From 4daf2f24f769e95881db90123753df37615ecfe2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 3 Sep 2024 14:15:47 +0200 Subject: [PATCH] A lot of untrackable changes --- common/environments.yaml | 16 + helmfile.yaml | 0 installations/applications/helmfile.yaml | 24 +- installations/games/helmfile.yaml | 2 +- installations/platform/helmfile.yaml | 63 +++- installations/storage/helmfile.yaml | 13 +- installations/system/helmfile.yaml | 23 +- manifests/app.yaml | 18 + manifests/bucket.yaml | 12 + manifests/minio-secret.yaml | 7 + manifests/minio-tf-workspace.yaml | 164 +++++++++ manifests/postgresql-15.5.21.tgz | Bin 75989 -> 0 bytes values.yaml | 333 ------------------ values/badhouseplants/secrets.minio.yaml | 38 +- values/badhouseplants/secrets.nrodionov.yaml | 18 +- values/badhouseplants/secrets.velero.yaml | 20 +- .../badhouseplants/secrets.woodpecker-ci.yaml | 22 +- values/badhouseplants/secrets.zot.yaml | 20 +- values/badhouseplants/values.authentik.yaml | 61 ++++ values/badhouseplants/values.crossplane.yaml | 3 + values/badhouseplants/values.kimai.yaml | 71 ++++ values/badhouseplants/values.mariadb.yaml | 13 - values/badhouseplants/values.metallb.yaml | 4 +- values/badhouseplants/values.minecraft.yaml | 127 +++---- .../badhouseplants/values.minio-operator.yaml | 2 + .../badhouseplants/values.minio-tenant.yaml | 136 +++++++ values/badhouseplants/values.minio.yaml | 4 + values/badhouseplants/values.openvpn.yaml | 46 +++ .../values.rook-ceph-cluster.yaml | 4 +- values/badhouseplants/values.stalwart.yaml | 145 ++++++++ values/badhouseplants/values.velero.yaml | 4 +- .../badhouseplants/values.woodpecker-ci.yaml | 2 +- values/badhouseplants/values.zot.yaml | 30 +- values/etersoft/values.cert-manager.yaml | 25 ++ values/etersoft/values.cilium.yaml | 8 + values/etersoft/values.coredns.yaml | 32 ++ .../values.local-path-provisioner.yaml | 6 + values/etersoft/values.metallb-resources.yaml | 5 + values/etersoft/values.metallb.yaml | 71 ++++ values/etersoft/values.minio.yaml | 131 +++++++ values/etersoft/values.namespaces.yaml | 3 + .../values.openvpn-xor.yaml | 4 +- values/etersoft/values.openvpn.yaml | 35 ++ values/etersoft/values.roles.yaml | 1 + values/etersoft/values.traefik.yaml | 84 +++++ velero-cm/change-storage-class.yaml | 10 - 46 files changed, 1311 insertions(+), 549 deletions(-) delete mode 100644 helmfile.yaml create mode 100644 manifests/app.yaml create mode 100644 manifests/bucket.yaml create mode 100644 manifests/minio-secret.yaml create mode 100644 manifests/minio-tf-workspace.yaml delete mode 100644 manifests/postgresql-15.5.21.tgz delete mode 100644 values.yaml create mode 100644 values/badhouseplants/values.crossplane.yaml create mode 100644 values/badhouseplants/values.kimai.yaml create mode 100644 values/badhouseplants/values.minio-operator.yaml create mode 100644 values/badhouseplants/values.minio-tenant.yaml create mode 100644 values/badhouseplants/values.openvpn.yaml create mode 100644 values/etersoft/values.cert-manager.yaml create mode 100644 values/etersoft/values.cilium.yaml create mode 100644 values/etersoft/values.coredns.yaml create mode 100644 values/etersoft/values.local-path-provisioner.yaml create mode 100644 values/etersoft/values.metallb-resources.yaml create mode 100644 values/etersoft/values.metallb.yaml create mode 100644 values/etersoft/values.minio.yaml create mode 100644 values/etersoft/values.namespaces.yaml rename values/{badhouseplants => etersoft}/values.openvpn-xor.yaml (94%) create mode 100644 values/etersoft/values.openvpn.yaml create mode 100644 values/etersoft/values.roles.yaml create mode 100644 values/etersoft/values.traefik.yaml delete mode 100644 velero-cm/change-storage-class.yaml diff --git a/common/environments.yaml b/common/environments.yaml index 13a3ca2..3f3a457 100644 --- a/common/environments.yaml +++ b/common/environments.yaml @@ -1,5 +1,21 @@ + environments: badhouseplants: kubeContext: badhouseplants + values: + - velero: + enabled: true + - workload: + enabled: true + - backups: + enabled: false + etersoft: kubeContext: etersoft + values: + - velero: + enabled: false + - workload: + enabled: false + - backups: + enabled: true diff --git a/helmfile.yaml b/helmfile.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/installations/applications/helmfile.yaml b/installations/applications/helmfile.yaml index 906da59..465d9c8 100644 --- a/installations/applications/helmfile.yaml +++ b/installations/applications/helmfile.yaml @@ -5,7 +5,10 @@ bases: repositories: - name: softplayer-oci - url: registry.badhouseplants.net/softplayer/helm + url: zot.badhouseplants.net/softplayer/helm + oci: true + - name: allanger-oci + url: zot.badhouseplants.net/allanger/helm oci: true - name: requarks url: https://charts.js.wiki @@ -28,6 +31,8 @@ repositories: - name: allangers-charts url: ghcr.io/allanger/allangers-charts oci: true + - name: robjuz + url: https://robjuz.github.io/helm-charts/ releases: - name: authentik @@ -80,16 +85,16 @@ releases: - name: nrodionov chart: bitnami/wordpress - version: 22.4.20 + version: 23.1.7 namespace: applications inherit: - template: default-env-values - template: default-env-secrets - template: ext-database - - name: openvpn-xor - chart: softplayer-oci/openvpn-xor - version: 1.2.0 + - name: openvpn + chart: allanger-oci/openvpn + version: 0.0.1 namespace: applications inherit: - template: default-env-values @@ -152,3 +157,12 @@ releases: inherit: - template: default-env-values - template: default-env-secrets + + - name: kimai + chart: robjuz/kimai2 + namespace: applications + version: 4.2.3 + inherit: + - template: default-env-values + #- template: default-env-secrets + - template: ext-database diff --git a/installations/games/helmfile.yaml b/installations/games/helmfile.yaml index f48470c..55b7f84 100644 --- a/installations/games/helmfile.yaml +++ b/installations/games/helmfile.yaml @@ -14,7 +14,7 @@ releases: - name: minecraft chart: minecraft/minecraft namespace: games - version: 4.20.0 + version: 4.21.0 inherit: - template: ext-tcp-routes - template: default-env-values diff --git a/installations/platform/helmfile.yaml b/installations/platform/helmfile.yaml index 95380e0..70394d7 100644 --- a/installations/platform/helmfile.yaml +++ b/installations/platform/helmfile.yaml @@ -12,26 +12,41 @@ repositories: url: https://zotregistry.dev/helm-charts/ - name: bedag url: https://bedag.github.io/helm-charts/ - - name: percona - url: https://percona.github.io/percona-helm-charts/ + - name: minio-standalone + url: https://charts.min.io/ + - name: minio + url: https://operator.min.io/ + - name: fluxcd-community + url: https://fluxcd-community.github.io/helm-charts + - name: crossplane-stable + url: https://charts.crossplane.io/stable releases: - name: argocd chart: argo/argo-cd namespace: platform - version: 7.3.6 + condition: workload.enabled + version: 7.5.2 inherit: - template: default-env-values - template: default-env-secrets + + - name: flux + chart: fluxcd-community/flux2 + namespace: platform + condition: workload.enabled + version: 2.13.0 - name: db-operator namespace: platform chart: db-operator/db-operator - version: 1.27.2 + condition: workload.enabled + version: 1.28.0 - name: db-instances chart: db-operator/db-instances namespace: platform + condition: workload.enabled needs: - platform/db-operator version: 2.3.4 @@ -41,16 +56,44 @@ releases: - name: zot chart: zot/zot - version: 0.1.57 + version: 0.1.60 createNamespace: false namespace: platform + condition: workload.enabled inherit: - template: default-env-values - template: default-env-secrets - - name: pg-operator - chart: percona/pg-operator - installed: false - version: 2.4.0 - createNamespace: false + - name: minio + chart: minio-standalone/minio + version: 5.2.0 namespace: platform + condition: backups.enabled + inherit: + - template: default-env-values + - template: default-env-secrets + + - name: minio-operator + chart: minio/operator + version: 6.0.3 + namespace: platform + condition: workload.enabled + inherit: + - template: default-env-values + + - name: minio-tenant + chart: minio/tenant + version: 6.0.3 + namespace: platform + condition: workload.enabled + inherit: + - template: default-env-values + # - template: default-env-secrets + + - name: crossplane + chart: crossplane-stable/crossplane + version: 1.17.0 + namespace: platform + condition: workload.enabled + inherit: + - template: default-env-values diff --git a/installations/storage/helmfile.yaml b/installations/storage/helmfile.yaml index 169242a..f428706 100644 --- a/installations/storage/helmfile.yaml +++ b/installations/storage/helmfile.yaml @@ -8,15 +8,13 @@ repositories: url: https://charts.longhorn.io - name: rook-release url: https://charts.rook.io/release - - name: local-path-provisioner - url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.28 releases: - name: rook-ceph chart: rook-release/rook-ceph installed: true namespace: rook-ceph - version: v1.14.9 + version: v1.14.6 inherit: - template: default-env-values @@ -24,7 +22,7 @@ releases: chart: rook-release/rook-ceph-cluster installed: true namespace: rook-ceph - version: v1.14.9 + version: v1.14.6 needs: - rook-ceph/rook-ceph inherit: @@ -40,10 +38,3 @@ releases: - template: default-env-secrets - template: ext-secret - - name: local-path-provisioner - chart: local-path-provisioner/local-path-provisioner - installed: false - createNamespace: false - namespace: kube-system - inherit: - - template: default-env-values diff --git a/installations/system/helmfile.yaml b/installations/system/helmfile.yaml index 4ad0030..4c311c9 100644 --- a/installations/system/helmfile.yaml +++ b/installations/system/helmfile.yaml @@ -24,8 +24,7 @@ repositories: url: https://piraeus.io/helm-charts/ - name: vmware-tanzu url: https://vmware-tanzu.github.io/helm-charts/ - - name: local-path-provisioner - url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.28 + releases: - name: namespaces chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart' @@ -45,7 +44,7 @@ releases: - name: coredns chart: coredns/coredns - version: 1.31.0 + version: 1.32.0 namespace: kube-system inherit: - template: default-env-values @@ -55,6 +54,7 @@ releases: installed: true version: 3.0.5 namespace: kube-system + condition: velero.enabled needs: - kube-system/cilium inherit: @@ -62,7 +62,7 @@ releases: - name: cilium chart: cilium/cilium - version: 1.16.0 + version: 1.16.1 namespace: kube-system needs: - kube-system/coredns @@ -71,7 +71,7 @@ releases: - name: cert-manager chart: jetstack/cert-manager - version: 1.15.2 + version: 1.15.3 namespace: kube-system needs: - kube-system/cilium @@ -116,7 +116,7 @@ releases: - name: traefik chart: traefik/traefik - version: 30.0.2 + version: 30.1.0 namespace: kube-system needs: - kube-system/cilium @@ -126,16 +126,11 @@ releases: - name: velero chart: vmware-tanzu/velero namespace: kube-system - version: 7.1.4 + version: 7.1.5 + condition: velero.enabled needs: - kube-system/cilium inherit: - template: default-env-values - template: default-env-secrets - - - name: local-path-provisioner - chart: local-path-provisioner/local-path-provisioner - createNamespace: false - namespace: kube-system - inherit: - - template: default-env-values + - template: crd-management-hook diff --git a/manifests/app.yaml b/manifests/app.yaml new file mode 100644 index 0000000..e9199fd --- /dev/null +++ b/manifests/app.yaml @@ -0,0 +1,18 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: test-apps + namespace: platform +spec: + destination: + namespace: default + server: https://kubernetes.default.svc + project: default + syncPolicy: + automated: + prune: true + source: + path: manifests/postgresql-15.5.21.tgz + repoURL: https://gitea.badhouseplants.net/allanger/k8s-deployment.git + targetRevision: main + helm: {} diff --git a/manifests/bucket.yaml b/manifests/bucket.yaml new file mode 100644 index 0000000..d1e4063 --- /dev/null +++ b/manifests/bucket.yaml @@ -0,0 +1,12 @@ +apiVersion: minio.crossplane.io/v1 +kind: Bucket +metadata: + creationTimestamp: null + name: bucket-local-dev +spec: + forProvider: + region: us-east-1 + providerConfigRef: + name: provider-config +status: + atProvider: {} diff --git a/manifests/minio-secret.yaml b/manifests/minio-secret.yaml new file mode 100644 index 0000000..557f9fa --- /dev/null +++ b/manifests/minio-secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +stringData: + AWS_ACCESS_KEY_ID: minio + AWS_SECRET_ACCESS_KEY: minio123 +kind: Secret +metadata: + name: minio-secret diff --git a/manifests/minio-tf-workspace.yaml b/manifests/minio-tf-workspace.yaml new file mode 100644 index 0000000..50e14e7 --- /dev/null +++ b/manifests/minio-tf-workspace.yaml @@ -0,0 +1,164 @@ +apiVersion: tf.upbound.io/v1beta1 +kind: ProviderConfig +metadata: + name: minio +spec: + configuration: | + provider minio { + // required + minio_server = "s3-new.badhouseplants.net:443" + minio_region = "us-east-1" + minio_ssl = "true" + } + + terraform { + backend "kubernetes" { + secret_suffix = "minio-tf-state" + namespace = "platform" + in_cluster_config = true + } + required_providers { + minio = { + source = "aminueza/minio" + version = "2.4.3" + } + } + } +--- +apiVersion: tf.upbound.io/v1beta1 +kind: Workspace +metadata: + name: example-bucket-creation +spec: + providerConfigRef: + name: minio + writeConnectionSecretToRef: + namespace: platform + name: tf-minio-state-output + forProvider: + source: Inline + env: + - name: MINIO_PASSWORD + secretKeyRef: + namespace: platform + name: minio-secret + key: AWS_SECRET_ACCESS_KEY + - name: MINIO_USER + secretKeyRef: + namespace: platform + name: minio-secret + key: AWS_ACCESS_KEY_ID + module: | + resource "minio_s3_bucket" "states" { + bucket = "states" + } + + resource "minio_iam_user" "terraform" { + name = "terraform" + force_destroy = true + tags = { + service = "terraform" + } + } + resource "minio_iam_policy" "terraform" { + name = "state-terraform" + policy= <~-!9D(%mBH;TVXVAXhW$3JUxPr~dQCQWw}~p@j?z@JDIhcJyYP;_ zIcD7Qj)#eBo#j$O^UpA!*J72E(c#n4(b3`2(Kurl#d*OOd*C(v+iPY{PG(OVx3%lr z+t&PBHb?s3<$cdRJxy(0T|HebT|Y9`t!-_tZ@&btcQHg)%(CQyKqRdPeVQkU9J$k; zc^1hUR0(fym{|{ZdY}^|J>YEVe&24cZmqeae}sG=4|k(OhCEti*wd`P-1pr*Z5=I7 zEWhv%l(>JA960cSlIyF-dKNO@5>l}R|W_#fs!b3XvZNPXMd}!udhvI z4}RfstiRIP54UE&FZdt(7T@@X${fE(Bv@b*H;wNGzYlv}uPlG~r~e&FVmzl(fS_Uc z?fd`FJ^6!ox4_%53wH|~hQ0T@gZDdI-U~nY$A;0pJ}B^^a{kC9`wotJyEj)?sWHE| z46MH#v$;(hoj*4=w?6{5G- zgy*4UyXx?$DhkvKXP(#r6$DEAX@O^O2XUAn$u}q|yKoW^LL}WV1v^I*UU)HH00yWp zW2x{K2P8c){Gr_Ti2UuonyKYelJm!;5k{VnGZx-wX0~qxW{??*M;t zq4z(3LJMtzNFz%s**LhsgAPc4NUr3t{FfnuQBwoN6zH&DhfH|SgT;XQkQ1s5mtjHe zdmP`d`!7*PX?A+=LwZNbab2GpPx#l}l+lki3^+9CW78jfElo`wE3-3x%YV72e?NZq zXwi0tg*vjsYmzw6{oi{C~7Ar|R6VZ11SXJz7lM?KM<2NbY9NqQWa zB58{0*HJ-BK|^+NJ+yvJ3mTe;e<_0~0~xjHhKc>lf#L^!MHGn2Tes}D_0+$fAG)F-lOYn1pzR7Zl+M@T0+dlw6;kyAUM`9ysyN_3E z0JDT^wUoZ!9pQ(1?wB&*$S5re2lfcXndTo-9Cvg_BH4rM0Hy{Y4{UfcVFy~ByW@g# zHg@~?3(gLn*@Vg{II!;@52 z5v%*9N|Z}86T_CxEyWfkz}Fb{>4kDE;bd*|v;*#gTdc!Ud$QaNSowk_Ks(&`=INCy z%~os6R>#)vb^=dQb%j$Avd-0bR8mek=lPE=9(nyk?()d)z8G<22V)T&{b9{$B^m5W z6*3N32VM#w;14$lDe&ohL;JuNzQQ|=g5$3xrC4J4&Bf*1kY2klsT}+~+hO9u7-R`D z;@}r=^MBaiFQQ06x)82a?ajULLZvb;rHkyu8gpPl?_i}FN-1)&O8A__q+IL0n`4qF zQ7r~Mp_-T#YBEB_5D&2mME<$Zmhyp43d+5`0YC83Enu#UhNG3H?f^fs_E|y=ddXn^ z4dknyjF#&{sth4(FC47P){}9-OP3T+i>9v0AE6~TJ^;2}QBZ^^o<+~@QJ{4nxT}qk zNc7kQ6x_}yP8hW3i091i5k?3(AeW?eYM;fNUupS!iI2rR8AdVJ5rzmcWcU0p>PU$v zf*cC6HtXX|&J_Nj&HGiG&IFk>)i6|?`{Im9R&MJB#~{8z@!5r6m8JaQT?74r5Jzbs z;w-$wfLh4aKmEdpZu35Zc=);eJmS~4n$QWlz{ip-63)uyQ#A9&5*jo4zV4XLLK-!2 zo($UW)CPe8O{O%Dp6R2?`({RjU5CBzFK;;0L5K{ED8djN^}cJtwgCzhvEm$x27@3! zh!U&i)S-+pWydKfQeh1C^)N&z%9p4pjeK&k!u!j5B-+mIy_TaYuwqJ+Yh z90)Ocs(=&L`7qVgAG8bCQPT5pgPI_e24Ro%&Kah9Bw#Y;*+dMuQCN1V(ACpSyT}&= zFk?;eV3PP?(0`f`xN7R{MD_RL1Q|Gn##WLhju%(vKudIuQ;ni_B#8HuC%x^NGNTv1 zRW7VI@4QU&4NF>*RYM3`uWFL>^4e%oNFw@MPyCah2Kw2!eH@&99A8^qYv6UUezV90 zJ5U}P{&YY|t0AtRr{BkiF~MevDiB(N`+Q#rF{IY{eEK-}wW31@&O$g*w84M^4C^iD z))zHr<=3J<8nRFQ$4;Eh^;8khRO_2NTkt^me2ZU2+5Gk67YTk%0+oyN`*o&cO=k*rW;zC>Z+i zZ_s^wMtFr8?VbXWgH(%lVEAH&DXo8GRoFnq46K2Xc{;tZ<7vPq-+;}|>+fUBg+UrQR+3a$K zRszSAaORBPM{$5O<(7z;^oL8>=p9e99@AtKEW-yqF=dCL>5d3K1aDGUp-RvI2~b>w zRk8Pb1h-cS1hr~aPy)OFUGO#vY?(~8I%QR#`4avBq7xMyn??bWNTIYU+EBrlQ1#fG zzIgeM^INx+Sqo9(yC%uS$neWYCPpN90?7eo(F@=sA!3$jhQb@`V$bz1a?(A?4#p+n zzzj5>44};pvc&qQ#m^(y?rGa1=dR*W;Kp|Ipr8}w1UZ0ELxvbas`w zYqe9Pz>AMj-gnPw%`G)=aAqjWTV-K)&J|2NCp3wots3}f`Bb)Fjol-@8({rnt5$N{ zhmVGU8Fw$$(Z*d3?;M4Yky|U0Jjarg#UF=(JERh)@vl$**%}s`lrB_Uczf{ui))Q9 zysl?cMM28fycTlrI-_?YMY~-NxSox}_mxomUH#U*sRW|CJ<}Z9Wl21DkTv&SsY|Wa zey>Q9UF3UDKqzdFzFXaMYO*LZ2{A%%HBYV60amZw3f) zo&yAUA$OqBlU`L0cN5V6()Q3xISRR&ip!LgF3@|OK`KCl#pXt%G-#S@)r@-Xm$nq& zpgc)(OV16$$%@0Yx{ldmo?xLzAva+zfqzUCd7fmzCAnjG4pZg_QV0iJ^@5nIT)sqekPDb9s zc0cy?@O`~rPhYa`=6Z(M>-2JT&NEVRf#U1tB`J)ey8h`~r@9ir1$@gn3UdCb6)mMGQHM!_8WFgWgN&f&D>sZ`6GUALSIHOmjy@^x+YVuKR= zH|Dpk=U<2-3*+!;21eo&DEOPrxp*H3S-jAq5QkivMDPAUh>oRrr=qEHM2i!*tOfka zX@c*%6Z9TAq+^_s)7{($lBgk87g5}#21S(_;LictZRc2a^sX) zKM9f^t41kDE3ch^opo?Go~B%=p+Y6ym=WVS?zGbnl0+bn8gz;ZHD;E+GD!GM(=s;- zOQcM{4^;%h5RVj+;e|)ZCk1dM1ZJ?GjVl6MJ))pj!ZMnI6IIewHHtM?{tICmr*x%7 zBrhW<^n}FfW1wBtR)}7FWSm?j}4i0Yqq<-rP5FzW3clj=!W`r&N%xASdRr~uQk zDWn1L^;Vu_-KKIt8^TG;L3>>>6%F@H%AH@{QH;IF@U51aBxZ)<8}1wD7eyUq_t0*y zwryokuXY;7|*UL2w@f6egPCox6h;Oqg z8M=|PKp8q&UQ#n1G%jBZDDqT--eeMd_a~Br#{oBwbAGD|ab9wl5`FgE6Br)kqPHA} z%*LXWJCyJFCWHX1`z(e2jFYUU)ZBbj%_I>03OuCmOGT%bJG5r&$elW4ZqV~nm?MH_ z!xhh@`1-l72dx1!fzM;O41efzHTEvH;vl}}Fi|6m{Wu7nLM^BfdG0J;lf+kJ;$pXXZnsw8Nhz zz9YW+81B6M*n*iMk^un-d<3C(Uo_6RywDIZFq8S^o@w znE%FfNn&sw7&#J`0DI4AE_OMBbpz*R5$JPmdv&^wD*p3xR2$6T3x_Vn@=kg9~*OJgvuKJ#%!kw$O0yS>zL9+;iAM<89~7ferV@{lw)7oH`s zZ?%!6WG7Uebnu=?D`cUu1WiMQ%0vZF1Qe8Dsae-$%$fo`8;?yTrRN$>W})A#FS5zU zChwtDKr?+=4NGY%BW;u5X&rn{0x9t5(gLTA8yDcuka;P}0p;OaZiiwV@@22PyA1=L zhG%;%fLO>Va~}*^3q2ay3YcOjEQw2YMluFp^nf~9gCn9<%9{|D@kC9%d>%{8dN99C z2<>KUQ@IH$P3VKZiv}dTXNf3Ki7EQz7uG2Pjy=|yLi%C+CDHL(1zAm?m+fex%A$2&y`wR zoYs$z6$Y4}HW65!uPkRA4+))k0lOVRhyU53OaC!=U0D<2^I{LYypUX|CZKzDpuhLl z@@;%+ydY#8`%OudT?n|NWE}3#_XI5-9SG(jai=;D>!qIKziFr?7&R0L(=v|ON$>llG7s93E_p`WL!Tj) z8l+xMb;+(0n|nM3W5-$rW2f9Gx9PY0xaFn)k@ah8WhD;d)urW$7O%WGA|>E>VaPz2 zoSTWcex%9*@p0?>b9(5m-%W2UePK_Jf4)6y;MymT%u{569LeB>d9J}%V+|sz?4;O; zuppRe&N@%osn@UX=J0VS7h3i`zDx4TRS-65v;JhSyj&zp64xvPpQaFLn~>}QhOlVf zS(DF9)p599(ZbBiOaKrC;C z^3CIApwN=B=V)AoYd@asWRL>8h?6s5u=fi1$*D3+7zHK3 zCk3nr`Y_xP!Ux@+ncSQu@=pOfmIx@kJHXI&Tj4`VP(kH2yAcYgPNRMpV*Z?BRnqxT zBL`nGll$scNAwS^oj;gk?*W^?2gt!@_i)cIC;%^j^@sI$DS`j!yBA~c3&@D|bTf#&#rmTRuEz)#6;7v%Ncv08;Vm?g zOG7Z|3e@H*u)ZTA2_A?&{;MRW2=*p2mhLiOx}$#abg8f^orzh}nF3?80)L3^1GR3@ zXx6seAQ($o-NQ!uepAr%<^B}7UoI*Bc$GJDd{v5vDWMwAR6M;tC2aAdT!rBhh&1qD zwL~2`7e$jqt~&PtDH%n;Z>Dr0z~hNjg5^WPRh$xJ;tl4~_U9mR*v(IOATfA>fa|oV zMFz!q(xpVuqpz1f6{MP4@S-3CP*OFJ3!NqF3R?C?%~kN_^hEjE0=Y+bnZQZQ*YUL~W2c!Z>m~%$FTTUQE6?A$1*BVRt{%Jm3ys zo@=rmn`5VLDBuX}0!IU?vPePXJ+%s{iJQ4!+JEzC`Q%qB8&mc!$;{G){HALRIkUsm zUOS{*7R&R9$hG}@$1tVOCtNI7zXkhSV6hVuzx^{QQ+FaPBw@AKIi}e`t_c|Fz{B~c zO?>g=G+qpORf?#hnfGgrc(ro=blhRCbBgA#B6gI^rhgCWUbn~6{A1iwk$4-DcABZ~(g&GIIH$L2mHrfv_sP@Ag7RSu3mY5$@RFG{ zt&{4lXgQIUGF)R}k0e|~!YDvq-U1xC3tyeJ#<*ohK>Y67=qOr@kO@dV&p$3U@zJOo zw~CnRNI;6zA_mz94Wap{d+G?KMc&eX9tw>DQyE`6u^zSdo>(R13m(z6Ek=M15aZ4j zfliU4johHK(u#*jOSp=_e005t>vjhO{lJ0`t0&n#QNJ`H1*ilu-6rS%(`JJ6V` zK3y1NrVP_#jkYIT_tY7#zVWQnS+g`0ZHRT=@N&*Y4M<9lX9b} zN84Rew1cW@Kr@!Oi7A=@Pmd^e5r)dM`tzJ2LiW|yqe_Qh83B|5BfXRT+TN!+=W0>E z=dvXx6{+Kr4F~rF+0{Iuusju3yp$hFYNg4?sBz?{Y)bcH)U0ED?glDcq(@@fx8%Cq#Uh#8%<7B9h3RewUA2nNL z%HqZ0-pETZ(5@>tOZjvqwxTz4<(sPLx$ucQ4Iz@xb#4LxWGyU#*1qqvM zTU)w>O5#HLnL?F0Km*TyeKNJfH-wWh`6K<_0^@M8panN_Xd@i=>a~Gzjgga zld~IW3SbWe97=C78MiAnRMqVGwn{v5s0U*f>=^ZnY7srvr{3>f1LV*mTkd#aD!Z%R@61pO=z4 zv@0A@a735`MoLu)CO6C9p zP4`pH>FvN^heJ|{8%t&!HNoM`4X`q^(?Yi`Po`RXO*W0|l1|oS`lb4hQ$vj!NNrS zXg581ORD~1r=ClIU>u=qI7&-U6!I7|CfhaEHSxXjeW<*6>lycdB#ZLbwvL4s);v|pVyqJkTr)-RIBP_jhWw}4+UH;3lQeg++U=nK?&0By>9X^e;X^df z%~*s^adURyG$mL|OyAI3L}PsuEk z0~s1fzs2sU4f}}yXz0Q_QHf5J0K*V=N0pHU(P0=Zn5qEIPK+vvtCmUceBSqU6N%ZaJQ+J3U+hu>wXHy$8ob(M%H6qEwRh$6h z1VUoPfESc8VggSU)HH(v!0#jH^-2WVx?fteUeTTzrN9U)aDF8P2U^SmKp9s)+T-CbCqI%{e$ zL{HBax`4SX^opdx9SV%r-?yq^6p(A9XZVY>v3{l2I-9ab`!KyGDM8A{`tW`KMb4d} zlbo8~{Rw!E^;1Q)hffO-PCwO}HxMb(%0`l6hBIMnS>=%F zY(H5oGq+wmqYx6|I!KI{d#YTiThEc>2#ni{0}3L2*8rblXg`q#6p+u&yzF(-9sFV= zmAoBJqP|L(D%IUkUgS*NU9!PSjutf=!>w{E-9AYD+5)SQ6++*?Hh06IdbUZG=2tb~ zQzW;_SP|rOmQ*PZDeIloJPu6N?`Z(Bpn>ouEK$lxu|{Xws4u^1=XN57ZvlyP?s&27 z?tL_c*z%pZOI0B({ekAW%#J=ETwAydHli#PG0{m_<$U#9E4EkZ|8R#=4CQnJXBykv zUmg3$N$kQ7?vc(e5?zrIQR9+1Wt&anF5VJ+w$B1-m$Ij;2a@ko=G@iBgPO7^g&C{y zipU}pA#H5nXI-A?Emj#tY{eeY6a-Fu{x9-IL14A9ITG)LEa4JqzW!E^&)n^zP}pI+ z3?%+oTglhxQu`L5n5n=XIuUsyxRlk@yWU)SYQpH=2|>K+(s)?qN1`p`TP7;IvnXhf zMA>5%T+$Uo-LPR!U{e6sF2*Gzzr{K3Mpd(KK#`habBV3{D|Rm_Ow#l5>8=CjJR^OZ zW#DF9(T)&i41XanJ&{u{G&I{HysF(lKEi4N(}9VKI_b&XggPBlrr-W)!~4VC4-Rz1-_j(+cz}U1xNoc7X-eMgGDy!ctKk7KowRo5ktYEwk3j!H7qNnTIQDLHm~_Jzj#ocEIp!@%`7 zIH#PR(alVp4`}lNQ@7h}J&!KP-D1VNZ~H*3kViC7oMfGLdO@d1|Avd9+m`r1@CGe+ zire=l%~mztx0y70lh<-@>INHh(}}C1+RO4mhk|t(I(2QaHJ)*ri9U;`9)MSLt7W1E zsiM+?6=%Cxe2WkK=$x!;QaQNYrpO8~Ld^phC+V0`QjcYprtYKF{DB8NDI58jS>=7A zCD=-V!Ux#AwyFq@-P-ZtUA$rl9cm}1Q>@FRGsu1O$rvdD#4Z%t&OdTBva@wF$-ur0 zG^@}|As`u`a#E{GG?RQYi|;S2<6_c%xHRpO?RUsb~J~#0{n718cZ^MwesD@)M89xgYgu@g`1sHiOR^m11V!IMR5o9mSwH`iM=7Pu21B z)n0EbBPNaAK<^5t+T8S>Hf>zxdo|Qfa)2^K{X5qfQlo9oK(W5bKruH5Z*E5^8SS20#}@SZwxpegVdVWP!LbYNfFL zWqZwNY?@VM%da~${4D;reJ>$>lC*t4OfmW%uHC-X!`TfCFyn6 zXE0H5&jjk$tIT)SAdCD@iy&U8{_?;%mr}K1&FGwNmZNKvAd_?lf>|W9}ay!|h23#VwXqhA)i7Dji z*L_Y)#X>IwIG>vFJUT*iU4TmOY|`@N-B7i}`Jt)py=`=M+on&Z`wBv>H3*pTp<)0(NOc5;{ zUbNP)Vu~H6C-e+0bu-huw3fQ%n)dK6`SckwJKf*eFC_ib-xmb!a8XE)|6UxeUte-o zV+xu&g~hcuT$(-vaY$aCa?TQXOZetoPaGY|GIM>;t0PKoG?gxg3sYIClE_n)TB>0p zS;wg+3eMwS<0DXThvNvc3NM7d_CL?k#+GwJi2=;hUk7&;SzCSQ>R_W7| z9r${CDIr7B2dYxZZ9QVXvV*%6=!py%4+_(K4_hP@x34V-Yewzy62q)q;2c`+X zfutm~YQ6Gv5>hSR&r2RwEk2yXEV7ytDsMrAFPkahCcnRQ9O-OMA&Fr@lR1{h#I%-s zavVc*8Pl0T>_p-d`J7O@z+(nCkx@fGL3F|7*7J{=uE-)aH^GXrig^0gQUtCOE;lm zk)=Uzc2cum8d)8U_`^(2HzUrtr|mlhbZgnkq@IS@#lnInM^lA8p@iD+HgTpA;ipf8 zPr3~LE_1oD9XoGP>vT!0GwRLJQTx^Q*V!hGxSxCngES)FXK;E+ zGXG(9`U%Ti3KsK_gZu;|J{_m&1q7dU=(MAlmS^VlBN{!kx+!I97wI(3U725Kbw){z zw&~?GGp+S6Ws(`%+rcBVIaWrG1l-I=g*Q$F3wqJllF8CHRx0pxw<%DCni_{;AQd9) ziJ)=jt$QKt^S0o27#f_29T!d%9R+OPFz!ke)m=%Q;6yud^ml_Rnz-ZZZsae@e2^CC z9cnZsKEyS!CK%i|I1%c&g!lkQPheemnYg0bxD$K*dkfb*(Kiu;>W~YBr9#-IguyL` zctZ&u3#$z)MtK&l3en^=x^>)=eugj749T@TxFA#e$Ot<-t?`@bS%V1K-sQRU&4E%; zVVK&OV|{W8zrn;`ogM#32*==Hz@j1N(qzR zYo>z1G$CliTmYIw$O%2X6j6=(Vi^+W1c1( z)>w|^$rMDhyy;O>@R$Ihzpv^M^7nc(A?fO#qC7&%x0y2FB5{&3AjaW;e27&J7) z`*(x=cn?lyWzximvO*M1up#=HC~9AqVPt%;98HqBk)cskIff?C{=k_Sy2W;bQv5%V zthX3TBQzdZA&!<+DlN&cl;Tya5uJ97PdO`~lo(XZ0xhYDmxz@iad|>SIV+}=99K+3 zJQ1Bu!aSD9oPWfCN~3tmY7hP#je{Ngx@J41Mvm38Nd2>Qby+v#@Q0hJgF$%du_K5P zy>I7yk9x5xbIPfFWd3w7YVzZ3?i)D@8q~W+|C*lr^QuGaa#+EEG?numdT;MgK-) zDjV-Jr@Ep9Dqu6>(cQ*<$Lu!2iMg%r9Qvg%1GY=*6!C%8G!ROoUzuL(+} z6sB~>WBjNvBYpxYas{)lloU>ttrj}(?JGA?uC}VsQDSfgyV3=d4BTwPKXD3|LND{G z&~~e)sGB3$e2+0r6VS0-#GuwLASlMNi&#Y>nL6c(y-oo?{Ix{H{_3^;mryvmnT)z( zyizc{@y&lCL1~s(8BNjqLg{y~(AldXFFd17V9u(&LK;#h7TQYrOZ`Jip*|S z2*~x|oQxkn2oa1`qef%n&9J;2{#L;se9$f_xV`2ea`tp+g$b4riDzEHqM?3ZK=B4> zyzLz<9;g>O&=M?4zSj=gh$Fb~y_u=(3 zwR@B1RqEpU)g-Lg?x6pVU^~XkYmYCgz#y&HJ+F86er~g@4#R!Lz-*{jPMWp`UD1qn zCu2aZg&{qk@N+D9J-r?qlhXLWvCtR7Hfknd(}xn+ch(BzOXHmSpXVb@D&#dG#U8*` z)I>7fq7cKH*smT%3^8pupc{C2^Lr?rLr}-`7L(&)T$3TD)dkm- zzXMDt$uE$vF6%BuhirZ1!@p!i2wCG|hPYlsH;-EvH3#P<5&LtXJKPc{)_g)Qo;G5> zC^V=>5YZ&(nA92BV^8o5*$fKzOtW0G6$w3((y{Z08s`hQs+?JuAxr=6?jH{ z3-ja5LVNVqBLWk^_Y!N&oF@qgqs~m6T)7Lu0UnK0A(W>dM%}W7NLDXxjE7p) zgOQ^C)jeY~r4{W9_%G+Ru7iAKYYAf9kqV zf$D+V3RLK-lBZ9={1$aIlh3v1g+beb?QBA;E1oj<44J7_<LZ+`jZr7@X&g>|_av-=u0{#JZ8be86fQdt^z(0I zygl+DXFpBkfCe!LO5Wa=23>x^*JYszQv+KyYh`84$T}0;k$=;(u&r=L?V%c)a=S-= zjKNdb_GT%YmZVGelc3iWd2<~lEE_Fmg{XH^5$}9y_4Pr#J3S$&U=^`A=~fCYt;7Md z1x|VqavLo%aiA}+jawqYa5EU^62#w6qx68MSE=(=Rk7p7DNa&9Zh%#^&)h@k#j_d0EPSmmOiUccc;YEtvpM zZk}WgGRMcq-du_80vp`85g~ixeRfg-GnyFF!D1OPlGP$}&qFqR>fE~L8U;2|>v60#irW_?`O)d3gVpkd1L4yd#6nx5v z%FtJFEV@^vV9NvgN4^fwe3lCI`nD}OdfYRfNt_ygy!u4R$Rp{BrDp~)CA_MK?6a=i zlq=GS#(;Yi+s|ulpM_U+>)-b=qbEk3Vklv!`zy?wnNp*sA??bWTZTGlE%B7H;V{N$ zSg7)JdV%;~4%Sb~6yWp_(a`SxLe&Z^+2=C(^7NN=q|*+RmQ9KTUty1v*Pm!5cH_HJ zX3)I2j~&XcI}#13=VAabhBwsC^Ry>PmgQ1~b`)XGV{>kc-cl@q3@Afk96Y@UygXqN zmZ!a3bO#|E{A}C^{2pGP7=%A5#<0&Hl>}?E8&|cPtoj~8RhXS#A6R_V)gh7cM&U8; zZCIA&)!{p-!4}F`U0ghn_gAe`l+_ixnVnt=0Alhx1))CpLhK}&Ol^y5iL{-On9WO3 z48MwcU9C3N9K(`Hbx%ByE&t#gO9{{JOd7a8exJ4J-s|B1_!6#Ntoquc!G#?chYYZ^ zBhQEXU+80~>9dRigkCJjo`D4HEv(1);+SntS`!N|+A`vE9tqXQScm^Pn6b=^?Cq%Z zc(JR1M*Q7V!SxdNERZmqdFOiTHVShpzOPH@cd>tG&odh%4;x)YNl!s_`gncZT)(IL zUuo!fdbs-8IXJmjvt;ZH&-7X@o!GehYD}-1J_<*(`||FN6%zLJUv$S(<5Mpms)b!o zu;VWb+c%F#o*cKncmKV&NOe4Pc2d8(ZrYLFc=eriBK~IGaMsfG~q8%8*E;W$;^fg`(k#R3~<{i&k+qX5WSxE+29L}Fn42AU6?$(0_;>giXW z4VXA>hRsj^`hjP5e$I^Uv1T<}f4u8SFVXJ|Tr()>3|uQI>EI+1&qeb{+2jI6F=j@Fv1+6HFTx zZF#&dsoCn$nk!`Aq_DROW-2c_J?@FXZ9oSW@W>Svy!$1N_`$JUD)BI&`oTB1lS$Wb zPQv>Wfg7Nj0e{wPAi_hB=)_N}v_1h8rctT-LkO zSCv@{4rLq}#6mSup76P0tQM}l#``HVEc0~R31xddNxMP_u*+Hdv>3h6tO;{dNYJiO zwab@`8s7Av?;5viYSN4zuFvy%;_|!cvFJbg{VJ?$)7j2U(yhkp768k;XgBW0jjt~P z%!e zG=qENRRhZ^-l%c*NnWSX$tF}}r8Frq!qfYl%G8t>;p?V4*(f7S*uJ?sUDRf!1GI!v zc3#Rx-oL34vy+PLt4(yOBY|dwVZ!DJa$5E=g`TyPl@u2EG(86K0HnMip#%7@YLOi3h?;$xG8Ihv%ldru zb2Y>bf+ZBfY_;$3J2YYApEgMop4ILAE><|Wn@8azl&9;mM>J*`*zy|Y0tK@*BR6aw zB_5HJpE@}=EoAa6gE(+I3iui=$b>WJm(f71l7sWA`A}enBO6LCCK03=((tpXEYy$@ z#*-c%qk9`!IhWeTlu!vMc`Bqi3XUVAHiA?fsM>+K_<5Ql-Hmz61f+w)*&Dv&0X6aq zsxX@^GA?z8+1F-jk?I}FwxwDNEcKVOqzZl!+$z-Q{nKWBCeC*tHbD^`bkRc&z-(xY zYe?cWan~WUrE-RhgcDSnJ#>Ddl-Va}sO0JUffDMfaJ~$-0x=yd+8@~2i2juaI=3N5 z@k#&?`jCDU*Z7CS6!l-05ml(I;VG^%BH~mdK;#u}Sn93Uoh6M^w(&QG(Lhc2gPDTd zR)#YQ_Ic1&p_LuQ&Y{yKQWr3~IBYqB=Z*kd9RuLq8DxrOW&aV>ju{TbJ|As5vxi)b zG~vn#(`OLWSlSs@d5|Ck)Cs$?9|hB0@nia+UdmuV@_+G5N55UeC?4z(pM6sAbBge| zoG#jHPDbg~t%z$vNmLc!hdBaT44Xl|_%CV($N>I7kDyTq=47d0 zsC1grva?JZ{ulNb`775tTmQ~8@EPiyxQ>6|<@5YX;t&C8wer3Nw}0x5ak6e^W_ogP z8#+2Rd|S6h``#7(*xTG%MZC=H+}ym*Hk#PF?e1FNTK^}Tlo3BLi`>27w7RCzNgo#h$}+Bc4}N$!=YHbvf@+deD5an@`9}7CA}n zTX|*2rpngMLq6x-@^szUxO)DtMGZ1DENg0U>F99Vfb-g!y?uS1%?q-vbMn9hxse0# zV{3bT_4I>lZQJtF?vbl2h^rhp>}~02IkNFRvHATldfM>yGV`;V+uPdwd1|U_ZQK0o z`XHG%^{xJ(hh@Jwdu1HK^*XtWEVBH)vuWM==mSMEIJ5ZWA2tJJt~}uFFUEOvcao}^ zWx<-qL!el|zZVnjE2yQ(jQ#l3ob)031ZJ2xe`KWS5hP>Q-H~$R&O93^2L}){%tK9S zVZ;zz5bs9BxTE@PbI~`Tz_DSE$spNoM|CfW*t?IL-7^&Hst*XTXvTbby~nW&kj3W1 zP@w%xo3MM&@gt%AROfBKY`e#QVeY|efyswE%P*{=#`1e!%3}Q9g5>M(OCt3C>w|R` zCs%|4o1a)hOV6TEKiEk>dXe>odU|CnmVIi&qGg%?r}f+|Lz6Fg%6ohL z-ZJ25r;eR`>FdeL`P0st`!Dho_Wr*jPlI>%;feCAqXKJ(Q2P0Z&{yov1oh#Mi-kXT z`hisJk^;9vr`EgwQ+I0IJ@}V**-2fjAG_E+nlrAGhmqF|5hL(C_`h))qPbk`+ULck zA8v?W7#H+F^JrTBsbxlrcYjr!EuOto=KPtBfs5D03JUGuj$ME3?OL@pef~Aw%KG%+s5=zjntN$OA<8A^)%d zovKdyPvbyXESZUps=Y$av3Eoc94vr1@Z^I`h)Vl&a9%a<_WQ#_FATM+Ne@!m)N_!D zi~AM77}oC(2TTq||1p0cupW<|L;9;pkA0Yh)Quj89$nB5`R&|!M~LYcFm(H?GKe-i z1m<}RO=jL<pDg_aT*KWN^e)X1=;M?Ft?-c1{<-2nLLR(#_J%L z>CQS@btzedf-9Etr%C(30V&S=4d+D3=T`>43GzM!{zPNuxE~|vEg1@H&t`Q0g!~bF zI*&g%GGvHtjF0xs3~pus$_qq;3T;nmD!8$;`Gdqm^tbt=_Ir}o88g<&ujXuTK;AF0 z{TKartrs%nzbg=Tq-ez@RpOzVXJA+UkKjJatq;fS3~>hDXI~f0RUwmviy{tgOe5!7 z)eO5v`2p7IRW+ZBIRdr*4dXX_&e3XIss`hwXkknYIBr4Rf29M#n!%>8=dA5z;!Bo( zW6PGM+UXTlV1-W00B)^n8b^GUZ-h#pp)JzEhKwBed4p;sURI4Aq!d|g!&2>L=%-31 z&gC=*vhd%}Jv4_2#m{mRMGiB&zlKw5k8}GL*FEL)>hk3++_{Y*!=wvr8z`|-{YKk^ z%C-UrP)LR1E4oYRIMgI^H(v28!9y(4VG2I97}B;tg2w)&@Qu&udi>Lx zewue!XJeHCRgVj9QvxqIl9s?(W3xAmQK{Ek!1FcKt5$z&@M?{UFZJ;sqk!F|;Vo!BsPpY-VaexO{bQIQp-}Qb zJ>KP~TgfuP0{Ai-l@Y=8b2Q$}&Sn)%le!{oVksSkynhS}oyzaug}1sZb?ht>HbqJG z13J!bLK-&|>LZXs=n9h=F7dhP5nbMmNp(1lTOVt)Mwf8>14y*m{S(Oof;ye0dJo_n5GthUNtSzKpzcVMAk>sRF=d@~OI4zoaE zH=|*NGU_YheiNO&9gv;yg>IBXFixX;D@^RwWV!!_C z(Vn&`jz$(3-TTi~>xi`PB$(&w;Nk@ihvDP@<!@%&odEE>a>&L1>wcwmoy$BdC!}_Vy2h|8W6gQnxT)Jh-s{>4`4SygdC8}tQOOp7MVW?!OEjtidHhS2fG#_J^U{}6`3L)| zk(-bLR@tSaQpRQb;Xl!(0oK$t?V`ztDfb7IwHl1RtM{%(@*bnZNNP|&bZ)_-0`jTS z7PW6%b-o1%hnAgm)P5J{RvspMR|H;cx9+3oC<$l#IhB7Cc>sXRMtLOG*U9WfFA^|S zkM9PujoqMw!R^?+7G3WJ)%BsPzQwd}ETw4&{wc(tF9bJgM2v6D87|gxqx^T@6xm=CWb7q_|8l-7Yqb zc@g)UB_}9fpPV@x1doqWj8>sjP;><&%&(fl@>d@v>*#VGNk&b(VCyAOi~@qvGxJDE zr;A;?7l$dLS0YQzN1y};(vV?VL3ToBve`}JNrPmkv*>m^L#`!sRhAM|KgO4r5jh>H zSkFF2F?;e{Z@s(Tem9Kz@<{87{_24Q@VbC1U6<2DzQTLZaPU+cfQIXB$t^Hnz=ptJ zfe++8{foklIQ{D(y1AwAy2Va!kDT6~<@ENX(_0@IYfYwL$3g4T){E~?j_922;5ziM zJzMnewuk#?o}ryt!-H8Ce)O*#ulV3!umT0DcAPCGC!Bj8=! zrEN%bJ-VrpeK!ZN#={@^W8)Tz*?H#awaKqUHc(r*p8NZNXN za(Mjuoc6DwC%+%jK}>tITJEM$?w{ZWL;8b$BJ+g<<{Jzs#z2=ezMLS3HG1fpj5^ba z(>;nN%+hQXz(rvsng{3NmJnjEK$R~5; z0XOpcv~O}Ux=aEPPgA9TQf47C;nsBmuY{N;gBk}f8%{)oPUhe( zbYxRPaSV}0Hn{s!v+&dB4xdu_Z{;~*KRzZoSqw*o{NHIm%fx?eZMApXPxAjEKEM9j z`eS3h5YRdSpnq(!8@u&KaUBi!X^$DTdXyy3(NT#j$i6Ve8dkgu?$z~zq^Ay^7kI-Z zORAFE_bt<9(Oa{n!Ik7$XUE5l-gY7aUHp6!xEzPt3WzSreqOr@((l4s;b+jUJ8vX1 zYa>BZs(n&ZOr2o%$xB;M zg=3t0Ugx%;lFHnp+D_)1F2yS5fz}yJ7rn#IL7vf_Re)KpL%3(CD&nzg{%#`2R4;(| zQu`)h(l;A#{7`L{`1Vk0^!Cn(=|F`P19%W?@i@-d_O!MEud`Fylt zbtVg+4xC5`m@MYH>lTo>lQZ}7)={FT4>mOJz-LGh?du_n0As+*#Rp{5ql=(epn-h5uED@oLa4SZp_zYxly-t}3lq4ZFx^pXbH@_5Xa$_VM!&)3B z!N8MIqSQQ2tlE+ZRw*DfUDqUiq54PJ9t|OBm+g^Z9ZiMa=t1KtG!rJt5dLuHPW-*~ z)vE~p=4gRuyPNQ8T><3gWx?%c!2Nlv6x`Me2@U^gQkL18L~muVZ0+vdh3M^PyAHVR zuXbt@O*wIE61|)0X-ciSIML5Ceei6reBd%YO&NR_q?%K^E|2W??soauxpWi%*JW#e z(_xU!ox8EMzw0o_=CitN{qYV|&qPy)uU&9^?VY-Oz4a-{-gCjVx3<2j$J)mFkmiLJ zj(p>gHcxObKl@T^)?QY%#vdxd)$!Tco3ni(vu$J8`s$Z>7HCAlmp)&6t@CJ;?Eez2 zOhU2tOAO0Wa|7B7HB(K&I$0$_G?-~g*IobX=zp+u;)e3V4&W;P@7~s4R{z`Hd)ohd zkk6yh|6a(HK9r6FxftLk%H5Gt3`j7EIs+L4f&pZf%lP2*L`N0+jmGzMA!U&wr+8Un z(ZWQ!O=M`cd@Fy+cX$_oc_)8m0;U^uCR3hGwqU}qb2?Gu>oYXL$Ud*Z{x%8Qu8nwf z?bgX?;tP622V&Mh#T`vC#&unVyr@Kem~BBNC7dL|C>^LsNE7CVyZiD?Gg5(P6sfZV zdHjcBTt<}3mrltdS+c?K?Fc*01IFMG8ICAYuT_AFcEie3g%oaBrXuGCM>~YgJ~PGK zXGhh!lTJY~b!NFe0!< zo}D5#E137EvGn!&_F!jM6f491s0<+IrsoqVvUNDsPEz1r8p>u4hjT=w=%pq?c9jAM z?BGIMH}5V7aWL82$-Yce-0y~m(6hS`ns!M zKxgA&)aDEoM0HNJ%bl(7R3F-<^WEGuI($gd=1%>2l7Tj7zvio3{kxRzz4zYLo!bqQ zi6>JJmVuz7q+qK>k;V2=9cW_ z)`}ib&jwRHxCr|dgFa(zA39y_Y8pt^#)&+B0+bs$Z8dzo4o?(emD>SQRH+RE8+0?< z5i$V-$LuEdKEupv6~$fG_+*fJL3bE7*KP4ejIa#t{qCPS`oFZF?o0n~gSMa3|DWPN z9_I6C^nWQM<=F*Hd+w$xC=x@8F}qm6NFFPbLb2qr3Wz4AFAN4sfiIIi8B|&^wNL1i zYU(q*b>DgOn?CbqBQGmsfXFB3#pRmLD(KSUk-Sj~2q>^kujv+9mt~YxQeKOE4v3$c zKS@-UR#>+(dNj&NtBMEs)U)HC|5Hc)he;AA_ZR=Sz4a_7|F^cD@;^Sv=Ml(%BH`jH ziKqQ5LA;hd?Z*e`_@KEu6rAc)=;$HJoqe{QK<4m1sA$KCfKvt3IAV{8a|i4T&iX5= z?wnpgQ`o*Q3KvO8P_Xt&p&-u=YVc{E61!PC&aPlY@?DTmNYGH;Cd~(Yca8M8WwB|; znd7H=i3G%#R%z+)QYj4*(nU6mLyTDuqpm2jYXZ!A!>pQhiXG~22H$Bw-ZmAaQ>tTB zb*Wi5vt3212k#ev#*^;_TNl7x;(YyF2+>LUy*w7`S(eKeM5F9ez}ft1q)z^y3%T7v zC-QJU%5;8sI5jbMj_CQDJL}0(qhY!fvcH)obc)YD zEiSVW@)1X*Ya*QUt@h~^PK`fkUBx%v1Po9RtC+Rx3YITEDat3q`JifR#Wdby_VaG8 zKu&vlTx5AUGU)WfPg(vV=$AMgRTk7)hJGP5>B=>+ z%JQD(R5aC5IY4RBPOghJR7Tf)%=U?~0#eNVhPhS3kKbSxj;5FV^i%IoU;HL7MQN^+ zhV#S0+3Sg9Vo<-{GZRtehgzJxPv-L;HdnZK|c0mHGfC@*{w> zF}eR-E%s~X&bQW=={`ld=#;`XLnAA%y9z7KBt79WC^F4(-0ayNdM=M#Cv`EQip5dVHqI8qUg{KUWG-qMvXw zG3Jg8b(X=+D0K$|`#ev*bx%bWThT0Cx$(v_iM#-9=?&Ndqh1-TEQ4ek(|sB5wm6z@ z8lAGym-y29OJo2IePMIy)Fc*xXU)7!*?{Uh!vS5#;)1h+t;ET%`Bj~U@r89^k zYS7I;C%{4JEx%I1Nrju(3W>+*9Y-tpA3U0e=L7D3zSVJhQ8gS-F%-K6%PC1oV7zDirXF9N^gcMY3n z=u)E(q^U8pJ5WkWqTbyM(lwu}=vno^FByVDK2enl8AW!@iHdsTqL`3QCeeP*(I^TEAAG%gQ0IS@R)(orH0wL0*-j3oLT6u=S80*!^Eb_<}#uCsQKdU z5tqEx+n!E;sU6OKA>UYZag^D**vxkeP-qtwe+5E5mqE$(wY+`;dm27lqgVC z8nKn@%X?^KjV2aJgN%TlN0Zjd^99LoiVCyn)2+9qveM3c@jYpfroyQ_uO)fYwxKal z%b3Z&_{RAyY-e+-t@AW2(O!aXH%?T3OY)jylqu#SqUn#tl z5j;~yUoNBmROTY&s3%W%gk^`fp7!kjDL%F0zhw6K`-%T*Kik>O-v7F_{dE8H!+ai# z|5qRXkmE&hg5s#DI>aVj7cw|6%nY&e5dhc1? z!Ng}I#`3P1f(uOal4M=2AP+isZcRcCTq2$0%jqP9MM53{QF;>CA@YnFM-)fu%yZ1A z1JvI5+Ap|UE7fS#`RnrhboT?8vpsVFhi)F>+cRicsgaVdG_l-@YCYqnKFtk>y@zl5 zk?#_fDPl0wG+k0aez6o2o&%;+$Dg%8p;q zK@Mo`a|NZ$qu@JwTu|>f)WSwxvA0cMqoI6`k%9&8ER_c+%k@SPBjYW1?!*MSaD5^t zOLI{Ur%cd&MNykj(*vsc#qPPR)B#(zme8qlkIF2W!*{B{zZ7}%Bv>9ou;B6A!f+t_ zQY-6fDRrY%)%2#Z)I5p+(6>j}>}gvtYh0&CZr->xTo+j$qHk{7$$Ddu7UhYVQR@p$ zbh!mqIoTA5>ba%^xX42TjRvvJ+4wI-FaZ0%cZ;Dp0bQh4V@{fIDK=YdFSQ-)=E_N=_BsFb@IXG;^*20F?HxsZw|sye{$6n?M)iP7{`!ZP)*`iiN^Up^YEyg`ZOQ7D;5gw#vZZq&1G!)_U}d+X-~q0W`HgI8 zU-D)Tjq6@K)E&oQcsSw9*L;(s3rgMNi2Lcio=9(p9lXz6Hn{?{W``m*Co>*hbwNsx zW9QN!>X{_StlCJQ8SV?xo9g&P_?it+#3~ql^=9-syeVt8@-xY+K7H#dNn-mA!PmEQ zI2ZH`wheFSC5JJT%HLK;eGQeq=BwPQ5fdUCGg7hv^3+~*=oGY!4VG630rcc{JW|xT6EsVrfLBp!4*HMs_K&JC> zH8Qd=RYa@qaRuQ_`sq+TNk1(Q16#h@S{ZifRUj)MZ)MsYN&%=lRTeC4^tLa~NbZ1* zWJFP>yJU+GXnIO9mG4nGd{U;$$N+WW6Lbf^Sak$56J!u$+YEV?x>bHn*ILIHnlcPS zZYs^>3nln6kBywg)K}*Gly6?>?N#C(4TLfi_OSOLoziq=XfNy< z&}x^9^l{uNH;W*NeJ8p|sl5de@E2zB`3cnGpPF=u6M>aNQR`Ry{-;q>b%LU;BKp}f zEfB0}uH8>1Y*NxqC8e$KMYp3e=7<~3;L9CO;hG|Pc0RYKWP!<%+Y_EO91^%XN`Goe zhU|HmVrEw+f*J#L6o$s4sfcb`^cT#Jtl5<%hXUIdI@ObJSq9bEj9Bhi2p_j8CdLJ` zv?D&{^c0GftjU=feqXBJIZgtu)D2w2Oj?Op!`15mFQF6d^>zOFdO8e~s0$Co+H^e5 zm-)62_&JJYN=T+&|bA?Up_nym4v+@r-g>|45hcCjV-le^5h z7?yA8>%ae=_d$&9S(0-j78g~C%IhTa01GU&lrp|iaFkU>H#pkyCgL66lx|Ps8l?Rx zr9zskH9Q==&d%%Cka*t8l-E)`4{uqzf2KYNyHO=jKDF;*PMf<@7gnS1MiNRj*W@F( zSJlj#gmjG1!nRhTl-a@DlH^j2%$cv&UWXj!JRG-xBk`mJDGM37)*y2-!F^SoGwDY9 zf2>PIbCyoJR6?3cBX83ryJe;>I%+mFUQt~|Lr$+pTrJiCg z_+B(`BuGX6hrONc-Aw$)&i3}+Q~bw6eC{>=W1avIX)1((2srHDL3#cUlN-$(8plvR z)FpFC9_mEtT2|B7kkDr)5`U^dc%rg1vLbzu#IQ}s?h!fXUX@pV|)5u~|nyJP0+Dy@K5 zcamMScK0|`exHU1Q+D^xH=g=PKvi*=gQs(m>E`UfT)%Xx_={{{0D;O55asMzS1;v! zRKT5sGFjJE{5U6+4yGJEO6w1dELx;u^FgpNa=Ag7YNPL5`Xye z`k7Zec5$fqL~ecUp2l!DwQwp`NGm;ZuFceX9#{)0U-rv~nd{hNHoNN&ufpyJW7P8j zx}LgidNox&n%cMKMgNfLU)QA0ApZIsOq%uDBT=Y!+=2fK;d#~yZ52>L-Ce$N2KEe{ zYn|7^W{K{F2;S;ruZyf5S!!piADj!b2)#XHYn;^o)W+EZeCD-{Rdz;{z}>l{*4VnY(!dEL`{F5-9Fq+b@u_ zowLJcfl#VkHom^5qoDxOY;S`uZ<`R+P)UiBPqkKGiQ_EPX;Y5pX#-+QOx3aD_+VcA30K+eU5_9!+pc@bpB?jjV~@tD!sXL&ZM z+3y9+S!)EWCKVdZ%NmiQmVN$abT8~;wp3+#$RlQ<;9T%(pL*7smuEH*^1e!NZ)?=} zuNPl>>fNk$t@Pl`H*_BipZrnOa-e85l2ofDEF;8A7nRv9aIL(Ifi1f!drGFTl!Yf3 z14XA~Dr?CoJrguier9GVt`zsw&U{ReT|wuwE34sI3mtb3x9doBb zW=t(wGAp4R)^)czGn_xAIOYYsWXGG;#5p-;F&EqnKzH=R*@N{MopGk`RnSsSC7g2z zO4Q1Gbki-@JgD8GdyyWd==Uk^=D5K!WfFvR<^0r~!MDPmW8<94=muLBRmztvPfM0t zg^DrWgCwz))x|`KtL}crTwK_mn?p&h2^qzg++vjCx5hM+{g+{MT-KcRTC_m^ZyuDRvD!94RW$vIo-l6_z=-=}l&R8Ey*vwZ>eXsKeO zlI$94bXLhVFnMm3xLjuG&{>eR0WH~EW12GG*e~X*DTi}MW5xjfOguF_-gEW2y%gM| zadN-2&u&D;m}h5M(QvwN{xzd%KEKbr_TLci(&%;OIssH+|2=!QmyQ3~*?Wrrd6>_m zv;STpgB^Xnbn8zs?xV5&R6|QGKRShcH>*$KxF4IZpiAen_*8ufuIPA7ZKE#(tJvfV zlI~T6m;FqW!VQKjL00iBB%rn2bj-lPg_h%E3(ZEn7p%l|OsrQ;2WtTwwbPM-G1VI& z74@sl*V*+;;!T_@0ty_VS*VZHB+iaf`PmY?V7X~5dBnpZUb1!UP~f(Ph_o5yE+=_3 zoRV;CYv+tp_|PrNE)BCHnU>^)P(6JQ5lQuek7P8LBYm3o{?Uw1m^X;4sC*43yw||3 z#~!Zr=^QzAR=}nCa+atJ)S-I;XO03}0B;dTPE9aNcH^i<%rWi@x^T*%+|hxfz&>*K zjV(^+nPZMpcaP4Sdz@}g6Yet4>=kLAiB(c>$&NXkzjKVNQL{hGQ8naOjHoRoi$=_T zUg?IL+y8Sr*U>NfRQZ4Qa_7Hxb~f8j{-1~VJU;)=?R^~max=PpdfyK<@?JeZgyEk2 zKH1Kk&+Bt*g-6}Z=W|;WX*{3D$0256f6r|u;_J!V^W^Pu4Q-myPrjae_w_iE^U2eb zWxyvt&!_S8RIYi;^YScf;jgB75zCW+e%}6_+p6$o6F96OaRrc9&ColK9-MT8eK;Dw2q`aSvhpLJ#}qxDk)dfGABs&y^&?t)drsdmuO)h%w5 zGql{lpDweaJt|LKN@>=s9Cb!4Rk`S7$r?=0k$tgDZ0Cn`@f?=T)+LYL!ZfmvO=iT7jplbB^hv&_+_li5mz z)!W>ZCO`?c_HwbcHMTkmc$wb4#&&ejSx@tVK0Is2mHF-nhi;g4M_sdN-#h0wji$S< zg7B;-j)R%}%1pQ8UcC;q8x*I5T*{mx(450*f>->$RqbxNMWmZiNe(G7j6ci4RMu-$ z=^{QJUB3;iq+6wA7|*`AFji8Ri!f{N|1|n(q+DuWraz4eZaQM*OgWC6>;d0(m77GZ zu077+SHDbG^I~m7fIvqFYtZY7RSz9~0m@&@rWVqidJ!@4sU`C9UC?7mHugc!b)?^X9L#=j&q$mgB$w{(BSZ z;$G3-j_`Wx1xnu6(+En2qiYzrL=gG?=sFz1fD(|(fy{IYk7A*oRyi~oP}aIlZ%}(U z9}gm0SyTM-5)G-Q*K`*ysxcjp!{iWJ{!Ol`y-#Ws^(+o&B`t$ywsp!%tO}%gbA;7^Gi@!g!FLn2v&~VOl?Qo$oy-rDV77Qrx=Zz+>f(H z5EY^ia?8ur)0$RgTIVKjI=|qHFEU;|T}+Oq#^g8{NtrTmiWCF6^e5qU6yDHEkD@b? zCIBd}q%+W-3Ena(wSF|N_^y%5AQ}{mw4;DN2e#lVOe|tt4zXT5xAniQvf%75s2eVt zYIl<$iUQs_3n$YAr1xc%zyPQ|#1`PiFu+wjusz9LaUx4f<(;MwDvz-8jN*|eOV?pJ z7!%|R9C(}KQso!18L#c~;Z`&63#sHp2cPDp56pwI`H0`VgP{+T6je70tB^lsDVNLa zqD!(eitKe^*%x?iW`Q|?4SLR3pqFcu4#ObN%1KwmA$-H?bO^klluQxG;b{saEQm&E z;RWK4Y;XM$x+;yQ39N2w=(>vfuY&Q03WdR)k7-KA@;L5+*#UErtu`ndtKhwLEyuFfofHMHX9n zX4^s4@V^f5ZgH4iK9aOiNcA=M?%pxU6tl5b#PP4J?<-|!0PQCIA3)7NNtKE1@~PgMJh z{nm#`h>I1wVTeqmSzY-Z$PMkztsz|uf=)Q7YJhYs=ND3sd_ZMkEe?aT~!ZhtAe0Qu`>Wo(!2`dnR6 zSO2S{|AXc)w?7xN0V?$Wt-Z~h{{L+2>HOz|d>)Jbe}+p`P3$@i;`8PP_j6BZb)ql#V8|)?CBT3895KY9Hb-E2wf20s?+yFQM!^yFc(vY7(AI z1GzPGz0M=d`@6B{Pf`F%(GzNC83l=qB#;l*%nNe=tc!xRv-#_<(5OlLzfv$leCZJW z-HErQ;c&L=fl9H~MNc38q7nQ8mjaNz*Wo#p_i$fH(%e+y44#329EM3hR4S2Et0}Rq z7X?kwI&8T!kqC)EJINf+roDc^h^e7&3Lr6zfjaJLG8yl;TEhUIC7`VKQoj$+ryW0vTPZ9+{TB9A>R(NU zgB9vK52qb{t2HyIWQKFKE4`F~+vTse*7K96nxQ2bnxA{=L?5|wH)dprj$1VEDKD6u z?%XVNlk2&tSj}>*{wA0=31MC@xQ-O^B0(j2lKvPeML+SJZ}A$-Ae-vOa8-nV&z49oK5Iv> z5Ara%eVw&RH6^|(BG%Rt4+QZKD-?+~L+;Tdgd?^~4dxdwlsricd%Hccc8dpPX9q zjSbeNV^(_?Y;j?m7ie{H?5rEhlIaLMt8eENwE(a4IA=$HKhsqXEx(EBDEd2hyGQHG zKE=L?S>v+2sU4!8X~o*7=quLB){Oa^oAgVc#WlUd<@8j~U-?$4)wnQOR#;|sf8hpV zJ=|o^dE+XLhD^Q>Mfv*r5=6%Q)YPD4)`a`ilIK3U|8DYY*+cNpEd^Q4R@>sxcl{VF zO!*kYAMtq$6dbiN5sfZm@$Y!pd(a8GA1L&jcdTGAy`26w9;@0=vo~RdabSP%iVS_ z-2N)q{AzEnyBl6^b}qX+Tb=F8XWP5oXWQ+~XPsx8n=MJ8-;Y;b?zFv^V0G&zMVE~J zRWRvZiTD3!?Z-{;&p-cZeeEY-e)~`Rt4Hq-y#F0||M(=SC%25ifZ*8{D|karb$P>0lH}zS^@nbvb?vw4YC=!ymp-7da?6`Hm` zAItKU@>FFZ^gi4CnD4`XoBH7@hP@Cze}^G-_G4>5yS`^TlH!izKC*c_UA*E-kJ5e= z`@hri;7q+Rsrce%^#0j_Z6~;~_sIHS`V4^j=Cf}m_-jfo4*AyU(K+m({YkdP1?Zr> zF7UXzVaKK$)B*kM^Pslu;=1BzoMLE=7l_ly6RlAiC9V_5*s^E(Lub)lqEEr@wjX&> z-!o|4f#^RU!&|i;mjCUm=agki2aOe|>zb*B7uTimcj~+IcIeephdy+NCU}{FL?P(0 zbLoy^KfPhS3L3m7qak{~k)EXnEEzVlA`4$5F$zaTmsR%I%jzCe*2i&;vyI6JwY-6! zAT4%&FyfVQ4w#%uLZ1UUng&(_es27xGURG7?u6u{V$_pXkDS?(T0d^G4~v}JI>E5N zn2k%_l(4FXoxo62cya8-Sfl0{EyKFv%Qjx1A?WdwT9VI!&pUW5>tuDvU`1&jCWqsT zZU+A>gF$8+0W0{6=8L~J*IMG*xnZ*h>3*!qeeERVXA0^XN8ZSV_oFcNgDeBkYVPm_ zk>c?dl2Pz&iR-@a_Ve2)PDuA5l`GZtKky2UU^jfD81^a`csrV_5j8uQJ`#4 z@!AWTYIN)CfDY#LJ#C_lHWFrB2{W%BivNLzp$=gb@KsbttV2Cy+{LS-h)6dYq4ydY z#}SHr-(1lB)>sarE2!voU-ATZ9T54W-q(p3_@O@-g;l-r%{P`RMP{0bQP;xtXakw` zKQ^w&u440>5C7kvzkc)QpI@zujRHKTwTN+jX)43J>-n$M`9IFb)TgT6%wYg9<^IQu z@%x`IUOxH%e3Zo)lNd|`-8REWg!N&7Q}pc+KHT@asTmJoj7JuRte<3s zG?T2I;`Ig1jaOl1Yn>jc1prn#Cm~;=%tInwy39DN1z9vMg!N8WDEJbcq>lg; zmm4coGDpSd?r{7LJ$`6VO$!K z)Z>{MVyWj|DMxvw$LrnXHGXhitjD9Um0$ox{kMA2__JV(PLa9tF#vxa`{C#l`>s!l zjXdhAc?vQa3&>IDKd=IB88Z+vkoBmVO6ao#roPrTX{icw(H}|X+n?l{1VNgs-NkAb zTUl+lT>LxlLgj;px(cOyw0V*}C-$_Y24IHTJx4Zw$-86hUjYy4QJ^;%PNrpRslrVo zZ(cRq#+q{8dUe~&Ev+V$g@wzm|1Mg7yKAzM|C}zYh;v(iPPPAh{_^|s{ofZmPxhY= zlOBuwr^P=T<7Fv=buege*j_2-~4TnJq|?5W!z z1KcJaenQtJBu4IK7gQR!ALgqWxH0}Szq%p>Ubet1se8~_#$#^gp7Eq`c}KCz0ww$o z-Tuh^!H*TsZi5KmMmQ$+#BRMl%@MGgcz5bYByhj|$X~!BI+l`sHzI{|831>V;tLrM z6yS|z>dOhecZZJ4`V1#KvQL^V_tJx99D$iZG7{ z_7a=uL@2~y4bVBeJH=(%*gWc^lB_2;%UQFlan5kqEKbI((4HW-8ToJ+`<%hw%X|jC z`EMD%#Ks3hxkg_xgWFTlYuKS!1v?u1uragtszTY!vf`OJHpgX`LJO;Ve`x`Ge`7DT zxUIjzm!|FfKezhV)c>CywhrDLHV59KzcEq&|ML59pO@pm?tc67<;y4i|3jqz`M(;C z23kHg*ay%lkB9UBeJmP{zpt%56F>T>&hf?2aX+Hl95#p4xz^T<5*zC8WK$ht;sLQx zk=ytvvk^;nw(kTK^BY5mijQG*&32aX*5{+Q8!{H8Xl-cg)gyZf(b_*cXy8f?*}`-S z&pEXn7M2G=JVYgHvPGdU;UA2(2>+z9-|LZoaUjY8&Cy$t3!+nux6;-=V88(i%oufz z=KZ>%JS|^eUpMo)(v0HX=Gxjt?09nE#2 z6uCZtqn&X!cAFk~z(fAq;kK$%#T+{%yS8>5MP&7tMpRj25Ya&|niyjB{%>&+--r+I z-w>)7PWbysw1&|8F4umaE&8~d(3z6@DtS|qXd?&$LLxV}vdG#pc6}Iok}V#!J%AqM z%0iG~I8wHb#QL-yB)W>~z*>O!lZI#k`Jp^oN|{HQrQAkaoa|)|&!%ye z94&g_1GyuV`~wA9XHx(#LeEivr9L_TfOd&_e(bB+0@&C(rv8syvp z#;MDeocl~4qm?iq3HRhF`Wk~>Q{tnK#kGd%TL$f({|b+Yz>DS&%^m!8`W{CiyD9@* z)gq(kRf*YFQVK;U%b6GWRXrAbvpi05`iLwclhX*sPqKpVb?R zhIWB`oBE(#`bb+xdCiVEk?IX_0LGVFow-Ct61k_{rof>nKRK{a$t{hw>+oWx#?Tg0 z%j%13N3mY7surW_%DyTrQSBzqab6^d_0VWb%%w>g*cpRI&pTCDy@_`VM*g(ge>inw z=vy3)vUem-L{pOnsfB4NedxF9r z;~-HZBvDI4n??|Rs!e0Hc%um0ZPG*wOveur%=!#X0GO5IT#{H>%uj)|lCe4NQ23!l zro;#12}NmcV^#AN5-WkhfAWc9xXVB|q1%xm7}?s{9rLydA+o_n>lv6LMPr=JrZ~?k zrRoA}olG!j2yzB;#gwi4WJVT5j>k1l>C;I+8U-G9i8A=f201chzw5i~v>9U@(ZnA( zA0>wwBcUUK?>UJt<1M3wd3cCIYfdqoNvhhEXzP8ntb<)R-gpF_p2)OZtep)j$91FF zQ@qymyEHFT4wI55O|h?U93)ad#Nqsb%;YlOg?k*Xs0~LTr-cQMFm6?p`vgdb!L#Gt zm(VjmN7oqlc&jJ`7=54yu`a8@0bo5pap4(BT5Q`oaBlc=0EK~~o*M5bTu1tolX08B z)5vgY7!t&0lc(f|vxphZ`*U$L7>sC$!$9vDoD{#&yc(bcrNp9bmZusdPc;mAs-fhm z?SwC$18;|c7DLOD?bq)>^d`m!>qF=@V*YXiKW0>|LE*_-&V@0E+MD7O(NThsy`pnYAT%0! z=wLmIOP);)azEM3S2T+3r#Y!lRJS=&pC;{; zro*xk4cAPdlT0D|RFMm4yXgp*{wtEKVQ9d_PBOv8G_59kUG6+TG;7w(fQyU$UG7S% zT#D?_2yld5GqEGokbg(>FR#5JnyHz_+%|$NH~LCvwpY}Xk+vOFeZ8UEQvBeiK)p11 z*=caT!D{m|0gFl7kTIZ#wo#lh=ooQ3#!Bb!3?izv#|N!b*eJt)v+ai(a>}eY8!x;m zz0s}6z7YV=Yqm{s66P+fv@S+SB$a|**0`&?5zZJ|Q1T+Vuw%%dG+@wX4VG4}4Slgt zS+jOc+;n~O4OK|h9;MVnE@~EQiUSs+X;ikmzYFd`Z5=BJa+Qpt_-Ii*F-W5>Dx*z`se_Z+ys+MQVV)c1hsn8z z*TvjJCrLoC@oLK?K@@!)4U0A6XLV)5B)LQ_G+l~-Kj}meuSp~s6@Er4BG?^+C>2HN zR+t2?XQE6|uCg+TbYfS<+pGI@8YCdn{pQLz&B|RIpR1drFpc<*w!jR;^H2gR(podN zf4uF*gQ7Ka(7am5n^Ws+dMLbF$Gz?~c5&icT{2j$T{hIpl z)w&zL!ppuPy{^wXyneM#`Sdf@L9f=M(JMl{5q+FMqrP)qtz$3zo4Y~fCa_oOW&-VoyXX1&S%*3{BPBckwoJ?%nwr$(CZR^JN zjXBZ0e7^6u-utglpQ>Kfy{fuu*EzNK_jxiVfJAU-{R3j+P5_4;iJs+ef>_ep+?MS; z;L>RJ_ei*Xi^y>U2jx z<4ywg^ptwQ@DBKu$Ee0_#46${R0OUW=*g2$)euqMb5_kO2%y2oaaM!%S$4|C@J0qj zyyqPLU|6Pm>w^zM*4`uIoSceAh;0KGQ{IY7g%*9Mrv2fuHd1ZoCcd-Ikg_zG~Pa?puEtj9rp?kEqEFK zT6hR;BjCoOyH#QYeZ(B*Q_MRp6DA{}U?H&%X5faU{)=Q7@7%l4KlKm3)U&E1z9aiq z+Z{7U#RIUvtAhcEgQHyce%h|W-cfPkg9%;e&o>-K@3l&auB;?ue4mqdy!XNdF5J}7 zd=V_tanHreQT(!fs+SBMZF_eN-|s*WZI*R#Jy}hq4o+n`7}NogTBV;8KkU&RP@mTl zPp>;1pKO)DLt@;G`zs%n5Gg-i2zV;~?HRTsPkWr$vAX;(rJmWg&)<)ooL(S?S0oPH zkp_ITD!i9B&vuO?^4wI7ORIY^c|L%i__AK!7JY}Tx=85q5s3-D42q^&Iw~5(27~tB%%;{( zdzk)p)&xaM{fIjRA67MAQ`!1SWtzS?_WqkJE?C+2bxKVJnepW!u4GC z8SIea9Kdm`R^nt!m2Ibcg|8gin9hV}`@l)iZ|QwJ z+<^gga69!+4hZ>(grWANcK(4?xGE#7xLEZ1>Cn3Tav2#1o^0+;oB_bb?3d)Q*!{k6cWmmFzjuK*(UyldIAnFiHn>Qzx$@p4hEa+7_Zl(B` zw8IbogGb?d*tGepBi|}i@vHR?Klm4J|9hgc%rCbWpscoPa+#Z3^V2H4`X^7!GO)0@ zf{1GMtYse+i%ne|aO1UP-sXY0nL@;`27U5o;9iEco+e1(IrI*mn%xwOF1F_AM7HjD zqcYAX$L&=j-mEIR#x(>^i#{-~Ea?YoaYRl@ zFieqQMvvEhS1=kf4MbWu?ub!UyULq{Ptx?b6{T|H&pCwP{2s9*bM)n6GVei}oc&mK zo!hMv@9h&T_et)i06&M_SUA0!S>Dg1+pZ&m^`uk>w`{nb>Pha;We0h@R7o!!>=>9n zs_9{TB>&~1pUqCc018^`S=5eHNts)?9gqMuu=}`6 z*VoLyLBuv<)=Kc4{e8?wUiq6+e22}7C;Cmf;ehGRZq&z(5fT@FrC#j;U(Vx? zZDb!M7`QlCL~gMMK}kwe;H=yPGv6wZ<&^M+A?_#2~Rzp@D96U&)d5@E$| z$GNx`d!`(L66P?^=;ogmVS^MJm4SP4Q>L?VIl!_W=MQ+rIms2OOo!2ER7kvw<8Rl>m@$Ri`T>oW=C@ETnCV2DQoX3BI{LK#4_ z)z|xhq<35r1~^ftY#6OEWleF2qSEwAFBIhz6zgZj@^{Q@C8U3{AniqwDy)Iqu-`H& zgaRvHt4MEUWFU{t1FJAN{yM-kM7l7?6|Hb23g9jWSr1Y)!{<8%f#xlsjYuKbKVzG;UGGEicIL z09??#O7y$~IGQ3!)RP!&u#~(WM|)RQf7JTcUhkpgDPV@={?p~ue7t@X{HH>>-@8l4 zSdjl?dqSRp&6SkY=$PQ2u$VOG?cE0UtSa`Lo46sl;Jl)h>f_JLX_RIAWm@CbfeQ#? zykN6n83dla)M~M!3zI@VfrL`6mS&QMyRqqXCsIB^T$q_?drPw<S};l}f#H_PR>oB*k^^2!ir7dD|u zx+jG53TaS8(w<@GVRf1U=Gq;{JesCYR-Xg8ti^d2Cx$iO;^u0^uQX+Pp7Qg)rnA?H z!phtv5ajz%-Dc1_RXOi{4&tzV&1g(!!V%3G;XI$-e#y#W#52UskVeXgkLgg2R=Lk% zCn;$}C2VyW?UO5TFJ z4BFZz@=Vjyx_3vi>%Y=2P&{I&rLr}7n5knovtN8>h;K9dsNn*O1(!PEB#?Fww1FiSuQUYE!Z7yY0%dsT{0awQp!BiPV_b<49I0WVQdh+g zrCZD9zv1!O7L=W#IN%W!IhTHU*V$rwUk5Xtn0UI!NHR1K`|%|Q)rfm+2#I|^E;bE+ zr;FERIpewOQHr!fv{7&3(r29S{$Q7Lc0yfDInMp}Uiw7yM-$eTEYtZ}H4C|;jR8Qy zyZ+MFS4rLH-KX(^bBC;^*@I0{qJW|u;O9ai{k~O3muqv6YIeZDiei*bmJHeau{2zNzvO>Uc3Oba+ag}y zy2Nlt0AzK-9}^f~LZ0-Hy-=MVsA6D5P^}AY`}b50sL0Y9N8C!9=jP($=iRi`As_<9 zSE=mWYlsb(vKdx@s_P9MAKz36b6YDMan%+a{jM0_EL_R zsh5rMCqCtas>Ew~EnR}D?HRt&tAidnq4$9mr~{YQECPT5?U`E7K<91S_%|+$@7QQr zE9&hFONgKji*}#(C%Q;TK4axrzGAvUnO-+Z=LQpbMM~~~d{IRi){)tBXKGR$!KT)= z#)4^hE_ysG-`5x$8%?h02fr81nLlr8vFCm)@K|fwQfKy4Y^hmhzzQ4lkdKlJq~{Ks z=c8Mc^N-^I${Siu!aOvlbgW}URQIBaa{AZwXlAu4*21aoj2W_Z^sDR zWQSQvqv>=myg@sbz|AR!57r~falGm&y5ArI=s5(J98~RZXbAL2U0MHxp3m=pfoK8a_opp=Ipng7az!G(e;q^{QNp{xJiB@> z@f{I4P1{V)D0VvZku1)kttLc4)jF$f)H}GaEp<~t)yeujjy|nSB*GVSvtoK+Vx;%R zsIGpDZDumE)|3h8#xkpJl@UOx;B=|vlA%9x*_QqoWXH*@af==QNeR8f8My{ri!tXUt*{nS3(Ti~tlh zPLhGMR$DPtOo!@`(%cz8hCnWB^fh=y?R^if$#(2{gW3ZU)`A*#?m`q?p5S?o*cr7J zYU^Zeq&MqY6Jkrkgl*Y8bCqbet?XTJ>FtO9ZF7Ce_)M8vt}@0ejE=dG%jLD8Ybkf; z=0D@oTSEQY$MtFfm16Jmm{h4Am{IfQ(+ngSvH29ViJ{(wZ{^h61(^Ysg7I2KG~%n@ zobEX{`duKJPM2V?aUh}P=zHRvDr;6&yJuca{6qBR@(Uae-YfXzPqa$slVh3fdw@oy z2y}CZAnNJ3sy7pV2|b1T5eALt>HS|_ISIxMSNMZryE@Z%DVfYS`65@3`?CAHk+Q8g zqINjiF%?j?89n9burw=84zT?6rmSQa?vA}7ann5Jc9m0CFD$n~w*|wtgr0DXDBcM} zlA@P!F?7Cl7N9H%Rma`u*NI8xpHg6&tV(f}5;M;FR`y|~VxGJf6*zxzdQKh8lye=7 z?}W@Ty!$(BiH1P-n-dnnRuv}lVBJKO(eO%D4YpUaW4GnDQ$gOW!aOyg%r{nZuXB7> zY7L<`Zn|e>{p)gG2vRGRGhW-_OtT<{csbYvv+MqT=7-=OsnI2eimep>KNrNV4GX2i zHan7?T}piBp2~crObFr89DmpC0;r(iPXmT=zAFHV+2Qgy_3=Hs0a@yD50(p|@kG%H z-VO!}9Ol`D7d3pLca9<}Jcn;Fh#bx4Cior32<3$d_X)q)qIXuAALu>-Bidxy;#*g4 zglZgH@-{c>J3)p0?#MmJx(k3Nc^2CZo)I|SRZ{K*g7q|hH9O##fcW$H4@B`9B5G8- z)S#RXcxF`9c5iK=4caMZu-ELTpw*)uW&@nuBvr`PboL_LvouJzZrM4D$VcvN%#hc6 zc>Kkw%N^wjG$FyZcD6bzY`w;_LR4kb0qc;Bg7VC#Ua?i&oCOeEo@8s+WydOAsk_fQ zV!`$-&8ef@m6kohV^gmV;g45yim7bS48Q6Qs8P#s(4tKYK`yMB@vv;wj~+S1Zt5~z z2^@k^s;p;JqFO4W+!pzLD0`0I&>KB^uJc{_dMX|CW&*U_>#eg|K2-Hq1|fh#H;c;( z;zPZ=O99mq4U5iLZxYbbIJCttNWH531)c}g(>Yd8oSU3ofbQEtP8R7b-QbmDK$#kw z7KHoo%yXi^E5S6w9bb0i8bud3=BUzgJ6<=#O{QU7xPsx@qoAruFDCY@u14x$S_GJ3 zEOL1maE_DfgJBdg?kuszXqKeuA8!n{baJeDpKovREr&8%`p0_d$o7iP>H7yHlhms)u zNcKPkLkNz z)rrkk63^++qTlKhSwtCFL|BPu1I4#+cbX1@D9~!S7qkv?qlPTkY$?KrZlgYwE(U^vMuF_n+l2!#tYJbY-|-Kz ztKD)zPzl<-QO(zA-J)ioO=={ZdGokx!ZVWhx5<(6+Lz-eFtiW>R-N@-$hmkqb zf*Kt2j383Uwt7c6^iF)~oiy}ST#ctI-5ajdMze#$+V^|Z8`cuujgNX7rXuv&A9@R2VkbqF-UqP^aO9%*sJI8SCj` z|FA_hnz?^e&Rx632jM%Gt?DGtTx0NHKEvJCNbWt|E`rh%to|ZFguB8~wl}q7zHx6F zsp8KNAH7h2b(4Q_oamjUKu$N}=khOALX)%1kCnr8Nbg0D44z2Y6>oId#T2%@U=23q z{LH!F8lFV8cpfA!7?Y-#kt+3!bxz~ei_&^QyZuae?^-p0{^M5tYP(dg7SkK!fR2X_ zezHJ(sG(zoW$(EFvyLIPNc%wp(%K?Q>rkKc*t5eALX>~j9GSBDlM|>G*twa&euMQ# z&%(C-Z43Ub2y*{|3XHJ&y||mfe|8U~l&EhHpV6$^UWV9N=P4r)E`!^%gr>d}V6^qh zoCh+n>*7qQR2urFt&xa3eYgM&oIDST6N75>{hW*Z`qI$-R-2s#4f)GAU)rUMAC z(Lo_ZAX={g2uhMEZT1I@@L-O;#^R0oI+JsEewVcZRi&vsEzJ!!3%a@CLPf6f(^qDz zdR{ZKo*?rWd(M9SGU?RDHSkt{7S=0HFHzN;UHZ4BUXgj+>L4P*(roBXJhgUqr$-Mp z&9$aC7oO!$GM$E<%Sq#`CDz-Bvz&RP4t8L=@Q)rSP)I#rKndYgAHzf!gcRHNoMH%5 znTCB#L!g`~wqch6VwcyY)(YEBTjmTyM3(`yKY9uWhI;|p5T+Z;K^b?0_D;d)Re^fM{WLEvzwYKd6+m+{t10Z zA^fk>uHLvJ#ke_vbIBIt*eQ+UnTSS{UadgS-26!@^>Vs_d>=CBw;ptYvA%YHb~^a( z2w`{H7%qIoPOw4*M~SCkfS;o~`j3Z#3F4=(FU|5qT8qUl_ng#FO=d;|F4Dg*Mb!H8K-?`2+YP`tS%5suNkOel2(J`mIXod(r)2% z#tBN!OKNFd!dpHu>!(#g0C^+nw#rVWe*BpC8$By%4n7YYZuztshv!uX6)GXp{-b_3 zwy&cPa`>ARm=ym#=0c*rw5#&KY;aMtL0Nd+V31mT6zS(|%C~H$bu`GG=)GJcu=L&3 zhxhqEvQYAyfpob`y|aH~r%T#|VwGP6pZLSL-O-l2guKVVU#mXOq$ zxIJ9U;r4kV1Ph2eXYFzbI?Dg=xFhvzu@|)%8iByr~8tzU?@&`0iXVVEzhMHT5$-QO% zWaNkH9|AyE0amBjf4QiO8++>S+BuCUp%1!ZS;BRd(Bv(2-VGax%lg={1Ax1l^9&8? zo=QANjlDP9qmQD_X$=dXqXE-M!rF+*bS%FuX$*t3BA0L*@Xp#qJdnyBti`3l;?@f9 zm>sl%lx>!d`kz#6pSTnT0gdd$5-5$?d0t8m9ZQx5zZdwkBnE z*|u7BTSDU6R1WNxyX*@INEP^ltIG6kL}yC%C|*?@Od0jp{!E_}sBhWPB7Bbge~w(W z_!&2Ag_dog*5(MCt|zeA@O*T{h>f!?3$<=x8o#NEl#wvqo;=dS={*bloblX5#r@>&U zok%`ydS2v~9)+Tj0##9ORE%IZz$BB+tTS%ZQQb8MJY`w!J(6oN!*{Z`C9!1r>fPZv>TaO`zo5i;EarR3@I3m?g`1 zZAdQ#Tl8tpUGciuq+sQMye4&Ccv~>LM?gMO3#}dVNr!Liyw%|c= z^6tBEMNL_|8quBbAc2X@h~E@jJfJXl#kxqkhXz8sScd6H!e=k>{-`S>P@5M_?q#2+ z%J|Hx$Vv$AsYM+nysLb`eAn34)EzmkK;*%ZHq3$?sn%#@>pmI2QKIp|QSdB$CmXyG z-$l<4J*Z+Zx?_;I62@pR%Qja z24WxffS5cPeUu#GGnE1Wg)d-zq%2o2fc8gc546UIjR{vG%OFM(YJR-vj5ZAZqAfyw zq3PnUlF=bVO_zMbW%=Ei<(}{*TKYRS6_;q@(NCC>wyUCKd>7#XeJGyS-||{~1i(An zD*AA?sDacZ0p_U;-wtmph`xoiCnQISaAXo7Wytqdz2kq0eTFuvp1ZbuATIS+AGiyc zD(!Wpw=54wNusW8M9ks=*WRkK2s^{;_y-hE0YLH|N*zzV++VFn?i73xA@2P;XF{ov zWf4Zfgjcf9jT~x+H3eD&G1{WF-|Yqf98WxQ*h8P1Gm7G=m(i{Kg895O$bE<5kb>co z1g1Bm@vEYZ2t}R0u=v~?Ix``F{)j6b0oJGx%qg7_SNJ&Qf%8H^g~E~}8=|s@+UDs?%eI*7qF=41_o$52!l+)mq}grl+Cz`*!o!!NAoeYkPdLcg^z7svkm@AB2BYlUFg6r zZTbbSv?uMhNpCoR4V9 zKf`@pU|>+5*xoqRjf|ZD2uvmTyuL*?rj*)8o!Io59+>3~sQsC%HacyaG=}4W&7H1; z)Gx&9(OQ>)qK(eQbb-Uy)}rQT?f8e|e6!+0lQ{Lq(|tKB8SeY~$w67+V$0tyc;3T^ za8%?b9Z{7er`!rY$K_>dzqv_UJwDr5{@MZL**1mC8)egtAi$ZEi*dphcly9gHD126 z)9k##Jf;S26M#opkL8=O9*?eHms-4T2K&q}R(;OEt@`Bd`kYDG43mA#(|^a3ly)L& zBTfc7N=${Gi0R^zM5~i zDw#lplo^`MTO6lk1yatN@y#GF{+~fcSGaogl?_0t_NWC0fn1KO8Mr9c%_X(B(_ntw zh`HZqTuPT^I#Eh)r2H`YFX@HX!kXP_My~QHvAj$EBUrFaOjl-%vLru8&!F2S&ZPoq z`?*X8kYSV{SgVcoVIrQWlG@GwnOkvS%+v4joKh=R6@oR!Buu>uOy3tSK6+X_1fcy0 za<+-(Z|#c-go?pbb-gw;mDq2=R(A%^pdqfFI)tYur{1LJ3d zl_@XPFlgq6+eSslOk>(C1;3q=;fLqNKmM*P0?WUQ$qkw5+u^{JZ3dDT&Nv;ixx}sA z8+N4H2O7@#p*oLGI1Y<8-3u&C9UvoBW#?oSzzc0rPR%;bRQ=krG`L5*P#-C_GXcFM zJtB>e)KHnsiGwt~$RgV($LLAbi^Y80=O#ZG>vJbs{g6FR%ZXh-uU%XekK1?+XXj`` zh<`i`TK4jPcDZb>oe7RQ=Qc&_aG=^4WN2`-JUqu|&(=^_C7Fyc)OXH?b%4#J<<4M{ z@yoGbT0t>z{C?0@c(zbtB(JoMg?SB`4Xy>!xyHLlX zt}ACrdx1@A6l>`AUaoXyL>566hm#3 zfz)9Ip*De3Y*hnOhQD(m(Kl3Lx7Hg?XMgEO)xb#V+a)4lAFQmxbo=r5@I;yM)^EW2 z&&x^HFV&!pooixJ)aGScTFRK(wNem_4Ml(K-Q^N#kl`c^$&cnhCPnj7*t??1CY@_e zUcewfvl3NGvo`g-Sv@2ILT=$N+&s3)hW>p~k=@0E%7LMEV%Fhgb~T47W*nKZ(qs+N z@O4kXduA%kZ*OB3BMqylg86Sm-;Rr*&8d-$MiwrM#=N1aZchnGc`h?u?JFZPhEP=V zsim;4pKZWO4}O!qy!|A)K9jNxu8OtTl~;LB%8$w(ygBdwK>7s?9<6sIt@&uGjVd;F zI~qlOTWI^rxCsU<;_Hwfnpr)+NL~%yA8ArO@2FsulhmwESTT+p;(5Q7^QONriQ>)^ zE-Eu16x~NpIG&AQ$$!w~9VS$U7N$YVAo`vJvAX+rV%n-2NjsJ+3+rR>*MqY#etV~T zywj-QsSdH0R1o--b>vx7u%o=1K2~#uPm;2Aw!>%?()d4~dEEgAvt78!qaPu*2j zf2Eq?HYEryQ`z^NxWA1(uM-UA*IgF9F91HV=Ts{0lqI?bAP`Mf6w8I3NE+Ny7`X#z z+qE!4$abYJ)OZL$%N&K%v3!X3%Zs1g7RS>F*_SxxsB=N5liSp@=4fxZVC|P4|Cs zt+z`SBO%lt>{h~+@WV0+n-30LaJ@{3n2+}-E`=}7+lA1(&Gb(<&`$K0rco@3nm0q| zj`bs))`&Ii1Y+kktp}(%-YgF)l6xZS`Yl)>=nnq(Q0`TkN_sbX*stcIPSBW}!6yN< zZZwg5Iuu(fb7FHZ=Y;#~%friP)X8e5m?K{i8qOn@l*C0+@L#(ix*g~&GtAO7z>hS9 z$*QQnisaG3B~*qVRVn7+J2n=mr?&+(Fcqqyk7?u~zSlU}ZVG)8h!b0X@T#@3R>zHx z^FWG{#_~2_Oa1sczc74e@C{>`Iucr+d7MaQ7vIP=2M7aa)aZNP#X;)7O;rdSY}6D& z9VN+$D5U3*wB4|i`MD-C)<`Zw8Pzh>=W6&ui7Q0$LeB5Y21N5mfBrE^`FQR4Y1l~3 za6gPJ^PT14|M_#YVVG-jtSC6D4HLS<&P&pvlm0_(7_M>%ILS4vPCP!lr9HngbP0|&zm_?bcA+LjOO?(= zeOZH;X{#C}wIbCA2agLWrWEZ9&V}F=WA>3|Au@G1$rVf%Q*{r4t-k(nj5o0&d@F$d z>Gku!FWrPHjt9+Jm_!9f3B93_r-fCW>>jjK^5$5IBAEXAaK?%%dgazdA5hnl((CYE zl=W(#+W=xQ#W@}_SX%OVEvrNUwFWiQKO3ri`4R8zL$j)2yuFja@;|H+7#z)k#F2=8 zN*k3t`?uSSnbs;q*;lEo@)WuuXy4Qa(mL&ybX|!V!?Hm6O%D_RvY6InfBzHksHJAx z-|u)mVJTK%018j%5kz5rhkf(_&!m-^BL!B%#N{BuOd+p@GBPMNeXa^N^rUKBSQD7y zvrsSN+bkrRqoM7UvOHZJw3w&RSqUgP`=s0#)0wU;ItTFFCr<9)CHfX~@&ybkP$@Ak zJK?4s&tEaq>ta6%VrgfX6i zIt~|ZNSr)V*@pF-Q7$|OEk!c=O{ktof9Du_g_bkhVcaUKN{I(6GHZVqI|G~56;ajn zZaCQu-$>p5c3epq_3NDw>?CLajtW2$l@c|P5;v`@TxHl66MGSxL_M1X%7Y+7W1MiWuj4Y;fqN~(>%^f!uO;+;S#!;#IQO+qS-U3 z^kM~C{V4&+@+)H5a&K9vdDe7F2! zFlFI-k!rrY0m?!0Vib=Juy!IX#n9iVcLRp ztu|SlYFrbWRBVXpctpl@2&LfWB8h?Vt-eTc!;d0YeAf-igy;*BrOW1GK^*;Dmsa)2 zD{1TpNf2qG*M(wJcA+wF^%k?U%9}ew77QewuH-fkPZl#~V9RLU#th&gvhGu<-R++` z>Y~P~ydw>@a;>KFtxYClDy~G2WWAs#E#|9?Wo7mDi>~5zR?%&mxhzF1XPtOOQKt3v zADI0hF_6MBp~2<3YS09qo$P0&60Rs0zfa-d?8k;E@?32XQN5E+)tVXIkGa%fqu&}Lkhs{8S3Wg1vr>Q0Z_Hj$?;0(k~j)_Q;W zFZgd=3)C<0CAjhgm`OIvKWa#0;-&Q2rzY~6*WfzLM2y~q1cYj8q!{;J%}Untv%V5* z7O->_KFAds8wnp+9t+XA@@WlOF#a3bf+14{g${$eVx17Znf{V=V+vw#z#p0l*Y>4r zlErXGNg7|jHj0;ueX3*s-xbl%(6Ygp^0kQj6Y**IFGgrX_G{ouERWH(DSFN}McO!D zp&zYi8DuBl5RY&R)9pHYF=<^IOvZD~W^|zlP>CcJqP(M(fYc&(wh5R0lq7kDpJ8O6 z9sCmfn=P8SeJZJ-KN$J#jCFN~tGoLgNO9o1>>te*x+uSSlQ0(SYTs!3IFb%>ZP+cJ z2Tv{&7K=5KmE%M!`ZLdYpl}n2=g|@9;Rk%%sRi@`%x|O zBF_IDr5*mn^XxV6Q3{7Slvj{n3n=VCqqyfb1*Cj5%OGj;U=GQq9|tDH{@M9+b05(F zV;|HoeA1lOiFn9D%9%1|j1Cj>LjI)u7t7AzL{3?v_+MxC-(+r@Ss?A}!~mS%$IZHJ ztY9u5&81Vy!K=(VBSU2qEBQ2~nx=>AII^u8p}5Swa5_*2f0&=kbSl;c0j-209iGDh z8=qRjE3b08j6Pv`^@^y}e#1+Vq}3Q&OI#_j4IVA9FrKSvLA}N(19Bos^82OJ44Hsm zaoqxdX@~20P{BT39ee2(#i{I9O4LkrCI4gss9R4%IQ(_faaGA|``kSfay8!jWC9i_ zbsu?QIz{{)B&HaCgD2y(F4eEm75@g5W4z@^A3{L5T)6)_;p_LvOio8BJg)ip^SdeU zN*%mNth6`s9}|T~#TtIkr(f@tAorqSM5kR89nQJJF)r#s(GZl# zHYvwZr7X+!&yqP)pDqVf?+Q!fUUW^SKSbqo>kTpEvy6>eo35&na>>E1{>7fW^wS~7 z5eZkE+dk-i_*Nj(Q^uvw?PP3rH}5qT@#q|rDyV*3O62oK7y=)+e>F@||K~P5yy{g& ziL+sr*ZHo~D(EV1BCGllEuU2M{7)kL(3E(V+9rm1$=H)59qvO%?#h4N)%L7~V*8O) zA^AOXFljJmsbiM%?po6U1vnE->31pq=BQ@yq_VbygS&>}32RonAL>wmKq+qW+gB~o zvkYrnS@Y*-c8ULaB9_F+=Qzqok)V4nhmvk3#j_%PS80>T2cc|6LQ4Z){8!_k9iBHb zV1I#aY}`<~V6S~{Cf9$xgLkUkW~rg^*{Kn+6y)?aTA<_*?VxGlx{H%U}%!m;x);%AOxf>|QZnDllB1n*xy1 z&HRq>2t<+01zKwBi=RBczsGGyhOzEi4@9k;SnPTi^Gw!D=9rw@!smW6l(%hK%sr6bT3!J0zV2>iE=~p(HVU@h+j8`*=l#*r`}fHB&*I&9?j>^dWpXyUx9hJ* zBR5E&NIRn9b>q&*uKv;36ZWXw&3F<1Y}LdLHX|PQ!gkSpk){Om{91gJ7cki+z(hNo zrnB(Xr@Bw`rVc*3A>z~3PTzS`KxjX?#ZhVi0jAOd*tl?rV-O86YwcnXwwU=)p+4YY zEx@@?xp7tT2Fm{*7KYMThyQ=kJp`=yHdqaTa^Kv0;!HVve+I@I-)^P|e=?Y!3UgeO z!dZoh@3K{ui2Qlt{j~>U_)33>UU2$ClAFL!n2WhJHNtk-~RkZZB6O&<^%8PuSBOuPF?j+ z-p@6jxYV+ouX^qSZEGiESW}zr=ck-EC~Y=h900$Y=$$`2}b*!4l z80dc&OInbhaGklY&Z8EA6%1p{SxrN%WY^)O4EOxzO(`!J7@Lg=vX#v(7AqOCrG6T- zsM9Qtd0@{v5YcOPP1SjI+bm0mKI=M4iJ{&+p>AX)<_ZUTy&hPn| z*-c?Ps3C_gc3Pr<>3N8MgQ+=tWfN($w@J=aZO>aHfol;uSHGLbo1zmwF$^JH0YxVopF z<#!~7ZhdJP_Xt~+a4j5oP_CP6GpvOAn*xY~hwxnqBV&I6|E~s`CO2`908cO1+v<_@ z#k79sjRQ-=Al0qC>rxFxws${~hTJU?{`;TsIDT(WAE#S@ekUP$bP*#YA)p3XV>Z;> zO8?O?mQH!8-?f&o3DYj8_uXdJJ|k|({KtH<8&2`5-6p5oCD!PXeCvx8T&p;9&To?J zrL!%;sN~C>I_2yzkR1jThwd&YUOb}mfB`;__bW4%dM!Knh_-Vvjz86guGFf>M2tf} z;Td=cD}!Eqi)UoY3h7ma<%hnWj0-M5&e}`3%Vt#iM>7u`~M;{<^x%?HwA7?-sdsfvtyJ>wJ-y3Y$2Uf_e3Nx@yW( zJEOCUgAdLxSLbiddpyccN!g6eu)tbhB_UL_v-l6e9^QAT4dmSHu58IMOjDo;za~ixK-+rXJp);64`IW* z(+sO6DEjf(Zf)eL3l*qchQ}rTVr_oQpQ|d&6db zK7PUB{*bq7&y43{f&7%A!aj@9ba5$xxB6zrGK`fc*5UJMcI>4DeU_#xG^)4Aj>;ek zj7|QSGXp&xf3)7F8TlA_-RtPy1HZaK^$s@uKejKiO0ZjQrG693HurxSY^vv*NVm}n z=h_|Kg$U#4E>hPnL~_4h_>wLHT@!hk|2YH_CsNr7jx&6}AXGpjPNi}X9IuJyyM*CW zIf0}0h`dccz@XS>ih(};29|(sH zaIc{uyPSbsR-=p8-be3`fb9Fp$zy(cwpt^y@bs?WJuKvasqhw5ZEgXb&~oB^P75$} zC|7u=Ai6nfuZVBr-ci=$R>N|sbW0i?pXsXcE5e7i^02x-*-PoV7*_gWgmoo^-Y$Dd ztlYpV#y}$dMoQkJKwr`0@T1d*N{&^bc}G>{8W<%RcPy0f>(76QMlp|NUBQ^BmnQ$) zfbK->_}YLTrL6Mq!!d`HSIJNV68Kn+874 z$Wb&r5dUrvC{E{){oXLhG?kCw0dJ?6j>S#U3z`FuBuLb2QTE~Gd~dlsOa)zS&-8nP zkN5Q^=TL+Gn{&N9Yd??wC2^=^ zjhAqeW!)U#6h@#Sgyu^6X*I=rur=I3JKS}$yG2fBo%T$&tpnj|zDRIk1SgGutTW!J z1}&0&{Qo*#*{^l!sjdYmtkYZxuXV}k{;$%11~ZxI(H0!uO>_vWRj1>&b&3x441X%1 z+OKH2#gpWk!LM`3963f=Xu)DbXZn8+y^8p9b%wasVkNoiP*%5WHFtR?*NKspMhZVl zX{4kpqv}Yb7NvoFRzg-Oy^a?@opAYryxEj&4GnUYMq^VCW32w)ZBIr zUo5JT50U_(zwQ3;eS1o-;%;$ef*y`FDRXpG`DOuO4y%#0!LSa=)pKz)$Lv;DshdOV z$vyoRiS|OUbaOgSbIfjyq#FPik@3;#l*06tbG(J_imVKduoIlkIH>x-(F2q=73n3= zSB$4QZZ>Ho6G^UMTHP+HF(zJc%5RZe_hI$|pgvDwHOYIh+`&3YehTpNGy0D}rCT%# zy$0}ke+dk&03jS2?J2pcken&(ORMA@!I*Sj##LJqNXN$^R!+D{sI8%Iuw~lV?43Ud#6gkX-f%#hsf)_nbQ}lWClSL%aSxPc= z+({(ZV*%wVyXzPObwf$#iJtFgk}rd1Bp!$B!E%~^ozzIe)Po03Fo_6idN~(HcDe5R zZa*7&d2n4Cl+t@3H#Lh+cSn-juk?>Klydzf2cBdsiNR256nk0VUEXweBq`v`RC&^H z(8C3kyLTtV(Kt!~#3U-uc)GuhR=~R|-G@6O*^j~~KAyZ-<~|3E+_`6q>|S!tf|f@j*Xi!^xSKu>jHW!{$&DSIR!Z+A!79K5&d!(n$-m*c({d#Lw7Xw~xO3G8c15BKMM31WS7Wa}g9^-=1#t&wcgNgaBW)tx~jpx8f17odK7akwYm5+Hcw#z3%l&>*^z9<-N!hY?VVlEg>r zNAx>NanYy>C{+6{X>Y%#Lqa@1fKPdRSe0x+_rdseP|+x3VoazA*A;>HJfN{Bn&QHw zofN2>M3oAJtBHer3k?Y+iUr}#cu2NHY@EJNHhCe2HI{mi+RA<1U_#K?Evy^%-+0qH zBR@zR(EpA%fHetv6W&}Q91&E=?~2S%Y7?OS=9^!fIE03M^9`N@rr1O$?-9NB>l03B zUMR2i%;WZ=s}&q(6byG5%PT(ureJiro}AZCqMDDwcpQy-tQVrmtj0`J9EF-GB`}WB zk_f}CQ$_mD6(UCubrrXS8fjE@Kg}o;)oXwR9yuRD=I?f4x8D>8SOd&k3qO4emYFMt z*H4m>Y=S7!<-NoQdLW+fe7F1SMn6r539KGHn7N})6I!vYCdM|;jBU!DY-9FK5?}_n zm-A!_y^yS}wSp9f8+K7}1C0^?YP~rYbgh_R;DDvRvasMo>r4*H<6>$a4$SPzN9Ede z-zQJF)KPjRrYg;`tTwvp%gq~S5IilI3t2F6@?H4DZ@ytrumkms)`m164AgDLS{h5a zJ#hRmdy#j;wn1wXogj+~m?-GDs~<%;A=cJ@@}b@XRyDv78}R&wHGP!A*7_PD@Fd8N zgt{`Tka3I-=}>o+GD-?MSc>vaAcssJXz@;qUlqL(jMuzzfMU{AwWlWbWC%N?U>hpX zNTY4Dcmv04gFevUX|~y6Z zG!4NzCHls{-cRhUtu;j3boj$;C`4Z=U62JSLJIOP@`*#4Yy5{Odl1Y^x6e3l$pB`I zdPoPHYFC5n`d~B=iT}GKvkF@JU|ocPpQ8WIWaOid>qr^cg zmk#uK+b}0_JZGpnm?jtwRh%q(u<{u;udA@>tE&1fjYr0;jrCKWEZV5n#$ z>@d{M8qvW6RhBC-BOSpEqm(&oa3eYZ@JHgKY|`fcu0kZl9Myzq%t4T6v%sX2reccJHi_|b&r^BS|obb#W(7{bLLR!*iuz1SYc{=h*mytn|-6C8zS zlH`M=4ZSLLta{~99Vq&E^CO0?9!BgiA4WgzWB?+Psz8v5GAERsY*NsO%RIb8&qJrs z%0OYWX&CBhls98-ZND$wk45gKznJkglrac)C>g`J9L3Ur`b90&=4{rr9P^P&V-41W zPgw8W@0y>G6X49JVjrSz*LTr;3He~mlOoC2r|awMX1=I4qqs*)*7ojq+atZ|H2W#6 zvBWXxk<7l7H{$ss8u6`a#LGoB;^nkPyeu?gmm5JM8?-~Wpd^%L&rtxxRhO5MORWAS zY7^0$jcCCr+hRJ5hZa77v6D2O$SY(7dOrH0xf#F#?|2@R#V|=Qh`Z9kVUrMN2RV_4 zDT=aTfWAPpks3=C13sbcijo8L1XSG15F3yaT*fkMomK~48sm8^a6#9(f)>G7E}huz z!{SV1+AKoC9&Sr$t+5yEitKGx^4x!rh7!>VAY(eW<6H;{gMVu|or;$pPWK zkq=KVk8MGiYUi<+)X7xix)HAiN5S80HZXJURD56RxP8?K9`x7~y`MYI*i+Yhz;E9; z!(z`JeoD#w0AJ@ll0VCf8ND&BZSGk8)QjqR=8*76;0yy*)f}&^Qf6tYahbwlAv01c zA&3_ly-q9cB}F*+`7cgz;M2hM>GwGcPh$@Xm=@ls!JIwD$)tLjA7t}r+920W<6=DA zi*0%1eA?%A0@+$=x~jkO49950T$;U9y@^>a+~GeY$XIv}C(*V+ld{0-HsSR?YPyQ= z(Zp4vD5~sb6k0}8di{=bCI``#gbf6)4-=PbXp*@6=Rf~hnrJ8iz%*kB8QNBIjy&bZ zn;B*=aiPu)538go%Bz~!Ia`}$A`SB(K)Uo+VVYHcVXL&3RFWBAa%$;OD+^b!j1|i_ z9>U;EW@uiKq|vex-Ew>Cs*+`>suy>;)^fT0)V{|HCC9&5Cd{7;%^gnZgS1D0u}d7i z>!9h4^wfA#;>t`FOiDtIQ8|+!SFFme-x&UtD^cZLfP6tJMO(|{K&nnfP`Nj>23U-i z${>ODbnAlEU9zP9O#IBc8$*uQ61kS(FA8rj`SB(1GA?&_Ku#wWdu|Eop)Gza^FyA~ z_xl@Kbqyrw3TR37?}5yO8f4muXZvU+=95m{iv(^0y7^AV+`qtg@$p7cSEDp|D8G{q zmjr1R>{YN6GD=9ymGyFSFF#k{m?&F$kg|^BejE+4Cs=2oL_KYW6OY1>)a2ofvXa09 z0JUXaTib1lw;fznSgT+j280ZWI$Y>#+!A}#V3kr=aH!II1??^0A`_=?&o5q|9YWd5 z)7JUAZk#-_2M zrP@E&#jQYmzWWv^deV(Nxmi`0_xq)446j_#2ymy^{FnuHYx>c)w$OW(e{L&=7QWK^ zj8fHLKQ%}`?EH#$R}R$^8}{e=Caa!zmC|39p)KrT!YC!97RbU*c^vtlh&J~ z%cD1~*N2+i*PDFmpqC$`VdFY%I^Ugiy8Bhd;5Q0Yu(n(V4;+6`B=COUD9gccQm6Oo zs}dp^+Nj3Q52{F8o(((wnR2k!Y*B!nn>ikRyqlvp#d>AJOtA1y8hS{xrc1JV{^Wxs${z0&#xmofPj!651-JVsDhTKh`qI^YXYn&gp}*w6CuTsXET=RmOn zKnc^?mxpGvxn_*6ogemgUheHaZ@&DSI6C?1tq`wX{TVQ#qm(*$Zh=HT*=a521>(=q8v~Y%|=DFsoTe%KG zov#)Zm?kHTT(T6Q&rVlnDqcCJ(ag?Z#}B!%&dtK?THdjZmM!Dsdv|AV_uJ<8&yDeo zC;xb{zcj+X`DX3;&hzJu9r)j_QS`;P;`N&g@nQE@@l)%fb-X8X2?>v_d1DF#N}UA- zO4o{ltBj}8JUF~)9U)OvaFOie`7xR4-;n-TId1ZQS7vDAGiP^qOIsQS(pA8KAbhlw>L5eF+p;|MipXa$z^rB``a zi+oO<)IP(dev~w#ZUcsUV;Dzxh_hMHf9o2m^C{>;@~zNSzf??PeOf>>lBXEHr&{jQ zL}s)6p)$)ag z&>(~zG#YyPc)CdQ`8Z7~`a+NjyD2{W4Cv(DiGA2i`n&YelPJ2+9F#mQB|kRs_&t#ds)#lv3FKo(=*@vxIdMS+8+L`-sZ{8_8W$^q_Olf z^V7y~>Izm33nf~YXhsKOAFjp7zq!QrGfkqw4>oC6bso{>%fTq6os70FBqh=y^3aIf zzu z+9yu?#Az!y?X1(|J{hezhUpZ-SYF$YhBvX_>!;$sT=?_9Q3?C4_%V(g54ch@*VwG< zXY0JlC*6R4CXPb4i34IA?L&bn;>{!9^PQO4nfjb*{Lz9r2LGrxTSBSk#PjA3bBlHL zYJKy+*RanA&JC$L_+STk11YNHC$#A0aOA*Jd~!UKsZJG%=Gwm$frwXmM_^<1a;|a- zCtX|n9~2hUp@&0NqyvwDvn1QcNBf5-=Z6ib=HJ)W-i2gxn<|?Au zcG!Sa+s(CeHJ|jy^>qPtN6v*7g}o7)$M^7}dZ=#skx4k6y@lQyc{Ej8va#kg|JPHx zV=^wBJG3^T^?!FMa-+uS<<%@5>|9%(V@4npq z{>A?iI}5HyWg4NE?Ekfcb=;klFOH&g()&`Q#6l~1f64Huxd;3mt=oE0e6uIC#XLMD zQ;K9y-12RG5?=R2lr$2MH-a_xEI^s|M0Tq(yV9uh0kZ+oumekK1OAGie_x=c$6-VJ z)}BUotiaw*6K@Tg-+1x2%5VHOwa$6Yz1{Dc-xjIvKxw^z?%~_yfogtjWlvq&t-7zeUAUPF#Zsq7o!8KEUL&KZr9|L^pPHZ6jB5dV zCX3(DX4so_fh-hw7f>iKExa>r(3MekMv`rZK8DdXeue`-0lVa@ge1$+rUiXD_Rvzd zDO&qS2Mx_tQ{GGRF#{dQO1~GP&xvG9{3imrXbWra%WL=z?5fuz6KXW)A~RGxz;vaD z=bz2BeuOCMZMkt7b_1~fgNO3K zS%nzILEf<18^&v617BSb#n0XCe)3v2v|!e~Y(C#z``k;}Q<@`SS_bBaG)z@fmvA(UsO}*?2AN`tK=?d8BIbTlD zTp4da72X?_>O@f>o%}P!nyJWw|6bSg{NL;BXolS86bqFBgk4xKG`-8HbNCu!1?$FG z4kFaou-_i-mZpPNBr0?U?YYM*VSto9{xi>!eOjxk>R>62trguhGWT6 zIc;A?YB`YgMzPjY?j~t&^ru`rbPZW^wq|SRP77-G)K0BvGM1UYxhm=m5uwY`XrW{( zIn-H{Z5K_Q9}ArqB?!3vk7!mHYxuhbjTD2V{cs_G^a;+u2~nqIUMa6_RpEKx_h4^W zY5+VZ7RGJREUZ9~x}8{7k>wg${+tHi;?~o7vAnmD^BFK+Gym0Mg>hg+9IY;1ZcNdEXB{>_=xLn)f?v%zS-HSc=rw#Po(?WU!Q_s z=G|x}+3ZX!)6cTvbt2<_=6XSYDhs?bpA?ssuIa8)r6R!`mc)s)P4>cL|ka**-7c%@=nvm{r^ck_hIBJUlVy7;H24Yac zVTMJ=Sb}Y)P1Wc&rc%C~AFxBj>C2V6W__pai}B%E<%8U|yRHVLqAagySq;e5N=D+b zvlw=ad76utcVRU1^jsY#T^D`c{b z7fle|W;$HNS>R;--;0+o$Ik!0|88gJN&oi{>5o6QzcH*fYz`mJPY?dtP$%$>BQkC4 z`Y_Q%>$J81Gubk%eY5@NpKEJKTwM8sJ#wLm1{OFMUJVd)w=efZo^36Qzo6};*tgYh zBiLAzDWo$TvK?P(lX0p{PL%=W+Ak6(N9Yo@RDAb>>^#w)$92%yBSE{%e`E$WiY8xV z!mE&EaiDMJ!Pb34d3HWHImf(o|8^+d%_cYUk3SmhPG089so#R;)oxSYUdM*e&Qvs1 ze%Q3g-$e60E8NY+zR0kt08VKv1mwcBE7t##H2#vT<25)p77nwc|9x;$##tM0mwo?DMOiWA5@^;FB)M{%`kR%Q^#c>LX|oK#yElj` zhT=n^Wsa~rAyz$9=R)mF!lI?`jiOLA?)em{Piq?G)ZZ9eYuNlmXWH<5HwCF3f1$7D z^=zi__tx3BasHTpZ;II)pan7ehG-8|i)m1S+MOGgw?b@a{VsW4&W&1Gl5UvlX)3ij zt=(h$js+o5L-)>D9FQ%II3i+a+TlF=MC9N@Rzvm_W)BxirZtrn3xxt^v+-wuo0;NZ zt{w?f(AmUqlV7}b@zr!lGLGw1tNW)RksZ;P;!Uw%On)Eb2uPPH$QZMfsT5K&fvP%t ztza?{4D-ax4v_5NW(GjAuT)EXFgjo>W=#Zoy#SK&{W-o?PrDY;*OKqwWJkw*-DE0{ z<7_80j;5l6-aA29A~g-jdA@A(omxT`f}?%!7+a0(Di50AS%@NI=SKgKH-#>PDKs0@ zwzy6o4m^mULPcoU%{hvZnv|MY}symj?eAAS1l{u+VMjx*`3Mm>~Uy` zwm7Cpg{18E-1L9HC_G321W1sgWIGYFJ8hA86o5j#P^gkYtP=+_ZI{Hp>adlDBo}iM zm+mTP1N^=m)JWXrLzI;M`D&P>9A^ucwznCXVQ$(RK5r`W17?n*)R)gAqaCul? zfE;Ou@5X`cInmfD!pF?8gs!z;b*-sep>MZW1r};JrBmD*6LQ2aI!AT3CDoH7sBm=y z?p@<%Ya^}O1k5ZZiFGp0wAQ;6p6n1&qX_$TW5g3sY`fnkeXxSw#GbQ|ztq zxz4O~@@f7EQ_B+qys3>z0DljjreT4j#bRwNjiYX;j|rjIxetbles1+#onHzvpVPvM zCQC5SzM_d!#o@0qdrS^foF@qW@K%zO1RGn74++LBQ;OC)pv}@^rkCrhn`!4w(e1z7 zfkg#wo=k|Aq3h0flKboe#KsGO8&77Zk)iS&aZ~2o$$ZTw-PtCzxo~Onh$365%4o|H z`qYEJj-2tw7>_f#f~w(jwi!dbW{|HK!4)fkov$cUt!X*r6jr)5sbLlghG-?``G|v>ihEXF`@GV6&?4-z|5{rR_ z%uxw9B49xGOlQ5S%7IHtRfhUVaxN4)P3hJY%l})Ny*l7adUDgE4MyAZ`Xz?}3Y)o^%E* zJF3B!#;ShoMa)Eym8$Puf6|YVTMeR-0M*Cj*9>rqJt>O3T_Mo7V4a)^#Y89`CoXbA?6oD&1YX5y13hHLnErlGu&} zn0~i@Tfi0RZ{Muu1o5C79OaF7AklUUb)=ogF9rGrS3 zCx-&423yT<-_VRtt@hp#1Pg7ot>zrY&cI4siw3emfycdCCNY0PV2W2hDUEbimYWpZ z1j9pG9PLRKghg_BYo%d>$W;Ef)x5QKf_bb6+p-hS<~uDuE6e{_zyD6FD2j_kW$+{) z%3wB!AbOCr;nBwN+;EIqxX(%QTw6$Pix9{pxhLd)ux@SFE95>82mnZRL59t3a@t-5 zTO9jODZkir2)o3+)9r1sA57&0sp!m!r@=&E618+RkLLPDK~{v!1nJ90b_Spz#7(jq z|3E5fT9mF1#-yYytIXKtKm0G9)2rUdLjUwnIuPaW_#ZxS=A_E+c%cla`WHGfmiIlq z4Ug@JkUs)5k45NNE(?1L=`SEC<0SCk#x(a7T=&7D1tTYpF)9IHg}UXiMZby~HC8m$ z%LfHQDKv=f9L7s>C^6f83gmGz1wUF`LCipZA^B(MrDl>b=T}zzR}AQ{T%BJn8tNFw zhmBnj<)9f7(HJ=DgF6AIdy+^VCsq-%jDw&;s+_T8H_)VMwk|keX<~RF+r;v?F&GVa zQEK?H)8*7B_BsxNl1PAen9gny&6)No7%9RVdrUuMS1_&gqs0}(GpT{v%?!__8F7f= z0ey=}PPUu{5kte0wFrEOS_)yzAdN5jXVPRTpPTgEcd$@F=>7}sB=XL6B10(`JMw|? zgT#LUCW>dF2a zg}>T_quT48^KPdkf_GMm;$yo2!_B8ep4x6Fnc3>IH9R$+so|-1n#Q4*0jA=}6fKo7 z+5tZD0sCw5nYr{L*=k9Qwpca}b~;_9tB3X?D~t0bvBj(N*eYe%gMqJSU;@F}sbqmGL?zz;x0;=A=13vbhra zbVg~^A8|?>IUN*?gtL;t)!ySQ%$n8tXK;fjjWol49rM;hqnaE57UGH?PRM+m@ZUGl z!}xU7n8vy-foqmEv*Ypfv>4^Ma$2lQ2dP`GL)NV^>Y+)+A!Z^nnN92(NCI&;(^3l8 zc+Dh1@SzaRYYGT^W3uSk+QPz{gAt8Gd+uDiGY1TfNoC=+2|${5DnbPj=h6CM+h0(@&#i5bcL)8E?pH?%>ECeeX>@@I$kZ#4KD)-U^vy^QJ@FZ+?B+xrd zDKKw7rnQ>5yDZ!0xG~r8a|>uIesbl1(RHAiIJA`11PbK;_Cb43lK&45cMmr5|2m%a z%l~Ts4z+ur#s_3u)&>%}KPjRX`RnlyQD_7CfGJ}>v_u4XIfHOC7+h-j9Fi#bn-K|BdL<0E8+Wn%!ENUmcoQVY#TXUkZXc0 zOj@FrA%c46!~>OO1f$kGnAB%|N*uD2M$PR_iDhhAQ&ZacavPcsW{qM=F8`-4>dUHt zh5Fy#p~U~+@9%B+|5~2s)BiFzDAX#T{-Q-4THtb*FkX)!@#jg!FMktLBKnG`+GBf8 za?QIArm6{=ruAq;)SyUU_>PQU;_sU3c|&`#CdAs^*NSb5 zrtWL$W@9X#Ldy|Ccq$V^c zt!^4j@kX7W%UGM!G;g&3l$XFWloISA#AY$$xCsuh8gqaht=NYH$NsAv0FFfT$8JW-VY{@G3ZdZ2zI_f0(c7w zO2Nl-O2akpL_jqtPm1bBXu4IPVdgKL7Utj9vt@*S>f7mY;5nhp5xJN30MGYQC+zdU z3+|pqa|n2Z_Xu5sxg&>WLh7$y2QfH)Lg&yJ#V8c2~+5c!jmi{&(6 z3PXfs!N~%xp;%pbt?XN@C|Gn#tu$n4^DzQ_3hgmuY;%!d;-E>M@T;9yObMT1!^Ufc z>*BB>U9$eXqaK|!v49#8fnp=5uz~K0BBRtYpUEM4RSZy-{RcwExf4TN73C~)-^EJ( zL04M=eap;e5Q;JX`50t^Z$mb5A1$^mWew04R7TmR3DF&Y>|{>YqUr1lZj9?n@$WO*>5@a{*)nrR8wc~JCXVlre6mO?$~+-ln}xE)_dy#1k$Zq+;|Oc4X`?ky zif8FS&Xz*31&eU(L}KaWb*@<~t;{j`y==cMfTQo|n_$9}k0hx^E->MdZW< zf{@hXb`k8N@@rY&SwA~84j2v8VA;Sb9$e44BSDvGwo=z8Ih)6JH2t)0y2 zK+}q{Ci6(6XdZK~V1Mo0xc*KwmEJa;vGnG5;Wuh-ZsE{@B`BCI?nsuUD1<3UTy0VUI{K(Co9aWS!0B zBumTr6;e@qGYE1h{cEuRXa;NUTB5W2*5q0uHD8NsiIv&`xs9Ej=rU%A@7P^6Uc=`@k1>W5kGVa@XndPA*~junv_ zW*oOuGpIt_%S^Q6Kd5DlkNwN@&RPHZr1$aalSJ(?Fy!tN%`@MCK;B3!zqLKc_QYFj z3B8#(H;cQ1_1spIq7g;20s0A){h}PvUGVkxp#p%^q z@A{-)++DuJqv_H>?$Jt33Amq5I+vYd_>%FT*s*=$hIue4gpu#8&H|F(#58NXY8-H? zjI;+$I(k+9`hp38Odu3bSoRgFdllANfIlqBQV&7)qoUQm9&|>dpD%_d*FW`7d)nzN ziu6z7x|3M{I-`+2nYlg#j%aAgiBPGnTCi0R{}cwZW9frML(ijrht6&GYq4*A#KqHB zsFv{DJ5PBnC?>!V3yY?ub9#F5^L6iRaQRE_%p6nNRY#x6Qe2I4$dWo2+-pW-xCZxU z#^UVwOCa%c5xLh+?Orp&EJ^lCy)Km%G-tv=w)of?=~2X}mvW+pC`}{?AC9MP?2Kbb z1=pbW1#w#Yta})~zIF4YGnag44b$rR;~(}0r~NL@GkAS=aiX7xL?(_r`vHXFnGG?` zvckIzo1ru+K$6R81PZ~;(-pn8yi)eVL%BX0!;P{oN~0RcYa%w zkEdba2a5>O8M{bV4Q_8Ur#hKg9sP3N{XD!lzqlG*cQ4M)`j`2;%B*kGErc{j0Rp#feAEEF=K68uqj z*dJUHb;Jmj3_7Yd`IPRIf;wMo%b9!DSuJy3C_s!zf&6iub?~14jD8yrhxJTQyhWC@-g)QaY418yR4GC|!NszMAEd&Qkm%SW5Lt41I zpL+(BioiXdI%+1Dqx9gK+zG0Q^230;Jk>C=M%&1Mq@B`X@2CFX4JS2pZr!h?r}gS5 z;~t{LZG|2{H@rSMFNyk~7@nMG-%Whue*5Pq75a7kNv2=)ZsKbRgg#|DRJ>+vCoi`; z6r4Y98{-=u+soBCU`$Om?q%?Q)awkppRYTYmwJk&UdPA*YrwS~$D!&&2fcT17A5ux zfduKPmpRlk7nWPsL;Oqi=_m4KDU;53mP~~7JXTAt@>wkJUSh^!4IEN9=nz<#;vqqW zaH;EVfAG0CtPCuWL^$^cF4lGDQ}Ea@r(OU~w}%9#T;oK(cb#INXnOiv@0Vpd(rfN= za%wSIw&65%D#O;%OoO>c6Q2az5ZvKuWq2X4_mW0eI0&7%aUor~_=E+2BMr=k7F%9$ z2jYI7jZV{1_u~A#*9BWuvC5tF)eU^#8IxE6<+?lRk1F+e;zr}*PBV5$TKm-XodFSp z%)mVDpZ83KELAT{X_85UkYe&*fp0pum;JNee_foHz?r0j8sMGZVdOpy?o7NfK6S26 z`j-H{NlGYsa>y2j)BLA_lfn1WNa`-#fp&KI@-fpY=wg&ZnN~ zrWkv!;S!`n${-_YwR-@#0AtCa7gdzSl|M8C>7RAq&7gZV;T zWfpqO;)N^ac&)>BezWDwUq!BXirf7-gzo6p6Ea+HE3AP zDO%5?)-L+5E#0^^+|3eZuVf9Dnon53mCtE|znWU-oEnkxT+(>zJ~%#-juf=f<3H6& z9K}9sppF8hYVugaVAS-{69=;)kQ)NIA&`F{0y#ue?rJDxD157vL`uEZKqEz1)kLz6 z@u;a}D2?ZZkx2+Jqo$oY_b+}pT>^y|u(^F`hyxQQUQ(ZXjarpdI^qVtM=vFmaz5Pm`d$hQy&elj% zpGk>Fa|SvI#`jLxL>Lo3%>&nuS>4G^YqFCWiMc&01G3I2l?Ql}Sgb0;uc%(=z^-vt zD_kS7T){XiuTC9HBSLDlF3T=Ttt;XP**RzsCq*eYie3LMlgmRlR4#yml!rq<)UqM4 z@c&d>y;9Eo+*p)uA4b%Ux$##3*1*qTh4Ctg(0So|PlyAB3#Y;Wo*{O~CbCQ6>L`f8 zIF|^_?>^tyW^|$qeW;r(EPL+rg_Gk}cAh76vdp2LG!i*wFISRHJuSjDTo`YKwOT&z zicqs`{FNlB?8}S4QUuzcF#gJm2}QyYHg#I!>>_$3--#+>NgmzMCc@_HG_59;fm**U zobU+=5wRRSm&!BQT+61!EVTVQ$9e-h{735zLy_YT#$zRL0tp~TyKho7^8y$ z;7-5FYt7t@qK(1=mu{~|7gxh>@A_)kmsmsU(7~=wCf3N~?If?@A{Ft#giPQIBx!Yx9WSLU2q>e_diPy+ADM-wp$Ct@n~@{0h@*!A6F zWwWS4oSeHJGC(R=p8Ymz-q`d~s(|o$cbkom6ilersvMV;?JwuJl;i9&jpKPUE7QQE zcXi3IZ*pESQ&I4G{9Qy=u?~NioF11rtzfOL-`_>mbER{Ncsw70Q6-jX!5pKB2BAzO zHF3(5$MXiuh-jcO zByTFO=kllaW+(O)mr(+*`WhCU<(E3guef?j7z~%L=)~9{O+t0jf%+WjsE7G6wU%$1 ztsr-{R=@lpG+s@HNC4+uedRMdW0AN}94^{W%xe36#477!46<3cU3i{PmUz3|Hp_Jb z(6|63_#g~m=1knh?ASVUW5^r8Y_8sVu|9 zJI{7!s%fj}=a7_%$zXB&;#`m6RX)Sf0{SMMh(whMvcAU!DIk{|qeN1~V}>IC41QjQ z4!nSXlK2Q)1l6Plnb^mvc&1#X0 zn?sxi_-gE3{nMB9w$yHu0HU+hLhLY#5@@(?b78U?cV2K~dubu^TOm1e@cc!1c-MJG zes^eJJBj@TdyV|1>a*M4-90=wuy%KM+eh!)@Gm^<-@V=UhgSRG@csM!gQKH1`o7nG ze|Yd0YqxTbC7uPG{QYGYU~K1=3xgoe`z{U2sujr9J%AWHKWue_`BUiLO=Ih07}yhp zo_j9kg*V^6s zVF%&b7Tv~0;y=>x5aK0fE~W)Y{GV|C#8R-u^Ldr_A=p2w=pgVbn%iSa#)gOl*pbsZ zXRk%VmB$&$Hxd}u4kxKrNDo-?=X4*FTBjM7C@6&ojJnwKdFy_0*_o!Q3oX$O2-~{`$`3akHjy&)zrjUfV%jY8-plRs0lT>*7NaEvESazg9(-5YLt)C zMwRlSQXtAVUQ_XOX2;_xlSS1MDmS8fQZ~=Zo+ACfId$xbhbaFNhJYgb|Izzh zN&ny5+uh&j|Lb^OoBj_bDTb1NP#XZR7xS!D;X}#zU$RNf)Nzg#uG&6O5;7%UtY`!; zVI9b^4W!r*e20uI2qm5d!(MCahH$re)@zjA_hOu+I@J3FI^iykUKREE- z4J~^zL1>MnX=}c?L6bLiCf02b;?|&MWZyehaEt#AAXS1jNQFAwh4bL}){TQI;WnS% zqJMFW&>yYHg@a*uiQ6OH2B@$FZbk5CYNg_XQX*U~|CcT{RCNR>;Q#ISi06y^e}Dh|`wjnJ$McfT|1%3Nc%beS)l&Bg2;ld*>f95Tys$eV#8@oDo?K9 z#90Ohe{CgY8nV;yhAGs?6qu&=vUC7cXT;P1JoB8qzXrX43qWtU<+PmL&5ikh?!Qc&5Gi)AoTdFMkCC&0nIIFzYLwA1%eNH#O)Mad7>7x1~3<=2N* zQ{7<8^k5!=EOSAD_N%%{m$SXo`nN)my!D{20W}m6)(|WS!Emd~T_&o^{-PXbTattuhE3&>kw-BS||Iv~+zQw1A|F?G!ME>7CJlfye z@c(r@>*4>{-#VYKBb194bFgSQ6MW#BPy+NtEh`XNVCSKIgIIh!6#-b*6ncJ;F8~N; z``3B9>^1UKME@RK&$)xRLbtXTfhUm=3$s;7m2nrN=?21l1 zD`hKyO)?~17s(AwcT&g?1*7-ZVqnm8{(9{VbU;md`uG|JB+WUXv_$_5Zt%>JX4o&~ znP6^B;e0^UpE0gQ599iDdksWMgf(-7t5>^E2f3_vFX11WS)629I4f4>12J25)D(Kb zpT4p;CM%z6(1hbTF2=Hjm(lNQfTsqa23Jn0SQ6!o;S&xM-10ShAXLNEN zX8p*?0Gy}z4Z*u{KjI$5t-8W?z+{~cR7XOSMs1?WX|cOa)k8(C-N-P-w^qErZZ&bm zldcsHlw%w$+BjPJC3>#7u(IlLBXw`su`S!S9)gWGn83nRa_ z|DB*np{^*PipGGOSxUEg;wWX`{%T4ak1w#e!6-0l-+yabaM#*z*lN;h=v|h=S5+HT zt5m^ohb#9)kq5QQ80e8)2fHcr2miev{n?4BaM}G73RAGL?(niG!BsA||J;sjK7P{$#4-WJ3 zJ4r)$PHX<$tl`eD`9KlDUx`fd3yS#=-OL%|n&8^wIAz$L{F8;uM;ADuVW6{dxFkI! z!7)hj9jVD%ie`Aj%4IKVAlzy;llze!N22{h2P9|jtI=jH%kI68$GhM*mKB3|7G#UM z?D~oyQJVxOOu7!Xm)mlK09I5m|LT=)dnyM~;C02L$`m+Ln>XI{E(cm1+0aAZa3pbJ ziF7sjqQA<$N4y1AUp8J=uJ}}Z)=QCj1W$ER0F`LKv57yHrj3|Kb*N}nHf)PB5^|Qq z(JRiVVDRHAF1JOP132vsH9zA4=7N~j7s@5eGfBI`MwkRniW`A)41m2zK~T7u9;Am1k% z#nA-Wi|C@1(yPqmkgW*N;V76NxM8g1HlP~l{lMZ58)UrwC7G+|bi)rcw}ad__*^95 zGbEtQMZsZ9QPLrwHGk_!vKS-(FIQ-3$^-@$Gvn3Y2>>?*p6(6F3vOpy|mCPv`kch`>oX0ZD{{^ishZS(CLF@;|~(lf2;t=R@XqGg?x)h6~2S z(1M#Aa4^-O1?PtOkOEe&1(4ATg}dghU3OC|Ss z(B4)!?3r8aw_}?7Odk-uL_``J3Bn%1lUa_)8D?Byp>5Sl1^gYGjY>C!Jq zyAEPPC<9orFuFcV4H z%jpS~O6cXfUV@e5-M`#Q`pvo?*#b&;-cZtq@~jXm6ql}<0M7sIke11~oW?#? zYYXnSl-*Dkoz?M@kGMLBPY|98FQYFCQI4=zmT-?wt&$gUt)Pq^sF*lgZAcHH;9L`i2DsFn zH4LY|XfzdIdauU7wAIxT4o5yPa_+Fy(Ee|3=}KVa?%~7B(x1^SWq7@_*Q&_`qpj`K z$c4(rtp}OjHa>6>nT6W&wxZ-Vv_7G17e>C|xDqzUfTBKht|@SN(jFgkSFBqM#`8FM zu8RIXOHNg~XF6`!Kx>;qdy=)g+*Wuq$Z`y|2p0NCmZd2;Ylc21?g*klhk!vPtm?Oi zJT|-!9~S=h&vL)D1x4!4yYj?1>8Lr2>F~@-cVqt{Q#)ItOiiQse*g;x zqnCC{dO%LfxJ~STC9EiYzb}!Btbe)Zxjb_ugMG_QV5WqsJPFDU8zBzcW%| zFsF46cuQO#)FkoWDc9H|I}}z~Qd$^Z zP$aSVbAMnzN2|5)M;rR-0rzA1QH@hh+0mUULitmHnm~v)QJwo&Pa~s}l*Fsbb=UoE zlRHD|_p=Bkhu!>LXvE^(1)Ea*G+CZ6-dG7VyryQ?4}<$90(5x`oar_+{TfQ0;g?Hq z`e8e-eBiLeolVjDP9JAG4$;!z_X)u<@&!JspC(xePu=sH2n=AZ+uqsB)|}}XA)ores5<@3 z;vXkNvwJyyQ~CFiN8V>Sn5m?#(`;rRRdM#bp=ApQP!#EjNfROkc;7A7qr{W&1VH4Q z;wkghxoUnaPRY>*^7%)(5XT-X9Qrf!4}?p+L|u?)}wqSDReJ?(_+Wo8VM3~f_ zm9$ki6K*USJq z>X(}N|EKZw3!O>k-%{hC3biVGAMJmtPF(coU<;xv&qu2*tm8KrTcdy(<5GUG@ za$k^SyY)Swr9wp%V29oKlWOPv5^KxRK_B$RV`(fkspn5y{7p}0Ot)uHf9##go7WV7js7>)O)NUTUvw(WGYZSA zNXen{uxdJU_3aHGhl*3q02NGF@;`+_64N)4{=C5yT;6g-U+K`Eu(XUvU|D#0#m}wc ztUZC0j%Y@z|9LCi)QUy37;buaazor!$t;1w2|ml%N^ z7pwn40po6sr%%=R9n)2C{l?%aVZNOL9(X)qq%635Gi~E|D1a<9=%0z=84y;5s*U&B zFBHK0VMB-dt8gQntwj^_mC~|XXBNAmz0q;9QrlZj+Y6mbKE5nz%!5jdz3~`sv(%#< zt~?Ugl$1h@K%pXDeSST{a0RCd(TH9h8vB7~Uc|Uzd|h*oM>g*EPJF z>9xsu;O|PsHumDHtKy4GCRDUey*6&`?)3I>Fu1(BYKh%y-PQM4?G1ekmHMB(eoIhP z=+o$uaohE_@i%%z?*&-YWtWp7%8=)Fv50mvSbGQb;|2g(chle#qr-h+^%V!|5ke(^ zxVlHkPMdJ1G317{Aq0sah%a$@*}~!O>8PB~?S0Jh(U6P$a7E;M4cm!}&{KwY^=37( z+bri+!O+4BL$i3$emOpQLo*DaG=8SIZT}Io41f#`YdWuMSWb=7hUO19!wvaYwx7Ta z35#0$Pqyb&7V~{sR3Ns(G|3P$5MQU5%h5{w*b*HINRDiiE>93i^*sCKq$%eVgXWp+Du|IH9-1eH-coKBWG0YU~w!sqQt< z$@mQU4mxQag^WnrA(#_kbkh`bRYOjPCWQA=9^S$3W30cNL94=1RmDpiA-Eyg)Q~h3 zLpE%z6c01s2PI0TW2Ytw|H=^Xo`4{Z#G|EK;6!S84+syBOl-jRMb5Z~kGa!aYo~0f zQR>{Y$Gu~Wzwl;(tI&~M-(@H>^StwWUhnTB>!3U>XtU!-%XS}P|tXJCp z>f@Mn=U6NADaoo;s)CcP-pcu&|Mu~?B_}qnD!ih@=wGC72WP-(+Sfs`zpgxD!v3GV zUpa>94Cs9s_|YBx*&A~_lLri>j5NF>o`dSM9^@BW2&Okip#HOImcc#hy=+8G1Dlh8 zs?HDkUwJ&Nj5w=sX}v)ElGt`JA^H)=$OTnK|5}TDvGLzDZZqu9(M(L>aUGH(kWPXi zg;vX6Z&N!K%reBtJqeW1N+}Y! zpyQD@Pr{RA$l92)--HwsP{uBr&HJZ19DN*c?fMCc;>G^DZgXqQ?<;GQ196{`MSbj{ z4fT~C-AzA(WasK8vv8LNNRKCJ^4VN3tIyV+p%aKG&qF1zbU%kAwnh4xxl;zQxIG*O zW`|d*KGu!TpUhlUYJ>1S7_(}VSk6v`MAJt}x^mHH+D#EaB#wd5Qmh~L#DungfzA9( z^1vCkVb!3i*K#xs2Y??|8)Pka9SYXt#>g$5o|GMTwaii|W;@{+$!=|Rkv!G#WJvhp zka$|cCzz|?KN($+|0&D26-poue!#rpB#1*#a9U01v;!bFp2G|`if-I&m;gtC8m-Q}ptOjo5@X1%+V=qJ z9ULrz`9)gvv(9ftdFlHd2chTi7C+z_lOnB?Py6}TBu98MA1k}B6B?HmB<+IRSk6Vv zz}ILB>PWTFCidk`#m6|Y2{I_|<*2r+Ut02{-2{2%L?*Y`22`bjN$cT}?60y*iL1Fh z;6d4{LF-JG^K2FI$WA?Elrm^|&7KAo4Dcb)89bKa@?vl&1FbL-YSWbp%r2fGaR&Qk5hHy56zExD6Y&27c?hzuJ%zO92|vjppi*1(%zsxj&s@tN}XGSzVo4@u>L z-%?ECps};J*%OW3M1EI zl`N6ocoON51MpQ7_8B5Lws?3CrJA0zM!r_r>iYB_DwiY2Aq~RkTjb5=t7L9&&^OYV=kAK{@<90h5 z9N%%<5sx?mVqzERQThTvVK2JaKrM}V%!(5xBIpcfH+gVKDCiBJJJoN%A~Gza*^Hs*d}0@_oo|v{DWl!cn-6`ESJDH1z3?_x68xi!=gV@90pYOt z0{uk^{S~&Tf=-N+c2+wv&Ck!EfS9i_Nw9ean+kET4;YDpCgringZ-O2cn+73N8K#Keo&>$34}fUZ<81 z2slj|!C~+Ih4=FyBHCFE+Z)RZyWfV!({umCRD-s6Mg7$MNWVV&F&D9(h`UQC)B0bz z5kcDFD6GpOCodnmyb;8R`1`}TxWi1qZl;l}6&t#e(e_;D-Ep~(QbzRkNp*AZnB zcKzwcbgxUxnKK~AngpxEM9b&x1TNS^?TKH7eCDiAY|E8XsR_SCXKg}A8SIDl| zD69ghHFPI8TQ`bJ8r8d9M^Ce%5ZEDRr58QRwo(3uhe6(07qQV13ILM506 zRHodA@kHP%9wQw%*0W!i-!@{oTD9s6Dy|B>RjvP0R4e^b9L6DUgB^%1*c zMn2aK7k+gJCphJkC=-9TaVk}CyO>UY5{w_<%=;)O_l+S&_0MWH4^XsH+}7!2#V=pq zlT}<*jHxUyKN_1fBltFv>?3UPX9=_A{<0ftvoIg;>qP+nZPN6_H;$qj5uHdZtu0af zZu!Vp9V#_=ekk?@bcYtVU))H@@36yE)1yAS45b2wpDLCqQwcDkKJx=$K4AiDcE_A< z1G##+5Lq875QHk&W5a0$oNU;W#-Lt4_umq~J2M<8C}#c)0o<+}C1X%pIx!>-lYn=n zt*fenN-T%t9A~o$`y>(^iBmWw^FkY<0z^7O;>qI4WDb}sD6@@zrY=!eIdDPdpjV`1 zy(yo!JtL*!YM?<&hMCM&i518aM~Qh>?}Dk4Jr1-^5v|-9^E1dyzVQ){doZMku7${PyCg7Sam1CmcmE^@_s*jBaV2ZB-)h! zSElQ42%!4RyIzvi3L3@LrxA zoY^@1non(|+}8G=v&N!-_b?b;7(fK$3dC@16purZFPuBQ+1qPaSDW%Lkhy_+6VL9) zK%^G?6K;M_*cOCw8Am5NF%lUr*+9AQ*mJyrb%RO&w`Cm^tncc9wsRg8a~OI@zeT7# zxpI!PnScS^BF4m3C=gOJ#OPb+a{k9^P`Q(RKQXh|V7$kKL!^Fp#6kOxvOGLR*yvY! z4YVy+0Ml8Fw&ZKFfE)Ex_HD>%7@Dyy znEQD+$8)$E156ry<3$Hvaef)(<1p{`O}gI(<2N;v;vMd-iv^`N>`m8vjsK!+@TufO zpQ?(@3o2ZSN~HsYAUJ)Bqt@>a&ewm?n&@|guLT1*X2cCi_(vKWvDmU01fZ%e1Fpc+ zNoy*=!GdC0cD?+!A+E;JCa;Tg;gN@Pa;cPC$jA+EdLFwL*hXBIwR<~WPgO=i;;aUU z7h#15K$Pw$cD>d6=MZF~LVELYno$S_(;-CWN^JY#b?iQVy8EZDCRA9#bL?CCJF@rN zW#RP8HE&Mp8Sn`&K_E$x?bEo(NBQNTJ39>N%31+RWR%Y&xHpY z>G6qsBtxN?1OqVBVW5oR#M9;E`{Swb0I2oN3M`~{5a{PFln6v-1+jbn`nQwg#%~T5 zYkxVM?Fp>vcyL-6(wx4jxSEk{Irm&;)DOAqAYuD#zqe(ZxNBy}Z*zOdPk*xUCvXM@ zR#p$gooo^rwPnr&q?p2ULrVtK7hTAt8jTAD&FgngjcahQNTobOlgS+REj!GnpP`4& zlOH6hE1k~9J9_wx)`X4Dg%^*Y-c{77LqmY+z@D*pPlO2qLm)|QASvysP(s=qX9jO1 zjh+V};sc1l<&yUAT2b0suTYZBBzg^NRI`Rg~0O();0_Dxq9C=PFKSgTOFoL9w^tu6o{OLx4 zSJbCq4gIjPGC0JkbSPB`T*7>RVH$q#W!MH<6JLI9D6Bp9Bz@hMynQpK_1)GM7UT~* zVs|9}I;-0@%~Jk5bDb=Ufe;4?DKmGRA)~cmn84;80O1|PrnM^PdsK7ZX~JcH_wr20Nhw-F!SkO=fkEnOXCjH zjY(ZevQTqPM{?4xGpTXl3=^Ywp~gE$>TbFa$0Yoy zF{^PGhZ+!7!|hOHveuB1szp|pAR5UL@VXu2ns7<%Zo)joqdt9I_D^q@H5A+li}Eoy zT=Vo+kgij@xM^JB5sx0*AI8IP7Y!!G9N>H4E$njWkLmVucHqKGA-=ylUTC|Qu`|xu zlyIUnr#)O|F8#%L1X+Rhx4Q6&t2A`reYWBZfq5_%fP_Dvlk6J-)d6M>XM^A&<94wJ zeRHb@B6bdSJdbz0Z!|(-Qv+ivbOs1pEeJa9x%aL+@@3%TnfI>Xb?6G zgpA1*gp^2xFa*Y5fToJeBNGb4MV*6L#JAaA@4F9>+A*R&CNI#|X*FaXBp0!Pi7%ZkIQ@Ha#Bgr3 zIzLC7wHDhF?KZdi7{|&QWOF4%9uh1QdA$=Zvs&Rulm;gK;8`~*7FjayJpnR_6{Crr zI!tnotq>wgJL+q^uZ^b!?`X^wA}4tj3Z%50mrv*A&7O~DI)SeP}+vzc7sS$cu1CeB}^y{zH5~= zy;8qVtG6(&S#QCx@kP=8YNYZPE3&9!XTPJRz%q&FCTd5os6xAqR#U({VB=LR;)MHd z!T|_`-HRi2hvXmEQPhNIq^7nO)82X+mbvZ_io?l{4Lr`UMUM9*^>oMjc)9}ig)4M{ zAUc9QVG+E?d_FI)0)B(^D^ieDxFGw2;m|qy31*`WO`H&j7e8&g5mg2#5zN__l?nE~ zY|oxb_R5TenOrbsC7DaJ^}rZ$H<*W{C2Cu^{B~K$f_gkCy!2wTTfxPsY4I{Q$0l%=Me6sWnIhSmM`@=E>VbzU!0Dx9& zTr;+O_oa&qRIz_9-d0zJFh-fUZ>8d+>38CL7i!YwI<3} z>@Jn=DahDN1FQrf&TsKqT^0b>m*J2 zkhwFwkD+f!Zy1Q{MSSWGJXa@R6P|E_^s-`{iFlFiem~=zQzMOY))QUA7)BinU$l7O zK}GTnpprg7Bzo#a(Kw4Pi}>h4(wyw>!?W+C89B zqYfi%w0BGJb(m&@Kqzw}Vh)f^Yh6R>7ue2gVt62nGrAXA_;bIcIB3u?_61(HTkvEv zEq1mg6R3}Q(HD>l0(Nkrc1WDuEw_s?!Y%TWD-uw@F47C>gRCWA(=ybZ$_*9b9I%s< z!7@FATK~;HndZUKH<6uIy(?DY&XeqfiqmKS*5i;U2$DUp*N_{~$cd{xH)hK8^PLl1 zWBA^$7zn)?!r2bqc=kqo`Sj0BbFw)CG$x$!`VbnPRL>gCq2eiX@UE1%i1|9wR6D+s z$OoBHQX}q5>oluppAalNOT(1GugM4*))!GI9iiohyTR9k0;5P|r6?ft&GV|e+mmzV U=nuc=3=o>%Sq%cD1qS5*0n_~|0ssI2 diff --git a/values.yaml b/values.yaml deleted file mode 100644 index 55805f8..0000000 --- a/values.yaml +++ /dev/null @@ -1,333 +0,0 @@ -# Default values for longhorn. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -global: - cattle: - systemDefaultRegistry: "" - windowsCluster: - # Enable this to allow Longhorn to run on the Rancher deployed Windows cluster - enabled: false - # Tolerate Linux node taint - tolerations: - - key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" - # Select Linux nodes - nodeSelector: - kubernetes.io/os: "linux" - # Recognize toleration and node selector for Longhorn run-time created components - defaultSetting: - taintToleration: cattle.io/os=linux:NoSchedule - systemManagedComponentsNodeSelector: kubernetes.io/os:linux - -image: - longhorn: - engine: - repository: longhornio/longhorn-engine - tag: v1.4.0 - manager: - repository: longhornio/longhorn-manager - tag: v1.4.0 - ui: - repository: longhornio/longhorn-ui - tag: v1.4.0 - instanceManager: - repository: longhornio/longhorn-instance-manager - tag: v1.4.0 - shareManager: - repository: longhornio/longhorn-share-manager - tag: v1.4.0 - backingImageManager: - repository: longhornio/backing-image-manager - tag: v1.4.0 - supportBundleKit: - repository: longhornio/support-bundle-kit - tag: v0.0.17 - csi: - attacher: - repository: longhornio/csi-attacher - tag: v3.4.0 - provisioner: - repository: longhornio/csi-provisioner - tag: v2.1.2 - nodeDriverRegistrar: - repository: longhornio/csi-node-driver-registrar - tag: v2.5.0 - resizer: - repository: longhornio/csi-resizer - tag: v1.3.0 - snapshotter: - repository: longhornio/csi-snapshotter - tag: v5.0.1 - livenessProbe: - repository: longhornio/livenessprobe - tag: v2.8.0 - pullPolicy: IfNotPresent - -service: - ui: - type: ClusterIP - nodePort: null - manager: - type: ClusterIP - nodePort: "" - loadBalancerIP: "" - loadBalancerSourceRanges: "" - -persistence: - defaultClass: true - defaultFsType: ext4 - defaultMkfsParams: "" - defaultClassReplicaCount: 3 - defaultDataLocality: disabled # best-effort otherwise - defaultReplicaAutoBalance: ignored # "disabled", "least-effort" or "best-effort" otherwise - reclaimPolicy: Delete - migratable: false - recurringJobSelector: - enable: false - jobList: [] - backingImage: - enable: false - name: ~ - dataSourceType: ~ - dataSourceParameters: ~ - expectedChecksum: ~ - defaultNodeSelector: - enable: false # disable by default - selector: [] - removeSnapshotsDuringFilesystemTrim: ignored # "enabled" or "disabled" otherwise - -csi: - kubeletRootDir: ~ - attacherReplicaCount: ~ - provisionerReplicaCount: ~ - resizerReplicaCount: ~ - snapshotterReplicaCount: ~ - -defaultSettings: - backupTarget: ~ - backupTargetCredentialSecret: ~ - allowRecurringJobWhileVolumeDetached: ~ - createDefaultDiskLabeledNodes: ~ - defaultDataPath: ~ - defaultDataLocality: ~ - replicaSoftAntiAffinity: ~ - replicaAutoBalance: ~ - storageOverProvisioningPercentage: ~ - storageMinimalAvailablePercentage: ~ - upgradeChecker: ~ - defaultReplicaCount: ~ - defaultLonghornStaticStorageClass: ~ - backupstorePollInterval: ~ - failedBackupTTL: ~ - restoreVolumeRecurringJobs: ~ - recurringSuccessfulJobsHistoryLimit: ~ - recurringFailedJobsHistoryLimit: ~ - supportBundleFailedHistoryLimit: ~ - taintToleration: ~ - systemManagedComponentsNodeSelector: ~ - priorityClass: ~ - autoSalvage: ~ - autoDeletePodWhenVolumeDetachedUnexpectedly: ~ - disableSchedulingOnCordonedNode: ~ - replicaZoneSoftAntiAffinity: ~ - nodeDownPodDeletionPolicy: ~ - allowNodeDrainWithLastHealthyReplica: ~ - mkfsExt4Parameters: ~ - disableReplicaRebuild: ~ - replicaReplenishmentWaitInterval: ~ - concurrentReplicaRebuildPerNodeLimit: ~ - concurrentVolumeBackupRestorePerNodeLimit: ~ - disableRevisionCounter: ~ - systemManagedPodsImagePullPolicy: ~ - allowVolumeCreationWithDegradedAvailability: ~ - autoCleanupSystemGeneratedSnapshot: ~ - concurrentAutomaticEngineUpgradePerNodeLimit: ~ - backingImageCleanupWaitInterval: ~ - backingImageRecoveryWaitInterval: ~ - guaranteedEngineManagerCPU: ~ - guaranteedReplicaManagerCPU: ~ - kubernetesClusterAutoscalerEnabled: ~ - orphanAutoDeletion: ~ - storageNetwork: ~ - deletingConfirmationFlag: ~ - engineReplicaTimeout: ~ - snapshotDataIntegrity: ~ - snapshotDataIntegrityImmediateCheckAfterSnapshotCreation: ~ - snapshotDataIntegrityCronjob: ~ - removeSnapshotsDuringFilesystemTrim: ~ - fastReplicaRebuildEnabled: ~ - replicaFileSyncHttpClientTimeout: ~ -privateRegistry: - createSecret: ~ - registryUrl: ~ - registryUser: ~ - registryPasswd: ~ - registrySecret: ~ - -longhornManager: - log: - ## Allowed values are `plain` or `json`. - format: plain - priorityClass: ~ - tolerations: [] - ## If you want to set tolerations for Longhorn Manager DaemonSet, delete the `[]` in the line above - ## and uncomment this example block - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" - nodeSelector: {} - ## If you want to set node selector for Longhorn Manager DaemonSet, delete the `{}` in the line above - ## and uncomment this example block - # label-key1: "label-value1" - # label-key2: "label-value2" - serviceAnnotations: {} - ## If you want to set annotations for the Longhorn Manager service, delete the `{}` in the line above - ## and uncomment this example block - # annotation-key1: "annotation-value1" - # annotation-key2: "annotation-value2" - -longhornDriver: - priorityClass: ~ - tolerations: [] - ## If you want to set tolerations for Longhorn Driver Deployer Deployment, delete the `[]` in the line above - ## and uncomment this example block - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" - nodeSelector: {} - ## If you want to set node selector for Longhorn Driver Deployer Deployment, delete the `{}` in the line above - ## and uncomment this example block - # label-key1: "label-value1" - # label-key2: "label-value2" - -longhornUI: - replicas: 2 - priorityClass: ~ - tolerations: [] - ## If you want to set tolerations for Longhorn UI Deployment, delete the `[]` in the line above - ## and uncomment this example block - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" - nodeSelector: {} - ## If you want to set node selector for Longhorn UI Deployment, delete the `{}` in the line above - ## and uncomment this example block - # label-key1: "label-value1" - # label-key2: "label-value2" - -longhornConversionWebhook: - replicas: 2 - priorityClass: ~ - tolerations: [] - ## If you want to set tolerations for Longhorn conversion webhook Deployment, delete the `[]` in the line above - ## and uncomment this example block - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" - nodeSelector: {} - ## If you want to set node selector for Longhorn conversion webhook Deployment, delete the `{}` in the line above - ## and uncomment this example block - # label-key1: "label-value1" - # label-key2: "label-value2" - -longhornAdmissionWebhook: - replicas: 2 - priorityClass: ~ - tolerations: [] - ## If you want to set tolerations for Longhorn admission webhook Deployment, delete the `[]` in the line above - ## and uncomment this example block - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" - nodeSelector: {} - ## If you want to set node selector for Longhorn admission webhook Deployment, delete the `{}` in the line above - ## and uncomment this example block - # label-key1: "label-value1" - # label-key2: "label-value2" - -longhornRecoveryBackend: - replicas: 2 - priorityClass: ~ - tolerations: [] - ## If you want to set tolerations for Longhorn recovery backend Deployment, delete the `[]` in the line above - ## and uncomment this example block - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" - nodeSelector: {} - ## If you want to set node selector for Longhorn recovery backend Deployment, delete the `{}` in the line above - ## and uncomment this example block - # label-key1: "label-value1" - # label-key2: "label-value2" - -ingress: - ## Set to true to enable ingress record generation - enabled: false - - ## Add ingressClassName to the Ingress - ## Can replace the kubernetes.io/ingress.class annotation on v1.18+ - ingressClassName: ~ - - host: sslip.io - - ## Set this to true in order to enable TLS on the ingress record - tls: false - - ## Enable this in order to enable that the backend service will be connected at port 443 - secureBackends: false - - ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS - tlsSecret: longhorn.local-tls - - ## If ingress is enabled you can set the default ingress path - ## then you can access the UI by using the following full path {{host}}+{{path}} - path: / - - ## Ingress annotations done as key:value pairs - ## If you're using kube-lego, you will want to add: - ## kubernetes.io/tls-acme: true - ## - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md - ## - ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: true - - secrets: - ## If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - # - name: longhorn.local-tls - # key: - # certificate: - -# For Kubernetes < v1.25, if your cluster enables Pod Security Policy admission controller, -# set this to `true` to ship longhorn-psp which allow privileged Longhorn pods to start -enablePSP: false - -## Specify override namespace, specifically this is useful for using longhorn as sub-chart -## and its release namespace is not the `longhorn-system` -namespaceOverride: "" - -# Annotations to add to the Longhorn Manager DaemonSet Pods. Optional. -annotations: {} - -serviceAccount: - # Annotations to add to the service account - annotations: {} diff --git a/values/badhouseplants/secrets.minio.yaml b/values/badhouseplants/secrets.minio.yaml index 33947be..76bf4ef 100644 --- a/values/badhouseplants/secrets.minio.yaml +++ b/values/badhouseplants/secrets.minio.yaml @@ -1,18 +1,18 @@ -rootPassword: ENC[AES256_GCM,data:xRKU4TSiXrxO24ngzxv9WXMT+Zk=,iv:IjhFM4bqeuBQK7f5qdoVi1d09JkaGXBxw6sQ0UluQdI=,tag:6UNdCNDP7m/NHciYNcM0FQ==,type:str] +rootPassword: ENC[AES256_GCM,data:590lWmGK19hcFCuTIXgV5aXyJH0=,iv:T3KHE21UnDNiePZskMyf0FKiPlHEr9tO/QoRO9W3M/A=,tag:HvZFdLADzd99POGZeUx4zg==,type:str] users: - - accessKey: ENC[AES256_GCM,data:rKj7B4kq7N4=,iv:kw4tXzFM/Ff1qu1oKc5kwUG2cxaF3fMbQ1uvWkKuPFU=,tag:63Ci7t6X7uhoIg68wzZEjw==,type:str] - secretKey: ENC[AES256_GCM,data:GZeM/jGs1tHJMHhD54hibWiHAg==,iv:ddaPxZ5HX/KCuOFB0fGEPWF06xo5f/mct/3qXcrUoU0=,tag:rYlgfRLSLana0/0DD2ixhg==,type:str] - policy: ENC[AES256_GCM,data:y35Cf/1PDD4=,iv:l2HpLgBHH2P15bNiBVAK9KDnGv8qD7m5Fk3ppOLmXsM=,tag:FFRS6rUoiIy9uwbGV+zsJg==,type:str] + - accessKey: ENC[AES256_GCM,data:C8j0BB47C+U=,iv:9YwkZO6QtJXJ2vo6HF13BOJ3kjueEFGt+L/yHTLykKo=,tag:u4Ec+XC/JMjAkAVMNaiuCQ==,type:str] + secretKey: ENC[AES256_GCM,data:Tf5vlbvmZT1XPKbAOPW8IcuXqA==,iv:GTKyoyCCqcZkF6VFeutMQwdtL1EbkMHTs50LDTc/Yyc=,tag:3jxedHmuH/RdYzLIDag1OA==,type:str] + policy: ENC[AES256_GCM,data:7R9brCdGZWI=,iv:JPgs+Pe8yluwG4YcY2Zo4yFL0DCIdCVrosRgDODIUao=,tag:NnBPmPzYSjh8ClEnMc711A==,type:str] oidc: - enabled: ENC[AES256_GCM,data:AULTFg==,iv:bKvMfypv40rmWcOMT24r3C1i2taJmf520sAo1tsl5tg=,tag:vTp1Wjxyxn0bRy6o7GP8Hg==,type:bool] - configUrl: ENC[AES256_GCM,data:WWJo/0V1n9oBfWAnq2k6MXvKEQu1lfXj2dKWyJAdv5AYkXd0CYSYBTSjKeD6WcrJTM3EZmMOdEvlZXoc2GP01uSnHzYlOD44oWK0qyxyiO8fsKbfn8aQIUY=,iv:cuR4u/8QxlYAm7TzHZMOEy6CzPfUiEhBVV7hi5cpfMA=,tag:/nUzcQPVE9BaN+uDLpPEkg==,type:str] - clientId: ENC[AES256_GCM,data:xPzyvDU=,iv:HUKtVXQAyufvqjOlodme2PfVplw3fZo5CboZwj7p7Qw=,tag:oHsHh2U/CyVU1Okz129JqQ==,type:str] - clientSecret: ENC[AES256_GCM,data:jnNQX0BZYaDnCHOhO1fY1bmZbAh5yyjCdSc47CZboku79u5ZkUdZSg8yCHyy9OU2ne6e9fc2bwCzUCAlrxQDqKOn0fF9M3jARmMhFwdTS+cF2EE2jH25+eV6Px0/UFaQ5zEy7nsp225wFrW8NwXn21hGQH5HNqo7Yo7tjzgzgRs=,iv:Tq7XPom4uGuaWtSjZ2aEw5ngyljAZg8qYQp85MrUYEQ=,tag:zuRyqFAI5PPRjRk4DtmRsw==,type:str] - claimName: ENC[AES256_GCM,data:BR6a7Ps4,iv:x219aNeYdfvUUmMh7Vcax/BAWs2jYzi8SFibszJA4bw=,tag:9xnaWC2Ih3eBgf70FqXRZg==,type:str] - redirectUri: ENC[AES256_GCM,data:TS9kOya1UT1DXXZqmB7DfC6l2p4kE2+rl/kTJ2+r6oyKg0pEfz6pRR5WOycDuJU=,iv:2bHQ1bP/YdcPGd4RVLB1SIolKL0yO7aprf0228FBdSY=,tag:vpNAReeyMCTQkjy8AsmV/A==,type:str] - comment: ENC[AES256_GCM,data:pFMsVTLEeHGSpHUBqWcLT6NdFvM=,iv:cecmL3rCVgNFdHl51/OOWj+n0dsAldznhgVflhEuW8E=,tag:u/epLP/ctnqjrzZAZhCSWA==,type:str] + enabled: ENC[AES256_GCM,data:v7bnBw==,iv:JJCvuhtrSYrjznP5iktZ3IQ2fNGy5heuiFPrTiEXRjc=,tag:K3dZHT0WtM8eQXPnD4mcHQ==,type:bool] + configUrl: ENC[AES256_GCM,data:8Q3qOVbAwKhDjoGGcmALPpIaJSpP3JHTRD2WooZdVbr74j21zVOJLAfiWIEtYfKa2sjPAVsmEIA2Pi7bddPrHHm9Tbiai3x7GgjWezSnJMYRko64rHaWcks=,iv:WrI3sy5KkOjHaJn4kHVRtqkTMoJ27eni0a7njN9LkdE=,tag:Kb/AneWQ6ilkKQsKneWUmg==,type:str] + clientId: ENC[AES256_GCM,data:qmSdmlY=,iv:m8I/9JJ+GUdHC+oLqQm8Bd03V0HDpotfCWMVFQUZkIg=,tag:4CI7n9zl+fuddvvCFy0WBg==,type:str] + clientSecret: ENC[AES256_GCM,data:p861qML6DA7dmJMct6HUTjp24lB55nK2XP4bz1XJRoA9jJ6pHK51ZO3AZTu6uPJzGbEPOlS9IseHXfFhrm+/qsOX8kBKd+KNxgpEei5DX9VrWPYXUVEUnAWChePhcLaNQmOGbDaYQL02jvhtxWyhU2y9acQK82XUJvZ4fphJXkY=,iv:m99GKBMRa9/NZ3CnNEhK6OETNkwvEWk5pgsMq0D1JHU=,tag:bXyUCw37TO+2TbfI2OCDlw==,type:str] + claimName: ENC[AES256_GCM,data:TTcLpDYT,iv:UB4CnJzBAhZoQebnw+lwnyU/VblUp9ZIJAvBm5tcFlQ=,tag:rpA9bUmAwrkjNwWmm/fKSw==,type:str] + redirectUri: ENC[AES256_GCM,data:Z0mo2BbMWBp/kfBaplkQzzFdktjTvLTB3c50yMU2IfqQVta5Q2vQ9UJeIB16JX0=,iv:avVDsu8I3es4SMMocVk+HZfTHC7hovmBsKREn+nl4ZI=,tag:Pr3s4NJyaI7ptm0hET4pfA==,type:str] + comment: ENC[AES256_GCM,data:gfJ47KgduHgkAo/Xybg0YSNOqXg=,iv:pihROTdckwv9cehzIyYyhjwpgMurBMx57NbpqMDKu7k=,tag:Bf7saFGs/Iq71x739Q+zDQ==,type:str] claimPrefix: "" - scopes: ENC[AES256_GCM,data:KMSRU3jsWknn29TmdRUS+gVfLDa+8qQviK5X,iv:xu1Va/LfhfZo1QjTNbSTvI8INmUd4vKE34jSAFMXoWM=,tag:Hz5JPpo71xkCHzRgR5JCaA==,type:str] + scopes: ENC[AES256_GCM,data:Rql6kXzWAIkE5xcb6dwbNd2sa+mCGD2uuXkT,iv:9xccj1iHtkcpY2GbNoVdggrvX3sDO88M2dsoIVIhSPU=,tag:P/2ITVvGJhmwhmhPtT6Itg==,type:str] sops: kms: [] gcp_kms: [] @@ -22,14 +22,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1cVlEckJ4cWNyYnZxaDVa - ai9NeXpWMzU3a0xEanhyaGNKY2gzd3hVdUM4CmxGQ1B3em1vcUw4czNsejdEbnZz - T3BhR1R3UVVScXNaT1lRRHFTOGhCck0KLS0tIE9VOW1BK1lxVVkzbFp0RzZnb0VR - bElLVkNlOHJpMEkwVnFWUktHOE0vcU0Kc/oFKbItQDM3skgD/Ez4TafwBSoEUKsD - kYYGexUQG1GkdG5HPiABFNQu6zVDSYDjeEPOh5DRzzFvudQmy5NeyQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbE5TNzEwY2l3VE5EcHU0 + cnNBazdHM0ZUd1ZJV0NMcDhPZUdrZVhuL1dNCkRHUzB5T1N3NFpUZ1JQalg0elA0 + K1J6SE9ML2svT2ovYjY3dnJnY20wMEEKLS0tIDZ1MldTanduV3FjaWNsSFdhdGRB + b2dkWUVReEtJSXFRSTVLVFJzVmU5Ym8KrIBGe2RNCHGBNDk9TIPTFL8ge1WukG/D + nzE+Gh0PiJrxJDzE/sWFtYgkzthMRBhDNjieZUmbgtpDULDe/9Q9ow== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-01T15:41:45Z" - mac: ENC[AES256_GCM,data:yO91CR14zwhaNSXKkCUuJt7WqnJVREzh5XoSKX1tJ0+XvAyTGPYL/IxnbgTHwtYB0BgF/srQzV5rCNg6KhmA/T29BLRI5obIvmmLhf6AZe0QCCvrhYRr0SrgIngOgG0hMKIg22f2BKagzi7kSVF5BysdD0EtUeDvLaoa3ckWjRc=,iv:+mY9hZaZUyImWKx8cFX5FlwhMOr3u9ttAdlV3dCij2A=,tag:npJlSBxu1uVUvZ9+YFRrkw==,type:str] + lastmodified: "2024-08-19T11:07:01Z" + mac: ENC[AES256_GCM,data:IU9IoU1gpwwnrEVLeMAC4B33lZcpCmoOectiavKBOuSnS5agEi5eR2V7TScO8MYpfOuLfM5dypAmL7I8CIcR0VESizUd4dbc34RUZ4VstjI6qiS43tbGgHxq1hAKaUbDCh1j743uK+bAe3NSG5LJfy1mfGIWEaOWRcu8elaJisk=,iv:6bDw+lViJEJjHd6P4s7shz6Y6lO6rR8YZ/2mSaf785c=,tag:7sZi+/JrjZhX4erCpMqhtg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/values/badhouseplants/secrets.nrodionov.yaml b/values/badhouseplants/secrets.nrodionov.yaml index cdea8ec..382be98 100644 --- a/values/badhouseplants/secrets.nrodionov.yaml +++ b/values/badhouseplants/secrets.nrodionov.yaml @@ -1,5 +1,5 @@ -wordpressPassword: ENC[AES256_GCM,data:0JSm0szXtZwNPw==,iv:ohVbIeIqhwdoJkPhEta+3sXopGkoL6Z3PVsWthZ2RGM=,tag:9a8xiWdWgyEc7u6ek856yA==,type:str] -wordpressEmail: ENC[AES256_GCM,data:mCbGYDbY37zHVqYo2ZacGWbtVxud,iv:w3La8QpCs1GKWspjVe5XTZ6zcLSnApJw9i6MtYI8rP8=,tag:H+4M42u/5lE64LqyD5JEbw==,type:str] +wordpressPassword: ENC[AES256_GCM,data:S/RmNSAaSZSrsw==,iv:Q5n+72jgUJKIpwblr8/VfBqPDfJZclipDKVTjt4BWWw=,tag:4hP0lUvKcphciEFxBQJCYw==,type:str] +wordpressEmail: ENC[AES256_GCM,data:Ln2ISr/c7vESVumK7LGH12w2x7fF,iv:AZX5Gzd4vde+sM5XBuiKjAc72GWHfL46OoG6XMaKrq0=,tag:4ogLagGYSx0xYRWJU66//Q==,type:str] sops: kms: [] gcp_kms: [] @@ -9,14 +9,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4elh3ZjU2Z1JPckRmRi9Q - ZURUaHNuMk9wQ0JWMktBZ08vZXpkQi9sNnhNCmxudXBIcDh5WGpJSTdXOUcxRGpx - S3RobjJwV01zamozeUJGWjZ2SkJnNHMKLS0tIHE4NlVCZnVqUTByT0xtVlpBNUZk - T2NTYWFZRkQxSzdTN3ppOWtaeHBxWU0KPH4OOrTptzmv9+QzSc6Kvq2leVc0/H2X - 3bwsZK0/0toEEPGyrpJFcof1G9Y6GmW2JT2O79K5hm9R9FP1lqaxJA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxcUFLdEw4S3pHZmFiRlFB + M2JsSGRaS21SWG9CYU9uaVcyMjRJaVRNeEE0Cmh4Mks2c2pZVkZoeXAvZEJLazdR + aDdKdXVSWllzdGw4am9POURGZWhxTmMKLS0tIGVqTzFia3cvdEVFaXI5REN5U2ZP + VjJBSnFrNm5lNldJK1RMZEtaZDAweDgKME1XCeE6hBP8T+tpocfisLA1RMVF0aDm + PJnJ+YzdmX28CgEkcZgJ97+Gvgpz2M/e99YTcwTa6rETRkWhlsCF4Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-21T12:13:26Z" - mac: ENC[AES256_GCM,data:lBIOKXgW5EDzYGdXUP5c0OzdsyOVTbPhpNshlarm7UozDdnEW7brB0izRCp0+FjDxcDlhuBcpR69kel4x0O9NvDvCQHO6TfbEdFy43IgIg6bZAEAa55KNCeaXa9x+lyNWkTNJ066bcQYu8yFj2aOqwrksU96xsBqMk7t0CPgrDc=,iv:e5bjuz9ii50r22Dd7EHPqC71CJAA+jCW1VDQnyqk7TQ=,tag:eHW9xmzVASBGadSfTQwquQ==,type:str] + lastmodified: "2024-08-22T22:11:45Z" + mac: ENC[AES256_GCM,data:pj9YTjQkn9PmQrlTvwpHHEaExjO1v4JYEihBHxObwhboM9qrwaIzweS0fREXRFcTh3EdShF/uvj7fRbQ20mP8kTDbzby55qlRVZPL3nb3fU748t8neL7kQuLTtj7JPYdk8ZgEBouatSOEjtCNCo7OIL2nKX4xJ8jNdWW/w5K8ik=,iv:x/IXD482UsXYvOMELHMMkacQSWxeKXGjYw4sY1yrYck=,tag:RKyQ1PpR9khmz/LkOlVdtA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/values/badhouseplants/secrets.velero.yaml b/values/badhouseplants/secrets.velero.yaml index 441b599..2b39d81 100644 --- a/values/badhouseplants/secrets.velero.yaml +++ b/values/badhouseplants/secrets.velero.yaml @@ -1,8 +1,8 @@ credentials: - useSecret: ENC[AES256_GCM,data:zn9jOw==,iv:lEdpRvbV9vfwcWvImAg2yapCNgYwGxN37jrsrY3WBCs=,tag:50CBlc3UZQEbCDLXCOVgaw==,type:bool] - name: ENC[AES256_GCM,data:6jkV0vyc+qAO/iT6jZ6z,iv:GbWE1biI7+qZfqEnlG5tQNKvSBe0WpYApcg3RnYXYts=,tag:0K5vKZrAHhO7xNNRkguEFw==,type:str] + useSecret: ENC[AES256_GCM,data:synuEQ==,iv:DoTxRvHamHSPh6Fy7f2/lQbIXVQP7bg0+gRDNLK5ExI=,tag:IMxGc67WNUWtyv7xeqLKDw==,type:bool] + name: ENC[AES256_GCM,data:iOdJiWlezjgsI1NsET8Q,iv:dt3Ugyi1/B2pHhPlUUfJZ8lT57OUZZhXdQ8qbm0D/20=,tag:N4mxjl0NGNxNDtwEZjvrpg==,type:str] secretContents: - data: ENC[AES256_GCM,data:hFvL51EwLkX/sx0FL4PNRxFdK/jMjOVchgFK7GGtANBK9ZwzktAt1vd2YMp7gFgueltjC3qQYy6oHc0WnKgOo3XayBIstJNT,iv:Gwymmy0/M5B35qYOZOqW7g5MmfeDciAqIJbohU533Ng=,tag:tKi1amgZkyKcU4VkaPEWZA==,type:str] + data: ENC[AES256_GCM,data:x2kwYP7i0Nz0YhjaoOLY7mYdXchdYwy2wZDypePGyS18dfBttmrzgp4JCPpFbL3QbkmK4u+Cs1+/Gyz1Zk3I7lnzW+T0rp4t,iv:zYfGPyGe5fDHI2MbSjrxFqRmjSChzA9KrKXCGoEyzrw=,tag:AGOh63/OVROHo5VYXV9tzg==,type:str] sops: kms: [] gcp_kms: [] @@ -12,14 +12,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTNjhYcnAxOW9Ib1lyTlFJ - NFF3cWhYSU94UXA2N3ZPN3ZoWWRaRjE5aEVzCkdLbk1uUVEwNjdKVVRlTUNNbmpw - SWR0Vkt5QkVtZnhqdGhTSUlYaXdNWTgKLS0tIG9DNzUwdktmN3FHVWtLWFNuakps - RVVKTDlWZ0ZNaVg3bXFmN0FhK1FaSnMKyOqdgYzP1QP3FcZat+8pZHjMxmUJs7vn - 0LlnPd8hMg1nmM9P3kkE1/4X5z13yiuE2wdMV3iT7RqiexGlCi43Vw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2QVJqcDUrSll4ZkJGZXFF + dWIybkc4QlduakIvSzM2eHkzNHdUWTdibFZJClROdDZmRU5NcE1TbjZnTDhZNEdY + dytnU1l4Z3BUUk9NNVprK2o2UDZ6d3MKLS0tIG5EVHpZaThPYmkzcVZWaFgvbW5r + MnkvbjY1dzV1cU5BNjU4aG1EekNsWFEKZavz2hNlogTfUH2oz6ovfv9vmlmbBy7C + fIrWnBzmO+bl2GIb3mNXUPv8HjfuVN6YzFdew5Kxhls1P5op/8cEVQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-04T11:36:43Z" - mac: ENC[AES256_GCM,data:5Vyq/jGjKbeONBkzFWCjdecoxMGSemY1EQJOeLgncmM+VW+hvck8m0PcHmZYLz5BNyzw8lfnFYdfBARtwD6wv2BvD4p5A/8iZUUd7BxmrCCtlm5P39Abi0E5OZkOgr+js6rGzmRM5vBUyE86hOHc9yXtD1F2isOPkHhlXH7atJs=,iv:eN9NgFn95tku7BEvlYNK5v6kAktyWPwG6Zomirx2W9E=,tag:PBZFykWJKKw6J7kAZn3H0A==,type:str] + lastmodified: "2024-08-22T13:52:31Z" + mac: ENC[AES256_GCM,data:/tPHVPEigjHM3nmoNKcyF+v2rjFKPgMA0OVdjNtuPE6zkg/W2U59CqmFaqSfLkswH9OZdtC8ObyKELhEqPOAYdMzFpyOGAtYB0wpY6ghsza9O4qFhuvpHp0Nv2qFT4BtEvbIofn1tVAAfRiRvQo2oV18hW116HAcyoTLBsLAzPo=,iv:plcyO/TXxXgmuy8YA0bmCYWdEmWXhHydLQYZxr/bDpU=,tag:xAk6qnS2ju61Nhpi5gvWYw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/values/badhouseplants/secrets.woodpecker-ci.yaml b/values/badhouseplants/secrets.woodpecker-ci.yaml index 56326be..2bca3e8 100644 --- a/values/badhouseplants/secrets.woodpecker-ci.yaml +++ b/values/badhouseplants/secrets.woodpecker-ci.yaml @@ -1,10 +1,10 @@ server: env: - WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:mGYEvlIeQC3mg+kxy3ZX6gAVf88DXLVdeSdgpQa8wixsb2rDoj4+l2ET2saquK+lVhjvv8ZKdvg=,iv:VlPgDYPj1xpxnpWnEHj+slBi0H2nWKeScclPItUaG9A=,tag:ox/Ur5vsOARXRT3g0hCgsg==,type:str] - WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:WXwsmLmb37clb5xgv+2DeKfhk7cwaIJpaCW8/Kq/CmgfwCmrarPDDQGXZoLwOjGj3mh/ciDj7V5WgHfyxuIDhA==,iv:NhGlPyPrTrTbz1DjOZEieWAfOQHqSqhdLiqMspex1j0=,tag:vOfo+XiCUW6MhtJemkZPMA==,type:str] + WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:YCK++7hNKOQ9cuXTdRsN/x6nt76PNqvM16XaLnw4O0Uh5LQGv8nZt+Oighd7KIXFhsUfgCfPUU0=,iv:WrTNlxO+6rMa1uxv58k74L1udl7r7XSw5yzOZHBJuAk=,tag:lsHvrNTsoq1aCl5Q/rzkdA==,type:str] + WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:o3w9/9UJtKEHcsKz7lfTl/zboYAQjYZLQUpOs4i3UPxsSaOy1AvezQZauHwYJZoVsJwWFE0XtOLhnd8bx3UlHA==,iv:CD5lgqFY/cJFewbPJqo+lniMCQaZK8PY4CmL1IsC6IQ=,tag:R8GU3HgZXcSLqOedYuMeGg==,type:str] agent: env: - WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:4lTZ16jbrorU4B9gTAoWmgiGggrMWD7K5O/5R47OIDMdRInwXtaWviofFD8WJQMduiGvANxMVNs0J1DLvFKi9Q==,iv:Y0AsW63vdVEwKvpVYeMVLFmwYlsQSwnz602QjDgj/ZQ=,tag:aO9xh3psy/bRCCQEFUp75A==,type:str] + WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:aHTziUzut6goUZR2JtNaqRTC1mvdA1HS1OLJRHdXtI6coVGcLahxl14Kun4JqsKEXLHeAyU9WEijoRRgixOHsA==,iv:txYRgyO2XHbWnp81ow1EyT4VbzxW+Q3d/NzzclNGT6U=,tag:8nEPzQNPi2bXTDYa81M/aw==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlQjZqNE9iMDl6MlhnSUp5 - QTBSOG83WFBqZFZIU2dEMzlpengrUFg4alZFCld4MkI4WW8xMUZnMm1SU2hmMCtn - bTZSVTIxTk5aZmo3OEJJdlJwL2xhV3MKLS0tIGJraERVZTNyMWFCVE1TbEhRR3J4 - WXh3NGd4UG9OODhHNEp0cDVoQkM5dWMKcz4h0O4J2WlB+L9+/U8Rl+zzd87hsJo8 - ThPZgnUNDGpdRrU2IYiXo03fZOhBoqBJe1ZG+Ol8z9bvTeyeMZxRIg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqOXBuOG1WaFc2cGVPeEp2 + bkxTWWJYcFJMdjM4S01wTjRYY2RlZldSbTFRCks1TVlwS3BTTnUySDVjMGpobG43 + YWU3eHlLcGJMcEIvMUZiVmIyU1NnK28KLS0tIGlwZ3NLQndac0F0QTB1azJHQUlT + TmNXN1BYQ1JDOFRJV1A3WWFYQkR5R0kK+dSdoRdeiJBrhU6YnWb9P489dpTvhjBW + GFPuTrQxqy3C6frb5K0huI1anarmdirwglD+/3UvTSQ0CEbUk95EMQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-18T17:43:53Z" - mac: ENC[AES256_GCM,data:u8iu+Ia1u5c5AkdyKbGT//G/Zp+yDNv3TQIElSBA6qCTBu0lKAii3ywXrqdpQ1kYtytjazcwkOa7vKmVy1UoCNda+8wGGHfhfOIQlll+TKBNvgUO73lF5P7X5q6CcgFMvTazXKElESEC3G04uVLEOdG1W6d0ArVRnh8gFOY6Jgg=,iv:VT0pFoOcLPK14I1doJi+52wtCfUuqh2nxdSVu0ufVOY=,tag:SwAOYLxOYaouteqXdgP2Hg==,type:str] + lastmodified: "2024-08-08T20:44:23Z" + mac: ENC[AES256_GCM,data:dMXGJRe5/k5+XFuvORJHGCmcSL2fsP9Pim2w1k3sUdJZslqptdDm+lk01mjPBMrQkgMyX7GHIwaqMU2hK5i8nBKYz6SSq91MgD+vtVHQoum5DtmAFwBOdT+m3VVo395OnLvXT1SvskgMU6ddy7uDD7UBrkVe/DxQjX3s0/IntRY=,iv:6v6j8U7nRlQ+YEs9wiPRpnkoGjCMPbfMp/ecrNgksis=,tag:P0aGi7qBJdTz90CNGF10dA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/values/badhouseplants/secrets.zot.yaml b/values/badhouseplants/secrets.zot.yaml index fd00151..bf9d084 100644 --- a/values/badhouseplants/secrets.zot.yaml +++ b/values/badhouseplants/secrets.zot.yaml @@ -1,8 +1,8 @@ configFiles: - config.json: ENC[AES256_GCM,data:pTTLT0Tncq3asDud0P+EMg33lPP3wmJEkMgLV+5yAwYdc3evK3FiifxcbLup3hu4XWIn0LSpGKvW6tLzHjq6exeejyrn5G3/FfLNwWsTXZ6Yi6V/MLH/8xOpE/kXB6IOpAEz/TQXLFY+A6UJ2+4OQmacQ+PTVacZO64mnH1ZmF662vw7+XlFZixYaREUv9RaCHPO/c5J8lAGpL73ltylWrpGI5tozEg8bzYtvTNpVjwbffrAx2OJ4uVxaEEWJ6hXf+aH4KVmsFkX2q4N6qcIZSr/JMQiuzizMdcEs0liiHbNThahsNyIjH5yTODX0Q6l0JYiD3F1t0PQzH6NxvADB95lTbfWjJ3Rqd2UkUXsAhSZt7IzcCE+M4v3wbitPrnTVfVJidHzHlBq3hENfBgVl8012Wf2ZzMclkG2PM1Nf1sKx2yiX9RGF9m7cju2FIG7cdbJxDonj9zyfnFdJBsc6W9XY3Yk2sFwpHGLyrloZlsV/33p+REPDjRBOr2Q2LU+SqwFHYPV5Um1h04SyoMO6jwrc22emTH66zLqgf5lp9P0IE5DEp7UqW6bBVL0UsK0gD39l1xFJYiYnstC2kWtiR7RNU1Lj+lHxPcEmpSpH96EVLdjCogMModRlz482pO3in/j9Ip+RwVfYpHz64q2StkArQiUkbK15YJDyd0YQlW176tQl8wsEfK5nXsShyVzy5jLnypHaCkcPxOBycJLIOocnObCgHe7/g7h27rFxHki0Y/fQIAWKhMSgDiIFaX5e/iawn2VQ0KUp/oeTYtCYfsk0FvsUSG4zruXa+Qy0lutHNWuwrOefYbY9yyOXBZRrm2S1uzTokoCii/tOyUkzp9Yclk4iEpjC2CS4YvykqUYdUtQA065WcScSboSf8QlmlAP69ck6VRbyETI4kBgQOannVTtBC3fGSHXGUJ7Vq3Gk53iB8dsogsga2JLUzBf0NtsYp8ts8+d9XfWxQNY5eq7AsoUgQoFJXxEpIrAXXDKwPNZztU6MEV4FP7H3WZGUWIfbwfJbak2wFwIYewSSUWxD3kPdFmDCx8GZqs4KXv7onk3y479HjyI/EI7ShfPtKTvadk5JeEpfyt8Qo86CBTFtTZJDe4EPEK2GfSkXnZr6Fjw8Mi3K3NJ1syY8LxoUrNm7zndDQKilFrtKNf1DrhmtUsGZJcsO8eWEl9cHtqH8enF75ZtiVS4p/WMVX4pRYSyJkQVWqmjeXe9ec6ZpZcghU5zh7HHjU+54d6lcmSquCKjWGQ2dfTMYca5gnA9qKCdWHulXHGRs51Zag7yK/viZ3/kqFDNiBuuTci0YjPMBvOM0P1nFgF3laIKiClr+A/1gEdU+4EN257t+YgaGyHmGjP4081Dxh1er3hfsR4TCBBUBNVeRX6wH0F2ftihSqb4fwvyEE9sddAUT3D9tCwa8v81iLxfjkUbW9qo92VIUn8gTXsWgYN3743D9k3Rmen1Uwpvz5P/rN9UufGgbxHKHWGzMqdXJnD63QLm+d7JsSAOB7uCxsF5Pusi1C+LBBuSmVGz+RH8yXBos1vkhXepAkKIAC+QZRTOau4Qde5gnRW5FdacF4QNJaa8C6KlRggPFft0/RnW4hlym64IN+/IYcOpuTPENuJzYI3P9b4GUP99/hE7bVWFmCl4Y4TiZThrUUS/FSDBpfVHhM7SBiPqoCgeAhZKRMA35wYswb+e5wDqAAxXyERbciT05v7D4nZkQN28bimXtFlUliy1v3+3MMJaNh6B6o1+Q07z5qq3MOtDJ6KtFYNLD3ykoraEPUYRUW3RwYdbUhCwIeL2FWYYoESDcplrOxErf+x9WjG474ZiDDUuWXHhr+F5OAdVwH8WcM3hzAWBVsHZY2+PW9b6UpODNGJAezhVht8jDhCLAx+FWLmCFRbRibPjuFNi8EQhSEeAvBUqRX+6yxensC/hPdL0ZSA02W4P0AEVBM6cIWjsSQ9hjopThe4hGKJp0ugaRb/GfndDiTNb5N2dH4ES+k8JIwMs8t8xkRnqtiV1QJ2eTP9cuA0QxinLxOfCz1QknZbPGdUqHytL1k/cXiL4fWgLgi95bdWhV9iDjo+RLBQyuKcyfMseOy/4cS7LaRCLRc6qWBtJYC39wQVxEFaP97D6Th+1u39Z8V2qH6Jn+Y2jkykAz78/tfPHtCqN4a688pC8VqwXS+GyMzCCDPrWStKRFdLY19iuyoMZpfyN3DuwfS9I6jhxfMgPPBcMAdzR0iEL6bahYuhBQjjFsC1lapRc6c8xvibU2sZvZhUM/5ESuvD+o+o2lrzGkZd6a2X/GUOoj86nVisPS9qewrqOdZX2QWENBiA0XxohHSY4nUmUmSxVQzM3K0+pJYc8lLRppeoOAg8QbcP6M1KHsgWqlimB9UMG/ONYL/hjBeUZ2KXmEtSZILoO6dQYpofej8pYY+MZycRWUzA8e6cng5APvlV7TAFWgXkjFDA4x13zQdFbC0uEaOwMk8k6RI97XE7NqRsNqpm50T8oQyuuQEG23iOaPUp3Yg50S/BjmPyqSg9G0h2LhLoH9j08sm3mX/MjJ656/52h+jnCsagZdrec7coMh2oqPMosdh+73Nk3spWCQLe82peoVW7reGeqMSlLrsr5U9uFgW+ISdYfQxgF9rTHN3iCDpvvi6z56oeGALfdMCOC2KKz508DdEYOD/bQ60oNv2nxDmdL5AmMN83iKVvym2uRabispot4scXA/cO/eVW4lDKYBjiV/zU6KpFG3T4ecG7DE4ezP9dPfsw3e7KCzN02ggP0kj0=,iv:cIjqYtBfWUJtNTN1+lZq9lEviErqvkmFhhWV7w6URsY=,tag:UGu10tH7SfemTk+L/+xb9g==,type:str] + config.json: ENC[AES256_GCM,data:4fWBCzOvPeimQVO0xRF+dnIuG7rYNIQujDTdHD+E4SWRb7xsNpYLw5ugJq8RgkZZT/DVCevSQDYD9TaqKFPn9Gs3k32Z7Or3gQrx35ew5XFXFs66VT8gvqyKAjf8nXSn61Rsd1PCFvSNRxT04qvclsoFNLDjb/pr8rIlZVSyBRQ606WToVW5es85pDUFcNS3vT1rFLe46lPi2oIRCV7mVt2sXTb67jryuxUTMfjbboOE9JVwFPTgyPTwVvm9yP2tC3Czv+hUGKzQeJAFbFzLiVQz5ieY9KwHWv02N3gzKrNvzr325dxxrTuO+mzHHM2Ax8xELc8iTKApP4t4/4pAPB1cVg/ARWbcTIabZ9ygn6QtnTBTLK1r8nJSXcQ1mza7sOhVafq8U7e1XYID2QHb7/1FjZNzB1/fMaTPZXMr2kJlbc8HwOoirDJ3zQvzYRs0FO3fEYjktSXO04+FEPySc22dAy1eOASg0xn2s7SwyWs0yEBIHkfbsgDk9ykfOXZ2YZVHSPDFR8DYwBO2HJx9ONnZwBBjolSRYOktM8YZf+bhK4eorRu4/XPPxkmTSbHk9HrzeRuKlsv/mCIGjM3EbUNkHUljol9cxS7l8pc3F74mte7XC2TT4aoEnwt2ZxQhl8o8V3iZKlv9ZpzQDy/y5NZ+eC/lUoNgGORF/lT0IW1O63eAsNrTJwk5SFy1zaVNSiBJH86PYwCuI2Q7o5McZdo4Y/m8Pm5CiwKooo6D7vdpOIh3suOxK1kNTO3lYzEEF0KC4FpFmUZT2jr2Uu0iVmK46VPHeOjEz1pfIXiFDUtpxP/qbDw0HBipNouQDVCrrveK9RwrnNs9f0lGQ4Zjb346l+0FQTXOIwTM5ji9zxztLuHp2YhyBEaoZLJNdTimjbzBphiWsuuhndMWnAn89gzVZH4VrFYvDv10KtSXuV4XQSpgeBCwjPx0CjeuStfXn7/PRRMk00BFT3/RkHw5cRFlVU/WzWTeVboC/2aSEwgQIc9PPo5qtVCAPvNNiHyXfcq/zPbAH4u6lk1SivJm2PVUBDfdb+78EbQ53rZgQ0AcsQYqMuUVglUM7x6EC1Q0l+bXhUIPJ1NCu2Uf0qNCHtjOKBTSbnNdgsrWkNjpbhjVP/dhSweTijpXejeyiFWyr/8DEPfRABeqDQ7wHpq+HSo4xqqaB1ychrMxZ1DygMaX47dn7zImoDwXSYcF+Fgv1WIli6Pa7dl70PtkDxQCZj6FtDeVv2yJEIaA7+KuldSKfc4AquA+8619TmSEZ7VVqTvoHDCKCU9IC4jLqjMAvtueD23ILGzPeh4/bATisL8DGzBMTBsNC58sEAYRJaMf7lfHt8p+XYxaqU3C1onqPzh6/D5Ic+7bXhOOhjEul+6TOkUM+kbPZHRJ2RHMkfTFN6Ny8agTyq3Y6QGisFCu0hRcz06PzVCVg5bLMOhbqvv1rrhUC+jDntlQHwkuwVco66tLvwGR48mz1J7upuYPXdN9FWXBQvXinOEf+9vTOGApocVO6ckvvIkFycHPAuK2PmF73ZlMA1EoHi8SFc+LfIOqz1xZGBWrihsXsQ/M13jz1eOtuRXvzRa7MZn9jWe/6SPEDLzUVuwA5j71Tcfvaf0hcSqEp3mQ3QIbsLGA4u1/nhVVgHgYNPPqwSO3CdwT5hg4mAJiYtmqevs/AaohZ/gpo6JUsNtOIfClO0cMfEtvLfkT9aeI5asu5D638edTpu6+M3qepV7vvre/XmpyQPXMoB4Uta9GxIdxG5Df1qzzIF8UxsP2gm82vDfjM77hQxDWbioGMMMmQieUCFF4tzEJgoI7MaYB/c6E2BvDx4BFcHs+kSqBTtx+PqcDIKrUETQxQeyUJ0gguI8DGsEnaAxF4oROLhGyMYjNzyG2IxMPN76UusZaE7g2/yVBud+vt+EMFZW1212EghysWN2GI6jyNvF6+rWSRCPjVZsxB4MumuauTmSo+uaOv/VYFEgKolyxeain34oJFAd6rkOcPjjVEfE=,iv:ckg25YFoRwiCblA1WcPC3RL9duKOgCzW4BrofqdWVxY=,tag:YfovWhDDYeMN8nzARjjANg==,type:str] secretFiles: - htpasswd: ENC[AES256_GCM,data:R4eaeMqux4X+z8HOgRYfNGNrtUSEhBbrp6nXgrK9naGCMP5+RuW10quG2XT+a1fXYTzNFk2UhKr4mbhargNQXNM33adQR7VesEK3cFE6r5DWgL8QZ3Ok7cvPMs2GoBR4OopxlBZvY0Il0wPQ5jnFDRb6m9inFSUCvz1c+dtsuWCI6PFdGVpHMg==,iv:v8eFslayA1mFLJR9oGqnavLutzHU6EbTVinQ2B9BkWY=,tag:0preIu+1DxnBxirNsgPBbw==,type:str] -authHeader: ENC[AES256_GCM,data:rF66ayPCsNqIE3q9GqlE9I7Z+/J4XEZ770oBw8x29dlFA6QOuR6XanF92eOx4xFl,iv:LnIbj8lJ6cO9wyPPIv4KIvFOvxrnoyUXgLGk6UCZS38=,tag:fR1AqnGDvjIwnn9ZWzRjvQ==,type:str] + htpasswd: ENC[AES256_GCM,data:DjBPh4ycj3Cr8pmjlnkOPsLrA6joney4vfkZMQJzq3+Bo8ERECyV3Ttc193c3DAfJCd9/Vj2HGDHBhxyqR/mT85NT2LuMueFl6XgdrvWIm76sOts1hmfmstGBUT3o9UOk7B3JXgRyXe2hqA312lIrBswncsy1RQOJvUQyhEOcD/Li6R3CQFPFQ==,iv:C/F3vg9dcmS1uSlJkbOkOoj04ZvIVuHJ/IkIqGkYUgs=,tag:I/c8V9DF+xiuHYdnAyl3KQ==,type:str] +authHeader: ENC[AES256_GCM,data:xiqhgK8yQUtpOBUMDVWD7JxAi5xjz4HDsV4wveMBoDEp60lrZugT+23i9m4cifdl,iv:73GsdwwZHkhZvbaGQhKoHykLvvVwYrIuZSKJMWOUd8Q=,tag:3g8H1IACoqmC7mndixb+7Q==,type:str] sops: kms: [] gcp_kms: [] @@ -12,14 +12,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2byszZ2I4RE40ZTZBRHZs - RjFxUjd0MFJ6SmFBZUYwZTAxL0cwdTl1U253ClpGWUhrVmpCZmorMDRtdjVEa1Vo - T1VQTHNXZy9wWkNxY05FZFRLaTBkNjQKLS0tIEl1dlVkNnRGZ0F0aXpiVnRycDdH - WklIc3FXODJkMklVUEdQZlJVOFFDZUEKzG0b0TfKoN88zuTCKgcs6CXl/2kHWm77 - dO9rVMXRhohLTT66K/nFOqRVvHjN0rvTJNa7/WIAJr2AeA4nGtEBTQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvc2NjZ0J3eWljdzlqSVM1 + N2pqQ1pXVmJxTjZzMlFMdWgrYS9OVVFFWkVJCnpnaW44Vmo5VGUvSjFRWmFlQ0FX + aEpQajVJNzdQeXJ2bzFBQkkycjFYeVkKLS0tIFh5SGxEbW93ckc1WnJydzFWcVBR + RjZMZHEwbHR2bzZJZEFqeWRlZXlFTHcK4Z0WwYIIdBZRt2RTlSbRHER9BJNolHLV + 0EUjwcEnFQExF/uh2FTeoVudBhmlyfVjYvlI56QoeculVHPSS4YIhw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-25T11:21:00Z" - mac: ENC[AES256_GCM,data:R2P5oMUnL3WCMdJ7a9hj/YQDc7SArLIUqeGVEd1BQYS9TYbuCULFUEBs9R6w0+PlM3safsMZ6kll5UIoYwk4/ewXIjJ+E5kgxo4BzREJLq9JIqJz5vMtCUN/Ejny5GsIw6rx+49YRYOVvwXtFG/2h1dizKzuwDQfeDtHctUMTYk=,iv:dT1i+F92NGZdvSdsdk3GkjRLsOYnqB7wmizWBYPHW5E=,tag:NH36reOpR8ptVy9gK63LRw==,type:str] + lastmodified: "2024-08-18T20:53:28Z" + mac: ENC[AES256_GCM,data:RTUkxdfFLcqSHUjNTTzGHYtZubydqm+9cZmW6gXj2PIn5I0GXQoJVwWT6sZFbARrDpaMyANLBYYeh2P40i9M1GKqz1HnnelvMDEqN036e/5dtSRclPhQokDxtRMZAqM2tGDG0E3UVzMo0I2hQL3BJiGSkdNjz+rRXlJCOnrtUyc=,iv:jUhrVQKT2YVn3K9sY13M8ymEHnQahs0gHe0IOEbdCw8=,tag:jEcelDJi8HQdLS7/fUHq/g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/values/badhouseplants/values.authentik.yaml b/values/badhouseplants/values.authentik.yaml index d26459a..16ce0d9 100644 --- a/values/badhouseplants/values.authentik.yaml +++ b/values/badhouseplants/values.authentik.yaml @@ -61,6 +61,35 @@ server: memory: 512Mi limits: memory: 512Mi + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + httpGet: + path: /-/health/live/ + port: http + + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + httpGet: + path: /-/health/ready/ + port: http + + startupProbe: + failureThreshold: 60 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + httpGet: + path: /-/health/live/ + port: http worker: resources: requests: @@ -76,3 +105,35 @@ worker: - name: postgres-creds mountPath: /postgres-creds readOnly: true + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + exec: + command: + - ak + - healthcheck + + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + exec: + command: + - ak + - healthcheck + + startupProbe: + failureThreshold: 60 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + exec: + command: + - ak + - healthcheck diff --git a/values/badhouseplants/values.crossplane.yaml b/values/badhouseplants/values.crossplane.yaml new file mode 100644 index 0000000..99cf73a --- /dev/null +++ b/values/badhouseplants/values.crossplane.yaml @@ -0,0 +1,3 @@ +provider: + packages: + - xpkg.upbound.io/upbound/provider-terraform:v0.17.0 diff --git a/values/badhouseplants/values.kimai.yaml b/values/badhouseplants/values.kimai.yaml new file mode 100644 index 0000000..315d171 --- /dev/null +++ b/values/badhouseplants/values.kimai.yaml @@ -0,0 +1,71 @@ +ext-database: + enabled: true + name: kimai-mariadb + instance: mariadb + credentials: + mariadb-password: '{{ .Password }}' + +global: + storageClass: ceph-filesystem +kimaiEnvironment: prod +kimaiAdminEmail: overlord@badhouseplants.net +kimaiAdminPassword: 'ZYdsgd^X9LsjxmJ7i6Xjx6LEMDbK8EJ$JCtX$P$6SisEKGJaqL' +kimaiMailerFrom: kimai@example.com +kimaiMailerUrl: null://localhost +kimaiTrustedProxies: "" +kimaiRedisCache: false +replicaCount: 1 +kimaiAppSecret: CVUwPmI9m6 +updateStrategy: + type: RollingUpdate +resources: + limits: + memory: 200Mi + requests: + cpu: 200m +service: + type: ClusterIP +ingress: + enabled: true + pathType: ImplementationSpecific + apiVersion: "" + ingressClassName: traefik + hostname: kimai.badhouseplants.net + path: / + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + tls: true + selfSigned: false + +configuration: |- + monolog: + handlers: + main: + path: php://stderr + +persistence: + enabled: true + storageClass: ceph-filesystem + accessModes: + - ReadWriteMany + size: 512Mi + dataSource: {} + existingClaim: "" + selector: {} + annotations: {} + +mariadb: + enabled: false +externalDatabase: + host: mariadb.databases.svc.cluster.local + port: 3306 + serverVersion: '8.0' + user: applications_kimai_mariadb + database: applications_kimai_mariadb + ## NOTE: Must contain key `mariadb-password` + ## NOTE: When it's set, the `externalDatabase.password` parameter is ignored + existingSecret: kimai-mariadb-creds diff --git a/values/badhouseplants/values.mariadb.yaml b/values/badhouseplants/values.mariadb.yaml index aa05416..18f41dc 100644 --- a/values/badhouseplants/values.mariadb.yaml +++ b/values/badhouseplants/values.mariadb.yaml @@ -1,17 +1,4 @@ -auth: - rootPassword: "" - database: "" - username: "" - password: "" - replicationUser: replicator - replicationPassword: "" - existingSecret: "" - forcePassword: false - usePasswordFiles: false - customPasswordFiles: {} -initdbScripts: {} initdbScriptsConfigMap: "" - primary: persistence: enabled: true diff --git a/values/badhouseplants/values.metallb.yaml b/values/badhouseplants/values.metallb.yaml index 784ac2c..40a6c8b 100644 --- a/values/badhouseplants/values.metallb.yaml +++ b/values/badhouseplants/values.metallb.yaml @@ -45,9 +45,9 @@ speaker: resources: requests: cpu: 30m - memory: 130Mi + memory: 300Mi limits: - memory: 130Mi + memory: 300Mi livenessProbe: enabled: true failureThreshold: 3 diff --git a/values/badhouseplants/values.minecraft.yaml b/values/badhouseplants/values.minecraft.yaml index d87019c..b8dc0a8 100644 --- a/values/badhouseplants/values.minecraft.yaml +++ b/values/badhouseplants/values.minecraft.yaml @@ -27,30 +27,29 @@ traefik: # -- Main values # -------------------------------------------------- image: - #tag: java21-graalvm - tag: java21 + tag: java21-graalvm + #tag: java21-jdk pullPolicy: Always resources: requests: - memory: 3.5Gi - cpu: 1 + memory: 4.5Gi + cpu: 2.5 limits: - memory: 3.5Gi - cpu: 2 - - #lifecycle: - # postStart: - # - bash - # - -c + memory: 4.5Gi +lifecycle: + postStart: + - bash + - -c + - for i in {1..100}; do mc-health && break || sleep 20; done && rcon-cli auth setGlobalPassword 11223345 nodeSelector: node-role.kubernetes.io/minecraft: "true" livenessProbe: command: - mc-health - initialDelaySeconds: 30 + initialDelaySeconds: 120 periodSeconds: 5 - failureThreshold: 20 + failureThreshold: 50 successThreshold: 1 timeoutSeconds: 20 readinessProbe: @@ -63,24 +62,30 @@ readinessProbe: timeoutSeconds: 20 minecraftServer: - memory: 3072M - jvmXXOpts: "-Xms3072M -Xmx3072M --add-modules=jdk.incubator.vector -XX:+UseG1GC" + memory: 3584M + jvmXXOpts: | + -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:MaxGCPauseMillis=37 -XX:+PerfDisableSharedMem -XX:G1HeapRegionSize=16M -XX:G1NewSizePercent=23 -XX:G1ReservePercent=20 -XX:SurvivorRatio=32 -XX:G1MixedGCCountTarget=3 -XX:G1HeapWastePercent=20 -XX:InitiatingHeapOccupancyPercent=10 -XX:G1RSetUpdatingPauseTimePercent=0 -XX:MaxTenuringThreshold=1 -XX:G1SATBBufferEnqueueingThresholdPercent=30 -XX:G1ConcMarkStepDurationMillis=5.0 -XX:G1ConcRSHotCardLimit=16 -XX:G1ConcRefinementServiceIntervalMillis=150 -XX:GCTimeRatio=99 overrideServerProperties: true eula: "TRUE" onlineMode: false difficulty: hard hardcore: true - version: "1.20.1" + version: "1.21.1" maxWorldSize: 90000 - type: "PAPER" + type: "FABRIC" gameMode: survival pvp: true - pluginUrls: - - https://github.com/dmulloy2/ProtocolLib/releases/download/5.2.0/ProtocolLib.jar - - https://mediafilez.forgecdn.net/files/3789/833/GravityControl-2.0.0.jar - - https://mediafilez.forgecdn.net/files/3151/915/CrackShot.jar - - https://s3.badhouseplants.net/public-download/MechanicsCore-3.4.8.jar - - https://s3.badhouseplants.net/public-download/WeaponMechanics-3.4.9.jar + modUrls: [] + serviceType: NodePort + #- https://github.com/CaffeineMC/lithium-fabric/releases/download/mc1.20.1-0.11.2/lithium-fabric-mc1.20.1-0.11.2-api.jar + #- https://github.com/CaffeineMC/sodium-fabric/releases/download/mc1.20.1-0.5.11/sodium-fabric-0.5.11+mc1.20.1.jar + #- https://github.com/CaffeineMC/lithium-fabric/releases/download/mc1.20.1-0.11.2/lithium-fabric-mc1.20.1-0.11.2.jar + #pluginUrls: + # - https://github.com/dmulloy2/ProtocolLib/releases/download/5.2.0/ProtocolLib.jar + # - https://mediafilez.forgecdn.net/files/3789/833/GravityControl-2.0.0.jar + # - https://mediafilez.forgecdn.net/files/3151/915/CrackShot.jar + # - https://s3.badhouseplants.net/public-download/MechanicsCore-3.4.8.jar + # - https://s3.badhouseplants.net/public-download/WeaponMechanics-3.4.9.jar rcon: enabled: true withGeneratedPassword: false @@ -127,41 +132,41 @@ mcbackup: # --------------------------------------------- # -- Install Plugins # --------------------------------------------- -initContainers: {} - # - name: 0-download-mods - # image: alpine/curl - # command: - # - curl - # - -L - # - "https://s3.badhouseplants.net/public-download/server_mods.tar" - # - -o - # - /download/server_mods.tar - # volumeMounts: - # - name: download - # mountPath: /download - # readOnly: false - # - name: 1-copy-plugins-to-minecraft - # image: ubuntu - # command: - # - sh - # - -c - # - cd /mods && tar -xvf /download/server_mods.tar || true - # volumeMounts: - # - name: plugins - # mountPath: /mods - # readOnly: false - # - name: download - # mountPath: /download - # readOnly: false -extraVolumes: {} - # - volumeMounts: - # - name: plugins - # mountPath: /data/mods - # readOnly: false - # volumes: - # - name: plugins - # emptyDir: - # sizeLimit: 500Mi - # - name: download - # emptyDir: - # sizeLimit: 500Mi +initContainers: + - name: 0-download-mods + image: alpine/curl + command: + - curl + - -L + - "https://s3.badhouseplants.net/public-download/server_mods.tar" + - -o + - /download/server_mods.tar + volumeMounts: + - name: download + mountPath: /download + readOnly: false + - name: 1-copy-plugins-to-minecraft + image: ubuntu + command: + - sh + - -c + - cd /mods && tar -xvf /download/server_mods.tar || true + volumeMounts: + - name: plugins + mountPath: /mods + readOnly: false + - name: download + mountPath: /download + readOnly: false +extraVolumes: + - volumeMounts: + - name: plugins + mountPath: /data/mods + readOnly: false + volumes: + - name: plugins + emptyDir: + sizeLimit: 500Mi + - name: download + emptyDir: + sizeLimit: 500Mi diff --git a/values/badhouseplants/values.minio-operator.yaml b/values/badhouseplants/values.minio-operator.yaml new file mode 100644 index 0000000..d249ba4 --- /dev/null +++ b/values/badhouseplants/values.minio-operator.yaml @@ -0,0 +1,2 @@ +operator: + replicaCount: 1 diff --git a/values/badhouseplants/values.minio-tenant.yaml b/values/badhouseplants/values.minio-tenant.yaml new file mode 100644 index 0000000..ad029f3 --- /dev/null +++ b/values/badhouseplants/values.minio-tenant.yaml @@ -0,0 +1,136 @@ +secrets: null +tenant: + name: minio + # The Kubernetes secret name that contains MinIO environment variable configurations. + # The secret is expected to have a key named config.env containing environment variables exports. + existingSecret: false + configSecret: + name: myminio-env-configuration + accessKey: minio + secretKey: minio123 + pools: + - servers: 1 + storageClassName: ceph-filesystem + name: main + volumesPerServer: 1 + size: 5Gi + storageAnnotations: { } + annotations: { } + labels: { } + tolerations: [ ] + nodeSelector: { } + resources: { } + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + fsGroupChangePolicy: "OnRootMismatch" + runAsNonRoot: true + containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + topologySpreadConstraints: [ ] + env: + - name: MINIO_IDENTITY_OPENID_CONFIG_URL + value: https://authentik.badhouseplants.net/application/o/minio/.well-known/openid-configuration + - name: MINIO_IDENTITY_OPENID_CLIENT_ID + value: minio + - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET + value: Z2vCo8rw5jsEVZlvc3wCjPjUIcN31PAxEJQvZvzfawUtWPRCefk8uCjzffsOlK61RImz7IRUeGOfBeDnt7Xa8hpnhkXe6Dq2kBF0lZaUh0v3Jm3HV9zNONdAjxWaUJrh + - name: MINIO_IDENTITY_OPENID_SCOPES + value: openid,profile,email,groups + - name: MINIO_IDENTITY_OPENID_CLAIM_NAME + value: groups + - name: MINIO_IDENTITY_OPENID_REDIRECT_URI + value: https://minio-new.badhouseplants.net/oauth_callback + - name: MINIO_IDENTITY_OPENID_DISPLAY_NAME + value: Authentik + - name: MINIO_SERVER_URL + value: https://s3-new.badhouseplants.net:443 + mountPath: /export + subPath: /data + metrics: + enabled: false + port: 9000 + protocol: http + certificate: + externalCaCertSecret: [ ] + externalCertSecret: [ ] + requestAutoCert: false + certConfig: { } + features: + bucketDNS: false + domains: { } + enableSFTP: false + ### + # Array of objects describing one or more buckets to create during tenant provisioning. + # Example: + # + # .. code-block:: yaml + # + # - name: my-minio-bucket + # objectLock: false # optional + # region: us-east-1 # optional + buckets: + - name: test + users: [ ] + podManagementPolicy: Parallel + liveness: { } + readiness: { } + startup: { } + lifecycle: { } + prometheusOperator: false + additionalVolumes: [ ] + ### + # An array of volume mount points associated to each Tenant container. + # + # Specify each item in the array as follows: + # + # .. code-block:: yaml + # + # volumeMounts: + # - name: volumename + # mountPath: /path/to/mount + # + # The ``name`` field must correspond to an entry in the ``additionalVolumes`` array. + additionalVolumeMounts: [ ] +ingress: + api: + enabled: true + ingressClassName: traefik + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + tls: + - secretName: s3-new.badhouseplants.net + hosts: + - s3-new.badhouseplants.net + host: s3-new.badhouseplants.net + path: / + pathType: Prefix + console: + enabled: true + ingressClassName: traefik + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + tls: + - secretName: minio-new.badhouseplants.net + hosts: + - minio-new.badhouseplants.net + host: minio-new.badhouseplants.net + path: / + pathType: Prefix diff --git a/values/badhouseplants/values.minio.yaml b/values/badhouseplants/values.minio.yaml index c2011d7..5dcdb1a 100644 --- a/values/badhouseplants/values.minio.yaml +++ b/values/badhouseplants/values.minio.yaml @@ -99,6 +99,10 @@ buckets: - name: allanger-music policy: download purge: false + - name: minecraft-mods + policy: download + purge: false + versioning: false metrics: serviceMonitor: enabled: false diff --git a/values/badhouseplants/values.openvpn.yaml b/values/badhouseplants/values.openvpn.yaml new file mode 100644 index 0000000..d9580ab --- /dev/null +++ b/values/badhouseplants/values.openvpn.yaml @@ -0,0 +1,46 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +# istio: + # enabled: true + # istio: + # - name: openvpn-tcp-xor + # gateway: istio-system/badhouseplants-vpn + # kind: tcp + # port_match: 1194 + # hostname: "*" + # service: openvpn-xor + # port: 1194 +# ------------------------------------------ +traefik: + enabled: true + tcpRoutes: + - name: openvpn + service: openvpn + match: HostSNI(`*`) + entrypoint: openvpn + port: 1194 +tcproute: + enabled: false +storage: + size: 128Mi + +openvpn: + proto: tcp + host: 195.201.249.91 + +easyrsa: + cn: Bad Houseplants + country: Germany + province: NRW + city: Duesseldorf + org: Bad Houseplants + email: allanger@zohomail.com + +service: + type: ClusterIP + port: 1194 + targetPort: 1194 + protocol: TCP diff --git a/values/badhouseplants/values.rook-ceph-cluster.yaml b/values/badhouseplants/values.rook-ceph-cluster.yaml index b6f0e95..4e602ce 100644 --- a/values/badhouseplants/values.rook-ceph-cluster.yaml +++ b/values/badhouseplants/values.rook-ceph-cluster.yaml @@ -83,9 +83,9 @@ cephClusterSpec: osd: requests: cpu: "500m" - memory: "1280Mi" + memory: "1408Mi" limits: - memory: "1280Mi" + memory: "1408Mi" #limits: # cpu: "400m" # memory: "1280Mi" diff --git a/values/badhouseplants/values.stalwart.yaml b/values/badhouseplants/values.stalwart.yaml index e28df64..1a93705 100644 --- a/values/badhouseplants/values.stalwart.yaml +++ b/values/badhouseplants/values.stalwart.yaml @@ -1,6 +1,54 @@ shortcuts: hostname: stalwart.badhouseplants.net +workload: + initContainers: + prepare-config: + image: + registry: registry.hub.docker.com + repository: stalwartlabs/mail-server + tag: + pullPolicy: Always + mounts: + files: + config: + path: /app/config/config.toml + subPath: config.toml + extraVolumes: + etc: + path: /app/etc + command: + - sh + args: + - -c + - cp /app/config/config.toml /app/etc/config.toml + + containers: + stalwart: + args: + - --config + - /app/etc/config.toml + mounts: + extraVolumes: + certs: + path: /app/certs + data: + path: /app/data + logs: + path: /app/logs + etc: + path: /app/etc + +extraVolumes: + certs: + secret: + secretName: stalwart.badhouseplants.net + etc: + emptyDir: {} + logs: + emptyDir: {} + data: + emptyDir: {} ingress: main: annotations: @@ -44,3 +92,100 @@ traefik: service: stalwart-pop3s entrypoint: pop3s port: 995 + +storage: + data: + storageClassName: ceph-filesystem + +files: + config: + enabled: true + sensitive: true + remove: [] + entries: + # Ref: https://github.com/stalwartlabs/mail-server/blob/main/resources/config/config.toml + config.toml: + data: | + [server.listener."smtp"] + bind = ["[::]:25"] + protocol = "smtp" + + [server.listener."submission"] + bind = ["[::]:587"] + protocol = "smtp" + + [server.listener."submissions"] + bind = ["[::]:465"] + protocol = "smtp" + tls.implicit = true + + [server.listener."imap"] + bind = ["[::]:143"] + protocol = "imap" + + [server.listener."imaptls"] + bind = ["[::]:993"] + protocol = "imap" + tls.implicit = true + + [server.listener.pop3] + bind = "[::]:110" + protocol = "pop3" + + [server.listener.pop3s] + bind = "[::]:995" + protocol = "pop3" + tls.implicit = true + + [server.listener."sieve"] + bind = ["[::]:4190"] + protocol = "managesieve" + + [server.listener."https"] + protocol = "https" + bind = ["[::]:443"] + tls.implicit = false + + [server.listener."http"] + bind = "[::]:8080" + protocol = "http" + + [storage] + data = "rocksdb" + fts = "rocksdb" + blob = "rocksdb" + lookup = "rocksdb" + directory = "internal" + + [store."rocksdb"] + type = "rocksdb" + path = "/app/data" + compression = "lz4" + + [directory."internal"] + type = "internal" + store = "rocksdb" + + [tracer."stdout"] + type = "stdout" + level = "info" + ansi = false + enable = true + + #[server.run-as] + #user = "stalwart-mail" + #group = "stalwart-mail" + + [authentication.fallback-admin] + user = "admin" + secret = 'R@ndomToken$tring' + + [tracer.console] + type = "console" + level = "info" + ansi = true + enable = true + + [certificate."default"] + cert = "%{file:/app/certs/tls.crt}%" + private-key = "%{file:/app/certs/tls.key}%" diff --git a/values/badhouseplants/values.velero.yaml b/values/badhouseplants/values.velero.yaml index 120447e..674b62f 100644 --- a/values/badhouseplants/values.velero.yaml +++ b/values/badhouseplants/values.velero.yaml @@ -5,13 +5,14 @@ initContainers: volumeMounts: - mountPath: /target name: plugins + configuration: features: EnableCSI backupStorageLocation: - name: default provider: aws plugin: velero/velero-plugin-for-aws:v1.2.1 - bucket: restic + bucket: velero accessMode: ReadWrite credential: name: velero-s3-creds @@ -26,6 +27,7 @@ configuration: provider: aws config: region: us-east-1 + deployNodeAgent: true schedules: daily: diff --git a/values/badhouseplants/values.woodpecker-ci.yaml b/values/badhouseplants/values.woodpecker-ci.yaml index 84064b3..6777e25 100644 --- a/values/badhouseplants/values.woodpecker-ci.yaml +++ b/values/badhouseplants/values.woodpecker-ci.yaml @@ -34,7 +34,7 @@ server: WOODPECKER_GITEA: true WOODPECKER_GITEA_URL: https://gitea.badhouseplants.net WOODPECKER_DATABASE_DRIVER: postgres - WOODPECKER_GITEA_CLIENT: ab5e4687-a476-4668-9fbc-288d54095634 + WOODPECKER_GITEA_CLIENT: 4ea3d706-691e-4cec-a748-5108715cf72d WOODPECKER_OPEN: true WOODPECKER_ADMIN: "woodpecker,allanger" WOODPECKER_HOST: "https://ci.badhouseplants.net" diff --git a/values/badhouseplants/values.zot.yaml b/values/badhouseplants/values.zot.yaml index 8410ed6..65e0d65 100644 --- a/values/badhouseplants/values.zot.yaml +++ b/values/badhouseplants/values.zot.yaml @@ -1,22 +1,20 @@ ingress: enabled: true - className: ~ + className: traefik annotations: traefik.ingress.kubernetes.io/router.entrypoints: web,websecure - kubernetes.io/ingress.class: traefik kubernetes.io/tls-acme: "true" kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - pathtype: ImplementationSpecific + pathtype: Prefix hosts: - - host: registry.badhouseplants.net + - host: zot.badhouseplants.net paths: - path: / tls: - - secretName: registry.badhouseplants.net + - secretName: zot.badhouseplants.net hosts: - - registry.badhouseplants.net + - zot.badhouseplants.net service: type: ClusterIP persistence: true @@ -24,24 +22,8 @@ pvc: create: true accessMode: "ReadWriteMany" storage: 5Gi + storageClassName: ceph-filesystem mountConfig: true mountSecret: true strategy: type: Recreate - #configFiles: - # ui.json: |- - # { - # "log": { - # "level": "info" - # }, - # "extensions": { - # "search": { - # "cve": { - # "updateInterval": "2h" - # } - # }, - # "ui": { - # "enable": true - # } - # } - # } diff --git a/values/etersoft/values.cert-manager.yaml b/values/etersoft/values.cert-manager.yaml new file mode 100644 index 0000000..8a8fe73 --- /dev/null +++ b/values/etersoft/values.cert-manager.yaml @@ -0,0 +1,25 @@ +crds: + enabled: true +networkPolicy: + enabled: true +resources: + requests: + cpu: 30m + memory: 100Mi + limits: + memory: 100Mi +cainjector: + resources: + requests: + cpu: 20m + memory: 150Mi + limits: + memory: 150Mi +webhook: + resources: + requests: + cpu: 50m + memory: 150Mi + limits: + memory: 150Mi + diff --git a/values/etersoft/values.cilium.yaml b/values/etersoft/values.cilium.yaml new file mode 100644 index 0000000..00ab2c7 --- /dev/null +++ b/values/etersoft/values.cilium.yaml @@ -0,0 +1,8 @@ +operator: + replicas: 1 +endpointRoutes: + enabled: true +ipam: + ciliumNodeUpdateRate: "15s" + operator: + clusterPoolIPv4PodCIDRList: ["192.168.0.0/16"] diff --git a/values/etersoft/values.coredns.yaml b/values/etersoft/values.coredns.yaml new file mode 100644 index 0000000..04d2b02 --- /dev/null +++ b/values/etersoft/values.coredns.yaml @@ -0,0 +1,32 @@ +service: + clusterIP: 10.43.0.10 + +servers: + - zones: + - zone: . + port: 53 + plugins: + - name: errors + # Serves a /health endpoint on :8080, required for livenessProbe + - name: health + configBlock: |- + lameduck 5s + # Serves a /ready endpoint on :8181, required for readinessProbe + - name: ready + # Required to query kubernetes API for data + - name: kubernetes + parameters: cluster.local in-addr.arpa ip6.arpa + configBlock: |- + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + # Serves a /metrics endpoint on :9153, required for serviceMonitor + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . 1.1.1.1 1.0.0.1 + - name: cache + parameters: 30 + - name: loop + - name: reload + - name: loadbalance diff --git a/values/etersoft/values.local-path-provisioner.yaml b/values/etersoft/values.local-path-provisioner.yaml new file mode 100644 index 0000000..95dd553 --- /dev/null +++ b/values/etersoft/values.local-path-provisioner.yaml @@ -0,0 +1,6 @@ +storageClass: + create: true + defaultClass: true + defaultVolumeType: local + reclaimPolicy: Delete + volumeBindingMode: Immediate diff --git a/values/etersoft/values.metallb-resources.yaml b/values/etersoft/values.metallb-resources.yaml new file mode 100644 index 0000000..5c77cf7 --- /dev/null +++ b/values/etersoft/values.metallb-resources.yaml @@ -0,0 +1,5 @@ +metallb: + enabled: true + ippools: + - name: etersoft + addresses: 91.232.225.63-91.232.225.63 diff --git a/values/etersoft/values.metallb.yaml b/values/etersoft/values.metallb.yaml new file mode 100644 index 0000000..be5fae1 --- /dev/null +++ b/values/etersoft/values.metallb.yaml @@ -0,0 +1,71 @@ +controller: + enabled: true + logLevel: warn + image: + repository: quay.io/metallb/controller + tag: + pullPolicy: + strategy: + type: RollingUpdate + securityContext: + runAsNonRoot: true + # nobody + runAsUser: 65534 + fsGroup: 65534 + resources: + requests: + cpu: 20m + memory: 100Mi + limits: + memory: 100Mi + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + +speaker: + enabled: true + logLevel: warn + tolerateMaster: true + image: + repository: quay.io/metallb/speaker + tag: + pullPolicy: + securityContext: {} + resources: + requests: + cpu: 100m + memory: 250Mi + limits: + memory: 250Mi + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + startupProbe: + enabled: true + failureThreshold: 30 + periodSeconds: 5 +crds: + enabled: true + validationFailurePolicy: Fail diff --git a/values/etersoft/values.minio.yaml b/values/etersoft/values.minio.yaml new file mode 100644 index 0000000..3dcac88 --- /dev/null +++ b/values/etersoft/values.minio.yaml @@ -0,0 +1,131 @@ +--- +ingress: + enabled: true + ingressClassName: ~ + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + path: / + hosts: + - s3.3.badhouseplants.net + tls: + - secretName: s3.e.badhouseplants.net + hosts: + - s3.e.badhouseplants.net +consoleIngress: + enabled: true + ingressClassName: ~ + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + path: / + hosts: + - minio.e.badhouseplants.net + tls: + - secretName: minio.e.badhouseplants.net + hosts: + - minio.e.badhouseplants.net + +rootUser: 'overlord' +replicas: 1 +mode: standalone +environment: + MINIO_SERVER_URL: "https://s3.e.badhouseplants.net:443" +tls: + enabled: false + certSecret: '' + publicCrt: public.crt + privateKey: private.key +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 100Gi +service: + type: ClusterIP + clusterIP: ~ + port: '9000' +consoleService: + type: ClusterIP + clusterIP: ~ + port: '9001' +resources: + requests: + memory: 2Gi +buckets: + - name: badhouseplants-net + policy: download + purge: false + versioning: false + - name: badhouseplants-js + policy: download + purge: false + versioning: false + - name: badhouseplants-net-main + policy: download + purge: false + versioning: false + - name: sharing + policy: download + purge: false + versioning: false + - name: allanger-music + policy: download + purge: false +metrics: + serviceMonitor: + enabled: false + public: true + additionalLabels: {} +policies: + - name: allanger + statements: + - resources: + - 'arn:aws:s3:::*' + actions: + - "s3:*" + - resources: [] + actions: + - "admin:*" + - resources: [] + actions: + - "kms:*" + - name: Admins + statements: + - resources: + - 'arn:aws:s3:::*' + actions: + - "s3:*" + - resources: [] + actions: + - "admin:*" + - resources: [] + actions: + - "kms:*" + - name: DevOps + statements: + - resources: + - 'arn:aws:s3:::badhouseplants-net' + actions: + - "s3:*" + - resources: + - 'arn:aws:s3:::badhouseplants-net/*' + actions: + - "s3:*" + - name: sharing + statements: + - resources: + - 'arn:aws:s3:::sharing' + actions: + - "s3:*" + - resources: + - 'arn:aws:s3:::sharing/*' + actions: + - "s3:*" diff --git a/values/etersoft/values.namespaces.yaml b/values/etersoft/values.namespaces.yaml new file mode 100644 index 0000000..dda6811 --- /dev/null +++ b/values/etersoft/values.namespaces.yaml @@ -0,0 +1,3 @@ +namespaces: + - name: applications + - name: platform diff --git a/values/badhouseplants/values.openvpn-xor.yaml b/values/etersoft/values.openvpn-xor.yaml similarity index 94% rename from values/badhouseplants/values.openvpn-xor.yaml rename to values/etersoft/values.openvpn-xor.yaml index ef75c98..d9580ab 100644 --- a/values/badhouseplants/values.openvpn-xor.yaml +++ b/values/etersoft/values.openvpn-xor.yaml @@ -17,8 +17,8 @@ traefik: enabled: true tcpRoutes: - - name: openvpn-xor - service: openvpn-xor + - name: openvpn + service: openvpn match: HostSNI(`*`) entrypoint: openvpn port: 1194 diff --git a/values/etersoft/values.openvpn.yaml b/values/etersoft/values.openvpn.yaml new file mode 100644 index 0000000..0c9d951 --- /dev/null +++ b/values/etersoft/values.openvpn.yaml @@ -0,0 +1,35 @@ +storage: + class: microk8s-hostpath + size: 5Gi +openvpn: + proto: tcp + host: 91.232.225.63 +service: + type: ClusterIP + port: 1194 + targetPort: 1194 + protocol: TCP +easyrsa: + cn: Bad Houseplants + country: Germany + province: NRW + city: Duesseldorf + org: Bad Houseplants + email: allanger@zohomail.com +istio-resources: + enabled: true + gateways: + - metadata: + name: etersoft-vpn + namespace: istio-system + spec: + selector: + istio: ingressgateway + servers: + - hosts: + - '*' + port: + name: openvpn + number: 1194 + protocol: TCP + diff --git a/values/etersoft/values.roles.yaml b/values/etersoft/values.roles.yaml new file mode 100644 index 0000000..1684f2f --- /dev/null +++ b/values/etersoft/values.roles.yaml @@ -0,0 +1 @@ +roles: [] diff --git a/values/etersoft/values.traefik.yaml b/values/etersoft/values.traefik.yaml new file mode 100644 index 0000000..ab08613 --- /dev/null +++ b/values/etersoft/values.traefik.yaml @@ -0,0 +1,84 @@ +globalArguments: + - "--serversTransport.insecureSkipVerify=true" +ports: + web: + redirectTo: + port: websecure + ssh: + port: 22 + expose: + default: true + exposedPort: 22 + protocol: TCP + openvpn: + port: 1194 + expose: + default: true + exposedPort: 1194 + protocol: TCP + valve-server: + port: 27015 + expose: + default: true + exposedPort: 27015 + protocol: UDP + valve-rcon: + port: 27015 + expose: + default: true + exposedPort: 27015 + protocol: TCP + smtp: + port: 25 + protocol: TCP + exposedPort: 25 + expose: + default: true + smtps: + port: 465 + protocol: TCP + exposedPort: 465 + expose: + default: true + smtp-startls: + port: 587 + protocol: TCP + exposedPort: 587 + expose: + default: true + imap: + port: 143 + protocol: TCP + exposedPort: 143 + expose: + default: true + imaps: + port: 993 + protocol: TCP + exposedPort: 993 + expose: + default: true + pop3: + port: 110 + protocol: TCP + exposedPort: 110 + expose: + default: true + pop3s: + port: 995 + protocol: TCP + exposedPort: 995 + expose: + default: true + minecraft: + port: 25565 + protocol: TCP + exposedPort: 25565 + expose: + default: true + shadowsocks: + port: 8388 + protocol: TCP + exposedPort: 8388 + expose: + default: true diff --git a/velero-cm/change-storage-class.yaml b/velero-cm/change-storage-class.yaml deleted file mode 100644 index 4b9976b..0000000 --- a/velero-cm/change-storage-class.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: change-storage-class-config - namespace: velero - labels: - velero.io/plugin-config: "" - velero.io/change-storage-class: RestoreItemAction -data: - ceph-filesystem: local-path