From b82f0b0bb6c93fdbaed60e32cecbd52e22688046 Mon Sep 17 00:00:00 2001 From: TrueCharts-Bot Date: Fri, 23 Sep 2022 00:35:56 +0000 Subject: [PATCH] Commit new Chart releases for TrueCharts Signed-off-by: TrueCharts-Bot --- incubator/blocky/0.0.1/CHANGELOG.md | 11 + incubator/blocky/0.0.1/Chart.lock | 9 + incubator/blocky/0.0.1/Chart.yaml | 34 + incubator/blocky/0.0.1/README.md | 110 + incubator/blocky/0.0.1/app-readme.md | 8 + .../blocky/0.0.1/charts/common-10.5.7.tgz | Bin 0 -> 48175 bytes .../blocky/0.0.1/charts/redis-3.0.67.tgz | Bin 0 -> 57080 bytes .../blocky/0.0.1/ci/k8sgateway-values.yaml | 7 + .../blocky/0.0.1/ci/standalone-values.yaml | 0 incubator/blocky/0.0.1/ix_values.yaml | 338 ++ incubator/blocky/0.0.1/questions.yaml | 3269 +++++++++++++++++ .../blocky/0.0.1/templates/_blockyConfig.tpl | 200 + .../blocky/0.0.1/templates/_k8sgateway.tpl | 107 + incubator/blocky/0.0.1/templates/_webui.tpl | 36 + incubator/blocky/0.0.1/templates/common.yaml | 50 + incubator/blocky/0.0.1/values.yaml | 0 incubator/blocky/item.yaml | 4 + 17 files changed, 4183 insertions(+) create mode 100644 incubator/blocky/0.0.1/CHANGELOG.md create mode 100644 incubator/blocky/0.0.1/Chart.lock create mode 100644 incubator/blocky/0.0.1/Chart.yaml create mode 100644 incubator/blocky/0.0.1/README.md create mode 100644 incubator/blocky/0.0.1/app-readme.md create mode 100644 incubator/blocky/0.0.1/charts/common-10.5.7.tgz create mode 100644 incubator/blocky/0.0.1/charts/redis-3.0.67.tgz create mode 100644 incubator/blocky/0.0.1/ci/k8sgateway-values.yaml create mode 100644 incubator/blocky/0.0.1/ci/standalone-values.yaml create mode 100644 incubator/blocky/0.0.1/ix_values.yaml create mode 100644 incubator/blocky/0.0.1/questions.yaml create mode 100644 incubator/blocky/0.0.1/templates/_blockyConfig.tpl create mode 100644 incubator/blocky/0.0.1/templates/_k8sgateway.tpl create mode 100644 incubator/blocky/0.0.1/templates/_webui.tpl create mode 100644 incubator/blocky/0.0.1/templates/common.yaml create mode 100644 incubator/blocky/0.0.1/values.yaml create mode 100644 incubator/blocky/item.yaml diff --git a/incubator/blocky/0.0.1/CHANGELOG.md b/incubator/blocky/0.0.1/CHANGELOG.md new file mode 100644 index 00000000000..b8426b4ad24 --- /dev/null +++ b/incubator/blocky/0.0.1/CHANGELOG.md @@ -0,0 +1,11 @@ +# Changelog + + + +## [blocky-0.0.1]blocky-0.0.1 (2022-09-22) + +### Feat + +- add blocky ([#3735](https://github.com/truecharts/charts/issues/3735)) + + \ No newline at end of file diff --git a/incubator/blocky/0.0.1/Chart.lock b/incubator/blocky/0.0.1/Chart.lock new file mode 100644 index 00000000000..2e838644d85 --- /dev/null +++ b/incubator/blocky/0.0.1/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: common + repository: https://library-charts.truecharts.org + version: 10.5.7 +- name: redis + repository: https://charts.truecharts.org + version: 3.0.67 +digest: sha256:4cf9731678aced1ef480c08befa018ca96eb3be1789d55b2695b486492b04569 +generated: "2022-09-23T00:34:04.104686927Z" diff --git a/incubator/blocky/0.0.1/Chart.yaml b/incubator/blocky/0.0.1/Chart.yaml new file mode 100644 index 00000000000..15acec1bc0f --- /dev/null +++ b/incubator/blocky/0.0.1/Chart.yaml @@ -0,0 +1,34 @@ +apiVersion: v2 +appVersion: "elopment" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 10.5.7 + - condition: redis.enabled + name: redis + repository: https://charts.truecharts.org + version: 3.0.67 +description: Blocky is a DNS proxy and ad-blocker for the local network written in Go +home: https://truecharts.org/docs/charts/incubator/blocky +icon: https://truecharts.org/img/hotlink-ok/chart-icons/blocky.png +keywords: + - dns + - blocky +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: blocky +sources: + - https://github.com/truecharts/charts/tree/master/charts/incubator/blocky + - https://0xerr0r.github.io/blocky/ + - https://github.com/0xERR0R/blocky + - https://github.com/Mozart409/blocky-frontend + - https://hub.docker.com/r/spx01/blocky +version: 0.0.1 +annotations: + truecharts.org/catagories: | + - network + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/incubator/blocky/0.0.1/README.md b/incubator/blocky/0.0.1/README.md new file mode 100644 index 00000000000..b41f98e8a87 --- /dev/null +++ b/incubator/blocky/0.0.1/README.md @@ -0,0 +1,110 @@ +# blocky + +Blocky is a DNS proxy and ad-blocker for the local network written in Go + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. + +This readme is just an automatically generated general guide on installing our Helm Charts and Apps. +For more information, please click here: [blocky](https://truecharts.org/docs/charts/incubator/blocky) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + +## Source Code + +* +* +* +* +* + +## Requirements + +Kubernetes: `>=1.16.0-0` + +## Dependencies + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.truecharts.org | redis | 3.0.67 | +| https://library-charts.truecharts.org | common | 10.5.7 | + +## Installing the Chart + +### TrueNAS SCALE + +To install this Chart on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/SCALE%20Apps/Installing-an-App). + +### Helm + +To install the chart with the release name `blocky` + +```console +helm repo add TrueCharts https://charts.truecharts.org +helm repo update +helm install blocky TrueCharts/blocky +``` + +## Uninstall + +### TrueNAS SCALE + +**Upgrading, Rolling Back and Uninstalling the Chart** + +To upgrade, rollback or delete this Chart from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/SCALE%20Apps/Upgrade-rollback-delete-an-App). + +### Helm + +To uninstall the `blocky` deployment + +```console +helm uninstall blocky +``` + +## Configuration + +### Helm + +#### Available Settings + +Read through the values.yaml file. It has several commented out suggested values. +Other values may be used from the [values.yaml](https://github.com/truecharts/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common). + +#### Configure using the command line + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +```console +helm install blocky \ + --set env.TZ="America/New York" \ + TrueCharts/blocky +``` + +#### Configure using a yaml file + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. + +```console +helm install blocky TrueCharts/blocky -f values.yaml +``` + +#### Connecting to other charts + +If you need to connect this Chart to other Charts on TrueNAS SCALE, please refer to our [Linking Charts Internally](https://truecharts.org/docs/manual/SCALE%20Apps/linking-apps) quick-start guide. + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/docs/manual/SCALE%20Apps/Important-MUST-READ). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/apps/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +--- + +All Rights Reserved - The TrueCharts Project diff --git a/incubator/blocky/0.0.1/app-readme.md b/incubator/blocky/0.0.1/app-readme.md new file mode 100644 index 00000000000..3642b1ead90 --- /dev/null +++ b/incubator/blocky/0.0.1/app-readme.md @@ -0,0 +1,8 @@ +Blocky is a DNS proxy and ad-blocker for the local network written in Go + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/docs/charts/incubator/blocky](https://truecharts.org/docs/charts/incubator/blocky) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/docs/about/sponsor) or contributing back to the project any way you can! diff --git a/incubator/blocky/0.0.1/charts/common-10.5.7.tgz b/incubator/blocky/0.0.1/charts/common-10.5.7.tgz new file mode 100644 index 0000000000000000000000000000000000000000..20a5750c094827ceafd7aded2f15dbf36e36c0e8 GIT binary patch literal 48175 zcmV)dK&QVSiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcciT9UC_aDdQ{cyBw(Ysr)3)q*CVQ@9JKa8=I6k(MzPqz? z9EgM@j46T*fO0hHeD~kMlK>wQ?;=JA1vI!EpGeUVpGN-1`&gJpwMJCu1DaKlSe2 zR65ruRC#)N_^njy(R ztTiPwbO5HDr|h8HonSuAMxBt%x}0Vxlx4awO<9*ygt{}xIHFzsUa?{ehoT_^0?r|a zlywxSj3FA5grkH@s9AS!xYO(H?e4a2(BhWRh#j=rAaAVIHkh{Mi&h)xW^S?(vR(b* zKVSDd{b8rq?)}i3L7Z@i6GSC2G=n%k05}HG|^6oq(A1%kiX95j{|TzJ|p~`A|^W2lF)v^6#bY%8m&w9 zTTIbJRII0a4!a@AEzAbcTtd(LonB|q8}xgx`a6c+ug1GWv^yO3(0(-Dk9MN%{oO$y zMSI(DCkzL##&EDR8t?Ay_j-Gy@dypKw^6Ux-`_z4G#Zb>COE7`>MMw27Qz^jM;U3zBuX_7ov^VJQ!rkGh z7s5dw!f+J58uoU3y;spb8tp_w7)H^~epore#rD^tZc52a^ln|^ntJuLwU8Tfu_?bA zmPg@1XV~c*@}iyIaIgPrZxC*yQ8eC*!rkFuv_A|7 zij%dauc}o~;S`2*T~1op3mc2BWAK_Tk{w zc+}h9+1nfJY;T8y{eFKGj$gsO{n6gu{`UT8e{T#|w%nAWvn=KqCwR%!mPOj4OjGLQ zHLBoI6k%2&IeVR6E;)C?K?uYbN8;%DE_0VwmYHu9v z>_xA(hdaH!ZPY`rkoeZCl$>tEP3bd<$q2?dT@VK_0c4IS#SxMVRwb0t7=Hm|EPsu& zI2MaDy`=k~OM6g6Ih1frkt_ouG!_ICEDS7w%9=2WWH}fEg&m0D2*s=eenRmKa5PJ$ zoCG0EzzBhip{UaWy3_&q`fWKhm?VVD$+QxrQ&hrjiRCmUag3-%86|KOBR%oWS5aAg zhz{feyGWY6C=e^#j{N=!#yA2*dJhND{0FaAg^;Z7r;&Ois zmJF{N|24p>3is{P9h-GKa+b|Th>F=2A%-c6KuRK}mmPrt(wrbh}4?k62&OwgaR1Hc0=b$E%}OD}_9qo+gCj@j@$-mL~>M z+28_5I>*+*e0F%LT5hQiMQt@f2~q~7(din1GB#&0brskc#>~n*OVxA8ryyfu{HH>T z&LPF30+S_E$fpP3hwcxhdZM){VSG#R(HA&NV{{-0senNcW{i^=I6aqjMcD(;e>Ldz zhx?u3ursU#2{XcHkmC@>@d8XBpCTbiaWbKZG1)&^Pro=PlplcMaOeo)tZBhZWFW=2@a$$^- z`-AND6j1o(;ehV2H@krTN4AD6b z5e!4oTJ0)c7duqNe6Ew=-oqPZFnQA7uLd^6`bA8fl#&r*TOc7^{DXMd>2#zWCcvFa z-l7O#24>0-g9+#tplyMfXp?2C00$(A7o}1X2BbGA0+1QJR73iQQD3BAiTW zS&NQf*qEV2;rp_YfKkUh68`!ub0PhD}*E`X>r`QKFo| znVn+(r!zY{@|hn+1`acGzT7_p4kuxpMVfiwh|H~gDGF+}0#tAv3+PDuWTiv>me3ou zY_e9rbQA(HD>}14Rsx_60<-+;b^3!|cd%2ad_gjf{3;P*94Amk zLIu5!{J*ZnOFk3G(JfpYc<`+c-~uHPlJkinaFWd1pCA>a1!=~))}J#m8e(W}vJs*Q z;z-atq=eop!cc$-qDAx~jOi3cmb-Q-$fGe$s^Yz6GaJfi0{9-(_2dx+2 za1)qC`U~)86PzDjUjA}?0Dk!T6?86;WQvZEQ{daTA6hTKkuB2Fy;m#k_b~k#EiTa5 zzBkHWeQ(cT+O{h<`P`tzf%uPkeOv-9S9NbGnK?ie8A@%L*3{=hOXarY)9DDBoNU_F z<<)FEaQ(JeYRMhQb!8n%;L$vy^0$@zZOnR~m z7diVBvc{Qm5o;etJ1^vka3PA0l?2z;q~cEjeS`!fFEMUCn-qpTgE5F8he9BY5Qqtk zq>*OrTnQU8z&ORpj4T9Ys{6U+04cgvavdMI)dPUXUfYw){v8i@i9iLqq zGP5nav2B(@Nkll)LKe*60#L+AJVzj5F(Efu3NT}tvNh!}{Ornno~2C4r8m|g3vLmB zF-0(1n2`s8YUOnw1Y01=kX-5uSQL>kRJi1=NPRCmsC1*4+ExiDHK#<21lsZ>T+k2n z{-_ECFuI;0NW&>|O%Ej|x{)IzdIJsdy z7aB+PIVGaLFtaE)Jq8=+A5V`rMbFxEDEg7grE$CvqBawvLr_>0Ism)F{T2Wp-ydH7 zd;ogAfe}&pX004XB#c*8_lP7Mec_!Drf`H~%&{2Ij58eBMg5N-PsJGf?s6q^j+|-& zjfj#|4xWtOfTh&A1TRF^JeV-WLcWV zNU#Eo`4$N)W1mty$1$3?>PpPF4@tZb z?Y_k^QZnD}g3B$Wb5rkxg)r7Oq6Hu*a7HBJwpv&i5pPVEk4lWkC|raws_U37;HbYV zX>>Yn=vy4eg4<}8Yzg%W6Mz%UZHX-aftVd){^A(|kOQ1B4&zw*JUT7?%kK8D2W}0C zwF-)`3=hcEZlvaPxv=ZB^geMV1}2UKCJWh8UP!KD1rEXx5@MV#0On}MI^aY!>6JDP zyD6L_fQ2-_O@#d@#FH>!3NXYc)z`@E0jPjs8X>woIKxM>rYFvRN!YkURh5?YYZ;a~ ztV&$ZDH)+sfLFWSM3i&LZlpk0tlmyZ)VBCK?_)eiiCArmiHYT3j6=$^w5|Ml-OXiD zrz5khYq!BW4N5r#3wReDF)(UU}@5P7N0%~qeK`?x0p?p z+g^?Sf@D+$_sRCa{9X-Zr4!a>cdbjRnVq>nADGoO?El4# zE*3nT{92qp|*4yM9R2Q&CZh82)8*!|0P?{$B-Csw7Ru4H3@CCE}RLSsUO zEh%RutDe#I6L;8awUosSz4$_Z=_7dya&SAv;Z$um<5>DU@;Cls=m!QIuwaH5gA-)e zBexWDj*^aPPT8r;%v6e`voJ)?$2LrH_m21-+(&QG_BeQtL_`_G*`qVkyh;49Ad~UDY21Oa5TM zti*baJz!mnwWK$3RWMAY#L-S{Wjok9~BW5xNYOWMkDu&d^mm1BmLOV!WtWXUOoI7d< zMe$nIP@^6^=8zx~d2TANBUUJdvO?a9esB_!xZ`}g%u)%%Im7f>tj|7gsedoUA6G}` z+5r4`eE!+3u9kA*lU~%N@HPQZtPJyL(If&B#B+@$1BV1FeY|)lze@d2Y0TUWH7SqYGKu^_Ub)FCVMSo4`lFLzSk$ebo|l%oP+)>Mob?{Mv-2YIm2Le zGfwOQHRU^Z)@nFm9Ki^XvD1zy{W+CQ$kFJC5vFQ=Bq$W=sVBxr2HL8jbIky`Jj`*= zu`cq1cNSjjW7Vpa!mj?7qh$29XA3ZwQup0?wVSL0vJ8(99n5E%!StYH(CRogp>|f= zvvQZCUV^F5j^NV33wG<@|Iu<P4?d69N?MQmT4i?vZCT^HGj7<+6<48nbQo?NHrEVQ1Q9EN=508tq)iSItW}jz94K=l;zdChPYL6>9(Hw_{E|;n zh5Ao~$+M;sDL=l!XlNPU?pR#vkgnA5Z5%CLnW2q}5VJ{1l(#dZL{_{2HcltZ+UI~&qo^UR6p?Du12VSWqqb5Da zozisHt(vofXr=%~1&=m{EKTxekevln!GODZcUfeY4tOIJwhAzo5!*sMD$Wukkm>+G z=#P#X4<5TGG;D~rVqcGI+T5NwaSy(^G1E|n?%Dk!U#EqLay*th16IfYd5HH2QSR+K z`s{BHE>tmb(ZEdwuP`nsyu|eWs3Q~gi9ndRVny@;sX#uV<`nhrz93_(7i*s9$T?ObUX%LK{B3 zV!dGztXgr{+UkH`;fSkW)ypyiRvnM^>sDC`5`ZnHjv$!i!UcJ356%GhSb-5-V?qwV z2-0Poc5g0gIEFfcuO|2{$H#839-Hm;01a#;`P2E9;D{}N zW+`7BW4fgk-c~;4wxqI>Nmm5J$ruS|Cn=q~%c?P%EU~fFAnK{!Er22AGvNy z7B@rJDLngI1x;ZE2Kof0n5C?*&GxL5ZA<8W0e5Ol)~~1CL#>`7VR3jv^Vr z)mA~=qOJ*WFG=M!9V)85<^GgQPAHrpaAZ$k<B*zlO{;}zu#WUpc^Na$bdk!!ik{!RfZ?#G@r_|Rxv{gQuRY zmPn5=iok}0#^x4Ch*wn_p)vqTZUl?TG9}hOQH8#0#D$?2Pi>dCbv)87REZua%H+u? zfWBZRSu%_vo^9o$tOJnjcQMnvHHovMWC|S#7_#vN$!J@Gba42nU4|h^{%I}|kS>eQ z9)QmsCyNFIEE}~|I9b9BAKH~bl+RG(gO`!)RAs4^$K35)5o6b8*+?!LG+JslQIf)m zKC$7+!9#gI=sj_>MjDC83%vS1cV!Z7$V=;3f&eoTAvtYnqfBi%2|H)(WMFXf zhv@)4&0*eBFtJL~Ftos73aK!z_$@*SfU$etqvbHiI=o>SLbexSy16_MR-h0S5=7b6 zrc%-d^P+a@s>&7KqZx{DCS9$8N;VYaS{DL7OUDdsTpYe{k6?Hs*vp={+B6eg1GQn2 ziZcyh!Jwipvs+?XcgpWl7^sGQ2`TsNF7dyR`uIk+{z*~nGZ-Vt#i&noA{SkUs=#%pr}*gx!%h=8$$p^=IyQV(w6~ z8qHE7FYnQ`Svu09^c{zp&(iODfdBo*_vvOo&FV7;Hkkc1OTI(a_}=;AM42n1doW)+ z&vaU+`;EK+Cv4;8BQHv|BQ#$z_69e1d5y!Vir&}04^gJPH0{_u9L+5enmbmW*$tH@ zT8iilGbX(d`asB(+$Jhz-E^k2Ml!_D^Ma)%ZpFG^FE|>m`t8{eF)W`A=AWyU>$AnN z+nY-_Gl;2pwMeCxN34FrDGG1Qxe87f+I!$*YH$+6d0fd^%VRk6jtBi|~|R0H-kF0A{quj=u`GqHjD%*wwLE9>QD&cStjrwX=b zCim$QrgQwCe_)5C)8EH)OR98>%5kVh;*$m`*875P_i&&X$)X%3>er=Ny2~9O@FMqN zAJ|vGxaX8tWoOWHKB>Ke*`jT71=aAC*r&5O-iBB?bky0X|S5_r*Yr8Fy})5Nq@-Ew$pjw);$ciZ0dPYqUT3 z5vyO`CSEv2Fm3C1Z5g|&seUFTh}vQj1P@8VIE7f|;9tw&Q5hw1GHIi^iZ1Cw#_%MO znU@k0q3(-B-gcZwDwz7{o|u~B;_{TZIx21&XfxSDJ12%PD(jkOHZ$xDe!09sw+G;F zIN@l5=zmJ~Fcp6mQvGi#7pnSlJ4MOIgh7tkSnf9!zRMtweAxb`r0RbbvWsy^1Wsao zbc;Q}m`Rv&d~&#w2DXtxx@xhOJB%@8$i{PN3m+w%V)eF*c-U28nu1zsDkSIWxry&p zh4PH050FO^Mp0WM(B?$)AmU+L;?NcnPyX443iIw}%jt(5SDZRoq5GYFucxGd#Z*bM zHV90lW=Lj%d3Sqz+wtD}$tX>>0<$m6Kv&(q#cFZ{c3L*U!9feW0KXuRu}t1HL{Ug) zGn7PTkJI=s^W;LhraDhRK#bsApBIuTLj=o*m}E>q4yOb=0dT_F=%_>^FlGecMCbx} zRB9>&K2srb4A3kQs@lmEsxQllG3PN7pe-U>fMwxSH2xkZSPXB+L_I{r20oa6IMuR5 z^;J=EOyZc_%KX7EKrF}VUe3AyBbF(*)F?Vd`-OtLz4ur%fyoytri;Fv z>-=LO#qVSgcUbO6vm?eZFvW#&OWIkR&3(HNXFsl zSf!#%>9X)P4`iCgu!+Sw>kO zB(P-*v4$%zq+iuXeb%K}(qXE1 zwwy=S!;DX5H1blK>KZWPQ@J9w)Oi68WsDb&PzdQ3z}BHIPl6^$NhqNQa3aYokE=Q4 zmcN}1X=QS!{5tY?dH|s6I)}XR2r+&wRkC@*NO-e*ZB~}{wY=o;THU6Y*On2w*M)EL z;|-4E%UjIDse>5$BCltObf$53eR@9MvC+g;Ux&q<8(Pr|!a7M@4gVBU8P{--Kg&U} zRx$o9j-A}x_Mp7VHf!={sYrFRd5|V%IGt?7ImgNcx#!K->wVEHb0O25VV zBrZpERBqtjX%EcX#GR*!`2UVTL4Qq%bX|CDKloPC`kP6m?Ic03pjBZBXf0b|3%IxC zD;+G2GZhM|PEve-HiCn66AK}fegP>eb4Jy9GHI41WlH2i3+H!nR(J}1kq48-lDh(2 z_;%apG2}$v-Mfhkr~czg4Uc$EtNJcsxv0tS`!$}*BO=4Asr5s)rBk>aK@QsyrYhlq z6W|*YoneI&kW$r%HyQ>|D0BC#o=H7vz0>Wsun6qWgd~m_C?eo|3G}IlZfDL!i$P6x zC%twD68$OUc3_2pC~UkbN_>>Lm>?RMz5!82_p88on5HJNyP6l~(7cd4DV&<2mX|a+ zOy&4#C2Wn?F{Uc{scZPE=;e5!?i4U01A-qhcW%O#7e+yObA`T3mf|_&2wYzNBm~Dw z^KpW?XUAQ@TUpn@F))BWp!9RWY-_i{8_3Xbr;QRp!Khffqwa)}`7rW{Ce{e@P=j<> z=r*PK2yYM*d=v^Z-6WH8T34+VaX2x@6ZCF@o{{2Bb#GM0ezk-{Us8EB5;ofll8qB? zg)jo2adb@?{A`4=hmyK4DL4BH2c}(ln5PQK?ewCC=&V%9equc-aU5>w6M`p(-bjDVNX$>a{!*yfpvoOYZ7FJ3%K&LRnzqVWNE*qlXP1MZJJ zhY{Ew_IrDZ51fQNB|b=O0+}@!!Cl2vC%gdbq`WAcqAlc00Q%}ZHFTY2*$*mm8i?9e z`3a;zT{k^JZGr-G@_s#|ETv>7R%?A;Chrit#e6D_j&l+{*yJ!cESnq_&&OCuSl|yiJ1o#U%??}pk=+b0 zUbJ-Hcb4xctF-s>%%m{ORGR{YvD}$RxJkhkp%f*;Xv2sJQ2G`i!nn{tzs7liMd?st^E~^LW&|57^V;XJJe*3IhX(h*+PqZ$yf>DNS~emc=7I1Ux4oD z1ThB3Zv^*dGqEFkYnPBW_w0^gA#bzDTg`c=QF!g%<#n5NFfaeKePkr2>-SF7YSu4N@~L|Cr|<7k=0Vq9_STjA z$KC7l#oisB#&>I@*X#9$J3I2O{o4IYOKN|c>_{$0bs)zm&QMBmqOxS2Xr=&`E9?!^>f&IE z?8VQS&03)&5oB>RCCRzE=XZALEt4$BJ^boyu=dGgV(k){&G@k#=9vV2uSUAy9HCM7pVszxY=i& zFu|QL3CCiQJ?{st8=OQ3K=0cf%G>pYA$M%^L$_v#LlvfIP66OA?XO?K%i>+(@}^tkY+pjgB4ubcm3kpSbn&w2M*G5>e=_V)bw-{0LG z?mf@{r+Ai4M#Tf(1k9&U)x>iOsJgWuI$ANC0xxw+XA_2T@LJ}XHYOw$pdzsFhWuZ`3Id`Bc8| z=I?aF1yE)jRUf{Ig|Yj_9Z<2<^yKh_c2v0LH{*0POd(!hrE&g2e9}F94L0Ph{*N&}Me*;L>J_Z5)(*CpH-0I4k6>8?C&LXX*^OTSq0a0ISAI$p! z2#(Bwv%qaP$ZG_7zfi*IA|=Am5FNWkBkAWt<*qp;Ew$Y0uPe(H30W3My4O-dIFQ}R z@OoJt(}-rt3i`NnWpkMV|D9!}udqHr@`zHgl zJrj7?YBXK>+p!xyMRZm-;%*A9ZYZs8q^cQJ-U!Ozr>m>;f&|FLsFtEZ#pLy+i-(vy zZe{7oW9E0K&=?Dr4xSl3m_%Ts$fa^PH^D~b*g8y6kh&E>UY0~b&190&&Y^)8iB*8* zw+g_*{Pyhcd0$)GR<2ao)(U9LZgWWtK$T9H-viJAzkx)|p@f4S(XfG+Z*L0qV8=st zO6`zYwecJHH6vUPy4pmQb;MBn-=t?>eiOa+z9}EUS4SxSd4ACC{&{}z=lP%KfrEl- zRDoB3HeFE5mj=aELXG_&BFekh;=jsKa<7HJ3j2T1-`g(O|9jj0!L$AU6wfmIUkrao z#a5_AfYQ}YzI18Imgbf^b~Dc6So|gCSlbm9AEe7bO99cwPb7{Im4&QWoI>_9TGST~ z-29?}uB*k3gWzj#KDEvN0Dyu1TILsjLAU> zBE$Ce637VQ8io!*C=>9Dfmpd>@n#*8W;tfp0 zp>VXpcSl?hIM@jew5GsPHI&nM747mk;5!n}(Rbe+_3lfoH3Wd2&j2R?e>uv(vSyUb zr$+@DJNBiv{S687EeEGTuwg!z2-DVTlD<_%TU3o2&3HMUBOf>4^imtuXxJkab zdk^vj(sCl%=Dhap4#;|S@fg%&Y^ShcM_Ik&lC&%dbs;^!#Qa<$5}!@S$9PKipE~;9 zbpq47*LfKKos7X%`@e%y{6~MV^SuB2B#(;!Fh-5Mi9ts177iwmq;;xKP#Hbb1vpXJ zxu*HOL)JcGU<4V8Oa!#LB}Ge*Ws+33)yWyIa`##Bs8h=BJ{mto_b=d3UVBnPp))`&a>1&|nOheuwc+TB$|xnnD+6~0g<{{?5U@8EL4dd@3rF*uzq;}^(A+b*3- z06kTwiE^sZ=l1d`dz8tX%#eAzJp$T4V0;GbgHz*2+3IH{(O$|3F zw6N)cso)QJjH;8@u4pz(DjQyJI84Y#)8R13yefx7e{3=wrrjE9`jA!)hlbGo3php` z(V0oasLloY*Tw#aIW1F87o~I{NpI8PP|dNbFP0=Scp|W!@w;d^toeM<2nPk! z8_tKk_I>8Vvx)z^J`L@ElQiy5zTj2<-(GL0X#e+yyU+IjQ#?BUyI>X+&#UPp@;G6L z$_y`SSn#enEGD+vOmj|#%kymqAo%*#O6L6QsrcA&avyyAcCe%%hZFGaTcBW`XK{Q^ zVjQYnt-3m?EhYo6%jYY-vz7YikCbGo_>GeJfg5$MPvb4uGp3NM=3x@q+ESb4ztqWi zS-9zTw(w92PONj zx4qYUw*Q{uvG$+Ix*9sEQq{OKYyGJ#mFro5C3j%^3B-8C@x4azT~)jL#8%&+Gpud93``TNoSWc72>ozy$N$tlca)0RT=^%6Yvz^~u~} zdMEARZnQjwhFIIsSGw?^iCeyQsgOqxuOm`j2>!yo0IyLfenEMCbx%flcTf#>hb`|) zDSe@ovxYGzS_(^;XIJhY=c$wbCi~RAoxcs_|8Qqml>fVfooD&~6pxkv^~uWCcm5h! z)vjOjwaW2pzO8Wk`o)?!ef=7~%Xe*`F90D-;Rwf=W2B`cjG{cZ@!84M_2KdR)3eqZ z{$WeCKc;usGSEZ$hFy9*zGqnHgFKMXx+9!)<<%E$&<^E4EJi2=I8pbCtw#C};-OnD z|80*RFaOi9l>cd`_k8~INuIj+KQ}Ar69@m9rk92OIkI6{;9o_~(1(rstI~9j9P^ix zXKBP=Lu0&d{+m3x(*9GIK|h-Px3fDa&Hv%E{r4n~wg24Q(_=hY-{)%pbS%Rxo4~fT zlQ*c=WxFin!y4;e(`F$(#CjfECqIPhzyi+V1Mr)@1R&3;Kjl2Vj%CQ_wMq-|s<&^F zoKI*P`XAL7Y4Kux`W0csm(I)Fer!o@} z04$_1MOp?pKJLm*Y^S}6O=r>u|0JVpJ64`K3gm@@IP~F*Ix1MuOD^A*myX0!!t#{- zuIpVr|0JWTcEodiokBjnzSb)aoueeE%;ECC#*5KN{y*;ee=yiB*?+se{DdE8DXPhI#uU?#O0h!qF#V{Z@~8ZYetA*P14L#uh{aku z#D5SM$p7kRwf?um`B?s+{@(6(DgI~odHwe!Po4kAy)NmA{XeGZwU&?7{-25ql^)jr zQ)THqvi~P1&)O$G?aI9VtY==NX}8T{7(C~HdXi^p{EuSThYS3voNH~l`KBFw_w(yL+ly;I zb@P9oCf)0Knmoh}5UcFJ?SAq8hv9bbIsW@eo;v&Q)A`x&VEWC|#IyQDnFuqjCkr;9 zB0(*$QS1Cy$mCE!wRK|KyTueuGDuhAxS~ZD&Z;(rz>{gG?%Adb zXIYzaxYlcPg^r#tC#%5 zoMU>V6~Au&2^ajf!)vei+5HncneMWOPUiG1wZDs}k^Fz;{2zP6y<+~4{_b=BzbAQ0 z=RY4{`?o?w=DWZ8W7X!b{({Grzhob41b&-0m;ZHn{r>3N| z{V_L;1q(gYUa_Xa<8Kq!Y%+-UZ*Ux6-eMk3{np-|UYz`L`0kzCTJYg4aEe@f_;_`4 z-SCR9_!WJthy5COcaZ#5-ab-Mu2Z=Ftbop) zi9f6${;)v({#~eF&!vPqcYHbM8L^u&L=$yy-_mj^WbBsENKpnQ^S6}DRIGxs;4aYE zNVc_ovPR51_?JT>oWKV+R3~>5bl4P96m@JtLrH~?`nrT!9Vdb}OxE>KioX!{j;Yxs z*g=$y@f;Rc15`P6>>V`z1)^5JvV0!2 zjp5KR)3^05SqN4BCHrxOhpAAmiI1sJrEtE$oGk}`4wMyY2pa?W|d6id7cC%uBe{`6KlP6=(B<^|`7j*5j8 ze!*ijX9@~7E)@QubW`XLOR=0F9{6vvG?I8XU6uQ->GLW1a`)=;`sa^tPOdLcjxJ8F zimnL1u2<{h<;lh6`Qgz?p-$EAzn${J3|4pjd+rSf?BUVT$@$gw@!91%aA6ptlwU^) z^8wc%fb{EAl5xaJ$Vit>36Yxfkj+|(5aZW4Ej4v~a(Q)qdj6noF%sVFUhA~X#Re}w z9Q}N`dwqFw@#*B^L7PQiIEB~d+>F=g$^W~$IJ`c*__0jXig8u)SHa!=0n6sU4M+VQ{C~U8{=X-A>imDdn6ZCS z|DO{8UG4wN(RzIUpGD@;{eMokzbF5nGyfmc|F>P%|NWiaXZ`;qkM;lMGwT8Tf0a`w zj{&ovtGsmf;|ecbpWE|;$B$Cv$l`tIH3FQ->WKY3#;PYTzDTJ6YC zD?i5UQR1$48pd7iRL5PFJ9&Nb|Bl{$JU%%-JGuJh!^O{+*Qe*7c1rA2hF_rlzkkeH zL)r~jdseHd@;m!s9x9Ft@zAkfZYRC}H4$CwJtg~3-tF4G{)tfhFQL2Ra}ph9oXCah zqul>LDChs}Z|^?m|9z52+kcqlcOS{U1O^}j5RBpsNl7KO@6<8{NJ#{sWeY&$Ex!!# zDdf^eqjuh+R>p8L(F;bwX&}ZU3h8305vlGMo~F>fF!-g)32EF+4Fge4W$|{cs!qex z6q>3z9Ot__-t5|0(-ant&rTtemy}dri0t}_-0v2UvL4;mURxYN;r8dRUn`F93e#>w zBVj=JH+gTG_Z|1Ozp6Eq@NVXo>dSmt0>cqp#aKYYNjRBw=L7Ays}Vsp&O3v^y*+or z@)R{?Ygdxz?3SyCbDFa5T!r^5gl$|m>nL9R87Gl*XXZvd=j936u4K{|tNPt8daxb1 z?#z&tW;nS(X^cb2yqeB?r@9VLpTRHHmGbvarEOgaaf(Bi(&GZ2N9P|uavbA-L5@js zj%bJy4kvcC&<4sgd!hAT%imtlx61X6t!ZZ8s0I$_h{6eS8mXYxDl95?B1=7ak7k4} z9To}Q*}XM+IUU+}pwE5Ul(oA5{cgIwX%_cFV-~DRVmd=~g20AB zL1}MCA4NFio0ZOdH{RcP{Wmu~J3+0t(im*ytFF!R0fB;=s6`GY3E@&IH^a~=UyY_y zAlI~O;;ZOwaW=S$*Lhh9(}46L)~!9CkMIAXpE~`IlLCb`hW18 z|NUv6we|n0VvNVp{+jC^O!sSeYifR7>tXc13+y}5`Yu(53FU^YMR+NpoHZn_D4LU4r@Wo(Ia2_BwJ_k-aU zu<6sc$VJsmw0a^{j*~ZmmK2wS)^si)qzT=0_E~AiE;$^M zqFXADHpoE!gV!L?*azN@u|ZLTI}%ddH{Xk(UORhV_)GiGf*b09Y?iE8s}%4T6urk$ z6r)>6mG};-QB!A7-WDquAzR4*Pyj5az6Mlk)060;MV0Qsd0m0%Yj5vw3&`pGf8~rW zl`Yb)gk5lxjSx)`M=YdKkUI^F`|AzSv8dd);e3tcua^qLIIA1M;;_srM`X6q$$1cP3egzf*skY%)xo4Ik4e!E zN;qAl1SgyYo&!4n;PfWAMI#wNWg>B!Hsg%AZpP(-QpC{H_*?GeU@`kfZY-76$jkL) z@vTSide!PlR(HE1*3*i|r7QcaMCCF2WLG}rssOaXlrZ-SJ_m@c+>vGSNi3>;{VGY< zk@WJ;SXJz_R3V=p@wNCuyE zF3=ncNl+=#@fdW9Cj}}{lq7Jw=RBF4Z@W3G#}O! z@~L+s)d_f#-`vsDdYk3TuPP(BU9OSpWkrP%EUn#&I*QP$A^&Rui`V&1sCi}AAxRk@ z7bB;t{Ozq@Dsb{RSJ6B*aZi%w@>a=8#&>z$%7wyrQTs~nAb$Ot%hq#>#`sI1fQ!#n zU`v<*FoNL?N}>brD- zXRF(1Ib*GCsz|cBDfn;f>#pM%qV9(_+Q@GAfBa4;UMo_bX59~uL*GaCMMxc?T1c?BkF&Z z5MRqIMEPP#7tc*qQBR#Xmz+Y<)*s&_u!+Y6k3aemO^@H-YM~tmjFX;YU*P0$H8*5 zVOVQ6G*nzB_QG|tR;wb|4Db?54-z5cn zo&PtThYu3_`=cOa_fZV->~W%j(|PD*jV^m` z-P>f_c>;*#PTLxnZ4nlzb=UfH)|5IYv9$ZS3lyQCXmTiN|DX&Slxg35LRhys>VR$rX*DicEntei%Qlw-u|N__+SR$D*JDDr)2-_>^$3lPx7o~ z{|TmelvFPQ@b{7HMPRaK0D+{+gTxJ3NcqzAcMTV?#3t!%xK*FAjAz+^=~C#`_Kb z8=OQqnS3`~P#YHV-Hm-SOeu+xPH|)|$XPN(EtBrZouG9C!ZM{TRGvVSklnpdNFrk^ z+f+%la@)U-=*(n{x2AOIv+1z)MXN0m6YHIywW+bqbr15-b&2^(v*?dt=hoSO_q_7e zdsgND>Fw+m&;R%O+t2pjQ#@1^l%;}j>8#SLrO}<_Fm;fM zo0x1K%II<@(E=C0om~xQfOIAoFKvvCRDY;+G3pPcGnW`05>~C%k(1)-&5m_*3l_|R zul8`lhDY&EN(m<+iT%OZ1i?>NSLc`ZEdKJN_+}8)C8CUlQzWQ1g)7+baEk8>e*%8rEbr5W=94OKe|o!gg+gDynwurQ7S5Yk)K0!| zL=zY*XN!Z1oL9P(e2tuve$oi%18COT>3OiCWCfem;8mbg>{K*#@ZWjJR~4_C6jkLf zSFP>|w`>$+ zHa#Q!0>Nl;7)3(%8#b)_>QQ$&h^odnq)}tT>eIJyhU0}A{!OrvpgOr?gq&Z+&xGQA zstJV{gZegV20_EcreFE*A}2H%0sF(ohkMBe!dWQ*BUDj|4n?oajNRu-u%cVfgp1VZ;Rm|>tHRW2b|7F) zchGmE=t}ZG#-naHg_L)%osQm10j!e$+r3i$ui@Z1|JRc|@`C*%C8b?XS3X$)LrR>> z9+qAF?Yd2i8!uXhsdEP98ReO)#rv17oJoujE*za#6IFZ>lknvnyi_yH+MiNHsPhQA zY?Vz~6TH=u6gqTJ7Lq9aC8z{RrGmA$tkM7rRDDIHF@1BBne} z8I?d};F`epW}kKD{Z5$RPMCz_4klf5iLmVXKM77iumyrUz`iq4?nn85SGEFH- zDHiLQ+^Up|nBoOS>vqgd6rcA?Es}z&1c!ltM3+2cD>#^1Z=^Uo1k?|UdHq}Y|4?y6a_prJBzkLf@Fii`wFmvbXkTUEF^Yh!c3Mey} zzzK@lqlJIi7inNb@|MzZhuw9h@+k4OPzfbbW*?jUPg-Ik0XDJ}aSUK+n8!Vf| z?%Z=6;!2X8x$a(dxtC`f8bA1_LJ|tkw_E}0HQ2DB3>BXX;?#9IZ`S7E%2y>);!DwB zTd|4a-DWD9-UPo1lQapza9jR~XP4P{jK6@O9aP)jts}W(0-(iUoW=11{F=cSkFk)b zX)4F0)A|J|=(0Q)ZHVz=#E!7Ywsu}aLCz>@(ek=NL+`YYEn$1U`=cB{uLNIEh zP%ybJYZa&(%Aj9koI1jp6DO-_EY=W*y+f-;*uzu#Hc*x0p5rRO>l$oJ}buDWdTL zgivsY;TEGsNx~_KV?<>TZUauS6|NR(g-69;o|jYSGlB@EF?z#|MasIQvy<71A4SL(p@n28#h>73*3%HshFoQS&cDPG7 zd^vjTFI_7%D)t9*p(-FA8GuUAw83g;PAP&5&rF)diaPRR?n&}1oo8|EoFuRt;Nn{+ zwI4xsyn<)}n)m?y!^;7BgOli#2~9?EG6{0$oOcUqO-MSZ&GxuPGS07V*78p_Fqpza zI??IM^;@W3s1PPPu_qI}9?L?$?SHR6HVuth)kP1dh|X}L(oxM2V`7R! zKGk&1Kfceu9h3%t{U#hCQPD^)U+S7^0f3UZB*a(m_y)N3;4H#i-dC5P-IL)4we zW&}IuA5V|-Lo`OPinm(4NYDO3S<2J^D&1OZKz_VDxww9Ks1F74tADbpu(cqZLTyV?i@#DpZkLQhf*SZ4<8Cl74(BzMCFOI zyx9=O=*RPq;6dnj*%G12P6Pm@-oXK*v*WQeAZXrfSHU@8OnTk7f?Aj0=Jt5N|_U6ooa~2@lyr%EhRGtw0&2RB*Se(6e$=B`^9na4eQmA zSHi2hzN$!JISVVuyjg@+VVwH=?iEy4TlezE%ca=mlc{P)zf@tl#j2+fO6KnbvpR=b z%q!pK7MjbHR$Oa;d1yF1>ld%+Mgc-WEmRrq(g7Hpt34~0q7aW4vcawbF(wpL&C6gJ zQRLq!nZMPS!IfOwAw~QomqKlw8&RiHRnHw(yES9tjKf=d6P?BhbZpbju#twUEuaUk zB5S{%%s{N_$9VD{rd|{7+qzcVGRqrUv7qwK(^o|m=8gwhR2}c(6wj8N@~I3@%mJw@ z4c?P1apCFt?S8bG0`i9HhI0k#l#Ea{?l#M8_b)8~-Xl6eOuA;SXok)XFTv%};ky$s zK?$OeqX-C-04HOjx++TAoaN?b3z-O~1=OyDmO%N(gV*}r2)TJI?~y3k9DYt6_XY_E z&}*Qw@;I-`sK|=mof~$TUKUE}^<k76Pr$B;1-v{-t%u9u62Qxs(}qBc{z`(j;aQ^NR} ziq{tS{f znu#T(x7~7UYAsWgLW+XAD-EoJQn|-Wyum3uO&Eu9?76@=V!VUx2ltbHo1>@G5NT_% z{Q2Oua+#FfJOartTj1plT8L5`H)z3@wDTLt68tOp4KPBvJWg7;ruSvO?`e{l)UejE1rNq z{k>0jp8Fn@`%Qcg)bBX!Jv`hg?<07J`R)Q(HJIU=YNZhUQKMY^@PjCliw_vrFiB;B zdREb?&%812Jp3Ro_0})LJRi%-&+Ct96__>F9F4qTMMs!^n{V^yO*JntNbVL%yDa46dJlB4FPy}K`^VBWQ z&$~AA?4J8wp9cOv%I|pyaMk(mz1>p&kKJeg-_tyDGvQpO0<{i5bG*fK_%(C)$!!Znna}jVWH}@raGVL61^=;dMdkASiyJ=W*Os$S~IJ6s&;$b zO;vSP1bq>;yA&l6qLQ{I5lFPgi`%s5Kt!bJ#IjTpN3A_2WoRO!_?&2zC9!_Cl2}QcLq1hI z^ma45AX>E^k-hR-K$Ky|Q4%8m2%Zdik;Se2)jt{X=(6m9?uL5v8{p(pN?&0p&x%J7 zOFFF3B?VREUVnJaQ4gB5-k}Q9<5?DSES4;%@^}PADPfosDpoTG_2oFUmuXb&f!V0l z1JJA8-mi%Ta2B}h>!R~%1}TQosF>f}kmmj2#p&Vko9mxGTwayp$gG{9f@Xe3 z3oqow1ik1cLW&~he7r%61CYiLCt?6ATfO-3;p+PQ@bdDP4;ROe(Y*fFriAcz3K_d4 zG^%qdI8>u3!mN&F7bnN3m-nKW1iuEoREzf|RDG-Ri%*|I(;qI1fx5%(y;ng4QqD*+ zAxjwW!`Y7??#qCxiFFuIw|abdb@=A+@}$r=ciwCC<-f;}!x5AQN|UaKF%EC0Bx9(q z_ebwekAD8?!^g{$>+{pIAMZ+lyrF6u;AGMOT}EPBhiGv5;oXHCq~NYd3h-+Tk!)vG~ssp;CSZWe_K4hi~4UTpxbC`sw8C>h$RF>h!}|1CS?@5QiC`qJ-m6 z>hkIq4v*iTo?U;uJh?bKe7}U1ENGz_wEMIc+q+%NGL@i7pgzajfPIA6Zqa~ zwYBDW$VI7nn&`mFw>ZwHl)m$&qOd;5kC`kOtSrePj%A3Sb5GAY{gBq;JWX_nC>RSg z^Su|yga7!C(yQOVgrXF*f1QKiEyS_PUNb=)oV~rA?|{RjcfntU zO`6z|RT$dO3`B^dkfUe|s9Om{8`n%Xz=<@gs_75>vTXa+wefKC3-?F003jF)Y?80X0rcsWgH(uGnmpzq4rU%yI_ z9kmuxClLSO?0sQ)Q1nfa{@XXnjM`yQ=&-QDnF-_mURcya{yvB|Wny~!<8N+mo~jF^6fTbIH6nn;2&G`qGA|O;uHh#=n7fTRIg7d%gai^U>JMqQI{iM*Oc8o%-t?dR4trE%s`*V86yN zn&AYrGqJ7%?P>7xtGkf>7Jzo@yz`cs-vVh5ga5G*|KmR%0x08=1rA8spc-^_eh9-l*m?bf_WYeA&g?iA(f)kPh7IW zHa%hOX_>|dB!uhH6|HwV9dIc)STrZ}f4?Wz99}y>^LW2!Uybn{_`QCmZ20k3mzg8?@ zzXb>W2S>=64@w{&?7!OI?h1sv=7U_Ye+#-&mUaa_y+JVKx+F0L%Q>!k7>Wbo4~5J1 z#NIN{PR{Ep9dL?&h{CREoS3UxUEeckOv$*|rt%?VDsK zZ~s-p3^T^bteE*(eUo?S{bn|KOYx$`c$k8UERMN1(r%Df5hbbb`~tR!ytY0s6&!xN z`Vf=~ySm+2nLAzt7(`QM#_*{~|tAqZv#&Pk%)G zAgCI&Vrk=iN~OIZ?}$}B6ECV#?bQKb;S>pLBnKgpt%XoaY}p4Mrk5nVS>B7KBsJY| zF7vPKw+vhpNN?z<2DhRg3j#J9bjOi*lG~hkxJGEyRbJWh`q0zWaI3i3K$WM`VSJ2Y zxUeT69S#x#q*GA{EFVz=UMz|-ims*ykes8$@Z2v#SBjeLQsS{jFP5>;u z5V9^^QZd}$p4`M7&FVreU1L-p%oBw>36VfOqciu(9K6os)4Ng{%9b{Z2MW-yATZ9L zAivNhNatao8*=XfsA%c6E@q(ATu0)BHmdSDge9QMclVdQK?g}f(Y8drV94- zU08B=(%qSqaJ};aiehf2xk3*-2bSyJD&$qJ@#;E|Odd^D!2ELa88m^SxHNoT?^*vp#UuTHtMz|VU!Xl9 zUN~f71fQ$v>kRyxgp6RT?P441(S+Y0$4t&9k z<76Vmyf0Yg73{Zg!9YsUSZ;3vzc?P-6E+NSldZ9Y>FZ@puDFA(`xo$mPZ7Pv3;~6P zyebfZ^G`?W=w6}OVh@w5+v$LxXJJFSm+C4>1E%b-bNaVYxHhffz|=OmSx#V_6c3!1 zJVy_NQ^82BYraV4F`>%CybPz6HL48OJk_eH%s=I(iSp@&;!iI}oNe`G;pn1qq86qa z2+%C$i(^dv>1N(~2eo|5&jmF@5zb2P zYDXPQ(q*f1Qd>Cnr<*iI2`$edMOB+}jZhN->Aa{#q1>wMSFo0p)pcw5?Odq`OQR@|Cz@jH+!w-gjDt#N1v-{+wUk@kp=A93v-hsuZQEGGXg~W`;8iJvNZd8W^-1|lH|V~Su&$cd)u`R!-nMuH$gk@Tf$AM-;Si^RU*vTxYf z$RscEGE;+|-lEiCMEq!BL%x(0)O15)?}8*}e?PHe<7{9(6Ip5^EU>Et1r4QF>dL3r z-k(?@MqHp+V?MPD9X~~pKe4CQ{|ixq*rW+C%8q|75)v=sfAfM#9i73w`5%sB_!*Fp4vrMLuNF1URT13drHUWcM zcK`;W9`&H^vQ-V2Ui)4G=B^|2Nk<{1P^Tn6csMu&AHiZe4pESc$kKHP1uQlgyo%wg z?FLL7L!uT{54bf@oc1U^gTLGk3n~WMoAP0hJjsNl^t`dtbp;lXO%fqm z628ym1nUZm&9N$Ba^@Al>WuIqFY3D2{*#B%dK!N%;{OwGV($OXyr=m8qdYbBpMGEK zPaS=%ntrWMu}TnymDhZ-^075)sYs8s?~)YVVzL#b5?dOc107Iqyw+N@U!;W4^3Q@J z6<^jUs54=K%nm3%ljf`{DwNx@Kr?1FP&xiKz)BU0Y9N|Oxz*8)#uA(ozLvl$G=^C67ZrI@N|PTOyr{Gft^prZvK~!R!uB*t8``{HN@fNCrx| z(^8!S_tQ%Z*N~q?uOmXdcmx6@@H!IYs|O@P#JYb-;4fQbF$N{1d^|Nb0T_M)Xs{_w zFt4SM$U$jRqb;zK%kiw+gzSMs*!d5SM>r`JJS`S&Ph=Lx?j2#_lRW!0M1D8&g&Xwj z5yX{7m(8jAy^Z<~PaFSFlvsH<|8MM?@qc&bKb`-4l;_j)|71a*yZCb#)tF&>bTwG|5+Kklm92d zmJ9;<6EBQawg~iMvF$B_a;sKOVATa|K`8SBd2OQKgJK$GJt(G8_WMw5^96OH>t@3J zVDISID%s!P|K=QY1>DA26A*GxeVsJ}%-x(dIT{_EHN7u-;Ariv-4Tz?S!*%EJ+axm zwR^`{@2>sc61p1?7N70@#mb+{WxLm>h5x6jdG>Yy_xOKPcV^!I;<>Y@{l7#=cjwK$=TNH`^h#ZCiO?!pt$_`f~uaUVr5#k;iuU zwOc3e;`0|^_PG7w;(|M^r^UUq17~3L2mh~rV(ET@1Lb=(YaICU2Ya0CDzrXsbq&fU zcX^M$%c1Eef%swS&*mj-K@W=|CSlQ0M)V(@5ftf1lGbo z;_W4vo?emY$ZlSYMs{cTZGD%!;IMft`v$ZZBAcJm0oju&dCyM^`!6F=dKdF=Z~a$q zQmOyy&7SPPM|nOu`;XuGRAc_NGyYiXTHDXOO6svqzv2#JQJ;WBX)oI^hf`R2?5C#f zof59XRLYxaR-FE+w7g1pB-fa6rT1kkt_`$$Gftze){v_rEt>SO%%0*o!tGc7Y0LgUdeXRc;2g!IW66c7qOUHse1!@ThpZ$!;_AG#HUvOZz+zB ze}>B?zfj?hw?FOA|Cl*b^ZqAq_Ei7pQ666Z{T6RdMOi-_AtsK#+OTd3*638!{5;@h z!fQmgX$&C9$dZDXgy>96k)2TLm|_wi{Q7I1g48AxYse(VlIGVY-Jsn748Hl{he2@% z(z6I>6b!yTdp%(P{pUd5g4AG0Sdg$*qOfX;!spu*$E&Mgjlyk&RB z>xLfyFqG9;Q5+yuVQ&Lzuzv9&Ns+j;`82P;IRrOI7BRm;vbMQ;NWu&%lAeMK{eD!z z>1pLA6;U&HBwm*xF+99ZddZb8H`fXXzDIbqrl-Iy2~uM;*Dww5I+_f|gO8>_!dj^k zd+i64LAc`go00SyrK)D)@Q*a24P$t>;mb#kt^EO0%WT;^)Hv!FL&$RavN|b8t5^MO zEk{NgOs$xrDqqPbPDj9^Q3SWoM`Xybi11goP^QzaIgzmI{J2XGd z4P}@lqnqslr7@x?8)0&sH#!v+c8fl)psT$?OO{~2LAxXH1z*SfR@_RTn-qN^q@KJK zg14)cQ5D3oa#u^jlnFW6Yc-B-1u`WGiO6dA4<>`l9m2c|hNGj3yVqq|Qh2}HvMe;> z<1NeXx_4N={O)z}o#=D2^~$^Zx~o}rJ=a|86=$HVuC|VAt<6enSX=kGtRBq}5yH%KnjSu*(|3J|K9*S6W2Nn_@A!{p<2cqr0WqSBf3W7YcNYJMXYqhUz2ncgrwjl5Hsk-( zvFknQ|HpVb=>LD@t^vp>j6>#Ai#gIX#pNtgEwoDhO}pr|qC)yilyK=uVi2MvB0F*E zwbF6AtH{$8vfH5iMGI<6?&e;CbI31k^#9(YY=0Wozr4MDh~rg?vO5TZJ?r0fXJ-8` z=V|}%ksiMOH66?iQnHl#m`?y8Cjb!FU^QI@9pS}@O`egOGZKXEYJVZKa4y6rC^PPR z)50f=m?Q9o!mnGP@+b4cMTJ*o`q(dSGl}5HtXIU9gpn%TgtBc!W!6m#+N(GX>Y229 zCT-}v;XrlaVZogm7=t@W&{vX|)|{xDwq<+0T>QMDED0`CI}cSUX)S(8-fEp(Bt_uKC$&jsO6viyJE(?b4dD80o2dO-W%jQ@L% zH+7%n|6@Eh`7Z~(iwaQlq(KW@iBI+`0)<}F1?neL9VoPIH9}6q11SZK^a{!*)u7tx z+QI13-%mm096afWKiAV<{+|T_*~YYo8rUcQy-NK*cj`RFe;(!8Bmd=~_fP{+PM7`K zKz`X;DJYt%xgC$7;1S@=tVsKS*2u9sJ0zQKpG{GhN zV6Xh=G%=}vtEy0?RiVhgYAxag;?9Cyr1d%AS%l&;tV2D&ZwYY(o~bmGR|E)(VTynv zkae-L{QrCKm+Zd>|7!qL#~F8ut82cyC>PadWrmv+32&jR58k1_yV4MZKdFj)ewySz zB`I9pA?~A|ee!>7-v8@Pr|why=TV;S`JZ~K)|Hqd;5>qvE$vE8qkw%=Ep0fXVd{`p}^UgcNiX$o(IEe65=lerjv8Q({CB3VDgS5gbo?a$ALHpH|Kkv)8Gs_^ z7SJ`MARsY?I4-hpM+a{*xI(8EZBR@qk@Q+91pafqD&RkL$*ZkmF)UujDJz;p>Ww;1rJMIf(VB9TXCrlXi<19>o9M8<^(Rr`q+$KPhiQ!C)!j3I_t}5W z*fZ_F+0*?mkMnd`|38ZP0N{dbsXVljk|^SbSKw;T!p~=uY;p}(4aa|86GHc_@mheo zxyO%xnrA;gf)uULhi`Bkg26ET@Ba?}_ZJ_tHS{La(*YMNKc2mQb@A%kQ}DXr4TOk_ z^C{1M{T1kkPJa9Cl>NfK`R%vEBaraJmJGKPkeC9TfsCdkUPU{QB1S$FN+F;Gz*~aD zYF}mm^P`n13AX{oBnBwH#VLt5D5j%>|Bd4%0c%Q=?DY6JBtbS>U>d^>W}R~^Wim>$ z<289dq~v(ZB{zj}IFwk149igaQa^U{dkdwf=h2>8`7d9ajYBXO};}dU5^p*B7sz|9ti0_1lZ{7yA;wrNyOB zno_KHi9ew5942QWKTOEaSQT%BZAQt)`kDi`z72Ow_yyMY3ib1pBu%(2?-g>(>jHcI z2YMMw6l_yWcgimNzJ#T^ma+_#keNzf|fedYKQF=}`2}}_f{Ov2?I^LLhX1Uo^3q^xdaQzja=@wZA zq!a688UC=Zu3 zXHi7ngN$qt;1!C%UDN#y70_z6JR9%>~HVw7^RoK<=fsvk*(W27F#s z_pkHFfJQ<|uk(^R`Y&4j9uD*J?fIZq5aiW`lG~sveXa1myW9hAO)`23>3UEmG(+?f zr5h~DONw=50aX5Uu&-^!)=?BRA}PqUe&0wlXh5!#@b!sy$SY?FSw0DIQI=b86Ec&VpPF8&XY8xKP>i6X zoC+!WWy_gbeq|qugV%0Tf+M)JyeGcGZ?Letf2Cf4<2YBOqsw($3SrXf~gA!XWOKh#-(7c{JAufw2sy&Z7_p!4(_5D9<6aVwf^*^;T;ZmZz4y@7$cMvu8O^e2lCG_8MTn`Xy92PCE`i6WGq z#WA6LgfnKqx0MR}*8gm5od58~&h*Luf0T!>f3BB+b)3O_OxN|V+vWu3ZAY+ZJYo~9 zlp8BW$E*0ul+wU&VP8`)A^4_dTQ5yG0x`Fmvz-UuXMKZc+PM+B1$r^x+76fhpS5m3mj7^D^%gZSoo~>ctmT zA}jJl$H!pQ84HFKu|TcJ5nYUM5OkA>%Zdy{6@trF1aD`KupQJ$*&H;up2&mEaptEf1iVKk*p36)?1Orm_Ztdrg2)Z9JDUxr zdsv~q&PQw@z-~#{97O}yU2KY{=a2JrlmGpE!2R(*Q~vu;^*oK!Va-h^u<9+TemSW7&G9RPZMo3fX7!bUw@lKlbHzEzPtq!Bwf<9jhuz;6 z`#+WS?@awC{r@OWY5mJ_R%<_PKHpbb_bKhXms7sbd0$|UVc73GdJ>PvK9j%-zN(nK zGOG3-rPso{^7gq`UKjr=?*Pri@><0njq2#f6QE4m*!E>{O?D3`1-#>0f|Gl#5EznR+qZ@W+96;QCiC4GD!{%eV{0f zVRR8wlrCXVUc-q&AsRBfh{>)n9FmxseJT27 zi&I|jt-e+f3_}uUBi33pt}{PtXyxs+W>Pj32H&ub$hViT+7QROJH#2MV_=eco5Z5* z$*>KDw@KWNv?L`P3USn<^HkGLU8fqgqb^1?TN6TiP^X%9qE0p1L*3U~9H}x|@e;2# zFxfxL6Zk$x=_qf(a9C$|fgwXdifC)_;`5fU3+=v7A1d&?lun^$nOOTdKAUsnp_baykm_3F=VAAvKFWKS1M(v^LQef&qjS+oM(wl@tIM~%t{Rc2vpPqYstoA?i zkM1b|u*d%Q#=d#~`()}ro&S22r_pdXOLyM2RA{rsP^uTIJLYz8o9|HU|G4?;srIcK z3l_EqW8Q(#zGeAt)eabI$}xAL*M5DA5kNWHQnFG(l!RoIskmPvkiaZ^Ptq_GUJD8< z=6J2iB|VGa;A0__hj%Tw<{O?KsKhDGVf7zJx zI6l9PfD*Aws}@Fc5>QDIa}UkxgX}L2n8#4sH?JlcHwPOUvK8B6ug`66kG66`rZr;A zamqgJ@4!HLr@wu#6**$9QI(5|v_(}{eyD3(TmSqac6Hi675Sf#FgyM^k3HRo2H5NW znfJfBQ-A!l|NAHp-~YK@<17#D^0Xi3%w^n{TSQyL<9hk-&vQOEt`N=lM(G+-08<2l z6hVr@gZG%Oaa^;9+_>*sj*Sk7!vmP$w@hY{_!Ph-$&PQ`gBu)&rv(uQ8$@9UDLg#@ zAch-sYFXp#T{c>7qlo>h6tCymPR~T5%`mQJ^+Ka|bm~<^+7Mf+1yZ7T-{+(EB)ws}zn)X= z%UEo6mdi5l!ul#kOpg!)_>X@3m4-x zQq5n=q19uiQ-MLP9f?7kk?hfXqZwme506-9l(C+agYSG=SdJ^@AA$6* z`hPNgy8q=-o<90NpBwjX0F*am_gDb=$4@4}lL@fL1V~X5;Q(g#mg2pheoa$I(P}3y z6chb8c#Xsiuie4UTj)t9{Km)_Y48dlhm|)Zig3JolZ4{6wi|BWVb7cM{dKlVwG}G1 z+jA6$HPcGH6H1Z+;l1=lnVlM4t@oc!xRGQa`vCpY#OX7Vf>E~RsqWht-a;I~MN}jN zln|WO*biEx0{;encvJi?2EV~nC_@y~=&-KXFD;R6L{lcEU0484+PzDBRb z-=kOZbXKzgsqyh-K|WcKk7YrY44=E0kw3)GQG_1QjMNu;3p;Yl(Oq@0Cfk{Y`^?Qz z0#l0ly`xRWV*ZtN1e<|AvK1#c*p8nRcL2a3Kw0)Z36VBb3`q`*(KaeR)3n6kHG<)f zDW>QLUY1Yv@Go1UJB3V^W@MWNWdteuWs5Re`i(iKB!w%T6^=c_|0&^}&*$G_D?Up~ zv;aK{BFL{(5Lpl9x`KQd2CIlHU^D<YR=jW#uJMjfS2Ha@IS5Ge0pW|gxDlAZPr=$M3mXwaH z!4bbIQvlXQWbtF!#3;Vb&j<}mN~-waZSHDlDCDsd@%8bSyubqM2PJ$MO+VbCG{qqT zlo-9pi$3ta($vQi#DrGxj!KY*hB_)=Y+9mspf?=ILK8ZV`tg|>cwq1YA8P?_0G`Pk+EI)RUK{=;?0e&zhf`04)lM|mDp{_`_+ z_bd6=3Djl&nxyzYB&IOBB;nbX5`I7~H8lX6%NE(cPM{|B8TdZ(p0#U|^f{K+GQObe zfuuVhoB~a2i7whb$?`wPW0(Ib5%$6JKRkb0$^U=K|9GT_OE_KrU&y-%8>N5KiGa%S z<|YLoKSHhLzq%^Xc3*5E^VR&d$bI=*ll=-#o&47hG1hKwb0J>>SrYUzLdzw0ZNMKd zMq7%bJo{W0UKxNd4iB5OM45}dnqt^bRpdii#@AY96zxG7wGs28kv1M?f6{6^PxU?! z=i<*%O2Hv`2EI^JLj-O{_`^AywetL8QSwjggOXY<)erp3?eH(R12CYG=l~Hu8&*JQ zb8eriufthE$+0#;+)I&>*-!y3JJQ4%?V`KuCQcLO`&~zr((gzVqI96)sqHpfkpl)I zFHZ7B?|h3Vo22ov>wj4(;*wX2xRVvI&;RpXGyiion>^|NM|mp#UuoFy!3Q)7jx-qq zrBB-$1Z8?Pv!MLKFb>L-+hQV=KGF<@GUPt)Vwuw>$FYWn)-Gfn{SV|!mQW39QMa}h zj2ZLfYChy+m;cFa@JR7L&#T7&rce1_kMdOH|E1dgq~I;za|V3V`5rU@uLM^w|C8Hb zue?`I!sXlZ#v5Wwt^xZx7w^x|FW_0eWz5Op??vS?{==bk<#@9XIHNdTasEx|rC+bA zsRl;euvU;)zHcqYtC&n7E?j_mN3V+%FK>NU@V1uVqH9Z~#fDEp{F8j_@;_a`dr|=V z<$tyQuk$4TALV(_{U1?_vB~6TU$nLK`L~+n=YJb^J)g7|bDq7^L^W^T$9U%rEjD`* z3@otqiv)5`+J*r&)*i^f7elEbYOM@p%O@-TlYH#*UxeNsq5g+EaVqD3{pr*G|D!w= z`G3WS{T_tB3f&INCl88?Y}o4;@ohPb`$hhHA*zK03L)hcdOM4*Jcew5ZY{x#AoQ=5 zTfD1!P1WFTsoKQn<*SeQFNS)PYto|N#9K|pNg#ccoSX(tp(!0*YiFiJ;{)j`W5Dk= z+JAD5)g=E#m9Gci|93s}{!e#0dCLENoTo}O)w?@tZnx4N{@1`2sMouFD(RfBp{uOZ}H ztD=Ba9iaf;K~*Ra`!z;g=J3NQiwDj+E^|L95O&oR1%xMsafe6B|Ir#n8@!51itZoB z9{KM~D))bQ)7ew~*GG9i2bYjil*Sp8Phtju_iGe`#TG{)j#nUo!3|uYY;^EB;FUtM zZ6dCa&(CJ#J-_<-ijou^d=Abt7G;b^=Eb)9~XcYFu2(!V2LA?9eg>;-X{lNju!Cd;L8!+uz!;juMWQa z{|-I}Z()kbHUk&WUt|ZPBqdD39gJ{@;Ia5TCI3Dc-DUv^(eWQa+{pER{@vNDZ(qFp z;oH$BymuUp>)&-IuJ4%Z-=FwT>;EyH&%ybc8B-Bi{cVx{{ovr>Z{j4=R|7FMhVzj- za>s+e|Lqw5{owP@KL2uGUOw z;eoBgd|QY4y*tb^I?UHQY}~!WER=gT%Dvu{y9VW6E#-3T&caaLq;s)>D{eQ-+Wb4X ziR4(dBc>QDuVJiQ8^>;Mjva$zw~1rAO9;Smet%Gk5+d1bM?t}++rXw{W7Fx&=G@@Y zxzmgkEKla$Sf0!e5Btydxus9q5mD16C*>}g>pkKaF%{f<({9{*Q~Q9Q zSa>_>%iFZf+es~N{RB1)L$FOFZVQqv1;0eh`OnA(0hlBpBq-xTJi<2!sLt{`t`5Ip zbxbXt)owg$I%`tytf|&n?yS;TOOgi0y?H5;%@TIEwc^ej){4!(>22N^){So5xRZW;+0j06o9q*tdD6=|p(vw6f8?9O z&%XzzosJX8VG~FodQO5&$(FBi8h#B^#H0!ocM{{pmYIG`{w}sFj?Fn~rwSD|=fpWQ zWO|A=>Bs1e{+Hvwu8z!&KV(V|PmB&#x*PMQWz!`Vr*BLkP zYqi(<@@raaI={Im@(qHNPp2p%@4<$o2wc9ocz*om;yEvK$O9VMv6zwca)YWMR9;KUinpYUWzsl#|+L{l4PQMbdA0$#HBa%PWp&Tciv4AvF{sru9KJIMQ@%RgJ)Ogd1B0ufTSr3D4P^Q zJb*RHs3|%)-_v#mSI+lz+`xC8gb*)!@;$ALwWISruE@%W1UI$Jvb7*eW%JiUmNGYx znI;g&NX~<4Cl`l(Z|#q%Z5~W}&x5Hk52odL;FdU;h)pe2bKab_BD2$HDjQ zgFm$m{6YD|SK{0=T6l!to8`nj}p6Q=)2~2%f!8fh_jDmFG#V7b9Nu z=GiatJkcB(Z|L?4@wg}RP6C~M-@vm)`AvE&zlovzCYti|hHmFThv0eE$^K>EH}Gsx zVw2uVY+?wuNlA%0{gl|rw3E@xzHi{!BD^NOh1bLoUXzmW>gVUUC(}+AF8jW1z{5S6 zbX+%+rgdYHkCWc=ajb{D1SGvbJMZWSp2r>M(0G1WD~MyRT``ORjtRxfo%CNs$97XZ zClkBk8P|s8#Eae?TUI<{Ei&h6)_Av$^*ahA-!72GHpMgUt$4s%LRU1+g~%`zoQap@hbo64Losb6mua-@ST!@%-ZK=eHME7hk`8@$>T+ zZ!gYYT%Cf!Ey3YHMx>cmn3$-T~v4Gb=m}D-#1Jci&Xb}OLecZ zNOY<0)=Kqn-(2wVDwk5@%ytWnv+ubFg+B1WS^yKcz!9cc=s$*tgLOJiK*w&~c(z67 z^{{_hRvk#p0D0 zi)RRckOX1_m97zBJi-VRw{$T3U=8`+0!Uz*A%0yDn`7b|-XYVLNo=Y^rmj8Q=Gj(~ z*Lx+ol@4+0J49Pa*Vq4b1g@^1U%cX7aB=w!++a2_O7o!OnsV&h3HAGr;zduk9X+#1 zKr-2`CB>=D+7T~$lTx-&9W8Ok?Hl}?o^%V`Oi%2A8^>nMI=ziq$1rA{k}=zt=h>_q z&$C$r&lY3W>21t9hB51ujM>&a*Tfe1PlvJ(x{2TE%r1T%n{n&(Hf|k5Z#yO9)|uDr z@QA}=GKXB+2FCugV zFi${NH&Ke7@Hz@M&nnm$*|j~vUi9vXk}hSC^q%PFfK1(v3e2@CFh-z_=blP?KJq38 z&r_Y}o~zvHIL^+j^-j*D;|}P=z5~jbxAkXFgJ3@L#zucm^#1H;5KKB6K@+xuor!KcIO7qx~1Uui`-A#ZWiIhwOWLXKnu?;_vh+( zJ}L9;&TDy=6ImHXJRvj0OP;1l!N0>r0JdrL*Nm@vbyy9@|K`S#m7Tg{NaDqv&Kk@N zmQHk*teX*)4Picf9aa6rX%N${&7^aCn{=*W(z&`x=a^!eraQ3Zd3F$FC=umVa_e@L zl5N5VFhmK8Llg%)KvRfgD?>JW&FyWkxrV*wPHP#m4;~w}@kzHuH$G`vbT%WZrR7`4 zq+vw4x)EhhFEW^%bqiaMXV$Rwy#5rocyXttXim>@FGjnWhhy96CQgBFDwTfM2&*1Q z;;HE{ii*8)JxQGsaD9IMT2R|D1TY?pb8RTjwkfKI4^srnH8E}vz63#pV7yI4%_Yni zt|%fDY*S2kAYl$F1Pe^n*$lxiKZ-2y4bxM%Je?MnXMc%iVbErA_BJ>TgaE&=Ml`ZS8R5!5IRBet2?j*{YiN-Kjb;hu5iPQ0-G)Y?27^oEIL9 z$?ztL@Dc~Sgq}P%`!%L9++e|a#~o+izT`SXz+zK()v zW))1fQ@_0r{TgR}XU)T>QqlRe)$`Gd>!sE(4kJ0BQl;=d=y+<(x1SobodE8A0C-x? z4w_jeKrWtif4sT@UCv#TcXjC38LHaLqFXwyY&ae%$Y8MJ z(Kz3JG|qPBzW0%P3ZOFb#O)RU4+U2}|{M}5II z0p|>AUiZ@VJGzoScO`A}yrYZm3l}}7lvY$+eP7n^A5Hq^=uXN?cru#meOa3$Ew<&) zl0@*`@hE_AKMF9hsM1MaRcaKOn3PnhJuTH3Sf}GGaT;cc*R9MR``(P*ip&VU_rNbP z0ODJ58daX@!|}@2#r0agcTo$Yrp2VB<+a_^+=|Z#7oW0x5!x(J3KEjhRf@7-B9Ib7 zK?1YvJxN0w5A}+?caaLCM#ZG0$lGqYd9!YoiZ`=bDz=goy(>}}1t}&aMP5@&;7WML zyZm5Lh?0oxnCpC0vZ<6c|AJodlF-=Lh z4P@K|UA{dR!_WTOeRo;z7`-DzIX}@I9i^ZBfVk~Eb?@WUzLCo`-qRmvVW@^*h8-B6 zq9W!?0>iIi1mggu;EeT)WWSpU=-DHszAdrI@15A>8;MQ6p4j9LotE)JZ`v&&>P@Wy zQQwyC;w@(elP5ZpEjOIJj;WcRJvGy}CjSg2XQTzhD#gd_%6 z=Vvcph#u;A+}5)nxAp6<)DSOvPXo{B9bfC6nwO;WAx!w* z1TX8ze0TOope|P7ec{f!tv7epki+D5+$eCxMnPSKUW`_Vs4P!QVvtct(Q+F_8KTzF zs5kiip4Wu%maZ`xo<17pUi3Lhb^w3i0TOA*k1G41lz?E3qfnI8x5SZsTke$KGk1!& zG#8#*&y2Lqm_p+tG5qH@S87oS{Z?U$S*v2yWH~3g=G!P4Sm9d~i>)NL<2H(G-$wCm zSyX<{EGpJ=Zgh{MchAfi>;HS3QIMqM7KaGDhbdoPocUnAAt6{oEVk3&mXZXe8=Pfa z`}3Zdbn|H3iPfX=EeTwH-vlmyWEik>y&J0WYUbJ9!j#DrIW2@oLsJAd5sncE7hs!4 z8GtKmO1E#xi1PbpL>bBWzLpUsxu_?@W<~ZkA`KgIR@<5Rl2aiAO`C1gNFMP}$35MS z2VY(L!B^iB3HAF%LXC1-{zx|%?ZRofoD7od2bd$|~ZpYA@ z9pmS&Jr&DVVXJq6Eu+4cKhjM#ej2}?44YZh+bS}QBEKCOHhZAIIZ!6UYe$AvllLXV z)Z^{Quqn)*`qDE8#c4x^txi$zGDSv}BCk9sV=Ec;gVMWjkWn|tD-VjDjQT<8U#`dO z4W|tm_1Bl2^u501WMmc%D))vh7u{OMr*CgKr5hbjihD$w>2Pd*ozvT|a}2-E(fm4R zE)sk#q|~n$r?*q%7*36&IW>DosUIGvx5@34O>Rdsxtl4eH+h|YCa;W3xMj=5DePWG z%ZZhidc)P}Yq&aP!__GaS4PIvN=Cim>hv{SjrvzkVYoJvQEyK6E`H^hgEDPLM!g-> zyEcRBEspQqz8Eq*&%Y;vT(7%7wCwIicm)ATMaWKZ+{y>8$Q0z7Nq3|3@_X8drcIHOJ8 z$NcD~mb*Wnck<8XbBlX6v#H%#Z?!u!)b7kwyY|aMN-o;G+y3+1w*5S_sq~-tUqiV))`B)zQ)q5Y@o~xJE_8+3hQu<9N5Cx10F&>@LL*}-NtY#J;XV%xpnU#H$C{{y2KIUiOvXy{IGbgoq1<;lLQmLwl+q(jnA@IBz{c@AB#c;ndz=n z9jxS;%f`TTb1-ZdVa+UF->k3KH#IK9nHe5mQLR{?rms;((``US(F;D=`Q0~6R%!{d zMOPJ5ImAlqbvw^Bw;ku2+HTaD_P$YP%I}xZ7XMVcQpf0)Tt$(TGT!s!!#5|{5YpkA z$aD$OO^oqw1wH1rD#wz_dd~Z%Scs-hiFLp1&p6haosvh2GFqfAVUh7W?^bzaZYw+@ z3AA$Ef57J^)0P1*R|wc9@+3KoczB_d&n2%(;Wc1jK({c8c5IS}o5AMY4*bpedB4w| zoTcnJRro3pyI8#)t#wd`S+4=O9X-pZ*T-tkU&aN8Xp0=##xTzJ=eBF`&TZ%_<88OO0et-eT)euvK70A{#dGld;`NL3>zDt< zF##ISq&-s?OId+gQNrYURmLxN%e!B1R4bx~z8dVd_O3CYmm!EiV{IEy0i8n4zg zW2PlaZ&3(_;JQ4;Ws>k8L<36szedq!C_@MLt^^w8zw3Dyk&#NGVz2KxhTkGatb}5R>lLyM#%1)qCt;B8sld z`l^s0mUO_uM{xa5@DXG*WfK1*csF=+eLi>xK7uPmL4LIByHCMK z8LDMKe*KL@;J2ji0E~CF-fjlgDCOt>n6t}XraOQs+GHc}0tV}P7dcy#ZIoZNmho88 z4cd)_W-4k)1TY2*v3W95R5PbjqmxPf1!DUDBNw779>oVumTAa9#wHVtSo*al9l)x!R@RCpJ4n5=dpsbQ=k>k>;v%twpx!kPB|9x};Yq zDIdxXJN{fF_^`fLM*Ql)k08PspFlqihC{fe>%q|=CNUcPOU+2FBN;ZnMsSP(Ojmq) zW+OIfGaRDgF3#a_o1t_VLJEf=PI+e)$89Nyh^S{KmZAV(>SP5-L>)5=3nKU!f{$Q9 z2pi0IOBiK{QT{^4CAV>09l~O2<5*rT7+O)>)~z#M9AF1fe2Y^Ob18KTQ_OH?@&>{J z9ba=+@Gr#x>)&%g>(+xq??5t2mc0cP@x^#Z}Sn1Zyhn-@D?OhFa~gG~4ESn}1? zcWl+zF^|NNe<7VUfy$-nYxtf+P|#XJ`Wj|vIQ&iHbXyS{SZ*)L`fTq{orpbrV( z=EK~>S|G6yW17n>1m5BB=QM-w8ieZz$Ey@&S&Ov@V<11)V&$e>wV{#6*K5!)Lte*{ zmkR8T?VsD7UOGmLMinoZ1qz z0w#%QtSlV4o;PG0(*&;7D&>xoCJ97#!uRYeotqfZY)wdIQT9-JIjBP8(Uff2#O6QC zi+uCaE|{+Q^1UQsOKn&~cPE*iQ@Br{YtZ|N^Bj{Y%XP^2B*}AJ9p!l5uB8-DQnH~C zNB1yQa!}e-$?cV;av)d0;FM|8 zqk-Dg9-I!2ZjWx(tn=E=#A-7)WbQcUf z1+SY-U~8kLIFOXylMs7&TA6iMBR&d`2gMAcBsMT+c0I5WbCqMUabQZZ^OU&<6vHT! z2_7-SD*0uouB5U1jIR}biN_Egf*;~YT?wY@)B&6U6qD_0Z4zQ;i!=&HrneMwEkvX^ zuD~jzqLn41(he&oHbcNZAAz?p!l9b!+^15Fj({2wl4?2E9O-h2V@!87tKd0W;+T17 z>XU%P8NU#Xf^^G+IY0fBqUFDejf0zf4URD368bnGaexw<9cRHBh1&?nt0B4-VYOrC z&aUENLc(E8LUjDO!Zn0(ID|39L-mUk(ouqAbit>hWp;^A8Yfo)WRz^9=#oS@Fnr^S zhA43Rh*gx4c%8_kXfA z^d{3&Z;nELeBwX{p|QW5!R7SCU7~Ojj+cSwPA2XYE|zXEb`cEGbnc%lylHq6%mXi& zO-}q~YB+XAQJszX!!1fvrpCDQ#=cN~rgGqlRl$L5DaisD2~P5X{hOM?e`lgD3;_h+ zkre-jwT+ky1p8bUqn7^XbH!L+G5K6Mumgq31Z`5KgD#B|>w!mmd?Oo4M{g%*|fwTKHhXqgTjv1z9T`_-4ymKBStGG%C|7&8Jb3n_jnlai+ax{$r>`H`N^iwO~U?VGX>Z75{)I z?#9&Ew~#5Up@rhTzF`K6UMv%R%@8L7oJ9DPU=t=sg&-SDJ{ z=bSSpm`(B#ymJ|jS6g0)m@GkvGR(ZpgoIhO@h#3UiNC`cle91KhKJ}SAfJcE1^g?1 zKuCNI*5Y#ziSG@Vgy*Nc;mMSv1f~=VU82d?7)PojG$z4oy(!R|HetxN=?dAP7rki! z-@p$*wrm2vjo~fC5uZzaP?Xx25iu*0qSej@w>)*hHd&=GL?CbW4N1ZC9CvoaY;PPY zXM|b4uhj))&!l!Z$ z&DEIoITr&9^H$qlE8|?O5R#T=701t`20_;+FB(I0Us_Y`anwxB6z612;>gznWSJUr&kKeA^#cNHY>!p!7b8#lvFuIue zt-|KXL|4m^9Gw0nUJgzNyjttvXuv1m;B?>)e*4$aAVV+>)+o!zMQs;?=dZ5R{%>}a z8?P!oPSk!CXut;UK#DRF-69ZY5g|9*MD0hASR8rL!Y3J`+eFUZFwSZ$Ub$AEtBepz zz~DUEW)!90;54HHfR{X;^D5u`0Nftn%c%6}kC?8%6JOS~VoFU=BGj66^*Q+Z5L}*JUH$m{6#VtqU%}|L zyn2A=WB&HrU%`3t0e?_@`%OwV@-F~JBQ+NM_lkN~FRzoRh7a|YCk)B<_1}D;D2-us z5mS^dVSuXs<(mx2j3_M6BtuGhY7XCE;F%O+-D3r0q_Q~K+I|mHbP9MX)MA&2V&^v} zSw0CA9VtAkb8opT%3k0?@F-KX*hFDMbFotn$_QNM*SED9Yl9HRfT&Lt2jXVjeEU_B&LOj<%qyl_ z#!r7Qt$BGL9Exd*#jnSR2FL8n3=F{rCJ7_!;*x!xqD(er@41Y<``U$JIF#szlMJoIj2f!)%5d^#eow2%c9`Lj%-Ec?p)eZ0^V7~MV-Ldld}kF>~~RNg_;(W-4`v!NN_^4GFV8bb*@!7NwT@H+e%d_)u!0;sX4yD|JI) z$$a9kxaB0GJ^5Eq^Z=Wr2xdEw;NV8N=SzO@SndBZcl`+9O+r!%V`^EMDkEcWEP*wZ zAEUkDgyO@#(S!}e@n033kxuG}z1rjb=37nmp6PqO3B-(t1sgw}`ybXJ*;2w3a^2KF z+fov-cUs2?>8$ck_|;k@rAHzwh{xvnMgDA-iW`M9y>$%%Lic@xKcMh?9EK5M(mktj zjdQbrC_5d-xqJp2)>byHN6{(1kg@S-^6iImlz=2H77 z=U@CEWzoTxOul`Y&Bz4KRE$;<< zb$j)at7IV-`795aVI30+m@-tSZvOria7XTV=(Itk^2%%)M_CSH=BuU6zs?IiNNI>O zv9H_#D?ggs8Y}<0HCFjYQAE7K*wVih`D`kIK1Y%ZDS1{Z(;X{*NNQfC!5WLJ5zzA6 zwz7FsFJ_bxtDydYg-nIzeU@x#KS9_++ayW!wFG0~Cy3Y#w-MQ*lw$VH>z7yT(`|;dgiXf4 z^RGub#>PG8{F+t!hO-W)-)^%)Qtz&n;CI+&mhJXnt6-?^ExXQWHuBZx^3{lc`!a%_)a^j)bcOwq3v7z`p0*( z5L>3{dM%rZm8My)#dY|>iI-_C5HN5aJTo){j?;5CBbk13|;hd2;{&$HsoJS1P7 zAQdM9M#3Qx4g--Zl)GlalG%_D<=&6X;uqbuBil5;P)VK!Pybi9= zfxH-~h9F=qj|%TpZms0+8GEHrk*4-)2wIXfK$XabPz?N?%B$lAfH`!I_DAL%#Nu2V z_k`3=PpbT73qor&gAG-bCvWW^CB9o3~8H2nL!qkLC{67bjIUuAYdrbAzBX?bF3Ck(A)aL*wLwW=-HQUpVu*ar6+tmDWSPqk#Y~ER*`kc*9MwuJ8&>_| z&AL#X#3eo`7n{ssUo81<8=DBjcSj)H#c+cIA>T4gVtHwx$~`VM$nPS2cT~zg%^Rb% zCeSU1P=}O}4HEYgq9{WG7(eh@zFbsqxsCZ2FABjk4fP>kk^*SFjiMtElj_}w%;e$X z9nmAeOZTW$ks1!{-M?Mf7UUZl)Cx%aZ&eA4$NS!uMB=-VoP*4cg&^B5hCDEfd2Ix7 z0$jyz!(vJ26+$u1M0rjNh1DFZJVMj&o=}}SUl<9l1mt9Zi1}19r!DdIikgv&-*JV)Y%$xiyb0gG0kMz`;5*=05 zW}BV(cDR8_)$i1_Xwi?d&&3fsCHD4H@X*4QPnw||4nN7>h7{YDo{}-%b1{M)R8Jd`F zoZAkvE^yrA{Aw+R`sFg+n8bXni&`BibNHRn(wfmVYc|UwN zm|Ld$WlkawE?ATIvA9)+UsPR-N?2a4C;t`y{1MkcL0>*mB@GX76qQ!@e4z%pZR^GFL_kkU@ zYz>XGl$gi4Nu_53ER%Bh09oh1|j7()*0UlQ7 zXZ1KBAi0t~TBVPojs1v!?=k1n3T+Z1D!IvitHWJ4f@+{Xp<(2tezJpj3sYI?><_Va zCApve;#Gux$^)Nnt=8%%IPU2-{)4P|N$jUO^mjf1evikt6B3^7EfZ2xvqP1#EVu7j z07L`!vVCoiN~`W=H#87e_7Z3BejO~cZ<(PzIGs#Sj?`c0y!5z8k{X;2e&E;aeUGyZ zq``V{G~l=I>FxLrZ!(n1zx4~a_;w){5)p@&(N&7FUn&Jg*5n6_B5V)S}`7m6#p0jj#qO2*76f?` zMR97DGM&t;5Xg$7GF?-q?~5ZXwrSB~8;rv2hHGcB@_EWd#T>@@9XAj8O})U?$@}oT)bf6;)|#vmN{QITXWMzj@V9J zDXXAfa^!XB_7-#(2P{fV)WI_1m|m4rj> zWSweLhcz=cPR;vG`1>VB;(m5E)>#qps+JBcb=OE`)QPl46oPkRY)*OckazOJGy#20 zqA*jiRIvmpt_`Sle3;24gX{B4)_+-^TEe@Jf5vOu$Arr0ZN5`q8Jm0p+j{6V3L$PY zIde$&J3Di*mFZa^Y&Aa%PVJrWxHGgsd(Ts}+-LVTM@_J`tUSmpmBQ85MOX6mo*62k z-0%F9Kr6FTA!{`^vl0U}P#$$&Dx~*3EA^hbw>en`TEoP>&qrR;zS;iF3-vcxpE{tP zwr9Dnf5q}FVd!Fa%7*(8R*_UKPH!|WDgwJR7da)X60kvK`L{rxqL zLsgxI!5Rg{yZx?u*}v7%)WMUu?f|xlTKTTgr9Z1i16o4A1K0vykJAuchK|8xkp+hWCU;=L|auQ0xrlcl3Qw_62~wI^4-rAg}BKS!&$Ri&f7nt zN1mdLY}24p){$2z%?78x4uWJmI30`~$Jq>y1|mE+I31jPiwD0Q4P-XH_N80?ZsL58 z2fvjfCkm%Z<ygOI;JcN)bOTSUxy2cl z<%VFqTaa)kkgHMDw)N%30ZSZ79jc0L8l!so=Hj^woW1$}?CKwbQ?E2Km$C-Kn+&Dk z;yHN68XN)?-wtnK3RHESXjei~AMfK?A(tt>#SvPe7g+!!KFwt;?P#DE0A1cfT|1As&-di|8GyoIsfi%mAh1h z8=cUHt=v^Yvd=QE3jVw^O;9-b25xYKYwFA}Llq}rsowLYRc!5x<1P6)VQmjs4i!wAL!O1VOKrM^=`AP?Q&wMb=NOP0aoC*m0shmE}1ifCP{j)_Ix^hOvR zD;{yUd&(VIs~t%qY}Jm$Oth9dva>)a2{`eZ@L2 z^Gk^*nIKo_YAv#0Y=6H?IAA^qym*qduUHp_Qs5}-tT?`&%Re5%u+56{erde`)Fk;H zIatNfam8e%i>i9m2-~x26#SM8C$ks($dynYT*|*Sp;XUgN;mD|vXn8QOG#Z(Z;}W- zW5RVIh3nx_N!A{L9NtkOb2T!~lz-P4k*IM7%k6vL%aX5pJ7`(R-kKW845#;N#Kv4N zo+<$r)|B#WYfxBjPrI&Uc$Q%c?{lOs<;{35M5rq7%Np%R016;DQ$h=cGKfd@!q9oO zOO3#eYp~Hq=U{2bQ{XFI`COG&EBaDP8WOi^lMtlaSd<)`q79YkyNKOx8f@M4vIq&#g}(2Uc@2t8|@0Ha(9}NghXVuyGoc- ze4ZCfs*YQ6A-7Y<=V{_u{O< zQuxxz5}j=k={-5RI27j(g&tOioZZ^=I?Nba}FzO_wKVIbOPp@oc>CJa2L0 zOlHWLy9?+n#%Qvfdh_{wFJ)pE8*S~~d$kpw2x<%)lUvQZcHjoFO zJw2b+Bd(4GU(l^=4!5GvM4m zDb;72QJ8+_+!>e2+#lo_4u=P89HP?$0EU2);DG&d@Ocq?W**QjM(+;}{>HC3Sf^Dc zVQyr3R8em|NM&qo0POvJf7>>)Fbwx^eG07HJ&Ajn6scER*JjUg?X=CWdGTXA>9d>d z?LZ_XVNH=-0+gd|bAR^xhgX6WNs)@Oc;UY>fB2(~d z2LJ#p;6n;$kRbWfgWeKt*IXpfM^o^&17rLSB?L#|6s-Fl7{~hO#CGgq$44;=eH41E zm5v2MxI$ClMXOa5b^u6F91%>TWHSXzN@FtZ^#VLgV6w4fd-{+3uviTuYTI$R=-i^sU6lBo9RjAs5ajrEj2^g6XGnAN z$zPwjwmY^R%X!jSK^#(uLzHkJXa#XF1vs2X|Fgv{!SL%OMO<2t4ghHqR8i0o#RXb| zjl2m}dV%ROo!MTrGAb%w(FCF13KEKvO7@k4nqeBk6;}URe&pSv#4>A4dy<1V>UHQQ zMpFReIKUpC1RXsl2DW35C!ODVetzl4l>b5G-F}HScF2EcFqjnOe}6K0l>ZO$JcL-q z3qJQ5sKy!zaWXFIF&S z-KLHFy+=jSi3ZZ1x*u6}xRdENy-{|x@?zX1Bk7KVU-JbU@#=Jf6L56`v= zYhVc?F`ItRzJ99T0YLEzMJWXq0R!;03;tnz<6_710-SpbfVBjigk?l%@ly;G0&gy_ z3m+L9^ov9N7oLOnp!>DLuM7V440JEvy#Brme*V8~Mu!Fz+iuO zLl9sBf{0Cu1((}w#xOB~L$E@tDA`o^fBQbnW}jHvw(rGPr&rg{FWYryvCfz2(|lt; zytyj&U)H$_p*NS;H?QBm`u6$d7n`G>G0z^m=$^ai_d6T8Ji39QU(xBpDR|@KD8X0uIcDjdIYpkssW@)74nWNu!zs@T6DpYWn_2I9-<{*6i-;F?Me0RX$jQHC4 zSgl$fiVs@~tu-6Ar)q01FdHpF+{*G2FrIU0t2c)+y-z@{2};pk$3bWUn9&Z6<$+_>;n9f#?MjNS{6# z02E+hNpsfxh&GpKuBaByp(jQY=p!Z+hl?v-+935Qh!Y&rIq3eGSO#;u;3>eN7o$bGMU6Yzn$v*4vyP zj2gxVK^5nVA~1WcK25=RFgek$GSyt+oKIDiy!aM@_t9!aYx4e14> z%PHt;pEakY+v)I?$3+s&_%d>i7il6~)BMBx_X(Q+{PR=gjJr)|C{67kAlj#1zP$w|TylxysHln8|-iOhkvC8!qyAA$npQRIUU zW^*5o1p10e$Tq6Vj#i zn2=Jbd_)ivXvKJVoYD1i&q6WB3ZfWZ*Iu8grK zy8RW5v+*W7{Z-_nDR3sEk^Yhykd17>PoLx%dD7`HV+;nY5j|7{8-D8@lt1<(_W!7| zTzj%F?sX?{*Z#jVD#m{eNB!~R{@+79o$|RDM9@cx4TC_;!^c_nANq*-Z!b}>5*vPB zpp9Mge>@p&?f>@&kMsW_o&#_JDMd-hO(VJId$&X(n58)I#g3MD3m1skoda;qY*`r( zN&s1+AOMRXnt>Ih-V%q4Baol~QoKeWhIDDXhoRp&03lj%gC9JN6Ew#kkq_=LU4lOy z+JG51APRX+h7yQT0s-=-s9i#y-gGkDwi#-^*d^UeR;IRNiqf}@mx z7w6AO$BvWepU9&f8~X_MM7bpTXUAR>FY*zC{pP3F&o8eyP`--zQJY#F@u_nF*rcKRo>wr!h`4#CqbSnrUv#F}Q)v15VLltxx6f-*QraQXc7{MB>tp4{RXc=+cITc*kq zY~ILX!dzjZYb~M;!PEB#gYjV05OGXMib#*uI6Q3F#;8-msqwvWYFx{yrsx&%8}5(a zAdlbBz^{MO9>1aJB6rZXi`>ECVHs&n0V&dGIzuq=mUxW`6|v#}BvEKNwqv^|d142j zN$fxp>$E1;DJQnSPe0<2;Kh;(3Xk&?_Du@M?J4YY3P;CnyK{70(Vg!8Bh|^1=9;99 zDo7JY1b_%C4nP=%)(ZYJN(5PrvC(9W-Ey*;j(|p^bdo33X+mgCAG(s*rh_XZwqHu@ z=w$Cc9OZ}S=)@##(4I6$kTz^8pEYU2u_UcX+x|LnG|tmz>coDPq^}&G@&knnB4~7v z+tTPBmv`S@$}A^j3Y3~U&7HLE#i8vEOx;{NWrvftY#2@|*s#CO9OZT9$kdr`e;-LS z9JLj&!%?|_Z49V{tbU%XK`mL(_Zdy;3Wef?A@G*SyPZWJdjxs>1&sg<0>Fa)|MQa4mN1DLXWI@0@iB>vB!Hg4+)LX&SVbjU1nL3=5Gj%V$ zEULPBrkV=bZEgPzZC6P1VZZe}=vT~x{WbC^uaQS?6WZ$MLBFj=9`?&M^5|YQa^8p^ znHt%tvKwm&9ZcGe&B0_+uCj(ZM*@uFvhEw^?Tq2ErfRZ>H9WLW%8=Vh<~DLURWr=v zIB9}oJ?95I%@>Z6=KJ8Jbb#%)Id)K%m$t*PN!gZ_cTY>`p?%Dm&_8L0y<$TDWSn0> z*Rr^OvU7o6fIcc`aWgQDSv;y`@q<#f)A*>Gvw72FI5bIWZ9ot0i6CpYG|H1TDc6(3 zoyNzG4$CXc;h+h1^&K{8InXELa>{mE0974UAgOPXv}II%o33JRGYO!qpVWC+xfRb3 zdFcQMkf1qAQ0O57{FFydEYk%7IP?+(2?EjFIQrLo0`GQs<+(PNTq`hbr!uc%THdf2 zx+c@yJ!Ip37TP_j#sb0b5Tp#hd6ak}ej^nE|uiuz>~HMELLD9XF^1}6qZ?v{lvkLF$? z=&!_qA0^ zN#qVCMbdGSpv-)L6b6y7A0(M-U%CXjJr*~jVt&0g7}p>-W5y1R018Q(AYeqP08BtE zG7qpZ!3-jql}KW`io!+Y&n&k+uDPmgU7v?#;=7l{>F#zR=ZD8=k`0eMa{JRYDAHvv zeJWj)JOh;^qMev@M@&p+UFro0hG`6A}BpaCz+8EfsQA-6Hn=66`hl-!#yVVn5bx z=&jKGsrN_9iFYcAZ>Jc|s{NB9@uqTg-7Vs|S6GZ$9MXtueFj}d)d<2{dV5^%?P8WocIr7-^|-*-{z*Mwchlalrr@}ef_54_S9MaPAg9HhJtzIYiBoA1*3;e4zSeXP z26c2-+JgQ4Z9%ta3-(Q0(5bXp>gjH&k)2wN>{i-p?*6u#TeQ{O%vKv){mDLb_fJk* z*}$xPQ!A%`vODrE4|`mvC*4Zxad-4nHBXDyqkC-fv{GMG%1u`+s`@AG_Lf-rI@&8O zJa>N!&n;Sb?!=_Mz0PoJY=5`X!gKex@Z6$>=Z;MZ+AoP++pVUc(oSnAI!Y-h+G*~{ zq@ex!%dN4p-Aaqg-QVJJix!tVY(zo50fC#>~A&{tp?L*aN8RV zj*Q&wAGfr|j!#Z%2(L66_O}^|CWC1)xa}qy3GCq94JeSu0+?A^iNzT0Q5*4 z)Q!YSBXB<(u(V&C`hK}DmOmWh1eIl+6JPdcooRmxSSIgU8e=E+!0w+^Q&4J4iZA<9 zFey@Cnv?taulvXCV%b>vx}GaFCB>Kh=^hv9o;0Gnrss~UDJZoG#h3jl7!@fn%|d5S zv#{ZoK-P0rz7K(7CEfcOhP>*qNcX4_-8DTosivUR!V_Qir(jT|z%=sq+dJtWJ1ys& zGu|Cf!nrdR@Ef|TG<>(pa2716xznwHF+DS&d z_DCl%X+=T#UWsU|l7js$oru@vbG^)IXuxT@hgB|9fnp`y`&(IqqLnom znso2CvY9kA`!c$#HU|WXm2~fK1r3T;kP&D;s@WT?r@LXujHbI^36z!*h+lco1K5w`+n$cZnHCW8g7Q#*@nwGsiUwf+q!9(R19aRj=K(9@ zNFWHQ{sz3f*3i?g^chYXVemtq#t`~$D_lXjJq~W2$=Zy@mp(Y5%rdR*h?yRpmk8;>-TrDViPqoY~Pb1d?&5diSF|np=F? zn*g_{So_Xr5>UMfP#%^ozU)sxQLnl=y}F0vY$69=J8$xMRJVgu9z89->`!`8X}US3 zxrfJXEJ<%?_Krt&W^Z}$wD__==|#QiPCk?Lks!Tgpvbr~P()x^N&5Z@*DZQ-+;Jn) zt3+)z_LaVvJtMAp)uOrJn!cDlLtVxV9q(DM)ehK7LtxK1ZC&ILZK6Gc!gt#>ygj>lP7gVuIep`H5^OZClVFub*8VnD(Zo6~rSB50 zQ9?!d9Qz9-C=Rg4?@$+Hwj90Vy3t!{Q0;F|70szhDVZ`vaE?Dps@iS+jK+0aKb5x9 z{-#pVQX1D$#rg{RtoJZMK3GPC@@v)wrR}uMs4`ZZqg6%eXM_Y5C>@!U4hxj7;4Lyp z)s*Vs#aST9-hG`wp6pTG?5qwX+TZJ63^}MH+mAxZdzoMV3Ih-)cmlqjrwt(Wq|sveJ6`4CATjmMEpPTCcQR!j9^fu$9)r-t=wR zNG<7WxlSF`u2U@UNkf1`KybJSP)>VNc#GIDXGA+K2dz^* zXr0P!NN4|TNT;|B>6qJ)!?LYs==)%W2_qc*D~%`uQ3!k^?;U3LUkzHyd-QM(+K ztb83)D~8hE*~gq>_Aw`)eQdbLzII=pgc><5)tghT-l`IWIr}FFbBYPVoP2_?Va*xg z`Yv}`cDYm6tjhT1?4R+=DQ5g~@)^JCNUtBT?J}M9hn1PmoXU(}&i)y{oMOf= zC!g_axUV03*m9XUtXXDOW&3jW&-UdMvwb=FY+u7YGTT*SUumB0yaeB1dRXJHu1f6X?4Q`nDJJ%E z@`=4lNpBEB_j@Ct3Y|(_zV`;DQ{3XqrG*+AhmfS3A|(jSAX)Oux)&%E_j2NMf1W0%n5W6f=V=<09c;QE{tP95+O5?Fqq?fu?<(+Ta9LM!*f%*7Y22sv{DD`uL6o1;KZPrA1z^ugi*xXjDYS)I&7cu(=nfWC?r}qtHj8hY`Q%D@1oY> zGgM^JarVxl;}o*!IJqo3gFTKL_GQ?`py4sBjOQ@kDSgVVjy}c_K_H1D3SvmeU6lA>j#1!)C-J`XfF3CZ3+K4D6NvMcQy2#~BZY{9ng$ivLcW z;ovKGIB*8T$!IVbedV|=D-N75f=%H`35Cg5&S$q(B<>IL8~{E7I-Nhge}@u+qi_la zOkWx!AFmcRS+e;`Y#jAw&|jdQENzLx77j%wD;$L|_-{ft0eUtMAhpQ9QkbAa@Td3J zn;1<2jQOq_E4ZTtR^Bp-H)-QEjx`yRyyhxxBP(z5;yc^ubl$`$1SCom4;=yMuVLsR zAKapiwT3~80HINW>`v!8Ns+jd3V1LCGX!u*C=3GR14zIuqD$~i$Qld20Y5N}Crd{O z`+ge7go#H6=Jn~7$bH4YE-?X#xE&1>z!e7!0ZeJc(Dq;uZ1k0&zP2P6DfaoUoRU6gX%b6~yA|QXkAV;-0>k&;-F1h?D4_$fF{mRk#5{?1DQ? zm%N~WLzYn*_>A8Px!~+-?M2@KU`NZOkvRDVE){9*o5dAApYEUI1tjyP_|%boyPH@ zEih(ts(`2(oO-M#NK7Uk3-f{Z;)hP>!-o%E6p|=Foy^dOz7GsxqHr(euTf3d(&B|e zgtub=6T^o!%RAw1C<~Ty{+n;!#)|~{I9wco%Sd$Ax6r%g6H?dBbs?KQ*9;d{5gmaf z3W6D{5+%S#0iww4#d#8~9=;z1Rmf7fSpu=DPEA9zTV>a=wOSBu*u2~B#jHl2-DhT+ zKC=~Wl%B334tNmU6`~Y}3)1OaBIpCUOrmrlhS7VjbBMixtKjFScF*{E21C55axw}5{Nid z;*d~AVNb|}0`|H+DKR9h(k5?@i3O>(j8>>!o3eYe&S2E4Afxkt`ZI_n;l~cQfKnNJ0`5@_ZP6LXP5K_EG!R81+@VC=f zFZnk>myiO&Y3F{3B~qhf9wp*Ry;-zI8Ar6e6DQFc`^X1(O9rSQA9!!q;_#NW zC~Lh4IU9pub5F7<5b&89Ob)@ncoD)SAUEi2VVk6J93}jA;|pn`Wm0pij_9`>ardPV zR}2jpQtQ>*t80rbDi7_B1+I{|aQXdDXhtxtl-q|L3!G(`pJU=hiJz7B#S43}=+SrN z;`)c5u4%$5ag!W^_uP7Gvtl>wyiUimEWys04adY7dRxYP6b2iBK4L;uQeQ?Nzf<4m zX?@Xr9x=0I&PgE@&gXVVbxsr#?4ty%;H{X5@BJt&tcc1w0?wk8_J~05kf~5F3Tc98 zDIfJ*uS!%hQ+WgK;D(QW4~Bn|RGtO_xWtPkCEyYfl&p~tEO5OZ4y4NtDLqQ%8@5X~*~& zL^BwCGTv~}69oZE%HLj5NYOkE0)nVnLPb@VymQTWgeH)p#U@|QOAw@}yv64qW0cUk zZ_hu{1fC`fQY-{r~GdKD0hevn&5CDU&#dBQ_$_oH;Gu$`%}PFg2^D1tg(kKqlkWz zW%HObn^%9x@OlMt2(CosuJPRn_nv|-(*+muWQuHw*+h3s?1`1f62X8jg`tt8Avprk zoT89_yF;_LFHG2Zy2S&19}73z4Wu+7l0dVFV33bJny<-=Z?obG1<0dO@+nuk0c*^s zj7{KzDf5!P-hRp`ZAoT{lOZYNe3&B$jISJ5b*;&{P?LzlZfL@uD@+!CK6 zF+9lj;M;z7F;YB&KRB!>%9vN?#@tD7N;~>XLO$lsoWrW&n&%#` zi23TPWEK#?e1M5S2l@L7`4YumhMH3K+S$)-jp~`Fs8!>;s@xg|*uP<`M=}LZ{-1yJ zp1z0HzfY~dJJyMPWBvSpp8kXUcj48q|LFbq;o<-J`bl|D7AFV}7YQPy_?jRuO)%Y* zy*rCSiat^`Cbnm9K~p7ojRUkm{uZ5DN9iJ975OFlq`IF(56z+|K(NdbC`giOG!q2< zH({`0Tc$9-JUvb+HScC^yN#Xe|GBe2E9->*2+d?fb)enQL>CyXbKu^z?6i>h|$-<9&1Q}fNMx$LTmww343O=qmXi_X>T$fI?iM? z>fEBuU6lA_+Oa^^SjPgn?ck0j<4-!b=?rO7pJc%?PdYjRDdE7-3gTeOBccAM5NrW> z_{P*^003zcWat+vh~g3hA;%?powdS6gvC6RAT68!#{TNPv{5_%U3WAZjf(SsFnEmr ze30h=SYrS5-NkFQ%kSkckn9|Q|4|o5T4FbMhJxs>6U8W8$Ki_=Tp(tma9Aozf|+8n z0Pq5gLJBY|*a18|Nkp1W0rkAZ#*rx>WGze7Y6=%n$R;F(3njV!hb&=#G@iQi&(WZnRnvM$7848pNx->8)Fcs zK>%WY|7!>EU*a;@DR?n|9np&f5gs4Jq5Xst^nD5wzb)7AaDo=BVm040*bP~(VK#tf zGJ4H#%ys&%bK(vazfb0)F&d4>4m$Sd$NtbC9FO`g@+Sj0^t}Gb9QKE^`Dk+NIFs3Y zhQ@;davb+~i27(YpLtDiXvOMlhy%7#MQvG4RmEynXRu3It-kj3Uk!j1INU$6`)*%x zcXl$KOwh4AJ3e;d+?${gJaLXaf6{kHa5SDd9_+gidNcoI?2H`e#6L!}p+AP6?+=f? z(jG3h--^3&60I0@ZJDd;Rr6LuZa9in`Q5N`9PZm=+g0pELuWj3PbPhDfM))D;(McU ze|9|f`t#xO$?hl;typNEB z#^aO8+#gQ-lfiiCOa{n7Cy0G>N+qY+a8v$>P?d}?h@X#%)+kA^k95##oS-@WsJw{t zGzi$@OfKo($kI6|tQ-m{PGr=+kLEmwCwG`D0Hrmvoi`w`6D~tyi{m#Gtzs@GRp4w& zkZ*USW06e3FQ4k6!7z-318yfsqbP^l$zo(Q$|&Sv=W2&cd}Woz2VZX-=2(*zG6Lm~fDh3s3JIbh;z5!;V2B_#2IWp<7FA!)0D~O0wVl=J86bPQ ztvnN6VnV0j{m%lvT+fqeh2&^B5c_GVe9Qkdart}LKBeBn^g3;O7x|H!@;Hgw7 zhx}-YJgf4SABeFvEES=4g-U_F3D3m=l`Rk%cmeF3vx0#Eco9a4IMc$uDg4>gN=y*K zqp!)&cwA^{1wVo`gz6{=uVwsh1BRr@LIB`@6{;FtTc{hugkrrdsDEi`aVdI~0ZGsr z^Yda$O!z^v0I#@4Q6GK~?_aXlQ!wasa88E_L7%Cryxz)}%JfkFeWjX^wg}gnK!u8l zJx~!6k09BA7<)1(+sE@cO0w0xk3D(>u!?clibR}K`u^<;L5zYt1zrBT+mQ_`&0wA^ zc}fm79AyLPpoESr#HVrz445oPO>OqssCw%Aq6QANh*8nv>Szk#*_vk?1L@YdOzV9v>o3$MB;lYSWMKk};&qDR|O*vQ>}A zLq>!iiE;E1uHpbq86(wE8!sg^T7efAye=y{1@1}TcE`u|cx;bLLBcem#+hD7mxxJH z8GE5(`3}^JizuN}FdmN$hSsafIPyDjoWXpPnwR4;!~75sRAK#v`R?6ZrvZz&G&zxgz}K#7M! z3Uhk=KAL%jR#CF4Xi1F3Ght)N&`IcdthLHjyexJqiseTg2looz%0s}W^v_oVPx%p4 zHWrd-hR6{JBg+0k)U$1y+hGjc3qH0I8NL zQEvJb(V`JsA{u-QBXLayvwo#j&AKQ_(Gd^{ci8VN(L{C(RxO3~B9sFaQoGyD4cOfGH1t4H-R-jW$%WFboo775I#JvG?QBy5y`1g#hkB@^f-M#KhhVmV@@#eD>j{8zrP#BVX< zc~z10NS@{@X#go(KEON?3n!kxlOCMLwImA0QtT~}a?r;K@@TLDkW%O^rS-|wiCoO_ zVa6GYPj{YzOT@;c* zSNflD3|CY6w{-S({iPRoE9%Y?r>-htli5=xfcW|1B6nnq=t=-spsSW&j_vlHUVm7q zd>N$_<*WFJP%I8=PeIqQ`TzAaUi?`=itgZMnuD)>0GBBA#c2bA!1Hizy@Ls3Er?S} zrT$#8-e6sGtF!k2g1iJ#Fvkg@c1Qer9fvmCaR9D1 zA%!26XLi~-0H=pQEz%Fbw};^3^y=!T^C@`p%P+vb6zOVgo)_rTrzf2QaHflNB=usY z{R+lEqRl0m>-S3ei|^J7#+F{W@#hw8raXg|e0{zJny>1qd#+{0mhWmxl=BIxUP9rT zNJHiQ*wH^VSa^4P2NU1&VYom^loBgLqzXFv$QFB;W_PR+kvOPxppus;nJ(1AEJ5&= zaIc9<4Z?ItGxUTP4%+U9)-@;CZfXOhiR)J9jHuDyzlJbGxGv<(*+xSB}_N zI<3xMUnw?|BfYV$mO`N)Q6hybPo|V05(R4nLJ~yLZ5pc_c2Ow0;YU;E(=;YbE`6&V zvfvH@7$gY#8`blmD_VKxg6@&ZM#5nwDDpgkOV)}^Bj|@j=tefRwGt3&PKXu`w3Cx? zUAHUuM@1-r()9$v#9JcM^blgA=NmF2@1QMJReUlk+k#R4{(XYxKWAA{GL>lKNM;v| zLJ!51^i(}dT9Y_j^kkwRGm9j#WWnA6^gP7xJhSK$sn>@cA+D~}$BZX@=ZB0kYYiD4F<%-7n~pjY#5l|fsiQJ)U!7k4I0cT=S0XCgtmWN^ znDLrByPFa9_V{ z9mwYOa^ONZQVVBG_&%39m87W5PWY%d^ZZYe#&N)N7Q%pkPy)XV7#tuh1j8KB@1O0MC)P@d8vu zm@Z(bziV!E8gA%290WW~W*Qzb^$J6tfm)Y10#IFrNbw2*NOf+mC=51sNB+{gJ>;HS z_lZj}P;n$YQ)q~3R*0`+84k=4Vq!em08G(}*x)&9GFMtT z?3Qqi0A|wsE@bv26Hm;5DZpT#1g*Z>0}uhjiI0-{;EX(y6_gnJC0=8K$|}{-RflB; zs}$FZB$}bE058jGBFZTww_Ko$p>D;IZ)tpu_W@p`kgc}a#KinBp5H8uE#cSe9o9vi z&eXEbvcO9TN;m`yco!Yz8595%4%?=&n4l)uyb-Jq-5bgTbCc!+`}BbsCCp&D!(=Jk z_M-PUQJU~hQot`XY$4*e>}!Ik@_{nq*isqXFJg07bdA`D^nC5zMWA>M1O z>uFX#*!AZxGTJrt$Kl>)xaZk+&*Qxu`0s7NUkRPidbmqnQa;#;3G|+ax`h3|c%ZWd z4~?>5U2{b9^hI}=E~8XYsk|vgz8!#5k1qWMpcIvrs#!(4n}e(A%<7NkZZI+3I}GT!7DLr(}Wz=9Pb1TK(XkK84gQWV;% zIbo;PnW;PjFbX|ne6(PUdv{TC8${5zbUK9|Ghx?m??5leEccMD?<5u%Yzko+MH7;WuJ~iqKTs zsZvby%lOqu6B~X!hqKt^le|D+kwA~9n%q1P_8fQK>cy76Dz4X!wU-i;t@c!n3}u!6 zfE|EOOHhz&I_Uf2q78o>C{d{mLxt`s zMrcQH&>kTkxtLDjmrv(&{84~cx>a-?COJmrPn48^)LKaHWD8B8Ly)&38_dujrugMo zy|I0TS8;%zzKozhg8>XZlpG!b_VZi$^GLbFUtAo4*O8BON<(2t=&!|qB;!;<#kqva zlL?Z53z1L0DyUT`0C{DBO5$i&$3<-&me>=my^c&&lO#daP!p5|!<0%KmA{nRPR3n6 zQZ(!`DOk0PK?cRf5iJz~aGk*U9D9YR5hWIbs{+^J~ z7LI#|q615@nO2~VV;Q7jn-d^h1n7!F@Ae2>a4m73!a%-|*X!svBJd*q4z6&pQ4VSY zL?HkV$6(HiVztwj>2B^^%g}gnu^t|=|BlTju-aoO>2=}vZqVI^HsJlcw<=&=WvGHi zgGm{vnNrxP7;-6VOEkj{?ZA1lLp2z1_S6o7$3}K0KPrH_+VBSOF8yQF6v@<7XrvuhFP>| z=z|5KnZ{E2Wx?Cam;5W&Z`oF#LA^kD%AprX(hlxSH|cD-#Z|M|tIsJiPPM)+#@OrQ zU+jGEe#k(7U_GX8Hu2@M%;*NKn{hE|uCZ3bA)yHRAetNPu+kr5-UROroAq!a)<=v( zzMOijk9eT1=sMF3;LF1d_YCXec*vcFm-<+=s->{0zj-eyy`8fKh{>tX-FelUtPC;_ zk6;95GfiPS-7;v6)S|oXS-#6rEy2WRLvTsp1-teA&mE)HN;6xQX<}z*ML*BbmT;;K zZ58#`+|X7m0CnNR<+4)m`+jf-6J++_claanU$HNU zf7;>7*Y3R{<=7YYc>;~syK|p96HL8$g|b!$V=He3Vkb8 zIalXJ-bxu}vDuG9YX%AS@^Ra$?f(d_ugqbkf)jq9%Q~gJ^2$n0J09;h1>pjRA1jK| zfLPGuq4;b9b^qWC#d}_2DhGmOC=Y~eB3kveq{NJG<0%)#T?{5b9Rk_q9i>i0929i% zG9on7!=_H-U$RLmQ2!w!{H!TQDj(mVZ>xiZAj9Gkhjh7yw`4f19q2V{DN-?{%M2+7 zAhUnjCo_+)!t4Ulr45>)1oW;+FZWJ(kGZb!nZ3+RN+Z7|`0F#^+V0SDwjhb)2^TyU zO75fKz}sp`smYwPC+5L7GiDm{&^^6hRJZ~aB^1y3 z&VUv&fFI&LLkZ38JLZSKKDbaeh>HepA=!V0iThSYCdw0mFf_#qqXCIPKBndb_H%xf zbQ<#G4R5c$1wIl-M?TArH?ZBdzZ7zX)=M$eX9F6nG>o$QE;R&*C-SsF z^;$z`QeeZ&)8WHA)*BkZvK5D}Ee`ky;_<)heCeDT)aDz8UZAZ`G%0QW7a+|r>U+N<}c$SbbEnLd4$N$VT{?mv5`wd3J4M) z7kG_Ab$5p#YP)_Ka*r|c!BYc`!y^zzxvJa<5H3y$nN3U`W(KCyQZ0gbN;O(x%`NLI0-&Q}l)ztQqY98hs#w92JSlmv zpNb4*Qz^TcUKVFVF_)_Ai1kDiqwx8+SL)mqv+~%#TeZKH{me9tG&%iLY&kJIXKrL* zF!P7W06jUva!bKbD@iq=84gRBFyo5eArt}_nCCq@#^7i(HuQkt?fE!4tPg}`DENg0 zQF^s0l(fRUsGWMEa*6k7g?yZHS8G=!8|r3S7XrG9=L9^xJbh)&pm)oLmp*ZIs3y7u zs>3A3$W(yY0A+QF-V&3#lYi&JKs20}kbKYX3jZ64kKgjv-wBR=0CNN>>-B|9gd_QJ zq;6JMIzHRU#QzpzW5vM%Nsa7+Y--3{h~NOYVuJi3hQ=BuL9`%yj*T@;daU~6=y>4K zA!IdL#Sy=}NAjk&r&;MeyP2-y-*pH7=k@Qy&Hf~<&K%fa_9tohI~*Fn_i^!Dm@AAt zn5~^xGOg3+^*jT|Y~%W#XQeD3t#|aj!p&S>V{a*<_oeTHmDygJ+IkO1jus!S4J%LW zhH?`vM#%~j!o3jkK*%z>3q{Jh73 zJ=L%D6}-Z$GVD9XC$U$s+E^-AP{p`XJ8VscmMWXyb*Ua-xec-H&{4zhm!ToH3S?$3 z*-gB@`0!eim8C3u9KY4$x3tS;7{KoSmbu=Vb+#zHyQgz`;&yg(5$aobMpD)QY0YD?oe4*VImZU9N5di1>Sj@)2Nu7Rm=wU*=J&^j*IhC;^L^dYQQ4A1uJ6)Gb*c^Cpt6i3Vyu0 zMR!y17aUTwK*?YE@K6k~RJchnRJ*t)d?MNC!SB zI*e**C}v^b0-j_%e!?$wJ|!)oL5*50+lb6 zO&57P*TvgH#v>ju{Qbq-X`#*>-Xb1i%ti;-(rTB8P|{)l)uDpCs7e7TPJfEO^O*}f zKz%6Ov&HMHtNrFtcFo^befc48ZCuNH)0oZ^dHqEo1+(JTD1iZ^-{N;*%IuROVnrto z^m!bPj8&=)l!U&o^TpS;tivvpdC%@ja>}pRLh;^i{$3FtPWx$4%aR<7-;ZxQzPw~YlWX)7u7c9zE zpEH+jXO0=Mq2{BIVkm+jWm;h6@??!&<&ubSF=N3)4TIUf(mfkPLhho(7yCU?x=?2j z)G|u@Ab~Dhh&9}KA^k2Ig^N@VokAF09*WX=3rv^kjE|d=Yw3HlAe!}8kdoC_KUg|KlHt}_?$_7#R;EA~6P0LSN;Z^!6MR|ywlGcB>j z8eWwC4rh~iJEEg>19z`Iu-qo@Iu6H{ltY)|I12^9P^A;(#qPGQT3 z6k0w`M8X3jz&D6wh7}rtI1!EHdP4#7cC^W=C5dq^%SDt$4 z*=xdD>{euVl52Os(O*KUJC+%U%*I=yFpn~26GQ@&Hz4xpei0ZC<5(qj7xO|LnrCt+ zhD+7e{E{YPP#Jz&4qM`NjuVmm)HHlW^m4EfcM2$x0m1i}8aH9{3!@;vxkBD0o8UF1 z2wYwLzy!xm^KpS`&W^i;cf78GqhJ7eK75mt0=GZtyT;oxj6g14kIuayUs+610x~N);I`t0+|*A!Cb|ZC%gb{QeG5J(H8P00D1ME=sLSD z`$0)g16I2%KLHo0ZPOD}CMZxR@7oz=aT2ZAD%P;bGNUYr7Q&ZFmN*6~6-*G_;ue-# zy}_i~uQQi4j!kVP(A-qguuJWvJrh{g#_tfj!*t1wj*G~@x5=S!sGA%b&o8l%(7^9=c4(k` z%?@4r3%eN(4mvXLJIQvGMcR9QW|Em@qD_XvobOD8RHfkZQH(-nv|&UTD0vG|L@3ih z{|d4Ko2^@cDv}iFx@8R`?L0B$%@SglZ79c zv?yFedyyt8HY80Hepu4H0DHH~h!t*4T~@alfm!*7rIAEI(w;h2s~KIa*P)$i}& zvZj~w4fgcSZ#}-5+`HMn<=dul(6|l9ah&mR$p3X5r}(ck8Mt4$!+|pxPDX>l=qsn+ zA5Pq_fb&HumrqJ4OulkHyR9N|e~{;wUwYqkxc1k{j`(s^26D`T6vYV+MV74RavT6X z5cCbx;^N>0>5HFJowY(nB)olLcfRR;`qcU57agG4rJgMYoy~U_?d_4)1(vLX=K$F6 zgx$CZq8SWq{PB#9Ty@Q-ESSJ>fxy=|^wGy7@HOU$PM_(@_~Y}fW^y;h0|v>mtPYH^ zT%=Ax_x70BUWjck^yX}ly>`2uTO9gRAouM~DTUsW8FJ@3KXhk>C=_9e>J$L}X#MgF z__}ykIDg4;X05B+d}Nv}e!IA&D+U;}n)BwfWBv~( zlSyIzJMOsuIR78wshfG&&oi$o=__7v z$al(3Tmw9_Q;Gvs$d;hGz&w`fDQ-u^0f6bvYQ+jaU3biWQGAKl=%o6#u=91aHt?ZQ#Zt8m|_ zQ6ADIf8WdA$%YG{R6hzDKCy+d`Nr%}w$#kY;YDJLaLrH3>8J(;dwm@T*$4JXQuqu! z<+u9lLSKW!JOmUFq`_3cD16h^%1h^2YE%jRZRCZoCkIHe^ci?6_JKs9L;eq_gqizU zF55-lWci_4r%BVdYfLl2?P5Y*-M6{=PXSl$bI`>ftv|DoTVDCFM9q9Hvq+2Syo{n- z22oyW-(9<1&^=QJ&bns1-K<78qYH&J*~AeuG#FubXvY0qXqz;nq~?}c{aIAg z6PI=d52Q#e1I)jb0A}WQ&i-Dz(%RN?rNp)tKs$Pyi(>%FbUOdu1vdB z{}1uh+5fD^Z4p}`76C$68~M_?DZ4ed#Ic)s8U*YwHpeVeRJ`FX11SYq8$U#Wj}l%; zi^U}*KcY=_;jWoqv@7dMabqC(EH|Gl_5a;mp{hn~vkhh>u}|IV;yNcgI5dbct<5Ir z<#F4uRXxAipLu|vD=Sdl*^_IaknDVo-TQn<@6bN%4Fp#CG;Gj_$-PyhCeJ* zX|jA*;KE?Z8&z}K?MJkE%?%S-em6#0V|tgQl;j&3M5;k&LXYuO{SX{3%0u&SrntT8j<*D zI(~_#-u@Hk;Cn`tdhaHS>2GQb?%MzDZ^eHM#>2<`-v@a_{D(4X_)QEvdbe;eAqqP$ zD@==r|5kH zPWiQ`Tc<3t=wTV9o820brJw*DL+S9yYLvUXiYVK_}*Rq{8u3i1vv18mNDr7Z@7 z*lql}yiv>K(-y#-s*_B4A+h$UD3iV%EAZa5bi4fRaYk)>w>Pu zUTZ-DqNcqZnx0FVGc~m_~6H=?5uW4vuRk`aJ%kMAs#ijrP6j@F*qTrix=W;12}$*oO?!@}rXdn)>8 z_xKh8KE?-*rnMd0a&wf0NQ+G)s8!L{}4& zCsB>C=JP=!+%2Hqa6V+UKW9EXn)tuzvyc6+GRQUc1@H3zI?k|Y{}0E`qy7I7kBt8= zm<7f2YVwFY4hc$lhL;u=ylD=zi7htMjFaK~eA^UsfB8jA=IrYW_R%(SAAI^Wttm+1 z0(|<^6)-Q-Ah?JE?1^2isyeYQ#sjan&sXNoR?45>Cs7)+-zZ#9&8TyE8n0f@s6wWi zhoP@)b8VLW5+~z%VawQz%oUarSf1}QKa1MA&A#n8r8&d_=w9%>Or0l@0q$kT@{M#N zWhW^sLzLuSJgHhOPYMD2w@2XXweX*9(SBP(@OpO`jLd_eAm#EC=y7_XLU{Hy6hyF3 zE5Ez3%I7`M23;3rR9n_H!Agtjt@&S zQ*;tVv}Y5t?1_XT;vBci87@LZB1G|3LjB@d%$T}YeI z-y5RrfX4C2kNW4gecH=^dAIjH%71sbwf=Y9$Mye%JX-$CEsUq?c6}T!zyj0EtUW9^ z0RRp~%6Yjv^-kSkx|en^H(DM-L$o&Zg)W>nam!aO6|(5zHX_x8kYBhL;57=xFDS2H z%#%^MJE;1jaVK}Bl)O;NSi`6jErlh_qbv81^E8tGDizf}&ff;|e>^P4{|;Pt@+kiw z;?eTII$2qJ=dXfQ?)p_<%N)Pz+YYyHzE~5dZ@xy}<=fil3xEe>IKu&^7)j{}eLu@> z{QCLz&FT587q2@l{KJ}Se@ySN9zgfy8#ejz&B zdcRSBWt#2_$NXjNsg3w+XpA?S|0-!NxBtY=(D!No4M+X0_5bM6{(F!|+ka;6={a7s z_xUOSwjLvO6Ihov@&;A9Z0j;Uv{?75HVf$?+Ieh^{1AeG4O|6N@T zc*y6CNDFb|9IGVfizN2)AH^4L@nU)V9DC+CK!VgBUBx~9J-fxJ$`;Wm2GK26R*@HA z6za6mD(i$@nu!Pi;w3Ofa@rd{?$S+cqrHVrXJUbWMzb5;S2=SO@CygAmxs^lh+x57 za(RniIua}+lBMJ~UGL)gXEZBohdnnpF{I0z8@b|;IZC>vIb8nNcrn_`|9fBm_xq!* z^B>M+_$dD$;@Ot}_ptsqRl)Z9UyI?A^}qVIWBs2m)@1#kuko4d{}zjSL(lyY7xj8n z+}EPs+G(^CKIzP(5Pk2@I^^MCax!^idCgFIFKAM?7T2loG{ zrdur^%l$tk7b@Ma|EJ8-`NIC6j6JPSeCm~X^;yrXNK>-aTEBSAGlP_)HGAFquxHUl zaWAJnH7V;ab=0$<^1t|j&sGcAmh!)S@J|E(|Dfdl2lp}m(}O&<@jqg~-e2HP>0Gn; z=9_fzeV$+M(Ozu*G@AeGIPBf5<8aR#Aa>b*19$8Ghw^x%%a{C-I>+>dR{XO02VC%Lf?Kcm$>%3_Qsk2RPUiF|wSN~+d-;F=`9CJ( zqWwP@jUMy=J;<|l{_`HTe@jGUw)-nTmTmsZPdoO0bETSW{pKosUb2rCf#2%Q)!(je zUcEVg`|^2Su{?lAS1`PROBarykG)0Z#J z*1B(Aca0*KZ{A)%zj1RV+)3Yd$F^fTJ-6TO>QNdc#vNY}QQ1r;X+KH_W5U^Scw zxo*;~hpqSvX5y%tO@bX**#NImhzPkzq8V=}_o8XMgSDfTFB47C-u}Dy{2$J^U)=v6 zIK#*LzaQlJGWkD>t43?zgd7dT&DW;5X%X4|byZ~dyNlO1r*E%+*t(97E0-pMx0%q@ zcP0IntKr7;U;BRBdjNON|H)STuiJmj|L`DBmH+Qrb@#n^0Hw&-DL0G_hH~#-hSq2L z_q4yREIhJ+OwQML_ys(C2HB0zblp?`?=%0~dVqG!|KVgy{|}wV^ZyU?X#Jnftb6bP zl};Uf2TlG0QLSG|HV-UiI5f=kt-VVcLYaR_f860=DwJ#DV=7cBoG(yk%fb6DB+Kp* z=o-^0Nkf|~yFYh2l&awE&HDBG( zpShKeQ9|0LS-~|*X2n7RzwVc4P8DRsxKQ}X)=i;LYO!1(+ReX7W1r*QbXA^jO`cE5 zmb=$iH$T4p_W8}#^Rvt6*F{%EzHYA8+pFi7R~M&e&kJ?RcK`L1XJ)Xt>p$n-Fu71y}|KTQ|HgG zu5Vsk+-qAT@@_{rGA(nl!K*iCKVFS)uAX1MdwzMZ&7zMqfj8>hOs>)A|NraD)0@-F z@3)y+(r@jV3(+bHZ)y;@K7H|$-&}gWA1;qR`fVTm@4!j_Mg52WiN3ui&p!5lTMyu_ z_5Z}(TK^B+$N0|&dE`Ysb9GCPjNRC_@H2&D`1HP@Jz*y#5k!1L^Jc4>vzP|C?4-nWwNcSHb@NfX4G* z$EH4v|8Ml@|9g<9%K!J%|Ht0Dzr~GXi=y*0e}#^R-Wz&%74pmv%3ptJ%9fUvmZbI4(o#0uYxVyr0nm2; zUxC)s`~Pxep4|VZbo-n2|0(PLk^O(eviu+QMjQFRmM8cB6)Woz{D0P^Q^bJfpKV^c z{NoBQol&lim(HltBo=Hu**6?%;?0BO!3x{x^5p#J;^^wNW~h7rt%ekxo?jh3e|2*C z?)lO2&nIUuw35*c^){yKH)*;yk1zZA^wq1&Ur(=&f6~U7pA>e6T8((9l^$dEBym@x znsHYnd)!sIlkZOc&+)4_FHT;Zom~C;`r_xyccespj6VcV|sn-AaMX!7Beu@eH7Zc>+c^n)qY0RzG$GZQ2P|p85 zoQ^j6f7kLz{ST+b-A8;cAq6l65L|~##5on0zVmz@fFuq8%x40K`7OUGpmRvMk4Egg z1zXD$M>A|o2h0XYF3%OZB$ihc%HzlY5_<2 zE{->=de%IF#_`!XO!*}x_6w0!Kau)92PCvdwY6tCj=;G6`O_!M@m;3c?MNgt5c*Bt zyV?7$`dYVYGfHSTb93>PeW`$YEIK=;g6vxpyB0h>J zoaNR+2MEvXg_M6=`u2LURW5IAO_uo^(ZJCiB5;P3Ml94?g@t7&vec7b&>|-HkJ*_8 zhuEe+HE^k?C)ASvt+IX>&no%fFWvvx?``h?UeD7={=+cKz4Z%B+%liZF&woM`bP5b zN08n*!VP7(p1do3u%1aT~Zuog}M@yvEjZAmo$EbquVEJLdt8|LecRArEXS7dP_4^Jt(g&h(6Qy{(b;_Isb3IqDy5>+Lf^L zZkN}HM2Mo)CxKTu4bA=an&{-HJhb7$M$+viV;C2%5j2NoVI7f0!@*e88;3>J5G)=* zeRum#!Z&EHOml;wT85u<%Z2tL=UA)gWuLKSSUD}&s8lVYiUw0#W4opPn!X2n1_3K0 zEUHOXD4Z5j-F3JuR93%!hedgV*yg4vIS)KaAiBY~dDn}1)y451KPE-GD5B&(iE%_z zPjf&QAC%sBAJ8=qpvod~>NcZ{xNJt91Eq+e_4r#_IasoNBQ=&Pm&ny}(tNAY+bvo( z&Z=%#gmPKYuykc#&QWQYzRfM4a#a92U>>LH6?_ViymFV9DHbuS_URKRU6<2KJ7Z

YaXLVht~MeFRBZ4l;^CdIHOkj}LesY<{T z|E7+fl-p@xe%X}ZPPs-R%?gVW%(Y!h9YJW(kp9)c;#sj1n!U>Hkf@B0ijh*4|JLjm z3r^b16*Nz>xF=3?eygN);;VB#=L^PnR{M(YAb$E(@YZvJZtzD>0B4_VU`v<*a1H%i z6a|Oc%hgDTYfQ1aU70=VSs6j-Qe6P}ZKkES07T2hH6o%qCvT~4S!*&dI$Pa-T1>2! zO_?NfEy3Thue+B2SH>iYSn1|o;8p(L$zWpc|4yfy{2yz1xc~RL=H;bx1kThEm%d)% z>h)oyCIbV~)hpuuS9^HnR7yDDNAvS)6SSeXSF8ItKHoCPg1>xK&u^JdWxry%O#OXd zVKZryN3+KyY#hzHxBJ`-xa&Jit1=qjs)6;}+6T_elq3!=QHXpRlf$wJp?ozu=`112 z@C!r*E>0{ux?4cjUO?*4U)2rV>!z~tSC%-wiOb=n^^i@hLYw-OU#(&(;pH1syln9$ zJp_OCq>sS+yW#9`z(N(EPBKXKKuNSZRUk9$egFk@>sXX{PHypw9V}i_{B1Wz)N*X~ zl&*`XG0?bC${FzuRAzy2WGC094~0#DljmXV-#R~ZeH;+|D~I@uXCW$#C0V>sRarf8 zg24?*Z3lhyQKIRV;*HH@uBg<}vawi|Q+>2nztIsE&OaeR6X>IS-R^=Nelr9o&u*!s zBGGWET31=ABFC_!$jQfqO$g5ac1)zZyWpjhZ^}``cvcl zPk%b?Z_fX&-{z^Q|B-9>5Cw3R{x=?(=fBy@jsCZer;+~0=E0MsdSQUSja)AblZF8V zoGOnJH;_XrOw+F#E|3$WtRLo|+8qk#90e{Z&nU!I79}7+9v2UnDMjQW4qf@0a~uq{ zq>W+sw5}h)~_Qv%QD92s&wgd z*5TY2Ew)IqSnuMjjYBt=Jt#iA67!W-(QiS|t)>4pzw%XkR^|WcjmD<_H|k9``rkU9 z#{NHfLBx|d{M4%@9zmDW@1>}z&B^{fiaw{n`bIQ5g(PL2PCc#iuv9-)SNfK&*>Fn5 zO-N@=7Z@ctn!VU0_}M&-pPKSt9Ey6H{6D?H(9Hka8;>{spS3)V<$snlzU<;FEl12(*z(g*ut{_!IgAUExrv$H`8>K@Nwh%OZ)I0Q86cU- zMN1o#N2)(ox)||?keL-q2Z!a%J!gbN=d(+n23G)jD()_rktL8yI=<`5_+G1 z%o-NCh4X^teL6q;B+BPMwOu-+(5Fw?%@UuC^CmfJCm$&y5e$X1ML~tHD_M%aMoLLN zX@v3t)NAeZ+*?u7GR+)#8FUJjiWwdBcN+4x;)an?Rr2i#J*s?Ah{_8r~a;0RM$!FZ|fx7#XI0~L8_ zt)Rsx*GSmm)ER~nlQPM4dY37gZo@GM5-!gARs1$* zLY)!Ff8;TupNiuKOn&{KWW&%jC2bJdE1A1Y!t0343VBk4uA13EY?$g<54y!m^|k=@ zt}d;$T$#{6@`z~0c=bYD#qfAUwBzHY^Xt{|xstysdw&S7j?cGj5z$47qVpDH&1@=G z2wEFO1?A*%nLc7xYr^L&4tSCYCay))osiiaxk!H8Ep&$LmC}XmRneGZCfOF6h-|Nz z>$|ScOt9`s?&mxJoK~OyO)W=%D|}1NwPKu{X?NUr#Y!wxR;QBTv?)%aK;*!xYgIJZ ze=HFwU0$as+be@PLzced4v-3RS$5=;T#rhx&2y@_4gfCBQ?Qi%UQxDcCE2qbZG4Vj z@oD1!gJM&)u^Vv3{$GDGF#Ugn{wDrwJx?S5pT2YdB#~hHRQon!!qTSKf9XL8kF}Rr zg88lNDZ1_iOCNG2nCaHb!bKc%_>nIEvZ^|2`!&x8H1rOAJ-JuS|3iE&zU{qJy4h3! ztm6N}o|*q^Fz9dcf34-=7wjJkF0D>&;gbc>C$VzbL)FFKs@v4uc#%9zoHHmdAx&L1 z?_bXOOq4NUL?S9(5>v#PKcm2q} z>Ed`VyF{4x{GTz7fcFFNTEK2il$P`mq#$t^O3qGT6dZ-g9G)!~U~Idc_*;*#`?jCj z{9j9&-An+ih*ed=%>X-8W_6M8z z@3lOt{x1Vx8ms=9HO&@WcKn^sn(BBCUPO9n?B$%ke??tBW>C6ENs{q+iA0CUB>soM zQ_p+kx&6O<@wQ-+7_l&S%GDud*cSEk%NGlj1&rVf1)b}A{jkYpk+s}q9I5AxDy<@i zP4s9MQKjmiXH$CEoGA@$$4buJ&*Pj+io>s59Y-mJk?r8m#*V1X{{@|&;{NY(Z!k3D zf2Wg;|9>qHU(F{U6Bq?tapnvnz7fuQHu6=ASY3OHLtJpOGu7QIF89)O!^{u<)<{C3 z`Iar9o`Ib_l)>`ZV5h3ndDoePtFTHq$LFjeZzWF@uQp?8dKY|VDrw|{$&mkv7njSM z8~hP?9nY?RZyoa;6997zZkAzq58f|fh;K0Cs7b=dq`UPi63}^h%GzM#lY(pH!)1y< z8ZQvH;RNFoBYA^S7^Hl2Cd3O&QNT<)I>#y4xxVM4{Nn7AmBrDFd$M-BTcXdg~F$^{7mA#u%ki$R;_T>~iIZQe2Z+%_XI_Yj_Nl zzACIo{#|ID1SKK#5%B)Y1KvBYIitxsX0mu=N0-K|gR47ZJA|#xXZucQS8Nb#W4QXn zx3Vj{>jE6GLN&vf2$8qD35~$N`ssy+n<{rW8_i zvkW<48{|t_zy@0_egkm`cCrO^7E=Jh9Sm^*%r-qUWk|_GRsdUXg%hI zblv|!eXJV`wW^C6l12Z%K}_9f)9iQ>m1meLk1^)@DGjphvi#2mHIct0;+zsiA8B^r zNqgBkV$ITCh;NX8?`Ic^=06{^4T{JDM>rl7i~~^V*4hl@o6D1ncaIPCu^@iZPZs3xe>uARxnT>uP9@T;z`M(nt49L-5J2& zcW+NGPoKX!dH3Sv?dkE!rP0n^jDw;n?IIEl%8QHBwEA?s20>x9{{XibjDW>gmUsOwT1j@0XaM0C*_6!z7LtOs3sI zg5h}Cs|2xkk3T?xs7ijRlSDm^O)ZwQPMf|oI2_a5(=PaKxE}nUX@Yd6}3Az z@?qLGN=bXNPF9AEYrE=c=KoFNphXDK3jc3!&^Pn{_Q!)w{Lfk*;s4#bnj?_JfpF(y zisPul|J&WF>i|yTzFn(9Ktlsf)-0Jn|irYe~yA>h)ABPU479M+B{C_nTXeCC6u4_-Ic6TrV(a; z*T6&3$bu*>JazdG&GD}l(RCb0Ulcep^V*M?r1V!z=Rb*(h6>}TV9iOQg#84OJc8Ga z6LF-j{Dn_ek)+S^HARs4b0Hz~w^lEIxh+l&`J>+4t>vz@qt44JFP@}9l^OtKzuGpX z{3)`d$iSIbIFhF<3-#RmT*J>iBhW|Zh+xiJ;wa#iloBsX1sn^DaqoP~t**9APyz|^ zTvr<84ocx3%i;}A)6*!WFbp*p7)2@V;{1d9Nxm)6lWB;gwpjjr_)NG=%5ENpd^P`MPF+VJ5Hl80P7`5j|v6xi$1oY*veQLe-H7E~T_!_9M zxau`L)FrPY*kZk_09FmA-%zX=(H{=sqK6*@0XIHi=$Itd0`93IQ=e&L+gzPwSj41bJX&NnT{~|w%Fz`nyRh%AB7moyrRm_N3^1%I6#+5(n9t3BQ^t- zJha*0j|iT|NgT$r`^$tN7#zn@N(sb~FrJ+s9~FTRks@`A^0RFt8~5B-eVY3J2yK1{ zaMk(m>9~~tqrdV0t>@vJ3FkZ&XzuXKj<;wIzk2RIzU`tM&JsyRGXdRkY-!o9;$TW+ zmWWh8EM!k>D)X6E$ZcLy6WOK00>(42Sf=zyN@np+)b2FhR264M&_`B#kDw?(gwr;Q z1Q5V;>Sife)7-r(JIi~qou_Oy38V+sa)+7RX)}#9H7E2=DPXersBGitrz>7Bi8%O_ zf*|IqQ@TtzaafCi?9ok3l$6w6u#=Yn-=#k&pMW@!A&!+uZ&aa8DQC)MZApYIU)8c%<|x2|s6DIg&Xf^IL{yJc>_=MyZJP%PTQU;vCYs*rCrivklfN|cK5R}9zrZHjG%%Qs+h52O~mOZdMYV{EGoZI`3SOCSqZL%wn zg<6}=rv)S!2G?eO^NcjV99^6qy?Flar`MNPr8u%&PY^*fKcjmssKzCPi)I%m zFHSEXL@^G&0lh?v4<(elRsKb%kJ0q&3o}r6GMpZGHAuOLqgh-r0bifJeErY~D4J+8 z0cEQ%j;@ZLA6=dpeN)%HM4$iv1*GsAas{PM*ZmOtxAS!WM1MLrgQM8 zKmF&)>mUD9zDNE%2Hw$<#tX;@7>4)2j|o9OWuiYRl!k7%>*?NUv9+dn$XThoB$9!Z zKjN@hQu59hOJRACAE&&ax3VOKIOHLI$~`?z`oXouyCjk!qTq(1S@aFxfaoS2eGJIE z8KO7P55a%@N9omPFe4}do%eUZ`w`+$WUrYa3eJAKyc>a|<5%8)Go3WbM^<2%e@;Pw zDDo)^egNWD0@lX6R5n0ku2$LU5A?Df2#yX9$CLfTi(mf_*t<)jy=)Y~=g+d?OGG&( zmMJ1SIXL<&pwH@p7wT{&d}chFREdF=FqGUgp#D7m5bgQ%MXck=--FHtV91Rp`>T+P zKSYS6bDY>Z&A~HZv;X?=2)(?)RhurE^W+DxJx>esZD;nUPaI@d*h1n2;%|I< zUu1KT^-Yle%NITwrNhGLFw?@*ER6eGnW7r<4?(={Bqkp|J{f(gC%2-lBymb-1f}o8 z^4(3suQ_A$o-F|5jt)J;l2-syj_E8Tio?9`$?P3Y34*~r=)6&_M+J%EPer_g&Rkp| zC2&z(uR#pb5TOJNwz3xys@ZjiN^N2-Xdhg6$uc??Vtwat9#aPY=Iwgmv(THC}I>=#|}4HG8$VPv3_ySl|eBmdvgL zow>LDNi}4@c%YLg?=&;>i^uh0@V6Y|fBeT|08J^R%k+_GVYNR2`0HOmCj#EKZV!6k z?|)~V5FU47u^qoUZtKbk0RbGjxa64A(&E}Qb;%})f1QOq`Mlk)}%~r z1frPA(Pgc7yIpX}W-x1x$^U+j*&JFsK+f@gFMoA|Tg-R2rJT*j4@^an3Nlwg!T z>w``wO>lq+@U}l0#`G8Oztw3gI(p0+`iV8fjIKDJ%t}`Wte0^V=z4>bSzF*j-$w}_ zB|nZLrcK3B>eVEL%?i(_vfH8+^Yk|Lp;3dBdrE`nJ962rx(bJ@N4UfQr^*lDu|WXYC5!CZBjZ`+~=P+QM#^Q|H3}l(e&n&CNB{^^lXD>md>0{ z3D+0+9kHTk?1e4Wo(n+g&k@r`3J@GwCj=+4c^{~sT*m%wbuTJOnsr0D%-`B?9=OJk z-jPuaYDGO31nk!6j>7NwY*XUlYN6q(yt3uy(3910ZL>Io%1@=k@C6FteSQK`nL&(! zbS;HI^@wKRnNhSP=xR<-I*-Gk4BISG6R`9IIZ@WX*94mA2SH7k+Gjh&n&GSVKfkul zvUwiwX{P_HR(E|XV1@oa=nu{Ne}U8 z(ZUsKsVbxVU>+;njbaW|Q#uQu%;B>lK7EgKL*CM^d7uEj2VUk3@`?*xyyVXJWJBsb z0G5`X$zmB4$8{u1Xrm}!K&Sv+zPrEd4HDoo^?WBnDhRLR?TTPe-G#+>C)J%v4p%!b zASkA0nlpN!Ij~gsmXTN4;nh_jWqCA3f$W!>&!7$z(H#;eaF)d*ZDsDL;%zMqUDD4~ z`aZ3`fs>>uEL z3KD{D`1Ur?i{qR8giVTQmaVab>9eXPSKPt2_dR$`=ZJj3DFOlwepMg>=WM-GU?g4F zHXPfwor#@^IWw_s+jcS&+cqY)?M!Ujw$c6d{k$jt!GF*vRozuxRo#29eQ7zw4bKS{ zX*Gr=T)Fe-pJ=V_T~ljN*YqV5yZ-{ZN82n|qeM6U+j53D7!z>Rz9$mIkPl5fx8A0D zkdyr#){an?!extKlVHtNDZ7JH5pjF=eyPADt-F2R;^fNaQb-_!>}i=W`+=K&I>F>q zNxV4EC5*iY0qv>fOp7aB;_R49cc%4tagL+>$?}N6Qs;HOvi?JVbvc$dm1<($S^30q zvn-2B(nMKbJh;NEP|smSO=9SuPbb0Fu-z12*#t+%$$~b0-^>Sv6ON+U`evbti*VMW z_5n1Q#RU6K^SwD?a&+ss{7KmFVFxyyC?IXU)z=2{$c1qb1jr~`*b3cw0M{WEU))h_0k>X+B%#;bA0a8#_K+UCv zdSvIb+0RgUd0yHhbq~6ZpJoPyS)7Ef&SBwm=y&sT$ZtxZWxV`fJg7pFP>{;9>7ks0DDGPE;!i)Ssug~QX83m;AJwAhgcz<9)>x~e6(mW z*gKWHN}Vi(kc(oVRVF@~ueX|3{5g>dq#-C2NBg(5TYgn|G#wQ$Y78sNA8*P2-FKqW zawN(GyKq%YBcdH<%-yXg!QBYo#oVg~wGt+-mu{#@Icf7GcgPBt*4^Nszj5OUMD49PgO3P?6ya#0ws9+FKhKifbau)I{VDUELk&3;rC}=&J}Z-E z*d@MxffcXCAmLcFd%e>P9_;RB7a$3+CQ<*l%k&ct$rHMG@a7uO3cc;&fh0L0!2p<4 zs4-n!(W$Mf%#Oj~1#q-IPxw8rUWf7&| zl*UR4RIFc@4u5%8F_A>z-r0K4VRbY%WcK*3jpyr>HqbG{kI-^O`hK;ERL?A{au zvGCO|_YR>>B|a@=V~SP_x{X%3QCf2>*0vYNCZPu5+|!#OU)QVI zx@m(dwj7}SNcX_Ph_|Y$Nmc|IX{?+xm56ZE@l7#V3tDyCpV&}4lmbzrQK`m_b5JRy zs96J36MpnK(_c7;u~BjIdU?I24)^itY7vj-D%JNL zmsMftV}d1cxJ~t6rs@M_^p&;MChpv%pU77cJ(yzz_hF z?DE-w&tP`_N|;OXB;-;UdUmA&2!#-53jArvcqLpkr$&2*o8*jG&I$!#p)ZrkGmR zEuz!Z{EQeLFq^^7W~20lN$sH}AoiR_<$Ff+`hdVU!^-!tdv^f>6i(z~elyo*660!} ziT85}Co3I#$U8d|`;F@=8Ml{_6OGe}UzAme1;Vip39~+U?l_x)UT;#Jy^L4Dy*i6+py2rvE#XH1@eGdzFzP~x#PHn(Oue$# zHEFB^+5c$yU)bs=bULhM*eenS^BtW4DuqGRUj(ZTK}uWoi}VNH7tn(D}wm7%)szd}a1D-J1z<(_&uQGSX) zIhX-f`avj?8~fU6fQ?rV-&fquo2e4;oIaqcMeT*7Hc`9vTw_!8+dbwGxmC%>ks|_A zTzAF#_S`yyYDrgS;c&TR$#Kb6g00d)(@h7C25hEYjEZ9;gY%J86ay0{ABP@T2=(=l z@>AP=&XQ!2J5L12(ByOVryp%-!45v?Sx60!M|($w8#HvO`m6b?lW(sPYJy zxbJvF+||C<%E;OKW##rc+Qh?l7!bg|bqLg&7<}m6*&8nSaS2EjB)bSGda&WPt z?*uz9AFhJXbs~*R^6|ow+XY=Nmf*-aU>z}30R_#H3MJhr^FLU&XzlD<6mR5-Mvz(kpprbfRFDCx6ws zg~53_1_}#%4c}$*dUwxU*Qw;?N=A4nVKRZN1@YMxymGcommk4lu{0rfheh-R=vs^t zk=^eh|HyRjKc6w%t&r)mj zUp}VPgDy>!Ws@=ZM=LMhSC|N++3qvNhLX)e;}jn=O!D!)ux)9T%E|Edr?5Vi({GB* zIK=lK@SlIC_B1l!Db&~>5NA?;%}HlkRMha8BjB{Nr5+TtrwYz82_2frc+#nPwz`87 zLY}{M<_qc^uPGlsYqbEPp4#a$v9!FZHJOxx);Mjk z!I{D~OQ+h}IO3u}FQmHyk?OUsbnKTnoXlJn-C{DOhP{$6!hv=@v2WFF)R|d$c8E2! zEPr;Nsst()9g{OE2{_DT<&~$5S5wIrcq0Zq-GLkj{rsZoZvE?)bo(T3TGkLZl}r<2 z6g3W7+-cp!ANM|s!>zT`|JE6A_AaIy&b4dW*BPfR8@kpBYMS{OtBvghj~leJC@2Vg zhy*3j8^}+v?i0zpMW%vNuULyiM2IU``DhH&EIQS+(~A8LptD27=uUGuTfr%@`z2 zx%e8DbK6+#xU3=(ye!_*a5Xo@OLb?Mq@~yNcHNZn^;ZU?O!tYfGBQqBzwozC@*_Kr z)SskesIj9~*yEwIBZE{C1dn*fOKvHi9nitcd{tRyk;;-cC#Ie4UdfWybYn%yWswzG@QhV8v6m(qIJ}R5ENExJk z?#n$DLE{?7f1aYd1LU+BC-@akjkSw%7c8`{)-7L${$A>b*}MTRn3g0S^h@ z<(m6aK6@>Wfq0LwS)Xw>UgO;9hD^5E)PuE)Y3!jhCz8;u7CRa)-rE%e$8QcvqYtI$ z?4EPim~1addfoL5HPbeKzv-21tQ?#`+#$07Uwks}fmjLOFN;Q(fHDAJzp23bEznJX z8Nf2y9sxI2D)k4e4NFoTF}TW0634Vw)+wG#M}y*!S0F)AQIUm9i<+RpyTXx6^TS&Ug*k;yFMAmGcJ zt;PE}g@@bDb0=f*`71E8Cfm28{UsM-r^BIlE{+@1z@_nO8T@T4Byi)Pty4t~qJsC>BJdU|D4rCA;6`Uy?JBCFjaHs2L zzSj#l0g1mC{e8I6rY8$7E!x~WtP%>owjdH!ezumG6KbDO>26HH4xnHHVKMb7wAL62 zjQjNh62ElE04nWfzi_oCQlu&2W&b!qxT|#T1!K9qApx;6@MyaAQnYc!0%N3xGACm zOeKZa+&k9Rm z%#)aB)x(?VDXGT8j|AdVLy zaD_bJL+93DBX5C^D4I5m#DcMxL@zrhw_5-TS8_)r@Goy(!^0V-B5IEBoAcOq9lJr# zB>)V=e>Jh037@JItcTJ6c+Cn>X4S0L60E7DCn z8Ltq3fQP&D)AifgT9ii`Ev|z?oPs*Ezf6ow4sB-b3rv7SKbveUgnxQ`UOhw4`$X~x z;)w;y<{MX=#pH~K|4gR8=zej9-RMh|)96W|n-4e_GWC5L)WXLk^AZj=5`=VIUNcyH z8JuOXSReoHsiz#3D;o1R=fuvA+Nm&$<_j*%nbS%kcm|y&cedV^sNGJNGq>I#ZGD*x zm~l8uXV2@S{*gfo5qsCaTl>t#RkCSf?BdBh9f+VhCKkecb2ohLR||V)Ct|UsQ`neO z*AFt$zK;ct*&Af3N%n~)8b&N=`MC>=z(i_ir0`?#i6EMk@QKWb|8iIbvd{v!k>Z+Bf*fw^J}yjW)s z_bG=YIB{UY1=K#kB*9jMH0ya={Ug=xR|*_m&eG^RdMFd8#flx+>? z*s9q#X6mkA$X9AeAt$WA6XL>U9zJ*$90{s`W{JNogD4ON)2Q@mnmxePtAPFauE0S@ zkRpE>$WKxaNct^z^X<#QtJrLsnqtKr%zWQ%ipwDQ1iQWuB#Oe?CYLVy3FpTdHwcFA z2n%oS9eI7RFHf&U{?HXi`%#MNQ<|pO<$8KuahF^PMg_mO9sW-jx6hN=Mc~Jv+~_Lx@$y+&Elj*L`)ETQP3o&l7EHm{BD4RAU(ky!ck_{KwGI_#`Pr!OFfJql0u)cJ(0}xff zmDV#^x$U|1AaSO4p$BH)wm1kebFNk+;?UA3?y1+_0}T^fx>-r!sa4@~!GN;oRwVfu zSa$ZFM*sH$5y*ei`|AWax-drrT+t>m``QRocMQC5%@iP$(Yi+a__YeMKtA5V*2U0k zuPS$240~mIMB;eGrd@%!0Eqe z*KXb$Jv~xIPNs23Osw<-JlmyDEdZ?k0WTN>+%9_~GJqaKssqSCgF%&JVCj8XxBb}D zm9+t6=*{sf0jyrNAOaX8)(CqO|9aubiTIJe2DZ3d!lI^c^8npir=;FDu&kOxn(OkG zi{9;V+?nwwVa@~Lu!DYcP?-^D_LarhdzQ%)BS17&p<&KNy8CL``7NOf#+h~oX=okf z&1;l_cRWu3ex9cF%kieO7%aNFe=c!MyePcqOqlib`_P?7#qy>@i~luMH2*yfuBH{+ zQ1=f}n;=?lrPrCHs0F!g9Kg5(WY2iydEWW&?sbN#*Fk=~;8^%q==L#s24C>T%LvyU zbZIO7J&>pg+|smTof^b=<|eF%0B@z)W5>x8a!zV$IGtjxShm09Dp3%H5uO0mOA+D@kWWT_=Py3#rd`+X!+7Op!my@_&G!*24_nV%J#6~pfiO)no| z+Hb;>Pr}*q+|NL562GssOTeXCh}sR@(}bv?eRLj5%duE3;Zhl7Eq*abwc?euQ>;Gk z`-Qn~`_eiBQ1JRfh5651Ev*A|wrp%xsF-=Ny2za!@!@;_GhIpKQ}t)5s??ES{~31;N~ZSj;x+UM5Zg35a~B(yaj*ulD`sl0tH zD`4Ez1F(Dh7y!!a{xmN$Ad3Zyq-$3&CW`RMOGzdr@1cp`j9Mhsa~vNM$AfTcCYX^N zy1_-bdApK)EBLfYF9aJ}>z=YzEcSrK|6sj+j`5c%^BlO_;Gb$RL` zTtVw}|*l%fh4Sa$DVc)f&G9XF1!-aHJo@xAz!HpwBYwq?ysKMR$y_jDjZdox!TAy@N z2qIirPvVz5(+6geB-_s5mF5RlM2TTM6Zz@LfGm2Er$gbBMuj8bMO-Oprrfrq1g<>X zei?92ZpO_xQ0CXKmQ3MDxuM0=gtz}WZW2{5gPHWBd#X$eiLT5+#-59G(`g;$UU6t~ z6)SZgj6F!UI~UG}e3uXKtH5S6ZqAxdid?iCPxb$6rHAY1kJ-uplxGdd8xrk!VfK({ zP6lJV>Ye{`=svRqX%AAvZh*Q|PMMwVUaP1a$IA8-dZ6TjFYmYO8AKssX7s5SsWT#F zFn9IzBCY3m#uq=g9n1fbRsIv6>O{m4=~QRidI1+8dAU*05QwqD6G1?2 z1qW$tf~J0#MO_g3cm!RpmbFq-DJ-T#q#x>aoqUldiJfG#xZs_=Xfm$lEhY<*Fs zU#sY}3ijpBh1xRWeiz;YwR#6&>l==buFQMsXo2%el53cvwA*-rAXQwWudt;aM>hSf zs&_`drivL?3hlAwSX)vOGr zF$|3TI0gg+wA}$~Ppk@ndgEueP$Xnb@3N`uJrfScld)W825<=IvU3>%4@=!>y`2{K zuIkMY<&P#sqV}9)ZdUP``wwVb_im36e@@|-ez+B^%u=RxwNJpTn+h&DrgW^ykrkxx zeAh1dc3hH8sfp}5rJcQL`rT$ay5gyKoj+4jY4figs^SJ%-Jdw(W0whDL_gYTncALb zoIrW2cx>|2CoK}sROx)Jm51w!Zb-0qpNap>@mq31D{>4w^v>EYM|W-3k%Cq-zX^kqX}&5 zNqnqU1x*RnTVGTNY5QArtgMQX*oSc-^+(^RvBef~Vu;l4B$vhY#Eepv0zf9>X4n(}S-*y4?c2Ah2s@`das1s`RnTW^~G@4iLL?!#f}P z=`+ix<|Mm8n4+Hm*INJ%_6OD-X~wwDb`cacGKQNVF5b{jiA+9UYZhVxXayWxMCd$ znsDdl`h8FuB}~$&#W=%)Ll49vur$`1Abs7^JL&w6>dA=(g?8O25C5C}L_NY=C#!_U zt5OY3!`M`UJ6WoetkrH`)u?CPRpK`QD-4_>cRn`7wuTB8Ng_Afw9~C?Sc+KH{-22hwN+l)7I>*?sQnoo`_`i_^;02Qu3%N~Hp zFlN9VQ%qoUYS|EQrtwMvVf$XtqK_wsR21V@*3li1xB15S=4Vco-78qrMXt_)ta+B* zeUtxUNV~&+e0qCB@qial&nU;Ie?=)zA8XzPqQj}iO50wNVbl7&kWtI)UJzai=N;fFHG&DjETPI) ze_L4Nxp=fcdEOQefdi;7oNvPK2f1g!GdU113~Uyl1_b<*en(FaIPSPQrA3X5vRyq% zI+gc0us^v$RA=H<1f!ps-AH#k5;BE!wL>xIEf7wzzhj0p>pjlRi@J^{l$eW~S~@qLt6J zG0i^4ufD=N>+^0Zpn=k|tqWO`wFGQ6?A)1Lhz3qn@)1M^rF`@r%mZ%Pde?w@6Ds>a z5ad1dLpT?2%)zak9Jyg6>)-DxbuCU)gG&rCe>VgK%~W*!KG^U`q#^4FqbMSOexth~ zrBUyj?!x}k#KOQjP>{Z-?Pu?I={<;=vMZ-CIQ`;W=Q+_im?*t z%szi2@xQW4qqphrv-Zs)QO)-L;YfCG1;BZh#=B;OGafGRA&9dg9@scRkw`a^f{BtB zzoG;|&9~o^NcAt1ivBkLl;vCf3D?n2szkOa2DE8K1evM?!zuNX3ZO6~M8YW-x6XUo zd_8`e1h)X-VkLzVT1V5!`lz9ov=W^ij|J3!%P(6to}EvAY0RrTZ2gVZH$Y&uaByqDIuAM9fuoKd z5m_5;WYTM%&Q|AQ9Awjrjv-IWQ^4oK+}cEvMy-K6Zof&BQaj+I+bO_u6Sz$(C!I9) zZZP^F?I>U|u8KDUaFqjC*w|bs>{BgpC`^V2OJdv-bX3SHw;cDA;h(QQvDR_nO>VPN`08TzHB;E(%! zcL#hy4dHu&-ufcji8_nO#_Z?$^!o5uvdruOK5cMEnoHuPc$K2VnooLy*R9u1GpA0y z6{C+r5#X`+A0cqRjMt{T@vycoHC!7{&dqD>cu=GDpGi0=CDTS>r#b|LR=4bgH&BT< z%fo*Eq59zeiJ}_$80`eaHcn7OmQIh{Mx~kZ7EW)2_1&3k{c7>cI`!LVeXb@R3>5`S zr8?{|>?+>%8;b^V>XU&bK|!(o;=@F}V}ii14@K4(tuuC$B^s*WA;B?@aWj^~GJYzf zHr^T<;<=up{88HKQXt@-ud5KPrATr{7gwoN)0p`I`$VI|E%6od#b2p4VBezt4vTFw zT(Z-o?tpY9rDp$r;NE2WH}A3X5i`wu{@3>cx{@4F=sA1u9;Iu?iX+6+Dij8Ccla0Q z0n-c{e6Dyfo<`8Vys>Y$X$9#)@5%(eLv^cx0+xC8)3Z+}i~_AC`VRSRT>7VY`ka&b zq8PhQWb$N{K~iXvhccU&9)XU}A30KKHNA^w6R2*bM!>Ta_LtkajopWhwT*Rvi_D=k z6n&mNC{O_`DxJ&`aQryDowa}~Fh%Z>U;L85LPWr_)|ytvBJmP7)s(q?+qdPHMzW$D zbCEH)Re1?`a!zo(afK)sPAl3rQak|Ryk)oi5_}o+d{lH`ya}d%M-33zk@QSY`Nn2# zq(i^#11cUabLGPd>ZkJzvWY-(Z_gNT7Vxiss=aG!^G|DBV1FX)Q_DF8iuew02VuPp z+zrDishmv1&)uxSli#)|iuqc~Aq+2L#aCGNPhM8`2HN~C!haRnx5U|=KrRSe<5I3R zN|I`jp7cnzM-xqmQ_g);LyH3~xzR&hlBvq`)oL>~FP?~;6z+ zIaVD8nLl8spwJl&<}3(%u}HOF+ASX2YoEPrCsBoIpx%<@5c)~_1mw&A@q6~tK4H~# z?IbBl_SzAFzS7#wPpc{)>t1PUef$wXb#tRFQ@HBdXX9?kB$8$xkkL`j zV|v?hfANz*I^Kg};Y>)-&$uE^GntQb7O-QT;>~7C{_nQDui`Je3c4Y}R)Vi4OF|g& zi__0C-ePEAZN*OEMLNqDyhfXOBU;m#b0?yd(m0Gamk+Df!{Mma9|DW-0_sQ^qGdbd z!wWmYmP4~zZ;?XZfA6$4-x3lII8?#)g7&S>k-rPr6$2aYvHjfP>YZ%Jxw-K+G%=04 z-NkGJ=6{@-9WlON8tNY`PukeB*4B@7t*`NYef^|FPD`o1xIMjzBdp1CTIz7R9d)t+ z@G9%+LnQv18Trm%I8zkrV(D6EV>X1IR)ZG`Ce1d?^D^&`{@aem^Lf<1pQEAUXeey? z_Y(BXkGn}^EW0jzqcCLr`Pr#>Ddv6-YbH;r&|Q4`;IbY3XTldP|9nRps2f23o)|H& ztWr=_CD88A>=>FDr6gSW*UWL-Eh+He|KIX@M1Fg1OyoIFi9Nh~^hOw{0=9rPlb$d_ zKkv}C_-^km=p6A^$p)Q^U1ISEy3$u_r`*?>f1?`fR;@NP3ObiHQ=wF7H~~FH#SVVD zds|auA4D0}c46|`Ht#QbByoGkZ%Oz;;20Zn?F9+^9|vgYMavY%mf_(E6ckMWy6o@b znQmkkvYBM0JBE2Lhn{NEq0FfQwo{2=Fft?z-`Z>Ogr;ar#1A~QjXqKIzIm-?QllcL z3M^{g=kv)N`;qW)IF^~T27Py}-!rn|7T{dHRWup=3UT)%;ktbITQP$o_1$*LG7P4O z*gCq!E)RC<_k^n>sAak%7s@8tnU4Z`32!Dn`aTcazwKZ%h;3aVSn&O@sO%vZ$4eud zSV2zSXT<~1l%VvnAX+5Hs@`Kfz}xm-$E87z24 z;)}x#aEFf5=?3B1%khU&(M{()IyYcyQaCNU6W^(WA1|Sl)aRF$@&drpG(aX2UU>PL zfZvFdG@;z61U2QkKHvL$fOJAlm+lHN-!S4Q?RAvSw2It8zq`Mu1l9`hn`flF4Un#zsN$j4P{g+YKRwvZ;509QDVwg8%RKDu?Z-_-s0SNsvbTu%tQ)xUV!m`ok0$Q-Jb#f zqm-f#ROcx9j-K`vsQ3~Wl7bzBpRUOz2V;bUM%(S0+9KI8Qm=+BC(oMFhZHLp=76)G z@n9MHm4TVSb-ZsXTavoMniS1oHqS6=c-8LlzLYk5IFBHEh>TtnD=vHC3hFRGfzCRX zf1+7p@%@kCrXoB+X9`(pe&q}kc5ukGq2;4j@nd_*iiv;~ci2c0gT9dl80dU{BzS%# z6@J^TyoUD|eYKL)S|b8)=wfR-=2;8}5iTl!$WP84WbAhHzn>C*5o>;IT*E;w#6i(J zciL>S`dVC~>==!8p3W(&@SdW0!w9}J2(DWp9GI7}Yl6nC4KC>C0=v8qSgAZUxq_W( z7vXE31-MbaGN~~%*T?o_Kz8-ahc{^dvd~0CHocSp8Al(FfNWB50L+SzX5y`|O3!)Y zpf&G1twwD2Rz0ye1}TZ_vZ1xBmBCe_3rArS`D9pa!C%rBhE>;{lKCf{N>@Mel8Z_P zy&2PmK~5aD7+_bUx* zZBINnFcFV(LO__MQpKi&^Cm(b<`rBPPL+oLr-_ zkMkz1mbNWQ4!*12xp{wkZ0Fl_z_H}n^nh6>=6$Y0S-00BPA@bwyvip+`!}mXfXOR9 zN-n#=!TsGLoU|?)LgJO_W9{wx+=qGQbKN-lg)0C0^Y-nJr={)hIUL8g+)?g$9jFQ< zye$({DRS%Vvm?yMVS{CZU6`)n+m_(}Vc82f~m4_My!o0l%Klx=;57swvjVb{bb zexs|`t;8FCezq@9^;c3ghnvUf^bt;+ki6rKb{2##H6*LB4!u{q_|kqaPyLLf zV3YMPY4kC;!$QVzwMt{d5~+YL#;{s)lT3d6q>Dv|3-R8Oj2)||TeE^w-}Q>S)8Qv& z7d+?!B1L*-USxt?0>Tc3n09%vRv|EfxuTHLSorux+9eVe2a$_iC(b zMqXuo_iwEv73&&X_=;*`_5cL@N?o`W0L=Q4?6?v2K3RR%+y7SJl&_ijda9QrW-dtHHcFv`iMU!SXU3BU}|2YggBG?96Fs=NPRx|lWjw2TrhsIs!X4x|2&64(@DUUxetX7WF;ti)a>*To z$}vG#T-ns!ky`AQspfGhJbtYd?7=sJw=zh9bd2&v;~ajxne9Jp)9$O2wDI_uMlzE% z+*MqdgktzUlFy=M_X*JBhv;+AlY3CXBTNu5(o0E=G1}e@aSyALRPp#2Ml#82JCC^2 zxffJnRLV;CfBl@}r~H!;Z(IfMEW;cmV}!qR0vq*T%8VdKPQa|Ib-DG!RO10};b{@v z68hb)aF92mOIjjui68yrVv7wtY zej=N0xgAeV=LP5!oZ6ysphaJ(K?kv>u%y(a1{+fDAexjA#cueVqfIY+cNpk*lUgAP=jkbk4vo_3HJ}&%i})c zOg`6PUSyq7UgQ|OvI2sGVs~~#CB{j7G-$RXodmz0j*JF$39D>4+;V3qS5~W19Ap~# zLATS$NP?EwNCE;SC2=l>3JoX9f#zG_H8#UPas{Hf39(HG0daaWtW4Rkg{(OV#iBiw zLy@@hzd~=Ec-*?mgB8?fEA?U3CXJy|w#$k!Qxz1=^~IscCku7fLTk;Nd*UXI-cr)i z*3whIA1APma&>5!mi(v-s-ybEBtMSk#o?)=DINb)%SkBy-E-Oq`e?hF^)Cs1o%JR_ zLOMsnKG!q`%nbh#&cPHO`WYz#0S_HQ3Wj7j@IvFMEp6V}Nb2uik5DEVux{J^REEta z`xQzE?N_g4_%Itahk%xHW_18p{J#vLK`f;c%T;WE(S(hd=Tr|HNSDVs*?oGz+Yb9m z=@I`!vPWkfwuJ5WgcnKTmtPpE*J)%9K}&SbKG)Qrl~xa_b934JyM)uvqtOXlCHOb> zbF2mR;lKY}I0ljJp z`bhqo(tT8Bn0dg$AJ98%!$pN+K;e?dqQTYlC;p}nB^< z_?>{6si7Ie>NH-3k?nyxtsM!=s)edRU>_8;a>*m`y6!>hOUy4&FxZl-NSU)-SIH24 zeenId*z+rt1lY52aPzBUiT@-u!P#b2O^y4domkwS`!Vljt3a~`Nv9gq7XPg|R8LLq zpzQ9-vTd<&Sv#Qs3;Cj8Zyt8N5|W=F#M_dW+DnI1mQNoQIjzr@o(1+e|M5J3Z(L=O zUoIh`#4;asd@Lf=Pf?o|h5a4|`BBuV$cQxg`OI6^8uUJ+-X7E5t0(FYJr1jQd1Q@m z9UL(VI@XU(gv2jVJ`$i|y#2C6-=?$1V%1G>xaNX59LxZg;rVIa#%}Qusi?FJkBd>U z9#x^Xd35xBcGxZPLg^3f%ETdqFkFSlnzFUod{p&DDZRl#fc7pI;j+R#7ra?*k)Dlixb+G zhHhfUW2wF$o7EzEMuEkx^W&H(i{OE^;3g&%R80SH9zeeAJ zzDo>#mC`T2xlD|~l+|J6Qqe2V$owT&E?wmxPKR*Q7&VqU$1W+l{r$RkMuRBw)l5x0 zA}gKMyUp8DCAHKprKG$jUlv)gd{J<%jMsH2wUVbM!hX!zr(D6&_$5w(_Yu<{wz1@KZ2BMvhnpRGFw8Pti&9J3LqlqL5bijvqgKM=7&k4d9>>@HAT_ z7Ax-;KEem$G-LIPEPEj}>UI_jtQ9sY)~gB&crCrf`TG92@a013^VXeA*c|aAN}Z+& z6B`6V(@3CPwax8igxvKUXzv(i{9d(Cp*@i3i6%dkzC((cmJ~|Up4Vrb`&V{GCFqif z!;=!p0CToaZB$X_E(}*25M-avYx~l@xt@B)Chj>?EF8lTltD{~G4ahTQZy3suu(qz z&Jv5ndADQC`n=Am)Xpxu-2OlonXpV&HrFW|Ubz%rltkSNsaC+5*F;*f9c;gRrWelu~XJJ)5zKfXU`hRVRP*T?e6oI34}JAbQhdg-zY z|MPc!p+ji#DkGP}qU@4VlAcK{tuFjk&@$EQurI|^g5vbj?E_qx_4^f`qo8;ndjjo0 zqp>YSZGp5dnm;FjK|*>1tX&pK5}QcwvzL84;KDZ`fbJp7^L6g8AYZhx_LW{XQTOXn zaVH!}d5nJTN>;SgC$L+8<})BbfatS8nBY0I=**Ls2w1Q}8uNZ29Jo!{Z1DC?1>qm5 zH>&-_<)*{o8zpbbC{;S^=K8x6egtnHngQmI>vo#|VyZNyW~&(-Bi`5u(MC4Ohm!O6 zE8CWGA`IR>XpS@Cpy>5?(J>z1y>x5XJp(F9CkepvT7^84 zPa2IG^T~^o|i4iID!!R zVQk)RD2v+KJ{DSO3ys}#E>C|5`5ETgSp9B(FL3>A{cIwG?spD{JLT-Kt@ZOj7k??# zSC_*bXYt+Io3z#5t2%12e%lDhWSqkMUEo&wPo|Y46tO6ts?*{mup-IUnRXmoxQzy7BmV zUS?2BXOyB(O9z4WnS%J2rtq5>>GP)-QJJMj<-(aQ@gMTGzD7Q|4C{z7VgwOb-7^(k z7g$vb=_}>5R!QzT0`kdgGp^BU_z1!o#Gq#1z7Ts6TRZvCWL|egX1=K^~Yu zDzxgz)Q(+F3|ryevnbI%MEkh%v;eb$IpbIeBBxlgXA<_(F)f3W7 zO7R1M2HrpD3=LF{3RVJxJ@E+mWnt4##@z7LS!>L}lU zM_*Sj+anx@-#!FPu9}hl6YRrcnrG$>0&Ln-ls$O91+4kZAGg_2Kdkja$OMF|aUE_J z;V;Qpo6*bbUYLw0?r*uZQy{@x*X^VELP7%S)w?M>UxVO$_&d$cwpM#5XlpRH}1^FdZA zv%j&D{NX*&5l0*xmuW#ASOy7{fIsRJxe?eIwW)vP*B@8j@8%&olPw;C@%dc}wf70r zLW@eZ;7pLP&m_NN;F9=(j=Z3O}EU-4<2#3wA^2t)mqYN<^Khs9AD$K&!9NK29flR<}3v%b%%2* zadQ0vVSx_zTr2n&Y60vzz{E?nqX4KMKPHg^^?@ddFAn!t+Rpd1=vz+~xt?P|>!(UuQ~^sB=K7{A#~o^fMJGFZAZc28t=@!eCgQ zJ>W~excEixns&^Ay7I52vm;PJn!dpw0D^(GC#0vClgX$7p8DXERQ8Ojpab-FNm8_6 zV(Ba#R!khkk#g8BI_j$zUjC&z1DD29 zLgZrxVLl2L)`F;wm=dzQRnv@8>WURI+?{Vl^P{oNSa<-O? z4S&`T`P$MhR4ifp&RMkQY1lybK{DM^xJ#fr(C;VCEvBk0cOgHJB)7N@l;gJFo>Dx^ z*-BuVJOHa$P!6kD{U~8KO10)o3a=V~cAv0YdN`XHL^bWjsw+()k}C$efeW4zjS_Y(fNp8Sktji3 zy?G%4y?_=)*Sjp;o8>EpiDmd-=dbKp@=YoJHu2EE%hIFDumeTlGn$YxM|ye(cqj5S z?RX}r?VWhtyDaURzFzT38pGa+Ct-of04I^@FVsg11~`7MZEmcK-W%3m?lrZ@{C z=Sm|nCcI>UU+1ra_TdCJ3|~IDOTr;dHHeSG;vuPosEG|LoZSp8kfw5~0tZzoc9u)?Kv0};o#2s5 zta`i>)rD4epTJ&$M?8FdgkGnKc@oUjsY8?_lCt&9vPwubTV$(nl;@T~?zo7|h-E=jabXnNz5JLOjEN^|xm^)nXv zDT_$=vBBlzH1csOsBiwFg>;h9lspGkY~e1|WGizOK!R+YBy*O~uwolOk6$q{SEgQV z&QBEzwId`1lxYwZ=(!v9a-iQV!(7gg8(o2J+fh})3w%?Cdk3|W2LH*Icrc!v3}z%6 zj;1}_BV;s;k8wPi_G1!_qfs0V`r~nbf){Z=9Q6r~$YeI0E(Vim8qUH&cs!mCw^IYy zB}Gj-=Ic9>=kgc><4v|OcBV1lid_Lf)`Ia6Cu$^iVgF%R_(v(~q6lI13(M*6vTq_y zD0HejYB+_Nx|K;>H&8pHRDj)&SzPnBnPaMG4&WLG_#TLxkkxr;6byo%VWH`O45Ddo zK*qDhU@{wzdb7!RFvGYvCDY-8ETTcLH;V9NGKvYA;l(7J_4{NLkL5o{(>f??7^=u5Y+->jqlFfg_Z^Q5D75kn4J6w+&VJKU>$2)(U2F=S*9jTil8p`D z>%-`K1>$>6Q&6T=t4~3Zo8A<@ICZ{C`!RC7o8}FHMz9eUxB*_#3mQP;ZYnBq3!TCm zwNSj%Hsq*Cp6B}ztDl0Xllww_*fDaEvm_z;j;WN#G;*70ZMP_r+BG$wI1$|llNC!j z5nHe{YH47`I)z6+A7i_RPv;uzSuyRa{adG3l3F~&aUarD?|tUs^YG*Za?a%-q)zfD zy6#IHuhvkAn8hd}oJuP*V-c@+zN4J7^cTvdq?X$%LAKj7mZNivn|Gw{O(SEBNX_?+d4TMR zJ{^w0wN|21c^fYDB3zJ0K(Ettk`O`a-3!nGItLb&AP~Jt!B$;TUfXjGYP}tW*E0B4 z-QFqVTgBRfpXLvyqDk!OJdJjjDck=Fi$BS~7$$x^hdYN(RiWP~R=;xuR zDZ2Q>|ChJ9(!* zdM6%KYxO!FFrRng^}SE;J02%E50`}7bur;WbpGnX#D96mDz7FzPSt)@XwV98P);~Y z?g&bG!r1LPGw}$Psw*#!`-Bs*&NTN%DR0nt^o^ZhZ@St6;p0qQijqt1>xSLO%HJ>TV6i0T&qsQUP41|dn5NBi2k5efx*CR4@EZ>QWcfuSSEr%mQ9n4S=7WvH0mvVQJ&te3X)iilUoI9g?u{31x%8&{y!^6HYRzt&yV=A(A?_ zhHNaxwT`#zp-ld=} zG;IWn4x;nsA5BS8a|l~L2>5z%Fn+Uy35)Ta+!gt;%OJ3G^0;6;k@H z6n70PxFj{J)6nXRYY@=7?Y^>k)huR=5^JFTg@sIQ$h$PzQanNFLhD%Susc??hDcrh z*fg9oFQsM&y_Jfr+L;4E1)*uG-g)I6xi#hghzNrqI112nP^NPtiCHOc5>8Ry0O&ZH zBhbv!WK(>GUO2xckvusy@&@unQfG-mk-2L z;u*PCLcP`Tul-x!l6w0hUvk6B?6n6IOGj zK3&)J;-aNlT*-%(xSe^7v_;c4pPh$Q>Tz4$C|KuBZiuk#*@V4>Q)MS8-wf!8a#LzC zd-dkUg>1U!#7Wqc12}&gxEQy_ob5BK?Ez;O%>AOx21&EIR)T*(m|6GRfvtw29$W7B zg5zLlg3FWP@o2c{_i#9#3>MRPGQ^8$7{z!nnha*sa56cbhA~;p$nkhQ3n$~jWE_us zlgV&8j>CAegC1i*nvCDAt5c*Cw=Yi#Q0w}fCLi#I*J!Kc9aop84Eun!F&%dytRtx{ z56Bi_R%hHBN5j#uN224fAB~1FiTcxM5%v4W$BW|$2^W(%93D^l{ox`U^`qe^!h>Ni z9Q6ixG#!t35#%h-2bSO3soY^@g=5Qmh zGPoMZ!m;pqq$y6S+X7x4nDH=eGQtBLPv9qoazXU}^&fmvoSZ3(Tu)3@vc6)GRKpYf zV3LzB_TY(PDWtI|N|X;yr?_q1?O%$a?b`fq>Izy$6T66KaN^3oTo40`ul#20^RV*0q z4Z+ddoC@+f4VB~bv}kEv^2H5Obt52928l8lnBJjankh|Y#Uf&@ADzXorfb92xqVPc z-v-bBo3}GQMN6DQn32E`wuzB-&p*cSd!mV#~-gdHYy?*`riLuXBTi6`eH50jN#lcY+Zu~ zc1f6B-GVJAID*Xf2KF{$na1v*YWF&jgy9!PUIP|Rf3L9AY&QFu+G|BvEewmT{4j&b z$v@YG3p=7liPeVHeR#9URi|;O2IXRt7WVTPqHU59{Ob;iHYr}wP{}t=S*jlmG`Yv6 z4)!g=>rN^A)OIF$gQHt7p$mz#6;baKl7tfl3@*Hu9~X6du2Tr{k_bITe@Tl?TK-5gi1jdrYcG!wA}^f4ykikXPEN6|(gIOeHMv_g$An;&q^TQ0lQ5 z@%6$7$1H`~2_>qRNWUTQUd)%aw4nArO$%tlMDE5?w4vY@RO?0#WffKXM{5g1LK z+Qv2qQqtR%P-2$AEnH^fZE%o;y{_#@Na)d5lpT9;rn-t=!?a<`W> zu+yUGd6PA#b^V*yFFQEBX+ye!DmQghgUt~ixp!>G> zg+uVSuss}dzW6S2aFsWUWsonkW!5}@AkARS^S`8apl6`%aMHtii2Z0VZPgUY_`W!! zE1UEn(^6MMYqlWD@B-~C(2i++S?>7w7?LXsHP~iU0?d``oYvTO;8D(dCn)xZcS|Mn4>3ePG9;93^Eb|OB*i8>d5t*!P;r(r~$de0?A%FRL!CW zzpJK`)8C1?Bij_xkN~bP=H@NQkI{l06cunlLy7ZrY1N;H6ZD%Yx-B~82p=O6EWm)cj z&jKJ0uowH+=BV{LyzGVp;-bC8+4Ub@%zu`Ows$g~OgrYcGblZ-lBB#7?=?KL_mc7z z7U9zCc<}n3+YkP5#YwJzcOT$_cEw%ya{90#4jJkUSIq4Ia)Fb!l8vBhesVXc$;;RM z>QUPQ=(dazU2mm)&0I|^z;!AS0X!~la>D;vD=2HE-n?kBHOskx^c54G3#3~U?VM3= z$+fEhyI;DUgQ_{zu8QS=Y`dcCZnRCP8WNyO)wTMgNk1Cm#pJjbhvBF{8w|tQARZ2T z;cPhQO$YI0G9HrNuun)F^~10~=nsZCTJ#6KxEIz7wAHAxS#~*Pu(P+_b2?MeE7KN* zHi@FRH7n$q3{?np#ZjHEsnhq>m6kTP*dq)kFu#SYOjim!P`n72B96 zWewChAa6pqv!J`WU{M-G6P)UWM6c^9JpiL$E-&Z0r^z@nC2oKR!e!Lj7B`PZ!WVb3*l#`PIsw^6IVZ8hmn>)wDpp??P00^U7tLmaYnP%FHJ#5eG5 z8*zLM-P-OG*v~pfS|=nxG!2ursS<$~?2hP=T4cmA4nrILgm*u;sA80FH_M^_SG34; z!r3|xYh@jwLMiu7{_w(V?VWg|Uaz4}ikVwDrYID7iMxwm6(%C}Y_=QSwH&w?!!Q zAqi)o!Wf{Zx;C8hu?n~`@00_TClg7-e3R)5Qu<`=sJsk_Rzm3pNUXV|oa%BzINdB* zv{A^-Dmr0({cu1`6Mcr7Vw;s!onJja*N(HRm!}v1<(&*lD>K(M7_KTiem0vjp{n7S}~)$X$O|8}^XZM)B_++`})6_gXkD6#NmbqStuPL(cm!~Flsjsz zcBF}Dt9GO~v9;7u`w*C5ArS8f4{4mM!fX<%X%nCebs5@K0j_1+>yG;Wh5X0m+58%o z`}*p9ejOlX>B~Q8n?J)JQiRdv*}PQs@P>$Dr$U)pxqq(SynwH;ubrUMwm}J;-w?5j zbBmgbPWy^;MLGIQq8=t7&e=-o&qYmR_yTT(>jL04TrxDzP-!QE%U?!3=>)mrtadyL zmGJj<27qA^pm>tjujCX(THqM%thl~zRV z;dKg`>yUA3?7OWVi3Ve^-2dM1ve;eU4q6woZ%vJqiqnTBk!$W2Pt^bmZOT}-4JcY( zPrIyTc$Q%+>oYKq@^Z+9h)m^uU8B8&umVE45n3eDPCVfjhPKr%9Rd&BgIjfU04pL$ zfv-*Fxhbty%%zhwq+Zo#5z5!8Dmkhlm7cy)5MY^un;eH^PI3yV6D*C~w@7-|HsZPM zptrZ3osT}wXjdNg3B!?ZE&OiABLA-6eQYbK9lfv7v?8428`74s{Dlef`&&qAEiV1l zh+>I8P8(juHToS^mm-RmpIf{LAi|4w1ymiK7A#{4yV+c1(kMQ&1(WLJnb-K*dfewp zJ~MYPWoq6Gc%K7&zo_A40_s9ECU76TwJtCJr@XQBGcRAfgdxG<5|N0)Ybk5>mW#O^ zE(M9AM&+$R$%0E;cCn#~eM`-Q%BwFY?z1e{&ch`%jp!YX);N)-%B?9`4y7cy!1m31 z`)cFXu*X}Plb_*j$1QP>GN}6nJ_biAQmNF*+VC27|$3+8ZB}-mJgCy~T)(Ec_Ugm3Z2IEEZoXLfJ^xfY--_{TK@w=sWq`Ssn z8myuR!O`pWdXv!z{@?5Ms{ikeCdc3PN5kH5bUYpo$KUn(@ITah5bQgC)?DEHyWVHx zst)ci^5gsdqa}^V$s>e(Bv|-J{^il*!uKpKpgT%FJbLsGc;aB0llTYE9K3~03s`>B z{Y@SKH0+9;-fe=Aa}Ug%A3Q-miZ1+~ljH}Fi%mlKk`Upc?vIZiJ$?+ee|-=a^4G_Y zAES#9r&6Y@6Tu%ndi3Z|^opUEl$V6PJWJMTWZv$P^76#r_46lSEY4tqQ6BG*B;bB( iqUK+{Y=8g!{qy(F-#?%I^Zx+=0RR781qfIGwgmu2$a=s4 literal 0 HcmV?d00001 diff --git a/incubator/blocky/0.0.1/ci/k8sgateway-values.yaml b/incubator/blocky/0.0.1/ci/k8sgateway-values.yaml new file mode 100644 index 00000000000..4bddcbf7f12 --- /dev/null +++ b/incubator/blocky/0.0.1/ci/k8sgateway-values.yaml @@ -0,0 +1,7 @@ +k8sgateway: + enabled: true + # -- list of processed domains + domains: + - domain: something.com + dnsChallenge: + enabled: false diff --git a/incubator/blocky/0.0.1/ci/standalone-values.yaml b/incubator/blocky/0.0.1/ci/standalone-values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/incubator/blocky/0.0.1/ix_values.yaml b/incubator/blocky/0.0.1/ix_values.yaml new file mode 100644 index 00000000000..35b82c7d08f --- /dev/null +++ b/incubator/blocky/0.0.1/ix_values.yaml @@ -0,0 +1,338 @@ +image: + repository: spx01/blocky + tag: development@sha256:c55e676e89cee31edeee687d70f7ed957b727d61b5611e213809f7a0399fe4ef + # repository: tccr.io/truecharts/blocky + # tag: v0.19@sha256:77a474542f12f480deca33ff0a6375846918b86988c13f858620839d8818ca84 + pullPolicy: IfNotPresent + +WebUIImage: + repository: tccr.io/truecharts/blocky-frontend + tag: v0.0.3@sha256:81058f20520dcdb80c9883b6f21b338446fefc333e3ca8bd7d17336a24a5d842 + pullPolicy: IfNotPresent + +k8sgatewayImage: + repository: tccr.io/truecharts/k8s_gateway + pullPolicy: IfNotPresent + tag: 0.3.2@sha256:594fd6990eb2e0af1df7df8ba76cb3ca66232f46c5df5ebf786a45dd19777ae5 + +controller: + # -- Set additional annotations on the deployment/statefulset/daemonset + # -- Number of desired pods + replicas: 2 + # -- Set the controller upgrade strategy + # For Deployments, valid values are Recreate (default) and RollingUpdate. + # For StatefulSets, valid values are OnDelete and RollingUpdate (default). + # DaemonSets ignore this. + strategy: RollingUpdate + +# -- Blocky Config File content +blockyConfig: {} +# upstream: +# default: +# - 1.1.1.1 + +env: + BLOCKY_CONFIG_FILE: "/app/config/" + +blocky: + enableWebUI: true + enablePrometheus: true + +probes: + liveness: + enabled: + custom: true + spec: + exec: + command: + - /app/blocky + - healthcheck + readiness: + custom: true + spec: + exec: + command: + - /app/blocky + - healthcheck + startup: + custom: true + spec: + exec: + command: + - /app/blocky + - healthcheck + +service: + main: + ports: + main: + port: 10315 + protocol: HTTP + targetPort: 80 + dns-tcp: + enabled: true + ports: + dns-tcp: + enabled: true + port: 53 + targetPort: 53 + dns-udp: + enabled: true + ports: + dns-udp: + enabled: true + port: 53 + protocol: UDP + targetPort: 53 + dot: + enabled: true + ports: + dot: + enabled: true + port: 853 + protocol: TCP + targetPort: 853 + http: + enabled: true + ports: + http: + enabled: true + port: 4000 + protocol: HTTP + targetPort: 4000 + https: + enabled: true + ports: + https: + enabled: true + port: 4443 + protocol: HTTPS + targetPort: 4443 + k8sgateway: + enabled: true + ports: + k8sgateway: + enabled: true + port: 5353 + protocol: UDP + targetPort: 5353 + +## TODO Add support for SCALE certificates and certificates secrets here +certFile: "" +keyFile: "" +logLevel: info +logFormat: text +logTimestamp: true +logPrivacy: false +dohUserAgent: "" +minTlsServeVersion: 1.2 + +# -- set the default DNS upstream servers +# Primarily designed for inclusion in the TrueNAS SCALE GUI +defaultUpstreams: + - 1.1.1.1 + - 1.0.0.1 + - 8.8.8.8 + - 8.8.4.4 + - 9.9.9.9 + - 149.112.112.112 + - 208.67.222.222 + - 208.67.220.220 + - 8.26.56.26 + - 8.20.247.20 + - 185.228.168.9 + - 185.228.169.9 + - 76.76.19.19 + - 76.223.122.150 + - 76.76.2.0 + - 76.76.10.0 + +# -- set additional upstreams +# Primarily designed for inclusion in the TrueNAS SCALE GUI +upstreams: + # - name: group2 + # dnsservers: + # - 1.1.1.1 + +# -- set bootstrap dns (not needed) +# Ensures bootstrap encryption and ensure it doesn't use k8s dns +bootstrapDns: + # -- Upstream + upstream: "" + # -- IP's linked to upstream DoT/DoH DNS name + ips: [] + +# -- Return empty answer for these queries +filtering: + # -- Ensures filtering by query type + queryTypes: [] + +# -- Set manual custom DNS resolution +customDNS: + customTTL: 1h + filterUnmappedTypes: true + rewrite: [] + # - in: something.com + # out: somethingelse.com + mapping: [] + # - domain: something.com + # dnsserver: 192.168.178.1 + +# -- Setup client-name lookup +clientLookup: + # -- upstream used for client-name lookup + upstream: "" + singleNameOrder: [] + clients: + # - domain: laptop + # ips: [] + +# -- Setup caching +caching: + minTime: 5m + maxTime: 30m + maxItemsCount: 0 + prefetching: false + prefetchExpires: 2h + prefetchThreshold: 5 + prefetchMaxItemsCount: 0 + cacheTimeNegative: 30m + +# -- set conditional settings +# Primarily designed for inclusion in the TrueNAS SCALE GUI +conditional: + rewrite: [] + # - in: something.com + # out: somethingelse.com + mapping: [] + # - domain: something.com + # dnsserver: 192.168.178.1 + +# -- set blocking settings using Lists +# Primarily designed for inclusion in the TrueNAS SCALE GUI +blocking: + # -- Sets the blocktype + blockType: nxDomain + # -- Sets the block ttl + blockTTL: 6h + # -- Sets the block refreshPeriod + refreshPeriod: 4h + # -- Sets the block download timeout + downloadTimeout: 60s + # -- Sets the block download attempt count + downloadAttempts: 3 + # -- Sets the block download cooldown + downloadCooldown: 2s + # -- Set to fail start of lists cannot be downloaded + failStartOnListError: false + # -- Sets how many list-groups can be processed at the same time + processingConcurrency: 4 + # -- Add blocky whitelists + whitelist: [] + # - name: ads + # lists: + # - https://someurl.com/list.txt + # - /somefile.txt + + # -- Blocky blacklists + blacklist: [] + # - name: ads + # lists: + # - https://someurl.com/list.txt + # - /somefile.txt + + # -- Blocky clientGroupsBlock + clientGroupsBlock: [] + # - name: default + # groups: + # - ads + +# -- configure using hostsfile for lookups +# Allows for using the hosts configured in kubernetes and such +hostsFile: + enabled: false + filePath: /etc/hosts + hostsTTL: 60m + refreshPeriod: 30m + +## TODO: add this with postgresql support as well +# queryLog: +# type: csv +# target: /logs +# logRetentionDays: 0 +# creationAttempts: 3 +# CreationCooldown: 2 + +portal: + enabled: true + +serviceAccount: + main: + # -- Specifies whether a service account should be created + enabled: true + +# -- Create a ClusterRole and ClusterRoleBinding +# @default -- See below +rbac: + main: + # -- Enables or disables the ClusterRole and ClusterRoleBinding + enabled: true + + # -- Set Rules on the ClusterRole + rules: + - apiGroups: + - "" + resources: + - services + - namespaces + verbs: + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + +k8sgateway: + enabled: true + # -- TTL for non-apex responses (in seconds) + ttl: 300 + + # -- Limit what kind of resources to watch, e.g. watchedResources: ["Ingress"] + watchedResources: [] + + # -- Service name of a secondary DNS server (should be `serviceName.namespace`) + secondary: "" + + # -- Override the default `serviceName.namespace` domain apex + apex: "" + + # -- list of processed domains + domains: [] + # -- Delegated domain + # - domain: "example.com" + # # -- Optional configuration option for DNS01 challenge that will redirect all acme + # # challenge requests to external cloud domain (e.g. managed by cert-manager) + # # See: https://cert-manager.io/docs/configuration/acme/dns01/ + # dnsChallenge: + # enabled: false + # domain: dns01.clouddns.com + + forward: + enabled: false + primary: tls://1.1.1.1 + secondary: tls://1.0.0.1 + options: + - name: tls_servername + value: cloudflare-dns.com + +unbound: + enabled: false + +redis: + enabled: true + existingSecret: "rediscreds" diff --git a/incubator/blocky/0.0.1/questions.yaml b/incubator/blocky/0.0.1/questions.yaml new file mode 100644 index 00000000000..c1d72bf88dd --- /dev/null +++ b/incubator/blocky/0.0.1/questions.yaml @@ -0,0 +1,3269 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: Controller + description: Configure Workload Deployment + - name: Container Configuration + description: Additional Container Configuration + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" +questions: + - variable: global + label: Global Settings + group: Controller + schema: + type: dict + hidden: true + attrs: + - variable: isSCALE + label: Flag this is SCALE + schema: + type: boolean + default: true + hidden: true + - variable: controller + group: Controller + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: advanced + label: Show Advanced Controller Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: type + description: Please specify type of workload to deploy + label: (Advanced) Controller Type + schema: + type: string + required: true + enum: + - value: deployment + description: Deployment + - value: statefulset + description: Statefulset + - value: daemonset + description: Daemonset + default: deployment + - variable: replicas + description: Number of desired pod replicas + label: Desired Replicas + schema: + type: int + required: true + default: 1 + - variable: strategy + description: Please specify type of workload to deploy + label: (Advanced) Update Strategy + schema: + type: string + required: true + enum: + - value: Recreate + description: "Recreate: Kill existing pods before creating new ones" + - value: RollingUpdate + description: "RollingUpdate: Create new pods and then kill old ones" + - value: OnDelete + description: "(Legacy) OnDelete: ignore .spec.template changes" + default: Recreate + - variable: expert + label: Show Expert Configuration Options + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: Controller Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Controller Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: customextraargs + group: Controller + label: "Extra Args" + description: "Do not click this unless you know what you are doing" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: blocky + group: Container Configuration + label: Blocky Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enableWebUI + label: Enable Web UI + description: Enables Web UI + schema: + type: boolean + default: true + - variable: enablePrometheus + label: Enable Prometheus Endpoint + description: Enables Prometheus Endpoint + schema: + type: boolean + default: true + - variable: overrideDefaults + group: Container Configuration + label: Override Default Upstreams + description: Overrides the predefined DNS server upstream list + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: defaultUpstreams + label: Default Upstreams + schema: + type: list + default: [] + items: + - variable: upstreamEntry + label: Upstream Entry + schema: + type: string + required: true + default: "" + - variable: upstreams + group: Container Configuration + label: Upstreams Groups + description: + schema: + type: list + default: [] + items: + - variable: upstreamsGroupEntry + label: Upstreams Group Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Group Name + schema: + type: string + required: true + default: "" + - variable: upstreams + label: Upstreams + schema: + type: list + required: true + default: [] + items: + - variable: upstreamEntry + label: upstream Entry + schema: + type: string + required: true + default: "" + - variable: conditional + group: Container Configuration + label: Conditional + schema: + additional_attrs: true + type: dict + attrs: + - variable: rewrite + label: Rewrite + schema: + type: list + default: [] + items: + - variable: rewriteEntry + label: Rewrite Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: in + label: In + schema: + type: string + required: true + default: "" + - variable: out + label: Out + schema: + type: string + required: true + default: "" + - variable: mapping + label: Mapping + schema: + type: list + default: [] + items: + - variable: mappingEntry + label: Mapping Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: domain + label: Domain + schema: + type: string + required: true + default: "" + - variable: dnsserver + label: DNS Server + schema: + type: string + required: true + default: "" + - variable: blocking + group: Container Configuration + label: Blocking + schema: + additional_attrs: true + type: dict + attrs: + - variable: blockType + label: Block Type + description: Set the response should be sent to the client, if a requested query is blocked + schema: + type: string + default: nxDomain + - variable: blockTTL + label: Block TTL + description: Set the TTL for answers to blocked domains + schema: + type: string + default: 6h + - variable: refreshPeriod + label: Refresh Period + description: Set how often blocky should refresh list cache + schema: + type: string + default: 4h + - variable: downloadTimeout + label: Download Timeout + description: Download attempt timeout + schema: + type: string + default: 60s + - variable: downloadAttempts + label: Download Attempts + description: How many download attempts should be performed + schema: + type: int + default: 3 + - variable: downloadCooldown + label: Download Cooldown + description: Time between the download attempts + schema: + type: string + default: 2s + - variable: failStartOnListError + label: Fail Start on List Error + description: Fail to start if at least one list can't be downloaded or opened + schema: + type: boolean + default: false + - variable: processingConcurrency + label: Processing Concurrency + description: Sets how many list-groups can be processed at the same time + schema: + type: int + default: 4 + - variable: whitelist + label: Whitelist + description: Define whitelists, either URL or file + schema: + type: list + default: [] + items: + - variable: whitelistEntry + label: Whitelist Group Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Group Name + schema: + type: string + required: true + default: "" + - variable: lists + label: Lists + schema: + type: list + required: true + default: [] + items: + - variable: listEntry + label: List Entry + schema: + type: string + required: true + default: "" + - variable: blacklist + label: Blacklist + description: Define blacklists, either URL or file + schema: + type: list + default: [] + items: + - variable: blacklistEntry + label: Blacklist Group Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Group Name + schema: + type: string + required: true + default: "" + - variable: lists + label: Lists + schema: + type: list + required: true + default: [] + items: + - variable: listEntry + label: List Entry + schema: + type: string + required: true + default: "" + - variable: clientGroupsBlock + label: Client Groups Block + description: Define, which blocking group(s) should be used for which client in your network. + schema: + type: list + default: [] + items: + - variable: clientGroupBlockEntry + label: Client Group Block Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Client Group Name + schema: + type: string + required: true + default: "" + - variable: groups + label: Groups + schema: + type: list + required: true + default: [] + items: + - variable: groupEntry + label: Group Entry + schema: + type: string + required: true + default: "" + - variable: k8sgateway + group: Container Configuration + label: k8s-Gateway Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable k8s-Gateway + description: Enables k8s-Gateway + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: domains + label: Domains + description: Please refer to CoreDNS docs for options + schema: + type: list + default: [] + items: + - variable: domainEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: domain + label: Domain name + schema: + type: string + required: true + default: example.com + - variable: dnsChallenge + label: Forward dnsChallenge + description: Optional configuration option for DNS01 challenge that will redirect all acme + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: domain + label: Forward to Domain + schema: + type: string + required: true + default: dns01.clouddns.com + + - variable: advancedOptions + label: Advanced Options + schema: + type: boolean + default: false + show_if: [["enabled", "=", "true"]] + show_subquestions_if: true + subquestions: + - variable: ttl + label: ttl + description: TTL for non-apex responses (in seconds) + schema: + type: int + default: 300 + - variable: watchedResources + label: Watched Resources + description: imit what kind of resources to watch, e.g. Ingress + schema: + type: list + default: [] + items: + - variable: watchedResource + label: Watched Resource + schema: + type: string + default: "" + - variable: secondary + label: Secondary DNS Server Service + description: Service name of a secondary DNS server (should be serviceName.namespace) + schema: + type: string + default: "" + - variable: apex + label: Apex + description: Override the default `serviceName.namespace` domain apex + schema: + type: string + default: "" + - variable: TZ + label: Timezone + group: Container Configuration + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + group: Container Configuration + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: expertpodconf + group: Container Configuration + label: Show Expert Configuration + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: tty + label: Enable TTY + description: Determines whether containers in a pod runs with TTY enabled. By default pod has it disabled. + group: Workload Details + schema: + type: boolean + default: false + - variable: stdin + label: Enable STDIN + description: Determines whether containers in a pod runs with stdin enabled. By default pod has it disabled. + group: Workload Details + schema: + type: boolean + default: false + - variable: termination + group: Container Configuration + label: Termination settings + schema: + additional_attrs: true + type: dict + attrs: + - variable: gracePeriodSeconds + label: Grace Period Seconds + schema: + type: int + default: 10 + - variable: podLabelsList + group: Container Configuration + label: Pod Labels + schema: + type: list + default: [] + items: + - variable: podLabelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: podAnnotationsList + group: Container Configuration + label: Pod Annotations + schema: + type: list + default: [] + items: + - variable: podAnnotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Service + description: The Primary service on which the healthcheck runs, often the webUI + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Service Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 10315 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabled + label: Enable the Port + schema: + type: boolean + hidden: true + default: true + - variable: protocol + label: Port Type + schema: + type: string + default: HTTP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: nodePort + label: Node Port (Optional) + description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: Target Port + description: The internal(!) port on the container the Application runs on + schema: + type: int + default: 80 + - variable: dns-tcp + label: DNS TCP Service + description: The DNS TCP service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: dns-tcp + label: DNS TCP Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 53 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabled + label: Enable the Port + schema: + type: boolean + hidden: true + default: true + - variable: protocol + label: Port Type + schema: + type: string + default: TCP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: nodePort + label: Node Port (Optional) + description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: Target Port + description: The internal(!) port on the container the Application runs on + schema: + type: int + default: 53 + - variable: dns-udp + label: DNS UDP Service + description: The DNS UDP service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: dns-udp + label: DNS UDP Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 53 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabled + label: Enable the Port + schema: + type: boolean + hidden: true + default: true + - variable: protocol + label: Port Type + schema: + type: string + default: UDP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: nodePort + label: Node Port (Optional) + description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: Target Port + description: The internal(!) port on the container the Application runs on + schema: + type: int + default: 53 + - variable: dot + label: DoT Service + description: "DNS-over-TLS service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: ClusterIP + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: dot + label: DoT Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 853 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabled + label: Enable the Port + schema: + type: boolean + hidden: true + default: true + - variable: protocol + label: Port Type + schema: + type: string + default: UDP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: nodePort + label: Node Port (Optional) + description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: Target Port + description: The internal(!) port on the container the Application runs on + schema: + type: int + default: 853 + - variable: http + label: HTTP and Metrics Service + description: "service for things like metrics, pprof, API, DoH etc" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: ClusterIP + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: http + label: HTTP and Metrics Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 4000 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabled + label: Enable the Port + schema: + type: boolean + hidden: true + default: true + - variable: protocol + label: Port Type + schema: + type: string + default: UDP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: nodePort + label: Node Port (Optional) + description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: Target Port + description: The internal(!) port on the container the Application runs on + schema: + type: int + default: 4000 + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + group: Networking and Services + label: Host-Networking (Complicated) + schema: + type: boolean + default: false + - variable: externalInterfaces + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + show_subquestions_if: static + subquestions: + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: dnsPolicy + group: Networking and Services + label: dnsPolicy + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ClusterFirst + description: ClusterFirst + - value: ClusterFirstWithHostNet + description: ClusterFirstWithHostNet + - value: None + description: None + - variable: dnsConfig + label: DNS Configuration + group: Networking and Services + description: Specify custom DNS configuration which will be applied to the pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: nameservers + label: Name Servers + schema: + default: [] + type: list + items: + - variable: nameserver + label: Name Server + schema: + type: string + - variable: options + label: Options + schema: + default: [] + type: list + items: + - variable: option + label: Option Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: searches + label: Searches + schema: + default: [] + type: list + items: + - variable: search + label: Search Entry + schema: + type: string + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: TCP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name (Optional) + description: "Not required, please set to config when mounting /config or temp when mounting /tmp" + schema: + type: string + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: simpleHP + enum: + - value: simplePVC + description: PVC (Simple) + - value: simpleHP + description: Host Path (Simple) + - value: emptyDir + description: emptyDir + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissionsSimple + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: false + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPathSimple + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 999Gi + - variable: hostPathType + label: (Advanced) Host Path Type + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: DirectoryOrCreate + description: DirectoryOrCreate + - value: Directory + description: Directory + - value: FileOrCreate + description: FileOrCreate + - value: File + description: File + - value: Socket + description: Socket + - value: CharDevice + description: CharDevice + - value: BlockDevice + description: BlockDevice + - variable: storageClass + label: (Advanced) StorageClass + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: SCALE-ZFS + - variable: accessMode + label: (Advanced) Access Mode + description: Allow or disallow multiple PVC's writhing to the same PV + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: ReadWriteOnce + enum: + - value: ReadWriteOnce + description: ReadWriteOnce + - value: ReadOnlyMany + description: ReadOnlyMany + - value: ReadWriteMany + description: ReadWriteMany + - variable: advanced + label: Show Advanced Options + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: Select TrueNAS SCALE Certificate + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: expert + label: Show Expert Configuration Options + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enableFixedMiddlewares + description: These middlewares enforce a number of best practices. + label: Enable Default Middlewares + schema: + type: boolean + default: true + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: labelsList + label: Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: labelsList + label: Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: Select TrueNAS SCALE Certificate + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: security + label: Container Security Settings + group: Security and Permissions + schema: + type: dict + additional_attrs: true + attrs: + - variable: editsecurity + label: Change PUID / UMASK values + description: By enabling this you override default set values. + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "002" + - variable: advancedSecurity + label: Show Advanced Security Settings + group: Security and Permissions + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: securityContext + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: privileged + label: Privileged mode + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: ReadOnly Root Filesystem + schema: + type: boolean + default: true + - variable: allowPrivilegeEscalation + label: Allow Privilege Escalation + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: runAsNonRoot + schema: + type: boolean + default: true + - variable: capabilities + label: Capabilities + schema: + additional_attrs: true + type: dict + attrs: + - variable: drop + label: Drop Capability + schema: + type: list + default: [] + items: + - variable: dropEntry + label: "" + schema: + type: string + - variable: add + label: Add Capability + schema: + type: list + default: [] + items: + - variable: addEntry + label: "" + schema: + type: string + - variable: podSecurityContext + group: Security and Permissions + label: Pod Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: runAsUser + label: runAsUser + description: The UserID of the user running the application + schema: + type: int + default: 568 + - variable: runAsGroup + label: runAsGroup + description: The groupID this App of the user running the application + schema: + type: int + default: 568 + - variable: fsGroup + label: fsGroup + description: The group that should own ALL storage. + schema: + type: int + default: 568 + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + + - variable: advancedresources + label: Set Custom Resource Limits/Requests (Advanced) + group: Resources and Devices + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: resources + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 10m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 50Mi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: hostPath + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + # Specify GPU configuration + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] +# - variable: autoscaling +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: networkPolicy +# group: Advanced +# label: (Advanced) Network Policy +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: policyType +# label: Policy Type +# schema: +# type: string +# default: "" +# enum: +# - value: "" +# description: Default +# - value: ingress +# description: Ingress +# - value: egress +# description: Egress +# - value: ingress-egress +# description: Ingress and Egress +# - variable: egress +# label: Egress +# schema: +# type: list +# default: [] +# items: +# - variable: egressEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: to +# label: To +# schema: +# type: list +# default: [] +# items: +# - variable: toEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: ipBlock +# label: IP Block +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: cidr +# label: CIDR +# schema: +# type: string +# default: "" +# - variable: except +# label: Except +# schema: +# type: list +# default: [] +# items: +# - variable: exceptint +# label: "" +# schema: +# type: string +# - variable: namespaceSelector +# label: Namespace Selector +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: Match Expressions +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: Key +# schema: +# type: string +# - variable: operator +# label: Operator +# schema: +# type: string +# default: TCP +# enum: +# - value: In +# description: In +# - value: NotIn +# description: NotIn +# - value: Exists +# description: Exists +# - value: DoesNotExist +# description: DoesNotExist +# - variable: values +# label: Values +# schema +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: podSelector +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: Match Expressions +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: Key +# schema: +# type: string +# - variable: operator +# label: Operator +# schema: +# type: string +# default: TCP +# enum: +# - value: In +# description: In +# - value: NotIn +# description: NotIn +# - value: Exists +# description: Exists +# - value: DoesNotExist +# description: DoesNotExist +# - variable: values +# label: Values +# schema: +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: ports +# label: Ports +# schema: +# type: list +# default: [] +# items: +# - variable: portsEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: port +# label: Port +# schema: +# type: int +# - variable: endPort +# label: End Port +# schema: +# type: int +# - variable: protocol +# label: Protocol +# schema: +# type: string +# default: TCP +# enum: +# - value: TCP +# description: TCP +# - value: UDP +# description: UDP +# - value: SCTP +# description: SCTP +# - variable: ingress +# label: Ingress +# schema: +# type: list +# default: [] +# items: +# - variable: ingressEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: from +# label: From +# schema: +# type: list +# default: [] +# items: +# - variable: fromEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: ipBlock +# label: IP Block +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: cidr +# label: CIDR +# schema: +# type: string +# default: "" +# - variable: except +# label: Except +# schema: +# type: list +# default: [] +# items: +# - variable: exceptint +# label: "" +# schema: +# type: string +# - variable: namespaceSelector +# label: Namespace Selector +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: Match Expressions +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: Key +# schema: +# type: string +# - variable: operator +# label: Operator +# schema: +# type: string +# default: TCP +# enum: +# - value: In +# description: In +# - value: NotIn +# description: NotIn +# - value: Exists +# description: Exists +# - value: DoesNotExist +# description: DoesNotExist +# - variable: values +# label: Values +# schema: +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: podSelector +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: Match Expressions +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: Key +# schema: +# type: string +# - variable: operator +# label: Operator +# schema: +# type: string +# default: TCP +# enum: +# - value: In +# description: In +# - value: NotIn +# description: NotIn +# - value: Exists +# description: Exists +# - value: DoesNotExist +# description: DoesNotExist +# - variable: values +# label: Values +# schema: +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: ports +# label: Ports +# schema: +# type: list +# default: [] +# items: +# - variable: portsEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: port +# label: Port +# schema: +# type: int +# - variable: endPort +# label: End Port +# schema: +# type: int +# - variable: protocol +# label: Protocol +# schema: +# type: string +# default: TCP +# enum: +# - value: TCP +# description: TCP +# - value: UDP +# description: UDP +# - value: SCTP +# description: SCTP + + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: openvpn + description: OpenVPN + - value: wireguard + description: Wireguard + - value: tailscale + description: Tailscale + - variable: openvpn + label: OpenVPN Settings + schema: + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: Sock5 Server + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: dict + show_if: [["type", "!=", "disabled"]] + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type + schema: + type: string + default: hostPath + hidden: true + - variable: hostPathType + label: hostPathType + schema: + type: string + default: File + hidden: true + - variable: noMount + label: noMount + schema: + type: boolean + default: true + hidden: true + - variable: hostPath + label: Full Path to File + description: "Path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn" + schema: + type: string + default: "" + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: git + label: Git Settings + schema: + additional_attrs: true + type: dict + attrs: + - variable: deployKey + description: Raw SSH Private Key + label: Deploy Key + schema: + type: string + - variable: deployKeyBase64 + description: Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence + label: Deploy Key Base64 + schema: + type: string + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: nodePort + description: Leave Empty to Disable + label: nodePort DEPRECATED + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: promtail + label: Promtail + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: loki + label: Loki URL + schema: + type: string + required: true + - variable: logs + label: Log Paths + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: path + label: Path + schema: + type: string + required: true + - variable: args + label: Promtail Command Line Arguments + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + required: true + - variable: envList + label: Promtail Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/docs/about/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/incubator/blocky/0.0.1/templates/_blockyConfig.tpl b/incubator/blocky/0.0.1/templates/_blockyConfig.tpl new file mode 100644 index 00000000000..1246345de5b --- /dev/null +++ b/incubator/blocky/0.0.1/templates/_blockyConfig.tpl @@ -0,0 +1,200 @@ +{{/* Define the config */}} +{{- define "blocky.configmap" -}} +{{- $configName := printf "%s-config" (include "tc.common.names.fullname" .) }} +{{- $config := merge ( include "blocky.config" . | fromYaml ) ( .Values.blockyConfig ) }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $configName }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +data: + tc-config.yaml: | +{{ $config | toYaml | indent 6 }} +{{- end -}} + +{{- define "blocky.config" -}} +redis: + address: {{ printf "%v-%v" .Release.Name "redis" }}:6379 + password: {{ .Values.redis.redisPassword | trimAll "\"" }} + database: 0 + required: true + connectionAttempts: 10 + connectionCooldown: 3s +{{- if .Values.blocky.enablePrometheus }} +prometheus: + enable: true + path: /metrics +{{- end }} +upstream: + default: +{{- .Values.defaultUpstreams | toYaml | nindent 8 }} + +{{- if .Values.certFile }} +certFile: {{ .Values.certFile }} +{{- end }} + +{{- if .Values.keyFile }} +keyFile: {{ .Values.keyFile }} +{{- end }} + +{{- if .Values.logLevel }} +logLevel: {{ .Values.logLevel }} +{{- end }} + +{{- if .Values.logTimestamp }} +logTimestamp: {{ .Values.logTimestamp }} +{{- end }} + +{{- if .Values.logPrivacy }} +logPrivacy: {{ .Values.logPrivacy }} +{{- end }} + +{{- if .Values.dohUserAgent }} +dohUserAgent: {{ .Values.dohUserAgent }} +{{- end }} + +{{- if .Values.minTlsServeVersion }} +minTlsServeVersion: {{ .Values.minTlsServeVersion }} +{{- end }} + +caching: +{{ toYaml .Values.caching | indent 2 }} + + +{{- if .Values.hostsFile.enabled }} +{{ $hostsfile := omit .Values.hostsFile "enabled" }} +hostsFile: +{{ toYaml $hostsfile | indent 2 }} +{{- end }} + +{{- range $id, $value := .Values.upstreams }} + {{ $value.name }}: +{{- $value.dnsservers | toYaml | nindent 8 }} +{{- end }} + +{{- if or .Values.bootstrapDns.upstream .Values.bootstrapDns.ips }} +bootstrapDns: +{{- if .Values.bootstrapDns.upstream }} + upstream: {{ .Values.bootstrapDns.upstream }} +{{- end }} +{{- if .Values.bootstrapDns.ips }} + ips: +{{- range $id, $value := .Values.bootstrapDns.ips }} + - {{ $value }} +{{- end }} +{{- end }} +{{- end }} + +{{- if or .Values.filtering.filtering }} +filtering: +{{- if .Values.filtering.ips }} + queryTypes: +{{- range $id, $value := .Values.filtering.ips }} + - {{ $value }} +{{- end }} +{{- end }} +{{- end }} + +{{- if or .Values.customDNS.filterUnmappedTypes .Values.customDNS.customTTL .Values.customDNS.rewrite .Values.customDNS.mapping }} +customDNS: +{{- if .Values.customDNS.upstream }} + upstream: {{ .Values.customDNS.upstream }} +{{- end }} +{{- if .Values.customDNS.customTTL }} + customTTL: {{ .Values.customDNS.customTTL }} +{{- end }} +{{- if .Values.customDNS.rewrite }} + rewrite: +{{- range $id, $value := .Values.customDNS.rewrite }} + {{ $value.in }}: {{ $value.out }} +{{- end }} +{{- end }} + +{{- if .Values.customDNS.mapping }} + mapping: +{{- range $id, $value := .Values.customDNS.mapping }} + {{ $value.domain }}: {{ $value.dnsserver }} +{{- end }} +{{- end }} +{{- end }} + +{{- if or .Values.clientLookup.upstream .Values.clientLookup.ips }} +clientLookup: +{{- if .Values.clientLookup.upstream }} + upstream: {{ .Values.clientLookup.upstream }} +{{- end }} +{{- if .Values.clientLookup.ips }} + singleNameOrder: +{{- range $id, $value := .Values.clientLookup.ips }} + - {{ $value }} +{{- end }} +{{- end }} +{{- if .Values.clientLookup.clients }} + clients: +{{- range $id, $value := .Values.clientLookup.clients }} + {{ $value.domain }}: + {{- range $id, $value := .ips }} + - {{ $value }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- if or .Values.conditional.rewrite .Values.conditional.mapping ( and .Values.k8sgateway.enabled .Values.k8sgateway.domains ) }} +conditional: +{{- if .Values.conditional.rewrite }} + rewrite: +{{- range $id, $value := .Values.conditional.rewrite }} + {{ $value.in }}: {{ $value.out }} +{{- end }} +{{- end }} + +{{- if or .Values.conditional.mapping ( and .Values.k8sgateway.enabled .Values.k8sgateway.domains ) }} + mapping: +{{- if and .Values.k8sgateway.enabled .Values.k8sgateway.domains }} +{{- range $id, $value := .Values.k8sgateway.domains }} + {{ .domain }}: 127.0.0.1:{{ $.Values.service.k8sgateway.ports.k8sgateway.targetPort }} +{{- end }} +{{- end }} +{{- range $id, $value := .Values.conditional.mapping }} + {{ $value.domain }}: {{ $value.dnsserver }} +{{- end }} +{{- end }} +{{- end }} + +blocking: + blockType: {{ .Values.blocking.blockType }} + blockTTL: {{ .Values.blocking.blockTTL }} + refreshPeriod: {{ .Values.blocking.refreshPeriod }} + downloadTimeout: {{ .Values.blocking.downloadTimeout }} + downloadAttempts: {{ .Values.blocking.downloadAttempts }} + downloadCooldown: {{ .Values.blocking.downloadCooldown }} + failStartOnListError: {{ .Values.blocking.failStartOnListError }} + processingConcurrency: {{ .Values.blocking.processingConcurrency }} +{{- if .Values.blocking.whitelist }} + whiteLists: +{{- range $id, $value := .Values.blocking.whitelist }} + {{ $value.name }}: +{{- $value.lists | toYaml | nindent 10 }} +{{- end }} +{{- end }} + +{{- if .Values.blocking.blacklist }} + blackLists: +{{- range $id, $value := .Values.blocking.blacklist }} + {{ $value.name }}: +{{- $value.lists | toYaml | nindent 10 }} +{{- end }} +{{- end }} + +{{- if .Values.blocking.clientGroupsBlock }} + clientGroupsBlock: +{{- range $id, $value := .Values.blocking.clientGroupsBlock }} + {{ $value.name }}: +{{- $value.groups | toYaml | nindent 10 }} +{{- end }} +{{- end }} + +{{- end -}} diff --git a/incubator/blocky/0.0.1/templates/_k8sgateway.tpl b/incubator/blocky/0.0.1/templates/_k8sgateway.tpl new file mode 100644 index 00000000000..94cccf78438 --- /dev/null +++ b/incubator/blocky/0.0.1/templates/_k8sgateway.tpl @@ -0,0 +1,107 @@ +{{- define "k8sgateway.container" -}} +image: {{ .Values.k8sgatewayImage.repository }}:{{ .Values.k8sgatewayImage.tag }} +imagePullPolicy: {{ .Values.k8sgatewayImage.pullPolicy }} +securityContext: + runAsUser: 0 + runAsGroup: 0 + readOnlyRootFilesystem: true + runAsNonRoot: false +args: ["-conf", "/etc/coredns/Corefile"] +ports: + - containerPort: {{ .Values.service.k8sgateway.ports.k8sgateway.targetPort }} + name: main +volumeMounts: + - name: config-volume + mountPath: /etc/coredns +readinessProbe: + httpGet: + path: /ready + port: 8181 + initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }} + timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }} + periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }} + failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }} +livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }} + timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }} + periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }} + failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }} +startupProbe: + httpGet: + path: /ready + port: 8181 + initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }} + timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }} + periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }} + failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }} +{{- end -}} + +{{/* +Create the matchable regex from domain +*/}} +{{- define "k8sgateway.configmap.regex" -}} +{{- if .Values.k8sgateway.domain }} +{{- .Values.k8sgateway.domain | replace "." "[.]" -}} +{{- else -}} + {{ "unset" }} +{{- end }} +{{- end -}} + +{{/* Define the configmap */}} +{{- define "k8sgateway.configmap" -}} +{{- $values := .Values.k8sgateway }} +{{- $fqdn := ( include "tc.common.names.fqdn" . ) }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "tc.common.names.fullname" . }}-corefile + labels: + {{- include "tc.common.labels" . | nindent 4 }} +data: + Corefile: |- + .:{{ .Values.service.k8sgateway.ports.k8sgateway.targetPort }} { + errors + log + health { + lameduck 5s + } + ready + {{- range .Values.k8sgateway.domains }} + {{- if .dnsChallenge.enabled }} + template IN ANY {{ required "Delegated domain ('domain') is mandatory " .domain }} { + match "_acme-challenge[.](.*)[.]{{ include "k8sgateway.configmap.regex" . }}" + answer "{{ "{{" }} .Name {{ "}}" }} 5 IN CNAME {{ "{{" }} index .Match 1 {{ "}}" }}.{{ required "DNS01 challenge domain is mandatory " $values.dnsChallenge.domain }}" + fallthrough + } + {{- end }} + k8s_gateway "{{ required "Delegated domain ('domain') is mandatory " .domain }}" { + apex {{ $values.apex | default $fqdn }} + ttl {{ $values.ttl }} + {{- if $values.secondary }} + secondary {{ $values.secondary }} + {{- end }} + {{- if $values.watchedResources }} + resources {{ join " " $values.watchedResources }} + {{- end }} + fallthrough + } + {{- end }} + prometheus 0.0.0.0:9153 + {{- if .Values.k8sgateway.forward.enabled }} + forward . {{ .Values.k8sgateway.forward.primary }} {{ .Values.k8sgateway.forward.secondary }} { + {{- range .Values.k8sgateway.forward.options }} + {{ .name }} {{ .value }} + {{- end }} + } + {{- else }} + forward . 1.1.1.1 + {{- end }} + loop + reload + loadbalance + } +{{- end -}} diff --git a/incubator/blocky/0.0.1/templates/_webui.tpl b/incubator/blocky/0.0.1/templates/_webui.tpl new file mode 100644 index 00000000000..881bee2058b --- /dev/null +++ b/incubator/blocky/0.0.1/templates/_webui.tpl @@ -0,0 +1,36 @@ +{{- define "blocky.frontend" -}} +image: {{ .Values.WebUIImage.repository }}:{{ .Values.WebUIImage.tag }} +imagePullPolicy: {{ .Values.WebUIImage.pullPolicy }} +securityContext: + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + runAsNonRoot: true +ports: + - containerPort: {{ .Values.service.main.ports.main.targetPort }} + name: main +readinessProbe: + httpGet: + path: / + port: {{ .Values.service.main.ports.main.targetPort }} + initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }} + timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }} + periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }} + failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }} +livenessProbe: + httpGet: + path: / + port: {{ .Values.service.main.ports.main.targetPort }} + initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }} + timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }} + periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }} + failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }} +startupProbe: + httpGet: + path: / + port: {{ .Values.service.main.ports.main.targetPort }} + initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }} + timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }} + periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }} + failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }} +{{- end -}} diff --git a/incubator/blocky/0.0.1/templates/common.yaml b/incubator/blocky/0.0.1/templates/common.yaml new file mode 100644 index 00000000000..5a906f353a2 --- /dev/null +++ b/incubator/blocky/0.0.1/templates/common.yaml @@ -0,0 +1,50 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.common.loader.init" . }} + +{{ include "blocky.configmap" . }} + +{{/* Always mount the configmap, with the basic config, plus the 'blockyConfig' */}} +{{- define "blocky.configmap.mount" -}} +enabled: true +type: custom +mountPath: /app/config/tc-config.yaml +subPath: tc-config.yaml +readOnly: true +volumeSpec: + configMap: + name: '{{ printf "%s-config" (include "tc.common.names.fullname" .) }}' +{{- end -}} + +{{/* Append the general configMap volume to the volumes */}} +{{- define "k8sgateway.configvolume" -}} +enabled: "true" +mountPath: "/etc/coredns" +readOnly: true +type: "custom" +volumeSpec: + configMap: + name: {{ include "tc.common.names.fullname" . }}-corefile + items: + - key: Corefile + path: Corefile +{{- end -}} + + +{{- $_ := set .Values.persistence "tc-config" (include "blocky.configmap.mount" . | fromYaml) -}} + +{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}} +{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}} +{{- $_ := set .Values.podAnnotations "prometheus.io/port" (.Values.service.main.ports.main.targetPort | quote) -}} + +{{- if .Values.blocky.enableWebUI -}} +{{- $_ := set .Values.additionalContainers "frontend" (include "blocky.frontend" . | fromYaml) -}} +{{- end -}} + +{{- if and .Values.k8sgateway.enabled .Values.k8sgateway.domains -}} +{{- include "k8sgateway.configmap" . }} +{{- $_ := set .Values.persistence "config-volume" (include "k8sgateway.configvolume" . | fromYaml) -}} +{{- $_ := set .Values.additionalContainers "k8sgateway" (include "k8sgateway.container" . | fromYaml) -}} +{{- end -}} + +{{/* Render the templates */}} +{{ include "tc.common.loader.apply" . }} diff --git a/incubator/blocky/0.0.1/values.yaml b/incubator/blocky/0.0.1/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/incubator/blocky/item.yaml b/incubator/blocky/item.yaml new file mode 100644 index 00000000000..cdf4faf49d4 --- /dev/null +++ b/incubator/blocky/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/blocky.png +categories: +- network +