From 7513fcf82b0c3244de6b2408861927a24ab3b8d3 Mon Sep 17 00:00:00 2001 From: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Date: Fri, 20 Oct 2023 23:59:13 +0300 Subject: [PATCH] add `passbolt` to `community` train (#1650) * init commit * add `passbolt` to `community` train * roofs * mount var run * probes * try init user * fix app url * add metadata * remove init user * add questions and revert to user 33 * plump hostnet and add hostnet values for ci * fix perms and UI --- library/ix-dev/community/passbolt/Chart.lock | 6 + library/ix-dev/community/passbolt/Chart.yaml | 26 ++ library/ix-dev/community/passbolt/README.md | 22 ++ .../ix-dev/community/passbolt/app-readme.md | 22 ++ .../passbolt/charts/common-1.1.1.tgz | Bin 0 -> 61740 bytes .../community/passbolt/ci/basic-values.yaml | 15 + .../community/passbolt/ci/host-values.yaml | 15 + .../community/passbolt/ci/https-values.yaml | 102 ++++++ library/ix-dev/community/passbolt/item.yaml | 11 + .../ix-dev/community/passbolt/metadata.yaml | 8 + .../ix-dev/community/passbolt/questions.yaml | 340 ++++++++++++++++++ .../community/passbolt/templates/NOTES.txt | 1 + .../passbolt/templates/_configuration.tpl | 43 +++ .../community/passbolt/templates/_mariadb.tpl | 6 + .../passbolt/templates/_passbolt.tpl | 59 +++ .../passbolt/templates/_persistence.tpl | 104 ++++++ .../community/passbolt/templates/_portal.tpl | 29 ++ .../community/passbolt/templates/_service.tpl | 31 ++ .../community/passbolt/templates/common.yaml | 13 + .../community/passbolt/upgrade_info.json | 1 + .../community/passbolt/upgrade_strategy | 31 ++ library/ix-dev/community/passbolt/values.yaml | 45 +++ 22 files changed, 930 insertions(+) create mode 100644 library/ix-dev/community/passbolt/Chart.lock create mode 100644 library/ix-dev/community/passbolt/Chart.yaml create mode 100644 library/ix-dev/community/passbolt/README.md create mode 100644 library/ix-dev/community/passbolt/app-readme.md create mode 100644 library/ix-dev/community/passbolt/charts/common-1.1.1.tgz create mode 100644 library/ix-dev/community/passbolt/ci/basic-values.yaml create mode 100644 library/ix-dev/community/passbolt/ci/host-values.yaml create mode 100644 library/ix-dev/community/passbolt/ci/https-values.yaml create mode 100644 library/ix-dev/community/passbolt/item.yaml create mode 100644 library/ix-dev/community/passbolt/metadata.yaml create mode 100644 library/ix-dev/community/passbolt/questions.yaml create mode 100644 library/ix-dev/community/passbolt/templates/NOTES.txt create mode 100644 library/ix-dev/community/passbolt/templates/_configuration.tpl create mode 100644 library/ix-dev/community/passbolt/templates/_mariadb.tpl create mode 100644 library/ix-dev/community/passbolt/templates/_passbolt.tpl create mode 100644 library/ix-dev/community/passbolt/templates/_persistence.tpl create mode 100644 library/ix-dev/community/passbolt/templates/_portal.tpl create mode 100644 library/ix-dev/community/passbolt/templates/_service.tpl create mode 100644 library/ix-dev/community/passbolt/templates/common.yaml create mode 100644 library/ix-dev/community/passbolt/upgrade_info.json create mode 100755 library/ix-dev/community/passbolt/upgrade_strategy create mode 100644 library/ix-dev/community/passbolt/values.yaml diff --git a/library/ix-dev/community/passbolt/Chart.lock b/library/ix-dev/community/passbolt/Chart.lock new file mode 100644 index 0000000000..c1b3102799 --- /dev/null +++ b/library/ix-dev/community/passbolt/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../../../common + version: 1.1.1 +digest: sha256:a7dbe3e4d42dbcd4325776e5e01a1d630c7f185f79e7ebf22b1b9cc80f56eed7 +generated: "2023-10-18T15:31:40.718484458+03:00" diff --git a/library/ix-dev/community/passbolt/Chart.yaml b/library/ix-dev/community/passbolt/Chart.yaml new file mode 100644 index 0000000000..983529855a --- /dev/null +++ b/library/ix-dev/community/passbolt/Chart.yaml @@ -0,0 +1,26 @@ +name: passbolt +description: Passbolt is a security-first, open source password manager +annotations: + title: Passbolt +type: application +version: 1.0.0 +apiVersion: v2 +appVersion: 4.3.0 +kubeVersion: '>=1.16.0-0' +maintainers: + - name: truenas + url: https://www.truenas.com/ + email: dev@ixsystems.com +dependencies: + - name: common + repository: file://../../../common + version: 1.1.1 +home: https://www.passbolt.com +icon: https://media.sys.truenas.net/apps/passbolt/icons/icon.svg +sources: + - https://hub.docker.com/r/passbolt/passbolt + - https://github.com/truenas/charts/tree/master/community/passbolt + - https://www.passbolt.com +keywords: + - password + - manager diff --git a/library/ix-dev/community/passbolt/README.md b/library/ix-dev/community/passbolt/README.md new file mode 100644 index 0000000000..bb46687f66 --- /dev/null +++ b/library/ix-dev/community/passbolt/README.md @@ -0,0 +1,22 @@ +# Passbolt + +[Passbolt](https://www.passbolt.com) is a security-first, open source password manager + +> When application is installed, a container will be launched with **root** privileges. +> This is required in order to apply the correct permissions to the `Passbolt` directories. +> Afterward, the `Passbolt` container will run as a **non**-root user (`33`). +> Same applies to the `mariadb` container. This will run afterwards as a **non**-root user (`999`). +> On each upgrade, a container will be launched with **root** privileges in order to apply the correct +> permissions to the `mariadb` **backups** directory. Container that performs the backup will run as a **non**-root user (`999`) afterwards. +> Keep in mind the permissions on the backup directory will be changed to `999:999` on **every** update. +> But will only be changed once for the `Passbolt` and `mariadb` data directories. + +## Register admin user + +Connect to the container's shell and run the following command replacing the +values (`user@example.com`, `first_name`, `last_name`) with your own values. + +```shell +/usr/share/php/passbolt/bin/cake passbolt register_user -r admin \ + -u user@example.com -f first_name -l last_name +``` diff --git a/library/ix-dev/community/passbolt/app-readme.md b/library/ix-dev/community/passbolt/app-readme.md new file mode 100644 index 0000000000..bb46687f66 --- /dev/null +++ b/library/ix-dev/community/passbolt/app-readme.md @@ -0,0 +1,22 @@ +# Passbolt + +[Passbolt](https://www.passbolt.com) is a security-first, open source password manager + +> When application is installed, a container will be launched with **root** privileges. +> This is required in order to apply the correct permissions to the `Passbolt` directories. +> Afterward, the `Passbolt` container will run as a **non**-root user (`33`). +> Same applies to the `mariadb` container. This will run afterwards as a **non**-root user (`999`). +> On each upgrade, a container will be launched with **root** privileges in order to apply the correct +> permissions to the `mariadb` **backups** directory. Container that performs the backup will run as a **non**-root user (`999`) afterwards. +> Keep in mind the permissions on the backup directory will be changed to `999:999` on **every** update. +> But will only be changed once for the `Passbolt` and `mariadb` data directories. + +## Register admin user + +Connect to the container's shell and run the following command replacing the +values (`user@example.com`, `first_name`, `last_name`) with your own values. + +```shell +/usr/share/php/passbolt/bin/cake passbolt register_user -r admin \ + -u user@example.com -f first_name -l last_name +``` diff --git a/library/ix-dev/community/passbolt/charts/common-1.1.1.tgz b/library/ix-dev/community/passbolt/charts/common-1.1.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..183621438df8a0d98863ad44293a1703293fdba0 GIT binary patch literal 61740 zcmV*4Ky|+#iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvFciT9!Fb>b({uFpP&K;{COP2Q;Kb_py?W8lglf}n&y5D;< zxj8TiNf=WELqKvoiNE{rU?Tw#T(nqOT0Eya76}vzg{2l0szNdzlVs;?1T)sVgX8#5 z%YXX)e*fs;K>XY9_uYT{2mSt^b`K7B4-SqF_ICIG)Zg7ZI6VFn=sy51rDsAJ%>LA0 zxGlGH-^l}$gfPf3N$AN201UGjoq#hjE5J*9ox$u5h}p3LQ~VpsC??4XnC@-BG%bGa zZbXQN8BUq_eF|b#HRM&nfMfvw|G}HV0EZaH;0!Vtli|h~;)Fq*pp2eubO9Pe9G`#) zP5*!R6TPDhjcG3=;|%~3I7TOcWfPP@x&go>i%-Cav6PQR{yS;|ZbJ$L;d?;oz$|0& z2u8nWn4vdG$ZJqWGB`wMF{Jba1VN599wRbgs$PtzC_z;H0stqNVHiI}F}%A(AxR>7 z0(SfAYl<>VqVjttVdftW)%yX&@gzf6qYTjziKF5RoroS7Uv|Zp48aJ08wl-*FMN%$ zNjeughZWfDRbq40uc1%H{KR88L>#{irG#QevO6{23=Z|kPvZET#5lY=0WSux2|Lda zMG4#3xQ2A}!UutW$YC7x4tjh0^^j6R*)T)Y3r&B_A?_ab_Uhq{VTNIJ?FFa470~*< zqu%a8J-`e_*pJ;cW(geQ9Z@0&dfe;xc6aMx`iF#~aFStmcSaJ1J~7^0NR+rBXVUrG z7f(;X;n82kueYyGFaL1@f_`7n1b}RkoYL1Mxgdl|*`av-mZGevDqcO$$Rsu1AsD?$ z;yYgZR~#cLj~H-Z9FyDg3{P>4hUgg$VGO1CqxT!WS*XvE`Ie$EB;)ivBLf^Gy(*-f zaxqExOjrA)_!PnvUgH=ujPex?qv!;@d#`>)8OawH-^NZ~zT^Zak$gFD`=(x;jbJiF zdQ9F3LcPLt3|Tmmh)&WpMq`vP7>gP-ZkBdcO?Q$q6{< z_xoel8ffzv3ld|MuePi_;Hhr{|Y?|Aui~g-uGLH)$^D zq6A*Y=u$G4mpHkh#Q=>6Wv>ytCD~2!GDBh$)5JQBZ{Z!Ewre9r!c& z9mOFTBfto_$|mUb=_R;4JAL^~e7+jNWr=4=0q7@d*e%e+G>FHyp=cv-g{jT*3W4?{;2-{}>R$Oyr)Da3ZEMhcDh) zZv<9sgeib&3PPBGYXk;ll0*QqN>zhXrl%VCWik{SVx|W4#X$BJa}eNqG6XouTi6C^ zj37mTZvg-%08=_aW>bX<1Q{P*43l1h^mfT5kbjc|feA$sKvR_6-HuR(IP4gQe0FbK z{m%(_dv#`wBA?YUfswg1^gAKcnT3_$W$()3RjH^Uidn0!c&$XnKLa{~84_F5pMhS9 zdVd6e23K#MzBvKU#A|SU2O_x@{--L>TtSb&6m$I?ve60Hk>GV{m<L4UFf79hVT?+nB;k5LmHH-%8RReO8ZZ6r zK0kk3lzx8xR>Ky{XM-~Z7>k-;TjRGMW&dGloW^{HLPF zdi&4r!QTF%WB)lmI^J8`e^&8){=D-OxIk=@B@{rd5^~i6++sEos(PVziS1>8KXIuo z<-#MSe41=PA>pJM>Q2&O1|tOiMXtFNcn!mwNeb8qfe12q%>|yHcJA*tM7w7&j-^1P z=ikZ3=g$BqVLXWt2=J%gbhjs`Xb+}oPoWoptq6w<1YCp;K#;!<uw*h8LXJLGizm=l1fuV-2@H-ok+vF9AZ0h|!LTrRGj%UaV7(&DDqV)62`>-&{Nm?7q5I|GJq03Qg$~3T^6=@faqN+tn_hqtdHxSb7yq z5{6?vtGX~6<3vzMbo%}tq?~>H$A8q6pbWAJ{eK`LfW`==V2}Tupum|@_z%-t=e*(v z?JJk<&Yb;@ua|21%iy!Q4EFZL(}3?kAb76+>VPjG!3md9z>yG~gtYgID3nAw z8c5^BKkfXa?R#8exj}cFCntn)37GO;;{@0^Y%BXUOenZTf`gF>qc}oJlixbe$Thr< z@4(rMjw~G`2261}nSl=yF2;7rAy0eFa{@2*u+b z9qo(=xd~28vA_JidyDXJ#DWtL>;|6C5sDE*-Bg&+gA*WLigPTZ}eEoK~h*Ytc9|Gw|%MW|vFi1DGOd-LuEjwGXvmJNU z5rTev`?5!}2sS@!G2-uUF0bwbQ^GJlS~7+x6_O-DA?vCm@5hH?t9QB?5$6Q}C>#+G z{0=eWoPjH4S|Q`AI1=N2*8`WF74Q;!oQNceXix&B*ah9Nn@rHxri5f^i_-$~HM1x! zHp(rYWeAEUl_E<9py=S!)2q{8PA{L`=hl$GhM`FrO~$FWUL{5USwcI1>=9{0_!?kO z#L6=C$@}{q527D7w<5?8_`i?-yZdO|eH49o^!M(gSKUXKogV!d*R}BFiz4N(5XUGI z<^fJrZ5s%DWLLt)04JD^Q1q|@4hT4d3_!pe2tY6$`nc_Dp}sTx3FYz zyRBc)OE9SMWl~{O6A0B?*4i7#+}@R}W1_&4O=PVtIFbr8SaB3>TAOmB>n?AjwLPb; zIfGBbjV5`;VxnI5S9vGxfF=d-e6!+$6vD;m9B0X*&Ni7~mdAOi#Z2~q2eWdVt!Qo=es`m2(##9yX_B?S!r#u6|Du7xX^ zAx)?^oekk2`u4?BdBy~jA+q|x$i{PC;(1+(X8FPDlOYWVjJf*wnAbM@LpK_247m>Mms z1EP*?sY?h0TjL33e}`0|FCla+Q{4dK7;L2(PS^kh=f?2l(mm*ccf96%z`=12L=qt@ zzI#O92Vm=81ScTa27zv%<1zFVh;7~ABzi&lNKIjkqd*R(2d!#!c!l>M6!tTYknoWT zJk8d%YR!R}nzw2$jK}jAPiJcV`HQCuxA}I)Hs7{rQ(B|l)mA55^U`Ad3OJ68ojd-w z5|VfOWhwb^cTY&kUPGc`LhKhWly>v9tUDB8|1RB)*je6$)W!$yqKzC^F1K& z&H;BBNcsxzOFRJbt?(t`Ee`P%B{pTtw1p*t<*>^n(;YLX8_ZB6-DK~$=s-)9E77j1 zktPCKjo2giON+=OTMTzt2FBW>dN6F4!{lmzkB`TU046#UElv+&EuRx=;8iW9e_1{ z?qNmo-ae?%?<;(O_2;EI0h{#mdI9SK3!HJ}Z9KdmutT5rj=%+ue9F=DdLo8vH2Uz}9{LywKVmxPY)!ci?ZzXEz;wz*HXLci)1|&*yJ0 zuby8#yZrF>^4Y~b=#D_{ocujG=Ps>V-;x*Z5<0aqciXjN?P?rr_1^sl^QiZrXZhhW)A1+FQ!|jSvwtm5DuB$ZgkBl@YuxY;^jT) zc108qpJ${AzR4-F+4Hg7r|-`3vBKieVa(Z}!_>kmiU1OxqZd*UxwR zG}-?}Fu#SOe>D349UdRu9~F8cGZX5yV|ob0r-KdP-P#-Iy9uzB(9 z>5EGvB1Ja^o1fLoHy2kQUcY_y%d?AKJufR$Q${7oV5PkXtCwM%P<&*BMl2!4X%f zH(Q+OdsUiCliSvqjnz2HS0mS!gC#9bOPy|kp6|Mx%#Xd4QNYy?o~6Tp%Na zov}{=*aQK&{uc__Q^;TdHj5u}?^gv+z!l$z36Xm<`o#2(EwTyqHi~*Dd1@eDB{4Sl zVgegkOn4#rx3`#;--MSnUU(~TtyY%ge|d^Du#OVN%&Sz28iIl7zYS(l5J8kMe%{}2 zbh}+UU(@c!4dy$k9O_pv-54VVBa4K5|1QAvl6(^v?J2r(#x$N#_6lV~1h&iyszkx( z`0#hYmVdUy_`0WY=)pLCDQX8rzrTn`$Nvq-v2|HX7$(}l%uo`c%rgsh13|2tlz()< z7r-(+?#N!NNs}L*^o(PT15k03Y15oCHMBB|%}FpLSpG_>2Ca6DUk?3B$J-4=yuaVj z^O3(|X$-b>n16$Ek=QPb{%UZ0Aon5wS0iB>8IOh202P6-IjetWI$0%6!EMW;P zv89wmD{6@<6O?YQX^gL=KT=AfK);fvMRP>xh-Atv=2wjbX%yV%kjMQ-Aka}rrt%(as|9KNZ8Ufot-JYQ+k*H3Bl zH}PsWnT^*pKc6j%wBQe7ADC-2d5=sa`>x~S*Ot^D=Bd*EqWrvkaTTyh|2sO|clE#H z-L?PEN*v3D5F5?I-N9vB5rO%di*;VPWtI=UsqrZOBy6ejIR##_r zm-SzPgPp6Yel0b1|4;c6rVJ(QHxf_A=;7l3_YaSD%klqr*ZKce@(7N8?hN)aSbjSF zx}5#|w|e$1zqjGhvSgZ(Ddt=aWwNC40x$w56y=e5TzZPDq8Xm*s`78QR!Fh9FwY=P ztdRKfmBK|O2@%mi9u@&RetPf^xkxRxob`0h0DSlpiM6{Ay1f>(J# z*qtTo(}X|NX#yTtGdG`EA2^Z}F&pvVpLxt_9q2;^oc?DJfZzt9v^wcy70h(nyO~_0 zEI|xWt~C@pZPdNKvlq9y3xBt=DNJFA*`10<#z+Q-YMJQ;EvmXQ*@d|q>DXE31|_}O zBs{^=U)Qf+7>0<_S0qA>F@rf3(`nc^ngAF7Vg@51g55^kPgV z344>uIV1|1Z;I|@BE|0}NktNpN(hC;Hg79sJ(-?Ned=;T>ZG)f=;KG60({>UMQ_ku z-v5q#Uojy^C{9t<8^as)B4KZ`*My{j(O$=ZV__vi=bOlQ8+Ym$2M^^XS<1?aK7xRb zue<5An@&S}>4~JMCamh2qUK>nOF`rmHaC7eWn5wm^}bXw?wXRVY$ga0eM6J*snJX|Hv%K4D>zh(}fLNV=#Yc3&iKdyM zj}t_Tc$(F!qj$q8xRWeoax0}x^c*$9qa-v7{f+{>7s4x&Y7^ z|EquK`u`v7ug`y0^2ngkznq>eL)_<+=IhG)V%pXU{JKONiC>ou;|XOb`yEHf5XMyj zfT=D3ZgGSF$v{FFua`|?q@asGUAS~2x}?Q&^~)~RN*b4he<&{wfe4(i5y|ks1%-My zf2Ec`2WJ=hDCA5M3=eh z$8t2lrt_bEDgWP5e|LTUvyw-sdMcyL5;Q3T*SS0rN2k zY_A;_TloWxBl>a+BKy$!B#tkQ&bMkMBH<0nq#O6YsJ_c!H(BciU_-Ac+UBH1qP`(# zNRbLj0G?g$T??gaq4Z&eQv1x5)9vq&mKVTQj45;WfYN&Hbj<7>Gwdevett}QVa7@; zLJ-I(UPyA+M+Ybgi`qBn&R;vt@Dwt1gYNv5=h>S?#h$zIc-yaS)b_kmzFd@LI2k^* zC^>H?6fk=(lyA;IY5hFxQ!W1seQy={UyeNa-*%7J_kUONDEVIu_Hq;e0cv$|pj3lG z-rfdm1R1!+aa<7)O7~PkX)TefJ}uqfiB3Z;ke3)wA*M7s7byg!Uv1BFCAqipM5B9MLWzYXrotmg z4OdE{Z7?92*dBy|@x}QzphPb`3T{cl0L$(QS4KX{T$@Qr#;69wo3Q(g2Y^olm_#L? zJp-SP^UE$T4|J!11|zjzgN~}KUz8&WnXCJ;$oK2C(C!+*hC4+BKupzU zS)LdG(pwbA<{IW*HPNwk?;7&gUKldhC=+3$a#$Si8YNv!+V4smuZ>sqfN{8Twl`-i zuC?{x2eux#A^j?p=Za0W#%WOL9UQnm(c-lq@WxOX>(?YgVyB%4=_IfGP}hdqO%jci z;64i=qb7&|({^gOG4$)n_W%I{b7`kGUjD(_%F&?ztMlH)%m9t?zYbjg&*Q`XI{)iR z9!vjMqrF5sK()WXN)H6Bx!iCt=$37FKxo&R#jKE%=%L&GDTU2BLuK8PoyXVDT%-}q?m4l7_q-lFoIc>lamo;xf;gg z8piRR+|=NN5pmn!UJ+O11|{m|mWP;=FZk5kN(>;2ay`1Z6#QF3lnffI!}N3&5uQ0|Ynd zE&!W1=&mE(D(5>jkiQ$UM-=#PC_+^5^M?K!%wajF29gxKg!%PKCCf@UZ zO=!_1MSSQvuNvC6HQf(IZ^!VhE1Ej;0OA;I>7XcQnjoOdXBW;$A`YQ{Q%4fu-6Q%Q z;6(n*GAxH6-{$!scivI+gu(U#Cc_1ffgAS!{iFSo{&%pB|FN1!-v2{vk|h+pB)5n%arW?cJRI@A<=F+K z6b}=*I>nJ)a#!q*0Ouz~^D+$c?2e*vl3{jtCO7h)IS*&nBOjDMoRg@DGqms6QkjH2 zAQF(pzAlM2!oyJj`XGqOZ2mIf?iB+J76njs>`|+0lTAK z<|Wl@x348Rsn}@bwo=pUnGxn2RtIbiTVTwK&VjPr5@*HPo#%}+-zRDoSbPDD2+x+U za2io7{~10s4;cS@fB(27{~aH#{r^_-SoZ&}@LJNNF5H)vAkZzz8A~qfIzi1g#S`o$2-HuYaM5or5}U&6ux!i31v?aO3z4or>p>u+^6$7 zfnKM?&eg8%y21G@0*@%@788sMD$)c%1rQ~~1UU_Qokm&0ZoI;wY8E6EgtkZs_b41A zaEriALT=?0%%#9VM#jJ%25qV4ya+RZKBX}ZF^lg6#LL{X4umiP85*EWxJQbm7vT(r zEWX?3s))!;FWS3CBRIumlJThx^A*71@i{>z%)ud-7q=j#lQE(om{6oe#-QUkCz`xd z4|9-rG5|f-v%)5j6jvP#OgFMy1SB5j0_G(q6emNeT`DOx*D`bHr!gfQeuAWi778{# zAQ>1>VusULSH?(Qe%J<>(?2&JkpyWc#eAAi^Q^2kDRPg$D0ldae0ow2sN~tlYj~!q z{k=veuUxkR6}N)e-I+5fsXfQ|$cx!U60c6xdKzf5RO$)y2}`+!0!(F_I00N<5{n?s z5buk;kZJfhn>gkI)*s#5qx@9Me^xx|g$#gA=RbS>16Te#>hG=Pzg0X{Cs4X z6l(sBGQu~oNgN3#eJxIBrYK`5QZ*S7Ix-wWoB&AWjwY^xaD_YtF@h0iCL9#a+j~73 zU!#l`&^VlDKp$L#>pR&84oGLwjBnu`)%H)ZwFW2<(j*KS%6goK-*T3sSUS+q0UHr2 zvccF6(lF7T$nRka2lqDvMdpsahKUmvi2olQ1Rzkv3p(0ISSZk2BS_CPG{B!g&=0_t z8Y#XBUJBDhrzo#FK}8SBCBYXElUtOD3YPS!OBQB{lC{bxS3YoAZ^PflQ`-Mye7$4b zxfON*sY}ew0h;{(jt<=XpZ)&c@p}JX#gpGvIy3HB3ypLE&EJ?mJvDviR`{23f}=|o zXtg-D@pfWXUB1d5kn8#=V=tZxGjzV^nhHFQI+hf>?1D@%PDd-E0uU zp_npKCdkl~+@L4`0s55U3`If59aL%35v_~ba}kP<G^T}*#_}Mxxqm2ZVc1++rrUcNSN}s%hlCp9IWoH)xfX( z`1gM>whbGWohv&_cTsTAQ3_*j92`CD3Jv^Ls&NxqdmG zQ+Z_&Kq}o`ukQ*Ai@XgtrQJo5pkpYa5e=7H>=wrnWIzsJ^kUJweyc zgFgQKU&N^!!*m(ezZUktgFV;&w|BI@|Fx1w>wj{*mu3Ca@D{QC)rRRPT4))e!>Ztq z(r*-LV^Z|?aR~;+s5nBjOp2ntS1_$GDDr9zCdGP_VU!O-g`LocfNVCm4e}AjB!StT zX&{_d7zjm+YqQ{2eX90=|9;<%|9rgLU*G>&$zvJH_+SHZ_`2BU zuc9DuaNpLA-PREud>vWVHIKS8Z`o3SKCuj*^1tmJSqAZOqBMBVyFK?2dm=cLC$sYx z@Nq&I0=9#;3XqsXiA5~XUdgvx^#f)@=?rQ%BHmWFGplp>+J$iGPt*R-zr$pq>whi$ zzg_#!@!{b*|MN;7YyVe+y+jtEApQ_sAn(hP8G-NWxS7^b4T`m|dcOO&*_y4~2c%oR z>ePTrH6K~;+~2{|wEv@Iy6_1=!~TDCyx({2|HlUh>-~QfkG20lOQy@&_E9qZA+~(c zj|YL4hnZ zaUvRXQMHhL%!kNxMYqJRr@o828irul(_$FfU5*tm1PDR<+L_>7(#tPrmD#Z)38=9$ z8v8XP;}dh(GBlv3Q?|AO{sY}zpn*se5oU1h!(7fUV6b_yTUw z9qn|$ZbvyZ=GWiyuiy(9;Eb}4M5R+6teTjExtS6r(-sJfZyxlgZ z;p0~I>gjC4^R|Z>8q0WFMK(_Dz@sOwzHaKa;as2bMJSOCRK$J~6(3u7L<(oAQgJuYfi56GJy>*}Ta7fro9}nIiech*GZ1R3DX^_-1-*TMcYNE6I z-B648a9%V@TTvm&DUZ$>?XfmDFIY&y^ffH~;>6`UVkDRKM{syWh|FmjiW_oKZ`tm8Ysns`mvX!ee%!Q)D( z2ph)7-$vFr7t**Mv@+#=xVy*i~xP;0pDo zjf!F`HuW_sJ5;OC7(I4^Fj^&wGz~%E*WI{O%_oAh?7b?CYR|9y6y9j&P*f;G3a`h8 zOP3EnGee?4ve=B~!BEzo3B5~E#fw{$uAp$4TUpSGfRR|D*dTORh$1UVW3S3ePmL+q zuZw*Rd$1iclj|tn9v24V))oVE$5^f=R5cWa3Lp+I#iZ7TE;s+#Yp;Iv1Nx@4kpEv| zx>y3pCjXD}`QP#3@!J1yB~MBIf4MZ@4>fgu6!~BFhqnI=@Fx^KTg(ZhVgEng+b#M39q+E=Kdj`j_Wxh`U@y-L zM9-Zcf&&ztSt<+I`3am(364O5V~`S@FqFBG{H#ED=Ej)gLN#_2>v z#+xu4V|EvSV3@&lghLvDV2UF|d{)B{reahL(s)FS+z~^R7Z}WA3G@>yH?Uo|cEFGb z@PB3rw@6W_lC6mo(Tt2mbiF$5GGFg*wzd$);UpHZ2xpIEYUR${6jb3D#f5+;K3x5e zD+T5Ry!szAA(gWvul~n`^7hr~t0@Hf&eka!uj^68Y}@$>@YJ{|({3@q6sNpLa*kV=t? zFDfyku}np?)dwU4LlGD#>uig684}YFpk(R_C1OpI%vfZ_ZrjTy$titHQ6?5xbrCVU zd6^E_8X{H5zc5?Th*woJPC}U-#M{ef7atafvM>a`F=!Ca=L7Nl;?3Lh4~v8GLa3Nz zgs@*P`IO2KjD%nBn+p&TB*SB=xhFCp0eV!(;*^U6Dt!`UU_dnpAyC;fk7V{lQVm`3 zrg4nu9c5@-o@=j3!i&s7fXkx~7tc_7W^d!_g<$NOvl zpOrkNK$&8|jX)mDF$G!E=!dWeIXzmoUyuO*M*7_6=9)sURZ*Z%9)m!XG!ZCefwWMy z`Cks{v3r@b&dgGgTB3kvwUKw_u`lgGsg_qnZewiFn&l&EAJOXo)Qy&-9MfKgQbI8! zMh3pwJ!%Sk40uoG#E8M+a!_G#I2#UIrLz(fso4!^4lZh8O5m;usF)jh{2;6GStyuJ z;`p4zIJ~PemgW;RD9Q#PcrkcQ*m;I1N?1*RrOlLAz{oV!*;Rv6kvWX(a%hUOz|n_o zyPFU1yorUVUI2X3Y=kpLz%a)Zc=+(Fvt{Nq{+daz*H8X5$$v2(pztn?(Zl8c+V3A9 zyYk=e?)v`sN*+u8%LjWoLSGKDEGNpR}f?_py)Lm2~2=boWP2~z* zIZ|pFde`54J>)Q+BcJo!gLTrqsZf=%Y%Q$)Ku?qWmy(Pv8UVB@{?EZ~DgXEW-a7yH zN*+u86NA0P=x+kv41J6lh*R`)+?ffKi-J~Rv z=hCW622@M7s0D2byqrEGl2u+BGwD}x8_graAveZ?rc6Q#ieQ>wBjN&=>ROuNac*9B zdgdU0u8J-X?dtpF1r8=?TT)QdHdW-@mVX)()*cnPtGH-w=8MZeZ%ZU?n7lUX8Xar) znzU;*fh%Cv&0uR5=UuFx%g%hRZpEAvv|=XL(6%BZhi8IR&h3`-+v>D;mRHSm?=)X- zpPXxW-lE3js2D-TPxxT@Ctw*@&)UrkopU&R-IPXOd@+3Ji~^$ZGF0E)2D>32xtt=8 z!Irr0V81Qy*p-{Dy5+~h^gJVsgd{fY6)a4v%oSGkRMpj&inlBZ=#SM-h65PK*D$0X_=O=JA$%G#p$Kf?%w$XiTPvFZ^*2Tq4GFI|3N` zl*Ty3EEc}YyyM^&$FWsQ^yVs$TSyr%U_>v>fnl@7Xj|mlM4#X|jnOurd3R(YJ<1`t zIy)DrzkPZxw;VBye0QRJzKB=JWPFXXo{FS6%I!S-Pu(UJ=n4$4k#4yMuDEE=_wWf4 zZtUb%1XL76qF@Bm6eZ$lZtD^ua5K3^S%SExSp50t-TvXxZokt5r!ghGV@P(Fx-`^; zgW@Di44Ro->b4hAS>0zYGHw*jPiF-1?AywK{KNSi2}#YQMjsg(NjaRIj@lvp!{ zt22{~^DHtLC|%%d>tbKyY1IEEQ~qs{G*Aut|K9%ok#qjDdvv(=|5?dn=Kn<*1;0Rw z!{w!c((1E2i{`mRAy~jnN_)B0)*5<)mY=)4CYWIua01JID&Jc|50L)u2zy|?17)bbt+d5F3o?sW~;{<0Sqi~EM zWdh?8LAK>k+_|&D7$kGpWh|)zRgbTVMXFP?aot2gHl6jjj&79#JVgnj zGynl-QCR&glF3g}+YLkjxN>|!EUSt(wG6W~4AjYc$LA(#+2O=2sNc1HP7tzUT@p$= ze7Q-0t}SQ?#|S6SnMTZ)?yQYVgxboKd$1MX*MeAMjIizB8vAYacS-Cj2w8oT}KKk)`jo*tYi}` zN;`0rxlCZ?^$ju_s_>t$v48nzf&gYL?76&u)Lh`8W}gtM+2Tiy(@!yZ@9zckaNK`< zo%8z2tkzjZ(x>o~Q5*aWoiQ0?G zPr%QGung51Q|W>bM>9vEwG8bXuBtg&)`48Tryzw67oiE(bH}Lzb{FZo3r-Va7m!2- z2Np$xM$y@lnmn^kp5Er&@RZ;c-HGYcazFDbZV#L)?q^=bp4d(W`y(%IO?#)b^$n~q zd3~Etll`v(7X_5 zi%$_s&q!LjVqYLpBX-$kayg@T?H8$v?{&a@tbC>zUQ^E*a6#Du3nf@)=;H)YMo%^X z2-C@lirlWD>Ce3|ok-WDF&dNXuCko`49o*8qgaf`mNYQbfWo=6%*6epPrw;t+^2q!Wi*k z_oz!nP2NYJLeO}wp}}(i{)p*@d7M^zv#TYVQDitz4{}Yo*LI=uG==)_dRWWTj+1A8 zsaR!g%m8A_IeUXMwK+&Wlg$>rYoN%aW3TnRF&#;!lmT4CsAS|)_{@tpf!8H{wjJXM z_*uAxRnKxcTb`1H0TmRPh9eYBVg&k}lToib(vT_R$Fu|b`Y=XZzn1AH7f&r|%tdEY ztr-PRP}LS*-I6^kFFiy-A#yST#*l?006_{FL)ntt5$BOcXW-y@Embn_k6gBMa_Fhw zjnUE_JmNa1)cM;JAP(A2c6Kr}M4xv1qPd-H=jp-U$>hb(ZsF9m^AmXW>{Vrj*RRii z+k0wO5J(J>5Ca4ao!dJA1R<9$g8$v>|MQ={ce~xcz5gQq|E}Nt+xwq7Tl_8m^UL@@ zJDWkdx)e`21f$y4yJzQD&tLuHJ^s%xNWA*Lo&Vgl9VAeek?a*6R-lMt)0XyGD@|=AZ4H?_BLX z-+8t358c*t4%sP%ch2$772bJ{cV6M0f8e|<=7nvPaRRRI_!3fO`g;ew(6dh|Nw^%X zUhf~EqmJzcl20Son?#aE^`YYt%tFY}kYr{)daZ29@^VW3j)Vgwj41&yia;P0m;gwR z%mKJX;1(uK%C*uhQF!jVQc>X#;- z^A6PXV$%(_v1oUk9+ewt!3*kKdEAlD$G77*LY$ei#-&5a8^=`A^P0{PYTHq85cy5# z3bL^{t0Ytzqu+GeAa%|quHZ;sF1eQ$@NExq2V8!%bHVr0SE8cEiEpk75kp3?+VA-D z4z@Y*aOa7eu$6PR0f}RB%bOjLYz!Io2a6MDK{6tW%wMYaUxmGcvq!$FyF6BYGs8jk z*EY0%qfe9l-%Zmn&nZBI{eSnM6#sX3e{KI?&0|^4iv8hI4Li{JQn1n%!QAZL5$8J^-84bd~M*9#S_1fr^-I3?Gwqf)ivlQ^(PVMxa5 zc}4~}7QU36ZI&w8#iVPhd7vQ!qtq4;UXl>TBSKjqtH%1bZoHwh|`Y?%nlQi0mp9UEa*U(Q&Z)6^bZ z*Y{Fm@Mem#3`fdEFfa2L>TA9f)YNIi);tYd{pa6CfnE)fird6ggeJH}V2p<&#tTkT ziIfO&ptLw26_DrVuB|>7+#nEX{=6I|0D;Li)jgpy`*Kz9sjcZ6-SsNmR_J$i zm1F8^ZEaOdck~Ol!gn0BqezO~fO9ERtCZ;HK95sJ>7CPFp`{8C9wX(+99W`H@HPoaBB9ns z<8KhB@^)tr%-^o-?Jw{sG#W6jPnn*Z-~9=iVD2ggTi`|m0qJO5iT*vl~;7yy3=V}aG5C7TB}P3miZ1rUr8rErMOAsYoC z2#OavJ(YbbUs8%qs9o2gxMx6j9lwgaSSAP?pDp{+djo&An=DdsSy%Vv>j3RQ62Ftj ze%Pg=cD^mH{RSZTRoz~^A}`61zDb^C8OZ{dy_PTFS7zCoMd&eiOslW6%JM~yt<*}Z z<)v@CK~r-^_q1ZPe4Nt+w`QF`&eO#IrzD{xX?e*YQIRZc{M*!&na|Cu^)-dZ{2wLhlu6Ue zKN}IqgOZrxg-j>c)o|6v*`ex#06*9~BYy!`DBP_;%f4nLg+ndQS5l-X<>`VoTL!>@ zQJvXAn<2^#`qDe(@%xR7CZ};MBlxRZa1`+UEF}@$F>br?CS`TEZXP0h3~vyiD4|G% z?4E}H3;^QtMj2ffY}xo5npnK5}x{|NduzJO(A3K>XNkN zr0`wEv9huFCX&#!+>-*E4i%Cj33|jT>{Z z)ZZW5aw$KgVPfJOdZ#iERP%nlUcf(yO5MHDfh_9dz4p6 z^5jSPTy{zni&qrWZ8)WJHOC@>w2PNEB~eEGaMK?7cW(z!X&M?mDBjkC{`?ig*EiVz zL};^ao=3Q=LS^oJK%Y?9)*je!{kyR^g ze??r?P5H++YYen|xGZa+DkS?Z3aCFl9!iD?%Q1wGbUE9dQLcRctiU`Gfev}c-V0AE zV=%g|+dnTQLNv*$g_nGrS)wW}CsxqG`b=t;XWspPn5E0x{}1=w{r{-H&i}EJ$J+n- zpgzd{Ul-o|2Vw$d2=#|&0##hV$_zUv3*a#1{?Gf=u>V^Q*gBW3521o{m2%XUkd|*` zS_S#{W|@MD`*0jN%SrQOsi{h8y5QVl9*k?$xlE>} zeYilkBE^s27vE>%O)aBtTYo}180{>(e7Jt*lzY;8xXKQrW~L)^R2uq!f4`xo|49|- z5urw^alxq_kS;_YPX{2)ZG&lH#1lxWYwHqWD-XIKA;!|bBN(BKD!hsprJLR=%W8fb z(6Q&`XAL?WP}y^|apB2ef%zyZOswdE7I6SDO{s+il|KSjPGd8+p}dKh)7%Xf`0W@c z*Uy7L^U8m@M%O|DY}EgcUHk9B(e7IQTghYJ|ImZFHUi8q0~+1@u`B^BT$&X4P=O(b8y<;t@izDyf-a0L!YhdQ+xQ?ZTfwgJvNC1O1cCmC;_Bx-xF-{0$d zFspmN#~aP@N!{{Zz^^RdsnaJt!&>ckYB-&GujA)F9?iH^Ys9WHXdveHq5*q@O<92I zvQK-Ez$qLr(l)O@N0VhGdyaMmkh;c2&{fk#D;kMp;FLjz!}@?HUW6sU1*Tkq_H1_{ zRl8oS>Svuu8sYeQi>i_cFV4@5Jt6UQT$Z~a6UH&vN>BxDT&lJoR&z-GSUnNl__>77 z6L331iA7c{uPMBf#opIXP4uy$Gp?_mcP>{@(&K_Q!Smdgd{@pRt)28k$3TSL}CP}1Ynmlqj$oIJcBFz!cQJiebvHXk(_$H z3FUlZjEs@-7fd0gwfC*@ zp8$;^j&)`6!-UT18A!6$8ODkWFV0X407kA<^))C8cFbw80l*bslXOHTaRf3%Co$vf znUXPLBb*FDjBk)wxaurR^-eW(lD_~T$lI`91B0$7AlS@*Y@0=LvhpJN537iz9RDu= zvOWsJoq%8~hkufT>40lU(a}MXTt|x(_Z# z&b0kZD~yeiOes-`x;I8@Ar%eT$R!%KCb-aHJ+#h7uOvDWfXiRYcmsC;}YCY+EdDgmPV|{*F@K zrp$t1H7ne|zI#!zdHuf>EO+kUuPx-iy(4G+?;al=tk?fa9{wCknqdkTR9HOXu zeP=gziLxmUb)`9pnn_^(Zp^gX>f!FKU3VVtY1scu?ho@wgN^<_{eJ2G=ib`?b0v>T zC+0Z^tQQJX5?!V!TnbkxO|o+mS)!K5UDS*QCcFmC;9$j(0l?B3sPfRjur=_q%DqTA z65(VhBUljL|a}dqY#L z3$h5HjF2UaD7>Xo8tmv0K-As%;&G4E`Q4uW72#?mTi}eA~7DKryIftmtsbqg-DXd%Fz(k{j!6~2VIJ^<<#gH|PIW{@33> zD4+lB9jxX5RXq0nuMq-r#H~$Z265M8CpAx(nsotr56dg^L(BTAIJj)EXMF3d-3VuR zTCM*DO~8%of6w**>+kQa&;M8QRIPt?&_46hH*K^_S@p5D0@@2+zFx2OMW2TCpIX+6 z2Ri@Vch7(J`o{-r|KF87EzW({KOKyH2M9URB%943QFbQ-54_~y^;{H!5{@?EL z-dg`(&7Bj^-_+8)Xl^g`Fn;FJc>~AGH=H@2N7RS?S|YVK6%t(;b*(ZZiCIKdum~ZC%EC?D{j0N z2VOTOs(S1;Z@~S19(8PUT6EWmGG>_WjSkzUd*j3A&GK%Tnp7%}(F2m|)R~M6(94_x zWulp1mr1!b=l#*12L7+}Z!M$*H1Pl3y*)Snd;fSH|9v%&SN<14(MXbKUt5kKV9%wx zY!4}k3csG*rAPg(U3vmq`2Q5XIXxLAC_&(kOf-*IC)3)5cuTUIn82C*cwFRL@N>(n z=jtv+hF8y35&y*~lzS5xKlQd-IA@5ul6w?aca?LgT|`Ddvw?jsqNOd#q16oD+Thok z`(OARL)VPuD?APR|6&(E)zh^9A0E2#-}}4$wg2Zz9+jU|j`xzTf99KJ`+J|BFrTwr z1P%2C*0xtbtqT6jpGJ{cl*YO4dxC}lpP&7);}j9L>aT1n<+|?Hrjrs-)@XB4Q={y= zu<5kxzisMv$sDVOewnKM44pHoE!smL2H%;!s;T5$Dz^K}!+I^NMKiQc60;J>b; zPD1Ab%krgymJn+kUf)bnmf=WcQ%_0s7uv3GPA2&jg>!dmMo={_?*-Veb*@#t{}++X z7d!oF-2adIyYBh#(ed8e{ne#;u#r> zuv1%YGAW3f`YzEt=~7K0b(5iNtV5U1jEYftK17@};KrU>q_GkG72lm0bvX@t8A=Jo zjAVDlO9qDqfb&TlpOYAeDpPn~EX_a2(v01ekYVf&eBo0CPGY8*t|&}dgp*Qn@z!4< zKXYnD-^Fv{c4V`qjJ!QFS#J4q#;l0KY*=f{ZHFa?G7pO8B<_t7rF^{eoKVKcSH(9o z8T%|?&6!dLTuiWf(5;A?C)`<_vN@;+n*k}w*b=6I0P|o-PDwl&BcabOj;aA{R*YK_ zG$Yq&5sDg!?9D~33{f)4!iA7fw8}xXB9z=(Q8>vkyE~Jd|6~TzIaQaGQoO*C3q&IL ztM-){kPJ{pL}oRVO#eawB>>B)L)TndLE#OGM6qa+A_{)mF?nzi4AiuRqGbAXlA^#H z7`4>^qGbAOM#hT|p90i=@K7?HE&KZbe?rl-WV)=evLd;)Bh^=I`X#1Io2Bl&nk3aT zYwbt5e*V->|G!M(?LuaNCjZal!_xh)z2mk1zmiACf0aYMkfVpCHmgbV{p0Jp#DO5_LoMYO#rVJ)=?6{|t95_X6-4eA+-jcFqGfsY2*dSzdd5e~y z!mZNmMoO4OEpiShMDi~KXr=)3hG1Fry z%fFPnqvC9XFH=X}-$mXNZ6V-Q^Z#h>`=0L8!2b^q`fmKs!^8bG|6j>t+5exuz68q51(QgHgN!aYpTQ!P5E2oBd_RV_t9EE8`qCN~jug z>%dbXSzLUmyg^Y5T1_DfwCY<8=+@`FrA#q;r(U>MewcH2=h>%J#+?)Gn|Vlbl(tlY zWAW3@e`G{^8WGA~%a}_5Q=sH574d085iqCJ@0gALE-P4VDj@aJ6rcY_Yjca9xwu6# zuqDzlmU2F;W;$RCeJrpGST;dHr{mO8=lOY^;xGSD2Ne{lOPnbxV=H&2y;Q4#22bVD zPXL0~Bti9AHuY%h_Ucn>=2;Z<gjxY9Lm=O^$xpHK=v6*-X+z`G=(Lf@b} zD((to=;H)uc4{e=T2j@PbSUKD&sE79gyfF0DavR70*YW3ju8J-E_@oeI)Rm_L9IhK zKSM1k&CD2jb@v|8Cvp=o39b77j`!t#&&}IVe~HRAk>)^kZt~(-saPngH$8(S`8!38 z{I@2Q0xo-T;sieQz$?*m$iP;N642{_{q__DW0Hyd%L#b5|K22|(b$txh7Z}0kA&id zQTN1?j#HHB>T7d7>kdMz0rAi#r(+#qj^-oGkwqBY(#%xR6<0+PJ=H`7^`o+F-gzyD;oA0HJk|Q26fKlL+e@6>%&iVK-v2mq z^Z)k`_tyFUSMpf;UwOzERsPBlzgu0<*Og_fhMoafxvOs(2S>8@AX)3_>nXn)|K2%! z(h5?I@=#Iu+vGUa`#)E!PGbxyTGS5MbpF>r+Aqg{S?~WVd93}PE3rV0`Jy|&F@3(< zE#K0QOjZ-IgEmd0tJ8R67Xta5Zt93zW?Xp@S#&`Hwz z`5vEo{;zDm56k~|5BAIP-`4&=t9i=&U!N{4f&W(@9eh9hKkvh``M+@pvswku=#`@n zX_RW!Ir9W+HF{htgzM|osB0R=ACt}1@BdtE;G6$q44`TM-|Lt3zx~6t{uiWeKz^K;pvV!4L=?Ukf{1!FP znpiJ(!+*Su_8Wbw_y7Fv>?H~_#2zmG*PbW-SATz<|6wJMwg121Lk{?u13Bp6Wu7E( zerDiIr0^sETm)*9ex>Ew5d- zHdwgM`D(+qV_10Z{eSynP7VK0Fgshy9l!?ue{^(M%Kx~#zmEU5k|(z|E%6edZ{~cz zT;JQ7rL%ss73p>?$OQuaB@n#E*xdb3AYv`YaoggPbeO>i$>P>M!A*9TTHenRi=u(N zuBq`YcDv9afwebpYT1F;ZMtiy*l5Yiyy8xxel6AL{O6{Vnj`0Yrvt`kQ5plxz%>fV z7;$MpHnT0bA_Uij#4d}|Zqd30>EB-FZU#bJ2vkqREL+Rwg)`y_H{*$1NDTDleg#@HSsEc9pq0?~HvyiK7kaDs&`HWZgN%mwm zPkhy)jYyR{`LZw2S`z=lLcc@H@@3TZ-PbwqzM7lP1sannlD95InudtTohD7=J3tb^ zcTW&HEWD|GBg~W$X{G^Z6`ZJ4Vdp1srL)K*u{bD@g=JaEWg~#5C=pws+HhK6sv;tB zgr_J$wD2fWKmxh%m8N_htPH^jFAEqKBH1LZ1@&EAX0|w;)TkIyekucVf?Y$EBt*Sm|aVh`P z(fa=XY97n}e@-Hx#~i3ZU(^`T9Fgz)umhC(v1Ai~jz{Ad@||WmD%NHs6)rw-el@EG z&XdX;(6c)rZBi8K33DRtv4vvNvP+e&Lo<0BJJ9Wu4+BeyO7*a z-aLJC0#2g{&`FxcXp9mDV=&}m6cx=yXo^Eb!Pen6*zIqFJ^tT82W-7b;yZ9VLP=f( zQvfN&!$iqbQW~U&u+R;DtU2?Xa{S5>!W?C4}GTlue9vljM$uOyp&>v&j~-Ll&@Ie}V+D9!{qR zJ)C~1=y?DFan~X+PMfEJOa0Dl`U=U4Lspy!*QCHgcRCI z;i{@)EeCz8ly^QQas^%sP8RR<1p(Il%&*Ru``{BL%B9Z4EcHajY1v`3es$;l0aQ-o zTX;tU5WGn)2w|@<9YYq5>I0-SbfHz?6sK3-zRVp+r5-_d!@R%WP^D_JY|4$XH-uL-Fb^8%dNsEjMpKsiT{s%HZC_Z#K6rF%xk^`coi)~mUFq>?9i8VB#*Z}_T| zyQ6k34o3c2fw(mTdmd|a(;DGbo&cPHpH)M~@rLghMmHtzq0QEosMFM#8jre|98Opb zC;W!Qtg3L$cqu}c2kF~)i1>p&)%KqZ3Fa;Li-j%#H2HrX_uc$Y$49&C{I4r{Ec?%e z9C954azV?FHG#fcyN}b0WjlTt!63DO)M$oL$%SYz%N=m5AC5n$4wcvL9)W41G0(3g z_n_OHvFXFUHWr)ZVdfV+U!y6?0!sk>72!%a>#)g z^QBw_bSKgGD+ZK0vTR8}wcy?hT&@t{^up%08iTJU2rLyl!3Rc={sWbdpyWXoAL=tc zeVjABvQLCnt!LNj!6ul6I%6>!?+w#QVT*nRZxEo93<1n|uK<)( z?)7@6^Nn@3pbwSY2m@w89f)@uY)-}ORIOUx!~M(u@wZ zK!g0hzrTA>j{m!s|5x%@^1q5%3e=b{MFS{LqwiJ+@O5R`S^$OmX112_tv2N6Gch_R zk5v*V@8xhCS+9eSUBVK!`2fFOM#44sw9CP($~7i$zkEZz__k?=9Px-1S`>7eT*^Ik z2WI1SbTzJz4fHF@$iaOKU=;1z@463lIlZPcbKX&(0b)A>%|N0WG4tzRU0>EbsOVxF z&zT{!!R@xOctQrog!00d_O>B6R?~qI3L?FGMBn$oFB6&C0^FjkC{=au%0#Qq7OIH2 z7GxKHs^ve1vN29XxTohC4AD8tu(%RHl4!Pw;0^NM?$M!Z|J^%Y-~V6DW66J4#gGFr z=0FZQP@}%6ELc0GzFV=dp;yb65Qjw@ZEeN#M-H#;n=LY$cs*!5@dv?4CFo;mTos=* zk0W3J?bJ0V?x~xvS{z@S#aF`KYW9B;qYSEP@R0GJ4~~!A{IAFRdk5?Ne-)3t{})5P z@K#@d`hGWdvk%MO#tq=BNC9CsXKVV#hnCxRflo@JYGiy{_kvjDMh-uqVjq_$koJ{} zO_K6DMBeu0yYp5rfAs|@bBnkOV5eWr0qAsl+geL&pu9I>|TU+J*IMM7O>pg-&GDZCb!X*Jzn`W z?o&pS`QOdPA?+ws;GTDNi)3I+*sMgZPx+@9yHbKi>8|Y!b7S=D2Hiao4O(xNE4R!z z>L-IvJ}NMK@AoQi>XaPFj-HLJM#a;IS+EsNmM&5#64rM@O?=CZk39Q?!U;nnv+iX$ zLeV7VKh85WK$-EXG)u)DFtu{F>?y0>>h}C2+b~~c-5KwY=mzy)EvKr$zI^YgSn8dQ z(?wDG&A=*Cg!N(p2nI2M?C2oq%+>qSwxS6EK{6R%qpUOmOhnvHi;#+XF3FoL`6M=q zN)E$!VDa(>sar4k8~*{Rtft0XyqAB=%I5pJ`bN&u;=)A5HI}l)be8duFiRAc=o;I* zf98B{aq*&B{-2U~GF~|M+n<`{|HGsHt|R{+9USbf<^NSYmi+&l9P&kFe>HQyTe&~S zf5|exeL$C@jAF`A5~Au$_(q|Ub6N>NuOfz@S<(|Xt^}u30#MvgH9=XC*y_W#S=E?` zdA4P~ly1<4RO`}V0OR-?hBqp?zD1ZKbd=e4?*8QSe$(ebN>pLl1a0d%AxGbL=4avC zc;KhoH=NpPjvM8<9Yt&#gd-H*@CIufxvX=iD!d%WvUW#zTO!6>4a|=J_|DVaRtIr@ zD!8X{r*T{+jK^*3b5)4U7Uy#__N1|I9LuV)lSjzvo87|BPvEJXiG15qv#~PTnpX8x zY|MvSRKRdZ4Dct(DpV*-4;kBVh+YAvWpD!n!4CKWScb>o3rKJhp@b=K2y3j=65%+H z2xaGxjTXeY0J8#|sme645XQ7B?ZWc$4M{SE63+; z>5K6VIW1J`e@Y16`H-*0xi!J2^Pl~FH~xSBV0V4~zmmt&|IWlvzk;dK1ec=-*6!wC zQ6p5?&7>5XeOa=0s2wB?DOLVix(cO&gP5wJH%LfP{fS62o#XxlNENL59NK7EM_l*g z#{Wr=Ce2?}3Ph zRA)=A7`>tqaoVA8&*8)#O-2CvgeeQEadAzM=8!Ho?Nb>8-;9dT;1!8HX%D%8APn@z zfGUkeRIp9nxfh1Nv>QdN714h-0BGa&JK0d#gs-i)Rqa=kpmZu~_R<G-)bQ$gqnTH2v2U6qM$h*nl|c#(T8TUerZH8L*v{UFMgaD zJAe*1<*`kOKu|ZxXOL*S+l%JJ8Dlx8i0?X?ZZ(B$v~aT=NJYEqRX0DR5!ZKbj9a-N zuf@R>WdvsBLjJM%24(B-;c1rtrINVFF;Ij2zjt_W~>I=7#T03D6x`wojO*yUuhJ1h(L8vKp(bB|TVQ$|8jIxs?pzswEo2TuO5@+w$-lYx&P*4j5v1oC8sJYL*a-@F-l(q?(oKOlBS6MU6Z{`?;pP@*5uh=o zBk*qLeXFijMsmWLI0?CXlgTVGf$=T?!LK+*#wY$W0Kp{*Zx9PWa5jS3Q#C(>Ut$v8 zs9(Og$ktqNJY(#6B4Z=XBNdu(=1h}ig82W~``7ihail>U-_N=Vtde=!&f1cEp4I=I zyz6$--F`aE+XHU1|Wf=QA@blC65XpBA|3^>92asSPmtM`X5`Uk~e`EJX_!Tx{$ zz|9xWc7A<%b@SuvpFiM#|AP3V|F-+@PrF9scl^(y>+Vxwn&1++yK|k6c&v6ojhFqa z{!RbK{_FnFU>~4y4;=isy9exAxPOKFH@N>J?!U(UpK(?fv&vTi#38s06EsFKz#+Js zCy1&#gTrH1>E-8$geXkZ4yaCvi7i}6WotvjJ4@D+Jr=)2Gv*tYEhAev@)`U46`o@0r>ehl42%rItsw^f z^?*+xx8-Y=di_u7xogw^4o{8?=f8)?+w9mo)8rp#><4)@lKI%ML|Ae_f#q*iK!ldAd+D-x zM$xDq`T8D#F#%*Imv`P{rs>=x;FB-`Bayk2Cm!4r!)%6#khCyEa+v-*^|ZBNiB!WX zqh|J4(Aq&*mr1Ch2bR9PxH(LD3L4XrKIfeix)<-J3Qz9mMl^d4oAX3d(^QA5eBV~5 zis#daD{&$iiQcnj3VQPux>eA(3i`KO>h=F<=B+pW*WuBi5dZ7&@NBF9Z=x9b|JD18 z)vEsP>sOCW>*u{#wZb3GJf+L7-WlKIue(*Jyj(lL;rJqe*g8R0D7HHBElsZ`#iw!8 zPrC!S>o{s2{-t;z-R3&;%)2g}VNW2PbA=JYeWN5JNLq9c$2|U?QNy^%1XWb7uUzv=>N^ce!>6yXq*3I zBgM-9!G?OZDnM!Ufybr=sE({y5m^7VPl5RM&gTMmJ_YH@FIhhIP@KH2f#JabU7$F@ zBkVB&U3Gmli}5Ebsj!oIJJlijN@j=b$M#O?_D<>cPH8LURID7Kjf%hDY_FBN5Vu?1 zUMqbR#i{?tchKv9~Y!0;}BBD>DXsNBxS+;U^tfuO+o$s z!bzA_n;K2{j&uX7%^jGhFkD&Yz^W8}or3JC&oO9Xx?0uMOiEbLp@0@45(a_AVXIOO zY6^kl!(!*G3g#)a{Z`MZrempc4BGYECmFO1sv5AG41?T$+4%FNd+*W)ta0O+&5L6o zQk`3{yLqB%EsdbXSU5Mzcx;iFO=onQD5tBWPYJ~uyK~s>70n);(`u?BOhAAj_iI4b zhhy-oWBu&h5fUI6?(P-lIzPGC{ZL^$k?hm{knb|sIv8466FXXT z8o3qV93_ID+*>Gq`wp>gqTUmJO0P%_Ws9)ilP6# zVZ|0wj* zHPEZ=p*|8At1_8&RoE42AYh+8ed zL6Q|K0!87hn$kBSl7;NV=(iNd$gdYu86RK(o_7KNf477MW!suX8({!gBf^a0ZbV7A zr5aK|SYzt%vIf81lYk2T&vVQ1v}5b_|2;T6wDW(R9UgAuKW?N5{?FFTl{6N;&xU zYazi;{~7p!DXy4{v>0(SZxAEs&jHNZv@Ml+|1^@99sNrF{5A~c+#<(;c`#(6TH#q| zhb<1Ui(>7Jkz5VpLd3K!>Yd&b^qt!Stouc1!zf&Lax7i9oFqBU^(GZ`PMT>-69;V? zsP>JDlm81xhm}cyTK)g{$maj2gRTC*ks?B}Nx#pPaDM48Jkxl#)cs5KeKv13MZN<- z0Pj#hg-S2}R(ih#&$PfWB#B5uD=KOainaZ0i@^5=*82tm$+~z*ili}?E-OVY5nT$n`kdddQq5(@2l_p$ zIuphehi^2t#3!1?gvSB7gF#QP>2j9~^ls^JUG8zVu3YG>)RYguY^=avCC&aB4=F$DNRs(dDV3Y=`tEQB463Bv$on(#2xdhBIH%pRH-$}MU4DVKuP+N zpnlpmulWYA{zOTs!j3Z%MRN|Q*^G2l-7QM`dg?piG@g`oI5<=;T><2uM=o8e7Hv%r z%%D8)HfTH3mF;yQEC8urY6mC`cQ}O1|mLztQfh7#J<4C>pTattG2<6HT}3 zSV82P^SylRt!3ddz8AWwR#>Lv%bUpNQ6b}JbqZ?7khrTobk7V}OPsq`!1y{x?~3Hw z>AQMVIDl6#s?Ok52bVgA*BWYg60g264&yCi+jG9zalC@O=!twj-Lpe^1#%7N@)EVW zIeaB}L17NM6iLHwySq*&0NK(S`~dPnaJmAh0cq5GAs&#&c%FmQ{q2-vi z`!*_k*}Q3|u5XmVIh4J{I9oGaaJ6iWBX97uNE?9#9gJ*q-?HqC!;4V7PQLcduo_M* z94^dqzP3eUTiTRL`=9)u>E{^oU zPnl>|p%Zwyy=TLI0Hz6$`vbJu`)G)-!U|Xst}Cba@4t7lA4A7QuQf5OJTL0Scu7U$-;2s+fFi>CdS%4!5cTRR)VN;>q_yK(h zPpHx~>siF2>;EQ(qY?J5NPxY04JWAe|30$U|H;Y8*8h7WrDXjZ!@EjOU;uusJi+S3 znso&Cm}qPNX(S#EO9J)lwXo|%t_!-ahzEo2uDN}+PZLx_8K~-Dw65aXJ*M4SxYY(sGR9QB&ZM~-1(qSEq!D26i3>$Y}2 z$v@36R^@5=7%5ESm1&t{4x|I3DVB}c?1upgU#P~MN#ZUmpohFAm6V`TkOOfj!Y8JboG6TOkY zGy+iJ=cogFEFAEUUE1=0iYUb-JRgm4h?8d9z#9I4G$`=@({>17PD`4BO`cXVVA-`>vZRhh0EQ!V4Mg@7W3wFlZ??0a&4+h1r7o449NVCDS21m`^JCxib6oOv|U|%3m zybqc6*VQlglogG$ow#aW?8;3fv>{qqJPv#LC=G5+#?X@|x->_-r z3rJ!-%?;*UpQ*@*v?^yG(eAE(c6)iH8K!&S3kY%Oqc8!7MSFh3izO@Bjz|*a_zXY` z43=9B%eB4Kp`5$vt&;GFOH28$;&ikM2T>>gj}EQ)pNEHMTmR3^6ifbRAzW4}{?)8` zl+r&(ezn41k$Nlpx3d4y%KoNJug?8*tAnhxRLOsttZ?ZtP__I2GyDAK;P7mF{=bo8 z$bXeUb1hfIt=y%{1gEF~^;Kh3XbF=m5+ytDb*n_M4I)>#k|1j~`*t_IwRYPDvQRy8 z#j~)+XTe+GHj2w$2+zi#80SJY@p$fqE0ouGKRl;bWk?D|yX`&k$5`C*KOr$3qy9(e zd5F^2#9t~AaGm@g*!h1C2ZPhC{NG3s`S0HI95j5e0UzyUrdfLQ!2tnYZnb$V8JuMu9`_H{e|)f(H~YP=-_grA?(^P z@Ijw33?lPs4IRmq5c|%^RD*V{>`di5kJ4@rm1qJotqLL z)wtUfTxa+kES*O$vCfT{EUKRU7Vf1RG4Y|sBUQn-kJ^TRc`xV~I!lP{)BPt2Is>3$ax_8kEH z7|&2FKH^ymWM%QZ*8zN&qH2i00TdQ;{&oUmBww;W8HZ)xGlK93S(e}`qlDG<6&(|J z6zg4Nj9JgA#UJNfnvGeEV1fVyX^4MI5tzWx573_McAxj>NsQP|4(-Dz+MkgiouW64 zZYuFPfASOmkT;pjra#dqf1+K>9g@@2c*LowKgp9x2;k>Q663oxQCH5?0LkbUF8Efs z3pr@64@B!){jJcdDb@U+PVY9r|4$Cjiu`}O|Jz6r_TSgvuZsVR8S~irKO;zM{;#_J zZSw#A+5`YeW6x}@-~ZFB|EF13hA%G{3A>IOh78!vlg(TwaEwG+$aiQY+Rk$xIT02W zXapsG*~a#rpknWhdi`i+O%4ASe_RBRQr6eSBtZ@TKRP|I?SBV@v+ez_jTFuPcP$1R z@X-c2TUb&cSX1ahnFE{g^+FHY+Wl(8K!sVb|BSPt%Ms5i1~6rK?*DT{_oJED9ZFl$ zJCvkx$h*c5Isruqu=0oD&lik77lLMmPN`<}=X#<>BEXyCSD}`*%kbN0BMj+ecbJ`$ zN&LE9`Q&9lQQ<8IALB6&VURUzptD1#cl*(db)6qx7zu4b597$CJgC(U5Y)(Em{8Lxpq6OWjXo{% zA|r1==OrJ0v9w93uNmIvCo~6B1Vai!Vl1f6Une*~0Nzm)CKaEh6bW@*E+zxU_sD~+ z!UP3VK$93pY^m*mdjvv+e5R_i*NopJ1jHzc5pNFVNO$xl$i~DgtOIQY?sxSHzyIE` zC)ZGMuxy;2m6)Pvz^Oj<|GH{pwf-j^zaS>z1;uZExL$|<*U?cS{^!BL(Ki3zMha&- z(t!%C-Vp3c0{GQ!0#lNP$=iq_MMXXS1Q7A)tC)?~oO)0>Z#ji3Lr#~f-Np5d38Zg+ zxMowxp=fl~^x6k+NCIdYMI>gbhGsUY^^amS5&luWb|5Uqs0+HB{H_G*I6+g9<6M31 zI=~&H#2_mFtoqnC?^J$v`=^<@DxPUkT^m+yKNU{gTMLcwXVC3;i?$Az3zrKgUYVoC zI9?)L`+x0!a5`#9Pqdr2FWwHpc@U6$K*C@SXoNgG!X8^I6!iH$Ga+ zkSOUfrKfsHWC*dUI5hC0j_KrTS>H2qsxw&9bsl#GwOFi1*0BO>wT~VJo>jRG^x2~`S@vPeXrHnz8;RqzBLg2F~_PCEJjJ&8XB1p57tUQEJ&kh|*$d5cSc z8vcKHR*3&II6U3*|BV#E-eVH}2f151=#QE=J#E@-(%*+|&Akco(?IRcf#*zcpTcaJ~e2>BTHNIdSdUwu}cNfnQTUK+YqUG4r@$h0O&KOTv$fL zr^4_VqIkL z#2?h7!mE`d@lf3{H(qMw|I&N^|I*<6|Lk~R+kcPFw&(vFDO}30bnpLl_Weu*lhMd2 z#bcDj7*TMCMkGdH3gb^=cZwd;e(^Ak9y}N0c8DySCQBJl|Y%S*~`! zbVAa=2X_d>X~-qKV>2JY7zP0fFr7-51o#(41ayyOGH zV4!%4L&oKC^8b@p46+Dvgkt_Z4ihv+aZdzFOr%L*FSjdD5TY51b7(&BQ-Pz%kHgIe zNgz9VK1xvhgB+wGxVd@ddI179i3BMEJVM+|K}G=bb;7$lfixd%^ci_6r`Ha`$pppV zLd+WkNX!ErB7e6hE=pnc9SVGgIz`D|8FB!!UmOM2sBDYw0W3m926&8_l$D3UX+owj z!5(C@&_}FozX$$0L16|0v-!`ay?o6;QQkjq?ga>pQy9ZAL5PAK)EoC$n>==AOn1fg zsyhTGBqT8dUFb|2itfnP?n(GvQh}O_7_2k@L@~*s+#!!lQK7pM3c%AT@-a+MFqibg zNk*z3xG@@lK{SE;0h*zJt9zIVuL0R5a5tBZK2!{`2y@6$xw&~|4$cU{B#n{DB3=_8 z4b{-g-^%>}Q7|F*;EMP(13~=05?+Qr`i%Trup@QaT{f9+ z)#FxMgOwYzOlE7TV){!>B|j17CX-qPTa!UNZA+0;q-(+{?kjWx7fdz=o3%dF-r0MS zQWj!?C|k`MxWj=JUEPfH=3vjPehJ_H*S}Pv?nPDD8vQRK{<6_OYW2U9qrs^i|KsHB zc&qskj;#qtKTE^osbc*d_14ih_8U0gd2NvpjmiGda?r}q&c3*g;C+bVRpDJU99MP& zhnU}y$h%@bY1$p*s||Ij$%Gc6y_TNL5{#OWg=zc;Hq@`FRPXci(%SK$;0sq9by#qmf; zv5)ouCE%V%XcL!w*(;e3Dh_jipEG%7eP>_Z#VqIuMG3f{ps?8g+$Ta|1%2c+5Yu(|8^Lee9zeBoV}Y_n7g(>E=c#RF=yl#w;a#r&Wb|67&zD%J0zYy ze6H;K{b%4j^bKOGRQegQ9pqMZ%+B|paesa@mq-vJ=+6Pn;Mx<#Y(krjI&fVeYczcu z26Ilr45)Mxx6wCfmGPftTZXMAEj$24H99=Q3 z4Wgh7a7LHx_J~QCt%gxqit?X8AI1HTFbJ0S{1&A~{tu1@2bTZ$$?@UoR{n3I@WuQZ z;!va*j|dJE9+O4fe!7b@Mp-VX`HbnoAm|z!RJUdzD&r6*UC?V>A4X9y&py~L#Utpo8-FA}&%SQZd~SYoRLj zxfN)oTsI%?g@)M)ekpH!m44`JL@B{XY@a0?>#bo*)l!TQ-sS#m}Bt|Vl zDA?q9`jNFvt*k{|Uwr6mo+Mdcu8|1h#7}+_QaRb(&_%NEu50xcTG8`zwQs2~-I{fu zPDm`HDexsyT=k64@yyMf0)hwR-aXBh3;#abmbZz6VQ{KV`AAgAe`Ow7dKXY9{|`HhI)02U?fKuK?f*A8Ioh88ZKQB6 zQat2XnIhmg0BNNVIKD3`2AHF4TLE6$pPCoiN+n5g;@623-hOG4vi>vhhTMaD1SW8n z-^2EKcw628-P7aM3D8nxTOAF3^m&i{uezjl8hCbU^KJ^!+}iYC7*!dMfah^= zol7i#G*IY%y90uR@sB{n+N5pTd<1rvuX|KbF8`z1l4*akQZ4@v4vtQb3jROa z{O_A7LK3{cSlNc3dn2}z^8AZZ$*yN{*W|kXxFFN@6z;7gx(>CKOxHdvO7tprxKl{D zu4RB#ogG1uV^F2@(R+WBU6XUk_Av@k41>jFd`%Mn#++*X5?Ra4UNqom7vbK(DGtXx z0Wp&-A&6!kmuhsF)nShWJEs8hg~7w$a&an$6ARc65BBcq6ce6I~eEwEbGB1sfA|za4NeJ-&RIYP4WIY#ohQS*rVTUKhp$TTySn{n z>Yh9T*RQ_^7uT0&SL&!r#RBfp>D|TkJ~32Kb=52 zk+*OPGnP+U(X!DjfTn!wnaBfu5X#wSyVL#tj9lj73R-xdM7S}xp~wv~i5#J{C- z`X=y`U{nbKP+U-vslzy1;oaLaPzGFxkTl`i)E@9AFdPdRAy)&Tnddd8{K8a3DCIfN z9FvN7kPQL!0~8+}(sXKc+A(xhYs#SC%v@s}tb3NZK}InVsd>3zrqjEgM{)1dpJ@-1 z;wmcNkj8kn90aNfNMp_PicG*9ZpoOq;P+zWQ|B0nTA4n`maH}C#bPqC44L}x0(gf4 zYN?Cjp|+?Q4!iZhU>K4l%RXV`AIsmg2kYy$ib_JdxBtd>a76~-+WTL}w*U9(;9z_IYa>Nm;r{;oVpS);;$D3#1F-l+_m@(k zs&aA9jYrDL!#<$BW|=GaG%gK6=QKI9Pjp)||6MRLbHJN8FJ=wZ9TT@U7TJbbN8C_n z1T?edwRy2SLcKlQ6YJ${*KF}M^g8Dg@#`LZUXG+a`>)tX;1ikypCF+ea(m|@fBledsm;ZEGx38?! z-v2r%SXQK&FI0&s%=?)sgnOZHrEOifI9hqa%#taJw4gp|K3cI{7;1HTagJM zi|W==0gzv{Fa)SM+RPN7YPYin$gfPrLp*Y59-@U!m<428Tg$)$R)v<;SHy~Fqk4(? zw}NA`3dKlFes#+94QWV{0sWCwq+0neL$EHR2Gq*`qr&~~!O8ai*G7sV|K(V(SP#g8 z_%5OjWFNQJ3KWNGdQxCb_=U6tMZu!7px%_}464};st&Trtp@R}YY=K-H#U8I+Y&zG zDSsqEUsB5Df1ZeGSpz_g{69JyoY?#Sv%{_Y-$*g@zpY5{=V9YpiTwPt7Q#N8rp<(W zeO9`qGP^ZN+EymaU1`JWWx4vQ$l8D8cfTaF)cJc&LtkC)uS)FyQKi0G&JD$V>2zov zaYi-5M7n5#@r{Yd0hml+BGmen0pcO&9oN5}(|0Gx1- zh48yX$Kdu;-lx>bs{0cX`(ihzpS*n!se-);3{pbG&Cnt9Pm(!Djqb>j6L@}=DQ64)% zDwJGbm)bH{f;|!@5Qkubf~k?lQ3?V~K}u5?1aqFFdIF;eg#eD2TFv+l4#!HmjAAkc zFwA(q*c)J&w+*G1`x_!h)?Vjxg)4&J!FigbeB#EJyXdp-!%thpmJLJKXDbPti z>RDfg-TbcMWdg=1p&)`W8!1Rds97HCBw;g!jrbUS22+@L6U3kLNplZlKaYZ|?X0qM zfeWsc>;p*`H9=u0vE|ch3g>L1KoBFE1_{$kx${~sO=j(daNLBGdVHy(#1Mk{NhhW`&vj%@qy(aF~Tdo$$; zxPnQ7;*c{BG4LWF&s~ZGpDl?9dY|AJ(O&0?;PNz$A`&MQ&F_SiCqK?|~Qv zFu^m%nv;q49EN`92?)_x*l>5E7>)2}M7>V$#r4PQ zgv6-x1Y8I;{Qbo>@NrB#y)jPu{9l27r+4?yxX=Gp4<_S2`$zqxv#_57x`W=QGy)?W zAliA>qxVtgS?>;h>OAWuQ}#EB@woHs|KE86-oqG^l!D6_FKMS2#e~VCP7nJC_C@uW z{G-#GQIGhj{~#B z(xm!mh5{0yxCd?~X#QP{GL;KJ)-KFKyLtT72NwIum~bfdZ$gpQFjJWFmU-v+oj|TF z<8a)00wNqC&M)oW_=IcLQitUM(lXjfOHYhOjP-jw1dK_ZWFDcR8vc%w0@Btatww^( zJ@HEZ0%1D6LoriHnO1qn$q}O|3KQf51icAJ@DzbLNx>9;LLvl(8lfDxP!)3}p6*Gy zDuoS3QHBBI(&A4sX^=9#Cj^X05RiLtjixY6u%{|AFgueZiRiH3r)WAuagW5~{%&Wc zmWJYwcJHm8N}HEHu6Kxm&xlz~pw5$qBvJ&@TI!ko7B@1pzIUEf^j^$Yg+`1<0g_t3 zLe%aR-|Mk2J1~lJ26FHiMBcV&#g_l?UY@^r{jxXpSJ+0K{pXo%ied5u6LL%(ZzLY>8 zg;481VRd$U;4=A+f+&q6CNHrN%Hx=%5o5g4W*?9-_P`xV?hz8)?9-p=|Co@elrgji zI-P4AdQ8g*2)7bQ*(up3cZ`G6d~?F>N=hfXhm>!axY;B|e(E7Gg*Z%52pLe1(8Oq7 ziF>BFNHYo-#PJ+JZ-UW`Au=W~V3-IQ^5Wg!dY#UbC*U$nV&bP<6OaTIf>J6iRP|a3 zOfW$~gklQrC)k@PMJbhrGpV+K5Zx=ZIBypNR2Y(7rD1_74B;5Xy)Dy!yv64K`9XlX z005W108nTDIX<)R|D7EjZtXuCDLg>7G=x}wzeU@(^4BvahA?^?`^baNCmi}ib+17B z+jf*!)35`8*l6m;cnMs%Q<xAncz@&9+65?uau$4sb*dQ z=7(sr>;z37xm{~lZ$%VO@u1+eYOs^sH?)_1iAO+r^~qMaYvXk~8sX2zNuJ(>ek)}r z0#oX*C8%BwX;(IAxL7=;Gw)^|iSVQH6D#>cx1O)M8LEMg&igtA7dC_c*$hv2ol!W- zh{M_8A&|$K)_W%y)_)gFJ?60H%_742metW73@uz7y|56_f6)ke!yKs{5`!J|TRuSD z3lU-J@~XQFcF;6R=Gn{LT>($n$FhpWE_&*fsGt25l!d)-4-cYkpbFyT=cYGABui zY**{pOgb;Ag}Dp9fF#CKZDbEcb4q5{P3{`uuF3XqN3=I8&E@|`K5UC<0d@AD!SShm z|M&E08~<}7h0FhU!sAAG%OD^QcX=um-{%=#VQ@u+EhGleQUMx^b+zs_$*PI>neN-d zUkWrd2`L^JKAlhXXZ-J>d4GrdM9Nyc(mt;y_6+PVB_R?Rk5O`!y~}^=LV1!TQCEEu z#Uvpf2_!K2ORs)&ah2811hfeCTn1DLBA%g!vHM<;-^*k(QXKU{`FvLiBmmSS*`VU< zx!^V!c6H3;KNv^+W0i9LAK<$_7xVp(nzpqD{y#W4J1XS=-^PF5OwsK>*+npIyi1w8 zkwk>Cioaly_Z_tABxJ#q;@4*P(Nk4=I7(ku=cX(J>|EJsY zzs(e>|0QXh9rDK{iZQ>QoY@|@;`ag~Zh%RY?WaQX(ZS+Ht&2V1h(V16hUP9ZbAQe|B((66nD5 zYcGjERB6Qjr441#1AsdIe^j{tb9Q`iw&nkuD7yY9t+zZ^lnzp@^)rK`L) z_`In&-jn9To=^#!+w5}FeNQ+lpJ(1@fE&xB-ly~q#UV-%?P1c-9QfEaxbTTXF?B)_ zjt>6*-P}BDRE7}qd%Cw?`Dsp{mz`7I7<0z zlj`Is4T3rNErkIdVI~oxh*Q1S`709LJ?k&b@gi+v&gSr4u zvGjE3&WSsBb3TqQ-dwY~JokNsyxm^sas(t(7eKO`o5GJ!gzm{N*{1U1CgjLVY^$e5 ze&W8!)X<_eC_vd9kX1_GSIm)29?0WRV-_}^ggK5G*#r>72g!ub`fR*yGLwsF7Gq+X zP@jg4Vdv8E!7P}vwWCc+#-`Mr1W3iil(Ssa;(AlvTRQ2;#z zy8o>Ux*xlZW}Dun7brpTl%Zrt*%Ygp#K70A7%|Xy{WaZkIn6m%RIysw+N!A8a+PT$ zmO%G2_raYeTIX&{+S^72!w_N*h0Y6wGZg21(DwlZQ~=GcTWM?)k3c@#0j7YWa<558 zuNGvD%~q?mNG(QDSgbjf@+4~cdNsdxEbFcD=5dx9{a*+;6x04k6wYu=LT)5&w-u<- z|BnU-cKr8)late}{=bQ$`+sO73}!IK@Gd~*M&E2|^tA8Z%g;34hQgV8%D4SFC$rc- z^(JVVg}g*Rqj~NmmU)Ef(7N6Pd7osx08Sj1ZV65= zfBcN*3cG#HV^haaYH*tCdWN%ba?2pSL!+ULvf>7nBVYn#}jzmhQfBE@$_57!9ALiv~sN{W-d`=9sWgyLO)>2eTfa~j0OzYOY z(MaxNIjGjiYR7@CcL#;vr$KdzhyQ1Bz3?1X@M~>yjedL<2|A@p3UIMN={~y@-zYhn8gRTGPMvA%q zg`fPA>tB7&UCya#g3R6ZrL(@KoiZ)u^PX_l=X@fsyfCxiupF#HIqP>BIElG%t>+f< zebcv}gUKEI#U(ENGp&~KT)Eim97UisAv95Ux76Pn6!nPn72R3C2uYl>{Qi5sXW|e- zaRyO52;b^}+me@R{+}O3(Ei6X!HYS8)$sqrgTbKS|G$m@x0zz{f9>c=-7PNV_?pkG zsw;TC^Hy?pyS)5jwiTyg>6@I|QBT&v81Wcpv`>>5CTKkGD{xKvDV}_!5%T1n2MLbj zo4GL@WCv*KJr^pf$)SE%H~Xmj4v8D|-R$c$VuI~jeg*^(?ZPXMt@>)c1k+|jMEvh) zt9cO-|AEa7^X9kfIna4 zZ_7_fvkBB=z&^?oyfv7GdoC-F_?{v9HWC`0cKT*oc$Lm=_6zJ}(Rpl8yhA^ux$@>D z*GY`S@ot&7S*|8(RONYa)ETF6KWj$G2SLH7k_6muZE->stnDRZku_(u&l(@2r0utQ zbfyBvQF<3(FRv~>@985~bc~Rdq8QI$fwE&o9p-5T?M?p(fD42atEzq5k>*YQ^W z+f3oS2><}z$)N_?Kr3cc&WrNOn)3o92sz?^l|uf zsIpwhL;i&CLys-%rk$}6b%Q#2*<+^8}|)2vECAuU0*7z3}gX2FDz+w)`eTZ(8R zW7u)j4+c{M&y&Gx?7Y~vn(?n*|3YpoVfy8zPX9YND#ZUi-r9dRQ^Y+BCil6E6$D)F zlM(oY=Hgb7)Y+KQ2e~ggCLxUH<LFMr7#c1_ECR+i2l@g<2x^=XvMU*H%#&Hj{R6P4A& zA^4XOcUs&fRHKxI>lRa{r=GtQ$Yilq)zo8KBpf4Ox=gWg4oLziO1j4PdTi4y+O<0* z^pb9-__LZVyJjx`h1!8LR~tS|AeEPgtX7`RNbrKe82&|MQZ_1cnrIJnbhAm4J<0%Q z;r1_|D&^0+yDFU=xlrcV07e2nrRbmp#h> zv!*{r3?hvJoV?;t``zlQJNG!5kTl7jb+zWQ`aJ#r$0;52Pn2!uGUW0ds1*YKM0fVK}1LZP;U%w`_nM#Couffr(}v))mwn6{PKQ+Vg#wEb<6az zy#6gW(qV}O`V6O0fM}10%&@zl3~lH)u*1FWvknh-1?_jiPLO~d_4o@2P`C?@Oi&6O zw;pL^v71v#OG?@+j;w{N3zfrS?I!3nKj5R=vX(xoa7<2h z!=51dC-y$VO*VyuX|k0M9l#pX6_jlOsyL!*xJ2p8Muta7TzqW!=gW_dx}KxDVjgm_ z5#tS=*9=?r5IBJshht-;SG$e^)$7d*s$Dn1%djmQtX`w9-OI3e43W$KhWa1=EGe;$ z{0}F`_WA$dQc2;U;HL&biwG8H|X1Gur zRiCQNe+=LyE&h+v`D-ULlir?YP*@*VOtT30ci!gxLew@-gagMclaTmIs0GC?ubpYK1t zE<_T%?d*eh-=AMB0E~U6KuExgqoe>`5uYvq<%;+ULT0PtRW9@s8~J*K$FE^z0>~cc zJ@R6d*tn`lPP~Q(0|YexMhhZ}t*S3SCnyeK04~D>#Uq|G`4)fPfBG(uMz}Bd?`@~^ z9Q>f7yn_Ab;MT0g17ZsB&%t>(7xj1+SoGOL$fqiBE%Xu;(>)POF`2~V9>5UrJ<9`U zihrOY`M*y*x;7zD&Hs;1PYd}U4$n@v=l>fi8UN?&8oVH0Iz^#y>EyED$AH|yfZL5; zhyz605iwGU@RkO2LejwJ7L5>z@Y8oZ9B(*AK8R4P0*QCNfS=Lawx+Z#UjP6+A0qqn zojM(4Pk%ze6x^r_lCr8qn*Vx%s25|7_5$s8zJTHWvIS&7hR#3pVm@?MY1MA$OYWk| z$5dr&ZcF`JAA8BIpf31-|M!23$N%sD{4cQcHWVTG011QnuBdVQuitOwr{`HZQ6LjN zi0t7}6wKMQfkBYv6?f9#>VTdWdea>^*V=B@3r7d0ILvY`x9I>58UC^Z|L1=J^*7LZ zq$-2k|2`NDZpE+HIKF!-t4(BHa2Qm>%a&G!5#EIDW1@aVseM%x~%KKE#+50 zZku*sk|dGrfLhMHIev{E+)q%*xsTX{@-)>V`@A|V4bTh)bsdm#sjpO&mlbvZ+$Nsg z0Tuo`iz-vr4OOvr1Z2eqW6-h#w^^3(TSo^f$3REEwgVB0DW(YuYdg`l1Ijh!)|f(h zbJd;DD>hgIc#25s;$TJxEG|?tg{~0-cPJqDjy0g#lcx%$tDwmU=pE?&%71=%^d0Eo z5GNQ0FHivI*T^HGPg}E5X9rw>YkRRk2O<<>;;R<&5m>qdCg5fRut*2w7#lrUNe3*z zYnwtNh=VjnHI<9s%H982LMZn8D?&= z8FXzj+tayvAj@V`*?cOWQDqamFtxuXLSjl9)4U}*CneY%mSS@{sGv_i;d8r)%zdcs z07(cU;!`blYNvC~wuB<7n&6+(yBNmY?;^nBY>n+4t#9|hU77$7hTskXA{_sH6tdb} zH6?!E+UN9ybp}&F$sU-Klz%;eGXx-@I2;G;GaM#tuPV>&7$}JnKltOSJ2xHwa=F)G z7|;XckrWJVYF-hP-ia1WvQnZ*+NHYPMHXzdi^hLA&ENT4F z+Frm6q}gsNtUg0`wIz$8E8P6OF@>`YmP<9r^@1;&Qt$;Z-u6!t%JTp$6Lg^&is#&i zO-y!=N4uz@aUMcXUI(v7Iopx6LHS)%_%*G&P!`wY%OO8plzU#3mY}@Q#MlJN;>P^r zKv`Y8Y1@gRL*3!`@08ZT zZC+f||9JHaBtZrXejvH@fa21##syKX2D&WDaT>Cn z??nKq@NBeDUTpcg zUu)B0?1p?o;lfO=8tAfA7D;6JApRIb4_z51b$)(XZeuN-7?nU^qwP#!MI_N4B} zhdxPYcBw(;AnYD?B_5Io4Z*J;IzV6I@`=5IhM>#soE5V)?^ET(7=ojL(@J%Xyfnti z9LTk~wMeblBBd?4wc4hZb3$6L9m-&kRL(dh44P4Hk&S{qw<~E^f?lt1#<@Q9jHo)a zC3?N9UoKyip|^;j;qV+=!Z-~>9F75`ASNW)ZHV44ug|Z4cB8kDwowXip}}Pu(K&rX z!gquuHhPO_7L7{_^nRhmS-9Zft^>UvW0FP>6FnJQhz;%!I6!nx6EuA=gUfIAUd4EZ z12jf2nJ`oFK_3Eok;2S&1$-FjQRI1K8ePR?gpI?41=;di(d#9d``UthZ@uV685JJ} zdU_5U^YaHWxJHT{==%nG3+(#WiJl*m=pmpNky@AHRVq|2n{W+!y^&Lv>F9kmp{AjC z!S7KN&4*ue(M#&lJd(9>qoDd;l*Kdv3fJ?0PqCtYu5{b zs=>DrY6TeK!6^UeLffOKfx3&61@zQ%mg`#2Oh zViNAk@z-wA8TUm>V@3IP+)cUZK{b^N^-nk!k7tWL)EsjUFBx>nlnKIO^a#gIGRPs(a zr;R%9^wdC504WdcO*M+-i!+x?`%GW>P=iU$ovsX%pGe@-90{RFVQZ+WF;NlaCG1MO zaq*Ha-_WtTB7`FaBnB@q6@ME9YJiCz+n{`OO78q;G|@B_2~eKi>64-c6Fo@5N-)s@ zn&{ME;==^Cm?z>v)r{o;r5Axo6m`GvJcv-cFS+4W%Y&~VFuCYBzEU=CTsQy{T^H45?aG+XpY-#i-S^m z^eq@207x=H@qV*z6`*{{3?I`pNH7R+h_XlA+#%Xwdz`N=y|!i9V(EYOZfYfM)aZYw zM}_=<$7e^|_j-(bEuE+u`%JabBwM*kwe^f@q(mxtEN$|=+;ZVi+*+N7mFbW2fIzB`IUOpHFm$$7 zr~Qo-Hi=Ok65LF3jRNE)B(6Q%$~2QN;Ff=Rn^8hEEDT(n1_|K?uqKpHX11{VmRB<5z621q2y+?bdvL4pCzQK;7u z>$ps>q6g(_r7OB;sY1Ei*#~b(xbOIA--_^Asg!D{DXsK1iIGUK$#nSJtkSJ=tsRjx z^aTeNhEXP}Vd#I@k$)(|9E`{G!w&mbJ<*(mKkR5f)cXLBkT>@N^kFCaGqa7x6g3*pYvz=Og?X`7guShaL5o_64u4 z{eFdM!k@7}G&7__$yc+6X}87*nlX-W<)V~ z;86V3Uh_3v_$WyfAb#fXHrg@e zwUb&kcx6JoPH5?pvsQeYNG^m|lFg^a65UBJ4#&i2hyC1B_VPU-ZRNX6t~>|VX%vw- z5oZvB&BkQvK0M-Vx`ogVTrMK+kJ#d@xN&bM_{BH$|3>PFYf)nR3=u`M$P{J@Ze-n*#94H^S^DRJOStNn67T?U#XN^W&y$cZ!}-&bt)ZA zi=mv9J14C}1!<+Kur;da#(f$4rYDcNM>7QMuOAEn3*+$)-R*(Pk?=VYSMv7MMnnbj zgG^ws7TQo!?U{*`l!S4B5Xr3^l?-Bi-75_F^lJA8>KY|J=f`iZ<%<|C}Bl zS@Qqn_+TslH&R6Y2N?QaLk0K>3VDqSMX)h0S$UZPf7pv(uwPd;fQGwmtvdNO=NY zhO@7;{j2BIrCx@Xli|vDhwZ{_G<8E<{T5MdvBFskidOn5Y94tGLo5nsJ9L-tr<{2K z>S@aO%CDc$+?`XxLbc3dEM4V-xo|`hesbMz!Dh_p@(IoR!fUEcF;MMgZihdk`8zan zp}GuJXE4V6e3b7{-e%09Fb*H})s^(6Z1>j4e`pM=CwWyj@twgl|d?{4X z=Lm-WTb|;Hhd`@2AU9FHWhw^m(_ghCat;#gK;O@9DWyTcNz5Gx7zf_994+}<6IF2? zrDEGIneve{W(1VJoR#MeMwG3)g zR6Ea^!ii%NPEnX-V?*_HF}En3-DdZxs0Ty#f~g&T%EQMe!gHqc9NeMg9-&ZpJj>~( zU1XwcC)1bSB7Nmv!p}P$S!n@gyJ#@Np-%w}=e^EzaH}ttYP;ok z$P%Jfk&K5)d3wy5%+BxgyK9~2;x?$4q%cn&2xDyrANqN$JAR3Dgptq4z_E0+EwXa* zV_il?iHbb*$0L5x?H-Dtdmah7{tqPya|!}4MjTC&CKUTfxcg%&a(b@Qn7}5%w_`{^ z;mkA_ynOTiFAs+N&-drAetGGvaOk)Qz*&X52Vj42WHtnBozi{{z!Si4Z>kk1 zCX>kI`ki9!)^&pK3P40`OtV&@62D=P*ZG9z&Mq9=IO?mgh`(rB)TwA!R#eVm-3YUNg?vYIk#+?QXQq!)?p`#lFFm%62C;8>6xf$hvm|rTV|T zU$crf>imCCPKy3NhbLS8e-lOM|7@_op8nr7@?Z-!zo5dmj6K*yQ&-ZO5ijqF(za`r zZQH%I>~K|UMXD;zgZ7o4ixw3Vy%}+0T4<)iHL0YT;?XPD9&Tkrw^@o%)$Qwx^H(pq zTP}Oj)uNv0R^#`|YTRvVP8O{_1e5Z5g+1@*Hzn*@k8EKtBx+_swS=im$m6!E+8-af zKW=7mwSgU#0P8+n7ihQq*Dm6&ppCltAA`E z7L?dgR()lt%s$vUzHzg%^7}-*1DWKqM!<}oT&};kiZs}`$Kb8X$~96GjxOp-CdVM- zQhHkR8m*MCK~HqlybDHX(wd}9tVdcGc>Ffm4N;-k zlbv%J&ov>k4pVdZUmveu-t3xP&{I>bx(ggOACr*Dds94fIXj-?nP6 zx*z}jJnOYG5pvs_5u6*jdc@V`o4*fT>vcyGP3$^&0N>D>4?OQ5NJAgR8ew)j`zqZ* z+ZDBZn`|X*xZUg1kMCZdzxep}&8xqCeE0S(YyaR@I@R*@Z@2Dr4Yz>A;8srrp_zLb zWVXikj5XG@YuO54qGwDa*ZZI{Q)p=Ogb4!a!7W4hM~3H*@814$#WDVoVSGb`ZF{7u zGc44SjEE0*USeTL*Osq*t!2a%?#YW_C0W6XcbD&9zGEEW{QJvSmp7L$uZIm8&FZMA z;*4|jAfz+?hj6K+YgYG~6jl`eKEoUK9ZeI9J zqbN;G<8q$H<;a92vb}T%4|sFBEo(3C{l6X+Z22~7_WvixM+N);+40u@XCvhac%{br ztMC7Tp;7DCf?3H70@<_WL(MN#>fD1GZ1`6cqJE*m@y`}`Dg84q4Q;Dzg^qVWwY@g- zrWW5SJ4PU9QBjPp6B4bj2daTeqAk?}LX+zR#>u1Y!LJiSK7G*go(kl0KbqD(uuha1 zd=b%X2Yp7~9+)IaB>ttlVCNSqZn;Al>XT`^?A;FC@KV7;)P6KC}z0GC$_bj&>l+EtzlP2Ro zg^MMQI2b?=dSQZBV$R(F8*1wX<2FO^=fR%`)(f_Xhaeyx4A`IcXZ*%RpZ#ZlmruMR z)>;ycKg^ccz5mOCKd+>X>iyrr@yXGdz5hEJZ1;Z~DNn!^AL|FR`Lm0AGboC=CCuMD zHik_~)fsXTt*^JiEbi!9oiNvIK37%NzljxGswq)Hi4r4&_fB{Zgz&b`YlRC^%tqCGH+As*FmyjmkpC5m8c- zz%pAcPbFm@YDJ|r8Npms((PatGN8mL#>S_gcu`*;jS2(Vx~Swdv>C|pe`pJfPbrnk zg3fGo#VIpalTvF6qy5ad+146XMkU=|Wg$~7;~Z2fF_SeZi^{lm=C<0oRYoPsc7Hr) zFbrOx0M4(GM?#-ER$MKWT<=V0!4V9CJLr9qyEfY6sNCQwB57h_=0ZyNLs~g`>`FKU zRQ}nvR8lEIF(&@C0eWRrvb+)75X!_$dMuhN&Zw~jeHu_H5jYxTS|ODdC6a}fi%M3N zWyw@Yr4htI8l#&@jOc^}{%WbTD3Jd}&{PqZ(QB;*g6&aA0E#Ov&J^VRA)h6`LhEE7>ce zP$@Hgv>&3xYkUax&5%p-jrPP^=uEIUC7m(y!DFZJqc}r!pa1DOUYBp9&i`|8a%!Fb zoemDR@&7kco`831tRKb^;4+s$d8t3eYk788c^tQeE5wbWh zoER4*Gj%n8U3H3OAlQr1Zz-Y)T?j$B6lt$-Mc;1$qzZcpvj_e z#9qSim67r0Y!l*f)N!1{BrzutnxT-N{`hHte2%%Q!SN=M2z$fumggce_*^#)c}?VZ z!QGraO>j6CCn=mn6ztr3Q7U7Vivhgd<0SmXbBczk5X z|2aE6*!q8Nq&xxFa;$+I?1!-pw8|GF6u4I0E})G!i=eUF=NcV8+xUCBLykAwIj+Pb zbDeIToDvrAsTvV0l(be#-KNR{05u9yQH%>O(uS~QE* zk)z?X0`M(jR%I3btfjQzfiu27Ed&}GF^aShRaQU@CoP=OTEsrl3=`g(77eN3MxeN_ zEUCCePDvXn7zE`0D#kM$pfP$$Js3dFvzMktGg6ecUofMT)?A1hE?Ptixa};s{JapQ z8A&uW%GQWhWnF7Ti(0e}TC`vn3X7Z=MSh{`EKLm;Ej$>(I~?EyTNdIK$<$`FFt8}0 zg;8hiwCF+KH)vs`PFaK&?J2==a2l=)wU(ksEiL>w52~;VS}Z^cjzT>xc(rAS;i3ga zo=2w9RZK?M2$-;%HPVb477}i2w^eD$RZ>q2%}u|MDy2Ow79oVdz-3r>)pLY}e3ym^ zo+7#R+XJuEP2xT9OUPp#hRV0Rh89saKTKNWS*p23IBP)o)$T5#Yn32S)U`?~I>?dZ zsl0wOe0TGC(cIo|A-{U7e<^kNDZu3jz??(yc$pf8NW|{Dg}yIB@G-<1sfW$oB6Yt)A$H5*mAM{R_WEX zpiP|Ppe?l`9h!Q{6k;rCKx?-H78boJq7;si%yPd>79b4^2~=FzbGwtcu^<8V94<{u zVj-Zq{Fc_JVriIsL+X{*D^t#E^JobAKAP!bWj`QeXKg+*L%_7At;@msi!T51lnp={ z1lK(1|Ej`2)#m>>IX<-GKOGECxAK1zk`A|kFPp83Kh7>TU)S{og(tl;&=s8e7G(gbs zDy~5ACldHH&ygxjF}ON+V?Ba}h$_X5$khm{EWRqv2?ZnuFGQddT0+iN2nO&D1#Yir zYl!P2XKHB>B~Yfhl%dxcK^TT4;nJ9{4nZAgDV7Zp^kD*9&Os}Jtz(gJpfdAxDG6I3 z*o)B^)5LbmZit{G#BK(!3duGIrWD08;pa*a%;2pG!3a`%Phx*n2xjnBg&>+j9Au1R zc?1Q#nn~CY!34%*lw6|#dC7SY)MbV*jT>d8hZlKX^i==sVGsz9cj?5w0D>fToF&$Z zIxAJK%)-M1^te#Xzs*wB-&$01XQ{93^v5e@>6LlUcl4@`jvDcW^5DnEdLb-gs3 zS9Ycl5nm+f<;N^4ahFQJ(*qYU1QR$zV44OAjsnDiVMMDNN7E>o*YsGrW3bI0L!)L# zY)yd7pbMw0KO(@D_~PjgX%M`DQ?&o|()>sy+uw;%fFKp25%zg%eDNnP*4{1OKU=kj zoelu@q%7M?3+bx1v06Of>_HL*j_j~PE~@mfnh0DL6yV}2-&ZTyFa*D)aNfftd!v~0 z5KQME*^lgv;)eVU`;oojY=}Q*fBX+=Bky@cT?DXJjigiuh~#klP03o`3%&c(`NvH3 z>6v!(o>{e1;ept7^wg@!UKllH&#h{lE9ceB6_lgDZ`x%J%3d5k0t1G={|`yBx}eWm zski?hTl@c`gX69JeSdhLdFy=YYkhBMc)vzS zo{(h9iM)fywmxs(-n_i-B~?D`s`p~)O?W_;7RGKz`w~V=>WlWhlqO`lT>BD+H0SOK zwP;MTw4xF}82VsDNFwhFi}uxnW!jf8TJ^tL!{N9oy+%%VP2UK`(KV1g8-g!f9y|em zMS(|{21mg4#rZ3dhyG>)!%tvN#Jyh}(gX$p)0F;=iJ}Xp^z@j51AhPgd9MQ`Ie89w zAp4fL@Pc^h6oo?9;LnUF@_d7-r3|jRNID{E=mVI5UauzseV>j&j3N>zLOHk`2^2A_ z2=3BxuHZ6Adm!SP8sPp!Fa(&=6e*DTslG!y%c!L~_C=C~Dbq|tHRsPGkf4vd=<+{8 zF~u}Np@;hKUY@^r{c;oe{|`=24hr`FZT^Q1l_%gTAN2(-|4n#o+2O#lx&7Cgh@qk^ zb_&r*9cgkVMTBL{C)p|oq59CIJlVf06#;eapr;x7jw6*77K>QDUuPsp zr>NvmrWNFBiZVj=fBn^|RvdHOeiDk|#-Id8%Dgw&q$LcwT zY!3i~Kyv~TCS@2SK)Gpa!6l+K+kjXxiQw4f`wq**nwXnMEcyxJ78 z6owm^S9QcvUiJ$?u0ADOlEEutWf*RPS~U#bIwouddELZf4E{bleDoE^#}tS@sDn6V zUKio6`ML!-0VK4EyFy}-w)f{Yp_D?dgNozAi1?fw`rIOtIIAgbh}HZ5*!%X~$Z@OB z{o7AL*a1>D%4(OdK>^!<$34?=Fzq(l-5Gpq7$aF?xfrWNMO69nCH)5b3j1>VBp-Mc zB~cQklFROlI6MV@nbF4r**tl8Cdf<sJy@ERz-B< z=9fS5MHLrWnSSh!g#U8`S(;^)fv_B^^cl&yI@&>;gr7*}iKNNWPnQXFTA3zQ)0deh zRS_v4QN(V%H;)yj6J|-^Y#DO*_h-BWj~=gy?{Xd>bB{t@F?gE8&>3newoYh`=$c zN;sD;2`qQo$aE8UFbFL{S6m2O7-|K(M#a=IB2 z=|jV=#t;6@D1Pv>_M{GqwkUtAI+RxGW|aMwcQZZJ%_#fL?p7YVZUJ$TVy33FL_y5H z4Gqlc1`tnG8Fh&aAfgI(NwGpx@Q%OCF3Y7^cUw1Gma(Jb3Yx_i!rFk0bN908kS+F1 zB+~9Enu@*Sv!g}t%;sQ==iL}<=}s2UyNZ}8_}6#M$xVkRrW9qjOc06MxT&2@o$Se` zntOnFN$85gZ0U>Y#+5-fVwCkEdv&$JFyOi>sIPsJ+pScc|Lbe#s%Ptr z2K&FYl&$Qzq~+tu@?oOGjdx9bTZp`&a;G92u5BI$X#T%3`0h)M?{Q??Lwc}-FiaBR`dx6 zRiVk+#0<#xHdf(?WmLR{nWF|`s*8n}(w%d2@8slUbK4G4l)^<$LEYdFlMnPzaE0OS zB$NhTt%#B%U|VhIS&hzpwj!)LM`=~U=gFQ%YeKb5)~ga)nH1ZC(0n|jza#iqkcsdN zxVoH1r_!~4vYoTxycsD=yltnNzc;d73oqV%z+pZ2l`a4DTDC4}cNomPlEP}Bv#Z+o zG8JD0yUs>Oa#y?D6XqU1Pc*L$%4pGlC#9$M4Nv_DZWTXFsp9{XP}@Tr4gBBa_~fK$ z|9L#*e^^i10w35&w_yJIi_c`w%JmnJsbMdXN}l3A(q$XT*Jaf#!*!KlM_RMIu8ocN zz~x`FtD<|x2~5*xuvqd0Re%WY%a!lC4){9fp8g;}vl&d-)`W!F0-6D@T&vJAGd(Y4 z-Ug|64}qrz2k@C!;GEHR;GTl*#TZOHlNLQ@S>6VnvC=4Vq@49+AYttmS52VrBW7BT6kcwQ7mA9 zmTg@0j5LT^@GNV5^ob>V8-vZw?YAPvNaC6o)4UFu^==AykJu#&`V{Pc9MaeoO4a(W z9d@nUM&tT_Sj_)+JlP-OzpbTgDF$PZ0RCeofVZ%gQ<^Aq+q{;m2?<)U#vf3^&H|r5 zCua%t(jWO$ZhfU{{m&UCtk_1w`hR$GSmOT=j)wJrEoDn{hqB)R_(JqmO9Rss@3W#b z<=%WH@7^2Nn-i7$q3l09I5B?Y4P%(3q z^gWt$`_3Q$bGn3OP|?eRNSU1-;0P=u5y1tFKA|88;UjbC;#QwtNYqOx<@Tik3}GtI zy)Uks98EpnhlG5>0VEku_>LbISKyKhK52={sn$$6OQm*GXe=)Oel`YZ22lEE0tkxk zLMVgF$UIA47SwQ@#VGV-0K^sNi_pYmqpyy8E9Xl-D5v#=xuPu@Gte;_GC6HjP^d6iGtLh~Y#HTp%?jZ0(j}UHNfuetK zH^kd#t|L+tx}yMb*{=W*KlshEgT~B&QanfY*F?l&oK%Hs%q|rk&Ax*v_yWD)w*;l| zb0l>5{6p6d#50`}U_qA5Ca<8`jO8Z-XMpZqI7kxSIB?`tpNmgtS2&R6{1! zkVf^OBQoiTG^z(>kx5ykb$8GjnY2dv`S1r)AJqZ`lZR5g1T#PlNpGr3O^7iapo?Fw zz?F%Z7cUI}&FLpwqWYBpV#JI-ElCO}6Dz_&x$oTV&fRY=7Qy~L$N6oHe=yR;$@&vB z7vTX_MV$nQ2XDY}wujLV?d1=hO!`xsDkzhOEiaf8JsdFkxw_?Ga+zu zca#0%!fU!rBEpn>WAHdf{v0fz7ZH%ae=Z>(dAeFKO&(sR+&)j#^fQ%j^Hs5Caf0p; z-OMF9u1=@Rh^Oz;rI~JOP-dLgIwN02QGJS*+)LlTyJNbYaY7LJfz%eSU?7<72~(hb zUb|vn*iGk9sZnxk^;G@2%T|Rf9FJ6esLuTmCWk|LL#0apqr%tr&_;v)=V1S^82|C; zc>iF~|E!~Ii5yu&@W&rG_#+>}|Dec^qC-R2NBN*d*hhicYJ>igF&`}nw5DOqfk{dK^jZLY zGZFLRr5>QzBjgb$L4oSm0qD|1%!`-7gP@@d9s~_#@E~X?KavN5rhfoGz6U|hfk5tt z?6UlW-I3b>yCeT-ayl@292_`%1&@OOCBH9l085W%x?0UUA%@9fuon2k7G3|F+T0fahF z4HLnRU^ol}7ws7833eG@K%f1Y)kpwNzz0P5Zw2@21k1Gb%>>s^iHzVYn3CLtsA{4c z!G5?TDNKGtK~doEjbPCPc%*HN&iG$na0tgh`{O4R1t_}PZX(!t3Q_yfRp{8&95$aS zw4V?a1RGBU`XacfOa{w{M+q6Uo0V3!mDgcc*37Z2UvWDS?A)U$$PwHUVUt0kODp9{x{Q1_jH@H;6wXBYA(&SB zQUuEdvsZ#;rQL{TPGP^zVFcVV%i{t>gbnnVo#vx3)OUT#z-a8jX^uOnWD7X+B_*wcGK+m6x-lFW>od=OBQ^$?5S@u`fom;4Kver@UfHN-w zbMFCW=lQfv1c}o?CClk{~w1quZj@-Cf8LREbl$Iwd%K+$w#V;8vcavJAruHp52=453Ga^OisN5^guUy|D`}aI|Z9Y4=ZGemXs? ze|=XzvR$oRr_@e208pPum0~@XG^i_@q^4cX>)N@FnF5ntNaJt{HZ@xZf)`L6seJ#w zS*4KgTvh2)(x_!yTBZ_LT$HY6-UXYR>QBW56rQN3fflyA<=?s!X45Tdp^rU!sn0W+ z$rVOZ>Z6Ds0MH-mEq-8NQN09!RpG^G_m2Lxu>k<40@H5eG%0*`8DZkat`J)^hr^zR zAjSb{12$c-dVzKEoOPxK!#~cMgs%T5z8AtXn51Zid@t=O`+uYV-_c$v|L4*E;h_It zOW6Wfbku=1>~HWe;O!~=8A-(trVgdmmHNKcP=#*aM3i$)Uo_~%SJ#6VsTzIF+`Rk* zGM-?&nW#dxxL!4}RZeG(L={rC^{;I;P}WEk3iLVEC|)!LwNQglV5Tyg5y4D@e|;};#qt^oreMODi;e%nOJ@AcO@j)b zwkOeE66Gn2!w^5Ru16@2VY)KCoS34?&K6HD#)g^GhEf^dL<&|h4&EtC57|~%*F!~U zh2tTu1#AI{7ha&03A$r$N3OZ-3M&?}yj9tQE3Ho6(PrtilsqJVD0g)W;DmcM*4I_( z{U~OB!L?Df(SSCIp-%_&2ZCGSsQ27#JM@T?`w)9Q7!c)$l9#RWkb;ry6L&U{PXHDX z$0OhohT#~*Fv*D6HqC<$BfSn7Ha51vPdJ_P$&^4s`79IxkG}!~Fhe1fYqV+rcxfe` ze;g_3k6TLe-_K7eOd>Blk5ZV-JiiAiutEMiK0ZDu`u`pt4*tJuDN_EE!w%HAckl+5 zB`*|eMahTxr(ZZ|jNVpjAKrSgvZB0vh?yK^Qfw%FyEY@0KV8#`EzrLv)01<|&3w=!W@w?7F2etwg=dh+90L=0VKZ-k-R<4LP- zVT0>ipQH5~i$0jqX6#-I+rgS{%`r*qresNy)w`vgK3o_{PGM(Gjz91yli91e_KMY6FzfKZ2n$Gx>|28Rgg3XQZaD#q`YPw) z%Z`@bR{Q?7>eii?!bk5}k@b?@l5KSxGR=^qz*U&7I1GEF*ym#$5HND{o4AFIhT(;J z6OD0ZqY>kvXqaK3(8>tINJh~H!`%CVa?nP#Tbe{Q3SRWI`=>8loy*m{C<@?{3r6T^ zH>c*^Yf|c#TAgkHu$$);rtb?$IEYh`+zmZf1MQ1e-93iCWHLHjw0p%kC)%N3jCV1|01DaJId_Fv)>*C z^K3)>c=@d*UXph)oCWtGTkDiH3Y7)Qgv8QFnUqX^WBT*FS3@-*HIzBm(x2GiYt{v` zuXCtYPf8$R4b=l+MV@n=*U#s;Y{OBknUVRLQ^PmWm!s@1Uegk-(sH(AI6)kh0X>f_}%w}I{Xc=?SpI(P9>au!?QJo*RkCDVUg zot^&rGx&D?PE&;N6uUK;YUym{W z_0q`ymEyl19PAC}KWiyl;L1M!e>Y=4D~8X8$?IgPnXWO>32hi!BB^CC9&vksfvFqhL7nSL5QNv z?;?dysc2;2{$8`>`9J3N^G>+&onQ9E3O4zF98HSxpN5D+I&~yxVUTNWbj3oDU!|UZKL(e~=;OoE3&jO7ZPk@+i;f^;U=~A1>@z>r zbi}eXL;E%zajqp^b)moP(=OF??iYmp0S3(!ir=-O&_4D)*@9X**JSFLod~*V!KxpJ1h3 zMbW6DDY{GU(XaX;(<&?fO2smSv4D?mY3-R(cL}Y$} z(=X5qo=<}yfrLO(4#jYOIR%rGeP?p)?C&}I2M4zA=eMyb(6%xCKGGfa>GCQZe$@QR z?oRfc{XI&O3FFHuv#mJZXgfeI+hp}SdgyQ}CBPtu~xuABR&gPt&+i-KBW?FMB_*3~Q4AE^q*8=ho!^ zf4sL}_W$48ALPGvlr11fdl3H$0@xt_4dUM*{te>aApX4p@vp@<(uZ{Saw3||H`1d7 zX3>$a2_0F#VHIBW8&Um9d2=8Z>#*2l#^6`%dtv3LQqvJ8DLB_kM!0bz!PA&KQv62R zty;8hCMo2DA;PB^6Bx+o4G|719H`!aU`vT(vW~S}%MUXZs|b3KW8ao2YWx_ck^}nB zl2+vn`ISt;!QPK8#SW!wG0FdGS?Q^bdij5HaClTa|2;gM91imTI?5Ih0asTM|J&IG zno4c@_cxIHy;N3EGjua!v@LHT7ksJc+*^C7TU%Y4N=^22bIOj+*^_!H)$FdtyRD5x zO{EqvX-vwoS}}W5FQrbo-tp>1~_#)!nmIlt{;wr;7BWA`$pT{3jFOHSO+b#@A zsjV8_MTMZO1JNmQRt}2#wMhW+m<2kjq)KGjdg)R(bDG>)EoP3*?pK{fJvVb=%zR5j z6y57HX$)?kWuQ#1B3cqy^f_D!q5@3~+OgVq+vYGb7F+&`lcP-j-{9_7QYV)C^Wywf z0WijjuG;0*N-OK8L{92J3FU8U48!b+t;6e z{jZ%J5J4Xj(ka2OnWpw@nBvUV3s^3ahTz5!5o_9~B}plQI0DNkfQjPV=z}l--YtG; zJfyb-tST(Uh-?Eyig77KKn-u1;$0E{qdG7}lTRc+FkC}AGodnW^r=)&NvF#9;OiU{ z$QCy~YWlG!6;-`31UoyTFFQNV#(Q0`rO%B4ie@-j@HlpK!Gz+_a|{TCrSSPIJtLl} zc}$_WRwCZbNcVQ5y}p(*-_1xfgxvlQJsC5c|A>5G>pK70J381a#{WJ%IT_+Vtfi>) zA0USP4Q7ARm)EzJ2g-cLAv03eBDZ=*s6uP?M;2xBoNMA$oGG*xaZ6z)a*59^P6+DA zD{1goPhC}|hxaN*u9iHxU00J=Ke!orS1>ix;}KA7#hSdLI=}xMTlLsAkXKZmzfiWV z8X9ZKE5@4ds*ue`lFy{)auQn=Ojc-Ht;xelqvfRG%QeIpjB!woxmLBdwT+-_)%Dkp zqpKx2?k|3BUEf~ZE))mrtM1Sz?D~> z>s%;1D*OglG4!2Unj1|r#na3((`%W~`OSrpDTOv>q-GIh>N{8!{Wxc1NiXo))aAis zamAv`e{z!dZ2(v={~a7nCMQMt?|6v+x1O@4qIABz|DUxrpe(gkfvUCMj04x}I#_+N zRq4~-k0GE!Ca(l#FE)Fk)SQ%NHE7(c>Om(PJ{^PN#^0`@UXF=HvBH4M-m3fE&GPCn zXf~(I(X_f{oh-FhEUJbo0l)RMuEn5E7BADZZVZ$bLH`okkgTez!=TYhFh^4#_HUwC zeG6t)MTf<$7K1ja(q0vVqCTV@5VaUI+VbUSYMHdWuGH9QWi@E~f;r1BtAS%+Lt7shaDGt${VR&@4HK^u1{DAp+AHB8 zF|eVn4-67WQZGqsee64$WL2P$Z;=6T8a{f@nMt0+Aorvr9~*-U_yChJ_#FM>p>Ubh zC(*O~7MPB`4$MBy(yaJ{>|1D}t*I&-3{sdZL<+`_iRZ&hm>?X;@EuvN+8BRUOn~~P z*o2tu?`>xo*wEGo1{CYl5P75~fKBUDtQCts4}jM|TtihYF>p{^MbitLXqMVzlZc52 zE{a*?2}&nv4@hea+s!Cw_6JheCMibZz}oNM}1X`I$S53bonxZyKFk>$2W z#0rBTB8?Hix?xbUGG-03RZtiJ{(=&s{Ji9P@ZsVLT;>DSu;<1=|LZrD&i~4}sj*aA zi^xxoH3mF(Ni7B|=v1qr5bb_1$qzaPjl|WLb{IHpy20cDCLPv;7W@IXe5fV7jKMCr z(8wEo@}9tfjqPxE47A_CPKWX$JW>S)7G3X(0fAoP&rM6qo0tbzk~}sEY(v*|#K5`c zziu>|-oQNI7})i^GX^-W(pRkioXLQ}=SuQwtLlV-Q#z>jL2(KD$n4_<^JF89Xu@ z$qb(V4O|A0yCMixAKR;gzzFLGLu(M=Y-Y?Hy?)6tj{&F4bw(HX=O^edQ%I$vD}N4y zWe8=|T<)mX}eA7Vs?e2)U@(eS6j{7h7a|!{+9; zR)f$iThP`A1_b)cgopoRi3QCVtimbkP!w9DRMbe%HnhC}2F{GI+~Y+I`ui5#qvO9c zut^dF6D=*vDj1y2z32`KHBL`%$?oUq3&!auL>6A^&#QqbV34Cl9kt{ut6~;9VNlLS z-?LV=h4gHoWkl&<0gvgtY-W?XVem}+v~b%0Y8V)3X<1gmASXYrUvhLK<~Ab3|1g@? zkAcoKz5)iEHC!D8D-5z&EOj)!lC`cPZqzDLj9!%u1}H-5SpyEQhCzxf~;KfUk?}gzr^MR^3z;K0(qFIM%ZhYW9aEn}>%YECpa~|-bXQ2UM%|?NW ze5PF2?m~R)g${Z;n|nzrKhEd@1<3nStbDxj9-tZUz{ksP%%@KHB{#) z2tJ`82;rlbFcL^pyIv4nl$v%kH!)}9J)p>P*FfpX$D}#tkw$w~hD1c6VBz8Dd)!}9 zQF{wR9NiI+Vp{#q4qpUzc7Pkf)IssXp@ZVzmrkOPYPgw$Vs2E0 zgB)!)#E+1q(kbzhg@7921h_mJ6q;#K;VG&S7CzcA*ap#ZaZ3@^kQRNZBsNCT-S2mF zOaDEg430gCEaDNmo4*XX^*)qxxmbty4ez# z!op3G;>5dyg?pujCUy-mkJg&jZax2g8I#;SwZBhub_m(sd?FM8w9{mrf?Y6i*nfp< zd(NJAO&&q!-;Bt_ArHPxN4Fc`g@+PC7wE#8IY0ma`dpQV)njokHboHbenV zNe&J+FQ;I0f79?d3?d>&S5pn@b3tler$R5U)xwpPQ=oK}+P#tzZwd~M)l4ex{$d)7 z%ey|kz9FH^NhBF*LOn1AN5_9DUet94(}J!b8>EtKokvu!SI9v|$TjwZ%{b0?uua`G z5|h3CLvVa_bZ|8IV*iN6=>MJV-o3QZl>c@AU{cEedNSmHT}#=LK2KfUzyF8_W^-XK=b9RcXPI%c_`PjIG8JO*Y-SptP7~v(dScWx)e+^= z2=zTNYMN?Aa_l8u7{U;dMIR*Btr#^;wIVr9L-84$&X^b*Au{K|B|4DoPWJaI_r02? zT9NGeDSCj$kGSuNQPWhJWUI8YO6AG&$|^7TLSk9f_xjYbJ!rgmVp++9(kqfZ$wwTc zB1sl&OfUuIpk!YqyC5GeZN^i;He+_vyzNcFJ}0DdhnWJAo7TLbXF4f;Et-NOL6N?s zPJviP3-^e8T>H@ErHYB1HEWzU+3kXwFz5d{&HO#H;BD>3Hq-3Y4(<*R|83@o0{{9x zXcE>}jPid@vA=p74f6lN$?;J^{y*N^KN;lzb(AfTo#=Fr0M}LtpqIKJZ#@Nf>m1l^ zRb@d%=__VilVp>4DZFbm5^v3^xL=^3Krc1Np(=31E%~^O)-y-k9Lm}O6Tkw~) z362W2mXt2}`*xjbJ8G1Ot7UQrwNbNXott{cD;7q%#jdfNZ8{~p)+2+RokKet8}EhV zz5cpgBoP<*Uc_xtZXs~FIjQv1Mug|H%pc*uG%K%dCx9`Rafp16a-ZVw2SgB#^6d11 zV5j*wOo3b+_$&I5NTxMEMP=ZE*ux%Z9vTj;hd(JDToNcd`?WB-x zr@>Ns*!CLOPP*5Q`nC4T)=p~Hme@^9*jedSJ84wgF<45G+Fpg)NqO4G$XaPje`r0a pRHOZfdPNpat}h-;0x@U}hcc9*45efFp8x;=|Nk}`CNKa32mm_*X3YQq literal 0 HcmV?d00001 diff --git a/library/ix-dev/community/passbolt/ci/basic-values.yaml b/library/ix-dev/community/passbolt/ci/basic-values.yaml new file mode 100644 index 0000000000..f8f7b08579 --- /dev/null +++ b/library/ix-dev/community/passbolt/ci/basic-values.yaml @@ -0,0 +1,15 @@ +passboltNetwork: + webPort: 31000 + +passboltConfig: + appUrl: http://localhost:31000 + +passboltStorage: + gpg: + type: pvc + jwt: + type: pvc + mariadbData: + type: pvc + mariadbBackup: + type: emptyDir diff --git a/library/ix-dev/community/passbolt/ci/host-values.yaml b/library/ix-dev/community/passbolt/ci/host-values.yaml new file mode 100644 index 0000000000..c9d16eb57a --- /dev/null +++ b/library/ix-dev/community/passbolt/ci/host-values.yaml @@ -0,0 +1,15 @@ +passboltNetwork: + hostNetwork: true + +passboltConfig: + appUrl: http://localhost:8080 + +passboltStorage: + gpg: + type: pvc + jwt: + type: pvc + mariadbData: + type: pvc + mariadbBackup: + type: emptyDir diff --git a/library/ix-dev/community/passbolt/ci/https-values.yaml b/library/ix-dev/community/passbolt/ci/https-values.yaml new file mode 100644 index 0000000000..1a52c4eef4 --- /dev/null +++ b/library/ix-dev/community/passbolt/ci/https-values.yaml @@ -0,0 +1,102 @@ +passboltConfig: + appUrl: https://localhost:31000 + +passboltNetwork: + webPort: 31000 + certificateID: 1 + +passboltStorage: + gpg: + type: pvc + jwt: + type: pvc + mariadbData: + type: pvc + mariadbBackup: + type: emptyDir + +ixCertificates: + "1": + certificate: | + -----BEGIN CERTIFICATE----- + MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL + MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV + BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX + Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1 + P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW + 2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H + PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t + AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3 + AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB + hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E + AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww + CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH + DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB + FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/ + BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD + KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR + h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx + fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj + x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz + MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx + CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE + CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt + 2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf + iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd + M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL + Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H + VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID + AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE + wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T + AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw + pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL + MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG + SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr + zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql + PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX + TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d + 2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/ + +Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w + M7Y3vwxshpo= + -----END CERTIFICATE----- + privatekey: | + -----BEGIN PRIVATE KEY----- + MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT + HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk + H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI + 4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d + NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB + +Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7 + A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu + eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5 + N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe + EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL + PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR + 0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA + 6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z + FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo + L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL + d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA + 0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu + MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2 + wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd + DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7 + wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc + nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S + dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P + //L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY + qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc + 3G15AKCXo7jjOUtHY01DCQ== + -----END PRIVATE KEY----- diff --git a/library/ix-dev/community/passbolt/item.yaml b/library/ix-dev/community/passbolt/item.yaml new file mode 100644 index 0000000000..878fcc8e6d --- /dev/null +++ b/library/ix-dev/community/passbolt/item.yaml @@ -0,0 +1,11 @@ +icon_url: https://media.sys.truenas.net/apps/passbolt/icon/icon.svg +categories: + - security +screenshots: + - https://media.sys.truenas.net/apps/passbolt/screenshots/screenshot1.png + - https://media.sys.truenas.net/apps/passbolt/screenshots/screenshot2.png + - https://media.sys.truenas.net/apps/passbolt/screenshots/screenshot3.png + - https://media.sys.truenas.net/apps/passbolt/screenshots/screenshot4.png +tags: + - password + - manager diff --git a/library/ix-dev/community/passbolt/metadata.yaml b/library/ix-dev/community/passbolt/metadata.yaml new file mode 100644 index 0000000000..47027d8847 --- /dev/null +++ b/library/ix-dev/community/passbolt/metadata.yaml @@ -0,0 +1,8 @@ +runAsContext: + - userName: www-data + groupName: www-data + gid: 33 + uid: 33 + description: Passbolt run as a non-root user +capabilities: [] +hostMounts: [] diff --git a/library/ix-dev/community/passbolt/questions.yaml b/library/ix-dev/community/passbolt/questions.yaml new file mode 100644 index 0000000000..3fda46aa55 --- /dev/null +++ b/library/ix-dev/community/passbolt/questions.yaml @@ -0,0 +1,340 @@ +groups: + - name: Passbolt Configuration + description: Configure Passbolt + - name: Network Configuration + description: Configure Network for Passbolt + - name: Storage Configuration + description: Configure Storage for Passbolt + - name: Resources Configuration + description: Configure Resources for Passbolt + +portals: + web_portal: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" + path: "$kubernetes-resource_configmap_portal_path" + +questions: + - variable: passboltConfig + label: "" + group: Passbolt Configuration + schema: + type: dict + attrs: + - variable: appUrl + label: App URL + description: | + The URL for the Passbolt WebUI.
+ Format is: https://sub.domain.tld:port + schema: + type: uri + default: '' + required: true + - variable: additionalEnvs + label: Additional Environment Variables + description: Configure additional environment variables for Passbolt. + schema: + type: list + default: [] + items: + - variable: env + label: Environment Variable + schema: + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: passboltNetwork + label: "" + group: Network Configuration + schema: + type: dict + attrs: + - variable: hostNetwork + label: Host Network + description: | + Bind to the host network. It's recommended to keep this disabled.
+ schema: + type: boolean + default: false + - variable: webPort + label: Web Port + description: The port for the Passbolt WebUI. + schema: + type: int + default: 30097 + show_if: [["hostNetwork", "=", false]] + min: 9000 + max: 65535 + required: true + - variable: certificateID + label: Certificate + description: The certificate to use for Passbolt. + schema: + type: int + "null": true + $ref: + - "definitions/certificate" + + - variable: passboltStorage + label: "" + group: Storage Configuration + schema: + type: dict + attrs: + - variable: gpg + label: Passbolt GPG Storage + description: The path to store Passbolt GPG. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: ixVolume + enum: + - value: hostPath + description: Host Path (Path that already exists on the system) + - value: ixVolume + description: ixVolume (Dataset created automatically by the system) + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: gpg + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + - variable: jwt + label: Passbolt JWT Storage + description: The path to store Passbolt JWT. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: ixVolume + enum: + - value: hostPath + description: Host Path (Path that already exists on the system) + - value: ixVolume + description: ixVolume (Dataset created automatically by the system) + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: jwt + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + - variable: mariadbData + label: Passbolt MariaDB Data Storage + description: The path to store Passbolt MariaDB Data. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: ixVolume + enum: + - value: hostPath + description: Host Path (Path that already exists on the system) + - value: ixVolume + description: ixVolume (Dataset created automatically by the system) + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: mariadbData + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + - variable: mariadbBackup + label: Passbolt MariaDB Backup Storage + description: The path to store Passbolt MariaDB Backup. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: ixVolume + enum: + - value: hostPath + description: Host Path (Path that already exists on the system) + - value: ixVolume + description: ixVolume (Dataset created automatically by the system) + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: mariadbBackup + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + - variable: additionalStorages + label: Additional Storage + description: Additional storage for Passbolt. + schema: + type: list + default: [] + items: + - variable: storageEntry + label: Storage Entry + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: "ixVolume" + enum: + - value: "hostPath" + description: Host Path (Path that already exists on the system) + - value: "ixVolume" + description: ixVolume (Dataset created automatically by the system) + - variable: mountPath + label: Mount Path + description: The path inside the container to mount the storage. + schema: + type: path + required: true + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + required: true + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + immutable: true + default: "storage_entry" + $ref: + - "normalize/ixVolume" + + - variable: resources + label: "" + group: Resources Configuration + schema: + type: dict + attrs: + - variable: limits + label: Limits + schema: + type: dict + attrs: + - variable: cpu + label: CPU + description: CPU limit for Passbolt. + schema: + type: string + max_length: 6 + valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$' + valid_chars_error: | + Valid CPU limit formats are
+ - Plain Integer - eg. 1
+ - Float - eg. 0.5
+ - Milicpu - eg. 500m + default: "4000m" + required: true + - variable: memory + label: Memory + description: Memory limit for Passbolt. + schema: + type: string + max_length: 12 + valid_chars: '^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$' + valid_chars_error: | + Valid Memory limit formats are
+ - Suffixed with E/P/T/G/M/K - eg. 1G
+ - Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi
+ - Plain Integer in bytes - eg. 1024
+ - Exponent - eg. 134e6 + default: "8Gi" + required: true diff --git a/library/ix-dev/community/passbolt/templates/NOTES.txt b/library/ix-dev/community/passbolt/templates/NOTES.txt new file mode 100644 index 0000000000..ba4e01146c --- /dev/null +++ b/library/ix-dev/community/passbolt/templates/NOTES.txt @@ -0,0 +1 @@ +{{ include "ix.v1.common.lib.chart.notes" $ }} diff --git a/library/ix-dev/community/passbolt/templates/_configuration.tpl b/library/ix-dev/community/passbolt/templates/_configuration.tpl new file mode 100644 index 0000000000..f889d01596 --- /dev/null +++ b/library/ix-dev/community/passbolt/templates/_configuration.tpl @@ -0,0 +1,43 @@ +{{- define "passbolt.configuration" -}} + + {{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}} + + {{- $dbHost := (printf "%s-mariadb" $fullname) -}} + {{- $dbUser := "passbolt" -}} + {{- $dbName := "passbolt" -}} + + {{- $dbPass := (randAlphaNum 32) -}} + {{- $dbRootPass := (randAlphaNum 32) -}} + {{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-mariadb-creds" $fullname)) -}} + {{- $dbPass = ((index .data "MARIADB_PASSWORD") | b64dec) -}} + {{- $dbRootPass = ((index .data "MARIADB_ROOT_PASSWORD") | b64dec) -}} + {{- end }} + +secret: + mariadb-creds: + enabled: true + data: + MARIADB_USER: {{ $dbUser }} + MARIADB_DATABASE: {{ $dbName }} + MARIADB_PASSWORD: {{ $dbPass }} + MARIADB_ROOT_PASSWORD: {{ $dbRootPass }} + MARIADB_HOST: {{ $dbHost }} + + passbolt-creds: + enabled: true + data: + DATASOURCES_DEFAULT_HOST: {{ $dbHost }} + DATASOURCES_DEFAULT_DATABASE: {{ $dbName }} + DATASOURCES_DEFAULT_USERNAME: {{ $dbUser }} + DATASOURCES_DEFAULT_PASSWORD: {{ $dbPass }} + DATASOURCES_DEFAULT_PORT: "3306" + +configmap: + passbolt-config: + enabled: true + data: + APP_FULL_BASE_URL: {{ .Values.passboltConfig.appUrl }} + GNUPGHOME: /var/lib/passbolt/.gnupg + PASSBOLT_GPG_SERVER_KEY_PUBLIC: /etc/passbolt/gpg/serverkey.asc + PASSBOLT_GPG_SERVER_KEY_PRIVATE: /etc/passbolt/gpg/serverkey_private.asc +{{- end -}} diff --git a/library/ix-dev/community/passbolt/templates/_mariadb.tpl b/library/ix-dev/community/passbolt/templates/_mariadb.tpl new file mode 100644 index 0000000000..08e10b2367 --- /dev/null +++ b/library/ix-dev/community/passbolt/templates/_mariadb.tpl @@ -0,0 +1,6 @@ +{{- define "passbolt.mariadb.workload" -}} +workload: +{{- include "ix.v1.common.app.mariadb" (dict "secretName" "mariadb-creds" + "resources" .Values.resources + "ixChartContext" .Values.ixChartContext) | nindent 2 }} +{{- end -}} diff --git a/library/ix-dev/community/passbolt/templates/_passbolt.tpl b/library/ix-dev/community/passbolt/templates/_passbolt.tpl new file mode 100644 index 0000000000..27cba5e3eb --- /dev/null +++ b/library/ix-dev/community/passbolt/templates/_passbolt.tpl @@ -0,0 +1,59 @@ +{{- define "passbolt.workload" -}} +workload: + passbolt: + enabled: true + primary: true + type: Deployment + podSpec: + hostNetwork: {{ .Values.passboltNetwork.hostNetwork }} + containers: + passbolt: + enabled: true + primary: true + imageSelector: image + securityContext: + runAsUser: 33 + runAsGroup: 33 + readOnlyRootFilesystem: false + envFrom: + - secretRef: + name: passbolt-creds + - configMapRef: + name: passbolt-config + {{ with .Values.passboltConfig.additionalEnvs }} + envList: + {{ range $env := . }} + - name: {{ $env.name }} + value: {{ $env.value }} + {{ end }} + {{ end }} + probes: + {{- $port := 8080 -}} + {{- $protocol := "http" -}} + {{- if .Values.passboltNetwork.certificateID -}} + {{- $port = 4433 -}} + {{- $protocol = "https" -}} + {{- end }} + liveness: + enabled: true + type: {{ $protocol }} + port: {{ $port }} + path: /healthcheck/status + readiness: + enabled: true + type: {{ $protocol }} + port: {{ $port }} + path: /healthcheck/status + startup: + enabled: true + type: {{ $protocol }} + port: {{ $port }} + path: /healthcheck/status + initContainers: + {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions" + "UID" 33 + "GID" 33 + "type" "install") | nindent 8 }} + {{- include "ix.v1.common.app.mariadbWait" (dict "name" "02-mariadb-wait" + "secretName" "mariadb-creds") | nindent 8 }} +{{- end -}} diff --git a/library/ix-dev/community/passbolt/templates/_persistence.tpl b/library/ix-dev/community/passbolt/templates/_persistence.tpl new file mode 100644 index 0000000000..e892690d98 --- /dev/null +++ b/library/ix-dev/community/passbolt/templates/_persistence.tpl @@ -0,0 +1,104 @@ +{{- define "passbolt.persistence" -}} +persistence: + gpg: + enabled: true + type: {{ .Values.passboltStorage.gpg.type }} + datasetName: {{ .Values.passboltStorage.gpg.datasetName | default "" }} + hostPath: {{ .Values.passboltStorage.gpg.hostPath | default "" }} + targetSelector: + passbolt: + passbolt: + mountPath: /etc/passbolt/gpg + 01-permissions: + mountPath: /mnt/directories/gpg + jwt: + enabled: true + type: {{ .Values.passboltStorage.jwt.type }} + datasetName: {{ .Values.passboltStorage.jwt.datasetName | default "" }} + hostPath: {{ .Values.passboltStorage.jwt.hostPath | default "" }} + targetSelector: + passbolt: + passbolt: + mountPath: /etc/passbolt/jwt + 01-permissions: + mountPath: /mnt/directories/jwt + tmp: + enabled: true + type: emptyDir + targetSelector: + passbolt: + passbolt: + mountPath: /tmp + varrun: + enabled: true + type: emptyDir + targetSelector: + passbolt: + passbolt: + mountPath: /var/run + {{- range $idx, $storage := .Values.passboltStorage.additionalStorages }} + {{ printf "passbolt-%v" (int $idx) }}: + enabled: true + type: {{ $storage.type }} + datasetName: {{ $storage.datasetName | default "" }} + hostPath: {{ $storage.hostPath | default "" }} + targetSelector: + passbolt: + passbolt: + mountPath: {{ $storage.mountPath }} + 01-permissions: + mountPath: /mnt/directories{{ $storage.mountPath }} + {{- end }} + + mariadbdata: + enabled: true + type: {{ .Values.passboltStorage.mariadbData.type }} + datasetName: {{ .Values.passboltStorage.mariadbData.datasetName | default "" }} + hostPath: {{ .Values.passboltStorage.mariadbData.hostPath | default "" }} + targetSelector: + # MariaDB pod + mariadb: + # MariaDB container + mariadb: + mountPath: /var/lib/mysql + # MariaDB - Permissions container + permissions: + mountPath: /mnt/directories/mariadb_data + mariadbbackup: + enabled: true + type: {{ .Values.passboltStorage.mariadbBackup.type }} + datasetName: {{ .Values.passboltStorage.mariadbBackup.datasetName | default "" }} + hostPath: {{ .Values.passboltStorage.mariadbBackup.hostPath | default "" }} + targetSelector: + # MariaDB backup pod + mariadbbackup: + # MariaDB backup container + mariadbbackup: + mountPath: /mariadb_backup + # MariaDB - Permissions container + permissions: + mountPath: /mnt/directories/mariadb_backup + + {{- if .Values.passboltNetwork.certificateID }} + cert: + enabled: true + type: secret + objectName: passbolt-cert + defaultMode: "0600" + items: + - key: tls.key + path: certificate.key + - key: tls.crt + path: certificate.crt + targetSelector: + passbolt: + passbolt: + mountPath: /etc/passbolt/certs + readOnly: true + +scaleCertificate: + passbolt-cert: + enabled: true + id: {{ .Values.passboltNetwork.certificateID }} + {{- end -}} +{{- end -}} diff --git a/library/ix-dev/community/passbolt/templates/_portal.tpl b/library/ix-dev/community/passbolt/templates/_portal.tpl new file mode 100644 index 0000000000..9198772fd3 --- /dev/null +++ b/library/ix-dev/community/passbolt/templates/_portal.tpl @@ -0,0 +1,29 @@ +{{- define "passbolt.portal" -}} + {{- $url := urlParse .Values.passboltConfig.appUrl -}} + + {{- $protocol := "http" -}} + {{- if $url.scheme -}} + {{- $protocol = $url.scheme -}} + {{- end -}} + + {{- $host := "$node_ip" -}} + {{- $port := ternary "443" "80" (eq $protocol "https") -}} + {{- if $url.host -}} + {{- if contains ":" $url.host -}} + {{- $port = (split ":" $url.host)._1 -}} + {{- $host = (split ":" $url.host)._0 -}} + {{- else -}} + {{- $host = $url.host -}} + {{- end -}} + {{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: portal +data: + path: / + port: {{ $port | quote }} + protocol: {{ $protocol | quote }} + host: {{ $host | quote }} +{{- end -}} diff --git a/library/ix-dev/community/passbolt/templates/_service.tpl b/library/ix-dev/community/passbolt/templates/_service.tpl new file mode 100644 index 0000000000..22f051f5b2 --- /dev/null +++ b/library/ix-dev/community/passbolt/templates/_service.tpl @@ -0,0 +1,31 @@ +{{- define "passbolt.service" -}} +{{- $port := 8080 -}} +{{- if .Values.passboltNetwork.certificateID -}} + {{- $port = 4433 -}} +{{- end }} +service: + passbolt: + enabled: true + primary: true + type: NodePort + targetSelector: passbolt + ports: + webui: + enabled: true + primary: true + port: {{ .Values.passboltNetwork.webPort }} + nodePort: {{ .Values.passboltNetwork.webPort }} + targetPort: {{ $port }} + targetSelector: passbolt + mariadb: + enabled: true + type: ClusterIP + targetSelector: mariadb + ports: + mariadb: + enabled: true + primary: true + port: 3306 + targetPort: 3306 + targetSelector: mariadb +{{- end -}} diff --git a/library/ix-dev/community/passbolt/templates/common.yaml b/library/ix-dev/community/passbolt/templates/common.yaml new file mode 100644 index 0000000000..f7f3cf1822 --- /dev/null +++ b/library/ix-dev/community/passbolt/templates/common.yaml @@ -0,0 +1,13 @@ +{{- include "ix.v1.common.loader.init" . -}} + +{{/* Merge the templates with Values */}} +{{- $_ := mustMergeOverwrite .Values (include "passbolt.configuration" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "passbolt.persistence" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "passbolt.service" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "passbolt.workload" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "passbolt.mariadb.workload" $ | fromYaml) -}} + +{{/* Create the configmap for portal manually*/}} +{{- include "passbolt.portal" $ -}} + +{{- include "ix.v1.common.loader.apply" . -}} diff --git a/library/ix-dev/community/passbolt/upgrade_info.json b/library/ix-dev/community/passbolt/upgrade_info.json new file mode 100644 index 0000000000..767388094a --- /dev/null +++ b/library/ix-dev/community/passbolt/upgrade_info.json @@ -0,0 +1 @@ +{"filename": "values.yaml", "keys": ["image"]} diff --git a/library/ix-dev/community/passbolt/upgrade_strategy b/library/ix-dev/community/passbolt/upgrade_strategy new file mode 100755 index 0000000000..ee19ae1569 --- /dev/null +++ b/library/ix-dev/community/passbolt/upgrade_strategy @@ -0,0 +1,31 @@ +#!/usr/bin/python3 +import json +import re +import sys + +from catalog_update.upgrade_strategy import semantic_versioning + + +RE_STABLE_VERSION = re.compile(r'\d+\.\d+\.\d+-\d+-ce-non-root') + + +def newer_mapping(image_tags): + key = list(image_tags.keys())[0] + tags = {t.strip('-ce-non-root').replace('-', '.'): t for t in image_tags[key] if RE_STABLE_VERSION.fullmatch(t)} + version = semantic_versioning(list(tags)) + if not version: + return {} + + return { + 'tags': {key: tags[version]}, + 'app_version': version, + } + + +if __name__ == '__main__': + try: + versions_json = json.loads(sys.stdin.read()) + except ValueError: + raise ValueError('Invalid json specified') + + print(json.dumps(newer_mapping(versions_json))) diff --git a/library/ix-dev/community/passbolt/values.yaml b/library/ix-dev/community/passbolt/values.yaml new file mode 100644 index 0000000000..4083489eb9 --- /dev/null +++ b/library/ix-dev/community/passbolt/values.yaml @@ -0,0 +1,45 @@ +image: + repository: passbolt/passbolt + pullPolicy: IfNotPresent + tag: 4.3.0-1-ce-non-root + +resources: + limits: + cpu: 4000m + memory: 8Gi + +passboltConfig: + appUrl: '' + additionalEnvs: [] + +passboltNetwork: + webPort: 30097 + certificateID: + hostNetwork: false + +passboltStorage: + gpg: + type: ixVolume + datasetName: gpg + jwt: + type: ixVolume + datasetName: jwt + mariadbData: + type: ixVolume + datasetName: mariadbData + mariadbBackup: + type: ixVolume + datasetName: mariadbBackup + additionalStorages: [] + +notes: + custom: | + ## Register admin user + + Connect to the container's shell and run the following command replacing the + values (`user@example.com`, `first_name`, `last_name`) with your own values. + + ```shell + /usr/share/php/passbolt/bin/cake passbolt register_user -r admin \ + -u user@example.com -f first_name -l last_name + ```