From 8c7d8ee34f3f0cdca5f36983eea38f68cdd0abc0 Mon Sep 17 00:00:00 2001
From: nblock <nblock@users.noreply.github.com>
Date: Thu, 10 Oct 2024 15:24:04 +0200
Subject: [PATCH] Restructure headscale documentation (#2163)

* Setup mkdocs-redirects

* Restructure existing documentation

* Move client OS support into the documentation

* Move existing Client OS support table into its own documentation page
* Link from README.md to the rendered documentation
* Document minimum Tailscale client version

* Reuse CONTRIBUTING.md" in the documentation

* Include "CONTRIBUTING.md" from the repository root
* Update FAQ and index page and link to the contributing docs

* Add configuration reference

* Add a getting started page and explain the first steps with headscale

* Use the existing "Using headscale" sections and combine them into a
  single getting started guide with a little bit more explanation.
* Explain how to get help from the command line client.
* Remove duplicated sections from existing installation guides

* Document requirements and assumptions

* Document packages provided by the community

* Move deb install guide to official releases

* Move manual install guide to official releases

* Move container documentation to setup section

* Move sealos documentation to cloud install page

* Move OpenBSD docs to build from source

* Simplify DNS documentation

* Add sponsor page

* Add releases page

* Add features page

* Add help page

* Add upgrading page

* Adjust mkdocs nav

* Update wording

Use the term headscale for the project, Headscale on the beginning of a
sentence and `headscale` when refering to the CLI.

* Welcome to headscale

* Link to existing documentation in the FAQ

* Remove the goal header and use the text as opener

* Indent code block in OIDC

* Make a few pages linter compatible

Also update ignored files for prettier

* Recommend HTTPS on port 443

Fixes: #2164

* Use hosts in acl documentation

thx @efficacy38 for noticing this

Ref: #1863

* Use mkdocs-macros to set headscale version once
---
 .prettierignore                               |   6 +-
 README.md                                     |  26 +--
 config-example.yaml                           |   4 +-
 docs/about/clients.md                         |  15 ++
 docs/about/contributing.md                    |   3 +
 docs/{ => about}/faq.md                       |  31 ++-
 docs/about/features.md                        |  31 +++
 docs/about/help.md                            |  11 +
 docs/about/releases.md                        |  10 +
 docs/about/sponsor.md                         |   4 +
 docs/dns-records.md                           |  92 --------
 docs/images/headscale-sealos-grpc-url.png     | Bin 35911 -> 0 bytes
 docs/images/headscale-sealos-url.png          | Bin 36024 -> 0 bytes
 docs/index.md                                 |  13 +-
 docs/{ => ref}/acls.md                        |   6 +-
 docs/ref/configuration.md                     |  39 ++++
 docs/ref/dns.md                               |  80 +++++++
 docs/{ => ref}/exit-node.md                   |   0
 docs/{ => ref/integration}/reverse-proxy.md   |   6 +-
 docs/{ => ref/integration}/web-ui.md          |   6 +-
 docs/{ => ref}/oidc.md                        |  27 ++-
 docs/ref/remote-cli.md                        |  98 +++++++++
 docs/{ => ref}/tls.md                         |   2 +-
 docs/remote-cli.md                            | 100 ---------
 docs/requirements.txt                         |   3 +
 docs/running-headscale-linux-manual.md        | 163 --------------
 docs/running-headscale-linux.md               |  97 ---------
 docs/running-headscale-openbsd.md             | 202 ------------------
 docs/running-headscale-sealos.md              | 136 ------------
 docs/setup/install/cloud.md                   |  25 +++
 docs/setup/install/community.md               |  55 +++++
 .../install/container.md}                     |  81 ++++---
 docs/setup/install/official.md                | 117 ++++++++++
 docs/setup/install/source.md                  |  63 ++++++
 docs/setup/requirements.md                    |  28 +++
 docs/setup/upgrade.md                         |  10 +
 .../connect/android.md}                       |   4 +-
 .../connect/apple.md}                         |   4 +-
 .../connect/windows.md}                       |   6 +-
 docs/usage/getting-started.md                 | 132 ++++++++++++
 mkdocs.yml                                    |  73 +++++--
 41 files changed, 867 insertions(+), 942 deletions(-)
 create mode 100644 docs/about/clients.md
 create mode 100644 docs/about/contributing.md
 rename docs/{ => about}/faq.md (51%)
 create mode 100644 docs/about/features.md
 create mode 100644 docs/about/help.md
 create mode 100644 docs/about/releases.md
 create mode 100644 docs/about/sponsor.md
 delete mode 100644 docs/dns-records.md
 delete mode 100644 docs/images/headscale-sealos-grpc-url.png
 delete mode 100644 docs/images/headscale-sealos-url.png
 rename docs/{ => ref}/acls.md (98%)
 create mode 100644 docs/ref/configuration.md
 create mode 100644 docs/ref/dns.md
 rename docs/{ => ref}/exit-node.md (100%)
 rename docs/{ => ref/integration}/reverse-proxy.md (96%)
 rename docs/{ => ref/integration}/web-ui.md (88%)
 rename docs/{ => ref}/oidc.md (92%)
 create mode 100644 docs/ref/remote-cli.md
 rename docs/{ => ref}/tls.md (98%)
 delete mode 100644 docs/remote-cli.md
 delete mode 100644 docs/running-headscale-linux-manual.md
 delete mode 100644 docs/running-headscale-linux.md
 delete mode 100644 docs/running-headscale-openbsd.md
 delete mode 100644 docs/running-headscale-sealos.md
 create mode 100644 docs/setup/install/cloud.md
 create mode 100644 docs/setup/install/community.md
 rename docs/{running-headscale-container.md => setup/install/container.md} (64%)
 create mode 100644 docs/setup/install/official.md
 create mode 100644 docs/setup/install/source.md
 create mode 100644 docs/setup/requirements.md
 create mode 100644 docs/setup/upgrade.md
 rename docs/{android-client.md => usage/connect/android.md} (96%)
 rename docs/{apple-client.md => usage/connect/apple.md} (98%)
 rename docs/{windows-client.md => usage/connect/windows.md} (95%)
 create mode 100644 docs/usage/getting-started.md

diff --git a/.prettierignore b/.prettierignore
index d455d02cc1..4b873f4915 100644
--- a/.prettierignore
+++ b/.prettierignore
@@ -1,6 +1,2 @@
 .github/workflows/test-integration-v2*
-docs/dns-records.md
-docs/running-headscale-container.md
-docs/running-headscale-linux-manual.md
-docs/running-headscale-linux.md
-docs/running-headscale-openbsd.md
+docs/about/features.md
diff --git a/README.md b/README.md
index ff44e8e466..2994bd2dd3 100644
--- a/README.md
+++ b/README.md
@@ -46,31 +46,11 @@ buttons available in the repo.
 
 ## Features
 
-- Full "base" support of Tailscale's features
-- Configurable DNS
-  - [Split DNS](https://tailscale.com/kb/1054/dns/#using-dns-settings-in-the-admin-console)
-- Node registration
-  - Single-Sign-On (via Open ID Connect)
-  - Pre authenticated key
-- Taildrop (File Sharing)
-- [Access control lists](https://tailscale.com/kb/1018/acls/)
-- [MagicDNS](https://tailscale.com/kb/1081/magicdns)
-- Dual stack (IPv4 and IPv6)
-- Routing advertising (including exit nodes)
-- Ephemeral nodes
-- Embedded [DERP server](https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp)
+Please see ["Features" in the documentation](https://headscale.net/about/features/).
 
 ## Client OS support
 
-| OS      | Supports headscale                                                                                 |
-| ------- | -------------------------------------------------------------------------------------------------- |
-| Linux   | Yes                                                                                                |
-| OpenBSD | Yes                                                                                                |
-| FreeBSD | Yes                                                                                                |
-| Windows | Yes (see [docs](./docs/windows-client.md) and `/windows` on your headscale for more information)   |
-| Android | Yes (see [docs](./docs/android-client.md))                                                         |
-| macOS   | Yes (see [docs](./docs/apple-client.md#macos) and `/apple` on your headscale for more information) |
-| iOS     | Yes (see [docs](./docs/apple-client.md#ios) and `/apple` on your headscale for more information)   |
+Please see ["Client and operating system support" in the documentation](https://headscale.net/about/clients/).
 
 ## Running headscale
 
@@ -99,7 +79,7 @@ Please read the [CONTRIBUTING.md](./CONTRIBUTING.md) file.
 ### Requirements
 
 To contribute to headscale you would need the latest version of [Go](https://golang.org)
-and [Buf](https://buf.build)(Protobuf generator).
+and [Buf](https://buf.build) (Protobuf generator).
 
 We recommend using [Nix](https://nixos.org/) to setup a development environment. This can
 be done with `nix develop`, which will install the tools and give you a shell.
diff --git a/config-example.yaml b/config-example.yaml
index 5b757bc959..2632555d2b 100644
--- a/config-example.yaml
+++ b/config-example.yaml
@@ -209,7 +209,7 @@ tls_letsencrypt_cache_dir: /var/lib/headscale/cache
 
 # Type of ACME challenge to use, currently supported types:
 # HTTP-01 or TLS-ALPN-01
-# See [docs/tls.md](docs/tls.md) for more information
+# See: docs/ref/tls.md for more information
 tls_letsencrypt_challenge_type: HTTP-01
 # When HTTP-01 challenge is chosen, letsencrypt must set up a
 # verification endpoint, and it will be listening on:
@@ -297,7 +297,7 @@ dns:
 
   # Extra DNS records
   # so far only A-records are supported (on the tailscale side)
-  # See https://github.com/juanfont/headscale/blob/main/docs/dns-records.md#Limitations
+  # See: docs/ref/dns.md
   extra_records: []
   #   - name: "grafana.myvpn.example.com"
   #     type: "A"
diff --git a/docs/about/clients.md b/docs/about/clients.md
new file mode 100644
index 0000000000..eafb2946be
--- /dev/null
+++ b/docs/about/clients.md
@@ -0,0 +1,15 @@
+# Client and operating system support
+
+We aim to support the [**last 10 releases** of the Tailscale client](https://tailscale.com/changelog#client) on all
+provided operating systems and platforms. Some platforms might require additional configuration to connect with
+headscale.
+
+| OS      | Supports headscale                                                                                    |
+| ------- | ----------------------------------------------------------------------------------------------------- |
+| Linux   | Yes                                                                                                   |
+| OpenBSD | Yes                                                                                                   |
+| FreeBSD | Yes                                                                                                   |
+| Windows | Yes (see [docs](../usage/connect/windows.md) and `/windows` on your headscale for more information)   |
+| Android | Yes (see [docs](../usage/connect/android.md))                                                         |
+| macOS   | Yes (see [docs](../usage/connect/apple.md#macos) and `/apple` on your headscale for more information) |
+| iOS     | Yes (see [docs](../usage/connect/apple.md#ios) and `/apple` on your headscale for more information)   |
diff --git a/docs/about/contributing.md b/docs/about/contributing.md
new file mode 100644
index 0000000000..4eeeef13ce
--- /dev/null
+++ b/docs/about/contributing.md
@@ -0,0 +1,3 @@
+{%
+    include-markdown "../../CONTRIBUTING.md"
+%}
diff --git a/docs/faq.md b/docs/about/faq.md
similarity index 51%
rename from docs/faq.md
rename to docs/about/faq.md
index 2a45996737..139e0117ff 100644
--- a/docs/faq.md
+++ b/docs/about/faq.md
@@ -1,15 +1,10 @@
----
-hide:
-  - navigation
----
-
 # Frequently Asked Questions
 
 ## What is the design goal of headscale?
 
-`headscale` aims to implement a self-hosted, open source alternative to the [Tailscale](https://tailscale.com/)
+Headscale aims to implement a self-hosted, open source alternative to the [Tailscale](https://tailscale.com/)
 control server.
-`headscale`'s goal is to provide self-hosters and hobbyists with an open-source
+Headscale's goal is to provide self-hosters and hobbyists with an open-source
 server they can use for their projects and labs.
 It implements a narrow scope, a _single_ Tailnet, suitable for a personal use, or a small
 open-source organisation.
@@ -19,9 +14,7 @@ open-source organisation.
 Headscale is "Open Source, acknowledged contribution", this means that any
 contribution will have to be discussed with the Maintainers before being submitted.
 
-Headscale is open to code contributions for bug fixes without discussion.
-
-If you find mistakes in the documentation, please also submit a fix to the documentation.
+Please see [Contributing](contributing.md) for more information.
 
 ## Why is 'acknowledged contribution' the chosen model?
 
@@ -39,18 +32,22 @@ Please be aware that there are a number of reasons why we might not accept speci
 - Given that we are reverse-engineering Tailscale to satisfy our own curiosity, we might be interested in implementing the feature ourselves.
 - You are not sending unit and integration tests with it.
 
-## Do you support Y method of deploying Headscale?
+## Do you support Y method of deploying headscale?
 
-We currently support deploying `headscale` using our binaries and the DEB packages. Both can be found in the
-[GitHub releases page](https://github.com/juanfont/headscale/releases).
+We currently support deploying headscale using our binaries and the DEB packages. Visit our [installation guide using
+official releases](../setup/install/official.md) for more information.
 
-In addition to that, there are semi-official RPM packages by the Fedora infra team https://copr.fedorainfracloud.org/coprs/jonathanspw/headscale/
+In addition to that, you may use packages provided by the community or from distributions. Learn more in the
+[installation guide using community packages](../setup/install/community.md).
 
-For convenience, we also build Docker images with `headscale`. But **please be aware that we don't officially support deploying `headscale` using Docker**. We have a [Discord channel](https://discord.com/channels/896711691637780480/1070619770942148618) where you can ask for Docker-specific help to the community.
+For convenience, we also [build Docker images with headscale](../setup/install/container.md). But **please be aware that
+we don't officially support deploying headscale using Docker**. We have a [Discord
+channel](https://discord.com/channels/896711691637780480/1070619770942148618) where you can ask for Docker-specific help
+to the community.
 
-## Why is my reverse proxy not working with Headscale?
+## Why is my reverse proxy not working with headscale?
 
-We don't know. We don't use reverse proxies with `headscale` ourselves, so we don't have any experience with them. We have [community documentation](https://headscale.net/reverse-proxy/) on how to configure various reverse proxies, and a dedicated [Discord channel](https://discord.com/channels/896711691637780480/1070619818346164324) where you can ask for help to the community.
+We don't know. We don't use reverse proxies with headscale ourselves, so we don't have any experience with them. We have [community documentation](../ref/integration/reverse-proxy.md) on how to configure various reverse proxies, and a dedicated [Discord channel](https://discord.com/channels/896711691637780480/1070619818346164324) where you can ask for help to the community.
 
 ## Can I use headscale and tailscale on the same machine?
 
diff --git a/docs/about/features.md b/docs/about/features.md
new file mode 100644
index 0000000000..80e94874c1
--- /dev/null
+++ b/docs/about/features.md
@@ -0,0 +1,31 @@
+# Features
+
+Headscale aims to implement a self-hosted, open source alternative to the Tailscale control server. Headscale's goal is
+to provide self-hosters and hobbyists with an open-source server they can use for their projects and labs. This page
+provides on overview of headscale's feature and compatibility with the Tailscale control server:
+
+- [x] Full "base" support of Tailscale's features
+- [x] Node registration
+    - [x] Interactive
+    - [x] Pre authenticated key
+- [x] [DNS](https://tailscale.com/kb/1054/dns)
+    - [x] [MagicDNS](https://tailscale.com/kb/1081/magicdns)
+    - [x] [Global and restricted nameservers (split DNS)](https://tailscale.com/kb/1054/dns#nameservers)
+    - [x] [search domains](https://tailscale.com/kb/1054/dns#search-domains)
+    - [x] [Extra DNS records (headscale only)](../ref/dns.md#setting-custom-dns-records)
+- [x] [Taildrop (File Sharing)](https://tailscale.com/kb/1106/taildrop)
+- [x] Routing advertising (including exit nodes)
+- [x] Dual stack (IPv4 and IPv6)
+- [x] Ephemeral nodes
+- [x] Embedded [DERP server](https://tailscale.com/kb/1232/derp-servers)
+- [x] Access control lists ([GitHub label "policy"](https://github.com/juanfont/headscale/labels/policy%20%F0%9F%93%9D))
+    - [x] ACL management via API
+    - [x] `autogroup:internet`
+    - [ ] `autogroup:self`
+    - [ ] `autogroup:member`
+* [ ] Node registration using Single-Sign-On (OpenID Connect) ([GitHub label "OIDC"](https://github.com/juanfont/headscale/labels/OIDC))
+    - [x] Basic registration
+    - [ ] Dynamic ACL support
+    - [ ] OIDC groups cannot be used in ACLs
+- [ ] [Funnel](https://tailscale.com/kb/1223/funnel) ([#1040](https://github.com/juanfont/headscale/issues/1040))
+- [ ] [Serve](https://tailscale.com/kb/1312/serve) ([#1234](https://github.com/juanfont/headscale/issues/1921))
diff --git a/docs/about/help.md b/docs/about/help.md
new file mode 100644
index 0000000000..71f47071ee
--- /dev/null
+++ b/docs/about/help.md
@@ -0,0 +1,11 @@
+# Getting help
+
+Join our Discord server for announcements and community support:
+
+- [announcements](https://discord.com/channels/896711691637780480/896711692120129538)
+- [general](https://discord.com/channels/896711691637780480/896711692120129540)
+- [docker-issues](https://discord.com/channels/896711691637780480/1070619770942148618)
+- [reverse-proxy-issues](https://discord.com/channels/896711691637780480/1070619818346164324)
+- [web-interfaces](https://discord.com/channels/896711691637780480/1105842846386356294)
+
+Please report bugs via [GitHub issues](https://github.com/juanfont/headscale/issues)
diff --git a/docs/about/releases.md b/docs/about/releases.md
new file mode 100644
index 0000000000..718c0f5398
--- /dev/null
+++ b/docs/about/releases.md
@@ -0,0 +1,10 @@
+# Releases
+
+All headscale releases are available on the [GitHub release page](https://github.com/juanfont/headscale/releases). Those
+releases are available as binaries for various platforms and architectures, packages for Debian based systems and source
+code archives. Container images are available on [Docker Hub](https://hub.docker.com/r/headscale/headscale).
+
+An Atom/RSS feed of headscale releases is available [here](https://github.com/juanfont/headscale/releases.atom).
+
+Join the ["announcements" channel on Discord](https://discord.com/channels/896711691637780480/896711692120129538) for
+news about headscale.
diff --git a/docs/about/sponsor.md b/docs/about/sponsor.md
new file mode 100644
index 0000000000..3fdb8e4b59
--- /dev/null
+++ b/docs/about/sponsor.md
@@ -0,0 +1,4 @@
+# Sponsor
+
+If you like to support the development of headscale, please consider a donation via
+[ko-fi.com/headscale](https://ko-fi.com/headscale). Thank you!
diff --git a/docs/dns-records.md b/docs/dns-records.md
deleted file mode 100644
index 6c8fc42a9b..0000000000
--- a/docs/dns-records.md
+++ /dev/null
@@ -1,92 +0,0 @@
-# Setting custom DNS records
-
-!!! warning "Community documentation"
-
-    This page is not actively maintained by the headscale authors and is
-    written by community members. It is _not_ verified by `headscale` developers.
-
-    **It might be outdated and it might miss necessary steps**.
-
-## Goal
-
-This documentation has the goal of showing how a user can set custom DNS records with `headscale`s magic dns.
-An example use case is to serve apps on the same host via a reverse proxy like NGINX, in this case a Prometheus monitoring stack. This allows to nicely access the service with "http://grafana.myvpn.example.com" instead of the hostname and portnum combination "http://hostname-in-magic-dns.myvpn.example.com:3000".
-
-## Setup
-
-### 1. Change the configuration
-
-1. Change the `config.yaml` to contain the desired records like so:
-
-    ```yaml
-    dns:
-      ...
-      extra_records:
-        - name: "prometheus.myvpn.example.com"
-          type: "A"
-          value: "100.64.0.3"
-
-        - name: "grafana.myvpn.example.com"
-          type: "A"
-          value: "100.64.0.3"
-      ...
-    ```
-
-1. Restart your headscale instance.
-
-    !!! warning
-
-        Beware of the limitations listed later on!
-
-### 2. Verify that the records are set
-
-You can use a DNS querying tool of your choice on one of your hosts to verify that your newly set records are actually available in MagicDNS, here we used [`dig`](https://man.archlinux.org/man/dig.1.en):
-
-```
-$ dig grafana.myvpn.example.com
-
-; <<>> DiG 9.18.10 <<>> grafana.myvpn.example.com
-;; global options: +cmd
-;; Got answer:
-;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44054
-;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
-
-;; OPT PSEUDOSECTION:
-; EDNS: version: 0, flags:; udp: 65494
-;; QUESTION SECTION:
-;grafana.myvpn.example.com.         IN      A
-
-;; ANSWER SECTION:
-grafana.myvpn.example.com.  593     IN      A       100.64.0.3
-
-;; Query time: 0 msec
-;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
-;; WHEN: Sat Dec 31 11:46:55 CET 2022
-;; MSG SIZE  rcvd: 66
-```
-
-### 3. Optional: Setup the reverse proxy
-
-The motivating example here was to be able to access internal monitoring services on the same host without specifying a port:
-
-```
-server {
-    listen 80;
-    listen [::]:80;
-
-    server_name grafana.myvpn.example.com;
-
-    location / {
-        proxy_pass http://localhost:3000;
-        proxy_set_header Host $http_host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-
-}
-```
-
-## Limitations
-
-[Not all types of records are supported](https://github.com/tailscale/tailscale/blob/6edf357b96b28ee1be659a70232c0135b2ffedfd/ipn/ipnlocal/local.go#L2989-L3007), especially no CNAME records.
diff --git a/docs/images/headscale-sealos-grpc-url.png b/docs/images/headscale-sealos-grpc-url.png
deleted file mode 100644
index 1b0df4f3fd2cfd085830c56c90bb70de02fdc648..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 35911
zcmb@ucU)87vNs$=MMXgoL8K{F=^dr2C`gwcS|FiG?=6s^(z{5Lt`rdn5PCE8(2KOt
zn{+~lP(piy=XdTY_q@;NzVCDQAMCv{vu1tQtl2ZG%qIA)irlRm4{iVefLro!Ua12B
zq(A_GSm+ut;TO)*&u4_&Ws4WeF93j|NYWGV6+)TFSzYcWprD6th4B3Tt&-;J!$Z8D
zsom1T@sZHW-96mQ;`Zj&_VMw_-u~hF`T5G?@h<KFyL7U=aJ;{dUs*U_T{+&}#jjzH
zSC)@AHjXzpkGJ=5$>~2nIE{$pZyp@rH@EQ1OUJ8=CtF*119OL!we`*I-Sy3_<<&Ko
zCtOy}-uUAaFW=Cq#cltv=)%&ft)0D+il3P|1#=5aMwU)>O>JMZ@+yAT%M@*5MkhXh
zNdsHEE-tNZb@Vi~c76<w`dQx`mz*&*GnbI|eb))PQ&aB<{fINM4UbNonOo@T8-xc$
zSU7kNU`AcM{eKM(5B%OXvvVh)7#*K-_X)Cd^9lYG-`UgOQomM|y}W;Lh;Hv5pPKDy
z+sH-~=cO&Sb@p~I9h{w=nbq#(BFpBdj`E8u+q?TJ3s!3@RzkeS-&Sl1Kb4SEP{}DM
z1?q!3XSVYTi$~_S$JUN=3d;Q5M|Eqq_qD<ETSvJCWrxq?I=g#gf~LO4&MwU1c7q~Q
z2XNc#n`OEAzp>jzKf2yLkKhFW9s=ZFz0mX+TbnRceK3CMJy`ptOZ3@$SKa&~KdN5|
zrNSXXmK+Mfj9y8PANk!!?ZVH`>5Q*lAq~Nl^h$N_P7Kmeb&-7jiRb}7z61c&A!aB6
zfcMC&008(F0MPgV0Jx1IG=d-kJO>j0jo>E?09>>F2jRas|4#TX&i^bTwWyZRk_7Us
z3mG>A0BlW^@^oQWLx)~m2LQeZ08t(Y1gW$;u2su|fB;^OcXZS}r^Ik_RujN1#^X9V
ziovK_r&(_zK)p9LX*PnCjeyQrH#8gJLuP%zeF;#1$=AZKtb|~-q5q8Y0@j}%{T=5;
z&;F&Wer5mM@xQVCy$}DWbfJ`glrEIx|9`0ws()88nERg<{s#gc*N9Jl){4fiAGF>V
zrII?_*gb3Y*`Oq|irv7H!+xNSKiZ3=Om5`Sfu#+-h6Kx(Km0y6latD=s+o(v1vudW
zpV}2lv`*Fdt5zaR_i0HK(Ss`2vPl`&{I_P0veQ91gXY>Su^j>*FxS5o+br`)?|mpc
z1bcw4T8<@)Sy(OwTWHN~ke0{x=<yDjDEX{ZAd<dEH~LIlPPF8$t4h~(PRjDOke?pg
z8;PG<sVmwqp7-B;U|B7BY-n9sxW1M>?=~by3piA6tkz4-tKPcK*qBmcW}dX<?^>eW
znQJ5Jx4V=UGB8`7ZP9>jS}<et9-ayq>sm}>z<UpEUp{@<vOoANbe#7F_Tcoa-K1CH
zcUYM^f6E!~Nd#(|p;m#ja60cqE04T)$n&gzeSUp&p7ZnKPip#Gbub5{qf@15(Od>W
z4QycgPRI6GckpSs*yk9TL&u$BB*VUoRL!Vu?TltvW3_0RfxZAj(K@AJZ841wZ!_s(
z2rWax@6Khk4q1kK2bFEt<x4AML10@uMnz?HbB4gWJalH624cE-#7j_cRiLFayg@-c
z_-Hs99%ku$I=?5<@@#XloiER#shU1|YThA~-*c{n03`rC86w{4hl4TroDCu2QEEWO
zNuzoFryvo8k;QIgb@zAU^8{oMIs4h^123s%mZFO2dGKVAyjz(YOyD})8TW*IVNIGQ
zkw0R3<Usx>O<`qac=$@xXdbAw<wyxg9X(PjJ+aEGTto~w32nsZdb=L%qCpIU1Dw=>
zu1^9ovX|t}6~XiyGA`mLUX4)Jmfz==z(VxM;}|xuVJEX^>F!+Tj3`9u#vHE^e;rqK
zJpGWR(hl#l(=Ru_%SO0D)*&K@0U-SZqusHq8v|g*hY>>^eysS8cEPFY$YFsQJV`!l
zd?Mq1K8{KADPxO8Y3I?|!t0<F4-thN7LV4nIMP}w9z_(e$#YodoF6TZpE=A%PL0Mp
zsi&=hpdK#XZZ$i6h`In&4SL7Hk^(b%%4ifpmN!?)ov+QY{$g%-(R@L`Yp+nj+I)9z
zczOcA|11qWS>VlGRtF!?U6N_#B(qxJwQwvZ@zLyTO=@bbj#Y5%8C{uAdCH3*v8>h@
zllN+O#TJN*K4?P2XL%4h`r)AbF-BD?(E+Ql;UgH_cX2D&$39Ks4#rXpDu?MWeJgSP
zHZP*bTXKEqfxAYV^>~FmujChMO#8cEEQsi*RfjNf&_dKSEvjKjC;GRYDf!@dcg-6W
z?QGcy1p9WW&|S>r7laZl@;>~o?!oL;06Y|#YPZ(Mcr92pJn;tB?b;lc!EHB*X4iY{
z>@)Y7ZW<$IdUy8Jktvc#>e)?xukbm1%i>{R_gZ31Xo=18V!JPLLnRRow3^G}La=-7
zn9!m8Z}UXkpwA9xE57lU9Muey>vHWkMs8@|uiNujeuwT+E4LWEdSk)HyZ<_P%Clh6
zd0@8@D%@fRpPP1-TJieCjhR}=s&W)}r8O3>W8V_UTT(jRMn*Vlw&LzfgCYYr<Lru;
zaO}EC3C^AG9J7S(VTPVo`3R?d;jt~nFfv%1xV>if=^1Qu+0#+@-c<dT)^<h;K@vPp
zP4s@672)3EQwbd`3g4MBtC~pUlA_0ibA?LV`lDJJHkM9y!l2g{WOt3d1nKg7Zej5&
zTGy7cv(Y(7sc{7<*TU(5ol(cKqa5nS*~;qLz&X98J*Z%^VOIbysqW=xUf8Ya;a%j$
z&s%{*=A6&S0{yuVo%$#h)H$;s#t^7#3ooOnZQk{D;XR*YK{@<9%E#0_nF_@9RW!+-
zmWp_1y(pIf`y71Tmh?`e#pFe&f^K6h5#_4Y<NT`q=SX+Bbg-ZyodpFX#beXp<0t<h
z?zfG^eI0DF9<MI_PJC$D<~KusaCYvwsFTf2wOqZ4uEC$OVC@{m=yO@pQYD>L&=#|b
zbyYj%`eum|rn8wo0ycbXCI?!xlNnZ8RMTJhFrc26TZ=k7!LBB|nlwS4V_f$&<E%~Q
zVQE#9qXK*@eKfBilR`E3kE}7QtV=Zt5?j(XAaBT-mL6i<rb#1#cY~4Y+GWC24RGjl
z2U|ZljO}>u`h2q+{7D8u>OQaXrhn~&f!LUXqCiL&)cGDSgVng?7ZY1_Vr9#qSH~ww
z_1q_g+)pIwRW!y~vVf6qRBQHiLzTjS2VR*4{V;a1SB89!mQXR)Is}lNr}vuL@kTOj
z|ASm?6uzofmIb5Nw<23d8vjYz#XJs3o$+ahp~##*mU%n9uCt;`gB5FDTOeJrCmDNL
zowTfEj1K#)Z(@wCr}!xsM&HxjN*|1II!V}HNVlMJK=sDu0|(9$g|+8&wp~?M;>k#D
zZ>>gKm5rO9ZID;b<QzoZ#@5<V$K1xo@?;R^5`;;FSu-AV6+vB^q>tcbbEQwW`?Qh+
zMSHU4%*>S(FL*;vzmoN4h%p<Qb(E#{0l^a*sZ`cyHvOVvjT_;>y6DuX=ivF*teCnm
zp3h4+i$JC6$OE)yY(CkX@+WNsj`Z~@h_^ip6sXZli4`!3m4VQ&&RZ2Ul?v*o6?FC|
zQICs-S);4(vYIFV0J@PCVdRGj`=EPQ<hle&uSIuuQd;Z%YG+B2q&JXl{|%*&Eml9Q
zEWV{0ENp~rj`IVm0)xm!FS=3d2gGWAQbV0VGi=0qZjN$d_&egy$|P@WDsz;83rdHA
zT)|)m0W=<z);|zst*16Re)nb9_Zo06a~P#{QACxP2W9sCq5|w?3d!GE!DTsi{g3>7
zD6vuPcXV1#en^bry;v};8ru*K`ZU$xZiyaB>?4!xz-BR|$P-DpC8<sFMo`)HIa!Ed
ziLL&R1O8xU4MZ6{GJ!GNaY!tkJ<ZrCg@O}f63OqgE?C~prBtj`mR<#)4v7MbN`AMh
z9&Lq4@<&o#FQV$DJao8NOw3pZmE92-ZS{__Fy+Fy=0}kG9X?23(*&B8pm6q^^6CiQ
zj1sW~NH<dvX3;%8M)cvlcJIl+ybDV+K0RxZK3bcf0vq`50W{Z1@rFWSxPnEH>+Sf-
z-8YJ(JIs@Ju;R|%?DVJyNr(F1fztdf<iW0)t;$-l_V;LuEX2Rxl+AOi?}xycGI3f>
zQkaEKO6=>GGechjs&AAGAjm^;K#41wPZtD5OV$+!EE-f)Iz~HG$Hk_<l<5`m;Mp#v
z-Nq7`T=A|Zy0EZ&&10Gv+RT3Gh?wzc{`G}H%Aa#A!7=$?sp(I@0qs8v7P>blo@M-=
zTg{`gR<V)Led^|6fDp~34yTSVY@@`sW&+87m&UE-KAdER&_7v??LcodAMb}*?l=9A
z^i)6`x3?^8ETP4Q04a<V*o0eec13ojPee3f(TEgCGLN1>1cfRBC}$?~8Di^ua$zk1
zpDLgn$`~kMoRa+_%$mdU8cjjnyD1Q;vde<)+-^K?`)fQU)@k5v7cYkXrMBDZVgb-y
z9-EvRlc}B*RHhOWH>i;5Xn;VUL=B*#DWrKYDxo9gPZA*XfkvmM-~A%w#EWbWv^Gl0
z4PU<#;VoXzt+9y{w=AMcJQf+e8F1PgTGso(E%A{g3nu#A)mYJjRFdRct(A~g1NPnd
zVGq*=3)@p>`x4}6a*mnu9;Y>?ukL#AL+K0T^+r4xwS%2nWsR>#dWplS?J1x0T3t+b
zUq9(6g)4=)>Rs6l##tL6#QdqO#n=mg$|-t9@Y2yKnU`a&XuL3J3^g|Cp@guUG>@`~
zAHUn^opoLoo~7H8EvJVl?B+Ba%6RJ&OSxBJP`=ROs{w&^?5_)-NEU%gW=1xB?_eLM
zMq@25x0V#`<bA3t&yXn8w&e)ynH6E?Ro`~>T(HB(+ChUaZ~}~8AtLK4nK8xDmBq%g
zsnL&G?>rK#G<X!)T%9a~uuzCR2yuPbb*3B62kCC}-9|mPb(46AF)MjF7XnEgmw>D%
zeH_URhql0K`NnaX2`xEIFCPc$A%+)K%3_zaX$C4@ByN@UTbG>L+oJWRYYt>2`*uTd
zxa}KsvWUXD%i+avuG`Lu^3=b-J&K|_?V0MTqf0Thl?8d;kuphTpPKHkZTzz7iO)wN
zg{3Ag03T97)-i&Pk)gtA(IhJshA&GCwtW^;#RkEP4t2mtra4J2%wE9Buf=Dny?Kny
z&^~7A_R`y-WtDrX!e7O-a4+_Q%TOn*D=UEjBcsh9z_jTo(A)3I6?+6%Kw7>VvepM#
zE7`>U9*9`?c>0T`OE@iG>zB_Rjv^|EScHl;#4r>x!JNMc$*j?ZgAm7EZ}{x(wMo!o
zJopCUQ)E4@>;@@qxxAey9lt%8@nPy`X6C8S+}$`{wPX`|K59n0i#~W?FDjTY^~5PJ
zR00*HwPaCLKIG3B&(w#u=^m9C25Rf(l<6RnUWLt``~dc*w$CX>@qElt-gy&LHV979
zqIU(^1kDjidnH*vnr6rB@5EX-RdDQp-%Yiv6@5R=v9VWq1B;pL_wEGc^A)$ugzb!u
zM1GE;Ast=zOO?9*t$?OsL#Rs71(xDJ37+~YOKmtUYN#PWMMhWjb_xuyc;o3zZ+q<|
z2B`SLCrJ&o!iSN5jG4HnnB=&sX{gWgR&^zaI>5}=oBFj8LXRu=kZFovHLQyr^GJWT
ziLjytyyty{ap7;9c|MDJrMOGmuTHd(rY@rYJ5&JqoI&z-f9mEvYq*SyMl&;nTc3x5
zX_0An_hu2*M}$fRB>w@EilX0MO#8-NYcJ2Su*JHCqvk}i<~d?ZPm4L5BGBlewX(4C
zb=Z;C@bX;<ic)(um|7w_nEO@y^-yyeL$(YKXO@>OV`}1!)I%QrxpAS3T>_`XMR89U
zl)jrIc_bfW1}!_YY!`6T>Pe(>?LwBg>1%?|IATIci<8>vD6nV{n&e`L4#%7E?(#vn
zejx>y2hx7Faqt8d|Gtc;)%ty>5M|Da0RxC~{6YT*pUNCQTNX^?8n2}SqUxBdH7R!O
z0{U$G0qe7KSz0hz5f#T%gp;mxl7Z<&iqtN1)%;w3d2d8JBno2a6{U^U6Hk4^I4P8Y
zccv~lESH{*0*Yt64HY&t=)8M6%yi0Jw8*UWt5D;+T(jPUSryfy>(!b_vKojo>F}nL
z?S^S@a$qyGUV`$<g%htAy@ypgv>8=>#Yx@S(WgO$_SWD{?A)E!l{Xvh8dz=t!TY=u
zVK3J&?J)1|FeuJH@4Y&g{Vl(L?Z*Sglk{Y7g&Ccp*LW3Bmd+ekSCO+8_Zcr-6TSL+
z>cDHL%L}bnck)cyj&UrGu$4gw8K=$onqTl_>|{h)^(cE)r<KoZ@xUThyV;0O$8DD{
z00Elu;!Z<M?s)>-F81lwUNw{wK14-5-2>YlV;5w=ZERs%nayy)+0QjCv~`dxDESxf
zZ=OFS$SL=eb7#3XmT>V2(f2h|sf_REJc%djDNXD@CjH?E!c}DbDx78eQ+Q6;Qn<L@
z17-f}=^{iEt|G#A&&36~Fi*nu{$i)(;vx`ETBjy)-@7xxbfOgLM^~esw%b(=5Vn$T
zvxZZ=%(}Ltewm1=??)~aDJNL$-L*9BSwcfBp9a$&&0Ra!$r%~>qWPktaH?yBAl3Ln
z{Ov!D|LyNb!oCUM`Nf_K;2P#KVN2;>c>bcY{Q>ibI-^R4k(Op5@YOSJH1$r?BYbug
zFG?bZM@hcIr&fe#8-Mb;XTV+Bi=W*d{-f@DW92^$H6;EMjDK$8?+n)nn=t@D17VW~
z@DO<S0_}6;KVkTLFRov({lx(I?;W{~_`~pbIT!l8Z2gDrKlK!Md<A>dxiZ-^eQGiE
zT@-BTfH%+|pQw3Ihws0oZ*H{Ytqz!}d(v|L;ple(p4zRme~!iSEJYOX{=CF^^5<Jf
zW`YrlN=<gmsB(x|m?O7bJt-Y|;t&~`BiVt_OwYUP^==Yp9mw(PtWD2_bM3HKQ*@#+
zVQojA2+6&gllv+!M`3yswF5~uRWR$!7WeGtKFJ$7%ZFI+!I`I^2u=4Yx9@`qp1&YI
zTV7RjIyc@MpPD1>zC1@9sB0LK8w}&~<_#83dC;CS8Ew)S&>2(O<Xja6>{!>7(ly!o
zp4xg2nVbT{4si{Wbj;olZXI~9S9{2A4=dw6z<48Nz1e+3znue~9mt8JRjy5*N3}&r
zO~^rLxzQ6f=IHz(zOmHc(s=88Q6{^;`pab_r+3e<0FbvDs_mR`j*}AQul8X`DIp)7
zUiRALGY(+n1gM>zJJ$TOM2Jh=INNXhuVE&;pf?=seWZ0A4|DwSFxJ=lKbc9qH32qi
z$TK~J(zGBj5c2a^x+^6@<JsdY*mpHgM%=axomKmtkRn4>Z?I=dw<Vf635Ea~=s0d~
z7d29XAysUst9G!)hIbdP`XmQSjJC?CiTBYgOh|G(+s(r*$L4V3#!^hJprhaIf^v6t
ziI9>FdQwyi>-4^^k6YNdR1;SOfE6sTU|-jtDBgQIc1d~>9SzX9Lb^C#+-ULjOMuJR
zaIJF@Bb%BxhL^FaKaO~PT|wsLroS0l6&QAHiSu`5L-P7__gpiN6&zXI94V+bgc#Yb
z0rYPp1|W-V;ksm6MaN$cY7cvwAm?oD`?x{Gt?cT4a^h54xoDTM2lF*u;>@V~s@d>#
zMOQrrY7|$C^k5NvT@(rSF6&a3F}*$S&H<O5uEk<@7cGmHnYInAXWuZ^E<pPR;UyMb
z4VGBy3}4!P3LHj@B>UV!*e^6nYVQQdnKg;}=U9j6Oh$#I|6BvQn>|?f{!}Louz7*p
zSOixWEO2r4rU!E+lpfpJMjgpNF6h~hnO@KzSs3GTm*FpaqF1LLM&ipth9U1)RcH{K
zDqsoA-)QzS6`)_ZA{h;n#?RH$v7a~}rd)amtb2fne4V&p5n?Rqpd4y+8T;0(`}*87
zA5S0GG&$)O(}(NXQJ-Bfq(pfBs?w(F)`ie;)5f*?fbqKsqkcZcW6geN#-O^;4j!+X
z-y){zniWTycUTWl<~mgm#(oJ@TS-laLicLg(CMNoZcRU9awdMNhsg*sU$(xxnzumE
zkm^E>Q62eR@QyJoHhxyKHr5xn?i6#4pr2tE44&aNQtE`$1QDAyuYT`(MkcSqx<v&y
zF7{AYomDURT|7cHX2aUmuJ?8pS=*$z$_CN<b5Eqy&fTW<wU>+tUUa0#@die~F?=qu
z%@?*4+SzkgzR4_6y{<Dy{FO}e{-fMnp?eZMEm_8sgZts2TNuI7&Q@S29~tK8a>BPG
zqRs|9TNs`g@Daxb%dsKDum}FGz3D9u-1G}L2z{d#t@EH~7uIK&CKzSOET5|0S0IDB
zpW`;X-=&<gF^PrwOd(}zju3#6RAW?z!QAYt!3h$q9mqX4ygk95&AT7|r8QQ62!8X8
z0968YO{GIBngqz(vhkMC1s8q~Zs5{*AXCNSYZEVi?0`CQ3KwsY_{M@2Sn&mQjo?0H
zkyDeuirhql+Id~@Zb+%?AF7{FnD-m_O)1U3Ew#^2Uh(ot|FzAxrkG_duaOr_M(riM
z6h$w^1t@0&vI~lyRM{8jkYiwd33EF(Q~~apQWMp@>$$ap>mX@^4T$(1H%kuP9R+@}
zK&ORcgNdg#I^vl29F!=~Dg+h5Q*P^v13rnal;+UVzmBm88zO#=gfjyfgEfagmet&u
zD`UKO=!S&fxKaa(S!nOLk0n)8<>XC7$LBJPz6hxK?&NdRonhpO%Hs<+1bqli?ONZu
z#fXqY+g7e!k$GvA+S&jGnu0|Q9cd7G<?V*9Meff0<x=-dei)v?%S=*ObeP4(3avZr
z3MmoFtoHunH)4EU<BOn#Flc`n%dU%hZ7bDMoyxwM9+q0D>{7bE0DXM+jTA*~L_P$!
z|ADdl;6+y^Ay8zyra!)^0$Z;OJLUmwwUS`xOOg{BMHOBmQ{U9k?uob~XwjnXVs=(F
zen|-~UN!qtule@_t*UM#^f3NERF+t$o>lj_p5`p-jqf@k8O8+GW%c5HaeerQl!VyU
zs&y`Aw5G|EZcNXW`GsX*j1T{e@siU+c(R;EJ2K|mP&%;on!a6}C==~t(X%nLRbuJ$
z?PPuopqvxvuFO|3V!z~#w2NKzuwMlZyH+wkH$356V**YmpvN5&qQcQnpNREy2RGA4
zs;VK$URR~W_?ER#xl0?6XVM|W^L$SUvjO^JrnB-O`Tn;Bh{DU*+>XM6L8W1yL-5j+
zM8M^Bi%g>!J4OeNRsEv=c6O9zToW<pZ>NK{2)QG!0y8JHX!r$`q-5_^jwEu7%=O{>
zr+v0I8^EOWWzuc6N{2V%V#YEnw+^zy?RxHs^}C-Y96LYk-;{1S4lsu0dmAmhirxJA
z)YWHNWwK<!SdvuoLM!${!;emQN>xia8^lJ1g-6+@9A6JQtS=m`-{|t318;0t8W$Fb
z*=4)cPrZCC*uCzav~gxKoURgrSeNmdUbN1V!TQNB0m?amN!8yCPInuips3PCj<58b
zs2r0NgCp_a=_f0Q%UIGr+CtV89&sv8`W5d(*YEZn<7p>JLeh%KgD_+P$M%5{7YWwQ
zkyic!lfbVX`~8iBtZ;F%nM0j7p^=%`jL$E1TVvJN$Cy6!V{V!@kJ{-~vuG|xzvQAO
zBZXy7`qUj;3ROLAfmn56hcwYA&o!lLH<M}%Vr-;4rpmF6V)_FS(d&EoJ`nxvL>Mpm
zt2NVXxMy0e<-G4R+D0$O?Muu#nfHhLwzkKG=JTB6e8K|5cYNoEuqT^x*CJa|GcE)7
zkZ1fHR5_h@o7c>U4<f<a-r)5RR}tR1>3)5Q>n7k+u8{Oohju<P>iut0)R?9c`ieZP
zbf!^@ib#w;SOU=${bTtc6ihG2c&bDMhRFj1Q7I>bRohr5C-z1$I`$(R=cd)hPks8J
z5otQ}3h1%M9qj0%(Dl9z7#gw{dcr0@wA4Ls<Fl5%V#=FpY(vJb>J32t0@Ig=-pz{v
z)2B-Ie4p)Tud=GGgrvano?;2n`Fso*aMszqO*gr;)MCh~wQJYhG9KrRFDz{|1y*#P
z9`pFQju$}RBhTWIWV8G2_(fLX@tfh%IBn-KqwrO&M10Cz_iC5XsqAUKkzH*S{VGFF
zmC;njoR<0r)~({9`)Q>n`26r{aVg%k$t0<;>>RJkQ(X5s@+wMLY>fUn(CCBFjv!-K
zPtSZXIpFar4Vu=OrbQSZEcpTehGl^#8Odk`y(>{8ABF2FdCLO^@SZJAl|A5fa5SJ1
z8sH57p2s4t)@py_IqGT1RAG<V{oyPx0ka~y=fGa2rAb#9-}|J6rMbyXQE5@KarmY8
z$lBlkb?T`{m@ohPapuM0X5$6nA4jGCz4RX|LE&H+>3bSJ2+^V##9x?De<mP+AZ_H{
ztN+z@{)ce>KeJsN!rsRG>v8Wz>EBLg|M%Jcae)3mmF@SU_a$LD@+TMI|AgAOs0mL6
z5HxPS)aBZI!<uk(Uw`WsVc~`33?dl8b0FzIo$LRt^lxY4|9V1xQTiWN`rl!@7{mW)
zYZrtGk8X3QWr6T8Mq5Y6=Z&p|hr{_<Q;qxP#F6;HN@q4NNgd;S_2h<{72o|mD5_3i
z`bM^eR2sZsTNtI}z9}Y7fdMFP8q2$MDpq(8cb^Nc{5aGB739BQu=NK~*`qjS`u*~l
zHpW+~B9aoFrl&8pnuhxyf3z?oq({U}NdkF{V5Dc8qDZc@l3Tt`HLQ~n?enyvE9NTY
z-O;whr%h9n=R#3z0J;NyYX{2tiFlzJ5c%%_ZrrWcp8$}T9vaj{qMQ?{<4r@ItmYZP
zebXChb)ML_$Qe?@<nlDt92bQwm&F{oxThEk@30<dPD)Wl?y2E@s|P(=c`Mls#RT-Q
zO(WRC@LKZ5cvx>;e@iG!aQ|+o({XQToaBgC&BXZ;2o3u>-;tj6csDnUx%fwim5m2d
z@3EE<nNGBH-iqAM7^5Vv>?JE`1Wf$U5E{K&^39@KZfG%yRfpUnQoyIw*YE|9cn{T3
z8*?t5auNySIl7-YDW;&UysO!h=2%!YHa|S<*eYB|CndRu7&*}Gf19^4K*EezV#q*V
zUG~yihWc(AO$_HAEzLqm-X*~I%XKHC^`Cg5Finwffy9J#4MJu`t2-IA`PbI3s&51!
zs-vx+hSaH=y1V;p#tD974+UO+-R`pbDDOiw3xWtgbsIoW&_AJC<Ae8e;<uiY5QKnl
z5u6R-ExKk6zI8z)*eM~|gFv`3)lNS1<Ke~Q#arAly9sb1u>Or0u}KRMBh=bM)e-$7
zYJ5O=BvdBQF5F*C<M6+*>i=Q=3-AH`9}xH{*1rV!04@Z4-88)XmDumX^F0S1d?qa_
zS>jEt`=Zq6sqZoQ`(U{4AZNH;t}}5&U)nx;$aUL$ZOy;Lg4f{f8}C79ZqH)$++zP(
zwmv>){2=rAragJ(o=BRfyA;h2>gcG%R0>siP?ir%?VcFX%$I6bg#7_x^T>MQ>}*b?
z-bYo_$vrT_Z``o_<A5`@<dDRu`uSagfiPlV8ost(o64a+2Wg@tYouC*YESp0^Vdlc
zqG^az&YXVK7du9bGy(r41xETHS%<r2+S&Z%T49S(_(6ED*N?(|ac{wsqun(2&8;Yh
z5s$}x`-kt<rTZcbDhkB}_ry-QrKS^_N>ADMZvyClaf59Yg~K<G2b;(R#p!FWM)*+6
zm9+-jyiz!t!0)XOx|K%6y9pk%Q+?fRBDmJ-i2pya=>OFt5ETDcBGca-hpGsI#D=h=
z18u0MCc_3O6ZUp^-+9j>BOdJQ5(9qWu1bB&J5MK6dN0LHaHIe5!-SnH!chN9F4VuJ
z68&qK_)l3u|Ly@VBI<w3{P}xg(Q-U8bu7QxEgSKUkZpup3dCu0XaDi+gq(nyvMSR^
zoPq5@s8m~CY)2$XVG?5EF%LOqJQas%IAQNmff^I5m$fjUR*sF73-#}V!oEe5JF)qN
z6YH$|=`q&`dD%OgTCYSF7B|EBoSMD@0AIbD@Cw(Q!xtOFZ*Nr8^bKHj#3(W0LnnzE
z1CL6+T)`=L*t`V*ehq=?3t*2CoZuoEuq3TWNqvF8gSDB<+*k_o>@mum^8}&^0K6?m
zo*h2J$OBcm(ttqT#d|)|ezALvD%YY{{HI@b{~$DH3YHv@;Arb=^>ZCLS@CNWtM#>!
zJwWlr8<i#W66uo77J~`;uWA&lmZ;OuTkr9Cs#WMGPA*dk=R>$}@Tk~Gg5)iXc!ydW
zU!g$K<G@^tngqrc(iQ)BoXZYw***!2O&Z>1em{|`Dl3{j+@jYAtp%x)pSb7iE{n3e
z?=TuyCyZEwr;vZJ(7z@v8*8PTWhTQeYnNmbvNF1-bq@t}fxXlPvXM=wy-s%-k12|#
z&Li#()1sdbIHI@v@gQKY=#p2L{|fQJG>~+&STVBc^95-6MyUBW%Np%*9xC&Qn^+C<
zM$8cgnVNXbdAGA<;89nLqByN0*xJOz<Y8i$+f&h&mp|q!7{k-$Ou*QM!ND3da^Hjs
zLoTa*4)g^1xlRm?s^zMN&woG-4-N0uQNFGLH(sD-0UPF&X+0A_WcWupRInl#^ZlXt
z8vPCbs6AMC_cM%WvFEQ&Fu%=fOMdB~@xvED)$yli)}hi_V0w<xJ151+S{hmN5^>r|
z(LgVYxwEn=KFmbnnc_7g8fpN*#Tm$M5B9F6#^^LcMf{=0oa0RfKRq2eZRFaOR;<fD
z(ZQi&3CXa!XS^)XFZ8P>!iXig7L_Kkjn(Y#7_x5*!}UrmC30+`)3ud%8p9k3YI)Wu
zmU5$C;JRsz_VJeHr^i-Z{<zN9z`_9N*-(~^s@ok*tjmozk`o^BR0lwh`>%&(p2ot;
z_@m&SWnZ{b{BSm3fR<CE3fH(J&7B?j?Xca8Qfr4j*<qvrK*t?SPFw|dOB8I+wged=
zyXgnbput!_n&|K|Es#?LN~^}DDcQWHZGW+2-q@UDTH)%*RlD}fGw)k5HAZp!fMa9L
z{2KA`2CC@iV6qRrA@{yFF`z!49Lqkw+x}s{zZCR_tXj10)MtMqKP%krRy~qD#_Z$L
zKA)DnjGl?6QgbDdBX16yKL;a4h@`&U>A8iqn_7uwnb|!Y*7b#@d04^-nY~?$yLqhy
z17^kbIVKdz&@AH{2sX@ZetGox`ci}ZF08-ZQf_#&aIvq$ZbyIuv*Hq2v%)xj)EWLX
zXyfI+F;B548{tTSq7ko{{Y4w4#$!)OE^fp?j%5i+;zZxUx(!M#)xypsC@>2u6EVa6
z34`K}sVBO<9fuoVJ=l|E1Rh{?*o&lfxO|eF;J-Jvp5tm5CsGLRG4&Cma3?8&F>{Ht
zHlKc8RHP325?GfbyUu4nUb3C1JROJ&1afX>-+f-5uC`&8%~Tt{xW(rpn)F$c0)t%`
zP}mD)x4GG?>P;AxlhlNuH8#POgz&(9!nlCm0PUA_0HZxkVm0yL?O|qc3TPnXb0BVf
z`BqC~wT{GCcxToca?d*%)j14$O{r0>vvbtX42DI4Ua{2mDU~Nr%PeZZPd_o0>jaJ)
zA&m$MSZxwR5t%Sx<gsVb`81_GB}plwJ6N6g5?a=&#rPR<6$aBJe1CZ7TJgh8>pr+3
zE21-h)+Vy5M(`dM9b4S#oAP7cJxDiAfQWEJ05SshCf@@ao+ZZMW{n+2cnjWF&=*w*
zv=zIvhghpkxA4WQCiO|fq`jcGV>5P2k*QU5sr8l8KVP*ezgqtd^F%uN41G%ZG0F`9
zcsv73nnmCS8ZYoUp3Q*NyC?Uq@*KJIxD5D?G7bdlt94aOg%jTOD0z0@S2graO?`L4
zhM?6JxElt-91+TE$l6=DmOZ`q4d_f&;dY@v1t2e(eR*YytQ&aS5}Y#io}U~$N<PHm
z$$5(XO*)LrEM6LrV+@r0LNc^`vu;zL`_^XXZ@Tt&q{@=21v{UesZMPV9Ybc)GDe!Z
zbJty?j0iAu)KvZRNLW%~vW?A*PPo6-$Y)7q)>m~niCNUybGIZ99KYmVC@nRsWl=+3
zsCAk)(0!~sG_F>rLr}g`Bi_t<Vp`c;iM@7=^CBLqYKY}1)qS5*-!oskM+lNwcD-;^
z4p!gMB%2Uifzm@?or?v`a5(vCDWZQ`K@vj!zbz~X>q5e0>;DvTk6Q_;KL47Idr|7W
zhw*LT0swwG`8GHQ;*8xE6$ud#RK_b<;=4qKr8y_?{Dcek(ql>@bcg|4yjy1bRZU~(
zglWL})qg~7f~bEF#}~o*Vg~uoS;PMuY(8qh-uxlavo-0q^{Lgios+4lfXT~;wA}0K
z^eXy}Q<f)Fq$)Rm$O4}O&sUHj$zZ6Jy{p-Y;xyChd3Kuj#zQ>~?O}+$splieklm#d
z(o<7J_quGds=iw2Q`mf&&T5fVl^f)_aO0&$ylNospmHFQkv5OBX#bGhwWb_*7~K;c
zZ*&J!Z-iwxS?_IvvL`A=*6r6KulnISuVKfVee_X5zI}agyM^(IIq5<8n#5TqYQAJ%
z8%XTq3_O2_IQ0bfPTNRH-BcCNCCsA1r#HcdPXZ>&f~FJN4`Ps@Wm(o9KjAIvKpeBl
zdSoNsF}ocgF7oAuHNhb4f$@tG8RF*_gsj7A&O5Y?4-T<ScsY~x%|IMzFZ#tkVWHrM
zBfWv`cWQRcDeYVF9y6>#AmSBpJ<2(yLpi)us_$H-GJR|-ddA99Y|L@s?13<=?C1(y
z$C&Q%yax;nVLoN472n=JJM4H-=vlSD!Gl=R7H6NFTR4J@_-s*q_Q$|WhU*@vD2$HD
zi%Ol8j(T`aNQsY>TN4$sAwrAxa|d|ihQ%tHBBm5t8pn1Tn~<P&x_MQ7O9QvO)6Kit
zdERR+t1rbjdfaGe-?D2X*qQhHR0=&);FftH+l>ky1r528K2`wuloNdV?Dr4NYWaW@
zf<wDyD6cAHR3+Zxcqhtl-yHSy{5yYqeuwFRL_y8bON$d=mpQBFEbiDuNatv`nwrpR
zr;Y*7!Z>t`N@2Vye}VC#7r98Px0L2i)|t3C^_E_v7^8K3hAtPQMcsj-cs0)9Hg_Z5
zT2ql+ZX|m9*JQ{dB<Eg}5+fr4qY&i0G=VEy7!~c4vt!$FO<ZK^(lxBn4eYwjSLNJ&
z1gZk&Z0P5jBS=?x9&9BrR*~LcIVx#oHd*5U)eApcu@vhx$)P?rQZ1a)W?KyK4q7!>
z(O@muL1W$a9xSB|tL%Gu0@-N`U?V_VEirenq&MkO>@vd0hVhkYU>2>~5xny7+32Cx
z*~(xwaO99dwF-K@o?vX=h!hG8Zn@A1alm|jI`s}{zn@<1=2D6Y?HDPohC_u1l74Va
zqVR3+#fsAJOj_C7T4N1!T#|04=h1eSy)#mZKxQZc8u7!8)%Uv3O|`t#Z;pEc?X%@%
z)Q>Ie3QEU2(LfL{W|3Y}Cv?@EKPb{r4JSZ44ZpLzd)zmv%xELDyK7sJq}FLp!qaL9
zq_ziV(c;#Ab*pId1lT_s)kdY%Vn7Cq(lRyG#+#Qw^1vmN^%x|N>;Q{dMN1R(jB9LI
z*Vw&v;|4N@zVwT9u=l&v`xol|{Hupqg2wt>{v7l(Z0e->nt1i)hX|i12pwkH0{fjO
z_Yc6Rk)BAX!F=7bpVEu{sXq5HOQXD^yX5|TYKKhH_Kw0Fn;~cj&x{iTroB~>-*Rh)
z2N6p6exy2W=fP%H9#zKSa@)}FdX+0bi;+AnV^6@aI7TMmNN*}11xC(2dPh4_oLP<{
zZr9SSiTKuC;??GmmdTuX-10nmL5Wrd^V*09>6Y~V#v;380r}kF$>(4Zuxhjy@taRU
zFB`Tfp1--NUjOxB`@3tQ!5bSxC+9WU+1cDMqI=tJ0iLyK=w>&hfYQ>cux;-XG#<7K
zjHH)w#W}_e<(D%&!NAo((4uuu$|_Q7Y_VxSyo;JiI{iDN;V0|Wn2it*IsZ5wjE=ei
zqkV2v#oIj-BcnATHuY<hpb=`UK)2nMnTH{+T-KtL*5}_v29(F&6cq&1*-mXKS#0Ht
zGdan8Wz&u^%e7CGYHzEXvR9rgjbyWNxej=Ysgd;T>xK?l>Gwe-2M<0fos>|I#xIQx
zJ%^yjbo++cm}Zy!vgGiP42@r*-%|5Ser_^QoyZ@geuS)}{MC?ZlFy4%?o^44yH9nJ
zGG)kCG^Spe0fe{;T|n^($WUxgZVka150u<PjkxeqeP67OXTKy|l)h%)p_@u_eO#60
zZ!k7FF>&fhMZC(YX_4DbbuJT-JUnNlq3@A8LYzY2=ILb%U;hXuykEyCUggesw-aaO
z0Si4RCTC0JbxJba(WiRomqn=;vAf<Ul_VHxJ);pKL$~G|FcNi7MwE*gUCpd-=Th+O
z&N3_F0Vwt6U~|Y<AbAs!HEpn8I1dp34b5%{ZHa@dH*Y<ky#BidKkz0|Cu?JM-vR-Y
z4wA51Z*AS8!M=E0J(TIGgVk5qLp&UA!1XGegt=;jV8d5K<58gvgTZ)z_=|F{EVjjC
zbkCI;a$ZakV)8BG)cLZZD2N%22M;t^Yw7a%QS6&(5XR#&x|&Cwlmb(OWllsAJl|KK
zk8IIKj@Jt|vE9zkRgOB^Cg^J3fpDK?aYb`2+uZMy8gh3xTb9LPILDc8-rrLd^xT+X
z+CcV2p6qXV={ZBM{Kj7Z==6$uJa%PNPavp0cpjHCvo@mJm{M^tR3ifAH)O(e_d_D^
z4kZ?|I2+veSKl`wwv<`;dC6(BMV(3bTLdk<uXc1Vu-2dgB<a}p^nPMxKN_DM=5*G_
zqK!Bfm_9W9xP(g*n&93^1_1)K5WZg(_2EVPB-Z10J+dLL;+5zE9S(o<E0zfTO<wn>
zN=$F>a(;x+Hy>cH(;8j^gy3q?c=fA__9u$1oS4`s9fSo)HccqYxj@5%3cjD7Z$GJ_
z?i~BOhm?I|dH=+K8vD&-7M>JLxSzM7HBGdg;Y}NrO;h2YbC0;kF)%z_GU_^jPPWMI
zNaHM?<x8tx+Vk39f)NBLb}Y{BT_$$LJ(}#Q`7=Tlj&l)krOQ?jbTyEdwZy5eZM?)v
z0!;9Q&x_7VAutQwEB3(dlITP3xp!LcplIj}qAhRG&~zT`VOMHJ(KVBq0Y9z$QY@r8
zA;@dd<YH$gibFgMc%q({y))S;0Yaoq#P7g3T+e41z{x6bSeigse3TbmF<LL@+wN-~
z%}Y;9A+}v+d!GeVQuDtXA(j&Q!yPp`f>I)=txar#Q5{)<zHPp@YnV{RFM3rUkQ2<*
zwMZo`*j1OmpZD%T6cJ&>7PtX#5z=|Uy!|y+M>reDsaZcR1o!e*LW0M2Ud-T8)}3mY
z$%-UZi)&$aw9{Cz5cksZ+d;HgKHE*lTF1mMcB;2rT`=N>L-q>-b6lg$QR&qvQv(OM
zao;m-%78Tk02u-(uBFSxj*e@XLHkD+GT$rOINW?!q@B&utPVc3e+(9%T_QE86rDm7
z3l~8Q5kt(>DQQ2P%2Jg^mMJd4<paez(@r1S{n+px+F`tHqRCEUUkP<xRO!>Zl?AtA
zNMN@5o%&W@GEb(}=A8$6tZjd&@AoWQJQrrg$g0b05xl0gt1_VblLt#0JsL3f_FI(2
z^d*OP=rQ1k%8s()%2(jDxw5eTvTyAbf^~<trsrbZmc7domoiF0Rx6$UMbDKH*X~(o
z4CzE!;W(2hM5-?XD6tixIFd~0K@`dAgO!u21Fc%P&t9r>rhQAFK(be^{c($?*@R*s
zHFh>Fm2n`Ki0;QOUKvsLJ#BS7t?hHZbk<bK=&P@_pOH%_N7gcKu!$!rL1-`UpS&mZ
zMc&g_pax+o4giD@CglW!A}kUK?v>J-aC?h*^3QA+X-$;Yf7t$Fc>gDd?CoFG|493b
z;qP(?RRHM3KWrhwe>L|vIRwIci1MH2{$lvM90KKe(RacYKY`&?JoEzAmd@9UGNJkZ
zS+&2(ef-bp|8(*%xqp{KnC$<(lmFLR@J_eEG3BcK>5!YNrpO%CAF#%972jzj!G?nI
zfj~sw;sPkG$$g-!#^^-IJ`!ubZlYhs-@R8bU2-gLl-RVMr>azP50qppqym~YIIZIM
zz{jMljDw~PrS;+6QgsWv$Nk;56KEAx6V9-Xg9^~+yc3y_S<dyOGJX!n*zzfxg`L%J
zgkx{?fPKZm*`ho9rCy=UIyTYj6cKR-hsRXkX$&3j7&+cYS3k1wf|1D-!7HzbGtbQx
zm`YXOs~X37x%n(z@tmryW}>J{$mU8iLPgj(BKD`E^g08hw7gpvBJ$Tp#Ls&vrw(7$
zLY&(TZ464121=Zk>z?K%?20-YN=}}AW~9Cn6(-5ny5+jxJvQ>>R%|7H`doEsI6J3g
zU|6cUs6(G-XVt54E%CYZt1+X`v`cY9KFB2^O6;^gg0YizGf(|!n?9R7vxH~FN2919
z<mb=wqMvQ^NBefur_0*(<gp7Ya-x0I*!kWkm=&kWxw9oSesA>n1W{0zyO>YoJ-+{W
zv%F&Q<HIIGbQU*X=gbz0h%7YIq@8*tqEI9yg^HuOPzFaRdRiB8?6eMZ<vy*DCec4L
zq+YAb0Wwb4O_A#`sUC02=7lL$tH!pLNcM=p^iAu`(|m^Sa361&EM`+;Yu{uWu4q~O
zPOZ>5zx|p4I?bWez@F&c{ya1JJR5Wp#z|H$ch|ZVG3l)^r_D8Yc=-6x=r=Tj(t7Fq
zC~tGkqy9zA>W_@`IY>%J+xq#4c-r)!D{F)xg%yXZ4`-3Q>YZ2Le?5=6yv_XPS|Z>E
zi>B2bh+3cF!NK`(xTG8W>8wP`?o`g0yJS+F(9?aEv!2$w;|uR$C(^{&^ZUbk=e}~5
zH%-`1%C1~qFFc#@d4b#q(8YZzxXU-nyw`N4QR3N^(;|G#E%r66aI-M0MMo_wP!MhQ
za(+(m^hdp3f`Hld;D*BShrM%@F^cFkfImc@=y>`vMiO{_(A$6eu=14`$p{R`eop$a
z?8?lneXsXw4{iM?`X4oX`BMJ%bR_(o?`tW9%%<-k)Eq}gPJ-}`S$~PG&VudRp*C+}
z_8;EZxA@*k+J7nf_6{FQvmezX%}tWbyj$7M?jX?dX+u9NrP`jDy6WyzvQq{*ntT{j
z(X%v$=A*oX*@BdUw!4^`fN`c?8ep9Y^YEANp&f4RTEh{nacO%gW!7CF)*SnNCef|@
zB=zwPdGjXCD0jb;O0j5%+L3nS(|*IteK(g5xvqa3Pf=>q9G~nV{`@K;aUpQ`iT-Dm
zH#d2BsjNBTbA_uzpVE;hnx$#@s8GG&ta>y2+tVuY(SFd=pN^NQXQhkvxUSjne)z<F
zdREILC6#5QpeT8#(F7sFT6Gjx^C9hNbksb_9mkW1+f->ut&eTEdz@@ZMFI3UmHjHW
zH{6nU7>$)Z*4=w1!VWe^UahuwbBUnT-)B-^58EK$CduLHZg~1`UAkP$c=F0AD}4qZ
zJI%vfchVONPh9E!bTBiIUuf(H8=qqJyk5w?b)+$twv?nG3cLQy%s&nq5gj}$kMaGC
z@0;omeJT1tLfhB%xHQsmZeQ~<R?lfLto<4eg`iv?cI4d4*Sn6WkfUfmuCUHm@3-&q
zTKzcL>zdK8Ch1gQ6(L~OQ5!col^Uw?!hr<4Ns1|Nr*fikX%a7r*_fKEL(t?+NX<Rl
zpm;6$z<HEWMzu-eTjZd#umyWS>YFsa0Y~4=0HBVngENY{Hpr%>0dJ;l&@TF$@fOvC
zazCH7vR(DMc~^$`sa4TOg1lPu^LjEr3+(PSK+Ec#brD6|lUC#yMe4|%u~nfj^Py(i
z9Jq)IZmvQFg%iuZI!cW~m+z)deQa{|L5$z;s$AmtaYCPMBs_&xn!iu0{2dmp-me~Q
zuG+7pE)qN<aFkffSuRkL06LKC3C@Qs=6DeQQlqL&tUS`F%Az{Ige8SJit;x%K;`lr
zJ~ikimoGLE<?z5<q?<eGfcEXllIpbY*`qql4>-Rqnj}sHm<>HqU9rAo8?u(KG`jR2
zS7>dkCfDrDOBqkR|0Uk|Vi<ZP?#d`$3<E1ulcJM*tTA^C6w~Hg_H?zhj3etdHY9`d
zI%1vb;Jps(ia5x1cTaHg2bDo%V2`?U%oC0Mq55i0#zTxTJxOMrf$|44yxaaI$auN6
zXgPgTV>!9fnzFbF;XgY3Ef?U_;p||;^LFD2(NM_lUg-7SXZ0#=ta|R`H6_=%<5X4v
zN^&HffMJ=eD;A{_urJ8lVn3I?sE9rq!!DmnAnd=N#Gc9q{&4niHF!6P%w0t-wZ=BZ
zuQ=q?MS|f|C~~EO$!FFh6HHsQo=B13JsZaUGj^oLww3mrg^a#-OATUQHdUus-a8PX
zx*MEcsHUgeig&4sK11@vt;+C?P1WJ=>AT%WVooa#P8y%_nj;KI`3w5;Ps&HyENKuq
z`nGYQt}BOZSFF`I?#PdmT@E+6Lca-hH@C*y8K|ZAUg|ZxnLlME7}U^3!mx7H0D$#Y
ztk@T?540VC<}2OT4?O$Wy2{{}UwHtn{#=ijC#m!DP-WmrV?|_EbKPy#BeC!Q_%-f>
zYyVB(VQ}~7w>4C<zYN84zrK>p70ZfNksFeNo80&;U{*(psry#;nqEHb*g%2#+01CW
z%&E=zIO3Oj?=uH}mxpv6(6{Q+`J*2XEA{A?ZcAvt$LaU`1zW6tcv1zxn(R3K#?jZ>
zRc2CNzd<|Mgw<q!jXdl0d#B~2Wc5Jn4V3$iUyqfiz~R@Ek9L}*JS5gt&pHSLZG6h!
zkZ7+cLR|7eT5<P`;<fdp^Hcq;X5#+P?#F^JfS1?&NS5?dS272lr4pTeXT;voXT?Mq
zD4DUm0?MS&2PyE?C(JGFPi4i^RNv-zfSJeBR`V==q;3m;jI(9bb2lhur=FPd|C+PV
zAO>_&Sf{KXGu3z-z@|SI_fZ&c@q|KhQ)2o_cTt?8?M_33h+B;rGC(&DG(EQeZl*CT
zd)8v4`C0$F&?^sV5Ye)Qw0Z+*s%&F!g>~PEy$1{B4-&TN4o9;-Nh}-{aQ~v!3H5-l
z@pScuf3mB;f{fEk>?yLl`rPUZ6-II|(=pba_@IWgCG??BzCpacC}dh}hQ)=DusSpM
zBZ<gQW$7nhw{y6TR%S-vNkn@#%RNg|d0W*diN(E_utvjrIqq4#FqurDYnR;6bk;db
zLG#F9UWX9q!#pF~@Iz&<?USs_n8JGOxCuvl1C(X&BnbM56Wu>=m{L33;fo6*#dKs{
zH`DExvuj&5iX??{ue4lgc#Y%{mLtTx8;JAAz&UeUhF%iQP|37M4ws{41F%wQqF#$f
z(S9!(KWV(>9e*VAqS4(i9SChRbO}<gdw)%yFG}eK##QB|rC1-`Z+l7U&GGAyX9}oW
zC(|q}Y1Bg?qZPaY=X>Ea2rc-NLPMe`b%P`^mQ|XjV*T9~O|==4CkD?|s{_93S7pgb
zzu)itWK0%i<lJ<Z^jhS79y8?kw&U;Xo)9s@n_-o5_kfR4ExgeMqV@@0teYg%6MnLd
zL({&!g;7`3KuXE9soM$74Zc>TGHQZ2$~h$co=u;{y)+cM)x<%9-5<zIZEzGB4Z3O)
z^*J|d9D7eS!R)xoraxOQp;#4wHNyPSucVGa{w$N~nawuj=BPqw{+BmugT%V0A}cJ#
z?3Xc2z{p20C19h+(Ub@n-`fuqLJ=G>jS4l@8keykuwrKDXQ|f>d6;n0kD<nff1(E^
z@LV3b7^Ajizs8A{nhA7M4~X2Nd`&XI7#(AEGdI)K@KZPyRewAA4`;#$)NTPZggJ>@
zs&u#lZz=$usXi?;XyIu&_Bp^osl(L$N!)j1)E$0Pf&&Qtbo7)Q^T?{Uex#WjWkt{<
zG_Bsrjz$?;H--QodGIIn5(C`dE&;2vMzDj*(8=r7UoT_Y8M~PM#+iV;nb!u}b+)Ox
z<O6nX{U%v{-}>Z<jU@(TeDqszcv2>G#abpTmm>11rz%ybpvOkCr?*QH57Q}+y~J*1
zcJ!N-b2XQ8I>c+UF*YfqohJif5^G#_gfPHJ@;5VG2$)kNLi$|AR8i}c@pFycyD-sy
z(yI3urE=qR0EQgGVZ3jfM1KzoHy2>zL<_C2W-tNkF5Nuq0K2L6YtR}e<+;v%%(ynp
zkn@*|pc!9Zd7K{$;qA$xK48zQlDLDETj}``xH2j*OH*rq!>H#wYGiV%YnuirZMtgp
z2w1lYz&2dJn{r*HL;tOzq$^agx`mC{n*9llZFh&qT~e3JW+Ep-!qFdb+FKTP5ITBf
znkDGa2lh<7j<D;9(5!w}v9s2Iz#x~&UmuP%;F_!20Ic=RkIad_2`mf~eHfS~;X52g
z_O0A|4S13Nr?<C`in@FIM(HjIM?gwY8l+1=K|o3Ap@(je4(Wy=q)R|rV1S{!OIm7Z
zkQRoJ7&_k3`~E%8^S<Y-v(EYFuvoLcv-8^5ch~HFeLj~$Z?$%rte;V-xl~G*>oXH#
zhn?!azy$R+=~N$du8}IPdVWkeeH&jRM_H{T!{bzg&A{h(!*14}5;w|g!r7qh8PdY?
z3(a+kFDo9s?47d%Cmt&l6TEh`M7{q?t~75Mh;X#Bukt9Y=Pu$e?P~tvBAhu!S9<nZ
zt3#hVdXA+H1*Twqz!2ni$l^fD#x9fO?p6szxl{SJo%e~vfldBeazAU>aUJ?N+!Xgw
z!6A5BNtfi!2l@c|h~kj17;L0pNo68rG~H`*9*ky>=3=MT<UOz!;58W*qyytQ9cde;
zR(%&n<r4%Epz=Lgd6`F0W%7YE9#bqxB_ZtUNmy@TR79x=x*aAYRZ4?MG4m#}=l+$k
zYm6{1DW-3iSW6pM0#IArsag1EWFJVJWVLEKz>OBd3kY)C@yCU^6CRlp>#kvf2+Jl-
z2e&5(a}A^qcb_LP69NHOTrUWLEqeP&wA?G}^H6XP3c<>}{$)f_J7M~TYobyfs#>Qm
z7c080w%rp@A(F-=0Y&r8Gj98w=Xt1b%GGG{_z$d7R(nKOmg^~TjfN6iY`hlxd!TZg
za{lJY6#iNeXWY{hhTXV2@2{mfFY#J{R!mSsHba9=>$Sb7j>{jCyEmlo-Y}dhvUeVf
zm!`;09&DxD)xDpMNs4*~%3_J-G3_S+8c{<i3w5(MF%9yEpA$eSpb{t_Bzc1Inz+#|
z&*xupranR5wY2CZnp)?J>!JT-^q8yj8M<i2xP4!K1-l~e^2SPB*Mc7Gf6<LE+!xv}
z3lLCT&qtGFDq>;g&_4CW1NNK=ZIYRq1Aa(SgHR{Z8kKB2uK_<*HxoeibQ5pYG{;@P
z3o=_pJsY0GpH4te_#IuJZz7Lg5LBn3)^2hT?7YP5uoqP~ZdC2@15<#T6Xo&1+6}yG
zHlPkZ5W2E<Cf%93d($YB*l@NXbAanKD`c^6(J5L|*ZoUgZ}LZA9k26eyeraiynl2A
zI7@x=MzP=IiOT&M1MF1W=Z$6*E8SjOFDei5jyL7Dd4r0)_bTe5R?7qFK`(`^rjQz2
zRDfHaaDOyqi!apSD_upbBmmNIEdN$6sOvGNUAH10F#N>gEk=%+01s35(~np-k;dbP
z3$|avDVR0zz{+u`>I5({k*Bpb*eYpg_X5ED1ll(zigix{2WTX4rvt++ap}l2=Cqyg
zs-^e(NM9NuJg{K#8zZlGSqULK-vI>>5v?D-i$9pcNS363{#4uvJpEeost{Ee$fpvO
z{ABHOa#AotV_q=>4aUBLN<25NKB&-d%$;u2se7x`EdQmZc<FQpP_(_tY5Y{u0%W0M
zDue~oE!T7lVLc3d3xNgJi8|Zec$NCF4j@%zlzk(zXuGG#5S@fZ&t=04#9yry@VPB1
zC3m8-JQxIHlcuXDpJAry)|zFyF25^bL4!rEKjE|3&kR5;5~IR70XL7xK4Ha3TU(~L
z6gjl>4Y}e02UuVFaOn`lsMM1<&KrC`4k^1FfBd^d@~3Ti<d+Q#yKR!r=5b{xOxK;g
zxk4WmqRODX3lfj?Plf#OUJX<S>=a<G$hr2j)HDTo@oa)#9M-!={Rj~F5*;S~6Yh@c
z{_D&6ejrqd`e&~=2X&pUvK4m;>h$%e4^rWY2@=(n%yaQe_?@D}XjBiSF_~(E!|C>^
zgl-k|3?!-f;(%f~@PUKVE`P&s;xJm0_2*Cc&d0m1P0BT0Ls+@c?T|mO_M`Zn?L4p^
zYemt1+XFaCq><Sr=Lgv}_6yin-tJO(H2zwzs$}b9#&K4}ua(QNgna`>6-XX$rI+Bq
zN*xL`$kQW8`*<uy<_>}prsc51+pCEq6xi|laaehA(mW-wP2ldmy-1M)CIjYv`(ubd
zdbp2$2v~{Em?5$>iJAm@Kl%hBzYgpmu$pe7au19^S?*f-J%RQ<G{K&mr0aSG8~qt{
zMoA`1aEXSb@{R)PCmb#ctst`SaK&3H40d~(Y%&5%UHD1?!u||+xiI-#-|H#XQ{`9B
z@nD?L(Om89$xf<gF3HXw=g}55A7B2eL1dxZU!4c|J=sEo_D!8+kEO+EYaGj?|A<=0
zZx<j{*Jj-n*W=Nx{(<V?p`O~AaYmc5lpwQh4>|Uef6lEChV4cPc~4|)ioyR~YcoE3
z2~=r6)vUC_i@}fe5pb!)Xw_eV2?JP_mogTty7ZX`a0Un{XwZnfV_u)Zmm$_b1V^-V
z0Xw)8dAd)O`yFDugcH&6e@)RTj;{_r(MS#=M#M^YWkgweybgne`mT__U%erRtQL%d
zOC5f(M=8Jkr$3%|U3bfMpaZ38(?>V~4}fo>k00M~{^BYhv6jAQzkTseJHMtYZIqY|
zs7LXW7<}F{j5oj^_Ej)r5oWxWxRX2Nb&$9GO_V8CKx2C5Nx5qhPUai&?6-$}KAfV8
z_>o>#mMik@IIv%?oy*RS;cm2b!u5<S<_8@FF!Z0H85+5V9t`L$0?fOgA2C8((8eqy
zT4{Xi`zlbs2Vz@E8D|H6#%NKg|HN{G0ZHxcXvPnc!UI}P^fQelL)CV%WR3`xwPScQ
zyH`PF6}x#V1L(mGcj%%sCyJAf&#41wyy`K#z_zQ};yFsGYVXlMcz4vi<1V4o_h@Cb
z{n7fu`p9@Nw`P^-_jC3Sd(Tfzu0U0_`?4#?Z=n_<uf#eXyYV<+uiSNyan8x+BClx;
zG!<4%kR*ce?Of$?ZsZcf2J#JrvE_r$Z>pLL82))X+||@M5bV<H`AXWkwr*A7d|O8T
zBiH@r-_GThfN+WX!59hqgRj|%Wg*cNg|A15!@YBL7EYv9t32<~zT)kK-#m&Jl9}|N
z7dGFQT0EA4YPm@psqSye)cu)R`9OEXU84H=Z8Mm8y-Xjd-qtgs*oMn_Qj^SNOw<hu
znhH=r4sHk+iV5j@EiIdVg~)vGyHCiQF~z+TLILxovxJdg&*Ho0et&HA+tyd3i$UHN
z9-yg?W?Osw$dhHtK$}%B;yzsWEVWZ~C%&3VjV5>L8EN+ZRM*0o)(66`oNvo$+xX4l
z5@NKRDVq8}2KdIs-OvJ+1QbwhYtg@jz&9v9vkC>d9dQ24l%JmJX2Vq`W%f*s3&Qbf
zG|O9Lq7E3fqVdeZrjwW)1<SvW`?mNqg!z~C+e_(Vg%AX7%9kulZjoOnLCV&8JzP9V
z>%h~eT&lu>q&D}gF&-Zq0sw5#$Hiw>8=IVjp5~gkb3v^<rrM}*g<36IgWA=GndgM4
z5U;$U?>c=ZK!sm#&>$1K{FI^6JV$o>+mGKib(J!_%3_@=qh6OPVhasL^XuF%-|feK
zk&St_WU=*{YxbQt_Wf`$<$=5tgseHYoJH_a$)EWs4HfQ>19R6n{`T%7cUrZ|BNOMo
z$kl7Jc17x~6S{l=0W=Y0AMV9u;g@|lar3%_fN0!KTSRvh!|*QKc-J$)!HA~hAxuyD
z0$Z#)C3E*#IZY@tCFI~9OU`7EnZATM#Qs_jxyEPp8K#!{F1((&7@{(gdK6e5M<_L}
zd7tjVTu)a*lVeytuz11lLP}wV0mH0MSXM-Z^W{62t$(IbnCHS8aR^*i1EfO7tcuP6
zW_tdPdqM()offsJnAa$!Ivi{f`jdBZkz?&J=If8n?(v*~0=wc)&RP`VQwuT+t#dmR
zdtOH;s64O2-K)TPb|PhiWS?$X<AO!q>E=T>IbEiY0v?9HIN0q+fqWxjLw~w_Z$cOf
z%qj2W`+UC%Q0dnjQpkaN`uEZ#4?*_>JA77zdqR9R7fDmj%TzK=)@m;%_nMXL3ZVLN
z2wQ}6L&XmjTbW5}^vk4&tFHldrPR$)>tyk2Pfh!ym#L8F(@ZxoP<b84qJSyI`tOf%
zs`2@7+B;ii8b1+`t^MjRa?DLa#`(Sj)(nO02?y?GvWE~yihG-Amu3%gqK%Q6Yw7FE
z@~hhfkOOh}7G@K-?D&IHh2aL7-$pO~1mHe&zUNCrV&;?(isQ8O_;p^v4Vuy*r)-QF
z#r}*6{UvD=YF}$7+S|BDe*IiVvy}KH&ZwR95@w+U@8R3FJCiS*F$T-`-|9|&b>C&P
zI|xxazmwMxa(=rU-ToA9URvWFU5ggC_hf`l<<y*iE_u@xLq5fLG=#6ZKrcK@`Mu`y
zJB?{Nu<1xz)gshg!Z=Qn07AhIR|&MAI@ob>8R|bs$7Qk{nY*YtdCu(M(#PprS71DX
z+=#FC(Z;c9cNks&LLL-w-T69x50<5Dd9>KDl_igy9Bz0(qvQ?8<`7k+7AbEep*fha
z=k1l|W*O%x`_>!iE(Ae5rjq24(S$JMhBn&Q5n6%aHacTM@_8#k3FH^o$~uhpK{Ue?
zfQ%EHvMo1JbUN+ookmuS-2Fa;XSH0tH_$_WnJu)_pZ1blx*$a1vt#!_5k0dVNfav%
z5r0S*(b$+3GxL06=FPxry)6anFV%SP^xds&)CXv788KK2qlaqZ<megQF!G`+MBtAh
z+FuLwf2`n;kAIBCkrrxyjM)Af&;4VlhJ3{Rb1C+3{2wFsKiQEVuYpJiz@Mal<Nq4R
zBeNqz0-%35H2*96-^YwUw(}^)O8=exH)hZEQ)JjB+P|6pB>1=b|7Y>?Si`=Xz%l=(
zjj$n^{abA3?4AvJyo?SKAc1UJ@#IW@N7O2bfuCN@^M8VJR%agWPKn>nRvsx0QT>%#
zI1nlr{XkMYab7HBIa*Kfw~amy+5^#>9+Uj*V=T6RoAPt2XW@I+ol?5&5|bS8-_npa
zqlwU1A0RXCzlqGcuaAx*XenSNeBJ*Pe|ZL#$ovMq*Rm7LWPKZU<4OVUa0TuV{2MKt
z3@s|npM||aVoJ>j|Eb#<NUdU=C2yce!T<o2yfFSJ_=`Mn2WITc!=rRc@Muj!ClO5k
zpBO`+%1DhFmnA)w^B|v#)W6a(17IEPN@K01u?$p8wGw>XIR6Sc-F+SBXpsPk)zbYh
z!Oyy{QvooZJq}Toted5DGNcV1N1waI2=XNcKv&YLUW_4MkfXC|q@x}Z6!aSCI0med
z{}c3)CN7*A!hS46-qXB1>Te~Uw(KzRU_8+#(Xrcqp*JMmVB3Bnc;vqsdblwRC~jWv
z+AbXR6Gx1LTdpQ@W{IkKDCwFJF`B|-f)Cx-VteZ=wULy;(-S$EATdZBujv6{YqoPk
z^A2fg&x!HHtOp(TIpxDea}Dsh9wQ`By)N4EVC?F$?B;?s%*~*hPM0`NZRjd6>ofec
zl<C|cihuP}=7r=*?XBn4I(vNP597Dl9p_VP@ANO|Rz72aA?ib}sW;pVj3#vEnJOLC
zvawZ-2TG6(1KVA2(R@fm&77zj_mXXh^Wrbd8bl0Ws3*ZxllIB{M<`UHKe|rxcd0R`
zYL!$C*C{&qu<}TPXrJ%?$j$PQ#{5r@kZ=Yzu(97wl}>v1@P`oucPjgpKpi^NMrGnx
z;^5PA4f$enN!=@^o^tXf`F5v{qSYD6@&^InPX{k`Q|lDm-s?Op;Fl+f9p$aV*qPHY
zJ0NE<RGeXgPuU=GJf;W4t(k#$4*iO};mbxULJ%-+2??yTq*<4%!vg40Q0%|=eg}bg
zIep6H2l6k3N;Et)5$iphigT2`z}>C0)h>s;^I0{2GQ90ne<ehtllg25o$Ii!$4cv(
zeN;;&vqknOVN~-yFZI;NZAI@jXhqYkUbvf#nPGcIz2&nc0U`?6Kw1@%h2SAm{F2L~
z#G6gz>zN{i1CM!Rf#}SXGr^z1tHO{(+@`5OgG&?RyQt6tVkj$N--(LO%WYoKt2ejg
zJ>IQ%?cE<H?={@?3hrF3^)1Rj0I3^zxiO6GQwr8A@1_;6qaB4m0O?Ho7w9~N&~6ev
z9>|E{v)Q7^4*Ik&>j>TYq21WGeCNFe=t0@oApRJ&{yFYSN1G%pa?*$cB1h_Hx@NIF
z1)GYbT`7$7$b}k4PU(lc=}}qyh6r8~FcOi&<dCfxxBD~nNZwy%9nFJP@@Zi1x3Khw
zvz@DLEnWE(b0w@4&4gNWFMFB>u5oOHVF}=Vg<xDNCwm9$Je_JI3Y^Oa!LWSat2^&n
zqHUDJ?=&^Y?~NFyHyjyWlof69p#th<IWbP@031f!W}U=yraJ23D@J;H#s-jR>U?9j
zi-VCQgc($VcY5i83&96J3#vTx#Di~cEm6Y9A4vdHW{ovH2$835EO3bz`J%4gZV&m#
zDFTUMh7j+9MFnvot{XnfC)|e>E{?uhH_8ibiNme5&BcBushr}*x((CX+4@&;d5*hU
zS-L4V{F;y^%B9_nYgu?<JqP@mr+fL#)G}<nr@!&Ya;JL_i^fjJZvlYcpzM9`ax)Q@
zjZ&9)Snl<EL5kaVL(*PHI=-rquFV5Je`|OLUdd=Z9FZp$!?sy$TVQb!(dk&ikxVgJ
zqAJ`0Z@Yx6n!<Z`PlJTLrCGoj9_G=7ezbV-vV_G|IJCWmKpAE5=pjrLN&yq&g9TqU
zPQxV|Z-OqWbb6LAMsl=DD#GH@#9E`n>`ld8$1GzMh30rOLm@4I+vKIJdEry^7N$5c
z@PujF4ez9y3sY57od#oH^^{AP|CZpn>Cr@Q>7A-*8CK@O>dgK1<WJHC%UQ9Kbh_B3
zHKVv4@J~3{B*pFG_VQr_SjYFdmH%1Dk)0)_JWQ>pWvya)l0#1r$Mz?A??zb}34#zd
zL1^2u>F)rCf$M(eyOxyPcV(uGzVj%lnEFuS%tuQUWZl&*3u-adFWoVkm|$I2Re1l6
z+lH6TyJYV+{8V4|Zear5wu1Ve$>_I8ZM0;FU`=iZmhs(Jx|%w^8KBQKDAQk}maVDq
z`|D*SYZC>`*KN5zd$aXKy8PnDht%z`J*|~o2bZe$tU|$=y1sdF>sf;wuOsf<R9nA^
zdC~i*yq%uYdtByNNKntWiwkS1tk3pKLq7~CB&XlA!V4eICe~|b787Wb?V*lx-<~o>
zb={@Bpk{X>&#ohuM75D=YWU$#Q`*2U_%PMl{zhL31HPlc>^QzUS+r<Oqi+w1o70Oc
zEZ6E7p%o;`AGJGD9gm~dgA01f`OqgAb=*=Lg!C+&2xfQpf2oH(badp#u6p$AI?hKr
zclqnRWK}y4`_d%oL(VDwWRD%&)OcXE({a+9Io-kGJ~y4v#ga!>Iu3)+<Lw1qz=O#Y
z4XduVHCY|sG$KE;41C8uJb!O+P{~cewdN~mWpJwXK<w4#vYWce)Asq`_+h@v#**I4
z@9kWB&4IZUZixeJS^+I`X-LF@-=1T}6T#CH?Ira+ZjbMl>UR?A?HAuIxa)4$Kj2CT
zX?<DgHteU_-HiwO*NbW=6cQyzN%jvO2piS-Cz)*)pAOM94b}O`QmG4I$#>j>xaGY=
z+>UBjv$bkWN&@TXBXiJCD=IoZZ*Va*l<79De0H7m{}$POve#VE@$e?x&E`cL-MR0p
zs!!`t#_U3-h&T0aK+8$?mK2YI34&0!qN>L1`l$q{P>(nN4c#Zp(|p0oKI1GU3f50R
z3ls*7Expe;X>X)nOUV*^)(QB*!Db;;cK^^~d-GJR%5<S@acr?&`@Hl+zx(a6n2K_&
zO7*<)mrg&z{DT5&JpB5_sz6iCSv*krER{5`9lr%n%PdQ<8&$2un9O=Re;<n0xs{VA
zTL+H)L@fc#2j~S5BRRRD#)MVFn$EUX@w{rEXe$%f4SMjn)qU9h5h3%z$u(%(s)Z(t
zo<&yc3E4+%2w0oyU<_q;IraiB5^!}11twA)bhUd?jam?60XwjN>?w}fIrW+F$F#qE
zY!$;C?nIU#?;tyGUi)Jr$1`!)N#N*19eUdK*nXk23b8mL1n_chuG9NTV-L8(CuJbx
z{Y?9{U=t0tJuZwD(&DJcKu4K4BrTKzy6kGFr0b`QAk?Mnbkg%TY557%zgP3T8rL&y
z${_GynG%d1rvg)qCz-sYF*M{$aKeO@f4%TaFJ$T1wp^&xa^gAXu%8@y+P$^^BNDeu
z0c5||p;;y`WulEy!;?>h4ylBgYi&(m8ezjK8rM6o8v+E(C|o~dP>{E%MZ4kudOgQp
z+Nz!G0JeOSt~f&ir6kUNcH-)wx>LESC|osk$Nv`l4K||=fR~~_L)bZ#cc($RqBE0Z
zlIjh+dXL|e^-fEc100wie#Rp&fx|ZXT=e&=>_KkM3^`{?=<vXg4QJ>R)|fD13B}Q>
zd%jQ^Y95$Hxo@qk-v;^05J<^^g<rm98A{bXIS>zAf1dp@B(s}719UL(S!*r;6h{sm
z)&-EzThQW{$fj5&v>h>oZ_1sF$aXSUBuv&sSP^^KSh}Dc2Gltfvh_E2gbS8``x(GE
zKY7SwwIprjTPWLm>XgqtOd>vy-I`9%C(0<aAog_dz29D9rc!7|X>f$L!*sxZYyn)1
zf8c}e0?<nX5#|@Kvb#ZR7-PvQCqPRQoZW9UZ-U&QA5H=r(xZtnGsg<x-b}7m@ASN>
z!&<seQoGqv7a<nWCM)L7-Tp@^p{=zAhhxS+0bNw_XXe~VGq;L2GcUNdvkR4)3-H)@
z2#6j-xpq4Y$`l!@*n{TN48u`j((}$L4OB!B1E;<~#1X1(68{VJ#2ZlC>AP?&{dF6B
zJdYdMy*{fG%r2_jp;i1iE9&jHoL{qe7D1u5!q0GFDtQ3J?V7kZ1s3^7-l){jBS6F!
z4s3kya#drfUZ);)q2?(BS6#jJH6|=>^4^>ZX!L8~lhbH2%0nvw@>tr@E2L5z3kjN{
ze2cerC1XfUcPHPNgUe=?<qZuGkXs?%vqXiMm%DkRwX)Ji*jZn3naLQeA?8cb!+Sgp
zTf|V^p@J0}fe4{F(`nZ&rpMC6(Jo;?8ruSH06=Ko<GNeqDkW3(!B?Moman$?XxR;=
z42RW-awtt}6-|#N0Kv%hiV(v0sO#kC+2|jo^WhX}H@-#3h3Rn7+20zNj@JtswX$Np
zo~`yAnUPhXVoL2GH#EGMR~yBe5f7eyee0`!Tl!q(ms;LaOxPy4BFfj;ujtN(4B#@p
z{-T_i$-8DOngcmD9%#yWLwiec3j1}>ZzXVGRd(}ngFzxt_dW`2SjQs>tF69)cy>*I
zo0QQ(^ya9&cY?dL7Zqc4lw^98$77!##1|Q+KQY_znYRq|^PojPIC?K>k6IgkM)zZM
zHOs}iQ^x9-sH-YIey$cv0VIp6jBh0essrS@V_BfG*;-GA!wN02ZOdU;ul0qsm_KP=
z^!+4vMC~urL?h8^Dm-K4AsL6>^Zq=Db;6McjozDn4D~Gtc1uyQp|&*FJVPVw7a6-@
zZViv@!-z#`2VyOJK@kH|YnOI5KR+s+`=JD8EYbGRP#qm#=RP`<@%|p&1KzLLd|{J?
znOAcsmCz;#yG{7{YYTLzsQ5Jyv0+1j#@{lQ)O;dB3zv?~<HUt!=}Yw6%vXd;*}Ru%
z1kapLI+7Z4jc}*fqyY)9y81&<Hv?_Icy@jpV|e<KECCH(rlIzGILG`~ij4k<I5;zD
z_pEGhWC#uR{I0<^nUzUPhDD%gHaFPK*tNr&Q|w<YV?uTo+FEHKTaJ6W&LBVGZAD!z
z1pl733vMgQmlU8`tF8U)E@v?(DvaC9q@HVtI-e1!X_-X(EU<85KKx?wSG=UqNLPk$
z-U~IS*E`a*>`6&Fg9ZRR2;**Jv;fra9Peueonca5`#mlYUU%XmdF-aJP(h?>GScj2
zjBt=r1+da3(o$~;Hgv1k+M7ck6TxzegAu$J^pOK~115eD1v2_{uInLc8b-_wzJ+A_
zwhXe5%>78>HB4A!2IZ^Bc|Pi{y%Sl(kg1L(zyt50W-%plu0Qu2e)Q?t-sNElA~QEx
znVkx#t!7hAZb}n_w(Q!nKIDjmfuL?K`)Se`j%;nrvoFmWMHeI+nFPFnv9{Gjg=nMI
z>k!&n4Qk&f-TmzUL}DxdW?tg72YiW;3aUHT399=?$F-S!@OM^Ws4(;Y*0IH}EG$^)
z#LUze(SLO;5Qm8CY|iNUFcDwf^A3|}jt?K`h_53OQsD1PusM)^X=}}5`2O*#Oi*N(
zYtUYq_~q$!RVk7&$*U@+91}vRJ@bG8{6rH^_ncDZ0TT!YV5!w9IMhC~V6AAiZ4m=4
zYY(JyfDXVo2Qk@Eht`}}{;|cU*>C+@tm1ZHEE$s+OQ^PY^3Q=ceUWP=V*4NiJEpb6
zQ#GSz26DBSrBU5akH$nLC42UWdnK7qRD;mqMEi96AkO{M%tT>ri5}DCE@4rXk|-ir
z%rk$-(Z&*Q&CTU^ju`+gJZ|;k(sHVEnIQr5Uo?#_W>KOiwjldQe+PP-)GzBSp3a55
z2f=bS+(^ww@-dX&#evA~$Gs5d0Xm3cCxSfiK(!86UxS0%AL%Q<8z+QX7{!eNEi7fr
z>mFmwU-WskP=J(*SKc+h2j(=}TD-xkL}RXd)W$?2;r<x8hl~PcRmq!?S;8XwL*<QN
zPbIwkF(Bz%msT!-S4WZiGllNh5S=^LJeNHI;X?_Yk1HSMYB3>|BNnZz=(aGpU`|%k
z+Ha#**{_>jO(ha})a)(%=VN$KJ-T#T)V8XKa+AlS{bx;SN?opu&{qU%xHa9eC#c5_
znb+dFG7#r%7IGCkIO9%zAAKmc`XN`;dfMC!ipQC({HrUje#bozcQYpyjVFw82tmo{
zAN2us(N!%coh|4|lT#XFjM*Q!*t5kx|6Q%ZiW?j}Sv`1!f<+gd5{<BJ!HsF39t&BA
zuXo5;qIF=vwC)<L{vE;=dj=CjN+&4|3!l240+C(W2m_{aE5I}RU<8%ey0{ppBG4KH
zBzixF#-8;=+zO!J55D4C%S}=tlanznkGaSrF3DDJ#73npq<-AxT~Zt@IBfRe<%b7;
z;3@mT8xcZKY-f0u^UY6m#Uopsm{2QYOk#W+zWA!Wy}G3q`tM(_oQWaaw@&u>L#$l4
z4N0Xx<3bsSFoBwZd%8R?UIz-yb9!B>{~4X^cW0mdu^}#`5;!?E6RFL3W5D^&>z9!y
zbnd<0R@WJWb~Z$n7%p)XL%Id#K7%_&2TWth<G+DBPOiyqn2;?CgHwvR52$0!U(CHZ
z3<rMOrOkX~$VT)D`h}c^DZjpd22Abin<ic==ve}qN#(&v`>E$f#jYJ~k{OuXk#pT&
zMNNnc#nRjT)zd0IOwu>(mKznGhz2hSA!Pkz8qocS%3ozNGhU4vlr>AgRihJc^@>a~
zfi^mY3nFw}g~xC_R$ue;_)$USFcKOiV9Y<<Q}U$w1iMpLwD>Rp!7EA2vf7!|Wyj{N
z7P^)MNxcpxt|k?LMJ`0j&Z5DV4(+EuHP=-$e!Aif_@+SiQk|JQM>I>f%g}}l6l-Mu
zb(QaDvg~9%_u3|0NLCAKD5a(jwpHI7)@i<aX3G*Gsy1}AFqSQU#sUlf?)&+L#yQGO
z$mqPRUp&DRE9SUt`O^qm34qzbP_ZXuK8B^}ZnGo}xsPjUa3%%wXwt69SZ2=NnOBM*
zBp`cPiw5CM&K_{ThLQtNTaV<x99}os!*-Z_C*!55?CO(F{*zK*z2Y9OYmO6XfE=so
z-o-ji$q6wfT1`mX4E-x`XY=YotcT>?us<enXDm2>`pt_^RrKqlhDEb2pTRtnD2o_y
zb_~ykiHJDq*w9}*C8LiZl?h!AX#;1RMGzO7M`&G4JY*gIcuhAJ%4UlX#GfusGX*CH
zoNg%(*y5hA9x%>DFw4ISkj28ootMRZ@{GP9oIa_CtqoB-Dc`nl^e{5VM|A&Yf&YEr
z{*BwW1^(z5f1jNmP+ZRp=%7J{J3Do6?Zw5u%+2fZfa|cXg{CrcOnCTOVQQowX4kc7
zQ>w287m)<1!xICP6PYigZkan1{69}dwcL=i^pd)2bqg1gQ!yBOxg+UlI?6Syr-%|j
zboLphs&XX6O@8{T+Ej&D?Lu-<%K`fr;S3KS@zZ|k>2#01%ywUpLtBHM5S?0=sD!tx
z%dEw_4#`Lfb2Hf1f=`q07b4g(Rq2)QM*n%3i5j?N<`PIKzw1SjS3FsG(Sv<TdBXij
z!q3_4g>CC#M4f<5gp<c!^q5Q?JrHi|yL<_e;D5t&U*IVcO>7~j;zUk&-xMFC&j*u=
z=FTTu;U3i+^bzOAhc&Gyl+#@^9i%fOnvczGmB=Cyji2i8D@!!frK*dbnLSP^^JxCn
z+qR@#v+3Y{P7x#kmFc=3Fl-|0x_*b16>2IssPI(l%Qq73zOA|q563ey@>Hi8iAmK#
zjD3BmJJH*X0tXSJ{t1nOK$`{UAY(DVwgzr0Ik&Qh50j_BhQ2;Ut}BHnmYm5;vgc=q
zvixkS2=RU3r;C|$8>p5Fb}P*^B=+|8Z-JZbSVXY>3NP^DEfU&Tx=+Yu9$Q1Ka8+>r
zB=De$<!)Y88@;}dsr_+l&MUP>V}~GZaXnj``7S>(qVV9xe49vU^$TF?OpKT+(nM6?
z`XxVk%%}8MH#gga%V4iBG8<g}o<}0V!=7^<UvqLkub>uLW`Tc$?XQSq+-ozdkNC-F
zigtSC29HPTEgOzgl<Es4ycJ#c=B)z74`OBNvW)=6oadD^W&VaX5chlw!nVk?rNK~6
z@1in|#i7)Jg{7suOZ2Yh6_VTxa8U)V$;OBE-!B+pY&v)h<7=npZ=e;*%3?5+l5xKq
zwItdK$hEc4^$?xpcl2q;=a`+GRP)~j$PDl(jGh)coL02TL&pHAig!Pltu48@GR!}@
zL#E2S8_S~`5HKbQof?F{LAg92L4bmx1?oe+JYcBorYPqO&t~f3#jr)vlDc;_lP>#K
zu>IcoC3x0IGVCnCnl9%wm`9P!f0x$D1lkFz^WMxO$@N)d%Gi;1$Cuh(KYuMWtqSN2
zt6o~^3q`!W+x~F(wIWfab*_G)lVS$e%G6(60xBPBxB8asU|t52yNeU_&IgsRJ2rfq
z;j61>!_D!62iIvzd~j4<HsKT0uGLSA@XUPWIIE>jpk;n-D|=U3*|EQ`nCHfZ2isFu
zUCJRkTX{NYzdV<!P`c-6pH=GVBO|n+aS~VQzJwohD%N=hsRmFGUac3ld-0qq$BiCb
zPxvcRZO11MrcBGJOseK&hGNLT^JpQ$@!`GiZD`?Ugn$zofv`Pc-W((StDCmW1S_+4
zDeq@MJ-#~Z?c8P|yEwe?2Fj|GL2roiCRs5H5ZhP-zt2yfyVY2qx(}F~JJf!=INHc0
zFUKD4?_kEb8ZC;8SP~z6CB=<2g<DS$u~d?TelYhc<d@s2zHMllf1&p<J5%b)z*>Pb
zA8NkvQbz8=`M!O=Sse@_B!R371NHI^rL~8PI5tIri^Zi_hQH)L38jylQQ*0yHSy0b
zYzNiNh-j-b3XHiGT$Q3Ja;Ig4RA4c@-3We=xge;?zD9se#cizUN>_;;H>&iFVq7C?
z#tcM(dP>QSeM)@V$Z7TBTbm}dK2|}x@|$KEdqXzI!RW1^QB3F9iL5V(GKU#+MF3ra
zId1&bH<^Y8I*xUnH)Fj_S20rpUDsni1G`U?*2NTuIcMTE^pXekn|MRvS$o!0J(m_&
zW#Dt`E~1y>@SWUOQZK?|(<zwllx>Gg4|~6KOutcYrqL+@(a?#<jfxPTTKV;=t~CQa
z*rG>TcCmYzY^^jMs3*uq6A$d@Wa$Vm_?oT<LH5bx(@B9bci7%)t@9CeNPC7B`&8BA
zci3=cgBY<S-EEVN>N1<P+mTr}sVt^ML#TI<;fvHb1BiW*t<Ax+roFYkE>R=>$sM~%
zVvL5;M$Oc1y|2=4Tt-Wa+om6j?kmeQccs+yA35VIG#E$4?ryO;Eb$a_A0S!JsqtaM
zH%VDUu+X9He)3{91w1E94V9s2%YkH3dA9eRTpIAoR^@uqf{w2_Sm0@oBX@Bi&03vU
zelow=g{9#HFI$(L3wjJZb)Vz0q_aUF8Nuz*gO+%jgk`ye<k$hCF(_GeD>93gBjL{M
zQ=b_9d`VaGX|EW9t$sc;-_MWCbN*1C%WSPu4{#M}qw&%_prQIsS-Da>^9-AL^ymD|
zL<dnL9!4c4q+=_%j`GBQO9C-yx|CVCm*yg%E536P<bC~nJkE|>@YJAfX9cPU{G$bD
zEl#zq)eMWVEyX({?K0lbf^W~rIqd3U^e5u=8jOYyMUhiEC9{L_T^1%hy4x#t=0n#K
zLFlvyN4;X4^+v!b7JMWEadk<5e>vx98UE}LT-@iWtLB*)ACqI#pKj)GdUx>{fGmRn
zVJ@ic;r~1Nh#k1dDgMJL!9RdTa9B)UMVRPkDmJo|y686S3kq9rQNY0vJBF>g=gr{v
zeii-=j@TR#vN16(E(}}HPHW90cxlA|XVLvK*OZeUR3(7$Z{CAFoj1LG-QJ;~EV}v2
zNQ-F#-wjKBbVLOhzl(|<_>c$kCGlgqv=%4Wh~#jPLS|>9VCa5sfCilhWwrEs|G+n|
zrfuHZx5Y9BdYuO;uDSJ`<~VM*^Go`V*{--bF#ypq;6~(-D$`}@juBZDK^h3Y1!h%|
z_96xBi{(ny&A$~PN%BEr!H5N&H?NUIcgSnwTTkeH%pbn}KVMp30r^b+^DG6m=tUCn
z{~^)$3<Zrw2q1a(k^jH(x^&}!rXIrCM#xV0mnh#(4|;#@)U3^@bEH=BUxB93`-6??
z3mYPL+0oPDKT|fc<bVTwSPnE8N!<UJ++Pm>scQMp7iwZyz4RacetP6RHV*7Vm+rF1
z&;-F>dVZuD4zBz^D|#%hPKjedP=o$RQ%?`{zm*kSw$AaaCw~1WXXj%Kc!uQN<v87(
z&Vx?|>3=5_vk~3IbJz0PI}-ViD5K2qg>1>Jl&Uhbidfq8!LI+RiZijUVQ1Jb#$fYi
zFED-6<{#0^-@$lwKYf~epY2W5hHT4U?*MaQpz=Hc_a{xrxA;f7pO9au!+Bmq@BRKL
zwC%yT*a-t&Ea-ppWPp_YzkCe*(L3^L{x8_|Uxx>O8;3j!{Cl1MudfAUeaK}0KY2tz
zb`iHJBt?VX^|BlLgwefg<pXsionJ*V`>b2`O~y{;)g%q%q3WnPYbGZ}j}z%YHYgmn
zwXPWperWwQ)75n{`?USR@@UCWT{};BAI%!iS2Bp(nw=+FAV!|_81GHyx85iCTD{>W
ztJm!h{>s}anaBGIEyET$h)*R&i2{7KVP~0x88i6zH)<~C>ifoi>W$8Kz&peEmH|<T
z&mUOG@j|7b_ZrapK%Z|4DxkwBpfczO*{}Dd6u^glamiI@LgiF$Ni^Vm8CFuNGJg<o
zfOtIe-WZ<geQ-6)=^2{xAZWdM{9QXuEYk#$LLJw00#)Fq5jv)5m}=EGn}wlhI0nWs
z{i!9F1me#O?0CX?Tw>np)1iR<q$uD{D9{c2Cz8lpz(hl=97dN#T87d{G-@QkgL!&C
zjx?wuFntIGwJqX3*uOYY)7DSd<f16?UYDoNdH+{(2H=A%G&_i0qUq(GU+ODQ71SF?
zG~4I5juNlX_9Z14W7#<5ZUz8oKkhWClXn&?)7vHAb~m5|SEAeEjh-(`dpgrMZlo@t
zEWY1z;t<zWGs6P$@1@*RIzIhJGYmj~QsC-0C~1K2<#6Y<m}tN`E}sdG^kYK(^uX2I
zsp2C#99a01`1$ZqMu{bn*J;cHUnNoiI;gFaIkO58Y?m5RxqnLPx<(rFQheLjn5#p=
zM;|a?SR9fP4A=Cq=R?%5BS3dGAcKicGP+No^WAZ6lymhG(U)A@Qk`4iG|bo7Ir9Iu
z)&B)hZ#kwz++d=TFE8*tju+C`O^_^(Ih@Oy{jLh$c-2a&aTKKc_^Xx(f}g0Tlh2Ib
z_VnGeDVihmt3C~n6nDKtGOfkt{P-Pmh*3Ya936A`P<JD&a5=GfO!RzmqL>>K>hOem
z;KEzT(zk`V<QjJ{G-Syj>)p?>?q|TG1wMbitsR`5kRPthjJ#Ui8SuokW_EGzj{_XZ
zm<*4EyEz=KCrZ^E$MZmQ_FrzkT)Xg})-@)$tL&?*JTW1T;1ref97>dfMNvNTT_LM3
zx^OHzfvY>Kn;_nOPyS}DsB2wkJPXbme0P%dU0{lnf#85TT<Pnmavy9PD?n^7#*Xif
z<?QU;tAOW^%8Bh~qw5`8!PALl)@I6Mof%r|@B^_cu#_Iva&D#l>g;pSGRdcLpIe|a
zIgQz=&Ck@wC8hLj)fm+Otxe=c?}ga+!l@9C6PD$>w?05#trGE5-mxzm#}+IR&MYex
z9lV{fB|AgrnCO8j>JBnnku!TI`jl&f2={f8d5r*sLx$v_5Q&i+mZt5qcB)Yh;J8d?
zxTPb4`m;^KXMKI`oY}JT6Hr^)adosfCkoYjP^a_Z@3Oo)wwU4340F*MZ}#iQUvf}l
z?&kA51`XkXUZZU0!t>a35ySjHdsB<|AMam~C597gyZ$!O{^I#T-bCQ=oP}YKKcdkx
ziqBVj-^_xs<brGCEoX;q4jszjH(KGSr?*a3#o|uVG3CLVR@IYL%+d=XzK<a0RfRwz
z@`cH@!*Hu?RJefCZW119LXvN1>_q=GM<Q`7%C@;ocET*iP+FDHpTYWp1p}^v2LH~S
zb!9?eSIk{&L86nQ*;EC=u}G=2{JxEO*zmiFI^gED<1=16H_L7pEU0PHJjdeAZ?mBO
za}7O|jjs0MV7@hS>~j!pd*;i;IdQn6HwF$i9Q|9dpPRsAToElcJKY<=BI-eyfTln;
z9iaZ*Hht%{1lk38yPJ}-m(C1lE}<ua0|-}TU%Ej12or(AvS#}V$O3K5yB0he1_r-}
zgRuH-R$X4lXk(_B^GPn7b&5L9p!-AH{g36<+<!qe+GZQ}yPDqj0-H!bmKK-X!deqI
zT%bh`g-Uk8(z8OiK!vim4h!|2m6lXiDiu9sVpAR)@4&Q+HEl7k`5u=!U|0y!7rsOR
zbc!xc)giEcJLuFJ;FE>5`C7ivV#C7FHEVrZi3hqX2%25#=t~@K(HdLijiXsyRFS2+
zOeTkHIQ;VYVP+Edsa*{>Q4^D}kT!|J`Z&JO`yrI%pE>aZ4h+zxTkt$HNM}cK+yvr=
za$wj=$+%uo00666L_?oKO=(>zzY(BV2@mjf3SHMV8yELxP!CvSj`BR36cyuj3g#4^
z+*-}l3)h<R0QGbt(luv2p0)#CZ7hB7YTga(PcU&+%VR4g^phS8s*?mHEer+L4N85u
zegUR=*O_s{ye$Tr>4>}=lZtkmu#x5<g2hisVB4k@Ey8Vwsa$E&qU<kOkMf4CHB3>5
zWuUQQZ4h?C@C#v7TkAS>w&Gc(7c<{A_5*XC;tiTU>aM{O{g@o%32>q|GiAg>|A-2~
z7gsWYP)m@&vU$Fd9lpO~gJZ3EV4r0%`ERvy3Rw0WE}YW4qQc}rZbx63eg`{L2<fPA
zxx41X%z4E(GB`K!47Iwv{yT?;g6^E4+k*=))}Q-|0Kqtc=xIsG6=KgE&U?=ZDMKYb
zDzAN*A$WpE8o!xgvMZr(og+O-AovBN>=8P=6r`Q&;RNH5WvEPPl2`|hbuFypjJJ;u
zwY7hk2~9w^ePq(ICRTw91RpwoRO#~O!aJ>{aeI{ei3lcAHh$7hx=Ui#t)<HmYtD6p
zgd{ozG3F07s%k$6DaBuC&f}RVcIxVu<E<ZB62IMR`e<VPZQwjmdoZvkP^h(C7-b7&
z@XHzv#*8xuCoCkb+NSQ?NMBk){Sx*?-&Oo$E@u=e4>ms3K_aHqr#@<H+VoZEPrCZ{
zgvAL8S_5A#vy5#Qo#!>!e+MOb5P~_N?rU_Zr>PMhti6%^vHNAj9I5^B!4Fj_0a5dc
z(u^<E_|A)i#IMeU<hzZFeFnU7<CC{k+NQyB0WBC1!q{uP<<uha5`_UKMfXe)QZDxQ
zKYE@5!7r#t%)3N?+Tui3Rp~`LL&tR5;*3RHNMBM`zJLSWabG$c&~@%=VWw2Do-b%7
z!o=3Ogwf%bfNj(uB!G*o%yb2&RUawvQjT>@NMyg?ZfR>okJA9<*K;O)47ijE85Fiv
z%61-+g)m$BlFf7goy!6&JZo6RkF-2YMG1#a9$Ar$=Nbrl>sx2o`DIa1GV^`WYU&;!
z-Lp;lg!2`-itagL+NRekZ-I31VAYBOIXRH^h#n_BqB&Ls$&i{$z_<SAu{Eq>W%i2p
zae)ZwjI{EBu4@@gpnIH8K41T!NpnY8aSBf%Gl4p^-gH=B!D2)6?<LbkLiqv)WHv$a
z6vQdWE%L1>96&K4W9;OG3pv%=6;V3!eGU{9dD~=p521M2Jof<_y7)Z((YC0%-}U+Y
zu<a>i_dz%i@SGSHIYSYLIZ<=9zfBb&N&9|pb5|eclWSJ|EnU+Ig{v31^C=^sE+?8m
z675q;&gV=8b}vxo{f@o0vTS%pTPQD73w8$O5GV6mKk!zlc~K$b>Q?m*pz&TXSmlaa
zl4UxM<$~nTP?&z8gxInYP^M=})0TWjaYuy!(jiZy1wGU?{ls})3CTz|f!DpHifMv(
z!&4mh1H1h%c~XK9FZBlUFd(*2$UQw!F9#PUpSdM>+ybXVfzKru@$2PdB16K8ZCjO)
zOJ{(Y*ws@=<|BN06(L7Tokb4L@1Hj=8Szo~j)e$&m<U9$Yx__eQD9fu@=ym0Y%De;
z6hJRh#o!|>C7UrODX^|OyMI{?A@k}-e1d|K{a{?^v&s^qd-J11KT>TflxV)l-1cKb
zQpXPj0xWd$1sEix=xQ&0tb;;6$LJiju0BXw7V)Vss42TA_UK%Qk003pY<ICmc5=nC
z{Nm`I1t2%@-Pga3?b!v?!7)KxnbhlcAZDa5@3-crgTD+6BYhrj4lMZbx))Xu+cG&U
zhbSm`0`K3x(ZF~JaICJ?JyHqzJxySpc&XlwEwhFgYN)(e%{N|7EyJUD$}IMh>mZ}8
z^i;1~w_?4GspH+NQqC$p0pKC7ZPR_zeH4#7-d>z0Pm(nxT&Xw&QH)a@zes3nS-y8B
zdWDg-Z?8hg2TQFA-&3qdMBQw^dcmaJxdM$nutxGEk!dgTZ5+0l9E3VnkCXut7M+=U
zKQ4QHGW6OtJ`lE?In=p40I_uspOqi<!RMaE&wlc5l=#gZaVLi){xKqghu#@U-yVlp
zU_=nuEh|Psv-=%oHIA*h81{HzesixqCalMm_Yy(W{l>W&z!4$)m-ao)fE*%GYfbRT
z=B;CR-NIDeoUh-OU|`F|8s=2gH%zzP$Zq?Wf|sghVix3J$AQw0d1&_5sjq758~}zc
z@OYDLt19Raz68l*?D1tg>5|=fd(W};^SSctCop%WK4H<G+~uj45IQoU#6w)T(<Q1t
zX8sb{qH|J%<4GeoWHjj7Pp2u3=IS&ZVo~$mRm@-UCN*aTNmPntVZ?>YJb@7lV%YP$
zn|P!&k@1Z*IA(A?f-MTn`EXg-Q8|A3?lXM&QX=QK+wWPiwe$(t_?Di)^<0Q9Hx-QY
z1_Q1!FXQ@a$Pvf3E^*_|czJP!7RWnrCu2v|m9iAsfUO>&EjV_-5@y=;h#5ceGpq3d
zflM)LYi$e4k<#VLbZ@PLa_5VuMuwcJag00c?q~@EM;ttEjVn_wHwW+iJ}>3qz`y(+
z#ccKd$VRq!V(gfjRYZh&)oL4BHk+8Zx$n?|-{#Q*4l#O?v8I7^O^7t5MVcIQ(~ck1
z!P#$sJ=?vvVs|VNS;;yYSnlis5dVl)Kfe)IVaF1VX+9WDgB$PxO6Xp`Q{`uqsk1ZG
zMG}!tatFF9Ek0ahPp`JWo`6aq-s*+VBU+PgEqyO!-WrL$1LpWDPIX^5FH7<mi5i}V
zBiyy3D%yDU03LoXQ8wSd;uz70XaZ4v91vm4fVPu?O%W-XzQ&x1R|~El=hB5Iwac&_
zEAwzq!MAPp?N4ZKOddsV>5L&5N+inAbA(a1UxxyGhP}CVd$Y3_6wVlL$Qc@VDto(i
z{k=!_WV`o0-AI>I(&tj*3E}duAc)7MS9FMr(l;w#a!P#{n?>qdz^)-)5LIbUo%=GR
zM{Z+ZC^SWUlG<$Pr(E8vQH;TQk{H!(D?TBW54X9A6?Q`{w)wo2u=IrAqN!u^Q^ILe
zz_5j$&Ou06_Wj*f^0yi8tUWiwaZ^r4uchRpTa9V^7sKU3E{>avrNw}hnQdXYN*QEV
z*xL=@&M)LEkND`&@k5t9f6etX)B(J}Z(h!eLtP!X?Cj_9x?eDGx$3)rPU*yW_U|%5
z0=Gxp;y3y(nn5x60|o|Oq7XT6A2;dCP;sOqRUtMk16JbFrZ-jRY#o6bmHV@W+Fn}B
z+a|}pO0`C*mU|^Bbl!I!EzF$~Y)%Zf%(EhG6<%*hnJ=aReGQ4x_emOB6^p(TvtN4{
zttG_W-S%`ovtPY1Rkb^GQ0OP?QSC3;KB==po{Wuno8)TwNj|O%6u-~okbGO7(Zto(
z@@`x8@?`Fd=Ex}+c}ii7WGBg1p7w=fE=PIi@u%C_GQ7C@7}iifmeJlMsMAoMLSVb&
zT2Tc4+##%b>fgAB3$6yY#lJ5*&AYB5=^@T4q)87>%=LZ~$D~EpRMLQ$#_TWAoqfjL
z-%thB5|W6@SokID>^)a<9mykxv|*k-Yu|?;-q@G3t*tow1I6YOMA7zAx}Bz4&#Wpp
zI_7LE*8)%V-T-ql-q4?DATC1cnoDY)JdLx=J>tk3G&P_e@?gt|f1I8-ci%6|wN<h!
zv@*l(yHF69g`(Ge;oOvQyH(fZ#Zy&mi>SiYT2k*Q$Lk=wdtoApRFv{q`yiXW-ripE
z3FAcMs40!Znk?5Z;+ghzJ&~-$+@%4eYs0v0os$-@#@2QJ^HsyoNS~}B2;=UB^kf^0
zggBV6W6wgH=JAD<Y?;FgaK(uDD*0E!{bi_ok%;Cy!?C6OiwfAJVLEoNaBOo1t4*?c
zX5n(Zu1~ArhR{;A?u!4!taBU{TMk`OrYBI0Q*+5=Wg)V_!mPbPI<&54j5yWW)=kib
z5?ogXJLHLb@p0R?V$$VHOI79O*=)uE5KC@U{TtC+>#vrWUL=V@A}f0Y1!0Kr@)JeY
z%A=Q~f<DPRF+m0eq-|sfX(iWRgb04lQMn_*EsQx*KdMsh*IUt96in^K!xwq1J0l*5
zKGp|b7Zc-hN%6%Q^NN|wh*X`udSN<K#Na2eB>jsesbbOT8WD$_J<oXj7jAZ676I-6
z%5URYza`SMkw}*AYdQkBhR&y1y&`B9?V*o5Wf5HM&KiVu8y1*lqtn(A&2;4Ym~O_K
zhq_l*wq<nw{aNLS0i%DJd)(AYK6H=vu0FB(A&W1#Yg}>Ly`Ji>7iKi(;AdWz-9SvW
zTG9IQCX=CWeun;)%AwOWE{@7xY5G;BxWVI*jHO{6w+j-EM5DmX%w83ctKKHj$e0JL
zYFTP$yQw`=QsVw3zuj8aXwJawx0b(&4-%pif>`SjWpG<DcazZ^H|6=sN^L|;Hu$#{
z<GAoJO57i~%)fd7RgeMZr^t6s59x3Q0!F{?%le3#-Z}tWR6^q3BU2;8m4T_Z@<U~*
z?W+X$FE1QL>WtoNMXYCB{qY@Ze23_!@_*bgWbgI=7W?xb6wzN0QujaDp#Kjjp#Nk?
zR{mcgq=!N1eLp2Kr1K%z@h?8<H`2|;Lwo$6W6R6anrlGw_3OX&-3}m~ups~bPXyGT
z?av<s67u7JJpKpk^nb#h{x8}8?*LN&WcoiV`nUT3fra`X4f?Hp<8Fucl0aG&nz-{Z
z%S+$;K_DTii*&A_jrz^ZM)04^{~NXWpSJ!H`acl?560pK_$VmOr}U6a7bFLIg?+eN
z+?qZL%4g~cp`HaZB=9TQ8)}GjU|EQSY0<;?%AP`Ip?*W6vZq}*C@6F_G2dE5ap4Wf
z$N<gd86BVkvUK6$y=Q*{kl3bw;9vi#@~^7?wD3O>|C?}sBL0)|KM^P`4wjo#lwQGp
RNGVZJ-peSzt&jo*{VyECz<2-v

diff --git a/docs/images/headscale-sealos-url.png b/docs/images/headscale-sealos-url.png
deleted file mode 100644
index 66233698b73cffd0458a40c1c66a98656fb97e34..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 36024
zcmc$_cT|+kvNt-4h)NQXoD>k0tR%@QAd(dcLuSZ14|xD3XOJXWCBpzSz>xEhqog5&
zf`Bk&7{ZXg!S~&JpMCE6?m6qOv)1Jg=%%}?tE#K3pZ-;K*jp7j;ybi=00027{2LiH
z0Duq(0N_2pg@^l(o|{?_?#~U2m&z{z0C)`H83-R&zviMQ_X<!tNWX?F`@dCEm)$?W
z=$P7{2)tTdKE1rW{IRmTy|a6Kj6FR)J2*VXV$aa)r)w)`M@QK0ZS3#W)76#JwdK=|
z)wAv0{q%1Ihlkh?&XYnV+xwWK{R8X)2D`I^-P^-%Y@DvIoo;WRZf=~SSI>0K9Cr6H
z+uJ*vTRV@Qa0f*u93CF;?_<0JBAmSfN-JuLVF)8@7u3{jQ}x=?@@mh(_tY=>wWaGL
z<5O<F!6vqD)eWsHtLyVWmf};sSiAVBRqvQPc-Xu7b+n+%3s(CUc9S!5!s9;wSXw@c
zOF8%$?i&<!SXQ<7B`+p1UEji~zPY`BXf(G7_N}1wWB8}6+~T1T)cVHO)Xe<M+z(49
zukpoQ8TfWvXKzRMKtV~le@IN$DCXkgqOq+rqGz|fx*<1nadmxTpnI#UZwOJ>Tv^i~
z_*@)bRcF$)H@JG-($Ul0-Yut~aw4Gs)HP^9cJ2R0SC#xu2$`2C+nF5O`#iKCH?Zf?
zv45PE2W=i)Eh?+8neObIARcOp1OOfY<Yiu}drWW44ye-V;<bQOUnRKpY0o0y*Pfuh
zyd;a_(IJlyA8Cz|v3d|iW-?O$`?9&F1@Nr{`);A>D0OwJJJLdu{=vzBX=e%zZk_*E
ze*Cqb2onMTvvKj`0KiVyXx+qkkgXWbx|A#}2vs@Iv$j0wf@^@5q4HYx1k47s^d`W6
z%}he<^q3HZ--R2Q$0?5egdju#0FGr{hUJ+Vm|12Vz3lTqm|G<P@I$hV761qo1ORT?
z004J!-TYxU0RRv&0Pv572heMP7eKtf8@T_icGXSipKbpbg!s=SZrS`tf>$&Bi{Rgb
zuBQICnf@bB51>K+fy2ML5&q5ZzXti%!g$8=9yiSTt{OMg93>N`rPWHg-<pZ?*<22p
z*AU5q48CIL-J>$ljJe>=8a#9fZjvyxIyJ@vl(9jnn(pTxmpg7>Up*P?!fs_3S+WE!
zdHYS>`H5W%`IbH;Y(Ma3?<7i&Yl7(EWw)|8=r@DhZk@Z{^!U2W=Pa!>QZ6vVP$s-&
z-L6(iq;uT?(rZ0#-MmA^u61hCJEi8}W+o1H)(kK4+8;QG-cm32TkxUfX?_&7)w{C<
zri_8WulZ|{qqI5-OSkmD-0uvJsht+*hT25E_EJ9M3Jl0+3SYXr!pkOIU(Fj++vFp_
zL|ZL%x$`~0o>A|MLl-dRxjB3v3iI{$^gJle{p8X2&irX--@<XES@RKUM2Z0TS<lX<
zH$P9<yAnBtb)5Y<29fxzCvEmzKz^b0mGkq}G-5zQ63l?RRML6nIdrwmtLah4-FYSn
zUg(fC@Qq=H_-b&30WhRz+D7~tlwWS(aC1QF`9Y70@soXH(79G*bAxn_h$92tT7+;)
zzwwE%ed%+Za3qXJpi9ANE&oH}XZmQj=ep~Hhg<!!xn%Ks3E<8e0TOf~bunVLen~TO
z?G$rfJ%}^xi$)OSt}r7R>J+JEvHx>_I~Y@Ofb<d*%S@l~wFNf!ulQM6-OclR3=P>v
zCLBP5-T1>wqFCpfY;t4UmoH)lF#`ia5%N$Ux=qJNBsWc;)glklnJdaGeJV!Opk<M5
zqG|1kuDK;ZriRB|zds2Ac68dj3O(MN1@U$qkM^G;MJs5ln3^Q9Qg_gfl9^{@7ZM-|
zx}|<U0ceadbjWNg7-MFOSy(cU6c$EmEopeuqcSF`eQ#+R`^=m=k(oRzT{gG9-wA@y
z$5&?~@(2;6OJQX~fE|Uly6?5Mb2aa|C~e#=E|{TOuO=B93hbILVf$-F>Qi!2XNRc#
z+#v5ZuP4ovZ4*Aeo;%cw^-7mNk@hRj`>qxh!n-T58Uy+T^|u9Ec4cJ<bDV0dk3}=N
z4)b1vAbY##A)}335A6A;=7pv)L;1QVprF<L0o}CivP<+@$Wa<n5t?z<rDO)SXcngz
z{S2R3_&Pq!*l?n$x3GR*nlv<|BqEv!`lUjMcB`(Bn<}WH&0Tpe&MR7y<0>Ldg0`)g
zx7N#b*PN)+dYV)>*BU;Ju;$dpUTl4UmAaj7cfYF^6LxW&J4Q+EEwBFsL41f$es`&j
z6m8)M=1Bck0XEC?0xhg}S7v{(vQ?xw0VkGz`<^XP6Ru6YusM+Lezg0Xp9Jk}=8CPL
zkKf?y6Kk3Vv~b==_jGPu2E-nJF9?GfkbvHTERZ2IA&{dZFVWifnT)8c5F{@_*laV>
zh_~I90lgeC+8Qx>&>8URDMKA*O9eQwf_zM31G+H1kII(Nrjyy$yR|AWYT~kkKL1{e
zIN8NYds)2VY>=8F4Hyk-{eBS{wb|;wdC<E)>-Zsurmb?xhr(}`4mCw>L$HSQ&ixt1
zRljCx0-{DyDUy>OMP(j{siH+RF2KP2BeMjP{=}QeA?!rlDUaN{^whoX-~B(fYspco
z$T#*A9NF<7YG3<xKZlZbCV%y7M;@5|G&*~0Bkaa641$>GEhX+^>;e9lK0pVe3ny^1
ziC72kYKO6lz=<PpVwB5Zp44!?-lEZnp;FUR@;(|dH>l~wbT9<cmo&KZ^T)A=6Ek!|
zQXolHq4Ci~Rhe~P$iod{=dJfZDJXq%Rh!OFH{d1a2`jR2eCLTU5qiaUvc8Cc75x*f
zM~mt>*Ua^)6*^mG3DC)$^bul0E%n+T*?cyXM|yeNtnN6Q?Xp3u-48{VmtH#zO|Ov*
zTq5Ud&+<xSoIc0BZtY3ZHdTI+djs}>+5dg(x0glgjM1Lz%z7e4Z$HMS%3fS{WC-81
zRbooZYgVmW15=xKvc^d=Wr(cW5Bt@zAHj_`sk2n>qJ?zpJ5J(nUsC#1*}AR|Ev>70
zS=X2@nXf{d$tWa$pM-lKSt9DxKAo>Cr_pWw$PdHhJ>&H7$z-zqO|hb3_bcOty;1i)
z^z3FhnC&_Jaezi!C@|SaC?V!{1rp9rsn-#Pp!$uBsASo`e|0$jkO;-ZmzJ%D`(wx(
zCz4g!L&1lsdM+ItZaoBYG+QrZ;<S}JB2EMQtrVgW6gGSMX<o{-$*MQ0Mr;VwR8P4X
zoae(ap_K_XhNy0t2ynh^uQPjm1N~5kC@%|QRbL}fXKK&Q^L6Nb>(viqSZ4{fCN&#s
zIGbVldg-!0^mgHA_s%ek9J!jxT^m%=?o^zYAoQ8xP51l{MFzs8K7}cRYHK9}@GUg;
zzN}fAxsx6=d2!UK=52G>ZgP{4U#A7{S1-l4&t;)hA$?$VBoik}VAQ-%wgPUxbS{1b
z<#lk8gAQqO9!24=XffNY2mJXSX`q8QQC&md1FKS^XLF#h#wbSAN?xWjdWJ=B$m>cf
zLz{d0INw{eC#v}lkI?o-)l+PRgC|GV=<Mu|bfCpKdGBA>#98D37i{!d8>!(u<4Tia
z6NzTU$urWin$W~4^RY(X2c*_aDk7TD{78!EFa*yGeW`5t4Q`!c*Qu?a9a`h79pMP2
z!q{f~r)2X$xTgGgjJcGJ$j`tNFTB3rhxa<L>wLEcm~NU{_a1cz8*0#?`+s)I*m`S0
zXP(tQqSGGgSP;4rWj+L0tRDNW_U!n9omU#or^hH(UYPv2p>0fCnV6HAPEvVMhp6tz
zbGUH{`VbM?+sNI$v3dL9bR9Mj>ei8J-(AvBv+OWztY5`WYf*0f29*b?mX{R2k0yKg
znpY~;W^K5tKa33hVK8{>P8Vr?)w^HMG@+-F8BF9h`weZx$-RLV5~nAbK&j$h@M|dV
z=W+c@K4BJ3=s5Z7czpB7$>Yvr5r*<=@^)+&sKx6W6G@e^KGoE$M%GimvX>_c!W9c-
zXju&+2HiBqirW`e*Ki{3sI==iv0y(ZtI*VLHUKr<4x(aTysShAW2(&@-BrICpSL!k
zA8A5UQX5{Y%Wd&LK}o;b8tWHchl13hE_fnkiq=d~K=-gG%@7_J#qz4h3m;>t;f(fu
zTPHbeb|<M@VThC0s?V|3Hj7a}c;-_|MsgdLIIwo&wx>;d)9zTLu$M1GxjtOd#P+1%
zy9Lerj=G!<oue3^1Y?PnZJ|;1(GF4f&*A4!zdv>5L>2pMh@PE1sBT8UzJ<{L0vZZk
zKa{@o!|eF}v9t>nI4Tj-kZ}-`;OxzuC$asBU|IFVF2;p|im|GH*&!U9<6Rdep$pG*
z|HVIUm<Zg@m{i$V=zgvb<s8W?blb441A5O?CYeKl^-qj9?Gh0@Bh1t0frn#*BL`$S
z<*8I6kFgUSUisI&K69WPpmkD~md5k1p~$DYVuvf)W@o8v+pKvUZ$^`Z3)?Aoa9_0m
zz%gOR^ufp4u$xd-tGoO9TGL;+)fk`9vb^gReekPquW<N4=N&u~C73eWfenfc&ZukR
zMe)$+4Oe`4^ASa6gZR?Y6VV?f0AJb9N)uxX;M0d@d{EiQb0z0QWp1)k%cOyeFBS$h
ztHhoid4AQU2oL&oi`S^nVxm}errub>3_7gkaXwfUffy2UOO;e6M^{+3V0{$E+m$gU
z(DJG?ZIx<O!mnlDhE(KyP}*6IMPF5I^~zM;lXsQBc+qH`kY35~!{NToXk&v5zv$V@
zQ+U(wI2)RxhIu<%1KRF4<vtIYQDW(jQ89t->sj|~QuOs7npt;Xr_H^OZhI<Hp}RIw
zO}(R0R>sPGEAy5<wGur2b-^xzBZYkV)?UwNWUQ0%zn*Y(7bOd^$uvw-pk3THLKoJI
z_05o#3n8IEDcS2NPPY2Eda<Vt@Fbh^-ont92-$S_8GE%@f?w)SYco=AdnFiS2-P2Z
z-f9;;PxCfbHViBOK{pb?MihDLUF-675jNB)d3)Vwb_cn3ukL{+b~#J9`LDDsjb{lV
z3^Abyy{1@UGo@qkELAeJ|1b8Hm8Evk{2}yhPBRoUIQj;ajY*Nih=f*EyPSSF7=?8i
z5637OHecL^8_=_vu||NOPOCz4KD}Qt!82*~5RWI|V<AIRA!>jU79lqyqq+z^sfZ=U
zZXXbfJgz3dDb(Mc1%-CzLc79A9OSi*OB6##5Id#fNy!}j4N8>gxTo_=#>!0H>}Hwv
zwGE<o(P|O1vG#79C?6||w+3LdfD~4ERiEDjLCoE|1sFA)|4OY4ey?LlD%pYK&RjK=
zk$V~{c8xAXff=FgRYcA_(N{!-O-@pSGLScwpy|<s<V%bx2g@Tz;YVoWxu<luvN&)i
z#`u~aI@H-}Z#s2gG<3tZB+EQ?-O;>e%KHvX1Vz4*ypi46Kj}^2H*;kZ9!$pi9-;f|
zA+PFy5!N2%A>hO`uoThh5$n)$pH&=hskD~uTgCfm(TA6{Alz>0V63$_wX~W<$TO0`
zDMg{>MarukcbX5|`Z`PQ?On-3b$m9I0&5-{x>;zfY!<Lj`EWTfX=R3)N>wkqQIVE1
z?L&00Gu)tjm_{P&1nTt_zh0j-<KpOr2EG;lf{SGj@%0SIW(9n8Cn}hi%aLCIsx=VS
zVtCKy;qNGBV!}<CEQGN{)J^CK$zhV9F}F^h7MjXu5WiU>chZ~PumtFGo5|ZJlW3vy
zwfrg9y~(R(0vy+Oq$V{`N8g{1s1)#ffcLZPAh^%G`t=(F^Bt1?vvs<Ms>?EPl1p;1
zWaj%0ok~4cPf4oU#&9wlp6(MBb*PziJC9-WBi{J-X&zPdZ2W#(qEtwJm>_2B<oERP
zNE8*?B28zrA#`jpm$#{iKSB?>YSY>7?voKVKpgKBVGda?<h;;<nQkagz$sBh;gkBI
z#=|DNgHO(h;VUL5_pd1qPE{GtNpju3$B9xGe-6t%9*K7UWv3ClIO4-9-L-+n_nZE+
zTD->R6*BE!D(Z67`FrvS)AbW%gTvffGiZxcE>z`C?W6iI9A8JkcLUp_M+|2C#sdQe
z_~j+QkTe5Rc6npF<kfw@#C@%V)r<$IGx?n6J7%?wdj0vMpbsXQjHw!6`)xDXD4_S?
z8|vQ?h^4UDWraBpYx@DiL-wy^HgXL-+g}eJ&r^$=|8@uiKaaydpMIapj4Gb<$B@DE
zGOB9AjQHj6?!KvQ-1t@$JiU;YLlS$%HelNjYH~YbKf0okYk;uO;fa|_TAg~9;d#Hx
zoqg<+DEp1QTr8CO;*5c`Cx3GJydZ{B!W~sD%RlzAkxw{E@=;*z_@Eoo%HCaAMcz=X
zR%1o=tl(L(-f_O)MXuM+F%e$T(KqW=CEu?9nGJrC?@`yNk<XCvEQ~jOFI{h#go2NR
z8ZIb#<Es4y^itMYaKt-v1bUiPSYNH`MxXEi#ePpyn=I=Ofd{BdR>I-ZMz#yZ$69h0
zVG?x@QKvOk!B=1%0ML##H1V3~i*Mar^&Rndlu$Xo_PmJ{9_{>2{~L<&st0a7-_&mr
z<*PCdzWZ~20073s|0?~}(vAaAS}r%{6jhlOnf#rmCbMsIp536n_<<j$WO_f6tGzw&
z9er6?az9r;(Q@91&t*rUuJ9c3dXM*_Se$rs$JY;(;=}ic62|BL!d!4L$ZZ_9@fY6m
z2bTG}c!in#h1L9lPyR0c!D;?LC;!!ONkib}*}W@goHd)A<tGO9+mpssT9}Vdl98z=
z*0?fPAg`YY^yD_KX!P_7hWQKr!GS?n5DboiD<J5<nBedBf8&b$YWRP}KN}7<!g2kl
z{SUhI2W!I3q<kfmKkQHYzloB11tR_3{s*A?htQa=An=l#Gh(m#!h!q98-zA>ZW7;j
zJ!(2!Pe#%5lM;&(`@RSKXeR2^W}mn`PfXi=9?s!n$OyQFZctDSBNINKV<$6f52&iI
zFKNonu2OShuI2IV(zG?qZHj}~XPX%6s6Hdr=g2)r8E{!w&@*lo5V(sam7V1QfcKYy
ziO<|ka5qBlM*(n}Dh=wPvLbULR0u)sdD6N9c&<7L8!suMxjx}K0m(fah)SA-JlEUB
z!+!y6CPxjig@OfzvbXcn5L<8BqWWV#`I3yunCDB{n{~M(?lmG<oD))<40yt(*U&o(
zDiaMcd#cvsXAh+>cbKLWq})l4HLk%P_XC~}3|G<ENo{0&YOO&DBagc6njXJ%bJdz+
zZi2@@sJ_ruw9Ow9dejj4p2G8~FpC|*E;{B+>l%RTH86RAT8t-chA>W=2?Z9*9e(yf
z;(`hU`E?ksiBRW!SIO=y0x4y|PAj{-sgq$%8n}y^*|X%I?rI$A(L2ty-7CIs^r5XT
zetyl*6d2N4QzC1_gd$kHxB=vpH%Iy8n0AGL7j@)?=}^wk?7&Q@)(k%aoIMy4qvIx9
z5R7Mz>&R)0<JvjQfO47AZzE!Ma;B~zv7cR`Z;oS1b%DEy7^GjVYTsLW`JzU(X+>K-
zWq|?^L5}*=Pp8*M5Dcb{)Mfj{2`5DhuGQz;KZ~cMayw*ULSdA!^)N<Oci&$~Yz+Nh
z>ZU*yi|PlGZPw(dAnQ1bcI|;N%W3rz#4Ik#JqCNTVW=J%1?qhF#L7>wtv<E;5U|bl
z>WYdnr*fsc0LlkY6K%qoE_1QSa0|IQuMG=EUnWMm8237dEqx3ayhG1MV<76}=lW@5
zq(*#XQ>S^G1ybmDEbhl=U+i>0(FZ7nI(MAy4s=yb>v9G`Vl!YuAcp)=7P{V9IA~7X
z_5C=-JH<1ZYj;r&fncp);tU2ux>GQoh>Z8X?9l2qjy3CNCGUC%9db(O**doS=jDN<
zn{CKw@tIjv;@V(-&naHZ^+1gFy-_pnQ&9a@vXB%uVUDKGdsEJRN%MQ{(mQAftS^2_
zl0TqO%Gk`$ZAFZzlb!t?Eh@~78eGCDHoek@eIf?3n=kT9h+I?_X>ggz2Ys2?i^zHm
zXv0Rq7$em8Vsb!`#XRo$+i1SQRMN=(Uwt7R5S^Y+68k6R3Bed3sy}&ZbGue#y`S!S
zOFk)jW^%$wAg*RP;P{>T{+D_-d$RP}>_L=+!na?Ax+3rGi6AIv*Jj@fR_mc{=Ei+{
zZXH57%ER2FUL$%o{&Encn4f@MbP6^<pbVUWHL2bN?MJO5y=>|fZs2yV2#>{z#0aeP
zGEETGE4&~4=6Q-7FV}k7bSM(2H(d249%kQe4KuMYe0}m{eV<gkh5&G}4Qk|ex8Hx$
zDG4Q&@jY!q@tDndN+)%c8A-Zr&c=Ck<lAnz?^<v}4hgH06Qsn=295M?p%>1jx$8Xo
zK|)Yf7jl#kG#+Vk*k7GYie5Tv!nq(Sq6)bP3#3=|7O9S>7*wk*@TlaChpBm6t<z&r
zZiv(?w%cgS>g+|uQv%gSvJ%pzks!aCw3F;d03R&O;GO*<NJ||Vf=N-2r!JjJ0LR}h
zp61>6fVmH3gqTj+<<wIz%&J)M<GG7c*C(e2BlPvZRk4+YVC+{|AIJmCdI~T3YPbS1
zkLlI%0D+h@2Wz{*NJRY$C1>WbYNVI&4e%pK(W>gSFh;sEOUEj#ZZH_36@9LQ_7zMo
z7;5Od)64~+WP@gZK&zb^GNGi0W1`bS?Sq#Y;8}@H<@L5X`S*qoJ$B5!?APEk>lQpD
zZ>b}ZijP40HV8Ip4e<yoHmF#Tyd@n<Fqh--tt$ejucw?CoG*6>#zb^?Dgo;WpGwY!
z(1cgFVcFF8&^A!-Z}y+Q&NCFezl9d8zszJfG`Y-xDh(;)0|@V;*uT-eL-H)_fX?l_
z%#zBi1cl2%jmgpR_CL~tF`qJi894tG^W&@1+_!;leu!PtYQyI6fi~NwBbTxr-+k}_
zUK-~z;_P(*))coWYdxnHJASZr==#7e3<u}WR=SB0U4UjwS7JWV<R+hqk_(nASsCih
zsw_yk`K{8=tkJuh7X)lH5MHfJw413E?aZSwNvPP~dH?BnhLp*9`o*$}1v`Spd+#!j
zM!DL2o}D4`TyeQ=I&c@o32M|x?{@<=TCl6nDxh(Y-4M^qYk)RUsdcGGY00^u1QCy6
z8%3|!{*LtVp&r)5Ji~aZl48Ar7+J(<``{auo{7-8m(TFTdSf7;s(~iNM({Q-=7sD}
z68NE{=yzMx+g&33sO4XKI%d0luu+(#aGLI@qV)ht=Q~l8Mge-EGrYzPv)&32L^mCF
z2(s%vJF7mmF_VPyMkt=+&eK6L%9Ew)%tSgAA*eCu(>|xhVhXwMq>01X@5_6^tDu^D
z*}`O)SX)El2IaWcFBFfE=kP}DitV#;CaBBM0_`;}O<<ZzW=-5c2qyD!^N-D=Da;uS
z`uAg^_L-mU55-cbd^EiVF;?-dlg(q@3xN^ynxi&j_uJ|W(_ti_xrCCYwDs-~%!B?f
zxHJ453)^0*E`bbFwoM<D)@aA*JkcMIi_<G@@v)y3oK=(bb{n5Qn#`oe==GScaF%mk
zJ7RUqA|*X6COP-%drCEc4+DbiIt7=fQ6b=LR(NCQaqc8yWFG~TBX{aUmnMi6iP51X
zhFyl(7*t6u^^|$7N@slAkeNlIk$qD*<474jJb}%>T`X(<Op4BU^#u<A(mx>eJ~|zd
zp(k+EBNO|`rSm<WnRYREU{6ljR{qI&w$aO}3LgQ=+3clPQ_Tx=o9UzV6m3=0K8@uP
zPSr;3UBZUVr}O#GiQ+q79!?hBK|`V0IdQ&H*2!fTK282{uU+??cp<=UITxYenCy#d
zEQLAGpj3+mQggzKmY0f7W9Zhzfe(NRMpPHbFRrfUWxtM)<3cX!X=^A2+BW?46n`eZ
zR+|?)5puhgDcFe*2sf|`1f5Aj5;ufaJM^0FqX=^G(ag{aUFj8!uLv~zr<l<7TWF3h
z_LCBq?D(KB&!7QJ@)zeF<{cdatzREXEp2E=A$*}05i=zb65~#0KtC>(NyV&GgNDzB
zb@!4Td;ol-AO-<!{xk)MVMBcA=8ADsrXHe86mjw_qrWG_==T#y#JI)0KGD+G_b;2w
zFO?E1c~|xvfx>-+s8!G$hue|<9duHZmp|;n21w9aGB<E8h1%%cT0!*|WYMlR>*+Z(
zPfA@<_hZ|@3mF-UF2Z)JIoE|-(n>hxGLp<Uuqf;CAYKB_d)dLeu<=794?{m5!`;Kh
ziY)+cXBaG}6?Lut+H-;ch^#`ErJ?N4A{907iM<4XB!0pSVwR$wHqGjow$d5}8Zs@u
zI~QL8=^a+=Nyp;`LtT8K#jNZ<g)iR&iey1G?%o{88v3oC&|GKS=+~Pomsn%K{&JuB
zzTv<SK|S}j)B`9x<3Hn(SAoXBe-CM1)m{MqJp%dvto@gRRC%Gv*QoJWD2<9(G=X@y
zSm=rX?%TLU^DZt#>JOv*=d@P=*Q?rpj-CE{B=vtj=zmE2zv=dWll;Gw^?#_6|53Mp
zg{1#CSn!`BL7M?OTSD<auZL2ga2F4M5n|jr!zd6|VxMtWm_NAyGPt|Re-1rg1)~2`
z$ot;|;8(T(;h_JWZdVccyQqIe>;DSlU)4bWAyn_Ljrq|t;#@Yd$@omMYQOm;Ymx9y
z4DNoXG_kZi|I=!9;~}4+3Qjhqp~kJ@F9k!-GE`PWX<S4{Z0su^;f!o__W%aWlSI?o
zxqB-jP7%|iw0y#vR|Mwg?DH4KW*Sd1Vi>Oy%`%Ia=BfJAth_;d|0VBNbhR&EZhuK*
z)|;pqyZ?dt`bP!OX!{L;Z(qnW#vfW&rJV+RfS*h(?2n+@FyHo=bI*OOH$({D6w;?T
zFl9<Am-=h&sIs5{j=x8WqQ7B7_}Nu6$C$pS;wGjqy{PrL**&e-CI2N6cVT|6E<v|T
z6gz_Ii6${4<}Q%~;<fx-ON}8Yo)|jYLDGEbpn>1?mv$+=Z-LR2lj}<Pb-l8jAEzi1
zdGTt|9_ud*pYL1;gs{{n_1Tr$5dYEWVfKA9O!|nwkTY&oTUuwP`<GY1H~;L&Q|EE6
zyL=Ql6KVNCq?L7ZIudr%KLB(7T3oN>=^x)P8G{+n+p-=qBK_`m#c%r7iN~5X<l2?>
zwD^V;D@x>J@GG-l;<QVUW5dl@%6MZs;fl!9<i6#V9Q?ngapdqN*hkn>eQ(0i*jNbi
zh-$3;P+EHJiycnp$uh-Uy)%*(D*r0n1=`4OaL}%kS7+nqbUKa><T=7eFuBjp{+!U#
z8z<+Xy^Un=Is(iBe&ODXYnLF=v`|cQ(saP!$z0Kv)frEto7%S+`cw7!y04py&{G@N
zwYX*-C|H@^)Z{Ykx3zyhH;0FZ7l0=rAu-k6yrjsl*o-{ZjcQtIZS|1&zO{96vA@eQ
zUh4vZKzz#u0!m9TBR=A43>ug-RPFCyHwws5@Kx^LWp&N(dEajvHeLRRIr6i0;cs$`
z6c4-b*|GRlKL=S~8rUAXse0@z#UL9|%H-#gJJNY}Hm##G*7FvF4U+WV3<Ph8Sw4vx
zuWfA4&R6N-FJN=oXHi|xoVE36+F8pd^2uA3BSY0{me&dy>MV$QbJQ8;1FFP$Kp7J1
zyt>~Ph>N5rhAyX{7M;KM3cGaFJ1<wR;+ApWr#j^DzCj9~LQwKG!{2cX43t=0yO09S
z8FZFUt!*3}6t8K;t!<`!Qs#XzBeCusif>sAGbfcilUy8$mhRCwql-|yJe93K<G}-v
z#<Wn8{nMLY`MCdOABmYDMyp8SU=^L0t7IYIju;${qWM;25jLnEsf`D4+yMK&)M8S@
zxuX|p|6=6tJRaPF|AChNk#_Sh_xh*d-w&Cq#GrroFIOPXf1i@`&lI9cMPLlc(d%Hj
zbLlJRc*Kax?%*)HI`8JafuvN)oh*tSKUo^%7Y+}brad=wwt<lPiYCF)(>4)Y?$Kxv
z#>1)Mr?s#uVbC&m(D^H$ORT%IXka2ki1}WJLLEX>GKH5{?}ANv<7>xLc3h5KmoSt!
z1g2iN85zX43s?1mTpr=wLHA~?$B|D+TR$dV5Bd5d2Ny{JhJcSZ--9F=gGnAkwWOaC
zZy0w=dDJxQxv?s7v&;4V%&fQ$@Mj}L|6EjS;OMsKhesp5b`P}((O<1QR0DVTraTfz
zCq6}4jQ_&rU9H?kuT2*{7|kL_fy(zegTStMeLbB+phB+#YWqhM)zUS;aT!-%YTHCz
zb~_y5&(9V|3%x{?lz$=5Ge8n95X&4Nw867eudj|Qk@xQe`KjAejDS``hE>X+>b+qz
z<dsTG&q!^!<T#%u2og?lC#(>rZNu7sjpaH!(k=PE(CDdtev{HV?ELvGSO)<3ZVF<^
zb%Gy@aQeuAGCc3@k<TE#5ZK-}Q??#k@al}x!yK0?Ka!sc(nJfH3Q{1}##XVfM>>_l
zn1|5qmHjoJ7(*n6q1rHoczlhc8n<6?8Ds|_35oanl|Ubzg_L<gsH#%%-cb}tqK-Og
zYu-Tr7D#Z~yV996K}%Cpl;2_G+G=l9ETx-hg~`e5$5M0*42*YT40AyewH~W`jhq;m
zZ`@FRv3gc_h_F~4))y1;EafNP;+2Nv+q@c%-!0V#gU!vKGRT((V`3`4#`f1SmNk{a
zg}S`BG6*1I3H!?)m-apl&uGl!g)VlTsMnR+L?iP#k8?riJXway4z`{%^jmVA<POPg
zOVc&j#Jf#S1~?hgk)r$Fx5}gf!LD2xujaH><UXT$4Y)$`Q#|qxW{g9Vvzi!H2Qv!>
z2*awk9)Tn@^l8Lyqc49^8BVB)1_oDupb1-z&?{~}T~xR=I!Firq_RNc3m*{2zsRJF
z$jZF)sYl(HxPl4|g5+PAa}%z;ag%^{Njn_4Ka3=1?|`rv@NfHeXT6cqp^=yL$(Pg?
zB|(p$8ACp-hddORP3!r(XM8Ij@pR*Nr(6aV03aX-WT!Q#qLw|}%1XoO!;|Aa2Lk3x
z-xi=g);QCKRcP?Df~RYTEqRJYriU)oH&HJ5P1V<Dv5g4%BWL9+MkG1{7$*d4xDy^&
zohW&~kXO=))%<V+l|X$xP5Gb&mu#9*wm0mCKVZ{>sZ;q(qd)-OJ4kj~N%2{45Y{%J
z0?ie7?s!=kGOuiJKq@C9j?-~FE$akl?Omj3EsNDP8E<VJhurwBjI72wDd?!@3!!ir
zqsG!}u&Wrf?;QA;f%T`jwXiR5hJ{5HfpCSVtp%wkE+J-ZnQ<c7Z)4TLU5*z;RUV{Z
zI+22drEw^MR={HUdZL<DE|9(fM=`#|4oYbOoyc~J^@cb)vO^V_7Rv>c%5vsa3~JN#
zNk<wzO&3F;mAG6eZL#%4V+iUzOm~TVeEV{FO#l~CzXgJ5(m@~9t(}M4AnfbJ3o;}g
zKrd&*rVZw+Fu&&@!^%M34w(A3l;R<INUn+-=i<I)q^fkaiTg9Cu)=_~YXlWEa$7ZB
zOqBMrzarGHGpKR32Io4$0x_PFc-@|isHubDj%4pP(Z&i`Y6wQh^))$Y?nzSBH*j1=
zlJ7ga#-Zv=+55?^Wv_iwh|t+;YulmCr4#!EJWbHf`Vp|LUk_#K8jB^4qy;H@gs<^I
zT}rjRL0k6b^vnSoB<TmPTh6IVP;EV8OWMnCZ_tU+6yomQMp&MSus{`OmWm}f$g=jf
zxhVO~*y}^rWveQmE?u|91<Ov_u-e79&?C-jDDUiH1L2}6B9Buto8oLP?|72I)o%t0
zlzV#ihuJgfS%zz}7=0^EAiIO!YzvS{mCTvuomeVwlxBV0U{J<%R4NkZ1@p;K0jpuV
zf~d8<A0I#&lK$`-KSyr)4L6o=by+1mm80=fQ$e)(@AN3kDTarbSl){kzZMwjYW#JY
zatA#kE4DtR9}%*fcZ|~B!}?0hb*RB}DHKU?`zKQYc=^<Ka?z7^DoBcv619d$y${PY
zoR-g@Ml(_^JU39fcPxvVT=FcGW8Vdxxs=&hdBkkTrIVo1bkthqDP{cLbFNgI9lNvR
zyhZS37*3OgfnX~ak&N5F_`Iiowu0&!&LmXtFg1$LH|+BzOEnA8xvh1eP|{oC=?)8-
z#n|eVl>v?MQ}|K=ZtPkhX4K7NUm)dn0MJeS>Y!uF^BKv4n4f-|_FTdBcmb69p6nCd
z^rW%I_3fW_Yk}w58Ss;uIk3`I{r@#x_8)1s|LFG5GxD#7i}L@R8+&!1XfX-GSPI~x
z|5CNXzu`zPflDaSRmEaIyNkp|pBT{M_Z7+{23<X;!<oDxAMZbT_`lpB|C?LhKfVF}
zKXmg8=yh~j?z#x#D#=*T&eGM@b@~iw{uY5iG-}hO1|YY+k%iaBZxP-?Gcll6+2Nmc
z#0)deQ0UN(%h9Zck%&#2G#j|L1?1sk1@gu*DYh4wHWO|+IQ=$lR?-gqR4A`ng}C4~
z@CESlH_RZ~rm;2*UPp^Oy?on;96dE0Q=0eH0OB>{@;niSr0BWdhO?LRU=Z;wbUqnM
zF|4^tjK3EPUcQi0hcHK5Oe;$&CIt!Z6c_o}LC>v$L;CjfQba?d#kiXj==>IFjyHG~
z)PAJba}*0R0LH9C$vN6+k7Z}YP#3zug|ZYP7##Q64LT2OtJCu&-=vaagG$MHBWO9V
zdTDGi*fdK)Cybxcm{J7_K7eMu1tym<SM@F@w*ELr!N!|8lBo!im-p6;cFH|oI=~Wq
zr?wHah`Ej4^~TmOWMTm?=evrLn%U<o*47@pylmGbLRW=XwY)N3+Z<nrLOHW;vZEa&
zn;r+B>o&hCFV}Z)r5x&{%1yUt7hCYvf|iK;RTyk<idFiv+gn2==v*T(AfZZg21rt5
z5F&=K8j1D!-e*|lHL0_(#-ln{TK+wHKj^jI!sfH5UsUWSscn-<-Neq94s`P)#G<f=
z?>tv-dAk$80QxBcnPeLJR<4U|$+Sx?I}0`r`ygmL(mmwJ%KDZEIu<X|kP1~#;`LXY
z8Zyg>*oHc6HRFZnYeeK+GzSbOBpE|6e3z{#S;>tBEJg2X2jlz-(}VgG9gH32wAQ%~
z;&i?hU)(IQ5PrCAc^}PGt{p!Ty+sl5d$t6(-WhwFWQV4E0*6)t21(T>>1*+L>tn&l
z0^w0Of63ZzEY_>@me|vI91`Ym2YsGnQBh=9vb|-<NCnbojO;>JJAH~gY%E|juy33h
ztaJZ5H5+DMkz%myG#rL?-rw-_vo>$coh(dPI9h^=UwHhcZxW-<bQSdkvWt~+m-tL?
zk(MI8&Nv&;T_MHU`}Q(!I#|A<K5t&qPZ?RuSt^a$L5a%*0|wW3Li0MOX+Rl~RdjN6
zJs!e1Up1hzk%MQ!jwMeX2WM;X7{10VV&}Gr3f|L^WH*k|WM($060A;MH0;4C(Osh~
z8*_p<+|&*<7t!gUJzf<75+g;QAK1Pr$|N}~Mn@GJa~X0~Q6{^L8Cz6Px0h{gWhX)u
zTq9m&q1&;Vb+D1p4T~7McYPPD`y8dnx?>8>nU2D=x$cXZ@=U*ZbxOK9TN6$x^07&6
zN7rkrKr?G-1{tcuGBsyo%@jC<_!if(y@GA8jfk+OZF1Q>{+w0&nf`6Q5Ix)147p=7
z!3%}vCR^Fnj<LT@;yutW+_pxg$gR*v3~DH}XY(?;BA#pc67KFN6;^Bo=<+;#l^5?J
z%j>1j%KYF4@dJe)*XNeGLPHC}6pYzqRFzOl&yrWO7MdV4BTUb;v%9#{wk@0oX+%eM
zBY*9R<wEMkSJVaqk##?tY73jKWb$`%YbLla<X-b{e|6{ik$oYwr(6WSOz{P3oeh=d
zW=k%-C+H@0%b8Mq_DdGuh?~`XGaSZ)mcCKz>}dbyF3MzAwbz?5T`ro{XEc9mQ?bXJ
znyw&>n0%M_kyNtFdAzjyd)Kzk6>i+Ur%bo2?k9DzJ5w6JJ_7Luc)Gfkv9^S4(v8!8
zjsqckPfeQ0Pq_22_c!!3RM+0a8@KP+F`yvZryq1A+DXx=S%dSF!qIaM0%mK0D!jAF
z!!LuADf|yA?p3(S0#DfyDO;6Mff)6TsB!PZQjOXj5(w)}Yh$ELT~gMd`#djr&Wb4m
zHY|rbb(%K^BetMg8Z*(j;9C}<+TpyVfVp@5Xj5G$+db4^Fr<X*UXv<tWjbw6&Z|K+
znN!DoZdE8i_NeqD>`*cYZIq9_-a|KYQs%kD{oeWane)-_%0W)T7t@cfv~#HS+{=|z
zN~X=LW?d67Kk2%_Rq5pg-e`ZJZ2S4R-kI^}<L&ya&wsPR11(mt*vaX#cm~bzJcqu9
zH3{TNR-bQ^#K9z!V|VtHNWW43atW<(Pk=Xyzc>9M>3%=m`%_F1!Yt&_syJZO8xJ$O
z{+4N2lD<fBW^<p;Ko_7kpwK_9QT)+^?qGQJ4RB~Vh&+Rxd38Q;(^QjqtUdSvl(+4@
zw>>MH?E%?Uz^Tq-*yABIieGSe`vBNnm!#S3eEEGcDhLDbE^%}5rjs<5Ad0dFzsPMC
z&y^{=GeS6j3GIpjR_9dC7W(e*?aaWIBeC!c|0%2HYOLEDAeK2yyPg?(ZgS&@IS2@3
zk{jwEG!^}NyT01`3!BglkUn|JO>&eN{k^}J!%qgtROIrq*K0+!UD8Qdva79*cP{aA
zG^j{m8<C{rHsp~I=Wgu!GRs7QNF}E!Dg^Ag{4#acM9ZrW?<J`+nF_(RSaVHdlw|m3
z3F+Jca$0K1b5W({4RD)43(m@RIF<&(rgmSc|5jTa_r+~rsg%E!F9wbJByQ+=<ZgxK
zbUFxtN$!!t)1lZb$-6UU^TFMd=kDCcCD^U}9}5xg_ejxA2hi~@-;b(l+sUT~*WVzL
zE$o_Tp(dN>pCq?g?xBQRpSXo2Dp+d7W-r%H)Nd{Gg?&h!yc-DSYx0u>Wyjzy>Ans?
zsovcTZ>zpNx2G5zUTE5UBu}MjX})`|C!<cW$rsf*7t*PNvHQI0xf=#^O~2P*O?Mq?
zgf~2ZhQBN1((_5u-mg-vxVYonF3FqudP`17Kx*~6ZvaLfd$!kY@}3yR88O&2{!BA)
z61az|Ej^fxOS9pzC=ydWN6vPJd1FkBaZA93#Hwr%9I;2d+!y(qu?rY1GpdMTyF4{~
zGO-H2>!^=u^Lo5j`Szg%W6!Sape1e>JYRd)tak^z$oRGvZswgnBtcZ<rEwQ|KLrKt
zfaFt=+E{G${TeARt?Fp{uIy_i!sNIq>BKWm0ABM66Xv*<qi2kwl~~)-ehsRorH5}t
zWvWER=g0N$@4|#=HBzL0?NK4SqwcC=1b^!EC~qC()(aR6zR)Wo0JAh}CD}ie1exqp
z;v(2FcWg9<=2;B{I#MpG5>y*ujKzxPz4L)o`H8a8uksycJ*$J9^w*bj2FD0AJDM;k
z!+`>P>AEUc^1jVli}W{rVIDIB`vGzLAMjR>9v6-((lS^`Jz9-l)7x3R9&6sig5pTb
zT~~rv{8;RO^Bay6ZPrfs$swm}5Ob|h4)rbD1_NY^h`~9!86H$jIA_-f)2!CJU+d;J
zTl9$iuRX;?i6ZR_622qHZBc$Sb3tqzd0M`yUwSd?nrsOnQHB&#)t<pNGNmmy4T@vv
zPKAZ|%ufda)iJ8hJ+Q%zBAfY5I|rJgJ{Jrm*C%h`b2>vI12~$pp$d?r`wSYj+mhl_
zqF`P-JKyhW@m2B`1EI}QRZg@#(W|cFs5%B{?y4oan$QGK5dQE!>a}-skz1Xiq2ON@
zh<jdfIT)9W?CT~5NA<V)H5BOEH<(kU#J?5@cF{s4XIhTag`Dglb&lN)1q!SIHXK@F
zVRI5fej45<(OebNiI}3fPJ(q+Hrp-OyJ~|}7~GQ(7eDU`!F}oCT<c$XRac-F&a>ct
z{Ubx^3MKphI|1svnFxm+0)AXx|Bw9P(xzJSPr@-RiWGm+t=@QQTEI!(*!;<)dT_4Y
z7*@$ra;*)QMCI@5j)=FBy1=rJY?m=52>waJid}(SV7rd|j2L__r4t2tb^aQcp`XD$
zGLBv}l<lSci>wvUqGF2sBiN2QE%5K5C>YPh7p;jEz1T=m(}6x*t_%)|eq#c3pbf-e
z12NJ6;h$zeT~TQBC7o4X^Bd0y7!End!H8<O=O&R<sER45zq)gifSnXH;vb|tOQQq9
zAR9cZN{t<)Xz~+h4D(;??!ny3MU#iNAK2}k%yyza{!I$S1{L0;DgOL4_F2lJim%CQ
zAYPy#PEF{0C>1TbjsauTNeI*0$=4>v*KAt28`mFwAa0`>ia&#WmgRbVO(Rf)lpq|~
zk6US|GSFgn2K&&i$yAuQ?JxO(S+GGTt>y&Zxbi`&uz$?T0hO<+^o_gqm$q>aCPBnk
zuO{1Qaa3>u{$cr#sJCqHqFyKrWL`!V;Skst6=b-1{Hv!we|9p#^|KVZ;%DbI@n|F?
zEc3HFni_SqvQ&RT@22GP^TKq(7WW2ZbYZ41%xYx;n_lg=Vo`j#l`TxARKYMWO2<gy
z+f=V(_PhZbOZEOxf2h<B_rB5QVuQlZ{jA=-dhb!vai--Me={~#4-)?*c!&snG&oHy
z=#)se|KdFVVp6K<WDe4izc7=x$(xly?UCnsBI2^->MISzLmS(s4io!z3Pa_9Og)FE
z7xXzgu6Q#^oyqTM&bJIq4^gWP=lt7mmX`;>aos)Q7UkINWR@AqxDfZ|*lG8fIqNlv
z9??+9ieK6w?}dz{iF;2n&_wi-S8R1Jt?FI}Xprss8|Wul)K*mRWIN@{Nu#?4My#xK
z#*8<^ZafLUtNx}j;_Na)Om&IMZd5MyU{JfVm1rqtDP`frN8AMY`Y22{JtK%W>Ox&a
zKj&~3@2xO*p~=WR3Di&1hW`oiw;J1vg+;$)2$x(1QwemJoA|_fhOSKG3vCNl*>&kX
zz)krhLcr=C^pXoG75J)Z{U_2rhtx>nGE4gHX>kjduw`z7W2WfKgzkitSo8`j<2~;)
zkiNq!$8$E5i+bkid_KL4w)G}_RAOE48C7J*SDFhM672GOSp^n@UlsSCS^1Gb4GR%8
z%MZd8Z@Rp=HWPGVE2*Tx(W+DU+vv$XXs-O}1Jq}w3l*6C$HB{yuP1g=k^UwAo`F$&
zS|1SiAQ`0YfWaZsY<&QBw0zg!mw84#lWX3*-%m?M*T=p8?2(ZK;BzV6U<AH^gB%+(
zz_}NfdOPexMmpxGD=7HZU9BhQ{3*;g7nK*q!GpKqA}fM7X~CIj6t%tY{^&MpBnNV<
zKxJm?k{Vie{qv}l&<)rn2kgRJ4}JdeYvqSE;vf?y&259pg@-^ffPU&{o`;#$&9G}4
z)T+f%i_F|AldF_9W=||eBw2wDpPmp$PJE9wI$w`qZPiJwJOV|`p1!y^zx)U${K(n+
z_&)4X)rcX}r}Ov@Iu!h=m*K_1yxfJ@4Yb?YtWjI?*6hb#A+@<lzQ;TtUzF_(6Y{Ek
z&w<FmBvo?-LVeTaVM#{Z%F_ghq1vMjeNiSl=s?Q&(YksvWDF1Q;Xz?Q>@|tNTWS5@
z4c3TUr5#odeHYr^0Nldf4IMgJ$Gn0od@GkO{YtthOJ4H996dM0tO^vhbR$)cHah2n
z+1lN8;E3qfuHU4+JRZY6Dq?!3)=bRpEog1Hj6Eb3)nV8Cb?a+Hg=jfgs`n#!a|*4i
zT-9k2de?KVhuZr=-I&%bxoBtaKswdt*WJ0k;S8UOH3}t9?fpb&Rv;>8B8R6EKA+Ar
z`)cuSz$dy_Go&|K?E|XX<Qj%ZUQPTuVpMkFR193%jak%jzqLzUO!SudrY!%g&t;f_
z5bNUcN6ilz9u89yWtnz%>(}|@<{qlf>VA=~$``A=2D|G385<{_s5jAP&9oJqYw5v%
z<NPV{(C1-OccqzF+M)OS(zjdCte49H*?2E9ayo7}-Y#xq7Jf;e0^Z5}BJV8?^KC?B
zekaSTp@&JEUbDSB&A>S@kiPYf$X#2ayO1e`+k<jibMo;`bnl=G@uqX~P4qKK+8WD&
z1BtTxi6LvfjGKKTuqIy_$V9z_)}2S^MO(Fp0+CInbV1Q~g0AP)v;46Iv*cvVf!f`}
zo9GxqRNl*KH!GQl4$V40`il@*?Oc)DzuCRJW#&?yr?T20*I`dF>1&ln3uJ5L)*SKZ
z^+*R6le)68*Bd7B0bu3(t70dphMFoPqV5@2LwSYs@8)v(wfR`x=c(kJ&m^@%GPLaS
zTkDo9kO#K|dooMr0|r&T_!intQa-<@^l3cY*0K(Tznzw`kQjJg%f7%Gv$>`q?=!+J
z_aef=)cc@_UPj>2g4i`(Nj;QNfc`s+2(?9>YK~*YUR+S^uUr7}j+C4w=0&0Uz#kcL
z87b>RlH0OvVa2X1PaxMmXHOeFUR)$CmzZ;D{$9HyyU~}E3un)Mu=b4XfuYCKj0F<Y
z>AiNTI^+$YAq%99;Tct-tyiPMwa^Iz$!kOr;Yy2m9z-QMxTO)hTADntOysGOf=RE<
zBol67=#L%;pF$abjgdwWUBbyIJ_>4CQ>(`tN&Jwjr^tQtBq7%QfC~?09;4|0o^>s5
zFs=MF)&4#q&qw=r?yNw?_`~@Ytjl3b$W5E-7=vJLt}xcdyD5w{c~(hfN~8Eg0?Fzd
za#g-`%H~49sgz0{n3~$Q1aexu>5&~jIDb||2m7{`fQOpIIG26c<jckPlZa#_-U%c*
zRaK$8W^8nR>t*BnRQD5>Q%}G&=;S-%tGjGk(Yz{c2@ffe-g=q-cl7Wa*N^E8SW(Zw
z$9ICaQK{acN#1mkvUi|@r&Y@hHD6NYVO#a{gEVC=hvP7W?abXD1(vD$>-ohufcZ8I
zt=168IUk3IS;$RIzPd(5`*at*^%iHQCdV75PkgctIdHs{RE7;1#h#{7LuE_e+-Ma&
zSV|Tg+Rb$w%&t@Ta@I?!n;|4%QSbPbs%nLw>f^7E3H|ubuc3M}dHTitbw^n@t?~Kn
z#4fQujrfPAL&QvO7BsL<`lq5?+dDsKhXXb8xTPs74@YQ@z8Fe=1T)m9Rlm%aFDU3@
zw!Fa??c&AdWf4KYxLn}T()x-cwX*s;n(6y=Wpw*eCMVA|Tc4JvyI(RtuPg$s>{qyI
zsolOV^sK*BIZv=7o$b;@zYEdG20$I0s5(_<-WU4Zf_0AeFo~(^CnC7>?^6ebWfEOa
zxQSN12`ovwNvU1@Vx*4;N>cJu1rK~eG545Kj|4Tf^#+#2ru-4JeZyv_mkXaved@9n
z>___|CVV`7?Xl-qn!d2qFC()qiPwZyUM5rOjRq0-%9z!++fVYq!_8poos1jL6rYq+
z2_L7kfEl@BUtU-3x`_^#Mt}AZm~IddRe+e?XvC-5+`U~bg|seaZLO2~^+QAT1L9@!
z7uW04zp0@qevS#(y|7{^#0D+ewnR5^j$W_6^C2nfyLjFNRbFl8lyyZL7G-)_+mGa=
z^)ENlpYqqxsJe-EB0_ybQQaCm4l@tCPae??4tTNWzgkbpQR`?HvD!r`q`LFAPtTv+
zC}Yj4q0?)IK;67r)%AqnFvl&)74N8?SVtKY5R@)9lcb3J*6cjV>`H<X`$61zM`K26
z48l^7oaicAhum%{mwolNxGSfMg+h5+_X7rv5aO?2bTXuPLfkG;VH5>6UkUx?*uuz^
zhj~!!>p`h@rdh@L-9`lF3z(me-MYJC)JW-d(S5*Nd|x_16(f|>>NS90Y!)BrtT{6A
zI;*Pr*E1R}R22Egh`@rJKi*H^HmaEdsy#^3x4l<6nZ}HyitTp1XrCBB)rz{bFcLOG
z4}PW;(R%kFp8ZN>ievwFZ29zF`zLvwcWN~Coog}yyw7jT$uCGg<+4z7_&9knfnPR>
zE_q@1<Oyu0Z;LC5EUY!veIlQNq1CIK@W?8w_*(ptI56KjBXoh{bEjy_<_jh-64`~&
zqrR%frNRdoC;)nUZ=Qp3+wn@{pIQqV;v)-mtVNt6%J8R<MLzwTiw}fSGqV~19ap+0
zLV;mZAG6987pNdvbD2FwNcNw_YFkzw62p{xk53(MpnH9|46+5y30;rL_jtQpU9~C7
zCKRcx7#CJY!sTKFtQ-KSGSqbcMtB#5IoHYkI+UM3WC{U%6Nd_bVh5IFO<fL;`G`@+
zotZza2I!(pVDtW+_irs6+u$p}WAf{=Zld`x3OVtg2Bj#`owr-fj55&CH*Bm%Sb>)+
zu$6>&i`u_m!KpakWh({8<SX7ViZLk~4*fKL<D)GfE!$`hmC~wSP0VPaz%SsBRQZds
zJB>AXHKDl|nO`Ln?MC9)iK{>NP;!!K8N=*vduHXecyXD|D}NMRTBA0B>uyD~ifW(*
zgO}TdQa@R02Dx$3@OIWUU58mbiq0i$^Y(r6V3mQN>Q_tZ&N9mZl@;tTnu-F>d+*`l
zy^p(OtDHQ2EB3$fiC%J3%mXa(S<{J=Q!+b^O2X<nHsb6@;@8#%GR5*44YO<sY3TVM
zT`r~s=U=bEfu%gnVW&Fu+f%UuYFe&O(Qj`cSwb~g?{feF_wGHh^Hj)vqY?DGV5Hv|
z_n`j&H1}3<aXeewC=wvJOK=G8PVgkSI}Gj+7(BQ`AUFhf2yTN6?k)iW1RH|84wB%`
zndHCse&65zF3xxE&dp4Bb;;`0Rn^t&skNTVt)DLBdn$p~c8eK#N80lE!|^vzRh78-
z1M#Rw!o{!BW}<G*5Y<=UC&Fe!ed+px!k)W4V3k0drG^seph>WMx?hVcrRmYDi?_NG
zJZS1~bAkxjks#70EX^&M`yL}{V`QXCLvF<+Bl%D1$WV%&0=mG1M2?vd#cDl4SJJ3Y
z?j^!RAcwk<kW1OnrRdfM(m~_wkDH~NNkX`!2rPzePQAL9_V2xrw@TJs1)3LqI@=Fb
zUjc~m-H%;sR|nxP2f=ivhS=}4(*;jtXPxNafoJGWxCqG^=Ty}ry}*f*X};IJq>py8
ze$io;zY8jZ?CQLxq-%2@5kNDo9Q(No<Mb-HT}(vRg|n<zjqPE-l2t=Q>|(tc*jq~6
z?K68b2~Y}6%c6;;Jrtj88%u_YGjV*@;&QR4NtG2_&laMmzmw-Ho(7RqLEV(;0Zvwv
zaAQv@-Kdist@5ZJ`0K5H`!uWWJ#we_v~h**C(Jf3V}A7*g)dB@eiEEvMvv&U3|RyG
zqt(D4ix>MEK`z0c^2Wa4f;3;FfLo1u4uY!#Mwu`&l3{(Tph|4pw2FMESJJ)s<&N5E
zG4GoN#1~s>v3xeAbU8)+)vYA4?~s5-|D{)(PnX^Zk`?9V<6?w#ri`=w7ob9^9n;;h
zLv6MI%2#dG^r)_EIrTkc@A4Etdy<PHx3y_rnL(GIeB$HaL6bD1Q@w5W$WX{L3gp0W
zMYk!{za7wt2$I(vqBWR?@CWX6X_RzrSn&j1_NMJ_vjKd+OWx~$ep;_zixGfDCFyVd
zVIxrdWzv^{GgAp=JIKAQ1OX&wazL^+f(X21Ft8J!OfDviG{i6!ONvf_!1Hz`5#8ki
z>H;!VY#C&ZWzI^K1s-uttAGx6ZdOX97NOSofKpj3K}-~}LdyNa(wM$i_?ZL%Pre$C
zfJWD3t}D?>0x<cZ4QWOm8-OqA*EqLa+fo9&a-ZMIH(MqwNX8+cwrPX`9g>F$d7qm7
zW(Vo<vokZC0U{K$=TV)m;L9B8P5sb0c*e}s|I3Nv1)}(<*}c0=$)})zukq9EeyUA4
zvBq7K2AG7PVLH|f4#Q@yUN;;eS%+)Qo=nRrkQ%-ydnD6bQ6?gU?)gi%d8p$;&D5C^
zDrx=Y14C^9LeHEcaxKGi)sNMwD>tTxjsi^rK?~J#&Tohx!%8PkN^B&dL58&|b6WbK
z*Jbo#TRX7-3kKTwa8>MmD?K=+JV(zlWlK09r^1_1!F7eZHqDQ2V{W4s=CfTPJ&v6p
zW~h)LdR5voy1DZGFCdHGTow*{W$R&@5>)BvxdP2H*PfJ{iSEp0Nlm651yvKcmov_1
zV46>GoC0UbVb=3Ij?Wtf_is#ewW1rV$%HTmdxbSA&>;c~7ki)FvjSRt?yf^Fxxi8l
z8eHE}&XCOH5TS$-UmZ0Zy}1$yiFbo7zxwhYEu@_UrO+g+w6U#3vR_ha*LH>U1_EL3
z=SuKYn2?4N)i1^SFM@s9g;1Bzn<|l=f9Kq?Kpy*eS3gqw&B12*c^A>oS>}`g)iO@G
z@!G1dg4o>A1{&W}PV3+2StKK{+fq>X>U(K~+J#E0YobE#c3Fi?jnc49<8Qs~tZrHQ
znIM>^RRKwkLC+~UkTfUa<jnd~P~r{uePD<0pZ;WAD_~bu{rbI&ps0BxD(Es{tF5^0
zsw8{=&u}AS#GXh(fTDkiwjrqHU_5Q8ft%MWP9G8Fh!x><v_ATn#BrcmCIYDEGWp*_
z?SK;=dfWX16s~b3`~Jv(V0CGBl!x=Z;2Jk65`V1@HOhhu^d+BoT~cWK5+8+XOD~f<
zO`k$bPMVF?tNRo*NW4<txrSL;TeTkop#HJ`y!Va;T%=XIGVFX*pU7q^*hh@(9sJAu
z4Sm=R&j5r!h(9AHw}ytR3c-FOTL<Gon^<I>NsMiYle07m{ALcmE&fjL3l_x$uno^i
zb^G1fDm+BDw(4xn2$G_&$1&)-kTODOiBut!sl2s^^UHy`lg9TgMrmk4c(uC?ahCm^
zT5Uix#7>x&Ko`yf4HUj9XSdz5N^+$V2kS~{Y~tz8_R6wI^2V)!U2HpZ?zRr6_23#-
zX+-4G_vkSOnR#5pw#w7dJUUuN|C*6hrT!UtB@$F1-L)=vgYK>iCphSUmmxlyHlo%x
z6#mewG`s`>IcXIR-T(z!^3xS8ib-{#N~wKt5&X$rlj|p0yoK1B#cZqYE&}+<1<6<B
zD{>-Q;_;;p5>(>_wxQ`-UzE6m7ol4GBT=n*J6l#y8#vFu7dmunnj=-bk9w~`Ok}VN
zR~I^k)4mxM2Jg92WAFlsgrR!C9`9|s5;jWa>ba3PVO{wcz<4C$7njisMZ8)%fctE(
zU%eT#U_AYKUKoz7f~|yM8dzwrtk`Eh3-4F{`)<P@4Rky6X~7+ibv5p%a9|Z1MKFq|
zZS5{ST@H5-wE;9;V#HxNCuE{o@tnE2FWMSey%#N0IS&bP`a|DH_U0oep)On#0)$r6
ze_Jg_u1RGI_A>2GdYM+D1;impt~&?c56vS*W1{~$WN<{1mH@51N`8-ZsS{%wyD7Bv
zvDg`qtfM?#2_JBsT}s4x*k<O)lpVn{2R3y`QVtXcbe~Um!-G)cV;JmN(&0N&DHyIK
z)7`UchH>V*_=KiAH|>AmpMS!Fs33(bee!L>FjF&!FOtEZUr>4-Ag0}V((BNDD;meI
zKI;>&FWh9vYl2!>)rr@6jI`wV%W5b0dvgLB#LctErS!1+<ndxpJ~MZ{Wc|syHXz8$
z>RZbGQw&$_HC}(bU+vZV2(s<7zWA5O%fua+e*K6%`8R#!ml!`d+g3}6Txw5lVqV?X
zc7B70A{eC)v?TJeaHwJITDIAZG5cXjO1v*rWes}l@R9N4@7liQtfQcA5+&>NIB6}G
z!HGQJ(Vl^~_cS4YN?yJctr0{fk~M6i6BnaxNA7tXVol7luc^0k`PQ)DvV5gYUS`U!
z;Pp!KLW%U(FLt7K!uX!&-6;q99~G%$gES!J#oZ&yy7(An0e=!ew<NG}Dr~Y-%@E;d
zyf7eI=`x}I!hh~634&<!xZhNsLjNkvq9N9F!R5$@H)5@NrT^oAc<aWT)=B&JeigNa
zGIQDdwfUCOL(8jCW%UfNM8ma+qBI%5)<%W{3lehGWmmyCty+kC|FW9-o^<EG7ego^
z?ip2+U8W40hT+Ozj!~(jtU{Z`nuFH`g7Ip3O^;LGx2Y^K64zuLBtEpEQtwmiS2b<J
zwXR(xsuDDB6MbS9dL#C73ms#Bt|54guZAXgJde4y<o@Hkx9BVLDK0yos4VoK8EVC2
zy^VNU<389jqsCX<njRCeG(@?fsvG%DfY93~0rupod)yG`C0S$$y&D3vEJ%r=wuJXG
zHvBVd(}b<RWTvgc;wiEidv?`ktQTDs`HSt@l3`;xoC8e?YHPmtT{vHsbDe(|=xDZq
z5|^g-C1^7bsw)3J7LjYiWlIYd#k8kzf=dCyVg1xvNveGI<0qOSksBU*?V2wPRVFP$
zr41wTwePVek1XwG_JS{c8wAAKezi`f^AXghX4t(B-;cuSZ;qj~>{;|5P>+zYVQVL8
zFVz$-DYI`(sZ_P|;$v%LD0Zg2QKMS#L!rqf-WHa?u!v|!mUl|%Hs{H`FMk7hwZbKk
zoE~xU?_~kiOUOwZ-d8yZymCqKbpX$e<oP$3x4463rk1?$KlN%o#&os5hkP_FoG)q>
zwU08__KyE-5qGNCM^<zFHgu{+BLDgG_4`Sxm{#`dBGqRh7OEN3;}bi3okgqA-}<Oa
z7ws@%qe`_kt4|UdC<pjIapp($sMHh9=<O&tesRX~lg_`e`U(Ly`E~PbsK1lpVzTg^
zq2vm=EOs7nX5lsgYwgc4pO$b+psZC^7IGXYy;8cZdxH90^#6c2moZS0Pbegol|quA
zZ&>Vj2TYi0$%pS8T25p$NR$wh_fWAY%PvV9?8G>D;%L7>=B^7p$v3&yLnIp98T?2j
z3*zj&sxMVyVFPVx&W&a$=b=DOr(o;SzCB|mN8L7Edea=sOiH1CDGah#V&6g<@2Rd%
zb{SpV;d|bkB9|t$utZnC(|FNK4Zr=`iY9x^kih>P7rasojSugL(!_Ij+v8`1fFMfM
zG12Z6o}ZBEF8{LP^KFdEq@Ft8`;+FIp0+fTN;mSGgTm0u5Bb~2K9#Sfm)q9t>Ws!(
zY(Oi$Gvr7HIyBH#<(*HGKEGEpM@Kdk05x%BSvtvq)cUvXFM-tdW@1njDPfRcly6?9
zketnfWjn?AV?LvW|C|fw&0|1wKx6;=5-(vB(mF@k-b(#Bbw+2ai|a)>gC|HfblP*U
zt<IKGcFX6;WQo!^_xxSyd2UuKMcml1lLSy)!J%HOfAINNJD{g<iZzX3c$nhZ{jS<R
z0RDm4-B849M{vAoh1owZJ_=e%UGMXf*G5Akz*euzUxad{x_NB+v$G*3l3?`h!mZ}7
z*Hu8(1EtAuLzCDV4Cu<x;`*wU)Adut5_*82mqS6;RrZd{$BRP_9IE&@<5f>=yVvgh
zraB_**2b@xlPBIZx%`Sj8qQe%62QgbNGh*89NS2ExmW{(U1(f$0Uz6K%sS1t{L`vt
z=qH9JMIJcGHeR<TkmEen2CM<dw&Pno$xg~5*^TM?NMD98E!gR*uH6^j6GAYr-9}OZ
zXP82zc7?q9UEqB2A*&GvewW6D)SzIAo`5j-nNB_9*Ivzb4@<KO?|x;%`I5qNj4}U(
zx(Z)G+Fa^4rdrM3lq#|y2gYNhwBUI1V&T8t?(;bZwD*y@;LAj&z);6f_ZR)7xFVJW
zw*X3<!GA+ve*v`r1N!<WdV?9Pg+GAmUz`wzko|!gQU4co_O~n!1P0H+u-71mzRWtT
zt!OtGDEk-6Q%8e(DRK9cZhUkuBZq~L_!BVVty|w6KuGj0i51_!aJmRJK&iRHF3v`h
zy15+;RQrp*72rW6aLk|S|AqTSg!0qEV7mVRbAPMq5l`bcqo}Hdv@E>&i`(H$*NV?-
z1ZskC4-UIE7is<l4u<l9Qnsk*fKq*T;qHo3|7!N76@ZF~+x=ob5GNooR`cOB{U7<f
z`tQ_4bhcz|Ls!%d8&&^=z4$9PN&j8@<@4R3h8?+CX^DBJ`yT-CCDf=-A0F<ZpHEq_
z+%EgP7Z*o&F8S66JcW?($Gs>I2ckc!1Wfq|p^-3gP|!2_^A!G|oEz*w-YQ&pQlo$H
z%g{~`F0Ose-<IGUFzfz7F#ju#$p42p8-JRB`MSX*{0oA^e*S=*|G~rmitzu2mj_`p
ziHjotanFJU7cpoSjMTRIi>cQZo6+Kmnu*DMFCc;F77t@rg}aq&HFT$^+$pps|8!v4
z(qQg9p0w}Y7A&q$qsmQF$k~wvb`CvUj-;G-ULBO$D}k{e-Sk%d#s!}H?(U~YI)V7n
z?z<*WEO5_g!1cxl4zbfWVSD#$dF|bf{^UQc9@cEF7vD-)CBgR{vVrSFBp6m<F(XMJ
zVl)y>lv3{+5k;6kkG9I42otI=UD-65oRxg*esDI5=ou6hG(WHR-;<{qxacR-*wYt8
zTbQ0X(fn4;b}LbGJ4AXLHB#khKH289Db6>|8OBwu8#l{){wjD`<<hMad?C|nz_mS|
zo`9KPj@>cA#kJ&scCKhPAnqQxa`&co?52C>`}bD|_Pns|euHLWue|zg0=T?~Z82O<
z;{a)g#$lKJWOIf}QHEU-&-)&;f}vabOYV5Yo32mvOAqaFpo8A^3w*|Fh*<-TALGR9
z?(c%45Z_!w)8dON8-g^dRspIH-fP)(Ikp507!DD$!QV)|(hz-t;M8vcCr_lSwF0uo
z@JkptI+ykJj~Gz&gpb{$k<rcblDdZN8Ll-)+5py_`Fm&Df&HzlsoC%6l{0rzQ7b49
zKQ)hmO}CyDdcgOher5p0sfqUNv>HEVSO3P;Zi0p48Rvu44@muYe7547VV7@TKI;0r
z&Ed(9lB&BN=PvBG2X}s2D!*&J2YU7Ev*y~`^S)&&Y{PfHM+tBAVZMv*S*@%MI1hq6
zgeo5x%iSl20Srj;seZ$rSIS&B>vFWnz1C$4j&8IpegQvfs5^*uQP3DrioQ8ye1D$0
z&)r4yp2$X^&Ftr+B+QSuue`-W;!C)MAgJ@4PQ~<D-b@T9MfGQD;>kUp)txr6!l@pB
zjP@oxEPrjr)g?b%LnW#{fEsk(S9WXWPmgAMs$Eq=vWfHRDI?Zbuol*rr_NhE@;V2Y
z7R`)Qv@pb+^7epZB}{V6GZf6|1<b{B5Y$`E13uR<!(UymQZszLSJmjYCP;KUx@tU7
zR>ON5B3IeANuQ+g`=jmo=kE^&74PT_91c~ZgWadg2<kAO&3iS0)v?dsf#n^C8P7i4
zdZ^INuNqu!lhDA4?6I)8K+88NXCArpl|rYfl+m?1s*5r^eYfNr0ENo_2`fqFG*{2I
zj85>LBmaCYCwyX^RSjcc7)V)LKIcMz$iJYaYohAXdsQHFS1CZeZLfT|Px$Rq>Iv#h
zuA8H`Msr#Ld!P_@d=Z~XNw9rsXGW&t`TD~biMjGtrju+^*8_l8CKqwHjm@5t&uNC8
z##K&pbc$Vlj)~D?5BfT&tlZxBlzn^T&`CJOh=yg_$Ol?#a5sBPSjE54{lO@19&6U>
z+}3j;X=%`4zNd}=W%@%?4KNF<5N!FY&vr*fYXx(o8D|xwAvC3iU}nUb{&*bj{#@z_
z|846ePz_~uT0UJw%E|r|eb<_Khbt#7ESJ~s!=6$9zPJ}Lm#t=}_P5jy_Ii&hGG+g!
zHg{pf8j7Dbz$6zL?3u{+ZlJ^Mb_{_ku}~pY#lbWl4>J8>va`L!ZIz@Z;Pj}56O$v@
zAF?Jt6Ti~_zIrcikN2RddlyR>y7l}SZ0A7jZ7cP1!rp-t%SgE2*S?^c!{E+oRR%Ht
ziyZ7Dc!B~{NCw#nd2Fq+UlfPmPmf>b1kKFrsr$4wbXN+O^MIB;J7z)z6@wk(T+Xu}
zrTQH*(QR1d_d+gadmdxbKR$jcu+DMfTn^U0%smN6Jni-Ofl$5&wzVrw<Q>Ddi|MY|
zR>vj`4x%g_LGyDGdH3dAcC-AjK3~=zi`rAkjlQ2fRvQ!Il@l*B+RLkw%n@ApJuQ^B
zt_7T^mv(<FF#6~(uK$eZ)ox8}v=A%taU|z_WAX}#@$+?W$Hw!5NHg)AJ7-+GvA_)o
z+dqx~=HQl~@3jAk0tXc5`A(KZ%8j@7@tI0BF{Q|s^javqe(zc&tvW6La2v9nrK+Q=
z@$|@nygH9YsYJ2sM^U2TfP2tz3?<__^+KmvtjozLDn47Wi}jLgAD<C~BRdqi*<9kq
z_?~Gj)!uL$IOd;$;0=6-p>Nst0@`|HXFen_%0ryC)hQ5rRl&bn?DG~)W@(ghvj)zy
z@j=9X#<bHs$EN(YAxzrj>8)7vb9H2{vUsYYt|A;ZgAi_7JVYVFjGI1(Yom<_V~~2`
zU`1kQ!I^hN%kTHa2c<AQwzYdh=D0VtKn|?W!A#1pp3|^_=cL0>d>8q6y^%IY+1U+_
zT~Zg?@Yj^A8Fx-|6)|6a683)ot|Unk>{#J$<NeLuvGq}`=gvIfS3ENGcbV{-6N49)
zI*t?<M#xt+w6bJb__bbHGkQ=bO0z4|x~xMZ>#g$)T$Y_-sfR5xCKZ-p9aJlsYCM`T
z;z1?ssF14T7DwJadbiz|P=^VmNFA%|$&HiP8IiB)^h6TM#rC@(ai^*~e=Wey)Sp7K
z3O9R{8{>PMHi8+&FBV~dZ@<rvj?ndM4b$VW)2v6omvldRefZ+y+D~5gMSzIMPsIl~
zfQ*aId^?HAkOQq!uDcfFc+If{3d-4t>wxJ<Ux{sYeUc3&IWjbx%vUuj@Q?;QZ(Qhl
z{beiyFyl}`#T1jId=7bMbfJ3I{+Gk=i!T4oVNFV{WwL(fRz1)#4m5#q2-6Dz;-l=_
zi@GlM63{BZoqgIK4|}^e(1&kb{%+y#xeE)@b;|v)mw5)^8?7rfS<7la!I^x4Kl1?*
zhsnd4NdP71x58b!{~RWZ6pw<$XIX9}$j4Pzz1k<-B+Y8)R{vP_a<s8#>%y%XI)JCC
zN2|jxk~cgzKaD2vFxJWiJjw;|s#B`5b7GfHDV=-S+q(}IxRN5BU#dAIwejpKOhwwn
zKhfgxRQD`Kr*Ym}VD8L!5N*w|a15mrerl*g==NXqSAmz+Mg}QAHrr{-$Q?zQT3Z*H
z1znOoHnrzXp8dSBCi?eY0Lk~RW9%r<8aQAC8k4IF(zCTWNGyn^v>&O$56p(Bhj_xc
zQJp|G|Ayo`G&)!;p&eJ$VD7jlo#DjI&ke^f#N@56l^#(DIuO%pqWq36YaU0KywR~|
zwwCbDb3+@%V0!Gub%ffzS5HhgyYYkN&{XUYUBRKKXK_yz*MOU|0Rd=FRk54?gvwPm
z6#*8|bimDyt+wdSMFOVN1wf2({6LaCxQ;idIxaEnex`Ei@IV{190l->MI-@WOlxmH
z%v$6=QCz6^Oc*oo-Pv0&Yv0h7miH)rU1tYjcV`1F@TxtFW#v&|$5>N(UkIhav|<&v
zRQvsU$_vx_?eBFBj}t_=nJD?uwik5EA2@%sqF-w(wk&9s9RS$YUZ8(4?Hoi_4tAG#
zd4jk(`7wCxI2wdzNkh?y02(nIL5Wf~Lka~SsJB(mzrB0F#iv5b`hneW!Wou!`MZ%m
zLnP`pY;*)}r#MzYo#=U6L>RD@@a7~Up7>lpMmMV^-9iULV{}|JxbIcBK(BD&vqu$A
z*g*A5YwH6(jM{*2*=f|GKU;TF4X_~Hcp&xZG9~`JPmK{cUZ2wC4Q)C4R!I9?XyMvf
z^GDyg>Wy&iix*v`cbbRb_DgcCSQw+F75%)yq^MJRDsebI7cv(Lafds*fn;nm%?O0r
zM={qDfrBZs9S8u?hccr1FF@Cu!(R5X^fII4A?_@5SwswpNYL7^7821G2V-quNKNQQ
zq;KN=o4ia@Bfm@L2i-x@;vW5y!#la1n!C?(obIcGG6Nxo>uT%YnKzlJX0#6uFl#?G
zs%s)aFkf=7m-6hM{H7<l$KV#qj9g!#uQ^Jp<5H<+oGCk>c9%AxUftOdk9LutpJo`X
z-}k3V|AY*2n`Tcp9p8+R^UZ=9IGR`@nRN9P?<v;C;oX)M6dB7t=-Plw*i#E^)5^!+
z#p``pF}b$SW*g}!Xwx-&ck@hjQzJ^CrgF+o0YbV?y=~#D8T4w5j25zX`7&)1#r&Jp
z^+>RHarT)}-wG{K8<!`;`|8{u2UL2-rm|b`&DYwob;tCvvR6NwbgyFgBg~c?5s$F-
zYq!EH5%SjikT&Kl@RhS#DkmaYF*%}vU(1`%#k3R~U`ph+j>R<tXM~?DwZ>?&A{J6Q
zNl~my+<K?fV6EWG_jng9NRWaEpm;o8K6Ts)qfMCMVy|$@A>lg6p)#r1mBN_YAN5Do
zoD5vR0wG}0;-|<xQN3UL&lj(1OH2lwxDJbZ^^1jj>I7!1ECVPb+EFJ&ELy1js;5}5
z#@pb2vC-Lw{MC7`a3lR@w?QTfnz^gI8lS`O;h8!)><qAXLbbx7=p6n=n1iiNB8Y3J
zs^u9KfD$S@4ciBxQ5go;?@ReHV`=^;$2)b^kV_j{D$n9_H*%-QX&FZexY4Gx0Q3#3
zpw31*$-%>3gl;SXYFJFsle6W?3Mn!Q&{|O<9-}Y2WHZ~Qd7K`35hH!1G=@L-fBJUC
z%Z%^Swne>*%KFW}i6>r<us1Ke);{HIT}fSJ5Q27`3}LaQzx#19Qq<xfZs>QSkTg#X
zcr=+a-x#V`Q=&i}5Z<k+ul`KU)W6+VAQ6neU+Ut6;9o6s!2^Bh>&oB_y+0KEtfze{
zO>E&H09+Sk=V_XDGTVL4v^So8{3(G5b*liv@%Wn%SZ<;9r(ZUyb6<;x=%X@5ql~$!
zWbv6M{cNWIMcdEJ#G8|XmLgFiC8{qk&cSymK~tuy8mk{<a>V+G6?k)c@Ohnjl1N~1
zD<ObtHm4V5O_3L0iDP77hg0=?>fnOs+Ty2|_NM;Xv-ks!XM9>YK(FCNwaTKNwja29
zunE=|s8|#Ld+p*C8tGPFjoF=>(^BEJdDkqHh3f=lO*eXKO?K3e{<2RW`4O`S+QZ(*
zCI!8)(L&?i)|V?p14*ZTgoCNMcafH3H+}G(k7~O6IDbDJ6!f&zI7)z5No&c&d%=MO
z(T6_a#|e$IH<N>&Q%qM>OyxX_UP{P=acE7+OgpDkcGeS(GY8Jj2BsRz<#4Qihf#5D
zO#a-%3U+gIg@S(Z!9!DWhlda#4&cj2>>&4F__ZESYye`3+gqkW_fza3{y?*JygkXg
z99f@1bc;ip)DZ*-d%^Mu%s%NAdQ~ZWhiFsz3g}nYCzj;@)%yo()u&MV=z@{uAV$-i
z>hc%B@DGBYDOSu-fMQ9Azz`+9lYFH?1c?4+OZ|kp2vIcFdsoe_L%rZj#+W9L+TGI3
zj%~cOC0&4#jOjP<7i4H<fd&&eIQR31=I_|{6?2+4RPr0eK}JpVnjPR62wxV3W-)wU
ztp*xChzc1XVQ=byOZ@TsCbhrr``+5-WO!io(^3P=YdRh2Z<f~kMrfc$NO6q+So=RC
zKM)SM^Ax+`Ygh5M#Xf2#8>7|{0i^n2c;>UyB8|F5z@q&dKy%`G=B@(ZKJ8VCa^8Xe
z%W|R>D(dW63CDMmD9{K7+WI$B?+vf}^m%q_O&*X;A4|m`Y?0U6Y#wtX8pn#NJ()=4
zn*^Gy#`57Q!-e(4YuAp5P(ihq=}18RLzZ@tAu_k7^AW&_Ba4b2+qYNvaYw<QVQUjK
zNO>kpy!%UISDWloN~qfL7$@#kuwE)pQ1cNbvGVhtsWRC?>>7pM0VTu@EeA<((P39`
zv8IUz<5$uva>r)A?l;ysAIFY~7Z?^|)Ea{tW5B-QxY*NN@du!6$dOx{+?pqKSQ^6B
zR4RtZ>YYA_`+Atm;~)a~<X+np@pl3ZK#)rtA{$Ua236fTO|fXofug>Qe4iEZPX#gv
zak|F;SyCGHwoMx2pFf=<L0#&)ur;^<D)3G45CR7dWWNde^XxZh^5X{3KK-_Muh0C_
zW$!0Z9gBVUO~p3Ohc$tBi)NM22J!q5H`Ik|U51w(=*deqnA|lT*z?#@Qgu1eOsNSm
z+PXD6STAp5J3k&M8=~}ct;Qs~w|x^Pta!l}LHiY+fT%%(-lwpbn(#{nTBEFN=I!&C
z#jwY>*a<gbvHqA`8(p*}3z3>Nzu!Ab7&h%O?k1hpRgs%S#H)()bS^9$*+1sDTtza<
za%tw_N(ziGV-y+n9x^(o2LSUQ%|H}GKG0CAO}&%WI<2IUSC>2%k3Sk7ODZJSEVwUt
zBzL(U6(rqL19lO$`%_eGnjErT(_x8!Iu>o~FB<@u6cc*CmRfM079CT;U62uQD-zC&
z!P^|x5rqQTQunNpwozi;)eX<?@|~ugmU=hYQp+qs3;X6LKb|{uc0!8`anUk%E;+<T
z!wi~XJHmyG@J$0_FFn_2o@s`Bl5Z-4`N;y(nXLKoSMTkLKt|S}W@f;xA-O)VBW6oL
zAVhr(t<qTC)l~PB$b2lT)fNM!wIt?pCadoaS#fFg11uiBma|<rn9?Z?Wf8w+a$t*^
zV<h-Sn5$5ihuPIi2341+kKf=!$}1rMNe<(lo6UauZ&#w5jmp-NVaovT?kQ)@-c2RM
zZRjc2H-Vb2=^t^&b+5f8OhHSuJVISV${DOMBlK<GbUC%nfj^;E-d!e}IqCk)NISZu
z>f&J-TVLy=DelWaFp0>BK>S_nXL-mkAvft+9;5mJK$gLSnxc;2)K2Blr9dR7`mRG7
z;p*qsX0(xS&*a&Mh?>&(qZh~6q|kzv?MunEA~T*bsIz4%CmB-9JSkZ7xn4g7Khag1
z$uf1m{X0|h<zZ5`0({RZ2^4aEesI0U^oTp;LngYfPmx^L99K%0Ejy&VI;kAN{Zv8x
z>Ufk4n)2)NMbo(SwZVf24-vO#mGX~KpW4r>!xxsFCs|w}!oFX(qU&$&AHDJ_%5nQ4
zv<{$3F)(BZG?lZf8|*7f`?ydl1;S3t;<51W5ID7;j5<$iCTdCg+0z=^|L_{CzzgA9
zBuTtd=CK!<vo{#s0(3g?O<Pa=ga=ZyS!RZp&942f@A57y7F|$zOrmD|Qvz9}I(fZ&
zdz-@De8uKROj8z?1`%w&3+uL4)~ZFYQC#j_{!o_NDbJApHD%Ir=SpJpT67+dtCjp}
z-kNo6BS*fU)cIw1x8a9R9N}}(EhAZJOB7WW#!@F2=f~twi}v0qp6eq^%sfd(oRwj{
zVqT(tJPQYv($1O1pS2>N_g}*^Kn=*Cj`r<=v>gyr;zXC-0+C3ko5P(CUykO_xh;%v
z(mDdtv)t@FnqjWfD$|0MLWlG<&ms*hjC3LdG--P8PGk1>)j39P)h#_u;Da8yAre<(
z5`6$gAa|~A$BoJ6nle4nW`6pzZpB#jOG>46t@5jSumY^Dm_}htXu}S9?yR&{tO)>X
zSEbk+H@&{oj@HXT=<&1D6&OqE@!hUp-H+8H6TRd(Vw?8JcryFYiL^B7F9MK5x1M_6
zdDPQ~&9ND>kG11AGNAcQ9yWRH(Pyc<H#HkJY1cOFwey5e;D?nXX0E-lGVL&7zEk8b
z%&4&h2d<AD)>WnB8=X|xTKKpQ9wg8V{T6&*kK1iCA|_-`*V#kHb06b@Z>OyzU%CTa
zuumD=%q;Iv29axDL*=9xb2Y`V+}s2MixU8T?yPNT%i><E4{`(d5sdt;quJXf#;VKw
zoeLK8<XcJXiqeb6_fa!W_ZdQvrchV8Q+6xs$8s^C<Xp-j@O8V?Z<H8!MM&3Tbcy@x
zBjjed?rf(nzAlZf#Y#L2v6$-jHUSp7ygQ#d*4}vP>)yF&uJRt*PaVFkdBwNVjkCZ+
zS9rqH8P=F=$@?4HKh(y=A@s;4X!{25vWE9`1JW|z#c8Lpt^X<as?qy#tyo)+W+DIO
z?e{2Kw&p^^9l2dL;5A>Z*(<mnKwvI-b)a%G1;J!^>_;PxV(THZkUyU_Pb%L>Q%Cb!
z^dWtUR;GdXSd5)sdGWyyK$3{{)iT2twHf2$3_UwDu@pTi;=@m=nC%gAkNSh1f-F@D
zoQJxvEUGL`UR3<}^dQptgZQa9|6Cpyc&(wUK%?zmRhUUGJ$&M5ar}L@njt~oT(g;1
zUq&F)T$NlWpVY`@O4A;z^0h-}zp-Hnk404gh>>heCuVqNLQO|g8M5}Hqp^x@;EGsL
zZ)}<gJ#c3bn{H^@hO{RR<VrvotaLoYX8hggpz2V-!3h5>jb%!g(E+4<Dvx~FG+v~q
zld5}3wa`(T;SWl}o3L_6B8J6#@L(~Y%kuEY-8QD_Gy~<J%pts<i=62C>io-gLKxCN
zuaE(D<Or?tF&!tz_?X|QKAVE!U{@FJ*`Bs}mZx>y+$Yk!si`Eh5^6z4R4vp!03aTu
z_ncgGG37wtEG@d#Gt!{*6Co6>d2VlDVWr!N`ZCFu_L-1^cT^i#;?YiyiWCHXa<e#g
zD+$&^JJ*`$)?^-7P0@d$BiK7{#pe^TMW@OT`y0#RIQ01K?P?R4kJZW)GM-_SBBr~y
zVzjDV#qO`>eSb+-PcQ^5JC&6cPBqX@zzQVis2_sGYALv{;?k{7(J#DGx9H?G_y6d<
zky?BxI%=k72+56d&u!{SNx923abnaYTCxUdoMIgvDF_;`iswL$-VF(BPy}w-hJ%e4
zJ+o8FYjo2mknKpwuo6k0jC|-1HDdXC!yHr3eNM}Z;E%rf_|rr$1GSE-sTWw?btUmt
zs>v%=wy4~*W5AG3n=Hc}ujD)ZF187ctM}YK-zjmDl7B2@BmIutH94;7lzI377*ieh
z83TyagGYDjJido2-Y5zDwp+@=v!G~Vs6fYhzeJBcTkTrtGPge<cROOs>;FlA<8jzy
zJJFKTfzL9R{N~Ke!iXU4NGvM`ah$hNch%V{O+cXSuqcFhatO=yu3NFP?!89!%dqct
zwty*c;c`ipoghiLn|#nC7o;)?Bd`I?VP$P(Y*oKP$#K+xH^1SdUv5#FNOGjH9B}B#
zlVU9(#RZ(;Jzee8;icHP>{A)V^nOHX_G|FD@edwa5u%#dli;aYuk|*0d}`JoKlD{_
z?_5~|8uTdJoXZpn?#YXIJ9;D1#V(50bhs3s4AoaH91vfVxtyP9Tl3VMutfV691?_g
zJD}z$oL^QXsnq#A-p%@Xis+nXg_n^%P$`}5IRI@A#4X*9esv@fjd70aG~E-wCMzEC
zOS|+XK1z*JyvkKRsqmJ0%F#P9o;Y~ss2W9;&!A1VOjRkQ7OwNSS3-pUiLZi<*6_q*
zkyGflW<|(Jv7jaw?FhC}S`ff8ts$8&z55Mb8{<q6yUj>y#NRObxgEfgp>W!XeuF~{
zchd;t{xW&I`PBU|7IQi9LfAMO<!A5dp#SbNV$kEJbVOlVEUzzV<mxUl36Qnpk*@AH
z{)pCY^JbM`Tm(AY5pQ4ym@@OtNN82yb+n!!P6KLBzy?K`e2<;{TmO>>1Ph0-YraVP
z2Pq!TiZ`d}h+(i$M?-g8Lw8JVthWt>(mt=F9S0!YzJoFmgP4`S;I3ls58ku?7GbiN
zcA=2Y@+`FuYo>?|6we?IoDG<Cf=LXU;+6sZd13Q5*vvtlmL6Ru)eUD8gzYeCOhMd#
zoo$1_Lw`MRVF|Ekc5rZ9e^cQ|fH8mEZ~v1Gmhk5k?w?e+AySJ!_~d`G!4m$Q!u^x_
zpF01YE$AQGhMs@7^nclOVDmraZdm_Q@?SFkBTWy$;=hFcD?|+cKhkhPNPt1lKSi?g
zW-|n^J~|a8)+UBQ@4oaBEivWqupT4G$?0#C;SGk8ATToQ>D@eYu6kJOD+F(CO<8>R
z4xC5+P<rm-Ic><RBKx=Ah`$<vp|1a^0>)AC?<4T%f9~vmGgbU80yjWv{#Q}|D>L;!
z8isLb{Jj~tAb{k*j{cJwR_veR|I_5Zj{YZe(Er)wzsNDxeWNZbY9G~-s?o#vpItS}
zSgg$+d|Tbn!z!<h&z~}}(XLCeiP6J+&h}@4M1eUudRHB{r5Djh;ne~Q>%g|t$QyrK
zkKwkT+Sfep+YbWgI*HLsqLgxfL>jn*@lwejNh-H777id86jw|$K6`%5Kk%*b4jebo
z68FDJ{kA+KE}Sb|QiC_O+wWh{Wf_<6FQw;Op83qJ?<BR&S|_q^ep{zfq(3%&@?!|i
zF}7<oM@7TO5lJ?;!i(;YPH><S%#iqgInUAl;pQy9uei_IUrg>Q2kscBR%&<*DvQ!8
z2je{=BPBzuPCV<&zL-3~(8N5Y8@o5zf#x1CT9xwGTQ>X!l3VM#Z}xxJl_pyH@Qh%K
zCjGgAh)XI0DB8hUmP$%<)@&jDv*C2onQmkw&wV46V+1MHDK1&w#oWVH0&Z-eVEobJ
z1xz1-JR8hY{qvFT%r6bkPwaG>Mp|*g18~4HS52>^FXR%j%KP0{XXRGb^Z$^eyajbf
z15EDtHcWEg_dda-#!Q{P3#I%mRS4u5ret?r>%0$;1RLXF-lkR1bQ}I0@S<BPTBTIg
zpl?H!m}GaY_hR`+2~M;S?K95SLg(J6Ks+do9@Qz%rL&drUfc&{a6k>fhIlr~q<Q;1
zP1Q+`kTc(SX;wTpG$A({<DO8J{?DzNKW3Oa#IcuZilYbmfTWQvjw&Y7-?0z97kpJ;
zrQrnqY+PQ-*_{Bvd+8wqnDh~<^X>nTBIVd`DCsmD%~0Vm4#|=z@b3E_ZQcCyQ3XV`
zlv>rel{RW^Rz9vT|76JjsXk>m8Bi0R+POc+fxUQzy`&zm>^SsuP%mSlO;9n~{h)OV
zK=_-|EDh}3o)mx+toP2Owx_MW(OAtpAd@?7m>KKayK04}g^xK?Uj8KKT)F;}wn$<2
z&91p^@AAzhxKst=BH2|Pz1c+>mX=LHB*tqSGs~mdV0l0FZ0Kh&ubxI0{j$3NR>f)6
zjf2Hhy6tHF%aAv<M>?h1)yJ!tIKgceIUnqMji=dHY8h#xM;0eD+crE-r11OYbXcp`
z-rzuMzl2@+;pWKAS&2~!RZY11NP*^EPxO{0x`d*L;+xSL-ehhs#>W~nV*gvEk>(Dh
z4|5#s%fC2$Qcm(@F8YW)Q${-{0~d_)haqyLJ90l`2#$JuCfss=B;0A?wwAruIk(V$
zur~kLsiFD+k^^%{kL+amVe_;K5MnVw`M%K)wgICH3qN%q*4WCv7HItnYGcx^I*xXq
z!w-MPjL($XPzZrPD1f`PIf%@=>UVD)u@^#VRk2z+>KA<b$;+{ycf`WrY|=a5kP%9^
z*AMjTjg;hcHSC)d^aK07shrZpiK+u6<L$NS*b-)KJL0-1FTX#`4s)`ufVM10OW_dT
z*I(TWzI{<4^BHgD!K1C%;8ogtuT7f^V+K_UDc4;_NutQhN~MyqjkgsXthY1A3<GW7
zE@~CWBQ}q<m<)GnEdBHhooUps0g3B6%A2d*J(_>$Y=U6RYd|}e@3GEOuuE8pxyLtt
zWnN#~Ob&OYj}s|XHc-L(d$6)_o{r^I-CQC~mDK?Dh5X#bv7e5>hh9Ov02({-@6DtO
znE8?0Vs18yp9YF-)XJLeW=XhdAc|*Wm*0z+1-H|0iaNhjWeGHLcx%t~K05HfX;+SL
zpQ7&+Z6~|$J4@VFj+E~7(*W^bTM4W!S}I)+=+`?{#OkJL!T9^)mKON#(Cft90Xg&b
zXP?xAZ3VouIq=Op^MLV0*n^uEr{7X3Nc93vcR6l14f}WCzYAYz?iXhFU3*n(m{WwN
z=>E=#arT34eMx4GW^fqW9?0TX4KbK{lb155Hp=Ocm=z@PTWG0VvC7Py$74j5Lr#7r
z2;V%%{$RG_bsP71t+95VOyf{@uAvjIRNW31m7onX7;DJBGws&sN2|}?sF_h4i*2KK
z;TkPtJ3iDE$I)db*UE9wl#fxXy=I`-=S}Li^s-)<=bOw;@INz;gfghSzto3ydv9>B
zmlPOVHhAn@5G9clFFz5PS#;LA*MW1?gJP8XE11(>?L_;x%?<E(Dqw;q)3453(F3r{
zve?p_L|LwAVk5(}>YfEsWUhMrRjQs;zMum7C}!s(=(F-lJJUuVlu`r`F=95}5d#a{
z;3c<BvQk7hMyRfP4n%k3D=XH3Rbbt1aQ*8(DQCF3a>~lZ-7Fu~P?P>hWRvzlI4f<(
zI(q7id5$kFYYhl<Y7+n|G&C8JNJ2VpA}x2u$J8Lpr)%E9%Pl8eZ2{3g6LB||w^rI5
zB4^`3wG_AbA;55e4o2S1Sv+;(q8<+h&xwF7y|i0u?U9=i+ULO<y9nuh4Uph~YN~w{
zr1*uA%J{Le?ELM^Bd(DzvmaW(cga;oe<nycaNL0Y_XVU)9tn1cYgkX>!;h2+UDp+R
zy~Rv|qX0T>p>S1vp4O4Z>6DDqWSgPODLjUB7jJf+3TIt<mhWHCRX%sV-@H-y(24_0
zDwu!H1ivjVyR*|?zz4PtK=630!GN({AJM`bfTxvtc(c$c`j{92wA1jk5E}P25?Rjp
zMmW`Rwu$RbZ)x=x&3E>48`%M2tyQw(*JR|dP6Zso(J@x-!YMyyXRID=q&CpEENnG8
z$?crF9U*fz1ZlFz4z?*Z0e&U9-v&&5x`1ZTwtvNGWwGiRMr1rJVB)|IA%O9W=HYf~
z6ZV%ceMO%lGzq{{mbDqIJ)xGjYR*&SKN0(*2G~#y0Vs}r`=+;FXiiZjl~Zhelb&s!
z8nO~!C4-&=U5sBN`*>B7#5u5Nl2-6MXoTzIlmKLS)D$5d#GI05gCOSLE#vm5Zr9L*
zlaz@QQisfqVljLg7$J30lCDYS?0&+KpVVxhw#+-zfZShp2C{-O%JhX+YqxQ})<Dr|
zeX|qvg)#jn$8OA8{c%GO!B~&3@)K?*Ad&X0(E(I{U8UfMCzZXA)d2Lf0jKpZv)`xS
zgFFU8VLiysmJOoMSAj-5tt8_rA;P}e(7&ylTc-F^XlS%|h*vs#c8ATtr15EZwe^A_
z4rKPGv6oO$k3JftjDtli`@-xaJ{ue=D&vMDGmWr%sOhZ6b;0xV=IorOb(=fGN(S#~
zz1`O`7G1rItx;VQz1Q#U!N^r27NgEkrG$iZla*~W3B~pKFE_X_E&h6Dfe1&2a1Qe5
zg4{EBSrhWU|C-%xsf!WvqSpDaECyB)>qsm+wx8`15$E^Sq=BTVn>RHPK#B9d9G<Do
z^5m*q>w1C4Wknt7@PJne{2O>0o9#@5i#(hq8yXHw5SD5Wx~sZD0nX|4GMOymay;mQ
zNrZbHgkFNTy-R}wc;Gmaet8kL(uBB~tLX2yQQ6{T|3dJA6nbl}d}|xR$;S*at73hH
zt`WIcpT*^iE#tH(JQyr4idV#n49@g)Dq>uhig7<vkOX7(WzZDdmAbvIYb#5j-AKzg
zj$ZKpX>>V6rwX!-bV{{qj@1^43RscV!=FF29CS;d|J}GC%J`g!(1Virk1m{upp|l;
zbInawzsZHE!AwZF<||QFJ2+!$9y9Zt*zb)5^HCMp{RtukvnikRh8yH~guS0hpC$<+
zFKJh0SY<&q5x%KJP>n9Y+M|<s4k(3EIw0A!^$8yATdjr<2ZvT7FZE8#TJivDw*b%u
z@r${Zo{Wj_L|m?-r6tvyJ4C%aR!P5;{E_~<x0y&|m@Krhmu?~Db2hPbQpTS-xI=>-
zQbL$TGWLcZ@>>R>%P;ppacQP;JCffhp1fo{g(z!3pFF?jFi9k*SXjG=lHG2;AP@oW
z&k8%@vIZA;Ec`hyBIK!HTLaxg0n{A&9h;P)(<2N}zqph?hiBfYJ0ekbgV?2i>OgLz
zR7C!S;=}1ZdQC^Yy8j5>GGga|Sm<bf!z>PqG_L_(kzO=M@K+WX?<)T4U~JRHzYhh}
z-x=LTY)mI=Z#-u3@DpWloelWN_VKyufvxjWZ;y&pelYtvopD*T#)$2JsnIjIEm8x2
zD%&BbM7eJ&^b-Q(wF)x0RjUEMESV82lth8ASJLQdW>)&g>|i9_{KdqvC(<`=wOAG_
zx2_jP#tA>~l{eS-rGG`sJ-mc<<r~51Ml6LKx_Cx%)^i_So@6{I|CIa+9czw~CA$R(
zB_DBo%XYGQ32_QV5M!E9^x*Yn?w0uq!K+!7I(PGo?7&9AIqOOSNLm(cxf31c4(xhl
zAHM8I2=3Lc{8h3@z7M!0W`~fiQ6)X?FoSb{0lp|qfJ1f*D=WNAR}2kO_b*aLUnbG=
z!{-B_a%h6N8)_!DOpt?qT@@IITL*kQ?WovX+7ef+`DHRdaYFR=iyG#6=Fv0+6a^}L
z;I5JI_hI}quTeuJUPJoTK(hKT*o!-{BXg`uO8fkVS#;>=A>1P{o*xqZSnPr?`ly1X
zBYu7SX61@GIw4J~Yv#7>nJ!>!ZFd!HFEbKsqgzaK_K8VxcF6b#UsJu<`*d=j0!GC%
z9t~{T4PrNfej(_<rCO|G9AJjo8;Zl|M7*AZx28C(-#qt%yzl00=-xLu@-;vF0m&sg
zV}`Jy@qxaC7?^D20Uqp__?CUWaZsz|&b6j_toozmyTh@){RMj%x=QZNRxFg<?9mia
zX;YSj<?;7pap3Nh0Q%u~OM!CP`)`$8n-gyrEET`0=#CT#sfFYaLEFS#!F=v{w_|V1
zAh++M+>Jzj5@!tG{nob15sAWyh?O2H@ax}TZL+dz%Aw|fNXN4krTe>#9Y{d4tndO)
zB?s;{yOJ3pjq?kQcdIuI09ifeHXo}d<<#JpaC!+-YRb}@MewB;0&3=+bp0P!w>Odj
z&GNU=XD5APx;vN9%Iw!UItdfsT=I91{oa12O&!*Wo{c4>x|w}Z7R+*hWFi18JW3(D
z#Pe6o;Z_;X6;X|7?C{lcXD{IB*ob_fF7Ik+07%de>R)k<zI^k0?tzbu&|q4}B8&a(
zYvBj$0oHZhe=RN30lZYNlrc0vpa`X6<l9T~0ADquq`m2LJ=8deQ%GrB9Go$CNRB+O
zEhT16!-%5QTl?@n_INgFt(kSe_SAMOn*JQXD_`w#OG6dxR`vR0L#*ER_-e!!^4k2x
z5%;f6^Kn%a@@D(CTmv)5?k^Mv!-EHs13vE_+*PWSUfO&Q9{0@i6M;=3iVvjsJ{wuG
z$UH<H@3!AD&w8+RGCj%2ohD{3MKKPxS)tk-C9Lm;0*G&9q&HIR)#i|;_Y%Z{`TB;7
zWqBGz4N$uzjj4{&14`~YL4g@LaQ<4GUtYvButUgIl{D`ZQ0Tl`1-6aOX8FfY(j!DS
zH{>eXWp#C5TXykt>b-u)xJ3Nvz+>!dY{}^Wj4Zl#{R>UaL!7%y!SLGMrxmHmI5f)<
zBJK*yo}t|kF-gep!hbCjRX~b}T~0Z^vr*6eDWgrV2hRI3oN8Pz)hO^u&^%;7wo^L?
zv}{*axzGJaU|s+4H|)ha(4fxV#jI6D{y<Y@jFO}A@))|@^Z485TLg>9d49{fTQM5Q
z!#C;8Un<wr2WIm`V86lLPXl+$Y4eHY?gPGK%3hXvL_mF}bH!}~v`XQE;)*1_n9JVZ
zv)LoT=(%A4Vr?9`5q$qqeBhJTEb&(Fkp2<d%Ebbg^1{ufc2OAaKwmeueKJKjVO7><
zuoSbuIYI*}?>RkIr9-IzXGwLkQ)P1gy9dO0T^2`>Gu_-uVP&CiTY`hJ$>IY(WG-Ba
z5?ULM62AtEEZ(&^DqmB2G(Bc7S1EWQm4MuCw9HfK_Bp2S&#W<UhX`XRA62p&cz;?C
z1%d^-(Qh@UD#CkfS!v&Pu|xuMae(@E!ppujvy`2}HCAA4lmWHHorCm8Z}s704`QVd
z(4oqpQ~GJggDKm*>!i;^zxu%!0^pqnt|}boEBV6#ye|J_z)X%r<GEciih$2Rji}AA
zXmyWFXP+ip`*=aXUeq^=Ff%s99dESTx5<n=tluIq6zn=~F}9;FJFy11M!S~H^!I-c
zrw7y&MStHCQ9mv9%PrwiRxCaAAIpGq=&NLg)?GX9gQ!PX8=?M<+4i${qI0VN25k&k
zja4yqcNqr~*3=X9PR|T|Y?DNkfl#rc*z#}YO%W>Y9UXYyNWNyX0ZreE*rtU~>>n8Z
zu|{;Of<7|u8#&30V5K;8E`%T2od+sw_0+twETo`48d?!A>3}NpR9w39%1g;)<&3*O
z&;$9eDyGCHfm_x~V)qV7K5bSOJhus!j>JolW0SN+rznY;N^Q3vUbDSf<9VS3#7#-g
zx!=zpP+u~-FL6I@D;y_Qj4V5mF3{A@#J>e4oE(>Tsrj_)*&Igr$Z_f(OP<}_Jo?{%
z`8l1*&f{%cgJbf?)b<u6VGPpT-Zk1~t>B3td{JueCr%_s_m{*t;!;8e<jaD$PNVb#
zMI7~tJHwg$&m;e1Dj966N!+<iT&U<h-JN!Sx%+3Nz${U!Opu*k(Y=*NQ|c|iO0TEV
zu}#5Sxmw9C^gq{OjpYG81rk{!E}i{3hx`ARB@jlK`&X*}Wl#K<Wf4Z;s{($)wuTFO
zZgLtHfD3s`BEyc6Z-d&@_Snp|_==hOLw=WFpSH=<He3+r%Rk;Ir!eBrBA5yEbn+19
z@680WS+4)}C;8t&)&Gmh<e%`4e?3?J)bL-_O)wkhf3dQ_YX5J>tv^mKFc+r3B((o-
z>3=Hx*9DmS(%(Rm|GDrz+`R?1W3*xLEx=|E7C*mfnF2zu{r4zy)VvPHpdj@4=~7&e
z7{-GFS5?gcJ28foTT{irI4ba3OA@NZM`2aBkRICE!ZLVT{>$?Fk23$Sf7hDeNwO0b
U3^H2&avIA^t4LM9Hx2oJ0A&Ins{jB1

diff --git a/docs/index.md b/docs/index.md
index f1b6e1b1af..36c87a003d 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -4,11 +4,11 @@ hide:
   - toc
 ---
 
-# headscale
+# Welcome to headscale
 
-`headscale` is an open source, self-hosted implementation of the Tailscale control server.
+Headscale is an open source, self-hosted implementation of the Tailscale control server.
 
-This page contains the documentation for the latest version of headscale. Please also check our [FAQ](faq.md).
+This page contains the documentation for the latest version of headscale. Please also check our [FAQ](./about/faq.md).
 
 Join our [Discord](https://discord.gg/c84AZQhmpx) server for a chat and community support.
 
@@ -23,16 +23,15 @@ open-source organisation.
 
 ## Supporting headscale
 
-If you like `headscale` and find it useful, there is a sponsorship and donation
-buttons available in the repo.
+Please see [Sponsor](about/sponsor.md) for more information.
 
 ## Contributing
 
 Headscale is "Open Source, acknowledged contribution", this means that any
 contribution will have to be discussed with the Maintainers before being submitted.
 
-Please see [CONTRIBUTING.md](https://github.com/juanfont/headscale/blob/main/CONTRIBUTING.md) for more information.
+Please see [Contributing](about/contributing.md) for more information.
 
 ## About
 
-`headscale` is maintained by [Kristoffer Dalby](https://kradalby.no/) and [Juan Font](https://font.eu).
+Headscale is maintained by [Kristoffer Dalby](https://kradalby.no/) and [Juan Font](https://font.eu).
diff --git a/docs/acls.md b/docs/ref/acls.md
similarity index 98%
rename from docs/acls.md
rename to docs/ref/acls.md
index 4ab8fb469d..a621da5dd9 100644
--- a/docs/acls.md
+++ b/docs/ref/acls.md
@@ -36,12 +36,12 @@ servers.
 - billing.internal
 - router.internal
 
-![ACL implementation example](images/headscale-acl-network.png)
+![ACL implementation example](../images/headscale-acl-network.png)
 
 ## ACL setup
 
 Note: Users will be created automatically when users authenticate with the
-Headscale server.
+headscale server.
 
 ACLs have to be written in [huJSON](https://github.com/tailscale/hujson).
 
@@ -87,7 +87,7 @@ Here are the ACL's to implement the same permissions as above:
   // to define a single host, use a /32 mask. You cannot use DNS entries here,
   // as they're prone to be hijacked by replacing their IP addresses.
   // see https://github.com/tailscale/tailscale/issues/3800 for more information.
-  "Hosts": {
+  "hosts": {
     "postgresql.internal": "10.20.0.2/32",
     "webservers.internal": "10.20.10.1/29"
   },
diff --git a/docs/ref/configuration.md b/docs/ref/configuration.md
new file mode 100644
index 0000000000..239d9cb603
--- /dev/null
+++ b/docs/ref/configuration.md
@@ -0,0 +1,39 @@
+# Configuration
+
+- Headscale loads its configuration from a YAML file
+- It searches for `config.yaml` in the following paths:
+  - `/etc/headscale`
+  - `$HOME/.headscale`
+  - the current working directory
+- Use the command line flag `-c`, `--config` to load the configuration from a different path
+- Validate the configuration file with: `headscale configtest`
+
+!!! example "Get the [example configuration from the GitHub repository](https://github.com/juanfont/headscale/blob/main/config-example.yaml)"
+
+    Always select the [same GitHub tag](https://github.com/juanfont/headscale/tags) as the released version you use to
+    ensure you have the correct example configuration. The `main` branch might contain unreleased changes.
+
+    === "View on GitHub"
+
+        * Development version: <https://github.com/juanfont/headscale/blob/main/config-example.yaml>
+        * Version {{ headscale.version }}: <https://github.com/juanfont/headscale/blob/v{{ headscale.version }}/config-example.yaml>
+
+    === "Download with `wget`"
+
+        ```shell
+        # Development version
+        wget -O config.yaml https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml
+
+        # Version {{ headscale.version }}
+        wget -O config.yaml https://raw.githubusercontent.com/juanfont/headscale/v{{ headscale.version }}/config-example.yaml
+        ```
+
+    === "Download with `curl`"
+
+        ```shell
+        # Development version
+        curl -o config.yaml https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml
+
+        # Version {{ headscale.version }}
+        curl -o config.yaml https://raw.githubusercontent.com/juanfont/headscale/v{{ headscale.version }}/config-example.yaml
+        ```
diff --git a/docs/ref/dns.md b/docs/ref/dns.md
new file mode 100644
index 0000000000..1e3ad8977a
--- /dev/null
+++ b/docs/ref/dns.md
@@ -0,0 +1,80 @@
+# DNS
+
+Headscale supports [most DNS features](../about/features.md) from Tailscale and DNS releated settings can be configured
+in the [configuration file](./configuration.md) within the `dns` section.
+
+## Setting custom DNS records
+
+!!! warning "Community documentation"
+
+    This page is not actively maintained by the headscale authors and is
+    written by community members. It is _not_ verified by headscale developers.
+
+    **It might be outdated and it might miss necessary steps**.
+
+Headscale allows to set custom DNS records which are made available via
+[MagicDNS](https://tailscale.com/kb/1081/magicdns). An example use case is to serve multiple apps on the same host via a
+reverse proxy like NGINX, in this case a Prometheus monitoring stack. This allows to nicely access the service with
+"http://grafana.myvpn.example.com" instead of the hostname and port combination
+"http://hostname-in-magic-dns.myvpn.example.com:3000".
+
+!!! warning "Limitations"
+
+    [Not all types of records are supported](https://github.com/tailscale/tailscale/blob/6edf357b96b28ee1be659a70232c0135b2ffedfd/ipn/ipnlocal/local.go#L2989-L3007), especially no CNAME records.
+
+1.  Update the [configuration file](./configuration.md) to contain the desired records like so:
+
+    ```yaml
+    dns:
+      ...
+      extra_records:
+        - name: "prometheus.myvpn.example.com"
+          type: "A"
+          value: "100.64.0.3"
+
+        - name: "grafana.myvpn.example.com"
+          type: "A"
+          value: "100.64.0.3"
+      ...
+    ```
+
+1.  Restart your headscale instance.
+
+1.  Verify that DNS records are properly set using the DNS querying tool of your choice:
+
+    === "Query with dig"
+
+        ```shell
+        dig +short grafana.myvpn.example.com
+        100.64.0.3
+        ```
+
+    === "Query with drill"
+
+        ```shell
+        drill -Q grafana.myvpn.example.com
+        100.64.0.3
+        ```
+
+1.  Optional: Setup the reverse proxy
+
+    The motivating example here was to be able to access internal monitoring services on the same host without
+    specifying a port, depicted as NGINX configuration snippet:
+
+    ```
+    server {
+        listen 80;
+        listen [::]:80;
+
+        server_name grafana.myvpn.example.com;
+
+        location / {
+            proxy_pass http://localhost:3000;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+    }
+    ```
diff --git a/docs/exit-node.md b/docs/ref/exit-node.md
similarity index 100%
rename from docs/exit-node.md
rename to docs/ref/exit-node.md
diff --git a/docs/reverse-proxy.md b/docs/ref/integration/reverse-proxy.md
similarity index 96%
rename from docs/reverse-proxy.md
rename to docs/ref/integration/reverse-proxy.md
index b042b348da..a50e894a10 100644
--- a/docs/reverse-proxy.md
+++ b/docs/ref/integration/reverse-proxy.md
@@ -3,7 +3,7 @@
 !!! warning "Community documentation"
 
     This page is not actively maintained by the headscale authors and is
-    written by community members. It is _not_ verified by `headscale` developers.
+    written by community members. It is _not_ verified by headscale developers.
 
     **It might be outdated and it might miss necessary steps**.
 
@@ -121,11 +121,11 @@ The following Caddyfile is all that is necessary to use Caddy as a reverse proxy
 
 Caddy v2 will [automatically](https://caddyserver.com/docs/automatic-https) provision a certificate for your domain/subdomain, force HTTPS, and proxy websockets - no further configuration is necessary.
 
-For a slightly more complex configuration which utilizes Docker containers to manage Caddy, Headscale, and Headscale-UI, [Guru Computing's guide](https://blog.gurucomputing.com.au/smart-vpns-with-headscale/) is an excellent reference.
+For a slightly more complex configuration which utilizes Docker containers to manage Caddy, headscale, and Headscale-UI, [Guru Computing's guide](https://blog.gurucomputing.com.au/smart-vpns-with-headscale/) is an excellent reference.
 
 ## Apache
 
-The following minimal Apache config will proxy traffic to the Headscale instance on `<IP:PORT>`. Note that `upgrade=any` is required as a parameter for `ProxyPass` so that WebSockets traffic whose `Upgrade` header value is not equal to `WebSocket` (i. e. Tailscale Control Protocol) is forwarded correctly. See the [Apache docs](https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html) for more information on this.
+The following minimal Apache config will proxy traffic to the headscale instance on `<IP:PORT>`. Note that `upgrade=any` is required as a parameter for `ProxyPass` so that WebSockets traffic whose `Upgrade` header value is not equal to `WebSocket` (i. e. Tailscale Control Protocol) is forwarded correctly. See the [Apache docs](https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html) for more information on this.
 
 ```
 <VirtualHost *:443>
diff --git a/docs/web-ui.md b/docs/ref/integration/web-ui.md
similarity index 88%
rename from docs/web-ui.md
rename to docs/ref/integration/web-ui.md
index 57631845c2..2425d8b777 100644
--- a/docs/web-ui.md
+++ b/docs/ref/integration/web-ui.md
@@ -3,14 +3,14 @@
 !!! warning "Community contributions"
 
     This page contains community contributions. The projects listed here are not
-    maintained by the Headscale authors and are written by community members.
+    maintained by the headscale authors and are written by community members.
 
 | Name            | Repository Link                                         | Description                                                                         | Status |
 | --------------- | ------------------------------------------------------- | ----------------------------------------------------------------------------------- | ------ |
-| headscale-webui | [Github](https://github.com/ifargle/headscale-webui)    | A simple Headscale web UI for small-scale deployments.                              | Alpha  |
+| headscale-webui | [Github](https://github.com/ifargle/headscale-webui)    | A simple headscale web UI for small-scale deployments.                              | Alpha  |
 | headscale-ui    | [Github](https://github.com/gurucomputing/headscale-ui) | A web frontend for the headscale Tailscale-compatible coordination server           | Alpha  |
 | HeadscaleUi     | [GitHub](https://github.com/simcu/headscale-ui)         | A static headscale admin ui, no backend enviroment required                         | Alpha  |
-| headscale-admin | [Github](https://github.com/GoodiesHQ/headscale-admin)  | Headscale-Admin is meant to be a simple, modern web interface for Headscale         | Beta   |
+| headscale-admin | [Github](https://github.com/GoodiesHQ/headscale-admin)  | Headscale-Admin is meant to be a simple, modern web interface for headscale         | Beta   |
 | ouroboros       | [Github](https://github.com/yellowsink/ouroboros)       | Ouroboros is designed for users to manage their own devices, rather than for admins | Stable |
 
 You can ask for support on our dedicated [Discord channel](https://discord.com/channels/896711691637780480/1105842846386356294).
diff --git a/docs/oidc.md b/docs/ref/oidc.md
similarity index 92%
rename from docs/oidc.md
rename to docs/ref/oidc.md
index c8746bbc6b..734184df83 100644
--- a/docs/oidc.md
+++ b/docs/ref/oidc.md
@@ -1,4 +1,4 @@
-# Configuring Headscale to use OIDC authentication
+# Configuring headscale to use OIDC authentication
 
 In order to authenticate users through a centralized solution one must enable the OIDC integration.
 
@@ -54,7 +54,7 @@ oidc:
 
 ## Azure AD example
 
-In order to integrate Headscale with Azure Active Directory, we'll need to provision an App Registration with the correct scopes and redirect URI. Here with Terraform:
+In order to integrate headscale with Azure Active Directory, we'll need to provision an App Registration with the correct scopes and redirect URI. Here with Terraform:
 
 ```hcl
 resource "azuread_application" "headscale" {
@@ -84,7 +84,7 @@ resource "azuread_application" "headscale" {
     }
   }
   web {
-    # Points at your running Headscale instance
+    # Points at your running headscale instance
     redirect_uris = ["https://headscale.example.com/oidc/callback"]
 
     implicit_grant {
@@ -125,7 +125,7 @@ output "headscale_client_secret" {
 }
 ```
 
-And in your Headscale `config.yaml`:
+And in your headscale `config.yaml`:
 
 ```yaml
 oidc:
@@ -144,7 +144,7 @@ oidc:
 
 ## Google OAuth Example
 
-In order to integrate Headscale with Google, you'll need to have a [Google Cloud Console](https://console.cloud.google.com) account.
+In order to integrate headscale with Google, you'll need to have a [Google Cloud Console](https://console.cloud.google.com) account.
 
 Google OAuth has a [verification process](https://support.google.com/cloud/answer/9110914?hl=en) if you need to have users authenticate who are outside of your domain. If you only need to authenticate users from your domain name (ie `@example.com`), you don't need to go through the verification process.
 
@@ -158,17 +158,16 @@ However if you don't have a domain, or need to add users outside of your domain,
 4. Click `Create Credentials` -> `OAuth client ID`
 5. Under `Application Type`, choose `Web Application`
 6. For `Name`, enter whatever you like
-7. Under `Authorised redirect URIs`, use `https://example.com/oidc/callback`, replacing example.com with your Headscale URL.
+7. Under `Authorised redirect URIs`, use `https://example.com/oidc/callback`, replacing example.com with your headscale URL.
 8. Click `Save` at the bottom of the form
 9. Take note of the `Client ID` and `Client secret`, you can also download it for reference if you need it.
 10. Edit your headscale config, under `oidc`, filling in your `client_id` and `client_secret`:
-
-```yaml
-oidc:
-  issuer: "https://accounts.google.com"
-  client_id: ""
-  client_secret: ""
-  scope: ["openid", "profile", "email"]
-```
+    ```yaml
+    oidc:
+      issuer: "https://accounts.google.com"
+      client_id: ""
+      client_secret: ""
+      scope: ["openid", "profile", "email"]
+    ```
 
 You can also use `allowed_domains` and `allowed_users` to restrict the users who can authenticate.
diff --git a/docs/ref/remote-cli.md b/docs/ref/remote-cli.md
new file mode 100644
index 0000000000..041d46c419
--- /dev/null
+++ b/docs/ref/remote-cli.md
@@ -0,0 +1,98 @@
+# Controlling headscale with remote CLI
+
+This documentation has the goal of showing a user how-to set control a headscale instance
+from a remote machine with the `headscale` command line binary.
+
+## Prerequisite
+
+- A workstation to run headscale (could be Linux, macOS, other supported platforms)
+- A headscale server (version `0.13.0` or newer)
+- Access to create API keys (local access to the headscale server)
+- headscale _must_ be served over TLS/HTTPS
+  - Remote access does _not_ support unencrypted traffic.
+- Port `50443` must be open in the firewall (or port overridden by `grpc_listen_addr` option)
+
+## Create an API key
+
+We need to create an API key to authenticate our remote headscale when using it from our workstation.
+
+To create a API key, log into your headscale server and generate a key:
+
+```shell
+headscale apikeys create --expiration 90d
+```
+
+Copy the output of the command and save it for later. Please note that you can not retrieve a key again,
+if the key is lost, expire the old one, and create a new key.
+
+To list the keys currently assosicated with the server:
+
+```shell
+headscale apikeys list
+```
+
+and to expire a key:
+
+```shell
+headscale apikeys expire --prefix "<PREFIX>"
+```
+
+## Download and configure headscale
+
+1.  Download the latest [`headscale` binary from GitHub's release page](https://github.com/juanfont/headscale/releases):
+
+1.  Put the binary somewhere in your `PATH`, e.g. `/usr/local/bin/headscale`
+
+1.  Make `headscale` executable:
+
+    ```shell
+    chmod +x /usr/local/bin/headscale
+    ```
+
+1.  Configure the CLI through environment variables
+
+    ```shell
+    export HEADSCALE_CLI_ADDRESS="<HEADSCALE ADDRESS>:<PORT>"
+    export HEADSCALE_CLI_API_KEY="<API KEY FROM PREVIOUS STAGE>"
+    ```
+
+    for example:
+
+    ```shell
+    export HEADSCALE_CLI_ADDRESS="headscale.example.com:50443"
+    export HEADSCALE_CLI_API_KEY="abcde12345"
+    ```
+
+    This will tell the `headscale` binary to connect to a remote instance, instead of looking
+    for a local instance (which is what it does on the server).
+
+    The API key is needed to make sure that you are allowed to access the server. The key is _not_
+    needed when running directly on the server, as the connection is local.
+
+1.  Test the connection
+
+    Let us run the headscale command to verify that we can connect by listing our nodes:
+
+    ```shell
+    headscale nodes list
+    ```
+
+    You should now be able to see a list of your nodes from your workstation, and you can
+    now control the headscale server from your workstation.
+
+## Behind a proxy
+
+It is possible to run the gRPC remote endpoint behind a reverse proxy, like Nginx, and have it run on the _same_ port as headscale.
+
+While this is _not a supported_ feature, an example on how this can be set up on
+[NixOS is shown here](https://github.com/kradalby/dotfiles/blob/4489cdbb19cddfbfae82cd70448a38fde5a76711/machines/headscale.oracldn/headscale.nix#L61-L91).
+
+## Troubleshooting
+
+Checklist:
+
+- Make sure you have the _same_ headscale version on your server and workstation
+- Make sure you use version `0.13.0` or newer.
+- Verify that your TLS certificate is valid and trusted
+  - If you do not have access to a trusted certificate (e.g. from Let's Encrypt), add your self signed certificate to the trust store of your OS or
+  - Set `HEADSCALE_CLI_INSECURE` to 0 in your environment
diff --git a/docs/tls.md b/docs/ref/tls.md
similarity index 98%
rename from docs/tls.md
rename to docs/ref/tls.md
index ba87f4e641..173399e47c 100644
--- a/docs/tls.md
+++ b/docs/ref/tls.md
@@ -47,7 +47,7 @@ Headscale uses [autocert](https://pkg.go.dev/golang.org/x/crypto/acme/autocert),
 
 If you want to validate that certificate renewal completed successfully, this can be done either manually, or through external monitoring software. Two examples of doing this manually:
 
-1. Open the URL for your Headscale server in your browser of choice, and manually inspecting the expiry date of the certificate you receive.
+1. Open the URL for your headscale server in your browser of choice, and manually inspecting the expiry date of the certificate you receive.
 2. Or, check remotely from CLI using `openssl`:
 
 ```bash
diff --git a/docs/remote-cli.md b/docs/remote-cli.md
deleted file mode 100644
index c641b78990..0000000000
--- a/docs/remote-cli.md
+++ /dev/null
@@ -1,100 +0,0 @@
-# Controlling `headscale` with remote CLI
-
-## Prerequisite
-
-- A workstation to run `headscale` (could be Linux, macOS, other supported platforms)
-- A `headscale` server (version `0.13.0` or newer)
-- Access to create API keys (local access to the `headscale` server)
-- `headscale` _must_ be served over TLS/HTTPS
-  - Remote access does _not_ support unencrypted traffic.
-- Port `50443` must be open in the firewall (or port overridden by `grpc_listen_addr` option)
-
-## Goal
-
-This documentation has the goal of showing a user how-to set control a `headscale` instance
-from a remote machine with the `headscale` command line binary.
-
-## Create an API key
-
-We need to create an API key to authenticate our remote `headscale` when using it from our workstation.
-
-To create a API key, log into your `headscale` server and generate a key:
-
-```shell
-headscale apikeys create --expiration 90d
-```
-
-Copy the output of the command and save it for later. Please note that you can not retrieve a key again,
-if the key is lost, expire the old one, and create a new key.
-
-To list the keys currently assosicated with the server:
-
-```shell
-headscale apikeys list
-```
-
-and to expire a key:
-
-```shell
-headscale apikeys expire --prefix "<PREFIX>"
-```
-
-## Download and configure `headscale`
-
-1. Download the latest [`headscale` binary from GitHub's release page](https://github.com/juanfont/headscale/releases):
-
-2. Put the binary somewhere in your `PATH`, e.g. `/usr/local/bin/headscale`
-
-3. Make `headscale` executable:
-
-   ```shell
-   chmod +x /usr/local/bin/headscale
-   ```
-
-4. Configure the CLI through environment variables
-
-   ```shell
-   export HEADSCALE_CLI_ADDRESS="<HEADSCALE ADDRESS>:<PORT>"
-   export HEADSCALE_CLI_API_KEY="<API KEY FROM PREVIOUS STAGE>"
-   ```
-
-   for example:
-
-   ```shell
-   export HEADSCALE_CLI_ADDRESS="headscale.example.com:50443"
-   export HEADSCALE_CLI_API_KEY="abcde12345"
-   ```
-
-   This will tell the `headscale` binary to connect to a remote instance, instead of looking
-   for a local instance (which is what it does on the server).
-
-   The API key is needed to make sure that you are allowed to access the server. The key is _not_
-   needed when running directly on the server, as the connection is local.
-
-5. Test the connection
-
-   Let us run the headscale command to verify that we can connect by listing our nodes:
-
-   ```shell
-   headscale nodes list
-   ```
-
-   You should now be able to see a list of your nodes from your workstation, and you can
-   now control the `headscale` server from your workstation.
-
-## Behind a proxy
-
-It is possible to run the gRPC remote endpoint behind a reverse proxy, like Nginx, and have it run on the _same_ port as `headscale`.
-
-While this is _not a supported_ feature, an example on how this can be set up on
-[NixOS is shown here](https://github.com/kradalby/dotfiles/blob/4489cdbb19cddfbfae82cd70448a38fde5a76711/machines/headscale.oracldn/headscale.nix#L61-L91).
-
-## Troubleshooting
-
-Checklist:
-
-- Make sure you have the _same_ `headscale` version on your server and workstation
-- Make sure you use version `0.13.0` or newer.
-- Verify that your TLS certificate is valid and trusted
-  - If you do not have access to a trusted certificate (e.g. from Let's Encrypt), add your self signed certificate to the trust store of your OS or
-  - Set `HEADSCALE_CLI_INSECURE` to 0 in your environment
diff --git a/docs/requirements.txt b/docs/requirements.txt
index bcbf7c0ef8..0c70d5fbf8 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -1,4 +1,7 @@
 cairosvg~=2.7.1
+mkdocs-include-markdown-plugin~=6.2.2
+mkdocs-macros-plugin~=1.2.0
 mkdocs-material~=9.5.18
 mkdocs-minify-plugin~=0.7.1
+mkdocs-redirects~=1.2.1
 pillow~=10.1.0
diff --git a/docs/running-headscale-linux-manual.md b/docs/running-headscale-linux-manual.md
deleted file mode 100644
index 3a0d91e0b4..0000000000
--- a/docs/running-headscale-linux-manual.md
+++ /dev/null
@@ -1,163 +0,0 @@
-# Running headscale on Linux
-
-!!! warning "Outdated and advanced"
-
-    This documentation is considered the "legacy"/advanced/manual version of the documentation, you most likely do not
-    want to use this documentation and rather look at the [distro specific documentation](./running-headscale-linux.md).
-
-## Goal
-
-This documentation has the goal of showing a user how-to set up and run `headscale` on Linux.
-In additional to the "get up and running section", there is an optional [systemd section](#running-headscale-in-the-background-with-systemd)
-describing how to make `headscale` run properly in a server environment.
-
-## Configure and run `headscale`
-
-1. Download the latest [`headscale` binary from GitHub's release page](https://github.com/juanfont/headscale/releases):
-
-    ```shell
-    wget --output-document=/usr/local/bin/headscale \
-    https://github.com/juanfont/headscale/releases/download/v<HEADSCALE VERSION>/headscale_<HEADSCALE VERSION>_linux_<ARCH>
-    ```
-
-1. Make `headscale` executable:
-
-    ```shell
-    chmod +x /usr/local/bin/headscale
-    ```
-
-1. Prepare a directory to hold `headscale` configuration and the [SQLite](https://www.sqlite.org/) database:
-
-    ```shell
-    # Directory for configuration
-
-    mkdir -p /etc/headscale
-
-    # Directory for Database, and other variable data (like certificates)
-    mkdir -p /var/lib/headscale
-    # or if you create a headscale user:
-    useradd \
-      --create-home \
-      --home-dir /var/lib/headscale/ \
-      --system \
-      --user-group \
-      --shell /usr/sbin/nologin \
-      headscale
-    ```
-
-1. Create a `headscale` configuration:
-
-    ```shell
-    touch /etc/headscale/config.yaml
-    ```
-
-    **(Strongly Recommended)** Download a copy of the [example configuration](https://github.com/juanfont/headscale/blob/main/config-example.yaml) from the headscale repository.
-
-1. Start the headscale server:
-
-    ```shell
-    headscale serve
-    ```
-
-    This command will start `headscale` in the current terminal session.
-
-    ---
-
-    To continue the tutorial, open a new terminal and let it run in the background.
-    Alternatively use terminal emulators like [tmux](https://github.com/tmux/tmux) or [screen](https://www.gnu.org/software/screen/).
-
-    To run `headscale` in the background, please follow the steps in the [systemd section](#running-headscale-in-the-background-with-systemd) before continuing.
-
-1. Verify `headscale` is running:
-  Verify `headscale` is available:
-
-    ```shell
-    curl http://127.0.0.1:9090/metrics
-    ```
-
-1. Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)):
-
-    ```shell
-    headscale users create myfirstuser
-    ```
-
-### Register a machine (normal login)
-
-On a client machine, execute the `tailscale` login command:
-
-```shell
-tailscale up --login-server YOUR_HEADSCALE_URL
-```
-
-Register the machine:
-
-```shell
-headscale nodes register --user myfirstuser --key <YOUR_MACHINE_KEY>
-```
-
-### Register machine using a pre authenticated key
-
-Generate a key using the command line:
-
-```shell
-headscale preauthkeys create --user myfirstuser --reusable --expiration 24h
-```
-
-This will return a pre-authenticated key that can be used to connect a node to `headscale` during the `tailscale` command:
-
-```shell
-tailscale up --login-server <YOUR_HEADSCALE_URL> --authkey <YOUR_AUTH_KEY>
-```
-
-## Running `headscale` in the background with systemd
-
-This section demonstrates how to run `headscale` as a service in the background with [systemd](https://systemd.io/).
-This should work on most modern Linux distributions.
-
-1. Copy [headscale's systemd service file](./packaging/headscale.systemd.service) to
-   `/etc/systemd/system/headscale.service` and adjust it to suit your local setup. The following parameters likely need
-   to be modified: `ExecStart`, `WorkingDirectory`, `ReadWritePaths`.
-
-    Note that when running as the headscale user ensure that, either you add your current user to the headscale group:
-
-    ```shell
-    usermod -a -G headscale current_user
-    ```
-
-    or run all headscale commands as the headscale user:
-
-    ```shell
-    su - headscale
-    ```
-
-1. In `/etc/headscale/config.yaml`, override the default `headscale` unix socket with path that is writable by the `headscale` user or group:
-
-    ```yaml
-    unix_socket: /var/run/headscale/headscale.sock
-    ```
-
-1. Reload systemd to load the new configuration file:
-
-    ```shell
-    systemctl daemon-reload
-    ```
-
-1. Enable and start the new `headscale` service:
-
-    ```shell
-    systemctl enable --now headscale
-    ```
-
-1. Verify the headscale service:
-
-    ```shell
-    systemctl status headscale
-    ```
-
-    Verify `headscale` is available:
-
-    ```shell
-    curl http://127.0.0.1:9090/metrics
-    ```
-
-`headscale` will now run in the background and start at boot.
diff --git a/docs/running-headscale-linux.md b/docs/running-headscale-linux.md
deleted file mode 100644
index ffa510a6a9..0000000000
--- a/docs/running-headscale-linux.md
+++ /dev/null
@@ -1,97 +0,0 @@
-# Running headscale on Linux
-
-## Requirements
-
-- Ubuntu 20.04 or newer, Debian 11 or newer.
-
-## Goal
-
-Get Headscale up and running.
-
-This includes running Headscale with systemd.
-
-## Migrating from manual install
-
-If you are migrating from the old manual install, the best thing would be to remove
-the files installed by following [the guide in reverse](./running-headscale-linux-manual.md).
-
-You should _not_ delete the database (`/var/lib/headscale/db.sqlite`) and the
-configuration (`/etc/headscale/config.yaml`).
-
-## Installation
-
-1. Download the [latest Headscale package](https://github.com/juanfont/headscale/releases/latest) for your platform (`.deb` for Ubuntu and Debian).
-
-    ```shell
-    HEADSCALE_VERSION="" # See above URL for latest version, e.g. "X.Y.Z" (NOTE: do not add the "v" prefix!)
-    HEADSCALE_ARCH="" # Your system architecture, e.g. "amd64"
-    wget --output-document=headscale.deb \
-      "https://github.com/juanfont/headscale/releases/download/v${HEADSCALE_VERSION}/headscale_${HEADSCALE_VERSION}_linux_${HEADSCALE_ARCH}.deb"
-    ```
-
-1. Install Headscale:
-
-    ```shell
-    sudo apt install ./headscale.deb
-    ```
-
-1. Enable Headscale service, this will start Headscale at boot:
-
-    ```shell
-    sudo systemctl enable headscale
-    ```
-
-1. Configure Headscale by editing the configuration file:
-
-    ```shell
-    nano /etc/headscale/config.yaml
-    ```
-
-1. Start Headscale:
-
-    ```shell
-    sudo systemctl start headscale
-    ```
-
-1. Check that Headscale is running as intended:
-
-    ```shell
-    systemctl status headscale
-    ```
-
-## Using Headscale
-
-### Create a user
-
-```shell
-headscale users create myfirstuser
-```
-
-### Register a machine (normal login)
-
-On a client machine, run the `tailscale` login command:
-
-```shell
-tailscale up --login-server <YOUR_HEADSCALE_URL>
-```
-
-Register the machine:
-
-```shell
-headscale nodes register --user myfirstuser --key <YOUR_MACHINE_KEY>
-```
-
-### Register machine using a pre authenticated key
-
-Generate a key using the command line:
-
-```shell
-headscale preauthkeys create --user myfirstuser --reusable --expiration 24h
-```
-
-This will return a pre-authenticated key that is used to
-connect a node to `headscale` during the `tailscale` command:
-
-```shell
-tailscale up --login-server <YOUR_HEADSCALE_URL> --authkey <YOUR_AUTH_KEY>
-```
diff --git a/docs/running-headscale-openbsd.md b/docs/running-headscale-openbsd.md
deleted file mode 100644
index 449034ba97..0000000000
--- a/docs/running-headscale-openbsd.md
+++ /dev/null
@@ -1,202 +0,0 @@
-# Running headscale on OpenBSD
-
-!!! warning "Community documentation"
-
-    This page is not actively maintained by the headscale authors and is
-    written by community members. It is _not_ verified by `headscale` developers.
-
-    **It might be outdated and it might miss necessary steps**.
-
-## Goal
-
-This documentation has the goal of showing a user how-to install and run `headscale` on OpenBSD.
-In addition to the "get up and running section", there is an optional [rc.d section](#running-headscale-in-the-background-with-rcd)
-describing how to make `headscale` run properly in a server environment.
-
-## Install `headscale`
-
-1. Install from ports
-
-    You can install headscale from ports by running `pkg_add headscale`.
-
-1. Install from source
-
-    ```shell
-    # Install prerequistes
-    pkg_add go
-
-    git clone https://github.com/juanfont/headscale.git
-
-    cd headscale
-
-    # optionally checkout a release
-    # option a. you can find official release at https://github.com/juanfont/headscale/releases/latest
-    # option b. get latest tag, this may be a beta release
-    latestTag=$(git describe --tags `git rev-list --tags --max-count=1`)
-
-    git checkout $latestTag
-
-    go build -ldflags="-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=$latestTag" github.com/juanfont/headscale
-
-    # make it executable
-    chmod a+x headscale
-
-    # copy it to /usr/local/sbin
-    cp headscale /usr/local/sbin
-    ```
-
-1. Install from source via cross compile
-
-    ```shell
-    # Install prerequistes
-    # 1. go v1.20+: headscale newer than 0.21 needs go 1.20+ to compile
-    # 2. gmake: Makefile in the headscale repo is written in GNU make syntax
-
-    git clone https://github.com/juanfont/headscale.git
-
-    cd headscale
-
-    # optionally checkout a release
-    # option a. you can find official release at https://github.com/juanfont/headscale/releases/latest
-    # option b. get latest tag, this may be a beta release
-    latestTag=$(git describe --tags `git rev-list --tags --max-count=1`)
-
-    git checkout $latestTag
-
-    make build GOOS=openbsd
-
-    # copy headscale to openbsd machine and put it in /usr/local/sbin
-    ```
-
-## Configure and run `headscale`
-
-1. Prepare a directory to hold `headscale` configuration and the [SQLite](https://www.sqlite.org/) database:
-
-    ```shell
-    # Directory for configuration
-
-    mkdir -p /etc/headscale
-
-    # Directory for database, and other variable data (like certificates)
-    mkdir -p /var/lib/headscale
-    ```
-
-1. Create a `headscale` configuration:
-
-    ```shell
-    touch /etc/headscale/config.yaml
-    ```
-
-**(Strongly Recommended)** Download a copy of the [example configuration](https://github.com/juanfont/headscale/blob/main/config-example.yaml) from the headscale repository.
-
-1. Start the headscale server:
-
-    ```shell
-    headscale serve
-    ```
-
-    This command will start `headscale` in the current terminal session.
-
-    ***
-
-    To continue the tutorial, open a new terminal and let it run in the background.
-    Alternatively use terminal emulators like [tmux](https://github.com/tmux/tmux).
-
-    To run `headscale` in the background, please follow the steps in the [rc.d section](#running-headscale-in-the-background-with-rcd) before continuing.
-
-1. Verify `headscale` is running:
-
-    Verify `headscale` is available:
-
-    ```shell
-    curl http://127.0.0.1:9090/metrics
-    ```
-
-1. Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)):
-
-    ```shell
-    headscale users create myfirstuser
-    ```
-
-### Register a machine (normal login)
-
-On a client machine, execute the `tailscale` login command:
-
-```shell
-tailscale up --login-server YOUR_HEADSCALE_URL
-```
-
-Register the machine:
-
-```shell
-headscale nodes register --user myfirstuser --key <YOUR_MACHINE_KEY>
-```
-
-### Register machine using a pre authenticated key
-
-Generate a key using the command line:
-
-```shell
-headscale preauthkeys create --user myfirstuser --reusable --expiration 24h
-```
-
-This will return a pre-authenticated key that can be used to connect a node to `headscale` during the `tailscale` command:
-
-```shell
-tailscale up --login-server <YOUR_HEADSCALE_URL> --authkey <YOUR_AUTH_KEY>
-```
-
-## Running `headscale` in the background with rc.d
-
-This section demonstrates how to run `headscale` as a service in the background with [rc.d](https://man.openbsd.org/rc.d).
-
-1. Create a rc.d service at `/etc/rc.d/headscale` containing:
-
-    ```shell
-    #!/bin/ksh
-
-    daemon="/usr/local/sbin/headscale"
-    daemon_logger="daemon.info"
-    daemon_user="root"
-    daemon_flags="serve"
-    daemon_timeout=60
-
-    . /etc/rc.d/rc.subr
-
-    rc_bg=YES
-    rc_reload=NO
-
-    rc_cmd $1
-    ```
-
-1. `/etc/rc.d/headscale` needs execute permission:
-
-    ```shell
-    chmod a+x /etc/rc.d/headscale
-    ```
-
-1. Start `headscale` service:
-
-    ```shell
-    rcctl start headscale
-    ```
-
-1. Make `headscale` service start at boot:
-
-    ```shell
-    rcctl enable headscale
-    ```
-
-1. Verify the headscale service:
-
-    ```shell
-    rcctl check headscale
-    ```
-
-    Verify `headscale` is available:
-
-    ```shell
-    curl http://127.0.0.1:9090/metrics
-    ```
-
-    `headscale` will now run in the background and start at boot.
diff --git a/docs/running-headscale-sealos.md b/docs/running-headscale-sealos.md
deleted file mode 100644
index 52f5c7ecce..0000000000
--- a/docs/running-headscale-sealos.md
+++ /dev/null
@@ -1,136 +0,0 @@
-# Running headscale on Sealos
-
-!!! warning "Community documentation"
-
-    This page is not actively maintained by the headscale authors and is
-    written by community members. It is _not_ verified by `headscale` developers.
-
-    **It might be outdated and it might miss necessary steps**.
-
-## Goal
-
-This documentation has the goal of showing a user how-to run `headscale` on Sealos.
-
-## Running headscale server
-
-1. Click the following prebuilt template:
-
-   [![](https://cdn.jsdelivr.net/gh/labring-actions/templates@main/Deploy-on-Sealos.svg)](https://cloud.sealos.io/?openapp=system-template%3FtemplateName%3Dheadscale)
-
-2. Click "Deploy Application" on the template page to start deployment. Upon completion, two applications appear: Headscale, and its [visual interface](https://github.com/GoodiesHQ/headscale-admin).
-3. Once deployment concludes, click 'Details' on the Headscale application page to navigate to the application's details.
-4. Wait for the application's status to switch to running. For accessing the headscale server, the Public Address associated with port 8080 is the address of the headscale server. To access the Headscale console, simply append `/admin/` to the Headscale public URL.
-
-   ![](./images/headscale-sealos-url.png)
-
-5. Click on 'Terminal' button on the right side of the details to access the Terminal of the headscale application. then create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)):
-
-   ```bash
-   headscale users create myfirstuser
-   ```
-
-### Register a machine (normal login)
-
-On a client machine, execute the `tailscale` login command:
-
-```bash
-# replace <YOUR_HEADSCALE_URL> with the public domain provided by Sealos
-tailscale up --login-server YOUR_HEADSCALE_URL
-```
-
-To register a machine when running headscale in [Sealos](https://sealos.io), click on 'Terminal' button on the right side of the headscale application's detail page to access the Terminal of the headscale application, then take the headscale command:
-
-```bash
-headscale nodes register --user myfirstuser --key <YOUR_MACHINE_KEY>
-```
-
-### Register machine using a pre authenticated key
-
-click on 'Terminal' button on the right side of the headscale application's detail page to access the Terminal of the headscale application, then generate a key using the command line:
-
-```bash
-headscale preauthkeys create --user myfirstuser --reusable --expiration 24h
-```
-
-This will return a pre-authenticated key that can be used to connect a node to `headscale` during the `tailscale` command:
-
-```bash
-tailscale up --login-server <YOUR_HEADSCALE_URL> --authkey <YOUR_AUTH_KEY>
-```
-
-## Controlling headscale with remote CLI
-
-This documentation has the goal of showing a user how-to set control a headscale instance from a remote machine with the headscale command line binary.
-
-### Create an API key
-
-We need to create an API key to authenticate our remote headscale when using it from our workstation.
-
-To create a API key, click on 'Terminal' button on the right side of the headscale application's detail page to access the Terminal of the headscale application, then generate a key:
-
-```bash
-headscale apikeys create --expiration 90d
-```
-
-Copy the output of the command and save it for later. Please note that you can not retrieve a key again, if the key is lost, expire the old one, and create a new key.
-
-To list the keys currently assosicated with the server:
-
-```bash
-headscale apikeys list
-```
-
-and to expire a key:
-
-```bash
-headscale apikeys expire --prefix "<PREFIX>"
-```
-
-### Download and configure `headscale` client
-
-1. Download the latest [`headscale` binary from GitHub's release page](https://github.com/juanfont/headscale/releases):
-
-2. Put the binary somewhere in your `PATH`, e.g. `/usr/local/bin/headscale`
-
-3. Make `headscale` executable:
-
-```shell
-chmod +x /usr/local/bin/headscale
-```
-
-4. Configure the CLI through Environment Variables
-
-```shell
-export HEADSCALE_CLI_ADDRESS="<HEADSCALE ADDRESS>:443"
-export HEADSCALE_CLI_API_KEY="<API KEY FROM PREVIOUS STAGE>"
-```
-
-In the headscale application's detail page, The Public Address corresponding to port 50443 corresponds to the value of <HEADSCALE ADDRESS>.
-
-![](./images/headscale-sealos-grpc-url.png)
-
-for example:
-
-```shell
-export HEADSCALE_CLI_ADDRESS="pwnjnnly.cloud.sealos.io:443"
-export HEADSCALE_CLI_API_KEY="abcde12345"
-```
-
-This will tell the `headscale` binary to connect to a remote instance, instead of looking
-for a local instance.
-
-The API key is needed to make sure that your are allowed to access the server. The key is _not_
-needed when running directly on the server, as the connection is local.
-
-1. Test the connection
-
-Let us run the headscale command to verify that we can connect by listing our nodes:
-
-```shell
-headscale nodes list
-```
-
-You should now be able to see a list of your nodes from your workstation, and you can
-now control the `headscale` server from your workstation.
-
-> Reference: [Headscale Deployment and Usage Guide: Mastering Tailscale's Self-Hosting Basics](https://icloudnative.io/en/posts/how-to-set-up-or-migrate-headscale/)
diff --git a/docs/setup/install/cloud.md b/docs/setup/install/cloud.md
new file mode 100644
index 0000000000..99e6c74bfc
--- /dev/null
+++ b/docs/setup/install/cloud.md
@@ -0,0 +1,25 @@
+# Running headscale in a cloud
+
+!!! warning "Community documentation"
+
+    This page is not actively maintained by the headscale authors and is
+    written by community members. It is _not_ verified by headscale developers.
+
+    **It might be outdated and it might miss necessary steps**.
+
+## Sealos
+
+[Deploy headscale as service on Sealos.](https://icloudnative.io/en/posts/how-to-set-up-or-migrate-headscale/)
+
+1. Click the following prebuilt template:
+
+   [![](https://cdn.jsdelivr.net/gh/labring-actions/templates@main/Deploy-on-Sealos.svg)](https://cloud.sealos.io/?openapp=system-template%3FtemplateName%3Dheadscale)
+
+2. Click "Deploy Application" on the template page to start deployment. Upon completion, two applications appear: headscale, and one of its [web interfaces](../../ref/integration/web-ui.md).
+3. Once deployment concludes, click 'Details' on the headscale application page to navigate to the application's details.
+4. Wait for the application's status to switch to running. For accessing the headscale server, the Public Address associated with port 8080 is the address of the headscale server. To access the headscale console, simply append `/admin/` to the headscale public URL.
+
+!!! tip "Remote CLI"
+
+    Headscale can be managed remotely via its remote CLI support. See our [Controlling headscale with remote
+    CLI](../../ref/remote-cli.md) documentation for details.
diff --git a/docs/setup/install/community.md b/docs/setup/install/community.md
new file mode 100644
index 0000000000..f9d7cc187e
--- /dev/null
+++ b/docs/setup/install/community.md
@@ -0,0 +1,55 @@
+# Community packages
+
+Several Linux distributions and community members provide packages for headscale. Those packages may be used instead of
+the [official releases](./official.md) provided by the headscale maintainers. Such packages offer improved integration
+for their targeted operating system and usually:
+
+- setup a dedicated user account to run headscale
+- provide a default configuration
+- install headscale as system service
+
+!!! warning "Community packages might be outdated"
+
+    The packages mentioned on this page might be outdated or unmaintained. Use the [official releases](./official.md) to
+    get the current stable version or to test pre-releases.
+
+    [![Packaging status](https://repology.org/badge/vertical-allrepos/headscale.svg)](https://repology.org/project/headscale/versions)
+
+## Arch Linux
+
+Arch Linux offers a package for headscale, install via:
+
+```shell
+pacman -S headscale
+```
+
+The [AUR package `headscale-git`](https://aur.archlinux.org/packages/headscale-git) can be used to build the current
+development version.
+
+## Fedora, RHEL, CentOS
+
+A 3rd-party repository for various RPM based distributions is available at:
+<https://copr.fedorainfracloud.org/coprs/jonathanspw/headscale/>. The site provides detailed setup and installation
+instructions.
+
+## Nix, NixOS
+
+A Nix package is available as: `headscale`. See the [NixOS package site for installation
+details](https://search.nixos.org/packages?show=headscale).
+
+## Gentoo
+
+```shell
+emerge --ask net-vpn/headscale
+```
+
+Gentoo specific documentation is available [here](https://wiki.gentoo.org/wiki/User:Maffblaster/Drafts/Headscale).
+
+## OpenBSD
+
+Headscale is available in ports. The port installs headscale as system service with `rc.d` and provides usage
+instructions upon installation.
+
+```shell
+pkg_add headscale
+```
diff --git a/docs/running-headscale-container.md b/docs/setup/install/container.md
similarity index 64%
rename from docs/running-headscale-container.md
rename to docs/setup/install/container.md
index 4357ab556e..81e7f7b750 100644
--- a/docs/running-headscale-container.md
+++ b/docs/setup/install/container.md
@@ -3,46 +3,36 @@
 !!! warning "Community documentation"
 
     This page is not actively maintained by the headscale authors and is
-    written by community members. It is _not_ verified by `headscale` developers.
+    written by community members. It is _not_ verified by headscale developers.
 
     **It might be outdated and it might miss necessary steps**.
 
-## Goal
-
-This documentation has the goal of showing a user how-to set up and run `headscale` in a container.
+This documentation has the goal of showing a user how-to set up and run headscale in a container.
 [Docker](https://www.docker.com) is used as the reference container implementation, but there is no reason that it should
 not work with alternatives like [Podman](https://podman.io). The Docker image can be found on Docker Hub [here](https://hub.docker.com/r/headscale/headscale).
 
-## Configure and run `headscale`
+## Configure and run headscale
 
-1. Prepare a directory on the host Docker node in your directory of choice, used to hold `headscale` configuration and the [SQLite](https://www.sqlite.org/) database:
+1.  Prepare a directory on the host Docker node in your directory of choice, used to hold headscale configuration and the [SQLite](https://www.sqlite.org/) database:
 
     ```shell
     mkdir -p ./headscale/config
     cd ./headscale
     ```
 
-1. **(Strongly Recommended)** Download a copy of the [example configuration](https://github.com/juanfont/headscale/blob/main/config-example.yaml) from the headscale repository.
-
-    - Using `wget`:
-
-        ```shell
-        wget -O ./config/config.yaml https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml
-        ```
-
-    - Using `curl`:
-
-        ```shell
-        curl https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml -o ./config/config.yaml
-        ```
+1.  Download the example configuration for your chosen version and save it as: `/etc/headscale/config.yaml`. Adjust the
+    configuration to suit your local environment. See [Configuration](../../ref/configuration.md) for details.
 
-    Modify the config file to your preferences before launching Docker container.
+    ```shell
+    sudo mkdir -p /etc/headscale
+    sudo nano /etc/headscale/config.yaml
+    ```
 
     Alternatively, you can mount `/var/lib` and `/var/run` from your host system by adding
     `--volume $(pwd)/lib:/var/lib/headscale` and `--volume $(pwd)/run:/var/run/headscale`
     in the next step.
 
-1. Start the headscale server while working in the host headscale directory:
+1.  Start the headscale server while working in the host headscale directory:
 
     ```shell
     docker run \
@@ -58,29 +48,30 @@ not work with alternatives like [Podman](https://podman.io). The Docker image ca
     Note: use `0.0.0.0:8080:8080` instead of `127.0.0.1:8080:8080` if you want to expose the container externally.
 
     This command will mount `config/` under `/etc/headscale`, forward port 8080 out of the container so the
-    `headscale` instance becomes available and then detach so headscale runs in the background.
+    headscale instance becomes available and then detach so headscale runs in the background.
 
     Example `docker-compose.yaml`
 
-      ```yaml
-      version: "3.7"
-
-      services:
-        headscale:
-          image: headscale/headscale:<VERSION>
-          restart: unless-stopped
-          container_name: headscale
-          ports:
-            - "127.0.0.1:8080:8080"
-            - "127.0.0.1:9090:9090"
-          volumes:
-            # Please change <CONFIG_PATH> to the fullpath of the config folder just created
-            - <CONFIG_PATH>:/etc/headscale
-          command: serve
-      ```
-
-1. Verify `headscale` is running:
-   Follow the container logs:
+    ```yaml
+    version: "3.7"
+
+    services:
+      headscale:
+        image: headscale/headscale:<VERSION>
+        restart: unless-stopped
+        container_name: headscale
+        ports:
+          - "127.0.0.1:8080:8080"
+          - "127.0.0.1:9090:9090"
+        volumes:
+          # Please change <CONFIG_PATH> to the fullpath of the config folder just created
+          - <CONFIG_PATH>:/etc/headscale
+        command: serve
+    ```
+
+1.  Verify headscale is running:
+
+    Follow the container logs:
 
     ```shell
     docker logs --follow headscale
@@ -92,13 +83,13 @@ not work with alternatives like [Podman](https://podman.io). The Docker image ca
     docker ps
     ```
 
-    Verify `headscale` is available:
+    Verify headscale is available:
 
     ```shell
     curl http://127.0.0.1:9090/metrics
     ```
 
-1. Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)):
+1.  Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)):
 
     ```shell
     docker exec -it headscale \
@@ -113,7 +104,7 @@ On a client machine, execute the `tailscale` login command:
 tailscale up --login-server YOUR_HEADSCALE_URL
 ```
 
-To register a machine when running `headscale` in a container, take the headscale command and pass it to the container:
+To register a machine when running headscale in a container, take the headscale command and pass it to the container:
 
 ```shell
 docker exec -it headscale \
@@ -129,7 +120,7 @@ docker exec -it headscale \
   headscale preauthkeys create --user myfirstuser --reusable --expiration 24h
 ```
 
-This will return a pre-authenticated key that can be used to connect a node to `headscale` during the `tailscale` command:
+This will return a pre-authenticated key that can be used to connect a node to headscale during the `tailscale` command:
 
 ```shell
 tailscale up --login-server <YOUR_HEADSCALE_URL> --authkey <YOUR_AUTH_KEY>
diff --git a/docs/setup/install/official.md b/docs/setup/install/official.md
new file mode 100644
index 0000000000..d3f307f53a
--- /dev/null
+++ b/docs/setup/install/official.md
@@ -0,0 +1,117 @@
+# Official releases
+
+Official releases for headscale are available as binaries for various platforms and DEB packages for Debian and Ubuntu.
+Both are available on the [GitHub releases page](https://github.com/juanfont/headscale/releases).
+
+## Using packages for Debian/Ubuntu (recommended)
+
+It is recommended to use our DEB packages to install headscale on a Debian based system as those packages configure a
+user to run headscale, provide a default configuration and ship with a systemd service file. Supported distributions are
+Ubuntu 20.04 or newer, Debian 11 or newer.
+
+1.  Download the [latest headscale package](https://github.com/juanfont/headscale/releases/latest) for your platform (`.deb` for Ubuntu and Debian).
+
+    ```shell
+    HEADSCALE_VERSION="" # See above URL for latest version, e.g. "X.Y.Z" (NOTE: do not add the "v" prefix!)
+    HEADSCALE_ARCH="" # Your system architecture, e.g. "amd64"
+    wget --output-document=headscale.deb \
+     "https://github.com/juanfont/headscale/releases/download/v${HEADSCALE_VERSION}/headscale_${HEADSCALE_VERSION}_linux_${HEADSCALE_ARCH}.deb"
+    ```
+
+1.  Install headscale:
+
+    ```shell
+    sudo apt install ./headscale.deb
+    ```
+
+1.  [Configure headscale by editing the configuration file](../../ref/configuration.md):
+
+    ```shell
+    sudo nano /etc/headscale/config.yaml
+    ```
+
+1.  Enable and start the headscale service:
+
+    ```shell
+    sudo systemctl enable --now headscale
+    ```
+
+1.  Verify that headscale is running as intended:
+
+    ```shell
+    sudo systemctl status headscale
+    ```
+
+## Using standalone binaries (advanced)
+
+!!! warning "Advanced"
+
+    This installation method is considered advanced as one needs to take care of the headscale user and the systemd
+    service themselves. If possible, use the [DEB packages](#using-packages-for-debianubuntu-recommended) or a
+    [community package](./community.md) instead.
+
+This section describes the installation of headscale according to the [Requirements and
+assumptions](../requirements.md#assumptions). Headscale is run by a dedicated user and the service itself is managed by
+systemd.
+
+1.  Download the latest [`headscale` binary from GitHub's release page](https://github.com/juanfont/headscale/releases):
+
+    ```shell
+    sudo wget --output-document=/usr/local/bin/headscale \
+    https://github.com/juanfont/headscale/releases/download/v<HEADSCALE VERSION>/headscale_<HEADSCALE VERSION>_linux_<ARCH>
+    ```
+
+1.  Make `headscale` executable:
+
+    ```shell
+    sudo chmod +x /usr/local/bin/headscale
+    ```
+
+1.  Add a dedicated user to run headscale:
+
+    ```shell
+    sudo useradd \
+     --create-home \
+     --home-dir /var/lib/headscale/ \
+     --system \
+     --user-group \
+     --shell /usr/sbin/nologin \
+     headscale
+    ```
+
+1.  Download the example configuration for your chosen version and save it as: `/etc/headscale/config.yaml`. Adjust the
+    configuration to suit your local environment. See [Configuration](../../ref/configuration.md) for details.
+
+    ```shell
+    sudo mkdir -p /etc/headscale
+    sudo nano /etc/headscale/config.yaml
+    ```
+
+1.  Copy [headscale's systemd service file](../../packaging/headscale.systemd.service) to
+    `/etc/systemd/system/headscale.service` and adjust it to suit your local setup. The following parameters likely need
+    to be modified: `ExecStart`, `WorkingDirectory`, `ReadWritePaths`.
+
+1.  In `/etc/headscale/config.yaml`, override the default `headscale` unix socket with a path that is writable by the
+    `headscale` user or group:
+
+    ```yaml
+    unix_socket: /var/run/headscale/headscale.sock
+    ```
+
+1.  Reload systemd to load the new configuration file:
+
+    ```shell
+    systemctl daemon-reload
+    ```
+
+1.  Enable and start the new headscale service:
+
+    ```shell
+    systemctl enable --now headscale
+    ```
+
+1.  Verify that headscale is running as intended:
+
+    ```shell
+    systemctl status headscale
+    ```
diff --git a/docs/setup/install/source.md b/docs/setup/install/source.md
new file mode 100644
index 0000000000..327430b4e1
--- /dev/null
+++ b/docs/setup/install/source.md
@@ -0,0 +1,63 @@
+# Build from source
+
+!!! warning "Community documentation"
+
+    This page is not actively maintained by the headscale authors and is
+    written by community members. It is _not_ verified by headscale developers.
+
+    **It might be outdated and it might miss necessary steps**.
+
+Headscale can be built from source using the latest version of [Go](https://golang.org) and [Buf](https://buf.build)
+(Protobuf generator). See the [Contributing section in the GitHub
+README](https://github.com/juanfont/headscale#contributing) for more information.
+
+## OpenBSD
+
+### Install from source
+
+```shell
+# Install prerequistes
+pkg_add go
+
+git clone https://github.com/juanfont/headscale.git
+
+cd headscale
+
+# optionally checkout a release
+# option a. you can find official release at https://github.com/juanfont/headscale/releases/latest
+# option b. get latest tag, this may be a beta release
+latestTag=$(git describe --tags `git rev-list --tags --max-count=1`)
+
+git checkout $latestTag
+
+go build -ldflags="-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=$latestTag" github.com/juanfont/headscale
+
+# make it executable
+chmod a+x headscale
+
+# copy it to /usr/local/sbin
+cp headscale /usr/local/sbin
+```
+
+### Install from source via cross compile
+
+```shell
+# Install prerequistes
+# 1. go v1.20+: headscale newer than 0.21 needs go 1.20+ to compile
+# 2. gmake: Makefile in the headscale repo is written in GNU make syntax
+
+git clone https://github.com/juanfont/headscale.git
+
+cd headscale
+
+# optionally checkout a release
+# option a. you can find official release at https://github.com/juanfont/headscale/releases/latest
+# option b. get latest tag, this may be a beta release
+latestTag=$(git describe --tags `git rev-list --tags --max-count=1`)
+
+git checkout $latestTag
+
+make build GOOS=openbsd
+
+# copy headscale to openbsd machine and put it in /usr/local/sbin
+```
diff --git a/docs/setup/requirements.md b/docs/setup/requirements.md
new file mode 100644
index 0000000000..a9ef2ca334
--- /dev/null
+++ b/docs/setup/requirements.md
@@ -0,0 +1,28 @@
+# Requirements
+
+Headscale should just work as long as the following requirements are met:
+
+- A server with a public IP address for headscale. A dual-stack setup with a public IPv4 and a public IPv6 address is
+  recommended.
+- Headscale is served via HTTPS on port 443[^1].
+- A reasonably modern Linux or BSD based operating system.
+- A dedicated user account to run headscale.
+- A little bit of command line knowledge to configure and operate headscale.
+
+## Assumptions
+
+The headscale documentation and the provided examples are written with a few assumptions in mind:
+
+- Headscale is running as system service via a dedicated user `headscale`.
+- The [configuration](../ref/configuration.md) is loaded from `/etc/headscale/config.yaml`.
+- SQLite is used as database.
+- The data directory for headscale (used for private keys, ACLs, SQLite database, …) is located in `/var/lib/headscale`.
+- URLs and values that need to be replaced by the user are either denoted as `<VALUE_TO_CHANGE>` or use placeholder
+  values such as `headscale.example.com`.
+
+Please adjust to your local environment accordingly.
+
+[^1]:
+    The Tailscale client assumes HTTPS on port 443 in certain situations. Serving headscale either via HTTP or via HTTPS
+    on a port other than 443 is possible but sticking with HTTPS on port 443 is strongly recommended for production
+    setups. See [issue 2164](https://github.com/juanfont/headscale/issues/2164) for more information.
diff --git a/docs/setup/upgrade.md b/docs/setup/upgrade.md
new file mode 100644
index 0000000000..e518a7b50e
--- /dev/null
+++ b/docs/setup/upgrade.md
@@ -0,0 +1,10 @@
+# Upgrade an existing installation
+
+An existing headscale installation can be updated to a new version:
+
+- Read the announcement on the [GitHub releases](https://github.com/juanfont/headscale/releases) page for the new
+  version. It lists the changes of the release along with possible breaking changes.
+- **Create a backup of your database.**
+- Update headscale to the new version, preferably by following the same installation method.
+- Compare and update the [configuration](../ref/configuration.md) file.
+- Restart headscale.
diff --git a/docs/android-client.md b/docs/usage/connect/android.md
similarity index 96%
rename from docs/android-client.md
rename to docs/usage/connect/android.md
index 044b9fcf40..98305bd702 100644
--- a/docs/android-client.md
+++ b/docs/usage/connect/android.md
@@ -1,8 +1,6 @@
 # Connecting an Android client
 
-## Goal
-
-This documentation has the goal of showing how a user can use the official Android [Tailscale](https://tailscale.com) client with `headscale`.
+This documentation has the goal of showing how a user can use the official Android [Tailscale](https://tailscale.com) client with headscale.
 
 ## Installation
 
diff --git a/docs/apple-client.md b/docs/usage/connect/apple.md
similarity index 98%
rename from docs/apple-client.md
rename to docs/usage/connect/apple.md
index 29ad4b4547..7597c7178e 100644
--- a/docs/apple-client.md
+++ b/docs/usage/connect/apple.md
@@ -1,8 +1,6 @@
 # Connecting an Apple client
 
-## Goal
-
-This documentation has the goal of showing how a user can use the official iOS and macOS [Tailscale](https://tailscale.com) clients with `headscale`.
+This documentation has the goal of showing how a user can use the official iOS and macOS [Tailscale](https://tailscale.com) clients with headscale.
 
 !!! info "Instructions on your headscale instance"
 
diff --git a/docs/windows-client.md b/docs/usage/connect/windows.md
similarity index 95%
rename from docs/windows-client.md
rename to docs/usage/connect/windows.md
index 66c47279d1..2d073981c7 100644
--- a/docs/windows-client.md
+++ b/docs/usage/connect/windows.md
@@ -1,8 +1,6 @@
 # Connecting a Windows client
 
-## Goal
-
-This documentation has the goal of showing how a user can use the official Windows [Tailscale](https://tailscale.com) client with `headscale`.
+This documentation has the goal of showing how a user can use the official Windows [Tailscale](https://tailscale.com) client with headscale.
 
 !!! info "Instructions on your headscale instance"
 
@@ -45,7 +43,7 @@ If you are seeing repeated messages like:
 [GIN] 2022/02/10 - 16:39:34 | 200 |    1.105306ms |       127.0.0.1 | POST     "/machine/redacted"
 ```
 
-in your `headscale` output, turn on `DEBUG` logging and look for:
+in your headscale output, turn on `DEBUG` logging and look for:
 
 ```
 2022-02-11T00:59:29Z DBG Machine registration has expired. Sending a authurl to register machine=redacted
diff --git a/docs/usage/getting-started.md b/docs/usage/getting-started.md
new file mode 100644
index 0000000000..d344156b97
--- /dev/null
+++ b/docs/usage/getting-started.md
@@ -0,0 +1,132 @@
+# Getting started
+
+This page helps you get started with headscale and provides a few usage examples for the headscale command line tool
+`headscale`.
+
+!!! note "Prerequisites"
+
+    * Headscale is installed and running as system service. Read the [setup section](../setup/requirements.md) for
+      installation instructions.
+    * The configuration file exists and is adjusted to suit your environment, see
+      [Configuration](../ref/configuration.md) for details.
+    * The Tailscale client is installed, see [Client and operating system support](../about/clients.md) for more
+      information.
+
+## Getting help
+
+The `headscale` command line tool provides built-in help. To show available commands along with their arguments and
+options, run:
+
+=== "Native"
+
+    ```shell
+    # Show help
+    headscale help
+
+    # Show help for a specific command
+    headscale <COMMAND> --help
+    ```
+
+=== "Container"
+
+    ```shell
+    # Show help
+    docker exec -it headscale \
+      headscale help
+
+    # Show help for a specific command
+    docker exec -it headscale \
+      headscale <COMMAND> --help
+    ```
+
+## Manage users
+
+In headscale, a node (also known as machine or device) is always assigned to a specific user, a
+[tailnet](https://tailscale.com/kb/1136/tailnet/). Such users can be managed with the `headscale users` command. Invoke
+the built-in help for more information: `headscale users --help`.
+
+### Create a user
+
+=== "Native"
+
+    ```shell
+    headscale users create <USER>
+    ```
+
+=== "Container"
+
+    ```shell
+    docker exec -it headscale \
+      headscale users create <USER>
+    ```
+
+### List existing users
+
+=== "Native"
+
+    ```shell
+    headscale users list
+    ```
+
+=== "Container"
+
+    ```shell
+    docker exec -it headscale \
+      headscale users list
+    ```
+
+## Register a node
+
+One has to register a node first to use headscale as coordination with Tailscale. The following examples work for the
+Tailscale client on Linux/BSD operating systems. Alternatively, follow the instructions to connect
+[Android](connect/android.md), [Apple](connect/apple.md) or [Windows](connect/windows.md) devices.
+
+### Normal, interactive login
+
+On a client machine, run the `tailscale up` command and provide the FQDN of your headscale instance as argument:
+
+```shell
+tailscale up --login-server <YOUR_HEADSCALE_URL>
+```
+
+Usually, a browser window with further instructions is opened and contains the value for `<YOUR_MACHINE_KEY>`. Approve
+and register the node on your headscale server:
+
+=== "Native"
+
+    ```shell
+    headscale nodes register --user <USER> --key <YOUR_MACHINE_KEY>
+    ```
+
+=== "Container"
+
+    ```shell
+    docker exec -it headscale \
+      headscale nodes register --user <USER> --key <YOUR_MACHINE_KEY>
+    ```
+
+### Using a preauthkey
+
+It is also possible to generate a preauthkey and register a node non-interactively. First, generate a preauthkey on the
+headscale instance. By default, the key is valid for one hour and can only be used once (see `headscale preauthkeys
+--help` for other options):
+
+=== "Native"
+
+    ```shell
+    headscale preauthkeys create --user <USER>
+    ```
+
+=== "Container"
+
+    ```shell
+    docker exec -it headscale \
+      headscale preauthkeys create --user <USER>
+    ```
+
+The command returns the preauthkey on success which is used to connect a node to the headscale instance via the
+`tailscale up` command:
+
+```shell
+tailscale up --login-server <YOUR_HEADSCALE_URL> --authkey <YOUR_AUTH_KEY>
+```
diff --git a/mkdocs.yml b/mkdocs.yml
index a8e38cdd8f..d01c94cc3d 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -66,9 +66,26 @@ exclude_docs: |
 plugins:
   - search:
       separator: '[\s\-,:!=\[\]()"`/]+|\.(?!\d)|&[lg]t;|(?!\b)(?=[A-Z][a-z])'
+  - macros:
+  - include-markdown:
   - minify:
       minify_html: true
   - social: {}
+  - redirects:
+      redirect_maps:
+        acls.md: ref/acls.md
+        android-client.md: usage/connect/android.md
+        apple-client.md: usage/connect/apple.md
+        dns-records.md: ref/dns.md
+        exit-node.md: ref/exit-node.md
+        faq.md: about/faq.md
+        iOS-client.md: usage/connect/apple.md#ios
+        oidc.md: ref/oidc.md
+        remote-cli.md: ref/remote-cli.md
+        reverse-proxy.md: ref/integration/reverse-proxy.md
+        tls.md: ref/tls.md
+        web-ui.md: ref/integration/web-ui.md
+        windows-client.md: usage/connect/windows.md
 
 # Customization
 extra:
@@ -83,6 +100,8 @@ extra:
       link: https://github.com/juanfont/headscale/pkgs/container/headscale
     - icon: fontawesome/brands/discord
       link: https://discord.gg/c84AZQhmpx
+  headscale:
+    version: 0.23.0
 
 # Extensions
 markdown_extensions:
@@ -128,23 +147,39 @@ markdown_extensions:
 
 # Page tree
 nav:
-  - Home: index.md
-  - FAQ: faq.md
-  - Getting started:
+  - Welcome: index.md
+  - About:
+      - FAQ: about/faq.md
+      - Features: about/features.md
+      - Clients: about/clients.md
+      - Getting help: about/help.md
+      - Releases: about/releases.md
+      - Contributing: about/contributing.md
+      - Sponsor: about/sponsor.md
+
+  - Setup:
+      - Requirements and Assumptions: setup/requirements.md
       - Installation:
-          - Linux: running-headscale-linux.md
-          - OpenBSD: running-headscale-openbsd.md
-          - Container: running-headscale-container.md
-      - Configuration:
-          - Web UI: web-ui.md
-          - OIDC authentication: oidc.md
-          - Exit node: exit-node.md
-          - Reverse proxy: reverse-proxy.md
-          - TLS: tls.md
-          - ACLs: acls.md
-          - Custom DNS records: dns-records.md
-          - Remote CLI: remote-cli.md
-      - Usage:
-          - Android: android-client.md
-          - Apple: apple-client.md
-          - Windows: windows-client.md
+          - Official releases: setup/install/official.md
+          - Community packages: setup/install/community.md
+          - Container: setup/install/container.md
+          - Cloud: setup/install/cloud.md
+          - Build from source: setup/install/source.md
+      - Upgrade: setup/upgrade.md
+  - Usage:
+      - Getting started: usage/getting-started.md
+      - Connect a node:
+          - Android: usage/connect/android.md
+          - Apple: usage/connect/apple.md
+          - Windows: usage/connect/windows.md
+  - Reference:
+      - Configuration: ref/configuration.md
+      - OIDC authentication: ref/oidc.md
+      - Exit node: ref/exit-node.md
+      - TLS: ref/tls.md
+      - ACLs: ref/acls.md
+      - DNS: ref/dns.md
+      - Remote CLI: ref/remote-cli.md
+      - Integration:
+          - Reverse proxy: ref/integration/reverse-proxy.md
+          - Web UI: ref/integration/web-ui.md