From c2af5a6c43b3da7b8dbb15674fa4734c49990854 Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Tue, 5 Nov 2024 00:06:56 -0600
Subject: [PATCH] feat: add a talos blog post for openstack-flex

This change adds a new blog post for Talos, which I'll be using for
content in other application centric posts being developed for GA.

> Updates the CSS to have a better reading experience on long content.

Related-Issue: https://rackspace.atlassian.net/browse/OSPC-118
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 ...4-11-04-running-talos-on-openstack-flex.md | 427 ++++++++++++++++++
 .../assets/images/2024-11-04/talos-logo.png   | Bin 0 -> 11593 bytes
 docs/overrides/stylesheets/adr.css            |  13 +-
 3 files changed, 429 insertions(+), 11 deletions(-)
 create mode 100644 docs/blog/posts/2024-11-04-running-talos-on-openstack-flex.md
 create mode 100644 docs/blog/posts/assets/images/2024-11-04/talos-logo.png

diff --git a/docs/blog/posts/2024-11-04-running-talos-on-openstack-flex.md b/docs/blog/posts/2024-11-04-running-talos-on-openstack-flex.md
new file mode 100644
index 0000000..18aabff
--- /dev/null
+++ b/docs/blog/posts/2024-11-04-running-talos-on-openstack-flex.md
@@ -0,0 +1,427 @@
+---
+date: 2024-11-04
+title: Running Talos on OpenStack Flex
+authors:
+  - cloudnull
+description: >
+  Running Talos on OpenStack Flex
+categories:
+  - Operating System
+  - Image
+  - Server
+  - Kubernetes
+---
+
+# Running Talos on OpenStack Flex
+
+![talos-linux](assets/images/2024-11-04/talos-logo.png){ align=left }
+
+As developers, we're constantly seeking platforms that streamline our workflows and enhance the performance and reliability of our applications. Talos is a container optimized Linux distribution reimagined for distributed systems. Designed with minimalism and practicality in mind, Talos brings a host of features that are particularly advantageous for OpenStack environments. By stripping away unnecessary components, it embodies minimalism, reducing the attack surface and resource consumption. It comes secure by default, providing out-of-the-box secure configurations that alleviate the need for extensive hardening. Additionally, it is managed via a single declarative configuration file and gRPC API, simplifying management and automation to fit seamlessly into modern DevOps practices. Talos can be deployed across containers, cloud platforms, virtualized environments, and bare-metal servers, offering versatility in how you manage your infrastructure.
+
+<!-- more -->
+
+Integrating Talos with OpenStack Flex brings significant benefits. The immutable and minimal nature of Talos ensures that all compute nodes in your OpenStack cluster are consistent, reducing the chances of unexpected behavior due to environmental differences and thus enhancing consistency and reliability. When OpenStack Flex and Talos are combined, it creates an optimal environment for developers. Talos's ephemeral and atomic nature makes scaling out compute resources in OpenStack Flex seamless and efficient, enhancing scalability. The combination ensures high availability and quick recovery from failures, as Talos's design simplifies node replacement and recovery, thereby improving resiliency.
+
+In essence, Talos offers more by providing less—less complexity, less overhead, and fewer security concerns. This minimalistic yet powerful approach enhances security, efficiency, resiliency, and consistency. For developers working with OpenStack and specifically OpenStack Flex, Talos presents a compelling operating system choice that aligns perfectly with the goals of modern open infrastructure native applications.
+
+## Creating a cluster via the CLI on OpenStack
+
+In this guide, we will create an HA Kubernetes cluster in OpenStack with 3 worker node. We will assume an existing some familiarity with OpenStack. If you need more information on OpenStack specifics, please see the official OpenStack documentation.
+
+``` mirmaid
+flowchart TD
+    A[Internet] --> |Floating IP| B(Neutron Router)
+    B --> |Neutron Network| C{OVN Loadbalancer}
+    B --> |Floating IP| X[Jump 0]
+    C -->D[Controller 0]
+    D <--> G[Worker 0]
+    D <--> H[Worker 1]
+    D <--> I[Worker 2]
+    C -->E[Controller 1]
+    E <--> G[Worker 0]
+    E <--> H[Worker 1]
+    E <--> I[Worker 2]
+    C -->F[Controller 2]
+    F <--> G[Worker 0]
+    F <--> H[Worker 1]
+    F <--> I[Worker 2]
+    X <--> D
+    X <--> E
+    X <--> F
+```
+
+### Environment Setup
+
+You should have an existing openrc file. This file will provide environment variables necessary to talk to your OpenStack cloud. See here for instructions on fetching this file.
+
+## Create the Image
+
+First, download the OpenStack image from a [Talos Image Factory](https://factory.talos.dev).
+
+!!! example "At the time of this writing the latest image was 1.8.2"
+
+    ``` shell
+    wget https://factory.talos.dev/image/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba/v1.8.2/openstack-amd64.raw.xz
+    ```
+
+Once the image is downloaded, decompress the file.
+
+``` shell
+xz --decompress -v openstack-amd64.raw.xz
+```
+
+After decompressing the file downloaded, the command will result in a raw image file named, `openstack-amd64.raw`.
+
+### Upload the Image
+
+Once you have the image ready, you can upload to OpenStack with the following command
+
+``` shell
+openstack --os-cloud default image create \
+        --progress \
+        --disk-format raw \
+        --container-format bare \
+        --file openstack-amd64.raw \
+        --property hw_vif_multiqueue_enabled=true \
+        --property hw_qemu_guest_agent=yes \
+        --property hypervisor_type=kvm \
+        --property img_config_drive=optional \
+        --property hw_machine_type=q35 \
+        --property hw_firmware_type=uefi \
+        --property os_require_quiesce=yes \
+        --property os_type=linux \
+        --property os_admin_user=talos \
+        --property os_distro=talos \
+        --property os_version=18.2 \
+        talos-18.2
+```
+
+This command will prepare the image to run in a KVM environment, with UEFI firmware, and the Talos operating system. The image will be named `talos-18.2`.
+
+## Network Infrastructure
+
+The network setup will cover the creation of a router, network, subnet, load balancer, and ports.
+
+!!! note "This blog post was written with the following environment assumptions already existing"
+
+    - Router: `tenant-router`
+    - Network: `tenant-net`
+    - Subnet: `tenant-subnet`
+    - Key Pair: `tenant-key`
+
+    If you don't have a setup project, checkout the getting started guide [here](https://blog.rackspacecloud.com/blog/2024/06/18/getting_started_with_rackspace_openstack_flex).
+
+### Creating loadbalancer
+
+The OpenStack Flex Loadbalancer used for this environment is a Layer 4 TCP load balancer powered by the OVN loadbalancer solution. The Loadbalancer will be used to distribute traffic to the control plane nodes.
+
+!!! tip "Check the loadbalancer providers available in your environment"
+
+    ``` shell
+    openstack --os-cloud default loadbalancer provider list
+    ```
+
+Create load balancer, updating vip-subnet-id if necessary
+
+``` shell
+openstack --os-cloud default loadbalancer create --provider ovn --name talos-control-plane --vip-subnet-id  tenant-subnet
+```
+
+Store the load balancer ID for later use
+
+``` shell
+LB_ID=$(openstack --os-cloud default loadbalancer show talos-control-plane -f value -c id)
+```
+
+Create listener
+
+``` shell
+openstack --os-cloud default loadbalancer listener create --name talos-control-plane-listener --protocol TCP --protocol-port 6443 talos-control-plane
+```
+
+Create Pool
+
+``` shell
+openstack --os-cloud default loadbalancer pool create --name talos-control-plane-pool --lb-algorithm SOURCE_IP_PORT --listener talos-control-plane-listener --protocol TCP
+```
+
+Create health monitoring
+
+``` shell
+openstack --os-cloud default loadbalancer healthmonitor create --delay 5 --max-retries 4 --timeout 10 --type TCP talos-control-plane-pool
+```
+
+## Security Groups
+
+Secrutiry groups allow you to control the traffic to and from your instances. We will create two security groups, one for the tenant and one for the Talos control plane.
+
+### Create a tenant security group
+
+Craete a tenant security group, this tenant-secgroup will be used to permit SSH traffic to your jump host.
+
+``` shell
+openstack --os-cloud default security group create tenant-secgroup
+```
+
+Add an SSH rule to the security group, allowing traffic from anywhere.
+
+``` shell
+openstack --os-cloud default security group rule create tenant-secgroup \
+                     --protocol tcp \
+                     --ingress \
+                     --remote-ip 0.0.0.0/0 \
+                     --dst-port 22
+```
+
+### Create a Talos control plane security group
+
+The security group will be used to permit traffic to the control plane nodes. We will open the following ports:
+
+Craete a Talos security group, this `talos-secgroup` will be used to permit Talos control plane and kubernetes traffic within the cluster.
+
+``` shell
+openstack --os-cloud default security group create talos-secgroup
+```
+
+Add the Talos control plane security group rules.
+
+* `6443` for the Kubernetes API server
+* `50000` for the Talos API
+
+``` shell
+openstack --os-cloud default security group rule create --ingress --protocol tcp --dst-port 6443 talos-secgroup
+openstack --os-cloud default security group rule create --ingress --protocol tcp --dst-port 50000 talos-secgroup
+openstack --os-cloud default security group rule create --ingress --protocol tcp talos-secgroup
+openstack --os-cloud default security group rule create --ingress --protocol udp talos-secgroup
+```
+
+### Creating ports
+
+Create ports used for IP address allocation for the control plane and jump nodes.
+
+``` shell
+JUMP_0=$(openstack --os-cloud default port create --security-group tenant-secgroup --security-group talos-secgroup --network tenant-net jump-0 -f json | jq -r '.fixed_ips[0].ip_address')
+CONTROLLER_0=$(openstack --os-cloud default port create --security-group talos-secgroup --network tenant-net talos-control-plane-0 -f json | jq -r '.fixed_ips[0].ip_address')
+CONTROLLER_1=$(openstack --os-cloud default port create --security-group talos-secgroup --network tenant-net talos-control-plane-1 -f json | jq -r '.fixed_ips[0].ip_address')
+CONTROLLER_2=$(openstack --os-cloud default port create --security-group talos-secgroup --network tenant-net talos-control-plane-2 -f json | jq -r '.fixed_ips[0].ip_address')
+```
+
+!!! note
+
+    The jump-0 port has both the `tenant-secgroup` and `talos-secgroup` security groups. The control plane ports have only the `talos-secgroup` security group.
+
+    The above commands will store the port IP addresses in the variables `JUMP_0`, `CONTROLLER_1`, `CONTROLLER_2`, and `CONTROLLER_3`. These variables will be used in the next step. You can validate the variables are defined and have the correct values by running `echo $JUMP_0 $CONTROLLER_1 $CONTROLLER_2 $CONTROLLER_3`.
+
+### Associate port’s private IPs to loadbalancer
+
+Create the loadbalancer members for each port IP.
+
+``` shell
+openstack --os-cloud default loadbalancer member create --subnet-id tenant-subnet --address ${CONTROLLER_0} --protocol-port 6443 talos-control-plane-pool
+openstack --os-cloud default loadbalancer member create --subnet-id tenant-subnet --address ${CONTROLLER_1} --protocol-port 6443 talos-control-plane-pool
+openstack --os-cloud default loadbalancer member create --subnet-id tenant-subnet --address ${CONTROLLER_2} --protocol-port 6443 talos-control-plane-pool
+```
+
+### Associate floating IPs to the `jump-0` port
+
+Create a floating IP for the jump host.
+
+``` shell
+openstack --os-cloud default floating ip create --port jump-0 PUBLICNET
+```
+
+Retrieve the floating IP for the jump host.
+
+``` shell
+JUMP_PUBLIC_VIP=$(openstack --os-cloud default floating ip list --fixed-ip-address $JUMP_0 -f json | jq -r '.[0]."Floating IP Address"')
+```
+
+### Associate floating IPs to the loadbalancer port (optional)
+
+!!! note
+
+    This is an optional step, if you never want to access the kubernetes API over the public internet, you can skip this step.
+
+Create a floating IP for the load balancer.
+
+``` shell
+openstack --os-cloud default floating ip create --port ovn-lb-vip-${LB_ID} PUBLICNET
+```
+
+Retrieve the floating IP for the load balancer.
+
+``` shell
+LB_PRIVATE_VIP=$(openstack --os-cloud default loadbalancer show talos-control-plane -f json | jq -r .vip_address)
+LB_PUBLIC_VIP=$(openstack --os-cloud default floating ip list --fixed-ip-address ${LB_PRIVATE_VIP} -f json | jq -r '.[0]."Floating IP Address"')
+```
+
+!!! tip
+
+    This setup is making the assumption that you will be running `talosctl` from the jump host. If you indend to run `talosctl` from outside the OpenStack environment, and you want direct access to all of the control plane nodes, you will need to create floating IPs for the nodes.
+
+    ``` shell
+    openstack --os-cloud default floating ip create --port talos-control-plane-0 PUBLICNET
+    openstack --os-cloud default floating ip create --port talos-control-plane-1 PUBLICNET
+    openstack --os-cloud default floating ip create --port talos-control-plane-2 PUBLICNET
+    ```
+
+## Build the Jump Host
+
+The jump host will be used to interact with the Talos cluster. We will use the floating IP we created earlier to access the jump host.
+
+``` shell
+openstack --os-cloud default server create jump-0 --flavor gp.0.1.2 \
+                                                  --nic port-id=jump-0 \
+                                                  --image Debian-12 \
+                                                  --key-name tenant-key
+```
+
+Login to the jump host and install `talosctl`.
+
+``` shell
+ssh debian@${JUMP_PUBLIC_VIP} 'curl -sL https://talos.dev/install | sh'
+```
+
+!!! tip
+
+    See the Talos install [documentation](https://www.talos.dev/v1.8/talos-guides/install/talosctl/) for more information on installing `talosctl`.
+
+## Cluster Configuration
+
+With our networking deployed, and the  jump host online fetch the IP for our OVN Loadbalancer.
+
+Generate the configuration.
+
+``` shell
+ssh debian@${JUMP_PUBLIC_VIP} "talosctl gen config talos-k8s-openstack https://${LB_PUBLIC_VIP}:6443"
+```
+
+Upon the completion of this command the local directory will contain a `talosconfig`, `controlplane.yaml`, `worker.yaml` files. This file will be used to interact with the Talos cluster.
+
+Retrieve these files from the jump host to the machine running the OpenStack CLI.
+
+``` shell
+scp debian@${JUMP_PUBLIC_VIP}:talosconfig .
+scp debian@${JUMP_PUBLIC_VIP}:controlplane.yaml .
+scp debian@${JUMP_PUBLIC_VIP}:worker.yaml .
+```
+
+## Talos Compute Creation
+
+To build the Talos cluster, we will create the control plane nodes and worker nodes. We will use the `controlplane.yaml` and `worker.yaml` files we retrieved from the jump host.
+
+### Create control plane nodes
+
+!!! tip
+
+    The following command will create 3 control plane nodes. You can adjust the number of control plane nodes by changing the `seq` range.
+
+    Depeding on where your command is you may need to retrieve the `controlplane.yaml` file from the jump host.
+
+``` shell
+for i in $(seq 0 1 2); do
+  openstack --os-cloud default server create \
+                       talos-control-plane-$i \
+                       --flavor gp.0.2.4 \
+                       --nic port-id=talos-control-plane-$i \
+                       --image talos-18.2 \
+                       --key-name tenant-key \
+                       --user-data controlplane.yaml
+done
+```
+
+### Create worker nodes
+
+!!! tip
+
+    The following command will create 3 control plane nodes. You can adjust the number of control plane nodes by changing the `seq` range.
+
+    Depeding on where your command is you may need to retrieve the `worker.yaml` file from the jump host.
+
+``` shell
+for i in $(seq 0 1 2); do
+    openstack --os-cloud default server create \
+                         talos-worker-$i \
+                         --flavor gp.0.2.4 \
+                         --network tenant-net \
+                         --image talos-18.2 \
+                         --key-name tenant-key \
+                         --user-data worker.yaml
+done
+```
+
+!!! note
+
+    The above command will create a set of 3 workers. However there's no limit. You can add workers following this process whenever is needed.
+
+### Bootstrap Etcd
+
+You should now be able to interact with your cluster with talosctl from the jump host. We will the floating IPs we retrieved earlier to bootstrap Etcd.
+
+Return to the jump host and set the endpoints and nodes.
+
+### Set the endpoints and nodes
+
+``` shell
+ssh debian@${JUMP_PUBLIC_VIP} "talosctl --talosconfig talosconfig config endpoint ${CONTROLLER_0}"
+ssh debian@${JUMP_PUBLIC_VIP} "talosctl --talosconfig talosconfig config node ${CONTROLLER_0}"
+```
+
+### Bootstrap etcd
+
+``` shell
+ssh debian@${JUMP_PUBLIC_VIP} "talosctl --talosconfig talosconfig bootstrap"
+```
+
+### Install the kubectl binary
+
+At this stage login to the jump host and install the `kubectl` binary
+
+``` shell
+ssh debian@${JUMP_PUBLIC_VIP}
+```
+
+Install the `kubectl` binary is optional but an easy way to interact with your Talos environment now that it is deployed.
+
+``` shell
+curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+```
+
+Move the binary to a location in your path.
+
+``` shell
+sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
+```
+
+At this point we can retrieve the admin kubeconfig by running
+
+``` shell
+talosctl --talosconfig talosconfig kubeconfig .
+```
+
+Check your nodes
+
+``` shell
+./kubectl --kubeconfig ./kubeconfig get nodes
+```
+
+!!! example "The output should look something like this"
+
+    ``` shell
+    NAME                    STATUS   ROLES           AGE    VERSION
+    talos-control-plane-0   Ready    control-plane   2m6s   v1.31.2
+    talos-control-plane-1   Ready    control-plane   2m2s   v1.31.2
+    talos-control-plane-2   Ready    control-plane   2m5s   v1.31.2
+    talos-worker-0          Ready    <none>          118s   v1.31.2
+    talos-worker-1          Ready    <none>          112s   v1.31.2
+    talos-worker-2          Ready    <none>          112s   v1.31.2
+    ```
+
+Assuming the output of the command is matching your expectations for the deployment you ran following this blog post, you have successfully deployed a Talos cluster on OpenStack Flex.
+With the cluster up and running, you can now deploy your applications and services on top of it all from the jump host.
+
+## Conclusion
+
+To recap, this blog post has outlined the steps to deploy a Talos cluster on OpenStack Flex. The cluster consisted of three control plane nodes and three worker nodes. We created the necessary network infrastructure, security groups, and ports to support the cluster. We then built the jump host and retrieved the necessary configuration files to interact with the cluster. We bootstrapped the cluster using `talosctl`. Finally, we retrieved the admin kubeconfig and installed the `kubectl` binary to interact with the cluster.
+
+Talos is a powerful operating system that is well-suited for OpenStack Flex environments. By combining the minimalistic and secure nature of Talos with the flexibility and scalability of OpenStack Flex, you can create a robust and reliable infrastructure for your applications. With the steps outlined in this guide, you can easily deploy a Talos cluster on OpenStack Flex and take advantage of the benefits that both platforms offer. Whether you are running a small development environment or a large production deployment, Talos and OpenStack Flex provide the tools you need to build and manage your infrastructure effectively.
diff --git a/docs/blog/posts/assets/images/2024-11-04/talos-logo.png b/docs/blog/posts/assets/images/2024-11-04/talos-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..185baef20cf90c0f88c330aae1a2ef2ac6f4d408
GIT binary patch
literal 11593
zcmV-PEw<8$P)<h;3K|Lk000e1NJLTq004&o005Q<1^@s6^lh6o00001b5ch_0Itp)
z=>Px#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@
z1ONa40RR91hoA!h1ONa40RR91mH+?%0EfI99smF=vq?ljRCodHT?xDt#hI__nRg+G
z!h0O@6m;>3Pw-aIs3_jIc*QFoQDfrq%e|Xuc5#y!qpq%Q)Of_W8nfO;<Khv-Tf7hi
zi5DU_ya$NL`QA)-?f<Lp>gn$3qk5)iUUu2$_o%6^s{eP?S6_WqT|L9uCU}WSteu(c
zDaP4gCfHU;8B!LKF2?;%*2s?HN3gC<O;!0#O<*bSM%IVr*zVFGlme82`18Y%9maZC
zv%0-0rJJU4P!AXJrwk$~?b(z}q9p64X&ltqMo9_(|0!Gpo2GG)E=>F-c??ya3s>I%
z^}Cy<ade|w({y;@|GF83%eQG72kC-5hq{!92&Ue0^?4IY|88bpaSyu!fBV)=_hcOE
zkAhSB986VtotP4TV5dR{r`L&GBAH(G9AYBE!gh8JxSWX28G-as{GE!w+FmrRke5)N
zB8r+Suh+C<vTL!t-cH=bevI@=eldG4inV&&?={aMZf7U4A#5f_>%I6J;f&%5P)vJ0
z1owFg<spKp@+5U&NZiQ|g&wwZ^spzh*t6nyY^u18jj03qP!e@F4)I$yT-?g0K={X@
zhz>^?%EcSlaQa>-r&->lrEJg;;__M2j>0Oi%R+b>0}nD4`g#z9X;4(tTHUX!afqAQ
zPhb=uK?w(kC_;7E#o~IlS*-+iapR03Shmq^Rg(|m7P*~&T#QamX9e~#>Rlv+oD6Hi
zM-a3w#vyKGqr^>YIt=4CaGlLQB`DXeI;6<@u{=8~$Y`c{iaAR3N}uUoIX{__4h1vW
z<>1GVJcZG>dEEl#ce0z<8yIBUhvH;>vo6K~qqqoy?Iwk{Ac5)_O2hLPXDnwqoZ=yz
zeu+ma-%#E>t2^)pP0+`8T%9EIGX`GdysYTQ;nc@C40empFq8tK(>=wtY*ZZMRhM}U
zGnx<ENUA0l1F#WZ(t@|t=f}dt^1B$s%!=w_9Q+4t4g#xJqyp&CI4Q!LQs;Q{RL<C?
z^8Z@=N7IUzUKo9Ec`bNQm=^ny^qyXNar&{?B>qFTP&Kb*S{LJx0+{S}Ux#=Vphm7=
zL1)%9FioakGN2mufVhT@#X$L*JGJ`dFVXkv$6~kDh@CRn`WZ(78(bD!S*8fD;M8HI
zd_T64eWQ%ytZt}|DABV$T3EhTs}+--?~yl}e#wv*vY)YMvr<74PTh=yPsBRFVs}Yp
zsE(nOIwLxNQIY@^m8*S@WcoIL6%mPVB<^4hko(L8`ThE_*sYvPZN-CUR9ZLVko;P5
zY7r@duYJYOYZRC&522H0q--C|QtS|$*w4|SZ+p}t%;GK|MvXIdH4b=>1@IrwNQID6
zyo!m+Ggg~rZ4^B<wRy{H(FsL%u9o~IejbMYzNiH&QJ8f#4u^@`ea4|&yXuT!-ePA*
zF<<e0TCGIU3(}{2#`_%Nr>qTL;AqK17(K-srK-GGzd%&!wf@GDXOp0m<te6?EuhTf
z6~mdOYDDU!nGtn>I1FBgE*XbiZ$AGudp&D5lJM$o9B_>m{{2CY2ojt|MpA0kU^`uh
zuHq|6i)qVEOetyT(>6daTy-}NDPs}Fp%kx^TI@LS6YL^pb*X17x*e1iUEqixvYjwE
zc1<C_g}T4bkOgh1UNH{-Z+J2**c(ui-*ZIgTM)>eq%D<BMKX+NdZoFZ>SepnaiMD%
zdi0-xzE<dnly#k6F%Bt&#r{*eR#FgMN>NdHk@4}lBznPeo6D;Hhn;cAX$ROr{HVNu
zm+hsi_lzUQ9)NM!W0Dj@S6nLC5t&XcN%Xws^f`;`2iPuWcm*>~PNJjA1zXM5;<e3Q
zx_Zqx_zi3wjN>s^5lSIZsldww1vViwJw?%px}ODMlbxb1FYzJRz5Gr{-Ah-m8Hbct
zty;VtqGAE6U@NFJlB|plA5%a|S2=zu*6^0g${GAe+vV}{`RNzxzqjF)vR93R-@;x%
z2Q8KiDFY$p(G`{#>=<z|>u*=6^8YY=f{dbHB{^|9+XoQzR=<5E(Kp!)ek=Q=O0rco
z?^WZFoO5StQ6nlTZO&*zEQyY{yebttjRm|O8H5)%E^oi4kp<<7F+z<)e3y+Bm$K6;
zMorVuWRFONk<#d*RQ-kJY2MD_(xs>BRZCN?wv=oNH!5$jhpHv1(;j_&I`wy0-B9B|
z#e2{}524Yw!Ww0I?>1};3${!egc?aoVPSd3juhW#EmiYCG{W!|ZEty%&sM}`Y%j>S
zwKhG$X7bx`dalM7`u8G`co2Vghmk5X4si+lHnWTago)R^EPfaA=Y%!P>K>>F(0kOO
z$Am?64d&0|5QEJRrHyPu?u2UTyLghG2S1E{wZu&06hFNf`G~$S9;udOQhV927Qe&R
zH$Mn@G8EtCGY(W3gpRpEU_@~t6^2b4<6d!b?nGa!tTRxCLyvJN$3x%F!!W$%%o5e{
zgTp>vJnA@Kz9he-U#+;pWT(dA2kB#U{Ha=+aqY#obEnIGH9431mIKeYQCx_C*>m}f
zgB9}kfYH9(8M$0Y3pe0F9uXJjj`p<6_TwGJS3!4~Lk}Hdk1RKD^MMXjBhENdoSN!O
z6axG<Nl&Ek%F+P+K;u+daUR<q@@!`tfFoA`-%lS?%I$1!Dk3Q=%YH2K2f&Zvr_1{?
zmiJ9Bu5pO-@<+nO9Amq5P;&%u@_AtzPlyZhho;~|yDB+SZW@n~0wd@L`RUL4<qy;*
z5UeQAbGU{ELqP?<yuLi!SVf3qG#rzJ?=6QR)oe<k{*(P^VPJ*Jdo1c4uGA%sL*Q+9
zVHwxMLpXCgDUKB8%Qph}FXFt0F{*L4slWkbAH5)bU*0ld$W>e+^7-(6<<-zB@}o)y
zpDZ5}xtgp}#JTwcW&cskCJh5Zh3eb5L5VAk!~C@Q98}!Jc73)0CD-oDH;bb2S8-;;
zo(dqVl;2x?3G`Q&=4QtQ+p&*ls&V)+jbp2!9U-45_9)S>lnyrR`arMarCyzp8Ydq!
z`KSEe?oTVF7u8Oj)iOp{xo5yfa~yr*6a0=Up51sBVHubcn+?W)MNz9e2azD2ytFix
zw|HN{@-UF5?W35f^gcT5c~_B&o|<YrdD*cR-%)(CWt)m<VOoil5A+;-S05G8phoLj
zjsP9og_rYR!gury?>(tvS`iJ!*-ayb5YIuceYE-)@*7s}S{QbNVRg4$0T(*V=V}nG
zd-HOA?sY{L+tQ+rJhT6n5j<6N8<;pk2+xpAU-D;mb9a7BP0%Axh<tweE8ORhQy=6>
z#CPPi%xsNAoYAk<DjJhvpqqR9Q$xS))|!?}4OmorsiEyk_40g#D40*D?v$7YIg|gl
z?b?VBRFoYU9i+lV9u@-^Q`D%1@6wM!iY>DE2`S`RpSRY%6pNRl5UaTs)3ivR!}a<T
z;2wRmg0YQ}+j;%>1eP}L9PCuk$y*lNuXu9bM^o?|Ta`bub~)(2M+()Uk2(5qY-GZE
zQeL#rkwVUt=(4()&}R?G(W*-a8()+8Blzl?3@*}%X>Il>^s|pH{Xo5kj9u3K$lw#1
zl^ebGn{YjkmNrDlwNnS#!JqBw!}DO^Wb>rWf0=<y62da+bh;jW)Z3ykq0jD>(AJet
zj{FL~-P#hl@jCjG_)^!9JEO~*&<`t5<LET>J^GlGGuEC(b|F_Q^dbMmnp08XA?!Hd
zG&s3(yMuJ{m;$aWp4jiaOl0GHQX2X>Gj~WubW_Mz$r)1U^6R8<9sQBKM$!69MREih
znaB6P7&E~S)AXN5-;;9<Yfgd(qe<QWCC|CRU!4PiUV)3loa`6~rF!{0dyd<@>OBw`
z>6>6{wJv=GvFVM2Rx4@b3v_^1*5doi4${ycRuLcYr`9jg!i}j^IDU(RG1cFp*<ZE;
zaQS1e<r+6X-aEBP&!Onik+gg<cbu@qM{+$(?v6YOqUprEWi%M3@uWDs?;wR&NlK;&
zyZvh-J=*^u{w#ig7>6&4N^#K!sWv{zpYrNHW+1*+fe)1YY3L6fIyohYvg+da)~$Gv
zJ*wSbN`EqCALNb3qxmC?eCslwaS%oR%oktfIkw3y)~SLN<)X^xFpr0^UFe`<uHnh*
zo_l}?i@$7lydOV;e&0f$fvGm-n($3aDe%iWBI!oX5^_q>)gL$U#Wq!3;waWs>?!^Q
zQ`i94Bg%oJrN1TlT;rkqsTFI2ER-1sRp3vrTx<%g1T36=b}UR8h(C|Y!E%d_G1qK)
zQ;<-ae37%4ZF(X2K6-XJx5WNw@X2$e!B73JEQ})!eoj~~r{O<Xw_t6F^EbvGWbpp}
zKuw>%%F4eqS?&=2R99yZlk%a)K?P0EuA0fr9G(kcc?AL_topNEmrY3C3zQ?yy}bL-
z)-wsGlB;Rbs#&1B(xn@~57Or*=JzxgS%;%YU+Tyh#7_e)>smQ!96J1?LqFuteO2+>
z^F4<T{4Qb^e9wn||2Xn(#J5%+(fsU+kE7&^G!AOeFnRfFT;$JG(X3)Xxi0s<6Wn>r
z4Z$Ah9zS5`D8h;NE#uWVd`U|Ml@>oR5ieMQl&SbusiWXB`GRd@@?v~H#2WY}VoiL*
z;;+WQ#TNC9AGkLL#;vX#QT&I<$1Qe7<8v$Djw29j9MmvBx$7~wtRI(L7H%q6CDZ7<
zA#(Skw4w`N#`>~N2hEe|wQd+UWJDT5spLrk++($j)8JReJXFuLAZG;^1>qd}m0RJ-
z`f=&m^^L3ZFRc7?64^xKAb^G`T{j>Y#Me>N>c9?i$TiUj^X5a!_wE@txU#RSE+QyR
z#&_vAa7#ZZ#k8Wyzr^2|;yi~T_+FB4J^ipo!KWm3QdoJB4Z0HhOFJj%-_?(tN^E^T
zm7mgebr@#wo|bV?qx{<ZIYRJ{$ntE(I;khGM!L5g%hGGaAp?g62`A+nUs*mKIBUK1
z!thnOY4TJ%rS$AZ@|nOt;iviaKg$%mdF5C9$!A4!gqQS(sb@ZaY5B4wT?ETFj%ynU
zysLEiSNx#={+91){01geIzF9vX&VQhwq(6!<xjvAv%z-B&N7KM$Y`!p8)apA-csnv
z-<!xuNCn`&D{*7-ZTgtI^*slcveEpO%ai6MdqWtz#p|Pl597dwU;4`^825pHoX&If
zuAv_Ut*gu)ehi=L-^+-ju5BCy()`-uPv8kIv4bt#z(|lAt;8H{xJKrULwoicdJbWv
zx=cP@51*zuwnsW_)Q;pgAde=n7&l@I@G(SJKj^UcG@;#UJ^Ky50)|1~U#ibP^^awI
zqvg$I^IRZ}52=iU@EWHsyAKxoAdNh!1eu~BDR1$A6Z;O>T!W`l6=A$@<7(gwW02Ty
zu-@)0J^M`J*IQoVDE3payL;ah{6c>$m2rqYw`#>>(qE%pD*oZge$(*AlILTY4=GG-
z9E8!h!MqS7WC0lm&8hVK4tZ%TZeHH^mA4gG%Rf_l?aN{_T)bp_RxIXs(Z#lLef&l9
z@7q+4p<w1PrJ$VjQ7(TOe!kHBP7GREQ6bN-2QH2t>fy`5Yq6<~Z!Y;+8JNb6ij0HL
z>|BS2XTTsV87)H*aFJ3WZr%~V%~QF_uh_Upd+4ioVZ1iHy?7Sd7f8{X_}a$d@}>BU
z;XjPGuzQw;U{v7+(*Qm+H=j?NyE+Uf>|XaC?W3XZ^K|j49&IEx@Zw1{sf1xB-K)qr
z2(;myC2ye1u9F?76cJEBS%(VV07kX9)=4Pff8Z)40Ut4VN0Pv*Jk;PK@Ku|n6nu`>
z)d!5@-6T9;xnOsf>oYJQ1N`Gq@pt)K;alTA?1)Uo#zA;Z(-!>{LViLD37uMkQ-Pg7
zcH{2b=)eDB@%MG{!OKn&a{6z}?Q`;E#COcp;*|Rvhv(?@75Lmi2hWxV!M5hrz5CW@
zAePx%mtTo5_%luKEqGXyL}<0DjDryInEt$UK^SeE;nxo}FYJ`g(#03T*j^77OIb2#
zj5O-ZM0|~%j`e#E9|D}b7M>j8e5M|+sAU;frQsJIW&_TTUaXBDQL$>{XqYvBDlGLb
zxh#|lr^x`+Xqgz9^20WCY`0AWPrlnYBQ-A?r;N@}F>)k&UgL`8FMzAD(b3q=woSn&
z4!(-dHMnGjQNzaqcjtJ0`uW9qoQZvAE?%UAA6KVp;~;RHj`&9iAfKW-F3mNJh&;y&
zxR=H;rpkDc&-E%M0?(yaXexe9wT(?3!%f1I<*`6^p(Sw28wRI^hkA|cn?BWmWtPP+
zNh3d&t)Dc_T5z2Xc2b>8jDycwunJS|4K#9StCmvbs!MtMeksqsCB}_QJi&!GYv$W{
z!S*yIc<I^Y_>HS=l7waybI2*BynTs34}Kyb;js~Zemw1^K1%!}c395m%popfFVWFH
z0JwM~9@QMZhVthx|3xflio#5cgXlG~&3+33R@z&~r4dxhLpc!8lONdAH9zs&0j1$t
z+}X1Cwg*u^o})m#hof<+5$@q9fak&2!*e``lGD>Zz$c<EttqA3YNWRU;F!H~$Krq5
z^taFdsKKsQmCTHT&z`*&!Pxb-WkY-^kUcV~BfNPE+GM>VemOwr66}+(_CZ`bk8jY?
zxV(5l9L1lyuK`DfHNvg$$fxqb6i=_`YGIn<=rBHm{3(3!Fi{Ivvr=ZpLG&8e_1pqR
zSKF3O2H~v31F0&<TIVn=K85kQtpFQOwGYF`GY8)nkVN5o@q#!(e63@G79XN;g6-9P
zl|nO##vw+GXhtx8SQww7_=3%E`e^Q-qU5dQex}C37vYJYV1Kj)@=h%!&ruRgmT%R)
z!-&Ma3Cz*>Vizqu8o|l$@8a1?3Op^n0&g>tJ0M>~UMx=n?QUo|KpzkCSS(Y+ApSBn
z4g$oPfyb2MDOEw5GMHdq6mp3hV!-(_s(l%rj&Ts5&Qup{AC@P%k}k-Nx7d^AC43wR
zT9<^!Ofg;;Pu45u?@Po?Ss`=dX!-237omVPY6K;wOk?B9;;RyIRE&dHB(-!9@I-O=
zI(QhlE#8qHhlkC&MC0IsZKsQesr0?3d7pfw!)Ka0nHvWYM}#e3El`$Eic&#TFvWLA
z3`t@bThpt9?MitfSi;8!kcM$Idie3TFX1{tGffp57i4xkhia!%H1_aE_}KAGG!7WX
zKpp*&C&Hxiz6Oh_tJK6e5O@5|9yw5iv!77Pdt(PE&@zT5ag7t!Uq-bL;zObRlkn_)
z4&o!3KZ&0Rhzf!?*?4~Wg8Y#jczU}w2@=7md}A)GeaWNP`~z=Z5?&?cH8PIimN&?d
zh075{!Js#<<2j5~(d`Mhgoh5&@EmC4;m6ya?)&*e-Gl?iqP@Mvi&xg(!ynbd%iqbK
z!(`Y1BQN8ZFO0vO$S**x%&){9%8DqOtS`f_<HCdBDo^n+t#qFoIm*Ren53nmoOZtU
zA^5Ras*n`#<->zhhOgR0rG)_o%VWb+lRs0K$$H24D=NHT8syIsY+w{?)!fIBtI4&4
z5-2E0Szi5WLJS-D8p;-3Jk(ns163-D=*TkuWW7?e&`<3Rcq@=fFr_$YY@X8z=lBaa
zOSJJA+ddwxveKFu2bOg^D35`t!gh_$$PDIDZ*daq78m#;P<x~Y+XwS_#ZU84pB|pX
zPhgNwn^w@}kMOveYfgZqeV8R=U_tpp^FsXZFb=u1$Jst|1i^Kykrb6j7bO}8g0t4B
z_Cb6owCrv1u#V8hv+=_a0{1NX<*8(O2@hW?oxD-U;5jt$5HsyVdJk|^bvAR)v9Y_)
z$q1V4@4JL1<Z{eOv1~2N!^<Qt!>~MUC7iJKL3|iT;_f49O&3q%>!_LYFLd~mbeU*P
zf`qE3>*7H%eeqV_X-SxA%QH6)occV2oFRmhE|CQE=ZVEqdC}^5E{SP)7wI|3rAjzY
z`yf6>o0f6t@@L~Gafoslr4D~Y7faDZ<0y*8Nj6@*{*?Ss%()s|rmB*uajb6d7y#<W
zloU_AlnlY{SSSbb%DEG-=k@FStSgCQ)ZeD0_)>ctFNn{VCE?LNM+q<3z8pUhPgdZ|
zgYt#*hsuH{z8>1Ib7mI|ZdRQB{P@Np8wT&Vtsbv>wK6r1rXF!61acIQDFpv~c}xx7
zJXm}|hfUxNrx9XLA&K}4bTB1e0)L8sEj&{!*5r>?`NMTEVMNb+^_7H=9h9rIa5XDs
zW*i%a>@))X_XBC^v~dH)%bh%L3d8Z<$5!$rx|4JP2g<ZZxVL>MzToqd@a*zr{uI6z
z9yjK@BRN@qturS$)%Ju>-hloTe=0?+cfrQNqqfuHSEEv9#=(llujEK`6eD-?Xk@B9
z1oM>(KDTN4?8JCuZCeMPz3_f&1i5&?_2W5t!RKknE%^#<ulV)i>nx6iSm?v^wkJLK
z<=+<B#Ld4xU9(?@yt7HNK>JAkg=PJVmi!u(GBJ*It-I_60nSt-hXf&ke0k5Z%n|fv
zTjY2y@#SkB5--p`3LjrCKPMhhmB#bu!&gn>QjweMlQ&-eT+e`x9pm6s8K#ok(#Vgx
z-|QaHv9oGlO<J{a;1@A-*xSCB1{~Rho#Nq=lc#$EldQ^9ifc_%L(|>%$N2xze&=9&
zie?m^51+H{K3~jS6pv_^hPFqMecz9-hgbYWSAOCjzo3<P$cgASH8tOhAZ5McH;lia
ze#{)#(ruDlRU5~;)(^jr7sEP;5HU`dCCx-B8mT>`+;Y_aJzp|SYnvN_j|#Sr#1|Yc
zIQgQN?CEk99^fyCZ`Y3hf3p=IE(P9KHZGY-Jig#U>%Csm6P}&iukh?N0bhu*>smW5
zqPo>wRT;<nfx8Y9O#CZ_-_kJj(r%G&yhfL47}9Rq_>6t1huf5fUp+{w#rY@Ndf<>t
z^D^?qYZ089+Iq12;kvJe?NrqRxvGrAG|YS8B3o!=OV<X2mM%Xg59M9gZ`pLcjVgJJ
zk?*FB&jt1cbgph~en}pkc$BEZ<IGNy-z{fc+c;X5eKZej+zJnps9zVK^DRVo{#G4r
zMAfO-I99cG`~V$&IJsckFesG@iq12(YF%UVwNcCj@2?v?sss29+W4H!2x5fi;W?xM
zC-CdY6OIvbR~R!>=wsWJ14e3pnT^#gu7-ZsrNF0{`t((89p{B`s&%U(<M^_5)Sg(j
z{f1nq>^POuRH%Z_kkmB9Ra<Gs8pM6kw8o^t@3E|z)K2H};i7?UfcOx?w+<fF!N{H&
z*51`qKtH*B^S-*+{lA+11*X_*(%=(a^waGtD_p&#HjY(W?6w6?*F6csIIv<b2T5ib
z(~)AO>vQtna>nLt*|qZ>y2_w>=&*eWR}+6_8-hYze95nuKOz#rzb>ZH)IB3o{t$fB
z-CGx%>aE^v?Ts*yE>|BK{DVfbk>gJ;*=o-|X=qX1RK@|OxYba62ouP#(iGx!o*Z%Z
z)FPR8rx;bv&gJY8$fkec<z#pc)t-XhXnYv!8@kANv;xCZQ%W+vF7D<_K3M_T7lg|n
z#y=aQi%s>moi}eI`2LPQzMAUU$fiQ~AJWjGx~Ys~#h_6W(FyqJEPHk0Pr*p&eNsNZ
zbzs*A+MP#?EpOei9~6O@L$<dKBO0HYOr`&HuM%!DKEqKX-3wmz&2T-0=!dhhy11%d
zYu5*l!^8bo8vY%APFvA7>QaTHlWH5s^48JE<6+f5`vngQT%Ly@3)XD5=0`frc<bOW
z_x{pT_za>PU-5(E{%?8PCw;ctMdNwPwU;YIl(V->9T$&}sjaoEtz%>oufg*CM(Z;0
z*Of*;j-GDrYTNbeLA<EEmT@c{(y_D2#e;SbM*;_2vCQMXnp#TbcqSyyAa@wWK-7J-
z+ux5Ditl(7Oc93pb`)0FecLrVt{xRgDnC8kbL2@leC~q>-|!sT`l0D<KOcZbMh2%s
zT%h=~=|%HjDra~aVLrKXz%E;BkV&3a=Jy}9B{Pj@0fzkyf^?=7iUquRy6?@)a&gPx
zl+%fa=>wASU4EtwT8_8;H7^x&=;EjG9D};r-hvv66w~P73ub7KWUqKbSA6i_p!0y+
zAEEkp^+Qv;-9MZU=*jU(3){ygPL_$DqoI-g8Ms@Mt3-;CN~ukV6yU$F^0NGcLQ}t=
zQuRtM;O>)vPoqxKNBT-y8f3_-eMv4K|E2OoHI}Gz_EHgX$J^TYf>mT3L~%n;?lSDx
z%unRMte^NUx$ZT8EO8zFDbhHgJHDiC)WcBVfv%uRp%@ZUv2NZ`w39alTV3Sh#H|-i
z)!kh5akpsj=tF=nJykdzKYhg2ulWEpGU2#Njv&4Upr;Dd@LCG|uOaThv4r&3wqMTp
z5)avq!$9ix)AREm-hX_;;<nK@$5D+mjzw*w{=?$@R2x`%3awOdL!7cr*9V`)5l$#O
zG!0#D;D>usUTN@CLX&5GEe(DT&mWeWhSOl{&RMhIsV+!EPsS?tK)zzZpk00#MLX0u
z77QBo0|<C2O&KcakyDAv(_|`xwXkyb%VC|fCPxv}xsP{04~@nr1NG6LJyi2qjgNLD
z|7G~TW;&S$%X|^89zXgRrk`?rd=u|@9o(ooFpxh%Uw66m{Q8kWyHB5<a_pd9zo2cG
z)5EaKjAMS=s8iANH^^rXBpiV3V1`mBFJlf*o-`rrvB_I^&H9%xLb~@B;*c^7a&LY5
zdgoAs^!4#c>U0+c#~8`eU451GW9u`hKW-eJjzW3u&aQ?_LGL};UqSpB`rs4iiH!Rf
zw2eA2i0U(rxr25+93As8ED#N_HICXT($6vTorc&ay*52uSv~oqQ__9O(_HJLy;{+i
zuadwCdV5J<4l(rew%xR!(uN7S7n@ed71;@(yHcO7+rJGseDw6Z*3o--v0dYsGiaCn
zU=mN#{x;4I$W;Jh4*Ta$<UQPX^TBfdWr10T4PQMAUpZObWeRbuE`2h3(ZgS?gd(}%
zl05b*rIh!}R|&pp884Rb;_>BlU|7dgLdV;t9jD+57M_%Iz9Ef#l0IYoEQ3#(J7|~D
z3R4=#$Afm?Rj}N%_$}FH>KJJtWC$=pI}c^~@{VGuoU@GugB`Jbbpfd2hmOx3sZF1=
zcPV0b8>jf-mnTL(=%bRWz&5<1r9Y`}&=>sZO6UaJY`<dWd-xiPQ_yetMKO*3Q}peD
z-{0i97e8y;ZF|BsK5X4}2MoX$&>{U?OGm|`?D&$Qgy)%sUpG8y$7S!Q+MNsvr1BpQ
z*=-#7=udov)ARF#U$J^dwM~=KF+m-CrH^#K@@8|g(~6JRU_`#E3_Xz^WBYwLY@e!5
zZYdr7!}1xE!25R;|GN5=^#vPHG}y}@4IaI%!E&4)l@9a*DS?tw2z=>I%V*N=X(kt9
z+7r_7VOetLwj$bT=%n8JcQ}F<d@c<g*3)xrMZ$zM+M#pCoiNU8($M$x_fU%&j~fL>
zPxzb>NvZ3K9G4WG|8+;#`@aj}tKwVW<3w%x*l63SYx<j&5|fJ1l($kEMZ>^Utz3Je
zKJf$K{J2VKg|+)y=Zq_H@bsZd`WIh&@u1PKrT@P}QOjHad+u>!4G0vL=j{GboilzG
z#!#jA-W#&}&fsH2C_R9d@y9t{G_GuAM5~oDJT*W<<gHYu(M#W(26>jdhDdZn@ZEC3
zj+))k(O4<Huy&(5r+)+ZlhepsWNhhX&0F4VY&-9zji$k_mJBM!<5IyM9ldP&d0~uH
za}Vo|6J5o{(FYNy-cuFR!}scF%L^ivEM*mMcuM<p3c30emgmQ*wppcLwDdm?^1i9d
zhiUMu$u8t-WzN!(ccI~2=>okSQy!E)HK%JN{b((%elopGZk&=tUzH=)F?$M)TJPD0
zF)2L<$r+F@Dj$ZSd(RZPr(8qSpjYI%Q*^O)>m7`aZnAm~10UqcN&_RDpLw4x{fD~=
zTN=k{IKF2J<0{z@4KPpn0G#}@YdbeTnd<5?rCaaqt@hp;pt~o~w><_4WbhZpeDRii
zfk>Bzzg|<Ad@g=aet+APxjcIwa`ku(B#7_Jb2i~&yhWIjN@Dd6I?~Y1$79O)&_^%O
z-vz<`N%gV23AS(NyZ=>W{1w--yavL=vwa74pKvf9M<;SoK?R&LKa1u>0uQH8uBudy
zE#E&^K*rZ3Yz~g1U+HRv2=0Z`_Bh<}oR@!TC_epq<YRo`u)&`l<YP9Y%wDUet;RRo
z9R&S-8YVyZdTngydk-mcu5r)}&hqENsy3(&!cvSz*p&V-jE>o})mwzBZDy%u7^nC;
z#&LZPeQ7Y>@<OpX;~+t(gQD;Q@>eY<c5<Ka@*l*fytf<=$xg1CXavB4ct}|=*+Fmw
zpL^wpKG5&h+1_S8;~2Z_&3Sl-^D3HqWkbPUE;RQ$rj~~B>fpV%!<PA;Qeh>!ioTnc
z%8geJTro}i6$G!a-p`JFA^3JI;w|^KtK_pNHa?1d15DknUR}D1PDwr(3OCNE#nhsB
zC;b&!{t)o9MA1jg_tX8CPM@#pQ0g-dx^ckLX*Yt=cd(s1^(#XhO~DM^uhmuH*11YC
zIw^wD2dm|U0#Y~lM298Ot!A}CyncPf>)0(76np5=Wo*kqLq4ziNo|~-4u&IO1|I`G
z%)!IDw+~$U&Mm?EWyV1j3OVDf4L!z@$EA2XEeNcex43aOxp=9##FU$jjZIY>2l1vy
z&#p)HtGzJCKddh&w)Z(dvs#)-?GIY=&cdF2!@fm>pA)ucgnPYrJvVsFzVNnh;(Iye
zIR_j(!LAl&=%_q5{(AV5x2hgdlZWlIgK3G66X`kp7~C3u*pg`rs?pSwt^4<DZY->T
zppB98dE|#0HuTNq2JTnkQOjz0Rc%8(hbpXfDsnWX81Y;7zH;G4($(<h-yuz=UkxqQ
z_5@5V@Ep&}RRT?AFa+C^gwsb^%a>+xf@<FzX|EZ_B>Xrqf}t}Jj5;pfd29|X*e>76
zt8&f@&4oUh7zZhu*7|k~kW4?bpi3AJmZlaR`nmIa!zdKZUNa7JecQ<hhU~}l;3h5x
zkjp&ApFMc_OWN<IC;`J#cZbxW>s>~M@ezhm$-T8X{y6YU8)6Cc5yT$y<ktIdRSB&u
z+Vq-n6q&fd-l?NF!*;PMuUxLmQ#tNs5{N3L(Fpe9d-Fm1@bIcxRq1JnA8?@RFG2hm
z`MGHpFRY4a6^(nvI363i-*9xyc-0{^a_x??)3E$k=DH`Vkh8355<PEuwM$tqaWf~d
z6P+xtqK}yDTyOh&e(n|HC~|hbJ@+CQgR~`A9-hbP=s$k5bLP6N6w`y>&rU->E4qZU
za&Yk}Y>2JZrjH*2e7Jq=L0R&ki&b~yK%kDFY-1Of3<5iX6ur|15xAx_m@f!^pRPc<
z_2TFS>FZ+Z)cZDmn+2ZZ!8G*2Pp<@~bvKR&hK)T0bM8>;0CJsnM;I~<%fn!noU!Ef
z$vTSHtwRB+E`6$(*=ogMP~_PCY3Re#oPOWn(VOYYmsP#G8;2zfXG$q~3gt1vQmkn1
z58J(~Rsr6T8%Eb#UM;O)`?D6lK~KNuCDHYiH;dfnrw4Irov*8L+%x2WHpClem4Yqr
zDy1~Fc*_fhxVsig@F-q-u(*6p=yP_TGC;4q#79^jFQ#8s3qIm7>uMZk&bq`axN@yh
zAx^B}FBelTTr_n~oB)-SseO)Q`gTWUxmr>D@_fVXMIkIDFFhUg@<WCb$nSpFu>HrV
z_Vq~XW*igQxIAKwOVtP^!PUr-X&`Sa#<;y!O3<ON_^SmE=g)fyhq{fYl|J03#2}^&
zL(y0I!DIEhdXKspN88rc$#~K@*efuic3TmF)OM{#=d#7GK3<ECp~F7110qt@VT!+6
z@IaWDDsB(sBS>HI0RuYy?)I?*YQ;|ww{FIPx7shEok0?mT&WZ|BBgS?X8F5`=))kx
zS>==Hd&{$4ttc73yXdv&;K3Fsy{I%&Kb+?`u-xUUeXY~F7{`t6<3>W@adJeU<26#t
zY-p(2l;V3TtHDpLI)PSU*x<WWLm%!_T$34B+%obgyj)THt1iYNxb<yPfIN~GlB%i3
zEoa6P-~0T9&RUA^<)@53f<bS2E%{g{^1sKxDSGL-dT{s%@He2ial_fQ<Vj)I+&Cx@
z#cL1eOMz+Qiv;$i&IXw0KECPZHpO7A(h?u#^n?7>Vzr{=`q|<aR$|BakrF@2`a!G`
z`BhB{H;c69#?hzU+7^O0;Ax}`0!vZ3$~)&NO68yac=0P!vJfr`qZ>aZZ^t#%5oPpk
zK4sivmsj$ZeH87m`|u36rO*#eF++dZen{fakA~4obFb#c@smZbeA?a9uss6IC&+cu
z$uAY`*?A{8RW6j}{v(Y5mDZ);FO+@=f0feEZTC+LUV04!XttJqxbY{;%8k5g(Uiry
z_?6bnSK2U5yNR98ccK1-U$h@Q0Y-8w&QK1)fOXD_Qc95-rAD{a)byWeuq&xcOIeUC
zr;oc}!*id`w&K8bB}7uTfd{(@dbvA{zN4Q-1~b0(^MzBMPYGRd^_qJQFK0hr^y1^|
z8*)40jjP|wkqb@OsXWX>F8+aubDpW<HAgSC_|KvA(L@G+G{uo;arlcz%BEEGZ@VAf
zqbr0yzM+Tzc1=&iPW3bllB%x8K?Hv@ck=3q3tzktZ@KMZ()U;39s)Ay;_;$Q&6cl3
z+j}V&?xn8|J1c%<o*FfKTh`|D#MzJF_#ppxI~cb00YiBmU%R=-)eEOwenaQ;nVo0R
zm7p%uN*FW0m_K<s?jLpKh(pI%mi0^c@}a+8@Yi?4>Sle9_BlY$hILbiN=Uv?t6eaM
zq)K{PHvTrZq3P#fZW-P@{Ksn-OnF3=^+wuj#-W7$)x61X;`5>3Z$F}L+rn6^FcVR+
z``(I-HRvR#^WID_t%K(veO&kP>uY{8eEc!j&41xVrJvqRd)+vc@HZ`b?hEy~)@e6f
z2Y%Yh4nCzJC_@QPGygt>7y<uY41-wwyD^R!ePv$+&ru}LfhmN(@i!^0$7&^eA*)B+
zB#nb&j+`4?Aoj4=kG3}HejsoAnCg}NzYSrNG!E({S{2Bk)ZSoG8!e&frmCb(Rc`r=
zM~-B#2ca7w`GRyMvi2tR-zI4sJ+xfGCcYbMsMQG!L&hLw`Ay0uTwym!;}G3qy=dSw
z;1CAGRSdOf80-hq6r)xzc*cS(J-_HIaHCE;9d5t;U3~Z-gtk&yB0&=u00000NkvXX
Hu0mjfI5iL5

literal 0
HcmV?d00001

diff --git a/docs/overrides/stylesheets/adr.css b/docs/overrides/stylesheets/adr.css
index 7fc4a9c..042546e 100644
--- a/docs/overrides/stylesheets/adr.css
+++ b/docs/overrides/stylesheets/adr.css
@@ -107,10 +107,10 @@
 .md-content {
     flex-grow: 1;
     min-width: 0;
-    max-width: 1000px;
+    max-width: 1500px;
 }
 
-@media only screen and (min-width: 1220px) {
+@media only screen and (min-width: 1740px) {
     .md-main {
         flex-grow: 1;
         margin-left: auto;
@@ -222,15 +222,6 @@
     .md-nav__item .md-nav__link--active,.md-nav__item .md-nav__link--active code {
         color: #9e0000;
     }
-    .md-meta__link {
-        color: #9e0000;
-    }
-    .md-search-result__more>summary>div {
-        color: #eb0000;
-        font-size: .64rem;
-        padding: .75em .8rem;
-        transition: color .25s,background-color .25s
-    }
 }
 
 [data-md-color-accent=red] {