From 851b9837f45bb4812272659271b56c4e64d76e95 Mon Sep 17 00:00:00 2001 From: TrueCharts-Bot Date: Sun, 23 Jan 2022 23:26:18 +0000 Subject: [PATCH] Commit new App releases for TrueCharts Signed-off-by: TrueCharts-Bot --- incubator/synapse/0.0.1/CHANGELOG.md | 10 + incubator/synapse/0.0.1/CONFIG.md | 8 + incubator/synapse/0.0.1/Chart.lock | 9 + incubator/synapse/0.0.1/Chart.yaml | 32 + incubator/synapse/0.0.1/README.md | 34 + incubator/synapse/0.0.1/app-readme.md | 3 + .../synapse/0.0.1/charts/common-8.14.1.tgz | Bin 0 -> 40662 bytes .../0.0.1/charts/postgresql-6.0.56.tgz | Bin 0 -> 75629 bytes incubator/synapse/0.0.1/ci/base-values.yaml | 5 + incubator/synapse/0.0.1/ci/basic-values.yaml | 5 + incubator/synapse/0.0.1/helm-values.md | 123 + incubator/synapse/0.0.1/ix_values.yaml | 313 +++ incubator/synapse/0.0.1/questions.yaml | 2423 +++++++++++++++++ incubator/synapse/0.0.1/security.md | 25 + .../synapse/0.0.1/templates/_configmap.tpl | 153 ++ .../synapse/0.0.1/templates/_helpers.tpl | 20 + incubator/synapse/0.0.1/templates/_secret.tpl | 55 + incubator/synapse/0.0.1/templates/common.yaml | 11 + incubator/synapse/0.0.1/values.yaml | 0 incubator/synapse/item.yaml | 4 + 20 files changed, 3233 insertions(+) create mode 100644 incubator/synapse/0.0.1/CHANGELOG.md create mode 100644 incubator/synapse/0.0.1/CONFIG.md create mode 100644 incubator/synapse/0.0.1/Chart.lock create mode 100644 incubator/synapse/0.0.1/Chart.yaml create mode 100644 incubator/synapse/0.0.1/README.md create mode 100644 incubator/synapse/0.0.1/app-readme.md create mode 100644 incubator/synapse/0.0.1/charts/common-8.14.1.tgz create mode 100644 incubator/synapse/0.0.1/charts/postgresql-6.0.56.tgz create mode 100644 incubator/synapse/0.0.1/ci/base-values.yaml create mode 100644 incubator/synapse/0.0.1/ci/basic-values.yaml create mode 100644 incubator/synapse/0.0.1/helm-values.md create mode 100644 incubator/synapse/0.0.1/ix_values.yaml create mode 100644 incubator/synapse/0.0.1/questions.yaml create mode 100644 incubator/synapse/0.0.1/security.md create mode 100644 incubator/synapse/0.0.1/templates/_configmap.tpl create mode 100644 incubator/synapse/0.0.1/templates/_helpers.tpl create mode 100644 incubator/synapse/0.0.1/templates/_secret.tpl create mode 100644 incubator/synapse/0.0.1/templates/common.yaml create mode 100644 incubator/synapse/0.0.1/values.yaml create mode 100644 incubator/synapse/item.yaml diff --git a/incubator/synapse/0.0.1/CHANGELOG.md b/incubator/synapse/0.0.1/CHANGELOG.md new file mode 100644 index 00000000000..115b146c5e4 --- /dev/null +++ b/incubator/synapse/0.0.1/CHANGELOG.md @@ -0,0 +1,10 @@ +# Changelog
+ + + +### synapse-0.0.1 (2022-01-23) + +#### Feat + +* add synapse ([#1768](https://github.com/truecharts/apps/issues/1768)) + diff --git a/incubator/synapse/0.0.1/CONFIG.md b/incubator/synapse/0.0.1/CONFIG.md new file mode 100644 index 00000000000..fc9b2fa2d5f --- /dev/null +++ b/incubator/synapse/0.0.1/CONFIG.md @@ -0,0 +1,8 @@ +# Configuration Options + +##### Connecting to other apps +If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide: +https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/ + +##### Available config options +In the future this page is going to contain an automated list of options available in the installation/edit UI. diff --git a/incubator/synapse/0.0.1/Chart.lock b/incubator/synapse/0.0.1/Chart.lock new file mode 100644 index 00000000000..6cc62d74e88 --- /dev/null +++ b/incubator/synapse/0.0.1/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: common + repository: https://truecharts.org + version: 8.14.1 +- name: postgresql + repository: https://truecharts.org/ + version: 6.0.56 +digest: sha256:42e0947ed3ace4c471cbd33da0f4e1dc99404b9e405163e5e7451917aaaecb28 +generated: "2022-01-23T23:23:37.27707394Z" diff --git a/incubator/synapse/0.0.1/Chart.yaml b/incubator/synapse/0.0.1/Chart.yaml new file mode 100644 index 00000000000..cdbcc44e71b --- /dev/null +++ b/incubator/synapse/0.0.1/Chart.yaml @@ -0,0 +1,32 @@ +apiVersion: v2 +appVersion: "1.50.1" +dependencies: +- name: common + repository: https://truecharts.org + version: 8.14.1 +- condition: postgresql.enabled + name: postgresql + repository: https://truecharts.org/ + version: 6.0.56 +deprecated: false +description: A Helm chart to deploy a Matrix homeserver stack into Kubernetes +home: https://github.com/truecharts/apps/charts/stable/synapse +icon: https://truecharts.org/_static/img/appicons/synapse-icon.png +keywords: +- chat +- matrix +- synapse +kubeVersion: '>=1.16.0-0' +maintainers: +- email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: synapse +sources: [] +type: application +version: 0.0.1 +annotations: + truecharts.org/catagories: | + - cloud + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/incubator/synapse/0.0.1/README.md b/incubator/synapse/0.0.1/README.md new file mode 100644 index 00000000000..c24e7dcad2e --- /dev/null +++ b/incubator/synapse/0.0.1/README.md @@ -0,0 +1,34 @@ +# Introduction + +A Helm chart to deploy a Matrix homeserver stack into Kubernetes + +TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation. +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)** + +## Requirements + +Kubernetes: `>=1.16.0-0` + +## Dependencies + +| Repository | Name | Version | +|------------|------|---------| +| https://truecharts.org/ | postgresql | 6.0.56 | +| https://truecharts.org | common | 8.14.1 | + +## Installing the Chart + +To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/). + +## Uninstalling the Chart + +To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/). + +## Support + +- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first. +- See the [Wiki](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/apps/issues/new/choose) +--- +All Rights Reserved - The TrueCharts Project diff --git a/incubator/synapse/0.0.1/app-readme.md b/incubator/synapse/0.0.1/app-readme.md new file mode 100644 index 00000000000..8fc105683b7 --- /dev/null +++ b/incubator/synapse/0.0.1/app-readme.md @@ -0,0 +1,3 @@ +A Helm chart to deploy a Matrix homeserver stack into Kubernetes + +This App is supplied by TrueCharts, for more information please visit https://truecharts.org diff --git a/incubator/synapse/0.0.1/charts/common-8.14.1.tgz b/incubator/synapse/0.0.1/charts/common-8.14.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..8e6b665d8adff585fe25c4d40d14a07527fb5c91 GIT binary patch literal 40662 zcmV)bK&ihUiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcciT9UI68mpQ{cy>Z`-}m)3WSnH*?qRq`Pw_aeQJYefKvz zCxJ-F!k8l21SCh}&Ue2D?*~Cj@~aG*qLSb|8-wMb1&c!eOd&;twh~0*5*L)e`(csA>@SewNeRmpnC2xoFBgat z5NXZwIU0i*r3D#xyBC9ws6cEQXt?G zQdp9X0JR{fjPs15jB==p?!jo->mBUxw=U7@DlZc<+U;hVtgU9v%5YH3P zZi9CP%08Z+08*eBPjL+5Je%T+MG4tjZ#@D3ouDaPq?8ptLkLVznqRf@0%gl0dp(C2 zXxsvT!#d+IR)EeBkOe@TVw6#US-}fLjKS;aNls5oL|BJf9NN#gL_aQI znQS}iSGYtMtYZDR8`v8TxrVs`G<%?z{Z6kl=neY4=l!7`?*oX2)5Bi>aPM&c5GA9% zgXfdc^l*AGnjWI*aN3^?4~CP$U@$rC?H{1t^Zo?(CPTD89Sxp8f4&J0TMczl=5q>h zy6s4-di4XXA#XU&s{DFb&L|H$!_GhrZ~vf=dWT7zB>iL*_nuFt)91tI@!mm8w$a`xKZYIHM1$t=(5wxg@+)sL=*yy57o z^6O#MGmHJ+ezG^*>!IWz?kB^&DN6c>$t3Cb4-O^=BNR_Y(|GS-)bH<2;$c788zykD z*Nca}0URFg?{Cm{{pcR0S8zq-xW;*c2r8GT+;(J5&HAxrW!e(_hQn)B*$ART!oyCl z(^rF>Jcs-Hhl2sy8xA3a@id0}{r&zF4kicaU@|#)p0EM$O(uK8Lx}c<@dzCZpYIRj z_&Ge>4|1t$^IK6dObeW$ZAV(vsvqSe0d>Ox7SPtgafWq|DT|sl413S__nr^oWCGFi z-T`_(ob;!IX)-{A1dZb1bkOU={mJu#-f;h5Z!p}8;USvzN6F+cP9_KO+NQT-yE&m3 zB_h9U&vj-r;zfVROYl-7 zL!Pld;6(I9(AIktmk3e>b|lBz1u#p%`#eo?cJZM|AeD5pTzq&?DZJz zwOZH_9fGME3E_$hx0K=h?)zGnECn7HR^SY!D5iM{V4CJvgfn0S$qE!WzQoxDfFQxs zDJspzF~Ko?2JpPdOA0fpc{XRK;KvWIMQ0S`F^Kr@s3jX#Ojy$Td=9f@hwN%NO31Qh zzzth1S%@#?01Q}OkcQgqvsLvdNkk2tX%+)$t{^S=ngVS4Co2W5(|Q6#f*zbx zNM~R{*fh>iItNQwVpf6hk_Du*G5EIoZKWP-ZI%=IOpwDDI4@E(X5%4%K@cwp&FA3t zDX+`QjzRzVpwk~6c1EMlCLGIsrVl}o&3!K>p5p<=8togmPrm&3ze6MqH>Ni zM8MSyv4J)VLQp=d3d%)Bz!j!5aDM(jikdntN>^Gfx*0e^6Py`<{HF_&FGKKCUgCc- zNGUkY6L7SkIf-G4N>AJVuLKhg>#r>+%ixT2yvh=wu)IKY%m~Sd0V(k3ID4<4cMfsaK1?LV<>9G1+5j9^f{!tGv7v3YOLn_)Z=$A=hcLE1H^X zNzN%L!!ur zFpUtE8BAX*0L0peGJQ#Z7=s99WG|BYQCz_JSpF?H|4}lFi>RjVr0g|SW!o7Xs}ex` ze0_RsTegU<1V9@^N{{Px`h#9~F!U^N84U;*}7#`9n!HC-v*!4l zQ@(#=>!6e631XwrYN=UOn+vg9d5leB4=+=O-rF#Oabq-G@^X;?CQ$)QpgSN%ab!TF65a$EK#a@mgJO3mIdZ; z1xiHnbcsMl(mcOh6aW*l5Q-h!=z_oLrN*Ex3c_&_l8TYO=6*ux2-4)Ov;_Z>yXL4L z$z6dsU{jKpAXvsTWGezf&+1AYi=*w@U4lHC6S|W0j6MJT?Oe4;-7!{Os zRlT;<<#2YvK4y%WSbT)EWx?(fA$M?g(WWz`UhlSqcsLV3-{9<$xCC^E|aYT*}T@1PlXZV%*BqIiWk`t`9M%P2K%E!_2S1eUli)i)cr{oMUf&lUohn# z)a=W0$1}zT6oJ3X-sd@ei^&|)c(xtZb0))$m624jFG{?`DY~$&6D5MlyDVL?c7MPr z5=>7YBylV3sjByi#4wd=l?K2@;3VgW>uRw#BhH*O&q|7?C|<=Ws_U38VC{U)xsGL- zfTRd#*gXS~0GI)sVX8~8eLW*#w#e`t0Z0MP2!&}1@+@6-TJqPi26@M=A*SA=1oIQN zg)rz#O6U8ZPD>uO1Tj!&pDJS(bCn4yJK!gjT3Q&0&3b3UX(L(F6U$Z^Z``3!rKWy0 zVQF9maXl^b391~zx7(ZWTcM<>xn6ib5`Co*>k}isN!I~%C-6oH# ziP{OZ+u)4^1&RRPtV|dR015}|BF{35GBg_YJ&Lg5?nFehwZMsQvrjh+vn)~_%v#n&FT5^ zscGQ#6hQFP`T41A0TUs*l+A*(C-%L|{&S|~@2==_0qIQD2{qk~p8vC}tbY&uS$3Ogs~4iZ*6>nh*t1dMPMw6og$zIe=q6 zmiiBe1k;x&g{w0Z=UGC=px={U3shn*WWD!{L*@&rKkUo*Q;5?=iOy#wA`D^n#T<1e z5Z{Q_^)d?+yZ(GH)UKgFlKVE~?he}>(|Z{B?~UNkgiP3)+@&lD6Faei-Z805*pGz1 z4WZkEcE@BM0(}=m?i2GszJKyWSf}R*W&~ggW=u~8bNB_%7juTy{&#!57ybPn+ZD39 zoQxQjU{QdHFot5vR|N^LsQQI7>a|)zV}*{3jJx&Va|_?g>yKK}sIbOPhc z^ZZSILEdGr$}%rM|3<^0oQ!1SFD07M(Hz!u3B6fYee*9=QrhpuOnC8Mo&us(Qi%ul%adV9)TpNYT!l93~T( z!YoGR?lZuCelLGMQ|8^*r_aDio}g3Vf~5qx{wl0UL1*C_*VE&*6z&b^etYMu> z!K#@7vU+T}_2WVw%Xe%l$}UoLMqzyU44iUS`*HzO`Qp9kjDEx6;^GH5$LUI0SuGGP zS3koAn6jdnGY)9GEpZExLF4u5a`=q>cVst#xiugBBRF=#db`1(Sv-}G(v2A^lTj8! z-DpabnrB$+TJ~C~Ra(Pe*YH?A7Hb%+1?Pr5R*ZNpgRNn*4s~!48F!#Jb@Gyqy|RpJ zv3}4z&eM+d?QBtS7?v}@XSU1u{7n3N#{M`zK9y?JhnJ_H?doDf!am8ZNdd1i0NMV= zc(`Q=xIonKeeN;BNa@4-H~cG?66RFN>b*dC%%OW-(q>x2;klzB@2a==6GyI&IN-e& zr}Q%ftYanqrQ^=-X9M~(n=u*wgc7;Av8F*wIGpK71z`cUc04#E6u|`KQ>z_T`g6gX z;Iq+TGb~*$*a#(Z=_!W|BBst3rhJoSa5q@{^x#A@N~tDY4U|%4OF=$MO8PkxmDnS7 z+e1Emp2r~bQ*PElv(gl%+xb+~7G)HVp(R99d})8VJS5_Lzko4P zPRnpXa~)kEAq!t%en4o{M&nLq!(>bV76oGaQwE>?mQ9-{)3Ei4s?Is71$}sKy|>z}c6YqBJFK7;|@bwt%8P_~z%1w@qqOEC-Z( zmuObX##}09% z+%t0}FS(borT>VaD=u%_(w(uB<}pl-&f+6gKsqx>F#tvzWuMIc!(es_>8t}bLkVb0 zeAjs=ETUXiBusl{3Z9kG3jFm2=y&?VcCP|S_=lhJXmIDFWt6J4q=c4Zj1tmMn+gpn zux30c!ohE2$Xr3*46?O-@zkmFH)lS%binsHok{OY?&QkYqo6D{14Ws0k7Vf1j+hUc z5{nyX-%dfk4%M`2N-T_2_>A`kW<2eAx{@`q&92r*|Hj7J7VB-_rDlApYrJ^IzyjC^}l|8 zCW}fhepd3^_P0`c61%0zg1W0jyno9u5)E?XL`({J0;G#&^_&4uZLr4P&#R+^`vbLw zPcW;i{G}@lc}vTNXs_9@aYpkJULbI+qgf22b^vfg4naJw`E&d8Gmxw@IL9&5$V7e* zHkdrVkXVe_sm8UB_W%9i?DI3n2StNGWx#$Q`&EU<)-;{**p-wZ0rCPbQ3iLi;`uW(>C(MMe`gEN*_~J?J*v<#gTWhL<%_b-L0UL`kfyvi z&;F?r2y^4bX9vLNjunUx0a;Ai!dWRJiY)b>ATbM8*~Yn_bSd)x@#tc`bl6n3$zsB{ z4-zf0xXQeM7cw5eVT(sRMC5I5XV6j%l6s{3)|eP`snT;jSwuI^^91Q7WQ_0==~^bI zPt0qA%KsyQZe<)7FuDfAw!o06SeG`#f(X+%)Lk2c_Xs9Gmzbh=Om#KgKc6801#`@& z8b{R&CU_7rM+voKL-4=Q7(9Re{70;T3!_5LH!*@D8Iu)ZD<6-+qR2DwnI~6SWHN@~ zvt(SXpda^ttoJ2K_$bO?lQDxO(^u#fLK%Rm?UvuNMtPe-)+5W?OK`c{?61gBNXD+p zqc?Cu_$kbNuHO}v0|uEnO7MbPFC&pDBQnwq0y;0I1nj&&dfT4B_>#?&4vg7VD@Fp< z-gIJ$6<{{gtS-@KK2j#}?|fB>hFw;}52eoVzmWL&J#YP^7_rY_iXdgnR zhhTbWUgSIjz8ssznP#PLIL&lk{0=8r&hDRYavyH#my2v%w-Mf8>6eS_kuEl;3!Mi> z=1Rz?0Gb`?T&ASC-PAL1OvP-TdRD5Ppyis$SGd`mR<`%&8nLt}urk#RUq>H`NODQg z(o$^I@gm=h6sVkILipZZ#3sbE{3;W9JZAG;kOM*V)D*0290R*)skd*qm(~FUY+61m z%s=~dA4O~%JYT)E`*UVzFi=&`R|U78ux&&nt8$YTqW&mAUn&l_y;!iS^d2~gWpSTrV=JOF%usp$O6UO%5w`_gyJp2 z<{*Bt4mjs1+B!VeuYj_22?ND&(6c@XEBt)bR!LH7=t>=1Z9-bAtU4`SM_1%be_;R~Akp)#}#St~NnU zwbq7N(uNtuZS`iirTz*aN%JC4^NZD4!ItFlEiqNGqC7-Y#EGf~+Jv{zHiN+wg}Ua6 z&b>E>U(PPk)foI2&M3M-<%2-;R7RYTJD4*Llh2QV%f~=B;-yz*`uS0cAwk;lMQUv*qa_w^yNJeJ z;m^iKt0)-Te|@SPAw?mTaqmttt-&N|O9a|9=QN0D+~zp68OP&)wxPhhyW6t*q30DB zRuajX3MaWf7gqhSsx30nS22pyJWcZ}o^1LFNEy3$24M2f1);)`9uklt#?xWB5_w={ z`e3oWDAN^~l-%_kPAMwEw`PpL?eLUMY(|9Kjf=$?412xaTpAbW{7$FCA2H8&BWBSm z+V=|X_ugWY=}g|YD*dqJ2`m8wEl~+mwlvyo6ReV=iKA|v&nn^P`O@d1(bozliO&4n z*s}KU`gnRGo9}?vbc3dWykCY#y5MY@Ka&=Ld_lqA^F_%v`9v({ahI>&&gCI#L)xC@ zbG|yd`J!x_EY<4T-L|?WR}M$_iM|uEy)3e@VaUqZ+X7%&*r7qTuFU$$FK!B5+9Vx1 zp6NR^^AgziQR)kuWI;O?r}^GeQLa8(R5ob#p5ovjK^etRcu>halFF{b8as0W>iMc` z!(9!7DYDWArBW0NyLP^~P`=AbSJY+}pvxLZrAwTqXIGfUGwZMjec}1l6PaU_e0qJl z9BN0k(ASY4oh-Q`>xz|bPK}_Kbg^a(-H8W&E#H?SO|4X)Iv7&q#Z#F^g#V+mpA{J( zI6*PAuEnsdT6{;~n6u zn`hc>xX}Ei4YEA5xPXs<^(B(-wB62B zn7o;XyNwDLOIQ>t0j*dTDiD*godVAE1)aDg)S@ZN9>-xzyk6o`Bx$piBH=Qgu0-x* z#W5iG5mW2ZJI2_V*1;WX`F&F*UP6k%+1XEwZ>&|HE--aer}yxR*Hv&73?Mz<`R-gR zJiN;Hkf719jWRZZiC?=Ta=}k>e&2vvXH042?y-DtC)>P4Y?pqC2&1EzscR+7Z9Db64^~a#2Jo7?b^xMOYWkSR6D&&m3f;&W6&S$4f@vG5Jtes z*`abAN^DIo3acHfz>_EUl9hr3F41({bYH~{vQjt=*gs5`3a~fo_YMRdSSc4Obdc%n z1zQk;v8>kxQG;#5sJ+N6F9sLLTXn?Lb($h-197sfb|~hRGt_NEUTcG1RW#>zI+?yG z-za28Crk4SVfG<2To@r&<{ubwxXu>mI;x!0&V>#i6B>Z5<-(S|NOKh( zq=Uw#lEW%=zw599!Tq}IxOF*1Z@YDoAxdVs2**Swg8ye61*hXmJceyw;&>JldUHg7*3{Rf4WOiI)j^0FaU>nGOcs8quKndt{s_+A)z^u1KbZ@JPxHiFAKaludc!t)yF_RFqiWNk21pOBcDwR3(T*dN|44Kx~Ju?npKl4ZAu-r}bU;>(|!x zwf6FfM1jt%fDveaWkQpE#Z%DvDCE3#PjyE!3RzGTeL5>3kD?vFP#4i^sN%d^U3MIS zj$2b~H#e{R^=qr$Znt28<@RF?EbO|=!30s*Z(ZUn8H1V?)tVy;g`1A@Y`nfUo#5!n zeU?Vl$4q=@82t(|%(yNELsnJgyXQ@v^WMq(4gqkmE(+3J_T`Ba!}j{RrvJuqiEXFk zC;(vL9-1gIvfx*3Td>EP18}YouYqEfu|V}D0QjP5#&SeHkOX!;+LOFffayTqPaBqD>bGO8rxi+*%1H8tfjjC zb=1P0ae+1Kzdz{jdFy|FZ`6NW{}1u-_5Yr)WG{J}UJNSDl=1|Tw|mwtU`;=D%UC2Q zx3btls|{!6l`y+N;3=!{3_LaAG~*XqNiZ*6<;Ik*Y!#%+uL}rB45-ya`|H=1F5Uf3 zWbUy}$n1~GmID`+7X;2!9JgF6g2cma; zf(5t;>?Am*Y!>zO`AzP6L+CR`eokc1Nd%rY>SdN%_6KC0e~PEd|8+jPhvNT(!N}MD z_J_URBmaMhr_uhyn3`(=;s#PqAZI$@EnxML=R4b&eKgrcLF0-vQwS4<#vp7$*~olz z3)_mSzzp6OwjnObd^CJS{Ah zaj8Ti72Qvm(7as9lpEF--fAyYRshx)a&aX1z433XscD*=j;i}6Fjpf1UeUD#ZxIXt zmEo>yE;QsFHVkf)hwh|1V_)RSQFY84#@z#E8E{*w?Rt3 zF8rth{0UTmGIV_7)Radz8jYufmXM;072D6MO?mVl2?C5lKy(fJY!PM&*vXIu&j8u2 ze96-kXBQueM0~aeZ3=M;cKAY>g6Jft0D>hCcGK1QP2g-1Sqo_A8?qajCUz_140L@# zrQ+1(`r1Nk19B{F#DQ;?;A4P(Y3k`tUV;u;lotqe78zVZoWet??yp{XR)0mjH8y|w*|PX6 zI3as~qB1O1E%`!i$f*a?G3HD4f!pPGd^V#HmDfy0;OXvell9-le68)jeKX^~o<6s| zO%4C1I&fQ-)5+NAmuKK9O|2>LhmclTJf4D%zW&PoDEs9cp^RUE9iSAkZEMA0U=SKIWk=S*(~$=}e*RE*RR?wa1I z$?$q75qjbAtF=8*C#SN$NOn8u zON2nZu zMP7X=7(sArp}!sElkd++1&$s`HT2EM*n5qD8CEmBW+(xU*dJK1t3$sIJ$oQ3I9eY! zMbw73J+?O>9b0;AL^M`~D!EiXx`g6GSp{9=ZI1I2I zgQ3X>--sC-WR(p)^6^|28NXM?J-i8`w=A;F@ba_XZ82=B>gI!{YHWs@pLlEw)Kt~Y zQByV6p!WR&r-_LOoWr7-tWCIFr=ExnP!nO@9HzXC-H_*MR5VXic@)R_BBNf}X~>N* zG*FJ^)4SUUM4nTxr9F7a*aa)2AS#7Stz6Fo7GYY8RrS!wJqW9G{-O23fd03PA2$C-f6zPd^M4HbkMaKx@>JsgPfdDu zc^fFdUhbyZ0JsziI|CNWc&!7V@)$e)cx=1Z=p6Df@`Mr7T3Kl=t9H;YU`GcCaCG>0 z!4&z6UFpiltI2$Wyweq9kkzi`L&%V8`_=#su~L5HX#Z+UzMGeD9b32MUGME>wG;)~ z-PHF_jI6`X{H?ZsIDGx5@}&M_K2`qDB>vqBfOYZz`-6ec|M&JD`Tv7FTjhU*X==%b zkLL2xI}HRBDrdk&h*PHL8Dx6_@$Ya!d74Td*PhFaP_W85+Ku$Z#RA4<1E41#p5h)*G!qGNG1Y>1^%(j z7e&L!w^UM4d);j961Nb{Va$(Q1-vuI_P~)`1Jt!voY>O{%z>OZ7JZLW1PSV#sMi(M zqi%2&uBJ?2TnDw9%pcElxGMj}&iF1hfHm^Jx8EE2^8cWB@F@Qu;*s(nfwRCJ_ELz~ zi)v*>2?%4&vjyPahEI!V>30SEWr3;!Oj?N;i{e*8zm(`TE&D&)_9e9bIir2J_|L(x z=j;Fbz5U1a{~%Ar{-dt9y`jBFn{}H4K-INbo5p{tySgk3kb31>e^kl3_$v9?vfU^+ zH_7*?>egg?G%=!1vzy0=s?Ka0BkK0T7)scVdT$(t< zx{fHDqW#VkNv;d_YoJ9x*l!InR)YOB4)+x6XQ5tcvMJP0)w4tWydnMVLj80P9wYs3 z^3=+IC^lMmp$4qe{|_qXKcnIBG5^Qg5dr^ zN#}~_tZXE9>oCb~f7eRDnBX;1vDpM|JsTz7y5kKtAZT^scVt4os|-=Re{o)Jn(=Q$Q2up$P1NkWUhu$mk-?Coqk`(~2kSpT!jan>-c$UpU8itze1n zCoA^hCOd+4`v0Ks<$oOX2gAqsp9gt_{;yPjnyXvgykMC;YpHAB)DrFjoXNC6$XM}f zu7A70OO&m@`>hf+6Yv76kH=BAzV3J6s3;ge5Ze#a6LagkG~vS};VKABkJTrg?(tgQ z5+!Q{?uGU7?dZ}%dQHoG&PAjXhGM~V?3>yiZ1uE?T*Mn~+k;dASTU@2zXPu&?&46R zNb}X-&`KWqN~!#$sT1HbAt8tQ>Hr?Q?9>1r;;FL(N6 ziLE*y{MycRKINKOl%SiZ&~{Xo!7!I-r4Lgi4b=93>gb&o#!l@as=EJMV=LrD-H$AV~@U*Jh z>LLrayWMQ4gcO_3MqL8Q>tK4@wQ%YNvoYOlWi}*)?swoNqNtoRp3WoH#NE%%IqCny zW2((@sUV|etn4^e8dbZQO)R`^59BFpXcL+gG2iwFj-w4v?kzq&15al;p?2n1oU<->Xg(f`l81pVt7QlGrKhhX`8NvwdsAE)`FGX_ZDlR?(g4P z5Bhg~Hq`&6esQw{fpz{r2L~fx|L^x6_5TNX^!cBoBH#qY&{LOr(ocfQ#)H5njhHQS zdF8$S-okTkOo$wVq5Aroee9H|$O)!-xdLCmjvES6cmckCjRefoMVgAFPo6c>tyAb? z+@Ou(MTzN(>D%ZFPmokDvLo_=pmGd)>Zf#@?zK?19Jeg-fU@NqOx6e;Rme9!tJ=bZ zq<`^ElPKJ_%tcON$&Yza_p_+&7-O!TG&I^|9i8&?6K;0G(-m*3E2>ZP(wZ}XvL!C_ zj9*~0ge7L0NK|)F8HyYTj)|%xhw}0nc)H{RS?&8}puSyTuNsWUn2 zP|UVk14peWbDGC_ItJ&*r!81s5SvcwL9>$l@Ji&`3U{duqIR2W2JFvUp&H4SY5~Z! zx-W5Q+xWVX6A@BT&MZ@|*rdE=`x6gJDXf znT2TSFH(MQA^j^xq4oo;fae4n`$hL9mfEGRuYG%N3~& zBsYdAhkmUHe%$i?&Yq3Y0lm$(G-;^i*a@VE-*F9 z&91iz1URF)b$}ww=3AWZge~q5AtAQb^@Jb{T;#BYwkTj|hm#vXa5ruqyiFWf9O30S zCrHiyZJwYp80?Rj5TIx-Wm_9uqLtQHg?Y0Gsj!b$y+7Jh$NyETyIULoHsJrGVMYJn zA3Xa1Kggr`zfPohTjQTjs~9x>sjnf!pZd1O?B^ES#OUYNa7}(&+x!5CVF4#N#S|-t zDVQY6OR5b{UY&nBdinPCNox!Hpp}gBk7ym#)N@z1L3=#z-!jMu7-oscP|=;>tV?G6 z?{>`pAt^!yz}XaMn6B0%eaA+cdwkaOf8D7Y2ZOBP|Gk6#3jZJW9^*eATh*>c zeFf*~82l?@xh(*9#^f7)XE7`Fe|JKDRq|Af?>d$#|WvDrG}PjAcXWBp8#jrwe^tg3WW zf^j-(UT+=j=UXOjAN8mEvAnNPKTp!%d%)j~cdzUD|1F(=Hn9Ki4J!M;-rzC*<3XNA z{~tlTcjWjJTy$-I_$Cc}x3KFy>Wepg>em0V$hx2SU6S{n|FPd2^!)sfgM;4V`hSS0 zPXCivkv^pA$FC!`w7zYwIlb0bQAT-zGI6u%jW0$uAV63_(T!c<5?w4{d8>O^Z6JXL zTN`N{%OX>{MgSA>=?9$3OxORe=I+PGdz$#aTn61wf=usi|KC3t`ug8s|MC8>2YKrF zzX}HuQxB97fI5YRx1~-op&*|Ix7IC~CA=mKL>DnmD(ufwy#8=ObLQ}tKUYCa_p#%b zZ9m|KU-x$F{XV&6VjtC4a@Wax9%aq%>)D9^-*5hhy@Qd@|NH&@$Nm3qj>7#P6W1Ivu=X!;nx0)@8qeI;et7-<)z3$7-q@{0?@l7C$oqF6&R>1%J02-SD{vZlpbS(z6hA6%WXS@?}hdlZ8`gA#TF%!*RUvqU!X0aWF#-(P;^^}AM zB!t1pRDY_z%UkZrawM*#(ItW>@oV~45BmiGJ66K5|NLed1%Dp*MY^49)Z~l+os6VLqe?R8`eVFGS@_+by$M${Q4*Jw) zH=BBPKdtlZ{&;%w>FC4xPh*i$-4iRDu-whq?XO@m8lo)zeYiO_t$%HozNH0l?fM^8 z{eK_*e;($kv;Y09=KfABfRbf2^9}15By8O?INj2|r%iSh_ec*D$JV!d4;DVF&l|^d z-Rb;qxc+Zt0a|DO8SVMCyY6^LOtZi@|?Jk0zt4$>H*d~Ju%<6dFD=RGl<5PLUMJ{`**U^+}~5t|75!VyNLT& z&pQ8)gS~yv|L>qTc-;Rz$kTZLEA(!Eg{gAFe+!E{z57*NGU25UkSuq)NKSyGKYq7=q6wmE%?c>Xt>X8|sTzqA=6^RFT2FZFG* z>PlC^?#AF-{+0LS>(_683r(By#D*Wp`ZVwKic1W%>Vfy&(`|iYk6_p zeQ1CBim|)U{Uoq0H9z}ayj$yi{v~_A1Fg>*kns#cT*_KpD#${?h)2^{EcZZbkRjOa^~J$y=NxDY}BC z;0RF|Hxa@8gI__dTTe^z0E=7V1)xfs4wGOlI+xIM=v72tIF`p}fD`0@bDFG_^#`wl zU39sapfW=gk+@7EuD@}{2p+ORAY`4;1f3pzq zNeZ$-Q%5pFv7wNvQ;iA4mc73_14zZZ5z!K&DZbQwHq^v+QDwfM{8~R+u8JIIlth;6 zE3rP<*UDX?2|tKcr+=F^W6iT{#-91gDP^-IXA9Gf+RoXhty*R_3p4+%GdlJ1&*6TS zRHABXXaT2I~44zLrOry7_f zhABEm>iR?gD)*as?9KjvPjQWCDy}$Y3_HSKV#M!I4mD=B>+jJLvjrREx_AmY2Ax_I z`4Cv;^k9S;YhXt8k8+WkgCjWu%fRr988fZ(yQu?{Fr&0E)5`Ckw$rCtM*y!tP`{$$ zZfa}xbabCq>_ggayIP}=%4C_}Ca(Rrzm6Qx4$d zP_7vBLY<8AG3Oa&gM@F>y5gICPN41jefz`^*4n20A*)-0 z+gZ{7xKF+PuUN)+k^E(o`@ef${=feIX#es4hX;AKw*Q?fClD&~J{_kJ&+o+=SS+pU z-~y&PJN=23Hm2EDS7WL3VS!p(o$CwYxP?3|mhpC`%DXY`Nhn!P!4CQ*Trz4$yKc`E zvQ=Z2`qJ2>KM1Bb+Q5;Qj&k6&8ZKs_vCWs*Hw8(~KW7eas#J6KIOU~oyF?V?Y|B$! ztBbO}+N{h_I`5EKSGoSQ3+`YVjlm^CMJUn!?YARMTI3DyI#|1V+PMN_~5KcpHiDZ!@=&_APre`df*7 zr~RrFx4+gx@--N;jQMWUvWoL0b{5mLW=9?#Ij2;z*4>;=i9dFC8-2?pMb>Bl_AuPm ztm?6HUnnY>=zVVzkQEim%mP8Wot^7U!73wA`hD)n(!%29D=zAjjuj#zyX z<@HZTu6l*8ukCaY%Gl?iro4(y_#(DY;nXEd@z=;I=~}z357k4AU~8{WqctVpY#`B3pDQ?%;rc?qXe9Ge&`GeFL#;7A23H??Wwc*eED_b|Iq z$3b;p$93zr4q7dVx812)HyL%^Ac!#Db~F|DjEXYeOIM){RcHn(T;hVD#izPa3B%cB zNNPEXcK16aE`hv0-PVh?((Pg~Nimt7WGyjvcmR8)L=& zZmyxWV_sUa?WrAr=(MHXmcF*rXyZG~*t zriAHy09pS4CxKil|iIY6xc5xov1u|4CPj~A+GXc0Oxm1c`nwR4cZxf$tR*Cyra+7*b`Z}&+&rrR_s9Sr} ztU%VCHmuPEYSrIYSt3r@?^*$_3=LUK2vQ+}P_s-O-HeN%ELTc{#cQ_YHck9SG#%nO zhM64p>_eaWH55LY{ZpR`t+oGr5?i#}Sb^5X|Ls-$zYh+EqeuJCLplLReMJ_b_+pINYJ##2!4aYn_+HZCEgY zdQa?{%>O;GlcLOpwQDmEp8Q}(8D&m#!Th+TOd-gISDB&yH~NPBZ}fj6?T*0sb-lxC zi3nqC!pU*nn7JMH#>{n^W;G%;S-V<^5j5cqsKnug9Kvk|kf|c7zGHyXFfY-Hc!>WB zrnn@u-gnvpcqg{;e}|{a|5dCi>2lT&Z*lRTeAe*);laV668}AVjQ@F%C&a;Z;J=vv z$e6sXWDepRsHW+VL}Mvw*LNHr(qw*qxFCsZ6;2~;{|Wk12_o9zT+Dwf`IrTTd+jk^ z{*-ODKH(xVeUzOW4)?5n%S|P#!fm%!c}Qpceb>B`4SS&UaXs&Yv#V!sd@cLh_9wk4 zeJ@Z&1nl*Bk=pt;)3kXHUw|FsrN|0Bt@XC#<-;(%Z~g|&EA0+xjU$*szT*36hV%v4 z5z$}G^scSlNu$5>!M^mna zC}akzZ6t7r(a=y4ZY0#qX~+ub>aY5%n&4hjMOGL1Nwe0 zZ9ns zhjF+2&2s$BQuyX66hxx}ya2SjKGj!sTU62iQ#|R$sHELb?7wHX%ls{#b^gEof$#rw zFc>`M|9p@qr2nImI?210w~G#J+1S}da}zfm5-RCWd73zxZY@8ay27r1Oz83{=?W8! z6^fifb&YslvnqP1wz!EU+6|rpZ-$BLfkga?A3O~-#jD=`qi0-B%E5@#1C zzq}(@7{p7oYJyneC8TImkk=29o%->)?`Mttzl-!gYx95i_eYicpC9l4e3(a_|CAUl z5n$}JJB4z~%Lo8ZaSSN}n8>76ixMUEhd&;Vwj5qJkYxd{-yOy}=Lapw^@p!x4V$Hg?5DpBIZadX7YCZ~C9baPJozK{Keb!`{v3dVX>Dw^ZfJN8Icd73OF7ZF=~ z4b1IPIs838Vf}9gnF45;&hFFyr#Bi@@_&!^9`nCG$iwegIu>zSc7TV-;16J2=2o)D z+KXQ-O1a9*%QS~chZIN#aBpOC^$gEz)4B4jR;=RXA?YmpP7+sj=K^o?pE=Gz^bABd zfL&ud-E<7L?EY`SCY#p3liTVR3}CJQ-=J6V|LZ^A|M(z}xMM9%^DFST#RN$knY{5S z7k1DDWu4lkA54IDX+YWTY04kBb8J_#+U=EHD>Lx zNg$raW;2~*2BdRT6pFv|Q=Y<$cwSn$JF8XdQfpM<%wYyEP|}{rO9j4Ub`ZZcmnNJ0*#mWPMkvf;X)G!6YW(GL;70N+vHm_gZ&hY#Lpr zw}@g5ifWs!L?Bn9MdFMfO5Kr>Hz#wsW<)8jovmSxQqT2l1y)BbjwAmznrVrOl>68J zM+Blz(f0gB^~z`KQe{1g<9v}(#u69@Y3>Pe>YRA1*D~9>1v?@sm@|8dRx3t=iVNXx z9n{QCDp?_2oghiaQ)~#R)?ng9$mRtq(-nvzBML<%N@nI6E%P)*B~JjejzDzj^HmWr zq*(V+%5u_gK0!sAujcwF)-wgYtbD$9(+JfAhG?E=1l7RhU(e9iU;r$2CD4jb4<;SPt^1ipwC&a6H|M>Ae4^;+Z|n%m?9r5yEzAx z_6h8O$b?oXY@C)tnn#Pn>3#=zK~Ut$k#Qz?g9#OBt=#uw=uNn!{p}@=sZOb4O35o; zbi7`r84I9sa}0nMinEwxtCESxR5-yb%lX*yj)hwewh+QZ&!=178EV<)Zq2v~Bf2xB z;#Fld#p{g*($Xzc1HW!8Ex;QOV+tqLQLHrUgKro^t1^hx5so{IDVzjH(bNnQY4Ec< zy1^pbjx^kabn9E%Z0Jq>Fd>KWX=-=VIe|6w?P9cMf_!TCztm03{m_08{tH5bijXiHqKSQUsr?gZ5AhcDe8;P_~)zc7$#_m*AL&C zL9&3X86Q#dcRoUfWCG&Tx~xV63q*Swd1>ENVRLy@Dyjx`R2|ktg5Mo>vN=s#%Tf=v zn|wwMMWD?_CM95PBq!cI4 zL{L$i{7(-y^&5yL0cNcx7KC|&xpr;=@X>X|Rb`gfh$cC~A@$5@VS}l4CRRG&ndwxS zscd0|vx^%ED;xOlTTrPUZoq~aLKQZwMoj~1V!^VoGmAPj$X|J~aFF#@ziqSj6waHi zyJ}l^#cpdL-yN%!4TRWiP1`qMu~sA7vsblHJl5*GzW1rUGj>{qcPFe=f(@|IYJ=Oc zPy=~$_W6pBBM&;oDY`%j;7QFeU9p`4`a;3g3}v=Hi{;U=#aW%hQc?R@)b3b-E2nD# zJ-43U_>g%{R|z`u-KaOH4bwEgI#nQEkr<|YIaFX-w9ZG2z$F4?Q4}efqm07z$1-0O z1kfDtv#XiN?4sf{T@l1@XqOenF8~u4V1IOI^_vsdgfib^)kRu5!zI1BcmW~PfgIrAnvFe>4Wy|^h9k9v=ag1zAv<*`m(=&1+**^ZD+ z!O-ZdsRR8U81%rPnhgKuDDt4`A5TB5TWP9Thyo;j!y)MR4r+0W^Z5j4!ZSozhhdu5 z(6$o$HZ_w)VJI%nvlvpB#GOgEhR?#ZVa--)14LEiA{&o(MKhG{5k?xRysVBHBQI${ zWNaX!Z1B#(KuApePPInU`}KOGt3;A=Sydv{09$aI)JT0po+Zghx!euRB?o9*x=Tv7 zu&229vbp)u&rm=}S zq>{tScvgI#mA)dL>wjn(f(x3@A;mFF(-m*!_~`W0$*c2E-@iV2`RVM{`;V`WUsc8R zF)WUfBp`6(1)=%8_A}>wwO^A}2In}g{jQpRS>{Dk+cn=+<29d6>)`?o8l4mP29uvUH2V&c(HN4E!y+?>JmX?i@`4H^;zPjN;xj_ zt9ZQ5=b%0-l(#cjX-29SYl*zC`U*~SL)I?X0hc&SUUQp*$p+(=u|e%r;!a_Xp5JDL z(q3zIs-)qAjvgsrJDkPC(t)A4nGb}&cX@-)107LadAW8+>2MSfvGo=iI5qN0Hsy9> z%a&l0L>fwU+ZtNN6?3)XJk-Bn6a4~|yDOd-DLVal90gGY5#{c_QL&7x^id1%r_(jy zW;vm!kj~r;-yMSJDJtif-`_~iIIJ2#ZqaC6-3m8W7&JCw(5x+gqjl=eo47&!IE8qA zuDshGasoF-v?3?g;3mdu4Pt@B>KkEr{TS`}Z}o)zKegXO_Y>O)6ovzIR&c(pJLnq! z@4Y?${{KP$VDy;(38s0u0$;z5YYI`QZ%N}QJ^iYc3Mo40m4-~Q+Ib@kp4m?Z4;vQU?E{eV-X>5gBa zn^SQgNT7-g?81Z>j{v{zH=gBJ8EC%;`=i70{^$^Nmqpf9E&L~lXY)K^-!J~-%KZj@ z{S}Bli851&)n$guB9mEypYf>URlZ;opRslFH<5$uj) zAccEC(o4>y?3jcrZMtd3`B-ZX=W(tkyuNNwFxKtRMZO3lGSC-V!lUwnaPgp}f_TAe zvA=_=4=?1NiQTYIx9X9Dlj+WHkC^^JsY^kWN}?e&!I|@kzp3e)?@&{(CvTyHR$58% z6veAp+0pdR+e4;INzKF_ZjK0HOH9jL>*HJVZEVfX_Q0*>831ps?2w5KWy`Unh@AfT z`lVcf+^X%&Tf-*ONe^eh{rLXfhtp4Y3-T_Yg_wkI4lfZ*-eu|PeV$XMVv-f1Xzp;3 zN)@(sJIOOv1ymHvv(cybuZ~`RdUx{Xe?Gl`_wL;7N7RqPu60tOyhJN?7H03eQMR;h zk+l^{nQh)5ELx-r%+tWIY}q#d>xVL*Z-xOYX?CC2cFuiyk=ozT>OGp8YJBzU_ol9O z0hQ^I14CE_{65M@-SAXbm!Tf4Y9HRoim|$t(L>yRzYcM`?6!zIb=M>Ay_3`Wt73VE z;T=}0hg?1#LP6P*d#JcXVmZS)Rw4OG_E-I~{a_t(a*78i+k@bZK~?O@94XPMNa95b z6yxcNH`o;**rpd{OI+sJoQ;U`T?}1-s(;i7?Q9v?C0?>+B`(l#c4gXi=jo;QK`+9m z%gR2`JvDZR$+fGM=$8d9Q39e+_lU?-#*b<9DVW28s2TuT8Pn9!bihBz+E!XqC?@1- zwYY`+oZp%(y4m*7_iqJ}H;+f|5^+ZAg~BlmQ7z>VSjMb8(3WbT*Ns{(qjjrIytQsj z7Y)=ez$!%lF7C<;JQe1Tz-aFJ&;lysQ)lr72GfxqP1u=bDJR{7TyJ~uexPirq(=2b zP=0hR&OowqiygOteq}hZ!-q|sAp5mx1q3;MyN2Jpt*qtqF5v`+r6!#iLw~dWZn&j% z8t0xjY7#10%gtt1`qp)1Vx_SD%sFE<_ql;$+X4+RNx>mQq18&AD&2&1nNLs{YweoY z{jLQ>{tt27b6zgc$c%=X$1_PzCj>=S{=3f|o2)|)yIz=VsyduvMUdbx) zW2Hb1{WJEfk4?1Z(xm299A;`*&lWinF|CEd)|5&{`kK5J-aWyED?NWqXKa1zY4xiU zSK-(bRE*N4ynyo(tw=*Nzk)@Ee*wP&l9!aB#YN- z9y_KznMbw?w6f<7jL-`JMSx`Bo7F~W^C_1~k%Aqy)33nT<-4|ZLaV~34K;iyE=ri7 zAT=z+w;F1we!U?zQ~}+F8miEKGis=!VyGd2=GN3ufpJ4>(Cf%%W8TVlKHYfPJ5X-7 z<{ePK;evPYuvfc_;0>0#4Pf2O#uf3?Abq@J{u-&_o<1iD-(tWz*$^yHPbbnT$(i8J z-Opg7Ik*XPGm*j1+fQc*%x24VLlc#6osw^j4r$uiSpPptF(g8fvwq%w-<0JE(id%g z{o1mB-yS-g@(nRxyXx=TL#26SNriU+D%bulI2)Gw}kyC zw1oY8J{#EoN_xv2;A`SP`Uk_x{lEKz$NRq?=D}!8-U&uIY8A073&Ur~kl2-}~7$Oh2OhhB!iQ4ULPx-{v zG3X1c-7VQxTLjRk6KE?X$F&MG*8Q+L%X{%u2Z{Rw*t`{LAyph! zKy=Z9V~&hO9JsR=DaxGYaqgNYxO)`(#rhikbbfvsaUZDa`?Ju8^J89K93jfLV{m?a zS~==8Um4<6gsS25^*|lb>j~kyzt^q*_57b7BHl^>tc(8}9SnT_KiYr1|Mx*2!T-MZoU zp;o*r5o;iF;opp|V~FrxRy(gGpw)&a>ijS4Lm1C!MrrXQqT?tuYkp~^O%&Wg{F`N@ zdRB-Sx{8~A9RL!~5L0*z2##zmgxb;OeV}o1mdBUPy=WX#XU;A4B+!~31Fp`<4g@Q& z?alVki}i3rq@3tVCp%r%4sIUt&YR z6wgtnu|Eh=%N&K?5zRjExFP&85Va-Bpw~5E?*tD$rc?xt`;s-`vTN4I*ksyTTUW zMOk|h)+X{mWKVTavaojIs_m%j&YD9I3x{ z!G68|@?GaL+xlb6W$Z+Z)aRp;)Ub@Hj*oDrM(G&Km{wAfI<-Ots+7bR7B6bnRfTBS z_gcbHZTh-6uT@Jo)vxQOsbQiXPay8**--x9$^f)R{tx#L4*dB4-stiE&j)$9{b#-W z-^doE&yGF&wPJ|2q_0;1^p48Bt}%7nT+*;@U$Wb9gn+lQ_NmSGGComRrPqa#JgsOJ zE~;NJp*XwXjNWB)-S5CrdIeVm6eXIX62J_&#qm@p(jtiJ+dq6XUoFtf~ zNPoIp-`;LDJ}&dml`6)8yFkcOMC;o22Y8y7!m8MW(ApXyrPRbdsmk=DQA>o;E@ppf z7jfO9dq|<|W8T^V5tuf1TQL!9}8E6wscVTOjyf z=nbA@|5Pv7h%OvzhyPS%$6j{>7R_OGB=fSmUc_kXxVmV!u84?;i<}hqPxHw?QA{;U z({Ztyimd|tEDwqFel{!S`!q)Cij1Ac4S?E~Wmu*4<|(Lb$r?MY4*rJkt4^NWn&yBrPrOtIWTL2h34Fk2lC*mBzVKB-u&Mqvpk^i5)Z~t!F z#v0t8^;ck(Z%*TW7EOwJSl(&(bDgyHPLg_Ur#6QX68gcB$fzX+zVXX7cMSt_%z!8=D~oIU)M0jFq~h;e-}A*?LC1#_WyY7RqcOoIvjqs|DWR1Q2$jQ`lSGJ z3qB-kkU&ZwNE(VL6pCqw)dY{xtO4r~`cVaN;!36)v2_f+r*m%8r9EWE> z9zyJ`5rZLQkjqJVi=45wSup|iEprVgk)+a6{Rb%usiZ2LCn?%slF2+NLhiE!^fz7~ z^d$ln`e*`!f=B_VuSLp#g!3y%soEjeKchob*Ofbqt=AXYmSdZZnWB{-%24g^-iQA_kvd4pmI`4SQb z65eEMFm{`Vrm;~YwHmM(859TQItzBfir$*uEUDlujnr7=+pYhI&Q4DLv^o3J=D+^5 z8K_>)xWE=6_v!*u|G%XumDL~=(&e>kdFusaa1JQ~dj4xvW@!`?O50)izbTE@Bt&1S zGO16FbrL}wCnRNDkX29@vP@uV7ic@-+F-T^_xErfR3M3;=szNP#8ZrM0}njTDDl1q z>n)$l1|;NzCqO^}Z$d#m`iMwK6ZwY({v$)Z-x{wuQIPWayvhaAb3;T(h`ET`59V44 zi5!$6H4X*lWN8HYf-5r6 z4t>5T%cy@Wab@7uZ^e?cXIN zr26hqT^j)8tg!_vxIqAd5Jhl{LcquIKsT>eYoN84S3u|+dqzdYmK=V=&QbAnzHep?5F!_CI34H0QbfJ z{86?3|InL!KL7C~pHD0PS5gd}Lx2_KaG-X0%0S>_!~hQq|0Td#$Z8#><;y0f5LgI4Xl1=uFMI|l~yF>7pMqknf~a4(&@*AC&q0=DTg8o!Q5{;=dV z?lvEG`;Lw8b`BaIin~30_y^FkHq{}ZhCA+DbQ(CGC^(0`P}Cwl*I zpRWM3$L$N}m%?c|D=r)EyZy>wh<|f|`e@Ff0K3b9D>vBVWYwW{ajP1-+~qFq@pl9? zQ%}nuCjN9*QqjgR?@`S8ggu_cua?5&82dYc9bjII_Z66qMztKwc1Ey)c5C>Dn!X>> zht1&Sob>1&+05J)oqaa4{@p%}_Fu+uL{ENI^)B%TmVer3|4k;tTK&J#=lV}i^AYF& zH+X#}&w$_vacTb5nh#5`LTBTm#g8Krx)?SuZeKm5=y>LWcDHS+r3oL~3(zyIA=6_RXLq@{;}xIzOhP@1CfMV8`t zc_VMZ!13~O8I%0ym+w%JiDTqF00!!S9*P5`cV^d+1*@0uk`&1@`{s_VzP->X6?x_# zl5kU+q-WqVHhz|5p4Fhqnnw=c zHtD z-PL^1g8T60*09(*F13RfTBXbSB5S$C4q0G3meixIrl&DAWKWM^X&Acj@eB=PN$;~W zp4$K0<^PM^%n$Va|HlFK|0Z4~|J$2PT=%p8{}i9Y{C`t6uoVJH%AFyZybF{lsVxA- zKH|SVc&@Jh6<@CjVa852WGjaehpmuo4f@N7%wZ(d<_-Z+?jhHJMXt84fZ^o58j0M+ z3k)tRt@tnR0V6k}M1J0~C<1dPlt-l}0cfY^zz44wHIPvbo&QLc4&5=3x{11}bkCp^ zt#dNPlNVT)r8BB>t4S$#kL0^3G^;d;Cgwdmzm;yT*Px1b>%Epct+g~f-i9eG;Ov+} zqtVBlLB;+rNN|r*AQJz!4j|)ms6r{Q*sG>HhN(8T zk3LwYale0n8u0m}mH!_7udMWst^eJzU%mffGM;|U|9Fy53;q9>+=&2`!8qhjw`373 z>nje@&5e5-tO*p2l0*4bj0hP@Vi2MvB3oH#TWdPgofL^GbQ6?Y?8CFA;KV_++3W$dO7&-Z*MBlK&9B8hE}9>;CBP{!a$6J zC{_uS9aqlrII8yE2--$)DR`kT+n3z{b5wNK`U0Rjv}%w0-)QJFcT?V7tYFI2q1%r+ zTJ^pa^|hPqnp!mv#Gawp_3Cd8buaZ@FU?>oLv>_tNCiKFT50^p8Bt4>@1_fp^5PW6 z2*{d_!kJU}49rZWe;rl)hkSPFf0jfWb#LqkSpfU&|A{-T=KuKP&-VY5d|K&$?!Z!6 z7BfS#Qnk9Bv2e+q-dhTn=&Z>aC>TmQ!-YX0er`4e#7_r1+x0Fg0+Ewfy8KcSQ`w1O zNu;0XEf>&OW48Rtb4Ty*$XX0X&2N7~36#6m{{u{894|jO0Nq$!@Jz0^50V5}wkl75z;Xw5=;Jplt zmS*t%(-2CZKTq~i^50pZXpKdp$K&_0KmJ>d{|u*}_kW+}^9)=;#!woI=&IxZ@UTKL zm}fW&xl~GEa4&W+de4A3DX4D#rhu+c6antr$($b?FONZrBFOLtiK6nx?=TK~&p?dS z9bV6q6fN*O6w1O@|MSQJ;-)YXi#It+AVDdJaEzRu^Wx^$8%9#pdj>89%Yq*-Za|1r z+H;neorr%W`aNg<&-6t6tAAK6PxwFjE8WB=1)w<$?z2SbKHB@zp$|##OJ@%6dtW+i z&HpATUiQBHf4yhmN0^H9aF;J$(w>u~I z{rQ{kUcUO_J7*m}dLO&j|71Lx_|^6APe0dxf0EBLaIu2%5=CVB=Xv^duh;uC6uAjs zDQjzR>Ubl^>wo>{6Zm!S*|TTh=hA~;o@;AliPuGjk#1SCySz`z<)2JgjHRbs0gMv>U+$&zIX zLj-V)bDtEYv}dEowbA2tq{ny06?)uedJtrsAQ%=%a{@FmG(iDg;6PAvv5yen88;K+ zJLArTj7o&~&e$Yms0q1PaZ%d)Ql0q*q1?)shsPrjlX$R(eg25uO{mv5GuSjgaB(c3|$H6;oIe4c#7{(&i{mxQ-SX(5fRQDRC`gdCpgOR%SYz-4(ABbYhn1KYQ6p2_f=P}tv49LVgY=ZQFOuXTa0kN#4Vds_P z)ds|E9uQ+C-QNE77~I^xxO^jq;PUEQxW=3@N_^0AO}Va>Y|lov*O_eBnUu)(>SQ;f z;yRONR9t7$8I`hy>N*n>6}OZ8o}3`;F=pM8G24~q>9ifq z)9DVHEyk?d*_d@J#;jX1W)G%W(yM+Hf$8Vsrz156?Zoe7Y8St*&A4?t8@FynZ@VSq z)}2+v?*hLA5m^eaOYY-w5+^N5oa`deqE_9`YSpc%Rkx&8-BCBz9<`)-w2NkoR&_gT zRkxx<+>%yx{f;yrCQ%ETCp&1iXb`un2AMg-X@zE`LAd%D3};P>Q!7YrBEVyiqL^&> zI0)zr&m(lKPNC>5Ryh*GmV#|)6>J>s#*yF;I*&w2mvTtvNOW^RCSFSg=2;aON6PQ**9rEZ3w{VGxFhF zmLlZBQk7h?6;)Z-$iq?rNAF_rP-TRXf`bcuUq7P?6tE9$DY+9h)@#q_mQ^<#I3nD%TYo!8l<^C~8tXPR_wRZO#Vt1_k_ zph%SCLWOm^Oi7lA2{bM#V=2V3l^~nF=5@B$yo$Z%O&STZPadDO(P_IyH#*(5=xj#R zftGI*krgA#GmR+MYKT{eoVE*FkEYhJHOI(CWGAaBUy4=s9CaeJoq0H#?l2EM(^M+` zZXhU<>rqC7m1H3JuHK6GeA4ppZvv&>1kS??g5r(cZp^p&}MOVHaIH^y)ZYu zfp3leJcg9D5NI>bI@@Ly(`;-IIIQk_z~}*Ph0hakO`9T7lnBNlNKud?PC8kD0Htg| zRec%~>p_u2(QeauG_-Cy&n!D(v#uLqGp7>v8ks{;buALef|a%=v;!F7_#Ro^KU>hM zd(5hguW#aOjaZa<(?4yOXy>0=6YXY}J*!#QEvs2owG0~xR1=~EdiA6)SaL3uXZuj7 z^FpJoqQ0G_?e7Z2T8)mb)K?->o=LqmI8&Y8cG(X8sWsbSX4$Hmb=|2ttxm7oNTA-Q zx?Cp_5;-p-7(?+oiSPmk;&cE7iNs3YC`zcKrmv-7npy?Z)G~e3uG2RyPv3O+^yyS|!M0{Tx=hA;4HK|}aTuuyRVqb{ z!K9t(=TEGr-_*hY)2<9KDQ5>wEew#0C(|FVZ$OuG*QD(L%$hD_{&y5Gs)nWI%C;w3 zOf2@)q^mtODce(%vOQI04IC@0DM`tk`*ac9iVQjfd3)Z?;CJubP_UOhoYM14V)08xC%*}}CyZG7I+MfatPo@2^t zDz14foA-~#U2}BDWhFdzCgxZ+=19wJ`ST=^bhkVT;Mw4S3B7?+o)gs}YXR~rq@ihSHvk&nxYd|XoGhi#8F-@pjQ0ZPF+9~VV_I}>ndkCghh#3sLU zVv}DQ*!wB361raN+&yp|gU zp4=#CiqOm1k_G%QiN&S_gA6UQD58j2XQSER=MOs1hF6)5p*b7Xz32;)Y(cp?vs2p# zWdsB(9ECu3Z6&7JVD~%bPKh_G3(spNM%iXuq2=|=^`esctwt2LR^_aTB^eX865A*g zEb#`#ax2MexsBr4w^4js7M0&Ii;BNFs|=584$rhQ*Z(J@3?wPp;1B^-*isT7tkxt1 z3y9@*8q63;P`bwQ%3?VZ<8~g6H@12-z9oUn@0!5nI~4|Lly2XW5#@Kyh^i#x`$k5TqM{iMn-$sFh^*L<)5gKfmz)k6 z7}_jLBXz_>ANTZH9(?ue2VZ?lB-HO339XdV@*UG)v>)H8oq>?%8z;79#NV?={B1?I zI@jE)l-%+i(`2)s+o|Zymhp4Xo{D9wu+_Q1R;9j{@0g~VIE~+ohRrPMY!y|EBL6Tn zZ1zBRbD)gI@Gvy2n!GC-RXu(f8a9R5QC|+Llj0tNhOJIf=Q2f=Dn-Ncq>QX+G*3$B z!aR28r=hIOc7ymF^Y;vT#7%8JM zJPeIyP1CuwP^GevTWFfyXxK#AhaAE3s$Amk$7RY?Xr=8XAw4!#WRkhoY<<#V& z&D!lh&urVzQ=2-Uc2?)piaMWG)wyRmp7DTFw9H@{0u*n+2BuWp@h#I}8&gJPS2pZB zEno4bTfyF3z_mIMadt1y{{49MM&%1qd1=c70wIaNU}D4I`4+JwKr#l%LfsZ%C8@&64jMJ_*4xxaHcP5v?%uVncG7QEnJe9HM{|A?Kr2 zddO^S$qt!Xe4J@lA7@(jai$d?r#_gX;y72N+!BH!t?~-8RbHn>>emI1kVte!FcgQy zbL}h!qn#ue`;E0R(kwowZ%8ce1!TmKLDh6urVmz%%;n0&v~w`VI~)v~t=Gxan^Z2t znN~c$qFS-Zrq_tFGz*w4dLfuy+h%VfC-&r_Igg}T2@GjyTS%=R_7!Qw0mh=_=qa7&?h z3eJ;6+VkrBf(UgD0mW+^!Bk)UcnsJI)4Y!dNX31WLVu-5oP1bA95WO{-d#W_19QY4 z5Q?R7BEgH04!2*FW@PCWz+i>ZhNHM7Fyc7Q5tkG%uK((A0Ryh(txH^@&|dE^*&L-Y zVu+rByRX0U9B<;d1NTleePM{$UIEb^F5>S!xGt^-eh)-O+k5aMO1a4l-uK=QjL-Yh zfBY{2@iIR%Cg>2u)a!|BH!%eee2=0vc%_C#9-%DmEx!H!@&;Ude|~)nE^ok_A8x_x zm*;P8!R-&=o0s77&CTukt5+{yfESn7FE4Ii{Z;gMBM*)CdINAJuP_c)D7Y8a^3VUs zaBx51ON4=ChC@UPd07ZahosAsHH#d&^wPJaE+HMM!DUE(hUm10Nj>YTV>Gxi>U`C|5qql50roX z=t^L>{GU!n)9U@dzVCmQ|4;JaGE64pa>+7~SF-nd247v#ciM9y$Vi(_u%fg-|xVCa3k&o z-2xbI8~r;9RwxxG-ne_mAEsM?8Cp{ZyoAB3*(szel12IDVpK#&?$OqfYNn{35WpDB z<#vGs6xQ6$GVtW0e2%y>e=j7Xj=+c+C~l1AoB<>L{(!{P;Z4QWb^^W(9%LyBfw;F` za)Usq=+p^FD1~rZ?cWR#max!vM2-g^4N*p#0~;u45-AZx2m(Z@yb{_0m+Sxpza^;* z+~IgZj&mK#z|Wl3LJ}y=sjuxfoKvBSNR|$S6ju63`9TWvff}%rX9mJY&7b4qKLE6OBKe-;m5V|N>H$X)pCswsF`}YWIkTv6kU^$4KeTX> zH(!zqAZ^hYrRYwYP zDJ(*dH#gsNmb3Tl$P?mHPEnR}2=BpNzt4y88a@aJ8rp%7zJU}?Mh)=fg8_>9n_(5S z1AY>B$rH9RCJxF=PLIVnrwSpCh^(cRq$oh#sz#P|UqJzor!4?T}0kj+ZH-^nkSpW1t!vq1CET zvUQ_QJ2!O0O}PYK`{!|!4{)q z;aN~{xd1U?@{o_@3YaAFWv%PgdR~((W(i#BRVrKwLlVf%?AN@NNllCxT@g}SlpQoi z4ysTWEF~FdZ1JmpKN6edeYIqh{JoZJ;)r>y;?3D3fow(PoG!%?KHiO#PZmJ;xIv3?P;aka zaX_y`i{jNy5+BT^6+=Ad(I2ngak1Aw462WhAgvuP*S1X`@#ueak zUvFFX&-y2uBtFsa_KQc{lk1=LIjsJ1KPEzX==Yg?n1c}e|L%b$X1SE&LWmtS%ZAFsj?O|ben}vd%+-* ztlG&0zBUdN2MW_i5@H`8S8k9sh>yZaK{1D@kPRxF-3-jhC`w})^{z^>i_{)aE#fuVHLbU3mkKY zN;e5eOvRN~45XO|Ui|!XiWa{V(eL|w4LXV=L4MQ{uMvI~A!SQ@Hbw}f=KOFf1JVkSF63$P9 za6S!oVfg^ zW}$Ef$K%uC5c#7KgfLhHaO{n}1su+&XgZ%yXJP1hQ+Gc1N2d_^qhNxjquF>A1T%O# zuFI=BR+^8vt;SuJovfr9J*P)|7^=t>v#`L0wnB^A>PC=67_?l6I-Ko{;I?k5Y+0#U z=i9>OHA3X~Xq)dnD`oVB1o4H!$tmNi%qOSFK5h!vpBqoP%NH5}NnItr5o`z99QkEVwptBU>C(S0Q!?4g{cB#KbFXDD~HZnU<9J8G1O zG=M8RxhSA{qU!-s#7;tp)+DBgReQ7t*Hl)hqE5H3zHc3-=7xt*Ra~>sg`gCPTwjh7 zw-nxkJCFDACKCl<$pVCkV($ATB&7A1H<)4)e~&4bf3NUb#JUwAU&NRt{2OsFL$(Gh z*&IZ&eFY{FDGzT&5}T92lwm314XGF7NDqWTB)B$T1;(qpdZ1alL^kNfXjXu);X9z- z+yy*~;RfPJa7LFdO7E9D;94T3bO4#&%9c z-$K0A;x@|X7Au6LC9V?v3*Y_%CUA};%rL4f;XVw*{@KsJ9QVVNB>XS2s4t4WQn69a z`L*myIDrY1WQ@Cd+K>D0?ImB<<&AZYj?82%3x}V7DQQWg(5q@?dIu6%6hS+gXqATFkojLHymZ&F$!R1US8 z$^O~T@?rn1FREnrkNbl8`e%Kw|NAe;eTrZjtPsuTMen@tZ^(!3TQ@aUpqSU`UtSie! zsUU+ryj$G#)5_UYZw=Ij367U1Dl9O7i9C$Lr+T0oo;;I*bMBq871BQ+DH@xCM6V%^ zoAGwQZOv%95l4!&tT+SbN8t9q&%oQ;3-HYmxH`YN`RTlPGd|#rs=EWDX-|kwp;~3b{M7LrtQX z;S`C?cHR$;3$sB%!&C|1`eHGg9nv9;0ntq~1@cDHd>>PxE+F%zEGku7=FfbtY;1K8 z7m8Vm<*z4*1t+{E1p}~#Ny5>(yyC4>MAfVOxsb6RzII_44pjF8Mnu2}v0xxD7(8IM z5`PY$#QWqZr&J5AhH?I>NaQzL7KH}3B$E}Bb7{*6xU-1KyS&RWoe0B2GJ=@uk7xYtheLLB(i8>!rhJ_dN5kd(ogSyrY_ZP@GK^H)`4wAaZm8g}*Z z*AT~FXgH3Es>2^CpYL1z4u!9A7)FT8J=)*`<_eQ&3l_$?WJntiQGH7scTqqbg2S8fhWVes+Hmf0P%MVAcV82iHl2oQMQ4 z5=)GWA1!vPAsfZNLXn0Ie3*A9c9ZoVO?fz1Vw>$zz}L3}uY|Ia0z+_l$W6|eFu>J> zKH~88SHN?;(ZD^VBb~Zrlf_!6O3v5WOQLmt^jygaOyxdki(bWH!Gn7htq<;1eJRQs z?=VBmwlZZ(XDjEONu>MWr4QA^xF6rmIO7D_ZecPAhlHG*@By3 zdxpK%kxYl*HYkJF+%OSuOAAl7(^6aRY~om64@r;t`r-c}7C4S`Cu!kR>Uw9~!fdlo^S2B%lr<)12PfHA8t=)jFSWL()!(jA6@su%RHh?C z=^Dq9K}i~-bblhgx?^l7St`fAXrglt(kwm}71`zC@w~;cIFJ`FxmknxbTi$LU^&@y zgcm5-2GsUC~lcF6YC_W{|$a&|)a+$HsjO_02%l$jQQ2+~b3kn>R_K8c+vm|E4TZxn?A( zF0P^)i8;YacU8c&cLplN)j$@mS8LQrX!?zfp(d5CvXk)-$RaYqblbewc{4$T3+J@D z1WMhsSOMz2fdqb7-?jesEQWdD!|`N347}MGj^?8Pjf2T_F?WNZJ6rgtu0I(MJv0w} zZxSwsa2ifd=cD0xJ_|;tbKgA-E4?I2k@tNI!fgCuiuu4T_dK!L=vnPH+pyIq@T$1h zb1|t6beGj_>4YWFhauGqiZZb<7KYHo?l(i6{g5{IZKD4>gOf8s_%EYCd%3rPnsQ*B3EIuv_HwTxCp z{ZGQMD&>o+6lvv#luZSvv~_ZK@@J0PuVnEnTcKa&i(lUz=P^1)z!!rr)Ls`gq0ci` zo=@Z8h;`^5*~5@sT6;?o3`O>116S(hju$3TwcKC8VGIhJt)Ul+|5@RL*=+V5&Qs5! zoEWmmuVvB1r05?RqAaJ#SQBg?ZKdnCn%ra6muyfjIhDh{T!`2&XN1AsF$lLYT;o6< z=cSm$>gph!pH_Myzme$fxRjxkzl_p`;F6j`6A~qBByTA~5k(T1ILB1JV$6Iqi^YZm z3c+)u>m#v}B+xjEBJLj6Z%E>*lmipT=R}PHy>ZzpT9*CeT~`bqOq**Y^6) zitAC2)t}#A9fM>O90RmY*!BfZkCk70T;wMm7sbxF9+5jM&3LY1q62<5{q#~jCJS-g zR;RqJ^CN0Iq5k_wPm?G)P<17=-paOvHB9O@zM=ezaa3b2k6CE3w;zL#EnEfD4Adka z!WfdvEL>qg`?p{Slb$D>2}c6pP_4=IlD*_?{HXfl?Zv>h+9Q>s`$UyjRvVrsYGOY$ zM4N*cBo|3?W)&t~5P7C=$hKo-JA@RXO^35bJA0__HT;3cjv6s-UU2=sWxXjixOcS) zhK5ll=J!sMcxT6>VWH@_b7h?f6k4s4yc3Gpl~K6AVNIUvc)u`K%qstKqdr)Xhgg;y z7dIF-b|sbZ!OVYCT_SRMvCAAOY=eU%qW&LEGz zWTb`K%Ft9LFPiO%GCW6l4zG#uYE>flbUGF34TVz7a~cH9H8FCTRBwCwks%@@9Qj-S z9&P()eSL1Qf80;xS>5$^AZmG@tha;w>F>W()U@hW!rg5FR#5pjFrq3H*-dKMaHlz~ z2J#?Vy3+4QHs9z9rXn!c9I4Ecn6*2nJK>%=e>JZPSt?#nKS+0ozCxVVb%(^(S)&kV zjln*>?XOxe0{XAfnxxx)!EX?-b+Vw~`Stnh!5jwnD3syLEoEqZWO~tJ?o_BmgIqxd z_*-g|fP@WE7={>S1QbpbT|TA_79WVsGCZcTkR&7hvBPiPtis-Ns6 z%G;dnsehl?+EwU&`ioa1`YBI*npsN=e1h|yX7RtsidV>fs#E{Lr;{G>NKrz<^Zf@) z%dI*dDAo0n5)!_$o%Q5U%BMDKZ?!-8X@Iz~m%h0Bt-qk(adWzVHlCaw>u(q0suQ{4 z-aqUAATHQ=jp-V)VAVhFi+eZB_rwoxDN5CMv-G}bSDdygX8>vBfW}VG{Z&pt%3x$G zYGj z++BFX(QNKb&}8nz1%ksV3g$z1zL`4TA9kh;E-T9gY;f#UAfl9p`Tn~8^1?*gJMMKfO~pa z{3R+sX30RJrlaHHi=&&{5PqefCk>c4z;W~*UW1D&1PYd}y9^Xzm5_nyN|+>SDz^Ii zC=FE(TT^#?t8vP#$Py7vaH^^P{gb}b?+|={dwZqc)OiK^ShbLb{P_w0=O#aycVy(O z>vx)ZrIqcGYGr5fe1Va?i;>SYEuwYxA~L1na&)>273pOt1b1?7&cuP$J9Y1aguWtC zNHr{dKu-zi3e+Y#s$0nY+lwnce)(mza`;3uQJ6F)Oa(^>`15DkzW3 zp9*M=J9TFV@g^-1&;aF0`BHcK$XscT)T8la8E69$kIs*xxan@gGB4S>!>lv`bu=o= z6<%v5WvPcY2Bms&Ux)Qh>Zat-F>1qkQxCbPVGxF1I0@X@e6g5~W`REq&}cE5jwkaO zLayfz7pLLrXySXb)5!wD;m{vXhOi+qxPp+jBhxvw@~w{60ClGNnnd#WkMaE*9EbWu zG>7E`#k1Wmc-<*ByJ>=_`uYH{yRcQyb~^Frb^rfB=pO*KfY%{axy{sxs*x5Huf?-n z$k9yQsoYQzEet{aSncoD5pe*HgDBJIFX5bQkiJb`i(?oB`L1S)LcGfq!*utFA@Tkb zy4oqCBuj%@DIrl6i}ufc>jz2JKkJWN*IoCI`!ej-KkJ`#9>p*Tpl36sG?rCE>FW%yYX0&(6_X#gX^fhw?d+&Ak% z@tLg`mOAby`u#9}O>ezk6T-gDbN}ec?avj%98X4 z@zsraA|J;KlCGsRuW^kOy4vSWLf2*6?z#9@AAI`AP1mB7)4hq`IQlz+lIw{b;z^RHO|8vB5IE@SULK#FpA`z&I(~w^70tS+v@puCA3he;#175vzM1hG7xOJ26x)H z0xS!0+%%Lgbg7SGER8%DdD|ZeL7K&~PL+aGs_!i!h-r3~DGbmRO0mcTAaQ7xc6LRN z+UvzJ_f|v`ok0*I6iNq2fkZ$6=<3Hez+Tk?u5=@0SCG$rZX z(+&)Yl<84-yK-At+<0QP{LpJp1VnMgNdZ-DQZtf}h%C1^33tFR@*7v`=;`ZOY;SbA zqeYLM7&19-8vK9?_=DmS7`?B~SYv*6YcX_t``5A%QWeHOdify)gB3s_7KOSqSw>tR z1r_%_3v6UsnmC_)o0m*#D4=RN;9My`dcJ6-sgj4jLxa?=g_D301xBZWzqvj2eN*^tDK=L>D_Sw)+Lq3h;IzxBpxifE+ z7fG2yG+Lax-l=~&K1JcgpU&o!#pz-?S)8K9XyMIA)6sl59L`VO@f5i;Zw}r02#pt$ z;jAI6riz)|4EcAy>c8=$?*G>T%*Vg{fA9VOt~;8#mHYpPQ-A#V{{N@=3jaec zg%kBvpP_f`M0`(C^i`j-ZG`9wA=U>cUyBR&zemw}AQl+^`s~>=a1+3oufi;1wAbtP z-h(#;yvDR79=Y_*;!qb_=Mv^@u-@yMM2vt2!e)GrJ=y zqq-`erwL=B(Lnxl0I5M}jipqWOr_*GYjbX{vyLu;WRsB~ z3ppiM)RQNCf|fWV}HM8T2sGPi5s#hd|Z8Qe61fOnOA+%VJvh~ACjFY2ek zef+$2VCyzg81h8X7!ZkA?@Mr?=+jY33|0dzTIzL|h=c?Mh|otrsr(uplJpLQBeCO7vWb#bzr(U2W5< zhZ8^o0TBYBK&VszZ#D2aP))rKnFM{Rragg5zq|^;<@=q_2}F$+WeWpO^`2tRG99Xh z0&_Zxy9OJ~o7S@g37X~OtQT4B-Go?V`Wv!6Z`IKV3c`u4=pHqugp*0fH>Y|k+fG2h2x(u$3W`bCpS zZ2nAn*6}@8zdeTcQHzR*kCDK)%T7v)X6JbTNxHeg=SmT3>*0C%PO;k8 zT{OJ9r|C-s!m8c|a?o2xnm3*HRv^ePEJ}t{2m*9vDo#gLnKTwS9kp0$^b9_Z+Xm{W z>KEO>37Twi`~U|b*=1OESMf7eh787ilXy5`N!i@o+%NiZixhe{W7-wulW&jRO^bMP zD@QO;NQU(1FV)*)z{*wcHO{JTt!e02HsV@pvGvjU-(=6iB=ACn|Q~@;#$$Js}Y3 zzQMw6z(Z5w-OT1ybaEQJV5=H22y^|p(pGn5n}G|b*LhI20AdQpv|5s~YmXw>5txPp zl6LMCS6^{1Wznc`mZ@CLBs!`@Xj=qNj*o&5xWGaYRVOZ*&|-s^*Bn{<#ct2Uq(}Kz zf72p>?!r?DxsMx8n9JPg9(st&WURnYd6Ol0QrG~bVm4@;Z?h+dner1f^VhT7G{BH^6{>hyJJz-jNe{D@Hp6{CB>Z{tJGhN!E__c->~x}iNyxUVGYDN zTlYn?dW3jW$FKn)oO)MgcrKN*nft6bEO%pOra0^Srb76rxgD+c+^Mp&CB_>EnXBG3 z&)l?T9tU_#IpKDB!y*0yS3$H?7U0#eDrz*Z8`o4ndNpCu%EL|)U7H^aw#kM!>S%;;H% zYA*ozzj%?b^)*@O4+cqmUdf*Uc))JBF(YIq(ubNmhh2A(XKFbK9Ck&#kDDp?LCf^% zkS-##CVi$dk3JJv;0R0mE3<}T_RkMP;Rkl0>$4T66iNSMfyjlTmRF}2)9Vedle3Fc zBV4|Af!FR*r8B;F$R+e+?f5Vj6XnXM`NN^Afel0UY4$0^b#!jeUdQbS#J-W!;l_O2 z_2yExetnkZVv_T?JbyBGW#87Z12NG2L_)z!X7HS04f|Zf( zvg|XeKm$P&`z@0aB<`TK5{xA&zugA$j7l z;nn86+{U{EfuHZk|B^-=+~nBM>p5kEaTaOTqkqP+cY0Xo7W$vhV-3*jt~rk6k}&t6 z%f=tQaV(79NJ%b(5g2{~#QTP8n&**;AN-`ps%34Zs7c8!A2pNys!0_)gW zwa(Li#?eLufg92mIk+~VdA*+&Q&YR1eSsj0uv@yPx6}*J^tfKBi5keW`00L+6ok`OC!qT%zi{yHK5m7WVhc{?;9p_lCMg+;K?gOPMzFq^9X7}25S14?4Ht*rTK5qTljunB_ct99r zzxw++A#?vv+J8n-iu<1hLGK~sy?t8Mq#wJ1gdj$$dF$s_z)i;i9PI}_hHq@Hbkh-r zp3J1$-;tT`E3oB{=WH*0#8MMsH&8rHu~;LDS*U|oZk6Xl#k~@Ch+MFE6gx|j5UgG& z0Vmyg_#BS|UHCVk=Z#}{q=`1^>viw!v%gh2l!B*Gk10u(*B!4NEDuUuaT{{!1_Yj|ir$bs8lBo&2W^9YTk#+-~V*^Nm= zI?^9qiWAU_Ds`&5zfwYbOM<7jDfg85jx3dt37AfYMw8$_ttCr{%X~ zH5uI;{L&$Yyc|cvZ>DB`tv4An;SY;@cnBxhe04ZYR*$o7twZoymG3o-hc%WG6q4xF`yv$nPGb%1}H3c=?{Uv+h=fptoOl=@{rf zm$$Sp?nPHQI*Jw$J3r@)+hmalwH2shC(Zc;aSJW2$;Y|$9H&*ftK0e2L7S@+gKbWr z6m6UGyZYI+E%%$AU>l|EzE#mi^!!e~{wizJHCf|5-aokYepbSdTNGP!6eo0SA$fW= zlb)**W`Nv>^6#t3 z@k6;JYP57}QQ@9!{`x&Q*JhEJq5iSy$Q{KwB{(VE)19CL7#%w>n%t(kCaBX-y#}ig z;?lY`avv~5NK+|G%oHy}%+-`sz+TrhKK3O5A{<&%Yu|1%jI132rC|+pfumpF1yFB( zPzu&qEW0p5XBJgGZK@|A{Ec>tE);#mBkXzgMqICmdU7=&B_G1z$Z}csq0!eDMi_&% zlUbi2ein;!oyL8|`)n_~?o<7qea5H>C4Ho`mZq1etf@D^+r&sB4%$9jt@3VKiJN&iNLvX$80`SF$(0(VAaMEu_l5e95;3VOFU=v|ks`97ev!&Bv z97bFUDD23;Z$$sg;NA+ZpWxE@)82_FXlZR7h>;hj|mH&fA=dKd*8?^ zD=s0$<G$SjlSK%KN7L5{Ls2DX1b4&OaWSZiag^qbQhg zrWktr=L7N6^?D!32WW8JaIz$LTDMBm!9k3)#Ul)rjNJ}MgmUg_XugLg@Ixvxdz9d_ z1T_%vv}WcoN<9~xxe97Ck2xfUl(Hd*l+r1TR3d{^ zl1ktdOdv(iul51~!@dOSldJxB>K#oJwH{e%@u;h$;ww3#kdW*K#0g)>9yc@nC#1D| zy|KGf=!A3HgfnGYF<9DR?nLs6!m){HTC7zlqEZ^-g}O!=xYlp*U#r0zCa;B^*#kPP z^2YX|WkzXb7w*$2^3giMWkv?7GF>|%xH!~!xRtlT#;g}0n|USRNSt_HUW0w8EwJh_ zPdmC%Tk#f|<)==`EI=BVdX=|2XQYl-lnOsvn2r*`NMo(5hk$)@u>W4V$BZ}Vze5> zIt{2r=y1q2QMTuWos3JlVJAGuoLnj<=tVU!1(R+{K~}?jMd77;CZUKI*gN5fM+iI> z0{|1sY8lviK&HvE7Xa1CRILu7A@>ZFGw0f@+qjifT`1KJEV~563WdHd(j!w}0^t;@ z**Jhm9XiQPB&Y-g6otJmG@S#KBbV^^z*jm?H+fA~0J(i?Kvfd?c^I8EXd{`7L2vxe zG>#z^K%|AK`~pXO3yqmH53#ID5M6ZcswgiW3Hy-A0tKA};Ew7%Oi~(@fLuiZ3gTy} zDNa~laUnB=58GqV%t-BQ-?{)~ry{;7P5a^fp6^~$mhWI6kYy1zbugtt2?%G^r)UdC zy9f1k;)`vvOg&vjC%w*Oo=k%!%hRu=0%97iRns{=C?)qa2R|S^0SPS$_)T~I!(1Bl z7kNoK0U$DYYf4Y{0g_7*VDwLKDh(P(&Q%xc{yH#doD3BZua$I#zH*zwY|4$w)FPM4 z-NDted(T`A*~*s%T_aKTC5HscQ%6N#XOMM?%s- z3eJ|v?{#e?W=O0`vYnpu$U=loqFn*F_nksbGLz&*)FPQY-%rZbRv+jFy!{w-$PC0( zptn?6Z>15_VKviVX$2FDd5mi2!{FSF&b|Vv`O^{da&%-9bM(b2cD+Eclu)HaeiKIH z3DWm)}rV8HS>2Bq_$NQxN>Jo?B{tg>vh(V#9 zX=H*Ec62Sn`kFudMGO;Y$t@9P_hg#FCEMqN*Y|#8*EGl6n5W4cM;J|@JIz9mABiA{ zqM}u|ui@OluqVGfNMotv_MFW+q>;AW2!~*8>;#QOLavp}!&&vClSe48AK6}h z^0x>ZfBrTjtwj&}n+=gh+BHGipT~!yx0k%vEvaHe-@5G%&@njfS=y3TUT{&{>oL-* zI^M(zMp|%IN;?eY;TEXqyBGEzEjNOx+F@JlE74@{nP3#j`y^4@!z}DJRI7J!4@{Ly zLj-&hEREj^Lj)kH0Nm&NJbD9%8irvyFT~Zj4JuL(!(s6le|dHrA&gdi$>}ej(Ii%t z#Tu@hfhEGx^D&SmEwIO-DXWd^AF~xID4^0fWhZIL-q;fr03f?c=5vx)(J7>&EnUT243QvG#_s` z1N03ZDf3j0p$z)P*$*CA3WFL6+4N+a^-L0*rbR5VZ6};!o9An`H;kzs83P0_2m_0~ z`NwT+xN_5BD(?@wT0 zX+J_+N3#6p7EOi}Z$~;rmFOGfqtDo^hxqytEB>&~Z@JS1iqZRawhQQ#RX>cn_RLbiTu6rZ%b|_gSt*jx&Yda6F_i zn`uWqb$!U%_+RXvgh{MVHVbXp4k2>-Gphp#IGl|?`m1n zJs(mfchZ=_b7#%z z1JY=LYLKD189(60zMtWtw{YZ@;yYdQ`6|q-vtLuP^T|Q~V#SHk(3;6#v#J zvL=Zo``GLusTDo}^+VODtit}W**>LZ6MOm(^{Hh?VDiU54f;8f#eOb%l8zqTH)8F- z*~!H-;qtPBBe+5onw1h=X9Pf3%p5YGAh^R@oFwWbXIG8F9Zz-)IwwP6NZ+UgAe1ZV zHSCDs@Jy09r)MOr__U&jjLG>JT6v961F1hOHr1hP*J@L`zXAEnIPR`CmA@^Ioju>u z6VUTG_+-UXn$#{K6MeG^b2gDu|1L-Hh})JIzSwQ{Km<$1AF2J89JGEPFdCeJrKS9- zMsO}e;NfFz(hoN&*=b~bXZ99uT%%pw(Ap}a9Q3_Vg4JhcIw_svu6ABI)$z}C0hM}A zb*ES7s(-ALumv2`EEOcJv$|2=TtMxiUbV|fxJ$~o>*RLV@-v{_ z%$WFFhuW9hK^z|}FxLm6qv*KLF!-u&RTvop^f9HhXxTheQ?15t$TcN|?rDS<|3iTPu3mi%MH`~f z$dK)C0(uA{-kui=R)Q4_)}8J~SKE{ImDhyBMrW0Ez8(z%Sy%X;To$Ti5qrp@20)Gc zr7N)snoqtQaz7rmNzH!O3P<-PO=M|mugYHSQ4hKnICWajWyB_#(=rDPgH1Rhk2eWK zLezp1lyoRAP77c%|G%mBBMI)#nSfwbTaMoUd^#P|Y1v#+ZwVIPZ6FsSN!6wzw4{F; z<5z=T!|$nMfRz*FomLP&=G;%%b~<>T`|YvV>x(H^uz>VocaYiXJl1Ydr_r~gNpytj zkmNiiGtelqa0I)ZDq911=D_iTh-7^T$*#hAcla zH-X=M9CHvpX6COnF_*q*Y$U5?T#}Kcl~wAyRKDO(^&!sq97tTt>3MWR;o4;6&!*I< z?vBydFc^Mvmvgp0M#sRv%fFraB-W*3Ehf7bgu_t27mssr)}wb|cRYPC(MU3| zbd#%ZZY>jb{pnu-)hX>@QKjIhUlxECSuICx zbzCHpx^Yhc3#fb)F=hi{BfQTvg>$I0iLf|%hE-pqZ7|`A){j8l?;2lqhqXOpn>LsY z9TboihPq{LIIo9arQRM7#W4^MN~wZwN7g3U)=DVOI{ml%+3M(mRK3WV+V5HEZU9^D zl{NTb*LsgO7{jVtV$&pe-n?FbX7@}vne(;3ko9EN^Wp21tp}jT!)ZN+fKMXqGeGNP z#nFLmx$YX4aG*778b(1>$)<*+zVHz;ZE-n|bW^N9g%Kz|iMxk3rck7q9GEEiD%7@v zsEi^FU*71!I^QD%iNE%@=zT?5F^LVjR#-UU3=Ndh=6O{Ct&!R&v$!EU=vtnDj9W;` zBB>4c*GMD(26>i4z49i=d|i@TY8gYu=&Z60sMyzF_+@u|Ad*`Om&YwEL@{PvEyjJ# z^=J!~;$ymb&`F%(abcb$JTQ5m5i4MlwACUJ9m2zN6QT$o-8*ss*%Sd zzvo+WB1Ia=*)h;wN_XRt7ll<=OgdgtVz3>X14q*hM$^iQZ#+`!49JawztJljPi2Sb?o6jH$FvO zxK3fL3dGC$X&8|G%sc%Kks1&%Q|D`iYcm~$xWoaHM-w*(LxM*1!@Q;c*hGCgFRyGS zB+FI6S)}Gb&Jf!nILi_a_W*-R^9q>=UD8J?gOuNlUq$Xg(uc-fskuZf!el-Lg&0!9 zjCEdanoYuWS_(bZzJvr!zEkY?`1?9xN}|wccBS_k33ISMu9WwJ|3;;&Hz2Ezyv^m&T~@{PF2_A$DC9~0*bl!n(P z29p{hj~PZrjSqYBdWwkr7c8}gny^@%!qAl!77B{X|Lk6gter$jwcL4$GOCLDYvPFv z1dB%AT5Oz}q*%nzabcW>rP;TROK=PXD@oh)6R74 zGn{VSy|?1z3ZArxa;bn@3Ki?=Jr9$rvKC45Yn|B zj*b!Re%SAVgIf${% zgl}p-@W>+*b~@V$-5a9M-D|VIh)9U~W)1#Id*aYC@Iv*_wrcgJo4Ue!JuIv%lVXfSEd|7 zfOM+5uc@+MPN0${hg{d;P$mb$ot$;%Z+oSpEXqWu~I4Pww4va^a zzIY5296IH#pKVb1bz{N3FS{egwQ z442ER$U7J8;agf;ydkVLgwa76kMt?GP@bJHGHb9sgmIjJibT+iZ9Pi*dG(~bfJqs8 z$Yk+;Mm=oDeV|9X=iU3={-_`YR&9J>!z>U;RB(IXe9~oMMivQBT>N(We)eLD8l~Ii zOWVq^ZtTnE8V_1M_0P--f~3VwsXPT;ZMcot!v}|Se|`QXE#`j_Mu#sw{u`pLHV~i8 zS1B}!r%cFxRl4})O_>GH5BN2l%RmsqJd53el4%Xb&kc>`Equnx18&gC7{1$ixMj|3 z^}6ixIiWd2nc10aKQet^iOz)j={n)JVkY9bc0HEa>Ci_I2=up8>En*1G1_J4_IhVN zbocem8Pwm>`x=6oS*uGvrc5$n@+id8p$jzhodEk9pzon9$ME@!LmOmt4M&l2G$BV=i&J=s*gFI8F zcBdxImP`;0c>$)fsrD0(?*i^i_;!1Pv#wz7NHMJ_QYFc?$L{$<;*7_Ih6yrxPV#98 z{EwTf9dY$AaEm4<{kcanI#w*`J+>?q*R(o$U*WEeWTyjW1A8VP_>pwNu)$!EnKvb~ zy@K0n+p4(7!(fnSOcH#p;QjZLqUNkmrd&CReRU_F`-5%qvr#eUw4ji{2jc}7A%q{o zSXb*DTul^~P;iJcUpeJRFyp~$;IJWZVTv%+U^iQNxA8WJK%1ig7&`WN)rH=Ljhnf@7w$Xh zkO>5DH$UH|lwS8<%YqzNQ~V->Bqw7>03F@b0FhgbIv7uKt+(K_NdNjZYn|z~f~7jz zO5Ho^X18v~h1Kn$ibqhI0G%=FgdYGy_`;py?LY|=LC!mDdP-3sGXER&gZRySqyiNv zCAyRAmsZKdtOSdd=;FL#h9lo6@uxi?gWVLGt5zGGa7(9kT6t+}RH|xkIp=Dmh*-9) zZaF(56v<%-`xB&W{c;X_k3q_3cT?nB+-qU#GnKr-R17T@>fUaEu-vU7Cw2bFK$oS- zT>qTaYuLoe#rbr2kL=RnzHNBr93D_@ie?Nm059Nb{#t9#8hFMU;6Vpc5PUpD2gLkx zgbyVN7);1LpJCx4)vyWk6-Ehfp|q?hbyn>3^@C;uIaLlfH>DyIN<#hBF-gdAE2eI-o! zZ5%+B&pc?^pq9AM|I7tLz`*|Nky~+h_#f8lcHjgux-yPg9l00Om~}Zs7sT$o#b(8% zw=A3qAFlV|%3oOh#5~VLpq}0lMe9^&=lm2iewo;nddc`ys}*!qab#XJRKC=nz;}mz zR%<&-5?6^|-+s}2H63n=q^LN;>;%RBe*KI-DLy!46 z^9OeQOE=Hf6@}8SBREm$Z2i%qQBec=1MD;x@e_g%vH&yMr->Z*Zuk6XNE>p{*=+N^ z4Y&g;dgs+-vSC%6kMgH1osm@!;IAA*7>@0eY+umXYF?JWy@t<-=P1SHs{Uj5ybPUj*NrEW+ z4p5oO{4O7jX;WpBR3=X}-0x{6Ss%>j24k~A$-qvun#=OjUI zImWo5=ci94ivqJFg`yHTFtF${fV-MtVYgehauqVomlHvUmHp1tFkzuEl2m@bBQ)~J zdf&t(dx2eZ`#ROU{4xJ!`IY(z%t)+uXh^UD62_8@RDJhCAMXGIqh>w#sIpuG4>RN- zdXY}H|B+FGKpZL@hcRq2cE#kbK|zQ*l58-qu4XyC@rF^i5d*FMVTt3Sf9l8jsLOvS z7Bji!l_(j>t;gLw+ygUJve-V$*{(&>m&HNS{oI_#>F&|gKvO$PCe3H}n%tPZ=u)U!F`}48V7w)-Hw;OX|ct<{N zJw#rowx<5G*yv&>0G`BuCs9!6Fa$G=u|eor zRo1(m&UwLO1Y1Flpz9R<$;>(PGf=)^I!B~Nf z7KKPT55GabzUfXj7NE6y&>!&tH-lSZXzBkanuyZ zmKVzUylEjN$0zPMOnn=I{hH)$#Iipd3SZRP?1Zo8!(e32W$faQgfd1SU=_b4&^=(u?wPh5cYjC208~vhe$Ht4D*VTxxHP40Y+X$l4~zJvfaKZ z9Zws&HXk}MVLc4TGx0RJYnzUYGmdwiNv@~zFHfEkCFdo>$?BjY!QeStLnI{k>d#nZ%)(HB?_%Ow}spc7jg?kwnIEuhInAGP6lcg|_56TTB~ zOPrbH+%IL`T#66I&oP()kQ*+u@sKt8MaD#q{pAUd^yXGGqH?f&)*S4@OQ3-buB=)r z5Un!$!%RHS@k>=ebH%|O0Rhdb`0Bn>S4Y`x{T4J_#ZT-i^%U}a;q*Wc zJn)Fedf~2RrtN#ZWb8;4Vmv)uUb2G>rMvJ-f-1$I!^`8cz{HS|%IR)JQ2wv-(U00d znyrD5i%aeph%ofp!*|Qdx_5^&oZ6mbtB%!lt`LZnw`T z7b}zxBLjni?Lsx;dS-LJnYR(PYThb2EufL(zI!J2t5v?b=EDz;5y=L%W<@iWZFdxZ z)vP?n&gEhJ{S|jrj{u1)n@c$y0;*?ef@y4AnW)F3_(Pzj_s=%&PH|&rBf#4M4{}rYoMcNWi#e^E8?NvsdVEyOIyd-(QfSXgcu5Z>Kr{lw$(!A+iJ_sRl zdFP3G8RfBE;j zv-BD`7IaoR#^8tE;dSW8wchcxub@}lp8IS!!{e20PBQobz|Lem#(V4@$UnB5JnXf= zuK<&GzgnK24Mvs-caius_?5JuZ8ypysw~=!TE3hT{AJyHCVD4-KYu}{H(Ws0ZIr6w zD99RmXc#T(o^;XBA^wE5DEKS#g++PCk2PiYz|rv)FMlHl>_F{Z&m-)cNqsHoZ~{IG zmgW&L9M-fsQN#Ah(PpOs_MA?_J)zQ(3?5x{lXFY?s>tf*{WqUCI%8$K^X0$(vgdRJ z^t%ZEoUFDpcAVzh$8pZFBb|-dn>HDoE#|BxHM^WDzl>~ZyzB&fJ z%?jUt$R+n5WE~G3K!!&V!{tt?@&zpjNo$yyOZy3YStc&N2~Gl^N}2a2{&azLGiC76 zyWAEo9t+gtxivV@<;cU5Xg?B7c0*@&Sj4iwJlv_7OWAm*wOieqRE}9%JNGf_X(Rjn zTz~Uta3v>zgp^0TPM0Ylo6c7af*8-3_rH0_R>^t{zY&+&Ieb(YUm((zqqdEetMU!N zT}u+rWVVb;AGzZ9#@5Tp5bg}G6k5#acPTOF*F(mzp?kh6(Xw->a;2FMt~ z@~dR|u~#g8H~@Gn>i2JLF83DB)4&d`A4=FkNcWH$oQiw0t99kU^g7>~Ys>Vs{yMHO z&i;ciG$|sT8P@;u#KG!EKO*6ZqQ}8co`b-Tsene*Fi#G+vbb}5uLwpK@a5O zl@UOYK@#B_v8F7RTAHo3-6n2BH+N)Y5+5IyDb5U+aCQ_Bt z=p4qr;2sW;Iqn$K^jd_>N)nI<|N4*P04At#71A37wr_aZV=!HPx`F@Pmb7pccf^+&0&PxJ`b;F%5j!D@$rNe$!{#5g7OstRZE4jS zt+V6kVEf%G3EhAJtx*?hkh;mws0*?s*cxK>+#j2nONzm`K6ftBYxOG_DUPXR zg#9t}2r|AMw4;hqgy%7{w;hs>G4b-z$Gg$kLO$26GfH|f*7tCuw{J*UpaM2j;)S`} zM)y^#q`hv)(U%WXI!fG{*IKQ?j(2EiLsaf6a&47;h`{R4MdS*hiIs8YsA>1&`i*@^ zw25OaH-+y=lX5LxDtUWs)2tS7lR9rSC_8zc+dPc-yN=Z_}6Z`3^#JlKCUv(nkwpNDei$E z=gqD=fi$s`nCkC0vC7vsvF|q@$MFuk_PtVV%L~2FD1@`JNGzQJEU)RRyc!PWem=j|1&SJYwV1`Xdht6@{Kq$46}UyD{IuRals*p|Ok zZOMIFT{(#x`N#F!xGZ7^$d)fR(MqXN6e{}Va-pz`V)*g*YeVokavVd<5m7RoWkSj- z&=}Fe>Sd(sOX`D5=*68gdJEh1yDysELOf$Etz(Jd>&I#Qx0lpoxiB?Z zFcgT$ZCK8Z9g_y3D7?WQV*yr(F9jyMi?01VA$--nPZ#L@fY%I;(bf)~NsKc|33 z&%e)al@AWUzi;Zb{f06jks9O2n=iA9`MthAfA_b?=a)Y+G%f24KK&$yCRZaFcLe+c z1AsK^RKk@qC!4i+7%H=}6q1i4uzEm;qp+nzQYd4&AJD`z?4{J^mC(rq+{Q!ar@#B0 zMJJ8=&mKPGiHOBfUA)>1-dL8p)=#Vr3#J!4*ZFGNynCiE?F}3sC+zZJdwFuo2NXCI z!~aL;lcQ<#IJau~sKl8Q>65d%*}Ze}#8J0&vR^lQvhTow^ukg1KLIMINndOqeOMQB zvUaAndb6zgZiefSE~B>V6V^=gcA%dmDn@xqITYXD?edqVPo)3fCmj8YHok3_zx6-y z+q_GCmsoZ=_-WNFo`#^dOIN15)O~JS+kASKFKY}smQydZ`70BTUn0sl*$f*BwXxrX zjRM*1V!4e2(JI?Sd+;x==Qu&VY_fX3*;E{#eVSHtdK@ROp8jD#{}Fet{B14j1XGv( zBR*N&;(Y&TnJ_1gF2{5G3egrda|NaQTCGVTbQQok-}&1O>cH6aQv-y7;#Bt(b+sc zGNF~ot8Ox)rZhxkx$i6S=1nlDh~S|cY|VOT373fnFWf9!>r=3j*< zDc{-L{B4Gw$MT$uo3@tFH`OzW0@9{ltfeF)M^AmD%Y)6tH`Q#p=OK@z`EBGl`T1)_QiY0?Z|0w0B{ zS>mP&YZk$4=NW5jyx4GF>erp$%#K>UQr$U-3;)TM3NL6=uIvags9-L_5NUM+2091% zRtiW-4Tza66`A*}y|9$XwxZiHYTos`o!7Kq8vx&l?uX5qBi;bh9JFS`P?C2bzvNJ z=;Jt9^9GJu;b@gh6*ngYF)DUXgcC7bItzyPBtP^krc9_H?i+kzdVEN%y7Bq+QPI(f z7X`&ak(uXh~|`o9e>@7sPJ zY#%SaG`a-beg6FnZ3jMAhA1N58j|CZpLP0yG^|W)PAGezf{KPIPf6L+h$J+A*-+cH z>%eAc$m*&`;%aCHw5JR%g-7Q=DO66I=sI{M+lJjw>M+YppXtn;PrL)}2B$7$uC?{o zzpHEAa+cFDnmS2RdH!`7UDO=$c%~Q1tOQPe&Sqh3%p?1I$+Hv!aIYbm1o8x@at8iI zh)yO?_A8}l`(j9xK3w;fA*g{j9o-n*)>`@Xo;Gb`el7u+ha z#lkydMgSZZDN+d1X$Z?p=G$iBv2ZmV?BQ-w$>QFwzbU9!aI|ZBft_gjNoipkl3w6N z>4o;9!eS&v3426j)7C7hKf*+e8IX19p^E^uqlZS=L%S}y_U!JcI7t@iGp#=rhuY1?`O>LG3=aYl} z-oUH}5M4t~nY%d}Zhr1{$_&kkG(WnV-d_gS`-`!jn2ro}B}lM;h#dd-xPd4z*+l$3 zc-RKmhW)#^Hz@tAcq4D*3@wxoyFTE++C{|yzz%~#I$Z{=UD0JjAsFSp&pp}7!sdtcn7PrSel+Ds3LI5=@j0`IAMP?0{lA5= ziyMpP8cdABZD2*lf*Os_CNO*k`PIH4e$91oZpj|=$5kO6W?%oXB_PsO`u-V8heKib zLnCRUKBPGU{ldbKpLzvUqq?=2VR#jm)@N}(Ct;(^^l5HmFf(EKP&-G)!4(_Zv%NJq zm9y0}Q_2P5B?|M>XjCIjC*#1j#k9wFsY~*|o&Q}=qyc^5DmYYEFWmxej)v2ALCmG% z@G=iNCo{Y-x*JaY05}^UsJ=5`vxJ9Clxi%GC(d{(v3E=BYNZ|KU{|7$kbCtrXP?KE zmP4=URj~hYdk!IDG4S*XbLFctf$j+F5wb$x6#@vnavvpJE-)9U)x>l&VgT}GylmCPM7oe$;2*UvW?+UX_e-jz%Z863_ejsqR~Q8Ir3A(5qVnWwr6 zT+J2xj|d{&}0VM zR=M7p7&rXhX+n+DNLEQR~ zAQ%VsX#MwGE4c7s-du41*kDn<&3XCbO~1R<>PFgXZH^xy^|)>XygECu3cTeC4Fv=l zm9uw6(3NaKk1ZB(vSMc+jXn+Len}l$xFR!foCG?Qn#9 zm0osOwxl=`1313nuoi30o9Ja#ntbnNm2ni=HM=E~A2N*Xi8Vhrx;1%deP$@Lx41n) zGc4$-;`UIhZpL$Wow&g_46l%{OB}z@5NH^f7wo1?^`e5O)OhuLCks{%ED%VpuvWp2 zH?O9JRThV+?6eY6B^N8BP#x96bSJ?sC2S9R{?OX^Q@hGS6qFi8NB??F zB=&NYQx$t7OhR>m{@PtPtr)?*Dw>Aao=Nc-nrG-xT-lBwu>iGY;5YIFShaVcqe|eYm6%Z@MoXMfVMnM}!#q(>A!m^h2#nFjG0*u(p zUQ~B9x_#bWq+(kB3U1({Ma}f0i(FN8v;6Z&|K*wviv)MYa2EV8d%kG}D9Dt`qb_$qh?1QSqf4!dHN( z3=;r=nDi$u3ofoy1f-dq$$?fHeCkhhT%~@14nh4oaO6BCse6w10sp0K4TS8Gp$3W^ zr3~byH7tNx+~^dOoCrM3I0{=*Z6@q5b(v^~7+73fwapluo5Gt`XCxjBaWL^XH+=%z zY>|4337n!BNO67626*-&ruc>iic2h+6h4e`FWU5dfeVL9Nb!(3<`Nl_6@(~vRdN(H zbF(NdGr0)0MRt5s>6B&W@N6kF88nM}z07^X+D-B~=RlNZb(mo})JkrPqyy%XF*IgW z_G+eOqD<_iIkZ%&vRdrUY7u!H)@inhhka=1u2?|r$NDyTKoa9l>_lZn_lB>} z_tg>B6(Y=f|6xw+sdXf}6gP zhWdQI-^kJToHBFlaY2P-LeRq}#$nv%FH9j7)b=aHrj7PtKe1G)go~`Ka7Jj5UxO zYciN_Sjc9$#vtzSlO2r6PEAG=Y@C=pNF*Dk4u-0JexBvMejc4&uSdpeT1HNspD#9* zzkb`_NWc*2kTVAUFTUP6$dc!a+icsmr!{Tdw(aSjY1_7K+cu|dbJ{j<+qSv={k(8Mf7323GDww!m8HT82j!v)wnebvI(1DAP zW^*0+%&t;nkxAMY2@j&Vv%Ss_1)hjathGHKqp$I{a)`qOg!l|sQ6yH^4tvXu{ z4bZk?hK5OszGzljpj&qb&=Qm3-qck{pzH67HWyQ=?g}M|nxSfOWLBj+-IByX!6vK` zRE+&ji9~VNN;ITNhX=D2{g`2~0(b-)lZ_=neW3<7#7a&3u%sx#`8*lD>%Q9!eGd`w zaq$RDhqoF}Rf$JZl7x|HjaxNG8%Z4#?;#XU^7oFmHFoLTS0O{lQr{{Ak-?cXT|hiV9I_!7alKRjGKT zOUkDfk^8&c-!PY5zV_K`+21zaTj8p| zj145jRw}e7Z6d_R`=|Msl__zr#JrX}xU)|`y=%8-(h@&S!@bTX_@~YM_KRRP&=$}8 zQH6UmRX4|rQ{d(L{Qmsb^hPU5hj3h?bpQPRo)i#mldzqye0$fBI+uTYxG`Gi<>Ely z)y2K$dvkicfBW)z(vYf}%6R#o7r62-1Q9_qyK7h(UnQk&LM4WC2%Ih&YjpP%(0;xi|5w~jv&f3|WBq_q;}$IX?X5+W$V}+w+gnSt5S^RS$H|oD!tQ7L@krT$3!rjjmrv9guQWYo(9HJ-5|ynx6;i2nilm49tg*;A@u`yc!SfLZ z_H9Mv^4r^${8pC$ue;CZuAdj@=k;C1_)(3n@_KY@OyeR%x z;dz$oeI-Zn6y1kS7vvJ%=N?wzHHdgi_+RYUv3u@K;q>#Y>HBv8*FCPln#p?^OU+a2 zZDHjS|B*!QUE%c0?9uzNqt88;z-tz<_f+inX+-mH^8+;gTYkhFZsC8Iy)d~1%2R&4 z6%l*S#qys>LP-3A`2&`;I|w@}EiMJ`_&B+UsH)sWQHA=&r@i75DI8 zN#s5izQinfPQ59vX}%2*d+)~b-wYE|s%%nyJ}=qJ<-Qb7zt5U}n$@G%D16M8ey%v2 z#zuElO@GWDeLlN5_*xMldEdtJzewcnZxbba|8)0$jOBkDCN|cyVttcX>^+|My+09n zy(jj5jphFs&NWFC%l+Cz#>qTG_wz!xRPhFj3ssWJ1u0ShnWF-EX`lf4yRy1u3Ub2g zcaJOhia>`b9a)l)hBIcxfL+~9k^D)1?~Dj*%L{eLp&Hu8`z(49R&JeaaKo&8W) zKIyv@MLcMI+2DP@%KvIb?A;v8Sj(-UANMLt>|GLjfm_5sFL9T=`Mu9QDV)B)K{R@$ zj!k${=YORm_D+fAAD75IC^SxqRhsv(#pQ>yJa6#4U*&r}C-QcQyD0ITDpFW>8eLQCMyie!ru7p6YO5ksh$XzX*KEEl| zoVjT5xL4Gr`9<=YjD3`<;}R#=-RR(8sux5-k&wSJ!W-(*Wcas zri``49luxSeWfGv#)@t4xOhb%@`j4NFu5+fH1~dt;rAToNbD-~puSJ%d7U8i4hXm~ zy(}Yg_FjtNxBM=SUslYP5+`}btSMx?!1leKpwtT z&mY~YBRk`fUGtH574Qeg=cn5b2OSkpwwrtct-g2vr@!_857>ydlh(yyxpVM@n4~)9 zo}V>h>N8<*$R=WQ%jCpH6q{WTD9X&_2m*_|T22AyI2w$)C!zbY>$}vg|1ZSGJ#jYn z+LjiYzM8zo+EM?Ju6+V%NUhmOQCN+TJ)Jm@(6X;0`X6LV%)Oc|lwuOjpe94;BhQud z!h%RS1L4cyol5U|6(uAYJOx(D%!))1Dc#5IPD9XquHU)S-y(L3XqqzrJIIB<|$% zd3==R^>%M%yb}0beMzis{lD7U!=YY*p(g3)i`u#`P1jm~DfSh^rk0KrF@~4W=4OvH zKzar=Pj3O?V(_3tc^T&WaJHLIrgtY}WD6yl2?HFqU6SYEm%KKa+}Ze3e=-n(DiqOZ zZy*=Zgsh3ddHF!iEn6w7#Id9yzu;hy9RIgMmKjkyK@MD4@<##fALU^?Jj-6;sY&6|h`ngolTnSaWd7c|wiqeFX@ujNgxdbi2`P1ODCArFYz zR|={KO?`39>N0T6evblXgg4F`s0O(OBcX6(PMeP4MItx7?hgy&U(~w5w)H25Pn!(? z<810&zB3(|?uMEn;S|euiEedB%~pHbHa{?QE9lQQiZB|q4#%eKP?wyY#r%7iatI>7B!-f>(XlY1 z-ZDh3b@C}mq_VFFH96O?l4Q{$ zoG~jy5)+aZ0c4xpmVlx%D7?ABQ89WW*2S{@A08(OaY(rx5c+_7!1&7Orj{8`J$?`+ z+V*a>p8Iv34AnI4rB(PPnhmq~b^b;Wn-;FQ^^sdCk&K8=FLs7?k- zG~?tXgMw%MY^I5U%&5aXll|{$t$vV&afd!wyElpi@qZOIm(If2=O)h5emh-ri`LyZ zXvUQNbQ03IB-w9&nop516@`?zi-!l2l{*s^8%)xLzHm61Jy)Y53@_PXaV^a}tJ?T5 z($_O%sa?Tc9_*}VH7{P+qM-R>P)O1+0zWgDWizzB#=dLRYS4AbvF}6QNq>=-yYtWG zW(Vy*T4x!&wgX7EdaCgqWo4YJy)l2FD}UA|(T>nAsVs3e;}DHbGPg{$n@kO)u~4;n zU2E78>N9sSc?z2@Fl6Og%q^wUSk~ihXe_H>t8)e-mUuAFdZrA&<2Icujtv@dOc330 z+((`Gh<UuSBtF$>zJrXh#;)+J0qtUOR{L^LrD(C}wQ zC__g`$BmZ#IplS8H0;~K$^WJK?(!-A2@sZ~j4ax5hAkI~U$|3R;TQ%#5+jvo!^_6e zpY>|TRCyw$*vyH;oGqrE3hp!D^%%O3ve(~l1244>e`cxA>^^JHYW}fn>Cy57b(zyz zX29{#IBL*_tlEApCX8ZhlqX!R*WA)G<=SAwfJSxJ#cd-rO-VoYe84i(zyz4Tjn&xp z?~EU-dm!e_5wde^AWLxzM`LP*@T1?SKq7IbwC5Hvp@Aw)Pb?szz#K)&qTc%Uan#_X zg3FwT^baJuG8v8mDgdJ(tT7oSXap@FBdV6-?_>})g*8=BfHI62?6{<5S-9|=ig1`3 znzDKd=@6PZr6{SnB`KSfB1sCW4Z{GQ`Ck;*o3gvqjf?OraU$0%EdDHRxKdfk0LZ$Z z*l!zNJbQwUIBl78<;Y;;zRcNLs7tp5vliV@z?8cS(c#Mn;3vqQ6sGW+#oxdE1&?@`XXgAX} z%7i@kg{kR+_V3jM^h2I^KMBo%9H)DWqGEe>2> zts@QFMo!|t^7l4t?`P&uPkbTGzd=qF|Ky>?9h5~fq#^}1_MeXU5-(l4I}y_6fCVBb ztZ%(eX0n{CjCj_11=qlNKjwy4Aqd$2c`%Z6EOo_JCv(NXH=R z7A+!oN<_!ABM&1WU1JuBeX%KMuJmo`May9QpJSSk1Ue*JTiYAESKn37yQ^k<3VSc# zN8LW#+rx)@S?ZnblW7wVLZDREb3_fn+v5)s7-@pv6q$MFtxwOu9%K+H#TLoYOQ%>5 zogqLtEr!2vJ_E*|ctUnAZKA_UpaR!Li3lUy-dRI51e=x}*Z zm)f%h+rUkx-528CdeF=;NNm$!cWeVQys4Eg&I&f$t#tDR1>~v)FB?-*`XY1f@};Z^ ziMLcLPi`kCJ#OwYXCO-L;*DSv7G4%oC1@ibL77um$kXn!|Dj9PdVHBk|Ja81VaXkn zLVYNMDMjH&^>hFe(j8Oyk6zttorDMJmwcjUx@Y*!z!2-D!#(EO7XCD4RTLH59_o{9 z$Apkq>%(;JjN}(21j1H87I!U#H6eERm0R?{le*{HIxR1XW^0L0lb?1G+hW1@WJp6g z126;_C!;7a^^Cx3;}ekI&?rqzP8NQXh^R2}d)0bjBQB9MN2_s1JFZ-RAiY^iaX=i` z5!4s#E^qa>lJAP{_#|1zxbr#k6j|S0e!2(2d*4S@7hT3PSMeWrkdJ zP=+Msk$^x!`5SXl=2t^o0mY4J4uo)8Ds?(vaev(*}1;;a?h>$85t`-6Mf z>J(k+zTe2Bt0(yHhZ}=~9jsQDx!FB!?oTK42dR6Od)Y6mf}X0e0u(YdZl|Pet-LJN zF*6+%$ixEM)1k|`6ACLHj?Q<7AL%zcAJ})WV;}T|+kZp%*IsW=aI^`sd|FpLJA7|H z_g+>vcF(4^O^fV67ztHP>X z1WPdobu2zmfm|sE@zul3Tj4SZX>5+@RY6^$1=AGMtAMFwU~M_=RUv#1EC-KQP$G1W z;*!!ViHWzC(-yFDLeNy^WPI_=j+DYq{bY8AphAAGLa6h<3t=Jb;0?~3g3aKr&$q-i zIWr8EiErj^3qcIpwxC)zns18P6%5KQUy>8aQ^9?Wz{WQ^UIx)HJyx*S70G*)nO@2V zog9@jp0}*&+>k~g7gJ2Tv%z^g@5rkE)=Qf4Jy}6Nf>8xmKijhgrgcAgH4yhqRhdz4 zt|MAPRwGg_NB^qH1?LR69L;~@@|xv~FlT|;+hk1Ol64jH$q2~oNU}9I6_o0QC)VaBGQ9?^nUANta*@dW<%SobB1fFf33WQtUa3>_I z^zR53$RA`s^#H@h*Bxyd3%nT;|X#{4L5wo`nxTXiz z`kQ(Vm<-s#LY3IAuH1X`fcT-tu6D!X1S709J+q9~?{_PAp4)TVa-fv>GYfW`v+R@S z;@}7`v!|Vb=DPDYS&hTnZG$HY1@ML->Y)dCS(1a_aAvpQ!vF_C$j1BlAwla1jy(Wk zC6H-i;LDImK_GYwAPbMy^L{X`41&Ya61GT-uYqBzQ3tzmjhDB%FYuoHdn zFK>RE(9c?JpTR<>O$QPLJuV`9l3F^T80akmG3anV1ACdih^*XJUh~-t(gPiwwq9Is zBkIccEl3~HL;rg$i$($QwQOb zC`tBT1zV6S+V+o18@L8=gJrGsM!bnz)<@=XsdBhn71f0SE~$e?Q0$TNoid)ifscqd zcuvZa{wP+P$vxcVfk%jGHNt0Ch&*u60d86X1T#cv@UFe533TE;dtErx*tcESi{Op> z=3&-y8`%@A1()9m^FA-X8FPFl`#B}Ml@boapQ}WCM^`pvR{ZD2mE5%M-${)b9Uu9w ze3q4`U;T_)`e%O}3Bd5lK=?2cEm?{>6%Rawbk)E8%RNql%qk&Qy{NPDW8=I{BU#UA zG^ZPP|L_?<*EIRMWA#*U@^dnqh)QJVIV}&?{b6Q`PpjZ$ds8gg;`m-&(sknlJV5aZBMyCREIkv)`JgI0Uo{d@_PMA zdP9&mdX0lX_iSu8eFB7yWoXpQ9HzVN(LmkziuBu-T8q0HUx-)xNEn$km%h+i zo!e7&XV-faL*MK-e$q^?Ow>aP|HGeQi!7xIg_c;R8tbb+bE>WAcb0{kGRp@s?y_Nu zA`{qWlYVCU-7f#+H_JfOLExGEcn5YO)2si)e%C&u*7Obi-(|5FaSyXK6j!3eqLNPC zuvfG}Bob9R7f6@#W5xt5$t=i^u_Uf6OBbxoI$&fWj!QRfOROA5jp-HgQnsy=i9ms} zCx1yae)9d|sO7U}u0m+!E9CwTf;%#>fyj@v499`bWS5B1`*3Lpp2V_&5XSl`!UXTB zFIzCHU6TFo$3jk_9pezgi%PTScUL}Kl3}_Rj3!j96@NtAC4sD-j&ik~$fuNfoF9+X?$w%C_D1{P|FjsUFV=uGlp>y>7m@B3&1$K28c?3_$Q zHi0YZF;;)&(Np-8qp+=Wtli;RPJ*Kp>Cycg-9$RkP1a(u|R>eF@k ztN#*9t4hE=K8?brPt5Sto7~9^mb;PD)Bw^nImvV8{9m}F2lz;^r%i^aV=S#&Z+b+f z6M=WtZ@9@Rc|({}iC0aK8Zt6QhT9M?WqM1ytbFy{$k^kybs>AX^T?2hIhukPL>i7TtSg?4cX)6y&c%bqU-qQd#7 ztLjZH-oCDsacVV*OIfaxT#d`#c9Rt_H}AGUFDs~|wF%>DYt$gb@j!kNzjX0!H7paP zx-tokk!)o}fs%D0yE}){-nNi+^90S`p(|tA0-@{a)ebL>4$wlLEceR@-|2`TrgBDs zEJMUSrwm#x8xQ#9fXnqaSm8rNk)1Zi@l+J}h_)FTSnfHL4*ZwUuUQ8KgP*RS1P-RR z1AB?%gyS~0rm){5l}G?VkTg^1mHJ>XVQN?qd-_wz1rD#UFi=_a$!hr~+=W;gR|3cX zJ3n>!-BUdiuN<&%rl>xJ2bnWHCLNGT|Cbhyq`XQdmKGh zo6xnOa0m(Zw{$o8?+N#!uD)I$Os=1xZ+8TsD5ALeUcL+hs!z8*(l+SO%E1#3*utNi zmxjK#u_nNCjba*W<#hMy#A3cBD6cyizH8iukTT?ElUu2Io&?$gzdS{sDjdeBKaDR& zr3qQ4N4F3OQ`wOLV{f&k+sacNq_zR+@{i`dzSXJeCZ=Wtw$W*840Al8%4D7$2IZY2 z@TQ6E=hRLQdrU5B8^gomOk1>C$RS%(UsV?0;5Gtt#6==>g zJNOP&G@<%=&d;^T2hmpMJ&fZkx`F6s2`HKCC1C=d-X<-0rOa29RunK{)O+ST>)dAm z_yTy4|LUOo^1oK?LEi-BbraO~k>^>g{78*lqo2K+jKae#h{tL~f-ARj^JD|ea{IrG z*3y`_)dw2#hw;pmDh#Zuq}s;kO%DYt6?GxG?aY-^Uj*sdY34~m1rgdpj=*`C2r@}6 zaD@axg{qJAfKRgUAR%?8%;V0y%Pm^t6(`I(3G16IDfN}vv=3nvjdGLh)Pl{{+*sFq z;2AkP870;{5C)R*7a1@+y#Wi3Wnu{EoD9vfBT}&{fbJR?siMI%Ia=c#OU;2+!OJj)* z)TR3zjCY)eRw~B9#U{(v^>5TtzvVc8o$QcgP0iqEkeeq8#emd08&xF<=`?Dqs@MC? zj}_|%W-0s|F&$uCL);@dVUhNeK*4-9+=hNI{PnZZ#y)18`I`2qmB6r@y%}aq4e`b6 z%n39JRz=umNsGppQM?9+hf zEi)W;0QyxuZg6PJ*P#`A2e{=5ovA@wXCMvbX?{4Adx6me?{lg!T&4eb#2hJ+VcRmZf4kbVcHJ+ z*W?+p(>Junpi2Mq@JJ)&b3wsJ0357TdM#)k`Au3};t_MT`tk-*-M~WFbd;i@0$Z?TM31u_bctSA@LNE<^a#B2NYJW9OL+-vcN>hAfVSIYc0n7#brQ$c0=N!KU3B7~*PeJk^rt%9ht!tybFSPc{$T+~ zVXU@_qZG%P>!Q8EP#eH3GDm9uj2NZ)$_3Quuta%(Dw`qbe#FgF#NbZ$OudZ|M^pkV znt4xE%TBODMt;nQr0Bc(8@EzA5n}73C+%kk(o#HNHykW6&& z-~Bxj(St-{jknEUF-J`!YN7|4KsghR!>+F$9Y+ zxKYv`Vixz(=8)d(q!7Vx`sT z)8qSaa=O15`i+Qmhl`i4%%3=>EWwucZIQ0Ml%-a;zsnKkr4lcmBo6 zf5HAoB;h7&)`vieg~&?;WS7CNgI7Vxd!)a$bU5o+pFmUu>vzfgK`2u^tz(BX6?AanC}?WDe606f+;B;W!VhHOmRl z#neZr*@)18w|9{yxslDO6xwGN+FNHLeBx1EVU!q*f;W3~M{dQTE~ zsqR%KvQdc6Ju?RArbM`!UcJ+v9{dmrwU7<#@Pnmz4Nm09vachxQS07}FthUj_}>Va<*kzS)r%pFGu zVIbgOTqxwr!34P{b1N6KbYu)WuH96nBf>~&tup5C8)R(mxyF^)w_4TVQ`atRd*Z3^ zq`lqJjEJ$_n}~&J#sl!=bx$!5D@2p)?9<&9oJvQYaYjkb!nT5iMr9$jG2}*_mKrX6 zON#_9vvAYiuTMRitf{SqBKv;^kIH{l%=Z!IX<91N<~PnqhB{zf3A-pvr;v#fRr83wR5u(_HSO(RjW5_t^2(>fi3e2)nc6@>ipJY=q|~lv4C*W zODW5K7|HUt><%q&uI|*oYGH~PS@^JJU?br4q-O{*Ka)cv*qq4xBUI^3yJDd>)`Qe& z#wT!{h4}8S-o3(H5&=pIe){-D(>3m%Br{B6N7AVB%T>8wjB1qvdf}=u%_yW!fski# z3Bkz_G|HZPO|T|usPeGu{qJ3t8|v>V_4%34Q&f*kO7&_;sgjLw8dZ9qoa}$=SeoO? z)ZO*7WR)OG>VeHb1H=?TAVQ8c)U-H@8{m?Yeari`_UZHX)aYsvyPvyrwTJV?EI+V? zSfHn?-NW1M<+&PIj8U2Cr!UlE3?>fQHY5Z;ZtXH7+^GAJ7i`vboEPlXlLDpp&VUDE zr@8>**TIF@YgPklb!kxfUoKm=R5F!2|AI6FPhB)W3T-NYeEW(|C=kx)?T=1f>Cxw8 z(LaoY-*9|JK&ZYTb%p>G zRva8a-wGKPWVJ+@4EVHNcuxd$8O>A*T*dpoINlkIL3V;n$?82^DBjF(;FE1n)>Uq{ z7n^{(gl@OjTF1Hor{G&D@oe9X<-7Zp-q+2=+xMgNL?95FsqdDDe5v`H2})>y-WE$y zruv6P51Uh4&q=ZW!XBb^^Rx0=up?3vl>}s&N{}esQp68zT@REGz3mKRhE=gbre0F zn@v|*sA7#2Wu?7tt!YyX_y9nJp)-P;wFUH;76)X>2+J1)h1yRQP@mVO)&EUO53L!S z+uo??+G`lEFOO1em|YT_+Z4p4)IQTe16z@;|Otoep%#sJALmTy%~;dh&@u( z)gjc;RIqz>qk%l59mWcx|LLq62alyC?}qTuX6_9FGM-h5Zt6s`bTdyG1X@wM=HKB` zvPkjG%Y&55b~4gcSnb#qctU%FD79!1sPJq?(3R@sG<79|_2M}w$OaD*ZZQ;9cdEOEpKGQ#8sqB$AmqmIVi3~ zPs%PNPlM=d@Es@Cv8IhbV_(Nu9tm9Uv6$#)K8Ol)lz;Omen&^DR7eyCt` zN9C)PY?aB|CYQ5LsbG^x)iRn0+#eMXyWQWdvdQFXo6K4_k+)%Rbl^nzXzS(&f+eXR|gOIWcS=o8jjU;%lOX3q*=pZ(>ni*af_(RX*Y; zh)FM=trN-?veh-cwaN%2ijFDPCALLw^r38sTEjZ z_(Sp9x7!AOCeviQl^u=WCZ+tQyirvC;KgBnfX?VgAG8NVO z9Fm;-lK#8eKU(?HB<^Bqj>pPqxn@}x*GR-86z{azA~Zn97(UjGn2ZinTD*cB;C9%} zS89#Vh}RfA3#EEnfNAZUw%7^hhOYko-pKzGaqfoLFc1lscsd)L$UR1yjb6aYJ*HW48^!|EZgdqlF<#A+ujw7l#Jq@EpPZK;65` zqFHGiUjTkY7FHB~bnO|$3dSJyC7Q^=YAi`+qHR}oWw(gP%o3a0s>afcY_u;$zJ=IP7Ma+Xk!s+L&;#oZ{! zNywt{7N{z4sXQ}tSfmEp-ZoIh{9kJ;$6h;G%>1j+f? z*9Q)j6;jL~mcC=eg54EgEGCXmd+xn0(*4?q9{?=;5t|u zek}t-^E)+s``_#e4RLEDvs9=wFt!UwV6SF;QV{;_2-Zuk(R*9(GJBp_>ps|_cH;8#Gf=Q;D4e-GKktWENnW9~!oj*M6x zbc-L3U7m?eF#uf&EQG)nBOx&~{J@4}O(0^Vyh8{@{i6v?yBkcD@O zT_+UMZx$j;Tk&p^-{BXcX76BU&UK9#)zxP%-39faqbq1R%><5N9I=>E`*SsFdx!lqy`)$Edsp=0t;}z_)u#-Quy?4a8x#{ zekQBHU;V}|>W41Tif%#GK%@Y0x&Un$tr5RK-dt2O@^Kbf(QsppiNcxYG*~|54xCjS z&oqz#Kp%YUtSeC8PTK^c`T%@7sMi?O&dv`^{BJBXd%iIk93Qa7{{SU`Z>v^aFuWsP z-z}&c$jv9Ihl7IyzzI%0w}7^Wz!4IFO1YFlU^*v*B`SSO3EUyK z!t_;(Ix@>J>sdn3L%IRWiv6syn!g=)rb|!&C7(2+UyjB;nU{qo)${c>K^NDnStl3I ztKH4Z>BnHcx6kM4E~bZ9{CBoWi4t6Ot95jV(>QErGcDg=&gY3dzE1lODhdM`v7w0- zdU%C!Ba1P3AL7=vGOsqfxOn+IZF@NQ)3I}(9w+V$$7`ReTA*PF`9I_6inoyy0)v#5 ztRun5F!w3{wZ?4FMxD`dg4a6aH8rbu;28EhTP^4D2X;%*Fz4@~3e;+&8wMc2AWp-r z4LE8#-PK^PKyuett%e%sJ{t)NNqH&@1+@IZq_84a)`z&+8w6EhqedXP6Rtcgk%Vk( zrVglv-8jN%;w1d#U(JY2AGB7~1XH^N+A~?%21P26hu_SlTw`tBAMAsCQ01(hgB+L# zj6_p_=664y86!&HGCEvXd}cBXqN+0xSwmhW#INQ2(&(l{9lxz+EeF{|sTO)V{}1a_ zlV}HB7x0(jF$xrRkfbj-Mg@AlSzm%}( zw&lskU40CX!Kw|hRR)-nViQXWOLgQKNSqA%E30ynqeLdz14*coH8{7mAL>MNVa{9R z@c1bw0lFbC+Z6`qss8GMBRnyK0yhr5?{=JS?)L8L>>k?&kVsD#_~AB06?i0q2oukuz|Zg5TYM$M4X}UMWjdi%-Ic5 z;IElWev|YI>!RIX5{up#H+mBtuGY4=pKBQ0D0)>zq(KbgFuVb5R)Ox>gMRq*P@Pi- zOgSFRdCJ)RVD@WS*`@>R8G^P(%#G!`+jN{|?P13LkO=S#S0q}+4;tFmJ{wJaom1ay z0abOVED6C{eWJj{wk_4G{X*#m^=S&lwHOPFwK=`n@6fRjS>qP}J<<1lvVYja z9Am9CUbV}CMdlTFzef6P4wdD+V+94V+mo0`@{-67jn^Iv6qt-d+DULIrme5}2` z@64mG6MuJWzCY=+NCi^~&*SIq*AF0a?k0W>lHA>5s4BL^QYxeEwdvXa*r|X8MdChJ z{s(B}9W7-Tla3H<8h9%x;efDp=N*`p&5$-^e3$yPY%9N+5!-|RU1@x?-jVKh(WRT&)bR$@VcShYA1?Q&QO++X zI>{0?_YgF#?Cr%Z z{Kgd?>KGB9As7eAUM^GT)=TdL?Fb1Zap*t+c~LN*oX|y+)PU=O;)*es`EwDL9%7S2 z9ZvU4$Gp39gY4e5KM6Cv-JTK7-PdXjq_$&)`pU>0g2ilALbbM&tn!kQN*cROO$U(F#v9h@<(foKTxMd?5)G<}l(+(*ZnOGl@| z`+oPEtL@5}Fn-%gBNeS00P_E$?3{u#iMw?l+qP}nwv9J-GQq^Q?POvb6Wg{m!Ni={ zcz3>2wNIU@bF=qVUv=Mf_3E{r|L=L$?tHRJ$fCO}&1px;^7UPsQ30|H&dJe9$q>!? zYH?9@i{k-bAQFq)_u@4^noTY%7VU_-1BK2!?lBWne&(xK05|nVs~s*l3jplDkKmqMn)up}cz_U0LrVs?R^Xw+?Wx-Y(-Mw}bb8$hmAX2b_;A)qCMUPiV_6 z3ZVA6oigKg`M~n4KrL9KoiNNk{(qQ_t84uISV8$!Qgkwn=FKQA+)m)xL&}p5mk8c6 zDNSP0*<$lmXWI zcrkxTI+FsBTKoc!@iCd!!5S5mm6Ht;@mBtwdEtUeNjuf99U zTK|dq4cvgE37?8e{Oibr=oF?vE%rZt)I;mTI1(so`b&ao@TXAsg!JlA7CW2o8X0=R zkNPnrI+^n7I1g=(T?#7K=Sz7+wPW3qESWv;!cXdhCKmS^063RvV{tcpq#qq;n?W_J z3$q}yS%jEd3Z=i6!nt@pOphw0XQ_5xV;?}2*g>lJ=5YlN{Te~U>h4LEacAh+xWgMe zw&n)YJ0_jcHh!2i#4Y(xi>1>h(p0`Kl)@v64cHrbj@6Ce8tk_^$T4ZY;YMn{l` z?@%mCP7mT7<^Clp`9!*p*zQ}8@Srf&mFdJiP?(nGCiGU7!Q^&FeyT$vZEydBum5gm zrYB)KefLh$)ua4-JmV6r$p;V*!$Oh>&Pq2yJ!WMfR~KQ4>I~a=FUTv2<UBa^X{HgF_zROAp1S6x>18kSU7DvFOHcV!2y>%tmpK zy0(gyAEQ;2tx?vI_8$FytwwX`xlgz~M?;|bPY^;{)c4ws-$#ai9n#?p*Tb^fWXC4V zRIe;%Z-i5W1r4v%@70jGt3yp$pB3hzPvsF5FLd&8!(X)@gRUykNXQ$@p~J``d+6qG zvAj@^_7Z}JqRb6`(B#%UP2ib!dp>u?LeQ%tCruvG(ob749;;)&nqt<n5)UUzIVmKYR%GQIwMphN`Kk8+1`10R&#ori*ax5cIr zr}Yh5csV{o-4nw;Jok)kg_wT+v0O6Wkr`7>5oMhp+V~Yd-1F~(#q3Ck1Nym^tSd8;F;vmMuO;&ii-ZN6J;5~7rjD~Pr+GRVU-?QC2qT33fsg= zAw+lGg(&5O;@5YOubVlZ6W#Bif!)u*XIDGKS)#;P_dy<+&OQm|9uwxd@p`sK;~O-w z&?E;^Xp=w%X`!9~-uWy4T5gI|gyhJUpH2cqkchgVot+m-E9F}V^bdpGLlcBiW{dUM7t>w56MXwt zg)Wh$VuHr};U<~k*DB{wM8QE(uokUno0fZGrM?Pgfo&rNbo~~(D|kG{)>iCJAD3jzULt5P^M0zjBH4As*C-6fHs)IL z0{v*5|0x8)=)^4hW38j^4pr9rLWS#p0YJ=u88jUgNu6X{yoU!9iB2pfkeq49#fxBX zmaVXqsDU_)t1yom$K6kY`6kJAy`>*^^_mzjxu9~0isXrr#+lNPV1(<5 zHAmJ&Fmwn&SRzU=K=fPf|LxzA;o&%i7$h7FmDqA$>y3aLVZOCsqzvP{Yw13 zo!p(FhS(r0?4<_WvQHs0F%>Jsor04A;U6P@-97mL*Aht zZ*~`qjqrzuKzhW-+s$2`Uy>#*-5SX-wlj$aTxx)H-?+k07lE_77g z`v#@(m`1oPq>R_gjyhsNBUSfa;!R9W`Lsk}#MYZpvSwz{{kZYAGmpCSDZG{z82=t8 z{0Q?JSzz2^9^*99$?SjlE;jcLaDL#>(-HC4uPB?XR{F8tS|W`OqLG5OBEV`r%ggI?m9m5+R@l=v`2^0)qy|>}xm1fnda}hwL$UpkRra zd3NAK&8%!Jlt}jlM?Of8g1?xqI9yrtK*F?%tG>0U8`QHot&xLRrQ3mNNxmozS{3|K(!Zm^(1O=ErgGsic2MFrFoM^ z7tJ-w19eZkK>m{pvi-&iSUt#wf7~sXtzV?&LqTI~1LHymCZoQLioSK}0T^n79-Qrg zLE$#cL4oPc1PN(Sz+C zxo;HAFKT<8486z6GZOAt#0`;0_IM*OJ!0-85n=@kgMb`!)3Z>6Zu&E9dHU+&^)#We z^LuGCfrX_&-?ebo4ssKU^t{lj&us`qVoSj=kuNS#y#62mv?|RDMrqCMD(rNL z=9f(0(1qQnN*?T5krT?X%j!x@+xcswXLt4A+*~L73l%Z9X7N}@?1NgVAML z_FGJ)9)22LmH$&#cPeW0AH2toChScS#cMQVC4$3U&^SW4IyD%KZtcQzRfX158vD(+ zs*q})c?g~ykt(qevPyop-cTRbs6yHPAq1-}z@z-zSG$R!nyVnjqnqQ_V{v%*S7Y_J zLx;T-ID4;WRsBE`_Nf3i=8*t)=jm&vms_*pvxu{bM+?nhwLub#yY}y00pY<~lx7yY zK#wc7!~MINzdAqvIiZ-FD-ckzT;zW0`7h!Yrtsq@L8(Fb<`xBf0D30bmB4LFk4c`B z99g=e^%n47gu(vX7!vJfXk)6Ux;zQBZo*MlaFW!PNaJ7R!Iz>8950~c<|a0Mm}=ZH^VT=?WY=^(q2wsZ5mJATiB{$ zWR;Xx9V@|nXckzVfpaNq(&++TYSCeW@^Pkg~EZJ#Qum160jy=dbpYugjD-w{++s* zml@Y9J6x%8Vcz-_dr7wYuuhLLguZ6m1N`$ z(UE#IsyFwSsf9D550k`ZUz-n5S*Hz7-VBCmyX?6jqrFtl5sG^GgR@^ugd!`wF$kxA zKP4<}l7CZIZ`!yqtZ!cDw#l=gx-U$O4z#|+jehl?!ez}eLQ!J4nuDrxYIX~m%z~RD zXV>v0+rkHn8Ak#Uha04PV;n544vmLNP7?!(#_XQgFbp<&d6G|Zqv4g@-VKr3An(Cu z?T~!yUomoXU4^1zG|+n7A~B;Xz@_b+&h%~5AQ7TE+d88^b1cxxKfi45xZfLB2ZC-o zD>0ps78ytrHFzZ9uHV9!8~8ow2Bq<-qfEY14)6tqs!o$%Kcc{1cs?sx}pC?p7|DozdO) z$LvCkv52BSUQ2z$wgo1=muN_Wn>50`E8t|#QQ{9H1NMb!z%&q}T+WusX7x~{YMP28 zYh!`;JyTN&R@l&8n|q=e)D z(p~&>Ej{@y)y!R+k1M@6f%%$_-*+nmKX>&`f@PJia-wtZ0)Wru-&Mtb#k@Qd4Qsb& zHd*wst;~%tmk?`rg4y%Spo`W6bGKKZm|Myx_T(({-CFN=zI6Y*jhx_W)p6HB}o__ zOM<)XvymOw%v^F&$e~a#byodVE-|bzY3@{N@64lEkHL})>eQ*FqweZ+gEOIt zD5b?_29}lDnJU0+6+^~IRvuL^(Wq!LqK5u$8h0=UFX~ZSULGNVzu-1MFTlhg?4n~{mWn4EgCRc;4tvqKm=P64Vqtg$zjk#aR0(0p-Zuk%<@M{qjGOPG#utP1OKqa!LNu+(xrbtXR3#7p%)Wx;)3O%Lx;@~^Rg`$ zFIg7dzS&KsWK9w5$ui0%zI^Ee5~IsqJ-jDOCfKI+Kkmf12^9+*_rh zbYt0N>9{^a&9T*ut_fxZhSFQ-o!N|3!PX`8LUQQe&z9>@XXUx~8sCrm_)Q|FmHaUi z->ETN%lu(6O{Hii~&=EuN$(z#faU!e9-fDdbK zPiWDnO6#l^`ZY`nptTra{#2#wp}p5#UD)|uQI=-yItk?+3 z6uFa|5?O0G082}sEzobyij!QD!?R7w8d9a;!V~W**4Vgpy3`R+#Kqhlu68tCLdU=J z8-G`$!D<2~BCzwyQr_LewV`A0F(A@Fa6i`@67~%t^AziZll5J^Un90NK;tC z-yhX?M^VnIa+VXz-9G{pNA*UfYSjz);NZ5YO*L=;yOT+&?6+b`m2aoiNpteClFPk+ zA}sgw#(1;8Gxz49DX7p08zKb^*s_O(c2`JfcFGvwkIL9@1(2Z`aF18un>>jUS@0|` ztMXZyV6Yse3Wf7SYdw4PESs`=ygzCF08Dm&`=GlM6SpGXzuO-Q;|&>A2^O+;Vf#$j zTb{U;;9EX|J*O}HV)6Ey=bAolQgIBPpw7a@oXZ#1-q{2tXI%@mP;QrM27M($3I`WW zd*wy|h@r#K%l6B0p=sC-Y22s&WSKsy+H2BY{s=P*$|WpqOm0j~a@I7MWt?bv_m@fQ zV}}`8l(AJFO}o!;*AlPBbW4+q$ac>U^P1gP+Q?l*$F7XRP1(Vpv}JZn4mUKZl7hW; zGZ{f9WKYMNk(37MXkm^Ea8PuEw&j)T1k<2ABbS%+dCdx=&|l!#?aXH1>4+?~}XC;|y$B zbm&T%$pQqSs1tGtU&_Ih0dxxtrQX`dNTIjO04~B-dJ;=}8}fB@7yWP%TUl`nlFxdV z1Q@dxn;UFX{^Y#p9CyCle7iwiDYjuGR+U!|idEyNW62q2S~E&n0>M~-JWcX8o6&j~ zBrKfU?HI<2*{k5BDj!1dO_!L_KL^`$F(EFLgV%O;6|F86)L;#M(KO96(_Zw-l%tHu zxHeDy5env^?^d^uh{zZ*hf#s{n zk*?0tqPXgWnWvn^Rkl(@7iO(frUuin0J75Co_8pyEwvN8>*F*u=5|w!o1Z9J0LRSrTC_F}m=Ydn@+Qr+H15 zy5n%wXBnS+XIaN$&6!0fUD+an>7$`oP{%=8n$3+?D?ehVSGUM}=N1*4X4WXtzk1W0 z+Gsm`0=Ld9<{ryW5v@a&nqZvFu$ya5Uy}Y3FHk7ET-nn_P=+SW$n&MBgS!i;$j{i% zsQ$bci|Z8P0ct^OLq&ONW>V31Byf^l{!$&)zO)lePdMzIEb#}oisGXu&DIw zA@kHW&3`GGROC;-VY^lGKM%bs7fUqT3i`0cZ28Ati)ESQ$am26?hyL+E3Bu9uQ!s-pg-e?g9(b~{%M zJ|>iiv^&EtY*Aa-D7bQsb3l_MfBx(1zR%sZXI4`yhO64Ty14A3vKlh)_1re=tGTmN z4{0EirPYg^ox^ky|s<*Q74pl79dZ zx%7M{!cRrZMGRV~kl!9y?{A6NU8XF&tzi-ioSFw~|(P!Xp*P=k}UVfdLBY zrGMl`+u~goCQ6D78UKadKJzNxM_zd0IY>M|+#=me>-IebArS;<|YVU?U#`0(r zD*n*>7WTkF)@%KheIJuYbT23jp;e$WdNat2C-Tw#DW~|T@k7sSmZs%hvu+TTKJo`u zLq%v?8ml~{7w0tRy@gnACtq)lc}Dyb-Nd^jSCPUS#=fd^dS(!Zym>eiZayI=vDdKO zV!@=F#wGtKr#I0pp5&2pG8wk69;!r{v?goftzg`52JMXS*w9!iWzMT62I3ftxTb(K zWx<#z>XjLd8@Ra<7-p5w`k2f5{Zz!L3sXs7aP5; z^`)9?6}hW5n#eyfFIIXV8Y6$5`cZ{xCSSpM2h=*~j~Erc$jTo^rM_kdxT$G0VAtN! zWLN_+gPIxY@Z> zB1KoW^l!z`A~yyoX7GsaCKil7Ht}U2G-AO7X09sp z$%Dd!X&3({qlSTS%NOsUHcOQ7WK#nwHxp0~7- zwSD3-GPKE4(fS1-R%;8sLwVx#WQP-vF1k(mUe$B5`KQ-Zs*DZMco&XL;80b@Pd?z`9%I;*=WFCe z>lzim)f}i;rUI-U$+nL3D#Vv@@h5*0;=L2OOcZjE{oNa}UW|FjKJU@-G+UKrTvX@U z#O5(SL7re)qMXD-TnnR5pt=>F3hrF=x^+MpXj8f}=397~U()=oHZ9*;V-FV4Y%IUq zKAkeFAt>Or*{a89O6Ml@Q1YshSc;{cUQ(icIF=AKBIsqlPf@9zN(X5!G|)*+j%}t^ z@t~%xRsIPTHCIK+;WFqWX{*cXXAAI4{|ta!l$v!8E9Ng!(Z;yDyNqC}*qh{3s#4xs zVZyl;wltZY4L#?3`=}OLibRW-RawyS4_o)dAr3=3jz>feFzd>`_-;VpI$Y=|79&*& zXhUoGMxC4L5tk@ddndkK{5lFuQALhnduWK%a|74f?y?=PsX3%n#ma1j^@q=~BY08g zHn03Gsz2DqSH>s5K3LwpoO_E%26hRxz39M|9Q-MdQq=mY1Fd+>p{9`|7JXh7G~+$F zHfJK!krxB)0(#c@7X-x|M+7vXCH4%hc5k$gtQMjlD4MX`d)w0d;gMx9t^4 zqLouO++~2?qa9wjm9W0bNAASa=6$3{i-F8M#stcE;2@<_V}7w5un)0wqSVyc+rRQX9@IoN*7KuboYKb8Rs(CLo%E3s=` z^S2qZK9XBI7wGH*Dp9eCAQvn*_bxO-L=*2r*4Wkq}0+8#b!$#>Sw9u{auKw zJFz}Ri`IjhK75y*CY^Fj6tTVEqg!3w0!0+2+LG@aQ+$D!Su7#Y$k3119X0u<%%b%~ zYG;C|mZ9A!-3onkO%a21#N{m|ata!ZrbpBoTKDt@rm|XmVxwd2Rif;3Tp2?P{cOx; zuS*QoYAONJvzkQtm^kgOh_zGw=P}%Kqm(<0?7$z>206iaw>JjLP4*SYlVtAj>vhMv zAK+bYw!811NPXaEWok^koao$;lc}m_N4i7Us*_kpKUD&vka1#)HFo}PpC@T~ccz96 ziWEG_dHsb(_SWSvM>0w?sn*n~w%3=E&$wOFNwwkQ|9vcmpH!H06D%&ZMDceeW@*1k z3exSX|KolAlKj~!&%D4pX|O7}@KiI7igydU z170dV`>j0Mi|7rtg|)MZdLiMC4%>nA#$q8J6)1L1kb9*2Jz`3Eje^<8+ zuHv*ogY#0GZi71N?}_~;juw^G!3b|R1xF)5&1#WL$T_&^1;FwQ)U3<| zO{!e9KMcFupCg;&;xFZSgrkwGkcyA__6op2o2?qo5VJFL&I>!Y$vA4RzS|hKF0Dj) zmp-u|E3wtkD%g@aV%>lD77fg!PKMT1a+3{VqR9Kuq>jG(H^<*{U2)8*V5cc)0u5GB zA|hFtY~J})qhM1!v8Vfb`SsPy{^Z;3>+hw}fuQePTm3_Q?H31t=3;C4wq^TicJ?x5k&MAvA&CK&c7d-W z;N9;=76gJOIen#>T!=kR5)2yJ=!AeE2f22y{n@M^YXETyC8z^5PEEnlm_2cTQ=tdN zF%C%x;-DytWf=3e#@8i(&Ynolp;llQJIP629}5d0Yy@aHHgt-o<3QBu#oRwblkm8O zFGG#ghWQW#l)fb9FUr6{{c{n<+X5pJc|S6qJ*%O2J|ZX{iv#p=X znVBzmHWGwPj^Vi+96h3W=uP-%y=7lT+1+r=4jxA*(SnbL=y%3>%fU*{7Sm5%)e7A} znqT;I+t4PSpQIv9VXnFm!pWWoLNOg#J;Hqk3897AXBQIBN|qX^9+Gg}W6~<{V%E6g zZu>z1`LZSfPIF$;$}t zxED1N^G9^{My8T2>AgY|m2>X%u01@|6*DiX{2v3JgC8QS^eh8LysVAVB zHforD2-|k9oCMt^eu-*XtO{5nA&$#mshTboGaleoMPHXRNZks;ELi7wj#3K~=kyPn zRxySoD>{tzzEGM~Mr|{a4VPd(cKA;zA^AjmsCU`YtyXZas|bcP8st5J>3m3~nexddUH_h^s`w zdv9+(3f!&H%J(3&MN4VVLCZ%@JP7>^yAx*yFajl$+yE%*Vx-s`m^W{Sj8Un+IN1-s z-noW(nQ60$jrbNX!s=Uv?Wu>QoHoqAb7uQ^gIQm`+m$0!j@T*KeYt9h$0d& z@y(lINsU;4!r&`iJk!W-XW?@Lzl?cKAHeLKGc@S;1XvMfBvU?| zU%@Bc8EsXXb6f2q{{ELL+789t5K}N?hNn#Adg&J|eJjC6X3{t!b zeH(?y|8pTDWAt^!5axe;!zrxJo}Y*#29Q|7Q#Vy!)x;nlH((3s^!Axa){r9rRUWu- zyxBJ_Ep+|s4*5w^y<3Z+UA;=K=GvF5x9@hfyLydPty61ObJN@TlreN)?(H%;ugRfn zn50trE~HHBi~H^+W`a#=Qp)As18`)+OA7Gm$@{uC=D`J)3ZE-OFP(Yv5Pg(#<0wfF z^#$&vJby6c{}HPh@7%5v$o!w!C*fKRO<7NNTbP^!g1c^1%7>8xsTjpgj6NvnDy! z@@z9urL+>U{90uM_Bnm;qN$58Rn9(zl-(~uv}h~PzW$uM@-Z^Qt~*~q$gI1q zh3H3i`(Fq}exMs~2-i|d5OK=yr{^Fedr`x9UmDP&tgsgEvP$KPU>Gxn^uuT$-G0id zbC-B9?2>}Ot;#05t@*hRg*WKX{U+m&dUw~uLJEWlI zOCNT4npe-+#vst=Kvek%_<3gTvIq3>f&p4heDg-Krn46@48N*gqP&B1rqyLM&|W?i zQqf6!*s!8rehB)07;oZX%?_OK!O_1z52{!Kw@>!?@iwxJSUr=Ni7RyuuTBhgE$3gb zW&I~{(m{W~Wn2b_#ITmm-=ue>lYS-1%BOuYe{kWc1u?$&37;Z!zV_|nD8@ zwauyR2F`~q_e@&akKif6R}mSsVjS?7j4#!eg_Lc@H@qsbXGlH6>AOMZT%HS4w8dn` zjj9F}0i8}7#$k%C4*@Kh4{#3wd_wa;KY`LWVufW5L=;t+lp`lbf)4~e zV)uMa=__)qEHjNd7EVY_RTzY6x>ULIU(%;qo{**&46J1TMn}Pv=$g?+0`Aib3DXPW zezOKkf}};a|EV00w8Twzp;3WF=FdY*H|R(e!}Gp=ClPnslL+)$%{sx3Xnsihch!*JwT&^)5#INo@r z6Hn&S%U~Cnfsxscd&B?^LyBSKZd^#N1~YgNLae{k_m}1t3%0#PVdBT7I>2WoV*{aA zhdY!tzG=K$s${PDg*Dx+iC@;(qqvc8u4#+<84=L1wQy6cX{gYhdcm=vAGI~*(#~*y z?9*mRowSqMo`UDQ5DRg@N`uftWJon9w~V~M_kHayO)w{sYeZt;5lc?fVq~F0pGHNk0vJ2%dMbwx(q#KA%VG{9YapN0GX67`DG8O zooqYfBk57TLyXr8G9CnbxEJ8j3*he;CA~^T76x<6fw!~TYKg6!5lbmqVT;sfT|CSi zL^w9H)v4X-Wj;Hl;C9|b zc_Cp3RfBwKDh^kT2Tbdpu_1+Qlm%hve6LgSN%@jl11gq(hJ3UoM4SS9X-{964r#H2 z1hDgN6wFeM4$r6u@-8O@TSL*n=1{v7e~W2iL8Puy}C0UmKwrZMzw% zA_$2sXe*bGCuGQ88p&6MF3!qXFv@i?9@!wq^7A9;b9$iRBCr<<(pK;il^-U0J+0Oq z1jyjv>C!_7YypI@wPa^LdBq@)W@aF0#mSdEv` zY)^Ss01<}m#{_F%zXD1#y9QYuX6kh%7*l~D`e!*6S=2@UCDDw4VmI{ma_4Oz7t$ZD zS=_({9U0B9 zH*UZTBZ^O;N(+mu+%>RSNv{qSUJ-Yifa}QFqIqc0jQK46e9FoVB;&ncQoIIZs z!B$7~VX_d1#x#IrfC=f7>)|knW{<|NCb|NlUZ@o@J$_n{juEd?%((+Ys0v;(LMA=h zvyxRds8@oHZ&hsaHB&hoajmL)LJNp`QQ;bDTU($e(*@uUYbhD0TXe)075-Wv6ei{Yv@SFmlZc#pWIdevmu1oPZU@=lO>c)}H=BzgMldwj&tL{?% zP^3*6dv8p;RFP*&0X&IFGk21VUlth~9=F{rxuGQq@SPvUq4v0;X%5LJ z+-aMwd#;>^jM{04D{_-wmJv6g#vAq(?;Aeeeee05L$xzzcgo{0QJzHs3_ zdQ@=pV)B+u>CY)|((R5;)OwmVm$JsAk-V=wasi9CT&9;r#$$6C7^In(qtdi%6dj4H zDCz0`W0sxbqRCs(Em>-9^9v5A%cL?Mp@p)gU~`pub7GLTW*2Prtd_f}c1p|yt+U)z zxAl!K1AEh-zBFT%0p2htMMV65S*8$XrlI;uKV2pUU_DahX;T6S#pLUA^lC`{Xv-6{ z_(=FF;9fZhQ1F2U0(%4?fxsyN0>LSNxy3WiI4F_!#0?x4-MLmg5SN(7sr)(fdpuP3 z04Pq&&{8b}y_+iX7knNxBrpiVyIeHMyP_F|R~b$$qa@eP0)*tvGCx_#=l}f4h>L1d|t$O3a+lHeK{LCd%u-S`=7ySpj_t zI}%&5;YC4%5z>!f0%+L%s;Rvpasns^#^tAHdX)<@g=ARF0IGl+dY&#?H1NoygE7Tj zZqY;NZ^SC*FW23foIoFDCG8+pvFmA5J%PZR+x`y8!AY%|>ZK7DB$Y>jk z*dHcaKl86%)Et25i|-m=`5~(HB*28Rh|j)^@&e%BGhh63pHRKFY0%Vi*y?lO#LpC2 zJd!WDm9Lv*E+E~L?&7u+kK(@IU1z#=LPtWyqP-ij>P}XbP?7C*9*s~*rg2M0m2FXX zrz#Xz${Ln_>EM0BuDsQx>2@p4RQG4yYx1AtOYPrSZdQGaF^zkd)J~pcM#8XRX<384Dtmlew?GV*QT)1A!ScNA%zACih9 zY;-4oOQ<~Q4_I(V%wS>eXbXUMX zE`^_$&(w0dRt*HFLqy=WtWbWcKf5xNUcz2y%C7yTDxx_DUlatz9GM(ex^Ni-qoflN5G(_+Ml}rZ4y?{I< ztbuo)py^4EW9t#o_Xy6D{6&fas>h(bZTT8#uy9Lif|fmFIt zX$(&g^cdwk0%IF9!9dkbej%YRCMSj3%xM-{jw<epHqXioa2=$0oiPVMv}@4d$Os z75f1h<-s4yGe=#??-I{Fhlq`z5)F!9#1D@z3B_lpd%&iQh)JNqgEZ^hc^U82uxd=X z-+_KRd~jqKWN-)8Zt|A{QH@En;IsaK-Ka67`SaM{&fb4Now6x1iRKTacTxnV1l9lg z^eRiBFbf>yOSF$cr&C6+upEZ1+`38HO!oX+^pw>p*$*ch(0KSIM$GWo9GN4IcQqcO z0ivT)P{2>BAwxy@iDIZPltBPl>8xPytr&{ zlJ9;&T9+?h{!KntNUKN-y25a)C9>Q;OA@Nn7tTW5;uzs4GWR}PSgipx4~?NHG|!YL zW}!SXBf*~Qja{=%T)sDi4AlRx$gC84|>Y}|gY$i0(|4h?wn6tO!@N$RciG;nr1 zZU7R4--S$>*T24cjtT-+${RoCDB|g`!L}{~%GCe!b(|3%ei!onFJ)9zFydJOMFT2P zVfM^)07Sa%u;;I))aQL4dL1;2;9?qt*R`J?3yLOaR-n;Kh%XMT>{L#suhq2*jgL_#1mgsNd_)KH?E;F4Qws zq*&8o;>lX1;~9L%O_R};^qeTm$sAI*3`olTGaD9D@+Vo{N|y!BvMyedW)4|h%b-f- z;uPQ?C&emmI`Uc|3^o5QNYdPV4W(~kXko09=`x7a{D)8Q%G{)E8YtuhUeQ~+((D}! zhXfWI6y42FKqnKNHK+UzES%V?^xpK=5l-aQaxP9wL4*f$1ApL+Ra{tZ6yg6z&?@%6 zSz-K~-VscFS;uHZtaAXM2Ds?efNu(vS045(JXTe<1vKmbr07W>Z?8UZ^8^Yz_-s3;23~N6qv>LP7~(A z61Kn)d2CEnV9;)37a@WoL6gp;QnA@RdKIsG(2I`a-$vhCmqB;PJI6;CV{AxjHnsG#u;rPu2L+cmeAYt_xv#nsypHs z|4#f@M~=nMKB><4;+53|qZfqs@Lhz3zay zS-cl$UKSk#n6D8H9KQO>%Lk8g^u|_nnJzOvx6JVe&u@ zVeQ}oVnyjPW7bWo!pTRJX&*j3RNHw;v(AYeveXB#%3b||JZ}jBkL9pH?4@q}Pvro< zcf?D;yO;eNG4Iim(4(-|Q#sz4bkmo#(850e&{Fx8AFn*XC8BS%e2wa%Fa1^-@)PJ(kPi$$ z7#IMWF)LSoA{%z|vwg7s=tS!9HG}JwK7B;GGaV{_`!b?deHNTx>Nt2w_}mdm0M6$t zea8s)C5%x48#PMaF+OGZ)MU@AQ;r`*ONw0gA*48(Yz~GicwvmOR3yxZgE3~c0dExo zHEby2A+>U7V|-EVH75O`{%>3`x+NC@nr_d37xKIx@*QIT`E)vYxPDzLKYr{Eot-8E z?U)ndzJ7X;@GS(ggDQtM%*QXAB$A@+;wG#zGT;3d0L4H$ze!Ec;9Z0%Db+vU1=}wd z1Z6fK`D5XU1N-p4X1fmNbKo^!*3*#w?=t?wa5~ZH|7bEk zod5Uo6#PFQd;M#mlKJf~`)IoSWuLa({VJuZT>UB)9vAGPhT%7VbN#pL_dmXS{nOhw zHExaZ=>0J-jPd%})m0nwG#Ybw4cR_Q=XYbE1*CQ1(+U&yv5w}$PJn=YqE0 z$DIuR#4z|1ZS?z1M&G_l;}jg3(BouxmBEy3_jY-?#LKb|aq82NfzkTgG+t6$1uDm} zB%xq?W=>5f%W1rXe9<04vU-s1baI7;n=QN)`mQL*hmj&fzuFx|HJyhtO+r&ru)n~f z4X;_n-T{{lgEfp`mR+XtEon%3QPt$3v!#_MGpJ}N|LrpVM{m;C^Z$+dhxotyd7dEt zhkkbKJXLnkXEM2|YT5nFX4(Do<;DBcpKiWCp%K+Jwo--URwK8c!0luNquG~X=2UP0 z3r%$`4dB-OKPlS(9_)Yi^Vsx%zwnvfi3X67jB>gmU4xjldpS;z)b9zEUBNt3!$i^b zwVy!4C-u3qPuEW8zw!RBp#j>a|CtPR{y*-I5BC3ic?AE@H`ik|K*rsZ>wv^(lNLyP z+@c54%2m+>X;tdzg2t1Vnl^~Od9*$#Ka^a*xjel(y?J+~Xbk?{IjD?^Dx*K7&gh5p zw{Ne1IlnpkUYTKH2542EjEMR~)f+vDE@f0vmohTzQi`2?|K|Tad;8PtH?J?=-2C$H z>WAz1=a)Z^3d^YoUmN>BzaFaM*iE#tt2`>(7xPoAXLh2SfoLX)A0Otue)dB zKb8QXzTZE8w%LD7hhshe^LTJL|Lx@|&Hw6Y*C)N7y-MR%(@(JJ)N$NB5%p3%fan1 zi7p+CLJRnHUKS-GIO5>iiW1YtL#nZmI`kiYL@q>OkkA-(VXTBKRbQ<27LF^`F8SOTw%FIxOP_?kmeeJRrwDno1wNdqkJWVmDc}G7-l!1&V=x#T;(zYtsV)DV zv&3;vA^nLIW4n<37_gd>pPU!((Q==jWbX@*`s7h5%6#(I3KE}$;IkwRmR`EKX1V@O zUV*uE2f|YT7A{;wf*M*~yJmUD;!_)xyvz@I%@(i*wB1(bG{~-zcN-e_o~-*8St)r1=E%h1 zEPek&iU%c27}IuGKOLYtS}XhJ40k0z5LiIvnz!I%=WE<28Tnx_bZ|!P_`8iBIlWEhqw9TMCElcB!ENf22vf4Z> z%cfxYh|#yVZyop=%@xO7qqK(UZ{xR1<%J-n+s4bhVvDfESm0SH+e9S|W~Rp4h5qV? z1%pkJkqqW_7$Kww3MM*PR3I|%{o)iL1@(r5QV-q*_oC1FYQm?eG+rT+)(@qdBn~2! zIg;sXCVi08%6)*hPNLNj1wu(att9`n96nXL5~aDR zrP&kSeL}D|NxPk5jf4rW2ANjPudOVKLY{ad7Ow=+5U+&98x`@9F_Nm1--@Jcz)4xT zbj%ZeGfKvsM3glye0i-4x}bf>wQoo|xQBZoSz(jQkVj z<#r?h&(W?|lo=Es=t5mUQo0wb0uZg1w=kvE^W><7ekhWShSA0L_OpCpZEZ>)GTRoc zr$ztcK6Uhe$$C~l_)C@i-#tD4Uw=40RF%6??J+1(jKC56&0NyyIBm6O9ND5W zi+?F?QXho8H$uS?r;2c(wQ4SwL&JwJdTufS8KqU{tSFNkX1>PlT? z_4#3C0mG%6ExO$Fr;`u^Q|AQSLztKX?LYoFQYJ+<%yqE!^jQ0VRLB%&$J4!b;3ZmC$U-P}&mKich5+cLHyEfRn{43AZ- zYNT9eikv5E-^&s7)s|>;P{L*QIBO0!Xe{3^8N^|Cmg2m~W@lUk8 z_^I$!t+WDokrR3Y#^S|*z zFPg!$94~#@N)`DysP7cyO~uPp(Y&)asdsl5%yJ*Ae1Mcs#*s2qE^AZ9@tR15S6(#d z*FmT_ER|b**R%-A-1wVUR5@VuX(on^WJ%^pGzJ+gD|D%R!Vi9wgs-%OKpy z>sNiJ-uD=amyaB)5pZPk-}>}z8#cm$wVMXaJzq!)e1)eg{l%~3EPg~guIOQ1Ss6?7 zyQzv=H-9Pdwr8>fqSBgRgz85U7zYzbwGd&C4!M}Ne7v@Py*ay-uEqKL6L52O*)r*_ z^AdUI4an*jKt>2k8+nCXt}%?y5fLgCCUFt_L@$onD%B5B-b#>**vEETbdtZ4y1-va zJm0KsFl`8GC=fv_KW*DSV+Pn}R4Rls6sIR9+D1QFc8U6#Q4_l*y^X5KGh~+-MQd-% z1xVX%!xl-vD*nESe0syaYXP`0G}-DlgWN^X6C_i3HwTH4mvf;(qBS+CO&PtRO`B*= zPE20*9x`9e{;6+;8t8xC(?eTzEzmaqzhS}tdpH^m5Bi^dJVgI<1<@*vSh5{* zU>xXe^u{OS(l@q@Fn#H+s2nj8s@{nRt-k2S;2fa}iVGM>J&|K|H)%4fPM_>+B!S|8j&m0;bn?gVhvf zn6ObJ$8BS#c32xT)o2>maQI}kg%Cs6gf^fIhgWO}>kJ?kMRZ!*sAEA_-{^JN6GLQ$O#|N#cRK(@@>N4?h;1h>i#q)88^WCP5)qdzh9# z!-uW+LE_|nWStw0hEl)Tp%Paix?8EdhZf|0H-E<()pzj3fyGAsTsyb4zWoRl_Q>uo@ zqz1A!Vz|U8X(%x_Vru5nqy<#vSMilmQO9=nSAv=e#N>G^Qct8>%M=>RtO3q|$j>G8 zXWA+y)5&#~`rJy3LZi9{AkPY>{X%8V(7j==(VIl}NXe9gnTBY9C`tKE+I7jJ`sS zQpnbbW;M&bhpfeOU!u107PuOEDsIhMRqT{hmX)i%bQ39d(#b)KNat+Bzq1DsB$LpW{i;PcNE zhp*1V11S26$=4~h*b=o3P;GNimbS_sJdJSQ67AG4?YnF30 zZa+)0z_8vWMB-N%+z)U=Z4USi^Hz-V#)NUS+|&0-3Nsj?-1@&G9~t=%I-WY6R4ztZ z>NHT|4({Ow#L6_354^+^zPO5m*!{55^C1u*~?0AamfZq;l01&s)Q}lBia=;{D6aUH6qBt~}=gY4V?O5CP`}a2mk2 z=uWGSLCx;}4rH?4{#T-1RVDyi?f(Y7g8g6rkpFQn56!U_hVcjR!|E0?9U05`6jME@ z4?oucls4kI~1G*jF@w}E|cNVMILTeP^EWOB^L%(y&k_z&>pzAy+S&__MbN{19 zjBH^TI!64qBu&oqvm5FLQHH!|2GyR)W@ZQK`e%LW(SN#_b{zj@G@a`5|DfMH*njNh zA$01^$HZefmWeAzd`H8#;7PZVCz-HFrUEqn(S>Y9p?j%FrXD|QQIiy#4g;uH;7E7~ z8$R=61O24faum?i-L@OMkVisa(n%tMCt7rx$L-J>^yk6bi1s{Raam-S9 z>x@Lq0iM9%ZWV?b@Y~7@gS!ATiX#a~kTXVd3+t(d+ zTIbdEde-(7v?FSgqp#MQz!deqWKS#Ro;k@WqJicO#xOCLDKwx~%Hy&Vt92DdRqrx! zM5KF=R;#uX0o#ev636tA$&Pq=lV#5K3@t^Zvn|At$+?=YK0=iL9ryS-gr6CJC5=l=mc4>Rf2MS5n)m1zj2xOqo5tRtrjkf(c>U z1~pQHN*0!`2#_TFDJlZ8Dohj)**Jk|xB)W{FABa$IM0kDl*VBQQxX7X+X4}#Z#IcR zks{@zWaXIMybqHw-YmsctfmTjUHJT@NoaPm&dSV$s|jb z-`(fnN0`p(J_zHP7cv&e3?=x{fkk_y-x%f1!1Hcyh@h==?qBHwsj1TyisvwbDc*Vc z>I8|GWgp_y&xrpxgg*4kVEZtEkq@I;Ks-}87&nOiNwg_tt)|cqvPU&YAXI8=>7{|^ z-#)4}219SJlH#V`{^ubfcd7p!40}U8|Lb5dIoN;hbudFBq)J|jrFaqk zdWB{rfVr8Y0W=ky=_E^)a*s@olNUuX8C%jZbIZmSOqhuIRLd(v&Dv~R#+543l_90C z3ZqG1R~kr3whVLlwy~4|S02XDyDg4lp;;Y#$rwtNfy1wG)L{(0TjMC^HI0kZ_*orY zW0ATe?NwR2_Liy*eO}+Zkj?m%wOe&gJj?o4G1@Xg`fAs|*rw%a*1i#b-Fc|G6O4_O z5*5QPP?}|9O`{m)G$l_0kdHG-SV5DCuo0#k8K%WCeK4dpM{sFLbVAxFY5-TDqX}6H>bj2P4j8Os$+kYfK2gMchTu3F{&# zh)w#Zy-j@u)=-bzALu1 zD{^arygO3M8ZePrOWO@dtkg(-^2#@gMp~8EPd>FfBd0}pJ0YbEtbvRc8>~k{bI8@n z=NmGP#OX8$;T-ya1T_oL2A>q*M+81BU?j`40lPYuD64W=N^76d+O7n+aJy!ZbM5p- zhfHF+GSH50MqQz{7l!eNOAg{qHuFNV9SX3dwN6GX^VSe#t0W2G5=O`izf0p)k^vM0 za(A_$kzKf-rpkgyhIUrrcwAFi>B=`+Ul!rSt7gJ#XQg0#W1x=&R zrw;UcV9*1DVle#XC=#dX?=FAZw$peq(+XhtjYgo~n_6+3#mn0uqLv|4JM4v_Wo>h| zFR$iomEDjXWiRtFPu zNEuCwPomNn*t7kISVP_l#Y+zbGcOD`q?NPN%l8*=Zr*=$e)0PK^_#1o&(Gcz+4Y&1 zocg|j;m%eWikH^Ug!Wm#`kTmG1~cn--t_As5H>8tklVVitcO>X>(yva>#Mp5N?SB`QS8q&So4tMG`@;P z>vRgLlR}oAK?*ZcOsqxYzKRr_d4{YuI0E-Un(08udzCimG*DsHg_m1TlnO-w4&HB04#&c;SW{{@YPRJ0 zz9XO%kFBO{Tu@hY%7gR-oA5Wl&0T|K62i-$&m1GFz(K^^*Gbm1;`*?{`~GqZxJ8_y zOAjs72;Xi7(Irfm0mm=)T8CgCwU3?#5e|n}cq#{~itt z`TxhG$szvBUY^qY|7ZchZMcHeN8>I|$(v=oie#n${u$o_wD5?MFkMBhTX+|z+)s)) zmxokcT#_|TGNe+MmlT+fsK%6=9nm+6u7W`+IK4^7eXUDO<3Mq@yS04&-0HCK*4hxa00@@eocaH=o_k>u zMDQHHcTpNSx4P6nSgAXpqau z5*<%IiX}+?Hvk=Q`u1%LfD~pVeYePOOf+E}dGS@&=~T>`jF+t!`LxLnaJsia)Xf$S z|J|91KjCZAD-{y&+CLI=lV7Xp;&h$g>H;! zJ`h6{=GYZvq__h}w%^$z{t$uA6&O!mo{T3iL3f=*UEadKgV|yk`}q6(-#)0{z^6}u z_KB9c^8%jCaGgXfO7IKfb-amJc;X}6&x>!b*CTLx_BQ+9q?2?gX-G7@1K+;@&lU+$ zLFx-!!WJ(+Mh8BBrnxtgrAsLiO{S6Yh#p!W>{u6}eEwXH|CWYD@9-L+Vkqs&iL8Wt z@+oEukZ$>P5>dEplL*XD)Y-M^I#oJpohYSEJ;kols%g|)N;)p`Ia}STAK8l>K%s;I z`-5<6dm6}p%qtwGRsDd<<-dM!RFMBhz2WE}|Lx;>pgw6gSg!Me2#Cq$E@wUnBHgoD za!j+!aTwegheoA1i7;%>A49fpE|=&P$d^1il3L?(6^55_7|b?`Ohdl8iTIc^c118? z%-z808D-*n%!~+aqG?R|aBB+XQBo5=Jd_9++fL{-UPR6^;762tr|CQ+>_Kn^`hwKL ze;Y*~Qb@fMYuKkp^+>@f@6PX!nD~K^x`Gg5izY*U5GkL?8%y7GgBrV>Ttfyev=Rn) zaJHFoJ(~FWc*qC~sS!QHEn$}7Ehc!b^zq01+le$g^?^&<(*R!D*(MbmjMgWLAaeQL z`D?ZViB?;gw~|Ao5*{uG_ubXIpDy3;7UV9VnTUk04o{)yzl*}nRU9KMVrH8R!KFe$ z3RUpY?IMnF6;Kc?uP5)X-kiRE|L)@L-`-!ndv~Mu!|6L_(>f+l-op*Q3zN^?Fj`Al zWMzSpMVr?L3nd{3^UN?THQOeCeVfM1Y8c>>`RVgPj=9egsr>*qSMV;cMs~k=pVyTV zP~|;RU{K9~-beQE3{SSY7mshy-Hy2Sj!o+)PV#bs z_p(skWb&yj6d0|Eg^IdJBx6`bE5tsr{_Yw4=4*lz5M~6-}U_oXUjh&a->%gV==6 z)`fGRdTXo>ld4xs;cu%Tg+6dh-OFg4GIC8D-+`r({6S&^!2PDEc3XdZV_dqUU3}F5cyU%fyKm111*ULV&CxXGTFA<=vygc zI&Hwd0gDjzT-=2h!5vk97)Gw)7)*tGlwp@|OE&2mWV`M``vIdh=NiQu zLH1GAI0Ht?C34&W;#E$G6*`>PF_K?-tpFp%?^x))+R9csuPz+puvo&0Vf3r@x8jjf zX`EQz@JT2{Ezb|L%(l*DftAeiGog&d*ylMESr?cCV=LICD3n^UiPB|Ar|~T`V=YV* zyU$yI#{Zz#JvZqJUYuTo>$B6hZvYQd;{#%19o@yWlelD2jgDzR3n-Q<`A2^7;*e03 z#8$Iloc&4MjF6(TMNbY$7)Iu=EE;{Y`u|yTz5kz3f7n3(m&AU(2tZrze(eYKx+6bumO` z30E-1vve)`34><^X|B5V#%2hvHj@T10T_B&#)GdHURGDDWU~eIS0PL}EagRYIEy$# z7c?~oE+PG_2ZM{p{O{7*vTsq886#0W1)z^<$VktMK3HJ4l!x3B|C==}Neg;cbK4qBa6KVWhe>zQIwoPiSW2k-tWp8snk+)Ns$Df9Qmr-IZ{d~M^ z6vaLi$#gz{ZpptN58b;XLND37{O`v@MR5{`@qBZgq|o!v;wVF@7ces!>&IQR8^SaX zh#~!~3HwiY+C4n_)9C!4qFOP4x19g`(@`P+=U{L+|L^4?8o*29e<%+8JkN!4;IDAp zCn{1Yu88nt4psMVv-^vddqmhiswqQMaUfxSn9PH+gw>Oh3YRYwrZ8w6U>1miy`!}| zb+!C7bp-r~Yj;yDYEuJxegh@B^=bHR})0lv;&NS^>r&Ok#18Jm|( zt(o|P3(zh~aB`I~^#fJTDM=cmcov7sTVfsof0MpC-{0I^I>ZK|`2O1T;pU8#r&kE< z?FqO!yDVIF5@z0JU9T$3_P?71G$zoE>Wm%In(1M-< zjDE`!I5XJ_3=|%#+0y1FH`)?VCcaa+_RmoweiI#onFV#Yl}kCNKi#}@3WW_LC%2wc zd{Zl0N;C^Z!u-q8Rg@H<5WG(78Rvjf8yc(Azu*sMJe>tX$#)Q)IHp5?2UE*pYi12 z|Ff5e98rI!s^1a~fHlvL)w)SP?pF^7F6;7XaK4xTRV0qwZSdq(eoF0k0+< zn;dyWq;;hsJZM95W11j796||bw*XB=pU62%_`RbD${?JM)26xr z&C62ru*@xwY4k(|B?)WAuTu89bhliPNHDm!0bur6^jBRdv;%3Jcypr2rUmu4TcFyA ztIpUTwkO|Il3CiXG}kl5V%#2&hOLJ63<>*aWoo#Lv7VtqNJ6ESsX%chk&Q))=KHF! zXz+LI!r^V|vN)+_T{p$A+oq{xq7JtcyLlS({~8LQE&P8pp6d30!}0i#|8Fl3(f@4c z|CMw>;$B(PUvq*eb9%b~AWl^IYm2H|rjj|?);YTjhcb96Y8O9juV)uLs_Zs1@@ECf zLPhmskf9)&6GE?&x$bjt8h-FL8Awui2UFlhKrJ5Ji9k9TL?ZgXj^?YfCb#5V?>-0b z&;q6(f(!zR28zjSU;cbXRrOl4dJiL0HhPV}91$ggtr8Jcih3ETe@9xT^eVGrZLeMQ zkBRhqrGj!`7YJ#BsI6^%fbZgzY8A^6+FHXTl;(a9yfXSZ7fYzpZifF9CZeK6^^$_? z$F#i#9Jox-=5>&&`-{I-!Y`?ko(yUU{a{tl6y}$C0-QrjItJ;vyoD_IANV#{2Kud@ zu@O<&)DHQ{%bsZ6HE1+P#gUBD;(no{Dg0`jwyg;Dh;ft<*U#eHf5I6OBu)6miB&8W zAa{9?hWC<5F*&EBiJzgYuuWwS>#) zxd){<TQw0FGJjfiFm07j=|ptkpf-Xkakh8xYvg{d@hO)nNqR!%0bS+PMb zVgx*}_QJpi1r(0R?X^L&sHVBwxf1UYPeu7(HWlu^X9>s8S-$aYCxI>U|9ITj<^S=h zKRw9*`*;lTAGyTB8^E_g~9ve~<9H#kFD-K&;buRY}5dKm53r z@gievSOdEmCEQkLxxsU3K!SeQ0|E@V2?h4)36Y>8^1Hbc$toKf5@AtM(00X={yQhg=?T~{vU&hZvQdv^$-3Z zdwC4!KYqSTVn5@#1NkBWVj*n6!dpY&0Uw6m2KoSxW5r`$!PmIjOHWpFjUQ@MDmL5GG&%@Q(;Orf|LIcNa0bOkoBi^rxY+U+(ir z`d>)_xJ~~z92N4vOeP2akG(u!mi|v+42@NQ8gr<~9rmdR+=ULXn))x9KZWv7Vximg ze++@D(Ab}4U=59LQQcY4EkM&7uL0JCcVoq%7&BuLTmQ>7gIoK_TWz2o%wfw%M(OQ% zG#n_W#&YqY{Oo9~+gNE>6?eP(@OS9TR#jptP27zlu?j?+E>RnF^HSN}fK||^Nk<&1 zXAQM#CSZvSN^G?nplYhs^yz8VQdQ;JZd$Xc*zlTo!X|Bswx?;I{RjZ#sgHvGy$*b& z^~az2axhzteg5q^IkcSQ$wr-?qYVc6uOO&9I~)?QWd}I5z?MT+5n7XDm7&S9BE6Kg569&qMtG z*TM3H`hWx>#MJ!N5)aF40Z*ti7>Q)px`JqxM!*AEe1||3`|y-UPR;WMv6L^3`(F-=kYtl0EiH6N2z_`5(-iuzS7{K< zuW1zgAex`gqgcFt^AXNg#ErZKK!-W#!Dt5g&Fs=cv&EZ_NeXG0ZTZHQXD@S=0MPh} z6D&%{=?OTGq}Q~YCxz%OEHWbftU?m`E{*xq3f?9kU@%{x6VO-av^I|mFZCZaj~Kwy z&LeFBSK+QH)u&O85_|(w?po9NBh6*W>^)-Q#GK*H?f{4GmM57(M@{Sme*@fcjkGB{ zgjJ&&t^`nW6yk19WWCgZN^2-k4RI7r6flW>KK@<&cZ7oa^O3~9Mh|E4GKnJ?Au$&u zHSUji(Z1yeO*v_<^o4lOA@~sqKjjMZB%vS<+yV*Z2YQ0{+@)uCcc~078^yMCp6~ZS!DCr?J1-Nokp``;7ZoD6 zmn81}>K3LEL@;xMxGO51P;bk8fD6qTV{@64nHDES$B1PsV4*ooxg{+PM_eDF&`nIw z*r*va7X`>X0QwJ@+^Pe@6U5ZyW4qgp3RnAmc4N-=_O~1BGuV!K*X?f46>_y!+HjBG zZida)aI00`Xj+rSO;&S@RoP%ATWV*!X+NR{ZD|LRhQteZCum4pdYhcF@AF^1^FOiH ztabMPONIDKhx7kFo@(cRnKqyW1WAeyL)3T|Fj7+30Bo_4e;jbc(tnbl zS8v(n# zQ$P&=!4;eb8A>dXH!|GuW{0g&|6CSJ@J3`wYxGhiulmiZVU2cpXl z1E7@8YHf)`DbLskf+WorCPxC4KMHX&UZG?qCz}ygQHAnC;cx_h15U?Li>SduIowyk z`G@ll$1!La2$buy)3K+y@sJpaZLGmhRK+esQsx%tJpT{eIb*bsg!vjwhTpC z)dxe|OP=e+3`QHOw!L6R)*~o{#^23|TB3ZL5+aG<6w(OLn2zKy$MEUMmP&sdR{Xm> z_4q$Z!Zph>TSEfaCjU=*h4|mS(Lw&-%TtU0;{$9)!(y%=ja1FDGv-HfxAjxz&Ebhj z8pxLqJq+gp0eNi}1<0$)hwWk$8bQR}Q<7iO&S*C=C<*x&e&qs;F=o{&M=rnLp|Kd+ z=GtG70cE}Y|G`V6Aez_I0BqU+{oZh-%m0({;IRMq@zmJ=ztG7C-fg@>Om&^cVMtWi z-n?w%i*>`w-+1#9_5W2Iqq042geD8=?3i8t|q40whGV!EH0r7|=NWD2=0e zxB)4|=wqVf0~7;q9S44K6f+Qz>(?~)S2PzVjMhOKM@twXxAkv9bQgmKLP>Vg?fUU7 zb8iC_dCS0^#mlb9m78@J@rMqIyDLJokr(+L)=CGr(veEa%J(mWC>@@?Jy!bfE?~F} zi0Q{;+t{xE)$~98$?$OhyPxMPaOoig(}-wS>3o9^3mAdhRS^1^Dka|Rp4?!xz5>Kk zkY)bPK(>Hk2=LjC+WZ93`~^s1=%HW@Nl2E@4ofiMN9m5oCfpO^Z&2)75Ldp zi9g)=>o-};P15+EaE4lL;6txVi>L8FTkblW#Xju*5eTSt|DSz-dhy+xx9`4lm;NK$ zDBu5+(L}%h=}&rx{Ez#2z5-_pFPg(Jp8v;f`k$><>pwhVoA8QBTb-9~f9Q^#|NM`x z_n)n=zWNIMUHS0eM_d}22WYXnC2|N#SCB0yFG*ZntcG z9@+X_tr1h7hgzRUa-aLn`aJH}>+`r@(&wSA&%?%j9%y|YN`3AhH|z7LW}io8eID5Q zJZRkKzSif#4*EPeuGi+g)^{imO6r&a+DSJze|rJ0Z(g5YkRdp~{MK6rcws2(pyrA91}sEidM zO_=Q|!few%Pp9?zJe`*G*&@vL8Vj>MO_=Q|!ffR})BduTME`k2UbWd6)FZ!>sh#}x zY{G4?v2fed_;ybbZhOZX`MnE1f-s&3Gt5@WbrJ63q-GZwq47v4yc9!{ zN21vQWYVw6!1`7Oh7q*&xgpa&b_Zjv&l9=N4R?93<~;YNQYZ5Hz+6K^Q?>pBoAU$L?UL^?4-qxuMo$JgK*a#*;EyVHN=J zhsJ##Xnh{aeST?Bz;IV=|CUC)!^D$DN2C3%hDzSwVM%|@(g6O@xW9d^zXM}`tIlyz zKB7Y*&Rye4Jx$+uV%79vb;15mv+&|X( zEK3UgW}5qPzn(-m?pq~7jG(2@{c0L4Q=ea|eeNF{`^*+H7mTua34tHnkx){IL_-Iw zH2iBuc0JF%$HSdkyYtf4ooZvIbqB!=b%yTHooZcrDR;?w8IjK$n@}=+HCg?*S3;)y zHj%F1SfuM~B3)k=>3TYuM(Ktb=6E23B9EkWF6eH zn!MJZ7&~O2JUnZom-RN?=w;cavk6fZC0|n~H6f}m3sF6*Ag*Y#Fa1@WK!X^D-a;=@A2yo3pbkifv65 zz=)^-p0nW7X82wTfofH=yJx$LB5_~}Qz-@q9&%y0#nXvx0 zo`V#kG?>p}%3gt#`Y%|gU{ddlKblPB6ORULRCD2uj>~}6lPgD~VF|FB2l&xoS_Z5p zW&;H?HdhM$CachgNk&Y2@UojPW+}Zbi$A#5HE$CS`;EjyvAMM)LSGgU4SQ&ZD{CjC zViO=M-ZI)oMLS6JWg(KN*v#nIM7ze4ohH~F>u9KxQ=j}iJxSal^{@=OO#p2qf8vUo z=qXE{y$X_NbBbo^piSazEO2TJJr_6oouO6xvkNL~>7Y$GYb={-qS;vL;6T6k@WKz? zhMak3nA4_^#J=$&AEa=WLfrNE4$NSRIvERt5=VSc=up(VbRG??m(ItQo3P`i7h%V) zruG`iL!lon5)aK5T$q*+fGDWOa=xEw|O(WHp zdv8_F=+j%z+F|(8YVB}rxvDyDdQi zrf=GG`ljmiP0Oc`ksP{gmqCWSduoqIjj?|860q;In1+;3rMr8*ehYpEv{|RR(W5ZH&XWI=eCKh>W(o~+BsPfcA zm8bNj5kyRCO49fi(ggfu1W>Sq@rqu^e}LXSOhLBE5L{a9cPAEMXwp;|nyA9iL=lGU z*Fzfj8Q0`KV=MQWSfr;(Q|W139-dg@Oqc5qZroE?s=;_SpCJx!WQPZO0wPZa5? zUr}2z9M;oT42M=*mx+Z6PnuHUiAseh3Kh;fs8V5SCd}_{>GjPz4p&P!3%y_|eC5e5 zOxCl%GLkc_$&H3qZZxq_;z?6VJXR0k6NM5>;~u^oTAnMFkdT9!vB6(YUFN z?pS5QV|OBtrO`&3Udx{*3GH`HSAe126<};(rQ@cobgZ({vBFC2W~ti5_G+$@UdbvM z9M_|UgX4nkmRd&8*hxfrLd#M|-5|=4M_l`DLu}^qRZ5uer z=o!a>@7y3lBn}DFo50JT&*=2yUz_hQ)q#-*0&NnQvEism{a#vS!I5P+MooufsM#`& zwv5NA@AK(rY6p@F!pndM-o~E)jTd^+45r`|j|=O5JrQtV*OU%zhE2o9hD}4wuxTh8 zHuXEbiu%IAq@F@_FtI8`hcfpyJ_aoX5%z$Y~wW4 zY@CL&jg#C-ZlabSXF%k~G+TF{>~1V<_)!)oR7EPefDR`0#G=8(dT<@utfGdEt)hmS zRn$2P{Cn$Xdxc>_66Z7Rw=p9aI4 zTWVOgrOYz+u(55{P_xY%%C=c$L#=J8Va@e4EL%@zDR=l-+pM0}(UIKIp0=%MiU+E> z#oST})k>swYFH>qzl3{8ri5_>Xt-4}LN(oO2X=Scp=#8nj8H=%dg%5C+UN|W(J|Qk zU(%2{oj0>ENHPc#FGXPR0(icckh=*?fXLY$|CsU6BxEf5(|Y@@KP|Cg>esv|=+lb= zlZKwo7L5}Z#1XlaKpuj3t1!$Uvd)HC;Kv^t&qiOHje$HH`d#!{oNRy^1lTRygQ6JB z7D4C(+O)MZW`TX!&~}Q{)Hhz=+!-dDVTLBcX7f!&`CFk=SX!mCMz&-WqXoG}$-q2V z!-!rb^=n?E^zGLuLz@-Vu%Q(du6e8tPfs46sW#XD_bNjmN#k|kL%`xE($3Eo%h(5Z zUO=zYycLQQm@WgF8JCX4xZa7TKenD|h86>^VN(OHp{oh7$MP@~_0{-fxAsy@Q`oYg zCmNJOZy5#=1pX~prC|oVxz(h5Xt9VIHnoV-jPZw(MHK6W84a5h*;t6wWXP#;FvXVR zDg%j|tmeoe>MzTNS4XwifYn`%Obt|kFxBbwYX$^xU^eW&09LB%)R*_s;v zzFp&Q3%b=f=9U(6Yv{@%o850m>ZFXU zXqYFZao`{=ZqPuT6gwK`NogLgM<0z|6*T&`h!2eeK4|eC)X}inqFclGG#!ne+gC%X zsKa5yqh~wU^%|e+dfK_JC!Onh$JD^rf{J;+^co*(dfK6;Cmm|Gpkkh$USpBFr;6M? zN#ria#4Pgmnu)wjFVR;emtHRSVq9KYaWM<7y{3X|PZeByx!{V?m{`#;3$DGUf~yw) zs+S9{g%hdw;h)$M%lDl>4zrROf|koAxWs@ z#y#AT&AW$ySncb|iVUKRICoMX?f64PTsI}#{o~_W=d>F)gQnROFFK^&N9EfOjPksM>zPw=ef*H*X@&N)rj{b_sg~8DVqBe+E2*h_R zD802yCQ2}EEYwU@p=PQJHH9AG`XNM+p1~|*akTv)!)xD{eGrbPwIcf*Pc4CcrWToT+EiwosxsqL zlNl>22aoHS2OLxD05vLe5S2Ph)0=oYnDy*2j;T2YY3+QOr16?qIFY{~@FP00c#E+7 zal~Xe+eFCw7_ix^W$kxtGxnQWMD1x)Q5#p(1P4WKC>ppBDo29AQw8>7b(;@48R+l6 zKf40UAWhlSj%zv39FJe>x224<`l}=iW_amvO2iZ75m!7-qO%R3O)P0Hm8ip~$Rs^| zk^YD~Lj1C56>aF^Rfh= zp)>S+;w&z>GZ~C}lwdqG#>Plj(P?%OMBz!;YtFl@43 zBT;YS_DA~6$f8~ztyo^BS1?2AYKCag3$oaQD4?d?l7VbKRQXc&1J3p8`EwoH+_`8E z3}Zq+G#nJwYJ!3?4vSz>af)!?h5PXR%dF#}&LU>!5_Fhw$Lj_3IJQMOW>}hg-qgf` zR_!TWAFAh>o;7AC>m!00%1xI7YVmtqFY?H-E$|3K(Aw+f6Mn3B+A`s4gn(7TJjuO~ zs23D_E|w;R#DMW;Xyt|B1}_rm(;=xR7!iNJ{p5eL=Ks2SbNc$nH;+&LRU!ZDc%bM1 z8jt(aL;kOQJYRuxX5^1ad8_s9Dxy|wVQ`yz>4xy(n{)-wnEltb0@nd?5&>aM)EStC z=U>5Tl2AdL{l1F{AN4>MEQ8QXdFsCx04;({wDG~qNIpWsSW-w_5|&;NAsBhMxmlbc za0}4~2qP*rQ1C?8f&~l4vQWAK-fR)THAZnBdm+a07UC`Z`s!~k-ud8)rbEJ8J!`do zSlz-jf(T|O;Mf0r)pz?7x7X?YN{YUgXkV-K30&prVLt(4YW4~I3{x!2f={ha9qIX` z{Dc1@5YL4(7wHEXrdErjT?{hdf$w3s1aH}}P~XNpZ|%+Z=hxuu`_ro%aDELg-ray7 z-<)3DfSY&Vn>XP6;`-+F?b|o6!Rzy@H)l6*|3+H8rrw;bRtH?t6t=SkoZS;K_V2%~ zg4ulsZxICMtH6g@PRMfV<;Ll}yY!-!7k2+2QsWxe_JwyKQh6 zq#1Hs9dHdH>E_>m3GM?M9UNdW2yuIDl_wfg~hUp9N0W#lDTGk6gM*lNFGE#e~Pg|uex!^paWMAZ| z!VrQbIZeo^tGHn=U7jF_2xVaDTp3X$B$F&@+ykP4zTM<}30EM%qf~h+nJ^UBd0n4<$NaQ;T4`_XoPElvM7U2`q8iG&Y*N4x) zf=}Q&fwSOl1H5QsJa}bb0aN0NhRxQ82; zvY9-r!OV-mE!E?@fMJc#KN6mpl;1+k%s&yz$WQ~C-Opw)%V%jgZ$FRh}e*#CT81QAOS=Ubatn-(c?^4`cP>%rPf z1KeiDGRfu5kp*i7|2D`l)-zyH-H&&4lpBoB7i;x^&tpDJW2G}g<_^Y5{rfD zX{2s)@q-f=nwgqOtx`>@r6Xx>LY^^?6CZO2<^i&8j&}*&hLj>=;g>Ep4}2FOkmeHP z?S?qTvj9&Xrou!gczyjnUUK%9UFy0`=~RYN4B->_)p76;UU?q~1P-ktq;I?oPDTcJ z^g{aU887$h$t%#6s^&9yRr}sfLe;uUiAa@;^GhvvlB=Ccj-E*@& z87DA;KJz${8YU-;44mJAC`Q!#hOP=PNoZxx>)C!@#;XV=-h%H^a+HuL0lj7Z5tovC z6G4*q|&?2LAIw!t$xEV^H zEP(C<0~f=fe!6;#0lg(9@~Z13s=P`yL0qiSpD!;2`TwE>U19UpStn6j>$Xb~{5A-o zx*{F61Dq4g0AD!#KG8XGy6YtB^14p`37_Pg69>a`UN})qmvU&%XyKB@nd?%uJ&1Q3 zi#Jg~*GzQk69!`aRF5X$y-|@IFidwu#GW2kERY$)5AlfIN(>bAo$=pi7CAm)BZRSJXP$rupv|96m(7 zcGr%ZlT*YW+SnpzhU9QKGn^SF%IjT~V&|FE=yQf+q3_lciB*qRqFQSG^eOBWct4?w zPtfZmHm@<65@Co5L=(QfURMdJUexauj`G|x$Q_r68F39(8C71}GA81yrWH#Bvbm4` zg=0nxr-K<}I(3j)5uQ2Wu7EU(Si5lf^&WtxOM5%3mOjcV8s^hQcd9^9FIagr@>%Kf_X@SS-77Xz%D7u8g!J`w=~P-F$VUQ zY++18V{;X|0)T9DE`EW=_<1xlKj6ysaOa>7i z1~WPfg4u$Q!C=-8g3)-6>1Z5I>1@21jKgq&=aag;s#9h7Na||RWZBC~y3tc{a)6R{Pa3{khD;I&^8pPh+7uN z5UZ>3*U5dMJ{%Z%p7A)Q*@3Ct)4EaH0&~=<-RJ<9JnpZKl zJJ)o$rXHPXU+v#IP0bCD8CCKA!F>jlQ3%47BuP!-PqZ3H9Iv)enUzO~P{E|_mvSQN zoo|_7Jo$|YDgR!u4fwh>pb_|(75pV+OsLjqt(v1)wXeYB5c2RAqRadgXE{?6-jR9< zi_JthgG6uKuE^=S4};id*R&0KF`E_O8~h3Bp8J4r6MTzV44iQv6s7)UL{hiQ>GiG+ zZkZ9$HoeX;p~!ZVw)=&}Ejm&oX2h5XQXhR|USxWzW%dd9s7h2SAHY&C!jd)udYxR* znC7(Jy#Vc_3t&+R0xShJT#SY3wuf5E0cFYZd=qFnN8*_7}@7bf54($q6{+^=t+%WYl0SeN9e z5W})?c>kevN;(x-pv9#vp+`nBuv%!wesS7vF z?FX*7jy51E?zC=s>tDpj#Vj5#FZ+BsnDPe-l2>N9^X=wh?w)6ZE76*JW)9Sj#ER> ze4A?SC5dRzL-k(0FhK@6N8Wk76*EmBz(W*L5+R4!F-YuTsxs$P}dv*1N2}`bf+AYw3z=(5Z?p_%Dw#& zXY>?7bWN~JRrTkaxv)%N=*aL{lhFwVqWr)L!DAFeoLz%o3pSFJANri|(WMPQG9pcp zDCL#JcOCNp$9}YpV<{A@IkM-Nq)E;)3L)nb4@(NQK|^Cg3*Y)?ahn~35GRP6CT0Zc zsZe{5sYwUOaw|g#>6Z0#ziS;^KafR}JY(vwJ(`C-*;1e`+Tb*mWIex>turcgSNR=e z?APyIOh{Lw@8%pFMl=t*KtcB-%h&MFE>?8+PV7jH&}x|HcSVG~+p?$tu;W`*%GgTV zoTF8Xm|R(uH7BKBtFt)fAB~F^JlXVV6lBZ2Mx2?p}_XJ5lTJXHnwBc zB~a>NtabQpX`W0gsZa0;G$-YQv8}M00m-BkiycZ?cw>y_2r@CvMXEHSJBV#kp5-{n zTXv=iZ8&J*%dWaHJ!s??4ex8?Z!k-q7&yL5sxLojo9`F)iISI$keEujCmKvZdth>- z!Q#Y9F0_$-b=PJTce2OrY*t}KbwaJ!@WM4_NjJcPg&xQdP!4&dsM8(v)o-3*8nGMq ziGn$zpS+3jJKax*dYnHYZ%m2`1D% z=pC>^7T?iWq4m*N^)E%e;XP`I+g624nP_E;#0n{$m?B)012R$;bs9F!vcTwIW^eol zOM=>v4=G|LC$&1tw~*nrD6iTm4>I<8L6#qHd&(HZ4@23f8_sY z9{Rq2;-lxF3uaUjvr*0voS=aL&~X$WpqVG}uJ{bSaCSop!X{>a*Fb(A*IA-Chp%2N z?dfZ$;2F=?I*Rg@dAnPwmQujz!WSkx$q1hk>b-sox6PrG|BjA^@`=gvql4@#jSocE zms+=n)nBb?6#{4{I?^$x*@h*GL3u`Kb~q3}W)Tf{VKofq%c`ba6)nvaOKzxK$(Sep zTGTc3*?F#@ekG?H`P;0?mJQ49G2m#NC}mR__@GY7t${v5h|AkIFP5_DR!}E=P7dJW znVJL>;Yz#hJA+%MAPvQ!a9=L#UU_JZY~Zd z{RtV3M}10W;ed=s5ha5;3CLhDn+3Be4TEVEj%L%rU=)Po0U3=69*+9qxIe_>`DAj4 zAY+GUBhgOf0ZX9Vyh$F^fcn%}8D+61&nKRl+9SFVtO?U6NCnK@Rr1Q(=+2~Z z;#zNw4j&yfvX}9Xh~;s?-0uqAM6ZM~D@?@d7AT>)!w%5>x(fJlxNG9y82Q(m~!IVTpJR{S2Fdj~VML3=ZqyBMJnJrQB ze;?WqZsV^z9*?~Ew&BGNW_{<|My<(%tI}GJh!kz0@3Z?{ba0xsf!3)Y=P_oRCgt#X z1iqw?IMF%gP>v=+rXzxfemjNksQq^K`{lpR%hr}7s~QN3cox!{aiC)5;F}4hfO2~P z9nij$nnI$o4?s^bZp6%Jvn>eW2B#KRsz?70)SFV&rVdor#z0wB@JkmMtKL5(X}|O6 z_k2x%R~>&|b*!f>=jciIiN0|XF7#lVm)Fxt-)Nn>2iEfy%2sR{#ROsy8@SSJcNV#W zszu-;38O2O^;Rr`{ZZkB#bWU*vjN~(EewzBt0iVI8U4R46}cUevnTRHV=KK*)nue< zT&h92B9n#vJOU4_WQ6XjgUBwy8y2dhTETdtU)C{EVx0A^M|@~3r~(GrMCBK_+@9M6-2RlHrw-~9*hva#vW;VDq}3k~l1Hfo21#sCDZpGG zHjJQs`nN&bhJ33n#gHfeYYJ|F5xpu&vX!rSQ0fdAiEYpYmjp|M*#OpSL5eMH%VNKtgQ|X;S-gDyZT3JxpJh}{!(Xx?8qj^; z`@$jkd)OWhIe+;sad4G4i)D}p-!e)=y_2G;3r{rb6J>b5wj5q^uxfQU^=vkSAcNvi zw2=h>bHkm8B8}|;9_1o(+>xKX8@lsOJ(IoXb-Yw%%x-pFD0SJ}?7H^rmk*U=TBB8P z_iKO^QvL=?RAof%Dz$33SDn@qd6X_)!TT4hZ(@xzaLhG(Ds3pSG3N{tX_?Eewl-s_ zw!8SMvjcDumetP=MXkS~gl!w0edh9Ax5zp2UeXQEc3#1680DKZ66oohvzOffhc}cc z_vKFHbaUcb(Xe*fRboJ{agJm!eM!JcgBM2ADcB#>WKlHvB_)8>lKnvyjn9AhDo1Mt4Hy{pOn{x`27^m|_TY}=aP{~fM-woU#+cDyF` zdtLgk&JlXR#GaIsv%~3~oir1Qchm9Wn4-q<=n|yue+yTIv|$q1t?aZy-55j z)oJf^GM#tKZ|Cq5h`Mn1PQBOg{=`crHaHL0UdMxHDcpYWhqr=e`ggZ7J+v!wp2`tG zhB#!XGi!fo2ax4BZY!t*3gs7f8=3$&-LHOAQvls}xvR5i%jrgHVgas`Cl2sT#o~Q1 zYfbgFNmH>v5`-BgDxjy@@7o126-f6+b2xA9?+NIr0J~pIhl8p)o}-H84j~;y*TZO= zP}OT9495Pz@0)OrISu;JU^rd`gDIT`BOFmYoY62C_Je3Kp7tj}e-!lR^Qb=x=kxvm z&!TY{E`nJ!B-6#>FjY2`BV!!4{JwBs-I52iRTI0EUn@)5?H=Ro&at?GQ&;VENWHNK zw)6Lx-O_{#(Uq1SgMUH&#ckSEq#5rx{NkJDZ3MqC-_r)l8{qin4zIyP1%bkp>8>0_ zOb28zu?CeyFU8Khu4JI9X=_4vuqLL8iYyJH2~IWO-s^ele8=dwtE)@h)5H~+np?eh*9-apTdivPpc#}0O?a*ya`ry1wlawQy~l zqNV_U9xdWI(22e-T8{V!Q}P zvyhIX@oX{;7L@h}qhT~B^YL^vSj?vp#>3%gG9BWEz~Bl&Mvu$_+{(AcTZ43F^BW$k zBpm1WXDlHmFImF!!{Xb16TEH|yJ(u=XC7tZx4w3H>X;7Vz#7s(hEF zgW8QPB))-f`-l@;{p4^%T{1$D{jBeI>xB4-C1JcZS&%s3x70kgZp1MTLwl>4QNs4A zVodDM7=r%a(A3VT;M**$74(7HRKh#`?1kypJN3r>et+Y2Jmq%tPQCfB%=^;ubj+>O za!_tJ>Az&&my)l<;4}fd0`*iaEYXsWrAXB!Ice5rS=LJy*aN`!MYghpxgxGjvn>mf zbCmLQ8!LIE+uQt2eMrI?s4)8InXU?=e5W})=;9QDk|z^Q!fco3%6X_y){cHFej5`6 zS&tAaamxhL>GU|+1)S^@as)E zY;`=hDwABagmzw^>b~9J6Z#d6?v3_P#KiYj%R{iZRj=6>mJ(H4rR6zw>l;wbz z*S7n*atbE7+9kBD)( z$JP1e3YL5I_TqBoBW1+OKWK9{#UB%d(bf5-Wd!;4n&!n$h1y$k|Ga(k0=~k&c5X=a z4JyakHO&ukZt)_J)4t+2P&I!_@)#xn-o4J%Gd-qI8+-u^c~t;hL6(fEc(3ham%og7 z(lK4dS?3tdl^fet3V>k|Af;Zb4swc!7C1)n(C=Ni@(--@Hm)dN{xu6g=N|BY9IWHG zRV;dKg`>yU9~OqadJc7vT$?tkwR(013igVxnKTci1;cJpyf<(fMi*#In5 z9%HmMplErh;i?vtSca_(E8jfXC8&B?Sre=aPj--c%w7Jjg%%~+Kb5=H?rfnVhrm1T z!M!>zfXxX@nx^u?6x=B0(us3XZ|-q|vTdTOMQKQ-D%%PIEVF-|;gDX^j6oa#Pl#J! zxepkP)yooTtw0kKL6A^Nl!2o`QUn0yTHl(rH7g0WDEYE4; ze}l1i2YW`}TG{V;Lgd*;(VBleet5;^G(zu?#6b@IQOhltS$`ij<_wq_VE#b2oH@EQ1vBs&Ql)q>)kSy2Kc#s_oPmqc_gK+ z$9-N(F>?n~rsmCn?+Sq5EuLaA_v(4x7@vJ-F?4nH-(?}B0>L07_{x?FYA77ql2TkL zw0-JU!d^MGqFF-NEhAeTOGE0$REdQ0MV8SO6y0qzH5I*F#kMME4*l`?hx@OOUV{>RUrpVs&PjWhLY zAOAo2{(rwep7ks5|4+xGAMgKvlb>$4`)JJwJ$-~w7v(&BB>(d0ap9AemfbC*A0IvX zN6eBNw9aVslV=XeLK^x!yYBrij}8|0@{HZ?{7?uF%(tJsoPNrC@Owt%pFEN8Vk*{@ z<{s+(3=i!8M&nHv1daUl@#Dv68RA4rqivjvM~@yo`V+n4=p_@SV?v%n+k}`x>r&F5 zb`Smh2^fp=eg>mFis4@0{nSX!zkA(&{QUU&@$=*7Yk&Sf00960CQ^-O02m1XbhrIe literal 0 HcmV?d00001 diff --git a/incubator/synapse/0.0.1/ci/base-values.yaml b/incubator/synapse/0.0.1/ci/base-values.yaml new file mode 100644 index 00000000000..7e5ba36f000 --- /dev/null +++ b/incubator/synapse/0.0.1/ci/base-values.yaml @@ -0,0 +1,5 @@ +matrix: + # Hostname where Synapse can be reached. + # This is *optional* if an Ingress is configured below. If hostname is unspecified, the Synapse hostname of the + # Ingress will be used + hostname: "matrix.example.com" diff --git a/incubator/synapse/0.0.1/ci/basic-values.yaml b/incubator/synapse/0.0.1/ci/basic-values.yaml new file mode 100644 index 00000000000..7e5ba36f000 --- /dev/null +++ b/incubator/synapse/0.0.1/ci/basic-values.yaml @@ -0,0 +1,5 @@ +matrix: + # Hostname where Synapse can be reached. + # This is *optional* if an Ingress is configured below. If hostname is unspecified, the Synapse hostname of the + # Ingress will be used + hostname: "matrix.example.com" diff --git a/incubator/synapse/0.0.1/helm-values.md b/incubator/synapse/0.0.1/helm-values.md new file mode 100644 index 00000000000..928479e0917 --- /dev/null +++ b/incubator/synapse/0.0.1/helm-values.md @@ -0,0 +1,123 @@ +# Default Helm-Values + +TrueCharts is primarily build to supply TrueNAS SCALE Apps. +However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file. + +Most of our Apps also consume our "common" Helm Chart. +If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart. +You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| command[0] | string | `"sh"` | | +| command[1] | string | `"-c"` | | +| command[2] | string | `"exec python -B -m synapse.app.homeserver \\\n -c /data/homeserver.yaml \\\n -c /data/secret/secret.yaml \\\n -c /data/custom.yaml\n"` | | +| coturn.enabled | bool | `false` | | +| env | object | `{}` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"matrixdotorg/synapse"` | | +| image.tag | string | `"v1.50.1"` | | +| installContainers.generate-signing-key.args[0] | string | `"-m"` | | +| installContainers.generate-signing-key.args[1] | string | `"synapse.app.homeserver"` | | +| installContainers.generate-signing-key.args[2] | string | `"--config-path"` | | +| installContainers.generate-signing-key.args[3] | string | `"/data/homeserver.yaml"` | | +| installContainers.generate-signing-key.args[4] | string | `"--keys-directory"` | | +| installContainers.generate-signing-key.args[5] | string | `"/data/keys"` | | +| installContainers.generate-signing-key.args[6] | string | `"--generate-keys"` | | +| installContainers.generate-signing-key.command[0] | string | `"python"` | | +| installContainers.generate-signing-key.env[0].name | string | `"SYNAPSE_SERVER_NAME"` | | +| installContainers.generate-signing-key.env[0].value | string | `"{{ .Values.matrix.serverName }}"` | | +| installContainers.generate-signing-key.env[1].name | string | `"SYNAPSE_REPORT_STATS"` | | +| installContainers.generate-signing-key.env[1].value | string | `"no"` | | +| installContainers.generate-signing-key.image | string | `"{{ .Values.image.repository }}:{{ .Values.image.tag }}"` | | +| installContainers.generate-signing-key.volumeMounts[0].mountPath | string | `"/data"` | | +| installContainers.generate-signing-key.volumeMounts[0].name | string | `"config"` | | +| installContainers.generate-signing-key.volumeMounts[1].mountPath | string | `"/data/secret"` | | +| installContainers.generate-signing-key.volumeMounts[1].name | string | `"secret"` | | +| installContainers.generate-signing-key.volumeMounts[2].mountPath | string | `"/data/keys"` | | +| installContainers.generate-signing-key.volumeMounts[2].name | string | `"key"` | | +| mail.enabled | bool | `false` | | +| mail.from | string | `"Matrix "` | | +| mail.host | string | `""` | | +| mail.password | string | `""` | | +| mail.port | int | `25` | | +| mail.requireTransportSecurity | bool | `true` | | +| mail.riotUrl | string | `""` | | +| mail.username | string | `""` | | +| matrix.adminEmail | string | `"admin@example.com"` | | +| matrix.blockNonAdminInvites | bool | `false` | | +| matrix.disabled | bool | `false` | | +| matrix.disabledMessage | string | `""` | | +| matrix.encryptByDefault | string | `"invite"` | | +| matrix.federation.allowPublicRooms | bool | `true` | | +| matrix.federation.blacklist[0] | string | `"127.0.0.0/8"` | | +| matrix.federation.blacklist[1] | string | `"10.0.0.0/8"` | | +| matrix.federation.blacklist[2] | string | `"172.16.0.0/12"` | | +| matrix.federation.blacklist[3] | string | `"192.168.0.0/16"` | | +| matrix.federation.blacklist[4] | string | `"100.64.0.0/10"` | | +| matrix.federation.blacklist[5] | string | `"169.254.0.0/16"` | | +| matrix.federation.blacklist[6] | string | `"::1/128"` | | +| matrix.federation.blacklist[7] | string | `"fe80::/64"` | | +| matrix.federation.blacklist[8] | string | `"fc00::/7"` | | +| matrix.federation.enabled | bool | `true` | | +| matrix.logging.rootLogLevel | string | `"WARNING"` | | +| matrix.logging.sqlLogLevel | string | `"WARNING"` | | +| matrix.logging.synapseLogLevel | string | `"WARNING"` | | +| matrix.presence | bool | `true` | | +| matrix.registration.allowGuests | bool | `false` | | +| matrix.registration.autoJoinRooms | list | `[]` | | +| matrix.registration.enabled | bool | `false` | | +| matrix.retentionPeriod | string | `"7d"` | | +| matrix.search | bool | `true` | | +| matrix.security.surpressKeyServerWarning | bool | `true` | | +| matrix.serverName | string | `"example.com"` | | +| matrix.uploads.maxPixels | string | `"32M"` | | +| matrix.uploads.maxSize | string | `"10M"` | | +| matrix.urlPreviews.enabled | bool | `false` | | +| persistence.config.enabled | bool | `true` | | +| persistence.config.mountPath | string | `"/data"` | | +| persistence.config.objectName | string | `"synapse-config"` | | +| persistence.config.readOnly | bool | `false` | | +| persistence.config.type | string | `"configMap"` | | +| persistence.key.enabled | bool | `true` | | +| persistence.key.mountPath | string | `"/data/keys"` | | +| persistence.media.enabled | bool | `true` | | +| persistence.media.mountPath | string | `"/data/media_store"` | | +| persistence.secret.enabled | bool | `true` | | +| persistence.secret.mountPath | string | `"/data/secret"` | | +| persistence.secret.objectName | string | `"synapse-secret"` | | +| persistence.secret.readOnly | bool | `false` | | +| persistence.secret.type | string | `"secret"` | | +| persistence.uploads.enabled | bool | `true` | | +| persistence.uploads.mountPath | string | `"/uploads"` | | +| postgresql.enabled | bool | `true` | | +| postgresql.env.POSTGRES_INITDB_ARGS | string | `"--encoding=UTF8 --locale=C"` | | +| postgresql.existingSecret | string | `"dbcreds"` | | +| postgresql.postgresqlDatabase | string | `"synapse"` | | +| postgresql.postgresqlUsername | string | `"synapse"` | | +| probes.liveness.path | string | `"/health"` | | +| probes.readiness.path | string | `"/health"` | | +| probes.startup.path | string | `"/health"` | | +| secret | object | `{}` | | +| securityContext.allowPrivilegeEscalation | bool | `true` | | +| securityContext.readOnlyRootFilesystem | bool | `true` | | +| securityContext.runAsNonRoot | bool | `true` | | +| service.main.ports.main.port | int | `8008` | | +| service.main.ports.main.targetPort | int | `8008` | | +| service.metrics.enabled | bool | `true` | | +| service.metrics.ports.metrics.enabled | bool | `true` | | +| service.metrics.ports.metrics.port | int | `9090` | | +| service.metrics.ports.metrics.targetPort | int | `9090` | | +| service.replication.enabled | bool | `true` | | +| service.replication.ports.replication.enabled | bool | `true` | | +| service.replication.ports.replication.port | int | `9092` | | +| service.replication.ports.replication.targetPort | int | `9092` | | +| synapse.appConfig | list | `[]` | List of application config .yaml files to be loaded from /appConfig | +| synapse.loadCustomConfig | bool | `false` | | +| synapse.metrics.annotations | bool | `true` | | +| synapse.metrics.enabled | bool | `true` | | +| synapse.metrics.port | int | `9092` | | + +All Rights Reserved - The TrueCharts Project diff --git a/incubator/synapse/0.0.1/ix_values.yaml b/incubator/synapse/0.0.1/ix_values.yaml new file mode 100644 index 00000000000..525c2421065 --- /dev/null +++ b/incubator/synapse/0.0.1/ix_values.yaml @@ -0,0 +1,313 @@ +image: + repository: matrixdotorg/synapse + pullPolicy: IfNotPresent + tag: v1.50.1 + +command: + - sh + - -c + - | + exec python -B -m synapse.app.homeserver \ + -c /data/homeserver.yaml \ + -c /data/secret/secret.yaml \ + -c /data/custom.yaml + +service: + main: + ports: + main: + port: 8008 + targetPort: 8008 + replication: + enabled: true + ports: + replication: + enabled: true + port: 9092 + targetPort: 9092 + metrics: + enabled: true + ports: + metrics: + enabled: true + port: 9090 + targetPort: 9090 + +securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: true + runAsNonRoot: true + +secret: {} + +installContainers: + generate-signing-key: + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + - name: SYNAPSE_SERVER_NAME + value: "{{ .Values.matrix.serverName }}" + - name: SYNAPSE_REPORT_STATS + value: "no" + command: ["python"] + args: + - "-m" + - "synapse.app.homeserver" + - "--config-path" + - "/data/homeserver.yaml" + - "--keys-directory" + - "/data/keys" + - "--generate-keys" + volumeMounts: + - name: config + mountPath: /data + - name: secret + mountPath: /data/secret + - name: key + mountPath: /data/keys + +env: {} + +persistence: + config: + enabled: true + type: configMap + objectName: synapse-config + mountPath: /data + readOnly: false + secret: + enabled: true + type: secret + objectName: synapse-secret + mountPath: /data/secret + readOnly: false + key: + enabled: true + mountPath: "/data/keys" + media: + enabled: true + mountPath: "/data/media_store" + uploads: + enabled: true + mountPath: "/uploads" + +probes: + liveness: + path: /health + + readiness: + path: /health + + startup: + path: /health + +# Synapse Kubernetes resource settings +synapse: + loadCustomConfig: false + # -- List of application config .yaml files to be loaded from /appConfig + appConfig: [] + # Prometheus metrics for Synapse + # https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md + metrics: + # Whether Synapse should capture metrics on an additional endpoint + enabled: true + # Port to listen on for metrics scraping + port: 9092 + annotations: true + +# Runtime configuration for Synapse and settings related to the Matrix protocol +matrix: + # Manual overrides for homeserver.yaml, the main configuration file for Synapse + # If homeserverOverride is set, the entirety of homeserver.yaml will be replaced with the contents. + # If homeserverExtra is set, the contents will be appended to the end of the default configuration. + # It is highly recommended that you take a look at the defaults in templates/synapse/_homeserver.yaml, to get a sense + # of the requirements and default configuration options to use other services in this chart. + # homeserverOverride: {} + # homeserverExtra: {} + + # Domain name of the server + # This is not necessarily the host name where the service is reachable. In fact, you may want to omit any subdomains + # from this value as the server name set here will be the name of your homeserver in the fediverse, and will be the + # domain name at the end of every user's username + serverName: "example.com" + + urlPreviews: + enabled: false + + # Hostname where Synapse can be reached. + # This is *optional* if an Ingress is configured below. If hostname is unspecified, the Synapse hostname of the + # Ingress will be used + # hostname: "matrix.example.com" + + # Set to false to disable presence (online/offline indicators) + presence: true + + # Set to true to block non-admins from inviting users to any rooms + blockNonAdminInvites: false + + # Set to false to disable message searching + search: true + + # Which types of rooms to enable end-to-end encryption on by default + # off: none + # invite: private messages, or rooms created with the private_chat or trusted_private_chat room preset + # all: all rooms + encryptByDefault: invite + + # Email address of the administrator + adminEmail: "admin@example.com" + + # Settings related to image and multimedia uploads + uploads: + # Max upload size in bytes + maxSize: 10M + + # Max image size in pixels + maxPixels: 32M + + # Settings related to federation + federation: + # Set to false to disable federation and run an isolated homeserver + enabled: true + + # Set to false to disallow members of other homeservers from fetching *public* rooms + allowPublicRooms: true + + # Whitelist of domains to federate with (comment for all domains except blacklisted) + # whitelist: [] + + # IP addresses to blacklist federation requests to + blacklist: + - '127.0.0.0/8' + - '10.0.0.0/8' + - '172.16.0.0/12' + - '192.168.0.0/16' + - '100.64.0.0/10' + - '169.254.0.0/16' + - '::1/128' + - 'fe80::/64' + - 'fc00::/7' + + # User registration settings + registration: + # Allow new users to register an account + enabled: false + + # If set, allows registration of standard or admin accounts by anyone who + # has the shared secret, even if registration is otherwise disabled. + # + # sharedSecret: + + # Allow users to join rooms as a guest + allowGuests: false + + # Required "3PIDs" - third-party identifiers such as email or msisdn (SMS) + # required3Pids: + # - email + # - msisdn + + # Rooms to automatically join all new users to + autoJoinRooms: [] + # - "#welcome:example.com" + + # How long to keep redacted events in unredacted form in the database + retentionPeriod: 7d + + security: + # a secret which is used to sign access tokens. If none is specified, + # the registration_shared_secret is used, if one is given; otherwise, + # a secret key is derived from the signing key. + # + # macaroonSecretKey: + + # This disables the warning that is emitted when the + # trustedKeyServers include 'matrix.org'. See below. + # Set to false to re-enable the warning. + # + surpressKeyServerWarning: true + + # The trusted servers to download signing keys from. + # + # When we need to fetch a signing key, each server is tried in parallel. + # + # Normally, the connection to the key server is validated via TLS certificates. + # Additional security can be provided by configuring a `verify key`, which + # will make synapse check that the response is signed by that key. + # + # This setting supercedes an older setting named `perspectives`. The old format + # is still supported for backwards-compatibility, but it is deprecated. + # + # 'trustedKeyServers' defaults to matrix.org, but using it will generate a + # warning on start-up. To suppress this warning, set + # 'surpressKeyServerWarning' to true. + # + # Options for each entry in the list include: + # + # serverName: the name of the server. required. + # + # verifyKeys: an optional map from key id to base64-encoded public key. + # If specified, we will check that the response is signed by at least + # one of the given keys. + # + # acceptKeysInsecurely: a boolean. Normally, if `verify_keys` is unset, + # and federation_verify_certificates is not `true`, synapse will refuse + # to start, because this would allow anyone who can spoof DNS responses + # to masquerade as the trusted key server. If you know what you are doing + # and are sure that your network environment provides a secure connection + # to the key server, you can set this to `true` to override this + # behaviour. + # + # An example configuration might look like: + # + # trustedKeyServers: + # - serverName: my_trusted_server.example.com + # verifyKeys: + # - id: "ed25519:auto" + # key: "abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr" + # acceptKeysInsecurely: false + # - serverName: my_other_trusted_server.example.com + + # Set to true to globally block access to the homeserver + disabled: false + # Human readable reason for why the homeserver is blocked + disabledMessage: "" + + logging: + # Root log level is the default log level for log outputs that do not have more + # specific settings. + rootLogLevel: WARNING + # beware: increasing this to DEBUG will make synapse log sensitive + # information such as access tokens. + sqlLogLevel: WARNING + # The log level for the synapse server + synapseLogLevel: WARNING + + +# Settings for email notifications +mail: + # Set to false to disable all email notifications + # NOTE: If enabled, either enable the Exim relay or configure an external mail server below + enabled: false + # Name and email address for outgoing mail + from: "Matrix " + # Optional: Element instance URL. + # If the ingress is enabled, this is unnecessary. + # If the ingress is disabled and this is left unspecified, emails will contain a link to https://app.element.io + riotUrl: "" + + host: "" + port: 25 # SSL: 465, STARTTLS: 587 + username: "" + password: "" + requireTransportSecurity: true + +coturn: + enabled: false + +# Enabled postgres +postgresql: + env: + POSTGRES_INITDB_ARGS: "--encoding=UTF8 --locale=C" + enabled: true + existingSecret: "dbcreds" + postgresqlUsername: synapse + postgresqlDatabase: synapse diff --git a/incubator/synapse/0.0.1/questions.yaml b/incubator/synapse/0.0.1/questions.yaml new file mode 100644 index 00000000000..ccffd8eb0ef --- /dev/null +++ b/incubator/synapse/0.0.1/questions.yaml @@ -0,0 +1,2423 @@ +groups: + - name: "Container Image" + description: "Image to be used for container" + - name: "Controller" + description: "Configure workload deployment" + - name: "Container Configuration" + description: "additional container configuration" + - name: "App Configuration" + description: "App specific config options" + - name: "Networking and Services" + description: "Configure Network and Services for container" + - name: "Storage and Persistence" + description: "Persist and share data that is separate from the container" + - name: "Ingress" + description: "Ingress Configuration" + - name: "Security and Permissions" + description: "Configure security context and permissions" + - name: "Resources and Devices" + description: "Specify resources/devices to be allocated to workload" + - name: "Middlewares" + description: "Traefik Middlewares" + - name: "Metrics" + description: "Metrics" + - name: "Addons" + description: "Addon Configuration" + - name: "Advanced" + description: "Advanced Configuration" +portals: + web_portal: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" +questions: + - variable: portal + group: "Container Image" + label: "Configure Portal Button" + schema: + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enable" + description: "enable the portal button" + schema: + hidden: true + editable: false + type: boolean + default: true + - variable: global + label: "global settings" + group: "Controller" + schema: + type: dict + hidden: true + attrs: + - variable: isSCALE + label: "flag this is SCALE" + schema: + type: boolean + default: true + hidden: true + - variable: controller + group: "Controller" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: advanced + label: "Show Advanced Controller Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: type + description: "Please specify type of workload to deploy" + label: "(Advanced) Controller Type" + schema: + type: string + default: "deployment" + required: true + enum: + - value: "deployment" + description: "Deployment" + - value: "statefulset" + description: "Statefulset" + - value: "daemonset" + description: "Daemonset" + - variable: replicas + description: "Number of desired pod replicas" + label: "Desired Replicas" + schema: + type: int + default: 1 + required: true + - variable: strategy + description: "Please specify type of workload to deploy" + label: "(Advanced) Update Strategy" + schema: + type: string + default: "Recreate" + required: true + enum: + - value: "Recreate" + description: "Recreate: Kill existing pods before creating new ones" + - value: "RollingUpdate" + description: "RollingUpdate: Create new pods and then kill old ones" + - value: "OnDelete" + description: "(Legacy) OnDelete: ignore .spec.template changes" + - variable: expert + label: "Show Expert Configuration Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: extraArgs + label: "Extra Args" + schema: + type: list + default: [] + items: + - variable: arg + label: "arg" + schema: + type: string + - variable: labelsList + label: "Controller Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: " Controller Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: secret + group: "Container Configuration" + label: "Image Secrets" + schema: + additional_attrs: true + type: dict + attrs: + - variable: NEXTCLOUD_ADMIN_USER + label: "NEXTCLOUD_ADMIN_USER (First Install Only)" + description: "Sets the initial nextcloud's admin username, changing this variable after first launch will NOT change admin's username" + schema: + type: string + required: true + default: "REPLACETHIS" + - variable: NEXTCLOUD_ADMIN_PASSWORD + label: "NEXTCLOUD_ADMIN_PASSWORD (First Install Only)" + description: "Sets the initial nextcloud's admin password, changing this variable after first launch will NOT change admin's password" + schema: + type: string + private: true + required: true + default: "REPLACETHIS" + - variable: env + group: "Container Configuration" + label: "Image Environment" + schema: + additional_attrs: true + type: dict + attrs: + - variable: TZ + label: "Timezone" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: UMASK + label: "UMASK" + description: "Sets the UMASK env var for LinuxServer.io (compatible) containers" + schema: + type: string + default: "002" + - variable: TRUSTED_PROXIES + label: "Trusted Proxies (Advanced)" + description: "Sets nextcloud Trusted Proxies" + schema: + type: string + default: "172.16.0.0/16" + - variable: NODE_IP + label: "NODE_IP" + description: "Sets nextcloud nodeip for nodeport connections (Ensure this is correct at first install!)" + schema: + type: string + $ref: + - "definitions/nodeIP" + + - variable: envList + label: "Image environment" + group: "Container Configuration" + schema: + type: list + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: expertpodconf + group: "Container Configuration" + label: "Show Expert Config" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: tty + label: "Enable TTY" + description: "Determines whether containers in a pod runs with TTY enabled. By default pod has it disabled." + group: "Workload Details" + schema: + type: boolean + default: false + - variable: stdin + label: "Enable STDIN" + description: "Determines whether containers in a pod runs with stdin enabled. By default pod has it disabled." + group: "Workload Details" + schema: + type: boolean + default: false + - variable: termination + group: "Container Configuration" + label: "Termination settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: gracePeriodSeconds + label: "Grace Period Seconds" + schema: + type: int + default: 10 + - variable: podLabelsList + group: "Container Configuration" + label: "Pod Labels" + schema: + type: list + default: [] + items: + - variable: podLabelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: podAnnotationsList + group: "Container Configuration" + label: "Pod Annotations" + schema: + type: list + default: [] + items: + - variable: podAnnotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: service + group: "Networking and Services" + label: "Configure Service(s)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the service" + schema: + type: boolean + default: true + hidden: true + - variable: type + label: "Service Type" + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: "Simple" + enum: + - value: "Simple" + description: "Simple" + - value: "ClusterIP" + description: "ClusterIP" + - value: "NodePort" + description: "NodePort (Advanced)" + - value: "LoadBalancer" + description: "LoadBalancer (Advanced)" + - variable: loadBalancerIP + label: "LoadBalancer IP" + description: "LoadBalancerIP" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: "External IP" + schema: + type: string + - variable: ipFamilyPolicy + label: "IP Family Policy" + description: "(Advanced) Specify the ip policy" + schema: + show_if: [["type", "!=", "Simple"]] + type: string + default: "SingleStack" + enum: + - value: "SingleStack" + description: "SingleStack" + - value: "PreferDualStack" + description: "PreferDualStack" + - value: "RequireDualStack" + description: "RequireDualStack" + - variable: ipFamilies + label: "(advanced) IP families" + description: "(advanced) The ip families that should be used" + schema: + show_if: [["type", "!=", "Simple"]] + type: list + default: [] + items: + - variable: ipFamily + label: "IP family" + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10020 + required: true + - variable: advanced + label: "Show Advanced settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: protocol + label: "Port Type" + schema: + type: string + default: "HTTP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + default: 80 + + - variable: serviceexpert + group: "Networking and Services" + label: "Show Expert Config" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + group: "Networking and Services" + label: "Host-Networking (Complicated)" + schema: + type: boolean + default: false + + - variable: externalInterfaces + description: "Add External Interfaces" + label: "Add external Interfaces" + group: "Networking" + schema: + type: list + items: + - variable: interfaceConfiguration + description: "Interface Configuration" + label: "Interface Configuration" + schema: + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: "Please specify host interface" + label: "Host Interface" + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: "Define how IP Address will be managed" + label: "IP Address Management" + schema: + type: dict + required: true + attrs: + - variable: type + description: "Specify type for IPAM" + label: "IPAM Type" + schema: + type: string + required: true + enum: + - value: "dhcp" + description: "Use DHCP" + - value: "static" + description: "Use static IP" + show_subquestions_if: "static" + subquestions: + - variable: staticIPConfigurations + label: "Static IP Addresses" + schema: + type: list + items: + - variable: staticIP + label: "Static IP" + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: "Static Routes" + schema: + type: list + items: + - variable: staticRouteConfiguration + label: "Static Route Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: "Destination" + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: "Gateway" + schema: + type: ipaddr + cidr: false + required: true + + - variable: dnsPolicy + group: "Networking and Services" + label: "dnsPolicy" + schema: + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "ClusterFirst" + description: "ClusterFirst" + - value: "ClusterFirstWithHostNet" + description: "ClusterFirstWithHostNet" + - value: "None" + description: "None" + + - variable: dnsConfig + label: "DNS Configuration" + group: "Networking and Services" + description: "Specify custom DNS configuration which will be applied to the pod" + schema: + additional_attrs: true + type: dict + attrs: + - variable: nameservers + label: "Nameservers" + schema: + default: [] + type: list + items: + - variable: nameserver + label: "Nameserver" + schema: + type: string + - variable: options + label: "options" + schema: + default: [] + type: list + items: + - variable: option + label: "Option Entry" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: searches + label: "Searches" + schema: + default: [] + type: list + items: + - variable: search + label: "Search Entry" + schema: + type: string + + - variable: serviceList + label: "Add Manual Custom Services" + group: "Networking and Services" + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: "Custom Service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the service" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Name" + schema: + type: string + default: "" + - variable: type + label: "Service Type" + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: "Simple" + enum: + - value: "Simple" + description: "Simple" + - value: "NodePort" + description: "NodePort" + - value: "ClusterIP" + description: "ClusterIP" + - value: "LoadBalancer" + description: "LoadBalancer" + - variable: loadBalancerIP + label: "LoadBalancer IP" + description: "LoadBalancerIP" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: "External IP" + schema: + type: string + - variable: portsList + label: "Additional Service Ports" + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: "Custom ports" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the port" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Port Name" + schema: + type: string + default: "" + - variable: protocol + label: "Port Type" + schema: + type: string + default: "TCP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: targetPort + label: "Target Port" + description: "This port exposes the container port on the service" + schema: + type: int + required: true + - variable: port + label: "Container Port" + schema: + type: int + required: true + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort" + schema: + type: int + min: 9000 + max: 65535 + + - variable: persistence + label: "Integrated Persistent Storage" + description: "Integrated Persistent Storage" + group: "Storage and Persistence" + schema: + additional_attrs: true + type: dict + attrs: + - variable: data + label: "App Data Storage" + description: "Stores the Application Data." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Type of Storage" + description: "Sets the persistence type, Anything other than PVC could break rollback!" + schema: + type: string + default: "simplePVC" + enum: + - value: "simplePVC" + description: "PVC (simple)" + - value: "simpleHP" + description: "HostPath (simple)" + - value: "emptyDir" + description: "emptyDir" + - value: "pvc" + description: "pvc" + - value: "hostPath" + description: "hostPath" + - variable: setPermissionsSimple + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: true + - variable: setPermissions + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPathSimple + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" + - variable: size + label: "Size quotum of storage" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "999Gi" + - variable: hostPathType + label: "(Advanced) hostPath Type" + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "DirectoryOrCreate" + description: "DirectoryOrCreate" + - value: "Directory" + description: "Directory" + - value: "FileOrCreate" + description: "FileOrCreate" + - value: "File" + description: "File" + - value: "Socket" + description: "Socket" + - value: "CharDevice" + description: "CharDevice" + - value: "BlockDevice" + description: "BlockDevice" + - variable: storageClass + label: "(Advanced) storageClass" + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "SCALE-ZFS" + - variable: accessMode + label: "(Advanced) Access Mode" + description: "Allow or disallow multiple PVC's writhing to the same PV" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "ReadWriteOnce" + enum: + - value: "ReadWriteOnce" + description: "ReadWriteOnce" + - value: "ReadOnlyMany" + description: "ReadOnlyMany" + - value: "ReadWriteMany" + description: "ReadWriteMany" + - variable: advanced + label: "Show Advanced Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: persistenceList + label: "Additional app storage" + group: "Storage and Persistence" + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: "Custom Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the storage" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Name (optional)" + description: "Not required, please set to config when mounting /config or temp when mounting /tmp" + schema: + type: string + - variable: type + label: "Type of Storage" + description: "Sets the persistence type, Anything other than PVC could break rollback!" + schema: + type: string + default: "simpleHP" + enum: + - value: "simplePVC" + description: "PVC (simple)" + - value: "simpleHP" + description: "HostPath (simple)" + - value: "emptyDir" + description: "emptyDir" + - value: "pvc" + description: "pvc" + - value: "hostPath" + description: "hostPath" + - variable: setPermissionsSimple + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: true + - variable: setPermissions + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPathSimple + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: "mountPath" + description: "Path inside the container the storage is mounted" + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" + - variable: size + label: "Size quotum of storage" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "999Gi" + - variable: hostPathType + label: "(Advanced) hostPath Type" + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "DirectoryOrCreate" + description: "DirectoryOrCreate" + - value: "Directory" + description: "Directory" + - value: "FileOrCreate" + description: "FileOrCreate" + - value: "File" + description: "File" + - value: "Socket" + description: "Socket" + - value: "CharDevice" + description: "CharDevice" + - value: "BlockDevice" + description: "BlockDevice" + - variable: storageClass + label: "(Advanced) storageClass" + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "SCALE-ZFS" + - variable: accessMode + label: "(Advanced) Access Mode" + description: "Allow or disallow multiple PVC's writhing to the same PV" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "ReadWriteOnce" + enum: + - value: "ReadWriteOnce" + description: "ReadWriteOnce" + - value: "ReadOnlyMany" + description: "ReadOnlyMany" + - value: "ReadWriteMany" + description: "ReadWriteMany" + - variable: advanced + label: "Show Advanced Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: ingress + label: "" + group: "Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Ingress" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: "Hosts" + schema: + type: list + default: [] + items: + - variable: hostEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: "HostName" + schema: + type: string + default: "" + required: true + - variable: paths + label: "Paths" + schema: + type: list + default: [] + items: + - variable: pathEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: "path" + schema: + type: string + required: true + default: "/" + - variable: pathType + label: "pathType" + schema: + type: string + required: true + default: "Prefix" + + - variable: tls + label: "TLS-Settings" + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: "Certificate Hosts" + schema: + type: list + default: [] + items: + - variable: host + label: "Host" + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + $ref: + - "definitions/certificate" + + - variable: entrypoint + label: "(Advanced) Traefik Entrypoint" + description: "Entrypoint used by Traefik when using Traefik as Ingress Provider" + schema: + type: string + default: "websecure" + required: true + - variable: middlewares + label: "Traefik Middlewares" + description: "Add previously created Traefik Middlewares to this Ingress" + schema: + type: list + default: [] + items: + - variable: name + label: "Name" + schema: + type: string + default: "" + required: true + + - variable: expert + label: "Show Expert Configuration Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enableFixedMiddlewares + description: "These middlewares enforce a number of best practices." + label: "Enable Default Middlewares" + schema: + type: boolean + default: true + - variable: ingressClassName + label: "IngressClass Name" + schema: + type: string + default: "" + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: ingressList + label: "Add Manual Custom Ingresses" + group: "Ingress" + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: "Custom Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Ingress" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Name" + schema: + type: string + default: "" + - variable: ingressClassName + label: "IngressClass Name" + schema: + type: string + default: "" + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: hosts + label: "Hosts" + schema: + type: list + default: [] + items: + - variable: hostEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: "HostName" + schema: + type: string + default: "" + required: true + - variable: paths + label: "Paths" + schema: + type: list + default: [] + items: + - variable: pathEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: "path" + schema: + type: string + required: true + default: "/" + - variable: pathType + label: "pathType" + schema: + type: string + required: true + default: "Prefix" + - variable: service + label: "Linked Service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Service Name" + schema: + type: string + default: "" + - variable: port + label: "Service Port" + schema: + type: int + - variable: tls + label: "TLS-Settings" + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: "Certificate Hosts" + schema: + type: list + default: [] + items: + - variable: host + label: "Host" + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: "Traefik Entrypoint" + description: "Entrypoint used by Traefik when using Traefik as Ingress Provider" + schema: + type: string + default: "websecure" + required: true + - variable: middlewares + label: "Traefik Middlewares" + description: "Add previously created Traefik Middlewares to this Ingress" + schema: + type: list + default: [] + items: + - variable: name + label: "Name" + schema: + type: string + default: "" + required: true + + - variable: advancedSecurity + label: "Show Advanced Security Settings" + group: "Security and Permissions" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: securityContext + label: "Security Context" + schema: + additional_attrs: true + type: dict + attrs: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: false + - variable: allowPrivilegeEscalation + label: "Allow Privilege Escalation" + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: "runAsNonRoot" + schema: + type: boolean + default: false + - variable: capabilities + label: "Capabilities" + schema: + additional_attrs: true + type: dict + attrs: + - variable: drop + label: "Drop Capability" + schema: + type: list + default: [] + items: + - variable: dropEntry + label: "" + schema: + type: string + - variable: add + label: "Add Capability" + schema: + type: list + default: [] + items: + - variable: addEntry + label: "" + schema: + type: string + + - variable: podSecurityContext + group: "Security and Permissions" + label: "Pod Security Context" + schema: + additional_attrs: true + type: dict + attrs: + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 0 + - variable: runAsGroup + label: "runAsGroup" + description: The groupID this App of the user running the application" + schema: + type: int + default: 0 + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 33 + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: "OnRootMismatch" + enum: + - value: "OnRootMismatch" + description: "OnRootMismatch" + - value: "Always" + description: "Always" + - variable: supplementalGroups + label: "supplemental Groups" + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: "supplemental Group" + schema: + type: int + + + - variable: advancedresources + label: "Set Custom Resource Limits/Requests (Advanced)" + group: "Resources and Devices" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: resources + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: "Advanced Limit Resource Consumption" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: "CPU" + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/indepth/validation/" + schema: + type: string + default: "4000m" + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/indepth/validation/" + schema: + type: string + default: "8Gi" + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: "CPU" + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/indepth/validation/" + schema: + type: string + default: "10m" + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/indepth/validation/" + schema: + type: string + default: "50Mi" + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + + - variable: deviceList + label: "Mount USB devices" + group: "Resources and Devices" + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: "Device" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the storage" + schema: + type: boolean + default: true + - variable: type + label: "(Advanced) Type of Storage" + description: "Sets the persistence type" + schema: + type: string + default: "hostPath" + hidden: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPath + label: "Host Device Path" + description: "Path to the device on the host system" + schema: + type: path + - variable: mountPath + label: "Container Device Path" + description: "Path inside the container the device is mounted" + schema: + type: string + default: "/dev/ttyACM0" + + # Specify GPU configuration + - variable: scaleGPU + label: "GPU Configuration" + group: "Resources and Devices" + schema: + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + + - variable: autoscaling + group: "Advanced" + label: "(Advanced) Horizontal Pod Autoscaler" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: target + label: "Target" + description: "deployment name, defaults to main deployment" + schema: + type: string + default: "" + - variable: minReplicas + label: "Minimum Replicas" + schema: + type: int + default: 1 + - variable: maxReplicas + label: "Maximum Replicas" + schema: + type: int + default: 5 + - variable: targetCPUUtilizationPercentage + label: "Target CPU Utilization Percentage" + schema: + type: int + default: 80 + - variable: targetMemoryUtilizationPercentage + label: "Target Memory Utilization Percentage" + schema: + type: int + default: 80 + - variable: networkPolicy + group: "Advanced" + label: "(Advanced) Network Policy" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: "Policy Type" + schema: + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "ingress" + description: "Ingress" + - value: "egress" + description: "Egress" + - value: "ingress-egress" + description: "Ingress and Egress" + - variable: egress + label: "Egress" + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: "To" + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: "ipBlock" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: "cidr" + schema: + type: string + default: "" + - variable: except + label: "except" + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: int + - variable: namespaceSelector + label: "namespaceSelector" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: "matchExpressions" + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: "Key" + schema: + type: string + - variable: operator + label: "operator" + schema: + type: string + default: "TCP" + enum: + - value: "In" + description: "In" + - value: "NotIn" + description: "NotIn" + - value: "Exists " + description: "Exists " + - value: "DoesNotExist " + description: "DoesNotExist " + - variable: values + label: "values" + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: "matchExpressions" + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: "Key" + schema: + type: string + - variable: operator + label: "operator" + schema: + type: string + default: "TCP" + enum: + - value: "In" + description: "In" + - value: "NotIn" + description: "NotIn" + - value: "Exists " + description: "Exists " + - value: "DoesNotExist " + description: "DoesNotExist " + - variable: values + label: "values" + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: "Ports" + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "port" + schema: + type: int + - variable: endPort + label: "port" + schema: + type: int + - variable: protocol + label: "Protocol" + schema: + type: string + default: "TCP" + enum: + - value: "TCP" + description: "TCP" + - value: "UDP" + description: "UDP" + - value: "SCTP" + description: "SCTP" + - variable: ingress + label: "Ingress" + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: "From" + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: "ipBlock" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: "cidr" + schema: + type: string + default: "" + - variable: except + label: "except" + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: int + - variable: namespaceSelector + label: "namespaceSelector" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: "matchExpressions" + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: "Key" + schema: + type: string + - variable: operator + label: "operator" + schema: + type: string + default: "TCP" + enum: + - value: "In" + description: "In" + - value: "NotIn" + description: "NotIn" + - value: "Exists " + description: "Exists " + - value: "DoesNotExist " + description: "DoesNotExist " + - variable: values + label: "values" + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: "matchExpressions" + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: "Key" + schema: + type: string + - variable: operator + label: "operator" + schema: + type: string + default: "TCP" + enum: + - value: "In" + description: "In" + - value: "NotIn" + description: "NotIn" + - value: "Exists " + description: "Exists " + - value: "DoesNotExist " + description: "DoesNotExist " + - variable: values + label: "values" + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: "Ports" + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "port" + schema: + type: int + - variable: endPort + label: "port" + schema: + type: int + - variable: protocol + label: "Protocol" + schema: + type: string + default: "TCP" + enum: + - value: "TCP" + description: "TCP" + - value: "UDP" + description: "UDP" + - value: "SCTP" + description: "SCTP" + + + - variable: addons + group: "Addons" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: vpn + label: "VPN" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Type" + schema: + type: string + default: "disabled" + enum: + - value: "disabled" + description: "disabled" + - value: "openvpn" + description: "OpenVPN" + - value: "wireguard" + description: "Wireguard" + - variable: openvpn + label: "OpenVPN Settings" + schema: + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: "authentication username" + description: "authentication username, optional" + schema: + type: string + default: "" + - variable: password + label: "authentication password" + description: "authentication credentials" + schema: + type: string + default: "" + required: true + - variable: killSwitch + label: "Enable killswitch" + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: "Killswitch Excluded IPv4 networks" + description: "list of killswitch excluded ipv4 addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: "IPv4 Network" + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: "Killswitch Excluded IPv6 networks" + description: "list of killswitch excluded ipv4 addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: "IPv6 Network" + schema: + type: string + required: true + + - variable: configFile + label: "VPN Config File Location" + schema: + type: dict + show_if: [["type", "!=", "disabled"]] + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: true + hidden: true + - variable: type + label: "type" + schema: + type: string + default: "hostPath" + hidden: true + - variable: hostPathType + label: "hostPathType" + schema: + type: string + default: "File" + hidden: true + - variable: noMount + label: "noMount" + schema: + type: boolean + default: true + hidden: true + - variable: hostPath + label: "Full path to file" + description: "path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn" + schema: + type: string + default: "" + required: true + - variable: envList + label: "VPN environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true + + - variable: codeserver + label: "Codeserver" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: git + label: "Git Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: deployKey + description: "Raw SSH private key" + label: "deployKey" + schema: + type: string + - variable: deployKeyBase64 + description: "Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence" + label: "deployKeyBase64" + schema: + type: string + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Service Type" + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: "NodePort" + enum: + - value: "NodePort" + description: "NodePort" + - value: "ClusterIP" + description: "ClusterIP" + - value: "LoadBalancer" + description: "LoadBalancer" + - variable: loadBalancerIP + label: "LoadBalancer IP" + description: "LoadBalancerIP" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: "External IP" + schema: + type: string + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: nodePort + description: "leave empty to disable" + label: "nodePort" + schema: + type: int + default: 36107 + - variable: envList + label: "Codeserver environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true + + + - variable: promtail + label: "Promtail" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: loki + label: "Loki URL" + schema: + type: string + required: true + - variable: logs + label: "Log Paths" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: path + label: "Path" + schema: + type: string + required: true + - variable: args + label: "Promtail ecommand line arguments" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: arg + label: "Arg" + schema: + type: string + required: true + - variable: envList + label: "Promtail environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true + + + + + - variable: netshoot + label: "Netshoot" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: "Netshoot environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true diff --git a/incubator/synapse/0.0.1/security.md b/incubator/synapse/0.0.1/security.md new file mode 100644 index 00000000000..ac974cb2c40 --- /dev/null +++ b/incubator/synapse/0.0.1/security.md @@ -0,0 +1,25 @@ +--- +hide: + - toc +--- + +# Security Overview + + + +## Helm-Chart + +##### Scan Results + + + +| No Misconfigurations found | +|:---------------------------------| + +## Containers + +##### Detected Containers + + +##### Scan Results + diff --git a/incubator/synapse/0.0.1/templates/_configmap.tpl b/incubator/synapse/0.0.1/templates/_configmap.tpl new file mode 100644 index 00000000000..b9597f3dab9 --- /dev/null +++ b/incubator/synapse/0.0.1/templates/_configmap.tpl @@ -0,0 +1,153 @@ +{{/* Define the configs */}} +{{- define "synapse.config" -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: synapse-config + labels: + {{ include "common.labels" . | nindent 4 }} + annotations: + rollme: {{ randAlphaNum 5 | quote }} +data: + homeserver.yaml: | + server_name: {{ .Values.matrix.serverName }} + pid_file: /data/homeserver.pid + public_baseurl: {{ include "matrix.baseUrl" . | quote }} + use_presence: {{ .Values.matrix.presence }} + + allow_public_rooms_over_federation: {{ and .Values.matrix.federation.enabled .Values.matrix.federation.allowPublicRooms }} + + block_non_admin_invites: {{ .Values.matrix.blockNonAdminInvites }} + + enable_search: {{ .Values.matrix.search }} + + {{- if .Values.matrix.federation.whitelist }} + federation_domain_whitelist: + {{- range .Values.matrix.federation.whitelist }} + - {{ . }} + {{- end }} + {{- end}} + + federation_ip_range_blacklist: + {{- range .Values.matrix.federation.blacklist }} + - {{ . }} + {{- end }} + + listeners: + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client, federation] + compress: false + + {{- if .Values.synapse.metrics.enabled }} + - type: metrics + port: {{ .Values.synapse.metrics.port }} + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + {{- end }} + + admin_contact: 'mailto:{{ .Values.matrix.adminEmail }}' + hs_disabled: {{ .Values.matrix.disabled }} + hs_disabled_message: {{ .Values.matrix.disabledMessage }} + redaction_retention_period: {{ .Values.matrix.retentionPeriod }} + + log_config: "/data/{{ .Values.matrix.serverName }}.log.config" + media_store_path: "/data/media_store" + uploads_path: "/data/uploads" + max_upload_size: {{ .Values.matrix.uploads.maxSize }} + max_image_pixels: {{ .Values.matrix.uploads.maxPixels }} + url_preview_enabled: {{ .Values.matrix.urlPreviews.enabled }} + + {{- if .Values.coturn.enabled -}} + {{- if not (empty .Values.coturn.uris) }} + turn_uris: + {{- range .Values.coturn.uris }} + - {{ . }} + {{- end }} + {{- else }} + turn_uris: + - "turn:{{ include "matrix.hostname" . }}?transport=udp" + {{- end }} + turn_user_lifetime: 1h + turn_allow_guests: {{ .Values.coturn.allowGuests }} + {{- end }} + + enable_registration: {{ .Values.matrix.registration.enabled }} + + allow_guest_access: {{ .Values.matrix.registration.allowGuests }} + + {{- if .Values.synapse.metrics.enabled }} + enable_metrics: true + {{- end }} + + report_stats: false + + {{- if .Values.synapse.appConfig }} + app_service_config_files: + {{- range .Values.synapse.appConfig }} + - {{ . }} + {{- end }} + {{- end }} + + signing_key_path: "/data/keys/{{ .Values.matrix.serverName }}.signing.key" + + {{- if .Values.matrix.security.trustedKeyServers }} + trusted_key_servers: + {{- range .Values.matrix.security.trustedKeyServers }} + - server_name: {{ .serverName }} + {{- if .verifyKeys }} + verify_keys: + {{- range .verifyKeys }} + {{ .id | quote }}: {{ .key | quote }} + {{- end }} + {{- end }} + {{- if .acceptKeysInsecurely }} + accept_keys_insecurely: {{ .acceptKeysInsecurely }} + {{- end }} + {{- end }} + {{- end }} + + suppress_key_server_warning: {{ .Values.matrix.security.supressKeyServerWarning }} + {{- if not .Values.loadCustomConfig }} + custom.yaml: | + # PLACEHOLDER + {{- end }} + + {{ .Values.matrix.serverName }}.log.config: | + version: 1 + + formatters: + precise: + format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' + + filters: + context: + (): synapse.util.logcontext.LoggingContextFilter + request: "" + + handlers: + console: + class: logging.StreamHandler + formatter: precise + filters: [context] + + loggers: + synapse: + level: {{ .Values.matrix.logging.synapseLogLevel }} + + synapse.storage.SQL: + # beware: increasing this to DEBUG will make synapse log sensitive + # information such as access tokens. + level: {{ .Values.matrix.logging.sqlLogLevel }} + + + root: + level: {{ .Values.matrix.logging.rootLogLevel }} + handlers: [console] +{{- end }} diff --git a/incubator/synapse/0.0.1/templates/_helpers.tpl b/incubator/synapse/0.0.1/templates/_helpers.tpl new file mode 100644 index 00000000000..21bbda61c3c --- /dev/null +++ b/incubator/synapse/0.0.1/templates/_helpers.tpl @@ -0,0 +1,20 @@ +Synapse hostname, derived from either the Values.matrix.hostname override or the Ingress definition +*/}} +{{- define "matrix.hostname" -}} +{{- if .Values.matrix.hostname }} +{{- .Values.matrix.hostname -}} +{{- else }} +{{- .Values.ingress.hosts.synapse -}} +{{- end }} +{{- end }} + +{{/* +Synapse hostname prepended with https:// to form a complete URL +*/}} +{{- define "matrix.baseUrl" -}} +{{- if .Values.matrix.hostname }} +{{- printf "https://%s" .Values.matrix.hostname -}} +{{- else }} +{{- printf "https://%s" .Values.ingress.hosts.synapse -}} +{{- end }} +{{- end }} diff --git a/incubator/synapse/0.0.1/templates/_secret.tpl b/incubator/synapse/0.0.1/templates/_secret.tpl new file mode 100644 index 00000000000..f83ef68469c --- /dev/null +++ b/incubator/synapse/0.0.1/templates/_secret.tpl @@ -0,0 +1,55 @@ +{{/* Define the configs */}} +{{- define "synapse.secret" -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: synapse-secret + labels: + {{ include "common.labels" . | nindent 4 }} + annotations: + rollme: {{ randAlphaNum 5 | quote }} +stringData: + {{- $previous := lookup "v1" "Secret" .Release.Namespace "synapse-secret" }} + {{- $msk := "" }} + secret.yaml: | + {{- if .Values.mail.enabled }} + email: + enable_notifs: {{ .Values.mail.enabled }} + notif_from: {{ .Values.mail.from }} + smtp_host: {{ .Values.mail.external.host }} + smtp_port: {{ .Values.mail.external.port }} + smtp_user: {{ .Values.mail.external.username }} + smtp_pass: {{ .Values.mail.external.password }} + require_transport_security: {{ .Values.mail.external.requireTransportSecurity }} + {{- end }} + + database: + name: "psycopg2" + args: + user: "{{ .Values.postgresql.postgresqlUsername }}" + password: {{ .Values.postgresql.postgresqlPassword }} + database: "{{ .Values.postgresql.postgresqlDatabase }}" + host: "{{ printf "%v-%v" .Release.Name "postgresql" }}" + port: "5432" + cp_min: 5 + cp_max: 10 + sslmode: "disable" + + {{- if .Values.matrix.registration.sharedSecret }} + registration_shared_secret: {{ .Values.matrix.registration.sharedSecret }} + {{- end }} + + {{- if $previous }} + {{- $msk = ( index $previous.data "macaroon_secret_key" ) | b64dec }} + macaroon_secret_key: {{ ( index $previous.data "macaroon_secret_key" ) }} + {{- else }} + {{- $msk = randAlphaNum 50 }} + macaroon_secret_key: {{ $msk | b64enc | quote }} + {{- end }} + + {{- if .Values.coturn.enabled -}} + turn_shared_secret: {{ include "matrix.coturn.sharedSecret" . }} + {{- end }} + +{{- end }} diff --git a/incubator/synapse/0.0.1/templates/common.yaml b/incubator/synapse/0.0.1/templates/common.yaml new file mode 100644 index 00000000000..1bac1bd32ee --- /dev/null +++ b/incubator/synapse/0.0.1/templates/common.yaml @@ -0,0 +1,11 @@ +{{/* Make sure all variables are set properly */}} +{{- include "common.setup" . }} + +{{/* Render configmap for synapse */}} +{{- include "synapse.config" . }} + +{{/* Render secret for synapse */}} +{{- include "synapse.secret" . }} + +{{/* Render the templates */}} +{{ include "common.postSetup" . }} diff --git a/incubator/synapse/0.0.1/values.yaml b/incubator/synapse/0.0.1/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/incubator/synapse/item.yaml b/incubator/synapse/item.yaml new file mode 100644 index 00000000000..73e4fd6f919 --- /dev/null +++ b/incubator/synapse/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://truecharts.org/_static/img/appicons/synapse-icon.png +categories: +- cloud +