From e25d849f4ef81ef75b82b7f069206bcbc441c733 Mon Sep 17 00:00:00 2001 From: TrueCharts-Bot Date: Sat, 24 Sep 2022 20:43:41 +0000 Subject: [PATCH] Commit new Chart releases for TrueCharts Signed-off-by: TrueCharts-Bot --- enterprise/blocky/1.0.0/CHANGELOG.md | 52 + enterprise/blocky/1.0.0/Chart.lock | 9 + enterprise/blocky/1.0.0/Chart.yaml | 34 + enterprise/blocky/1.0.0/README.md | 110 + enterprise/blocky/1.0.0/app-readme.md | 8 + .../blocky/1.0.0/charts/common-10.6.0.tgz | Bin 0 -> 48413 bytes .../blocky/1.0.0/charts/redis-3.0.67.tgz | Bin 0 -> 57080 bytes .../blocky/1.0.0/ci/k8sgateway-values.yaml | 7 + .../blocky/1.0.0/ci/standalone-values.yaml | 0 enterprise/blocky/1.0.0/ix_values.yaml | 335 ++ enterprise/blocky/1.0.0/questions.yaml | 3506 +++++++++++++++++ .../blocky/1.0.0/templates/_blockyConfig.tpl | 198 + .../blocky/1.0.0/templates/_k8sgateway.tpl | 107 + enterprise/blocky/1.0.0/templates/_webui.tpl | 36 + enterprise/blocky/1.0.0/templates/common.yaml | 50 + enterprise/blocky/1.0.0/values.yaml | 0 enterprise/blocky/item.yaml | 4 + 17 files changed, 4456 insertions(+) create mode 100644 enterprise/blocky/1.0.0/CHANGELOG.md create mode 100644 enterprise/blocky/1.0.0/Chart.lock create mode 100644 enterprise/blocky/1.0.0/Chart.yaml create mode 100644 enterprise/blocky/1.0.0/README.md create mode 100644 enterprise/blocky/1.0.0/app-readme.md create mode 100644 enterprise/blocky/1.0.0/charts/common-10.6.0.tgz create mode 100644 enterprise/blocky/1.0.0/charts/redis-3.0.67.tgz create mode 100644 enterprise/blocky/1.0.0/ci/k8sgateway-values.yaml create mode 100644 enterprise/blocky/1.0.0/ci/standalone-values.yaml create mode 100644 enterprise/blocky/1.0.0/ix_values.yaml create mode 100644 enterprise/blocky/1.0.0/questions.yaml create mode 100644 enterprise/blocky/1.0.0/templates/_blockyConfig.tpl create mode 100644 enterprise/blocky/1.0.0/templates/_k8sgateway.tpl create mode 100644 enterprise/blocky/1.0.0/templates/_webui.tpl create mode 100644 enterprise/blocky/1.0.0/templates/common.yaml create mode 100644 enterprise/blocky/1.0.0/values.yaml create mode 100644 enterprise/blocky/item.yaml diff --git a/enterprise/blocky/1.0.0/CHANGELOG.md b/enterprise/blocky/1.0.0/CHANGELOG.md new file mode 100644 index 00000000000..305b21ac64a --- /dev/null +++ b/enterprise/blocky/1.0.0/CHANGELOG.md @@ -0,0 +1,52 @@ +# Changelog + + + +## [blocky-1.0.0](https://github.com/truecharts/charts/compare/blocky-0.0.4...blocky-1.0.0) (2022-09-24) + +### Chore + +- move blocky to enterprise ([#3875](https://github.com/truecharts/charts/issues/3875)) + + + + +## [blocky-0.0.4](https://github.com/truecharts/charts/compare/blocky-0.0.3...blocky-0.0.4) (2022-09-24) + +### Chore + +- Auto-update chart README [skip ci] + + ### Fix + +- Finish up UI ([#3866](https://github.com/truecharts/charts/issues/3866)) + + + + +## [blocky-0.0.3](https://github.com/truecharts/charts/compare/blocky-0.0.2...blocky-0.0.3) (2022-09-24) + +### Chore + +- Auto-update chart README [skip ci] + - update docker general non-major ([#3860](https://github.com/truecharts/charts/issues/3860)) + + + + +## [blocky-0.0.2](https://github.com/truecharts/charts/compare/blocky-0.0.1...blocky-0.0.2) (2022-09-23) + +### Chore + +- Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - update docker general non-major ([#3850](https://github.com/truecharts/charts/issues/3850)) + + + + +## [blocky-0.0.1]blocky-0.0.1 (2022-09-22) + +### Feat + +- add blocky ([#3735](https://github.com/truecharts/charts/issues/3735)) diff --git a/enterprise/blocky/1.0.0/Chart.lock b/enterprise/blocky/1.0.0/Chart.lock new file mode 100644 index 00000000000..da1104a4813 --- /dev/null +++ b/enterprise/blocky/1.0.0/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: common + repository: https://library-charts.truecharts.org + version: 10.6.0 +- name: redis + repository: https://charts.truecharts.org + version: 3.0.67 +digest: sha256:ab9d787b3d291fb6f205e683658bd0d9fe6f98a75ca07b9d4df7e4fb24373663 +generated: "2022-09-24T20:42:12.199300453Z" diff --git a/enterprise/blocky/1.0.0/Chart.yaml b/enterprise/blocky/1.0.0/Chart.yaml new file mode 100644 index 00000000000..029414c790d --- /dev/null +++ b/enterprise/blocky/1.0.0/Chart.yaml @@ -0,0 +1,34 @@ +apiVersion: v2 +appVersion: "0.19" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 10.6.0 + - condition: redis.enabled + name: redis + repository: https://charts.truecharts.org + version: 3.0.67 +description: Blocky is a DNS proxy, DNS enhancer and ad-blocker for the local network written in Go +home: https://truecharts.org/docs/charts/enterprise/blocky +icon: https://truecharts.org/img/hotlink-ok/chart-icons/blocky.png +keywords: + - dns + - blocky +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: blocky +sources: + - https://github.com/truecharts/charts/tree/master/charts/enterprise/blocky + - https://0xerr0r.github.io/blocky/ + - https://github.com/0xERR0R/blocky + - https://github.com/Mozart409/blocky-frontend + - https://hub.docker.com/r/spx01/blocky +version: 1.0.0 +annotations: + truecharts.org/catagories: | + - network + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/enterprise/blocky/1.0.0/README.md b/enterprise/blocky/1.0.0/README.md new file mode 100644 index 00000000000..a08531f6a29 --- /dev/null +++ b/enterprise/blocky/1.0.0/README.md @@ -0,0 +1,110 @@ +# blocky + +Blocky is a DNS proxy, DNS enhancer and ad-blocker for the local network written in Go + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. + +This readme is just an automatically generated general guide on installing our Helm Charts and Apps. +For more information, please click here: [blocky](https://truecharts.org/docs/charts/enterprise/blocky) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + +## Source Code + +* +* +* +* +* + +## Requirements + +Kubernetes: `>=1.16.0-0` + +## Dependencies + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.truecharts.org | redis | 3.0.67 | +| https://library-charts.truecharts.org | common | 10.6.0 | + +## Installing the Chart + +### TrueNAS SCALE + +To install this Chart on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/SCALE%20Apps/Installing-an-App). + +### Helm + +To install the chart with the release name `blocky` + +```console +helm repo add TrueCharts https://charts.truecharts.org +helm repo update +helm install blocky TrueCharts/blocky +``` + +## Uninstall + +### TrueNAS SCALE + +**Upgrading, Rolling Back and Uninstalling the Chart** + +To upgrade, rollback or delete this Chart from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/SCALE%20Apps/Upgrade-rollback-delete-an-App). + +### Helm + +To uninstall the `blocky` deployment + +```console +helm uninstall blocky +``` + +## Configuration + +### Helm + +#### Available Settings + +Read through the values.yaml file. It has several commented out suggested values. +Other values may be used from the [values.yaml](https://github.com/truecharts/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common). + +#### Configure using the command line + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +```console +helm install blocky \ + --set env.TZ="America/New York" \ + TrueCharts/blocky +``` + +#### Configure using a yaml file + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. + +```console +helm install blocky TrueCharts/blocky -f values.yaml +``` + +#### Connecting to other charts + +If you need to connect this Chart to other Charts on TrueNAS SCALE, please refer to our [Linking Charts Internally](https://truecharts.org/docs/manual/SCALE%20Apps/linking-apps) quick-start guide. + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/docs/manual/SCALE%20Apps/Important-MUST-READ). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/apps/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +--- + +All Rights Reserved - The TrueCharts Project diff --git a/enterprise/blocky/1.0.0/app-readme.md b/enterprise/blocky/1.0.0/app-readme.md new file mode 100644 index 00000000000..e83e2cb6d24 --- /dev/null +++ b/enterprise/blocky/1.0.0/app-readme.md @@ -0,0 +1,8 @@ +Blocky is a DNS proxy, DNS enhancer and ad-blocker for the local network written in Go + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/docs/charts/enterprise/blocky](https://truecharts.org/docs/charts/enterprise/blocky) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/docs/about/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/blocky/1.0.0/charts/common-10.6.0.tgz b/enterprise/blocky/1.0.0/charts/common-10.6.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..0308b85a1a8c5cdc7a0461f210d9fce394ddcc94 GIT binary patch literal 48413 zcmV)*K#9K}iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{ciXtJINqQ2SK!N}ckO!0-|NcFA65vCk{Mu}5-rkKx0)xR|Ff$ko1|gZvNYXu;LdrV}IE(-A z@K3MT>kW5yg z6+8Dkd0>h^BFZpH4#0fSf@x}h#*ib%TM=R*#VMEX-egHA{sJ)`QAihHOenab8Ilad zT2nGZ2Vly1$_~2S3Fgym)CtL~%V~x}S*8oqlyx~ps5^sk;#;2d&D zSx14&7@{FbI7+yLnsxVvJH6iC?r!S_Ep7>o*g>le^2S z`nuog4?Def@4MCv;)Fw-AS!{O8N~4cz{!~WcMiBi=%fWe0!4ov0sxTFI7h!wK^4~+ z@I{Ia40^4(!KL5p3_HEn6OF%~|8p2;h&_@3SUUgv{o!!9Q=I>M+k@x%{}j&)&~AhG zDM~(`p8=Ml5RY*PLXwQ}B%@Hw_0|jU-w_(aEasx{B|>0?VshIeDN5#Payo+(bkG7o z!n%|&7JyF?&;>vkW0Y`!MZp#T6s3e=PUzwQ@GztuOkDY(YqeFarf>m=VnT8_F_P=Q z*%S_ThX?)f{&s}IXguuigro7!J{s%{UcDOhN5gRsjbRV%4|c~pJA32ZaJSzZ4R=T3 ztKN7x>=v_A{pFhYZqaU8>(= ziYB6BJ>7HI4M}ccHh|_5dfxB!I)mPz-+R^HG4y^l-W{Ud;joAHqw#*U6K(JB4*DqC z+lD(~ICwRNgPqZMcW=Mf+Z&BXXt=$NdcFSs4jQ1*coa6lVJ%W$K^(IX#%Ntqb5pUN z)H&=*Qk$<``&R=X1qyHXJN;hYPebWMLT<>#ru=GH z9)$;;VaJje?evCw{a1T~a2t)H@m>_}4hN(CVK^A??7!OS@5A2qt5^FG9PjMFy}^Ee zAMFozw#ToA+r#mzy+MPv*P?EMIGYl}*QKthS5I9Fxgm8;`PH!MMKRjj?(c@Zy-57= z3JwP0c)uTx_u%#*>h1S;`u%VejrOB)f4>j6VXr?J?Co#A8ufR!xBLCweuK8_se2gT z!UfZG4M~I;qH{#orEFfap0=V)TZ3;%UZ+YUh%S+LI(wa-p>c0K+IQ z?S^5r|Ejk)*zFBo!B@S}XtcW*Y1ieO;Ky4UZ&+8_0|L%53|+}_y z3LZrfW)+gN*XiYwb0-{x5RDM(_xDD<-QDr_-mC4sy>ZkVN87#Ocz{q34TrDx#?j7R z^lE#!)7#rdJ@g8RZ@o&%={DSyK9iV?V4TwhaR3uQ=7>@pA-P~xLK%(mXF$gC*Eow~ zu{hI9y7#)Y2St=a3C9%4G9W@@K`_C>zyheO38P4sgE3Ipff$ZZ%sSvl6wd%hvsB7S z5W)nE5XcycIxV0}9e^)imqUX|Lb#kvD?vI%CES)+PE!)ch+33U0!J~@6W@FlmDPvn zKrXP0q{)i{v9j&R?;l}|BS570fB{Ga)zX+OW+>rXAcAN{5{5V+6fh1s8fP&>f(O;& zI4@j70H-^EBodFjPS*k1wQc!Cc#9c70Dt?3g0I)}jLeYch8F+;xj0sD<)1Dt_s3w# z@T&1&1FWiW-#*>3S+^r+*=&TUm|YQKn4$=zBw|Vq#W;lQ0Q8qIP?k<8j1XX)LXIX2 zS@aE|;MgL=wnQIrqjH%oL5{$NRw$bQCK0$Gag3A6hctp*^QC}wse5yYDuKOE zj!}#_Duc+uD`3Zx6aoyulY~$)bubg(4E|zjQ5S@G;dDQzaiOId{0y=L&LNJ))RVQG z-|K*38J#Eq@~=WwXJ`v`Q%Jdyav=X@rNxCBQ2~UaIcAt7V2YVgH6X?_sZq>_AJzM} z;`IU8Zndzd!<3-URh6%|{8G6d^556032lo=tqCqsj6zN*fN@N2nbZmhvIR(Sc!QG( zfFQ!-F{1hEKEfg20(h1Z%3;E-BDp*|e0u_Z_;9K^V;~=ZK>iL|x?!UkG_TKQFo`zU zriEi{ATbT3_pzl5$*Eic1JVgwQd@j>svbs>s(}+LVgM%wQYPmV5W_!O7-*f=3vf>H z3{o5~Dmsila|#drb_5?B86?0Jo}qt{1huaI?*M$bI%>62$iwMrLO32Tv?6JFVjz_b zE`X$SY#q#JhnK45mikcCRuhyUWl$QOt^p`xa|TmafsJ9ztjx1iJ%@Y>GA71R44ndcz%9KQ{lthOW z>aap_RH}{E3#YLrEhwvFwYJkW-})M@Ia<}q%!BHna*Q~lGn^m>Zl_2PI-f~u%806f zW(fngm`}mg)&Cl9>a;jt7?!#tIL0HKFFB3Q5e-qop{K_mqM3JSM(CoZCB=zH%En@d&T)uf z7>d?vSMj>op(^Hcodov|-YA2~lm31+up!njV&bHfj1b!b3E|=&#KTUfBkeE&?o{#? zMF2A}Q-&B!K)(QO3(Q2DEK>zIAW6I^m69+Zy+ILx%;2RO(m#y)$_**y;BaO=G(dr- z6JS%4#gSN&DO)wFntwS+M{qoQNf&L&t=0X$=VL zS6kI$h-ikk092qbGg=o#TGP2}X}buOK$X-E0-uQ>IEpjI5xpR>vb3Gw-{U00$)uLG z=m>_58A=qsFB=IMb<88-ug@|ka^RU*0Be!0&~8AMrFzLiEw}h{i6^;L;tED8e>o~I{x1;uzsFv1jtJYE3EISi-T`V{I!FXnK<5go%&j_rAjAQM9h;4P%+ z09*+eqeTiCLk!&PGs99$tN;;BV0>x-FvsyEmO1vr0SHjSwgc^d!YP~`=)bkIFNmgL z8r0Ms(cZGEOibp`lmP1I>G_en(ZFma0NNlh%dcLiKj?J_JB7*@B;&}h5+TNM0#zhb z(Cf(m>sq|zGl3l4!o`6H-}(S9P!b_IpBMrs$-Mm$QbAgfW}IvNITNEHhUO+4A(|kL z1ieFwI2dEfc&DX)og{N-`o4p5{V>OrB+^{BYu66A(t0>wU%UX9i-g0^#xr}+dI1hM zfmx)#0N-zd^TW%_pN|i~cVE7M&IOW8(GhYAeEs@e>jgNnMOwP|YNh=Sraz&@1sdD; zM)|An?HNqlcI76Y8?-nO|1qzROQ7Yd?hPd~2dE-LsV&o*`dnzK+?ISg9YK?mO}o0h z`aiE_LzXv7N>tMcnNdQ?T;gw5v6fg4_H|@x>&}#lx_vAd=aONFRv%UXj47E(PnO{# zXP-jWI8!cS?Zas2g**{1MA5O5;M$s0{3)Q1kYMB`#;s?Q!jNY$1`*^?2&54LF@cdZ z(yW~;VM7KOr#P7$Lk=~JBbbBmpl!*nlsdpr*DSa)}_=0gXYbPW^?T}*WtT8Kg;{&&P0Pxsr8#7f=+Ri~uOI5XmdERMRMCD+()r})I)lRG9vr9u} zwq-ZA%~B|d2xnTzf*D)@iWrIK2qY{f-rW}T!T$#_alnJ@?y>-ZfTLfTC z5sVgQ|oN3NXWV& zNkWuz);0Co+M2}4M0`w8$lEZLeh}Hswl3Ix0mBe6!M1HaMdtNpONpyX_46%GZkW%7 z#!-DviKs8kEDBDK!N&QA)8kFiv-TW{ex!0~94~~Z&4lO>6c&XJ!0vFr1;B@QhnGJc zfL?E4L{z?6D~AyY<5kr?A_+&Ic_)M^9N`#qECw{=3`cfR|HFqp5OZnmlO0v|v8T&t3mZmWh ztN>&A!7!FCcQh4J&`ikp$ps<&9cDAg!|8fhOLthDS# zosJv&7RRyRHku_{LcPKS-~@A9VhcbZW`~%+c!mJv04I#YIF>$-PD}r?yFKiITSH>4 zf+8%#12VN6sX1LP>^d#IPh5$Ci6eo@Lbj9_lB-yOgD`}I7^e$>IhwH!I1x>HrH#XG z3g-x5Ae+1 zSEIim8I^-%fS+5~O2n7!YlgV-fr`$Fr82k`wpv1Xac43|)bDd}b#$(r7iy(_b#$IL za5@GM{CIVBu3NxNsV?J;k>W{w?~4CiTGhU(x|~8jHFc_*?gl#KfKLzXFS~LObOB?G z;>a+y>Z}goC~k~Xgzi%S%eBw`1k-_u`HM6pz|h4(^2l8oCAyZZeY;y9z|YDy6k2#YUyoJIuk zop{|&vub9ypC5(WE%ax0Ux(d&vOO@rR|Egn82(b}gtggS>ym0_XD-kOW_1nwKbX#y1f90p^g~Rt z;$#}=_b*;3SN{ybgaORKRM_cY20zQN0x|}>f7i>U17q```s6ILDueXiuIkw z;#^DtE3i(J2!~>kGbOjpJCX+!q$JIR#U9ngUVjp+*H6+X_UR3b;}HyRuE<+5VegX@ zN(ue+878t) z32X>*DYC&0{Sk^^f3+Limw1-OXyYw`(Fn#c2@&1g0^;ZQ`sbE$ho7Erfin`Ja}|ba z3<>+S7?9+gN~k%PP0S2mW2;j%Tjal z=$@9gjh?KQrKXifx3n#B!4gyZFykb~$&E`p6*}n(MZw%#U_|&-o#&C_NgyDxfF9+w zNt$u;7AH4l+S{NBVvdu-B#!`@;V6o4Aw}*8zQLbS^iF(1@>7X2ayF5%s;$Zxsm3Wp zV|?R&x!Gqb%p-*%GRF=C!uB+phODB^EqC9487|Kw5F@b{L`9kr5 zmzc(Zpb07iA)AQS7iQhW-1s(`a`BZ~-Z%hl2xK4!%AAOJQP9Ox!g#KSU7aSsZyuhr@PayJoFKDusNSBP9Uj_OJMquXu9I&LN+6 zKr@tp-8JcY@09mg>WWC%%fh5|@>_zxz6SkHf2Z9mK~l#P&SfqX@1x_uE45_Qr02L( zn$Egab5;<|6riZ!(Z-OaN!|>yvtTM1a93|Hi|or0St1JZxz!pdZnCn@(y)ni9vTtTfGgbQM9=G(<3TM= znM1+nnDdWEn(zM&HwtX0V>`PF{jIa}%7f(W7L_)Z4+J}=F*^Tvw59+2@q9~g#1=ra zlrN4k-O>tgE1z;(Qd!BQD}v!tRYXaO$Qh7~>ifV7UKjo4W3MU90+0$3KwDtf<|B(&|`qcik1)@a)XE+pQnaU=m zPPQ0|MHSVg3DW+*H(!E=-Vrh271Rj!{U z(qoJwu;HMwxdjs9Rh34l3_y|_!D6yZiSNmN3JIb|nzyGt~ItWh6UQS!(4mcRN?a*tJGx5&Y9fVKhnW}did11Mu`4@8t7V1 zcm<=IW7t+0GIP+WEwEt91rKf44!{M1(a#if^j;XOdH3b#@lgz=DCHk1jCoQT(!HPU7zSqx028yYa zLJDVyBWhM*f)%|~U0Y%#NQ#n^?=Q`{D`Dk{e@nH$*W)ZSjW#)>Ol>&{J7?@R>=Vct?Ou}ab~w7_8ssW7hiEkX%^v3uU5kGfWDd_zYErwLmHC_yCZMRA?=Fl&)o6E+@WMO znx#Zu-lJ)=bfiV;I}S6SrQh@b|ND*a)6IUG)n^WDF#Bnie1ojnA+pLt+C9yn1ZtLPrg{U+UtI!F2ITP(ehCjrP>jiubBS^H`m32!>KyK zq5WT?OxZo5NMPzKZgDJqvm-9e^c2wOt=b{JFfYLQA$pI8BhQxx8qvo)M9v zXJP~QnU#MdR@N?toP+E5P8Dp=O#a&?Oy~H(f5%Q~r@xQqnpP<{mGfAQ#77M>MWJ+0 z-ouGzB#UyEsb81IeFK03Z1*t^>?>egw92!#Gw3;=)PB)y(Kh*_YWT|RvNmBYQ`X;k ztLHCoQ?wjD?D&3jG}LyH&d#QXN!C{%&UCl(v~|z?ThG6hL#{(XR*$#N_t$K&RpHem z?d1wwIm|_<&qG`*qM}?x+2~zKq?x;=;1JXk9(#LxmC{ZRmkJjskCuF&hrh{mml;FU zZj=HWL^fNrCzNDqceZHTB9#o9j9CNjOvbDsYbIlMf4)>n=<<6s`n`@m;=Y{vt_3GL zW-r~#QxY&TL*nn?na`JqvK9M!&fQ^JAmt$rpPV2voJ4qzBbf#ivm0|6k4(hHI7~v+ zX(=4#4x!0r%XBJL8IB{fqIwPn$f11c?sNs-R#zautL-Vd!hZ1ryr)3!je;06?%Xya z*63MUYQ=eN_Zs;WU8=v=Xn*hnR=>QB+;ECu+Sc#dGJaW8{Y*#@waq999+HG{3bDM0 zVJ(A4WfjHAq>bh(!l(-w!;?g2-%3b?x-SxWq$U4Utz&14Jh zoEXBWtZSax?7%bl`SJ$c9)Q2#grfD0z)xQ=p%yCHsPGWt0k3GPcNtkkca=4NPwvj^0aj4@=$#`I|mA0?b( z^|p(6*j1srf?8=RB=0x%!;$d6j&=wL;{@I2K^X_KL z>4zOxoI07o`<;HTr=)N_Ox`v{QAlPpltgBq+xRc@1XH@EI#WVGjNn|K8Ix&a1j~n*WK2K~ zrvy7ekiy#NsAMxRW(43w=mL3MZYl&mQ(=+}&@2(E+Q}BHFHDLt=P?qXEh1ZhW#Lpb z{thQt3~$FozC^?ZznFeF)v`qORZ($F;+WjZ9MUg9EX2hYfYCoQ#?=`i$UuUGOow!_ zB|EQ^@~fpNjTc}<<*6Dt=7@stavFapFZGloq70-k%?`j$uh*MtAM{LK(7OKvmTA}2 zC^|*^g@U`icUUul$r&rAi@u@l{6it@l?)pH;rzovq0SiIAQ@&ZxI=1bvs1`8Yl;8b za8X&*qybeYfYslA_R1D89}0J^$@=Dc$1%yTdMwq~AAD=$O5dF)be_7~K?TzYD{hV` zj79(3@*Y&3fmB5;+2oOtjK$LNYD5%2 zjLDYvk&%ppzmbdrA(oWLI_OFn)w$VcZOGeGGLtf(OETKd@465&OyJm#@rXjYXlrtG zU)U@D+w(N3c9g1v=8<(eO?9xjlBgIS`Zdw?^ z_SNp$6f$;8Xr%UgNH#I&P|PyQ`XGTVTZlK!@7%v*AC-&LvQ8nC(uZPn-URb$Hj;c} z2g3Pl6q8X`s0gJFZ}wT2W=V&s-q~^!x;zb>ASI!M9>9qtuROBokX!zCb{>_sw+M6#v{b|wN%OG4I|;r z?zLH2+Sl@;%WHL`W?oxHX4GGf;-p)V*vu~spRGLD@T?>66pN?L5vu&DzN zX8$2g42hhi);ZJ5HNCeXpj`%{SL(LbvAWyU1{O<Y-q{0CIDLSU zdG2K{--HQDM+owJlp=|F`KX8Xwn#ZRvO-_E0aWQXIF|$E-T%rx;5%)jdHcZgG!g&b z5h&=d36b6puk8oljaq*{s4wtPbRSduE1% zbQ2>Zl&%FSZF5G|=~ii$BxOqELJQ|tx>h(FeUS%~#gZ#0T=;h9=rQC(-rc*23#b0$ zN)3;APOJJ#YPl}TuZ=d&&LbkD^r>}awxwUW9YGG;5vD3{h7%_q6P>7s6OdBXh&LJr zP$;i}P(72X);hS`ZDCZ{p9x7EF;GOn`4Z^EGu_Udi57#JBw>2_47)kG85}K$0Ey(vY1SiJCsdv3QR_!nB3qsEVbnZlWBjMxnyx{YAb=}rjmtSX(!#$ zEV4lFWE9!jPiPW3B(5@uay!Ml#8q(Ehl{tO+i%GYmLCLnl#|e_Ofr&rCib+rG68fg zAGYpAOw3_mn;I7B>ClCz4azWf;gKJb^6*&3`#P=1M+oZ@7R-9 z(cNM`l}5)oi5_fn7#x;O4vXhwEF>)OhnyW2=$&SVt^LSuh8Hhd`uYHtZ%V7%6Xelb zVV0>j1qx%ixsh;_$t^-DN`%pd5fh;FWm1H3p@Dvh^8$;~ZPvlO{L}W4k(jREJ5j4yzeLHW>d_w_@KJibYcKoj%Dv<6b@^iV4o~B|wbASK zdc&O^`ERe+EB@Qt+wT9Nzq8%n-rXJa2mL?v2EE>J_Ya`=kR7diGR7hOL+{>g6+8Dk zdA@w<{;4I^woP^=*O5AiV-#m7r8rSp(oQr}0LvBjhH-UqG)4B}@62W`(a{JWPCKnX zb-#XXefeU8GXoxW6bE+X##pD!b^&PXI(Q5~=c6+CCNUYoxPw0*iKV5v=2aJ@Fqt6m z5+@P*yairjiRi&=TN!^oDK&HC?STkL?RL8bQ><5)2OzlFXPq#?oiGWO>qj%|MM)(ml|LKMvj0Q|ZAPjUiakd z*Y9LEQ4*OR7yc9!YdHRO^Iur^Fuwbocb^sWe`jxR&!7MO-QC^c^Zb8`XW3*_Jm5{h zdFxHD%Oae9G=jQ3f25-yoH7-#Otdx&OeAxx`(g92HQqUhGV;nv;{h@xeGN9$297GUDgObrFukAEvR#c$o*!HcnzmU3XPPN$7ZWPm zvGwY20IAx?Ai$s7e-xZsU3s%Y&AilE#MN}35^^IT#)RBtDG28M00c+ouvy@?8{{>D zyk98cbdeHaXo!y8qLFk^p>o%pl9pO-_1Bf%@C`jE3ATLXzpk^{jY3I;Di^M9x@>>O9VSan|_q?yI zZ7WwQY-Ea{-%&vkY7wAxwUaMj znzE(2rHp^S{6=RM$wyZ9^DI;!{vx+~(v5n@(q3YqJS@K5lnw)y{A6r>~E$#h@{<{sDmt z(k^3i(1DTFZgX9n>9*q-s&-uqd2E9E;UQAQg$ax<$c|Kn#k1 zPyWdMo&+Fhx7$*mR;m{z@G5kRklRkbl*h(;aW0Tb$*V|h!z0#HJ}N|~bSI5fN<3zr zQ0tc!L`kzzjKiPMLJ{Rxz{#aN4+wq*qu~xpLSO#~&@wc?0caHw)fBd?Z|>lsdVU`B zS*ic;;rBPs3jM!57!C{if4DsuJnR3bc%=XT0&$Ab9Ldz#Q=5|+J%VpxU)GZ^8y11fiFEwtGZ|>fMe1Wu_NVYkz zeY*p)UR^u}^%&bJY}ip&@3Z4Ca&vXG!RA#Pee(#jEj~Ez1 zh9VQXtZvEC(qowdFKrnZ3(->?nqgqs+ z3?{C^q14i8W&$Am>1M}Je*Bo5J*(i<5Uc>H;OY&E!l42{jcZfG4GJx6dSEK}L!N)? zi!x&nulg{!Er9T%~bg(OPdax1@4@OCi-VJf2#l==YvGEU5;(J-pa#qd^+if zm$tu&Y>B#|_w7X~9Z1sKbU0LVtm=y;i42|yY-ju~8V+kdA2h;20riISA+LR(`S5Jw z|E5nv``;vtyOS??mH)Tb+bP=rz1^K>`~N8(9sgZ03yKHL^x1ZtFhpf)mNhJR*BllT zTWzK}N4n*~v;z=)`C=t={`FLR>^MmazJ5JeQjo(5`1&}RomO_E5|8~A&xYD;NS2;jfj0x##v ze^%=IO+|<2tHWS)0s{ldODtgd^xTB-+|^J}!9HGM1C_KS?_51-QBs~ikQmf-sSSd5 zTN(r6&wHU7=$2{$32WsRC zLy5d+cY4q3|0j8@{MTC;8x)NZMM;R037BA>o3)z-Cjh{SN;j`}r#_ndOYfu|+>Mr} z&=6}I`brlbG;zz|ebcloaE^93M;DIDP#bBwffgi(|yB|ba3x;{L9cY4-Z!#`}P_WSe> zTLyY4->^%M$M+2DM2-g%T6ct#uDtf54cejnhs6k`04M5BvDHZbPCRt0<-hIG(RYe3GXw{?AS4`NYA0rs-v&e~xTe7Wh|@?DJux{;D+HBgg#Z< z#)mc5y{64VdWiKrwoZNs)qw?^#RuS5o4r3zhCk&zy^dwb=e0@;@v66PvXf6}8u}mA z7isZgee;}n#yCc*t6e@zyY_p2{ZgGRVo{9A4K`L$7-N*!e9tE9M5i(n5dbWtFhyDh zI6m&mO>C#ViA`tH2LB|ZYdcn+ISS-ugE;izi#jS;(8~(nmbZn(Q^N9G`mXC;J^v)5 zs&>S4eVsx+y}s5f4xOVUsLbK=ALGSnB>x|G{XZD&mh8Wsz239@e~PCp{~uue@2Z0G z`rnG-iuJ$wwqpJ77i+Tq_iNm9{lCVd-qCZv$3?y6iicX%yYzVcMg5AXD~n9ym@B2I zIzlJEmRC?)IqBI0K`E-qbjB3ZkV>&a^)UUYq4KBvdVYDs&I3edHHgJpI>f&d7s!9~ zvs(Y#;e0IrPk(QByX61bd0ziL$y4Y5aql^LV*ih6dadPSwg0E$CZvb;|5RBzkL>@+ z$+Px}PrEX&KkJznY1(bG)-N9O%prMw&0nv5*t6)Oc#u<{wkz|;I_gx(Z@XW-|6w>7KF5DQ$x~9C=+3(^<=>Yl-#*Uk*}c9 zFCZW(N+hV|HENyz3Yi=VsJ2dQd$*XPNe1ak99OjH!dca(5O^}})IHmD;Vf%Y4%d2Z zuCR;dX<{s*3TW!n8yur5H($hdM{-GWIZYr=}tMMAbH=kpjh+FY<=xq8V@%sHkQ5{7e!Wsnwtl?|_e=J%M&P%3bNRoQ*YDmRe|USc#;&oT-tTk6Sg_DT z?GBY&(2`4+?n{p3gQn7 z)bHPg`t@8&sB_1cgPsw)8ACKt_x3FAHaiS?2*?*6l|D!h?l=lC3wx93+ev;>L@_!UpjqST8y`6A z?Dn4bf1c#2^Z#9$v40Q`pcWZRWrnl4Q0>{vQM#vZ&-&`BLL&>vcz(XkNAT`B-L8b^ zh%k#2gMoWuqpAoU!Ej}v+^P5Mp8F4d8p{8Bc>q_)|DElVWxNMU9=FY{EPPE3J+tUToWH-p-SO=iODSh{uV$s z4Yokw%q^NF9X1XA(Q0vSg7?dg$@(>JPHSO*s!R5zICngm{a&x=%yeI!k>r99t{cyf z5{Q>#@yr&CqnUHCAomNdaF_bv<;7x4;H&T65yZ6;Z8ULU_*b~H`U z5d`{#vLmha7rn)x3d|85xgSG{AVO)E8WrQqGYk8Cl}8;X>SPjA$fEbM_=l^5w|8JM|e}8BDS^q!DWB32_ne_ns|CLiG zKLcbxSMAcPyg0mi@9jPYe|C?Q zoSt7De*gC5^7{M3qn}RBj=hq}memZ^o_VVY`tD_&iF_xL4YLD9N z$fGv?8KXxzceB&*+|5q)xtnq)uTTEx=GC+y}$N&VRI73oWN$oqeOaW370chC* z5Vaix_!M&KqfuLTQ7dCOndk+h;4~295ruTI)QFTk*qNpA zjVNRN%juhhX}6(~Fdzca*Y|ToDUMLEY2J6-*Z!*3P{Q%@&D&CanJ-IVID)I_|2Le3 zlSy|z(2lzr5me*6GYH(glkG-ko7ODtxHP7v5IC@Agi=%WaSe6!M-@1FNIUjNNa&rZ0@{{0f<+yH?l z7&_&v(JX{1+$r8b(c9u|a22ofvJ$2N=|ikrd;VKTNB#Rhb^0GC6N(sni1g1Z^nbs< zGwc=hfB*UZucvv|*8iu9F&;!S1M^d>SP?prcg(NDr~sFgc&DqadPvBO=x|sTUf?A#Q`aF zzceuZ_ay^VfkJtlDhf4dp~z&V*3Jp#hO9++DWRM-B(5l$lUQGQGS_pa0C;or4t%~* z&7JNC!!2Obr*Dyqs+nl@M5-JoZvrhTE(xvaTtG+@y6Nn*(vDqnIEw2erMp#a#8Su9 z(cV%6Y8FMeG!KVAcnt!LeckcWDEKK3V`L**MLfGdJ>kvwZ@-rCYcyA;c|o9748N3?Gw+3!SgYt&&9P-zmKI`EmQA814YI1n zHcS02`W~t?$W;o$yqXq;%4wm^-5QsLE9#%#VNu>7u5we9oCg7?5RLJT?Rw5v9Zb41 z_XF*qgwsVzaKc&OIiT|oPH%!+G?D>SCK9JGJ*{|Ly0YC$R35XBcI8v93P2l733IPtcYxT+9a$!y#G=}l zFOqZ}NiQ#PM8!@^j(iSN?z|l#%JV{bXnrXxW84268SCC(gSl+t$RW%4x z&eMEYQ^=>@75YxVllO5R4*$kj9_W)R@701Rt@=I3s}6)cS6l8 zyADap__!E3RpoDQ{ZfIG$GM8;sfl}%G#9_B8Q|NY+c z^71JHXYTN8U$1iYhA?rHK?CjTRdN5TJ-nK)QVICM{Jb8wuIcUd>OPFmw+u3uFTbhh zw@jz9U$I=K`M$4OGkMJ8t;aNMoJ^eL7}ZOwG8*6N0_*p+4{VkxDTyvoj6zQ6L3s(` zd@XdcwuCAph^29<#iH%I1$6Bhcxm#PRyR-+Oxw6@T3uwf>>t#^giHpRQiyw32^#-Ov0Pm51kN4)c-0WzLxn*^Tm=b zo|~$oo;tx$56Nu@eGXCT*_P@})slHhrM8!1veG#9M{D&PA7SPE>)50>cHVA+4S6%5 zB+q84qw1oWQnijVQ`H?aHAPN7r-C7*{M#(5K{5En5h=m3lr*GYj*M%}m&8d9Xa$rC z0oETlu*;-hg`P`@5{}Ntrii-m*2ne^tm6v%Moi;WD6>oHqt7TM&rre~vK90es8}|( zYYTY`J~L=_xHjdcy88FvqoovDi-VRzdT8D$@sgJSLv3p6V)Dnqa9nnJ z*%o1eT6e8KXT9nBGM$HOyRaX|!KuLjK`3oisPd=tA2)XxSGc(CkH$A_);P{RH*)ORD);bb!!SgQy(5vy!_-!R zB9@r;yBoH2fnfAA#T>m)LKMhLIh~FBLS}J_e#wv%62my5GJTa3t;6uYyaryqdi4Vi zY66*Tr4-rRj@A8l4`G$YrfLi{Zc35{U<0TCY)8xmxtN*6WCUZuGn#9yVr#ug=dxhw_CjbwZFTw{cQg|$+MRICz#?+zem z_DXb+;itg8>%xb^vnu~jZ)dl7{=e57JllUy@vQCt(-%ZM zio?&nTH*n0IsaaYhSr?!--Fn54yIWr!~0Fc0!?)te$0`Ifq zS3Fv{)^4A<_{z%>^BZjWc_>tAbSF7X9i-wWCYy&cy4*>$z{PK8SHl?~oyo;Z8)GBY zA1Ymp`a|i=Rd)y0S{*qlp5E+OH@9HL#f0hC z3(Y50-v0D<=?aCud@(mmd?}nav8bJV=7=URR?Zd&6*;eTDft>XCH_tHG;4r`V}z=-|KekgqCUH7TmfU&;;S3z$qyu9Ld2#{4%twG!G|=c|?wrmh=i z%&sULk8zmal$4LN_o;HgD=IH*lc~_Y!|@m=nCl9Km;QcxRfXk1RUX<((CSm&NL0gV zG7KdlRV35tIrAxddhV_Vo3C2k6K>fk#%y{<_yvN|;xLMY>^E#!_tm5Bau8LGZ%CuY zhSjHU;0(tLHT;`kBSCd?#RxgSik}I^`&1JOF$VQ*)C_`#i%q}s-$hPnG6MF8jS>Bl zA2$&CYs<-o;aN)FAc|KycbSIQR+$xSQiG10*+6ZW`dJS;`Ahe<0QasguQh8-_#b6N zv=F?0A!%X+G9tR><7MsFtD|!#f0cQE0IrVCTU8O!d5OI9704E|sZ>Jn+Q=(7Cy&eY zQC#gQpEDB4BojhitEfArvn6tg{r z_5d(je)^YH9Q|G5TdJKag_ARPJMOz;Cgvt@8ks$z}(#}a{9He$%^ zl|d_zwePqMw1HgK9hS-csPx7%XPMLipic7SB4xjqmt8iKs$ zAzU~*uO_PaA|~O>Ie4jNn6*Eph*0MdblEDKv?h3~B`I|1pe!gA$KaOGo0z~zURAv& zg*v9PJo*v1n?m*yiqCe9l5j-FFhopwoH8nb$iOv$?ae;x%=?`%!JRM(#~n<%<`QAq z^M4YYfM5#*cYu9oqTG=liWHQ@v6k!PT^TL1G`nX6MyRwcHj21O#XX$vhSe) zR?7eFy`uczdzSxC^Qeg&$K)3Ll#P%!zW^s-gaA?2T7;6$vWZ-oPyHr`=IR6EGUyz+ zm7JzK1_dLm96*I_>!LimKs=*59c7wQl2RPjMnX#n-j`M=XI+W*7d!E^lglRU2d zuLED!HvP?NT1+@|{9Urp@^}teM0;tf%hme+9dr3eKX0(*3iI>p*9s^zn7|2&+M|Vk*yJ+LT3)v}a?cwrT@}@=i5_f4 zwAA#s*_7_bGo_(zSCZ5Ed1`sdarl+1crghQM# z%@Fb(=HM2`u~;Q$OyJ1?l*nsrS8`3h*Wz$avTBE>Vs}Oj#2dXa^FSO|0$1j`Qjr4Z znGUYzJ{4nQsu%0kw%0Bh0{Lw=cLZi*GTMGzfaL(yj;}+Di7^!>)n!Tz_?7be-sHuQ zK8%-13DT0ZdUhtNYR%>&(DTt@bRihEQ7D*PGP|BRs+6>3R!d23?G`)+PG23-qyNsW zPKwePh6n`zF95-Hu)d%%9V?3X!j3K{qJyhDQ*{X2UzKs%}Byf4P5#460HrEamdj)izVPH$d|f6 z6>PWo7~&XgmZWs9K=6kGm35Om~!ZHj>ajDLxe z21@XkD9LARE)hCHA~c;5N&5Ue;Zwc-v-6^RtyRC6B6nQ~t~meM-`*|w z{|3G7=lHLudBnu;{s~-75tu=o06W~J8@?Pp_NT5D8WsBkxlk1lj|@O1Xxd=4Gp7{6 zg=Z$sVnrSKG4~|-mCmy`c1{x54RGa71S~QR%2=h%qt6A)jix<{#hX-wsNHzkU;rkf>-RmoIhAv;aWK zToU4ocYK57OLdv)-W!|_&5}d*fg$S7V>5!C^AD%T`5_u3SjAf{UZiLLpe$u-0F`d7 zH6TA+o?Ki%Jk*DR_{Be2VBxg+7G#~JNQ(m3mnT;b1o+Xp;fJPFu4r(~WG=X6 z^!VZ8{fG0$ym7}i9tFJ5HC1Yq73q&)^gf9f7liOPI7V#2IGTZ~(eQ@sj3lB;d2lX= z*B2*;$Jg)A-v00P#ryXKrV9E&Eu!+oS>9|2WAwxMhjJ5VA5V`@53fI-UY>sc_T>8b z?zy!yZL zfR(L)Wd5+xqc7+F7ssN&2@m|^OhwNnMZaX2q6h>inPW>EmE4ru$XB1wkZhA2`n7WRwd;2YMfA+Lm2b$wNl!g3Z?ka@ERt-?6<_uVU~thVmu zkC#ia%O_LSj((}aa*I_@Bb3bF3TAZT! zou{vgD$E@ZvZy-V!zrFEIptFso|pqtR~oz{S>nRe^V|JsGX>-g)eYwg)F~OEYTRv> z+3ufO0K7wVf|zv8T+s}j9bSUVqryM0Hh^v^mSo%@#5dP7A1A z2`z#0j|Z>yy%BQrSl%O1vN`;mI_?b;4xraSW#w^Rl~Iuuy*oGTFug34((B14Ss9*P z+smGn{@;{D_YDDB;s5Oo`o;Xed*YvG|L+q#%KzKCnj(;rNV#({$0S+e|LwGzI)GCW z)gA`3{#lhQR!;2VyFCBOGS5*t`*wMMdbtj+Oe$Wp?kKM^Rg0B=wRI7%YL8+fA;*w0 z6SP=*xvrOsg;Nw|F`_n8yZd5YXj8)YnTppJC7hql-Ibz}u?WrI4e)R*vM6D>r_TQH z9RFSs-^QuwivvezUVDQn<3D3Q{ZW-Hm@qXJDsz%JVLwr#kKlDks*co^zer|PN%|_j zG6ZQjRT|R1t@QGj+mh7KKbrAwBX?~z>awi!;!zrOsR4lbb=RhxKUH=V9XRtAC;F6S zZk`uEH}Er0C=Ag#qFBlnl0>qSQ{snGftraWq_^F2Yicc1ltPMvx+@K=gHpN2OuWG< zJ53meaqPLkIAXkm?FaXhew(AG(-3KEvHbbqwQ`x1-8=%x&s*T-4O)m&8#iddmbCLL z$P)Yu_!Tfhxjarukvw&qxVIGj&zVA0N^Qg%K+AM`k~`pY+>0{wROGBY%_u-G@KQ z(0()iD5H||M+KT|^G69rWB$k|lPjKpKmEN=cb@wml>1G557cis>peW&DeohAhxzUT zST&g8nrfvG{ZXS_{P2S)l8X-**Dy(CfqGWasn5JI?mYY;F7?(g!#p3$%FpYMXcd?> z)*OwzVMRxnew%Oe=S?*>{10OcbzV{D=L4>y5)z?HCuyPk`vIGQP99qG_XC3GBqcGK zEG|=uV01(h#wo;!T0GZ&d{6{pMDx@w&d<9x^6Z}bO`it-Kg#cU2yoT;@4ekp{*T>f z|KHO*ax>vvrUJDNKXbgrbNDrL_sMM+=Wv!vGHMibyJkzP>M9OlG@3-D{$Zi&w5B?r z=@PvyOL{81R9L}y4Q3hRhgvhMcdB-K-Az?>Rs?+(wYwB05u%c|CK5max70N$SebRN z>dwkuytFA>iv;omYo)_X@3a*cX>LyFjZ(m5{?XaS@lRL0&!{^1#6U!(>BO>B5=XQc z=^l*ZkRPe2{WP{+zDn@4#7uC{1w8s+K)*G^t+Lnl93^cO#`bzMs9 z+HBS}iL8q$ru}_QFNL)nAq%C>wOLi!0qyC}f+nr|yEOk-%YWq@dc6Ek{oVd>rx^d= z>+L?v|EGAC=6@BE%Fh5R-pojr@N-0GSYC&~z(2`I<$%Qu&@5?<(3ntjJW~6Vl%KPy z9x)C{d&|&7M)5h(C`)4fY$dUhIEQ?ycIfS9c0sgiJtBMMwSXwYjH4t({t-MG@*;~{ z`Ky020o@Jt=2yVUrIfzHP@WZ!AeMAkp-T#?#=ZXVnxh^xX}v=grpL1^=2$FQ zPUZ0kic-QbCseFv4(iKsXfM;K*aNdss|TQ0yS-l%3*anp*Vz>?q1Hv`(+pA!qfs%x zxgpKF!;90yg?h%lB_DNIXnFR?aB4w zhpQh?&aO_64zEt%pEUq^A_;Mr@hM6;4y7)yZsG9w-Rar&hs%?Tv%_~wSjmDGnnAly zYr)-jve!~ud{`n1y%T?J5Oha4>9VQ8GiZnA&tElUSz-j)6#V5c-<`aF^PPT=!YKj4 zVaCY}3IfLQ0)&K86mp^Z)7)t2bUK0WomN|Gj)z>7nx}~ltbBvxd`js%Un&aggZ!Au zg2Bp?9O77p_&N9VtkVx^EzZ+Khlql)Kr`(H?mSJpW)#4$zv_lB5to$67@|HoB>F3$Pnv>P=I~PZ zV)0m{3IUab;dCK@hEsBzbi?V4_;||qpnU-Za=XL*RmhRs1W`7{X;r5scmZtk|85_k zmt(wa)5SPXw!q72I+HGxf&qP3&i?X6g6ycZkUD|*J7@0;!-Jx4iu7NTT1mJIf1MLI^Fa7mk0RHh0(Fx^oS1Y!ox2MwNeO)SS zu+gR8o_;)eJ%%wue|E_Yf|ue;kmGJUMiEO%!qDrN8;)%W0LL>#G7j1dY=ePAUsXx0 zFvA!Z-UBg1432VnQ7(|?J$`>tQNS*5)U#>-#$)g|5WF-92jKN<5S+h1`yl}T5W=ba z@$LJ=%${Axh;ag(OLYHANB@G$cjUD%`Si{fbuc z?*g$hQz`<68I3`^EjPB>ZE33qFTYeQV7~?j{s%|MnGZ@J9_+u`-|h;8yXJ#juzwA@ zQkHfFJ-tCN}SR3x3($4pJReomK$p5HcrX)Ge{Ta zvI8AgT@3cAiZzY#sFQIVn?fB8%HDM2!avuMKY@3DTCsIE7|E%pW4-;tI)0$ z;VTKvwWLC`ltiH)R^nNv)yrp>2VmwSi zMHa{08)-MltB8`+cYXm|L|$8;mkJI)T)huUh237rk$CO3o(K6ME~nd41^VYPeNgY@o_h=`cPKdKX4OHKeRy%4f4T~aaJ-=5sW9L?%NEnQ<&9?TPkI|-3M zJ)<-C$sD}Sc2U{8 zpq0*7A3U$tJUr7`gPYvN^Ri@b_#OC+8OO;)ig{nK$}8A!;evsbqOsiG27YlowkK>D z;wD>T3Deihnp|-QTlY`kJ)a_aix~n64S7`{0_Pu()X}{{v&9}JRkzatKhMI3bT8Fa zk_JrKVdwO3qi}6n!-1)7aoaNU6Fcd7rq8SfA|VN5ieO2~iKglK?PuXe0w6(=^rdMZ<3k&Zz}_3TeZ$7a z0Bw?d_Z+ACc9Xwq7qxWFPX)C>A>LNp$>mk40^ESt9MtI7%@{KLAM_G$uzByd7D-XL z4iCSUB55F|#j;i^u=~D< z-vv~eHnZsH+Lw!3LtX-~Vix(Xm0!L972~b3)5RrW{x@H(%|bb#plL;%392|FKSY9ih;9^-2M*5%S`koUS@LA(_54p9pOJ(x* z!C7d8aVd0ARty)HFv~<3iNL{Ap+$t;Y!fiJbq8R;^HC4#9$Qs#sk!e3U}ic}n{*Vy z9IBKQ7Y_%A;3HT}#~}&|7O6dlP{N{+HSzaF*s_O^?+#uGUtR z|EC7tUv4RhH4CZyXK`~yj=qk)v8{49n$!62a1m7dJfJ_H2J8Ah3mVNn4~N48m|*cX z_$jz`4{mTAo&vr^4>l-=bg5CLhCNNLgvZv!Be5!jx;GR`-C5a9zx{R~q1P;BUR?|r zThu5H^w&O$8_uUdHS)!}ZD>Q+q1uk!C6a5?(hkR~Q(zRG#$Ceu=fs{m1IdCfN~A6ueoNqU5S zm!#+xlPyn`*i!KvsDKLPwN|73A|)i(f95@s{$+)NIu#a(=zy}CP-kUQp+c7hiZZK! zD)6@fre!FqfoLLST1Ph;H8>i+mcS}BcGujiLsMI+wzthXmc3&owz`&@6OAcCY%GeX z+g~D8sTNpHeczcfZPnak;{Po*X`@x4L(BQE)6`;;W!?|lPsL0ChMfQ!bV?J6KD-UP?ja}3K z@6NoZ`=5_eK0W(SB=ot9{l`Jn+ke%3L62_#sVO?|WdA9EelPovlWY#8|pUpeBoLuMz02S{Z>=6R-uL z)DC31iGB}?^C;^+AqnSaUZ zA&kFr6!+SHf`GQr#6O$B)*#?ArKr@kd09!|QZ^N({v)U@Q{_lyt+SgBswTF3F z!dCSU<=4sB_cRTpIc0RS9#Y%3mGw1@N#$5cg7~y4uRHE+JL>j>&)=ahdyTM0hJHVm zVjGAy%hwq6`lWJz1J=U0EP<&#>uF-v0ZUX+1(WCis-ul*PES8fZ7t3F!Dh2J>6&;z zls2RDVbIoFo}V1^@7*sZ9_l;yN9~%$(0))Z_GEMaAxaDTpS@Sm|MYjS{qOtE%sl@c zyWW%i{}|Hn3!Hm|^^4-~iGcd-3 z{a3xQbU)4k{Ttj~eplmXi_t?7(nyM1;AEy3nu4x0xFz?X;iV53m z;m|%*tQ?h$KIr=&nXv~@EgSKEthGj9E$k!KUV!Oo74d=WX2mFEcZT2AcDV}y*(n{6J*krSTw3UV8Hv)nsDFF&zj~8O{#S4Mr2joi`Q-FJ_U2QK`qxhRqpfRo zKl3T6$5#EyH;8$D0urUYbiV>lspZk1nvQogT&1d1G*h%VwW`p(v^SD#)HvwACtdRitH;9-5q)E`Y+~Z(^x>T=mWB5^24g#CVgtzxG05@WIn`7p2d81u~z#Cfp`U}L6NW^p{;mg z)f9!#w<(TSSHT*E+X%<2i&adDpI>}H!ItF>KLB7TvazB#Kr+ML2Ij%~#fKzC{L$vq zBLC(P+#r#}{052K=CY84DpVvr1sCf3sJy4Am6ud_&fF3ItV5!BSe|svl-8Ro2?XCG zyjtg{z||P3F`H|chIgG!3gf|NlOv(6WQx7^lSv_5vG>hLdW}+lxNs2$GC#7 z_6aSKg8c^Vj=&deAG23+D`Rd_^aba7;!z0Ju9int5XaJ7)tD(|a$?kK4BHCioFpV7 ztKB~+57q~SS{D>YM-g|g+foyFzuUGfCF0|4%kHvwSik-5b@QF5YqIsuyZgSY*>yel zT!egYs71V!73sP7%{2XysdR4g@8*@LNc6_bSKjQj|#-2@?+T`hbyBN{Y80| zRn{z@`#5ES!N9}-HQEVu2+Oep+l)e|KW0KiHV>z)HQ?{1?H`)5LD5kSWh| zi`h|57g$>qs?YVXDpH(-GBfiUX8%CD0#wtVYv-uCH{BIJ*g3Pk3)&5765ZPnZl<6%LB};d9W&jeD6c1 zD)g;}sfMKclkm-@LH-NX`@!YEGZ~xy|LNFqpXC2zln(O$ABAZEvK+=CwW;|UXi7e+H}R zDd-3K#TEoiUeG^nTC>Y31?i-rR^gokDCS16&92So+LU=~i0s|8xO^J86M?`M)zZ<3A?uQ~t+CDODSc zvlcq(g5fvnOOoNUMbg0S>G%Ddo?%tkJp0?^@eEa42G8+65ObI0>d2b7I%}b_bamW* zKYq>$f8yo;^GXZ;pP}>?2j~Iyf7Ac(Io`y1;{T6PZ2VtLdKVEO*GYpExZ+jz3j&E= zkp=Q6QyfUNZ6!iM!vhHgh4c!_Cea|7Qh z|9h4Ef9_=V-u(=hDRgbCSZ<9sEAB?BoAq^Zj3UI(44>KaWzn$A7A! zT339Dfb$4uwy-O?i~?GxjI|P}BTyWm`Y=$Xf)Wf0_Jvd#=!R-82nD39$0*kW!JnaD zz+gDAS3lJFRq<4wQsWiN`S9O^|JFFOj0k7!mLj=2KYRIN_|I>y8jyju*#43YfQZi1 zWA#S(!}%Jf`MJ0dU^X==?0~MtfNJ6DVgTBZsepK>J{u86|0AVE1OLyHNGMu&lmL79 zzcY1B{y%dk{uBRyjM9n!$015H0C~(U$k#9j0f}>n<1+eobnqsFD|Bj+2IZpSL9eAi zU_aN30`^mvxY{ZfL*u2LyvQg^NpZXy2$RCRWtAt9{35SYsp@^1v_^08Y$We)<>bHM zCOWKd{YhjvY1seoVH)Fjb@vG1efpm>_Dub6_VoVC4347AJ1ODx_I^NDR^D>4TLD?_fwwz`YTW`o&5IODgA}k`R%vEBapDmmK3*O zkT?f816iJucopqHiYWP%DTN>>0NxTDR>v{}m|d+*Nw^JiOk#lITbz=3gW`O2@V{}q zBw(HANp^aC9Fia#EpQ&g4W@&0EO;_Xv*R^+Kg`MTmT~SJ#^F$48B#1mrKWoA=J#ew zPvy}{E&u1T^Z4fgCUAkHyXJt}!~gy9%r*VL?o~e!);DBFvkImq8$?i=VzBc zzj|@~^Vb)zp8tIH;`Q5$^B4O9zlFx7E*j0(yTl(*cn*`ZkX87 zw|)(Gl=%hL?-KR%lq5~KE#D<_%jXh%eFZfQB?`7F&Uex-)pi&RLragp>H(lg5zvK% zkaob*@s>pBAZ%0=LvHK7wjRD}-L3;Zqp$iRXvA3C#p2nn6yIJ7ulo{ec`Zd6C?lZB z;<*E0i;&hu|5w!Es298yr(xsjiOZ?gAOw+@kcHY!a9v zF!r#b0O?Y=(_lv5`O(Z-Yn zQy7?Bbx;rW_)8Fw&4RL7I#};hoFf3E2&j9FYLM~@HDk^KbIAt-5(hBXd9TJ<3@SAk zlAD=8*zY=TFnORlSzlCstjQnRz)`?}?zce+XK3B+UsSr$5fco?+L=TE2>H|l?i zd-n=&lBnld&_4U$bt~_`xRWRS?@HOzW3giDTScnZMryEEuNuFE0U!xd= zh}tVJsTzwju+31|lHr>=SBc2T!Dds^6v`^LglwZw*IxZ&fldW2%oZ4SX$`65yp$kb zWC4trB&@*tRC#6N{udVNU39ecIgGwd$u{YC3b1GYd!G6JgXj9w z$f4*0BO_;4PSMQns%uCTpt5? zSUXX2mVxU4&jH@}9(zMIIP~r1n^t`(DtGHixvWG_#$(_*vyP77`VCX(4$ihoxr{Yu zuJ~D7Ny7Nwlu8dRz1G*GI|@m40PFR0Nl9ok~# zAD1OI@BbjbtL^_;8~>kY?*G}?d%FMgD5cT`b2Q|3@io z|1-G+tn&=s<9uEJxou2f(RKvO#v{7Gv=G5s9P*U{c1^^>73vY#4g(tSjQCY>TQI{XBCHQ2o}D2gsD=7O}5{J>xh; zACABmI7gehRPVAnOY@$iO_Ae8e)ytFWQCuo_$Z7zWx?Pg7N`|IqOuVNBHtwZu_6Oe zg*%B7WmOFn6o=)It91VHZJ4LhzqIH7J(a&U_TSXZ|Lb|)Yjo;Qs=9Iu*pW-}jP^k}Cnv3LgZ zS&>0qM=Z>O5>zoL zWdA)%QTD%mo;f?H|K8)yPm>FH z4^OaN2eRo0^)&BS6xukE8(?=<8%*=CLVcZ$*g$|?ldu_z2Clp46i?-kQ@Zj0em3BK z|DVbK{ipmNk5uaUzi9(jKK0=Gy==id@cVnR3F{%=-7Zw%*4T#iSUcH=I)W#D{#5Ep zNB-Z-2e6O-SM&e7v)R-6@1qn8|1UWICH;}}-ySUAbOj_R?d1wEN&B?j0kW4(?tpgv zRxV5I=`yeRiFdkO1yvu2D(MSgO@0t9fw(UB9_#S@Pf*(Me-idT`~R#>{7>cl-y2Wd zC;tB!MdkmMc^1mQ_Iq0~K*HuwKOJhDz@HlWY8Cb>;5OQNLc;oJKBN0}@Eh5bR$b>* z9OduIt=jGX{%60RwaWit?tj;xKH2||QuO^_vHRsu9d^AX)UN<_zcGF~*p?f;ZB(BQ zyk(GXohi;xev(>AtNowmcR2lRasE@;|IXBVlK+oVwEZvUS?>L``F@|a@6){VS&sgo z^FGHO#jxLY^aLJ{RujO=epNAfI;!>-rPso`^7ffmUKjhS7y!k>@>=;Gjr6e`RK??1 zz_)uDSsjD3u{ZCUeTz?y#!t7j;QwNuK3M#Z>$qn8pXL&+>@2G97nithgMCog;L|A~43e=>f0|M_tWd)euGh+}}_Jl!P($Nb%ACFMti7b#44 zJoU#2Tu|{4MSwr8#&Qv{_l2Szd%dW*l)r!(3IUPtN|Re0qEKWNX?{PNEx{3tB2|tY ze+j-tF-l>ML=qCna+W2Oj5yfId?jBVtFof{5S4(=(~^vovltaYiZ&3l*RJ?`*R8?A zB#Cws?jL}`+V?;0$o+7DJ^O#`_+vBwkK;VWe?LlL`~M0BBo65oSC|0ZUGmj$z9>w- zz;SWVS)X7GBsQY@0Bbi1kUgFgTCi_=;0^i3d9ThDo4(sYJF=Qx6QQjInuig@NDc$$U zLkXUx(kaDkGbPMefk8mFaRWtK2C>3vUpH$!_fNGh&ju8tBqF;FqPR3$uZBjoZiO!1 zuEi8Is&Wm)wu7_%JaXt|9TpuI@7+Kp&6NK48Po=KDY72SVSAHyLq>3Q~- z>~LVC_RzGcwHwRBHj5}-z`(Y2n%b=s*r!=xV0Uj?T;#C`ExY8Swm*!zH55o=l)oqG zO+q3Z>}sg~1E{P|Oi>H{XAsOueW3Uyo866?Zdr=Ur2UHfs!8 zzEIULw_Drngkpc?=BKCHw{A>W*dC1e215Im`rE10a<AZ=X@ZzpXjU6!e`>(Ohtj@zHORQx z+0YQJ*cN+zY;$|Gl^Zgx5nHZP_Gy2I4(KQS?MJPQ5o?V~Pb$(DRbBd_u5E4O^M^Rq zXT(5CfxOQ3C4>jg8X3H(2EnFV05uHOv7_5eQNQa}*xD$N3t^HD}0;=f1jcbT}Lyzy!agJd4Dq047Ox zeCr z^6?NntK%dh`uhv;5iC=(`7gMM4uxBje>-I;^CV(#)zj}_1P)mP>4~d8Xw;5QHH%0a zVzpc#8pZpnkKU8?hRXi>o+>qabvH{;K<6_>x0ufUcR0&Qx_gN?IA`-))A_o(9B_sr zrpTN!*YXDD!J3ElpEmo#`FxFJ^Os_3RiEjUV~~4CU{F>hE$V1AW2_tD5giO2>xu4s zXUoEJU8$%D_RoU>R*7jV)~*Ju-;kY{G@0bTR8l2$r@TVDTuTj9E2}6WVa*IHAb)R$ zeb2=v|BK_Udr$!O$bWx2o0{@}GI@Ic`CqJ!dshJT1KB+qKvDTg1$a^c_NV|U zN+KM<%-)iJSHrLK6y|8P;}44QaU8rxe1+GZU>7aaAQSdtWQ-JeC6L3)7ZOD{UcE^| z{#iKV&Dr@n-KEM7<;U#>io=>^CBJbYNrA9Y`aF2+Zf(L9Kl6Y1_WpbPHXfBrBR8013$bef9I3mpepDPIW;P*EBZ?dC^a_% z%F%vOMxT_?Pe&QG=zmHW(A^cleeu5&*F689&Yt}Lk5hW+e^+8{Jb(vCi#`*zzPK%3 z=9Jf(4vvD0F08F!&?`F-jA&)xzstW2^Z#AKhvg=cXEns&YDuG%{QU=W}z`<{eI znJS8;07hvWmDLm}F?fw&_+yH5^aD%F$4B^=Em4g^%1bk{O#>Z4ihkLmEZ2Uc#wkhR zO6>~6p5gy!c<1x^x7do$5)#cpkAeuY=M;FlV3Y|==c9!&okqHW{&@K|L;)>)BpKpyiB>D^gT=p-M+X#wb=0*>>6;R8ehG+ zRDX|`a;dOH$&8Nr>so?4(gsKDsZ0)7Ws&8Nx{6WOF75~oH6c}2cw3kn3JP)Ugx5a) zk|kK6;~<$2rRj%Tl%_aDAScEsvZN1etQ7IF1To1gct;wfp&^d+hfOtl2WrECNHn4L zQN2D>0}l*-U~|pE4Zt(b36<$HQ63sYSSJuETUD397qyzypN5nEF^ir5uM_w<_di^B z>{sr8_)qV@KT3H}{?G2z-7n`~Cs5`2Ym(yskT{3YB?-^AIbj#%Qd0uZwQS-2>jWxX zpMvkh?`gXxPG4YY&EreD9*DcM$tlsa=IFfL6EFXB6g&Tyfv^uA|Ka)5O8oy*{Kq2| z#^F@{e<9u?Y~=n;0qr{y#5V#e*PELJfT)C8^MCnNqV2udlIP3yYvKFiv%>o&oI3um zTw<&}+-6K(1F123;h|-myVl{47o%;CqaylTBwiVSFAfizq=ep!y^>LsQJRB8@CGxRVyJ&;IjWGyZcn8$Zea zM=2HiPn-68umO#PBTdSHR<*4{pwp|U1^Nd=InWokMMcmmDT;y)xsSQ1_q54ytf8T` z30X(~0~wPVszEL4*4l!xVxCORhb(sfpWFtIpBng4e(n?3RWM=1|_{=;)IHmUryMq5pv)m1n@``gg#*`l?m z^Yoj-s#)_s$~$Xl(b-F9V2Q1tCy@1|ts7A3+5;*0d@2=0t%ZST`J}~vlEu#dx$Er_ z@_)D!r*i+-pFExaKT4_a|0_1__rUz6>vpK$JSZQsp`TyGx4Ikmi{kf^RdWs$!klI3 z?aaCgAF=_uH3u`C(7#q*@vh1>nS;BfXyeuOr;pe#hIkWu(jwsaS4G4LAbo_KSO!h5 zDHUC7V@9L#fn=32;dh(uKe@ze;{QC$*Mpz`yPo;}r#qcI#s5A|sp0?pfwB7#03tPd zlK~(qb>Nhoyqb4JE4-4gUn{d@pEYh-zDL@XUCOq5%>oT=Kg&RNtgUgN_w>Pdu9$2c zT?ei!+y9SXyPr(i%m2k|9Cr}|d(VF-Q}g|2*L^zweUwt+|6sGs>U%3IOldCBxCJdRgKAVm?(@ht)g%-72AFb)qs2QgZ) zJLTY6lAf363_w$H`@d(afGsiFGtz?TpETL19yz&2pMZNU8A1Lhe6=BooX?ml1^$~_z9UT?}>gL1Eyaxr&j zVJKhHx!AxJ)0;(Z{vF&zVy@Z|Q_hvwFjuav$8PT)J4TP)rXJ_Jga8~D?+2wQA)=e@ zC@8z>Hgwamb<^qF&AHJ_=T0k3|71Os2Qw@K3G#_u-sW?u$CkZjCb==B+}d2NS;_o zZYRcSNFM7XPnts7}|}h+_;l|W7$zZ zahvoLn|jhqJIPU&5B-sEGC%(wI_-2^Kn`6%9MN+UWRkahjnnXJm?FwmAb*n>FSb~?$yd&v5ZblPn)WUSNug!JI9pC?fB{hNK8wzPWgQ{O000 zOLNE^DA_I!xI^Px`t93`=e+xVH?79;=l1T~^thgCoMTS6)7bsRc9SsgbOQ5WEoOa4 zp^^-N5NB`^p<AV;Kgg-!Pnv+?md^9eo^pW1oNh`o-Bl zE?#{LxaS0XPj@}jS5SOAyoG57$TrV#hyYpA-#~@}?)ahu(NgCw2Eujf2ZGaGGZOqm z@1am^O%ADPEU1}%{ZFt!I9`GGDT!CnP8<74G?lY5S1k$b#jwz2BPELls}7^{+9dPDD|54&{d-2@S>-_Ykee#t-d z?z3a`*;V^IG1f;w(i8fHlc-lXb9uPunS6MZc%xhJM#^2>zjGzo(VCcGP~4 zE4(ry!A)&v>0aQeve{?OOQ{)1RTGF~B-X*SlZiv?TgPK+TL;tL>tJfEgQ>m_JaatG zvW#x+>wf}R9Fa2D4)3hraq@lp*!!to95HAyJ< z&xy==!u#xXa%9o^);>>atr-5Hcb|Q&&lAOv@rG_M7ms@~@5In){f0hUgx{pM@S7OI zZ=wi4Z|HV*bnrgUI_bZ(enX!vLTu7oh)oQ}HqnHb(@%(55?la7=Q%+zI=I4{SHVb270Do^h>Pj(_Mqu)5$GE1o$|(Z;(CtlyC#`F4gh zwh5kbZ^1J*1kYFzJnqnUJNH?9$l;0$-V?9mM)fSFC@0p||Gq+KYzU#TB81fb%QepZ z$M0Ufy?B0c_Ve3|tBbE+zWDk1i?3H? zj$6&Ov+J=+9NwUe+TJ+Mau`L-;MgXs6o!Z&Hx-6PX6=tfM2vfj2;UG9V?{)0{ZTl#B${?W zb|yhk-!T9xUEZOhPl6`|E`x;C3 zy0c`~=SepMcQ&ybxW0`I`@Pw)Z?IusW5e#eU!TVv`#f&yvxU+6y&0`@cQX<5cB$dB{Z35n0eGNjyE*Dt`&%&|&-W=OEIJU2G z?0%=H?#%0S2uABSEEo${_j_}7ud+#0uI|=y^>5!?u=&zcsj<#>bB)vb%z{E6m}4z~ z30&X^=a|bsiim-AIxaxRuHAUHP3QIAbe^&4Jblwu#xO}qg3@S57yLE>=tG{uAxu|A zaIWZd$A#nA7mjD!EMD);;u)L8(>IG}Fo2K*`~WpyBS8BIBT&B5LG^<*WM>N?foX== zb3t^C@j7fkrY(cmv)W!5p2Sw~Z5Tlcxfx4?cn6l2hh z{Z40g_UqV`Tc@{j>lkv|(UeoHljQB37N=V%0Iks-uZj zr=QbcI_}u#aZ{fyQq}1#RUJc!IGR-L=`Nghi{GL38~SXKAiZNZ<|A)r^jSy{Dn5qZ zyiRaR0ZCN^cmz@ulUq6t40?_i5jp~x1)$59DEUZu9T}TvWo(q}+L53idXI!AODQCE zB>EX3Q@5i4bFBi55@_plPoX^@c@v}0Q?<`Mce&GXo}F3ilblJ%6VQqM1eA8(Hl95d zg89fB8{;`q$FrY8FzKiSP3%e#CD7LAo(jQyR63IP4k zyU(7{XJ75}NsR-hcn*BQbIwxcnW7M9qQBh^RVGvGp$a9=*597mzptqfYfq0jZ20{zgp&+gpl zv#Ke${XF**x0^;dajhC5CD796mgjSIeLm6q?9OZZEEcj*ZxN9RHgsN7nAtT|?p@?sV5+W_0O9?UMB{qH-Y2rmv%@pEwO{+O?^4Zf}*& zHB>rRRp}g)P3P$jY+0Ng1Q|+rdX+-EU8Q83un7!Ng5nUx!4Bjp#IdzQHhsoeDx2}_h66LB&ls&x2=;W-M+j=~+x~=E+x48L- zJ8eaCd5(K^w3~W3w%u-G6sW3__Pat@^+FO0O@~obo{g(P>Nx?|=jX3EwH;jm<1xS2 zhT?3SqI&o+ML^GqaeMG32qFaIZNhUdVYYF35}{z5;(P}ZYM?@}z`4Ae!TZauBIPMw ztxzfh@a26%+Z1%WlSJ#Q7LNg}W8l_!JZ}QlO|Kk}{RUti4fwG)YXa7hGEbvS%$3H! z*(wZClCi`jblI)e0l%jfllLR*nzyNk{cf=ro7*rETvbJ^*+ciZvhHP6Yzkz*OYg;~ z7>0zaDv`{^R!@#iwd<|f8H(N9BtxH^?(FB`S>io%56ht26wqG!Cv9k`o~q{Qw9q{J zb2Li_Z5n59h0_q|rMl@3eXIB9KDexrfBhMJ18bZF!U@Z zDO{oR2xi$Ux;j^gU9gNpl(JX$<^4O}`)-=H-{gq3Djj`$Z+N6!wf9!%j5)pCq8)tu z<;l6_sA}H#r0T?+UZ=K$@|@~olSGKcyf9}>hBrxsmpEW4^u)c{uW=s34dz|%c;f8a zPn=IIb9>TvZcp^NJ<;dZt#I9ph&$xW=HdB?al8UJF0yUQgE?Cd>L>4{@8lU*eNXhs zt6l&ss1LSTPB!H^Vgwf`Vq!w3KOc$d>&Td9R>owz_1pW>uW{#h);xVO6rC+wH6Fcu zUTO{FFcK3gL<$>&jiqC4dC7vfTwzN(9E&`3ihPh<9@1fVb`8`Aw#)5 zyXD6>x9n}#AcA;PJ(M;-^YxKI!7(NrDF+8AkmEPs|Hyx$$K0{Hf;027NSo%9u@Mv{q%CQ9vL zsm8=Q9ao9duu8mcY4&J+(|5}wBiPvkd&B_ny8Je(xYLK@m2HUYrF`$C7Di5si6-Th z)6_zX&j@3mB7G6sEKmv(lI5!uWxqrqB_sz4%(C|+4Q+j>7v#N@R2VrbCYm5`d*tTL zx@juj%&Mu_Qd0EJNMR(Tm}r8$CYQh!w~Tki#i9@;5!q4G`AE~Lg{sXC&(2AlqYpe( z$2;l96ugrLrcf{Rd#9=}GF418p(ssx%QW6I9%o@Fr(d`oXg_&I%$Ed)U&9E-0ZPFc9T(C4ZYrQ>_muj! zz$U+UV3ThIHu-8`lRI=;`U|~jH;1SsOXEyOF7<#dFmGk>-mPx)wcJc0D| zn2P3`PoCd#OZiP(s$R$Td&g$^Mr@X^#%47QwXvoAj_b*9T2J*_u7B6qEXU~RSna5p zkbaw?!gEWdrFyQ!wRIj?sA#`TdMKfUBnDUKXD?sy5$br|*0W!?_3NM1;2(M~1J4*8 zUm2a6nEy-u;Lq?y5aA?4Ac1KPydwZZn6R@6me!Hl?(~m9KCHsV!ku;7Z|W zK_V3SQRN&oCm>kkDC8;iEq-L*7CYtljGbaF&5h^QcSh)DRG_h$82e2ry1`k-q(2*pNjHneomedz-x9#(_YL6kM}`7B zSBIhMucnsWElep-5zB&GG3aZQa?RT zZFl2Na? zI(-#aBmb3CDz43B)T@)dlV3UJq)gk9QLhK}&dp?`W^zhBh>~HmCT#hUdZtGz*6CQM z#cxN8jgRzaBRUygJ2L7eP4Cn~MrI+Wlr+s`*jU+Ju3)+5DslGHGNUBdtycb_4>dDG z?r}&8DX#h0>jvH+z@qj|XGMncj9u>JceKg-m|fjeV)y6sPWIV+ZZXehHnBVFEp}&y z*qxbT*Zx?DW}?lzoj=cQ$ImmHIG^Hp2 z(($nMuufT;^;MQ;x`Hw@^rTAnM4w1xi7i)OT;tsk^^UV3#Yw$?d}h&iW_|UYnXd25 z41K3&()dBeZ4#T2J2raj6r)*R#b~B0Ml(Y(vZN!FjjvfH{v2(6ch*xbd- zKikDQ{D8&mb&B?z+k*XO7FB!JSJkEs4aGsz8>#^=jLWek@Z5pD-Y%5qEa*Ug``!6# zu)%36rgqZl^2~g4VtLj#+$IqY=+cp#C=fA(>?)q2(bAO7!8=bP~s0q~%Mc zyooV%WSdgeQ+pqTwSSG4kYBd@QXFlI^q3LcQR$x(DKLv8)gUK?EQ$b2KA;`iiFJZne^0aXIy2KG;fzAkq?6P)k-07Lh#=6~>;4lyH#=>aa6Lo7HW4?;VZ_`E zT0EC{CWYmIfkD27QM99rgue_n?{?vD&hGnt_Ei25g|DRJ*DubVfB#~%2_FK7<2cTA zJZArQ9LM~>JMq2G+_CTalZoeg?q`ncIj;K|a2|pfvuv{*rk^=?#$|Ty4^ln{7vh=( z6@~`~-)v(Z2N>Z+3ez3aWUkXKIu{Xi`zl;vcFhJvggJz$5>$TWueww5EB;;*rinn1 z;SG*p3KE#-D2OH+9US~)yFh7-a+IBdcYpuN zWe-0Oop-G2b47X_9DD??Q9?4DlXM3@0v4?I5xhkywFbb)gO5X{eANC&|HU9)6xZQc zKiDuG99+}Ez!`wxI}~leOEE0`cId&6XRlvfy!!SOTz_|Q1mR_^FTlmCtLw9uFJC+d&o5rTIKO`RUku|FzYlwGFa($EjvffsD7ayUz)!zy zad0!FTOltStN%01zINC8L z98xCC6v`c2_pi>bL_9L(?xTb6$a{2)(j)L5iQBWhE{r0<|1*%~Fb-iFa;zNF2wcRR z?H4b7Q3!a$>@oH6FBuxm7c9Ur;|TohK{7?gGTEM{Jzzfk#jcb~v;iX~Cq-m&24hra zNnoB*vcdtE3UXvVf`1^&-LH2EXL1s{d0mIC?pHwJ;dlDY#h-ql*W8Cau~ z-T$M;F8!G90M5}S8-W)vSl64#*_v#l;;FTa`HF7PZp0;1nM)#oF<9`!laZvF8l4KA zlk=h1d=L*4x^`kOkPX~Sk5zg2G z`e`s6!fn1D91UU;qrt!Aic|)YVq<#*#|Xf5#kOZQqKh`eAu8YE91gb`N{1oL;V{H0 z8?5rWZ4M&B^O^Cj$iZuaECF$^V`k|BcRq&TBUlhZC-dDBMj4`%zYu=OZ5&spuw2?W z7EcR?Rus2&`-~+A*Z~yZ;*`XUOWnd0Q=FN2fv`l!_M8>`OFjX`Jg|YMYDWoBJbsKq z4(dIQBD&7FxtE4 za}q8GsLIdx3k2Wd9Hgb*yx6g13L-HWq_T(klCQ45qr1kAdBm^$bMCA#RK`tT!}kn= zgw_($*DyoVaSc5FVTfYdGBiPtz>jMbg9XXg%EUqbYV8pl=Ts0x3E|1nk`x7q+7igZ zx^&X6_?d2%v=<+6#4)wb+X=2BNa!D>wP74UM?IUW0}z@+y`hRbY1{?@4-tVtedP=zan zDQW`7+*o{s*pnndF$%>^C6%G&OtZRJf|%s|))rqCFiCi0so{wIydm2-PvBbaQf4?Q zoPb9sd{1ksy@^qttqG}Y${s?m098u7JSAJYu-VVzA>Sgk3(nVU`(Bc;r8KOeyAw|@ zDBQ=;73lrgd4b8~YDfFX=thj2OtucGm zfNA#;xxw9+i9}S@_}UybbD85PIy zy5QD`r$qd?#=)8`GP$;BOKIXRgxu8)SQ{?k4^Z&2(NJ^+zF4&SFbt^*%oo4{E$N!b zQ&ux496R4xFkg?@;w;_K#vY`*O(Z?3kXz4mx-$kAg4c~F(7n-;9SBPAiHSWttyH_K zVIQT%gJKF%5E~dPyB^qxn#wUhI54@`c}mTL9K$FR0Uj~MD*8)NT?u9P8QUxD5sx7} z1V6-)d=gCNsRK9zC??z0+9bq`7HMRTRBlP+ii=40xB^Q@l~=Zm3_Gl-*c1V+J_2uH zghRQ~nN1}d9RWEbBvoRr8Peqv$2i~B?1JZLiDPP=$tnSfGxi`_4$>`i=KS z4-RgMJvhRIap>cK!~sh3>^KY7DBMOkUJcPLcdH#!b9NOE6A}(%5~AbJC9WZi!y$}w zJe0o(CLJX>Mi*=;T2>dY(zv)vAfsd(MVBPPfngh8EMJlQlAC&!F+bxd_>Q0uKq5dG z&{Or)OM$*x2PqvP^>l?bYer>)&*4gkd&_bqdH*L{LvJ!Y_2ww_$0rVS5E}c-8C*_J z+$9Pp;dmK%?quRl;bQ3qV;8{?P3Qi}!kdOC!94JS+2q7;riNjs6xHdNKir};rDBX3 zZ?uNAGo=An?g|EEo0BYn5${Pcv44|G`0td}g&~08JCfr6(6$jZp}?7FDBzT4YU3hN z-9Yw*VgT#6SXA@2e#Mw*I;6xLzDT!o6aX=XFi>H za|oRibmA}2BJ><*9Kz{zyhLaY7t>(wx@f$d(0`6kT2Lj|k+eh_my)RTEIZt@pvp)> z%Mv)3T47JpaVj8Gbgtl8INj;W1pE8smhY)Q@oT0n{ORbj1%vdGy z=-n~eJ$xe8Sd5CSZ??A%FD12nhNBN@ymgy#xEr1nv6yq(396HP1n*pmh?Y&jw=ukhIAUw54+^cl zj)-cJIa=*(aP_4Nw#h1mAp%9SZ%7KB7r3({s(a&58Y5KmeJvj#dnTmAA#<&1RB~^_ zm6(JpR14^b_&JJDj;hT|&?E4iEl~;r;8o0Q)ius4d#*;UFM2Vsbl$4lD`}j|9YRuV zRWba`i*ODTxWEz4F)}v&0EXe<^rwFv4Z@Tp^k0k(oR_E6EUJO7SKVkC1u9Ik&8bl- zEyi!(T+nT;M?p|>ctowv9De$jCXbbb!>nGNP<|um64MN0m90?ZNIVaPW!gpdG&kAC z>;&k|)z?LAuOi>s8NXe$^UsPzS5qUi&czw;hB3s{Zsj^p#)n$Wq$Jb!g1&wsO{LV1dCh|Oj#Qe&O;y%exzD>mH4dbjv;}v`Lxr_+O2^gG5+bl=vH#p7m0l-V<&v{iG zegLKqux+GO{SoKu?|99+R#d2QO1M}PhWtw$-(+@W<5(yf{L(m2TPEBYc1Lpg;#4QI zRS8j)ena2oruOica-VR6PEi`}?UKoUf7m`B3z+&K>nV#Bn{{BXC_&&#u_j zHpwea!Pz0W{^u!pbA1lJJ_MI%S64qiKLvmN^;a-@EuJ1=@tD8;_E&ITR$v9ix8I~> zBmM$lG?H_{ey@mk`SCi5YWg9+vVbAczP`?f9HlXgF5(=eOBkT4efcIsA|eWlJIOH5 zS!fPBU|^9HeBWaUWF(_F>E3=1Q*;VgDAZz?@MPyVCt0xwBpoR{t21wzDM~-!lJQ7Y zv^+$iOmnf52FeIr7SUporEwA|zoPh75m~@!wA@A!WeSDi(;y~MoZ}R+8x|A~j!U&c zK*O0}zSYg5R%?S0#(>BwvIqQS+~W9Ekj@~}t;{l}Tjo#wF0^^^9vq7E6!Tw?Q63!A zni&{^4NMYB*2N{QouW)MrQaEkz5CvUVK@}%hdE)cDU=68M#1ns&e!apL&)hqJ}i1F znO4m>|5#oqQEQe7FLq?hGj|uc z4pCUR$-5z7*1Ilnlfy!5sn#hPn$8EUh4c%szpms9ftvcnJ~7RSdwYsnkdFXeqzGm^ zkl^4(n&(S)@mQY!Qgi(X;7vl(9LBk2XUd3-y}kt6R8&TL-3evIzTSil#PMGxoRLcE zh<@5*{T4?}^_J;-b_hh3hXtKK7W*I8A=&1H3go(_f40p@M87Em!@0AJKVeU6ku*Qz zQ9;Z%&mQuptCYVeoT;sA2;j2s8~g!<-{UZh5asS!jcHt{1w`uUFfRBr*wD73X+4Tg z{*7YIn6Q>rLd)>NU=49RT)+$mJh+glz+}m(6Ai>sdY(eG#5d{}D#I8jOkjW{SEUoQ zfjJIXl-W5`nKPy{7qeZCy9$k62Tc+bha57$DZ-GJSh6A(r)bGPD)MeC(Ad_$U69lzJGQ(R@YUnhOD2*zTV$&|q>6P+azKTl zymj;UuYfyp$3v$LA{kd^lQ>dy;45ElZC1NT^dPt)&iJ`<2dwOBZfmTpc5AHSk1~mP zgR-U8q3x3DuzO~-f{0)K*wx6H@2O_TT5}bd*OLN)A421pzw??M(XC1Uhw@-F8Xb?`@!KiADE?-Ge}`e2mnhY0J;b!z$HtTTyAWP3znc zf$rI4dkMzePT;;7rX$i#DcJ0r*DtSV)oq59fKA$g=U}ExXQWHuB}+^3vIGChp9s^<2RBa)t zOkpJ|u{ps)u`s}NHv)~$RX~=Gg}af)S5nm$7*v5t57RC|*+`rxWT&NafyDpC4?|Q+ z&X|O%C&uKguSiJM@JKwEq{NHed!Sg%!dN&Z+y^H@+!{A|i^xM2Og|PZW9@~_&^$bq-RUBS0!<1YdqPNoYlaOV>^UW@}Y38u5(A8v~hN7mY9uRf;_PnT8 z53&a%S7(#y>o(BhlHqv-@utrFyjU`K|9cpVoGmOtUJPVI5YU!KrFANfR*LVmdz!0A z5qmWRElC=nif4lh2KG(H)v*M?3_3&mBQ*|Uey@#LLh__1mG-g)q1Br~rz$FfxAxBx zJFTzWRuIGZBeTS`y8z<)i|||Mw#7(0tbTX=H`>Ra$@1rXjeh10|Nic%I2FkW`0Mbm zBDx?`p)a<%zA%&~`4M2Ldt|6cO%LqDzg^fikZl)3=9tASHv+!_E`7IQxuuH?p*YWYdQJ<4)flVf zHju$pRaVZbSE8#<%ZJgA#6Q2gJOasWa0JjM$#>6jdL$fSM`i5kQJLnH%6op6T~Fr* zCi3vXrboOGpUINtWsu>_o8m5WBh)_+_f$K@2dXN~HalK-xPeL4?o^~`IgVn?`4u|J z_V!co(9D%BnxUBFHVcEVGRvw^p#3Qpgxa4+oQV+!K%rVMO7Z2zXXCBFN9(hJ?V~VD zExD=~vj~(0wqCINj$}DwsysUa!LgFtxQKzI^d3_vOA@hLxTH8A=h?%DR4F7`L46 zsb#r5_A064it<#_V2X@{PAsuNlA-)kd7sG=_rp$unP#d!=EURRf;D*`^H*iqL)EpY zxaQS*@n5m(kGKa)`ig}rXn2qfQG@Q&-WLkNpThP~$a(NxqTtduOR+#6X3K1|^qw?> zZI=EawF5B%HsK_?bszgtVrtYBbbJrK(78?8$+Q&N(CRG+9o|Uz3WQ@?T$Y>7W-Pd} zRD+9%N(OVII;RD;J$ShDUO5!|b#Q}rgVTY`0x>umBs}xVW;bMc`;RxfVe$31e;JCo zK+EAa+k6Hoe*&|~=#kxs<`o+aXfcqjtY-u70~>7F8m7#rUw?*FTojWI9El_+fHf`B zq-zgVWq0Cl3|ENLssh2O9c@sEx3%X4GU!m$$O#yHk2WOT4a)TfLB2_r8F=>k?EB#Y zG9JkemUdZ=HixR;jLn^Jj!KYgm;>5M995IB#_uZV%tMuh)W543xd(IiR zLYsu}Om1S_>TuW1pq!{rXc`%*pX?;w!c=5B`$OzqLGGu&c_pEr^2DcGtG435e$AW@EQ70L zB4Y5ee3hc?mr6oe$@MPF8jVrTC8S3TbS{xL2HGjTY>2fpfb|QvQ&821+L>57MB9~3 z_oJ;tRTBWMW!G}YQ#bVCVmfn{K`?gbo*&G;rSChz-1nRlZ#kV#eB}5pLd(z%0@rgr zABGFpbCym}P0&`Ms)({nF=0Eq>7LU$KfRK5K~Mxyl(%McDwA0j0+Df4glmfMeSW3I zwk%p4gXJ*0VbYoJd=~Oq2zKT72;ZU@W!aEggqZz{B@f>wLr#M{H)DT{WOW;5FXeYu zzizGSa7OZUzs8hh>;-cZpL-Rti21_VnyD^g#&+^aSqb%$A+JNXH=#SfV4-!Q4vu*t zad14~dH@99U0+{{mNMctvfcteJ6eYQAs6zArK2@3Ygn z&PtD0HFcmiTq7A#$HN*?2;T9zIc3R1-iZg(IP^7%!c4-F$r1#+HlWt^!wfDNT%TXk z@ym+P5;lCS8p~}TlU#UjihQCoAu8kQGbK>sRHV$d+K@pE1IW-7`ov!aOR8Uaz361{wzS_<#;xkF6Ib1uJ0{R!jtjTcjqV5C4`>m zPo^HMx!Pe6B-PDy0j=v+dUb%vZ}XZ&{3fyT_t!WMWp)}0YZR2<_M7UueXF9WgC}s^ z0c;bs;#;Fhe^&Jdw1j>KuqC`6w;{Sr9m^GNA@Mc))I~2;ew~ zwlYfuT##ENj?_ZQj$sfKr=KYbag!>Bvu3lLwSPp5JVhDVra>jGBg;^l4NiX@1j%-A zIv6{Svl$!>xO;AJIym_j4}Louh-iGJrmNSRIN#&JZ<^;s;*_EM893${Q8UZcZcb`p zD%uRtYT~Lw0F-8CkzY(6C0B;INDh}1kdR~>aegD}7fC3DkYqBDV;q66MQ%9mW6jx( zc_kevl}soO(p@4hND0Y$#N#s9X(dbDzyfP-afU^@AsFu#B;0Z2au$_ieerO>5=TOY z%4D0ytX{skcrF}gZ@xdf`p4kZ(`M#Unnc`a$C25JIOx_qjcM2`lEY#$cQzbLh^44r?-3*h4}|x z5#~qazjg5i)?^frd0|@R?ke*C?QuC5_3oCrOJ=xH34PeiT^f>onsJr!7lUbn!pS#q zgCks%XND@OH~~xfoo%i1XrEtiDefU(T;7h4=zphHB)d9A?TRI;xXNL0Q_)gzBGfVk zk5c~#T(UbS&$loVKZx`_#V=J_?l)4uBE%Ff_G z`)-SMo+nM)f+z5*$tzwG7=8^S7zZe20^yacC#OJM zy1#3Z$|9F6g~x8h(@q>V_RW?=>sk&>%=4xOeGDMDKEKqm90VY)*3zLi_%TvX~C&K2(H z*H}FpfMrTHTz@We8nZ9Vjqt7n_>NsNl+REJCxW`ZBzqD8a;2+1#oV=fHas?g6%>lvWJ$@lQVDvpjjCet3O>X9RC&#sa1TW*}p zp6sI#LWOgwsB1#0-pLeZ+Qp?7F`;rvRZwq|2tA|Bbs?DR;gQB`k3a$MsN}f{8E4YI zYxGFe7=wEI-tV#$yWS33B(k@LMpDJ;{Tk6ZSCgj-fTcDiE!!Ftme&F@ zsRRx2SG7q9(rwIBjtWTH(>ELfo959fg#o%mDQ2M)Bo5WLNSt@YiD#3bFK#<4ABQl( z$5hxy1ct-H!aq((IJ|X_KQA(=9sa9A(*|W3Tp?S;@&gkzbQ?&rCYOFRqDUmfY0ay+ zQon=zQbbwvuE~oSME0Ux300g<=OiH!S?#V8Y80Or36rYi$=CR7E&4pkC&!Kr86P(Z zewZ=%!!n1HJW$W`+5qm(TkHDzzx0hIo_Trj6ov=}Yk)$`UQ5~Xw_N1yaLPzHH9T&O zr7XBE(k|9yvA5(rFkXE*Ri9;fr#xJO;}GBCa0?@9s@%wwQ6ol93756ik5qE*5Ij$w;4Gj&+%Mm?v9K6Rx^mk%M-^v z@lPfvD4hDU`C_^}S1Y$)KMu!noauPX z{_i-B`G03Toqgtxeb=8%JlAtSb6jucyPpB){z<8pZI;9IGw05@%+CEm%5XS5SmO|# z9sn=|ISCHvF9)BOzGrFy-D33q;NWlUiGy{DmR}8|;4OLDh@`9IpQ!-A!Ev7A+ubP0 zvH>%5z8d7{Lw?NuPEqvLAj@|V%GLDc zVQyr3R8em|NM&qo0POvJf7>>)Fbwx^eG07HJ&Ajn6scER*JjUg?X=CWdGTXA>9d>d z?LZ_XVNH=-0+gd|bAR^xhgX6WNs)@Oc;UY>fB2(~d z2LJ#p;6n;$kRbWfgWeKt*IXpfM^o^&17rLSB?L#|6s-Fl7{~hO#CGgq$44;=eH41E zm5v2MxI$ClMXOa5b^u6F91%>TWHSXzN@FtZ^#VLgV6w4fd-{+3uviTuYTI$R=-i^sU6lBo9RjAs5ajrEj2^g6XGnAN z$zPwjwmY^R%X!jSK^#(uLzHkJXa#XF1vs2X|Fgv{!SL%OMO<2t4ghHqR8i0o#RXb| zjl2m}dV%ROo!MTrGAb%w(FCF13KEKvO7@k4nqeBk6;}URe&pSv#4>A4dy<1V>UHQQ zMpFReIKUpC1RXsl2DW35C!ODVetzl4l>b5G-F}HScF2EcFqjnOe}6K0l>ZO$JcL-q z3qJQ5sKy!zaWXFIF&S z-KLHFy+=jSi3ZZ1x*u6}xRdENy-{|x@?zX1Bk7KVU-JbU@#=Jf6L56`v= zYhVc?F`ItRzJ99T0YLEzMJWXq0R!;03;tnz<6_710-SpbfVBjigk?l%@ly;G0&gy_ z3m+L9^ov9N7oLOnp!>DLuM7V440JEvy#Brme*V8~Mu!Fz+iuO zLl9sBf{0Cu1((}w#xOB~L$E@tDA`o^fBQbnW}jHvw(rGPr&rg{FWYryvCfz2(|lt; zytyj&U)H$_p*NS;H?QBm`u6$d7n`G>G0z^m=$^ai_d6T8Ji39QU(xBpDR|@KD8X0uIcDjdIYpkssW@)74nWNu!zs@T6DpYWn_2I9-<{*6i-;F?Me0RX$jQHC4 zSgl$fiVs@~tu-6Ar)q01FdHpF+{*G2FrIU0t2c)+y-z@{2};pk$3bWUn9&Z6<$+_>;n9f#?MjNS{6# z02E+hNpsfxh&GpKuBaByp(jQY=p!Z+hl?v-+935Qh!Y&rIq3eGSO#;u;3>eN7o$bGMU6Yzn$v*4vyP zj2gxVK^5nVA~1WcK25=RFgek$GSyt+oKIDiy!aM@_t9!aYx4e14> z%PHt;pEakY+v)I?$3+s&_%d>i7il6~)BMBx_X(Q+{PR=gjJr)|C{67kAlj#1zP$w|TylxysHln8|-iOhkvC8!qyAA$npQRIUU zW^*5o1p10e$Tq6Vj#i zn2=Jbd_)ivXvKJVoYD1i&q6WB3ZfWZ*Iu8grK zy8RW5v+*W7{Z-_nDR3sEk^Yhykd17>PoLx%dD7`HV+;nY5j|7{8-D8@lt1<(_W!7| zTzj%F?sX?{*Z#jVD#m{eNB!~R{@+79o$|RDM9@cx4TC_;!^c_nANq*-Z!b}>5*vPB zpp9Mge>@p&?f>@&kMsW_o&#_JDMd-hO(VJId$&X(n58)I#g3MD3m1skoda;qY*`r( zN&s1+AOMRXnt>Ih-V%q4Baol~QoKeWhIDDXhoRp&03lj%gC9JN6Ew#kkq_=LU4lOy z+JG51APRX+h7yQT0s-=-s9i#y-gGkDwi#-^*d^UeR;IRNiqf}@mx z7w6AO$BvWepU9&f8~X_MM7bpTXUAR>FY*zC{pP3F&o8eyP`--zQJY#F@u_nF*rcKRo>wr!h`4#CqbSnrUv#F}Q)v15VLltxx6f-*QraQXc7{MB>tp4{RXc=+cITc*kq zY~ILX!dzjZYb~M;!PEB#gYjV05OGXMib#*uI6Q3F#;8-msqwvWYFx{yrsx&%8}5(a zAdlbBz^{MO9>1aJB6rZXi`>ECVHs&n0V&dGIzuq=mUxW`6|v#}BvEKNwqv^|d142j zN$fxp>$E1;DJQnSPe0<2;Kh;(3Xk&?_Du@M?J4YY3P;CnyK{70(Vg!8Bh|^1=9;99 zDo7JY1b_%C4nP=%)(ZYJN(5PrvC(9W-Ey*;j(|p^bdo33X+mgCAG(s*rh_XZwqHu@ z=w$Cc9OZ}S=)@##(4I6$kTz^8pEYU2u_UcX+x|LnG|tmz>coDPq^}&G@&knnB4~7v z+tTPBmv`S@$}A^j3Y3~U&7HLE#i8vEOx;{NWrvftY#2@|*s#CO9OZT9$kdr`e;-LS z9JLj&!%?|_Z49V{tbU%XK`mL(_Zdy;3Wef?A@G*SyPZWJdjxs>1&sg<0>Fa)|MQa4mN1DLXWI@0@iB>vB!Hg4+)LX&SVbjU1nL3=5Gj%V$ zEULPBrkV=bZEgPzZC6P1VZZe}=vT~x{WbC^uaQS?6WZ$MLBFj=9`?&M^5|YQa^8p^ znHt%tvKwm&9ZcGe&B0_+uCj(ZM*@uFvhEw^?Tq2ErfRZ>H9WLW%8=Vh<~DLURWr=v zIB9}oJ?95I%@>Z6=KJ8Jbb#%)Id)K%m$t*PN!gZ_cTY>`p?%Dm&_8L0y<$TDWSn0> z*Rr^OvU7o6fIcc`aWgQDSv;y`@q<#f)A*>Gvw72FI5bIWZ9ot0i6CpYG|H1TDc6(3 zoyNzG4$CXc;h+h1^&K{8InXELa>{mE0974UAgOPXv}II%o33JRGYO!qpVWC+xfRb3 zdFcQMkf1qAQ0O57{FFydEYk%7IP?+(2?EjFIQrLo0`GQs<+(PNTq`hbr!uc%THdf2 zx+c@yJ!Ip37TP_j#sb0b5Tp#hd6ak}ej^nE|uiuz>~HMELLD9XF^1}6qZ?v{lvkLF$? z=&!_qA0^ zN#qVCMbdGSpv-)L6b6y7A0(M-U%CXjJr*~jVt&0g7}p>-W5y1R018Q(AYeqP08BtE zG7qpZ!3-jql}KW`io!+Y&n&k+uDPmgU7v?#;=7l{>F#zR=ZD8=k`0eMa{JRYDAHvv zeJWj)JOh;^qMev@M@&p+UFro0hG`6A}BpaCz+8EfsQA-6Hn=66`hl-!#yVVn5bx z=&jKGsrN_9iFYcAZ>Jc|s{NB9@uqTg-7Vs|S6GZ$9MXtueFj}d)d<2{dV5^%?P8WocIr7-^|-*-{z*Mwchlalrr@}ef_54_S9MaPAg9HhJtzIYiBoA1*3;e4zSeXP z26c2-+JgQ4Z9%ta3-(Q0(5bXp>gjH&k)2wN>{i-p?*6u#TeQ{O%vKv){mDLb_fJk* z*}$xPQ!A%`vODrE4|`mvC*4Zxad-4nHBXDyqkC-fv{GMG%1u`+s`@AG_Lf-rI@&8O zJa>N!&n;Sb?!=_Mz0PoJY=5`X!gKex@Z6$>=Z;MZ+AoP++pVUc(oSnAI!Y-h+G*~{ zq@ex!%dN4p-Aaqg-QVJJix!tVY(zo50fC#>~A&{tp?L*aN8RV zj*Q&wAGfr|j!#Z%2(L66_O}^|CWC1)xa}qy3GCq94JeSu0+?A^iNzT0Q5*4 z)Q!YSBXB<(u(V&C`hK}DmOmWh1eIl+6JPdcooRmxSSIgU8e=E+!0w+^Q&4J4iZA<9 zFey@Cnv?taulvXCV%b>vx}GaFCB>Kh=^hv9o;0Gnrss~UDJZoG#h3jl7!@fn%|d5S zv#{ZoK-P0rz7K(7CEfcOhP>*qNcX4_-8DTosivUR!V_Qir(jT|z%=sq+dJtWJ1ys& zGu|Cf!nrdR@Ef|TG<>(pa2716xznwHF+DS&d z_DCl%X+=T#UWsU|l7js$oru@vbG^)IXuxT@hgB|9fnp`y`&(IqqLnom znso2CvY9kA`!c$#HU|WXm2~fK1r3T;kP&D;s@WT?r@LXujHbI^36z!*h+lco1K5w`+n$cZnHCW8g7Q#*@nwGsiUwf+q!9(R19aRj=K(9@ zNFWHQ{sz3f*3i?g^chYXVemtq#t`~$D_lXjJq~W2$=Zy@mp(Y5%rdR*h?yRpmk8;>-TrDViPqoY~Pb1d?&5diSF|np=F? zn*g_{So_Xr5>UMfP#%^ozU)sxQLnl=y}F0vY$69=J8$xMRJVgu9z89->`!`8X}US3 zxrfJXEJ<%?_Krt&W^Z}$wD__==|#QiPCk?Lks!Tgpvbr~P()x^N&5Z@*DZQ-+;Jn) zt3+)z_LaVvJtMAp)uOrJn!cDlLtVxV9q(DM)ehK7LtxK1ZC&ILZK6Gc!gt#>ygj>lP7gVuIep`H5^OZClVFub*8VnD(Zo6~rSB50 zQ9?!d9Qz9-C=Rg4?@$+Hwj90Vy3t!{Q0;F|70szhDVZ`vaE?Dps@iS+jK+0aKb5x9 z{-#pVQX1D$#rg{RtoJZMK3GPC@@v)wrR}uMs4`ZZqg6%eXM_Y5C>@!U4hxj7;4Lyp z)s*Vs#aST9-hG`wp6pTG?5qwX+TZJ63^}MH+mAxZdzoMV3Ih-)cmlqjrwt(Wq|sveJ6`4CATjmMEpPTCcQR!j9^fu$9)r-t=wR zNG<7WxlSF`u2U@UNkf1`KybJSP)>VNc#GIDXGA+K2dz^* zXr0P!NN4|TNT;|B>6qJ)!?LYs==)%W2_qc*D~%`uQ3!k^?;U3LUkzHyd-QM(+K ztb83)D~8hE*~gq>_Aw`)eQdbLzII=pgc><5)tghT-l`IWIr}FFbBYPVoP2_?Va*xg z`Yv}`cDYm6tjhT1?4R+=DQ5g~@)^JCNUtBT?J}M9hn1PmoXU(}&i)y{oMOf= zC!g_axUV03*m9XUtXXDOW&3jW&-UdMvwb=FY+u7YGTT*SUumB0yaeB1dRXJHu1f6X?4Q`nDJJ%E z@`=4lNpBEB_j@Ct3Y|(_zV`;DQ{3XqrG*+AhmfS3A|(jSAX)Oux)&%E_j2NMf1W0%n5W6f=V=<09c;QE{tP95+O5?Fqq?fu?<(+Ta9LM!*f%*7Y22sv{DD`uL6o1;KZPrA1z^ugi*xXjDYS)I&7cu(=nfWC?r}qtHj8hY`Q%D@1oY> zGgM^JarVxl;}o*!IJqo3gFTKL_GQ?`py4sBjOQ@kDSgVVjy}c_K_H1D3SvmeU6lA>j#1!)C-J`XfF3CZ3+K4D6NvMcQy2#~BZY{9ng$ivLcW z;ovKGIB*8T$!IVbedV|=D-N75f=%H`35Cg5&S$q(B<>IL8~{E7I-Nhge}@u+qi_la zOkWx!AFmcRS+e;`Y#jAw&|jdQENzLx77j%wD;$L|_-{ft0eUtMAhpQ9QkbAa@Td3J zn;1<2jQOq_E4ZTtR^Bp-H)-QEjx`yRyyhxxBP(z5;yc^ubl$`$1SCom4;=yMuVLsR zAKapiwT3~80HINW>`v!8Ns+jd3V1LCGX!u*C=3GR14zIuqD$~i$Qld20Y5N}Crd{O z`+ge7go#H6=Jn~7$bH4YE-?X#xE&1>z!e7!0ZeJc(Dq;uZ1k0&zP2P6DfaoUoRU6gX%b6~yA|QXkAV;-0>k&;-F1h?D4_$fF{mRk#5{?1DQ? zm%N~WLzYn*_>A8Px!~+-?M2@KU`NZOkvRDVE){9*o5dAApYEUI1tjyP_|%boyPH@ zEih(ts(`2(oO-M#NK7Uk3-f{Z;)hP>!-o%E6p|=Foy^dOz7GsxqHr(euTf3d(&B|e zgtub=6T^o!%RAw1C<~Ty{+n;!#)|~{I9wco%Sd$Ax6r%g6H?dBbs?KQ*9;d{5gmaf z3W6D{5+%S#0iww4#d#8~9=;z1Rmf7fSpu=DPEA9zTV>a=wOSBu*u2~B#jHl2-DhT+ zKC=~Wl%B334tNmU6`~Y}3)1OaBIpCUOrmrlhS7VjbBMixtKjFScF*{E21C55axw}5{Nid z;*d~AVNb|}0`|H+DKR9h(k5?@i3O>(j8>>!o3eYe&S2E4Afxkt`ZI_n;l~cQfKnNJ0`5@_ZP6LXP5K_EG!R81+@VC=f zFZnk>myiO&Y3F{3B~qhf9wp*Ry;-zI8Ar6e6DQFc`^X1(O9rSQA9!!q;_#NW zC~Lh4IU9pub5F7<5b&89Ob)@ncoD)SAUEi2VVk6J93}jA;|pn`Wm0pij_9`>ardPV zR}2jpQtQ>*t80rbDi7_B1+I{|aQXdDXhtxtl-q|L3!G(`pJU=hiJz7B#S43}=+SrN z;`)c5u4%$5ag!W^_uP7Gvtl>wyiUimEWys04adY7dRxYP6b2iBK4L;uQeQ?Nzf<4m zX?@Xr9x=0I&PgE@&gXVVbxsr#?4ty%;H{X5@BJt&tcc1w0?wk8_J~05kf~5F3Tc98 zDIfJ*uS!%hQ+WgK;D(QW4~Bn|RGtO_xWtPkCEyYfl&p~tEO5OZ4y4NtDLqQ%8@5X~*~& zL^BwCGTv~}69oZE%HLj5NYOkE0)nVnLPb@VymQTWgeH)p#U@|QOAw@}yv64qW0cUk zZ_hu{1fC`fQY-{r~GdKD0hevn&5CDU&#dBQ_$_oH;Gu$`%}PFg2^D1tg(kKqlkWz zW%HObn^%9x@OlMt2(CosuJPRn_nv|-(*+muWQuHw*+h3s?1`1f62X8jg`tt8Avprk zoT89_yF;_LFHG2Zy2S&19}73z4Wu+7l0dVFV33bJny<-=Z?obG1<0dO@+nuk0c*^s zj7{KzDf5!P-hRp`ZAoT{lOZYNe3&B$jISJ5b*;&{P?LzlZfL@uD@+!CK6 zF+9lj;M;z7F;YB&KRB!>%9vN?#@tD7N;~>XLO$lsoWrW&n&%#` zi23TPWEK#?e1M5S2l@L7`4YumhMH3K+S$)-jp~`Fs8!>;s@xg|*uP<`M=}LZ{-1yJ zp1z0HzfY~dJJyMPWBvSpp8kXUcj48q|LFbq;o<-J`bl|D7AFV}7YQPy_?jRuO)%Y* zy*rCSiat^`Cbnm9K~p7ojRUkm{uZ5DN9iJ975OFlq`IF(56z+|K(NdbC`giOG!q2< zH({`0Tc$9-JUvb+HScC^yN#Xe|GBe2E9->*2+d?fb)enQL>CyXbKu^z?6i>h|$-<9&1Q}fNMx$LTmww343O=qmXi_X>T$fI?iM? z>fEBuU6lA_+Oa^^SjPgn?ck0j<4-!b=?rO7pJc%?PdYjRDdE7-3gTeOBccAM5NrW> z_{P*^003zcWat+vh~g3hA;%?powdS6gvC6RAT68!#{TNPv{5_%U3WAZjf(SsFnEmr ze30h=SYrS5-NkFQ%kSkckn9|Q|4|o5T4FbMhJxs>6U8W8$Ki_=Tp(tma9Aozf|+8n z0Pq5gLJBY|*a18|Nkp1W0rkAZ#*rx>WGze7Y6=%n$R;F(3njV!hb&=#G@iQi&(WZnRnvM$7848pNx->8)Fcs zK>%WY|7!>EU*a;@DR?n|9np&f5gs4Jq5Xst^nD5wzb)7AaDo=BVm040*bP~(VK#tf zGJ4H#%ys&%bK(vazfb0)F&d4>4m$Sd$NtbC9FO`g@+Sj0^t}Gb9QKE^`Dk+NIFs3Y zhQ@;davb+~i27(YpLtDiXvOMlhy%7#MQvG4RmEynXRu3It-kj3Uk!j1INU$6`)*%x zcXl$KOwh4AJ3e;d+?${gJaLXaf6{kHa5SDd9_+gidNcoI?2H`e#6L!}p+AP6?+=f? z(jG3h--^3&60I0@ZJDd;Rr6LuZa9in`Q5N`9PZm=+g0pELuWj3PbPhDfM))D;(McU ze|9|f`t#xO$?hl;typNEB z#^aO8+#gQ-lfiiCOa{n7Cy0G>N+qY+a8v$>P?d}?h@X#%)+kA^k95##oS-@WsJw{t zGzi$@OfKo($kI6|tQ-m{PGr=+kLEmwCwG`D0Hrmvoi`w`6D~tyi{m#Gtzs@GRp4w& zkZ*USW06e3FQ4k6!7z-318yfsqbP^l$zo(Q$|&Sv=W2&cd}Woz2VZX-=2(*zG6Lm~fDh3s3JIbh;z5!;V2B_#2IWp<7FA!)0D~O0wVl=J86bPQ ztvnN6VnV0j{m%lvT+fqeh2&^B5c_GVe9Qkdart}LKBeBn^g3;O7x|H!@;Hgw7 zhx}-YJgf4SABeFvEES=4g-U_F3D3m=l`Rk%cmeF3vx0#Eco9a4IMc$uDg4>gN=y*K zqp!)&cwA^{1wVo`gz6{=uVwsh1BRr@LIB`@6{;FtTc{hugkrrdsDEi`aVdI~0ZGsr z^Yda$O!z^v0I#@4Q6GK~?_aXlQ!wasa88E_L7%Cryxz)}%JfkFeWjX^wg}gnK!u8l zJx~!6k09BA7<)1(+sE@cO0w0xk3D(>u!?clibR}K`u^<;L5zYt1zrBT+mQ_`&0wA^ zc}fm79AyLPpoESr#HVrz445oPO>OqssCw%Aq6QANh*8nv>Szk#*_vk?1L@YdOzV9v>o3$MB;lYSWMKk};&qDR|O*vQ>}A zLq>!iiE;E1uHpbq86(wE8!sg^T7efAye=y{1@1}TcE`u|cx;bLLBcem#+hD7mxxJH z8GE5(`3}^JizuN}FdmN$hSsafIPyDjoWXpPnwR4;!~75sRAK#v`R?6ZrvZz&G&zxgz}K#7M! z3Uhk=KAL%jR#CF4Xi1F3Ght)N&`IcdthLHjyexJqiseTg2looz%0s}W^v_oVPx%p4 zHWrd-hR6{JBg+0k)U$1y+hGjc3qH0I8NL zQEvJb(V`JsA{u-QBXLayvwo#j&AKQ_(Gd^{ci8VN(L{C(RxO3~B9sFaQoGyD4cOfGH1t4H-R-jW$%WFboo775I#JvG?QBy5y`1g#hkB@^f-M#KhhVmV@@#eD>j{8zrP#BVX< zc~z10NS@{@X#go(KEON?3n!kxlOCMLwImA0QtT~}a?r;K@@TLDkW%O^rS-|wiCoO_ zVa6GYPj{YzOT@;c* zSNflD3|CY6w{-S({iPRoE9%Y?r>-htli5=xfcW|1B6nnq=t=-spsSW&j_vlHUVm7q zd>N$_<*WFJP%I8=PeIqQ`TzAaUi?`=itgZMnuD)>0GBBA#c2bA!1Hizy@Ls3Er?S} zrT$#8-e6sGtF!k2g1iJ#Fvkg@c1Qer9fvmCaR9D1 zA%!26XLi~-0H=pQEz%Fbw};^3^y=!T^C@`p%P+vb6zOVgo)_rTrzf2QaHflNB=usY z{R+lEqRl0m>-S3ei|^J7#+F{W@#hw8raXg|e0{zJny>1qd#+{0mhWmxl=BIxUP9rT zNJHiQ*wH^VSa^4P2NU1&VYom^loBgLqzXFv$QFB;W_PR+kvOPxppus;nJ(1AEJ5&= zaIc9<4Z?ItGxUTP4%+U9)-@;CZfXOhiR)J9jHuDyzlJbGxGv<(*+xSB}_N zI<3xMUnw?|BfYV$mO`N)Q6hybPo|V05(R4nLJ~yLZ5pc_c2Ow0;YU;E(=;YbE`6&V zvfvH@7$gY#8`blmD_VKxg6@&ZM#5nwDDpgkOV)}^Bj|@j=tefRwGt3&PKXu`w3Cx? zUAHUuM@1-r()9$v#9JcM^blgA=NmF2@1QMJReUlk+k#R4{(XYxKWAA{GL>lKNM;v| zLJ!51^i(}dT9Y_j^kkwRGm9j#WWnA6^gP7xJhSK$sn>@cA+D~}$BZX@=ZB0kYYiD4F<%-7n~pjY#5l|fsiQJ)U!7k4I0cT=S0XCgtmWN^ znDLrByPFa9_V{ z9mwYOa^ONZQVVBG_&%39m87W5PWY%d^ZZYe#&N)N7Q%pkPy)XV7#tuh1j8KB@1O0MC)P@d8vu zm@Z(bziV!E8gA%290WW~W*Qzb^$J6tfm)Y10#IFrNbw2*NOf+mC=51sNB+{gJ>;HS z_lZj}P;n$YQ)q~3R*0`+84k=4Vq!em08G(}*x)&9GFMtT z?3Qqi0A|wsE@bv26Hm;5DZpT#1g*Z>0}uhjiI0-{;EX(y6_gnJC0=8K$|}{-RflB; zs}$FZB$}bE058jGBFZTww_Ko$p>D;IZ)tpu_W@p`kgc}a#KinBp5H8uE#cSe9o9vi z&eXEbvcO9TN;m`yco!Yz8595%4%?=&n4l)uyb-Jq-5bgTbCc!+`}BbsCCp&D!(=Jk z_M-PUQJU~hQot`XY$4*e>}!Ik@_{nq*isqXFJg07bdA`D^nC5zMWA>M1O z>uFX#*!AZxGTJrt$Kl>)xaZk+&*Qxu`0s7NUkRPidbmqnQa;#;3G|+ax`h3|c%ZWd z4~?>5U2{b9^hI}=E~8XYsk|vgz8!#5k1qWMpcIvrs#!(4n}e(A%<7NkZZI+3I}GT!7DLr(}Wz=9Pb1TK(XkK84gQWV;% zIbo;PnW;PjFbX|ne6(PUdv{TC8${5zbUK9|Ghx?m??5leEccMD?<5u%Yzko+MH7;WuJ~iqKTs zsZvby%lOqu6B~X!hqKt^le|D+kwA~9n%q1P_8fQK>cy76Dz4X!wU-i;t@c!n3}u!6 zfE|EOOHhz&I_Uf2q78o>C{d{mLxt`s zMrcQH&>kTkxtLDjmrv(&{84~cx>a-?COJmrPn48^)LKaHWD8B8Ly)&38_dujrugMo zy|I0TS8;%zzKozhg8>XZlpG!b_VZi$^GLbFUtAo4*O8BON<(2t=&!|qB;!;<#kqva zlL?Z53z1L0DyUT`0C{DBO5$i&$3<-&me>=my^c&&lO#daP!p5|!<0%KmA{nRPR3n6 zQZ(!`DOk0PK?cRf5iJz~aGk*U9D9YR5hWIbs{+^J~ z7LI#|q615@nO2~VV;Q7jn-d^h1n7!F@Ae2>a4m73!a%-|*X!svBJd*q4z6&pQ4VSY zL?HkV$6(HiVztwj>2B^^%g}gnu^t|=|BlTju-aoO>2=}vZqVI^HsJlcw<=&=WvGHi zgGm{vnNrxP7;-6VOEkj{?ZA1lLp2z1_S6o7$3}K0KPrH_+VBSOF8yQF6v@<7XrvuhFP>| z=z|5KnZ{E2Wx?Cam;5W&Z`oF#LA^kD%AprX(hlxSH|cD-#Z|M|tIsJiPPM)+#@OrQ zU+jGEe#k(7U_GX8Hu2@M%;*NKn{hE|uCZ3bA)yHRAetNPu+kr5-UROroAq!a)<=v( zzMOijk9eT1=sMF3;LF1d_YCXec*vcFm-<+=s->{0zj-eyy`8fKh{>tX-FelUtPC;_ zk6;95GfiPS-7;v6)S|oXS-#6rEy2WRLvTsp1-teA&mE)HN;6xQX<}z*ML*BbmT;;K zZ58#`+|X7m0CnNR<+4)m`+jf-6J++_claanU$HNU zf7;>7*Y3R{<=7YYc>;~syK|p96HL8$g|b!$V=He3Vkb8 zIalXJ-bxu}vDuG9YX%AS@^Ra$?f(d_ugqbkf)jq9%Q~gJ^2$n0J09;h1>pjRA1jK| zfLPGuq4;b9b^qWC#d}_2DhGmOC=Y~eB3kveq{NJG<0%)#T?{5b9Rk_q9i>i0929i% zG9on7!=_H-U$RLmQ2!w!{H!TQDj(mVZ>xiZAj9Gkhjh7yw`4f19q2V{DN-?{%M2+7 zAhUnjCo_+)!t4Ulr45>)1oW;+FZWJ(kGZb!nZ3+RN+Z7|`0F#^+V0SDwjhb)2^TyU zO75fKz}sp`smYwPC+5L7GiDm{&^^6hRJZ~aB^1y3 z&VUv&fFI&LLkZ38JLZSKKDbaeh>HepA=!V0iThSYCdw0mFf_#qqXCIPKBndb_H%xf zbQ<#G4R5c$1wIl-M?TArH?ZBdzZ7zX)=M$eX9F6nG>o$QE;R&*C-SsF z^;$z`QeeZ&)8WHA)*BkZvK5D}Ee`ky;_<)heCeDT)aDz8UZAZ`G%0QW7a+|r>U+N<}c$SbbEnLd4$N$VT{?mv5`wd3J4M) z7kG_Ab$5p#YP)_Ka*r|c!BYc`!y^zzxvJa<5H3y$nN3U`W(KCyQZ0gbN;O(x%`NLI0-&Q}l)ztQqY98hs#w92JSlmv zpNb4*Qz^TcUKVFVF_)_Ai1kDiqwx8+SL)mqv+~%#TeZKH{me9tG&%iLY&kJIXKrL* zF!P7W06jUva!bKbD@iq=84gRBFyo5eArt}_nCCq@#^7i(HuQkt?fE!4tPg}`DENg0 zQF^s0l(fRUsGWMEa*6k7g?yZHS8G=!8|r3S7XrG9=L9^xJbh)&pm)oLmp*ZIs3y7u zs>3A3$W(yY0A+QF-V&3#lYi&JKs20}kbKYX3jZ64kKgjv-wBR=0CNN>>-B|9gd_QJ zq;6JMIzHRU#QzpzW5vM%Nsa7+Y--3{h~NOYVuJi3hQ=BuL9`%yj*T@;daU~6=y>4K zA!IdL#Sy=}NAjk&r&;MeyP2-y-*pH7=k@Qy&Hf~<&K%fa_9tohI~*Fn_i^!Dm@AAt zn5~^xGOg3+^*jT|Y~%W#XQeD3t#|aj!p&S>V{a*<_oeTHmDygJ+IkO1jus!S4J%LW zhH?`vM#%~j!o3jkK*%z>3q{Jh73 zJ=L%D6}-Z$GVD9XC$U$s+E^-AP{p`XJ8VscmMWXyb*Ua-xec-H&{4zhm!ToH3S?$3 z*-gB@`0!eim8C3u9KY4$x3tS;7{KoSmbu=Vb+#zHyQgz`;&yg(5$aobMpD)QY0YD?oe4*VImZU9N5di1>Sj@)2Nu7Rm=wU*=J&^j*IhC;^L^dYQQ4A1uJ6)Gb*c^Cpt6i3Vyu0 zMR!y17aUTwK*?YE@K6k~RJchnRJ*t)d?MNC!SB zI*e**C}v^b0-j_%e!?$wJ|!)oL5*50+lb6 zO&57P*TvgH#v>ju{Qbq-X`#*>-Xb1i%ti;-(rTB8P|{)l)uDpCs7e7TPJfEO^O*}f zKz%6Ov&HMHtNrFtcFo^befc48ZCuNH)0oZ^dHqEo1+(JTD1iZ^-{N;*%IuROVnrto z^m!bPj8&=)l!U&o^TpS;tivvpdC%@ja>}pRLh;^i{$3FtPWx$4%aR<7-;ZxQzPw~YlWX)7u7c9zE zpEH+jXO0=Mq2{BIVkm+jWm;h6@??!&<&ubSF=N3)4TIUf(mfkPLhho(7yCU?x=?2j z)G|u@Ab~Dhh&9}KA^k2Ig^N@VokAF09*WX=3rv^kjE|d=Yw3HlAe!}8kdoC_KUg|KlHt}_?$_7#R;EA~6P0LSN;Z^!6MR|ywlGcB>j z8eWwC4rh~iJEEg>19z`Iu-qo@Iu6H{ltY)|I12^9P^A;(#qPGQT3 z6k0w`M8X3jz&D6wh7}rtI1!EHdP4#7cC^W=C5dq^%SDt$4 z*=xdD>{euVl52Os(O*KUJC+%U%*I=yFpn~26GQ@&Hz4xpei0ZC<5(qj7xO|LnrCt+ zhD+7e{E{YPP#Jz&4qM`NjuVmm)HHlW^m4EfcM2$x0m1i}8aH9{3!@;vxkBD0o8UF1 z2wYwLzy!xm^KpS`&W^i;cf78GqhJ7eK75mt0=GZtyT;oxj6g14kIuayUs+610x~N);I`t0+|*A!Cb|ZC%gb{QeG5J(H8P00D1ME=sLSD z`$0)g16I2%KLHo0ZPOD}CMZxR@7oz=aT2ZAD%P;bGNUYr7Q&ZFmN*6~6-*G_;ue-# zy}_i~uQQi4j!kVP(A-qguuJWvJrh{g#_tfj!*t1wj*G~@x5=S!sGA%b&o8l%(7^9=c4(k` z%?@4r3%eN(4mvXLJIQvGMcR9QW|Em@qD_XvobOD8RHfkZQH(-nv|&UTD0vG|L@3ih z{|d4Ko2^@cDv}iFx@8R`?L0B$%@SglZ79c zv?yFedyyt8HY80Hepu4H0DHH~h!t*4T~@alfm!*7rIAEI(w;h2s~KIa*P)$i}& zvZj~w4fgcSZ#}-5+`HMn<=dul(6|l9ah&mR$p3X5r}(ck8Mt4$!+|pxPDX>l=qsn+ zA5Pq_fb&HumrqJ4OulkHyR9N|e~{;wUwYqkxc1k{j`(s^26D`T6vYV+MV74RavT6X z5cCbx;^N>0>5HFJowY(nB)olLcfRR;`qcU57agG4rJgMYoy~U_?d_4)1(vLX=K$F6 zgx$CZq8SWq{PB#9Ty@Q-ESSJ>fxy=|^wGy7@HOU$PM_(@_~Y}fW^y;h0|v>mtPYH^ zT%=Ax_x70BUWjck^yX}ly>`2uTO9gRAouM~DTUsW8FJ@3KXhk>C=_9e>J$L}X#MgF z__}ykIDg4;X05B+d}Nv}e!IA&D+U;}n)BwfWBv~( zlSyIzJMOsuIR78wshfG&&oi$o=__7v z$al(3Tmw9_Q;Gvs$d;hGz&w`fDQ-u^0f6bvYQ+jaU3biWQGAKl=%o6#u=91aHt?ZQ#Zt8m|_ zQ6ADIf8WdA$%YG{R6hzDKCy+d`Nr%}w$#kY;YDJLaLrH3>8J(;dwm@T*$4JXQuqu! z<+u9lLSKW!JOmUFq`_3cD16h^%1h^2YE%jRZRCZoCkIHe^ci?6_JKs9L;eq_gqizU zF55-lWci_4r%BVdYfLl2?P5Y*-M6{=PXSl$bI`>ftv|DoTVDCFM9q9Hvq+2Syo{n- z22oyW-(9<1&^=QJ&bns1-K<78qYH&J*~AeuG#FubXvY0qXqz;nq~?}c{aIAg z6PI=d52Q#e1I)jb0A}WQ&i-Dz(%RN?rNp)tKs$Pyi(>%FbUOdu1vdB z{}1uh+5fD^Z4p}`76C$68~M_?DZ4ed#Ic)s8U*YwHpeVeRJ`FX11SYq8$U#Wj}l%; zi^U}*KcY=_;jWoqv@7dMabqC(EH|Gl_5a;mp{hn~vkhh>u}|IV;yNcgI5dbct<5Ir z<#F4uRXxAipLu|vD=Sdl*^_IaknDVo-TQn<@6bN%4Fp#CG;Gj_$-PyhCeJ* zX|jA*;KE?Z8&z}K?MJkE%?%S-em6#0V|tgQl;j&3M5;k&LXYuO{SX{3%0u&SrntT8j<*D zI(~_#-u@Hk;Cn`tdhaHS>2GQb?%MzDZ^eHM#>2<`-v@a_{D(4X_)QEvdbe;eAqqP$ zD@==r|5kH zPWiQ`Tc<3t=wTV9o820brJw*DL+S9yYLvUXiYVK_}*Rq{8u3i1vv18mNDr7Z@7 z*lql}yiv>K(-y#-s*_B4A+h$UD3iV%EAZa5bi4fRaYk)>w>Pu zUTZ-DqNcqZnx0FVGc~m_~6H=?5uW4vuRk`aJ%kMAs#ijrP6j@F*qTrix=W;12}$*oO?!@}rXdn)>8 z_xKh8KE?-*rnMd0a&wf0NQ+G)s8!L{}4& zCsB>C=JP=!+%2Hqa6V+UKW9EXn)tuzvyc6+GRQUc1@H3zI?k|Y{}0E`qy7I7kBt8= zm<7f2YVwFY4hc$lhL;u=ylD=zi7htMjFaK~eA^UsfB8jA=IrYW_R%(SAAI^Wttm+1 z0(|<^6)-Q-Ah?JE?1^2isyeYQ#sjan&sXNoR?45>Cs7)+-zZ#9&8TyE8n0f@s6wWi zhoP@)b8VLW5+~z%VawQz%oUarSf1}QKa1MA&A#n8r8&d_=w9%>Or0l@0q$kT@{M#N zWhW^sLzLuSJgHhOPYMD2w@2XXweX*9(SBP(@OpO`jLd_eAm#EC=y7_XLU{Hy6hyF3 zE5Ez3%I7`M23;3rR9n_H!Agtjt@&S zQ*;tVv}Y5t?1_XT;vBci87@LZB1G|3LjB@d%$T}YeI z-y5RrfX4C2kNW4gecH=^dAIjH%71sbwf=Y9$Mye%JX-$CEsUq?c6}T!zyj0EtUW9^ z0RRp~%6Yjv^-kSkx|en^H(DM-L$o&Zg)W>nam!aO6|(5zHX_x8kYBhL;57=xFDS2H z%#%^MJE;1jaVK}Bl)O;NSi`6jErlh_qbv81^E8tGDizf}&ff;|e>^P4{|;Pt@+kiw z;?eTII$2qJ=dXfQ?)p_<%N)Pz+YYyHzE~5dZ@xy}<=fil3xEe>IKu&^7)j{}eLu@> z{QCLz&FT587q2@l{KJ}Se@ySN9zgfy8#ejz&B zdcRSBWt#2_$NXjNsg3w+XpA?S|0-!NxBtY=(D!No4M+X0_5bM6{(F!|+ka;6={a7s z_xUOSwjLvO6Ihov@&;A9Z0j;Uv{?75HVf$?+Ieh^{1AeG4O|6N@T zc*y6CNDFb|9IGVfizN2)AH^4L@nU)V9DC+CK!VgBUBx~9J-fxJ$`;Wm2GK26R*@HA z6za6mD(i$@nu!Pi;w3Ofa@rd{?$S+cqrHVrXJUbWMzb5;S2=SO@CygAmxs^lh+x57 za(RniIua}+lBMJ~UGL)gXEZBohdnnpF{I0z8@b|;IZC>vIb8nNcrn_`|9fBm_xq!* z^B>M+_$dD$;@Ot}_ptsqRl)Z9UyI?A^}qVIWBs2m)@1#kuko4d{}zjSL(lyY7xj8n z+}EPs+G(^CKIzP(5Pk2@I^^MCax!^idCgFIFKAM?7T2loG{ zrdur^%l$tk7b@Ma|EJ8-`NIC6j6JPSeCm~X^;yrXNK>-aTEBSAGlP_)HGAFquxHUl zaWAJnH7V;ab=0$<^1t|j&sGcAmh!)S@J|E(|Dfdl2lp}m(}O&<@jqg~-e2HP>0Gn; z=9_fzeV$+M(Ozu*G@AeGIPBf5<8aR#Aa>b*19$8Ghw^x%%a{C-I>+>dR{XO02VC%Lf?Kcm$>%3_Qsk2RPUiF|wSN~+d-;F=`9CJ( zqWwP@jUMy=J;<|l{_`HTe@jGUw)-nTmTmsZPdoO0bETSW{pKosUb2rCf#2%Q)!(je zUcEVg`|^2Su{?lAS1`PROBarykG)0Z#J z*1B(Aca0*KZ{A)%zj1RV+)3Yd$F^fTJ-6TO>QNdc#vNY}QQ1r;X+KH_W5U^Scw zxo*;~hpqSvX5y%tO@bX**#NImhzPkzq8V=}_o8XMgSDfTFB47C-u}Dy{2$J^U)=v6 zIK#*LzaQlJGWkD>t43?zgd7dT&DW;5X%X4|byZ~dyNlO1r*E%+*t(97E0-pMx0%q@ zcP0IntKr7;U;BRBdjNON|H)STuiJmj|L`DBmH+Qrb@#n^0Hw&-DL0G_hH~#-hSq2L z_q4yREIhJ+OwQML_ys(C2HB0zblp?`?=%0~dVqG!|KVgy{|}wV^ZyU?X#Jnftb6bP zl};Uf2TlG0QLSG|HV-UiI5f=kt-VVcLYaR_f860=DwJ#DV=7cBoG(yk%fb6DB+Kp* z=o-^0Nkf|~yFYh2l&awE&HDBG( zpShKeQ9|0LS-~|*X2n7RzwVc4P8DRsxKQ}X)=i;LYO!1(+ReX7W1r*QbXA^jO`cE5 zmb=$iH$T4p_W8}#^Rvt6*F{%EzHYA8+pFi7R~M&e&kJ?RcK`L1XJ)Xt>p$n-Fu71y}|KTQ|HgG zu5Vsk+-qAT@@_{rGA(nl!K*iCKVFS)uAX1MdwzMZ&7zMqfj8>hOs>)A|NraD)0@-F z@3)y+(r@jV3(+bHZ)y;@K7H|$-&}gWA1;qR`fVTm@4!j_Mg52WiN3ui&p!5lTMyu_ z_5Z}(TK^B+$N0|&dE`Ysb9GCPjNRC_@H2&D`1HP@Jz*y#5k!1L^Jc4>vzP|C?4-nWwNcSHb@NfX4G* z$EH4v|8Ml@|9g<9%K!J%|Ht0Dzr~GXi=y*0e}#^R-Wz&%74pmv%3ptJ%9fUvmZbI4(o#0uYxVyr0nm2; zUxC)s`~Pxep4|VZbo-n2|0(PLk^O(eviu+QMjQFRmM8cB6)Woz{D0P^Q^bJfpKV^c z{NoBQol&lim(HltBo=Hu**6?%;?0BO!3x{x^5p#J;^^wNW~h7rt%ekxo?jh3e|2*C z?)lO2&nIUuw35*c^){yKH)*;yk1zZA^wq1&Ur(=&f6~U7pA>e6T8((9l^$dEBym@x znsHYnd)!sIlkZOc&+)4_FHT;Zom~C;`r_xyccespj6VcV|sn-AaMX!7Beu@eH7Zc>+c^n)qY0RzG$GZQ2P|p85 zoQ^j6f7kLz{ST+b-A8;cAq6l65L|~##5on0zVmz@fFuq8%x40K`7OUGpmRvMk4Egg z1zXD$M>A|o2h0XYF3%OZB$ihc%HzlY5_<2 zE{->=de%IF#_`!XO!*}x_6w0!Kau)92PCvdwY6tCj=;G6`O_!M@m;3c?MNgt5c*Bt zyV?7$`dYVYGfHSTb93>PeW`$YEIK=;g6vxpyB0h>J zoaNR+2MEvXg_M6=`u2LURW5IAO_uo^(ZJCiB5;P3Ml94?g@t7&vec7b&>|-HkJ*_8 zhuEe+HE^k?C)ASvt+IX>&no%fFWvvx?``h?UeD7={=+cKz4Z%B+%liZF&woM`bP5b zN08n*!VP7(p1do3u%1aT~Zuog}M@yvEjZAmo$EbquVEJLdt8|LecRArEXS7dP_4^Jt(g&h(6Qy{(b;_Isb3IqDy5>+Lf^L zZkN}HM2Mo)CxKTu4bA=an&{-HJhb7$M$+viV;C2%5j2NoVI7f0!@*e88;3>J5G)=* zeRum#!Z&EHOml;wT85u<%Z2tL=UA)gWuLKSSUD}&s8lVYiUw0#W4opPn!X2n1_3K0 zEUHOXD4Z5j-F3JuR93%!hedgV*yg4vIS)KaAiBY~dDn}1)y451KPE-GD5B&(iE%_z zPjf&QAC%sBAJ8=qpvod~>NcZ{xNJt91Eq+e_4r#_IasoNBQ=&Pm&ny}(tNAY+bvo( z&Z=%#gmPKYuykc#&QWQYzRfM4a#a92U>>LH6?_ViymFV9DHbuS_URKRU6<2KJ7Z

YaXLVht~MeFRBZ4l;^CdIHOkj}LesY<{T z|E7+fl-p@xe%X}ZPPs-R%?gVW%(Y!h9YJW(kp9)c;#sj1n!U>Hkf@B0ijh*4|JLjm z3r^b16*Nz>xF=3?eygN);;VB#=L^PnR{M(YAb$E(@YZvJZtzD>0B4_VU`v<*a1H%i z6a|Oc%hgDTYfQ1aU70=VSs6j-Qe6P}ZKkES07T2hH6o%qCvT~4S!*&dI$Pa-T1>2! zO_?NfEy3Thue+B2SH>iYSn1|o;8p(L$zWpc|4yfy{2yz1xc~RL=H;bx1kThEm%d)% z>h)oyCIbV~)hpuuS9^HnR7yDDNAvS)6SSeXSF8ItKHoCPg1>xK&u^JdWxry%O#OXd zVKZryN3+KyY#hzHxBJ`-xa&Jit1=qjs)6;}+6T_elq3!=QHXpRlf$wJp?ozu=`112 z@C!r*E>0{ux?4cjUO?*4U)2rV>!z~tSC%-wiOb=n^^i@hLYw-OU#(&(;pH1syln9$ zJp_OCq>sS+yW#9`z(N(EPBKXKKuNSZRUk9$egFk@>sXX{PHypw9V}i_{B1Wz)N*X~ zl&*`XG0?bC${FzuRAzy2WGC094~0#DljmXV-#R~ZeH;+|D~I@uXCW$#C0V>sRarf8 zg24?*Z3lhyQKIRV;*HH@uBg<}vawi|Q+>2nztIsE&OaeR6X>IS-R^=Nelr9o&u*!s zBGGWET31=ABFC_!$jQfqO$g5ac1)zZyWpjhZ^}``cvcl zPk%b?Z_fX&-{z^Q|B-9>5Cw3R{x=?(=fBy@jsCZer;+~0=E0MsdSQUSja)AblZF8V zoGOnJH;_XrOw+F#E|3$WtRLo|+8qk#90e{Z&nU!I79}7+9v2UnDMjQW4qf@0a~uq{ zq>W+sw5}h)~_Qv%QD92s&wgd z*5TY2Ew)IqSnuMjjYBt=Jt#iA67!W-(QiS|t)>4pzw%XkR^|WcjmD<_H|k9``rkU9 z#{NHfLBx|d{M4%@9zmDW@1>}z&B^{fiaw{n`bIQ5g(PL2PCc#iuv9-)SNfK&*>Fn5 zO-N@=7Z@ctn!VU0_}M&-pPKSt9Ey6H{6D?H(9Hka8;>{spS3)V<$snlzU<;FEl12(*z(g*ut{_!IgAUExrv$H`8>K@Nwh%OZ)I0Q86cU- zMN1o#N2)(ox)||?keL-q2Z!a%J!gbN=d(+n23G)jD()_rktL8yI=<`5_+G1 z%o-NCh4X^teL6q;B+BPMwOu-+(5Fw?%@UuC^CmfJCm$&y5e$X1ML~tHD_M%aMoLLN zX@v3t)NAeZ+*?u7GR+)#8FUJjiWwdBcN+4x;)an?Rr2i#J*s?Ah{_8r~a;0RM$!FZ|fx7#XI0~L8_ zt)Rsx*GSmm)ER~nlQPM4dY37gZo@GM5-!gARs1$* zLY)!Ff8;TupNiuKOn&{KWW&%jC2bJdE1A1Y!t0343VBk4uA13EY?$g<54y!m^|k=@ zt}d;$T$#{6@`z~0c=bYD#qfAUwBzHY^Xt{|xstysdw&S7j?cGj5z$47qVpDH&1@=G z2wEFO1?A*%nLc7xYr^L&4tSCYCay))osiiaxk!H8Ep&$LmC}XmRneGZCfOF6h-|Nz z>$|ScOt9`s?&mxJoK~OyO)W=%D|}1NwPKu{X?NUr#Y!wxR;QBTv?)%aK;*!xYgIJZ ze=HFwU0$as+be@PLzced4v-3RS$5=;T#rhx&2y@_4gfCBQ?Qi%UQxDcCE2qbZG4Vj z@oD1!gJM&)u^Vv3{$GDGF#Ugn{wDrwJx?S5pT2YdB#~hHRQon!!qTSKf9XL8kF}Rr zg88lNDZ1_iOCNG2nCaHb!bKc%_>nIEvZ^|2`!&x8H1rOAJ-JuS|3iE&zU{qJy4h3! ztm6N}o|*q^Fz9dcf34-=7wjJkF0D>&;gbc>C$VzbL)FFKs@v4uc#%9zoHHmdAx&L1 z?_bXOOq4NUL?S9(5>v#PKcm2q} z>Ed`VyF{4x{GTz7fcFFNTEK2il$P`mq#$t^O3qGT6dZ-g9G)!~U~Idc_*;*#`?jCj z{9j9&-An+ih*ed=%>X-8W_6M8z z@3lOt{x1Vx8ms=9HO&@WcKn^sn(BBCUPO9n?B$%ke??tBW>C6ENs{q+iA0CUB>soM zQ_p+kx&6O<@wQ-+7_l&S%GDud*cSEk%NGlj1&rVf1)b}A{jkYpk+s}q9I5AxDy<@i zP4s9MQKjmiXH$CEoGA@$$4buJ&*Pj+io>s59Y-mJk?r8m#*V1X{{@|&;{NY(Z!k3D zf2Wg;|9>qHU(F{U6Bq?tapnvnz7fuQHu6=ASY3OHLtJpOGu7QIF89)O!^{u<)<{C3 z`Iar9o`Ib_l)>`ZV5h3ndDoePtFTHq$LFjeZzWF@uQp?8dKY|VDrw|{$&mkv7njSM z8~hP?9nY?RZyoa;6997zZkAzq58f|fh;K0Cs7b=dq`UPi63}^h%GzM#lY(pH!)1y< z8ZQvH;RNFoBYA^S7^Hl2Cd3O&QNT<)I>#y4xxVM4{Nn7AmBrDFd$M-BTcXdg~F$^{7mA#u%ki$R;_T>~iIZQe2Z+%_XI_Yj_Nl zzACIo{#|ID1SKK#5%B)Y1KvBYIitxsX0mu=N0-K|gR47ZJA|#xXZucQS8Nb#W4QXn zx3Vj{>jE6GLN&vf2$8qD35~$N`ssy+n<{rW8_i zvkW<48{|t_zy@0_egkm`cCrO^7E=Jh9Sm^*%r-qUWk|_GRsdUXg%hI zblv|!eXJV`wW^C6l12Z%K}_9f)9iQ>m1meLk1^)@DGjphvi#2mHIct0;+zsiA8B^r zNqgBkV$ITCh;NX8?`Ic^=06{^4T{JDM>rl7i~~^V*4hl@o6D1ncaIPCu^@iZPZs3xe>uARxnT>uP9@T;z`M(nt49L-5J2& zcW+NGPoKX!dH3Sv?dkE!rP0n^jDw;n?IIEl%8QHBwEA?s20>x9{{XibjDW>gmUsOwT1j@0XaM0C*_6!z7LtOs3sI zg5h}Cs|2xkk3T?xs7ijRlSDm^O)ZwQPMf|oI2_a5(=PaKxE}nUX@Yd6}3Az z@?qLGN=bXNPF9AEYrE=c=KoFNphXDK3jc3!&^Pn{_Q!)w{Lfk*;s4#bnj?_JfpF(y zisPul|J&WF>i|yTzFn(9Ktlsf)-0Jn|irYe~yA>h)ABPU479M+B{C_nTXeCC6u4_-Ic6TrV(a; z*T6&3$bu*>JazdG&GD}l(RCb0Ulcep^V*M?r1V!z=Rb*(h6>}TV9iOQg#84OJc8Ga z6LF-j{Dn_ek)+S^HARs4b0Hz~w^lEIxh+l&`J>+4t>vz@qt44JFP@}9l^OtKzuGpX z{3)`d$iSIbIFhF<3-#RmT*J>iBhW|Zh+xiJ;wa#iloBsX1sn^DaqoP~t**9APyz|^ zTvr<84ocx3%i;}A)6*!WFbp*p7)2@V;{1d9Nxm)6lWB;gwpjjr_)NG=%5ENpd^P`MPF+VJ5Hl80P7`5j|v6xi$1oY*veQLe-H7E~T_!_9M zxau`L)FrPY*kZk_09FmA-%zX=(H{=sqK6*@0XIHi=$Itd0`93IQ=e&L+gzPwSj41bJX&NnT{~|w%Fz`nyRh%AB7moyrRm_N3^1%I6#+5(n9t3BQ^t- zJha*0j|iT|NgT$r`^$tN7#zn@N(sb~FrJ+s9~FTRks@`A^0RFt8~5B-eVY3J2yK1{ zaMk(m>9~~tqrdV0t>@vJ3FkZ&XzuXKj<;wIzk2RIzU`tM&JsyRGXdRkY-!o9;$TW+ zmWWh8EM!k>D)X6E$ZcLy6WOK00>(42Sf=zyN@np+)b2FhR264M&_`B#kDw?(gwr;Q z1Q5V;>Sife)7-r(JIi~qou_Oy38V+sa)+7RX)}#9H7E2=DPXersBGitrz>7Bi8%O_ zf*|IqQ@TtzaafCi?9ok3l$6w6u#=Yn-=#k&pMW@!A&!+uZ&aa8DQC)MZApYIU)8c%<|x2|s6DIg&Xf^IL{yJc>_=MyZJP%PTQU;vCYs*rCrivklfN|cK5R}9zrZHjG%%Qs+h52O~mOZdMYV{EGoZI`3SOCSqZL%wn zg<6}=rv)S!2G?eO^NcjV99^6qy?Flar`MNPr8u%&PY^*fKcjmssKzCPi)I%m zFHSEXL@^G&0lh?v4<(elRsKb%kJ0q&3o}r6GMpZGHAuOLqgh-r0bifJeErY~D4J+8 z0cEQ%j;@ZLA6=dpeN)%HM4$iv1*GsAas{PM*ZmOtxAS!WM1MLrgQM8 zKmF&)>mUD9zDNE%2Hw$<#tX;@7>4)2j|o9OWuiYRl!k7%>*?NUv9+dn$XThoB$9!Z zKjN@hQu59hOJRACAE&&ax3VOKIOHLI$~`?z`oXouyCjk!qTq(1S@aFxfaoS2eGJIE z8KO7P55a%@N9omPFe4}do%eUZ`w`+$WUrYa3eJAKyc>a|<5%8)Go3WbM^<2%e@;Pw zDDo)^egNWD0@lX6R5n0ku2$LU5A?Df2#yX9$CLfTi(mf_*t<)jy=)Y~=g+d?OGG&( zmMJ1SIXL<&pwH@p7wT{&d}chFREdF=FqGUgp#D7m5bgQ%MXck=--FHtV91Rp`>T+P zKSYS6bDY>Z&A~HZv;X?=2)(?)RhurE^W+DxJx>esZD;nUPaI@d*h1n2;%|I< zUu1KT^-Yle%NITwrNhGLFw?@*ER6eGnW7r<4?(={Bqkp|J{f(gC%2-lBymb-1f}o8 z^4(3suQ_A$o-F|5jt)J;l2-syj_E8Tio?9`$?P3Y34*~r=)6&_M+J%EPer_g&Rkp| zC2&z(uR#pb5TOJNwz3xys@ZjiN^N2-Xdhg6$uc??Vtwat9#aPY=Iwgmv(THC}I>=#|}4HG8$VPv3_ySl|eBmdvgL zow>LDNi}4@c%YLg?=&;>i^uh0@V6Y|fBeT|08J^R%k+_GVYNR2`0HOmCj#EKZV!6k z?|)~V5FU47u^qoUZtKbk0RbGjxa64A(&E}Qb;%})f1QOq`Mlk)}%~r z1frPA(Pgc7yIpX}W-x1x$^U+j*&JFsK+f@gFMoA|Tg-R2rJT*j4@^an3Nlwg!T z>w``wO>lq+@U}l0#`G8Oztw3gI(p0+`iV8fjIKDJ%t}`Wte0^V=z4>bSzF*j-$w}_ zB|nZLrcK3B>eVEL%?i(_vfH8+^Yk|Lp;3dBdrE`nJ962rx(bJ@N4UfQr^*lDu|WXYC5!CZBjZ`+~=P+QM#^Q|H3}l(e&n&CNB{^^lXD>md>0{ z3D+0+9kHTk?1e4Wo(n+g&k@r`3J@GwCj=+4c^{~sT*m%wbuTJOnsr0D%-`B?9=OJk z-jPuaYDGO31nk!6j>7NwY*XUlYN6q(yt3uy(3910ZL>Io%1@=k@C6FteSQK`nL&(! zbS;HI^@wKRnNhSP=xR<-I*-Gk4BISG6R`9IIZ@WX*94mA2SH7k+Gjh&n&GSVKfkul zvUwiwX{P_HR(E|XV1@oa=nu{Ne}U8 z(ZUsKsVbxVU>+;njbaW|Q#uQu%;B>lK7EgKL*CM^d7uEj2VUk3@`?*xyyVXJWJBsb z0G5`X$zmB4$8{u1Xrm}!K&Sv+zPrEd4HDoo^?WBnDhRLR?TTPe-G#+>C)J%v4p%!b zASkA0nlpN!Ij~gsmXTN4;nh_jWqCA3f$W!>&!7$z(H#;eaF)d*ZDsDL;%zMqUDD4~ z`aZ3`fs>>uEL z3KD{D`1Ur?i{qR8giVTQmaVab>9eXPSKPt2_dR$`=ZJj3DFOlwepMg>=WM-GU?g4F zHXPfwor#@^IWw_s+jcS&+cqY)?M!Ujw$c6d{k$jt!GF*vRozuxRo#29eQ7zw4bKS{ zX*Gr=T)Fe-pJ=V_T~ljN*YqV5yZ-{ZN82n|qeM6U+j53D7!z>Rz9$mIkPl5fx8A0D zkdyr#){an?!extKlVHtNDZ7JH5pjF=eyPADt-F2R;^fNaQb-_!>}i=W`+=K&I>F>q zNxV4EC5*iY0qv>fOp7aB;_R49cc%4tagL+>$?}N6Qs;HOvi?JVbvc$dm1<($S^30q zvn-2B(nMKbJh;NEP|smSO=9SuPbb0Fu-z12*#t+%$$~b0-^>Sv6ON+U`evbti*VMW z_5n1Q#RU6K^SwD?a&+ss{7KmFVFxyyC?IXU)z=2{$c1qb1jr~`*b3cw0M{WEU))h_0k>X+B%#;bA0a8#_K+UCv zdSvIb+0RgUd0yHhbq~6ZpJoPyS)7Ef&SBwm=y&sT$ZtxZWxV`fJg7pFP>{;9>7ks0DDGPE;!i)Ssug~QX83m;AJwAhgcz<9)>x~e6(mW z*gKWHN}Vi(kc(oVRVF@~ueX|3{5g>dq#-C2NBg(5TYgn|G#wQ$Y78sNA8*P2-FKqW zawN(GyKq%YBcdH<%-yXg!QBYo#oVg~wGt+-mu{#@Icf7GcgPBt*4^Nszj5OUMD49PgO3P?6ya#0ws9+FKhKifbau)I{VDUELk&3;rC}=&J}Z-E z*d@MxffcXCAmLcFd%e>P9_;RB7a$3+CQ<*l%k&ct$rHMG@a7uO3cc;&fh0L0!2p<4 zs4-n!(W$Mf%#Oj~1#q-IPxw8rUWf7&| zl*UR4RIFc@4u5%8F_A>z-r0K4VRbY%WcK*3jpyr>HqbG{kI-^O`hK;ERL?A{au zvGCO|_YR>>B|a@=V~SP_x{X%3QCf2>*0vYNCZPu5+|!#OU)QVI zx@m(dwj7}SNcX_Ph_|Y$Nmc|IX{?+xm56ZE@l7#V3tDyCpV&}4lmbzrQK`m_b5JRy zs96J36MpnK(_c7;u~BjIdU?I24)^itY7vj-D%JNL zmsMftV}d1cxJ~t6rs@M_^p&;MChpv%pU77cJ(yzz_hF z?DE-w&tP`_N|;OXB;-;UdUmA&2!#-53jArvcqLpkr$&2*o8*jG&I$!#p)ZrkGmR zEuz!Z{EQeLFq^^7W~20lN$sH}AoiR_<$Ff+`hdVU!^-!tdv^f>6i(z~elyo*660!} ziT85}Co3I#$U8d|`;F@=8Ml{_6OGe}UzAme1;Vip39~+U?l_x)UT;#Jy^L4Dy*i6+py2rvE#XH1@eGdzFzP~x#PHn(Oue$# zHEFB^+5c$yU)bs=bULhM*eenS^BtW4DuqGRUj(ZTK}uWoi}VNH7tn(D}wm7%)szd}a1D-J1z<(_&uQGSX) zIhX-f`avj?8~fU6fQ?rV-&fquo2e4;oIaqcMeT*7Hc`9vTw_!8+dbwGxmC%>ks|_A zTzAF#_S`yyYDrgS;c&TR$#Kb6g00d)(@h7C25hEYjEZ9;gY%J86ay0{ABP@T2=(=l z@>AP=&XQ!2J5L12(ByOVryp%-!45v?Sx60!M|($w8#HvO`m6b?lW(sPYJy zxbJvF+||C<%E;OKW##rc+Qh?l7!bg|bqLg&7<}m6*&8nSaS2EjB)bSGda&WPt z?*uz9AFhJXbs~*R^6|ow+XY=Nmf*-aU>z}30R_#H3MJhr^FLU&XzlD<6mR5-Mvz(kpprbfRFDCx6ws zg~53_1_}#%4c}$*dUwxU*Qw;?N=A4nVKRZN1@YMxymGcommk4lu{0rfheh-R=vs^t zk=^eh|HyRjKc6w%t&r)mj zUp}VPgDy>!Ws@=ZM=LMhSC|N++3qvNhLX)e;}jn=O!D!)ux)9T%E|Edr?5Vi({GB* zIK=lK@SlIC_B1l!Db&~>5NA?;%}HlkRMha8BjB{Nr5+TtrwYz82_2frc+#nPwz`87 zLY}{M<_qc^uPGlsYqbEPp4#a$v9!FZHJOxx);Mjk z!I{D~OQ+h}IO3u}FQmHyk?OUsbnKTnoXlJn-C{DOhP{$6!hv=@v2WFF)R|d$c8E2! zEPr;Nsst()9g{OE2{_DT<&~$5S5wIrcq0Zq-GLkj{rsZoZvE?)bo(T3TGkLZl}r<2 z6g3W7+-cp!ANM|s!>zT`|JE6A_AaIy&b4dW*BPfR8@kpBYMS{OtBvghj~leJC@2Vg zhy*3j8^}+v?i0zpMW%vNuULyiM2IU``DhH&EIQS+(~A8LptD27=uUGuTfr%@`z2 zx%e8DbK6+#xU3=(ye!_*a5Xo@OLb?Mq@~yNcHNZn^;ZU?O!tYfGBQqBzwozC@*_Kr z)SskesIj9~*yEwIBZE{C1dn*fOKvHi9nitcd{tRyk;;-cC#Ie4UdfWybYn%yWswzG@QhV8v6m(qIJ}R5ENExJk z?#n$DLE{?7f1aYd1LU+BC-@akjkSw%7c8`{)-7L${$A>b*}MTRn3g0S^h@ z<(m6aK6@>Wfq0LwS)Xw>UgO;9hD^5E)PuE)Y3!jhCz8;u7CRa)-rE%e$8QcvqYtI$ z?4EPim~1addfoL5HPbeKzv-21tQ?#`+#$07Uwks}fmjLOFN;Q(fHDAJzp23bEznJX z8Nf2y9sxI2D)k4e4NFoTF}TW0634Vw)+wG#M}y*!S0F)AQIUm9i<+RpyTXx6^TS&Ug*k;yFMAmGcJ zt;PE}g@@bDb0=f*`71E8Cfm28{UsM-r^BIlE{+@1z@_nO8T@T4Byi)Pty4t~qJsC>BJdU|D4rCA;6`Uy?JBCFjaHs2L zzSj#l0g1mC{e8I6rY8$7E!x~WtP%>owjdH!ezumG6KbDO>26HH4xnHHVKMb7wAL62 zjQjNh62ElE04nWfzi_oCQlu&2W&b!qxT|#T1!K9qApx;6@MyaAQnYc!0%N3xGACm zOeKZa+&k9Rm z%#)aB)x(?VDXGT8j|AdVLy zaD_bJL+93DBX5C^D4I5m#DcMxL@zrhw_5-TS8_)r@Goy(!^0V-B5IEBoAcOq9lJr# zB>)V=e>Jh037@JItcTJ6c+Cn>X4S0L60E7DCn z8Ltq3fQP&D)AifgT9ii`Ev|z?oPs*Ezf6ow4sB-b3rv7SKbveUgnxQ`UOhw4`$X~x z;)w;y<{MX=#pH~K|4gR8=zej9-RMh|)96W|n-4e_GWC5L)WXLk^AZj=5`=VIUNcyH z8JuOXSReoHsiz#3D;o1R=fuvA+Nm&$<_j*%nbS%kcm|y&cedV^sNGJNGq>I#ZGD*x zm~l8uXV2@S{*gfo5qsCaTl>t#RkCSf?BdBh9f+VhCKkecb2ohLR||V)Ct|UsQ`neO z*AFt$zK;ct*&Af3N%n~)8b&N=`MC>=z(i_ir0`?#i6EMk@QKWb|8iIbvd{v!k>Z+Bf*fw^J}yjW)s z_bG=YIB{UY1=K#kB*9jMH0ya={Ug=xR|*_m&eG^RdMFd8#flx+>? z*s9q#X6mkA$X9AeAt$WA6XL>U9zJ*$90{s`W{JNogD4ON)2Q@mnmxePtAPFauE0S@ zkRpE>$WKxaNct^z^X<#QtJrLsnqtKr%zWQ%ipwDQ1iQWuB#Oe?CYLVy3FpTdHwcFA z2n%oS9eI7RFHf&U{?HXi`%#MNQ<|pO<$8KuahF^PMg_mO9sW-jx6hN=Mc~Jv+~_Lx@$y+&Elj*L`)ETQP3o&l7EHm{BD4RAU(ky!ck_{KwGI_#`Pr!OFfJql0u)cJ(0}xff zmDV#^x$U|1AaSO4p$BH)wm1kebFNk+;?UA3?y1+_0}T^fx>-r!sa4@~!GN;oRwVfu zSa$ZFM*sH$5y*ei`|AWax-drrT+t>m``QRocMQC5%@iP$(Yi+a__YeMKtA5V*2U0k zuPS$240~mIMB;eGrd@%!0Eqe z*KXb$Jv~xIPNs23Osw<-JlmyDEdZ?k0WTN>+%9_~GJqaKssqSCgF%&JVCj8XxBb}D zm9+t6=*{sf0jyrNAOaX8)(CqO|9aubiTIJe2DZ3d!lI^c^8npir=;FDu&kOxn(OkG zi{9;V+?nwwVa@~Lu!DYcP?-^D_LarhdzQ%)BS17&p<&KNy8CL``7NOf#+h~oX=okf z&1;l_cRWu3ex9cF%kieO7%aNFe=c!MyePcqOqlib`_P?7#qy>@i~luMH2*yfuBH{+ zQ1=f}n;=?lrPrCHs0F!g9Kg5(WY2iydEWW&?sbN#*Fk=~;8^%q==L#s24C>T%LvyU zbZIO7J&>pg+|smTof^b=<|eF%0B@z)W5>x8a!zV$IGtjxShm09Dp3%H5uO0mOA+D@kWWT_=Py3#rd`+X!+7Op!my@_&G!*24_nV%J#6~pfiO)no| z+Hb;>Pr}*q+|NL562GssOTeXCh}sR@(}bv?eRLj5%duE3;Zhl7Eq*abwc?euQ>;Gk z`-Qn~`_eiBQ1JRfh5651Ev*A|wrp%xsF-=Ny2za!@!@;_GhIpKQ}t)5s??ES{~31;N~ZSj;x+UM5Zg35a~B(yaj*ulD`sl0tH zD`4Ez1F(Dh7y!!a{xmN$Ad3Zyq-$3&CW`RMOGzdr@1cp`j9Mhsa~vNM$AfTcCYX^N zy1_-bdApK)EBLfYF9aJ}>z=YzEcSrK|6sj+j`5c%^BlO_;Gb$RL` zTtVw}|*l%fh4Sa$DVc)f&G9XF1!-aHJo@xAz!HpwBYwq?ysKMR$y_jDjZdox!TAy@N z2qIirPvVz5(+6geB-_s5mF5RlM2TTM6Zz@LfGm2Er$gbBMuj8bMO-Oprrfrq1g<>X zei?92ZpO_xQ0CXKmQ3MDxuM0=gtz}WZW2{5gPHWBd#X$eiLT5+#-59G(`g;$UU6t~ z6)SZgj6F!UI~UG}e3uXKtH5S6ZqAxdid?iCPxb$6rHAY1kJ-uplxGdd8xrk!VfK({ zP6lJV>Ye{`=svRqX%AAvZh*Q|PMMwVUaP1a$IA8-dZ6TjFYmYO8AKssX7s5SsWT#F zFn9IzBCY3m#uq=g9n1fbRsIv6>O{m4=~QRidI1+8dAU*05QwqD6G1?2 z1qW$tf~J0#MO_g3cm!RpmbFq-DJ-T#q#x>aoqUldiJfG#xZs_=Xfm$lEhY<*Fs zU#sY}3ijpBh1xRWeiz;YwR#6&>l==buFQMsXo2%el53cvwA*-rAXQwWudt;aM>hSf zs&_`drivL?3hlAwSX)vOGr zF$|3TI0gg+wA}$~Ppk@ndgEueP$Xnb@3N`uJrfScld)W825<=IvU3>%4@=!>y`2{K zuIkMY<&P#sqV}9)ZdUP``wwVb_im36e@@|-ez+B^%u=RxwNJpTn+h&DrgW^ykrkxx zeAh1dc3hH8sfp}5rJcQL`rT$ay5gyKoj+4jY4figs^SJ%-Jdw(W0whDL_gYTncALb zoIrW2cx>|2CoK}sROx)Jm51w!Zb-0qpNap>@mq31D{>4w^v>EYM|W-3k%Cq-zX^kqX}&5 zNqnqU1x*RnTVGTNY5QArtgMQX*oSc-^+(^RvBef~Vu;l4B$vhY#Eepv0zf9>X4n(}S-*y4?c2Ah2s@`das1s`RnTW^~G@4iLL?!#f}P z=`+ix<|Mm8n4+Hm*INJ%_6OD-X~wwDb`cacGKQNVF5b{jiA+9UYZhVxXayWxMCd$ znsDdl`h8FuB}~$&#W=%)Ll49vur$`1Abs7^JL&w6>dA=(g?8O25C5C}L_NY=C#!_U zt5OY3!`M`UJ6WoetkrH`)u?CPRpK`QD-4_>cRn`7wuTB8Ng_Afw9~C?Sc+KH{-22hwN+l)7I>*?sQnoo`_`i_^;02Qu3%N~Hp zFlN9VQ%qoUYS|EQrtwMvVf$XtqK_wsR21V@*3li1xB15S=4Vco-78qrMXt_)ta+B* zeUtxUNV~&+e0qCB@qial&nU;Ie?=)zA8XzPqQj}iO50wNVbl7&kWtI)UJzai=N;fFHG&DjETPI) ze_L4Nxp=fcdEOQefdi;7oNvPK2f1g!GdU113~Uyl1_b<*en(FaIPSPQrA3X5vRyq% zI+gc0us^v$RA=H<1f!ps-AH#k5;BE!wL>xIEf7wzzhj0p>pjlRi@J^{l$eW~S~@qLt6J zG0i^4ufD=N>+^0Zpn=k|tqWO`wFGQ6?A)1Lhz3qn@)1M^rF`@r%mZ%Pde?w@6Ds>a z5ad1dLpT?2%)zak9Jyg6>)-DxbuCU)gG&rCe>VgK%~W*!KG^U`q#^4FqbMSOexth~ zrBUyj?!x}k#KOQjP>{Z-?Pu?I={<;=vMZ-CIQ`;W=Q+_im?*t z%szi2@xQW4qqphrv-Zs)QO)-L;YfCG1;BZh#=B;OGafGRA&9dg9@scRkw`a^f{BtB zzoG;|&9~o^NcAt1ivBkLl;vCf3D?n2szkOa2DE8K1evM?!zuNX3ZO6~M8YW-x6XUo zd_8`e1h)X-VkLzVT1V5!`lz9ov=W^ij|J3!%P(6to}EvAY0RrTZ2gVZH$Y&uaByqDIuAM9fuoKd z5m_5;WYTM%&Q|AQ9Awjrjv-IWQ^4oK+}cEvMy-K6Zof&BQaj+I+bO_u6Sz$(C!I9) zZZP^F?I>U|u8KDUaFqjC*w|bs>{BgpC`^V2OJdv-bX3SHw;cDA;h(QQvDR_nO>VPN`08TzHB;E(%! zcL#hy4dHu&-ufcji8_nO#_Z?$^!o5uvdruOK5cMEnoHuPc$K2VnooLy*R9u1GpA0y z6{C+r5#X`+A0cqRjMt{T@vycoHC!7{&dqD>cu=GDpGi0=CDTS>r#b|LR=4bgH&BT< z%fo*Eq59zeiJ}_$80`eaHcn7OmQIh{Mx~kZ7EW)2_1&3k{c7>cI`!LVeXb@R3>5`S zr8?{|>?+>%8;b^V>XU&bK|!(o;=@F}V}ii14@K4(tuuC$B^s*WA;B?@aWj^~GJYzf zHr^T<;<=up{88HKQXt@-ud5KPrATr{7gwoN)0p`I`$VI|E%6od#b2p4VBezt4vTFw zT(Z-o?tpY9rDp$r;NE2WH}A3X5i`wu{@3>cx{@4F=sA1u9;Iu?iX+6+Dij8Ccla0Q z0n-c{e6Dyfo<`8Vys>Y$X$9#)@5%(eLv^cx0+xC8)3Z+}i~_AC`VRSRT>7VY`ka&b zq8PhQWb$N{K~iXvhccU&9)XU}A30KKHNA^w6R2*bM!>Ta_LtkajopWhwT*Rvi_D=k z6n&mNC{O_`DxJ&`aQryDowa}~Fh%Z>U;L85LPWr_)|ytvBJmP7)s(q?+qdPHMzW$D zbCEH)Re1?`a!zo(afK)sPAl3rQak|Ryk)oi5_}o+d{lH`ya}d%M-33zk@QSY`Nn2# zq(i^#11cUabLGPd>ZkJzvWY-(Z_gNT7Vxiss=aG!^G|DBV1FX)Q_DF8iuew02VuPp z+zrDishmv1&)uxSli#)|iuqc~Aq+2L#aCGNPhM8`2HN~C!haRnx5U|=KrRSe<5I3R zN|I`jp7cnzM-xqmQ_g);LyH3~xzR&hlBvq`)oL>~FP?~;6z+ zIaVD8nLl8spwJl&<}3(%u}HOF+ASX2YoEPrCsBoIpx%<@5c)~_1mw&A@q6~tK4H~# z?IbBl_SzAFzS7#wPpc{)>t1PUef$wXb#tRFQ@HBdXX9?kB$8$xkkL`j zV|v?hfANz*I^Kg};Y>)-&$uE^GntQb7O-QT;>~7C{_nQDui`Je3c4Y}R)Vi4OF|g& zi__0C-ePEAZN*OEMLNqDyhfXOBU;m#b0?yd(m0Gamk+Df!{Mma9|DW-0_sQ^qGdbd z!wWmYmP4~zZ;?XZfA6$4-x3lII8?#)g7&S>k-rPr6$2aYvHjfP>YZ%Jxw-K+G%=04 z-NkGJ=6{@-9WlON8tNY`PukeB*4B@7t*`NYef^|FPD`o1xIMjzBdp1CTIz7R9d)t+ z@G9%+LnQv18Trm%I8zkrV(D6EV>X1IR)ZG`Ce1d?^D^&`{@aem^Lf<1pQEAUXeey? z_Y(BXkGn}^EW0jzqcCLr`Pr#>Ddv6-YbH;r&|Q4`;IbY3XTldP|9nRps2f23o)|H& ztWr=_CD88A>=>FDr6gSW*UWL-Eh+He|KIX@M1Fg1OyoIFi9Nh~^hOw{0=9rPlb$d_ zKkv}C_-^km=p6A^$p)Q^U1ISEy3$u_r`*?>f1?`fR;@NP3ObiHQ=wF7H~~FH#SVVD zds|auA4D0}c46|`Ht#QbByoGkZ%Oz;;20Zn?F9+^9|vgYMavY%mf_(E6ckMWy6o@b znQmkkvYBM0JBE2Lhn{NEq0FfQwo{2=Fft?z-`Z>Ogr;ar#1A~QjXqKIzIm-?QllcL z3M^{g=kv)N`;qW)IF^~T27Py}-!rn|7T{dHRWup=3UT)%;ktbITQP$o_1$*LG7P4O z*gCq!E)RC<_k^n>sAak%7s@8tnU4Z`32!Dn`aTcazwKZ%h;3aVSn&O@sO%vZ$4eud zSV2zSXT<~1l%VvnAX+5Hs@`Kfz}xm-$E87z24 z;)}x#aEFf5=?3B1%khU&(M{()IyYcyQaCNU6W^(WA1|Sl)aRF$@&drpG(aX2UU>PL zfZvFdG@;z61U2QkKHvL$fOJAlm+lHN-!S4Q?RAvSw2It8zq`Mu1l9`hn`flF4Un#zsN$j4P{g+YKRwvZ;509QDVwg8%RKDu?Z-_-s0SNsvbTu%tQ)xUV!m`ok0$Q-Jb#f zqm-f#ROcx9j-K`vsQ3~Wl7bzBpRUOz2V;bUM%(S0+9KI8Qm=+BC(oMFhZHLp=76)G z@n9MHm4TVSb-ZsXTavoMniS1oHqS6=c-8LlzLYk5IFBHEh>TtnD=vHC3hFRGfzCRX zf1+7p@%@kCrXoB+X9`(pe&q}kc5ukGq2;4j@nd_*iiv;~ci2c0gT9dl80dU{BzS%# z6@J^TyoUD|eYKL)S|b8)=wfR-=2;8}5iTl!$WP84WbAhHzn>C*5o>;IT*E;w#6i(J zciL>S`dVC~>==!8p3W(&@SdW0!w9}J2(DWp9GI7}Yl6nC4KC>C0=v8qSgAZUxq_W( z7vXE31-MbaGN~~%*T?o_Kz8-ahc{^dvd~0CHocSp8Al(FfNWB50L+SzX5y`|O3!)Y zpf&G1twwD2Rz0ye1}TZ_vZ1xBmBCe_3rArS`D9pa!C%rBhE>;{lKCf{N>@Mel8Z_P zy&2PmK~5aD7+_bUx* zZBINnFcFV(LO__MQpKi&^Cm(b<`rBPPL+oLr-_ zkMkz1mbNWQ4!*12xp{wkZ0Fl_z_H}n^nh6>=6$Y0S-00BPA@bwyvip+`!}mXfXOR9 zN-n#=!TsGLoU|?)LgJO_W9{wx+=qGQbKN-lg)0C0^Y-nJr={)hIUL8g+)?g$9jFQ< zye$({DRS%Vvm?yMVS{CZU6`)n+m_(}Vc82f~m4_My!o0l%Klx=;57swvjVb{bb zexs|`t;8FCezq@9^;c3ghnvUf^bt;+ki6rKb{2##H6*LB4!u{q_|kqaPyLLf zV3YMPY4kC;!$QVzwMt{d5~+YL#;{s)lT3d6q>Dv|3-R8Oj2)||TeE^w-}Q>S)8Qv& z7d+?!B1L*-USxt?0>Tc3n09%vRv|EfxuTHLSorux+9eVe2a$_iC(b zMqXuo_iwEv73&&X_=;*`_5cL@N?o`W0L=Q4?6?v2K3RR%+y7SJl&_ijda9QrW-dtHHcFv`iMU!SXU3BU}|2YggBG?96Fs=NPRx|lWjw2TrhsIs!X4x|2&64(@DUUxetX7WF;ti)a>*To z$}vG#T-ns!ky`AQspfGhJbtYd?7=sJw=zh9bd2&v;~ajxne9Jp)9$O2wDI_uMlzE% z+*MqdgktzUlFy=M_X*JBhv;+AlY3CXBTNu5(o0E=G1}e@aSyALRPp#2Ml#82JCC^2 zxffJnRLV;CfBl@}r~H!;Z(IfMEW;cmV}!qR0vq*T%8VdKPQa|Ib-DG!RO10};b{@v z68hb)aF92mOIjjui68yrVv7wtY zej=N0xgAeV=LP5!oZ6ysphaJ(K?kv>u%y(a1{+fDAexjA#cueVqfIY+cNpk*lUgAP=jkbk4vo_3HJ}&%i})c zOg`6PUSyq7UgQ|OvI2sGVs~~#CB{j7G-$RXodmz0j*JF$39D>4+;V3qS5~W19Ap~# zLATS$NP?EwNCE;SC2=l>3JoX9f#zG_H8#UPas{Hf39(HG0daaWtW4Rkg{(OV#iBiw zLy@@hzd~=Ec-*?mgB8?fEA?U3CXJy|w#$k!Qxz1=^~IscCku7fLTk;Nd*UXI-cr)i z*3whIA1APma&>5!mi(v-s-ybEBtMSk#o?)=DINb)%SkBy-E-Oq`e?hF^)Cs1o%JR_ zLOMsnKG!q`%nbh#&cPHO`WYz#0S_HQ3Wj7j@IvFMEp6V}Nb2uik5DEVux{J^REEta z`xQzE?N_g4_%Itahk%xHW_18p{J#vLK`f;c%T;WE(S(hd=Tr|HNSDVs*?oGz+Yb9m z=@I`!vPWkfwuJ5WgcnKTmtPpE*J)%9K}&SbKG)Qrl~xa_b934JyM)uvqtOXlCHOb> zbF2mR;lKY}I0ljJp z`bhqo(tT8Bn0dg$AJ98%!$pN+K;e?dqQTYlC;p}nB^< z_?>{6si7Ie>NH-3k?nyxtsM!=s)edRU>_8;a>*m`y6!>hOUy4&FxZl-NSU)-SIH24 zeenId*z+rt1lY52aPzBUiT@-u!P#b2O^y4domkwS`!Vljt3a~`Nv9gq7XPg|R8LLq zpzQ9-vTd<&Sv#Qs3;Cj8Zyt8N5|W=F#M_dW+DnI1mQNoQIjzr@o(1+e|M5J3Z(L=O zUoIh`#4;asd@Lf=Pf?o|h5a4|`BBuV$cQxg`OI6^8uUJ+-X7E5t0(FYJr1jQd1Q@m z9UL(VI@XU(gv2jVJ`$i|y#2C6-=?$1V%1G>xaNX59LxZg;rVIa#%}Qusi?FJkBd>U z9#x^Xd35xBcGxZPLg^3f%ETdqFkFSlnzFUod{p&DDZRl#fc7pI;j+R#7ra?*k)Dlixb+G zhHhfUW2wF$o7EzEMuEkx^W&H(i{OE^;3g&%R80SH9zeeAJ zzDo>#mC`T2xlD|~l+|J6Qqe2V$owT&E?wmxPKR*Q7&VqU$1W+l{r$RkMuRBw)l5x0 zA}gKMyUp8DCAHKprKG$jUlv)gd{J<%jMsH2wUVbM!hX!zr(D6&_$5w(_Yu<{wz1@KZ2BMvhnpRGFw8Pti&9J3LqlqL5bijvqgKM=7&k4d9>>@HAT_ z7Ax-;KEem$G-LIPEPEj}>UI_jtQ9sY)~gB&crCrf`TG92@a013^VXeA*c|aAN}Z+& z6B`6V(@3CPwax8igxvKUXzv(i{9d(Cp*@i3i6%dkzC((cmJ~|Up4Vrb`&V{GCFqif z!;=!p0CToaZB$X_E(}*25M-avYx~l@xt@B)Chj>?EF8lTltD{~G4ahTQZy3suu(qz z&Jv5ndADQC`n=Am)Xpxu-2OlonXpV&HrFW|Ubz%rltkSNsaC+5*F;*f9c;gRrWelu~XJJ)5zKfXU`hRVRP*T?e6oI34}JAbQhdg-zY z|MPc!p+ji#DkGP}qU@4VlAcK{tuFjk&@$EQurI|^g5vbj?E_qx_4^f`qo8;ndjjo0 zqp>YSZGp5dnm;FjK|*>1tX&pK5}QcwvzL84;KDZ`fbJp7^L6g8AYZhx_LW{XQTOXn zaVH!}d5nJTN>;SgC$L+8<})BbfatS8nBY0I=**Ls2w1Q}8uNZ29Jo!{Z1DC?1>qm5 zH>&-_<)*{o8zpbbC{;S^=K8x6egtnHngQmI>vo#|VyZNyW~&(-Bi`5u(MC4Ohm!O6 zE8CWGA`IR>XpS@Cpy>5?(J>z1y>x5XJp(F9CkepvT7^84 zPa2IG^T~^o|i4iID!!R zVQk)RD2v+KJ{DSO3ys}#E>C|5`5ETgSp9B(FL3>A{cIwG?spD{JLT-Kt@ZOj7k??# zSC_*bXYt+Io3z#5t2%12e%lDhWSqkMUEo&wPo|Y46tO6ts?*{mup-IUnRXmoxQzy7BmV zUS?2BXOyB(O9z4WnS%J2rtq5>>GP)-QJJMj<-(aQ@gMTGzD7Q|4C{z7VgwOb-7^(k z7g$vb=_}>5R!QzT0`kdgGp^BU_z1!o#Gq#1z7Ts6TRZvCWL|egX1=K^~Yu zDzxgz)Q(+F3|ryevnbI%MEkh%v;eb$IpbIeBBxlgXA<_(F)f3W7 zO7R1M2HrpD3=LF{3RVJxJ@E+mWnt4##@z7LS!>L}lU zM_*Sj+anx@-#!FPu9}hl6YRrcnrG$>0&Ln-ls$O91+4kZAGg_2Kdkja$OMF|aUE_J z;V;Qpo6*bbUYLw0?r*uZQy{@x*X^VELP7%S)w?M>UxVO$_&d$cwpM#5XlpRH}1^FdZA zv%j&D{NX*&5l0*xmuW#ASOy7{fIsRJxe?eIwW)vP*B@8j@8%&olPw;C@%dc}wf70r zLW@eZ;7pLP&m_NN;F9=(j=Z3O}EU-4<2#3wA^2t)mqYN<^Khs9AD$K&!9NK29flR<}3v%b%%2* zadQ0vVSx_zTr2n&Y60vzz{E?nqX4KMKPHg^^?@ddFAn!t+Rpd1=vz+~xt?P|>!(UuQ~^sB=K7{A#~o^fMJGFZAZc28t=@!eCgQ zJ>W~excEixns&^Ay7I52vm;PJn!dpw0D^(GC#0vClgX$7p8DXERQ8Ojpab-FNm8_6 zV(Ba#R!khkk#g8BI_j$zUjC&z1DD29 zLgZrxVLl2L)`F;wm=dzQRnv@8>WURI+?{Vl^P{oNSa<-O? z4S&`T`P$MhR4ifp&RMkQY1lybK{DM^xJ#fr(C;VCEvBk0cOgHJB)7N@l;gJFo>Dx^ z*-BuVJOHa$P!6kD{U~8KO10)o3a=V~cAv0YdN`XHL^bWjsw+()k}C$efeW4zjS_Y(fNp8Sktji3 zy?G%4y?_=)*Sjp;o8>EpiDmd-=dbKp@=YoJHu2EE%hIFDumeTlGn$YxM|ye(cqj5S z?RX}r?VWhtyDaURzFzT38pGa+Ct-of04I^@FVsg11~`7MZEmcK-W%3m?lrZ@{C z=Sm|nCcI>UU+1ra_TdCJ3|~IDOTr;dHHeSG;vuPosEG|LoZSp8kfw5~0tZzoc9u)?Kv0};o#2s5 zta`i>)rD4epTJ&$M?8FdgkGnKc@oUjsY8?_lCt&9vPwubTV$(nl;@T~?zo7|h-E=jabXnNz5JLOjEN^|xm^)nXv zDT_$=vBBlzH1csOsBiwFg>;h9lspGkY~e1|WGizOK!R+YBy*O~uwolOk6$q{SEgQV z&QBEzwId`1lxYwZ=(!v9a-iQV!(7gg8(o2J+fh})3w%?Cdk3|W2LH*Icrc!v3}z%6 zj;1}_BV;s;k8wPi_G1!_qfs0V`r~nbf){Z=9Q6r~$YeI0E(Vim8qUH&cs!mCw^IYy zB}Gj-=Ic9>=kgc><4v|OcBV1lid_Lf)`Ia6Cu$^iVgF%R_(v(~q6lI13(M*6vTq_y zD0HejYB+_Nx|K;>H&8pHRDj)&SzPnBnPaMG4&WLG_#TLxkkxr;6byo%VWH`O45Ddo zK*qDhU@{wzdb7!RFvGYvCDY-8ETTcLH;V9NGKvYA;l(7J_4{NLkL5o{(>f??7^=u5Y+->jqlFfg_Z^Q5D75kn4J6w+&VJKU>$2)(U2F=S*9jTil8p`D z>%-`K1>$>6Q&6T=t4~3Zo8A<@ICZ{C`!RC7o8}FHMz9eUxB*_#3mQP;ZYnBq3!TCm zwNSj%Hsq*Cp6B}ztDl0Xllww_*fDaEvm_z;j;WN#G;*70ZMP_r+BG$wI1$|llNC!j z5nHe{YH47`I)z6+A7i_RPv;uzSuyRa{adG3l3F~&aUarD?|tUs^YG*Za?a%-q)zfD zy6#IHuhvkAn8hd}oJuP*V-c@+zN4J7^cTvdq?X$%LAKj7mZNivn|Gw{O(SEBNX_?+d4TMR zJ{^w0wN|21c^fYDB3zJ0K(Ettk`O`a-3!nGItLb&AP~Jt!B$;TUfXjGYP}tW*E0B4 z-QFqVTgBRfpXLvyqDk!OJdJjjDck=Fi$BS~7$$x^hdYN(RiWP~R=;xuR zDZ2Q>|ChJ9(!* zdM6%KYxO!FFrRng^}SE;J02%E50`}7bur;WbpGnX#D96mDz7FzPSt)@XwV98P);~Y z?g&bG!r1LPGw}$Psw*#!`-Bs*&NTN%DR0nt^o^ZhZ@St6;p0qQijqt1>xSLO%HJ>TV6i0T&qsQUP41|dn5NBi2k5efx*CR4@EZ>QWcfuSSEr%mQ9n4S=7WvH0mvVQJ&te3X)iilUoI9g?u{31x%8&{y!^6HYRzt&yV=A(A?_ zhHNaxwT`#zp-ld=} zG;IWn4x;nsA5BS8a|l~L2>5z%Fn+Uy35)Ta+!gt;%OJ3G^0;6;k@H z6n70PxFj{J)6nXRYY@=7?Y^>k)huR=5^JFTg@sIQ$h$PzQanNFLhD%Susc??hDcrh z*fg9oFQsM&y_Jfr+L;4E1)*uG-g)I6xi#hghzNrqI112nP^NPtiCHOc5>8Ry0O&ZH zBhbv!WK(>GUO2xckvusy@&@unQfG-mk-2L z;u*PCLcP`Tul-x!l6w0hUvk6B?6n6IOGj zK3&)J;-aNlT*-%(xSe^7v_;c4pPh$Q>Tz4$C|KuBZiuk#*@V4>Q)MS8-wf!8a#LzC zd-dkUg>1U!#7Wqc12}&gxEQy_ob5BK?Ez;O%>AOx21&EIR)T*(m|6GRfvtw29$W7B zg5zLlg3FWP@o2c{_i#9#3>MRPGQ^8$7{z!nnha*sa56cbhA~;p$nkhQ3n$~jWE_us zlgV&8j>CAegC1i*nvCDAt5c*Cw=Yi#Q0w}fCLi#I*J!Kc9aop84Eun!F&%dytRtx{ z56Bi_R%hHBN5j#uN224fAB~1FiTcxM5%v4W$BW|$2^W(%93D^l{ox`U^`qe^!h>Ni z9Q6ixG#!t35#%h-2bSO3soY^@g=5Qmh zGPoMZ!m;pqq$y6S+X7x4nDH=eGQtBLPv9qoazXU}^&fmvoSZ3(Tu)3@vc6)GRKpYf zV3LzB_TY(PDWtI|N|X;yr?_q1?O%$a?b`fq>Izy$6T66KaN^3oTo40`ul#20^RV*0q z4Z+ddoC@+f4VB~bv}kEv^2H5Obt52928l8lnBJjankh|Y#Uf&@ADzXorfb92xqVPc z-v-bBo3}GQMN6DQn32E`wuzB-&p*cSd!mV#~-gdHYy?*`riLuXBTi6`eH50jN#lcY+Zu~ zc1f6B-GVJAID*Xf2KF{$na1v*YWF&jgy9!PUIP|Rf3L9AY&QFu+G|BvEewmT{4j&b z$v@YG3p=7liPeVHeR#9URi|;O2IXRt7WVTPqHU59{Ob;iHYr}wP{}t=S*jlmG`Yv6 z4)!g=>rN^A)OIF$gQHt7p$mz#6;baKl7tfl3@*Hu9~X6du2Tr{k_bITe@Tl?TK-5gi1jdrYcG!wA}^f4ykikXPEN6|(gIOeHMv_g$An;&q^TQ0lQ5 z@%6$7$1H`~2_>qRNWUTQUd)%aw4nArO$%tlMDE5?w4vY@RO?0#WffKXM{5g1LK z+Qv2qQqtR%P-2$AEnH^fZE%o;y{_#@Na)d5lpT9;rn-t=!?a<`W> zu+yUGd6PA#b^V*yFFQEBX+ye!DmQghgUt~ixp!>G> zg+uVSuss}dzW6S2aFsWUWsonkW!5}@AkARS^S`8apl6`%aMHtii2Z0VZPgUY_`W!! zE1UEn(^6MMYqlWD@B-~C(2i++S?>7w7?LXsHP~iU0?d``oYvTO;8D(dCn)xZcS|Mn4>3ePG9;93^Eb|OB*i8>d5t*!P;r(r~$de0?A%FRL!CW zzpJK`)8C1?Bij_xkN~bP=H@NQkI{l06cunlLy7ZrY1N;H6ZD%Yx-B~82p=O6EWm)cj z&jKJ0uowH+=BV{LyzGVp;-bC8+4Ub@%zu`Ows$g~OgrYcGblZ-lBB#7?=?KL_mc7z z7U9zCc<}n3+YkP5#YwJzcOT$_cEw%ya{90#4jJkUSIq4Ia)Fb!l8vBhesVXc$;;RM z>QUPQ=(dazU2mm)&0I|^z;!AS0X!~la>D;vD=2HE-n?kBHOskx^c54G3#3~U?VM3= z$+fEhyI;DUgQ_{zu8QS=Y`dcCZnRCP8WNyO)wTMgNk1Cm#pJjbhvBF{8w|tQARZ2T z;cPhQO$YI0G9HrNuun)F^~10~=nsZCTJ#6KxEIz7wAHAxS#~*Pu(P+_b2?MeE7KN* zHi@FRH7n$q3{?np#ZjHEsnhq>m6kTP*dq)kFu#SYOjim!P`n72B96 zWewChAa6pqv!J`WU{M-G6P)UWM6c^9JpiL$E-&Z0r^z@nC2oKR!e!Lj7B`PZ!WVb3*l#`PIsw^6IVZ8hmn>)wDpp??P00^U7tLmaYnP%FHJ#5eG5 z8*zLM-P-OG*v~pfS|=nxG!2ursS<$~?2hP=T4cmA4nrILgm*u;sA80FH_M^_SG34; z!r3|xYh@jwLMiu7{_w(V?VWg|Uaz4}ikVwDrYID7iMxwm6(%C}Y_=QSwH&w?!!Q zAqi)o!Wf{Zx;C8hu?n~`@00_TClg7-e3R)5Qu<`=sJsk_Rzm3pNUXV|oa%BzINdB* zv{A^-Dmr0({cu1`6Mcr7Vw;s!onJja*N(HRm!}v1<(&*lD>K(M7_KTiem0vjp{n7S}~)$X$O|8}^XZM)B_++`})6_gXkD6#NmbqStuPL(cm!~Flsjsz zcBF}Dt9GO~v9;7u`w*C5ArS8f4{4mM!fX<%X%nCebs5@K0j_1+>yG;Wh5X0m+58%o z`}*p9ejOlX>B~Q8n?J)JQiRdv*}PQs@P>$Dr$U)pxqq(SynwH;ubrUMwm}J;-w?5j zbBmgbPWy^;MLGIQq8=t7&e=-o&qYmR_yTT(>jL04TrxDzP-!QE%U?!3=>)mrtadyL zmGJj<27qA^pm>tjujCX(THqM%thl~zRV z;dKg`>yUA3?7OWVi3Ve^-2dM1ve;eU4q6woZ%vJqiqnTBk!$W2Pt^bmZOT}-4JcY( zPrIyTc$Q%+>oYKq@^Z+9h)m^uU8B8&umVE45n3eDPCVfjhPKr%9Rd&BgIjfU04pL$ zfv-*Fxhbty%%zhwq+Zo#5z5!8Dmkhlm7cy)5MY^un;eH^PI3yV6D*C~w@7-|HsZPM zptrZ3osT}wXjdNg3B!?ZE&OiABLA-6eQYbK9lfv7v?8428`74s{Dlef`&&qAEiV1l zh+>I8P8(juHToS^mm-RmpIf{LAi|4w1ymiK7A#{4yV+c1(kMQ&1(WLJnb-K*dfewp zJ~MYPWoq6Gc%K7&zo_A40_s9ECU76TwJtCJr@XQBGcRAfgdxG<5|N0)Ybk5>mW#O^ zE(M9AM&+$R$%0E;cCn#~eM`-Q%BwFY?z1e{&ch`%jp!YX);N)-%B?9`4y7cy!1m31 z`)cFXu*X}Plb_*j$1QP>GN}6nJ_biAQmNF*+VC27|$3+8ZB}-mJgCy~T)(Ec_Ugm3Z2IEEZoXLfJ^xfY--_{TK@w=sWq`Ssn z8myuR!O`pWdXv!z{@?5Ms{ikeCdc3PN5kH5bUYpo$KUn(@ITah5bQgC)?DEHyWVHx zst)ci^5gsdqa}^V$s>e(Bv|-J{^il*!uKpKpgT%FJbLsGc;aB0llTYE9K3~03s`>B z{Y@SKH0+9;-fe=Aa}Ug%A3Q-miZ1+~ljH}Fi%mlKk`Upc?vIZiJ$?+ee|-=a^4G_Y zAES#9r&6Y@6Tu%ndi3Z|^opUEl$V6PJWJMTWZv$P^76#r_46lSEY4tqQ6BG*B;bB( iqUK+{Y=8g!{qy(F-#?%I^Zx+=0RR781qfIGwgmu2$a=s4 literal 0 HcmV?d00001 diff --git a/enterprise/blocky/1.0.0/ci/k8sgateway-values.yaml b/enterprise/blocky/1.0.0/ci/k8sgateway-values.yaml new file mode 100644 index 00000000000..4bddcbf7f12 --- /dev/null +++ b/enterprise/blocky/1.0.0/ci/k8sgateway-values.yaml @@ -0,0 +1,7 @@ +k8sgateway: + enabled: true + # -- list of processed domains + domains: + - domain: something.com + dnsChallenge: + enabled: false diff --git a/enterprise/blocky/1.0.0/ci/standalone-values.yaml b/enterprise/blocky/1.0.0/ci/standalone-values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/enterprise/blocky/1.0.0/ix_values.yaml b/enterprise/blocky/1.0.0/ix_values.yaml new file mode 100644 index 00000000000..7c74a62ea55 --- /dev/null +++ b/enterprise/blocky/1.0.0/ix_values.yaml @@ -0,0 +1,335 @@ +image: + # repository: spx01/blocky + # tag: development@sha256:ddb35986cbc924de11cd37ccf625ff6bd0896fad456e57ee9c0bd67bd034770e + repository: tccr.io/truecharts/blocky + tag: v0.19@sha256:77a474542f12f480deca33ff0a6375846918b86988c13f858620839d8818ca84 + pullPolicy: IfNotPresent + +WebUIImage: + repository: tccr.io/truecharts/blocky-frontend + tag: v0.0.3@sha256:81058f20520dcdb80c9883b6f21b338446fefc333e3ca8bd7d17336a24a5d842 + pullPolicy: IfNotPresent + +k8sgatewayImage: + repository: tccr.io/truecharts/k8s_gateway + pullPolicy: IfNotPresent + tag: 0.3.2@sha256:594fd6990eb2e0af1df7df8ba76cb3ca66232f46c5df5ebf786a45dd19777ae5 + +controller: + # -- Set additional annotations on the deployment/statefulset/daemonset + # -- Number of desired pods + replicas: 2 + # -- Set the controller upgrade strategy + # For Deployments, valid values are Recreate (default) and RollingUpdate. + # For StatefulSets, valid values are OnDelete and RollingUpdate (default). + # DaemonSets ignore this. + strategy: RollingUpdate + +# -- Blocky Config File content +blockyConfig: {} +# upstream: +# default: +# - 1.1.1.1 + +blocky: + enableWebUI: true + enablePrometheus: true + +probes: + liveness: + enabled: + custom: true + spec: + exec: + command: + - /app/blocky + - healthcheck + readiness: + custom: true + spec: + exec: + command: + - /app/blocky + - healthcheck + startup: + custom: true + spec: + exec: + command: + - /app/blocky + - healthcheck + +service: + main: + ports: + main: + port: 10315 + protocol: HTTP + targetPort: 80 + dns-tcp: + enabled: true + ports: + dns-tcp: + enabled: true + port: 53 + targetPort: 53 + dns-udp: + enabled: true + ports: + dns-udp: + enabled: true + port: 53 + protocol: UDP + targetPort: 53 + dot: + enabled: true + ports: + dot: + enabled: true + port: 853 + protocol: TCP + targetPort: 853 + http: + enabled: true + ports: + http: + enabled: true + port: 4000 + protocol: HTTP + targetPort: 4000 + https: + enabled: true + ports: + https: + enabled: true + port: 4443 + protocol: HTTPS + targetPort: 4443 + k8sgateway: + enabled: true + ports: + k8sgateway: + enabled: true + port: 5353 + protocol: UDP + targetPort: 5353 + +## TODO Add support for SCALE certificates and certificates secrets here +certFile: "" +keyFile: "" +logLevel: info +logFormat: text +logTimestamp: true +logPrivacy: false +dohUserAgent: "" +minTlsServeVersion: 1.2 + +# -- set the default DNS upstream servers +# Primarily designed for inclusion in the TrueNAS SCALE GUI +defaultUpstreams: + - 1.1.1.1 + - 1.0.0.1 + - 8.8.8.8 + - 8.8.4.4 + - 9.9.9.9 + - 149.112.112.112 + - 208.67.222.222 + - 208.67.220.220 + - 8.26.56.26 + - 8.20.247.20 + - 185.228.168.9 + - 185.228.169.9 + - 76.76.19.19 + - 76.223.122.150 + - 76.76.2.0 + - 76.76.10.0 + +# -- set additional upstreams +# Primarily designed for inclusion in the TrueNAS SCALE GUI +upstreams: + # - name: group2 + # dnsservers: + # - 1.1.1.1 + +# -- set bootstrap dns (not needed) +# Ensures bootstrap encryption and ensure it doesn't use k8s dns +bootstrapDns: + # -- Upstream + upstream: "" + # -- IP's linked to upstream DoT/DoH DNS name + ips: [] + +# -- Return empty answer for these queries +filtering: + # -- Ensures filtering by query type + queryTypes: [] + +# -- Set manual custom DNS resolution +customDNS: + customTTL: 1h + filterUnmappedTypes: true + rewrite: [] + # - in: something.com + # out: somethingelse.com + mapping: [] + # - domain: something.com + # dnsserver: 192.168.178.1 + +# -- Setup client-name lookup +clientLookup: + # -- upstream used for client-name lookup + upstream: "" + singleNameOrder: [] + clients: + # - domain: laptop + # ips: [] + +# -- Setup caching +caching: + minTime: 5m + maxTime: 30m + maxItemsCount: 0 + prefetching: false + prefetchExpires: 2h + prefetchThreshold: 5 + prefetchMaxItemsCount: 0 + cacheTimeNegative: 30m + +# -- set conditional settings +# Primarily designed for inclusion in the TrueNAS SCALE GUI +conditional: + rewrite: [] + # - in: something.com + # out: somethingelse.com + mapping: [] + # - domain: something.com + # dnsserver: 192.168.178.1 + +# -- set blocking settings using Lists +# Primarily designed for inclusion in the TrueNAS SCALE GUI +blocking: + # -- Sets the blocktype + blockType: nxDomain + # -- Sets the block ttl + blockTTL: 6h + # -- Sets the block refreshPeriod + refreshPeriod: 4h + # -- Sets the block download timeout + downloadTimeout: 60s + # -- Sets the block download attempt count + downloadAttempts: 3 + # -- Sets the block download cooldown + downloadCooldown: 2s + # -- Set to fail start of lists cannot be downloaded + failStartOnListError: false + # -- Sets how many list-groups can be processed at the same time + processingConcurrency: 4 + # -- Add blocky whitelists + whitelist: [] + # - name: ads + # lists: + # - https://someurl.com/list.txt + # - /somefile.txt + + # -- Blocky blacklists + blacklist: [] + # - name: ads + # lists: + # - https://someurl.com/list.txt + # - /somefile.txt + + # -- Blocky clientGroupsBlock + clientGroupsBlock: [] + # - name: default + # groups: + # - ads + +# -- configure using hostsfile for lookups +# Allows for using the hosts configured in kubernetes and such +hostsFile: + enabled: false + filePath: /etc/hosts + hostsTTL: 60m + refreshPeriod: 30m + +## TODO: add this with postgresql support as well +# queryLog: +# type: csv +# target: /logs +# logRetentionDays: 0 +# creationAttempts: 3 +# CreationCooldown: 2 + +portal: + enabled: true + +serviceAccount: + main: + # -- Specifies whether a service account should be created + enabled: true + +# -- Create a ClusterRole and ClusterRoleBinding +# @default -- See below +rbac: + main: + # -- Enables or disables the ClusterRole and ClusterRoleBinding + enabled: true + + # -- Set Rules on the ClusterRole + rules: + - apiGroups: + - "" + resources: + - services + - namespaces + verbs: + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + +k8sgateway: + enabled: true + # -- TTL for non-apex responses (in seconds) + ttl: 300 + + # -- Limit what kind of resources to watch, e.g. watchedResources: ["Ingress"] + watchedResources: [] + + # -- Service name of a secondary DNS server (should be `serviceName.namespace`) + secondary: "" + + # -- Override the default `serviceName.namespace` domain apex + apex: "" + + # -- list of processed domains + domains: [] + # -- Delegated domain + # - domain: "example.com" + # # -- Optional configuration option for DNS01 challenge that will redirect all acme + # # challenge requests to external cloud domain (e.g. managed by cert-manager) + # # See: https://cert-manager.io/docs/configuration/acme/dns01/ + # dnsChallenge: + # enabled: false + # domain: dns01.clouddns.com + + forward: + enabled: false + primary: tls://1.1.1.1 + secondary: tls://1.0.0.1 + options: + - name: tls_servername + value: cloudflare-dns.com + +unbound: + enabled: false + +redis: + enabled: true + existingSecret: "rediscreds" diff --git a/enterprise/blocky/1.0.0/questions.yaml b/enterprise/blocky/1.0.0/questions.yaml new file mode 100644 index 00000000000..2ca4fbbff44 --- /dev/null +++ b/enterprise/blocky/1.0.0/questions.yaml @@ -0,0 +1,3506 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: Controller + description: Configure Workload Deployment + - name: Container Configuration + description: Additional Container Configuration + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" +questions: + - variable: global + label: Global Settings + group: Controller + schema: + type: dict + hidden: true + attrs: + - variable: isSCALE + label: Flag this is SCALE + schema: + type: boolean + default: true + hidden: true + - variable: controller + group: Controller + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: advanced + label: Show Advanced Controller Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: type + description: Please specify type of workload to deploy + label: (Advanced) Controller Type + schema: + type: string + required: true + enum: + - value: deployment + description: Deployment + - value: statefulset + description: Statefulset + - value: daemonset + description: Daemonset + default: deployment + - variable: replicas + description: Number of desired pod replicas + label: Desired Replicas + schema: + type: int + required: true + default: 1 + - variable: strategy + description: Please specify type of workload to deploy + label: (Advanced) Update Strategy + schema: + type: string + required: true + enum: + - value: Recreate + description: "Recreate: Kill existing pods before creating new ones" + - value: RollingUpdate + description: "RollingUpdate: Create new pods and then kill old ones" + - value: OnDelete + description: "(Legacy) OnDelete: ignore .spec.template changes" + default: Recreate + - variable: expert + label: Show Expert Configuration Options + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: Controller Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Controller Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: customextraargs + group: Controller + label: "Extra Args" + description: "Do not click this unless you know what you are doing" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: blocky + group: Container Configuration + label: Blocky Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enableWebUI + label: Enable Web UI + description: Enables Web UI + schema: + type: boolean + default: true + - variable: enablePrometheus + label: Enable Prometheus Endpoint + description: Enables Prometheus Endpoint + schema: + type: boolean + default: true + - variable: overrideDefaults + group: Container Configuration + label: Override Default Upstreams + description: Overrides the predefined DNS server upstream list + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: defaultUpstreams + label: Default Upstreams + schema: + type: list + default: [] + items: + - variable: upstreamEntry + label: Upstream Entry + schema: + type: string + required: true + default: "" + - variable: upstreams + group: Container Configuration + label: Upstreams Groups + description: + schema: + type: list + default: [] + items: + - variable: upstreamsGroupEntry + label: Upstreams Group Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Group Name + schema: + type: string + required: true + default: "" + - variable: upstreams + label: Upstreams + schema: + type: list + required: true + default: [] + items: + - variable: upstreamEntry + label: upstream Entry + schema: + type: string + required: true + default: "" + - variable: bootstrapDns + group: Container Configuration + label: Bootstrap DNS + schema: + additional_attrs: true + type: dict + attrs: + - variable: upstream + label: Upstream + schema: + type: string + default: "" + - variable: ips + label: IPs + schema: + type: list + default: [] + items: + - variable: ipEntry + label: IP Entry + schema: + type: string + required: true + default: "" + - variable: filtering + group: Container Configuration + label: Filtering + schema: + additional_attrs: true + type: dict + attrs: + - variable: queryTypes + label: Query Types + schema: + type: list + default: [] + items: + - variable: queryTypeEntry + label: Query Type Entry + schema: + type: string + required: true + default: "" + - variable: customDNS + group: Container Configuration + label: Custom DNS + schema: + additional_attrs: true + type: dict + attrs: + - variable: customTTL + label: Custom TTL + schema: + type: string + default: 1h + - variable: filterUnmappedTypes + label: Filter Unmapped Types + schema: + type: boolean + default: true + - variable: rewrite + label: Rewrite + schema: + type: list + default: [] + items: + - variable: rewriteEntry + label: Rewrite Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: in + label: In + schema: + type: string + required: true + default: "" + - variable: out + label: Out + schema: + type: string + required: true + default: "" + - variable: mapping + label: Mapping + schema: + type: list + default: [] + items: + - variable: mappingEntry + label: Mapping Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: in + label: In + schema: + type: string + required: true + default: "" + - variable: out + label: Out + schema: + type: string + required: true + default: "" + - variable: clientLookup + group: Container Configuration + label: Client Lookup + schema: + additional_attrs: true + type: dict + attrs: + - variable: upstream + label: Upstream + schema: + type: string + default: "" + - variable: singleNameOrder + label: Single Name Order + schema: + type: list + default: [] + items: + - variable: singleNameEntry + label: Single Name Entry + schema: + type: string + required: true + default: "" + - variable: clients + label: Clients + schema: + type: list + default: [] + items: + - variable: clientEntry + label: Client Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: domain + label: Domain + schema: + type: string + required: true + default: "" + - variable: ips + label: IPs + schema: + type: list + default: [] + items: + - variable: ipEntry + label: IP Entry + schema: + type: string + required: true + default: "" + - variable: caching + group: Container Configuration + label: Caching + schema: + additional_attrs: true + type: dict + attrs: + - variable: minTime + label: Min Time + schema: + type: string + default: "" + - variable: maxTime + label: Max Time + schema: + type: string + default: "" + - variable: maxItemsCount + label: Max Items Count + schema: + type: int + default: 0 + - variable: prefetching + label: Prefetching + schema: + type: boolean + default: false + - variable: prefetchExpires + label: Prefetch Expires + schema: + type: string + default: 2h + - variable: prefetchThreshold + label: Prefetch Threshold + schema: + type: int + default: 5 + - variable: prefetchMaxItemsCount + label: Prefetch Max Items Count + schema: + type: int + default: 0 + - variable: cacheTimeNegative + label: Cache Time Negative + schema: + type: string + default: 30m + - variable: conditional + group: Container Configuration + label: Conditional + schema: + additional_attrs: true + type: dict + attrs: + - variable: rewrite + label: Rewrite + schema: + type: list + default: [] + items: + - variable: rewriteEntry + label: Rewrite Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: in + label: In + schema: + type: string + required: true + default: "" + - variable: out + label: Out + schema: + type: string + required: true + default: "" + - variable: mapping + label: Mapping + schema: + type: list + default: [] + items: + - variable: mappingEntry + label: Mapping Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: domain + label: Domain + schema: + type: string + required: true + default: "" + - variable: dnsserver + label: DNS Server + schema: + type: string + required: true + default: "" + - variable: blocking + group: Container Configuration + label: Blocking + schema: + additional_attrs: true + type: dict + attrs: + - variable: blockType + label: Block Type + description: Set the response should be sent to the client, if a requested query is blocked + schema: + type: string + default: nxDomain + - variable: blockTTL + label: Block TTL + description: Set the TTL for answers to blocked domains + schema: + type: string + default: 6h + - variable: refreshPeriod + label: Refresh Period + description: Set how often blocky should refresh list cache + schema: + type: string + default: 4h + - variable: downloadTimeout + label: Download Timeout + description: Download attempt timeout + schema: + type: string + default: 60s + - variable: downloadAttempts + label: Download Attempts + description: How many download attempts should be performed + schema: + type: int + default: 3 + - variable: downloadCooldown + label: Download Cooldown + description: Time between the download attempts + schema: + type: string + default: 2s + - variable: failStartOnListError + label: Fail Start on List Error + description: Fail to start if at least one list can't be downloaded or opened + schema: + type: boolean + default: false + - variable: processingConcurrency + label: Processing Concurrency + description: Sets how many list-groups can be processed at the same time + schema: + type: int + default: 4 + - variable: whitelist + label: Whitelist + description: Define whitelists, either URL or file + schema: + type: list + default: [] + items: + - variable: whitelistEntry + label: Whitelist Group Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Group Name + schema: + type: string + required: true + default: "" + - variable: lists + label: Lists + schema: + type: list + required: true + default: [] + items: + - variable: listEntry + label: List Entry + schema: + type: string + required: true + default: "" + - variable: blacklist + label: Blacklist + description: Define blacklists, either URL or file + schema: + type: list + default: [] + items: + - variable: blacklistEntry + label: Blacklist Group Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Group Name + schema: + type: string + required: true + default: "" + - variable: lists + label: Lists + schema: + type: list + required: true + default: [] + items: + - variable: listEntry + label: List Entry + schema: + type: string + required: true + default: "" + - variable: clientGroupsBlock + label: Client Groups Block + description: Define, which blocking group(s) should be used for which client in your network. + schema: + type: list + default: [] + items: + - variable: clientGroupBlockEntry + label: Client Group Block Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Client Group Name + schema: + type: string + required: true + default: "" + - variable: groups + label: Groups + schema: + type: list + required: true + default: [] + items: + - variable: groupEntry + label: Group Entry + schema: + type: string + required: true + default: "" + - variable: hostsFile + group: Container Configuration + label: Hosts File + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: filePath + label: File Path + schema: + type: string + default: /etc/hosts + - variable: hostsTTL + label: Hosts TTL + schema: + type: string + default: 60m + - variable: refreshPeriod + label: Refresh Period + schema: + type: string + default: 30m + - variable: k8sgateway + group: Container Configuration + label: k8s-Gateway Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable k8s-Gateway + description: Enables k8s-Gateway + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: domains + label: Domains + description: Please refer to CoreDNS docs for options + schema: + type: list + default: [] + items: + - variable: domainEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: domain + label: Domain name + schema: + type: string + required: true + default: example.com + - variable: dnsChallenge + label: Forward dnsChallenge + description: Optional configuration option for DNS01 challenge that will redirect all acme + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: domain + label: Forward to Domain + schema: + type: string + required: true + default: dns01.clouddns.com + - variable: advancedOptions + label: Advanced Options + schema: + type: boolean + default: false + show_if: [["enabled", "=", "true"]] + show_subquestions_if: true + subquestions: + - variable: ttl + label: ttl + description: TTL for non-apex responses (in seconds) + schema: + type: int + default: 300 + - variable: watchedResources + label: Watched Resources + description: imit what kind of resources to watch, e.g. Ingress + schema: + type: list + default: [] + items: + - variable: watchedResource + label: Watched Resource + schema: + type: string + default: "" + - variable: secondary + label: Secondary DNS Server Service + description: Service name of a secondary DNS server (should be serviceName.namespace) + schema: + type: string + default: "" + - variable: apex + label: Apex + description: Override the default `serviceName.namespace` domain apex + schema: + type: string + default: "" + - variable: TZ + label: Timezone + group: Container Configuration + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + group: Container Configuration + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: expertpodconf + group: Container Configuration + label: Show Expert Configuration + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: tty + label: Enable TTY + description: Determines whether containers in a pod runs with TTY enabled. By default pod has it disabled. + group: Workload Details + schema: + type: boolean + default: false + - variable: stdin + label: Enable STDIN + description: Determines whether containers in a pod runs with stdin enabled. By default pod has it disabled. + group: Workload Details + schema: + type: boolean + default: false + - variable: termination + group: Container Configuration + label: Termination settings + schema: + additional_attrs: true + type: dict + attrs: + - variable: gracePeriodSeconds + label: Grace Period Seconds + schema: + type: int + default: 10 + - variable: podLabelsList + group: Container Configuration + label: Pod Labels + schema: + type: list + default: [] + items: + - variable: podLabelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: podAnnotationsList + group: Container Configuration + label: Pod Annotations + schema: + type: list + default: [] + items: + - variable: podAnnotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Service + description: The Primary service on which the healthcheck runs, often the webUI + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Service Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 10315 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabled + label: Enable the Port + schema: + type: boolean + hidden: true + default: true + - variable: protocol + label: Port Type + schema: + type: string + default: HTTP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: nodePort + label: Node Port (Optional) + description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: Target Port + description: The internal(!) port on the container the Application runs on + schema: + type: int + default: 80 + - variable: dns-tcp + label: DNS TCP Service + description: The DNS TCP service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: dns-tcp + label: DNS TCP Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 53 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabled + label: Enable the Port + schema: + type: boolean + hidden: true + default: true + - variable: protocol + label: Port Type + schema: + type: string + default: TCP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: nodePort + label: Node Port (Optional) + description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: Target Port + description: The internal(!) port on the container the Application runs on + schema: + type: int + default: 53 + - variable: dns-udp + label: DNS UDP Service + description: The DNS UDP service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: dns-udp + label: DNS UDP Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 53 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabled + label: Enable the Port + schema: + type: boolean + hidden: true + default: true + - variable: protocol + label: Port Type + schema: + type: string + default: UDP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: nodePort + label: Node Port (Optional) + description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: Target Port + description: The internal(!) port on the container the Application runs on + schema: + type: int + default: 53 + - variable: dot + label: DoT Service + description: "DNS-over-TLS service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: ClusterIP + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: dot + label: DoT Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 853 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabled + label: Enable the Port + schema: + type: boolean + hidden: true + default: true + - variable: protocol + label: Port Type + schema: + type: string + default: UDP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: nodePort + label: Node Port (Optional) + description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: Target Port + description: The internal(!) port on the container the Application runs on + schema: + type: int + default: 853 + - variable: http + label: HTTP and Metrics Service + description: "service for things like metrics, pprof, API, DoH etc" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: ClusterIP + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: http + label: HTTP and Metrics Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 4000 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabled + label: Enable the Port + schema: + type: boolean + hidden: true + default: true + - variable: protocol + label: Port Type + schema: + type: string + default: UDP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: nodePort + label: Node Port (Optional) + description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: Target Port + description: The internal(!) port on the container the Application runs on + schema: + type: int + default: 4000 + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + group: Networking and Services + label: Host-Networking (Complicated) + schema: + type: boolean + default: false + - variable: externalInterfaces + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + show_subquestions_if: static + subquestions: + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: dnsPolicy + group: Networking and Services + label: dnsPolicy + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ClusterFirst + description: ClusterFirst + - value: ClusterFirstWithHostNet + description: ClusterFirstWithHostNet + - value: None + description: None + - variable: dnsConfig + label: DNS Configuration + group: Networking and Services + description: Specify custom DNS configuration which will be applied to the pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: nameservers + label: Name Servers + schema: + default: [] + type: list + items: + - variable: nameserver + label: Name Server + schema: + type: string + - variable: options + label: Options + schema: + default: [] + type: list + items: + - variable: option + label: Option Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: searches + label: Searches + schema: + default: [] + type: list + items: + - variable: search + label: Search Entry + schema: + type: string + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: TCP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name (Optional) + description: "Not required, please set to config when mounting /config or temp when mounting /tmp" + schema: + type: string + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: simpleHP + enum: + - value: simplePVC + description: PVC (Simple) + - value: simpleHP + description: Host Path (Simple) + - value: emptyDir + description: emptyDir + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissionsSimple + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: false + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPathSimple + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 999Gi + - variable: hostPathType + label: (Advanced) Host Path Type + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: DirectoryOrCreate + description: DirectoryOrCreate + - value: Directory + description: Directory + - value: FileOrCreate + description: FileOrCreate + - value: File + description: File + - value: Socket + description: Socket + - value: CharDevice + description: CharDevice + - value: BlockDevice + description: BlockDevice + - variable: storageClass + label: (Advanced) StorageClass + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: SCALE-ZFS + - variable: accessMode + label: (Advanced) Access Mode + description: Allow or disallow multiple PVC's writhing to the same PV + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: ReadWriteOnce + enum: + - value: ReadWriteOnce + description: ReadWriteOnce + - value: ReadOnlyMany + description: ReadOnlyMany + - value: ReadWriteMany + description: ReadWriteMany + - variable: advanced + label: Show Advanced Options + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: Select TrueNAS SCALE Certificate + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: expert + label: Show Expert Configuration Options + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enableFixedMiddlewares + description: These middlewares enforce a number of best practices. + label: Enable Default Middlewares + schema: + type: boolean + default: true + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: labelsList + label: Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: labelsList + label: Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: Select TrueNAS SCALE Certificate + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: security + label: Container Security Settings + group: Security and Permissions + schema: + type: dict + additional_attrs: true + attrs: + - variable: editsecurity + label: Change PUID / UMASK values + description: By enabling this you override default set values. + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "002" + - variable: advancedSecurity + label: Show Advanced Security Settings + group: Security and Permissions + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: securityContext + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: privileged + label: Privileged mode + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: ReadOnly Root Filesystem + schema: + type: boolean + default: true + - variable: allowPrivilegeEscalation + label: Allow Privilege Escalation + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: runAsNonRoot + schema: + type: boolean + default: true + - variable: capabilities + label: Capabilities + schema: + additional_attrs: true + type: dict + attrs: + - variable: drop + label: Drop Capability + schema: + type: list + default: [] + items: + - variable: dropEntry + label: "" + schema: + type: string + - variable: add + label: Add Capability + schema: + type: list + default: [] + items: + - variable: addEntry + label: "" + schema: + type: string + - variable: podSecurityContext + group: Security and Permissions + label: Pod Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: runAsUser + label: runAsUser + description: The UserID of the user running the application + schema: + type: int + default: 568 + - variable: runAsGroup + label: runAsGroup + description: The groupID this App of the user running the application + schema: + type: int + default: 568 + - variable: fsGroup + label: fsGroup + description: The group that should own ALL storage. + schema: + type: int + default: 568 + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + + - variable: advancedresources + label: Set Custom Resource Limits/Requests (Advanced) + group: Resources and Devices + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: resources + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 10m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 50Mi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: hostPath + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + # Specify GPU configuration + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] +# - variable: autoscaling +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: networkPolicy +# group: Advanced +# label: (Advanced) Network Policy +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: policyType +# label: Policy Type +# schema: +# type: string +# default: "" +# enum: +# - value: "" +# description: Default +# - value: ingress +# description: Ingress +# - value: egress +# description: Egress +# - value: ingress-egress +# description: Ingress and Egress +# - variable: egress +# label: Egress +# schema: +# type: list +# default: [] +# items: +# - variable: egressEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: to +# label: To +# schema: +# type: list +# default: [] +# items: +# - variable: toEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: ipBlock +# label: IP Block +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: cidr +# label: CIDR +# schema: +# type: string +# default: "" +# - variable: except +# label: Except +# schema: +# type: list +# default: [] +# items: +# - variable: exceptint +# label: "" +# schema: +# type: string +# - variable: namespaceSelector +# label: Namespace Selector +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: Match Expressions +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: Key +# schema: +# type: string +# - variable: operator +# label: Operator +# schema: +# type: string +# default: TCP +# enum: +# - value: In +# description: In +# - value: NotIn +# description: NotIn +# - value: Exists +# description: Exists +# - value: DoesNotExist +# description: DoesNotExist +# - variable: values +# label: Values +# schema +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: podSelector +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: Match Expressions +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: Key +# schema: +# type: string +# - variable: operator +# label: Operator +# schema: +# type: string +# default: TCP +# enum: +# - value: In +# description: In +# - value: NotIn +# description: NotIn +# - value: Exists +# description: Exists +# - value: DoesNotExist +# description: DoesNotExist +# - variable: values +# label: Values +# schema: +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: ports +# label: Ports +# schema: +# type: list +# default: [] +# items: +# - variable: portsEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: port +# label: Port +# schema: +# type: int +# - variable: endPort +# label: End Port +# schema: +# type: int +# - variable: protocol +# label: Protocol +# schema: +# type: string +# default: TCP +# enum: +# - value: TCP +# description: TCP +# - value: UDP +# description: UDP +# - value: SCTP +# description: SCTP +# - variable: ingress +# label: Ingress +# schema: +# type: list +# default: [] +# items: +# - variable: ingressEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: from +# label: From +# schema: +# type: list +# default: [] +# items: +# - variable: fromEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: ipBlock +# label: IP Block +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: cidr +# label: CIDR +# schema: +# type: string +# default: "" +# - variable: except +# label: Except +# schema: +# type: list +# default: [] +# items: +# - variable: exceptint +# label: "" +# schema: +# type: string +# - variable: namespaceSelector +# label: Namespace Selector +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: Match Expressions +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: Key +# schema: +# type: string +# - variable: operator +# label: Operator +# schema: +# type: string +# default: TCP +# enum: +# - value: In +# description: In +# - value: NotIn +# description: NotIn +# - value: Exists +# description: Exists +# - value: DoesNotExist +# description: DoesNotExist +# - variable: values +# label: Values +# schema: +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: podSelector +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: Match Expressions +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: Key +# schema: +# type: string +# - variable: operator +# label: Operator +# schema: +# type: string +# default: TCP +# enum: +# - value: In +# description: In +# - value: NotIn +# description: NotIn +# - value: Exists +# description: Exists +# - value: DoesNotExist +# description: DoesNotExist +# - variable: values +# label: Values +# schema: +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: ports +# label: Ports +# schema: +# type: list +# default: [] +# items: +# - variable: portsEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: port +# label: Port +# schema: +# type: int +# - variable: endPort +# label: End Port +# schema: +# type: int +# - variable: protocol +# label: Protocol +# schema: +# type: string +# default: TCP +# enum: +# - value: TCP +# description: TCP +# - value: UDP +# description: UDP +# - value: SCTP +# description: SCTP + + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: openvpn + description: OpenVPN + - value: wireguard + description: Wireguard + - value: tailscale + description: Tailscale + - variable: openvpn + label: OpenVPN Settings + schema: + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: Sock5 Server + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: dict + show_if: [["type", "!=", "disabled"]] + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type + schema: + type: string + default: hostPath + hidden: true + - variable: hostPathType + label: hostPathType + schema: + type: string + default: File + hidden: true + - variable: noMount + label: noMount + schema: + type: boolean + default: true + hidden: true + - variable: hostPath + label: Full Path to File + description: "Path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn" + schema: + type: string + default: "" + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: git + label: Git Settings + schema: + additional_attrs: true + type: dict + attrs: + - variable: deployKey + description: Raw SSH Private Key + label: Deploy Key + schema: + type: string + - variable: deployKeyBase64 + description: Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence + label: Deploy Key Base64 + schema: + type: string + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: nodePort + description: Leave Empty to Disable + label: nodePort DEPRECATED + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: promtail + label: Promtail + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: loki + label: Loki URL + schema: + type: string + required: true + - variable: logs + label: Log Paths + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: path + label: Path + schema: + type: string + required: true + - variable: args + label: Promtail Command Line Arguments + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + required: true + - variable: envList + label: Promtail Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/docs/about/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/enterprise/blocky/1.0.0/templates/_blockyConfig.tpl b/enterprise/blocky/1.0.0/templates/_blockyConfig.tpl new file mode 100644 index 00000000000..20836e1b0aa --- /dev/null +++ b/enterprise/blocky/1.0.0/templates/_blockyConfig.tpl @@ -0,0 +1,198 @@ +{{/* Define the config */}} +{{- define "blocky.configmap" -}} +{{- $configName := printf "%s-config" (include "tc.common.names.fullname" .) }} +{{- $config := merge ( include "blocky.config" . | fromYaml ) ( .Values.blockyConfig ) }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $configName }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +data: + config.yml: | +{{ $config | toYaml | indent 4 }} +{{- end -}} + +{{- define "blocky.config" -}} +redis: + address: {{ printf "%v-%v" .Release.Name "redis" }}:6379 + password: {{ .Values.redis.redisPassword | trimAll "\"" }} + database: 0 + required: true + connectionAttempts: 10 + connectionCooldown: 3s +{{- if .Values.blocky.enablePrometheus }} +prometheus: + enable: true + path: /metrics +{{- end }} +upstream: + default: +{{- .Values.defaultUpstreams | toYaml | nindent 8 }} +{{- range $id, $value := .Values.upstreams }} + {{ $value.name }}: +{{- $value.dnsservers | toYaml | nindent 8 }} +{{- end }} + +{{- if .Values.certFile }} +certFile: {{ .Values.certFile }} +{{- end }} + +{{- if .Values.keyFile }} +keyFile: {{ .Values.keyFile }} +{{- end }} + +{{- if .Values.logLevel }} +logLevel: {{ .Values.logLevel }} +{{- end }} + +{{- if .Values.logTimestamp }} +logTimestamp: {{ .Values.logTimestamp }} +{{- end }} + +{{- if .Values.logPrivacy }} +logPrivacy: {{ .Values.logPrivacy }} +{{- end }} + +{{- if .Values.dohUserAgent }} +dohUserAgent: {{ .Values.dohUserAgent }} +{{- end }} + +{{- if .Values.minTlsServeVersion }} +minTlsServeVersion: {{ .Values.minTlsServeVersion }} +{{- end }} + +caching: +{{ toYaml .Values.caching | indent 2 }} + +{{- if .Values.hostsFile.enabled }} +{{ $hostsfile := omit .Values.hostsFile "enabled" }} +hostsFile: +{{ toYaml $hostsfile | indent 2 }} +{{- end }} + +{{- if or .Values.bootstrapDns.upstream .Values.bootstrapDns.ips }} +bootstrapDns: +{{- if .Values.bootstrapDns.upstream }} + upstream: {{ .Values.bootstrapDns.upstream }} +{{- end }} +{{- if .Values.bootstrapDns.ips }} + ips: +{{- range $id, $value := .Values.bootstrapDns.ips }} + - {{ $value }} +{{- end }} +{{- end }} +{{- end }} + +{{- if or .Values.filtering.filtering }} +filtering: +{{- if .Values.filtering.ips }} + queryTypes: +{{- range $id, $value := .Values.filtering.ips }} + - {{ $value }} +{{- end }} +{{- end }} +{{- end }} + +{{- if or .Values.customDNS.filterUnmappedTypes .Values.customDNS.customTTL .Values.customDNS.rewrite .Values.customDNS.mapping }} +customDNS: +{{- if .Values.customDNS.upstream }} + upstream: {{ .Values.customDNS.upstream }} +{{- end }} +{{- if .Values.customDNS.customTTL }} + customTTL: {{ .Values.customDNS.customTTL }} +{{- end }} +{{- if .Values.customDNS.rewrite }} + rewrite: +{{- range $id, $value := .Values.customDNS.rewrite }} + {{ $value.in }}: {{ $value.out }} +{{- end }} +{{- end }} + +{{- if .Values.customDNS.mapping }} + mapping: +{{- range $id, $value := .Values.customDNS.mapping }} + {{ $value.domain }}: {{ $value.dnsserver }} +{{- end }} +{{- end }} +{{- end }} + +{{- if or .Values.clientLookup.upstream .Values.clientLookup.ips }} +clientLookup: +{{- if .Values.clientLookup.upstream }} + upstream: {{ .Values.clientLookup.upstream }} +{{- end }} +{{- if .Values.clientLookup.ips }} + singleNameOrder: +{{- range $id, $value := .Values.clientLookup.ips }} + - {{ $value }} +{{- end }} +{{- end }} +{{- if .Values.clientLookup.clients }} + clients: +{{- range $id, $value := .Values.clientLookup.clients }} + {{ $value.domain }}: + {{- range $id, $value := .ips }} + - {{ $value }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- if or .Values.conditional.rewrite .Values.conditional.mapping ( and .Values.k8sgateway.enabled .Values.k8sgateway.domains ) }} +conditional: +{{- if .Values.conditional.rewrite }} + rewrite: +{{- range $id, $value := .Values.conditional.rewrite }} + {{ $value.in }}: {{ $value.out }} +{{- end }} +{{- end }} + +{{- if or .Values.conditional.mapping ( and .Values.k8sgateway.enabled .Values.k8sgateway.domains ) }} + mapping: +{{- if and .Values.k8sgateway.enabled .Values.k8sgateway.domains }} +{{- range $id, $value := .Values.k8sgateway.domains }} + {{ .domain }}: 127.0.0.1:{{ $.Values.service.k8sgateway.ports.k8sgateway.targetPort }} +{{- end }} +{{- end }} +{{- range $id, $value := .Values.conditional.mapping }} + {{ $value.domain }}: {{ $value.dnsserver }} +{{- end }} +{{- end }} +{{- end }} + +blocking: + blockType: {{ .Values.blocking.blockType }} + blockTTL: {{ .Values.blocking.blockTTL }} + refreshPeriod: {{ .Values.blocking.refreshPeriod }} + downloadTimeout: {{ .Values.blocking.downloadTimeout }} + downloadAttempts: {{ .Values.blocking.downloadAttempts }} + downloadCooldown: {{ .Values.blocking.downloadCooldown }} + failStartOnListError: {{ .Values.blocking.failStartOnListError }} + processingConcurrency: {{ .Values.blocking.processingConcurrency }} +{{- if .Values.blocking.whitelist }} + whiteLists: +{{- range $id, $value := .Values.blocking.whitelist }} + {{ $value.name }}: +{{- $value.lists | toYaml | nindent 10 }} +{{- end }} +{{- end }} + +{{- if .Values.blocking.blacklist }} + blackLists: +{{- range $id, $value := .Values.blocking.blacklist }} + {{ $value.name }}: +{{- $value.lists | toYaml | nindent 10 }} +{{- end }} +{{- end }} + +{{- if .Values.blocking.clientGroupsBlock }} + clientGroupsBlock: +{{- range $id, $value := .Values.blocking.clientGroupsBlock }} + {{ $value.name }}: +{{- $value.groups | toYaml | nindent 10 }} +{{- end }} +{{- end }} + +{{- end -}} diff --git a/enterprise/blocky/1.0.0/templates/_k8sgateway.tpl b/enterprise/blocky/1.0.0/templates/_k8sgateway.tpl new file mode 100644 index 00000000000..7735013f760 --- /dev/null +++ b/enterprise/blocky/1.0.0/templates/_k8sgateway.tpl @@ -0,0 +1,107 @@ +{{- define "k8sgateway.container" -}} +image: {{ .Values.k8sgatewayImage.repository }}:{{ .Values.k8sgatewayImage.tag }} +imagePullPolicy: {{ .Values.k8sgatewayImage.pullPolicy }} +securityContext: + runAsUser: 0 + runAsGroup: 0 + readOnlyRootFilesystem: true + runAsNonRoot: false +args: ["-conf", "/etc/coredns/Corefile"] +ports: + - containerPort: {{ .Values.service.k8sgateway.ports.k8sgateway.targetPort }} + name: main +volumeMounts: + - name: config-volume + mountPath: /etc/coredns +readinessProbe: + httpGet: + path: /ready + port: 8181 + initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }} + timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }} + periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }} + failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }} +livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }} + timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }} + periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }} + failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }} +startupProbe: + httpGet: + path: /ready + port: 8181 + initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }} + timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }} + periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }} + failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }} +{{- end -}} + +{{/* +Create the matchable regex from domain +*/}} +{{- define "k8sgateway.configmap.regex" -}} +{{- if .dnsChallenge.domain }} +{{- .dnsChallenge.domain | replace "." "[.]" -}} +{{- else -}} + {{ "unset" }} +{{- end }} +{{- end -}} + +{{/* Define the configmap */}} +{{- define "k8sgateway.configmap" -}} +{{- $values := .Values.k8sgateway }} +{{- $fqdn := ( include "tc.common.names.fqdn" . ) }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "tc.common.names.fullname" . }}-corefile + labels: + {{- include "tc.common.labels" . | nindent 4 }} +data: + Corefile: |- + .:{{ .Values.service.k8sgateway.ports.k8sgateway.targetPort }} { + errors + log + health { + lameduck 5s + } + ready + {{- range .Values.k8sgateway.domains }} + {{- if .dnsChallenge.enabled }} + template IN ANY {{ required "Delegated domain ('domain') is mandatory" .domain }} { + match "_acme-challenge[.](.*)[.]{{ include "k8sgateway.configmap.regex" . }}" + answer "{{ "{{" }} .Name {{ "}}" }} 5 IN CNAME {{ "{{" }} index .Match 1 {{ "}}" }}.{{ required "DNS01 challenge domain is mandatory" .dnsChallenge.domain }}" + fallthrough + } + {{- end }} + k8s_gateway "{{ required "Delegated domain ('domain') is mandatory " .domain }}" { + apex {{ $values.apex | default $fqdn }} + ttl {{ $values.ttl }} + {{- if $values.secondary }} + secondary {{ $values.secondary }} + {{- end }} + {{- if $values.watchedResources }} + resources {{ join " " $values.watchedResources }} + {{- end }} + fallthrough + } + {{- end }} + prometheus 0.0.0.0:9153 + {{- if .Values.k8sgateway.forward.enabled }} + forward . {{ .Values.k8sgateway.forward.primary }} {{ .Values.k8sgateway.forward.secondary }} { + {{- range .Values.k8sgateway.forward.options }} + {{ .name }} {{ .value }} + {{- end }} + } + {{- else }} + forward . 1.1.1.1 + {{- end }} + loop + reload + loadbalance + } +{{- end -}} diff --git a/enterprise/blocky/1.0.0/templates/_webui.tpl b/enterprise/blocky/1.0.0/templates/_webui.tpl new file mode 100644 index 00000000000..881bee2058b --- /dev/null +++ b/enterprise/blocky/1.0.0/templates/_webui.tpl @@ -0,0 +1,36 @@ +{{- define "blocky.frontend" -}} +image: {{ .Values.WebUIImage.repository }}:{{ .Values.WebUIImage.tag }} +imagePullPolicy: {{ .Values.WebUIImage.pullPolicy }} +securityContext: + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + runAsNonRoot: true +ports: + - containerPort: {{ .Values.service.main.ports.main.targetPort }} + name: main +readinessProbe: + httpGet: + path: / + port: {{ .Values.service.main.ports.main.targetPort }} + initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }} + timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }} + periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }} + failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }} +livenessProbe: + httpGet: + path: / + port: {{ .Values.service.main.ports.main.targetPort }} + initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }} + timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }} + periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }} + failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }} +startupProbe: + httpGet: + path: / + port: {{ .Values.service.main.ports.main.targetPort }} + initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }} + timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }} + periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }} + failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }} +{{- end -}} diff --git a/enterprise/blocky/1.0.0/templates/common.yaml b/enterprise/blocky/1.0.0/templates/common.yaml new file mode 100644 index 00000000000..3d85e6e208f --- /dev/null +++ b/enterprise/blocky/1.0.0/templates/common.yaml @@ -0,0 +1,50 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.common.loader.init" . }} + +{{ include "blocky.configmap" . }} + +{{/* Always mount the configmap, with the basic config, plus the 'blockyConfig' */}} +{{- define "blocky.configmap.mount" -}} +enabled: true +type: custom +mountPath: /app/config.yml +subPath: config.yml +readOnly: true +volumeSpec: + configMap: + name: '{{ printf "%s-config" (include "tc.common.names.fullname" .) }}' +{{- end -}} + +{{/* Append the general configMap volume to the volumes */}} +{{- define "k8sgateway.configvolume" -}} +enabled: "true" +mountPath: "/etc/coredns" +readOnly: true +type: "custom" +volumeSpec: + configMap: + name: {{ include "tc.common.names.fullname" . }}-corefile + items: + - key: Corefile + path: Corefile +{{- end -}} + + +{{- $_ := set .Values.persistence "tc-config" (include "blocky.configmap.mount" . | fromYaml) -}} + +{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}} +{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}} +{{- $_ := set .Values.podAnnotations "prometheus.io/port" (.Values.service.main.ports.main.targetPort | quote) -}} + +{{- if .Values.blocky.enableWebUI -}} +{{- $_ := set .Values.additionalContainers "frontend" (include "blocky.frontend" . | fromYaml) -}} +{{- end -}} + +{{- if and .Values.k8sgateway.enabled .Values.k8sgateway.domains -}} +{{- include "k8sgateway.configmap" . }} +{{- $_ := set .Values.persistence "config-volume" (include "k8sgateway.configvolume" . | fromYaml) -}} +{{- $_ := set .Values.additionalContainers "k8sgateway" (include "k8sgateway.container" . | fromYaml) -}} +{{- end -}} + +{{/* Render the templates */}} +{{ include "tc.common.loader.apply" . }} diff --git a/enterprise/blocky/1.0.0/values.yaml b/enterprise/blocky/1.0.0/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/enterprise/blocky/item.yaml b/enterprise/blocky/item.yaml new file mode 100644 index 00000000000..cdf4faf49d4 --- /dev/null +++ b/enterprise/blocky/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/blocky.png +categories: +- network +