From 7744f7dfa701ed37b3da8fef4a10d0bb7997c199 Mon Sep 17 00:00:00 2001 From: Alexandre <44178713+alexbelgium@users.noreply.github.com> Date: Wed, 11 May 2022 09:11:58 +0200 Subject: [PATCH] initial build --- guacamole/CHANGELOG.md | 1 + guacamole/Dockerfile | 100 ++++++++++++++++++ guacamole/Readme.md | 52 +++++++++ guacamole/apparmor.txt | 62 +++++++++++ guacamole/build.json | 6 ++ guacamole/config.json | 33 ++++++ guacamole/icon.png | Bin 0 -> 27754 bytes guacamole/logo.png | Bin 0 -> 27754 bytes .../cont-init.d/00-aaa_dockerfile_backup.sh | 33 ++++++ .../rootfs/etc/cont-init.d/00-folders.sh | 14 +++ guacamole/rootfs/etc/cont-init.d/32-nginx.sh | 33 ++++++ .../rootfs/etc/nginx/includes/mime.types | 96 +++++++++++++++++ .../etc/nginx/includes/proxy_params.conf | 15 +++ .../rootfs/etc/nginx/includes/resolver.conf | 1 + .../etc/nginx/includes/server_params.conf | 6 ++ .../rootfs/etc/nginx/includes/ssl_params.conf | 9 ++ .../rootfs/etc/nginx/includes/upstream.conf | 3 + guacamole/rootfs/etc/nginx/nginx.conf | 56 ++++++++++ .../rootfs/etc/nginx/servers/ingress.conf | 18 ++++ guacamole/rootfs/etc/services.d/nginx/finish | 8 ++ guacamole/rootfs/etc/services.d/nginx/run | 10 ++ 21 files changed, 556 insertions(+) create mode 100644 guacamole/CHANGELOG.md create mode 100644 guacamole/Dockerfile create mode 100644 guacamole/Readme.md create mode 100644 guacamole/apparmor.txt create mode 100644 guacamole/build.json create mode 100644 guacamole/config.json create mode 100644 guacamole/icon.png create mode 100644 guacamole/logo.png create mode 100644 guacamole/rootfs/etc/cont-init.d/00-aaa_dockerfile_backup.sh create mode 100644 guacamole/rootfs/etc/cont-init.d/00-folders.sh create mode 100644 guacamole/rootfs/etc/cont-init.d/32-nginx.sh create mode 100644 guacamole/rootfs/etc/nginx/includes/mime.types create mode 100644 guacamole/rootfs/etc/nginx/includes/proxy_params.conf create mode 100644 guacamole/rootfs/etc/nginx/includes/resolver.conf create mode 100644 guacamole/rootfs/etc/nginx/includes/server_params.conf create mode 100644 guacamole/rootfs/etc/nginx/includes/ssl_params.conf create mode 100644 guacamole/rootfs/etc/nginx/includes/upstream.conf create mode 100644 guacamole/rootfs/etc/nginx/nginx.conf create mode 100644 guacamole/rootfs/etc/nginx/servers/ingress.conf create mode 100644 guacamole/rootfs/etc/services.d/nginx/finish create mode 100644 guacamole/rootfs/etc/services.d/nginx/run diff --git a/guacamole/CHANGELOG.md b/guacamole/CHANGELOG.md new file mode 100644 index 000000000..66f7e8b76 --- /dev/null +++ b/guacamole/CHANGELOG.md @@ -0,0 +1 @@ +- Initial release diff --git a/guacamole/Dockerfile b/guacamole/Dockerfile new file mode 100644 index 000000000..8fa44237b --- /dev/null +++ b/guacamole/Dockerfile @@ -0,0 +1,100 @@ +#============================# +# ALEXBELGIUM'S DOCKERFILE # +#============================# +# _.------. +# _.-` ('>.-`"""-. +# '.--'` _'` _ .--.) +# -' '-.-';` ` +# ' - _.' ``'--. +# '---` .-'""` +# /` +#=== Home Assistant Addon ===# + +################# +# 1 Build Image # +################# + +ARG BUILD_FROM +ARG BUILD_VERSION +FROM ${BUILD_FROM} + +################## +# 2 Modify Image # +################## + +# Avoid timeouts +#RUN sed -i 's|-t3000|-t300000|g' /etc/s6-overlay/s6-rc.d/*/run + +# Allow UID and GID setting +#RUN sed -i 's|/config|/data|g' /etc/cont-init.d/* \ +# && sed -i 's|/config|/data|g' /etc/services.d/*/run + # Change log location +# && find / -name *syslog* -type f | xargs sed -i "s|/dev/log|/data/log|g" + +################## +# 3 Install apps # +################## + +# Add rootfs +COPY rootfs/ / + +# Modules +ARG MODULES="00-banner.sh 00-global_var.sh" + +# Automatic modules download +RUN if ! command -v bash >/dev/null 2>/dev/null; then (apt-get update && apt-get install -yqq --no-install-recommends bash || apk add --no-cache bash) >/dev/null; fi \ + && if ! command -v curl >/dev/null 2>/dev/null; then (apt-get update && apt-get install -yqq --no-install-recommends curl || apk add --no-cache curl) >/dev/null; fi \ + && mkdir -p /etc/cont-init.d \ + && for scripts in $MODULES; do echo "$scripts" && curl -f -L -s -S "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/$scripts" -o /etc/cont-init.d/"$scripts" && [ "$(sed -n '/\/bin/p;q' /etc/cont-init.d/"$scripts")" != "" ] || (echo "script failed to install $scripts" && exit 1); done \ + && chmod -R 755 /etc/cont-init.d + +# Manual apps +ENV PACKAGES="" + +# Automatic apps & bashio +RUN if ! command -v bash >/dev/null 2>/dev/null; then (apt-get update && apt-get install -yqq --no-install-recommends bash || apk add --no-cache bash) >/dev/null; fi \ + && if ! command -v curl >/dev/null 2>/dev/null; then (apt-get update && apt-get install -yqq --no-install-recommends curl || apk add --no-cache curl) >/dev/null; fi \ + && curl -f -L -s -S "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/automatic_packages.sh" --output /automatic_packages.sh \ + && chmod 777 /automatic_packages.sh \ + && eval /./automatic_packages.sh "${PACKAGES:-}" \ + && rm /automatic_packages.sh + +################ +# 4 Entrypoint # +################ + +#RUN chmod 777 /entrypoint.sh +#WORKDIR /data +#ENTRYPOINT [ "/usr/bin/env" ] +#CMD [ "/entrypoint.sh" ] +#SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +############ +# 5 Labels # +############ + +ARG BUILD_ARCH +ARG BUILD_DATE +ARG BUILD_DESCRIPTION +ARG BUILD_NAME +ARG BUILD_REF +ARG BUILD_REPOSITORY +ARG BUILD_VERSION +LABEL \ + io.hass.name="${BUILD_NAME}" \ + io.hass.description="${BUILD_DESCRIPTION}" \ + io.hass.arch="${BUILD_ARCH}" \ + io.hass.type="addon" \ + io.hass.version=${BUILD_VERSION} \ + maintainer="alexbelgium (https://github.com/alexbelgium)" \ + org.opencontainers.image.title="${BUILD_NAME}" \ + org.opencontainers.image.description="${BUILD_DESCRIPTION}" \ + org.opencontainers.image.vendor="Home Assistant Add-ons" \ + org.opencontainers.image.authors="alexbelgium (https://github.com/alexbelgium)" \ + org.opencontainers.image.licenses="MIT" \ + org.opencontainers.image.url="https://github.com/alexbelgium" \ + org.opencontainers.image.source="https://github.com/${BUILD_REPOSITORY}" \ + org.opencontainers.image.documentation="https://github.com/${BUILD_REPOSITORY}/blob/main/README.md" \ + org.opencontainers.image.created=${BUILD_DATE} \ + org.opencontainers.image.revision=${BUILD_REF} \ + org.opencontainers.image.version=${BUILD_VERSION} diff --git a/guacamole/Readme.md b/guacamole/Readme.md new file mode 100644 index 000000000..0886c9c21 --- /dev/null +++ b/guacamole/Readme.md @@ -0,0 +1,52 @@ +# Home assistant add-on: guacamole + +[![Donate][donation-badge]](https://www.buymeacoffee.com/alexbelgium) + +![Version](https://img.shields.io/badge/dynamic/json?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Fguacamole%2Fconfig.json) +![Ingress](https://img.shields.io/badge/dynamic/json?label=Ingress&query=%24.ingress&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Fguacamole%2Fconfig.json) +![Arch](https://img.shields.io/badge/dynamic/json?color=success&label=Arch&query=%24.arch&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Fguacamole%2Fconfig.json) + +[![Codacy Badge](https://app.codacy.com/project/badge/Grade/9c6cf10bdbba45ecb202d7f579b5be0e)](https://www.codacy.com/gh/alexbelgium/hassio-addons/dashboard?utm_source=github.com&utm_medium=referral&utm_content=alexbelgium/hassio-addons&utm_campaign=Badge_Grade) +[![GitHub Super-Linter](https://github.com/alexbelgium/hassio-addons/workflows/Lint%20Code%20Base/badge.svg)](https://github.com/marketplace/actions/super-linter) +[![Builder](https://github.com/alexbelgium/hassio-addons/workflows/Builder/badge.svg)](https://github.com/alexbelgium/hassio-addons/actions/workflows/builder.yaml) + +[donation-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee-%23d32f2f?logo=buy-me-a-coffee&style=flat&logoColor=white + +_Thanks to everyone having starred my repo! To star it click on the image below, then it will be on top right. Thanks!_ + +[![Stargazers repo roster for @alexbelgium/hassio-addons](https://reporoster.com/stars/alexbelgium/hassio-addons)](https://github.com/alexbelgium/hassio-addons/stargazers) + +## About + +[Apache Guacamole](https://guacamole.apache.org/) is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. This container is only the backend server component needed to use The official or 3rd party HTML5 frontends. + +This addon is based on the docker image https://github.com/abesnier/docker-guacamole + +## Configuration + +Webui can be found at . + +The default username is guacadmin with password guacadmin. + +## Installation + +The installation of this add-on is pretty straightforward and not different in comparison to installing any other add-on. + +1. Add my add-ons repository to your home assistant instance (in supervisor addons store at top right, or click button below if you have configured my HA) + [![Open your Home Assistant instance and show the add add-on repository dialog with a specific repository URL pre-filled.](https://my.home-assistant.io/badges/supervisor_add_addon_repository.svg)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons) +1. Install this add-on. +1. Click the `Save` button to store your configuration. +1. Set the add-on options to your preferences +1. Start the add-on. +1. Check the logs of the add-on to see if everything went well. +1. Open the webUI and adapt the software options + +## Support + +Create an issue on github + +## Illustration + +![illustration](https://www.linuxserver.io/user/pages/content/images/2021/05/menu.png) + +[repository]: https://github.com/alexbelgium/hassio-addons diff --git a/guacamole/apparmor.txt b/guacamole/apparmor.txt new file mode 100644 index 000000000..0efec14a5 --- /dev/null +++ b/guacamole/apparmor.txt @@ -0,0 +1,62 @@ +#include + +profile guacamole_addon flags=(attach_disconnected,mediate_deleted) { + #include + + capability, + file, + signal, + mount, + umount, + remount, + network udp, + network tcp, + network dgram, + network stream, + network inet, + network inet6, + network netlink raw, + + capability setgid, + capability setuid, + capability sys_admin, + capability dac_read_search, + capability dac_override, + # capability sys_rawio, + +# S6-Overlay + /bin/** ix, + /usr/bin/** ix, + /usr/lib/bashio/** ix, + /etc/s6/** rix, + /run/s6/** rix, + /etc/services.d/** rwix, + /etc/cont-init.d/** rwix, + /etc/cont-finish.d/** rwix, + /init rix, + /var/run/** mrwkl, + /var/run/ mrwkl, + /dev/i2c-1 mrwkl, + # Files required + /dev/sda1 mrwkl, + /dev/sdb1 mrwkl, + /dev/mmcblk0p1 mrwkl, + /dev/* mrwkl, + /udev/* mrwkl, + /tmp/** mrkwl, + /dev/fuse/** mrkwl, + /dev/** mrkwl, + /sys/firmware/** mrkwl, + /dev/** mrkwl, + /dev/log mrkwl, + + # Data access + /data/** rw, + + # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container + ptrace (trace,read) peer=docker-default, + + # docker daemon confinement requires explict allow rule for signal + signal (receive) set=(kill,term) peer=/usr/bin/docker, + +} diff --git a/guacamole/build.json b/guacamole/build.json new file mode 100644 index 000000000..64ed6c832 --- /dev/null +++ b/guacamole/build.json @@ -0,0 +1,6 @@ +{ + "build_from": { + "amd64": "maxwaldorf/guacamole:latest", + "aarch64": "maxwaldorf/guacamole:latest" + } +} diff --git a/guacamole/config.json b/guacamole/config.json new file mode 100644 index 000000000..1b1b1d24b --- /dev/null +++ b/guacamole/config.json @@ -0,0 +1,33 @@ +{ + "apparmor": true, + "arch": ["amd64", "aarch64"], + "description": "Clientless remote desktop gateway", + "environment": { + }, + "ingress": true, + "name": "Guacamole Client", + "options": { + "PGID": 0, + "PUID": 0 + }, + "panel_icon": "mdi:lan", + "ports": { + "8080/tcp": 4822 + }, + "ports_description": { + "8080/tcp": "web interface" + }, + "image": "ghcr.io/alexbelgium/guacamole-{arch}", + "schema": { + "PGID": "int", + "PUID": "int", + "EXTENSIONS": "str?", + "TZ": "str?" + }, + "slug": "guacamole", + "upstream": "1.4.0", + "url": "https://github.com/alexbelgium/hassio-addons", + "version": "1.4", + "video": true, + "webui": "http://[HOST]:[PORT:8080]" +} diff --git a/guacamole/icon.png b/guacamole/icon.png new file mode 100644 index 0000000000000000000000000000000000000000..5f3a76ceb2751fff3f762eb4a478751e5e49e8d4 GIT binary patch literal 27754 zcmXt91yEc~v%QPE2M;Xn?he5{1b26bpg|T15ZnoF0fM_b1PJc#7Tn!`zN+_XYig^y zX8X$YPIsSk=Er9xX;dUaBme+VWo0D3001cVzkvYvZh>@ikGy}unaE2^0B`?&a@va$ z-YtkuGTN^1znK4TfIiWtd%hdtzsf2~!f(S8;F58DbI~~h05BjcA*SZJbe!qosiyuo z(0R9Zz;Vz{6O1K88!++h3?U53y_&&9cYaM@;85ptivAP5kr*Zn>;c9nFzP2Hvi3VO z@7BA!fj{dl%m`){@d62VSAut9tbBJFcZp|0C%yz2!IoR_Mqmgl(5>$e2Xzjg1Cz7= z=m-m_&!1TVGX5!2U9fAputu$2;|Rb~>uYQK(OD*N415L3fNOvehy)b$4;lcg!^c`Q zQ3`dsO>0&&s82hQu(1nV3-ACwlo2rmhK0dW2$Bhew*>$GC`t!0oq<8X!U(*-a$i6f zC59|8JIes9)ko`3>;(Xt$BQ;vPR$V=Y?taZnT%*yhZGD1q(ANi32sxeX?8af7C?HPkKWK~L&k-T3PK>?;e<@+a zuHgcJS12%1v^iD)NsKomzzzt)40OW=<`5uka%%yl03#eLQgnX(j9*(QKadJ^z@O7u zab$r(WEqsi(NSmB0CjgYfs&_45`YH9i?l(+o7{mA2ou}{1_A$opYR)U&wIE$lRRv| z0?Gi@fFV#9CyNkxza9Dq3J~et^bWd3*yo!!J+YyWCR#jW?*_6wGe{9EkG5+AnB3-XskE# zq|KDo=P#2JTWH0?BE$gUKnepGRE_JfhXcsA%a-V2Ll*kS?HfA_pa~J}ta0Ze`J6Hh zwdxuqwn_ojhO62E{sD671H;4I-+ zPPZFa{#SVnylx*};@Qa!F?69fFQg3wHqkJIXa#V|ZV656Eq~x3G0cS_40Kb2Ewu|2 zTBoiAi};%fn|ff=Yh0>e*PtvFx(a6WmcQSf)%>fdz?nu01--A z!A;G}9HhA^G?**! zT*d5m?|2sncp^m;?RLB`;yG<1paF#dbIw4# znTwbfaE)LLaD#rzy+2coB|5Q(w9a1~O7JN)RF?q|^cM$alPd$Z3MP6u^pE7HqAF$* zw61NZCOPm07~zZ@GkWx9PfY%a6WW;#2`~g{{pY1}PaY^06DySw)e}X4ID!~A1;+7kL z9!rN1$cw%R{DZP0SB-@{hY)w|0Tp0X3>at7C1?bgkb(LH)8#y6gOnNw4vW|^O9|t= zGpD$|QPom$YN8^0f3~eJ_(&T7MC<+iD271aBZ^Yqzy^X_WVwh3e6FnFrabVW2Yw*E zhX^=>jIc`#z?KnxgyR5?;V>lZv%v^>7{CS|uaadP#FH%rw1CzXx+M7iuaH1BVjxaI zdqVL&pne>6BA!iB(WOD?QQSUo0qTJo8PPU*L2igrCML|Lfff(}QtNg;h=uvntBth5 z5xdS32=<19>mmpG041+)V(qEgKtn(VITp<1mDc9@VS6UbpDTQLBRl}L-t>JcA_W8% zxP89^wBA#4E37e7?h^W(;s?AK z1~~;n^nM89`!or-4PBu3cR3ae*(dVNg_NlGI5p(!09X^2Xy4~iV|FR=u4KnT!h##c zx^oZ$&rw3Ut7j_6K?lBBFit%6vhUke*bgT?r&}w*7x&u}U`|Ds5}^m004fJdG`a}4 zD-uOy8rT)Rt6&@JpFen)+{KdXYt}DXo%^ zl;?p(QPvu~ZNXTPs`}QMc|Qb zRqyknB3qT)%f1pcR0PXPAj*sw_Jjy>LJ<|bVF*0;>t~5sZQpDFz3?SBF9`ed7wP$% ztnz#y<9i~aUK(*%4trBYHDV;L*pL-n35JUPYnV{1iy3^kO_WEwdi}c4<7s#h=n(0! zq?0Lh)w}9;dt#Veu)jQF(&_J9W@}gLDfi+z^$LPF;&?P#kjc{&E{9Q!&EpmvJR5;r z7+XF@p%-7qd~Q5<@3uOwvjI=6>7vho{GTX#-N%(?7?1yHQQgH=BTgsyY-=+9;G>F~ z-bqS6fK8YqWSqj1?%wQl4BbN>S8ZIR~2GrX9A zun35PuFk3t6m@J>Zi;Ukwt{ZRKBD&He6C_o;rQx){pv6BbBDs5ZA#sm(C)d|zKDNV z_<3K!$KH70a~$pqoabLmLuJfZ1YSXHDV0X@mI#GDw_x;3mLGDL^C6U0i9>)k=PJoW%+}fl%@sB=uaNExXV&h?CjOEPj2-jYIq1nqm)I=f<6;gh%SI zA;*y(vdGjHZnHU+>e~xB@$ck!fa-0U-whq4#_@43D|pOD?F(A6L8&HZ7ZV^(KkTCf zE0wVV3#dl)Zgg8;5M{6Fel~c6DUlqUSlpO{8fG&*{>f1IbGJMHp54JL3h@4zl-*{$ zJb=wk&bbnwkKdq|xEAk6CaxKD?c8_T( zaL<+1%PDxL&)C!rqh#VnRV)%)a4ZY;oAw?)B{T|gikN^ToJyiXKVO(@e7k6M%ph5r zw2D0KE1T)X3>%VwaxvxwDnU)zA(C5xJ#oab9Nv;`iU$me6t)?7LXOykkvj6Kwn=MR zhAYKoBlaK7*cP7q5(g(FvRh8hB8#VGe#V&$X_lsnTs{}dt+E(qX3j+nM^}RG84&+| zZzk;OEFQ<+6MtVT`0=p6ifLFR{j!SzW^oS2T-N1YlJJBIuuq5mNNwPQ6O?i<3yH^7 z?7)EtSMsp2-lUN0BE#{RQl>+h!zjkDQBg#)@7YTfklv)4Y(bdMy-eW#6N5xYz)Gf8 zf)tAi52h(?f?FHY+&TSSOt+%TliPTSF{P~9{*uY|LHLV%-cNh;n$4NgW%?r?N7_`g z#>;RLzjn+n9AMzx?}afU7+n<0?VuxyU(^5(r?dn)`fl<&^<$OaW{Fj@>DC~-14$-7 zV`}GfJ9uuw`1ArAq155y{j93y9|PF&rb$O8D|S-7Cp!ZtH|K#W5%*4CK zBY`=X66W6!&LG4?4H&e6%O?lXGySu{q=a2yD^&w69#f4qfPpC|< zL)fr1X{IpUCyo2!8%@QpriNJoC;`1HCai9n&R7@)`~okxzm%GF;^pS{YY|YXGU0Du z@~zq!&cv#SdmZoh?!~e5)KuI0KV#?!j~^-cZyy|2TeLI%f;Zs%&=t_Z3vCRtgJy+1 z7V#2zX&(nTGdvZ@m@zg_o-MPciF)}=?VN9=J-Y{KpQRy(1yO$|^*1tBLmBQGw?%=K z;u2KA%;sd{d^x|s9s5<^@+8-T0K5g88vas7{L2KK=5){rYeiR&b$I-Z`)M4Y3WT>w zf2~JGBw{!Egbxpw8f96p)GFM0*3s=XXdJF$U`5Zoro808RCk^cRK#DGIZEw85)lod zh<^OBhB>lE2HQo}^{qp&4faRmEQ_C=XKs%)e|VW#2D)!6)m4$^Wyk`fPvf&4tW@ch z|03($uYX#V4wk4=PXR>PgXTlEx-_j9TsiVV0KJiab z6NZid;(pz(^J)iXyOE?_bDF8NcWY)(;z}ZV7QRJ_ z456U1&iWvMg0Mi2<;p_72{r5NmGQ1bHkbZ7?lY>haQs1~P}&p;Mlt_M|GWa!IiwLe z45}+X2cI;rhetxCe&@#~oRU;D;*W?T#@c4x?v^hW(&l$}aRt{@x&`<0mStXy1g1T_Fuw3lHI0! zp(%o|*%F)?9-kzr6_LkXwgr3u!Oe20EqEkl26~fFc=J&m4&F55RE!!pXSzfZ$BM(T zv+p-|Oqp3ZrwLEl?8yXzc987J(aL5#(U=pan_mz?7?*A)!uUdI;#5yx6QqZ7@|J*` znX$v2)90S#8Qwj)ejfY6^#^0`adWTP2|;8s4(E;~ws7n2Wg=_4r9E_75NLGX4P9U#khSm?9*7t3{?Ffd) zjw86`E4hhZu1}^Zg0nn4@PQ4lrpdh=0a!}HE}cV{cJWTO?$rEBnJ_c$kmNFi6eF%B z<%W5J*4<*G#T8mKg>_fM8KWu^ujiy^eBaW7#vwms2+w9%!Kn(=B^L0(tu;&XBV}c# zm*tlveo^7%GO?!kEpgP7)ra;je7D6!n54YQMR{9Hms6kozl{~Y^9>!DCAzAkHj;CE zPqAWibL4}B!qvLn3d_UB!OOJI z{D+J-6VYuxEC;akqON(bQh{S~?gU?Mk%YyKO$1-GvwH#@SNIYpc9;Po!B8jeNbYMU8dKrT0y4C1Y@AnOv z!e}LamP5Ckx^+3`;6a*Jen2njGd51XY!C$ryI9kQHD-S->x-0XipRiA zdVVH&2VZ)Yro*pK7;Jt=P)&$krY5+t1c1ZsKdGKUt?h|LmDbZ{OU2W}X8(3v(PwPZ zm4`254dJ0H4{N`7AQ>vd+hyiA?~Ga}IiM_PUfSv�ZSowDY zCCE*0tmRE&)|)Ap`1wC&^&>=fru-~&6ZdvKZDq+Oc4S);+WfWn-X-JZLr_k>aMw4w zf!9AvPChU9AAj4;Ld|u~g?^K#J@qkNL?;!ze=%qNfQD#F(#(5m^@d0Wjh~#0tu9e% z%ysp!F6b_}sD2=8R_1rmK1hJBh<J^ywWbR>E8boR;tVML zP!#QetLjPTM;~VU7ZRrSbg!ipQTfeUzD7|EbIwic^v6^dq3o1A zM=ohEt9GR$!rII%?q)gB!roD(R&OMwAwn7hE~{mEyyR;#fnUjO63Lx0~}m0t{Y zzpsJbvv%=Ygp|VIN*4``_N%B{shmM0JdPQ1sj0l&wsuV>$utZ3z4XNX?xvD^ zWB%Ehv(tC&dI|`{7oXhu(_>4SpW07QKT>l}?v0q9tyf#m(=2XNqolc>WQW0{P_K$8 zz3LrY6Ef2nD@KqI%=Ne^2%>5S|FkNf<7wsa&7UJ|GnQr=K>m$+R|l;qF!WUbcQrG2 z<-%(a1syMD-4mJ_;dmDbL;wX|Okf(Uie&Y1U%AZ`ITO5C89iGCZ|~qO`Bxb@Kbe$j zJGy!!2{@SdsQk#t_oNHnN07h%n9j+y6(+DA_aJU=;}Fp-Q^sw@wj3k;XzJE4?m?Qq zqE{h*n|JsTWg~M97Xz)UQ*b4=zLZq!;r=3%3bFVHw#F7Y8ZM{D+!?Ri<*(@h_oR-g z{-&86HcmB6a>=+BN{gPr(2$SG#Z71)ZCxf+4~~K}BhXc0#T#vq5c{P5Oa{_nHs3dg zP4d>Lc~9e)3K;O2B1ju;AdWSLl6;WmC?&Go@$IUfg*2%uKB7bDam|B8O?|h4|D?od z=JI|T%8QX&BHFOYWb1NIiV#i_P2NNL5#I0j{=CUQ<*C*OZ&jlYRJ4zt(SwfkA zg`M~I>n8p2JjMPg2>(|F$m-*WOS>Z~|5;OUsIjw5TG zZpLMkE!UE-JF!iJQWkOiNoDNcZ$mGw-D7(Wyt7`14|^`Xmv=LYILBkY_}*YFKm+*p z%>^zGZeot>zIk93G+ z&{iV$T7c1U74iC;inFM0eQqZQ;-H$|z{qmEi^ES0MwGi0r4Z!kv@DKZC>?aJv>5-Y z=9P^4avKtuaf0C$2yFCl#$y&1MvC621F_qktU*EkGXJIgRVG)9i`N_1qVeoW4co7e ze@`;%#nE8;tP3Za#61ZL4cGYf7rzt`?c04)8GLQ#Sx=p5a>?OO0&Nd@l7Gsd%zE|n zwq3qE%OtUz(iyC+5Ap*1I%W(Hqgyzf?6QhH1J$uixO9(>(!%q4ut*LoJn=_bjz2Vx zV#~$wD7tWq9Ey6`A8svx_MzES!-PXAX_fS~Tz;|5Ee6*q7M_c@+ED0nhF{YK`9KlC z$yrXY1H1VCouKYJV-N}$`Tzd{uGk+@<0Cb&xoGP|ZfVV+y2Z*=?9Bf;m*X`f5 zk_h=`i@oeVwcaZx%Xx*J0< zoo|IE|3dWLo`40G3(W^OZ2yfP*@tKb9!GJ%^4AlUT_r_2w0^N$k1cgpKJUKXY1&)x zTBO6ztX|5$z!nmTWTVHezu*foJZ|ui+S|oMrS2zs)*Ymw6)KT@(T|&M8~X5|bE|NO z_&w$;P83@(4+VnN%j4v>Tx*hM3%#O7&rcp-!3$BjpC-3`&uys##pAWhLn3~atR3|_ z>-obcUtle>+B&U8m+nL~YY2PT_>N3Z2G14i&# zJy8gWT+XNceKhvUJb{U|tH1W^>N}i9r*6^k2Rc7hz4>a)aQ~U zUy*+AE61tA7Y>yC+|BR%$S{(nzTs#yS8d2=>YSPfc@)#1qEQj!vX6dOJ=nF{uTx|v zYxtk*yk5`I_kypF*}TYHL^mu2JYK%urfGXrS`ggo`L24rChm&onH)B}wD7R>+cXSI zYPm5&99PKRdA7M;H|7m}hRnE)G%fJ2IQvFP4rU_7rjlFcR6~93K*}Jsq}JZM@W57QXZczvxi8u z)0VkE?QaTvWdATM!h=;Qvjw7Wj?*X^)sFuw4^#+rvi%TXpgn7NW98`RXD1cil` zg9G_uSMK_!XMuF85$BQq*U$m8OocEx`PS9r<722^TqB=tC^1U-v_c_U@cuT!?tt!X zk)xo%hd__!vmf$kPnHkGkEsAwORB``FWGHF0iXMQ{;+}ixZF~~D7n5VurNc>3RpCY)mXxQYtaLmdL!rtWsop7tHg&~X%g>mPRC(SdWi<7!HC$@ zUv23h;eR1jxc1Dxkc*CCA#T0Bqhd-;&ku1e3!7rv25O8q43(XN4T|$$hkkHUAKZA8 zbZKBF9pxnxFGf5QO!~^&a;D*tXkT5oSKyz6Hnw9#UVAKRo9Rn2gn|Fl0_-HejI_pI z;wS(3MHU2pW&L2B`uE2?P2rffzz#%W?4UjO9ecDX@~OH>QlLrjV&vesQUoj|zm)yJ z%SXq%`tE}YVUf_V?9(W{QT-ut$%9wm5onAL4HVrmU`+*b43r=8q=g^_-n$-aba*by zH~WR4+5Rj_kt~kuu$|EP2XgAq^gZ1-f0_IE)^TjwG#K?l z-R;lPspTf;ZEnr5P_?mxeuE?oNpWZ~J$$7hG`;)%Dy8>$x;ZQh1D)9s;?};Dtkhf! zDN%DguWIt3Adv1eB%|LVN5A0ZyRdX)+DR}HGcYrw0UPo1e(Ix^M7YdaR%}E}O08C@ z&fmVYycgMtA#j0Byjszy;rPe?Wt8n~4Mpqah#G3jZ4Lgn3+gXw>R#oe7MY`+t=5Qb zISp`iB!=uKC7hO*I3H(N9_sAxqBF9GLwc)IS4*)O07n51XvDz3dMPU&>%M2b&h#Tx z$3w5&MYW0|>x*9lO*kz-VIA~<#q{Xkd6FNSLC;DzGf#={73HFB2(i}lepS`EScfVB zobh($spg4Yi}WoiYUtHB{BCr^W@cVyuKS+|C55CAT1%K6>aZh9m9cck4nAn+uSJ(9 zPpvhu2A_G;$9@rEErX-op=(da@4 zBi~>Q@b#9zcum1-qj}nl>LUX5lApP-TN%KFVYGJTLxvX5_YtVVPPrl#hOP~2Tv@aH z?J4Xw)_M%6Aec>@70945Y=u(Y`u@fUgMmWnM^?74^u5my1`a*H!QF%NbnEMv;quIS z@B{j6bhM&mA*0s;fRvlGXup`m7&i7)pz#?ObRDCnlJQQq z$Nx+OQkXzb(#3Kq!U^6c$3uSk+KAZxY@ORgC0`$5%$3HR4O2$aejNs%b-X=rZagEh z(HH||g6nV3wcV~EKMCi5b(=O;qde6hCvf^-Jh}(f{`gY>_W{UZt%up9OfzbphHm<= zv2)pmti(!WBRbhZ89wKXvQ@tW+l|_uZXWCF6BGD|(h?%|wdSep=5mA(RUqWXWmfMJ zMFMUBu7x)CZ}Y7{rQ*l^Ei>dB{`P6>{wNf7)p;5OJRdh#I}`@vmf39l1ki19r9s&K7Qn$W-9<77i5sNmJYa%{dhXZ5P>VaFCYd2W1wog926 zc(` zXtgC-I%68xvBdvwngK^39QKiR@tJ03I3n71{M1nwO>7b5Hx{d6nC47RC&Cf_GWV;V zKPg(R8}3Ud4Z=JI{?YV`fo0q80-E=Zf45E-ZnijRhgtWN1y!W#H#GOsu1{6V-A!f! zG+}!WSaE8jiomVmF^XB!Z=EDC0&#CM=hDxH@~*KKFd=>~>zBh@m`%dK?U{aLzq&!b z)frv56W#msDpt*Kc;KA7yI8=2n`m77TD<~EmB{nf>I(Gk@n=M404o3&CMSX)a*`(1 zj8Zyk6-40_?&`H|Y^-&753?DM$)VGi`DTjhb6NJ6g3dJ`o)x9AdHW>7?RrW?Zt+Po04!K6@Q%YB=ak2Ko`OjTUBQq*Vn#>7^FxZCM^%b{*m1CY0;v=E@?7 zH9@&Sdd~FTNQAr2W_F04T(MyHlsv@R8v2fB)+!bH4zzyso0n1z4h|No7DRHr^g!b4fH_tKo3$BQNKbY96xg$G* zz#islj11@v+Q;9=3RN{HlwKIZkPU@ilMcCR75$IM z@3Urj;8G*r72%{7Kfa|xP;g9lUZT_`Q&D;YR@+>|7UU)#crM5&^;EnR=w9>@_ffhyeD_O%ypXHB zRx3Ihw^K5-lqTbLcUi&PvFtCgZ!`ck`0Q5Q^kW4VVvAUH%UH^ zY)oH>9f)SdXBID1`*D(XN&n2O@pQ(K0)TZQKa3y?B6oe<%T>+tyYtIr_%mozW2lhfzM}EUEL*YD1$Fd8>Dr3`6FJ-*tZU2$jNXZBBLESW3PAVdqeA$sURYA&*1< zZ!-*~QXQ1Z9u=^Hn!=%YQmCPRsm=|Bb6isa1XO!$Q0fE-uV%WmDy^&wUiJ(uv3f-fmr@A)mLg+?q4 zFQVIz{VM(PM}>@hVJuF0%Vox045!0+k=JS1{EF0r=r)^r_f`Z& z-U~e_c9lOLm_a#invd*11b17OD@&4Sc~e$*7apYiN=AoLzIad}s2D%ry!5!67R^$< zmS`bPKR@uig_{!G!6Z)~d<{gf-w&-gC+tN0Yo%ubJZ7n5IGy5P09vg(4>Ru^(>J}O ztWmr9V?7T!rt?oiH`;+112XZg<@BWoWpm~RzC{K?*InnY+Z8UFA*gWB6kl}vUkyaD zB=wKlz_1giV;;0-C4BQ`EiGTLX+0KI^z0Mp?DljY_(5Mqg2CS3@aa}GJX6PMLDn-OU3Be5@%u3lL3!Giy|7$Gp%PUx&yyhh&sI+1UL*z1&ElxqOd@HLIHzuWgQ^DR^f@oaCe;;$F3brsgX8iA_ z8!J@Vjc`s!d`vCvf61IY8p>-0{aJw;flDvxXqTGDJ|n~wc^ykx_qi2drFFFyr=6uf z_Ixo5?aB{)!0i%b zYlQNx9qcS={#B$`IP9qBxqf9T71IpM-0`wDX%zYP+RPZ$XEk2bp@`v-;f`P>bgtsu zU7T&J_fdRR*zNWgyn|lVt>3k1;vXg7&`KFaK{%kdXY-9-ZzL+Wb`U4oFnN9@sFK*_ zdOt3-_YtC7dY{lB*1Bp?(csrfGNmrLEZYlb7!u>9MNhIg? z;EY)3>&Lobgh7n}W^Q)`67r-kpLBzGc1S^aEqMvqog zzQK z2JbA-@~Pizi=oUY^&==R0@-) zk&ZllFn9h1G{dt7^{Zwai>eZK-Xge=N*d1iT7szR52$_8-!^A!@El$?mX1hu>kKQB zoB9gcX3aF;Ir^F3rs=~q`~UdG^f+%r;>TXr1)a$Y>vhhOomR>ci+yf-la>n$#&qCw zq*-o0q?}IY9(8<|xw!aA5LVqAU-z2dSTYgx1n%sHsC3??RMP0bOpJWQ;@jiiv#{hy zlk$5qOE&CH9aCsJXQvSJB;u}pxvscFLb_`+6{i`*0>8oD#EX*OIw4Ece56r!nkfH4sA34EmliM5ka%Ip%q)xd3nt3~ zY$NgJwtZmTv8St={P$ah>xnM3WK$@sCUDq#h`Ln-8V~X6mEWd}cq!kA{Y$3#SVyDr z8oEcBx8)B#?0KTYEAr2MEj!hB@8-(g*N}Cs=oGkL#4dW zrBVYIW>#M zU!ss@lkXfT;UZ64m-h3F{#Qufl{@d(Xc@<^h_XG84^k~M)hV|4`36BvgrYSxb>KDT zzq(&h>ya(Tg^nr_Pu7XNV*mR178WXDmX#d0MT*Z(w&^<=PJ9C?h|5~4O$NaA(`Y%5 zuqY5f!F?f=59kTBqqB!<|6D81xNZRlsI|DZAQCnO8LOF68(%~_M^1D~m*(wMmDUC=*@=zMT& zyv#`duBwx|OsMN!R?I=Glu&t_@*Qf!%8IOwApJXw+*?T;K-Lu)~JY?T3{_r-~F8HznK-p%C)AY&6)0dhLw>lwH!nL|LazZXuwFR__EzPFKjZaISZkl+x)p7bi+hxnC~ z+3)Zo^dxI4mdA10qMz#?ub#IJ|Iwg#UZ^Pj+nZ0{T~E7sXw2?-8D*?pE5z|q&)fyd zLc)3%vyk5xlH6V}fs6g7->?0FYD_NiFm=0P|4ab#wzcq%H=2ePNO$NkN~PB@*7CJ* z<`?&}D5So3%P<@{1x!7))r2QBF^+VVyw}>Ya<0wHxI!DYNDv_}iyioMZpZin6s@Y{ z-JSLqF^lH6zFFzZJ59wq2t9)(Kpgnr+9@R?Me2KzmUP9PK?Q^7(Lesbs z^w(AH)T>CwSH&C13Mc)5Gf<^Ki_qhW5t%uMoobjOYpc|{<}sVyljHjO(VEovd?iKP zGzfkK=Q|tt_#>^KLR$ml|0$`mrcNhvcGsu zs6SEGul*G6y8>0(ho8}fBmN=%QQ5X^OQwQ3xG^%oU!m%k%;E_+j>uoCW{WyaZ$~TB zcWo}S-wex^-6bt+i>2?ZJX^bPNp0}eeSU)i*bYnLasHa$v;5fYu}yX5p33 z*>CbEGNp^c1$Z^!D#q4|j_N{=1(9djFuQ}sHY=7hvMmt6jtHdEa7#$h|1jDWv;33H zl58B>cK3JwrQ+w?G|d$?V+1D=qr5i-X}S92&(*Vx=(r)i;jY2WRA`z|Ivhe-ByS7- zRIp!6NB&xD!j)-~<9`xN0QwspDJnLNlHRxdiQFR)BTjy<-|DxXginUU_&~vVmEu?6 z^TY6v>!rInYFKKG-k(Lmx~+c?2c6GVcii?7ix1cZcyy9yCekNCLXC{>*Tm6O}@8O#6)`YP{G1M4$@<`>Dw)*2~mii%jTQn z?GrC)RfB38r-JAbl?Jl#ja$nXOec#~1@&7m{iRS}2s*|ixIorv<-@_)?AnXgY%&JtR( zV;Qs}Hkn-hBAMJ9K3l5UdEXs+R2eI`O-w{qy2K7yX;XNNP7X1Kse|{)n-lMzt|*xPm?hz6OR)gJQJ~Wb{_O<%OSYvQ%PFGJ zOj$=507jzZ5L*gfQyL91)+*2p5vBJ&;CxCJPREU@FmLEsV|me3@yDZvD>&6lfTU;v*Aj7!674CytKpaF`JD zKrzokqw`PY4U1|9x)a6><2KQDm2B78Fp+q7`+cGn$;WTQ42`(YH;a+X#US*n%lO>OMBhD z#8i*p>G&xUpc#7LAJd@oW;AeU69d>^jGehaJ!XV7&7t)sap~Z+5?Z z@#!g4IL|vBP2s|E_+~nd-6!H#$J0XI=tc&RDl;Msv%Ql%^HP)#T){VYAD+n*1K7V) z67GmKS@!i^ne49dc;Z?<&CuPPkv1!-m6 zSHekB_O+=ewSu(EiYO3nPZ_;y*DCqt#L3@?B(70-?!Mo=OeY&yJp7yP7Sq>NbQKy} z0SPbfTrEWCHw1NEr;I{o-tGY$jDq;$XY+0>IwH6hsxy>KcLu|J$9m32jiV7%DjiAH zRBpLtv+z5pRvmJ-*tTJ-Z(BQIv9bLJnY#=N?Z-aE1W7p`}0#V!1 z%)B>~x&B+!?&HM!JlgGV@4LBc*?Z}(F^=VF{Il`HXZpPjyxb|czG9*m3N`P}&);*9 zV(H9nibV$4y3aS-`89n%1HT)z9|+&GsQ$7Qd;J{#&t#->N85U`pF`EnjT)ydj-+eX=R@5Ez>$j&aBg;x%WbXM}cV?UoLY}Fs-1QPweWKJ1cs67ob${Es8sLI3q2n>?w zxy0fdaK=iuEGWxJfLLlt^|D5GRYjuXLqL8Wg4(Q5kq1!PGe~VlyI%XSqQknL>7zEa zx{+;z4x1+yK~dHFc5Skb=8WFydh-^^2f7L_`Vo@mQ`#>83_>Xgu=r$ zx+c$sT&r&5GFkJvwt1C=nz#P|eMZ0VE@}f$(t*y@GVR)lMYG)zXc2s-*AjHmakCkp zwvu=Ze(LH@@U5EEp}rRnksG{<`da>-6t<2&o`zp+IwccAN3y$E%ajf42P(bR9b0_H zW=#bMBeNR9C%S;&uo#=g{d-!s9QL+;;ZrQuly0NUYynQ}?N;;MQE!i@6P-MMY^CKo zouU|`4l-c|;)OdU>W-_I7K%Ghqd8lAAPErUZo=rzIr!Y) z5{Z~kswJU#p}YwqK0H2NsWBVG@^x_jCum=5-Lg6aA8U<(7mpX8v&i!nB5R*As*l-X zc8w}dm0<>DRk`05dvode%Y{P^}9ZhU%nEWHel)xZ2Zs!jg`k0Q-?D3d+ZDoQI zKCdkf1TiNf7w?bNES~n)IUMB|+8a+02r{xwV6TNlw0}L>$HF4B6I4XaLMX`Pg=ye- z9@KI;cj;^RT=zQ9wEnuG>sd!%Q@i#P3El0BY*Qw^V%63}@NQ64t;MKOWwvW4{RoQ< zBIGmsXo2&u4ZL!GEjFEbi(8p@xDW>le`hcW1EbvUSG`;c)P{~typkzYRcA%PVHft< z`iE3EMwVaXrBrq0QX*IomeeBUF9dVzG%RF;l|ILH#a!s?&+(K!A{P9R!SkBsGojH4 zL*esn?D_V3tqoY^5kER;Fdn3+wV!oVi~Zm0>N@EIa<9{m8Ag4%)L921faK}yT~=ZI zHmRQYCdt5lY%Rxaew+b@1L|QyNJ%e zub3L?&1Cjt8yRiw=2_k!T4F)5h~Uv_266g5g&1L;x1%D`70#4hHO?e=QZC#GvRd9V zri${x*!F+3QMf_Pu6nAe75>ug&Hyb;MUgS`!JaA!aV1^UEDVYF<||dM&0FlRfZlm} zz7QhVFdCi06l4Dz!EMhE2ZE z6&WnJQ*zm9Nb4b=PT&ag{QaiWopX_~xL-;Blk0ckDT{`LBnb%h=L*y?4b9=%_;9d> z+i`P!Ek(RE^AtO%x0gI<3l4-2T9Q6S48~q0?W{F=)kh{GQpjpEi5~>sPZ^>(785k< znE348Xv5E~v{}Q@+@R(+ED7ZGAU_{WJqB)-afIrsI4@=RGOjvWx@*fs%#kc>*oV#3 zr$G%WoQmzT9G%CgX+FUW6L}IDafMaus8_>mZUrBh_M3R+a!_M4<& zxQodB<>72hpSgLx;^lb_vB~?9ZPxL08<~;~Msy)=ucNCN2cjXlnV{dJ;knBQRm*kd zP^FBFWn;xGWq)U9lV&*UGla`ttu?tdmy8hb%oN&+r*Vzl)Q{8aZ8SYWrm(EFau6>=PORA2J^`8q5irx_RSz{n0Jb^ z4|%9I6m%{G8Ez{t@eXv}jXS$tF*ZESDCZ9!~EP zWhob~KvR1aB{>jLcB1|fseBAKZ&p`))2S63F%AG+*)5+b&>#ieJOW>1EJEoo|Zp-6idHU8){(E^sPdK%c%)Lv!|Nxc{#h{ z7j$&1IzMmQLj&}L`-?t&4hL9@Dj1fboGqYc%#VycU-IKz#p%2uAr?0N*4bWZ{E*pe zuAj0lMRjtMg|!-pjF33?}v9haj@3b5WhOwa0q_7NP6Yk;kpEK?Ai4 zQhb0Ex@j`qmc?4`56il5$I11^Lfjoh3DK)`rpv;5RvQ)7UPCoMYZr$J%UmYvQ^LXu z7i5`{J0Z8@e;r+QSR2jP-Gty!LUEVkUff;??$V;gDHONjPOt(kPJsf&OK~giR@~jK zxVzhz-OU}W(nK-R35 z1UXkGV5Ih6E>^V**27C($*0#1A47+U;Y7+s9eK~ ztW~8w(4Q`%oOhnfWy6E{Mm<$Oxl>aGC7{P^P8}mBGtHh+6&vY4y$FMs_5Tw*G+WoL zIwCWMXx+E7J5to!cAQTw)D~s(cVRxlaUnF65Ht!-hsK*hk>eJ6=bQUSA$QD^;WDEI zAwX&^G{0g*zoWVRd&VAd^WI`9#T%5_^B~|1}N(6F$w%y72%!Gwqy@3saRD9()W94OL7`);54X4K|5OY|p8))YIeB z^{$xBt*s|)7)HuwKmp3Li}M=W{6>&8J^?|?DA!QEWv1V?GqBiC2U*ve10FZ_i_48V zxP}Uvo13ZRMMspdPc!LDR;7PY&2Qz9Euh}r-N}Vvk(>*{JIr4Po$5jWeIw8H(3ni$ z^ZvB;)1i*o56|CC0QNTVCf^@+&g1exiGr%Czc_=?=`6O0vA+iN_B}VIgy&px)^h6E zQZG(((W`h&HL<%*93Uy)(;!wAU=R2iD2lnp{AV~X_c~c1MsMNdRAqK4r_F!cuj<1W zY?@+dh-c*jo0p^C!{+#?`29zx^}sJ@+6jh|+6`9jfbOXrr~x;6?Y*?XIE0mSlJG|S z@zhXle<#ndffx|7rbBx>Ea+*w(l{JLwfZ={9eCF^6Z!VQ-j#TJq5-cRH2@!haqy>K z6vSb)B+I3xT^;Nn;6a5zmN4bW9sdU^2Xz+S)HS=>J>B1+WFQhWGaoAy`dOAONa0V2 z-%11Y=48ne>l+&v<8rGn%dK_`HG_iMsqzdo;gsp0HyxL+hOg7g+CIg$4p;X%Y%%|; zxxfOcBaAi$@xnO<8psjul|oqLdUGq8v-pEgH_wxnGj{p{E!s_djrCw#!0n*M%}{~R zvY5;o@&d63HVTmKw3K+4If;@9%Bm-J2ui33r`*qU87?}wem=^sqXn@c8Oqb4C94QR zB-PvRq)Rb%D#^|$=7MD`xeIB<_qM(Qfiqa^?SJ5svW{fs`>he9G= z=bLFjBx3@ChhqH0(RP&WY$^BQs+X($`t$u6n6sdt&B5~cgzsMr_%%*eq}`N=@%zB> zqTJb)n&$hv8pmS4X;2l=*UyGvx!9y&U1++<&Oh0S@%6BY9Ja}P)p$Fb@OQ%lg!W?P zNfSBM-YTjz$}G}+&{bNl*lJXlpO>fT zA;bh2Ihug8P}(!qU_e+xJF+<|E?UI*8dkqNpKXrRhK)Ez$_SMMaW7o>vpGo)j>$}_ z@U?%#&Qp#KrB`u7i&j%f?uuZ19j1B8idipJ&AI{j54e5Sob_`yM(pfuXkl&3+2ws# z@-SJgWLZRJm!c-G23<3TM1`dV{_)e@Iw~b6XE|p>(YEFT9pXGp{3q#-X`r<+7XCN* zT0%NXx)XoNPia4;P{+VlPw;L;H%0R;Vf9}bPbTfOy!t;4n>$yI0qPZ>W|Mh}Rclph zQ|{FNMDEIi)m>>orfa9Q1vEYpWQ9Q+x$hq_|Gh!6^SN%Yv@`pntg6wcIVs_xgcjF@ z>AOCjV<^|Qd}(&PQev+(N@-6%F>gi3_=|SNOYmB}gy=OC=mWL!OMt|pW2m41*7MhkijZyll2eGUopPY2DwUmbJD=%cYi@A ze7I9qb{?PWFYLq>!71hz$Im4-L~JH;K5aXPRVUUyN*#uTXA4y`N5_$(Mk%@2h3w;u z=LL9Nz~1NdAfEf^dE^06ioZ-zR_pCLs9yN|C(gLpy7g(Vpk|M(ECBqCwF?=WI011s>JD zaHH06RtFMx%rf5$r!aL%nz3%VJ2>zMOEvDx3uegtP-D@CQ0TNw^6by0a*^tjAM9q9 zM)2RAf>0QQc{A}4RfiJ;8=YDTI6Sk^N*X>mw|+kxGPkoLj_>xY`^mWV=5?UDIzCmd z;JCF@S}I2{>c15U9N~Y7e<;Ny`j3z$Q*iEZsgS-H+LjDAs~6N|%(+^%cpnr+1$9PF z+}Z?}#wgg@t6-c3g#t$QR>0Y3Rm0{6XC0QR#hZ-b+ls-sntVBS(lXuvPf?%r^^$?k54+TpYP zYR+S^ezfS_Nbwgxaf=wU$Qg(7P)X*(_&%AvbUkLCOz)3^35+cz|8SE)Q#$=3q8YkcpLU;uJ6Y%1vZ;^cKuQ9c7j)(JN>HB=5q#9MD z&*axR3>}o73Fja1jnj1c>|CDIohyeeWxmrtv(`>{CgE?2{=Sl}f6%fbLz)kM`7f3A zgByJ>tBYzG=ELbh?iU*x@8SWhQrmBr>=M?$_uuk`)hxol;}DHf6nNen7fbPs&WP=A zIW~jaH|j`X|4x&qT8tKGxEvN@UmTttMqL1N?WVl7?$MLghe_1MFzX`a%FVafuULMM zCAI1Vn>`Kq`fdv4HZBEhjx$nSk1yCZ(aYvZ-wk{}YR?gC3K4{P<=$pKRyxa(>CNk-%c=l6tnm zp4^}2{9m~Ary6Armb18i=M2*E-m!d3IWJc`pA=&&N2&-lP2PItE_?%rXk=LQyu}a; zi;xi`pAMm;uzG5Z&BY)2sCUaF4wb#d1Ci{Sq4$DK!xDq)Q83rA_CvX6Kehel-ZqLf zeSiO#@Xt~o%QA|Nx3QIO*A8S_!GMq z2uE2P-s5xyzW$_gphubh(DE*^e`M1*_E=b_sO4uSnWnbEdVVnvDv4%N>^|7=N7=#@ z*npj?6ZuzUq|oj5&$=>YlG~{_fU?F4amCi`ogC#_N3kP_>)9Qtj~5th@%JWW;wxFM zJ>Pljcj9wi9$=Kq-X>_fhi9ohx;VL5Q294Ogpb)Bpa(D{KR(%X;ytntaHWj*&gOH7 zaY!sz+JCivpV<`Eno|VHRiNUGlb3q@&hEE4z^@p`%LFVbNT#GUhxM2W><*_Iq^qWt z^Q7%haW@3S0sn$7i<#!UTs780nYjrx9jgNdFp~!Xc#(FwY zdETFObf=R+>5c@!ORbCjz3t8;J8ER^ttgvcc!AYb2LLxnAL-kLdrkbk?9qs@UOceo z7}(iC{v~g5W%06u%=nflQ!9$5&6yJ-8K})dq{Cgo@~uPrl|z>!hFeeS}0-5Jjc|Y9chi?x6Ys3_A;LnE0~Id zQe63scMkdGX^CXeWjeXi<|%FJgd_`)mt$fDS0n3I(k`AbV_MJ1;nF~b$f1`XV@;d) zN3#(qrM&tkIqFf=S>_YOA$X)%h3WO&tljh3f9@22ltvEgA0k#NoW`Wj$A9q}4Pi;#J#4d1H;*I1`T>J)R7!va z{_E5^3`%reU!j|&i^J`yCughvcuG8dd#FN)u(K>TcMLZwd`sNU_%U+YVYqcAr>mKO zGk_*3B2skXQz9$B*71hMj?JWqU2wnMV+*B32+7dG)CXhn`%kV9?MR#7&CQP;o%1$3 z5gVaiuAWxQNTITw#Sh(yO-84Moic9PyTU`3G}Bf0O#`LoIW9~%uYTWZmO~7k1ez`A zQzQC-Ji|2QG}Eo8!HcO53KRqwm7*$c(q44AgmIWfTF;e!E<=RtZ!2{l zIRHK(K9Ua!KbFM}Dy>K2_o!yASYHYJHNBD@u5{SY&pXo;NM?-n3vx!{jnINz(pw)~er4wpk2wtnDGt|W1hhco=WQOs|0ZiYVa zAF-BJ9kk-&tP}{Y7 z-R935FxNzcq3Sn6%xcSK?7|gxU3nvGkE;;kPI(|gH4KAfinwV?_JL7d4o%DQ4mC%z zKi#x&Z@!7ptWGMg660Rci`He!@Vme4FZ7;HSsq%i;Jq$+LDaBIlOB{VMQ7&L$p_Oy zbDRIWqQTeAAKq^na~S_=R@OU0yqKPla1l~oe!^BL`BNqsGo|jBhv6zlRP-#gxKQi%kLdwCoT*iY;VQ#m4p3@A3tbWg4!uYLBDgi!>Ur zQ|u@<6q?=luoi|YW;T>cQ6IN{nlAz z^EcL{<(vKXay>W9WmYH#?tXT>8}WByy~^>a!y+gS6_|>xisehb z3mdFzQnPEY??UaEliH;=@C|2EH6YuTr3RfCUJU#_ehssD7YwIg#&z{R z=@8&wDuAirnK6|$H0l)3iY>MUy!d>44-Oz0456RWHs|0Mf%78P^L;9x?eC;Qj5b%n z!=2PgTpJdiverlKa_WEUYUSnWT*s<+c2eG?q}72v)g6uufs}h zOC*fP!a;QXUYvCJ5Ir{>q3d}fs-2hTw9TZirjWWFe=Ymg zZFlmo;_cfS22eZAMS=ko92W0GZ}T(}&@+m& z+Doo1t%3$;b(lqk)ixm`&po%T<|i;ezZQN;o)eU-jZb^d5%+9QUg#NM5!uvAtKkWZVfZj?@@F3v;z~x`_%UP z5B46jv`OumBaucaXV+PU^*ky1YNifeM0lVw+;|2-}@Z z5yy3x4>(a79(CV%9sfD(jum_jXkvlNPqc}6He0No*}wJL`MQ;iqYVLeF{s1!mP^Nx z1o5DI3DeeAY>hX~UHtWO#-B$|vwmgu1>(NXoSVtG$1NyUR0=rFV^no~y6a4c^a?EJ z<46ORChHTXdh&_jn&reyWO40;UxNh11D-br6U6IL5zutUH#$0QY-+`=@2mH9i@bIA z<4oM5I7&8i6yG^#b6~)NnmBztnY&F(zjrHmK*;hy&!NHIZj;N4JReB#R%qtLeNDcr z|C_~i@TA?*R!=?>g%i2IM_%05CuXQqJOk5JBt`{v;EririkC zed|S|KD{`ftpN$5uCc)}r>CcrjZ?(mh(2{j)Di~QfeE3UJ$Dk`YH`%lc&!mA0Yuai*O=;AaL3oTT0ElGY=qHO5C)+7?9dfDGx z;0@@py@khnw?1%R@q%feVK&|G65=$V z0Y(GZP`RQOj!APck*`f-+~zMYEEjX7zT>ti#EDmcnM&R#F5}pa&LG!Z+gjFD!h#2W@fMUSBA6Nb$k~R1+e!|kxlP?*^^)aivHN+>*&`pT zlMfVCk{P3|nHz1@-w#HYZcvO@GHbW|3Dc#)j7C6?qfo|BV8G~u(tMNnh{5yKLvio- zPsJh$4+hC@PVf5lbc7AD>Z^J%Y}#xSxar()_D}ey=<5!}Ql<)S4)cbr_`XjU4B9H$ zT)43qCN`SM-zKI`_zp*CB)dIC6Oby_G<5JQc@^|qCG2FBzO&`kPI0Nwf)9$_x2gD( z08|kMbgv^qB>~!=)7d`A)-7gEp^(0({%%D-^9_TIzl=ZoqAZ^DI+q2dlSk5+fP zg8Mh~Xw6m(x#-00>E_??R}}HcMAb!eHZAlyGU`gEu2#*ov|Rjub@qv{vk2gXS$I*i z8POlGQ`7=P#oV44!{qjChf3w+4nDe+p?&hw13(DgQVT>-nz_4~6&cg|Bl)`BkS9Oz zSeJJqB)!975(zHD6i*6~w59;w07!7*76sO+wCa!Fv=}G$S22&NdrZr`)J(eB>yQ}JFj!~wH6v4qDzneIw)0Hw$FA&)aGdLWw^lrp`Dno#=)n~4eUWtex>QHRUdh8ijBCDRwZzG2)BhH^+prvWvB!*gM zUxvQkk2hCI+&67ah8#EtMCI+hUG^2RDcld2aJ8-bjk%g%=G1|Azc4y9ipsukiV9d= zX7RU`4^TMPaW9+{h`Y4Y*SRsPcwL_PA(*_HW&&m?)5y<{zC@9+E#sk%K1dSV^hrwN_gUtG6j(T@=d)=yT;un$MNGi}Bwe(D zB(H;ay39fq=G}}wzn34Df&nYPAE%nSrDgwSQ!W^HPVV+Dml3=0XuAGVTl6&oAd`0s z$G%MB5ef%QZP!Il$=NB85c*wi?HGyhxa|%V0=u4X*5A%iT(e#TJl~9Dw&^d59hlrv zvph~QneAu&e$E~yfC+;I!HOszi+zuOQ|IOi@{0K%q4QPC=?NWM-n3{Q-M(u>wbL(m zn~6U((#kL27L~Tr_1h<4uWF|=krAmC%)dX>eO}$MbM~lZJeg`MM z5q4i3YG4ezU14k)nw*Q3xVL~EDf~Q!6tnq!uu_Kyfnw1tM=ZAM=5ZME9UNFUs$^24 z7qJQ`BU7w7@wo%(AcHKDzD!@#wa@!xDqmFS5DwS(I>e=X#FvqwQfA=4tWIO;r+%@F z8joI7<5r!mRr6ib;KWcuU&uIHi+H5T?tZXg|sNxH+`mj!KZSA(5MVbCkG8_9LfLe*WojCls(e|`C*;Or1JFy-8>g!QT(aW-UkBpbUy4dsY!3W2%>bp06$eTJsTH)KiVuqbU0R!wyU>!aG_ z+x3RF;Fj0H=XIKa^7*)W$IfEJ|!&!FgIClbpE_8(4ifCUBjfv1nZ5-1Vn#YC}$6$7q^P zYtu$g=rGdaGDC{AzEMFNgSt*NT%(VFDpQn_6|S*v|Gk0P?{$sT7wkk=l|7cDRfq4H zG1BpUKjH}#k z(}wxLEiDt8-w8d>&V~A)d6J);i?K|F6NM_urihEmdFlY9<=br{gn|3aI0x2bHr!6V z^GsJFpEdrz&(@|TI{1YVr?vlPX7KT^yWo%ctV(U$Vih;-TtjTwfdMyMl7SHUUWsnJ zQcN*I+Jqnia#eJ0!8gxNkjN0MXn*$3*8aNfG0}jQ2pJ;X_lDs44>W9;hG)TaBgWDP3`iw1U!+`31e?>&=cOZ@? zhv>TI*t)IBLKH462i=Bm)M!Q;s3zY9kZ~Nbr~!5GngdWXWr-f-gfumRvxw#B^VV^A z*Q?Z746frmNc8kk3G@Sw!*~{1 zB%soGrfw)PM=Ou(*m*EJy_bT>Q!>h}r>hZncA-`bSg&57HsB7Dr$b0A6flOaO(d9Ke1Hf~U~C2t#-=E|heF=r z`~fa^d``1~b4G%-{Rnb;MALdu%G#@S{5X7k*z;G6CGTzTc*NaoD<}*|78K)yz5b&;yGc;tj>b1eY zX>k0%p0U^3U5Ne!fM0Y7!3+w1fD_P_e6J3CCU|Pkv;9r32U-8G08mD$Nd8qIUX428 z6b;_Rq}*wvLF3%Ohg0HC3mZq!NyJ{3z7)P8;8ejy#yx_g~cE z7QL@bNb0*d5QdTHbvk2XwUapYBB26k)Cy=h{qxu+VE9(n;Q~HPG?pA#1)n01rCazy z#?7gmjDrWs->Ev+zgj@D7H$*~xuQUfNPVOM@B*#~{zcu4O#>$Zct^_VxViuIRI=qe z_FMhPCJC=g0Gr^}KjGRS1=Y7~6?FlWfV!kJFFRtaL^Z*;lmsxIj7& z4tu`@D8%ts&>~S>P%)om6>djj zAgJ{Jd1htgH5pP$w13;-AW>8fdr@pkb6Dsk?32$ud+0YQM4OXAv zfn4_~xkP~|ZuniiU%#zw( z-$tZ`mi(B4s8eIb5TM(!ahUYBsW$eS3qa8yg`VTJhqk8UB(P-dMC)QX3Fx9yM=T{# zFJXeW|Z1t^aROOiA1!0PoMz z-+*+GL4bSEEoZ&78!t4TZ%P{or`MrHOHGVKt@wf>^CxZ2$jOHcUl5JOMEX%&7}!1e znXU}B4?3qHs~3?)1(72;MbptR!J$_)7gfJoIPCaDc)nTCm7AHve6?H}B~`L^-~l-RnPq8g6b4 zm37K9#zE>siABnSF0G(QAWZfQE_X?Kjgf_5lwCW{R##si0}KAcA|?W93I&H|{QBP` z|E)oXcx(s}!Z4j~)Q^F&NfNte^kN?QUqMY_@BTg3puw=+kP-Gs@KPcQuSyUgz$xPK zJK_p{aq}KOtpljpZ1$^g3aW>O~u=Osq$|6uR{K g`CTSA%e{N_nJOBUy literal 0 HcmV?d00001 diff --git a/guacamole/logo.png b/guacamole/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..5f3a76ceb2751fff3f762eb4a478751e5e49e8d4 GIT binary patch literal 27754 zcmXt91yEc~v%QPE2M;Xn?he5{1b26bpg|T15ZnoF0fM_b1PJc#7Tn!`zN+_XYig^y zX8X$YPIsSk=Er9xX;dUaBme+VWo0D3001cVzkvYvZh>@ikGy}unaE2^0B`?&a@va$ z-YtkuGTN^1znK4TfIiWtd%hdtzsf2~!f(S8;F58DbI~~h05BjcA*SZJbe!qosiyuo z(0R9Zz;Vz{6O1K88!++h3?U53y_&&9cYaM@;85ptivAP5kr*Zn>;c9nFzP2Hvi3VO z@7BA!fj{dl%m`){@d62VSAut9tbBJFcZp|0C%yz2!IoR_Mqmgl(5>$e2Xzjg1Cz7= z=m-m_&!1TVGX5!2U9fAputu$2;|Rb~>uYQK(OD*N415L3fNOvehy)b$4;lcg!^c`Q zQ3`dsO>0&&s82hQu(1nV3-ACwlo2rmhK0dW2$Bhew*>$GC`t!0oq<8X!U(*-a$i6f zC59|8JIes9)ko`3>;(Xt$BQ;vPR$V=Y?taZnT%*yhZGD1q(ANi32sxeX?8af7C?HPkKWK~L&k-T3PK>?;e<@+a zuHgcJS12%1v^iD)NsKomzzzt)40OW=<`5uka%%yl03#eLQgnX(j9*(QKadJ^z@O7u zab$r(WEqsi(NSmB0CjgYfs&_45`YH9i?l(+o7{mA2ou}{1_A$opYR)U&wIE$lRRv| z0?Gi@fFV#9CyNkxza9Dq3J~et^bWd3*yo!!J+YyWCR#jW?*_6wGe{9EkG5+AnB3-XskE# zq|KDo=P#2JTWH0?BE$gUKnepGRE_JfhXcsA%a-V2Ll*kS?HfA_pa~J}ta0Ze`J6Hh zwdxuqwn_ojhO62E{sD671H;4I-+ zPPZFa{#SVnylx*};@Qa!F?69fFQg3wHqkJIXa#V|ZV656Eq~x3G0cS_40Kb2Ewu|2 zTBoiAi};%fn|ff=Yh0>e*PtvFx(a6WmcQSf)%>fdz?nu01--A z!A;G}9HhA^G?**! zT*d5m?|2sncp^m;?RLB`;yG<1paF#dbIw4# znTwbfaE)LLaD#rzy+2coB|5Q(w9a1~O7JN)RF?q|^cM$alPd$Z3MP6u^pE7HqAF$* zw61NZCOPm07~zZ@GkWx9PfY%a6WW;#2`~g{{pY1}PaY^06DySw)e}X4ID!~A1;+7kL z9!rN1$cw%R{DZP0SB-@{hY)w|0Tp0X3>at7C1?bgkb(LH)8#y6gOnNw4vW|^O9|t= zGpD$|QPom$YN8^0f3~eJ_(&T7MC<+iD271aBZ^Yqzy^X_WVwh3e6FnFrabVW2Yw*E zhX^=>jIc`#z?KnxgyR5?;V>lZv%v^>7{CS|uaadP#FH%rw1CzXx+M7iuaH1BVjxaI zdqVL&pne>6BA!iB(WOD?QQSUo0qTJo8PPU*L2igrCML|Lfff(}QtNg;h=uvntBth5 z5xdS32=<19>mmpG041+)V(qEgKtn(VITp<1mDc9@VS6UbpDTQLBRl}L-t>JcA_W8% zxP89^wBA#4E37e7?h^W(;s?AK z1~~;n^nM89`!or-4PBu3cR3ae*(dVNg_NlGI5p(!09X^2Xy4~iV|FR=u4KnT!h##c zx^oZ$&rw3Ut7j_6K?lBBFit%6vhUke*bgT?r&}w*7x&u}U`|Ds5}^m004fJdG`a}4 zD-uOy8rT)Rt6&@JpFen)+{KdXYt}DXo%^ zl;?p(QPvu~ZNXTPs`}QMc|Qb zRqyknB3qT)%f1pcR0PXPAj*sw_Jjy>LJ<|bVF*0;>t~5sZQpDFz3?SBF9`ed7wP$% ztnz#y<9i~aUK(*%4trBYHDV;L*pL-n35JUPYnV{1iy3^kO_WEwdi}c4<7s#h=n(0! zq?0Lh)w}9;dt#Veu)jQF(&_J9W@}gLDfi+z^$LPF;&?P#kjc{&E{9Q!&EpmvJR5;r z7+XF@p%-7qd~Q5<@3uOwvjI=6>7vho{GTX#-N%(?7?1yHQQgH=BTgsyY-=+9;G>F~ z-bqS6fK8YqWSqj1?%wQl4BbN>S8ZIR~2GrX9A zun35PuFk3t6m@J>Zi;Ukwt{ZRKBD&He6C_o;rQx){pv6BbBDs5ZA#sm(C)d|zKDNV z_<3K!$KH70a~$pqoabLmLuJfZ1YSXHDV0X@mI#GDw_x;3mLGDL^C6U0i9>)k=PJoW%+}fl%@sB=uaNExXV&h?CjOEPj2-jYIq1nqm)I=f<6;gh%SI zA;*y(vdGjHZnHU+>e~xB@$ck!fa-0U-whq4#_@43D|pOD?F(A6L8&HZ7ZV^(KkTCf zE0wVV3#dl)Zgg8;5M{6Fel~c6DUlqUSlpO{8fG&*{>f1IbGJMHp54JL3h@4zl-*{$ zJb=wk&bbnwkKdq|xEAk6CaxKD?c8_T( zaL<+1%PDxL&)C!rqh#VnRV)%)a4ZY;oAw?)B{T|gikN^ToJyiXKVO(@e7k6M%ph5r zw2D0KE1T)X3>%VwaxvxwDnU)zA(C5xJ#oab9Nv;`iU$me6t)?7LXOykkvj6Kwn=MR zhAYKoBlaK7*cP7q5(g(FvRh8hB8#VGe#V&$X_lsnTs{}dt+E(qX3j+nM^}RG84&+| zZzk;OEFQ<+6MtVT`0=p6ifLFR{j!SzW^oS2T-N1YlJJBIuuq5mNNwPQ6O?i<3yH^7 z?7)EtSMsp2-lUN0BE#{RQl>+h!zjkDQBg#)@7YTfklv)4Y(bdMy-eW#6N5xYz)Gf8 zf)tAi52h(?f?FHY+&TSSOt+%TliPTSF{P~9{*uY|LHLV%-cNh;n$4NgW%?r?N7_`g z#>;RLzjn+n9AMzx?}afU7+n<0?VuxyU(^5(r?dn)`fl<&^<$OaW{Fj@>DC~-14$-7 zV`}GfJ9uuw`1ArAq155y{j93y9|PF&rb$O8D|S-7Cp!ZtH|K#W5%*4CK zBY`=X66W6!&LG4?4H&e6%O?lXGySu{q=a2yD^&w69#f4qfPpC|< zL)fr1X{IpUCyo2!8%@QpriNJoC;`1HCai9n&R7@)`~okxzm%GF;^pS{YY|YXGU0Du z@~zq!&cv#SdmZoh?!~e5)KuI0KV#?!j~^-cZyy|2TeLI%f;Zs%&=t_Z3vCRtgJy+1 z7V#2zX&(nTGdvZ@m@zg_o-MPciF)}=?VN9=J-Y{KpQRy(1yO$|^*1tBLmBQGw?%=K z;u2KA%;sd{d^x|s9s5<^@+8-T0K5g88vas7{L2KK=5){rYeiR&b$I-Z`)M4Y3WT>w zf2~JGBw{!Egbxpw8f96p)GFM0*3s=XXdJF$U`5Zoro808RCk^cRK#DGIZEw85)lod zh<^OBhB>lE2HQo}^{qp&4faRmEQ_C=XKs%)e|VW#2D)!6)m4$^Wyk`fPvf&4tW@ch z|03($uYX#V4wk4=PXR>PgXTlEx-_j9TsiVV0KJiab z6NZid;(pz(^J)iXyOE?_bDF8NcWY)(;z}ZV7QRJ_ z456U1&iWvMg0Mi2<;p_72{r5NmGQ1bHkbZ7?lY>haQs1~P}&p;Mlt_M|GWa!IiwLe z45}+X2cI;rhetxCe&@#~oRU;D;*W?T#@c4x?v^hW(&l$}aRt{@x&`<0mStXy1g1T_Fuw3lHI0! zp(%o|*%F)?9-kzr6_LkXwgr3u!Oe20EqEkl26~fFc=J&m4&F55RE!!pXSzfZ$BM(T zv+p-|Oqp3ZrwLEl?8yXzc987J(aL5#(U=pan_mz?7?*A)!uUdI;#5yx6QqZ7@|J*` znX$v2)90S#8Qwj)ejfY6^#^0`adWTP2|;8s4(E;~ws7n2Wg=_4r9E_75NLGX4P9U#khSm?9*7t3{?Ffd) zjw86`E4hhZu1}^Zg0nn4@PQ4lrpdh=0a!}HE}cV{cJWTO?$rEBnJ_c$kmNFi6eF%B z<%W5J*4<*G#T8mKg>_fM8KWu^ujiy^eBaW7#vwms2+w9%!Kn(=B^L0(tu;&XBV}c# zm*tlveo^7%GO?!kEpgP7)ra;je7D6!n54YQMR{9Hms6kozl{~Y^9>!DCAzAkHj;CE zPqAWibL4}B!qvLn3d_UB!OOJI z{D+J-6VYuxEC;akqON(bQh{S~?gU?Mk%YyKO$1-GvwH#@SNIYpc9;Po!B8jeNbYMU8dKrT0y4C1Y@AnOv z!e}LamP5Ckx^+3`;6a*Jen2njGd51XY!C$ryI9kQHD-S->x-0XipRiA zdVVH&2VZ)Yro*pK7;Jt=P)&$krY5+t1c1ZsKdGKUt?h|LmDbZ{OU2W}X8(3v(PwPZ zm4`254dJ0H4{N`7AQ>vd+hyiA?~Ga}IiM_PUfSv�ZSowDY zCCE*0tmRE&)|)Ap`1wC&^&>=fru-~&6ZdvKZDq+Oc4S);+WfWn-X-JZLr_k>aMw4w zf!9AvPChU9AAj4;Ld|u~g?^K#J@qkNL?;!ze=%qNfQD#F(#(5m^@d0Wjh~#0tu9e% z%ysp!F6b_}sD2=8R_1rmK1hJBh<J^ywWbR>E8boR;tVML zP!#QetLjPTM;~VU7ZRrSbg!ipQTfeUzD7|EbIwic^v6^dq3o1A zM=ohEt9GR$!rII%?q)gB!roD(R&OMwAwn7hE~{mEyyR;#fnUjO63Lx0~}m0t{Y zzpsJbvv%=Ygp|VIN*4``_N%B{shmM0JdPQ1sj0l&wsuV>$utZ3z4XNX?xvD^ zWB%Ehv(tC&dI|`{7oXhu(_>4SpW07QKT>l}?v0q9tyf#m(=2XNqolc>WQW0{P_K$8 zz3LrY6Ef2nD@KqI%=Ne^2%>5S|FkNf<7wsa&7UJ|GnQr=K>m$+R|l;qF!WUbcQrG2 z<-%(a1syMD-4mJ_;dmDbL;wX|Okf(Uie&Y1U%AZ`ITO5C89iGCZ|~qO`Bxb@Kbe$j zJGy!!2{@SdsQk#t_oNHnN07h%n9j+y6(+DA_aJU=;}Fp-Q^sw@wj3k;XzJE4?m?Qq zqE{h*n|JsTWg~M97Xz)UQ*b4=zLZq!;r=3%3bFVHw#F7Y8ZM{D+!?Ri<*(@h_oR-g z{-&86HcmB6a>=+BN{gPr(2$SG#Z71)ZCxf+4~~K}BhXc0#T#vq5c{P5Oa{_nHs3dg zP4d>Lc~9e)3K;O2B1ju;AdWSLl6;WmC?&Go@$IUfg*2%uKB7bDam|B8O?|h4|D?od z=JI|T%8QX&BHFOYWb1NIiV#i_P2NNL5#I0j{=CUQ<*C*OZ&jlYRJ4zt(SwfkA zg`M~I>n8p2JjMPg2>(|F$m-*WOS>Z~|5;OUsIjw5TG zZpLMkE!UE-JF!iJQWkOiNoDNcZ$mGw-D7(Wyt7`14|^`Xmv=LYILBkY_}*YFKm+*p z%>^zGZeot>zIk93G+ z&{iV$T7c1U74iC;inFM0eQqZQ;-H$|z{qmEi^ES0MwGi0r4Z!kv@DKZC>?aJv>5-Y z=9P^4avKtuaf0C$2yFCl#$y&1MvC621F_qktU*EkGXJIgRVG)9i`N_1qVeoW4co7e ze@`;%#nE8;tP3Za#61ZL4cGYf7rzt`?c04)8GLQ#Sx=p5a>?OO0&Nd@l7Gsd%zE|n zwq3qE%OtUz(iyC+5Ap*1I%W(Hqgyzf?6QhH1J$uixO9(>(!%q4ut*LoJn=_bjz2Vx zV#~$wD7tWq9Ey6`A8svx_MzES!-PXAX_fS~Tz;|5Ee6*q7M_c@+ED0nhF{YK`9KlC z$yrXY1H1VCouKYJV-N}$`Tzd{uGk+@<0Cb&xoGP|ZfVV+y2Z*=?9Bf;m*X`f5 zk_h=`i@oeVwcaZx%Xx*J0< zoo|IE|3dWLo`40G3(W^OZ2yfP*@tKb9!GJ%^4AlUT_r_2w0^N$k1cgpKJUKXY1&)x zTBO6ztX|5$z!nmTWTVHezu*foJZ|ui+S|oMrS2zs)*Ymw6)KT@(T|&M8~X5|bE|NO z_&w$;P83@(4+VnN%j4v>Tx*hM3%#O7&rcp-!3$BjpC-3`&uys##pAWhLn3~atR3|_ z>-obcUtle>+B&U8m+nL~YY2PT_>N3Z2G14i&# zJy8gWT+XNceKhvUJb{U|tH1W^>N}i9r*6^k2Rc7hz4>a)aQ~U zUy*+AE61tA7Y>yC+|BR%$S{(nzTs#yS8d2=>YSPfc@)#1qEQj!vX6dOJ=nF{uTx|v zYxtk*yk5`I_kypF*}TYHL^mu2JYK%urfGXrS`ggo`L24rChm&onH)B}wD7R>+cXSI zYPm5&99PKRdA7M;H|7m}hRnE)G%fJ2IQvFP4rU_7rjlFcR6~93K*}Jsq}JZM@W57QXZczvxi8u z)0VkE?QaTvWdATM!h=;Qvjw7Wj?*X^)sFuw4^#+rvi%TXpgn7NW98`RXD1cil` zg9G_uSMK_!XMuF85$BQq*U$m8OocEx`PS9r<722^TqB=tC^1U-v_c_U@cuT!?tt!X zk)xo%hd__!vmf$kPnHkGkEsAwORB``FWGHF0iXMQ{;+}ixZF~~D7n5VurNc>3RpCY)mXxQYtaLmdL!rtWsop7tHg&~X%g>mPRC(SdWi<7!HC$@ zUv23h;eR1jxc1Dxkc*CCA#T0Bqhd-;&ku1e3!7rv25O8q43(XN4T|$$hkkHUAKZA8 zbZKBF9pxnxFGf5QO!~^&a;D*tXkT5oSKyz6Hnw9#UVAKRo9Rn2gn|Fl0_-HejI_pI z;wS(3MHU2pW&L2B`uE2?P2rffzz#%W?4UjO9ecDX@~OH>QlLrjV&vesQUoj|zm)yJ z%SXq%`tE}YVUf_V?9(W{QT-ut$%9wm5onAL4HVrmU`+*b43r=8q=g^_-n$-aba*by zH~WR4+5Rj_kt~kuu$|EP2XgAq^gZ1-f0_IE)^TjwG#K?l z-R;lPspTf;ZEnr5P_?mxeuE?oNpWZ~J$$7hG`;)%Dy8>$x;ZQh1D)9s;?};Dtkhf! zDN%DguWIt3Adv1eB%|LVN5A0ZyRdX)+DR}HGcYrw0UPo1e(Ix^M7YdaR%}E}O08C@ z&fmVYycgMtA#j0Byjszy;rPe?Wt8n~4Mpqah#G3jZ4Lgn3+gXw>R#oe7MY`+t=5Qb zISp`iB!=uKC7hO*I3H(N9_sAxqBF9GLwc)IS4*)O07n51XvDz3dMPU&>%M2b&h#Tx z$3w5&MYW0|>x*9lO*kz-VIA~<#q{Xkd6FNSLC;DzGf#={73HFB2(i}lepS`EScfVB zobh($spg4Yi}WoiYUtHB{BCr^W@cVyuKS+|C55CAT1%K6>aZh9m9cck4nAn+uSJ(9 zPpvhu2A_G;$9@rEErX-op=(da@4 zBi~>Q@b#9zcum1-qj}nl>LUX5lApP-TN%KFVYGJTLxvX5_YtVVPPrl#hOP~2Tv@aH z?J4Xw)_M%6Aec>@70945Y=u(Y`u@fUgMmWnM^?74^u5my1`a*H!QF%NbnEMv;quIS z@B{j6bhM&mA*0s;fRvlGXup`m7&i7)pz#?ObRDCnlJQQq z$Nx+OQkXzb(#3Kq!U^6c$3uSk+KAZxY@ORgC0`$5%$3HR4O2$aejNs%b-X=rZagEh z(HH||g6nV3wcV~EKMCi5b(=O;qde6hCvf^-Jh}(f{`gY>_W{UZt%up9OfzbphHm<= zv2)pmti(!WBRbhZ89wKXvQ@tW+l|_uZXWCF6BGD|(h?%|wdSep=5mA(RUqWXWmfMJ zMFMUBu7x)CZ}Y7{rQ*l^Ei>dB{`P6>{wNf7)p;5OJRdh#I}`@vmf39l1ki19r9s&K7Qn$W-9<77i5sNmJYa%{dhXZ5P>VaFCYd2W1wog926 zc(` zXtgC-I%68xvBdvwngK^39QKiR@tJ03I3n71{M1nwO>7b5Hx{d6nC47RC&Cf_GWV;V zKPg(R8}3Ud4Z=JI{?YV`fo0q80-E=Zf45E-ZnijRhgtWN1y!W#H#GOsu1{6V-A!f! zG+}!WSaE8jiomVmF^XB!Z=EDC0&#CM=hDxH@~*KKFd=>~>zBh@m`%dK?U{aLzq&!b z)frv56W#msDpt*Kc;KA7yI8=2n`m77TD<~EmB{nf>I(Gk@n=M404o3&CMSX)a*`(1 zj8Zyk6-40_?&`H|Y^-&753?DM$)VGi`DTjhb6NJ6g3dJ`o)x9AdHW>7?RrW?Zt+Po04!K6@Q%YB=ak2Ko`OjTUBQq*Vn#>7^FxZCM^%b{*m1CY0;v=E@?7 zH9@&Sdd~FTNQAr2W_F04T(MyHlsv@R8v2fB)+!bH4zzyso0n1z4h|No7DRHr^g!b4fH_tKo3$BQNKbY96xg$G* zz#islj11@v+Q;9=3RN{HlwKIZkPU@ilMcCR75$IM z@3Urj;8G*r72%{7Kfa|xP;g9lUZT_`Q&D;YR@+>|7UU)#crM5&^;EnR=w9>@_ffhyeD_O%ypXHB zRx3Ihw^K5-lqTbLcUi&PvFtCgZ!`ck`0Q5Q^kW4VVvAUH%UH^ zY)oH>9f)SdXBID1`*D(XN&n2O@pQ(K0)TZQKa3y?B6oe<%T>+tyYtIr_%mozW2lhfzM}EUEL*YD1$Fd8>Dr3`6FJ-*tZU2$jNXZBBLESW3PAVdqeA$sURYA&*1< zZ!-*~QXQ1Z9u=^Hn!=%YQmCPRsm=|Bb6isa1XO!$Q0fE-uV%WmDy^&wUiJ(uv3f-fmr@A)mLg+?q4 zFQVIz{VM(PM}>@hVJuF0%Vox045!0+k=JS1{EF0r=r)^r_f`Z& z-U~e_c9lOLm_a#invd*11b17OD@&4Sc~e$*7apYiN=AoLzIad}s2D%ry!5!67R^$< zmS`bPKR@uig_{!G!6Z)~d<{gf-w&-gC+tN0Yo%ubJZ7n5IGy5P09vg(4>Ru^(>J}O ztWmr9V?7T!rt?oiH`;+112XZg<@BWoWpm~RzC{K?*InnY+Z8UFA*gWB6kl}vUkyaD zB=wKlz_1giV;;0-C4BQ`EiGTLX+0KI^z0Mp?DljY_(5Mqg2CS3@aa}GJX6PMLDn-OU3Be5@%u3lL3!Giy|7$Gp%PUx&yyhh&sI+1UL*z1&ElxqOd@HLIHzuWgQ^DR^f@oaCe;;$F3brsgX8iA_ z8!J@Vjc`s!d`vCvf61IY8p>-0{aJw;flDvxXqTGDJ|n~wc^ykx_qi2drFFFyr=6uf z_Ixo5?aB{)!0i%b zYlQNx9qcS={#B$`IP9qBxqf9T71IpM-0`wDX%zYP+RPZ$XEk2bp@`v-;f`P>bgtsu zU7T&J_fdRR*zNWgyn|lVt>3k1;vXg7&`KFaK{%kdXY-9-ZzL+Wb`U4oFnN9@sFK*_ zdOt3-_YtC7dY{lB*1Bp?(csrfGNmrLEZYlb7!u>9MNhIg? z;EY)3>&Lobgh7n}W^Q)`67r-kpLBzGc1S^aEqMvqog zzQK z2JbA-@~Pizi=oUY^&==R0@-) zk&ZllFn9h1G{dt7^{Zwai>eZK-Xge=N*d1iT7szR52$_8-!^A!@El$?mX1hu>kKQB zoB9gcX3aF;Ir^F3rs=~q`~UdG^f+%r;>TXr1)a$Y>vhhOomR>ci+yf-la>n$#&qCw zq*-o0q?}IY9(8<|xw!aA5LVqAU-z2dSTYgx1n%sHsC3??RMP0bOpJWQ;@jiiv#{hy zlk$5qOE&CH9aCsJXQvSJB;u}pxvscFLb_`+6{i`*0>8oD#EX*OIw4Ece56r!nkfH4sA34EmliM5ka%Ip%q)xd3nt3~ zY$NgJwtZmTv8St={P$ah>xnM3WK$@sCUDq#h`Ln-8V~X6mEWd}cq!kA{Y$3#SVyDr z8oEcBx8)B#?0KTYEAr2MEj!hB@8-(g*N}Cs=oGkL#4dW zrBVYIW>#M zU!ss@lkXfT;UZ64m-h3F{#Qufl{@d(Xc@<^h_XG84^k~M)hV|4`36BvgrYSxb>KDT zzq(&h>ya(Tg^nr_Pu7XNV*mR178WXDmX#d0MT*Z(w&^<=PJ9C?h|5~4O$NaA(`Y%5 zuqY5f!F?f=59kTBqqB!<|6D81xNZRlsI|DZAQCnO8LOF68(%~_M^1D~m*(wMmDUC=*@=zMT& zyv#`duBwx|OsMN!R?I=Glu&t_@*Qf!%8IOwApJXw+*?T;K-Lu)~JY?T3{_r-~F8HznK-p%C)AY&6)0dhLw>lwH!nL|LazZXuwFR__EzPFKjZaISZkl+x)p7bi+hxnC~ z+3)Zo^dxI4mdA10qMz#?ub#IJ|Iwg#UZ^Pj+nZ0{T~E7sXw2?-8D*?pE5z|q&)fyd zLc)3%vyk5xlH6V}fs6g7->?0FYD_NiFm=0P|4ab#wzcq%H=2ePNO$NkN~PB@*7CJ* z<`?&}D5So3%P<@{1x!7))r2QBF^+VVyw}>Ya<0wHxI!DYNDv_}iyioMZpZin6s@Y{ z-JSLqF^lH6zFFzZJ59wq2t9)(Kpgnr+9@R?Me2KzmUP9PK?Q^7(Lesbs z^w(AH)T>CwSH&C13Mc)5Gf<^Ki_qhW5t%uMoobjOYpc|{<}sVyljHjO(VEovd?iKP zGzfkK=Q|tt_#>^KLR$ml|0$`mrcNhvcGsu zs6SEGul*G6y8>0(ho8}fBmN=%QQ5X^OQwQ3xG^%oU!m%k%;E_+j>uoCW{WyaZ$~TB zcWo}S-wex^-6bt+i>2?ZJX^bPNp0}eeSU)i*bYnLasHa$v;5fYu}yX5p33 z*>CbEGNp^c1$Z^!D#q4|j_N{=1(9djFuQ}sHY=7hvMmt6jtHdEa7#$h|1jDWv;33H zl58B>cK3JwrQ+w?G|d$?V+1D=qr5i-X}S92&(*Vx=(r)i;jY2WRA`z|Ivhe-ByS7- zRIp!6NB&xD!j)-~<9`xN0QwspDJnLNlHRxdiQFR)BTjy<-|DxXginUU_&~vVmEu?6 z^TY6v>!rInYFKKG-k(Lmx~+c?2c6GVcii?7ix1cZcyy9yCekNCLXC{>*Tm6O}@8O#6)`YP{G1M4$@<`>Dw)*2~mii%jTQn z?GrC)RfB38r-JAbl?Jl#ja$nXOec#~1@&7m{iRS}2s*|ixIorv<-@_)?AnXgY%&JtR( zV;Qs}Hkn-hBAMJ9K3l5UdEXs+R2eI`O-w{qy2K7yX;XNNP7X1Kse|{)n-lMzt|*xPm?hz6OR)gJQJ~Wb{_O<%OSYvQ%PFGJ zOj$=507jzZ5L*gfQyL91)+*2p5vBJ&;CxCJPREU@FmLEsV|me3@yDZvD>&6lfTU;v*Aj7!674CytKpaF`JD zKrzokqw`PY4U1|9x)a6><2KQDm2B78Fp+q7`+cGn$;WTQ42`(YH;a+X#US*n%lO>OMBhD z#8i*p>G&xUpc#7LAJd@oW;AeU69d>^jGehaJ!XV7&7t)sap~Z+5?Z z@#!g4IL|vBP2s|E_+~nd-6!H#$J0XI=tc&RDl;Msv%Ql%^HP)#T){VYAD+n*1K7V) z67GmKS@!i^ne49dc;Z?<&CuPPkv1!-m6 zSHekB_O+=ewSu(EiYO3nPZ_;y*DCqt#L3@?B(70-?!Mo=OeY&yJp7yP7Sq>NbQKy} z0SPbfTrEWCHw1NEr;I{o-tGY$jDq;$XY+0>IwH6hsxy>KcLu|J$9m32jiV7%DjiAH zRBpLtv+z5pRvmJ-*tTJ-Z(BQIv9bLJnY#=N?Z-aE1W7p`}0#V!1 z%)B>~x&B+!?&HM!JlgGV@4LBc*?Z}(F^=VF{Il`HXZpPjyxb|czG9*m3N`P}&);*9 zV(H9nibV$4y3aS-`89n%1HT)z9|+&GsQ$7Qd;J{#&t#->N85U`pF`EnjT)ydj-+eX=R@5Ez>$j&aBg;x%WbXM}cV?UoLY}Fs-1QPweWKJ1cs67ob${Es8sLI3q2n>?w zxy0fdaK=iuEGWxJfLLlt^|D5GRYjuXLqL8Wg4(Q5kq1!PGe~VlyI%XSqQknL>7zEa zx{+;z4x1+yK~dHFc5Skb=8WFydh-^^2f7L_`Vo@mQ`#>83_>Xgu=r$ zx+c$sT&r&5GFkJvwt1C=nz#P|eMZ0VE@}f$(t*y@GVR)lMYG)zXc2s-*AjHmakCkp zwvu=Ze(LH@@U5EEp}rRnksG{<`da>-6t<2&o`zp+IwccAN3y$E%ajf42P(bR9b0_H zW=#bMBeNR9C%S;&uo#=g{d-!s9QL+;;ZrQuly0NUYynQ}?N;;MQE!i@6P-MMY^CKo zouU|`4l-c|;)OdU>W-_I7K%Ghqd8lAAPErUZo=rzIr!Y) z5{Z~kswJU#p}YwqK0H2NsWBVG@^x_jCum=5-Lg6aA8U<(7mpX8v&i!nB5R*As*l-X zc8w}dm0<>DRk`05dvode%Y{P^}9ZhU%nEWHel)xZ2Zs!jg`k0Q-?D3d+ZDoQI zKCdkf1TiNf7w?bNES~n)IUMB|+8a+02r{xwV6TNlw0}L>$HF4B6I4XaLMX`Pg=ye- z9@KI;cj;^RT=zQ9wEnuG>sd!%Q@i#P3El0BY*Qw^V%63}@NQ64t;MKOWwvW4{RoQ< zBIGmsXo2&u4ZL!GEjFEbi(8p@xDW>le`hcW1EbvUSG`;c)P{~typkzYRcA%PVHft< z`iE3EMwVaXrBrq0QX*IomeeBUF9dVzG%RF;l|ILH#a!s?&+(K!A{P9R!SkBsGojH4 zL*esn?D_V3tqoY^5kER;Fdn3+wV!oVi~Zm0>N@EIa<9{m8Ag4%)L921faK}yT~=ZI zHmRQYCdt5lY%Rxaew+b@1L|QyNJ%e zub3L?&1Cjt8yRiw=2_k!T4F)5h~Uv_266g5g&1L;x1%D`70#4hHO?e=QZC#GvRd9V zri${x*!F+3QMf_Pu6nAe75>ug&Hyb;MUgS`!JaA!aV1^UEDVYF<||dM&0FlRfZlm} zz7QhVFdCi06l4Dz!EMhE2ZE z6&WnJQ*zm9Nb4b=PT&ag{QaiWopX_~xL-;Blk0ckDT{`LBnb%h=L*y?4b9=%_;9d> z+i`P!Ek(RE^AtO%x0gI<3l4-2T9Q6S48~q0?W{F=)kh{GQpjpEi5~>sPZ^>(785k< znE348Xv5E~v{}Q@+@R(+ED7ZGAU_{WJqB)-afIrsI4@=RGOjvWx@*fs%#kc>*oV#3 zr$G%WoQmzT9G%CgX+FUW6L}IDafMaus8_>mZUrBh_M3R+a!_M4<& zxQodB<>72hpSgLx;^lb_vB~?9ZPxL08<~;~Msy)=ucNCN2cjXlnV{dJ;knBQRm*kd zP^FBFWn;xGWq)U9lV&*UGla`ttu?tdmy8hb%oN&+r*Vzl)Q{8aZ8SYWrm(EFau6>=PORA2J^`8q5irx_RSz{n0Jb^ z4|%9I6m%{G8Ez{t@eXv}jXS$tF*ZESDCZ9!~EP zWhob~KvR1aB{>jLcB1|fseBAKZ&p`))2S63F%AG+*)5+b&>#ieJOW>1EJEoo|Zp-6idHU8){(E^sPdK%c%)Lv!|Nxc{#h{ z7j$&1IzMmQLj&}L`-?t&4hL9@Dj1fboGqYc%#VycU-IKz#p%2uAr?0N*4bWZ{E*pe zuAj0lMRjtMg|!-pjF33?}v9haj@3b5WhOwa0q_7NP6Yk;kpEK?Ai4 zQhb0Ex@j`qmc?4`56il5$I11^Lfjoh3DK)`rpv;5RvQ)7UPCoMYZr$J%UmYvQ^LXu z7i5`{J0Z8@e;r+QSR2jP-Gty!LUEVkUff;??$V;gDHONjPOt(kPJsf&OK~giR@~jK zxVzhz-OU}W(nK-R35 z1UXkGV5Ih6E>^V**27C($*0#1A47+U;Y7+s9eK~ ztW~8w(4Q`%oOhnfWy6E{Mm<$Oxl>aGC7{P^P8}mBGtHh+6&vY4y$FMs_5Tw*G+WoL zIwCWMXx+E7J5to!cAQTw)D~s(cVRxlaUnF65Ht!-hsK*hk>eJ6=bQUSA$QD^;WDEI zAwX&^G{0g*zoWVRd&VAd^WI`9#T%5_^B~|1}N(6F$w%y72%!Gwqy@3saRD9()W94OL7`);54X4K|5OY|p8))YIeB z^{$xBt*s|)7)HuwKmp3Li}M=W{6>&8J^?|?DA!QEWv1V?GqBiC2U*ve10FZ_i_48V zxP}Uvo13ZRMMspdPc!LDR;7PY&2Qz9Euh}r-N}Vvk(>*{JIr4Po$5jWeIw8H(3ni$ z^ZvB;)1i*o56|CC0QNTVCf^@+&g1exiGr%Czc_=?=`6O0vA+iN_B}VIgy&px)^h6E zQZG(((W`h&HL<%*93Uy)(;!wAU=R2iD2lnp{AV~X_c~c1MsMNdRAqK4r_F!cuj<1W zY?@+dh-c*jo0p^C!{+#?`29zx^}sJ@+6jh|+6`9jfbOXrr~x;6?Y*?XIE0mSlJG|S z@zhXle<#ndffx|7rbBx>Ea+*w(l{JLwfZ={9eCF^6Z!VQ-j#TJq5-cRH2@!haqy>K z6vSb)B+I3xT^;Nn;6a5zmN4bW9sdU^2Xz+S)HS=>J>B1+WFQhWGaoAy`dOAONa0V2 z-%11Y=48ne>l+&v<8rGn%dK_`HG_iMsqzdo;gsp0HyxL+hOg7g+CIg$4p;X%Y%%|; zxxfOcBaAi$@xnO<8psjul|oqLdUGq8v-pEgH_wxnGj{p{E!s_djrCw#!0n*M%}{~R zvY5;o@&d63HVTmKw3K+4If;@9%Bm-J2ui33r`*qU87?}wem=^sqXn@c8Oqb4C94QR zB-PvRq)Rb%D#^|$=7MD`xeIB<_qM(Qfiqa^?SJ5svW{fs`>he9G= z=bLFjBx3@ChhqH0(RP&WY$^BQs+X($`t$u6n6sdt&B5~cgzsMr_%%*eq}`N=@%zB> zqTJb)n&$hv8pmS4X;2l=*UyGvx!9y&U1++<&Oh0S@%6BY9Ja}P)p$Fb@OQ%lg!W?P zNfSBM-YTjz$}G}+&{bNl*lJXlpO>fT zA;bh2Ihug8P}(!qU_e+xJF+<|E?UI*8dkqNpKXrRhK)Ez$_SMMaW7o>vpGo)j>$}_ z@U?%#&Qp#KrB`u7i&j%f?uuZ19j1B8idipJ&AI{j54e5Sob_`yM(pfuXkl&3+2ws# z@-SJgWLZRJm!c-G23<3TM1`dV{_)e@Iw~b6XE|p>(YEFT9pXGp{3q#-X`r<+7XCN* zT0%NXx)XoNPia4;P{+VlPw;L;H%0R;Vf9}bPbTfOy!t;4n>$yI0qPZ>W|Mh}Rclph zQ|{FNMDEIi)m>>orfa9Q1vEYpWQ9Q+x$hq_|Gh!6^SN%Yv@`pntg6wcIVs_xgcjF@ z>AOCjV<^|Qd}(&PQev+(N@-6%F>gi3_=|SNOYmB}gy=OC=mWL!OMt|pW2m41*7MhkijZyll2eGUopPY2DwUmbJD=%cYi@A ze7I9qb{?PWFYLq>!71hz$Im4-L~JH;K5aXPRVUUyN*#uTXA4y`N5_$(Mk%@2h3w;u z=LL9Nz~1NdAfEf^dE^06ioZ-zR_pCLs9yN|C(gLpy7g(Vpk|M(ECBqCwF?=WI011s>JD zaHH06RtFMx%rf5$r!aL%nz3%VJ2>zMOEvDx3uegtP-D@CQ0TNw^6by0a*^tjAM9q9 zM)2RAf>0QQc{A}4RfiJ;8=YDTI6Sk^N*X>mw|+kxGPkoLj_>xY`^mWV=5?UDIzCmd z;JCF@S}I2{>c15U9N~Y7e<;Ny`j3z$Q*iEZsgS-H+LjDAs~6N|%(+^%cpnr+1$9PF z+}Z?}#wgg@t6-c3g#t$QR>0Y3Rm0{6XC0QR#hZ-b+ls-sntVBS(lXuvPf?%r^^$?k54+TpYP zYR+S^ezfS_Nbwgxaf=wU$Qg(7P)X*(_&%AvbUkLCOz)3^35+cz|8SE)Q#$=3q8YkcpLU;uJ6Y%1vZ;^cKuQ9c7j)(JN>HB=5q#9MD z&*axR3>}o73Fja1jnj1c>|CDIohyeeWxmrtv(`>{CgE?2{=Sl}f6%fbLz)kM`7f3A zgByJ>tBYzG=ELbh?iU*x@8SWhQrmBr>=M?$_uuk`)hxol;}DHf6nNen7fbPs&WP=A zIW~jaH|j`X|4x&qT8tKGxEvN@UmTttMqL1N?WVl7?$MLghe_1MFzX`a%FVafuULMM zCAI1Vn>`Kq`fdv4HZBEhjx$nSk1yCZ(aYvZ-wk{}YR?gC3K4{P<=$pKRyxa(>CNk-%c=l6tnm zp4^}2{9m~Ary6Armb18i=M2*E-m!d3IWJc`pA=&&N2&-lP2PItE_?%rXk=LQyu}a; zi;xi`pAMm;uzG5Z&BY)2sCUaF4wb#d1Ci{Sq4$DK!xDq)Q83rA_CvX6Kehel-ZqLf zeSiO#@Xt~o%QA|Nx3QIO*A8S_!GMq z2uE2P-s5xyzW$_gphubh(DE*^e`M1*_E=b_sO4uSnWnbEdVVnvDv4%N>^|7=N7=#@ z*npj?6ZuzUq|oj5&$=>YlG~{_fU?F4amCi`ogC#_N3kP_>)9Qtj~5th@%JWW;wxFM zJ>Pljcj9wi9$=Kq-X>_fhi9ohx;VL5Q294Ogpb)Bpa(D{KR(%X;ytntaHWj*&gOH7 zaY!sz+JCivpV<`Eno|VHRiNUGlb3q@&hEE4z^@p`%LFVbNT#GUhxM2W><*_Iq^qWt z^Q7%haW@3S0sn$7i<#!UTs780nYjrx9jgNdFp~!Xc#(FwY zdETFObf=R+>5c@!ORbCjz3t8;J8ER^ttgvcc!AYb2LLxnAL-kLdrkbk?9qs@UOceo z7}(iC{v~g5W%06u%=nflQ!9$5&6yJ-8K})dq{Cgo@~uPrl|z>!hFeeS}0-5Jjc|Y9chi?x6Ys3_A;LnE0~Id zQe63scMkdGX^CXeWjeXi<|%FJgd_`)mt$fDS0n3I(k`AbV_MJ1;nF~b$f1`XV@;d) zN3#(qrM&tkIqFf=S>_YOA$X)%h3WO&tljh3f9@22ltvEgA0k#NoW`Wj$A9q}4Pi;#J#4d1H;*I1`T>J)R7!va z{_E5^3`%reU!j|&i^J`yCughvcuG8dd#FN)u(K>TcMLZwd`sNU_%U+YVYqcAr>mKO zGk_*3B2skXQz9$B*71hMj?JWqU2wnMV+*B32+7dG)CXhn`%kV9?MR#7&CQP;o%1$3 z5gVaiuAWxQNTITw#Sh(yO-84Moic9PyTU`3G}Bf0O#`LoIW9~%uYTWZmO~7k1ez`A zQzQC-Ji|2QG}Eo8!HcO53KRqwm7*$c(q44AgmIWfTF;e!E<=RtZ!2{l zIRHK(K9Ua!KbFM}Dy>K2_o!yASYHYJHNBD@u5{SY&pXo;NM?-n3vx!{jnINz(pw)~er4wpk2wtnDGt|W1hhco=WQOs|0ZiYVa zAF-BJ9kk-&tP}{Y7 z-R935FxNzcq3Sn6%xcSK?7|gxU3nvGkE;;kPI(|gH4KAfinwV?_JL7d4o%DQ4mC%z zKi#x&Z@!7ptWGMg660Rci`He!@Vme4FZ7;HSsq%i;Jq$+LDaBIlOB{VMQ7&L$p_Oy zbDRIWqQTeAAKq^na~S_=R@OU0yqKPla1l~oe!^BL`BNqsGo|jBhv6zlRP-#gxKQi%kLdwCoT*iY;VQ#m4p3@A3tbWg4!uYLBDgi!>Ur zQ|u@<6q?=luoi|YW;T>cQ6IN{nlAz z^EcL{<(vKXay>W9WmYH#?tXT>8}WByy~^>a!y+gS6_|>xisehb z3mdFzQnPEY??UaEliH;=@C|2EH6YuTr3RfCUJU#_ehssD7YwIg#&z{R z=@8&wDuAirnK6|$H0l)3iY>MUy!d>44-Oz0456RWHs|0Mf%78P^L;9x?eC;Qj5b%n z!=2PgTpJdiverlKa_WEUYUSnWT*s<+c2eG?q}72v)g6uufs}h zOC*fP!a;QXUYvCJ5Ir{>q3d}fs-2hTw9TZirjWWFe=Ymg zZFlmo;_cfS22eZAMS=ko92W0GZ}T(}&@+m& z+Doo1t%3$;b(lqk)ixm`&po%T<|i;ezZQN;o)eU-jZb^d5%+9QUg#NM5!uvAtKkWZVfZj?@@F3v;z~x`_%UP z5B46jv`OumBaucaXV+PU^*ky1YNifeM0lVw+;|2-}@Z z5yy3x4>(a79(CV%9sfD(jum_jXkvlNPqc}6He0No*}wJL`MQ;iqYVLeF{s1!mP^Nx z1o5DI3DeeAY>hX~UHtWO#-B$|vwmgu1>(NXoSVtG$1NyUR0=rFV^no~y6a4c^a?EJ z<46ORChHTXdh&_jn&reyWO40;UxNh11D-br6U6IL5zutUH#$0QY-+`=@2mH9i@bIA z<4oM5I7&8i6yG^#b6~)NnmBztnY&F(zjrHmK*;hy&!NHIZj;N4JReB#R%qtLeNDcr z|C_~i@TA?*R!=?>g%i2IM_%05CuXQqJOk5JBt`{v;EririkC zed|S|KD{`ftpN$5uCc)}r>CcrjZ?(mh(2{j)Di~QfeE3UJ$Dk`YH`%lc&!mA0Yuai*O=;AaL3oTT0ElGY=qHO5C)+7?9dfDGx z;0@@py@khnw?1%R@q%feVK&|G65=$V z0Y(GZP`RQOj!APck*`f-+~zMYEEjX7zT>ti#EDmcnM&R#F5}pa&LG!Z+gjFD!h#2W@fMUSBA6Nb$k~R1+e!|kxlP?*^^)aivHN+>*&`pT zlMfVCk{P3|nHz1@-w#HYZcvO@GHbW|3Dc#)j7C6?qfo|BV8G~u(tMNnh{5yKLvio- zPsJh$4+hC@PVf5lbc7AD>Z^J%Y}#xSxar()_D}ey=<5!}Ql<)S4)cbr_`XjU4B9H$ zT)43qCN`SM-zKI`_zp*CB)dIC6Oby_G<5JQc@^|qCG2FBzO&`kPI0Nwf)9$_x2gD( z08|kMbgv^qB>~!=)7d`A)-7gEp^(0({%%D-^9_TIzl=ZoqAZ^DI+q2dlSk5+fP zg8Mh~Xw6m(x#-00>E_??R}}HcMAb!eHZAlyGU`gEu2#*ov|Rjub@qv{vk2gXS$I*i z8POlGQ`7=P#oV44!{qjChf3w+4nDe+p?&hw13(DgQVT>-nz_4~6&cg|Bl)`BkS9Oz zSeJJqB)!975(zHD6i*6~w59;w07!7*76sO+wCa!Fv=}G$S22&NdrZr`)J(eB>yQ}JFj!~wH6v4qDzneIw)0Hw$FA&)aGdLWw^lrp`Dno#=)n~4eUWtex>QHRUdh8ijBCDRwZzG2)BhH^+prvWvB!*gM zUxvQkk2hCI+&67ah8#EtMCI+hUG^2RDcld2aJ8-bjk%g%=G1|Azc4y9ipsukiV9d= zX7RU`4^TMPaW9+{h`Y4Y*SRsPcwL_PA(*_HW&&m?)5y<{zC@9+E#sk%K1dSV^hrwN_gUtG6j(T@=d)=yT;un$MNGi}Bwe(D zB(H;ay39fq=G}}wzn34Df&nYPAE%nSrDgwSQ!W^HPVV+Dml3=0XuAGVTl6&oAd`0s z$G%MB5ef%QZP!Il$=NB85c*wi?HGyhxa|%V0=u4X*5A%iT(e#TJl~9Dw&^d59hlrv zvph~QneAu&e$E~yfC+;I!HOszi+zuOQ|IOi@{0K%q4QPC=?NWM-n3{Q-M(u>wbL(m zn~6U((#kL27L~Tr_1h<4uWF|=krAmC%)dX>eO}$MbM~lZJeg`MM z5q4i3YG4ezU14k)nw*Q3xVL~EDf~Q!6tnq!uu_Kyfnw1tM=ZAM=5ZME9UNFUs$^24 z7qJQ`BU7w7@wo%(AcHKDzD!@#wa@!xDqmFS5DwS(I>e=X#FvqwQfA=4tWIO;r+%@F z8joI7<5r!mRr6ib;KWcuU&uIHi+H5T?tZXg|sNxH+`mj!KZSA(5MVbCkG8_9LfLe*WojCls(e|`C*;Or1JFy-8>g!QT(aW-UkBpbUy4dsY!3W2%>bp06$eTJsTH)KiVuqbU0R!wyU>!aG_ z+x3RF;Fj0H=XIKa^7*)W$IfEJ|!&!FgIClbpE_8(4ifCUBjfv1nZ5-1Vn#YC}$6$7q^P zYtu$g=rGdaGDC{AzEMFNgSt*NT%(VFDpQn_6|S*v|Gk0P?{$sT7wkk=l|7cDRfq4H zG1BpUKjH}#k z(}wxLEiDt8-w8d>&V~A)d6J);i?K|F6NM_urihEmdFlY9<=br{gn|3aI0x2bHr!6V z^GsJFpEdrz&(@|TI{1YVr?vlPX7KT^yWo%ctV(U$Vih;-TtjTwfdMyMl7SHUUWsnJ zQcN*I+Jqnia#eJ0!8gxNkjN0MXn*$3*8aNfG0}jQ2pJ;X_lDs44>W9;hG)TaBgWDP3`iw1U!+`31e?>&=cOZ@? zhv>TI*t)IBLKH462i=Bm)M!Q;s3zY9kZ~Nbr~!5GngdWXWr-f-gfumRvxw#B^VV^A z*Q?Z746frmNc8kk3G@Sw!*~{1 zB%soGrfw)PM=Ou(*m*EJy_bT>Q!>h}r>hZncA-`bSg&57HsB7Dr$b0A6flOaO(d9Ke1Hf~U~C2t#-=E|heF=r z`~fa^d``1~b4G%-{Rnb;MALdu%G#@S{5X7k*z;G6CGTzTc*NaoD<}*|78K)yz5b&;yGc;tj>b1eY zX>k0%p0U^3U5Ne!fM0Y7!3+w1fD_P_e6J3CCU|Pkv;9r32U-8G08mD$Nd8qIUX428 z6b;_Rq}*wvLF3%Ohg0HC3mZq!NyJ{3z7)P8;8ejy#yx_g~cE z7QL@bNb0*d5QdTHbvk2XwUapYBB26k)Cy=h{qxu+VE9(n;Q~HPG?pA#1)n01rCazy z#?7gmjDrWs->Ev+zgj@D7H$*~xuQUfNPVOM@B*#~{zcu4O#>$Zct^_VxViuIRI=qe z_FMhPCJC=g0Gr^}KjGRS1=Y7~6?FlWfV!kJFFRtaL^Z*;lmsxIj7& z4tu`@D8%ts&>~S>P%)om6>djj zAgJ{Jd1htgH5pP$w13;-AW>8fdr@pkb6Dsk?32$ud+0YQM4OXAv zfn4_~xkP~|ZuniiU%#zw( z-$tZ`mi(B4s8eIb5TM(!ahUYBsW$eS3qa8yg`VTJhqk8UB(P-dMC)QX3Fx9yM=T{# zFJXeW|Z1t^aROOiA1!0PoMz z-+*+GL4bSEEoZ&78!t4TZ%P{or`MrHOHGVKt@wf>^CxZ2$jOHcUl5JOMEX%&7}!1e znXU}B4?3qHs~3?)1(72;MbptR!J$_)7gfJoIPCaDc)nTCm7AHve6?H}B~`L^-~l-RnPq8g6b4 zm37K9#zE>siABnSF0G(QAWZfQE_X?Kjgf_5lwCW{R##si0}KAcA|?W93I&H|{QBP` z|E)oXcx(s}!Z4j~)Q^F&NfNte^kN?QUqMY_@BTg3puw=+kP-Gs@KPcQuSyUgz$xPK zJK_p{aq}KOtpljpZ1$^g3aW>O~u=Osq$|6uR{K g`CTSA%e{N_nJOBUy literal 0 HcmV?d00001 diff --git a/guacamole/rootfs/etc/cont-init.d/00-aaa_dockerfile_backup.sh b/guacamole/rootfs/etc/cont-init.d/00-aaa_dockerfile_backup.sh new file mode 100644 index 000000000..8989b365f --- /dev/null +++ b/guacamole/rootfs/etc/cont-init.d/00-aaa_dockerfile_backup.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +# If dockerfile failed install manually + +############################## +# Automatic modules download # +############################## +if [ -e "/MODULESFILE" ]; then + MODULES=$(/dev/null 2>/dev/null; then (apt-get update && apt-get install -yqq --no-install-recommends bash || apk add --no-cache bash) >/dev/null; fi \ + && if ! command -v curl >/dev/null 2>/dev/null; then (apt-get update && apt-get install -yqq --no-install-recommends curl || apk add --no-cache curl) >/dev/null; fi \ + && mkdir -p /etc/cont-init.d \ + && for scripts in $MODULES; do echo "$scripts" && curl -f -L -s -S "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/$scripts" -o /etc/cont-init.d/"$scripts" && [ "$(sed -n '/\/bin/p;q' /etc/cont-init.d/"$scripts")" != "" ] || (echo "script failed to install $scripts" && exit 1); done \ + && chmod -R 755 /etc/cont-init.d +fi + +####################### +# Automatic installer # +####################### +if [ -e "/ENVFILE" ]; then + PACKAGES=$(/dev/null 2>/dev/null; then (apt-get update && apt-get install -yqq --no-install-recommends bash || apk add --no-cache bash) >/dev/null; fi \ + && if ! command -v curl >/dev/null 2>/dev/null; then (apt-get update && apt-get install -yqq --no-install-recommends curl || apk add --no-cache curl) >/dev/null; fi \ + && curl -f -L -s -S "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/automatic_packages.sh" --output /automatic_packages.sh \ + && chmod 777 /automatic_packages.sh \ + && eval /./automatic_packages.sh "${PACKAGES:-}" \ + && rm /automatic_packages.sh +fi diff --git a/guacamole/rootfs/etc/cont-init.d/00-folders.sh b/guacamole/rootfs/etc/cont-init.d/00-folders.sh new file mode 100644 index 000000000..ad0c2ce5f --- /dev/null +++ b/guacamole/rootfs/etc/cont-init.d/00-folders.sh @@ -0,0 +1,14 @@ +#!/usr/bin/with-contenv bashio +# shellcheck shell=bash + +# cp -rn /config/* /data + +# Define home +#HOME="/config/addons_config/guacamole" +#mkdir -p "$HOME"/postgres + +#PUID="$(bashio::config "PUID")" +#PGID="$(bashio::config "PGID")" + +#mkdir -p "$HOME" +#chown -R "$PUID:$PGID" "$HOME" diff --git a/guacamole/rootfs/etc/cont-init.d/32-nginx.sh b/guacamole/rootfs/etc/cont-init.d/32-nginx.sh new file mode 100644 index 000000000..6ac38a5b6 --- /dev/null +++ b/guacamole/rootfs/etc/cont-init.d/32-nginx.sh @@ -0,0 +1,33 @@ +#!/usr/bin/with-contenv bashio +# shellcheck shell=bash + +################# +# NGINX SETTING # +################# +declare port +declare certfile +declare ingress_interface +declare ingress_port +declare keyfile + +port=$(bashio::addon.port 80) +if bashio::var.has_value "${port}"; then + bashio::config.require.ssl + + if bashio::config.true 'ssl'; then + certfile=$(bashio::config 'certfile') + keyfile=$(bashio::config 'keyfile') + + mv /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf + sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/servers/direct.conf + sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/servers/direct.conf + + else + mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf + fi +fi + +ingress_port=$(bashio::addon.ingress_port) +ingress_interface=$(bashio::addon.ip_address) +sed -i "s/%%port%%/${ingress_port}/g" /etc/nginx/servers/ingress.conf +sed -i "s/%%interface%%/${ingress_interface}/g" /etc/nginx/servers/ingress.conf diff --git a/guacamole/rootfs/etc/nginx/includes/mime.types b/guacamole/rootfs/etc/nginx/includes/mime.types new file mode 100644 index 000000000..7c7cdef2d --- /dev/null +++ b/guacamole/rootfs/etc/nginx/includes/mime.types @@ -0,0 +1,96 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/guacamole/rootfs/etc/nginx/includes/proxy_params.conf b/guacamole/rootfs/etc/nginx/includes/proxy_params.conf new file mode 100644 index 000000000..1990d4959 --- /dev/null +++ b/guacamole/rootfs/etc/nginx/includes/proxy_params.conf @@ -0,0 +1,15 @@ +proxy_http_version 1.1; +proxy_ignore_client_abort off; +proxy_read_timeout 86400s; +proxy_redirect off; +proxy_send_timeout 86400s; +proxy_max_temp_file_size 0; + +proxy_set_header Accept-Encoding ""; +proxy_set_header Connection $connection_upgrade; +proxy_set_header Host $http_host; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-NginX-Proxy true; +proxy_set_header X-Real-IP $remote_addr; diff --git a/guacamole/rootfs/etc/nginx/includes/resolver.conf b/guacamole/rootfs/etc/nginx/includes/resolver.conf new file mode 100644 index 000000000..6485af141 --- /dev/null +++ b/guacamole/rootfs/etc/nginx/includes/resolver.conf @@ -0,0 +1 @@ +resolver 127.0.0.11; diff --git a/guacamole/rootfs/etc/nginx/includes/server_params.conf b/guacamole/rootfs/etc/nginx/includes/server_params.conf new file mode 100644 index 000000000..09c06543e --- /dev/null +++ b/guacamole/rootfs/etc/nginx/includes/server_params.conf @@ -0,0 +1,6 @@ +root /dev/null; +server_name $hostname; + +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; +add_header X-Robots-Tag none; diff --git a/guacamole/rootfs/etc/nginx/includes/ssl_params.conf b/guacamole/rootfs/etc/nginx/includes/ssl_params.conf new file mode 100644 index 000000000..6f1500599 --- /dev/null +++ b/guacamole/rootfs/etc/nginx/includes/ssl_params.conf @@ -0,0 +1,9 @@ +ssl_protocols TLSv1.2; +ssl_prefer_server_ciphers on; +ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA; +ssl_ecdh_curve secp384r1; +ssl_session_timeout 10m; +ssl_session_cache shared:SSL:10m; +ssl_session_tickets off; +ssl_stapling on; +ssl_stapling_verify on; diff --git a/guacamole/rootfs/etc/nginx/includes/upstream.conf b/guacamole/rootfs/etc/nginx/includes/upstream.conf new file mode 100644 index 000000000..b292326bd --- /dev/null +++ b/guacamole/rootfs/etc/nginx/includes/upstream.conf @@ -0,0 +1,3 @@ +upstream backend { + server 127.0.0.1:8080; +} diff --git a/guacamole/rootfs/etc/nginx/nginx.conf b/guacamole/rootfs/etc/nginx/nginx.conf new file mode 100644 index 000000000..7e5bc6f7c --- /dev/null +++ b/guacamole/rootfs/etc/nginx/nginx.conf @@ -0,0 +1,56 @@ +# Run nginx in foreground. +daemon off; + +# This is run inside Docker. +user root; + +# Pid storage location. +pid /var/run/nginx.pid; + +# Set number of worker processes. +worker_processes 1; + +# Enables the use of JIT for regular expressions to speed-up their processing. +pcre_jit on; + +# Write error log to Hass.io add-on log. +error_log /proc/1/fd/1 error; + +# Load allowed environment vars +env HASSIO_TOKEN; + +# Load dynamic modules. +include /etc/nginx/modules/*.conf; + +# Max num of simultaneous connections by a worker process. +events { + worker_connections 512; +} + +http { + include /etc/nginx/includes/mime.types; + + log_format hassio '[$time_local] $status ' + '$http_x_forwarded_for($remote_addr) ' + '$request ($http_user_agent)'; + + access_log /proc/1/fd/1 hassio; + client_max_body_size 4G; + default_type application/octet-stream; + gzip on; + keepalive_timeout 65; + sendfile on; + server_tokens off; + tcp_nodelay on; + tcp_nopush on; + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + include /etc/nginx/includes/resolver.conf; + include /etc/nginx/includes/upstream.conf; + + include /etc/nginx/servers/*.conf; +} diff --git a/guacamole/rootfs/etc/nginx/servers/ingress.conf b/guacamole/rootfs/etc/nginx/servers/ingress.conf new file mode 100644 index 000000000..736940492 --- /dev/null +++ b/guacamole/rootfs/etc/nginx/servers/ingress.conf @@ -0,0 +1,18 @@ +server { + listen %%interface%%:%%port%% default_server; + include /etc/nginx/includes/server_params.conf; + include /etc/nginx/includes/proxy_params.conf; + client_max_body_size 0; + server_name webtop.*; + + location / { + add_header Access-Control-Allow-Origin *; + proxy_pass http://127.0.0.1:8080; + proxy_buffering off; + proxy_read_timeout 30; + proxy_set_header Connection "Upgrade"; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + } +} + diff --git a/guacamole/rootfs/etc/services.d/nginx/finish b/guacamole/rootfs/etc/services.d/nginx/finish new file mode 100644 index 000000000..444240135 --- /dev/null +++ b/guacamole/rootfs/etc/services.d/nginx/finish @@ -0,0 +1,8 @@ +#!/usr/bin/execlineb -S0 +# ============================================================================== +# Take down the S6 supervision tree when Nginx fails +# ============================================================================== +if { s6-test ${1} -ne 0 } +if { s6-test ${1} -ne 256 } + +s6-svscanctl -t /var/run/s6/services diff --git a/guacamole/rootfs/etc/services.d/nginx/run b/guacamole/rootfs/etc/services.d/nginx/run new file mode 100644 index 000000000..07447d8b8 --- /dev/null +++ b/guacamole/rootfs/etc/services.d/nginx/run @@ -0,0 +1,10 @@ +#!/usr/bin/with-contenv bashio +# shellcheck shell=bash +# ============================================================================== + +# Wait for transmission to become available +bashio::net.wait_for 8080 localhost 900 + +bashio::log.info "Starting NGinx..." + +exec nginx