From a8de996f6e9833fa0ca2c0def60bccb333ff933f Mon Sep 17 00:00:00 2001 From: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Date: Mon, 5 Jun 2023 16:12:30 +0300 Subject: [PATCH] NAS-122105 / 23.10 / Add Syncthing to `enterprise` train (#1217) * Add syncthing to enterprise train * add readme * use different default webui port * add update_strategy/info --- .../ix-dev/enterprise/syncthing/Chart.lock | 6 + .../ix-dev/enterprise/syncthing/Chart.yaml | 26 ++ library/ix-dev/enterprise/syncthing/README.md | 20 ++ .../ix-dev/enterprise/syncthing/app-readme.md | 20 ++ .../syncthing/charts/common-1.0.8.tgz | Bin 0 -> 55447 bytes .../syncthing/ci/basic-no-hostnet-values.yaml | 24 ++ .../enterprise/syncthing/ci/basic-values.yaml | 18 ++ .../syncthing/ci/https-no-hostnet-values.yaml | 112 +++++++++ .../enterprise/syncthing/ci/https-values.yaml | 109 +++++++++ library/ix-dev/enterprise/syncthing/item.yaml | 8 + .../ix-dev/enterprise/syncthing/metadata.yaml | 22 ++ .../enterprise/syncthing/questions.yaml | 222 ++++++++++++++++++ .../enterprise/syncthing/templates/NOTES.txt | 1 + .../syncthing/templates/_certContainer.tpl | 41 ++++ .../syncthing/templates/_configure.tpl | 53 +++++ .../syncthing/templates/_portal.tpl | 16 ++ .../syncthing/templates/_syncthing.tpl | 178 ++++++++++++++ .../syncthing/templates/common.yaml | 10 + .../enterprise/syncthing/upgrade_info.json | 1 + .../syncthing/upgrade_strategy_disable | 30 +++ .../ix-dev/enterprise/syncthing/values.yaml | 38 +++ 21 files changed, 955 insertions(+) create mode 100644 library/ix-dev/enterprise/syncthing/Chart.lock create mode 100644 library/ix-dev/enterprise/syncthing/Chart.yaml create mode 100644 library/ix-dev/enterprise/syncthing/README.md create mode 100644 library/ix-dev/enterprise/syncthing/app-readme.md create mode 100644 library/ix-dev/enterprise/syncthing/charts/common-1.0.8.tgz create mode 100644 library/ix-dev/enterprise/syncthing/ci/basic-no-hostnet-values.yaml create mode 100644 library/ix-dev/enterprise/syncthing/ci/basic-values.yaml create mode 100644 library/ix-dev/enterprise/syncthing/ci/https-no-hostnet-values.yaml create mode 100644 library/ix-dev/enterprise/syncthing/ci/https-values.yaml create mode 100644 library/ix-dev/enterprise/syncthing/item.yaml create mode 100644 library/ix-dev/enterprise/syncthing/metadata.yaml create mode 100644 library/ix-dev/enterprise/syncthing/questions.yaml create mode 100644 library/ix-dev/enterprise/syncthing/templates/NOTES.txt create mode 100644 library/ix-dev/enterprise/syncthing/templates/_certContainer.tpl create mode 100644 library/ix-dev/enterprise/syncthing/templates/_configure.tpl create mode 100644 library/ix-dev/enterprise/syncthing/templates/_portal.tpl create mode 100644 library/ix-dev/enterprise/syncthing/templates/_syncthing.tpl create mode 100644 library/ix-dev/enterprise/syncthing/templates/common.yaml create mode 100644 library/ix-dev/enterprise/syncthing/upgrade_info.json create mode 100755 library/ix-dev/enterprise/syncthing/upgrade_strategy_disable create mode 100644 library/ix-dev/enterprise/syncthing/values.yaml diff --git a/library/ix-dev/enterprise/syncthing/Chart.lock b/library/ix-dev/enterprise/syncthing/Chart.lock new file mode 100644 index 0000000000..7126be1633 --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../../../common + version: 1.0.8 +digest: sha256:254efaa1285f634b7a80b7baadeadbd20a680f7fee49d1d9d3c4618aa0d657ad +generated: "2023-05-30T18:50:42.865716795+03:00" diff --git a/library/ix-dev/enterprise/syncthing/Chart.yaml b/library/ix-dev/enterprise/syncthing/Chart.yaml new file mode 100644 index 0000000000..09068302c1 --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/Chart.yaml @@ -0,0 +1,26 @@ +name: syncthing +description: Syncthing is a continuous file synchronization program. +annotations: + title: Syncthing +type: application +version: 1.0.0 +apiVersion: v2 +appVersion: '1.23.3' +kubeVersion: '>=1.16.0-0' +maintainers: + - name: truenas + url: https://www.truenas.com/ + email: dev@ixsystems.com +dependencies: + - name: common + repository: file://../../../common + version: 1.0.8 +home: https://syncthing.net/ +icon: https://syncthing.net/img/logo-horizontal.svg +sources: + - https://syncthing.net/ + - https://github.com/syncthing/syncthing + - https://hub.docker.com/r/syncthing/syncthing +keywords: + - sync + - file-sharing diff --git a/library/ix-dev/enterprise/syncthing/README.md b/library/ix-dev/enterprise/syncthing/README.md new file mode 100644 index 0000000000..cceadde7c0 --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/README.md @@ -0,0 +1,20 @@ +# Syncthing + +[Syncthing](https://syncthing.net/) is a file synchronization program. + +At each startup of the application, the following settings are applied: + +- Disable automatic upgrades +- Disable anonymous usage reporting +- Disable NAT traversal +- Disable global discovery +- Disable local discovery +- Disable relaying +- Disable announcing LAN addresses + +Additionally, the following defaults are set for new synthing "folders": + +- Max total size of `xattr`: 10 MiB +- Max size per `xattr`: 2 MiB +- Enable `send` and `sync` of `xattr` +- Enable `send` and `sync` of `ownership` diff --git a/library/ix-dev/enterprise/syncthing/app-readme.md b/library/ix-dev/enterprise/syncthing/app-readme.md new file mode 100644 index 0000000000..cceadde7c0 --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/app-readme.md @@ -0,0 +1,20 @@ +# Syncthing + +[Syncthing](https://syncthing.net/) is a file synchronization program. + +At each startup of the application, the following settings are applied: + +- Disable automatic upgrades +- Disable anonymous usage reporting +- Disable NAT traversal +- Disable global discovery +- Disable local discovery +- Disable relaying +- Disable announcing LAN addresses + +Additionally, the following defaults are set for new synthing "folders": + +- Max total size of `xattr`: 10 MiB +- Max size per `xattr`: 2 MiB +- Enable `send` and `sync` of `xattr` +- Enable `send` and `sync` of `ownership` diff --git a/library/ix-dev/enterprise/syncthing/charts/common-1.0.8.tgz b/library/ix-dev/enterprise/syncthing/charts/common-1.0.8.tgz new file mode 100644 index 0000000000000000000000000000000000000000..3b457b136194dd04bf433d7eed53d59f0bd2b05d GIT binary patch literal 55447 zcmV))K#IQ~iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYaciT9!I68m(Q{Zu&-&nb}EP0*w?PQ+YNvCr=i%;xyzdM=y za$pjYFs2BGgyeVJ4=XA#+fkIVbt11+#LNXqcWcO?YGupj{J?0>4!SyeC~8NmM^cs&^45W^UpK?-9s+!#ZgP>2(h?2)BI$2_vYrND?hQ~yBngk7~324 zHbo~2p^d4+x!>(||Gx3H`Tw;aIsd0Ho}m1m7J!ENf4tW}u;>5r{(Ane}IPfwq`eA*pHosD5ku3*d-gcx3-I6ncO?=}F?7Yp%bjFVR+Lgyr-C*X%(ueY(` zhd6+7drV*6zAw4Mca6c$V4CmK#Zp- zLAm?|08TK)Fn)q!czc0Dl0^9l==bE;6lIu1?t3a=79S4f`vJu9Btw^@4CNydN9C7% z5{4+xwJ&}CB||X6e+-27_!l-)=p>yBox=)j_A0SC>ecY4VwB-A93qBahEkGaO0wG% z5Cm*vgG2dOI*H?R665gp1Uw(SBJ?~%IZEip#udy*&wUWshXTey_n^DCUk@oIIUQyw z_d-)23yA&0?p{4SKeaguCmE)SZ1~AS=nN)p_^tU+*Lo!a!Gcv$2QUgwGrDT!XEg(Qd)com}yvGTsa$#q_K z(1_&p6{0sJyDnd5h_4TdS*P(0yk%oNN^huC!oSnXS%0FL@U~&y^$wbJ@NlsxLvrX&sXV4WI+G)81ce$(%?(V>8nszrB^l*|> zGCl#p=g)wW|ApfiY<7R+q8+%qV`LX4*pC4rR7dU!2`79gGx+?S@rGkXM>q#CO+g3~ zaD~8tOp*vdTFByz6J0}k?@I7LO@@3O%w%^y9|&480|2fjLx7V4{x(Qs1akz~0svqF zaGp<)-q62s2F-?KXRuxUKO{k5lA{QqDavkdMkqrJY>Y!TtT!(Ic>>;Eo*CW8hI33{ zq|XWUj*B~bVJVWB%Q1iD6xDf+DSr*FZb2m0 zz<OFqcYAswB7T>)N|hS?C&3lyV}p2l&pZvPcbVHT5Nes5?@VYbT}XhejL z(|bdLj?>2WBQ(uN<9kCPLet%RG_FNM45a7Dzfnk01O^!yixmTmaTLYq24-mEuYm2t ze12wVfHF3w02}ff_|wx*6lDpFpC=S$0~jK?=1wxX7r%Rd-)*pEH(yFaXDFk1fI~=^ z1n@T!PZVY0UtQ#;q^~aW zl~W_Tf}xNpu3+fG3t^0$UJ`J(f5==`i63`K(V1PfN9B3l}Jlwsz+u&8tU>pmfO%0)wjnAI} zPQrK+ArRnC-D$roMp+l8X;%XifUO9J6a;UdKM9!X1%hYAUu^dbK)~<`I^gbZgWGYz zme3Ml+&K}rmXb2qk{j@edehn9`tRH4Pnf_Ra%Ik-gOZJBti-dr5|Y>*w!h<~k*1wH zCd;w%n;helN1)69_@V>^Mis};C|od|ZI`^3`9`Z=)!vvyq9*@Cs{pw&W;Qn(lSnkf z|I$hud4+@|7 z7(hyEj%m*+%rwfPqnT>@d)!vzG3FVTxSnH&>v?Q=r3tOdI#-scvYKgTva?@a|Ng4@ zEqh8X9kO3U!Jl9M{_5!)qom|E;Ky(#+Gykno=1Dx~a1_A~0 zb{pi^I8AXf475sYWZ*=aFgZ$iW5a}aHpw!SQ1JRDL0LY+DS$}?^l?cN@J^uh{v@z! zha+;6oPf=(oI(nALJ&NdfCs}s($R6tk4a>fhg#tcqjS(lxsJ*O7u?+ezEM9P0RA55 zfPdK*|9}*7QW($qMrW|MZ1cfHwFq|5M?NXoj&OGe-h==1f6Ssor|2_Tw4#SfJ~He` z#`>oVE@bC)yIsA12Kdtl!YVup_*mB1rABroY@8I(f5x9`VY4+L@Qwj{8VLS!9TN|L zc+1U{ti>UoqQvB^%UkF$tbpyZOcACJH<+PDz6t7>=#V>{b9h(PND~8%MoboRCh9y? z%dz$*&XGBYmH6Np#p2Vp{Fk-M1-IN}c1@3Z@$@0K`w*O_X?!c?!`w4bg3Y3#06YQ$ zWaW70#|k(Z0#Xc4O0+q3qRkm@qLE99u}ra51nj)2s3vMSE&q%YoR3f>NHI`w3v0{U zfTB#1f1;Q4uVME&Zv?A(*VVGxVYVsOo71d{%Ru5K`COED*jvqDU083LVU=vw84VpS zS4}PPA|eUe&}A-N|7+C$Zf6!m+|EqXR{l7Sy1}TZa4W=X8 zAi(6a0blv`fxQ9w8BUs^ok=>(V1&TG$rYPrS1`Puq-<`22vT?jbF`54K;l=J4iY#< z0SLhlNjIsic-#0Nm0oOO#=!VJM$G|UiOgCGM= zqt3tGl53@9LKRS^UtW1DLmwwNLy-kd6j9t~JU7~4G@*oI80Q-$T?TIa1tlP-BtyKm zD7XzU{aemo6j=T(2Pv;#AZznSJFzx!ep9>^M}#_#3cAGbjBQ&l*%q#&`TGdb5z2%O zhV5%5rlq(JNM`JRrt~Vy=!-lXluRt3BQ)mL281FMbu}O*sT^Df{KiyIu?yuVg^0mF zwy^^hqfoPyB+8tV*j5~0X>C-TJSv$Cf^)^u9UzV$#7Mz8P-OzpEom1YiadGS%Nf|BXa85!#h z?#N~E4H}quD5qcsTAMZ+H16bQ(PR4f)%71J&u~AX&}4x$X;}E|fPCb<+6kRk!6czL z2I=qv&ROT&f}OWu^Yi)Zi_2$ko?d)-d-3$m9oQLxn1nDMk(~ZFhzQ7Igi^5g-&~># ztPaNCA6b^a;kQl{lcdh91%>NGv!9jx@WT)CtmKCue&~QNAi)U}1;7!Id(@`j(@%Vj z{vUG1R#M@&up>+00T{vjS9I$v&H>Kf3MnoyZM0UwZc)y#(mG8);(g^Y{uVmF`n3B{ zc?K~7;2Pa3t6eHQApuT+iNm(^dxJ?1ZV=xL$b{xNLeddn>pUY@@G8CqXU{vLbc`s_ z#nf!V^hT*`Hc_CdS8DAR8=_ zpD8FqkTNw&supCR!+G-4U7@3zwwHAHA)1U+u(K0gF%CS^F?#dj4(#l3H$}!5O}M_h z+cm*|*xZUBMc}_4{O`_#@y>(j!-HRT9=zOnaM9`JA7k+4i?Sj?9HWS)IJ;K%wyc<$+##&)<*tvm@p@F?(-NpVcG)hXq6#`;#EWwiS zJ7kpjtqB~b29v@JMgf~d*DAnEEZa1|nbb~k70j4Ld6g`hMT6a8t+ZBS+bVHvM7rm* z_QqnYcHVWadWCB~-#v7XclQpD`0?&choE9+|K2eA)oS1_neOuFUq&Nq`7_Q}jH*<`84?d?H%-wt^1!x2ggTi`~NB)v3aV_2K<`LyxS@t zI^AOA6uW9h2tA{p0 zJ1MS)vnq+UL6!qpyT!^1iNC$YjQg#utoFiNfr*QvB>T%#q+#!MIHtSONpA4%SN*N+ zvn3OF3GL_I-Nw$&j(K0dzj2M(_9MFbB}_NQh{DKVA=~syFx{ls`FMMhZ){H=PjdPa zWkUqE^a`>>DJ8J(?|?1;Xo>MvSK-iwar}bU4obSeaDV>)h2z+8*5jvAZD3|7iBRSl zg{pxdR!xdOnA}P;Jnjgp<)A5q=dLE!9)Jo@woQG=)bL6#HYdZhyI?Ej8Z_F~ep&o; z%o`0%yt~^_1%1RzMz z4T#xnERJ;kv{Fsw{-2TL-{fiuyMN>Ue|T`XXYc?0m7f+EhmLMSE-mB zmO;JhS;7=rVoNEBR@721O?RrfrarzD_UM#EfqEtEw0e)^Ba%sTqGz(09lWx|Mm_qX zqa&ivoBp2dS7EM0=KHoQk{YNrD^ts!ZQs9bRbzrXEWEAO0_UwbJuPv$H&r_xUMTJk?;woU1 z{&#e^Z|i@@d%d;(w~B}Bd8Gs7GE~5F=={O7z>>_Cil9!(>UF`g^##>In5KED4Qk%5 zYlU#F5PstdVL3^brxPk2M4-%r{k<@R^m^P@sLNPF%aQakH1t_lmtB<}yBZyKHTvrx zT6bN!-fHWt_O$*xu&}dL)vu+du3Sa^mekYxQBA+1TIy9vTa8uuO4mYHt${k8llLP3 zSLuJtI{W)e3;l2J*w+6J_xo%8ZzT^`@|JY=_s2W;Yk%hVmCpN?e%7}>=Uc0F-+@}U z)HA-dKD5?{*80#QLvpPTt@R=Br_hJ~Y)_T`mx%Npr)85{}@ml{|#lv+ynac%~y$#ClUWR5^Gn&5cEsu-)UR&8^eq!Ea?8zSn9 zzg1PNcE@%KZfzIb*R_-DzvtaB!QC(k2VG1`HT6|BHjAjQiwoG6B=zlTr%Mv-R>F@J z=$&dFSwl%qsV^Y^I3X1M`9zGW{h#L(S&{*`@%~5e(6;{`9IW#{tmF~V7=AiETgEoe z2F=&q&-t*e-L_SUHoLPb8;ZPjzvBpLu?l4Y9>7fMg&cw99kP#YjTuf7)>K z2`5PwQNPSmtu}YT`1{($IU;aEMXXU}dyAhZ0vAu$R-ApSAd z+>)EDwHdd2nKhyYpa7GnJdF{LJ16MxzCk>tT=$jw?Cch6gZSDYz9PXytPPD8aX$BW z+2vSK_Le)rf5J(GlcAjF#jo{rUr+b-bT_6uiII#m1XC;n)K$*A4FDG2R~x2RA$zo2 zg3R=TOI(ZEwJwoeV!MAXHLvoi(*IlA*R zpuoy|hdvsc1t&5H%M7o98R=Jp`3MBplPi=Zh$1dJ(%6V>ujlr0TCg(f&d^Fk!fTWX zGv2>*Wy?03blR(iUQtxr$SWf&3Dh^rq;VSH+2!7~P`VaM?^h@_vo97&IPD1_^LQF- zfHPk^9X)!}46BLo&x-SIm{Dg&a0Y3`OG)nP=l~^QS^FB@`fH~doaeM{C>nGxSf#9VQSXC6n=Lx1@3Ns9^;xcU|Z+QgsUr0{RNk+}oAnH5G zsd7&7eNRawuwh>d&j8i%Gep5TiGVC}1zAs!L@GnVD;R9aTw(AkM@h()DNH*CmSroC zxSaJrIZ5iosu7A)l;zzaq9O)3ip~{?Ic!HD2w@yE@hp%7Cy-K}mJ_AKaYx^E6$^Am z3Ta`IaVf1#Zs{=mQH?z;B~e!^+nTBZ&4K`l=v9Q4=o*Hzc8eX1Dwr4o)J`%S@X|Nk(%8h&5r-j0b=X1DHf*_U|h~;=tfW$NFWK z7xI!_V~a_0I!z)=sNsogOu$EldG-0ZseM{vnwcp+gUJvv-U^rWZSki)odp|qOv-u5 zu8d`Gp@j!LciooC&%=QRBROA#j;yR+xSr(t>^8FRxKuS#sSgnj5a)8SbO#22`3;I= zeGW5Hb#zSKyN3N9W$y#yEE}7~92F@k3Rn#98YP_%+HXo5uk}~I$9ovXwm0WpjJ5UP zJGLI!SGp>c=ZZzOnlz<%FyQJ$i`8Dvxlc=TQ5{c&M5_)W>cYnk#-AXApeGMy6v z7>j&nFpkL$pahU9$}$`wfVp`hMHxs*1g>C?^KB3#`nMd6U=|hZq(oY-hB3KN^kK=>=_5Qz- zN9^yckHOPq%5x1qnWQm4Z=G8N5M!uYWV-C?V`&yy00biCVgNS9A0W6!w*lC^Mzs7KT(5=E;DQ>w*0}7b+_vA^rcu5A4-q%m zzJbYb!DHZt^?(0p-_idLj@SO5D|w7;%rD3d$|*m4_yrF~>~C>)0rMOW6EQpakzI1D zLwu$h&W`vt_!A(@Ng7>9tdJ` z6M&vjw2gzTL>ywNGxd{4&e^m2WVuj^vsU}0SRF$Tic@-=tMtv?Zr3>tR1F))V#TSI zfJC|b5?lMrljH)93yH$4I1DD44p4$TO(H&W`KhNQLxX3Sw<~~pk3_8W944QfGdX8B zGF;Qla)J*DDd{gyHc`9j+LN}vd(YL6)QnECN~|h6;nyFYK6n@$d^S)`P!dmMw64ug+?qZ zHB`@xFk7%XU~AX{V^(wyl*N)bE6(;fZyfnPQM1J23!sF1wtR)th+6qi^PyQp0&J51 z_KzL;@Azo#|F@FIu>bFHuO-#%+Y0^O3FvBb2l6Vyy&d~4aS!C2o+%CbZ^SxESt z@dENsbJ_4Y-f1>o<2c)uezeV}^sO6Da{2_J^o*pp(h6Y7eJY+G=ysg#T&~)-8=TJ~ z@E`{}9EcQRf`SL#PNOVgHeTUSH473FLR%!bdlZflxIy4LAvaUsO2!MLs>L0OWY~u^OIXYJRVg$t&kAN5!td zS9fX+%G?}dtmpaYB8gY0YCQ}TTPpR0`GlpyLcw~4wTTnJ{WXn&5jgjP|?cQ&lM)^_H8Oa6cA93^;ynFERJ=aX36n>Z-YduDOHq=ztd571!Ft2urx}NL&88910KI3BG`s z+@Oqm7Eh889PLXdKzfGsS-nTm0PYY#91FiuA>nT%0}L&4Dy=E8~rLyEF4cuu)hR*nhqx1GOrxt9tf zhi}0Yj7d&e2NbpPu7z#oE-MAP46*&5vsuhvhUZjV838aC?oL;?rG-V@hM2MI_}@ma z+2c@~>GE%RZv}h-8A@XqA`tvn0D=#}Y$NY$FRb6lQ@j5Yx{Ce3-#c*j|AYSFdjDU= z(`G7@!cN#2tyk0-A;_-~b!Vv*PI5}dGgcZ9LbaBhRj+|Gg=o2Eavv;ZkrNX@6at&t z#igEolGLU#MPO}XqR`@vDaO<`CJNOz_O%D-`nlJ~zy9+$MPryQ!}{04{&%ov+yC~C z*8cx1d6fPq`g>W{KLu|Q+h6T9?XrcIH?)lk{wU2_kv1kpFO5quC`RQGqG3|x?Y)F) zg+Y;3YcMI+n+&6(6DsV4J_JOwg>8`aFeVAiZgm6Uw8B8hTU?t3zv@%9{)?+UyB}aS zTv!EYTL1TZcKpxdesAsnyOPH+l(EhR{P1`#wk$lV7K*osjCwl=5W3%EwNd8Y&V9qCu7vO$$!!51*VSx!3wm5$4^n$S;$wGbuK z$I=r5WN5%9=?G2{;5YCF+>^rbEc`dY2?(}9AY0bo82IHRqo;8?f*mK$zb8(`Ci;}Z zL|j)p@y5t6987}1uI%?$ukRC=W7;K+sQ^}t5%u%LzJf=t{>_@?CIDH zi==gbY35}n2Rsn&OOFG`;!we7A3iR|3!rn2ZX2*EUg{~rx*{J~F)wWmn?*mu!6)K5A93p3gcwZ+n=cu?TxoCPhcJji9#IW963H_x|1I7Tsd z$&!>&Spd29&$^^U2d^Mqo2*;iA#0N$}a=twl&qpi~N7@WrdB{D6Xt>k&sy5>kf+{o=9 z??-!?SjV@1{q%~^(d>lC&STmy4;#b!-$YhBWYtTthu zd#~;!+w*H(r8k=16%|^T#Osmf(&fWX&ydBDEEl7BFch_CLQf^!Zl(YF{ORV`Qj`Xw z1r{$C2o)Bhj7r}~m8)&ln1cOE;McGRn<3Mfa^$7BG#IxwRp=|ma#gUZuF!N3et5|T zwX(3;`EOo%6|?WqH>HLA{{rWWB>-#k|2Q~4vgQAy-qBkAU&Z6d|1Xy2`yq$U_agrb zTJGmC5GB5&K;9KQ?ok^nZVP=g8EW{9mQtQ)Efa@wPs@WgfOB~?XGU!Q3a68z7vzSc z_~0B=77Q|$@bYNRI@V*w`NvM37tOb}w6}Vi*8c(igrcX5Ie|2+|Hu7($NqD?w_g8O z@)+y?&#beT=LMq1&Udi`l*BA`3)p=KPNxJ%Ai*(62~H@=>_~n_AUu6xEO0Vy4i$OQ zOA4&8(N4IBDUL8agK6%IY?~pm9_QUxzde8Q{Pe@w>G_4_&!}%?#R_5&CJNzg%BV!(2uTHxx=DVG(Cxmf0iFqu-*&~@6xzjc| zR~SZdDd6!Bm;bb-z=DC7|I`zbSX1)ypE{JcFHbLitpp^#R>N}WE;u4;>V%xX6|qab z4e^ijw8Jaz=nG(ByY_f*RW;q|fGzZq^);<21bWue$s4busA9D3J_N-GiGIF#mXS%y zlkmWtZ9yUoyq+XWwfD?rp$o_zJtFq^X__)DxhPdm!wO7`T<^WUDn zVGG*nPtRXGzkL4mLXfIft(xWCiP1Dm!@oVhc>dFiryrg?{q6agYBXRXMBv*)KoNmI zn_jscqnnlKfUO~th5Qq<6^~d|IpPGA*+IO$c>3nU;!qZbz!nAt;@Ny4p1pbf z_WZ-*V7w421{opr=LFJXXuV20R-w$tIzm|(y(D%+b zzhy@N-T9iZ{G~<2CiySM0~FqdF}lC} zU;Dk|V_W{~@AcO5-zpwM{wq3rIYM6n?z<59G-{SD?2QPy*0+r`Ll=~!0SHo((+dhS zYHSvpBG+MA0ewPY0D=*vsr)B5DmWrx+0*()B5f87oo(??nQFFc9sf8R7Ar1EneTFN zfzxB~BLmZ7chdJH*)spP#r*nv8vc;Z5ETuKW-hCHVj@9b%l;M(SGXzTmiFg z1RJBcAhCKZTjRO96@5(P6(hNZw-vEKJOiY1Y_}ZW2GQP8UNzFa!+g0kS=aEqMYX|E z(Sve7VV&h4fG)0{xmy%EXK>iOaeAMB(R}E%0=#h-sxO$R*^rN2R*^?wi^o1P-v&j=+UiFJDg4bv)fg;70~b=9TfErSEn=Dtdhwjj%S}_b(@e?!SpWKeF!cm8TVsjIJ`pihGf@(B-;Q}5OU|W zyg(1Y2_<7lG1G`|xyu@rwJ`;3U;r{0lzzSXXhOCw@=Q+ zlEb@^txh=`FZ@+98DF8SDHV+l!AU_G?oyK|i z>h&dng8>RD$4~3qZ2XTuA*zzkr(&N{kW1)R{@f_AD|O zNL}D->tbKyY1IG4ru^F?X`mYP|GoWv>;CUv|LAb-|Fe=u&;N_E9Q*`x94;>nlv1DV zQ8dpb3cdx*q_n%Ow${)awEV*5HNh0a82?9I_c5INM=)2qo28Sh&rhX#VyiwJ_%i~? z)UaEi#Jn6PHL*l!VWqHYT_|9xT#CZ3=5DL0dqUbZBweL7Ii>;KFV$A8Y??IjT(=uI zijhZ0(0$C6vr$)gBYj*iIA^82N+b?KmNGG$ee?Z5^Rb4X`)p;{<0sqi~F1PC3R7L$*a% z+}fi;>myl8Kanp4M?3jWE zcZ{&|oGHY7>CW1?M98H~x(6G9g$;-`#t75?t+3yge>-AV$;j&a)ddut9dnQ;Fqp~7 zLvOGA(Gb6I6YD~&VSxSY4Ta7DSBZ;QlNKvVRvu84buB5VoEN_1Gsh-ambTzXa~a3V z>l>ssRN+5gWB>Ax1P)A_*mHUR$g#jc%|0Mxv*nK(r=N20-re!d!*c)e5$E-lS*^2- z;7{o%BNzA?Jc0OGO+k`t=AD%S8m1Q{y#AUrh%I6fA_Ro5h5w4Z$`-)ivlg@!s4nps zk%`x-q880!q6WrFUx91GHfX6^wg3qfl1mgMYv}$)<;jwwWr>xxRLRSfzjVoysvfGy z;!(9ps%o~h;E(*1rziwPJh|6Xl-*>QBC)TkBV%d|mSSfuUW>cgFHtr`C4};`uf2+^ zCp=A1DJNrLx_g3Rczc0Dl0-~gX1nVoLzklrf4`klKsNkHL?nungrH zlXF3cp;@5NT86d`SLGOWbs$^sDOsVyMJR@K?SATj{vxE?;1nbJfFvR~FfST3iq3}A z-Y_6j)X4&#a0$u&oN_M^@Yz_Eu@*8(3fR`eQy#_P;Xt z&VAkg>hJCEA2|2Fj@J4ASMnI*+Z)x{%aPoQvGZL>Z5lPpHUt)+YvV1}NLpr@LbNDf z`=zMzdmS*}?mbi3uBqqPw`69Cg_I>T^l^f6nxAX{5T=t88LVAFQ=hwGIuYJTV>Bk& zZDl#}8R%zLTCo_9G3EP{`0HfDH2>HoWwS!2J%@RYlOgDB3;z`1(!)m@rrThQAa^#J zB)o2Ubf(Da`g3L1wqKC57z!HGYOz>Fgti)`xt-qm?EEcINGy5nnwz9Q`Z6X6Tb4sa zvErymd!j`7Q(y0f=|pWcMi@*}WqNl0w&oH<2xG*$-J>CuH5rXQ9iZ_jLxE=i{6W$+ zi+En`z%Hj~mLttydQd38j(AA(sez?dAfJVO9*EY3|V ze$gUfO2I@EiHe+nj=O_$01PYW6zHYZQ7tjq{ebDEx0cZt>gluhMaW zM7tg*6WyZ8T`Bx`Kk6OjYe}d)K*{~rJB;aRhQ`ysRLrtAnm-?M*4khVZ3dE!WW7c2 z94M3Lm~*{oOa+f|l792Bltymv!0UxR+luiR{K!4Qsz^9n%izsq+_p<65M)Ts)1XHWsZ#wWb$5aa3D4a*OR*I_9Aqlp-f3U<_$E z0uZE-Qj{&p192W{bcP+gs3l7l^oVIY=MFvfdoCL4f=66uoH~Dd0{Ge5$?k53hUinj z$D7;DcAp&lLMG35`=uY(?nChM>C4IruU?)1w)aG@z>ydtE(UNOS{HTz2tp=Z1pjxd z_pg6--}QHXc>jg}|6OnAhxZRVTkI|S^UL@joz1|lF2qv?L94d)?&8F$=OpcbX_Ycrf$MpOthLP<+B3L77=y(LP5K=TG znV$PzDO;kv7*f9@?(+!aoB$X_AP@>n0E83f0NfyO0~0FbTH%Svo%L<0sB{L=6jp`A z9Oi9p)h_4SgZy#egX-NqB_n9zVqmax$M$0_2&kcA(~hsPC^;5IZUZg$f;#UVyXTAk z?f8ulXZonI`QSL<=t_D~(>gV6+Y1&VTxfBzIICooi;)0P9&PbkH)1aryO$F1O{Z`R zTydK7hOMP9c}0a2TU;d~nv7z!-|?p!Y;(wAj}tpbE8E!yB#y}qYj!}gF{HUaJ{&*( z5kXKy%2KudO6)D1J@QrEeKGgV3}@3{+qU{GJWck0J59qprvMH1|Nem!|F^$?w2uF= zlE*Nkm5arN>~^5?rz}MXw+7R9aV+4_wA8}^^NLZCMI;!;dqP}UpP zXIkuip{iB|=2wN^<|y-*WM7J6Ja>e@oJg9&3VL$`xRv}V1n%xOAln1aGd#sH8ltC6 z$>;i*1EQ)RKP6YMBd1#Vi67XbFeKyjJR<`fb6-lfhdPzaV!}05Kiv?4QEH0^FGvXE z5y@#Fs>bTKYP_M*RQwBU|Ar8z@CwJ6V#JS9N?TJ{j;XRpmnjAu28^N;TfT0r1i((s z0mf(J&N^!VynF9ST~Uu=l#x_GV1Kp7v8*-=lDr8QOV@UCrY7dfSMAz0;hSH-b?TOU z%v%^fTPDIX^r3b}$VQmemopaMX_zMS1fledq)u%31}YT>ucs)>a3oy>i!y)9ea$;T zO|3ReHB`gZe;BS6=+-c)yiJ_*&;&OKjPY(^r#S2Dkn_v>7 zyK<^T4LgedW9Wf-%Z-I7H`=jsg$_ZXlwuv~j_qCC)u7v6 zU}at`9fXO`mU-#DVShH8EK_kASNFy1lSh8oPEj-87SnzM5d17}FJ6)tWSGBBo@N=z z0(*OPFW^^Z*_uV@(N|1^)>&owGRIbGq}B5Bw_T^nF{3E0=q=yQse@Z@o!`&XwEs^@ zJQ<^xWRlFE2BInc)6u@O{~sN%<3FzCG4_A0vzM3!LWBBU2muB?%N7ErBo>p+cQL}g z!k(fm$2mnwh`f$^m6y)d{eiN+ieps1DeqqRA_QpGgJS=wI6_dtxm{lw*oC_%}5G|N}R9cNLk85f-zbKK!Z`8*+H2h+y;H=9g6t<+O3n*I2IB7<(0S` zu=Ok@QNF8PePKUP~CMEDq9BaovcM?7TrH1uZx;5Rv3bZxM%Gn}>nm{%{#_hql_ zIDt-|%9|v<e@*IqSmz`t?%lRv=prH-ODkuvG@j()&3X2mN37+W09fOUa%UW zR$nIawPV{5$1n}-#@(7ez2QM_DhvizT|MN+JGLOYT0#iNC=Owc3ZD*_O?Ts_`kC=SR&#{gs;_kB%?Sjjs@2 zYuReTWBR8k!~+~w1tiu6ez6Yt544NV>KMR4*-Kf~_?>xGs_L4C4l~v;Hss3NbSiZc zY!N=%T;ArsRktwpF6A?u^`)ey3rSkDB^buHPbnkS7PDGOH$2^o`lJaqe#=gSNMiz1 z(##B?Ji>+#K~2u^Sc&w7%R^b+X;$T;RaCbYs{%e-wHmBoY9HYdve5v40>N(JL$UtE z&Dumt%=m>u3RRvE$X1pcm_;CuVLk%ycHhsB`(|45+`cySiXs<~#vY8_Ku%DfNp8<>nKrtbAz`DDUu%*W7#TEPF`M2wPBSi)Et8a!Y=MCO1zBx zVW&Ovuih3QXBcV}lyB=nfBuT$>l^HUJha(Pkwp!EZVf{B8uvIQwA428M<>aV!kQQ%5S_SdRcvM-9B8RTan_&?~Cs<@ur4Rx2->+=!|xjUDjPc zGR{42-CeH3sGjLa@0AAn@9s9_@IR>nJtDc5YMk%X7DyYSZ%+pxEo_5nX~g45%4_Qa zVIvQ^A0bN9Ul5E?mP@?K7tT#@nPs)O4QSc(in9h48_4w>ZJc-_a$wPm5)&hopurpf zbW>_+L1hnzRq$93bSQ2j7Cg5j2mW!4lk4Z+pLylKLZfRT0XFLY$F}|V;HbZr|5oyt z_dispu8jcm%YYi0-NS@P2I#X!&^8fAoo>EP?U!graN!L$v#$3`INp zEr5pg|6p(b$d3PZe7wH@w~|MC4vGE-MTcu)P8Qh&oPp$vzFc{>!=`D&3NFDR;ZP?R z_3L{*1+%*Md%V#spVTey1^mkLojQHe)2-Ehr<&8L z_d0&zkkZfz&n5Be3c& zTG5Cn1J5a>IIItN;zd{hTwutRXwP;RQnu^Gs(#e*3=)>FH?Jy~@cjHtTN4rw;iB9d zGNBBEtpru@#^!4KZq>WgkJV#N#*Yp@kHO6dB?eouxTf$<6nkGkG||TfVr*YM?^v$j zq{jtq#_?Un3?I=p!4)2Kjs?i!sfD+&{d66Bj$}qRLOHdsSIP)w=s+ES-aQTV`E+qT)*W`o8_V|8NNY;2=( zGBFyvX>7YO&YS1^d)Jyj;H;TBd++<&pX<6sAPFRis(!zQqvl?7qTAPS#-!pISJxgu zG#ggj*s0>49SxX52Pp8+-eP19VvMSaMAEPRbmfq73rQxAxaQu$()npAe_|m?JA@1o zREV<6J@e=T6*Rds(qdd}%E+kx$`*w%)o{7Px=U%j_OVDtdZdNTKy3@+7Z9N1Jf}=s?0?*P}(EU_{uu25N~Z0a-sZ z43Xa6tgexz-QaxrbAT-d#w1>t3=bxoys1ak>W@;K;bFPrlya$cLdst$NX?TbtNQ!H zduYMG>y%czc#BG>CZKM;n6F^WjB51HjDV2{37NACc>IyFeV8mx2+fb}sNk946A=Hf z`~=dzK?s#FpnMWXnm`Xwqlz0|IbpRD?-?!4htpan(t!K}BJCIqZUxVRU!=1skb`EKJb~u}>7j!sAjqlR6&~b34&250 z9=u+Xk`h;6e(X%P=VjckZA*K;+12XRRW`QsNL;sN$9uHzhx>Xjv{AU6qGLgSzi!Rx z`ZTN@R?5d(`wcA49>jmrlj!8WDVI^YemaKp8&gVcW5~iYs`Vmya*u}f(sebP2Jz{Oiht_d+B zkD1jV^i|TRL2g9Ik4PAbrK_fxmcg)VZTlduWuyk{Z-hvjIEA~f{9y|pQdpvCvm<1gl!G~0 zhzk>3QH$lNtcCq=n~BcO)wXxvsfTtL&jBhTHenj^|Ac$~Wp1u`;ikgKSN-_MT_Kbk z@Yjcq@LTZ4d!X-o>!!i@hnaKY#e@<@DxNTU_|s19h;n5f3->A14oRBMUU=A@*2Pv~ zU+sNOlLuwawhcFc#|6nd1qiPKb*BFhiBIlHbep_BM1h73TH)2?+eT}`Id3Z0w1Gisrs+J}r*f^b{l+4KS>;VC z6J-*}iohdM_iRMQ0>BXzM2pJs>8LdLl;=;*Uu#q!=RmuABj@k81Z(R!?7ci?mb=;$ zb(xOePP{s}-un`aoN#}s3_RD}urgD@@YDdl9}Lyy#qxM9V)1CtubkLk zA_e!^cMZ(cAH<;w;jaemZZO`*fZDT_n{-MBOrQaWnq8MrrY21>VUp1Z%+%h98Re$A zFmIOti<3sNx4U85wP>@%kWJ&gMvdA2won~o+QiL?l}@P?cT~iY4o&^EWi!( z%G9B1O9kwuoA?e@85^Qy#25GX3)e4(b#o@$Ho5>_=Ob-i=^b!269=rHJ}kY17`-ii ze3{);=y=y*$~wP%^X?a#`i{Y-iHE;x49Ugt$O_m|~qejEHolk`1;$+pj2HGu3(3-GX^c4^xE{;?960_mm4Gj{kTq6CiZyVqMI zBKQH(}ctZ)ucfeZwNX4i<6-p zJ6gtJ0i2Py^cdzv<1R-?eJ> zXO=m#2;Tm8PCZf9783)g4!})fK zL*~c92JF9)NIW=Gl87{t)@@noiEJVM8$*=MiGC~2N;fn=l6}$eIVF=kW`67sL&_P{ zbnKwm{1ofFgMH}qh7-k^to>>vL~AR{b!uU8eln(Rboi==5xP>pl(veh0B1>peJ8#~ zTqI=uX0!)0C(^?NJ|1hchOCOm#&hQHJrQp;w@q}mbeY1Ex>(rL0;@!5RH0%r4fX7MT;%`LGGO}QYPsL zYWokBnr!*m6fKbGBp3Tw)Vv)nO`H5Z2Jq;+^hQ6;_Fikg%d{d_s~)GW_WJ9;uS z6+mwSI><%63R|cwDAA zNW6P~>P?4~(qa*0@IF5QDw2NroS4&t$?gd;6`0awF_{6 zXa0E1Ub!8$z`9w7sY@h_|F)S{w&a=ms!OU<#sG2uey&L+Kk#-u$M2|9w_VyWh(^dYp`E5^T; zd@q!NwTy z&Ki=p#kuyrl7k8sg|Cah?pb;)7&X+oz!zwRdwFSGHN>&Y-m)Kzn#S1LSk;zCRhdT; z*mecIs;%(Yb@R;}^5H+V1`P3TsCxb`4!gkuym!d^+o6t<=6x`09X9thY5>GpiRY&7 z-m$y26VnenCZ!tmZ4_bR`tLd>c<>61_hfpf z$EWmQ0$_um-UhZp#=D&Eb!5$@av4;rojZ(w@J&t7bpFZY^4n%C(C~i@oT!F*;MuLT z&JTx2zb1tq@qsxfS2+YrCvld(-%LUXM#sT)wx7tFEq>YV)*CAv6AIl3~qD6=#; zE(OWOcel(UcQ4@Pw++|Vy5KiqU*JFd=*Z;(_5N=CfgE8^WXoC4^u;g7R502msS{y*{0`v%>ZCj7uVr~LnYE+Tg zAkKQYIo?iMJ~t*`yWU+h#2yxJYl^jdOK+2VWn`UkZd=R|hK0Sf{Y7KX&ibY99?F>$ zzG05g(g$TROH8#arG)d&8t5uz(i7{_RIHg--S30WOFH~K4XmkjZkTjGmTtbKi8!*O zs%?#|PQdHiO5M>*8wBcSAd1i;S1n^oZ{e7Qo(BZJkalY3BmO0HqmK`FxjoeU|u(L6mCBC9ZjHS~L*O<+Y# z#31_5LYVy$*+dx32>0pFH}3Txj9(X%sbWNNax?A%uS@32pJR*0AL@Jmmf`;3q{vG= zdi}!qI#)X1FB2!6c&1v>gQA)%PPHoisH@1Lk_2TGsrVr z&>mvWzZnsjBy6-w3}+`B8%VrT&I&5jnb|&lT^EGR)4`YM(Fd$gL)yvK=ilOYHv*G^ z<8L3;<12N%86ZlFq3VxnQO0Wf>08|BgTo(4B7rn}DAnt4Op-l|Op-&oF(Lg!0#kKX zi@n~4-q1cC@Wqovp|-s_2)_0e8O>A`bMD`0oW3G=c;6J5(I@ytHjr{Geumk;)O4$jDLi+JPW#Xsa9#C)%k^k;n+U7ZWXz3$)xy*-dF{Zs{Zu?wN zOc&$|@t^mPUIo#HZ8@X{6`r2Je;npbAw|O&-I)CsSqQ)RWRwth($YuF+rGD-iegnj z3m_~As#>u)b3`(W`I!q|+> z@!!(^rMDqehy`l(r)kOe;9%&POXB5{n-xWQnawM+MUJ#bgdzIhYx|}VN9{qszQwqv znwE>z5+)PY<4}g-|Jv{r1CNv*O|2WTBbf3d_n|0$n|i>^k%G7h7}^?$)zj}obuAZ_zFnh1wkY_LY$<`t-oY;a6iJ0Rcp{_O7Xg_O83;P@GfD#F7> zK=^3qpCs%)B*LRnw3wj7PdJ_j!KPzIDn>LtmwuyUDCl+ZsqlIPhDPZzSl*fEXqZ6S z8=1*k2F9g}e5aC|sW7R6UdFz$KZ5?^0gFElbPkOO{0c)1PGaKKRV;GSU{3Fcc8Gl;6y8c#@_1z?{S0UN}moVfKj%z3Jl4 zLTcggwwWQy-XXuNuZO)XwF?#-eLh)Q!%UJ#6@uvNd?4&$V2S$fZe}`|hck*#S#sJy zz#D6+z0cl@_^8HHOf2~rr=Y2^)APsP;aWf`R-R;eXsW*7MAwW1#!4&H?pcB3?|HFk z&u;&--fs;DU<`e;Yv^y|3~T@mFunUT7dU<_2e*94Gwf%gPEzSr_#ZOVj~K{*lYjl0 z7}Cxk3t)paq11~$%h2Hc4%WK}Aav7x&u7py?(~J}h?EfpV|J?dO!6qY|5+Y3ZxWh# z4LW4xlGZat$QP9)Qfc%>oU&HmjYw5MoIZ4!@eZ2HSmT%-r-_1Bu^2FzH4%Fd$WqT! z7_5c?V>xsmdaDRobfQctUjqqM5HQxC<^Pz76wZz;Vj9I%IrNUKsgJ3QA2%p&S6cyj zRM_#e|3wC-cER(R5Td*Q;?p0(@$%}b!6sll_VofN9EZHTEir^?hM#R^gyRcgGQdn= z{__Bp&IqHcnbBF(zg2|@r7#qC2~C*+M6FTMxg-pAJjbAro+?h?MY2`8PwE@tOV^e1 z^#pJdB~@x4M-R?1*yGqc@A`FhHDNj##1}A9|lS6 z_N+U*EN-9R`VTwgK;zFL#_XKg(AFNoA1X0*JUK9) zQ6hH#q|OE5iSOSe5D=eYX$Q%#$=j3~;?ztol6Sqq?@g5~=FJ+OJ?ca3H-Q;eKPm9I z$bnhAQuYnkSgV#@`sD)U?q;==&uAEh-Iq(Zz zQ_Ox)2T;x0WAqX3f!}8f9DsE}<4wTiKcF|=G97y3zlkNGyQiEBs4h$R3aP<=wZp4WBoYp|7=oWjbruLVAABdZ=>z z{#C(3q}Hl0Sc3JnuxQOKrLQ}+w7Br=$&Hp$S@pF_skA#OL|qxYN-tAceBEfX%krF+ zKR84cQDswmlaLnSQY6Q;`m@zdEmZDj$07#bt{c0xvSylSaCWTZZ?*ElZZh|13)AS; zYOh+AYuZaeTJa)h=!dZO*`p4b)_CvWVS{4|7LK^*mHedm?-Ls@-HX`~n8Yh;MGabY zUf(ic4K|8h6D1n!eb)tShR6bAwzBr4p=w?WBk5Q*AS#M?hSfXI=ka;h1?R;O zC#`8Hb1No=Yi_u{`b5yho*A6Ud?o^;GAL)EP(l=&im{R6L%-{?F(B2l5+Tx<$<#vo zS!8}-n5R>{6^3&<27vk&HnN2*=Zskp@&)ZvQQaQ48DG4d@<;e6bA&6R6)fK&M`xb| z{-IU{Nm{&!wMF>l^)h23`DSsx5 zu}_+r^aM3gld=Zs-rZ^?#_}mUY>!Yx)U`nq$%=SwqHq$hRU+X_`q~)FZ(iP0&Ab?* z!SoF2Q0La19N_G0jRn7RT7&SHawTr?OE&5-1S`A}2GUZJA@arX+BHc8ot%5iLevH$ z;dUAE$vu(s#6~epz6xKNI5$fRqWb0BeyRU=_N&-(1Qg?>(d7GtitshDI`{Gg5--^K zJtHr(M}<|jL4Ec&S(E?{V=xvoq+e zdC*_Q6}L*G2EzvGAS~WfQ^>Ap{SNX0(QS;P5ui+3`IpJEOYim*OoMX1F$N%g-EY9U zg3wqVwI=%3`SswOM z=3Hw;t}bVeVq$%}ghGFf`C9C6F8X1kO1L8Us2P_3u9^aLW>OC({XpA(zz#J(PKF`ZeD(E&FKx*XE#*XOu z%Z_Nx2U>9Of$}Uaj<4U_P0{uIiUm_yt{4FL(q0@MJa3akzz7a3QMbkt&mhE8t#n&4 zQht{WG!=+b_eRWdiLR_qe*EMo4}1fjP3t;!Q=nDf##PVY{TF7u zw_MT<*W00i8c&sJ*1Yc5JK^^cyg`#UokP;>K#V71V8nfW9lI2<2O8c0FBvj^k)`e0 z?ZNNi`@_n`__|3Ss@MR_k?5&CbSL(P@JMI6*Td%x|42{JkhI_E{cx$q}Y8u>#bX1 zrrM#>4Z{mmvg_JGQQ+Y8Zxd4K{2}3p0+CG+};`ruAEOf_S z4c~J!3J+FNtanPp5gv-VAcv)!O|H9v4x6kaMn zXShIeNDGECPkHuaH%IgcIf*_oi;KNT_*QA&Y;p=J)`BsrtNWHi3+PDs>aWt;ra z_c|d=dN*Lejuh(pE;pY4!Vh6d%cSwoCp8%p-d+T=m?>46Yl!fK!oR1K(lMlZa-q2l zs}*Ro8tej8#HWJP|M%gPFEKwr$kcp&v-PjB@UPkH^zOO=dB6^=qY0r$k(`1ybWN4s z^G4pjuD*lT1dadO;@RE;UA_GK{PrsWx>BU3cQt;TAg0)@NtH6|P?3)nXU+hVEPnzW zG#za(&*qDlVt!7ITXoi-q^Mp2w)RwnSn;MG+m;iJ)3}O{Kb;50Cy6yn+4S`f@;k6a z2&XpYbH0uay0sTpWu}ZK76jndAPzVD>R&1$nuCE-kxu8U3a|-n0iW<|xiM+Qk$1kH z$%nap9*0>9CY+Z9=L;L+fOQ2u?Yg&Le(O z@BHC-(&%eg8sYcwtz8MOYtAZ1ppU@VJ0ut-$kF~%$b#-|>OCg^0n~dPW{MiTJ~?+^I<<5-W65c=cZJfaty0TYC_4H34_9+6wS z2kx~k^p+3-^gliwIFKJibQ~37DAB_4;bP##=62E;66l2x zLWKZYH5y=WY$v;7*&wPh%w(>43q9IG3Dm`Ozn)xH!htuF1G4VGF>xU96YxCZ>%R(E zJAsG+8|rvnU?qn?eYkKl%F)E@F8#i2vzZGy+i%0UmwD+6S^zO9PKa}x(1feKt|EVI zS9(%JG}X#N&?wjr<1m}tz^CLb8(2Cs>}MI>+##a7Z6+QJ2);hZfl7?~EHPGD9y{Skgx1u-5N=!dms^8TNj>2EW0Dz!hscvakw z{pVMKNT+t`IA~ty1kb5qh0D^8j3>=8~Br4DMeJ_c70OBbf=tP-a(+Z`I_ z$G6|p&iEFyHD~zkhLdxAyyhjEo$fv`tnH)vX5xIcchNts%Rtflhq-)=Qle1~JY7=# zI%o1H*`Q2)!+KX6YmXNqVjCyQm3%H5oVv!^$4UPm#v*?tC4L@iAi$srQ%k73X<#o$ z(vfCb8Lf%os+S^`(r(pd5=Yk#NAadFu1HgHf{{)&1AENO`CxgY|7&{r&Ob ztST^(xxGHYtyFD!+&0#jnL6dM1`49+ZMKA{`j5_S0{Ia3x9m@zI9?bpJt41IW#(^( zQCAn?DHab-0RNxOQ~vwB-J-i^aFlE<(0|qN5zrgX+VbqGY9#Vq-`cx@H`r1a6ovDX za=|f_*V&|n5EW(qHbxaQNf)dlGr$GW7omQq;>aYgJtvl=#%z%PV`M(#OM5*EsNH2n@JOt3f;KReIfz4zT0Gwui4UDTpAoBRIqo^8S zKtSjqsJiJ2IaRFE2Y2~#GA~okj!CSYrRZj2w-YP1isp?lHb6ndD<2|uBiH7Per7Gq zv7!?OANislGZ1-Gn6%Zoo2;|%#Cxk@-AH(9Rm9$q7qwxl()vrQl1fh4v2Jm1($Q=G zag{A}o+7kur4ZKg{7vi6c`tn4Y@DLR=B3M$47ry_D`H%UVIPdPP$P8NdSr0>`=SS( zAV8>k0Xl`IOMQ@yvZSe79U*s!H>@rScGfSZaM7c+d+(oP@Ub z!yMZp>by|TKdF{Fq|d^3=BmC+k)3M_o;AJtTN~Y_v30I@wW^M5Jyo(L$X<7a7pTT4 z&INW}MMY`6*C)uQ92?>-od>H%BUNdK-HEJeojoZ!O0`?Y#z9NXVXQFBbT#6nls3l> zp4v7rWWM@=#A57-#u^aZwo2xg{Lpgo<85Qv=JG2Zhka8ectsycfTS|{Hq_C7| z1GIqk>l5-%18=~U%;IsH&!!H;z706+6FGY%l^w}`bvmV=dIRNaa*b~x21#r-SqVZI zz>c0nc8rR^ZH>=BErpyiT)n+q3cr2bbNQ!_F?-$t%%*=TVUL+&{ksaweE}p(dIEVw zj%UEKdd{1Z;w1-N!0cM93^dbBx*wh@1vJfHr7)#Xk6pZfI9vsB^Y%0tw--PawlWQ0 z8yN;F2?3pW(c42}C!nIN%zM9SN00NenYCf54pp`7luE-Ftjiw1m5259QdEAhNKM*S zy9xJxee_No;6^lE*lZZmdEgOuFV3z+lR52Vxk4@d`sb<86H%4_%lRevp-Y(lYbjJH z$eF)|@oi*G#W}2qCdugo?*(~%=Wu%hZ_m=aPwPiX0*n7xg7>Ogdbk-(db@2~RPLzc zJEUu9ojufKm!h+{g8ORZ7g=5WunH9J+t8lz=(FCi7G40gl(FL_ za351^JJ!&ELpSglZZb=cD6zQMCS@Gsl^;i*~sGlPNv(Aiw- zyM`1!&Gm{!(AS(_SkQz=z-+w~5YPJnvSUDf17pu4FTAn@UkEB37*IY?U+FO82oV3> zBd9Dx`7NS1t@U7rZ9VrcBBS&@?_&I0P3O_!r!q;%4l-tGh|^GJZvN`TR-jS>Il z?>v&_I(g!<<%;B=_-Oy$PP@S{cPf2xU?97EA&_>E;)CehP$roO!A>lMYi5; z&@E0en;-#U64Y^%>2`skl#?-68rhn4yOecG?BICGdRhp&7s-?B=iz;m#zI$`$g1~H zO-E>QVcY#H#kqk0<{26nTSIs^Hwk;*TzRR3$I4z-=DIoN9Pw-cGdb+u}S>yJ_z%DKiEe<`rw z!TR}AXh8-^z@}KtF8a`CKBm)K1A#OqX`)0rhON&*sOU^Bgt(`^1q%G2WkQ;5LKfm_ z5KdW<246(!EpRjw33z)w+J6Pwf9~V}0wLq-@t|L}J!A7=h#&3YV2Qhfv(22h&9jxw zmec)AkfT>ZNm|FP2@Rtm-zUwYS74$W;O8T7y!d#Ht8Y!HXAC2w+mbuo61T9qmHZd+ zab)`UvZTh0!H%g2Ez)~PCYTnI)|->_t4FN{WXRkUCPK*8KMwvud5Rk@kQ+{m^G}7I z?5tiR>yXvWh<5erILIM|cE;vCw(7nff@IXano1wz2ZA-0ftRh7CTqec5VQ0iSdxB- zOY(ZoT#QCK+JqUk7*aA_H$f|(b>(bV{y-{lmwn%Ory1>8L!t>eL+RyHmx)};v?}R8 zX{aQTBly>!8P<14;Sm^Syiw+oU4s*-586HSym(U4UXku_M0$tcB8@05)8?|>5R&!y zRY95(Ek5bEbhm0mVaCrOmATc3UT45HA?cBH@0mlq@0C_8`Sqc?7$7G3`BB`K)M30; zQ{RpSaAm%YL`A-QP~C}#;z5FnDsH~ zUY43$PT=Q*rCnQP3CHC@QPUfRC^BkPBKA0Zs_G4}9MhrZ+YTb~+4Gm9o@ZaQ0DuB7 zzu>M;_~9+O^{!!~mw>Gtm>Rh{t)pN#ZE-g)7yo>Wks}151KMPlXeBtdiKed0YO%*% z#J&1)s<#e)x0Nk-vBM|3AHqFqN~^?epU(kj%^pCKs!z^&5LDONa`_Ar*67bTM!);W zxU$FT1_NZvI$3N`Vp!PNytvHedlcA>GaypdV!)9PkW7)Ohm`RXf@p;%NB0(?RTe1VV1miq-Go{1_@SXgABVhqtEbr-t-Q$<*QWzv~r%}o+Q>f?s8A-Toc zpq!v(3snoDP_!G<9{!YP4W`f%g%%eRLC(6_(kt;EpF2Yb}V<6D#8{D8&J&&ru0DI95 z-wSBy&d()Sj_zP{mrs(HjyNLvMzIpc1GyUtmc2vLW>z1e->{eNwW#fxEP79Dn&$Ht zP*O4%l#WiFKdaavZlaiU2yH|a{V0rBkIJKSSpsfyY)?Mf;p1N!zU)HmF7#74$fTQS zN9>C$_A4CTK02h&N7$B~TD_2?KU~mt%Nkibkn7nnBCb%Z%Bo`sldUb_IElnskR%76 zQQ^1hG+NLturg{uEob|7OW6Cn$Rt4sf!Rc*Y*Xlkri3VtaMdb~f{Am)&hbSN){s=} z@_O?neR~b~acAd02SqKo^Pdv>;BHw{k_uDpuoFHrpy;$fUD=08eB#6wmh;-$hYEB zvF~t+XPkY|@y`q(>ptSv>5xzLq^3&p+k_RU^4l!6l4M z_U5Pc<_8MF)S?(CG=v7!M#-Tiewo3pwoTIn1i<<<{xgHjIIzm^+ICCsHgI*Vquo_esLRLcql^Bz&e<8vSK z;6=A{@lAgIf#M#A0tPm+F|)d*KO1B*Us){t#FGv>O`Lxt7->~9rmNn(k#%K79o$FS zWvDc>%=kzKXTlGfruc++Tf3sh$(Vg|v_FSC<299A*f)>3EzBe{PmBjm5p#%kzVxH~ z%fA7tcm9v*LyVrLU@zf-1msY4Cual86`7FGfM+Zxqfvv4DVh=_gmW$P=d++KclMO* z`1Lw}bMuu)%W486$!Agsmx)0R7b9lSul8@2rl+hdSYD(>ZhFq?I3vFXdfBIpbtN0} znu+7?7PG<@ti(56D2GDvn(Sq2M&~%*p&3tfG*9-y{qI`YQ15f=R9zpEV=*?c|Ie8c zs43CC2aPwpd7xDMJ%lmZgX+~{ZipxLPkJ?63G)5-QhHIY*;!o3izB0aesN%ROUuYi zEMS?;%*bW>^vkvE66oPcL}+zC!-F&Px4~G!Hm_gP8egNZ9m|qgEg2?IT)eEjjY`R4 z2q)sYGD-ZlW*w^I(RvdzD92tW;&*XZmW2AX5^?NI6=LX4PSGX81Cn~{XQ!C?kD4iC zdC+JK`nXy3;<@qiTNi&hsf!Kh9S=^%NH3uD7Ubo3G7Ja{Y&?EcuC{xSf)%7+v{kBM zfJ0!JQrj2nb_W*f7dD6Z1JUU>N#iTIWy%KS8=0amVOq6MAp5+v&<5kNshaz}C4cj&v>Qf^=fAHs>GUfgd@M{D>wl43aB<)X|sCmTyJNGodZ6=|;$F6Pm zGgwz}fVnMXw^}z+i{Iwb-ETUy^!6XsOZiK4l?PU|aW^K@jI6|XI*_AKf0Hkt(=ed% z3v>OOo(qU7NSRnPO58Bybj-mgU(rERlT9k4gMQG!P9HJ(Gg#3F`X2bba8|R|rgq80 znZSezXNsoBe!!&~+$;(#4qPaT%|C%OqW}*fBFEQ{A?}eK(Bc2JB`fDrZ?By%vSpx< zU0sKB>;TX|WXhbiU$-6~LudTnZdonl0h@i2pk0m9XbFMR(`d^L(7DF1J^A8xUAd1SJ5X*l| ziD?eAPd%H?bciS>9f^bLSB4cB7hm$s{P?l+XWtKJ?f_w868kgIlKSI2NXc{*KNCUK zOkK{v(Yt|Bsb>qNOFH17|1|j;o_W*7F|7!Iz9q7xS=1x^Yp`DYcsq0LON~ic0%4ACLZl!GByaiB{Zcf5GdaIv^>VN zu*}?{8RJ+MhfTQl!~7r%-RU-a_i>du^-y$oCXEV$>jrRq9|=yLFWQ}a0>_zGOq&*n za@MVhX)IVIm$ha_;v?oZ0|rt zzJSb&yQ5A&L6BK6DvdWbB50ac5K6M;z;N&}FTo8iicwf!J)reu9BazN!{}3q+q~*} zBRioH7HqQ(D2xNY|C7fzqJPl%(sbv+Jq-!Zf+bqt6AMGeT7_N%Iw>UDacSr?-vp^$ z&NT_-+QcynQOU6l-GrVdd`jt>!f~R|BnOhD;`cEl$&_CYXeob1uWt&xG@?ECtQ(w! zGH39t{@&EEY5zqilAEL{qp@XB+;#dn7nwrNJA}au*G~7Ld6nhWmpRQdGPvPz9KHF3 zFedBPq(T-q4T|6nR2F{mBr3GA2Go^Agw~b%c$a|+3{E}n@iw*cUJ3Mf*H}r?(EPd+ zI*A`Th8)AYpY2^2I+;(sy+Yu-=g55Hye|v1+WC4`D98W!#J?~6O|eWpxdj(@{LDuC zCh!477`=eE$F2|FLCm2Vi8s_EbNG=YQ-xfT+RSC)eMg||t zZNKSQajk-oHj;du<9o3;aDMzDM{^n%%wim%N;3WqH{=3 zvJPE(ZzV0|%Mz@5S7>6`#kdke?eUEqs)PG7aOokg`m4e&lj7vN<~C%zjAw{_07h!x0XMJucECgdBP>w#XSeQBB(UpCEW<intjX;MBW-lCu$!oQrQcGanOH z9*x)Ry7YOUA~*~Nc#M~P*4_6|&~*~9<264h z60G8}d@8wkJtQ$vFonpP0+K%t=Dn_sp-%S? zgXHp1|76V*Kj?_#ATR>qjMqD9>KPDLmi+?!!ajXXckQ+i5rcQh2q&H)^*ltv4z=~w z*kXEYZ-WW#<7mp?(7gUsxys#$+Bl8^f8FhhZu_-W+uv`KwyTsLR2`0Az1x0l~E?7_h07XBaZ3SC}E*R4#t>d8=5e4U@@nRemr9T~g z99-G~NwFP@t{Ilm3NIMuaY!7NXhtvd{9DH6@`8! z+-Kan39&vgIA0*6W7m*&iVoM@C@A~C6|y%B5ZNclIhmaaJNDRw!h81Be$AEG?X0y= zX0MMZ{4(QJf5XD|7VKY7VX8UtPZ?rNvlbb0|A1bPy-IHfkP4}B9|j5HlMtuwfO8#h zL~Bc!(92>$KHSpzte)Z~iN3dPF6MHcmh?3NPAX!YoHqXT)^NG364F=X=b2OPJDD+T zg3nI9I}Ns?77-PXj@c8=rMpY_)JbQ5?p3TlJrt}%<;8n?(sir2gb^K8vpjT>1VPW> zT`K%cwQ>>(UvyFlSWgN4Lj9)W_`3=Wi1P8f>;kzziG)^X0C#NV#1iz0vG-sPIjh%> zy)=F-rl#m%`Y0=Hd?#;oQ>5=%19U!H{9j7hncOX_UO?p3B^zP&fPOO>PB`#%EJx$qHo_8^%H(N`|=!FJL_8T>~+F;Pps=HBkbxi^h{d z@uD{e&j})8RgFJ?G>ol+Cq6FP<;%7e$NZZ%VnvFmC;4@DoNE29SmJhvV7b~&FMEH z=gPzVbAa#6ArOBZf%w8BsSxo!NJ6~i{dOvU)IAj;K`cleeH$OeCpbMlkCij2a0Azi z{Lht%v0)H;Su<~2---yJ6R=5W2r#Z60+sOd+5Y$O&+?Z$Z-oVR_-hA<8CwXm8}pFe zDn2Uk%U3NAZV8irHmQbqyUPF*C*)Ts4aM(BQzkuy-Qr1@9=LaKd{WLPnkr+WKEZ+n z3Fzmdzfmr+JptDw0k43j5{n<0C1dYJIl%tWkp<;PL+*tEg4Cnrg`hmcg=yO3i)S{G zF;LWVEME6B)AmAHO#AVp0LTp`8opjOsQ(A_KnuSwU?R3FoXO56hVR0(Vl=lcEVD{Q-g zr@IobieZCEq9I^ZTKp*%4N|K2jDQJ=B61Hd(G12J4pc?f%=R?P5<1%7r)YME(g8_t z_IG-BYHKL^=#JhQsnmIy^LmX~^BS4;2lxA4f+WAAO%j9#o)1xAV{ z5t3ZL0@NK9m-X0}J(wf~0Xg^bg{61@2H+50PSehJ>by8>@soxQyRSMR`& zufX}+%d4~3uV1|cFVEkvSrJphEDX)5Dov*`? z|7$6H|6iF`WSk5j3LxXruA?0B+ZN7MK_2o?5D68fnsYEr;1nilVecMiQyiPdBa%rP zR1y@q)NB`Eeu;LcZ_wnG+oj=p%WKGQN=B;|IVo&I2l`7q0m`aR_QFjYFZ0O+f3a@z z%q~o?lsge}+I%gW8Wb(<$PO(NizoChxOzx9#Of1nclMjIu>t*Ny6PvW7Ca{HD~EZu z=$}jQOw$3izX-- z6+ms16l|k^78BHeAtFqjU-WmtHku{bgMPWQBia-CFdbCh+zp4jakhUyM|-Q%{`~*U zr)?fCph^ETJU(^(e>eGm*HrlVFB5|cYZ(N@r|N?{}tc3x6rVFiuGEz_RIlVm{-4k8J-PZWAeM@k)EVnvfaTU+RR&V0weH3;nM6 zZ632}mRxlfTUBS1&GfZGAwC`>A5;^4Ljwqi~EwxEA7iulJW)$~8Y*ZcgK-~ViITPvXd!-Ho>rTkBu z_|NMprv67ef*JE&N!*P(f~2P;iX??gVH}=C$rQfLXW+zC#C(SulyAGV+W!Ge;I*_v zn1cW`@qdShrTu@px&K>Fk^Enlr}~mVB}t08d$QI&aK`T?L|g%rDcw&E=VvaMkbg%} zHYge_R6Ihv)Q3qz_wNq+B|U4e3xwK9u`7uB!u5@ z;Wf;H>HgipHOim|&ab^C{!pbA{g*nF73KdtI4b%7JUc!-+R*=X6qEmx+FLq>DGC7$ zQbK9-?pNAlwsn=&246Qd*LzZZI1nshd!1dOx*rHbW zmc{vNqs6Ext?0j42CKUNJuch-KRZ0x-2bkna9Z{1OQQV!tt9utBEO16nZ(6&VY{vT z6O5uzT+~H)hNY!DH%{EXe&F-?^6e$7i{l$W6BO(Wdgl`$iMnV+du|Fl zLJ_*BaI(#%<0j<5OK9ttMRDUk&(biWHK>O48jw{g-`A`WeICf`P-_*oUW5gV8f~Hx zJNLBJJ{z<3w#`Z|gISJ=>EyePTen@Dj*n);RP7yOQ8F^6d=elP3sbIgQH%3UO^Z{q zpB6|4O3eiz{w^5C6eST15a|DxKInh$w_0uHkY1t;r85SS8)Z}MW|D%?&|;*(l=>Tn zQQZMe>zj<|P~3YH?ooeGl{3S%fv`Cu3V2&iaO zyIUD#6Hh>~+5x73qH3#2}kjqP@;vq>F7QQE8pmWm{5#eTKF_H65o^5)wt4g9}2 z;805UKcn~#rzGY|(r%(a1OInAuuCn4;iT){8JzF*kQCYH5BV zR0Th!WM-s;UllAOSbQC9p-6#&=` zvT}nz^XTqv*#p}(9nsP;<5URL#_FaioF8}KL@A~ym{Wi>t;ZU9TW%PL= zFt&kIzd2h`F#*1>DoXVt@vt=+&d26~jWfatcs< z=XY9ZTz?8M(`L4A4!-tDv?*VswCDfu4BpJ=1k_~zb$ay7wf{Ie*zkXADas}wvhnE_VPwv@HW;IiZhZv^g%y^H+|4g@+i6>5e_up#i1L4zTtUM zd4~HB3&$SeL{|h_$1^2)DoSU3eTLoE|>q}#OgF9th%9mYXtk3C0QF(4+ z!Q1kX3T3R{XU$2-g=sz4knh>H{k)mNz+X6VnV%W8tmn$a-lQl3q$#19^4(H@8?C5E zoUWM0`sJ3yEz9q}7cvuXAr^NK<%{qQ54b5ssi*(NRRrDtoM(7GBd`Yge|Rt)mhAsG z@&DFSZ2E6pJt^PfN{VmT%&NMA)_c8@wRd^7W405gVPQ{BH)O&uYs4hpQude>6{~ies`o8`;PuRhBDL(_E z5yRn?$5ws4T7(%ZA|c@qw9~psNchOshV41-YsvC!>4YkIac5x6Vx&4Ou)q+W%m4sB zT(z-d=lBz$0}2y)pW&r zF#b%^CfnS^sl7Ebafp;U@pfT8hoWWND7}Cr}2PVN;GL znA@Xb3g8{Y5x>^MF~DD56mP3i8@v^$g$F(@kNBPe`YsV1opJkSYj_pU zZI26V>*zdgQ+z;wK@ZBBlU!ygj&F9Vtj!8G(ZDLtgQM;^h51=KOg;(>K9MNkc5Cw^ zs-$hNmpc-v2!-*?%2x_`mfOPMZJ#;Jut`U`(_kM%A>asBEx*+axW#yLbj{)%a^x zo$8l2Np7)_T*ILoXG|Y&pNcH@R=%UW0La<>irDONcvz^nW34kQesFe zKrP3>tE^d4Ar$)j6#X+tG?OvxIOqq%nFZ&`@D27lwk>D=>-WDnHx^L+^3ufr9UPV7 z{~mAjzw0T&&w`!%+{6k3e(sYAxJ3`bt4Q)}jOl~i79EoqrVrK8fqlG2J-0I9ejVHH zox9{rcFJ!GM#bPpW|&eO->}E5eLfJ!08X9w>T?qW^iQ`R6_acLc7R}ty?u$Ct!GKX zHm3DvPdPDM9Mtf|w{E%y;F#9;On>mkPs5bh`7f>CTE%DSH4?A?+ zXC@)`zf)%ilg@X+6L>e{w$pCqq8)vum!&!4A4rBZ)DDrnx4T(kEK>Hu)83Yi6(v7t zTFu8g_VbKEcLB4hc){Azk4&2q{)Xn)#dGR;#bjz{l3aL zrO9MPJMi&^$Zcg9U_3ghnwDyvRP}yySFB;*vMg3*w7b{sg8E-4+*`XnJNCFR?Ci^%YUwZ;GM6J5N41{=OL$;CwC-z$=VqG zH<3x%s?2d>JTSr4i$p)t4Qq6l#vnIKD%F>NmgxQ|B{Td#L^J&YCU1b*>YywwymWs? z84pZ+Cn0Wkr>?+;QRLg*OF0@OM1J>-S|T%O?UdmlK_3GW9fG{iffRitTeN8v_z@4f zBFV!#v`5<4=Bd7=(vtsYRF=_*Uj!|~B<>&wH1PjN&rV(Y@5AHa#{Xk2g_9RKt4Is} zY`R7MZm#vA2@3E82aLm-!J5QSazCpxnHI~XZ=Yc>ipV_*KeIkW+yim$&El*N`jnl7 z{Se*tL0_iD=-Y>&V1WkunQoYM{W)PR(j>y!Yu@U9zrO1BJh1Hc&)r7wX%)ZlM(5osUX;5!t9gpdfJ!3`Mi&*E%9gYoS? zB{RgTjsd3f%lj!x5u~ElnDJvp{V`Y4VF?BL0%u8t=zxdJaEG82ZRnq1n_JuK0S|Ws z?svd;l!0ya_%{%tcn2KWO{wO%_Q*hs+nq{UQqf;|W*u04pd6NKw*jXGNCyn0EWG|K zBK3W~BasKRPMztn`eguk{QfDV9>mz2V@}i?UDrF^>b=jCC>vbG540cy%`8Qd{Mp&` z$l3D6cGH?!dpAE}J$+W;n7r(UyFiLhTsgvzHU)&OvXu`#jkU%rs1gC{D5C1Pg6Y#U z!y_clKR5jI#b-yk=cu9Bmt1Vdct>Xq(^fwP-p0$*u{P8zsiTDTX7z&V*N^ZjXsae` z(CTadHY{I56z6|S{tthVm{>*rhm&LX{(pFKvWfq`mSWo`6?`ARXTo3f2DpY4g@D9B z>K5vamD*_y9DP(G2x^drl(X5l^Fak>VLlA4XvO zt8PxZdccxIm;m5hIldYiU5IB#%O_(TI@^b`F{RT#R zix!|88F~LKiv7@ArBlDX-wG2|KBp>Mb64z-LmXsdfnD$)|M!23$N%wv{ukJO7mJX5 zfW*;XJOB==D;YXA-vYFI*-2!U%9k$cY`Q2ohU zh00yfW(Ldw3_kLopT7A43~-Dy45ODQf)AG{AaO`LlTq&gd<{2_VvYeMD8(dHJrpyr z@Br+F+fBec1CVoUjbJGQa2j6O5}H69h;Fs@dKPiJ!>$+BkT^vh)S0!&juWUgQ2i#GuO6$YA=`(IN?v- zSy0d2!HvLyv}?s*6Ntke08DPp@}x5eCte5+DR^nki9?MyLC9MvOc@qrosEFFb zo8eK%IfJc!W=SN1aq65SWQKG`x4sjwXYNJ}MtcMpKiuoFv0594wXV6?5nxOwL$l2m zjzAU|k406@AN2rmn3$0^i`A_gi`iYy^%GgOnyS`Q^@^%m*rlcYH31S!(pu&n!8xgb z=CBf)(_syMiUnWjMP%+nLjoi*NJvPH*r~nV850RbQZ+$8rFAh(x!pyC#oZc{9G!1> z!F8U20LI`N0U`|lLlm>xoHZrkz9Z)hgmwl~K*=t6AUXef3hxkrfa3TjVxQqSW3sBe zw_{C7kod(PXWhB#_`~^bk3m2)97UoPo;sL^oZ{jxQQipI6wPYj+GQs}04d@yNlnpw zN+Cl9Wb1%z4bX3f_GdxmkJ0xWY9K>*Q=|16`Kv8hEMDR2@2xSc1uP$HQ1Au68BD=% zfYG*pkyzdbV40u`-J$e>+pvkn9`I-v4LB}B=t+0*W{|Z+(go!AZQF0?-3PL8kFRd| z@q#=ElDq=sxfaGcKo%bJ-v-Fa@xSV$N4PK)$Q4WDF=M%6X*@=d-~Mv`^8D=ci?fSM z??(WPBTTz4471g3?tiDa4zBa!NBz$i9~i|>Af+hWX#_bTp$wPPG|u_fvTD4nTW1{7 zTv#qZmacEo1mHD}Z>bIP_?nOi!Pu)`tOB{d(M3U?5}Lgg;rDzW%?EOQql6qH}^=-{_(s zXCy*tbO`?-y73q6a72{?sm_JYJ2`XaMO!{{D9 zP>{h}9!VxZA&LXEQw1{2Gs11HZG*8Za*N`*iClf7i(*+Mk>!*4a|#1=VX4&l{bjX| zwQ^z9HrfH?-hchidwbyO-OG0)a6U^?!ee@CNtlAYz2~+r*3{x%{e1*JT)pte3ap1+0*jzIuc=dq<6VI$BKv6NihOvd@1$-Fapv_ z&D~EprI~nB1e^uR!bRzxl#hHIl8kDn2APAff7q9BNE$Q(A3ybgxy9uZcL$9?pX)hm zR%tP&+J!L!M?JkNcin9kG_vS_;wPcNyvE^2(n_A2WX|;MNi$GGj;?!Z#4s-Je z3hvsj#a#t>gVG)6>cF$2>d=nh4K6;MzpMgpo`Z(B=Mf3hJdSaE10V${A=yq#@IJgb zyZnnEyt%lI%J$}(T*eWd(YGXiPe|s1HxFmgx^w{V11+z@IVX1&;QgGEJb9ep$=E_{ za(}`Rq7O7fvqv+z+^hE@#dkPDH|P~R%v5~P#{gcUAahLt9|w381p%2Q7b%%w>+)bu zvb<982AMWro0IOX7Q94b@o|7>=CH9pe-x8zrPzUCXn{9})W1sb!jvSB0lb7XniMaS zq4Md38^9Y(yl0sS-d8)+4DeoXKZ>&Y@N4c|1|H3mBtqO*B=X?#E3dr)eV{>B?cA_> z@Y*R}JUSO=G@~8>TVT&{F9fOv7bDaTu)>2;{?Q9VM$aSVi=zX28aYgbhJ(ohBXDy1 zC;p4G-XqW-4!LH7>n$|%JmOIVi^q&Ir+ zDfZqAWsAhKP(&H@QdNdwD77=JFd{nA3Z6Z1_WHG&g$oi^;d+#XnNve z$g|-`;2lTz8%%k!KWU5S>^!PLm#d!tw)8;fGkAk&t!m@93cspudW$**MJwN@M(u;O z^+m#RXJc2}rC06ibGMmtCuWxLdiR6+PTm*Icsj}8O)--BJGm;F@pNLO8(*Z8i#&>e zYG*-3v&hQMb+!sUQZ1Un8~ImaBu_t|yd~L%h)ge5`ro8lQR)w2;i<*jrXc4b)Uzo9 z6T(Oh`xTJ*4#k|x6tLWr^cJP(3qy3pEuJuqf5-rgAF?Uyk%v-aK*dsP$?zn?s)6ls z3}=XUJl@#_IQxNuf8;a+&;WGMJ7>>fL({zZCGI_UjGQWZFC7kqq=VsZyF^l5vVWeFYabLZeeDj#1Ho~CktM#4Nobbkh8 zc!SdYDT-!$LSwtXRbYP)#{x!7;vG5vh8LaXZ#wGr_P|Gm{)oWv)3*Ana7^A|74)g~ zX zflw;>HK6jhs+C^D;L|qySAQo>H9l>tzpOV#PykuOcw*I5F#&W)09n8ETzwUj4AD>9 z{6GFoOy*nmdn8?gg$j`Z7^H+!ekQV29+qa=I#fj1h4Fv<-~T-ZGX#~h(hscaXmp%1~9*o7*`pVj|YNr zi9=SCUw2-M6vHq;A-H}pKvFA}`$LS&&5eN^0fP=kg7w+YlbaNV!ZBj7lAsBu|G&A& zm)S>C{LkStC;sQb(X-P{{=c=9ts*W-hl{VuOD?YyzG4_#-gC9T<7#)G>n;IA?HfM1z?J<7gQv)OoK3y7;Ka(h= z1rUOf!p>CHL!u(e%eHIv#$_j6F3_>MB7`FaBn2-q6@Oa@Y5|EE+n{=ODt!JmP7F>( zHYjiJ%tg@vi5a9|DUg^A+Tb)m62c62SSR8^-HPQ6N-F{zDaya^EJ+YdDZt{`*9V`j ztz=Xga*Bt{N1|>iNYYFONdnuch)Bf8wa252$Un_`JJsH4y56WK)F1|)gmf-fvZ0?a z{n$!QXf55)Jl<^cH>L9EJ8kp;AlVe9d+ml*YUMYr_?YEUhCzg5q#tp0hvCR2NRNlc`i!%cxdNq&knKPJU2mEU?LHL9~Z&ICCc2PLki4>n}DEMh+|_-xIkEfg&&CfDPjx&8@iZWAQ~kpSEIB5 zBFi4Eg}D?USfd39%{*cgl^N8Gpqj1pMfa>^D0g~$;4O*wJRj{j5k6~~QUf%_mA)Y< z5(zdL4?otG#>%vILh?8i6j&%m*-;JS@YA;ZLn-E9dP6^LvwzhS!$|nkw(&!~kMINq z4?%=JZR$rugGx!4c>8>z1V7iOCRD*hn9JAHXh$LkaNM6>Gjn5MEBy0w`0Sz&3^7G zefchsy7C=%t~>{qd6JMc6L%1T%%)`KzdYh(1bOl=A_y@$k#bfh*M7&_pPd_N)z8_tORYqp_gcx0tp+tV*L$MGXB z{`0@kFf5~wru;vr$4Acje{y`dIseyEME(aDhhKvQ_zDbwak_tnvt24)Il>n{5M?{v zj_#G7b`qlR=)l_oXKeMec`}~Lak>Yde0<=4d{}N)%!#LA^~dUuPCxw@I@e|O(Ln#7 zogN*!^55xjbN{=RvISnncV9>RYo^teR)&s|;nJnUZecdsnjtP}KAa&cJjD|af!1(AZi6~zECwIbUyUnr-Xz$DVW_>7@+jgc z<^}|e0`EA6mi(;^s&GfCSv!lZRjYZuaOcCS*;aX>E@iEXE;=vNdQg39Y4NoxLG8Lw z>p?9o)MjIj<*rp{0&Gwx7)4gGGI(`rz~A3XcB3+f^ZfVV30ZqHFFK!pkZ z1*Npa2bDps#i|2pRjX}5?LB7$@bQ_j zoasFW*C@M3C>9paa=96fOq5A7`_fuuUzwNi`%X_*T7a1p4JJ4aDS+|Ap!Xb%%?&jc z_rA_~z(CEWVC?R;G4~+iUkvtHlh6EpnMXWpS zL^{DJWN6?}dioYwIr+6N!=eO5Ui#w+cXYdlBIsT~V$T0ViNXSdAV?7hljIr2Arj{P zn2Ma9t5hbiMezM75>R|+s|#Me{pIu9vp25}M*PoT&R&0b<*jh&aRlI`Liqu>9~{{o z0hgzAUjwiOxc8>oabhuvOs+pD((bqu{7`B{#KyF1l`3%$gQCtYdhib6*oD#Dg=P3f z*P>2Mzp{ecDd3kF_Wm)$OSr(DxBw`UTLw%Y7b7r384O_t2VVFJvN{5H2Wz}Bsnq{S z3%zCZ(V+i1X75V+|KpARXB~y>e*l~8$EO5ZpFyJ2Z(Hrp`iv9(Y9BUj%{X)d9aY+H z`}94$hxrsf28>cFX)lv@Gp4L>y)%sS2&48z%_>Au2gW%>JIhXgC4wD?QF9wDb!DBM zTxwcxi$}AS&PuYzxpp)(%Yd<~%4wN%T~avpp0k!j02`0wfvN0rSBJ&mQV$d4G#x>4 zMwRQZD|7UodxX6;h+sK0**!&U;-!b-J8%|xF z)(m;YNEEl-$ZWgjtyPz+MlX_8X&{9Yc3F@#XAwyVD{YY1kdqxM6vLX$QmWnv>T zhQQ;u$zg~J<&kWk$#||Ak#!iG!~gnx`RZ!N9)g*gYS}~JZSy&)7y_?QKLS=|06tv4 zdjI+Sy}Mq2Y^HV^zV} zUp2ZF@V{NzUgaPEF4*a&R%|g_xAPQKEHqWj`e>qmPWNa{oB}|u3-#F z3dUw42t(b=T4sA}*V zgZPRF-S$LPXHcjunUD}{zrsS1Zfsxq+Q^70%#-JVN|J(?@6UgE^`23Lvmei2pI@E7 zx*WA6G|R)HiZjl^gOuW%SSU}e)>bLkYS_LX!B!2)mTVba>z~a~iUYX+7TtgT8%b|% zk+YO3wkVFse{H2hz^YNP0Ceo@&o0|kjnQgoS-WOXA@9n>Oip%D<8U1l)NzS$9coDy>T$;f*ufGg~1 zI*-7)QDW_jh-Ta93kr6@G|Lk4FWmv#AE@whhceVB<96A*ZMwt1qB|`|pq%ps7_Ni9 ziqg+O;O*{!>VWyq2TVuZ}r?2W+aH7mV7Bz@LVH8agl7CLV!^1TbQMx}R~6i+%Q= z`(3f{%1|3gH2yFmv0whv!Jn7XN4@-aaC~y~%$5I+h8y{BEoBQ_@VS08!k=6G!k{R& zNLal02!?G+-5qintgk0vmLIhC`PmaU5_723^jTzd~7XSsA;>vQi@=R8`1P_V5u0(QqW{z ziN_6hGyZ#k`4+IG#4v48=FE6<9tq+EeojYQ@J03-#WNDCmO&m|zL z3QMN`$N{E8h!(}fMDc-q=T!;Rl`)eNT4Twi-c=f^U62LIF1SgPpo6li3QMMr$^pg` zQBtD7QClsJC8ZwfgryZJ!F*UU^15EuH=fP5inygKk_l)bNZfjgyRal}- z`r|o+Ve}G3@Zk~#Bo3)($2DTf_s%vJoWLl$hQY0r+US6Ta)oDzEz^b zE8!SW`DfQsi=_mmn1q*B(@VpWV~yAaQ8rxCV$t4lR*ePl(*jGGfYCzJ60tNdk{qyn zSaPZ?il$mDO(2f)6kSbIM5iPQmy4x&kyL`}_wqGBsm@|}s>Kq`g8)(b$gos`%7dj+ z9Ro|-S`=msp^{~0In4l!?jd)Z2M0SgmR5LKB2!|0KQ|>}K=xgM!nu2cP}MfDt~hAh zI}Uk^F-0)SrvK`Ak#QhzGF<04{_;@1be-R*f!3mU&czWpaG?eE$>6PFQ$=qTmn3*A zxjUj%Nvl4(Pf-@MzJ&U2&?V_ccVx|VCsafj%?|1)#EF5X9z{paxH z)VcpV9UgAt|F5NNf%j^zAIBBoB2J*ZG~eQNyt}Ktj$4t>=K>#dc=ZPM;n#NYtPUO_ zi`U`Aa*)*QYVo@67Rv%~kfML)h-P#y0R7G|x=973b1x#_R>J59a1bQ9Xsmtsjau+{ zgC2(8dhZ3Y0>BxXk@TShfDQ1;_DY%(w}L-tNzq`0XE>uZYp~X}(hsC;({QS^E(rO{ znnmaXP))FBifaI@1J9UYAAr>pTmhiOcP9XA;WK8~3t;60E3Z=+Or<6>o5BoWkwMvr zzQP^pbiZTiZ|3ntE272SpbVraiC}<25nH?PWK%7VOG6s-7;b85a&NV#Pg8k-Jbk(g zu2BGUig=48&j8ML!EJtx(imlk>p4Z*>#-R77(l9^mu(KfU#B>j@|%hX!H|if+!!V!6xd+@d3b!}#{YSC zc(AemTua#kmvXLwob1OT20G<8D-^g<{3f8Sg+~n<%pIz)d{UOKONsddg$Xuma zC&z?Cd+KJy2_?NDNX zQME^mDy!NfM%1EJ;GzS$P*4=eDANm7XJKska1p=+UgHR7*wGL#=}c{h3k!-0Tv&Bh zj*9^dLkkyH>XdnK(H#>U2Cw3}RBIu8G~yymi=Yb2z{MP>;2<>Pf>&Dv89rQ46a-|J zT%=@zt$+#3*(2?+;Q-;+b~}|8+$GJpFwFEzsZzS*Vje^Y2z-ilUp-G)$oF}i;Te*m z-!6EqJc)O~hnUAYjFoM911=K1K5SeRS*p24Sa%@oYIhdkwJHE8^I8=ZJ?JRlR93$l z-koAywAc4Lz%O6xUx^)l3vfOGu%Hk;UZw#d60!TnFbqWqK1M#qfW+0XJ$?H2-PO~l z9L5<+Z&28K?!d@{_orkg5YUm%eS~4S&%pRJ9)KV7A}S^^0)@_28a&>evhPQo?u^XV zeVe?N$IwZOu_JJD`ls?MF4cM7d8Hgr`&A-yv z$*k1&#BmViAp+wUXBVHxQdK$V{X|lL#5&#;@7}(;`h52C&G}oM;^`WJaq)EUhq>wS z>;E&9&T!0E;u0*tn)3e~9v`^&Uq?q9`>(Z>EpS!L_2W?ex3vIUEY{yLt-9vaiE|i? ztyacETPvATj3uMdMsdJ_VlYFL!W$&B+%J*^$bdpNDjfFw<|KY7NQ48ANz;N*h*o`e zODklt3`o8s_R1KQea;)}Xax2{bY~tbdl9+u*5)%a0*q_gm>jIWnCCy9u?fhd=#mHh zUsm|1#{54g$A@nGr-OsT&H2BMvIWlBtOGXfK+JpR5KWr&`m=Q}IZ$uc=t%B~UU#G~ zey(%yoQ>2Hdrn?t>x63#@yb1z`BWx3Pp83qh7_8VsL%##%2IZ5mm|=k?R3eS$tKT6ADNQUWz~`v;v)-0F2-@iu_j3&J;IA z&NR{>%0?OIQUzXX0AU=HjGxAIc>tP?Rzlelzz}Az;~I1#*m^bzZ&YTUu0&x600$|$ z!8CKtvReY^39+l&s{^tNfH_5}O!&DJ0CjuI0x*G;-jg(37J$0FWdVq05J#GDEDoS( zuVE3k1Tcf?4azQ2go5lWikdRRSH_L9(!+~9FJ`KL_ArWs#k(|Op94UWdhQY%k2)t+ zuFS&21N8VnExy&M>cd8 ztqzLG1iC&tRG}az&PA0T);IzeZ3^(?s*tPI*)RhC%;CcT6a7XJuL;be$EW`F#5sUsf*L^%RDyGCNF2SjqXy|!qr9)&sl*~4dj^qHA< zi;+3Cb76tl_l(r3$zE7B<;b0CoGKU9>>X5qzh~=Z4ys-pegg^&Q~r-hw!EOvMrqdn zA3O5@(ZR_^|G$>91^CrlN#<|uhOMpV7ch`_Mf%Q8)r%OV^WOQ=H^$yl@qUSrydlxd ziS)r^qR-oRSFbJyS)C2L8ok(hQy$QzgR8g&NG5%SMgQu-BK^xYI*q@c!{M+gzD6#0gWrh7)isbK8-d^Wd9VfkilTrp z4vv7!7iX_U9{Q^(jBmjM5q`forWuSP#wq<*b`-r}OwWKZINT9oEqTvL@)-J(j2KKi(7pUcc!tW2KJjo3uC4khib2%Z{P&|wu^cGCn%+u zW+)EO{`*&FFWvu+!@9~AxF}|QPR)NC8e4TauxM`o75U}OcgfI- z+h}tSF$X`hBELKlRIykhOT%#El}B}|epPD1;kqG9HTa$jkq!{sxEOrABT+s>6*nfG zTCUe@FNh0q17o70=?($(H#!ZPD@L22 zs6}yMK)3)(>TyBy>p54&x^ST&TzpkD;X)aY&xwn=%bx{lr^1DXa0$q0pq!O43OBxU3*-Ru1;O+;I$xUt;8KxLP9=Tb7c@Y z_I40=z{TKWLc-Qu*gA2+UqZKQ7n^Z5CreSIs5j!Z_&Xz=anPMUxeALcA=-JSbTjE=sJ(oczVu%i&bT zj}d|Xua~hZmWYcID>CPqI`(roHG9NjF&05aM;nkbWj1X<*oh_{zY+9`xJUSMtVE=@ zY6Dn?9gGJs3u&y5V#o%@wTZ$mRa^zl(mcrW6b(8Vl2pT27?M;0sj6sTd(ZuIMc8`C zDVpSwa8`aGIk<ROT|z!PS&d#QAfvK4vo#gYhkTpkvL=KYeOI_Vg*k zlwsh>>h1y@Pe?iwB%6&|+K$j&KoMfBEnig%Ik!0G#&{-C;;~1yLgCZ4{&O%3d5BTI z#9rd`)3*9cy-})(Pg+T#-Y8YYr)~9@dL#4{pSH#S>Z#CTeA=eUP=kV*d3Yg`(<$WN|iNa!% z3JS|Pc;k(R$sL`Tvks&4o7Bu6_7Y;GjF>&_X<$a+*WV3CArn1Les>>=WNX4)sZE=_ zW>d>cKygmlKIitxuHtE7BztjGjG_2+vB~h@by1{#?c1UoQU+kzr2x<*-3(&wc;jI9ARG8r!lXk}957J%CEY<|J$ z-jTA%1dL6|k1eH-=Jl&(!}n=hTVm}Ds$~-|%Q%C{-W`eRImd$hvu6ceGTv}Bi$)x3 zV6xiAei_Lf!JqTlQJmqP@PxQU4+nyqsEhaCaj|Tql z;Plxu*Z%Kx6aRlbWedFIGu?stTV8yg_N?6U0`fGRB}#4No+I-dBX(P@y5)FXB-oA7 zt!S&)dk)58H;;96$0S8r_5fzNNKgc*ywgSQAk!#ODA*nenWKEeDDg0`2&S@sju13$i9x!XU^sb{1}noR_@rPoPt&K-%zp&NN-t-QuFoGDpI-ynb% z2gMA9IPc=3<%L1ELMBD$+i!TXuU*jZ?>rVUMgiAMOl|!)AKeIu5%EV1=_7FX^Cpd% zQ>y5{aecOMAC2_?*v)hGE6ReKgYl!&3hLgOd&azm~EE)J$*ae-ZGDB6&BrApN)7 z`a{!y{H2-l>!k=}$RLS3_GS+z$%g7Ly;RYEy2KE`jrJd<`2Q!ThtD?je;s8@I&yA| zKfYn(4;j1f`?36x1KOB_sQ;uafs$a-xSiqT8NN zTUX+T25yk;t+v=*JP`!%ZT?V43gE#<_HTn@{i2B>IIIiCBk}=U8G~r~i6UB0Zau)t z5waQJ`Xx~Se2Fq@Er_Zv<^wp0a+;y^uQ)`j0$6qd?pYt(FT}6+BtpBu`0*o-nM|?M z1hAWuqX1#KsX4kYhzfw+6dg+i*iF^Z5o$lcQFMvYI~<_1ARu|H$j>sf5P6-xkcMMwrR*51!w)d^LE9{zwaZfAKv~XM;Dxgu!)YENA5AX<+(d^x0FQa=W9=7i z!8hlU;7tx-f~9TWask%uj)hFDAa6I4HUJMk@;nWnx~Klof4z#0d@d%)ol6bCDWW7# z1GH=m>voroVcqc3F>HXmObp+l^tw!k7soJfcP{L<0a#-fG;2y)V_1SbSMk%~oNF6O zlx<-;JXS3WT-HO+jRTTa%5b4(ggrMS}(? zt8*18DaL`&i6_HWQbPn5R;4=h%7w~!Tf|_g4!N?^+XHV&yyy97@5%cg&t5b{Y*AHe z0+29hM?C=a7HOXm*pSp7bGoDQRx+UFM_Qp^)?Absbz)B>N)SbJ0ZxskluH2c)6M?s zMyky_w89et!7LD#Y>L7dDsmk2q)dD45B*g+)lo(B3IV(cnBct|_N&Ow)VNHXZC3y$ zU+hV-rMMSZ))XWpq+O8B2-Z^2I(sMvQ-i}l&c%bN|EB?r&N99@aF)dN{0P&hQ#RHGE+tSKc0oxjv! zIE=}|F~DDpj;RK!_Z*xla24;*rx%4nS~%oE0fh)66D(82U42JjoJDjHq}iB<3FNKP74;6Ox=`y0u* z53>kc>1=JNuw6unn~*3X_k8FvP7;(Y46gvjH6+;*skrzwn~}<$Sf2Yuuuj?6yrw4_ z&d!SDxanrz8jW-^MdHxk}{M)vu$eby~omWqcIm8_>*fTY5z zrM|67>leB59n%)wM+3Ia$fDl}x-}lnk^7?zT8UB%=HCuLToq5SW-3M5Do-icR%4QJ zTvfE?DN6aKyGK#93lfwTK94*|JU&*{=<5TlK<4S13m8x zBm=aCLZfK;(5}5=rvbCCx%2t~B^KK0b;>rpdKUu=G9@;Y_HLV*vTxUnVu}w%bl6o512*sQI@k`@3~NegR<|TelB_u_<0h|eSQTE7y4zi_O%gFA9D|=foP&fU zdBkPdNlIqm4GzNy-NO`t6v=p3bf<1uIDxZTjJR5ZIfms?12uKqsx%C%E@$D2W{VF? zWF8EIX|f9_TY|yPQimnlJimCsLtEylk$2DDTT-tRJ%~gT;=2OIomP}kesz8U?EYlK zIGcJJUfQq*AI~p57B$P6tzu}M2h(*}?@6AO4Bl37Zb|4<(cPMcH3$*SaIDthYG=#r ztNZvm4eJJG=pH_3uvR%N)z^Ge)-gYj?~F8)%q%DWPrZr8ZegR5kkB>E@Ictg2%}A! zpNi2t%E30O-O?heQSjm~dr#gAb*@nJ;y6TK#$X$N*|XHV!zQI}sn<~tfIXX27^(Yf zwtAH6Md;M@#kRTDN8sZp>#;+Jiwaxij4l3TE`@$*&(;tvUnNtL|9`&tuxuZ&M*sf< z_x|_j_~c|G|F5Gc`TysO5AzEAD~$;`zs$bUNRgJ<{qx0#j`&i%OIN?|ma?@8S(mi2 zhQ!hcnUYNY%Jt{AS3@;IY9Omk;yMq`uBJ#+PoAoccT|snR^XNMsy2iP@-i}4ZVJ>| z_$6M(qTl63=wiAfW9LG2=47;irD9u8!-pibf;BVyk)g>oG z<~H3il0+2Q3rj1k8{=Xx&N9!kZ)P97RH>^I68<2s=Wb92V3MFXM1lw6mSSLhd@OIa z4~EaUYyY?$&YDNlW_+OH70EqF3CSWvsgofY1_67h#@K?B`uXC+xPk5Y`Qn3MbZ(Md zaTZ(PJpP9mCD(skzBqgR3Vb-H0y5iYO@aPFzx(CZo^!pm zxo7%{#p3^#81u<2jr`xxjsJIaG~C?(tfg#$%l7e~<}>zd#qf2D{oTQ`uN`A2&ex^@ zHJ#1)yb4^|jcdYJKrr}d#AEr?06~M%m+NgWJNNqAS3$58tHB!g`2z2i5G-UO*u_S$ z5`u;70lOFkRzhIv|B_6C zTpOTeSC#WoF%X>m1ZOyUxF8V@8W-MN1Fs{NnC-7o1<*opv$! zs2K=FlwuN}O}L!Xw6+#qTCz6)Rd?GjB8=kf{9+fpC2>2GfmQ<%SBrx{Hb2Pl43Rv$ zL;;CID)?+1S1zrlfym~#Jfeo+8QpO2Pp8MjVR=|J15x)D=NE03ZKZ*SYu(WlK+38r zN7@aPrI&U{8hk8%RBXXYy9(E+qA9wIRrSieWLkvsFH~9v)|KcJL3LHQt$70K%5Oz5 zT`?u{oW)7|I15RB9br0sOS1O}h7V_9m?BCMEr((_zZijoXNQA>)4}0zaCmgo_Ivvn z8v)}OGv8y=QJ;}l>F}f1SMl~>I5-?K7>0wRV;LF1B03{Y3w&<{Nm9)z%2eq4Z4xyC zoOJlE4S>2~6R03*;nmN6IM)c}>F`g9uOsIILVrxsYy|!^G+HAW2}m>o(=1Dz<}PII zKMlWO8P+HNy(J-HgIkmT|LO3s?EgPJ-N=9IC|f|y_D1}31h9?xw-Ns~;@?L6+lYUU zK>X{lN0uSotxiO1vqzRFfwdUORmx^IXrRK2?h!qnOmqhlNr&YjvkP9607jKtrDh;p zQW$*HGQy`pEO{FLK-@jjjcT#BxujqRLquN^LQ$xqH^d~YaG-hwf-M7%%Q~&)T5*}F zSw*k}IredhqTbCgQXJ6tC9SF#YL|?_(eT@rVmD>p;*nK}523%c4{O@KL=quV*(BJ&B!$2%v7Em+HXU5pJtRTR|;>G0Nx}&ob1`zLXtvXHQy6sb+UueB0Sb)K_W|ri@7it`^MRw3JdO=u{+vD!%P#)9NeQ&eh*R zwe9PCn_}@&gRrVJNyWFF4Pbqxc7;`$>V7SB)gr7hV#<0ER<`)QRQsten4c5XM>2MTfjt>7;*6Y~5>v%C(JIQUh=$gn4zd z*AHu4b)67a=;-8lYVUEH5H@z_qO{QLTOZ!Jz}xm)!rib#u~B!K9F*x8#n*_@vCwhG z*7`{fe?|O1br4jgguGB){Qmpcv%)k4+tVyd zcDc@#?t&~xc0nE{I|HzN7EvM)CRbkJ?=Q$8j6>GWHKO8s{(v_GV9KlCp)`{jmV$&G z(J2BkLLmxkZ=@TqL>A|-nr72~XYy4`CxlH2&AK711<|hq&W&BjI^P9!O7bXVJMZaJ zct>!E!lzGnK_2tq0Z*Tv{doEA^@pohumAS+DTq;kD4i?8uOFuFG)!}5>qVFqNkejD zm`a-VCZ`$0Ac;X9hbYyY8>@&y0I$hi<0XAdgjI#5*rq!GQ#US!45$I~jO@wyAJu^= zntUR~h2a{~nMsv#qfe!-rJO3CgR3c_h!Zz4Yv#2l6IEdpfu~R9Se`x|^q!l7EvvT+ za6BRDOvJHc1QW?i&s{(fDuvJI=^4pHuVaRak6Oh0v~7C3u~C0iGT*0d!w_=kJG~k6 z-2cdYVC%a78J-*s-T2?f&z^1KKdhzb`yU{u{Sjt=GRf;>%LC=V<4_qXYcaQYMkuGZ z`YVevc!Q4=R@^Cc7I8~qCalEgEp76&mE+?_o!DOYjwKaGo zZM2;9>|9Tb!Gwh6m}^zEt!o6`Rzv^#adeFY$IFYKTQ~NOQFN{E*U0tD9@{bhM&%vH z?(xS$K`!!f=NaJ%i0n_V$SwN+*}K-=ws9=Hzw;DC`(vEK(Z+F;4h(F8qL=9uZCW%f z2G}5|Xo+^Xl_jkxr}6Ig4fYlG<@QMi;zc5Lp-5VBTEJ|7IJ)qB{6tZQhvyu|lud#t zO=7SVvxVB5O+31{8hu!K0?=(5;Q;5+hTe}^6|_qhGli6zV#1L~Rd)#HkWgz^ehqwa z)Vowt*%g!D@FGQlr^VdslF6^8o|({cL+2kZg-j#0F@;)XkkL1=EBmqHV_6(vwUvkW zE{j_hdHyFl`Opr4`uX4VbTWBTpZ}fh^Z)IpJS?+x-hKR^u{WS7TCc!T+F;IsyA2)e zK4?{j^!K9-lqr+9qH++QJzg{`rBw}*_FA^U$%jwop#I^vt7wpAVqT0mU~})X`R;Cc zIu82X=@d-cd)A4f^&-; zjNXNIQ-#Cerscq9tF(LNpl%PbBSOnTuP>j1$#Tx_}`YwD(Lh#mN@Tyg1 z!hy-SuzL=QhCg%J+_6!W5eFLMNQKGLQZ5-G(jq6woL|3Y+SFJWt$F4r z&zJ+2yF|;u7Bu0ZW~&Dh<o`c=Y8{0T& zqT8N>Jc&?dU{7?@mAht;l2EECU0xlwaPY|h+rS)nNm~4D#(xj`E|>t9TK@|HzQE;! z(aV3XVKfFWZ!yVD;vlU#_}byDQRCqM|NHM>S)+GF!dJBMy~^<;iK7kpMtvkJdj1A{ zN|3)L30*JSy^}zJxzS)v0$MCucaGlu%u(fl;qtxFdGhiW1?wCYv!aXO8inf!iLA@j zk;5%GsD4{p(+0L6s2ntK`JQoAMwaDuoZ}UG9zjCRJHEaHTbAn*>9^s*gF~qXZdo?K zHUtL*1?!BZ|D+oWwsWwJrYKWUlUAV6%$`lK-2n&Qg3!Ik>l_UCF8HTszxJp}f`c|J zmSr0bo?pXwiMSbOps-~Bef%*=@^_f5U>;m|6H((p!BQ@@sFigo3r-v~ccUNJs%kNN zZox7taL|OuMZfG7KlGOK>BrOfhm*CLG`x=g)h1xHk?Ia85iZ8RZWSo&vvI;V1*A zsKX1)aR8%eLt~&i7BGB1N0Gckq%c146!>+m&S$Z0EI1Fqc*89qRBRlUna|45wPlpd zVdUZ4=hraH#mgDr;1I))^~%QwPXS&42!8wUna0%dm^>OSD5d=w zA<~RTczJy{aP={iVz}5v^yD90R!`idGJ@HrO%XSfK@+D`0YXRMvhtR_8inO=kvfI@ z&t8p!EQ$Y-%*AnfO#E$wj4eT1eB^wd-$fj_8hKuoLZ^ysqp*ILhu*F$9~J|2dHk?D zs#9Q_9RQ%<94M-@KUkB~A&czhB!=eqR>J63S%Oku4EdN`+~5%&bVD(s)ZRVXP~rIO6M9zycw9Dl|8Bc_2=D~A3h3-;|GFD zWkym#LE4e)+(cNy?h?jO1Y$d&>qM14*F4VdlHl5lgHrf z^mKZuop+xcyZ8a<1m&A zGzRScLp|gL#1RVLBy;i_7b@rGEneX=KeTR}&z9XW0q`g4BC`xxBg%?pvJL`7$YLEe z>T-fS?S`xoWd}KjS&rl73k1Um$4FW|c7a?Mtw8P;Wd%7%3Jtp$F5lI6ne6Gy4aoj^ z68|2D=oXc|xz?8zQ6qjWb#CUr4^1E!lbB?&XnQ_R9pkjSV`xMKN5tjQ zizW_rbmU5GYqzOR*UW@U{O7ES_pFk)**)9JvZsBxj{yJoKmi5*{e5pq*j;Iz|0{<5 z?Pc`L|EEvRPHXf3v*YP>KmXrFc?hZ%9rp}ywnhNC=#sn*l-$iZvD>!Bf{rp&&bGdp zO$Kwc>~#{i)>QnDD98}Z+w)M>raT-&Bkhi;V+=kfQH0~==QM~7sq}i5^B12tNu6O+RtAM^uK8{|L^0; ze*I@BxsQT+}uPoy^TjYp!`I##wu_tdl|3&Vp6iVeKujPPSJ^ z`}8SQ7ZE7EjwL+N0G ch`rTtU-o5R_QkRM82|wP|L9Du7XTgy084tyEdT%j literal 0 HcmV?d00001 diff --git a/library/ix-dev/enterprise/syncthing/ci/basic-no-hostnet-values.yaml b/library/ix-dev/enterprise/syncthing/ci/basic-no-hostnet-values.yaml new file mode 100644 index 0000000000..df393973f2 --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/ci/basic-no-hostnet-values.yaml @@ -0,0 +1,24 @@ +syncthingStorage: + home: + type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/home + additionalStorages: + - type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/dir1 + mountPath: /mnt/dir1 + - type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/dir2 + mountPath: /mnt/dir2 + - type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/dir3 + mountPath: /mnt/dir3 + +syncthingID: + user: 1001 + group: 1001 + +syncthingNetwork: + hostNetwork: false + localDiscoveryPort: 31027 + tcpPort: 32000 + quicPort: 32000 diff --git a/library/ix-dev/enterprise/syncthing/ci/basic-values.yaml b/library/ix-dev/enterprise/syncthing/ci/basic-values.yaml new file mode 100644 index 0000000000..459223175e --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/ci/basic-values.yaml @@ -0,0 +1,18 @@ +syncthingStorage: + home: + type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/home + additionalStorages: + - type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/dir1 + mountPath: /mnt/dir1 + - type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/dir2 + mountPath: /mnt/dir2 + - type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/dir3 + mountPath: /mnt/dir3 + +syncthingID: + user: 1001 + group: 1001 diff --git a/library/ix-dev/enterprise/syncthing/ci/https-no-hostnet-values.yaml b/library/ix-dev/enterprise/syncthing/ci/https-no-hostnet-values.yaml new file mode 100644 index 0000000000..ad59d38f53 --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/ci/https-no-hostnet-values.yaml @@ -0,0 +1,112 @@ +syncthingStorage: + home: + type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/home + additionalStorages: + - type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/dir1 + mountPath: /mnt/dir1 + - type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/dir2 + mountPath: /mnt/dir2 + - type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/dir3 + mountPath: /mnt/dir3 + +syncthingID: + user: 568 + group: 568 + +syncthingNetwork: + certificateID: 1 + hostNetwork: false + localDiscoveryPort: 31027 + tcpPort: 32000 + quicPort: 32000 + +ixCertificates: + "1": + certificate: | + -----BEGIN CERTIFICATE----- + MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL + MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV + BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX + Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1 + P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW + 2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H + PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t + AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3 + AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB + hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E + AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww + CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH + DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB + FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/ + BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD + KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR + h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx + fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj + x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz + MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB + -----END CERTIFICATE----- + + -----BEGIN CERTIFICATE----- + MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx + CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE + CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt + 2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf + iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd + M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL + Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H + VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID + AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE + wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T + AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw + pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL + MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG + SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr + zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql + PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX + TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d + 2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/ + +Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w + M7Y3vwxshpo= + -----END CERTIFICATE----- + privatekey: | + -----BEGIN PRIVATE KEY----- + MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT + HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk + H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI + 4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d + NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB + +Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7 + A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu + eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5 + N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe + EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL + PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR + 0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA + 6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z + FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo + L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL + d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA + 0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu + MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2 + wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd + DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7 + wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc + nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S + dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P + //L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY + qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc + 3G15AKCXo7jjOUtHY01DCQ== + -----END PRIVATE KEY----- diff --git a/library/ix-dev/enterprise/syncthing/ci/https-values.yaml b/library/ix-dev/enterprise/syncthing/ci/https-values.yaml new file mode 100644 index 0000000000..6d1b20995c --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/ci/https-values.yaml @@ -0,0 +1,109 @@ +syncthingStorage: + home: + type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/home + additionalStorages: + - type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/dir1 + mountPath: /mnt/dir1 + - type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/dir2 + mountPath: /mnt/dir2 + - type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/dir3 + mountPath: /mnt/dir3 + +syncthingID: + user: 568 + group: 568 + +syncthingNetwork: + certificateID: 1 + hostNetwork: true + +ixCertificates: + "1": + certificate: | + -----BEGIN CERTIFICATE----- + MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL + MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV + BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX + Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1 + P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW + 2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H + PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t + AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3 + AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB + hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E + AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww + CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH + DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB + FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/ + BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD + KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR + h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx + fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj + x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz + MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB + -----END CERTIFICATE----- + + -----BEGIN CERTIFICATE----- + MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx + CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE + CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt + 2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf + iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd + M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL + Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H + VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID + AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE + wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T + AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw + pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL + MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG + SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr + zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql + PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX + TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d + 2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/ + +Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w + M7Y3vwxshpo= + -----END CERTIFICATE----- + privatekey: | + -----BEGIN PRIVATE KEY----- + MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT + HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk + H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI + 4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d + NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB + +Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7 + A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu + eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5 + N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe + EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL + PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR + 0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA + 6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z + FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo + L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL + d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA + 0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu + MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2 + wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd + DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7 + wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc + nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S + dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P + //L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY + qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc + 3G15AKCXo7jjOUtHY01DCQ== + -----END PRIVATE KEY----- diff --git a/library/ix-dev/enterprise/syncthing/item.yaml b/library/ix-dev/enterprise/syncthing/item.yaml new file mode 100644 index 0000000000..6612d841d1 --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/item.yaml @@ -0,0 +1,8 @@ +icon_url: https://syncthing.net/img/logo-horizontal.svg +categories: + - storage +screenshots: + - https://syncthing.net/img/screenshot.png +tags: + - sync + - file-sharing diff --git a/library/ix-dev/enterprise/syncthing/metadata.yaml b/library/ix-dev/enterprise/syncthing/metadata.yaml new file mode 100644 index 0000000000..f0251c2416 --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/metadata.yaml @@ -0,0 +1,22 @@ +runAsContext: + - userName: root + groupName: root + gid: 0 + uid: 0 + description: Syncthing runs as root and starts the syncthing process as a non-root user. +capabilities: + - name: CHOWN + description: Syncthing is able to chown files. + - name: DAC_OVERRIDE + description: Syncthing is able to bypass permission checks. + - name: FOWNER + description: Syncthing is able bypass permission checks for it's sub-processes. + - name: SETUID + description: Syncthing is able to set user ID for it's sub-processes. + - name: SETGID + description: Syncthing is able to set group ID for it's sub-processes. + - name: SETPCAP + description: Syncthing is able to set process capabilities. + - name: SETFCAP + description: Syncthing is able to set file capabilities. +hostMounts: [] diff --git a/library/ix-dev/enterprise/syncthing/questions.yaml b/library/ix-dev/enterprise/syncthing/questions.yaml new file mode 100644 index 0000000000..8afc0212b5 --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/questions.yaml @@ -0,0 +1,222 @@ +groups: + - name: Syncthing Configuration + description: Configure Syncthing + - name: User and Group Configuration + description: Configure User and Group for Syncthing + - name: Network Configuration + description: Configure Network for Syncthing + - name: Storage Configuration + description: Configure Storage for Syncthing + - name: Resources Configuration + description: Configure Resources for Syncthing + +portals: + web_portal: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" + path: "$kubernetes-resource_configmap_portal_path" + +questions: + - variable: TZ + group: Syncthing Configuration + label: Timezone + schema: + type: string + default: Etc/UTC + required: true + $ref: + - definitions/timezone + + - variable: syncthingID + label: "" + group: User and Group Configuration + schema: + type: dict + attrs: + - variable: user + label: User ID + description: The user id that Syncthing files will be owned by. + schema: + type: int + min: 568 + default: 568 + immutable: true + required: true + - variable: group + label: Group ID + description: The group id that Syncthing files will be owned by. + schema: + type: int + min: 568 + default: 568 + immutable: true + required: true + + - variable: syncthingNetwork + label: "" + group: Network Configuration + schema: + type: dict + attrs: + - variable: hostNetwork + label: Host Network + description: | + Bind to the host network.

+ If this is disabled, you will need to add your local networks in CIDR format to the Syncthing WebUI.
+ In the Syncthing WebUI, go to Advanced Settings > Options > Always Local Nets
+ Separate each CIDR network with a comma.
+ Example: 192.168.0.0/24,192.168.1.0/24 + schema: + type: boolean + default: true + - variable: webPort + label: Web Port + description: The port for the Syncthing WebUI. + schema: + type: int + default: 31000 + min: 9000 + max: 65535 + required: true + - variable: tcpPort + label: TCP Port (File Transfers) + description: The TCP port for Syncthing transfers. + schema: + type: int + show_if: [["hostNetwork", "=", false]] + default: 22000 + min: 9000 + max: 65535 + required: true + - variable: quicPort + label: QUIC (UDP) Port (File Transfers) + description: The QUIC (UDP) port for Syncthing transfers. + schema: + type: int + show_if: [["hostNetwork", "=", false]] + default: 22000 + min: 9000 + max: 65535 + required: true + - variable: certificateID + label: Certificate + description: The certificate to use for Syncthing GUI. + schema: + type: int + "null": true + $ref: + - "definitions/certificate" + + - variable: syncthingStorage + label: "" + group: Storage Configuration + schema: + type: dict + attrs: + - variable: home + label: Syncthing Home Storage + description: The path to store Syncthing Home Directory. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: "ixVolume" + enum: + - value: "hostPath" + description: Host Path (Path that already exists on the system) + - value: "ixVolume" + description: ixVolume (Dataset created automatically by the system) + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: "home" + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + - variable: additionalStorages + label: Additional Storage + description: Additional storage for Syncthing. + schema: + type: list + required: true + empty: false + default: [] + items: + - variable: storageEntry + label: Storage Entry + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: "hostPath" + hidden: true + enum: + - value: "hostPath" + description: Host Path (Path that already exists on the system) + - variable: mountPath + label: Mount Path + description: The path inside the container to mount the storage. + schema: + type: path + required: true + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + required: true + + - variable: resources + group: Resources Configuration + label: "" + schema: + type: dict + attrs: + - variable: limits + label: Limits + schema: + type: dict + attrs: + - variable: cpu + label: CPU + description: CPU limit for Syncthing. + schema: + type: string + default: "4000m" + required: true + - variable: memory + label: Memory + description: Memory limit for Syncthing. + schema: + type: string + default: "8Gi" + required: true diff --git a/library/ix-dev/enterprise/syncthing/templates/NOTES.txt b/library/ix-dev/enterprise/syncthing/templates/NOTES.txt new file mode 100644 index 0000000000..ba4e01146c --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/templates/NOTES.txt @@ -0,0 +1 @@ +{{ include "ix.v1.common.lib.chart.notes" $ }} diff --git a/library/ix-dev/enterprise/syncthing/templates/_certContainer.tpl b/library/ix-dev/enterprise/syncthing/templates/_certContainer.tpl new file mode 100644 index 0000000000..880bb56dbb --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/templates/_certContainer.tpl @@ -0,0 +1,41 @@ +{{- define "syncthing.certContainer" -}} +01-certs: + enabled: true + type: init + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: true + capabilities: + add: + - FOWNER + - DAC_OVERRIDE + - CHOWN + - SETUID + - SETGID + - SETFCAP + - SETPCAP + fixedEnv: + PUID: {{ .Values.syncthingID.user }} + command: + - /bin/sh + - -c + - | + #!/bin/sh + set -e + configDir=/var/syncthing/config + # Copy certificates, so that syncthing can use them + # If we mount the certificates directly, syncthing will not start, as it tries + # to chmod the whole directory and fails, because the secret is read-only + if [ ! -d "$configDir" ]; then + mkdir -p "$configDir" + chown -R "$PUID:$PGID" "$configDir" + fi + cp /certs/https-key.pem "$configDir/https-key.pem" + cp /certs/https-cert.pem "$configDir/https-cert.pem" + chown "$PUID:$PGID" "$configDir/https-key.pem" + chown "$PUID:$PGID" "$configDir/https-cert.pem" +{{- end -}} diff --git a/library/ix-dev/enterprise/syncthing/templates/_configure.tpl b/library/ix-dev/enterprise/syncthing/templates/_configure.tpl new file mode 100644 index 0000000000..8bc27338f1 --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/templates/_configure.tpl @@ -0,0 +1,53 @@ +{{- define "syncthing.configure" -}} +{{/* + https://docs.syncthing.net/users/config.html + Note: Configuration in the above link does not match the subcommands of the cli + To get the correct subcommands, run `syncthing cli config ` + It will print all the available subcommands for that category + "Knobs" are exposed under Values.syncthingConfig, We can exposed those to questions.yaml if we want + */}} +configmap: + syncthing-configure: + enabled: true + data: + configure.sh: | + #!/bin/sh + set -e + configDir=/var/syncthing/config + + # Make sure the file exists + until [ -f "$configDir/config.xml" ]; do + sleep 2 + done + + # Check the API is running + until curl --silent --output /dev/null http://localhost:{{ .Values.syncthingNetwork.webPort }}/rest/noauth/health; do + sleep 2 + done + + function setConfig() { + syncthing cli --home "$configDir" config $@ + } + + # Now we can use the syncthing cli (wrapper around the API) to set the defaults. + # Keep in mind that all the below values are not enforced, user can change them + # while the app is running, but will be re-applied on restart. + + # Category "options" is more like "general" or "global" settings. + setConfig options announce-lanaddresses set -- {{ ternary "1" "0" .Values.syncthingConfig.announceLANAddresses | quote }} + setConfig options global-ann-enabled set -- {{ ternary "1" "0" .Values.syncthingConfig.globalDiscovery | quote }} + setConfig options local-ann-enabled set -- {{ ternary "1" "0" .Values.syncthingConfig.localDiscovery | quote }} + setConfig options natenabled set -- {{ ternary "1" "0" .Values.syncthingConfig.natTraversal | quote }} + setConfig options relays-enabled set -- {{ ternary "1" "0" .Values.syncthingConfig.relaying | quote }} + setConfig options uraccepted set -- {{ ternary "1" "-1" .Values.syncthingConfig.telemetry | quote }} + setConfig options auto-upgrade-intervalh set -- "0" + + # Category "defaults/folder" contains the default settings for new folders. + setConfig defaults folder xattr-filter max-total-size set -- 10485760 + setConfig defaults folder xattr-filter max-single-entry-size set -- 2097152 + setConfig defaults folder send-ownership set -- 1 + setConfig defaults folder sync-ownership set -- 1 + setConfig defaults folder send-xattrs set -- 1 + setConfig defaults folder sync-xattrs set -- 1 + +{{- end -}} diff --git a/library/ix-dev/enterprise/syncthing/templates/_portal.tpl b/library/ix-dev/enterprise/syncthing/templates/_portal.tpl new file mode 100644 index 0000000000..eb7f491fed --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/templates/_portal.tpl @@ -0,0 +1,16 @@ +{{- define "syncthing.portal" -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: portal +data: + path: "/" + host: "$node_ip" + port: {{ .Values.syncthingNetwork.webPort | quote }} + {{- if .Values.syncthingNetwork.certificateID }} + protocol: https + {{- else }} + protocol: http + {{- end }} +{{- end -}} diff --git a/library/ix-dev/enterprise/syncthing/templates/_syncthing.tpl b/library/ix-dev/enterprise/syncthing/templates/_syncthing.tpl new file mode 100644 index 0000000000..b0ae4e57dc --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/templates/_syncthing.tpl @@ -0,0 +1,178 @@ +{{- define "syncthing.workload" -}} +workload: + syncthing: + enabled: true + primary: true + type: Deployment + podSpec: + hostNetwork: {{ .Values.syncthingNetwork.hostNetwork }} + securityContext: + fsGroup: {{ .Values.syncthingID.group }} + containers: + syncthing: + enabled: true + primary: true + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + # This is needed to allow syncthing assign + # PCAPs to its child processes + allowPrivilegeEscalation: true + capabilities: + add: + - FOWNER + - DAC_OVERRIDE + - CHOWN + - SETUID + - SETGID + - SETFCAP + - SETPCAP + env: + PCAP: cap_chown,cap_dac_override,cap_fowner+ep + STGUIADDRESS: "0.0.0.0:{{ .Values.syncthingNetwork.webPort }}" + # Disable automatic upgrades + STNOUPGRADE: "true" + fixedEnv: + PUID: {{ .Values.syncthingID.user }} + probes: + liveness: + enabled: true + type: http + path: /rest/noauth/health + port: "{{ .Values.syncthingNetwork.webPort }}" + readiness: + enabled: true + type: http + path: /rest/noauth/health + port: "{{ .Values.syncthingNetwork.webPort }}" + startup: + enabled: true + type: http + path: /rest/noauth/health + port: "{{ .Values.syncthingNetwork.webPort }}" + # We use this hook as we need the API + # to be running when we run the configure script + lifecycle: + postStart: + type: exec + command: + - su-exec + - "{{ .Values.syncthingID.user }}:{{ .Values.syncthingID.group }}" + - /configure.sh + {{- if .Values.syncthingNetwork.certificateID }} + initContainers: + {{- include "syncthing.certContainer" $ | nindent 8 -}} + {{- end }} +{{/* Service */}} +service: + syncthing-web: + enabled: true + primary: true + type: NodePort + targetSelector: syncthing + ports: + webui: + enabled: true + primary: true + port: {{ .Values.syncthingNetwork.webPort }} + nodePort: {{ .Values.syncthingNetwork.webPort }} + targetSelector: syncthing + syncthing-discovery: + # Only enable this service if local discovery is enabled + enabled: {{ .Values.syncthingConfig.localDiscovery }} + type: NodePort + targetSelector: syncthing + ports: + discovery: + enabled: true + port: {{ .Values.syncthingNetwork.localDiscoveryPort }} + nodePort: {{ .Values.syncthingNetwork.localDiscoveryPort }} + targetPort: 21017 + protocol: udp + targetSelector: syncthing + syncthing-transfer: + enabled: true + type: NodePort + targetSelector: syncthing + ports: + tcp: + enabled: true + primary: true + port: {{ .Values.syncthingNetwork.tcpPort }} + nodePort: {{ .Values.syncthingNetwork.tcpPort }} + targetPort: 22000 + targetSelector: syncthing + quic: + enabled: true + port: {{ .Values.syncthingNetwork.quicPort }} + nodePort: {{ .Values.syncthingNetwork.quicPort }} + targetPort: 22000 + protocol: udp + targetSelector: syncthing + +{{/* Persistence */}} +persistence: + home: + enabled: true + type: {{ .Values.syncthingStorage.home.type }} + datasetName: {{ .Values.syncthingStorage.home.datasetName | default "" }} + hostPath: {{ .Values.syncthingStorage.home.hostPath | default "" }} + targetSelector: + syncthing: + syncthing: + mountPath: /var/syncthing + 01-certs: + mountPath: /var/syncthing + configure: + enabled: true + type: configmap + objectName: syncthing-configure + defaultMode: "0770" + targetSelector: + syncthing: + syncthing: + mountPath: /configure.sh + subPath: configure.sh + + {{- if not .Values.syncthingStorage.additionalStorages -}} + {{- fail "Syncthing - Expected at least one additional storage defined" -}} + {{- end -}} + + {{- range $idx, $storage := .Values.syncthingStorage.additionalStorages }} + {{ printf "sync-%v" (int $idx) }}: + enabled: true + type: {{ $storage.type }} + datasetName: {{ $storage.datasetName | default "" }} + hostPath: {{ $storage.hostPath | default "" }} + targetSelector: + syncthing: + syncthing: + mountPath: {{ $storage.mountPath }} + {{- end }} + + {{- if .Values.syncthingNetwork.certificateID }} + certs: + enabled: true + type: secret + objectName: syncthing-cert + defaultMode: "0600" + items: + - key: tls.key + path: https-key.pem + - key: tls.crt + path: https-cert.pem + targetSelector: + syncthing: + 01-certs: + mountPath: /certs + readOnly: true + +scaleCertificate: + syncthing-cert: + enabled: true + id: {{ .Values.syncthingNetwork.certificateID }} + {{- end -}} +{{- end -}} diff --git a/library/ix-dev/enterprise/syncthing/templates/common.yaml b/library/ix-dev/enterprise/syncthing/templates/common.yaml new file mode 100644 index 0000000000..f9f4fded52 --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/templates/common.yaml @@ -0,0 +1,10 @@ +{{- include "ix.v1.common.loader.init" . -}} + +{{/* Merge the templates with Values */}} +{{- $_ := mustMergeOverwrite .Values (include "syncthing.workload" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "syncthing.configure" $ | fromYaml) -}} + +{{/* Create the configmap for portal manually*/}} +{{- include "syncthing.portal" $ -}} + +{{- include "ix.v1.common.loader.apply" . -}} diff --git a/library/ix-dev/enterprise/syncthing/upgrade_info.json b/library/ix-dev/enterprise/syncthing/upgrade_info.json new file mode 100644 index 0000000000..767388094a --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/upgrade_info.json @@ -0,0 +1 @@ +{"filename": "values.yaml", "keys": ["image"]} diff --git a/library/ix-dev/enterprise/syncthing/upgrade_strategy_disable b/library/ix-dev/enterprise/syncthing/upgrade_strategy_disable new file mode 100755 index 0000000000..aef37b7f05 --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/upgrade_strategy_disable @@ -0,0 +1,30 @@ +#!/usr/bin/python3 +import json +import re +import sys + +from catalog_update.upgrade_strategy import semantic_versioning + +RE_STABLE_VERSION = re.compile(r'[1-9]+\.[0-9]+\.[0-9]+') + + +def newer_mapping(image_tags): + key = list(image_tags.keys())[0] + tags = {t: t for t in image_tags[key] if RE_STABLE_VERSION.fullmatch(t)} + version = semantic_versioning(list(tags)) + if not version: + return {} + + return { + 'tags': {key: tags[version]}, + 'app_version': version, + } + + +if __name__ == '__main__': + try: + versions_json = json.loads(sys.stdin.read()) + except ValueError: + raise ValueError('Invalid json specified') + + print(json.dumps(newer_mapping(versions_json))) diff --git a/library/ix-dev/enterprise/syncthing/values.yaml b/library/ix-dev/enterprise/syncthing/values.yaml new file mode 100644 index 0000000000..78b637653e --- /dev/null +++ b/library/ix-dev/enterprise/syncthing/values.yaml @@ -0,0 +1,38 @@ +image: + repository: syncthing/syncthing + tag: '1.23.3' + pullPolicy: IfNotPresent + +resources: + limits: + cpu: 4000m + memory: 8Gi + +# Currently not exposed in the UI +# But can be exposed in the future +syncthingConfig: + natTraversal: false + localDiscovery: false + globalDiscovery: false + telemetry: false + relaying: false + announceLANAddresses: false + +syncthingID: + user: 568 + group: 568 + +syncthingNetwork: + webPort: 30000 + certificateID: 0 + hostNetwork: true + # Only used if hostNetwork is false + localDiscoveryPort: 21027 + tcpPort: 22000 + quicPort: 22000 + +syncthingStorage: + home: + type: ixVolume + datasetName: home + additionalStorages: []