz!$iZKKy$@UyFypvB)Z$1KmFd#r!KS*jOb_jz5=wTRnssD0 z;zBAp2)B_;l+q&rxeXb3&5$Xw@8N-us*sfV!s?>LAz)WC_6a-T_ocN*GPa4}R067% zt*e_zx`OpTTfLD4q1%8d$f5vv`i|+8>I-mvGD(#71A8+uOrf}m;?F_k^|{9>HJyy2 zY0$?h0eNGR@=~Nlo=jxVAArn(3lmpvoAx}~Ij|}MYKAT*tTq7VBO9R_eNq_BIjV9} zH71bgZbqD-u_cqHo-43v|%{!QxpQ0Oijj*ubIXeex5zn9l$ign| z!H>Z9_EELtr-1q$DXj)m1c|0t&-~Sd3 zpe|fJ*4Y53&lEFxd8RVQ+wVdqd>{h{<%C|!Si5nT+i97>wk-K#Te0@%F^Hzn1(2qc zDML<-Q6~q=-$STXo5fkBuI|hx?P_BP;!I_~i)eLG#Ot=%XeZAo;@<0du>}#!!bD?! z*Vl@r>m>?&nCI88zunDe-bO_6ESN-U$9bk(U3~+nH^J<&NFMMhlXD2s3#Cyc7)O$t=+w{HJWQMhL2|xPU!mh)r(u{nzWe+co3{y~swK}1HyNFl} z_|y?6tHH-BcufFD|M62Dyw8yhIx}lZF<1kTxC~V@vB-a@Hz2YP&=tK zTfo~#r1)*oVF`$a{Z`CfY+kmU@D7;YjI-z^89_ss{-{Lxd zNdR&VFyU&A{6d|{dTq%Zs##_uBgk?`&3l%9SNCk1=xwX%|Bm8w?sBykM#4(>Ot;uI z#)(~vd4^@Oi+s9OPbRs|md?Iem8j94!WtJnI)`vb(?HT%u`heIrV&>a)yn*1PFk^h zhoY+*DNT;56@Es(u^?EgUnwUx+L2z|8|`oheh4BoB%y!*ug=G_OfP!rk0qR5ICr{! zr4azw2eAL`Y5U{9vY?8C(1*FL1cL(&?IJfy#>IAV*h6kc>_(F`ue#d}{44b@)fN8h z3OnCUqD9LS5Q~=o?*zE3#oJB+-h|-AO6b7H#qxtz#7}UA@%|3Q@hx5`;e{lVrySFZ z2Mh38lZieMXv3(xIAq~sz97XnAjrnT^dNtQ94Cw0Q3$6z$qLXE?Ng(mwNEL^9N>D0 zrYQ-cP)#NPw1qn4V88V6=?dPd#S*0-XmxZ4-B2q_9A%Z>kZJo>gd79*2sVZ#Q{ZAG zG6(_#E(ZfS-svN8mhJ*q7n(}8QE;4c=*ssZi-!rDdOL!8f za9*)uZ6l@BNBcafmc|FtNA8n(qGFWx1#(LC%P30HeUrDv+QZjvzNqwq4P&IZv>Ite z?*lCl@dPly1I5O}6xIf5LztKsbLv;EexBYQMaq zY-XMFMJnw;sF!Mp$2@xIhUVYR_BFfET-y+Hn$uq4s!!>S8S0tF5!%0K{!Fv6ivDZr zjr&~o6i=%L%p7C3V81 zeE+|X&UmxXZMfR#Mit763EVB+{{R7*Y^(m%{tv~@=s){m(n_X-fq(m_ZhPZcQ$2cp zm(l5LhgIz<*o#(IX(JRCJ-4z?JYHMx?Z*%ctXj3zJ3jCRSS9yJBHmL=@J-ps|nOi(7DT+Hg(a` zMx_AX5M_M@CQI38rZc$RcrZg#*eiiu01pR2J0Y2PH)sy#4Us@x-4)3gFzP7^%TVZp zZDR2iPFUFY0^pSzE}+B|EL%U>*PMZXy*dswcbC&-KIwcj1ci;ngVpEU1GW`k-kG;^ zIjvXYEw^Q^(A7t^sxBV9H1L0bwF#|lDAQ8iv>D;;wfOg zr2(G~O-(-eJIY>WW9V}P+1~Oa#GD<+w`?g+k^;&J1+#rVK)7b>Fo&H+CH71auZL>Y zN;{~H_X?U~T|25Ii$SX6%tVP6(5y@35a}w7jNh7J37Z_mnUb(r@+gmEoHR^(-pU_?uf@1|Dm~F z(wp+JOJ|d815-D?<1&9@4qF{B+!ZDMz!A$51y+kAR$Dkfl)^n5gQIm__6@zcQL%|} z0hSz5p55;100l0;m*!6|JmjG2u3Ef3U}V!SoLHzx!F>mv>%O7gi=rqTi2e{MI4&yO zDkSz)5DekhnQi7i<6GWLl>Ma?%+u0jV;)F|{pXv`nGz|bNYDYSp9A%Gm*yE~G?esQ2+vtmc4mNC{6z^sxKr@#DO{ltHtNQsxY`EU zyOtZ2M73>oKO#fSN8BC1(A5eq!9H8aBzzsJZ&WTa=NVebFads|ue|n56R8hps3JAS z-^AnN4HPr<88fJeDG?$z(%@T-t~X6bZLJ6DP;FhhGo8-#kQIqog*w=5)jO=tX{ZdL zxT~_OZx7f+8Bd=H2>JLVHEUY`(siss4Y;c7`sRlVnC8ew3SRb1=}sv3dy%->mT=~9 zQO&B8RnsC^uZ=!B$?egN zg2fL1Xzotv4i;4+**50UQvr zYYOIf<-RzxRF7(s^{r55pVyOdO1Hgq&vO=OfdS+xRWIhiNyY^NwH{^#XyxP2)dhc+ zcNJwn%R7hihX;1?1DDn}tSeH0m0ol0=#5pj#cc@K%h`T|y=j+jLAT3xXL}cOwI_01 z_A??;_}Rm}n(LKe*>zI31oOSM*3kFLPs!}+_xqnyvgHGww5la>D9QWE$|6Ii&{|+6+(_M@dLDe#g{ZD11N`8rR`siKNmYv)37}mZU2iv4t&{)wUmuP0#`cl{$_fAot zcyNA#N8at725t(%JU)XhNTYf>+U8*$3HkcO#=|auP}_&1(r*yUNOytS*k4&pU};`V zMhRG0L)l}?e#EEYweMN>qNwXSh=)lx%Q*1W&D+d+JUl%Sg8&VLaAjiSg?G^ocA{S? zfwqM=h%KsZJ7?vwpV^Q|s7}Uaw6nc#C!hTZ?Ph3;cQ;_6P(z&HGxgK{EZ9u^+V9Wa zsIjfKvPLaI$qbw|HfY{7Li*mbuHdYLsm0k^=-PnTL+dv@IIJH%>j!go9BIv{wz*L= z!mm`#R%UBn5Jh#q)2XNPXca)epJ|l3dG|qGV-E}~QAuj4ZHa5)O_kb)L4pn+bnR*1 z{HexSG{uwHycy5zu9UdY&99HHF|^-O3~#J-aU&FZ09e#3ZfkwWfCxpzXQ=8-e&jsW z+2ChvpA*^=vjhG_ZtW7K#4h>t0Y$c?J42a>8CCg}6+*tqe$G?VtH1vpItfR_Ky3aY zX{mxO9tACkO|iw#!KK(_v!gZ^P1<;ohyU6X?QQXof4ov2oyOS8IZR2u^4)Qm?*1X! zt*ox3D%9Me8&-33Y(w+d<6r{u!JF)F=tpP{O*Lu7tZZ(9D=0^8eD^!=uHW@i2&SGJ zl!mXdMK`mD)w=9Oaf~W7?emfkYU&^#16^x%SwFL9tDI{s_UwgLyZh>y5MW5Z>4)|j z&?Unugk5a9b4qIEM~zsp`h$%RK(Z7B01X^^A3 zdTm)H%1lS-a6xQ4cZvB?5p{ha>|XidZZcATwR-9w_bu&mj_(qG*Pf*5%%5oQd)xuh zx&eMCC42I=0q^@a=uAmvl)aJG@LsS?s&Xwf%-dwikR-I0r5gP2uR7u zMt+P)?s4gxy?@OC-_`Cc5Nz0m%Ihjn0qZW$2*w(I#W?7DOLRCCAQy=Dk8N>0I|cbh z5LQ(Y?{?m{v*-{mG`ss^laNw^$eCqCre6b*T9MYDoLzln46ZFP&{>H^>W4UTkZ;qbY(BF8_86d8B#3U{38hR{LU1OtuH8Vf3t8#vgOK!7B z19>&`^NbBFPFT*;6X%N8#f)Au^d`wDGDcL|QwvcsepqLuBzhc58f@LLpRyq<8SEQd zK6N~?zE-axTWy(BTJlBQzA@O46Y*wW51z$NJuXsjW@f;aCYkQsdGnFLZSD$5u0ape zBuIxlWS?nW17^+R_R=~+{P+K1+(gS;*%K{%x@cZ?>kGiw=on?B@|#OU`uok^ckS2k ze{c5jw)0OUPSDlh@9GZjcV>>YPLT?I{JFGj0$b1iuC$?t(S-Sp{&YN1x@f%tdGv@& zHa0E25C@?ZL6fp!?eF43*u{F=asNt~f3$j*GgVEF)wJ!Qn>1b+W+_Gb2{tNhltHL5 z4v)-2vX@?NIn}M*^G}DF;(R(WuLr)?z5SXovF_U0oi!aPW-(?GA~ZN*CHjd{aD2_= zlyuNvFZRZkjq0s>wz*gO{lVAX1RbN|5&L!i?Znq%^mQh>le|kO9(EH?U_WL5X~@Ul z*&18mT(GQ}ccMGYbeFwr(3D$zrPZ_tAKx3#n%W`WZW>L1&)c0KD~i{oJ^2-Poo@eG zx>XfrLxL5U)qbQX(#6pa!m4J6+OvKzV^ZY2t*gL&AT~F%#fSg+llb~9XGh)5M$r{~ zmzUBu2PRQ3hA8%jerBb}Q$p9G>K^Y^tj%&@5OklXo--?+&evx8>S~adD2@1vo}+2| z1#O0cZ>*!(%ghy28%95mueGu@OiTD{T#6lYpxLKvwh!;yPqf6;gRISYrJsebuc zkaJxDt*|*RFe3wDty|GXt{#`IHZ8Ckoz zxUkv$Tpe$ELr>I(R)>mSF?~KduJnT^kKRqNu?bp{&z|fw;69vrsm#W^Q8@OIQnXsi zayg2>hre4;;qLVtAO`RyMg@49-r=Ew=1{E`8U@8ZoOR!`!1Q+`=4@s%+$OMZ*Kam6 z5oi;IIsElJ>f1kSc@92h710-x%%A{un_J&BIsRc)f!ej%;+b{?zWtW}$lq!G;K$-O z&Vb%0te)n+wFXsRcKh;rHw3|Qv-tflGbJ{OiNZ1JV-$TI_T|-V=VNzl#IDB9E%MKB;WyFkPIkRME&^IpYE*Dkz%m3`N_C*cUHytpH(P*r>q__Ti0NPkIEK;Mf7lD4(R^dS}8IWdQxuh{3`Ch*r z=_};C{pNUA zu;>b%Fju+DbdduRtv@7YiC%c^ex+M$;pLzgrhZHRg368q;!wRzTbJoWr->2q*$Yzs zVwo>1aarp6cK9#52|gppu+og$@;A*C;kUd?q{X~ca9KTCUnbi;yJbE^X#UWIQFTfA zOxnplShkJkBl-%#?>L&mM_bpzp7k<;YGdOE^E$`&Zbj@4`BF8RQ^8z<+q@$UM7?Xq zW3&{82oVCKDKMmGgIX ztqhVxxl=ZNS*l*Io|kb*{*s*1z4%1eZ~9M| zu7%vfiUrHPq$a6=GEG-^NPCV$@m;9x+?_w~YO5a6u2;@;%u(}_mXct0HaEN3pT+4q zp9TS&WG3CJI#fmZ=`s^#nQtdbap}de_cDWvB$%Dw{?g6BLrlOsoiyu zCar+#<_|+0Ia1RrI=rPN1lwq>5h+dlt{Gj}-_x<&nv@uP0j+Iy|* zJ<&Nl+*cmS@UHhD`6WSn6Z+?mainal2G+j=rMp9C>EsJUy=3x@zY@bDog5`?aULZJ z^+O*3=rI+J1q$Tl>rtd+Vv6mCmMb;Xj+vfslQz94#g_8!LPZHerP>W{yt@RlDWgB2 z9er{yr`^F=nK5(+l9Q;bXHWTLVt4Y5v>i{b)+k8$!bQk`a%q0HLEaLmNmW(=-Lj#5 zR42cEqo&=$J_?pOny9esqV%PEGTY62;QnJ}uR<2lWFVtymMFC%e~e!0y32cN_mVxL zJz@`QdTDO5O1tUW%j`bvaeB#(>Fd7PLi~juzxB1R#mv`)_OHIQ1U>ruKdO3ZIWEj+ z5eNB@0FT|(%3dN1IQAwK!6TWDa~;0d7Ir=LH5bT$Tt%aSTI>&ps25Q_%Gs4d!hRgg zqmM1VUP9xu+FtT)X}*`NXesR?6?$+lSr6pY#d*DKI^#--wER>x<4mxRBD@Ri&K4>O zOw^~mVksw2NiVf+NWlJ7sF(I*qq0H=q-Vo8apWRR@02Wf?o2$ahxXD|P6>r2tgWAv z|IpHt2u&QdgV982FEVg&(xOuiHC4zFcp^Fe(vu_wrpZ8m_|RPsP9-{rw7>!m-I(KPL5h14&& zUm`Yy=RlN`IJ%O_(z{&I%f9aoL#W;FeLx>P#%@O!QYTTC4PClQlC5=5EgKu=eT{oz z+rL&OS%YX@sXr-5G8Mg46=%IXR4w7F1Wm$cf@c+_mcgc@=S*A2yB(*z898V}_%nBIhOSz!&gwjQIQ#}7V$b)rjcAtU$ z*q37WGgbmNawQQc$~tFaS3E}NO3Wd;cIW#3P$v3_oar2Y)tdz0(kCNt@7=fip4WyX zlw)`0)7`hc5AC3^pGfq?MXv<(_M>+J-mru%FF|es0s72RxEAJe$WlIzjRObq8L`moR@@hKlni7hls7b|dOj4GfW@$;*x%@e(Bl+dj z#|_O+9`lSW9*Qo86_0r?7VGBOwp|s^VxHSHcGfnlh%G&R*Yf^MCU-f%#}x?WGjWH= z!CaoB$rn;tF5=KXMa9n#+FewKH5*y=yY3mJPniqR*7yw*OCihX=I zLPei>b|yiOY;r^QlrJ)K-Avw8>8(~S02%DS*rx?p*`bOxROrxq7`C20-JychMg-=; zs)FhcdA*=&>+4;nJa8%>dbVS4ad3EwUI9`$Zr-6B&B=GDV(T~S5DJFIRqz=-yk59N zFl}-9tsTX@F&>buV4{g7sVo9kk!6_eQ0ca}9T0Mc9ow5Hmdh=9LSeosIUp zhJ5GELnJ&oLu+Bpb|}w2X(z}JVV~;YSa;LiYMFO&6WUTfZT(Ws2zlS+T|hURm9y#i z%8D~#Ep^{So68imIsfQ8Rsf-jkUU@BhUlKWV3&WgutVR}cnA8EkA`q}rx=l~qF7cl zokj*f)WMFpI3fn8H|pO_)G)llK)))>9^fM;#O`&s{8Mh-RZ)h@PE9mXrYOcW!>sxK$ zgfn(5a;b3Ur+)Z(K9cw1*O8=G)3c9dO|-V`g|Q$0Hydmbe?6hsv<*bqFOg=iF|$t= zc9U2h-^$+M*zK(2nh$L5B0J{LdCDaAqu4lbHBp2tGO_~6b=~2u`Fr$uT%NbIW{XyM zGcXDY!VRNzTOm&Q!wZ+awZ;VlDLcpN`p*3_i zS9YBUt)ng=kDU{tt)sJfI9D|}(%C$APK36U&aMY&Dmk8adF-4BZ8@D?C-4@+&WX@g z(b@GuZz1fQ2yGReT`TO|?q@Nsa3ex%=xo018WCDYI$OZbh0xZ~*#ev^njGnD0Xr8$ zTS{lw12mN!&$|M4E`+w6&aM-9i=B5agtm&#t`B;PtveS&TSaHr3Oko|$M^LeON_55 zWY>Jim;5>5pPX!GzNPrhA6pGzOr@1dvyZZ~Pczt^+N@c5A-iUUU7n#^Bk&qwcahs} z<)y5e6?TP9x<24JVu#PAF^XEEy>z?O+>y5Vj;R7ePe*ZIISfI()Vnd|8hys!SO|G` zMCgUlju`vB7~PMLArt%sO!joVBLXiTLY7e2wK8O+~k0;j%%0VGtA{6oWNAx!siGx}@M4d+1eO^P!1tiJqrAom2K| zhp!{qdEKkbgBJfq{_F6c(O~e394*N4Bn99$H@D%}Sr2=!06AqyMSet{G&$aFPe_W$ zMFO2C(`tFPKO??kV2f8m*C(_yvz1G(He|EdDGzFggs5=4?sES!1U1bj^y_9 z*uMr|WGIi5o)>60BH|>$AXXFYNf-ow$={{r8YAkXr^Sh`VU@TSN4wAJbtk?4$1u3V zrSjhJa$PZ_3n=4EurNih7BQ|gix*sp^l&=cLuc9NafBmpr*{+M!MpjM%~$q>C@hu$ zo{MRS_g>1Me>eN&f?dy>c;wXFmr1)HM;Xaj06V)fdL#<C6TYDQ}clep$T%oE?)Zjgo3TEU~<&o#k{X6z>On(dH*h|0@0%oIqXw~ zw3SzP7KE!6MCV2eR66XVSbLz{B!Yw_70H< z+#?~dcmjATOnC}#kNt?qtNW&%U3aW&pQ&o8<9W*DxMwkz2SxH#&)yGuRYIsDu;8E!>QitHu5@ygE6}m^LEw9d`z>Snx+53a!sDuzIF2uo-1Wv)F(ayL zJ|-o*iXy*G%!x{l`a25nT^`q#hX5&$2!!w!)6cto92`jz^u4TmDFwpBBfCS3`MGuGzwlGp`wZu71eO zxEj=~!LDXdKq~Wx;lsm=e3|6Pqu{#h$UyeeX!a(ys^)Cn)$n&K44)%*X%xt~0b@)x zUuK2Y6+4$bn?{o;h=zBa32KcF0Syqh{4lLO?>Muta#umPng}{#*AJ5t^TatdADwjs zm#V~UrIRC_1?<>*xIAll&4}H6U$d(Vq2qZM_ygIy>jmbfry(O1yzm+2i}5B@X_9$q_rU+58j*)6#%}6*aSA8O04uCbH)b?v(AP zjyYg?W4z|NEAf7g7eS8aorN7~gB<`|1Us(VZNYx|EM#a|v)kUy_(RxF+Co3PFW{^{^hM)vs0)gHydE^ssIDZ|dXyjX46C@p|p;&$hg!%l&w z?-@g2w)=6w5$(1A8}LW*tmg>VxRP)xi>7&GP&B2xnPHJ#yUMu!FR72lUQei zWi|4yF+dbWB%@~+96(*LDYA~WYk@|7h5FOpQ~Ql^N%%&9qDppWKP`gY5ih51J$B?z z%bNghz#|(V3z+GZ`D~LTb}AT~)1wqq^UT{6W%0hk&rxy-;5iJYIJA@VZsAi2b{Kev zY-Z<&?5W0%qW6TW{IY@*>WzDoRv8ji*tvx|nupyQqlF?OV2uk%NQ;4dUZA`)$2}IB2unpRUK<(=UsQ^Q#p3AM+Y;=0>1@yUOl zUZMZ86#jYrroFd^MkzxQLSpmw7Wwcm3vk1A*Q=n(r8QS!ry3L|=Z`R;Crk~`JM^ph zgBM_Y`*{FXV|NOb2wlqxBlrO9=3H3Z*F(lv79i>7IA#zhx~EnfU9lA@i=Z7S5>5Nc zEXePD`2+C**s&h!0$os+#}ss1ciOk?>ZOLXLbDeq=MUhGk2Q}1wJdu)PnjBG=Xh7a zHP64Vs6ux&lIt5#gac|Jer494q8<&btF0Y{iw6#=)450E*2jRBS9Wt4%$jP_|8c+A%%#az0a5Ejixx6tQz)Ra|W<3afF2lI#6!|H|o* z%hk-b+PiS}D|=aVAaLX-@sz|Y@x!z~M7Ne$FaEu1$<YOqG+1|I@Aj9_b4Cxa^KMZ`A^@hSUEzj z!N`-14dthD;l3Qnq!;^>m82YQ>0W%o+nCZ%0AFkIBpy_HHB!wOd8?~6`f%UA#%(X` z@N(zAtC;TRc=y%tssA1#=i4o>YPRY#BF#vTXO9eY8cpt!mp`T_OsGicR(#6CckQDV z=_el_Sll^0M$^);fe@pJj<`627nA)FNqgutO2knRTzS3E%O2sQrhAOx&@KOD!Q-r+1v*IZIF~~8` zozI?kX{6!v;$ai716*|td|2PAV<+63F`?S@cQ<|ri(eO=Td3-B-hhw*MkE^z2JnP7d zry)D*#y`jb4X(RcsBe z$-&23nX=7D3lh-9|EwHevj}{LAIb~NRILMJm?uNb2!8M;nuy?!23bV3Y9&5X7+v{3 z8@`V0#SYGsOW@;@>w=wV1Rq)Vd{CNJ2k$jXWuVQ1l-3jhx{9I{ofS?dh~O%xc^7dN z@L{-tk|Kqwj|O&*%@=|uy=eaisv$pg$s;imiJ>#%c z1}rZ)KH?BcWuSx%ddvaq4kOa%9E7aE`Bs-);ZyDv&*SLI)o+(^+hvzsC+vi~)RBV^ z?Z$jBIFf-^6KV;qt|%WqfAq5OO1PVIh^}yQ)%WG#o6NUZqpI1mZ7p$AX(9M9FdPW} zbMU(tmz-~n@dJe3bt^tq!Z+~zU>eKIQ7n^D6jU67_u@V06RFO)b^roGdwbpTPnGZ` zQ*w$l7rqYXTW|PEgH?+He1U&0Lx7?I={1x$S9ZNfuPf!v!{nLv?(bY}3d0j|H z9zG}1TS|G?1viykNk<+&C(>I^dDjcS#o%)yy;YQVod8@6J}1&!MS0f@J}1hHF-81l zq}Nd1eA%@ky{?qE0G|u#t)sjJL{~PsQr-f5E~K}V@~#VRD!HD01^8S@Z#m^%FZ>of z`&>wG73Ezg02f?+E~K}L@~#6TWS627(22)QBT*%6@^Mmu8c_hR@@g1)bIRP>V_5qR+s zvfQfw?(sji+u{-fec=CRZ~te8qywaGm41mO_D+U<$w&7jj{4Icnma-DfDm@8432X6 zT!5>B@2>zxng}+p8v81GRo@>BWQz<1KBH1m)RFs@A6AQhbDxozAIve{$X-&;9%2)vF!x3II!E zAFU$!ufV(Ie@27BtF|~9@Jm0jwYj+szYc@w$_v_RufK;ry#nx*eIbV=peZ9?#h(ybKnC|dTEU_e}?Zfdcd(9yRZc~IXj^8 z?8R^3t;(azd~!99EQ4=4nFJCoMZJL5VFAgR)yKAcRJ{XmWKq{O9NRWKwylY6+qOBe zZQFJxoUnt5F|lnM^W}No_s7>&UDbE@J^R)@eY#JtwKiIzG?lp2vxz_o)_M-Z!onLK zHhj}2^L?wkB=L^PDVkZm^l3ZNbhSFs6M5&8!t`|P!S-Z$X?JCB(ncTBw@;4SnHu`0 zS^TjtfG9X~vnG(5f;{l{>Ng_`H{W^&jjOLtleevAe$`ddXm9Dm&Xnvvg8&3}grhss zz+t~9Rv5OjT4E@6grfR0#{N$upPN<5y-)88L+}vR)KTdf_{E&<@YIg#;tGjUWtXY_uV)V~tL9!SiImC5zigy5w|WZ{J?4*lII^9>R9hqN$vQ zE7%|{de9%(3n)y}skWsKPvfwC`CPa4AN`8{S*`ERsmh6AJ1sRO(8o&q*nuM)bG9yz zemyTVmPAz>o+Fk>jHvEQ(4Yc4Qf0San40|EK3nlzH7PZNv_}*&^@D_{lUuDxIV$zS zo$$+FZz6!sE;i6Sjp3=ZG`-y%g}26NUXuF?7q4TCtdl;oG>QpJgfk$z`YNp?^)DQ=wts;%rL-3iW>&n?_DulRaTrnJ{G+=a7-D%MkVN7pjU@ZQ)L6 zS0^a;{N4!=1EOdoYQ}piezDh*Vk{e;j;m*;4EJ*8vV`-hL=QhPNSDfxlXdqtxPEb}~PPhy@99b3X%KZZFWjeEn|UR|g{Yg+6vW=dm|#)DbQG^V1YIEtNl3dA;-xz?Rf0aTH zXI^chpk5Xkm@LZ?1Ghp?cfvj@ts?&;DT|1c0iM{EEnK-1qEgp3a%1pZb&!JieY0bx zT$)a*EHv=5Ns;ZGFP-&$XfJ|)e5SPrBttcYEzr-m5PJ?29#QAPclIfi4bp4cclIZ3 zBMRxZk9ov=va5KpZ>oYLgBQ<{S7}z@C^dnQnud~4%^4CcTwUtwmNgCO*Sf|K`n$3v z!mv+>q3wTaXWs^oTfG;o&>-h->e)mPH%URj?lOu0LLQI6C}nDEb=D~B$)o7+o<~IG zWKYz;oz#-2=2s)MTT+V9C+pEL^=o49*Z0_jI`*BPt4qv1Uci3@U2Hyry{cmHcugHv zTap!6^~V~;aEa26{l!_jeci#9i9l}i0*A90pGisQ{)nK|d>LbXP{oiNore3JJ;oYT zP+CdeNHA#Nx|xb`80soP;F*g05Xvcz>upb(H_AF4*! zt^mh*bw=Nod;mu*gAB|mYUyG}CjQ%`uo49|;e*3;!HxT**Gp_sPg2|L9zgOkKG->( z3nxf7Y`pWjZz+?VS1_V=bIaG${Jo8TZ@qW|U%qFjM0wWwJ{Il=Ar}>6BX|-2=tG!p z|4|YSjx>g;M=RnP=iDVzOnq(xe#7X2vttK2?v<6?eUE2ZL9!?(j~_tg3P4f15iV^) zn+CS}iRxM&uqg!2I&91KI*eCLEOGVndI~4*hD`bkQOZx{^&zQ9WqY;O#BBe_$=K!V z%Ue9FAG785zPnDEHd<2+^6h-l0qI8ZV>WUeYY#XSS6^yTQ^Qo(2&gH*3YsB*CL>N< zr)H|E$q!42nGZQ}7fy(CopZTfUQs-h6duhy{j0K7FS|rhgFJqPM@c@$&RqF(iq*rV6mc$A<6gpVFvA5Io;AT}moxh4G78Pg6z`49n@O)WZhB4nlq% zM)F3WVX~^$aBxB)qbJv(nQzk7fe<9*i!gh=Yu4kCh`DW6;)B_r8jEP-g3?odI2oB2 zoin`%Q&oYd{k+3u_NO!UUdwcr&I(6!!$$iVxH(()DPw;fxIKg?XD zbm7kphQe#kpTM`e0h36}fen1lqO=6(z$?HcL(%a@PY z6zXrPxJ4CaqU4q+8lqFvKH-D_6W^1>oM|##_FwFa>xX`7-qQ73!kkQr3efNC>!Kl}Kqb$lI0JJY#DDs?=Mm>+6{3bnx9*Aqd`a zKRUg*afrXP&yE)mgA2TR`-E*ZsJt9M<~(f?t>Ga=$;VE)YM7<;U4-eWzMN#|cwEbU ztyaHkBM@e|Z94Ns1tx95vHWFW9e>Er0IMY1ysY-!VazG6UlK11Z_pI6l&PsV@VA*5 z9)ER-xL>R~U5!v+{CNY09NOWH^LM}#ZV5(z1}@|U<>kog{Q9^Ei06xP;<7<<^Ji1F zCar!YI<;;R2_vf9-<)~>x$omE0LHJ@y;ImS@lY8|U$emDrOW5r=W(U=QT4HHP7SC* z+`$JxX&_?^5Hvu{-J>c@2R@Pev(U&HP_43(LNqaCa!(I;NZCxC6G4I)aXS8bWQyS9 z4T~};==n#Gr(e^uF-O-Q=vk$~hD}TRlS-Ax+DlmD@tr2+ehA{beo12cW6P28q%$u=>-gD4Vh8MtvYRl0?V&t<`tiEWThBb6rXc62B^A(wCivnl#Nb>3g5qiaD|CGA~-Y0C14+(xUP5wFlme=LRyCeSl`48eoeMb}4 zFnSJVe(2tC;*Yud5a_CC$Fyiyk1+DrgaJ&bZds$DGfK{j^Z3wn5EyPMwz~T9?mpOg zn2~6eXlJwaJ))_1XYCmhyry3sXbvavyhTr(4EHn;`fc8&EV;(s6|`@5AOGCUo< z3(Tz%sUk{`LU$wU8z#8kj=OzBXZWYReN%j`2qeB9=Is+GTz33aB$i8|kjWCW* zmGM=nlAnieJBQU4?cUg>Fy`tB`O@(pfc#`AnGfbm?tc_xz&1LEe~JIRQf2z&#qHgfABP_3Ka0`qd@DU^643Q%anjoUnsU_KGuk+}vfsB89B zs$tfxoG*O;2pfWPSZh3zov9Go*=d9OZK%O-12ql()8ZOKJOpt(ssA1Lek16$GFAmn z&eVq85k6Nyiou1VMrz`(GT&QRCKKBhkmNdOz-{9mT{3~hxTSEhMtw~^vyiS;8E-f2 z1-7JAgoch^m1)0xIzjRmj+GN%x~Pz}tvj*@ehak<#}Cbx+$O)(P>GQLt+^o=AJR>s zEt8Zh7FF=~+_{;vI%#o<-d9ht0A~DuGST7w==V*|&brGcUA&8CagP{dx=XomoQ$Ba zmf-I&r6hGcU#e})#w-e>C8rLOHF_2rH?f)t=~XP+7N^thuoBS&}=q0}|D2(u1M>RJC zuk2T@n&4Hc_D$FYDHGSI*hN1#Q1zSUrIkpMq1hXnk^)X5L4lO9NZrnHso2z;&Fx3y zNGJ=nXu-a(CjX8a)U5Itf;LqCF1+;tvOf5FPwe~yPnBSAov*}tEx}>XP(aAP!AD0w z#QoB|hRXX^o7B*;u>AsSlth@;-9ga~^lq(bIToKuw`N4$L1K`%d=)k!IWW zpb=71e?gdZVV?m=Qr}35AIAJ9{|NVYh(1sw@9Ip2&XgI5p8Yi&C#}keerM4Zb|Eu; znaM0Fg?>J8P;2NbaL7dK;yHb*8fs1 z1a=h~uoHnFD;t)s043`l&h9^J#2eN9P2k&E=r!8;O+6E38UfayuZ9Age~r9u8>2)u z9ZI02YaJhrG2ltYpSdT@ju(*$KXffW0C0@Ana{sG!xr_jFe%be3%=!l6t`jlVQ22i zc7%pcZWG7HWrK?pn^W&H;KuvSL)H)V0YzUl>89203Xj1Q&qP|jVQD`2{t+;YndMFQg@%C{?^LTfDAoioDmbLWK%GWIv!lK#=}5om?8k? z@EL8i3PL<P~rhpY-gd|==5AIeSgtpcwBON%?|;Jy&NK&K#4_)SJULpmc5_=dU3co; ze$?rd_~sHMr@S)Nh54{V%v3I;|41VWH=F3X;Zd^Sy>|~s6ZZN3%9Y_sFX||odh40p$S91rLphIV(Oj*OF^iuK4^KfeiAs+g|jNzO-kWh`8|hcvTXPXFhv z8mng?<0uzTPla?mKwhLL=A{82AV&wu%l|j-Z96~Ns`+xP7gzZvBtSpXlkk!;uzRqI z<&u%)^vD0}HCk18KJ0(I-W45}!r#^xZ=Q#lo382q$F4bd)h61!nr-Hr7hmR=shaCR zyfQ{r(M$p^^SQ-LiZ5-?fe}U*X}kZ-9eYqU1@{-bBXN=~(H813Sjyml)58B1VSLcT zfQcHP{1s=QHHBYSkSg=(?`=!#wY}YUU;sfI8Am&TS5%5l(p3$4SvLKW?Hz@gO}doO z>zkZVPPK#1to4G?c3ArP{6f5L z?;JJC{`C_}+R8&NICiIK_fGKz$)7*n*s!_U2Tih3+R0iN90bjy7AX-9pwC?Uv`!DF9wn{C+i{McvvMx!Zsbe6|6td)o*sUeP$dkB1Eay@1 ze|VyjUjO99?9=15+3W7I7Z?h@Jk{H;gC5bh82{U|rFbvMm9nM;WTF3yCu-cc{QvVr zGI_5=Zx3)zYKl@c2*)WEkXxQLWlKo{B<&bObZH&dam^~{RPXK%Y9Mg>B}(doKrdpZ z?~k%ljCFu(VnNpfn797k)6F;fpzkC%8p;ouh4>q)>h)3-Gx?UCUn)R)V(<(t8F9Jf zn~QeJf>6wJ)s^UWNDvr23o#iWbnyD2T2)Za1^LD-JSoQu7%@iJ!Tsl^bzxPcBU5 zblSpMwE0-Rhfe55HL-C0lY0VY=7-eUQW1R=haf5A6#6CuQEvY92DOeh+}}Bw-N*l+ z;a|I)7GPZfHY*b?Y)si$0rjH|0~$@^B#-KH`q=caK~@#hfaDMLMu*W&E?M)7+ z4rHR?7AcVAyI;O8TXkb9(FdWqT!{^<(JmVJe_zKy6kOt2ZvISE0KeC~RM)QoC(*mC zg5Y~qS0NlYY4%w@Pu+~?J%r7h`d!{uRnyM{`efH-bJX!P!+m!et1%}}@= zBxThc9*A?4hGn+rmCbZtNO!H{a zc3#3Ie*DY7ypb9@aq8)maXZ=XL(EOFPNU0&PDSPTzYvGQ=dJg+(Ig`nu&!j_wcDsx zv)f16*4s~89!8@OLah}e{(D}lLB^(5eL;$nRT?A$+z3omC=Z>uVkj$YT7Kt~zZXnH zrF@>dbYm`vU$vX{r5JJeUF{jIjs^>n$q_yzEIP$ zn3uw+BV#L%#rgPVMU@eB;Ky(n6QE*QB{DB9tKCbvEXnt}!*N=wTO;A(?`9(_-mKE$ zVTin=bF!EoZC2(mS_bpq5;{SMAtHefCh^BGoFW0g378qr2;wSZ-^c0NjN6*!M(wFk;>!)CZbnc5GBMpRq|`C zitJ`^mouf{*)G9Jb>Wn6#mF9@w1g-_DpBCFpc5Uo#a=t52@WzBkZfYVZYR?-O3fE} z7!c)8MUQDj019GW+}(-jbgG&(>cFHwdl4qXrRpoCjZ9@1;Q;qwUdq7TU#)Y(Mx4%R zuxpbD(hXb_k%%hi?c8a*%!E-a%y+>(0fQJu0A;48UdBZ1WKowNcV!D?j>Jc#+8F)U z%c`@C-_z3po-7VZV4nM!(h_5>ZQHB>GPCVzSyZ+O)9FHJ#`*iNwP44CQb6-Z?quS* z3O=ufOE}kvpr+hg|8GbP#c4$OX0F$X6V_ah=l?(^3c*1fQ|GIZK)ApxJ3H!7yf%;j zLZ$qX_q}hVS_Tr9oDi8FCfu7G^=x%43@lrW zgM6u<-`zl$)No_{CXi~fO7f7FIYrnx8 z`j90~U+7V*Z-cIDDodzfPKVY1k!Xm*K@{-0SV#MLE~P?TWSXnmh$dhd_42s0cX4nr z`nl?Oap;QnCqE)y@N>4$ygOiF%Qqy$2GlRsbC~_1UOI9+PiA-o89L%DG9X(GN7nD~@vNd)scYyA(W6d=ZCI39Pm6Wl0kd;Wa*;YCF09cF zH=5btPaThN(#;<)8pc_fk;ah77`$JdY-*fL`G1EhW%3;?;4EE?>AlX>5<(s5165(u zdKCJ6@Am_xvndtLf98)bnwyf&@V_+pVKbG?sGJhkx+1W}uppBz>?9WG6JcTaTr{n` zmvN`_l#|r6@WZt{dYO*TWqheySJ2546BZZ}5EJPU5l7t%`@nh!Vd`_jTB*8I|8h$s z%l&DrIVwy_lG4$0sfr_u_e(!Hdp^2PFW&Yu-X}yxa^CjS#=;ZMZ4eyEBW@Y zYuAcbZmNEUnx%C>f=WP4Q{T98Y|mlqT{)<3#uUZ~e))>{Lp-#oNUU;YCZ*dcenrpc zBBYZ=WF03E4xlN@T>_5pE6V;C4{S5ub`wWS9>*x2!%8h~c8T7S+K}~I{rO+2;^V(E zhl6xFD~|Ezi}eA78DVT!wmI^775aeJSCgyDt1@WkpK>do4);Gs|K%#eHc;J}T{tR3 z#faX3-RR?E>%PyIeaCI2*2b8_4&!rEl-XC8jcqDj-W zL)=+VB6$VfKhV{gO*m>k64_+~XUBKwWoSxOwYvIgjm(^ZKDJM?Vq&(piR4LAf*y<4Aexo>;xVhR~pWUMAQPSe*z{%ra{>9MM( zOUjeIzyO_c+_I#%!0H9E_@`9`0{ ztZ*b0S4{Z=yQH&MF&|^p`MRQmLe8>2D!YchX6E-SX|^# z|IT+BS}$+nmxr(*4A4x*!phb7LT<^o**&}|T`mSJ_P=U&DQFdED(`>P?8jcy(h3)x zJSlg=vT5?}t}2?S@u3s3YFV1cuAPecAtN`krNdO8UMD*llRIYKq%&HXUIk%61PLk? zeetSg1fWDJ-aggalvG>M;%l?5cy*4-8CWc1X;-`ocB203qMItVksIk!S*nlzjcOH5 z8Dsy+kLo`(k3PFE{Vj80YMRPt?qF!W+iu5ZRYCuA%n{NwXJbaU8egWKsk+uIGjmEd z)}^q0(&VjQ5Yht%YsjOdZ|HYy%-^Qn_co6e>n-72=cI=KjM)gNWy&AWS{XSHH8sU4 zxm|(BU%T;J?6}3Fw9iY~L?Z*IRXa4X%^n+I?;j;7%A~Y%uaLVsHF?72g|qb;kfFrP zFyK!;RZPm+9q#2OiGlg!9D)tURLB)gWA`AJi7S$3IFI463jqVEJOeMWlzG4~aZ`6K z!tWNBE+^jzZrvZio6hUg5Tu~ndC>@7r0d8Jd+?SAY1he4rkxmEAb;al^f0s2ftoSb(1{K zcRWfBy&*CrCBB@kTsdY)YDr*gB_lH(eqS5IKukI4fC;JO8%2!%E^TdXN!lRD z9sOz}9xLKk2#iws`i&LbRNYlESY~WvqpZ=3Co=#3UGDss-_5S#e}wK0OdpQy;D+Sn zHs~;2)YR{g=e}>4Ax6#5&5)$>ESxU-h!||teWGv0aa7|AMnaT68ybLDjP@RRxOruV zMTO(LHQap%F7#+Ve>JKsVT~0$SC542QhN()Y@MC>xy8>duvvRFU|E)_s0?C~*Nvfi z+QNU6lB!2(G4s{Xd8N&Dq?1>)O)XHfs21I1^bshCkSlkRGc@MjfRsMP!9PKTAfWHG zcyk~Xd#C}`Yc}kUsf6ktTS)_M!(Y@jf|X>8LbfVC)CWU46A#nNyoPG}8++&{T5LSz zPtfUw+jtnI=T`Fn530`C-27|FL}e2lyk2xT&CoKrHe1Q?gJz8?`AX$C5qUgWh3!&@ zmgI?L1ko6H(FCE8A1f2zN$_vGc>6LUp`kbb``Q1Geq{HRDVX0g?p9zqU2g2P8XH4` zd{zkaP5%?@ZLEB7r@sJjX+<^!pmCqkT7wuR8t5KKP-W2!PfFRJJ<*Xzq#ysWDDZ7&BF2p>wJUXAOfA^NoB0c<^?6} z#cxHdFId{Rx6vJ1LJ&k9Xb!^R7&{dzlHo2WR>4 z(R{xmLw@l7jI!ETFN3*v)#gIOqAJiiz|LTE_)YS}o)#fp(z>#)(1D{~R%^BVqC=KC zCyVl^umh^dAsy7zoJ4yw^xQ^oQj)Ag-1A{Su>9k4qVGz6*lM z&`FiuV7oVMSg^*HyBDZ>27l9hL zct2}JgbwZCc?ce*+lBh8TJc|#yMh`ziNjVn#s@c|-nqrKuzGR46*nqvI8%?Q&Qvp* z_0xEhXnir>`ZFzy17qNt4UM!m#yCs9jJt@5td`w643Y(d4z+;LOrl>^%G*CFz!4lY zw55;q&Vya=S^EFBrAYT{?3&f&_GgFIF(P()7b}4xE5J8z<4JtI7Gq6{8$BqK4XV0{ zJNc2smQcs;@no>^ZUOTeT`cQy;>JDOhlnX&=1R(;S^2X%MLE)WjFluA$t3UmAcb3b zqRv((E}9D?u9NbK8Ge$K<%{_T090GZ=4K^bdmE> z7v`sdrVJ62i>ZA0Y|a#_igx2qvk-Rw?r2xUzn7%|OU7@7HA06UqtyC}mq_IZMGofa za5(yoA93NMT|W(}zHQ|>Yr%8k-9z$=R$la0n(EylRaMMZ11H6syOaj({Ka?@*q2CL zx5c}tOUzwXp1-275fduI|2v|`%1ewRmht-nd*Van)y8gfS5D|mctpyGB{3cmIZg{V zYK>_#2Hhd2ps8#Bxx{}4AeMQ|{_kl+0et`K(1{1Xrj2i7I3`>Y!a{RDRv(uh9)P6h1VT3@J8tV zLM(1yBxbe5MHYWJLs7w!eB_sS!@|K(V8MM~XqUg03(QZx-|-nQzhX+wV{;O)pNgFr z_nQg;R{U3A0dp@ynhIQx(s8~{$qi`)%&)H!7)ld--kfY zG?)@Sx$Ys%3S?z9BBKy6%u?RgfJ zi&UNB5E_N~K^)}envdXIJK&yhWcOXads3J&A#QNMdJqR34gN!jhM;4RuTUBesHYsb z5=DLI&;V#viB%LTU34w8#Po*z$4d0x_HDJc_ERA8g_aNAjNpH=t&?h;pLc_6S(%vw ztoYBaG_=7PQ!?azPt>FwCg;G!*br`G<|*8^^^9WV=Mm!=Teqel5bNIa^@x3L^t;x9 zK;A>IT04-aYu7pnRhSRA2>luC2^l6mb!xyTRH|ALDWCgzc{lV^$TPI8xs|=sgYoHp zkd>$IwGGYw`gjy4+c1LfiK8iZqscH2M&a=^s;L1M`}T1vTsU)xRoH`Lwc%1J|>CRi3(c%orKfq7(-C(r`LtZcV`LgvrL})m%+N99{hn!D*4%QnU0zZ3NOWk?)^dEw zi2syLB|mO;BfOKf0vx*~>?T_QHb>5dFMun9~`iXrEb^H4U+%IDgUqtQuU01le>iwHQe@YRu{XZ{H{4Wun zrkC58ICqe%h6V$I&UJN>Frebbv@oX*UM7r%VZj0L7v*jU)|bJF7k zz7yPOWag*yTo?;WEA9VTkAPk@HvS#Rdn{gXpUAti4Tf;471qtqdrp7kxQpAV z;dJk@b2YPr+sWv34tHJkQLAwp8><6@_*6oZJLTyVz1eIFV(_3hFD7RHDB2Y?&;o;W z$VOhYTXj4t<#d9NMj#}oQb^#(M}R1{TwhwV@k^fO#(6y{Iz5izUM&Sap$aFH39K0Kc$Ae~f~|y!S@l+WmcR(RMjdMYOhP zG5aA6_+kIPvUY4a34`~R+m+>~l1+!xmE=>So$cxVLDQjo>#ytp`r4)|CJG)R}BX)2&60|&(IPkWew zI`0Ly#e6U6??m)}0x@}SiW8J#i}%l-o~|}so5g$7z@3 zse1C;DZ4qvB;dx!MU4I@YYB*0d}U?k*gM6?99$XE9thhz_7_t@A2WboaBOGNzFP;f;Il6?UKtWGf+K^nH&!D6l&P8u{PJA8C}$alzQ6 zuka}vkkH}LUbwaLHFAMP1%s@QW7=MF3bToyi-bYf zJr1b;MrW5@DSDS4WfPd}p6JVWNFRKOCsm9+Lz0HDByx&FC%9TAX!{ym!iMIRjwUCW#n)u%8V{EP3XmuY>ea1?&n^{2wT-UZp{fs` z^0<%;JdQ;@j|+yE4GrH?8h%?SIbA)d%%2r))A#>t4jT|f@ArcV`OZ#(o51OJE$gC>mA2#KU;CfjW$G&-GjsD^l5+Ev({y5qcVoe- z5QEm2x_#H>j-6B&?t>!!cqM3rkkIb9sf(3lgc&* zInvoMm^=O$P3|@!;BDbSW|lNhqRnJ4$qUW(ug^7HW7#Q?{A z$b>enWr`0#>7u7e=i*dQ(So<>1c4z(RuG;9%1&~>-1)F1!sk#{iBgI5!F73rGzAs$ z8C>7TK?7))5pvsTW(jKDo=lB%41X>M$m=4yV{+@Awch2!T7EuuTnaRaawIP|!4hJt zsB+{EKLH!Y&Pkmb&|Ix9m}{_ZdHx_PRu<()bmL7E0+5F1%Sq-XSztH@@}%aif`jE9 zF(ixranb*Y;9P{F!a@+p4=4S)fL#n5u?R2vRJ!?-{v_cL`^z~-;Ix{HxnXIy^lf47 zT!lQh1{px5pz_pFyG|;06U9#Qe62lTBJQ}u3^kZR_IZo335^ykmcpY$03asTFsug* znM%MvfZUz2sIIRdfWWF#Ex?W<;T>uy*LQROZY}Rb&Hsgegtvw-0}sO|wJ^aFX(=l3 z4jU^TLkt5)M1he3PI(y)WE0~6*wEfa3WHfwVs)Pm-~~NS5C^r*F0{;{5z^CbMKY*@ z$Xj?OE);EkZ$njlQ)ZX{EU)#K*SX`x=RSa{lfkKxN|B)bIRun0oZ@qwo`C3_(lWDE zgCh`}WK&QaGbj>qUBPYdxR#%nmb!{AXMa07LBP>UtsIT(#z@L5y1Tv~)m@B*8O6>R zPpjf?0Rz&v5?h8}^DFgDB=sP*ei$(q3`V!b#3g2E`G)U5ShnXINV2KW=k*Hy9Wqtm zeQ`KK9zjkLC}AL}pemZV%8k0o^{>0+7RO2*)9^yy7ji{>E?S(}Pt9h%RxKUV90K$N zvk@y4<@4}L^A;?>@Yqf*zkoE?2g+Vy=kia`0igC{V=;+x)>WbBXwa&A;H<_L#F|A- zxI@>**S*Cx*YsmX!XxJ=59<3N+(xvAGBO(};c^2{wDIH*sv2+QG)UUm$4A&JQ(D-p_|;KU9xd z8kO}eR(dwoRO6_TbhQ_F8>)`KqUk1v-m%*~aAMhHO>v<}(Ud566-W@gR{6usG=J@(Q zXe|lIyqLMSx;&411sKuiKMCvD_=st?-z~6m6gWG;?(cArD7Qz-cC7Q&W^CI(%=1tF zOd9X)F-r!KNe+ij72(kGsTWu@>9v9GNpU3!V)imHZ~k7`=+ph7)51`YX{2Q>=tu#5 zX;;NBpx<4~E<(J_LuqXilUXEDD62E(JLv_m)k0fZP#Q891!!5EQNc<{%2S=qX5XpP zFgS!IUHGFvgOMbhh4^!qqihb`0BCavO3^x#7sWW4%^C`t)ssUAPH;JsS7M)u(AA}E zk1Zj#{t3F#Ru$r;(H0NNE2UlrY(6v&s;nh$v379rKiCtUgW`j=gOV|j_wLX4^=vI~ zEuYJ>r%vP?ujJc0MLXtG^|+Hf0`EYthD>{+PA-2#=yUYPam6yt?Ic`#h|YSIWVWJs zy>}ZqVd^a?+ig`B--~l#%M9eR-m&a z3$>eN2{qQinxf;UUZhPf_<v+a0TUBgfgnR>K+onD-(uh6v9lLw%=(aD z9}QnN9KD=pqB?FeGLY& zPn6H~L{~alBu{iGuI81tJw-#XQxd>Tvb(PFP9v;oB+WM9uBd1^a5MAs3tjf{Ak_Gb zkT@OkGHW+@N|i3*2z_Lz{E%r zjLn$Eb%$hwMb2^2&4v5e<=iHY(?JUvE*OPj`YA$ z^|sHPjI1uoSYQpi6wvV4Wi;BRJW}|JqF=nT(6UX4LPe#;w7;c<~XX)gn5Q3Abrz;xvJu7~!QjW57 zgq0sLU!3SZuhLepA@_&A(vo#~a4^ewJhYuPxmwW)?+huQ=-|^sR?^zFxg>Hh;`;4BvI#y=ZeB!;Fa!# zHFuS-bv9o{1n!EPuGOU#Mn>{v2qYA}UGhgrUcI+>yEZS@GAtjYzU=M_L4io*xIEkYwCIFX7AYNCnL8Kw>2L(_C(~wRCHZQmkZLb zLrbRr%D2K2t4oE$lAm{S3Mb%45%OLFQ)+)c!Yp}BdY)#?5GyV%cP)9~@p|E#AdQG_ zvd%G~2O8N94nKrAKWMnoTsOO()lvVG?xKLQKm&hyKr>vaqdU+g+?}^cj%M?(KYTCM zTt0n*iNq{5^5w#?muf>zf+}>)Qu_`NhyH|0;xKs2n{skDQkNZaKbz~Orp)^l6C+eX zP{BOk6s&0d-Skh${F<=NI9UW45%nZ!1(9k{V@?Rhtj;)gkBJc?9KX6oe7)9k_M06k zu|hbLAloV-ATPa0mFoz9-Zi-{K!vLZdpc|>H5~;Ak1Fk~Jg2djrD~I!r6W#ux`Z#$ zCP6pG{CFgdlf|A5nvLVciL`T6L+oN{+qxPxw%JCixdctzp~YvOq|b#%SW4jFC^v@S z%Y*EQiM?=^MDzCZzc%;Df{eF`qM!m%^4|itqKVLUDZTod>u^an9O|wZb-4kE3dm->COXTPG=X~^>VL9 z$RPh@XYB%^Gu~h_5jtwU7`mm~udqM~6SexjT;_^&zgQ>d9WS@MNOPu zAi%DTQNDYU%$6yIs2z%j9j9>7=e#bZgnse9s{byCFzR9pBSYfobEPikfdZYBfak6e zs^B7uN}+K+ea8HQB$b`+Mctvary-U!#a_4OLITCB3yOq{r|na5sXsUsixfh@SV}u| zp-G5&g4JC#+tvwJ(w`hDrPVYCTVo`ZW}Ir}I(Y>xKEc)*$rAAiPCuV5eiiTJXJCS9 zdhmcEgKmtu3syyV!=$(hZMmpcn&_Nt`#8At1K8OpYpC|6!uV5aVGT{<>;aiteR1(t zVQ@@C)Ng!gApPA5yg}Sgv+5t+6NvpAYxl+@@nC=%rJfXO5bRq_9k&s>l_wYt2RAE& z^G9k{)y@_?HjrEH<_y1_X6V#4tXo{VCwXwQU<(fjc=_j(*iuggi+ZvQb1tgbyQ|>1 zDJ$p`P};@}*_unOM$*Oo5C0>R0WGpoXC-?lO#c-*Gk8q{i=QU z17wW1!yGY|-C|ajIz8l~Z3aCicfLCu1%sn5Ql^s(wNwURDCBac?$t^t;rk$?Np@a8 zN}y9B?sBQiHeW)nFB4Vk&1DQIqV%%0CRJ9E-fl88kCLLawm7klxB7hqgupRyHKy&l zNm^Kxr6{N~$02!X_2L@~!byA-Q~tg*FXsXVs3DVniHNN9r$Y_6g_06AN)9~?-eoJH zN)HE^Zg_&k8PaeXD}y_Bo<2E3`(8V3FbV0}%htBb&%kNkY9zYU?YyY>z!;IM1dHeN z0%W$i+9}-R1|71eZrORDfe~FfqXIjSZRt9@{IS!Lz%N$Unp;Xz)94M%x+6|#dwxQa z5Z__ti^B=eXsT!OrC)1|WA9H@9uryDScTX4%$nG7CaK>J@)eZZF4Ai>4j zS8#+A&a9fEz+mu>Pt=OFgD_--1nuVm`!vNkYL#x0AM(lfRc<{u)GiWQlc8)dc+bcA zv((cT!uNq12a)|DNBNiu1@;!8Nzv@x)b-X(^oJS5tZP5xF61+Tl%i9-? zvq#sgg5s<$Z=P^U?_r^ej7U;6$lI8rqIBlxleh&mRtt;2V!20?QkLejs-x5jW z%o$-rQ^~R@Y?oItPeTG0OTeYIK%iC&&wdb+zzw0&9MkIzm3x#C#M{D;VjB{2!IWr| zhp~w^DeJ&VRjaM_9a^8)>FI;$qNCG@peE8$j^$Tj-N*8#bEe)>INzg7sl`s1^owA} zM~qi9e(Z;8=4KO8D{n!%V|w=%Sf;PJ1TCyqYr&%)P_NqJ=%Hr>C;4D|UGwIhfZzm( z7B1c%$#{-7?k{A&pzkUcx)%gngohgfK>EYhH6n};1K0QhQ;u(@z6Qpt58=mox@@8~ ztC-jNx;VX)I>Fks6%%tSkgyYp$HYhk1GdYJ9oW?_4iP`m87ZCYM_ZQ1k;YO$(4^`| zo!R&LO_tcw8b54Ma$NzWc+UJOnuB~pRNK`SfSO zmUk{T3UJP0m5hmv2L5yoxW_TxYDlB2aph5$CiU<%F~Lj==MB?i6*UQ9Z);ZzPg~CX zZSNC{nG2nAI{D^wADUOXz}6c@v#2Fn2h0QVRFeao-`yTzMZFvK*w5sTh)@JaVD`%} z#b24A4zVvEnUa|1vy;Vtq>JTl&(g{W_fTAkWv@grI~jJCyl%Xtmhm100xWOj0Eq$H zYeuZ%gy#iwa(6%2)mL?4%+KE}NLptjwJ3zCoj_G864E`T2Q52NO1+d(H zErvAw6gLc!-+6KwGUpFEKkMMFkr~ckbR>a#@Z$&7IT?uS%V^v$`EK2zT1Ppw>d?h! ziqa(tIaW>eJhp{L4MMk4$e3^z_xrCD26*|O>R7;1q3!++_}h+)G}{WKa$u}%!NGi( z;d_P~is!8t1*Vr@-7uUrWS3W+#5+d&>CzIW5`FN==(x9Szx@2)n$OMN@2DQiz*qCS zr%S6qZJt&|2s^!T`vKi2IOK{Qe$+!`i9RrGgmy$)JxlZ+w%SMK*O;z_s1PDZ^cdML z&@JKEp10|yj-PtZ1{Va^#0`J9E(`qbkJizzH>c<3rU%Bqwwj)g#@78^Z(RPF{hI>) zcuebXy${Nx8`| zq=SJjQmf`~v>uo5FMr*<-ZKkc-~+d2);h~Q znu_CSXjxtLYHw=)virkLzN4Pa3b3_Wl!k zizIY{RigFVWWQ!|)KfTwcMv+$GT6*)2Qi^%e<^CSz2y4@-OB>TvL!+og0aDTO+a35rW$Sb%7 z;FLFV04r;zKrDN10bAB23wE~dy9I1nN%(??3b3L|<^>OOq*PQ$qUecBM)osJMETtO z`QP2~A8~ffN;?X#GF3Kh`T=u{45FCrm9xsdQ3Fn4%qu%s6)cg-KQ%)aM?-V!eDpS>OBK zWfbVhvW7!9{jR%!^!FpqEbKVo*l%I}V&^segI)#wi{h{Phdd9{kL;35_WqW?ADMD_ zJvP;*)zFp?4YZ$@#Rj^FDefW{g&X=(rZ$a^iO4>F>&+c93Z}c!P#k z#^4+$m&}>SuH1cNv2$+oS~n?T`PnvwXNukEQ%m@>KbHQNN)SxTM~fsM8A};sj{eu) zYIm~w-`3{FXZ`O!KCnrG2?`Tr$m2!l&?}pXueOWjYccY%0TCd+MiGWB9il zyoY}$L-_vx)KJdmjOzO@_h3Nr?W*}8AO|gO2S3&P%M@KYvF~VjE~Qdx@RdfR8#9n< zYrEg<9DKd^>dn{wu>YyqL(%>>K{?AAW6u8Xbk^6^{@-Y?Z{q&n*l2&=|M&5+j#g9) zPzv4l>UgtVhd((wW!w8m>BYbM0sf;*;M-!lCwq?@mxPpnykP7)8JjSx#fg(u8?OcUIzs^~)I)%DLfz}ZV!C(Hees$^h2Jy6imVg-PkHSf-A772AU`q?YicKWXFi76} z7^6Tf1G6r8y;VKAB`~Pg6tcwgK6M41~9 z-Z&mp@;Xe&>#@vW_6F%~2Vsyj|1(Tt@9lJe38~1~9Z@j5{mZp?l0~qTywqpj#b@8;@0YoWev8L8SIeG2c$COn8^f2 zs!3otog{HgjaUyL`Oc(sU$V)9G0>;94o{nDU_4A*v&om8kHy^l?$yOUWS8sOy1y< zg^#^JzjKq@NsfVr4i_B;Blu6kU>znQc~oIJ334?4hb}|rb^NvUKO^g+j3=1a^UwT_ zRqxPEktXhwQ7Yw})C3F-%Q>xt9iADnf*$ZcI>${u6Uhgs;vjd>-(IAh zBXUL2Zd70qYv7GJFY*3pJe^d3Q!1OytvGnY@`$&rs>t=^f?EHijzMI zC({I-_V5?VB_LS8wn9hqI6Lh}y@^)`<-G3Izk2fq{^dK*Iu?5YZe4$|b5zHF|FhmW zEx=hRWOy{Ykl`;60J2j(godmlP%dPs-^2Kb?|OAOOCVF>H&pu2g3S7T9$*$^<|TnC zi=V>Riy<4weNARLI>T!v!CQ;2m?lvX9yMer!GqX8nrK|fJ#O85Tn^(b$b`&tboR+1 z(=S<&RRn4|bVjUqHy9hCvjX#-K^}Kq_qI9%uU^r1`RsU^132WaZr=3Ft=bJMQtQ1WIDu`_#jCg0Whb-IODFPE-1Y5DZu3`!f@VP_r9=s4 zGAQC=XE&Y5ZC9k1#G|>BsX7tW*{7IDKM02yqd%E7m8ugloqd9dnCdy@GpRfgs}#?D zPs9pkDxXQ!iP)Xp_e6kSV%*1a_K50ip-C)hB1t#s&1G9vCvx;+XV-WqEij*@aIOCG z*zfMq%Ns1mawYbUefRVO$3At%rJB~b3RokBAqQZi6u=0KoLK{ zC9vO}!+q7+0<&1oL@vg`^7hC#aT5KEM!tb}828bsJx+VUV7|hzgo#`(b0YAa(&J{P zF@JfMvDwqHuO-)#dFY9xTKqjUuExB*ZYKdR<75}7Hnb>~E=ztQlzaruo}5G0i1X|I z`kxn`$5J+XU;L(bZExYsBIPHtQ~27Am*wsz;%=MDT&uXVdzpyqS6?!fsuMXZ>ui}5 zVZ#ctl{2n-U1C^yKo*m`{1jVb9*~*kE+b$*W_pXK2otG;~l}-K&dn2W=Xh*6C%87jx!se-Ojz zht@a1sh*|Hx_c!}{QnDUr|kf2{*5+&X5r~27g-bE>H6ZC`1 z73Cw`Qeuoi$B9}l9@0$Qs3?`xNTs$Ur2C%9fhUQ5EEgn|RFE>Wak57BqGY5s3wEXQ zbLsA|j8KcS#;Y3Em_Dc#w$L=OiXrKy zR*?e=rn+KZLQ}sYV8<9v*$0~}>XQ`DByKW_;efc4X*6^VD zL8!ZgkHBI(vvIj{kF-SsKeGfEEEs zgNrWD;wDOk9GAB^&MrV2ua|EDug)6}iGP)R62IG5ul=y{h}tByO>_b=*nw0-**CP1 z!Ge|GM-&T9FywT3~H zYQ%r*r7pli4!F}BV<9B(Ve*!cjNGZo7|^Ip3%AF@TvnOG!e!nJTZ9F-GU$>&3+@O` zvFQ1`oPKrTZJ`bfzEEAv&hROO-G^bHTj;Zpf#Fk##lIO*+g- zlIJ0naHCx;B=5;voZ30B{_Y&^-)yT}YN&1WJBwpuE5uaz6c4e?uPlyZ0(9|< zS6HxL*GRQ~Ea8vJ-^4U5AdGwX2#4jAxbqn7a#?B-vz)_?mdgu@dUL3Z^O>QS)2J_A z$L7ej94}P^m5zE59ONx+1rXSo$>AOTrph$HQk=3Am|vdHToTb=_WVq;?qUdtC`e?g zc<3&RH17HYt#;fki_Y%)>~d&@<3I7=(?YDO;+A%?dk$;@u16Jk6sNNDAfCGY+}bca zcXiz9sBqQ{7`hypve9C@YwzFFU_b>L@XDAbI`ba*{->kw?(F$|#8ejXm0d;3WS*4b zky7mecHl#rj#?dOUe@ZAtqPT&5POwfsN_j%P5l0+BUK_Y%>)F3dpxj;>n=Fly-&x) zoLk$d!rrlB)yub#iKD?8iTG&VY|_t7jzs4+ZzXs|ahYu6!b^@Lods{^IrOk@HcAe$ znP<<#Qgce6afr+~22&aPiDi@twAU~R-5{2?CV=MCgmfO{Y-cN)rHEOJxb zt00Yf9tN7Ln$uK}I+R*fD%6%E(|hjQcny?%;T1TB21p`ced@U}4{aG`%y-H{$z-NoCQ0 z>jo67byHAbuw?ePwR*#=55m#;%4P8sf?-vg>CO_a(>l0TFZUcX-sxkm+UuW|;9(dh=NXglYy1hYpkhO8&*D5ff-@}H z%}|Qrbm(XBFw-Z6e(IDzs^F5c@V+R)LlbS;Sn-hr;@>?Uh;M#7iRNFgQu_yG$i&am znD5;sT)V^1(jann#1zTFC$;4y-Wy%M4VX!O^j=_@2`?O7MxgvqC1zE`i7hH@E)7`a zxd$CsZ!H>-!@`s%SU+8)qulhxDs&!BXxpA@pAEVaO4y7`x7?WLC{Q|>Nb~penWr-- ztjMnfTT}g5<|WS4he;8~`3jU9N&-jLfr&X8N$XK}vZu;)&IEv(4rnS|ROB9}&$^M~ zmi*TuY_f3rFl(Irt0;9+&0!5=OdD&ajx(i@nt+q0sj~5S=yF>zG!ok<%gMkS#iOQb zy@cuKjU@16$3+U6MvBmqpMLKm?7dH?x=J}+%*k(<1yCP&GGJXDh8!*N6f=Ac!l&k* zWkqL;UOl#KW_YiU_abiDs8y^GElGf#EV(PF8a(QJvHon!a{Ofg>Mbs~H4Mg74W&8> z$RYSvhf>@iGuozGY3&YT)f6=i-!6T z8cx#*-L`f^4!>IZ$?FR5|8Nc((eJXSub(-6ZJ7kxOuOQDZhv)edf0qO?~^TAHO$zM z_eWk2y>Wm?UYi)URV!mMhn$@o|J@68t)KeBVNo(>NyLkD6s87d0F1nC;F;*aJ znw@2~3Oh`@J4Wpf-ZGf+UN#9|#gGxD8**Sg0zvmWkqX$x1o?Qu0&~Cw@HA_bOauxs zrzi(S#?2jx_#%tE3lbEistF>?kUefCN>n*~mvQvnst;!~TnT>tBpwXl%Smv4DtHjo zdqEeY<~dibwDKmwd9@@&I)>Q3?)fHp<%R=ry#Nu;fVjMk?Mt z%NMQ7Hi=hE)yo$Zokhdafqpnb%S|8YX^*~gm2IrLD-^P1m(Uyptg@Yw8>{5UvVkx@ za$yfuJgjV!rh|_^1((6c^LP;8#eN-oGFEo{t2~O6NWwdYrNz1@5iM;B+U_t&t>|yu z1E%_sD%636inxd#X3ZF#!=Fx}L<#Uz&E-TPCt`{>gkuTQ9RW?jo8gB5bZF>H3VuX! zt!5Q(nlsdqZb`?Ii7vK#R<%(^zydzhYQVhab<6!gL%W-f-`Vmz%|6vOX?EJpWNW=v z!_Z$&1~{)%LiQN|%H1F87yT#Pjrcm6epFrRXc7+T=h*|ik+Xhq?WJn05qF}CwAi7; zI?A^1hS&PF8ccF(VW}I(gD@E7W)x0Th5|I_kjy|L2IXpjC&*1}Ks?rJa@9x&qU05S<_04LsC zDn;+!N3UYaj+ED{-mIhBjv3~FYL(UNQawgWrl(&28WGy#iaO{^4Z(>>-P|Cx$MrY7P9a3 zq^cFoBxglByy%ad|k^2;>0*%HTYf=#Rgb$-p84wIV3r#bT&9(S6sE<4w z*hj!sl`4mg4(0nl!fTC6#3fA_0h=PHdMEjDaNW?YX#`vd^90gfB;C%E-$8$cl%ZdL=jF;~E%ZGZH-TN}VT;mg0L@g&4;uni9ZN5y``y0G%Df`uqze{jn>SLayS3H-Q+nYB-vmG zZ%+1({mF-kQ~aiyw9d3PAR=7R$&B%gR7zC2dBoZ{Nj!`4cZDIdGR)eI5jxpgsuD3s z0YN|sY&>cwGN3TGP7@&MT~nX?64b@d~C-=uHOnvRr#Nnnt+)m$iXOUH1KADGFSct2fdX&U5q(6VG&?VE{hA$(a|Fwi+ggt zNqlbAp5{G93IcourVu9pxQf#;H5|{v0Buhxt~E!~@l@AYf}&niPG_q1!vN_Ec`Xqjni z5|5*vE;RoLX#hHxNwEV-gVbJ3_6J1O2i=BnWRzVt`BBC{J8?QY1_7$RMJ%uwBsDxw zb1+@5`wm!V!M|INq_srw3YpJ=1_wNGsflAU#;pD-Vf!f|mX7)Z(AX{#YhS9#rkrlkq@1LU5@||8 z>XQ1jN^(~DBQq@}9KnQ%P`D0LLfGehAvd-Ghb{dl?l<1jks1#UgkUz@-Ins{-WHe{Q~ zBP=+Ki>KxQFkG$+wZMJ>9Rl{s=slI!{hJyaO`|xj-%aA64~(2^2dAxYBn8Hspc($G ziwQS5(`J*e3QB&J6ie_pjhfIq)s}8frl9p<1@0!A?gy8cdVMflqkq?%ptnt$W|B-p zP1ug%2mfL+9DHd*T?J!>FHo{3ZWA^UTQqv}a;-Uugu;TQvuh)mfyVnQO`%ZYGDzrNlI0-qkaTL9-<;D z!}Yx>C5oo}S0D_)f8@!kr%FSt`E73n8`R}dz46x?Quq+K2X2-r-RegvGokQ9FB}t- z>Y1AA`hb%z{Mx^ygSd;HSd^)He63DoY2^i=Xb@5Xr&m{3en24ladO@oaFew4YJYd{ z;CQbIU;-w;9bs~PbELyb5^$+*s?i)=;f-o=o`if1!N}-69bs&osy<)qqYX3aPA3j} z6ihHry8)gaBd@-5?Cl@dy%#&j`^T%bcl#&by!rOTd$)6Rv~zH>zjy4tIr4Vj9K75= z*?)5Ye|_cc9Q@1s$Ns^~RWFR#@c3a&S+H=yh9rRawPQ&XrUuuyTVy(pdLG^?OwoXN zj-KFje>Dc;;DRI++gGD(0m8R))A4J6xT_DKKhnoCt4%Fq0Qk|a-#Z@MaEx}R-QL>R z@Y?Nm=h+}Bs1 z+uqLM&h9s~$7@eptdh5$dY92~o9yMtcu+ihj!GA@h;7d_t5vG*U8Lj}77W*leYIl3 zY(gMt&~CwAwDU&5SH{HDVH3TaqV4w>X4RkK#s2>JDAqskeSo8oEVwl^nDI+^X`#$t zl(=kdS~d97|HU6JX|o@aAu6EoZFW zEf!9%*-grNFSdfbcs!@*%nSeR`8cQ=Q)W(2t8oqA>M$gaF1uHzmqmKzH=JGt-!pJ; z6}PXBdg~>#0QPT$<;v)FUS)Va`$wQIWs$18xli#Tm96x1rb&#xTD|x=bH^f~F554t zbq|M5Jmln%Rsdz(m)w$dx?O*5GDzCiefLQbV&(lqGaX_InNG5g<*fr{yJ#lMdj7B5TtGM8bxT4*J}v?n+K+?g*>}CVY>mZ*w6J_IlL9TnQP;|okN)21!78d zk!$GoV=!FWgVp5bC%X%U;@fnorw$9l%&l~#+r%4IvNWF0h6)7Y35h!d?Jkj_5ns7k zH88wogt{{3c^28Ph8=<2}2%@Y*Ub5qS55ctAozwyL(^1wC(+ofYPLt8_p6Z zvd7wEI4V}@wq+XPa^(pr3(;dfPw8xx_X5Uu1jE&DZ(C;$(%lpo^R^c8f+{R&+Uh1+Fp# zeHOT?30#Y-;LYL_;nRs#Ip$I6EV%tiP;d_1P@1ZI24seuBS+houbpE>uxyo!>GDYD*++vLOWz-<~;_uq;{KLHCE0-FjNLu|hyp746AZ`!)^E!|kF&%bBBj9l5qS!7kOj>s=IXT9=)=d)m)9 zt7Z?N)jO3*d*^UpwXjt@Ez<~^td0=M`t~)HvTt3 z>Zw|y4LRHRbfX2)OD5;%h1I-xw&h*S6IyuXG0SZdQ3?}71?V&chcIyCWJ=Lq-D&?E zqq8b4*OzzD#$7|F3T{?|Oqb`p&&_%CVrSPgMU|>SnskHSEHL@`baD|V(a-Fvza(&Xk6u;< zvX}H{FK`4W7Dl?_`LrbP;DkD6AM1)h!u#rl*|18&fTbey8(bbt@Hp@e6|Z1=9~w#>MEsL zCIx_w(O*BBT=O~YilxKvQPSj+))=da$g{#or=v+U&<&t3zb$tMj&h9M z2>MnfQH?G=`k->s5*4RNxMKI694|J_Uk#%9v$6z5e zW}KD7;Qjim*A06CMkrCw6tyNXGL-(X@A9Gr5rWF6oL6N)uNjGV>O5pYq; z4hiJ{^n@aL6VO>MF(?Ki{`%|Vy0_w>$NLDYe@y9QJnK?q?#Z>d{coQA7ZVcPBJ_to zv+cj_jjheB{kOfjzV+Gudmo<%X8)z+u6V}@oENx01){4$DaTVz>bNt2%{~e!Nf2F_ zdMn2}2Wf*CrYiM(^6J<_;>Gwo_+^$|l}J1dM#hS&Z(2=JG&G|Q0PZk(84rO|n!kO_ zz&D^oC8SJArjp@xQ+~iwfWQeccrd3wF=?N!k!Xiqa!RN z&f}YiNlv@c4Nbj6b1!cVXKvj6^s?tWlbhduc8j8?G~EJHnK5nEy88TK>ir%%0?tFk zQ@;R|N+_xDX4ST{+Y!R_{($dTS>tbvt1mOiGC~b+AD+LY3c>szOl@lS!Pgg@g3#>; zFpJxA756F7CzqAJVKZ%C-;CeGp{zv6|BDoW9st3%I|JT+xvi=`yo6kPW z|M&5EDDuBojS=RMn8x{Xr(k}^S+p3CJg+NZ@# zXM?)78pZ1Etf{E74VqGc1fBwGKy}oWnU1b2xZnheb}`#E6taBp#kF?Jh)BT3V*%|v zY_Fl;sOAfmmDVq&oON1H9kl_rp6Ko{w`%J=iKkRWyq4Gf<)J7kU{q_$~37A*+6+CZJtrgjtU?q(Ip(X z=V70-#M`*ZfaF_k7oU!81~0w~DSl7#w%5tl{jXp+`0Qx@2|jb=f4W1t?FGOb|L^sU zjkT=(|JmC5XZim=J`X_tClF39lK4srx@Gc~aw}W+dA3oWLQ4F*MBQD&btifDna1{?qmd2R$A`~exsqDm%s@!@g@!r#d zzBS%qK!2W8QkScEHy~Z5W-B5C{B3u(srLg5Jy_|2ClJxRD&Y*P>Uo|IjYXT|> z)*rfv;|Zs-b_C6w0$!`*8nPtHecR~3}fZ@zH`!ppS%5hpn23W{~5 zgpfUj676C>=G9u@Ni{=n7^Zk8>DwY$m8+5Rld(^%GHx4XMieF+sXvLenkp~M`C$Tn zq$<$mS?U~alpRtZSU?e6c#fawTPv#pt(F$L(t&c z2k}Wj%+_3owI~YS8NxT^+e&+KJK3gA3Wo9lNd=C!jrSED~ zx|C+_RkBYq({*hW65ZuOVxw(791cO-U^ovlP`JGS1bXngF2AQzrVnT{w2IfobR+;3 z?H~hH(bJir87s~#t4_(1u4D+yMl2FkV>XFoH@b~n=Rxrj&p05AEeOq}=a_;9j)*Mj zG`x1hd1|jHK5WdgC8=|vQFJia79w#h{eJZQ=)eE>|M8CZcE3H^KlvACAV1hY_<9@T z1ERBQvgMZ^V(9mozK;MuC|q)Zfe}kPs+dPl7xU>j!FOU$+>#Y(lR2?HqjIN8Q z8}mPFT!Beoj_MnT%&PJP_MyI$(KqyDeKfSGkN#TeB$`a=9OWAZ^O#DPM(@J``?-?Q zvLBMj+1FPbG!V#JBnypt;i}h7;`gvZQkq-pxA3IMKNl6n(PfmxqahdGNg^u1=zl-T zIQyar{+1+RG1{zP{3f@2sdo`vhFtk0RhS96Yj1f;4zcs$+OyzlW@4` zJIn}+-l~od(JN8DaRaq$K}FIk+NH=tY{H@{uD8F~Y!_&9?!bAqO=z*4kKXIf zuw{fiWVWPXAS1X?hjZ*68Hi@{d)4*)^ZHYt(rOyIY&SN>@~?cLOh>xfY&V4YMRDRD z1Qwn&Wm>-x;*JCxT^hB{t)xneEy~7##H>4K6CDW&Z6 zk*|&?ab4cb>f+j+E2})`&6QsRCTNmHVm04t>EJi4WIgh*99tEPo}!DaCAJjVJ{bi*^Y^5fD(#I$LC6`gi2TGhA?R$;V=YD1m?7{*+uzyS~tAo!00 zsmM%3`FC(0+5Q?iv@4^-iPT?pf%8Drx`_KE_F#odeIwCx0=Unx=n5IbGT=MHOtFpR zF~JG*#C%mNGy8MPDUKIGOR+u~if- zI{xO2foOPj?5HjtEAm^;W<;QY00YC6`S5T8Ofgt~CHrJW8$0X=_c%vu*z8oDN4Xi> z@Xnuj(@vC2$THcs9~V!Z83YF~^SfnaD#D*4KMYed`~3+~?jJ$wkBxd@jrgQ4gjGbA zDtg(OxsbnQ^|kj1S?L@~)zc9^qdIW2hw>a7%0vC5NK@6A-|JvZ{&>g7uha!T&Yk$7 zvnxyaon|F2RCVK3TA$CnbSE~{6jYd8d-ZF)=%|n4Iy*x061fA|vo4c6IQ{f2a}go4{p zeu-dFJfqA7h*%r2pUy`6If@MRJe$q-HV8gc=&GQj*>98`Q_I#&=jeZ|qTj9mU%S1& znbrTcHa^Gy+{@Xfb3DklEy!$ayZzugSvgGX%UE)#cU#&QFg~x8 zt7MsBo=XFNM=xb|pjlxEJcJot=*W?j^mJji|08oKXF$nylmVq+aCbSgmTTqTf&Z8F z@yM>61*rp$|-=X*$XR?DBQHEv`pDT2x}ms`KvasTdpXl6@W2+8@` zptii9di7y2HU@A_y!L3u!@~ZR;<4w6DpmT)$u7Bl>CDmfpmLtr-R690O6PmS8P8Iu z7n$`U9yNybIl0iRj^+9|yZYN1R5`GG^roZe->OIqPLgYg6;|}H{#er14pBbl#4(}_ z(B+oMl{5BlZqqM)7guzEEQe?Q{*|Z7FWhn|EZE(TOT3Eie6#1mGUpbKp}k@uuqamZ zrYvJ|XevN5Yr}nN&T|*&za9Tt_7eQQxuEv?AQ=>JcOEA|Nc?jWUPkzP3j`c-o+nof z?@zPUl3AjSuI;dxVzRgba+%BbNe{#idA5{KDjy{~9CMs{8o~?J<&$`dr?Un%OpU010ZFHKi zHa48_Rx8)y>3^+Is>MGyR=)S;+u!Z4O?tl5{Li5I^Y_gk{w&YT4~?e{eB;lR+C4tC zaOK`Am~5#$<&uV4M(_Ld|8@PU|2p^y1#|spG_wCZr1{R4{R?!bnWFutHcov0-1%po z{ZHxw+{yqr$NysuZGNu(uhZW8od5G)J`ceDr~D!~1EGg!BXS_<7qkir;X?;#llFsr zG~p1n3qJYIpwMRCC?6HJV(_t`70ZtYNy~V%3SG_f`o2* znB(IEC=7UVsKj#lcfZCWI(80-TLnI^{6=^0uuVA*G>!&NDIT0||L@Fy{KRAKEuQ=t`|RjIhSF z{X)Y$I~&BoWNRb)Tn$Gnl^^gUVz@vgEtf(iM;0cLYz~7F5IY99N^EpsoSA4DFcmIG zfz+%7t{e@C`!Zs&cAt@NzYgP_ZEFe69u0lGG5EAK#huoYg=;<1MGTsDH}kh6_Whc> zMtTY{OP&&Qt)5B*T~)lsn)qxvcgCnJ1gS;82-1Iq*PhdLJ&Op*y2w$r3Hqf}dTmZ~ zw+8NHkT!$fFswIhLb-iH@HywdlnK7e`@i1vY&4qwVwu%4ayEjNaBi$nftYTIUpZ8%S4FzW(N-QVF=9y7RH#p@9X z9yxmqWlQz>p-z;B*~JG#KfP#)reE@!vICg+^5ar^gi+7x-YHF8^a?YyezSXB@RFov z)pO@!6q)eqyfXUuN7j>#&t1{T+DuWDuGI)0d1KZvOz3{svSk^wvQzC`4R4!`4Fa>e zcJVqER>*c%5<7C%aKvBVVANhVrToP@-2Av zKZCUVW8JQ!KI@v+m3w44s0a!svKtPk6Y`gq{AlU4ci{yp8@-PaF(6?L!rmlK>>BrY zrel_6r@;*VV!b+t#f;;A8Got03%x#Nj#1HOm^PUF*;Foa9!`w1;xs!{iNrOWDL{#- z{hm-k+-n`~Nh*?(_LDGpZMmGDqnlVzZ*AX(9#Q>0M5bBd0XBe53rxF@j+_ z>Umr163lSS9_#gHS<%d0t}euvb_6EH>54cMh=9_)HlXv_Id1|Y)Tu#@pH`EiH0+7+ zcjNh%7q4zOsX!wRQ>&`ikUM&w!!i;j?r0dQjrUTrt^_Aw|zxyw|mi)f| z{rAlu8h>v79n~9<`x5ssZaCoCxrrD$XQaa67oK*8ww=y+&_yVCw$?D0vf1< zNdhl7t1^k3=~>jSv=|&l?l(+3N%tp0EdB9T)MG`G*~XO}s%F4s??7wN8QXAXt0nA3 zjUIQXLSXXyrdawmz!yEe?M^E0b=g~L2h)_;$vUk%bDTX@!n9zC>GFZ{Ry0i`OEblb z2cV5E7P0JUlOMAH0j+=2b`n-fzH>?`hRS!ea`=JFP{gX z|2bFNSVNjgjxMyrbkZWBN>vEy24VvaBs<0!+J_U$=9`A{7Yk!}{6O=lM_H99R}%0s z^e)AShpjdKua`zYhiOBD^jP6X z-96PjfnDY!e!F!wypb2jQE%0XU%Zaszd2aox6L*@YN!r*dfDza zGu{1Vt+czfucbHqr#_5&NmZcNGNY_*Zrujx^)KA+*1y=O2y{9Gp`aqrn;A@RcFIvx z0qAEL96Z}9U$_jW;eeP9ZwPg#y;hE#8-U%}TrXcc7jB~es$}iA9Rg`@+>WgMO@~0* z&#IF3hg(2BbC@c0?RK}-*{Dj_Yo8MAEw{VQ+S(V@NZV*{a+#!=qmNA8sCS^Qe#kz| z*DNYh%_Mc@A-(FohcTXDf|qDSsr~49jjzJK4v_-h&uLk3h!w8runO~qH&YEkqhY6j zx$Rxb9QltcgxsnB?^=5+XaDcCw?5nd@8$CV36xMCJ$W} zbj6fN*YC&<9r2aoqSd8|GKs{aPO!! zwYUZO2!cOjMALSK9I}%n3|m-x)I6X?e57X2;}TAD%VAgXF?if3M`dvc8C)Y9zY00! zYKra+!61v#6pb{-{B-x;%r1rIY>o3RIQpvJPM_cxAjs+ZdCtbpHp%>Z3tGXHA5fO+ z%|S|$dpXBzxgR`=Himu1y^?%d6$x|qM$bP2Z@V;5l3z_yXH$op%M0NGt* zaW0HnskA3e!8G=2wCh6K znv^{L&Y}cs&*?<_94w|1L~&;fDzBHTc^{^WcQZ?l{U7JhD0ud;)9()%|Oq+_Jr9mW@YPh~E_NXi5 zblMfant9a=;cK>hA-;mz=bO<%cvUv-mvT^;nrLULP&1MDDwj~;B4g_2Yy|z0rVFjI zr$5rWJze_$HO9vLB71zu|(NOZq0l|#|AytM&btCw7lCu%$3nE#7BmTxnp zq`6hs`7mQ#j3l0l&y&4}3b?|}$2L1ijNEpwBracoen+V^qnJv>OfFy)H#m{bP~5LT znp|D_>LTi0u#dwTh>(;eitA<)fw>$WnN|l2VXB&)0tKjsK~5$?drScWp3{8zR9k^b z;z40pQR+$MKG|4L+=)K17=m)m&|p)%BQYP%jsly#*}$QN{US(J;$92A3K-@;__}Z& zeySFpaTNB^2(^YX6rXb%*Exo5W*ii7b4s_2G&DtLX5&4lF|6>B%9}Ir!0va!q+l5B z-Vm6XnXwr2TrJak0u5#kGePc@K^xXsb*asqPDPkozcn$@ZuwnN(}wRI(IEoLusK&U z*pwOX5U-UpCy#JhT{$47ya?Zt5jyz66X%p=fXu)+Hv`^WAv!O-Y4P&0h78jW)|CkQ zSe;^-pUt6Z`SW01T=PI*hDpbA-dpWKhVy0m=H`rPKoQII->U57r2|t79Qq%Yl1jpE;T&d;&dc*Mm;_|87{u}W z=>Tm&lE2uiU!oAK^xX`XVlx5y}OiGHSqZsl~Do(ETN3XlJ z(GPo8njgCwB&PE<5)E+%C&*UmHwDFxPmCn-J?KB**S&s>Zh`Sc@k}i&^K&diCrD7R z%_($i>5x>rxtJjQA~vV{v~e^U54@Fab=U&uwl|p!V8b&!rTdwVNg9LyKu;tFjmGL#3uF@=yiYiA?GW=(+`e z!Pd>H{#kISyz-4|%jaj7P4Q;dE?1nKi@p~FlS!?%tU~kU@Dy^qtl1;8{JyApIZ6Wh z)DsjJ>lHj$cLw8&!0TY)Q2g^?It-Jj2S0c#)A2ap>Z25J|FP~BqZO!?-bi~9N*o#GvvRW4ris?1x-J- z&;j9p{00f8O5PE(NChh!ivWw-)?}Qw5@adtd3eoy{x@pt zvL{v2%cr(+Eoj@BE2gW}*XC|rET?Y$c(+nxCP>&GZKXtBbV~Iy$fd%fvtObk2pvxnM@k6}>u~CfP*I>HxCa98eO7@9W>!?Y!q@^@|E$ zX3d}&w0S{ipL%!v{y%g0zsZ+!m+?Ovx%{si>zkkX|9yNO0RI>Ek2hHQE`)EQ^u3ez zy94HV5sXt-dD0#n6Dlo{{E>195c>C(%eMttfNUdO@u88^RXq{r?yCDbO$qDLj>og} zS>^}KD`+|QqD!T(NMS%#1kyZ+Im?kbVf1>`fB6L_HHrUc8js|~hFisnm%}+C$kf|| zWvy#pz{eQ13;OV7cueg9Y_0s%jcEsSCP`W+#-sCAT}ErTso9FH#0Z28P+(HFJe)G` z$vdtwJg<+vCMW~82ZCxNSMMd%9Gp!kaVxHw%KGI?A6OYF?30K>>5oS&G)x$A=o+`( zY7I>$eP6ufqPUg9VSL^~Or`$CWH@+4xNG9Jqi>aVhDwrWQ|`>-EA&&R{E=IGr7A%S z7@D5@sY#ruew2D0f@`N~-q5{JO$$vTdM_$cGiku!E7K+on3rbw_gvzwPewNBf^?&k z!Wjb6KUJrsrheyv(3B0(Z-Bbq=+t~SBD2!-e~$dex5{^&|La*+|8H+@evbdSm(N3y z{|>1>3HqBS9EDA8fahqoR7OOxYnQVeCRQ=g!>h9AW?L`imR0>q?=;nq6;s=k3~UKu ziHiCthMC4YiT6gAZ-Yc7v<*LCYEI0cs5|)e*XNH{Fx6sjG9ctA`>K^;WoE|4j9t>o z#wuCq#Ukl7WA7&r?x^t<3PcsqaSSFHNQ^%Zg7=C?;k+h=}>8_~jM(emCoC!qyvfeY*=Y z|0?$?onzuTV2+OL81_|jX>X=NS6Pb{k1vvauTfx8p+C)?a%nGx;>g#OLczXTloOa& zaPG>@^g`0!^ZeIBTP)YHvBTkP#3##ILBHJ(pC(P1}v)BOn_JkEHLWCQ^-QZ9tU z>c?JVWf~iE!X&((2|0%nvd%7g89zCAzD3rO5T2U8U1{jw@tOw6$ zT{P+Ys7qWwV{v>e>K?T7X52{eC8ffl<-+J(Q)2K3x0HJz+Cmfof_~YfrnIg?a^)U( znNSY+vE$Mq1#m1%iOzW003ew@d6VjA2}UNS=meB<;y(IQTDeqaH_a~c&Ak7LMNe04 zx5yzAJ><{#uqcWHDx#3xi?H`ToeqH(j7lTRQ&;K^rEBq?vJcWzb1S&A8;{PS^Vh+6 zRmDYNIN6ly>v`kYDSxsGy9x26@^Yyh)!s@PhTfyj7wgZq8uKNJo&bCz&}zIg#C4FH z5vE}sZi|5-Bi>>PD47&z)dxa|@U3vwi+|_L-yqU4h_bE_y7F(BXig7dV|i2cRNQ1 z`v+fddq-yW0OJHyJ`kE#PzN*Pzzf^>3%2?7*T$+RGUkXYGjLr9@|r>K)xk9kkJCic z6h*fLmvPk3W1Ga!z)FdRYFq?eaN-0C&(^j?fb0TGf%#pb9SYQ*rmb+)x*P&J!{#Iy z{XA76+D%Y0r|=^en=ScO)vRcB)2Io(w?G?8o0BO_Itm79lj5DIKt)sFZX(=GSr>TL zBr%xmn6pjxF6Bu+?Y<{3};_p*kWx zt{5q@^~ZFZ(jg_P#Jo-UNb`-n4rX>{W{Au*oCuFBhK%x^d2l1>lw-4v<>$uPYp&a} z`zF%ufB*0Q;~nqqetWck@-I&_j5jht&ujvY@a%>d5RA^<5$qt&Z30Z;n{Y6c5aBDT zox?=}S1Da0{+E*5v&SmuT%=^az+yZU4?yf5rouY{6(!aqP7k`=3*Oe$#|dtKZ)XgO zbC1Zx+XV@85T9F+`rfeukP1(dH={KXfLE2fi9Jrn-47`yfczV$6uOFojl%>X!|Efe z9vX5#JEM^WhRf{$EV-Cj5bMx1HS;Jt=wN$z6He-;Q$+!(=9t-kwj9-|u zS{#>|Vyu&=y}s~gkmb;TXgTI;us!L6!e1HV3CdY37+8z>Su9djYek!~!6INb&`L~L zf`Yn1Pll)FrkLm4`cXZD>vU z$;M3=ly_J(fU~SjE|Pe9&XK&P;_o25q(W*Svkw5$B)TLP6T4hSVD&w<-@U-^`aMIY z8MxHyZ$H;-W+PBIrM89H5mfS~?T$}B_$5nFNGIy0LP8PL?5py~+!W)kB|PvsZyQQO zLr2tZ4ETB8UiJDh4Wk$x;9SpJ!(kUHGk{3f4jB5CEYzy8(^kM%FcMW-qu*!?SmKM# za{NYaW9ISsDOgfj$D zVv`ZKyw?7)4!)Et?0F&GSa5MY=7!hKqowuKp%L#(0OYr_C^=lK9Za&q6pOe)K223+Nm>ifC&a&zciZQLp1sYLm2~EN-;xArUO1G*-a?zU zvW-S+qfh(ZSI*x~#fVg^@s!D>NO}o+y*TO1_PB<@y{kBRKLGukwoh6pq3Xpbmr-5K z-mU3J<-S1@!Q|tqn7pS6K`eDdn;H?89^U%w-2IS0v+ciDRCw!0;1emZ^(0u-7(B=S zXKiaO>;JvJwe{KldoQ1dV*lNleuxGU`XQT4LG1rSk|_Zv{s_Q1Gf50*#WEVI700}6 zzD|`*+|?|dAV!sNp(qQNuXDWZs*!YN+8{OW0@QFO`0CW%mJ~!~s^MI)9c9foAX?{Q zHXVlPv)}y|Rx_KE(vCkbRCe-RR_>_0qSRswFBv_|R2Ex%C21EgdiBL{CH9%CVEa*& zuZWu14BR^o8I;SQINeE+JJ4$HYm%uQtI{s0pFZjx)lW&pl)ts$lLj*DPml%dS!`saxT4mS%OU3ym~!i7i+5IWQU%TmD%wsP1eCNSjb@l14H| zaE3Q#A}}-Q^N??6U??yER!X6lBii|x&LjD@h|ZK{ zPJIRKD-fZ1>kiOV1k-GcRXEP&hAoo^Pz_m-uP`knQ;Xv)O-HS6oTzdFF3mo%L}8!` z+&3^#sBR1TyNPk4VmC`RO{hsMurtdjSZY;3~)yTHmCG5a^Uss{WyD{6Deq7}1$pKDrL#QqbH&f`0<|EzDW z=k9;jH$Uh9xtGsFvH#qih$U2eKOzEua&MCF-7d}T#b32# zcQ5{a>f?RxXA$|2GLqjQ5OkjWx3QJ2|GnOR_F4YBm(TBC{v)crAL;M<_jniWEH}i z;(`=&Gi72%N4L}{?8SQ6YK0O)6~w7>$ysm-P`JzWai>D6#od-5saBrRop2A+^jqx_ zI-i4(>t%jx&Y)Y*-ecygnw>cn+@R!HEz1)y%C#xa!zKGo2dFEhVmui0$WbK-Mt&Ek|>2tW1sBvlyY!tRva zG)SVK14*HC$+^0{FQ0pzjYj2_(EY&Py;SMGZ$bZs{aH%GW2?c=6e!4v0mGD;xw^^a z$oCswJ!{X;4#2zMrol{EXiH+53<;DBZ|~R&xjjEM-&dan&VM@!XCWzI&iTLbEa(5R zvG%$C^Zk4tiv9nsivMOV;9(mwKA<5z8}H45jMScXAJ&8blwG;e%vCUX;D zuzW`G5apLV1&f@Ga5U$MWU9%an#xp- zshPWd{+vqZQqQI+n7bvNx?;A-YJL5@Y3_H^Wb}bt@9@=`o@%PIKVRx3=BiUF6isTv znZL-UboY)WlU|lt=&Mv_GCQs;ke=mUH8CvbELEH9btkuG-DoHc6>x9;k~i&N=8XDw zwL;tua+EnuU^=_g1TzZjn~A#HMAA1X&f%2N%Z;>9Sw!poEEq=7@J@_Q+v6ro+S}ic zz8|Te_CKcIj|$Y0l5&o|n?WL*g;WjA-BT^M99z?wJu%zrlV%geBGieVKgQ<51rQ3r zoln&TG-;UCw|-Ly%weLk@=+xJTkK{jGUgolzrAk!e>U3dn_j!Kwe{@TXZim=K99V` zg#Slg74g6J=#i%i<1kU-FZ)!BMvE=oYj1bIwfhq2J|3i8ydjBuVVa^(548Uu>HBD` za{3cp!>={_?`@BJZxR7N7^V6*^x^$)H2#A(Cws^Kz$3w4Ojo~Y;Lqa z@Be%G?0&OzbmATCyx!aPFd;No^f};S!!>^TcJJtT|ILBjK$dcg2u@r$PE{3}V=6A?NsShGkc7Q3x(unjNi>?$SYs-;jBH33 zl$nlEY)rZ5*I2iK5@dr|sd8ism&2M@^s4&(JepigyHpCxFhZRZJ4#bHVOw9UuWdc6 z)t)}}4p}Vdl0Fcjv~qP34MHpFIB?Exh;lF2iU5e8KGikJbUM~3I3LC7Bl$$7feVX?!RV`A-OQ^*!5 zcO3UqJnF&^Kvbw=5lZYD-qd2@3f@$tdw}Ved^b-!rILsJ^&I!&QAmWPH*{^MhX*V{ zh{aN`Da@aJ)WcjA-2NX6Ctl!4U_60;eoczxujb0c%rwTyxZav z4;C!B9>*ZE`{~83hRJl~Bbb?;mZID<3J3NcGvfop;m30UX{wGYLuB5tL9>fY;bqjX zreLA2h-T8iq@X_fQe)3Yo2*xV1+w3ZV1Sg9)KyoaCAv{xX2M7UlBUmY2Be7P2o7Ud z%WHExxl;T*z}g0TA4s7cu!`DT?x&_s9$t(W*HW$QnyNPxVB@)q4B|8P+__>*opuj$ zM+pRn4KFpy!VlvZFC>wQi6B;v8lH>*4|%QwE{ToxzJd{l=-|q-y9#$10?Qsn>Ck7$ zk-qfVl)%QOVi8xNsqdIh&*6j<(+7f=!Vo<&Fx7VlQ=IAkVI4Lc^;bUto^}YQUL6=d z9IFEYYyt=4D!tqbu+CT-+r2n=pnF_)&Y{9tTnmouCdSl)1y+nrjjUrKVto1QoZSey zuQl5=QAE_vk5eqF%y54NhjHpsc~KKI@96xLn7L9cFz&{SM$u$f3j>X8D`A4!X7|4} z3X#B-h!BCZ5x{$ddOcE?^sp_k1_>3l6Vse+kQ-u69jWC*w?!zKgaHs9997iQidEbP zo;ggC*)>~j6suIdH+Xt`qjZ{t*5=^3s^V7!+$D}`BOd;wm%B06*PgYK4p|kiBJ~tm zC*C+7PY3pahsFHZk_i|=B;4&jQ9A<5y(z*j%~NR|3p39_&GL|efJ_^Z&;buGqrf96 z8)cJh4~he0196W*@gW{%YT&#)IQGcuMYUNawuXw}^q9kKt4xxnzPu};U}aEtfJOnu zuPVv->1EHiAeZ4@##F-%Ks}=xVnLtvn0Op=d7P9b1ANj#;W)G&t-=~7z_0@&muc)N zAwtb-6_os zuA8!<{+JSy3%x{gYu6}i1j`m*eAOCo`bA0^n z&C$!}k5_EnP+jTWMDKEN#4c9$l_%?FvG)^5k$4IDy#9-iw{X6DbpDF<@IX@ww>G?H z-z5v2A)HwwEJ>>hkvZZntyjnQj;2^oTt7n1Qy;=eMOfL7PW|2hjUS94g$Kac%@Dv7 z;Vz*EIN?!^eE#Gh1i+qnti6=19<&cfm$}7p|HdvD70{eaR7FUq2MXU!Ww-$SHywoG z7%fUDBV6ZH%*h~i$O%w_wt7bM$*W@zloPbQqrRM~%OgOoi@o0XX2@$HO|&L)i}B~< zU=BvNTa)3~etH+9au`L)pzv_1WA5&h%~GDY#1BJ%n}!(%rj~btRzmc0DqR>cs7yfe zZ$>VyeqVEMQA;#uqgj`0-#P8N*#x-(csXqMsyvjTVr9?!-a-LDc{7WUvi+?2K+?=V zj6|Z@#O|y8?ZpLDD>iM0jLK(7`TnPk4gmbP^X(_rhsv=`zwyzCJyL4gqaTR@p5elTnKM zl*>oDj6uD_qhqo<`kX`ZDjEz(H9`%2;t0tqV#!gd3gl=M#Zl~LO(>pDQp|)xRwC9( ztV@sr0VLga@mcBkY|K0|v)2j6dR)$x>25)UC8h8jym`6zihMfZ_#?sDuXS}FkXEKK zZDv?Dk9aIgf@kbwjf<=pb@$A`Yzl|Y+}oHcw1!?R+vsmJ46eON@E$#l&%!Hj7>%Z= zEUBP2yJrvP&xw1qam}wOPr-Kq-G6Xc77!I*ZhKE0UH$T=7o=B}N#KdIlaBX}-tO-f zY^EE7Qe7Hrns)FK{*T?#S0r7KY`%eoVITMtZa%Lq2d~fn;nhdsy?%EjZg91j@cm$R zfpvXXjom7O!1*+R;;#a%yL1z(0CH+ori|*S-Ckf7{&ZJ_(OG-ux8eUfzYVg;i;WeI z<)RD!&xi8dL;1#f)#roSKB&v7@AENz^JDtP#Q8fqx@TW5J(OKhaB$CJ$V)%AZ%!#y zQN3MxP44{|e~=_nZ2BnnT+%DWhJzmFkT?QuA2#GkaGvr~yDeo+fpA993abdK=7s_< zhq(5rIq>~Z>WdY$+P-KHQ>ZCJrEc|p)OL%p-ui-G{#e&z(; zbG(X)V-Qp#zcPnvd@UaIJH!`RlIx!SS^A%Mdx?_>AfdHbm2q2Ji;ma@?v`gY`@we-Wuhc>SBw&NY1ciI=7qZ~TiK2{%Q;mEaOq{fAvSfcp4;?;=I|O{QF;fFWVY6pF%hbDNxBA`;ItixS&WJh%a^6$W-5TqF4=x$|iBd+@|ebNN~q9mz@Iw87&zSUN^-GD zOT5Yvq|70K*ucT%5;ziK2S@7t8ejekEaT}Yo{xv1`9p6Znu~4V$mff3DrRFa-24%b z`{Fx)K8xS6@Hg~OBKjNPdQuvLrd~jF&ZLFt$wY|}m>()hASgN-lu3cDpX@fOE2wQ) zW^6!+|1S@2mN^B(k!}$C;~*UbIlV3Dr#RdqaAQnUAW9@^N(DtCu?9m;TLUn0xM;FU zjj|Yz2`h5Q9US|Z9tMd_Vw8hEh9rnIr)ku@5J*`#3n z@m?p!-uN^MB1|}N!-@s8Rj2iPR`ZJ+ii?diXwO{68i!9>&2Zm{O*szt540QAh8)#i z*{C139SOX>DiR;~1_~E>rXlE6E<|;B58G^XwOf~_B2`EB=sgVrS2(su?@7>OX>>)D zh9gpdQw1wmy8l*4IRT6DwBjz|8Z5xt$OnRE_nG~{04{D~wWle$-hw1w zZLt_7EP<4=#6k{?-vTtE!4M3qnuBl9KN?Oz%8npWHI^JfQmN-QjGXU@qbXP#DboO*!6;KKwGU4~D#NRe6(d6;dBTH~2hA$(|PZVNPWep4_^1@M~T0NW6(kb2E{Gyghefv<^9*0XJBnxBtN`J3ySvw%~N ztPZXMLRKA{<>YuWg+M?4cRJPoaiW= z%x}f`g}I0DcPg8b;Y%JW(%!ic)M-5I(Kui9RvQs;>T6*(PU{0kkUOQvMjKQX>@0iP z(5D9q{wqdHqyeG1v!aw_h*FuAWtBZ4`1ar1Cm%aK5B+m|)V_eAq(4Wn$@5BIF#Qy7 z%--LXlqBd3Cv4I!65X3_Pdw_GRgD+%O%N$n zj5<4sujcncqYtQ+0AmD;S&%{$M7WSoO)7NYA#xOi86zhh3{a;g44N)<=rfJ!E#V7I z`@>;~*(ru#SoSW%QbbWlgd#{{nkz`F3F$>3c_2w-N&^+NhLQCwz{(t*^|lBM?&2b( zesNXqun9ybyN(9fD5ZO%lh73YySF_tU?eUr_Q6g-ryYm$aECNPeufw z>(X;CgfPZ4Qa6gB3^`qIskm|Tm}GoZO?=$P17pQdL_H<9$~lm)U!S5k>B!%E^*WtT z#1C*Eo46Jde6k>p|L~`Zp7x z(!2`3D-2&|Jp7V5y)=}SAR;9KlTERCreJK>Q>?!tRGQ!v-e6A}^-3k5M_4Vq6bU`R z(FS2oyq8ZWTESAAZ|%E%+QruX-?t5H3{2Gze}NB>kR<}~O!geL^IM*3Oo5`BC5x$1oeNky{EAjVyB@`M?e1Pf^Ri zLJhYj;dqSpaI!vv3lCt+-NK49W!sqP7CQ`Qvdg zZl!n8pkjX*j2;Fducw+d`3$~%Own&1w;+`0@%HgaCE%s|VPe;@PoJ5L; z6muocxGKXG!eVQToyOb+?J<#P@G+RXzg3W(RwFtY1SCziBF1R!a3$d1%qG(WXt{!x zc?Qwo%R`_GPSqqAkWu&srvjCm{2~Z51}U7=6#JuPLdH@QA2{4msUp9qN9Jsu7M__U zVWr+fvjue7Q!_uBntLT{`tnQ->*oPJs{IEMM&h@?KdwFlP`>?VXXnM9n*aOto4vLD zXC==H>_75Gj0x;KK( z?u+&MU&XWJ^>4K3(o;~OJ(tnqAH;QK|QgbVcGNr7w@MNN!Qv*k4xlD?(BNt=|Tfy#B}axLx<-y9|q z;;rp_JOVL#Ghl!3duMSJxGGhr^Gh`3qqBGhxxwz*EPVSuz8v*L=?d0C5khLwr9B%= zTewT~_zOk$JvkDvp=ozbSElrK4gdR_n3M@UXd^(!>@G$uL)B?`P#AAFui`$baM6 zs8y>QV1fVN>z&t%|KHxu&dc@rZza!t$bar0eS{kSAoAa%a^;(b(RCjZjU&#Vru}g| z@WE1$`StyI`!bBSNt#!@l@Vji!Nx9emYGL=%zOIOki6OSelrC?Qnp!maAO|Y8qU$`j}+rJ^33iaw9O95lp zqzxN2y_hpP#8#cu(sW+Kyje63Eo=#}7bG|9Z78Z{RDHaKai(Kz=pnP;wNk{{y$$v= zOWDxa_zeL5^tWHW0=&Nwt2|AC@zYOU>&jCyKlHypKIwSB{NnxPFP7Bljg8I!0l!KGn;I?S)j@_AP4iEvxxY5NR`74HvAg#Ywe=nN zLPd12g25>E8epp&LYl`0d;K|_d1S3zg(4`{aKroaf!FAMID2P?m=!cabh=WhePEG@ z?xF#?=FWZJ_~pcY7+uB2QGpL)$=XLKiN`P>y#F#zkjVZTy~M@P-vgjev>mms_Rz0c zf_`|2&Ph2AEL3d{I8}ph>^Th?CPte;h_PeUeni0Xw}?A+Ee7 zFlZxa{b>^8bUp6PsWlziWFw>_Oh|J+)dnP+&2#GK2({qW6?JGu=dz;@Kb|$j^4T== ziPjod(I*(}I3R#p9Ly86W6s8R9)N*MhBzVw_H3lF&9~sAE z$5WZh?~=szo+t46pZUnOMr0#_t5)c>+g1;G&g4B^goyL=u-}X9@H}fz@y0H-C+&Lf zyE;uNRJfUoU4>g;4x73OJ=30^4J;j0!zKM#VQR#Bo54 zfJk>2{po+Y@t*yL4+ewDfx+&Ly zTV!e!3!gA~+^8y}ht5Y7D!X5n((9aE9G`VgIB)5neLQ{JIbSY|X_#6+Y~#Uh)W}`T z?Q~Et<(3$8F_!WnYkF91i)X^N(l8N9^055wI^%^9w7K$vd08iG$rH|KNF$R&w_{ zkAL0yj(%bT%~BF>3b@E1NS4*z@AwO$WCl(JL@<{jWr27&Yr2WRk(B=|bW;2#CI4?c zM_qf4aeMAIxT0wYYnn1L$g6h3N#VqvFBQ75jd)~Si3%Fy3` z=t&~iR2?FTZ8~z`wcO?|w>?^pDV>1U3vj&v*9-8`oQWzgc*P>n_oJak%)%`G zClW~tS~9N^t{{|4FAO(-5GG-Sy{3EOwRh#EY0((#Y3=bJOp2q#D{MvZ)UX#g5b=LY z-b+qoEGYp*cNCUCK=npp?=x&v->S;d!!*cF{nYdX+I0$plOJ`k#cnj|d}6pNAyjh= zpvY{f0v8CIL?1!o}T&*I=q2Cz)F8)b5UCfPxKR7S@cn z0C9=9L*O)L#G!Bj<{~_T_7;?5!H^0IW49-!L?|v!O4_>TxIzGKk7^mRvf|rXR*KY2 zZM)7a9tVjk*$6LdL0xR5M$D)2IKIB?O~LSo_6SfZgpzsLTBN34*$}9$k2o)TH;Ezg zW0o;7+ucl`P1`{M99L}6F=RMLQz>sq(raVuQoX7h(J)GB4l7=ezcRIIDDU19IfqLv zkyo`)PS!vLN+D7il_^fb=*FmM(n|@;B1k4-gxBM{1Q9|vK+?i6M{AW^A%n{Ut)|(A z%r4Q3fdb&cV!lxp!(Sx9iCAf<)2$2GOnBEZG6x9$%cbPmlXYowpy~NhLgzJ%H{8N#rL;h{yRay~dS4 z2A4N6mmXpF!{Bm$T|h=n^G=ZAMEow#JKdAxL!4T+fBNC5V@6J~ZiryoCnq0%>~~JP z7ysnGqs2XpV${Do@t`85dAFcW*N;kHSK*XvFtyDy!}LS9bJpvf^uIsu_N*8hVH0I| zc6tj2BZPiD4Wcw1!$hG%8X3b&mf1b~NPb%<$4FM@@We)TVJBQP)rWNeY}Qk`CL}fjoMTc*c4Av{xG6qxYn-l54k^g)M1$xDBId zq3T4pfAQVl|$x}2gzgleo;JDs3C1~2Q12yafgX4 z+Mj%=l_%5GS3r_%NtH1)gSAeW_ELzGnBinrfxsitz4O8_(T(Ua>vE{F=n$|qpa&xV zeA-RoOJ((?!k2o^q`2=zhh3rUW19_O?S>P8%%rg;3k-<)H_vT zSQgNwZDvpCr4hr_j>S(k&aK?!;*%@kX`WrVE7C|}Ta-UO3dVk(pPt-^p^`dr(;^+J z3~_4KppxgQ_aTC0=YuB4)!&T)pSi%}9F#KuOidKsQtLxl)wf96S00-{<& zg&2I!d}Y{U)M&wD)@reDsxpPVWzKAt8(xJS(1y6N$Z|htSK%nP`x?+PP0l7$8+`OhtL(1c zE6_00C?Y`umv9GgiM!OeKt;6%n-8Acp)A^>s^sqi1Foo3%XRbD8?iaXJE_*xo+$4A zLP<6Ow1@yWb5~LH$qZU~uNA3gY3~(U`62pz6ri?t`cQ^xXn3#)SbFnbz&G4J~I zNJL&<6iid>%x1%Yj)4o(kWPI9K1iS#$$qzS6Wl%bHt?8>Iczz50VdWa9wJ_=g%&>4 zKtB%PPf`sM)>J$?JPyAZXXg+yMeUR0cAk0DAvJdn^v*xPBGozX|JZrkKRNDQbk6$i zqoeaq&)z1xO}+okZ4QScy7|#;HeJAJK}PmtuXAq3ie~36Y-R}#4{P^^Mco@7iT4gA z@JjAG4B2-d@;$vu;CUU75znm`&Dx}O%DNCEF?SV{Qo6srZIJ!&w+oyS>^($0{`z&l ziV4t&wk6=6jymUy*xv#BnAGf+QQTggUMBf7Ta#~y+=+I@4pi_IaX6}p638-KA58EU z^L@y%n(JpVcyjFKuA6gBc5~L;>I~=h7Hc?;+=J=d(DE{D=Q<%dspzHAUXl4cr_CCs zxU>Pi#z`K_oq3qEyfUk4UaK`sbOpOW{{i!h5z_i~PW}0X|7oC4sqNrw`(<+y@ z6mZ=f@`Sfho`WO{H_Wja@=-}sPY2>?q&d27Hu83N0g{eCBQ3sG2Ip5emU%EFe5 z0%HdCI}C@xKoRq6@aN%Ri?1nLE>~|vK`>0oh;-o=ahkG_p5hX?RSVb*j-oZyR>U62 zrt*bZt8X?q2_5ol&(`j;T8I-3W?G_g;-Qp**)N!FrO|rlTmfEb<~icF@i5rj2nn>N zSt%Fun@%|84RID2g(kUWnM8trBQ`UOdx)h(*XU0>p7tGZ9<|etX^?nLByK?Z%ibZQip;R)uhMr( zJcl!Xb@VL);wmP{XsVUuZ1>jCVqwimVgAZl0F4+`K*kk;0^5*! z5#!inu@2}%P@e+6a8@fF#`3_FK9=PGTlxX5u|u6>oW7fmNm!kH6oODtuwD(X ztj_*L6s0B;V3F$$gH?`6_ef*&LNaN zz1GYT+^jH878nPPt2;#X@_4Sa1MR(fUEXjZ7))x<79qi|mi5KOoK$~Chy@WBc&q5# zWVfI+OJo!?(VL#I4NOgvm z6k28OC`swgXn#s1FI#43GH9(T*(K$CMeN8tsY1HBoc?Q>Mrk8zW>0gZ1sfzA z_8RLI^E9DWahMGdofLaNxn7pncve#$trlJyrmeuR4P?qYNu&2~)TpWqg8ZILZ(Oh$ z*%~j{2(|1PLf+0goEnUcIVCu8mSn{yU~%{G=!*5Sx3%|4XmFukDHzd--x@#`A&!pF za2`^53Qa|b70@yNdEYs;AJb#W|2`dFE}r+DJ^A_HclKVqek139-+ldN=fyhz`zjt- zHp|QZjztwjOCX{QVkAwagKV>c_bNj`ufFm`@St{s+BDm#w^^7*zKKJ>*O@)Obo%%y zksmFY6FZv zz7`Sm$F~2c)0OT2FLribYWx4*tM&fBif6g|zqpfY+n2m;B7#fjQye#Ch_^B>CS=~a zR5wG#0cB$*8}Ih*?j_n!ceDLguDsrDO{%^}v5WfSar~*voV_~fz#n5+`yNjFgGx{@ zZn7yQbJ*RUouaWi2Pd#+?`LPr+!*tWp_F;m6&>3~zXG7R)}y z$&LK7dwi6=5dGZPJF|^g{QmEGhF3>^~SW7?UR!yqLbX>Bj@ClUo?WQKvGCn zIR7l6jZtn#cYrl;lyLyccz=v1Abo5-l>D4p-ZSpn@r=D8Mp^!o8D{tkqq_UqS{PbC z@Yv+P+rjGOzumnTn*6uBmj71rtWf^5DrAU&GX|I8Jm&(@u)68wr%>e3AX<5wf|AB) zr&A1jxpL%!X4%C=O00AnKPb~+4N@-a(Q?#CF806LEPpv7u59M3YTz@O_9XRJJ6|D_}qd_6K?f&BOSwWj}j^XkpZ zwfwh=XNB@#uAR-vxTk1ry<>M~(H5;6r()Z-ZCe%Fwrv{~n-$x(ZKq<}PTrfn_r3SS zX=nX{^<}L#=QDbL#;09IYOO?>YxQO&G00hNtIb{Xf=plu;$*hb+dJ5-(;DXR?C?{% z(oQyq3HeGtns^f9a0kQ=o4w5!E-9LQcE0QT3c-g(n*7uWdHW|;A|g=-nX`--UI1+0 zLG(~>2Q*|!HYhWuaVRbk3SFlY943wAL18XQ4up8bo>e&qx)rXwCZqbBE&jffRHua| zxNjOef>6`qpOISKJ9LAkP_OYn6#Lg)Y6F?af}ir&XIQiPV)_5%fy2DbU>S|@ZgJ#X z_5yGl3T@`^Iy@H>*$l)K6sCr$OM&B_=EP|zq38RGTnWJ8yfzZ~j|%dI$GHeKD{zg( zn$4}!eJYN|l6O4Dla%|Vejf#o{!=;rdn#6)gN#Exk4D7nM1vAcYb&_NLOV+NXP`6{ zbK#-T#S6bp%uzoRjOpM2`!FNGKxhaqkHzEvbx5DXebBGBdmpl)GJDm z#eP#*OV%eQQ>BOf-MH^ze74Sqz2vU$`vMBLr1P9fe^_N-TzJKU?*0W-G5s(P@CD58 zLstet$qBgW@w}7f2i#m0=3PAeV5a39z_e_M992yFEB&Ug`ZCtsbDrRDKHOzNKYyeh zFmVbX@UO1(fFMPdf{_fueA8bGy5|z*ag<6dw?saY8(~h8e3Zo^?XhA9fI~G;n(BGr z`~X0&&z+I_GT^#Pa|fU??u_u+OBev1#@|RY98Kj5wI$H8l4j1$cx!BWc$0;qF8rgV zHR#+|Kg%k4W2;UE8BT)w+ju;_5u!??wASQ8=)S^MS-DeYxPP6b3;xtz8Pf}L`nuveDmpva6YW8sIg%iClQHF_Y%zjQ|r z)(AP0vlm$TKdLH~zK_CpCx4gHr^vk7-Ud>t;?EaN0Fc_l1nuiroI%FY0PgO3JxVwJ zy`E22bb#7J&DhUbHRfV^J_|&ov)Q59^J;6lf<_mA*|4gAJ@j+EhoupI$tQuM9)mFY z*{?-m4kkV3tT;ID+M5Q<-)^8pB$iHI0R_;e`IL$qj%i8 zDK}H|2Hs-@JVjXXb{}|h2hBHf6UCdwiZj$1UTGB7-aM941VhySTV#e@s{BOcUCVq{!{ALL6CUTgAHljxz8DO-$?`*6L6 zy_>!Fp$E#$z=}V*j|ibY7c_1xb9Pnbo>`!%(u9LBynt-!@RmQIa#*EHk|{h$jOdhP zazNhp17dgCU^Y6$_KX68hD1Q35N}f%i^Q!k2s2RvJ)Qn4(jd0pHO!_6!8&FaOM_;I zkAaZb;AJLepwmMC3jJaVix~n}F+!bEX22umPt59~X&MrZ4MVYa8=uhovC^PYuxkz> zVAdh~2vs^Ed=g0gmH?Jb~SteYW2GnZvegPp6!h*fa-luk7s|;z|v$8I(ndFK_nPaWMSl?SD-py znjxP;pmUXvdJ7M91`tI+>1KNf|6LG*u#5%TEm+Lg9%D#jvq0)gI=8Hx=XCNjmtV;F zj50HPjs<7zAY~(`mY9)YUw#ZZ{7G_Ntn!@_1n-#vD&rz~qvgF(`>`sCj&ToCmL3Tt zanCO|8t98lx%u={HX2riIC_jd(ufll$GVVJu?P(Vl|D063CBWd_kl@b*_fwT4_V= zGhiCNf8f$FK8$2K&IjnUa>>vOvM=2y79S^Ws+a$*h!3L?&c8X8w{uUc6-`x{y6dT@ z7Rh}L)t`cxRHaoQ zP+FY3*P^tc7oxVpVr4x@p-uj^*hRmJH05TrurB@nAiB1{pa3Yo_@9fV+I=Wr%eR!F zCiDV&Js-|v_W_-)564eg|2Q5FM3pet>Am+&iXV6h3qzFd4G1r6fWs8A5Zsr?!GZ z5cWnJ28K;25G^xl?3{tU3jXzics+t6e<$UDGjQ)kAUwCu!$;)`A;Ca79FphuIG zVbs#a)ldk)cCi`G`Pvlr!J{xK5Y<7ui)5ao)8an6)oT?i+eJtS!#$?cH~c0H#4DPu zgcFRD;1eCVWn_v(E|!B8{+uNpeo^ITRLQityy5RzOR1dUdm3^I@t9yllJUv5T9V8nTc6S% z>R88%hyoJ%GJ17ryGqN^WO`*@XB{%I#}A3*)sjjGXCkqM-l8>0Th$oqgO*LqHt5P# z=ne1{5aAG|4p=_%@RY%s35>uJda1?BCLAV_`e$4&fQk4vEaV^AJ+cRoc_f#<5uYL@n73PSEQemO>9=&RuN9H7d$LvT`O3xHZr567z!QT2vv z8lgpa8*Tehw%H;71uhY#2I6RgsM;eplWE;>8`1^0|J7J$HwB(BIfOs3$6W*;8ts4q zj67tik(sqSQ_k9!?a&=0;;FQ>BC=Wx65y?rOUlmOt#wa^wOMXYk~w@ps7QvtXUaDg zUA+|f@$-XUb?>G!Q4{MFk1|1>r$F#BqEb@twZU9kl_4#m5c+}Yj%!%0LgqZVXN`{j zlt70u2;3#GCl>rie9~UFcKQ_>p7z+{6T5CdMm<%8qleK!~R(- zt8+va=P(mX*OS#C6k>)V>0;d>i@@&yP9zTVv})eM#xn53Q|aK7zGOCP^7Ocs>Z2^% zV@UixGC4Tj&v@~=xsvSP)QL*{q8MJ_k4I!EfGg<5uRH}rlMypmY2d(t33+qyD&D>_ z+Pf^mAg$a|?NvJ$yl@pnX1$ULyv`|0!^gSyTie4X#L%Gt?le_FHhH;J(=uX!b{Q>m zUyy(tq{1(I8GVA-dPvd(+{gGo(|d+5m!^=&holSeVc=pkAdS&vLr%6L>V7?o5=Qz7 z*5;rrz?~?ip%T;)H&hv!e^m18eiu~`$TYorl$eYKBXJ8i zu#@Yp2yR4S)20Kghp0}QM|*}XozHc0`sUzbmG0L7eGDO7g)6GU+_4E>Wu{k)DD4v? zym;cJA7}6B|AxQ47!yP4HBpp{z&?6^%Xx3#8Rv5=7oE`L+o6O}Y#RH&=B~1zyePhI z;yd|h7R1+va#N_ZgZh6twtHZUT5?19g+rfx0C!DK66lniR3ZFah7bgvc}o99`#*PH z>D`PXoJb7Ya77^{x);Ka=FN&{i#q*AI+d;1|Lp=V-o*NaN-=md=$LT4$a?{snS%nu zU@wV7;J8Kl+@AbtC1>dk7e3tF^=xB3xMirkxg%5HxhAslP1MGNQ1e*J<*E7u|1lW& zIr??wRoUYO44MmY9^U`CFoa{EIo(Gm>Ge9V_<1ilYW&C4(LAv-Z^VcX=c*-Ey zaT|A{&VD6%PVM7h_~UzT-0|dcV8#a~3}kJBD6Un#o0x4 z&p>=udhTjSJcW|gvF!XBWO);{yM%l+<9&xdUVn1|@ae0WUAb2l%}@_=5l>oOf;M0D z5@DU)s^DFG$LFPhP1Eib?fKY%98|ZM$!sg_W z`H{iNU_qhcyXk<*u$0U`ESk;pR63F)K8bk_(ej?0*#TpbI9<*iXV!M@B||1pBs5WF z8zxcc|AN*aipN|(@+^qKoadJGs-ziSep^iLo3m{MCryK-5bfr%muoY!8VZ>$lXb?XNw4KX_dZR|5`rtmaP8ERG)XzMb~OnRxH2WH0MAToSiwXmW(X93yYK~@U!kGAlbT{aq$g^wics^R8rz@ z%_mI?qD)Ou=qF(7kqc%jSfQ$t(0?*Dp1>!b!^>;d&HGV89Xzgm4B5p8S9HNIQX>!t z`P~+;b=J5QSF}H40lKYW;W=O%IM=|Ba;BXFqhi?{hDLp0rB^8JPhG88oTG(a4$_#a zTG3Z!m_dzbtyu~^1=;eO%dLi{*!-NeXMLM*nd0I2orqUNjkb1ZmadqgC9!1AK4fwi;N^km|$(ZIT|zo4d*px4$Af@ zfDM)L^-;#_$8e;p$#uS_pxLV>zAT;@+=^k-^c`X>XS>ZM!Q=?LvAJrP9h6GRZNcT4;NN#z)nfbX&#Pw0^LXX|1p2*ZjoTd z`X~5{b*({0s%4>OV-UI5MXDZ<;(pr2eH-THeu=!MiR;XEkS9h>xnRP;bO_LhNJT4+ z{6ei@ImiLt49I9Jxo`Tq^{9=y&q^gPnw4Z~dTFL&hE!POebg~7_Pz10H&k0jgmC?h za)pYs^Q}@fzW{z4v9fC4wPZuBRD`UJfeN3sDS2i6sVslKAOu{zy4Dbz4L%DSoA3Bm zLq-P<90-?~Grn8q8)wcmP1oN+(?a;}cuJVVnCr*F|f5+zbz&cNQ)7@Ha;*7w$|lo@8b- zG6mRVTla}#Q;Tieq;oI8S(qnz8N9bM80#Iz|G;P0t`4wJc z*@vX6JG=quv1WgI$;aj<#5#gM$)A*+V4U;S+K-eeH}NhpdpM4fh;FpHXvt|kwBf7e zGtxwXW|&U5bnf|@wLoY;{9#d=NJ1G0ZN>rpDO;k^rD}qa-FlqP9QPA1n}1#HDeE21 zT2*_z4PM%<0>!&WVwEHjXFZw@NKc&F`Siec+ zB28M$kR@TNU1VdEMiJRe{`EYP_>PH zs;7}lbvSzAa9+lc=E*ATeX-zm4SPX|q9bqyi{|4D^?dbA|F{lYQP?mJ;a}C3Y7@f{ zrAZ2&*4g0V1-f>cZb)qwF``l1u*_5W0#_az?){!i@&YA7`)q&4z#X@+sW$^(v+qjB ztaH43!$fM?0Imdp4|rEM#yrpJf>l9)weHoI*5Nke^h-k>M|SCLgZp?D6$|ZG}h6TSx6u&Qk0ycx~-=5=)e_+VyIVM!_rI5ty7Knx8CxHxI35cV^2CAJNcn&#XL zv0B5Z5&J@TKL4cbUX>bm@=+j_FYhF9%VV&X;iim3u8ZSC<&@E?UqDMa6+h&f=!DI= zVD5i#KM2|n?iZ`ic8Lv(O3p$pwxe1olTErs#|x+pF4!X+<7o1=AD!W+WS)FzR>Urw zAC45R8MTHav@&-ZEGgqHPY;%28Hp&RghFUlWxC|b$qWhvI)J1B%Z~`>+ zO66Y4@<(q(;Sv}fElz}C-2_u4t~gLFBSON9U4<8V)W%T;=NZ_!q4!MHIx@TP;qt`%gZ!w` z*SMnVMK;sf{nNY$CYg@AT^(sE4Dm10JoDR?t7x>?K~%-xvb@N*R$R?Gv~o}8o0^D@ zfs>ic%-FIt(}le8N|G`pJ3noLm6%FcrT7HLc52n2+0$Ca4u0H^y`c;r&JZk3*dOG- z`h)z(s3KP|wcN-Y5|L%@>nStYkm~;j`B4d(i`>eEyq+ylMJ4(%eVO%}-L15N2E=jn zo*=$G6zjmk7&T(h?Havk`*9Q)7|4}+{uQ%GCK9{L!3h|`D9uout(Svq7cj9crOl;` z{6dU0(_yct@x(^O8n`!IjvTKkjcm=coiIVmnvD4V6|jIIrWz9zWNozFzel!R-A z4p|F?B+68rG^yQQZLWHRWWD!fxStPkonbjhiniXXSXto)&Wy++W`l&%+N{?UYBBB; zvNX`_0gI{aEZuQPj}~RyM|`t~gid2-e{qvCw=evq^t-UJmn{I+9G9SAPp9hsF(gWq za+l=ut@Oh$;sZl@yl8122QycGs<& z{#B39gVW7$7KT0VqpQ99iNdx#oGk{w^PI)EC8WdFGz~`tz4PAOOr5-^>weo1q=nHcBUf7pWL8X(7Ej9ofnlUub6yQY6{e za0@C36>I0;r6I| zLY8hJXH7N{DS7tl-Dc((lzA~lbBt0<+d@b~Qv+bV+es}|jl2ShSr5Hl2#j%%#Aoem zYy=$Yue);FlEhInMZ;@JE+fPum%oTXWCJenlVce9kw7}KsOJZJfUn-G#+o*qrr2MH z>l;hP$fV9F-Q3-Y%IoHsd(af!mD&Ax)$c5L26a-vRri{2(YQZP?aKYmPxNohA15MN z@P;K~9zP4d;Xt5k6<+-m&y+=Yfx>Q49-_!0OuqGjbk{RHu$nDXtbxR!o=p-YFGA6j z{e?=g(GrJeIeB=nh*9oXx$of0C!*~{%j}b6EauV=91$J4^1t&JqXS_q|KQRor5Pg< z;^MDa0+PJ6QPi41OD8UQN}49h!PkKtaCf*X=VH`c9-)`^vbZMHyRMmJcKO4`RH+Jq zl`jFZcHfHxVCZMSDuWx^*DU^$#top-L#-50Zb_j2e7&jL0k^2LbWz>9zhZq0VL&U$ z`U~xHPGcKoa@F9bGAwTXvb7C}$aTgjqAnWtu*y!_MBxJhoYfsE7!a<~;~12BsqKF$ z0UF}C_~TOGg(aj%kO`S!*4HEb388T^>ddL^VOo!cFi4?We5Kg*YlvXuq*S)S#UTbv zs5#QAa9uOcV!zqaUppyw=Bt-O%2(qD@yU$h^ty@b0x97XK$;mYKQTq0j(WRmBd*AtwyUQczW5D3??9#gRWq|}Y*OUvoNF$XQI zpvfdvYIW&YlH0bjpFsn=({%IXtj{7qiY=V0)<3qsH>jg?t;o=0%`NzZow9y4|5jwM zF^!D>lSI8F>J9Sf6U36RHNuL&a>7BjwID!s!H{xOtu&xcZQX_c=IZ;be@XQ-%nJtA z5!aN2`|a?(e$H`D>C(CQv=xF!C>=V8&W>MiF=@? zQkB5Zy50kV6|oAo{fp{M5f_f)B+3IQmuPN-TsSulehDZ?9`V091J^_W(ZCy6?eJ;u<>3MnQZMqS`~&4@qjgX7C@BF(u%tI3%*Bl9T zpiJOK#p~_h=apIj(-k1ig0>H>j-Dz1^z#MUHZ2OUdc7U}A4+)Q-U#R=6YWF?#c#n3 zFpJ_|Yy4-tL!!)+7rP4q0nzUIu#sAE55Vzxa048w5PR+{#-7Lio_g4pCB{ zJ?1Z=9W(*3bSObb&{7_xPnZO_zvx~6?5h;;u3i1~C!0-t>s5quAKRxu8K-?e|D0L<=|31j=ifENz=#tI(}NWdQ5d$oT`q`R~0!J?PR_u&3iIj`q3d~v$u1*i9g z<>zv>W=&Rx{Mduw3XhG`dvy&!8?B73A#>2jDanL&f`(ECpoJsBi`BT!I}!N>gY<># z5yDnEsY1`o*6cak7a^EV9i;Jb?}9QSgBVWKa)_Zj@mTn>xa<<*$c0EN4=c6{*T5l$ z5hMHwiDKl({S|U+W2#HU__|8tqJuEM@yyPyEIQh`J+gT0zRj2#Ml48!t+3rci_>cx za?eTB@HK92lVFFJ-wVcV;nC}JGA%Ady3A-8TB1i2oCOC_w8p{;qkx?6iY`@epcpUw z?Tjg*38bl&4u=2dFLmZo75K_mmslg&33I{bFuRr$lU7Yp5c9!nM;qd~BPXd&B3ex> zo5p5Jp^e=nuBa>8?iLWMDKbGodVtH-jhQvB57k^&x43x1??(R%ik||6hZ9n*f$NW^ zwCCA7=b@K?!0r7X!U@I~95UlGOkrBVs${G7=GWDQxN?wd-Q8v$mTcfPlWxm*aNnQ= z3mN<;YCYKH4bnO5#;NNJecUWJg>W#kFUWJydK^MlVr)XUIv1>W&xgD{_DPP5Oe*waa7I!;iU^_y*3;is{M;8A#9LBy zxW7~$TxAj!#vG{;1BxFiD{oo2WRcKnw;$PwsFz&xR?X78H5I`fvT} z?IaI?n#~}Q<%2wG#7q}gp#3sP5fLCGmA)M!HstT06PD>Lq(EGLykp{1co$G;44pDn?hgE=`!{*gK9Sf5nZ*+~J9!TZ;(TL?v5 zz$KEVArpDcXAWqO@R7yQ*Rg^`>^scm2hxlhvJ)aM@m%ST+;QF(edAFsSZXJP|HM^) z=n$6`COK-|2ZLZOTd*?nyL*80P1Ld{y#D7G1PE|+o~FD>C}a^GSz><^Rf2w3@28lB z$1YB$O(kKdXR#A1-doseN3JK&v2HXR7TtyIt-xt%*jhkC9o&5gpKw#1>z*BMF7C@F z0mC){tKW8lb2x{=6{69Bg$GV=f57MC6+<$MBJ^J+`8kONE9N}OM+v>B!Bgt%hd4VM zE78qIPCF9-%k|LIEo%}c9ncH*HyJDz_Y3L6F9y@zC1s?M2CW?c&N%g# z;U`sM2cOKq#RcJ6QG>JpR`30wqYn$Bdl&{fB~E*iMThwlPEK1q2} zm*5^PPA51L3FBc56%0vGj}nhL%$ohheN8BqT`Z`{kU*t^$3v+iXP9W2$Ji8G7vD_^ zr-z3aaGGc#Q_@dF-Qx#TIe`~@xt zLx`qc{S@LDXBTWaP3?*b{`L5YAK%>`ym1YLzMQqmcqiw?8gdjfo*km-)u@XtmG|11 zlyV9=DHlt)BL^*k4>HAsG$vn&%T_F99?YF3n82YrXQ7?@27VaJ*@st}C;ZJO)FakO z+J(9rqpB1oCvA?FOt#haoG^r1%)`H$$MP<8%!4cA9&o> z(y1CycnUIk`n^U_?!o23+2)L=h)`Ip+zN%SaWSR=H!p&jg$e@u_j^dAnJkDG^fo$Z zGu{-$X5s$6v;gr@EIfaYZILO#%)ZIyM{MqaULmMXxmp%nGuOrG`i4)lV3x@w0Ds2# zloER@?2gye>1f2h1^BgNwl|~x3p#UIiPMx4?gvA&6*f-?3ea!`tH2kNEFEfFAgS6I z-`pFlfh6=j&QTdKLIfq88Zx@pT2oS@G3K`r%`qp^f^dSDlWLNXjAPr`tdV!@;RTrS zq}8YYQBfr`)tcDjP91qncu?pTnRC3p_BO9SK``61O^BRe^obDU>Yr43q!I*3$l{vl zcc5xj1D<|uCbBVmJRyo);Fd~+auc3<@N0`VWQuG!&HN{aKKML*7vA`N7EVGMQKrhu z26MHt4e}2JJZ6qAN;J}MKBq@zG{*Js6%hFwVffLSH8jq+5R$$U8sY+wz*CQewF~NB z{KN$0xosqaS*5Cx!2=r0;0#uU(1(M@8v$IKV;fDm&>MW|=}Yb1FEfv?#Tf?uysX~K z?|W5)+Y+XhK9Ipkc007EQU{d7p?2?gro=T>Me0h2XT={bIsOk--D}b_AK-)p|E)|r*LzI=LjczpHVhvua8>?JT2tE4|lLR zuXG#z$0)|W)OdcgOa5RnWnCopk1JxajNT^R1O0Z5<+7rvn5Syk4v(uoQIappB1OER zP;+z=eVE-#qJ)sltmMKx?#cpna>!1!1tmE1{X2RQ?f*N1Iabk2yi84J4?y z?2k%It|1+%4u0$aT(2?9h4owexNPH|$I*{Nadhmpp#K`d({1EYfx{e1OC8@Hl8~o7 zudj#4n``Vns}`xld|T9R*9lW`2(HVgEUN9%>lKQ1#Hkwo#AmcsLT%XLH19V~ZoJl5 zB|e3)c~nxMZ`$hdYaKEE zIw1^8;ly?L?JFor{)wa-ikNm-%G@_9vBT@W`B6AuE$Zprs5GdS2Un_vj;mYBr)H=c z!g>!D8w1d{cKz;pe5h!rLO66&XS@_9htxsh2IOB<{pl{9t4LyyXbu?G1DhSgL&S-! z@JnmvRc7CZQ2K!kupN}FGR%SnGsu}<7YpgkgNF7YOh_1r)jK4AYeJe87F_+#vb8d! zPE}Iy6L_vImJ~S7R`Jq|N=OWyke_f<8>2&(ntQ{Ag{Ke!72Y!G_21QUBw_JBfy8hc zNdPwCfwEdM(Hf5e*6kPk`cE}9lkMZDO_EMdNR?ITa9GCjHyGi`=sF)lLBZS5z)8F6 zpVy_EYv$GU4sz_gMrZN9`BiF%o6Of&NAWi~n{I#^)Tj#DHNga%>e(kBcPYsDp_d@l zRBiU;67yGhTQMljU;RP??JFG2!&P!m?UVsD4 zN66%%pB(9_wvI>V50N)CWDKdrxVU5Ooxeiw7uT2D0S6|n{e`wqVV}RU%Y2N^Tg-kh zHaXaQCo7T3i^sF`V^#efN0nz;MAjTJZN8s{1!N265Zk^bV)5CUjKnwn2}5%CIDfIDtyyr{3utP zN)S|tvu{FPy6~SIi#RVa&%5#s@yI8R1{$}^aMBrO&UiPlYk2>J;#Bh|>dlI%>(G-_ zZaiF*#e(#m$p(AS8x>}Jp0`Q`MJ`7_#RjhpMlUw_w|-=)f)7qWTB1NSg~eUKASAJ1 z022X;5R^*ZAfZ^ZBm;i|QmMRLRh~8`Qc()updM@MB#%t-V3gFG9rJrcss#7;sl%Uk z?m)VPwLn?v5u4{Wsl?E+SFVLXkDWdM&g*3k!@A?b%wOfA;kGHs(+nKx=s9Twa2~9) z)rCLke%KIRP8jf1#95Ca=SFVs{Sqd;0H#KEySF8n2o8eZT(Gix54wSTge9EmR9nE+ z?UQ{U$svuJ0sdzPpXhaxbK`YSiA`RSd|3R+v63o9jd)>>rOA1}JI#i%0Z}@S4g5F`^m-$FCgR z@z3^!ugY#Bqy2}d@{#?KfSKnDT6_?0#C?uEQ~;gd`$OR0RaUELwv;r+FigW9KbZJ= zbbGuwg~cS)8m!zPqa_q9c{OF80_#C(v4vsrlz2lSiPJf3PxWG^k~Id$h;sQ(4??bn z#W%76sn~x<>?O@gXfL3ZvYhNznob1&%-Kq#7l!8J`lP@KG(Avj@E&hU`tJh2y(8dc z^m|*}vgEil)K}Ea(||16n}Go-a+a>!dg&$kYYA}z=BMeapgFI!{f<)!eG7;;p|bOl z_{$$q#^jVh_mbN9RvLgXEA0BiCFbpaqM@_qd z%qO_oTe$5g^T60YWQ)02#(74w#!N%G%9-KGeW>22|C&|4(PbowGhG6enDP=?#i9r#UAqtYeBOdL*2yk*LZHrk99)I=Fc+lwn!Cep#i@&f4p@-}F?LV^)s@lsfOEsD+fMlE_cR+N!=6;8ZLYB=ybQ;3})zXEJJ0@v` z!wv4$h7l5S$Zj(lzSg|>R@`$&C`-N+d8!)(7HgLf!kI%mv~}m^UZ*`(lk!;}zBQ)M zJxLhx8^_}Tgqak{Y7Qa{$`9SUhXb~@2BgcrV8*`OF+8CxJ@Vi2rbiWDPn;wQgyhD% zA}_k9@hc0@_M)ukMdR1ag$=?zIoy}+v?L)p?%F@^#^&JfR+?Xw(I?R96aDXzbzis2 zzbt6xmx#!og6hmoam0hgFGi!-{aW(H6Oua$apDk82;>7;o24EJzsQMI@`-Dkt@*(O zP3hwX5so@CZiVik&|gNHoh+(xwP?csnpflA4+SP49WmhRWsT##3b6*Au2@f_5w!se zKi$Z6H(dg2(v+=0S2PEmf1@E;gD-0dH9LVX6DYn7HOYPYfF-0>dY!*Jok@5{|NSo0MwOB7IRx=s0!ReHhmUb1aSfT-pX@J?6G* zN;xju6ap?0zn0@qMltZ%6#g+4dj2^ao+&_5AGzep404HU`7x9cypO8O;6kkm#14Qm zXwlMX%(8TG;&*Oa@CQq-3%u{egj=p?EX4~0S<`d;*K6qWR-^8!|AZagsqF#Z8ERz?FV&&%;Kl6)i7B`ORxy@+r%O} z2D=XEdCq(2JCvuOdsxv-gb-ui1+*TTK_AnG1J*yG1P&o0xsyixCg+#vnQl^q%qvF< zon^6)^=u2W4V$pSlMP)u9iy&ti1f+YS~WJ2f2mR?mY)+iT;4H{RkMHm3Dm9v)!4BI zx){aD+z9xB2I1Lp7d0m%caH1;!C{%@quWKEUDs;T;xy-BF6NtlxKMpz;V4o^9M_~F z^YqLbPFD)d=F$t&9aexSLZr0M1>;@eZf_)%q`#~&jXQ0KV~NRg&E9K%a@sTBvSL z+~1?3^1IP&F-f+P@@@8-9s`x~RMizSl1wX(+4n8!nh-kiW7cawaKCx0ap8e~Yh1SC z)64~*$qVy`Y^RF*f8|o51{6{W3jec9^^h4t0i z2638h=q!v7;{CmgfmXD&p_YB&Tbxhz*_1Z7$o({laJUcK1InR~3TBkN8`1^Sq z%C*B7&9DFmA!yRR{$I~wd(I5qP?3{xQ1tQ<@C1sGyKynKe$xgEv2{t2+zwMa3s$i6hO^+Q25qz{ug(!@O+bzI>$}w{2up$!Tz(mll(ua(NE04zZqJ{Vp0@Z+N zvkrcMb!>UR4<&x(Yd7bJwv>?>8PAh%1(HPuZw%n97&^!|9iV`6z;*Ufglx5t#mHmP zRZZ1VmtPM=?}jETz2`EB(cK$b1FWU}mI2=fYZ(Zz&Y39#I?1Od1?9ecMrw7GiG1>K zppQz zdY3*+w!-e8mpY+u)mvV!&B4msRIN#Ky&ky= z_IlUd9uNDmkox-FpGmFCA^_+-E>5h^|Ld^!wePuA0si1j7g;afY!}-y)u(z-`c-W z`DSeVHK;AB6>%e#X;n4dk45;5kd5reyw<1t^K#^UkcBfrQqXY~&|);fIS4??M#O5k z1nHTk)E|5r_K{R$Mr+g-a^c26^hBqnXQiB2(t}biahE7~5=Hl=;co$&4+qRVF~L=? zypyYU0Rm(Eog5xgE9fs_C)oLxK|_y3RZ1mY57;V=u=EINwfYeAg81GboHTL38_-FY zv|WsvPRE6$x-x30C|$*r#j53;B(~0I+^(8TpKiG!i5ti-rvBdEfUHORoxdLmu@sd; z3A2MT{K1<6EPZynti?Cbuf3jtTJs%qh57H^qANhH`-|Jke;h2!mw**8y{!FfxgH;Q zBB@Qb^?=On5`*hL@HwP1nN_Ma>0X6>C@O29l4Q9oIo$Nh$GDS2jmNQ8?(r%x5h6Qr zvS%T$)1?qRG}2XW`X>AHAC=vtRx)ayUFX-pSnBp6n@O`SU~mcW!n>QrThAh$Wfpg9 zz7eefQ{8N~8-IKHApi$0kooQ^1q}WHh|W>pc=NZvnf3zw*tp)m^4@+63I@6C2Iq`j z*Ae2z4$E!UwZngw`(wooYDS!c-kBYRPAeU@{32g}+ZmO5C2&x{b3ZW5DnugwCeF)9dfoy!(waRl_&6x@-d%61u#zw5T ziH^fftr2AT>yHQnp;;ofq$RTWiOJy|<8cjL0d4iAzgul~N^wfCCNg|kvbkd+GVs*x zX)Z((XS?y>LSYnm+ZdyQ2W~{jw+S*SPB~P~lsjl?XJW;&X1s+ER3EU6`izV% zwUT^vfqn$v`91A5kt0cmc+t+3Ffm(ZZrGs`4!K+W6ujiq_rQ$BJf+b>MVZpptp>fp zsinplY`x+KmXR@3_^;Eyf5W%xVBT<6z%MJ!;cOt#cCcY5*By1tpPDTTX}5OC1i@#)^utf7j#gC^^uI%*10|sFMxBPO)yghKxcC zu3yHE1vV7KVhEHd0EZR5dMx;%;tA3uGqI6h4pSKVjE*}aB!s1dhQ>N6exO19Po=NZ z!{Hpy>UcwDrju$p_iw-Ky3kKyt$EIE;#%eF4?@Sv!;XtbJMkA_dpm12^BXX{@!gwf z-hLvmAIaVYHgEl3qp^tuqerdogXm2|qd48DxJ90x2d%Yu`bb$Ik8Z2X(1#r_FZ7}b zKRE36O!zAMOw0oYoLGbiP1&0^s}fzWkq$^WkF|fPDjgXyrYw;h~~-8+mMw?#67{z zjKk1F%#D1b3{+oc}3cJWMqa3~=u<;jLrnbcrMUWqC@Osc!>=wmuxNMtj6L(f% zmL>fCwZ6E}w608_k=b|$A&CVo z2nV+?LkF&2zw2VAZ?;@Zj77+bu`EU-% z$SP#AytGF7y-2{m_ctxMb$yRT2E6Oi5}Sh_33dqLWsqN!ggH;85n*Nq3MiP@$}2nQ z4r}ND*Q^!|qVM~06fXrd#$yUSeuKGD$KAynAo`E6GE_r0vOyABdC@q&bp5hGswqKV z$o+T*3&uoEZ(ck@oPov5XdNkwU0>MNz9OE$ky4=n6g)U%4Y|C}UkvOG@44RnCqj%l z_2UB^n4Yl;MTpZR*slIDBY3XY%GrB((-e|k5w*AX*AP&*A$l#m&!SU6UJf{2>s$9!VWP=HoVOg{ztw|n7qAP!)kgRT6gps;1ev4 zhsj-sDQcXZ26GvQVO}(*kJ*$CYl_=XOha`Ilk)p%)WQ_@h8N_7Ya`+Mw+IvQw25H| zO}_I_y6|Rm)cuyz&sZQEj8qrCizA*2L@W*;ci&kDw7v;=h@U(md?1d}MPbV*6i(8I zE+N9xLXrW&0SG&bTyN zIXOPxe^)gGUR+bg#3ezJl;PJR`9zxZ9;+H2pKDfXtBn^!G?Nqv2&5U3AV}qK)+}3< z!B%Nk_d&UaI$C9qU+9RCuQr)OigvQb(dUCk3e(XtE!ItUuZJp|m%NSYUG^IFZ8qbF zaKa)e&FmXk&wMgJBv<&Y2m?5N z?2d#?Gp6qq`AR*r;AMyKQr|@O)t%l3@v4APRx-9Vpob@a@6Ml79OZj&&ePWp8eio+ zAj6l5qX^gkN6vjxHEF$UBly=VG@LfRYAb1R`HvIu&xc7K)yS+oH7;>z}Tl62pk}cSVEm zSfe2(P&Y=i9z)SwRqv4zE&;NhuK#_~HYrbZzxl~OZhCPYqTLy8EFkB)bZ6~;2~PRK z3B%`ebA>yTR&L2ZbQ3}`3INLzx7=;Nm`%SFM@W}f`p&m>$4nPdOQ$2$676*x28c!lgGUGaQQ$-E!6tT^aH?sk*xLr`1PQvEVlql5SkQ8$>r)i84*95h}*; zQCke)-Z=gDID_AMQsx~a3dojr7lhV${xPyF`}}@l@^vZinADQ9ZK`Iv*Hz|9$rEz) zIP`IcAl({wmEwzRalBE~B>l2j>D#uNH9WZGJTi4tn*YVff&@=9I&zv{tf^ttbi40C zRPQE)8i+eaz%kbp&n=msx+`qCTn|d$35+X5y`3>OLb={wh#b(~^1eW9Hb!wgQ1=$S zxmK-HMYv3SCmE3mLa`%rR-JSml)*@OYWp0{Raw=jnU!l$E$4e0UM4jOkj}6c-HqZr{>f`9E2|%-wpV6A;fj07Vc~YLiS=`dXDPtYVj{}YLLh36RP0Y zm8mMA-2I4~uH|*4PkEjJv2d*FRiDlWnZ>D!iwpWy^GUMr0yGV0P5?>dTI z1bjQe={#KL!->bW6}kDiQpqc)M-S*<7MfQMnqXb029}*%odbioGS=bngq)oP!_74z zX*vG@G7+8i`3M>{Kar{E)t_t4(nlVT_r<3IjVFFQV3m(2puo7C_NTOxkFIIzwPuL` zA<19QiS!rk0$AD_At^D zcLXV$#@)R(ohOR(D|B%!AC=Wm`OK92Jwc%-=Jz%6n@z;jPp+?O`i z|HIZhb_upFjk0CiW>=SO+eVjd+qT_h+qP}nwr$>8d+mewj`L;yggHh$nGx9$PqV38 zmjigm%n0I<{iq$J_}G>Sw`!)@c!ff0x7T$Xf&fC8DH};1U)QcBaYm@`%6T~kq|z0&M;Hqo1@D4bjcWaRiya6cXMaf< zsAgZ|<{vBM#Nfc}tB!d2U1Rc8^M|a!TI|mnUWln4q!K}g=7inyLbwqdF2qKS@GX{`r0E#B`0CAEu~C z5{@bM4}8r=#vdq}tdKj}-T{(ru+{ttG%|e+E5)0*aj6D8T+rtt8UU?K3xJ`FTXHQB zc8CPMX%x6N{+z{gC7R9`E@ZOdYwjm)VnjF);bdTj>5{a|MDotHVwVfU`6efZi6sib zH+6UigUV+EURW{v=j~f4L>>guSwy7-k;V$LRKjOx$*=)$?qNdvzfOMBpJY#`s4K5T zNo7ZI3IY$%ls)A;eI zys!t!K7`{lT-{=qVDF>5t)yQ?GZz9e(fi}!{;3Vd+p@6_)HUcXi9klv=YC8J^f6_Wp@ z_TCVXm?zd{lY759EuX*Iuw-TVG34{Hu=WWW@`03Xn`R8_yPte^e)CA#z>+fEu{85O z`eULP@%r%dc4}3=?l3yza9-o!KEH*K;(MTH-h01aT=Wmu_se{@K&$3D`>gGhoVtqB zP4VD3xmPT0KlH(I0=|L{6Zf;^P_xg2P_KoyG5q6%`ipT}CMC+~_kHq&k-p)%qk`=d z$_87#fSo;gS)&i2X&TJ`IHPjo|5Zk%E){npG--*hEVY3{D6PbnJwqLX1VhknvWnDh z#%zgx*{%&KEqvN~&+@*zzBM^m3r~+WHss7cjgE%kzh};04f4KkI#)mMhur7y-G=Hj zVY%e#_x__>f~&3-P^lm4s)Vkn{gJMlr28L2XYh~E8JTdZfdJ2UGCWTpF;6c=Nm0Nk z;d;(oHGEshJJl7xz0}G?17PJ44>q2Af^#8e_C_ufydAPnFj-8%5@lK-6KP?wZ6Rin z;i`s&{71sOv8bUl7`T+CnwxRH&S@nxCbr23;)<$c0KqiEtTs2Vs1q$aeTSx)B7GRY z25mYD^~1U?xt;^2`mnc!?evk;3Z2S-D~=Vs@d=U2LNQy!Rd!oEmx)8qC){Qg2WQkrv*YRnG86eBOJlcc z#|MB8h>(K}b2@q@;LVTJjXu0oA_9709U|t({EWD6LU_Q>adh6UmZAB_12JVZ)TCLC z3tgtqG0~ebKS}|5+>}2A5tg5Z+Sfs?xswd`LbNvpm}0Yv>DLOz_m~_8*y^!Se}fN0x-)p;~)0qYH(B~lpwmg@=Zwu?-6n7=1jUhS*u@-KLve5FE`?yylcavnb$F&1a zM=EB49ntja#d7~%*ig@%yr+Xn8{ zjA?98DkC(_IT8KJm$Y^jGar68s{!|p5*rq(4;2Na6Ex2$4J{Fzzl@ zVB405U48HsFbh5NQ;6Ff2HqW<*;fZFV0y# zt?C>V76wi=XgtNlA@iOmaxGe%)ixC6aj+*9WznwW?DlLCcmd&-K@4Dd*3?g;soKeY~(D z3tSR^!aDl6sj-;DtAPSPqe1r;k&@JLvX+6?TW*aJrEf>nBtXu+TbgREZ%kE63LvT! zpge3sn%M_4MiUO%+-mV`D-hi&{OrpWSF}k=!u1S+lx1f>$LT1m;0?tE>GA}MVd;ahvpUUKp4 zUv)LH&*D0l+>Xt{42#zB_oVSZDhGyB*jj$ct(BF$E$MD(2W4oo4x3YVwwjaBb{g+# z<@*g(CJvQhjm>Vb<(9B)HnOKNlfU&w&oFE#QmB)x@c5IFzT>MHa`zdQccHTCC7Axv6 zYTv=zOma}bs%c1m%G@CLX%&L}weGC^2Jtgfs=8 zsqHhj;;!v1){dP!ay0;Y8J>HR@Pr6hpk~0qHcEQnp3x;;Ih$J4iF6AF^#5%)+w2ti zq>+7OBjDC-9?wvG0Xpra-VD(s3|MUm0?s&kl>)2pZOWCKJ*mwCsx)?P?G4_cG~D07y7V?9kSF3*=Rn z2e#`8A#ZMzp&xxiSa<5Oxt|Wo0r|_@Bf!_M#V+qk&l*=8Z`Y}43B&L;(&0<4eYSn$ zri!4~;IW^8XU)?8GvFzi-SSVsbDlsX@IL|1U9q2l=k!rA9Zc27tE=+L1X4!gQk8gw z$eRbwm0)BKr5ilG;kMU^%O|DZu@jdFSF<*gMf;kd8oK_kqbhv`iRb2K*gcdlXTKG5 zIuH0SAf4_jm2hMI0gVSVdxOXo60ml%#fyH$pM++IZ?;gKl>wTB4%=6mOneOv1r zS~UAJ>)mHs`vjTSH>)3uBP)-e^Q!5%j!5hUYPY7*mn9s{mR0E_62(8h`B4&~^VOs5tDpv$vB7|a+ndDQ zhk`Y;F;@a=xz-|r_R^80>!G`9rtRU(yo1L-IFzH+h!i4mlU5kjEFbFgS1}ovUAMx3 zvBlusDK#(A+;hLsfMU&J#r9sHPqxmPPcl~XRWp6#IIV|b9Kil76_YuTy{Tt8T8DB0g)k4fsAs@|>TcLfqA1Q)?%5h^$Imp*Q%0*+kV& zSD#pLol76fULV)(R1DyI_6TMB%V%AhzZr98Y_kgcw@B*425KJulMe;YyawW~xyUO| z`IQesO0K@4AqXAJ90J^pu$or^ABva{HPS*Px5J%7C)Tg6-{?ctM*+Q7+N*csrxEf9 zSR#65moh7n=YW?o$I*(TE4e&{+SD1yxU{zVtexQ%F%7_C$B@nud#GNJ5n*d{5r zfH-Qwq*So+i_D2r9)*6_iVdzRAeaArn6>`DMzLh%94V_@emPl?=H*Ae7XlV&i!V75jMzmA~&=Dk& znT}5?>voC;jozh%>v1T&yrLbVfj$y=?V~TXElwt(LguNO(0VdPt>cGH#~X(DzvUac zos3FCR^gs};j$m4KYsB~MdJ#pn$93G2++I-C47xs>EU<}daZzmN!PIbHo0G3Xat!_ z?q1wGmFYv)7O9VZi)&C}c+qasOevS?ZpqVTU9LULS03(D2s+-2OoS#t9;}YZ z_4;_sPSIMm6TQh?CA`S&HsynC3EHI7_D)eoiC&M*B(0`hmo1IX-jnN0a08;__kc9| zpY#3=n9kn|)H0$naH4SWIalx7<9|U(^xUo&EgVE)7{szb=hrF)Ui(4*?B*Z8IjqWhMQASq54|}uO{lkpuJ9I9OBn?Np$KS4u|g4#5*WN zU@xG@3Ua3FwIAbspU_KG#^1n|Y)6k>-`h;=EeGQmJg;VMr=$E)(hu%c9HBP<7p1Zw z?E={dVj`D$hoRI-y0YI;Eo*yLv>Se^jdVNHcsGkq7ez_i;o|!sp4`qyt1G~l`*ZOz z!qTXA*&0}Tsd(Hc1P^Ez#HqUQW0bUoSsiK0%K*cKgXjdpW@}_S#*Tk7FNH#3f; zNYjyphT2TMM(I4n=`Ns~5$TuVzd8%fi>yJGrAo8<3kQxj5+Xz;W8J)F9VDC7&QjK< z%97%1?iVM>eEJV7>ME_585v*ysLnvi&Y)4Iy>4D5HQ2jLR+^y-^lIYgr9HC#mDTXa zpeA^gDsK#{TpM><8!6_U=>F3Cy!ZIbr6O}H2I=v11s+8gYY|%Y-lKe-V{(3WcIo~+ z!ftABZ-3ql;r`TlS$%hQ$-eYjc|U5mdFuYUI={yFepL9JvP&`Fg8`}CZqa_e{&BqqOVwf(?z-U4sa($^k>h=9Cl|%r3ZBl0 zV~2{r8e3$|9o1%c>CVmVm*KCj>-O7{x0J* zqz9TFfS_6d9{_mt=j2%=W*xxn{=11QMEs}RmAy*G9Wr^g7}QSoP5rA&g5~i>qT($m zIR>*T^L8cRaOzgL{cT;6C|)U!LPvKpS$|MNKvIK`9x%d7*_P4^`(s+|q_k(oj}M)G zN6JVkh_0ZNZu%?>Au*ot)I?|A9BkWNLyQ#$g=sON%3nH&{D+Ld5theXSkWPt$PX^}d&q&i zC>-Dd<+j<8L8A!TrP{;%hl;#n=2*OdwVgL-v(MS#WUTr!zYP_qB7rU~kE;2pi7}%) zAsYNJWF9rX3CRKb2)=nUZRR)&sXyEeDdOVeY&%rf3JSm zbU%GR+|I{*52G|k2wou2?m3adzeV(d1CLjXs#!kF?Pws(_EgS->Z~{PVKCeYe@JeB z!>6R531>%qbnbKZjzr1O&Iofu;ciEX7Da?HoiiBGu8Y(^L#ax5LQ&roF*iv8-+Xp}Cs_dN3eFdwq#@pRxu~x0U zz-|Q%?DE#ZE^Y;HIS*zk2)gXzyS1y@fU08N1T}m;PUCC1fau#W-GkX{z_-d!(j+FJ zw2%-x8SHa6{ngJkFEHC``4|Vq>p-hcX){j2BUixue)1~P$$CtZ;2X$#kuPM)mK8;4UV2FKrI=}wP*cX~p3&(u*;`V+56>Ooo*D`!<+1S&XXwgmr z=U#$nlTNALpnetMa%rXSfsL7vPh(|}QxoZ9G$?_1woCV+7%%q@9{&s+Soaf zL%@s7fPH#w#*eRu(jm`S;Z{Mv{Qxab_Y&^c0T3IvV{_`@<8?0To`G-TzYM5UjXuu~ zC9PsS5*>6+u_k~G43J%zw}hG+nxXL0sg@odmKpW}LicjodY^w%q5l|;QCg41Oqmny zf}Z!f)8=I@QXhqu&#%Ohy=*c*YdMN%v9L0*`EI||`ttF>w(N%&jfN*9$6g~){@W9E zq+bTx+1`UI=tO_n3Lx`d=A-x3yFtYh)DNV~6L?nni5>Fi>_GyZ`XF(8|(l#H;(c&ix^Q2Sd+a!oNfoE?^KJ7gk8b zIJ>y|`gw_lFEA*&gh2$yh{VfkATz3O+?ys?4ZbJ38**o)&BhrcQsaBWh>8Qf!yw|_ z07V6`NgZB%0LxAPNIWj8zsjXSJ$5vSVxzn-+?j~U8qx!lF1taM#PlHz z=Ik1=9kZE=&m*mun;K$yw$Xlbn=nfApcSt7M%4%{eu!Yr=rSA-;>E(n0aTJejvod2 z_JH;&Vf4F4+Nb>Us(k?S<^Dy1bIx7_IVfo;neT@QyC-w+s&ZY0zo zeaiBPx0f)eAf>$raRxT$E|86!fmVjiryEp~l2_FF?n-FvhT;irbCT^V{~qOj_{B2+ z{A62_dtVp*ccJtFESq$ggH5fpAx`dU+>2U; z!Ud@lp8Z*T;pT;J7_Xa%Nhp>YaD&+2<1_tt2;Js+!23-ZtU<1^`K_j6bJid zFJn!RK}1~uf55_NgGv9>?~IZ`Pm^h>qWX9m;O$DlRxA_iS_D?TkyEUsmjsLrWj9f411d~fD`>8XL4B#A)-9wT}5$X zaWqGt0kHcCa&^Df8K{F~=jbqoHJ9&2lb`2d%2I|e$LXFj+I^e%qX585t+penu>ZJm z(8C`Rk!0%DQ|)F-v)^xM9tJ3qNx&%?8TtQ#5mZ}}jDrv5cDO)OPfvrhlUT``@|7w) z@JW=EpH0&)2p}c|&-OK62Y*FPVwrfHIPLFiRrGv_@LJAHr9PL4k+UmLwK531uR-4Y z+9I&IK+gs zNv2*6Ll8{?-kwZ?C0^4LFH74Ct?nY$W?CYz*5!C;@GB{)fRMu8oZH@jDvRwMzl+;8 z!|JP_X66iN8_@DzTdLG+qb#zi#{{wco?88Au^`C#NCr}nc{5i$uC~evFkvN9?2m(w zy9eG>Z8WM*Xa&jX!B;O;SPT5+ebcV7-Etf*kqD(6pI|{Pu3qf~$E@j|AAa0i`t zBoW%6(rjOZL&|p~`NXdeWqOz46dJ*GM!MYj$G)sP{^vU^P{nGe8h`0DfU7P~1D&uR zyZj^{G%8p~uQYQ#(CI_LGI6+EtkIH6&PA*n!+i%9;+j59IxX3V zBbaM4H73iriA9?c;uq^eqQ`<;PORp|Sj7y?z#+ezZ_t`On~JgPGI}XY zcTGv|Y&%LwwZj}9LS%X2dGUO7>Lh1~L$Y})!@nQcX&{v3LSY`{x6GZu>qeV**MnqP z{S3>)8!@!7SY~6bUQOB_w~|kQAgbeuM$k~%IkG!;x*qe#b$-({qw8w;*-|1VIteC6 zi!mGD{?fcLO2)?2zR^K>2yz~x!s(8{#xuV71da2!8^pzx*3hYX=%iQ6&jZ!0cK4(Y z-hn7_f&a|bNb$e{La@0BxK^DAEgEn9s|eb>0PLLrTy_*yYVs=UAEJ{He=iQr>Mnte zvZIH!w9Jr<>xP1lcrfrAOcHyA!W+ znyB9vSot9AFpLt&;~MRA@isLdyO+a(7hfzCmmbn}U!Y&Dn^w%RrT+B!AwMr-%QhRb z?=95Dr%pZcmK#^%5bkg;x@0M*wcWR+K&5YIYS6xyCitVQvuP9f%jp2YhiOs*9e3(V z?2tUcZ+qARPwi1|@hK2B)dgV4M&2D4S`wUQ`5bbJ3F_&bpv{#xP}YV#P~1vb62X#O z8KZ}3np||=S^c8kcgK&5kS@B`c@>#cT0?L9%Y@o&n5yG zl!V4yulM|m(vS;C${|t>&PoRoM(ZD23b%SaTRSFoyYAyZ&y<~M#eN=dprmwYs%IwMm?MXZ^2T`3QX z>XGKd%TMEsk=*;as12Z-Jq^IpLs&vt20BVNU)NK=hjpl;j&ooOlkoFSh&o^eJ0vt* z5eVgv@jBOFek)*3zTC#|xDJ9#Ze13>t0m89qYpAUu>90G&@rj*N#dvku`LM@o6=p@ z^jDf7@jZxBe%ZB>oQQo+q7DWL#J`0W#3|){Edm`84wQi))n$4p*H_Ml=;PeS&uzg! z=P{@2;wgRWO)#^5cHCl9c;FjUJG@{TRuHO%z*Wwynr*K_-&hWyux@96ny~ zFXV?Fc=Pj1gOUi{hAmPSlYp>{ z*;M9D5LsX-ESXJ%Tk*s9D0(tU4)22r9HGF*(~RhLuZisH?MoIB7XkfK?Pb(pNXj0^ z%P!g}<R-B8kxnJ3b9LA7H+P!wjK88$ z)8^5z!^gDghFFBByTRe-YxiaPbxjl7tC;n}h&)Ha?Onrxa_lahYUvZ;gd`bZ7%2Re=IG#*FdJS!evL4jE}mLq_Zev;Smq(2cbjLI|(->x{1N zF#@Ar@dxO`$oAMQ_d~|yN~hU@<@Dln)YdZUz#zWH@eO9o^!=^X%$-|npr~9lAZV)t zbhnrnZW|F-qoZoLD#4!_K`SBQ;tpOy?mOaC7@)lyBZXGH(=qO)CDXVkooOey)((Ba zmrVWaqS_yv=j|FYM?zdUVSXym!_F#1WKmv`EAEwuU?$no1aslW2K{++WyTiJe~fq> zi#?>R8)vquiY*jw))1a}N5z2&Zbzy+G<+;50*em4k;Xg}L~!5_S4<6I2z+Qrl5BMR zvQ^3Hj`eyqOxMs8Xhwq*nkV-<5$)Kr53C7e%jWw{7q#*GgRKMeSlP9g;G~&ZT2~4d z)$#&~!Bpgh>S@g{w-xxy_Ur~3mpSuhzU?K{z_=V zq{^O#^A6W$O;iRCbjrmuurss|oa&Bf@4>FJ&AGV#b-or|YaFzjEOv{)rhni3;^? z+*IG>Vj?rRU(e2AHb#W4uoivy^;!HaDagJj)o+>mveb~=D#J5%F%;FRATHa0!ilx7 zeqI09*cZ}gaxP`M{lO&}Wj8y-o@L-dJKAFJ#yH~y;`PFGGJ1lT0b&Zr?pGoFUcW8x zcXH@DRdz1`x!2Yjsj76NOom+l15DT8122wW$tT%IGycyi%Iw||BWb=Cl{RD@xsee^ z>bsokUm9=rI`nou^DrH6i%itzEonX4wjdPLWa8bBcm$dUVf@*K zJpFvPka8{QI1>fYy$szw&G5yMeI0pl*c%__ObH^mS>wH?hffFG02-`7G>Y$5RY{}e z5mM=L9$hu0Oz>$%tTX+*!h(p>E;oAC=$%&UOTqn6GB8zO6Bv`)#!7@E%UKrd1}e~B zZoQ;0j>Aq->0_AtU1LgYKTm}PdBrd$r=u2kpbsy9m-fREa12iLUg#Q^Ux=&I^;a>CizAb%ztAm@Poti`~M+Zq%^XD&mU?T`*2MV|FxG zvKCa*euXFSBc8Tk?H%?ftBu6)qyr`t`58|7Qrec6%`g^)($ zBhi)~&5mZPWNJfITj#*I9mKaZnwG^9JQBoPBUM=SD!Uk+`$~6kjU#TI{idEl!rY#E zHYl6NLs-6K7;od5K7on50?K6CywI!yRKcKh#@UJ!P2qlU2+#%L9h!d$kW3U~Z8AK&03n3!e>GrV%Vq{wqdaiOf3u7Q3Yc%N`GKDzLhX4hfu~oS5 zf@_zf&=D;NaFWHU7LN>rjZ*M_w)|>S?lKQUetdPItQ^_%3ik#;yqQk;AWLMm+{J#z znY0mw;kGV_lY-^&R(H`^A6vtVlVw-iuZVXSly{b%_ial=P)nO}Mvb^&VZFoJIMg?Y zPoMgp;5~*tFdcJq42J8VHWNN(TJ?l9@Alyo*U@FxCs+_-`X9cq#zH`6Kp&zdXCu~< zl}0=n`~5Xl7Rt>zqHL-VUWR)3suFiQex*;d0dhUXccDkdNW0pF1^)5S$V9;;S+{e@ z=yoIB#_}ictWzgl>RsHN@1%)N zB4DF^0j}4~{f3Qjn0CwNeTg2-Fl{sBWH+MAmW6PJR*GmU&SEAQ8+2)=F@2M3+;tGd z28UEZ|EM2G+6*#|o>FH~mP@w; zLr(mIfK!b>MfPjoDQJD~RBEdlBKdboVlxZ4XVmJ%*mh$FCl~+_=Tm>C;en8pKubY# zUEMlag&*Y>6DIOreFce?G86-=Z6`Z+0t-b#)z& zhuMblT-OfP`6S5Jw#~0wiG@Kcwj9n?fe&>jeVqfm_$ul4Eun>zE)tsWq3>bM*0yNeD#_)t1W z_=iz|<^RJd$p0{k(GR0!t0a&wh+8Enkti3L>gifD4eh)j4D_C#(ZvdLvSdn;NBi>D z4+4=wG_NdR3x8x|*vmD8K%Ai6XP!j!{>(<&WxG4Jja2|LA-_o$aRWc=Gj9YJaS1@@ zZ=?@^T&(Gw&0crWwq5Cg5Vz4mRnO5mdVbzjb0^l+=YCh71a&)PP8o>o0xHVxaL076 zYq0uD-U+#Hx4W#)4o)Lzusana)HRQalI`T$?o(94JYk4D$D)`Zs~PCzpSh@Sb!;mD-sVFdFh0do!xA%<_Dx**a$ysGzPUYx{5)7H0pTi`Z~wrE8*FTc2z$m4 ziWDT6g(;%s1dl?G02PL9b2uqnv`xuGqSvQh3*bcU@Bf!V_@e$dg$S}~@u=w#OMy<2 zC^A>&ICIuTA9mfpYYmTwYd+VciALo_)rSKg9S*s76|rTssotw6G3<)(ie9I7bqQcd`sG>n|x7f{4__dYEWhsvkOzE zlWF!qe_J7XW<9BRN(8>HIlcekj$0NmH-Wq$@8v(iVTL`cGvX`RD*YEjSXa+My3-To~u|F&b@o>5|8xb4q&pTR6{kKxS}0U^ppsF7WwDQ1_U?Oc!C?<2P^VK>(kU`hAGIVmY(`%oU`MbVo;TA@L--fnazJ5XHQ0aji(tK~x zqSJ~BLp^G4CC4_Lx^yyqJm93v?APdFGZW9w{E9m`azZ2<#z4t z)gR8$*BNZ5Uq+Ca8O)KKjk0}dl~)8vw492h-fFM82Xd(7SJ+h3dk#<<^n}GL@9F~4 zF|#HD54~DbRYW83|(pTa`rRDYF|AlSYDnPmu)7xt1OYAi}&h|H~WTk0qw3*LbkFWy#6FCr!k38{N}{)qrL8pg`7Gp^9AJ^`pEFM}MP* z!Kw5J0wQ1`hw!+!Ln1gk?01V@#WLup!woyjawBlb3^#50sH|z;W+982o`|^6c*VEt zqhc4Lvp$l|S zD9+?RK;L^|#UAMa>$_0q7(!kdt{o1=n$DF#s32t2GpNKHwyYaFCGyE-|6;|;|BV&P zKUg6fu>A|ltAYvYbms33VjHzF!U_EmG{{2|#7n?xDObk{{rvdkL!3WgB1|xGagsI` ztYPi3NZs`-TP7R4Z&A!3N{M#n18aUIRd}q~p$nazcL&BIdCQRW@0!Z=|AQ6$*#BTf zVga<2IpThqbR!l0xe?*?GBTWgq}S3I#IoE+9EIoR1inJKwuk5`p>xUtyKw~r{-OqR z8$j+@WqKn}Q4+6~;hQgUBaWaZcU$~ti;_QjF#m)?&$aTPAk3vY2JKyOgmnVlqY9$X zaHKnbBUw5q6pN1x%wk9@f`wvzBIGQIvKVfBb|eQt-0?Lu?OuDSa?q=ujfW5ZRn_%O zRiX1gP7$hOMz0M{Wlw%wa1~uWub=LS6?;Fu8lkDP-sycl}fB8qTW0 z!9!-yj>Q?N7(G3t8ccacKXvQrfGnkSA0v2jDHoRxVLhBOMB$XSF z?878HZmfpn<{xV)5ZKC-i>CXeHRO^lvctyRFTwpnzczp=LixxFKK zI$zdBqFO;=nL3mt%ZrFm=*x4I!J~n`6v=_5{t)3>5N$>WTAGy1vn%V#u;!L;Nc# zsRy*-5o^HIsTapInxat-s$uwGdy7v?YA42(!qWRf+OSMoE6EM11NNSpsTdmXtFIwf zke)!7lQi%V1;mfu7`{HMO|gq$Wt=dt;Mmem37KCW2;OeV^&@|-E$j-%o2!x@@IhLtx;{b=M?S{TSGUm3=pvOXb+fXD(;O? zt>at>fksE_^6L}w_Zc5*N2|_G$#?~_HrFzvY_ylvg`BtGSmT64=?W_FJ?t8KL|2|8 zZgF?c0T~y+3Hd-kd`*YHa(8%;C7_B? zpm$t72Ec8`Siif1Y0!K3BLrfSK_#NdNEKlgT6lS1ZyjBoUb7*d<}EdLgB>wE?yn|W z8G2EnorJnyxVSpsr~x25C&buOsLv#P=Bd@+9NiM zL#2yMY|6lekT;m@*nv*wXx#v#BVBR?=!-g#i7$>j2Q=-;Qpv=IHJ_R(gX(DihW;gD zf6@n`VQne<4!Qujz|7UOFclA1cDzL;o^ywhh-UToa?3;?%Yi24pE40Eb0y4a2ayZ7 zsXjsgkqkg8^NmsA*oyN|=F*l$mcDZW(PSk3JG%I!dPVBZ=JtqVA4NBd3 z)Lj^qoVFNyA_SB$MNwE~EHVD%zq)+JE13Q>*gu(SXgxF$T=*Gh8(uy`G0LOWDXJ3@GL8+%_&5gUJLuTD(O>nRg6 zX~w7EnSkj47}Y^Qa$tQ3f{`A&^*~QB6;FP-z7%Q%;+qx znI4@~9D40&Zg`en@UCG@Wu$7-?Fbf9&dA@k)^A=4B&TcAX^qP$Df8RHP!#X$>cHJ) z`Md5^@sl7z07ET|X`}-O?pi9Jmvz6w68qM5;+ zp(Ie2*Ykv(qvZLhNoL*XpCdIb;70A66UZz(d>AadP(UvoG|ZT)W+4fW5IM(Fu+$h9 zxNq@P(OwJJAbJ|3LTyBkpg4bc)=iDt&BxTtNj7ve;A25TPbCW|5E8Xe5%lv0#Mk$_@E_K~~*I7{7FsZz3 zvMrewzD^ZkNy75Ch^Tw#UmV>GeJ<txu;qWjQ5j#eg5>t z7X)_szov0N7x1jZq>UohVPPxA;ojA4ej` z8G-j*q|E)qnH_xuQK|j=UyfUT;c*rR7{gidh@6K{BORH80AH}Q&-1DCitOq))ujH!8)`N@@W`YiGg{f5LYpN;k?N5U4c)#?2}rHEwiaHFGtSxwXfuWPAw4} zc-Dq84p}2lwW&Z_@1n;&_k?Y=k^&g1W=*Z;DVW123mCuO7`1O;r1b@%KFF>|H?|2& zR*ZcfxT=*Ii|6Bw|3jhrO7{T~tWGh5q>0xq^81Dd6B*dk&lPRO`_cIK$LB5`lfr`k zVklS$xM92VwaT`9NirO-R~a78jpFXTBJA3>YKh9(hUQ52-L3kk5NmAISil`U40T;* z`ZkVacI~NxB5cj%OK0HMuZ9E^7GHo+NRlbPP%6_)(*W|M1E~`RTy2!09T9-V0av8f z%r5l&;~{aJ>pt{Rm@$u{4pW6`OxILp3DE)h)I5d!3f{`jvol|b=JPXOC)Ts3GT<{| zKt{FQ$7a2DEWgFcHItMwR`&(T#Wk}W{bVN!pQS%2_Y;l^!nM8h{d>Bzr!Us>@RK38 z*Y$yh*3IrmNb%=yA(Mh6S-D?&)-MmL-?2Mal)9?+NVKSt9EqVN_V|zftt|wBx%BEn zu8bsj>yGbm>|Ryzv8{SHXOaR#he*|u0%#|b-ZK@F0yKW~oivcGG?1$<;v+~}Qa{7& zb|nSs*BHN_GH|{+3k*7#PDNS>+=-o0o$x5q;t~g$n;T9~k7Wd+)bhLU@?SgEu zW%9;r9_4#yfxOS>Gl5IiV~fSf3ln=XlZCn`N)_%esE;v=YP0B6^aExuudludtcH$e z+soe*We2Ejkc|07qNKYHZUYQR-R?fBr5zSFs(wqB;1lIHK~9NAS|tOG&lZ=TXOr)Z z17TV4tEK2WpK}62-k6o%wm*4yp8IvnDP*0K^N7g>)3xSh1&EO=N{P zjk%!<*!MbV0*0C^&)NWHE^f2qD)Gl<)1HCPv3X!*y;tGFAHg8C{aK|CQY)sh)gZCk z%C;1$(w~sUF;p0Exsk_h7~*+4jYkz0Z@LUY6#%nMLc^+d2n-mV5CpEeha^1^IC!4g z;7aM0jA1fYc?>Qd^Wjmdf02|yx?ptW82ql;0Iz@1CFfk<*usjZXAllyr$iJE7ICyT z*0_Fg!d?_uYR8yzq0u+t#p%xqpb!9&6o{Bj(+?-%Zup;Eor%%7?|Qm|#ZqRE$=jrn z5c-Vuw3SFy%=H2?>#2r5j^&V9b2(I?6}2I02ku`59z-4ASh%A(p55)5DzevQzC*Vk z@`!eHR5+w3ogm*=PFKOW@2BQ%v+ zVCX&p*+PGkO^VYe=q5!r;LnMjBF}CP~RtVxS0&r&0e?M|5UA3aq%K&#{teAp+I1 zrlP%T;c$dtP%m|eIBb}bqsbt#K4ZZKQ!P?0sHH0?%`NJBBI;CH8YR_inN_2&gOh}?lzJGF`dSIPX>4yEI!>+hLWS#1MJh^ZpXBv0J zJ~XSBXg~hQW=M~1@&j!cjmboc7c;yk;9uW35H~gQX54zR0iiI-X<;!GIUHAW|HX1N z2+52=WPo2e1^aRlW87IZCpC%~G(7@Bh}q)y;7y&o-U7|J5PZ#ydW>j1k@`eAnPR{` zO5*b5$J61}<$wNmet34$EL?(HnPKeB!)Fy-u~0|!i_gQ;tItCC9f}l?L$sML#@?M9 zcMX7EtOp_w?l&+-9-;i)#M%Gw?SbQL^B;Ly;71>qAk=YvbJ2f?A#U?6_UQS(D*i(; z7LEmnOUAIx7QWwiJa9&Nz(V~P;M3dlaE{o{K?%rRmFQ$;^%t>c5aUt^Y>gqy+m4+^}@0~yI?RQgjF0NB5%SZBZ=x2N`8?$Nv1gSdMi=O zP19oR&1T;-ZzYW@&%e;Uq_Mm&cQa`!^4BkSH|e04m+>fKaL}-hgR6N^k_a?RIh!z| zKsw(kq(I0FRs34ZU?4d^)jEYOEok~g)T^YI^~{8&Ma^v4eaRY5r%q6PpWD2QgS-`z z+{?)Q#77P00TYa{%|#4#IjK_TB8EG45q^i)4t$A{M~^zULyb;kvSMVcu^RD#O%R|Jg~$mB5#b@ zqXq@^H<*9FH9J)R$?vmfri<+G^H1RvA*;zvy{nhMTkph)=x_Qn5mFwcBxhB>% zJDUvRbQu@jzliSc@6hu?%T+#`zEn0g2B)^|@km(@ zTIM$-ibi7rcpe5W`hvoM&5#MUiFOu0(@{3!0SovuTP$#baEnd7QN;g=0g{&g#dWxt zZZRL6He2kA_;;UvdB4rBAb=VEy9>ey;0bP}vbPg{Jir#@bdBFcE^y}tW0#!Ke0vx# z5Z&axO`;QUZReUvP{7)C&18Gw?_8(z7?VGJZ|aE=IreUET|}Kvr1!mhmmOXF%n-z7 z8b(iS(~Yq*kmF~R!2mA_Kt^pGc9x@a7LGfC2O?*cz#=K|R9ON6u4X~lo_sF?7*M1{ ztAPUroiUhf6ge}P<#Kr=@9u?4_4z!5#7``0h%KCj0pw>WfKT2jUQLYP1}__mhkw*DWkZrqXXJI-RfV*j6#qE zh>3u+f~!sn00UX01Hfh+NMwL!hQf24m_*k$KRESq@uXllJ02AhM+a#^cKYMQ8%=b~ zEvYU{KCeWCGbo|q<~H}^n&lmu0i+@>5E5EMgcOgaq8bsd0zZxEo0}(XOmx0HbGp1A z>YxiZ9tV;XbLL_gC=aQ^10HV*F8!iq+O2i-cAifBzX3i~aMaeu6qrgKH+#Uvg z>L!Mq%w@kMf;8JGl4>^dDQFHu#$w*{d_K5piL5Fk+oMTGL-cZWb>@LZ z4zI6}(k3B47uSWKZWzlTZfP`<3ABld+DoQceWdB;n{0AdR8tqNo(Uv6HzL-N3l{g8 zI4rYR5@+oQ!k2sBmuBIZVs`5eqb9RXj2nb0hq0nzU5k<-5Xv1nL44~*pbJ^jmu!^^ z_$q@^x}JcvMtp*cpspt%5`ml1N%+X7P*X)NP`O>56zuZh^aTF?KBnND#?bR9f`~6= z-n6m!oJjk!+exG?If+G^90E7pZ9vbYqR@RiM3*?Q&ytI&*L7Hjm93qF`U^UvC)bSY z^LfSjTvOHhY`#95ug~V|v-$dLzCN3mOR+wiSF6SDY+higtk31^b9s>z>vOrCBG%{f z*KjUZYu@FeBv0%`$KX0Lpd&3Tw?Jq^Sf5)B=hlp_`aZj^lwl#WQZkdJYa^k&PG4T| zC1W!M^hz?~ODi@S#O!q~dt?4fulhlmMHg-~_2SqVO}3i#KLl)@K!TCUDP-MFFmw<{ zWBABF-noP1d|6-V;uleR4)-V6o~{*^!NDyh@?TdcZv4K>gM1#c;l$<3-M_M*=a3Zo z^!um|QX+Q?#X-V&5JT%LTo$BI0qd$D&2{(ci-MF({^Dwa{2sGjbB2N;|Fz3T z)ipKKLa*)1nhJaMMx_+@W!jLoIJ%{($*M$5YK4u9>BD^Yv#IM{jLfvL6VB#4Hy%LB zdOJigmJ7&0{=Jxuow+-p`tSqv3U0>}^BAf`pDE_W29fDy*hD=8oF-%AcLQo_Bl7D7 zGPRffwSt%0YvA_*SZbw@HAv|iq_nE_zClW@2JRY|wB^oz9$-?dzFvcozGyJg)*Q69 zwl=wE+n!K{ND7krY2>Bns$S@)rHBd^hjF?b>hXL&&D# z7-FD*g1}Yqh|K30slEuv!2uft_TM$x znF8lt*PqR5rBmB>{Mp3WzE^3F+g`Y1x0J<;+gtBT2fE_Zo>AlWdXiHJCLAQAxHC5p znZMMM0?xh#dkqqMWMV+%qFryJIfG(~RWS^#``Q_YMEQKd{{nc**@N zpk(+Tc7eyevgby@O=&y3^uy%8ZSvUR&s%mB&YmLgZZc=zN8HlkcHtH~4MyASkgpq; z@CD#A01h!{+#q%br(>|2Zap_TV22lnM;}iH``f#3-n@Ow{x?4( z;`;xiAKq}wN;wZ=_*Q&)9FFdx&^4VbQ%{ihVN1FnoH^|Yd51&xhxIG&ID&0Q(82lUCMaHDO}pBKqN9j#J+ zwu|`32$RpLkczMo(foF*6{CWrr>@{#on-oT`JyzZK4Cl{9|M~7D@#|PLUCDg$#be(a&L0rSOXZ#s% zLXIVuh+e*V`JSmSHj}FH*Un--QLkJZxD*`x;LSLbLSP&s%HRLP=|vXnD0jqr_ihW0 z9*{*mcgOI%?|gw@!rNPZj5{Le3CULg$P>`?yIW579V62cMhh`@z&F{{C=pvUXZ~dS zZkv9~4uu2yn6UwyKFJrk(MMmO^O1lL$for-*;$|`Qd>uta2(! zk=jCaM(heM52nehc(Ja@i(7I3s0vHR&Es{?U1g`D3cA*5){b zZHUPil84``eiFZ!`hj>A)9^^{L9~8M!?8=t#JfbJ^cSua@GD;{-pQe+ElUSlAEbBO zBjI<__fvhtfz!_~uvYVjl;2Vt;1Bd2yrn&gGbL#R_7L^*5YId?cKDazNa3BLHfeH$ zZR4i14aX7q4I0;*$h0mWGf;r9Y+BDYVc;LJ4r-E6?@0+#jbw<>n*wx4{3B7CLKx^` z=J7#Bi#>Lg{uZ9-vkhtv3U-)wCRjDCy_0JnhUe6o9ZlTPeY}|J%?q#3NPLy@V<5;9 zfCX_|@(xUn&<6l9M&Z&i9cXFrpE)zcUBdizVyc*^2q{ZABon3+_GsTr^HxZ%fU)YX zq34peOFDy=uj6p)c!54a<+?VeZ{&ziJ%1pd+V;bd<7>@gv9Dts9PALRKiCDRCaV}J z7-~chC_jR58vq@x0kjd4rn#EoCV}irz6YS&pZ-ETM5+Ue%7)%qaKoH;Ld2UAd-ygx zy`}AXOI;hF^Fo4-fFsv`pw8sh)9D4Mm4Aq%TPL6EANUktUi<|Rx|;BpCZRuOKX5Z2 z*5kSQ1omgit|mdGUY1ke(A)w0P)t)`BFcYx|A)aCuBn?EZ*}zN^iDQsGvEATZGPnjT_FZ>YM$?Jz_{5F~rLZ54qTj}5lWW~^?e3cZ#4Svxm zXFB^Ze6;CJr;9m`Nf3)G+0`$&-shMTfe)FcItz!$(NDq`vOH*E1;)4J@!s^BxRcLI z>)tHx^tP(ATMr@j%JC z1Co$%gIVM~K>nHRp&e@9-M$lR_pHg$f0jG-YuiXNSkxheeoVKH#TcJ(7{8su@(NIn%0PimfDWK(uoqxVMIbeSQ%h#K~i)p(cAUXE| zFVQnTNe$OG3G`6il48w<{R`19pZ-k#j#smE0UZI-q5GhaOVh&XBFK=FMc{L*TX3DG zmEm1ecp*<_5x6}spTRUKM)5?Na>0p>c}mhf480>Npz}To9=s?F(60rt3NS_`E7`V- z#$x8VAGmtNfFNenSOqpndz#Yngpvkyia2oC;n64M)QMsB45Xj#=8583(5pozE8QzV z7doR6bOnw;;2Cx$zE^w$PjMFL~6=2(|w`2V}OxJW&yIIf(NXjeDR!bY_U!_ zS)58K^KRvq{vq#{SW(h0nCNR^4V1|V8|@dw5muVSchz68eZwcP_V8&keHy@D8_CzH zb!_@1|42Qdw7C%msW0SU;@|x1|8`^`v-pw^F8JdA`&0TAzOn}Bn%ejm@eOfImP4Vo z#I!lrViD-0EqQiAk4y|%AZzPSm#OanIeZc-_0Fy{=oR{wZJN$gk z#DTyCYlD9cp=aFi0?^eIHUXXCeD6m5M$g3b7rwk5hmGF@%M*d2rL6 zD)*Bk=|L>qrB%PtGWirPA{lX;?sZk&8Mg5N7YB5CWeBO!m9u>b8KTVgeM66=jWha; z8-%c_oMSRP$dGLoqvL{+tNZ9S-7j2o9xT&P)I5o))5=)u+$dKI5<6gfCPu(40k{80 z53c#12=g1Yt9S!n*@V6ZZup!7ZzOr2!$;jh?);84FW>3FAOaD$Z%1In|27Z4P0#nY+9Xlz)!f7m*8V z16QT%0PZuoSKaB1>y%c>Qd2_6DvgA<)G!=X!rK9zuf5Sg@~jS$X*s25?1xW34?iA% zum5%U>65w7$n%$rzHbn5pY;f;b8wm@Isi-P;rG_W&>>hriB>*QQSy@)+{bW!;KLtQ z0l0`1_mwx~OUB1^2!1d4FS-uJ&1)8p-^HaCah{&RCKkN$Q_IO0cXTv`(Wx&p$)M!N zP=2`aLJahWC@Y-pnOUSxVo7_2>VR8^AAIL7H6NTDac+?X+z`hH4f8hZFG-q}?ver9 z7!0P)7m5xakUI{5A-TSNcQ7Y3G4&+)0tT?&_~G3k_Wt4W^=1E?>CHxR=us5PL^}x{ zesQ9daC9kS>NEX9sbpcwh$%>Dejzd{fB5`ae#FQn0ukX(lomn0Z6U0)gS>;a_x}(}oK( z`CO73C^7>gv-4JaStFd*C9Wh3fWNrOT}kQRl`FEWQMi@iCy!&-cfeJOS9GWJ8DH;x z=Sf}MVX+A9)yk&9Obf@d(F^>md26D^nrtq6tysIgTe=CYx*Dz3X1qY>MAGJvKB#IF z%zf>%gCd`Rp|cLyKEar#v<-Ko@L^hM^3yDvWE3-&RS7+x6IqUFD-yG_fHTDx7#v1(`+kHY$=osHJLHbyI*m4^CmE-KQbc6iJRNP@a4 zdJV5bIMrM^<;(Om6r?kgvkvWag9-8M?3UTFrbJph z<4?b!Py8F={s7MXvjtvSi!5BtFf@<*RQ@(w&5Y|Tvnu1-^hH_5HL2i?>YJ*AefeGS zgb(L<=f)3j()Yxqft|TKo#D;S&Top1?fJ}q`)Th(vLd9ktmSnVcSx=)I#0ZQlf5Fr z(I^^KCt1me`hZV?*@7=!$=^hiuQ+@AXP*3+c+S4{b^a|l(~H-1)fG)>NZ_FG{Mgq{ zV-STt9Db@7`;9S?+XNTx2raUKk^jWeJ0 z2I5D&%^iqe5U~sCZw9>k2M)Y$bT;9xqleUI4483lMdPm+@boMj7kLUt7z8W=wP4&Q zfS8O*ZBdx84A`=3oZuK}BHgDUtc0f!uP_NX1j9gYA=uoq@x_eK61oUL8R9JCqrW zEU^*oIBiMPf+Mauf_1puZ9r+Lul95!wdm^*uG@g$TA#WJ1vcjnwp?J-6I$VgB&8t} z*z;t7XFn7JP;0hmc^EgQHrfXT|Kthilurz2fex<8LJ`Ab>6feNBHQrL(d)!im z%oNwdo3vvUqrb)Y8F3ERcF;ka!nk@5=IXJ-t-xUDT5b;NFr=(ljO~PbX$bC&1sT34 zs6Z-U>p*9~=vW<1TnN;N@G|4j#}tt{)Y=xG8}BT@6sohSIpe7pcv#&+WDsfl+?1=t z<2&v^(TtT0DfWu4LL%x%%o#>8^l%{YB^zPFw?z7(>*++A&E)zt+gcG-O7j}dA;j(O zi57vZp0sX(8*h9P2cKvV6A{eqiEOf;@zd7F$XiizL@?zgcR^`3RK%G4;EI?h(}z;c zK{&WF)EVAlpMzr;A_CZ^MwcHnE?o+1huI*f$$Qb_8*Ogp#ZRlB4=8X&D39PrSvOv~ z*&OIs7P#&>RspFH{Bz^p!m0S)qij8ltmli{78@_3Bz;e+BSVI&ndL29xRZv3QVl`# z;UV{&vSzbi6pcDa`$cp;ai@Mb!hoBr@ZJqX^r-lTiLbcu@Etdxq(#X8r>q%MmXx3l znPZ2(=frMol#n3#9D0Hpuo9&4p8L2X1R-8U666liQrs$5iq8D}fuiis zUij7WU3I3j`K6|fW#U9G-*&-gd#-B058+cjHQ`X|W5siHHYY{mW!@r0WhD`?S`yr{ zTT$Wp3OE}Gh6akEWG6DoQ!-UROShDbCp?Z9d^vK&N5Y-B%}x{F-?g0L;+bpV{4-^i zgtv3bDdAj=uWNR>*i@mjT|V#7tIC%h?=C={z`e}QTXYlP-;$q!6YxLy=BPf=M?^~2 zqSXtB&fGI8MsN4^X(uQ20Rt|HH3%1H8S#V)y5JrDH^(G=nBh=v^XV?kKS-tz3X$O+ z_wx37F=HZZY*=#$84buFuD>!z1%th<*wcyMtIQHR+9Z%pUVPGo0}0B5zYA5#KOy$Y z-RE8VkG=dy`??5H#|6=dvJ<5sg!8;FUp&#Bo4QF8OAMq!-iN~9a8GXX^j|zloE=zLo z0-eDB3?xH?80mw>A?b^I$^>Vtka<1p*7-8LcOO-RJ+6o1JxqEFWL7PH1>^STAm&Po zZ!yaAfE|bD;e03#)`@D1NEax29K_-p1F%NLuLTONJC+T{0ZtAFviL5iI>pWbJ0cIm z50JPj#nZkn2#*h9^5mm9N0pKKy-7u^r~x4S;kj_zU>wSOb+y8CS-;uHK1i1LKwNI} zf8iESQOsyie-X6uKV4#S2lzaNLALe`>PJqd0HGxfSjb2&jE;Vh`DI`P0v z1}Tfb6LRoPnhyGO_2_24Ztj2mjXKmx#tRe%yZce1l#JTaWrVDB)^sPq$`1*t9702y z(Io4jyc>#pp{f&-gqC+ZHxMe~#1n`u7`P+&#~n>VwgI(15TD&2Z@l|e>O8}$()@*% zsHdg2)m&r=J~BxnoDak_Puv#?oq{8d_CyZaKx48fq)}YC=a5VJ#^iX@R9y+rp;)9D$1`PeI-v{5#KU@lO zu_3G)v!gw8<`YZ_#9v@KQKQNrN3SKIKg~@YkW3LtijE3D=W?f#aH2HuO{#x@i37GX zcIJ+S+7>q#l6(I9*o)A@ev*DHAqZ9*1HWv2_Pv0O-3L8+C!J+Z3|MwDJ$&+I7D4lv z^+UGlVk7`Qg*Hid`;IovbED&h+pKi$6F~tS#qrZFa4wc(B2Uj z85@HQ(`y_2)5nQ7n#dHxn2nzxK5hhVOv(x6150af5eP2WrWR6(w|{~Z#5@2Tb&ecb z3*zX%#rSF(sxTfInW>0kd_tn&Jb-S6h6(E7441CFf&~!7Gz)2Ko|zy4$}>P11#+5%Cr9CqWkE$w=#fEHruCPdr2Tp16HTKE(w412%mc@PAXCkaieU zuna5akm7$u$T4S(!KaL(9QCG?hwU0yiSw|Z;>Ej@a%;8y$mZ9arwcqOvdIGmg4n*#e;d|MC_AsU@0fdu#u`SgYF=JcYx zWjN^JC7j56E#w@sV8xLqG3w;Ya^DiEt{d~wY=FNPY??ZC8_HRtS%Ml9r@;AJ0Wu`M&|mQVA=86QvLr>#^XqLk328Q>Hpw7Dc&3HOkJDxL(Z@ZiSr0X8K< zyh!9k!03(m6z3;T+UW*fY9BSqr3QYbP9g`DDMA-;RN>+5%M7|?Gk{DF*yAw7NdYZi z3rEK_IR@Wn7!r*dz?L!$NC;uOPEmlv=}uvrYMa#o;`g@q_rWy2LsdtqqHOQm9NPoI zjzD49(UoBo(6V<%a_uTqh-ikX zZc}X56N?Udr2%fsmFZ8@F!KE!I1t=M;>UKgm{n7X9_*t zI1dAN19pv#BiwUOFVx&Rz12QMI6z30nR^f5Eb=IiP-Ge=(DD(X8wpQ-44#;aaNO>4 z@!&=C1&sl`=$6|OpIl$OEN)~~(q)i&!x)ZI&^kt^Tmw@w zJ}28+a(yX=?MQS<%IA>H_~yoBi5kkUDEa?Sy#PnxkC8KSFH-sar+o9e!;veI;`sKF zyuqyxh(e^abfqCQSqIsGL;gRdv_K4EFdbx@z68x2sl+qoCoA#Lwuq!AAarr6#0&%{ zOEN+565f!M0fHZuT|#8&A{e5Mib%MdDT-7LZ(Ey<0w@{X27+_AS>QysIK$W!|NG7j z5H)tJWiA@)@i3W>oH}hJq0`l3l*Up^STu2aE&SXxUucJL^!Vy}Cyk;Y)Z}xyCW- zx|j<5OSrWhLE7mZPAUwmLZ^|Ky^)Khd1OwE*%(p3@EYG7m=`6zWi`dq4VGfJ@qUAa zvN$9|K2RebM7&b86*V-j&WN4_1dtT7GX==ykYa_qGcLu76%VDsV#SB~Y&Myw24|piPLG_DP&lR7E?{dVH%s8w zn)rK_$hAq&^#@%mY4(6!D@m;+c&%h^dGuO2T-8=sf?umtvMhjYis-69*rudg9>dnO z4)lUzYm%cC7+ZrxZz_RoP29ADWLwQn0hX=C61uF;guNy%o6!o9emG%;0pXi4oI`v% zR&BOv5YtjmGA-eUaLXWD!%8bQ&Ed`0Md}(Ze-ouq(KMnpQ+RI+uP6(5hC!;@Is-1-u*z~%;*!UZ-rxim1ax!Ko_44fRA8$ttH4ArjC zfeYGS1|GPe$>s2Y3mRP>Ah@96*N+gaY^k0hg41++#RyK5?jIyr&GVIk2~I};OTY=v zajSrWjo-Xbq~N?PYpCFIs9>qFHCAvNkg3YIR|70qt!x%>!6ogtfEQfSdJBNTWvw?y z46fEl8tPKl_8K&}yBVOGtUnKQPmtAYD5TXcaBwBL0_0#T!3wa0?P!*b^J=1b_+UG# zM*QF!bWI4tm6Qu1glo<6qE>2Zp;Js@i_u*HDs0ymC9uMkEL7kM+cB_47H$DqSh+dt z!Skk!k2)JjM*zLbfNzS>E3@}%Li9?yr5L?RSym{$1x>DDdJABBrM^}Jr#HE!F9hn% z8173z^=d}!8G0c=dBTP_eTGTg@EL=Z2xQ}@B@uAL=g3!IogJQ@|915G{EGj3a{1f& z;n~SoUo`=HwMii62IN$6NZ0(@xHIryDE~8I6-)9)u;NrNuQptZ@WewzC<8#m$)=Xr02K%6CJ2|+B$%hp~f z2ys^W3KZg;(qAbKaaJuAIKVlzymlmD!?5WYs5#4l0gO1;EA`=svs8-kh;yV?9+9|A zGCGb`$n@$!iOV!%MkTJ$&>EMxa@IBkjLRy%{sC_d$lD$uZ-q{emPF*OXnv(2dDU%p zSD3u{aJo0vsJw@Zc_;&JM>%NGHxzg(9w@T+wMX(O2Xq3{9#K7Q^pTtJS50&<)LDov z0YsG^q(R4h5Ye);AV(k)+q@kj3XfgH8psG>3yOi=`<7gjO5Qk_LVwOz0ta zO(DlW9jl}{H+frcV)0ZO6uX zA^`)Y4>5@9LCuH>s1h&~sl@FzqdP+!gQ~Z%UBx5%U{r5qtu9XHdqOcWh=+IP>;at8 z#svoeQus1+??#A|5-C6wvQniI`6_f5@0j(AB(@{>&g19SC-zsdz8|p5lOIoqSC{{Z zX2xut;Q-jQ zumoseHSf!$8GHOtJuhrteC^S7!y^EJO`QD?-yS&5HveH4zU%O@%;%3wgHz3iEpp?` z1q8RmJfd@nb63XGOa&Dc@&%8W;5rN~5o&5&-c(Evm1@epS=`BUiO>#yG?fvyZ)CU> zuA_1+9jM<1dvbhxp?F00{sA)&c3}$hLm@%|(OyrTqMK$zvFJM4sI1y&d@X>CVqDN4 zJ^&@TJ@dL^lYbY$h8rca%@eXF2!p6OcQqg z5B@Eip>Gu=RQ6>!Fk;&h4e)TPZf-q_KcZ>^;v%0v|C@aIH{$9yfbZITkI%=9x1r3a zY~u&)&$|U(Ai|o()xafRiuvmIguW6AcNTXBk^BbmRWQYtpE@I2BYjRwxj(!ZPki#= z3{h?DE)3OvpWdS%!{FUq23PZMVcGzEAJ76FctR+`MB_s#gruzp2oPhCR35mGs$oEL zPGHsnGQii_n+jlSjZqBv01j0FLQe8-!BrH@U4ek-;dM2%1E6noH6`D>c~X*4h7L&X z08_Ar04HuDH{SUKA%=noq3C84MZ4uo#UgT(=nRK#jKjy^5W>pOASYhr&u`F85%VE# ziBAjuJlwN|Y=3umSB-#zel4AjxSS6si#gE!i{s6IkR74U#D*#%y#RKP+QgxRX&T}UDY22Y1NJT4c)wvRL*Rhz{hRp4zzzJ# zH${K=6pUi6WQsDuaij~EKFoBn;o#OKUly(%0nG5IOnJoXsVo_{Fp-y;Gv_5 zJGy7kx1@Loq`F0ehkuzW?;)1Nse^ufU}(zltOPI;oBV9xMjjz^B?uxJI;9gKeQYYp zrcndVwjhdTD_N98(HQEl&PTE}bYJKrbJ$$5N*~GeS-RB6Fw^g4r9Kj+v{MbkG)Q}? zhG7(>m2wyck=|66!!WYbPCbljehTVg=sdMk5TmHYrWG-Y+FOB=82Wmx*Tj&Y+myvH z_guO`Vp6%w*#7G-jiJ=qs5XXawJB}5rQ#Uo#+z5iFt@i%c?@%l%hty*xBA)(WGJZ{ zR>-g!rQMXsC}@6(8W{yGE>$F>pv|SLWE8Z!N@X%y8nE9Mop%}*%CH%+T~*2`BCt%U zjG{J|tCdmI>hi@hidue+)iMgkZr|lHGK71rmyw~}Tfq!HZ#J%Rx@dhI_@cz*4)2!a%uN=ch9ofv}TFAO{X=|Y&)OU ztgaPLs5LU(UPi64`7XdF3dd?^XcKQ=LegzsEzg*BTaTH3(r)YX^qTT+b2s?xxvPO` z=KV`32bO17)dMqs^+F4R8H8C^1S_uymRv! zw=PmOy@J9>R-zRYMzSPosEkyDYQ8d(C0S!>q#A@xrI9R1cUq6An!a6aCOb7)RcNvq z=@m7S?6@hZkyOn?MUf;s4%S7IS}2mF-5!*KxW>6Y=@P{?9azvRjB7S-q!ho^#7FA@ zuKD3^2jH4-pa64+orjS4Bar83P8`b!YP4|4I>SIvwcYEPB`QIE5%}bWck{8o0;D8{ zJQ9Aw@#b7F!f`ux12BjSV1JU^RwM3DPPTfuKe^V8z&|?PPb$#Bt~E6`svFdYpAw-I zR>%}4QOc7Y+K_!KO1gAI89`PDtw=on{S)(D=Rr6&_={rr-}p{&zXhK?DU5_9Q}*VG zdSgH{Vd_Zl8+C>7RbxDp%t_c{GfIO2axTQ?!k;R7TgGD^p*!PW*&fV1$$w?%!5Pe^ zZy@m3xpyg8Pi50iT#1?kehewC%%OOkc#z8y@V}?n&K*5>!zX-J{r>m7mZ7LOw?*8I(pjYKxJ?!P zzQ%2;UU`;HU8@b;l;dEH+_XG$QDC8FE)zL-zD}o!kFuW;#$r(}l`8#X4q)*>(lKj{5190l8 zY95M|heE#xASkeszh<4^=j zPeVjBz;G6Q-^BRF#SE+}H+fC`LZ>nP@!HJeXt_uwwUY3KDs?ex&x-uM zJ~!GWr^b)oo_;M`ho`g+CE+N-TioW@O=8^9TID*UNg6I^n|*SFyLnQvN-f?_;%@lZ+=?quOWKlas+g2fH>@<`S~|$JY|BY&PFu#x?YR<*u0Y#H ztFDgHi+rOAh>O)CD$@?seA6#*n|M;K)_{azg`ScSKolIYGv0b%IN$tyC|9x6vYzcT z<77{0;owf8-hM`upo_$f`9_xr8~@%5AW}csB#+3UNJyH5gdm3b4LzDoO+*K(Hp0c@ z;%OM=nuUntb_XzaGxTAgWj0*!a?z}pb?8%(X>XQYN5rpG@W_J%P|lY4Fv;#nG?w}* zYg9<2Yv}89{lO$0T^Tl+sKp`*7<8y$X^s&MP(a|xBLJqYVJC4(16PN0`^yAfZ|Dm~ zeQuHAfOyu*!!imZI5VW%!}G)h{Ct9;jHQ%-2WypdV~m$`5f3N~wuwF=*{g@JVQ6bM z*BK^sLVzsPFe}++j>)kL07L??ne&i9;H6YmPq8O=5r}q(fReI!1Nj#Ti-z|gEMtTP z9uZc*1JKP0H?f%!YPymgG;~h`!3SU5$X@ouC(%NHR{?XWq4h>z$mLy&Xh_4WG8Ix! z?pBh|p%-$GaqB-xbyVNbx0#g3)VK6R6aw@(Z<`@3IhbX68knCDIY{O&fkKLTc`T7i&W4#9I`$;nuWqAmJ!#sj^Kjj#R(*P6)1_ik zo)6CwJ+V)jE5n)$+GEO7Qstjo9(f+88Qf1^+1- zTjitcE!H-X86Hd9dZK_OK`h)sf&SqH&B#+mcmm*`Y=D2$ov&-)f zk7!@YnX1Yn$7iyA^9Di@(rVO$6Y|xVh?2@aHPvFO5D?p^JyhT!B;4Z(OD4J}`zU^= z?V!%g!}Oo*E-F(n;U}NWsy4bf`GlV~Z?aF^Ne1KxU>-}kh!xms-c}UDN=`~zA*|df zuATB%DU}-_UsI&&6})=eb-63#T`P4}$al*HuB`n#)u5E}nA}Ers|4u0vb0sPrj{>g zRaBQpod|7eT3M^Ow4&9H=KJ7(vg4DB%afzStCM3{{R9BKucrdSb$pXA(sV7uYrKFz zMniwFu%(~eCu3v$ zb7OPVqvWV5sQZ?N=>9JfM4&Hh zcR@~Kyc?C)2+>`YUCAR48{2IO(B0T}b3AurbIZWF8yj2}&E42&H(>5bz)$~Z?jMXo zH^g$c7@yrhxtm*G0?FOn;8H;D<|dcMaW^;nJTUIhFj5<%xLb_Xu0Y%i+Fu64y`ahE zAlwTYT^_-`pyB5NaQ{$a)Yb)X|JrOa^^D)1rrRrgdzy4_=Dn?N7Z*cEE#gL23PaRv+CyW~7za}m=`BqV9wp5KxJ3_wgx(?gXOTpL79qO#% zHI+ZB41KR2t#;8hE6EjrYg!3b0Iq3A(}1m6gJ>RG(~hbUTC)aS6SQU}Wjka`J1(q{ zEvt3WDb}aO7_Y$9w9`ciu4W|*6|kCi46I=_TY%L}?QpHaS4ulaTtuXHt0ELj12?UM zSXT2@2w$nj<;py2VMz;u$q+^y=ZYaOHC9z-Ds~DV}A3XPQN93Li;CM73>p9*b zYDxVu$xPuu;7{l|QNj%WH3uTq1MgaJk1l}533W_z&yE>EqsW2%c>{Lw4Z{Nz$-V&> zPa8$MOfgJTDoxjLgOEXH5-CqIolj0gz{SSP17H@xaKzRqO1CM7KZ}TT*}_>Ez!j-V z^B2X=#=6r2V@JhN5e;DJ-Vc-C=1zl*8ua zsJ?jM95afnK`lMQ=43f20

U$jZamlu1U(&J{AfIs}_CjhLZpDm1hPuc@3*4N+^d zir2X*$F0dSU;x0%^{O2N7N?PHfNJYZHni+O*A5)~h~CK=mReIhgyg00dH|Z!Y+n z_C%!^SEVcouz;H{yNu zYDL~518s3RDoV8^y&+WKVd7SrZmJRcE`Y-uKcgT5lZ-99q|Zoubi>0Jce+%=qjoH- z$;h#qs^+ORnOaLzF`{NRh>s+y`v9Z5ud8{#)?>Z1oa9+4RSA83xs+l&*hygcW=gDP zTDE6u5^^I^oNb4~GpK*24o~VrE*UPSBtPxlT8l>FfBclI@hj62G3cL;OgKg3ux!ms z4p$>MqLxkREOGmp&5yElU7Jqg#QaFml$OCKa0B4FJaU5g){UYBicJQfrq_S5JETb1 zcP$MaDyB>S8{T4F*eOCOh=G+`bcp#h%#>UUk``-qE}87|4ee`;N%y(=03E}>mi>@7QX$uDWerr`JyVT0@}gCkr^yqEX$q@QEwi-T zBGpJ_tkJ}M)uSbC5ueNcL)VYIL8=;>@#9VQrduUdqzc zntT>3vwRUwFTl9nSoG(!S*98f4Xx6GwXYkCG_}gFkTt3=3D0MV>g#fkR;Y0db#H+- zw$@hPP!o~I$#l6~K!zs{;jw$mpBy)}+TN0bRZdlG%}b#2-sqQ)K()}`NaJsCCl;*%8 z{_kv8Z~7Ln&Gx7IN4^4NOAa7>{opGn!m9JdU5yz0%E?~8Coe6gQwM@i668j1mcV5O zhpj8bA$gs8)r1Y00D6nc{7SEs@)!-A*Gv4Yy1qOWIlR#lN41_{C}i5 z5gkE+HNU|&{oBnG-v*cJmp?)LVusF68QrP#WqGn00{_AOoaVtWI?ThPY~mCxa=xA^ueOc;k~G6knaOl=nqyr0~s6W)6w za5+2jvJ7KsAt!b>X(+f47-jSuq*VMi=Q{S684Q2@F#YvC9|MLVuoti55STdputzEY z9LKohuGh(#dLMa^S^qv1top#FUa)}M=+rSx$Kz5kBalm|rH7=^M&QYJ6iRymWfKU} z@}109QVI6@OYCSucj~|nU;6-Me<)t z)P%xPL=`Ys3Y)48$WlZ_V6PMs>Ia*ph&v6XrI5oSn3l3OC16Q;qpc&h$T1?$ylbqM z9_{8(a2{i3s>{7KhgvoWIe?d!nOF|+L_yHgF*WQ>77S{*(?~m+% z*l00lgYgF2V1wKJYe|8)!mB#LE=83~Yy+GG6Yo}DEW*Jn9*rpaVEhD&+X(q!-Zap*2AK6|297%utqmTAgaT`=;t7vJ@PFICagE1~Yvnc7)FG3E&_HH#wuZk279P zbNE8u9;>(!z*wG*ojDn_UVKI+E-4~JoCE1xeRcMp@_#tldum^BE1@eTRkA%F;3OKF zK#mI!Poi1F*-3n3ePT+pVmu~go3uC_iC6N?n+`D9udK!6*N^wE5-x-JEU&U7N!VoI~WHB{`~G)JiAPt#6Ty zze89wm?|^?A>A<@Inr0H>yuR%D425CNyH%Ww?YuY{3$4Wt7<+0a#F$EYrHCKh=vkC{^DTvv7~ag7 ziC_BVZeiz0Mu>7agK#4+Cfs6WLm^hq739RrmDO8Xrk{t@YC^>w)QC8&@0Wt-E7C}( z;HckC`n*is@`i0zS%X~0hgIO8c4V-DPXb$-!7YbGLP!>Np~0v_zFe+PWDN#cK0a(o zF-{m&r1~$MFUespmgIS>kOix*1$3^AAP=^6wNZnrAfM$)c%vTWK>1KM+w51fOfN*; a@UX!!V%6!Sl1eJ6JX@}g9jD3w0uBJDpW3Sc literal 0 HcmV?d00001 diff --git a/stacks/privatebin/tiers.tf b/stacks/privatebin/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/privatebin/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/real-estate-crawler/tiers.tf b/stacks/real-estate-crawler/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/real-estate-crawler/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/reloader/tiers.tf b/stacks/reloader/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/reloader/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/resume/tiers.tf b/stacks/resume/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/resume/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/send/tiers.tf b/stacks/send/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/send/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/shadowsocks/tiers.tf b/stacks/shadowsocks/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/shadowsocks/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/speedtest/tiers.tf b/stacks/speedtest/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/speedtest/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/tandoor/tiers.tf b/stacks/tandoor/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/tandoor/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/tor-proxy/tiers.tf b/stacks/tor-proxy/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/tor-proxy/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/travel_blog/tiers.tf b/stacks/travel_blog/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/travel_blog/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/tuya-bridge/tiers.tf b/stacks/tuya-bridge/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/tuya-bridge/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/url/tiers.tf b/stacks/url/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/url/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/wealthfolio/tiers.tf b/stacks/wealthfolio/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/wealthfolio/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/webhook_handler/tiers.tf b/stacks/webhook_handler/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/webhook_handler/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +} diff --git a/stacks/whisper/tiers.tf b/stacks/whisper/tiers.tf new file mode 100644 index 00000000..eb0f8083 --- /dev/null +++ b/stacks/whisper/tiers.tf @@ -0,0 +1,10 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +locals { + tiers = { + core = "0-core" + cluster = "1-cluster" + gpu = "2-gpu" + edge = "3-edge" + aux = "4-aux" + } +}