From 300dbe98578fe6da078e9d000f3658b6cf3b996f Mon Sep 17 00:00:00 2001
From: dadgam3er <i.l.y.e.s@live.fr>
Date: Thu, 22 Aug 2024 20:56:17 -0400
Subject: [PATCH] Re-add deployment as a regular directory

---
 defguardDocker/deployment                     |   1 -
 .../deployment/.github/workflows/release.yml  |  41 +
 .../deployment/.github/workflows/test.yml     |  46 +
 defguardDocker/deployment/.gitignore          |   3 +
 defguardDocker/deployment/LICENSE             |  13 +
 defguardDocker/deployment/README.md           |  16 +
 .../charts/defguard-proxy/.helmignore         |  23 +
 .../charts/defguard-proxy/Chart.yaml          |   7 +
 .../charts/defguard-proxy/templates/NOTES.txt |  20 +
 .../defguard-proxy/templates/_helpers.tpl     |  62 ++
 .../defguard-proxy/templates/config.yaml      |   9 +
 .../defguard-proxy/templates/deployment.yaml  |  67 ++
 .../templates/grpc-service.yaml               |  17 +
 .../templates/ingress-grpc.yaml               |  52 +
 .../defguard-proxy/templates/ingress-web.yaml |  52 +
 .../defguard-proxy/templates/service.yaml     |  15 +
 .../templates/serviceaccount.yaml             |  12 +
 .../charts/defguard-proxy/values.yaml         |  42 +
 .../deployment/charts/defguard/.helmignore    |  23 +
 .../deployment/charts/defguard/Chart.lock     |   9 +
 .../deployment/charts/defguard/Chart.yaml     |  17 +
 .../defguard/charts/defguard-proxy-0.3.5.tgz  | Bin 0 -> 3330 bytes
 .../defguard/charts/postgresql-12.12.10.tgz   | Bin 0 -> 62562 bytes
 .../charts/defguard/templates/NOTES.txt       |  20 +
 .../charts/defguard/templates/_helpers.tpl    |  78 ++
 .../defguard/templates/defguard-config.yaml   |  30 +
 .../templates/defguard-deployment.yaml        | 105 +++
 .../defguard/templates/defguard-secret.yaml   |  25 +
 .../defguard/templates/defguard-service.yaml  |  15 +
 .../defguard/templates/grpc-service.yaml      |  17 +
 .../defguard/templates/ingress-grpc.yaml      |  52 +
 .../defguard/templates/ingress-web.yaml       |  52 +
 .../defguard/templates/openid-secret.yaml     |  16 +
 .../defguard/templates/postgresql-secret.yaml |  19 +
 .../defguard/templates/serviceaccount.yaml    |  12 +
 .../deployment/charts/defguard/values.yaml    |  75 ++
 .../deployment/docker-compose/.env.template   |  31 +
 .../docker-compose/docker-compose.yaml        | 110 +++
 .../docker-compose/setup.log.rGByG7           |   0
 .../deployment/docker-compose/setup.sh        | 890 ++++++++++++++++++
 defguardDocker/deployment/docs/header.png     | Bin 0 -> 24820 bytes
 .../deployment/gateway/.env.template          |   9 +
 .../deployment/gateway/docker-compose.yaml    |  22 +
 43 files changed, 2124 insertions(+), 1 deletion(-)
 delete mode 160000 defguardDocker/deployment
 create mode 100644 defguardDocker/deployment/.github/workflows/release.yml
 create mode 100644 defguardDocker/deployment/.github/workflows/test.yml
 create mode 100644 defguardDocker/deployment/.gitignore
 create mode 100644 defguardDocker/deployment/LICENSE
 create mode 100644 defguardDocker/deployment/README.md
 create mode 100644 defguardDocker/deployment/charts/defguard-proxy/.helmignore
 create mode 100644 defguardDocker/deployment/charts/defguard-proxy/Chart.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard-proxy/templates/NOTES.txt
 create mode 100644 defguardDocker/deployment/charts/defguard-proxy/templates/_helpers.tpl
 create mode 100644 defguardDocker/deployment/charts/defguard-proxy/templates/config.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard-proxy/templates/deployment.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard-proxy/templates/grpc-service.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard-proxy/templates/ingress-grpc.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard-proxy/templates/ingress-web.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard-proxy/templates/service.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard-proxy/templates/serviceaccount.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard-proxy/values.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard/.helmignore
 create mode 100644 defguardDocker/deployment/charts/defguard/Chart.lock
 create mode 100644 defguardDocker/deployment/charts/defguard/Chart.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard/charts/defguard-proxy-0.3.5.tgz
 create mode 100644 defguardDocker/deployment/charts/defguard/charts/postgresql-12.12.10.tgz
 create mode 100644 defguardDocker/deployment/charts/defguard/templates/NOTES.txt
 create mode 100644 defguardDocker/deployment/charts/defguard/templates/_helpers.tpl
 create mode 100644 defguardDocker/deployment/charts/defguard/templates/defguard-config.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard/templates/defguard-deployment.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard/templates/defguard-secret.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard/templates/defguard-service.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard/templates/grpc-service.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard/templates/ingress-grpc.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard/templates/ingress-web.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard/templates/openid-secret.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard/templates/postgresql-secret.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard/templates/serviceaccount.yaml
 create mode 100644 defguardDocker/deployment/charts/defguard/values.yaml
 create mode 100644 defguardDocker/deployment/docker-compose/.env.template
 create mode 100644 defguardDocker/deployment/docker-compose/docker-compose.yaml
 create mode 100644 defguardDocker/deployment/docker-compose/setup.log.rGByG7
 create mode 100755 defguardDocker/deployment/docker-compose/setup.sh
 create mode 100644 defguardDocker/deployment/docs/header.png
 create mode 100644 defguardDocker/deployment/gateway/.env.template
 create mode 100644 defguardDocker/deployment/gateway/docker-compose.yaml

diff --git a/defguardDocker/deployment b/defguardDocker/deployment
deleted file mode 160000
index aa830b0..0000000
--- a/defguardDocker/deployment
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit aa830b0412a0335d75942c68081dd852c6537803
diff --git a/defguardDocker/deployment/.github/workflows/release.yml b/defguardDocker/deployment/.github/workflows/release.yml
new file mode 100644
index 0000000..5da777d
--- /dev/null
+++ b/defguardDocker/deployment/.github/workflows/release.yml
@@ -0,0 +1,41 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    runs-on: [self-hosted, Linux, X64]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.14.0
+
+      # https://github.com/helm/chart-releaser-action/issues/74
+      - name: Add repositories
+        run: |
+          for dir in $(ls -d charts/*/); do
+            helm dependency list $dir 2> /dev/null | tail +2 | head -n -1 | awk '{ print "helm repo add " $1 " " $3 }' | while read cmd; do $cmd; done
+          done
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.6.0
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        with:
+          charts_dir: charts
+          skip_existing: true
diff --git a/defguardDocker/deployment/.github/workflows/test.yml b/defguardDocker/deployment/.github/workflows/test.yml
new file mode 100644
index 0000000..65a0a9a
--- /dev/null
+++ b/defguardDocker/deployment/.github/workflows/test.yml
@@ -0,0 +1,46 @@
+name: Test setup script
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'docker-compose/**'
+      - '.github/workflows/test.yml'
+
+jobs:
+  test:
+    name: Test setup script
+    runs-on: [self-hosted, Linux]
+    steps:
+      - name: Login to GitHub container registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Create working directory
+        run: mkdir temp
+      - name: Run setup script
+        env:
+          DEFGUARD_DOMAIN: "id.localhost"
+          DEFGUARD_ENROLLMENT_DOMAIN: "enrollment.localhost"
+          DEFGUARD_VPN_NAME: "test_location"
+          DEFGUARD_VPN_IP: "10.0.60.1/24"
+          DEFGUARD_VPN_GATEWAY_IP: "10.20.20.40"
+          DEFGUARD_VPN_GATEWAY_PORT: "50050"
+          CORE_IMAGE_TAG: latest
+          PROXY_IMAGE_TAG: latest
+          GATEWAY_IMAGE_TAG: latest
+        working-directory: temp
+        run: curl --proto '=https' --tlsv1.2 -sSf -L https://raw.githubusercontent.com/DefGuard/deployment/main/docker-compose/setup.sh | bash -s - --non-interactive
+      - name: Sleep for 10 seconds
+        working-directory: temp
+        run: sleep 10s
+      - name: Test defguard is available
+        working-directory: temp
+        run: curl -f http://id.localhost/api/v1/health
+      - name: Stop compose stack
+        if: always()
+        working-directory: temp
+        run: docker-compose down
diff --git a/defguardDocker/deployment/.gitignore b/defguardDocker/deployment/.gitignore
new file mode 100644
index 0000000..e5c0d50
--- /dev/null
+++ b/defguardDocker/deployment/.gitignore
@@ -0,0 +1,3 @@
+docker-compose/.env
+docker-compose/.volumes
+.idea
diff --git a/defguardDocker/deployment/LICENSE b/defguardDocker/deployment/LICENSE
new file mode 100644
index 0000000..8ddd140
--- /dev/null
+++ b/defguardDocker/deployment/LICENSE
@@ -0,0 +1,13 @@
+Copyright 2023 teonite ventures sp. z o.o. (teonite)
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/defguardDocker/deployment/README.md b/defguardDocker/deployment/README.md
new file mode 100644
index 0000000..8e6b830
--- /dev/null
+++ b/defguardDocker/deployment/README.md
@@ -0,0 +1,16 @@
+ <p align="center">
+    <img src="docs/header.png" alt="defguard">
+ </p>
+
+# Defguard deployment
+
+Check our [documentation](https://defguard.gitbook.io/defguard/features/setting-up-your-instance) for deployment
+instructions.
+
+## Community and Support
+
+Find us on Matrix: [#defguard:teonite.com](https://matrix.to/#/#defguard:teonite.com)
+
+## Contribution
+
+Please review the [Contributing guide](https://defguard.gitbook.io/defguard/for-developers/contributing) for information on how to get started contributing to the project. You might also find our [environment setup guide](https://defguard.gitbook.io/defguard/for-developers/dev-env-setup) handy.
diff --git a/defguardDocker/deployment/charts/defguard-proxy/.helmignore b/defguardDocker/deployment/charts/defguard-proxy/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard-proxy/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/defguardDocker/deployment/charts/defguard-proxy/Chart.yaml b/defguardDocker/deployment/charts/defguard-proxy/Chart.yaml
new file mode 100644
index 0000000..61a06d9
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard-proxy/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: defguard-proxy
+description: Defguard proxy is a public-facing proxy for core defguard service
+
+type: application
+version: 0.3.5
+appVersion: 0.5.0
diff --git a/defguardDocker/deployment/charts/defguard-proxy/templates/NOTES.txt b/defguardDocker/deployment/charts/defguard-proxy/templates/NOTES.txt
new file mode 100644
index 0000000..d8d21a5
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard-proxy/templates/NOTES.txt
@@ -0,0 +1,20 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}/
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "defguard-proxy.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "defguard-proxy.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "defguard-proxy.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "defguard-proxy.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/defguardDocker/deployment/charts/defguard-proxy/templates/_helpers.tpl b/defguardDocker/deployment/charts/defguard-proxy/templates/_helpers.tpl
new file mode 100644
index 0000000..b6b625e
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard-proxy/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "defguard-proxy.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "defguard-proxy.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "defguard-proxy.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "defguard-proxy.labels" -}}
+helm.sh/chart: {{ include "defguard-proxy.chart" . }}
+{{ include "defguard-proxy.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "defguard-proxy.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "defguard-proxy.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "defguard-proxy.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "defguard-proxy.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/defguardDocker/deployment/charts/defguard-proxy/templates/config.yaml b/defguardDocker/deployment/charts/defguard-proxy/templates/config.yaml
new file mode 100644
index 0000000..5efcad2
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard-proxy/templates/config.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "defguard-proxy.fullname" . }}-config
+  labels:
+    {{- include "defguard-proxy.labels" . | nindent 4 }}
+data:
+  DEFGUARD_PROXY_HTTP_PORT: {{ .Values.service.ports.http | quote }}
+  DEFGUARD_PROXY_GRPC_PORT: {{ .Values.service.ports.grpc | quote }}
diff --git a/defguardDocker/deployment/charts/defguard-proxy/templates/deployment.yaml b/defguardDocker/deployment/charts/defguard-proxy/templates/deployment.yaml
new file mode 100644
index 0000000..4e6da60
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard-proxy/templates/deployment.yaml
@@ -0,0 +1,67 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "defguard-proxy.fullname" . }}
+  labels:
+    {{- include "defguard-proxy.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "defguard-proxy.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "defguard-proxy.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "defguard-proxy.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          envFrom:
+            - configMapRef:
+                name: {{ include "defguard-proxy.fullname" . }}-config
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.ports.http }}
+              protocol: TCP
+            - name: grpc
+              containerPort: {{ .Values.service.ports.grpc }}
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /api/v1/health
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /api/v1/health
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/defguardDocker/deployment/charts/defguard-proxy/templates/grpc-service.yaml b/defguardDocker/deployment/charts/defguard-proxy/templates/grpc-service.yaml
new file mode 100644
index 0000000..b698b07
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard-proxy/templates/grpc-service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    traefik.ingress.kubernetes.io/service.serversscheme: h2c
+  name: {{ include "defguard-proxy.fullname" . }}-grpc
+  labels:
+    {{- include "defguard-proxy.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.ports.grpc }}
+      targetPort: grpc
+      protocol: TCP
+      name: grpc
+  selector:
+    {{- include "defguard-proxy.selectorLabels" . | nindent 4 }}
diff --git a/defguardDocker/deployment/charts/defguard-proxy/templates/ingress-grpc.yaml b/defguardDocker/deployment/charts/defguard-proxy/templates/ingress-grpc.yaml
new file mode 100644
index 0000000..30fdc66
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard-proxy/templates/ingress-grpc.yaml
@@ -0,0 +1,52 @@
+{{- if .Values.ingress.grpc.enabled -}}
+{{- $fullName := include "defguard-proxy.fullname" . -}}
+{{- if and .Values.ingress.grpc.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.grpc.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.grpc.annotations "kubernetes.io/ingress.class" .Values.ingress.grpc.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-grpc
+  labels:
+    {{- include "defguard-proxy.labels" . | nindent 4 }}
+  {{- with .Values.ingress.grpc.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.grpc.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.grpc.className }}
+  {{- end }}
+  {{- if .Values.ingress.grpc.tls }}
+  tls:
+    - hosts:
+      - {{ .Values.ingress.grpc.host | quote }}
+      secretName: {{ printf "%s-grpc-tls" .Values.ingress.grpc.host }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.ingress.grpc.host | quote }}
+      http:
+        paths:
+          - path: /
+            {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
+            pathType: ImplementationSpecific
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}-grpc
+                port:
+                  number: {{ .Values.service.ports.grpc }}
+              {{- else }}
+              serviceName: {{ $fullName }}-grpc
+              servicePort: {{ .Values.service.ports.grpc }}
+              {{- end }}
+{{- end }}
diff --git a/defguardDocker/deployment/charts/defguard-proxy/templates/ingress-web.yaml b/defguardDocker/deployment/charts/defguard-proxy/templates/ingress-web.yaml
new file mode 100644
index 0000000..e13c124
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard-proxy/templates/ingress-web.yaml
@@ -0,0 +1,52 @@
+{{- if .Values.ingress.web.enabled -}}
+{{- $fullName := include "defguard-proxy.fullname" . -}}
+{{- if and .Values.ingress.web.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.web.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.web.annotations "kubernetes.io/ingress.class" .Values.ingress.web.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-web
+  labels:
+    {{- include "defguard-proxy.labels" . | nindent 4 }}
+  {{- with .Values.ingress.web.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.web.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.web.className }}
+  {{- end }}
+  {{- if .Values.ingress.web.tls }}
+  tls:
+    - hosts:
+      - {{ .Values.ingress.web.host | quote }}
+      secretName: {{ printf "%s-web-tls" .Values.ingress.web.host }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.ingress.web.host | quote }}
+      http:
+        paths:
+          - path: /
+            {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
+            pathType: ImplementationSpecific
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}-web
+                port:
+                  number: {{ .Values.service.ports.http }}
+              {{- else }}
+              serviceName: {{ $fullName }}-web
+              servicePort: {{ .Values.service.ports.http }}
+              {{- end }}
+{{- end }}
diff --git a/defguardDocker/deployment/charts/defguard-proxy/templates/service.yaml b/defguardDocker/deployment/charts/defguard-proxy/templates/service.yaml
new file mode 100644
index 0000000..151f128
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard-proxy/templates/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "defguard-proxy.fullname" . }}-web
+  labels:
+    {{- include "defguard-proxy.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.ports.http }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "defguard-proxy.selectorLabels" . | nindent 4 }}
diff --git a/defguardDocker/deployment/charts/defguard-proxy/templates/serviceaccount.yaml b/defguardDocker/deployment/charts/defguard-proxy/templates/serviceaccount.yaml
new file mode 100644
index 0000000..a77a067
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard-proxy/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "defguard-proxy.serviceAccountName" . }}
+  labels:
+    {{- include "defguard-proxy.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/defguardDocker/deployment/charts/defguard-proxy/values.yaml b/defguardDocker/deployment/charts/defguard-proxy/values.yaml
new file mode 100644
index 0000000..02d3491
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard-proxy/values.yaml
@@ -0,0 +1,42 @@
+affinity: {}
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 10
+fullnameOverride: ""
+image:
+  pullPolicy: IfNotPresent
+  repository: ghcr.io/defguard/defguard-proxy
+  tag: ""
+imagePullSecrets: []
+ingress:
+  grpc:
+    annotations: {}
+    className: ""
+    enabled: true
+    host: enrollment-grpc.local
+    tls: false
+  web:
+    annotations: {}
+    className: ""
+    enabled: true
+    host: enrollment.local
+    tls: false
+nameOverride: ""
+nodeSelector: {}
+podAnnotations: {}
+podLabels: {}
+podSecurityContext: {}
+publicUrl: "http://enrollment.local"
+replicaCount: 1
+resources: {}
+securityContext: {}
+service:
+  ports:
+    http: 8080
+    grpc: 50051
+  type: ClusterIP
+serviceAccount:
+  annotations: {}
+  create: true
+tolerations: []
diff --git a/defguardDocker/deployment/charts/defguard/.helmignore b/defguardDocker/deployment/charts/defguard/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/defguardDocker/deployment/charts/defguard/Chart.lock b/defguardDocker/deployment/charts/defguard/Chart.lock
new file mode 100644
index 0000000..6a57515
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard/Chart.lock
@@ -0,0 +1,9 @@
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 12.12.10
+- name: defguard-proxy
+  repository: https://defguard.github.io/deployment
+  version: 0.3.5
+digest: sha256:de930b480616cfa369caf7b1447c5b3e729fce3e17994717ab0f64aa02c027e7
+generated: "2024-07-26T09:00:54.309522115+02:00"
diff --git a/defguardDocker/deployment/charts/defguard/Chart.yaml b/defguardDocker/deployment/charts/defguard/Chart.yaml
new file mode 100644
index 0000000..9444933
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard/Chart.yaml
@@ -0,0 +1,17 @@
+apiVersion: v2
+name: defguard
+description: Defguard is an open-source enterprise wireGuard VPN with MFA and SSO 
+
+type: application
+version: 0.7.6
+appVersion: 0.11.0
+
+dependencies:
+  - name: postgresql
+    condition: postgresql.enabled
+    version: 12.12.10
+    repository: https://charts.bitnami.com/bitnami
+  - name: defguard-proxy
+    condition: defguard-proxy.enabled
+    version: 0.3.5
+    repository: https://defguard.github.io/deployment
diff --git a/defguardDocker/deployment/charts/defguard/charts/defguard-proxy-0.3.5.tgz b/defguardDocker/deployment/charts/defguard/charts/defguard-proxy-0.3.5.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..830a28ca838ef9e3bee1bda2628f77a624248fcd
GIT binary patch
literal 3330
zcmV+d4gK;TiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI|GQ{%XjpTGSn`aEncGq-UPNMO!Yb5(P|&QUuHDPZSrYio;A
z>`tOZvAmKD<Yn?c`zuLyVmmeokYQ@~rT+j&k-J+hb@xv#L5PE4LPXez1;3v(k48i&
zZ$ifG)#j+xYPAkJ9rL@@YL$Pt_Bscz+MR>0?$q6Hy=t{P?atmSXl+o3T1uoM;#KR}
zvdV+|ix7$FXB3k1$cNiKhs5#xW6SG$Ehj`72pTKXbeyghFslWq1Ojo=XEbOGNI;`u
z`o(|?2)IDVmKR7Aw=_T}B4hNSxau4=iO~lV$BYI<OLA@(O6+@G=UZFp?@J~Bza=a|
zx#0k?!vEX*-B#KE_Yb>U|9=T0g8_}Gn)ooCIV4eB287XQ=sN%ykv_xFhXG*{9e^>7
zF3>os^r5XA$bGJ%<qQ(Ww1=PHq7XDhA6(a=V=_d|FHRWiaYloQ52u4Ou6hC`M#=#Y
z7;{M#7ZV?bqd<6+H?yVLEJX_dMTQH`y@at#3<N6a!*9PkG#Uz&QVSf4IMBZVNEC5p
zLW?vb)olSIQl6Q3<hrJ1K42vhG%X`8l@AyR&e#|u)zB<G#sk94_ln7ddG4^kS!vaR
zmJA&65HFEoptvydVjg}dsSxw<6X_$Hf4amV5mZf%c%<-N*=7^Ue-X?FccfJ8H=AW;
zTu0amKjKNG^ePZ2c_IR|oMi>uH1?Y%z=e|5NJap>YrSikk7ll*+iG?7!m=6Rh$T{?
zIPGODJ_Lag>r~k|5J(iJ=2V=a$iDvV_iYBLp;G);IF1=nD4S>JS0|UAx>wJau_FHO
z?;Una@xOb}ZExfMOHkW`kElS6Fpt0Bmy1u(pMXfBNTWJ6LWvOY@t8!R^quLn0dxS~
zXA2k7kn5!p4Q4abLy%~Qu%n|I`0tl`>vpO8+E_51YL+|YUW(~HaykW!G-toroK91w
zvsu#!vftQ8CQ<VVc%%r8B)Dfh#2y#Qohy(A6Hf;jD<AK5V1l#r<CE*&`Nh@yo!y(H
zkAY$^L<Nn8j=3@>0m5_&-UTuw61}r|>ud%M4u41<#YBzXyHiib7<eY!{nq;3i&7<K
zZia-V=0u}_B_V=abVD!8qb_(bo4qM%c-kxJr@6}~X-O51je=4Ul}L|-p|(1jw)Dfy
zH3|eH4rx-@N!9Ro<`%0l{wGet{~?S-0g8tv004Br@!?d#m`p&C8w3Iaywji~Q7Fxx
zLNC)iOE~R;;?PGRw}dji`aH|c(yu&$fJAUdR4_7c+i?OP<d^sNkDhFK8$jc3{VDu@
zF@={W7oSg$DrV8}Tu1oYQlZhv0y?<UsXLvfKDkSy5bq(Ib(S+}=6KM01GCw5>ggY;
zhq<$gwXhhEuQe`Bu^Do$Z_X3^8qV1}KfXTu@bgK@YB3MjUHS}M633o?TSTaIkl{`J
z;`;|Iy0GRC%P-SNDs8p*Wue+wwZ1k+MM9#8;hkF4j`8UH?CQhm*~vv!6pDGc-avOU
zQ&q;K)cPolF7pUAZ?<7-KF#iDDyhn5yS;blwY-+s_BC+RzL!XZ2~R{meQ11}X}*@m
zT8qYji#sC1ocdaZzf&|yKHz`r<oP$CTKsoCLKdTto{FDa3Rs2zI)|MS{yXS)_P6-&
zC1^TrzI9ISV-kfXKWb;y*-<|SrWowJZKm-%!~u=!B4lIHi6l&cXG_T@7-q3OzjK8z
zdZQKvaIkM4>G(1k4Cp<$4R@X}teZPV$s@D912UJObKL~~ObDX`ilGibMt#ruKeW6}
zf2Aepp-AXsKy<v4e2nnZJd)c%4=A!w0ucy|j;X>>hc`8%5_bC&W02#sOWjvP1|3S@
zc+Tkngbiqx$vm|g+u1g%;Epn;QA#4Uo>C*5gt1iHRrX!v^vuRN=v}V3WTvbAejT&x
zJe@x8m?8M@*Pqvgj&oyJCglWa^(-_#Qn^^rNDaXKPBy-iZi$x_y8bGwek`oL+@xxM
zNsH8aLe0dctHkzVq>pU%<eJWlnJtefZ*2RVmgnIM2#lG|pYDIU;9k3rcPKs{^T;YH
zS1M||SxraC#-1ECjq?6Ocr+cJXBDXJCe!NGr&NfSTSe)(Kg>@i^mofpY<^;(LB`T6
zU*OM#D=gVznah|&WQbv-Kk*A_<<g?kN;_tyw{<O99&Dph6MImy7BH=NI|HWv66Shn
zeU}qJip7E0vRexG))-*ESa((zx{BRATfT!*8rfZAr}L(cWt1OpE^cJZ-SlB;_fg4U
zDK>oT+`S2^#eV^h26VWQlb}`Sznz0}{qJDEbGXHSFF}R#-?no@qtJ&VGxtA}*vYo4
zz5}o_A{C1d4ZDIINaLcd`kNR~^FEtL|1S{HD8xuXM>|@k!STtDAAk99aeUpoIRF1&
zumAVzs%Q3uHp*309;B!Dt@-G`#N^{e?`Rd1p@@S#lW#p~8>CwQ4>4wZVh(<u8v|DO
zf2Vy=KL0)3>mF?V|0O8z|0IrOa~=ea=L_IDQD779ulHK|^%OruT+RJ7cVeACeJ}^g
z>9KUqtMf;fwp%Wn17yI=syZer7=6m={;>AT5Oy(&1Is^iu9Sbys2TG+sz!5di>J8r
zI(gybb6)J$Z!7*Q8MA`qcZ=5wL)F9zV|)7O<}$K*svJ%EtbU=#(kcFP2DOYmA6%?e
zP}R$GE1qUoYPOiJ(wTa-%8UBzf?Z?bR{1U8{2hB;;Pyws$A12N0~!!yx%vVJ#qTsd
zIcH~7Yk?Xo$XXM$_lo1O*FwO}`KM{}7I#5lHuIOhR%8fY%H@c{?$9ku>E$k-Eb&|1
zN-64>yQ)y0CJib|rY@AvSK*O@93x9`#RJZKxH{@piqsI~i6RYpSz9Edw-}+6J;D1}
z9KP25BdYQ$i-{Wf&?GT!-nN?~ButIUU5th$vk4?2eJN4d9hFt<ciyvR<u1jw{N<ZP
zx5Aa2=ftxmdD(@nTt3LIaBWmh?gGuCSN>Mb)1-ZCytAbu)#860H5yqUdEO3S)&Bo*
zue|?1>>O_If4>M-?*G$jX94#wp-v?T4(QGNqE4{@nXMfC8-<j?2u<eP3!YF(NR!{j
zHWK!BVMW4RTsp{Q|3;cq)=aR9h#@MQlXF?SD&H1TdvW*iR50FoWRR`(|8!dIh1aj@
z|NDn~du9LcwmMt?e+jC&$!BIg+fZk<`yK6;XX$z1I<A{5`jaTE7BasV4ZC_{zbkQk
zi{glnV<HgT|9;>0+V2`I7rY}9lRjlsQIy_KNgva|<$a_oeSGs~v8_)l1-m06f5J(%
z@LW&>w|s(P`x*V*9N(R5J$#AknJibBqg<XSJ<<VGS?a&mwN!fQv<UtYsyi-jXf*V0
z-q{nicH!1mmAKAE#r08<oXqkoc&{+hkFwa;8pUR=Q)|oWiq&HMZZM}*l{)IygXzAM
zNNezOXQ@I}s)McLQqS`yt3k^9Xz>RO`8{;C;N{}lLxINL@pbH9Iixw)+z!q*8I4+z
z<{ogNz7Mu)A#hRs$(^bjSgTl_`=!^4%gT#{VL`Kc8&oS~uFpC7ZERsH+Q@dcOWV^L
z$1`)dvzF(TcK%w>mBBx!<Cx(XBfA(cV+`nk21^<gwuzSdB)GvSEbq=&#ib|dJ1^-y
zP~56=>>?Qix6}#{CF4GdM;A}>2g;Soo~^4|+W$!<oK2icuf%_M*njQ;&`SK*TEc((
zdt3bXB2*KW^{jtw_@`xjEA*#jZx;MLisQq!*h0Ur3;ph}|CNznc`<x_;8${{7sGu;
zxog8d{o2z|pMLYPpzjX*)tGP2?5U8iUYjlAdojdk{kcd_27J{AbWa3)%bKl+_a0DU
z!?zG?@!w`j|Ato8{}0;b`#%TW{cZjKMQH8%|6^<R8%nZYsbpVtuzblrcXC``vQImG
zo09!TX_fz{SHGVX23Glhw_W=GPkXI)d%OR85nAg`ei@FJ14Y{Xaq;4Tt5;tGnwLhl
zL3I9?zTHsre{Y0rOotH{xH%as{eQoF{@>Z}wzmHN67(8+L@5-J1jWJ5Jlu^if__3-
zX#S-e32w*`rRThcs}YqTlh|ZYkRxOahK%>^ZCM%(e*l4uD0+)#-;rx4QRuve2#5AR
zjO@k&2lO68>!$zl#)I>SO@K${O|25dD1gxjJ;yt~yuMUipz|8izgzo!bO|99((#5=
zHO)_}zT@@(A)4lA)-W12^^feMyp5U*MtX0P#4w-?rSsO4cd_%<>ysPjt*6HNnF~5}
z-u}~h4WEgiJdtpEd?Fn$7W@wkl;hD5Nz-;0{13;wl>ra2`4<caTiVi={*CBg0RRC1
M|H30s4**sG0Q-HE00000

literal 0
HcmV?d00001

diff --git a/defguardDocker/deployment/charts/defguard/charts/postgresql-12.12.10.tgz b/defguardDocker/deployment/charts/defguard/charts/postgresql-12.12.10.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..89bcc970ab5e6df5463d6a1d3c8af850698efe6b
GIT binary patch
literal 62562
zcmV)HK)t^oiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMZ%dK<a1D4O4T3LJW7Tgq0Gl6*_}?OA7YDB0E;UARQqv$B(X
zGT0507&RL`09rER@f(~+I`4E|;e5Dt1AXU38hc`W$yh=IRfR&KP$(1%F=2d05&Jdl
z4d;;Z?h-D-KW+Et;Nalk<@4wA--CmL{J%#BFJJuW@cD~_7Y7Fi&ktYx>EQ6$vsZ_I
z0tZ{Bqx2_X9MV4>Y>X@4xv%60MiJqVV-m6c4gfynXh!I=4~`*+6UfjG0C)jsi1op5
zI{*OSfe0>89}woTISNBrs4MkBK>S-oyO{JQm`8Add!}Ch@X!m;1jEQXJoM<RR}M5I
zhaUPE6Uq^70$XU%Kj<Dl?;hAVj!IGd+DLL%vw!%an*;j%#SQ==_EE$HQwA~g=g2$i
z9_+vvzeki|67|8|(GHB`^iKt5CqOZZ0u=cevHp%B%qNQliFN>>C?*VZ$$#SGey>N-
z3^Pub-eI>urZ46z+W~;XnH)S1=r3Lh@y-x%)cx4~xDz1eQyg<yG*Z1B|JNDV)xWbn
zfEj=hATf#nBMJ2pAd_E^&pnDlDJL)lftC$$8<Bf~W=bfaD8z7rL(G=|MuDsZaKzD!
zV!rHx!SM805Eh3RMtmP&4p<V4v16h=!m|k6q9xl0zYrX;eL+1&_iP_<if1!KnFPx?
zp(p?`B|Zugidc7NP6QX{oX4!+Gu-L=WU+&N(b1AGJ;)g1tj9R?Z<#gVJ-nD%e|oZl
zcXV{{@#xv}ZXC^aZqf3d&_Ir#B~sZRJ6_759S^8)6vZL-CI5Cj;D-qlBEEn);t)rO
zTGH_T{2o%Y4^AV$y8}Q%!>k80%;(8OcEHH0mV$zatHG0S8(a4{MW`pJDVYL0sSF(+
zb;bV<c7AWA_3dYCKZW%_B>wG|aWt&|2hW}#71sY3&%UkykMZ*`E0VSB9Ez1Oz%#^n
zAFw$*dhxP9LFnbt;j_QKIyjgfJUe>v?5{764ujy?U#9Rdcy;ub7t^CxuO@#zeDUg)
z|KbILM=uYazc_mFJb3o(FGnv>urosuqL8DY4?0H&N6);2zj{YU*N3nA2Z#L^2i@n-
z{_^70%fBAJ_&=R*%BuFqn*Vn&Ob~m34M6SuKRSGMaP%ra|6e|P@ooM;#?KQlB=M5s
z*_^wU#}hCf9sjp?rVL&0G(Zu@Q;cXI3`T?D+Y@Q>?mT${{x?IuFl@k^kW63*Vo2cv
zaYUK;ItmeFXdgs`Bf#g713t$L+~Y6=<PK4a15u8wX8Qm~ewYL}ngLrs?E{}gQ#?zA
z0munRm})swc%}UAJbALC{uUOopiaWob-L2zztSqq5PU54nA#2iqu*p}v-vSC`k>RP
z1UpK?aEyG4ILkpcFaeXFrIKX;N=qA33KcSdy0fnOEe}ukMVR=Dr6J}gv{auj-~u`1
z+AYD~|5-+{Fr(oN4MWIMYR7h&FzH7^jWdoS4&IY6S)g6EXAs!{G+V4~liXnykY*LS
zFyZs`?-687*wi5XMPL_0+c8x-00s*ji7}^O*9Z;+A4&mz*lS0CfF=e52o_4D5cmn>
zWT6mo0(^=fM@5vTX<JlrWglB2j92Vix=AbcE&Wu3&eUm(4t>Oo<7lSjP9Y^zV2X|C
z>uD>cE8Bni6iNL8Lsq23h5TW!+m0ZG@F%onT`4+-??0hsO5H750vv6F$Qo=P_PXFQ
z3YP+A0Pg1~0v}p2@q^fmGsIW#u#lxk>u(O(@6cUqcl~I+F2}jG&dYy9y}ou<<yD;4
zx#GvDBC9Aa)-n^?DsoA%K4kqg=mE%!wN+h_Q1z{xQ)!jDfo6!_VIOs+m&p2H516h4
zL>*_usv4&nZAW!g*2>sSxz%ZFNfY!s=FU)Vl3a5~)ll8JO(sY?0KuiPbbd-Eh(?Gb
zW;RKpl~q;Z$$*G)O&gCn74pl8Kq^EuTxK?u+Ou_~ZPA@3VJH_ijuvq!6}+^#jK@hX
zJQPXWOybxRWZ1}ZbQpjow1`iw=@4l0uyUxhckGx5Vr_;E)d!%y2uM!VzG>MFi4Q{y
zBKpWFJVtRymS7<4EwwUn3bk{SiGBpC!ae45hdsMUSe9b9DNVMtE0SdvXlZI$-H?1Z
zgA)`oFbDz=s$V$)FbpLIg%JgSBJHk|ow6GC!Kcp!n1jq`F9BOV{I<|75C+9b1ScT^
z0fw`PFphn&AOQkeRv3pIO_PuzE}&$!&Pjk=Q``O4MG|gM1%FqN8&fhtdQ&hFb(m@c
zqd=KRWU&yxn+jUk0u-h8s7BKVQy4N-N00$F)c<ml39lf=C&npT)_ILi1L^A%1{NX|
z*CB;;#=t=QXDxK1xxs~_DUL8-y4uKI!m1S0kIGGB*HxRIOceo&rkTHao=l9F$0v&(
zEpZR`IGnMbC8H8zH{J3SaHSipViV(QDr;oE6`FB4E7li<yLhokxD+};BY;%E5zG-g
z%3!YmNqMP?z;wADoqM=6ek=&P-ELQJam@}FvyAim08hoLzF)H6<#1M@AWp(?L_+MB
zut0nRvHV!t&TKu$G4k<rX}40#IV*M;O_EvGU<y=$as&Z3CrKEH>82;WIxmx6L9-oB
zU4S`XVaYLqJf|`zVTA)V;~_NrYeN*wcC?By>hm$0!X#9B`{^LOhfDTUbRZjj%)nEj
zr5S&^4^YTtFJ$%8=>_2<iWrLcQw7cu`rCBH>0;6gh|hY$yzyoU4p2`WhW4Js6nTQV
zIGTB?%*@qn5c|N!rBGeQ>JTkl0%rQCy#QiW%J1K`L%<B~B4J#N$O1-*grT-?fe}u*
z>c-GV-F6-0klnIg>Q?b$5_qXX>WQAH&UrD#caS5`41G_*Klun3acCBRcpZ;LT;{A8
ztFhuVL1I{!BmwtQ8bf?5x2+5zy@KOtO6WqaWq?E=B(roRq&S-u;mH#)NcddX_R1K|
zIjS61l^vC(db;+w><L3$*wh}MBaafoJ!6Y|B=V-1GVal&sA@OBC}lvPgq|_-9~GCJ
z9XW(MX77^e9JT9_%d|Oee#a061IF+y0x;dQ$dRvd{&c}5pCfvY8QKRFErimAzK>XD
zK1@QPm5hT0Guh6y6Kn$dQp}2^uIZiXg40<f&#3XV+=C%>Q%uPn4p5NJg7WQMj-=N9
zDg!pRHO%*LHJ{X)J*(}}N?xjTUb|b_97t=w`Oe`NnQFT}{q9IcNxQx*yh&?S;i(pp
zJhJt8Sc0m&@7waib*mh!`+0BVzBJN5RB_}(IxDg6x2PUtIYE;cOetBYNvcTef@@&`
zD>4`ISOSKO7%Q1crrx3@_z(s#PIc=C!OpYe!ANjVZw0!lPIrQ%;3jTEPo5aHs$vFw
z$n=W3Q{gqqjl)AaAB!HQ27gjDZQJ$}ZjrPH^69NX;ZD&XR`i9X;b=zCc1qo1&etl(
zm{o3rE3O5m)oUCg2F^(mamRlt-4#>$5l4(87zoxSOfU>a07ZA0l4yY<4(=euV%As-
zhXdWRq6`t#pJR@Eo={{n+bQ4uz&MNo7?KEm0EB`MR_8uQ4~kvC53=e4)s>|^jghK?
zsGdA=6{!V8j-HKIV6o7;R*ChY%a)Nprz9c?8<NEWb7_ZKrE+VHx%6Cg!5|FDJqq-G
zsSiGoNa#mpl-$5L4wu&7_Y`v^{+8aU4@zy4>GVS-IZ?70XSg*l7`R9l6GX*GQd1<)
zRi$E^!#m_qYy$)rgrhzfN{5lqfit<Rij@jRf>0P3EN1=<g;0Gc+fCfx-`lQQLT74A
z;U|=$i1%m`alAmD8aMAAhTS<|giqeQ8+zlvT@2q|U0z(i8+*gc^Yhc|bf)Eppbt7^
zIu$CmoE?2|P{}|s1p0TWH;e<(DwjK^E_lb#Gzpdc5!}JZmu|DHmNx3sokb3EA1szP
zR+;0n(}wk^#)q9&lKyAqrn8&%-P2X@;`y^9wV??x&xm{SWE&<v6hLugdnaU3Hzc#S
zgmGz5osk*vLo8IsT$i!32161>%0s1mmAXwxW*(MdrZjV0ilsdyGpVu4U>#%TSA!!7
zXR82=XOerOBLb4!QnXTfQidj|s$#>5BIb^79@r3aC|XMf>E9J3U8m4i_2C>x=ZG;l
z6PjH8BB=<`9SY@+cMd7aywlPqEn(6bj?jprDgFqqjqhKGwS<Ku1Y-4ZH&8AVp+1E+
zV2JOP!Mnx_^e+-2kp5y!TLDqbaK_;xW@^tDU@m0Ul9bFL>q>)D?v8BsDPyY%G05{d
zQx63;_5q@lP=z65i-u%%&740-`?0XhXog5rGUv;d4RjE*sCs-dx;hySu1}6t^@N7t
zR4Zn&3fw724FuCfEL8g-R-Qv)vOLu-@Kdu^=aDl+?+^v2BLIVdiVZKJQhk|?jUq?Z
z>gF5E(=nk-gc_C0N0e_P_gQKb04D_iN^GnnC@Mp9%si7@MM;e`tEPl5%=9_F5S4@(
zUg%OXb%DZoEtq-6i_PKj#frQaje^Kwe*rFzg4N;TC};sU-J+}kKEAJ%8r3UsMF=-c
zLo;*GfP~$YPH4$)To8Iizi2FtM<pntQ2Z<8r>sGIU)&2<was%wk#z$(rz`S8wH$Cx
z@g(7>mggGF6o<kjSO?E**|cW9I>dnNH%`C;a(@osOzdfSPS~B%DTk_1>%FoXL{*|U
zKytnWMD2{k_x~xG4jl(*0kl6y3uJt+a`VhS7>Hu9#$|luYNNr_9L5X;D5l7V90mX1
z|NH+GSjR(V)MzE=tU6$fQb#Z+dTS4^&&B{nK3&GTA3LI5zw8)L>9#aNjhYR6Y%c~%
z59vSDj4^*m;kW*X?@b$bc%4!;Jf=vpRsX?5y@jkfuQV%xQqJ$L&eW8RB!87`2vw*?
z=<n>G{a#PlV1Mt6?)|f;=>O0Kr_<Dtw4a^|6Fx^&LC*Z&d8dfB_pes5_l0bEl5}C_
zr~62XbI1D`jAO{*F?M$9^3qU%DVUNlkOt09p?)8f9YczirC7$oZVE;eg#-p?ctRn?
zhyhhB#6XmTF#WJAk9IwV1R##YCnim!ohF!l(1~Z#29o_9b4Z=j#FzxTY)_hSB;g>$
z3v7<<#TH|}01LDrbSW3_AD6&bXzGwnZWvP=J^;JYaYY!zlW?hrHQPt%-51+aXuyYF
zfbM#1zK|38!^`LAAL@<;6iQEVWtsB1hZ#!{>peewS=TzF(*9MqefILjbHPnEU#Or`
zcR!vM=Z!72i1|{8%bolzR~6H#yu(Lvx)2&r@bhQL82%SJ!)D7boqn0Rfk1rLoYaPs
zz{(f#RBZ|M&RTvDRkcMXD*#{Yp;@ZzQ<gksdcYOrGzeHTBqga24&UH(gPfJBX(e=F
z-e}#?Y9{Nctx``iCCVwBPO+aFvCY900uW3%d1J0%0P~wzUC088)kU6eqHyXlJd04E
zXhf9bsaSflqf!S@6*i%%5gkiCKE&}{=&PUSND90a1+EnRQ>Ku~dO$Trk&hUlP_>vt
zHGpcr@H9KNEutxr7(tNTlboX+mbfJ6kh|{dGENj>797h4^=lj=X(tS`Hgby_S*NOY
z#Y#v&p=BwsTeK_%Xw|QTIUHml2h}9Hi<32V<w|7PDN;^*<MEjuFa{<|K+&%WQe5V9
zv;ffN-wM8}zjj}$b!&n6oCM5Sy4>EBcbJB0Z^bWWoTY=+>HHPCBifgAhFKOylmRFP
z7+PEzQM`b3nTzR(RjE7Ebz!$~?xjCu=W4rXW(xPg0x}t}5+WFgf4kjoszCMSQdPAS
znWKQp2$!*ZZY{YL0XX^v`8u|4D8HY>cnx<W6HBR|^E$fYX=5)8r|C&Ndpm){rtWCJ
zlWR}s)bQGUkP;csy!iymeq_CntHTo=Y*8Sz4}SAZ*oAa5OQTO3el*cC2Y~d~rC(${
zSyHUCSf-+~STeakIsEHU_weOkx(D5Z-qCZg2wtS>vxJ-q78?zzYA;}1sy<U;P(H7+
zK`65O;_~{W4?dKNrFOYj4|L&dFn{8g5?s?YE`!Tl0Xos8jhz6y$^oM8H_16eXle&K
zRrgBdYZIq$7?OL>c#=I%yb1Dzb&CRTO3A{L$4H(uGd;0}%J>#dnU?_)G-hloVMe1=
zoH(u4mkxuyg_x8Q+9(YLLbI-&MwkbaMt!hJl#z-ZlhJ1qnFr}CS%?KPy$UAF^H;G<
zpVe0tmuklvD#}%8l?^hxlt5>!BzQjuHzW0D7z(RB3+U6~9idqdjeE$Vf>RhVs8+#{
z%xv^|z|Ewnlot#fV+l~m2AP_U>W>D3p)zpl8VG8|qDcfG2Qu0TObFqou{Pb6@vfSr
ze*>^s-UysG>Pwf+O+pp<Rs8#Z^(Hv#vAI)<{5b)gV*(fvMhcE*-HvmAK_dd6KDS~+
zHgR%OsAVVB)VVI+;rvjJ??VZ(DdyILr_F5rPaAr{t}r;n+J!Cio1utdj_;5iHn>;P
zHy=jep3qwWLlVs@J138{8yH>2f!vLo%I?cW*9c{9lBB_4Vx#&I`O>pEN9B^8h9k6?
zy2fu?f!7YxYlpWO0%kNV0^0U5cQ>B0)K1M#B__zk#Ye#;{U8=c<@M0lJ{0IoH07EG
zd`cKIb(}+8=|E9?kX)@fp3MQggE-U~Z8Yq^kwk%xkXoYC$k`J6Ck<SM5x1NP(zh^0
zP{v0{NmjO68HFa2sdT~A>`1ru)}C0Ss^+b9*gD*l>#M_0dAvk;EpGkyTVXC<&k>Nn
zWRVFf%vR&nu1g0;8{qQP>RQSmT^+c*sx0AE_+0_8I+4x}3wNEdN8w3y_a0KF?-j}M
zREuX>bd9>76G+i1F<BxKXpey92C}hOQPpZs_WJU2CtWLK97-Q_CXjY48!T&`zYAX0
zk>PnUYA{<Vto?1;OVK-)_rMjqlp|(%-iohPfsDF*d-PN|U9z2ox-695f3u8o?Q%6$
zb`up$BF|vd(Z4o%)IEW{{2ijIVUf034MO?7H8y3p8C019*7x9I<%q6eTV|F%1tGpe
z5n^l~Py_=ke$|<|AmvG{FLQ0<{y|o5aC#|9Powh`y518Dh($n-r3TJORLMI;osXbm
z<DW931$?n0Vi+Ey5H82aCsDxU)&Rp01fmcyT`D6q?6xhS$B1GQ7`P+(*G2$2ULcZi
z1Myn@xe>@I#9>0w^_(I$Ct(0ys{+8&l6AncL`M8)V8^PU5v)wzXBFnw1nursd#BvU
z^}(|PwKUj#?}I~C>N2knUdYmX|NG#jG6QoR=!3)3Zl~g2DzNU?^&~cjVKtF;8@GYq
zD734CY$3L*18pg|s{?K+x+Q?+Jpj9OCE<PX=(4L7bgAUp-`0~`2l{GKYd39%-6*lE
zfombHs{w2&sjC5PDWwIV%GyrLDoyUq_3L4Uj2^yNNl2Bgbmpx5L+zk)3gt0gmR&+!
zuvZotiLz6&A~@}tsX~3_>Tr!ar`cCQ?gDJUKDOtf#_i0_RWRGYD)EMRiu|P?qPK+H
zvNGpiK>^53lR8^QIe+;CO$kL}rwXTH%c^P5)_NORMpFqklO(~MEh?K<9?ZA2WvxrX
zK3T+xye+FUFZ3#w2K~9K@W@?mTBwn?Vo}xFZs40vb#=gjLL|#jV4@JVipY<X92Qa1
z9)(=((j>NGN-K7xj!uKgBx_Nf=!2sdFVC?q^W#Jm94ySR2V&!xP|TNN2gK1wzKwkf
z(=cTb`pC;iJC;gKR@Ar)tD>RJw`pqzGi7fmNn)V>dwQI*IVRQx(|ofk^Fc!sn)l!^
z-7V^=`1`Rht>3`JOl`DcXC+vgL<4m}S^mf3YT9HCfE5F^3CIf)$>`oO;=n1`5V&-o
zjwrsvA)28R=0lYLTq3IcxFJ%8e4#u?luU7mx_lX{fYh?`4N>_pR^DBVST~>~mWYa_
z<!DquK`G>_iIqxJI<<6}o^J<Pi5^0$aTUXDtIB1PQH+9DeQ>1$BXr^n`N{68sVsV&
zrN8pP;OwlFt8>EmAjFU%=lIaLV`CC96KEhSDIhf}!Y7fBV$OOxAs6!^#P12c#nG$>
zgTO-(rx?kjX`wz4_dS7tdH0yl<*%N`)iVQR5n1VE6Ll^WCOZ>~q+L^BWkNB!rWkJs
zcCD*j8u*?~h(=Nt<z~}zIvN(}5M^7T;dC^t!>=<`ox>QAshzJXNUvmAxru7Ag<1Nl
zQrD)P!pizR-zQ6)Qa@%cbydY0dDh$)DWr9sNWs)0vdP!j@(H<CLz&ObRfTt|(m=`V
zGQ5Io0P0#Gmet(!1L<h!O6k4l;?-70rd*wN&LIsxv|IMGIqlC;kjPv)=uRE2_n=Js
zA?I>L0@QngBaW#2+tA~|DDYs!aav-t$?1P}JeOc7$1S;K<N5=#tiXsq5L8xfiUgLt
z2t7nU#D5C}i^3eW6$jVFn#w>Z8RfDb$rW;o!<?RbtChF%yuF0%TePgCTIw(vo15Mr
zYDKcaexlM#%inKh0#0|_&=K<Bzq|-8kP~5YTbiu1rV~1USbaZqCDWCb>@Vw!9*Hb!
z#sjJ=hsB~JyJKbutB&7{l$h?-txiD6^dimk)p~+B4vpf}Xqedg;z8xQuwSnT_jM3N
z)mRp?rO0DO%%95PNS9>YrgFIwfX66AJ|`4hq(V@;-mlD2%l{(v36lr~Q*Di6$f%^1
zlQ6vrer^5!2!k(n6I>2-Mnp=yMOUTBauSn}%$DPrA{Y!w#5ff&MNiZhpgsZno9LNb
z{nB0lrfNYI7PBNt78L>)B$^q=s~5=BtE>x7%9ErjGOyb5Ls-ZmfdT6YzKZ{Nrca)t
z$@4SHdryjG-jv7{k!5_V;7KJHV~UB~&V`UM8F?_$B|zoIx3bJ2=+7HX?*hO|Yelb?
zh)T5Y7?Q~WLyl+!IRfeDefd}b=rB&`ZD*xqe=>Is7DMUjA+;PcizMVY4w08)%63x@
zZIwOXh%Rs><@61OJ{md4C+RUtx&0L(6sXJ%8VUk40Ys)4UU6y_MXC41BF-aIS4`^Y
zuIz0R2auyNr;wxBvS4)>JIdZQF<n_&2W@~-BC|}slci12b!DJn<h<q9?U8kP>63^H
z96~TGyuBw1p{IL?vmhI{H+{=6y0SZ_d>?j6rG}OfE9&0fxw=|cl2lWLwS-v3qro7+
z`tiCuyI~uDw0)B>kGVdiO4VG4yjsd~w;L@?mE<rSAYX>51%ZuCm)l8*^-i@OFL*6<
zpOgI4peV$siPb}A5zVfDf$aUo?0fFh$V#NDa=d00(md@ZPTG3rk#ZN0^mW<!bo$`%
z=-KmBuNlItm?vzTVaA{w3&q#f`KJ@78XBHF0WOvT7X#v@5#R+DP7=19kdIk;7FzZ+
zAW!$f)3oi=e;S-Qgtd}9BEdLDezhc<3ag2&ZdH3QXY%_OFH`K~viFyWy?z2f>SZgF
z{8+=(Dmb@c(`lkkM-5QhzDnR;U$EX6D5P{Uap=NARxe}980(lY<i@D`b3&MY^I(Gb
zJwg%qU(XH>4i3C$N3UMK`i}<Eg(X}_NR^_^*}4W+`#pb&3s;x*o(LYxy-l7qDNSYU
zsoZ~>9{Fa_z*yd*16hIGbLhlHa|DABF=hscm0jLQoAzZxn@H<ZBS|YdIdwDVu1&!e
zScgxn&_BWuM!xL!8G!+q=)b|~NaZ5W1Yf4fJG0t+NN>R)m6F8%=r-j<KJ7|{0wj^N
z&9*2a2DH3@=9w<ojB&f#Vl2={1@c;5c-KkR&5@zH&8Y(bPDjcwMDL8MF<on6T+65v
z&q@WC8QC(|o@WSg`zG^=OImg2Xho8zNb+!OcfPbQsoGjWNX8QS6^v#`E^8DqhIBST
zNRc{oGMj!g{+Ky(VbE>Fnsoo+ha?F+eJO)_Q%uo448z_NiWsNZ=bi>5c6p*JhJjwm
z?0ND8RP{EU>K-^e=&Ju6^p2ia$(Yktt&|PYCKflLz)$4zm{aEFx<WfGkU?vKnjyw8
ziBg}{SpDrfv8<&~x7(LDo+b!%gvRR#o!J>m89W`ObL(_!70TE681fT&ok~xkG<YU^
z%7d!w-RAsAZl_7GU4?OnDNkVN;h0JHiT)r2=_5wYU8Ed;91Y)+rz&<{OqkS+*7s&p
z^C#CLy%ksn$nsqJnz?=Z3Sd6+?b*RWO@}m0YqfZrTk=3mNsK7ZF~+QnX7#ORhpFi<
za2YrB{R5a=^3tWZLF!YAD$e@KOiS}nVU?X|Rj9HRtt$DDk`jzEQIU;SUA-8+A38I)
z5ChPF*IYCYAzqZ;dmg<XYWI_?A*^;atD%i+AvUlh$mcRlD~39+q|UBm=C7=U0sylM
zpwi)7dFv$qZiypfDbCUyPA!OL$s{G2B@?Axh`Oa~QO}7&1voK4b%s|QfdJjvm$Ou$
zpRf-{@1>j?A6VW*)N!Q~MSm+EJFjetq0>)n0_%;<3fWRUu{3XhrZ_^uzVq^?a>e~G
zyXZfxHu}kvj@Kz`*6Hkn`#JXK=D{Tff~9=NSzU`1YDMif4ZI}MRDfM85_C_j78+HQ
zgyBAjNCBPPF9OUm%_ff@<VMCMbu^KsDRxA=0PN1<BOq3=pU3+;KQt8smO*;+)5*U0
z4E_hWj8Qb^(7$ybc`H6v+B9^^&NwFlQX@A|@z0_lKW@%YDZ4#uY}Ba-t`H1<rkJD4
z$Zw+zWFjeBXs*=a+KgVb?1R6&!EO3kvq_OAimTDu?MQ3{`lRP9JMbw1>x7FmGRB-F
zrAJCxLPc9u=3lQBLW`L?_LJ`fRK4q#uGadfD3dgaMaP8LYc!1GK3FV;b?dIp&S6ti
z$Hc@}mZpit7Q-*qf!YYzu(QgwOJk7>YH_(jqD-Z?$=+4krbjsK8CMeO3%njRcneE2
zSM*8pQtI^PripnqZ3~Ne#t^+)q$KI*wbTUD{2M!uu@zVLEc$Lu^28E4_MxEgeV(2P
zn!`Ixs9I;O_e4}qIkV~+8pXaHGeA+0_$aW+&5-oP$U_`$O7bxZ5wE3LZ6n2Y53#HR
zIa&h+CQqw|o)TM?7fYT}k|<oJjIokh?vngd5BXOD^rBUKl)z4fpMNjFN|ImlwhRoi
zwERw{Ep@|3=GtN*yhCLvwnX!4Y<5b1>lJ`Hc383WS=;<w7zauF3`Rv{-;x>SS-GA3
z02!wrJ3~Naf3}n+psZ)ji2^FA+E%uJ7GzcA3vft#%%lMh;x8a`K*qwaJ$Hb^*|if0
zl<}i2nr-C~s6nwoGJzVX8)X!zfxB^9fg0F<_}l_Hn_}$*1FK2&L**H$L$XP-fjYRG
zWgMu3ym{JzI_Q7=+yhSU*GxdLnp{6b9)fBF>n9_qhPg>bf@-LnrX{F`{D;p?;M$On
zpP--w|6^w<C?VnTQWfNkgQk21CHmq)GZxtU?#IhnkXu*QOkA+4&9G_yf{pRDPGeAs
z>5r4hz~R+~*$kRs{h?DD<eUUs&1=vO_NvJZR)D%vhJzL0u9@bb9fpU<b<hs;_7Wbn
z!}l%g!5Uc)9M)E(KFAh;FF*M~p+DQnfKbMbwmA?AB>f(V5M0Y|#cT+*y|2iJ;CgM_
z#S6QFmO5!`vIgWA+t#@eYP(dO9U+fzjT8w@nCp@x6wp`R{dZXT@0%;3I9_!L6LL)Z
zmNKE_$mk1Bn&2K_H)l?$@7QDKPH3V&mp~y${FjwNp{Xy$JPM`V`EoNUxT{-JI)$78
z^(~=7NkWB!$h66-upwhN%&Xv#+%mbs!-&G#=@oKa_?BZ~{TvIfsj*g~g?iJlG1Y>5
zu<+I9TX1D^)uaoq4foZgU2r<xkb5EPV!P}Mb+9W_Fq9+tBPU@f#$G*GCWaE1`bxPN
zsz}{hLI!6RwN1(3>Yq*WGL)kKx5&)k@Nm=g4CQS6@)I-^#e0)14Yjgdm#4u}foo)H
zaA(6-(>0WW{)%!ol+yq8CvGV1))$byp_HzbU9u}DaVSOmEt5k7gZ^#PIW&sPx10`J
z%IQ!gcdI6LsMQU%sU1ow_?F*c^ZX8N82j&*<e`)&Tg>!OJ`F(oTo0Ckx<R%F*Z<Ti
z<wJ&e^P~^e=pQKaLnXp5KK(-_<zH|Ph-#WwN(7OUxNoT-9xoL{<p@4*K8R{T+Imum
z>K<=1Gejkp&C)|u^XZR}Bcif*+e{R3l`5M*WU7dA9&SHhM5eRX$r!OZm0w2Mi1p}x
z<lGTX@`xXyf1AYiDa?~6;Ce2jB2*2$h(n~U0>CN0!!QIPnPDG>AV?N5@F|IYArr$#
zljfnDg3^Z;3qd^AmX+8|srkDEvjkEYafDb3L%@wGnNhgN;9v$K!T|&<f-##D4g{V+
z9?=M?yN5LBO`v}(egPEu<POm#n8-d#FdNQN(NpgiGGV<P1=LN3p%LX~jOdTUuN<F1
zhoV^$LK-f`@>`e~n!Wj%tdZ%j>CtWK<1(X?4sCjZs`RY>qYpa&JAhc>u7NK&lTa$g
zOS_k<5f$nxZ)3i+uOgu8@lGKQQShH+!ro$GtSry)0`nT=<qaf~@=xZ1S~Y9c1+{4s
zu0Te0BW*NSeeQ#24dif0#cF*lwv{+S*|~NlE#)n=0a*I2#1_nv!Fj0b4yGK@*Eqs#
zj)EF8Dq5(si}G*HWKbk~&?u8mJ$0~am-NA9q_1Sw<7>X?Gb+@OE8>un=s(G%r!?-$
zNGfjtX}J1mru+&}*)F_z4M-BCD9MfppR%$WL9I-l74HN+VTeobaQ=(*ghJ20dQq>a
zR=wnt@AD=IDn@CWDD100Er!dvOtLOs1cS>cTnZ4cafsNGakK!Z%)Jx?FlQ*7N;}9t
zJy{W3<qe}#1~3OPVGPTal>nqZrVLi6wIDW)*_tF&-9u`_Z?~;|OuH%-<+qdC&|tR|
zd=ib#DqM44sr-IY*$t)2J4)?tDX9bsMUip<m0xA5xy)34ohg5zDZA2CJ0>a<Q3b=z
zXHEnkG-q`TL+aA#O>op>^Ym}ePk-&ivm0Ry!Y~A$=Z6SJ!1M6blY4OnJavM0hoKjX
z1zH{^Q8DX1@7IKI<iRlXa3FRHQ;eu+5fLwjjNKC&08b|M`r*4zqc_Lz&PO-Lr&phQ
z8BXuJT^Wn@^nZT;H}Cs}_kG}f|JM8d{OMjdo{2i0oqG0YKSh4MRmJsAiX0@{uaXC6
zeQV)V$pLN~53EO5ucNuJ)V6C~ZB(!m8Zgc~IJ66{cm`3h`((YGZ+xT<5*;_rhf&$q
z^MlR+SWN!+gYq4QBtjqdGBRw}>gfFtEE2}SM2rrSE}#XB5*byaFY)J`<r9)bLH<~y
z+(F->*XGiAX6VVTV&%rYMJVpbn^SiLi>=>+-04#S27-i&-yxWzaG|%!fW$h!xeLw^
zywkAIBIZlg16@x-P`L@DWX>Vw&Q{y%oJ->>y=&nRx2%Y~8+<)S`1W1l+jfR)mtq@d
zcz!5K{n{-C!u4z0ZtcPWUD1hM>cws|`gLCHhH*Fjb==u)I%=t1fjX~hYmXvZVaSfu
z<bSdQsO(S*a*#*n9EwT6J+&gWW~M$58@D(MgFJ)UbmUbOvD~?rgz_3k2=GKERTN<E
zGW~n4o#h4omet9umBtR2HP0OW1AQ&(*8~YZ+##BV@N%NOZ~>x{)(MURLHDi<?zavz
zL*i$Vzk4=i4-0*aP~DnK(G*b>`KUKTk<jKSu&Q}5#=X14?$JT-iCXwIOT4>7Z-F>e
z!z>oA0C9*zW}!}hb&ew(&#At=t=A*RfhsEwg23Dtmws`K<fq7P=DH7^PkFC`xq6<$
z(qtCgg;nqth*RvdCb)_#sxH`#sf@!#iHQTQ1s%Z!VlnhHv+M6<@(c3$KfyVPFeh>y
zPHUyi)rMIYT+b0p%`{_2$c)9D0B!6p)wSr9u%{WoZVMWvi=>9SSY{Ago32qxm%OXh
zHN&LQS7zDD1#K2MX&s$OGWuYV((G86g@%@$Y-6za&=$7cBt1Gijb>CVkylBW2_;sA
zvMlenc8A5T+12+1)uJo*hOa4E<ONo@05l18lB)&0t$ANt+PrG9mQI5yB?}-EV{_~$
zA*6s%Ji}3UQ#xy;|Dr<V75$i{VTi(lHQC!LA8hZc(+~xrLK?C7Yo5h7ro`>Cy^VWX
zI)_FiV82`Ul-p<Hj_G7<qJ}w1cJyOuQZ0veXTFr-C^%$opNKt2>-2y-TXo0sW<|9s
zC_z+E2QCUVYIzJrg`nG+#L3oFWmT9ho;#R5Ia8e?klrt;=85?!gdOC*r(Hwo%@(I`
zHd)13)EddM&ww}9Wb&$MmU;UjlvxeE5312}U3)~OR@39{Yql+Pb7kdL)4{bgT)q#s
zlB>q`P1EHt55E>oSGgszWGq0@a!8^`?S|MjInnnvjCMnL<rbhw>@P^dXGFSk)CCVw
zAa;q$y{4{9>;v@CN3n8%9AAvVuDs6m;@MuEiEoqFEax=It}~*7xeAU^Brn>U4ysEH
zs*7DG9K|P#7;>qOWps=5#A;q-u`mK^CC_p@fnrEG%8OV2l2=}|v|w@K#N5>gRlP_x
z3zWH1mJ=pt%d7*OMu;x34B%%a`{vW!4b`khUwl@60t-YR4CgSKDfuDy@;!$r05f?4
ztNlK4K4@*1?I{;fOmM`-Uz~ua+1Zyq8h;8%q*5&i#V05%qIU$c@VU6=+r3j0!=J0`
zNvm|A#rD5Qiwr^UQZ&Pi(`Am+y1o}%qazyt)1W2vm@q7zZtdZlCao}VIBN}B)ZN94
zMZ#4m7MwA8?TaFxEEe(wo4r;@13W{Fx5lfh>+4VVa0%EP9=&+khp^l2cEKn_kRhQy
zgxq3F%J<c6M!v7C1Czj6!r^e%ir6^4kKUSK(L`&;)+p4QFKjg&Of^b91&j3P%ZOPY
z1jN5Zw2O%@H{#I;=9&ay9-E_3U6SB%)(3}&UVtVTM&99}M_;{C3Rez8>Y<ITd-|u-
z3&Ld*qU?~b<f1r?0F+M^k!g0<Uw1sU$P6RQ0a<!5W=_hq95{}uErigB{^*1SF~xUK
zrmI#=G{=tS;(q4$$>?`hipBCuH~k4MRfP-ahRoYdQ$ry)_>Y-`yC|E5MBL4ynG$T%
z*aAV?zZFoJHY+B=wtQ_is;3pHn$?vgby!L6BRkv_Oi36ZDx-x-gtU*oAzW%FJsuI(
zjy#S+A-ON%PFq-&>|G;v%Uw`6f?pB3wM7gja;r39^LFr*1uoSkPcFgQnAO;d5wg-1
z*Ca4rD?71mIbQNPqF_`o7BzqL8QqWSh$%C=hEo6PHAg*zq3?sHr%@*#V?^-+MI45E
zJNd+6y1K3{bd+`1R$k!l2~u+S`$fZSM=lczH}uuLgIpYny3N=sOug+}UxrwX(WZ5v
zid^&6{nk~>SDHsa{3Qm1Oifn?<vp>I(kl>U=4lR>d^_@5FOun%3>S^zkcl%8`iLPe
zb(5wQGZ{d(51;~s8AuNY^?9R;SX?Yfq#Rt`X%dFAvXenBeT6cYbSp=<eAhz!=F)mi
zZc(J-+nId(LZ3Jnc&93oNME6L`m4<cg?^|mtm^;@$xmS_%8Y=fW0>VZ1VnNvLdwIG
zFa&=33j>4EX_{QIrUPj-UUm0Zx(Qtz)2e*UqQkQH3{Vm(b(L#rUAvh;-w3Oo@>imf
zkPGq4k7lxqB^6VXBYQj&EV(E2Ry}e$fquVMWF;PI`xLHz91PX2T!2b5+h&hZQnMx3
zW)_UG)RXy?P)5iA$e9IJoitIL{QC~kNxsI+5MT;I%u*K9bW@&xGD8Q&uW~;|Z53p;
z#57!6mstZ7v)GKw&vPVoxG*_X3A7{SwF?LQJh-|zy?E0vep6SRVv2lYQd?;q?hd<0
zhd_E~<sK@D;2p%F-g3*&FVfFquwxb%$J$wP&h;61Zqcz0a<hKs&(`I8IsjUy)G{Fk
z<=F~bvvD`ja@%$1HR}}aiH2LZSI+}XcjzramTu2opkkxl3fjs$au<)@Sm*E6KhlQV
zrN!E2x9WP;9=izDY$(%&|J&X_n=}KSC6;<4eb7C8-aW84(?{R-(vP#3&dGyXM2#Lg
zmLZjPE<e4<>gpxCYwOMEdrA_-A{3@We`ALJi2xbRya?TU8kUSZmp5*vcqSvscPuya
zxuXIBh-Wv(&uy(oG9;`II^&bGli@W8x&f5w4#8k72X7w?2jdg)^V^dP0l|kHhGf>A
zLzY6jNw0D2rp@=k)8XaC#mVsc=^nVwHMS_ZVfbHGvpsNfHa-Cd;N;?1P$0hEOqOEp
zcztzwUI7Hi#86ajo+a(VmckL(eQHd_gQxo-{o_#lVfg!W&sx$KIhJLv`2J4LyPhza
zBC&He`0?bdlm8kZ=2IN&*S77q)(y=a7f067N=$DC@7|m=U>f6p6)*`-NXY5q*{*!#
zbET%Mr2P>1$*Qk^k1Ezwzz|wl^ewzzinl6pXz9!1Cg0`g&CSVwk1nsSPp)o`Psf8F
z&rWWRPhJn+on7CYpIl#^4#z2n&Aa2mxNdlOyuRbkW73cEaMvoA^hz{Z%g4Po?sZ$d
znO|w_zUr|mT2SudYDa)_Ic<dk32F@z>^p@U6Or9DT!D<*H^(+1sS5CF<W*e=+=Q|c
zn5z+0em`&%k_r&pc?ADp@0_)K)W3<lU*q%sM&{Oj*}tACEpTn?dH-_g8@%ja4sfGK
z{mVga{GNX~*x%<V|Hpgn-1M5R|A_w@!b>0MCI1Ten>^xQ0dlkV`zwHM{&ar@;6MJW
z{ifq<KG?s83_rxH{iU$if3Uw4+$L}Jmjc}Mnf_9szsn2#hmZI|zw5Ai)W`W<)Q|lx
zzl;6xp5!lV4AdJ4=GtC^GBDM$pcVaufotenZx|T&75MAnUtYCxOgv^BP_|I4`3!%p
z#%w^9_RoD5KSR3~zBPh_#%nw`lBz4`IgolWN)I(!y$_O?oI32AzIw5p<mx8XfG3~(
zA@`AoV-KpA1Dr_bn#VKpJ<DgQAF7;!+PR!hCO;$lPX73q1cCvSBvIf|GRe|TzSj>;
znk@B(Pi;A3%`w9hCtpdM?D6@&+Gqah6`I0hA(=dJB0~_o05h4dQTE%2Ac_JRp=}do
zhYFbM87Vj!qT^E-+y2#Jl~_Km)cN!YbQKS~^;6;VXYC)i2)~pWM6$R9eTles0_r*q
z^HA5yhcV^wTp1NBjR(<Z9L-YB>0InZa&1=DCSk20D!aa&-2uzRb`&Vw)yrJ^-qaOR
z=dmdWCn<G`qIqf=s^rTmcQ6E}<`>9y-V(!+?4@)iAVK-bp>=ZL6N(7yWuoH|&BWd$
zB$M6(%C|j^iJ!;-GWEi0jJu2ANtxstBHMRMQEKd3^RG%rqk1Q`gsdg=Ge-d`e{A9b
zyX6qszHj<Ey%jZNo?e%iB2>7Oyc)+yUb3?HHk8sp0hlZ;X}8I%Ohi@1b92+rnmjmS
z97e^I1x>6r=j}3W5bJS@P;UWol;!&`4#E?wEU!yIi!|94-J(d6ET8PSQok!Vr&7Uj
z9Li^)nLP1gCa06pD>iNmQpwfW3iPV@$|B<2E@?puj%JAE`A`7co}xL42-S(!O`wHc
zW+g7w=aAV{E1L#Z+m#gRFJvNH6`~*2B~cw3$RV8}o;_BjV)>xjMf^f0I@~d`7do3d
zgC&b+G^x_l`d5j{sW?F<la#6`=xWLUzYiGMS1;45Gt+&Qa7Q*1b2&gUk{NbD*C>BN
zL3b!7Mt$f)wYqwuwo1lQmPBKd!brb=Yj>_{*>!8>mtB}=QO<x_dtuF?ty@@g6g=d@
znxkqZEuABCt6DlomkPSfA#^1`LOF-G2r%iwQ3;9EQ_Lz2yb0WtA;B^?HMd^tGm|Z|
z6AJe$VTgnw`8Js$eF<71KZCQZ5)gYl+6VFMhGtc6LOA=R;r}4)(3s+gPeJE<W`b}!
zU>8Szm;?xPO5>F~pt~n5)6bv>p1nLc0RI6FZM;*lJRC0UqOj~vCqs9LO7q^Qm}4J?
z_V<Fhowjo#M6A9^sr~c`G*S;fe|94I7zp8PChXS9QUDNq`A(^j&!0P@_M9Ztz6-BA
zkSrFEF8l7C^^Bg?0qes_6EORyZ$JMYKiTB(-Kl*c^XF&*yT33JZ3)N0!NI}H=g;N8
z2L}hae-95{J$v@2!{;v!UK|`8JU@K#r-Q>62d`fK2^?$*f9+4gIHZ3%*cey7b6?5N
zryT$~->EV0^g&0MBmG`ajJ~HOfzVk`{raS{FRJrpj6_}K>riFcb90?O_$0MS$IiH#
zmRju@r#PC)_NpB7P=2tqngb)PIVE(_QRi1_nWdZsjDgN2a;H5;AFPzG!Vvpl>B|qw
zH2A!)=}!2(j9#n1F1>?<&r!sU_I36!^+cDjO_nQjO7lTRl{numq9%ld2xe$p%Jkvc
zKRRZf|Dyw7u)vY9V5r+D&p??HSmxT%DVDX}Pywu~?yTKohW2GXT8>PHm^49dNc>xU
z8AZmV7m2W#loo%^YNV(~ny4za<YX%+U#3UK+FXY}$Ce=q0fkXO7U1x}6FXn%i(M29
z<2j6y1)|soiXec~OI)k<I}LVStH0TN(jn9-xVj$N!M3?}de>w^)OEsPQSne-N|5Js
z_+RPuxr~C<x-CXQ+D_Z)cH^LybXl}nzq>kfiUcAP3e6z{_FZXGcrdnhh#Kd|R_8^I
z1*-pF(5$d@_`5Ahifu->78l7NlhkSfBYlg=0P0ru$|;}YAV5*B0|0d75~liKmM{mP
z9Co>6xl689<#QAJwx>_m<>iA(&hNnE9s6HnR#*@CwXrU$Oaq4hwWg34p7$FIP_5WT
zQ4~lUq{BiS<VRAKonyh*!?G{%V@F2CmVA2`VJ_gl!JP*FrRT#d*=ASf2JBVZyvk(E
zf?x}W`RiG6Y3qvN$`M@$OMY9R1)<AAdA$JCjcfDRy39P61ek2?#fpv~98`Ul(r|R}
z{4W(1j7Xg0j#J@tZbJHT@;mZkIC{4wMjTXCFpOB__^^V~u~cxIX;UWM)>O*W`LW6%
z-mI>)V|b(Oi-mYq`yk8JSVaMjIGW`(T1tU@)-wh1r7tmsv?-e`H0z996;JXbDiiw*
z(-_TK!=RAu&P@?#-Z;pz+X)NeDxcY|X>~C^=tpK)rcTnuCk+MBaYrpg-tEzj`2Xj2
zK3vQHXHK?Q@8a_MWZdN+`F4Cv4gSAZM=ze|{eOoChu{2vkMT2nJGi<A7lZSYKKS%W
zA5V7WzUK4i9rgA7$<_Gu^1`n0Ud%lbi8_PPsI0~yj;%^NfBv({NH9SlhFk`K-OsUp
zE>^uVgc+D1VbupH4#^S);Lm^F+4=Oz6K1}NTM96oMTBwepOYXvyZrol=Q;%>HrW$|
zq6`p@K-Lf}WY+aT80s5IU=Ht)ZlNCi31s-D$($p8PhpZfMDHo)97Qt!X@6(OdJ9cb
zn>z>Maj2c^+P(n00rt6B5~{jpFn9Eg(+>D<5Bvrq90h`V&qbdBfON*TidF!u#kuoF
zzgiXw^-FY0p2-rRkH}9rj%Jc2x5)(gJOneuRSnO}PJD%+=%d?icKZAIGw?zH<GAa_
z?wM$mAM(v4IfE<@bxZ=VBnh~OY8eR7B$+v+*_4UGmQ-;J{+E~~;PN%NetQB&m&gAB
zJP-6p%+uHwwQRATrBqSG=~AvrT{c(m<4qu&@9dmLfY3nsRg95_a*s=zYjYZ|?u5?g
zVI)qyTel(|4Yg?!bp??^s!+%jo5dgBDUXo6K-~W!lenyH_wKNpdhO(ir)rpY+&ay*
z!0J>V-H?#mBu>Ru6}LMb?%bkfCfP9Ia}D(;v}9fB+BFpXgqFhAkY0!PYDVnJ?8J2G
z0w|E~el?|F7yarmDCJ6LZ_k}jp5cmsaH2I>{|Bjab|b>UE}<!wSx6=@>{=|Ac+JCd
zDyfD`llyINPr@q>f!n5V<N$Uvdel2{R__GR2vzoX&kVeF&^SF6(q!d5O8rHticK$U
z22#Vy5J2aQWnaw!osil}r6XNXF(pBwk{Vh04p>*obEF8cJ+3OKL!DNj0Ni0HgSwqF
zeOJWos9AlmuRXa_5{BentYXI(D)9$XuNH`&;7F(^YGSGN<gG@dU)0FO5Ok~bRF~cP
zCaS!vo|#fFwDsf@ZB}~kbXi5eW@2FNI^3P3WLQ0=)>dm{YR&ukF0p3dG~sK@rX`t8
z6F{K5CUOOntBdXD%pd}qM0zBZ%??JF<Lft9C*zyJ@%ib+&1f(l|9p9M{KI#<_M)h>
zG`3oR>Lk&m+tG695%3Emk=RTA(D~F2Acx&gpDJ4CHDU*JKY#w*0l$F>Wa#B{;01dQ
z_bb`)>66270i>EQUoc0+;?;^FdR^RxD1G{r-ixxt>g!@BFl%Ra24$_-jZ(J<Hd$^!
zt<dJ=S1T4_c}ZoQ9%|AgufkI!ODR7&(uJi=d^2npAX-L(dHNcR=g|f5JkFQE!{RUX
zO#cs0FVG#LPg@$ODwS8wFv{;{1U(ep{m>b`$poh$OC9hJ?N;zSvlH<=5VK!H;CXYx
z>Xygybqjd!KpRm9USODA0Y5z)RdA~baVuK$HVu2sgadf-N-KUU6sd{)^-015jPX}C
zc2PEo{{viHUZ3>A=~Qkat@n+xJ(;>@B=&Io^7SemYCDHqwlQ0@&YBy;4#3vNP(AJ}
z2tbrdn}hut_Vojz^3Yj6z;b#FtczV{Tw3IS`uzDb2nbSEwA?gw>NTV^WJ}(!v9_iq
z>XY?Tt4$NdK<9!4Xr#s?N4Oa+nR3XCjb8FDE{{)cPDi<gPQ4Y@ZhE+j7v^Ze{(kV!
zF5{3VVuvX2JtA4A|M=Y5E08d{yt>X2u?~6`BVXOT6Zj&{lFyy=s^`k{Z?A5t5}z!k
z-zn4j_T>Lgvm1Dx?D}_U-@kBGUQo^A@3uYrohi0#7M=1sn>1$x20y|OMn0mgCXQBU
z94z1xaG|dtn4){Iz)`}j%i1<za5~ZfPiao!ZhF@6GvwwHo}4kt1qz-zcIRDNx7z*6
z^8M6N2ji2g_ou@WjnJBe)z>%A9F$1AUHqTQ1FBsd1?VF%nk2M1YF?`Y2YXTwv^?ms
z7TfF2cIR!z7bD;+xiY@?$-Qa!zhDh8G`H|uuA633i0*k)Lhm6B+RY4h=l52g9joxU
zztW)mk8Mtn!=qQ-gYH51@Cz69jkhHEsbO{eE9+2UD{ouxsW<t0j%@F7>Si$^=y(<p
z@qt7jLig&LbExxf;t2S{$dym^#}wURlH?wzRY#cjkbwY&h|70NDM@B(MVzB>VQk(m
zIE~DeL5B7L2?H>CKU9Rs<3<?CLPO%d%9MyWmvN0eg)E`oljtc|3pkoik<Yu}SWqBe
zaL>P$$H4CBJ=;^b7zyu`U5*(`P*<Dc<pXdBLmWVklx7h_V2&#C``CL(Bl+|UC1Hr8
z*)^PH8cFRy*J@hv{+bx&-}|imkN8s>|8X-%p%AJrkHanCsE_}6_Waf1%Y6LDt5?sz
z#eY1;&!<nlKkp1lyrg(G=ivSMJ)~$KoJM|kXFNLoZ|@BIC}PMvHBU9uJ{XJ!!?!2i
zQTJfy&pmY{)B7{H!;8Lrt!IiuBy5l$7J|9{9Q8p~Z702CZq{63K`g<q2@KUs&@hhG
z-Tp%IS@rC^3ddqQKO?|t63KIO$id5JGWdgm3G!jW5MX41>?czcOpL-nJ-{IoOd)-(
z2{W)eSxPmjkL`qJ72ET@uIi-FWGYKQvjEmWDZeS?W#<Cz&euF^rL!(Zf8X*>blwt_
zUHwh5M=(bGiWlQ#I>jGB$IA$m3$=~B*<I;bOK<-74M#Y8c3U%teR+dje$HtavBB8c
zv8pQ!U>WD_JbSPI>-eJZT$!Fp`NU$4T-K47Ii|IqAneZX8l0s(n}^kBMkO1Ly@z8_
zi6}l6w`>X9h+`E;^6PNz3h{)h!!Z^8T6~a5KyT`rK6y|$3c5yqWu}r2{*ixO5yJD<
zWk<!ubaHVrdtmhrn26i<9dTYT+PFgww2eEK^#bgcKYCgDV)0&6zbmZsjX6+d^>50H
zWBD)?IF-Q68%6rbC6zL!mB?D}HZ^rMwyWA57JtfsNmq=^WuSpCd+ReMU3X#m?an5C
zWU+l-G5Db(RL!(;ER9v#l$t6|#6_`srFl}z4Eus}JBDQ5kM;~nv6S0=9k9#eur&}X
zpwRdW9p0>ltr~VEN8jXwT2#nL<4R{omb7PHF7R;^7Un=TF>)QuZSYhAYGFRMA02DM
z;iV&Wi<T`6lEO7%8M9*z**3#f-Tg?TI9TDm<%Fj2)|HZG40=Ev=WAYgwn*m&RONAW
z%A~^Gk2;c-7uTBh?W9tMf~_Wx#ptmwP7(`&=3A7(0_+u~Z++TUrleMK(kD6B5gVDv
zc_pbS#C1NB&=6|E8LReb)^&-!J$Z|uO-(1HxpoLw3Bqht7%NSK9M2tKTbK!X@ZS{~
z(KH!0qHrC0v^2MzA}h=cW7g6{b{LxIU*$owl0lnC)*I%Fsy5blZ_*npD_;QezRnv!
zyFP&-Vm@k;$A;TMRbQ*1)!s4MdnmHh4WW{->)K0A6}Ot4%Nbw$MJCCBW)J?J!eJ_g
z0gThDsWuPfhY5~?o5Dz^pW=JLT3ZpwN!?lnSe`BC$%@9^n0@%(YCq<_9gux!xzVp}
zUc2YdhrConcpzpuPTH@Can32j2HZ1tSjnk^lm1Y@EO`#qiBIdJ0tI9N<4W&<scBTi
z(6nf`FRyOiZg=ixs$cQgVvW^2Wk}_MUUkYNL&W(!|4>fbfsnvc?sN)T-coMv;28<X
ze~o8vCva$2*;Bf?acJt4q8X{R#TI?!>IUgn<kvtOt}MqV`IhU+a}i8Sxi*wPuz;70
zgv_<07u78dhokOl#$*e8s61_Zya`^;v(;vLL2e2&z9?~a3o}r)GrE9e^O?N`eme5E
zAyXZ}Ys1;n1-hKIo3aX6XW;hp8^->DzE2XBKO<pi2eh*r2dY)2o^z{do>+ZJkK<Pf
zn#ci-bV`sC9hZgp>R&pofUF~LnV`v>R62=)lj3z1QIbF$2^gMNd9T)8fmgJuTJA@T
zj?X2?HR()N)a3$7FzM>nIUeNc&s9z_t+bX_0cp9Cisqhf{LlvC_1RcGho!chLbIJ6
z4@Pzpg$DM@?I#bJ*|rufy;~dwrz}mZ=x$tj$o8BqcHwK2j?bf!8nTEZUy^RKHxSV5
zwR)Kk%EWNDQS#YisYBIhQ(u_}eluLJ5*aJteow{7%S=Y`>;^MI)3V*IhTp)i3E@cJ
zZs-IPLB<bl<NWj9V0$P&e+G<&KBBw^91qzLrPn(c3vbb~xw>*xn|lWO{**VjFE+&X
zZP?t4vDPNnmc6Yov7RA<#ShMu&L``p#U@P2u2?v?kIaSUTrgIbqL?tu30*2y{vCKz
zH_MbAXugPh-E>Vr0r)5Q?Kj<|q`F(R>;_0Sp@(D<;}8KDhQM4i063B<r5TQ9Ap#4;
z7@Q$>-NF|Yrx1sYt55!BL^{beJSL{NjPEJ^0%Q3aSXNdww_Q9^%Q-9cIpT8?IE%zq
z5XCI625OQpWrdw02SmkR2#!GKA5q7u>RCy9(z;$Ql<^<Y`@z|}lQDQdI6FNaT%TTE
z^#2iwl{szln;fVXTK&E5nST4jO2{vLTi|pG<l>Rg5UAYz@{YYs%>)8@(I!Hw3=lq-
zFaOG0IqJHsXuF!URF7iC*2;As=bhJ1t%QbqH4Cq>Z4ov8<c!FE%7T4hRg??p-$(*{
z`3jZ{=bsQh2OmuJ50cOiR+|q1^6c$iju-m2u+H}wQ*ws`1RzKv{A+^1JzVOi$#lX~
zVW_Ak=jz$RDG?ye%Xs(q_qOko(3yVSSiN7?g9)E|lAbwVgqzF8Xgsn_sjD9cL(8N$
z#hj28g+R`*s=YLe&5p>~IMWIA^@rjJW{viNRZ()Xf@)moUYc$~ZidJ5=J!3Jw>1M&
z_tJDsLhLVlF$p}T(@uE0?1>mCLh-+FG*e|5vG%cgF%%ne{d66o>Y7QT+D_NglD&dh
zpkczv8x$cb9Rg*BeAOx@Xka}7!?)oVHU!ippzjDm@Khyw6vV3sELm1VUObeRd<0S}
z+@@CGd~I6(){?~U*(%4!Wt_f6%aypD53krZ!*6Z)j?<%@**|Ie*JJokX!*E29}ZR&
z@WF$MxDOj7ygf_utQ`(g&aTg`tF!i;x;m?5lTX6}F>Cg$1kwtQBq5JJMe@EK4B2+#
zIIcsM59P=$K}At<Rw6TGdQNF*n;cVbD)!_0=;3yv|2^}haIX|<oAWGYN@rjOOYfL)
zG*iQAF|I-Zv1$e6vb@eUx%&Oj()+&?=-(!B&!;5%g-p6jxY+0#a6|t0qoY^(`@gS_
zo_)Lj`zSv`dbV=|*qMAvg6!n%>p8?ef8K#H)`{f%U;?>6@7*2l+~O$cgCQl+f0D`0
z0&y5X4*NUm#pnLYS$({C79@)phT)F$XmojUl+5R|qqNC)`ibb0h_);V`vOsU2?|(A
z*qQj-xfP^2XXc&;oH=d;Q2k!J9e&jX+7p;QD_wG#SAFZM_eW%YPECs%7X`MH_QneC
z0wsy(K}n)^pDbb$p@_@ppEH(9CRq<FKLDp}=q|ek)|XPA8RvuzLgm)Co`P<hVjnm;
z_8pk@iTo|c7K@QDgqits6eOV%L?v?-y*D)#D6t)ryJLSjlAEu-?fuI&EmT%8rVxiH
z_)junZ!zP9F3<1+^EyD~Efh4C$YhGsBwPhzbt`A!s#<eMIgVz>2nHdJ&=~n73iQxc
ze5|FW4&Em_kJB$?a;;ZWl{(f8Xh{@x4hiR>hC7&YL|@|wvw4=}2!M(Tb%Zy<{NyH~
z0)RWziyvFZnx99|HHSwa7m?jw>Ey!Ji_<#=`6$yo-<1N>T`>Xqj0{cpQoA;;gCeeK
znTtq(#wbKSC)90cf7$Gjkvf#?GYn*xnwiZwZyR<%_9K~H2hB>UTWlyssYDH{lao08
z=$aMT4~p*kPC?ea(VKVUldIgvPpuP@gWQiCvVNMis|2o{R;;9DE(d%?hbl(0iuQyd
z6X-3r)vVacutTSSdwqI#QbS?Wre5Dc=&gKrro5Y_9LomK<fkhq_%$Vq{NRh9^hU!K
znwEWUwuAFo-AjSoqGcV75-zMT))^1pUXHJ825hAnT+Qgqt2L11GtyOxbcX2o-TCO|
z_%uH)ZDf@O2BAVH$cUd2<nzV};+`>APmA&R?CSFJdU#U8gVuhNlD^2ZT-!}p3cXQl
zSe~{FU<-#~DY7cPQu4t`?{C*t8C@$4W|b*D2h0OHv1<WZ31*ep;am(f%TM5S##pkf
zz>idr`k+@<qj7Eui!Z>m4)8|eEH(y{ws3USJQU`pH!tPps`gy<R;e_ldZh*P+$B~g
z^l#piITcqi<zf=#)4i9<PA${)lbLk{mf+E?TG(tlOJ#A|wUc@yoD|-BwtqA?@bWbL
z7*ktIwV9etn@S~&X@F!1@uG^t^68W1>s0S>OAy6X+!w_cW*M&xR%}II(K@Np%MU>M
zHZ1UxsGn~cLAUTz=l_rI{EdD8e`@sqA3QreI?Vb1Up{;B;+y~fF@Cn}|F;hmb7ug~
zX<{3tr4HO|_kZg6AC;-0Z^r;%#W8?;VPP#NeuETI#7IJYWLr<Ri*E;jt&w6KDSx@=
z8*3WDE1X>vjHz};RM|)Ynee>J<~{RO2avVdBIE$(cIys}CC4r5!KZT)DBHAgBWSQ%
z?F=ft87!!X6uqHTiz7w9CWvKwK@Gaqwg~^Lpo@x$HFRY^ge*%;n3{8b^`1w!Y?X2F
zn@RSy{gm2&=p(1l6Uyi@?7xGfS1<DR-}9qq-|WA~_}QlY=juu+M91>|eW4dT&nwHC
z+IW2AE<E3K&6a;k=YNFwJ)yU1+4Ye4&Nk2l4fFr##ZfN)>*(Oc(W`Is|1o|ZaQ~;J
zNSR`#$&hk2q?}zPA!6MCMayA&b(LL{laDenSJ<Mh+QrD<_woT`B^t<wF`VEKb6kL$
zwbW-zYWI0zS1R9i+Ib`-Y3(9RrS;ah@7&e~uXH!ru-nVo^%WbU%>yc`5wsvMXVyz!
zwT@ws=Jf({e}2}?K&#$Xc=%G0sPyXfGB(D)2Tr7r>;RyorC+v(T4%PTyAhe<DRb1S
zf<Ach%<{6vlyKscun*oHkJ?tf9*#5$PHgz86kFjVZFY*S=Jkr(+EU4ChiHXu?^kJ<
zl&=5UIo3;4T5PrrXj=ado*m@lzh6E77XSSyKU-e^o041<vWayIOLP|9ZSrk2F0q?r
zs%p37I_{O<Y3Xfpw5r~HWoxt<)=%YWT--c1di6}lRDA7&-@Nr*ob~wHccZccC8>5)
zFJ?FM2{b*}UI$9>weQ7Oxq^NB+2p5o{m-SqTh|b1SpN^7zdXwA{|{fhIQq8!KgQ4R
zvi_H3!rO`+u$9!6-wc8;!XO}bh*BJ&2Uz6Gvntk-_=jB?YxTdIw{PuLph^Efd-*J<
z|DPQk9DdXPkMZ+>{@?N}isgx6D>5x^V^P>33**<b6nu3Wek0dig=ATgFE#~7e`p21
z;ZLpp*Kbm8X#O|q|D&S)|NQXfH~s$@KM$z?&5Ney<S$>YwBEUXdv|k1ui<{v@n4FL
z-vRnnRWmeFeMlB_@;A5$8$`ll`Zx9cKtHYYKiljgK-2lp%fr0>KR9~+P5(d2&jaQE
z$?N_q?LO8|>HoXy_6Apu?tW<meRX)e83c2Oxsd<jA)?mnkggcE{(EQN;ma8H!7xl1
zNAz^G0{}zv752e&Dz+YOM0&pCxw@rmc)pEqaH-nqpS6f`jhs^{E9}Eu?3;5QdznDV
zXbu_RQG-G~5VpunHPwzoIzxOUTj#)jQZGIRXIr}wlb&#;K-=GjVYMkt+DH3XJ=%_M
z_II~yYS(`!4s?ABpke)gb#(YDzy7~E`nLW*%Fh=R|5>$PbZg<riqz7AI*|8oE~9Yy
znv#V9@FfI)YHI&o?Ut|e2+FMgY7J9e7=0;A*+T}i7CYMz$-067=$YU|wzlyW)$536
zZBmFsZK!YYcP|T{ojQ4#YC~455nGuS%Hm_4d<TuAx?Y%THF2#nn3QD9XvGVQsV)}^
z()>vMw+ULW=M@3fB}R1av7MY1T^<cxy^gkD|7s>j3m|RhO$$&PPpP%Y{Q_p&T690i
zL|ko@e&0E|BCQWKeQV#ydgz(k^3D00$@CpXFxaZq;=D|{j_I<wK&@cPxZSTzFZ(>7
z|ER&B5nvx$gw__H2fZP)BK|-6#hE|IPp$t)yZ;s>!ko~x9Y78KpXbjD=Rb!BFTUOX
zeUzWy@%&#)*SVIiilZVed^nnQeL@kD3r#P7fTV$JAq7;y^J3orEb+iJ^eB3iOi>lc
zzut^dg~P6|&S_MA!ed6~7c!AdQ((+rb!RZ;Egb`bIYyNfGj`{1&j75Th~+nkZ7jiU
zntE9$H+5HKqKBd&COFCt&*HLEt`eiIf=M{yh~8y4vH>t9Z3eyAy0D>XM+WmLjL|h-
zAd>K`u~XcJpb9u^Qbmy*ZTZ4#+SDrCa9X#(T4Ale+_-D1_^Pafg-;LD%_0R4*4a6U
z2-Q<DZE6*^k*rb}4m}mV9H}Yf+HCe@Uh~1pzx~#u-u~y1qiGT{v{53kTKoU-;N{Wt
z=lS#BXD<)F+5eC6vrYSd<LBL)4rpz8tT>(>>ndZ!A7V4`$XQ?wRbQ_$UpN776}e{m
z{U{M@Wyrp=NHy&hW_@rd_W^Q6ZJU3c-TB=)f<Y()6}q+Q43ap29E~}J9L;o0n_H&(
zpNsFVXx^Mr;R_5Q+y0^Z1Dv+I@3-aOZd+R!f-ODz*4*X4*natzod!-?=XFxiY;t|Q
zM94}KMVDlvw#Z&HeU5?R&yj!2l10zC|E^+^uz#C@-<2Us;JdDQrLg-WWJo@)(y7S)
z)Y+5ijHi?=#MIsc9U)O2@SB<IzX3LfM=xHoWYO-Va>HB!g-(~>{$IEE6}d0A&xW>g
zv#kU%F8EgSuXH<T71X?LY2CS}a72P}jQrfTa>GlY4&*hqwtBT3_&!M@-n3{IYdgyE
z)4C5fzO3A9n|{s-<AV@GhMdiHTDYAnwKkRtX8xtUpCC1@oFI6q1+5VJ&8be|w<Otl
z_a-GJm3J{mYU$HW#GWK3L6%RQFXM_Sr@@UVVn{w0rPr?x=;&&lcB|xG<tv|ZW^=r4
z$}Nx&Nqs~D)S7frxrufgpd!30DuT|fe5kOw_AOdwmSl_is%lja+fJ48w^+CL4r?i%
z?ag#fLPYaRmsPkO;%zM3q&+4fnJvdLMNk+Vj8ljs?)0Rh%C`DdML|VwgEe{?Q%vNu
zZ6Rb#EMQhpRQ{9Wux$aLEe+<ia_TmBic4|34GWKPwjOCj7dVmv^oBwojS$81LA&fd
zZ#mj^)k^7W3ApuGwRp`h|B|1CMHaYp+go_IP=j*}*fzo?>;!!kqLdNVcel~$Xjs|c
zbTllmMC|13r~><4Kqr-qdQ@;E20&iCORMeexezKVIsvmO)3PU03Xu$KzEJN^S*Xf#
zlnm21s_o-HyS%Uy+_1~V=+{2*Nxby(uOK$QY+b}r{?>KfOV<@J8sEOIm=)>MId1Lj
zMV&eqRMvRKhsK|PpAiU1^pwlTdN4%*3XOS(Lo`D{_7FM15#V#ofDajJ?oHL3qV3-8
zte)-FZ<W@~`Ic|4mpq&6f!+j1JvPskddSa}{FV#2^ke%S;Xi|_hq=}FeB=3o1mNYt
zL5&RakPQ*#WiM1$zr)+|l~MbN-STHf4WNvsw(#os;BL;vh9;*q9#YMfsTY}NOOA#Y
zKn}lB9a99embR$_^ZQP=Dodke{0ouMx-I$@>;g{4oZ@H(c56CasoQ804VXMA+}i^k
zm~hf5qVwnEJ^~+b0KDWwU;g_B{097l11|s_&;j1`=tHTAYW1e!G4=Ad$rb7n$Sr#G
z`E$RFq`C)_H|;~&6W)v408`+_tHADwncL)_l?|NSnZtAKlwApzPoilx`AV<9QhNO>
zq<@N|U=?t{TL`TX^Eo&K-U5C!zw6!zyKkKyd7_~wU(6SK$Z5wS+4<OI5scZK@Qza)
z62|}Mlq8X~7yj}4Y6Jj2LONr>qk4vVSB?6i^_(vQ{%9JY?X0f-VCnV3nq4)+yeshP
z)ho~o&|Qzs7i*%cd98gz`|fvHb6SYi>b<C2X&zJ5)}XvvL9cCiSHgb80dL++wZ{fJ
zDZ2I>tAa$7QnUs!>+bBTw?pgOjb?+8+Z6zJv$L56)Ib?aCgpAQheq_304k<OP4Oy9
zI%Qo^Gu!*bGTq&df*QU3wd{W@I@|uhy~;zkr33dI_^lkcgUs8+@{g|Bj9z6EzWSDX
zBPZTh==RF>B*1VM5yr89PJ)UlY&P#3oet#?X_%GAs#Ob3=^!Xj+ow5?VHIMxz;|KD
zZ<XnCXRrm1OE_C5)q%YUqfvBM?gRbt^!j3OetL6!^5eTVIfX5WQAvFfjUZiu4yS^=
z&J>0WbsTr2QW*i7B(sL`+$+~68BL?h@%5XllktC@-Ha};u5T{ho&R`pRY_d)o&5Ir
z-d~=*J3qNOK5a%<Z_8AmY+=z<+CwS1Z;l7ogJ$~D{vSgQk1?&Isl=Xm0tN}6qloLI
z6lMJ&R3@~ruLq=SPiGJ8qD9P?_UF9@hQNf+wVaGJ9K9K8Y?UxHf{fi08ob6~-l<z0
z?VHhHJpTFe>iFjM>DfsoJ59>BDwBn&n6KXVHL2iWu)vWaPHmY=8Bw;6tR%aP;@3{H
z5c8u*{0S|u(6soqIcQk5FGR%IKeuRE2cd)kE7;X_Y#E%LUH*J?az48LTP<h$T6b*&
zXF3$`#x-imo)qo0!Iv(^2}AVXS&EDOUvG2xs7mf@*LGjCz-*}YR&_p94M+evoIr-k
z2BN@lVO#t-7*~r(D=e#;8dq8Js~S5aoeDLHvkGx#97e%p+2jjJ`+s#ZIy)T>u1_y7
zZq6@{tND=H#4Ln&!YE!q#)T>0L_tey)S;wyrExTb#f^9RKIVfiKQ@(*r(>*MZcEdY
zb>wSOHkB+{O^HNV@*4|cmn|cIPDw-(HYAG$=Ac8S)50-Jfve-cT@2q|U0z(i8{Z5s
z&(BY<>t|Iv+-;}O#k+Hd0zJm#mC#4YVw_Q6^5m_k;tHe<&)$u%Pp)nTqtVU9;CwZX
zz&QQgjkB$#;R!gE&#JZAk?IH7icXD^uAE++ULXH>Gq`%w%-Ayct8ucP;A~F(3`4Q$
zZAtvkgR@mO{Z-hu*_EWkCM+d?JiIy`U90U#D^Y5JXg%g@y|WV4^}Dtj-Wz1A+8SfE
z9=GY&s>Z|lK+fs6m*eZ!-7z@y-){-yZSkz)9jib$BD7MSR&wy{cra@6q@7$0empz5
zDO4>rp_YhsKqn%Z@e~FyZnBtigXT0TuWI=#W$lE9`2yU+ODH;Z^X}@bvSU7hA!1e@
zxz^a)nk$Bi@yXTu7NalGF+}g0Rf>TugsUCgxJHI5=^nm4X`!hU-ToYvFLE`T9@)}5
z1Z}hVF~nV;RV-wk!&VNYN|s)oygvQ!mQ1B+ia)N*)_1R4V_?a24Gdy$cyoNQqUei_
z;qgVWEQng;J-s+y122w(0$v;iK~$+A)I|*Kx-K-lG0V>0UVX**ey_E>$-aHLdk)bj
z&-8l}`5&JQu7+=K2G`fs8moL984`Q`8^}2=`!L{~;z_c?JW-UqK0Ujx(Vn%mOmWCj
zDK)RvmyKLHPe5J?Rj;v?>Z*Q;wIf8@t*|X(N-XNG&&E>Yom}Zv>SlO4dV6xUHnBn_
zB083<*bv8aL@W0W732(0uCD8y6ZPS4CG(^L(@!UV+XPYd&OJ9AKB9a$c#T68m23p7
z*f3a|wm}6O+6N{1G+dS3tFyJ~y*k_2>G}i=k^u8Yy>j_R8vd<zU{FBphGZtp{W>3A
z1)|~Q#l^|+`t<UmdCQ&R8j>hNzPekz8oJ}t@md&<G4q>|7W|O9^%;)PNSQ(H$UHl}
zIB9ESm0{Uv_nrd0#tZZ>61C;+_38P^|GB(aL1t0}Tc9_dN#Q;tvo_HfZwBv<Pp<{p
zEvdD@Z{{y^vEK{_*MoJa7(x!iYGR&%OD>j`CQ^oHrzaQJH|M7pH|Hng@!-u#+ezVv
z7)AUXN9Tw!I76$<#PQp~)yc6C@UzRo@y*%kk5_}M(-x>RwK$$bih>bEA%Vdeo=`|}
zH4PPB5t*0gB)WSKX~8+Tjc6wae#@w*`T(<%YmqjR;d$+6mDZ;aP*pU_TkvamUL0uO
zJcM6r$46Be6Y9aP=D=&}t{_uw7uKh-9B$>X6$*2&vH)w6a6k4+V`G6GP&-=r6&HtR
z_Wk@ek&0E}u`(=V%pv7TJfdWhzbIgR*;1rt5#tu(9c?-*LVGvv$!=*NFmrlh{5yN?
zRR#K(Wi`vBq~tO#sJxJ?zIcA2aD%gW1yc|Q;@J&m6v1E#ym$6n6<K&)MSzjK$rMb)
zy!fHoG`7f4mm_OaQ`Bxa0Aryjtik5&o<#jyv}~@P?twCG&;i~Y93H*u9&``7hq)`T
zEoXC1vL9p&HsYrkzz64P$G$7NO`f(=<+ZBu4Bw#$F;=1*L;KS<m7|Mu3)<14v|K%I
zp)=+BF?2igO+kKBklz&KA4ox7AsFBa4N0AE+f<P`tXt5LF0JKCavS|A*OD~XpD#>J
zdcZ^Fy0a?$%kIulQQ>ByJ$%_x^4f~y?~|^pf|w9bk-zjq^p=oYmS1Z1x9v=b9I8z&
zW;I^RE^%Gx02t;|9CJ1_-h+mERSqUKyFHoYNmtFuopT|X__v69DB^S}pV9I(mY}zR
z`@yBO$^lVHucurS>ycg3wx0NMXOfl5TxV)2sf8KG(X5d8ysE3#z3N=j^6IXxn&(FT
zXT8x|DPY*@OX*Q^tNY<5G<eOUr-rl32fW6v7P8AIT=oH{30k8Azkf=BZ<!$)xwVqk
z@N2b2JbOEV?G(x?ie%gRV^gQ|dusuFu)_og$tEWXpUPj$E13m`_3o3BpiRC819kPh
z4Nl8d^Ea5r+s@z61oz)If5R7-${-ynX=0tLzshL-d&kojN%z+T(WMtdKJV;<jy5Tj
ziDtmb*H!-6G=_x~1)|n>#t#GfKbYja0qC4YfY1O@zzI;JYvvhPk_1Eu1>zHnk&mZK
z06_|7*D+qwVoN*ELNbA&wUc+N?p0q(YID!-cyK+q8DGA;8lK#|yE?5rx;2-iQolq0
z`=Iwd`@b0r7bHMG1el3#OJb_i2kJLXWQ4AuYR_Wm7HvDbQ=`Fn{8d~<&J$fm@0WVl
zYwerJrD9ljx3INKuTGfKW%7Xn2TI{@7C2CI*j(~bwE3w%YA!5-%3ruB)3Mt*Z+4aW
zW1KhFVBEr@^!Vq^Wti9U6LLQu6aN<Rytb%(dc0CDYX|vpPR{CZZeg5%kCU@f+-nWB
z7|S;$1FiPn4?FyibuLhgbqf;k`<x4uWB*cxVEz1_UzOLc#g3%l87^O%Z8{5ni`Ct8
z6?Cq3B2sL;()PF6O_2sp;Q;yY0Wx8xfY-}`sbshKRL-OO%-Z<N(r8V0mbHC(H+^)p
z#Qv`y$%j32Sn0fB!~UZ@AuI8rwGwNmz?5ckJCg0r*4o3ZG=`g><h47+TXW2E<ejfP
zOl{BiRyx~jF=#w4o;R1$@Ljw9G@T-~$f&%&sPRx!TOw`kkFMl3)niQi;L|!IXt~k1
zzkE2r*IPnBSx8adJ>S}@XtXGrCY14Uea}qeYG0P&g7qf*-fGjV_Gqx;STL0brvnQV
z;AGJU=V(D_ZHkNxC&T|jXIPlhIlC<V;CMn>G;A_*N`|`4YgeUpj5!cOyeMUxdxDv^
z<*F01oy$XC6xFJtY68B?I%sxBwi~GB32X)JITheKNSjVn?fzaNQGiLLPM2H~+O$v%
zyPu=z7=?(Vp#I#k4z~rwus{@zeHd;ER>81F#K_-W*3LXMuZ>p^z!<+52uRcicZZt$
zw>S#=U{r>9$4op9#c*Y!R5FAuPQ79I1M^n#c0!=4aJG68y8W_aqY2fU(^ex@vi%N)
zE4*%9=!^YiKKTFHd;9LjZDdb){?@0!swdla#*%DzyL+zp=I$!CllYF?t+m|A%=YB8
zAQF-gQv?Hmb}Mn7&;A^|ks!raiBj8+app|g6baym0t!`yLKT3HgBW{9+_ZW_p+7~%
z!y12@WRM*>tFvtHs|~D}V?(KV+8@SGn;&4S#Z@OvtWqcR>|aB~(gqO52{lLVg$^J1
zx6C`WRh&(h@_GyDuF0(4nXRq0+EN|Tqttag$l?s_R<nhD0&R6}+D@ILW=L>WfBy1Z
zHdZVH95<U(PgAbPZk^5yLDxe}ozJh<#{T~P{+rjY<$w40_tXD<_4@UzzZ|?i+CSRg
z-+z5@^q2j^{a0^a{RQkd4K}NUj6?dD{k7XlgL@=JEVJI%trHR~D4xzZ`0?Exq-YPE
z`%bqt9Gw2MbAcV?Gt@a3%M(v9qQ{^==%4&>);a9%x4!QE@kgtb5@?htGgOWREn94<
zY5`)mPS?!6NSzfQvj94pOJ5-mL58}Q=5dlQ7j69NHx=g&Qa4sU^?8;2xoutG5MNy^
z?f41Z^R;1~FbKLg;TTaLam2cq^c*q|h>v`J3^c%2Qrv2RLKBd2(TG-~Elnjm*<Y6J
zq>qgK#ql=<JIx%?DN1SMg4F{Lvy5xDtM$x2C+UJ+yQj4c1%Is|TE4bhu=cqZ-~&S{
zU3Xjyz&?Pki{-yL0epr4ba)6o5QJk7v)Lu#R|vX`zUxxNn6{z3027Qn7mSfd?!Xv1
zFqD-eyY4&ec|zC-z!+hFDnyh3IYKdEg!o__a`8o?KFq+Fk{cvD#>gCjTea30AQSM9
zXr>+OuV$PF?6}vPVm=GUV)T3QbhQ7884D5X9sT{yo5PlpMie!n7tCO44s+rm3OVY8
zzP!%WLB1=!<XMz9!AP}y5ujsm;)RSOdOm0gbyxrU7+exxz?1pZ@1V~C^gIv{m#M_*
z2n;#oXcBru#Kq{(;H?})Oa)QYa2q-x7fcA1wTUkoyg_0}#J>rjAqocZRV&#9x<x)1
zqY0t1&c#cL<f+bL4=^kw6!B2jr<x^TjDU0<6Y~IiH`195Ix}5AwtURS$Pu)W)pdoA
zn=@CU(<94$q%cN7VEjbP7G2`O6$^13(kbG~&t$1;$rb|QYPQxOQ-~|gWT2UgzgQ5~
z{CW<#Gc(LNn`K*wnqkymdW+s@DU<)!5c{H1BL5v7?Wg3wgEw#XUq8!#+b9oK{<G}d
zPf_+;7WI~8q&!h;$$Ga9`ECudZWXiQ$`YO>-zBAytSHwSn|L8%-%e!`$$Y<kL7@9B
z^q}t`D$|&ieQ-%!B(~zV9vAdkhO+doDV$8OlW|icT~Fp0$%&tL1X3SQM%>!;ho1F`
zveaEce~Oq1YMb|aA;`Rs<h_soX2k!pIL`-J=!9Tf5!3mgm{NIlL?UzrjFISV=9(pc
z7j!djBDaTmpE4wKQuikl>|?$#GF{?fVcVG%tkDDICz06?^;0tz*W%VI^Qted41na}
z_)aAjXmPZ<>#o|u^K}Du%nUnXw)wqqW@S|pS7D!`)>v0reegri9!ks1P%?F;YlG}!
zO+!efscF?-%R2I`A3lBkFh~C*bHryTWHj{9+A3g){&%>4nAZQ^zTSVf|8J!<rT?wq
zR~65)D>2I~_Yhl|oD&~&La{&XI)ox3Sw$~WF$alCN;FN)E2Jh_reK;YZ5fJY2@pS9
zBbD6LYmAlVH15@9s|_g1e_i&3Sb?3!?sKWlGUr%heXTOTff6JcI_8v;Fi44S)u*2H
zN(eo)E|Q!{A*(KSnS4HO|8th?{htL**nLeY+y4)aUZ?i|ql3e@&-?#2N|XElUjr8O
zZz1;NdD-zdV27dkEutr69zcpf`#%r5hew@#+sRpTI0puBj6KXTVseYn`@afD(9sM^
z3mD0EBHe-oU56s5_FG$o2&9>;cY82K97cizaZQ8~WkzdIc6gx1>BqRQ1{B|74^5GK
z3?|THsFk`1)&VagH~W|7iMlco{h8^@8~th=p5xak`9+?{izhR}_$A_Zgx<tG5D(7>
zC&>qc^V9eN4gJ2%*RFagcHm?1@=84I`-_)SpS{3-_&NXgFbF&}M?Qz%_m*^_Uws!c
zE?-yOrpm6`GQOX4>>q=J$dzvnKOciPM@O%YS^!L#tgor+%%#XHLb$wPwO}00%}_iG
z77w~)?*D?Kz0}>lIb2yLDB1rHUcWs``Trg4@4tE8|F=;Z*8lS}u|wD7#MZm?(p^(?
zqbc(!IlA?jy-iy;sZ#S+UwJJ`5+8Lf<8sxb*w{-nYk}~QZU2VA<Q7qiWzaN#at!V}
zt9uEWZY8E-_Vwt(em<=YEua5uTf+M6zm)&Kdi5sl|NZ7@|C#@9qkKX8Z}MKPeSQe3
zGs7G?JQP|ZRf|<}@g_Ei(yO*lU`Ke2ygnlyq&nx$j)Rh%KGvW=Ee5^eQqKR^cLFW5
z|GnKmSUUfEd-Tlzw^6pp|JUX4h2ErpGX7reEUlB2{3|(|M&S&%>1<lm=%aKtwXePu
zIl-lY=Q_b<g}Tgk+ROIzEBUC*6D=d~T#y&M)b>Bih+S%Xp{1&A-r*>r>^%vuBe|rT
z6LIqQe_t8B)#1rn5<toR|N7`~N&h=Idba;<rEGBj*Aple{iUiDkX;M*#blLU4avpb
zmtip8``+R^O6GaaL>UKqiIc}<WAT^zoKMLim-b7g(unTypII7tg!V_Xn?JxEDIo69
zY)UP47#Hn6TiB(n>~K|xuBU(EetSNXsJpy(ERlA#nxge(#&pg4Eb2sV>K!miWC%zt
zgr+*a6xu8Cb1H&c*_^5BYu;4n^J3Jzt{1pyZK5SdacQkRknyuSyxPd6G8c4~#re{l
zrNvhqRs*Jkg@;z0*6ok3-H93(CLX2TF<<`IYMl1JUPl2amH+qmm*W5IKimJdQoi8%
zkDg%f^aNYeOjvSHV3=sE){XQW0e#I&11a>|y)=+&{Lx<;=sa>2Bj37bNc0OC%aK#n
zn7@kbZ`ofaHf@%WZRA{Iw@!1qPEL<lTGTF|aLsBtG01hboYee_BO<kIsVc*IT8--1
z=ZM}y>$a+SQibx%UoVM))w;nP3IlYF=ZJ(>80N&|DjmwHXT@GoBuS3_sbyWZ9yWBB
zrl8dv;qcAc(A49rEPzWtZ3gCY4>ksNMtnjqQek_ohgD`)W*v$C<S4|FUC3QJc6Kf`
zv^`2mKf4sj|2hgALwuv>|8I|8y*f;v|GznSzW=+G(y;trNp?3&$W9SyOB>5sEG?0{
zjyd0+!a2r#E7stql!7v&eZw+-!od7^CHoaz7ZS*~;<u37;v;if(5o}K)h58{H%>_C
zbE7=S9k?tnjlEDZWBR6qghZ=h;6jduoI;MK+8ZMIEHhPFQ60rWcpl(+4|_a^Jw}4i
zT}>scSc|2Cl0*(wc~d#&L<XTMs6irf^V&CH@+MA3T<44s(pG1hxQk<|bY{r8Vc|S|
zD@@;*P>0^wxrrOyk!RrGuU(V-r28#oXaM;Pw4(r{Id{z3yE1Xbgp#>f*SnxC=20T?
zKbyhBqc<#^*E=7oG^kBpFiEwsTH31A13Py}5k4LF$sGpBNhxJ3o~Ptjzk+tCH;}&L
zh)tzDm0tSo1aC;7O68}U!zmhso~QDo$(<*+hk0W;BaHVw3>iu&snNsrP62b9${E(b
zS68}|B1*!qP%;q9E3u*eM~zhMd?NdP)SqZIh!s@WN&Sfs_ygj`NlEx3C|Z@e&H+UX
zaaoz->usT|K(}3O>&Q>2B3C}g8|k}M@5cJ?6BkwPym+}%@9kPu*L7sQ8?>nY$qib>
z0$0_K)cbjWYpo+u`?AM?{j|aLlxVDBhM;5mC-*<=VS_O2rW!{P5RXh3!$3SfAwJ_2
zVxK24<-F1;!n|%Yj5nZ|P|O!69%M{xg_d7O`lo!AuAr7$y<yG_xuJ(>vW~>#{9Yu#
zUdpRgZyq2z$G)6n-&5$I0isxjc_F@Q&xNAb@_Smb_Ii|zqtKkFDYBfYktJVH6E=~Q
zzNE@HJH0JISDA!~;3s+GV!f37QbtHA`s#devNTLWg|fW}>|DA#c9u&O1!f?KBJWH@
zukG$8Ysh^u;Xarg!-D*vOKDVhb96Sb_na6fDrO(y+0U2Mwl%>oy8#{phXf0m@z+jH
zE5+g>iF>&X`AI6bu&zkR*BJrKbL!{@(d${M^orNaO4;*sYN(Y$U+1iGiT{$zB!ZYC
z0Id*3Ao7`0scbL<4rHhzuIS@Zj<5n($g8}VH&hxFv1LNvO*%++KyQrw9-F0}c94^L
za-aAc04D%FJ`Z|wzV^NbJreNV7;_)aanCxgQopA^p3R91-t6xeXUaZ7l>b8toJlBZ
zy1o+{CQIWf&D|}^Tzoo!e0FSs$gHS57k9e8qH##t4s<l@tunzZz9TcVOOkX_Nrs=9
zPkrXo@H#6LONui`Cn`X{f*rugkW=hW!A`;G=Q6k`SQ^;f1#K8|(q3-PnUOmmjIawj
z;pkZY_j_;;oREW#3)-L!I+MduzO-vWidI!NsH8<A*?wO26|nvB$8m1wmc>9Fqz(M>
zM<bBZlS!2Mjf*Mh1hpIJiPc<YW|ki$;_95d(`M!R4LZc1<O5M$|E=Qsj~dAY`)=(z
zL1!-bNWf>{0CeW?v-!8iCG#w-fUP4w><Csa71&AJ>UZMDF7si)W`wsBk3GWp-zFsV
zrEu}@FUvjv_zdZkfezIxxpP&@Oe*t+tjfOtr>MH{3xBZogr!|RZ|QZez}vTPLC;0E
zJvN)K*qp8HEH|`{SolS@stOaVK8m8f>B~&I6)@!U@RcR^+`6|&`f`=5dTXE^HCJ6T
zTbdi0JzAkNtEz_i`jjB@>cXc{Fj86tNNP+C$W2xH$ii`U1^S0-9m%aFXT=meuEW8j
zkz8imw(gn5*sJxRfT=$gojM0>O>cudb6}I+2B|h0@iqXlRV#5}G(F^XwEOzH{Q8>v
zV>Pd(Fu52`eZn|)-VrxvSsP2iT1Q){hIE~|XUBQ_Q9e0Tea&|~vza>GZh!(p8)$U+
zrFzlS*vrZq?(cE~>kK*aZ?o;M-=1Gz_TQa<Iz9XL!}lr1E_<X?BT^sIg-%Nk+A<V<
zJ7MZn48=v`a9Tpy-E3YH_i6Bcc>Vp=+3^2fd>XvJy8d+e;oY}qSGk>wT|e_K*jI1w
z$M+W>-kp6qJuh#rf(Vq;ZdE}jSC)!8{{3nHx?kGUcqC3Cho_hpbu2>yc>($%pCO;?
z3kO+Xbb3qs3PQ9;$!wM~Ev5DIZpo;?kk9mt8R&YnT2=a0$j|^Xc1Nfy^Cy(i{nMa7
z9RBqF>h#lh=ND(W!)byL<q0_|Ne1hERS=vAx^wKC&MCbsb0D(R(%f!m_4vC)gcMU$
z7yp44S7@^QYq?9Y`hLk-&@MM<QB*_50MwAgi-x6taq<4APiOB2*Z(RUnPbhxnrJg3
z#fM=5gR&PzHJ0$ur*X&-{WH(vW&EqDlUrqSkDc2+<_WVV+pGNe1-ObY1{RO!)!E?U
z{G@+<{{HgQyZ5I#Goj5qc$;FDg;f=D!o&==t}uSkcM><s9_?OkZw*)|n_3B3KpxX#
z$Q_c3lYD7FPA)zSug|VN^#_Abm;HD71dT=Rs0UpbME_1YT;??Pt}omA;r;MBx1Ai|
zCS7;tZLH$vswhImH$9^K^*L+o1-QN#mgz@lm;G-q&OW8z%+wVZh_yl6C+$qzWwn)F
z!P;r{?)qZ*X>fJ+-PzTr;n~%XXIGz2&Ido7U9H^NfT9VaLqu;8J;A{YQC35l6x}&F
zySgrBGR0>z6{d)8=^tnRTBo7>6__H2gD5}g3zq9wST1H5`YZRXpEC^A&E*dD>UQ_)
zV&(o`U97#i3x(UoysW1e@4uI9s1nPAqQ<UArautIi}u=_hECpJUY?zZJtu!PEwyz*
zd>=XLjzYcWPS1xcwRnn|Q{L#3JfXk7z&;vKG{K)McJt!=@=UUv^M6+Fqt!}1Lrh+`
zukjrHM*ON{dwu@y?Ek&LtTAVz1{&yZFqM=0f=sK}|Gw{kI6c1>-LBYMtNMDKEpGkO
zN&mXPN-s_zhhBbXUV!&pY%675Ik`ALyS)DN?)>u8yR+f2|NU9jMd5fD`TQOB-yz1}
z6xCUY!yo!rXQyI<U%c<1e!4jS_Nsq%UZLrjEe>apB6mQMN1%Iw#}rbW--ja8sJtJ0
z=HLDZ>5{PDn58|@NJWc#@i9l9JFwl-$-DA*)NR`(v;MM>Uv&&m-Yw67DD`iqa^M%<
zJSwic8jGlfUUXP#BWw0HyYgJ3E<H>I{{_}!;!e=XJktgCLGYk<u;9e#**96LoTe2X
z>q=YYkVDGDU_i+@?E+){(&V|~a<fgH&e=WAIh<Y_(@y?THcMbK$Je{nnG5<HhbM?<
zPKNI~$n{@WzjU0Xhb5l6F63|w8OkzOs5(XGKrsD;nE<^2oey^0*7yj>HiE~zU;6I3
zW3g1e$(O3FUMLsg!h2nXx(Z;-6AueoODJCA{Ts9>e?3y4Vg}I$of$YdeB0gc?spGT
ze&H1tcxs9_MgnX9U2i-E0XIITZQD<}$uX_O-OIV<1-?Z-Vl0DQdiGC^^UGwzO)<<w
zpR+k;1F#BMrk8~E%rlb<_L*sJh-p6a%<b{aD+FDf!!&8)x5l|<s_CZKX0q4We6tB;
z1&ouXkUcQY*#RAt%}(<ptHp3mR4<a@rVidzoQ<`n=oh?|TGTBMPmr^4JoE!0H!Qs)
z>)#q&E~)m`aX>7(xv=`#uH~Q}==W3etAca7ImK<jTww+M)3^UB^gI=`FCV~4cO&Kh
zb=_6aRXBXx;0*!AEZ_Uy;uvrmq7?vq`P&-L7jZUp5og(!_oKyOHftVEw6u<m`1kC1
z{uy(_%!_2w3sB{5h^e*y9g)PBb?=IpkDI<GQdaMu_J+uVyCM-$N($ZY(s`@nK7R!5
zj@|{kzlMk|IsxRf_8w^K9ZXhW627R2w&3S7DyFVHh<E;KlwxrFjR`p9g7&!&2z3z!
zoB%~#v(CVRguqA06+f{6Ie4-F5Jc7NB&3$;v32A#^~e}{mR^;7bvNH}tjLaF*uiQ4
zy8mhT{=?PD*{2Uz=efsn#*r=30*}9Pdtb5t&6qbQF8apBOu&|%$&YQ2awOW_wFb07
zhdmqApg$Zw3U}sor?dL|Q2p^%_GZqUhDH9Ll?^OKlPTIJH*_AHS^s)R!376|8M&-X
z$v+-k+60yLW}d}kn>iy)GV^U54;Hl8z^1hQL&2<;SF+G>Cm0gv2Jtkv$W4xxJ1+}~
zyq!~xqBa|#^Orcw$ZUHhQVUvspFwD)mTs2(+cMA=w%Wi9_%deM?A9OZB>0n<>ndm@
zR*=_()=|(;p`)y6xytG1N@nQgk87#F<z|YccMEor12+|aBdUG1$Qx=FFNXwP&3s$S
zbQ?L+C09?4oIU9t&0&xs<d>7HbcI%1ood-7(Zs69N(xGO-*YU`6$0I?-d*l#f540$
zS2ugh`|hWh9)sVj0IrkgJC}Qva;~yTX>{qYnEANqUR!2%soi=6F0|0+Sm&dmO@Npq
z7l-p>@D9xhT~s?2VE8w5fyK6++5@5=5?WV<57%d?mW6pkOf}I$ea4zGV=IR_&VTVU
zW*qy|6A$8f<{U^Kh(zCV1w?+AoDhz96fJfh<Q&xI_u{WHUL#xDN_3s0og5S?CXuu;
zRXU}y;a?%~025zX>687a@`W0|yBYFNk%u^PD;)3?b-=3042F0#bfDKr-KrvsN@j}Q
z#^0H2X;B98bQV33MVhK7WJ^ggRaqtdWQEjcISp6JK2(zn*=>2LG|<I~1J{POob9v*
zDm#@M0MKy|WABKYmH{dBr>Mdx$KNLzy~=5wWv^UgoW%?rN|D|EI)1vL@wS>>btc6M
zNkU8cHAF0}J~B?IIj}50I>x_cUOB6LfW4Gb%1ZyanbBk=iKVi~vQx6r>rv}E9%OM^
zFst42o`JSHifX5hrZP5ti^A4FzjS8p$59IMzu!6?ldN~W1n|ZA-}he~y?L{g|NYg$
zbN=^jl;6Kl{&zc#`|W{A#;y)*S5Cy9nP0kIGWG^?49Bj@R%+))lA$kU`~AK6%BDF0
zkCt(@6y>@{zi&EW`ikAl%#yvL!dWA2`jRB^0(@XdWqFEg0oVu7b+P<6CxFiofDR9#
z2ZC_yVK%!Y{0c#L(RW>n7}Hjm7hr;s=Ylcv$Q>9X2Zpk8WY>L%Jx@p^0T?6fPlX&4
zAV;Vxj1V7;LoU8Z)Q1@uQ*wi3#~7I-aI2Ob17rgJ5ly&b{nd=~fF1XGQ_N@KSd4xz
zo|X1LF=HWOy`#Usd2`qTaXQ~F^nw{oO=X??5p_aeUSH@S-wlXLzo?_z8A+Hg0(1;c
zypVB3&j&4`80&u@gG=HIcrp#w9rQVXo(BTrGL>%&fgy(+O+s&oxETEzyp@B9sUV6P
zZbJv;f(fCrHt{8cH%JVL_&4D*M8P1wTOgZ2x5x)$G$B;hxp+yDT$qbJz_5^5#6wx1
zYL<X80@6E2%me7%NPivZ%yj+Oa^o2zN6<!A*A?n-&RmHM^wtS|;nm&19K}~*pQ*q*
zk&wqBog%JI^_N=t{Q;-UFJj}(WXP|<zaOM*S}6amC-z09ME-lTzn_->-t516^(_Bw
zqdY13Zz)dM6O#RwMZIOos8GsUvi)sMzFR}ATg5WDvV><b=%h4~o4Z&8lo`xzBe;$(
zUH(z~f<X6M=t18>RK}gI^wlMCk=TygdYI5>85qvHrf@RBPKIxMW@VY5CD%mWQOb(&
zWGXThTf6XU&-zXo`>vorMQm3C&ilO_bKaK^2JZPF3#5>K>p(jn6ay-(D3Z9V;*P|1
zGa)URy{y-9W4RqJ{GK71y~rf{HxgjtVR<hyYgxB1$`K;7N9v~rjk?8MsLc2tl4b#t
z{sueMxvIq<S6aC>maeaxvhSkrT3!X__wp&2Ra0D#eXLt|QD*hV4?TN~ExSgQi7wCN
zWoK)eU#d@JtBG2MnP+|UG3%qxWxFL?|0f=5NcaCsx&D86uyp=&bolo9{AVkrVf{a1
znPcd59g3jRBb0i7MLd*H{B7YuGeZXkaEv|7v8g5gKuZqA)&X6Q)chZ*K_E4jIR`ZB
ztH${aROq1IIbHz4Cp_$Ppf6<t8hYqheW21hhzC-lR9iC(`nM2!^4;Tazz#$6TSQOD
zJb)B|_J1C9505(gwkK!S+z@+PJTG>4wNHX2FD6?uU;`Fd6H~~zFu*dGZRGjU0WSlo
z3cqY+dW*>4U32wYzKRi3FW(|MwqFbxO4cH$TKq!wsavRwh=n4D+4^~9=gYXVym@d~
zG!OKZ<fUowEN?u(lDq$pvF~Dk+JqQTvi~0(9W2@Z-y9x3@BiB<+ur}bRnzKO40u{%
zfZ!N99)Kn5)hCSEi;saKddO#l;@?!}o14E2J+{Td@h`|xHmVLtoE-HXhlIXLL{T1x
z!2Tq4d8W<;dDQz_CjZx07MoH5i~0Y-;r^?GwEp+@?fx_W-$rSY|NnJH7*817Dy5Us
z20L2xX@&t=er5&Z$p1Lh+1irrsW;3m!z??YSq2^<H(?MNFV*Axn`VjogS()8gBESD
z;}GZ}=Ag1jJ5hKQwv>b~c}23|#a+<WkxPEmcfC#CsLI_iH!72DE<MfrIz76{T2jC6
z*63E<ishNXaxUM3+`qd^SKT?q^S<YS_P^V0a1X|BUc1OKGszrI_=GRds@-J&vNLC9
z&&O{7g}&SOf*HIF=h_cH<>~&{jLdXmBDdRC?<%`w<kpzKGR%Bn-8uASxVCMtk?h=j
zxhp06^<B^oD7nQha(^^O0P+N&olg8{K3a~4P&i3!nt3h^a*1Uh&59SJOL2DUa`}VM
z&ps`!$LOcvZa2HdZ@|(hSF0}zOHhQvK0>n>-!9nkQEuk#rK%tD>`O(W%AIzp_wwgk
z2{&%*85yiU4eii!l|r%`(&i1S()NaW=+(vQ94{~N%Cr9Vkn}g@=kz{+zlNw~sG<QZ
z?@iiIKs}9uFR0w%OE1ewh<vBquP9#gs)1y^E7X^@naLNdA5z`V`lLdO(j(m^{!0#E
z$Vq34eChBGE>8P{2#LH-3^0Gm<jriu0{~>;PJ9j~glgyTh__|C?KH7B03e>E@F(_)
za^$Ih+EELX#IEf<iLe+&^QzP7Y=&!e*sUYLM=mDMY-CexM3dfFkTJ2sAw|qZPktH)
z@&IieJ*k~D?;>YR{d!z$-WNh4Rr6Y^rr9q=j!a4k&3?(~kXh~LwQly$I^V3sOhbwj
z@lfJ{IqpScfBY5uKVOOe?^(etml{w5l|K^83qHZMH@|#!uoyv)=N0_Cf>&I@$tbQB
z7Gk+9AeKThyl`Uu$G=q&CkhwzSJqPgDix77?x?+xi`#y_KK~~!Ire|K{GmD;S^F5E
z^!#`KD1HC`)$3>fudS2~o&P2e*Q}G^qI+NF^sdhJuYyy&$0QqA0QEo$zZzU>=xSWq
z-^7Kkm3s4_u5t-|T!ueQ&a!KAgZyN;ycE=e@1D+HnaTgT$2tw30hh&pd2{q?$^U2n
z+5cxNrD6VGY#hEep-LmRAX!#yju#xu3hL=lp5X?%q#njKIZ)IvMgB?O?m@?aZSd;N
zQS_eqIEzDOnw<67nA}0)4dnQntZgOgjJkhwO6Cyz@?FC)6F)=;9_n=b2OSJWbDhg{
zFSC!-Ga}#UE<?9ojV1AP)E?tWYRL^o?iM?SXkT}~V&Z?|OR1YgBfUI&$pPApD`}vL
zrG6BQ?&>{jrqZRp<`Hf6j;>x~Jo?eJM#@uTiu@s-`p7*I590TH>{&BJtU9qQS2+x_
z8N;KK=pK=^Cl#y5W08qR<^xV&^Q`6_V-rsuu(ow=?X-7_oKjsmjS^CwG8uWSyOa-T
ztuCm4Wp&{nXpzwa2R1kcs<MpsVfFxQTFSKKzwQiqb3FA4Ma{NRBLD3l9i;XDS4VGO
zKg)mHC@;VOa*n9a04G3EUma79L+rWOpMn57H*ktrxAg*C&oBcl4CEzoz-Gwvz|<pS
zAaAc?f4T=K@*u~zNGANSo<rYly#PL%s#s<_0Ywx18M)vN^BMRbyIt_!_ZEQo@=MVr
z5FiRX?4xe0dpi6y<b<Nu3veRW9{BNO2wY5At2@QKC;wk{zttW8Mtk!A&4byrC;rd;
z$!`5#T+tXhH(>xK*h8%Kb(h@*t*^Udc+>j2%jZGs>;JFy0{jRmCLsgor)R9y4Ji2q
zIlR@yE`mMv9wom#Mm^A4|5s=I(|2dxx!ZIbh3o&-o5NSH4pZy@@a=Q_&+U}|{2!f8
z2f!fcD6vaBCl3Gb1?Y7CtJQj8Khd1P1>*(yR-N>;TGsD7#<g)5$e@UT1jq;K-Wwp&
zYrmt|1M#63r=`5{$(=8qA1Ly$y7;k>{tn_5fPIdp6!S$F^iR%DI}Vu#9)>>O1DMC$
zXhJB$Qy<)*1=|C^5bU!(aEs9$+XI~9=@d~WD`kR_xFDd!L2gI|XKQ_Ye=Fo-bO*@9
zg8cK&jPu~Q*SovBv%Rtio$j_;*A%*F4(Sa$)|`<{xKN*^RwQ^QW?6&Q1=llVqBjaw
z$)k$ET!oECt_f*KCKE(OU7}uc=c}4{vH~$A(8q{LJ_|x-Vj0eXOOSFm!Slcqqq+ca
zGQl2Je3(!nUl7WWXt~>Jy?6nxFaFo*RjV}`jU3`L;-Quh4FL8Thn@%Ki;mVC0CDhf
zuSd}oGfo$sgRV=Q8$^X1sgDAk8Kj)q=ZB-wNVanBb4uLMk(UEoa{T1WU`z;SoWg(s
z2tKBXk%~@fGA>1_1zC?%gnB}K$w<ev3tSX<WFf!;;)@32AeeCj36Xf$gtGx56NC_B
z|M3Up&ExmQ_;lH9*H9ZMk3`ySwZ0=1{LtS6ff_M}5cnvAhEf!eVn}M}ir{o+aJSXc
z(@G5=0}k}T7>P-sH&+P}20;p-c+z#zZEshuJ!@dZ98w6>I8A_n3r<x1*f#?rR?Y<>
zH*!>noOTvFz`j^xn!^7ZT+;>ksLV^CA4G0e-~@8$k!jpF4O5N<@;Rab#SHE4$$^g_
z0HnjLl8ISZS@o(ZJ)lS?&}En-)@pUE(5K*_d+;BBYjqUHSKY(zzW8hKqdMUh3M-<9
z&6rgg3Z2Yb$TjXyC}f<5(yv-iZMjm+WRc_6YF(3P35lm_vP%M~)vP9nRH8@m8XFyN
zb|nf{WKuV)DZp$Z5{1_qF0&Z)NSGX{j-7`}ak!5INZ}lbiSqN#iy-=A7ce9zh2)b=
zRulgU_zZG0iA}A@1#U>ya7*l}nO5t+z}H`2<KXMBkHH0IDk7{N6Q<YeNRF9kN->@f
zKF*_0XnyLsG7*UU*(QdyN;2r8KZ@U99%72-<Q6etW`RAhCO`|5p?n8Fp1foLGDaK>
zxmnBc%uxjM<fqmI>PjG1_p|HCpJ9SEINUQ;1h)?8L}U6*8k-pZOTv*LfJ~lZ230jH
zLl&Ew;;=??Uzcu=p4SBfHH8JaVaTPRt>f&vM3P+ZOYw9Pf4%_UOK)jw>a<$-Kx*5o
zm3wfCm_u<O=jP)n_duEvz<ui;bXG24osYj@G5wbCN7{oP&*2nZX>K^GIEs2col4FL
zWEH@0)QuBy<#G>3?e+*P!ykm6r|he&!U&|{N5GX4OBr9qnuR`ql){HHBKKhQ@#hqL
zoqy!SgRBa4V8b6;-%7b?5ao9QD#6nZ+uby%>LrW%Ww+)shU6YZE}#OlVBnUos=Qz*
zJ?Ov=xkZ#>7cnr(u6(P5Qw6^9{41CVdfO1tq0UFB;Bo@A^U4zNsM;?$8!AyhpXzZn
zOVqD82*DSjdfe}F_{PdmllqZyq5ynU^%t4}Rp6T(fodbj90U!YOn`aW@O-V)NiG<x
z1P(>g6##l{c}!C6?RLK`{DNE3qb2w^Xd$$k21cQ%S!3x|`uPm`m1&0=V2F2DgP*#C
zI9jIuM&PHLZ3=x|_}MpqN1KM9)9m`APy*i$m|zE#O*4Rd8<hS?`qL*+<<|Daw!Rp?
z)CBcWPDM>{!+M@k$E+s>irI$MuI1|0l(FLHjgp;zujy`^CUnxECdNk5EjczLAxD{Z
zM~T;moNDW00I67S-U67J2{K)_fN^95JJR|vhgh11m#l2NdA%_;rF&%eM!ZwKC+mz&
z!Xsy7zitso2YUwEsjPt#x7_uJ1HF;zjSS0tDve;NdDE9lp_C#xh5Ecl9xE%G*|Mo~
z2i-z1lr|}$S4P8?!BvcwmmV9-F()~1`mU=zfJ6_BwN3Q|xp7d(RmbM{Kk|BGx#EoM
z-q_yDjdm%gH!g-#pD>P{cf^g-Jc}LgOhssnUjTFBBCsQ~X;Csp+HN;SCa9+?t&QBW
zW11KA3UHCX8}()aJzL(+>W!{O^yWm@$Vt4ML{H)q9b;-{I=dG`yvEpkY%>p`pslA*
zR&OAkDq4wIJY}2dis=pZRcQY9&+-0cOBS`ZvgH;YrwQ|+mgT+N{;`I=^|4x4A8IKa
zPqoOU5wuH7jlc;R__0`hA8--;)f_%9je3GI0b!VveA;AE#(cDSAWyE`gVC}NK_uPA
zl;Ln%Vm8m942M&&gXi;*tE883%B0T<MPf@szKh%kWH*0c<sOU<j=HbA`yCgJG4wkJ
z2OawQ$P!r;Wn4T(EZdA1)wDzz^^p->?%)Ej89Y3Ca|~g(+l|g&eZqA<+erA>19$=$
z;(JQoi-aOkkD&LTpe$=;_Kz`Tg3$9+2DKX8Ond}Xu=x!_c%tPVjLs*QgbyfU$WJYb
z6lIFfLGQsZKn|WPY_e$Q{_S9ST4h;Vw|}&_85)PhJB>w|36QS?bu9+483|>=Y*0@J
z`*W9N?cDxRP$nl*>9QaP`i$YJ4`3YMOeZ|gJUQ-y_k4!v9cE}xdO>jnpyMDG8ym)+
z5F5=IBxdUL@lR6j!HCl^=a@34OoM0nU2rZhM7UyYWuD$i|78=U?oV6FC4dIq44zAk
zQjszZdO$p{nQEmXWtwx&crF!7MaozQ*B^2iTYPk`4s~MJ`#;mZ-CVf`BQc1d!c1{1
zi!ymaKn6EUljoU{)hHF$%w~P9x_J`dUV58Tm%s{UixIf7o&w_a0880B48VkvxstzC
z*VJVW-Oag-5(7O(%&C~VeQ<*oV3Y_bJQ6cY#y`ePCxvsn>YZeS;==x<JEN>vm;nbe
z)U8UHt+;_L`}9=tV|uFP9*mYkgvU;2S(MqFhuSk`>>?<WD-mZ>W^>MS&y=x?mH^VB
z>8(=$qiGs4e1|=hW!1a~??~wLgrB1Hv5{d8<Rv-;T|qf@M-KV``L~!7U*7n<g%rzE
zoadrS1-qG*T&ME+Od=!C&Pc^0@`#T{fY8Kb_>#8_9(1_}iD66q*h(&`E?fA{j1r%O
z?1aqcm?s?ShKK{}4e5)6x%7_eg1+aGJLGEn^D!6^Ux;4Hl=%q;fw!>!zN45U@waxK
zlM)%3Oe$VSdJ5&f2=EeR{BS;uhhB%E)2!_tT!!;8qJm%PZ}c@`DLKyIElSYMt`}Sq
zj*h{JbiWfq=2RLCgjNK7(S<19U9``g2-Z1z!n@5q813gy#3jnW_)`64+6-_Xd7fHt
zN$=V&_`uL4^pxesy@kFbogCx07~*1&e?DQe$~_p(7oV)LOn9{_CsXZ<I4E}QzfU?9
z>W`Ff|8uEd?!oBj^{d0e^BEWOu1BUn5XK8m0`9>DnF7bdLeiS)cb`|m%B9Mgrl!mZ
z@qHC~BGVN>IcjUlcx2kaGKLY2y|(!bi65jGy?JDhz0{!0DP~Rqah51ULe8FPvvR3Q
znPA!%|Ggl&ZW@X*NlFMR#Icfe9RPji$ZzHv(GxCJESgEm=s-sqYew!f>Q_w<LyPB9
zzm)4UiZY5zy~F-H#2B1r*k|s6{z<MB58Wb9EE_h16vfx1o=?%LmU}Qll#=CBGqAMJ
zTwos!Wa!bH^O<XNXHV!Yl04W)Kt(GBJ0{u{p2(Pb4Dn~XOi`)I%{(%_#&h&rh7BjG
z$-EGqX$tCaJV%VfdGIVi*DK|ev6GAzTQv2BLV4I{0_8oIRZF>SCMm-Zz0GhGNY->d
z0MK<QVhj+fVhd`24Mi+j#}l@6HCrmK88QDW+@GNw_}Z-Lr%56`o0L8z{`p)=N>$3_
z@BDF1R>%R00^~=2%~BwfYe*hdP6(YF9q05?yfnuCpWRhvsZ^v43nz6b1A}M6tXnEl
zW(*l}{SwMt5yH(_qp7(hk05nsk+>$Q)J$-SCtj*j2K#O)Wlk^EDZkoN<U-&?Z8guO
zcBw&`;I4!+OFo*<L|UU%-Df0E>T^!<IOLf!_C1Jx7F3WaOaPoh>@%L)Zjy}dxn!1F
zl=%*OJXfo^*Pf_qTaj-X7c;r>t8mfk_rJ+i1VcVUJ~v0s&m~c+QpTB~!h21|cZL)7
z1sfT%2o^TnOy{3;sYn^_u`&ydpp2B0X(<1zUI*6~Lx6mTE}kO=)hiXPGa<!gu3q<Q
zga2@Kp=4%Xr8kf}icn!xO&{6M$GzT+F#hp4Ae8^y(*k)HoKK<)8hcSZF~Vnvs+z5w
z3Mmi!Cu#91Uo)|@%qisX6zA_VmhX(rRp4R@Cd6}}Ph?gp_h6Kfyrw5cc9f>fa0V%I
z2NZb(x)*p%A;s|#+C5OegFw9iJo5(Fkul{u42fyakt;KPJfF@K7culxc?6T?L@p@9
zW^)zxzGS0`P65z7;EPjC!L9sEYBxO>-S*gQp1uhX5cfev(|<svJRU$y8HRsD7kHjY
z#7H)qVP@_B5QvX}C%!WFXF(u74<^q?X@#YHpQ#|0>6*@BX^c}inPBJn0B!YBE}IF;
zz>t&gk&omqk;~1@8$yL7b0}0u&szY7yh(@2#MhE)4x$`Sgns$#!dXzNQ6`{hg6L45
zfSurAhG>@W%uh2UWn8UdDg%u8<Rw!ikzWE;8S)*(0EOy{8C0B3x#+xnrdXAIM&|9d
zrg`4==J+-s%(w|Cle*bAhM!kXNvXEah++H=d#EV%%sn`X2V45b`m1M2doDF7^AEHr
zBu<htH)!!powZ7J%AE9zSIs>*=|3-<=1N7%P_K-cfqNicF`J3Jy__J_6}lzb-Y-*v
zK9}NBLYZ`c`T@mrNEgke-Tab4>+|Bfua`>mOGbOoYg*gc6!E$xf$Fk{$`1FWD~dyL
z?Vzc7xCiEt$>_lzg0A>)x7%IE$`f}yBgm_Plt@5a4cmRzyp{=65|t^h7J&U<kfW28
zoXFqb!C(zYnTsv~DVY8+h9|XfWkS;Trc#HYNsQ~4N|20Rpis?WP)@0Ay&|T7yfBf4
zdVPEqA#oYqyau7}!I}Q3yyH8{*A2PK83D_j{h3*}D=o2FR60vQE2P${R5GKt2DvIh
z!anBiI8OCasoq33d-1(aZUpHxoXbqz8!B}m#b+l!K`;MMOV?}SDM!H+JtHg`HzW%*
zr_g6m=V~YG#e1&<Nl63M2z3umvFxFkO=MySrK?!0%jHd{GcW1q`H-RoQB0-Ox-nqX
zMnpp&Kn^CDG7iRsG%4b)K&66kcXqw%wQ6{F#1<^13TzpT81fnB_*U%16GG=zd0rhz
znXwo1A?dZ0S~VsTusm-0jGRzs;%{zd)?yFk(QnHk*&)8aAS4;-XS}F%xDwTC*^Bkz
zmlIMd1R|Z_?j?)FS;&BH!(7CW8=7*e(67szG*uQ|p3yrKlK%S#Qk>ocL~d~6O)DUd
z<k1F(_997kyNObZO8W0X`E?i#N#2QhkdWlIf9Bu*2s4f(^6FI?5hcS@VnbGlHI)p|
zl`AVlJo1UVQbxec{0q5|PTp1AYL}vy#v7GokBQI<lq`MdzY?_CRI0QqWkS*$)n@Tj
zg%l-9tW$54!qrj}bo?Kazi}s2(V3**tcnew<w2R6V@0QoN)xY+2wnw}sBc4fszUPc
zE%Fg#14_najxtfb`s_dPEg*i5MraaHHc;}8{0bn6eI7&a6nStlL=N%Y3=-ahbM+c<
z#e0CM7u8Mr1j@$CJs7>p3TajVDL@nxHy4blcOYNeCYBh|K}|>;&k+fEF(!49o`ih+
znC`*oDD%ceKBNi6UP#gPj3PE8UiPB82j8jJ05|V#3)DRry{QR_g);3;8Kj|l?TbJ<
zD1}53ba6eF7jeAgx7%QOl{j7sQWch0#PL!nn=X~sQVLQPmY2!#HjE{PRL=2IkgBk}
zY>u}TOsi0-3d_smcv}EfiQ}apRbhE~9B(_2$~hk6kn%97A>zdx&;E8RB3@<NLky{s
zh*!w*5-6K5m1MjGq)H-QHpkmAmKahw$4fw}B;w_8yscoWzm_VAc)1*J3!r3j-da?u
zB;w_Aye&a0rIJ#hFKmgk+>UpmPn8mKs`UOe*@Kn)r_tky-w?)1hcOD$RbopiW#SrA
zY9rbLrW%lj)|{ze^wN+LGi@70ss_o!6XYx$5B)&MP1RGtjN{9ty;a&;l|Mg99XOBC
zgir(s1#rSqv<RDmL=ht)br9>yD>qd@DVuoop}MQXD&bsLhNuaNqF+PAIP1>Qyda%_
z3`xF@T%g|H7No<YH}95i<(5Hmg0MuZO+s>la4UEWr2ToZRvSnGD5RJ#PKeLZXI?72
z#$v1fQ1%*q-hwM-B}F|0(u93aNtl1Aeh=jD;QTZqPC&L35=zQ=`^&p++IdY)i|VwB
zs1$RzZPBX|m2x4`(C_EvlopR|BE{G?T-KwKgp@f0GbY})Fy&?Wr~&Dc_*aCaQ|rt7
zr1tMygSOtpgPuq31{B|74^7b-bD*bv^%SJM-!}@clA@jqi6O@!b0NS@u!p*Q5txc}
zHlyX=H&3j4FuDqTp{brK`EgVSk^=)c#vbMvv93!=yrdMQrQf$P`|iQ$W4nKG(f+x>
z19?Um?|T@s%#>_7_1aE0#<QNdOeO{aP}SBvo~j3%q8FEl-w}FK-z^GH6bfHe0N9L#
zo(smvqyx<e2LN_rcSbWHmCtS~ttHW=^TA2I6ZJHt^TEmH;Z%m?!7=jcovGi0cQ62C
z0@Syb6N<b~%OOXT&|`?NjUWqBxpE=Xb-~<BE!p+<<ByhTVXv*mOC?AFaW85Ts+dX=
zOXK9J38`O`P!S}H!dt>s8Pa5eeasgFidY2~qFg2ppsol6vZiFt?P#X!m*Om^OPK~4
znQ)a6at4!*oYk(82r6-02Ub2LpX1I(aowBeMUZ^rq9h($_Nfj@)RQI?5H&T5sS=ek
zAl;w>TS_4$$uH!6;wXY;H9S?zs*uz;6<LUiA*t^pR8`4T5mE)`wW#VELuJOGa8rVe
z;i>WsZLCz{cw%&i$U_d#$)J)|?`1@i;;puERFxoc;+cF@)uo5)_@k{uDxY|q1jHlL
z#W0`<x+lbEoI>muS&{`L^$}2C0qZjfQF8Pc4pVPIhZ4rXf`qZBHJlTF3iMH3$0c)!
zebxnMVm(5ADG~y1lIK){6i`g0=I24imQsu6KpN<efc(nNFpi)zYeeSGYr2Z-yE8*>
z=pkAS4lqV90DS;Gj;Jq2FREn^pzgE_+Kdx=({4O!V<ku&(K+_zy7-<#2Mx*()#YU$
zdF-4cMfeE0DrcXr9D%8*dlGuyV)Kx~z=a$QIfWce7p0N|NbgI=m~X2|OxGr*hqWMN
zK)NEHhyCdX+3!&WNHpt%x{!1wK-HZ(FSCM+t^}!^iA%4072!@Mv#-F)@4<T+L_me=
z(mK2H-uJM&E(2W`t5<Y@LRELAGn=AVh1Ks|C`i?>k<^D&h^BhX#Y&JEc9B#4R*b5*
z@49xcbshHMm{tYX>i?>cgsgTFb)}+Kn}Q_j*aDtf6K_D=VSt?VC!VgTnOT+%shmA9
zL~pT!Dsk_q-hYH+M18~&14H$F^ZYue>5<Nqem+Pj@L7<8;?&;Bdac3N-)||&cV0&9
zOh`h>D9KnJ*DI9^2_hwjZvj#T8BarUvgnyt?~p@|9T0s32nClWnc)mU*F%gM0yb%(
ztOcot)wPnf)lA4{OD*=`5$JvkJ?J~7q`C(e1iE0X-v;LcfF}_K$tN%aqYJCXS~mA$
zNY$x?K1)TxyH*in2gJipjzJ=J5>O#vlzWRnCT(5xc5`_#VvbjEWR^vxq3q)o^s`du
z>aCU{#-xuL<N#8nj&6~wuKyW|VFqkkH3F%EKonC+Y`L_8+$zJtP$*fR3ex;JAS_BR
zv&n^33lc+&VdD2I*uaDeC|^z*zpVXNSGorr=z}o=ZNU!Pf-kmD<YYY`v{!|6nUzPj
z3M6%%Id3iXEs+&*j{RvYX{Rb$spmzIs&hQEn^fTD2}t_BEKITWXme_I8df`uL6l*}
zk?&N!auIX9453t}a<J;u7lj8uo~(i(3sME=H5-x%hUG!L?8ax+n-y9~^jcfLHdm^h
zFIkZ0LYp2yJ}Wz4x}G5rK%MGbrwTAxN@OL-1#lBmY<4n=Q9dLVj>`cVNGu$?m`Ypv
z!o<qc=r~cpnosCjn@Wrm3a3b#P>Yp|A5Xwgy{rwcIl&L)($YY`2qY+PQoJK>v1LU;
z>Z@xP;_Wn`1~Du{`q;ig(EW*Gj^6tYQr<-QRKmYi(QK1cx>BCV+ktftMt}c4BhgVl
zm8vNi%gTk6gBs$~g{AhsRMGk79$dtyWm`j|o306oRXYt7GM;+T%9CjCP^L-_l+6?D
z$SfrC3|C0!DEsuNT1>BckOY5HibaVEsBgvy>PViZHKxs%dXTspQ7JiGA@KkcUul9V
zNhubHVsdD1K+T6BkY6gMp*i}{Itf@EQn~Y5B}hWA8#+*<x;OJF1~5i5c#8>D8X%Wf
zGGq`b;K)5!Z^Z`G5OFa9DRM&x)wu_74@OsrL!1uqxf-NX<RO)WqzIDIa)ZFbh{gC)
zP+V2jYE;UBln(tYPlt)`Euz7-PJwph4<R#J_y|&GhB<P0NRjcxkSQXq@Lr?cb%RH1
z2v047bYU##EtKLg(qbZ9DJrt{V@b<tr6&bTMwC|9mt{<8=D}OEb|`6}d!MbOC2;8;
zoe2I>-7hAbk5$ybqII(w7u5V4y$M{6#VgK$)qLpULPa2rYr8S}V*D#a=_@q6<>K0E
zpuUyxtwyiyMeAFYXw`8&p^$wETu&%&Ujo;rg7?KUt>H_*`9{V9T#q_}UjeR19mcN!
z*Q1W*SAgqL2lOkz^{AuzrR3fXh4$MBL#)mZpHO_iB3zF-$X^kz#~kUe2-jl{_g94L
zF~|H%;M!2&zs-n;#WvS`T#q~YUp}tK9Re^P*W-=@n2+mm2LsH<^|&JfChZ$fCoEtF
zt|t*2Fay_<2oRXkznX~>n6VLWAWmR)TpJA)*tpcO3a$;r3)}>*{CI(7xEcx?xCs%l
zFlb-`*At2yScdDdh7U}gJ3N^fg4J+6zCeOCa6PJMf;DhGs*r-!a6P`bg4J+6zTkq@
za6P^Vg9%*gh8c{difsfMtbPvr1!4_mjY`E6=j!Y02?ZQX>R%g;I=BXD@^DquQ<@Gv
zm|AZQm+H7S6o0U3Lal;pV?hX;2Uic*I*|wy^KRp@2&?-?ts9Oog=@nB2@As!CjDU7
zj7gaEOxtu+!s_%|H!xue*M>tAu7#^sbizzr8;eg^!%wft5QVADtN9>>)%ju5aSAsJ
ztvarzgB5NZSH*ewgd!Fu_peQbE!>DCRh=I`q1c7VdDu_@!=&7?sSt+MajhH0Fvhcu
zIEIB$42y8p4rQ2)Yg54ttMmCU9?vl2I4M6yTh03^Unr<yVog>GI9DCl)*>6$2eB5e
z?SwaM1XTTbxQ!TxP0_0&-*`fS4l{8*foO-BxSl}B!%SRHAnsu%uBL(?TJpyR!XMV>
z8&4ntVkWL95C*Z7UXL^uVjjJk4~W?KVylnq2}DJ#g6lDcM$E*uh4_dK%*q<)M9l<A
zjQhONFo`w%^qx+n#9UmDJX~Tfu16j-F&|fBffG~9t+DugtKoX&(G&CO^|(VQ=F{tO
z$5G71^~i%M=Fh{&9Z@kC*CP+Bn2l?5u@z&czjk!R>VA4pD8S-sxE@24#c!c=69(2n
zR3mW_!IzATnCeG%n8XKOnuy}~MdLUo%0uZ#&7#)+Sgw$&8g3>r4Yw8x+apu#Ko7X#
zJTS~F3O(7TXc~HudW+SJEoJ@4X5A0G*i>*R@qZ!X$Y-S18L8l<@-~I4BxZV%^T;M)
z#Qhlk9~WY;j-T8EC|Oi+i0_1yBHvjQS-}(46i{KQx=q3XBk8RAxQLKRg$cwSa{rr*
z*$<d;LKhc!j*A_ei>Q!Y-G<=g1b=woC6gnm02-6ft4xVPj+9&72H=3vtEWN*4yn*s
zPZ4xI?4z;(JY`hKu5L4Matvq>ykt><b5D;{f5H*{4*QtRie;xFD&$nR88}ae3KYrd
zTXkm!B~(aMw`n+F^xoH@mL3r?vZ%05G>gH~x6+z(LW%$1WZcub`{v-}9GN}vQjrQP
z#NN;YzhyW%fgK)r$<Y_qkEo&Q++JV}(~mz16{^Pn_#$M;3kLGQOMNO7L@P-T{7VK*
z6~OEgiHIi6!+ARULOvA`bl>~lLX6;d*h6f=IGU?7igT6<%7HmU-b9|V$U~Ox!1)tU
zp(w)5IRlu3fG~!oZIu9|evf#Q_L2|G_Ztc`@>Fc9E63xh!jY17Y~qqvR&bsNUTRUH
zEP7BCD%f?16(fTTH3ugrl+Xh&*;H5|mrf29OdcIh#J;>iAf_LqkL}(V`#m;m@3lKl
zd#@c#Ke^#NfSw0B9mhk^2b~U{bfkj^1D%dXpxe2{uoFParQ>Ob3fZC4`86aQb)e^U
zu#0?-Cm2!jg-<#GWbBSm7j!yeQGfH--v{5Het0+dbb5aEM=x%(^Vc1D_wnW5zWP_^
zt9j=uxAWBxov+@#-0cQa@s5}<SyWgl(ofogp)cWYx#YQjJn)i5g_YtGrKw<hFK@3r
zAu2Q-g+enbW70^)H)s~l)1iX)!>#HU4wR24CAZi`36HwbAj^wrq_deWCo=tpap=3y
zBR(3feDU+CShfunOa$Z#CT_`*<j7;`)ZM;8C}_*rTek$efTB6M)lT~ixFHq)hG2%g
zxpuw+B+!vhy5IuATU{5L2YjJi;`Mv71{I`Ra=;m+JaXWAf>fyJn+^*6(=CHi(+T}^
z`tjtbP|=efXeuO}>Az6PbFF{irEo1&^ZN&dzW>`@4S5#<9(XBS3w3T(3o3jW=``7o
zCnqCSykiCw733YW=+;$y6Kf-v%kuj%>M1lmrI|hsiWG9BYB%D5l94Lhh}%3tp5X3$
z8_W3D`fd!%xtwzk`Z}iLuOSj-xJ5JyMZ^hkh|jQ#sN5>X*ms2>x+7zrS;>q&;=~b*
zR#F%qEk}~~8gxK!?XA-I^#;?}1G(jpDDjntW^NHg-tZ65i9ha?T7JGw_C|d6O<;F<
zn+k8_45>z^%wbao*g4`9J8Tuu`CtW)(G`Q8fRZ`lGZd~KRjXE~DuDIj9I*g8HB4jo
z;2rTXCsM<Yz6XXGYjar_T+a}TjA!P`d&rP9<ZD~_LWS&(#^q&PVZFeUF|#cIE1j5X
zSpbt@1DR-YWtf8qrVQ}9dSuN)u-Knc#Mo8nAsO;?4(USas_%Vo@f{`e+!-ECV_gTJ
zp{KLQ&EXA7M9R=Ls}Rc4=B5;Ad6qn(WDX#ZXCY4LK?(@PQ|zw-xo{d+0Gl_%)i#zj
zcNJpHqJTV{XmIHuHufNhnShzDA!i<7@z*Sl^b_@MhwXNoplsd@zXt>2vM+{HITEC)
zzb;sv_ffo&0;?}AC%AED_PHdmO_n%3Q5jhKu59_jt+QrD&7COlIosT_t-fXpz-BDm
zCf00f5Y}I|)u(X**o=j{=9+B)XU4K^1Z>8_t+8g8fNiW4u32PZb&<a~A-<0sX#%?@
zXF9}PNmM(OUa~Ioh15twJ|#lp;3`C(cp!9EbsnOk((M8C*+GG_c%EJk!H$eVdGu<D
z&sGMTzh-T)d2Bbg-fYU!EnOGQ=~PTvsqX6V0s}<nSOz^~P3yc5LDkK?%-@8P`w(>7
z%s!~etjstTace4h)+TF*PgZNznaL=Ra&3}3@fi9pm`Z<dZ2}CIqKvFUy9`Ik9CUcD
zPIsr6@uD=nrsne`ELCAAuoi=?5ttfR=zcjmmpC_wb}<=ML>CYyG_w+Xb<mj_H-OHB
zVk4}>X2>&v*z(YEm=m#aWpo@)!496!L#{$8z$ueaM=5g1e2#n<xhq;F?!oBbpyQ%3
zhJNSZphMrjEkWnvDPon<VpT<_YBX_1@8ANk89Y3Ca|~g(+wFpZhaf}1CtPfz*y8Sc
zDpD@rQ&N#hlP>EKW0q-5FGLrFo>%44V0Cn&Mze1=TkgT=d~!*+%%kLMl9ZwwB8Q@q
zaIiJeF;!*b=$2!`=Af&Wy}b%LQ=`f1-gL=4U?@dra-A1nCa!_bRQLta)w>tBd?hZm
zt#6@ZUc_1nUHZOR##OVe!)p#*`X1MPcCzWMBCI2c)w>gNUznPCJ0LT!f@m%2J)a>8
z25Trr4?zpEd$aOM-$T%N;*vhb)6uKHRj1n}>drklp-83xlY6k7ZzlY8bUuFeIY1Q8
zk<X#G(bKDx9YS}c@5pF{T}SpbZ|{oJ1&G(g3?mbhMn%_<m3sM$An^;6wW$Ehz7C2l
z0~#h_sJPghwOQLpv<#eu1csbQ*Op`#ugMLP7Y${cC<er9+688bD)L=Gd>wW^fmD&a
zAu7d}J~NRN`n^>NDxX2A4V9E7mX4uQvO4T<^@_hD9+Kt?@sDrKS{D)>rY24Ka3Chz
z9icZHTKB1SB9YLF=Ecamc=c`nMA{UkkI%}{S=TEmgK@xu$|M2z;HMdq`zt4U&I4#i
zFwv%1@KgWl^8E7q<K^E}pwoaNM=lub+X*Ue54wj3K%OH=tvB@HEySKSYssIFqMs8q
zkz4;e?ZmLo=AQ<<MNyzQjOm&t(5=b>#f_<nx0Wl*kVDD=w7fE878lB!mpO|se<z^S
zGimDDt$p5dzBn^znlx%=8Ze8YRI^{!gVKZr)3R2Y#1S1c14da;sv0ZnKxxKYDHPG}
z!Rzk6ZJvyB!DT?HYMESy@<r^BaaWe1R5e4^p-MA`$V{VS8I&qEM_v0+CxqOzc`?tz
z82@TRQ4*uxN2`XDJ4F-hBRhkq7CenpVWUtA{FRgY%4bgDnSc9Z^(?C<GZ^x3F(vAf
z>@B2NtZpf?L07sWWKYAI8&Dmp<QZu4_s*;&Oj&)6)2zN+jwDgF6i2D42Bj!E*bwox
za71-if>ICytOk^v5L=BvQO45>PzvH`)qqkEr)q5|)#6t*F~N$$46O?#ukLIpRmI7b
zWA&^9CCj**PnCjzJk_9-1-w}Y%2M5h6RaSrO#+ICZ;_7}8&EQ?m=iBz#))qM@vFlt
ztUnE<>RL%c!9L~~dZ);Pi`<aP>eLNGc@bVnjyhQKL}=v+bPbeyFgmKp!IDq{M6onH
z6vc(U2Lt)qW--K24)VEi0Ti*kNXUz^+=FZN+BUGPOqGd>^?N;|h|P$Xy=d-%4hamn
zd2e%I?!oBIN>Fs<_A)5L(73&B14=>Q(gYNWpo{CVu!w^tzugQAtHHriP^z%7A`X^9
zw|=RyR#H%^u&_)H);NY3N>vV)f>MQrWpl6%VOgCjRajUa2ipjk8XPPIr3wqn<6xVD
zQk8?rAoXETLj;RCnEmaBM6fzSegaA*5v-7dCD1idYApK%lu9C4HV11Q!<tYkiC{S#
zY(rR9T`QGDuv`wd5ikNuJ~z&XQb`2M<zO3wQq|%jEu<H=Bv|eOuaA+F@}u<cH<ozi
z;qNMS91wqvgU`x_R(;ndu_cr;V+|#>k!%D@Z74%)Zj@S%BPfX(wHcz+f@1cq0im3k
z>*Xave#u^F?D?^OpS;esDwO{?`1{*xLVg{uXI=ZXOd_j4G~Ue_H}wkl{K`<OQl*}Y
za{`Kd9k~{$4WOw3MY|<+gUa)(`~c5*^sPRv5>Tp6Fat&3T09?AI>6(QV+Tav07Ai~
zSlogvGXz~v>^i#Y_0GU*9IF~A3`ytS{$wI#%EHstducGG!~=ITL=kX2jC>xu%umT4
z;6!=7!8wxNh(ZS-q3?Dm8RI&RG52632B{8JY6W^rr=+)L87I=cuj69o$aqTvkzr}b
zcLRcJdBW9SD>_U^MT?7ee;X#g1y|-ugOp+%3Ips<BN!?!lm+^|jAu$p)_xs*B?%?E
zW?lfsz7e1DKU_k!qqj+BrrZ@$-Uv|@B_0*^*NTCHeU9jD-hF6O`?-D#Ko0I^*qKFR
z&t@d_Trft8EXZBg@pW}5ssmadDYY4^Ft!SeT;=j>nepFun{jGg9ZHq(@Cm0^9py${
zdxd@!LV%I<q%#o)3`0OJ7%%L_lLuwRWuF}iE?v9TKK2=h{&L)+!ojFfR)<27><RX#
zMY{c!dh3Mv6FgN6I0(Fjbbf{Nz(Wj-(S%SGGqN?HRQ0AvK~ayd3IW|~*V5{Mus=m?
zHK)<lq0ER+=tc2@i9L_3x9vQf+RG*811oHe7L*nDm0!qMcCC1=r0*Z7$RXNApF=uD
zJd!EZWds0~Hueh{t1q!{Igu7{>>3;_uJ0=Js-CZ$MBdbiuhT+Iwf(%f)SyZV%Bs74
z3ey+a?Nd;i+*eZYHomW<pj5esaG&m^i=<|-k!Z+e9IRzn5Q5Ik;yp@w74u-!=`h5>
z4O)D23%wA1+>8GC^9VpX4W)A)CtxI__sgBq^G03p9iaeymdtps)f$aP4)GcBP|JP~
z%oiQ1r`o?;qEo6p81h-y_!AFw=9_PnU#3ZfBVQ*DKJN95S9a&18~IiDv|F;w2*4ue
z<X=6}msU$~EI1~&D9RYb5MPRmG%}x!0Ms{hqC7kTbFxRHZmacQ;PU<T*)e!8#0BZJ
zt5OoE+ZG;KAa@U7`L|D!8P!y55EWD@kg<@&ta!;x%qE8-8F~qNY!9%|nF$^mGDIae
z5UQZ*2;0*n`~i9MF1WVqW{KMEO11o{x+%!IXOb*Hf3X~vgn^yGk8D>hzVX6JzaU1F
zqK>KvV7@2%CV2ibv~h?%-oZYA?i~Aqh>+u3F&xBW08c=4@1)!MFYxu(KSAnafBN;;
zQHBW^Q^c%yJoSlK?8FB?x-)Z4;l)01#B7t%djpDYF$q&~&(w6hgDlD;!Dp0&Qzewk
z>8s~V7o7Ws5izs}i08@(=dvR+cq_Azh=-<&dqB^$C^?3%S=M?-{FfYXc!L0%OpwF7
z;8gTLhLg-2e%Tfy-mMy5%vgxJ;0jHY4DnGu0Ehc;4u0O5aUQVaUT=!|ER=b-%qr>W
zWg_2ZJ@NXkibpDhC>L>vJ=SXVJsGM>kjPu?0SNxpe|G^?k~uL9O!5<~Ev=GG#OAR$
zMv~#%fy&k53Y|yZERuvWyhnCv1xC`D=$5++IQLd(5n{ew<KXMBkHNo4DEn+Cv9Te4
zv>N(($NFQp)q3#)DETy0iA*Hv6LT>d))y~cfR9&1LH}_G&J$M|V!FA+VO`y6Nxk?`
zv^OJn9Zq_o?;<MG*L0|=up{c|Sa0sOTIZ4hF;0m;^%nL$2_v4RZc~UAD#+!AGHRLa
znXQAxA)kd5F|Z(^%|n1okYaV31<4DbkYfjW-a@SK$ezXFRP-tgTzMny4)Ym+z{QgZ
zqM|0{-rs6{s|G;Ld_#07m%8FVvIe!ln0;<6*ol1YRxBoU;aA$8px_GTy*<G2)W;L-
zKtBrDBw3h4vFtav4Lu*xIJuupG}KjeRHqR5H@Rqa#7M;uq4+<^{9<dQ99R8RfOhN|
z(`xlqbbd|(;GtXO?TJ6BGzmnN05bjsImQSg#R<LsqE=+^a>8dz9WpWZ)GBik3J}$o
z2JmmP52i&(QK~_!S{0W!g_SP?3DCv2*bN1>^-O{4itmDiVzMRfu4s;-Z^T5f(@+^v
z>?X5a&0EOCnmUp0A^Rj=m9r~;A+jDb(37D8)oBgrdyJUw$bCcf`VRUzZF8cVmhQTy
zo;~%In65rjON{A^ZBbJ)L1fe&Jr116ElNCrz!A%t$&5(X@leTefRaZ`;_1HXo^_*v
zqe*(FNhv!gcb<SEM~DRCM`N7LBZQvvALROrdvEQgdZo2m*96RoYoZ(55{OxhQjU<_
zH$u~%-cJ^Z+Ea^H-P^GwR_mHsEYU*W?Gc)&$GZQv^tFB8E~>=ZRmH0xb*?GmNEujx
ziMCAaPY9jsxB|WwysRBiOqm(EGwhbn&|J+)*#Q=XSEcw?sH0~4D%cBdqU*ao>`y3U
zoQ5)+nYFR?68xp7m|I6S+0o<L+tpN!zv_ywKo11dPqQ&pe~CSx2?12q_zng_rp8Rm
zM@kM9i-(0lU?#ZXEGR8!C%Pr;?nZkqbY1&OQ|?#R;9B%F3juxRa(_!~$)nyVu`04(
zN{~%5UQV$;70e+a4RInlIdl{}Ayv~@R7iGK&^+o};wPa*M9{?mO8n*~mra5Ul)?0e
zG0f|Ix79lLqoLH(m?1#qrD~?QRMf0g!+d~ra8fPHyn}(>m<7L3dAU=RGtpy(#zTB0
zR0AXMrYNGb`pFvRFi0%5OLgf{GI`9ht~uV3Sbo<K^vu;>Sz?|+FrkReA`7lk{5~2H
zBA!ge!f`A-af(n+2n@aSwbx(0UCoS=8(gS%4YRKTb&XxF2b|wgsag=~Dt?1LBPZm@
zSOdlPF}VzrOx2$;Jw$u%xU1ht@JDN2C#K12vmyefriE^>;>1YyGHRiL=>g6siWJ%X
zGcq7x$Y)sUp*9;gDz~jNCzb9+N=?Xtq;97sSLU@9N?EcY6*x`o?4vH5jrPQUe)UFj
z<B<RCPJbKe39oM4SRsHF?XNF}t=9F$(C}a*8fimlB-co0EvTU;QbZ8$v2KF<DK$;S
z%aN+LmcErlG9jY>QtpjEi4Wrpr%(b=KuLh8x6qxD4cc9``*z%FbyRPR3HR7Iky@V!
zWjQutYRjtm&_R?-k)9(n{KqOF1(_sLh3c?IN~u@VK?&1#4PyQo#?HES8{c6M$zVOl
z;3WP)@<s7D|HFTvMb5W3Xp#4Q%hHYIAbp1^<9j9|h|&Qh9=SRdj0lC|*2gVrNVD{6
z@uv_b9PXK#bS+clBZ{5GSai6@I{NocM~E#dKXtb!-s(Cu^RWPxdJM(8rY{1_^$huY
z(OSxyUD<ul4dD9?r=fbqnoG%t%k$)$b`IKh;v+*m^}2wP{N19je&q%&+A&-J{!1}6
zF{8yA|1pi?IBBJlQFoXmg<x5Bv_)cbFeRw%M9eEWv)HcGMz~U&yWljGrbsA+){Y7*
zt}IBI`=cdt+R~@8AsxN_kHc5HLUM&vh6;*bN%U4`YoAFYzF3T-3OAD#r=5q48}_jr
zO>ZRkO=*+>=oZlhpNUS~5qcxVIP^I{4o9wGq1Z(Zq^#9adxX-|5_joiLxN5&FBX;N
zQ;|asOc)bYrZDK+^%yq=LV-u7Q_(5oBDNcEAubVG?k$Fj6*Jwvk!GXzUO2?_z*}g|
zUyB-%s~L10qK03qEmoAD_$|TtyVAI}fOD_)LYf1z(_ggoe~()Lm|ls0cjPhNv20&!
z6ykxL;qp)Wr}*h03OsQP`raK}F!`HQ8IIM7fUa0PifRN2x5{I1aQNzVcDJ>0g|%!+
z{{ePhasexNk`f8j-mK&oX)u!lpANbc`AiwNJ)wPmj1Q&aHEW%$VzR5Y>m`pXl@s7U
z4*vdj*BnoXnuS^}O_$PUXqHWEfHCz5QN<yir+$|DEB2#A1UG+Y#>k?j6DGSP|Apt+
zgVY=eyE4+#I2KSo>MhPby3=Rk3H2kBN5#<Xe~vve?#-d-PA{Rs_jFtK+ntzmbr*AQ
zSBq=Wuxoig4#kxUyP<UXm;;Du`D=(M7LvpesR23>lzz#;$g(1jBt@loq6R?FL2PwG
zq0}Rz`oNNQh|H0=qa;MkM_#0|d@`TE5WVxK9Ut9wbgw(N7<OPs4Y1s#mk$Ii`wy9b
zsYk}pivx8?Jwm?j5YhY3fH}yA6ce@w?hu&6g*qfjZtp_FlGZyE2xZ)Nu&8P@8i`Gy
zm3fl+w`5$azh%F5pFaM~{QPeKC|ZDn^lx#!_eJ$)wvl)#sxWS{<corb5B-bVtS>Si
z-nRahF)V*u9;>BCtt<+p`*ff2NPK8*714*oaNKds9Jo(CI@BMo)?#|9g5~L(z!*)v
z=+v6e!~#)gR$z=ga;KMy@wW+}GHJ`+>Z#lXKae{i2JHbBj`ha}lAj#Pg=h@Zj>=4v
zimn40xI><oG)hPjC96JD*Nso^mMndVLu?{%VW{m*au;=QB-nss^hSM*Y}RC?$>b;m
zhEZ7NOX*Eu4$8mbh;i{p%XIvpTm9X`3h$=hFa`qohWMkP<@|S-TV8%Q{e}xU97Cr1
z=8g;6&3kjX)%2TkUY;vkydTcTh}z7Xi|NtP^8@>0e`JX5Wghh^(k`76J4AYi$xpF7
zu5|Haf}POgUC{RdjIFTX&P*EXh{ZP7D9IzeQHklTW|KXE)LRwko%7-{d2(LN98qa0
zyMv3pB@D*PArX-idY(BDiPodsox#934s6Nz$vB~C$&p5;*4NTYEU+=4Wyn!Rg(DC^
zJ~ODIUUXZnLF@~mQ!&Y0&q@R}Y07R83Y0i0n|3H+%sQ90jFEy(`6g_w7|ica&h|k6
zr=jxJm}4Ic0kGRLqT0teuIbM^FX9Qi3z$mkr5UL*cd4QH@kA(m@{o^7q6INsx{=Ze
zJ)xy&u}F3t`_h3XIzXI2?8(`^@ExtX`|j8z>67B3=Slw*%-Nn1)Z|j4$<r(1%ELY;
zkJkO<AX|rHjm!;Wd5yLPWz``}q1*$3I>nc6dR(1`32?u9O7)ma)kOIxB^}Mc1pAoH
zv>u<#L@iGpQAV=eMJlj&#E-y7Xx@|?ix*C@_V5u(Hj*<ZtwtxaUkg<_9y3dGz(k(e
z^*CfVtY`e45bbESsOKWbgA{di2Rf>&FO(y5XF<Zw7)`Oi8#xi>W?<$-NAA!j!enIM
zBk(`Pf8JPD6lvS%A(dy9Njxbly|%HQB7b4!^Np_tDbxJ1WtK<&giv{xEE@Sw(DOdY
zytZcMMO7UqTzrffQrB<27oDrMeZ;$C#9=o%*2z))=J$WMb;iMew~xgij3_Uhf47hS
z-L_EuyZy%>ZN-Cs68lkdH1rVfMV5BMjpfBgHMf5eBdYT2y?%A5Ng(y0fFcJoGZcGS
zG?coe$q4w3GGc31r4Bh{8cy+&8ox*!lD1jpL!$1D=@gJTB3-wYk>b(CEb!nW*1So`
zgHVQGhd|%+o`jxREo#Y~>JxQGI^FX-gnY2P#h9Zp-vu8}r2`gtF9r}pFJ3Kzy=d<&
z!DT*0EJSZE+A0iE6=XzKHBLw7IKjBs$Qi16k=T=^YoqmJX2{7sJ)4biq5TV$8ATE#
zJ5Z%=Ja&&v_gjw%MPTrLc>Vp=+3?ec;n~$*{O9Sn)*plZaQM^vt5fUI`Q`cb>9?Qy
zSKkkppZ?UpI6c3TV?Ox)w13_2g1$bWqe!r7X?x7<x^(wZ&U}v9GV+Mp)l|tPx-=&F
z9ZHBiX3{HH&+5pMExD|q3k|g%L$sUDh$St->JUu%i7}HiFSdRwfkEfaQ^%4%7-1jt
z6SG~7x}Yx)R>sIj6U@~|n5B-hF|+)Ph--vIVEO~bNGx><9WMQ><X*+ZG8a0SYwW}%
z5nJ8Gj8i-gl>j9BH-prTD;3O-Q;5Y@<KY_w-UrAZ&hUhbkrvD(dH}*eH1fK8u)ha9
zdC7v?=&f<tOEe&canFj!DSAH9@hp=bdgF!FoOsO$Fv`scDYJ9r)EbR{><4mec_U?p
zO;v1e&vJ(-jIyd<&p+l-zq8p~Nr%bjOGEg&d!Q888J^CBf^5byenqaB^0Deh4xcER
zGFs*}cJ>qrl+TEm502DdqH7rGfnKJk=wcYeW2-ICZhFvkPrva)&x?jQ<GqY{liwtx
zN|qBS8lz-uwL^hcoe*~9QhAP7{z(%sm*QD|^YLZ>;^O7cE6+)Nim$}10dZe40QHS=
ztqK~CD%-O}Oj6sk#C&4Ae*E*F|Lnr(@_D4I$W+bWVWHlnz185Dggn)W$P#az;pG^d
zGbCPz_zns<OL?C`#_-hd1jOwK?WOm^wAO*X+krmE9rI+j+iLZhJV=YR{iMHz$(|}S
z8lF}&h0rNiqpojHuT857B~^=##HeExTW<m%W5s7a&oQ&7JnEPABK567i-mNfUEQx^
zqnhU9l70bkP5b~E1)Y!f;vamDmwqHv{Vvd?ezfc>N_@MfBotfzj1V#VTCJj4p*<E|
z1U<ELDJ%d{N~qY&J*b6XEeyP5@(v1!EI{C++-G^RRWJ>)iwc|@m2~SFFL(R%j@W6G
ziK(NGo|Ok9_z+AfbR{OSysim2IPC6s_w|aJ!(RxEyh-iEyhgQH5@h5-&cW;MXMynG
zsQbAKzLO$>nj9pO>wM*WDdt`b>hA8&w*3$~Rm<bxs27^9c4vI<$uoKN2t_SLAmn8n
z<JlDX*RJTAnjoubQo@Xy&^|sz*AObXp4vBjh_4|d?QRM#u!DTT2~S9{pm;jt;D0(K
zSo|+=xPSNx{P^w;QnUxoeW%-M>6cv~Z#ziH{Qx>MWUAQ%KWe%jcK5-Kc%iL-YVZE9
zmehOULTU)g5`mRBj7gI&?*q&O56fHMk&dOS=t>7oQ2`lC=L-l#R}Bl&Zvn_#t^X8b
zrfCml7bV?2^$P1<oS&Rs4$nG=-TnV+wLbVVR!NjnX}mC=(lTf<yb~)MPN_DcU?1F3
zEY{B+U}VC@5Va!lGBG@+PuP+_)eR}=gLZ!i&WCOAZGU(^+-v=Ge*MGy57*$Q{?%3g
z^7{O22;N_TllPaW=hx@&FNfg$cc6dyFYu4^%hNr8u*^e*J_j;AJ)zQ4f{`2B%S_|u
zB2c7Qc+j7QVqs0mEs__z(w-qLsaI<*z67WHm*-NU*#6&YQ&McZC(l&mN%Pum?C<aI
zzj^&y{&#<WKmFf>{liy(Ie2}vf3&~9|N7wQFZ%~?4qm<a3)pW2VMz%Yhx9M|YqymK
z_ehErxaYV9fCD+261q4B=Lu%r0>JR4W6e(mUuwYsYi@cBZVy{92%<j^yJAaixp8i;
zW6%c|cuXN(sGVP(+li$wv)rqrJt;JJWQv{0WTf{KV9qW8xK7-j6}(!R?<F%FF97BY
zd6RByM&{@kn9a%Bms;2n9m@En=aM_$BhY0%k4y<Ozjfx2-gE<h+PXmt>C}7N>gfKq
zIzp!n5N&k;NAp04I;{?vgudM9TO9+TC8RxV78jo@51_;j20%!?xM#W2V@rLjJD}r@
zi8{-_6q?O3@DwRpw<(H!=_&bKwpeoczvXJQZW|^1fBykhGOEq+&6_m;f4%?ung4I2
zya2IKonS*Rz;JN-&yJR+I_L6?d4dr=2K_<*<OeC2O7T3YyNW033b8G!o}BkiPW8=w
zp-TspIEXRCy5jx+!)|b39NA=k#ny`#E&Ff7=aeq@%%U1Ax$EC-W32ZnwnlV$umU$I
zUjGM&M@Rd~^?!J9c<}al{cofE{(JB1Rt^iO!T`SR{qaYuC29e;cz!I6Q$kyo#?!eN
zTxW)kLHt_l3dzG{DAiJ6o1v_DH?7})2iSMK&_$rFW@OizhSH;<D=KJ%9Tz(sv~SR&
z4cgzmf8PdewRg3_j)xfs?Qi>6ZSnvAul@hC_x0~>+em}=v;GPk?Y_2Bld|mC>FZtZ
zd#;miea(l@c9UnX*|&vANJ32!EJ4Z9CceM@9t=JReu<PVe`IU!KB+|l17I*1%nSxI
z-7a#kuVtq{e|EKBd_xPON(>$n2?<`pZK`vBOoC}hqtS^x@RP4!!CgEdOo8LLtVAN8
z94ME^2~Pd-E2$4_nOi<Cx+L=h^!YP_3ozH$mZK_D0i}dgZoQVnJji*picuvHOu<vP
zz;lp9JE95n1^qE)DJgyx)kzfS*H=VP#R2Mf^ar;*k8nbDn|Txf?sgt!3!;kNl-f_D
zfN-v2`(2P^V!ZdiqPbi!d$*W4GiPG4JIIl%<xXZ$PM#bS9U}4vl3CAGn`-3nwH?>+
zEPy2BBo9^6%Q8@9jT}^k?*+I|S<FH<n*T(WK)qEdn*jSAV7WDVb5&)3k^K^V$=qr3
z=Qm@<;ogeVG)!Rh)<H$Da5m9?>@f=pY~N>-m_;N?4aupf{SXPxLEd|*$HXj9VH6!m
zI{HQ|-eRHRmny`n`ls1&fGHG!6hDiO!U3U!)>}`FHCm0~bu(UcaF|VugS_lRR@TCV
zT^vx?MPBZ^sZ~NkMa@!~eC^WcZ4iPJXb`1>H{WXWkTfF&A12McGwwRcx_$tQb+brx
zGLoP-vB_i;DVobsSRT#UJbU^azuQG$P(-E6bALO}rWHerSc*2uBu?kn6nBe7QJl~y
z9U=$Ealxg{R60Q4K&K2jl$x{l_u@XYeo5wAXdSq=n6xr66nnHTH#perRK3dWsMN5v
zvY_&9IG$aiTb5mNBdn%7sPh=9X#L-TjLQ7t>mwtvEy};G9kIXMeh-rJ>Ndih-2899
z5oR*{pJgLlURQCeS=GaBci-8|w>6WxJ&USfP&eG=S~I6YlXuLR+U{r%Mh`U`*H=Lh
z3-_x>Ob{)$pq1@D_oMvFmR6wqTe{ThRDWw<YSR24+Rj_|w6Xu^d|GdC0?=gt-+#Ve
zwEyqz?mgN6@8fwe`@fa_!M=i~d=~3iLyi>1HlW;1GQp4zjR30d^4e>;_|b-87hF)v
zwTc1zuzqXV&O5gI`BPTg(@=B+wUBKdqFPx^3#~Q^6^J!qaY7;Gh4J&z{?Y;E$rRjr
z2Gd|fQm@^d#p)`XftQ;(P9`&w9J5J`6M~$-_Pw3HyX}<alX^Pvx&|PK49Jm9_GbM7
zNpauFqqVMV*{FF_T&X*JYT)g#RJixo7FjQDjjJrYU^{$e7h=83??4(`CF=ZyMZdE_
zOQh-2_eom=AtSa!l`gtE^aPkpSj1bey{vp|6!o9qJ4xX<=Bq`Mx!B(pPg#XO6{2{G
zQ!<=}?J3Hxai6GCLw^V)shi?05u{7kAV=@fs@Q^076enOMG>vvJPg5BH~gQsZn$dK
zS;=PggthzL;?KT6I?mE1w_H`p0Q*buo7;;;vcYLOW{HXmy%Y);RbL${kI!DVMWCMq
zOW^PJq=#dgk^NGrtEss<tR0=6sFb5Eaff57E3`-9_9{@Q5<M(Wf3<a2hsGZTX|pJW
zh#LVqnx>5VI3!6+td3*6gy6orEIO4fx|`c!1?F~2xKcf*(Wp1ufg%maEmf#PYh&fr
zO~-qZ$aF+EnvB`gWGpio9Hq&W=zLWWWDKr1>HEW!qg`+JTd#A3uJBx@^CSLcP3bEv
zFEr68g`8S&S2LxdDX{D9dfW2iY2FGXz$h$lsgzG9OnpAiwDbA;+Cj)%@A7mY0nshW
z?Y1HNLqbO66P$;@{bhm!#D;K)F|6+cy1qsO;^QeN5;BcO=AP#zk$1p!SsJ0g?s~gI
z6o4QXaC6pybl*el6TrxjO{2h(7s|cPvu78OQ7Iu4HiJBIMCW2kamYp+9Ky3rrcu>w
zJbTts!%-<}tiI;fgM}IA^XBZAZTCO_*?soQe_#Le+4c3hgEn*ML0?eH&LNcsvd(RQ
zd=^pL-PwQJ*#G4X{+s#!|BvSTKf626Uli>B@Si99|2;hSY5#||E>u=aAS$_NO@sp#
zoJ1Z4o7^e6bY>8ePB4Q3k>$Kj=Vy*b<UqPz%y38pkaAv$2DZ1+!C~nLFDt~AXSE06
zLx~3<&Cw=&lO8WIPRCx#Oyth(Z3j6j*@OP$EjYtELrTH`s>q`5_O_Glb)_Em@2ZFW
zC3@I5JuG!at$r1g!GP!Gp4h`O$G#OaQbs{H?-nFT>P+7rGbvmlI*AI&Uu+GzNU>EH
z>6#vTEjqx4R%w;Th^uUT3GClnf|08b_CR_x)%jM(3A@r8j%Zi=G`Q&4{FSwLs-i2a
zSU|NqOcP48qvRs0z=P;_Mk8=_Dr3PuD92GyQC~}6o=W5Go$#MkY!CbVX&w5gaC&fv
zoR5(XF?Wt$ot?cqlbKIpJ*r%-I^a+OSjg6IVUf!ibFy)#zR^P^mgQbLAIr)5vwTlv
zMj{mnG$D36RhfR*j+8sWb3p(RA%PTf(lMFqx0fo;M=7x`@*$Y)O1k~SG=b<CcE}Z-
zpAtfch<>GLHDPahYuVskNq#P5Y;w)KsPa0b%MFJ3O`(!<*~t|v6XX{exAyCFpZMyZ
zHu9fLJ9%gF-~Qh2^P>E>ySM!$|J}!P@A98zzmR#}RQxQ+fKwrUDB^?vWIl-S^Ng|7
za%@)ePdX;DG;*Z(hEsG10Rf|KZ_c-8q&A&o74pIz93s#3z|)`X!a72BWpR^R)>Pm`
z2sbH9V5>c_+D%C^p^@Aj@^Df-veil3mQwBbqI_8-1l?!tuUH=BVNDIU&P&DmTQryT
zG@v8GQ@cCXfDe)LzY2SeJ?6s-Koz4dG@c(xc}sG>;k|FT_@7fKTbw(qr@4NW>`3Jn
zB>3eawlV#wrK5rdp8&a=8IsBAAcY}En*oUv0vW^)AfQ>E&Jz*^Bsraip{&KVfv3A*
zF~(W(!jd#%f9<O5Z`FU>>DH~;HcK|wD@%m7-isv!-4i%1t_+(_)U{iC0oXWljhk<&
zg+qj6$heYw>s2nB{I8r>w;EKgn)(voQ%C3!ZQ8Ec7ML!~M-eRtg`Vab{(`0v{X@H@
z%h*M5d%4h^TyIvl42aN_WolAoP7pG`mT?x)dTD{IoZ<_bZv&NA^rxBD)mN>(ij747
zottl6qTYj2&1_}46|9reF+v)L%Kjk-p0|8B$g}aM4;H$QWwqV=aK4^3D@8PIl;5P$
z2y(;7*9n<XNH`xSL@A`8C!_yBLmY+!>|e^9dNT5{i8{Av)0%1P{c<uSG~pmm#;R+x
zLTANef_3<Cfk$m5xZX2)rVz_es};fA-au-?35^2YlgDu~W#P{5aIYVb-S6=Bcl-PP
z9vN;AhW_)N!S3+I?w<c*x4->j@M3$rr#k43*xKvoefRbA=g15xf28r-e{aHx#<$(g
zkDmJLzwAF<_<rR6U+n(tqx;Wq)wk?L_gPoe__kHK_1`R9<wQbFCkKb>1hS@}k-h>C
z{_mKo-W!PNoBgDb{qq#YyI872o{YtOWaw?N(Du-}U7M$s{;&MYZfXE%(Ep$By(pdk
z?CtM7>Hqif-2eTLzpG?4NN{nnR!AhIHJM0>Lu_T7(m|;6bA+LNLFDN4L~k10KKdzh
zeMPjY6|>QD>ARy&Ley9FOMN?Kg5&FN>R0i6;?z2guwa^l2(KoEJe1U9w`+@bOzqxD
zlzIqWiES5cvP5Oj>zZ6{$_WXbq$WvEn&60=IO~DRzLTOko`fpzp6G=+?!f9i1j$sg
zG)l>cl#V)H3dGsx92Y7dnE0#@^fkXQk~WL#4?s$jW421mkLBR7!K<Xoxwg`|ge7Q`
z{E-7*<%ZcUm#X)flnq!jFGVAp6teF!m$UU9X12K5sBaK-st%ycAbnsPcEnOU;mDCw
z>6F?KMN9DPkDo2iQ-LZCkVa`9S~vSP3>i-MpBKOD=73bo4So?MRv|quwtJjP_nb5l
z60-8L5qv;MYZvpFAUMwy^lY*!wO|a|v*T1jaim<^M6%^-7NKocxc+^&wCi8V_YV?*
zEOva7$hn!vk{a4^h&cytb1QtF6re4M*K+m6o|Vg^_s+3vkn58qbtgE&BRG*%2ijK1
zZQ!04ug?*uqlg3@QGpJr56P<_&lWKW7!_jd>YXz(%pyhGt(p8PQ!#Hnh2-9vnNZgT
z(>%EX_8SRWYy*U+nI2_9s?nr0pSA|RSdm)Ls`gTltZIz;Ph^gApq(NjR1!sb6q*P&
z->O<e@q7@1G~_P!C&cO6?Ck*^yIMYN<bM?m;;zpBo^SWd=YP9T@t^PIxqtcJ66PU6
zElvU%rKHjdt7uP`%)%X21~-zG%CSfm$D1g%VeL3L3bOTIXttaCq8c-PR1=bn$PFxj
z4e@ol=nGhe{(&c9SJy2EMUh))sddPa>ZxtnKy=0=oOpcPQ^u~EYT6W*)ho9PUN@0%
zfj5puAi`Eukt{cG2lI+b>Z(Omy;)J_mo_@fJktg9n!r>^)~?1_Wnh*Z&IF(wwiZ;;
z_(GNKX-r8eIftam@)?@)H8h4QE1BF5qDB!tcF>x|a*d)!a8_p#qLaxqg;X0LDGE8!
zA0w=DXnQ;+zQ<M2Av=hW*t7Y}&lgy*?DO%57Oi|MtXXl{cRmmlfIHt6jv%dK$XJZn
zjF{|rvN>hKS3YVJoiWSwlhep2h^8A5r(zBXI74l@&`Nkh@THwgd`m0pd<&7(_c}ka
zD>5U=mINfzSF3)BE?p%wm8p>m+|jyUkaT28>G(z_VooL`#Q{#SLY<nKdKJ71!>i<b
zG4(I+n)}uAy+w>^WlVE<=66T@Xj$I!Xob<I=iZ+-^1mdw8;k#q^8btNeo_A4*?#i>
zyO-zQ{r_HlipAcd6Z>mxwmey@-K}h%=VnDzC?u#0+)axEqU5_7NfH_m!E}>p<fHvv
z_>)e~r^6xrgdDdnbop^YaH={byD9pt4<WIVgjD8sSqk>krU594FlSu?UorO^?&Jp|
z|IQ?}gv22hg7CKva(;DgJ}7JuH=Ksy9Q`rHp_tb|h(9n`Pe@Dv9m=Po4bgLMuJds=
zA@-?EW;K*%E6B_!4<R6b=B7?^|Mpyzg_Dq&_+77aGSqhgBoK39(ZW5=4mbesa3xW6
zUiEe{&PBnJAyLzb{%B}Lm#Hn#3h%ZFaXnH#psnfE>Zd`6gp%LNO<!|wm+oMZ3Ukn8
zyUP&UVojov2<0giiTwFjNsINSR7s85@GQdAnvG~i9Ytp4)V&NP*uszZDzK)eo?_wF
zK4lB~WG@!0(FH4JVW|}?8-t#FQ*D<{r9_@}zUu3(mr^CvRWGR{lV#ebULK3xLSA!Y
z5<LM?nVzR%O5LoGrLC&$#sj#0q|<FSZ^{6tVrRC;E!(mg9=y5zE{$t9GPv@tZk*ZI
z!8Uk?qPE*d)i?{&U86W=Ys%{`QZ5y6ue%f~ZYlq@k^kl0(Yx~h>F@8A?f-jwPyRpm
z^4z=pZ`^+*RjF-r!M>@fFSk`{hnjPBzq#tzF<(Y(slb&4FOuuYLC$1u{#@kXQvl_n
zSGgBGbNBdNEF)}49~sdbZAG+Pfb=~JcyHxdMI$;Rkyb0f&L;zh8)?G|z9EWeKFcEF
zA=n1wi84(!<Coqc`fl{*?^B*Co2Eg27pe@fe|d$IAalT?Ax-BV^x#_>4Oxqn#Jw~j
zq&LAd>gAJyuIbUsb^)iQ>9Fr`XLyvkM3v<^oQs|Pil8x`i9yUrg2N(4x#0YE(8s&>
zX3A4&Nq}kI7IHpIM(V0SP!9BAasN?*PPyKaTdS*r%M__TldZtTyySP3c~;2!ku72A
zK6}*?O<DA-Eoyf(!+;)swWv_!I+tYLis@Wh5%_Pyb7VODO9EHFoF~R|AB^Ra%&Wse
zytV92qLAhnP_=n^UuGHdT$uvm;7}%b%q`oBRg=$jQCc_o8u{BEWr(81H#m;<l>zHQ
zis;KBqESFTEvmI{I$eLKq;aun5Y21N1n^)9N=TYeG9!Yr;Fu{)2oC1R2T?v~wI;K0
z8S+Tfa_!9pJJBk0ehnf=MXLzj=hIUZ<EQj1Vyf&oUF3u$8l__g^|xUTnV3WHA<Jv<
zxxW`W538kLqFChSNOnWc<c0~CiLS;Zk!OVl$CM+UGC}T()<OYt#bS`@Yi&d!7vib>
zRRa549$Jwp=_n8Sx?KfR+Csz|9S9MO{}CDtJ0AK#!w|vo;gBXgm2qE4N)qJ|uGVKD
zfyu7QIYBP?muB2j^jUsUBONK)3{ZljfK3eIBp5lJ$VJ~X77`rgL46n#h}e-bp;#h5
zpA1;Y^^hAtXV!}fF{dye(uf0$8Dgh!OqDh+=2wa~+V;e!17$mJicf>wQh*v!Wr%6`
zE_zF@>W2MNZ3beT$&`5LWC&t@$|TuuA(_5ihVxJ=cSNoPSpjy6JCxTE<ie5wqMxWp
zbzqwtP9q;KLnq2j6&IO^STlXGCrQ3xK$jMW<cpgpLxd|<j%bTbqX11K(F=1Lp-Em(
z>IPReGa}S>MAKJ!oPpDdX0q^mu*QIXv$injCiV>4xFqw1&7?ZMom@~rDwG$In{fhd
zrj)28LAQg@j)zW7I3+#Q8O6o5nITW`>5NNo-D!=UJd0S^f4FV{e8F%EY;zu4UJ)oA
zV^v{Fwu<8>iZvLds)Ch+-u2KKtjKU~Ez$zI)QFFOaMc1XV^mF_;x;@czBD+gA#BJG
z8#$IGJCrpn#+G%jQR*n~c4j|bH$6KzM2>?@GzrBL3a_(;Zdp~qL)FVZ>B1SiDyG*n
zA9PXO3&m-z^8Ib(DO{PtieNMu{v^ey;$A;ZX~?}1Nq-{q9}+eZJCB_roIA)XY)=)b
z$GWx6zSpU~Y8!?UqG>w`7l;y-V_4X_oXeLu#h?#{j9pG+<jjPKp|yz?hCu^Y5l7bx
z1V}6Fh1HNPb}DZj`?H;xJWoqnfGm~Hr8u+ijI8I#r+5{!B5>G6rYL-LzTqDo6fh#A
zo+^%M#1i@aW8~;T>%J@s8m0SHJ?qwO`E1NJWv%PEU(jIxIf?v|*PP1EW5tsw+>R#^
z9)u*w2SCwl^w3^wb=SJr_2q$6YsD8M09Mnb7K%0cbnrhwqocdwSUsxB;b(;yD0T(H
zc-<(5VR=+;d2ZfU1i+Jl1*<z^>07G`WLV#q%2l7gj_)a%vM~AQX<|mQ8L}&qpiQyu
z9EI^1qkgw5f4-egNJ4$o@1o6V9G6RdQPBW@b?R0#l;=LBB~D#efsDwfGwE({6o#*9
z3RX7f<HrvcE+A~r7a@M~G(mf9f!pD69D|9hL~g<H@pL#0N#)Y3PQX<fxIom~>7>-X
z1t6=hq~(;~*e2MjYd}*@xFxi}RsQ@vP_Y=d5EBZ;73FZ#ha;M*Xs1#-()*}VbXw@f
za%)*uBUbIaS3a1EZB6Eq2Y#j6t39Y1C=ac*E~%|G%8GjSjgiV^G<B?(cPot)e2DGV
zHf!XNuFdylmurQP;vVnir@0I#U!ZC~uQD<V>0xF-mezm%Q}b=hD`h#rC{D<XvMDcX
zBG^`Gd7H&9OExX`2V1>MQg;(^>(LhIc(pWK7N#FXl=i!OTAlx=EWsmkSMfjkJ1=%h
z=l{?9Pv`&l@jO)gPdgOUxuh=ycfKnbo+3bB6v!?foAAs&sXmRf3S@x=7kk7Nn#yb~
z>I3u<4t^})UhbpqIi~`s6;E_jytGm^J9T)z#lyvw79NrUGb`6ppEk)Ka1fj;(k&b<
z>D|vRBZFRibUr$E2s&FLZ>lR*fa;#rj^=CTwvX>=!~e5OTQ}PQ8u<Ut-d^$kN5B7+
z|Kon12jKrvKoVoxmnSFYoW%Iu#3UKxm`mk}`z$umO4JW7L}?EGJ@t}u#dSlJzi(Kv
zYm~HJq{PCz0`I_(9JG$(cyVBia)V`6ujF1Z)0z)SBAm?ii_Po<lh-LLe5akypB=QB
zvj5Flq$+lEre#k~M~>mAafmj3oQm4Y7iir(BOy-djGRMx_xjqXQBG!cak^+z-5-^B
z%++#KYh9Exu~%DyL?=`OcC6E~ji+cqnrS0(y(>iTS?3M(5=#S~Ofh0|)Rd`N=cEvG
zrmq)!3Pzj|p9CPIK=`vrr<?%9jngzf==CO9%tudo$xzngaY9Eufhq2d(@D4nxO2s_
zgTGp>3@BNk+=W4H;Z?u>Q$D6`TY^^IF!UVo)EK$-OBIq;;W}5eY<^xU)T$v7vlca}
zW%rHI7j?H88Z0Y<@_p%s@8cF%+U)=GOzh6?f9`FU^MCC;>3{e0-2477gSpX2<{pGl
zN-0All4iah%0gPtyd*&?WABKhYDF)$gXyGK>Mhi9^~;v`rD__sHsM5j{Z{uG+Ph${
zqS<?#ILgD7e2Q6;BEdm4fa~kS_07xafcR+$$kCQM>)Ou3&;SJsmvzjcg7PWb7IGQ-
zowG=A@k8e`*l;~jLdJl*7W?!UG{BtfKSwTP1t@NX-%n{6AQH{c3@6gHMf#g!c@3{|
zA`3{7v#4igGIx!Yy?JU1pe%bZd;y>6IHa((aPbGE2ovhB8n9IZ&fAVLCqI;`!rtf>
zqlg#Vu$A*#Xj$O!x)Pg6p8R>JTcIDr&+HJe7D|n)W|~Rja7d+gbvc8LGq=!B!gx>0
zUrQ~q65!10D@LQdMywh1oc#Gf_0b1xXz9Db@8ZLH;her8W@IguTzD-wZiUA~EN|f@
zWJZa+m?v0gqRyJw5N&+JH<X<p(FkdgYkje6L*Za!Qy-CJoyk*(_2F>Qk%c+gn2Gtz
zTz%G+xbI$HqXlOh^0-Um(DKO29e5#@sFLbL0hSPW0EZ}Ik*i9#A-Q^=pn@y!C7Jj0
zbO;W-%Ti*ly`lrS8a_D3nQsZ1k%W_<#LI(2q<*SWc`CDu7AN^;{z=t>ZC-7&$f4jp
z?v<TT79NGGMOQ^3$7AAO^63O&OA}Jl<7h2Os6!Y%lb#{Zvh$_QV-^kR=namyv|s#?
zC6K{}Mkr>vIGS6Cd=hxlmpyebB(%v1L2Lc*c3<pwn<WZgb@)Q{*5Fn4*y;JurwNYX
zEO=R_Rt9efhDnyByS1s~%_|0_Yk1#dPEG|E0kx}Z@9#!UQQ8Qb&{P6;>;TEmC5>QT
zRVZ>YjpYmCW4yDsFQ)A4&|aRN+dggdzbl-GWqM;3u<`t_UpoJL(SPxz|J}!P@A}^d
zNlXY2*fdoMpA!~_z`F5h5tBA_sLEg9(Sp=1XN;wbcyc8)`^*eN;ANIjeeujeRtmqa
zO1D$Y<?=;((fvT906A{*@ni7q`WMMv4;-0^=flz2+mp9{KR{>M=utpY;-@4)n?eV(
zQUzXLABZ=i%=LA53n>{hGP!SMK!53M7|u~b#4t&u?lRyRqd^(lD$jll$^OAhpF}g7
zut;8<h3k3s8E6%5NWygzTDVOCaSL75iYr=it&+A`^=XTF@TUd;xBPf}zxtSS90dtp
zVl!y6|Mho@@gH_~_nz#3_ww93|5rZL1RZNi$|B=uDZ_CBysez#zm1o9MxzE`opDen
zelc$F`XXmuu5afvm%m}G%1J-DY_K}}U_z9$oc1U+y*BnP?yBC(cC~+g)ipiOTu#hd
z(qR)Y&+4*7pw-iN`VQoHYxl^u$hC|Ph3n51Dr^Qpfh=9D&%sldCt3lLWeX63!Oxr|
zrwJL-Pp!aQlDQ`<6(H%m7WOTSOc~C+feUTsF9d*C!4fGrtQYToLk5~+6anzD>FSRP
zAu=gN{<e7OP6RJnE0?)XQW|dUWs(Zwb(%Vs89vM3s&9s5E>z7t0AgIl*<BO0{59N)
z%O}<0hON0<5P@s@iG~y>bL+OIJkx-vT)<hCjg=*Zm=6n?TjNsEk>eJys|R2kjoo(h
zE(E5F7R3}VQDrdY+A79b&<7j^PqalKTLW6v#H*E?4Q08x*W9go(%VmlhSOpeY};`C
zjOc+az<tihEI41yCAq32j@#m0UlNh?y%f&vtw2i<MpjU1fgb(pvj@>I=fzc4HJ$k{
z|0aI$f7WMN{cnO3ii5#YroaaM@5PJV-J<@tz4N61-OKZE`rjKtNiV-&x%Q_i^wH>k
zdZ4wMAKWFpoz|z@xEr0X0;Nl7e7e2@ho|ZI#!6oSR<+896Msxo;-}N3@)Wh$A**;1
z(li~{tBwUYVxtumYShLv#?l(qF|j^5xmGLSi0xOq8Cfu<>UCrNX7zP({WB7W)CUr&
z8&0`I8R{cdiHoyTs}|=9)~m*fMqDw)E7p#4J;;v+I%yNiO#+>i2(C&)&R=bU(-7d>
zg+6r47o1jYgwU8SBYCA}h~j-Kd-yVeu+4oOYb`hnkWjOz>Zz}yd<!DXYTW^vs`|7T
zV}BMyPMaNYWwx9Z3IlEWeFI~T23rB|CWf4rU{-9#(SulG-fw8ase^J$1C9p!$jvu4
zJ6&dt<%GIBG~V3da?1_jHtWpZk(OClHT70(m=o)FiJ8sB?5}cGv+g&{sLds-X3Tzn
zQ#0Js_8%6F*h=j`eF*kYwEyhxKiPlo<9R^)kD#QN-~UHKMt@no5lE5g<1qr+qpi0D
z$!_1$7GyVdM+TuXdY3Z@sroB12<2hb7=#v^aq=K)%s7okrNW@<jY^NrAoLQacz}7a
zexP38mqF>A=!-pNQ<D7F2<d2=j$dW8V!<(VQDcUJ*RSfyY#Dor-HQfY^bV|F(gtC7
z;Zd5!6s!9an8joTdy(CyRRgEl7zY9P@<T54<?d~Ag&plt+2lA$TbSfBw$x;dQzcsv
zy)5r?lDa0X$O<iRsv}Rfx3<E@>TGWyd<|BjHn!;ZO>6=R?AL93Q-fGy-fwDqtATP`
z+nWOW$Zc<}Ei`o!^j%tLR;=gLj-km+V=br~m}&0RB)Ui?`Ff}3_I6P{Wp{5EeP{zu
z!?U#g58_@gcM-J7|7-tw(f?~_Z~y83=e;}+X#bm^|DV^ZH~i(|vOm1p4+eRso?p<y
z9hv!x$Xw3I2ensX;<F*$(BmuDnH&3i*-)Omy`H?i${Ieb=s$r`>!E$Ua-8!~S(P5x
z(@PTIlb_ea*qR#mywzEnR<-dr_xUCo76ARaZA>tP*0X(6`%)#0+gg_Z=p(l+wKihZ
zi*9#m!nm8|b!*FoTvuPYKUcLF{ngE8dlRAIhIi%1b<<~A`%hNBy%DIv|EvF^WdGUS
zf4cv7KhMM2e@-PO-GvdzBGN}=3Cj9ZZw|`J+|DLswRJa!p=ty#WgW6W+%gPI1*A$7
zk<l(qd0YKzhAOzde#<jMM?)KyuC&0rsJgXE!-|*RY#z{>QZ81B*?Kj<T)bYdtymi?
z3NcgeMc%xkFl0^SQdDTqVm5nuJ3>Vh#rar(>}3rK3yHJU4BV}GVe!ZwlcC{e;&VWJ
z8W58dl!%Ur9Z@BVQ~g}D=aq?V%892l+~tC>Uy`}YhOYj$XkV*Ix9cGYB`<nDAf~qg
zg!!hC>b2g&3QW9qQ&~KMyf|G@Vrp{gRhF{avB*<WN<cofsFh27UqyQlW@~ERL6@^c
zG{dttI*BNm%c>POtR>K5Bh3!8)ta)7T)$bIQ>!o4Hl%KTI1BXY+BTL2ykb+8HN+(;
z=4M8#1%Pg8xw0qgahtESv7;msE;$7?V&xqgLsqLEv>wr&aF49$&*nh1nS+3=Twa<B
z=oZ;)EG~(R*{%@gys8(KjA}`{v<p?Ycn6%s7FKV@O7i0FS4_o~<5?Ydvk|={rz=8j
z0JUO%XSWvLoaI&OwqG&1)Q+ivWNJtvE-Z7K9u}2b)_%OK{Wl>2T{aO!ga6<D^X>hT
z|KHB@C;RVxJgc$)-pBxaCP?XSuK!9ZeKfXT=uW-a7e3$4;wxLY8)I(?neEK7vRXTf
zY^}px4#*{$b1#On1wfE;0w?reBv6Tt8i83=yqQjp1j(=JZP+@4@@D4z205?_<8Z2+
zD7uZc$`!~Tl|$2}!8&t$tz6y453Fb`uJ!^eI|&Aq+s4PGP-RSr%}BC~wnk5`mp^lI
zG)>3L&!-~c<~~k2IbEuokHVU7rK-#@bQ@2?9JcE%sAlY<|GH@<_vKA?mj79S+7|fE
z*(K|3+j$mT+wjtUa(3%qzu~&c3?&)tqP@C$Q&`UUR1M>nnwbRpC{0ds$CJrJwIU`*
z-x||kkx?7x9qL#slS1mZ{rYK^b?iA?jCz@!(wxEozM=mBaf54&aw*Sg1}@hm+Eg+F
z`r9GuKkv4liAu5K7W7{U&oXw|JCA1S`R!|S37M-a_d=&e_7V-KJg_(1JBqzsEPl{o
zUGw&e73AHp7#~^-d$?y={ome~+FAh`^#A8Cc8mJ|?u*^0`+xWHJe>cRQinwuQ1l0+
ztm{kJ9m>PPK4#Hyds{G<&7#O>vOL2pr%u;5&J0RKa<{jYm|W9Zf3>akO>1pLzB)-y
z=DDuKP1O*}Ij;-TfMRR2*Q2a9a$Jm69`lrGNd$TwjT9&vSrQ85NzUDN%#^(vdrBr&
z)Y?<3+vR9PB9h>g1ikjxELGb7ruJnqH8$0m0H?URiF&_>7IJ;IRml|Lp0SSQ6sBhC
zkvX*sM3m96XC}H<FY@HDEAolA6K@Tbsl0cKS9|lAYRBRfQxr5V$;sTc%VyHB_2<)~
zx!*-oP&G=>k((c$E(!^7t?^lgWHG`RG?1aU%%aS%oubY1rkVM(6<2q;Qi{}iV3v)_
zacsMj=VZ!HS6{-k-jq+fXQgxQ^%*udM#XYaTUoBih@{8UBq32|RCJu8;RZ*6;T(!%
z6znIur8=xZr3>~dn!U$~?Ic;#jZB9@7n!>3%OaAr4?ad8Bkhg&4gVNbXgacS*>f>-
z3IkrZ#?dQp0g&J~zTq2Xwq_DE;~+pAt}DbMp>7?ni{gq4h+g0*@PrnYkw!NA);o>B
z5+-h|*VM}Y-k5|FI*M3AZYyIp$p71WI|cc_zrVY;^CbV@$Fqh`aVmHW7gQ<dTWlB+
z8cb;z2>u&m{}PV~_d09nVoW*W(>P{H$`K!vFa&QEG{LDqrqO5%B_zZtov95kdyk`_
zvxXuvlK#z`(x{;PNYVf7dgxsg&Jl~CrsxuiNrFNe5wGLDJpc7vY)_pvbPNQF-XEW%
zfF``-jcD3~e`WVO-r!$J5B}9J#-pD2NB`ursFwj6VE=L&gVw@3&pdt=cb<6zeA#*C
zrIWbx?EiJv(0iOvHs$E#<tyIt;)MN9{IuiIfZ(1im$2VE-i-S!Aib~1o>05~&t4t9
zeDlhi1h;Ra;r`d&i~ftk`rq5ze$xN%<yk}D%Z&bdHN2*SM93S*f*LxVBlOFUB%I`5
z|8sMkrZGS0^~5IO@o_I;KJTS0rate5vgoghp4LQ}E?BNd37f`(rAQh>AsbO24M=)L
zNMt%9>v^5d+8Vle{g;<#oz8E+{U&7MPC#N31tjt*QF6D~6%Q0V*rAmX^Z@O6pS(}n
zUxsm-vSfaMm`@LSy@ZS?Pm{UZ_X6f$lEkB|H<0bi=0%gxuFoRQLedeVK&JgUn#MxV
zG{vBMIHvD)^Rs^El19M+5-K<yy}@y3LQ*WmU(s{f?+TqqeBj=28ivxD5ssvFt;t-<
zHpuyrgdsy8SP}+~?8Mp{I*HPR1yeXj=yZTrOGzS5*o+2*Bdk%c&3kA}!k8o+U5%+f
zMm~;&3<LIixT!EBA&XH&uGF-ksgR5%QIyD_tM>{t!4V#j#OrkOvzluF82>LnO$P+W
zG0&h~syALhW<5zc0f|F4p9twrNShKo{A5D}1bQst(+K(Dl&2&S6!e<0OVQnwi53x?
zCJ4vIc?wF$24nw)E|NL=MVi3SQC1Ee;}nN%l=V=Nis!RQk3=a+;)HV2-2$;Ldx1zm
z0RS5s>aKt*N&Pe-py+d&65i>!NFXMONJ=>Bd;S0Xw&Ti??s_}k_P4T*&_Ib8Ec`r=
ziBEBeXcSLV#QiauVED3zP9}In&KOHGYSoKC5LP;m$pPY^aCHz02=@~TTGs)32`dEY
z;+8r|1yG@3h0GUPR|g^T2~XmX93Zo<Ivs2MH8gc*O2RZt_+lN{kQMTK(TGN$I-L}c
zn!rjpDIVEi`d)wE>$?FNP#n4aZ8zE9?R4U47@o3_`i*@BWDn;EOYo<rqB-RPk!s^8
zyux$7ArvLk4}r4{u&$>YTk^b0Xb7VC$?z>pPZPpPly1oW$di7abqFU3o_7$UDUtSv
z#XZ&Pb2vv_cRG?l1ZA4;t9H<4cE<;E!zp;z>vRG#m|Ex_$iu)AYUEhp;Drv+oK4Xc
zn}z`j=_L_gI3b99N)wD|G-Sy{E(f_IaC?&EF`=OCqX^N6r#SM70yZEAoi#(2HpQ*w
zSbm;f)&%}*W`7M?(~s<#=&T_*bk!rpao5nP;P*Twkx#OfrH+6b@ubg9WqBd)YFM6)
z1cAp+ho>yTBXS&K&YNiS?_<WLsU_=Rir%wuIw9y>0zv?33!Mx#?K!Tqh3sbD!Y1W7
zYI6uE7yaZYn8QXXw-vG7(P)(GvEw?O4)%S*`5P9HrtTg=Ni<<W=4xEq?_5J?1P31y
znv!=g0i6D;v9WXdFS0}n-~F9-Izp9cf_tj$dxLBugB&EiYb+#ZO*(SY*K*S#@w$dA
z#1;^+h5!T5=`~QmtY!_(zRGzJWn>F7Ny8{@`<wPeQl`D!U?+10{gTYz;8;j~2Sr%w
zy%7K<%$WFs^IVcSaDLbb#FxlwS$w2XT_<G!*#LC3MaY&ynCa>ovOBwmkg+0)LfWb3
zCo(sv6u5)|i;hhNr}`jN=PTvmi8zTk1!Wl4B1FBhWf>YFtUA7hIGYfZ(h1=Lz!i>Q
zQI14yDZeDr6(MGv(*X@>I+x9Ygfk{I;YDl+8A#9WTE@wH3Rm#nb=_*gRbl1kQY%6s
z9*|J&P&kg;SCv!vF2;XMiIIM@+4%e!nJX3A(E9}q_Mel;H<vZ9uRFOx2XUB<*z-JP
zU?kD(z+79_3dQNs`T2);XD`hMB&~`+By4hEy+jJp;A%F^e_4PoJv(y5%0yg>e^7n5
zuy`twZ}O7N7q)n5*`(VxsBT(iE{)gMfWOX~eP97-Ev%^g;%{0_=)HY(sTSDVcNeeD
zz4TL>)5dObG`ziizlX!y{Tmz)w~cn&<Pv!6gJPJQlcC^9Lzehr=VaU*-m5F&aQYy4
z77as??SPfxkO)P(q(lQN4nriQUo@Gk(;hI97bfb^akdJ$JainO_>Dr*mNxie1M7OB
z|0+Nf?DF+z3mvoS$fuYkDYC#Eu5Stj)=xvItk3FP;BztdiMd6b(E@TA`kk{#bnnpl
z44IcaiwdtD!QL<@`_GXZbURfj=-&theH#V+)u5n%2Po(lQJ`%eKgXj42SQQ-7IMK*
z-`n=KJDp$NMd&S?k;#B0sK2{~cD8r6x1<U^+tEgBbcHzr6-1~<LmE*&CPAj@k7zoc
z4nWZt#H);?Ydpp2l)G%`reoqNdobw#l%om$oh8~3B~(4>Tgb(Ll>lRo^!+i8MubbV
zgfzN{@0m$Mtuas#QYM%JOJbJbR0^>H9S#Xh%aGu7ng~!qK;YC>4s};bPyj`&LnZQp
z@x?TyMu2F_NjMZr6;1*rR~VGNdiUB>T=~Nor>5^$Bq4|@+Y?a-zC}FzSEu8m(}c{x
zj;>yEi4V%{0Z%zWzvU&8-_WMw8i0qv91U1HmX&s3e7hR?79cUT(o6^A&%@j)!<5z)
z#G-KC_0TUrl7uX_bZQHypaC3HH7FO@dKc7QA4h_y0yJTOqfFVw12&cG%Ieo|^2prl
zxaenr1t|t8gX(XkKFxN$T(^e!kKURp?Ly~VMdl5?5e;7CsY&#MqgblHTG)ODh=uL`
z8623PG3IC>gm;z%L=ZF%<1rqPl=`ruK*Alf2^*1!h?&2_b14Ul9bin1UCc7#DH=N#
z#2S!9+3Mg>YN}VeTqx8~lAx{=Wol58vn)%BCDAZp6NJUkBrURt=sigrCDqE=0(g8Z
zREB6HMMJ^5a5P7h^C{u&o0KxTT1SddxlbaTP$n3J;Mr=Xl+nem9WcU0^O|Mp^@yXn
zn8>Uf*(g9yC@eO6XmZhrZu3R`&LczZB?%dlL^G;i*l<X}=m^CE=1+xY19P@`@yvF9
zo$dZQp(8oLy*2ZvJLSanF(<sMmWlcljpXF%F{BL5b``b!%*k*XqL4<HU_Je-Zd<hJ
z*#_HmnzDrAkoOY8SvVuE=-v+eyX(e`r*762In%wr*$~@|rn15yWTT!eLtHTuXw#kT
zxG7VA?)Lr$+nRE_>{z~;|KYQE{ui;0?dJV7JF0Mirct0=*^grEkBJ7eh4ihX9d8?L
ziUN-M<aGbi5wtVGb09;(eSrpGd6Q2*iDCKsY!Zi5s?d7tP$0a{KNJ8qNHMH<(N(?I
zsZt21oerSnpx3*)y7Dk|(PPP|7s?{M_xj}c)!TD$E&W@k^K%pu&a=&OFxTdL!LdVp
zg#;rRB}6iK8lkI%rf}NK*)SC->I9Uh2^~z+9C~!0C`Wby!IvZC9G#<+a|eBYbbfNa
z)%kF8@#DLnFVKghv$LbO7bmaI(YrHr{O;|`lZ%sgZ_m-YAJEa;f1saE-oD&Igi4d%
zC&4<o=pdcI*6wxA3CT6CO<mF`OMMjLXf(wmf<|mck_ZmpNiv~a?v*$SIw76VRB^=8
faJ;YR;Q8r!dY+yKfBt^}00960Dl#FB00ajBq#+#&

literal 0
HcmV?d00001

diff --git a/defguardDocker/deployment/charts/defguard/templates/NOTES.txt b/defguardDocker/deployment/charts/defguard/templates/NOTES.txt
new file mode 100644
index 0000000..4550aad
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard/templates/NOTES.txt
@@ -0,0 +1,20 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}/
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "defguard.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "defguard.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "defguard.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "defguard.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/defguardDocker/deployment/charts/defguard/templates/_helpers.tpl b/defguardDocker/deployment/charts/defguard/templates/_helpers.tpl
new file mode 100644
index 0000000..b373720
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard/templates/_helpers.tpl
@@ -0,0 +1,78 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "defguard.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "defguard.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "defguard.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "defguard.labels" -}}
+helm.sh/chart: {{ include "defguard.chart" . }}
+{{ include "defguard.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "defguard.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "defguard.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "defguard.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "defguard.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Define OpenID secret name
+*/}}
+{{- define "defguard.openidSecretName" -}}
+{{- $name := "openid-key" }}
+{{- $name }}
+{{- end }}
+
+{{/*
+Define JWT secret name
+*/}}
+{{- define "defguard.jwtSecretName" -}}
+{{- $name := "jwt-secrets" }}
+{{- $name }}
+{{- end }}
diff --git a/defguardDocker/deployment/charts/defguard/templates/defguard-config.yaml b/defguardDocker/deployment/charts/defguard/templates/defguard-config.yaml
new file mode 100644
index 0000000..b645b48
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard/templates/defguard-config.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "defguard.fullname" . }}-config
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+data:
+  {{- if .Values.cookie.domain }}
+  DEFGUARD_COOKIE_DOMAIN: {{ .Values.cookie.domain }}
+  {{- end }}
+  DEFGUARD_COOKIE_INSECURE: {{ .Values.cookie.insecure | quote }}
+  DEFGUARD_DB_HOST: {{ .Values.postgresql.host | default (printf "%s-postgresql" (include "defguard.fullname" .)) }}
+  DEFGUARD_DB_PORT: {{ .Values.postgresql.port | quote}}
+  DEFGUARD_DB_NAME: {{ .Values.postgresql.auth.database }}
+  DEFGUARD_DB_USER: {{ .Values.postgresql.auth.username }}
+  DEFGUARD_GRPC_PORT: {{ .Values.service.ports.grpc | quote }}
+  DEFGUARD_ENROLLMENT_URL: {{ index .Values "defguard-proxy" "publicUrl" }}
+  {{- if .Values.proxyUrl }}
+  DEFGUARD_PROXY_URL: {{ .Values.proxyUrl }}
+  {{- end }}
+  DEFGUARD_URL: {{ .Values.publicUrl }}
+  DEFGUARD_WEBAUTHN_RP_ID: {{ .Values.ingress.web.host }}
+  {{- if .Values.ldap.enabled }}
+  DEFGUARD_LDAP_ADMIN_GROUP: {{ .Values.ldap.admin_group | quote }}
+  DEFGUARD_LDAP_BIND_PASSWORD: {{ .Values.ldap.bind_password | quote }}
+  DEFGUARD_LDAP_BIND_USERNAME: {{ .Values.ldap.bind_username | quote }}
+  DEFGUARD_LDAP_GROUP_SEARCH_BASE: {{ .Values.ldap.group_search_base | quote }}
+  DEFGUARD_LDAP_USER_SEARCH_BASE: {{ .Values.ldap.user_search_base | quote }}
+  DEFGUARD_LDAP_URL: {{ .Values.ldap.url | quote }}
+  {{- end }}
diff --git a/defguardDocker/deployment/charts/defguard/templates/defguard-deployment.yaml b/defguardDocker/deployment/charts/defguard/templates/defguard-deployment.yaml
new file mode 100644
index 0000000..f1713a0
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard/templates/defguard-deployment.yaml
@@ -0,0 +1,105 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "defguard.fullname" . }}
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "defguard.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "defguard.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "defguard.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          env:
+            - name: DEFGUARD_DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgresql.auth.existingSecret }}
+                  key: {{ .Values.postgresql.auth.existingSecretPasswordKey | default "password" }}
+            - name: DEFGUARD_AUTH_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.existingJwtSecret | default (include "defguard.jwtSecretName" .) }}
+                  key: auth
+            - name: DEFGUARD_GATEWAY_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.existingJwtSecret | default (include "defguard.jwtSecretName" .) }}
+                  key: gateway
+            - name: DEFGUARD_YUBIBRIDGE_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.existingJwtSecret | default (include "defguard.jwtSecretName" .) }}
+                  key: yubi-bridge
+            - name: DEFGUARD_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.existingJwtSecret | default (include "defguard.jwtSecretName" .) }}
+                  key: secret-key
+            - name: DEFGUARD_OPENID_KEY
+              value: "/etc/defguard-openid-key.pem"
+          envFrom:
+            - configMapRef:
+                name: {{ include "defguard.fullname" . }}-config
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+            - name: grpc
+              containerPort: 50055
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /api/v1/health
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /api/v1/health
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: openid-key
+              mountPath: "/etc/defguard-openid-key.pem"
+              readOnly: true
+              subPath: openid-key
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: openid-key
+          secret:
+            secretName: {{ .Values.existingOpenIdSecret | default (include "defguard.openidSecretName" .) }}
+            optional: false
diff --git a/defguardDocker/deployment/charts/defguard/templates/defguard-secret.yaml b/defguardDocker/deployment/charts/defguard/templates/defguard-secret.yaml
new file mode 100644
index 0000000..b5758e1
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard/templates/defguard-secret.yaml
@@ -0,0 +1,25 @@
+{{ if not .Values.existingJwtSecret }}
+{{- $auth := (randAlpha 16) | b64enc | quote }}
+{{- $gateway := (randAlpha 16) | b64enc | quote }}
+{{- $yubiBridge := (randAlpha 16) | b64enc | quote }}
+{{- $secretKey := (randAlpha 64) | b64enc | quote }}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "defguard.jwtSecretName" .)) }}
+{{- if $secret }}
+{{- $auth = index $secret.data "auth" }}
+{{- $gateway = index $secret.data "gateway" }}
+{{- $yubiBridge = index $secret.data "yubi-bridge" }}
+{{- $secretKey = index $secret.data "secret-key" }}
+{{- end }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "defguard.jwtSecretName" . }}
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+type: Opaque
+data:
+  auth: {{ $auth }}
+  gateway: {{ $gateway }}
+  yubi-bridge: {{ $yubiBridge }}
+  secret-key: {{ $secretKey }}
+{{- end }}
diff --git a/defguardDocker/deployment/charts/defguard/templates/defguard-service.yaml b/defguardDocker/deployment/charts/defguard/templates/defguard-service.yaml
new file mode 100644
index 0000000..fa6f8cf
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard/templates/defguard-service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "defguard.fullname" . }}-web
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.ports.http }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "defguard.selectorLabels" . | nindent 4 }}
diff --git a/defguardDocker/deployment/charts/defguard/templates/grpc-service.yaml b/defguardDocker/deployment/charts/defguard/templates/grpc-service.yaml
new file mode 100644
index 0000000..edfef6c
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard/templates/grpc-service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    traefik.ingress.kubernetes.io/service.serversscheme: h2c
+  name: {{ include "defguard.fullname" . }}-grpc
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.ports.grpc }}
+      targetPort: grpc
+      protocol: TCP
+      name: grpc
+  selector:
+    {{- include "defguard.selectorLabels" . | nindent 4 }}
diff --git a/defguardDocker/deployment/charts/defguard/templates/ingress-grpc.yaml b/defguardDocker/deployment/charts/defguard/templates/ingress-grpc.yaml
new file mode 100644
index 0000000..189ce8e
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard/templates/ingress-grpc.yaml
@@ -0,0 +1,52 @@
+{{- if .Values.ingress.grpc.enabled -}}
+{{- $fullName := include "defguard.fullname" . -}}
+{{- if and .Values.ingress.grpc.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.grpc.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.grpc.annotations "kubernetes.io/ingress.class" .Values.ingress.grpc.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-grpc
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+  {{- with .Values.ingress.grpc.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.grpc.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.grpc.className }}
+  {{- end }}
+  {{- if .Values.ingress.grpc.tls }}
+  tls:
+    - hosts:
+      - {{ .Values.ingress.grpc.host | quote }}
+      secretName: {{ printf "%s-grpc-tls" .Values.ingress.grpc.host }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.ingress.grpc.host | quote }}
+      http:
+        paths:
+          - path: /
+            {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
+            pathType: ImplementationSpecific
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}-grpc
+                port:
+                  number: {{ .Values.service.ports.grpc }}
+              {{- else }}
+              serviceName: {{ $fullName }}-grpc
+              servicePort: {{ .Values.service.ports.grpc }}
+              {{- end }}
+{{- end }}
diff --git a/defguardDocker/deployment/charts/defguard/templates/ingress-web.yaml b/defguardDocker/deployment/charts/defguard/templates/ingress-web.yaml
new file mode 100644
index 0000000..c53c7c6
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard/templates/ingress-web.yaml
@@ -0,0 +1,52 @@
+{{- if .Values.ingress.web.enabled -}}
+{{- $fullName := include "defguard.fullname" . -}}
+{{- if and .Values.ingress.web.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.web.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.web.annotations "kubernetes.io/ingress.class" .Values.ingress.web.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-web
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+  {{- with .Values.ingress.web.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.web.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.web.className }}
+  {{- end }}
+  {{- if .Values.ingress.web.tls }}
+  tls:
+    - hosts:
+      - {{ .Values.ingress.web.host | quote }}
+      secretName: {{ printf "%s-web-tls" .Values.ingress.web.host }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.ingress.web.host | quote }}
+      http:
+        paths:
+          - path: /
+            {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
+            pathType: ImplementationSpecific
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}-web
+                port:
+                  number: {{ .Values.service.ports.http }}
+              {{- else }}
+              serviceName: {{ $fullName }}-web
+              servicePort: {{ .Values.service.ports.http }}
+              {{- end }}
+{{- end }}
diff --git a/defguardDocker/deployment/charts/defguard/templates/openid-secret.yaml b/defguardDocker/deployment/charts/defguard/templates/openid-secret.yaml
new file mode 100644
index 0000000..ba67053
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard/templates/openid-secret.yaml
@@ -0,0 +1,16 @@
+{{ if not .Values.existingOpenIdSecret }}
+{{- $openIdKey := (genPrivateKey "rsa") | b64enc | quote }}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "defguard.openidSecretName" .)) }}
+{{- if $secret }}
+{{- $openIdKey = index $secret.data "openid-key" }}
+{{- end }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "defguard.openidSecretName" . }}
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+type: Opaque
+data:
+  openid-key: {{ $openIdKey }}
+{{- end }}
diff --git a/defguardDocker/deployment/charts/defguard/templates/postgresql-secret.yaml b/defguardDocker/deployment/charts/defguard/templates/postgresql-secret.yaml
new file mode 100644
index 0000000..efdc2c4
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard/templates/postgresql-secret.yaml
@@ -0,0 +1,19 @@
+{{ if .Values.postgresql.enabled }}
+{{- $password := (randAlpha 16) | b64enc | quote }}
+{{- $postgresPassword := (randAlpha 16) | b64enc | quote }}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.postgresql.auth.existingSecret) }}
+{{- if $secret }}
+{{- $password = index $secret.data "password" }}
+{{- $postgresPassword = index $secret.data "postgres-password" }}
+{{- end }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.postgresql.auth.existingSecret }}
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+type: Opaque
+data:
+  password: {{ $password }}
+  postgres-password: {{ $postgresPassword }}
+{{- end }}
diff --git a/defguardDocker/deployment/charts/defguard/templates/serviceaccount.yaml b/defguardDocker/deployment/charts/defguard/templates/serviceaccount.yaml
new file mode 100644
index 0000000..1efc1cc
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "defguard.serviceAccountName" . }}
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/defguardDocker/deployment/charts/defguard/values.yaml b/defguardDocker/deployment/charts/defguard/values.yaml
new file mode 100644
index 0000000..408019d
--- /dev/null
+++ b/defguardDocker/deployment/charts/defguard/values.yaml
@@ -0,0 +1,75 @@
+affinity: {}
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 10
+cookie:
+  domain: ""
+  insecure: false
+fullnameOverride: ""
+image:
+  pullPolicy: IfNotPresent
+  repository: ghcr.io/defguard/defguard
+  tag: ""
+imagePullSecrets: []
+ingress:
+  grpc:
+    annotations: {}
+    className: ""
+    enabled: true
+    host: defguard-grpc.local
+    tls: false
+  web:
+    annotations: {}
+    className: ""
+    enabled: true
+    host: defguard.local
+    tls: false
+existingJwtSecret: ""
+ldap:
+  admin_group: ""
+  bind_password: ""
+  bind_username: ""
+  enabled: false
+  group_search_base: ""
+  url: ""
+  user_search_base: ""
+nameOverride: ""
+nodeSelector: {}
+existingOpenIdSecret: ""
+podAnnotations: {}
+podLabels: {}
+podSecurityContext: {}
+# sub-chart bitnami/postgresql
+postgresql:
+  enabled: true
+  host: "" # set if using external postgresql ~ enabled: false
+  port: 5432
+  auth:
+    database: defguard
+    existingSecret: postgres-password
+    existingSecretPasswordKey: "" # set if using external postgresql ~ enabled: false
+    username: defguard
+proxyUrl: ""
+publicUrl: "http://defguard.local"
+replicaCount: 1
+resources: {}
+securityContext: {}
+service:
+  ports:
+    grpc: 50055
+    http: 80
+  type: ClusterIP
+serviceAccount:
+  annotations: {}
+  create: true
+tolerations: []
+# sub-chart defguard-proxy
+defguard-proxy:
+  enabled: false
+  publicUrl: "http://enrollment.local"
+  ingress:
+    grpc:
+      host: defguard-proxy-grpc.local
+    web:
+      host: enrollment.local
diff --git a/defguardDocker/deployment/docker-compose/.env.template b/defguardDocker/deployment/docker-compose/.env.template
new file mode 100644
index 0000000..61c2e22
--- /dev/null
+++ b/defguardDocker/deployment/docker-compose/.env.template
@@ -0,0 +1,31 @@
+# The best way to define each secret is to generate random strings with e.g.:
+#
+# openssl rand -base64 48 #this will generate a 48chars random string
+#
+# Please provide secret strings (do not share them) for:
+#
+# Secret used for JWT cryptography
+DEFGUARD_AUTH_SECRET=<YOUR_AUTH_SECRET>
+# Secret used for JWT cryptography in YubiBridge GRPC communication
+DEFGUARD_YUBIBRIDGE_SECRET=<DEFGUARD_YUBIBRIDGE_SECRET>
+# Secret used for JWT cryptography in gateway GRPC communication
+DEFGUARD_GATEWAY_SECRET=<DEFGUARD_GATEWAY_SECRET>
+# Secret used for private cookies cryptography; must be at least 64 characters long
+DEFGUARD_SECRET_KEY=<DEFGUARD_SECRET_KEY>
+# Database password
+DEFGUARD_DB_PASSWORD=<YOUR_DB_PASSWORD>
+# Public URL of your Defguard instance
+# E.g.: https://defguard.mycompany.com
+DEFGUARD_URL=<YOUR_DEFGUARD_URL>
+# Webauthn RP ID (https://w3c.github.io/webauthn/#rp-id)
+# E.g.: defguard.mycompany.com (without http/https)
+DEFGUARD_WEBAUTHN_RP_ID=<YOUR_DEFGUARD_WEBAUTHN_RP_ID>
+# Public URL of your defguard proxy gRPC server
+# DEFGUARD_PROXY_URL=<YOUR_PROXY_GRPC_URL>
+# Public URL of your enrollment service
+# E.g.: https://enrollment.mycompany.com
+# DEFGUARD_ENROLLMENT_URL=<YOUR_PROXY_URL>  # [ENROLLMENT]
+# Token used for VPN gateway authorization
+# DEFGUARD_TOKEN=<GATEWAY_TOKEN>  # [VPN]
+# Enable insecure cookies when not using HTTPS
+# DEFGUARD_COOKIE_INSECURE=true  # [HTTP]
diff --git a/defguardDocker/deployment/docker-compose/docker-compose.yaml b/defguardDocker/deployment/docker-compose/docker-compose.yaml
new file mode 100644
index 0000000..6c8ee79
--- /dev/null
+++ b/defguardDocker/deployment/docker-compose/docker-compose.yaml
@@ -0,0 +1,110 @@
+services:
+  db:
+    image: postgres:15-alpine
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: defguard
+      POSTGRES_USER: defguard
+      POSTGRES_PASSWORD: ${DEFGUARD_DB_PASSWORD}
+    volumes:
+      - ${VOLUME_DIR:-./.volumes}/db:/var/lib/postgresql/data
+    # ports:
+    #   - "5432:5432"
+
+  caddy:  # [PROXY]
+    image: caddy:2.7-alpine  # [PROXY]
+    restart: unless-stopped  # [PROXY]
+    volumes:  # [PROXY]
+      - ${VOLUME_DIR:-./.volumes}/caddy/data:/data  # [PROXY]
+      - ${VOLUME_DIR:-./.volumes}/caddy/config:/config  # [PROXY]
+      - ${VOLUME_DIR:-./.volumes}/caddy/Caddyfile:/etc/caddy/Caddyfile  # [PROXY]
+    ports:  # [PROXY]
+       #http 
+      - "8002:80"  # [PROXY]
+       #https 
+      - "6443:443"  # [PROXY]
+
+  core:
+    image: ghcr.io/defguard/defguard:${CORE_IMAGE_TAG:-latest}
+    restart: unless-stopped
+    environment:
+      DEFGUARD_AUTH_SECRET: ${DEFGUARD_AUTH_SECRET}
+      DEFGUARD_GATEWAY_SECRET: ${DEFGUARD_GATEWAY_SECRET}
+      DEFGUARD_YUBIBRIDGE_SECRET: ${DEFGUARD_YUBIBRIDGE_SECRET}
+      DEFGUARD_SECRET_KEY: ${DEFGUARD_SECRET_KEY}
+      DEFGUARD_DEFAULT_ADMIN_PASSWORD: ${DEFGUARD_DEFAULT_ADMIN_PASSWORD}
+      DEFGUARD_DB_HOST: db
+      DEFGUARD_DB_PORT: 5432
+      DEFGUARD_DB_USER: defguard
+      DEFGUARD_DB_PASSWORD: ${DEFGUARD_DB_PASSWORD}
+      DEFGUARD_DB_NAME: defguard
+      DEFGUARD_URL: ${DEFGUARD_URL}
+      DEFGUARD_LOG_LEVEL: info
+      DEFGUARD_WEBAUTHN_RP_ID: ${DEFGUARD_WEBAUTHN_RP_ID}
+      DEFGUARD_COOKIE_INSECURE: ${DEFGUARD_COOKIE_INSECURE:-false}
+      DEFGUARD_ENROLLMENT_URL: ${DEFGUARD_ENROLLMENT_URL}  # [ENROLLMENT]
+      DEFGUARD_PROXY_URL: https://proxy:50052  # [ENROLLMENT]
+      DEFGUARD_PROXY_GRPC_CA: /ssl/defguard-ca.pem  # [ENROLLMENT]
+      DEFGUARD_GRPC_CERT: /ssl/defguard-grpc.crt
+      DEFGUARD_GRPC_KEY: /ssl/defguard-grpc.key
+      ## RSA setup guide: https://defguard.gitbook.io/defguard/community-features/setting-up-your-instance/docker-compose#openid-rsa-setup
+      DEFGUARD_OPENID_KEY: /keys/rsakey.pem
+      ## LDAP setup guide: https://defguard.gitbook.io/defguard/features/ldap-synchronization-setup
+      # DEFGUARD_LDAP_URL: ldap://localhost:389 # [LDAP]
+      # DEFGUARD_LDAP_BIND_USERNAME: cn=admin,dc=example,dc=org # [LDAP]
+      # DEFGUARD_LDAP_BIND_PASSWORD: password # [LDAP]
+    ports:
+      # web
+      - "9876:8000"
+      # grpc
+      - "50055:50055"
+    depends_on:
+      - db
+    volumes:
+      # SSL setup guide: https://defguard.gitbook.io/defguard/features/setting-up-your-instance/docker-compose#ssl-setup
+      - ${VOLUME_DIR:-./.volumes}/ssl:/ssl
+      ## RSA setup guide: https://defguard.gitbook.io/defguard/community-features/setting-up-your-instance/docker-compose#openid-rsa-setup
+      - ${VOLUME_DIR:-./.volumes}/core/rsakey.pem:/keys/rsakey.pem
+  proxy:  # [ENROLLMENT]
+     image: ghcr.io/defguard/defguard-proxy:${PROXY_IMAGE_TAG:-latest}  # [ENROLLMENT]
+     restart: unless-stopped  # [ENROLLMENT]
+     environment:  # [ENROLLMENT]
+       DEFGUARD_PROXY_GRPC_PORT: 50052  # [ENROLLMENT]
+       DEFGUARD_PROXY_GRPC_CERT: /ssl/defguard-proxy-grpc.crt  # [ENROLLMENT]
+       DEFGUARD_PROXY_GRPC_KEY: /ssl/defguard-proxy-grpc.key  # [ENROLLMENT]
+     volumes:  # [ENROLLMENT]
+       #SSL setup guide: https://defguard.gitbook.io/defguard/features/setting-up-your-instance/docker-compose#ssl-setup
+      - ${VOLUME_DIR:-./.volumes}/ssl:/ssl  # [ENROLLMENT]
+     ports:
+       # web
+      - "8588:8080"
+     depends_on:  # [ENROLLMENT]
+      - core  # [ENROLLMENT]
+
+  gateway:  # [VPN]
+     image: ghcr.io/defguard/gateway:${GATEWAY_IMAGE_TAG:-latest}  # [VPN]
+     restart: unless-stopped  # [VPN]
+     network_mode: "host"  # [VPN]
+     environment:  # [VPN]
+       DEFGUARD_GRPC_URL: https://localhost:50055  # [VPN]
+       DEFGUARD_GRPC_CA: /ssl/defguard-ca.pem  # [VPN]
+       DEFGUARD_STATS_PERIOD: 30  # [VPN]
+       DEFGUARD_TOKEN: ${DEFGUARD_TOKEN}  # [VPN]
+     volumes:  # [VPN]
+      - ${VOLUME_DIR:-./.volumes}/ssl:/ssl  # [VPN]
+     cap_add:  # [VPN]
+      - NET_ADMIN  # [VPN]
+
+  gateway-OpenVPN:  # [VPN]
+     image: ghcr.io/defguard/gateway:${GATEWAY_IMAGE_TAG:-latest}  # [VPN]
+     restart: unless-stopped  # [VPN]
+     network_mode: "host"  # [VPN]
+     environment:  # [VPN]
+       DEFGUARD_GRPC_URL: https://localhost:50055  # [VPN]
+       DEFGUARD_GRPC_CA: /ssl/defguard-ca.pem  # [VPN]
+       DEFGUARD_STATS_PERIOD: 30  # [VPN]
+       DEFGUARD_TOKEN: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJEZWZHdWFyZCIsInN1YiI6IkRFRkdVQVJELU5FVFdPUkstNSIsImNsaWVudF9pZCI6IjUiLCJleHAiOjYwMTkyNjE4NDMsIm5iZiI6MTcyNDI5NDU0OH0.cV9dgj0B7hjT7LaLqbZ0sp8u-Fl71X13mnDppFXaD4E
+     volumes:  # [VPN]
+      - ${VOLUME_DIR:-./.volumes}/ssl:/ssl  # [VPN]
+     cap_add:  # [VPN]
+      - NET_ADMIN  # [VPN]
diff --git a/defguardDocker/deployment/docker-compose/setup.log.rGByG7 b/defguardDocker/deployment/docker-compose/setup.log.rGByG7
new file mode 100644
index 0000000..e69de29
diff --git a/defguardDocker/deployment/docker-compose/setup.sh b/defguardDocker/deployment/docker-compose/setup.sh
new file mode 100755
index 0000000..e99814b
--- /dev/null
+++ b/defguardDocker/deployment/docker-compose/setup.sh
@@ -0,0 +1,890 @@
+#!/usr/bin/env bash
+# shellcheck shell=bash
+
+# This is a script that sets up an entire defguard instance (including core,
+# gateway, enrollment proxy and reverse proxy). It's goal is to prepare
+# a working instance by running a single command.
+
+set -o errexit  # abort on nonzero exitstatus
+set -o pipefail # don't hide errors within pipes
+
+# Global variables
+VERSION="1.0.2"
+SECRET_LENGTH=64
+PASSWORD_LENGTH=16
+
+VOLUME_DIR=".volumes"
+SSL_DIR="${VOLUME_DIR}/ssl"
+RSA_DIR="${VOLUME_DIR}/core"
+
+COMPOSE_FILE="docker-compose.yaml"
+ENV_FILE=".env"
+LOG_FILE=$(mktemp setup.log.XXXXXX)
+
+BASE_COMPOSE_FILE_URL="https://raw.githubusercontent.com/DefGuard/deployment/main/docker-compose/docker-compose.yaml"
+BASE_ENV_FILE_URL="https://raw.githubusercontent.com/DefGuard/deployment/main/docker-compose/.env.template"
+
+CORE_IMAGE_TAG="${CORE_IMAGE_TAG:-latest}"
+GATEWAY_IMAGE_TAG="${GATEWAY_IMAGE_TAG:-latest}"
+PROXY_IMAGE_TAG="${PROXY_IMAGE_TAG:-latest}"
+
+
+#####################
+### MAIN FUNCTION ###
+#####################
+
+main() {
+  is_utf_term
+  is_term_color
+  tput reset
+	print_header
+
+	# display help `--help` argument is found
+	for i in $*; do
+		test "$i" == "--help" && print_usage && exit 0
+
+    # run non interactive
+    if [[ "$i" == "--non-interactive" ]]; then
+		    CFG_NON_INTERACTIVE=1
+        # we need to remove this element from $* or getopt will return an error
+        set -- $(remove_element "$i" $*)
+    fi
+
+    # configure https
+    if [[ "$i" == "--use-https" ]]; then
+		    CFG_USE_HTTPS=1
+        # we need to remove this element from $* or getopt will return an error
+        set -- $(remove_element "$i" $*)
+    fi
+	done
+
+  #
+  # First let's gather the ENV/command line variables
+  #
+
+	# load configuration from env variables
+	load_configuration_from_env
+
+	# load configuration from CLI options
+	load_configuration_from_cli "$@"
+
+	# load configuration from user inputs
+	if [ X$CFG_VOLUME_DIR != X ]; then
+    VOLUME_DIR=${CFG_VOLUME_DIR}
+    SSL_DIR="${VOLUME_DIR}/ssl"
+    RSA_DIR="${VOLUME_DIR}/core"
+	fi
+
+  export VOLUME_DIR
+
+  # We have enough to check the enviromnent
+	# so check if necessary tools are available
+	check_environment
+
+	# load configuration from user inputs
+	if ! [ $CFG_NON_INTERACTIVE ]; then
+		load_configuration_from_input
+	fi
+
+	# check that all required configuration options are set
+	validate_required_variables
+
+	# generate external service URLs based on config
+	generate_external_urls
+
+	# print out config
+	print_config
+
+	# set current working directory
+	WORK_DIR_PATH=$(pwd)
+
+	# setup RSA & SSL keys
+	setup_keys
+
+	# generate caddyfile
+	create_caddyfile
+
+	# generate `.env` file
+	generate_env_file
+
+	# enable insecure cookies if not using HTTPS
+	if ! [ "$CFG_USE_HTTPS" ]; then
+		uncomment_feature "HTTP" "${PROD_ENV_FILE}"
+	fi
+
+	# generate base docker-compose file
+	PROD_COMPOSE_FILE="${WORK_DIR_PATH}/${COMPOSE_FILE}"
+	if [ -f "$PROD_COMPOSE_FILE" ]; then
+		echo -n " ${TXT_BEGIN} Using existing docker-compose file at ${PROD_COMPOSE_FILE}... "
+		print_confirmation
+	else
+		fetch_base_compose_file
+	fi
+
+	# enable reverse proxy in compose file
+	uncomment_feature "PROXY" "${PROD_COMPOSE_FILE}"
+
+	# enable enrollment service in compose file
+	if [ "$CFG_ENABLE_ENROLLMENT" ]; then
+		enable_enrollment
+	fi
+
+	# fetch latest images
+	echo " ${TXT_BEGIN} Fetching latest Docker images: "
+	$COMPOSE_CMD -f "${PROD_COMPOSE_FILE}" --env-file "${PROD_ENV_FILE}" pull
+
+	# enable and setup VPN gateway
+	if [ "$CFG_ENABLE_VPN" ]; then
+		enable_vpn_gateway
+	fi
+
+	# start docker-compose stack
+	echo " ${TXT_BEGIN} Starting docker-compose stack"
+	$COMPOSE_CMD -f "${PROD_COMPOSE_FILE}" --env-file "${PROD_ENV_FILE}" up -d
+	if [ $? -ne 0 ]; then
+		echo >&2 "ERROR: failed to start docker-compose stack"
+		exit 1
+	fi
+
+	print_instance_summary
+}
+
+########################
+### HELPER FUNCTIONS ###
+########################
+
+check_character_support() {
+    local char="$1"
+    echo -e "$char" | grep -q "$char"
+}
+
+is_utf_term() {
+  if check_character_support "√"; then
+    TXT_CHECK="✓"
+    TXT_BEGIN="▶"
+    TXT_SUB="▷"
+    TXT_STAR="★"
+    TXT_X="✗"
+    TXT_INPUT="✍"
+  else
+    TXT_CHECK="+"
+    TXT_BEGIN=">>"
+    TXT_SUB=">"
+    TXT_STAR="*"
+    TXT_X="x"
+    TXT_INPUT=" ::"
+  fi
+}
+
+is_term_color() {
+
+  if [[ $TERM == *"256"* ]]; then
+    C_RED="\033[31m"
+    C_GREEN="\033[32m"
+    C_YELLOW="\033[33m"
+    C_BLUE="\033[34m"
+    C_WHITE="\033[37m"
+    C_GREY="\033[90m"
+
+    C_LRED="\033[91m"
+    C_LGREEN="\033[92m"
+    C_LYELLOW="\033[93m"
+    C_LBLUE="\033[94m"
+
+    C_BOLD="\033[1m"
+    C_ITALICS="\033[3m"
+    C_BG_GREY="\033[100m"
+    C_END="\033[0m"
+  else
+    C_RED=""
+    C_GREEN=""
+    C_YELLOW=""
+    C_BLUE=""
+    C_WHITE=""
+    C_GREY=""
+
+    C_LRED=""
+    C_LGREEN=""
+    C_LYELLOW=""
+    C_LBLUE=""
+
+    C_BOLD=""
+    C_ITALICS=""
+    C_BG_GREY=""
+    C_END=""
+  fi
+}
+
+# remove array element
+remove_element() {
+    local remove=$1
+    local result=()
+    for element in "$@"; do
+        if [[ "$element" != "$remove" ]]; then
+            result+=("$element")
+        fi
+    done
+    echo "${result[@]}"
+}
+
+# Function to convert relative path to absolute path
+to_absolute_path() {
+    local path="$1"
+    if [[ "${path:0:1}" != "/" ]]; then
+        path="$(cd "$(dirname "$path")" && pwd)/$(basename "$path")"
+    fi
+    echo ${path}
+}
+
+print_header() {
+  echo -e "${C_LBLUE}"
+  cat << _EOF_
+           #                                                                    
+      ##   #                                                                    
+    ##  ## #        #              ##                                        #  
+  ##      ##        #             #         #                                #  
+  #   ##   #   #### #    ####   #####   ####    #     #    ####    ###  #### #  
+  # ##  ##    #    ##   #    ##   #    #    #   #     #   #    #  #    #    ##  
+  ##      ##  #     #  ########   #    #    #   #     #        #  #    #     #  
+  # ##  ## #  #     #  ##         #    #####    #     #   ######  #    #     #  
+  #   ##   #  #    ##   #     #   #    #        #     #  #     #  #    #    ##  
+  ##      ##   #### #    #####    #    #######   #### #   #### #  #     #### #  
+    ##  ## #                          #       #                                 
+      ##   #                           #######                                  
+          #                                                                     
+_EOF_
+  echo -e "${C_END}"
+  echo
+	echo "defguard docker-compose deployment setup script v${VERSION}"
+	echo -e "Copyright (C) 2023-2024 ${C_BOLD}teonite${C_END} <${C_BG_GREY}${C_YELLOW}https://teonite.com${C_END}>"
+	echo
+}
+
+print_confirmation() {
+	echo -e " ${C_LGREEN}${TXT_CHECK}${C_END} "
+}
+
+print_usage() {
+
+	echo "Usage: ${BASENAME} [options]"
+	echo
+	echo 'Available options:'
+	echo
+	echo -e "\t--help                         this help message"
+	echo -e "\t--non-interactive              run in non-interactive mode - !REQUIRES SETTING all options/env vars"
+	echo -e "\t--domain <domain>              domain where defguard web UI will be available"
+	echo -e "\t--enrollment-domain <domain>   domain where enrollment service will be available"
+	echo -e "\t--use-https                    configure reverse proxy to use HTTPS"
+	echo -e "\t--volume <directory>           Docker volumes directory - default: ${VOLUME_DIR}"
+	echo -e "\t--vpn-name <name>              VPN location name"
+	echo -e "\t--vpn-ip <address>             VPN server address & netmask (e.g. 10.0.50.1/24)"
+  echo -e "\t--vpn-gateway-ip <ip>          VPN gateway external IP (! NOT DOMAIN - IP)"
+  echo -e "\t--vpn-gateway-port <port>      VPN gateway external port (your clients connect here)"
+	echo
+}
+
+command_exists() {
+	local command="$1"
+	command -v "$command" >/dev/null 2>&1
+}
+
+command_exists_check() {
+	local command="$1"
+	if ! command_exists "$command"; then
+		echo >&2 "ERROR: $command command not found"
+		echo >&2 "ERROR: dependency failed, exiting..."
+		exit 2
+	fi
+}
+
+check_environment() {
+	echo -n " ${TXT_BEGIN} Checking if all required tools are available..."
+	# compose can be provided by newer docker versions or a separate docker-compose
+	docker compose version >/dev/null 2>&1
+	if [ $? = 0 ]; then
+		COMPOSE_CMD="docker compose"
+	else
+		if command_exists docker-compose; then
+			COMPOSE_CMD="docker-compose"
+		else
+      echo
+			echo >&2 "ERROR: docker-compose or docker compose command not found"
+			echo >&2 "ERROR: dependency failed, exiting..."
+			exit 3
+		fi
+	fi
+
+	command_exists_check openssl
+	command_exists_check curl
+	command_exists_check grep
+
+  # Check if the volume dir is an absolute path since docker requires it
+  VOLUME_DIR=$(to_absolute_path "${VOLUME_DIR}")
+
+  if [ -d ${VOLUME_DIR} ]; then
+      echo
+			echo >&2 "ERROR: volume directory: ${VOLUME_DIR} exists."
+			echo >&2 "ERROR: this means, I would overwrite the configuration, database and certificates."
+			echo >&2 "ERROR: please backup or remove the volume directory."
+      exit 3
+  fi
+
+  # create all necessary directories
+  for dir in ${VOLUME_DIR} ${SSL_DIR} ${RSA_DIR}; do
+    mkdir ${dir}
+    if [ $? -ne 0 ]; then
+      echo >&2 "ERROR: cloud not create volume directory: ${dir}"
+      exit 3
+    fi
+  done
+
+	print_confirmation
+}
+
+load_configuration_from_env() {
+	echo -n " ${TXT_BEGIN} Loading configuration from environment variables... "
+	# required variables
+	CFG_DOMAIN="$DEFGUARD_DOMAIN"
+
+	# optional variables
+	CFG_VOLUME_DIR="$DEFGUARD_VOLUME_DIR"
+	CFG_VPN_NAME="$DEFGUARD_VPN_NAME"
+	CFG_VPN_IP="$DEFGUARD_VPN_IP"
+	CFG_VPN_GATEWAY_IP="$DEFGUARD_VPN_GATEWAY_IP"
+	CFG_VPN_GATEWAY_PORT="$DEFGUARD_VPN_GATEWAY_PORT"
+	CFG_ENROLLMENT_DOMAIN="$DEFGUARD_ENROLLMENT_DOMAIN"
+  if ! [ $CFG_USE_HTTPS ]; then
+	  CFG_USE_HTTPS="$DEFGUARD_USE_HTTPS"
+  fi
+
+	print_confirmation
+}
+
+load_configuration_from_cli() {
+	echo -n " ${TXT_BEGIN} Loading configuration from CLI arguments... "
+
+	ARGUMENT_LIST=(
+		"domain"
+		"enrollment-domain"
+		"volume"
+		"vpn-name"
+		"vpn-ip"
+		"vpn-gateway-ip"
+		"vpn-gateway-port"
+	)
+
+	# read arguments
+	opts=$(
+		getopt \
+			--longoptions "$(printf "%s:," "${ARGUMENT_LIST[@]}")" \
+			--name "$(basename "$0")" \
+			--options "" \
+			-- "$@"
+	)
+
+	eval set --$opts
+
+	while [[ $# -gt 0 ]]; do
+		case "$1" in
+		--domain)
+			CFG_DOMAIN=$2
+			shift 2
+			;;
+
+		--enrollment-domain)
+			CFG_ENROLLMENT_DOMAIN=$2
+			shift 2
+			;;
+
+		--volume)
+			CFG_VOLUME_DIR=$2
+			shift 2
+			;;
+
+		--vpn-name)
+			CFG_VPN_NAME=$2
+			shift 2
+			;;
+
+		--vpn-ip)
+			CFG_VPN_IP=$2
+			shift 2
+			;;
+
+		--vpn-gateway-ip)
+			CFG_VPN_GATEWAY_IP=$2
+			shift 2
+			;;
+
+		--vpn-gateway-port)
+			CFG_VPN_GATEWAY_PORT=$2
+			shift 2
+			;;
+
+		*)
+			break
+			;;
+		esac
+	done
+
+	print_confirmation
+}
+
+load_configuration_from_input() {
+  echo -ne "${C_ITALICS}${C_LBLUE}"
+  cat << _EOF_
+
+Please provide the values to configure your defguard instance. If you've
+already configured some options by setting environment variables or through
+CLI options, those will be used as defaults.
+
+If you prefer to disable this user input section, please restart the script
+with --non-interactive CLI flag.
+
+_EOF_
+
+echo -ne "${C_GREY}"
+cat << _EOF_
+
+Choose domains that will be used to expose your instance through Caddy
+reverse proxy. defguard uses a separate domain for the Web UI, and for
+the optional enrollment/desktop client configuration/password reset
+service.
+
+If you don't provide any domain for the enrollment service, the service
+itself will not be deployed.
+
+You can also enable HTTPS here (highly recommended), which will configure
+Caddy to automatically provision SSL certificates.
+_EOF_
+
+echo -ne "${C_BOLD}"
+cat << _EOF_
+
+Please note that this requires your server to have a public IP address
+and public DNS records for your chosen domains to be configured
+correctly (pointing to your server's IP address).
+
+_EOF_
+
+  echo -ne "${C_END}"
+
+  echo -e "  ${C_BOLD}${C_GREEN}${TXT_STAR} General config ${TXT_STAR}${C_END}\n"
+
+  while [ X${domain} = "X" ]; do
+    echo -ne "${C_YELLOW}${TXT_INPUT}${C_END} "
+	  read -p "Enter defguard domain [default: ${CFG_DOMAIN}]: " domain
+	  if [ "$domain" ]; then
+		  CFG_DOMAIN="$domain"
+	  fi
+  done
+
+  echo -ne "${C_YELLOW}${TXT_INPUT}${C_END} "
+	read -p "Enter enrollment domain [default: ${CFG_ENROLLMENT_DOMAIN}]: " enroll
+	if [ "$enroll" ]; then
+		CFG_ENROLLMENT_DOMAIN="$enroll"
+	fi
+
+	use_https_bool_value="false"
+	if [ $CFG_USE_HTTPS ]; then use_https_bool_value="true"; fi
+  echo -ne "${C_YELLOW}${TXT_INPUT}${C_END} "
+	read -p "Use HTTPS [default: ${use_https_bool_value}]: " https
+	if [ "$https" ]; then
+		CFG_USE_HTTPS=1
+	fi
+
+  echo
+  echo -e "  ${C_BOLD}${C_GREEN}${TXT_STAR} WireGuard VPN${TXT_STAR}${C_END}\n"
+
+  echo -ne "${C_ITALICS}${C_GREY}"
+  cat << _EOF_
+
+If you wish to configure and deploy WireGuard VPN gateway, please
+provide your VPN location name. To skip, just press enter and VPN will
+not be configured.
+_EOF_
+
+  echo -ne "${C_END}\n"
+
+  echo -ne "${C_YELLOW}${TXT_INPUT}${C_END} "
+	read -p "Enter VPN location name [default: ${CFG_VPN_NAME}]: " vpn_name
+	if [ "$vpn_name" ]; then
+		CFG_VPN_NAME="$vpn_name"
+	fi
+
+	if [ "$CFG_VPN_NAME" ]; then
+    while [ X${vpn_ip} = "X" ]; do
+      echo -ne "${C_YELLOW}${TXT_INPUT}${C_END} "
+		  read -p "Enter VPN server address and subnet (e.g. 10.0.60.1/24) [default: ${CFG_VPN_IP}]: " vpn_ip
+		  if [ "$vpn_ip" ]; then
+			  CFG_VPN_IP="$vpn_ip"
+		  fi
+    done
+
+    echo -ne "${C_ITALICS}${C_GREY}"
+    cat << _EOF_
+
+Now we'll configure a public endpoint (IP + port) that your WireGuard
+client devices will use to safely connect to your gateway from the
+public internet.
+		
+Since we'll be starting the gateway on this server the IP address should
+be the same as your server's public IP address. 
+_EOF_
+    echo -ne "${C_BOLD}"
+    cat << _EOF_
+Please also remember that your firewall should be configured
+to allow incoming UDP traffic on the chosen WireGuard port.
+_EOF_
+		
+    echo -ne "${C_END}"
+
+    while [ X${public_ip} = "X" ]; do
+      echo -ne "${C_YELLOW}${TXT_INPUT}${C_END} "
+      read -p "Enter VPN gateway public IP (no domains!) [default: ${CFG_VPN_GATEWAY_IP}]: " public_ip
+		  if [ "$public_ip" ]; then
+			  CFG_VPN_GATEWAY_IP="$public_ip"
+		  fi
+    done
+
+    while [ X${public_port} = "X" ]; do
+      echo -ne "${C_YELLOW}${TXT_INPUT}${C_END} "
+		  read -p "Enter VPN gateway public port [default: ${CFG_VPN_GATEWAY_PORT}]: " public_port
+		  if [ "$public_port" ]; then
+			  CFG_VPN_GATEWAY_PORT="$public_port"
+		  fi
+    done
+
+  else
+    echo -e "  ${C_BOLD}${C_RED}${TXT_X} ${C_GREY} WireGuard VPN skipped${C_END}\n"
+	fi
+
+	echo
+	echo -e "${C_BOLD}${C_GREEN}Thank you. We'll now proceed with the deployment using provided values.${C_END}"
+}
+
+check_required_variable() {
+	local var_name="$1"
+	if [ -z "${!var_name}" ]; then
+		echo >&2 "ERROR: ${var_name} configuration option not set"
+		exit 4
+	fi
+}
+
+validate_required_variables() {
+	echo -n " ${TXT_BEGIN} Validating configuration options..."
+	check_required_variable "CFG_DOMAIN"
+
+	# if VPN name is given validate other VPN configurations are present
+	if [ "$CFG_VPN_NAME" ]; then
+		CFG_ENABLE_VPN=1
+		check_required_variable "CFG_VPN_IP"
+		check_required_variable "CFG_VPN_GATEWAY_IP"
+		check_required_variable "CFG_VPN_GATEWAY_PORT"
+	fi
+
+	print_confirmation
+}
+
+generate_external_urls() {
+	# prepare full defguard URL
+	if [ $CFG_USE_HTTPS ]; then
+		CFG_DEFGUARD_URL="https://${CFG_DOMAIN}"
+	else
+		CFG_DEFGUARD_URL="http://${CFG_DOMAIN}"
+	fi
+
+	# prepare full enrollment URL
+	if [ "$CFG_ENROLLMENT_DOMAIN" ]; then
+		CFG_ENABLE_ENROLLMENT=1
+		if [ "$CFG_USE_HTTPS" ]; then
+			CFG_ENROLLMENT_URL="https://${CFG_ENROLLMENT_DOMAIN}"
+		else
+			CFG_ENROLLMENT_URL="http://${CFG_ENROLLMENT_DOMAIN}"
+		fi
+	fi
+}
+
+print_config() {
+  echo
+	echo " ${TXT_BEGIN} Setting up your defguard instance with following config:"
+  echo
+	echo -e "   ${TXT_SUB} data volume: ${C_BOLD}${VOLUME_DIR}${C_END}"
+  echo
+	echo -e "   ${TXT_SUB} domain: ${C_BOLD}${CFG_DOMAIN}${C_END}"
+	echo -e "   ${TXT_SUB} web UI URL: ${C_BOLD}${CFG_DEFGUARD_URL}${C_END}"
+
+	if [ "$CFG_VPN_NAME" ]; then
+		echo -e "   ${TXT_SUB} VPN location name: ${C_BOLD}${CFG_VPN_NAME}${C_END}"
+		echo -e "   ${TXT_SUB} VPN address: ${C_BOLD}${CFG_VPN_IP}${C_END}"
+		echo -e "   ${TXT_SUB} VPN gateway IP: ${C_BOLD}${CFG_VPN_GATEWAY_IP}${C_END}"
+		echo -e "   ${TXT_SUB} VPN gateway port: ${C_BOLD}${CFG_VPN_GATEWAY_PORT}${C_END}"
+	fi
+
+	if [ "$CFG_ENROLLMENT_DOMAIN" ]; then
+		echo -e "   ${TXT_SUB} Enrollment service domain: ${C_BOLD}${CFG_ENROLLMENT_DOMAIN}${C_END}"
+		echo -e "   ${TXT_SUB} Enrollment service URL: ${C_BOLD}${CFG_ENROLLMENT_URL}${C_END}"
+	fi
+  echo
+	echo -e " ${TXT_BEGIN} All executed command's results are in log file: ${C_BOLD}${LOG_FILE}${C_END}"
+	echo
+}
+
+setup_keys() {
+	echo " ${TXT_BEGIN} Setting up SSL certificates and RSA keys..."
+	if [ -d ${SSL_DIR} -a "$(ls -A ${SSL_DIR})" ]; then
+		echo "   ${TXT_SUB} Using existing SSL certificates from ${SSL_DIR}"
+	else
+		generate_certs
+	fi
+
+	if [ -d ${RSA_DIR} -a "$(ls -A ${RSA_DIR})" ]; then
+		echo "   ${TXT_SUB} Using existing RSA keys from ${RSA_DIR}."
+	else
+		generate_rsa
+	fi
+}
+
+generate_certs() {
+	echo " ${TXT_BEGIN} Creating new SSL certificates in ${SSL_DIR}..."
+	mkdir -p ${SSL_DIR}
+
+	PASSPHRASE=$(generate_secret)
+
+	echo "PEM passphrase for SSL certificates set to '${PASSPHRASE}'."
+
+	# generate private key for CA
+	openssl genrsa -des3 -out ${SSL_DIR}/defguard-ca.key -passout pass:"${PASSPHRASE}" 2048 2>&1 >> ${LOG_FILE}
+	# generate Root Certificate
+	#	TODO: allow configuring CA parameters
+	openssl req -x509 -new -nodes -key ${SSL_DIR}/defguard-ca.key -sha256 -days 1825 -out ${SSL_DIR}/defguard-ca.pem -passin pass:"${PASSPHRASE}" -subj "/C=PL/ST=Zachodniopomorskie/L=Szczecin/O=Example/OU=IT Department/CN=${CFG_DOMAIN}" 2>&1 >> ${LOG_FILE}
+
+	# generate CA-signed certificate for defguard gRPC
+	openssl genrsa -out ${SSL_DIR}/defguard-grpc.key 2048 2>&1 >> ${LOG_FILE}
+
+	openssl req -new -key ${SSL_DIR}/defguard-grpc.key -out ${SSL_DIR}/defguard-grpc.csr -subj "/C=PL/ST=Zachodniopomorskie/L=Szczecin/O=Example/OU=IT Department/CN=${CFG_DOMAIN}" 2>&1 >> ${LOG_FILE}
+	cat >${SSL_DIR}/defguard-grpc.ext <<EOF
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = ${CFG_DOMAIN}
+DNS.2 = core
+DNS.3 = localhost
+EOF
+	openssl x509 -req -in ${SSL_DIR}/defguard-grpc.csr -CA ${SSL_DIR}/defguard-ca.pem -CAkey ${SSL_DIR}/defguard-ca.key -passin pass:"${PASSPHRASE}" -CAcreateserial \
+		-out ${SSL_DIR}/defguard-grpc.crt -days 1000 -sha256 -extfile ${SSL_DIR}/defguard-grpc.ext 2>&1 >> ${LOG_FILE}
+
+	# generate CA-signed certificate for defguard proxy gRPC
+  openssl genrsa -out ${SSL_DIR}/defguard-proxy-grpc.key 2048 2>&1 >> ${LOG_FILE}
+
+  openssl req -new -key ${SSL_DIR}/defguard-proxy-grpc.key -out ${SSL_DIR}/defguard-proxy-grpc.csr -subj "/C=PL/ST=Zachodniopomorskie/L=Szczecin/O=Example/OU=IT Department/CN=${CFG_DOMAIN}" 2>&1 >> ${LOG_FILE}
+  cat >${SSL_DIR}/defguard-proxy-grpc.ext <<EOF
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = proxy
+DNS.2 = localhost
+EOF
+  openssl x509 -req -in ${SSL_DIR}/defguard-proxy-grpc.csr -CA ${SSL_DIR}/defguard-ca.pem -CAkey ${SSL_DIR}/defguard-ca.key -passin pass:"${PASSPHRASE}" -CAcreateserial \
+    -out ${SSL_DIR}/defguard-proxy-grpc.crt -days 1000 -sha256 -extfile ${SSL_DIR}/defguard-proxy-grpc.ext 2>&1 >> ${LOG_FILE}
+}
+
+generate_rsa() {
+	echo "Generating RSA keys in ${RSA_DIR}..."
+	mkdir -p ${RSA_DIR}
+	openssl genpkey -out ${RSA_DIR}/rsakey.pem -algorithm RSA -pkeyopt rsa_keygen_bits:2048 2>&1 >> ${LOG_FILE}
+
+}
+
+generate_secret() {
+	generate_secret_inner "${SECRET_LENGTH}"
+}
+
+generate_password() {
+	generate_secret_inner "${PASSWORD_LENGTH}"
+}
+
+generate_secret_inner() {
+	local length="$1"
+	openssl rand -base64 ${length} | tr -d "=+/" | tr -d '\n' | cut -c1-${length-1} 
+}
+
+create_caddyfile() {
+	caddy_volume_path="${VOLUME_DIR}/caddy"
+	caddyfile_path="${caddy_volume_path}/Caddyfile"
+	mkdir -p ${caddy_volume_path}
+
+	cat >${caddyfile_path} <<EOF
+${CFG_DEFGUARD_URL} {
+	reverse_proxy core:8000
+}
+
+EOF
+
+	if [ "$CFG_ENABLE_ENROLLMENT" ]; then
+		cat >>${caddyfile_path} <<EOF
+${CFG_ENROLLMENT_URL} {
+	reverse_proxy proxy:8080
+}
+
+EOF
+	fi
+
+	cat >>${caddyfile_path} <<EOF
+:80 {
+    respond 404
+}
+:443 {
+    respond 404
+}
+
+EOF
+}
+
+fetch_base_compose_file() {
+		echo -n " ${TXT_BEGIN} Fetching base compose file to ${PROD_COMPOSE_FILE}... "
+
+	curl --proto '=https' --tlsv1.2 -sSf "${BASE_COMPOSE_FILE_URL}" -o "${PROD_COMPOSE_FILE}" 2>&1 >> ${LOG_FILE}
+
+	print_confirmation
+}
+
+generate_env_file() {
+	PROD_ENV_FILE="${WORK_DIR_PATH}/${ENV_FILE}"
+	fetch_base_env_file
+  update_env_file
+
+	print_confirmation
+}
+
+fetch_base_env_file() {
+	echo -e " ${TXT_BEGIN} Fetching base ${ENV_FILE} file for compose stack..."
+
+	curl --proto '=https' --tlsv1.2 -sSf "${BASE_ENV_FILE_URL}" -o "${PROD_ENV_FILE}" 2>&1 >> ${LOG_FILE}	
+  print_confirmation
+}
+
+update_env_file() {
+	echo -n " ${TXT_BEGIN} Setting environment variables in ${ENV_FILE} file for compose stack..."
+
+	# set image versions
+	set_env_file_value "CORE_IMAGE_TAG" "${CORE_IMAGE_TAG}"
+	set_env_file_value "PROXY_IMAGE_TAG" "${PROXY_IMAGE_TAG}"
+	set_env_file_value "GATEWAY_IMAGE_TAG" "${GATEWAY_IMAGE_TAG}"
+
+	# fill in values
+	set_env_file_secret "DEFGUARD_AUTH_SECRET"
+	set_env_file_secret "DEFGUARD_YUBIBRIDGE_SECRET"
+	set_env_file_secret "DEFGUARD_GATEWAY_SECRET"
+	set_env_file_secret "DEFGUARD_SECRET_KEY"
+
+	# use existing password if set in env variable
+	if [ "$DEFGUARD_DB_PASSWORD" ]; then
+		set_env_file_value "DEFGUARD_DB_PASSWORD" "${DEFGUARD_DB_PASSWORD}"
+	else
+		set_env_file_password "DEFGUARD_DB_PASSWORD"
+	fi
+
+	DEFGUARD_DEFAULT_ADMIN_PASSWORD="$(generate_password)"
+	set_env_file_value "DEFGUARD_DEFAULT_ADMIN_PASSWORD" "${DEFGUARD_DEFAULT_ADMIN_PASSWORD}"
+
+	set_env_file_value "DEFGUARD_URL" "${CFG_DEFGUARD_URL}"
+	set_env_file_value "DEFGUARD_WEBAUTHN_RP_ID" "${CFG_DOMAIN}"
+  print_confirmation
+}
+
+set_env_file_value() {
+	# make sure variable exists in file
+	grep -qF "${1}=" "${PROD_ENV_FILE}" || echo "${1}=" >>"${PROD_ENV_FILE}"
+	sed -i "s@\(${1}\)=.*@\1=${2}@" "${PROD_ENV_FILE}"
+}
+
+set_env_file_secret() {
+	set_env_file_value "${1}" "$(generate_secret)" "${PROD_ENV_FILE}"
+}
+
+set_env_file_password() {
+	set_env_file_value "${1}" "$(generate_password)" "${PROD_ENV_FILE}"
+}
+
+uncomment_feature() {
+	sed -i "s@# \(.*\) # \[${1}\]@\1@" "${2}"
+}
+
+enable_enrollment() {
+	echo -n " ${TXT_BEGIN} Enabling enrollment proxy service in compose file..."
+
+	# update .env file
+	uncomment_feature "ENROLLMENT" "${PROD_ENV_FILE}"
+	set_env_file_value "DEFGUARD_ENROLLMENT_URL" "${CFG_ENROLLMENT_URL}"
+
+	# update compose file
+	uncomment_feature "ENROLLMENT" "${PROD_COMPOSE_FILE}"
+
+	print_confirmation
+}
+
+enable_vpn_gateway() {
+	echo " ${TXT_BEGIN} Enabling VPN gateway service..."
+
+	uncomment_feature "VPN" "${PROD_COMPOSE_FILE}"
+	uncomment_feature "VPN" "${PROD_ENV_FILE}"
+
+	# fetch latest image
+	echo "   ${TXT_SUB} Fetching latest gateway image..."
+	$COMPOSE_CMD -f "${PROD_COMPOSE_FILE}" --env-file "${PROD_ENV_FILE}" pull gateway
+
+	# create VPN location
+	echo " ${TXT_BEGIN} Adding VPN to core & generating gateway token..."
+  VPN_NETWORK=`echo ${CFG_VPN_IP} | awk -F'[./]' '{print $1"."$2"."$3".0/"$5}'`
+	token=$($COMPOSE_CMD -f "${PROD_COMPOSE_FILE}" --env-file "${PROD_ENV_FILE}" run core init-vpn-location --name "${CFG_VPN_NAME}" --address "${CFG_VPN_IP}" --endpoint "${CFG_VPN_GATEWAY_IP}" --port "${CFG_VPN_GATEWAY_PORT}" --allowed-ips "${VPN_NETWORK}" | tail -n 1)
+	if [ $? -ne 0 ]; then
+		echo >&2 "ERROR: failed to create VPN network"
+		exit 1
+	fi
+
+	# add gateway token to .env file
+	set_env_file_value "DEFGUARD_TOKEN" "${token}"
+}
+
+print_instance_summary() {
+	echo
+	echo -e "${C_LGREEN} ${TXT_CHECK} defguard setup finished successfully${C_END}"
+  echo
+	echo "If your DNS configuration is correct your defguard instance should be available at:"
+	echo
+	echo -e "\t${TXT_SUB} Web UI: ${C_BOLD}${CFG_DEFGUARD_URL}${C_END}"
+	if [ "$CFG_ENABLE_ENROLLMENT" ]; then
+		echo -e "\t${TXT_SUB} Enrollment service: ${C_BOLD}${CFG_ENROLLMENT_URL}${C_END}"
+	fi
+	echo
+	echo -e " ${TXT_BEGIN} You can log into the UI using the default admin user:"
+	echo
+	echo -e "\t${TXT_SUB} username: ${C_BOLD}admin${C_END}"
+	echo -e "\t${TXT_SUB} password: ${C_BOLD}${DEFGUARD_DEFAULT_ADMIN_PASSWORD}${C_END}"
+	echo
+	if [ "$CFG_ENABLE_VPN" ]; then
+  		echo -e "\t\tVPN server public endpoint is ${C_BOLD}${CFG_VPN_GATEWAY_IP}:${CFG_VPN_GATEWAY_PORT}${C_END}"
+  		echo -e "\t\tVPN network is ${C_BOLD}${VPN_NETWORK}${C_END}"
+  		echo -e "\t\t! Make sure your firewall allows external UDP traffic to port ${C_BOLD}${CFG_VPN_GATEWAY_PORT}${C_END} !"
+      echo
+      echo -e "\t\tTo test if the VPN is working: ping ${CFG_VPN_IP} (after connecting to VPN)"
+  fi
+	echo
+	echo -e "Files used to deploy your instance are stored in:"
+	echo -e "\t docker compose file: ${C_BOLD}${PROD_COMPOSE_FILE}${C_END}"
+	echo -e "\t docker compose environment: ${C_BOLD}${PROD_ENV_FILE}${C_END}"
+  echo
+  echo -e "Persistent data (docker volumes) is stored in ${C_BOLD}${VOLUME_DIR}${C_END}"
+  echo
+  echo -e " ${C_YELLOW}${TXT_STAR} To support our work, please star us on GitHub! ${TXT_STAR}${C_END}"
+  echo -e " ${C_YELLOW}${TXT_STAR} https://github.com/defguard/defguard ${TXT_STAR}${C_END}"
+  echo
+}
+
+# run main function
+main "$@" || exit 1
diff --git a/defguardDocker/deployment/docs/header.png b/defguardDocker/deployment/docs/header.png
new file mode 100644
index 0000000000000000000000000000000000000000..3a02a4d5826bd813edede36f83bad4e80d2f6ed7
GIT binary patch
literal 24820
zcmeF1XH-*5^yq^KC{?9*uU<iVZ=s0@sPq!5G?8AFCcP;tAgJ^bLJ<O?gbs!-LIi}+
zL+FYaNC-8d2VT7Yx8CRX^{w@?R+7nN_Bk_q_UyCw%<r9vkscF04?O??V0!fMff)dB
zSs4JJ0$ib`)L2pttW&<O20XM01OOOV|GudJc?DdQN~%CJz59ULQN9hzkIU{_hFSnX
zeHz1=GYtUX^zP9EEsK{_ghhrXd)KIKvhY7wuYUOmpt>P>Kh~u9e)3E0xNuktjh7>d
z$WBskPW@R!@Sc9m@1F8_`6()lWx{NJ($W`MchF>Qlq_KPd&<sK+)~84s3?)cMDprC
z_wF|Yc7KqIK`mVnVl;CDYgN#B-UJ2oN%X+%?d;A&#193m90YrD2Dy;K5+{u{*(hD4
zylj2^{-@xfa*6N1QW5D&z<-6<ncF>7|CMah0CfKqJk<YxqyJkKT!DvASABgX4E`TY
zdx%})drOs?@86};fmPqW`ky|Vu2V5T7|xPl=sv0H=5aXt#YqQ9fO_u)!z1kfHW=fl
z=v(?S+e+IO0)L585xaG5<?kN=K#g83^?!vX0jkvNW#K%6$KUm4`6-qL07!HEp-Ew5
zzd8*(SMZ+s7UTUUL-VvzlObk@F6P>QLR_HB%DS&)6*B5SZpA-sFYWlr<bS36;<Q^(
zV?P)5%DDu6dV=oOI47s7ZgJ(Iv5r;(okpDwO^{k%OjlII5n=h9@b^MR;41-51(&$G
zkCMB&mi7w|e;i#P1!L5FX6u}RE5#|yOusY6i?s^6G#QDA$eYewm-y&8qE03ulH^?f
zD7+n2Y450}J?r1~1&BQ;q18(ksoN#NW1@5ev>V5UrrOT-hWqlDh~)v(AghrpZg+d0
z&-=ETLQ20SI}l6$8;S>~tg`Jx8*bZ>Pm+432MO`KLkrRn@}~Q0cC-W4$1?rwfeUms
zN#9}b)6xFj@{>D|lPM_k>4oon%YVx1*}2&>eru@h=>781`<&N5J-@t4dYd)<%H-y1
zdA?s#9JBsltE<@E@{}BBo6-MNes|zTW|oQ5uYJhHS;|Tx?Xuwc&YQmc<+DGJX{0hS
zyZG*N{Lf#>Qf_0+02iaf%!sWo!ji$y25$iXTr|%DnjY9bu;Avl)sT^qxsEd{TK%Li
zc@-Y9h<{3#ol4j|`6zh&(OO)wUs3{aqNC48=qf2oMmt3KGG?XSZtgyr_#D?I9Z{|M
z)m<if6PO_+^fNEIqXY>VxvIS!Gez3#+>Vk0P=@q)sAnfw5m7eB$MYa&U0V?7gJGc6
zwoyT7l?C-#T%*rn@?vS?t7RtK+h3E4QDOZ0cQ`xgn#bw8+X&04tYW1wtr^p@Ls(fJ
z5EU$G<10G;xi_?HAH0(ZkGxZedZv1iO}Gq=wX?M{AoJP94`ZeCh`D&%NK%!f`YMnu
z>R`sW=HwW^8)T0c19zNmg?96L!=}U3P>`xHLZSnFjxmZPr|b^zLr=>g+~ld|h^en|
zRdazG;hP7$<kh>>_Jrzj+AFS`a+6qhM;#(J=0;=`$9D8#yLZ%|F22}NZo|8!_7wXw
zVeMtQu>SGs2lHa&emrlFk2&3EKR2tnaU8S}rJ?Euc^4dSng)E6M`%>^;G;LnW@1b^
zccf_}l^N9n_ZaI=wW;k4>)4_=THbeb1x4cmdpyRPEAYc!U)SpKCgiEVgXV8!4U+66
z)%Z)Cb;aM{A>wvxzx>JLPQc3|I7R1cHk)yLEj>vBjtbi+&%1EVkrWe8Me7Pw)j&1#
zBco}2#aE3n%ZrzlgU+HLN@O)vlFH^OQ1}7Trd@}ldE|T-=XMu&*0e16Y?*fCpPsmZ
z3aznf7!S>Ioi)r8`qtYVRXJev@q~m&Tj4TJ<aKSjB9BwH*Ax&SL8a}Nv)iXVpWM31
zqvASR!WYVmqxX)224KAs`MXnwa^Q{Trtc1JI<QfJZ1pYyZ6#x!t^L&2(RVTD*chQA
zEA#0lv=B9%i_urO7O#WWRT}1>|LoyZbm)g|ox2w0$p73$H5J6|R19Rg9Q84<S?;`X
z%zZ@;=%Z4Dds|G_INwb}9YvCk?FKTKUJ*2Ez0Kq<cz$q@{+V1!j8Rih-R4~1)!2P!
z{LLF-{z1DN3Lzyt5z}y-@>|~qIxg=dDrGSDv=`q@Xm$?g9}=%aJKK1cVEr3VHQ0K<
zn>lU%VZ`=ujK+!2&<Uf?;lJJg>LGvr$@fo1wwcdYqpN!qbGcR%0CeG&cW(ISJ%)(Q
zi7J(07FnWq63UqBdF=C<j4(bBE7#+P2nl~-kXdoCc0F5{Uv}NmA<Sh`q@)IA2_A##
z=io*|aLu1du0w3W0YTLyYjA3-Uk>E#w{Y&&YAycv&ud1cnFoqzjCmI7;<QZp#mEJ;
z!g-Zb+qmTuvM9f2P`L|?s?wCV)FnTfL-AU(jU!1Ws7nzXoz^>nT|f1+g%!C1L`YU=
zVJ{Yg(XWRk+c)d>AEaUFP&yb5L?OKE1h)|#FJP?Sl^ow5z94@EUAg!$RJ19i^xe%j
zwY<xyXmtCMLMho&(+uT~oT<$gn*Fy-y(QIkF*?K5;jQeGp$rL;`ZZyo0In4F{=2G_
z8P2<5Ga#}qdFZX^klOcB?&}H`i$7L2RM>3bHx{nxL#pH|3^x+7ywB6KKNit~wBj5J
z;gS(C!4q>s6Qb_PQ7yr^#&xwZck{J{NtHP~wgfr0FVbVV_7d+tMdgfs`%}iKS<r1>
zSpYBJRy<lGYc;eL#_{%$n$_ETpmK2?eOwaJdZD%#&-*DmzBZ11Zp4^p131j!_x60*
zeRI8F5TAB*4mE7}J#MD!>dQ53Fj9(Npi`3n=d;s8XoxoaFiEU7N5fs>`}j9mI!IJ`
zk(0yDSNFR?d4TF+^z38dbKp4k5BwN5oUpeZb*k8x)eu~QveO4i3w&SU(u!7W$E6_r
zWWl#!l_eRDi&x}_GiiAv^NL)rPrd()OI+oZC3o=zDP$d3w<Ovoxa)I^>-$f?|BAY@
zLAL&kf&R#AxWlXw?mr&AXfb(Mi6)hBcHZqc?A(42w}RyQrS@fLWJk9Ebx-yx6T%7M
zQY}WdL{-7lS>!LnE`zzSnTYMC$bZ#Sfr1nHZP7yT@7aZ@i9&(`PUziveREHVt2H7k
zDX9k}0)XDjatk!pIR3qHG3g%O$E5V*NJU*2vuTF$9`l|GTk`xfynVl9dHj^semML|
zl;+5%iNk7T*c^>_sE^yIEbSS796$DaW6JW6ddqad*acpB<06tb=kWNqi0F{#Yf{j5
z#iX<EuOq89bA+$7eXvSqv=Jd^qR6+U&O;(}{Mf`Ir!M=@3!AKAWzVpIEk1yoXC*jf
z&)sv`9&EThiL!ZZMOK+-Sa!oVXBpO3@S~6Yb<%?UXYe@re@X-Ok>90)>kf-o9oF*p
zAf8ag{>G5UL^aRdwUWU8ty17YIM_8e(6T_z{u71}=8A3;Kncp#YuIPHSgwUd@+TU-
zt|Vy$RY#IvH~smf2?3IdC+4)HRq~+cX_cP{I2+vwiPnW1C{VMe7j@nbJ_&k_xfRDe
zhmZ=?*8z_3X#PVOHiyMPVZ6mI1|yX(LZ7iwFkL_9K5CY^s}<|=>bJyv9jOnL^?J%)
zds{WNMAu#kXY@Y1>?*E#1{2&%$MS$FBbZT5;hE*&oK)P{Hmq3RUlx~hI{L){LZeLN
z0{K6-d^?m;CWp7SF}#wzg%4FQ;Yw`YK~No`EE7sP_VwV?Ghw*1`a^%MG$8mV0xaCU
zWHEKU3kRzLGB^3?>cHzgJa6RvR9(hh%anMuN3)WI<Nu7`BRr47Rk1a@DvDXjH<lp}
zv3@oIvvl_f_06>%)d6+Eb>HS5*?a4#&dlP+Q9+^&IT|6*r$L{hHFV%w+hW_#Bc0Xx
zrONWMn;nBwyXPF5w>udt_RJ9YCG1pf1-X$bE%mtrQbS$v0aC|vC#<nGcvQg!ZDKkA
zxlkhpx&~`c;LCj~E2TPMNP@!J62u$ibqmuFD@w$y=Wv4I2O2&f($R0E&*f?YmySY2
zw*_Vm=YPhuR4V?+;FsG)R->Q7Jyp%u)I{x4^W7{!8=4{sRVmZFjcBytA}3f%ki4!3
z&7Pe-p3%P;g(O(cOQ=V;WPBDR&f-dK4-)5cMNye<L-L@plX|2;{&@t{TMtrvY5FT=
z)_QJaUUyPLcDV9B9loEDwQMnDJNLXPw_fx;xMVxa!7}(*n@7!r+Ga*(R}*T~T4~l=
zYS%ScnW~f7JV*b+8d)Q5|6*){Z9+7To?Ni~>OeJfmQFZm6$C9C5^oq8!WGoyyS>{w
zUP)w+oeawikrxMmnxbCV7NP08j-?#y(6h12ju$63!v>EX^}uVEX2iVVihX<nZ<b+J
zc7Mq#*1UY!;;LWJzA|toZ$upEfM5v@uWqVy8s9~C7NhU{b6#lLY&e=e6IIdBWaOKi
z`i4eHywSk%q@Yt2n<w#cQ0%h@5~W$o?p7Ucyh{mM+QPTb!yEC9*{FU^hjGSmrJ(np
zv7MS*o)-@wA8FMaJN55RuOy~sYD@~v*LAqK5lkF79)d&e8uN_dNc+a~gAVg*yHN}z
zPlQB~FZa8rxlcOBB1jOu#hQiu72!L<(V#COk(!QJOLLk*yjp4@`cj}ch?|8HgIbSg
zg(BiS>M9dWl#CozY?T^>S~~UV;5yzO$+JCOUQDzXfnCM0`%2t|dOz?bbxX}8p%dO<
z@DG}05#NSJv_#bvKb)KMtYL?j=yRnr9zWA-Rih)L2Rf~9HBL~qnhdYXu&-(TTAmHl
zzwsPtbeHq=ijiNv3rZ^bGwnR)vPScaG~4pI2KPcN|9vx6dzn_Y>2>`Gb)W!Hazkdf
zf9e7MV|6{~iXXyYRJMBWlBO$hA^MSygX%W56_6SCqdYgPlP`wska_7v*wj|OL$>Am
zA)zhAYo0jgyHgzdVaqCvThLSMYeNkqxq(guks8D@uHubNiG~j`TZQ<ox%S$OgH8)n
zJ7<i}nv3^!wyV&;YQo7~5ED|HUE+ifyIJjA$n1kGmK=6_?Ji|^jQd*l(A(5p0lCiX
za!AZ{$lWxW&*Wp9){C6IeyNBkH84w;zp3!Ba$58<CwVhCH>oyaSZK1j6!q+b&SY?P
zun$3_X1{e(=CK?+|JUg-Xh04aGP6`?;Y$42J8p(}$UbPCY=gTrQ*@8oaPi;FIViI}
z&-8ZljvFv%Tj-XZg1yuT$Ht#>ocXWnK%n>prXEwCpEa^H1@5fl4q9zp@HGQ!XV(ta
zlvF(AJkg7*D7oe9)i`CDTN3|b@q1OD2@!M3C}(PCRaVpVE7J?&Bh*|y=?d3FKIl#l
zH6Zd#C!Y3x0lI?RP*F05yel&V;%V+vrpUc$&5@m<VXhthC73{r<7aq&uCb%`{qWA2
z8kcRs?zd4IKuI3!KkBXQ{}K~e@j=kY_qRpFKEXl^u_+LhTA-ax293Lp71^mM`?Ml8
zIfgKky`d=f4NbaX9|KNpcMLHJTA(X?JZ}nRGPi@RSr1%F6JfZK46X`0j5s|b%QPZn
z7k3W5?e$=waeX&Jb{Da%PXIpeV=ef==hl1=%Xx6&!QA1L`xd+pp*pV6s~H2mbZi-c
zlE+~8&_2_EO4RyR*+}os?Vj=bNlWG4CBvd>c5h_fTg>_0SX{Vr1{{)KY!RJ5>|%}S
zdt^?8JywO1ZOdipecT>8E?!Qj?Oo0Y&ppNmhq&>rTYFn}ZdN@O*7CJ5y)K<z{!!`r
z%0ueUVR9KFQ5SjMwYle^nZ0SWfMC@=uXI&@)<@o^7MS2lBbgD=p?C!zK1`7~p$A*j
zUHjr}ve&}ib0~^+qRavu-7+*6#m}<LyvAfX!96DGTNwX31l5T6#}#H^@tK_LNB0qN
zcp8^jp;_{dlbvw}Yw!NW3Zb3AlEG0A=;9{c9LEP4e)hG_OzCfuFq}_m8hwz7xT3i0
zjPQj_7FD=<RcgYjW!O<QjR|RUW5it_n~+81KGvR<;6CSfAY0UOBIX&Pyna&;d=ILr
zhX6AgZZr~U8Ya;e19We#VX||76D-8J89%1vd;9p|)FaDl|8DCRacB7PE;-QVfF_2{
zn4p!|TVAR_7+a;7nUZS^--hkDfg>h6<TCEFm-OKFAB)y<9f4(snZY?zr&-!S&$Ww;
z(O$oXx3G{QAK|N$o=%u4pu1*{gxGiQT%nW4=0AhaqHLq4SAQo=Sk`x^24UP-aSPfw
zwu$`&GO@E<t_XzUjyjKaYoBy#8oD9CuXmBtxu8dij8-))rAp7@t}rg4f}JmIgiQc!
zrw#51)@}UZ^L`BVzD3vvE!IDb6CkmWG9_IehBjBsIRp*Oz(hwJZp?3)53_D}oo;b$
z!cO=OUV2`W-QFFF=Rc3=6kk0!TMcR_HH^kJm8Zrmh-xuM{ZSMdAAYgk^uZJ3{yRY?
zIP0qDP3Ylj_Y{Z63ng$)P5T23M7R;$`TD$=R!<)@heLR8`?wi2R<?}VOogF0-%b1*
zVb3scj8Ks`?P!?KH{f1=SDT)=?l>&HS@db*JxGZPd>gdH*?aqU<y`Gi>SI=PC5yq-
z$hn#D_vr3wqkBr+m*|hCHZm#$J%agzp6rRP=a<VWMS}kgzC`K($z3r(-0|QC)*hS!
z&wXvoER|NuP{aQA8_V8#@6196i#Dbtt<>L;-Iwts&tcD`7PaQJM<=2%{w!KSd_jJe
z4lo~Uow>S|a6P#8AF!CK>f>A>HHx?|<^2X|D*c$smp^9u=pnU1G`3K*f0QKmH&t5Q
zH6w%NE8NrE?NVCG&g0{+N6*_j#^|tSD9*Ot3|eaI@oLLy>H^sxe0i4|=pa-A&$LuJ
zMLZts#W7h9#v8<-wo?=gRJlr2E-TwU=6oszw)QoKEgP$<levzR9x?r?law-D^;NQ1
zd{Q;qaFkyM;m`NYqMfzizuc7Wd$F+Lo|p-#oCvlN7W>wkW=OY%6KHHwUdFgX?3L?0
zaQkC`o}`9%)A3`SeIe!>Q=TMb&DQQA#9r#Kyj-IlHlH67ct%nU@j1hjkoPX&HtR5>
zzma)&D7}#tVd3yLex!wmv(wS_)$!Mrr*=zF8u!Wl%B{=qSpt6Oe%uzt=#amQ?jQ|m
z9<`I7MAV2Bw>;>*7qwCElWZrr*<j#8#(0_;V-wX2f776d%Jdxg;|b(GM9-Z3(_vmv
zFvlczSW2_eH2@sXr*UuMo7r`ef6Z)#VQd+?5Y^xz8sMSz$j)oR*W_#T@}<L}2c%%{
zv1p2(hIk?s=7K{W)Pt?u0y{S<CJeQeI2De(W+!WC_K$u&U!39GcvIpl6dbrQ_0R1D
zm!{7f6~5*BVO;dbiq6-1J?5ir2zl`4r<KbmW_0Fpn3B^EG2jHXb37W3iel>Ap<ao0
z1D>GqbRSy0d+$!J=s4zOj?8<O``nxuS?R7^(@&U4L(dPJ^$5-X(|ku`b}iK626-{2
zoBm>dqt+sflH#5lihndna0^a=c-F89E=W@bxHx6E@c>)gARs<@KW?YVkmw6q#9Fvn
znfG?w0&0XW0tJasuVxEy&bR+ucQgkIm}^;GTdg&Q5;23+8qQeR(Uu{uD~u~2mj0Z2
zezvZs3G7tQrzzTt=R0AP*9Ns7EfxJ{4}c+BZ1llbUN~`WAhr*9cw59XwOZH_2foSb
zQO6h)hIO32rn%y6;P+Mk_JP@u#PE^M%eV=9o0Bk&BbPt(PslN?ahc8z;kMthrf^ZG
zaTenooqdII!0I5$P*v6?6#kwK7s5>e^Xs%@(E)j)J{>iFuygPd2tQjrK6F7xO6hY>
z+&T^x9CjbeausKzQ3+y<B7YV-%^eb|$D75Rv@CO;gIbpBh`yacl}YhXTST8(=J>tX
z(${Pl0|xra=i{*|{@@Z|$jNb#=Nm%U*6rVYemM<%dw0Kot}!J??}Cz^Z3N=WA3AGV
z1EHo=P=q&MoO7{a->ADCQj-za@}*^I@yEcAMqraAbx+ofBVX@eDO0_f<%CFSn{L$#
zaPGtjeJ5kex9$7I5$-m^ZTV%)=Zz%f4=Mh-l3%O3=xQ%{>)1z-%8{mWg$Nw;L$W(a
zaaSh4mvuRDgQPfawZrO)qht047(n1Bf|fBA=sQD}t-USZ4IAaF+v>sIUP|E`7es_X
z>1gWnFfC?#C5?#E!RYd(v^i^Vy5}{OMRix}dJET}`sBy@m2r}D*LBzvr#<Gg%#w`C
zRj*oL!pdL{Xr~afmZgx{sYPA~{<RKzY@<l0%=LwP`Nu{-rKh(m?dFBZ#~6VRv$B_H
z7NY9Anv@G5*ZG4^3612bjcvsb5Wh)GWuHT+UTP4O?E(XH$h!Cvz3fj{yyeHtlW}s-
z*f#y^;dPvYmB#xnao*z530S#z*wKD*rME}RTz}B~t|&GTgPj;zJ&yKw$X}UnZ0#iY
z+B*hrJTq0oAkV*4buiPYOgxX<K=v$3ZPa;7`AXqAvIXS3J0`MVMda@*9y0pN7B1Dd
z9z;hqwWRNvdTg}(3J@ksp3ejgIdvaZ^DH{Cb=)mY^={R7MX3J)MWaHC5-Zm|HSf;T
zmX2&|l=K=*!!B^^M>Y|`%=tc{)dFVIkIywmUS5-X>g8Qin(b$vZ$>wMiFX6=BQ%yS
z>dZH)lSx+NpgyfX_QfJ{SLYly8ed+y?K)8-NZ!VDlLUfB@0vFbVd1Nhgl4qSg&kzP
z?wRJvJ3uFAewgIyJTB<z0Q%BceKk<uSE2D=|5K17vdn9_&p&yAZJ7=h$aKuFNaV6D
zbdEG7me@=0t><7`R_H%XjeKvgc~Oe5pA5rPw)s=SjJ<ea#ZowG9M>}y1vyEXP;Ae?
zs?*IKJK8I%aBISV+4MuPpw{#5$t($Tq85MWwzK2j$5snh3tZ}ZIay`hSRRRylFFkG
z-5baG)ja>WM#{4<>?q|rxQW5eYRee&{0^&UMwYrx>gC=p8u)Caf%YU%aAnL77rF13
zjy@OGSf3hs?|Ds&I%YHcSo}?}o`3~f#3P&I5h<ao0cjz@-(BOR3G~EqSzg_Pm2SHK
zqP@N{M%G4oJGv&cG@$Mwm%Ep=1Y;aCP%U=Vd4t91;*~^}IScz+B_WkVosZ#zQc5GI
zJ_@l)pzI8s4B==4`=+vQ%Q2b#Sj;6@$pCnlB=;@68<bRGrLyJeORwo9VYcRud(7Z$
z`6V&PfK1k4`g{@xO|{7k1f^}Ds{BG3_K=i##vvxnm~O+9);JTjr0Kp?w2Z6FMZ7+q
zyhZ3_J0L>Z9m}UTjwhdf115q}gYD1HVF$8Nh0YFzzc6O(^@njGw|ivn%X?U2hnK(0
z&ssWZk7I>Y*P~-GzBqU^9A}`Hcgg<nxSAs|O2M8>ACB~MBa4=2EPcl>RY#6PjZiMQ
zt(PWPIf4#i3z5&;3L4ct{VZ1no}<?M4nm^bJIaDIjz=q9yA%xJ$ik}iv*x&H;5FWF
zP9XjmRkv_{$k8`pdbsb!$^M+BV^Q1CF8VNPesXx%%B~o-Z2h6sJimBbjCG>*I!w=^
zEUNV?z?C_ZDJ4j1e_jbj7#Uu#f0|sfIwA6~G*C#wN!@_0ZWo&+>z%Ze7C&a$X1C||
zioEh*g2%P8W7VO_K%Nl6re5n?wFEEvg1WgL#DoFNyF)+QNNn8fn*0Jg%oJ$!!>b&*
z!1kLq!^o1rPoa{hNIcsLZ0}{s;Jp~5^~0vK_Ralil_H3F`_FB`Aq{+s<9b3qs5S~*
zdVZ`98K3-2<f(U&-&EK)3l91GZO7%^&|A~nFy3OGg6Pq?Bix|ZltO7yo&ad0`PfKb
zSi^M;_yA=7KL0Vh_^Q}}-R1VtdUyjF<}vtou?Xg;BNm+6N~_rQG;G=^WpRP-ABoH5
zqq*ns(U3t60$;!UO$%g2x)xJMzZ(@{-|CG~@00e#3H*I@J1z7;Bj`Qsb~XMHw!LN>
z9bxD`I8}IX+oLkIYQzB_yfHV9ug99r#JV|=y~mGh4rQ)v)SBR$mR<}?>?+t^)5h4g
zR3#1a7U9)9_rco*0yi;!;wLFU{tKAaYgvS&=ZE5uukqs{KYZ=XT;!HF_Kd)EAots(
zm*I{Gcbj5OFhtR=8f&}^EiBzEEWi1l$&YwCSMxZnGK18x3PrhC(_8aK6`n6l;Ac*E
zvD!;tKq2S&{c#0fj3Ov40{XQE7#*GbEMlR=8w4rU=qqp4o>3_~^g|jTb&-bKsH{F*
z&c@5*q5`m0*hI<td1t2mY9~kgw9K?iIV3Y?sUz@<2i>*#pOurV8)7x@OlMlGcluJ(
zXt;=~U5h3$Uj;PPTc@^&4f5Z%?9Xk-y~o^Z58V%Y14mWd2W0B7XzcF<U<iwkY~$BM
zWTfRm9eU|unLcRDk8%i_!P6h@H=I%HYl-}o$m@4S@N9)nm06agYP(uKFeWM;T9T;8
zug05Ud;5ZNg4Iqu&NE=&{08(<OgGQgfOpsjs70alR(w^_4Y$fdI!J+_)Yf2)2au{l
z_+wLbCV{-IsmxveXZcsH^ok}8LD*MiV7&X_ue(+X+U4dWx#h>PuW2|si3QW$)2XvJ
z(Je|6W}zl_*-UB~+{J;WXd|1vwp9Pg;CsMFboamxE*L+P7M)T^jo|NHbaU+iD)fL9
zO$5!*uD9WXr}#fx&wNe=Q>LhM?q0=aVa@hN<gQ#>i$&4fxjij{t$DUYcGPynvZ@O*
z=~fG|ar3O3a=f}q^2K^USN+m#LKX->60&n0SO=MosuVo@O3cBWiiM|vMyoosA~6bn
z34a_;vVlhQFU!$SG5aBNBZlxtkf>?o@caZ~9m|$tq<LXPNSu@C{3A4n?+9tz4CIXI
ze(3!|p8xk4b_2hX10$6szFP*-5Oiay?ah0%<iclEO!f2|rEw2oA9p~gJMW9CuA9D@
z<a{eyikxN|<OvfToN+m3u3+D3tY+Cz0M)TBzWVbcSI&N{PBI^4;oMo0tHy5?!}za%
z%l(O5&M0H>qS5$<{7YBQ*07BT#iQxxGkCPjj11Q|S$2N^kvt53YF{j%c>f=%{M+gR
z9Gka##*J_VnAmB0>5!)hPryou(LJ-MVCE|IajWixt6s_ScPAO^Yl}NpN}K&bNyDUs
z;GN)t;F{n3?wtdoI^w=`a18L=GRMyMO`#*!kYagXCcG^_rGl3N$G2>~5{P`D<tm46
zobN`YX+GpIr$v2Bnw?#u1f_+<)c)*1-N$C7nof(eF(hr|a54cXRx==Y*uitx(p?wg
zqA8s9c}S)z!U5DdP;)VUxt)X5=8AnWz3SDteSpC(vLZTb3Hz;^3ni!TQ`>#Z7KzPR
z%~GSd_Z@-l%UaBkX<vBhGWve^`Vpv->D5og|KUEQi2~v4#T(sl`*ub7LHKZ$U7Rid
zUIVF7r}_l~$jGr$VQXmL9Y~tC5>$LU^L`;-bOT?RF1qe$K7F^_8ra~FT?jW?t?m61
zGm>Ry{|#jZa;9crpnvCgPiHtOX(s%{MSSB>L97%bb{Z2*pCs!;l%s!}+W?U$L3_%r
z1kZ|R#LFD;5M#ob8v9fACecbsWoU3MCc3tl<m>A&|Ea66>E^QZj^}K+Z<_jnH5&eW
z45^uBTs3n#cC#WMy|T?4=Ifo;wfHT<P_Pk=a%m}p=&){=4emFu2P@i7R;32nJYdCw
zG*fLBvA!o!lntIEgm*&M*5=v1&HWai@*1?pm^=j;sK9YJgGdb{RZIn{I+=#7cGI@K
z%|w;yb*NUF*2us~iQ9(8Z_shidsiMdntXYE*G9B!ZyAwnrB0j0Y`?~p%yM(OvSvao
zpK9B}Vsx^8M~6kG>!dRSUh5p89+t=VgQ@Qnq$>T^;7zm|s>tEAh`357-ae8xKz0gl
z`?p+DG}QFhTz+$+)(HCWVyZTxNRSdKUWN3UmRV}E^W3w`E3M4${fWu@)*<gb|M;<-
zU9{7N`wq@c{VnahrS%UMVsarIcUrNZ7b$cf8e9Ut>pOSpG6-#KC;cyz#m1jP%K|jY
zx<z|BSJ-a55~Z-1wqzztR#`<s8v+Nrvy3$DUOPYwRinT{+b@sMs`GNsp9Q3J8FBM@
zz$qUTUP+p=@$+Emz{oPU%Wqe1eppRvwImyWY}*^w8P&WvE0m>{mquGYqhAQJEsr0+
zAL~NAzQSeym*n7L4y3l#8Wv!S+!1-6S3h&`7AJ328Ta#WeGBO@yDDl=y~yCIWBoo^
ziw$@AFZf}q6<ey4VN-nT?Of+KIv`v1*bjdjrb}f%#p;S7yVULy2_Ewf(|y%`^}`vL
zKpfRx-ZWl+*^eA1N&@^)M=^8c<IIXlNMe@K(I(@(g0^GVuLd&@P=Tp}K!!r>)-i%<
z(eHZx;ps`rf5gai9VOeq2>h}|)|6z3%8SrH^%zW=p@utlYjD&MGmeXwOGkAB&(4=c
zU&3xqDxjaRYL>$EEk`v@H+NcEJADx=Wg5a7xBp(NA{C%F?0K!`eg?hAk%YFw*i1I}
zR7mCO!?-K#3{7|L)5}KvVuf7k9P<+wH>J`|Ca67&L9UNQO>5X~)dK)O1VT)?W$0hr
z&F?{D#>_aFa*~1eT@9M;6+y<xu4?AT>^wvdj0xNhP#QI>^A}fHXX56&t*dY8huA1r
zp0yN;lV!MK&6vm^A;D>OkP=c;`B*LnwpQFj+Zgk=e<p$yIOrKk1y<LqoLB5}QE40{
z8vP&CMf(PT%rTSEcMY>P)&JWRFqcB98E?2sqd03%!zBspenDYw{zGII|LKu&vxuDH
zyxF`6vZ$i&*&J^^!l0rR|B9_Mw^yWyOfQY?v9S+)uDJ8Ju88n|7_xlczZDeFEcO30
zWdE;WborbBi-s46G|r^d;jbm+s=o6ttj_zt=D!Y<L0JAyYAi<Sf5U`qd4~%VJ1+UP
z3}OdQu3dCSEU`L|$FV}syJQxcPwaOu{x%0RzF}l8N@#>c$1wV-HJrh}YKxuA^W~^s
z=h$-OZ&VqbJxL81{j;2+#r(H*&t@?#oyk*E#%E6i6vaDL)B=8xWZM3T_~XyW;@-<l
zqi*Teo5tQQb>(m4Sd4Zo_1$_ebpI}@#FjTryj|w}O9+0RT3WKn$9sBI-^HHCuJ*4v
z|4_`T0Nk-OesUe}<70m$^<~*g2$}VIxp4H?EMk40iVH;VQ_y~l6W<BlNV!;UBmQZN
zOtzJ$Nah$`R*t=7Ti6h^Z1X(qF*nnurN(nD#r5`A06N_{eZlU3+<bfnNB7_B3pM7k
z&Dy2YTq0qWjKhbCvXT^Wr!mT^pfSRn4;;BeYn<4pOgNCZcf-)+50^@Hv90mEEVW1J
z)-eO?C$s7?F5+zwxE7@WZ;Bwr(M_!Y=qm>9VfNUJ6A;HJiTBiMPHbQVVd$m0S^;a%
z%a>kZLn0W|-^Puv0dyZ+HkKO8&3CIzINmVrSU>?>cYx65C*Hrl$B3PAPyaOekjDR-
z(pK7z(j^rmaNfJECbj;EpkwGNz@PNZm5S@ma6>G_L&Wl<gn6zJOo!S@h@jlGm3#Om
z5P|@nSKe`?tnx5QuU=Ho25POXiMaJm*nOR|ezP(pKKtASpxd9Mt|@RKE>=>tU3vZk
z2F`v(m-<Bmkkb@0ton7%on`s)llkOjifL?WTn5}r_`U+Tk>@$Nmobv;Uqy=GSx~2#
zN5itcVV;I=Qtdl3=2*RcWm!MQuWtescut*4qtqgG)Ea=rg(gaYqn(dV2I24f!-H!I
zS~o%|pri*g74uE!%06CIAC`RV$2FyadvDzS#F~y*o+n}=r=FPvtWnN4q_-@$+tl2s
zMa}zUFCG4Xh|g5T9yM&vJ+<Kk04Nw1)xSPrkD(Zx8oi$fM}+GE*N>+zY<DBHb#z-L
zH=hKAhUX5|>QhT^iSwGorF0PbeDz%={$iRVH+!g*yR_$OD2Bk0{;5CCv@U2lcNYay
zr5EXOZ@)&h`lA+HvMEfXPHYZZMo{J<Pb-!>fO50N6W&5#<DBn(8$QOpv5>5H77C?<
zS(SDAmj@QVQdg})T+yjsf#M6Os7rv@ataH|Ct++F`_woMM35lmXbH?2H4Y<$_RKc-
zXJy&5Je(IiBi6{~Hat2(zMc`!<9`AG@)TG~+Lf{%gtMXI_~@{t@tejrd{Ccu*%>Lo
zoX7b2^lsj4L*3jSTPfpRSLx?lE(IWw(RTNxfei>{^>k90V1xSm{vdCrpuP1y-qjxq
zmGetnv5E~^=$Sn9x5P@Ie3h^yLyxjqfUzSh!w@y!JTwblXFvmpb))pR+@nf^Mk(CB
z@TsEIxvhbrP%^czt5!FG0qB1nkNL#mszbH<aM=9Wp+%zZ_2C_BU0Mox{GOuESA(|P
z^!I0(?;4K#i4Xm9;=R}OQC3<0UKKCVJV0CPdRC>=li)e6{<?Guw>@%;BJd|0nxmJs
z%%uuv<JFnJD{Weqc<<wTeVg+5U6A`>@uCgj;~mleQOH0c?Te}q`?+<>s8<pjl;zV$
zYHxV3>es{VoTe(q?hac>*K+V%^EX0Zn;OqlD?bn@HoJW#z-iOwKzDN3Jf%VT8DXZC
zu1Lai^LY0NJ0sbc=aZY%aF46adEwid{eBhA4`B{9>0{N1%04Q<J@{YInp|6r2_of=
zafKn7Hz|5(kX5xhbjSK-vYp;CmN@58@Q@A>H<2-|SKi(V%NL6Ahxt*Iu`WQxoYJgw
zYUM6B&H0VrIFGXPW1}9gpjx398?s(TvF|!!){!tp*r-WO2j-?}$amb6vP>aY7jO5(
z)w_8f<)<Mei0MEC%(X837ySfDhA2;6vmb>2y3~-D(fN75&{dR6IP2ZGXR>watx|*~
z2Y=DnU4T<v(6*`K>EGFI4AtxH0Hny+6_&)mB_E6>X)=jH+HNY|JW-XdwltzS&$DhR
za}~8MEGrtE(U72~P8?*(uCQ=iD!WOiKnV~NO5Q;Ol^pq%Y<JiSy0J%9;iJF6hR*_=
zd@y?%O#1${78_kwJPV$N2O{&e&lGvJYeqS;!GA5<-T8?}<)g*a;%J9%WG5A1%pZa7
z2v|kB1i0**Ix-v<?8N=`2?Jn3kSgJ|ab(A|&Fjm`(k(t=L*~@qm!x?cosxK%U7rK`
zyf(UmpZ82ZSV3h~@*zX&xmcgmWhPOklJL1<z2_<wAU3*wWuRfxfwYpOIT+7t)n9gE
z$9b;*awP}fw}^C9;QswRy1Yg!^b#MJ9n`N~cI(FYHf8m?H7cx_b0C$0ZNyh~{v*e`
z41JGs4U^{lAv^&JS{QwVO+)fE-Nm7eO=vhb-=u2grai^ktiO?O+YK1~6h^|#z&kYD
z*lQP04#sq+R(h-_ZW=ZE*cQq@r1!f^_9o1Pe(POooBG$p$>lWW$Z59wq+{bEzdg#_
z`lyGq@003<n$yd5#0Md{{HEj&qsO3j$zo<Y-Mo>IX~z;-Zj&ZF3m{eqbk#3MFYUa_
zI?XV>cj#ec(DD0XLkc+OoOfqA?5ET>_#)ncl`c1@>F?vzc)lz6gTNrqRT|(N4||P1
zc5w#Mu0gBBQG0RUIt1VBJV=OP`}5<fGX<<LdO{qg>g&t$^K~41@?3=7WGY2*zW?bI
zhGZW4j$XAA05~Z#3g}zt#^t^ApSTQ~PjX7{m5FEO|MIWe>7-zxjGbhjj3&-eleK#Q
z+~N(Qv%rtg8iHq;Y@BpV$4ybc>Q)8<F_7W&pWUxtvqXBHL;zV@yADq3PCL+VZVM?s
zcVNC+HjAH|O<$bKYYN*%4@d@HU3IsaxjHq0^rI&>P`pEt=i+6h2dkM8sTcQNZY1)4
zJvMgW><XK(qiqn;X8nr~^2m#}J)i1Sdd&`ra8y2!s!eJ9lP9yhyXVM!`l$!mW=dz~
z*<<JS`~&HG!=MG+boAF<2EUv&$2K6XQikh;#PQ8ZLld;FW()1SEW5#!EW48h=>_?(
zXDWKMNUM~xrEi($vN*ZT;!DBQzHNS|O`=Oxzb$@_HGX|(`Dj%-X0_9K>sz|>&l9P{
z(ncp_L8t211FLB1l*VaQp~>IwE@4R+xfquPo2P4q47##+zB~@l{^N#Sorq~ubmJG1
zhHA=0WEqYK;1_)I8WiQVM`YPkM1%h&fkMNQxL<=UGN@YqK80V~yg8X>S?2C`I5}c^
zatM%S7+s7EM)xw6hV#um4lz`W2A17vzjtGW>mMEqSb6XDd8OC=q2#o_u9ycL>tnL9
z*evih?-wamAXO=F^P0$#wmH*C1);)Bq0O1&nU?bO@3AnI=i^c|KLn}-$I=*?$7R_=
z%zG;u06!mOlf35;=}GZC_`<N5muoD3Oj41*R-Flr{t(GuHQo+dkU+@E$lqYF`Yfj%
z6>S(Ic-&ccobC7C(JuPj7>QWE1PBJ_H-Gu-w#@_jnrZ|nt|c+Htn{FvR%A5RJ>jv+
ziT|?IQDAZd09nh~p&@zInn+n8ZKiq#+^h*p>UYxIniR}yb0uh0=Nf8j3>H@sO;-%{
zp$7$IbLXW=7SlABto0KUa%?osMbn)|FI0uBQn0eLSJsxQ+&PAPBQs?4bBV_AuBy~K
zDpNx)Ye8MG<8-!}Nnh(fCtYUw3a8LH4VId-^a-Su5KPEB<2k~E%=tBtA?p=25`0~#
zi4~o<|FywR^9BIW&$eJP5Kf`k>%;jt-Ly6pr&e$F$Rwu@18Gt72LsjV(kl6t)$#B3
z{Wf0iqe_|MXfti|N(|oLvb|B%TS};w_0wY3PX~{zi4<Pq^%6H48BKV@;}Pp--rCF5
zxLGB5)vnQ~dUS+_ckAkYVc1=#I{CV}CFmxTsfo7I0|p#b>9e14)4M1?`jnxq%CB90
zZ9b-2NeZml{jrI2R~fu~a_OhM?KVn&u-osm@I^!!q+5m{w~l!kwtG1iat?_J&i%_?
zHiXfm3zTcRva00Co%j{NSR9R#qWE#-ZHhUqkQ4MSJe4DcPhG}NRI8%J7^^HLOzTNC
zrT4roV#JeUZFsQHbbAY4?#B$SDourpm%Z4E?#1`Tzwt-e=Y2Bcc;luk|A9}5UWlo0
zkIg0cYLh|P2sQ-X%VfIai@7*AIcpE0DiJ_BiL9AmS7u(5N2<pd;Ypx+ej(lWgrbSz
z>KSRm=MuCtNxtdq*`i#xBLC&6m7Ha!R*mh<pS7&Z?5bnnthM!=g{U*oF4<E>e<{Ku
zq*9`h)XOwZ)(Y;o$gu67VBu?21o*lRBZxXtJo1BdN+;K2P1KpyDci}b%1`@~*e@Kp
zZs49sEgg0Q5SIj*kXzA@l%26veS`CkoJJ7`H9xB*x^JM#1qYi_-v;i<QPKU``tEiq
zZ*eH#no-ojP{5xV$E)*=%)Q{MW%feraQy=E%b;V&*V>pv;~z_{sr_<#QH`rEo=#uL
znvv2=XW22wea>55VE!2Q(cUObufw$i@cCX_@aCCJt_YfGZHizukXtH>3^Dnm+4`^Q
zvLnZVz;4iN%g*_jqTywwAJ^Mk2lfNEbK#71X&NfxkvmmX=~F@lEu<QmdF*cjJPkY2
z6^8m2Qg>B&D-xu}lBqRA<fvZ?3_R%PEu~en<7Cn+x_*s)eJNrn`Keubh{sk}IC=(y
zang}{()sKP%)j*4WSV%ljDuK0`RQ*FOw?Wh^deB%cV6lnx&)zOEPiY@qxVH7^04iK
zL%{I>^AZj_Jz?gPxlUbyIB(AXbfP{JP0;+4Qb%^z;7j1ObyE#R&-6t*LI%&64!@oD
zEloNI$eFmrxTO&60;3naqEOs$#?!`b!Fp2t99DwXof6AFA2uZED9ns!d;RP2r1YKA
z;$)m3Nwv*+Dpb`OS+)8Sq@VU?w}XHE27B<>w1^dz1n8<25X*8A_4FrW%dPV~nXw=3
zeu;>mwS{fBqWdvNJ{*yhI3o?O@dlh#Rz1IWeuUUo`APkT>0f!)8+5-glpVA@Bm9)G
z<jGoP+*)&)zPVW!2lA_6<ZZX06ojCpaW469gx_$|f!=Jp6>@X_^B~3T;CAC&&;u6F
zz@@8&N!1~yTI1%e-OqJ-D}DZTJ+IdMbJ!5~6@4FGz2n}xK>}f9Gmj$0&3nZs0pqv}
zwN~O0_wuCVGluTN*Vb2Ta;aU#sbTY%N(VxmOa(okYF(g}@Csu4&nP*(+tlQk!pTF$
zjZZU^>!5`fJ2`ll@$r2{vQe8@{%=fs<n!4BIrO*axADBLQQU^##k=-VE*x)?%+kEo
znO&7dC!fcJY=!R@=JG@CU^o+#<9S8DR_&(ZZr!~GTPdDnrqN?Rdbz%?N$|=AN>{8T
zHWdr#l~OSa_KZRF8*<+ws2G`!C{)Y%6huev9YbT{uOoX-cfmjGlfBIRPZm>#<N0@k
z`JV8Ye<sawxLwR#5Kxzd5$_J=9+nIc^eAa(m$9oKTW9NOTDwq(PoLvJ`X4*t&aiNM
zzsE`qQBX&=RK#JqkCP2ND-qsbjI>dsRnlg<GW`X22&k3BKNQt|l+e|}=D4XB(07;J
zrqLAlE!A5+Rlcscd5gsre2drTt`js+SATI!bE`GHR;-bdn!Su-{3S#QW$AI1ghh3D
zl+DZ1d(;tS$KFMs4Z1`Vj+~3}&g18UcZ?R<h(8#-e!M&Umj9Jvo&z!4>V%S<J4Ii!
zN@`}(&d!w@;PZikf#*TRBU>$R6++Z2mZ#tmAZR!bf{ql(4V@Dub&h_YgEtCkuyvg?
z2=||UPeOIVCmxKnah4q%I*=}i=U6wSA-YjEJk(G^Q|P<QlNrCLhz@Lx=ATfgaO1%%
z;io1+`XQb6%FWatiMPKy6Uygc1Zo7@MVgj-LAp!eO-o59_Epta>D<7R4X7Y&p8=t~
ze~Am>#KBQrIm2XE`EH(5O`5+a=j^as;S;@YZ|Z7@Jx`<H1I}6=rkXckMmM(Zu3UJq
z3r8jbw(EN%>i0pu_tL`d?)0untTvcwB;a#ULd2ho;~)d<lVc@+NWEpVC_5qij|3z&
zM)N>wS$@KX4=5FMMt<*_vpx{GTN=X)f7gMEm?g@!?e<}nHT;+=_V;qS!;sd`xF7M%
zn&bz?g!B#Z22>Etp&kx1%-#}_t%R&OsFm75YdyzUXam5zTjWFN&uflprH^}4)G<Bw
z)O|sJthAV!G7`h;D)3qg|IBQ*`RJC%ZISW{Ozt`9YsFgoX5m0(TJLpOBLCq#-cfqm
zqFbnb0uF}1)4E>o^dU8!-kC>&-~4@&s#SL*bS3uW3j8H;`{~$eoJ%c>;rMFpT-c*c
zJ8S2_@!fD-1^l%z=kg4?%rmUXw>qop3}1El`VA-9PZ`&RvOKpZIkudiLB8=@TAou*
z6j=-Kncau5ib&f~L*yC;?I4(KCvkDg(qF{q1`+x<quC-PZJK<x;B&*m28Ux<iug*$
zlM67putLFIouf-^hWpvpO(L3IMH_Dr<am3TP;<M^coaX!$_^FduwM=Vpv&)dvx%ly
z!-pZ{2o1d>8PP!1cW&M7BCG%40(uzsBxE0*67RvC06S9}Z>!J>+gMflhHaC|_lzp}
zWl)vG0_HIvW6|_19F6Bi^z!d>TFux}9>272x-xoYhHUs|0FmSj2>+3aO{T()P&evn
z=h0v5Q@viF8j>^mi-XZ(=LclxDUrHjZaxN|3MO1e?)ZZbeV1T{&*Ck{TVfsNMe6G1
z+OsTDY-0|oBbXQ!UZSJ!p$|$TG+DEvSJTR=eZA5jU`u8F-Mr~U7g4A|+AD}OzjxfU
z>As(7@geYR`IX)Ee(ZpcG{d^ZRj=QsJs@s=SZLAeze57n86!nvE6;noFKnOa!@uTt
zGO`6NfX2+DKAc7{D&pGi=2W1@PW;1t?S3^Z%{RCN%~vyfh1l=S|NJD?C0aeJ+*;M5
zXTyg&U)b(1npD2rTeTDsT#IW<vD<OCHk?^J8dm;ko7L%Sw0v@)%wd{eb?VZ(dd>b~
zh^IcboJOvH&QNg2q`k5RmPrHG9IV|Gl+ZWpyz^csLS=^js0yWQ*UPl)vLMQOlpu?B
z&yL2KfB}i|RER6$vBfcIW>dxqGzwR6*N6?iRZx4=pj+t0WNYE~uxzo{Q!L@Wyv;(i
z*{h%Wi<wL5Cvd-bEfuReRobZ(KH|#q(GyYbMl}o<hq_sgOtNjxLJsHpn4V3hziF9#
zL*@6Dg$GJknxUHC-Td)Q><Am&f@#xSJRi?@SVC2NAh_0>p*(v3vl5ff)oiy$VpjzJ
zwUQhfNuL0CO80Ag_lJ>;m_K#ZnoLO+laKnLR?B3Iwj+3IK7Es+B)7dH$fX2r6lx!C
zRMsu}vS|Oo;dqBl2|MOn;#|ktevA-b`|;<Ei{<Veli7wpU+RATsBuP3#;}I?96wvn
zOocXRu_@O(A=fT0ilv3yXSS5Lnv1Q5R=$5V`zdH#d1!5EyxQhd9%2~cdo0dL0~KGF
zV?^hZTvCsrQm^$dwp{J$JS498#eFd?yHyP{H&gI_u@JA>_hSGM+|X_`7(e`&Y-REw
zZWI{YvUiC$I;;x1`}%|h7b6<@ZQHNBC0f=xa^7OcMVYqNu;EeUv|2;gi^%1umvD{%
zBYfo}rDiMfw%yrxp|7_k!b5Wmc~rZ7MBgg$l9YY!>$(W^%MpQpI>gihA4)w)(1iSy
zKHeT@aI#pV;{#%v-?Y1_;cO3y@c#5KegS=-g-2@B(E~*7V2iZDOE(PH6_WdS-VW}2
zxXd=cd|KgGo=^zh>St(-&GM7&WIW+8EK@m=f3^{PJneH?>6_U{(wSb&R@C#BAdB_H
zP)m*{IScGwvUSD1c1n;=mKTvE>^4Kb<5B74@}xm?t?#tlVCi~0Emts|MQ2^cA|?H6
zq4U#z6Zv8gISkEKTUX}fU)Aa=|C{0;xW&;k_^c~z?886R2b>LQGGZ4=zv}$Qivy7Q
z8k`}Tdydd<ce!NQw?P){YnF?mRa&KrYW@e4S&$=x_pDv*s%qOYF?XsLT59F{T=dg0
zFKoXy9ENeezBoc^@(ZXQ-aA5~qcmGgVad~kF9GM}cv1I+^;y2|{ZBb@un1(whV4z`
zZ$U@V=*jg&8l|Rhdfc=#A(fCx!yO;*8Q}?cO_;tc+rrBOtWdU?L?@X=OzJAZo%XY9
zd~pHO{dR8Zb%gT8;PShuO;Kv6MRWF9i)CZNK)MYtRD29*Gt3hxJ|E+z?1wDFK-@=W
zM^)Tn45!ykM?NUhs8yf8J+T#q7u~CaYi8&jUY-Ab|1il9mo?jCC&o~1>__FUUh8##
z&e|MlnVt_STx|kxv$$)7xprU|4rUf*K2%1GmXI6^no}eghS)PLcY;uUzk+c~Thu4O
zkW;9o>kk!t7?%I(L3Pgd*tC7iQzkpO++N6pkL`1-Hj?^qUvW;z(LrHW`O8JO=bufV
zHlDMe{>q!fhG=l9O5+07Q5eMfT%B6KHOHG00!#3hzE^G+LC@`IB56ddHW4=qWSWV^
z`46AB_P%dB2t>M0Qb{keDM_|}389-oubSx95JXzf=Qb4ToTq*kgw9>?I_yqgh@GFd
zK*-R#+Y9_@U<%CXP}FDkE4cP9V1^JVX7>OVtr*Aw;g$^BNt}Imgp28rs^zw_%h-A*
z6AA-2B0+J_z;s!;H@Xi91!otPgzM~p+I?F@@#b3s{EYO{@W;zeOd!%_0a*f89R33@
zEpfd|2}%1O>x2gj6p)FhE_Rhhi`mPasy>>*)6S~0v!CwbKZr=QZ1|+gd#`pCaR2Bi
z(#7nt4)1)oo0#y1+9v=Av32JKG0cZgWHbwhp9UKSu~Y|2&PEkgFe9aBCMzEI+qII3
zEUgL6(J3@)z8G6@OF%~UvkEZgz&u?)lWhg!*tpW-dQY*w@p0bua=am7;jHrhN+bUQ
zzoO;*V}fUEI$c-ih&Rhbp1mPS_-qx~8}{RhMitbl-uJ=J4X(^6O?#WVyX4kW^58aH
zk{oq0r|=Qp;+TGt-kZ#C&f1dR%c7pevNO94S`^Xm-p;1A<*;|?`GRZs*FFJCxG+)1
z+Cg9W>MJI~FNoQzE@ES~5hXN0jtjgy56eB<mZvtBby77u-(e`^GUk7^b6#IfXx$bE
z6!6d@g7o4!Dk4&(cMug(X-e-%3n-yOkP<>sK&nVDp?4B`kq`(?klqO)giw^;qyz{A
zF6X=Bj&c8i`*!!!eppX?>^;WXYtH%0!2<w%Enw1a1e<UiB#F9Z_0uxH!aqExTf^=P
zk-Uq2i8-)&8Kv#6B67Q7ya>S273ujR<y$3y*PIss(`<;2@t4sr%xs?DW7buc`(_?T
za(JZY5bV?u>*_k~2UqE`tip5i0WcV$9z%7QaGbh+uU!LgJpFORPzgW7!Lj}B+3=~&
zkDj}o(^Dg#t57apGXaN7>x8-`5R!94V4J@FD4KEJd;bx+fze8?LHLzyH*!^5!TcTL
zH!f;u0h|S1!96#+Ts0r`BSuO|Io{QR=!VFtYRR^Ci3LkJc`3&QU6<(wG{&P3+V)tW
z2L+NT6;2enn>Z@oS>~sh=HX~p`n_3Eo_^M9yqq3bf4_qkrpwm-ajG{iO7=VYVlPfE
zpaLUFXrKpQ2<_RZC81W=3k7d1xlO{T9=;f<;&h_EwKU9qJfFl^j^?n=q;U%f`c+bF
z-4y2~CV6Vh>B*JrOw&IyjvKb|MLDR?G=n`ynZx=4gzOfEqCNTA#zoYFs^~g%vw@13
zAFTuNQP<w$2}fxImlqrBb}Z2l;A)M6grV~fgWq*BQu6MX<<7-b0Qx1VxB3Nr!4ZtZ
z4M!~!%09|l3cE*=Db+J6b%tjzQ-(_HsuyQ)OW(qNvs83>#ESuXLFTe#vng@oH+ENo
z8R?q~w{KS8urrK6I(O;J=T7<Zxapmu$>uNLy6m|WdlRFdg4F@pv*ixZ%e>jE4nkcc
z^`fhx22rl*f~r*ue33Rx4Z|4)VocaFFAU68Doy#?MAfPiomCbph{Q2Cp*mo`Sng!U
z_+7zPgA?bIs}5}a3|`y(tO_(8L?UQtbzgK3?&^Nx?f;o(277aKP<>nx6aSg+qu^e`
zb;Ev;skbpo)~GN45xu7gdU;UWjZW-jJan$6D3r%Yb3nih**s775_)FX@mEgShAH9o
zq`=z8))gq~jxbi@L7cJlq6?cFj78_8yA{0Id!Kx;jMmq!ROaAQb%f4%_jJg`9kSk(
zKjUZb_9!Or*sbo2WZOZ{Tk8SFitTwX^bBVpw09wONJ`>tnPgWIO$qjvdI<;{wL4js
z_clrY0ebsB;l1LF0#i0gfARLQRiZi)oaD-jLkOAjye~ZIYoN6)4%ZRRp>km_6K#je
zFZ*^9R}oP#08CM)?mm*jr)xUcFeE<cx)OX@9yg%x%~vrtmP%vdAR81g<WnaHD#;ET
zhyz&rPx0%H{NiG4Oo49JEy8;%)A-W7U(;4{%|*TqLWs-}dpO^JTxT>6qoY<0TztxS
zkIxirR}}I*vF<H?pEn3rXE=<P!oBY@2rk1ks^yH><3B|&ofeL~?9fG9{AgnL3t_?w
zkN6)tDpmrfz1~w)Ih#O9MfVhPR+T0F7?`vjJbAp+8EI3=d%MH~B-1p$Mk4E=-PzeX
zCnC;*C#RQIX-j^~ui{*b7ksxV6E%w}YO>1Ae3jaC@FICQ+)^V^@}=YO4PfMuf^ywf
z$m2if(Vg#)5s|!KV2`rtn=Z~FHaor-0SL9WwbS}fx+96HFIo>iUq0Ll95Y`IFiB~(
zMn4}Uump$<B8bj-$z4TZ=eurwu`1D@325bPv=70JZ?k*0vCM~xFUU`QUU>T#xQ<=h
z+Ux28{0UM#o~<S>(mS4`Q<%#1kN4;S-JGaq-FZGX`*_UcR&(5O+tjKqdIuGpFIH(L
zZQi+aA13j}MWQ5A>sgCx%u{71bE|Jaq<29k1AEI3Yv}};5Zde)qHmdcR@`&lBYYYr
zc{PeA4$#ZYOO8_lV9Q9=jd}162@}4m?Bj<Sm^e6z@vO7^?d5Uvbo4WAX9q<0P^ok~
zoaB?(02PH*LKlk69ZSgBhuH}<f=p*YIhqd&6OY4`d?DMn9X3m?3$=bgR4*PaYPcy1
za4(GP%6ZJY<UZRq$5fG;NE7jYrhsdF1$RP^LIMf>0(tg-Qkp&XUz4ehw83yCRwLK6
zOzqIi$GLeU1|9s=FxEm0*}CQYq_e3dZk8`wo)mJzalj-(U!oES4vdj&H1Y8=xm-fn
z?0QrzjjU*g8`8O(M9gcr!^4=};8@x!TK&<xZi>>G58?ge3+M1$rgG(Qu0XP7m0D~Y
zS7P&@-Ao!VRW_2`zi#kQGeUfWLOFe?RO<GthPV(t&!GLp3a$aVS6D{rp`}u;nZ2lg
z61coe59*=XY<oX}UV(?!Ij|ymnT8bnv;@G@FKXz+NfI3Ovqa&G_)=L%-dT&_=DlgX
zkMoZnsjhOG+8aCXU#!Qr*sWrKGE<y2Op%qZ98|N2GrHX`45ENL71w3=r_rYdHUBi?
z5)jI)MdTlZfgrTg*I$kWG^X))wJ&u~4J`ThUe>{+xLZ^*dEJ&QCXdR&62&A3N#e%n
znT|Ua3Fcp`7LK|+f?h6qD>`H86^4;U6Kmwqv~TC{vZOINc#yux1gFvMX%I22wWL;y
znH+QJiyCu0ZWVGSZ_7C!Gm_iT5BQp098p0Ab6V@@0U{z(9QRw_3DJ%t7I6d2!#z7n
z+SrFLj*Y>F=la_uB%F8D3lHg}rK>U}*z}v%F424WCJrt70>-8Hs~%YLgOx5FKC8uA
z4L1vwUspQxn-MO)*d1n~mhch%b(C-gJECmfy}K^wHUiu^nrC-|aT{HBrFJbv?8Hh}
z9&(!QbvQ=OH2eHA$bsuv|D;U_L_eC3uB%FGNWf<vL{*ppUz^g-5;PU2`u2WIwWOz2
z`}4R|V(g_~XWVd2D_7SzNI~AFmWeXS?IQ7BWS6xKqd4}ymsAa086apvkw%~;9ZXZJ
z?$BfOAyhO5^1G^)XfEDfuw3a}ii5KS47aLY3?%y8t5y3o`~%mO@*B|YJUW|-lHr;v
z)U4K1@SSQTDlRNKSCtkocK@ZJO?zV!J*~GSw2YP-%?lWslMBk`k*$EFGdSh=n&8}y
zad&Hv;i{|CpfI>~u7YT}WPWb)k;5ThKdD`YIfJcrYS+bL|Fpja`kO{BkX1ug`7*qs
zFtkUSfZaVc!0Rwyq9{KVb(pT|)wvl0=V_Q3#v**rE2HhYCBV<?0L~MCHoGKCcyBZD
z%}hECeL-NgU$JK?&^XRRUh|}}A%?c6Bxi$U6z6Aap7OFeuw=o8M$0DhUV2#k<24-e
zT79z|{!qWYi;5R4c_>V(qEyFohasT#zaOqQFFPhLqZ4;a)V>^^dEEKsI;V0pA1&(z
z17M|do!n#g9T~r56CCR~T31)0XQ!t1V22Z8bla`A%TUK>oXW!q^ibjRIjAKMcb6FI
zqIk}Ea-^FN2Gi7(+0M4A&A)$lo%D(^=-7Vj?UddtU$M7puhAE{=^)=k0hd_ppFY0r
z4;0dJO}+Z7R_`OvQpA{WBT%37Gn8V`-5{}xIcAp6VJ&IOiM%Dq)vwgP2;M`@Tazhk
zbNB#~dIa@mees^UEQqlr=u#t;Hz!|c#pmHrK<}d<c`Gput)X&u%ZSDl^ct7NSD0*S
z(6O$qhL$vYlvZ&ufe+_F#{OEUO}%gG;?a#_=~`kTu&jtd{Y;MbQ1Cj>ZkzRV@!*<;
z5V?XHhcWb^$!aDTHCgPG>qe<HK#J;s(<#0!Jd!E5=b9C+uDmZ2V!9uzn(YyP@VU7H
z=yekM6NwHy>xACO95$7Dq!ugTKnbwK0pO@MqirT$O&8gU_EZ4tn!l0a?^G&Qhrc+@
z1%Oz?9x8x3q%xmN0E}+%s))R8JmrPkU2!Nb#m_0+PO3CR_qjnVW$hYrjxykGAnJY6
zTd#cn4n}<=Z>jCD)a~yE#thead|&XqJY7gL5vU41Y!$U6HslsxZj+qE3*36p>?1eY
z3ejS1Ii-Z-5C)b9a#B{<nuo%Ew!YujDt#T7zdq<hxSa-lBo0mh&iwEi5COMjkJypo
zaj)N&1#Pi>-fW2uRcq2GAQ#myn1=z)>?!v}e1`LC^XHJOJQki$m3*hB*L5#VO{**U
zeP{sLmpOKg4OHCpvTku?YsQ_HzURgSLVWMRNuw&zg7KBR$#JMUt#0ITFp?$AE9D~f
z41gUhU{&8+9`XJYKJd@QhrvUr2co>C102O>zTv_1Mh7+-Q5-da^)mP?e9fn{z^I90
zW)S0f@?()74O$Hq+5(o?<uet{%+9sc30lDr1?AN=`!hq%ou8qQJ3QpU+O%60tl!T>
zvA4J<`>@3yWGywD$|YNz#-N&sdi|M<GzLF^hU%}!t~UP?@SG(j+Opy$xJVt-Yngt!
z${cQ<;^T_R!&6_V6@@E)%-2z|nS~L5`|fU>a9M$u^WA458opV7#<e}q9;tGSm?L^E
zJuV@V8v~PLWlnmsM!j?ksw$R(uY1+T2<p-p57I)UYdua^NywGG%u62Btayf$-NHe9
z&rR`iOF27pTC_=qRQ?}QJNt!ABzI*yvA*!gG4KF*HgLRAE}(!|jI#x`5yMKgO#(4F
zzFUE_3$idv%$@D5txF$}o8q#zIOAi+dpHU&*D%;tQi?PpU<E^Jj2TRUyc9bd!uYj0
z=xb{2OGpY>_o6=!iG8#}wfVU6_^;{P?65SAd<RV78GlHC56>NX$1%8<&K3qX0~EsC
zgXk3@ERW1fi?fB#;>%i9#>c4v)^%c51zoo$1q(3n4qukC@o9}(Vg9nZ&Dhk``?suj
zCkG2cx7PhXD9+cYPO9(K3QDSz6_pzq2RC+54xi0i`m}1F7LPyY&5{~*$q*IX@=Y~O
zpq3?h?3`^Hv#^_iOT6AtJ{t3=wVM``xzU)L1sF6HsG>dtURX)=C0!RJ{eU*g+?;H%
z*OVl$+N*CvxIrv_DN}k<&4$H-r3refAJ25p{pWVf?V1YE?mh*S)b#gE7GDn7zfz@D
z1o|yMzU0)Uc>)AJHeQr0O1>R*=WOD{A8Pnussbo<b(O6t0oJ;RiR(s|GB1eBz?zsj
z8x)3UJKTQ^*?FVj?8>e;!Hbhx%29EYl|9s%tQMqlOt3h6<MWL)DZfe4tz#GwJ*eRH
zUi!VX(re3G=#@s?lL)H{388Tj8<)))ZwQ1%>ZY6v=FFB^(r2#iERntw4ZAdvTcU*$
zeC`nd)f*uFj3#^;jm;%#qt&A|uaGg)a6Vb{a)sJvYI&fG(0W>24IQ)3AI~y*yce<i
zH{+Xb=q~>4Ir-P|nffY%E<F3sugp$fM>5c&F+l_4h<}Y&>EG4ol)f=>%+z**?)I_>
zf!~F?2kh9D+EpF6j!N$M#~zf>u%Fds&So{BIihjpCts=P=)n<b$cH3-SW^L56mi7U
z5|<JA!{au?7^Z`)`zb8*QYC2QpP%3%Q}^eAHiiQ;Z~ov>TZPDhnsaTj#^k2Uw}?=$
z3_lg$a`%FnS_SfH>y?P0J7^2xGB3_Iz5G|nlDf~<Iav8OM8K-5;h+AKA~u1c!RpNy
zn2a5kmXUz2nEb*I6T;u$%Bs(?-x{v4SqL+0g)<%x6zq@ZL1cOXaV_#nC+E9A(zRf{
z8r!PkG}#TpuT8mq&j$gWb@XUUxpy27HiBiQR%?IfuIsV=!G71~+eHnsHW)`2gTIvx
z=zcA&wuK?Ml0|Ys)Z8y;C7wFa89Y2hLO)Ps18?IPO4_Q9H+)6c9HM(%u-#qr@c6lr
zh48-2v2A01RFsZp>gM5CxAikW!ZEq~WcQckCXuWDKD4~%2u62Yi;5u_G(mK7YH%(B
ziPX&5nRG9Ii!^0RCNo$4nV8$wU1?mD`NA&wp6tp+eFPDn=t?=7S#@bR-;(CE=I<OX
zlFA$+nfbfMs*?-VlH1?@5zk=QTXA?WWg3@kj6&%=;fRRVG!RA#hOJqgG}yN3w1WiA
z2Qpre5AsjI2iX?!(g(_g)Z`5sh3sk1ge~cR6%D==ahtMLZG@$6*k5K;1!_<9ubFVa
zJB9J~&$M^bM4LU$LvMQQN1;|)`58$8SdwR>Awu_^Bn>R;xxdO!8|MQMd!#E62aI+#
z-~tV;btCC^+LRAEn8}<*_LSd}RoPaARqS54KUYP2PgHWYv>6l~>|Yq74Nv5~g?dtG
zl%k>{!Oz01E%jg5#J7mqU)u>Xwx}v!cMu}Y9j5i`Rr_S-gC}a~H?Es2{@E^J?2)=T
z5e(lj!+KA*;^K^v=Hn{`ZG4y3l1p@LtS&8Pscz3$(`qQ;L&L+?7g2lPMtHfeanfnI
znI2d$JfAgND&7?rbgYB3S!_3@jj=r)fhh6|OPaM6ZGvn!xE>7*W-#1qQzGKekCK}{
zm6YZpXt<3c?)l6p9A|_uDX$XYvBvJtG@qv6NePbyiF|hWA{F3z>^1x~s|;-=A+P$f
zA!>g^>7Qd|#gR2nI+^u3*~M>+b@|!Z>1wO+r}+obe@b##(PHyOmq_W)_M~SR=x(;Z
zL{s@YP{!vE-g4O6{y7_LqKoLPeQq!@AyZQTgbLStj>TYUHyH{Cz#HC5Eq{4y*-HYV
zekC(Xxu6$a%VRUWQ}n|qi>8kXJcx>lbJn9B(+ta|*t7BWLZ|9AMWw6XwCeXV$u<5L
zjXbZYxAtr0#ue`RtQFTDbY3R;oCAj&ho*&f#6VaxSy^-LuUO>rVe5#OTEe<2zLt|(
zCuwYaNDt;MKOJ-EXpB&(id++{aS&2p^|LgxkQ3AFz}zlxk#^<FX&Bqg#VZ81GRYm9
zO)HZxx>B;G@og21*ek=6HUX!!$&mABN@Ve{7y3`*Wh3If{*lvT6_7dMyLLgN^Wg9U
z-PP%C1NDn9WiEFnka|I*%aUKD-$ccWC$G#8O?Tn1D+EHmsnN=g!i|+kzBRg!K@c6>
zhZ)SzKk2Mok*m}a=bp}IXLlatyU2guWk0G->P(?|HR03U?`;-$pY7wcXOgP~{%bsi
z2Bmpten^C9)Qp^cSd6Q4!b`3-!P&N6I<<9M6@`b_lgCwX$VCh<N1<YYl<D=Fm>kQ)
zFnWHcGGtCuR9a>FcUy%~n_WWVx{GH(CDt}wL4Ex!rFCpmR2-Sk@Zpp(>U85kd_kh7
ztOoHoBE8ba=Vqp0HVE?^Yj+AR#jR@9$@EM30;A_wYsrp1!CBkwV}SQx-Lq2D-?`hi
z7H{zw^S`t%ha>{=ri~FK+MqAd)}3~%l{B6j7Yp3VjKP7qT{OvlihqIi18;Y|f*4ab
zM>LEyt8$NkF4F=0Mu4uA)TAj^wYn{<_X9Oc_x!<gnSv|P={MX5Ls3sO%(lutP`gz0
z=GA|9%RWqbEg2Ei;~}H466DSt{p5peOxbS=A4iTOlL}u88Q!&<ny(0Q(LU4}_NF}j
zli2TDD``=i*Pa?;0;swMQ_2kRT=MZgQnL1#OW#^BVz9G};&Y{l2&Vb?6TqNyV9b7+
zCU`{)_%Vw^QmNcNpmf)6z%s*oVNmu{B2%l_mB1(~I+StHt=hBAm}7eJBu&oakGFPF
z&~@3v3*&9ny*4QJTWfE*`J?=7r1U5-(LvlK&miT#O%n4$n)>_Pu1U)<htJ;)m@l(g
zqBgZpsJxJ4h!LQO<D(n79Y0>X05XQ^H)!&t>t_>|%L-iS@%z-Q8eirypY_93-|ji)
z(XSZbS-3fXvyf++BS_0)+YUzRM+Sk-<w7`9Zp-LZ*ER)FDCabskwOwHgYMrm`S{Lf
z8x)TWq%c6E-QK3X-6CDh)4G;dw*b1T$EsafyB9W2p(I};J13itO1u8+`0u|`x>9x~
zi;j!93|k^{hr2=J9&gwhNRzF=F)AlE%DBH5qEX-$A`;FQ;Tp)LB$$lc*atB1PcfM^
zY<^oG<fbm+u&^<hY5a;8=DdQVQ9s;hbfLSIBQAaCVfjGbRZn&`pH-b0B9>ExYffPK
zdbd$h)5m?8&&{gWdOOEPEP0Gn{q;ba!r$|I^}(M7d^c$L4&{0sAfeKxgm&G%8R9nG
zcx0`-RJuLR!TjcGf`hElu*KMNRr+^fQA(mBZv7PGC@2zEhsNnRpDkaiihpzYjVytR
z0LS7wJ)Pc7-dx~dR`~`OY-J3T78Iza%w;r)cs4M#A*^46IGudITjUQhOMRx8S2)m-
zF&lEd-F+X+r%9}&k7ml2<K@_6J$$oLcEQShV!Z8K78KdYhPfqgZsi<8yB%2gPJ?vj
z@8U0VWoA^ebO!AoXGc=T>U^%8>fy~H?>xlKOOdnu$scwPQGT49bSG=gaH~wKiA4Qv
zg8kxlkvM%*f2G}r%p<;KXK=??{DI65)!Pj3{mZ^uC8}t)63C{bMW9}o!eo=maT#H&
zyj?N);$KLB_kmvV3p06ZX|DPgS%>lzUGN==+ne@8t}C~Qs785?q825Gs|xN}NR0Ov
zO|it6{vZcar}fN{J6Pl%PTc8lI*GN_E%_<F_w;@ak=_#mzo|`<(u+a2l(R2J1b%Lv
zX7{(DZPrDKc6A5r*tA{x+MF)G{5iUCk0$oL`<WklU+Mz#h`va0O;6nl9F3Kmday&R
zIpVWQqwabpCnaUxNtO16qW4B^|7re`o;`@d=^9SDv|r*j4s2Ezr0pwV%0!dPGC-{U
z&7pnR09Q$$<)@ZLm8*p#;jNlEx+8h3F`RsiO;GU}kA?1a1V)4-KR9Y6t>#WVl^Bfb
zmbhRdwM!uHEk&T2ZM~olRhykc`?yPP7kERjJ-{Fed#xb+DzNs>3AIn#)RU`jdL?5S
zSR)t3mI;^Zg|d=iH1B>L-VN645$I)A%C;a%C@NO1L3Dxj77_(kUs5J!MEx3*?pMh~
zI!p*&yC?RzAXuj<gvtC?-;Pha`@dXu4lbj|%}(i2MYPUCO+m%$(m0CX#e}A;o~TS6
zV90s3%u5)k1sTFb4?n)^eDg`&zk#~&a1s46lIM2hlBxSM-tn`zGsNEY^$v>1GOSx~
z8pA_*512$_)t^0Z279AH8u4XMB1B^Q=)F&#Uiel9J<wze`TJjJ_+ta%=x12YS&|vA
zanT3!qsx4R1trDW3#;5`1Ga2@Cd!uZBoUhs@Kxx7f<uAr*B<NI$-FowvH7YfT59xf
z<gws)wRgNuv{!8M;5>UpIzeYUndo^+ik|2l)vL>XGa4n7c<o8RRode}3n44}-<x_K
z%KzlLC`SGN1N^3-c(Td-KSlowXa4_1|Ci@P=6BFxtLOKs`A@R!mAcOJ%BSx_{|nsG
BRAvAG

literal 0
HcmV?d00001

diff --git a/defguardDocker/deployment/gateway/.env.template b/defguardDocker/deployment/gateway/.env.template
new file mode 100644
index 0000000..69a402e
--- /dev/null
+++ b/defguardDocker/deployment/gateway/.env.template
@@ -0,0 +1,9 @@
+# Use userspace wireguard implementation, useful on systems without native wireguard support
+# Set to 0/1
+DEFGUARD_USERSPACE=0
+# Defguard GRPC URL, e.g.: defguard-grpc.mycompany.com
+DEFGUARD_GRPC_URL=<DEFGUARD_GRPC_URL>
+# Token from Defguard app to secure gRPC connection, available on network page.
+DEFGUARD_TOKEN=<DEFGUARD_TOKEN>
+# Defines how often (in seconds) should interface statistics be sent to Defguard server
+DEFGUARD_STATS_PERIOD=30
diff --git a/defguardDocker/deployment/gateway/docker-compose.yaml b/defguardDocker/deployment/gateway/docker-compose.yaml
new file mode 100644
index 0000000..807add2
--- /dev/null
+++ b/defguardDocker/deployment/gateway/docker-compose.yaml
@@ -0,0 +1,22 @@
+version: "3"
+services:
+  gateway:
+    image: ghcr.io/defguard/gateway:latest
+    restart: unless-stopped
+    network_mode: "host"
+    environment:
+      # load variables from .env file
+      - DEFGUARD_GRPC_URL
+      - DEFGUARD_TOKEN
+      - DEFGUARD_STATS_PERIOD
+      - RUST_LOG=debug
+      # SSL setup guide: https://defguard.gitbook.io/defguard/features/setting-up-your-instance/docker-compose#ssl-setup
+      # - DEFGUARD_GRPC_CA: /ssl/defguard-ca.pem
+    ports:
+      # wireguard endpoint
+      - "50051:50051/udp"
+    #volumes:
+      # SSL setup guide: https://defguard.gitbook.io/defguard/features/setting-up-your-instance/docker-compose#ssl-setup
+      #- ./.volumes/ssl:/ssl
+    cap_add:
+      - NET_ADMIN