From 396e92a62412cafc10768af300a0e3b19191f7f7 Mon Sep 17 00:00:00 2001 From: TrueCharts-Bot Date: Thu, 21 Dec 2023 15:21:59 +0000 Subject: [PATCH] Commit new Chart releases for TrueCharts Signed-off-by: TrueCharts-Bot --- enterprise/authelia/20.0.4/CHANGELOG.md | 99 + enterprise/authelia/20.0.4/Chart.yaml | 54 + enterprise/authelia/20.0.4/LICENSE | 106 + enterprise/authelia/20.0.4/README.md | 27 + enterprise/authelia/20.0.4/app-changelog.md | 4 + enterprise/authelia/20.0.4/app-readme.md | 8 + .../authelia/20.0.4/charts/common-16.2.9.tgz | Bin 0 -> 95855 bytes .../authelia/20.0.4/charts/redis-10.0.4.tgz | Bin 0 -> 101998 bytes enterprise/authelia/20.0.4/ix_values.yaml | 578 +++ enterprise/authelia/20.0.4/questions.yaml | 4201 +++++++++++++++++ .../authelia/20.0.4/templates/NOTES.txt | 1 + .../authelia/20.0.4/templates/_configmap.tpl | 363 ++ .../authelia/20.0.4/templates/_secrets.tpl | 53 + .../authelia/20.0.4/templates/common.yaml | 77 + enterprise/authelia/20.0.4/values.yaml | 0 enterprise/vaultwarden/24.0.4/CHANGELOG.md | 99 + enterprise/vaultwarden/24.0.4/Chart.yaml | 41 + enterprise/vaultwarden/24.0.4/LICENSE | 106 + enterprise/vaultwarden/24.0.4/README.md | 27 + .../vaultwarden/24.0.4/app-changelog.md | 4 + enterprise/vaultwarden/24.0.4/app-readme.md | 8 + .../24.0.4/charts/common-16.2.9.tgz | Bin 0 -> 95855 bytes enterprise/vaultwarden/24.0.4/ix_values.yaml | 149 + enterprise/vaultwarden/24.0.4/questions.yaml | 3508 ++++++++++++++ .../vaultwarden/24.0.4/templates/NOTES.txt | 1 + .../24.0.4/templates/_configmap.tpl | 111 + .../vaultwarden/24.0.4/templates/_secrets.tpl | 37 + .../24.0.4/templates/_validate.tpl | 17 + .../vaultwarden/24.0.4/templates/common.yaml | 17 + enterprise/vaultwarden/24.0.4/values.yaml | 0 30 files changed, 9696 insertions(+) create mode 100644 enterprise/authelia/20.0.4/CHANGELOG.md create mode 100644 enterprise/authelia/20.0.4/Chart.yaml create mode 100644 enterprise/authelia/20.0.4/LICENSE create mode 100644 enterprise/authelia/20.0.4/README.md create mode 100644 enterprise/authelia/20.0.4/app-changelog.md create mode 100644 enterprise/authelia/20.0.4/app-readme.md create mode 100644 enterprise/authelia/20.0.4/charts/common-16.2.9.tgz create mode 100644 enterprise/authelia/20.0.4/charts/redis-10.0.4.tgz create mode 100644 enterprise/authelia/20.0.4/ix_values.yaml create mode 100644 enterprise/authelia/20.0.4/questions.yaml create mode 100644 enterprise/authelia/20.0.4/templates/NOTES.txt create mode 100644 enterprise/authelia/20.0.4/templates/_configmap.tpl create mode 100644 enterprise/authelia/20.0.4/templates/_secrets.tpl create mode 100644 enterprise/authelia/20.0.4/templates/common.yaml create mode 100644 enterprise/authelia/20.0.4/values.yaml create mode 100644 enterprise/vaultwarden/24.0.4/CHANGELOG.md create mode 100644 enterprise/vaultwarden/24.0.4/Chart.yaml create mode 100644 enterprise/vaultwarden/24.0.4/LICENSE create mode 100644 enterprise/vaultwarden/24.0.4/README.md create mode 100644 enterprise/vaultwarden/24.0.4/app-changelog.md create mode 100644 enterprise/vaultwarden/24.0.4/app-readme.md create mode 100644 enterprise/vaultwarden/24.0.4/charts/common-16.2.9.tgz create mode 100644 enterprise/vaultwarden/24.0.4/ix_values.yaml create mode 100644 enterprise/vaultwarden/24.0.4/questions.yaml create mode 100644 enterprise/vaultwarden/24.0.4/templates/NOTES.txt create mode 100644 enterprise/vaultwarden/24.0.4/templates/_configmap.tpl create mode 100644 enterprise/vaultwarden/24.0.4/templates/_secrets.tpl create mode 100644 enterprise/vaultwarden/24.0.4/templates/_validate.tpl create mode 100644 enterprise/vaultwarden/24.0.4/templates/common.yaml create mode 100644 enterprise/vaultwarden/24.0.4/values.yaml diff --git a/enterprise/authelia/20.0.4/CHANGELOG.md b/enterprise/authelia/20.0.4/CHANGELOG.md new file mode 100644 index 00000000000..0cbca3c3570 --- /dev/null +++ b/enterprise/authelia/20.0.4/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [authelia-20.0.4](https://github.com/truecharts/charts/compare/authelia-20.0.3...authelia-20.0.4) (2023-12-21) + + + + +## [authelia-20.0.3](https://github.com/truecharts/charts/compare/authelia-20.0.2...authelia-20.0.3) (2023-12-21) + +### Chore + +- bump everything to ensure patches are applied globally + + ### Fix + +- ensure the cnpg GUI is included on CNPG apps + + + + +## [authelia-20.0.2](https://github.com/truecharts/charts/compare/authelia-20.0.1...authelia-20.0.2) (2023-12-21) + +### Chore + +- update helm general non-major by renovate ([#16341](https://github.com/truecharts/charts/issues/16341)) + + + + +## [authelia-20.0.1](https://github.com/truecharts/charts/compare/authelia-20.0.0...authelia-20.0.1) (2023-12-20) + +### Chore + +- bump patch versions on all charts for new GUI release + + + + +## [authelia-20.0.0](https://github.com/truecharts/charts/compare/authelia-19.0.17...authelia-20.0.0) (2023-12-20) + +### Chore + +- update helm general major by renovate (major) ([#14631](https://github.com/truecharts/charts/issues/14631)) + + + + +## [authelia-19.0.17](https://github.com/truecharts/charts/compare/authelia-19.0.16...authelia-19.0.17) (2023-12-20) + +### Chore + +- Bump everything to force min/max scale version update + + + + +## [authelia-19.0.16](https://github.com/truecharts/charts/compare/authelia-19.0.14...authelia-19.0.16) (2023-12-16) + +### Chore + +- fix move mistake and cleanup metadata + - update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784)) + + + + +## [authelia-19.0.16](https://github.com/truecharts/charts/compare/authelia-19.0.14...authelia-19.0.16) (2023-12-16) + +### Chore + +- fix move mistake and cleanup metadata + - update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784)) + + + + +## [authelia-19.0.15](https://github.com/truecharts/charts/compare/authelia-19.0.14...authelia-19.0.15) (2023-12-16) + +### Chore + +- fix move mistake and cleanup metadata + + + + +## [authelia-19.0.14](https://github.com/truecharts/charts/compare/authelia-19.0.13...authelia-19.0.14) (2023-12-03) + +### Chore + +- bump everything to ensure catalog has latest versions + - fix annotations again + - update annotations + - cleanup chart.yaml and add min-max scale version + - lint files ([#15238](https://github.com/truecharts/charts/issues/15238)) + diff --git a/enterprise/authelia/20.0.4/Chart.yaml b/enterprise/authelia/20.0.4/Chart.yaml new file mode 100644 index 00000000000..6a4d5e95b4f --- /dev/null +++ b/enterprise/authelia/20.0.4/Chart.yaml @@ -0,0 +1,54 @@ +kubeVersion: ">=1.24.0-0" +apiVersion: v2 +name: authelia +version: 20.0.4 +appVersion: 4.37.5 +description: Authelia is a Single Sign-On Multi-Factor portal for web apps +home: https://truecharts.org/charts/enterprise/authelia +icon: https://truecharts.org/img/hotlink-ok/chart-icons/authelia.png +deprecated: false +sources: + - https://github.com/authelia/chartrepo + - https://github.com/authelia/authelia + - https://github.com/truecharts/charts/tree/master/charts/enterprise/authelia + - https://ghcr.io/authelia/authelia +maintainers: + - name: TrueCharts + email: info@truecharts.org + url: https://truecharts.org +keywords: + - authelia + - authentication + - login + - SSO + - Authentication + - Security + - Two-Factor + - U2F + - YubiKey + - Push Notifications + - LDAP +dependencies: + - name: common + version: 16.2.9 + repository: https://library-charts.truecharts.org + condition: "" + alias: "" + tags: [] + import-values: [] + - name: redis + version: 10.0.4 + repository: https://deps.truecharts.org + condition: redis.enabled + alias: "" + tags: [] + import-values: [] +annotations: + max_scale_version: 23.10.2 + min_scale_version: 23.10.0 + truecharts.org/SCALE-support: "true" + truecharts.org/category: security + truecharts.org/max_helm_version: "3.13" + truecharts.org/min_helm_version: "3.12" + truecharts.org/train: enterprise +type: application diff --git a/enterprise/authelia/20.0.4/LICENSE b/enterprise/authelia/20.0.4/LICENSE new file mode 100644 index 00000000000..80e4ab93f92 --- /dev/null +++ b/enterprise/authelia/20.0.4/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Cert-Manager" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/enterprise/authelia/20.0.4/README.md b/enterprise/authelia/20.0.4/README.md new file mode 100644 index 00000000000..8c172102642 --- /dev/null +++ b/enterprise/authelia/20.0.4/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/authelia) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/authelia/20.0.4/app-changelog.md b/enterprise/authelia/20.0.4/app-changelog.md new file mode 100644 index 00000000000..42bbf64bcb2 --- /dev/null +++ b/enterprise/authelia/20.0.4/app-changelog.md @@ -0,0 +1,4 @@ + + +## [authelia-20.0.4](https://github.com/truecharts/charts/compare/authelia-20.0.3...authelia-20.0.4) (2023-12-21) + diff --git a/enterprise/authelia/20.0.4/app-readme.md b/enterprise/authelia/20.0.4/app-readme.md new file mode 100644 index 00000000000..9417c0c13d5 --- /dev/null +++ b/enterprise/authelia/20.0.4/app-readme.md @@ -0,0 +1,8 @@ +Authelia is a Single Sign-On Multi-Factor portal for web apps + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/authelia](https://truecharts.org/charts/enterprise/authelia) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/authelia/20.0.4/charts/common-16.2.9.tgz b/enterprise/authelia/20.0.4/charts/common-16.2.9.tgz new file mode 100644 index 0000000000000000000000000000000000000000..c1db66f45200b3e3145055a639076ef656467e35 GIT binary patch literal 95855 zcmV)9K*hfwiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ%b{n~|Fgm~a6j+pVV$BgL-YGG0)|MrWN8iX2w;_3h%|=fHO_}3(t@9e^_0E%g3)e>9c#$Z|_OSQPSnLK0g+c+SDpVC5GMy6t@N@!0 zR-MDC_rvC&TCG;=v|8fdTCJA;x7KOaf2gU9Jp(S8C!!37 zKh&PwR=RWF$O8lX5rq^JzXxWG5)1{%Zcupcf(fObfum`CqShTdih#{&yR@`M;HC z4^%4Pokxby1Cj|!WAUq30ziBmAO@i8Vm|Gm2jo}a!6EWEyURa%;PaQo6`=1E2KhT) z%leh6s%!AcLIda^@%8rl?79a|qcB81^X7n(DFS5pZ{#ovTmpQ;0F8oxgbc6=rfPBu z06kDHmjIX|20d@cd#2huaa}53U%s_*0*nBP!WniD6{Vr;4&?6>8*@IrO8~GCq7lAN z16Hq#0E5>L6XXLQAs4y(D>TDlpZjp=Aqq$cTukNPY=XcDe?l&pV%PQ10}OcyA3)Co z*dK?8Qq_+=a0-1eM1agt7)Bm)L4ZPCNEAV$g`YUQ_c6Ex5+_06VMMLwc)uRi+9=(Q zcnd&9Ev?Q3V!twk6g%n*2YVez<~jhwIdIVkMjitX*z*7j=YSEbXxSs=J_^c$N`@oA z5K`oF8tK=jN}6i~^G#5Kw!F7N;LQOZ@otlcQxfvG*$K`)t8Ap!Co z64Hw3@eB1;@a}u;<7qSnK5PbaZ1@cD!NEA_4ij%&4=t|6IH@HQg>m=elBKwJu- z?*hJG%iR=U-|-?B`(xnv!C2IG38G@|%5Mlz27R{zJ>nw)qXY!d6VK~`5%ef3l}3CP zL+AcX5`&th>I{vrj{xK~LO4dJ9;EaNP7z=esE9U1AmZfUf(z%^{>M{VDrD9E$5V-b z0cSTRh9U^b5COiKmw^0nD>im60;J2T$qo7;VZ>}H=Gv=tKG^*R2A9GsTXk} z>Y|^)iwhK#A>WCyi(kpg!OTflyFq-kRL6svBY$h!rwaE!o`M1X9m%5nuO6t^YVUBm z;K$QjU2x{G1qJ&bPY-$F6URZ6g7?G~YY7xT#VLx*4OyL-5NeA;EW4a5GY)$52 zLf{l9>odp~HU`H%FsoPVwQBvp=ma*}onEu!HX5ikJc9Lh>$rYAJgOfL-EQNk*>2Xm zM@{6w<65_K+-;zvk<)3`JFVm4u#2FJy4{+4oNOnEJP!oK!wyH3|LTh$J#aC)BCH=G zihNco2~nH zMIPu9V%o^hd~#p_huFgm$NN2W-5&U#f2v<@NX+EoE85BBWl3-4zjD!#GdUv?g#&=q4hADe zrjTI=dfwbrfUXNpf4=_p>HrMRZ$Dg|iGSbme}B6E_3HfQ0Gyqi-d%q@zqz?MJ2&-g zG{N=NVNRHqr&4}v7=>+;?q^IV!&-wB_rc=nA ziR7v%2s|`JK7*d9K@Eq{IdzyPf6MuJgD8nYu9Ph8bEu1Q{5(9xdfRh?s0UiLT5T$R zPSI2>Z%1M;4$*HBqKTsQRKa%bJua0@LsC2y6|O#BoL!vUou2dudXt8pr%+erlGI&5 z+km(hXem%DIp`Am_ZHht2xV7@J&^D|`LfU1$bNCrKTW>i>xl)4PGHC-F~0p=#hZuz z93rtJ>cKqm9^jmFi0f1RPDx`w;gB-<<&^j%JeKqzaffW_-**Y4W*rcFQxBBuWrgI4 zhap9pEx1%ZKpt`!Q7hwpG(@3~7@~Z8f}u0%fij%BotEMA4_xA91R#GzLWfJpW5QWK z;LD{Lk~0)|WX{=8O6>y%85%|205NJQ9=uQTuYsr=tH2~69vRQ&>r>)W7DDVZjW#15 z3bj5f-cV)^F_S8#k)h?tbDSKD={pCf)d`i&|vsR{!COOLqzQc zvhwk=rsMvWKYs?*kJ6;5l$9#)Ks6vCqv}tk@PIF0$|)d$P%t@=SIeL<7>*GWTIzp{ za=f%@UOe4wM*9A~yPJ~j*XS&Bf*0$7oTyxl`XFd({CuU&Oeqk=q_*`PjtZiSSZ)xv#7p&Jky@$C) z9g$;*rU9FuVJR4i1+)*@qz4XVWm!@Tlw2`{@kPOy!O$aP`p5=mFg)bdl|+N2%(W&V&f%wX0fj{d49Z}%V2f)1P$~XT6 zdqf#Qb#?rk-{b$OHfptcrPiuCWLia^;56`1PnqkgTrjHAIjvVe&41T5y~ytYgT{zT zLm2wRT43)w-3ss4h0jnp5`v&!ud)S&X@n6a%W%Z%$H%Qott}7>kvoB`$3?e#wla*^ zWPqqR{nPINU)w?{9+oMYBK@-*mk1!G4j+LO93Wgb6A%D)l#_!fIIi$6g!n*<}8C0%$!A#7ED#Ek%|i$90=v^`Pu^@ z(+U9h*ym%_*ELk*;3wYPT1 zG{9i?yaNWnOc3WPo&o)j0%^)1!%oE?(dWiMwq%BHN?fjOj;MaYr47WV$00{g{xahz z+EAE_zis5{boe63)9LUD$P2b6LRyoby%9lC!&l@UxXgAX@h4- zW|;3IrW;l3RZM~q&rAvV!+hHVrvfB69bEAJPV8*N2VB0^W%ynXK7Wz3No=_l$?MdI z0iBSg3+mHn)j+jG4L!6mr97Q$G^{-#S4rpcuq?12C~_kj3j*yH0vd)+rJ1T#l$ z?_66^XS!p=0Q49Nk-Kl8q_C9UT$#a;l7c$3@&An+hFmZT$rKDuPcF}`)A-UJxb{8i zi58*}3dM=1;8*|SOdENjyA>vxNyI)GZ6s);!rChz%5!9N(K-4h5G7V4xLaFV!DA0r%&{pu(t4xh> z2pv(5|B;2~Ko4bxSHjKxlO*9{AQ>GWdkhAERQFDj@D#Rlnr* zkne&@>i3r~CEX7x56eT03@tOQ%dfhQ-E?l7=EW=CJJ5ThAy~d(Rn8v?4Dm=TwX%-> zV8bzBekM~?*tr2hU`j%HkpAP3!jzZj-H$&4$iQp(BOHzC%82h1jtB__xV z4nUyVCO*Y33blhE=b#vaMGYR(fcTVzYI@?o%kyL^4R>6c0ha5m^0ZR6jgnzIHFfv) z_DbUa?d}f(+z`URwRC8d#rF18v(m3gI{GQ#Vw@f(*qH#iVhTS(;h8o>V2pee zLWbOuEY7>g=TpkQ6d&A*^Ed38Q*C3HRKF*LGV_gu>hC~EZpur}mf7^t6wtnYrj+qs zvfe23aqM&;=6{(ZTvq)(h@G~Cm{XHvfLX=V=qE1@-MWP#}aQ2Ror-Q zG^@={wWhr{YL46N3>)2%GjbaB;V~R`n@6yH+=54_)$O9=7HTy{Zr5qRcB9=q?$q1E zVZ%9cpwn=>ZM4uy!$*ux2w|(Ds>>T(Yt?!^#uas7qtiHQwVU-}qg6ZVv|(-7th;sR z=&0F7M+nuAI*sn}v2#@K)aotNa@xmEy;ZBjA*ws=g}5?^J+UXPima(%`NgywF}6pw z4jMsc)OBiYw>fef&JlE)4m|GEI-~Yct8-jyG)CNG};8f>Ct=+>K^dbj1)P@_9q z?EXSrr5mn_F0WCMRSd$dYW>I}Z~OSDQ+FEOcC&R{JFeH9+R@Nyy2Cbtwc|#!bz2#uO8bi5Ex>V%LvlT{H_ z#Wkifw!{#$>((KJ9n?5R-JvsTqUNaHghwN%RX?gV9e7k9HahjzsM~Ps^~O=xfi2g8 z!`4x|Hgt~{BYGbVk;A-I5mm)4UTs*bK(o<=!!CqP)OFBN%c(V5?x=h0)<(@vt8vtD z>h)&3b$r}7J{q-KL)3sSYIWMRBUrC@oYrt5rVnGZ@(RGqY8>m;T8v@6+i4B!!(sP$ z*mj#u953AfS6Tu?HF%s&4Tq#)9D^HJ8pM4Y&AQu)i@fp-FAC89KsqJcAG=T9Uc#z zMy*k6by1_;Xby+NcJr9i9Ca4rJ%u5L?(lJFtID}pw~ia|xYIsv*XwSxadb3<$HPv$ z*%=M%UAOKGYt8Ox*gWcX`0R5>BiMF_&al?1L1#ETYQu$Chsec`B(_r4aUo?E#4?7IU<8c0 zkk?cJ;0T%+$BQL2QMD?v)~axA=hNg0TOS=YUF5iun*!gQ41G*WKU6BMFqX%C#l;ahQ0 zN4n}k*F`QD(4i|rIUsPchzW(^9NeQhpm>Ts7;;sFL;mv=V*k$?PPK4MwWg48#jwIl zvN2EDs3kY!jQSqlE5m|No}?3ot_fZXtpfYX|LFh-lga@=%&AtZ`&9+!LYN;y5!xe^ zWHy05sB16>V9HyelDbfOpU0m?Eg0S-7eJ~}s22E@s17SwnA$*~a5&Umttx-#-y$5Q zJB~gD(08RWDNU@Wm}0*zhXdkxZ46~*$_Z02+$f{ zVaJwq#WYp}ZQ|&0x{(b~@QZPY1R}EcxMb;~mSH@O@Y1nFoNG0gC{0!PL+W>29aUBG z6y81YKcnJWr4?6;|5|1-Yf^F@JD!j>bBiyQb^t$t!d#RX_7VvzK6D|hOvSj8X(kCv&i9f<{Yv3< z#Xdu0?OClIh*8MiLm!S&nB$fhZv~6Hm5OTyg|3Ze_2i4^0~(5m3S?Dc;XEM18QgLl zt>hM65__zg3rRr1kTaNxE_Z>TNhY9Ja*rL53+$lWG&%MPBa-DqhK?$HndL znc1F&YU0`qMw!+sVug&nI6ncl=I{(#*vV!Z@yk^oYqQ-0Xxyc&E4 zYKf7rBA{lK5}8R7_0&P0^+s}u^r&GB`{SN8xXT#ul9M{M-_Wbswmy&nJkf8@S2O){rDteMC z_cSF*0O5eup&5rH(<^ZCSBkt8Kp!9&dR(SvP@awQ{SZMGh3Fu8wx&HXA{auSA*ED6 zhegoy=HP*Z_d+Loi#VE`5Gsro`iEl5J0gIM>qz1RHsWoFeT_tngT@Xr=WHqsM??{b ze2??soJ8OO`hqW+RK*|zA*T1GJ@7yO6Qa>S|M}Xa3z8(SzyMb%9@FamkqBur@(Dep z0dfxaRKcn*qrR{|Rz?5R7|rU?3ns9!U#MsbBCnxlit-DUOs%nqlEO<;eftPK?CP*D zzz6c(P5<%*CRCqPNhOH<=n^{ng^{NgK0aEU zk_j!@wx{U89chx__2L-EG}s|@?vd{b!7M~TM8fj5M~9vQIw6tgau%b=XH~N~sfsao zNch^o#?_pTbdW0~0; z$9{@>C?zHfeK@g2YZ-v+)(NdvKPrawuv7|&dxmKki6!W5q(zOKV5iiYrrbcac>`SP zgio=HkbD*EDe~AG`mkDwh9nkEDNGkN<^zFSIy)*;q<7(Qj`Z|!bvynqstd6 zSuDqSRu5}krWiBu5SohN)#l&6d~-=2P}o=asKQcRGUBD|t^AY}eudCyy%NqDf-#&B zL531Jab&hB7fqq>mJ-QwBvF$2b2dwp0ETdin26(+KFPu=Dq;jQK|+zkMtu{ipY(h@ z{}e!9X5F)?EWW+PK9}6y3peYF=@hvbGF?RYE$i@f<(Iby`UVvvF204%eH092|1XL3 zSb0tNtJVTCjXZ_}4_V?OVG|SrB=Z8iru%xm9p-@p)DvqjM}bQ@TAZ384~2vaP{OHj zRWkt#62)g!eZbm%ai0&WrH!8m6b?Xt{R1+n%`-~PWj(TduBJ$ z7%3dX1R*pZ6d|iCRqcu3qELgC3GP(uwsZC{a_$k!CA$0~lW|#O#(q^B$la=eBum?n z9e9d_ek^^?pitvGEr5K7aHZz-1PmkJmHEE7s4omGGZf;{TsYQU4)~tvOF6_66;w|x zy6Z+|lL_B*v8(Csxi}R2#vDXGr?8Ymq33~*g2zRyQihLgVM%r~uWi{#GgVi(MK$96!O8GVr^R#Cbkd>(ozjB#G=9>u=gN{e>!XcT(3p8JbTqGRvI8s`5JJdlSV1$w9%56)y z&!*QU*^ITr?(t1_Y=x}u0YIBSkLeoB8q^9#3UgOiGk%%c;( zznvg(ab|`l8XB2I)08u+_@>w&N@xEA&Nwa}DTPafM+g&+JW2Tf|KIyzL4 zhD>~KzHi}fl}TW%+S9QG@rNK9de}+!*w*IWo%Z9yMOj-frsf2ua7tS)0TwDLX!5jr zl(4^uwOVB|0a#2wHW$$W2nvl@4!Wi$=iCwYQ1vxOH%*gdSVjCnE;wTMxyONRrL)#N zKth@Gam1S!M*xF+9Nb_Cm2@HC;=MS9hx()1D|F!JEI3VtG? zUY=E@Q!<^3Qv!UC^g^m=EXCX*I!L|u$e6}%)zEdN3Cx3IP^oCdE4-f-=Fy7W0%J^a zyVfi170HSp6M<1r7Zzu^@E#{ECgb~JaWTIQOI}QihyStHSy>xsuxSBNzn7M?p|DUg zc#krIOhzcJR;vZ5t+Otb#wo37S!B#0}REjmTy4U)9=EX=m@A2BuqePQ}f`26` zS-=^xP&Lu1f5~B`TxQSg%JS$uXIB;Z8N-xmGmZLnAkdAK`h9vnTwjsI5L$WDg;$ud_0}v2b{cV{a%gIvON5r-4@Y?;zGSE_EXH~~B$afPC7!?(B zHMLTWizuoY^m?Fe4ARsIVW86{+aHoXTGH)FnS&GkCsV{GD55t}oG~@`K!2=KUw-~# zoul&sl;-_}=ffWGFlA!V31J4%mF8v zp^&TE6D<{ITa1s%(rxd7%luYlXF)_YRMW7k8N*a`iCe4~=LSQa@;64ElASV`#=hUm z<3Mhi6XZ?hX*;#`JQ6ChkpP8U>Y*k5mvI9ZmoGqIBFVKttPAqre52(%nw>NnilcR1 zssv1-RQ7Wr$z$Y#2P8yqz4ga9rPEP!`PH1ct9WeWDwB$ALpUeRl#Y;H*?>Nmc@OW! znZ92ck;u2(oWRhnj3D;(aRvYT+CL9Nz7iy%K*J>H6APgQg>QHwRClBnqId+abs@z; zdjgaY{y6D`JSJ_9!Xyawg&Q&9F{e!AyE4#R-^ZaGG?qcr*J%_$)6QxuLW|d?B7kv; zRbe_FiCiBtJVTXWTm&~+YGv3cWRMMk7m9gAgxL7Ff`BChsra4!#XDEaoAL9z~ zX_XhH#ywX{Z^%`4SHaQuXkP5Z4_#OJAuegz_{DteU#aG+;DW8tGzXn-+={{Gvna6L zI_wY%-WcClt2v$-T2eazDiHWUN4OjS6C1+UA3L5^Iwr};AwHXbH3eZ9$DJb=xF`sb zBSNy{-CZ|Xim|=bz>7j+WXXK$%Wo!>ANwN`J1*rw$-AdZw{QJ5^vLj#iwe>-aDPM( z!^p4Fi8|U<~#j)j)zC~xJC`02Nfg93Kv`YBgX>Ca`M?=m-~%GY{)0^9UqUoAS9pWcb-VJlb{Hvs^!`cLA{2`DF zC=!ARQptVxl7qrGNQ;ts5g$tXsoOIpt8|ho%-@8F4+$5W6nI4l(VZev_$J|_wigqV^UsB$BYjzmkazXLh+p@$}2$L;gPXOSh6GHTs!A$ zA`Xeq*Hde$=A&T4H%o(F^PjTDTWs>ErQWLlyeoc!SXQf!IdJn4fZru&%Cc49AuyYNf(OK=aclKC=3oLcsb` zRw?QZt24@5v{waNyHF0tK%j45ILD&mL%wlVjx}J*}&0W1b~av&_YG zieK#=RbSLbLM9ZIa0;zhoJ4y4>|8Hy8!Wg3Bb995`XG#<^+vN%m&CDR(KE#HO@PfB z)Uh>-JjZ+4O7bQb9ZBg(PfCA`eeLI)^0rSz3`*u!F}}n_)#5;3kPh9|wNvI@gWwwR zw>JEo_*-+Ykwsy-^GVB{TBxma_ryM%^(f|hbqN5S8Ees=pvyeVhG2kacLR~qZ8J}a z%VWYz!m&MJs1!ki5LL9OMnc#EQ3{C zTO*;TKN*3(`KY{&4)k7ZsNh2p3_+a|f^AYUAaWf>hX)}$l6BTHPt7pZ{v;P7WvqSMxRd6bfEvXn&5`rjj#ZOzm z5M!WvT8*KGNTe#{ATGJI`!mfN5N_ zRw?x*-jY|F>GoPuw0Y*vbl${OG#&D}JCbKMzGDuz%lZ*Y*#qT9yYmj0SHS84dK*US0eXW~ z@v2m0UJ1FdaoX3oBx7$cnA$?)p4724BIZg(8RMl*>;}Gd<)V4_9(8zQdt_bgiBR)a+4yG0n3MO!dzz`un9xHi=?kMv3rY~T) zw&qQRd4R7W;I&%l_JPP1T?stsAn;nT;Jy}R6`~&mEZM7`1t#wCfQ68u@%*dka}QwC zXLWBXa>47!r%}Ll94-!-rCv~A3jGLr;B{OeHdLQW8CsmJCvl~!)0V~n>_&Q4>#B;{ zxiv8eXK(1)Ie3y!w&$9tZajuo^LFFLBTMy8f7ALj3b_JS(6pGCF~217wkMYg6_i5fA7-HJ3bY61Q;@W>c=XokFl{9NJE($NDb3`uwZ9$?7z zfCG6vW+-<6Tr`Zv2Y`j~L6S$tmmG3WPV@u@X``xK;Z9G~slF%1+VX#n*SrBz*Td7^ z;bHPLSoz<^=A1(%Umn5$-hfYZ!onMjXdFGu29VPR#HN1yVXMV)&ld?bY7 zL1tw~V8BO#Z{*T4DkroFcF|Iy*y_#x9;bD>NH~j{kS>v)F0a+Z1;^T9jQFU!up9CD zZ5E=;B$V3~M_xd2ARWVyxMf+KxaT0@9vBSxATwTW=t2KpWyn%zS9*pd$TFN83l$aw zy!vo?S&c_V-Egb1llR{%70DDzjI?e?$=!qhz62(1@#Yv!OZ9n77OMjmi@ha;@#QeM z@G(1kt6ij>Jk*D}tjPx@Xpeo&+@X#|dRli(6NeimivcTfHDV$Ek+SM=Dsfs2{`)eW zOX&3G{N(l=od5my{AzGjxWzoXIzgeRhjoYoqCpSbVkr=*aorls<${O<^b7^RNdCI7d3%0Y&MASDY4Y~W^$~s(C3ABW6WLd?`JCnqsYU3f*`#YiDuYk=EhEwP#jRI+`67UnIf<+C? zFoaw_Mo=ZfFe{fa$XCG!ibj!_idaj_qcRvZW;sEiQ@(y*iS@hx?f{?}@@1b$#6+N2 zoC`EzM*(W|dTI=rBDxocKyjkUt_Xft1ER-D{xo-{n-=6k2?k=I^I2XE z;8oJ=W-paV(gYkCk0Nb2(@y7!v@!8q88qWfm^Q0_m7yTHdZ^>0;&gsA#}eV07Ys*l*=UoEPqLBAtp?4ceQ)1u~GM47tkzHi^n zVg;Q6+7vEVg1>0<0Kngciai#p6qyhFTbrsBE{6-%7|B`U)14;=< zz7-hs7J!P=2@IH!JQ5I-QMfsuGC0WB14wVlJxX@X90^^eGYDGa)&oP249yqpPf&>2 zPa&C#(LXs$#Wu)sThPHAf{yRed3?x}&VFd!e`C4dEi|dBbtG$9RS6>U!!y91xS~t@ z>NtrsPEnvO3f}wxP-0%%{Tca-uF24uiUJ;mPk|q@1=EAhsLPYOpA-+<6;Ui;+k}U5|zwhlYCw51EN6<(TIfT zgS7BI24vAb&>z1gk?-UlvIT^A_8D8HqOAcY4ps#W1>>QDB5xLju5iqk6Ilz8qQcE} za)@{vGGh#tm)_g0t#>|?IEB+ttYA$`ftbQicQO;i9bX}Opj@xjYGtd0TD9*ues|^o zNtalDXc*g3j5CHEybpaBM4?ByUJ^v&hC6jjpNg~Mg*7Mv<_5W##?Bh^74Jq7SO4&? z=j7t$$jQTyNZIDa%@rb{EY+ij`FQ(;A(dz8!_DPD=MRaUIr-Li_Li#|G2&v9;1Qz9 z?Bf|k)b*{V+j>dLl|U3V)GbWw(?eCvrAWr%R}~grDz8p5_{=0zB#;**J%R+X;)*1Y zg}+V`I39NHCnOSn2WwIxuDco`;__c7EhzEA^{K#X<@TR{I3*%$d|myNo^vM=oA4Q` zL;uUZu)<~N#cO<>l)6mDx=NofaWaVlkIdr~fguu!tV^QcZQzM*{)g}RkskerItv6n zlo6cvEtrRQvHNY61>V|i)M~X_r`7sFrY)_d|7|rJjUVc*cB@`%)EkZ35B#5I{RdEc zmL8{`h%y-dPCSy4&*#sFKbCard}(A9kr*kTX5yDFls~)5^Z^b57B|nUiKC2> zhLMuDKM1dO9l%lg@$k!+(&x_=l~@s!nNywBtCAP1qPeOaLQ_%2UnQM>LGKOUv9TYQ zz$0^4xr9TjHuEN{%e%1i0KZuiihYfD>N@mneYHfH<_~`aCjno@GtT4*KWH6c;1TFj zAV{c?kBjx*nBiGW)2gXc237DMVNw>ip~p1gq>Lfk_lCbRS>$?ez!Bx;S0Hoj}@`ek3~JwD(3?vEoYdZuVDn=3I%BI{ufs z+`jk5jG7LBNZqs^7fy|0ei`lC6PGE(^o{fyOhU`MjlQ7!oQd2l2kCxT?6QzIbt3n4 z?*!KBW0qQlaEit~38|c9mhwXG(f8eFNtn9)zOXelD&-`_^XMJJNb^OKIg<^nH$pm? zWYrPUQ6ae_q&}`PLb~085lTWT`*4c1*|VJNz3QOq;+alZYu{0jxXbMSk}*H3znZn= zbmYwkA@aoV*v-7oU)Vf6lmRYPaSU1=MV`n1Due2NihE~HpEtY;-&RHZk^Mp7 zY{OIQ$lU>WB`(_Oy-5+RDla=L;>y?9chM(VxhgN$tL>Y7Pi64h#SW8%FURyLb3DqX zGy5yDZ{BcPPzx%7vOFb}wG2uMRyhSViA(-yiBP6$3?QfF$j@y%JE@BPerbv7+j>@% z|JCOEDDi)p{NHFbJ8Aj9*6!@&|7|={{!dE{>40P9iGqEKLWbORC3sufmxGC@6 zvdYYZ8RxDz^!1(xPrJrTNUVA zcSu{UrwUi&tEPEFBFQmk^Hbt8^hsEC!^l6OA4J?wP5+d+O5@*G#J?fLI;;v+3VQzb zC+s0QrwmQ?cjV7{C2QYRG3$$Wb6qH*)Ii@g)rHUy{}TEsP=!;4zI^E=Udpon0l!6r znK~7KxVB+!Y9oj}P*&Hu>69WI;GqPda|o!Jmls#M%H}65SPKbZiYfx$AAnagLB6=d z_okOKyJvX~fB909!Syl7;^uitUZWzoDi5^ySgurrc*FmE67!c;ON9X9h(yR0HKSle$4r6}u=D&RZuXnoX{lC_(*LM5=HlAnP|1}FO-u+dY5Wa0xz~K=4 zha#_B1ymgI5A_fV0QN`N$85e_Sg^N~ynWpqcjRut@@smx)ICvq<#u*F02~;=A@(rC zI!qb5Zk*2K>iqWZ0do%jp00+D`x9&SU1k8tV<|{(PP(h>O+# zl&Y=j2u0iI`UQ?XybWyx=<}j-GTU|mUXu|aW!dw&Vdk^ZKo?pQEbZ%QhJ_U^2Wwjj zYaqzEb$>rJ8i?f@8 zuXN^!uls5BJ_oPdRLQotSO&{HBr}DoR^yf~zaAc)MR?3QkH!RmpDu3Be?7UpG=r#L z++BaTeS7`k>g;at;qBG=?LZlK(ooap3NyEC$eJZov&AMEK>&XiTZ{MvR&zOTCfhsz zaX+O?Rr+Sa5~B(Fx|?@IRBJxk<2b=${t%YWT=Gb{h?^uMh< z&nW*X?paIzQ+58}@}G5b^xSgXCimaWKAHnkGljm-XJH|eQB6Sp*uT0v`EdKQ*lAzK zLe5_jGT~F(+6TFt>gpma4rVQHk=T(dUF!YXZYNi~%{21{KxxR1U#$ee+Rh6b)l&20 z8%;sbVqZciyuK;ZTsWgy{Mt6LF+b94RS_WbViXOSCTmIn3sNUlKk%J1(| zd3&L_-FpMdjMD(&(P$ zeTB~gWBf~#@SA=X&VO^gWyx5H~+WsnE8L3zDjfh8ld5ywRFI; zsiyqxzCS%M>GT-U@K9XKB-|ejsfL8GJdJSy8DfH)D{vLEv6fk{)zXTl{c7d22NkW5 zB;Q(okP5=G!;J*hAFU6U1g8%W1HXKDdww@KKfO7>73q#e_BSe$g{j+n9AsVctg}&w zi`F!D@?sh$e5OL^++%-SE&a;nH|v(k=nA*1630Pb?5Qu*Re8*WAS`^dJOt%k6VQu7q$a95uelxESv^*{ycSEuJv++N78=5FSs z9DX~v`!G1a8T3z9f)X=*8p_G(>3RS5?(Ax?3Nq$O=&V*yD5J;Ki?4Gw=$I3gpKovb zcm12|zyIUz@?vm%ekB8MvNnj7TbK7%o0f#$Hh3~rb@{acdv-p!y}Rf?8LoYWwgJvL za?rlhXNpg3BEE9lG;sd++nbZSlbd&%Fu98BdIU<}?`;~pJ-N6XoSs~spFKyr>gx2E z(fOqN<@_IcWZS9StE=4F5jn`bo%cf*_}02xAvUDT#SiWAiUlW>8JE7u}#C)pFDDp*=-8H*T{ z>pp^0bOTmIxOr8~cG-sQxswg9&9755v23L=H76x4a%vhfCU{E$Ne#vu>wHk`Wum*~ zc!c(2QcegJl}h@LqV7q|xQ3bt8lDBdh#S_`fZUank%5hHyRPO->zn@r29)L&;p z9(?ml-j*qS_{OnA--}G^n4TM%*I-0E7loUj-V*K>Hj;H&Mc`#ig_~lBuWo6Nc|e*| zjDn&Decd57_4Dk7axg?gXE@wAF-+SzB*|JlmT4HP^*81|%e~WPW3|pyzI>6vYj3$m zBtCK-=$g;6WCk(xTW;s)0RrU*9HMaqL${nffHn>C_7HOplLhly{#BQ-n-{C{5*(Dj z(IO1&B6)4UQ!Yz(%L)BC2KRjhZEWyatpD-RdZO~TT>tBK8|}3I*XTBO`rkI5qWE9F zpu9-juU_V~Y|4x2t7OWB%ZZf+G+&-oB1pX0Bm;nFfuBA3jxQ~x>2!s%%#z4o`yf0g z;@8R;D!~<{3XGFaiehCWC6_Z*vuj}NakWqdv9#7@O6VdQM!}&dV}%dKmw!%SkS3)0 zunH}$n8JnRjDaqrXk4-!n*+*u5FSlfOKW(F=C=alDq35TbS|-jZ^b2goYKU8dJ8qMelbmy=GG zTaR*D-CIbw81TAu)8KPJETP)rkKo*=QE2ks8YRQNW_Aj(4+7%Kt19tGWjwWWOJoyW z2;WyL+eM)lz_M)T`7NxQ?>xWr*<~r2NW;oBVf9v>tt?LYjDE8;hTIb|Ed^LZy>g0< zf@sxOc?`BFQ^y+FI;z=9E9U4B0#a_{pYu|N$EsM_QmR)X;o*vPWb=6}bCQLgM;`hio?#D-(K%m5)OBt8Txqf6?8%3-i`%uN8>w&UA zVryg_0pOR5%ge#97q_QB_duBwt6UiG*Gi`&`O9X~k$`829c--@JJ>3U9gN9xcmDU& z%MWMgXIJO9zh2+`GPt|we{AI^0hzVZX+YMBwX}|IzPVt_B?RjfIv(efVo6%rUHs(N z5kL8@KNBL6kIjavHruhrh2|83qUMqL;c62eZ|C$8m|rMK4^WUvfg#Xp40O-U8(0WOg8A3_R6pTy;@!h$Gn z`YOfs_-vNo#P0By^`JNWysp_@j`r?$Pxjr*C&o7{rUF?wrJBdMTm1;22uJtQLKYKY?g@|9i znCNz)bOs)Htwao)a;{kKto|mX4`uhdG7k{jf zQn>$z#Q!%LZo>U%Y5Yg0liC04?cM#)TY2Oz9}@q6k>N&mf5|sn+51IN`CIP4(o&_b zn^&GpysqkCb;W&E_hBQus-xtNS($kkeaxnhpZwJc8djy2&k{Kk*W)kLv9C8b2$}34NZIKQ|H(i=Pe5 zpbfSZ5O+&0QFR=ln_D)-xAOp%K{+69S--lHS1em2LMJ2?ulMujN^*d=w$|v!UUO_j z>}gYPfE-lqV_^IJstb~4)CCLEiX*%F_^z^uZM;$RiJ{Pk-i6OlID!u96E}gyqZX3q z!#7Bww`ir0pBGy5^^;lqZM;@vX6v=y7VIJ`Y!6}`c+_a}9@$9No;zhgk^U$1SM<#S zMP-Xl>atlqc3V2^cJ$Zn=&oP2-nw<2HLb6vC-o6XVV71@UrI&Yx_bI8six1PmcF1$ znyZek#H;F+t$}V^`|Ny$`RaDhW}ia+-)M19HvlZv|2wU;{@>~D?tj|KBlUkX*x$DS zAm-^6EdW+eUcdxkTHmYE zc4h#uGXw0N=X#3tf8@IX!JE+jSBU>=W$yoLHh22}RvwkLN)GlWw13Sw+tdB2Oc^AU z{{wl6l1NyYZv;>YhLpu%MMFT`DNDI}mN+Xt6!cqA&NZ?-)qJO#Z&x*sh7>V%%K>!V z5K)R&)QZi{X6kKFOybQ4BxLL2BI>+^xVCKnA9&b#>J30k^Zzs&sr|p(taW$$|2Ce) z{x1f5lR|(1_+3f@s%INJ6)@X^T$FC-fxM;N-U_Tw)&(RN{aGuW6ttjLA_0p1;f)AZ zO}u)Q?SjsDoEBbOOdT>q;kY3qO-P7;Cq9E-pSULxBO)*5^W6X5s%7&(c6RqaZsk$=A1&cdNKuFaNC5;xFG3r<8H!4o3x)_dA%YCKrHG1awMC*E&S}8I!w`n^Woaa(v^5D}!sH^8 zgkSM(tT2%)UooV7C}e`_DDphH6;^Ff{PjivO#-Ol#6Yd@^70cQ^Qp{alK`et<4z#` z1dO3PbF25lcg{UnfOXP2x9JdcKNC&!@jEfMIQlX~DHvi?Nbr zaw=EjT3mbi@0 z@K2RlpHEoYzHFJ|^Nq-q&q<%>k|HaX4~*dJTe14yppnWSo8w}}-^-~XZp4;sD_8Ab zu#7p` zlwT=+Z&hllN{EHnvFOXS@dTcy{SO})_VDjwB>E_Hkk8;4>F!m4yx#BzQ4)m?Qj2@2 ze#Xbgk`7J~nK!b5lNk!(7+HYqx4;#1c(wU=+ zEZFqT+)G@E^i=Pwlw|G`7E9)~Efo6?Z~B*z{OfLr6)5y2hf0Z8>J8b`ye6 zL9nP)AyX8<@nh`fxxof1Q9Aa= znbQC@3%`YP0EOyTc>u68+kd}i`$Wt^@*q!5Ua?2Vs!jT>m?z>eZ&6j#mvs98gpr3V zbk+3&lk{QagiuCfDWCt0o1TczsaE(iVJwJc{s6KGO{Z5<4T=k4Urnl_OmUK_S3#91 zbB{jGO_xn=y>IluDpQ_VYsvu$Ss92Uj{KBXsl-sc&w;)qU-UT;sOI!J?yEVB5t)Hi zjr4JDKSU$^sk~nZX$YNr!5 zqrEh6IdcRc;F~KRVFxmFL1~0SfT@zkT!7`Z(GL^iAVFj;{J*Ro5ym9 zy@#(-fNrOlCU}neI&^u)=&OAM0uC`+vsz!OX$VY^kN=O8?9rSCGL0u z_AP5wt57C@!}_LN84~4Fz6>CB>mM)dKo6awkS&324X3EG;-D6`o1F}mFJDv!@awbd z9{6x;-=w(&rKcj}MUT%AdFjs74|Ot{#yLHt{l>nM!usMYANc zWwGS^OwFX+MRwUj_FY+#itIm|%KiSs3i;n#-E{uHc4L?SZ#$1zYBrSn{p-v7zIx90 z7s~g(@m%lUNS^myj`y8z{gub_Z!*98E)aef2)_%2e+og9 znEdgtXgDF{{?s-Qt*aO=i~njiQ}=&08m-#y{C_Kt(DmLg80<|bhKrc#Wp4>x)bqs` zhc2tR%3Y$%VB}vfx~$f+8%Gz`U;7f$#bf(i_mV<)iYfmyL}N^uLOy-qyr`$&f|jiC z-f7A^O?j)D@`L0%b62{usH@lM107vD=`30-mno*!T{FK8{A_P?gt45V|IS3Stvp5Y zpK{|lVGKHxDe~DF-vaPs#J{Eae>&ZC{8yvV+};1Wl}CtlS8}jHJlY^0?o9}Q3%KcJ z<-dhJUn~GFt-6W?xD<#ynV0qD-?}Q+wu#l`w1q?PTw)p*$Q&P69p4!xB(tkxY`z7- zY~ipKiEB@nzfvN~w=0cpNV3`rJ+^Qnp(lBY&((bY51_wAgrR4#J}ue*`^3Y}{8{t= z)SI1lI{#m{+1cg)*~%m0zuzXJysdpn4!=5UUnyc+@l7BqmY*fyI>DN2hF&M?ZYBsj z3o^D&KPntMLBdr6vlA6wC`3CuDA{1`Y?;-=wi9B5gz$(^?gXW>LEZV1M;7fI+2dsb zxbs+L7s_2gpIuOQQtAkZJFqSoNQL-XUtF{sg+#GhXzt z+|eP0t>w#dlp4>iW1B*?TrNOPrK!tdX}%2T3|Qtf`Yo?S*+hYgvhf$%1OH>+a4g#n$l9CgsSfxjh z_cHMX2gB?agIE;@Z$0AN7k{Zb*bUS27YF(VurRVR5~%XA{{gQkHt{5=!iLZ%2L*}f z7x^a74Shi+;fG#b?3c6dnL1Dv}uvS()ze6 zsy4hw;QI*vu|sr@n$Et|iWB}!I=$e7vAL}=V@ zL)&d=yA5r(p?w`2+HODlj`y>TpZBDnqVt~sg%neUeD;xe(ez1IKrD;@?AFu%zqNX8 z=l`*lM|gDfQ-i$;myclfvYs9NkBi+m8kSYbS;PC5&$7$5c@sw>jbfhEF@nkTmT#~6ap7{NIC4DNlSK5N}Bs604V-l zQH1|x`jN)Us#<@CSM>Mg{I}unh6@!^m zwW>VLvo2nDfb3m4*Y`Wgsa7whB=VUIVNr6q{U(#6hyWJbkQA;XS(W*>!kDNKm%g+qd8(6_tdhXwtu>8V4&WH+jEO z6sDZLousqBIISwv>9Cwrv^phj#sF5xO^Q#ebUHj8Tx{x&mqcIV1Gch1qMJk6AJOMR z`Pr1iLj8}pXPAbOmh^uKm}m;Yxgk5KOd;<{$Ahhnfdq5@`l z=w)@nJf>c#Bo>A3;|q*NHk0razte+&Nqed2-` zZ=k5Q3)B2w)SqudanO^5CQb%2hW#8F&WR`^(@Wcv7(8Rvnu3;d@`Gf%-B}{IW)D~M zeEo%ncl6yT>1K1?H#c)1LXMB(L#WGr!!KS9uAlX;)G=QAwQ?b zqIlHBU7LvCiBVf6cqcCXLXkVEA;^a9qzXLeRf};`MK>eC#0~=Q4?M!R42m~ ze~37p)g=A=Ik1b-0pQ z%}Vo6iPXu+@ABM;xbNjIcOKuozKAKzP3t*a@$8OCyJss;q5L0W5@I$NX5eRy|F1Qh z^=>x)f9L9zHL(ClkjXXS%a@Xis1srV zIn${1&2I0C0Q<`r&yZij_SK{l(cny`MlR?W1W=KV3LrYx0Y26l` zSWxYzs-jRL#8a9arL}R@n_r6IL)XR9CwgSHt z-trBQ=6)H4Tm`RBh7|d1LnAk^kH6X8QhzcB`?A|J=$WB>S7UC#Rbb_c_zNth_JScA>zpOROUC>#~j)QHH`_ zv5PEWTonMA>H^>ay9kgF_(a5SN?VNVm#~AR;L=ERNsHy`SF+Sf(zqo2a|LY*L}0`w zB*eex-?aJpbDRU`R1)Kcc&H4@@}EQqSWHb&c?uVDQ2`NyFt-$bIZnC?7P?>tJTB&ddWq^DEJGG^mfyIH{G{9-HC^8 z(1;g@0e%;fC|EG>N&q~0w_Y;6j6}2A5=2or!wx!e91{6?$w3~w7OmF0LiUfWJ{RhL zBw|l=`!dfG{jXbVcGCJ^r`_1;f7^J({eQQ%mIwHxL=->@AQ&cY2ILyy4QC8>BOnEA z0vUiI0#1k^LvD$$o9cW*vKH|0FofZ}y3+N5g6+yC+C9hNOO!ALmO6PAxOl}-iru?D z7lhu&Dptf+a_JHUSM}uDkZ;{)+`*E_WL?0_r$QKMB1&TXf_>Mf0^gQwU*Df^Z~Hef zD@cRHJH!NErJ_5gd>d06$${+i92j1ErAiEB0Zr5eJA1^ir#Ggms-3e#C~3i9rfL91 zxZGKqFbtuNe{|gjz~40;f&<>LJrAkKg%mQg_gq4a8D9QpM=a% zECowuW?y-ndFjk()0v}JlMJa6oWSXuR)5Bjp$9nEcTOe(T%Z?BU?VXkKC7Js@N6n*+|W@^R5I)c~(uk|oq5e6U-aY8_@o?_Cz{uA9VTd?*M z<7V74r3R(jD^%DF$9^^LnD!$7hw#E&Q8ml#Y0uz&nWq(P+ZS`4L%RTm$Y(cbRB*vi z{5^IN97~<;^XGW;D_l6r%40KjlrxjdRDLHbmx0_1I)$h zIc|rU9|cSGf+g2lS2Yt%2xX!Z60Z4~VD5s#g}#$Tp48??!Y-KPO3OpD0*27JN4~3h z*e+kSzAfZm!={S73%FJ7rp4T9*6tkXVIl7=TJ-anhzkIVTI8aJkP_sbFLA{OgvXO) z)jFukw+kGK@d&&|zZGul367Ndi^w$*bAtMr^z_YPjhy^>d06Fm*nTS}jNS8ur^x<8 zkrO^4<#Xa$=KtGlW%9rA&pZ3i79OF$4#Z$@!UI6E&CB`#DArx*1rV26#Sb7Z&E|n> zk^hzbo}b=1{=O`uvnsiE5@${KO{bEOaK+8jy*HqI9l+lrR8GYl@_o!Y3lNkkJ1As$ zgdNCGGT_pN`397eIjxwNu-w^qVP{&vQ#eNb$nyqP=T~aQCC)tx9paDh_}`THc}-^8 zD~4WBbQSkpiF!%06<2aC!0R1rzLd{{BL2=TcX#r+wUf`JyFaJf&yZ%P;cE|5mRgB2 ztA?~Q=t;K5nkH~y9<4e`b4cW{5J#tR@%XrK*l8i(iEH1ZY}yT1=H9?F$k08S=U0Br z3Mnd9)5~9O`wJUQhP>;fruhk#?0}JN&wM4l~7jnt~Gtyc)S~(Ia;>P ztlrka#j@Zsh2X80Jxgl&yznstGZsi@tUKclaaF?}0G49>%{f`oJZK3LnZ4d2>K~ zajG24-Fxo%fweovPvWTTHTxrhZOlziNmx3Lc2h01M}FR5TxM&V6z%P=I(7>29m5 z`o;811pr$Z?WcYv%S#D1T|?OE?Ov7nye#kUXQ!{`>^H`*@}gf}aR!&NWE9H)rfP4> z5)VN7fIKhB@SL0MWh9lwYB7q%OG+j((`Iodl2jYmx&9EA%|nd#w_)5+GxjU7Zdh4V zvd=2;A9;z8k${pJ$nD^D`yQd4HD;4R(z&YrC4uf+=t18>VRHH|2pd*99Y@Bye4D`I z5wm20b*E_g&})+stky%Eg%FMK{fdY`0>5v-_LUA2FW`@YwS75_IdJXt&uee;GTWsF ztEX_aK-^0J*edQ<#1&owkHXtGmA8s>QW1Cr-Y5a!MR0#4izBQ0#_?WjQAzlqJ^>lE zpa?MQo6(ahTAJD^RZUdPzj(%$2@=9a(hsG`Fr2KDYa%YZm1f!aKf_guMi)v7Kn3^J z7x>&P-|dTd{Z&NKz*BzX32T9ZR-6jS)J*9I=KY(+#dA~_$p8g_7a0xpMKhw_W~O5; z!zAmY^BkBw+ePk=e3sb%Rb<|?=KpSV>*@R--Bzcwv;S}7N!b6@Xm9Wwpg6K~s}4a4 zUS8rDlrFoPgHWbc#K?R8q2U}EGlf#RGzkNLULHL|8L|D=w<%Djanmf z|3|&G+yA%mthT>A>mAU^HrBlVBUw4+nELYfeKB2QP7H;U)S?*5NI)P2!b#)QY-8LdEU?B3{f z0*2K4m%Kl^-~=}Z^QHGlquuS%-_KJh|1-$YDDvnAf&iDu|D9$xWB;plcKM&S@<{ui z8tlPlf&g6EZo!QA_KNGI=EDW+XqJ%z|uwEY)E1@Z^DnI16KEFQ}+|i;w#5)wSxI{ z2e&+^tM2AI!$ayR*8k&M1D|RDSfc+oJB@Vy=We~VyZ>`5kJRx+JlPZm8}a;+oFjg` zu-}h`$r7)hRLPZmeiC(7v?kc3*?2TD^gQzLk$C5y0x0t`YhZ$wjPwm518W^x_m+>HePCxFcy{|h5Rw_@JdDB&J6hkg z@R7OoHGm@QRQ?p2{VYrRI4rfB8}h`Pzo3eQ_ygh8&5nc0|6s0#u}@ z$y+@npwyyML{H&8C9|gqirT+Z2~bJEBn3s6D&krcPB;EOO}X6eN=a1RPxPL+*##+6 z!tVCPbc$T8lL@_yXj&xy&6K&>AODJm6GHA!?U?iRB*JC#U$dR^|7tY4wcYv8Rvxj) zd`u5^GQq$Ggu)CvC0ck{F>x_&iv`E!bypE3mqW?VE4jShvV4+ zW4uc4x?&xU-Ng$&%4>}lWRysFZ;&X|Q7H27UNRCYTeuqV#eg#8vybt~tL?>JSinXt z>vyrJ%~W6c+V3Yk=L-ugYI7$VW}emLzo#7oFSY-r&wm@Wc4H_1ZRN?4{{#nYUI_dO z4uo?MT1OmQ>v%Y~>LX;k=Q=FLRHcv3%ifGfnIx*#8f~hkj)h~8Z}Q8770!Xz6F7J0 z!haMwFJIouvP&Z55z~sory}N&WQ>>}GiRDF;uyGGXmmq7Q|HU_gfgbS{FFGabdiU6 zO9jWU$qi1;41Q6s>(8hpItm-?OP%cX0FnE4ojas;}Zgx#T?&)d5@zD-phX2xbF;o-?#wy zts45|jgD7~XN&6#TVDEnb&@_=oe;{b+qbp&^lDNhF(m>>)Rl6-pt^u{E_Y%=YE z^V74zi4>{v@2CeF?T+{rs%~pp^2B?9b6NrbQyQW028|>rvl^u3Q)}_M5LHsHb^2Ox zov>V#5%1O2;;Drx->zx3BJaA>ks&&Q(ta0@;0g;tA>=JA5nGR>^D<$jxmStjS#noh zEQ;y5&1K{TwY{7muoVgY9NJEi{Oe%mv? z>oeO-~D&+Bwl>zVI`dr&*_du0);{WC{z^+ zRr~`FJZJBq`U?#}n@Agac*2PrVS`62)UgUum<`A<0J{f!omNdKCgOqLLY%$4eg%H! z1JE(3_eQ`q=!fqAp#>Ril4tcH<8kbGOMVcX3b+~6eIpQWSi4FPC!pL*%r9DheI3ws zC3OD}JD6fC5w?m(HNYgH+5x?92d+BOT|F=l@$}C&T`K$NQ5kcD$)JGvW6Jr2t~GK1 z6$+!ap1!TFXe=&AQIee!*>D{3UA(_+akyYk+dr!oxg6cmGYi*RqMT!NU)8*TDGKA)$$b%4VelBHx0KRU921kRG6VM{BCM<)$a{ghd6A65 zV){0ZLjrF}5fV6FCLRo*}{L@^)E$Am;fG_lriiUzOY1hUJ*L6Y@R zU@8~k0|a(5~3Yi^__ZMzn=^7A(;lz?_E%EI$DC;1g!z041yO|x#L#ha&VW*!W*dR0g~ zk=`p%@Yj|C(2P(Foy+{BVY+PXR5VlrM|Nj!c)pI+X_HzP9aj>GOt~eQ&SdKKiIFbC zo({JJ<>0hTg8f~Y!T8pQ&#nF!w}ESXGSpvHLErAW4p{KYT;5j zW=uspbLG}Jp32#v$%YibDU(F3b!y9xeop9xRD<*-U7BygBqK1R+zI@VWHEa5Fds|m z6KO({PiIsWITJ1|K9q2h4N`dNa0N};_2l|2rCmqZZOc0{6hp0RqGt`Wvc$@qiWa_F zxmoAE?3fK->#!;_!}Po68UQF&fQo5|c~Vk8|1-6Sj?MinCBr`lonkctm^V8tNk$My zVG85>pb-PQfuH6%h3tOzfvVVasjODZPSt!Cp1HWxadZu7zJ0Eg7d>#L;^u;$(TFXS z@MgCs#}fQaE!w5+pwgtx2mYAJFZG6NQ+)klE!TegZGqBM40jP`@oAb5!^`mq9N2Ej zlCGL`$R~*|E;^1mbw+ZJbp3-^$!9T(d-rEfS$l(LAiTmYFYlLo-CA5s_0$paD_>JW z^5n&o9Ll~a%|+ZcP>M{AexmjQ#f?1Nnd7QT)ZELg@%ck4zkAS4lY6#m=v1OB=WUjJ)S@kS`Pd})v!ZG61g})Y zktt=GV_V`8aHU*wY)UMxS6_rO5+)fedIjV+W9NyVET@CD4i(7u+1bQi&MV}T$n>ad zVd;_500`)|9S9k~)GC_eO6QZPhv&<#U?Wl;=(-d!7U*sXMD_A?!Ed;9?|Pfn0xreM`jQ6!ce0rkE1p| za^Iq^T>!H1lhQ+}$(mG_7Qy4Bm%`Gbx+gVLre zS4A{p1XSw`40`D#Jpr4_n+tcTxYT`)yU(elpiTk3X(nX1+#vp1TztyxOTj$T;sns= z0SXb|WA6bP7v6YByB|eQ=h`6d5h9ore8y?CVOBiPX zNHH|=EntKuu$V50Z3(6+SCxy{f=#OQ6>{P)My}mDb=>Fm#d%*0=ID#?vs^m9pR0XE zYW+WQgwn;`Kbr6V9c?@QzxxMk|BqEXpIi8U@M*9T|6kseimD@l%3|w zbO6@S`X=5W*L(z?)B%|H(O+3mbv78rVWIKm2@gSeJ2hZLSLTK0=~Sx&(2A2v(;>%$ zXZgLv((v19@c8+rN1-#CTlp-nu(oPT@Y`Eh)p}flfz?++{ zn7}TdH!+IFBbafDZSC}S4z?ncWiX<@nVg$sgRTEhA=WkGmUofJCm}d@h1FG}Ys5$a zjYd~EeIb&j`%JHJY8qczx%mvRJ~g0L{>RY}#^V&mKQD9Dxhhl_v=nSbr;fVXly))xcU7X!cf#Xx=Py|kwt9%JTeQW0a&<4VldH=p&Q zvh7JMVV?Nw_2l;&yWNwiL?vz&PFPaylc}HPql~I<)24)5MV+$5Lb}?mDH{A4E_!;{ zW~KVJzVf-g^7-U}fy8`tCYi>{L=kb)#E5wHn6bD!uz*=qSJ_uwSD`X?mc-BXIosmE zBoE{2o@5t7-Ba9yef?IqR@cw6o(lbM0#jHZ839K447^6s9NGVx&wuvzj_mw@yGQ$L z{cjZy6WfGb%11dBqr8*|;A|T8yzswmXh<(g^+6<F#FhSy{O$aHPND>g zK_x}2ZeS3Lqx=~HOZrK-jw-p1D)}vhN0wSTuF5$bOMhs;cW?nI^duBs!R2pDkn8E5 zRMLy8$4$~L@9!})x@d;|-54p{<8r(y1A~K&NvG2I?f22DK~4xa(=57%MIv3h?YH&$ zb=(v_%B=TG0Y8pm771#3KKMZMiNXBby=NljCo^(;82?cuL<;o0g5ke}ucFF}4=DPK+BTESi~)kc=r%QuPds_eWHdr8O@3hB~R z`e%^KC9Z2xd@YK9hjv`bRvpKr`Y;D$3{9&ozR0-RERd}(;NVbQw6#P_j8N*t38GFA z9l)j;x0cGj%cnv9Gt)rMX#j4L|MrgT{6D*E|DP2-p8StbU;y?v@I57iY-a+lt}}Z| z$XSfQ6*cFTDXWHKg%alPUdHlgkT*HzK%x#_uT8;g`EzXw{*#!3*J7yoIP%{Rra3I| z)(4nPUXF8kHiXf`Vpl*Lx4*N!mj71qaKVm_F*wgAppOdha-63uKhxZ@ zAD=^7^b&n8%_8-IfQKjvzy|+A1S{BhfK$de=MV^4QT`h+H)(>vJ)}ByO#kF8o!3?P zH>7E7=Cn^tcVLAv5&aPK)@mjF zvZ8*F(+`uhjP!6O2?Dxwb|nSMMszRxUBoU2@1EoLAj$Z@q)7M>pb0FBB!+Ady!FU1 zBp|^cObZysQ!y&B1jQ$aB9z2bP^(iNZ_XdgMW=$CywF4g>h0Le8f$PL|^ zpOpXa9qu{jKl=yk^PiPGjJe-HGA=R`b&~)axrEI4 zIw#sN84Lrk4T2Os24I_;R15)}3i&U<28P8XiM-hh zB4SkB>-Eg*lyplG#Z(LxE$)znM24_na6-VFMMVk6g+#()0LiT^X$3Oc`U#w7F`Kyw z2C5qxJOvSctOV+hTjYs^q#CdS_}VIqewS0HrcQ?pmHkh!+5zv!M0Q66FZA}tR1EXNj}oY|rz?neP)d zODw(sg8mOi*|#uI)XIOiVwuv7ZUG6f`TWO`|Bm(#*Ye*g9v+!SZtCC_BtVWjm2Z|I z(3um7^U=A2oY5swC#Xr68{V7NvR}i=Npn}0CAx`1{G@>u5PzC%BQ7^Z>z1#3bni+( z+U6qx@teReA=xaP3k^sY=UK&`(p0DEtg^4J~5ZcpnvDG)_s9r?PSaF`(MR3y@IyE8`K$ zAV6G)Rnxrm);38YMARIysHaRyjeUBO0@QU>lN`mKX=;A2k;yC9Eknhwz_>fHCM7oK z7#(>wyHMuUsaj71NtQ}IVLo9=St!7Sx0z&s%1dk!ifCvcF^72QLuM@^)`^Jbuzw>l5$n9`Nkm22LW86zie1iZS+BQ> z+d`wVj@B7-YZmy1+x(LXkkyk!r`Y!)NSe6*Si)qr{5J|8;6+BRic5s%4*kfUCjXz^ zokQFHcW|`!|5?e?|kOsvcI;H*z$VL6A0!zG z*#8gr0}u!z2Az(qE>m@1^NZQRb^tcTm{AVKohUnHdC?8b`rwuXUqFf;VZkaGa-%F+ z9#A>wmRh;BN9OnSIQ&0N?zcXW=tC6d;eC=OB!PIr3?NPX|8V!n=Kt&XPb+$Kp@@0* z0ie0*6UFn*nE` zozH={5c<9$?$-qxK{AA6d^1krOf*+Di*X9S1@4!SJfh;^8l_1zodNTV*UMSGdc;Lh ziul7{F~3~27}CF@BKarX2GeU4pN(d#!G0ekyk{xY7@fMC2Q6?Cmm;jo;`7Jj-KIV2=M-r5Ry%CcK_KzAGY60%6D6m;syAxDRy|s1b zU+3}5|5S|H`oQzxESmkbMf|^Q+x~yJx4!?inum+`a);@UvxtXTp!)CtX0QlJk_~vU z4Im|E?aCOjqN<$HsncMqurn?3v`U)v)MHS3>;zEQomsSmaTbBYJrOwJcHC!sdN+`Y zzF+I-II1M$3*aeXn1NDc#`tzwr84axyp(s<7SEyeZXn%f6 zfZ#(gPoISz4Y9s%n#85w)yCCdPQp&r3>Hek1t^(5D zF?EoD5!H^KPs&=jC;Fk#_L0n;3TFkRq8J-r&MYau6JdD_F~3`SKP^odJeCw=_SA7K$FMOeMT2bG1n(pDVNI2F1OA5t_ha3V7^^S-YgSTfpdd%~P+j zA2=|-*1&2Swza)^^-m4|kMGY^G*EtYFsCxm!2b_-cWwWVo$Z~q{dXl#Gyjk8wJ5PH ziWQv+Gi(KNrDyqoUu2_ywD+Kh@2^Ab+&T_PcpqZO-Km2NVVus;?B6j?M<|9T zae^s-UJ@EPD##FF66lxPWV7!6BWn3-R2Ke6d>?6r>Ca=Ux0U3rMZe>Y?9G+uj-wsS z3ZWDhbjF4R-dtI`n1G^BkhW6oVMNAZ3N|VDj=assA_G!& zg9q=;r?%uSuEhKXr(!!2B&h71UdU!V)uCg#+Qf+}_bD}FTGV0uhz~*!6C+^0zk=W- zq6+)fT&Z03qMm%wT-B)7t_olLq6+&ia$6CPB|&5xU?er7D4d{fTeOJ^A<7ug}Cq7J{`)dN*nxzG`RM(pA{^lybAbCMv0(|g2gC#t>q75%_eB8geZ80)k2)3BqOX+ zm$BeuAdp?NleSOI`j%7WGgvIZ0GiH!cMhHV zpWC}@|DTmSEz}1w{(L?xF~psDRgQzV&HSR#-YCq*VagL1<2FafyrPIG#eeAMz%A;k z6pNy^NZ8oAzL{}Q0MRoU8aJmJ%y*)C?N!=#ffMT+b&m8C7A>Q)~ zu0DUEH6t>fy7ga-!t9C-*)2f@-1-pyb6m`!2{x?%y`!T&+yCQmf4%-!^0fB<>pAn` zj46gaHYt`K__#8SWi0E(c3Mnz#jo{cyz)Zdh6hh>H<$J;{g_)GYRUx5^lwInt~^pz zxcGB}vF@234$_?U_U1KhE-)w>Lrjv4ao_8ZU-L2xJUFjJ$}&d2K>$h=4|_r5w%stlVY z1Qp=`o<i7{6hEtiJ70de`*duFjhQAQnM*J4>{x87rt z#psa*S=)M!x0vg$Z_2sj=%df(CV!jLhRbAm!B)_*ZVYY(PN*Ese*gC7H8EW-+$v}#v)5U>ASX*{e|B|wd46_xadr9O_U`85 z@)bK4)@joc(CyvT&FQQ252t5mS8p%xN-)2{>5L$LJO7We`fZ5s&;!h7gmHU%`{C~D zxARL^`khJs8z3}DXBPmQ{rckUl*u<|H|Hg_QQK?%imh$`YuE+y!TDS zExh*>;+9Lys$n$2#jt$ zp-77NETJ-tB8c&CaC#B9l`+rG&Tnr&{C55yA1+=#1ArGhm2hT*a(jMubAHE6U~3um zX`X8NPwe|!AA|$I)A|4H9UVIUe|ziu|0{WBk^l64cyU>e!=ns=XZ++0!Lt?f&zwIL zkWlu7GM-tcvW``bS9T;=&W#?!^jPc@5gO$M#5h6OF&O+a$;Eq^Ma48H?DgsS?e4)L z`ygGD=co$6KhQm{#GiiDcFSF$-OdtnXO*j@`YuOe>nHFFB+(G4FHCyY?#3#)ny2}7 zftIc6yN{H!)gCsV0>MOv68_Boh9HRfE7psE?#h7@8#`KTv;DOLkn^ z?3aB0v$MBr=YQYbS>OL!%_HJ7i||o0H^2+PG7H4uaR@UoLNUv-tfEY{h)ZiMe1r&_ zLA_GrYr9Lx8pleOv_wcvGj{_h=+UKEi!yA4!+7NfUJN~EuyD$hcUUzw+o$@DAQ_^# zR9(gHBlkO90QObad?USjab1)A+Xqbft7sUbaS_2|k@tvkUOC`roIX_=m$#)nA;lfv zl6AetN&Vre&?AZLll;m*aH{Z){w@);>47ic;}{X88n`&FojMnN+VOv4Yyjt<2rRNN z6|<*tKWOCtcKpZPgT2G``Tt5DlmGV%Gy>2ZUc9nhp=Y(M?-EN&voIAdH!&{6D<79!vAkcn8jg=vKd{# z8uh9?Vw$13@`T(O}xTVt@S4e@-zeSPY!m zn@a|;_%MJdLNP2{5`X>rjL)?1%X(r=dvO?PtOV5wH=n4vfM6D(SVa9`rgrvASPv>@ zTNBI_(HVP&QkG(qRWn{K1v;DHI&2;xX%WbeVR{P(Bbbrf!11?ux>o{wZwiVdxeJubQqj?IWYAvXH%V_>CyXu!?^u_%_6YEcXM zf8hWC_45DD?(Tto|6}`TXKnvk$5@larztZCignER5=lDH%fYZQ&Q@zAAInvb#%3LOvw8*F` zvheAY5!pmK-mZ?unEV=IZ@v%{;%o$XCxFPD_%aRlbL?it{|8Dk5WE0^)1n8fCD3n} z+`}RZ39O(=wd}5H&PWVZPm&`96gUhshZwZ+tA0hROXz%(QJp)2cBty44^jd)^>$TJ z@C76p>42TtdadfqUJqCp<^qsmn1OA*>oN0!t7&@)Js+Xi9&tY3-k=!j3r06e1O;Sb zhiN!$yONk;TWh4nv=L@sgOC)=JPS#*X=AhmS~6RzkCu1S+@NI{l|Rt5FhiMaPfjN4 zYVFKPP6}ooa*8%>jFv!7u`#-&sI>^CXf&Mzd!239tz$Q8Y}>Yz#%XNZw%x{!*{HE? z+qP|U1#9g*@A2*baO1k>IL|R}@f3~lR^4__>mA>;dJ9A(!9qrAN3|A*NXFi1z(kR5 zMjokY`{DRz&!r@;Pth?8tqEu4AG91&$bS4yWh8 zV7^_U_FHIC@)vgD#cxqKLCA^hRxK!1uuzXJN6a+BB$O6AKvgU#rNVUKe)y9b*O(xg z;2M_Xw1nngp!=kAhOJpA4&4}Q;XNurZ-K1aSMt@Cud01PM%PP~^5!Gke-Shld}re8 z2`cMwLm49v!(BBVo3xIOvs!f>6bYO;w@_P(v%`(anAC7y8~g6Bm=o?Rfu@Lkgsxmf zEQ=~8SE>I^J?6(-q_zXB=vQ{qWOCHMuCZ9Zg-hqHG-P(`{+0vnW_>vvvVl`lQq_=? zX3q^+^Ip4;VHXXxREPo;w`!gyw@hct?Das7Kv?^>h+cbHN`GeGEC4ing&5l9i`qRU z^V?~yc(3s7o7O)!YvXU^(_Lx7(SvQ&Dw=t6oS+GMmG-6j?%?5o?^}v5jyF5@U$RaZdjv)Ts8yEztfFmPu>xc(E=(t@(`(xY+Du>m@Iy#N?e2zl3^g;#oU8T+sHt!OvnW=4S@nsiJot*OTRwtu(TI`z2dGy*#3s2V6m6qcM>hfzT z3hR`L8#ng*)2!}ucB(Ii@?`d@puYm3f$2XvAY0FOBS%7zKc!N`$BA()dq<#`67E@f ziCw2Df>BB_bg=Z3w@LUuy_fEl@xBRc6rKfU#;9%8zKdnnUb0~$&x~~H3YdkdWf=q}?oj#Pof2YDME20==^v?aRuBJX|CU3sT z?}u2JSwg6GIL6?HSmPdez4{Oqc%lt;sQy~j>Ps>za+P94Q0G!CTDltJpRq0%hik#Q zY8FW;ucDGaP97bD&}cOc#e;AqL8FZ=y%XSv z4jLuM8)=x5v#BNb_Rwn)NyU!Qt=q6v2P|zvi;i@vYgz5J+(tQIiNkrF93m%~^@A`bzh^_(Y>r+(X&Y6NELk@L_; zxb=0>=Ib$AlW#XF1bUthf`oM5LDk0@#-JDH4RdXeg(Ie}(p2w>yX ziX910LY};BHR4$UPhXM!^@7!mnmRh=fT8wifeh}t26kuQ8~MwHS)gS7MMy`CWU zIO$KyjzuT+{2@?xyTG76Nd9e4btZ=@q`MdJP7vwb_n*9F_!d6YT=EshT)^u!8`7sU zPZL(G2**XR5S6eT`vnF^_bS})^Z|prfG8`^pe2E+3q#}%PU72pWU$Gg+)6@HTeVmC zwNj29qU2QXfERhkP<<|2lwEf(6ji%m>9vVx5yb{1v|$;0X=A`p`_?O!Ul0it+IUHF zNdhSpp3%Z&cHaoSsR&K3FT8Ppl&vFAA$cZGtSOAr8=|^?F*jYdWU&725%T82B~AsNuI|1m>*)fg5|7Jq`z5CaeK%&=HA?| z*C+Je0jyg|?o!DRdR?DcYqi|m^@CeJ{ZWu2$Dw|J8esaP#)4JU1;K&XXBky=CGJ!9 zIB1$Zz+e!R3DIBBh+(85BJ=yUo;kTXS9s|l4WvakqTKpxwnQ-YD|A-;nuUJ;@8FMC z{xgP~X6D(PPxFmeUR5Ll9>yh;K=}QmP4Rcqtp#$aDo`i@25hC`t8o=Is;B5&xA_(c zOu_ot+?{b<^XrpQmnh%h9$nkbO@QhB-U=1W!}a7sX;S~Z9j0zVS+%@h`@`O%kOd{% z!&VT@5AN1tNm1elkEphm{L_?`N*!(;)(Q}2=do-bL?O?nW#rZ=v_*5W;9f#gWFM zK5vSBQBg*=F}^My9K$Tdfmkfj+6?%^`_K+EI%f1OeDm8WU6>c#54vNa^vfz>!hgsF ziUP9;GCH=J$J|mLgAX6mhq&Rqj)haCsx>ntryrLze$G>b1m8z8B1Q#-K_lu}bMQT!{^VLoWjsgcVJJ701OB_v}=%2MC60i1AHls(h-VC z!~UNLTBymb`i!S=R+aIQ5DDK3W=t1&%DKPUR2v9N={qQL%}n{O=QoI$h)@ei%pdu~ z*A@^+8Q%w*X&7@^6`G_HhMKVa^df5mh0DKHvTCI(=;(zJ^mACg|A{!Ba7NaKc;bcl z5eio5EZPzlnZWt{>Lx&!38Y^n8H?#&-`@ zTXO7w%XsfaB88^x=CRJ@_%h_%UvmP;_sby7*7S$mPpD$n&xOLD1rT-?sCLCHkXiWO zZ=nTxX|Hdg%q;dfpD_KvKmYaq8&JMGgmA5l@l(OqkV;qBc0J;Tg1%fB5=5e|Dy*na zed2}*z`;D^n2IzmS)hVPeZZzKsRK?`%yTDfQcBOm-Z#4R2ba;31QKl|VQzs!xyDqP z?o_Ummt&@iS2kh>^0jlyylx5Dt!}Q=)>6zK_YO=t!T3;|)`Mbw0AMBAEix31=9b?x z<}M}Rce5k#Q>hD;Ap^z-7`idoEgF0-2$CqSQi`tLqpuetx>nR@TFDPX1Ll;`xl1cX znPunw3l_?7)L!RKy+xu}kva=I{-E-h{9D^?q?TlBCwzGyqedNlx`+OEs@$Px9sFy^ zV`9qWILB!_ND%%ps-Eb*PpY+mkXJkQ0JlLpx-HWzBttp>UqUx2t5;lG%Wr3QDzGeN zo)Bvc6B^%wd@Jr7ZS#T>e~xJr{+(Fu;Xkq_Ck*5K(lF|eYlDsi;{M`%OnD1 zWZ$y`(f0uuim~!xsV85VP>R;*zt{)7$mi)W*uSg=H!tEB)GDp(py+0uc#LSbS&=Nb z<}=yE+FVl#!onyG2{twe@yBG80!{+;BF#?w^m8J(9H5w5UxGD#RBO~k6;YU_Fdt>! zqyQ{R0g=#(KQ*uzc6fK2_7U;NEE}2{XF+B1faK?$&w)bm5uk5tH>e|VWDay@#XJQk z68uRM0k)k+i4RHl#ICP8y98xlgT>=*2Y1r@M=b7EwY^-W8z{Y%woSLvC*z3wmj#ylULSDgYT zknk{<($xxd8zq7{hlL~_&@!+uisZu9X3($9(J|9#dAjqSNLr~bagecsd4~X-Qlz+^ z&d@$d&j>2uj*?K{s~;_^R>-RC&ny3SxGvO*?@mJDEnQgG|oRKF6wk z`p%P+M**Xq7(zga8w|~rxQTcI_X0r=hoP84n%Grz1$XR$^k|njDC327oSsEP;Gd9m zNN34i>66xD*xAYR>Ez+#Z`;Os{+?k%;o%(Kw0tSEQBL$o*=GXx@DP8%!b!r89p0jS zuN=5x-THD^hXru*am0%q*1mT}3Qv;F@eP4R+o_c>5jj*3=J;0XBRoD5<`8F^_zyk< zh6D%0SV*3XAjl|j5ET#;sXSVEVfF7$8t-T-KmGE!CWJnV35j$%Ehzfhl2e!JhKFr$=p#=S2GwgT7t z^T>9$0&SF;u2Q^Ta`}>592Fe{E1(8@GzMJWs%ZLcZNBOEba`p7A;0q|u~(XCT855? zTsdP@*t9QzXWfz$+Nh|)+36xBa~iCWd)C8SR3HENn7FEdh;^moKOrrCN6qoJLmXGG zY^`Bcs|^eYLn{J^v5XSp!H;pZy_ukyo=sCe6^)#@3_><0ks?E;7U-ZW)j1#71*47J>K3n z=ikP~18iAQRNRP*NovdNtkoJG&tIZ9qH_&%1HHU~??V}v$|BIkc~i(F#cPtp7zYe; z_26)<*feJpCiL22d0U$>r3v0Q{LHHz5cN;6MqG80Y{St%^I6kelFl#>E-`wBYK>xw z+TnDU8|A;KuRNMVOX(^rsfwtg;rvPD{i`d$ROC=T15&Vy1pNMzABn-1URM{emIsG9 zEJ`K<6>yZQSOyWnsw=I@O(KQLZY?|6g-sF;wL75ly-y9n=L@_d8Au2cN+n4ru$~rB zOaCsz;U=D?sPd~Mz4s6Q3X`%_^rUFe#sCWUNeQ#Co_;ql9)(*|Gb9U^Uo^JXX03^5 z_PV8!Fl9a7Lcm3Tb8UmpRAK1)r*W0>aKW_86sKHZ=B4l$4MDGNdjGFHUa_9~l0IOA zZ)1n!NFeXJ{tifQ%yc!dv~dtd5Am>$KsA9iHUQ2yVX4sk9h&u4bF;!Q!&Wvtm3x8! zOiP9k{8+f40v)FO7&(t5XElxY;*vf9pcHD+nBPuzP0g`5PdT3<&!&Qe+1-9lpdVBt zS4uUlPEp(iaSTTdh56SEu1e5G){n#M=49|!Sm;rnSbtw9&*1?_my|WSLd9gPO=)Po z9au;-kdkZ#dXR;@X$;#s9O_(yslmo6Qz$}J{t1$2u3yrFqg_7N1+h9KCtB%$k)y62K2b(12XJ0y#(3R zrZt?=I|&a))I3?NWqqRN!{(eFL3dKBMZ&p+jWNO_n$+^87OB*L3HQ-}^(7?eeS|_% z>z6R0CzDq-h~_sbyBXXD4iZg4yr)|bL~hOR7tlZG->dO-!QRlMV|A*ZlopsjJ4X9v zyLi(3uCb#d%^a)cA57PO+t8@7L6S!}FTFK3$W9mdyptcqVBDYqoQ`WG-~jI}Y^+t> z+bJz7wkkBxhR6aAM@btwV67fnAI}*zU4Q8DfALSLW~`HNt4$rWAL{f!WEsS7-m+>U zF^1_+UH|&jE3W@N$BeYuiQF>zWH_--1i7dsNJ5Hm4F#?VZZ>=dJ~w}Xh_XcDK+~_2 z=BXjlHVWy-@4o`EFVz3>oxA2dAid)@m}iz8x^Uf8Jb@*n;%bQzYNGx?i|m((E4 zP8m@L+l$s;E!FddE?87}M&Sto4S9X#jMAJRbu6y443wye2E?L&Q{sY z+e*`rkjZ&gG%GPAy}6C#1QA%mWjv+4r#B>JE6&IS>U5W0XYp28q~sgET(VxVfza%& z%<3Cv(9o~^JF)Cn?JzXD|C2Sz)=C%6zmHv%?!;pPVDGlhKT%=P?wQHlqO`0}>!@t+ zq85|4s&r}upw5e~u)Hc4Tfsoq=bk=oV9tC=)(GOf7JC9TXMF>Vnq%^UXH9Nx`RN*j zxnzA+)kzk7w2MGV(kxwJQjAwjVoE*fEvBT&a(_b@jbFMp|720P893de1XVvP{#G3! zUY7f#GJ`U{!RC8dR7B@X#&=Gg=6=i2Mk`FsMZ;XLk0076JC+I+mPm9U5DD#+d1OHn z8zvqm1Fr})+4XU7A4aQ8T;ox&G&FP1N>J|;VBL9x-;6~(9us$N4Ld}`L;*8r77-H} z-1Mv!Lkas*x=3Y8r3B0s`6U(=;p80Pe)bshStTo)7813FhmCsRu)NYLCDD-5y6O}W z!p6&F;x%bGUawZ8W1$*}Axe-&q<47G82#Sr>jJQQAY~dnmS=)c-B+ zGw}UBvw?sshC!J;hk4D*4JG>TuXygT#!e}Sh<(9iMrWiilGExv!8H7;dK?&j*&05V z+Sk_E4r$z@G-Mb1!7TDi9c|8>3mu6N9^;{y8SW*HsGnm*k4N+Hz`^pZSEb5SZ?+2h z>0QhWv`n{v^2Bit@>2!+|KSi(022H9Mk)e#x}HA2;(azyyqm;3@1RU$Cx?iNf3xMB z!1jY3V!DjAr>=cfKDQNM{ES&n8ohW-I3F`6Irkz=>)at#kx4ig@o7-QALmvRF7LN- zOHhV4ue6m3?n=L`@zOnINx2?!;ooDYRnA02!$$=fO&f(cYmt}922A=6rA)8tjc)`) zqlM(B2F>$p|0=)#!V`tHbKn`cg4+3ytwpDzh1NRvwFV#XLJ(W>f#0T|vlTy!a=pf# zONqf#4TT@ygLb|KK-I^rmtUfAZCcZjs+MrXouQlgngcNs(-OdaK{`|32!<6|M5Luu;zPlb z7WbqW9}d#V5)gu;foW}ni{Xv&E9oU}W^AT*picYeOq0JNYNv@lx){4ivtm#+trg1% z9Q{m+#AMoad8}NRk$LyeYM4Ph(=cmL>S_;aAis&G%;xjxMR)7 z9BPjP`CPch0GRC>v1Gd$OslM(Jco5%f!Ptbr1nZ;$hi9+zmTh4h`BXl97`H&WoNgj zjyNW8f%BOeByZH)7%rIh5}%HUv3U7ij6)Y#>ikAaeX~+y_fWeT=$G^GHeR``9kEdI zn1qHD0HZ|Wp;6d=nCWeK1^)Y97eml*Lg<#!H}Ns3#J;5wr9<5lzCh zMpcqA(0&Uv$kB38Z^pf#7wauKo5#1533;)|3Dkm3Z%?rt~jcd z{>c#N8&V?;NFz0Fy}KPCNEt7>%=l~6M=e|{!x*n8Lr}+0AxH5gc-B;}ovb78(1i4ejlXh>Frt{1F*<9QNkpAPU;-27wO0A2t z^Pa>S8c$qGOx2e9jdf((gP|T!19`mBWQmZ$ahDCAmdsd(T5tB1Es|2bzT$!@3khNE zHBoW^+OUsIuQNG9$kpWOC+=oMgnQ?sipFS2?F{z=35D71MLlHZ7}Bh3#AA}|z?u!6 zlyI(h28#8?41&;*GEU}rOx-73Io7KF3Ol>lznAkz=jWkSVMVJ;jFiviZP4b|RPU6Z z8p~Ojxq6=Yo>+I9PTa@+B={l4dq6p!%lCkPXxesz(}${%a<=rek%^C{oG!+9N%XC( zQs(_M=@Wm3lfnz3mzY(TJ^sMP(W6cR5sCBUtXn03&@vj`HGaf<4gM&O*ia{cBwLHI zHyxv4Qv%Fsaz=r|G?WKRab933oUGutgrqFj$cv~?s1vpKU(urTfFC~^_$eL$za^h3PBvBJiAzdmT4NQ(=jk4^&ul{(q&=?j4Ex^3wS}wC zxCrSQ6kIYx{c>vM!Rz$C_=f@`fx|~dSj(tny83DRSI6m&BV^sIvDIdZ z#VbUs+3Di=y}@ZAR15J_1{Eiq0xtyhkd(AmD^Yk~VE+_Jx3!#7wj6lt&VPa>c=yhV zHy--Kpd`6Hz!zy%X5(&I1042tVVcXmi4MdM;Xm^!tp#KH%ai2KS(d!u)fV$sR zYI+lJM5th2U0tEkFquO@+nc}|(0SL!8Sv^8`x)f9vDMQBDr=D0nHTPf0dB83J=j6( z2^FC>+GO2K*W4I%0j~V-UziiR-g3WC*K{KETAH7CFev593$q)YiUSmo*to%v&5e6` zupWHOy~oV72*17Rw)pdEwkfQ|iUNW6M!vp_chqq7e|8QtVvQ$@01s6cRUK8Dx{l2O zN%ma@2~{d%%kK5=X?9(*&D#{ZJ(T5kVu)EZ)VQs=^OO|hb~o1xVqY9~va+a7=k`Wq zB;f*zgaY|SPFRxEWB$RP$%2GlaJt9j6O|2w#>daV+tyCwC^WbO94Ng|creeg%g`Ti zL<2ESeW~x1_59$?T59bPR(KT>CdeJl!_5;-!{pp;Kf5+cNT8IFVPR-Hnl&rVMHHC1 zF0JsRJx0#|Y=}g61&rhpR!^Np2r6C1 zZJ;xQgXHO+`=dewmjb zk07A8A~@b9=!fD*{8mnvJFsO*AmXUf45h_nHCR5o4x?@(Q(kzmE@+{ohzL1dGe!;K zcTnUy3fMlc7n1e|zpSU&h|y<_E)rs(%$p>p>DrC*MUqWMg(v7lt;P~B9kQUDgda7n#xlPBVcwnWw&F&Y zG1O{X9+1}uS-6OWVo*pU9|@Nfq^WS^xaK8Z$P2<=twvH#k9?8IOn|CiNSg1&NO3J^ zm@g~`3q>2gt7BB=)_};o7D&?Ju^_te?0-T< zvwvA!|4KD-_O(n-nu|DCB0Gj@`&(K$gO@Jn7IdefhgSUOxnWJ0uivGYxKl4yFNIkn z&;5MzHMfHH;pCvZX*I=)JwOXlX2U_(amsf6rzL@690KT$vZvbR8d z#!ahbw?}}j$XsTo|LutfeC|)m3bubewHeZS`j+_RNt}>fzoU0%rXk^%w~@_ki&v7o za97hc6z($_m$TPJaYhi*Y?O0@{X$t-=YObheg$6UQDab{zBu8gNM&rY?usEI91`)k zkiBhBf|rF55FhCYR_SJtI#iRWxcv|@tPEa*-75)3Ts#&WlI0OOpFU3`l)w73Qy(c8 zs<7OGuY!*^is@r*;gN4ty?nj6ET!)GfJS1u=Dv>M4s8!D7y7CK5xC0|TOP`xw+s^@ zQ*hKrj`k@V5B#Yt9>aV!7F7=uOT=j>+zm_K-agNJ=PwUgSY=S7 zamP8RJohpK78_Fqtcn@d@qM~)ne&Hc>%=`LK{~id;T{Iul`jFr`246Yj!cnw>tGft zMjOcY&*vShu9GIz7Z5YwH%a&5W#QljMyprG06RcmJ3Ke zOSPt13aP)%o-|y6Z?A(W8?-hS(Vvtu#$X|a61|E1k9gm1)jbR_O5ra3=f3r-XOMef zu}Yt$OBq^n(xu>x#)bUE}~pyfdEzue<`TQBl7Eb76ho zzwTiJ16NO9Dg4MPsHxAu1dHd}ISMHh&Zl-WDvKzsp!EIwM)9wP%)Z7YshX;7W3 zF0A>d84JP#7!-~aGzB;u724hQrgnMO+_KW{_0vR_DM_dcP|4{x-0SCM+||34eDBp( zm1|byMk;+yk`~L|)cvtzxGwt5p2hJd{Bb_Gql~msVD`3{3E+8jBklbD=$Ar(=*W>51Ec*< zhCHu#=<$Kz#bZCXRA@h!4hQe&$I59N_o@ein)r;62O+DU;)g2cvr5DpG$B;+8r$KrmHK}pf6uq-cVt2^0Z{*G}rusqV7^Xz9^}* zC!pzLarG?`5YLX-Le|ngR7;UBN>qKAqf=%Q(2#F7PD!i@o-=hYcfvuSCl6SaIsC|8 zfjE?BtAah+@R`lE?MIrV+rfR$572SE3SyWqf0{Pz#HjGO-dOuLgs`HOfjE~GFTK;S zdR)zUdhnJJ*mI+E(rMp0bhM{hDObpoG+GMB zTzXJ+JFf9~mkcR-tIeMX#f9V&Crsm6mOKReIFrsIfb#6vP{oG3dfce;D;RhLZUloR zxjK>nAVGk>A7V5)#m9d*U9X@*kteq*x0jKETN+nKurL*}YO~))k8}#eX!-P@@UkLcoa`d7OVNA}{1i_Ts znv(G(tP9>+v5Du;uu*W1{Z)b!XSf_e(4+#h&qN=4TMpT^#2;{r#*t;uw`k36A}9#M zN6ayTTaXx31WF6mihjtMcbv#O)DxU{vutr(I^{Mwlc7G7^9Qwcepe-~bX>TuO4rX> z_TWkq&=m&v7>l|f5|gz+PW~8P6g1O|b+~32aX~Kpmn-28PsaWBrS;gHiOQrzpgEEduvS@DUsX-K2+Pe5hh za@nZdaG7~lY(SX26pTUE#3fF=M;^}{h`21x#g0eSmf?-BON!(*k#x_!4*Mw5TVfs@ z(v*_@gd0;^THM7O87XEeQkL#TV(-nsSkV0T>oOK)mG4#Qy=3nr&AjfkScX_?fhJu4 z51sV|W%pD;61UyRVl*ScwB3PcxzSd{U$1+)ObzA2p=$Vid%|TL z5_^0oH&0IHYLHOVQLKFZcfmb&~mo)$o9Z@JKTGT(0F^})Z14<)! zsbYYsq*0qL*ws>fGnh6Ng}4sYDw|b!A?e{Y2AS|{(iPrTCOv!Gb*x5#?w|cFN6rWD z^rHwR?FnPF(7EYcySP0UW~8%>>nCOFQ_z17(xY%SgrG#aQw!l6_C^_F0++76Y%mGt{ydHjJXLWYmVwHUEan_L3Ve+t@i=!=W^ms+;lmS@=hdLIcF z%{3)};Xi@MH-H_1PK{q35BKRWfk%1Ov0x7qK|0)l402$mbZQb=vJWMCHqk>m$T4iWq?&Bq0@fbudPig6_wOaZMd?L>z{Xe=KfwhGbtl(W}XJ z5%i8$9?O*>9?klt!@3YX=Mk41CMnjFb$vTIM)4i^o=7V+vW0G^){6t1=LxBbW3t*n z_XZ0+q^3GyK{i6A5#UEm;& zNIO8|S$*bd#6k^&hANlKetd;CdM%%w(?&AE!Cc73fnWdE@k{D^Xe^?#UF88=xCE&{g zyzAmqW$pb;3l5guvn*L!)#7p?Td%*>VE*>&m;ZM*I=eG6m+%tYfpj65@QD2)$ciU= z)E^nNO{Wjf3?@Y~>54SWz{uA_l+vu=1jqZ*S$Av7{Q82O?T z*%EY`Un&Y#CM$km1nojVlO@22H>o&>>>N|OBhF>I;raeheI`+vC+ME+fYm5vdLGK+ zFeJd+LQ=0}ydxC`uzOo`A1>|1u&rjsWpNdaKzC8^rJXaGzJUxj%Z@qW>7Zhgk-92> z_lN|>52*R;rm2*RD1x2c9q@@{@%?T8_~U5kD$=mV;pWw{8U_SY!d=TuueQejs(B6h zkT#QxpX?yzm+$yxUtlZ0gDb|%>HZQseS3U_+-wIsz=V8Dq67B=5q)g*DC6aYI1Nr482a(}`@UTKR(;*ch4-1OuVD@l z7B)`auQ}t86|EKBiB4oiH=`k$R*u*k8!jHUJ#7>>g=ojQ4A#FjT&Gs7r%{M$0dtEi zM|3NOem?2E+*^u$;8m&*_L)Nqr1ZZ5}R|ne;Wi}KbHZ;uX?rimg zcA!Zl=?ii(GS5Jkk#5sZ3`Qf!H^B>f0V(#Fm77cP)@2T1m=$VrnfmX3+p4W$jWPU5 z^kbtirqL|@OVA$?d$Y!%(msQ%`^|4d2Ig_grn}%qzej1+(Pe!xJQN*3W+^e8CDij~&g4*qv9$KuRN8#J8e@u$`eicR^+SK~M5OA0yh12@{HW8#Z$Cy`|+Cv+$V1^ZTWxavXT#ZLAmxlBfH} z>&KIYjR#XyKj0tN6M=*PthrnJx7Jn-p!3NVI+5;k=xpuyXH^FqK>S?y^FZh=rle1g_-46d#&Wr56^@&v3Ps|D?2AJ2?mgn^eDbu3gvNGwz*Ep&o%xz!NXKP`2T=es<2bzMj5@+A%zx;)q%Ul?(->0=-rV^NyZgfS0dtfUEc0 zaVNyD`(RhPYFX}5DoXYu`fwuvlKiS*Is8m4q3SPtL>No|xmIb>mI)?uw+_?Eww%ak z!%)+QP^!ZT6g^TN;KdHGy+xA0n^L$I@W8oh(hlVsxwu+#dBiA-_|viYmi1>+__=%| z!H<@j9qRE-hCC2>*w|NtCQ4(17D!uUsbo0-#si4C`yh9mq+)ek;uq z7K!_b5RDxqGFhupBfZNms8BB-uqz&NHuyK> zS~qn+sBXB%P?Xz3_&^00YAYW$v5Jo{9sRG6yk28RTX{iWid<+#Ng=on-nXCZ-x@a- z+xQ~-I94aNg@*AtQEgSGj9xm^FUyF&eAjBF4;`JRp{O0yH zi|oQ>L*0#y4Iv~9v#QQc-@>#J;)QZuE0?FA;y5KuJRgJyZeb=~ z=+xmp`b{|~k*;$&w@X>o|( z)UfK7@nPY{z0g1Zw0b0u;|?ep(78)@MfWZEq7Y)UHWq4VeT;3g3j#wxuk};VCg$GQBPcZV6Y|Fw^sRmIB`kK!eHy;@E}nz7qn!}XK@o^EFV!IY zQQ+=dPiuM$!KWdZZW*vA8M*bg`!}$rLwNZDG`Tim3wBG_4&hRjskKLBdH%#_Mp!!2 zXar$bINT!E$Hw3!2jRMf!V_iToM=+PBU7i}DT;#S#i)R?yhqD7T?Ol#&sYkZ#d5L` zD#&s?A1df{yckMPGF1kfHG7QUW7@adpetfk1LPBtj)F$zdp`lc&l%pXYwP-<`gC`r zqo6LixW}Q%oDwoVR=Ta4s6m&@*=|$#x1)5OR>}$9ri7BRTKZ~nsG3;h$}S&NhwuJi z8#r|*{1W$U|LGWLSp}*(1Q0z56KRwxzCS<{>Bzqw#qPwD9+5;ZucnR_9IUOa{l#jCkNsk-EDq(I*?p@RSw(I4 zhyN6!C*qzAxBaWIPe5-iJ#U2{+)$Uq*k#Vedj={DX9s^RwbJOa!re8Dwd;N0V-{r6 z7BT0m%%lnD^$OY{jfiBnz{sQpJM5~&0Zc>2rntZVMY}X+LhTeqSHLelHukKD+nc|IOgf$ThEAoImJO z3cFr88*1v)d);#8m1?m@?~4larwn=#djGd}U!3GK6ODim!-TA7eugm{D-^!Fk4J&C z>#WGlg%fI}hrvRAmh8Z0SN(6S%UXmp2}R@i$4$8OJWhxw!PpCP?`L`tI2i-KaWB8~ zQceGs;?L0lH_^n3&Q{FFmG9`FS*lPNpwbUd(ru7%Cg4l#>ihd8c0K=RcHOUjfHIL^ zRlJ0=_yRS$nG+1zW_C!F1N2Ek$Ob>VxE7$kNBtlgjd{7uWov)7qz3Uw#v*2PKb9Bc zDGn{w`>FqY(90X#{oO6Y+e}=1=8q%ziw0Y*)_gH}i^daHIi%iB8(w;p`L(z(V4*7% zMNID+Ez@O^We%0vm^CPDTH&fvl{wEc^(f)A(Lxq!mQL56(tn0YS~R0>O0H3{w>T@J z*>rBwp)>*njj7V~L1zHif;Mha(y(D?C0odTC_P`T7cEJnD>sw8UbQ1hvGU9{NVw7xyspU`gEj>PXjS4z#r;8%v8eT32Ie@+PXVcAy+T;3BRN| z3IIP15d?69C58X7^-{T!0rO=kBg2=QiRP__M@$ z%7ZjKR8vRbR<$B3>MqF_KRH^do^JnKZ$EA!S>nYN?JTZ;{T}B0UNk6`o0Tgl=?K z@iAVIj#WD!x(rbqmUY&0Zs8bF#xdfPHh7t>Untfr^n}+ag`B)tqC|u|Z7i6q$Sv6< zI1|f}Y~zrfIPSlG-W-$Zu=oFSlxC+xptI;bm#MPIPTQk(sadvM{llBa>m z!mZ4URakl+C`TzHu6U`$zajA34jmz#M5>SKy}j|OiztH^=5iZeChBx;3rQ@N=b8Da zCX1+9@QBP|x|lcJ!qN4LR_lvfr2jP+t({=ot=vBU5Yx3B)CDVZjDKeX*ofXHp}1wu zW{S%M4lOlW?r9@*0wJZMLNcU z?ooRsdNF;=2P^Kp;0@4;*a9tzv?opcv{}02l}Dn?1(ti_toxM|+H^CNHy{qucz(WF zT2?SMBG{1fC;0($X*EI$bPpU-=O>4cR-McU<+rPKY8NpXC`nj9I9PA*wxASe=Or$g z7x-Noc@^!9&)IxcADHY)PPQ_!PwvsTYs!N2?TC@)O24VAwtkkM5gvu4Plbgu|1803 zD-6AU4O=52{2HO15RRRLOEgaWCXy*2(){e*oiP(4Qc!041W_wL+xhK)b2j1_2MYgu z1hMNE9*=$Z*m)0dl&^QdV@wC92aPs0kY+Kyo1P=dn`cl1LD-clkG1ab*drpGZ4IRhaGJG zmZ&)W=J4ZYyo(@+Wde0CimWETtF-Ldt-e3xSWNf8qgkwaq)yK!hzk*lyL^^K9DRBp zi4EbQ*ScpKOf4GD(Eu0kOkVmY7MAMPGkX~eSAD82mxeRLTW^cH@f}?eg#81`q7Ri_wipZ6A4blceru;P-6Rh zhMW*Wkv82BZ#uax?f%|ND7$5jmvD%_T|`%yS4vtIR)Er4{P#3yom#UbEGQXm_+A&X zKkO5gSF0J6$vOrTC+XA1yiw~=#WAVVdaty76s5gubr_D)H|eHWDtWStxJeW#aU5c; zb5Ds>meg}Ux}v0QX<^xa^>c(v=Dp#ah7*%)4Gzj8@)61Q*HeSXQ+G1>Y>VgdZA&lC zuqB7GZUoA-ZizW#u0^ocDMV81F+G(3Hg8*CFsIo-Dt2OKr~AD(i8oU3!2#Vh9l_$0 zH;{?S@cZV@B!svt)FBsDI?Olmjp!vevBb`bRQ{68q{-0>CeNqRbpm=qcyk;i$6?ym zw5DHRNdIeQ_Wm}V~Dp7xk$MT~x6lsp+F!X$B9RvbG&UoJ3DQQ`l4xJK26IVBJ| zY`%rpWCYXQ|18XPDJGHXIvX9f^+$5W=YTG)%in^@iL;Cj+xzI=!D8tFO>J&=Z@CI? zY?IR1Pj{T3{lvns%r_VS<>2+3>ak=lN#SBO=LZ zs`oDsSwyFjW?mgh=z~V(9KP-O-tiwmV`$tQP0GR`xC6!z~5WZ{1 z^oid4LLRHP`6Li*^*W^9^27iC@$?m3akO2KxCaRmAXtD92=49{f(LhZ2<|difZ*=# z4#C}FaCdii_uhHG-LvO(&kyKly6?SJb*p$`GZEjumX+Jwb>rQ0jlkQgZgngp+u`ho zJwmBksHo#O{iap6D4`j(4z)%PK{p4V-g#x1iXgt?NW6{{=8v7MMWv9DuUH=zu!(m- zeU1zAaj{v-IE%!V989lQ;@3$=aldVVvgT7>le3Gls}hk}^~Ai%Rq+h7-N{L}h?86M z4kh%oD1i44sdlC>{I%YYE^{TbK&`W&gOE4xcAi6OtDZ;jXT{RwdOwwZU(_?S1t->+ z=)O)&jx{by<@fdEO0-7tVt14Ijhvo8rnD063EjkSyGekQ z%0h1Lc^X3u%J>nLO#OjkW)Ifr!KGDS?{s4Ht14_3{Swz1yX z)%oKHhZg?3TnrJIU-*VS192~WUkQY;)p4ZI3hs4v70&KF8v0eVrB0U;z7NioG3AdB z_MYzJFG@&SV`Do*wyTmAs#%)@8?pD{@+cyIWV9@#OJP9b0w(kg!f3xshr7El{h0Dj zzW*Dr1Jx2ICJ=sb_?ym<@GJzYGy`)+WGm_AW)$Omnx9VK6I*Qwf zEY#)Q#@L(&OD`v$AKir-4n9R9{|Qd++Ae=Je&VsoPT$lzHy_`0T?d0UCKo1Y?vVt7I`I{ ztu)pppyuw(&uaZ|VO!t0nM1>V^}5w`WmP|7LLdLG>+tyL>n$Y_9mC&q*0D##i=``M zjPF%x@(@b_MvTkhiS@~EFkd)0_c$0foRiK+phtU!M||m*>qjQ+o;Nnfx(ig6+WQ<| zf#&;5y^Z{z-CtHFc|IS8ikMIEE74H@%6z z!L!w4l|3+Wbr;y{(7XoII&opsw!X_YUlkpMrkhn<7`bV%T>yBZyB*rQW_-)H=?P-CxBd~z&s9rrxK2o)c!Dr2QG=MSbN5qfYN?JRiy z7t3_3C8}~?mI8-0SDZutU+)hJL{JWGD%LSpwan>99|L%OgB+8@N8~5bd zh6ZZ%-*%N#%_eDnfz|z(GYZL9Q-)~?u|^V0w@bo&w7bk!P4H#7yJ?!x?2$!8_rBoI zh#{@hm`NfK&{-fnJ5NwL(Ik4he%@y5EcCbE?mBtYG4+xhE@z+kSEK9aGB(N|8r9g4 zxkJAnGPb^njWA5qlU%m_f>!qW`o`G_p^3DHtqIb2Q~^1) z+WXmv0ocA{nOpZ8Ft`{>$(~$pck!llQ6jwTxo@#txd4GGF1c4<7U0fzvln z#}%#`E;QhMyh!NE?RfEKxn}o-yOOg$3M^&X&MT#DZ(2AWcgF}H7v0Y;&II=rY!-X* zj#Jqe!TI;sHo-raZ+L&D^PrtL3B5J+l^H4}y=!#o5%y$?g#OW1hGVETyb38(u8^yDFSs~s7)fZP;c321jm-gs zmf5WkRJO0JWRjlI(T|bAbs4>Ug<3^DkrS}VFP2@JE_Xt|*A8qfd6j4o9L3H48n|JI z>nF~AQ9i6J3|DTpnoGe{7p|Q ze3DgqM`QrsTWAxy@Q>BZp+;`uT;0oBxN%Q~EN-|TNA$VGp;5ZLfg+nN0rv;{zJDsx zx9f+=A7C~NgR=V^WV&?tB##&hTKLE^TZ1fG6IhL0U)oyS=2F{?xlz4^aGxkf9Px{= zLcFv8@sj6(5L=it3rMh*dl+1=oj!GC8a;le^JDF(o71m|{d(;N+%I^*=!taEAJnr& z+M^WK=7-e6B~VkqUS6|)eXx(=gXz)cA?-%Id!wR;t|vxnzuDe|*d%LyJ$;(^ju+O- z`rUJ(Xdzgr;kSCoT`-pvlnfGrqD&2(z%?C5Z180{zsdWqjT2(-t36{@0dEJs1+i%$ zNBJ0v4Cx3m!6B{~&Z8Ebn@<2z_)a=bz_674lybeZE;D&9mVGdd$56P`eVceg#GnE& z@pg*0NAn#M`G&fBzikzczEZZWUBgg_SGep?@!pAb(Q!RLd__NF24&;N&bBvKvoB+x zD1RPe5k@%>mJr47XmpozComOn3_gCHnV(rC^&<56@OW%yZ{o^dSy+4{KH>kJ`|UI@ z?3Mo9&Fe0)?fJ59v72}fRt_ANU3jB~O;tE&83xasQ@==zt;9%k82EP?))kxQbeMmu z?{@>QAyHR{iTcBQ)Wf@ErsKU}4<$Dv@|M3a)aO&dVDR|c#HEu{TQi^mrdWOZsS8F| zQx*wO6f;3Y(~k{#bT=mWr0nd*v7ijq;Cm}rv1gxfw^x}fGT$*Ht%`2MLTZ=`jO=RqDKDa9r#nAt)cTev30n)I~WPLJ5(g>>GI~KdQOj`zo}_usY^VxkQ3+ z9>m?Mjt=-*Z)ESGw!RReNf6mmT`}_4~ zbch@|K;xh@7cg=?A0qvW*T<27OHnBrs~P8PJ915mv{y#_lH63%A?zTe?0X-+31*Co z=&a|$DBpJ&RnR}Q$m#KCiVq1YlaG8JooHTUx-dzoVZLONXDud+7KUEk+pla0 zrH;tt?>*QQHV&r+H;*X!i5e8=Zy4jKvoK@!P;P}O8ZD{Hd?9v+__?+Mj6ILqgcv<+ zM70!{-%0FzR)fvK!m#>$%}gb*NNU;fJG}!~B;ioTIy<1ek zi)Lo&8{@|c*Y)R?$c7}HtRM8*&09|=W4e0x7K=bZ!Q$~b2t5)#2=ej`0Ji+{t?d;{ zAFWEMNhT7BLH$|Yw6!v@*6wZ#wzxlU#?06cyoA}bJ>|HtZN^4tK(6+7Ju6Gnh z9R0JgFznSXKU91oZV}DW>m`Sf^?;ABC&0VEyC`-9yOGX>e@i*PK2Pr$ZzF~>T~(g=<8w~S%+S8!6Ewyxg#Mj z9Q0HRJwa(-TY)TgAG16GZvACUf&@Ovm$ftt9zH-0OPjfNbl=wgoivl@ z1<-H$@5>eV9yQJa9UWZJZzTQJINM>Hv$7Jq%r~!f+7jxJk3u8n5G94GS`n4 z>nGX6%_}X4dYvp9qY($ify_7ix}U4u9jm+-TP`-;myaK!6)-}5 zGJ9SSz-ruT1$7kp0V9+7(!?+jU%Ep(H~lO?UXJ4dWaZv=-KoqtymTRn$+Qp~>?%F| z&2XvR46C?tnDjcJ`iUOIWSMHPf6Pel1N$o#F{!W>_R^#>vf2K|v+kIuWz+;~`&f@#% z@LA})o$081VuT_UEtfz6q|C*?L(%}GCkF-A!gLPQ)?xn6IWYJEY6m|QQ?Q!n0^c%U zv%Up?e(sC}R|9!U0u{;ECipP8Z70k3$5-EBHIvr8)6LbM?>{)bcf*6u*TI8rrc#Rf zUC!R+=eUsw^v1xxurog#+aIG}?d}eFX@3{M+?m%(n4H^4P~$%Ry8Z}WdN{y7*gQ!hvH;#47Qr}T` zN(yX2sW*b?k`UXdp(FFA9N@$a?HTl?$VXFaE}5inKe1J8gk z)BVo~aYL6w%J=Jk63yicIWm`{mT18b7ugTXdu9kveP=`%glInReSeWHC04#J2Sg-! zGnzcHCNjxv+ePQ0#Wi(3<=xl#x@y9z)lxPa9+kVRm8usCTuzH$9YQJLL}?a#jyq`> z{1UT2#xb*f!<{WqqJ5oCVv4})t{CiX>TSjSkU^u%0i`EIScC-u4|jRYT;Or`UFn^g zWfi7X@t_s;`T}Uk1IIb(s0>9$qN+x0`PgJ1Oz#r5IkXw7p9{6Vu>S>9d!b?1@tLY9 z(P}{xjE9jVLRp!b2#wpbq>;O1>X0Z`{Hw%l6fuvqonpbCgW^_4(&8p}OAMBV{$f{< zYWas+PE(O}!g|!AMMwY65|Z^Un&mkkNA?Qh3%&2$ zy$&hr3=uA)lX~ul(cet&k?HuSv)u!ORa9~_LvjR2FLywyt=o1#j3)*jD0uYY1zFiEW)Du5V`)(Z34f%m+}#kmBqlq_l63pAU#8Sb#r% zN~5|;sI=m5t?F}^A)dW>c&+qsZI0}JS!khQsnCAZ-!`{C;!z+IA%hjy4Gm!ln_G944-95ow?zut(g{ALnby6U*?_8MbxA+{*@76nhiN*wc8RPsv|ecY2R7JlwYVC4~*Q!8G;am?EOrJmvLcWgPo(7fie$8Z(6!?io6&a!0xQbFtKb+s8$-LRp?qk^m=3A25C;8M1*2kCqr`)YO(ql33{F9`=lBZYPAD%(P zFw!N$t@27GNAekIYp#^5*%^@iL*w$z#^K>*7dK#YD!2e~k-2^DFSglcD2syPwYS$2&6ceg4lfIKUQ zW7p%Wb`bPGqm7xm663Wz43}BelL!f)I z84z6k?;J_qFw%1c1_fO$yn1f4F!XVE^;&8WglWOpD*ZW+J*@Sj+Y9uzMrU4@{9EaN zHcGAQsOGDdt|U+ZxlGIFD#Ie3JSNHhT5qZ}Jxp}B@T#TK54bS;S(jXkq>5zx|wCq2(OSD8MWy}y`Lt84W<5aSI ziNZ@%P7GH6>3yOv|}so&Njbe=!!OLp1`4_)9YZ z?56;d?(~j^wMd8~3fXR)kza_|(=?d*uPDyr)lwxokj(HHhvv7jLoJbIas#Dr=$oT*G<`bIN+pb^^wE#!6j;1t0e^HJvAoNh}nq9EEENh@y=iuMLj(_C>9kf04Z^e+JkYVDs zG@Sv^m!^KMe<>wST}k|xKTsG*=b)xlVyPrK2o0Z)mlJll$x-*)*@=WsyypJ1C zimPoMl4>8Lich@fX>83ra|&lDlMNK|BuYImo<4P1gs`ikxR}Oy0c`N}#YEVoQjH3j zxsuq?rEUn`l6I_-MABJ2blNRblN{X(cxWAkGr6wjp$8$sZ~E>c6r;!riC?3jihQR{ zF*RAllmN|iNBUWN*imwx1|HG@B$1g|+`?ov(7>ZXwi! zV(5>fX(~cwt~JL*FC8szf5lZbBjr$fQwdGgfEZm6f2%B~(o%W}qQE$W)tnmbEa ziGCI7Y(qsuI;`AGD9hfm3NUgGpRcCQiQ=oK-t&=KANF^P%F7<$3wXYqG8Mqq;j*cG}NVD0fo;IUR4s=ostZJx@vO>UV zee|ZwavKy8DJPflit!Ecf8Ua9K#dE=VcakI)?`V@QKGP@8#&$nb`*`Wpc<)Zjvl_B z3|4zX>f3nL-tBB>Nx0Wa#*sA^&hQ_HfeQm^Z~c*++g{!Bc?emWy(`oq@kE?UEU;_u z7Y@TtWPZYsmLZANNj!FoGd-=rGl#?VsTaIY<6H9H z_-YmtPV8!7rGmd0mQtT_oZyECZR#VTM~0u4wAt-h7PH(mcIf7$_vH&&gw(yTl6X6# zu;L-4eEtk?E!r6Z*`mer`9Z2rlA))AAoJzfwt**HeMT!B6lSt>!-jdnPWuHj$#gmG zIH4T3rmA-p;rn#=;|Pc5{UK~wdvosR;vCrYq(UCFjflN=DqdO7GAyJG5-V11*Rr|O zPtFF_NOCLMTSpaKN@L{yt#10cTpKc(p5op~b3H1qE2>jvw%8uU+64y^wc6)33k#Pd z&@3ZZKbTRM;Qb9h7P(UDch9DT{K6{9A~Cca7vK*(*@*e_VDs~ zvMBJ|W#hoE_@An_;q1j<zKJml6l=;m0oL?S7x=_BQu|cYIflNXyXOk_Usp84 zZGVtGAtNTL%|al3c!S|!t_Ub&g7Izu;Ku)e5h=uFusL&cM@NsmBB^;u(K^=XrP9ns zYd}o-2yOi>B(k}B{i2%0WprlY1(^=Yozfs?5Ej3md;BO}Kt|!a5~_v8pY$Em(0NLK zWxc-7yx|{$f78Cb>*%Sp`5sl^KAV|vIA`<3GLLnrG?((`p9Bstg? zYCE#K=*>Y|r`mg4YJbk5%j501`^8Zp;~U0h3>=x;$m07+vWx+i+_57MJ6euP<+rrm z=Ybl#^CAx@o6?v6ter#G6dzp$iz)+X+9Z=Kt~fve_WkKeV@Da+%0E6N*E;#$rC&e- zq0Y6wvDM&VHIH;5utUf7_eT~vUT*EDRE6>q3D=vmzE0Fi{Oe<-GxA2~n~#v?4N+}| zwnq^_Vq$aD*qBmt>4&v)Jqeq$IF=bz)rtK=D<7R8A0n!%(qzif&(@@59w*0YJubp_ zb768CGdJM#D0ue(at}|*j~5bI4-vvdy_+%y><`xg;tv>{51M~R#u&16 zm0M#*D1M5g6%xvL*_G}u&y5K75=JCG(m$3ZlGFv{#V*JQ5>&+mv!0b?0mnW$5$#9K zVW?`F_ul{3#m;VxAt+f}A~+kkc#Iz*+LVsks^Q~5F-38w$v0|SoE7vIHflk4S{yB4 z3XX^<1W~NW1xxA8nKsHjBw~l+O-Zxq8YZO;t7-urmzuw$T*^3{6U(t*%6tSY_u-UR z$Se^;RM?iNnjo!FhlvisMRf;Tr#Xqdxsw*I4ksL+zd*6yNxjW$APG9b`nAcvb9g z=zaXI+s*vlW)|u!i|{$h!4$Ip?v{u*!sJ(Y18f}*3IL>09M6!so9gXA3B51s<3>RuO&40Fz(D%qNDWZL-B zPw6b84|2m$0U@x9g_IRW)lfhsCJjqG0K$n>`)PP5M& z`rCR;mlBCb3Wt@o4>)QZI8WRwr0-mB_Mlk(%n~&|y0FjMq=)GXJsc_yz#BR??hvbN zjeT%8I@^Vh3BBwl}ms7?k8mM zM%LHExyp4pGC`e=OPvjpR!V?^Q{yJg)Arme|AogRewuFMI277gBM6Lgl&k4B8VMmR z<-C^d{W6(s6&4$==%_XN5R>4;%Q5^TeSk)OLN%QTo(%sRB%|2{ug70hmr{i6huMr) z{K;bSMzRoZfLRIqUh4MNms!L4PzO0t8fH)TC^2f}y8&BWaM|Bxvx}#Vwwm{jN`Vcj zQ)dFRY;ul3PsfJAw#x=$8OLgNhYLL^5MRk?ewrDv{Mr*^FLH-x+qeT<9%_0ld9b}E z=HwmMqB-Dbz5);t5&b>~&0pgmbRN^_y>qEgU1JLnsYVuGHJ3+kpr;QxMw)8{HP9ve)r4M)`#%?8m$?omNlEl^aK{wN_sUmzY=`JIQwyzMZR~Q4qI$t zZ?d+|Lzx>mo(-8BXn7@#7v9Qq(b@%FTgZe^WiAJGBt*9PX=F7a)1NX=qNtg`M-4fO zewaw-)bFDEb&#oPL_9Gziu~P0mOzzqjt+f&WZWji)JLIB_e(r6&{vRuWxxQB{<}3V3AwM4AZK zXl?p|saA}kI++gHacPuLKM}b*(O;dT2Enb~*i_oDyuKEpc*NRD8d`^=79n|tS>vPj zd=HN~JhD_9UCyRWIkaXZz*QnS+>$fpY)ZrKvl{4z3a=&kP8dN}hX zIKIl|cs0rVXBs9IGAd?yB52cUhlC%Yh3zEYR5U9*M(b}mTOCXO>X(P)V#0-QT~=ca z74!+jJD;-1Tqcm>Ja{WZag{~7=@?Alz+CKV%6`z#kg>KHVV?bDMm6&DQVxT(iB0}r zVp61a6Z*^Tk)d+&uvrdsvNEpjFCY5jPkuMe;&?^ZCy0S#6bCN1zY z{`);C@K{AtoW&$L;Vc0!^J0?t`IQiF3l0u==(W4(w0-A#Zow_iZO@J=aA^~dhYPnC z_!Iu-^Qgwe$It(!rk{O36EWY&PG)+L9n1Mt!d!;=Q)JY3{_MMnu(tr^?>81#L3Hzb$pT+b)cH~^ER! zXlnnpF%rxLT$LcK{K{&dx!|t;1%E$_?&m<}{n_JZTjwWNnFhB4)-QSGU!3suw1;{h zSAX7C%YUl*^9Q}4hD9*eK}I!8vf|4Vdfsu`1@-s6TVzT|xd3MgSCht{xhoy2B8h+9 zghzm&Z*gd334clSNuXneSfEMoS3byUJjm(4`zOquDTZxNC1seFIV}INN4AL|h&>!T zU*gRD$`eo5M4Iy?Fk&xbb#Bh(dTw3;kEdN+dD=F%)}y&W#ntAjD4Yughy9%8ByhKX zYSD*cm6FqcnD<#%eNHaqspQm}dz5R)XFGjuT(Dz|(E%<+KHcM!@1{yR*%|g5B+;EP z_<`MU!qe9|Cx|Fn=X|^~zkq0mF+o2c_Ic)qN43Ziwh6!5k`gDf_b$xvy zuL81^yW6UbB>WXRV2E~fZVwdSRj`ms-cM=I}S5!GXY=#kcKS}t{_ zEOCx)SRZf_>K`c~GRx5?bX6%1cNZ$5u^m+VlBuyCrJhGvcw%C_nEO^8Kbs5Taz=Ih#tBV#kisXfX*b`voakz1eCOl5I%uoPR7%}D*jBf{o(JNCqm+8D>M!~x?;DRvWp_%PJa-5t1qY3m%qplv6w%u zbcJeQ@e=s@knAfF`mw+Q!|UT{FSd$u;mN@ETC$$kcHwgBHu2lbCmxJ8=r^VQ*)(52 zK@QWe^4AuLKt5V4%hScC8wKE93#m}E%tdNXRRcWtB}1S+1&-2A6BSUZz}ZC6s};$r zM18H|nHM4?>D|m_zHAh5_1YW&_yqWtE&*pqbdZ_S8skk>%{0g|T`%0|jw8zp9nYYu zd_STOdQW6q78cdvOlvWc6kDxBUzkW&XQf+d@?aZcZhydxEEEkf`ON5R6w@-pZJ|&b z=~a&|Ho0v{<|ej18j$$O>0<2vCA&-|hAmXdzkvljOq>3RNyB{q4k2B5e$?x$*j16! zzpsxpXN#TR5_4c>S)_RfEeW}X%89uQ6R2wA*RYK+xow zdJzgpX8pT__TQYMO1{6mlT&@k%zORUlRQTpv|b8b`rdun>KvoIWQQC%~aXS>L1zp=lQ>7(9q60FLi?PE)j(Ws|QMV6*u9?}CqEGrL7gHvhZDSky=~r_rFf^x~kpI#(Guj;fXk&p+ z)~B_1q14~I*k4jwQYM$cUxAe51RaJwx6X{G~#qVL1E zosyEh*pfi&U!XY?%m@4}Ie$V@C!X3G%7B?uc+Y*-gFJCOSE<=!)FEyCIz_Gp&wFbB zy9xFd{TDn<7kND1^TB0KGC7m+zb<*#G>x(&QOu~ZhcRb=b_pc2T)S06Z)i~82;X$9 zO4gYA&)Oqf&a{3+SIzmAv2$+T2A$AIKD0HAotv4jm!OEab0c6Ntr`dwP&BlUVD+-) zl2WAO=@S)U`SQ6OFl3psiidRlAuwC``1IM{s_~9U#w?#}f~C)^Y1b;!3d7L*+DaNs z@9oKK1b0OfqRt9##&e2lSuA(N^R-xIzJUiexffhWlBVX_Ay@R$rg*~y7WVPs3tzcR(Z6OexXB7Nydo5UX0AYFNY(KqCgFvTKMH0Xg z^|R`u@r}YUOR1t1N_sCZLO0nT8~@yvlrMEZBooZ5u3!v`z+COEKlH8LlLx=Bxdql0 zrheZy=>GKOBz9&h`n}}bTY2I$v(Hjd%KMFHI_?07OTgh;Fg-Jp<6h6o9U|WtD{Rrj zQy{Q-EU|~?j-Dfh^FV(ALvQrGLd1+a(j8QrS;_afVlO-NYLXKxD2lpmHs%z8$Sp$d zSW!Eec;-1>ekOw6!5?u%SNpL3|E29pBrNAM&ZbqsnWo_X-{qNoUBUyjhe*XtEPi~q zz+1~P1dLL;|Lqu5551psbpYI4Ts&)s!2EUf&6-tAD$c7a)sgo3?E^X0z%fC5m?SYg zt?|<@u8nPw-E|f5t+9w|Pn6fItuur25lSXB)C|t2ay3O&&#el~k^suyV6DKMf~!$= z-q&}G=!QDuf=f%h0O0q*)mi>-8+t#BN-VWmq3 zc5RFA2KP;DV=XF!P3Bu7XCTN znA}?+O4NzuKb$CR8Jcqv=$(nF00=VEtntC3s z`=>3lktE*Lnl;WC&)@YPwTZG1healYpkVE*<1%aNK7njPQAgN0r$94c00}cr^*4Qi zVKjU;tu%cpw2gD8l-|NQTgLT5H&I32v6j`ZHPCwFFLz%WVQo5j`=Ia>BSCIJ%YFUd zPqlB57qm%O&PvYa823RVK*~^2UFZRaf5f9^(TZqrR!Ftw)3adz<@3D~)!*1&o1Ak5g2X#PJy^QVx zO-b1yO^^{IJw;9zPDn#|LSB0o>XNVDxcKu@$?xAh3QDWs!s%bd94%8*5 zpwb;*XJT0)B*$ie8DPC(m`;{_e#&E&ks44K7JFPs>o-T+puHNAU z8hkk%G9#kqK1bI?YGNvmeb0ldhR-NF` zKgmU@m?u$R>s8NgA{L0h5B|m>q#CFpv}B%#7{F@aP?!j&D?U@TY+x-*=e!(RQZjTV zEA#?G;WjsW;=WXGz*I>uATQbb0nh^*9fSJ9ABu0V=zr%!Vf^&KgVWxpYn{d*_Ybr_ zIGmvySDYO!#39c9unOn<)~Y1z|BIhvhdg5v!Tg(c#P)@lLsJ1yY{caF?uH8SyZeQl z$3lt$zEC8O4Kx<;~45-DdGO(tY^s_?4Lg4!m=h?Pf*jXB$YP`w^YJZ4` zrpXw~Anp+qgVsR>$7Ml83EpMZOBK5QRU8vBp&P+v6cm3ud}?yrSa`7QA$-q4B~)5; zM(I*cAnIOWvCHPh=1HY<d@@rZC-?kq$(W&nlJ#iJU$EVylHD$X9 z0_hPfr5h@4|0xRJQh6;UjYxS>_k;l7>@_KpK;|kK7#>MG4^x@?YiLSo12z_3&INfZVUdpQ(n~y|V@?t%7{8xuqOYexD`nAZ@Qx$X zxQhT$dOF(K%f`&k*xQ9BNy8;b0)8^%M~ZPX+*RYkgb-cU{v|H%KbmK*4}-B^)#+b5 z%Os~Yd2FLE_gqmH_E1fql}+j9`1^B-1Jv7t9+09neusy6PJawzpfS~7-SQ`UFOLX! zBUW0|Px8R6nwQr5p<5uiMn&q#3efpF;3hg-98L@B2P46+nI&! zoUy3Yai&y7y>xee0q@4h4IsD8l?>K--RqM zagiolC@T<)}; zZJNm*P0nHbSZOPEy~XDP6=kj)IHstr_bOeQTa$?0!8D^DHwQ0{C3BghJ4FDUs)#LN z7u7S!Yx@w0l>eXhCA@8aF)Jqx3Km#KZHmcwL6#`?rOeC(TTmQA37qxo%t0yH?WEeo%lW_$c7jNp>0}{cHqmmy5l*^ z>RWujW5Ov^br!rG>qt{WfmBC~_L-u#Z2W~H2dE`2LR@HM16D&)IVh$|<}AUMrBm}s zQ@+&sQNfARpp)nCEPmXfV${ASZ#<7SiAdPcZZo5fx~s5KN!Mt5!_=^2SZ}I)Wbyt- zbTr#^Sge+ZycyA$Uw1u&l0rS!Fgq5F=~XNTTj4f(;NYx>W3|*+_o|pM_aF>G{@*5c z*yTS9lA&JyD2~g6krzs>vm56y4)zndMk$~B-RA-wl6W4)=#XM2w%3K4{dTCMn^Vj*Kp zBN|`G24r9$w%E}RCYsQ2<&?d5_XsD|$Jr4O!MK_&;O^wcjsX>Q8o6DjzEltTUw^7f+X|UG zH1lBJq`k7yNEYbWi4j+seiZ!m&P`~Agq12H1O;S#apYlAldoi2>wCivcc1&jq}&pp zJ_aNS=R%LKYbYeSuboXVe=3s;rPwXYSzozVWz=x9O?+K5GTTF#&4bs`QxzyY;FG`y z6g^N|6W{M|FNf_lLpo`FXM@%dW^0-d^(*MH?9@Gtq=wkDKaW*It2^!x1f_;?1VsPg z7gab5fiB)S>t0CJ?|Mo4%V&3ZqOw9f|1(;zO%i=2RgPPz%#sS(p8oU}olB>LC7*Re z9Xer#g#vXPHOBr=WO^sIcgRBxm{C7*>V}Y3Nsf)NK=$<$ft*HtNwbO-uB%EjjM{JE z+abjrzs-o`;;s|5ab?heb}CnVsLBwQcdCj;#-3XAT1i}KrdfA?TQhl~{j&sxv~`XO z5l($y>H?RD5pSk2b8b&Y>zIK&_*eu7R?K;T>op+olNZ`~zjni@FGw z%U^j3$|hIfC@4T{TEkbIPB?4OC)pZ`CVX)~~($Fr?} zT$Y@%_H^r(C*T16%}5PHR-7(Oa=x{S<-2}r^?%}DDk@*F6j=KoLw<(;7-#J@f(`fo z!_%Q1|NHQ0bhOd`t>dxo|3j&w>4OD_rM_p)b^xXdkl6!tIcjKt_n`%>$yZh4`|Hc^QU(A$b=T-W`Nlsc}xT~OoxKeqF~93Brh{y%GZto^S|ZyyvuYwoGh00Z=%?*be$ zprhSY+z$8!eFaTe&J1$V{r^6P<8d7Flrs&KpvnL5=+NH($HyE0kM%qi``?(}J}H6G z@KdD;)*x0aBlzb;_hrcVtFsDE2EA15yOCq}aUo2C9k0r|yiOAxwajkm)7*Opvv4X) z0gxMCNg-u^s>Ga5&n;|5(do(SJF; zeUNEVMCETkP`(#hP48>zOy{aSYnkQQU!+V{oU&rZPg0AW7fTd6zqx{7TCi0C? z^OdjalN)QGh`zd$eRHH8>Amc<1jI}5%|1A#FF~*I>9Y+j)smxQD^V7EV)~nwm|Lu5-BPStjF(sQqk#Q$64>j;S!ui% z&njCSr(M?=Yr$uj&t9-om;m!n;e^(e|7Ww?BqozLxOj(P^mracIU=M!Pf*kOZ{+BI zP7XHl|JUI-(tTZ*6s_m|Kh!lQUI;xnrFQwN9S5 zYM{n=QE%+2P{6b-_nnxm*a>)Q3=lwbbw&F z-LPEWOI^zOyWR)~Px$G`|I3ZpK>%pd|DPV%@qZ6TCma3GS{{r4m)`dM3IOH0d6E)< z4t`%Ez=q}jg;;)n=8rw|;05Xb8#qOM+5aCLot!xK|C{(f>v<~ZKb_yzZ~z{iTJ0raZ~ z*3te9CJ7EaGw!Ny6-M0)xspBw5nu(%?e9hU`1Ug3pHu$%t3Ms(KN+XHQ#j}*{m-GJ|35h0 z#D7@NW66IignO^DU#g<}K0&#!1ioLHPojDwko}b|0yg5&Mmh66J$3y5JPh$HT|N(d zqy68h?f)@4INA9Bt>rQJznJjVL}V3>_Yn)arm1feG1Y|26B$~5sSKkEMS&K9qUGp& z39PF1+bwRi9FZ@4v^75q23@s5TsHoyngchiwCv*PgkhB+uP_{IiLcrS&=Pl>u&ht< z@$>%z=kN~ge}rL(2zia8dI$f8r-}c&_dmno@rM7ebDEJ%h_ZDHrvba`)nQ# zw1x9MB!SK5VH@$nfxItQPf;j@NrIR!|3LhyJI`x9+v$1qPi6oB$1~6_s<@Q?L3)Jh zFKeR6Nb{7IZ8xTob=&a;6JV!~a}z1TdGH;A(eHU&ptos=0{)va_17?c47AVoZ(95c zM`fHlO_Zw~+!RNs!QIwzon>{L5!5@+{y+?mL=B!BfYKs=Z1$X$D@^yGb%9{ed3|Vk zcpC=%lZB$2TKUn~4Y}%Q3>1F$mzSn8*kfI`wj+oY}<(GlKF|H>DK)f25rgR0v3d6h}%; z%o#_iDuaYP;M_UFHv=VWt^g=GUambUaK1RoKE~+^v9<(&vWfNp zR>?(vP+!C(#B-ECwq2&GLhFSZsTu^O5l>P`R<>eG_}Z@78u(VQcwPLpUL7qE+3z}b zaoGo~JuPY8(HBtQe-J@sH-g`v_^Frw(lNQXzFbQ9YZL!}Wa)oKC!74=YkHW9=gq5Y zaB+RP)FqD)75R$s=zMCFJ(T(^pzL`DK$ORGl=DiAX^O)9{oom3T54H>{|z9wkYHaY zFh}Ae{ga-sX?=vZaJ1PcTpn5FTj z83GfSMhV&#qu*!4`i~qX2okghvutmUli3t8za4RTz~B6xRb)MvDvBS-fBZlKA1DI5 zzAp^5`Uf^wT36>qk;k{QLYl0~S@ZZAS-n~It71ZH>Ty`KYJY9^R!{%Q^mYyO|Jc6& zr}TfL|6j|)@Bd%_)EE8dE9R-we~OUK^j{ABPfh>#*Tevr7lYCF{{9d1{U7GyaMR2Z zcB%^+JYa{zk>Utl7w`^UqcBIsJ2d8yq|)Kl4?ZtIGAN)`cOUOKh6iut=kJr(G|+$k z$3+4O>E!ZnJPq{!XmogF+kb8Df7kSA_rKSCvH_cIP||}X8G^NhzN_otc68ktLC-qy znrq?x9~q6g90MH+5EB7*1aQiRWb#G&{0Km>7l0fUvpgjr2zJ54Bn~HFieO4Wjy}y0 zDdO}FKydXNQ&{0y0Ych=*2MM2`7bZ`{@+*EWmB|2W>CjeQ#b|Up7$=nw=fyRpD*Z4 zT=3a(&{wt%UM2*IR{0?E_%2Riq6Vke<+?RiB_4wZ1Sk=YQvg$7_P7gR@&F%+-m(pZ zjXtvlv#ZiX&71_;M63|tTy*Q@cT0F;F__DgnQmd)0|+5Os!WQDNu1t21AGgrm7?H3 zdkzA9AzG?v15o2O+xT+!+{Yxf0;UGh3ZYDw*Os>@2i)f%_*d|+ATSk?0>QK?ZJE_I zDJ>B!3xjqm&oSq#yMNcBX|!vd#o73v#&KgT7Iii6%PdoaH8wem4c2R@fJ!UZ>i)bd zpi14XPh=}deTEZD&u9O$>6tNmzE(C{4QQ<;Gv-EZ1h2j=FI3irL1;|J_b1_Qp1P;K z{Quj+P9RPCpVK2-{y#W4+1P)q1E7jiZX6 z&TB2)c#Y9@Gs7!4H|{%Bz&H&+@B$^MD3fJ)q^+EyD4u%KI68)bm9-m(wYVVpxxEt}>#n#_1hx zxHZb%nihnM;@xR@5!`D~)B@dR0^0K7diuYl34QhXH%1r&5D=!a4nPpH%rR4#1t5sfJPsW? zT1gryI0C4;M7H`;(Fq`}*pcRmzHA`s{SfS2y0R#_6p> zcsL^ko;GF3s_0egsh*)!VN+{t5k}%+B3g@!8#qR=fIPmG_Ym(bIq(=Wav`p2@K#-k z043T5^_F+_(A>w4!lgAdv~E{u_=Nm3P9uHM@tu2}!i-EX-MFgvf`7W8;#P;%XOB?p zcCi&$G3+j@Q1o5{X1A4SZ+&k5c#RSi7C5(3bu$`RUAi_|cO{K8nvf{@Kv|lL4NuDM z3K0JImL9Tg<-ZFOzj<}NlKa2I!{edt|9N_Rw2}YT@i6gD$b6`OLqMPK_swlWrg)YX zZ!-!M;pNyHfcdL$Vm7#9^@k{VZ}00@J#2-TFq{>( z8??T0z0+rL|E%afXIdXOfGrw6gOItXRkQi5*r~rMQgUfl4DQim!v;|R(V}r`z(v{% zp~`}Qp`NxS9GMju?fjWpNi}mzVU;+td2D3S93;9Bx?(3a--b8bv-PglUaQ6g8& zx4H#3!RT@kTr+^x+dmQanvIiRz7c_%EYtW22;(PSz1HrD7kO{pLYqs0iFIl5MhH^A zODgtFm#jp?7cvs=(3QG4)6@a52)iqBadd1s%+l!XITg}J=DSXMHe}Wv)m#$Q%mexi z!$L%u70Z(?9^usn_{~3M&I9lY&r&KAMixiWkh5a|)$^^W zlUvDkcq3k}^R4CF&EtO>=zq!Q-^&u+b-)eu|LDZY|1{d%|F7v00q416r`YRkzJZ$X zKD5EUh16Lg+=mA+r@b?RBKl{J(g@|O?iG%@Xl?xi>X{*$NhaoD!F8`(VQH#kbz@iC z9F7@IsoE-U#5Ve*zh(xY%>LAovF9O^*cs=1flzjVvq!C}k>7y}<;=#(PMx6@CT5LE0*a z#2e54boZ8|U%Hie0&h{mX)LWRewK-pRit7ALp3?_)Mn@0rVe)ASs;Nh^5W6%`0F!m z0qBYGPW)MX#kgRa;sWw}2{}0Z-Fil-^%xj1Ib+qnwH`40Nir0kwIaj%vZA$G$0pI1 zj+2k>2zWPj{lV;;9gk|||7;%ae@qvS`y-zw`G08Ze@3T=2OItWS{_6GXNK{wAdBO++%jkj*21T+HEzri^5A-b8PLv+cl0?YP zDzuCSeyQ2xZi!=@PeCap8yWnTmEH9b83|!n0u){USUQH)XdZ=8h^2A#`>Sy`v1UKA zY3V{{9IvEMr`MzJN*>-Q?`88)$$PrMX@?JF+o^!}ae4>hw7@Fgn>33`BX0AwtI36O z!%;Fp(^)HFO?)u|B!1R1v4Z5=L3q%z{fUX#I9d@6eI1O<-E!yt77F>%o|W!A@OhPHnrCc%+Mw zqJ>WcLl7%oh78v_`+ih@#^dGxvm#FRKf+moGn7x4N&U>8dj3Be9iNPB{y#d}=>OL8 zaF&kK0>&b;GoAK5I`1({m`A|B@hxa(kaW!q)RGA__C{YYj|>#q)}~rGBRAxcjBm6f zwhO-vd&D!YP(WM=$zUKkYVZ!nn&(eY|WKdwNMzeJb38DZnh1Wjw z04QOn9j0*spfqq|6sEvnf|H1g6=h4ju9?b`HSseBc#d)-92HC>a0gk~=MU@I5NxEC4Y|Ippd zZvNy>*2c7tA5xT)Nu06aPGJ#KY3Wf8iVGg9d$AmY4#U|05u8U6Ab84^TOdbwFpuK& z4m?a?0bt0r&>YuHIjvpDJGL!?CUBFMhK;!BZQ(Nm`Gm?DV&G@Y?%)}n$usZ|eEZD0 zQ4J<2nGVQge}eISa0ap*?Zqi6V3O>zAG7Q(hY_-i?meLRZc+qiAUF)1kIX0)?Pbg+ zH8=z8C7FdGqjS5rXpD2T$KEoXV2smU_KU6!6g|subS*A$bHp6~xOwXtc!TCBe+Jm$ z55{yQ@YBG5_}Bs`o$c8Izj7ArOU#YDL^kos-wDGH<6S&u>0`J7${B!37N_Wvz7z!r z3TJs-JPL2wGqrB=S$a<1;Pf5F#TmDlGQa&wP<{r6>SYKscpE2i5hHS@Z88zf?)u~c zX2bxFjW3Gy!T{`ni@(49{f+hR#reg@x4*r7_wMq=OY76Cx4*x6`A)nvPH6l|;%QtM z5QW+73>*xH!>RUiil&$%@8IWH;S=AQ4b4%Ch|v^Z$>=i*_4e^}3R7oXAuOyn`^7Zd zpCFhNlgARd2uAT5`e6%smaViGr|uruzm3y!63M%Fthw1 zHgEYiz8wq(fj$^K3nwN}PJ8DD%?@#%qmZ?)k@YmvJ7S$!EX1;j#0e7xO5&%ZsT9nl zj92Q;c`m6^0MwX-+s2IW{47CWF*VIt4ks*Muv0*9;(1LuFH2I@?{YlL45`N=CW8z| zgE9G;m8%2t&RfFh=6PModN|vlDW{N=cy3ExS|iUvu(#!JrJ`?sU#ym>!Io_RxM1n@ z-LOpc9Y94cdcZFi*VnJsmY@&kcF(uANdXJ67lPmi7&sMotXdpAmP`zM{mTB(p?2zn zFJA=guNV)NmvIKfGeY06Havjx>N*19xS%ZO!xkUIO@|r{qpfHv=rGf76~$xqh{}C1|#3-VrAvv3!p~`??@FY~>vT7@M(`5NRvc<`uQf_ulq zVOINMZ_NH?xcK_@%o#|lEn)-5`lyCYXv}@)vUhu_|Z}+H262ZHGCxgjc*&&ytY{dHLhH6O#MQe1h;4c=M*ry*OEt% znTot#WmiCK>jrp^@;r`E0Lpi!hlu_q<2q&%D8;C^Dn_2_|e&2BU-1 z!Ei7fjEv72&iUt~qeJt9x&X1tM;Dhb-tiVs4+f(X+UWl1#3)7Pp;_wGDCM{5lRM13 zhB%M@P5Cm{zFNcAhxi->TPcpv$2c>CO7W4HcCqYLX%}mb(Fq@x&(NFmYrwKNmSMs| z93gvoFOur8T@1bZ*)7UbR3P$^ZvflYQ%;O)G19WZL72=)f%1=G9OZWFazYnxouGUk zhsbQ*qs`X+>$C&Tt2m7SOW;~y5KprNO;K6^22_L!6qb>R{Ihtex`uO;me8i>5;LplRinv6pF zs8Px>Nu{WPn@a3xy-}J<+zU0WRf;LQLOY!KPOk=TSo==blJct}obb0>Vfy62G@|Rf zKzF%tIWc|>iX5VGd~YujdG~$hc>8MYZi_Ii{uY%Svs2>!7ULxFmzUS=o_UbKJg=|W zyiO?6-NLGuB7e+qEX*FZtNJQSl?y=Fe>|XDrp89WjysHa4D2PSH|8og;xUl-?pn)r zwRFkI6pZxm(k(-8yi2qHHT1Tcx;U-&314Q(hA1yy!xY}3y!uPUq9{d9A#oDN^~8%k zFRWVycdXvt9u!Fj8cL}V&RO*V&vnLK9oX*>Cg=j?1^-D$L}fNupi4q#NYoMn&qevw zA@e;9v{@WUaVe2JAixf`1*YdPAfzTs&SY_#YT29+3$A(fmLiMjti8x$F>=vcrKBJS z4F<$_|d2ya(6Idk|u6FG#vU)trrUMQoKcS-hw$U+PF<(G|uZuiR z?{=I-{J<4?tQI6Ula{tjStJ;nM`YBvUqwUKcznTe93E=3Q2$CopIj94XjH#o82tnj zn1(11obJpspsbl_buO=b`%XJTY0e)dx|bmAehJ{MP(~ZdJcp7KHMAw! z>BQSvp4#SN1zfR|jrKYJhx-v-&&Di8!&yVw9AydQ;+q(TEfQB@lQ18aL?i~ z2Ctv78pd8yon*u;Nb%kxL$m8ZI0-D`W3DGD{*hKfWlTAms9I+f=I?un`k!CEQqCCloI zKXp2yDP#5MqkovWuyn6mYmmkvM=4|Dlm!zq(;IoTu$B(iQ`(e}-1w-bpUe+NylobE zh0PdGyz@b{dBalh{6Gdj@a#1d^jidEekp+_o+Zb0h-nnlbWJRqi@;S2TZ3lz6Uqmz zB7YBM-?B_l!c%wV+5lKY#t?_ZvQ^MqeV<_L02m7E#O zpa|rM%#s2?0yts}`AtXB_sYcT=>O*orYxw;k}RN!{-3(>{|-hQ`oET^1^rjc;7PFn z1+{f0C+`!yT!2-2TZRj8t|40R1FH>}F_e%!udUfHldu|JH@7GUZ88iU8JuU7Z(OAp zHxn8cC})LZ3Ui33hyW-E@Gct(1h*I`rtOg86=eq%JjZ~kmhEUwRd61?t@Sb=6XR9< zr-uH^sJ_3%WR>>6!_nwuXw(1W!;=mDU&qr-|LHQIOW-|z5r;*09stu6)B1M6O3fSj zm(l=*RbgSSeRX*JYgN2DosAyY+8{Wkk*QAjji}Vxg_XNUJ$;D?;Vrt6;k_$*Fta`| zoR-*YY~C327UaBhi=`Man4iBl?nYT6zPURw?5#xflvMWgy~@6ur#vXElme- zR+~1*i(BG4`&?z&R8lpgM}GVmw3m0cgdCt{7M2F$I zmOrPhu+Fo)^ZEwaS8ehXE*#=7fSFiUGDy9p4dMUppEmSA&F)q#{~tR3f1?fkU(3^m z{?i4}mHyK;ud1JPrdvBo{*pT0*e=s&Ga$trKyq5l+)w)9_gxhe)AAvJre`d3$uVm{r{nz|9^ORw9)^s<*B3pl5R?ZBi+Bcu>!|C zuEqU8C&C(+4s=xxYu-yr+N!3tZK39uLutPAZSo6O_szN^bNMtzj24i%6;myVrWQ+D z%%F52__c@=H^ND9j~)X$URFqV$@!zg6tM9ES9k>K3qUKu_1qd9zfa;s1nYQ+lY|9M zeaPd2Y23LJ1dztQnxZqa5Fa|KZ_A|G%E6jr=bb zKu5YSmyM6^%NDhBfPCdS3cM~$*PaEmR=4!#bYdi-YI`P-eajfGo@RSE8|aW*9a{rX zX9HP9J07^C*O~*1^op1SrrckC(y@^&adh(SmmOg2H96Z<-{Pw2~ zW#Dhrsy}itN4nbchL}IrI!iXJ;vn>N0LifT-efhW58BzcJbD;&^!=VYHqZC*wBY|a zo-KOw&!49A-+_Dn8y*~N`2RYdHs?RK06L!j_@eRiD}@ErZL!nH>~-T>DC z@*4KRj|0^9*e6?A(OpmpuGL@NZ4j@dUk4dT{&x3468O!9(9?Tb(0?grukQY5cmxZq#U8FW{dywOY0Lr*_62Y`CSLM$FqPj0H^b+>mOCC_WtL0Yc`g@04gE- z(_8_mA+^2)Dv?lm4dl9OYOz$^=`~S)UVsEaQWzNLNlR{Rq*sO5`Znxj^E|PqhX3d2 zE@n~UafWhO;CxX5po#w<+VA2q!4KXYz-7rGhr1&oL=Nns)_Lai#S%uybXeL+@1fHNLl zVQat=D-7JQ0V;}cIU0r)vdhO^V0L*Mr!%A3oVQH1=oFzGe z(W9I=6b--ylL(SWic9qx;54iqNn=c0l>ue{*DQhs59G%)#=M4^l@7#{{-+`zOw}Xu z#K>tW!aa%MJ$||dz!*(Kb5`Seb90oF7^fw2e&a8UllT6QEJ?+{hJ&}a2i{8+y|EU| zz2P(J~TRcZv`g&D~nG3KzcZ&dzMt~x^QiGiD zFE+3}p4f-|S%iChHq1$`%?qUJY%EK=Y*0PupIScm&Rf}b(d^8;P_ zCtUfSA}$}?G6^Lf$7N1IC3o`*GBiw8&oGMOBE~69-l{H)+YIH5>4szy$~i8Rn}G_X zr>Y@bdlZU#AKr98)jFDzV0wBp$N!uugwC^!);2!{VS;B-3X6D-_OiRCtSp)XRTq5t z6NuHKBv$#q7Q{+L(z4cw5m||vFyf|*@gv8`bLrHv!K_(YZe2Z-jjJcD!g4kI4$6I+ zSpOTg9NiY3*=;=wWy-+49F1i<)=tMn(}|?Zvb9|}S}a>xW#MJ(@3TF^vK&uQF+nq; zPIV1S*d4#oq6Nqp72yO$Z!>w6?o+G5|IpI@RA@9FAlLVd@hpuh)EFk9ZqPl^^ee6m zN*-Cg&sh?OagjU%NbXVOUeM~>*ybf;7$-t{`jtH;VWTBzv%fP#0j2aYbv`QlF9*SfzedHxk`ikW zq?JmHt??{LnA$?=S+?Yocj2znVW{P!8e$nFXW}-H>scsghVUIx>(|Dw41Al}4LOFutED(V)84x75V01vavxZ<+58^`PoE61BKOM-F^@--Dvx^ zz?>SUINjsf=0ETvl+<8dyX_^$4oekCREvxBS*4ki=*(7Z&&F>!ha9#C3< zha9JOgZ4AP2QP=IZaiQbfho-I%Pt}DOA#dj@`!Ri&g9l-G)l1@%>u9HW*|^|DbVIz z#@8)(T3r+6^?~@Sbwpax7ij8{vbVyi zZ=>_6_1wQ$*MN){^9abaBbU>fTU2&dzd5V6r?<9uV^(ai|-R|meRBluh+jFN@ zjBx;B2;7w`JT3^QLy&O6-qwc+Nxi^SPS^VuvX#FRb;?p5@c`mn=f(vyyC(s-Hx1e5 zmhH(tUj6?ZB`C-HA8%oJKg+HQoWncx3l5px^l!?7y6ufX!~Ngk=)m^>J3QU!|JU;{ z`tTc@Z}5|ExkhnQ1pI0Cz7O0uk&QRJpNj7v-pL)^mKg>~t(jtb*(h!tQEeylJ@p)Vh z5Z2z}(3A;odI9DhJvP8%yy6bIr({>;CBc{Z`0&4;D0ieQ$-pa zm3Y|Sm)5?0ursC97HIfTwtFLVsyJnS%2agS1-G*T+~Gn9vfKa0aSDQ65ST#t0qvIA z#-3#Ur-XgkIW}7BxZI4ogWFknkBWW)5{-J{+K7Hn^Qo2pBrCW^VU8A$0o7#xeR?>w z?LUr=jyLk(I-WM-ja&u;!q!2fG}Bg?5rwiGjbq+|_*1_!plpw5CS}i*>fs&%GRqNA zl22Tw0W$Wt0GJwan?Yyv%JKm4TE;s zs~uK^d#kc%X9owm+NsQ5Wr*%S_jH}8=EZ5W&K>pzx-~jwT;R}E!`hRNs{~R103^(V$wLCig|IIty{c;1oq=@L_ zo8JIrC?_!~C_!0(J+v6iH&y)e2?cUSzlG+%BM2*0{Vxp3N_78=LsO~zUx=sG(f{%& zwf~Wx##f~O8=el29sjS<#{Y9IPbdAKu9DG>X{Cy8Q0g|y05hNdi5}Tke!&z+fjG*R zEeQLvdmhzK)bNR#+$xK8vUOj7t0Z{Zm86bbhuyrr-~;(W4hKIFZY%nM|GojGmPqf} zFJXTD`Yd8B=F2kxJ_y^`n`Z#P2lA2MJbk=Jk00ac`5%9X0S)4aD^6({j%2N z{v=rM{(nHX6O8ZoKf-7l6B6U}9h%4JK}0O*N(q|w|IvYc{y#Y0$baj3YWKfb2ZM@b zU=V?dGK?%#eQUl)sHk~n5{|0&S@V1JfLUY-82o?iz58+`x6v>7{oPN2ZI8o4E!o36 zH|B)DSPn@^^f$xdl9Xh9Itm$Gh3R?f`Sz|a{_j!o{O@potN%BWTCIP38n~L@`auBz z`$O~cwzI#s&q(Zf7r-}Z97ag3TJzUyv#cvJXI1_N{+<$!ifg{2x|BvLZ%U(zN<@~0 z>6@^;GKc=-wFDDlpHWex39GC8!yPfE%1JNh7KPP~9-qQLvxpj{1rx|8Cad`O>k^Ub zbVIp&bX^UE@~j3zd07oxquv@)z5J(XgqC>tQKu&Pf9U)F9-N+S-+$apY9;^WG;nQM z;){~z@?XuOUgq;~oA{>oe3FQUYcRn!&MTA{SQ$XJ11y7i6*5Wx2^0JcC23M!i~4z) zI@Gm`>ZatsFH;LejHEO`6_sQ^FH}cSf=i+-AW4>2{?S=0Y-RV;r+WE6Tkharr+WE+ zaC%gH|MBejXe<9Wky^?BiUW;S-hBvPti1lS!qh&CFG>z^#1FPRz3I7l+z0(>%GE!2 z-2H*;O|NK6LOZMKhH8I#bpgJlTO2QX&5itTO@EaPre=h7Y>6qhhC%h+7FdMkz0ne; zyY_!A*V08n%!-!XFZg>uD(9=Fd0O%7tiH=@>2R1~GYpr6-*0ZaJS1Ckv(A*sud2?>LVaZ9j<8t*82D}gYSAS3O3`QvC?FYx9xya~P?b^uL zcnmK(IQ9ikX@9Z}S34F0KscUhPu0@VYtcj62=+6O6_xbS;{?S*r2AFLhluq4V>MXL zYqMpaYu{pTzSb42n#nS2$xOaMGpS9kM>hzCC~QBE9g2(0(=|8(~FUX83_I7C;Y z5ej%A05_7Kn`Mnn!WthE3;8ep^FF?$^Sd-|9wJ?(O>&U|vWjm;Rom?9Ml2#`vMXoC zK-uSbib%@uQ9$C5m33grye#I2PIt z$NcoT5Bj5sK=H4gMJ83dwu=pE3~#LU$2QP8VtNZ6*tz9sdH`=Ls z8FznyZfG%wYg#{UYW>mvTALps##GynHqiKz&iLojS6{ZN@%%pF8V}{tFobG0e-vcrf#3U`?CWfxG+=4{d`wxS=3S}iG4>&;~h66&!uf$)kMD{@sh)RQ$QWOVsqqWbY zh&=9suL&LEa2F5??oblJ01d#Uy6Y<+{*u`S8myr3FJ#ER#f%d=e~YJ>D-PpyIz&`7 zN#z0~9Ah>?A^4RHB^io1#IZ~IK#*mrydFGCqbAaM&UWOFBzX=g$MN_Q!7#!x%0R&T zM7^yELj8;AU8Z5fh|sL09Hn2$P;6K+2SQIHmW@d$(SvLy@fpZ|1&ZTLAX7W-#Ul_Z63N%oPDM0e=6z_bVAbWHKE9mY^VqQY{4hGQ#~gprP0C3gZ}T(_*Os z|Ai1uNz4#m1_3tNe~u3P_+R@cr`!8~8%YxAUCL3uM|^b%(3v zC2GR~yhq$ZLgHUgAU8ls6b)hUL4hF(IU3IunXGZycTp;3NRg3PP`y_sP*6fbrZ%=Q zdITg!Y|sUccs;plKw=u;BNFr7Ql)n!if}wuadf3dE$?YhS(Rn-6<;c8-kV+)pl_~k z6y_}2U?@AfFXP$c)QwV2?cXefBq0`|WkE5$GW{w1_+1QV5Jzwr3Ht5I+^2Mm`a3(? z9%%pm+CARs%!0XK>3%K_g-vAOW(JifFWuNut+W`DADUT_*{Yc++KRqFYt8CYlm16Z zMCMZzF9QIY^#9pO!Txi0wvGR^k)-s0Hp(jm0M5+WI0BHGo%vedd>?ECCFH%j37FvZ z_fz5oq#i+VBSz@17X%Jm!$w&YYLnd!=A2Xcvj;Ks=c;ps6_`(~s`rb=lYGVrJ(uNO zB}QUfbhJfBt42o+`hV%OpZ{pq|Hp@Cr@sHk(dpS%|8F8mEx*#UpQkzZ5h|FBMx|Pu zB2F=4V2DP9BKcIjI-S5w9#1HPuX~hms?L6g4yRf6h%-J6_n&FJ{(g1fTsxX3FH|&Q#hCYp|Tp&;WGc6aWn;L zAOsCWr#Kc;5%d26W-v+-n5Im6)h2{tSzh~?4#4$DzKo-egm&|DB?e+NLo}xrf-qG) zD$f;pe8eN&(DM;T^lLpxuffB^+p-@(BqovSiU^O8JftOUf>id` zOMRjGLd_cl2nAou$+aWfAZOeNqbL-tGsJhRm;-R6oJ*0cRM*9J0p_A8itrcFP#6-{}u$cd1+UuWp<>TU_eZf445E!SB!k8n(z)Lh34@8|X z!v8>&?WkAxhX_naOsF7TXiOTb=IGiUN&F{X!&+Hqh{pT_QIb;`qJT_Mp}Cq0z|$!T zG2|$k>;A$#>#6~Ga4LXNGJ$&$nxRO-Bg_Daqq%7k7|vxdMnst!ViZfYFIahacadNodOy0L9{0yuZ4K6Sm}$wZmZ;t;;Q@P_miJ1Z^~)OJy~{ue!gn={hu7>ME!=*h z4lvy*QaHVIW{kCu%BMl!rBgf*v}aXLA;vP4siRv&LA$NL|K6(2)5 zIPKTu%9M|c@?5T!%DoM@=Dt;?2K=9paOv=$P5A%p_@og3^W=1E|Jz8CU|;B^mEr${ zgeBO&2J|n6`DIr9c%yvjQ(=RYp-`FE;!p#qTM~9sm$CuvwP3X-{r&fz4#09A1SE~+ zJs2t0s=HAvxMHD&Hd8{d3iKt2+&d&6$Oja+V5F}2qAbxg7J&L9f{eB755LHwRad&cT(1+HJW8cnaz5^VdtiMjS2L$r-D%ar_G zlQGl3ux7p_Yg2>$hjGZ!D2y&mP2dVqUV=S%be zv$|jtE?|Wo|8#uCw~k<|bOci-fov;jmzM!GJ`IQZy*2xcC6IC~A0>I#PGfm9^C$T9 zmj-6Cd|R*jZK_E1_%DC>CkqAfefKA!n*9F{PW=0SM<-`n|G$kSC;me|wyTT+@xAqW zl*WK-0DQieg(&Q~R_NlYT&aJb?M6|^U2xH}-6*`=-NOxhzsMU~<>r9meRv1I6o2;c zTzPrRRi+rKR>r#M=eOh*Yg%he8Q={{?G0qcSZnB`hVY#|9E(OaB#TQ|C>nO{r?ps zfRZ`0P7L5%U-a&^pvm2RqOQZAcWwCfIhN(wbh{YV0p2b>#&pjrQ)`uhLqaDS`+ zHaVD;q#nmu-yz+q8nzUjLhq-HiZE z`v3Uw*!TZCJKdiDZzM_e{(~M`@CGs*tQrC&6i*?Y+p6$|6ewL{aujLU4p7%I=2%86 zGoDSBSJR6LWVfokkl+5xI^yRmdDT92e>TLwA%M&f1%?@$HihvRffq5HqFwMJ%ORAy zeiJAAW@!h(@hGQ2he*Ux;&jdnT0E0%53Kd(QI_M?SKvGjong?^EFXrF zfiQX8#=rVXM*0(3`2Rao=XCT?%ltv-DpM|0VQ8BrZRPFL11 z43F1G#nn;POYOJsx*P7$-&0HxfLwCtH+@$jqq#rjZOmj1oWxBQk2@tEluoChjBwU3 zSzJlCW45-3QvFY0i0G?dU=%GM`Aek+{l9;-@4x?ia(uA8|GAMQm+U);V}N2#=Lx|v zmv8c^=%+)PiNk6|EoaOCMp56{Ta_aNl^MsF_raibewZZDJS*^}F4i@q>h&*rd^HlF zVf~*T7T$k9Iosa<*-Vn_|1E)`fGZJTD%b;Sx#ZQVbdmV4DBvJS87EWuDDwzMi0uN% zG^r5aSflj898RO=3kaI20s6=(d`P0c6S867ssAcwDYe25g9K6iKsW`h`>XJNN+sS-paQq7DIH1lsxW{M}oCC?%9NSEqZ&+}P-w&4h=u zWQ0TY#P~ayyktA=yE2faq#3HZFLezjepL`b#yZvFlx$Jc1)>~}Z~!^#R1XVagsj3X zs#1~oy49j%0XEXUp29H#w`mmVYP$7WA^2d6#>fldK*wk7R-GGdvPEroZ_Y0|)j)?Z zXhHYtBS$ob5x9;yq9Yh|n*>M~&q}wb((D{MRb=)R?FVL|0ck;=aYEr(1;*@Fg(}!~ zUEY4*ZNQURoAFj*cmwRY2>H-W-l#Hd)+r@Z#3v|a;2q)=2i=Bfs>-xf)O+t> z49Bk4?p9yWMPt9ZM;s)Cig}o!m)*?FivM~me`C^ubbfpL-QC+RgDJ|kX!!RiLX?2- z9dYuO1kxtmUYbZMo=}N2mG)e`fx(9~xmU7$Q6`3xh*k*QdAQg2le<=H?lqUzwB6rt zELHCRag6zj41f*$|D%)BGk^boy7m9rOmdFTV19mPyV$fd1}KxBvmZuuY)ELbLO65f za62Wj{w*}GRJGk07p#Y`z5=(9G6W*bxT*yvi4Y;2l$;3Gni?eupSm_HJkS(f2%ec{ z-FPJ7ctq$_znaBB9s#PoX+aVUOpsN#dI7q|C`J@=`8*aE81e5BNFZa6goaF>*dY|Q zF=k}yH%`WV70$M_9*RQD7ONseqVrK4V8jNJ&OjMk2(7De3Mq!+a0PX0O6_VT@tCZp zRz;~*twDr?4-=9yw1SFrVy)_CB%&**RgkHw?+%SIyk^ ze2*v|%>`+yP8~yFiYOCbLJ)rW|ED*&*?0Q)sg>RO9p32 z+=jClaW)}@ckVh*{I`kJgz7XJYCNYk$jr4}zs0QGF|RJ3Aj*WCj|0@T zXo%D^Dcwpj^SVm6V%kX8wb-z1!`_w1tkm|fB$cH~OLMA2;*%70+f$3~K6(o-)Ui(%K7URaLFhV$0u0C#(7Nt73(G>T+=>eqj+ z!A$AXB6sFp;?EF0J=6@b z@12>>c55s+zvmt@2}LtZQf8m(j1Uhd`c-(Ro$8gCh>#Cy0{XK9v4jkZeehy%havYvrnKBSHfd<^zV6AVrL$a4;AYo&2r-lV$Hr z$p$7VjKlLNnZTQL3QigrGl71z{Z;q1>#&~lT+;V~Q5p(4RW~wIH(6g+EE}s;Z9)^_UD+)8R}>H#?|4E`|HcY2GslAF4Y=)@ND2(5@e<(wuxw^hTXa}esxW^LpwH(C>YE8rxLj1Ys*_KR^OaR^@aW& zo*suNXuvdASYQ``VkC8mI%QID<`D`!6Ao23h)zM_z+6s~=fWQlO5~I<=VD=YCI%oS zX!ynRLyR8tY=xDakC7WoNaxRAqm#}8T!Y!gBLZ=|#_$bW^TnWU$1kS`9o5GLE78{{> z%qL>H9iAL@P{x)tDA{Zk&Cq>SQD0P3h=);KO{OKg?&#W37o9G!aR=h16R|iPj@`a- zDR(vHcelqoazkAs{=-I++C~>{UakxXmfXth1PDvY7x5gHEL$K>UQoO8i?(oL6hgN+@tdTttbfNs ztiEI64S58QNU1h+t2+ePRKRutRkvz#DW~_HUPI#$ecToQHBGV_jXxGz%#;d9sq##B z5v_~QWV4);(NegV*9_wjBq;}&0~`bQ`N$FW&nGL+P-WJ>4-T_Rc1l^!V4uM}_@g|E zocR_i-C;X!yQ+{#i>c8SRQN}^Wm;D&HBNwMH(TO3z1LlrHfd6Qzw(@O7)+)p=9gmG zVyFFGbnEj|rJrT0)&DZu#_~R34f=ooi)uKA} z`Gs@))TSLVR4nvTmHG{E@*|u^J2mCw(7kA2*=au^DObJzC)vIKTN38C{udAjjsE|I z`0od2N89*M8%Y8r^c??BV>GCD0&NP2?u30XlH=7^;2U!XO#qiLuZ;o7O0NL9Cfi8@ zZHZGcM_r&llEoZ{6U#<1NuUm{^!m?=zHg3T8nl@cFTu+D8KM-2NPsHwn<(dEHdp** zwG5on1)E+D@^ZfVb`jr)vC^DpkplhqawrwO46Vtb$?Iunl~Q0(6)ioQTG`3eHfHP2X;KaB89Gq<9e{UoyKZQcTGHL%=f%&Hp%dC^}r%-zRXM%V-&MS1R zD=sfjbUNs;*X4w;FvPVdg?`6B{du9&@TN1vR)=Aq%F&luai7<@m#-Z@z0ABXvnaY5ss$IqdP`?->VWnWA-GN)E2#3}~LBKaH%G>&!6lHqLI<$LbspxGwK$L|* zBI+#nVf%a!5>4>W=XQ!%ga6bW=M`K5ZMgq=aCBC<|9Nt>wf}7->G)4_s8@FAm&LH` zhW1RU)uTMyZ(rUeByltc2ifBk=%b7q)he!sSr?Vh+LYr;-NiPd)SuRaBx^9Fs@Kn7 zfgAOp__;Ms)W4SC!|aMe1`_4VI{h8+(r_>^_MZ9|(9G<#?8Bz(e)?nflB%v|03O6- zRTq^p10iB~94m+KM?ycSk(WO1hKMQI_g$qHy`)urcB(4u27FbaB80e(F*k~=%=Glx z`_WZQz1qpw$%jsQJ|re2oegAkSP)4lCqfY;(F{p2As@;qdd)jNdAamzcD}P0jL-It zeg(&N#P?sr0oI)Zd#+(74Uk6A>8N;^Gu2*BK*nT4Yd%{K!%u13wB(k?%=q@(G%aaM zs#|E^Qi}R3#M)4*d@lsQliKkkATJYq%{+U?*GD`8dipe~R<1L5U! zIWh2S9FZZ62Kb{4=y{<7dHN;oqv{-p{KO-cSNF4gc})U~Ap$8=Pn6I^G9TghgeLV&BOKG8L zTU=IFEvr~t&btmvFR(c5fINzSZ@m#}Q?>n9zXq~)`|tkY{_$zi{=2>ZyOC6g|7WCE zt@l^U5P;c(GSv=XItyy)|E06rW>oXZ_xUpOx5DpB|7`hw*@S%mFaL=G;Mr~D&cY$- zIC|}Xm$8YT*JNZfd}pr}zt}0hv~BH@-G;2oSu7h$x4x2x!_nXUo{&e9{e*-%rb+QG zYn?W+%f0ZMqS04Xo!XAKP`!TH(z*-gHx=6DJPg%y-~nU>!)*C3+2cQd%IPkRihJ+c z4$F#C`M^$rao?o9RhD0Fs@DJd!q2UIP;Ds`(B%Jpbm;5CwB!za57myp-8%`ySUrXI>+%69$LGQm+`+YeBjj8 zFRi%jXs zngg1~iUATUR~qkq$d>**CHPJ?+I~1le=6XHl_I-ZY$qA0DprLYWXDw%GJrv5s>TSF zK&~Fj$^NQx9Ie7{vQ+JvhAr_i(=E)s(A;9?4dxcZW52OH2s_{6%3lR3dx;_N;<*D9 zb2=|}j%t6En?^sOgp+_o{j6mJm?XFQtMbNhfBTj&mja<)4$*_4pFlqGzC%8-OQzJT z_B$H=fcZp}KaWEvdubPtm~om0y!@JHDOS(mCJ$84DA4Ic&3v$RcnTATAjV3cIBAdTS~#b)j|l2@g3A>C ztC~e6FTuP>8M+}My1p&*`*q~5w~9gkMNC5U3r>88QIBqeORmcf{_Aan$dNzWc)p)i z)wimB7Glck5NXcWS0XYHkpJj*T#dRK7~^_Ywr^MBsoYP>SE&a7Q%or4bNRaKI?w-( zPEY;!pU=*YPPh1f6G^E&J=8#s^{Qfjm&C+WZeTFvQhS6ypnJ?4KtA2In#^)A2WjRx^D;!&zh-+8j zX0PgHSMgg9i^Kg=mlE@BhZ)Y*`HhDSGlix8DYj%rjpA8@-l^(c;7+>3KK_B zDG7%mYF z<#em_NE5h=!O2u#e5Hlq;{kx2HOsd|w(D2Bmo&RJ@2JZrFhstIoN~g%N z{^$2-OKuoyX%J`l?=k*_X` zrVRpy2Os_~Ho&AjMnNedGlBXc#j{FM#U68Cl$KXb3vaAiRjYjU7n+O7-M3^z-=<^) zhbZ!AsQPHlO~J=b8*(s?30GRfqiOxJ2w~^wGG&Mso2=)s`O$eRx0ucR*j#)04Q4r% zHrL{rubS{pr$ZkeDqo zFYE!Zo02QmvUaRl^*5b!uKJuT0<|@o zhuy|^a@JUljo4{$wZq2B_I379S{u9XFTkFjf!QGWP8KzLq!x21U-k|QW!+E<;hoa< zuBI>(T9P0s4f1_hwi)NDH{@2ae3MYB{;P+`?V~OORXz@##8|T+bJ=T_X$Ahu1aGA% zF5gh8+xVCT43}KO9|7WptP>drFy)hb#Dq4k`1KOAfXon`mr1BrTmDaZ)4#;Fe~JCm zqPwS+?w!`Ob20(qKBPlLW5kibpReS6+6yLCuje}y^v2D)1J+oAO{zr#!MF)UQ{$EE2zW>+B+3D8*Ya>a;e|mF%u_~`GF>N{?0IDLZ z_wiDmZ8Gk44$8oY(Cq9&)XWC$;{MC^&@Je{C}JO4%D?xX;?l6Fxyvb~m=U$dlXA?S z{#hu&Mx$d`MHqGyV#5L#CQSM>^_*IZ3)H60DCLxF=jJt@Q$o8?X(aN(Bwek8loIiu zkzdr8l4|fDNjX{x0Bnr^wO_dZdw8(*|Jq0@#Q(e#!@iQ}pK<~@&iloPUn-9m>dPwO z;VH?R4XES?FSeJOxD_$IBf&6h6(z^gqK?E&mIl{1;XQP5b|o(=-45=cB`|{NG4Y zK+lT*zA8UpfBJN^2^5R3{|=ZP2H#RLJ}XbNgSVLLvXQ?R%-aK8yQ?qs`YLz$Ru6XC z<68x{4?jQo)uqlaylmc^*_pt_L7^ytwBp@m^CGl4gIUYtOI1gHHT(B2FF)5UwAweH z17F-W*;%^Rv@UbY_NC_qQw{!8FP^VI{@2m*p@0AD^yqjS|8*nD(nPC+etHFU1ANvy z^Xr9q+WXu_cc?#b%!cHrqt1!+-MqqxHZ4c6@l|`~RGtZ0&!WNm_KM=k8bJ z0;Fe7X8@>6J%uBXne6RcflTgh-axvP3p~}QCqkaG@@~*mjZr=JRC%7>IY@I-RF&5; z=0^L(C6Dhs2|{fet{R-W_?Xp>S|`-{>ML+1vy^}kHOU2`oCrmXL^C8YfsAEY8z;8f zi>v(pfjprtWxFJLfL_M_v8(dpaay1pc#M~rjvR?OQ|;vhWK1@+=Cj50pS25_SqfdY z0ZP)Z;J$4QNLRD#8KHEo$+s~5lTVHK|2zmt8ZTuBZnFO#9v063_m2;@_oLv@)z-h#X5kZSOs6`f@{BXAS`J3aEx|Ibbiw&(vFN$#UI zt8)QRlV_38|8CI@xC2=AIdIF4PPF$VA!cpXI$Y@H^=0Cwm|E_lW{4sDf{&VBbt<(N@ zdhEadzkhIWw8ej$NF~AYRt5t7$YY&gpkH|XK+x+23kp_-VB9DgbouLo2mSbeb%@Yw z>ncHEbuhtZSm>60e!#GCh*}KKmy8Yc+5bi9;LK`)6wj?HW<@ zQ$~Sp@!v9Lz$W~6R=EFtaB#4F|9>N?M0f_-BcQ7Xfr}UfODSv`4i?OVCClTJz=fTS zg&y)~VKgjh`ubqv0w%-~0?!^WHdqv!hHMKRo$2y<d;x2M@rnCd(29?VeH zZXZmh749FhzUs7BFr|vHDvL+%W2=UW)^^vY9(He0_gYYQHc?x_?#ijr1!6mu2sEv# zz$ywqiN%bBTno$)kT{ROzY9{PJ~0%bfD_u*7TRdkG|f#&c%PsEFaj`_PnX1h;$Q@E zB&v;Z1QLQ{Zd65K-j}{yqKTHgS|SN&!vOZc)yD({9EIQ~UFc`|h6*R@^^|_oI#?L$ z`#XsKB}yVPpQ4y|!_=WwZZ!zMz}h{B9F5ZG9(Cl6>4I#LSXwQayM$;;;?Asvve-Hq z`wJO%W9e5>U`@mZ|N|Y@7b0ZvPh`%J-%)hGVfA43>EZqS61y-~SyR zoE`3O_kWv6rSCtiU<;T~Oep5_MI3$#amd$u?jx$Rw_}0#)Wha?WP*b(yD>3-;GJ5l zt>1bGiqAZN#{HRvFl#qlg81`0glXT;)qVW*Co?Lp8MLGKtDv$EdU=aYh~9VX0vP_9 zvhpx_c;q0OYI?0UyjJl&%vg%3YTcK&?R}DahLv->Jp)1gs~{^3nD)G)8aw)KX}2Hu zuO|FniT`FOLX^DvWe9^0X`-(^MkJ79+6@CX+5Znuz4#A@hiAvz_`e%TaxRyS@#;Ll zEsVC`xv~DB!CH6U>Z~lDNDOx zmDd0AiQ4HXz~`~>0Mq9VQoD{{>#=)k&?=yST&oETWUyT&4L~*z2nCok6peO)#H=_5 z0c1!9=#>`p5hYXbi1`G^rf^~IB#1&zs1h6@`UqZ_1)lxXS7i%3qMSJ~aZL6>{`oia zsBGPo$zWVot_vuzCPLK=X#3`vRln7=PXl*@YQ6Qj`R*?V+bajT6_RczPd5y#mEhMP zU#wPvu0tjd>k~?5I7D<;$RT-9r9YV1+*8PdiP*PdQ8tPI`+yS#&r6zCbE85b4MTo` zmq$Q9p=g9Z3famce?VH)U5>oFUh7!Xo~0g%ea<&xzpT`_|6^h~rO`6)z%vI4f7wV<&)w@WUiFsG&|PeomzQ4u#xCmt=iO)Z?a8A5>G~Jgyxp6wtJ|$*?dz~Z zE9z-4?w{$$ZZZFKspofM&^R8oWASBP-~f(H`rP2WC%itvYq;5DY-w$;TGE@{7HoI_ z-FE-^D6ek2zm_dTuI9J9hRvr&{O?ANc)Q2}Q1khZkN=Mj_P72&8%ZS*FxGVdR9?$s zdxI)k>)$ENNF)}6clcAjN}g!rkh8eJ*1-?b(dyu*y!q=33bfeKPu?%jcB9dL^xBWy z_T1<5LVlHV;Q1WJ-l+Il9!Lkj79(LJPMXCP*y5G2hTMW;Z%9mJ#jeurw3ec|DS`ld1n z)#Yp)Y72^vsVMi7Offg5L0@;0d)4B_RP=r5Qjp{Eeun5H#T@;ca?msZ#!HsIknsze!E<|D+iI<@jtH|79b|d8J8+{kg$|GW>wP{4e2k zKw=JY3??X=0z_#Rc0elvEOy%|jG{RRU<@WONl*;nh$9Mw+`;kKXcxI5hjAwJRj30T z%6ce@1*i`Qr6`DO&2gS{C-MCdfdn$K!{-F_Ir$MzqyCbb#?1RZ7-ZU}N!jFOEc+vj zqFk!KRLp_Fjty|}$aE?Lec7Yp?-`<8^wp2&@7{`r{pJ4sP2Z-M3w;&UCeE}rCxA`J zqxn;Apo9`uv~|1l2sh?7Scv4PJtFW((kKLvFy<=O0;e$G76}qZ^Ib4ZIT)er5C=gJ@(ufOOqG#j4D=0cWYwBz8KjZ%ygFnvHfA5j$ z0yrcyq=UnSj&`%0?m)>v)#2+uk- z$o~+{aDciBd@nW0|D(f`g8%Q)R{n1!HOc>c0(2Mns%*8)&uN!MpRh~oXi4f*>G_+Z z5mdeo`oO7c-6|nLlwrnE9H4HBz%ID7__v4|q3?{BJt8uMm0On!#4lw@poS8>kE1#G zNm2V5$e|M(!Xe6{+2I)EgRk}zW5U5te`G)ROGe%`nJsqFeVa;CgZ#%+I7YW=6sd?F ziz$L8`G0UwjQ@0Uyp{i(NR4*%;soff2s|Ry8lj}NX8fO|QKXJ&yKVzY`C7aD_iF8? z1N_2E>j96T(FNs0wiUb2Ej7vicuWyv%WVJ}?LP$fYyvDG_f_E< zd7o2n1ob*^XBltvuzuODYU?P|b)n^DxgwOwaHspXvU{6~sX_i*yTrwHK(qa)@c#4R z;lWn^Zz46xe{TYG*8vuRYCYi9;+unFR6?htO-PsTsy>Rjq zM=moEv57o%t}+kFGw1%+0<@mgB>xFr(CA~O2Kj$@c;w;#gR|3Z{Ey9~M)|KNK&9X} z|F(W+vmh7sgZwW`MZDnCHDlX_Mng6DsdI&AoJGve(`gTPNbX)T(Z01TlPYg%u)uCI9v4*QV3{fF_Rek2w zq7tuuGxGhcSNbl;J0+mtX}Z=wThhORegCeGo@0Ke)o5X>8U3uUI8Cc!R+nmH3vXoP ze4ycWf(3Xtnn#A~^l+8|2S+iMiql0+afWqI<=qg;DvbG!fnQn9=dKm_5 z@8#}g&D5^ROKJVwa%YZ*i^Ji>N-%i0aPB@OFl*exTlw1KyTs4?`qL$%$fJ?GR({x7%x#y|GxY`I^N&D|F)6TQT{J=0d!V(0kpcJwWxxP zT>z~Lu(-H3Slt!Sim0VVH*D{KKL4cU|6qcmDIUj!qSe>YApiGIj=cMy2ZyJpTl~L~ z^apSYIY%^>!9&yx0FM(CgJFuJP{`2)1|Q%Uu|e+-D#{B>6Lql5CMb%)I3hz8yaUJM zT|iL;Ii4YqKt8d)!#M2y0mNvmgv?77ArXa2BL5#d19fkZ#ImGd2_%Su2*+s98(iN1 za?c4xy+42p6^85ki+d1a%6fw_=C9=cEB1SX;Xmjr`Typ_Wc*6}pZSx`;#WB#brBwn zaD-Uzs{wmVdS4BO@I&vb0iTM06N<;Zum0cOAHesJVv;g&eR;)tgM^Y_QNVix93uEi zWvArV-eAT85~5e1gJjg}|Lyg~)y@6Ydg`cO{|5&rhlk$!KR7ws`u}buy-6945o6$< zq*Qun1}J6-91IS6y<14(6mdjZucv+>^tE&F_%K1>fu=}C;$h%ct%zNK`JWgdGI+cS z^z$bbWryNn$_Ztf916h?gnoEkL9TzH;|hL@qA8Fcd*@+@g#dvO_>Lj)4TUj(4Spo4 z4D^#Sq@xaM@{fdm05}E-C1Dzfg1Z1R5RrIXdXfsnub9gx@G(UJkLG~MuF+wnq0OKU z5gS&JBBK!wFpL0231OHMI^P8W$he0QBVYGVrIoUct(r&^Y8A=m4DErX1W2%W0>;E<#oz(^=_ zg$Yzv*=j2HhEo)C72a8N)jb*UM=_szNrWInDl%8VUxNsZVf24*7vX`>SAqi4Z*Dlai{rg}4OXv9azy9}*2_X$*@IFCtPt!0R1->PZXol#n zEb7QE6^RbbP|Q^nv>^gh7$N{?5Jzwrpl3@_h+3qlh@Ri~d1cfolSfjg0vfjh(youP2h`}e>8S4AKF z`(OWCbN~dL!Vpa%{UD}FIq^ZSx3|jF>(#2D2Sle#4Y1KbV1g(b&cRrSeg@_wm7}7% zh7;LOyGlk1ajODdhe%3PJVQOPpqap_A!bS;A&E|vq zD1$V6Dr1Bx;~+_g5e}kxFPn!TYp<3C5U>OVLX!YNB9jpQ3|I44OwC?4Yab^#n203- z0y0HRRcbGf(s80{PD+A3k(Z0%HMP2;W;csLtV>BcW|@dh0)=A=lSxlSyfCAR*s$>)N-0c^ITX{^!F4~C6;H#=Aup{M@7ajL@c0qSX{BYvXRqNc0Ua! zLW04bfY^vi9H8ZiLK1dg?aIe0;An&+EM)XE&z!uQ0SIZ1CcKvsS#PPtY3Ep7yvBQ z5k!eA&(!YGEN_@35k{=XkQhmhqPbK92nLh->1d{fwJPNLn?XA7wIe~1R4<{>qGkvN zz21+eI|CB41P3WeSu{5&!fA|HnzEj(1BDbY{U=0FX$K8}nwo&30ExaV@`huZW-p^D zpTp1)G}rudwdT}15IFm8q(;g@9YuzyQ7OWP4x~0SUxfY7Cb#y(1d& z9z1+|1+M=3aCP$lZm;g%T|YcrU4l11g7e$kx7QcvZ{A*kx930X%6xj?ehGeffA?SD z`X1cgz5o9D^6C=2zv-Rd2$XYv53cWphJSN@e|uCMOF`OPJ`cz<(w{c!#M=6<(#_1D|GtNVNK{tjHfyM23ob-4?! zZ!X?`cX@sD4S4y(^~1OCzk2|0uisrioQpC$HnsO(_ugIIU3`0f^Kky=`t9|@kGtUO z>xUab@$2_@;2hkZ-#uJkeE0VJ4%~iscl-YSY8TwRzuCLK`TFkq=9{Z`S2qv4f~(%c z^~2k%L9b^JN>R~BHOrXZAE{ko-qHX5*Z;>9rs5<+uX1i`Y#>Dp5mHr5QKEv}8ljqx zbScORE32#_Ei(x!G1R2g3^~>WGsW-|3h@k%i#{dF+-GVRr!&N5xgO>7`s8Q zcjV4E8(0i_z2gD6A#!P{ErqMHv?|f20yrOh4n|)qY5VWp)%oSStHCr}M;(pl|EFjE z`Op6T*8g`SDLVyutKMnp_5Sb&a0918+1&>dG)2AM9?;hu&VzuYF@N0yU=Q4?iwv*9 z-(Gy3M$rwNqQA)>-ix)s?C*OoTmmZZ9=LmRez5>CQOuCggcoPY5V|EHTY$=9BUreGCu^88|(X t?*+kt%YCZc5%38mk6C2?&rC>e(>86>Ha)}i{|5j7|NrnBz5M_p3;+ULI3xf7 literal 0 HcmV?d00001 diff --git a/enterprise/authelia/20.0.4/charts/redis-10.0.4.tgz b/enterprise/authelia/20.0.4/charts/redis-10.0.4.tgz new file mode 100644 index 0000000000000000000000000000000000000000..09d05b543f781fc7d0b9efa9cbbf6e0b2f12e231 GIT binary patch literal 101998 zcmV)zK#{*6iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvHd*isVI0(<*`V=^FpWn3mwP=#ME9ty(+nyfpxNRTH-IM%g z^EeO*Nr)+eAt1S(PVci{W53>hl6`O`c+t(b>6w`4WZEKuLRH~bRj4YYD8zLCa0*lA z+`(D&-4i^n>$;s*OZ@A)Zt-8Q)A7IaTJ4tGX?47||DEgkO|SVKaGwI1;xnfVrr)^_ zZmUS#Z{&e-Oc-RC#B@*tU3dVx}kNjw04)A3x#=O1xg{n4!fz|uJi_%Nal zNhkZm!-Lb~2AwAfN!b9@`R97MSO6KCko0Zzi?)SAB#4&?7MyUXT zW)MdMfa5XwbBR%s*H`HriIs}h0GOxIG74(4xI{~GP&A=SPcWO#M@~Ry`yfFvK0X?H7Lk}>@GnA0FxxbftZ%HY>>E) z>$GZ*JOAzVKO(`+<3g9un)TmpHoL|3-|u!`*8k^to?}(R6GYhn&?)rWok6SD9|y42 zb4Q)9(;JVv<54i`xUCNCw41GQrx}i$sOh?$aj%2m*hOR1MsB;)>bBc`!W7J4Z~mz+v85xZ#R2Et2^$DJHgoRcf4*hXu92Ah+Gto{n{-_ zZz2LiDUafq|10q0TOu6*PyCh}<&Z&!#`9>1n0QMWUl}HM18_;A2*;C;NeCGd-x3lI z6BI~r00blxKY)6&=H!Foh5ZwN%j2Vy;q~S5#p%i6!PUw6+4YC>qvHXP+kdX;!RhJw z&)3HvF0TH1eQ_`x{(OFUGywHGMC%nGFU~Ko2B7}s3vfQk$w*PUzyWeNP7ar%sr-|{ zbb{CgNg4S1wGxzWEcXonih>lepU~YU8W+C-fIcTM4$nvbKmj`wn*c`!j}1OzFkC=N zx!ec7e&y@_moETC6oIc_$1tMeXB?K$;*Z={zF!S8NKuGlhG9fCWUDm#j48wMWGLtW zU%y(+s`{od`|<@ODUR6~)c>0{{+rf;bBQ7ZDRMZSpf0fBP1CxnC}{Y;M8gfb8>r%q zL}6`HnxtfeXr8qZUZ5CJT4Xqi;V9x;7-wVQn;hEcGYSeH__hq=u-thKK&KTi8$|&8 z<^B}Gh)wqs98az_de;#NVC2v#@N-pC1Vj7{<8Sa=M!*heH25l!vUwsqh)?`6p3GAz zUgrz{IYeVPkC>>15E!9|+~&$q39CqhXy;fk1+Xd7#blGeA>L6G%u~$n4oS?=XU3Z| z3#DF&VR#-#cb9~)A8>@|9c5@X0AdA@CFbz~eV>wfG5~H(vU>&v%Vhf!P?-%}Yt#fT zL2&^7-7tjh{MY^n$NM8_ap0FhPQ`m5I=PGceG zzH;lkS!=wlYsw&-)3>g9TYr^RUM3~fc_04!-#G}c{{I_+F!-*4AsF$>`nY^+c`iPb zHngqTP@bw=b3v+bLMY2rrA?%%ywV~SvDZuVuzv$B1lME2rZ}F|!LCqU4|R$F5hoa8cBJT^bDW}Z56t5TQ3~c1g#c0jt+N*}CMkftEtFbDeju!h zPA!Ms0MzTXytXG^DQ!7#GZ0#{WuprTVh7Kc$XIE&JM371C zE@Nz&=`%8q*#%_N0jTFq`}JCaQi>@*24iz(+ldc%PF5#f3p96}TCU@fcC|0mg75b-qH0U)yB)@;u@r z?f*#`1g|EMQ{Yv+Hvc>dRFH@%nn{~S;4%a>*IpTH2M z4veBYaKOvV|9w7k{yS3?&F~~9DSCo7*3JJ;w_Q5__h0-!pXJ#B7mzWO#uP9DI97mx%AP8>Y1W~891Foi+0_D|70iB{K0+Wc0zznirisQ*1NKphCULc{BSnpvR z)^RWKO}!(J`$#NlLg1UUP7W;Jz%El7G~k1r11uIPCME z&yFvL0;n)={4^h-G)4^3n*3DT0esRmLK0A5_TSnYXF}L4iE2AQd>NA{L}_iG|ETQ% z9FSOeZwe>ON9cd$|M%m;+56+u^Y_jyd<39{XZ8H=w0ytp|Mw#QKhLuR4yQ1lpomOr zwOVaw2mB)KQZ2`I+`qlv$OASYvjnC{+PNA{$8|iv={SxBX&1cqUEgnbUc+;Dc|*Kq zJ{xNda4=`2F&CaX(&z^+j}MMM9D`rz4NgFS|5gK_0Y1QgkW}HzSF86QPsDpwQ+m|` z=^hw?n8b~lsPX!jomR8c*^n4a=^W90USoH+mS>72t@S8uQLt7r=D8_rK7ca6Kv~nG z%DPTy%)V(32rL$83LZ)4co9>Z28hTa1(bPE`I55%x3M@Xx; z?Fec0mW+@GED2t}K%KoPxZUlk^CWf6{pze>S5ep9n!4^1 z>NXt(Rn&D0)b%!@ZuPp=+;pa7lzED>5^0+*fmNin3Z!*x(%SdjtJd{zPxr6e-j)k) zdv|xEHoA`2e^4V;oPNOO=M^?T&))pp))R5M>v-+zL36LY1jiIlrmW#QuG4H62+Hj! z&28s=*YPU16z>6BidWcDyxf-JJsr>G*5h}!-Fp1alC8&kz}DjywjR%YL@umc<^0a3 zXlD#?s~O-vV0Us0yOW#kPHv-lUx9psVc=I%@_?PlE$l>Y&!WUH$(fHwiIg_{=BBHL z>CdLWq(3*^*{itFDR80th+J4bpqpC{=;pEk{eWHDEiAom$7VoDRDQf+;8yM>?gO?( zx3Dd`Et`~*Y_%aNk4AA%cDuW&ZfLsQZ7%8dZ;n^L1{3b3YUhNHA}g9UD?0ZP$-UmT zs+8ATqDr|BP}JRmqVD=OWhJrd5f?YFv#p@)b(RRq?gNB2w;;5+p3MON$wqlsF=5*+ z&g(4O;_ffA^$Q}K>)JecI>EJ5K}Y}ol2<=3c=h|wLq$vWWNTaFf!FHhmCM!BWoy%m zx5V_)-&P`I^AUn+FvSZ@natPl4@zRWGUlgGzqgX->zU~*W^TLqd#&olzkh$hub-Fu z`nK5TJ#hP5-PIf0#tik|lCHkL)Ys1oeSKTz^Pb95({;QmDmL9Hmha#BU9R7@i76RF zHt8d`x2a^M`^fFJs{82vB3eH$mh^1_&3j5s+wE?vn7G|)#iajm*{rYv*`nFfQ=Szg zP}&OJ&bBL%+gY*#-CsKE7ly4Zo0Sd0kJGU^vir!-3mAQGB_ZqjsG|)8?#2f| zrjvZHx|8lDJmp9%2p_fxRkm!?B*F~9Fch&HF`zRTMJUaj6F7a%es{}_fY;bUrf@g5 z^BMkm?q={Sc)YQ~Q=SODJac=tWcQRN#b&>|rINyHRF1IT{q1nQycw?7dqnD2OtM}T z755jXdU^@o|wM z(W{n7HWqCvIyoW#@Vnh=JNZ-1_xsA> zFU7uvVjE86Z(t&P`>VxsP2~HlqQ!~aeVNGLe6iocR{QM_?)!S5y%c*HwJ)RgH(%^! zI6lH~^zLh{{?94)GR|Jc*~Dt~tW&iW_GqYcX-u+{{x_Qs=uI;q5 zy=Qn^1|~MU{?<#QzlBq7v%B>PT-UG8Lb9=wewlThyoXNL_RuMNGjBxJ#_?%}EVnvj zpmYBd{7&AFxMQE-Z=XY=Era-)osDG_OMfhVZH1;)%xbM< z)>aszSpb763gztCdaUNFi{V;;xCyGON9@LV)l6sk_P$ue@nIyk$|TxDx9s-5zBi<^ zcgNeBOm795TMxH<^=6sO)&t3GDl)fTe>~TA+b>|Xt*BF|?v?5EZ94C@F}6F~`fay6 zw%>LT;oxRU<`gwN$8|Oy7@EdneJ-k&U~WR?DwRu7x~=xy&IP-dFnu7UUInGO{=A1o z;7Urj4mWAHIx8sMRt7HCcPl9MEK18K1?xtx`oQ2shN`tU?hQk+x2kWq6;+eWe#s&~ue_H1%Xk}3>C zPSSjaVkQ$>2U8T>jL7GGiURS15dfn|oeLZ!3EfEgYKf2l0C;OZ;Lp4*VH!i9Sqcx* z36(Z6eRWqrVwMsar%Ci%$>431KkypM8NBUrV4-@a%;2ug;H_oAmiBIK`CF!#<29Dk zxvc;fpmy}u8^P#=1jg$76X51C) z<=XiTlVm9$TV+0GQfhaF_(o<3L^!^YB>C&(#03_bAiwWzs3o;5%TN*bhY(&N>a=Xa zpDJLnrA$fw`urRPj&-&$B>C&}W)z^WSo7CPm0R+;xsuP%PTtzdxQe_AInuYu+ggll zDZ`S#-Z3OkVt2)+vf1QZLSmHwX_Hvmv)|2UiP(}Qa88-*My4-?2QUt^`_4g%#wbN` zfG7y(BIW#aK0yG-L5d(1H(sVFArv!`-fcby)*C7E9MtLBD;T&|BwfZpcZpi%+8ivI z%Y`J8)!-bluJL3k#POa!%k#k~Meqj46Tp!WtW}>VU!-Y*0t{tmz<{BYR?z5fq*JXV zvM>|eyhhcn&@(>DPP{}goFRet5t5g=a|Sk6eKC4C}y0!e2U5|V3**% zR^VHOcBhPX&&GP0Q5pwac;XY-Yi~D!y*8h~83Td{!FZkk5{2@T7tv#sFG6XG0w$UQ z^E6sU|7OiEp}$?Gzq68ljkYz^a+=SEd!x5L9K66aWi|UF1TmbUxAh_+^*{Y_AO1-o zTjbEaWly&(d%6YLQ=B3$N2|30t$Ry`uCk#Q;T6%^v3l-}T(0G~#W5q|j&iXU%UgwH zx2(_Mm+uyx!EYJ;%@y?DTViv|5}R9)*w%E5zXGj?Z7^lD{MFsEfy6Frh=ubF{|6lM z7Jd|)?mVF^MQ|o$57md84XmsWTdVufvzS%*fB>XL)wi+9TwQ_iE!liN~Z?vv1;u zF&J^hhcXyN@&^AAVN>uXCg}`DZ@`aSZ&am8%D*4*jfTYHLjSXap%j{(+K=QGEl>(b z9NlSvP#UJ@lq(B-lgibRkmwy{Xa-=4^!$a*bh4?SGXhbnX*@Bg=QVvNc+WeL2JkpP2w^n=eMqG_3mvc-( zOc-VRMGeQ}D|_=Qy}&@JYeIWR62b#r=i39$Ctt8I0#J+82fP zW$k?$zz8*P%u=%J)EZ!jkRb7wpI0-ROU#EEUPqV)Bn`9Dp?u*?Cj0CYy}0`E=PQ=- zO6LiR0R+DY2HcxjwOXUmknBoGOce{XT2h!BVlbo6m@;iB;1miwL5N2Y0%$xYDFb9I zh@lLQ$4*T%pTrb%acrivW$;T#Vlk4JGMY-9cKKWrM*w&|5dBKIfx=~i6>J=!6l+7U7!#&z*T-aT*&%wUUuW(?<4nrm?Vur-vjyRV!*ol zfBjCYu>Ut(p8vA{KgVM`GI|@SsFjY4o>ow8NKy-GHax!~TwYie63BunSfG>&0YKS) zlzEnKJ2AQi??0Y^6p6L620#sfUz=yYr$^5J0Pl|=#X(~sPn93_`v3L!|2I3u`~Q9K z<^JDic|`wTKuT{(8V*36A<7c=7o2jK$70Sa>so3DrBl(*3Qxj5IOU&R6L0;U*_ zA~XQGm9Yi@0D?mUP(Mf#AR*0Dp{CWv=Ln8aGywHWUJ+cFMU;P|!4%ElK>Q5=yGzgj zP?q9&qF#k)4CfIWfO=iMNzp&&I7Q(AaN)~BnaYUsOG4OJRW^_L4C2^)$nfIa)ZyxN z>wB0TZVo`5>wp(2p274EsFt`~c00v^G)+tqjM!9K4AOZ__W&6)ByB0TX!P;KhMlKd zJ}?Y1ZwyA)kg=310_`G_K_L!UzNRQ%X2lRiC}1Q#B`|ykBR&Aqugi-ae`YD9Uvr>0 z;G_Li@f2Ke6~AI&l%FcLY{{Yx*j2&0WuNne3+vGGq8a&|;$<|-r#QGU70?0toDhnr zG3-L+WOj#m?9O~OvI+h0?5-Sj;EoS>A+NxI}?#fMW&bFUWx zv*-EBaZwrtg+8}?ID`yVED?NVJAw>?AtNcAtXL*^0o8p6iCET!<&{@mw4r_=Nb z`d{1ayx4!A<$($QB+ah_u<&azNz6|X7{F?|HRy+VEQ4DjJW9EWFwP&0P00)mzy|If zEJbL41}Q^ne)QFFz#Gya-~uw3Qb&T~+Xj~wQOpF?`F^+4a@}sbUAsYdT-~CBS_5Q_ z)fyVphImnHD7WU?&3uFmso($Ut><_h$8EUZ*UYhPDuAIG#L+;UFaJ4z3ReTdduCuW z0DyTKW#|_w$l?kEx%evdY732v*KvHO`&?^W)%<^KBk;=k?|I!;t2F_C2%q6;7H@{a-d@^y6u7{^5J-@KOft5j9j;FEt%R&zSoaqHH`#dd01d{%4a6ymrc4yTNax&x%i4n})mbf*PXaEqe| zu=EZvVim1Ngxt)Ny5N!-5nu!<3bm<$zcy8hqecwADa!GdQ=25w9l&EwHn}|{DStbe zM8cU}@=#h0&G!{lvYNUIBdX(#7MxX0Ri+N ziUwc|BZ_LZF`vaSxH*!{pk}E$LSq~w0JSc37(q(U;0#HHNic0Bl+REIE_}pZd^)7H zr9<`N)1gGbfU_GDU6G_@goGwl1M=^Z1f{5?}#fX~8h-1t!jE+zQ?}jKKaY#9m>T7~hOv3Ve)rR@dR`16UNAnb2 zO;bdtBnq=HbS{XozIftGieQMp4TOAoXu)90=E=R#X)nRXUy4n~UBRE4TxUKf5e~4} z{)MEFt#N!hv&;jN#L-o-=(jtAW+(K0)Ef1m*KYN_{;22mM`73RHQPgx(J4-+jYZ!zMW(qMIa#&4mhIx*M;~o04L)!!Y*VuRjnpaRc0zq z>cPdu$IDZ--X|nHJUO~lzvv<`ziLVzlV&cU0MrV0FT*=yM+3TqSohIqW)|9PA6UNJ znld$z{Vm6zF|cMf%*+&Ny+bfOkE6RwLf8*DLeg#6l3v7ie39Y>j?e@h(*R2M<7|cF zi-r0e+HWZe0y0Z3QZmL7%Ae(3&SO5()$$`g1u%gl9ASpD{T_zl0Q~Ydedd>v#5T_# zoSxS7R{k>=4f!BvM53?rnyo^WTLOFqC z4~~liQN1`6UX^-kp2vJ#e!z4FSumBOYMvxA*)5Dj4QfURy`uq(4D}`rqe!8y%H_Gcg16bhJclI(>Y+X)i*Kx9HzkyvA$CjBoBYcQK8)-aCl`nL z7koXjAkisIxg^H7pR;W9(4SKzc0}Eo2hlCO<0B-DseY%Vu^(_snfxNpgC##mMvyK2 z$01?VtOH_i8i2Z2S4bX27*eE%1((Y8LAC^RGasQeMhsEDJ;5}X4nQ5w!cNPK^N(EO z6`{9dk_KEto)A9t6TV!EF3DUrq|`oSkfHHB8X`t5#iM4<1%{$-rUH|ML}YR&Umuc~ zifC}A(Pkt$}_r6`Bi-jYba3G0pA z9Wv&Mm*MDVh?!ka`oQRMku7i8?vOPrpK{|$3@f3agf}iUm~kV2=BkkqD)Pft zXY|&;d@%`%l(OP*0-S`TjH*AC!UMj3EuL5RN9--1{clnyGNjRHAQxf=H`5-UX>El_%QJ4LBEL>@(`cJ;pp;N#U{ZfYy= z_RLnVwx8GnJI%fPsCu>y{k}s;- z6d!Crx;;L}VZ`M}5xeiT2Ti}@>N1J=%4LD?b%Bm3@ckYzZ@Ti$-@p!0Mo?WH|1%!& z|2V$udJVVb1Z3u*&v2GRXrMhIxM1YaJL)-~@BXE0M)O#DgotNMr6CM`W-YLDUTlSv zbrLg_j)fqo*Q;_tVH#mX$ub-Lv>_ewYN248ep<`+71I?A((TP&47zf z0%^)1!$Bh+)2GHjwq&|*MnbM_j;VejeX$0hzR%H-cwtJ& zALiQ*I20hk;qZj-cVcHFG2rsGF2nbF@a3zVO=8P!$gxgin9wO%yP!UNRt;54)bK+a zQ|hxjjfS-+gsgbL-`2rvEocI|3aBu@iY`Q%=KD5_;(?YTc#P-g$6?LXNK@7l%p%jI? z21)@->CIK@3@It7Gn@DyC}1d*nU7^oknA+Rwgb-NNP41~gpG2%;?KvQ85a~HBgD~M ze1_=2CvHO+5+9|ZLzFT+#sOrH1WbI<} z^|HF%_ZJ_t((f-mYS?GzSI0w#eP*?oFln=!A{g=o{olr21;#fb-3RY>m1GCU6Y%8= zaHMyy@QV2Q6^!mI??p%0i{(-w?KzD670x1K)=_38T|&0^Y6zAum?JV5*%;!nSZZY*{lSJ~!2C#NXen_+gk&BiPTHF{!jzYz?#&wj8FLhela!XGb+F{hFksp8_uWNd{%A)WtDEq3}!_A(PfPtjXe>L_VJi z_NDCLR-C`#(41-;yQKO(C6t+OBvpSWLUL1Ha<UL4Tg;^t;`|W1G>T(MV@1WE9yYM~eZs4}V<~a0&9t@fR?04MG zxZP`Y`mXPf+a1*L$G!`js1HN0+3~uq&_#ZCyxRT6gdA;(F0av$RSd!{$Lm?_ZTEW} zFYvqVW~=Y^JvVTBqo5g%+6cORzu5}vekpYK`2L2*W7B z@y5KBrL7_B^_-T*v+V_~0QO*Mz-s(DHh2 zGk`sB3gwe!n+vw?@c^A!>EnZV!51CuogUVtPA48?OMo ztj1B~ZPyrj-A-%djYi%6s2w(&C`6-9d*qJ7cB}1=T-fjU{j3v_uzO8-Ciej``uB$)f;#Gk=trE!>&7S`CcFTJ_`JPuhm3+%yj$BzSryYn=Nk? zjylcWYCg*=9`DI#S-BGHw(F0(F6^|MuHb|==~g~;kI1A#VMNb zip%+)!QPPN2IdCP3SPdh}$^n2@2%y!u!ip`q zifN_<+N{yNbSWF4;3wk{2}E44Oyyz&lw8T;yL2QGAG1jz`4Nmm^Ufs3*{M`_cf|jU zf@_slV>(MIB#mO$l;j$AHXZGuExuT8<2#_Cc=aQpBGgiFL8jo=H@@iEnm|f5&m|&4 zm6!9qp^k5yhy*aQ%9OCK9|zV8U@*LZZ0dkbQOj%!`-QjC(k(8F3AM?~ zir@x+ddua7R>Q4;COteZQZ&Y&tH7Qs+XuDN4q3)>Gu}9`Toj%xFGm0$o>L+aEHt8R zE5pp!%>KL*ix|$9qEdn*4#2j7F8t~?g`Syx3LDDR>99C%9q^8@DUfD*VL;@wNDgt{ z`-$|i1~5M|^h|z_7zJ4MwhTv5QErsZkzn;0M>@b#yT~ha8& zLLeZskx0}oEQrQHpA`-=bG<~uiVj@~t5h+oWSYstlJmW0alf&2y5g9jiT113?!zc$ zA7Bh8D6Mcx%(jBnWEG;C!BWRYvwHHy^A?RnJO#2UvGgt>!WG0y`wP$c~+*@yN0-R!1d+ZR2&p{i1ev%xurcDf4G$GtO)o zYSt?3XLk+jfY2_n75=)y*7(bcRrpVZcf|y)9k*uCsTp1lYtC_{RNP8xVhZJxEmc;I ziA=y`zUh>ZE1JTA)rL%NVimu|;RLZkjyHJ#1=cAq?0QuVJ_EJ9$X5~ITBSr@l3YD? zjAy-(qeS}CFoxsFK$_cS1b8hdoLTbXT2|kw>a3mWC5FSqdNJIwmpm;!@DfVO$dAf0 zPR?cicP5abTX+XjGH07;Nvhn#R3rg}16D_79Fk0~ zz{OuF@=^d}fM6PNnVLa)GRpTu1lc@Ad-;3ZjMazL@gzQUIBWX?Ef93XSbrjl@oE2`p%kHI@K2e&X5Yy)ibItq9i^EG^Y!Cc+b#AA0I0FR3^=VlsC9Vh&@j^MPdE3G*KTDXal4k~ulAee%r7||2Nfn)z&Lg$(@!sN`%xTHCHARQ*NP`5gmqj=h z!H!^XgW^yKW+?(94wkPyI`GuG^N6CDIc9TG6|>PH;g>gH-F-^kvfkUBQ^|FZQ*-2V zi|}O1bdCm4RE`4@%XwlMCk#==&dHpy%xumgKSe!M5R-*IoZF(c48V2koK~wJ z6+yaRt0g2n!Ze+WCFtE;iy9T7PK7m1Ie}{P1~}E}o-zj^`6|;>y>cL5CbDf5o9Qr5l7~l3egP4VJ(*`M=~X! zJ?C+GlE4(s5ED_{(j!^eL`8&vW=JYB*r;zp^^<;&$Db1z%ba^Qm&LbtIOdYu2jOIW zGMk|gL#B%euVo#auDtSgz=c7@h>P!Fa5GO-F6C1q{Z(GmUB_BLX7h;QBtn+BNZ1sm z0LiQXuj#H{Z%0+&0FA`j%TeG`juxjDC_*XW0+etmTzF1rA11iL2R7Z8pj6L93eK- zGQFK@-FD3$&4U}nDw!_7$W&Ywn{n)D19|8eNV2pIIe>>q=*QCI3<@>A(*h_C2v=$j z55Q<1hceq27xjgKWr0#Wz7uYBr$fFc#!?QkLbe?2r%Ep!wC(?ld1TR_3ehsCgFGzjtif5 za#Kj5AQ&O;?KCVdtOMCFveyC|9M|=Q&Z|;7P`d#!Y$f?~YR^iJr|B`v$e`KKs6H)s z#QHCsbK!_AvIUwiLm?7wcpNFMy6x)_5HQ9l3gxyXoM(&cl5ED>VR!f@JFx;*cL1Qx zA4nP?E|m`1U4(LE38JR^Vdw(@WAWM}`=OZJNXrAf}@_P6~ z>FU472Tq8`O5qa05yFHcPZIv$|NH-;IdBemeef^7A(J?|+qH1F%H%Ls?diyZ>_aji zML5V)Y-@Ax4==LAMOj-frsf1@>6Eq{0xVPt(BxV5IA?zmYqiQ_0>Y$g`6Bwf0x}#xy)YLmF3ZS#jY$q zhsHa+Vtt(@vRYCdvdeZZCYcWT#FnaRYQlZvEMGcQ$_9Zxur?5&E)m79kiYU(7R zu!1OSxfz?YI}|SlU`({7!#2(@FQwZafVvA@@P_}N4tbtabbcG7^wJ!joWzp4JSxl_ zo9Sj4iw2WDA5@SZvJ&=%4{cV{a z>-kdJM3Uxuq@$P_mOe<5*xQRyi3u{r=;LIp8DW;MYh7~fc(3eOBJsqFz32E3=^ zTlRp74B_jK9nC5olVscwpUpp;f-udZ&QSIFM_=T?0cLJjh*L=h>21=#cqjYISMBsng2IRktWSh$3_GCe3tHX%f|k zgVH}w8_JSc^RJLHUQQ-)1eMQGF*dZxNGvNa{TNU5?GkbuUszJ@4lrqHzhQ)p{m%5V zk~z7^iQ3|=U80& z0Y|7X@;7aWM0`grG?g1*e4G>q)>Wa`>}(^#9|DDdA|aR{mD*<~-zj{9v^c33@sYHj zh67X5q0>TP{w77dOSssiz$-=wa+a|oHt8O<)sT<;j49f(A&0&ys`FdrKuV=r-fG3M z#<66s5P7s$ys#{SdX{sdF7HL7+4({Cjl<%fKV6(vIY}80I-#XY@K!D_OVo%%y{?N= zH#mxhx0nS}Yo|k>m4QY&M$+q(i$%*!@~W>L<>pkD<@D8`WogbzouQ;ULBG7pi4Pn4 zXi{Fr$C3}PxmP-mPmh6c5sJ-KBB2G!n*Hde$=DlFUH%o(F^B=Ot zTf^jDOTAV9X;=Ilv#eGFbKn*u0Mm&;(S&LqnuJVJ=?9Gl-{M7P+eV0mjt;GSgSq7@ zNo6BB?rT8OVO?F?m`*HD)JB7gfaYgRVr0=(NzrghnKh`S?eqgLCEXS! zUPoBuO4WO7F%~hKJa&W5{UlJl`d7v*ShVJUx1@o>!aEtg`8-7Lnt-006;;`KLq~%U6)YiFs zZl5iC6!X2h27u0swQ5h$Wu9b1Fu=>Zfk^1~I8TksW5P=!usva@6hV^|HMFQkQrl%s z`gWlN#UY9Vj40T7Osr}_oJ{U@EW%~BIg`h`9Ed(~Fb?75RSxW8{vhqG+gD(>%mkAQ%?AE*%$ya59d}Y1M z)a`?J!}HURSI4J+1xLrjtILmvS0|t3{cPg0rb|_^FdX@;(p$jc*~NQdGaNyR9AI4P z#ae7!^xuHL>kLf)jQ(DDiK+F5;TaN!g>dwD%V3q&)=22-PsZTFd{o{>dwMT6T!^6v zhM>U|%}~}_geEY!)6L6!o`svXO!p_|c;@M%?n#%OW-d*aFf>|f^AW>^<7QZH^JbP^ zCMwVn7te}&Xa5cwW{2XX9B?R(Eve{Jl7e{>il4TAA^Jd3>SRz;BoY;JkQxXC>ZM_f zIA~uAOfkiVDMthcIuyb66lBh?BIy5G0dpK7eEqNrTF| zZh&hJAF08neIUeZJpu=y4ij}QrBbS!-&JNC15D#uwo0il*_OQ7Ot;sPWt(T^Oy^CU z&1WM%cgOO~CJxNumiavZepX)jtnp&LR<5u!aTs&5b#HM;Z&8sutZ zBkW3~nNbVy_aGt@5TON%_Np_5OH0Q9pfn}v9=L@m*8}$C@tEP<9thEBKG_2-%?^?x zGCAdt2Xdn4Fen;TPCp!W|-V1yqmzGgE zp-r%hmI}pIZ}#^rt&&b)(&GNM$Sqyvh&+AM43sbl9WJRKd~nr z!;rXRS)906AQA2v40tCqUTze@_(o;OQfF6shUC~Xx-%9kEEst9@$}TmdPd!EtFe=} z-zyc#6w39qZb!-8!~Z!2CTa2G4Kyv)R}HdE9k7PjJ3<&=4wI7@v!i#~MLMWLeWc5p zd{Bb-IL0g-=~$$Pkz<g3P<_ zMp54Ft(@|(kTgm;wb#{MO*iPSZdQLGi0d!^l!(-KbCvm9UVV6cdVF}L)&6U(@x0#U zB5MdmN`*Z@=d;&S1e5DgbVE7HyI`No6s5QSze3Rz!Ejf=5;TGzF3&%3wM^XoM6UVL zaLt6Z=?{7OEuYlvB_9k5r{V`7R5LC&gZk;gyW`V(MS*-wxE;b28ud^8QLNsO1gvQG z{lUlg$7>rsu^;i z&=R_lWfe2;OcD#n#zU(2*FwGD0Gkm^XE4qi1&UbZ;O9&Qs~T8f2)TTWph|>cRxV?Z zcfd!A#`CBUu~w8vWiVT%b8S3Q)Z_P<>F# zbiNCMVbUr9`dRK&+=Y3JB3V=Cg8|; z6luemb~?|cjmhT9u$gVbwCVg&hQ9pCfiw6o62n{S1Y~A>suV1Bvj^A#r--XT;zC@` zfy|d$H$QBeT3e%@h@_=U(WcG8{{A0jO!=Sw$P51|TPFTBPc8A{kNF_cKRJI?XKS3T ze{uqnBIg#zA-SbajM)AkEv^?qzb9l8p#hlCWzC0(GIi1Yg?%%N6?6t@Q@C7-@kN_^ z0RBs;*b@O3b*1@2?zOl2 z$UF`z57`nzBKwT3(a_ca69=mThLXuhL6P^0!caKo%ZaQ7NKxVPJl{pU4Vf{9$}8{f z*0wvJ$(_P!C|0nhr9jN!=WCe>;+n4z15o!|*R5M6)T({W@w+w$NV>%OL&MCDVw^GT z;C&c}V4g;l>m|ut+;6Au=u>f4ys!o(z+9pb)67}pZo`{V#Kk|H^om@(965OyGFP^F zac_l4C`)zkVcy>{VMyg!`gnOd)cHd)XHLHL9lhgfMuxbUBzTNyKKpnH5p{X1AzLp= zl@f^JhPs1kdw!^jl^iKK{Hnr&r26J8gHOyd#R7Rf(mhxpD{jaFS@_#zK@j2KW=iJ5 z?_f(VWOX-VL{|RWZl~4p+WvR0-|V!S-vRgO$^Y)V zIb|^Y&V6uOMdE%V&zCRzZ)!SuzBDt6Sd4;KGl^>_%A;N7`T+X?i<{@w)KTV0Gj{U# zKM22e9l}w2v;XyL?aP;jO05X$EN~W{BZr?Onse+RnuaR=D)06S25J5<27Gh-i2KS`0bWZ>}$LW*P)l|t3}E*zyAgtBzzq&xs&HSp>>QwL|{mPV4*@j zD>is*x@R>{9aEpR2H|PXFTDo%plwMhQBg-oG#!_A-#~EBs%1D@K)KevP$x9_E&TfoQbnK{+GJke(=`x znht>|+_at*F7#q`8SUMZm061ETj@8LhgNkP{Sxx|APUPPNYh~rmz85vr*bb+C$Lr@ z%iLNDXIa1JA=UGPrM`0X==<)=EG%4pzqB>gEA>3btN5M4D2|K#;LJC$T@UGSl1+O^ z$Awh(koveu59xN7^iUpBJ%%%+4WIQq^@>16;*m~SYu{3kyUpx>$*3PiuO3=*I`Za| z6vu1~>i@lH*v-7IUf3c$k|8dRI0$vd^C;qf)q%5H7`=<&f;YU$xOGGXlKny8Y{OIQ z$n_q0C9c{Tye%-zk=LCq8Wa$^U+<*(u8Zt*-kb|3Akg<^Q78Pz*U%z9=}RC}k+zR)V*sO+H2Qp_}sVU9P}K zTuU&Km*oIY8L9c@%e@zHwc6OnDk*{?e(pwvbG=S%_Z&@%AaE;OGOHkN&{hR5tUIKw z)(eH5?5b(rkVtck+1(+D8Tu^jy6HSVpdUr#kE?&mY^B-nGZJ4CVjWkdDhWM*`vZ;; zy`v1x^mi051~qHnRZ;7!cXM4Rr_{hWG}VRBko^++DNuzAg}#0rq=%$m3aDe*~fX*VIW?off=_Z?>uwkuagej^Rc(VsyEd={Af^Q6! z3!Ad4hQEHT$?*CNht4X{7L@xI6` z*8q(`{6iyz5`g0|jxoDiFD%&GN!7k?4m>KiVEMJUTWU(wUimyb9smJM;0Q;UVI8Op z!!S!|a&~-meQ@;QSkqPWNT~e~#yyJ^#@oZOhZ2eFZe&=QVe~!n<|0?O{7*B-Mr;@K4!Cxkb z+-&JyB>GyH8BD5V{tz-aSZcT6)m8J(Jdr}zJaOoB0RG)DOB!E7V;qNE{%aNGqK#mO zK%mXgS#0QefK~ z+MV7*YzO-Hho8>QkIb*(Ux(Kp&W}Ex9@nIG0f3{k;q_0)#~0UU2Oo}y$CsauF9)Db z;yV9!e#QSDkL#;CFUwS{`{R|)L>#M3#9VBBZMg*O{r94t!4k`s;w6`74^NIRmwcs* zKz!XTs`nLmRVGWey~RpcRv}p`6h=_JXUvG{i-`@B5c$bahck0+4-y6t9J{(I5?p5=K$ z`A-d)t>iyd=RaKjvrdklT8?|n{kOD_R)ExlLf`1KvXIHCCLn*hIJ-Xhc=e;$Xiybor&7EvHS-ogX~@oAZ3MyE&X+c-rRMuL zT7aO%zMN2aepb&r=L^@^J@87(K*F{^8Dk~@%5K4B0Ib+4ZQ3~Zi(zwP48NH zd!@KNcnj+Fa&*C#O2ww){2waC`9;SF^f^k`uyi{H2$pvq!1D^}@kLgDQdxZ?L*?f3 zpA6gH+W5bL{lDoJ40@p zP5ImX{`A1S)8m|``{H6I;r?h?H6nynX^bn_kTKj`f~%0tv`o)+i;AZGYU8s96|InG z-&TH*3c|X>jU3nStq<44NFO2we){z>K{cYVj`_YA=37T(d?O-yce;#!y_^47Sy$ZRTZ zcarlk6mC~Fj)T71Q(vj8GMNcMSomf|2+G?gU^GvWnyBi$=4yCtQLZwGT@9~?=Z8P> z-}?)g?x*v(>JsSCp(MCb<*yE|j<1hSE>)EXkE|+!W?7Ky>euIIhsRRfUO8ON?aX;O z{Azgpad><=yg1khN;c?=P!0|ck1wvSkIsghAY(3tE^7r#W%R82@(Y~}I_5;>$E&N0 z>x;|tzx?(3^kjH-d?o{L$~K6NTbDOio0f#$HheHtb^WygdvrX!x<0vhFkJf*Z3CQ- z$YJ|hpD8}DiR{vC)4=gxt}YL*4=&$p##Ab<+cBtk!?$Vd>fq#bczAGneDoCUs>{=} zfzBu0Pse|)V%v+#y}8P*9l>)(lr3DrtK0qdG?&fge|fLy6X^f#W~W=!|6ATm{O_|o zM*f%G3tsD6F1Wz{=(k$e?g~k`LMyv}W7KyrDoYu;>M@ZRIMFz@zm36nWzm4tzpa&~e4+T4WwDxaPszED>jjQ4byB`wB(WB>#T~>l zJ1}4QOvkNTaMz4A*-?)_)Fj+T9%%xQVT9O4Z9Wu6qUvChuCQ@cTIB6Cd!kpxkd|7; zssYM%A2CvN16D-1d9{4ll^eF_PC2-?y3VqRWh;$^IVpKjQPZ$7H?|azLT9|S&IiTz zCCII3J+zy#a!RPERMUSfBTr(+HPl?t@FIyt+_0`LuRE^ua`hUVGjf5_85X&2^NCrN z`WsBiZESwY`!b~u-z0PB`&FiO#?MEY*I-Pd5T%bly(Qdd*hsb=DgrNCDtxTr@Xaml z*%*-K6r-T1PT#gmP5ml+q3jIN&=F1_of)R>3YL^D9_uuW&FIZWpXJ_Z4`a2?G`@b7 z!E5ihMkGFR9q63TvU~U+UIZVTP{s7uE$lF6K*v}WNYWZhf!fsxy z%4={?{zj`Xu!~f+{a(2&*)8Yv=M3EMD`?{ppDpx1-gVn6f9v(XZr3lK|F~VZ^`ieh z$FnT{moF&4O5Cqr=Co|ei|NZ`>PwdsD-CG1JgY>IY_Z7)056ibeDa-LTS|-R3T2r! zk-zpqctymol`&L;Tb3#?OFk)z)s2)~FI6qCftknEN)^P?TGuI|t9Uq1_C*;hd@#HI za|V+lBh80RcxlBHu4HEhbR9>tlJ(3SP_Ke;Z^l|$!$UN`4F;~_wIxYcGCNrxvRMQ8Mg{W@iw`AR(c=tP+n^ z##1}DL^;ug@O`ziT`ctiSeNa*x`l1?omUfIUY7ESG^|V$7PabZWp&DD^iNA;s5}wV zQh?Rf8>i@460Q2GYJjcE)Uidj4yRmc!yFw#K&ou~OI6D7OckqJO7%u8+LsOJE;UI!AQB=kQ$-H zx9i+WN2G7Fd+koTPbaH*h9{aO6)`>ECL8ZRODvnmld#ah|J^ZhjXbgK5>(t%sx6D_ zWsJ;=32!52Sg5X)G;-j#5;jat;WSlW0%`?oml+%aK_ zKg;uk@t>6o-CFNoQ|mu722>vPl=FG4bCQKoL~buqyucBfpkuy@s0-WlxzcLK*@KTq zCs)@$U!GhYuW+Uv9$$StIkJDgKY7mJ(&6#N!R5i#`Q-rA|4^?1aB^{V@b2_@c>V6+ z@TcRmqXDSLW41-s5deNVIXxZzd~$X8;{en-v+7IZ{aVFzB!76EbR^&jVh3BB#SXTX z#SUg{xjz2O;pxYtD{DA{mXM2L<2NSKjVqozkcaqf$cHA^Xg=+`9DkI)V(=!K>_taJi|ef&;(>QvO3o zq3E-?zExNd#Z6zetRA1u^2T&tMJ!Lcs2Q`h?EY?ENd8?}EO)CnFKfN1tRR9}MM?fw zWf5^LSpowKMH!+}Dhysra~OI1UGDhObFAl^K?X)|5_#H}4w?v$91YSj6)MJ#CS}evLPJc?h%ibyvp|JdbwT8d|iYBlPYr!=kfnX$+G3SQa8?#Zx&48*f?4d&Xl zeiis`^Zwmr5qtDT(PxIz7)B>C zL+Ka>=z@efEbg_CJRQDC0lif#efIoHYrcL;Yrl=xW`o&!t+xfc$OhYkSO@Oao17vW zN%yH!25hAN$>bLFe%b%l>VF-#U5x+myqEl6&+`a9?@09T5V6P507H~SgjJuHGLYj^jB0#E7j4B#;ST{YoO1qeRjUVe049+<35|||3;;|mjPg{{@-bp^8dRp z_dh+$BlUmNzrSw-KsJmwv;bI?{0b%j)B5Au01VjQgb^U?f)^{mixuEowgQ-u`eFun zF$27q0ba}ik1!-(%m6QD0Ptc4czK@c*+~CKahMQ%Pwjt$_^(zm{@?AkUiANGc~sUa z*}spW{p+#ve7ZlCDT9Razb7wI5(z7-jQ}dakg^zTXb8xNvXrYQiL=sOL4OO%xkmOy zHGfgfpI0@Xk0@g5mID}uDWVi@s1=*d%+z~CF^M;ykd$qUi>UK!h-+Kz|HB9e_qYLQ zZT=tMFWUdRzW1{KKgW~X|3&{krVt_~xdbTohqoeFHTUXOnFO8jxG21Ym8M10776~*O z4WQB8Xmq3SXig9dQrTJl_uVbi{221u^h3@WD+yhb$x-i_TTd z0~WyC&u4;=p)i-Z{0xF1gFb=bvpHsIwOODWI=Mg`-DG}tUl&G_OIy>_*Gw)vNcb7u z#!3UZQjWppLnadp$MZPmTj5XzMPGLUXqx&GP61T;&Xb=onNLI}o2I@I8h7gB-{3tM z0*`0B;|2BHNNnF3s^4=!g{moAd!CF1!4W?2+c5lcc*U+bc(B=IXHJl_Tj&nLfBz)&_tQ*bTUVw7N+l*+@R z7S&$9eG~HSuWrUzBI!zG9TILHwXTQ{Rmd{=$4QKC{J5mdC1jEHhG+TLTG_Q2_=n1@ zk0&gxUbZymc_%XEW76lbq{t1$2Zqh-YsP&q;aJ3vb-0+(_k3xvjM#kIa<2Vbl!OW~ z*GrZj=e1Pd&k$A0xNpJ`aJA0 zS1OG}B}lR;Q0PmwaShMoi}&wI6i0usk+^_a02AU*pzPiT;OPx7Ax85ofP%Sa;%9Mu z%;^xM^ZX5O;AjCee*%?89Mr1A!gQ5zcI6$Mq3piP-pm-pWjfRVmp}hbaXp(pjpY9* znNZ#Fk>Y}_vb@xKoG^WT*`%))!h$F~d1ub3*|ndi6YU_%>k-iOYuyLb`EA{Co{ zzTC8wNDuYCG9>c^kwP+8ZJ|*@;3O0B#6TCs3)5q14JIX(>KauIt8z@Eb~VALq}f{k zT}f=E6T<*zx{rbAYyJjm2qIz+J{Nt>4`WzlU{S+7&b`Rs zIQr@hN+I3&!7WU}L!*=8)X#jaa#%qEg}v$z?Y&(efMh*_65DGa3ctRrUkN-RbG{UFgC*V|G2VC{I!Md|^^X<~{1_g?jMTtZhLcrkIH;xV+KXZ1+cyyb{QUL#A$WhSX40%d z>7mHPb4*}%T;SA@8cHuVSPsx^<2h9U#Yi~d$`P@!DcG#Fl+?D%R*AJ`5q*6cE6K@Z z>loQjWkqUa|9L>{_y1pm`0u+1M*P3+gM&W)-)bJlYC4Mj{{6*$ZyxjgiQ>I?9_#%F ziSypac<*)V@BBW0m+{^Ei}3wL`2HgNL#AYZ5x&0&5BiJnoj;BAzuBCQSu*(@-b@j? zJyxwn4HUz=`(LAxng45VYr8-HU&+ICy>}Jk+l69SHGiHqOK4Tks}qOT)ohYWv<`+l zy=Yynx{RZh^;;()tsdLQ%1i2pvk22aGdPJb5y+bd&Q(4A5wv81cdse;n(|6D3$G36#r`D|Lh-F_rLac`~0sfd6-Cd#>W>F0}P50?m_^pm_Sb}|5f(9S^%uA+C&1Z z1;S6}d42x3tQtw%L^C<9atIzvOrru>kVL~E3C5aac2-{f)zswPVk79jlv;SY9I128&j{mbg+TSzx|DCO^KK{>2 z9(Mox7wwj}vM=!w7iaB_ZfuLGlCp~4qg=SwW@F2%*IM0fE@9gs3+wb!*ReGcHo2Is zRd}K++V-H>m$mIO&97~1VgrY;#8qyMQud{8x8z}??T|g5<^s2Cs`OX6OX$;I>ei)> z6opqxf&t@-uky8kz#P{JqCIvM959-=T9!_x+MQh;zEi*8gfTC|H2}j;{$Y55LJCKY zQ|YyHIxbTfr!d3A944zSw}BRF>Yxmje792G75)UW)*~i*sCRTQuvL6n{--gXE63JA z)$>Y_6JhEcQ<|~?838N*48OQac=;_*R<`(p55dR$e%L2tf|tO86`)Qeq-LN5S{qd$ zC3Y`C0liA_ut~+CbKv}M!xro)w*d$;F98e*GUNozxb)bkz0|%$>5cs*M{F3Szr-lG zE&nnMqA)Y%FADS(AlY1rNFd4={s*)o+r)KHr47Na0Zg^qFZ_+m4ZWfg^Ftq2`{lHK zqhriOJ5Y!lIj09G#Yw z`qkK|SCJeXDc>2Zq5K8J=BA|J-)Z7GRe_*N3kyr-V^dUBcuU~B#Qaf3fo3yDsbS9< z>toeyp*$(U3grx`1ps?T+9)klGIC|;Hl0*u^&d2yD#_GpB2_}_dvFiPle+WNiDy3@6K%iR$;!`p5{>z)fcs9h-O&QsBgPWxP z%kzMD3t{S&pLdtQOcz5vuSvmh!;PDJeQ~SI_=oiZ@>4&E$UU!z3CjG5SY~oTb7Q}; zG%rHDqERHYX) zG*1Y>!Xo5y^^Fyy2&GnhA`ODAyP=c}nZc+~&a^O3uZqYwwCF9oSG?HS`;rOCPalUf z{}!Gm zz)EM6n5RQLyE(o(?JCEM*4N^I%}d6(JCu_#ek_z9O*w3)|Do`8gtIwY6u->F32c=L zxJLim-9Iq(ztQ$iAOB}14^!__6o&cu-mvlQL1FU(@_q)Sn+iagd7yYbOJi zVc#Lc1#?W$?5*la3?4CRO-aj+_#k$-_iF@K`*79e`}e;wN~(I*()I7*tiq7tR~pO6 z>3leF(cGyFxMKIuqU31dN3nksL*bLAzAB;~6LdwgD4FOgmr~RWeB2xb|Lgn2H<8d@ z)}f&lu1CbO#Lbf_^kXu;zd+&1B4XioRUN$idyd(#qSePZ3~DO>ze7nxP~()3+EXY0 zZ*T3I`M-De`ujgCdFqA386Ww_xyw_)Z+VfYsMyUd9+9}Ki~BnTYE3Th6s4c&=8iE0 z_O%_Oz+^xbQqzoP@dzt9aEaF$`w zI1iyy(~|!G)V&|E<8F-W5)ZDr!DE}59g2T{Q>R;L{vkJYEcu$W-{nq<%5M|@^JgV7+*Hroml== zfKP1mS5c|4_M1f;+4=QK%}nk(c{+2a5{0Rt?Y&<9Tgg)^smPJf<}rLE8?e?!TRX5;`TMg4Yv?ty z2WvH+$|h_NiNh{z7kX6Nu-06ueOO~vWj10P^Y6z_?3yvXt+<3fy}eks7f&)YPi;46 zIy+y2HTLyG!9#gz{nB#93fW-M(6scMO15Z?p{h*{St0F;CpS5AYh%;QFXiz4FpRj% zTQ@B^e{9aJouUxJ>|SnrDIhJx=#zhf|2vg zi5maLa@R&l2nbT^d)}bIUEt$Jmw}awUjlFb25@sfzlA&m>qj>jCZzE-;NTJN0T-8h zA8-{oH*4P@6gRj7T!3kL4fsdA$IF)X4`E9;F9HIFdT&(!X^iSr^fi~T!1xia8UGk2 z{AM|d<%L5km*M4e6kAsgd-3{j_cW6Kvm5^*3P6qgzqdCs^FM5Djr#kaD|wh?fBDPN zaTnq~ohMH#@3Wa&De%h@O(cFHhzhc zFiIwZd*r{Kl8NLBe#Mbqzuf!fzT)MMVt5J1w78!}Z!$DbE7sjJ03N(s*DSAGqG`s0 zFw7QF0FQzI%@bE}kY#yMv(^Q&e`oc%nf{07q`li${?zDy2V0|kQ~%r9-|h9kRXi;J z-?ggc0lFw520jKpxY05LQjPGE&IOSX5Cbyx3Gg!rf(-fuhR-P96z3CsHi0<0$^7ho z*eHD-+2V^~Gf|6}Um-4J2${8MixTbQ=>J$xGhndyvny zHBsV<7m!4)*xBbKisi;M6tx{Ygpd|;%tQ?!h`c0z6t@Xf+{+|bS3h!^3c4A6)IBJj zGs0-xni=}{(i!4t-<~UuLbdR%*`ouwKpDv?X29Z+*&B~DEp3f9UIdbxSftWs0;R91 z{!DxV@BDk2b5gtD;>YRK-_eF7f$G}u-dtWB^A#|#z7?y({&sy_{^{*i*{Aof^IFBQ zj{PVG>v9;+5CJ}5_k;lFo@~*sKgR=4fi=*^EqBZ08kB6WRAI|!?04gisWSP$g%@T+ z)y&${9>M$4r4_B(7qiWwUFv5rA(wDml3=L#UbqNOxX$+HpT*`^$~ZjXu~|6E<%=t? z{DxQd0N+#dlKC3T;Fo!n!LV4_Ia+*Yjc`$h3VqKPfbs8Q`R2=X0EW6dsJ>$Bn&L~a zeS6B%RYD#NF=PRi&NPgampmhqTIw&5Csud39a=w1Sak)ja0J|I{XT zN#Ro8$udvs{D)>2)MusQp}7HW{NNTQp`62N`JwWya{lJiRFJn~wu;@fe75Gi+aWzv z&b=z8@0vtZ0H|t_iW*Ex;5lE4igz%YO!cbUV94KAI21=?unxbJZtL2NFqzOc$ofr z#m2V_4*)(>p4JCI%+^XTfTBzjKY*e%xlcul^e_9nJG^u8y)L4&DA_uQv!r|1p(Hq5 zmU;T{74Xhe|H~YD#+^gDk11yXj51yTGZKxXz$Z|@aH+z41w1{b6^S*=otg{VY9X5W z6L>L?<13}}jams&a0{~lCF5xFFN_jblU94>&`XLoanI$bKjYJiD!B^acE_4eZ3ExdPEUWP-mibIqAIoq#nRKM~r0s~?eQTeq-NiD3L z(ZWETipJ?Jt-bjIu!AW&_vohxgDK3|jTt`-fe#XR2V%M-vMsXwz~-rCtnc}0DF1US z`H~7iwfw)mv%j-#%Kv-&z5KtDN67#DP@@wCKv;BEpaF2NS%Ev{C@=YW^j#Fk;0A&@ zh9SQ*M>i@4MD~_o?&yZg>$$+1ldX%E3k5!(U=&6@7#gY02 z3W1nIH$Gjtf^ZB4|dP6Z;Z-9p?pX0^mp9dCsY>U!g% z+dN|;bJ1PL%B*r9Nl`dd$~Nv>j_Sa~_4g@EG(;oJZt;n6OHud|j8VpR8s=4adhrrq zBzZUncPJr%WcS6bXgb_<_HkYy0MRDQZi`g?Z21`%fEA1e#xK1*mtf5r%ucWN%A@Pj z8w~8_D`)nr+^_QV!fUvKpV?$&Y#_p7Z?cI8e0&GvSfB88HmPjHh+Dy%zY>_hUVT(D|~ILUlCj&2(wz65?h zfbGk?BwjKS&jHGBcCOSRNSnSjjzMPGW)4DDtvNyO=#Oi33-u6wGe%?OG(wV{ z(4u+xkTypXIhh|T1c+(85e@!8HXJ#*zZ+XlZyWg=c&dE+_Kb1@w&eAtBlv=`T&fBy zH07slT}TdX_WxybK-c;I?riN?`~S{eJ`{(9vsh zSzNF2MEO4)LtsH>!Z*A z@wdtstwc;%HfOW|(OKSTGXR6}{wecEmz>}_Ft5!c4g2iTKhM)l{wF?x<9Upiy98Jx z|L>0uO#9#V?m-{_X(bQ0|B3Ov>gEz)2-6td&)|yeeyk|}&2QZiRObC#^s}jbt(f_p zU#=_X@^>h^jgcR!&42LYC}cuGPSh$wnliSZrnrc^sSx6aFyR&G_U60ZeD@t@WN@w6 ztK~B@=$D~%iTx2}#>U6qWsZNw(Wj6fi;aWfukahix>CQEQxsk?A0OwMu5^uT?jZRP z2h8TJq$pfLD~~_k*19eRbY(n|KC!kO>}BoDEogafH{_FY9#-(n1_Rh?O4jn#P8-Z! zqY?tMu^+$-6h6#Zbns}nrUq(Nn@%y*Pq6jS$J%~C)43{M$;}AVGW~o*Vyn3eKbC#a z+@nq8Ct4IK$F8ML`EUm}7u2S^d2e_yo`(8=kwS0@13-=bKic0h<3Dfj?f3aVSMqQj zpWP>$`DrJfKYX&VA5ZM}qhM0w^<$K5vdYf8Yoxgnv))tHz=u30q z$86!JG5wxXKvV~7x8U2i3hNy|Bpc5BTX>p~^Xv?vl%LA!!BSn`%iq2|%P4P)W*00e zr$r9!t9m1!rvPQ)XV@kL924hqDONKQlOqFv;BM=B#oydC{#3z>TG+b)rIjd|V`OT_TD|hKN+RIr6eIHA%$}udn&wbEX!;c_B8Kmna zsa}$LDt{u&c%^T&j1L#?;w2w>TBC}H5}Nl0nrHGB3jh01zX@d*9;TETU;-2Jp*VR} zz1T|&sHoX~7gcQX?5Na`+QoSJu}R2RZJObB3%1|QUzVH2+RY`%%|n(>;<}R zpCX{EjE-m3t0hdBEzdk(oth`BQ-q0fv(N1swUCC1?dM4>) z$VXla{`YVbX7j`cDyAw z2u=lD59+2Ch%>BRDTr5~*h};;N`GA)P<17A^Di@)Vj~f@j7Al}B%zuCy=exnJknh? zFbDC}&n8_;`{+;^Q-sMRgZN9#`Gl%9asVX?qq3f!R#(&(m!&AlPKj(dmiR8-pEWpK z(5LN>szr9AJ33}zuO-SkrYlnwv#lcmu(|vv+VA}S_s-VVwrT&}-rL#h<-b)tP2@i@ z@*N9+B7}6ZWC-asyVZw^c_oYONkl$j4l!iD(|lK8F#erNr^-|Cz%q;!Rm4 zgE=N>rj%friLLgo<|)kHW0*N^v#&+TMTV#V;%*{?a||y&9J{Kf8H|x1zKw1&zYK#r zKfa=rrs9~GY^52v7Xe{q)j-}4sGDZd%+K!Mr=d^a70G-8C--c0<_V@GSwt9yUTKwg zkW5j?hx0BX!4xfw^&6wfTeyJivalB=W8~?|g?|eHo@Wr;!g~zhS4x{3I7S(i`FZ^y zpp^HMdw}ORyqqKJvy4TqO?7Q@=N2S)ZrPms7_zQAgPE(jSw3l-wWyR|zEPnBG;2{7 zUbZ>OujuM!eh^KXwJSZmdAeqn!9b~3hQuT3y#fVyZ7K7#grezO`X>d`uC-IqPz4;> zou%QqI##7kDqXZ(NhC7GmZUqA<*#39=_1VOa79oGj*2AMf9AQswR01(FTyH~U{0cV zhzUxM;#j?Drs1XTuylh>ymGv^D)4>-6PWoL+KyNTW?}~Rrh*_9bawA48gzFNcXMr8 z6WdXFTcW^HE#*6z20njVJ$n>+rg|XqV%n8P%T02~#g+>c3dnkne3u;c%C4j}Vji?O z8g+_YR?BYT>{UtiN*s976kUchTGKx^OPZ3eX)5B(snn-0>I$D!IU5wQkpehkLW;43 zP0`ZLB%P2dkUpbJ^PL|h1SXULfZwAeM0XCpWC(;JgGluCm})7Sc znTD9>D|PcfUBMWb+|STI+;h+>Rw0`?6UUNh265oWFud_epU=W+7Z>V}syr>X&lRGi1FqERY|t(3+d@CD_lUBL#7}DMF3bw0)^0xVhfK7o zwrT5yO$o`97t7^P_AOTq#6^T$SEx{3^1UGE zMh@=Gam`CqT!9x50f47|2E)(d^XFK8 zcc2?bH*D3=sYF-K`y~3J1Y+LcV-wx9MN{JmPN|3^Q^+)jro_WtNKz9oud5@)Z@)Vse(5a679gQ72Ec;q0$(#tLR;%)6vn~KmC6rfj z>!-SEVCb82?^R#&U|;Y2)WI*lFjJWmMn0PIq-yO8cRSiJ3qTf`QaUfy8JddHV%SRK z;@1x6m-4FOXiK16A`O;TzlHanY7p0Tes7Q;Pbt%tt0D?9JgRki8ogAKz5?sHqZi(w z;?l-*yz!h$3i$z{GXsU}mL1<;37JoseIb}9N(ce^+(ID&d>P(C?JgYe=*Ab()1@|u z8-xfZ8J}?qZI~6$anM$`-qq9CVGew#0$M7#e!KpWecrFVzkV?AoH~?dz+uuiMM|Z)jd`?T}t)-KJZzogqcp zuDK0+a)ahcARDINoryI>MfqLT+%aU4;Ju>Hn=inWkQ5(oZU!-$hjdab;0B*JAqwU* zm~e`1ZV$KjHUpF-FrdGg)Egy}&HsOn*oGF;eglbABZ8@ySluPMTKF7LYjlVAFGW6m zm+2ke>&AChZaD*duLk~2pXT}>4yG`i$1wb*?M2`^{cqdK|3BK^9rgO(DxN0#Uq15R z!$n|*%-{Pu@Rb~o{$g-{G5EPt0%vbJu zL;1bJIR9uWae-Tjr=?V#W$L%(D3ez=X;Z*0qfSxcK??bmE)Dz$7rh;9vs6d#uYC7c zz8^g>n3#{&BvV+KC?bxN84=I#5*Bw0W-tk=D!YoSdUC=JjJfj;XImVY5*v>cR93WV2L>{j z$d3?M)=j!Ts%#%s_9=u%mRde6%Q+v)OAqcV02!pvBVV}w7rzZbZm7CTN>|AtKX+(& zNtd0Kh-TQ|wV47O_X^f!VgRtV7?hrHxE(PokQ4IEeG**2ERy#(%(vC~wd@pLxmoX@ z8T>MbNg$}@_}~J~CkDIB;ym~&KIxeo{P6cIB2u8|6*MRHn|W{xi3Lw9Ipl?0l(jml zS4=ZFj`9FDLCL<5zWkTyUga<~0v`A*s<%AwWxvYveDyj;i>HnJFSXIOK7e)cU$^(I z{I5IPef+PLJWR6B%?#a%{1W8TO8NPWtrYClQcYxewS1lUo|j!#VlN1}LLpt6N`C~o zT;ke`;=L&T9olgzTeZB;s$-eVG1RTL_%z{avp}}IfQ3VO(Z&)j(NZZ8D~SR@bO7sS zTrZVK5_RylHwE|dXKxDrK}^BD7^*+j^4}E3Da`QZXP7Kr z&r^6jg~4s>E5J4K-}c^U$F%=#?dbgQ3hVm)0pLFTUz$x(?$tV zq)wkUQXlYm93l^_@jpaFlC@iS&lu+t0wF8Pe*@+wO%S+&RHqKoeh7LiwW4uRQ9Z~R z`%zqkb2*j-0ULC7MHxzFbT9iLau}E^W*I<4f+2Bk_(iPOS(^Y&HqRH zBkTNUYrjALS;@ng`z0jvEWzL{x`UViKMBFF(PT>hPEkfM@G*`i316LrDYy3pcciP1 zzD!ZL?1n*wYBAS_7zXn!BKIN?@=%?6tt|$Rx<6c?ux@8)-my+M39yz*$c(RZqD`a8 z)B{_{zo|90dM9+c1J`gb@oPA6M4Cg5H7i4 zY>cyjt4BK2XCa-!eAcmvD2dNGl8Fh0T2ydNpuAJG*fruZFI^mJJwCE@St^DGwE+Ed z;2>2r26t9 zP%BI5jcXhKa!3dWO_A7q0e+uGF$8xI+$QLbPr+OY9A{_-^kH}jVo3fCv%M%H0Dev5 zD2PaW&mdl*Tv!hL1Z4TmJ+}11D1!ls?_W|?Wag7#$}fq)slSNOJfl6L^=FX-jqa>e7Q|}X50wXXU`=E~xrdaA zggV6L5}AbCiD;-Hv4nW&LZ%lHt3*V7*q=yD#47K46j4#OP$MadVrQ)_>(y3qQ)tYs zqgBS-iUq!AH~**tWcegfDfWE`k~*$GmoV8-{+s!?@H8Rk*%?A@LO-&n&i`j;d*8bM zx7GXqtmLWlY0(B=6K|BTw8{b#D{}*!CWNi8Utv6BOyULt7?CMEFD5VP|MqtQ%D^~A zKH1+L<~7ASV?G{qa0r)U{(u>xENC8wY!kj=4mt~%5g6t?f*^KK;!pf20Y2tj=`M<6 zfJqjmAclTOw+adj7fqhcXE!jz1wabu1W1=maC6W5K_TUB`SG29kL5WyUrrbi@Qc~rmIv0wm{AVKohS!IdC?8b`e2s?e}Nd?!HiYVZ z%~*)H;tB^7k(K=P)lM(kY)Mfl(#H)8c*t!SRt%;qtC3f#{ixkK6Q1&X8Kz6It9ua~lV)rgCt6!F{t ziTUNChavqd%A!B$HW*)^@MumDOLv|D|JDb;UL3XP#x(V-k@p4kD4A?7c5Jj)w*Kq+ ze*iNQjhRFE=I27$?auzYyR~QD{~YaX_2>U9dAM1(7-A}YYvzpQ?7qsRaRoYW3h83ySp4Py7kYv>tAN zldmZ^UnVHofU}g`gO3)-Pi9i4YLuo3D~@+dqrt#5XgUv&fa8dH+MB2hs%{=Mz)4^t z{Cj=yku~(`CG(-2AR?|3q#A=_;lN-*(C^_$R#H7 zHCl>d$Q%!+#auS${)cJ3#y!~m`KrpxRf6*N==+?P>cy|nhgE1P<~ zb>{E$G?4%4x6RKyDb5nve;dUA+cNF{TL=C9uhl$Uyq7!7c%B42%mUSiCoqATPoiYP zgKYpQF)LTbh!Iugn9i0OTZNfviKkUkq^BW+GGr%!!tTtXCCrlm?2km?gsb_O?dcny zRP^0iKgV%AkK>2pDPib=QWBA)s##X4L^%jA9vQ2_AIkFOb1Brhj?= z!vo%DZ<#&|JsM(l?KJMCscf2)ZD@?x8qY(`KVrU=qdar2LYBe$@qRr-* zT*3+b`i}XQc>n#;-}qx|f2(<#a2GoA8egf~ zVyDn&VX=m7Dg|>)(5z*pF+xOX$zsGcU6Y6wY@C_Gq)Q&3^SlsPQ-X1Ana*EL8j~HY zY>XFrcw>?f^K&nT6F<1GI5b*Q6Ac=NE}E{i`2rlJEWe>dM8vca0Jwl2 zje)=LqnJgT(p~ft=+$}GA;anE3Y7BIU9JoZG}E~)KiF!-Q& z>ecoGd-~T3SarkJ+nZPaH0A%{&2b(Yl%FFsR|abM|NhR7<^Qp})7yVn^3?PH@J5Le z%c5A(!Edn@$d#U?6Mm76{?XinBD}fqv6cHg^)bFfnZZml7~(wO72{qWCZSi@l8Thp zhnt(v7l+Rm|L^m~Ms|0&w>#R|G@0@oQ|VYBP|2-BpZGUEhTNUnOAy9!i)R0UaXdpI zd=*BR^5>4wNKrs-`~DH6Bm^aS85h>faQ zLPyv9s-x`k$!amKShokSvF(hG9Q#B0kP3O53EB2|lKT`Mg4_8G%o0c-yLxfs<0#nh z=VY1>H-%cHaA9q5S_zKG-^(U?z5i*RruskU$?qV^qM+?DV2%F2HQF6n@gGNh{GXLP z_3UFN#+=W9;;Pabe<2O7L*-`)%P6h_K9f-*D5GF8O5Q5@gIKc>+AJUnUSYHlrYK4X ztF*yb@F5V$_UxqT({%ky3o{e*J751>*81P=?|-f2X>k6-ay8BTbSUS53~;U5@Wdw( zEP$Ev^jD6;zln?_>hFzG@sV->wWLT2Wj5W*60M$w>;HzOjNSZVp_^J_R}qai?FE<7V*?`zJH3R zCI5en`~O>Z{QuGR_HNJrSMk*Ie+TR7zzeA0&$j2kcYJp728b;6?n~s9mGjJT&K=?t zzu@Zf7wQ?2_B3Aq+00MQ+4x-%l)=r<{vY$KnI>4X{znG~ru}DkXRlxXD|s6G{|&7v zaLg3LA)5!C2R<%MV;RbNp_vvlzv9>UGG1|^Z_R-xx0_4*mU_%B4>e_iW%@TG!-hOk z&2e$(24mgRJshMt>;2_h+MK6RG=!K$3FE#OKELLr7r3=viIioGe4f;i4evy?%~z)9 z9;+}^i)eLCluGKG#WWbV;FXQrpYj@`)&nVxHpE}<3QM9dtJh=i(2Den^m6a30+p9x zvxK0`pTMIaKyxkUmwhvi?UO8A^?#sweoT&27)0ZH@bNk3i_-x4380L9G*J5Ffpt#p zzd+#6U>x`u4ro8uZfm1dDEK?W_dWpm0^TEIo@cb|40jD;_t-mTagL&lI>N5Sve0hB zyC@0K9SgFy`5bRD*In0?v&YdzpY?VAHl+<0$@08SZ(!UQ-1MwaIg0)M{pDM3$Wzzq zw{OpkzVR|}cQb}X#YrXirK>+{Q_Hz%Kuj*rjZpIsMVeuMWdLHu^|A4T;mA77(en6!j(b#(Rl z`uw+(Gh6yyUjCaPG>IDtfOYcU){bfa-yQ9bdiie^&%@o8!xq*C%J! zr$=wEdXw1S_*q{5!=t800Cn=;j&=S!+THEXe^>H6T>itOUiQPI-tyOrT;GMrg-1^! zZsE~mh+8%>%Z61WWCkZ{gn^|A$>HRLRN8(35%sBS+3WCV_#6-Yng0h${5zJ7!PC0+ zh$1N-8A7EW1Q6rj;QeXXRK`3$KDoO3{M*TYd_H~s3;zfM#h1F^*7j2qu3-sdx{QAiGZqdwq0rwX?U+ zK1kQ(C8`4OFLZ-T@uwe^-Es#gx3h%YS>`I4f0rY%`2zeCl3)t*FHCw??#AYFHBa+v z11(xrcONNd=X=<43Ir1w3iz%44S^T(SF9Hv-IcvuY#b=D&31bSAnR$({}I9@^V3Ty z=0E)WXM40`=6~Pa>+gT9<`MCkMffP08{j2inFT^{H-!n9p^#-+&ZA5B7i}A`2ycoJmU}lvm?yxFqwoCP$K{7>Q zp}LCQNA7p30PL!+_(nSQ;;JV3x6hdJSJ5y=^DKaeBJUC7ymG*gIep4BE@w+=M6zqX zC98UkmHNX`VMrp`C;63s;8fuo{dFX0GX#HuFLOk4)xgHFcj|oTvjqPq+6Hj)mB1|V zV=VVFfCa;tQ^+i}Ce>e4QwtkCP?K{{Yf_E;y+2{C>X^Jos6f|6dV53H=x)^)6sF z{D1dg-}L|A+Zk>5{C^eCGW;6nL*Myj(6uOuNOT$*OvbX{J3hZ^?4|(KA#DU$t>A3HO;6LuuDl^_ZWx2B&znko^`a%HZN2~(?!nNb z+Zmz_KRl%h7t3NzCseaZ5uhaSNoj#~N=6yd@%ZxO==ubl{NL-7v#ZndGjRG(aCUwT zPX6!d)%6unTK`{O<=LJSc@`Wp!cTy>X!(D6?aF^9C`B=v+&8W`p8xU3Jti58fz!UZ zXacj(6Nmy7!ptV|w{Oq*O#8m9C)%_ZhmqP!$U9-@6V(?GOac^&s2|MK&VC8&LCI{Z zgBc?_V~dc+`H`!7uYDgW+%Ro(E`W!k8!b4NrtyRyQ!Q zFm8E}C>?^s^T)Jzu$ncAvd=EwsPP4SHNwDi{0ZE`d(VJVzQhzc($)xyTqcIJ$fzo^ z@Trs$*+d4;uFmF|{OV(8z7QQ^I|6(ZKx9sQnFjkgwzJ~@3q=X=UINc*(ScP5^qWRE zFiU&_OK4IqyXQ4q5+koC$>9SE9Quhx4BGhlxTMt%IzL09*>6tucPNDFv{6-aFN19J z)y-#3=MyvUDvdNCo-lrDM5JJrnNFfj6Qd4j$t;R4T3+9$8ZC?1^q!)NXew26ax#HW zX=h1tQZUPqQ?zMf)B!og_F$8u(k>FC$y>O9v1ihOqszXjV*#@aWghVE{48Oy2fZj6 zBM*2XyqVLVB=ZAkL8}@Oxvxo7w5C-+tp>=1y3Aln6soW_duqCwDx=qIMA9sp`Pu#Z zG^BDT$$SDQ_a(z4K1Vw1nWr#YL>Pv2H&2wG%Z!Q>9jo~V50kT*WyVa!sd0ZEcM#vP zGp&*#0~&NLmefAaZs|q>j7^ZBcJ{?(8pz|k#S;}%TEc25&|bMD-)oG1AA_$R93o(GO!*K zus#HTQK$p3Jpk(y?Zwv4?qhf929i4n6R^!vdeauwu7$K~5}&%BRn4ff9oaCOGMTO9 z%8w%kTYe(!5Jfm$a>sx&ElGk9x>Dt8C}TX*OUgKW_tME{svG8xoJ~b7^H9H(_moTq zSEoN3Ks#eM2He_cHBDX4oNT+!+sw(9Th0Upo-rwwo8nHPQ{KI@CWZSZ7z-!u+y=S( znI`pfzE9_02FEblU@Fy(EecglLBn-jYpc=jX9qw0sKZ=J36KbsqguAbsf5em1b!8M z^@p#3_un74H~#(8$E}Tj|McQxcsKjB#>SifxBDe!kb z38s2O4V?TRN>~FNqcA&{0SpmA!aS`Ir$x#h8_ zCN`l96u#r{EUipOtRa-1Kz%Bj|T<~J5zd?1la*@H!5w5&8 zW;oq5SmHO9#qaWW**Gr?>XA@Fn9Dh_WC(NRY)=`Td~3Tte|>%k-X{?O1Y&~07-bS$ zktoUV&D4@8)kG?ArQQ+!DDvPmNYkn&aV%R$GI^tD&(7XxLRNA&8l9>V<(A0tS20(S zr>Ym_)AeyDtYgZamrU7}P1+8p?e{iumzcV!-PCwm$xMp0CkWPuciD7r;uDYJo`kNm_}@CwN=sG1|k9(iF@pGEwvD7ZdBu zmfsrZhgb>rS=?HaDvsvpKNMDD!N*2WL^*Bx0C;H)TjD?ece2&wgZ9;)Ljb35-VE`Ldj zVrQA|@{_SwDLJN*&t(lA5B_* zQduBBx6H}xjOz6h8@u|)dfM~<=6PS_Q_KIiEdB4`puhjWlBWg#7X!b%0$7rNKvkdI z`3*YPqC{7gQlk{vzXaR%s*=FR4R1+tm&0@_L_KHkAMv#3|MJf(#s{t%I0V(%|Ms@b z{9pT9`#U}VU&YgcX>!Id{ejv`|25u1cG3rf=PJn{EZ%w{86cmPKuk-p0nU&-?z!_Z zm_!ShRM?0#6~%M!3WkSKZL)%<8jP)9HFrT!F>e$WSokfxp_|1N0^T{f!$gTNzzhqh zx+e=S-!@>do!p_sSG^&{WbLkLRuhD+lxTUq)?_OW&gL>?HjC7jlj%9uBpo|CTWKgZ znbd^+t762isH`u6h?E{}B#gES=Z{kNKfy$#3kU~odw{5kTAt%PQH#qbL`+Ksx#3SP zKDFQf?L}9o3)bp?`=iGZ8o*DmnXRG)BSk2Q${~JBT_NV5B(ky;5HB^Pi zg_RCU^SEF*RRLJmN{B}fwh$J`wKodp^kxnLOW6SNsJTN#F%V0knpf`@)qdxB+^0SN zZ|?$L!~eGqwoUnew7=J%|F7g}!48-502hTs6u04R&R#elWkNP*r2NkkUBRgr2sdIm zH5Hd?=IY}C505_RH}gUc)?rqO<}7<;!3&?OXYRG$(6Z}{GPY}U(SD_1{&4Qt zaQ)+83d4B}L%s>Ly9it-|LyJWnfae~di(!sp8EAKN7|SIxVr-YJ>Vm2N5~o_enKWH zP3{L5VJSSV4R+bAIe@qR4UDk?B4#g}135|(L>MPEA^F7@<96da{}uut1Sq|yJcUdl zPyp*@<^N(LKE}k5v|i7Ii3f2h(bc zjxoNq*D^H}2B6Jt%e*Oha?|kIrP1UME4VJp|Jz7`HT-|HwQu_W>>iA^dj7wPrvd-3 zSd48i0y^RlIl>PadgoQnj%*E72|$#vh(nR$0%>j&p8!mVk#63t5vylIlAq<^9*Cy| z(*dro;Bq;>aYJMyV4qKeQ7k0Fa;JoYN0e3o7|Ea>J!!)&<0?ZYba zess0bh`@D{I&fTERIqN|;|GUYRYx|O&0rWU6AZaPGKcX{+UJ1U5WH0^Wf#(&(i6{d z3X|{w)D#dNN=pG|1(cKs_cv_+)=vZZkLC57`7MP$<*7aY*|p+-?eF#H|0{V!kUlZQ zpg7x?={)IYKaK&JMi|JMaro@dKdY2D39ofPo#OZ5GXS_=eF(0nQ2Z@b-=c+Q04Pc` zFRNij`!VtzCrmz2>OM*~bn9;!xMia}krZ_s%a9D`~X`hdudbHuF=@YPZr8 z!G!>CHs6Wp2uCRKvwL+jT9j-?ti|5n;7OlG{Ga$y0<+D}em22v5C5CQ|JgF{e{Sz> z_4@xx9+Cf<%(DaoI=(zj;=`CfpD#lS&S6li*aE(NdnU?p_Dp|JzD(d(lCx<#SBL6O z!HSAtYm9qxb~MK@q<>~G31KE#yuj^QgKX7CN1D5`H)8#Iej|Bs#ai; zpCpTJ*gi}aKLyKY{dgp~|D{a&t1wuYEE-&doWeL|`;mg?>v;-U0_`ONM*|O|c}BMc zk9F7+c~1wN(dWs+*KS=b-fdV~xYCZzp?0md3__GJlUfdid#9Wy@jcsd3ZoYTsYR>S z+ImGPY^p1+-BvGUz%X+zn*iPF3wyypFw#{H1b#r?g^h z*1g_Z4u@iOrV_z(%%FWTQze&@(S?tV@dMDgh4(es|E2&HIb?(}cZORZqAhm-&(tTnu zC>d1vMeDgovN`meqq`OnIAf$)Mj zya96(s1;>B_JfUZNjq|~YR5Brkp^=$N(3{bLP;ilLqhNzb8i#v>Wl~01AhkNz{gPb zL_yJP-m%I=PseDUgl4`Qy^JN5gw|Pm#@+MD|R8Q1e%%Tv9?cgI5_Oi$Ak8V z4M>!fjZNO~js{6^7d0=&bL>?y4K5JVdU!aV$FW$`VhNO>VR67hyki)&Hqz=cLa}od zqJ)GcUmTj-9UIBTP=4osT=-<_z&$?=t=$N0aGyM<^p?NM3vzlmF)E=?G}g-dX(STj z7X^!V7I>xjgN@|vY%Oi|e=1;hZ2#TeKiIeIzX$#O-<3R;{!a(EGa~>6_OloQcwag; z29)Y&s-~c-3CdnAaB|oX*lWX+v503bS8)z}V0=)KsBvg4)7B^)#ZA#v)*R}Y+YiwS zNp2zUM!QR_m4M}%o_T}Fw0%d!;887>4jdbQ9a-g&SB@nu=2R5vxVdz>rBo+IMMax) zHfjkl%4C;{4m%g9(2gEeH>%T&hUGP-00qbG)S^NuVobtRj9REg3NejPb6N>*ud|G4 zMq|7m8b@&|LZUsl3RO6|siRz?QVG0XDc)i({M0yb49SAeErX#5{M81%D}Jt3SMrPn%7-m&Z8_go*1YkPU_7LJ}=*3Vp3iBWw{1DbK-h_<7q&al{594A_xelT@~k zdpgNSLF@{W4)&c!e$vPa@LvWQts_9Yr0W>4C}kZ7YI{Jz^Yfw7IDU5rgAd&qTJisJ z^c99Dt(`z>`2WGa<^R1i+Uf8AtmM)7|3B&YcIO2mr^`>V0~DRk zuTPIYA0J&@8E%d0ewOnNvv`iR((J3IRUPO{f`t&KCtv1%tU+cj3h$HXi~4p@bMMJv zEpp-XNjDnJljzGF3MZ8+_XGzbu3-tpfXJ%?aqLm`ewNM&-5lp6iX(FG0dJD|=`;$k z2fRfTLgX?Y20o9jqmafSX%sj6X?cdhG6q36u^QdK*D1vjp#QYE{=J4_a4h)8;VTwa z{C{JVRBD3xvd1u(XA!v<0EU4d2Xo2=mr2mC#RpzvRG}Efg`CGeT>qyj4CVy9{!b;! zrMWV%|5JtX{@u~lZ>50v*K$}^zjKQ4no2_#?@wQsw!=Oy(+sP)p|Zi;g6(h=D{Fc% z0PFAz9cofh2y7V)lr>(}BYUz5W}eTF@Sj(2GBi)A?40_T?n89uu`MV?p~~XdF5cJ_ zv;o<3hX-~#N>hr2cqeA%tp~j8|D+tiqZ3Ny0L?11VHWk--%En{e06f|2DAABT%W%_ zKLqFFG0eauode7>vhrLCTiFpGiJ|oshy2E3 zp2Xjs`EYtHd*o4p$!oF$h-r2@2H8AGqGSSm%mqq1 ziP%aOA!ygP0Ls85gFb=T;3a#PLAL$?Octg{#&{9R6y{QFGQ(`19O3sEW{k0v7h%hq zmKlKc2^59g45<;#XjQS)IF$Av-d~+uettNV2ScD7QG$509EdlU=kG5*KOBq`LdhgU zi2U=4PN@v~AzMi2mmowCGigf9y_X<{1mOKb6Twspx=qj>AXA@!F_s{h9I4Mdl<5;m zG;~Ruj$(-KF@ZCCuAQNT7FmJ-SNoqYPmW%HK0kZ=AD=JJ&jmO4w!I2r)v#-Epc_wV zJ1Vpv#du`9xU;uq#+s7dp~PClj75WP%{84rt?WP1%%8w37{h>|W}#o%Q)B3{}gCi8+lj6{e+rYszln#BqPO8;j5dUqYLm=3Dv~8 zio|r7!4%<$pv;jBp|M9zfsX?3(~=kwf6@&q#GfpSLpqP+3lvAeeVMs2A8M~C>jCd{ ze1^zH1~E)XW%5N@A%d!vORwr3#drQaruqR~DB&obCMy@-c@ym|ehLi>fK4L3=kr^& zWEFV0@T@We<~05b5X1~w4-qC>?f-E!hQWQ%F8gsG`D$`QgOm>5p3xQ?zWNW!5qjl2sR4+MH`#$Uz{nO3UO8!exMwSQwSr`9hXMbeIe>vFc<-e6Yn*7Jcx5MaP z4Bk&6{E41Cj`t^q*&+(ynLmRs^IwJJWuKX|0=f>KqL5p7pyQ&qJfDy?BMd~A&f#!q zo$l!v3`I#@dg1WM6lM&X4{{|}3C7}vNBnF8iDr&ccFD~b;3x^%2{}8N6J4@Gya?H% z60|DtQu^ds-tDUd8vPtM)k{P;XkMq6lu1xQkqGB^J*dDXx|U|qEH|$jJu?u$5JkH~ zyZq{KfrAQKmlVXbO$9k$@;{XctB(rjDkfTM`QmcVTZ^PMlUGMwqNB}Tm3ECLa0$$+ z8LZ9Xyo=>?*_hAet!P;sN@j8eZA+prI3`Hx+-^9(wN5){dD%>NPV;X2WZac<7F8xk z$q0)5gbtQ_0@}Db)^1+tg2JKe#u|P0Me&|e3b4j)s4m}jy&)I5j3TeVI&*i|-xe34 z>}JcZVv!)d$PhsRidB0B3DPoig;qTkb>*efb&Ue@W4U|T*pK5IKe&C(zvp|W#A)CT z>y?vI%@4}k(tG5jWnT7`=%|}q#=*1Xru>{(qrAv=tqle%C0h~@3VO`b6lTC`mYabT z5>62&1vvSOfg9S@8AmWmCi6IMzsRaKA)|tRV!rtTT+cJ+$wP5CgX9inw*VzCK}0~n z+;?z}9`NS`&3qD3jrg89?GRBrA}qNfK;v=YpiwxD&4%C#5+d7Sz~I+3j)I89%xRT& z9Na~5tkq(@xn{eHpFw~LEfDw^V(!|J1B=ua!xKP!1;{vYXx_KT0Bpu03cQhhcj z&NANfYzt_mwA-yV*3fIT{M_j;iAdzf(I3zVM#|51d@OZ0LnoJ?PlS46sy+<(8wAio zvs=JKzZ@hqv4m@3g|KS)l2cVKg~3p9INZ>Z3!jd4Nmpu3mT5rs%rg}$vrme6uG$SO z#mJ!}s9v_x*`%oBi5lJjtgl(aZ3W-hd;$LHM==Fh=zDPn{qP?6dFusur$ny|r7h0c zXGG^RYD@t(@DsWZ%l4>%Mz^>a`Jp>3*@hJ|MM1(v+{Q7%Re7oB6DXgEv_%FKBwc7`SOLczLG!jP(m_Up@;L$BA z5`WWKO6IBV2EqVb8@?c#RYjUwCRrMI;^ckca`MycaBLP-b8VLs1g}_?gisHVtrB2E z7c`h-gpub;BIZhW)x;%2a4%OVR}Er?F+#V0OYC2Yzb&z=AY}Q)+8l~XjwQOsF=*xF zp|)52sEJ><7O6t3W`H&9k0M<%16(F9MvAmpQnK`bqNr;~LB+ao9iLe?!J@PQN0`eP zR!-j_rJ)l4=?eRodnPbo%EDgC`$x;vB-9?}U8;i>Rnu~*px@OSWnrUKP< zG=pgFbgHOCGhe8l#_3CNt=R?*b;}eWfkd)HL9(LXKd3xe^r$Pb(v&J$nc|l!c@jB7 zhy3#AYY5Y0l-|4JYnJSo5{4-{xZ}Uz6b7KUWWIpeT^13@H(7apOthJkZ?pMpj_o^` zO<)0``0Q%0 z7u8ajMJSZN9l=+m{L7Hg+<5q5PM*r8=$V>e!6iN9`L#KOf$Z2gMn2i!^=KCf|Ns83 zXC=C6E3>74ix9BC|hURz;!1hDBZi179 z*aj%!gkeR!T6tO%r5v-5AL-`ZaFn1G%?WDMGC$KQW)F-i=4V<(pWsFX{Ua@|O@E`b z_6>Y5m!SW~Pb>Rh5%{FT`(N8TqrDyL{?~pV|8*sgCca(fF?TwV-16!2Q%G$}Z@M-F z7O{>@dCU~Wijw7$mR=?oEsED}DXREh1 zIzJTQwIww9c^IT~?wT}%GnCzzmgAp+dVr-Ai=$aY*uKR7I((+vg3OYlSuWFF_!vjY z1Z=(Jo-o|MhfTYPyaY4oGtZ-W!s-_1XtG;FcjDyA_VeyM3s>&iPK=QuLT881=%RGHr-oy&bk3x=qxOm8mUSKNpQ{20<< zcW6jOP1;A7>|cAXA;D7s?uglnc^sE}vx_B~VW>Dyk8|bMa<(WicX*r^oygts!!yGV zgcGX)7@cBp{yj$G>g(l&=vEUXKy^GOL{ww@d}LB*pjC)?EW=RE%@*>g34qx zxN5~PID%Lv#vvAXcSPA_}5SaNSm;xW9J|Qsc$RBYTakRx2p4Sp3^ZxL4yW|$V zaQiW8%7a5*rJL$(~H46eM|rRYxa-9 znw@9MPv8V)YRYq|ZFx%i{@;0AUO&bN_+bb#aiQ$n{24g?Nbnfr4%^t`5VhT3!#3`9Q2 zWHCAx$EAd_G5R3$#wY=l#a_;LFDc>cF5(8b{5a>5^3r##qQr?ZSAmEkq-gCA+}Yup zoNk!&#LU=9ceXK#V{}KG9iwdK6YP$4#?F0sNEDvHQu1Gcy@9hsz^b}EX1{51QvKAH z*6;IaW&by$^*1~PsImVa*zrF`2Yvpx)jXQztY8mUVx)mgoY9HcZOosa;#k1yQ>TXm z`W2%*frQ6H?Rx<696XvV{vD+|p<|{*ALq(xS!i-u_&tW1yCnUR7h}=$-Q{?`3|i0` z9o??v4x;|;+cTf;dKX!=h+;T_CseOz8khy5tROoOm#;&sTJedU&BGu-v-BcE<0xjn zlyuj$D(S_zYpQyn!2_dI7Wdwwz>lX06OUJoKLjsMZEa z)`X3vZ7n&L3v=aMyOJmT@cditUDwCFRJgw=7QEw1s5Irn3`dy2Bo7LuyeU5hQ3_ew zlLer}BVYQ}TE#ir2;m|Mpl!`uTcCI@GP$?gad^ddXr7Q^gk`*xd}~ZXbaRM;s@p3=DKM;{QE|r|vuGT55X_>ypU2UZDF(PN`4o?8*? zg4Gz85*McVu>(dzK^qp)$KoVx!!A|Mn(ok6XLK;uHQ7>()`T{wo*P}x6B5m!xHIBu z8mIR@2~fhJR;KW%(PHy<+h_A=*7fH1CIuQb7*}UoX{oonoSo_w_QnoSH6)S%jadRv zB4&J!X^G2J)48o`)l1K86-bMDO?BmSO}7(jN$yMJl}DM)!_<_x@#t6iQAREqCv9l6 z<4Nai306dnWUv|=?eu;Qj5WzTk#YowF}efmvAk)cy&v!+XG23Ogz7s#A(KSB|k456@D%((%tm&yuoPIby@g!Jt zJCLpEUQgnsXJT45$t$*4eQJAt80NT?i~0=YJA{drK9Z`L**qyyOhy>oz`&nlNR?5l za}orCDY{D-0M4y%;232P;Jb(f(Z>{U20s5uzwT7tNr68Gm=;F2OWBw?Y$AY#m?WXcXja?TC9nx z?V-_Wl_p_7Bc6DAK9e+OmaB_Kh`nqI=cfQ0+ zBx+XG3o~SC-VuQ_mo%)mT`wBrn3?t%yw2B@A}7=SxIG8*mBCPG=5@n*@Ak1V10fHW za;TvVU?v4N?I3Tjx{E{0jL{@0JL^^mVS4gq?#Fynd!IyKp`z-c5J=LB9W}xYRX?9zH-C1it5>7{~5*51KvMHz>;h97ESPZa*|~z^UQtG z4!~8KBesngq%ujZuWgM=MTXc^OA70xZ?i!Yb4K>GWVGCtkOEx4GygnKtNmX&t8Wtm zqQ?JoZ?tRX{~hfd?DYHpDjseBSH`!)EN}|cpF#-G`qQ-#us|_iU#`2*YXJ)370ebe zJDnsbgQ0a>2PNZZGV@apco+s5Bp&b<0dd~k>D0|=^98tm`}*<_$e^761DqiOJ{(`O zeILyUxVpZwZu4;4a;b9?3nso^-25$ZOX59TPpmt^JT%}H@d+Hy<10uE-yV7UGQWH| zW0OB8<0gh#0LkVeU>B1p{V}7zBU-(Vs`KKpR{-$TTgoN4efr5?&AAXP3b^EU)$;7{Fv=WpQMA&6+;>(OpJ{Y6y&d)-CV;@h!$IV()*V2NbCaXU~3DtFeMVMTp zTov(v_e&H;8Dud{{n(C?=d0_)9=CN}C#o1=6So@2tZI4{u-c!!>sVCa+;C!;z9JHw z^iEl>pR%@gpalKI?p^K~Vl`}cz{nz(S4r|za`}8TN)!u^6_afkrQ~a%^_W{3EQZ3$ zh#zJWIXCAu09lhv=|SX#HykFww<(C;ucs$3`^gpARQHnD5=c}EL!ZI;1zLX@lC4Kn8m1x)6I zSPRx6MU>J+VFEVldW0$aCWT1gsze$(iesL_RfIvqfGV^p3h}1mM?ohSuWr`Ob41Sk zTL>^rFl0F!sbb*BhvZlh20*5)RO>U^Z2!fV})BZ@e%tT`Jh?O5Tyhx{J%8B8l3MGep?zPm+FzCJKKFLN52+JM>ia*7J2BP4 z`qs_firF=2Y-iKSv-twBOIBR>5K=O8pyW5EZXn}obaQ7pmQxr+<0z;~5Vu4fky4G%LZ(+{5T_74ab{@1U&NugQ-3=ffjJmQv1P?BrpNSW(rd zJ0ky9tm>EI;wvMidW58_YWd)5$H%%ZrBFz~^b^3D6w_BVi0q9ESReeS`P1h7m!-7W zh@&wK?t>U^h`dRgpW#;+RGbIb_z@ z@Av$F6_3XM#W+677Eqp}`6t={@=iXnBGBy?Kzr5I79h*`WJ=3;n;NZfFooQmLgWX3 zv|VGP;>t{_dZQKSmZW%hTg_Y^W~t^=)^J$FU^Me5TVlBE3qxwAdv#Q5`v2|QGco-S z%Ro;NCfsd@{>64`1EdMjwWkAi$}Qd%ZbuAB5w?^g{1=#~DUTRih7cj?uh0)+h6P^5 z3oFuR!hNLk=tG7FQtsI(qruxpGPMhjCyU8PQDE}PytAGY2LRRitMK`v4}+D{Sj}z2 zV;|)-H*>`_bfKZGe=8%YpBy!knZqu_Rm<`|wP|Kjc&U|hs>Gn?I_{Qm;^WBWU9GZkA ztSOQqC^_0B|NA|75-+|aT8Y!*Io+{Hpin3Pg+ieodoV;S(wpSQHOy3r8pkjE43Y1;IXpEoiMjp0V2VHCegQVfV2C|1cnc%wV>mDk`@`Eb zgA0_*nY(6^+|5(qEruTOt~uUXU7Y#>R2z1}N}{k0IM2dYgL>s-iX9oqvnZYVm-87o z+IJYVW)S!p1hPwv^!O>D_{z}HaR@>fWXm+y60`|(5rrli8|Roj1G^{=;U~4=AY?ne z>_=ZrH?If2fZOB45C*2Xh~5^VS<~i{C~V!LVLWt|!IaR7f>GyGc>5bUD(f?^- z&LO2`-LWLeavQ+uUxx=HPXbrVlM|g%mYf<-_x65T?4`waYF3(Ok+aU}PmBNk(}Ei6 zI#yWm=kFM1boL4&7p+v*BQn6Puf?I>`S0*HP>~_OPlGAz12Y*`dm!k~{XKCqgVKaA z0cxvcB|HT<0e+fdFsEtJnR`t7lx8C24k+6EEsUC79U&lrmqtFKo(p_5`03g0{7?gi z1#(>%RPp9YOkxU?j?Fsg5z6WR zaHrH_?+K)?#Vls)CDi~?511!}AyGpNo3k-lm`@9)M-y{UeELl)=(Hg#q-do8iYNR% z83g)no<-~xp(lMqmot4u=~HQ=*IqV2Tm;p1$c)OT&q@xbb%MqKe4);C|Hq$23S1uD zo`BZ&8EcA&QC202pDZE5-n4rL{LPp$ww3?G+kg6~apphvRLlPdqr>B4L;gQF935`u z|4lrV%8d}FcyR9{O_ia@-*oa=4n#~>A$1F-3sGxiOQ33!wkeMb4xUboHi zBj__DhoSJcqjBTVwj;+zj+5iT#x98`Nq1w%pl!#Fj~ye&LycXjwqn)cQ_qk;_y{&0 zLq+a=pkc&Glyx+K1k?{dbPWfN(4x~J+sPoFM|pXgMY%5HbYjxIBs-#jX?fw-Pajcr z%_SeFleK2d&SRJ|%~yMzPP&;i%?_eYk+p9f&RN!8mb~f-n)wqb92rjmt#lqC80Qz{ z%M&BwIyt;6X^@YO|0-Vagvb0%NoHf(KCd9NF7ub=$&8uq001>pv3O@EB^GIk^%PG} z05FsPs!4a%^tk}^!P%=Q`C*k^VO{s&yXg=0~nOy9x2G8>q` zeEwW>=%&Qy=k2dw|H5nE!R2Y83y}z2on2r5^Ud4m-w-Kw4iE~Q0<$-7-<<;Qcy#hN z?}_4a(+A$(EsFQ>)MLN;0sG?%1xml&`gjWd^FROc;>}Ce6bz;b@Lqg^!8}Lt1U&x* zklBp~gMmj2ynhe+G4OVDs(9e$2K@WK6B;C0&Ja6)b@Acs_jkWNvkL#m6HYHu_SMB7 zFP>3KvDai8MZnu3?|I2E;bh1lPLmkJXFIzJuOZVendhL7!3Z3He<`0B$$|)JZvp5} zWf#ay^UTj_(Ze@ytE`RmF4fyiK@$uE0v*#C= zzk;^}Nq{gQ99U|m{oE(q4#i*wXGym7z|DVzBQYal*7S=vFIVE$@}Sy|U-N2Pj!ijs25~aa0#-PKALkI~ykd~f zPr-11Mt`sgde|z)##j`yY2%E}zv~qYm$ma1mLuB_~ z^dk0OUe5zx*!;#*(CQ6EzxZ%MvP!em23UuC>=}mC;Eh<~->4 z^9(`!YzX>&oT3nBz}xw3P~)rjAH}(dwQ^26@Ehp>=z}Ms`Uu4eGZ@iq83)w=b^s&5^3! z$^Xui3}U(`^1?4J&whFJf+`+Z1y*zvUq6CPvfwL-Z>TFO>N~%hi2ZHVy7}tB06P_tMmJpj7495C`c@}|wpE@J- z`*X~=orCsYy;J>zBIJt?>_Bk(*T4OBv`0F=CqB^m^VQpqs5VuV4Gw zy;z~?OL*!qG12brn=%@_v1#z; z;b@R_MuViD28#D|)i1TWdFK4qR(st&ZS6m~(y_VoSH1t&@#x63|2!NGxBg!nd8q%_ zcjo;i3>2$ezuZQQ>-l}@+V=0<=}SkpvB#IofYm*1|GwY@U zHoPW%XzsZ-ZREM8-J@2!t&K+e$DV|&lo!4?YI*!ID)T}Ui=F@5!2iss;qpA2XHlGB z9981*cZ{Q162fO8!i14LFiuWyIQ%hUF~(g^aV>$rUS9vdudEj6om&^s$>-<4*zj4k zRa>Zb`V%#~^7zx>$?3kTXPq0`TfWQ%M7iu&fvGqoP8<8wxnLCDi0i>w&26v@(rP|~ z1~k>#PcolX012+ay#^TvSp`tJ-(U*>bm0mpY;CU$O0e}^Z7F|09*yQ6YP&N!cSTlA zE->9sQBDQ%nvSRRVPvD*&>zzDr7VJ-xtt)$Uwy`Rg0#%7Lyg{7;R&oC*NvL6<|WJSLWy z$LZ&K6|xG{rCQJdHaW&OLcvfhFiiqA-S-%ZdhtBMM)5qtX7QSHFvqL2bFd0e(sAW; zuoK#v=U^S?YUf}FjFry84mc~GgG(T-cn;Q~trYaefWc-rhtT}^YXQk4%z=>EzY37= zH1>|k?Hwmo7yqt2smh2tjOOyCJfJc%%J+n%rH9Xovuf=*cim$rAHfceoraXSp<|~i zcKray&bH@2TE5lkuRi|g=;Y8m|Lq@a&wm?vzQ^+)3oBH0`f~*yTJP+qI^k~UJ%7M4HzKv3u>H!C_wWBr1Zx=?8up?03{NEn6nBJ6rvlPf>`z0g^g=hCl>`8@B6B! z77fx$fj?~stHk`Yp{#bcaKl;cWZ~`^S>yzkoGk5O&9lgPJo%`_Q)j|C8;12obA1Efj9{*8;6H#^zOkpR{Ew3;YbpNM=KniB-Z$j`(ecS} zEB|le`5xte=44eN{yRdjttb5}zEq{cKPl6l_^(21d-bDWYe3xem5xRejf+ccierIV zm>&!@Pqmsm7?Wacnk#NjnzYz;tpCFIwOXA2>)-zBj`Cj0C3~dPwFl2TB-M(sL)|x;=r3Y zS^~1sM-W_G0fYgbr(|P;AqeJK2ID+hl1+xrl?dJH3RFG$U}=BUUhpK1K6uZNym<<4 z=Q)@pIn7S!u}-`hm*H+ED5O970Hrc7ZVCO>gv39z%AgJZCqvzq_y1cx|35f98X5e5 zcyzSQ|FMzBj631|bhbQJzR!{GnCI{0L3))Xc@iYd-fK5PI45|dp2&Dl|0$wt zf41_E6V#ZH=}NDvAH#{bT9hvfYMyeGC_LUbA;*sWD7y87J09hN2)2}(q8r8Tz)KL8 zEh+&4`6=6UvCRv#o`GFE4Q5AKNZyWK8T+!1cAEq-_gE#{u_;sPqzF2CLV477qYk<<1PdNOn?@@9;rlN z^dWe-+3<&iB&-KE)fBw{3kUHvRZqz|v6e6MGp4U03CJ*?`%N{6Hzu80)U=x9}f zOZg#FtvpR|t{`Tga4WG_j=3731}9w=36%P?b=oHNS7>sOFVnU9EP+%tzC#MAf@L_R zk|oal90i(8DU<+GKyV_=0Io6R3bgrbOJYcbb27!O3HRR#ih=hOc(Pq5R@JkPEVtbx zv#T;9TwI+iJRx>;oRxc<%yWXlZVXFkV^X#Gu&P7q#_EQ4MsZm9Jx>tMv*ookU6u*crCI(wpOQWA_V^ISK@vjdmy?rik#zBX znncnZTra2E;`;=Q<_B~76ZW`DOW7g`^=KLf=1L$(#$8al3Ka#va15ON)OuL5Nrwdu z&Dzhzgc1ny4!98Z(!#lbma%bFHc9*O;LJyns7!yT&@V#jrTr=Jb|w5%38n{b zeGHEei%dvDD*5{4D_{P6Wxa*@JY$Q6iNd{)^1TWbI6 z?LUr>t@xk&+x>qt&qntDHI#l&0Eqls7-6=Pv%gFCasd1|PI7ioWHpo*71bV2R#;PA zXr8#Ot&pALXf8ECngyI2m7FmB+;3wHGV@c{UMd>NOh8HOXG>N0vnWwE z(v~YWR(>sd$F^0j@hYSOW%KvsMkRKYo=efOJAn?`lLpKyz7`}<#)4|Oba0zL7B}Gk z@g##7?|sm_)OVGU)g~0flBYY~)1bpRt%oW!I`J`ti(Wfd(wmqya%tRsb-JNW{$2Yg>9|0i}}HvN@)5Scal9feE7}GZ%hB zIQL3$wlu{%!aC-Zh7>3hb>=yWgdq(VZq##0ov{<|qgsWhwG@Nt1%4F4%#(ff)WUa= zY+`(+c|8XuVbK$h#S`v|p0^Olj@J_Pvk2v&&Gwgw=`AEz5p8G_TQ_*Z#WF9OScW-G zCqvm}Fu8e|R*4U1TsxMPqsi%YK83*@8CH~IL41c56a45Lbn}KlAUqJ%cbNYaJY`1- zVPY2Ht9{2Y0Oezy8YWoo;g@U7j-L+1uggr-T&yYa}in0K_?PsN7h~IwX0n8 z_KCj0<)kWIi|#P)S3JTQ?#kHJ60pbs_Jx&dqGgbjHlLma4PqXJ#sVtAv~* z<^3_mL_i-T#+xTyrd3fA3#!NcW{_%64L+e-Y)>az8ruTmUnC60_XY7451)c-_j*qNO z&w~y0afS(ATj9Rk2yo`7>(~I6ovJV|Xn8A?ol+whn-tldrReG?t8?R;2TC?3IrOVh&o*nY?-7;mmX*Ll}MIhCl3}iu* z(-$E4(p1V?%d>QE*`ZR^6|bn;rVFIJ7i1GAr{`H3!5NI%QgVqz|TPheVo(rWHwJI2FU_u8495|y%!FugTcVm zxN?`ofmx}9T!RutYD*qwHb=qM8e;31NaxdTF(F`EnS?hJ<~XCvEs;91-JJ6Q4*Uq7 z!^{*{WR@8H?qCunw|+E0pU%ly@|>S9oh(D4%=)@hZIm6b4*D_w+SaNMhXcx9?$gpLrwYePo0C+c%XsZyfmTEgdxVe1W zaOLj=Fw5Vh%yg~T%q6$+fX8gSFPWJGDNaNrKZh3>&*>FJ5Y2H8v-9GUVe7P$q&dE3 zhUOH0-@bTFQpR#sd~5>KTcezocEn2%%{-%K2RyL6d`p{X&lo2;*p)D-s;CEsZMhU> z*NQO5SrvwPl~||HqNjb}=#(?C&t+C!Pc&WZ6~7qiRwv7^TmDdVn>)1e7K%{^jJ}#* zLQTR!D0$BiVM8rvorJwM~Kc%v5kv&{myMUfPOh>D6o0E zX89Jk|25VeOj;G)LyqhJ&y|<|>LyhX`56uOZ^^}Hai}(>*?eiMp1RjgeN24}L=BIZ z_j+J=$Cx!HYuNi4yd*0WiL4~lx+#NxxKysT1!T=yK!|$El&TkH--y*NKoW`VRvINV zbgxv~bdj)~WJ@jZKF(1F_0x#a`=^ZHOLOFvp-_i*mq|YoQI}(KL6!N|=2bu>Ia-roOi;%T(w zD?>j}2EKdeM+LZf$XBPIiiB|oqk^ykoY6A1GEzxz#f30z=EG75ABDf3(jC<;g-Y)I z8E*z9dt7SoBQC~kowCGyU7l~>TAHDSpTqtgT=p|wte++k3Wzjv7TxARR8M;q4r*NtEz}Es;l(cOFUnw?gCB(K@j4g0&9)YzQL+7pJR)pC6v+Djo zO=d9lC$NbrSk3-_JUp`U{~wLE`9C)Dv}W64;Je@a1>{OLE(`VTvyb>B|8ffe#ibQJ zwaRMVJqjn#z8-ULscx(U4ApC>On=o%5RqMK>q}cm1|siiK_2?1h@iSF??mVw2+L9T z1qA*KMuCq_FP{+NK!-=(WQc0T)WEDd)aObe4IT=TScga7lmfa4Ob9u@;VvMs;b1|n zN&#J}_i>+)u#aB> zoDwf&$A}fOCS+wLhz96#>8t^=Gz4V2Oge+CEE&;2t{Qph4Y0d!31E^X^RyBFti*wW z5rI}pS}uw0RxDYFCR1yQRG-1#_Gy zGXpWpVzstb(+bnNCskwg%N=+!TJ=1^R&#LGDJoDig-E|QEeRw$B zx6c2gt^R*APwOp&4}AB>e-5~EQxRqQZiioa5vwZ(L@jyb7cV?tIt%-iju&OEaQ-!ri5~lzP7F#@3%0G{6L~jYpXc27bd2fWr?w1%^|5> zzh(t%rWy01;S6ZhU(yk^qcd})@+kz)=}Qb=v5%7s+`>GE8Gu=qWLBE4 z0?MU7gRc;_ElM>_!wk{=qNMe5pt}92qrk2iDq@D%X&$F!QOcj7g(qwXVfy0ZobX)I z`tLFNsA1kSewiI9JFJ~2vs;?in%RGR>e{bj9VsI!;KlJ6P6 znjJ{3KB`QlQ6JSt>r~27lHASHTB#-VGh8nQHCY|3!NPpe&!9|Y=VT65i0*P|LLwTV zWN$I_qjc&IJ>V6kSx`IA4iI&r;(>BF!%sm5`##2K!r~e){0tHPSz^rTK+JwMppfnL zYS(?%q_%VQ?fnd{$S6??_hAU;X%#^QTcJ$F#=}BYUWUyEGno4{>bB*VB}+2i;V8~N z^i7l2a~dEX_yEtS%`cl&?^)A7C`Ta)OvrR8j=eSt( z(-Z+l33L3@lF4GPjMCQC;dK#^&KnwM{~kpV@FSdn5aBfPmn@Z$*h5(ArXq>qTVFA zg{fjCI{MlA;;9jS3X|6GbD_}4t7*MEDqF+V`hsdjRib)kQ>D}fcT=u!H=S|Vs~jC1hU5dcmHT;<$oI;oNVv^Ht}$G&q8LP=PDwc`C$k{!cF`r;_(yl zIxfia+^kO{59|Qpe_Saml-3vAi6Ax4G8mI{1#`n7tS|6m(icEb%$~A9yHMsrtGR`hP|9?{pgfb$@tpY_9)VZ{(rNhK=fGmOg81rByGglC?I4 z(QJUHZ04SV%I4MJ)bww@cnOSt1{VmUB&IM1Z(#&|3W^Ukyg<_ohaR7BZsA;;h`~qeL+RTpqEKUDlZ>!N}zJFo=cBwZe;#RRrD-tzh zz}($v#cjoK55U%r?7^Nk{2%gU(K1(bLus&v{~sRgoBrR&2g9xX*G3*5b;gkgyjmzs zlkhr)K_|O{HLtFcP!qKr(ZfmmQ=Y|uCNwC1_CS#`7$BC_sx)Z05^0>2WxvF|B#I}+ zRSmC|CSjXxtF~`lo6#ZC$VD8&Pqw**a)*FOiKo1{GnY=_NAQJ-y`mc6w~b18=d&mx zG{i6mK2z7yB#NXZ%j{raRy1^*S~qkRu=a^{L`UmIgrSLBl1bF!kPIUG$#b1mqf7G^ z@%vFTes>W#Q&BWxF%`|?mfcYo-HdtgDr!e`n=Bwx`S3o9ATrImsP@9nqO%^#HJUb7 zn=0y!t3{!QGiE6IWKB=ZGMUbqmP~7#`5v?d!O(G9ut;?2Qnc@Ye}%b1?b{{5X@v4z z@D%h?RNqCP`dn)26M3q?-*emtGcc#m7#M2m;`Kch4GV)aGSg9TN85{hoKuSckT634 zO5n0~*totTb(C?`!C#D({viyI0yi16_YezxB-uEgs!q*iXggW; zk&NOUOPootU7H8l}Txw`5oXvC&U(v>N2wRvcQ5QRMRDKI5 z@Y8EQ52nETzwiD2|LphwcC)+N|GW6R|M%X{;_u$ycXVU&-3XHZV(sPes8$uCVmX4Lqt5E!3+f;O73A6_?YQ){UC?g09>$Zf8k#8 zm;PS{R2w1!8T&byB{&DiqoNibcydbHw(=#WVXcyge0HbIL7)2N*7?G87-8-?kjT^` zNes>}m})*`DG0K83{cDxjR2g0dq~NE?@-G8>wFZ=ZM)kx8BqoSs&Q|!hIVlSpv+Os zGZMZ>pZYg|Wf)>c(DeQ@ikvA^%7>*?S5v8J)YsCVT6}1;|EJp3MR)dJBg_6{G&<+-vNQ4|)OE~n1`*FdTt)jJbXLjB!B z>471PU&(e1I|%yqOmE0E@nO0H4L{9tK}Pu;7^f%^1K`e;f!<2Ad#9o*#%|{heEmvg zF*}~86vp(Md!@hn&Aswr=dOj*X`@3RBa%Ht4@jvqV=k^vE_DLfG*iEJNx1F4`{O-r z_J0wlw(TLHX8#|K_7AM{|Ni#=ZzGRW{uk;+G2q<@0{ZlE?A?O(@mPlMXaw?|;)nRa zZGMX%l$)jr_3{@MzaB2kgA3E$0eClMsoR&yT!;YNa82kv@008td ziO9`AP<~p4q_Ls$Q}AW6Au08D^kSbsgF;2ieNoind>^uEF`nO@|BEC@y&H`4#%HU| z>GEmA|BImE?aqL8{Qv04N@71-s?j7CH^t4Ij4DyyuKNbn?2?u`qPkz|(Y{6J zlxpkt(1pPxJ2BPs|1=5rKKS!Id7aGTocoBL1p)c>F1dsCn?W7_KX&AQJvrL)|4lra z{T~_SS;;7`vmp?{y9%~bk5?MdyzuU0OuN*#Z=miUOz>y!eU!~BmK1pcn68i3y-LDC z1KGd6Q*93cbz!Y!YmVIbdgA?Ymdw~Gh#7HsAW4f|T{2%YXtrShk|yDsl->1Lb<_y= zTwrNC6*h!e;qW4Zpi})_nuLGB&HAP~wy|5Sl{?iERD~f*0rp$nYc=Hm+>&aQ+n@UU zpZi1W{%3S>u;u@ocr^ZhE=GA>W-q79qvh;M54vXKXy#Ago7?}UTs%u=|Amtn>{h5y z>VR#!v@p&?6kEmV zTXzL{>C}k6ncVMAQh4VXzD$xISeis0W(?X_Dm~ zOaTh!!H`@e(R>E!5q5o46<}>KZbZ;5xrOUcR6*omC2D05C-W>=3kgmu391pH7;A;W zJVW`Co1CAvAe~XQ8yYG&s9Ikm##Zi6gSL*9SNR{iY~2&vM_G2=uc@S|W(SX}t>`qwO(r|t^_tC%^bR#u9- zSFx<&5cl>QSnM_s@EY#_VH^QqbYj}EQ;-}}SScK_eVqv`*jUtR;Q=JMkZu-J6# ziUeUv1lPwP1%&Ymww!hP|CCYq^cnEZqdCrD_7Y{}6sTGPG18wtD^vh0Uh_HwRVeqc zVT}2ZYZsmz$-?uY)Pu3rw{!YOcR`6vY3kiVZh}q9`SLGAyB8(KT$sYjaAUvalh zrMQ)3JmiQ>k(6gBo_G?U9@vE+3+%i+n?tYHGivesd|9XX%RSUy2}Qh$dwE(JiKMJF z)~dc#%Yk~&+0~B+yvrmml3_a?gT!cy_NvU-3JW$lxrO~24*>lBCv2yCQetuzt?-6R zP4o7C2LB`zisQ#4C+7(uU7}eb?%)zrUx5sMoTIEr;Qm=jJIQJ@IuvrS>R$zy3W=%Y z4zmT!um?O0{VbS5@+VvP*fY-rf}RsD&XILUVAf?|R%5gFd2Cj>x(7eu8^#1wLi7H= zCw;jYcvdr2ZdAI8R03s}hpBR{R4f$Un}I?S`HoXV{uYGdz*#R&jljnacor=uIg8^n z=z&pl3W8aZ(R8dact5&P38^%8W13a+hFm11FO<5cR_tYd!`2sma|6w(pwWOhXd~%Z zMVRB&2y?6vMzqwLDx%`1NFt^ht-ybjwoO`>7y1+jc0#uBP#PL6h}2MgqCZa^op88A zn%!x<2)DZL;%RvPV{!&JZhM8|yEezcTK|vZW7Gd{c(9HCw~(vn3|G(t z*4_W@ACIi~FI)bJ}ovi>a-Rt<2ei&{I{N;n{ z;?`+hY6^S@0Dk-*AoCuk{5bT6aWT>n3UYJjSQR{(o_GzSvcTz3)@}yWaCT;LRWEc*Dl|N1#)Ad=rIQ$Oo$**=q4DuTya% zQ%h`jGVN)>|M^8==jXrS;mC~tGThpKZs@W3zqnoQU=Jw2I(|I+fb7FV>;?Q1e)D?) z@0Ekk5|nE912IQ7qsME6aCN(sD#QR2_X;wzsP{Qq|hvz4sC z>-hh%#s7z+qb>j6$Yb+=I?UT0fY0}b*#j7j?OlL5Q&oDN{3fegERwx`2J&nUo3QH# z*<~maJ@cNXNhRYRrL0R;*Ax%5BbD^2s&rSK(W*Yc{?&s2$Nr3Fer>%4)bam=ee3@J zWXu0I^EmWB{tR}({+UbTBj*3C0}sLeg)6J)HF7+WRV^=KtKtqw)U>GRlAqGhpKkULl;X zyBQdB=h5y7RzJGl8qjP~fOls0;>J)h3){fUYq`<6d~M*W?;PnoibO7vT_dVNRdlJ! z@CrSKR?jk)5@NVr3=|7=oBqUAbR~7%qB3@`|mmk8&tCS zbCbYUR%6;Oup^`tQnW6r72mL}cm^fWuf%J1V3$9&bGy37o{e)dU(*Pn9NfYnnL#3V zux6gp{nrP#NfMcxsc^s-EwD%m_CBg0q^czK9a#fJ_0^S-3XQhC*Ou%@Z0Xi~*%-v;;{E z2yX^~Aw$%)uf#c5LLJxO%%fvl7507x@3@cxAYB|7u)?e?+vY<67ci!bjWe7EnDUU^ z1mOjYAue3nI1rEVJ!{HW!OEZ?qOO1uDK?*{m7pF)G(BwtWJkI@;f_*cb%NdcJWDN| zuO?zdTr~tL8YRXMA*vam(!I)hj1h_hsL`|<#jo+DpL%5~lAm7S3noWtU`)xUw5w7I zv!ducT-3rf`};eS7FX=AE^B^Y{cYY0E=%_s-q&>0g|$$oQvbI^`1@D8d^b-+{ZE{P zGVxI7_x~p&Q~xtOIoaO-Z{*SLe=d^{0;%L)QwyX{nMbSr(L2$#)~Cp?zkxuXYFG68 zpaPASaR6F{0a&wrnJu{DtT@k6G{AY1o<)&*MxWM|A_A z5YACN@lLtYgtpCeA+`{5_Y~|bsHUjsg7f6Rvv4U_SW^C-JCS;y>J=6(1Gh2!ScrfX z_PvJupA4dYIOr_?*YNQ8#M1vCjJEuLBag=auaXdmVFrAh*WCu{GcrAnoxtix$D4uR z6b1t~nkA@cY=G%I$-ud_oR0c8rIByjZ#p{|24bR|vU}J_!0c|>URY@ZUHfc8DwS! zVk-eGV06f$??!B7rJ6$=nq_l_Ie@(nRa+J8mP7hNwSKmGx}b*p{y^KXjBc{K3#=Il z@V*NDrPkGE<^h#h)t%awX= z)XU}e_WIhtg8>;hgsMeziCG?+RSQA#59lS53!*{6eW{XG$K-{e%>Wwjv& zZojY9Tjv3D8n*6^JG4^kJQTaYK@P@_?r~Z@Pd*nB+}hhJG*7}MB$#tmJ=-p&w<({= z`_`vnKMbjPpa$^62=ly`JNYxEn&4zW6xzqgps*5BxnwA8QKs zsuGVFhs*bNb!vPv^%oE%akK>U7=4^W7GD!rS)nw;$wl!r$?~_9k2Yj;Qy393z+!R} zm|qE4tL+;CNp`~Viz{ky@5ec&$_EsOz^56`!GAsj!~KIp5KJlhm?GN?IZ7 zxEaF@i6G?{@!ATb-66|Ly?<9{6)T{7t9dcZ2Pj<}4p91`g!Ufr==Ajz2Z@De(z(~} zhFd*spqP5o>5E{@HUg%w-p!M1YU$@L;(3lWTcHTz6)TlLzjJdBGAX6WhtTzDa;YnC zxe!s@1|W7HT-qSx?_F!S%=MV!CME|a8W%nNX8qbwCt4do0S zVD--T_3IP+trZ$siHO{$V}pu-$^2r+(KvX2^Tbuf?hfZ#1PuH0v{o!}bW59`1BZ2E z-3lUAZUBnGdya-;F6%n_il$g#?RIU^I(3cl(W*)^WaJ4l@(D4_$_iJECLacS2u;?h zN6J}=XZ}{i9(mZ<5C7KU{x3rb6`LX-<4Yb0qG=m-_8%kr{%?PHw7vh^#G~K;@lghJ zm^+CCVNIMzdjaU^N!RuufdFj=hv?oK#OjTH_$@GL8eL-jJQ1Cvq*Zz#{`uIShWtN+ z^jO3sv9<<)b@3lYBQyTn!NG7F|9K;i#{b{4Q5HGC*JS4@Z zTt8$PhOyU%;cNZSIjc;S+@8~`?jus+hsM&^rU~Eg4m0;D{t_-==4q$-mp+Q-*@Gl! z)_UVOq<4~^+2M2h9HvpSBnM7UHEjgmb?)bIJdc>6W8YLM?vj}=NF&>I#-PYu&Wf#R z@t!qy1I9__qKMsMJu%W^?rit?R!`IYe;(&(23I=%)$RYIlcBZ$Z}b0c=+XCoHp(3y z|IB&wc*Ov#BV9`ZyoIJmztw~QqZj&aD=_$Gf!53~Jetkg*qX9d?62za zs2CGaZiA>8AX>1jj*HSnPK^^s5Vi?g!1yWf>A(}_ZW#|h9Fcxrh2cD6#%dkwe}<#OLsR}69&F=(ZsgJAziTndoydOLoO!f@pV5o1r9KJ%;Z^=x zPYmNxiN)sB{hgwtRobcnnmv5)-C+hR?D3DWczl6>f+munsUH#7!gN9qsdOW$8Suk! zsK4t!RB-Bw&a4=tx&_2$1ZqK|io@x*4_)2WJSgd6?b#8H!6etg4V&EM_&Jy*m=wO& z*#={*zEHg+F*S4#>1ECU{4&qM`=1s!;2vg0sj{$#Dq2<7J)DSJIdA=^sr)zfGkBFH z0c08woccjy5wPz3e>~bZ<-g;D;a2|J#G}i9WRw9PW+2CTZ4uBlc^Q>ZI@sEOZ{*SV|GQ$80Uc(*#u@N|UUws?oJEgzL#XLh*Bis6 zXyf5^#+7~3d8Ue2%Q%AV6vq#O(~D23ABVv3+0hQmBD;eEv{%&}4d(Ox-JO@~Bqj zFFqlhV-I*V+=v;}-L#mO)GT0`v24mr#nlZ)RBmTIuQVzDuD=|hCh*iUOW-cMx|?J? z7|1eNQnfal)?a6dTB%n2n7_ z#nFd0*wQAgs05sZ)t%rIUvuL~UVMVVJcl0nTbQbNz`M%e7-q^VYnIZ`DSYMZ>Qk1# z745l4wr0Mvx-A1Thz7-94W}x_-VP#CEcIT`=prrsW~`MFG(|B>&z2t_dcYe;iBJCO ztwaTjy$FK%AfC@|VWv`Jaib$`b)Kfy6myD&hmez5Dav*l!ink2JIF&x$Tx2DI#!L3 zJ$=vqW|h_VRrT3QqOXfM10}H`?3=Sy#)ZMQD9zAT*u8rueSTD#Nw?1?p2p|DG>MYQ z@;c3+AD$;M&NCmyIR*`mgSGZQBlG-sczm?I|Jlf+o&U;5dHv&H3FJq7I4tc%opW%U z{~zsRv$4~tv2B};Z8f%S+qP||Nn@i)8rwE^?|y%G=H8j-zuno{S$v*1&Uqb`RjCnS zyvR60tSO5i_ip7T@A2O6TgAiirjg|W^lk-pE?Ep7@eD>U)zZ_b4z+UfE1;Z>`kUP^ z8eBnecH*5ImS>mHvGIYp-Ky3Z!I+E}K(Z`&EF+MV6*VqaYK-AS zu(2hg!@|WAEIM~@<2wEAaRT%DhW0*F{6yq13*k=FD!(sK2lC)qh{s-H# zut9)W^M2-mt3qO5p_%1B|Mv?Tlt0oZGZc503Kt7za}A}C+_4i}VM0bIaQ2fA&I0ZP zK=cRlmbR-RDAM(42Fw@S>ptL98>&Ar^Tip+VzCMA2c-w@kVPG{bp~GpckmB^J0!$8 z@4&BNkU1quDg_8ID(S6n9Q!dRK2ednoGg7U<+*`%g+w)FN^QZ zHz3)7XP6dDM9`Fgj+k&!Kpx9nRTgIYd6chXOf)w=%`#mOY=jWP7i;3nZ3vsL1(S^jmlZ(Y*!k`>Z&=`T+Z8*%vZJ?+XZj^vJ+aBn{ z4Y$bdw3{goCigzYz#v%>?*MB7&$TAQ5h|#Uasju1$54vMOfbkpe890#hQ|4u&M|PIJ2v?D8dy6S-#?vG1X9$nhCJB1BGWYu(|b$* z?6ZK^D9@V^vmv6<03rOVoM+HE_f-b~?P<$_JQXD$>q=czl>`#XN3&nZ9HN9h8nWNp zn22m5LPL6;Woc8tvhO2K799)Bur^wX-;sIddowzB=7$y3SqaOIRP86ON2gq$Ek|{i z;Z&FFK~9&{ILw(~Ev_m31h8%muLD&hI{qxE_vYRg1N0*~tFO-u4vD zKgVUGSc9HfR3J2A2d!t?LA6r;a||+CpXFo8FTVO@JT)T`21W@eDa;EtS|za0P{->u za+{nd8n&_cOXak(X4XaVxv*dt9hdG-XI8oevNY)PC|V6iX$2PZ9)fxfs2d5psz@^A zRJvlltMnr(HkrF=?Y`j1?}P)2q8!TBMN`G;=?L8QXhlbE8xm)V2aI;d8a9%g(1E3d zHkIgCt!(=5vm9QK;$fBgE0k&iD9sod4J{*q}eFJlPg0Y_b%23hQ`w=>-ulmu25WV%SfqW zMn%r~!})jF6i!{azo34PHbiNuKA@UO!O?oNosaUFF|iFUvlwY)n(@#=cSFo(Olj(Y zWXYtJ9kQ|o$WKhH^=7CT-*Gaaz`y>M5XZQN^?qs4aWeQ5Yt57oDmvcP?v&;f5WmBc zwV&1vZ*9&|B=%tNYz6^ydubhprw*I)} z-B~JV6oFlZ3E=+7bXH46IxQwEWz32sU-x`<9o&Q5!kTw#Q}S0~?Dj0vj@b#`W0g{_ z?+N$~Wpv?v)aPTMM;??1J7prT5q>g?sb!yP_)G4roR&qQItn3eZo0oKKT%TnKZ}aDfba-+K*0hhU|5n^0f14mQMab) z1PfS$8YrgIkMU>2Eq(vmMy^yXq{A*xKxo&l?=f+U4 z@8ju7$bNojK=}O}c=qK75@~ulD{urN;Y_u8MOe3q$uJ?%g+{|w`Slw`}f50Z2qtp0ey-~y9IHCMthNOn+n93a| zuAK(_{!a6_ubTabd3NMt;XD6z7OU8sfzD-VX+qd+{7sQrKgfhBdks${9-+@yQwl?_ zkrr8uJA7Yt+!xM98_-D==e3$7k~`f3wl5NDK|L0NSEttic@%dwI{(WPYat|vIV?WF z3wWOo0kcB-4eJ`39Bp4RcI_-%PU!BPS(ZZ{r06y;Z$$*{9g+n2)=`%GzO=G;D?Y-eb zTHU#W{@;RPrH{MRfTz5TYWMc)yqjI?E}&}3Mf?Mhh)C;B2sK>lKbH^&2#CM5aOM8M z)Up_0%O`X*HoW26%%WxPQ^w%{g*?vqXJ^?~q}>lu|IpNS3Wq&%c*=&&6X7!zRQi0d zj}qVR`^LtlyrM+7=@j!dxAD6o?zgpSXtGt9Cfdsvw{FC{vU9tq(I)FSMYpJ)Yk8%a zb&=Gu-_wHCq+pR7Mx(#uHgG}Bg)K(DrkGp0}-BA zVm@NECtc(el=ewe@rg5d@TLwI1~P#eh#iMsGpm>F6p#~AAZ9Yi#cE&KS1NO;{YA~* zsZ%KZIS9>*eY&55!F}ezh8N#H3dQX_PTi%97yckMwlDHXX<>14b(MEo`<_}XrX!$)o5Q5_bpz4uNPMz6? z5ibG`M7m_geF;B{1n90k@l0Hylv;O)lV=~vlxKVYVoGygv5s_L=_UR6TZs5+$^5j` zVsh1ZR>MeDlB)+NF=1kN%4eK>mgv4|BY(P9#n<54dAeC|U>GY<#Zf-fA9kQ>4XZ+L z3SBYg!~ecl0CG!T=k1gMUTz(CVu7xpWmZ>_lo0T4;p!Dmi+EvgArHb_6HxkYD5{F2 z=^>+b?lO_9+N!~=sq0Q1{C5tk+vovXhdn`)?>cgw3v7h!M7+hID|Ms$Xe<*(#&!Hz z?_PYbqQdBhVly7{7e1g|_}7YpzfVK5{maVOJhYpU%?t;B-kx{#wm?njKLFAUewqk1 z)95a7una_`t9XXTf~gS7#29mw3$vsXoG*6I0}X+NfCOAc7_sFl+MA8F&5$>Yg-dQh z8BM96-abc3TSz10TU*gVdUtPSQ}FHLayeyxQJ(1}%DTdkmf!g?jRN5`PwgCr1QQvr z+7avOmbyGkT;;a{34RTqmCNArH-s&Nd0Qqc|ILcBPm+Y5IUpy$ATP_o0C56J$34hp zssI@9_1daCy@~(vv{vfB9uqO}CZpL_BVDE-!9V&$prd0Vm!#v4ndalMz8FeoXDql- zN`iu5l8Fw=+Qx6L=BVS^p4w;O>}XQ^H>72%IKp@nTPXPawDR$hE z#DjL=sIVmqD*&7Sjjqp5-Fu)@CGq`jdje0#he@D#Q9j1dc1Ay4Mn6qe`^k1mNSl`6IOBN2zaJI)CmC7U$KA!QV65AHe8lc5$ME;Gz!*c0v z0-4N-cg4U7oDBxZiN7KQK)AJ@r;t8Wwf;G5>Of18#OZ_HFd|1}AW0sQ!q=Qt>p+#ndtB&4m2?bz=%O=VQ#yb&5icGh$HmC}$omrWu8qY7=NkknF39@E!+!biKF z$A)lfV0El1f`~DN!#~}iO>Df|qOF#EH89U5N$=Hcd{_(Cg1TGUpE_&u%Vn|keZ9|P z3lHx=k}AtGAqX}Z$rHx*hUS(pl}u=1N`KF6mRYI3(@BDJKHEI9hG!{PfG6`@}AT%oRUf7NHk40&hp1&-gZ!-0?# z(By0?`jq~ANXNNIyuVS0p1g-N=_9x-Sde+Pg|bhj5)XIySEY!docEMu(n~6! z(fbVl)ZWKRG3>doCb4tVM0DwkWbQ26PzI`U2}qKk`2lnU3DdSfCh^mE62Wnzb6@U1 zb(p)PGGoDkeLOMc%OP-<-+S;rxux)sE;?ws9^nHCQ0D`DDCwy+Oxfxe;lPFQjelW! zkefv4)_eyKWv2o#+T4!y@mWs-H9Mcvlt3~)9^7@n&c?@19Dgh@g~MeeO=4>;aItOl zNhyFDXN=Evi@mX!9+DJq8?-wQmJE%X2MVM6#vwWmaZ5i=nD?_k-67UXt_bpR?7Om2 z)M}bBkq=-A;4C37cECXv<#VR2sW4~X>nx1Zyiz~QS0CTeqnKlewpm_8RSA?f78H*N z7_40cZ4sr_3$(#+kIRvDl69AvCsuovAieK>du>)wRn>k}`tFq#0(LUz5c)+5js42< zuNpev&0EVSP#@E#BDT~7ZA;vBt9bpaBDP=7B~YDB-W=B>?Cx)xto;w3*<~tdSJ~`; zgeNHLuIAs>=YR@0V%|8@)ABt{Kpt+v?T+gJrS_Kr0ATYk>cKMuwVs8^iv^e8--9|K{9$_}~B za_ZO+t=4(#`o0y7YXL&(PLG_H*D)kJkWapT;@?-Yx7@mT!p?*?n3PlNvrqTvJ|)hr z6ll5bL{IGHV=R~UNC4Zi?w}7R0*v!34!$ep)?5PZ=7QZ$20|d&0IPeqjz0h0z3gr$ zH?NOhEw6HBzJT-|12BAENM0+b+s)RutP9ss4r$^kdKMgjj(E5!cwM1K55zOekhzhd;72G}C> z6+5{GmB=l+z7EZPYhOCXONHw^mO9AuF1|*JOLPA$eLVIcHS=u_U?{R2`>2$4>^U$S zvXR46t2Q-kDR_RFkici@))X-OoiS6v)|0Yp=q2c>CzWT1${r@*?_lLgcip3$;ky&8 zXu7{4mBKv=_`R9-&~#;|@G8`Ywe_(Z@!jOR-E4H&iWyVo9i%F|MoSz?JvQ-1>epvbMct~E!-tZ|@<6kiw!mSs*6ER$)bbkzD-N#B)NtVzHTr9TO8?K0$rkM{SCq zc)KkZ(fOBH0WST%{_!wN_eHkEA(E{a_5%73Ef+7upS7L6`ug_$y#)1}FfQo_3!bz0 z_ck-y;E*FA{1|^{&dv~hIL{x*RJg1VOR+)jOwl2!UhDjd&T0CWF^)yA!HTfY461)2 zYXQXZDAON1d#A5vbU?d(mdp=zvW}&vHJ&{BongO*#6z81^LU@J<19X}L<4h~d?=aH z@Xqm&R2R;PUBchVokZV6;tY52v(9N2u_2izGqQ-v2q`l%ZZadW{2gC%p@q}z2Z{-V zsf-RO#{ty;1Hh=JPwjvi)9m3L%V8QuM+I~HSsLjdx^c^N zSvtHy;iKa#B&Mb0|3B}Ul-)+1f zO-!a!ULBlA!8JWN4JVAD%0mky(ob~sggv}DKBXh2zQ496Lm@o(Ro94M!T5u7k~G{} zo`N#poINXQi^$goKB_s1boR(4DSXs9KAvpGGuJ8VJ-dC!`RcQSzdI7voLJ$a<7s1~xLcf&^*sa`|Z&sJB-JJv*- znMkS5w)|b*D@blZ-LJOxEzgP)R-&x5M7JktodK(UN??20UMEkzd%U$(l|Ad{4ZKi! zx3;Qk%~Pp~xvV9XN~jW#N}H>?hL)mj*w^0z?0euOPT=2rpySR8kT^CTWT@r3x4I9| z#0iv-HMoIkJVOTqdq5+7W%k**wV#vhGQA5JHqO@P_e%-N^0+1Qv^1L)OgQF__&1UU z+p8Hx0@#=GC!A;Jcb$l51VZn9C#XA+sp3 zt$wUtkmwi+5Qc+}hhk%K9T(u;Ti*U>IexxW;_vU8OSsj!u88}trD8Ng)mLKWz#%dU zUUfI!FjlPAjFC(Qoum<&tv+7E;|~IPL}*>4GlW^$Gm4cvW=53#f*r$j%(r%}(PhAH zSCK=Gturx4v91xpN?fm#E%75#S;cfI6K&cTO`EDtm*{JcdhKfd2R}3l+v3Y~0Mdolt#^hkX z5e`|SlCnA`p(brOC)1J-IHRN%77Q#Qm8!ExF=P=mo)O6~tD#BuG0!bVY!KgGgyg2e z4%vNFz=T{}5m?ye4286hJz74@YnmfHWdBV;{>54}lT~cH-O49qoBEpv>d#+p-KfXc zLfbg9hPzfZydW%re1)%r?#tLA)jD0`Ajn59Q;t+EYJ;pJUmL6`k1zIB;9Wq}rmy0I z@s%IkS`YwImX0Hs;|2KfCU*fx}Y3(REZl_2IOIEvx~n5)jTQ z2@m$f(HV^PRfp~a2?odla(N;81ke(6ZN9{+a%x%;tM!3W7J!U{J;w`ROVXGYa5B>U zH#nwaLL97BrH3z$Q4@IDW&6JSAmgc==a9EWVqPuKBTI<5B=D%9iAN+4xU)B|1)5>+ ztpH8glqTL+C0peb3&H(s`G24Oft-T7W>N9O`}us{`X@z%Axw|U`B9MZmb~FaO&e#` zy0<9&AA^3jk0l6=Wj=x4d|>1I_5SByGP4D(^y?2H&iWCc%KKtL(fIHCwhEA^jgTno zc}FS&cH@JZ}M-03V+lt zhu75tX0&OhK*2|n=kQ`)})bmX2 zQz#Za%30ZcMyr&q54Fj`utsBO8^?ygftzzWpCn?jD&Gp?#;7H|&R815ff)7lYVtw+iV(!YM?Sw?$8oSp_3O>8x)x)et@`>h|2Ew1 zQeZ0=v;sJ_bgd}Ut8b@AcP0kLy05({xr^NV_^kB(IbQryXK#i}(5gt&x=y+)?AAgg z$jg)c+e|U87UuKD2A9I=^!{Aj)ac{J8I1A4`b~xV=Dq-Bb@k^18REBx9k=%C{9=iy zA$&bT{kM$#%$Nh}y9ZNecJZdq)t1;#%2x_g!T92^FXFX4>H(m)Z|8u+s)18_b5UA| z6;g8MFd5;(hu^#<+?sz<^G>~gR|TU@Ztl3m$E9mM`ELOmuNU2{x}F{ORvh38-^%mZ zy|xUXN6|R2>JfOle%_Z=kw^W1b`M)We=(tW#dz{u zacIGhLTH$ay6~rUgNvWDTaOyto`2?eKLVO$YoG&pzkm}#c)-2WQ?nY-DirjUhjsXM zKnSy_6PH017Vo6NHE!Jl#dZBXjuVJ(e(T=?$XQY3hyDi7DVy8XQvrz+#rJYzeH#xB+<7ddZrQiuGDEdMgG?^?a$RV()G`Yop<(G=Sp!OaJOc&-n%jWe|GlwaTJ82PKxxF+ zXSkPuKFBTFVD)C9yAo>nPr_;@315Eyi;Byhw6Zj-o@sB}9ug0a>(*(=WxOH&?kBF9 z&29p)0mWl&u$}k2&@876KRT9kgNd|9mPjzv!cBldX@Ub2Bp~yCuHZ{s3V*>?(2UpjDd6@u`l7o~wAV|n<2Rt$TWJcHKxn(pF(F}a&L|1j|B}^(B$yj8r7G#WhB~^h$oi=maqWAtLWCC|U_WZSuRncKSh03;*^ts4Ar%?s`ASt##(@4@9}; z{Q%)oVJ7w7h?57)V+x}@jg7a{YJMV_KPN$AHk$i}PXNo{+b!SM4TqgjfW*Zi;8?|VXQsl!}OU;@uMw&x9Bo@X=# zGdrcP>ff-Pt}#{WTU}ZxLOHJ6(=X`jOrHwZy`F#6dQs56Zi3;S{A=EJ(U@lb8?qu9 zY;y8gWWHxdeV@RZJ@ah+(YgjiM`7kIc>nu*n@FkdYb@yu=)ugtxpNKjU{xn<*q*|= z9>V@!R?9uY=45+0RFQo;m$8vTk6%jRD1?jSoSf)TIrrbH_wbj`7=;W z7g7Ygm?zlWIf>x!2^=g4urpP@q^4oTuOg-mIm~S)gK!rzvj#Cx?$Qo10Grv%`Gr3h z4-rBR`|obN!|b8F;008C4GdRdt8;4#n!(Wm!}w%zA83;1_{Qceh2z7pj?=pvYwux zy&4ghB)Gtp`x8pu(%gIzU#$QqjX<{W5C80E92xckk@JpWCe*c@9V>}-=c3|Qcwj?8 zgrQivc{M2n5^|V{T!Ps-(1*4H7-X)LDE9D@xUZ(YccV#MAh@j_O{M#0Dq4k zE+D{c3y3NOlDFr0t$hJ647>M%w#oeN042D^Y+y`1aQ-vEL5u+G$z*18RH z#QwY^)WA!`4)v6UA0%~H?Gg%FWga&IV8`Q8H92~^mCPaRE}yJT_9S$~4u#0wy?t!j ztltJak9i%M>Ydy-2ylD?9l3eguLk~W*}YRgc5FC7KYwQG*WcL$!7MiYH5a=UzFX%a zW4yP~HhX;qGznd}kXVR;%u;+%GV(p8H!+8Acwh}TK}g3B^rM3h`N1DF2<1jFU$`M4 zPmow{i6?}w;}fj97UcsWR4F+0pZ|f6zJNDJZs5_aQpo3(zi6Yt2Tt{*HkYLrHTZ6T`s#NV?3`$v9iF!eWPcK|`a8H`yH%cDSRtE%6D6QXi-K zM)l?j=dBtRl`RMd0hJ8Z$k_e&UJ20`?Pgj+UZLaLA_SZ-l6e;Q1c;i)4{i%TnMHOd z?&>8W!obNn?|7Ef_J}t}6GB z9}q$bDp28_(vcf0p_-A@e%Y~M z)-7LWMx&N!o3UdJdqa#CTMB+C5S%om`X`ra+)T6o7F+(kKXb+?^7EH7TN-*$^gcZJ zX6B*00_3pznLW5c*fRolnlu+)VEKn5B4B6xEvp*DU}sVX_~XEe}Ea$`ePElc8HMw2>iCpxBcLLZ(i;6#}(akP#3BT zmcKhpKq{1c)btWOK?l`qFo%kJ;QoQe>*)-25|@A1xVrf{5NCdxg-z%w5N8M)fnHE& z5+9zIu&P?T{aj52kF;tn`Q)x$o}&5-ZCbBSzU*f4er`H0h(+6l909!?U>h3SqAPQ2 z6#rnRk@3BzRK2Y19Jwqu8=+C1^V=9zv9R9OAj_jm!AOQP@qQj9EQ+Zl)t@xC?Mga0 zQVG6>_4|7K96mD|J$zHK^Y)Q&Nz3hy02>AeJglJ5Z+A^T$=~?a^b@0YwPMKRN+@o`8RJd!F)kT*T;9mfofyA*FZ{Z`)-jM z#8n>O(d&Zat1)@&1DJW4VafRl#$QJpzS%F;4$-B0*~cM#oweGe-@gCE9Kko}>_Veu zfTKQxr@tPjU$8o!lb4%J(v7KJOQyupSW%NpH>*1*ug1{M64p&PI-aY(-+8()GPZ;6bn^`7VLlYpHJgyHS+2HIXJmaieIlEAstCin^rRVxB8ag$PbS z5U(w~I)E6@jq*)N({Ob%2&A)vEeEbH{Qi%<4EkR6T#Di>r8EbTsIgNHb+;fctXjL^ z>Q4uUH-wBovg4Wz+n)mo>9=0t9S?qJ^etXTVR>0@ie9J&MY}oqPe9YGQeu6T%W4qb zc14EvILPVSE~%k2?gvyqjeK6%tV+A25j)pk-;87f>?Z`Jlbo)6i4K9Od-GLVV$%cEGF{J#Z{5P$o<5Rv^2kn8a_@L{?srNNE&k8r#b&bra+rga_K z^$=v{-8N77_cyi>Cpb2p7h3oYE4wYCb5F756nXmK+%to$p`V&#)uZ+0JcJy%$!+G_ zk@~MHehSFKRbN$ zkzYZpcg!gw#o+|G`BKA9AAdu>-i4TUoq{?PCfgx=MLPDEw)?nHfgyendptC-tyP*U z6q2Ji(Hi?MKmLUYrHZ?mB$Gt--Dg5-a`s(>&oc0gfVlOr_P8}1iygej!!b&~(OUpH zo5v+p9{(3OIb_7CU2Z2IQnLI9=wHH#Ec>khx4&7@iH%`KV6pQ@n;*HB26D=$MZ0jM ze;fd|`!($7g=R8aSc_DScW!1*lCBJW@h@P3^uXku0A1s}BgqvVX3q8$!w`UVj(|Kgit?j4X!S~1n{GmZoBxo{r(@D~aGfkmZ9h;Q$fXj{P zem8oaiI+ zu0`P|dvq!hx8MW6#nOK0o>%w+^cfP81i5Ts96;%iepNn|c&;RJYL>M%HrT)DpQ(M+ z0R_lGEWN_|T1VGYBe3{wXda5X8qnm3R5Q=-T!JQcaQduiYH#x7Z`LvtCeLR8U!+(k zwT*l)8@~bsL$|`RKNy3@+LB)1z8SB(@U6Vjd z`;tUcxU`w(J0Zplq#KV8B2E-UEdE8zUm1~X@B{iRmXz)x613s}(pWJ1VNLnxq|b1- zm)4x&LIOqMet%((4r_0I;UnIiF&vWaeNy5c~@)xsgMhygqx->hsxMebhSa#GaT)DMYd!- z>!TZ5N1Q8xYtI#S+!`;(lVHLYZLNa%{fD#$lUTTJo*zGzP(|wlkZ0^{yTNf*CjPY6 z^4wB8`wjT}_rzJy9B>45*cpnc(C3*Enh^cdu6?Z6`bCd%%yLVB7vv5@(>~F-Mwv9S z{Rj4q43e_HqY7)b690bu57+w2n8a2%!?+$EX5u$d=kW@@`x<%ShJYc$Y08*Y1G^gKaX;M;T1D|_n;i#Td=3zqNgIx+5q#s7Ii{epOloWqg6wGNveC5Ep z#FpWupj)8i3z0r@zo(LtWc%C+vDLS_Wqj4Q$!IXyzdaS0nAg`yFu>HGBTGgPNIF|myn{5ebK3OJ_FHC-ov!7H|ncH!B?JJgbvLu8|-^u*k{xWawH z9o^2@<(B~?XEWb~z*HbraO4DkQ5^@5O~cZeX=7K^#kt4Y!B)UXm6Mwi(R*%p+?5x^ za1JMa&3fd+jZEW*3?MHF@+iSqP~jzLKHE-B^jN?fr&%AtJ78AuI3#)S6*Uh2tnPV% zQ!3}@gpE8fz3FO{?u_BVUrPItAp3>^(E)_+r9hhmvf<~Hb=e+J`*%s;TP9eDx9LEcBl` zu#s2zE;aB}a+m%gCzj_4%1k_b8Fl(CLvuc*yHqnqLYSvu z5=C0Eu*~PBH7zt7`9WH{OPX9YCKv;iN*IeJt&kk1m;8)#I(gMJj$V~f$ZK_xK_VsA z%#YM*7pe2R$O+~j6OPmUX;0aSxllITTfTqQTJYu=m&Bouk#^paGoTOY(5~#mik2Vi zu47^t&Ku21z$vvf-tGUDKf|MuWhmcH%{=Xecug){+xG}xP+=7l}T>rC$V)Isx z!eU~&uku1%h70=EnEngBQ#laQuWuoxBDba zQHp9yh&M_8F4*Vs&Ms05jqJI$U&;Hz0yX<*Tx>4aw}B*;n5@+fT06TCp;F*)CC7Ac zoGXZIygNwO;GaadtvoK0H}HNL-!cQomvG1kA`<473F!5&2AaeB-7jn)?3;j-WBmr7 zz?qL74y+S^=CR~56TUxtkKRtPdn?$+2Zi&eVm-~|cZo6%bw~?w!r%M&tCuX+{^+E? z;S~1rgynPFT+tm>SypTA5u}N?A~(OwIt7y{`@0xMt_>Vc!qin-h5q9x0$BiyqI#}_ zj-R_A&#IBCc8)w`F7%LS#o@)9Fa~P|7Yu@QMWDuLa>1t6Tq(Rr;@KRXx?cRkc{(Lx z*_y~+;QlZ}vKD~lfeVK9hDK$fXDmWz79y!w2`Jo2;2*u2PqE=p$p!hKYnQc3@Ingo zZkd>-(IE?~;l9(mNR?7;?9vZ}_ZEBKHxGJW*Wb?=p4n6o@en1f*5!UvG%0(KRGoFH z_@FU%R+WT}n2Y!r{@M$Aa8ay$e|vo$|0?PPyF34Zlfkr28##v>0b2oay8XLKHD+tX zzV1Y^u2HFg$M~A#kJo+9?$qS_Ir0wiz9#AVq;# z`1)Cg!0COhaQGOR;Loc*`RZYNmdEWGsYr`R^5+^}u>OV$?ab;iX{o?r?mV{m(*_pB zO4Kd-)BAb6Vh?Uf#>YU84Sz#R8t$E4dT`btx*uS3_n0%vqe0@dB7`I6X2rL(20A>t zPMk%NO+;r2q+YUnedhunOR)0(J!*BaB%+8(tA3edflu{t_L+oVwn{IQT~P<@MV9(v zsC&oEVbQ}&(g3FuF!?K~(r&D(dH*&*TH7)HaK4n+K?{U;I z_ioyUFGqs3$)34D(ewqm+yTfuVOFs_Z#jQ9{R-3#K6D%l&X{YBBf|(=^k=^!6WI|~ zxmK@&+?dCG|86$>6-3H3XfS&3xh7%MZV~7IeNtbc9RUQlYe+T&=13G!(Ik#po-2^yXXL^KELa7N~R8kd-0Oe-N zsU;K{oSG+>Qg$z)owoMRjh|X9#qysEi-PgdX>(B3>)D=`MF2#@nEIrXe+x{+MJ+-I z^;tQky3?>d87B?t%>1Dt?Qo=6f67w4z)6p!V-!VzGjMo0m&YzGj~};cIhJI5U~0Qs zZb@J#BwcL(qJ(D41ami_eXBQ-qv^z5Q>Qs#w3itFB$u|Q2o2;)6gqFH=E&ghv+%EP zv)AzQc7XNltU}s^UGR8v{LoQ&(9`5B>N&f({uYaR$voYBosy$6*JV!Yd2;UVG#e)Qf zq9j^r5kP!cUnrJU@AoDhZz z=7p+NYl~I-$e7>o%b8=)<7l_KcnhtwbnF-##7<^^7S)cC9JvYwHbzhea;@WD;Xcr& z{>iMR%l4l6w$`Fwr}~5b{a2X)`L#nE8o!CjjrmJQyiTt}9b(pFIP%iR*M{b+H-v3*^?kc;U^yru?o$UHV)lvaq+n-QeS{J0m(H!GRX ztFxKs1}dyeC2N8AxACGOG&%uNxCxK5*a0!TNjg!*@!@11y`Q?M^SlIYI5s8?I5?jq z4_9v$hTYr1oH5cb!+^FipkUQ#05A9Yp8$Qix4x&zmQMYxEANyly0*>mb8#k(e7rXv zw)bG~s9%V`H5i^`HQHB!t!I(uv27&@fa~L-X2UJ-5ZBb)A>0@?Jo#}22h7GHZ_YJg zJ5AB*Q7N~b3E#ax8|gushtXAk_=IdS2gWh^4IB4xXno>@{XzpLn93?-%qN^k{-m`h=vvV2lv7W`7C<`{nSWSGcILbZLXx)x6&rH0DA?>RrQ7+cU4bPkf!v zTure#=2u@xgX}MAMT^ETl!0WNN<4u`l~GQITt3l)8dNJ;fPpz^lo6G~swaGeUkoX9YovxJ7WGdvjzM#Zf`9ko z82hMDKipU;d>`*9qk2KE3qFpgxS183d(12xH!vIQW;{ulnT*2CF9N|p#a(&Wg)kTY zUp#bm_`_P`%9QUWUc-Tq{@DQh-3LMo)(7yKgfRE|126yzW+ZqYh+k9$j!ed=4^T2W zPJcXrWtxk(zCdc|G$a|Op-?wRA-NF!D%m&0`FpYSZ!M^fC|H#@Ydv%)O4d$aOMT9& zkcsGfuNW6quZIGv{R%8k#nEM3u*YaGG}g^#G7SvjG0wGuKneYi{ysi|%R04})RpJQ zrpf-C#XP`8&Y~d$Fk1a6K!}_B?f^(=w-2nXQWFiRQ7)Bxnx4|Pvo*RS)L4Fp#G?4*tbf-R0Tr;Ds7a)ts+nEK8F z(v>urfFEx=D5wdXj{yv2h+jB1+ZliuyKlw7eOQYz)|5fWLqlIFqSFB@#_?(hy&@n) zLj9wm$D0|ogj@MJ&o95#Ax_xu0( zkL#tcL@wZ`{2HE?Ew&y>UZJxhM)RF>(us5Y)+ZJt9jmF)TyXelaDcGp9aLiowN5Zt zU39sLO)RA7R2|~BdBC0)qjotp8W8FI@M-w>9Fii7@9%4rm#vO4yJN zD7gN38HkwUdImnFGTsjuJmkCXT&ALJaiK8?4EiEeLNrXR$8`rnyG_AZVvvWZYvv6; z+L?614Au*CHL|?$KEo)V!jwmq5v$2Gbifdw{bhmI>l*k}IRXagCvqhhnb5%v{V0dW z{^t@w+Z(BPGIH#tNG&zdc-~Ip?b6KUaDVlXfNdple*u@GQLLw~_z%i1ih z7hY32jHRg7Z{%q&-EEVR2BpHvD#blT=6WE`D2bp zv>r9^{CnZMb{c`Y5VWv1m^z~2ohqE0`Ug^~R5v2+!qdA=H}cQ8%L`J=U>>$Gj)rRF|RP-uG-SX;I{3N(*bT+yZUshuL$fFZ6%ylWxLn?gD|`^y+7 zV>mN4Emd+~Mpq}lde1pnQlr~FP_f+kdGuDATHpV;12u3n47Pq5@Dbq;xG4!424Rca zQq{)-n4YB~A#pP&w>1t`;KsicXF$2OgQ||9%~?!<97A3kFiL8_r-zcbYXmoNOR%)r zi~4|Qjkp&fA@7>ITg1X|Epx{RmAF4oW>g6=9#2V+*vc zM)+75q*Pgcop2>{r`9nF`nPUbHbi*>G$oZ!#YvKp3NkBl?*zP#9p@WAcz$uJrGug!T9nk$+Z9&Fm-%5aCYvLSn~Sq8pR0$t)~*JhsK2GAk6$Pcms76ULaiKr^QUX&uvjY&_-X{yB_sbyA@; zmSc|TK3CG9MrqUf*th90J&u3;5t?-OT68J`dOzG&ou+yqDRbWBjQFOm$;(295@- z+Jtmv4>aS^CA<0@Ob2AK_FGC%z>?Dx?XobsAYeOp{4x?9UVcJKfpU>&&FrV?cC=@U z9?SfjD8J5KVdl)G9OPAX4z~&(QoJR_Or+cwS5A=`w7q#3K#44R;>D=bBP8J@dn^OP z(=XQZR?0vZ^AuP;=NpO<$)O0(cpt#PL&qUA#j6xME4$1|{@0adZ^G$bPh2_6=C;( z01iR%zH6E+y=}vNcAv1Ek{RMtG-riY*RqAH<98r>h>Q`Brzm-o8&!IhRt@zJEA3B> zMdKbSd(W86v!uq1;UZcMx~D;Zql`i6LbiLKr#QwuT>!}5p`?02Yae5umy97!-()W- z^^&`^m`&I(U<#RLXQhTM9i+TDX*!N-n!I7_3l=$enMR6D$vjO|HmSeeyt(q!@!*w2 zu>}k3iPwwDJ^VLDvOv0!s!m=kquFx?^sb#S-^m0mgH+0toP??b&@c`gdrHD4Y6!4D zN=Jdh=;PXaitN7%1t0$g6O&9zY+;bq8ZoxU^E8!ai^9&bWwv}3?^owMJ5CW{FQ z2-7%A(EA;*70()pNF@Gmdx$xj1*Gh)cosV7YH0)aFWxnvBzUWXR@5X$_mvV+i&C^TX^d22#VLDiI5{vP^4xYMD zUcLH*_rSANIbZRt-^pq^T|HFgRztDBcEyfy6d*Z)J7$Mt&J-PjObPbBJxojLoCrDH z?pw=N;Z6!ItLR7t5LY%gC7Ag=X~ctR$TqiZpKNKj|KFh$QL^{z2*&T``3)x&PS7h7 zODF0d3U}&;8-bSlzoUag|NYG2o+9bP4|0jY*P#^#gDF06;5hXVSMp`~gfJIql$}^uhrE zRy$cah>eLtFi=hqjoNbOQT0%u8)NF%N1@Ltxx)#f4ntDzq-tG(URY49tffO)dXfS3 zOLOW)zyFw`1Z5n<^uZXEpq9pASb6jKFhnH0<*_Lf+^htdcWBXqi<1{1juB(8iI-V+ zOYTqcS>@zcd4k^}n7ql-MWp^IO-?mwaEipk;l3>RzGCM}sU4=_=MwHO+NMe}`A%7g zt~+2f=U_s(7G$6OMsNnA9T2%lgc0qR*~VXF^-qKQL)X}W)^oc#ZHJ?I{0{NeBBX%^ z@!E)fpJwSU{~5k;gJOz$#eiz_|9*bt=l?m{KY6~9|JG5uh&N{ChfFSgt2EP9n9-GT zipE$$(Eqfr3U1$+W2& z!Fv{M*YSCH?}dC)*f-u<_>&CpSuxRC7?x0?hEBKjZQW0BmTvpk3AO2nOqUUeG!mHX ziShY{gz!wTqxy+pN9&&lcJzqT;2Bge$Kc+W_Ywe$J-7p6HcyPa-`o)A_dT zjZk`!S7$}fOK?}jDP)yB(EeE7%%zWmb=hkvEBbkB;m!#G zbfBvT`+B-9I^|sK_Laf9^M59``aDIQOg>I&;r|E6`<3@!rnXPV=SHvaYE3?7 z-#nR>#~`qTVJC?DZaoA%jV9=M25M&k%i!#)zUUM(i?EN@Ghp z+z}zE%RcHsxfX%;vHe^R$`}Mx&Q}DpuxH#xT@9A*^#6{e^BKCyV9ut5_qhOQqyNt< z?|)8D4>tPWT8d5oe+aJdYPo^hMNIecEg{`38l%KNXQ&HK-_lwS5f+azN< z(;5@qu(WNI0cQU3?`R=^RToS+iL@$PLeTzY?^IMj-6AAvDz7Zr$=18(TP4lYt_^im zX6yFj1@GA(>}dD}Q@)}{jL>W#+9W}{TRjZz$C##cS+t2?!8chj#xA!YdW|%QdvbX3CqkA2` zpaUgnJO9UrzW#r5u#x}PQyR~|Uix9p$~#1$rj8^Fb-%UWBh<7!a|uTsd9}I39GC8!yPiF+DR|x4vp1|9v{N*MMRBY!yNLdsVe?`79gq4G=$xwn|dIW z7d;TlLp^MadXG?g(0@8lQNP5Gy0p>%!;1g!!OLAQAX;35Ikx4zN{gXY0TdcwNX)CDN%~Ki<8LXM=k>j)pC8hPdUjDil=An7 z^gZ3}*B~TWVyr?Vx=*<;2wEO8x5Bh)C`{G}hX8M0{dQ{E-cyw~I zq5tbBo#=nfg+?duzLu;X0oyrWmpI}F+nwIbTsDb7G@Env&uv#faJ}gjYzb(4 zRnt)KFRvcJ2d2gGqSx5S|2E85U@jYxay1el~08{14W-bW+E((hO!hn zD;_XMbswAEcui}oO4e*`4my`^PHx?07Ajf8dAgZDOn*YY1oMH z=|k4ij;>)P_i_g1MUbc)uUUP^SY}u1y7D%F)vtWb4AhT7+3X%V5DDe+NArNwYMT;^5xvamZb#YuFK2!Fy;}6UjAc_?_i2D-hFW#n9Hn=HLkU+jfe2Ei(^0Vl=dgv zaJ6ko00?Jy+EX>SdL3p+8^L}7vZKHp-A_>_NV?yZOhlyhkJZR>-k2@>T=x-s`?aZI z-A_A**9|vdu@wc;w_iAVj!wGsh9;2970&pYwxt-S7 zAguKvnV|pTKX0-Zbn$kcwJ(wG(gwNA0$I)1!>Vm`^&plZGsTlLW1x&Uo*^>lHz+1q z!a@@mNX~6W>o#6uB4wmcMN{O9-=AHG>lcQLol?=={ITj?h%>?MaK=xMBM^;K0>!_! zm)TU^#x4}n4B(8T38Je|O1*(~o2zFj2hVWE>*wd-QKw)cU$j$|8Fzn)Y3Q(r8%95A z8~xG#qYghsjH$67tzqzi$@u-jPhU2r-~E5FWPLrrTKvBbkB|NQPY0(brp8cEZ|@2)OpaH>O)~tSCx(izz zl~t?{O9OQ&v1;Rflc0ySj?T4De_NlC)Q5JdZPIq{xefjRoZ=by17tW$P{zSwFJxVx z_j(N7dcnK92jimsFYA%e75saM#%|r!FK&o#kjlrTmbvn|^e_~A>=`FN!CBe>X501! z4587qC3W;c2P5}e3p#G)&ba)E#EB04pU`(Hfyv&lF(uh=WOS3Gc$M#ejt&nh?|)A> z@t@aIbaXC~{f&%(SlNffcraUKXzi5FfxG+=4_$*gxS=3SN z1g4zl>}+ojWy5>?4(BMra7gH6PyDqfst*T1bQ;eoMOnNsT>Cst$^8!ahR_jCb^xK^ zEy`0Eqak>q-ulYKU$WXz3o9u38yT_hFyn+SUf~($3d3wZ8zCx&q-udN&M=#z1pG!u z5)4Hg;>-noAi%P@d>%ZWr){9in%%%3N$?y}j3hSTQ(tgmVTJ(57{&YTZ1T+ae`y1%cmlxwa4 zm<{mZ!{9eEx-Dor04zswDN1!9@DCyGe*i6d9j`Es!KN%%`pAC?L^F~x#CuABZT6p| z13&)P(c%8){oh)O6!c!mg}p(1brPVnSJo^8QgnwICRvk6MAAe`Z8(NEh+C47_!ktC z8=xdjM=*Y;gdqw!nk*EUVsOQG(Q3|+0wZNXm9I=lK{-j7QfxDH4@idCu#Y(6&E%>D z5;Fi_A~D}BR{EBtDb6M;j;`dW;hFZBRj88B_~sJkjhSU3^eyy@!V*PW7%HyrLpXbw zx>2gB{hK8rNfC?CP*6;-O*Dh=zt7+u#3>x50)DqPH*-2c(e}2s2im`%xz{_rQ7{iI z-Otsfuz?KS%AoeqlomqrLpv(6T0Ig~ThX7;TC@7ni~plMC5su#dI|t-{Qvoh zZ~r+u-rvN3T1!#N>;(Z@!;WPCzONf*UbH zPrU$e;2JhUQK(IIH<)t?6;@zAvAW)`8c)g{C-_`Zca<^{+ek+n>1fr` zQ6K)l%-zqwwe$bu!{?{|{m=gX!G`~@qew2l(z~Chx%Uw)n2g6kE>01r7%?zHV?vQk z6|Zh5Fq794%HZo>C7i0epIM$F6~0HabcQKPf>$f)qP$#@yxiP=uqm0R2^b+j=b7a2 zfyFjp!!1X8w3ai z-^k6iEyo~t+!&)Y5vVi7cj}M>aIBn5k?d6W#dZMZqA5!81PiXD-Errf%pk`x6uU4% zqVHq~ew>Pppg~}<|HZb~Kkvxo;$nR9B2E#Q%prvtM~H!EXgC>)K4FUgi74AvS@%Z> zOi4zl09_f(JX6Ebz1@@Sue<@Z&}4|g{1Z`9LK&f$%ur>x8VbO(8A>qZC|&6J!n~NO zA-HuqfN4I3yD7RusT7Ye10+iqW=LSPkii%cWon60CfU9~<@WZKyEtP6`J5t`M7$;m zIx|bJ|CSdk>R?UDJ-8-`O;Z3Ahl9fSotzR5Vwj2X{r!q$msx_|qvY@4nU(>!#b)}u z`P@r2c&y7zi)M9{>a7-@U~j|nvh-QMJfe8-A`p=9T@K^PYxa+p+gIWUVby7#Gteerpecy@G&L$UPJ~GO4 zm@9?74L9b#RhB;Te@>ER!hg2O|Id$4D)B!Lo^R}bYbjFL7kp`D@_$Z}fb8EO^e-p# z%c?qgqs;WFWP>?Fi88Nci58%)Nz#j5$^mreg7uvA!-s(mz;YhPWS+@)Fp{j*Pop?v z)kaGxQ-ZJx=}Q2)aX{XZcPQ(CNK^A=QKIuq2-FuTWUS+S_)V7W+G0x$(t_v_&)@`I z&(rj#U-D7c&4p7ulO22DtT3%$=(r;LGRKrKeucQ$njPlJs=e$K2@uzpFFJO1efi=c z9bH~ubnNKz`eNCR*c4K9O^MLbube>XEr&4FZdoLhGNDh=E1bP!9WbaiTKdc(sjge@ zb1etXuK)O_&G`S(We@kZ?PEv_s#5z@r3+Fy#e`zMco5Z*h*cmx9J!1n#S4pv5+@s0 zNthbwQa@BV$w^8ki<_Jxm|T#IaSCz9m)p!1-nD=qVGx1_ou?SG=4Uuv(6&H55~A5d zHmd=!>{~B^MAH1GtI_(~V`FKXA12wi6vpTpQA`pOMqt_TH$r{*!Q~`1akd`5|I=!0 z`DSr~p?EGSkrJ-YI<2PH=mBW^xQV^?Jwvn$Gc4*pj2&S&pl(hQd7~w?4Tv*Dnf5r> ze|7PR7T6UnZgO~^p@-1qPS50OhJiE8FPx#cU%C#*X|<*ybvZpc-|9n8js|14f91^l znXFBH>_3b{j>hw}uLpSB`@j9;ivQQi>E`|4T8cFG+~|c}sRy{XTmFn5VAd3@!v(A| z;~$T&_{I@zm5yM_Bv7c5c6%964+H7wl5I4(NL>h70{d0D3~qlBy914bqIrM$2cu}uHsc2OgQjoAPrU# z;=qO?M-&=KMzUQQS`_?j8vYUmc(nY}I=|Ws#Q;?9kr~4Y+5wD!djvH3R-Tj6;ZkTb zM4j|L5C8j~=Zz%s5tk+TfAJ`}iv-Zd|Mx5LA5TvXk2m~(9mRY9zhVg>uuUFQ2Jo#f zT6?Wkl0mwtOq&U|UFo!8mNp#wPg9oV|HW(L4gx?s|M%bjojyN0-0=T(6#xDIss(_+ zKKa}wfZ&inS`naptpDgDK)K5{GC(&OAUtCmAz)KhRhH!coo)aB)`9;Y9_@Sl|K#Xk z^ZsWorFj3pV#dF*`*(PiyHcCKGi1-;@BCJ=_E%aq+3TIkCKaZ6rD{J}ZQ*TIHUD_e@#Yw(Qprk(u!^#C5(yfBfZ}cr*B4 ze54vO>NdWgZo|`Ru~IzS|7$4~|IZc60hUkV zpT+`EGv<%h1hBqa0DGftYyh2X0CiKgF#>GL3d)lF-+b(31Zd;`$A^CWkJF>)oBRK@ z6v^Iy)T;@;h78B676EdKXOJ#zR=6bzN}re3c$s@6mccpiP_j5+W9|$38H(y z!Zckf@|P+t{D1#w-}nF9-#^^E|6EIvNA@+u89*7Qi=5z$%ba{F`ss)k+Q#>q@3Wgg=cu^j-J29*GuX(@fUfU~sy0fI(q zh~9GwZ}T*ALN@F>{lCoEoLXUrL5`?S5YB)V<^u{5P2%c_AkA-s1zZ7<4Sy2?^p?~2 zYxoWU*}W10MISfpY1yHt3q&~{;}~+(s~;A_6j_ZsbfqHk_3K5)0&InSIfD}f zuIFj0yXiM;mEeON1|uJY10A2SUw3Y_$qv1}{rdc(R}XXq;|_3NzUPQ$Fa?(xM|2G1 zewzU4=0)ocT^h}yS4T##=)N#ZEl3COj1vkcDllfhE>y#==kof8ehZ%8by;r}hUX@O zIh&GxM^Q)c(M@~z)qld=4!h19&L$M~>`Axj0R3CY(LG#%^Xp6Smdtz7Oe$J*>E=5^ z@jnIQOl6$l^EoGy-qL>Kn&z-WXF7bTe2KZ}1wXS}cHwFyd4U<7%Vg$X&yz_{ZV+hS zq1SsfniBG^AH7j+x|~x=W{6MGoPpPfQylkOqM2&bkx}oyh8di=T)SU?aUYJocY`>{ z2^IUWkY08QGb{d&Yxx_K7Nqm*>+j#b>a&=lZHIyXfKo&W_`xA3uShIy(%q?vgyIpE zR72^G#n&)?H_vYrEngOikp!X{LVp}?^!wz#-I{mJ!Jany{n|=5{U2wTFK+;B(f^N5 zPW|{F`-dCQ8gb!Vt6>jMqUC6VdQ8yk*I2#i>(^<0^C?i01 zH!Vnju?e#3b}xjk3Ca+KT&Bn3LPq>Y3UbKUJ)sGcH+BdmU5pt8`_1x6q{7(-`;nw! zxh@hUCLd)nMrLCd$N@ zQ^bT|u|$`561EHk==7;>CP7RRw5u|P0hlDa;^13oxVM@{N`*;6GBy-#Rny{H-@f(_ zA}E_$Eu&B%Y7fUBuCLm06ZAa6OrjC_nBL`?y7J%ch~QnGb-^q{oJ|Sgy{FDJ>^pI$ zT_bYmif1H{!x3Z%+(XQ5qcJBcL}#bnl%Sjq1%wD}fsabzKL-cLht>O^ zla2hhj?yO8X=$kSp4LcauI>62X5FrNb@LoiCg^+?qrOcOq|&7HYsE}wR0qUIN$NHwP@3t#Ru%Ss6}rMB(f@<}=ZDq%|HDoEkF^xb zq^B|-ia(vJH);*T!=@&L$p?=2v+H z1in!vV7{vG??`&VN9ONc1+J!c;a%eI5WPLr4zb^znaOs0tT?}y9x^#acbLqXeXBD@ zJf7;T@Xk0@mY9@~ck>)XcL(AK85AS1HGGRw1Q{9@8T)F6;=7M~^Czi9g5HCnOf6~; zrSVz08rzuA7$xO`VMRz0<0u&phgBzkYyM>0x29zak`!jid74k*)qDm{S`agVezg5n z&$a8YUg8{>dx5EofrnoBoH$LQ77!H0YMokmggjGb3_}CbY-N*aM1Q`~pS`XlYgHp} zjsE~+N@hR7Sz15Hg54BzS#xZxQFRGPV0cx;=^RCs7yixMYlb)!qWCR&fn(n7p{@NQ zLK7QxwaE6&^Psa8h`?8MOOg2_nA8QDini<#AEvsZP1=t_evI zwVVigPHrySFFmC;Di>NFa1h!1(malAz-$}KgX80k{ckNrvByG#xyj+ZSn*{a{s-QdSa1D17!AvI)(ic| zG8`7ew%+TPAD_sAX!`GEMl5U~jkd&Ma$Or!C(W~Bbu=Dg#eDfB+ciW!^DL33Sw+0{ zOp>0_(X7V%9A=5B)4CuaXm9H6xt4u`hp=_^MJ3s`MCgiCm2 z!@@P9V?t-3RD2X?1ug|*U<&WV9-G1U$`+fVY{I8vyB(e!^^^pTxA9fJFYrOq{G(eD^&PbxgoBr znHnd+vztBOI(^Wem$q?I{l4;?a~Mx&DB~~0vBl2#`|#G!kClFsr91zZp*NQD0c+v^ z`zO!+{0|3*&o}SC)>67KU>$U&WN(HWaWu0Tkf{n>qq($N%et<5pn|u(6pdt{m~aAI z1N0XlKtvUD=!Xx3-Q8WgKNDovcmt@uovuZ9>hqTK`qYM;&2t z5Zwv;U?|7lm*89T22BVqN!c3%kOiLrxhC6b4sD84vn^dge=M6h4kwn4Vwyu8TZMEFfFv18!v&%n>$1)PLL3)#BZXVE3>)eujpmyw656nN+GYrE3%vTK8&^IJPQ7E=}1_H>;Eq236DG)zr#vrZ#0Ar6c|K-u3ho1KaNZP7h8z`hR$Gx{3e2 zmZJO=Dgn!+{bvQ{pGqvVUdEqF>&L$n#Is4+p<`Wfae1QKK?l7)H-wcXZoDb}Lp%U=#uzD93M9H+ zxFrg3VkHU!zG+du*5{;3(>wN|-7ABnx9tK^HUhcmGwj3m>0Tt7;Gdt{En-*sPd#{E z?g?ni`_F^pivE9aaI(LV|JG4-{3p4(E4%b7Vp#T*_DrkQOL?~6zI;navUC9sisTgN zy^I^xDXxb(3bko%!g8gaVq2orpB_h&Y>**UzkdB1xlu2QUt7zG`qzMbSUgcEghZKH zC)x(j3^A|-XRo%@H+=|Vr9x7u762$N%Qx4zvguYWNFMZq% z5Ysa9U8RFJaAqpR6^jhnBR51sUU$W2H(TaeLV zK_s9O2t|yfcSs5oGEq*|Yu@q6E2&qz^PPQQe6+W97986V-_M2vtTzYtUc*cpAPu3@ zQSmTmYP_6)0?C%qe6k*fACubjK$XVq`0i?&rnG_XmeN~-QhyCu`($PPLJ)cQ8!sgU z$nmEHX!bG1oPWQ4$+siY{kbdIjhZ@|sP`Ky;v z5T!~Aw_*XrIu#;BJwfnOWeg{XcQR+_pK%ferf=K4nEx9i*>(_fiC`ekh=j4rQ?~m> zQhhrpgvI1N_ygdKZ#Rtm&FHsc@F8J1jCNt|up^Pz$i)Tv6;k9k&{i6=AkNPd-c*HbF-{|qf^^#1A? z03K5&u%021P7$!=(P== zWhQ=Jn~}}nU1TfX+OB5WwzOn-AdlrNRxG94Um$Tf`iDOg@=7wwNupz#RNt~T@dmry zmOm6NOV#zM?RZP|>$eT|T`|8Ywf{UxR66h&vWj6gtn+&Km#LiI&eN(U-8f-IQz{ee zR1o(~+J92kw<+EEzkdC5Ewiijl>*xQzmE=m{(pFMyovw5mQwNmc2;^dKHy$zzItK6 zsn|^*aM88I0`~`BIB@rKjfmh>vIK=H=)Uga?m(Ly#{)QYb|DYp|5);Y(^nMiyN`pp zw`Df2=8si6(*HoV%kEsD-T&K<|9*7*eDnTiEk%;7oFqxHx+A%|EAs^k=1J}47Zil> z_@3Z-GP3ze01JmGt<42IPey$lzpqIGO2mPlzb5DJ(0s4Z0X($XdU?d;$>{S78r5-` zIxbN!H<*p1M|%i|E|4GQ+Y#OX-8?Y59H}*WV>C@tNRa3=U*(ajPR$BkK!QBybMyWF zw?6V8<#4&^53Taw@#(Su{_kLafAjutEkzMjl~#RqBA?2p-c!m`jV$ZHn=D-bI?ogW zBvXztUVg}q-Z=sJP7T^l9Hc*0c8#)~M4+x&o#Y@VuC9?07-Xe-8KG8?YZm3? zeAPLQ*2!RbBE=zb1V;&-mkdItRSIG46zr_9iWWUMRju2 z`0Jc5qMQ;=Vv+kr!Q)ji><>`n3!cD-&|WhvA-wwF?-=X zqic~amk(6BHs9mcjyeY`EvC5-`0idX#UfV7STMy&ce$>Et4a5Wpxz|7Na6obyC{$e zW^2yS6-m(Lb;yg?p}XEG2GLeV67(z1efLifZi|Dhiw^#e>lTtDf41fMsOT!Py8SH3 zlr}qI?>qXnh?!;rcAC>1(SNWe}LNQ;+RIe+(|2sN8_2a)D z9&O%#uBRxLr&kxqJdKrJ6g>AO_ z+T&cQz1Nx9ewJRl>1Sy3ZCRbxmHBg;dDXAZ-uTp_r##G5>=MV0CgR3ZxZbCF#Z&yw z%i>`FpvR0hwOXOM*kxCrkfFG%{C5{Go&LQo{>SmbsUQDi|L}AZ|934#QQ99aR%iUZ zi~GuYqD8%6hA6{~qs$FGBV!QB^X%^}@vGFUo~4*^RVnazKt84r8}B>FKxN}7D1mSoGJX%v zCKoBhvyineBoc|SRBd-nqEOSjYECGeAVJKAnVsdoy2_57t#08vUyn3NTh6pPS^7ET zI1YSLS%l?dm73q81T#f7{g;VNNUGVn(BhE`yZp(f4Bm6r9-ZBhbUs6l^}l=-8+b3M zscGGK*=!Vgi*L)ZH?O}27dMxE-aXoThRsG7HVGCC94OwW`yg_a1%0vIIGmH z?5T2zbrNXRFapD1KmOZZ(CHypw}<;BDvj^YJN~(28u#o`zOrW40<< z5dyWuWUI93K~mFgOrdj7{{Daw1^}y{fS2X4&ed#4RWYn21lfQ661j8KXQ9ID(2I<<6EYXQcA8efFGP52NpV=AQm^qbiy00) z!XE?T1)viZhj7lPH;4&tT=VM-%wlqf=psa+I;s30v(o<$tR@V* z39(@b7bZ;lXX-iiC@xUzx}%g^vYWG$JZDeq<8(O&aXM!l{fH9;-k}9Z2vV{5(0CNu^YG<=3FU_sRU+bkG`eKF2<}ZL_oV@9DA3 zEt^cwOO~$kpGtrJDDl6Jjt?vEzn-6N;=it?Se$5eqMtrN{RBQM&-~+xdD{EjmhjY< zCz0z^-@QaSHB*gpoT{=y>8&Q8f1}{0+I)WR_Ujg)e)8Sv|8qUm|3t-H#qd5p;Z|?H zZWm!Sr*BeUhtGZgpM!&q{ck-*lMa>cenl=odb9Kv0ClUU za0D{@yPGSJsol>TNVjqYPxa}EBv09SKhaaIQM2r+>O8%3kjA9SDlaq44fn|c$#)vPkZc*vCo9u`(k^7?DD+VS6s2Fmd)o#f zUG1*VNJ`h7d?TiR^rfHte;&tVp7pf@x7mLW4=eZo$0tV{`F|b7k^lAbu2>JyP?u8& zipEc<6#%G^==xH?J1k3S31%s(%7XdjDRl;o!xE~4*<)Q)2vhZ=(IhlNn+FGfCTX$Q zvHheuO*1|_sjeW%8{zJAC|%`0D^yEwBXFDicY5UC{~sP4ZSMcqQrx6At8)QR`(>HX z|8CPYxC2=IIpUTbooM$-Ld@Ez^^&zzyADzRo#;%fbQiEEwV$YEwfqcS2bx!=ZB_ov zegw;8-uft92_7hgI(wm;2-4~JhCM^4ieY$<4pl2q3g~DCqB=?f?njn3C;$H1?H7wPiQ>go-eGbhs zcN2;l>Gl&!M@{o%B#D*0sL_dK1&TaRt0`x;9(oh3&W=i7V=&GpfgCnX(p}L`uTyNV z(?ik$+gb7yj)o}q!?1~zJ_tXXD10Oa&rNYkSNWgNcPW9%QVKwe{C~24a_r0hM~55v ze=S8)#UJ(RuIk~B*)4r#{i4}ZJoYKJc(+GBMfHBqdrUJ&p)lW`Mx!v@_tGBBQZ=d% zrqT-ahhnaJ=?bP*RjexFk^8b$OGl6P)~8wQ-bme#B6SxVwUgLgyEXcV*iI)xnpRz4 z6@{Nt4o0duB4F_fa16WY}l+G^A^!_7%@lcN|g0x*}UOR~RmForl4 z-DWriIl&n>tfI2-gPBV-&_LD_3Ak7WunS(k&r!@#0)Ezwevvs;I8oVCqPBCew5acE z5YY>ir(`ih8Sf`kCsw=FNca`hZaCy>Pu!Sp$d-wv)e*TD5Y0%|8?{6>drZXs zMn?Tm`b{)=BxEiq$$BFcQ<6Otsf}i~DgV}4|BDgjyEB-sDsjjk_ufZzXRBkem+E2t8kxYLk2WUO54={#vvaP8 zxSHkxwCZP;gxRQY3E-dKB~15uuAk$lznM{S&7d8!D)yG>XAzJU)0WkS(&cb2x z@Ys=P>fv=#c&+BUn6WvcYIJ`-wf9Nh8P@LY?g+%qSwU79Fzxe-YV7d42fO{af3?Z) z-Q>SJlp;#@ejUO1-8|QCAX5^{1#XoA+wA{`r+)m0lcSSO{NJ?{xtD{>x;hVVxp{`c zPWrlnH-dV6QBifQpJcxxPI7PmH#Lb*BS8AN^zsLna}2(gAb<&2U`$rDYN1X#E>Bw zpjTSV$CS*#J?2xKnZ}j9lOqZ_p^9)M=snmn2fX+xQf(_5QHh+`IHvlr{QQSWD%-SW z3Nfx|*GDL@HbUJF=$doP>fajL$02uvdcO6k`R+eVY_DD9PLgytdb(!8S`mINJDec8Bj}L4sL~%yZ0;H4@l@!oShP)3z~13piRXc#HN2=$l7<1lMCK6? zMux#zQe+H-)9|UIC-DdwR6d{&&Mjyy|!X)PDct%l{`Q2OIyNwUj^vjK{hF3iq;{Zcqp7 z@im1zl8XKBUH*g*#uF(HC5lU^4t|i1P8UDn;XhtbpyjT9%6a*06^-tz*L~$S_dcJN zY1Cz*GZ3+FGmSUKt5Z+D^ zh%|MG%MpQ5+f@ ziixRd_l(RiH?2XWC&_(ku{9HOpSTd@dc3(q^qyjlJnWn<9Z&_+9fC;x9#w*7S-ov9 z;V!%>pIPZf|FzuF^WNW-Hu`^3jsJ3Ru!;Y&mf~b-5@dg2;WJ1H|1Vo(t1ZQdVKu%+}dIW|Aw`pTGWgE->2-CEr>dzE% zV7P4yxOi+Pm4QgksQCL1Q7-1{r}NjZ#K8V`^X4kD;gv*RMYYKauFVNxQ*v+qlnRt! z!V0z?cNyWvyar2kN$WpF)F_yDv zr?3fKaxg)hfgDn?Qjh_u9tZ&gbFovzicipcqrQo+a?{*Hn&=%?@HiPLqOd7lNU3BO z=y@?46lNM*xvge!AvOvG6tQ{AgqokvpVk zcxbOnh@XD+47C&ePch@ny#DcA#9v|7rW&-$|IhvW4<{$jH~AmdQrbvc?V3BZPOJLz zMkH``f|K_dkcWoa?%20~HMR{Uz=*1T6zL$}syqa%FQr4Rj2&>fCZ z2ZHaFHu`^bcvA8IJ>Jm&wUjpcU#@w7g0I@v)BF;4DEfrmT1QJ#pMv*q4o6V+dhi3M zug7KyIid_Rjsq^&BD4Tf6+9&(l<0(e_mXf_ObT{r7t9#{>Mv59R|N zK*I~dOSU1qpIhlg|Fa22jP+IkTJ1jv`@a1D{CGqE*HYT=QHwQSg6^xv4fMW*-YV4V zy1i+%}(*Whelrr%gz=@5?@_-TrCKL)De+Vk3&KElAoxBv-C55V5Je zbgnZG$vfw0V*z@c(u@8R+TG}5l@|Jccz9Hi{|`6uKh{%P>Azm{TEcJsZT-yd;*!)4 z%fBoZvBhWkja|(P2;sDG=%&+BqF3hy>Gl!Hst#eSk`m3iMAb{hy@>7IS>mNSuJ9^Z z|Ej`z2o3Wc-H#W2yJiG>tYsHAaskg1gOSQQbZsHl@^ptGDrm3j&txqMc=el=kBV7| zT#UB^Lc!Bat$(+qe+B#gTOGZ}{7Gxz!qzaNVy-xy*Tt+3a$`&0D8TuGhC2zis1XF` ziy6#62@Q|IDs^3PBG_N3dCx7oVc_d8efYm746C;P9UfQWKOa6nIoR<3b(A*#Z>@PJ z-OrHD8`Z8a%V}da+f`=G?&2#Q#LE^ae1%4L;qsJ6dy!x8MmM6DL9p>%z8;Vr%f(uR zrf2wij7!Axs(bHOkpjC(0n8Nvn)SBIaw_?t%W77o1T%TIkihQZpp2lps+lbHW1ECv zZ}SEr!Dgrrmk~<-8WIuA4D^-|e0xH%o9YFHx+Wdug~!})A)%y(92C>F71UEcd(os1 z|94|WT%@q$U0|#K$G)%spBx=*`2Si;8~?9a^Zs^V9ekypq}TM+?*DPu`%cio<6K&$%p5|GTS!t^OY;zW%q#|G2KwkN&TP^naFQ|3M^w z<>Y=t>NiD|2hjh{4?x@Hf1m!J?jLOOzpbV8r2h|k0D9N-0JOfNM_~nPdjMJ&U~zeF zu(~IpHBn0qZ`iy6{rpRa{tu@po#9DFC|XG$E%bl?g&f}@ zkV8JTzQZgT`~_raqKM2h6(JENiX#6X+e7tkkYuu@KndiCf)r!@m--P1H;LHC3KncJ0ckmbR1EiSD8Mu7$k`0DACBLDV4~95Fa8FgI zRNFd!GVj44wa1mlrRuZeFgekLL4#aBy;X=$-%LgX4|=?^?>&bA~g-7`P#G zDm^q~lraPjh6jVeHKcHcIHGJYP(KiQ=3G49P7%1Jb0j12FmSC-#16pxuM7|wJYEI* z`KyYuL-AtVaCtEPh>6w z{mdECQ3o~ndqUpV&bQo!9Bd9~f zCN-eQc#LBVQ$SHp80Lg7c0dd{OvwZgssRrR>|x3Xn89}lFj+U$`Ko zoX8PZu$5B~>nYf&fg~xtjFIik(Qr^xUo6m=q$#-WarK1^{I%>?pz>F_W6=9N#W5BG$|;%R5#}g4s{ytPzMf}ED%p&>R}|P03KGon z6fR6)CudjG%?RexXE@siFe7}5sM$drWr^4WDiE=SZ|&5Y;9D@yAw?P2KmZwoF^qAF zIh1j}V3zC=S_37gWJY8)w^uM)06xVu0Xd``BL;9*1L6*oR0m2Qt7vF?9)^R##Z)S2 zFCa(O!9LtS+27qi*xf%UYUuN7Djn^{sSN-1_00!@d0Yf}pCVwL(qjLP$(-^jfLVs` z5M_`SsWQfxG7j?jD8+HQ7!>;u6yw#j00NeySa1>`Kok_h-{ETiimf>)cJ2KX$5U}6 zKul(csZQ(TsyqNvu0V;~PAx=vfFws`gV4P02w?!Q zxsD)8TzaOoM{~Sko~IbG0YhRXIZ79j4Img#o42Fc7S^ed=kE^E#h@DqiX?kU1Q#_+ zFdPhiGSeB8jO93j5)_=EAy8WrP!uCEmsQ+wX2Tp5 zFl9OnErOPuf1%EtI!9t=Vv;HH!=%Y?OaztC`*dK>{X(pddrBaeYb!QNwx~ZmI19)W z2DD^{aL$R40b;=s2gS)$-PuIIZEM5;eeUFVV44Cchz<0LvM@asJi-E19B@fB5>n3j4Y<4!9RBO`o6DP_Zt~_W`0nM~mtX$`UR>T> zygI*peFM&4y#ha;zkPdtb$j{p2Ap5L02gnrUR>T@zPY;D8NB?D>$fj&Zor$j;PUnL ztIL-!cEIJ;#jEdMTwZ+(p8a@v``w%GZ^5g}*O#~FqRqAq?aeoX*Dv2*e0P3zd;az1 ztIOM;cEC56w^st$IVxkH)6n2bxNIYKG97m|7C*TLX2lf(%ph+5~* zl78yPYUrkg^`I&TO54AzYKFN}A{Q4(abo1dVzywK4wTA7QH*npH1bt_oD&(k*_CxUKf4mK1C3029$TJ}{N+mZcjfeT7sdQmYXcK>%VEzd^V0A~zQu36=K zE>`f0WMb`xgTaxz<7~lVI2arc!4;85OQ{qt%hIewn+o7!_$e5DtrD{TzI}QA;`Phn zELl+>t@r<@&wcyv@!`h*cP*v31$m|Nv (value at the top of the values.yaml). +default_redirection_url: "" +# default_redirection_url: https://example.com + +theme: light +## +## TOTP Configuration +## +## Parameters used for TOTP generation +totp: + ## The issuer name displayed in the Authenticator application of your choice + ## See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names + ## Defaults to . + issuer: "" + ## The period in seconds a one-time password is current for. Changing this will require all users to register + ## their TOTP applications again. Warning: before changing period read the docs link below. + period: 30 + ## The skew controls number of one-time passwords either side of the current one that are valid. + ## Warning: before changing skew read the docs link below. + ## See: https://www.authelia.com/docs/configuration/one-time-password.html#period-and-skew to read the documentation. + skew: 1 +## +## Password Policy Config +## +## Parameters used for Password Policies +password_policy: + ## See: https://www.authelia.com/configuration/security/password-policy/ + standard: + enabled: false + min_length: 8 + max_length: 0 + require_uppercase: false + require_lowercase: false + require_number: false + require_special: false + zxcvbn: + ## See https://www.authelia.com/configuration/security/password-policy/#zxcvbn for more info + enabled: false + min_score: 3 +## +## Duo Push API Configuration +## +## Parameters used to contact the Duo API. Those are generated when you protect an application of type +## "Partner Auth API" in the management panel. +duo_api: + enabled: false + hostname: api-123456789.example.com + integration_key: ABCDEF + plain_api_key: "" +## NTP settings +ntp: + address: "time.cloudflare.com:123" + version: 4 + max_desync: 3s + disable_startup_check: false + disable_failure: true +## +## Authentication Backend Provider Configuration +## +## Used for verifying user passwords and retrieve information such as email address and groups users belong to. +## +## The available providers are: `file`, `ldap`. You must use one and only one of these providers. +authentication_backend: + ## Disable both the HTML element and the API for reset password functionality + disable_reset_password: false + ## The amount of time to wait before we refresh data from the authentication backend. Uses duration notation. + ## To disable this feature set it to 'disable', this will slightly reduce security because for Authelia, users will + ## always belong to groups they belonged to at the time of login even if they have been removed from them in LDAP. + ## To force update on every request you can set this to '0' or 'always', this will increase processor demand. + ## See the below documentation for more information. + ## Duration Notation docs: https://www.authelia.com/docs/configuration/index.html#duration-notation-format + ## Refresh Interval docs: https://www.authelia.com/docs/configuration/authentication/ldap.html#refresh-interval + refresh_interval: 5m + ## LDAP backend configuration. + ## + ## This backend allows Authelia to be scaled to more + ## than one instance and therefore is recommended for + ## production. + ldap: + ## Enable LDAP Backend. + enabled: false + ## The LDAP implementation, this affects elements like the attribute utilised for resetting a password. + ## Acceptable options are as follows: + ## - 'activedirectory' - For Microsoft Active Directory. + ## - 'custom' - For custom specifications of attributes and filters. + ## This currently defaults to 'custom' to maintain existing behaviour. + ## + ## Depending on the option here certain other values in this section have a default value, notably all of the + ## attribute mappings have a default value that this config overrides, you can read more about these default values + ## at https://www.authelia.com/docs/configuration/authentication/ldap.html#defaults + implementation: activedirectory + ## The url to the ldap server. Format: ://
[:]. + ## Scheme can be ldap or ldaps in the format (port optional). + url: ldap://openldap.default.svc.cluster.local + ## Connection Timeout. + timeout: 5s + ## Use StartTLS with the LDAP connection. + start_tls: false + tls: + ## Server Name for certificate validation (in case it's not set correctly in the URL). + server_name: "" + ## Skip verifying the server certificate (to allow a self-signed certificate). + ## In preference to setting this we strongly recommend you add the public portion of the certificate to the + ## certificates directory which is defined by the `certificates_directory` option at the top of the config. + skip_verify: false + ## Minimum TLS version for either Secure LDAP or LDAP StartTLS. + minimum_version: TLS1.2 + ## The base dn for every LDAP query. + base_dn: DC=example,DC=com + ## The attribute holding the username of the user. This attribute is used to populate the username in the session + ## information. It was introduced due to #561 to handle case insensitive search queries. For you information, + ## Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually uses 'uid'. Beware that this + ## attribute holds the unique identifiers for the users binding the user and the configuration stored in database. + ## Therefore only single value attributes are allowed and the value must never be changed once attributed to a user + ## otherwise it would break the configuration for that user. Technically, non-unique attributes like 'mail' can also + ## be used but we don't recommend using them, we instead advise to use the attributes mentioned above + ## (sAMAccountName and uid) to follow https://www.ietf.org/rfc/rfc2307.txt. + username_attribute: "uid" + ## An additional dn to define the scope to all users. + additional_users_dn: OU=Users + ## The users filter used in search queries to find the user profile based on input filled in login form. + ## Various placeholders are available in the user filter: + ## - {input} is a placeholder replaced by what the user inputs in the login form. + ## - {username_attribute} is a mandatory placeholder replaced by what is configured in `username_attribute`. + ## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`. + ## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later + ## versions, so please don't use it. + ## + ## Recommended settings are as follows: + ## - Microsoft Active Directory: (&({username_attribute}={input})(objectCategory=person)(objectClass=user)) + ## - OpenLDAP: + ## - (&({username_attribute}={input})(objectClass=person)) + ## - (&({username_attribute}={input})(objectClass=inetOrgPerson)) + ## + ## To allow sign in both with username and email, one can use a filter like + ## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)) + users_filter: "" + ## An additional dn to define the scope of groups. + additional_groups_dn: OU=Groups + ## The groups filter used in search queries to find the groups of the user. + ## - {input} is a placeholder replaced by what the user inputs in the login form. + ## - {username} is a placeholder replace by the username stored in LDAP (based on `username_attribute`). + ## - {dn} is a matcher replaced by the user distinguished name, aka, user DN. + ## - {username_attribute} is a placeholder replaced by what is configured in `username_attribute`. + ## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`. + ## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later + ## versions, so please don't use it. + ## - DON'T USE - {1} is an alias for {username} supported for backward compatibility but it will be deprecated in + ## later version, so please don't use it. + ## + ## If your groups use the `groupOfUniqueNames` structure use this instead: + ## (&(uniquemember={dn})(objectclass=groupOfUniqueNames)) + groups_filter: "" + ## The attribute holding the name of the group + group_name_attribute: "cn" + ## The attribute holding the mail address of the user. If multiple email addresses are defined for a user, only the + ## first one returned by the LDAP server is used. + mail_attribute: "mail" + ## The attribute holding the display name of the user. This will be used to greet an authenticated user. + display_name_attribute: "displayname" + ## The username of the admin user. + user: CN=admin,DC=example,DC=com + plain_password: "" + ## + ## File (Authentication Provider) + ## + ## With this backend, the users database is stored in a file which is updated when users reset their passwords. + ## Therefore, this backend is meant to be used in a dev environment and not in production since it prevents Authelia + ## to be scaled to more than one instance. The options under 'password' have sane defaults, and as it has security + ## implications it is highly recommended you leave the default values. Before considering changing these settings + ## please read the docs page below: + ## https://www.authelia.com/docs/configuration/authentication/file.html#password-hash-algorithm-tuning + ## + ## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html + ## + file: + enabled: true + path: /config/users_database.yml + password: + algorithm: argon2id + iterations: 1 + key_length: 32 + salt_length: 16 + memory: 1024 + parallelism: 8 +## +## Access Control Configuration +## +## Access control is a list of rules defining the authorizations applied for one resource to users or group of users. +## +## If 'access_control' is not defined, ACL rules are disabled and the 'bypass' rule is applied, i.e., access is allowed +## to anyone. Otherwise restrictions follow the rules defined. +## +## Note: One can use the wildcard * to match any subdomain. +## It must stand at the beginning of the pattern. (example: *.mydomain.com) +## +## Note: You must put patterns containing wildcards between simple quotes for the YAML to be syntactically correct. +## +## Definition: A 'rule' is an object with the following keys: 'domain', 'subject', 'policy' and 'resources'. +## +## - 'domain' defines which domain or set of domains the rule applies to. +## +## - 'subject' defines the subject to apply authorizations to. This parameter is optional and matching any user if not +## provided. If provided, the parameter represents either a user or a group. It should be of the form +## 'user:' or 'group:'. +## +## - 'policy' is the policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'. +## +## - 'resources' is a list of regular expressions that matches a set of resources to apply the policy to. This parameter +## is optional and matches any resource if not provided. +## +## Note: the order of the rules is important. The first policy matching (domain, resource, subject) applies. +access_control: + ## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any + ## resource if there is no policy to be applied to the user. + default_policy: deny + networks: [] + # networks: + # - name: private + # networks: + # - 10.0.0.0/8 + # - 172.16.0.0/12 + # - 192.168.0.0/16 + # - name: vpn + # networks: + # - 10.9.0.0/16 + + rules: [] + # rules: + # - domain: public.example.com + # policy: bypass + # - domain: "*.example.com" + # policy: bypass + # methods: + # - OPTIONS + # - domain: secure.example.com + # policy: one_factor + # networks: + # - private + # - vpn + # - 192.168.1.0/24 + # - 10.0.0.1 + # - domain: + # - secure.example.com + # - private.example.com + # policy: two_factor + # - domain: singlefactor.example.com + # policy: one_factor + # - domain: "mx2.mail.example.com" + # subject: "group:admins" + # policy: deny + # - domain: "*.example.com" + # subject: + # - "group:admins" + # - "group:moderators" + # policy: two_factor + # - domain: dev.example.com + # resources: + # - "^/groups/dev/.*$" + # subject: "group:dev" + # policy: two_factor + # - domain: dev.example.com + # resources: + # - "^/users/john/.*$" + # subject: + # - ["group:dev", "user:john"] + # - "group:admins" + # policy: two_factor + # - domain: "{user}.example.com" + # policy: bypass +## +## Session Provider Configuration +## +## The session cookies identify the user once logged in. +## The available providers are: `memory`, `redis`. Memory is the provider unless redis is defined. +session: + ## The name of the session cookie. (default: authelia_session). + name: authelia_session + ## Sets the Cookie SameSite value. Possible options are none, lax, or strict. + ## Please read https://www.authelia.com/docs/configuration/session.html#same_site + same_site: lax + ## The time in seconds before the cookie expires and session is reset. + expiration: 1h + ## The inactivity time in seconds before the session is reset. + inactivity: 5m + ## The remember me duration. + ## Value is in seconds, or duration notation. Value of 0 disables remember me. + ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format + ## Longer periods are considered less secure because a stolen cookie will last longer giving attackers more time to + ## spy or attack. Currently the default is 1M or 1 month. + remember_me_duration: 1M +## +## Redis Provider +## +## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html +## +## The redis connection details +redisProvider: + port: 6379 + ## Optional username to be used with authentication. + # username: authelia + username: "" + ## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc). + database_index: 0 + ## The maximum number of concurrent active connections to Redis. + maximum_active_connections: 8 + ## The target number of idle connections to have open ready for work. Useful when opening connections is slow. + minimum_idle_connections: 0 + ## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s). + tls: + enabled: false + ## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option). + server_name: "" + ## Skip verifying the server certificate (to allow a self-signed certificate). + ## In preference to setting this we strongly recommend you add the public portion of the certificate to the + ## certificates directory which is defined by the `certificates_directory` option at the top of the config. + skip_verify: false + ## Minimum TLS version for the connection. + minimum_version: TLS1.2 + ## The Redis HA configuration options. + ## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name). + high_availability: + enabled: false + enabledSecret: false + ## Sentinel Name / Master Name + sentinel_name: mysentinel + ## The additional nodes to pre-seed the redis provider with (for sentinel). + ## If the host in the above section is defined, it will be combined with this list to connect to sentinel. + ## For high availability to be used you must have either defined; the host above or at least one node below. + nodes: [] + # nodes: + # - host: sentinel-0.databases.svc.cluster.local + # port: 26379 + # - host: sentinel-1.databases.svc.cluster.local + # port: 26379 + + ## Choose the host with the lowest latency. + route_by_latency: false + ## Choose the host randomly. + route_randomly: false +## +## Regulation Configuration +## +## This mechanism prevents attackers from brute forcing the first factor. It bans the user if too many attempts are done +## in a short period of time. +regulation: + ## The number of failed login attempts before user is banned. Set it to 0 to disable regulation. + max_retries: 3 + ## The time range during which the user can attempt login before being banned. The user is banned if the + ## authentication failed 'max_retries' times in a 'find_time' seconds window. Find Time accepts duration notation. + ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format + find_time: 2m + ## The length of time before a banned user can login again. Ban Time accepts duration notation. + ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format + ban_time: 5m +## +## Storage Provider Configuration +## +## The available providers are: `local`, `mysql`, `postgres`. You must use one and only one of these providers. +storage: + ## + ## PostgreSQL (Storage Provider) + ## + postgres: + port: 5432 + database: authelia + username: authelia + sslmode: disable + timeout: 5s +## +## Notification Provider +## +## +## Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration. +## The available providers are: filesystem, smtp. You must use one and only one of these providers. +notifier: + ## You can disable the notifier startup check by setting this to true. + disable_startup_check: false + ## + ## File System (Notification Provider) + ## + ## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html + ## + filesystem: + enabled: true + filename: /config/notification.txt + ## + ## SMTP (Notification Provider) + ## + ## Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate. + ## [Security] By default Authelia will: + ## - force all SMTP connections over TLS including unauthenticated connections + ## - use the disable_require_tls boolean value to disable this requirement + ## (only works for unauthenticated connections) + ## - validate the SMTP server x509 certificate during the TLS handshake against the hosts trusted certificates + ## (configure in tls section) + smtp: + enabled: false + enabledSecret: false + host: smtp.mail.svc.cluster.local + port: 25 + timeout: 5s + username: test + plain_password: test + sender: admin@example.com + ## HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost. + identifier: localhost + ## Subject configuration of the emails sent. + ## {title} is replaced by the text from the notifier + subject: "[Authelia] {title}" + ## This address is used during the startup check to verify the email configuration is correct. + ## It's not important what it is except if your email server only allows local delivery. + startup_check_address: test@authelia.com + disable_require_tls: false + disable_html_emails: false + tls: + ## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option). + server_name: "" + ## Skip verifying the server certificate (to allow a self-signed certificate). + ## In preference to setting this we strongly recommend you add the public portion of the certificate to the + ## certificates directory which is defined by the `certificates_directory` option at the top of the config. + skip_verify: false + ## Minimum TLS version for either StartTLS or SMTPS. + minimum_version: TLS1.2 +identity_providers: + oidc: + ## Enables this in the config map. Currently in beta stage. + ## See https://www.authelia.com/docs/configuration/identity-providers/oidc.html#roadmap + enabled: false + access_token_lifespan: 1h + authorize_code_lifespan: 1m + id_token_lifespan: 1h + refresh_token_lifespan: 90m + enable_client_debug_messages: false + ## SECURITY NOTICE: It's not recommended changing this option, and highly discouraged to have it below 8 for + ## security reasons. + minimum_parameter_entropy: 8 + clients: [] + # clients: + # - + ## The ID is the OpenID Connect ClientID which is used to link an application to a configuration. + # id: myapp +## The description to show to users when they end up on the consent screen. Defaults to the ID above. +# description: My Application + +## The client secret is a shared secret between Authelia and the consumer of this client. +# secret: apple123 + +## Sets the client to public. This should typically not be set, please see the documentation for usage. +# public: false + +## The policy to require for this client; one_factor or two_factor. +# authorization_policy: two_factor + +## Configures the consent mode; auto, explicit or implicit +# consent_mode: auto + +## Audience this client is allowed to request. +# audience: [] + +## Scopes this client is allowed to request. +# scopes: +# - openid +# - profile +# - email +# - groups + +## Redirect URI's specifies a list of valid case-sensitive callbacks for this client. +# redirect_uris: +# - https://oidc.example.com/oauth2/callback + +## Grant Types configures which grants this client can obtain. +## It's not recommended to configure this unless you know what you're doing. +# grant_types: +# - refresh_token +# - authorization_code + +## Response Types configures which responses this client can be sent. +## It's not recommended to configure this unless you know what you're doing. +# response_types: +# - code + +## Response Modes configures which response modes this client supports. +## It's not recommended to configure this unless you know what you're doing. +# response_modes: +# - form_post +# - query +# - fragment + +## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256. +# userinfo_signing_algorithm: none + +portal: + open: + enabled: true diff --git a/enterprise/authelia/20.0.4/questions.yaml b/enterprise/authelia/20.0.4/questions.yaml new file mode 100644 index 00000000000..00e0f412b16 --- /dev/null +++ b/enterprise/authelia/20.0.4/questions.yaml @@ -0,0 +1,4201 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 2 + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + + - variable: imagePullSecretList + group: "General Settings" + label: "Image Pull Secrets" + schema: + type: list + default: [] + items: + - variable: pullsecretentry + label: "Pull Secret" + schema: + type: dict + additional_attrs: true + attrs: + - variable: registry + label: "Registry" + schema: + type: string + required: true + default: "https://index.docker.io/v1/" + - variable: username + label: "Username" + schema: + type: string + required: true + default: "" + - variable: password + label: "Password" + schema: + type: string + required: true + default: "" + - variable: email + label: "Email" + schema: + type: string + required: true + default: "" + - variable: domain + group: "App Configuration" + label: "Domain" + description: "The highest domain level possible, for example: domain.com when using app.domain.com" + schema: + type: string + default: "" + required: true + - variable: default_redirection_url + group: "App Configuration" + label: "Default Redirection URL" + description: "If user tries to authenticate without any referrer, this is used" + schema: + type: string + default: "" + valid_chars: '^https?:\/\/(.*)' + - variable: theme + group: "App Configuration" + label: "Theme" + schema: + type: string + default: "auto" + enum: + - value: "auto" + description: "auto" + - value: "light" + description: "light" + - value: "grey" + description: "grey" + - value: "dark" + description: "dark" + - variable: log + group: "App Configuration" + label: "Log Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: level + label: "Log Level" + schema: + type: string + default: "info" + enum: + - value: "info" + description: "info" + - value: "debug" + description: "debug" + - value: "trace" + description: "trace" + - variable: format + label: "Log Format" + schema: + type: string + default: "text" + enum: + - value: "json" + description: "json" + - value: "text" + description: "text" + - variable: totp + group: "App Configuration" + label: "TOTP Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: issuer + label: "Issuer" + description: "The issuer name displayed in the Authenticator application of your choice" + schema: + type: string + default: "" + - variable: period + label: "Period" + description: "The period in seconds a one-time password is current for" + schema: + type: int + default: 30 + - variable: skew + label: "skew" + description: "Controls number of one-time passwords either side of the current one that are valid." + schema: + type: int + default: 1 + - variable: password_policy + group: "App Configuration" + label: "Password Policy Configuration" + description: "Authelia allows administrators to configure an enforced password policy." + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: standard + label: Standard + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + - variable: min_length + label: "Minimum Password Length" + description: "Minimum Password Length" + schema: + type: int + required: true + show_if: [["enabled", "=", true]] + default: 8 + - variable: max_length + label: "Max Passsword Length" + description: "Max Password Length" + schema: + type: int + required: true + show_if: [["enabled", "=", true]] + default: 0 + - variable: require_uppercase + label: "Require Upppercase" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + required: true + - variable: require_lowercase + label: "Require Lowercase" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + required: true + - variable: require_number + label: "Require Numbers" + description: "Require Numbers in the password" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + required: true + - variable: require_special + label: "Require Special Characters" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: zxcvbn + label: zxcvbn + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + required: true + - variable: min_score + label: "Min Score" + schema: + type: int + required: true + show_if: [["enabled", "=", true]] + default: 3 + - variable: duo_api + group: "App Configuration" + label: "DUO API Configuration" + description: "Parameters used to contact the Duo API." + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostname + label: "Hostname" + schema: + type: string + required: true + default: "" + - variable: integration_key + label: "integration_key" + schema: + type: string + default: "" + required: true + - variable: plain_api_key + label: "plain_api_key" + schema: + type: string + default: "" + required: true + - variable: session + group: "App Configuration" + label: "Session Provider" + description: "The session cookies identify the user once logged in." + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Cookie Name" + description: | + The name of the session cookie. By default this is set to authelia_session. + It’s mostly useful to change this if you are doing development or running multiple instances of Authelia. + schema: + type: string + required: true + default: "authelia_session" + - variable: same_site + label: "SameSite Value" + description: | + You can read about the SameSite cookie in detail on the MDN. In short setting SameSite to Lax is generally + the most desirable option for Authelia. None is not recommended unless you absolutely know what you’re doing + and trust all the protected apps. Strict is not going to work in many use cases and we have not tested it in + this state but it’s available as an option anyway. + schema: + type: string + default: "lax" + enum: + - value: "lax" + description: "lax" + - value: "strict" + description: "strict" + - variable: expiration + label: "Expiration Time" + description: | + The period of time before the cookie expires and the session is destroyed. This is overriden by + remember_me_duration when the remember me box is checked. + schema: + type: string + default: "1h" + required: true + - variable: inactivity + label: "Inactivity Time" + description: | + The period of time the user can be inactive for until the session is destroyed when the remember me box is + not checked or is otherwise disabled. Useful if you want long session timers but don’t want unused devices to be vulnerable. + schema: + type: string + default: "5m" + required: true + - variable: remember_me_duration + label: "Remember-Me duration" + description: | + The period of time before the cookie expires and the session is destroyed when the remember me box is checked, a user + selecting this option negates the inactivity timeout. Setting this to -1 disables this feature entirely. + schema: + type: string + default: "5M" + required: true + - variable: regulation + group: "App Configuration" + label: "Regulation Configuration" + description: "This mechanism prevents attackers from brute forcing the first factor." + schema: + additional_attrs: true + type: dict + attrs: + - variable: max_retries + label: "Maximum Retries" + description: "The number of failed login attempts before user is banned. Set it to 0 to disable regulation." + schema: + type: int + default: 3 + - variable: find_time + label: "Find Time" + description: | + The period of time analyzed for failed attempts. For example if you set max_retries to 3 and find_time to + 2m this means the user must have 3 failed logins in 2 minutes. + schema: + type: string + default: "2m" + required: true + - variable: ban_time + label: "Ban Duration" + description: | + The period of time the user is banned for after meeting the max_retries and find_time configuration. + After this duration the account will be able to login again. + schema: + type: string + default: "5m" + required: true + - variable: authentication_backend + group: "App Configuration" + label: "Authentication Backend Provider" + description: | + Used for verifying user passwords and retrieve information such as email + address and groups users belong to. + schema: + additional_attrs: true + type: dict + attrs: + - variable: disable_reset_password + label: "Disable Reset Password" + description: "Disable both the HTML element and the API for reset password functionality" + schema: + type: boolean + default: false + - variable: refresh_interval + label: "Reset Interval" + description: "The amount of time to wait before we refresh data from the authentication backend" + schema: + type: string + default: "5m" + required: true + - variable: ldap + label: "LDAP backend configuration" + description: "Used for verifying user passwords and retrieve information such as email address and groups users belong to" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: implementation + label: "Implementation" + description: "The LDAP implementation, this affects elements like the attribute utilized for resetting a password" + schema: + type: string + default: "custom" + enum: + - value: "activedirectory" + description: "Active Directory" + - value: "custom" + description: "Custom" + - variable: url + label: "URL" + description: "The url to the ldap server. Format: ://
[:]" + schema: + type: string + default: "ldap://openldap.default.svc.cluster.local" + required: true + - variable: timeout + label: "Connection Timeout" + schema: + type: string + default: "5s" + required: true + - variable: start_tls + label: "Start TLS" + description: "Use StartTLS with the LDAP connection" + schema: + type: boolean + default: false + - variable: tls + label: "TLS Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: server_name + label: "Server Name" + description: "Server Name for certificate validation (in case it's not set correctly in the URL)." + schema: + type: string + default: "" + - variable: skip_verify + label: "Skip Certificate Verification" + description: "Skip verifying the server certificate (to allow a self-signed certificate)" + schema: + type: boolean + default: false + - variable: minimum_version + label: "Minimum TLS version" + description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS." + schema: + type: string + default: "TLS1.2" + enum: + - value: "TLS1.0" + description: "TLS1.0" + - value: "TLS1.1" + description: "TLS1.1" + - value: "TLS1.2" + description: "TLS1.2" + - value: "TLS1.3" + description: "TLS1.3" + - variable: base_dn + label: "Base DN" + description: "The base dn for every LDAP query." + schema: + type: string + default: "DC=example,DC=com" + required: true + - variable: username_attribute + label: "Username Attribute" + description: "The attribute holding the username of the user" + schema: + type: string + default: "uid" + required: true + - variable: additional_users_dn + label: "Additional Users DN" + description: "An additional dn to define the scope to all users." + schema: + type: string + default: "OU=people" + required: true + - variable: users_filter + label: "Users Filter" + description: "The groups filter used in search queries to find the groups of the user." + schema: + type: string + default: "" + required: true + - variable: additional_groups_dn + label: "Additional Groups DN" + description: "An additional dn to define the scope of groups." + schema: + type: string + default: "OU=Groups" + required: true + - variable: groups_filter + label: "Groups Filter" + description: "The groups filter used in search queries to find the groups of the user." + schema: + type: string + default: "" + required: true + - variable: group_name_attribute + label: "Group name Attribute" + description: "The attribute holding the name of the group" + schema: + type: string + default: "cn" + required: true + - variable: mail_attribute + label: "Mail Attribute" + description: "The attribute holding the primary mail address of the user" + schema: + type: string + default: "mail" + required: true + - variable: display_name_attribute + label: "Display Name Attribute" + description: "he attribute holding the display name of the user. This will be used to greet an authenticated user." + schema: + type: string + default: "displayName" + - variable: user + label: "Admin User" + description: "The username of the admin user used to connect to LDAP." + schema: + type: string + default: "CN=admin,ou=people,DC=example,DC=com" + required: true + - variable: plain_password + label: "Password" + schema: + type: string + default: "" + required: true + - variable: file + label: "File backend configuration" + description: "With this backend, the users database is stored in a file which is updated when users reset their passwords." + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: path + label: "Path" + schema: + type: string + default: "/config/users_database.yml" + required: true + - variable: password + label: "Password Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: algorithm + label: "Algorithm" + schema: + type: string + default: "argon2id" + enum: + - value: "argon2id" + description: "argon2id" + - value: "sha512" + description: "sha512" + - variable: iterations + label: "Iterations" + schema: + type: int + default: 1 + required: true + - variable: key_length + label: "Key Length" + schema: + type: int + default: 32 + required: true + - variable: salt_length + label: "Salt Length" + schema: + type: int + default: 16 + required: true + - variable: memory + label: "Memory" + schema: + type: int + default: 1024 + required: true + - variable: parallelism + label: "Parallelism" + schema: + type: int + default: 8 + required: true + - variable: notifier + group: "App Configuration" + label: "Notifier Configuration" + description: "Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration." + schema: + additional_attrs: true + type: dict + attrs: + - variable: disable_startup_check + label: "Disable Startup Check" + schema: + type: boolean + default: false + - variable: filesystem + label: "Filesystem Provider" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: filename + label: "File Path" + schema: + type: string + default: "/config/notification.txt" + required: true + - variable: smtp + label: "SMTP Provider" + description: "Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate." + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: host + label: "Host" + schema: + type: string + default: "smtp.mail.svc.cluster.local" + required: true + - variable: port + label: "Port" + schema: + type: int + default: 25 + required: true + - variable: timeout + label: "Timeout" + schema: + type: string + default: "5s" + required: true + - variable: username + label: "Username" + schema: + type: string + default: "" + - variable: plain_password + label: "Password" + schema: + type: string + default: "" + - variable: sender + label: "Sender" + schema: + type: string + default: "" + required: true + - variable: identifier + label: "Identifier" + description: "HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost." + schema: + type: string + default: "localhost" + required: true + - variable: subject + label: "Subject" + description: "Subject configuration of the emails sent, {title} is replaced by the text from the notifier" + schema: + type: string + default: "[Authelia] {title}" + required: true + - variable: startup_check_address + label: "Startup Check Address" + description: "This address is used during the startup check to verify the email configuration is correct." + schema: + type: string + default: "test@authelia.com" + required: true + - variable: disable_require_tls + label: "Disable Require TLS" + schema: + type: boolean + default: false + - variable: disable_html_emails + label: "Disable HTML emails" + schema: + type: boolean + default: false + - variable: tls + label: "TLS Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: server_name + label: "Server Name" + description: "Server Name for certificate validation (in case it's not set correctly in the URL)." + schema: + type: string + default: "" + - variable: skip_verify + label: "Skip Certificate Verification" + description: "Skip verifying the server certificate (to allow a self-signed certificate)" + schema: + type: boolean + default: false + - variable: minimum_version + label: "Minimum TLS version" + description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS." + schema: + type: string + default: "TLS1.2" + enum: + - value: "TLS1.0" + description: "TLS1.0" + - value: "TLS1.1" + description: "TLS1.1" + - value: "TLS1.2" + description: "TLS1.2" + - value: "TLS1.3" + description: "TLS1.3" + - variable: access_control + group: "App Configuration" + label: "Access Control Configuration" + description: "Access control is a list of rules defining the authorizations applied for one resource to users or group of users." + schema: + additional_attrs: true + type: dict + attrs: + - variable: default_policy + label: "Default Policy" + description: | + The default policy defines the policy applied if no rules section apply to the information known about the request. + It is recommended that this is configured to deny for security reasons. Sites which you do not wish to secure at all + with Authelia should not be configured in your reverse proxy to perform authentication with Authelia at all for performance reasons. + schema: + type: string + default: "deny" + enum: + - value: "bypass" + description: "bypass" + - value: "one_factor" + description: "one_factor" + - value: "two_factor" + description: "two_factor" + - value: "deny" + description: "deny" + - variable: networks + label: "Networks" + schema: + type: list + default: [] + items: + - variable: networkItem + label: "Network Item" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + default: "" + required: true + - variable: networks + label: "Networks" + schema: + type: list + default: [] + items: + - variable: network + label: "network" + schema: + type: string + default: "" + required: true + - variable: rules + label: "Rules" + schema: + type: list + default: [] + items: + - variable: rulesItem + label: "Rule" + schema: + additional_attrs: true + type: dict + attrs: + - variable: domain + label: "Domains" + description: "Defines which domain or set of domains the rule applies to." + schema: + type: list + default: [] + items: + - variable: domainEntry + label: "Domain" + schema: + type: string + default: "" + required: true + - variable: policy + label: "Policy" + description: | + The specific policy to apply to the selected rule. This is not criteria for a match, this is the + action to take when a match is made. + schema: + type: string + default: "two_factor" + enum: + - value: "bypass" + description: "bypass" + - value: "one_factor" + description: "one_factor" + - value: "two_factor" + description: "two_factor" + - value: "deny" + description: "deny" + - variable: subject + label: "Subject" + description: | + This criteria matches identifying characteristics about the subject. Currently this is either + user or groups the user belongs to. This allows you to effectively control exactly what each user is + authorized to access or to specifically require two-factor authentication to specific users. Subjects + are prefixed with either user: or group: to identify which part of the identity to check. + schema: + type: list + default: [] + items: + - variable: subjectitem + label: "Subject" + schema: + type: string + default: "" + required: true + - variable: networks + label: "Networks" + schema: + type: list + default: [] + items: + - variable: network + label: "Network" + schema: + type: string + default: "" + required: true + - variable: resources + label: "Resources" + description: "is a list of regular expressions that matches a set of resources to apply the policy to" + schema: + type: list + default: [] + items: + - variable: resource + label: "Resource" + schema: + type: string + default: "" + required: true + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 9091 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + additional_attrs: true + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + additional_attrs: true + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistence + label: Integrated Persistent Storage + description: Integrated Persistent Storage + group: Storage and Persistence + schema: + additional_attrs: true + type: dict + attrs: + - variable: config + label: "App Config Storage" + description: "Stores the Application Configuration." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - value: iscsi + description: iSCSI Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: iscsi + label: iSCSI Options + schema: + show_if: [["type", "=", "iscsi"]] + type: dict + additional_attrs: true + attrs: + - variable: targetPortal + label: targetPortal + schema: + type: string + required: true + default: "" + - variable: iqn + label: iqn + schema: + type: string + required: true + default: "" + - variable: lun + label: lun + schema: + type: int + default: 0 + - variable: authSession + label: authSession + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: authDiscovery + label: authDiscovery + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: storageClass + label: 'storageClass (Advanced)' + description: 'sets the storageClass to something other than iX default. Only for advanced usecases!' + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "" + - variable: static + label: 'Static Fixed PVC Bindings (Experimental)' + description: Link a PVC to a specific storage location + schema: + show_if: [["type", "=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: mode + label: mode + description: | + disabled: use normal dynamic PVCs + smb: connect to an SMB share + nfs: connect to an NFS share + schema: + type: string + default: "disabled" + enum: + - value: disabled + description: disabled + - value: smb + description: smb + - value: nfs + description: nfs + - variable: server + label: Server + description: server to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "myserver" + - variable: share + label: Share + description: share to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "/myshare" + - variable: user + label: User + description: connecting user + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "myuser" + - variable: domain + label: Domain + description: user domain + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: password + label: Password + description: connecting password + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: volumeSnapshots + label: 'Volume Snapshots (Experimental)' + description: Add an entry to the list to force creation of a volumeSnapshot of this PVC + schema: + show_if: [["type", "=", "pvc"]] + type: list + default: [] + items: + - variable: volumeSnapshotEntry + label: Custom volumeSnapshot + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: 'WARNING: renaming this, means deletion of the snapshot with the old name!' + schema: + type: string + default: "mysnapshot" + required: true + - variable: volumeSnapshotClassName + label: 'volumeSnapshot Class Name (Advanced)' + description: For use with PVCs using a non-default storageClass + schema: + type: string + default: "" + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: iscsi + label: iSCSI Options + schema: + show_if: [["type", "=", "iscsi"]] + type: dict + additional_attrs: true + attrs: + - variable: targetPortal + label: targetPortal + schema: + type: string + required: true + default: "" + - variable: iqn + label: iqn + schema: + type: string + required: true + default: "" + - variable: lun + label: lun + schema: + type: int + default: 0 + - variable: authSession + label: authSession + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: authDiscovery + label: authDiscovery + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: storageClass + label: 'storageClass (Advanced)' + description: 'sets the storageClass to something other than iX default. Only for advanced usecases!' + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "" + - variable: static + label: 'Static Fixed PVC Bindings (Experimental)' + description: Link a PVC to a specific storage location + schema: + show_if: [["type", "=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: mode + label: mode + description: | + disabled: use normal dynamic PVCs + smb: connect to an SMB share + nfs: connect to an NFS share + schema: + type: string + default: "disabled" + enum: + - value: "disabled" + description: disabled + - value: smb + description: smb + - value: nfs + description: nfs + - variable: server + label: Server + description: server to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "myserver" + - variable: share + label: Share + description: share to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "/myshare" + - variable: user + label: User + description: connecting user + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "myuser" + - variable: domain + label: Domain + description: user domain + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: password + label: Password + description: connecting password + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: volumeSnapshots + label: 'Volume Snapshots (Experimental)' + description: Add an entry to the list to force creation of a volumeSnapshot of this PVC + schema: + show_if: [["type", "=", "pvc"]] + type: list + default: [] + items: + - variable: volumeSnapshotEntry + label: Custom volumeSnapshot + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: 'WARNING: renaming this, means deletion of the snapshot with the old name!' + schema: + type: string + default: "mysnapshot" + required: true + - variable: volumeSnapshotClassName + label: 'volumeSnapshot Class Name (Advanced)' + description: For use with PVCs using a non-default storageClass + schema: + type: string + default: "" + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [{path: "/", pathType: "Prefix"}] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + + + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: namespace + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description + description: defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: scaleCert + label: 'Use TrueNAS SCALE Certificate (Deprecated)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["certificateIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: namespace + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description + description: defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: scaleGPUEntry + label: GPU + schema: + additional_attrs: true + type: dict + attrs: + # Specify GPU configuration + - variable: gpu + label: Select GPU + schema: + additional_attrs: true + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + - variable: workaround + label: "Workaround" + schema: + type: string + default: workaround + hidden: true + - variable: cnpg + group: Postgresql + label: "CloudNative-PG (CNPG)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Postgresql Database" + schema: + additional_attrs: true + type: dict + attrs: + - variable: hibernate + label: Hibernate + description: "enable to safely hibernate and shutdown the postgresql cluster" + schema: + type: boolean + default: false + - variable: cluster + label: "Cluster Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: instances + label: Instances + schema: + type: int + default: 1 + - variable: singleNode + label: singleNode + schema: + type: boolean + default: true + hidden: true + - variable: storage + label: "Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: size + label: Size + schema: + type: string + default: "256Gi" + - variable: walStorage + label: "WAL Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: size + label: Size + schema: + type: string + default: "256Gi" + - variable: monitoring + label: "Monitoring Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enablePodMonitor + label: "enablePodMonitor" + schema: + type: boolean + default: true + - variable: disableDefaultQueries + label: "disableDefaultQueries" + schema: + type: boolean + default: false + - variable: pooler + label: "Pooler Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: instances + label: Instances + schema: + type: int + default: 1 + - variable: createRO + label: "Create ReadOnly Instance" + schema: + type: boolean + default: false + - variable: recovery + label: "Recovery Settings (Experimental)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + - variable: endpointURL + label: "endpointURL" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: method + label: "method" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "object_store" + - variable: backupName + label: "backupName" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: provider + label: "provider" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "s3" + - variable: s3 + label: "s3" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "s3"], ["enabled", "=", true]] + attrs: + - variable: region + label: "region" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: bucket + label: "bucket" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: path + label: "path" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "/" + - variable: accessKey + label: "accessKey" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: secretKey + label: "secretKey" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: azure + label: "azure (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "azure"], ["enabled", "=", true]] + attrs: + - variable: path + label: "path" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "/" + - variable: connectionString + label: "connectionString" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: storageAccount + label: "storageAccount" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: storageKey + label: "storageKey" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: storageSasToken + label: "storageSasToken" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: containerName + label: "containerName" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: serviceName + label: "serviceName" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "blob" + - variable: inheritFromAzureAD + label: "inheritFromAzureAD" + schema: + type: boolean + show_if: [["enabled", "=", true]] + default: false + - variable: google + label: "google (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "google"], ["enabled", "=", true]] + attrs: + - variable: path + label: "path" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "/" + - variable: bucket + label: "bucket" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: gkeEnvironment + label: "gkeEnvironment" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: applicationCredentials + label: "applicationCredentials" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: backups + label: "Backup Settings (Experimental)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + - variable: endpointURL + label: "endpointURL" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: destinationPath + label: "destinationPath" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: retentionPolicy + label: "retentionPolicy" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "30d" + - variable: provider + label: "provider" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "s3" + - variable: s3 + label: "s3" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "s3"], ["enabled", "=", true]] + attrs: + - variable: region + label: "region" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: bucket + label: "bucket" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: path + label: "path" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "/" + - variable: accessKey + label: "accessKey" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: secretKey + label: "secretKey" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: azure + label: "azure (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "azure"], ["enabled", "=", true]] + attrs: + - variable: path + label: "path" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "/" + - variable: connectionString + label: "connectionString" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: storageAccount + label: "storageAccount" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: storageKey + label: "storageKey" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: storageSasToken + label: "storageSasToken" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: containerName + label: "containerName" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: serviceName + label: "serviceName" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "blob" + - variable: inheritFromAzureAD + label: "inheritFromAzureAD" + schema: + type: boolean + show_if: [["enabled", "=", true]] + default: false + - variable: google + label: "google (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "google"], ["enabled", "=", true]] + attrs: + - variable: path + label: "path" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "/" + - variable: bucket + label: "bucket" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: gkeEnvironment + label: "gkeEnvironment" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: applicationCredentials + label: "applicationCredentials" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: scheduledBackups + label: ScheduledBackups + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: backupschedule + label: BackupSchedule + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "daily-backup" + required: true + - variable: schedule + label: schedule + schema: + type: string + required: true + default: "0 0 0 * * *" + - variable: backupOwnerReference + label: backupOwnerReference + schema: + type: string + required: true + default: "self" + - variable: immediate + label: immediate + schema: + type: boolean + default: false + - variable: suspend + label: suspend + schema: + type: boolean + default: false + - variable: manualBackups + label: manualBackups + schema: + type: list + default: [] + items: + - variable: backup + label: Backup + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: identity_providers + group: "Advanced" + label: "Authelia Identity Providers (BETA)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: oidc + label: "OpenID Connect(BETA)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: access_token_lifespan + label: "Access Token Lifespan" + schema: + type: string + default: "1h" + required: true + - variable: authorize_code_lifespan + label: "Authorize Code Lifespan" + schema: + type: string + default: "1m" + required: true + - variable: id_token_lifespan + label: "ID Token Lifespan" + schema: + type: string + default: "1h" + required: true + - variable: refresh_token_lifespan + label: "Refresh Token Lifespan" + schema: + type: string + default: "90m" + required: true + - variable: enable_client_debug_messages + label: "Enable Client Debug Messages" + schema: + type: boolean + default: false + - variable: clients + label: "Clients" + schema: + type: list + default: [] + items: + - variable: clientEntry + label: "Client" + schema: + additional_attrs: true + type: dict + attrs: + - variable: id + label: "ID/Name" + description: "The ID is the OpenID Connect ClientID which is used to link an application to a configuration." + schema: + type: string + default: "myapp" + required: true + - variable: description + label: "Description" + description: "The description to show to users when they end up on the consent screen. Defaults to the ID above." + schema: + type: string + default: "My Application" + required: true + - variable: secret + label: "Secret" + description: "The client secret is a shared secret between Authelia and the consumer of this client." + schema: + type: string + default: "" + required: true + - variable: public + label: "public" + description: "Sets the client to public. This should typically not be set, please see the documentation for usage." + schema: + type: boolean + default: false + - variable: authorization_policy + label: "Authorization Policy" + description: "The policy to require for this client; one_factor or two_factor." + schema: + type: string + default: "two_factor" + enum: + - value: "one_factor" + description: "one_factor" + - value: "two_factor" + description: "two_factor" + - variable: consent_mode + label: "Consent Mode" + description: | + Configures the consent mode. This can be set to auto (default), explicit (consent required every time) or + implicit (automatically assumes consent for every authorization, never asking the user if they wish to give consent.) + schema: + type: string + default: "auto" + enum: + - value: "auto" + description: "auto" + - value: "explicit" + description: "explicit" + - value: "implicit" + description: "implicit" + - variable: userinfo_signing_algorithm + label: "Userinfo Signing Algorithm" + description: "The algorithm used to sign userinfo endpoint responses for this client, either none or RS256." + schema: + type: string + default: "none" + enum: + - value: "none" + description: "none" + - value: "RS256" + description: "RS256" + - variable: audience + label: "Audience" + description: "Audience this client is allowed to request." + schema: + type: list + default: [] + items: + - variable: audienceEntry + label: "" + schema: + type: string + default: "" + required: true + - variable: scopes + label: "Scopes" + description: "Scopes this client is allowed to request." + schema: + type: list + default: [] + items: + - variable: ScopeEntry + label: "Scope" + schema: + type: string + default: "openid" + required: true + - variable: redirect_uris + label: "redirect_uris" + description: "Redirect URI's specifies a list of valid case-sensitive callbacks for this client." + schema: + type: list + default: [] + items: + - variable: uriEntry + label: "Url" + schema: + type: string + default: "https://oidc.example.com/oauth2/callback" + required: true + - variable: grant_types + description: "Grant Types configures which grants this client can obtain." + label: "grant_types" + schema: + type: list + default: [] + items: + - variable: grantEntry + label: "Grant" + schema: + type: string + default: "refresh_token" + required: true + - variable: response_types + description: "Response Types configures which responses this client can be sent." + label: "response_types" + schema: + type: list + default: [] + items: + - variable: responseEntry + label: "type" + schema: + type: string + default: "code" + required: true + - variable: response_modes + description: "Response Modes configures which response modes this client supports." + label: "response_modes" + schema: + type: list + default: [] + items: + - variable: modeEntry + label: "Mode" + schema: + type: string + default: "form_post" + required: true + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: ingress + label: "Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [{path: "/", pathType: "Prefix"}] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + show_if: [["advanced", "=", true]] + required: true + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + show_if: [["advanced", "=", true]] + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: scaleCert + label: 'Use TrueNAS SCALE Certificate (Deprecated)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/enterprise/authelia/20.0.4/templates/NOTES.txt b/enterprise/authelia/20.0.4/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/enterprise/authelia/20.0.4/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/enterprise/authelia/20.0.4/templates/_configmap.tpl b/enterprise/authelia/20.0.4/templates/_configmap.tpl new file mode 100644 index 00000000000..92fcd45a4a2 --- /dev/null +++ b/enterprise/authelia/20.0.4/templates/_configmap.tpl @@ -0,0 +1,363 @@ +{{/* Define the configmap */}} +{{- define "authelia.configmap.paths" -}} +enabled: true +data: + AUTHELIA_SERVER_DISABLE_HEALTHCHECK: "true" + AUTHELIA_JWT_SECRET_FILE: "/secrets/JWT_TOKEN" + AUTHELIA_SESSION_SECRET_FILE: "/secrets/SESSION_ENCRYPTION_KEY" + AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: "/secrets/ENCRYPTION_KEY" + AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: "/secrets/STORAGE_PASSWORD" + {{- if .Values.authentication_backend.ldap.enabled }} + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE: "/secrets/LDAP_PASSWORD" + {{- end }} + {{- if .Values.notifier.smtp.enabled }} + AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: "/secrets/SMTP_PASSWORD" + {{- end }} + AUTHELIA_SESSION_REDIS_PASSWORD_FILE: "/secrets/REDIS_PASSWORD" + {{- if .Values.redisProvider.high_availability.enabled }} + AUTHELIA_SESSION_REDIS_HIGH_AVAILABILITY_SENTINEL_PASSWORD_FILE: "/secrets/REDIS_SENTINEL_PASSWORD" + {{- end }} + {{- if .Values.duo_api.enabled }} + AUTHELIA_DUO_API_SECRET_KEY_FILE: "/secrets/DUO_API_KEY" + {{- end }} + {{- if .Values.identity_providers.oidc.enabled }} + AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE: "/secrets/OIDC_HMAC_SECRET" + AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: "/secrets/OIDC_PRIVATE_KEY" + {{- end }} + +{{- end -}} + +{{- define "authelia.configmap.configfile" -}} +enabled: true +data: + configuration.yaml: | + --- + theme: {{ .Values.theme | default "light" }} + default_redirection_url: {{ default (printf "https://www.%s" .Values.domain) .Values.default_redirection_url }} + ntp: + address: {{ .Values.ntp.address | default "time.cloudflare.com:123" }} + version: {{ .Values.ntp.version | default 4 }} + max_desync: {{ .Values.ntp.max_desync | default "3s" }} + disable_startup_check: {{ .Values.ntp.disable_startup_check | default false }} + disable_failure: {{ .Values.ntp.disable_failure | default true }} + server: + host: 0.0.0.0 + port: {{ .Values.server.port | default 9091 }} + {{- if ne "" (.Values.server.path | default "") }} + path: {{ .Values.server.path }} + {{- end }} + buffers: + write: {{ .Values.server.write_buffer_size | default 4096 }} + read: {{ .Values.server.read_buffer_size | default 4096 }} + enable_pprof: {{ .Values.server.enable_pprof | default false }} + enable_expvars: {{ .Values.server.enable_expvars | default false }} + log: + level: {{ .Values.log.level | default "info" }} + format: {{ .Values.log.format | default "text" }} + {{- if ne "" (.Values.log.file_path | default "") }} + file_path: {{ .Values.log.file_path }} + keep_stdout: true + {{- end }} + totp: + issuer: {{ .Values.totp.issuer | default .Values.domain }} + period: {{ .Values.totp.period | default 30 }} + skew: {{ .Values.totp.skew | default 1 }} + {{- if .Values.password_policy.enabled }} + password_policy: + standard: + enabled: {{ .Values.password_policy.standard.enabled | default false }} + min_length: {{ .Values.password_policy.standard.min_length | default 8 }} + max_length: {{ .Values.password_policy.standard.max_length | default 0 }} + require_uppercase: {{ .Values.password_policy.standard.require_uppercase | default false }} + require_lowercase: {{ .Values.password_policy.standard.require_lowercase | default false }} + require_number: {{ .Values.password_policy.standard.require_number | default false }} + require_special: {{ .Values.password_policy.standard.require_special | default false }} + zxcvbn: + enabled: {{ .Values.password_policy.zxcvbn.enabled | default false }} + min_score: {{ .Values.password_policy.zxcvbn.min_score | default 3 }} + {{- end -}} + {{- if .Values.duo_api.enabled }} + duo_api: + hostname: {{ .Values.duo_api.hostname }} + integration_key: {{ .Values.duo_api.integration_key }} + {{- end -}} + {{- with $auth := .Values.authentication_backend }} + authentication_backend: + password_reset: + disable: {{ $auth.disable_reset_password }} + {{- if $auth.file.enabled }} + file: + path: {{ $auth.file.path }} + password: + {{- $p := $auth.file.password -}} + {{- if $p.algorithm }} + algorithm: {{ $p.algorithm }} + {{- end -}} + {{- if $p.iterations }} + iterations: {{ $p.iterations }} + {{- end -}} + {{- if $p.key_length }} + key_length: {{ $p.key_length }} + {{- end -}} + {{- if $p.salt_length }} + salt_length: {{ $p.salt_length }} + {{- end -}} + {{- if $p.memory }} + memory: {{ $p.memory }} + {{- end -}} + {{- if $p.parallelism }} + parallelism: {{ $p.parallelism }} + {{- end -}} + {{- end -}} + {{- if $auth.ldap.enabled }} + ldap: + implementation: {{ $auth.ldap.implementation | default "custom" }} + url: {{ $auth.ldap.url }} + timeout: {{ $auth.ldap.timeout | default "5s" }} + start_tls: {{ $auth.ldap.start_tls }} + tls: + {{- if hasKey $auth.ldap.tls "server_name" }} + server_name: {{ $auth.ldap.tls.server_name | default $auth.ldap.host }} + {{- end }} + minimum_version: {{ $auth.ldap.tls.minimum_version | default "TLS1.2" }} + skip_verify: {{ $auth.ldap.tls.skip_verify | default false }} + {{- if $auth.ldap.base_dn }} + base_dn: {{ $auth.ldap.base_dn }} + {{- end -}} + {{- if $auth.ldap.username_attribute }} + username_attribute: {{ $auth.ldap.username_attribute }} + {{- end -}} + {{- if $auth.ldap.additional_users_dn }} + additional_users_dn: {{ $auth.ldap.additional_users_dn }} + {{- end -}} + {{- if $auth.ldap.users_filter }} + users_filter: {{ $auth.ldap.users_filter }} + {{- end -}} + {{- if $auth.ldap.additional_groups_dn }} + additional_groups_dn: {{ $auth.ldap.additional_groups_dn }} + {{- end -}} + {{- if $auth.ldap.groups_filter }} + groups_filter: {{ $auth.ldap.groups_filter }} + {{- end -}} + {{- if $auth.ldap.group_name_attribute }} + group_name_attribute: {{ $auth.ldap.group_name_attribute }} + {{- end -}} + {{- if $auth.ldap.mail_attribute }} + mail_attribute: {{ $auth.ldap.mail_attribute }} + {{- end -}} + {{- if $auth.ldap.display_name_attribute }} + display_name_attribute: {{ $auth.ldap.display_name_attribute }} + {{- end }} + user: {{ $auth.ldap.user }} + {{- end -}} + {{- end -}} + {{- with $session := .Values.session }} + session: + name: {{ $session.name | default "authelia_session" }} + domain: {{ required "A valid .Values.domain entry required!" $.Values.domain }} + same_site: {{ $session.same_site | default "lax" }} + expiration: {{ $session.expiration | default "1M" }} + inactivity: {{ $session.inactivity | default "5m" }} + remember_me_duration: {{ $session.remember_me_duration | default "1M" }} + {{- end }} + redis: + host: {{ .Values.redis.creds.plain }} + {{- with $redis := .Values.redisProvider }} + port: {{ $redis.port | default 6379 }} + {{- if not (eq $redis.username "") }} + username: {{ $redis.username }} + {{- end }} + maximum_active_connections: {{ $redis.maximum_active_connections | default 8 }} + minimum_idle_connections: {{ $redis.minimum_idle_connections | default 0 }} + {{- if $redis.tls.enabled }} + tls: + server_name: {{ $redis.tls.server_name }} + minimum_version: {{ $redis.tls.minimum_version | default "TLS1.2" }} + skip_verify: {{ $redis.tls.skip_verify }} + {{- end }} + {{- if $redis.high_availability.enabled }} + high_availability: + sentinel_name: {{ $redis.high_availability.sentinel_name }} + {{- if $redis.high_availability.nodes }} + nodes: + {{- range $node := $redis.high_availability.nodes }} + - host: {{ $node.host }} + port: {{ $node.port | default 26379 }} + {{- end -}} + {{- end }} + route_by_latency: {{ $redis.high_availability.route_by_latency }} + route_randomly: {{ $redis.high_availability.route_randomly }} + {{- end }} + {{- end }} + regulation: + max_retries: {{ .Values.regulation.max_retries | default 3 }} + find_time: {{ .Values.regulation.find_time | default "1m" }} + ban_time: {{ .Values.regulation.ban_time | default "5m" }} + storage: + postgres: + host: {{ $.Values.cnpg.main.creds.host }} + {{- with $storage := .Values.storage }} + port: {{ $storage.postgres.port | default 5432 }} + database: {{ $storage.postgres.database | default "authelia" }} + username: {{ $storage.postgres.username | default "authelia" }} + timeout: {{ $storage.postgres.timeout | default "5s" }} + ssl: + mode: {{ $storage.postgres.sslmode | default "disable" }} + {{- end }} + {{- with $notifier := .Values.notifier }} + notifier: + disable_startup_check: {{ $.Values.notifier.disable_startup_check }} + {{- if $notifier.filesystem.enabled }} + filesystem: + filename: {{ $notifier.filesystem.filename }} + {{- end }} + {{- if $notifier.smtp.enabled }} + smtp: + host: {{ $notifier.smtp.host }} + port: {{ $notifier.smtp.port | default 25 }} + timeout: {{ $notifier.smtp.timeout | default "5s" }} + {{- with $notifier.smtp.username }} + username: {{ . }} + {{- end }} + sender: {{ $notifier.smtp.sender | quote }} + identifier: {{ $notifier.smtp.identifier | quote }} + subject: {{ $notifier.smtp.subject | quote }} + startup_check_address: {{ $notifier.smtp.startup_check_address | quote }} + disable_require_tls: {{ $notifier.smtp.disable_require_tls }} + disable_html_emails: {{ $notifier.smtp.disable_html_emails }} + tls: + server_name: {{ $notifier.smtp.tls.server_name | default $notifier.smtp.host }} + minimum_version: {{ $notifier.smtp.tls.minimum_version | default "TLS1.2" }} + skip_verify: {{ $notifier.smtp.tls.skip_verify | default false }} + {{- end }} + {{- end }} + {{- if .Values.identity_providers.oidc.enabled }} + identity_providers: + oidc: + access_token_lifespan: {{ .Values.identity_providers.oidc.access_token_lifespan | default "1h" }} + authorize_code_lifespan: {{ .Values.identity_providers.oidc.authorize_code_lifespan | default "1m" }} + id_token_lifespan: {{ .Values.identity_providers.oidc.id_token_lifespan | default "1h" }} + refresh_token_lifespan: {{ .Values.identity_providers.oidc.refresh_token_lifespan | default "90m" }} + enable_client_debug_messages: {{ .Values.identity_providers.oidc.enable_client_debug_messages | default false }} + minimum_parameter_entropy: {{ .Values.identity_providers.oidc.minimum_parameter_entropy | default 8 }} + {{- if .Values.identity_providers.oidc.clients }} + clients: + {{- range $client := .Values.identity_providers.oidc.clients }} + - id: {{ $client.id }} + description: {{ $client.description | default $client.id }} + secret: {{ $client.secret | default (randAlphaNum 128) }} + {{- if $client.public }} + public: {{ $client.public }} + {{- end }} + authorization_policy: {{ $client.authorization_policy | default "two_factor" }} + consent_mode: {{ $client.consent_mode | default "auto" }} + redirect_uris: + {{- range $client.redirect_uris }} + - {{ . }} + {{- end }} + {{- if $client.audience }} + audience: + {{- range $client.audience }} + - {{ . }} + {{- end }} + {{- end }} + scopes: + {{- range ($client.scopes | default (list "openid" "profile" "email" "groups")) }} + - {{ . }} + {{- end }} + grant_types: + {{- range ($client.grant_types | default (list "refresh_token" "authorization_code")) }} + - {{ . }} + {{- end }} + response_types: + {{- range ($client.response_types | default (list "code")) }} + - {{ . }} + {{- end }} + {{- if $client.response_modes }} + response_modes: + {{- range $client.response_modes }} + - {{ . }} + {{- end }} + {{- end }} + userinfo_signing_algorithm: {{ $client.userinfo_signing_algorithm | default "none" }} + {{- end }} + {{- end }} + {{- end }} + access_control: + {{- if not .Values.access_control.rules }} + {{- if (eq .Values.access_control.default_policy "bypass") }} + default_policy: one_factor + {{- else if (eq .Values.access_control.default_policy "deny") }} + default_policy: two_factor + {{- else }} + default_policy: {{ .Values.access_control.default_policy }} + {{- end }} + {{- else }} + default_policy: {{ .Values.access_control.default_policy }} + {{- end }} + + {{- if not .Values.access_control.networks }} + networks: [] + {{- else }} + networks: + {{- range $net := .Values.access_control.networks }} + - name: {{ $net.name }} + networks: + {{- range $net.networks }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end }} + + {{- if not .Values.access_control.rules }} + rules: [] + {{- else }} + rules: + {{- range $rule := .Values.access_control.rules }} + {{- if $rule.domain }} + - domain: + {{- if kindIs "string" $rule.domain }} + - {{ $rule.domain | squote }} + {{- else -}} + {{- range $rule.domain }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end -}} + {{- with $rule.policy }} + policy: {{ . }} + {{- end -}} + {{- if $rule.networks }} + networks: + {{- if kindIs "string" $rule.networks }} + - {{ $rule.networks | squote }} + {{- else -}} + {{- range $rule.networks }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end }} + {{- if $rule.subject }} + subject: + {{- if kindIs "string" $rule.subject }} + - {{ $rule.subject | squote }} + {{- else -}} + {{- range $rule.subject }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end }} + {{- if $rule.resources }} + resources: + {{- if kindIs "string" $rule.resources }} + - {{ $rule.resources | squote }} + {{- else -}} + {{- range $rule.resources }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + ... +{{- end -}} diff --git a/enterprise/authelia/20.0.4/templates/_secrets.tpl b/enterprise/authelia/20.0.4/templates/_secrets.tpl new file mode 100644 index 00000000000..14ed88d973d --- /dev/null +++ b/enterprise/authelia/20.0.4/templates/_secrets.tpl @@ -0,0 +1,53 @@ +{{/* Define the secrets */}} +{{- define "authelia.secrets" -}} +{{- $basename := include "tc.v1.common.lib.chart.names.fullname" $ -}} +{{- $fetchname := printf "%s-authelia-secrets" $basename -}} + +{{/* Initialize all keys */}} +{{- $oidckey := genPrivateKey "rsa" }} +{{- $oidcsecret := randAlphaNum 32 }} +{{- $jwtsecret := randAlphaNum 50 }} +{{- $sessionsecret := randAlphaNum 50 }} +{{- $encryptionkey := randAlphaNum 100 }} + +enabled: true +data: + {{ with (lookup "v1" "Secret" .Release.Namespace $fetchname) }} + {{/* Get previous values and decode */}} + {{ $sessionsecret = (index .data "SESSION_ENCRYPTION_KEY") | b64dec }} + {{ $jwtsecret = (index .data "JWT_TOKEN") | b64dec }} + {{ $encryptionkey = (index .data "ENCRYPTION_KEY") | b64dec }} + + {{/* Check if those keys ever existed. as OIDC is optional */}} + {{ if and (hasKey .data "OIDC_PRIVATE_KEY") (hasKey .data "OIDC_HMAC_SECRET") }} + {{ $oidckey = (index .data "OIDC_PRIVATE_KEY") | b64dec }} + {{ $oidcsecret = (index .data "OIDC_HMAC_SECRET") | b64dec }} + {{ end }} + {{ end }} + SESSION_ENCRYPTION_KEY: {{ $sessionsecret }} + JWT_TOKEN: {{ $jwtsecret }} + ENCRYPTION_KEY: {{ $encryptionkey }} + + {{- if .Values.authentication_backend.ldap.enabled }} + LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password }} + {{- end }} + + {{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }} + SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password }} + {{- end }} + + {{- if .Values.duo_api.enabled }} + DUO_API_KEY: {{ .Values.duo_api.plain_api_key }} + {{- end }} + + STORAGE_PASSWORD: {{ $.Values.cnpg.main.creds.password | trimAll "\"" }} + + REDIS_PASSWORD: {{ .Values.redis.creds.redisPassword | trimAll "\"" }} + {{- if .Values.redisProvider.high_availability.enabled }} + REDIS_SENTINEL_PASSWORD: {{ .Values.redis.sentinelPassword | trimAll "\"" }} + {{- end }} + + OIDC_PRIVATE_KEY: | + {{- $oidckey | nindent 4 }} + OIDC_HMAC_SECRET: {{ $oidcsecret }} +{{- end -}} diff --git a/enterprise/authelia/20.0.4/templates/common.yaml b/enterprise/authelia/20.0.4/templates/common.yaml new file mode 100644 index 00000000000..54e288e852c --- /dev/null +++ b/enterprise/authelia/20.0.4/templates/common.yaml @@ -0,0 +1,77 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{/* Render configmap for authelia */}} +{{- $configmapPaths := include "authelia.configmap.paths" . | fromYaml -}} +{{- if $configmapPaths -}} + {{- $_ := set .Values.configmap "authelia-paths" $configmapPaths -}} +{{- end -}} + +{{- $configmapFile := include "authelia.configmap.configfile" . | fromYaml -}} +{{- if $configmapFile -}} + {{- $_ := set .Values.configmap "authelia-configfile" $configmapFile -}} +{{- end -}} + +{{/* Render secrets for authelia */}} +{{- $secret := include "authelia.secrets" . | fromYaml -}} +{{- if $secret -}} + {{- $_ := set .Values.secret "authelia-secrets" $secret -}} +{{- end -}} + +{{/* Append the general configMap volume to the volumes */}} +{{- define "authelia.configmapVolume" -}} +enabled: true +mountPath: /configuration.yaml +subPath: configuration.yaml +readOnly: true +type: "configmap" +objectName: authelia-configfile +{{- end -}} + +{{/* Append the general secret volumes to the volumes */}} +{{- define "authelia.secretVolumes" -}} +enabled: true +mountPath: "/secrets" +readOnly: true +type: "secret" +objectName: authelia-secrets +items: + - key: "JWT_TOKEN" + path: JWT_TOKEN + - key: "SESSION_ENCRYPTION_KEY" + path: SESSION_ENCRYPTION_KEY + - key: "ENCRYPTION_KEY" + path: ENCRYPTION_KEY + - key: "STORAGE_PASSWORD" + path: STORAGE_PASSWORD + {{- if .Values.authentication_backend.ldap.enabled }} + - key: "LDAP_PASSWORD" + path: LDAP_PASSWORD + {{- end }} + {{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }} + - key: "SMTP_PASSWORD" + path: SMTP_PASSWORD + {{- end }} + - key: "REDIS_PASSWORD" + path: REDIS_PASSWORD + {{- if .Values.redisProvider.high_availability.enabled}} + - key: "REDIS_SENTINEL_PASSWORD" + path: REDIS_SENTINEL_PASSWORD + {{- end }} + {{- if .Values.duo_api.enabled }} + - key: "DUO_API_KEY" + path: DUO_API_KEY + {{- end }} + {{- if .Values.identity_providers.oidc.enabled }} + - key: "OIDC_PRIVATE_KEY" + path: OIDC_PRIVATE_KEY + - key: "OIDC_HMAC_SECRET" + path: OIDC_HMAC_SECRET + {{- end }} +{{- end -}} + +{{- $_ := set .Values.persistence "authelia-configfile" (include "authelia.configmapVolume" . | fromYaml) -}} +{{- $_ := set .Values.persistence "authelia-secrets" (include "authelia.secretVolumes" . | fromYaml) -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/enterprise/authelia/20.0.4/values.yaml b/enterprise/authelia/20.0.4/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/enterprise/vaultwarden/24.0.4/CHANGELOG.md b/enterprise/vaultwarden/24.0.4/CHANGELOG.md new file mode 100644 index 00000000000..e46fdc53143 --- /dev/null +++ b/enterprise/vaultwarden/24.0.4/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [vaultwarden-24.0.4](https://github.com/truecharts/charts/compare/vaultwarden-24.0.3...vaultwarden-24.0.4) (2023-12-21) + + + + +## [vaultwarden-24.0.3](https://github.com/truecharts/charts/compare/vaultwarden-24.0.2...vaultwarden-24.0.3) (2023-12-21) + +### Chore + +- bump everything to ensure patches are applied globally + + ### Fix + +- ensure the cnpg GUI is included on CNPG apps + + + + +## [vaultwarden-24.0.2](https://github.com/truecharts/charts/compare/vaultwarden-24.0.1...vaultwarden-24.0.2) (2023-12-21) + +### Chore + +- update helm general non-major by renovate ([#16341](https://github.com/truecharts/charts/issues/16341)) + + + + +## [vaultwarden-24.0.1](https://github.com/truecharts/charts/compare/vaultwarden-24.0.0...vaultwarden-24.0.1) (2023-12-20) + +### Chore + +- bump patch versions on all charts for new GUI release + + + + +## [vaultwarden-24.0.0](https://github.com/truecharts/charts/compare/vaultwarden-23.0.15...vaultwarden-24.0.0) (2023-12-20) + +### Chore + +- update helm general major by renovate (major) ([#14631](https://github.com/truecharts/charts/issues/14631)) + + + + +## [vaultwarden-23.0.15](https://github.com/truecharts/charts/compare/vaultwarden-23.0.14...vaultwarden-23.0.15) (2023-12-20) + +### Chore + +- Bump everything to force min/max scale version update + + + + +## [vaultwarden-23.0.14](https://github.com/truecharts/charts/compare/vaultwarden-23.0.12...vaultwarden-23.0.14) (2023-12-16) + +### Chore + +- fix move mistake and cleanup metadata + - update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784)) + + + + +## [vaultwarden-23.0.14](https://github.com/truecharts/charts/compare/vaultwarden-23.0.12...vaultwarden-23.0.14) (2023-12-16) + +### Chore + +- fix move mistake and cleanup metadata + - update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784)) + + + + +## [vaultwarden-23.0.13](https://github.com/truecharts/charts/compare/vaultwarden-23.0.12...vaultwarden-23.0.13) (2023-12-16) + +### Chore + +- fix move mistake and cleanup metadata + + + + +## [vaultwarden-23.0.12](https://github.com/truecharts/charts/compare/vaultwarden-23.0.11...vaultwarden-23.0.12) (2023-12-03) + +### Chore + +- bump everything to ensure catalog has latest versions + - fix annotations again + - update annotations + - cleanup chart.yaml and add min-max scale version + + diff --git a/enterprise/vaultwarden/24.0.4/Chart.yaml b/enterprise/vaultwarden/24.0.4/Chart.yaml new file mode 100644 index 00000000000..abeaadca9bb --- /dev/null +++ b/enterprise/vaultwarden/24.0.4/Chart.yaml @@ -0,0 +1,41 @@ +kubeVersion: ">=1.24.0-0" +apiVersion: v2 +name: vaultwarden +version: 24.0.4 +appVersion: 1.30.1 +description: Unofficial Bitwarden compatible server written in Rust +home: https://truecharts.org/charts/enterprise/vaultwarden +icon: https://truecharts.org/img/hotlink-ok/chart-icons/vaultwarden.png +deprecated: false +sources: + - https://github.com/dani-garcia/vaultwarden + - https://github.com/truecharts/charts/tree/master/charts/enterprise/vaultwarden + - https://hub.docker.com/r/vaultwarden/server +maintainers: + - name: TrueCharts + email: info@truecharts.org + url: https://truecharts.org +keywords: + - bitwarden + - bitwardenrs + - bitwarden_rs + - vaultwarden + - password + - rust +dependencies: + - name: common + version: 16.2.9 + repository: https://library-charts.truecharts.org + condition: "" + alias: "" + tags: [] + import-values: [] +annotations: + max_scale_version: 23.10.2 + min_scale_version: 23.10.0 + truecharts.org/SCALE-support: "true" + truecharts.org/category: security + truecharts.org/max_helm_version: "3.13" + truecharts.org/min_helm_version: "3.12" + truecharts.org/train: enterprise +type: application diff --git a/enterprise/vaultwarden/24.0.4/LICENSE b/enterprise/vaultwarden/24.0.4/LICENSE new file mode 100644 index 00000000000..80e4ab93f92 --- /dev/null +++ b/enterprise/vaultwarden/24.0.4/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Cert-Manager" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/enterprise/vaultwarden/24.0.4/README.md b/enterprise/vaultwarden/24.0.4/README.md new file mode 100644 index 00000000000..a072fb415e0 --- /dev/null +++ b/enterprise/vaultwarden/24.0.4/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/vaultwarden) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/vaultwarden/24.0.4/app-changelog.md b/enterprise/vaultwarden/24.0.4/app-changelog.md new file mode 100644 index 00000000000..37a59b83c86 --- /dev/null +++ b/enterprise/vaultwarden/24.0.4/app-changelog.md @@ -0,0 +1,4 @@ + + +## [vaultwarden-24.0.4](https://github.com/truecharts/charts/compare/vaultwarden-24.0.3...vaultwarden-24.0.4) (2023-12-21) + diff --git a/enterprise/vaultwarden/24.0.4/app-readme.md b/enterprise/vaultwarden/24.0.4/app-readme.md new file mode 100644 index 00000000000..08d9cc8b1dd --- /dev/null +++ b/enterprise/vaultwarden/24.0.4/app-readme.md @@ -0,0 +1,8 @@ +Unofficial Bitwarden compatible server written in Rust + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/vaultwarden](https://truecharts.org/charts/enterprise/vaultwarden) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/vaultwarden/24.0.4/charts/common-16.2.9.tgz b/enterprise/vaultwarden/24.0.4/charts/common-16.2.9.tgz new file mode 100644 index 0000000000000000000000000000000000000000..c1db66f45200b3e3145055a639076ef656467e35 GIT binary patch literal 95855 zcmV)9K*hfwiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ%b{n~|Fgm~a6j+pVV$BgL-YGG0)|MrWN8iX2w;_3h%|=fHO_}3(t@9e^_0E%g3)e>9c#$Z|_OSQPSnLK0g+c+SDpVC5GMy6t@N@!0 zR-MDC_rvC&TCG;=v|8fdTCJA;x7KOaf2gU9Jp(S8C!!37 zKh&PwR=RWF$O8lX5rq^JzXxWG5)1{%Zcupcf(fObfum`CqShTdih#{&yR@`M;HC z4^%4Pokxby1Cj|!WAUq30ziBmAO@i8Vm|Gm2jo}a!6EWEyURa%;PaQo6`=1E2KhT) z%leh6s%!AcLIda^@%8rl?79a|qcB81^X7n(DFS5pZ{#ovTmpQ;0F8oxgbc6=rfPBu z06kDHmjIX|20d@cd#2huaa}53U%s_*0*nBP!WniD6{Vr;4&?6>8*@IrO8~GCq7lAN z16Hq#0E5>L6XXLQAs4y(D>TDlpZjp=Aqq$cTukNPY=XcDe?l&pV%PQ10}OcyA3)Co z*dK?8Qq_+=a0-1eM1agt7)Bm)L4ZPCNEAV$g`YUQ_c6Ex5+_06VMMLwc)uRi+9=(Q zcnd&9Ev?Q3V!twk6g%n*2YVez<~jhwIdIVkMjitX*z*7j=YSEbXxSs=J_^c$N`@oA z5K`oF8tK=jN}6i~^G#5Kw!F7N;LQOZ@otlcQxfvG*$K`)t8Ap!Co z64Hw3@eB1;@a}u;<7qSnK5PbaZ1@cD!NEA_4ij%&4=t|6IH@HQg>m=elBKwJu- z?*hJG%iR=U-|-?B`(xnv!C2IG38G@|%5Mlz27R{zJ>nw)qXY!d6VK~`5%ef3l}3CP zL+AcX5`&th>I{vrj{xK~LO4dJ9;EaNP7z=esE9U1AmZfUf(z%^{>M{VDrD9E$5V-b z0cSTRh9U^b5COiKmw^0nD>im60;J2T$qo7;VZ>}H=Gv=tKG^*R2A9GsTXk} z>Y|^)iwhK#A>WCyi(kpg!OTflyFq-kRL6svBY$h!rwaE!o`M1X9m%5nuO6t^YVUBm z;K$QjU2x{G1qJ&bPY-$F6URZ6g7?G~YY7xT#VLx*4OyL-5NeA;EW4a5GY)$52 zLf{l9>odp~HU`H%FsoPVwQBvp=ma*}onEu!HX5ikJc9Lh>$rYAJgOfL-EQNk*>2Xm zM@{6w<65_K+-;zvk<)3`JFVm4u#2FJy4{+4oNOnEJP!oK!wyH3|LTh$J#aC)BCH=G zihNco2~nH zMIPu9V%o^hd~#p_huFgm$NN2W-5&U#f2v<@NX+EoE85BBWl3-4zjD!#GdUv?g#&=q4hADe zrjTI=dfwbrfUXNpf4=_p>HrMRZ$Dg|iGSbme}B6E_3HfQ0Gyqi-d%q@zqz?MJ2&-g zG{N=NVNRHqr&4}v7=>+;?q^IV!&-wB_rc=nA ziR7v%2s|`JK7*d9K@Eq{IdzyPf6MuJgD8nYu9Ph8bEu1Q{5(9xdfRh?s0UiLT5T$R zPSI2>Z%1M;4$*HBqKTsQRKa%bJua0@LsC2y6|O#BoL!vUou2dudXt8pr%+erlGI&5 z+km(hXem%DIp`Am_ZHht2xV7@J&^D|`LfU1$bNCrKTW>i>xl)4PGHC-F~0p=#hZuz z93rtJ>cKqm9^jmFi0f1RPDx`w;gB-<<&^j%JeKqzaffW_-**Y4W*rcFQxBBuWrgI4 zhap9pEx1%ZKpt`!Q7hwpG(@3~7@~Z8f}u0%fij%BotEMA4_xA91R#GzLWfJpW5QWK z;LD{Lk~0)|WX{=8O6>y%85%|205NJQ9=uQTuYsr=tH2~69vRQ&>r>)W7DDVZjW#15 z3bj5f-cV)^F_S8#k)h?tbDSKD={pCf)d`i&|vsR{!COOLqzQc zvhwk=rsMvWKYs?*kJ6;5l$9#)Ks6vCqv}tk@PIF0$|)d$P%t@=SIeL<7>*GWTIzp{ za=f%@UOe4wM*9A~yPJ~j*XS&Bf*0$7oTyxl`XFd({CuU&Oeqk=q_*`PjtZiSSZ)xv#7p&Jky@$C) z9g$;*rU9FuVJR4i1+)*@qz4XVWm!@Tlw2`{@kPOy!O$aP`p5=mFg)bdl|+N2%(W&V&f%wX0fj{d49Z}%V2f)1P$~XT6 zdqf#Qb#?rk-{b$OHfptcrPiuCWLia^;56`1PnqkgTrjHAIjvVe&41T5y~ytYgT{zT zLm2wRT43)w-3ss4h0jnp5`v&!ud)S&X@n6a%W%Z%$H%Qott}7>kvoB`$3?e#wla*^ zWPqqR{nPINU)w?{9+oMYBK@-*mk1!G4j+LO93Wgb6A%D)l#_!fIIi$6g!n*<}8C0%$!A#7ED#Ek%|i$90=v^`Pu^@ z(+U9h*ym%_*ELk*;3wYPT1 zG{9i?yaNWnOc3WPo&o)j0%^)1!%oE?(dWiMwq%BHN?fjOj;MaYr47WV$00{g{xahz z+EAE_zis5{boe63)9LUD$P2b6LRyoby%9lC!&l@UxXgAX@h4- zW|;3IrW;l3RZM~q&rAvV!+hHVrvfB69bEAJPV8*N2VB0^W%ynXK7Wz3No=_l$?MdI z0iBSg3+mHn)j+jG4L!6mr97Q$G^{-#S4rpcuq?12C~_kj3j*yH0vd)+rJ1T#l$ z?_66^XS!p=0Q49Nk-Kl8q_C9UT$#a;l7c$3@&An+hFmZT$rKDuPcF}`)A-UJxb{8i zi58*}3dM=1;8*|SOdENjyA>vxNyI)GZ6s);!rChz%5!9N(K-4h5G7V4xLaFV!DA0r%&{pu(t4xh> z2pv(5|B;2~Ko4bxSHjKxlO*9{AQ>GWdkhAERQFDj@D#Rlnr* zkne&@>i3r~CEX7x56eT03@tOQ%dfhQ-E?l7=EW=CJJ5ThAy~d(Rn8v?4Dm=TwX%-> zV8bzBekM~?*tr2hU`j%HkpAP3!jzZj-H$&4$iQp(BOHzC%82h1jtB__xV z4nUyVCO*Y33blhE=b#vaMGYR(fcTVzYI@?o%kyL^4R>6c0ha5m^0ZR6jgnzIHFfv) z_DbUa?d}f(+z`URwRC8d#rF18v(m3gI{GQ#Vw@f(*qH#iVhTS(;h8o>V2pee zLWbOuEY7>g=TpkQ6d&A*^Ed38Q*C3HRKF*LGV_gu>hC~EZpur}mf7^t6wtnYrj+qs zvfe23aqM&;=6{(ZTvq)(h@G~Cm{XHvfLX=V=qE1@-MWP#}aQ2Ror-Q zG^@={wWhr{YL46N3>)2%GjbaB;V~R`n@6yH+=54_)$O9=7HTy{Zr5qRcB9=q?$q1E zVZ%9cpwn=>ZM4uy!$*ux2w|(Ds>>T(Yt?!^#uas7qtiHQwVU-}qg6ZVv|(-7th;sR z=&0F7M+nuAI*sn}v2#@K)aotNa@xmEy;ZBjA*ws=g}5?^J+UXPima(%`NgywF}6pw z4jMsc)OBiYw>fef&JlE)4m|GEI-~Yct8-jyG)CNG};8f>Ct=+>K^dbj1)P@_9q z?EXSrr5mn_F0WCMRSd$dYW>I}Z~OSDQ+FEOcC&R{JFeH9+R@Nyy2Cbtwc|#!bz2#uO8bi5Ex>V%LvlT{H_ z#Wkifw!{#$>((KJ9n?5R-JvsTqUNaHghwN%RX?gV9e7k9HahjzsM~Ps^~O=xfi2g8 z!`4x|Hgt~{BYGbVk;A-I5mm)4UTs*bK(o<=!!CqP)OFBN%c(V5?x=h0)<(@vt8vtD z>h)&3b$r}7J{q-KL)3sSYIWMRBUrC@oYrt5rVnGZ@(RGqY8>m;T8v@6+i4B!!(sP$ z*mj#u953AfS6Tu?HF%s&4Tq#)9D^HJ8pM4Y&AQu)i@fp-FAC89KsqJcAG=T9Uc#z zMy*k6by1_;Xby+NcJr9i9Ca4rJ%u5L?(lJFtID}pw~ia|xYIsv*XwSxadb3<$HPv$ z*%=M%UAOKGYt8Ox*gWcX`0R5>BiMF_&al?1L1#ETYQu$Chsec`B(_r4aUo?E#4?7IU<8c0 zkk?cJ;0T%+$BQL2QMD?v)~axA=hNg0TOS=YUF5iun*!gQ41G*WKU6BMFqX%C#l;ahQ0 zN4n}k*F`QD(4i|rIUsPchzW(^9NeQhpm>Ts7;;sFL;mv=V*k$?PPK4MwWg48#jwIl zvN2EDs3kY!jQSqlE5m|No}?3ot_fZXtpfYX|LFh-lga@=%&AtZ`&9+!LYN;y5!xe^ zWHy05sB16>V9HyelDbfOpU0m?Eg0S-7eJ~}s22E@s17SwnA$*~a5&Umttx-#-y$5Q zJB~gD(08RWDNU@Wm}0*zhXdkxZ46~*$_Z02+$f{ zVaJwq#WYp}ZQ|&0x{(b~@QZPY1R}EcxMb;~mSH@O@Y1nFoNG0gC{0!PL+W>29aUBG z6y81YKcnJWr4?6;|5|1-Yf^F@JD!j>bBiyQb^t$t!d#RX_7VvzK6D|hOvSj8X(kCv&i9f<{Yv3< z#Xdu0?OClIh*8MiLm!S&nB$fhZv~6Hm5OTyg|3Ze_2i4^0~(5m3S?Dc;XEM18QgLl zt>hM65__zg3rRr1kTaNxE_Z>TNhY9Ja*rL53+$lWG&%MPBa-DqhK?$HndL znc1F&YU0`qMw!+sVug&nI6ncl=I{(#*vV!Z@yk^oYqQ-0Xxyc&E4 zYKf7rBA{lK5}8R7_0&P0^+s}u^r&GB`{SN8xXT#ul9M{M-_Wbswmy&nJkf8@S2O){rDteMC z_cSF*0O5eup&5rH(<^ZCSBkt8Kp!9&dR(SvP@awQ{SZMGh3Fu8wx&HXA{auSA*ED6 zhegoy=HP*Z_d+Loi#VE`5Gsro`iEl5J0gIM>qz1RHsWoFeT_tngT@Xr=WHqsM??{b ze2??soJ8OO`hqW+RK*|zA*T1GJ@7yO6Qa>S|M}Xa3z8(SzyMb%9@FamkqBur@(Dep z0dfxaRKcn*qrR{|Rz?5R7|rU?3ns9!U#MsbBCnxlit-DUOs%nqlEO<;eftPK?CP*D zzz6c(P5<%*CRCqPNhOH<=n^{ng^{NgK0aEU zk_j!@wx{U89chx__2L-EG}s|@?vd{b!7M~TM8fj5M~9vQIw6tgau%b=XH~N~sfsao zNch^o#?_pTbdW0~0; z$9{@>C?zHfeK@g2YZ-v+)(NdvKPrawuv7|&dxmKki6!W5q(zOKV5iiYrrbcac>`SP zgio=HkbD*EDe~AG`mkDwh9nkEDNGkN<^zFSIy)*;q<7(Qj`Z|!bvynqstd6 zSuDqSRu5}krWiBu5SohN)#l&6d~-=2P}o=asKQcRGUBD|t^AY}eudCyy%NqDf-#&B zL531Jab&hB7fqq>mJ-QwBvF$2b2dwp0ETdin26(+KFPu=Dq;jQK|+zkMtu{ipY(h@ z{}e!9X5F)?EWW+PK9}6y3peYF=@hvbGF?RYE$i@f<(Iby`UVvvF204%eH092|1XL3 zSb0tNtJVTCjXZ_}4_V?OVG|SrB=Z8iru%xm9p-@p)DvqjM}bQ@TAZ384~2vaP{OHj zRWkt#62)g!eZbm%ai0&WrH!8m6b?Xt{R1+n%`-~PWj(TduBJ$ z7%3dX1R*pZ6d|iCRqcu3qELgC3GP(uwsZC{a_$k!CA$0~lW|#O#(q^B$la=eBum?n z9e9d_ek^^?pitvGEr5K7aHZz-1PmkJmHEE7s4omGGZf;{TsYQU4)~tvOF6_66;w|x zy6Z+|lL_B*v8(Csxi}R2#vDXGr?8Ymq33~*g2zRyQihLgVM%r~uWi{#GgVi(MK$96!O8GVr^R#Cbkd>(ozjB#G=9>u=gN{e>!XcT(3p8JbTqGRvI8s`5JJdlSV1$w9%56)y z&!*QU*^ITr?(t1_Y=x}u0YIBSkLeoB8q^9#3UgOiGk%%c;( zznvg(ab|`l8XB2I)08u+_@>w&N@xEA&Nwa}DTPafM+g&+JW2Tf|KIyzL4 zhD>~KzHi}fl}TW%+S9QG@rNK9de}+!*w*IWo%Z9yMOj-frsf2ua7tS)0TwDLX!5jr zl(4^uwOVB|0a#2wHW$$W2nvl@4!Wi$=iCwYQ1vxOH%*gdSVjCnE;wTMxyONRrL)#N zKth@Gam1S!M*xF+9Nb_Cm2@HC;=MS9hx()1D|F!JEI3VtG? zUY=E@Q!<^3Qv!UC^g^m=EXCX*I!L|u$e6}%)zEdN3Cx3IP^oCdE4-f-=Fy7W0%J^a zyVfi170HSp6M<1r7Zzu^@E#{ECgb~JaWTIQOI}QihyStHSy>xsuxSBNzn7M?p|DUg zc#krIOhzcJR;vZ5t+Otb#wo37S!B#0}REjmTy4U)9=EX=m@A2BuqePQ}f`26` zS-=^xP&Lu1f5~B`TxQSg%JS$uXIB;Z8N-xmGmZLnAkdAK`h9vnTwjsI5L$WDg;$ud_0}v2b{cV{a%gIvON5r-4@Y?;zGSE_EXH~~B$afPC7!?(B zHMLTWizuoY^m?Fe4ARsIVW86{+aHoXTGH)FnS&GkCsV{GD55t}oG~@`K!2=KUw-~# zoul&sl;-_}=ffWGFlA!V31J4%mF8v zp^&TE6D<{ITa1s%(rxd7%luYlXF)_YRMW7k8N*a`iCe4~=LSQa@;64ElASV`#=hUm z<3Mhi6XZ?hX*;#`JQ6ChkpP8U>Y*k5mvI9ZmoGqIBFVKttPAqre52(%nw>NnilcR1 zssv1-RQ7Wr$z$Y#2P8yqz4ga9rPEP!`PH1ct9WeWDwB$ALpUeRl#Y;H*?>Nmc@OW! znZ92ck;u2(oWRhnj3D;(aRvYT+CL9Nz7iy%K*J>H6APgQg>QHwRClBnqId+abs@z; zdjgaY{y6D`JSJ_9!Xyawg&Q&9F{e!AyE4#R-^ZaGG?qcr*J%_$)6QxuLW|d?B7kv; zRbe_FiCiBtJVTXWTm&~+YGv3cWRMMk7m9gAgxL7Ff`BChsra4!#XDEaoAL9z~ zX_XhH#ywX{Z^%`4SHaQuXkP5Z4_#OJAuegz_{DteU#aG+;DW8tGzXn-+={{Gvna6L zI_wY%-WcClt2v$-T2eazDiHWUN4OjS6C1+UA3L5^Iwr};AwHXbH3eZ9$DJb=xF`sb zBSNy{-CZ|Xim|=bz>7j+WXXK$%Wo!>ANwN`J1*rw$-AdZw{QJ5^vLj#iwe>-aDPM( z!^p4Fi8|U<~#j)j)zC~xJC`02Nfg93Kv`YBgX>Ca`M?=m-~%GY{)0^9UqUoAS9pWcb-VJlb{Hvs^!`cLA{2`DF zC=!ARQptVxl7qrGNQ;ts5g$tXsoOIpt8|ho%-@8F4+$5W6nI4l(VZev_$J|_wigqV^UsB$BYjzmkazXLh+p@$}2$L;gPXOSh6GHTs!A$ zA`Xeq*Hde$=A&T4H%o(F^PjTDTWs>ErQWLlyeoc!SXQf!IdJn4fZru&%Cc49AuyYNf(OK=aclKC=3oLcsb` zRw?QZt24@5v{waNyHF0tK%j45ILD&mL%wlVjx}J*}&0W1b~av&_YG zieK#=RbSLbLM9ZIa0;zhoJ4y4>|8Hy8!Wg3Bb995`XG#<^+vN%m&CDR(KE#HO@PfB z)Uh>-JjZ+4O7bQb9ZBg(PfCA`eeLI)^0rSz3`*u!F}}n_)#5;3kPh9|wNvI@gWwwR zw>JEo_*-+Ykwsy-^GVB{TBxma_ryM%^(f|hbqN5S8Ees=pvyeVhG2kacLR~qZ8J}a z%VWYz!m&MJs1!ki5LL9OMnc#EQ3{C zTO*;TKN*3(`KY{&4)k7ZsNh2p3_+a|f^AYUAaWf>hX)}$l6BTHPt7pZ{v;P7WvqSMxRd6bfEvXn&5`rjj#ZOzm z5M!WvT8*KGNTe#{ATGJI`!mfN5N_ zRw?x*-jY|F>GoPuw0Y*vbl${OG#&D}JCbKMzGDuz%lZ*Y*#qT9yYmj0SHS84dK*US0eXW~ z@v2m0UJ1FdaoX3oBx7$cnA$?)p4724BIZg(8RMl*>;}Gd<)V4_9(8zQdt_bgiBR)a+4yG0n3MO!dzz`un9xHi=?kMv3rY~T) zw&qQRd4R7W;I&%l_JPP1T?stsAn;nT;Jy}R6`~&mEZM7`1t#wCfQ68u@%*dka}QwC zXLWBXa>47!r%}Ll94-!-rCv~A3jGLr;B{OeHdLQW8CsmJCvl~!)0V~n>_&Q4>#B;{ zxiv8eXK(1)Ie3y!w&$9tZajuo^LFFLBTMy8f7ALj3b_JS(6pGCF~217wkMYg6_i5fA7-HJ3bY61Q;@W>c=XokFl{9NJE($NDb3`uwZ9$?7z zfCG6vW+-<6Tr`Zv2Y`j~L6S$tmmG3WPV@u@X``xK;Z9G~slF%1+VX#n*SrBz*Td7^ z;bHPLSoz<^=A1(%Umn5$-hfYZ!onMjXdFGu29VPR#HN1yVXMV)&ld?bY7 zL1tw~V8BO#Z{*T4DkroFcF|Iy*y_#x9;bD>NH~j{kS>v)F0a+Z1;^T9jQFU!up9CD zZ5E=;B$V3~M_xd2ARWVyxMf+KxaT0@9vBSxATwTW=t2KpWyn%zS9*pd$TFN83l$aw zy!vo?S&c_V-Egb1llR{%70DDzjI?e?$=!qhz62(1@#Yv!OZ9n77OMjmi@ha;@#QeM z@G(1kt6ij>Jk*D}tjPx@Xpeo&+@X#|dRli(6NeimivcTfHDV$Ek+SM=Dsfs2{`)eW zOX&3G{N(l=od5my{AzGjxWzoXIzgeRhjoYoqCpSbVkr=*aorls<${O<^b7^RNdCI7d3%0Y&MASDY4Y~W^$~s(C3ABW6WLd?`JCnqsYU3f*`#YiDuYk=EhEwP#jRI+`67UnIf<+C? zFoaw_Mo=ZfFe{fa$XCG!ibj!_idaj_qcRvZW;sEiQ@(y*iS@hx?f{?}@@1b$#6+N2 zoC`EzM*(W|dTI=rBDxocKyjkUt_Xft1ER-D{xo-{n-=6k2?k=I^I2XE z;8oJ=W-paV(gYkCk0Nb2(@y7!v@!8q88qWfm^Q0_m7yTHdZ^>0;&gsA#}eV07Ys*l*=UoEPqLBAtp?4ceQ)1u~GM47tkzHi^n zVg;Q6+7vEVg1>0<0Kngciai#p6qyhFTbrsBE{6-%7|B`U)14;=< zz7-hs7J!P=2@IH!JQ5I-QMfsuGC0WB14wVlJxX@X90^^eGYDGa)&oP249yqpPf&>2 zPa&C#(LXs$#Wu)sThPHAf{yRed3?x}&VFd!e`C4dEi|dBbtG$9RS6>U!!y91xS~t@ z>NtrsPEnvO3f}wxP-0%%{Tca-uF24uiUJ;mPk|q@1=EAhsLPYOpA-+<6;Ui;+k}U5|zwhlYCw51EN6<(TIfT zgS7BI24vAb&>z1gk?-UlvIT^A_8D8HqOAcY4ps#W1>>QDB5xLju5iqk6Ilz8qQcE} za)@{vGGh#tm)_g0t#>|?IEB+ttYA$`ftbQicQO;i9bX}Opj@xjYGtd0TD9*ues|^o zNtalDXc*g3j5CHEybpaBM4?ByUJ^v&hC6jjpNg~Mg*7Mv<_5W##?Bh^74Jq7SO4&? z=j7t$$jQTyNZIDa%@rb{EY+ij`FQ(;A(dz8!_DPD=MRaUIr-Li_Li#|G2&v9;1Qz9 z?Bf|k)b*{V+j>dLl|U3V)GbWw(?eCvrAWr%R}~grDz8p5_{=0zB#;**J%R+X;)*1Y zg}+V`I39NHCnOSn2WwIxuDco`;__c7EhzEA^{K#X<@TR{I3*%$d|myNo^vM=oA4Q` zL;uUZu)<~N#cO<>l)6mDx=NofaWaVlkIdr~fguu!tV^QcZQzM*{)g}RkskerItv6n zlo6cvEtrRQvHNY61>V|i)M~X_r`7sFrY)_d|7|rJjUVc*cB@`%)EkZ35B#5I{RdEc zmL8{`h%y-dPCSy4&*#sFKbCard}(A9kr*kTX5yDFls~)5^Z^b57B|nUiKC2> zhLMuDKM1dO9l%lg@$k!+(&x_=l~@s!nNywBtCAP1qPeOaLQ_%2UnQM>LGKOUv9TYQ zz$0^4xr9TjHuEN{%e%1i0KZuiihYfD>N@mneYHfH<_~`aCjno@GtT4*KWH6c;1TFj zAV{c?kBjx*nBiGW)2gXc237DMVNw>ip~p1gq>Lfk_lCbRS>$?ez!Bx;S0Hoj}@`ek3~JwD(3?vEoYdZuVDn=3I%BI{ufs z+`jk5jG7LBNZqs^7fy|0ei`lC6PGE(^o{fyOhU`MjlQ7!oQd2l2kCxT?6QzIbt3n4 z?*!KBW0qQlaEit~38|c9mhwXG(f8eFNtn9)zOXelD&-`_^XMJJNb^OKIg<^nH$pm? zWYrPUQ6ae_q&}`PLb~085lTWT`*4c1*|VJNz3QOq;+alZYu{0jxXbMSk}*H3znZn= zbmYwkA@aoV*v-7oU)Vf6lmRYPaSU1=MV`n1Due2NihE~HpEtY;-&RHZk^Mp7 zY{OIQ$lU>WB`(_Oy-5+RDla=L;>y?9chM(VxhgN$tL>Y7Pi64h#SW8%FURyLb3DqX zGy5yDZ{BcPPzx%7vOFb}wG2uMRyhSViA(-yiBP6$3?QfF$j@y%JE@BPerbv7+j>@% z|JCOEDDi)p{NHFbJ8Aj9*6!@&|7|={{!dE{>40P9iGqEKLWbORC3sufmxGC@6 zvdYYZ8RxDz^!1(xPrJrTNUVA zcSu{UrwUi&tEPEFBFQmk^Hbt8^hsEC!^l6OA4J?wP5+d+O5@*G#J?fLI;;v+3VQzb zC+s0QrwmQ?cjV7{C2QYRG3$$Wb6qH*)Ii@g)rHUy{}TEsP=!;4zI^E=Udpon0l!6r znK~7KxVB+!Y9oj}P*&Hu>69WI;GqPda|o!Jmls#M%H}65SPKbZiYfx$AAnagLB6=d z_okOKyJvX~fB909!Syl7;^uitUZWzoDi5^ySgurrc*FmE67!c;ON9X9h(yR0HKSle$4r6}u=D&RZuXnoX{lC_(*LM5=HlAnP|1}FO-u+dY5Wa0xz~K=4 zha#_B1ymgI5A_fV0QN`N$85e_Sg^N~ynWpqcjRut@@smx)ICvq<#u*F02~;=A@(rC zI!qb5Zk*2K>iqWZ0do%jp00+D`x9&SU1k8tV<|{(PP(h>O+# zl&Y=j2u0iI`UQ?XybWyx=<}j-GTU|mUXu|aW!dw&Vdk^ZKo?pQEbZ%QhJ_U^2Wwjj zYaqzEb$>rJ8i?f@8 zuXN^!uls5BJ_oPdRLQotSO&{HBr}DoR^yf~zaAc)MR?3QkH!RmpDu3Be?7UpG=r#L z++BaTeS7`k>g;at;qBG=?LZlK(ooap3NyEC$eJZov&AMEK>&XiTZ{MvR&zOTCfhsz zaX+O?Rr+Sa5~B(Fx|?@IRBJxk<2b=${t%YWT=Gb{h?^uMh< z&nW*X?paIzQ+58}@}G5b^xSgXCimaWKAHnkGljm-XJH|eQB6Sp*uT0v`EdKQ*lAzK zLe5_jGT~F(+6TFt>gpma4rVQHk=T(dUF!YXZYNi~%{21{KxxR1U#$ee+Rh6b)l&20 z8%;sbVqZciyuK;ZTsWgy{Mt6LF+b94RS_WbViXOSCTmIn3sNUlKk%J1(| zd3&L_-FpMdjMD(&(P$ zeTB~gWBf~#@SA=X&VO^gWyx5H~+WsnE8L3zDjfh8ld5ywRFI; zsiyqxzCS%M>GT-U@K9XKB-|ejsfL8GJdJSy8DfH)D{vLEv6fk{)zXTl{c7d22NkW5 zB;Q(okP5=G!;J*hAFU6U1g8%W1HXKDdww@KKfO7>73q#e_BSe$g{j+n9AsVctg}&w zi`F!D@?sh$e5OL^++%-SE&a;nH|v(k=nA*1630Pb?5Qu*Re8*WAS`^dJOt%k6VQu7q$a95uelxESv^*{ycSEuJv++N78=5FSs z9DX~v`!G1a8T3z9f)X=*8p_G(>3RS5?(Ax?3Nq$O=&V*yD5J;Ki?4Gw=$I3gpKovb zcm12|zyIUz@?vm%ekB8MvNnj7TbK7%o0f#$Hh3~rb@{acdv-p!y}Rf?8LoYWwgJvL za?rlhXNpg3BEE9lG;sd++nbZSlbd&%Fu98BdIU<}?`;~pJ-N6XoSs~spFKyr>gx2E z(fOqN<@_IcWZS9StE=4F5jn`bo%cf*_}02xAvUDT#SiWAiUlW>8JE7u}#C)pFDDp*=-8H*T{ z>pp^0bOTmIxOr8~cG-sQxswg9&9755v23L=H76x4a%vhfCU{E$Ne#vu>wHk`Wum*~ zc!c(2QcegJl}h@LqV7q|xQ3bt8lDBdh#S_`fZUank%5hHyRPO->zn@r29)L&;p z9(?ml-j*qS_{OnA--}G^n4TM%*I-0E7loUj-V*K>Hj;H&Mc`#ig_~lBuWo6Nc|e*| zjDn&Decd57_4Dk7axg?gXE@wAF-+SzB*|JlmT4HP^*81|%e~WPW3|pyzI>6vYj3$m zBtCK-=$g;6WCk(xTW;s)0RrU*9HMaqL${nffHn>C_7HOplLhly{#BQ-n-{C{5*(Dj z(IO1&B6)4UQ!Yz(%L)BC2KRjhZEWyatpD-RdZO~TT>tBK8|}3I*XTBO`rkI5qWE9F zpu9-juU_V~Y|4x2t7OWB%ZZf+G+&-oB1pX0Bm;nFfuBA3jxQ~x>2!s%%#z4o`yf0g z;@8R;D!~<{3XGFaiehCWC6_Z*vuj}NakWqdv9#7@O6VdQM!}&dV}%dKmw!%SkS3)0 zunH}$n8JnRjDaqrXk4-!n*+*u5FSlfOKW(F=C=alDq35TbS|-jZ^b2goYKU8dJ8qMelbmy=GG zTaR*D-CIbw81TAu)8KPJETP)rkKo*=QE2ks8YRQNW_Aj(4+7%Kt19tGWjwWWOJoyW z2;WyL+eM)lz_M)T`7NxQ?>xWr*<~r2NW;oBVf9v>tt?LYjDE8;hTIb|Ed^LZy>g0< zf@sxOc?`BFQ^y+FI;z=9E9U4B0#a_{pYu|N$EsM_QmR)X;o*vPWb=6}bCQLgM;`hio?#D-(K%m5)OBt8Txqf6?8%3-i`%uN8>w&UA zVryg_0pOR5%ge#97q_QB_duBwt6UiG*Gi`&`O9X~k$`829c--@JJ>3U9gN9xcmDU& z%MWMgXIJO9zh2+`GPt|we{AI^0hzVZX+YMBwX}|IzPVt_B?RjfIv(efVo6%rUHs(N z5kL8@KNBL6kIjavHruhrh2|83qUMqL;c62eZ|C$8m|rMK4^WUvfg#Xp40O-U8(0WOg8A3_R6pTy;@!h$Gn z`YOfs_-vNo#P0By^`JNWysp_@j`r?$Pxjr*C&o7{rUF?wrJBdMTm1;22uJtQLKYKY?g@|9i znCNz)bOs)Htwao)a;{kKto|mX4`uhdG7k{jf zQn>$z#Q!%LZo>U%Y5Yg0liC04?cM#)TY2Oz9}@q6k>N&mf5|sn+51IN`CIP4(o&_b zn^&GpysqkCb;W&E_hBQus-xtNS($kkeaxnhpZwJc8djy2&k{Kk*W)kLv9C8b2$}34NZIKQ|H(i=Pe5 zpbfSZ5O+&0QFR=ln_D)-xAOp%K{+69S--lHS1em2LMJ2?ulMujN^*d=w$|v!UUO_j z>}gYPfE-lqV_^IJstb~4)CCLEiX*%F_^z^uZM;$RiJ{Pk-i6OlID!u96E}gyqZX3q z!#7Bww`ir0pBGy5^^;lqZM;@vX6v=y7VIJ`Y!6}`c+_a}9@$9No;zhgk^U$1SM<#S zMP-Xl>atlqc3V2^cJ$Zn=&oP2-nw<2HLb6vC-o6XVV71@UrI&Yx_bI8six1PmcF1$ znyZek#H;F+t$}V^`|Ny$`RaDhW}ia+-)M19HvlZv|2wU;{@>~D?tj|KBlUkX*x$DS zAm-^6EdW+eUcdxkTHmYE zc4h#uGXw0N=X#3tf8@IX!JE+jSBU>=W$yoLHh22}RvwkLN)GlWw13Sw+tdB2Oc^AU z{{wl6l1NyYZv;>YhLpu%MMFT`DNDI}mN+Xt6!cqA&NZ?-)qJO#Z&x*sh7>V%%K>!V z5K)R&)QZi{X6kKFOybQ4BxLL2BI>+^xVCKnA9&b#>J30k^Zzs&sr|p(taW$$|2Ce) z{x1f5lR|(1_+3f@s%INJ6)@X^T$FC-fxM;N-U_Tw)&(RN{aGuW6ttjLA_0p1;f)AZ zO}u)Q?SjsDoEBbOOdT>q;kY3qO-P7;Cq9E-pSULxBO)*5^W6X5s%7&(c6RqaZsk$=A1&cdNKuFaNC5;xFG3r<8H!4o3x)_dA%YCKrHG1awMC*E&S}8I!w`n^Woaa(v^5D}!sH^8 zgkSM(tT2%)UooV7C}e`_DDphH6;^Ff{PjivO#-Ol#6Yd@^70cQ^Qp{alK`et<4z#` z1dO3PbF25lcg{UnfOXP2x9JdcKNC&!@jEfMIQlX~DHvi?Nbr zaw=EjT3mbi@0 z@K2RlpHEoYzHFJ|^Nq-q&q<%>k|HaX4~*dJTe14yppnWSo8w}}-^-~XZp4;sD_8Ab zu#7p` zlwT=+Z&hllN{EHnvFOXS@dTcy{SO})_VDjwB>E_Hkk8;4>F!m4yx#BzQ4)m?Qj2@2 ze#Xbgk`7J~nK!b5lNk!(7+HYqx4;#1c(wU=+ zEZFqT+)G@E^i=Pwlw|G`7E9)~Efo6?Z~B*z{OfLr6)5y2hf0Z8>J8b`ye6 zL9nP)AyX8<@nh`fxxof1Q9Aa= znbQC@3%`YP0EOyTc>u68+kd}i`$Wt^@*q!5Ua?2Vs!jT>m?z>eZ&6j#mvs98gpr3V zbk+3&lk{QagiuCfDWCt0o1TczsaE(iVJwJc{s6KGO{Z5<4T=k4Urnl_OmUK_S3#91 zbB{jGO_xn=y>IluDpQ_VYsvu$Ss92Uj{KBXsl-sc&w;)qU-UT;sOI!J?yEVB5t)Hi zjr4JDKSU$^sk~nZX$YNr!5 zqrEh6IdcRc;F~KRVFxmFL1~0SfT@zkT!7`Z(GL^iAVFj;{J*Ro5ym9 zy@#(-fNrOlCU}neI&^u)=&OAM0uC`+vsz!OX$VY^kN=O8?9rSCGL0u z_AP5wt57C@!}_LN84~4Fz6>CB>mM)dKo6awkS&324X3EG;-D6`o1F}mFJDv!@awbd z9{6x;-=w(&rKcj}MUT%AdFjs74|Ot{#yLHt{l>nM!usMYANc zWwGS^OwFX+MRwUj_FY+#itIm|%KiSs3i;n#-E{uHc4L?SZ#$1zYBrSn{p-v7zIx90 z7s~g(@m%lUNS^myj`y8z{gub_Z!*98E)aef2)_%2e+og9 znEdgtXgDF{{?s-Qt*aO=i~njiQ}=&08m-#y{C_Kt(DmLg80<|bhKrc#Wp4>x)bqs` zhc2tR%3Y$%VB}vfx~$f+8%Gz`U;7f$#bf(i_mV<)iYfmyL}N^uLOy-qyr`$&f|jiC z-f7A^O?j)D@`L0%b62{usH@lM107vD=`30-mno*!T{FK8{A_P?gt45V|IS3Stvp5Y zpK{|lVGKHxDe~DF-vaPs#J{Eae>&ZC{8yvV+};1Wl}CtlS8}jHJlY^0?o9}Q3%KcJ z<-dhJUn~GFt-6W?xD<#ynV0qD-?}Q+wu#l`w1q?PTw)p*$Q&P69p4!xB(tkxY`z7- zY~ipKiEB@nzfvN~w=0cpNV3`rJ+^Qnp(lBY&((bY51_wAgrR4#J}ue*`^3Y}{8{t= z)SI1lI{#m{+1cg)*~%m0zuzXJysdpn4!=5UUnyc+@l7BqmY*fyI>DN2hF&M?ZYBsj z3o^D&KPntMLBdr6vlA6wC`3CuDA{1`Y?;-=wi9B5gz$(^?gXW>LEZV1M;7fI+2dsb zxbs+L7s_2gpIuOQQtAkZJFqSoNQL-XUtF{sg+#GhXzt z+|eP0t>w#dlp4>iW1B*?TrNOPrK!tdX}%2T3|Qtf`Yo?S*+hYgvhf$%1OH>+a4g#n$l9CgsSfxjh z_cHMX2gB?agIE;@Z$0AN7k{Zb*bUS27YF(VurRVR5~%XA{{gQkHt{5=!iLZ%2L*}f z7x^a74Shi+;fG#b?3c6dnL1Dv}uvS()ze6 zsy4hw;QI*vu|sr@n$Et|iWB}!I=$e7vAL}=V@ zL)&d=yA5r(p?w`2+HODlj`y>TpZBDnqVt~sg%neUeD;xe(ez1IKrD;@?AFu%zqNX8 z=l`*lM|gDfQ-i$;myclfvYs9NkBi+m8kSYbS;PC5&$7$5c@sw>jbfhEF@nkTmT#~6ap7{NIC4DNlSK5N}Bs604V-l zQH1|x`jN)Us#<@CSM>Mg{I}unh6@!^m zwW>VLvo2nDfb3m4*Y`Wgsa7whB=VUIVNr6q{U(#6hyWJbkQA;XS(W*>!kDNKm%g+qd8(6_tdhXwtu>8V4&WH+jEO z6sDZLousqBIISwv>9Cwrv^phj#sF5xO^Q#ebUHj8Tx{x&mqcIV1Gch1qMJk6AJOMR z`Pr1iLj8}pXPAbOmh^uKm}m;Yxgk5KOd;<{$Ahhnfdq5@`l z=w)@nJf>c#Bo>A3;|q*NHk0razte+&Nqed2-` zZ=k5Q3)B2w)SqudanO^5CQb%2hW#8F&WR`^(@Wcv7(8Rvnu3;d@`Gf%-B}{IW)D~M zeEo%ncl6yT>1K1?H#c)1LXMB(L#WGr!!KS9uAlX;)G=QAwQ?b zqIlHBU7LvCiBVf6cqcCXLXkVEA;^a9qzXLeRf};`MK>eC#0~=Q4?M!R42m~ ze~37p)g=A=Ik1b-0pQ z%}Vo6iPXu+@ABM;xbNjIcOKuozKAKzP3t*a@$8OCyJss;q5L0W5@I$NX5eRy|F1Qh z^=>x)f9L9zHL(ClkjXXS%a@Xis1srV zIn${1&2I0C0Q<`r&yZij_SK{l(cny`MlR?W1W=KV3LrYx0Y26l` zSWxYzs-jRL#8a9arL}R@n_r6IL)XR9CwgSHt z-trBQ=6)H4Tm`RBh7|d1LnAk^kH6X8QhzcB`?A|J=$WB>S7UC#Rbb_c_zNth_JScA>zpOROUC>#~j)QHH`_ zv5PEWTonMA>H^>ay9kgF_(a5SN?VNVm#~AR;L=ERNsHy`SF+Sf(zqo2a|LY*L}0`w zB*eex-?aJpbDRU`R1)Kcc&H4@@}EQqSWHb&c?uVDQ2`NyFt-$bIZnC?7P?>tJTB&ddWq^DEJGG^mfyIH{G{9-HC^8 z(1;g@0e%;fC|EG>N&q~0w_Y;6j6}2A5=2or!wx!e91{6?$w3~w7OmF0LiUfWJ{RhL zBw|l=`!dfG{jXbVcGCJ^r`_1;f7^J({eQQ%mIwHxL=->@AQ&cY2ILyy4QC8>BOnEA z0vUiI0#1k^LvD$$o9cW*vKH|0FofZ}y3+N5g6+yC+C9hNOO!ALmO6PAxOl}-iru?D z7lhu&Dptf+a_JHUSM}uDkZ;{)+`*E_WL?0_r$QKMB1&TXf_>Mf0^gQwU*Df^Z~Hef zD@cRHJH!NErJ_5gd>d06$${+i92j1ErAiEB0Zr5eJA1^ir#Ggms-3e#C~3i9rfL91 zxZGKqFbtuNe{|gjz~40;f&<>LJrAkKg%mQg_gq4a8D9QpM=a% zECowuW?y-ndFjk()0v}JlMJa6oWSXuR)5Bjp$9nEcTOe(T%Z?BU?VXkKC7Js@N6n*+|W@^R5I)c~(uk|oq5e6U-aY8_@o?_Cz{uA9VTd?*M z<7V74r3R(jD^%DF$9^^LnD!$7hw#E&Q8ml#Y0uz&nWq(P+ZS`4L%RTm$Y(cbRB*vi z{5^IN97~<;^XGW;D_l6r%40KjlrxjdRDLHbmx0_1I)$h zIc|rU9|cSGf+g2lS2Yt%2xX!Z60Z4~VD5s#g}#$Tp48??!Y-KPO3OpD0*27JN4~3h z*e+kSzAfZm!={S73%FJ7rp4T9*6tkXVIl7=TJ-anhzkIVTI8aJkP_sbFLA{OgvXO) z)jFukw+kGK@d&&|zZGul367Ndi^w$*bAtMr^z_YPjhy^>d06Fm*nTS}jNS8ur^x<8 zkrO^4<#Xa$=KtGlW%9rA&pZ3i79OF$4#Z$@!UI6E&CB`#DArx*1rV26#Sb7Z&E|n> zk^hzbo}b=1{=O`uvnsiE5@${KO{bEOaK+8jy*HqI9l+lrR8GYl@_o!Y3lNkkJ1As$ zgdNCGGT_pN`397eIjxwNu-w^qVP{&vQ#eNb$nyqP=T~aQCC)tx9paDh_}`THc}-^8 zD~4WBbQSkpiF!%06<2aC!0R1rzLd{{BL2=TcX#r+wUf`JyFaJf&yZ%P;cE|5mRgB2 ztA?~Q=t;K5nkH~y9<4e`b4cW{5J#tR@%XrK*l8i(iEH1ZY}yT1=H9?F$k08S=U0Br z3Mnd9)5~9O`wJUQhP>;fruhk#?0}JN&wM4l~7jnt~Gtyc)S~(Ia;>P ztlrka#j@Zsh2X80Jxgl&yznstGZsi@tUKclaaF?}0G49>%{f`oJZK3LnZ4d2>K~ zajG24-Fxo%fweovPvWTTHTxrhZOlziNmx3Lc2h01M}FR5TxM&V6z%P=I(7>29m5 z`o;811pr$Z?WcYv%S#D1T|?OE?Ov7nye#kUXQ!{`>^H`*@}gf}aR!&NWE9H)rfP4> z5)VN7fIKhB@SL0MWh9lwYB7q%OG+j((`Iodl2jYmx&9EA%|nd#w_)5+GxjU7Zdh4V zvd=2;A9;z8k${pJ$nD^D`yQd4HD;4R(z&YrC4uf+=t18>VRHH|2pd*99Y@Bye4D`I z5wm20b*E_g&})+stky%Eg%FMK{fdY`0>5v-_LUA2FW`@YwS75_IdJXt&uee;GTWsF ztEX_aK-^0J*edQ<#1&owkHXtGmA8s>QW1Cr-Y5a!MR0#4izBQ0#_?WjQAzlqJ^>lE zpa?MQo6(ahTAJD^RZUdPzj(%$2@=9a(hsG`Fr2KDYa%YZm1f!aKf_guMi)v7Kn3^J z7x>&P-|dTd{Z&NKz*BzX32T9ZR-6jS)J*9I=KY(+#dA~_$p8g_7a0xpMKhw_W~O5; z!zAmY^BkBw+ePk=e3sb%Rb<|?=KpSV>*@R--Bzcwv;S}7N!b6@Xm9Wwpg6K~s}4a4 zUS8rDlrFoPgHWbc#K?R8q2U}EGlf#RGzkNLULHL|8L|D=w<%Djanmf z|3|&G+yA%mthT>A>mAU^HrBlVBUw4+nELYfeKB2QP7H;U)S?*5NI)P2!b#)QY-8LdEU?B3{f z0*2K4m%Kl^-~=}Z^QHGlquuS%-_KJh|1-$YDDvnAf&iDu|D9$xWB;plcKM&S@<{ui z8tlPlf&g6EZo!QA_KNGI=EDW+XqJ%z|uwEY)E1@Z^DnI16KEFQ}+|i;w#5)wSxI{ z2e&+^tM2AI!$ayR*8k&M1D|RDSfc+oJB@Vy=We~VyZ>`5kJRx+JlPZm8}a;+oFjg` zu-}h`$r7)hRLPZmeiC(7v?kc3*?2TD^gQzLk$C5y0x0t`YhZ$wjPwm518W^x_m+>HePCxFcy{|h5Rw_@JdDB&J6hkg z@R7OoHGm@QRQ?p2{VYrRI4rfB8}h`Pzo3eQ_ygh8&5nc0|6s0#u}@ z$y+@npwyyML{H&8C9|gqirT+Z2~bJEBn3s6D&krcPB;EOO}X6eN=a1RPxPL+*##+6 z!tVCPbc$T8lL@_yXj&xy&6K&>AODJm6GHA!?U?iRB*JC#U$dR^|7tY4wcYv8Rvxj) zd`u5^GQq$Ggu)CvC0ck{F>x_&iv`E!bypE3mqW?VE4jShvV4+ zW4uc4x?&xU-Ng$&%4>}lWRysFZ;&X|Q7H27UNRCYTeuqV#eg#8vybt~tL?>JSinXt z>vyrJ%~W6c+V3Yk=L-ugYI7$VW}emLzo#7oFSY-r&wm@Wc4H_1ZRN?4{{#nYUI_dO z4uo?MT1OmQ>v%Y~>LX;k=Q=FLRHcv3%ifGfnIx*#8f~hkj)h~8Z}Q8770!Xz6F7J0 z!haMwFJIouvP&Z55z~sory}N&WQ>>}GiRDF;uyGGXmmq7Q|HU_gfgbS{FFGabdiU6 zO9jWU$qi1;41Q6s>(8hpItm-?OP%cX0FnE4ojas;}Zgx#T?&)d5@zD-phX2xbF;o-?#wy zts45|jgD7~XN&6#TVDEnb&@_=oe;{b+qbp&^lDNhF(m>>)Rl6-pt^u{E_Y%=YE z^V74zi4>{v@2CeF?T+{rs%~pp^2B?9b6NrbQyQW028|>rvl^u3Q)}_M5LHsHb^2Ox zov>V#5%1O2;;Drx->zx3BJaA>ks&&Q(ta0@;0g;tA>=JA5nGR>^D<$jxmStjS#noh zEQ;y5&1K{TwY{7muoVgY9NJEi{Oe%mv? z>oeO-~D&+Bwl>zVI`dr&*_du0);{WC{z^+ zRr~`FJZJBq`U?#}n@Agac*2PrVS`62)UgUum<`A<0J{f!omNdKCgOqLLY%$4eg%H! z1JE(3_eQ`q=!fqAp#>Ril4tcH<8kbGOMVcX3b+~6eIpQWSi4FPC!pL*%r9DheI3ws zC3OD}JD6fC5w?m(HNYgH+5x?92d+BOT|F=l@$}C&T`K$NQ5kcD$)JGvW6Jr2t~GK1 z6$+!ap1!TFXe=&AQIee!*>D{3UA(_+akyYk+dr!oxg6cmGYi*RqMT!NU)8*TDGKA)$$b%4VelBHx0KRU921kRG6VM{BCM<)$a{ghd6A65 zV){0ZLjrF}5fV6FCLRo*}{L@^)E$Am;fG_lriiUzOY1hUJ*L6Y@R zU@8~k0|a(5~3Yi^__ZMzn=^7A(;lz?_E%EI$DC;1g!z041yO|x#L#ha&VW*!W*dR0g~ zk=`p%@Yj|C(2P(Foy+{BVY+PXR5VlrM|Nj!c)pI+X_HzP9aj>GOt~eQ&SdKKiIFbC zo({JJ<>0hTg8f~Y!T8pQ&#nF!w}ESXGSpvHLErAW4p{KYT;5j zW=uspbLG}Jp32#v$%YibDU(F3b!y9xeop9xRD<*-U7BygBqK1R+zI@VWHEa5Fds|m z6KO({PiIsWITJ1|K9q2h4N`dNa0N};_2l|2rCmqZZOc0{6hp0RqGt`Wvc$@qiWa_F zxmoAE?3fK->#!;_!}Po68UQF&fQo5|c~Vk8|1-6Sj?MinCBr`lonkctm^V8tNk$My zVG85>pb-PQfuH6%h3tOzfvVVasjODZPSt!Cp1HWxadZu7zJ0Eg7d>#L;^u;$(TFXS z@MgCs#}fQaE!w5+pwgtx2mYAJFZG6NQ+)klE!TegZGqBM40jP`@oAb5!^`mq9N2Ej zlCGL`$R~*|E;^1mbw+ZJbp3-^$!9T(d-rEfS$l(LAiTmYFYlLo-CA5s_0$paD_>JW z^5n&o9Ll~a%|+ZcP>M{AexmjQ#f?1Nnd7QT)ZELg@%ck4zkAS4lY6#m=v1OB=WUjJ)S@kS`Pd})v!ZG61g})Y zktt=GV_V`8aHU*wY)UMxS6_rO5+)fedIjV+W9NyVET@CD4i(7u+1bQi&MV}T$n>ad zVd;_500`)|9S9k~)GC_eO6QZPhv&<#U?Wl;=(-d!7U*sXMD_A?!Ed;9?|Pfn0xreM`jQ6!ce0rkE1p| za^Iq^T>!H1lhQ+}$(mG_7Qy4Bm%`Gbx+gVLre zS4A{p1XSw`40`D#Jpr4_n+tcTxYT`)yU(elpiTk3X(nX1+#vp1TztyxOTj$T;sns= z0SXb|WA6bP7v6YByB|eQ=h`6d5h9ore8y?CVOBiPX zNHH|=EntKuu$V50Z3(6+SCxy{f=#OQ6>{P)My}mDb=>Fm#d%*0=ID#?vs^m9pR0XE zYW+WQgwn;`Kbr6V9c?@QzxxMk|BqEXpIi8U@M*9T|6kseimD@l%3|w zbO6@S`X=5W*L(z?)B%|H(O+3mbv78rVWIKm2@gSeJ2hZLSLTK0=~Sx&(2A2v(;>%$ zXZgLv((v19@c8+rN1-#CTlp-nu(oPT@Y`Eh)p}flfz?++{ zn7}TdH!+IFBbafDZSC}S4z?ncWiX<@nVg$sgRTEhA=WkGmUofJCm}d@h1FG}Ys5$a zjYd~EeIb&j`%JHJY8qczx%mvRJ~g0L{>RY}#^V&mKQD9Dxhhl_v=nSbr;fVXly))xcU7X!cf#Xx=Py|kwt9%JTeQW0a&<4VldH=p&Q zvh7JMVV?Nw_2l;&yWNwiL?vz&PFPaylc}HPql~I<)24)5MV+$5Lb}?mDH{A4E_!;{ zW~KVJzVf-g^7-U}fy8`tCYi>{L=kb)#E5wHn6bD!uz*=qSJ_uwSD`X?mc-BXIosmE zBoE{2o@5t7-Ba9yef?IqR@cw6o(lbM0#jHZ839K447^6s9NGVx&wuvzj_mw@yGQ$L z{cjZy6WfGb%11dBqr8*|;A|T8yzswmXh<(g^+6<F#FhSy{O$aHPND>g zK_x}2ZeS3Lqx=~HOZrK-jw-p1D)}vhN0wSTuF5$bOMhs;cW?nI^duBs!R2pDkn8E5 zRMLy8$4$~L@9!})x@d;|-54p{<8r(y1A~K&NvG2I?f22DK~4xa(=57%MIv3h?YH&$ zb=(v_%B=TG0Y8pm771#3KKMZMiNXBby=NljCo^(;82?cuL<;o0g5ke}ucFF}4=DPK+BTESi~)kc=r%QuPds_eWHdr8O@3hB~R z`e%^KC9Z2xd@YK9hjv`bRvpKr`Y;D$3{9&ozR0-RERd}(;NVbQw6#P_j8N*t38GFA z9l)j;x0cGj%cnv9Gt)rMX#j4L|MrgT{6D*E|DP2-p8StbU;y?v@I57iY-a+lt}}Z| z$XSfQ6*cFTDXWHKg%alPUdHlgkT*HzK%x#_uT8;g`EzXw{*#!3*J7yoIP%{Rra3I| z)(4nPUXF8kHiXf`Vpl*Lx4*N!mj71qaKVm_F*wgAppOdha-63uKhxZ@ zAD=^7^b&n8%_8-IfQKjvzy|+A1S{BhfK$de=MV^4QT`h+H)(>vJ)}ByO#kF8o!3?P zH>7E7=Cn^tcVLAv5&aPK)@mjF zvZ8*F(+`uhjP!6O2?Dxwb|nSMMszRxUBoU2@1EoLAj$Z@q)7M>pb0FBB!+Ady!FU1 zBp|^cObZysQ!y&B1jQ$aB9z2bP^(iNZ_XdgMW=$CywF4g>h0Le8f$PL|^ zpOpXa9qu{jKl=yk^PiPGjJe-HGA=R`b&~)axrEI4 zIw#sN84Lrk4T2Os24I_;R15)}3i&U<28P8XiM-hh zB4SkB>-Eg*lyplG#Z(LxE$)znM24_na6-VFMMVk6g+#()0LiT^X$3Oc`U#w7F`Kyw z2C5qxJOvSctOV+hTjYs^q#CdS_}VIqewS0HrcQ?pmHkh!+5zv!M0Q66FZA}tR1EXNj}oY|rz?neP)d zODw(sg8mOi*|#uI)XIOiVwuv7ZUG6f`TWO`|Bm(#*Ye*g9v+!SZtCC_BtVWjm2Z|I z(3um7^U=A2oY5swC#Xr68{V7NvR}i=Npn}0CAx`1{G@>u5PzC%BQ7^Z>z1#3bni+( z+U6qx@teReA=xaP3k^sY=UK&`(p0DEtg^4J~5ZcpnvDG)_s9r?PSaF`(MR3y@IyE8`K$ zAV6G)Rnxrm);38YMARIysHaRyjeUBO0@QU>lN`mKX=;A2k;yC9Eknhwz_>fHCM7oK z7#(>wyHMuUsaj71NtQ}IVLo9=St!7Sx0z&s%1dk!ifCvcF^72QLuM@^)`^Jbuzw>l5$n9`Nkm22LW86zie1iZS+BQ> z+d`wVj@B7-YZmy1+x(LXkkyk!r`Y!)NSe6*Si)qr{5J|8;6+BRic5s%4*kfUCjXz^ zokQFHcW|`!|5?e?|kOsvcI;H*z$VL6A0!zG z*#8gr0}u!z2Az(qE>m@1^NZQRb^tcTm{AVKohUnHdC?8b`rwuXUqFf;VZkaGa-%F+ z9#A>wmRh;BN9OnSIQ&0N?zcXW=tC6d;eC=OB!PIr3?NPX|8V!n=Kt&XPb+$Kp@@0* z0ie0*6UFn*nE` zozH={5c<9$?$-qxK{AA6d^1krOf*+Di*X9S1@4!SJfh;^8l_1zodNTV*UMSGdc;Lh ziul7{F~3~27}CF@BKarX2GeU4pN(d#!G0ekyk{xY7@fMC2Q6?Cmm;jo;`7Jj-KIV2=M-r5Ry%CcK_KzAGY60%6D6m;syAxDRy|s1b zU+3}5|5S|H`oQzxESmkbMf|^Q+x~yJx4!?inum+`a);@UvxtXTp!)CtX0QlJk_~vU z4Im|E?aCOjqN<$HsncMqurn?3v`U)v)MHS3>;zEQomsSmaTbBYJrOwJcHC!sdN+`Y zzF+I-II1M$3*aeXn1NDc#`tzwr84axyp(s<7SEyeZXn%f6 zfZ#(gPoISz4Y9s%n#85w)yCCdPQp&r3>Hek1t^(5D zF?EoD5!H^KPs&=jC;Fk#_L0n;3TFkRq8J-r&MYau6JdD_F~3`SKP^odJeCw=_SA7K$FMOeMT2bG1n(pDVNI2F1OA5t_ha3V7^^S-YgSTfpdd%~P+j zA2=|-*1&2Swza)^^-m4|kMGY^G*EtYFsCxm!2b_-cWwWVo$Z~q{dXl#Gyjk8wJ5PH ziWQv+Gi(KNrDyqoUu2_ywD+Kh@2^Ab+&T_PcpqZO-Km2NVVus;?B6j?M<|9T zae^s-UJ@EPD##FF66lxPWV7!6BWn3-R2Ke6d>?6r>Ca=Ux0U3rMZe>Y?9G+uj-wsS z3ZWDhbjF4R-dtI`n1G^BkhW6oVMNAZ3N|VDj=assA_G!& zg9q=;r?%uSuEhKXr(!!2B&h71UdU!V)uCg#+Qf+}_bD}FTGV0uhz~*!6C+^0zk=W- zq6+)fT&Z03qMm%wT-B)7t_olLq6+&ia$6CPB|&5xU?er7D4d{fTeOJ^A<7ug}Cq7J{`)dN*nxzG`RM(pA{^lybAbCMv0(|g2gC#t>q75%_eB8geZ80)k2)3BqOX+ zm$BeuAdp?NleSOI`j%7WGgvIZ0GiH!cMhHV zpWC}@|DTmSEz}1w{(L?xF~psDRgQzV&HSR#-YCq*VagL1<2FafyrPIG#eeAMz%A;k z6pNy^NZ8oAzL{}Q0MRoU8aJmJ%y*)C?N!=#ffMT+b&m8C7A>Q)~ zu0DUEH6t>fy7ga-!t9C-*)2f@-1-pyb6m`!2{x?%y`!T&+yCQmf4%-!^0fB<>pAn` zj46gaHYt`K__#8SWi0E(c3Mnz#jo{cyz)Zdh6hh>H<$J;{g_)GYRUx5^lwInt~^pz zxcGB}vF@234$_?U_U1KhE-)w>Lrjv4ao_8ZU-L2xJUFjJ$}&d2K>$h=4|_r5w%stlVY z1Qp=`o<i7{6hEtiJ70de`*duFjhQAQnM*J4>{x87rt z#psa*S=)M!x0vg$Z_2sj=%df(CV!jLhRbAm!B)_*ZVYY(PN*Ese*gC7H8EW-+$v}#v)5U>ASX*{e|B|wd46_xadr9O_U`85 z@)bK4)@joc(CyvT&FQQ252t5mS8p%xN-)2{>5L$LJO7We`fZ5s&;!h7gmHU%`{C~D zxARL^`khJs8z3}DXBPmQ{rckUl*u<|H|Hg_QQK?%imh$`YuE+y!TDS zExh*>;+9Lys$n$2#jt$ zp-77NETJ-tB8c&CaC#B9l`+rG&Tnr&{C55yA1+=#1ArGhm2hT*a(jMubAHE6U~3um zX`X8NPwe|!AA|$I)A|4H9UVIUe|ziu|0{WBk^l64cyU>e!=ns=XZ++0!Lt?f&zwIL zkWlu7GM-tcvW``bS9T;=&W#?!^jPc@5gO$M#5h6OF&O+a$;Eq^Ma48H?DgsS?e4)L z`ygGD=co$6KhQm{#GiiDcFSF$-OdtnXO*j@`YuOe>nHFFB+(G4FHCyY?#3#)ny2}7 zftIc6yN{H!)gCsV0>MOv68_Boh9HRfE7psE?#h7@8#`KTv;DOLkn^ z?3aB0v$MBr=YQYbS>OL!%_HJ7i||o0H^2+PG7H4uaR@UoLNUv-tfEY{h)ZiMe1r&_ zLA_GrYr9Lx8pleOv_wcvGj{_h=+UKEi!yA4!+7NfUJN~EuyD$hcUUzw+o$@DAQ_^# zR9(gHBlkO90QObad?USjab1)A+Xqbft7sUbaS_2|k@tvkUOC`roIX_=m$#)nA;lfv zl6AetN&Vre&?AZLll;m*aH{Z){w@);>47ic;}{X88n`&FojMnN+VOv4Yyjt<2rRNN z6|<*tKWOCtcKpZPgT2G``Tt5DlmGV%Gy>2ZUc9nhp=Y(M?-EN&voIAdH!&{6D<79!vAkcn8jg=vKd{# z8uh9?Vw$13@`T(O}xTVt@S4e@-zeSPY!m zn@a|;_%MJdLNP2{5`X>rjL)?1%X(r=dvO?PtOV5wH=n4vfM6D(SVa9`rgrvASPv>@ zTNBI_(HVP&QkG(qRWn{K1v;DHI&2;xX%WbeVR{P(Bbbrf!11?ux>o{wZwiVdxeJubQqj?IWYAvXH%V_>CyXu!?^u_%_6YEcXM zf8hWC_45DD?(Tto|6}`TXKnvk$5@larztZCignER5=lDH%fYZQ&Q@zAAInvb#%3LOvw8*F` zvheAY5!pmK-mZ?unEV=IZ@v%{;%o$XCxFPD_%aRlbL?it{|8Dk5WE0^)1n8fCD3n} z+`}RZ39O(=wd}5H&PWVZPm&`96gUhshZwZ+tA0hROXz%(QJp)2cBty44^jd)^>$TJ z@C76p>42TtdadfqUJqCp<^qsmn1OA*>oN0!t7&@)Js+Xi9&tY3-k=!j3r06e1O;Sb zhiN!$yONk;TWh4nv=L@sgOC)=JPS#*X=AhmS~6RzkCu1S+@NI{l|Rt5FhiMaPfjN4 zYVFKPP6}ooa*8%>jFv!7u`#-&sI>^CXf&Mzd!239tz$Q8Y}>Yz#%XNZw%x{!*{HE? z+qP|U1#9g*@A2*baO1k>IL|R}@f3~lR^4__>mA>;dJ9A(!9qrAN3|A*NXFi1z(kR5 zMjokY`{DRz&!r@;Pth?8tqEu4AG91&$bS4yWh8 zV7^_U_FHIC@)vgD#cxqKLCA^hRxK!1uuzXJN6a+BB$O6AKvgU#rNVUKe)y9b*O(xg z;2M_Xw1nngp!=kAhOJpA4&4}Q;XNurZ-K1aSMt@Cud01PM%PP~^5!Gke-Shld}re8 z2`cMwLm49v!(BBVo3xIOvs!f>6bYO;w@_P(v%`(anAC7y8~g6Bm=o?Rfu@Lkgsxmf zEQ=~8SE>I^J?6(-q_zXB=vQ{qWOCHMuCZ9Zg-hqHG-P(`{+0vnW_>vvvVl`lQq_=? zX3q^+^Ip4;VHXXxREPo;w`!gyw@hct?Das7Kv?^>h+cbHN`GeGEC4ing&5l9i`qRU z^V?~yc(3s7o7O)!YvXU^(_Lx7(SvQ&Dw=t6oS+GMmG-6j?%?5o?^}v5jyF5@U$RaZdjv)Ts8yEztfFmPu>xc(E=(t@(`(xY+Du>m@Iy#N?e2zl3^g;#oU8T+sHt!OvnW=4S@nsiJot*OTRwtu(TI`z2dGy*#3s2V6m6qcM>hfzT z3hR`L8#ng*)2!}ucB(Ii@?`d@puYm3f$2XvAY0FOBS%7zKc!N`$BA()dq<#`67E@f ziCw2Df>BB_bg=Z3w@LUuy_fEl@xBRc6rKfU#;9%8zKdnnUb0~$&x~~H3YdkdWf=q}?oj#Pof2YDME20==^v?aRuBJX|CU3sT z?}u2JSwg6GIL6?HSmPdez4{Oqc%lt;sQy~j>Ps>za+P94Q0G!CTDltJpRq0%hik#Q zY8FW;ucDGaP97bD&}cOc#e;AqL8FZ=y%XSv z4jLuM8)=x5v#BNb_Rwn)NyU!Qt=q6v2P|zvi;i@vYgz5J+(tQIiNkrF93m%~^@A`bzh^_(Y>r+(X&Y6NELk@L_; zxb=0>=Ib$AlW#XF1bUthf`oM5LDk0@#-JDH4RdXeg(Ie}(p2w>yX ziX910LY};BHR4$UPhXM!^@7!mnmRh=fT8wifeh}t26kuQ8~MwHS)gS7MMy`CWU zIO$KyjzuT+{2@?xyTG76Nd9e4btZ=@q`MdJP7vwb_n*9F_!d6YT=EshT)^u!8`7sU zPZL(G2**XR5S6eT`vnF^_bS})^Z|prfG8`^pe2E+3q#}%PU72pWU$Gg+)6@HTeVmC zwNj29qU2QXfERhkP<<|2lwEf(6ji%m>9vVx5yb{1v|$;0X=A`p`_?O!Ul0it+IUHF zNdhSpp3%Z&cHaoSsR&K3FT8Ppl&vFAA$cZGtSOAr8=|^?F*jYdWU&725%T82B~AsNuI|1m>*)fg5|7Jq`z5CaeK%&=HA?| z*C+Je0jyg|?o!DRdR?DcYqi|m^@CeJ{ZWu2$Dw|J8esaP#)4JU1;K&XXBky=CGJ!9 zIB1$Zz+e!R3DIBBh+(85BJ=yUo;kTXS9s|l4WvakqTKpxwnQ-YD|A-;nuUJ;@8FMC z{xgP~X6D(PPxFmeUR5Ll9>yh;K=}QmP4Rcqtp#$aDo`i@25hC`t8o=Is;B5&xA_(c zOu_ot+?{b<^XrpQmnh%h9$nkbO@QhB-U=1W!}a7sX;S~Z9j0zVS+%@h`@`O%kOd{% z!&VT@5AN1tNm1elkEphm{L_?`N*!(;)(Q}2=do-bL?O?nW#rZ=v_*5W;9f#gWFM zK5vSBQBg*=F}^My9K$Tdfmkfj+6?%^`_K+EI%f1OeDm8WU6>c#54vNa^vfz>!hgsF ziUP9;GCH=J$J|mLgAX6mhq&Rqj)haCsx>ntryrLze$G>b1m8z8B1Q#-K_lu}bMQT!{^VLoWjsgcVJJ701OB_v}=%2MC60i1AHls(h-VC z!~UNLTBymb`i!S=R+aIQ5DDK3W=t1&%DKPUR2v9N={qQL%}n{O=QoI$h)@ei%pdu~ z*A@^+8Q%w*X&7@^6`G_HhMKVa^df5mh0DKHvTCI(=;(zJ^mACg|A{!Ba7NaKc;bcl z5eio5EZPzlnZWt{>Lx&!38Y^n8H?#&-`@ zTXO7w%XsfaB88^x=CRJ@_%h_%UvmP;_sby7*7S$mPpD$n&xOLD1rT-?sCLCHkXiWO zZ=nTxX|Hdg%q;dfpD_KvKmYaq8&JMGgmA5l@l(OqkV;qBc0J;Tg1%fB5=5e|Dy*na zed2}*z`;D^n2IzmS)hVPeZZzKsRK?`%yTDfQcBOm-Z#4R2ba;31QKl|VQzs!xyDqP z?o_Ummt&@iS2kh>^0jlyylx5Dt!}Q=)>6zK_YO=t!T3;|)`Mbw0AMBAEix31=9b?x z<}M}Rce5k#Q>hD;Ap^z-7`idoEgF0-2$CqSQi`tLqpuetx>nR@TFDPX1Ll;`xl1cX znPunw3l_?7)L!RKy+xu}kva=I{-E-h{9D^?q?TlBCwzGyqedNlx`+OEs@$Px9sFy^ zV`9qWILB!_ND%%ps-Eb*PpY+mkXJkQ0JlLpx-HWzBttp>UqUx2t5;lG%Wr3QDzGeN zo)Bvc6B^%wd@Jr7ZS#T>e~xJr{+(Fu;Xkq_Ck*5K(lF|eYlDsi;{M`%OnD1 zWZ$y`(f0uuim~!xsV85VP>R;*zt{)7$mi)W*uSg=H!tEB)GDp(py+0uc#LSbS&=Nb z<}=yE+FVl#!onyG2{twe@yBG80!{+;BF#?w^m8J(9H5w5UxGD#RBO~k6;YU_Fdt>! zqyQ{R0g=#(KQ*uzc6fK2_7U;NEE}2{XF+B1faK?$&w)bm5uk5tH>e|VWDay@#XJQk z68uRM0k)k+i4RHl#ICP8y98xlgT>=*2Y1r@M=b7EwY^-W8z{Y%woSLvC*z3wmj#ylULSDgYT zknk{<($xxd8zq7{hlL~_&@!+uisZu9X3($9(J|9#dAjqSNLr~bagecsd4~X-Qlz+^ z&d@$d&j>2uj*?K{s~;_^R>-RC&ny3SxGvO*?@mJDEnQgG|oRKF6wk z`p%P+M**Xq7(zga8w|~rxQTcI_X0r=hoP84n%Grz1$XR$^k|njDC327oSsEP;Gd9m zNN34i>66xD*xAYR>Ez+#Z`;Os{+?k%;o%(Kw0tSEQBL$o*=GXx@DP8%!b!r89p0jS zuN=5x-THD^hXru*am0%q*1mT}3Qv;F@eP4R+o_c>5jj*3=J;0XBRoD5<`8F^_zyk< zh6D%0SV*3XAjl|j5ET#;sXSVEVfF7$8t-T-KmGE!CWJnV35j$%Ehzfhl2e!JhKFr$=p#=S2GwgT7t z^T>9$0&SF;u2Q^Ta`}>592Fe{E1(8@GzMJWs%ZLcZNBOEba`p7A;0q|u~(XCT855? zTsdP@*t9QzXWfz$+Nh|)+36xBa~iCWd)C8SR3HENn7FEdh;^moKOrrCN6qoJLmXGG zY^`Bcs|^eYLn{J^v5XSp!H;pZy_ukyo=sCe6^)#@3_><0ks?E;7U-ZW)j1#71*47J>K3n z=ikP~18iAQRNRP*NovdNtkoJG&tIZ9qH_&%1HHU~??V}v$|BIkc~i(F#cPtp7zYe; z_26)<*feJpCiL22d0U$>r3v0Q{LHHz5cN;6MqG80Y{St%^I6kelFl#>E-`wBYK>xw z+TnDU8|A;KuRNMVOX(^rsfwtg;rvPD{i`d$ROC=T15&Vy1pNMzABn-1URM{emIsG9 zEJ`K<6>yZQSOyWnsw=I@O(KQLZY?|6g-sF;wL75ly-y9n=L@_d8Au2cN+n4ru$~rB zOaCsz;U=D?sPd~Mz4s6Q3X`%_^rUFe#sCWUNeQ#Co_;ql9)(*|Gb9U^Uo^JXX03^5 z_PV8!Fl9a7Lcm3Tb8UmpRAK1)r*W0>aKW_86sKHZ=B4l$4MDGNdjGFHUa_9~l0IOA zZ)1n!NFeXJ{tifQ%yc!dv~dtd5Am>$KsA9iHUQ2yVX4sk9h&u4bF;!Q!&Wvtm3x8! zOiP9k{8+f40v)FO7&(t5XElxY;*vf9pcHD+nBPuzP0g`5PdT3<&!&Qe+1-9lpdVBt zS4uUlPEp(iaSTTdh56SEu1e5G){n#M=49|!Sm;rnSbtw9&*1?_my|WSLd9gPO=)Po z9au;-kdkZ#dXR;@X$;#s9O_(yslmo6Qz$}J{t1$2u3yrFqg_7N1+h9KCtB%$k)y62K2b(12XJ0y#(3R zrZt?=I|&a))I3?NWqqRN!{(eFL3dKBMZ&p+jWNO_n$+^87OB*L3HQ-}^(7?eeS|_% z>z6R0CzDq-h~_sbyBXXD4iZg4yr)|bL~hOR7tlZG->dO-!QRlMV|A*ZlopsjJ4X9v zyLi(3uCb#d%^a)cA57PO+t8@7L6S!}FTFK3$W9mdyptcqVBDYqoQ`WG-~jI}Y^+t> z+bJz7wkkBxhR6aAM@btwV67fnAI}*zU4Q8DfALSLW~`HNt4$rWAL{f!WEsS7-m+>U zF^1_+UH|&jE3W@N$BeYuiQF>zWH_--1i7dsNJ5Hm4F#?VZZ>=dJ~w}Xh_XcDK+~_2 z=BXjlHVWy-@4o`EFVz3>oxA2dAid)@m}iz8x^Uf8Jb@*n;%bQzYNGx?i|m((E4 zP8m@L+l$s;E!FddE?87}M&Sto4S9X#jMAJRbu6y443wye2E?L&Q{sY z+e*`rkjZ&gG%GPAy}6C#1QA%mWjv+4r#B>JE6&IS>U5W0XYp28q~sgET(VxVfza%& z%<3Cv(9o~^JF)Cn?JzXD|C2Sz)=C%6zmHv%?!;pPVDGlhKT%=P?wQHlqO`0}>!@t+ zq85|4s&r}upw5e~u)Hc4Tfsoq=bk=oV9tC=)(GOf7JC9TXMF>Vnq%^UXH9Nx`RN*j zxnzA+)kzk7w2MGV(kxwJQjAwjVoE*fEvBT&a(_b@jbFMp|720P893de1XVvP{#G3! zUY7f#GJ`U{!RC8dR7B@X#&=Gg=6=i2Mk`FsMZ;XLk0076JC+I+mPm9U5DD#+d1OHn z8zvqm1Fr})+4XU7A4aQ8T;ox&G&FP1N>J|;VBL9x-;6~(9us$N4Ld}`L;*8r77-H} z-1Mv!Lkas*x=3Y8r3B0s`6U(=;p80Pe)bshStTo)7813FhmCsRu)NYLCDD-5y6O}W z!p6&F;x%bGUawZ8W1$*}Axe-&q<47G82#Sr>jJQQAY~dnmS=)c-B+ zGw}UBvw?sshC!J;hk4D*4JG>TuXygT#!e}Sh<(9iMrWiilGExv!8H7;dK?&j*&05V z+Sk_E4r$z@G-Mb1!7TDi9c|8>3mu6N9^;{y8SW*HsGnm*k4N+Hz`^pZSEb5SZ?+2h z>0QhWv`n{v^2Bit@>2!+|KSi(022H9Mk)e#x}HA2;(azyyqm;3@1RU$Cx?iNf3xMB z!1jY3V!DjAr>=cfKDQNM{ES&n8ohW-I3F`6Irkz=>)at#kx4ig@o7-QALmvRF7LN- zOHhV4ue6m3?n=L`@zOnINx2?!;ooDYRnA02!$$=fO&f(cYmt}922A=6rA)8tjc)`) zqlM(B2F>$p|0=)#!V`tHbKn`cg4+3ytwpDzh1NRvwFV#XLJ(W>f#0T|vlTy!a=pf# zONqf#4TT@ygLb|KK-I^rmtUfAZCcZjs+MrXouQlgngcNs(-OdaK{`|32!<6|M5Luu;zPlb z7WbqW9}d#V5)gu;foW}ni{Xv&E9oU}W^AT*picYeOq0JNYNv@lx){4ivtm#+trg1% z9Q{m+#AMoad8}NRk$LyeYM4Ph(=cmL>S_;aAis&G%;xjxMR)7 z9BPjP`CPch0GRC>v1Gd$OslM(Jco5%f!Ptbr1nZ;$hi9+zmTh4h`BXl97`H&WoNgj zjyNW8f%BOeByZH)7%rIh5}%HUv3U7ij6)Y#>ikAaeX~+y_fWeT=$G^GHeR``9kEdI zn1qHD0HZ|Wp;6d=nCWeK1^)Y97eml*Lg<#!H}Ns3#J;5wr9<5lzCh zMpcqA(0&Uv$kB38Z^pf#7wauKo5#1533;)|3Dkm3Z%?rt~jcd z{>c#N8&V?;NFz0Fy}KPCNEt7>%=l~6M=e|{!x*n8Lr}+0AxH5gc-B;}ovb78(1i4ejlXh>Frt{1F*<9QNkpAPU;-27wO0A2t z^Pa>S8c$qGOx2e9jdf((gP|T!19`mBWQmZ$ahDCAmdsd(T5tB1Es|2bzT$!@3khNE zHBoW^+OUsIuQNG9$kpWOC+=oMgnQ?sipFS2?F{z=35D71MLlHZ7}Bh3#AA}|z?u!6 zlyI(h28#8?41&;*GEU}rOx-73Io7KF3Ol>lznAkz=jWkSVMVJ;jFiviZP4b|RPU6Z z8p~Ojxq6=Yo>+I9PTa@+B={l4dq6p!%lCkPXxesz(}${%a<=rek%^C{oG!+9N%XC( zQs(_M=@Wm3lfnz3mzY(TJ^sMP(W6cR5sCBUtXn03&@vj`HGaf<4gM&O*ia{cBwLHI zHyxv4Qv%Fsaz=r|G?WKRab933oUGutgrqFj$cv~?s1vpKU(urTfFC~^_$eL$za^h3PBvBJiAzdmT4NQ(=jk4^&ul{(q&=?j4Ex^3wS}wC zxCrSQ6kIYx{c>vM!Rz$C_=f@`fx|~dSj(tny83DRSI6m&BV^sIvDIdZ z#VbUs+3Di=y}@ZAR15J_1{Eiq0xtyhkd(AmD^Yk~VE+_Jx3!#7wj6lt&VPa>c=yhV zHy--Kpd`6Hz!zy%X5(&I1042tVVcXmi4MdM;Xm^!tp#KH%ai2KS(d!u)fV$sR zYI+lJM5th2U0tEkFquO@+nc}|(0SL!8Sv^8`x)f9vDMQBDr=D0nHTPf0dB83J=j6( z2^FC>+GO2K*W4I%0j~V-UziiR-g3WC*K{KETAH7CFev593$q)YiUSmo*to%v&5e6` zupWHOy~oV72*17Rw)pdEwkfQ|iUNW6M!vp_chqq7e|8QtVvQ$@01s6cRUK8Dx{l2O zN%ma@2~{d%%kK5=X?9(*&D#{ZJ(T5kVu)EZ)VQs=^OO|hb~o1xVqY9~va+a7=k`Wq zB;f*zgaY|SPFRxEWB$RP$%2GlaJt9j6O|2w#>daV+tyCwC^WbO94Ng|creeg%g`Ti zL<2ESeW~x1_59$?T59bPR(KT>CdeJl!_5;-!{pp;Kf5+cNT8IFVPR-Hnl&rVMHHC1 zF0JsRJx0#|Y=}g61&rhpR!^Np2r6C1 zZJ;xQgXHO+`=dewmjb zk07A8A~@b9=!fD*{8mnvJFsO*AmXUf45h_nHCR5o4x?@(Q(kzmE@+{ohzL1dGe!;K zcTnUy3fMlc7n1e|zpSU&h|y<_E)rs(%$p>p>DrC*MUqWMg(v7lt;P~B9kQUDgda7n#xlPBVcwnWw&F&Y zG1O{X9+1}uS-6OWVo*pU9|@Nfq^WS^xaK8Z$P2<=twvH#k9?8IOn|CiNSg1&NO3J^ zm@g~`3q>2gt7BB=)_};o7D&?Ju^_te?0-T< zvwvA!|4KD-_O(n-nu|DCB0Gj@`&(K$gO@Jn7IdefhgSUOxnWJ0uivGYxKl4yFNIkn z&;5MzHMfHH;pCvZX*I=)JwOXlX2U_(amsf6rzL@690KT$vZvbR8d z#!ahbw?}}j$XsTo|LutfeC|)m3bubewHeZS`j+_RNt}>fzoU0%rXk^%w~@_ki&v7o za97hc6z($_m$TPJaYhi*Y?O0@{X$t-=YObheg$6UQDab{zBu8gNM&rY?usEI91`)k zkiBhBf|rF55FhCYR_SJtI#iRWxcv|@tPEa*-75)3Ts#&WlI0OOpFU3`l)w73Qy(c8 zs<7OGuY!*^is@r*;gN4ty?nj6ET!)GfJS1u=Dv>M4s8!D7y7CK5xC0|TOP`xw+s^@ zQ*hKrj`k@V5B#Yt9>aV!7F7=uOT=j>+zm_K-agNJ=PwUgSY=S7 zamP8RJohpK78_Fqtcn@d@qM~)ne&Hc>%=`LK{~id;T{Iul`jFr`246Yj!cnw>tGft zMjOcY&*vShu9GIz7Z5YwH%a&5W#QljMyprG06RcmJ3Ke zOSPt13aP)%o-|y6Z?A(W8?-hS(Vvtu#$X|a61|E1k9gm1)jbR_O5ra3=f3r-XOMef zu}Yt$OBq^n(xu>x#)bUE}~pyfdEzue<`TQBl7Eb76ho zzwTiJ16NO9Dg4MPsHxAu1dHd}ISMHh&Zl-WDvKzsp!EIwM)9wP%)Z7YshX;7W3 zF0A>d84JP#7!-~aGzB;u724hQrgnMO+_KW{_0vR_DM_dcP|4{x-0SCM+||34eDBp( zm1|byMk;+yk`~L|)cvtzxGwt5p2hJd{Bb_Gql~msVD`3{3E+8jBklbD=$Ar(=*W>51Ec*< zhCHu#=<$Kz#bZCXRA@h!4hQe&$I59N_o@ein)r;62O+DU;)g2cvr5DpG$B;+8r$KrmHK}pf6uq-cVt2^0Z{*G}rusqV7^Xz9^}* zC!pzLarG?`5YLX-Le|ngR7;UBN>qKAqf=%Q(2#F7PD!i@o-=hYcfvuSCl6SaIsC|8 zfjE?BtAah+@R`lE?MIrV+rfR$572SE3SyWqf0{Pz#HjGO-dOuLgs`HOfjE~GFTK;S zdR)zUdhnJJ*mI+E(rMp0bhM{hDObpoG+GMB zTzXJ+JFf9~mkcR-tIeMX#f9V&Crsm6mOKReIFrsIfb#6vP{oG3dfce;D;RhLZUloR zxjK>nAVGk>A7V5)#m9d*U9X@*kteq*x0jKETN+nKurL*}YO~))k8}#eX!-P@@UkLcoa`d7OVNA}{1i_Ts znv(G(tP9>+v5Du;uu*W1{Z)b!XSf_e(4+#h&qN=4TMpT^#2;{r#*t;uw`k36A}9#M zN6ayTTaXx31WF6mihjtMcbv#O)DxU{vutr(I^{Mwlc7G7^9Qwcepe-~bX>TuO4rX> z_TWkq&=m&v7>l|f5|gz+PW~8P6g1O|b+~32aX~Kpmn-28PsaWBrS;gHiOQrzpgEEduvS@DUsX-K2+Pe5hh za@nZdaG7~lY(SX26pTUE#3fF=M;^}{h`21x#g0eSmf?-BON!(*k#x_!4*Mw5TVfs@ z(v*_@gd0;^THM7O87XEeQkL#TV(-nsSkV0T>oOK)mG4#Qy=3nr&AjfkScX_?fhJu4 z51sV|W%pD;61UyRVl*ScwB3PcxzSd{U$1+)ObzA2p=$Vid%|TL z5_^0oH&0IHYLHOVQLKFZcfmb&~mo)$o9Z@JKTGT(0F^})Z14<)! zsbYYsq*0qL*ws>fGnh6Ng}4sYDw|b!A?e{Y2AS|{(iPrTCOv!Gb*x5#?w|cFN6rWD z^rHwR?FnPF(7EYcySP0UW~8%>>nCOFQ_z17(xY%SgrG#aQw!l6_C^_F0++76Y%mGt{ydHjJXLWYmVwHUEan_L3Ve+t@i=!=W^ms+;lmS@=hdLIcF z%{3)};Xi@MH-H_1PK{q35BKRWfk%1Ov0x7qK|0)l402$mbZQb=vJWMCHqk>m$T4iWq?&Bq0@fbudPig6_wOaZMd?L>z{Xe=KfwhGbtl(W}XJ z5%i8$9?O*>9?klt!@3YX=Mk41CMnjFb$vTIM)4i^o=7V+vW0G^){6t1=LxBbW3t*n z_XZ0+q^3GyK{i6A5#UEm;& zNIO8|S$*bd#6k^&hANlKetd;CdM%%w(?&AE!Cc73fnWdE@k{D^Xe^?#UF88=xCE&{g zyzAmqW$pb;3l5guvn*L!)#7p?Td%*>VE*>&m;ZM*I=eG6m+%tYfpj65@QD2)$ciU= z)E^nNO{Wjf3?@Y~>54SWz{uA_l+vu=1jqZ*S$Av7{Q82O?T z*%EY`Un&Y#CM$km1nojVlO@22H>o&>>>N|OBhF>I;raeheI`+vC+ME+fYm5vdLGK+ zFeJd+LQ=0}ydxC`uzOo`A1>|1u&rjsWpNdaKzC8^rJXaGzJUxj%Z@qW>7Zhgk-92> z_lN|>52*R;rm2*RD1x2c9q@@{@%?T8_~U5kD$=mV;pWw{8U_SY!d=TuueQejs(B6h zkT#QxpX?yzm+$yxUtlZ0gDb|%>HZQseS3U_+-wIsz=V8Dq67B=5q)g*DC6aYI1Nr482a(}`@UTKR(;*ch4-1OuVD@l z7B)`auQ}t86|EKBiB4oiH=`k$R*u*k8!jHUJ#7>>g=ojQ4A#FjT&Gs7r%{M$0dtEi zM|3NOem?2E+*^u$;8m&*_L)Nqr1ZZ5}R|ne;Wi}KbHZ;uX?rimg zcA!Zl=?ii(GS5Jkk#5sZ3`Qf!H^B>f0V(#Fm77cP)@2T1m=$VrnfmX3+p4W$jWPU5 z^kbtirqL|@OVA$?d$Y!%(msQ%`^|4d2Ig_grn}%qzej1+(Pe!xJQN*3W+^e8CDij~&g4*qv9$KuRN8#J8e@u$`eicR^+SK~M5OA0yh12@{HW8#Z$Cy`|+Cv+$V1^ZTWxavXT#ZLAmxlBfH} z>&KIYjR#XyKj0tN6M=*PthrnJx7Jn-p!3NVI+5;k=xpuyXH^FqK>S?y^FZh=rle1g_-46d#&Wr56^@&v3Ps|D?2AJ2?mgn^eDbu3gvNGwz*Ep&o%xz!NXKP`2T=es<2bzMj5@+A%zx;)q%Ul?(->0=-rV^NyZgfS0dtfUEc0 zaVNyD`(RhPYFX}5DoXYu`fwuvlKiS*Is8m4q3SPtL>No|xmIb>mI)?uw+_?Eww%ak z!%)+QP^!ZT6g^TN;KdHGy+xA0n^L$I@W8oh(hlVsxwu+#dBiA-_|viYmi1>+__=%| z!H<@j9qRE-hCC2>*w|NtCQ4(17D!uUsbo0-#si4C`yh9mq+)ek;uq z7K!_b5RDxqGFhupBfZNms8BB-uqz&NHuyK> zS~qn+sBXB%P?Xz3_&^00YAYW$v5Jo{9sRG6yk28RTX{iWid<+#Ng=on-nXCZ-x@a- z+xQ~-I94aNg@*AtQEgSGj9xm^FUyF&eAjBF4;`JRp{O0yH zi|oQ>L*0#y4Iv~9v#QQc-@>#J;)QZuE0?FA;y5KuJRgJyZeb=~ z=+xmp`b{|~k*;$&w@X>o|( z)UfK7@nPY{z0g1Zw0b0u;|?ep(78)@MfWZEq7Y)UHWq4VeT;3g3j#wxuk};VCg$GQBPcZV6Y|Fw^sRmIB`kK!eHy;@E}nz7qn!}XK@o^EFV!IY zQQ+=dPiuM$!KWdZZW*vA8M*bg`!}$rLwNZDG`Tim3wBG_4&hRjskKLBdH%#_Mp!!2 zXar$bINT!E$Hw3!2jRMf!V_iToM=+PBU7i}DT;#S#i)R?yhqD7T?Ol#&sYkZ#d5L` zD#&s?A1df{yckMPGF1kfHG7QUW7@adpetfk1LPBtj)F$zdp`lc&l%pXYwP-<`gC`r zqo6LixW}Q%oDwoVR=Ta4s6m&@*=|$#x1)5OR>}$9ri7BRTKZ~nsG3;h$}S&NhwuJi z8#r|*{1W$U|LGWLSp}*(1Q0z56KRwxzCS<{>Bzqw#qPwD9+5;ZucnR_9IUOa{l#jCkNsk-EDq(I*?p@RSw(I4 zhyN6!C*qzAxBaWIPe5-iJ#U2{+)$Uq*k#Vedj={DX9s^RwbJOa!re8Dwd;N0V-{r6 z7BT0m%%lnD^$OY{jfiBnz{sQpJM5~&0Zc>2rntZVMY}X+LhTeqSHLelHukKD+nc|IOgf$ThEAoImJO z3cFr88*1v)d);#8m1?m@?~4larwn=#djGd}U!3GK6ODim!-TA7eugm{D-^!Fk4J&C z>#WGlg%fI}hrvRAmh8Z0SN(6S%UXmp2}R@i$4$8OJWhxw!PpCP?`L`tI2i-KaWB8~ zQceGs;?L0lH_^n3&Q{FFmG9`FS*lPNpwbUd(ru7%Cg4l#>ihd8c0K=RcHOUjfHIL^ zRlJ0=_yRS$nG+1zW_C!F1N2Ek$Ob>VxE7$kNBtlgjd{7uWov)7qz3Uw#v*2PKb9Bc zDGn{w`>FqY(90X#{oO6Y+e}=1=8q%ziw0Y*)_gH}i^daHIi%iB8(w;p`L(z(V4*7% zMNID+Ez@O^We%0vm^CPDTH&fvl{wEc^(f)A(Lxq!mQL56(tn0YS~R0>O0H3{w>T@J z*>rBwp)>*njj7V~L1zHif;Mha(y(D?C0odTC_P`T7cEJnD>sw8UbQ1hvGU9{NVw7xyspU`gEj>PXjS4z#r;8%v8eT32Ie@+PXVcAy+T;3BRN| z3IIP15d?69C58X7^-{T!0rO=kBg2=QiRP__M@$ z%7ZjKR8vRbR<$B3>MqF_KRH^do^JnKZ$EA!S>nYN?JTZ;{T}B0UNk6`o0Tgl=?K z@iAVIj#WD!x(rbqmUY&0Zs8bF#xdfPHh7t>Untfr^n}+ag`B)tqC|u|Z7i6q$Sv6< zI1|f}Y~zrfIPSlG-W-$Zu=oFSlxC+xptI;bm#MPIPTQk(sadvM{llBa>m z!mZ4URakl+C`TzHu6U`$zajA34jmz#M5>SKy}j|OiztH^=5iZeChBx;3rQ@N=b8Da zCX1+9@QBP|x|lcJ!qN4LR_lvfr2jP+t({=ot=vBU5Yx3B)CDVZjDKeX*ofXHp}1wu zW{S%M4lOlW?r9@*0wJZMLNcU z?ooRsdNF;=2P^Kp;0@4;*a9tzv?opcv{}02l}Dn?1(ti_toxM|+H^CNHy{qucz(WF zT2?SMBG{1fC;0($X*EI$bPpU-=O>4cR-McU<+rPKY8NpXC`nj9I9PA*wxASe=Or$g z7x-Noc@^!9&)IxcADHY)PPQ_!PwvsTYs!N2?TC@)O24VAwtkkM5gvu4Plbgu|1803 zD-6AU4O=52{2HO15RRRLOEgaWCXy*2(){e*oiP(4Qc!041W_wL+xhK)b2j1_2MYgu z1hMNE9*=$Z*m)0dl&^QdV@wC92aPs0kY+Kyo1P=dn`cl1LD-clkG1ab*drpGZ4IRhaGJG zmZ&)W=J4ZYyo(@+Wde0CimWETtF-Ldt-e3xSWNf8qgkwaq)yK!hzk*lyL^^K9DRBp zi4EbQ*ScpKOf4GD(Eu0kOkVmY7MAMPGkX~eSAD82mxeRLTW^cH@f}?eg#81`q7Ri_wipZ6A4blceru;P-6Rh zhMW*Wkv82BZ#uax?f%|ND7$5jmvD%_T|`%yS4vtIR)Er4{P#3yom#UbEGQXm_+A&X zKkO5gSF0J6$vOrTC+XA1yiw~=#WAVVdaty76s5gubr_D)H|eHWDtWStxJeW#aU5c; zb5Ds>meg}Ux}v0QX<^xa^>c(v=Dp#ah7*%)4Gzj8@)61Q*HeSXQ+G1>Y>VgdZA&lC zuqB7GZUoA-ZizW#u0^ocDMV81F+G(3Hg8*CFsIo-Dt2OKr~AD(i8oU3!2#Vh9l_$0 zH;{?S@cZV@B!svt)FBsDI?Olmjp!vevBb`bRQ{68q{-0>CeNqRbpm=qcyk;i$6?ym zw5DHRNdIeQ_Wm}V~Dp7xk$MT~x6lsp+F!X$B9RvbG&UoJ3DQQ`l4xJK26IVBJ| zY`%rpWCYXQ|18XPDJGHXIvX9f^+$5W=YTG)%in^@iL;Cj+xzI=!D8tFO>J&=Z@CI? zY?IR1Pj{T3{lvns%r_VS<>2+3>ak=lN#SBO=LZ zs`oDsSwyFjW?mgh=z~V(9KP-O-tiwmV`$tQP0GR`xC6!z~5WZ{1 z^oid4LLRHP`6Li*^*W^9^27iC@$?m3akO2KxCaRmAXtD92=49{f(LhZ2<|difZ*=# z4#C}FaCdii_uhHG-LvO(&kyKly6?SJb*p$`GZEjumX+Jwb>rQ0jlkQgZgngp+u`ho zJwmBksHo#O{iap6D4`j(4z)%PK{p4V-g#x1iXgt?NW6{{=8v7MMWv9DuUH=zu!(m- zeU1zAaj{v-IE%!V989lQ;@3$=aldVVvgT7>le3Gls}hk}^~Ai%Rq+h7-N{L}h?86M z4kh%oD1i44sdlC>{I%YYE^{TbK&`W&gOE4xcAi6OtDZ;jXT{RwdOwwZU(_?S1t->+ z=)O)&jx{by<@fdEO0-7tVt14Ijhvo8rnD063EjkSyGekQ z%0h1Lc^X3u%J>nLO#OjkW)Ifr!KGDS?{s4Ht14_3{Swz1yX z)%oKHhZg?3TnrJIU-*VS192~WUkQY;)p4ZI3hs4v70&KF8v0eVrB0U;z7NioG3AdB z_MYzJFG@&SV`Do*wyTmAs#%)@8?pD{@+cyIWV9@#OJP9b0w(kg!f3xshr7El{h0Dj zzW*Dr1Jx2ICJ=sb_?ym<@GJzYGy`)+WGm_AW)$Omnx9VK6I*Qwf zEY#)Q#@L(&OD`v$AKir-4n9R9{|Qd++Ae=Je&VsoPT$lzHy_`0T?d0UCKo1Y?vVt7I`I{ ztu)pppyuw(&uaZ|VO!t0nM1>V^}5w`WmP|7LLdLG>+tyL>n$Y_9mC&q*0D##i=``M zjPF%x@(@b_MvTkhiS@~EFkd)0_c$0foRiK+phtU!M||m*>qjQ+o;Nnfx(ig6+WQ<| zf#&;5y^Z{z-CtHFc|IS8ikMIEE74H@%6z z!L!w4l|3+Wbr;y{(7XoII&opsw!X_YUlkpMrkhn<7`bV%T>yBZyB*rQW_-)H=?P-CxBd~z&s9rrxK2o)c!Dr2QG=MSbN5qfYN?JRiy z7t3_3C8}~?mI8-0SDZutU+)hJL{JWGD%LSpwan>99|L%OgB+8@N8~5bd zh6ZZ%-*%N#%_eDnfz|z(GYZL9Q-)~?u|^V0w@bo&w7bk!P4H#7yJ?!x?2$!8_rBoI zh#{@hm`NfK&{-fnJ5NwL(Ik4he%@y5EcCbE?mBtYG4+xhE@z+kSEK9aGB(N|8r9g4 zxkJAnGPb^njWA5qlU%m_f>!qW`o`G_p^3DHtqIb2Q~^1) z+WXmv0ocA{nOpZ8Ft`{>$(~$pck!llQ6jwTxo@#txd4GGF1c4<7U0fzvln z#}%#`E;QhMyh!NE?RfEKxn}o-yOOg$3M^&X&MT#DZ(2AWcgF}H7v0Y;&II=rY!-X* zj#Jqe!TI;sHo-raZ+L&D^PrtL3B5J+l^H4}y=!#o5%y$?g#OW1hGVETyb38(u8^yDFSs~s7)fZP;c321jm-gs zmf5WkRJO0JWRjlI(T|bAbs4>Ug<3^DkrS}VFP2@JE_Xt|*A8qfd6j4o9L3H48n|JI z>nF~AQ9i6J3|DTpnoGe{7p|Q ze3DgqM`QrsTWAxy@Q>BZp+;`uT;0oBxN%Q~EN-|TNA$VGp;5ZLfg+nN0rv;{zJDsx zx9f+=A7C~NgR=V^WV&?tB##&hTKLE^TZ1fG6IhL0U)oyS=2F{?xlz4^aGxkf9Px{= zLcFv8@sj6(5L=it3rMh*dl+1=oj!GC8a;le^JDF(o71m|{d(;N+%I^*=!taEAJnr& z+M^WK=7-e6B~VkqUS6|)eXx(=gXz)cA?-%Id!wR;t|vxnzuDe|*d%LyJ$;(^ju+O- z`rUJ(Xdzgr;kSCoT`-pvlnfGrqD&2(z%?C5Z180{zsdWqjT2(-t36{@0dEJs1+i%$ zNBJ0v4Cx3m!6B{~&Z8Ebn@<2z_)a=bz_674lybeZE;D&9mVGdd$56P`eVceg#GnE& z@pg*0NAn#M`G&fBzikzczEZZWUBgg_SGep?@!pAb(Q!RLd__NF24&;N&bBvKvoB+x zD1RPe5k@%>mJr47XmpozComOn3_gCHnV(rC^&<56@OW%yZ{o^dSy+4{KH>kJ`|UI@ z?3Mo9&Fe0)?fJ59v72}fRt_ANU3jB~O;tE&83xasQ@==zt;9%k82EP?))kxQbeMmu z?{@>QAyHR{iTcBQ)Wf@ErsKU}4<$Dv@|M3a)aO&dVDR|c#HEu{TQi^mrdWOZsS8F| zQx*wO6f;3Y(~k{#bT=mWr0nd*v7ijq;Cm}rv1gxfw^x}fGT$*Ht%`2MLTZ=`jO=RqDKDa9r#nAt)cTev30n)I~WPLJ5(g>>GI~KdQOj`zo}_usY^VxkQ3+ z9>m?Mjt=-*Z)ESGw!RReNf6mmT`}_4~ zbch@|K;xh@7cg=?A0qvW*T<27OHnBrs~P8PJ915mv{y#_lH63%A?zTe?0X-+31*Co z=&a|$DBpJ&RnR}Q$m#KCiVq1YlaG8JooHTUx-dzoVZLONXDud+7KUEk+pla0 zrH;tt?>*QQHV&r+H;*X!i5e8=Zy4jKvoK@!P;P}O8ZD{Hd?9v+__?+Mj6ILqgcv<+ zM70!{-%0FzR)fvK!m#>$%}gb*NNU;fJG}!~B;ioTIy<1ek zi)Lo&8{@|c*Y)R?$c7}HtRM8*&09|=W4e0x7K=bZ!Q$~b2t5)#2=ej`0Ji+{t?d;{ zAFWEMNhT7BLH$|Yw6!v@*6wZ#wzxlU#?06cyoA}bJ>|HtZN^4tK(6+7Ju6Gnh z9R0JgFznSXKU91oZV}DW>m`Sf^?;ABC&0VEyC`-9yOGX>e@i*PK2Pr$ZzF~>T~(g=<8w~S%+S8!6Ewyxg#Mj z9Q0HRJwa(-TY)TgAG16GZvACUf&@Ovm$ftt9zH-0OPjfNbl=wgoivl@ z1<-H$@5>eV9yQJa9UWZJZzTQJINM>Hv$7Jq%r~!f+7jxJk3u8n5G94GS`n4 z>nGX6%_}X4dYvp9qY($ify_7ix}U4u9jm+-TP`-;myaK!6)-}5 zGJ9SSz-ruT1$7kp0V9+7(!?+jU%Ep(H~lO?UXJ4dWaZv=-KoqtymTRn$+Qp~>?%F| z&2XvR46C?tnDjcJ`iUOIWSMHPf6Pel1N$o#F{!W>_R^#>vf2K|v+kIuWz+;~`&f@#% z@LA})o$081VuT_UEtfz6q|C*?L(%}GCkF-A!gLPQ)?xn6IWYJEY6m|QQ?Q!n0^c%U zv%Up?e(sC}R|9!U0u{;ECipP8Z70k3$5-EBHIvr8)6LbM?>{)bcf*6u*TI8rrc#Rf zUC!R+=eUsw^v1xxurog#+aIG}?d}eFX@3{M+?m%(n4H^4P~$%Ry8Z}WdN{y7*gQ!hvH;#47Qr}T` zN(yX2sW*b?k`UXdp(FFA9N@$a?HTl?$VXFaE}5inKe1J8gk z)BVo~aYL6w%J=Jk63yicIWm`{mT18b7ugTXdu9kveP=`%glInReSeWHC04#J2Sg-! zGnzcHCNjxv+ePQ0#Wi(3<=xl#x@y9z)lxPa9+kVRm8usCTuzH$9YQJLL}?a#jyq`> z{1UT2#xb*f!<{WqqJ5oCVv4})t{CiX>TSjSkU^u%0i`EIScC-u4|jRYT;Or`UFn^g zWfi7X@t_s;`T}Uk1IIb(s0>9$qN+x0`PgJ1Oz#r5IkXw7p9{6Vu>S>9d!b?1@tLY9 z(P}{xjE9jVLRp!b2#wpbq>;O1>X0Z`{Hw%l6fuvqonpbCgW^_4(&8p}OAMBV{$f{< zYWas+PE(O}!g|!AMMwY65|Z^Un&mkkNA?Qh3%&2$ zy$&hr3=uA)lX~ul(cet&k?HuSv)u!ORa9~_LvjR2FLywyt=o1#j3)*jD0uYY1zFiEW)Du5V`)(Z34f%m+}#kmBqlq_l63pAU#8Sb#r% zN~5|;sI=m5t?F}^A)dW>c&+qsZI0}JS!khQsnCAZ-!`{C;!z+IA%hjy4Gm!ln_G944-95ow?zut(g{ALnby6U*?_8MbxA+{*@76nhiN*wc8RPsv|ecY2R7JlwYVC4~*Q!8G;am?EOrJmvLcWgPo(7fie$8Z(6!?io6&a!0xQbFtKb+s8$-LRp?qk^m=3A25C;8M1*2kCqr`)YO(ql33{F9`=lBZYPAD%(P zFw!N$t@27GNAekIYp#^5*%^@iL*w$z#^K>*7dK#YD!2e~k-2^DFSglcD2syPwYS$2&6ceg4lfIKUQ zW7p%Wb`bPGqm7xm663Wz43}BelL!f)I z84z6k?;J_qFw%1c1_fO$yn1f4F!XVE^;&8WglWOpD*ZW+J*@Sj+Y9uzMrU4@{9EaN zHcGAQsOGDdt|U+ZxlGIFD#Ie3JSNHhT5qZ}Jxp}B@T#TK54bS;S(jXkq>5zx|wCq2(OSD8MWy}y`Lt84W<5aSI ziNZ@%P7GH6>3yOv|}so&Njbe=!!OLp1`4_)9YZ z?56;d?(~j^wMd8~3fXR)kza_|(=?d*uPDyr)lwxokj(HHhvv7jLoJbIas#Dr=$oT*G<`bIN+pb^^wE#!6j;1t0e^HJvAoNh}nq9EEENh@y=iuMLj(_C>9kf04Z^e+JkYVDs zG@Sv^m!^KMe<>wST}k|xKTsG*=b)xlVyPrK2o0Z)mlJll$x-*)*@=WsyypJ1C zimPoMl4>8Lich@fX>83ra|&lDlMNK|BuYImo<4P1gs`ikxR}Oy0c`N}#YEVoQjH3j zxsuq?rEUn`l6I_-MABJ2blNRblN{X(cxWAkGr6wjp$8$sZ~E>c6r;!riC?3jihQR{ zF*RAllmN|iNBUWN*imwx1|HG@B$1g|+`?ov(7>ZXwi! zV(5>fX(~cwt~JL*FC8szf5lZbBjr$fQwdGgfEZm6f2%B~(o%W}qQE$W)tnmbEa ziGCI7Y(qsuI;`AGD9hfm3NUgGpRcCQiQ=oK-t&=KANF^P%F7<$3wXYqG8Mqq;j*cG}NVD0fo;IUR4s=ostZJx@vO>UV zee|ZwavKy8DJPflit!Ecf8Ua9K#dE=VcakI)?`V@QKGP@8#&$nb`*`Wpc<)Zjvl_B z3|4zX>f3nL-tBB>Nx0Wa#*sA^&hQ_HfeQm^Z~c*++g{!Bc?emWy(`oq@kE?UEU;_u z7Y@TtWPZYsmLZANNj!FoGd-=rGl#?VsTaIY<6H9H z_-YmtPV8!7rGmd0mQtT_oZyECZR#VTM~0u4wAt-h7PH(mcIf7$_vH&&gw(yTl6X6# zu;L-4eEtk?E!r6Z*`mer`9Z2rlA))AAoJzfwt**HeMT!B6lSt>!-jdnPWuHj$#gmG zIH4T3rmA-p;rn#=;|Pc5{UK~wdvosR;vCrYq(UCFjflN=DqdO7GAyJG5-V11*Rr|O zPtFF_NOCLMTSpaKN@L{yt#10cTpKc(p5op~b3H1qE2>jvw%8uU+64y^wc6)33k#Pd z&@3ZZKbTRM;Qb9h7P(UDch9DT{K6{9A~Cca7vK*(*@*e_VDs~ zvMBJ|W#hoE_@An_;q1j<zKJml6l=;m0oL?S7x=_BQu|cYIflNXyXOk_Usp84 zZGVtGAtNTL%|al3c!S|!t_Ub&g7Izu;Ku)e5h=uFusL&cM@NsmBB^;u(K^=XrP9ns zYd}o-2yOi>B(k}B{i2%0WprlY1(^=Yozfs?5Ej3md;BO}Kt|!a5~_v8pY$Em(0NLK zWxc-7yx|{$f78Cb>*%Sp`5sl^KAV|vIA`<3GLLnrG?((`p9Bstg? zYCE#K=*>Y|r`mg4YJbk5%j501`^8Zp;~U0h3>=x;$m07+vWx+i+_57MJ6euP<+rrm z=Ybl#^CAx@o6?v6ter#G6dzp$iz)+X+9Z=Kt~fve_WkKeV@Da+%0E6N*E;#$rC&e- zq0Y6wvDM&VHIH;5utUf7_eT~vUT*EDRE6>q3D=vmzE0Fi{Oe<-GxA2~n~#v?4N+}| zwnq^_Vq$aD*qBmt>4&v)Jqeq$IF=bz)rtK=D<7R8A0n!%(qzif&(@@59w*0YJubp_ zb768CGdJM#D0ue(at}|*j~5bI4-vvdy_+%y><`xg;tv>{51M~R#u&16 zm0M#*D1M5g6%xvL*_G}u&y5K75=JCG(m$3ZlGFv{#V*JQ5>&+mv!0b?0mnW$5$#9K zVW?`F_ul{3#m;VxAt+f}A~+kkc#Iz*+LVsks^Q~5F-38w$v0|SoE7vIHflk4S{yB4 z3XX^<1W~NW1xxA8nKsHjBw~l+O-Zxq8YZO;t7-urmzuw$T*^3{6U(t*%6tSY_u-UR z$Se^;RM?iNnjo!FhlvisMRf;Tr#Xqdxsw*I4ksL+zd*6yNxjW$APG9b`nAcvb9g z=zaXI+s*vlW)|u!i|{$h!4$Ip?v{u*!sJ(Y18f}*3IL>09M6!so9gXA3B51s<3>RuO&40Fz(D%qNDWZL-B zPw6b84|2m$0U@x9g_IRW)lfhsCJjqG0K$n>`)PP5M& z`rCR;mlBCb3Wt@o4>)QZI8WRwr0-mB_Mlk(%n~&|y0FjMq=)GXJsc_yz#BR??hvbN zjeT%8I@^Vh3BBwl}ms7?k8mM zM%LHExyp4pGC`e=OPvjpR!V?^Q{yJg)Arme|AogRewuFMI277gBM6Lgl&k4B8VMmR z<-C^d{W6(s6&4$==%_XN5R>4;%Q5^TeSk)OLN%QTo(%sRB%|2{ug70hmr{i6huMr) z{K;bSMzRoZfLRIqUh4MNms!L4PzO0t8fH)TC^2f}y8&BWaM|Bxvx}#Vwwm{jN`Vcj zQ)dFRY;ul3PsfJAw#x=$8OLgNhYLL^5MRk?ewrDv{Mr*^FLH-x+qeT<9%_0ld9b}E z=HwmMqB-Dbz5);t5&b>~&0pgmbRN^_y>qEgU1JLnsYVuGHJ3+kpr;QxMw)8{HP9ve)r4M)`#%?8m$?omNlEl^aK{wN_sUmzY=`JIQwyzMZR~Q4qI$t zZ?d+|Lzx>mo(-8BXn7@#7v9Qq(b@%FTgZe^WiAJGBt*9PX=F7a)1NX=qNtg`M-4fO zewaw-)bFDEb&#oPL_9Gziu~P0mOzzqjt+f&WZWji)JLIB_e(r6&{vRuWxxQB{<}3V3AwM4AZK zXl?p|saA}kI++gHacPuLKM}b*(O;dT2Enb~*i_oDyuKEpc*NRD8d`^=79n|tS>vPj zd=HN~JhD_9UCyRWIkaXZz*QnS+>$fpY)ZrKvl{4z3a=&kP8dN}hX zIKIl|cs0rVXBs9IGAd?yB52cUhlC%Yh3zEYR5U9*M(b}mTOCXO>X(P)V#0-QT~=ca z74!+jJD;-1Tqcm>Ja{WZag{~7=@?Alz+CKV%6`z#kg>KHVV?bDMm6&DQVxT(iB0}r zVp61a6Z*^Tk)d+&uvrdsvNEpjFCY5jPkuMe;&?^ZCy0S#6bCN1zY z{`);C@K{AtoW&$L;Vc0!^J0?t`IQiF3l0u==(W4(w0-A#Zow_iZO@J=aA^~dhYPnC z_!Iu-^Qgwe$It(!rk{O36EWY&PG)+L9n1Mt!d!;=Q)JY3{_MMnu(tr^?>81#L3Hzb$pT+b)cH~^ER! zXlnnpF%rxLT$LcK{K{&dx!|t;1%E$_?&m<}{n_JZTjwWNnFhB4)-QSGU!3suw1;{h zSAX7C%YUl*^9Q}4hD9*eK}I!8vf|4Vdfsu`1@-s6TVzT|xd3MgSCht{xhoy2B8h+9 zghzm&Z*gd334clSNuXneSfEMoS3byUJjm(4`zOquDTZxNC1seFIV}INN4AL|h&>!T zU*gRD$`eo5M4Iy?Fk&xbb#Bh(dTw3;kEdN+dD=F%)}y&W#ntAjD4Yughy9%8ByhKX zYSD*cm6FqcnD<#%eNHaqspQm}dz5R)XFGjuT(Dz|(E%<+KHcM!@1{yR*%|g5B+;EP z_<`MU!qe9|Cx|Fn=X|^~zkq0mF+o2c_Ic)qN43Ziwh6!5k`gDf_b$xvy zuL81^yW6UbB>WXRV2E~fZVwdSRj`ms-cM=I}S5!GXY=#kcKS}t{_ zEOCx)SRZf_>K`c~GRx5?bX6%1cNZ$5u^m+VlBuyCrJhGvcw%C_nEO^8Kbs5Taz=Ih#tBV#kisXfX*b`voakz1eCOl5I%uoPR7%}D*jBf{o(JNCqm+8D>M!~x?;DRvWp_%PJa-5t1qY3m%qplv6w%u zbcJeQ@e=s@knAfF`mw+Q!|UT{FSd$u;mN@ETC$$kcHwgBHu2lbCmxJ8=r^VQ*)(52 zK@QWe^4AuLKt5V4%hScC8wKE93#m}E%tdNXRRcWtB}1S+1&-2A6BSUZz}ZC6s};$r zM18H|nHM4?>D|m_zHAh5_1YW&_yqWtE&*pqbdZ_S8skk>%{0g|T`%0|jw8zp9nYYu zd_STOdQW6q78cdvOlvWc6kDxBUzkW&XQf+d@?aZcZhydxEEEkf`ON5R6w@-pZJ|&b z=~a&|Ho0v{<|ej18j$$O>0<2vCA&-|hAmXdzkvljOq>3RNyB{q4k2B5e$?x$*j16! zzpsxpXN#TR5_4c>S)_RfEeW}X%89uQ6R2wA*RYK+xow zdJzgpX8pT__TQYMO1{6mlT&@k%zORUlRQTpv|b8b`rdun>KvoIWQQC%~aXS>L1zp=lQ>7(9q60FLi?PE)j(Ws|QMV6*u9?}CqEGrL7gHvhZDSky=~r_rFf^x~kpI#(Guj;fXk&p+ z)~B_1q14~I*k4jwQYM$cUxAe51RaJwx6X{G~#qVL1E zosyEh*pfi&U!XY?%m@4}Ie$V@C!X3G%7B?uc+Y*-gFJCOSE<=!)FEyCIz_Gp&wFbB zy9xFd{TDn<7kND1^TB0KGC7m+zb<*#G>x(&QOu~ZhcRb=b_pc2T)S06Z)i~82;X$9 zO4gYA&)Oqf&a{3+SIzmAv2$+T2A$AIKD0HAotv4jm!OEab0c6Ntr`dwP&BlUVD+-) zl2WAO=@S)U`SQ6OFl3psiidRlAuwC``1IM{s_~9U#w?#}f~C)^Y1b;!3d7L*+DaNs z@9oKK1b0OfqRt9##&e2lSuA(N^R-xIzJUiexffhWlBVX_Ay@R$rg*~y7WVPs3tzcR(Z6OexXB7Nydo5UX0AYFNY(KqCgFvTKMH0Xg z^|R`u@r}YUOR1t1N_sCZLO0nT8~@yvlrMEZBooZ5u3!v`z+COEKlH8LlLx=Bxdql0 zrheZy=>GKOBz9&h`n}}bTY2I$v(Hjd%KMFHI_?07OTgh;Fg-Jp<6h6o9U|WtD{Rrj zQy{Q-EU|~?j-Dfh^FV(ALvQrGLd1+a(j8QrS;_afVlO-NYLXKxD2lpmHs%z8$Sp$d zSW!Eec;-1>ekOw6!5?u%SNpL3|E29pBrNAM&ZbqsnWo_X-{qNoUBUyjhe*XtEPi~q zz+1~P1dLL;|Lqu5551psbpYI4Ts&)s!2EUf&6-tAD$c7a)sgo3?E^X0z%fC5m?SYg zt?|<@u8nPw-E|f5t+9w|Pn6fItuur25lSXB)C|t2ay3O&&#el~k^suyV6DKMf~!$= z-q&}G=!QDuf=f%h0O0q*)mi>-8+t#BN-VWmq3 zc5RFA2KP;DV=XF!P3Bu7XCTN znA}?+O4NzuKb$CR8Jcqv=$(nF00=VEtntC3s z`=>3lktE*Lnl;WC&)@YPwTZG1healYpkVE*<1%aNK7njPQAgN0r$94c00}cr^*4Qi zVKjU;tu%cpw2gD8l-|NQTgLT5H&I32v6j`ZHPCwFFLz%WVQo5j`=Ia>BSCIJ%YFUd zPqlB57qm%O&PvYa823RVK*~^2UFZRaf5f9^(TZqrR!Ftw)3adz<@3D~)!*1&o1Ak5g2X#PJy^QVx zO-b1yO^^{IJw;9zPDn#|LSB0o>XNVDxcKu@$?xAh3QDWs!s%bd94%8*5 zpwb;*XJT0)B*$ie8DPC(m`;{_e#&E&ks44K7JFPs>o-T+puHNAU z8hkk%G9#kqK1bI?YGNvmeb0ldhR-NF` zKgmU@m?u$R>s8NgA{L0h5B|m>q#CFpv}B%#7{F@aP?!j&D?U@TY+x-*=e!(RQZjTV zEA#?G;WjsW;=WXGz*I>uATQbb0nh^*9fSJ9ABu0V=zr%!Vf^&KgVWxpYn{d*_Ybr_ zIGmvySDYO!#39c9unOn<)~Y1z|BIhvhdg5v!Tg(c#P)@lLsJ1yY{caF?uH8SyZeQl z$3lt$zEC8O4Kx<;~45-DdGO(tY^s_?4Lg4!m=h?Pf*jXB$YP`w^YJZ4` zrpXw~Anp+qgVsR>$7Ml83EpMZOBK5QRU8vBp&P+v6cm3ud}?yrSa`7QA$-q4B~)5; zM(I*cAnIOWvCHPh=1HY<d@@rZC-?kq$(W&nlJ#iJU$EVylHD$X9 z0_hPfr5h@4|0xRJQh6;UjYxS>_k;l7>@_KpK;|kK7#>MG4^x@?YiLSo12z_3&INfZVUdpQ(n~y|V@?t%7{8xuqOYexD`nAZ@Qx$X zxQhT$dOF(K%f`&k*xQ9BNy8;b0)8^%M~ZPX+*RYkgb-cU{v|H%KbmK*4}-B^)#+b5 z%Os~Yd2FLE_gqmH_E1fql}+j9`1^B-1Jv7t9+09neusy6PJawzpfS~7-SQ`UFOLX! zBUW0|Px8R6nwQr5p<5uiMn&q#3efpF;3hg-98L@B2P46+nI&! zoUy3Yai&y7y>xee0q@4h4IsD8l?>K--RqM zagiolC@T<)}; zZJNm*P0nHbSZOPEy~XDP6=kj)IHstr_bOeQTa$?0!8D^DHwQ0{C3BghJ4FDUs)#LN z7u7S!Yx@w0l>eXhCA@8aF)Jqx3Km#KZHmcwL6#`?rOeC(TTmQA37qxo%t0yH?WEeo%lW_$c7jNp>0}{cHqmmy5l*^ z>RWujW5Ov^br!rG>qt{WfmBC~_L-u#Z2W~H2dE`2LR@HM16D&)IVh$|<}AUMrBm}s zQ@+&sQNfARpp)nCEPmXfV${ASZ#<7SiAdPcZZo5fx~s5KN!Mt5!_=^2SZ}I)Wbyt- zbTr#^Sge+ZycyA$Uw1u&l0rS!Fgq5F=~XNTTj4f(;NYx>W3|*+_o|pM_aF>G{@*5c z*yTS9lA&JyD2~g6krzs>vm56y4)zndMk$~B-RA-wl6W4)=#XM2w%3K4{dTCMn^Vj*Kp zBN|`G24r9$w%E}RCYsQ2<&?d5_XsD|$Jr4O!MK_&;O^wcjsX>Q8o6DjzEltTUw^7f+X|UG zH1lBJq`k7yNEYbWi4j+seiZ!m&P`~Agq12H1O;S#apYlAldoi2>wCivcc1&jq}&pp zJ_aNS=R%LKYbYeSuboXVe=3s;rPwXYSzozVWz=x9O?+K5GTTF#&4bs`QxzyY;FG`y z6g^N|6W{M|FNf_lLpo`FXM@%dW^0-d^(*MH?9@Gtq=wkDKaW*It2^!x1f_;?1VsPg z7gab5fiB)S>t0CJ?|Mo4%V&3ZqOw9f|1(;zO%i=2RgPPz%#sS(p8oU}olB>LC7*Re z9Xer#g#vXPHOBr=WO^sIcgRBxm{C7*>V}Y3Nsf)NK=$<$ft*HtNwbO-uB%EjjM{JE z+abjrzs-o`;;s|5ab?heb}CnVsLBwQcdCj;#-3XAT1i}KrdfA?TQhl~{j&sxv~`XO z5l($y>H?RD5pSk2b8b&Y>zIK&_*eu7R?K;T>op+olNZ`~zjni@FGw z%U^j3$|hIfC@4T{TEkbIPB?4OC)pZ`CVX)~~($Fr?} zT$Y@%_H^r(C*T16%}5PHR-7(Oa=x{S<-2}r^?%}DDk@*F6j=KoLw<(;7-#J@f(`fo z!_%Q1|NHQ0bhOd`t>dxo|3j&w>4OD_rM_p)b^xXdkl6!tIcjKt_n`%>$yZh4`|Hc^QU(A$b=T-W`Nlsc}xT~OoxKeqF~93Brh{y%GZto^S|ZyyvuYwoGh00Z=%?*be$ zprhSY+z$8!eFaTe&J1$V{r^6P<8d7Flrs&KpvnL5=+NH($HyE0kM%qi``?(}J}H6G z@KdD;)*x0aBlzb;_hrcVtFsDE2EA15yOCq}aUo2C9k0r|yiOAxwajkm)7*Opvv4X) z0gxMCNg-u^s>Ga5&n;|5(do(SJF; zeUNEVMCETkP`(#hP48>zOy{aSYnkQQU!+V{oU&rZPg0AW7fTd6zqx{7TCi0C? z^OdjalN)QGh`zd$eRHH8>Amc<1jI}5%|1A#FF~*I>9Y+j)smxQD^V7EV)~nwm|Lu5-BPStjF(sQqk#Q$64>j;S!ui% z&njCSr(M?=Yr$uj&t9-om;m!n;e^(e|7Ww?BqozLxOj(P^mracIU=M!Pf*kOZ{+BI zP7XHl|JUI-(tTZ*6s_m|Kh!lQUI;xnrFQwN9S5 zYM{n=QE%+2P{6b-_nnxm*a>)Q3=lwbbw&F z-LPEWOI^zOyWR)~Px$G`|I3ZpK>%pd|DPV%@qZ6TCma3GS{{r4m)`dM3IOH0d6E)< z4t`%Ez=q}jg;;)n=8rw|;05Xb8#qOM+5aCLot!xK|C{(f>v<~ZKb_yzZ~z{iTJ0raZ~ z*3te9CJ7EaGw!Ny6-M0)xspBw5nu(%?e9hU`1Ug3pHu$%t3Ms(KN+XHQ#j}*{m-GJ|35h0 z#D7@NW66IignO^DU#g<}K0&#!1ioLHPojDwko}b|0yg5&Mmh66J$3y5JPh$HT|N(d zqy68h?f)@4INA9Bt>rQJznJjVL}V3>_Yn)arm1feG1Y|26B$~5sSKkEMS&K9qUGp& z39PF1+bwRi9FZ@4v^75q23@s5TsHoyngchiwCv*PgkhB+uP_{IiLcrS&=Pl>u&ht< z@$>%z=kN~ge}rL(2zia8dI$f8r-}c&_dmno@rM7ebDEJ%h_ZDHrvba`)nQ# zw1x9MB!SK5VH@$nfxItQPf;j@NrIR!|3LhyJI`x9+v$1qPi6oB$1~6_s<@Q?L3)Jh zFKeR6Nb{7IZ8xTob=&a;6JV!~a}z1TdGH;A(eHU&ptos=0{)va_17?c47AVoZ(95c zM`fHlO_Zw~+!RNs!QIwzon>{L5!5@+{y+?mL=B!BfYKs=Z1$X$D@^yGb%9{ed3|Vk zcpC=%lZB$2TKUn~4Y}%Q3>1F$mzSn8*kfI`wj+oY}<(GlKF|H>DK)f25rgR0v3d6h}%; z%o#_iDuaYP;M_UFHv=VWt^g=GUambUaK1RoKE~+^v9<(&vWfNp zR>?(vP+!C(#B-ECwq2&GLhFSZsTu^O5l>P`R<>eG_}Z@78u(VQcwPLpUL7qE+3z}b zaoGo~JuPY8(HBtQe-J@sH-g`v_^Frw(lNQXzFbQ9YZL!}Wa)oKC!74=YkHW9=gq5Y zaB+RP)FqD)75R$s=zMCFJ(T(^pzL`DK$ORGl=DiAX^O)9{oom3T54H>{|z9wkYHaY zFh}Ae{ga-sX?=vZaJ1PcTpn5FTj z83GfSMhV&#qu*!4`i~qX2okghvutmUli3t8za4RTz~B6xRb)MvDvBS-fBZlKA1DI5 zzAp^5`Uf^wT36>qk;k{QLYl0~S@ZZAS-n~It71ZH>Ty`KYJY9^R!{%Q^mYyO|Jc6& zr}TfL|6j|)@Bd%_)EE8dE9R-we~OUK^j{ABPfh>#*Tevr7lYCF{{9d1{U7GyaMR2Z zcB%^+JYa{zk>Utl7w`^UqcBIsJ2d8yq|)Kl4?ZtIGAN)`cOUOKh6iut=kJr(G|+$k z$3+4O>E!ZnJPq{!XmogF+kb8Df7kSA_rKSCvH_cIP||}X8G^NhzN_otc68ktLC-qy znrq?x9~q6g90MH+5EB7*1aQiRWb#G&{0Km>7l0fUvpgjr2zJ54Bn~HFieO4Wjy}y0 zDdO}FKydXNQ&{0y0Ych=*2MM2`7bZ`{@+*EWmB|2W>CjeQ#b|Up7$=nw=fyRpD*Z4 zT=3a(&{wt%UM2*IR{0?E_%2Riq6Vke<+?RiB_4wZ1Sk=YQvg$7_P7gR@&F%+-m(pZ zjXtvlv#ZiX&71_;M63|tTy*Q@cT0F;F__DgnQmd)0|+5Os!WQDNu1t21AGgrm7?H3 zdkzA9AzG?v15o2O+xT+!+{Yxf0;UGh3ZYDw*Os>@2i)f%_*d|+ATSk?0>QK?ZJE_I zDJ>B!3xjqm&oSq#yMNcBX|!vd#o73v#&KgT7Iii6%PdoaH8wem4c2R@fJ!UZ>i)bd zpi14XPh=}deTEZD&u9O$>6tNmzE(C{4QQ<;Gv-EZ1h2j=FI3irL1;|J_b1_Qp1P;K z{Quj+P9RPCpVK2-{y#W4+1P)q1E7jiZX6 z&TB2)c#Y9@Gs7!4H|{%Bz&H&+@B$^MD3fJ)q^+EyD4u%KI68)bm9-m(wYVVpxxEt}>#n#_1hx zxHZb%nihnM;@xR@5!`D~)B@dR0^0K7diuYl34QhXH%1r&5D=!a4nPpH%rR4#1t5sfJPsW? zT1gryI0C4;M7H`;(Fq`}*pcRmzHA`s{SfS2y0R#_6p> zcsL^ko;GF3s_0egsh*)!VN+{t5k}%+B3g@!8#qR=fIPmG_Ym(bIq(=Wav`p2@K#-k z043T5^_F+_(A>w4!lgAdv~E{u_=Nm3P9uHM@tu2}!i-EX-MFgvf`7W8;#P;%XOB?p zcCi&$G3+j@Q1o5{X1A4SZ+&k5c#RSi7C5(3bu$`RUAi_|cO{K8nvf{@Kv|lL4NuDM z3K0JImL9Tg<-ZFOzj<}NlKa2I!{edt|9N_Rw2}YT@i6gD$b6`OLqMPK_swlWrg)YX zZ!-!M;pNyHfcdL$Vm7#9^@k{VZ}00@J#2-TFq{>( z8??T0z0+rL|E%afXIdXOfGrw6gOItXRkQi5*r~rMQgUfl4DQim!v;|R(V}r`z(v{% zp~`}Qp`NxS9GMju?fjWpNi}mzVU;+td2D3S93;9Bx?(3a--b8bv-PglUaQ6g8& zx4H#3!RT@kTr+^x+dmQanvIiRz7c_%EYtW22;(PSz1HrD7kO{pLYqs0iFIl5MhH^A zODgtFm#jp?7cvs=(3QG4)6@a52)iqBadd1s%+l!XITg}J=DSXMHe}Wv)m#$Q%mexi z!$L%u70Z(?9^usn_{~3M&I9lY&r&KAMixiWkh5a|)$^^W zlUvDkcq3k}^R4CF&EtO>=zq!Q-^&u+b-)eu|LDZY|1{d%|F7v00q416r`YRkzJZ$X zKD5EUh16Lg+=mA+r@b?RBKl{J(g@|O?iG%@Xl?xi>X{*$NhaoD!F8`(VQH#kbz@iC z9F7@IsoE-U#5Ve*zh(xY%>LAovF9O^*cs=1flzjVvq!C}k>7y}<;=#(PMx6@CT5LE0*a z#2e54boZ8|U%Hie0&h{mX)LWRewK-pRit7ALp3?_)Mn@0rVe)ASs;Nh^5W6%`0F!m z0qBYGPW)MX#kgRa;sWw}2{}0Z-Fil-^%xj1Ib+qnwH`40Nir0kwIaj%vZA$G$0pI1 zj+2k>2zWPj{lV;;9gk|||7;%ae@qvS`y-zw`G08Ze@3T=2OItWS{_6GXNK{wAdBO++%jkj*21T+HEzri^5A-b8PLv+cl0?YP zDzuCSeyQ2xZi!=@PeCap8yWnTmEH9b83|!n0u){USUQH)XdZ=8h^2A#`>Sy`v1UKA zY3V{{9IvEMr`MzJN*>-Q?`88)$$PrMX@?JF+o^!}ae4>hw7@Fgn>33`BX0AwtI36O z!%;Fp(^)HFO?)u|B!1R1v4Z5=L3q%z{fUX#I9d@6eI1O<-E!yt77F>%o|W!A@OhPHnrCc%+Mw zqJ>WcLl7%oh78v_`+ih@#^dGxvm#FRKf+moGn7x4N&U>8dj3Be9iNPB{y#d}=>OL8 zaF&kK0>&b;GoAK5I`1({m`A|B@hxa(kaW!q)RGA__C{YYj|>#q)}~rGBRAxcjBm6f zwhO-vd&D!YP(WM=$zUKkYVZ!nn&(eY|WKdwNMzeJb38DZnh1Wjw z04QOn9j0*spfqq|6sEvnf|H1g6=h4ju9?b`HSseBc#d)-92HC>a0gk~=MU@I5NxEC4Y|Ippd zZvNy>*2c7tA5xT)Nu06aPGJ#KY3Wf8iVGg9d$AmY4#U|05u8U6Ab84^TOdbwFpuK& z4m?a?0bt0r&>YuHIjvpDJGL!?CUBFMhK;!BZQ(Nm`Gm?DV&G@Y?%)}n$usZ|eEZD0 zQ4J<2nGVQge}eISa0ap*?Zqi6V3O>zAG7Q(hY_-i?meLRZc+qiAUF)1kIX0)?Pbg+ zH8=z8C7FdGqjS5rXpD2T$KEoXV2smU_KU6!6g|subS*A$bHp6~xOwXtc!TCBe+Jm$ z55{yQ@YBG5_}Bs`o$c8Izj7ArOU#YDL^kos-wDGH<6S&u>0`J7${B!37N_Wvz7z!r z3TJs-JPL2wGqrB=S$a<1;Pf5F#TmDlGQa&wP<{r6>SYKscpE2i5hHS@Z88zf?)u~c zX2bxFjW3Gy!T{`ni@(49{f+hR#reg@x4*r7_wMq=OY76Cx4*x6`A)nvPH6l|;%QtM z5QW+73>*xH!>RUiil&$%@8IWH;S=AQ4b4%Ch|v^Z$>=i*_4e^}3R7oXAuOyn`^7Zd zpCFhNlgARd2uAT5`e6%smaViGr|uruzm3y!63M%Fthw1 zHgEYiz8wq(fj$^K3nwN}PJ8DD%?@#%qmZ?)k@YmvJ7S$!EX1;j#0e7xO5&%ZsT9nl zj92Q;c`m6^0MwX-+s2IW{47CWF*VIt4ks*Muv0*9;(1LuFH2I@?{YlL45`N=CW8z| zgE9G;m8%2t&RfFh=6PModN|vlDW{N=cy3ExS|iUvu(#!JrJ`?sU#ym>!Io_RxM1n@ z-LOpc9Y94cdcZFi*VnJsmY@&kcF(uANdXJ67lPmi7&sMotXdpAmP`zM{mTB(p?2zn zFJA=guNV)NmvIKfGeY06Havjx>N*19xS%ZO!xkUIO@|r{qpfHv=rGf76~$xqh{}C1|#3-VrAvv3!p~`??@FY~>vT7@M(`5NRvc<`uQf_ulq zVOINMZ_NH?xcK_@%o#|lEn)-5`lyCYXv}@)vUhu_|Z}+H262ZHGCxgjc*&&ytY{dHLhH6O#MQe1h;4c=M*ry*OEt% znTot#WmiCK>jrp^@;r`E0Lpi!hlu_q<2q&%D8;C^Dn_2_|e&2BU-1 z!Ei7fjEv72&iUt~qeJt9x&X1tM;Dhb-tiVs4+f(X+UWl1#3)7Pp;_wGDCM{5lRM13 zhB%M@P5Cm{zFNcAhxi->TPcpv$2c>CO7W4HcCqYLX%}mb(Fq@x&(NFmYrwKNmSMs| z93gvoFOur8T@1bZ*)7UbR3P$^ZvflYQ%;O)G19WZL72=)f%1=G9OZWFazYnxouGUk zhsbQ*qs`X+>$C&Tt2m7SOW;~y5KprNO;K6^22_L!6qb>R{Ihtex`uO;me8i>5;LplRinv6pF zs8Px>Nu{WPn@a3xy-}J<+zU0WRf;LQLOY!KPOk=TSo==blJct}obb0>Vfy62G@|Rf zKzF%tIWc|>iX5VGd~YujdG~$hc>8MYZi_Ii{uY%Svs2>!7ULxFmzUS=o_UbKJg=|W zyiO?6-NLGuB7e+qEX*FZtNJQSl?y=Fe>|XDrp89WjysHa4D2PSH|8og;xUl-?pn)r zwRFkI6pZxm(k(-8yi2qHHT1Tcx;U-&314Q(hA1yy!xY}3y!uPUq9{d9A#oDN^~8%k zFRWVycdXvt9u!Fj8cL}V&RO*V&vnLK9oX*>Cg=j?1^-D$L}fNupi4q#NYoMn&qevw zA@e;9v{@WUaVe2JAixf`1*YdPAfzTs&SY_#YT29+3$A(fmLiMjti8x$F>=vcrKBJS z4F<$_|d2ya(6Idk|u6FG#vU)trrUMQoKcS-hw$U+PF<(G|uZuiR z?{=I-{J<4?tQI6Ula{tjStJ;nM`YBvUqwUKcznTe93E=3Q2$CopIj94XjH#o82tnj zn1(11obJpspsbl_buO=b`%XJTY0e)dx|bmAehJ{MP(~ZdJcp7KHMAw! z>BQSvp4#SN1zfR|jrKYJhx-v-&&Di8!&yVw9AydQ;+q(TEfQB@lQ18aL?i~ z2Ctv78pd8yon*u;Nb%kxL$m8ZI0-D`W3DGD{*hKfWlTAms9I+f=I?un`k!CEQqCCloI zKXp2yDP#5MqkovWuyn6mYmmkvM=4|Dlm!zq(;IoTu$B(iQ`(e}-1w-bpUe+NylobE zh0PdGyz@b{dBalh{6Gdj@a#1d^jidEekp+_o+Zb0h-nnlbWJRqi@;S2TZ3lz6Uqmz zB7YBM-?B_l!c%wV+5lKY#t?_ZvQ^MqeV<_L02m7E#O zpa|rM%#s2?0yts}`AtXB_sYcT=>O*orYxw;k}RN!{-3(>{|-hQ`oET^1^rjc;7PFn z1+{f0C+`!yT!2-2TZRj8t|40R1FH>}F_e%!udUfHldu|JH@7GUZ88iU8JuU7Z(OAp zHxn8cC})LZ3Ui33hyW-E@Gct(1h*I`rtOg86=eq%JjZ~kmhEUwRd61?t@Sb=6XR9< zr-uH^sJ_3%WR>>6!_nwuXw(1W!;=mDU&qr-|LHQIOW-|z5r;*09stu6)B1M6O3fSj zm(l=*RbgSSeRX*JYgN2DosAyY+8{Wkk*QAjji}Vxg_XNUJ$;D?;Vrt6;k_$*Fta`| zoR-*YY~C327UaBhi=`Man4iBl?nYT6zPURw?5#xflvMWgy~@6ur#vXElme- zR+~1*i(BG4`&?z&R8lpgM}GVmw3m0cgdCt{7M2F$I zmOrPhu+Fo)^ZEwaS8ehXE*#=7fSFiUGDy9p4dMUppEmSA&F)q#{~tR3f1?fkU(3^m z{?i4}mHyK;ud1JPrdvBo{*pT0*e=s&Ga$trKyq5l+)w)9_gxhe)AAvJre`d3$uVm{r{nz|9^ORw9)^s<*B3pl5R?ZBi+Bcu>!|C zuEqU8C&C(+4s=xxYu-yr+N!3tZK39uLutPAZSo6O_szN^bNMtzj24i%6;myVrWQ+D z%%F52__c@=H^ND9j~)X$URFqV$@!zg6tM9ES9k>K3qUKu_1qd9zfa;s1nYQ+lY|9M zeaPd2Y23LJ1dztQnxZqa5Fa|KZ_A|G%E6jr=bb zKu5YSmyM6^%NDhBfPCdS3cM~$*PaEmR=4!#bYdi-YI`P-eajfGo@RSE8|aW*9a{rX zX9HP9J07^C*O~*1^op1SrrckC(y@^&adh(SmmOg2H96Z<-{Pw2~ zW#Dhrsy}itN4nbchL}IrI!iXJ;vn>N0LifT-efhW58BzcJbD;&^!=VYHqZC*wBY|a zo-KOw&!49A-+_Dn8y*~N`2RYdHs?RK06L!j_@eRiD}@ErZL!nH>~-T>DC z@*4KRj|0^9*e6?A(OpmpuGL@NZ4j@dUk4dT{&x3468O!9(9?Tb(0?grukQY5cmxZq#U8FW{dywOY0Lr*_62Y`CSLM$FqPj0H^b+>mOCC_WtL0Yc`g@04gE- z(_8_mA+^2)Dv?lm4dl9OYOz$^=`~S)UVsEaQWzNLNlR{Rq*sO5`Znxj^E|PqhX3d2 zE@n~UafWhO;CxX5po#w<+VA2q!4KXYz-7rGhr1&oL=Nns)_Lai#S%uybXeL+@1fHNLl zVQat=D-7JQ0V;}cIU0r)vdhO^V0L*Mr!%A3oVQH1=oFzGe z(W9I=6b--ylL(SWic9qx;54iqNn=c0l>ue{*DQhs59G%)#=M4^l@7#{{-+`zOw}Xu z#K>tW!aa%MJ$||dz!*(Kb5`Seb90oF7^fw2e&a8UllT6QEJ?+{hJ&}a2i{8+y|EU| zz2P(J~TRcZv`g&D~nG3KzcZ&dzMt~x^QiGiD zFE+3}p4f-|S%iChHq1$`%?qUJY%EK=Y*0PupIScm&Rf}b(d^8;P_ zCtUfSA}$}?G6^Lf$7N1IC3o`*GBiw8&oGMOBE~69-l{H)+YIH5>4szy$~i8Rn}G_X zr>Y@bdlZU#AKr98)jFDzV0wBp$N!uugwC^!);2!{VS;B-3X6D-_OiRCtSp)XRTq5t z6NuHKBv$#q7Q{+L(z4cw5m||vFyf|*@gv8`bLrHv!K_(YZe2Z-jjJcD!g4kI4$6I+ zSpOTg9NiY3*=;=wWy-+49F1i<)=tMn(}|?Zvb9|}S}a>xW#MJ(@3TF^vK&uQF+nq; zPIV1S*d4#oq6Nqp72yO$Z!>w6?o+G5|IpI@RA@9FAlLVd@hpuh)EFk9ZqPl^^ee6m zN*-Cg&sh?OagjU%NbXVOUeM~>*ybf;7$-t{`jtH;VWTBzv%fP#0j2aYbv`QlF9*SfzedHxk`ikW zq?JmHt??{LnA$?=S+?Yocj2znVW{P!8e$nFXW}-H>scsghVUIx>(|Dw41Al}4LOFutED(V)84x75V01vavxZ<+58^`PoE61BKOM-F^@--Dvx^ zz?>SUINjsf=0ETvl+<8dyX_^$4oekCREvxBS*4ki=*(7Z&&F>!ha9#C3< zha9JOgZ4AP2QP=IZaiQbfho-I%Pt}DOA#dj@`!Ri&g9l-G)l1@%>u9HW*|^|DbVIz z#@8)(T3r+6^?~@Sbwpax7ij8{vbVyi zZ=>_6_1wQ$*MN){^9abaBbU>fTU2&dzd5V6r?<9uV^(ai|-R|meRBluh+jFN@ zjBx;B2;7w`JT3^QLy&O6-qwc+Nxi^SPS^VuvX#FRb;?p5@c`mn=f(vyyC(s-Hx1e5 zmhH(tUj6?ZB`C-HA8%oJKg+HQoWncx3l5px^l!?7y6ufX!~Ngk=)m^>J3QU!|JU;{ z`tTc@Z}5|ExkhnQ1pI0Cz7O0uk&QRJpNj7v-pL)^mKg>~t(jtb*(h!tQEeylJ@p)Vh z5Z2z}(3A;odI9DhJvP8%yy6bIr({>;CBc{Z`0&4;D0ieQ$-pa zm3Y|Sm)5?0ursC97HIfTwtFLVsyJnS%2agS1-G*T+~Gn9vfKa0aSDQ65ST#t0qvIA z#-3#Ur-XgkIW}7BxZI4ogWFknkBWW)5{-J{+K7Hn^Qo2pBrCW^VU8A$0o7#xeR?>w z?LUr=jyLk(I-WM-ja&u;!q!2fG}Bg?5rwiGjbq+|_*1_!plpw5CS}i*>fs&%GRqNA zl22Tw0W$Wt0GJwan?Yyv%JKm4TE;s zs~uK^d#kc%X9owm+NsQ5Wr*%S_jH}8=EZ5W&K>pzx-~jwT;R}E!`hRNs{~R103^(V$wLCig|IIty{c;1oq=@L_ zo8JIrC?_!~C_!0(J+v6iH&y)e2?cUSzlG+%BM2*0{Vxp3N_78=LsO~zUx=sG(f{%& zwf~Wx##f~O8=el29sjS<#{Y9IPbdAKu9DG>X{Cy8Q0g|y05hNdi5}Tke!&z+fjG*R zEeQLvdmhzK)bNR#+$xK8vUOj7t0Z{Zm86bbhuyrr-~;(W4hKIFZY%nM|GojGmPqf} zFJXTD`Yd8B=F2kxJ_y^`n`Z#P2lA2MJbk=Jk00ac`5%9X0S)4aD^6({j%2N z{v=rM{(nHX6O8ZoKf-7l6B6U}9h%4JK}0O*N(q|w|IvYc{y#Y0$baj3YWKfb2ZM@b zU=V?dGK?%#eQUl)sHk~n5{|0&S@V1JfLUY-82o?iz58+`x6v>7{oPN2ZI8o4E!o36 zH|B)DSPn@^^f$xdl9Xh9Itm$Gh3R?f`Sz|a{_j!o{O@potN%BWTCIP38n~L@`auBz z`$O~cwzI#s&q(Zf7r-}Z97ag3TJzUyv#cvJXI1_N{+<$!ifg{2x|BvLZ%U(zN<@~0 z>6@^;GKc=-wFDDlpHWex39GC8!yPfE%1JNh7KPP~9-qQLvxpj{1rx|8Cad`O>k^Ub zbVIp&bX^UE@~j3zd07oxquv@)z5J(XgqC>tQKu&Pf9U)F9-N+S-+$apY9;^WG;nQM z;){~z@?XuOUgq;~oA{>oe3FQUYcRn!&MTA{SQ$XJ11y7i6*5Wx2^0JcC23M!i~4z) zI@Gm`>ZatsFH;LejHEO`6_sQ^FH}cSf=i+-AW4>2{?S=0Y-RV;r+WE6Tkharr+WE+ zaC%gH|MBejXe<9Wky^?BiUW;S-hBvPti1lS!qh&CFG>z^#1FPRz3I7l+z0(>%GE!2 z-2H*;O|NK6LOZMKhH8I#bpgJlTO2QX&5itTO@EaPre=h7Y>6qhhC%h+7FdMkz0ne; zyY_!A*V08n%!-!XFZg>uD(9=Fd0O%7tiH=@>2R1~GYpr6-*0ZaJS1Ckv(A*sud2?>LVaZ9j<8t*82D}gYSAS3O3`QvC?FYx9xya~P?b^uL zcnmK(IQ9ikX@9Z}S34F0KscUhPu0@VYtcj62=+6O6_xbS;{?S*r2AFLhluq4V>MXL zYqMpaYu{pTzSb42n#nS2$xOaMGpS9kM>hzCC~QBE9g2(0(=|8(~FUX83_I7C;Y z5ej%A05_7Kn`Mnn!WthE3;8ep^FF?$^Sd-|9wJ?(O>&U|vWjm;Rom?9Ml2#`vMXoC zK-uSbib%@uQ9$C5m33grye#I2PIt z$NcoT5Bj5sK=H4gMJ83dwu=pE3~#LU$2QP8VtNZ6*tz9sdH`=Ls z8FznyZfG%wYg#{UYW>mvTALps##GynHqiKz&iLojS6{ZN@%%pF8V}{tFobG0e-vcrf#3U`?CWfxG+=4{d`wxS=3S}iG4>&;~h66&!uf$)kMD{@sh)RQ$QWOVsqqWbY zh&=9suL&LEa2F5??oblJ01d#Uy6Y<+{*u`S8myr3FJ#ER#f%d=e~YJ>D-PpyIz&`7 zN#z0~9Ah>?A^4RHB^io1#IZ~IK#*mrydFGCqbAaM&UWOFBzX=g$MN_Q!7#!x%0R&T zM7^yELj8;AU8Z5fh|sL09Hn2$P;6K+2SQIHmW@d$(SvLy@fpZ|1&ZTLAX7W-#Ul_Z63N%oPDM0e=6z_bVAbWHKE9mY^VqQY{4hGQ#~gprP0C3gZ}T(_*Os z|Ai1uNz4#m1_3tNe~u3P_+R@cr`!8~8%YxAUCL3uM|^b%(3v zC2GR~yhq$ZLgHUgAU8ls6b)hUL4hF(IU3IunXGZycTp;3NRg3PP`y_sP*6fbrZ%=Q zdITg!Y|sUccs;plKw=u;BNFr7Ql)n!if}wuadf3dE$?YhS(Rn-6<;c8-kV+)pl_~k z6y_}2U?@AfFXP$c)QwV2?cXefBq0`|WkE5$GW{w1_+1QV5Jzwr3Ht5I+^2Mm`a3(? z9%%pm+CARs%!0XK>3%K_g-vAOW(JifFWuNut+W`DADUT_*{Yc++KRqFYt8CYlm16Z zMCMZzF9QIY^#9pO!Txi0wvGR^k)-s0Hp(jm0M5+WI0BHGo%vedd>?ECCFH%j37FvZ z_fz5oq#i+VBSz@17X%Jm!$w&YYLnd!=A2Xcvj;Ks=c;ps6_`(~s`rb=lYGVrJ(uNO zB}QUfbhJfBt42o+`hV%OpZ{pq|Hp@Cr@sHk(dpS%|8F8mEx*#UpQkzZ5h|FBMx|Pu zB2F=4V2DP9BKcIjI-S5w9#1HPuX~hms?L6g4yRf6h%-J6_n&FJ{(g1fTsxX3FH|&Q#hCYp|Tp&;WGc6aWn;L zAOsCWr#Kc;5%d26W-v+-n5Im6)h2{tSzh~?4#4$DzKo-egm&|DB?e+NLo}xrf-qG) zD$f;pe8eN&(DM;T^lLpxuffB^+p-@(BqovSiU^O8JftOUf>id` zOMRjGLd_cl2nAou$+aWfAZOeNqbL-tGsJhRm;-R6oJ*0cRM*9J0p_A8itrcFP#6-{}u$cd1+UuWp<>TU_eZf445E!SB!k8n(z)Lh34@8|X z!v8>&?WkAxhX_naOsF7TXiOTb=IGiUN&F{X!&+Hqh{pT_QIb;`qJT_Mp}Cq0z|$!T zG2|$k>;A$#>#6~Ga4LXNGJ$&$nxRO-Bg_Daqq%7k7|vxdMnst!ViZfYFIahacadNodOy0L9{0yuZ4K6Sm}$wZmZ;t;;Q@P_miJ1Z^~)OJy~{ue!gn={hu7>ME!=*h z4lvy*QaHVIW{kCu%BMl!rBgf*v}aXLA;vP4siRv&LA$NL|K6(2)5 zIPKTu%9M|c@?5T!%DoM@=Dt;?2K=9paOv=$P5A%p_@og3^W=1E|Jz8CU|;B^mEr${ zgeBO&2J|n6`DIr9c%yvjQ(=RYp-`FE;!p#qTM~9sm$CuvwP3X-{r&fz4#09A1SE~+ zJs2t0s=HAvxMHD&Hd8{d3iKt2+&d&6$Oja+V5F}2qAbxg7J&L9f{eB755LHwRad&cT(1+HJW8cnaz5^VdtiMjS2L$r-D%ar_G zlQGl3ux7p_Yg2>$hjGZ!D2y&mP2dVqUV=S%be zv$|jtE?|Wo|8#uCw~k<|bOci-fov;jmzM!GJ`IQZy*2xcC6IC~A0>I#PGfm9^C$T9 zmj-6Cd|R*jZK_E1_%DC>CkqAfefKA!n*9F{PW=0SM<-`n|G$kSC;me|wyTT+@xAqW zl*WK-0DQieg(&Q~R_NlYT&aJb?M6|^U2xH}-6*`=-NOxhzsMU~<>r9meRv1I6o2;c zTzPrRRi+rKR>r#M=eOh*Yg%he8Q={{?G0qcSZnB`hVY#|9E(OaB#TQ|C>nO{r?ps zfRZ`0P7L5%U-a&^pvm2RqOQZAcWwCfIhN(wbh{YV0p2b>#&pjrQ)`uhLqaDS`+ zHaVD;q#nmu-yz+q8nzUjLhq-HiZE z`v3Uw*!TZCJKdiDZzM_e{(~M`@CGs*tQrC&6i*?Y+p6$|6ewL{aujLU4p7%I=2%86 zGoDSBSJR6LWVfokkl+5xI^yRmdDT92e>TLwA%M&f1%?@$HihvRffq5HqFwMJ%ORAy zeiJAAW@!h(@hGQ2he*Ux;&jdnT0E0%53Kd(QI_M?SKvGjong?^EFXrF zfiQX8#=rVXM*0(3`2Rao=XCT?%ltv-DpM|0VQ8BrZRPFL11 z43F1G#nn;POYOJsx*P7$-&0HxfLwCtH+@$jqq#rjZOmj1oWxBQk2@tEluoChjBwU3 zSzJlCW45-3QvFY0i0G?dU=%GM`Aek+{l9;-@4x?ia(uA8|GAMQm+U);V}N2#=Lx|v zmv8c^=%+)PiNk6|EoaOCMp56{Ta_aNl^MsF_raibewZZDJS*^}F4i@q>h&*rd^HlF zVf~*T7T$k9Iosa<*-Vn_|1E)`fGZJTD%b;Sx#ZQVbdmV4DBvJS87EWuDDwzMi0uN% zG^r5aSflj898RO=3kaI20s6=(d`P0c6S867ssAcwDYe25g9K6iKsW`h`>XJNN+sS-paQq7DIH1lsxW{M}oCC?%9NSEqZ&+}P-w&4h=u zWQ0TY#P~ayyktA=yE2faq#3HZFLezjepL`b#yZvFlx$Jc1)>~}Z~!^#R1XVagsj3X zs#1~oy49j%0XEXUp29H#w`mmVYP$7WA^2d6#>fldK*wk7R-GGdvPEroZ_Y0|)j)?Z zXhHYtBS$ob5x9;yq9Yh|n*>M~&q}wb((D{MRb=)R?FVL|0ck;=aYEr(1;*@Fg(}!~ zUEY4*ZNQURoAFj*cmwRY2>H-W-l#Hd)+r@Z#3v|a;2q)=2i=Bfs>-xf)O+t> z49Bk4?p9yWMPt9ZM;s)Cig}o!m)*?FivM~me`C^ubbfpL-QC+RgDJ|kX!!RiLX?2- z9dYuO1kxtmUYbZMo=}N2mG)e`fx(9~xmU7$Q6`3xh*k*QdAQg2le<=H?lqUzwB6rt zELHCRag6zj41f*$|D%)BGk^boy7m9rOmdFTV19mPyV$fd1}KxBvmZuuY)ELbLO65f za62Wj{w*}GRJGk07p#Y`z5=(9G6W*bxT*yvi4Y;2l$;3Gni?eupSm_HJkS(f2%ec{ z-FPJ7ctq$_znaBB9s#PoX+aVUOpsN#dI7q|C`J@=`8*aE81e5BNFZa6goaF>*dY|Q zF=k}yH%`WV70$M_9*RQD7ONseqVrK4V8jNJ&OjMk2(7De3Mq!+a0PX0O6_VT@tCZp zRz;~*twDr?4-=9yw1SFrVy)_CB%&**RgkHw?+%SIyk^ ze2*v|%>`+yP8~yFiYOCbLJ)rW|ED*&*?0Q)sg>RO9p32 z+=jClaW)}@ckVh*{I`kJgz7XJYCNYk$jr4}zs0QGF|RJ3Aj*WCj|0@T zXo%D^Dcwpj^SVm6V%kX8wb-z1!`_w1tkm|fB$cH~OLMA2;*%70+f$3~K6(o-)Ui(%K7URaLFhV$0u0C#(7Nt73(G>T+=>eqj+ z!A$AXB6sFp;?EF0J=6@b z@12>>c55s+zvmt@2}LtZQf8m(j1Uhd`c-(Ro$8gCh>#Cy0{XK9v4jkZeehy%havYvrnKBSHfd<^zV6AVrL$a4;AYo&2r-lV$Hr z$p$7VjKlLNnZTQL3QigrGl71z{Z;q1>#&~lT+;V~Q5p(4RW~wIH(6g+EE}s;Z9)^_UD+)8R}>H#?|4E`|HcY2GslAF4Y=)@ND2(5@e<(wuxw^hTXa}esxW^LpwH(C>YE8rxLj1Ys*_KR^OaR^@aW& zo*suNXuvdASYQ``VkC8mI%QID<`D`!6Ao23h)zM_z+6s~=fWQlO5~I<=VD=YCI%oS zX!ynRLyR8tY=xDakC7WoNaxRAqm#}8T!Y!gBLZ=|#_$bW^TnWU$1kS`9o5GLE78{{> z%qL>H9iAL@P{x)tDA{Zk&Cq>SQD0P3h=);KO{OKg?&#W37o9G!aR=h16R|iPj@`a- zDR(vHcelqoazkAs{=-I++C~>{UakxXmfXth1PDvY7x5gHEL$K>UQoO8i?(oL6hgN+@tdTttbfNs ztiEI64S58QNU1h+t2+ePRKRutRkvz#DW~_HUPI#$ecToQHBGV_jXxGz%#;d9sq##B z5v_~QWV4);(NegV*9_wjBq;}&0~`bQ`N$FW&nGL+P-WJ>4-T_Rc1l^!V4uM}_@g|E zocR_i-C;X!yQ+{#i>c8SRQN}^Wm;D&HBNwMH(TO3z1LlrHfd6Qzw(@O7)+)p=9gmG zVyFFGbnEj|rJrT0)&DZu#_~R34f=ooi)uKA} z`Gs@))TSLVR4nvTmHG{E@*|u^J2mCw(7kA2*=au^DObJzC)vIKTN38C{udAjjsE|I z`0od2N89*M8%Y8r^c??BV>GCD0&NP2?u30XlH=7^;2U!XO#qiLuZ;o7O0NL9Cfi8@ zZHZGcM_r&llEoZ{6U#<1NuUm{^!m?=zHg3T8nl@cFTu+D8KM-2NPsHwn<(dEHdp** zwG5on1)E+D@^ZfVb`jr)vC^DpkplhqawrwO46Vtb$?Iunl~Q0(6)ioQTG`3eHfHP2X;KaB89Gq<9e{UoyKZQcTGHL%=f%&Hp%dC^}r%-zRXM%V-&MS1R zD=sfjbUNs;*X4w;FvPVdg?`6B{du9&@TN1vR)=Aq%F&luai7<@m#-Z@z0ABXvnaY5ss$IqdP`?->VWnWA-GN)E2#3}~LBKaH%G>&!6lHqLI<$LbspxGwK$L|* zBI+#nVf%a!5>4>W=XQ!%ga6bW=M`K5ZMgq=aCBC<|9Nt>wf}7->G)4_s8@FAm&LH` zhW1RU)uTMyZ(rUeByltc2ifBk=%b7q)he!sSr?Vh+LYr;-NiPd)SuRaBx^9Fs@Kn7 zfgAOp__;Ms)W4SC!|aMe1`_4VI{h8+(r_>^_MZ9|(9G<#?8Bz(e)?nflB%v|03O6- zRTq^p10iB~94m+KM?ycSk(WO1hKMQI_g$qHy`)urcB(4u27FbaB80e(F*k~=%=Glx z`_WZQz1qpw$%jsQJ|re2oegAkSP)4lCqfY;(F{p2As@;qdd)jNdAamzcD}P0jL-It zeg(&N#P?sr0oI)Zd#+(74Uk6A>8N;^Gu2*BK*nT4Yd%{K!%u13wB(k?%=q@(G%aaM zs#|E^Qi}R3#M)4*d@lsQliKkkATJYq%{+U?*GD`8dipe~R<1L5U! zIWh2S9FZZ62Kb{4=y{<7dHN;oqv{-p{KO-cSNF4gc})U~Ap$8=Pn6I^G9TghgeLV&BOKG8L zTU=IFEvr~t&btmvFR(c5fINzSZ@m#}Q?>n9zXq~)`|tkY{_$zi{=2>ZyOC6g|7WCE zt@l^U5P;c(GSv=XItyy)|E06rW>oXZ_xUpOx5DpB|7`hw*@S%mFaL=G;Mr~D&cY$- zIC|}Xm$8YT*JNZfd}pr}zt}0hv~BH@-G;2oSu7h$x4x2x!_nXUo{&e9{e*-%rb+QG zYn?W+%f0ZMqS04Xo!XAKP`!TH(z*-gHx=6DJPg%y-~nU>!)*C3+2cQd%IPkRihJ+c z4$F#C`M^$rao?o9RhD0Fs@DJd!q2UIP;Ds`(B%Jpbm;5CwB!za57myp-8%`ySUrXI>+%69$LGQm+`+YeBjj8 zFRi%jXs zngg1~iUATUR~qkq$d>**CHPJ?+I~1le=6XHl_I-ZY$qA0DprLYWXDw%GJrv5s>TSF zK&~Fj$^NQx9Ie7{vQ+JvhAr_i(=E)s(A;9?4dxcZW52OH2s_{6%3lR3dx;_N;<*D9 zb2=|}j%t6En?^sOgp+_o{j6mJm?XFQtMbNhfBTj&mja<)4$*_4pFlqGzC%8-OQzJT z_B$H=fcZp}KaWEvdubPtm~om0y!@JHDOS(mCJ$84DA4Ic&3v$RcnTATAjV3cIBAdTS~#b)j|l2@g3A>C ztC~e6FTuP>8M+}My1p&*`*q~5w~9gkMNC5U3r>88QIBqeORmcf{_Aan$dNzWc)p)i z)wimB7Glck5NXcWS0XYHkpJj*T#dRK7~^_Ywr^MBsoYP>SE&a7Q%or4bNRaKI?w-( zPEY;!pU=*YPPh1f6G^E&J=8#s^{Qfjm&C+WZeTFvQhS6ypnJ?4KtA2In#^)A2WjRx^D;!&zh-+8j zX0PgHSMgg9i^Kg=mlE@BhZ)Y*`HhDSGlix8DYj%rjpA8@-l^(c;7+>3KK_B zDG7%mYF z<#em_NE5h=!O2u#e5Hlq;{kx2HOsd|w(D2Bmo&RJ@2JZrFhstIoN~g%N z{^$2-OKuoyX%J`l?=k*_X` zrVRpy2Os_~Ho&AjMnNedGlBXc#j{FM#U68Cl$KXb3vaAiRjYjU7n+O7-M3^z-=<^) zhbZ!AsQPHlO~J=b8*(s?30GRfqiOxJ2w~^wGG&Mso2=)s`O$eRx0ucR*j#)04Q4r% zHrL{rubS{pr$ZkeDqo zFYE!Zo02QmvUaRl^*5b!uKJuT0<|@o zhuy|^a@JUljo4{$wZq2B_I379S{u9XFTkFjf!QGWP8KzLq!x21U-k|QW!+E<;hoa< zuBI>(T9P0s4f1_hwi)NDH{@2ae3MYB{;P+`?V~OORXz@##8|T+bJ=T_X$Ahu1aGA% zF5gh8+xVCT43}KO9|7WptP>drFy)hb#Dq4k`1KOAfXon`mr1BrTmDaZ)4#;Fe~JCm zqPwS+?w!`Ob20(qKBPlLW5kibpReS6+6yLCuje}y^v2D)1J+oAO{zr#!MF)UQ{$EE2zW>+B+3D8*Ya>a;e|mF%u_~`GF>N{?0IDLZ z_wiDmZ8Gk44$8oY(Cq9&)XWC$;{MC^&@Je{C}JO4%D?xX;?l6Fxyvb~m=U$dlXA?S z{#hu&Mx$d`MHqGyV#5L#CQSM>^_*IZ3)H60DCLxF=jJt@Q$o8?X(aN(Bwek8loIiu zkzdr8l4|fDNjX{x0Bnr^wO_dZdw8(*|Jq0@#Q(e#!@iQ}pK<~@&iloPUn-9m>dPwO z;VH?R4XES?FSeJOxD_$IBf&6h6(z^gqK?E&mIl{1;XQP5b|o(=-45=cB`|{NG4Y zK+lT*zA8UpfBJN^2^5R3{|=ZP2H#RLJ}XbNgSVLLvXQ?R%-aK8yQ?qs`YLz$Ru6XC z<68x{4?jQo)uqlaylmc^*_pt_L7^ytwBp@m^CGl4gIUYtOI1gHHT(B2FF)5UwAweH z17F-W*;%^Rv@UbY_NC_qQw{!8FP^VI{@2m*p@0AD^yqjS|8*nD(nPC+etHFU1ANvy z^Xr9q+WXu_cc?#b%!cHrqt1!+-MqqxHZ4c6@l|`~RGtZ0&!WNm_KM=k8bJ z0;Fe7X8@>6J%uBXne6RcflTgh-axvP3p~}QCqkaG@@~*mjZr=JRC%7>IY@I-RF&5; z=0^L(C6Dhs2|{fet{R-W_?Xp>S|`-{>ML+1vy^}kHOU2`oCrmXL^C8YfsAEY8z;8f zi>v(pfjprtWxFJLfL_M_v8(dpaay1pc#M~rjvR?OQ|;vhWK1@+=Cj50pS25_SqfdY z0ZP)Z;J$4QNLRD#8KHEo$+s~5lTVHK|2zmt8ZTuBZnFO#9v063_m2;@_oLv@)z-h#X5kZSOs6`f@{BXAS`J3aEx|Ibbiw&(vFN$#UI zt8)QRlV_38|8CI@xC2=AIdIF4PPF$VA!cpXI$Y@H^=0Cwm|E_lW{4sDf{&VBbt<(N@ zdhEadzkhIWw8ej$NF~AYRt5t7$YY&gpkH|XK+x+23kp_-VB9DgbouLo2mSbeb%@Yw z>ncHEbuhtZSm>60e!#GCh*}KKmy8Yc+5bi9;LK`)6wj?HW<@ zQ$~Sp@!v9Lz$W~6R=EFtaB#4F|9>N?M0f_-BcQ7Xfr}UfODSv`4i?OVCClTJz=fTS zg&y)~VKgjh`ubqv0w%-~0?!^WHdqv!hHMKRo$2y<d;x2M@rnCd(29?VeH zZXZmh749FhzUs7BFr|vHDvL+%W2=UW)^^vY9(He0_gYYQHc?x_?#ijr1!6mu2sEv# zz$ywqiN%bBTno$)kT{ROzY9{PJ~0%bfD_u*7TRdkG|f#&c%PsEFaj`_PnX1h;$Q@E zB&v;Z1QLQ{Zd65K-j}{yqKTHgS|SN&!vOZc)yD({9EIQ~UFc`|h6*R@^^|_oI#?L$ z`#XsKB}yVPpQ4y|!_=WwZZ!zMz}h{B9F5ZG9(Cl6>4I#LSXwQayM$;;;?Asvve-Hq z`wJO%W9e5>U`@mZ|N|Y@7b0ZvPh`%J-%)hGVfA43>EZqS61y-~SyR zoE`3O_kWv6rSCtiU<;T~Oep5_MI3$#amd$u?jx$Rw_}0#)Wha?WP*b(yD>3-;GJ5l zt>1bGiqAZN#{HRvFl#qlg81`0glXT;)qVW*Co?Lp8MLGKtDv$EdU=aYh~9VX0vP_9 zvhpx_c;q0OYI?0UyjJl&%vg%3YTcK&?R}DahLv->Jp)1gs~{^3nD)G)8aw)KX}2Hu zuO|FniT`FOLX^DvWe9^0X`-(^MkJ79+6@CX+5Znuz4#A@hiAvz_`e%TaxRyS@#;Ll zEsVC`xv~DB!CH6U>Z~lDNDOx zmDd0AiQ4HXz~`~>0Mq9VQoD{{>#=)k&?=yST&oETWUyT&4L~*z2nCok6peO)#H=_5 z0c1!9=#>`p5hYXbi1`G^rf^~IB#1&zs1h6@`UqZ_1)lxXS7i%3qMSJ~aZL6>{`oia zsBGPo$zWVot_vuzCPLK=X#3`vRln7=PXl*@YQ6Qj`R*?V+bajT6_RczPd5y#mEhMP zU#wPvu0tjd>k~?5I7D<;$RT-9r9YV1+*8PdiP*PdQ8tPI`+yS#&r6zCbE85b4MTo` zmq$Q9p=g9Z3famce?VH)U5>oFUh7!Xo~0g%ea<&xzpT`_|6^h~rO`6)z%vI4f7wV<&)w@WUiFsG&|PeomzQ4u#xCmt=iO)Z?a8A5>G~Jgyxp6wtJ|$*?dz~Z zE9z-4?w{$$ZZZFKspofM&^R8oWASBP-~f(H`rP2WC%itvYq;5DY-w$;TGE@{7HoI_ z-FE-^D6ek2zm_dTuI9J9hRvr&{O?ANc)Q2}Q1khZkN=Mj_P72&8%ZS*FxGVdR9?$s zdxI)k>)$ENNF)}6clcAjN}g!rkh8eJ*1-?b(dyu*y!q=33bfeKPu?%jcB9dL^xBWy z_T1<5LVlHV;Q1WJ-l+Il9!Lkj79(LJPMXCP*y5G2hTMW;Z%9mJ#jeurw3ec|DS`ld1n z)#Yp)Y72^vsVMi7Offg5L0@;0d)4B_RP=r5Qjp{Eeun5H#T@;ca?msZ#!HsIknsze!E<|D+iI<@jtH|79b|d8J8+{kg$|GW>wP{4e2k zKw=JY3??X=0z_#Rc0elvEOy%|jG{RRU<@WONl*;nh$9Mw+`;kKXcxI5hjAwJRj30T z%6ce@1*i`Qr6`DO&2gS{C-MCdfdn$K!{-F_Ir$MzqyCbb#?1RZ7-ZU}N!jFOEc+vj zqFk!KRLp_Fjty|}$aE?Lec7Yp?-`<8^wp2&@7{`r{pJ4sP2Z-M3w;&UCeE}rCxA`J zqxn;Apo9`uv~|1l2sh?7Scv4PJtFW((kKLvFy<=O0;e$G76}qZ^Ib4ZIT)er5C=gJ@(ufOOqG#j4D=0cWYwBz8KjZ%ygFnvHfA5j$ z0yrcyq=UnSj&`%0?m)>v)#2+uk- z$o~+{aDciBd@nW0|D(f`g8%Q)R{n1!HOc>c0(2Mns%*8)&uN!MpRh~oXi4f*>G_+Z z5mdeo`oO7c-6|nLlwrnE9H4HBz%ID7__v4|q3?{BJt8uMm0On!#4lw@poS8>kE1#G zNm2V5$e|M(!Xe6{+2I)EgRk}zW5U5te`G)ROGe%`nJsqFeVa;CgZ#%+I7YW=6sd?F ziz$L8`G0UwjQ@0Uyp{i(NR4*%;soff2s|Ry8lj}NX8fO|QKXJ&yKVzY`C7aD_iF8? z1N_2E>j96T(FNs0wiUb2Ej7vicuWyv%WVJ}?LP$fYyvDG_f_E< zd7o2n1ob*^XBltvuzuODYU?P|b)n^DxgwOwaHspXvU{6~sX_i*yTrwHK(qa)@c#4R z;lWn^Zz46xe{TYG*8vuRYCYi9;+unFR6?htO-PsTsy>Rjq zM=moEv57o%t}+kFGw1%+0<@mgB>xFr(CA~O2Kj$@c;w;#gR|3Z{Ey9~M)|KNK&9X} z|F(W+vmh7sgZwW`MZDnCHDlX_Mng6DsdI&AoJGve(`gTPNbX)T(Z01TlPYg%u)uCI9v4*QV3{fF_Rek2w zq7tuuGxGhcSNbl;J0+mtX}Z=wThhORegCeGo@0Ke)o5X>8U3uUI8Cc!R+nmH3vXoP ze4ycWf(3Xtnn#A~^l+8|2S+iMiql0+afWqI<=qg;DvbG!fnQn9=dKm_5 z@8#}g&D5^ROKJVwa%YZ*i^Ji>N-%i0aPB@OFl*exTlw1KyTs4?`qL$%$fJ?GR({x7%x#y|GxY`I^N&D|F)6TQT{J=0d!V(0kpcJwWxxP zT>z~Lu(-H3Slt!Sim0VVH*D{KKL4cU|6qcmDIUj!qSe>YApiGIj=cMy2ZyJpTl~L~ z^apSYIY%^>!9&yx0FM(CgJFuJP{`2)1|Q%Uu|e+-D#{B>6Lql5CMb%)I3hz8yaUJM zT|iL;Ii4YqKt8d)!#M2y0mNvmgv?77ArXa2BL5#d19fkZ#ImGd2_%Su2*+s98(iN1 za?c4xy+42p6^85ki+d1a%6fw_=C9=cEB1SX;Xmjr`Typ_Wc*6}pZSx`;#WB#brBwn zaD-Uzs{wmVdS4BO@I&vb0iTM06N<;Zum0cOAHesJVv;g&eR;)tgM^Y_QNVix93uEi zWvArV-eAT85~5e1gJjg}|Lyg~)y@6Ydg`cO{|5&rhlk$!KR7ws`u}buy-6945o6$< zq*Qun1}J6-91IS6y<14(6mdjZucv+>^tE&F_%K1>fu=}C;$h%ct%zNK`JWgdGI+cS z^z$bbWryNn$_Ztf916h?gnoEkL9TzH;|hL@qA8Fcd*@+@g#dvO_>Lj)4TUj(4Spo4 z4D^#Sq@xaM@{fdm05}E-C1Dzfg1Z1R5RrIXdXfsnub9gx@G(UJkLG~MuF+wnq0OKU z5gS&JBBK!wFpL0231OHMI^P8W$he0QBVYGVrIoUct(r&^Y8A=m4DErX1W2%W0>;E<#oz(^=_ zg$Yzv*=j2HhEo)C72a8N)jb*UM=_szNrWInDl%8VUxNsZVf24*7vX`>SAqi4Z*Dlai{rg}4OXv9azy9}*2_X$*@IFCtPt!0R1->PZXol#n zEb7QE6^RbbP|Q^nv>^gh7$N{?5Jzwrpl3@_h+3qlh@Ri~d1cfolSfjg0vfjh(youP2h`}e>8S4AKF z`(OWCbN~dL!Vpa%{UD}FIq^ZSx3|jF>(#2D2Sle#4Y1KbV1g(b&cRrSeg@_wm7}7% zh7;LOyGlk1ajODdhe%3PJVQOPpqap_A!bS;A&E|vq zD1$V6Dr1Bx;~+_g5e}kxFPn!TYp<3C5U>OVLX!YNB9jpQ3|I44OwC?4Yab^#n203- z0y0HRRcbGf(s80{PD+A3k(Z0%HMP2;W;csLtV>BcW|@dh0)=A=lSxlSyfCAR*s$>)N-0c^ITX{^!F4~C6;H#=Aup{M@7ajL@c0qSX{BYvXRqNc0Ua! zLW04bfY^vi9H8ZiLK1dg?aIe0;An&+EM)XE&z!uQ0SIZ1CcKvsS#PPtY3Ep7yvBQ z5k!eA&(!YGEN_@35k{=XkQhmhqPbK92nLh->1d{fwJPNLn?XA7wIe~1R4<{>qGkvN zz21+eI|CB41P3WeSu{5&!fA|HnzEj(1BDbY{U=0FX$K8}nwo&30ExaV@`huZW-p^D zpTp1)G}rudwdT}15IFm8q(;g@9YuzyQ7OWP4x~0SUxfY7Cb#y(1d& z9z1+|1+M=3aCP$lZm;g%T|YcrU4l11g7e$kx7QcvZ{A*kx930X%6xj?ehGeffA?SD z`X1cgz5o9D^6C=2zv-Rd2$XYv53cWphJSN@e|uCMOF`OPJ`cz<(w{c!#M=6<(#_1D|GtNVNK{tjHfyM23ob-4?! zZ!X?`cX@sD4S4y(^~1OCzk2|0uisrioQpC$HnsO(_ugIIU3`0f^Kky=`t9|@kGtUO z>xUab@$2_@;2hkZ-#uJkeE0VJ4%~iscl-YSY8TwRzuCLK`TFkq=9{Z`S2qv4f~(%c z^~2k%L9b^JN>R~BHOrXZAE{ko-qHX5*Z;>9rs5<+uX1i`Y#>Dp5mHr5QKEv}8ljqx zbScORE32#_Ei(x!G1R2g3^~>WGsW-|3h@k%i#{dF+-GVRr!&N5xgO>7`s8Q zcjV4E8(0i_z2gD6A#!P{ErqMHv?|f20yrOh4n|)qY5VWp)%oSStHCr}M;(pl|EFjE z`Op6T*8g`SDLVyutKMnp_5Sb&a0918+1&>dG)2AM9?;hu&VzuYF@N0yU=Q4?iwv*9 z-(Gy3M$rwNqQA)>-ix)s?C*OoTmmZZ9=LmRez5>CQOuCggcoPY5V|EHTY$=9BUreGCu^88|(X t?*+kt%YCZc5%38mk6C2?&rC>e(>86>Ha)}i{|5j7|NrnBz5M_p3;+ULI3xf7 literal 0 HcmV?d00001 diff --git a/enterprise/vaultwarden/24.0.4/ix_values.yaml b/enterprise/vaultwarden/24.0.4/ix_values.yaml new file mode 100644 index 00000000000..70a25f9b2a4 --- /dev/null +++ b/enterprise/vaultwarden/24.0.4/ix_values.yaml @@ -0,0 +1,149 @@ +image: + repository: docker.io/vaultwarden/server + pullPolicy: IfNotPresent + tag: 1.30.1@sha256:ab9fe547277245533a28d8e0a0c4a1e1120daf469f983fd683fc13556927d4fe +manifestManager: + enabled: true +service: + main: + ports: + main: + port: 10102 + targetPort: 8080 +workload: + main: + podSpec: + containers: + main: + env: + DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}" + DATABASE_URL: + secretKeyRef: + name: cnpg-main-urls + key: std + envFrom: + - configMapRef: + name: vaultwardenconfig + - secretRef: + name: vaultwardensecret +database: + # -- Database type, + # must be one of: 'sqlite', 'mysql' or 'postgresql'. + type: postgresql + # -- Enable DB Write-Ahead-Log for SQLite, + # disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled + wal: true + ## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port). + # url: "" + ## Set the size of the database connection pool. + # maxConnections: 10 + ## Connection retries during startup, 0 for infinite. 1 second between retries. + # retries: 15 +# Set Bitwarden_rs application variables +vaultwarden: + # -- Allow any user to sign-up + # see: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users + allowSignups: true + ## Whitelist domains allowed to sign-up. 'allowSignups' is ignored if set. + # signupDomains: + # - domain.tld + # -- Verify e-mail before login is enabled. + # SMTP must be enabled. + verifySignup: false + # When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled. + requireEmail: false + ## Maximum attempts before an email token is reset and a new email will need to be sent. + # emailAttempts: 3 + ## Email token validity in seconds. + # emailTokenExpiration: 600 + # Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-invitations + allowInvitation: true + # Show password hints: https://github.com/dani-garcia/bitwarden_rs/wiki/Password-hint-display + ## Default organization name in invitation e-mails that are not coming from a specific organization. + # defaultInviteName: "" + showPasswordHint: true + # Enable Web Vault (static content). https://github.com/dani-garcia/bitwarden_rs/wiki/Disabling-or-overriding-the-Vault-interface-hosting + enableWebVault: true + # Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users. + orgCreationUsers: all + ## Limit attachment disk usage per organization. + # attachmentLimitOrg: + ## Limit attachment disk usage per user. + # attachmentLimitUser: + ## HaveIBeenPwned API Key. Can be purchased at https://haveibeenpwned.com/API/Key. + # hibpApiKey: + + admin: + # Enable admin portal. + enabled: false + # Disabling the admin token will make the admin portal accessible to anyone, use carefully: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-admin-token + disableAdminToken: false + ## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page + # token: + # Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration + smtp: + enabled: false + # SMTP hostname, required if SMTP is enabled. + host: "" + # SMTP sender e-mail address, required if SMTP is enabled. + from: "" + ## SMTP sender name, defaults to 'Bitwarden_RS'. + # fromName: "" + ## Enable SSL connection. + # security: starttls + ## SMTP port. Defaults to 587 with STARTTLS, 465 with FORCE_TLS, and 25 without SSL. + # port: 587 + ## SMTP Authentication Mechanisms. Comma-separated options: 'Plain', 'Login' and 'Xoauth2'. Defaults to 'Plain'. + # authMechanism: Plain + ## Hostname to be sent for SMTP HELO. Defaults to pod name. + # heloName: "" + ## SMTP timeout. + # timeout: 15 + ## Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks! + # invalidHostname: false + ## Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks! + # invalidCertificate: false + ## SMTP username. + # user: "" + ## SMTP password. Required is user is specified, ignored if no user provided. + # password: "" + ## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication + yubico: + enabled: false + ## Yubico server. Defaults to YubiCloud. + # server: + ## Yubico ID and Secret Key. + # clientId: + # secretKey: + ## Enable Mobile Push Notifications. You must obtain and ID and Key here: https://bitwarden.com/host + push: + enabled: false + # installationId: + # installationKey: + ## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging + log: + # Log to file. + file: "" + # Log level. Options are "trace", "debug", "info", "warn", "error" or "off". + level: "trace" + ## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds. + # timeFormat: "" + icons: + # Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero. + disableDownload: false + ## Cache time-to-live for icons fetched. 0 means no purging. + # cache: 2592000 + ## Cache time-to-live for icons that were not available. 0 means no purging. + # cacheFailed: 259200 +persistence: + data: + enabled: true + mountPath: "/data" +cnpg: + main: + enabled: true + user: vaultwarden + database: vaultwarden +portal: + open: + enabled: true diff --git a/enterprise/vaultwarden/24.0.4/questions.yaml b/enterprise/vaultwarden/24.0.4/questions.yaml new file mode 100644 index 00000000000..43ce0fc536c --- /dev/null +++ b/enterprise/vaultwarden/24.0.4/questions.yaml @@ -0,0 +1,3508 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" + admin: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" + path: "/admin/" +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 1 + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + + - variable: imagePullSecretList + group: "General Settings" + label: "Image Pull Secrets" + schema: + type: list + default: [] + items: + - variable: pullsecretentry + label: "Pull Secret" + schema: + type: dict + additional_attrs: true + attrs: + - variable: registry + label: "Registry" + schema: + type: string + required: true + default: "https://index.docker.io/v1/" + - variable: username + label: "Username" + schema: + type: string + required: true + default: "" + - variable: password + label: "Password" + schema: + type: string + required: true + default: "" + - variable: email + label: "Email" + schema: + type: string + required: true + default: "" + - variable: vaultwarden + label: "" + group: "App Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: yubico + label: "Yubico OTP authentication" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Yubico OTP authentication" + description: "Please refer to the manual at: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Yubikey-OTP-authentication" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: server + label: "Yubico server" + description: "Defaults to YubiCloud" + schema: + type: string + default: "" + - variable: clientId + label: "Yubico ID" + schema: + type: string + default: "" + - variable: secretKey + label: "Yubico Secret Key" + schema: + type: string + default: "" + - variable: push + label: "Mobile Push Notifications" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Mobile Push Notifications" + description: "You must obtain and ID and Key here: https://bitwarden.com/host" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: installationId + label: "Installation ID" + schema: + type: string + default: "" + required: true + - variable: installationKey + label: "Installation Key" + schema: + type: string + default: "" + required: true + - variable: admin + label: "Admin Portal" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Admin Portal" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: disableAdminToken + label: "Make Accessible Without Password/Token" + schema: + type: boolean + default: false + - variable: token + label: "Admin Portal Password/Token" + description: "Will be automatically generated if not defined" + schema: + type: string + default: "" + - variable: icons + label: "Icon Download Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: disableDownload + label: "Disable Icon Download" + description: "Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache)" + schema: + type: boolean + default: false + - variable: cache + label: "Cache time-to-live" + description: "Cache time-to-live for icons fetched. 0 means no purging" + schema: + type: int + default: 2592000 + - variable: token + label: "Failed Downloads Cache time-to-live" + description: "Cache time-to-live for icons that were not available. 0 means no purging." + schema: + type: int + default: 2592000 + - variable: log + label: "Logging" + schema: + additional_attrs: true + type: dict + attrs: + - variable: level + label: "Log level" + schema: + type: string + default: "info" + required: true + enum: + - value: "trace" + description: "trace" + - value: "debug" + description: "debug" + - value: "info" + description: "info" + - value: "warn" + description: "warn" + - value: "error" + description: "error" + - value: "off" + description: "off" + - variable: file + label: "Log-File Location" + schema: + type: string + default: "" + - variable: smtp + label: "SMTP Settings (Email)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable SMTP Support" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: host + label: "SMTP hostname" + schema: + type: string + required: true + default: "" + - variable: from + label: "SMTP sender e-mail address" + schema: + type: string + required: true + default: "" + - variable: fromName + label: "SMTP sender name" + schema: + type: string + required: true + default: "" + - variable: user + label: "SMTP username" + schema: + type: string + required: true + default: "" + - variable: password + label: "SMTP password" + description: "Required is user is specified, ignored if no user provided" + schema: + type: string + default: "" + - variable: security + label: "Enable SSL connection" + schema: + type: string + default: "starttls" + enum: + - value: "starttls" + description: "STARTTLS (587)" + - value: "force_tls" + description: "FORCE_TLS (465)" + - value: "off" + description: "OFF (25)" + - variable: port + label: "SMTP port" + description: "Usually: 587 with STARTTLS, 465 with FORCE_TLS, and 25 without SSL" + schema: + type: int + default: 587 + - variable: authMechanism + label: "SMTP Authentication Mechanisms" + description: "Comma-separated options: Plain, Login and Xoauth2" + schema: + type: string + default: "Plain" + - variable: heloName + label: "SMTP HELO - Hostname" + description: "Hostname to be sent for SMTP HELO. Defaults to pod name" + schema: + type: string + default: "" + - variable: timeout + label: "SMTP timeout" + schema: + type: int + default: 15 + - variable: invalidHostname + label: "Accept Invalid Hostname" + description: "Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!" + schema: + type: boolean + default: false + - variable: invalidCertificate + label: "Accept Invalid Certificate" + description: "Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!" + schema: + type: boolean + default: false + - variable: allowSignups + label: "Allow Signup" + description: "Allow any user to sign-up: https://github.com/dani-garcia/vaultwarden/wiki/Disable-registration-of-new-users" + schema: + type: boolean + default: true + - variable: allowInvitation + label: "Always allow Invitation" + description: "Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/vaultwarden/wiki/Disable-invitations" + schema: + type: boolean + default: true + - variable: defaultInviteName + label: "Default Invite Organisation Name" + description: "Default organization name in invitation e-mails that are not coming from a specific organization." + schema: + type: string + default: "" + - variable: showPasswordHint + label: "Show password hints" + description: "https://github.com/dani-garcia/vaultwarden/wiki/Password-hint-display" + schema: + type: boolean + default: true + - variable: signupwhitelistenable + label: "Enable Signup Whitelist" + description: "allowSignups is ignored if set" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: signupDomains + label: "Signup Whitelist Domains" + schema: + type: list + default: [] + items: + - variable: domain + label: "Domain" + schema: + type: string + default: "" + - variable: verifySignup + label: "Verifiy Signup" + description: "Verify e-mail before login is enabled. SMTP must be enabled" + schema: + type: boolean + default: false + - variable: requireEmail + label: "Block Login if email fails" + description: "When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled" + schema: + type: boolean + default: false + - variable: emailAttempts + label: "Email token reset attempts" + description: "Maximum attempts before an email token is reset and a new email will need to be sent" + schema: + type: int + default: 3 + - variable: emailTokenExpiration + label: "Email token validity in seconds" + schema: + type: int + default: 600 + - variable: enableWebVault + label: "Enable Webvault" + description: "Enable Web Vault (static content). https://github.com/dani-garcia/vaultwarden/wiki/Disabling-or-overriding-the-Vault-interface-hosting" + schema: + type: boolean + default: true + - variable: orgCreationUsers + label: "Limit Organisation Creation to (users)" + description: "Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users." + schema: + type: string + default: "all" + - variable: attachmentLimitOrg + label: "Limit Attachment Disk Usage per Organisation" + schema: + type: string + default: "" + - variable: attachmentLimitUser + label: "Limit Attachment Disk Usage per User" + schema: + type: string + default: "" + - variable: hibpApiKey + label: "HaveIBeenPwned API Key" + description: "Can be purchased at https://haveibeenpwned.com/API/Key" + schema: + type: string + default: "" + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10102 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + additional_attrs: true + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + additional_attrs: true + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistence + label: Integrated Persistent Storage + description: Integrated Persistent Storage + group: Storage and Persistence + schema: + additional_attrs: true + type: dict + attrs: + - variable: data + label: "App Config Storage" + description: "Stores the Application Configuration." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - value: iscsi + description: iSCSI Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: iscsi + label: iSCSI Options + schema: + show_if: [["type", "=", "iscsi"]] + type: dict + additional_attrs: true + attrs: + - variable: targetPortal + label: targetPortal + schema: + type: string + required: true + default: "" + - variable: iqn + label: iqn + schema: + type: string + required: true + default: "" + - variable: lun + label: lun + schema: + type: int + default: 0 + - variable: authSession + label: authSession + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: authDiscovery + label: authDiscovery + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: storageClass + label: 'storageClass (Advanced)' + description: 'sets the storageClass to something other than iX default. Only for advanced usecases!' + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "" + - variable: static + label: 'Static Fixed PVC Bindings (Experimental)' + description: Link a PVC to a specific storage location + schema: + show_if: [["type", "=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: mode + label: mode + description: | + disabled: use normal dynamic PVCs + smb: connect to an SMB share + nfs: connect to an NFS share + schema: + type: string + default: "disabled" + enum: + - value: disabled + description: disabled + - value: smb + description: smb + - value: nfs + description: nfs + - variable: server + label: Server + description: server to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "myserver" + - variable: share + label: Share + description: share to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "/myshare" + - variable: user + label: User + description: connecting user + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "myuser" + - variable: domain + label: Domain + description: user domain + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: password + label: Password + description: connecting password + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: volumeSnapshots + label: 'Volume Snapshots (Experimental)' + description: Add an entry to the list to force creation of a volumeSnapshot of this PVC + schema: + show_if: [["type", "=", "pvc"]] + type: list + default: [] + items: + - variable: volumeSnapshotEntry + label: Custom volumeSnapshot + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: 'WARNING: renaming this, means deletion of the snapshot with the old name!' + schema: + type: string + default: "mysnapshot" + required: true + - variable: volumeSnapshotClassName + label: 'volumeSnapshot Class Name (Advanced)' + description: For use with PVCs using a non-default storageClass + schema: + type: string + default: "" + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: iscsi + label: iSCSI Options + schema: + show_if: [["type", "=", "iscsi"]] + type: dict + additional_attrs: true + attrs: + - variable: targetPortal + label: targetPortal + schema: + type: string + required: true + default: "" + - variable: iqn + label: iqn + schema: + type: string + required: true + default: "" + - variable: lun + label: lun + schema: + type: int + default: 0 + - variable: authSession + label: authSession + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: authDiscovery + label: authDiscovery + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: storageClass + label: 'storageClass (Advanced)' + description: 'sets the storageClass to something other than iX default. Only for advanced usecases!' + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "" + - variable: static + label: 'Static Fixed PVC Bindings (Experimental)' + description: Link a PVC to a specific storage location + schema: + show_if: [["type", "=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: mode + label: mode + description: | + disabled: use normal dynamic PVCs + smb: connect to an SMB share + nfs: connect to an NFS share + schema: + type: string + default: "disabled" + enum: + - value: "disabled" + description: disabled + - value: smb + description: smb + - value: nfs + description: nfs + - variable: server + label: Server + description: server to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "myserver" + - variable: share + label: Share + description: share to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "/myshare" + - variable: user + label: User + description: connecting user + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "myuser" + - variable: domain + label: Domain + description: user domain + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: password + label: Password + description: connecting password + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: volumeSnapshots + label: 'Volume Snapshots (Experimental)' + description: Add an entry to the list to force creation of a volumeSnapshot of this PVC + schema: + show_if: [["type", "=", "pvc"]] + type: list + default: [] + items: + - variable: volumeSnapshotEntry + label: Custom volumeSnapshot + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: 'WARNING: renaming this, means deletion of the snapshot with the old name!' + schema: + type: string + default: "mysnapshot" + required: true + - variable: volumeSnapshotClassName + label: 'volumeSnapshot Class Name (Advanced)' + description: For use with PVCs using a non-default storageClass + schema: + type: string + default: "" + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [{path: "/", pathType: "Prefix"}] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + + + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: namespace + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description + description: defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: scaleCert + label: 'Use TrueNAS SCALE Certificate (Deprecated)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["certificateIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: namespace + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description + description: defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: scaleGPUEntry + label: GPU + schema: + additional_attrs: true + type: dict + attrs: + # Specify GPU configuration + - variable: gpu + label: Select GPU + schema: + additional_attrs: true + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + - variable: workaround + label: "Workaround" + schema: + type: string + default: workaround + hidden: true + - variable: cnpg + group: Postgresql + label: "CloudNative-PG (CNPG)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Postgresql Database" + schema: + additional_attrs: true + type: dict + attrs: + - variable: hibernate + label: Hibernate + description: "enable to safely hibernate and shutdown the postgresql cluster" + schema: + type: boolean + default: false + - variable: cluster + label: "Cluster Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: instances + label: Instances + schema: + type: int + default: 1 + - variable: singleNode + label: singleNode + schema: + type: boolean + default: true + hidden: true + - variable: storage + label: "Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: size + label: Size + schema: + type: string + default: "256Gi" + - variable: walStorage + label: "WAL Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: size + label: Size + schema: + type: string + default: "256Gi" + - variable: monitoring + label: "Monitoring Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enablePodMonitor + label: "enablePodMonitor" + schema: + type: boolean + default: true + - variable: disableDefaultQueries + label: "disableDefaultQueries" + schema: + type: boolean + default: false + - variable: pooler + label: "Pooler Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: instances + label: Instances + schema: + type: int + default: 1 + - variable: createRO + label: "Create ReadOnly Instance" + schema: + type: boolean + default: false + - variable: recovery + label: "Recovery Settings (Experimental)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + - variable: endpointURL + label: "endpointURL" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: method + label: "method" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "object_store" + - variable: backupName + label: "backupName" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: provider + label: "provider" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "s3" + - variable: s3 + label: "s3" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "s3"], ["enabled", "=", true]] + attrs: + - variable: region + label: "region" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: bucket + label: "bucket" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: path + label: "path" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "/" + - variable: accessKey + label: "accessKey" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: secretKey + label: "secretKey" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: azure + label: "azure (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "azure"], ["enabled", "=", true]] + attrs: + - variable: path + label: "path" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "/" + - variable: connectionString + label: "connectionString" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: storageAccount + label: "storageAccount" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: storageKey + label: "storageKey" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: storageSasToken + label: "storageSasToken" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: containerName + label: "containerName" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: serviceName + label: "serviceName" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "blob" + - variable: inheritFromAzureAD + label: "inheritFromAzureAD" + schema: + type: boolean + show_if: [["enabled", "=", true]] + default: false + - variable: google + label: "google (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "google"], ["enabled", "=", true]] + attrs: + - variable: path + label: "path" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "/" + - variable: bucket + label: "bucket" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: gkeEnvironment + label: "gkeEnvironment" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: applicationCredentials + label: "applicationCredentials" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: backups + label: "Backup Settings (Experimental)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + - variable: endpointURL + label: "endpointURL" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: destinationPath + label: "destinationPath" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: retentionPolicy + label: "retentionPolicy" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "30d" + - variable: provider + label: "provider" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "s3" + - variable: s3 + label: "s3" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "s3"], ["enabled", "=", true]] + attrs: + - variable: region + label: "region" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: bucket + label: "bucket" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: path + label: "path" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "/" + - variable: accessKey + label: "accessKey" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: secretKey + label: "secretKey" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: azure + label: "azure (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "azure"], ["enabled", "=", true]] + attrs: + - variable: path + label: "path" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "/" + - variable: connectionString + label: "connectionString" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: storageAccount + label: "storageAccount" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: storageKey + label: "storageKey" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: storageSasToken + label: "storageSasToken" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: containerName + label: "containerName" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: serviceName + label: "serviceName" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "blob" + - variable: inheritFromAzureAD + label: "inheritFromAzureAD" + schema: + type: boolean + show_if: [["enabled", "=", true]] + default: false + - variable: google + label: "google (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "google"], ["enabled", "=", true]] + attrs: + - variable: path + label: "path" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "/" + - variable: bucket + label: "bucket" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: gkeEnvironment + label: "gkeEnvironment" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: applicationCredentials + label: "applicationCredentials" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: scheduledBackups + label: ScheduledBackups + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: backupschedule + label: BackupSchedule + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "daily-backup" + required: true + - variable: schedule + label: schedule + schema: + type: string + required: true + default: "0 0 0 * * *" + - variable: backupOwnerReference + label: backupOwnerReference + schema: + type: string + required: true + default: "self" + - variable: immediate + label: immediate + schema: + type: boolean + default: false + - variable: suspend + label: suspend + schema: + type: boolean + default: false + - variable: manualBackups + label: manualBackups + schema: + type: list + default: [] + items: + - variable: backup + label: Backup + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: ingress + label: "Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [{path: "/", pathType: "Prefix"}] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + show_if: [["advanced", "=", true]] + required: true + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + show_if: [["advanced", "=", true]] + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: scaleCert + label: 'Use TrueNAS SCALE Certificate (Deprecated)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/enterprise/vaultwarden/24.0.4/templates/NOTES.txt b/enterprise/vaultwarden/24.0.4/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/enterprise/vaultwarden/24.0.4/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/enterprise/vaultwarden/24.0.4/templates/_configmap.tpl b/enterprise/vaultwarden/24.0.4/templates/_configmap.tpl new file mode 100644 index 00000000000..7cc26147b0e --- /dev/null +++ b/enterprise/vaultwarden/24.0.4/templates/_configmap.tpl @@ -0,0 +1,111 @@ +{{/* Define the configmap */}} +{{- define "vaultwarden.configmap" -}} +enabled: true +data: + ROCKET_PORT: "8080" + SIGNUPS_ALLOWED: {{ .Values.vaultwarden.allowSignups | quote }} + {{- if .Values.vaultwarden.signupDomains }} + SIGNUPS_DOMAINS_WHITELIST: {{ join "," .Values.vaultwarden.signupDomains | quote }} + {{- end }} + {{- if and (eq .Values.vaultwarden.verifySignup true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Signup verification requires SMTP to be enabled" nil}}{{end}} + SIGNUPS_VERIFY: {{ .Values.vaultwarden.verifySignup | quote }} + {{- if and (eq .Values.vaultwarden.requireEmail true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Requiring emails for login depends on SMTP" nil}}{{end}} + REQUIRE_DEVICE_EMAIL: {{ .Values.vaultwarden.requireEmail | quote }} + {{- if .Values.vaultwarden.emailAttempts }} + EMAIL_ATTEMPTS_LIMIT: {{ .Values.vaultwarden.emailAttempts | quote }} + {{- end }} + {{- if .Values.vaultwarden.emailTokenExpiration }} + EMAIL_EXPIRATION_TIME: {{ .Values.vaultwarden.emailTokenExpiration | quote }} + {{- end }} + INVITATIONS_ALLOWED: {{ .Values.vaultwarden.allowInvitation | quote }} + {{- if .Values.vaultwarden.defaultInviteName }} + INVITATION_ORG_NAME: {{ .Values.vaultwarden.defaultInviteName | quote }} + {{- end }} + SHOW_PASSWORD_HINT: {{ .Values.vaultwarden.showPasswordHint | quote }} + WEB_VAULT_ENABLED: {{ .Values.vaultwarden.enableWebVault | quote }} + ORG_CREATION_USERS: {{ .Values.vaultwarden.orgCreationUsers | quote }} + {{- if .Values.vaultwarden.attachmentLimitOrg }} + ORG_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitOrg | quote }} + {{- end }} + {{- if .Values.vaultwarden.attachmentLimitUser }} + USER_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitUser | quote }} + {{- end }} + {{- if .Values.vaultwarden.hibpApiKey }} + HIBP_API_KEY: {{ .Values.vaultwarden.hibpApiKey | quote }} + {{- end }} + {{- include "vaultwarden.dbTypeValid" . }} + {{- if .Values.database.retries }} + DB_CONNECTION_RETRIES: {{ .Values.database.retries | quote }} + {{- end }} + {{- if .Values.database.maxConnections }} + DATABASE_MAX_CONNS: {{ .Values.database.maxConnections | quote }} + {{- end }} + {{- if eq .Values.vaultwarden.smtp.enabled true }} + SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .Values.vaultwarden.smtp.host | quote }} + SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .Values.vaultwarden.smtp.from | quote }} + {{- if .Values.vaultwarden.smtp.fromName }} + SMTP_FROM_NAME: {{ .Values.vaultwarden.smtp.fromName | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.ssl }} + SMTP_SECURITY: {{ .Values.vaultwarden.smtp.security | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.port }} + SMTP_PORT: {{ .Values.vaultwarden.smtp.port | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.authMechanism }} + SMTP_AUTH_MECHANISM: {{ .Values.vaultwarden.smtp.authMechanism | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.heloName }} + HELO_NAME: {{ .Values.vaultwarden.smtp.heloName | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.timeout }} + SMTP_TIMEOUT: {{ .Values.vaultwarden.smtp.timeout | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.invalidHostname }} + SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.vaultwarden.smtp.invalidHostname | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.invalidCertificate }} + SMTP_ACCEPT_INVALID_CERTS: {{ .Values.vaultwarden.smtp.invalidCertificate | quote }} + {{- end }} + {{- end }} + {{- if .Values.vaultwarden.log.file }} + LOG_FILE: {{ .Values.vaultwarden.log.file | quote }} + {{- end }} + {{- if or .Values.vaultwarden.log.level .Values.vaultwarden.log.timeFormat }} + EXTENDED_LOGGING: "true" + {{- end }} + {{- if .Values.vaultwarden.log.level }} + {{- include "vaultwarden.logLevelValid" . }} + LOG_LEVEL: {{ .Values.vaultwarden.log.level | quote }} + {{- end }} + {{- if .Values.vaultwarden.log.timeFormat }} + LOG_TIMESTAMP_FORMAT: {{ .Values.vaultwarden.log.timeFormat | quote }} + {{- end }} + {{- if .Values.vaultwarden.icons.disableDownload }} + DISABLE_ICON_DOWNLOAD: {{ .Values.vaultwarden.icons.disableDownload | quote }} + {{- if and (not .Values.vaultwarden.icons.cache) (eq .Values.vaultwarden.icons.disableDownload "true") }} + ICON_CACHE_TTL: "0" + {{- end }} + {{- end }} + {{- if .Values.vaultwarden.icons.cache }} + ICON_CACHE_TTL: {{ .Values.vaultwarden.icons.cache | quote }} + {{- end }} + {{- if .Values.vaultwarden.icons.cacheFailed }} + ICON_CACHE_NEGTTL: {{ .Values.vaultwarden.icons.cacheFailed | quote }} + {{- end }} + {{- if eq .Values.vaultwarden.admin.enabled true }} + {{- if eq .Values.vaultwarden.admin.disableAdminToken true }} + DISABLE_ADMIN_TOKEN: "true" + {{- end }} + {{- end }} + {{- if eq .Values.vaultwarden.yubico.enabled true }} + {{- if .Values.vaultwarden.yubico.server }} + YUBICO_SERVER: {{ .Values.vaultwarden.yubico.server | quote }} + {{- end }} + {{- end }} + {{- if eq .Values.database.type "sqlite" }} + ENABLE_DB_WAL: {{ .Values.database.wal | quote }} + {{- else }} + ENABLE_DB_WAL: "false" + {{- end }} +{{- end -}} diff --git a/enterprise/vaultwarden/24.0.4/templates/_secrets.tpl b/enterprise/vaultwarden/24.0.4/templates/_secrets.tpl new file mode 100644 index 00000000000..262fcffa1b4 --- /dev/null +++ b/enterprise/vaultwarden/24.0.4/templates/_secrets.tpl @@ -0,0 +1,37 @@ +{{/* Define the secrets */}} +{{- define "vaultwarden.secrets" -}} + +{{- $adminToken := "" }} +{{- if eq .Values.vaultwarden.admin.enabled true }} +{{- $adminToken = .Values.vaultwarden.admin.token | default (randAlphaNum 48) | quote }} +{{- end -}} + +{{- $smtpUser := "" }} +{{- if and (eq .Values.vaultwarden.smtp.enabled true ) (.Values.vaultwarden.smtp.user) }} +{{- $smtpUser = .Values.vaultwarden.smtp.user | quote }} +{{- end -}} + +{{- $yubicoClientId := "" }} +{{- if eq .Values.vaultwarden.yubico.enabled true }} +{{- $yubicoClientId = required "Yubico Client ID required" .Values.vaultwarden.yubico.clientId | toString | quote }} +{{- end -}} +enabled: true +data: + placeholder: placeholdervalue + {{- if ne $adminToken "" }} + ADMIN_TOKEN: {{ $adminToken }} + {{- end }} + {{- if ne $smtpUser "" }} + SMTP_USERNAME: {{ $smtpUser }} + SMTP_PASSWORD: {{ required "Must specify SMTP password" .Values.vaultwarden.smtp.password | quote }} + {{- end }} + {{- if ne $yubicoClientId "" }} + YUBICO_CLIENT_ID: {{ $yubicoClientId }} + YUBICO_SECRET_KEY: {{ required "Yubico Secret Key required" .Values.vaultwarden.yubico.secretKey | quote }} + {{- end }} + {{- if .Values.vaultwarden.push.enabled }} + PUSH_ENABLED: {{ .Values.vaultwarden.push.enabled | quote }} + PUSH_INSTALLATION_ID: {{ required "Installation ID required" .Values.vaultwarden.push.installationId | quote }} + PUSH_INSTALLATION_KEY: {{ required "Installation Key required" .Values.vaultwarden.push.installationKey | quote }} + {{- end }} +{{- end -}} diff --git a/enterprise/vaultwarden/24.0.4/templates/_validate.tpl b/enterprise/vaultwarden/24.0.4/templates/_validate.tpl new file mode 100644 index 00000000000..e4832c2f6e5 --- /dev/null +++ b/enterprise/vaultwarden/24.0.4/templates/_validate.tpl @@ -0,0 +1,17 @@ +{{/* +Ensure valid DB type is select, defaults to SQLite +*/}} +{{- define "vaultwarden.dbTypeValid" -}} +{{- if not (or (eq .Values.database.type "postgresql") (eq .Values.database.type "mysql") (eq .Values.database.type "sqlite")) }} +{{- required "Invalid database type" nil }} +{{- end -}} +{{- end -}} + +{{/* +Ensure log type is valid +*/}} +{{- define "vaultwarden.logLevelValid" -}} +{{- if not (or (eq .Values.vaultwarden.log.level "trace") (eq .Values.vaultwarden.log.level "debug") (eq .Values.vaultwarden.log.level "info") (eq .Values.vaultwarden.log.level "warn") (eq .Values.vaultwarden.log.level "error") (eq .Values.vaultwarden.log.level "off")) }} +{{- required "Invalid log level" nil }} +{{- end }} +{{- end }} diff --git a/enterprise/vaultwarden/24.0.4/templates/common.yaml b/enterprise/vaultwarden/24.0.4/templates/common.yaml new file mode 100644 index 00000000000..66c6adab5db --- /dev/null +++ b/enterprise/vaultwarden/24.0.4/templates/common.yaml @@ -0,0 +1,17 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{/* Render configmap for vaultwarden */}} +{{- $configmapFile := include "vaultwarden.configmap" . | fromYaml -}} +{{- if $configmapFile -}} + {{- $_ := set .Values.configmap "vaultwardenconfig" $configmapFile -}} +{{- end -}} + +{{/* Render secrets for vaultwarden */}} +{{- $secret := include "vaultwarden.secrets" . | fromYaml -}} +{{- if $secret -}} + {{- $_ := set .Values.secret "vaultwardensecret" $secret -}} +{{- end -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/enterprise/vaultwarden/24.0.4/values.yaml b/enterprise/vaultwarden/24.0.4/values.yaml new file mode 100644 index 00000000000..e69de29bb2d